Unit5 Cryptography
Unit5 Cryptography
Noida
Unit: 5
ROSHAN JAMEEL
Course Details
(B Tech 4th Sem)
Assistant Professor(AI)
12/06/2023
Subject Syllabus
•UNIT-3 Asymmetric Encryption Techniques 8 Hrs
Fermat’s and Euler’s theorem, Primality testing, Chinese Remainder theorem, Discrete Logarithmic
Problem. Public and Private keys, Principles of Public Key Crypto Systems, RSA algorithm, Security
of RSA, ECDSA and its Security Analysis.
•UNIT-4 Digital Integrity 8 Hrs
Data Integrity and Authentication, Hash functions: Crypto Hash Functions, Crypto Hash Primitives,
Birthday attack, Security of hash functions, Puzzle Friendly hash function, Message Digest, Secure
hash algorithm (SHA).
Message Authentication Codes: Authentication functions, Message authentication code, HMAC.
Digital Signatures: Digital Signatures, RSA Digital Signature Scheme, Elgamal Digital Signature
Techniques, Digital signature standards (DSS/DSA), proof of digital signature algorithm
•UNIT-5 Key Management and Web Security 8 Hrs
Key Management and distribution: Symmetric key distribution, Diffie-Hellman Key Exchange, Public
key distribution, X.509 Certificates, Public key Infrastructure.
User Authentication Mechanisms: Kerberos, Electronic mail security: pretty good privacy (PGP),
S/MIME. Network Security: Security at IP layer, Transport layer Security (SSL/TLS), HTTPs and
Hardware Security Module (HSM).
ROSHAN JAMEEL Introduction to Cryptography and
Information Security Unit 5
12/06/2023
Applications
12/06/2023
Course Objectives
•The course will cover the standard security protocols for user
authentication, key management and network security
ROSHAN JAMEEL Introduction to Cryptography and
Information Security Unit 5
12/06/2023
Course Outcome
At the end of the semester, student will be able:
Course CO Description Blooms’ Taxonomy
Outcomes (CO)
*1= Low *2= Medium *3= High
12/06/2023
CO-PO Mapping
Mapping of Course Outcomes and Program Outcomes:
Average
12/06/2023
Question Paper Templet
12/06/2023
Question Paper Template
IP Security
Secure socket Layer
Secure electronic Transaction
System security
• Prerequisite
– Introduction to IP
– Network Security
– Electronic Transaction
• Recap
– IP Security
– System Security
• Physical Delivery
• Key Distribution Center (KDC)
• Using Previous Keys
• Using Third Party
• Prerequisite
• Recap
Note
A session symmetric key between two parties
is used only once.
Needham-Schroeder Protocol
Otway-Rees Protocol
• Prerequisite
• Recap
– symmetric-key Distribution
– Method for symmetric-key Distribution
Note
The symmetric (shared) key in the Diffie-Hellman
method is K = gxy mod p.
Security of Diffie-Hellman
Man-in-the-Middle Attack
Man-in-the-middle attack
• Prerequisite
• Recap
– public-key Distribution
– public -key Certificates
Public Announcement
Trusted Center
Certification Authority
X.509 Certificate
Certificate Renewal
In some cases a certificate must be revoked before its
expiration.
Delta Revocation
To make revocation more efficient, the delta certificate
revocation list (delta CRL) has been introduced.
06/12/2023 ROSHAN JAMEEL Introduction to 41
12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4
X.509 Certificate
Certificate revocation format
Trust Model
PKI hierarchical model
• Prerequisite
– Authentication protocols
– sessions keys
• Recap
– Kerberos
– Kerberos servers
Kerberos servers
Kerberos servers
Real Server
The real server (Bob) provides services for the user (Alice).
Kerberos Example
Kerberos version 5
The minor differences between version 4 and version 5 are
briefly listed below:
• Prerequisite
– Basics of Email
– Client and server
• Recap
– Email security
– Email architecture
– PGP and S-MIME
Objective of Topic :-To understand the E-Mail Security
Bhawna Wadhwa Introduction to Cryptography and Information
06/12/2023 ROSHAN JAMEEL Introduction to 52
Security Unit 5
12/06/2023 Cryptography and Information Security
Unit 5
E-mail Security CO4
E-mail Architecture
Cryptographic Algorithms
Note
In e-mail security, the sender of the message needs to
include the name or identifiers
of the algorithms used in the message.
Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.
Cryptographic Secrets
Note
In e-mail security, the encryption/decryption is done
using a symmetric-key algorithm,
but the secret key to decrypt the message is encrypted
with the public key of the
receiver and is sent with the message.
PGP
PGP Services
Code Conversion
Another service provided by PGP is code
conversion. PGP uses Radix-64 conversion.
Segmentation
PGP allows segmentation of the message.
PGP Certificates
X.509 Certificates
Protocols that use X.509 certificates depend on
the hierarchical structure of the trust.
Note
In X.509, there is a single path from the fully trusted
authority to any certificate.
PGP Certificates
In PGP, there is no need for CAs; anyone in the ring can
sign a certificate for anyone else in the ring.
Note
In PGP, there can be multiple paths from fully or
partially trusted authorities to any subject.
MIME
• MIME (Multipurpose Internet Mail Extensions)
– Extends RFC822 to resolve problems of traditional email
• New headers
– MIME-Version:
– Content-Type: type of content in the message body
(text/plain, multipart/mixed, video/mpeg, …)
– Content-Transfer-Encoding: type of transmission of the
message body to be transmitted by the MTA
– Content-ID: to overcome the mail size limitations\Content-
Description:
• Prerequisite
– Introduction to IP
– Network Security
• Recap
– IP Security
– IP security Services and protocols
IP-SEC
IPSec is a framework of open standards developed by
the Internet Engineering Task Force (IETF)
IPsec aims at securing communications over IP
– Both IPv4 and IPv6
IPSEC ADVANTAGES
IPSEC APPLICATIONS
Site-to-site
– An organisation with multiple sub-offices
Host-to-site
– Travelling employees, Contractors
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
71
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC SECURITY SERVICES
Data origin authentication
– Assurance that traffic is sent by legitimate parties
Confidentiality (encryption)
– Limited traffic flow confidentiality (some traffic
analysis possible)
Connectionless integrity
– Assurance that every received IP packet has not
been modified
– Partial sequence integrity - prevents packet replay
Access control
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
72
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC MAJOR COMPONENTS
IPSec modes
Provides message
authentication and
integrity check of IP
data payload, but not
confidentiality
Provides
authentication for as
much of the IP
header as possible
Transport mode
– Used to deliver
services from
host to host or
from host to
gateway
Tunnel mode
– Used to deliver
services from
gateway to
gateway
TUNNEL MODE
Required by routers
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
80
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
TUNNEL MODE & ESP FOR IPv4 and IPv6
IP header
IPSec header TCP/UDP header + data
(real
dest)
Transport mode
IP header IP header
IPSec header TCP/UDP header + data
(real
(gateway) dest)
Tunnel mode
• Prerequisite
– Network Security
– TCP/IP Model
• Recap
It can be seen that one layer makes use of TCP directly. This layer
is known as the S S L R e c o r d P r o t o c o l and it provides basic
security services to various higher layer protocols.
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
87
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5
1
• Handshake protocol
2
• Record protocol
3
• Change Cipher protocol
4
• Alert protocol
H a n d s h a ke P ro to c o l
H a n d s h a ke P ro to c o l E s ta b l i s h S e c u r i t y
C a p a b i l i ti e s
▫ Client hello
▫ Server hello
H a n d s h a ke P ro to c o l
Web Web
Browser Server
Step 1: Client hello
Step 1: Certificate
Web Web
Browser Step 2: Server key exchange Server
Server key • Sent only if the certificate does not contain enough information
exchange to complete the key exchange
Step 1: Certificate
Web Web
Browser Server
Step 4: Finished
Always fatal
unexpected_messages
bad_record_mac
decompression_failure
handshake_failure
illegal_parameter
Authentication of server
– How does client know who they are dealing with?
Bob’s web
Alice thinks she is at Bob’s site, but Darth site
is spoofing it
Information integrity
– How do we know third party has not altered data en route?
Bob’s web
Address information
site
Change so item shipped to
Darth
SSL Version
There are several versions of the SSL protocol defined. The
latest version, the Transport Layer Security Protocol (TLS),
is based on SSL 3.0
• Prerequisite
– Network Security
– Security services
– Attacks
• Recap
– System Security
– Viruses and Threats
Security Problem
Security must consider external environment of the
system, and protect the system resources
Intruders (crackers) attempt to breach security
Threat is potential security violation
Attack is attempt to breach security
Attack can be accidental or malicious
Easier to protect against accidental than malicious
misuse
Security Violations
Categories
Breach of confidentiality
Breach of integrity
Breach of availability
Theft of service
Denial of service
Methods
Masquerading (breach authentication)
Replay attack
Message modification
Man-in-the-middle attack
Session hijacking
Physical
Human
Operating System
Network
Security is as week as the weakest chain
security: A, B, C, and D.
D – Minimal security.
https://aktu.ac.in/question-bank.html
IP Security
Secure socket layer
Secure electronic Transaction
System security
Thank You