A short Guide depicting evolution and development of networking, Internet, security, cryptography and public cryptograhy.

1. Jiri J. Cejka
Internet and Security
 I. Communication Introduction
 II. Internet Introduction
 III. Security Introduction
 IV. Cryptography
 V. Public Cryptography

2. Jiri J. Cejka
Chapter 1
Internet and Security
 Communication Introduction
– Communication Theory
– Communication OSI Model

3. Jiri J. Cejka
Communication theory
Case 1
 Two army problem
 Time Synchronisation
 Solution ?
Red Army
B
Red Army
A
Blue Army

4. Jiri J. Cejka
Communication theory
Case 2
 Connection Management
 Telephone call simulation
 Protocol
A B
Connect request
Connect response
Connect indication
Connect confirm Connect responseConnect confirm
Data request
Data request
(Acknowledgment)
Data indication
Data indication
Disconnect response
Disconnect indication
Disconnect request
time

5. Jiri J. Cejka
Communication Model - 1
 Network topology
 Interconnection 1 2
3
4
5

6. Jiri J. Cejka
Communication Model - 2
 OSI Standard compared with TCP/IP
Seven Layers:
7. Application
6. Presentation
5. Session
4. Transport Datagram TCP (Internet Control Protocol)
3. Network Packet IP(ARP),X.25
2. Link Frames CSMA/CD
1. Physical Bits, modems 10011100001000100001
Frame Data AreaFrame Header
Datagram Data AreaDatagram Header
ICMP
Header
ICMP
Data

7. Jiri J. Cejka
Communication Model - 3
 Layer Two - Data Link - Frames
Frame-level
1
2
3
4
6
7
Host
Frame-level
Access
Node
Node
Switcher
Bridge
Host
Access
Node
5
Frame-level

8. Jiri J. Cejka
Communication Model - 4
 Layer Three - Data Packets
1
2
3
4
5
6
7
Host
Packet level
1-3-4-7
Access
Node
Node
Switcher
Router
Host
Access
Node
Packet level
2-3-4-5-6
Acknowledgment
Acknowledgment

9. Jiri J. Cejka
Communication Model - 5
 Sliding windows
– Datagram
– Transport
– Data Link
Acknowledged
Sent
Not Sent
Messages
Source
1
2
3
4
56
4Ack
2
3
4
5
1
Acknowledged
7
6Sent
Not Sent
Destination
Messages
Packets
Frames

10. Jiri J. Cejka
Chapter 2
Internet and Security
 Internet Introduction
– What is Internet- history, popularity of usage
– Role of Internet - security

11. Jiri J. Cejka
Internet Introduction
 What is Internet?
 Why has it become so popular?
 Is Internet secure enough to build
business on it?
 If Yes:
– HOW do I guarantee Security and Privacy
– WHEN should I start to invest into it?

12. Jiri J. Cejka
What is Internet
 Definition of Internet
 Development 1970 - DARPA
 Two fundamental design observation:
– No single network can serve all users
– Users desire universal interconnections
1 2
3
4
5

13. Jiri J. Cejka
Internet Architecture
 User’s view
– each computer appears to attach to a single network
 Structure of networks and gateways
Address assignment:
IP Address: <net-id> <host-id>
Host : 193.73.248.10
Network: 193.73.248.0
Gateway: 193.73.248.1
Host Host
Gateway
Physical network
INTERNET

14. Jiri J. Cejka
The reasons for the worldwide use
 The Flexibility of underlying protocols
 Public and free Access
– bright spectrum of users
– modern design methods
 Progress in computing technology
 Development of modern GUI driven
languages
– usage of HTTP, HTML, URL

15. Jiri J. Cejka
Chapter 3
Internet and Security
 Security Introduction
– Security Methods
– Security Model

16. Jiri J. Cejka
Security Introduction
 “Public” Internet access versus “Security”
– Privacy and Integrity
– Authentication and Availability
– Data Integrity and Audit techniques
– Physical security and Management practices.

17. Jiri J. Cejka
Security Methods
 Optimal combination of tools
and methods
 Cryptography
– Transaction security
 Firewalls and routers
– Unauthorised access
 Operating systems
– Internal sources
1. Intruder has
access to Your system
4. Intercepted
on the destination
INTERNET
2. Wiretapped during
the transmission
3.Stolen while
waiting at server
Message Origination Message Destination
2. Wiretapped during
the transmission
INTERNET

18. Jiri J. Cejka
Security Methods
 Usage of:
– Firewalls
– Filtering
routers
Filtering Router
INTERNET
External User(s)
Firewall Proxy
Server
DNS Functions
Bank Internal Networks
Server of
Service Provider
Internal User
Internal System
Filtering Router of
Service Provider
Secured Area

19. Jiri J. Cejka
Security Methods
INTERNET
External
Network
External
User(s)
POLICIES, PROCEDURES, ADMINISTRATION
PHYSICALSECURITY
Network Access Layer
WORKSTATION
SECURITY
System Access Layer
Application Access Layer
AUDIT
TRIAL
SECURITY
MONITORING
HOST
Data
Software
CHANGE
CONTROL
Access Control
Tables
Software

20. Jiri J. Cejka
Security Methods
 WEB Security Control Points
C2
Firewall #2
INTERNET
B2
External Web
Server
E1
Any External
Company
Web Server
A1
Web Client
Browser
D1
Any External
Internet User’s
Web Client Browser
COMPANY
INTERNAL
NETWORK
A Company
E2
Any Web
Server
C1
Firewall #1
B1
Internal Web
Server

21. Jiri J. Cejka
Chapter 4
Internet and Security
 Cryptography Basics
– History and different Kinds of security
 Cryptography Standards
– Private Cryptography
– Public Cryptography

22. Jiri J. Cejka
Cryptography Basics
 How does simple cryptography works
– Message to be encrypted (plaintext)
– Message after it is encrypted (ciphertext)
– Encryption Algorithm (mathematical function)
– Key (number, password, phrase)
 Cryptography goal
– impossible: plaintext from ciphertext
Encryption
Algorithm
Plaintext
Ciphertext
Key

23. Jiri J. Cejka
Cryptography Basics
 Unbreakable Codes
– Code Word - Code Meaning
– one shot
– restricted to simple information
 Ciphers
– Technique of scrambling Message
– Truly cryptography

24. Jiri J. Cejka
History of Cryptography
 Substitution ciphers
– Earliest ciphers 2000 B.C.
– Julius Ceasar - Shift alphabet
– Rennaisance Freemasons -Secret cipher
– G. Washington - Assigned numbers
 One-Time Pads - Vernam cipher
– Each page used once
– “Hotline” Stream of numbers as pads
–each number defines shift of a letter
–fix length numbers: Cryptographic Key
A B C D E
0 1 2 3 4
N O P
1. Launch
2. Target
05 08 14 20 01

25. Jiri J. Cejka
Breaking the code
 Key Length Length: Variants: Efficiency:
– Eurocard 4 digits 10.000 14 bits
– UNIX password 8 char 6.3x10^16 56 bits
 Breaking the code
– Brute force attack
– Cryptanalysis
–Know plaintext attack
–Chosen plaintext attack
–Differential Cryptanalysis
Plaintext
Ciphertext
Key

26. Jiri J. Cejka
Private Cryptography
 Algorithms
 Private Key Algorithms
– Key distribution
– Types of Private Cryptography
–DES, Triple DES 1977 : 56-bit key length
–RC2, RC4 Rivest code: 1-1024 bit length
–IDEA 1990 Zurich: 128 bit key

27. Jiri J. Cejka
 Sending secret message only after
prior arrangement - key exchange
 Number of the keys: n*(n-1)/2
 Key could be intercepted
 Distribution of Keys
– Key Distribution Center
– (session key)
Problems with Private
Cryptography
A’s private Key
Session
Key
B’s private Key
Key
Distribution
Center
KDC

28. Jiri J. Cejka
Public Cryptography
 1970 Breakthrough - Asymmetric
Algorithms
 Generate Keys
– Public Key
– Private Key
Public Key
from person B
INTERNET
Own Secret Key
from person B
Person A
Person B
1. Message is
Encrypted
2. Message is
Decrypted

29. Jiri J. Cejka
Public Key Systems
 1974 Ralph Merkle “Jigsaw puzzle”
– Secure communication over insecure channels
 1975 Diffie-Hellman
– Exponential Key exchange
– Multi-user cryptographic techniques
– (1975 Private system as Standard DES)
 1977 Rivest, Shamir, Adleman: RSA
– Easy to multiply two large prime numbers
– Difficult to find its prime factors.

30. Jiri J. Cejka
Ralph Merkle’s Puzzles
1. Alice send open message to Bob.
2. Alice creates 1.000000 Encryption Keys.
3. Each key is hidden in one puzzle.
-each Puzzle takes 2 Minutes to solve.
4. All puzzles are sent to Bob.
5. Bob chooses one puzzle and
unscrambles one key.
6. Bob encrypts previous message
with his key.
7. Message is sent to Alice.
8. Alice tries all keys until one fits.(850).
Eavesdropper has to try all 1000000 puzzleseach taking
him two minutes to solve!
Alice
1.
2.
:
1000.000
Bob
850
850
1
2.
3.
4.
5.
6.
7.
8.

31. Jiri J. Cejka
Diffie-Hellman Multi-user
1. Alice and Bob agrees on two numbers.
They are known and public: a, q.
2. Each part chooses a secret number X: X1, X2
and transmits the results of mathematical formula
involving a, q, and X.
3. Both participants compute number K as
function of (X1 and Y2) or (X2, Y1).
Eavesdropper knows a,q,Y1 and Y2 nut does not know X1
or X2: he cannot compute number K.
K is used as a session key for private key encryption algorithm
such as DES.
Alice BobNumbers a, q
K =Y2(exp( X1)(mod q)
1.
2.
3.
X1
Y1 = a(exp(X1))(mod q)
X2
Y2=f(a,q,X2)
K=f(X2,Y1)

32. Jiri J. Cejka
Data Encryption Standard DES
 Description of nationwide Standard System
 1960 IBM Private encryption system
– Lucifer 1974 on a chip for market
– length set to 128 bits
 1975 NSA and NIST design of DES
 Architecture of DES : P-box, S-box
 DES controversy 128 Bits-> 56 bit Key
– How secure is DES now

33. Jiri J. Cejka
Rivest, Shamir, Adelman: RSA
 1977 U.S. patent to MIT
 Company RSA DSI marketing
– computation intensive
– chip production unsuccessful
– RSA Bidzos MailSafe
 Phil Zimmermann PGP
– Encryption on microprocessor
– PGP Public key algorithm on PC
– Export law, International Version

34. Jiri J. Cejka
How Does RSA works?
Each the person has to create key pair consisting of
public and secret key.
1. Alice chooses very large two prime numbers P and Q per random. P=47, Q=71.
2. Encryption modulus is created multiplying: N = P * Q. N=3337.
3. The encryption key is created : e is prime to (P-1) * (Q-1) e = 3220
4. Using Euclid algorithm decryption key d is found :
d = e(exp-1) *(mod ((P-1) * (Q-1))) d = 1019
5. Then Public key = (N,e)
Secret key = d.
Then Bob encrypts number X: X(exp e)(mod N) -> A
Alice decrypts A: A(exp d)(mod N) -> X

35. Jiri J. Cejka
Privacy and Public Policy
 FBI’s Digital Telephony Plan
– History if wiretapping
– 1995 Cryptography and Constitution
 NSA’s Clipper Chip
– After DES a new public technology standard
– Algorithm “Skipjack” 80 bits
– Escrowed Encryption Standard EES
–Using Family Key, Chip Key and Session Key
– Public usage Administration - Market

36. Jiri J. Cejka
Clipper Chip EES
1. Session Key Conversation
- different for each conversation
- SKIPJACK (NSA algorithm)
2. Clipper Chip Telephone Session
2.1 UniqueChip A Key
2.2. Chip A Serial Nr
2.3 Checksum
2.4 Family key common to all chips
creates Law Enforcement Access Field
3. Escrowed Encryption Standard EES
3.1 Family Key Master Key held by government
3.2. Decrypts LEAF and gives Serial Number
3.3. Two companies give two fragment of Chips key
3.4. Agent creates Chip key and under permission decrypts Session key
ChipB Key14365275890364789
14365275890364789
Serial Nr B
Checksum
BA
LEAF A LEAF B
Family Key

37. Jiri J. Cejka
Digital Signature Standard - DSS
 Proposed by NIST in 1991
 Federal Information Process. Standard
FIPS
– Developed in fact by NSA
 Digital Signature Algorithm - DSA
– Slower then RSA
– Opposition against DSA might contain back door
– Used as digital signature only
– Using Secure Hash Algorithm SHA 160 bit length

38. Jiri J. Cejka
Comparison Public-Secret
Cryptography
 Advantages:
– Increased security: Secret key is not transmitted
–Secret key : sharing the secrecy with other side
– Authentication: method for digital signatures
– Legal binding for Public-key
–Authentication of signature: non-repudiation
–Kerberos authenticate only access: not legally bounded
 Disadvantages
– Speed: solution is combination of secret-public key

39. Jiri J. Cejka
Cryptography
 “Without strong cryptography no one will
have the confidence
– to use networks to conduct business
– to engage in commercial transactions electronically
– to transmit sensitive personal information”.

40. Jiri J. Cejka
Chapter 5
Internet and Security
 Public Cryptography PGP
– Public and Secret Key
– Pass Phrase
– Random Bit & Session Key generation
– Digital Signature
– Key Rings & Key Certification
– Web of Trust

41. Jiri J. Cejka
Public Cryptography
Pretty Good Privacy PGP
 Generating of Keys
– Public Key
– Secret Key
 Distribution of Keys
– Public key ring
– Trust
– Validity
Own Secret Key
from person B
Public Key
from person B
INTERNET
Person A Person B
1. Message is
Encrypted 2. Message is
Decrypted

42. Jiri J. Cejka
PGP - Public and Secret key
Generating of Public and Secret key: pgp -kg
1. Set-up the length : 512, 1024 bits: 1,2,3
2. Define User ID: <name@comp.com>
3. Defined he Pass Phrase : Text string
4. Generate random number: Text, time
Key identifications:
Type Bits keyID Date User ID
pub 512 C7A966DD 1996/10/09 name@company.com added to pubring.asc
sec 512 HIAF12EG 1996/10/09 name@company.com added to secring.asc
Public Key
from person B
INTERNET
Own Secret Key
from person B
Person A Person B
1. Message is
Encrypted 2. Message is
Decrypted

43. Jiri J. Cejka
PGP- Session Key
Encrypting the message
using Session Key:
pgp -eat <file name> <public key id>
- e Session key automatically
- a Result as text file
- t Source as text file
<filename.asc>
1.Session Key is
randomly generated
Own Secret Key
from person B
Person A
Person B
4. Both encryption are
bundled together and
sent to person B
5. Message is
Decrypted
2. Message is encrypted
using IDEA algorithm
3. Session Key encrypted
using RSA algorithm
and B’s Public Key
INTERNET

44. Jiri J. Cejka
PGP-Pass Phrase
Decrypting the message
Secret Key decryption/encryption
pgp <file name.asc>
- Secret Key is required to read file
- Pass Phrase is needed to unlock RSA key
- Using MD5 hash function 128-bit code
is generated from the Pass Phrase
- IDEA algorithm decrypts Secret Key
Local usage of Pass Phrase
1. Encrypting of text file
pgp -c <your file>
-Pass Phrase required
2. Decrypting of text file
pgp <your file.pgp>
-Pass Phrase required
INTERNET
Person A
Person B
2.Secret Key is
decrypted after
encrypted
message came
1.Secret Key is
encrypted during
generation
Public/Private key
using Pass Phrase
3. Message is
decrypted using
B’s Secret Key

45. Jiri J. Cejka
INTERNET
4. Seal is
encrypted
using A’s
Public Key
Person A
Person B
2. The number is
encrypted using
secret key into a
“seal”
1. MessageDigest function
is run over the message
producing 128-bit number
6. Both digest numbers
are compared
- if they are same
message is authentic.
14365275890364789
3. The signature block
“seal” is added to the
message ready to be
sent in readable form
1436527589036478914365275890364789
5. Message
Digest function
creates new
128-bit number
PGP-Digital Signature
Authentication of message
- Message Digest Function MD5
unique 128 bit code created
- Code encrypted with Secret Key
- Pass Phrase is required
pgp -sta <file name>
- result in <file name.asc>
- Signature decrypted with Public Key
pgp <file name.asc>
- Automatic check with text file
Signing and Encrypting
-most secure
pgp -se <file name>

46. Jiri J. Cejka
Locally created
keys stored
on Secret Ring
14365275890364789
1. Pass Phrase opens secret key-ring to
change any identifications:
- From Path Phrase MD5 function counts
128 bit code to decrypt IDEA encryption
2. To Encrypt Text file a random bit
generates a Session key to Encrypt file
using IDEA
3. Message is encrypted using Session
Key and
conventional IDEA algorithm
4. The Session Key is encrypted using
RSA and Recipient’s Public key
5. Using MD5 Function and Secret Key
generates Digital Signature
PGP- Key Rings
Received
keys
stored on
Public Ring
Random bit
generator
“Any secret text..”
MD5
RSA
IDEA
MD5

47. Jiri J. Cejka
PGP- Key Certification
Public Key Certification is built into
PGP:
- Validity - Identification that the key
received really belongs to the person to
whom it says it belongs.
- Trust - Measure of how much you believe
honesty and judgment of the person created
the key.
INTERNET
Person A Person B
14365275889 143652758901436524789

48. Jiri J. Cejka
John
John does not believe Phil’s
certification
John trusts Jane
John does not trust Chris.
John does not trust any person
certification by Chris
Jane certifies Phil
Certifying and Distributing of Public Keys:
- John’s trusts
- John’s belief of identity
- No trust, no belief of identify
Jane
Phil
Phil certifies Lori
Lori
PGP-Web of Trust
John believes Jane’s certification of Phil
Chris

49. Jiri J. Cejka
Adding Key with Signatures on Public ring
pgp -ka <file name.pgp>
Key Fingeprint is displayed - Key’s unique Digest of 128 bits code
Key can be certified personally
- RSA Secret Key has to be unlocked - Pass Phrase is needed
Level of Trust has to be added: 1= Not known, 2= No, 3=Usually, 4= Always.
Viewing Public key ring and Signatures
pgp -kc
Type bits/KeyID Date User ID
pub 512/ 33681029 1994/08/28 Name1 <name1@.comp1.com>
sig! A71712F9 1994/12/28 Name2 <name2@.comp2.com>
Key ID Trust Validity User ID
33681029 marginal complete Name1 <name1@comp1.com>
complete complete Name2<name2@comp2.com>
pgp -kvv Viewing Fingerprint
PGP- Adding Public Key

50. Jiri J. Cejka
“Only those defenses are good, certain and
durable, which depend on yourself alone
and your own ability”.
The Prince
- Nicollo Machiavelli
Internet Security
Resume