0% found this document useful (0 votes)
58 views

Unit5 Cryptography

This document outlines a course on Introduction to Information Security and Cryptography taught by Roshan Jameel. The course is divided into 5 units covering topics such as symmetric and asymmetric encryption techniques, digital signatures, hash functions, and key management. The document provides information on the instructor, evaluation scheme, syllabus, applications, objectives, outcomes, and includes links to supplemental videos and content on cryptography and network security.

Uploaded by

Rαndσm thíngs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
58 views

Unit5 Cryptography

This document outlines a course on Introduction to Information Security and Cryptography taught by Roshan Jameel. The course is divided into 5 units covering topics such as symmetric and asymmetric encryption techniques, digital signatures, hash functions, and key management. The document provides information on the instructor, evaluation scheme, syllabus, applications, objectives, outcomes, and includes links to supplemental videos and content on cryptography and network security.

Uploaded by

Rαndσm thíngs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 156

Noida Institute of Engineering and Technology, Greater

Noida

Key Management and Web Security

Unit: 5

Introduction to Information Security and


Cryptography

ROSHAN JAMEEL
Course Details
(B Tech 4th Sem)
Assistant Professor(AI)

ROSHAN JAMEEL Introduction to Cryptography and Information Security


12/06/2023
Unit 5
Faculty Information

Name: Roshan Jameel


Qualification: M.Tech (CSE), Pursuing PhD (CSE)
Area of Interest: Cloud Computing, Blockchain, Data Security,
Artificial Intelligence
Contact Details:
Email: [email protected]

ROSHAN JAMEEL Introduction to


12/06/2023 Cryptography and Information Security
Unit 5
Evaluation Scheme

ROSHAN JAMEEL Introduction to Cryptography and Information Security


12/06/2023 Unit 5
Subject Syllabus

• UNIT-1 Introduction to Security, Security Threats and Vulnerabilities


8 Hrs
Need of security, CIA Triad, Introduction to security attacks, services and
mechanism. Overview of Security threats and Vulnerability: Types of attacks on
Confidentiality, Integrity and Availability. Vulnerability and Threats, Malware:
Virus, Worms, Trojan horse. Security Counter Measures: Intrusion Detection and
its categories, Antivirus Software.
•UNIT-2 Symmetric Encryption Techniques 8 Hrs
Data Confidentiality and Encryption, Substitution ciphers and Transposition
ciphers, Cryptanalysis, Stream and Block ciphers, Shannon’s theory of confusion
and diffusion, Fiestal structure. Data encryption standard (DES), Strength of DES,
Triple DES, AES. Idea of Differential and Linear Cryptanalysis.

ROSHAN JAMEEL Introduction to Cryptography and


Information Security Unit 5

12/06/2023
Subject Syllabus
•UNIT-3 Asymmetric Encryption Techniques 8 Hrs
Fermat’s and Euler’s theorem, Primality testing, Chinese Remainder theorem, Discrete Logarithmic
Problem. Public and Private keys, Principles of Public Key Crypto Systems, RSA algorithm, Security
of RSA, ECDSA and its Security Analysis.
•UNIT-4 Digital Integrity 8 Hrs
Data Integrity and Authentication, Hash functions: Crypto Hash Functions, Crypto Hash Primitives,
Birthday attack, Security of hash functions, Puzzle Friendly hash function, Message Digest, Secure
hash algorithm (SHA).
Message Authentication Codes: Authentication functions, Message authentication code, HMAC.
Digital Signatures: Digital Signatures, RSA Digital Signature Scheme, Elgamal Digital Signature
Techniques, Digital signature standards (DSS/DSA), proof of digital signature algorithm
•UNIT-5 Key Management and Web Security 8 Hrs
Key Management and distribution: Symmetric key distribution, Diffie-Hellman Key Exchange, Public
key distribution, X.509 Certificates, Public key Infrastructure.
User Authentication Mechanisms: Kerberos, Electronic mail security: pretty good privacy (PGP),
S/MIME. Network Security: Security at IP layer, Transport layer Security (SSL/TLS), HTTPs and
Hardware Security Module (HSM).
ROSHAN JAMEEL Introduction to Cryptography and
Information Security Unit 5

12/06/2023
Applications

Here is a list of some examples of Information Security and


Cryptography that you're likely to come across on a daily
basis.
•Authentication
•Digital Signatures
•Time Stamping
•Electronic Money or Digital Cash/ E Payments
•Encryption/Decryption in Email
•Encryption in WhatsApp/Instagram
•Sim Card Authentication
•Maintain Secrecy in Storage

ROSHAN JAMEEL Introduction to Cryptography and


Information Security Unit 5

12/06/2023
Course Objectives

•Familiarization with the concepts of security, security threats


and vulnerabilities.

•Learn how to provide confidentiality to data by the use of


Symmetric encryption techniques

•Introduce the concepts of Asymmetric encryption techniques.

•Learning Data Integrity and authentication using MAC/HMAC


and Digital signature algorithms.

•The course will cover the standard security protocols for user
authentication, key management and network security
ROSHAN JAMEEL Introduction to Cryptography and
Information Security Unit 5

12/06/2023
Course Outcome
At the end of the semester, student will be able:
Course CO Description Blooms’ Taxonomy
Outcomes (CO)

CO2 Identify information security goals, vulnerabilities, threats and K1


attacks in security environment.

CO2 Understand, compare and apply different classical encryption K4


and decryption techniques.

CO3 Elaborate the use of Asymmetric Encryption along with K3


underlying mathematical concepts associated with modern
cryptography.

CO4 Apply different Digital signature algorithms to achieve K4


authentication.
CO5 Describe relation of Cryptography to Network Security and K2
evaluate the performance of Security protocols.
8

ROSHAN JAMEEL Introduction to


12/06/2023 Cryptography and Information Security
Unit 5
Program Outcomes


*1= Low *2= Medium         *3= High

ROSHAN JAMEEL Introduction to Cryptography and Information


Security Unit 5

12/06/2023
CO-PO Mapping
Mapping of Course Outcomes and Program Outcomes:

Introduction to Cryptography and Information Security


CO.K PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

Average

*3= High *2= Medium *1 = Low

ROSHAN JAMEEL Introduction to Cryptography and Information 10


Security Unit 5

12/06/2023
Question Paper Templet

ROSHAN JAMEEL Introduction to Cryptography and Information Security


Unit 5

12/06/2023
Question Paper Template

ROSHAN JAMEEL Introduction to


12/06/2023 Cryptography and Information Security
Unit 5
Brief Introduction (CO5)
A Key management is the process of administering or managing cryptographic keys for a
cryptosystem. It involves the generation, creation, protection, storage, exchange, replacement and
use of said keys and with another type of security system built into large cryptosystems, enables
selective restriction for certain keys. In addition to access restriction, key management also involves
the monitoring and recording of each key's access, use and context.

You tube/other Video Links


1. https://www.youtube.com/watch?v=trHox1bN5es
2. https://youtu.be/Q-HugPvA7GQ
• NPTEL Video link
1. https://nptel.ac.in/courses/106105162/
2. http://www.nptelvideos.in/2012/11/cryptography-and-network-security.html

12/06/2023 ROSHAN JAMEEL Introduction to Cryptography and Information Security Unit 5


Content

 IP Security
 Secure socket Layer
 Secure electronic Transaction
 System security

ROSHAN JAMEEL Introduction to 14


12/06/2023 Cryptography and Information Security
Unit 5
Prerequisite and Recap

• Prerequisite

– Introduction to IP
– Network Security
– Electronic Transaction

• Recap

– IP Security
– System Security

ROSHAN JAMEEL Introduction to 15


12/06/2023 Cryptography and Information Security
Unit 5
Objective of Unit -5

• To study IP Security: Architecture, Authentication header,


Encapsulating security payloads, combining security
associations, key management.
• To understand the Secure Socket Layer
• To study how Secure electronic transaction (SET) works.
• Learn about System Security: Introductory idea of Intrusion,
Intrusion detection, Viruses and related threats, firewalls

06/12/2023 ROSHAN JAMEEL Introduction to 16


Cryptography and Information Security
Unit 5
Symmetric Key Distribution

• Physical Delivery
• Key Distribution Center (KDC)
• Using Previous Keys
• Using Third Party

06/12/2023 ROSHAN JAMEEL Introduction to 17


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

• Prerequisite

– Introduction to Encryption and Decryption


– Public key and private key

• Recap

– Key Distribution Center

Objective of Topic :- Study about Key Distribution Center

06/12/2023 ROSHAN JAMEEL Introduction to 18


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

A KDC creates a secret key for each member. This secret


key can be used only between the member and the KDC,
not between two members.

Note
A session symmetric key between two parties
is used only once.

ROSHAN JAMEEL Introduction to 19


12/06/2023 Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

Key-distribution center (KDC)

06/12/2023 ROSHAN JAMEEL Introduction to 20


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

Flat Multiple KDCs

06/12/2023 ROSHAN JAMEEL Introduction to 21


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

Hierarchical Multiple KDCs

ROSHAN JAMEEL Introduction to 22


12/06/2023 Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

A Simple Protocol Using a KDC


First approach using KDC

06/12/2023 ROSHAN JAMEEL Introduction to 23


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

Needham-Schroeder Protocol

06/12/2023 ROSHAN JAMEEL Introduction to 24


Cryptography and Information Security
Unit 5
Key-distribution center (KDC) CO5

Otway-Rees Protocol

ROSHAN JAMEEL Introduction to 25


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5

• Prerequisite

– Introduction to Encryption and Decryption


– Public key and private key

• Recap

– symmetric-key Distribution
– Method for symmetric-key Distribution

Objective of Topic :-to understand symmetric-key


Distribution

ROSHAN JAMEEL Introduction to 26


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5

Alice and Bob can create a session key between


themselves without using a KDC. This method of
session-key creation is referred to as the symmetric-
key agreement. We can create key using:-

1 Diffie-Hellman Key Agreement

2 Station-to-Station Key Agreement

ROSHAN JAMEEL Introduction to 27


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5
Diffie-Hellman method

ROSHAN JAMEEL Introduction to 28


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5
Diffie-Hellman method

Note
The symmetric (shared) key in the Diffie-Hellman
method is K = gxy mod p.

ROSHAN JAMEEL Introduction to 29


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5
Diffie-Hellman idea

06/12/2023 ROSHAN JAMEEL Introduction to 30


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5

Security of Diffie-Hellman

Discrete Logarithm Attack

Man-in-the-Middle Attack

06/12/2023 ROSHAN JAMEEL Introduction to 31


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5

Man-in-the-middle attack

06/12/2023 ROSHAN JAMEEL Introduction to 32


12/06/2023 Cryptography and Information Security
Unit 5
Symmetric-key Distribution CO5
Station-to-station key agreement method

06/12/2023 ROSHAN JAMEEL Introduction to 33


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

• Prerequisite

– Introduction to Encryption and Decryption


– Public key

• Recap

– public-key Distribution
– public -key Certificates

Objective of Topic :-Study about public -key Distribution

06/12/2023 ROSHAN JAMEEL Introduction to 34


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

In asymmetric-key cryptography, people do not need to


know a symmetric shared key; everyone shields a private
key and advertises a public key.

06/12/2023 ROSHAN JAMEEL Introduction to 35


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

Public Announcement

06/12/2023 ROSHAN JAMEEL Introduction to 36


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

Trusted Center

06/12/2023 ROSHAN JAMEEL Introduction to 37


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

Controlled Trusted Center

06/12/2023 ROSHAN JAMEEL Introduction to 38


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

Certification Authority

06/12/2023 ROSHAN JAMEEL Introduction to 39


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

X.509 Certificate

06/12/2023 ROSHAN JAMEEL Introduction to 40


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4
X.509 Certificate
Certificate Renewal
Each certificate has a period of validity. If there is no
problem with the certificate, the CA issues a new
certificate before the old one expires.

Certificate Renewal
In some cases a certificate must be revoked before its
expiration.

Delta Revocation
To make revocation more efficient, the delta certificate
revocation list (delta CRL) has been introduced.
06/12/2023 ROSHAN JAMEEL Introduction to 41
12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

X.509 Certificate
Certificate revocation format

06/12/2023 ROSHAN JAMEEL Introduction to 42


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4
Public-Key Infrastructures (PKI)

Some duties of a PKI

06/12/2023 ROSHAN JAMEEL Introduction to 43


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4

Trust Model
PKI hierarchical model

06/12/2023 ROSHAN JAMEEL Introduction to 44


12/06/2023 Cryptography and Information Security
Unit 5
Public-key Distribution CO4
Mesh model

06/12/2023 ROSHAN JAMEEL Introduction to 45


12/06/2023 Cryptography and Information Security
Unit 5
Kerberos CO4

• Prerequisite

– Authentication protocols
– sessions keys

• Recap

– Kerberos
– Kerberos servers

Objective of Topic :-Study about Kerberos

06/12/2023 ROSHAN JAMEEL Introduction to 46


12/06/2023 Cryptography and Information Security
Unit 5
Kerberos CO4

Kerberos is an authentication protocol, and at the same


time a KDC, that has become very popular. Several
systems, including Windows 2000, use Kerberos.
Originally designed at MIT, it has gone through several
versions.

06/12/2023 ROSHAN JAMEEL Introduction to 47


12/06/2023 Cryptography and Information Security
Unit 5
Kerberos Co4

Kerberos servers

06/12/2023 ROSHAN JAMEEL Introduction to 48


12/06/2023 Cryptography and Information Security
Unit 5
Kerberos CO4

Kerberos servers

Authentication Server (AS)


The authentication server (AS) is the KDC in the Kerberos
protocol.
Ticket-Granting Server (TGS)
The ticket-granting server (TGS) issues a ticket for the real
server (Bob).

Real Server
The real server (Bob) provides services for the user (Alice).

06/12/2023 ROSHAN JAMEEL Introduction to 49


12/06/2023 Cryptography and Information Security
Unit 5
Kerberos CO4

Kerberos Example

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
50
12/06/2023 Cryptography and Information 5 Security
Unit 5
Kerberos CO4

Kerberos version 5
The minor differences between version 4 and version 5 are
briefly listed below:

1) Version 5 has a longer ticket lifetime.


2) Version 5 allows tickets to be renewed.
3) Version 5 can accept any symmetric-key algorithm.
4) Version 5 uses a different protocol for describing data
types.
5) Version 5 has more overhead than version 4.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
51
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

• Prerequisite

– Basics of Email
– Client and server

• Recap

– Email security
– Email architecture
– PGP and S-MIME
Objective of Topic :-To understand the E-Mail Security
Bhawna Wadhwa Introduction to Cryptography and Information
06/12/2023 ROSHAN JAMEEL Introduction to 52
Security Unit 5
12/06/2023 Cryptography and Information Security
Unit 5
E-mail Security CO4

E-mail Architecture

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
53
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

Cryptographic Algorithms

Note
In e-mail security, the sender of the message needs to
include the name or identifiers
of the algorithms used in the message.

Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
54
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

Cryptographic Secrets

Note
In e-mail security, the encryption/decryption is done
using a symmetric-key algorithm,
but the secret key to decrypt the message is encrypted
with the public key of the
receiver and is sent with the message.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
55
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security

PGP

Pretty Good Privacy (PGP) can be used to create a secure e-


mail message or to store a file securely for future retrieval.

One of the protocols to provide security at the


application layer is Pretty Good Privacy (PGP).
PGP is designed to create authenticated and
confidential e-mails.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
56
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

PGP Packet Format

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
57
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

PGP Services

Digital signature: DSS/SHA or RSA/SHA


Message encryption: cast-128, IDEA, or 3-DES
One-time session key for each email message
Session key distribution: Diffie-Helmann or RSA
Message compression with ZIP
Email compatible: radix-64 binary-to-ASCii conversion
Segmentation: to accommodate max message size limitations

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
58
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4
PGP Services
Confidentiality with One-Time Session Key

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
59
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4
PGP Services

Code Conversion
Another service provided by PGP is code
conversion. PGP uses Radix-64 conversion.

Segmentation
PGP allows segmentation of the message.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
60
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

PGP Certificates

X.509 Certificates
Protocols that use X.509 certificates depend on
the hierarchical structure of the trust.

Note
In X.509, there is a single path from the fully trusted
authority to any certificate.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
61
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

PGP Certificates
In PGP, there is no need for CAs; anyone in the ring can
sign a certificate for anyone else in the ring.

Note
In PGP, there can be multiple paths from fully or
partially trusted authorities to any subject.

Trusts and Legitimacy


The entire operation of PGP is based on introducer trust,
the certificate trust, and the legitimacy of the public
keys.
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
62
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

MIME
• MIME (Multipurpose Internet Mail Extensions)
– Extends RFC822 to resolve problems of traditional email
• New headers
– MIME-Version:
– Content-Type: type of content in the message body
(text/plain, multipart/mixed, video/mpeg, …)
– Content-Transfer-Encoding: type of transmission of the
message body to be transmitted by the MTA
– Content-ID: to overcome the mail size limitations\Content-
Description:

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
63
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4
MIME Content Type

• Type: major type


– Text, multipart, message, image, video, audio,
application
• Subtype: minor type
– Text: plain, enriched

– Multipart: mixed, parallel, alternative, digest


– Image: jpeg, gif,
– Application: PostScript, Octet-stream, …
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
64
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4
S/MIME Functionality

• Enveloped data: encrypted data and encrypted encryption


key
• Signed data: content + digital signature; encoded using
base64 encoding
• Clear-signed data: content + digital signature; only digital
signature is encoded using base64 encoding
• Signed and enveloped data: content + digital signature;
encrypted using a key
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
65
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

S/MIME Cryptographic Algorithms

• Encryption: 3DES, 40bit RC2

• Digital signature: DSS, 160bit SHA-1, 128bit MD5


• Session key encryption: Diffie-Hellmann, RSA
• Sending agent and receiving agent determines the
encryption algorithm via negotiation.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
66
12/06/2023 Cryptography and Information 5 Security
Unit 5
E-mail Security CO4

S/MIME Public Key Management

• S/MIME key management: a hybrid of X.509 and PGP key


management model
– Certificates are managed locally but the certificates are
signed by certification authorities
• S/MIME user agent
– generate his own public/private pairs
– register the public key and receive X.590 certificate for
the key
– store other’s certificates in a local storage and verify the
incoming certificates
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
67
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5

• Prerequisite

– Introduction to IP
– Network Security

• Recap

– IP Security
– IP security Services and protocols

Objective of Topic :- Study in Detail IP Security

Bhawna Wadhwa Introduction to Cryptography and Information


06/12/2023 ROSHAN JAMEEL Introduction to 68
Security Unit 5
12/06/2023 Cryptography and Information Security
Unit 5
IP Security CO5

IP-SEC
 IPSec is a framework of open standards developed by
the Internet Engineering Task Force (IETF)
 IPsec aims at securing communications over IP
– Both IPv4 and IPv6

 Creates secure, authenticated, reliable communications


over IP networks
 It is designed to address fundamental shortcomings, such
as being subject to spoofing and eavesdropping

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
69
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5

IPSEC ADVANTAGES

 Provides seamless security to application and


transport layers
– Transparent to applications, no change
required in any upper layer
– Transparent to end users, no need to train
users on security mechanisms

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
70
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5

IPSEC APPLICATIONS

 Site-to-site
– An organisation with multiple sub-offices
 Host-to-site
– Travelling employees, Contractors
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
71
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC SECURITY SERVICES
 Data origin authentication
– Assurance that traffic is sent by legitimate parties

 Confidentiality (encryption)
– Limited traffic flow confidentiality (some traffic
analysis possible)

 Connectionless integrity
– Assurance that every received IP packet has not
been modified
– Partial sequence integrity - prevents packet replay
 Access control
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
72
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC MAJOR COMPONENTS

 IPSec base protocols

 IPSec modes

 IPSec Security Policy and Associations (SA)

 IPSec Internet Key Exchange (IKE)

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
73
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC BASE PROTOCOLS

 Authentication Header (AH)


– Authentication
– Protection against replay attacks
– Integrity

 Encapsulating Security Payload (ESP)


– Confidentiality
– Protection against replay attacks
– Authentication (depends on algorithm)
– Integrity (depends on algorithm)
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
74
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC BASE PROTOCOLS: AH

 Provides message
authentication and
integrity check of IP
data payload, but not
confidentiality

 Provides
authentication for as
much of the IP
header as possible

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
75
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC BASE PROTOCOLS: ESP

 ESP provides source authentication, data integrity, and


confidentiality
 Content of IP packet is encrypted and encapsulated
between header and trailer fields
 Authentication data optionally added
 Either encryption or authentication (or both) must be
enabled
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
76
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
IPSEC MODES

 Transport mode
– Used to deliver
services from
host to host or
from host to
gateway
 Tunnel mode
– Used to deliver
services from
gateway to
gateway

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
77
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
TRANSPORT MODE

 Protects what is delivered from the transport layer


to the network layer
 This mode does not protect the IP header
– It only protects the information coming from the
transport layer

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
78
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5

TUNNEL MODE

 Protects the entire IP packet


– It takes an IP packet applies security methods
to the entire packet, and then adds a new IP header

 This mode protects the original IP header

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
79
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
TRANSPORT MODE & ESP FOR IPv4 and IPv6

Required by routers
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
80
12/06/2023 Cryptography and Information 5 Security
Unit 5
IP Security CO5
TUNNEL MODE & ESP FOR IPv4 and IPv6

ROSHAN JAMEEL Introduction to


12/06/2023 Cryptography and Information Security
Unit 5
IP Security CO5
TRANSPORT VS. TUNNEL MODE

IP header
IPSec header TCP/UDP header + data
(real
dest)
Transport mode

IP header IP header
IPSec header TCP/UDP header + data
(real
(gateway) dest)

Tunnel mode

 Traffic analysis: Transport mode vs tunnel mode

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
82
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5

• Prerequisite

– Network Security
– TCP/IP Model

• Recap

– Secure Socket Layer


– Secure electronic transactions
Objective of Topic :- To understand Secure Sockets Layer
and SET

Bhawna Wadhwa Introduction to Cryptography and Information


06/12/2023 ROSHAN JAMEEL Introduction to 83
Security Unit 5
12/06/2023 Cryptography and Information Security
Unit 5
Secure socket layer CO5

• Secure Sockets Layer (SSL) is a method for providing


security for web based applications.

• It is designed to make use of TCP to provide a reliable


end-to-end secure service.

• SSL is not a single protocol but rather two layers of


protocols .

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
84
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5

• An independent protocol that makes use of the


record protocol is the Hypertext Markup Language
(HTTP) protocol.

• Another three higher level protocols that also make use


of this layer are part of the SSL stack. They are used in
the management of SSL exchanges and are as follows:
1. Handshake Protocol.
2. Change Cipher Spec Protocol.
3. Alert Protocol.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
85
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5

• Secure Sockets Layer (SSL) is a method for providing


security for web based applications.

• It is designed to make use of TCP to provide a reliable


end-to-end secure service.

• SSL is not a single protocol but rather two layers of


protocols .

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
86
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5
SSL protocol stack.

It can be seen that one layer makes use of TCP directly. This layer
is known as the S S L R e c o r d P r o t o c o l and it provides basic
security services to various higher layer protocols.
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
87
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5

SSL sub protocol

1
• Handshake protocol

2
• Record protocol

3
• Change Cipher protocol

4
• Alert protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
88
12/06/2023 Cryptography and Information 5 Security
Unit 5
Secure socket layer CO5

H a n d s h a ke P ro to c o l

• This is the most complex part of SSL and allows the


server and client to authenticate each other and to
negotiate an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent
in an SSL record.
• This protocol is used before any application data is
sent.
• It consists of a series of messages exchanged by the
client and server.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
89
12/06/2023 Cryptography and Information 5 Security
Unit 5
12
Secure socket layer CO5

H a n d s h a ke P ro to c o l E s ta b l i s h S e c u r i t y
C a p a b i l i ti e s

• Used to initiate logical connection and establish security


capabilities.
• Consists of two messages

▫ Client hello
▫ Server hello

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
90
12/06/2023 Cryptography and Information 5 Security
Unit 5
13
Secure socket layer CO5

H a n d s h a ke P ro to c o l

Web Web
Browser Server
Step 1: Client hello

Step 2: Server hello

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
91
12/06/2023 Cryptography and Information 5 Security
Unit 5
14
Secure socket layer CO5

Handshake Protocol client Parameters

Version • Identifies highest version of SSL that client can support

• 32 bit date time field


Random • 28 byte random number

• Variable length session identifier


Session id • Can be zero (new session) or non zero (connection exists)

• Contains list of cryptographic algorithms supported by the


Cipher suite client

Compression • Contains list of compression algorithms supported by the


method client

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
92
12/06/2023 Cryptography and Information 5 Security
Unit 5
14
15
Secure socket layer CO5
Handshake Protocol Ser ver Parameters
• Identifies lower of version suggested by client and
Version highest supported by server

• Same structure as that in client hello


Random • Random value independent of client’s value

• Uses same value if client sends non zero value


Session id • Otherwise creates new session id

• Contains single cipher suite which server selects from


Cipher suite the list sent by client

Compression • Contains single compression algorithm which server


method selects from the list sent by client

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
93
12/06/2023 Cryptography and Information 5 Security
Unit 5
16
14
Secure socket layer CO5

Handshake Protocol Phase 2

Step 1: Certificate

Web Web
Browser Step 2: Server key exchange Server

Step 3: Certificate request

Step 4: Server hello done

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
94
12/06/2023 Cryptography and Information 5 Security
Unit 5
14
17
Secure socket layer CO5
S e c u r i t y A u t h e n ti c a ti o n a n d Ke y E xc h a n g e

• Server sends its Digital certificate


Certificate • Helps the to authenticate

Server key • Sent only if the certificate does not contain enough information
exchange to complete the key exchange

Certificate • Sent if the client needs to authenticate itself


request
Server • Sent to indicate that the server is finished its part of the key
exchange
hello done • after sending this message the server waits for client
response

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
95
12/06/2023 Cryptography and Information 5 Security
Unit 5
18
14
Secure socket layer CO5

Handshake Protocol Phase 3

Step 1: Certificate
Web Web
Browser Server

Step 2: Client key exchange

Step 3: Certificate verify

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
96
12/06/2023 Cryptography and Information 5 Security
Unit 5
19
14
17
Secure socket layer CO5
C l i e n t A u t h e n ti c a ti o n a n d Ke y E xc h a n g e

Certificate • will send a certificate message or a no certificate alert

Client key • always sent


• RSA encrypted pre-master secret
exchange
• sent only if the client sent a certificate
Certificate • provides client authentication
verify • contains signed hash of all the previous handshake
messages

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
97
12/06/2023 Cryptography and Information 5 Security
Unit 5
22
18
14
Secure socket layer CO5

Handshake Protocol Phase 4

Step 1: Change cipher specs


Web Web
Browser Server
Step2 : Finished

Step 3: Change cipher specs

Step 4: Finished

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
98
12/06/2023 Cryptography and Information 5 Security
Unit 5
18
14
Secure socket layer CO5

SSL Record Protocol

• Provide two services for SSL connections:


 Confidentiality: by encrypting application data.

 Message Integrity: by computing MAC over the


compressed data.
• Can be utilized by some upper-layer protocols of SSL.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
99
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
18
14
Secure socket layer CO5

SSL Record Protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
100
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
18
14
Secure socket layer CO5

SSL Record Protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
101
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
27
18
14
Secure socket layer CO5

SSL Record Protocol


 2 byte alert message
 1 byte level
 Fatal or warning
 1 byte
 Alert Code

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
102
12/06/2023 Cryptography and Information 5 Security
Unit 5
29
24
18
14
31
Secure socket layer CO5

SSL Alert Message

 Always fatal
 unexpected_messages
 bad_record_mac
 decompression_failure
 handshake_failure
 illegal_parameter

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
103
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
18
14
31
Secure socket layer CO5

Authentication of server
– How does client know who they are dealing with?

Bob’s web
Alice thinks she is at Bob’s site, but Darth site
is spoofing it

Information integrity
– How do we know third party has not altered data en route?

Bob’s web
Address information
site
Change so item shipped to
Darth

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
104
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5

SSL Version
There are several versions of the SSL protocol defined. The
latest version, the Transport Layer Security Protocol (TLS),
is based on SSL 3.0

SSL Version 1.0


SSL Version 2.0

SSL Version 3.0


TLS Version 1.0

TLS Version 1.0 with SSL Version 3.0

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
105
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
Secure Electronic Transaction (SET)

• Developed by Visa and MasterCard

• Designed to protect credit and debit card transactions

• Confidentiality: all messages encrypted

• Trust: all parties must have digital certificates

• Privacy: information made available only when and


where necessary

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
106
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
Participants in the SET System

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
107
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Business Requirements
• Provide confidentiality of payment and ordering
information
• Ensure the integrity of all transmitted data

• Provide authentication that a cardholder is a legitimate


user of a credit or debit card account

• Provide authentication that a merchant can accept


credit or debit card transactions through its relationship
with a financial institution
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
108
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Business Requirements

• Ensure the use of the best security practices and system


design techniques to protect all legitimate parties in an
electronic commerce transaction

• Create a protocol that neither depends on transport security


mechanisms nor prevents their use

• Facilitate and encourage interoperability among software


and network providers

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
109
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Process

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
110
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Process
• The customer opens an account with a card issuer.
– MasterCard, Visa, etc.
• The customer receives a digital certificate signed by a
bank.
• A merchant who accepts a certain brand of card must
possess two digital certificates.
– One for signing & one for key exchange
• The customer places an order for a product or service
with a merchant.
• The merchant sends a copy of its certificate for
verification.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
111
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Process

• The customer sends order and payment information


to the merchant.
• The merchant requests payment authorization from
the payment gateway prior to shipment.
• The merchant confirms order to the customer.
• The merchant provides the goods or service to the
customer.
• The merchant requests payment from the payment
gateway.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
112
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
Secure socket layer CO5
SET Supported Transactions

 card holder registration  purchase inquiry


 merchant registration  purchase notification
 purchase request  sale transaction

 payment authorization  authorization reversal

 payment capture  capture reversal

 certificate query  credit / payment reversal

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
113
12/06/2023 Cryptography and Information 5 Security
Unit 5
System Security CO5

• Prerequisite

– Network Security
– Security services
– Attacks

• Recap
– System Security
– Viruses and Threats

Objective of Topic :- Learn About System Security, Viruses


and Threats

Bhawna Wadhwa Introduction to Cryptography and Information


06/12/2023 ROSHAN JAMEEL Introduction to 114
Security Unit 5
12/06/2023 Cryptography and Information Security
Unit 5
24
32
18
14
31
System Security CO5

Security Problem
 Security must consider external environment of the
system, and protect the system resources
 Intruders (crackers) attempt to breach security
 Threat is potential security violation
 Attack is attempt to breach security
 Attack can be accidental or malicious
 Easier to protect against accidental than malicious
misuse

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
115
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5

Security Violations
 Categories
Breach of confidentiality
 Breach of integrity
 Breach of availability
 Theft of service
 Denial of service
 Methods
 Masquerading (breach authentication)
 Replay attack

 Message modification

 Man-in-the-middle attack
 Session hijacking

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
116
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Standard Security Attack

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
117
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Security Measure Levels

 Security must occur at four levels to be effective:

 Physical
 Human
 Operating System
 Network
 Security is as week as the weakest chain

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
118
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Problem Threads
 Trojan Horse
 Code segment that misuses its environment
 Exploits mechanisms for allowing programs written by users to be
executed by other users
 Spyware, pop-up browser windows, covert channels
 Trap Door
 Specific user identifier or password that circumvents normal security
procedures
 Could be included in a compiler
 Logic Bomb
 Program that initiates a security incident under certain circumstances
 Stack and Buffer Overflow
 Exploits a bug in a program (overflow either the stack or memory
buffers)

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
119
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Boot Sector Computer Virus

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
120
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
System and network Threads
 Worms – use spawn mechanism; standalone program
 Internet worm
 Exploited UNIX networking features (remote access) and bugs in
finger and send mail programs
 Grappling hook program uploaded main worm program
 Port scanning
 Automated attempt to connect to a range of ports on one or a
range of IP addresses
 Denial of Service
 Overload the targeted computer preventing it from doing any
useful work
 Distributed denial-of-service (DDOS) come from multiple sites
at once

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
121
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Firewalling to Protect Systems and Networks
 A network firewall is placed between trusted and un-trusted hosts
The firewall limits network access between these two security domain
 Can be tunneled or spoofed
 Tunneling allows disallowed protocol to travel within allowed
protocol (i.e. telnet inside of HTTP)
 Firewall rules typically based on host name or IP address which can be
spoofed
 Application proxy firewall understands application protocol and can
control them (i.e. SMTP)
 System-call firewall monitors all important system calls and apply rules to
them (i.e. this program can execute that system call)
 Personal firewall is software layer on given host
 Can monitor / limit traffic to and from the host

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
122
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Network Security Through Domain Separation
Via Firewall

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
123
12/06/2023 Cryptography and Information 5 Security
Unit 5
24
32
18
14
31
System Security CO5
Computer Security Classification

 U.S. Department of Defense outlines four divisions of computer

security: A, B, C, and D.
 D – Minimal security.

 C – Provides discretionary protection through auditing. Divided

into C1 andC2. C1 identifies cooperating users with the same


level of protection. C2 allows user-level access control.
 B – All the properties of C, however each object may have

unique sensitivity labels. Divided into B1, B2, and B3.


 A – Uses formal design and verification techniques to ensure

security. ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
06/12/2023 124
12/06/2023 Cryptography and Information 5 Security
Unit 5
References

1. William Stallings, “Cryptography and Network Security:


Principals and Practice”, Pearson Education.
2. Behrouz A. Frouzan: Cryptography and Network
Security, Tata McGraw Hill

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
125
12/06/2023 Cryptography and Information 5 Security
Unit 5
Youtube & NPTEL Video Links and other Links

Youtube/other Video Links


1. https://www.youtube.com/watch?v=OzeZXNDwddk
&list=PLJ5C_6qdAvBFAuGoLC2wFGruY_E2gYtev&in
dex=59
2. NPTEL Video link
https://nptel.ac.in/courses/106105162/

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
126
12/06/2023 Cryptography and Information 5 Security
Unit 5
Daily Quiz

What are the features of SET?

Specify the IP security services.

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
127
12/06/2023 Cryptography and Information 5 Security
Unit 5
Daily Quiz

List the design goals of firewalls..

What are the SSL Specific protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
128
12/06/2023 Cryptography and Information 5 Security
Unit 5
Daily Quiz

Define virus. Specify the types of


viruses.

List the classes of intruders

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
129
12/06/2023 Cryptography and Information 5 Security
Unit 5
Daily Quiz

What does meant by a trusted


system?

What is meant by Trojan horse?

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
130
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

1. IPSec is designed to provide security at the _________


a) Transport layer
b) Network layer
c) Application layer
d) Session layer

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
131
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

2.   In tunnel mode, IPSec protects the ______


a) Entire IP packet
b) IP header
c) IP payload
d) IP trailer

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
132
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

3. Which component is included in IP security?


a) Authentication Header (AH)
b) Encapsulating Security Payload (ESP)
c) Internet key Exchange (IKE)
d) All of the mentioned

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
133
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

4. In the above figure, which of the above shaded block


is transparent to end users and applications?
a) IP/IPSec
b) SSL
c) Kerberos
d) S/MIME

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
134
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

5. Which one of the following is not a higher –layer SSL


protocol?
a) Alert Protocol
b) Handshake Protocol
c) Alarm Protocol
d) Change Cipher Spec Protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
135
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

6. Which one of the following is not a session state


parameter?
a) Master Secret
b) Cipher Spec
c) Peer Certificate
d) Server Write Key

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
136
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

7. In the SSL Protocol, each upper layer message if


fragmented into a maximum of __________ bytes.
a) 216
b) 232
c) 214
d) 212

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
137
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

8. The full form of SSL is


a) Serial Session Layer
b) Secure Socket Layer
c) Session Secure Layer
d) Series Socket Layer

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
138
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

9. Which protocol is used to convey SSL related alerts to


the peer entity?
a) Alert Protocol
b) Handshake Protocol
c) Upper-Layer Protocol
d) Change Cipher Spec Protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
139
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

10.  Which protocol is used for the purpose of copying


the pending state into the current state?
a) Alert Protocol
b) Handshake Protocol
c) Upper-Layer Protocol
d) Change Cipher Spec Protocol

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
140
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

11.  Number of phases in the handshaking


protocol?
a) 2
b) 3
c) 4
d) 5

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
141
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

12.  In the Handshake protocol action, which is the last


step of the Phase 2 : Server Authentication and Key
Exchange?
a) server_done
b) server_key_exchange
c) certificate_request
d) crtificate_verify

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
142
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

13.   The certificate message is required for any agreed-


on key exchange method except _______________
a) Ephemeral Diffie-Hellman
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
143
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

14.   In the handshake protocol which is the message


type first sent between client and server ?
a) server_hello
b) client_hello
c) hello_request
d) certificate_request

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
144
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

15.   …………….acts like a gate keeper that examines each


users identification before allowing them to enter to
the organization’s internal networks.
(a) Network firewall 
(b) Antivirus 
(c) both of these 
(d) none of these

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
145
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

16. SET means ………………


(a) Standard Electronic Technology 
(b) Standard Electronic Transfer

(c) Secure Electronic Transaction 


(d) None of these

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
146
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

17.   Creating illegitimate sites that appear to be


published by established organizations by
unscrupulous artists is termed as…………………
(a) Spoofing 
(b) Snooping 
(c) Sniffing 
(d) None of these

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
147
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

18. ……attacks are difficult and are only successful if the


attacker knows something about the shopper
(a) Spoofing 
(b) Snooping 
(c) Sniffing 
(d) Guessing passwords

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
148
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

19.   …………is the process of making information


unintelligible to the unauthorized user.
(a) Spoofing 
(b) Snooping 
(c) Sniffing 
(d) Cryptography

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
149
12/06/2023 Cryptography and Information 5 Security
Unit 5
MCQ s

20. PGA………………….provides a way to associate the


message with the sender and is the equivalent of an
ordinary signature.
(a) cyber signature 
(b) Digital signature 
(c) SSL 
(d) none of these

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
150
12/06/2023 Cryptography and Information 5 Security
Unit 5
Previous year Question Paper

Roshan Jameel Introduction to


Cryptography and Information Security
12/06/2023 151
Unit 01
Previous year Question Paper

Roshan Jameel Introduction to


Cryptography and Information Security
12/06/2023 152
Unit 01
Old Question Papers

• AKTU Previous year question paper

https://aktu.ac.in/question-bank.html

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
153
12/06/2023 Cryptography and Information 5 Security
Unit 5
Expected Questions for University Exam

1. Explain the architecture of IP Security


2. (i) Describe the SSL Specific protocol – Handshake
action in detail.
(ii) Explain Secure Electronic transaction with neat
diagram.
3. What is meant by SET? What are the features of SET?
4 . (i) Explain firewalls and how they prevent intrusions.
(ii)List and Brief, the different generation of antivirus
software
06/12/2023 ROSHAN JAMEEL
Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
154
12/06/2023 Cryptography and Information 5 Security
Unit 5
Summary

IP Security
Secure socket layer
Secure electronic Transaction
System security

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
155
12/06/2023 Cryptography and Information 5 Security
Unit 5
References

Thank You

06/12/2023 ROSHAN JAMEEL


Bhawna Wadhwa Introduction toIntroduction
Cryptography to
and Information Security Unit
156
12/06/2023 Cryptography and Information 5 Security
Unit 5

You might also like