Basics of Cryptography

Introduction:-Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to
store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysisis the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers. Cryptologyembraces both cryptography and cryptanalysis. Cryptography can be strong or weak. Cryptographic strength is measured in the time and resources it would require to recover the plaintext. The result of strong cryptography is cipher text that is very difficult to decipher without possession of the appropriate decoding tool. How difficult? Given all of todays computing power and available timeeven a billion computers doing a billion checks a secondit is not possible to decipher the result of strong cryptography before the end of the universe. When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the shift by 3rule could decipher his messages. And so we begin.

Encryption and decryption

Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plain text results in unreadable gibberish called cipher text. You use encryption to ensure that information is hidden from anyone for whom it is not intended even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.

Plain text

Encryption

cipher text

Decryption

Plaintext

Encryption and decryption

How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a keya word, number, or phraseto encrypt the plain text. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem.

Title: <Basics of cryptography > Description :<Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.> Branch: <Computer Science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions:Ques1: What is cryptography? And how it is different from cryptanalysis? Ques2: Define Encryption and Decryption.

Conventional cryptography
Introduction:-In conventional cryptography, also called symmetric-key encryption, one key is used both for encryption and
decryption.

Plaintext

Encryption

Cipher text

Decryption

Plaintext

Conventional encryption
Caesars Cipher-An extremely simple example of conventional cryptography is a substitution cipher. A substitution cipher
substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet .Offset the alphabet and the key is the number of characters to offset it. For example, if we encode the word SECRET using Caesars key value of 3, we offset the alphabet so that the 3rd letter down (D) begins the alphabet. So starting with ABCDEFGHIJKLMNOPQRSTUVWXYZ And sliding everything up by 3, you get DEFGHIJKLMNOPQRSTUVWXYZABC Where D=A, E=B, F=C, and so on. Using this scheme, the plaintext, SECRET encrypts as VHFUHW. To allow someone else to read the ciphertext, you tell them that the key is 3. Obviously, this is exceedingly weak cryptography by todays standards, but it worked for Caesar, and it illustrates how conventional cryptography works.

Title: < conventional cryptography> Description: <In conventional cryptography, also called symmetric-key encryption, one key is used both for encryption and decryption. The DataEncryption Standard (DES) is an example of a conventional cryptosystem> Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:-Describe the conventional approach of encryption. Ques2:- What is Caesar ciphers technique of cryptography? Also describe its limitations.

Key management and conventional encryption

Introduction:-Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going
anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution.

Recall a character from your favorite spy movie: the person with a locked briefcase handcuffed to his or her wrist. What is in the briefcase, anyway? Its probably not the missile launch code/bio toxin formula/invasion plan itself. Its the key that will decrypt the secret data. For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key. The persistent problem with conventional encryption is key distribution: how do you get the key to the recipient without someone intercepting it? The problems of key distribution are solved by public key cryptography.

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.
It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.

Public key

Private Key

The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.

Title :< Key management and conventional encryption> Description: <Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not

going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution>
Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:- What is public key cryptography? Ques2:- Define public and private key.

PGP
Introduction:-PGP is a hybrid cryptosystem. It combines some of the best features of both conventional and public key
cryptography. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which dont compress well arent compressed.) PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is Cipher text. Once the data is encrypted, the session key is then encrypted to the recipients public key. This public key-encrypted session key is transmitted along with the cipher text to the recipient.

How PGP encryption works

Decryption works in the reverse. The recipients copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted cipher text.

How PGP decryption works?

The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Conventional encryption is about 1,000 times faster than public key encryption. Public key encryption in turn provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security.

Title:<PGP>
Description: < PGP is a hybrid cryptosystem. It combines some of the best features of both conventional and public

key cryptography. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. >
Branch: <Computer science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions Ques1:-What is PGP? Write its working. Ques2:-How does encryption and decryption takes place in PGP?

Keys
Introduction:-A key is a value that works with a cryptographic algorithm to produce a specific cipher text. Keys are basically
very big numbers. Key size is measured in bits; the number representing a 1024-bit key is darn huge. In public key cryptography, the bigger the key, the more secure the cipher text. However, public key size and conventional cryptographys secret key size are totally unrelated. A conventional 80-bit key has the equivalent strength of a1024-bit public key. A conventional 128-bit key is equivalent to a 3000-bit public key. Again, the bigger the key, the more secure, but the algorithms used for each type of cryptography are very different and thus comparison is like that of apples to oranges. While the public and private keys are mathematically related, its very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power. This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Additionally, you need to consider who might be trying to read your files, how determined they are, how much time they have, and what their resources might be. Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use a very large key. Of course, who knows how long it will take to determine your key using tomorrows faster, more efficient computers? There was a time when a 56-bit symmetric key was considered extremely safe. Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys. These files are called keyrings. As you use PGP, you will typically add the public keys of your recipients to your public keyring. Your private keys are stored on your private keyring. If you lose your private keyring, you will be unable to decrypt any information encrypted to keys on that ring.

Title :< keys>

Description: < A key is a value that works with a cryptographic algorithm to produce a specific cipher text. Keys are basically very big numbers. Key size is measured in bits; the number representing a 1024-bit key is darn huge. In public key cryptography, the bigger the key, the more secure the cipher text. > Branch: <computer science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:- What is the role of keys in cryptography? Ques2:- Define public and private key.

Digital signatures
Introduction:-A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital
signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer. Some people tend to use signatures more than they use encryption. For example, you may not care if anyone knows that you just deposited $1000 in your account, but you do want to be darn sure it was the bank teller you were dealing with The basic manner in which digital signatures are created is illustrated in Figure. Instead of encrypting information using someone elses public key, youencrypt it with your private key. If the information can be decrypted with yourpublic key, then it must have originated with you.

Title: <. Digital signatures > Description :<A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more.> Branch: <computer science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1: What is the working principle of Digital signature? Ques2: Write down the working of Digital signature.

Digital certificates
Introduction:-One issue with public key cryptosystems is that users must be constantly vigilant to ensure that they are
encrypting to the correct persons key. In an environment where it is safe to freely exchange keys via public servers, man-inthe-middleattacks are a potential threat. In this type of attack, someone posts a phony key with the name and user ID of the users intended recipient. Data encrypted to and intercepted bythe true owner of this bogus key is now in the wrong hands. In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery. You could simply encrypt only to those keys which have been physically handed to you. But suppose you need to exchange information with people you have never met; how can you tell that you have the correct key?

Digital certificates,or certs, simplify the task of establishing whether a public key truly belongs to the purported owner.
A certificate is a form of credential. Examples might be your drivers license, your social security card, or your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity. Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you. A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a persons public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one persons key for another. A digital certificate consists of three things: A public key. Certificate information. (Identity information about the user, such as name, user ID, and so on.) One or more digital signatures. The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or isbound to, the public key. Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.

Title:< Digital certificates>

Description: <One issue with public key cryptosystems is that users must be constantly vigilant to ensure that they are encrypting to the
correct persons key. In an environment where it is safe to freely exchange keys via public servers, man-in-the-middle attacks are a potential threat.In this type of attack, someone posts a phony key with the name and user ID of the users intended recipient. Data encrypted to and intercepted bythe true owner of this bogus key is now in the wrong hands. In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery. You could simply encrypt only to those keys which have been physically handed to you>

Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>
Questions Ques1:- What is Digital certificate? And what is it made of? Ques2:-What is the purpose of using Digital Certificate?

The OSI Security Architecture

Introduction:-Security architecture for OSI offers a systematic way of defining security requirements and characterizing the
approaches to achieve these requirements. It was developed as an international standard.

Need for OSI Security Architecture:

1. To assess the security needs, of an organization effectively and choose various security products and policies. 2. The need for some systematic way of defining the requirements for security and characterizing the approaches to satisfied those requirements. 3. This is difficult enough in a centralized data-processing environment, and with the use of local area and wide area network, the problems are compounded.

The OSI Security Architecture:

Such a systematic approach is defined by ITU-T (The International Telecommunication Union- Telecommunication Standardization Sector). It is a United Nation (UN) sponsored agency that develops standards, called Recommendations, relating to telecommunication and to Open System Interconnection (OSI)) Recommendations X.800, security Architecture for OSI.

Benefits:
1. The OSI security architecture is useful to managers as way of organization the task of providing security. 2. Furthermore, because this architecture was developed as international standards, computer and communications vendors have developed security feature for their products and services that relate to this structured definition of services and mechanisms. The OSI security architecture focuses on security attack, mechanism, and services. These can be defined briefly as follows:

Security Attack:Any action that compromise the security of information owned by an organization. Security Mechanism: A process that is designed to detect, prevent or recover from a security attack. And security
mechanism is a method which is used to protect your message from unauthorized entity. Security Services:Security Services is the services to implement security policies and implemented by security mechanism.

Services:
_ Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties. _ Authentication: ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false. _ Integrity: ensures that only authorized parties are able to modify computer system assets and transmitted information. _ Non-repudiation: requires that neither the sender not the receiver of a message be able to deny the transmission. _ Access control: requires that access to information resources may be controlled by or for the target system. _ Availability: requires that computer system assets be available to authorized parties when needed.

Title:<The OSI Security Architecture> Description: < Security architecture for OSI offers a systematic way of defining security requirements and characterizing the approaches to achieve these requirements. It was developed as an international standard.> Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions
Ques1:- What is the OSI security architecture? Ques2:-What is the need, benefits and services of OSI architecture?

Network Security
Introduction:-A security policy defines what people can and can't do with network components and resources. Need for Network Security
In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These complicated attack tools and generally open networks have generated an increased need for network security and dynamic security policies. The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks. Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist. There is a estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place. With the development of large open networks, security threats have increased significantly in the past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking knowledge to implement, applications intended for troubleshooting and maintaining and optimizing networks can, in the wrong hands, be used maliciously and pose severe threats. A person that is interested in attacking your network; his motivation can range from gathering or stealing information, creating a DoS, or just for the challenge of it

Title:< Network Security> Description: < A security policy defines what people can and can't do with network components and resources.> Branch: <Computer Science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:- What is the difference between passive and active security threats? Ques2:- List and briefly define categories of passive and active security attacks.

Types of attacks
Introduction:-A useful means of classifying security attacks is in terms of passive attacks and active attacks. A passive attack
attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation.

Active attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning "Allow John Smith to read confidential file accounts" is modified to mean "Allow Fred Brown to read confidential file accounts." The denial of service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.

Title :< Types of attacks> Description: < A useful means of classifying security attacks is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. > Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions Ques1:-Define active and passive attacks. Ques2:- What are the various types of active attacks?

Passive Attacks
Introduction:-Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis. The release of message contents is easily understood .A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message traffic is not sent and received in an apparently normal fashion and the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.

Title :< passive attacks> Description: < Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted> Branch: <computer science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions Ques1:-Define passive attacks. Also write its various types. Ques2:- Differentiate between active and passive attacks.

DOS (Denial of service) attack

Introduction:-

The goal of a denial of service attack is to deny legitimate users access to a particular resource.
An incident is considered an attack if a malicious user intentionally disrupts service to a computer or network resource. Resource exhaustion (consume all bandwidth, disk space).

Types of attacks
There are three general categories of attacks. Against users Against hosts Against networks

Network Based Denial of Service Attacks

UDP bombing TCP SYN flooding Ping of death Smurf attack Most involve either resource exhaustion or corruption of the operating system runtime environment.

UDP bombing

Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

TCP SYN Flooding

Also referred to as the TCP half-open attack. To establish a legitimate TCP connection: The client sends a SYN packet to the server The server sends a SYN-ACK back to the client The client sends an ACK back to the server to complete the three-way handshake and establish the connection. The attack occurs by the attacker initiating a TCP connection to the server with a SYN. (using a legitimate or spoofed Source address) The server replies with a SYN-ACK The client then doesnt send back a ACK, causing the server to allocate memory for the pending connection and wait. (If the client spoofed the initial source address, it will never receive the SYN-ACK). The half-open connections buffer on the victim server will eventually fill The system will be unable to accept any new incoming connections until the buffer is emptied out. There is a timeout associated with a pending connection, so the half-open connections will eventually expire. The attacking system can continue sending connection requesting new connections faster than the victim system can expire the pending connections.

TCP SYN Flooding: Results

TCP SYN Flooding: Countermeasures

Apply vendors patches. Most OS vendors have minimized the risks in newer OS releases and have patches for older releases. Install Ingress/Egress router filters to prevent some IP spoofing locally

Ping of Death
The TCP/IP specification allows for a maximum packet size of 65,536 octets. The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim. Some systems, upon receiving the oversized packet, will crash, freeze, or reboot, resulting in denial of service. Countermeasures: Most systems are now immune, but apply vendor patches if needed.

Title :< DOS>

Description: <The goal of a denial of service attack is to deny legitimate users access to a particular resource> Branch: <Computer science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions Ques1:-Discuss DOS (Denial of service) attack. Ques2:- What are various categories of DOS attack?

Smurf Attack
Introduction:-There are 3 players in the smurf attack
The attacker, the intermediary (which can also be a victim) and the victim In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic. Result: Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable. 1. Attacker sends ICMP packet with spoofed source IP Victim10.1.2.255 2. Attacker sends ICMP packet with spoofed source IPVictim192.168.1.255 3. Victim is flooded with ICMP echo responses 4. Victim hangs?

Example of smurf attack -

1. Attacker sends ICMP packet with spoofed source IP Victim10.1.2.255 2. Attacker sends ICMP packet with spoofed source IP Victim192.168.1.255 3. Victim is flooded with ICMP echo responses 4. Victim hangs?

Smurf: Countermeasures
Configure routers to deny IP broadcast traffic onto your network from other networks. In almost all cases, IP-directed Broadcast functionality is not needed. Configure hosts (via kernel variable) to NOT reply to a packet sent to a broadcast address Configure Ingress/Egress filters on routers to counteract IP address spoofing.

Title :<smurf attacks>

Description: < the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. > Branch: <computer science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1: Who are the three players of smurf attack? Ques2:- Describe smurf attack with the help of example.

Distributed Denial of ServiceAttacks (DDOS)

Introduction: Attacker logs into Master and signals slaves to launch an attack on a specific target address (victim). Slaves then respond by initiating TCP, UDP, ICMP or Smurf attack on victim.

Distributed Denial of Service Attacks (DDoS)

trin00 (WinTrinoo) Tribe Flood Netowrk (TFN) (TFN2k) Shaft Stacheldraht Mstream

DDOS: Countermeasures
Sends out packets and listens for reply Detects Trinoo, TFN, Stacheldrahtfind_ddos tool Runs on local system Detects Trinoo, TFN, TFN2k Bindviews Zombie Zapper Tells DDOS slave to stop flooding traffic

Title :< DDos> Description: < Attacker logs into Master and signals slaves to launch an attack on a specific target address> Branch: <Computer Science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:-What is Distributed Denial of service attack (DDoS)? Ques2:-How DDoS is Different from DOS?

Security Mechanism

Introduction:-To protect the network from various security threats, the security mechanism and security services are
required. First, let usexamine some related terms. Vulnerability: An aspect of the system that permits attackers to mount a successful attack. Sometimes also called a "security hole. Weakness a potential vulnerability, whose risk is not clear. Sometimes several weaknesses might combine to yield a fullfledged vulnerability. Threat: a circumstance or scenario with the potential to exploit vulnerability, and cause harm to a system. Attack: A deliberate attempt to breach system security. Attacks are usually classified into two types: (1)Passive attack refers to attack that does not result in a change to the system, and attempts to break the system solely based upon observed data. (2) Active attack on another hand involves modifying, replaying, inserting, deleting, or blocking data. Security Mechanism: a mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: It makes use of security mechanisms to counter security attacks. Authentication: the assurance that the communicating entity is the one that it claims to be. In particular, -Peer Entity Authentication is used in connection-oriented communication to provide assurance on the identity of the entities connected. -Data Origin Authentication is used in connectionless communication to provide assurance on the identity of the source of the received data block. Access Control: the prevention of unauthorized use of a resource. Data confidentiality: the protection of data from unauthorized disclosure. It has four specific services: -Connection Confidentiality: the protection of all user data on a connection. -Connectionless Confidentiality: the protection of all user data in a single data block. -Selective-Field Confidentiality: the protection of selected fields within user data on a connection or in a single data block. -Traffic-flow Confidentiality: the protection of the traffic flow pattern. Data integrity: the assurance that data received are the same as send by an authorized entity. It has five specific services: -Connection Integrity with Recovery: provides detection and recovery from any integrity violation(modification, insertion, deletion, relay) against any user data within an entire data sequence in connection-oriented communication. -Connection Integrity with Recovery: only detection of integrity violation in connection-oriented communication. -Selective-Field Connection Integrity: provides for the integrity of selected fields within the user data of a data block transferred over a connection, and determines whether the selected fields have been modified, inserted, deleted, or replayed. -Connectionless Integrity: provides for the integrity of a single data block, and detects data modification. A limited form of replay detection may be also provided. -Selective-Field Connectionless Integrity: provides for the integrity of selected fields within a single data block, and determine whether the selected field is modified. Nonrepudiation: provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. In particular, -Nonrepudiation of origin proofs that the message was sent by the specified party. -Nonrepudiation of destination proofs that the message was received by the received party.

Title :<Security Mechanism> Description: < To protect the network from various security threats, the security mechanism and security services are required. First, let us examine some related terms > Branch: <computer science> Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions
Ques1:-List and briefly define categories of security mechanisms. Ques2:- List and briefly define categories of security services.

A Model for Network Security

Introduction:-A model for much of what we will be discussing is captured, in very general terms. A message is to be
transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

Model for Security

Network

Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components:
A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender. Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission. This general model shows that there are four basic tasks in designing a particular security service: 1. Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. 4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.

Title:<Model for Network Security> Description: < A model for much of what we will be discussing is captured, in very general terms. A message is to be transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. > Branch: <Computer science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note> Questions Ques1:- Describe the Model for Network Security. Ques2:- What are the basic tasks in designing a particular security service.

Symmetric Ciphers
Introduction:-Cryptography is probably the most important aspect of communications security and is becoming increasingly
important as a basic building block for computer security. The increased use of computer and communications systems by industry has increased the risk of theft of proprietary information. Although these threats may require a variety of countermeasures, encryption is a primary method of protecting valuable electronic information. By far the most important automated tool for network and communications security is encryption. Two forms of encryption are in common use: conventional, or symmetric, encryption and public-key, or asymmetric, encryption. Part one provides a survey of the basic principles of symmetric encryption, looks at widely used algorithms, and discusses applications of symmetric cryptography.

Symmetric Cipher Model

A symmetric encryption scheme has five ingredients Plaintext: This is the original message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different cipher texts. The cipher text is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the cipher text and the secret key and produces the original plaintext. Simplified Model of Conventional model There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an opponent who knows the algorithm and has access to one or more cipher texts would be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of cipher texts together with the plaintext that produced each ciphertext. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable. We assume that it is impractical to decrypt a message on the basis of the ciphertext plus knowledge of the encryption/decryption algorithm. In other words, we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption is what makes it feasible for widespread use.

Title :-< Symmetric Ciphers> Description: < Cryptography is probably the most important aspect of communications security and is becoming increasingly important as a basic building block for computer security. The increased use of computer and communications systems by industry has increased the risk of theft of proprietary information. Although these threats may require a variety of countermeasures, encryption is a primary method of protecting valuable electronic information.> Branch: <Computer science > Year: <Year of the subject> Semester: <ODD or EVEN> Author: <Name of the author> Tags: <The tags accordingly the note>

Questions Ques1:- Describe Symmetric Cipher Model. Ques2:- What are symmetric ciphers?