SlideShare a Scribd company logo

Network security

Sisir Ghosh
Sisir Ghosh
EducationTechnology
1 of 9
Download to read offline
Network security 1. Cryptography The word cryptography has come from a Greek word, which means secret writing. For private communication through public network, cryptography plays a very crucial role. The role of cryptography can be illustrated with the help a simple model of cryptography as shown in Fig. 1.1.1. The message to be sent through an unreliable medium is known as plaintext, which is encrypted before sending over the medium. The encrypted message is known as ciphertext, which is received at the other end of the medium and decrypted to get back the original plaintext message. Fig. 1.1.1 A simple cryptography model Cipher We refer to encryption and decryption algorithms as ciphers. The term cipher is also used to refer to different categories of algorithms in cryptography. Key A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on. To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext. These create the ciphertext. To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the original plaintext. Cryptography algorithms (ciphers) are divided into two groups: symmetric-key (also called secret-key or private key) cryptography algorithms and asymmetric (also called public-key) cryptography algorithms. 1.1 Symmetric Key Cryptography In symmetric-key cryptography, the same key is used by both parties. The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data (as shown in Fig 1.1.2). The algorithm used to decrypt is just the inverse of the algorithm used for encryption. For example, if addition and division is used for encryption, multiplication and subtraction are to be used for decryption. Fig 1.1.2 Symmetric-key cryptography
Symmetric key cryptography algorithms are simple requiring lesser execution time. As a consequence, these are commonly used for long messages. However, these algorithms suffer from the following limitations: Requirement of large number of unique keys. For example for n users the number of keys required is n(n-1)/2. Distribution of keys among the users in a secured manner is difficult. 1.1.1 Monoalphabetic Substitution One simple example of symmetric key cryptography is the Monoalphabetic substitution. In this case, the relationship between a character in the plaintext and a character in the ciphertext is always one- to-one. An example Monoalphabetic substitution is the Caesar cipher. As shown in Fig. 1.1.3, in this approach a character in the ciphertext is substituted by another character shifted by three places, e.g. A is substituted by D. Key feature of this approach is that it is very simple but the code can be attacked very easily. Fig. 1.1.3 The Caesar cipher 1.1.2 Polyalphabetic Substitution This is an improvement over the Caesar cipher. Here the relationship between a character in the plaintext and a character in the ciphertext is always one-to-many. Key feature of this approach is that it is more complex and the code is harder to attack successfully. Example of polyalphabetic substitution is the Vigenere cipher. In this case, a particular character is substituted by different characters in the ciphertext depending on its position in the plaintext. 1.1.3 Transpositional Cipher The transpositional cipher, the characters remain unchanged but their positions are changed to create the ciphertext. Figure 1.1.4 illustrates how five lines of a text get modified using transpositional cipher. The characters are arranged in two-dimensional matrix and columns are interchanged according to a key is shown in the middle portion of the diagram. The key defines which columns are to be swapped. As per the key shown in the figure, character of column is to be swapped to column 3, character of column 2 is to be swapped to column 6, and so on. Decryption can be done by swapping in the reverse order using the same key. Transpositional cipher is also not a very secure approach. The attacker can find the plaintext by trial and error utilizing the idea of the frequency of occurrence of characters.
Figure 1.1.4 Operation of a transpositional cipher 1.1.4 Block Ciphers Block ciphers use a block of bits as the unit of encryption and decryption. To encrypt a 64-bit block, one has to take each of the 264 input values and map it to one of the 264 output values. The mapping should be one-to-one. Encryption and decryption operations of a block cipher are shown in Fig. 1.1.5. Some operations, such as permutation and substitution, are performed on the block of bits based on a key (a secret number) to produce another block of bits. The permutation and substitution operations are shown in Figs 8.1.7 and 8.1.8, respectively. In the decryption process, operations are performed in the reverse order based on the same key to get back the original block of bits. Fig. 1.1.5 Transformations in Block Ciphers
Permutation: As shown in Fig. 1.1.6, the permutation is performed by a permutation box at the bit- level, which keeps the number of 0s and 1s same at the input and output. Although it can be implemented either by a hardware or a software, the hardware implementation is faster. Fig. 1.1.6 Permutation operation used in Block Ciphers Substitution: As shown in Fig. 1.1.7, the substitution is implemented with the help of three building blocks – a decoder, one p-box and an encoder. For an n-bit input, the decoder produces an 2n bit output having only one 1, which is applied to the P-box. The P-box permutes the output of the decoder and it is applied to the encoder. The encoder, in turn, produces an n-bit output. For example, if the input to the decoder is 011, the output of the decoder is 00001000. Let the permuted output is 01000000, the output of the encoder is 011. Fig. 1.1.7 Substitution operation used in Block Cipher 1.1.5 Data Encryption Standard (DES) One example of a complex block cipher is the Data Encryption Standard (DES). DES was designed by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and nonclassified use. The algorithm encrypts a 64-bit plaintext block using a 64-bit key, as shown in Figure 1.1.8
Figure 1.1.8(a) DES Figure 1.1.8(b) One round in DES ciphers
DES has two transposition blocks (P-boxes) and 16 complex round ciphers (they are repeated). Although the 16 iteration round ciphers are conceptually the same, each uses a different key derived from the original key. The initial and final permutations are keyless straight permutations that are the inverse of each other. The permutation takes a 64-bit input and permutes them according to predefined values. Each round of DES is a complex round cipher, as shown in Figure 1.1.8(b). Note that the structure of the encryption round ciphers is different from that of the decryption one. DES Function: The heart of DES is the DES function. The DES function applies a 48-bit key to the rightmost 32 bits Ri to produce a 32-bit output. This function is made up of four operations: an XOR, an expansion permutation, a group of S-boxes, and a straight permutation. 1.2 Public key Cryptography In public key cryptography, there are two keys: a private key and a public key. The public key is announced to the public, where as the private key is kept by the receiver. The sender uses the public key of the receiver for encryption and the receiver uses his private key for decryption as shown in Fig. 1.2.1 Fig. 1.2.1 Public key Cryptography Advantages: The pair of keys can be used with any other entity The number of keys required is small Disadvantages: It is not efficient for long messages Association between an entity and its public key must be verified 1.2.1 RSA The most common public key algorithm is RSA, named for its inventors Rivest, Shamir, and Adleman (RSA). It uses two numbers, e and d, as the public and private keys, as shown in Figure 1.2.2. Selecting Keys 1. Bob use the following steps to select the private and public keys: 2. Bob chooses two very large prime numbers p and q. Remember that a prime number is one that can be divided evenly only by 1 and itself. 3. Bob multiplies the above two primes to find n, the modulus for encryption and decryption. In other words, n= p X q. 4. Bob calculates another number α= (p -1) X (q - 1). 5. Bob chooses a random integer e. He then calculates d so that d x e= 1 mod α 6. Bob announces e and n to the public; he keeps α and d secret. 7. In RSA, e and n are announced to the public; d and <I> are kept secret.
Encryption Anyone who needs to send a message to Bob can use nand e. For example, if Alice needs to send a message to Bob, she can change the message, usually a short one, to an integer. This is the plaintext. She then calculates the ciphertext, using e and n. C=Pe (mod n) Alice sends C, the ciphertext, to Bob. Decryption Bob keeps α and d private. When he receives the ciphertext, he uses his private key d to decrypt the message: P= Cd (mod n) Restriction For RSA to work, the value of P must be less than the value of n. If P is a large number, the plaintext needs to be divided into blocks to make P less than n. 1.3 Digital Signature There are two alternatives for Digital Signature: Signing the entire document Signing the digest In the first case the entire document is encrypted using private key of the sender and at the receiving end it is decrypted using the public key of the sender as shown in Fig. 1.3.1. For a large message this approach is very inefficient. In the second case a miniature version of the message, known as digest, is encrypted using the private key of the sender and then the signed digest along with the message is sent to the receiver as shown in Fig. 1.3.2. The receiver decrypts the signed digest using the public key of the sender and the digest created using the received message is compared with the decrypted digest shown in Fig. 1.3.3. If the two are identical, it is assumed that the sender is authenticated. This is somewhat similar to error detection using parity bit. Fig. 1.3.1 Authentication by signing he whole document Fig. 1.3.2 Sender site for authentication by signed digest
Fig. 1.3.3 Receiver site for authentication by signed digest Some key features of this approach are mentioned below: Digital signature does not provide privacy Hash function is used to create a message digest It creates a fixed-length digest from a variable-length message Most common Hash functions: MD5 (Message Digest 5): 120-bit SHA-1 (Secure Hash algorithm 1): 160-bit Important properties: One-to-One One-way 1.4 Firewall To control access to a system, we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Figure 1.4.1 shows a firewall. For example, a firewall may filter all incoming packets destined for a specific host or a specific server such as HTTP. A firewall can be used to deny access to a specific host or a specific service in the organization. Figure 1.4.1 Firewall A firewall is usually classified as a packet-filter firewall or a proxy-based firewall. 1.4.1 Packet-Filter Firewall A firewall can be used as a packet filter. It can forward or block packets based on the information in the network layer and transport layer headers: source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or UDP). A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded). Figure 1.4.2 shows an example of a filtering table for this kind of a firewall.
Figure 1.4.2 Packet-filter firewall According to Figure 32.23, the following packets are filtered: 1. Incoming packets from network 131.34.0.0 are blocked (security precaution). Note that the * (asterisk) means "any." 2. Incoming packets destined for any internal TELNET server (port 23) are blocked. 3. Incoming packets destined for internal host 194.78.20.8 are blocked. The organization wants this host for internal use only. 4. Outgoing packets destined for an HTTP server (port 80) are blocked. The organization does not want employees to browse the Internet. 1.4.2 Proxy Firewall The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). However, sometimes we need to filter a message based on the information available in the message itself (at the application layer). As an example, assume that an organization wants to implement the following policies regarding its Web pages: Only those Internet users who have previously established business relations with the company can have access; access to other users must be blocked. In this case, a packet-filter firewall is not feasible because it cannot distinguish between different packets arriving at TCP port 80 (HTTP). Testing must be done at the application level (using URLs). One solution is to install a proxy computer (sometimes called an application gateway), which stands between the customer (user client) computer and the corporation computer shown in Figure 1.4.3. Figure 1.4.3. Proxy firewall When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server opens the packet at the application level and finds out if the request is legitimate. If it is, the server acts as a client process and sends the message to the real server in the corporation. If it is not, the message is dropped and an error message is sent to the external user. In this way, the requests of the external users are filtered based on the contents at the application layer.

Recommended

Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
Unit 2
Unit 2Unit 2
Unit 2tamil arasan
 
Unit 3
Unit 3Unit 3
Unit 3tamil arasan
 
Crypt
CryptCrypt
CryptMir Majid
 
Dsouza
DsouzaDsouza
Dsouzafdione
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 

Recommended

Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
Unit 2
Unit 2Unit 2
Unit 2tamil arasan
 
Unit 3
Unit 3Unit 3
Unit 3tamil arasan
 
Crypt
CryptCrypt
CryptMir Majid
 
Dsouza
DsouzaDsouza
Dsouzafdione
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Pointers c imp
Pointers c impPointers c imp
Pointers c impNeha Sharma
 
Pointers In C
Pointers In CPointers In C
Pointers In CSriram Raj
 
Crypto2
Crypto2Crypto2
Crypto2phanleson
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...decentralizeeverything
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...IDES Editor
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3Deepak John
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Huffman Coding
Huffman CodingHuffman Coding
Huffman CodingMuhammad Saqib Rehan
 
Huffman coding
Huffman codingHuffman coding
Huffman codingNihal Gupta
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsEswar Publications
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Ch03 Ch06 Des And Others
Ch03 Ch06 Des And OthersCh03 Ch06 Des And Others
Ch03 Ch06 Des And Othersnathanurag
 
ASP.NET Session 5
ASP.NET Session 5ASP.NET Session 5
ASP.NET Session 5Sisir Ghosh
 
ASP.NET Session 6
ASP.NET Session 6ASP.NET Session 6
ASP.NET Session 6Sisir Ghosh
 
ASP.NET Session 3
ASP.NET Session 3ASP.NET Session 3
ASP.NET Session 3Sisir Ghosh
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8Sisir Ghosh
 

More Related Content

What's hot

1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...decentralizeeverything
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...IDES Editor
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3Deepak John
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsEswar Publications
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Ch03 Ch06 Des And Others
Ch03 Ch06 Des And OthersCh03 Ch06 Des And Others
Ch03 Ch06 Des And Othersnathanurag
 

What's hot (18)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Pointers c imp
Pointers c impPointers c imp
Pointers c imp
 
Pointers In C
Pointers In CPointers In C
Pointers In C
 
Crypto2
Crypto2Crypto2
Crypto2
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
Evaluation of Performance Characteristics of Polynomial based and Lattice bas...
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
Huffman Coding
Huffman CodingHuffman Coding
Huffman Coding
 
Huffman coding
Huffman codingHuffman coding
Huffman coding
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Ch03 Ch06 Des And Others
Ch03 Ch06 Des And OthersCh03 Ch06 Des And Others
Ch03 Ch06 Des And Others
 

Viewers also liked

ASP.NET Session 5
ASP.NET Session 5ASP.NET Session 5
ASP.NET Session 5Sisir Ghosh
 
ASP.NET Session 6
ASP.NET Session 6ASP.NET Session 6
ASP.NET Session 6Sisir Ghosh
 
ASP.NET Session 3
ASP.NET Session 3ASP.NET Session 3
ASP.NET Session 3Sisir Ghosh
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8Sisir Ghosh
 
ASP.NET Session 7
ASP.NET Session 7ASP.NET Session 7
ASP.NET Session 7Sisir Ghosh
 
ASP.NET Session 4
ASP.NET Session 4ASP.NET Session 4
ASP.NET Session 4Sisir Ghosh
 
ASP.NET Session 2
ASP.NET Session 2ASP.NET Session 2
ASP.NET Session 2Sisir Ghosh
 

Viewers also liked (7)

ASP.NET Session 5
ASP.NET Session 5ASP.NET Session 5
ASP.NET Session 5
 
ASP.NET Session 6
ASP.NET Session 6ASP.NET Session 6
ASP.NET Session 6
 
ASP.NET Session 3
ASP.NET Session 3ASP.NET Session 3
ASP.NET Session 3
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8
 
ASP.NET Session 7
ASP.NET Session 7ASP.NET Session 7
ASP.NET Session 7
 
ASP.NET Session 4
ASP.NET Session 4ASP.NET Session 4
ASP.NET Session 4
 
ASP.NET Session 2
ASP.NET Session 2ASP.NET Session 2
ASP.NET Session 2
 

Similar to Network security

CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Computer Network Unit-5 (Part-1).pdf
Computer Network Unit-5 (Part-1).pdfComputer Network Unit-5 (Part-1).pdf
Computer Network Unit-5 (Part-1).pdfParshantYadav13
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...IJECEIAES
 
A New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmA New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmIJERD Editor
 
Cryptography
CryptographyCryptography
Cryptographyfsl khan
 
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)Swati Nagpal
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-IIrathnadeepa2
 
Block Ciphers and DES.pptx
Block Ciphers and DES.pptxBlock Ciphers and DES.pptx
Block Ciphers and DES.pptxDrAnilKannur1
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceNetwork security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceRathnaDeepa1
 

Similar to Network security (20)

CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Computer Network Unit-5 (Part-1).pdf
Computer Network Unit-5 (Part-1).pdfComputer Network Unit-5 (Part-1).pdf
Computer Network Unit-5 (Part-1).pdf
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
 
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
 
Cns 1
Cns 1Cns 1
Cns 1
 
A New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher AlgorithmA New Modified Version of Caser Cipher Algorithm
A New Modified Version of Caser Cipher Algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
Cryptography Cryptography
Cryptography
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
CNS2 unit 2.pdf
CNS2 unit 2.pdfCNS2 unit 2.pdf
CNS2 unit 2.pdf
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)
 
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
 
Unit 2
Unit 2Unit 2
Unit 2
 
Cryptography
CryptographyCryptography
Cryptography
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-II
 
Block Ciphers and DES.pptx
Block Ciphers and DES.pptxBlock Ciphers and DES.pptx
Block Ciphers and DES.pptx
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceNetwork security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
 
Ci25500508
Ci25500508Ci25500508
Ci25500508
 

More from Sisir Ghosh

ASP.NET Session 9
ASP.NET Session 9ASP.NET Session 9
ASP.NET Session 9Sisir Ghosh
 
ASP.NET Session 10
ASP.NET Session 10ASP.NET Session 10
ASP.NET Session 10Sisir Ghosh
 
ASP.NET Session 11 12
ASP.NET Session 11 12ASP.NET Session 11 12
ASP.NET Session 11 12Sisir Ghosh
 
ASP.NET Session 13 14
ASP.NET Session 13 14ASP.NET Session 13 14
ASP.NET Session 13 14Sisir Ghosh
 
ASP.NET Session 16
ASP.NET Session 16ASP.NET Session 16
ASP.NET Session 16Sisir Ghosh
 
ASP.NET System design 2
ASP.NET System design 2ASP.NET System design 2
ASP.NET System design 2Sisir Ghosh
 
ASP.NET Session 1
ASP.NET Session 1ASP.NET Session 1
ASP.NET Session 1Sisir Ghosh
 
Module ii physical layer
Module ii physical layerModule ii physical layer
Module ii physical layerSisir Ghosh
 
Error detection and correction
Error detection and correctionError detection and correction
Error detection and correctionSisir Ghosh
 
Overview of data communication and networking
Overview of data communication and networkingOverview of data communication and networking
Overview of data communication and networkingSisir Ghosh
 
Application layer
Application layerApplication layer
Application layerSisir Ghosh
 

More from Sisir Ghosh (13)

ASP.NET Session 9
ASP.NET Session 9ASP.NET Session 9
ASP.NET Session 9
 
ASP.NET Session 10
ASP.NET Session 10ASP.NET Session 10
ASP.NET Session 10
 
ASP.NET Session 11 12
ASP.NET Session 11 12ASP.NET Session 11 12
ASP.NET Session 11 12
 
ASP.NET Session 13 14
ASP.NET Session 13 14ASP.NET Session 13 14
ASP.NET Session 13 14
 
ASP.NET Session 16
ASP.NET Session 16ASP.NET Session 16
ASP.NET Session 16
 
ASP.NET System design 2
ASP.NET System design 2ASP.NET System design 2
ASP.NET System design 2
 
ASP.NET Session 1
ASP.NET Session 1ASP.NET Session 1
ASP.NET Session 1
 
Transport layer
Transport layerTransport layer
Transport layer
 
Routing
RoutingRouting
Routing
 
Module ii physical layer
Module ii physical layerModule ii physical layer
Module ii physical layer
 
Error detection and correction
Error detection and correctionError detection and correction
Error detection and correction
 
Overview of data communication and networking
Overview of data communication and networkingOverview of data communication and networking
Overview of data communication and networking
 
Application layer
Application layerApplication layer
Application layer
 

Recently uploaded

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxAmita Gupta
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 

Recently uploaded (20)

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 

Network security

  • 1. Network security 1. Cryptography The word cryptography has come from a Greek word, which means secret writing. For private communication through public network, cryptography plays a very crucial role. The role of cryptography can be illustrated with the help a simple model of cryptography as shown in Fig. 1.1.1. The message to be sent through an unreliable medium is known as plaintext, which is encrypted before sending over the medium. The encrypted message is known as ciphertext, which is received at the other end of the medium and decrypted to get back the original plaintext message. Fig. 1.1.1 A simple cryptography model Cipher We refer to encryption and decryption algorithms as ciphers. The term cipher is also used to refer to different categories of algorithms in cryptography. Key A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on. To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext. These create the ciphertext. To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the original plaintext. Cryptography algorithms (ciphers) are divided into two groups: symmetric-key (also called secret-key or private key) cryptography algorithms and asymmetric (also called public-key) cryptography algorithms. 1.1 Symmetric Key Cryptography In symmetric-key cryptography, the same key is used by both parties. The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data (as shown in Fig 1.1.2). The algorithm used to decrypt is just the inverse of the algorithm used for encryption. For example, if addition and division is used for encryption, multiplication and subtraction are to be used for decryption. Fig 1.1.2 Symmetric-key cryptography
  • 2. Symmetric key cryptography algorithms are simple requiring lesser execution time. As a consequence, these are commonly used for long messages. However, these algorithms suffer from the following limitations: Requirement of large number of unique keys. For example for n users the number of keys required is n(n-1)/2. Distribution of keys among the users in a secured manner is difficult. 1.1.1 Monoalphabetic Substitution One simple example of symmetric key cryptography is the Monoalphabetic substitution. In this case, the relationship between a character in the plaintext and a character in the ciphertext is always one- to-one. An example Monoalphabetic substitution is the Caesar cipher. As shown in Fig. 1.1.3, in this approach a character in the ciphertext is substituted by another character shifted by three places, e.g. A is substituted by D. Key feature of this approach is that it is very simple but the code can be attacked very easily. Fig. 1.1.3 The Caesar cipher 1.1.2 Polyalphabetic Substitution This is an improvement over the Caesar cipher. Here the relationship between a character in the plaintext and a character in the ciphertext is always one-to-many. Key feature of this approach is that it is more complex and the code is harder to attack successfully. Example of polyalphabetic substitution is the Vigenere cipher. In this case, a particular character is substituted by different characters in the ciphertext depending on its position in the plaintext. 1.1.3 Transpositional Cipher The transpositional cipher, the characters remain unchanged but their positions are changed to create the ciphertext. Figure 1.1.4 illustrates how five lines of a text get modified using transpositional cipher. The characters are arranged in two-dimensional matrix and columns are interchanged according to a key is shown in the middle portion of the diagram. The key defines which columns are to be swapped. As per the key shown in the figure, character of column is to be swapped to column 3, character of column 2 is to be swapped to column 6, and so on. Decryption can be done by swapping in the reverse order using the same key. Transpositional cipher is also not a very secure approach. The attacker can find the plaintext by trial and error utilizing the idea of the frequency of occurrence of characters.
  • 3. Figure 1.1.4 Operation of a transpositional cipher 1.1.4 Block Ciphers Block ciphers use a block of bits as the unit of encryption and decryption. To encrypt a 64-bit block, one has to take each of the 264 input values and map it to one of the 264 output values. The mapping should be one-to-one. Encryption and decryption operations of a block cipher are shown in Fig. 1.1.5. Some operations, such as permutation and substitution, are performed on the block of bits based on a key (a secret number) to produce another block of bits. The permutation and substitution operations are shown in Figs 8.1.7 and 8.1.8, respectively. In the decryption process, operations are performed in the reverse order based on the same key to get back the original block of bits. Fig. 1.1.5 Transformations in Block Ciphers
  • 4. Permutation: As shown in Fig. 1.1.6, the permutation is performed by a permutation box at the bit- level, which keeps the number of 0s and 1s same at the input and output. Although it can be implemented either by a hardware or a software, the hardware implementation is faster. Fig. 1.1.6 Permutation operation used in Block Ciphers Substitution: As shown in Fig. 1.1.7, the substitution is implemented with the help of three building blocks – a decoder, one p-box and an encoder. For an n-bit input, the decoder produces an 2n bit output having only one 1, which is applied to the P-box. The P-box permutes the output of the decoder and it is applied to the encoder. The encoder, in turn, produces an n-bit output. For example, if the input to the decoder is 011, the output of the decoder is 00001000. Let the permuted output is 01000000, the output of the encoder is 011. Fig. 1.1.7 Substitution operation used in Block Cipher 1.1.5 Data Encryption Standard (DES) One example of a complex block cipher is the Data Encryption Standard (DES). DES was designed by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and nonclassified use. The algorithm encrypts a 64-bit plaintext block using a 64-bit key, as shown in Figure 1.1.8
  • 5. Figure 1.1.8(a) DES Figure 1.1.8(b) One round in DES ciphers
  • 6. DES has two transposition blocks (P-boxes) and 16 complex round ciphers (they are repeated). Although the 16 iteration round ciphers are conceptually the same, each uses a different key derived from the original key. The initial and final permutations are keyless straight permutations that are the inverse of each other. The permutation takes a 64-bit input and permutes them according to predefined values. Each round of DES is a complex round cipher, as shown in Figure 1.1.8(b). Note that the structure of the encryption round ciphers is different from that of the decryption one. DES Function: The heart of DES is the DES function. The DES function applies a 48-bit key to the rightmost 32 bits Ri to produce a 32-bit output. This function is made up of four operations: an XOR, an expansion permutation, a group of S-boxes, and a straight permutation. 1.2 Public key Cryptography In public key cryptography, there are two keys: a private key and a public key. The public key is announced to the public, where as the private key is kept by the receiver. The sender uses the public key of the receiver for encryption and the receiver uses his private key for decryption as shown in Fig. 1.2.1 Fig. 1.2.1 Public key Cryptography Advantages: The pair of keys can be used with any other entity The number of keys required is small Disadvantages: It is not efficient for long messages Association between an entity and its public key must be verified 1.2.1 RSA The most common public key algorithm is RSA, named for its inventors Rivest, Shamir, and Adleman (RSA). It uses two numbers, e and d, as the public and private keys, as shown in Figure 1.2.2. Selecting Keys 1. Bob use the following steps to select the private and public keys: 2. Bob chooses two very large prime numbers p and q. Remember that a prime number is one that can be divided evenly only by 1 and itself. 3. Bob multiplies the above two primes to find n, the modulus for encryption and decryption. In other words, n= p X q. 4. Bob calculates another number α= (p -1) X (q - 1). 5. Bob chooses a random integer e. He then calculates d so that d x e= 1 mod α 6. Bob announces e and n to the public; he keeps α and d secret. 7. In RSA, e and n are announced to the public; d and <I> are kept secret.
  • 7. Encryption Anyone who needs to send a message to Bob can use nand e. For example, if Alice needs to send a message to Bob, she can change the message, usually a short one, to an integer. This is the plaintext. She then calculates the ciphertext, using e and n. C=Pe (mod n) Alice sends C, the ciphertext, to Bob. Decryption Bob keeps α and d private. When he receives the ciphertext, he uses his private key d to decrypt the message: P= Cd (mod n) Restriction For RSA to work, the value of P must be less than the value of n. If P is a large number, the plaintext needs to be divided into blocks to make P less than n. 1.3 Digital Signature There are two alternatives for Digital Signature: Signing the entire document Signing the digest In the first case the entire document is encrypted using private key of the sender and at the receiving end it is decrypted using the public key of the sender as shown in Fig. 1.3.1. For a large message this approach is very inefficient. In the second case a miniature version of the message, known as digest, is encrypted using the private key of the sender and then the signed digest along with the message is sent to the receiver as shown in Fig. 1.3.2. The receiver decrypts the signed digest using the public key of the sender and the digest created using the received message is compared with the decrypted digest shown in Fig. 1.3.3. If the two are identical, it is assumed that the sender is authenticated. This is somewhat similar to error detection using parity bit. Fig. 1.3.1 Authentication by signing he whole document Fig. 1.3.2 Sender site for authentication by signed digest
  • 8. Fig. 1.3.3 Receiver site for authentication by signed digest Some key features of this approach are mentioned below: Digital signature does not provide privacy Hash function is used to create a message digest It creates a fixed-length digest from a variable-length message Most common Hash functions: MD5 (Message Digest 5): 120-bit SHA-1 (Secure Hash algorithm 1): 160-bit Important properties: One-to-One One-way 1.4 Firewall To control access to a system, we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Figure 1.4.1 shows a firewall. For example, a firewall may filter all incoming packets destined for a specific host or a specific server such as HTTP. A firewall can be used to deny access to a specific host or a specific service in the organization. Figure 1.4.1 Firewall A firewall is usually classified as a packet-filter firewall or a proxy-based firewall. 1.4.1 Packet-Filter Firewall A firewall can be used as a packet filter. It can forward or block packets based on the information in the network layer and transport layer headers: source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or UDP). A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded). Figure 1.4.2 shows an example of a filtering table for this kind of a firewall.
  • 9. Figure 1.4.2 Packet-filter firewall According to Figure 32.23, the following packets are filtered: 1. Incoming packets from network 131.34.0.0 are blocked (security precaution). Note that the * (asterisk) means "any." 2. Incoming packets destined for any internal TELNET server (port 23) are blocked. 3. Incoming packets destined for internal host 194.78.20.8 are blocked. The organization wants this host for internal use only. 4. Outgoing packets destined for an HTTP server (port 80) are blocked. The organization does not want employees to browse the Internet. 1.4.2 Proxy Firewall The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). However, sometimes we need to filter a message based on the information available in the message itself (at the application layer). As an example, assume that an organization wants to implement the following policies regarding its Web pages: Only those Internet users who have previously established business relations with the company can have access; access to other users must be blocked. In this case, a packet-filter firewall is not feasible because it cannot distinguish between different packets arriving at TCP port 80 (HTTP). Testing must be done at the application level (using URLs). One solution is to install a proxy computer (sometimes called an application gateway), which stands between the customer (user client) computer and the corporation computer shown in Figure 1.4.3. Figure 1.4.3. Proxy firewall When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server opens the packet at the application level and finds out if the request is legitimate. If it is, the server acts as a client process and sends the message to the real server in the corporation. If it is not, the message is dropped and an error message is sent to the external user. In this way, the requests of the external users are filtered based on the contents at the application layer.