SUBJECT CODE: EIT-701 BRANCH: IT SEM: 7 Evaluation Scheme
NOTESSUBJECT: Cryptography and Network SecuritySUBJECT CODE: EIT-701BRANCH: ITSEM: 7thSESSION: 2014-15Evaluation SchemeSubjectCodeName ofSubjectEIT701Cryptography& NetworkSecuirtyPeriodsEvaluation t1504Asst. Prof. Rahul Sharma &Asst. Prof. Lovey RanaIT Department,AKGEC Gzb1
EIT-701 Cryptography & Network SecurityUnit-IIntroduction to security attacks, services and mechanism, Classical encryption techniquessubstitution ciphers and transposition ciphers, cryptanalysis, steganography,Stream and block ciphers. Modern Block Ciphers: Block ciphers principles, Shannon’s theory ofconfusion and diffusion, fiestal structure, Data encryption standard(DES), Strength of DES, Idea ofdifferential cryptanalysis, block cipher modes of operations, Triple DESUnit-IIIntroduction to group, field, finite field of the form GF(p), modular arithmetic, prime and relativeprime numbers, Extended Euclidean Algorithm, Advanced Encryption Standard (AES) encryptionand decryption Fermat’s and Euler’s theorem, Primality testing, Chinese Remainder theorem,Discrete Logarithmic Problem, Principals of public key crypto systems, RSA algorithm, security ofRSAUnit-IIIMessage Authentication Codes: Authentication requirements, authentication functions, messageauthentication code, hash functions, birthday attacks, security of hash functions, Secure hashalgorithm (SHA) Digital Signatures: Digital Signatures, Elgamal Digital Signature Techniques,Digital signature standards (DSS), proof of digital signature algorithm,Unit-IVKey Management and distribution: Symmetric key distribution, Diffie-Hellman Key Exchange,Public key distribution, X.509 Certificates, Public key Infrastructure. Authentication Applications:Kerberos Electronic mail security: pretty good privacy (PGP), S/MIME.Unit-VIP Security: Architecture, Authentication header, Encapsulating security payloads, combiningsecurity associations, key management. Introduction to Secure Socket Layer, Secure electronic,transaction (SET) System Security: Introductory idea of Intrusion, Intrusion detection, Viruses andrelated threats, firewalls.Text Book:1. William Stallings, “Cryptography and Network Security: Principals and Practice”,Pearson Education.References:1. Behrouz A. Frouzan: Cryptography and Network Security, TMH2. Bruce Schiener, “Applied Cryptography”. John Wiley & Sons3. Bernard Menezes,” Network Security and Cryptography”, Cengage Learning.4. Atul Kahate, “Cryptography and Network Security”, TMH2
Contents1UNIT . 91.1INTRODUCTION . 91.2Security Attacks, Services and Mechanisms . 91.3Basic Concepts . 101.4Cryptography . 101.5Cryptanalysis. 111.6STEGANOGRAPHY . 111.7SECURITY SERVICES . 121.8SECURITY MECHANISMS . 121.9SECURITY ATTACKS. 131.9.1Interruption . 131.9.2Interception . 131.9.3Modification . 131.9.4Fabrication . 141.10Cryptographic Attacks . 141.11Passive Attacks . 141.12Active attacks . 151.13Symmetric and public key algorithms . 151.14CONVENTIONAL ENCRYPTION . 171.15CLASSICAL ENCRYPTION TECHNIQUES . 191.15.1I .SUBSTITUTION TECHNIQUES . 19Strength of playfair cipher. 203
1.15.1.41.15.21.16Vigenere cipher . 21One Time Pad Cipher . 22TRANSPOSITION TECHNIQUES . 231.16.1Rail fence . 231.16.2Row Transposition Ciphers- . 231.17Feistel cipher structure . 241.18BLOCK CIPHER PRINCIPLES . 11.18.11.19Block cipher principles . 2DATA ENCRYPTION STANDARD (DES) . 21.19.11.19.1.3DES Modes of Use . 4Stream Modes . 5Limitations of Various Modes . 5DES Weak Keys . 81.20DES Design Principles . 9Possible Techniques for Improving DES . 1121.20.1Triple DES . 111.20.2IDEA (IPES) . 121.20.3Differential Cryptanalysis of Block Ciphers . 141.20.4Linear Cryptanalysis of Block Ciphers . 161.21Stream Ciphers and the Vernam cipher . 171.22Modern Private Key Ciphers (part 1). 181.22.1Block Ciphers . 181.22.2Shannons Theory of Secrecy Systems . 18UNIT . 222.1Modular Arithmetic . 222.1.1Exponentiation in GF(p) . 234
2.1.2Discrete Logarithms in GF(p). 232.1.3Greatest Common Divisor . 242.1.4Inverses and Euclid's Extended GCD Routine . 242.1.5Euler Totient Function [[phi]](n). 252.1.6Computing with Polynomials in GF(qn) . 262.1.7Multiplication with Polynomials in GF(qn) . 262.23Public-Key Ciphers . 272.2.1RSA Public-Key Cryptosystem . 282.2.2ElGamal . 332.2.3Other Public-Key Schemes . 34UNIT . 353.13.1.1AUTHENTICATION FUNCTIONS . 353.1.2MESSAGE AUTHENTICATION CODE (MAC). 373.1.3Requirements for MAC: . 13.1.4MAC based on DES . 23.1.5HASH FUNCTIONS . 33.1.6Birthday Attacks . 63.2Message Authentication. . 103.2.1Authentication using Private-key Ciphers . 103.2.2Hashing Functions . 113.34AUTHENTICATION REQUIREMENTS . 35MD2, MD4 and MD5 . 123.3.1SHA (Secure Hash Algorithm) . 133.3.2Digital Signature Schemes. 13UNIT . 184.1AUTHENTICATION SERVICES KERBEROS . 185
4.1.1Kerbero V4 Authentication Dialogue Message Exchange . 214.1.2Kerberos Realms and Multiple Kerberi . 94.2X.509 Certificates . 134.3X.509 Version 3 . 224.3.1Key and Policy Information. 224.3.2Certificate Subject and Issuer Attributes . 234.3.3Certification Path Constraints . 234.4ELECTRONIC MAIL SECURITY PRETTY GOOD PRIVACY (PGP) . 234.5Cryptographic keys and key rings. 274.6S/MIME . 354.7Cryptographic Algorithms . 404.7.1SECURING A MIME ENTITY . 424.7.2S/MIME Certificate Processing . 454.8Enhanced Security Services . 474.9Key Management . 473.2Authentication Protocols . 484.9.1Challenge-Response . 484.9.2Needham-Schroeder . 484.9.3KEY MANAGEMENT . 494.9.4Public Announcement . 494.9.5Public-Key Certificates. 494.9.6Kerberos - Initial User Authentication . 513.2.1Kerberos - Request for a Remote Service . 513.2.2Kerberos - in practise . 523.3X.509 - Directory Authentication Service . 523.3.1X.509 Certificate . 526
43.3.2CA Hierarchy. 533.3.3Authentication Procedures . 534.9.7DIFFIE-HELLMAN KEY EXCHANGE . 54Security in Practise - Secure Email . 564.105PEM . 574.10.1PEM - Key Management . 574.10.2PGP . 574.10.3PGP - In Use . 584.10.4Sample PGP Message . 584.1.1PGP - Issues . 594.10.5User Authentication . 604.10.6What you Know . 604.10.7One-shot Passwords . 61UNIT . 625.1INTRUDERS . 625.2INTRUSION DETECTION:. 635.2.1Statistical Anomaly Detection: . 665.2.2Rule-Based Intrusion Detection . 685.2.3The Base-Rate Fallacy . 695.2.4Distributed Intrusion Detection . 695.2.5Honeypots . 705.2.6Intrusion Detection Exchange Format . 725.3FIREWALLS . 725.3.15.3.25.4IP address spoofing – . 75Firewall configurations . 78VIRUSES AND RELATED THREATS . 837
8
1UNIT1.1 INTRODUCTIONComputer data often travels from one computer to another, leaving the safety of itsprotected physical surroundings. Once the data is out of hand, people with bad intention couldmodify or forge your data, either for amusement or for their own benefit.Cryptography can reformat and transform our data, making it safer on its trip betweencomputers. The technology is based on the essentials of secret codes, augmented by modernmathematics that protects our data in powerful ways. Computer Security - generic name for the collection of tools designed to protect data and tothwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection ofinterconnected networks1.2 Security Attacks, Services and MechanismsTo assess the security needs of an organization effectively, the manager responsible forsecurity needs some systematic way of defining the requirements for security and characterizationof approaches to satisfy those requirements. One approach is to consider three aspects ofinformation security:Security attack – Any action that compromises the security of information owned by anorganization.Security mechanism – A mechanism that is designed to detect, prevent or recover from asecurity attack.Security service – A service that enhances the security of the data processing systems and theinformation transfers of an organization. The services are intended to counter security attacks andthey make use of one or more security mechanisms to provide the service.9
1.3 Basic ConceptsCryptography The art or science encompassing the principles and methods of transforming anintelligible message into one that is unintelligible, and then retransforming that message back to itsoriginal formPlaintext The original intelligible messageCipher text The transformed messageCipher An algorithm for transforming an intelligible message into one that is unintelligible bytransposition and/or substitution methodsKey Some critical information used by the cipher, known only to the sender& receiverEncipher (encode) The process of converting plaintext to cipher text using a cipher and a keyDecipher (decode) the process of converting cipher text back into plaintext using a cipher and akeyCryptanalysis The study of principles and methods of transforming an unintelligible messageback into an intelligible message without knowledge of the key. Also called code breakingCryptology Both cryptography and cryptanalysisCode An algorithm for transforming an intelligible message into an unintelligible one using acode-book1.4 CryptographyCryptographic systems are generally classified along 3 independent dimensions:Type of operations used for transforming plain text to cipher textAll the encryption algorithms are based on two general principles: substitution, in which eachelement in the plaintext is mapped into another element, and transposition, in whichelements in the plaintext are rearranged.The number of keys usedIf the sender and receiver uses same key then it is said to be symmetric key (or)single key (or) conventional encryption.If the sender and receiver use different keys then it is said to be public key encryption.The way in which the plain text is processedA block cipher processes the input and block of elements at a time, producing output block foreach input block.10
A stream cipher processes the input elements continuously, producing output element one at atime, as it goes along.1.5 CryptanalysisThe process of attempting to discover X or K or both is known as cryptanalysis. Thestrategy used by the cryptanalysis depends on the nature of the encryption scheme and theinformation available to the cryptanalyst.There are varioustypes of cryptanalytic attacksbased on the amount ofinformation known to the cryptanalyst.Cipher text only – A copy of cipher text alone is known to the cryptanalyst.Known plaintext – The cryptanalyst has a copy of the cipher text and the correspondingplaintext.Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. Theycannot open it to find the key, however; they can encrypt a large number of suitably chosenplaintexts and try to use the resulting cipher texts to deduce the key.Chosen cipher text – The cryptanalyst obtains temporary access to the decryptionmachine, uses it to decrypt several string of symbols, and tries to use the results to deduce thekey.1.6 STEGANOGRAPHYA plaintext message may be hidden in any one of the two ways. The methods reasthemethodsofcryptography render the message unintelligible to outsiders by various transformations of the text.A simple form of steganography, but one that is time consuming to construct is one inwhich an arrangement of words or letters within an apparently innocuous text spells out thereal message.e.g., (i) the sequence of first letters of each word of the overall message spells out the real(Hidden) message.(ii) Subset of the words of the overall message is used to convey the hidden message.Various other techniques have been used historically, some of them areCharacter marking – selected letters of printed or typewritten text are overwritten in pencil. The11
marks are ordinarily not visible unless the paper is held to an angle to bright light.Invisible ink – a number of substances can be used for writing but leave no visible trace until heator some chemical is applied to the paper.Pin punctures – small pin punctures on selected letters are ordinarily not visible unless thepaper is held in front of the light. Typewritten correction ribbon – used between the lines typedwith a black ribbon, the results of typing with the correction tape are visible only under a stronglight.Drawbacks of steganographyRequires a lot of overhead to hide a relatively few bits of information.Once the system is discovered, it becomes virtually worthless.1.7 SECURITY SERVICESThe classification of security services are as follows:Confidentiality:Ensures that the information in a computer system a n d transmittedinformation are accessible only for reading by authorized parties.E.g. Printing, displaying and other forms of disclosure.Authentication: Ensures that the origin of a message or electronic document is correctlyidentified, with an assurance that the identity is not false.Integrity: Ensures that only authorized parties are able to modify computer system assets ing, changing status, deleting, creatingand delaying or replaying of transmitted messages.Non repudiation: Requires that neither the sender nor the receiver of a message be able to denythe transmission.Access control: Requires that access to information resources may be controlled by or the targetsystem.Availability: Requires that computer system assets be available to authorized parties whenneeded.1.8 SECURITY MECHANISMSOne of the most specific security mechanisms in use is cryptographic techniques.Encryption or encryption-like transformations of information are the most common means ofproviding security. Some of the mechanisms are1Encipherment12
2Digital Dignature3Access Control1.9 SECURITY ATTACKSThere are four general categories of attack which are listed below.1.9.1 InterruptionAn asset of the system is destroyed or becomes unavailable or unusable. This is an attack onavailability e.g., destruction of piece of hardware, cutting of a communication line orDisabling of file management system.1.9.2 InterceptionAn unauthorized party gains access to an asset. This is an attack on confidentiality.Unauthorized party could be a person, a program or acomputer.e.g., wire tapping to capture data in the network, illicit copying of filesSenderReceiverEavesdropper or forger1.9.3 ModificationAn unauthorized party not only gains access to but tampers with an asset. This is an attack onintegrity. e.g., changing values in data file, altering a program, modifying the contents ofmessages being transmitted in a network.SenderReceiver13
Eavesdropper or forger1.9.4 FabricationAn unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.e.g., insertion of spurious message in a network or addition of records to a file.SenderReceiverEavesdropper or forger1.10 Cryptographic Attacks1.11 Passive AttacksPassive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goalof the opponent is to obtain information that is being transmitted. Passiveattacks are of two types:Release of message contents: A telephone conversation, an e-mail message and a transferred filemay contain sensitive or confidential information. We would like to prevent the opponent fromlearning the contents of these transmissions.Traffic analysis: If we had encryption protection in place, an opponent might still be able toobserve the pattern of the message. The opponent could determine the location and identity ofcommunication hosts and could observe the frequency and length of messages beingexchanged. This information might be useful in guessing the nature of communication that wastaking place.Passive attacks are very difficult to detect because they do not involve any alteration of data.However, it is feasible to prevent the success of these attacks.14
1.12 Active attacksThese attacks involve some modification of the data stream or the creation of a false stream. Theseattacks can be classified in to four categories:Masquerade – One entity pretends to be a different entity.Replay – involves passive capture of a data unit and its subsequent transmission to produce anunauthorized effect.Modification of messages – Some portion of message is altered or the messages are delayed orrecorded, to produce an unauthorized effect.Denial of service – Prevents or inhibits the normal use or management of communicationfacilities. Another form of service denial is the disruption of an entire network, either by disablingthe network or overloading it with messages so as to degrade performance.It is quite difficult to prevent active attacks absolutely, because to do so would require physicalprotection of all communication facilities and paths at all times. Instead, the goal is to detect themand to recover from any disruption or delays caused by them.1.13 Symmetric and public key algorithmsEncryption/Decryption methods fall into two categories.Symmetric keyPublic keyIn symmetric key algorithms, the encryption and decryption keys are known both to senderand receiver. The encryption key is shared and the decryption key is easily calculated from it.In many cases, the encryption and decryption keys are the blic,butitiscomputationally infeasible to find the decryption key without the information known to thereceiver.A MODEL FOR NETWORK SECURITY15
A message is to be transferred from one party to another across some sort of internet. The twoparties, who are the principals in this transaction, must cooperate for the exchange to take place.A logical information channel is established by defining a route through the internet from sourceto destination and by the cooperative use of communication protocols (e.g., TCP/IP) by thetwo principals.Using this model requires us to:–design a suitable algorithm for the security transformation–generate the secret information (keys) used by the algorithm–develop methods to distribute and share the secret information– specify a protocol enabling the principals to use the transformation and secret informationfor a security serviceMODEL FOR NETWORK ACCESS SECURITYUsing this model requires us to:16 page
Security attack – Any action that compromises the security of information owned by an organization. Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack. Security service – A service that enhances the security
* Resume included Josh Lund, PE* Sam White, PE* David Kull, PE* Theresa McAuliffe, PE Ron Joy, PE Tim Aguilar, PE Steve Delia, EIT Mike Altieri, EIT Dan White, EIT Chris Gagne, EIT Dante Guzzi, EIT Brian Colburn, PE* Scott Ozana, PE* Brian Patinskas, PE* Steve Ireland, PE Melanie Haskins, EIT Connor Golde
EIT Health is supported by the EIT, a body of the European Union Anyone who participates in an EIT Health programme, course, or has received EIT Health funding can join our Alumni network. EIT Health Alumni Alumni members benefit from: Exclusive job offers and internships
1606 Auto Bhan Branch Hyderabad 1608 Citizen Colony Branch Hyderabad 1604 Gari Khata Branch Hyderabad 1601 Hyderabad Branch Hyderabad 1602 Latifabad Branch Hyderabad 1681 Market Road Branch Hyderabad 1605 New Cloth Market Branch Hyderabad 1603 Qasimabad Branch Hyderabad 0321 74-E Blue Area Branch Islamabad 0305 Aabpara Branch Islamabad
return, EIT Health shall participate in the economic success of the start-up via an option to assume shares in the start-up in the case of certain “financial events”. This participation is part of EIT Health’s sustainability strategy: if EIT Health receives remuneration, these funds shall be reinvested by EIT
Humphreys Insurance & Surety, Inc. 415 20th Ave. SW Minot, ND 58701 701-624-2175 office 701-240-2047 cell New Home Remodeling Concrete Siding . Minot, ND 701-839-2217 www.whynotbuyminot.com Becky Bertsch 701-833-3536 Joy Nelson 701-202-8795 Jody Bullinger 701-720-0533 Water Removal Structural Drying Sewer Backup
SDR pipe 20 701 485 111 0.053 31 70 9-11 25 701 485 112 0.050 36 70 9-11 32 701 485 113 0.071 44 72 9-11 40 701 485 114 0.095 54 80 9-11 50 701 485 115 0.131 66 88 9-11 63 701 485 116 0.194 81 96 9-17.6 Coupler PE 100 SDR 11 (ISO S5) 10 bar Gas / 16 bar Water 4 mm pin connectors Limited path fusion indicators * Removable .
Clearing Code and Branch Code Institution Name Clearing Code Branch Name Branch Code Branch Address Telephone Number Clearing System Status* BANCA MONTE DEI PASCHI DI SIENA S.P.A. - HONG KONG BRANCH 234 Hong Kong Branch 935 No.1 Harbour View Street, One International Finance Centre, 15th Floor, Suite 1501-03 & 1514-16, Central, Hong Kong 2295 .
EIT Program IMPORTANT DATES TO REMEMBER September 2014 Job posting for the EIT Program will be on the ENMAX website starting September 2nd Applications for the EIT Program will be accepted until September 26th After the job posting closes, the EIT Ma
