@CRYPTOGRAPHY @AUTHENTICATION @SECURE SYSTEMS @TRANSPORT LAYER SECURITY @IP AND WIRELESS SECURITY @FIREWALL

ABSTRACT:
y TRAFFIC CONFIDENTIALITY y DATA INTEGRITY y ORIGINALITY y TIMELINES y DNS y AUTHENTICATION y ACCESS CONTROL y DENIAL OF SERVICE(DOS) ATTACKS

CRYPTOGRAPHIC TOOLS:
Cryptogrpahy is providing security to the data transmitted/received over the internet through algorithms such as CIPHERS and CRYPTOGRPAHIC HASHES.

PRINCIPLES OF CIPHERS:
 Applies encryption for plaintext message  Ciphertext message is sent over the network  Secret decryption is applied over the receiver side ,It is paramaterized by KEY.  Electronic codebook(ECB) mode encryption  Cipher block chaining

SYMMETRIC-KEY ENCRYPTION AND DECRYPTION

TYPES OF CIPHERS:
 Symmetric-key ciphers  Public key ciphers

Using public keys:

Authentication protocols:
Orginality and timelines Synchronization Symmetric key authentication 1.Without sync. 2.kerberos. 3.Diffie-Hellman key agreement.

ORGINALITY AND TIMELINES:

ORGINALITY AND TIMELINES(contd..)

Here there are three main techniques used, They are  Nonce--A random number  Timestamp  Timelines & Authentication. This is also known as challenge-response protocol when both of nonces and timestamp techniques are used.

PUBLIC KEY AUTHENTICATION:

We see that public-key authentication depends upon synchronization

PUBLIC KEY AUTHENTICATION(contd..)

Assume that alice and bobs public keys have been predistributed to each other. Then the following sequence of operations occur o Alice sends a digital certificate.ie,A Digital signature is sent along with the message o Bob uses this digital signature to authenticate the message and sends back a new message with a timestamp. o A new session key is encrypted using alices public key,Thus alice can verify with the authenticity and freshness of the message.

SYMMETRIC KEY AUTHENTICATION PROTOCCOLS:

This does not depend upon the synchronization

SYMMETRIC-KEY AUTHENTICATION(contd..)
This focuses mainly on the larger systems,where each entity would have its own master key shared only with a KDC.  Here KDC uses the knowledge of alices and bobs master key to construct a reply from bob.  This reply will not be useful to anyone except alice,because only alice can decrpyt it.  After the first authentication alice and bob can perform the authentication protocol themselves. NOTE:KDC is key distribution center.

KERBEROS(NEEDHAM-SCHROEDR APPROACH):

Kerberos is a authentication system that works based on NEEDHAM-SCHROEDER protocol

KERBEROS(NEEDHAM-SCHROEDR APPROACH):
It is more of user friendly technique,It gives the Client to authenticate the communication with passwords. In the above example,  The KDC generates a master key based on the alicess password,As soon as alice sends the password to the KDC it generates a masterkey This password information of alice is deleted from the network as soon as the key is generated. Here KDC acts as a software used by the clients.

KERBEROS:

AS=AUTHENTICATION SERVER TGS=TICKET-GRANTING SERVER

KERBEROS APPROACH:
There are two replys in this approach, 1. Alice needs to prove her identity to the AS(authentication server). 2. The TGS(ticket-granting server) gives some sort of ticket which acts as a alice identifier. These two steps occur before establishing the Communication,Once the communication is established it generates two things,they are I. Identifier II. Encrypted message with bobs master key.

DIFFIE-HELLMAN KEY AGREEMENT:

This method doesn t authenticate the clients, Instead it is augmented in some way to provide authentication. Here the following parameters are used P=Any prime number G=Generator number(usually 2). a,b=random private values. Ex: Alice generates ga mod p Bob generates gb mod p

COMPUTATION:
Alice computes the following value gab mod p=(gb mod p)a mod p Bob generates the following value gab mod p=(ga mod p)b mod p When they are equal communication is established and thus the reuslting key can be easily computed. MAN IN THE MIDDLE ATTACK: Here a third person can generate the own private random variables c and d and thus intercept messages from alice and bob since both of them unknowingly share the key.

MAN IN THE MIDDLE ATTACK:

SECURE SYSTEMS:
Components used for building a secure system are
Cryptographic algorithms Key distribution mechanism Authentication protocols.

Systems that operate in application layer include

PGP(pretty good privacy) SSH(secure shell) TLS(Transport layer security) SSL(secure socket layer) IPsec(IP security)

PGP:
It is basically used for providing security for the electronic-mail.This was devised by phil zimmerman which is also known as OPEN PGP .PGP supports RSA and DSS public certifications,These certificates may specify which cryptographic algorithms are supported or preferred by the key s owner. Note: MD5 and SHA-1 are the hashes used in digital signature. AES and 3DES are the ciphers used.

PGP:

BASE-64 ENCODING IS USED IN RECEVIERS SIDE

SSH:
SSH provides remote login service which is intended to replace less-secure telnet and rlogin programs used in early days. The SSH server actually runs on a remote system on which users wants to login. It is widely used because of strong authentication and password protection it provides. Consider connecting a home computer to a school computer for some work,Then we will have the following issues

SSH(contd..):
y We have to send the password and data through of

number of untrusted networks which connects the school and home computer. y SSH provides a encryption for the data sent ,thus to improve the strength of the authentication mechanism used for logging in. y It consists of three protocols
SSH-TRANS. 2. SSH-AUTH. 3. SSH-CONN.
1.

SSH METHOD:
The generally used parameters in SSH are  First-time risk  Public key encryption  Host authentication  ssh~keygen  ~/.ssh/known_hosts  ~/.ssh/authorized_hosts  ~/.ssh/identity  Port forwarding

TLS,SSL,HTTPS:
Immediately after the introduction of internet some popular enterprises took interest on how to make the transactions secure over the web. Eg:A purchase done using credit card.  This protocol just looks like a normal transport protocol except that it is additionally secure .  This includes all normal features of TCP along with secure transport layer running on top of it.  While using HTTPS it is connected to port 443 in which normal data passed through SSL/TLS protocol for encryption and decryption.

TLS,SSL,HTTPS(contd..):
Secure transport layer inserted between application and TCP layer is shown below.
APPLICATION(eg.HTTP) SECURE TRANSPORT LAYER TCP IP SUBNET

The sender can open communication and send it over network such that SSL makes sure of confidentiality,integrity and authentication.

HAND-SHAKE PROTOCOL:
A pair of TLS participants negotiate at runtime which cryptography to use.The participants negotiate the use of  Data integrity hash,MD5 or SHA  Symmetric key ciphers  Session-key establishment approach and public key authentication protocols. The TLS delivers all of these using a one shared master-secret.

HANDSHAKE PROTOCOL:

HANDSHAKE PROTOCOL TO ESTABLISH TLS SESSION:

IP security:
This is made mandatory in IPv6 owing to increased network attacks which was optional in IPv4. Ipsec provides three levels of security,They are 1. Highly modular allowing users to select the cryptographic algorithms and security protocols. 2. Provides a large menu of security properties including access control,integrity,etc 3. Protection in narrow streams or wide streams. Terms used: SA=security association SPI=security parameter index

IP security(contd..)
FORMAT OF Ipsec s ESP:

Seqnum-Protects against replay attacks Payloaddata-contains the data in next header field Paylength-describes how much padding was done using ciphers Authentication data-authenticator.

WIRELESS SECURITY(802.11i):
Wi-fi proteceted access 2(WPA2) is often used as acronym for 802.11i. 802.11i supports two modes,They are  Personal mode  Passphrase mode In both of these methods the master key is cryptographically derived.

WIRELESS SECURITY(802.11i):
The AS(authentication server) and AP(access-points) must be connected by a secure channel and could even share the same host. The authentication is provided by EAP. EAP-supports multiple authentication methods such as smart cards,kerberos and one-time passwords. Usage of CCMP is also possible CTR-counter mode CBC-MAC cipher block chaining with message authentication.

FIREWALLS:
A firewall is a system that is the sole point of connectivity between the site it protects and the rest of the network,It is usually implemented as a part of the router. In terms of walls,a firewall provides access Control by restricting which messages it will relay between the site and the rest of the network,  It forwards the message that are allowed.  It filters out the message that are dis-allowed.

FIREWALLS:

Firewalls may create zones of trust based on hierarchy. EG:Demilitarized zone(DMZ)

Examples:
1. (192.12.13.14,1234,18.7.6.5,80). 2. (*,*,128.7.6.5,80)

Two kinds of firewall are  Stateful firewall.  Stateless firewall. DISADVANTAGES: I. Viruses and worms II. Third party accessing firewall. III. Malware and spyware.

CONCLUSION:
 The job of network security is to keep the network secure

from spying or interference.

 Data integrity and cryptographic hashing.  Avoiding DOS attacks.