What is the need for message PGP achieve confidentiality and
authentication? & Techniques authentication in emails?
Message authentication ensures that a Pretty Good Privacy (PGP) is a secure email
message has not been altered or tampered program that provides a confidentiality and
with during transmission and verifies its authentication service that can be used for
origin, providing assurance of its integrity electronic email and file storage
and authenticity. applications. PGP achieves confidentiality
Digital Signatures: Digital signatures use authentication by the following steps
asymmetric cryptography to sign messages. 1.The sender creates a message M
The sender signs the message with their 2. SHA-1 is used to generate a 160-bit hash
private key, and the receiver verifies the code of the message
signature using the sender's public key. 3.The hash code is then encrypted with RSA
Hash Functions: Hash functions generate a using sender’s private key.
fixed-size output (hash value) from input 4.The result is concatenated with the
data. These hashes can be used to verify the original message.
integrity of the message, as any alteration 5.Also, a 128-bit number is generated which
in the message will result in a different hash is going to be the session key for the
value current session only.
.Message Authentication Codes (MACs): 6.The message from step 4 is encrypted
MACs generate a tag that is appended to a using CAST-128 and the session-key
message, using a secret key. This tag is 7.The session-key is then encrypted with
recalculated at the receiver's end to verify RSA using the recipient’s public key and is
the integrity of the message. attached (prepended) to the message. (Pts.
Public Key Infrastructure (PKI): PKI involves 5-7 covers confidentiality)
the use of digital certificates issued by 8.Message is transferred through the
trusted third parties, known as Certificate medium.
Authorities (CAs), to authenticate the The receiver uses RSA to with its private key
identities of parties to decrypt and recover session key
HMAC (Hash-based Message Now since the session key is obtained , the
Authentication Code): HMAC combines remaining message is decrypted using
cryptographic hash functions with a secret sender’s public key and RSA
key to provide integrity and authenticity of The receiver then generates a hash code for
a message. the message and compares them it with the
Checksums: Checksums are simple error- decrypted hash code. If they match, the
checking techniques that involve adding up
the bytes in a message and including the
sum in the message. it to the received value
to verify message integrity.
�Explain Kerberos & working Buffer overflow attack
1. A buffer is a space in which data can be
Kerberos is an authentication service
held.
developed at MIT.It is a trusted ley server
2. A buffer resides in memory.
system which provides private-key third-
3. Because memory is finite, a buffer's
party authentication service (i.e a third
capacity is finite.
entity is responsible for authentication of
4. Buffer overflow is the result of stuffing
two-people communication)
more data into a buffer than it can handle
Approach: We use the private-key
5. For Example: If you try to pour four
cryptography approach (where both parties
gallons of water into three gallons capacity
use same key..e.g.DES) . We use a third-
jug, some water is going to spill out
party who vouches for the identity of both
6. It is also called as buffer overrun or
the parties involved in transaction.
smashing the stack.
Working User logs into the workstation(PC)
7. It is the basis of many software
and requests for a service of host machine.
vulnerabilities
The user instead of sending its username
8. Assume a Web form that asks the user to
and password sends plaintext request to
enter data, such as name, age and date of
Authentication Server (AS)for a Ticket that
birth.
the user can use to talk to Ticket Granting
9. The entered information is then sent to a
Server (TGS).
server and the server writes the data
The AS finds the keys corresponding to the
entered to a buffer that can hold N
login name and the TGS. The AS creates a
characters.n
ticket which is made up of Ticket →
10. If the server software does not verify
{Login Name || TGS Name || Client n/w
that the length of the data is at most N
address || TGS Session key} .
characters, then a buffer overflow might
The user now decrypts using the user’s
occur.
private-key (Password) . He now possesses
the session key and a ticket which he can Kerberos digram
use to contact the Ticket Granting Server
(TGS) (Note: The client cannot see inside
the ticket as its encrypted by TGS’ private-
key).
The TGS on receiving the message decrypts
the ticket using it’s secret key . Inside will
be the TGS session-key. The TGS decrypts
the authenticator using the session key.
The User now decrypts the message
received from TGS using the TGS session-
key.
�Digital Certificate& x509 Version: which X.509 version applies to the
An attachment to an electronic message certificate (which indicates what data the
used for security purposes. The most certificate must include)
common use of a digital certificate is to Serial number: the identity creating the
verify that a user sending a message is who certificate must assign it a serial number
he or she claims to be, and to provide the that distinguishes it from other certificates
receiver with the means to encode a reply. Algorithm information: the algorithm used
An individual wishing to send an encrypted by the issuer to sign the certificaten
message applies for a digital certificate Issuer distinguished name: the name of the
from a Certificate Authority (CA). entity issuing the certificate (usually a
A certificate contains information that certificate authority)
identifies the certificate's owner (called the Validity period of the certificate: the period
subject) as an entity on the network. A of time for which the certificate is valid with
certificate also contains the owner's public the start/end date.
key. Furthermore, a certificate identifies the Subject distinguished name: the name of
CA (called the issuer) that issued the the identity the certificate is issued
certificate. toSubject public key information the public
A CA uses its private key to digitally sign key associated with the identity
each certificate it issues. To create the Extensions Many of the certificates that
digital signature, the CA generates a people refer to as Secure Sockets Layer
message digest from the certificate, (SSL) certificates are in fact X.509
encrypts the digest with its private key, and certificates.
includes the digital signature as part of the
certificate.digital certificate is a digital form
of identification, like a passport. A digital
certificate provides information about the
identity of an entity. A digital certificate is
issued by a Certification Authority (CA).
Examples o lf trusted CA across the world
are Verisign, Entrust, etc. The CA
guarantees the validity of the information in
the certificate.
x590An X.509 certificate contains
information about the identity to which a
certificate is issued and the identity that
issued it. Standard information in an X.509
certificate includes:
�Ssl need & handshake *Operations*block cipher
Ssl The internet and web has become
1.Cipher Block Chaining Mode(CBC Mode)
widely popular today. However, it is
Load the ‘n’ bit initialization vector (IV) in
vulnerable to serious attacks.
the top register.
For this purpose, various security
XOR the ‘n’ bit plaintext block with data
approaches are possible. These approaches
value in top register.
are mainly dependent on which network
Encrypt the result of XOR operation with
layer they operate on (Remember the
underlying block cipher with key ‘k’.
network layers of CN!!).
feed ciphertext block into top register &
The SSL (Secure Socket Layer) is a whole
continue the operation till all plaintext
new layer of protocol which operates above
blocks are processed.
the Internet TCP protocol and below high-
for decryption, IV data is XORed with 1st
level application protocols
ciphertext block decrypted, the first
SSL handshake protocol.
ciphertext block is also fed into the register
It is one the most complex protocols of SSL.
replacing IV for decrypting next ciphertext
It allows client and server to:
block
Authenticate each other
2 Electronics Code Book:
To negotiate encryption & MAC algorithm.
The user takes the first block of plaintext &
To negotiate cryptographic keys to be used.
encrypts it with the key to produce the first
The Handshake Protocol is used before any
block of ciphertext.
application data is transmitted.
Then take the second block of plaintext &
The handshake protocol is made up of a
encrypt it with the key to produce the
series of messages exchanged between
second block of ciphertext.
both parties (server & client) which is of the
This mode is determined i.e if plaintext
format
block P1,P2,P3……Pm
(4 phases)
areencrypted twice under the same key,the
a) Establish security capabilities : this
o/p ciphertext blocks will be the same.
phase is used by the client to initiate a
logical connection and to for a given key, we can create a codeblock
b) Server Authentication and Key of ciphertext for all possible plaintext
Exchange: The server begins this phase by blocks.
sending its certificate if it needs to be
authenticated. c) Client Authentication Encryption would then only look up for
and Key Exchange: the client should verify required plaintext & select the
that the server provided a valid certificate if corresponding ciphertext.
required and check that the
d) Finish: this phase completes the setting
up of a secure connection.
� digest; the digest is inserted in the
Transport & tunnel / AH & ESP authentication header
Transport Mode When an IP datagram carries an
* IPSec protects what is delivered from the authentication header, the original value in
transport layer to the network layer. the protocol field of the IP header is
* Means, Transport mode protects the replaced by the value 51
payload to be encapsulated in the network * A field inside the authentication header
layer (the next header field) holds the original
Network Layer Security value of the protocol field (the type of
* At network layer, security can b applied payload being carried by the IP datagram)
between (ESP)
* Two hosts* Two Router * A host and a * The AH protocol does not provide
Router confidentiality, only source authentication
* To provide the security at network layer and data integrity
IETF designed a set of protocol known as IP * IPSec later defined an alternative
Security (IPSec). . protocol, Encapsulating Security Payload
Transport mode does not protect the IP (ESP), that provides source authentication,
header. integrity, and confidentiality ESP adds a
Transport mode does not protect the whole header and trailer.
IP packet; it protects only the packet from The ESP procedure follows these steps:
the transport layer (the IP-layer payload). 1.An ESP trailer is added to the payload
This mode is used:* When we need host-to- 2.The payload and the trailer are encrypted
host (end-to-end) protection. 3.The ESP header is added
Tunnel Mode 4.The ESP header, payload, and ESP trailer
* TPSec protects the entire IP packet. are used to create the authentication data
* It takes an IP packet, including the header, 5.The authentication data are added to the
applies IPSec security methods to the entire end of the ESP trailer
packet, and then adds a new IP header.
Normally used between
* two routers* a host and a router* a router
and a host
Authentication Header (AH)
* The Authentication Header (AH) Protocol
is designed to authenticate the source host
and to ensure the integrity of the payload
carried in the IP packet
* The protocol uses a hash function and a
symmetric (secret) key to create a message
�Types of firewall &IDS Personal Firewall:It is software application
1 Packet Filtering Firewall: used to protect a single internet connected
> A packet filtering firewall is also called as computer from intruders.Personal firewall
screening router firewall. protection is useful for users with 'always-
> It filters the packet based on following on' connections such as DSL or cable
information: modem.These users are students, home
It is simplest and most effective type of users, individual workers, small
firewall. businessmen etc.Using a separate firewall
Source and destination IP address. system would be expensive. To tackle this
Source and destination Port address. problem personal firewall are used.It is an
IP Protocol field.-Packet filtering firewall application program which runs on a work
examines packets up to the network layer station to block unwanted traffic from
and can only filter packet network
Stateful Inspection Firewall IDS
Unlike packet filtering firewall, Stateful IDS is a software or hardware device
firewall keeps track of state of a connection installed on the network or host.IDS is used
which may be initiation, data transfer or to detect and report intrusion attempts to
termination. the network.IDS cannot block connection.It
A drawback of packet filters is that they are gives early warning of an intrusion.IDS is
stateless and they have no memory of less likely to be attacked then Firewall.It is
previous aware of traffic in the interna network
packets which makes them vulnerable to Types1. Network IDS.2. Host IDS.3. Protocol
spoofing attacks. Attacker may modify the Based IDS.4. Anomaly Based IDS.5. Misuse
attack by splitting it into multiple packets, Based IDS.6. Hybrid IDs.
which goes undetected inpacket
Strength: It can detect password cracking &
Application Proxies Firewall
denial of services.
A proxy means acting on your behalf of
something. Limitation: IDS Detect attack only after they
An application proxy firewall processes have entered the network, and do nothing
incoming packets all the way up to the to stop attacks.
application layer. This firewall contains a
proxy agent that acts as an intermediary
between two hosts that want
tocommunicate with each other.Application
proxies never allow a direct connection
between the two hosts and it is transparent
to them.Each proxy agent authenticates
each individual network user, with the
�Different types of Vulnerabilities vulnerabilities are exploited to attack
1. Software vulnerabilities-Software Discovery: Attackers first identify potential
vulnerabilities are when applications have vulnerabilities in a target system or
errors or bugs in them. Attackers look at software. This could involve scanning for
buggy software as an opportunity to attack open ports, analyzing network traffic, or
the system making use of these searching for known vulnerabilities in
flaws.Example: Buffer overflow, race software versions.
conditions etc. Exploit Development: Once a vulnerability
2. Firewall Vulnerabilities-Firewalls are is identified, attackers may develop or
software and hardware systems that obtain exploit code to take advantage of it.
protect intra-network from attacks. A This code is crafted to specifically target the
firewall vulnerability is an error, weakness weakness in the system or software.
or invalid assumption made during the Code Injection: One common method is
firewall design, implementation or code injection, where attackers input
configuration that can be exploited to malicious code into vulnerable areas of a
attack the trusted network that the firewall system. For example, SQL injection involves
is supposed to protect. inserting malicious SQL statements into
3. TCP/IP Vulnerabilities-These input fields to manipulate a database.
vulnerabilities are of the various layers of a Buffer Overflows: Another technique is
network. These protocols may lack features exploiting buffer overflows, where attackers
that are desirable on the insecure input more data than a program expects,
network.Example: ARP attacks, causing it to overwrite adjacent memory.
Fragmentation attacks etc This can lead to the execution of arbitrary
4. Wireless Network Vulnerabilities- code or a system crash that can be
Wireless LANs have similar protocol-based leveraged by attackers.
attacks that plague wired LAN. Unsecured Social Engineering: Vulnerabilities aren't
wireless access points can be a danger to always technical; attackers may exploit
organizations as they offer the attacker a human vulnerabilities through social
route around the company’s network. engineering. This involves manipulating
Example: SSID issues, WEP issues etc. individuals into divulging sensitive
5. Operating System Vulnerabilities-The information or performing actions that
security of applications running on depends compromise security.
on the security of the operating system. Privilege Escalation: Once initial access is
Slightest negligence by the system gained, attackers may attempt to escalate
administrator can make the operating their privileges to gain deeper access into
systems vulnerable. Example: Windows the system. This could involve
vulnerabilities, Linux vulnerabilities. exploitingadditional vulnerabilitweaknesses
vulnerabilities are caused due to design and to gain administrative privileges.
�DOS Attack &different ways to mount This attack causes fragmentation packets to
DENIAL OF SERVICE:1 Denial of Service overlap one another on the host
(DoS) is also called as availability attack. receipt.Packet 1 carries bytes 1-1000
2. DoS makes a computer or its resources Packet 2 carries bytes 1001-2000
unavailable to its intended user. Smurf Attack:
3. In DoS, an attacker may prevent you from > It is a variation of a ping attack.
accessing email, website, online accounts or This attacker floods a target system via
other services that rely on affected spoofed broadcast ping message.
computer. The attacker sends a ping request to a third
4. The basic purpose of a DoS attack is party's broadcast address on the network
simply to flood a network or change in the address.
configurations of routers on the network. Every system within third party's broadcast
5. These attacks sometimes have a specific domain then sends ping response to the
targeta. All message sent to specific victim.Packet 3 carries bytes 2001-3000
recipient may be suppressed.b. An entire Echo Chargen:
network may be disrupted either by > Echo chargen takes place between two
disabling the network or by flooding it with hosts.
messages. Echo services repeat anything sent to it.
Mount dos Chargen service generates a continuous
SYN Flood Attack:SYN Flood Attack uses stream of data.
TCP protocol suite, where a 3-way If they are used together, they create an
handshaking of network connection is done infinite loop and results in denial of service
with SYN and ACK messageTo initiate TCP difference
connection, the system that wishes to Block CipherBlock Cipher operates on larger
communicate, sends a SYN message to the block of data.2 Slower than Stream
target system.If the target system is ready Cipher.3Block Cipher has High
to communicate, it sends SYN + ACK Diffusion.4Requires more code.5It provide
message to source machine.The ping of integrity protection or
death simply sends ping packets that are authentication.6Block Cipher is more
larger than 65,535 bytes to the victim.This suitable for software implementation.
DoS attack is as follows: ping-186600 Stream CipherStream Cipher operates on
victim.orgThis attack saturates the victim's smaller units of plain text.2Faster than
bandwidth, if attacker is on let's saying 100 Block Cipher.3Stream Cipher has Low
MB connection and victim is on 10 MB Diffusion.4Requires less code.5It does not
connection provide integrity protection or
Teardrop Attack:Teardrop Attack is authentication.6Stream Cipher is more
conducted by targeting TCP/IP suitable for hardware implementation.Key
fragmentation reassembly code. is used only once.
�Dse algo & steps HMAC CBC-MAC &CNAC
Data Encryption Standard (DES) is a block HMAC (Hash-based Message
cipher with a 56-bit key length that has Authentication Code):HMAC is a method
played a significant role in data security. for generating a MAC using cryptographic
Data encryption standard (DES) has been hash functions.It uses two rounds of
found vulnerable to very powerful attacks hashing, which makes it resistant to length
therefore, the popularity of DES has been extension attacks.HMAC can be used with
found slightly on the decline. DES is a block any iterative cryptographic hash function,
cipher and encrypts data in blocks of size of such as MD5, SHA-1, SHA-256, etc.It is
64 bits each, which means 64 bits of plain widely used in various security protocols
text go as the input to DES, which produces like TLS, IPsec, and SSH.
64 bits of ciphertext. The same algorithm CBC-MAC (Cipher Block Chaining Message
and key are used for encryption and Authentication Code):CBC-MAC is derived
decryption, with minor differences. The key from the CBC mode of encryption.It
Step-1: User login and request services on involves encrypting the message using a
the host. Thus user requests for ticket- block cipher in CBC mode and then using
granting service. the last block as the MAC.It's simple and
Step-2: Authentication Server verifies user’s efficient but can be vulnerable to certain
access right using database and then gives attacks if not implemented carefully.CBC-
ticket-granting-ticket and session key. MAC is typically used in situations where
Results are encrypted using the Password of the length of the message is fixed.
the user. CMAC (Cipher-based Message
Step-3: The decryption of the message is Authentication Code):CMAC is a newer
done using the password then send the MAC algorithm designed to address some of
ticket to Ticket Granting Server. The Ticket the limitations of CBC-MAC.It uses a
contains authenticators like user names and variation of CBC mode called the OMAC
network addresses. (One-Key CBC-MAC) construction.CMAC is
Step-4: Ticket Granting Server decrypts the more secure and efficient than CBC-MAC
ticket sent by User and authenticator and does not have the same length
verifies the request then creates the ticket limitations.It's often used in protocols
for requesting services from the Server. where variable-length messages are
Step-5: The user sends the Ticket and common, like network protocols
Authenticator to the Server.
Step-6: The server verifies the Ticket and
authenticators then generate access to the
service. After this User can access the
services
�Hashing- properties .types. application Types
Cryptographic: These are secure and
A hash function is a mathematical function
resistant to various attacks, such as collision
that takes input data of arbitrary size and
attacks, pre-image attacks, and second pre-
outputs a fixed-size string of data, typically
image and MD5.Non-cryptographic: These
a sequence of numbers and letters that
are not secure but applicable in data
represent the original input. The main aim
indexing, checksum generation, and error
of a hash function is to provide a way to
detection..Perfect: An ideal hash function
map data of arbitrary size to data of fixed
produces no collisions for a specific set of
size.These functions are used in many
inputs. As a result, these functions are
applications, including cryptography, data
useful Universal: These produce uniformly
integrity checking, data indexing, and data
distributed hash values across various
fingerprinting. For instance, in
inputs..Keyed: These require a secret key in
cryptography, hash functions are used to
addition to the input data. The private key
generate digital signatures, which can be
help prevent attacks from malicious users.
used to verify the authenticity of a message
Application
or document.
Cryptography: These are used in
Properties
cryptography to ensure the confidentiality
Determinism: A hash function is
and integrity of data. They generate digital
deterministic, meaning a given input will
signatures.Data integrity checking: These
always produce the same output.
verify that data has been unaltered during
Uniformity: A good hash function should
transmission. This is done by generating a
produce uniformly distributed outputs. This
hash value for the Data indexing: These
means that the probability of any given
create indexes for large data sets. This
work should be equal.
allows for quick retrieval of data, even from
Non-reversibility: A hash function is non-
extensive databases.Data fingerprinting:
reversible, meaning it is impossible to
These uniquely identify data, such as file-
determine the input that produced a given
sharing networks. Generating a hash value
output.
for a piece of data makes it possible to
Fixed-size output: It produces a fixed-size
identify and ensure it is uniquely
output regardless of the input size. This
safe.Password storage: These store
property is essential because it enables
passwords securely. When a user creates a
efficient storage and retrieval of data.
password, the hash value of that password
Sensitivity to input changes: A slight is stored instead of the password
change in the input to a hash function itself.Digital forensics: These are popular in
should produce a significant difference in digital forensics to ensure the authenticity
the output of evidence Blockchain: These are
. extensively popular in blockchain
