Cryptography, Network Security, and Cyberlaw
Cryptography, Network Security, and Cyberlaw
Cryptography, Network Security, and Cyberlaw
MODULE 1
Introduction, Basics of Cryptography, Secret Key
Cryptography
Computer security is all about studying cyber attacks with a view to defending against them.
n
The attacks include pharming and phishing attacks together with assorted malware and denial
of service attacks.
Understanding what makes systems vulnerable to these attacks is an important first step in
tio
avoiding or preventing them.
There are different classes of vulnerabilities including those caused by poorly written or
configured software.
There are diverse defence strategies such as Access control, authentication, and data
protection techniques are introduced.
1.1 Cyber Attacks
1.1.1Motives
lu
"What are the main goals of an attacker?"
So
The sheer thrill of mounting a successful cyber attack has been motivation enough for
hackers (Table 1.1).
Most hackers were (and still are) young adults, often teens, who had dropped out of
school but were otherwise intelligent and focused.
Many of the "traditional" hackers seem to be obsessive programmers.
Often hackers use scripts and attack kits designed by others (these can be freely
downloaded from the Internet). Their activities do not require any special programming
skills or advanced knowledge of computer systems.
U
Other perpetrators of cyber attacks include company insiders, often employees who wish
to gain illegal acces and have extra privileges
There is also a serious threat from cyber terrorists
Cyber terrorism is one weapon which may include biological, chemical, and nuclear
VT
Year Event
1988 Robert Morrisa 23-year-old Cornell graduate student, released a worm that over an
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
person in the victim's address book. Investigators were apprehensive that the virus was
created with a toolkit enabling the rookies to create a virus.
2008 The headquarters of the Obama and McCain presidential campaigns were hacked.
tio
Some of the main motives of launching cyber attacks are:
lu
3. Illegal access to or use of resources.
So
1. Theft of sensitive information.
Many organizations store and communicate sensitive information.
Information on new products being designed or revenue sources can be hugely
advantageous to a company's competitors.
Likewise, details of military installations or precise military plans can be of immense
value to a nation's adversaries.
Political spying targeted at government ministries and national intelligence can HAVE
many sensitive operations planned for the future.
U
Besides corporations, banks, the military, intelligence, etc., the individual too has
increasingly been a target.
Leakage of personal information such as credit card numbers, passwords, and even
personal spending habits are common and are collectively referred to as identity theft.
VT
Such information is advertised on certain websites and may be purchased for a small fee.
2. Disruption of service.
Interruption or disruption of service is launched against an organization's servers so they
are made unavailable or inaccessible.
In recent times, there have been unconfirmed reports of such attacks being launched by
business rivals of e-commerce websites.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
The goal here appears to be "my competitor's loss is my gain." In 2001, there were a
series of such attacks that targeted the websites of Yahoo, Microsoft, etc. in a short span
of time.
They were meant to alert corporates and others of the dangers of this class of attacks.
3. Illegal access to or use of resources.
The goal here is to obtain free access or service to paid services.
Examples of this include free access to online digital products such as magazine or
n
journal articles, free talk time on someone else's account, free use of computing power on
a supercomputer, etc.
In each case, the attacker is able to circumvent controls that permit access to only paid
tio
subscribers of such services.
1.1.2 Common Attacks
Some of the common attacks are :
1. Phishing
2. Pharming
3. Dictionary attacks
5. Trojan
6. Spyware
1. Phishing:
lu
4. Denial of Service (dos)
So
One set of attacks are those that attempt to retrieve personal information from an
individual.
It provokes the victims to a fake website — an on-line bank, for example.
The fake site has the look and feel of the authentic bank with which the victim has an
account.
The victim is then asked to enter sensitive information such as his/her login name and
password, which are then passed on to the fake website.
Personal information may also be leaked out from credit cards, smart cards, and ATM
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
various government ministries have been targeted.
To prevent such attacks an alarm being raised,
Dos attack on a web server slows down the web server so that its response time to
tio
requests from the outside world is unacceptably high.
5. Malware.
Worms and viruses are malware that replicate themselves.
A virus typically infects a file, so a virus spreads from one file to another.
A worm is usually a stand-alone program that infects a computer, so a worm spreads
from one computer to another.
lu
Worms and viruses use various spreading techniques and media — e-mail, Internet
messages, web pages, Bluetooth, and MMS are some of the propagation vectors.
Trojan:A trojan is a kind of malware that masquerades as a utility but has other goals
such as the modification of files, data theft, etc.
So
Spyware, installed on a machine, can be used to monitor user activity and as a key logger
to recover valuable information such as passwords from user keystrokes.
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
tio
lu
So
Figure 1.1 common attacks and vulnerabilities
1.1.3 Vulnerabilities
Behind every attack is a vulnerability of some type or the other.
U
1. Human Vulnerabilities:
These are vulnerabilities caused by human behaviour or action.
For example, the user clicks on a link in an e-mail message received from a
questionable source. By so doing, the user can be directed to a site controlled by the
attacker as in a phishing attack or a cross-site scripting attack.
Similarly clicking on an e-mail attachment may open up a document causing a macro
to be executed.
The macro may be designed to infect other files on the system and/or spread the
infected e-mail to other e-mail addresses harvested from the victim's inbox.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
2. Protocol Vulnerabilities:
A number of networking protocols including TCP, IP, ARP, ICMP, UDP, DNS, and
various protocols used in local area networks (LANs) have features that have been
tio
used in unanticipated ways to craft assorted attacks.
Pharming attacks and various hijacking attacks are some examples.
There are tools available on-line to facilitate some of these attacks.
One such tool subverts the normal functioning of the ARP protocol to sniff passwords
from a LAN.
There are a number of vulnerabilities in the design of security protocols that lead to
lu
replay or man-in-the-middle attacks.
These attacks, in turn, lead to identity theft, compromise of secret keys, etc.
Vulnerabilities in network protocols are often related to aspects of their design though
they may also be the result of poor implementation or improper deployment.
So
3. Software Vulnerabilities:
This family of vulnerabilities is caused by written system or application software.
In many cases, the causes of the problem seems to be the code that is all too trusting
of user input.
Ex A web server accepts input from a users browser.the web server must accept the
request after typing the complete username and password.the server software should
perform sufficient validation.
4. Configuration Vulnerabilities:
U
carry out a task. This privilege may be misused during some point in its execution
leading to what are commonly called "privilege escalation" attacks.
Besides misconfiguration of software and services, security appliances such as
firewalls may be incorrectly or incompletely configured with possibly devastating
effect.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
The trusted third party is typically implemented in software and may be a part of the
operating system and/or the application.
The first step in access control is to permit or deny entry into the system.
tio
This involves some form of authentication — a process whereby the subject or principal
(the party attempting to login) establishes that it is indeed the entity it claims to be.
One form of authentication is the humble password.
Example:The principal first enters his/her login name. By prompting him/her to enter
his/her password, the system implicitly challenges the principal to prove his/her identity.
In this simple case, knowledge of the secret password constitutes "proof of identity."
lu
After successful authentication, a subject is logged into the system. The subject may need
to access several resources such as files.
ciphertext.
decryption operation is performed by the receiver which converts the ciphertext to
plaintext.
VT
The encryption and decryption operations both use the same secret key known only to the
sender and receiver.
This prevents an eavesdropper from decrypting the encrypted message.
the computation of the cryptographic checksum uses a secret shared by the sender and
receiver.
The sender computes the checksum as a "one-way function" of the message and secret. It
transmits the message and checksum.
The receiver also computes the checksum. If the computed checksum matches that
received, the receiver concludes that there is no error in the received message.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
In the important domain of software security, code testing is used to detect
vulnerabilities.
Blackbox testing is employed when the source code of a program is not available. The
tio
goal here is to determine whether the software has been carefully designed to handle
unexpected or malicious input.
For greater assurance of secure software, whitebox testing should be employed. Here, the
security engineer has access to source code and can perform more elaborate testing by
exercising different control paths in the source code.
intrusion preventive techniques can be used to detect anomalous behavior, Continuous
lu
monitoring of network logs and operating system logs
Intrusion detection systems also look for certain patterns of behaviour.
For example, multiple instances of a given worm often exhibit a characteristic bit pattern
called a worm signature.
So
1.2.4 Response, Recovery, and Forensics
Once an attack or infection has been detected, response measures should be taken .
These include shutting down all or part of the system.
Many intrusion attempts leave information
Cyber forensics is an emerging discipline with a set of tools that help trace back the
perpetrators of cyber crime.
Table 1.2 defines some of the most widely used terms in cyber security parlance.
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
tio
1.3GUIDING PRINCIPLES
lu
1. Security is as much (or more) a human problem than a technological problem and must be
So
addressed at different levels.
At the highest level, security should be addressed by top-level management in
large organizations.
Robust security policies should be formulated and a comprehensive
implementation strategy outlined by a dedicated team of security specialists,
possibly headed by a Chief Information Security Officer (CISO).
Some of the mechanisms used to implement high-level policies are in the realm
of technology.
U
Security engineers have a key role to play in designing techniques and products to
protect organizations from the various cyber attacks.
System administrators handle day-to-day operations.
They should be proactive in crucial security practices such as patch application.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
attacks.
The solution lies, at least in part, in integrating secure coding practices into the
software curriculum in our colleges and universities.
tio
In general, security should be factored in early on during the design phase of a new
product and then carried forward right through implementation and testing.
The product could be a networking protocol, a new version of an operating system, a
piece of application software, or the architectural layout of computing infrastructure
for an enterprise.
lu
3. Security by obscurity (or by complexity) is often bogus.
There have been a number of cryptographic algorithms proposed which was made
mandatory in newly standardized protocols, but their details were not made public.
So
The flaws are exposed over time after the protocols have been widely deployed,
attracting closer attention from the hacker community.
There are ethical hackers whose goal is to break software/ protocols/algorithms so that
they can be fixed before things get out of hand.
It is the ethical hacker community at least, if not the public at large, who should be
able to study new protocols and algorithms prior to widespread adoption.
One such example was the procedure followed for selecting an algorithm in the late
1990s for the new secret key cryptography standard — AES was finally chosen after
U
much public scrutiny and debate. As another example, open source software is usually
freely available. Public review of its security features can make or break its reputation.
4. Always consider the "Default Deny" policy for adoption in access control.
VT
The subjects in an access control policy could be people, network packets, operating
system processes or even user input.
One policy is the "Default Permit," i.e., grant the subject's request unless the subject is
on a blacklist or it has certain blacklisted attributes.
The dual of this policy is the "Default Deny" policy. In this case, the subject's request
is denied unless it is on a whitelist.
Clearly, whitelisting is the more conservative approach.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
With whitelisting, the access controller may reject a legitimate subject whose name
has been mistakenly excluded from the whitelist but that is the price to be paid for
greater security.
Blacklisting, on the other hand, may accept a bad guy because his name or attributes
were mistakenly excluded from the blacklist.
The tradeoffs between blacklisting and whitelisting should be carefully examined (see
Principle 8). However, in general, prudent security design should seriously consider
n
adoption of the "Default Deny" policy.
tio
accomplish a given task.
Role-based access control (RBAC) has influenced a variety of software platforms ranging
from operating systems to database management systems.
The principal idea in RBAC is that the mapping between roles and permissions is
paramount.
The role played by an individual at a given point in time determines the rights or
lu
privileges the individual has.
Conferring higher privilege on an individual than what is warranted by his/her current
role could compromise the system.
Privilege escalation in its different manifestations has caused many security breaches in
So
computer systems.
The problem often lies in sloppy or incomplete configuration management.
In publicly accessible servers within an organization such as the web and e-mail servers,
unnecessary services hosted by them can open the door to malware, which can
compromise those servers. The latter are then used as a springboard to spread to the
internal machines in that organization.
This principle is used in many high-security installations and has been recently
introduced in some airports. A passenger's ticket is checked before entering the airport
terminal building. This is followed by verification of travel documents and inspection of
check-in baggage at the airline counter. Next comes a security check (physical) and a
VT
further check of the boarding pass, travel documents, and check-in baggage before
entering the boarding area (main concourse).
Defence in depth is applicable to cyber security as well.
Consider designing the firewall architecture for a mid-to-large size enterprise.
Every packet from the outside (Internet) should be intercepted by at least two firewalls.
The firewalls may be from two different vendors and would, preferably, have been
configured by two different system administrators.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
They may, and typically do, have some overlapping functionality. Because of differences
in the hardware/software design and in configuration, what escapes Firewall 1 may be
caught by Firewall 2 and vice versa.
n
But equally important are weakness/shortcomings in policy, procedures, and operations.
How many organizations are geared to implement policies regarding the entry of visitors'
laptops and PDAs?
tio
Or do they even have such policies in place? Such mobile devices and Bluetooth-enabled
gadgets may transmit malware to unsuspecting stations within the organization.
Likewise, USB-enabled PCs may be victims of viruses residing on USB flash drives.
Often, these organizations have elaborate security infrastructure in the form of firewalls
and intrusion detection systems. They securely guard the high-profile main entrance but
blissfully ignore the security requirements of the less conspicuous side and rear doors.
worms.
lu
Vulnerability detection and response brings to mind fast-spreading Internet scanning
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
Basics of Cryptography
PRELIMINARIES
Cryptography is the science of disguising messages so that only the intended recipient can
decipher the received message.
Cryptography is the lynchpin of data security — besides providing for message
n
confidentiality, it also helps in providing message integrity, authentication, and digital
signatures.
The original message or document to be transferred is called plaintext
tio
The plaintext which is encrypted is called ciphertext.
The process of converting the original plaintext to ciphertext is called encryption
The process of recovering the original plaintext from the ciphertext is called decryption.
Encryption involves the use of an encryption function or algorithm, denoted by E, and an
encryption key, e.
Decryption involves the use of a decryption function denoted by D, and a decryption key, d.
These operations are summarized below.
c = Ee(p)
p = Dd(c)
lu
Here, p denotes a block of plaintext. It is encrypted by the sender to produce ciphertext
So
denoted by c.
Decryption operation is performed by the receiver on the ciphertext to recover the plaintext.
Kerckhoff's Principle: The secrecy should be in the key used for decryption, not in the
decryption or encryption algorithms.
In secret key cryptography, both sender In public key cryptography, two distinct keys
and receiver share a common secret - the forming a key pair are used –
same secret key is used for encryption as I. the encryption key or public key and
VT
well as decryption. So e = d , this form of II. the decryption key or private key.
cryptography is also referred to as The public key of a user(receiver) is used to
symmetric key cryptography. encrypt messages to that user.
It is the private key of the recipient that is used to
decrypt the message.
Because the public and private keys are distinct,
this form of cryptography is also referred to as
asymmetric key cryptography.
If Alka and Brijesh share a secret key, k, Assuming that Brijesh has a public key-private
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
then she encrypts the message using the key pair, she would encrypt her message using his
common secret. public key , B.pu.
The encrypted message received by Brijesh Brijesh then decrypts the message using the
is decrypted using the same secret. corresponding private key, B.pr.
The secret key operations are summarized Assuming that Brijesh keeps his private key
below. securely, he and only he can decrypt the message
Operation performed by Alka received from Alka.
c = Ek(p) The public key-private key operations are
n
Operation performed by Brijesh: summarized below.
p = Dk(c) Operation performed by Alka:
c = E B.pu(p)
tio
Operation performed by Brijesh:
p=D B.pr(c)
EX:Data Encryption Standard, Advanced RSA, Elliptic Curve Cryptography (ECC).
Encryption Standard (AES)
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
He would then look for patterns in the ciphertext in an attempt to reconstruct some
plaintext and/or deduce the key. Such an attack which exclusively uses ciphertext is
referred to as a "known ciphertext" attack.
Occasionally, all or part of some plaintext blocks are predictable or may be guessed.
A cryptanalyst may then build a list of corresponding plaintext, ciphertext pairs with the
intention of deducing the key. Such an attack is referred to as a "known plaintext"
attack.
n
It may even be possible for a shrewd attacker to carefully choose pieces of plaintext and
then induce the sender to encrypt such text.
An attack on a cryptographic scheme which makes use of pairs of attacker-chosen
tio
plaintext and the corresponding ciphertext is referred to as a "chosen plaintext" attack.
The most obvious, though compute-intensive, attack with known plaintext is a brute
force attempt at obtaining the key by trying all possible key values.
Let (p1,c1) , (p2,c2) , (p3,c3) be plaintext—ciphertext pairs.
}
4.2 ELEMENTARY SUBSTITUTION CIPHERS
4.2.1 Monoalphabetic Ciphers
The most basic cipher is a substitution cipher.
VT
For ease of understanding, we consider English text in all the examples in this chapter.
Let E denote the set of alphabets, (A, B, . . . Z).
A monoalphabetic substitution cipher defines a permutation of the elements in ∑.
There are 26! permutations; so, there are 26! possible monoalphabetic substitution ciphers.
The simplest substitution cipher is one that replaces each alphabet in a text by the alphabet k
positions away (in the modulo 26 sense).
For k = 3, the substitutions are
D for A,
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
E for B,
A for X,
B for Y, etc.
Such a scheme is referred to as a Caesar cipher.
A sample plaintext and the corresponding ciphertext for k= 3 is
n
Ciphertext: ZKDW LV WKH SRSXODWLRQ RI PDUV
In substitution ciphers, like the Caesar cipher, each letter is always substituted for another
tio
unique letter. Such ciphers are said to be monoalphabetic.
4.2.2 Polyalphabetic Ciphers
In a polyalphabetic cipher, the ciphertext corresponding to a particular character in the
plaintext is not fixed. It may depend on, for example, its position in the block.
We next study two examples of such ciphers.
a. The Vigenere Cipher
km
Here , k1, k2, k3, k4… km are each integers.
lu
The Vigenere cipher is a polyalphabetic cipher that uses a multi-digit key k1, k2, k3, k4…
Key: 04 19 03 22 07 12 05 11 04 19 03 22 07 12 05 11 4
Ciphertext: A B V D P Y L J S N P Q J T X F G V H O Z
U
The first letter in the above text is W. The corresponding key value is 04.
This means that the ciphertext is the letter 4 positions ahead (in the modulo 26 sense).
The key length = 8, i.e., the keystring repeats after every 8 characters.
There are four occurrences of the letter "s" in the above text
VT
However, each occurrence of "s" is encrypted as a different character in the ciphertext - "
V", "X", "O," and "Z".
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
Unlike the Caesar and Vigenere ciphers, each character in the ciphertext is a function of all
the characters in that block.
Let p1,, p2, . . . pm„, be the numeric representation of the characters in the plaintext and
let c1,c2,c3,…cm represent the corresponding characters in the ciphertext.
To compute the ciphertext, we map each alphabet to an integer.
We use the mapping,
A 0
n
B 1
C 2
D 3
tio
E 4
F 5
lu
So
This can be conveniently written as
C= p K
Here, C and p are row vectors corresponding to the plaintext and ciphertext, respectively, and
K is the m x m in matrix comprising the key.
At the receiver end, the plaintext can be recovered from the ciphertext by using
p = cK-1
c.One—time Pad
To perform theone time pad cipher encryption operation, the pad values are added to
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
A transposition cipher shuffles, rearranges, or permutes the bits in a block of plaintext.
Unlike a substitution cipher, the number of 0's and 1’s in a block does not change after the
shuffling.
tio
For simplicity, we work with characters (letters) rather than bits.
Imagine a block of plaintext arranged in a matrix row by row as below.
Plaintext: Begin Operation at Noon (any case)
lu
So
rearrange the rows as follows
ROW 1 to row 3
Row 2 to row 5
ROW 3 to row 2,
Row 4 to row 1
Row 5 row 4.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
The ciphertext thus generated is
ATNOTIARGIEBONONPEON
tio
To decrypt the message, the recipient would have to cast the cipher text in a 5 x 4 matrix,
reverse the column shuffles, and then reverse the row shuffles.
For example, with a combination of guesswork, luck, and limited prior information, a spy
might be able to deduce that the planned start time of an attack is 11:15 pm upon receiving
the following ciphertext.
11KC TA TAMMO CPM51CENE
lu
This is the ciphertext using the row and column shuffling as in the example above.
The corresponding plaintext is
Commence Attack 11 15 pm
So
4.4 OTHER CIPHER PROPERTIES
In 1949, Claude Shannon first proposed the ideas of confusion and diffusion in the operation
of a cipher.
Confusion is the property of a cipher whereby it provides no clue regarding the relationship
between the ciphertext and the key.
U
Given plaintext p, a sequence of keys k1, k2, . . . ki and the corresponding ciphertexts are
obtained using this encryption Ek1(p), Ek2(p), Ek3(p),………. Eki(p),
It is nearly impossible to deduce the value of a new, arbitrarily chosen key kj used to create
VT
the ciphertext,Ekj(p).
Confusion reigns supreme with a cipher if , for any plaintext,p if even a single bit in a key k
is changed to produce k’, then roughly half the bits in the ciphertexts Ek(p) and Ek’(p) are
different.
While confusion is concerned with the relationship between the key and the ciphertext,
Diffusion is concerned with the relationship between the plaintext and the corresponding
ciphertext.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
Block Ciphers
With block ciphers, the plaintext is split into fixed size chunks called blocks, and each
block is encrypted separately.
Typically all blocks in the plaintext are encrypted using the same key.
Block ciphers include DES, AES, RSA, and ECC.
n
Block sizes used in secret key cryptography are usually smaller — 64 bits in DES and
128 bits in AES.
The block size in RSA is much larger — 768 or more bits, while the block size in ECC is
tio
about 200 bits.
If two blocks of plaintext within a message are identical, their corresponding ciphertexts
are identical. This statement, however, is only partially true.
Stream cipher
lu
The one-time pad is an example of a stream cipher.
Practical stream ciphers typically generate a pseudo-random keystream which is a
function of a fixed length key and a per-message bit string.
So
The key is known to both the sender and the receiver.
The per-message string could be a message sequence number.
Alternatively, it could be a random number generated by the sender and transmitted to
the receiver along with the encrypted message.
The ciphertext is itself obtained by performing an ⊕ operation between the plaintext and
the keystream.
An example of a stream cipher is RC4 used in the wireless LAN protocol, IEEE 802.11.
Stream ciphers are usually faster than block ciphers and use less complicated circuits.
U
However, RC4 and some other stream ciphers have been shown to be vulnerable to
attack.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
Modern day secret-key ciphers are typically synthesized using the Substitution Box (S-Box)
and the Permutation Box (P-Box).
Substitution Box (S-Box)
n
An S-box is a device that takes as input a (binary) string of length m and returns a
(binary) string 1 of length n. While it is often the case that m = n, this need not
always be so.
tio
m
An S-box is implemented using a table (or array) of 2 rows with each row
containing an n-bit value.
The input to the S-box is used to index the table which returns the n-bit output of the
S-Box.
Permutation Box (P-Box).
lu
A P-Box performs a permutation or re-arrangement of the bits in the input.
A permutation is more restrictive than a substitution.
For example, the number of zeros in the output of the P-Box is equal to the number of
zeros in its input while an S-box imposes no such restriction.
So
A P-Box or S-box by itself is not sufficiently powerful to create a secure cipher.
However, cascading P-Boxes and S-Boxes alternately, the strength of a cipher can be
greatly increased. Such a cipher is referred to as a product cipher.
The three operations that take place in sequence as shown in Fig. 5.1:
(3) A Permutation
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
tio
lu
So
Figure: Three-round SPN network
As an example, for b = 64, the size of the table is 270 bits which is a thousand billion billion
bits!
To save table space, a single S-box is broken into multiple S-boxes as shown in each round
of Fig. 5.1.
If s is the number of S-boxes, the number of inputs to each S-box is b/s.
Each S-box is now implemented using a table of size (b/s)2b/s bits.
Thus, the total size of all the S-boxes is b x 2b/s bits.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
For a block size of 64, the use of eight S-boxes (each with 8 inputs) would bring down the
storage requirements to about 16,000 bits.
Usage of s box injects non-linearity into the design of the cipher.
Non-linearity implies the absence of a linear relationship between any subset of bits in the
plaintext, cipher text, and key.
Finally, the third step in each round or iteration is a permutation.
A P-Box re-orders the inputs that it receives. it diffuses or spreads contiguous bits of the
n
input across the entire block.
Without the P-Box, the first b/s bits of the output would be a function of the first b/s bits of
the input, the second b/s bits of the output would be a function of the second b/s bits of the
tio
input and so on.
DES is the successor to a cipher called Lucifer designed by cryptographers at IBM in the
1960's.
lu
It was first published in March 1975 and was chosen by the U.S. National Bureau of
Standards or NBS (later re-named National Institute of Standards and Technology or NIST)
as the standard cipher for secret key cryptography in January 1977.
Figure:DES encryption
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
n
4. a final permutation
Each of the 16 rounds is functionally identical.
The structure of each DES round is explained below.
tio
Let Li-1 and Ri-1 be the left and right halves of the input to round i.
As shown in above figure:
Li =Ri-1
Ri = Li-1 ⊕ f(Ri-1, Ki)
The function f is applied at each round and is referred to as the "round" function.
Each round uses a round key, which is one of the inputs to f.
Each round key is derived from the DES key.
lu
The process of decryption involves obtaining Li-1 and Ri-1 from Li and Ri.Execution
proceeds from bottom to top and is summarized by the following equations derived from
above Eqs :
So
Ri-1 =Li
Li-1=Ri ⊕ f(Li, Ki)
The structure of such a cipher is attributed to Horst Feistel (one of the key designers of DES).
A cipher that has such a structure is referred to as a Feistel cipher.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 1
Two bits of the i-th chunk serve as a row index (i5,i0)into the i-th table (Fig. 5.3) and the
remaining four bits serve as a column index(i4,i3,i2,i1).
The output of the S-box is simply the 4-bit string pointed to by the row and column indices.
i5 i4 i3 i2 i1 i0
n
S BOX
tio
o3 o2 o1 o0
column 0 to column 15
Row 0
Row 1 lu
So
Row 2
Row 3
Figure s box implementation using array size 4X16
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
Module 2
Cryptographic Hash
2.1 INTRODUCTION
Definition: A hash function is a deterministic function that maps an input element from
a larger (possibly infinite) set to an output element in a much smaller set.
n
The input element is mapped to a hash value.
For example, in a district-level database of residents of that district, an individual's
tio
record may be mapped to one of 26 hash buckets.
Each hash bucket is labelled by a distinct alphabet corresponding to the first alphabet of
a person's name.
Given a person's name (the input), the output or hash value is simply the first letter of
that name (Fig. 7.1).
lu
Hashes are often used to speed up insertion, deletion, and querying of databases.
So
U
VT
In the example above, two names beginning with the same alphabet map to the same
hash bucket and result in a collision.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
2.2 PROPERTIES
7.2.1 Basics
A cryptographic hash function, h(x), maps a binary string of arbitrary length to a fixed
length binary string.
The properties of h are as follows:
1. One-way property. Given a hash value, y (belonging to the range of the hash
n
function), it is computationally infeasible to find an input x such that b(x) = y
2. Weak collision resistance. Given an input value x1, it is computationally
tio
infeasible to find another input value x2 such that h(x1) = h(x2)
3. Strong collision resistance. It is computationally infeasible to find two input values
x1 and no x2 such that h(x1)=h(x2)
4. Confusion + diffusion. If a single bit in the input string is flipped, then each bit
lu
of the hash value is flipped with probability roughly equal to 0.5.
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
tio
Figure 7.2 Properties of the cryptographic hash
There is a subtle difference between the two collision resistance properties.
In the first, the hash designer chooses x1 and challenges anyone to find an x2, which
lu
maps to the same hash value as of x1. This is a more specific challenge compared to the
one in which the attacker tries to find and x2 such that h(x1)= h(x2).
In the second challenge, the attacker has the liberty to choose x1.
So
2.2.2 Attack Complexity
Weak Collision Resistance
How low long would it take to find an input, x, that hashes to a given value y?
Assume that the hash value is w bits long. So, the total number of possible hash values
is 2 w
brute force attempt to obtain x would be to loop through the following operations
U
VT
assuming that any given string is equally likely to map to any one of the 2 W hash
values, it follows that the above loop would have to run, on the average, 2 w-1 times
before finding an x' such that h(x') = y.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
A similar loop could be used to find a string, x2, that has the same hash value as a given
string x1.
Strong Collision Resistance
A Brute-force attack on strong collision-resistance of a hash function involves
looping through the program in Fig. 7.4.
Unlike the program that attacks weak collision resistance, this program terminates
n
when the hash of a newly chosen random string collides with any of the previously
computed hash values.
tio
lu
So
Figure 7.4:program to attack strong collision resistance.
U
"What is the minimum number of persons required so that the probability of two or
more in the, group having the same birthday is greater than 1/2 ?"
It is known that in a class of only 23 random individuals, there is a greater than 50%
chance that: the birthdays of at least two persons coincide (a "Birthday Collision").
This statement is referred, to as the Birthday Paradox.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
Malloc does the following:
1. He creates millions of documents, Fl, F2,………Fm, etc. that are, for all practical
tio
purposes, "clones" of F.
2. This is accomplished by leaving an extra space between two words, etc.
3. If there are 300 words in F, there are 2300 ways in which extra spaces may be left
between words.
lu
4. He computes the hashes, h(F1 ), h(F2), . . . h(Fm) of each of these documents.
5. He creates an innocuous document, D — one that most people would not hesitate to
sign. (For example, it could espouse an environmental cause relating to conservation
So
of forests.)
6. He creates millions of "clones" of D in the same way he cloned F above.
7. Let D1, D2, ... be the cloned documents of D.
8. He computes the hashes, h(D1), h(D2), . . . h(Dm) of each of the cloned documents.
9. Malloc asks Alka to sign the document D, and Alka obliges.
10. Later Malloc accuses Alka of signing the fraudulent document
11. the digital signature is obtained by encrypting the hash value of the document using
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
2.3 CONSTRUCTION
2.3.1 Generic Cryptographic Hash
The input to a cryptographic hash function is often a message or document.
To accommodate inputs of arbitrary length, most hash functions (including the
commonly used MD-5 and SHA-1) use iterative construction as shown in Fig. 7.5.
C is a compression box.
n
It accepts two binary strings of lengths b and w and produces an output string of length
w.
tio
Here, b is the block size and w is the width of the digest.
During the first iteration, it accepts a pre-defined initialization vector (IV), while the
top input is the first block of the message.
In subsequent iterations, the "partial hash output" is fed back as the second input to
the C-box.
lu
The top input is derived from successive blocks of the message.
This is repeated until all the blocks of the message have been processed.
So
The above operation is summarized below:
h, = C (IV, m1 ) for first block of message
hi = C (h i-1.mi ) for all subsequent blocks of the message
\
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
2.3.2 Case Study: SHA-1
tio
SHA-1 uses the iterative hash construction of Fig. 7.5.
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
tio
lu
So
The message is split into blocks of size 512 bits.
U
The length of the message, expressed in binary as a 64 bit number, is appended to the
message.
Between the end of the message and the length field, a pad is inserted so that the length
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
It is initialized to a fixed pre-determined value at the start of the hash computation.
We use the notation S1, S2, S3, S4, and S5 to denote the five 32-bit words making up
tio
the shift register.
The bits of the shift register are then mangled together with each of the words of the
array in turn.
The mangling is achieved using a combination of the following Boolean operations: +,
v, ~, ^, XOR ROTATE.
of that message.
Suppose that a sender and receiver share a secret, k.
If the message and secret are concatenated and a hash taken on this string, then the
VT
hash value becomes a fingerprint of the combination of the message, m and the
secret, k.
MAC = h (m|| k)
The MAC is much more than just a checksum on a message.
It is computed by the sender, appended to the message, and sent across to the
receiver.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
On receipt of the message + MAC, the receiver performs the computation using the
common secret and the received message.
It checks to see whether the MAC computed by it matches the received MAC.
A change of even a single bit in the message or MAC will result in a mismatch
between the computed MAC and the received MAC.
In the event of a match, the receiver concludes the following:
n
(a) The sender of the message is the same entity it shares the secret with — thus
the MAC provides source authentication.
tio
(b) The message has not been corrupted or tampered with in transit — thus the
MAC provides verification of message integrity.
Drawbacks:
An attacker might obtain one or more message—MAC pairs in an attempt to
determine the MAC secret.
lu
First, if the hash function is one-way, then it is not feasible for an attacker to deduce
the input to the hash function that generated the MAC and thus recover the secret.
So
If the hash function is collision-resistant, then it is virtually impossible for an
attacker to suitably modify a message so that the modified message and the original
both map to the same MAC value.
HMAC
There are other ways of computing the hash MAC other than this method using
HMAC .
U
Another possibility is to use key itself as the Initialization Vector (IV) instead of
concatenating it with the message.
Bellare, Canetti, and Krawczyk proposed the HMAC and showed that their scheme
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
n
tio
The key is padded with O's (if necessary) to form a 64-byte string denoted K' and
XORed with a constant (denoted IPAD).
lu
It is then concatenated with the message and a hash is performed on the result.
K' is also XORed with another constant (denoted OPAD) after which it is
prepended to the output of the first hash.
So
Once again hash is then computed to yield the HMAC.
As shown in Fig. 7.7, HMAC performs an extra hash computation but provides
greatly enhanced security.
2.4.2 Digital Signatures
The same secret that is used to generate a MAC on a message is the one that is used
to verify the MAC.
U
Thus the MAC secret should be known by both parties - the party that generates the
MAC and the party that verifies it.
A digital signature, on the other hand, uses a secret that only the signer is privy to.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 2(chapter 2)
cannot later deny having signed it since she alone has knowledge or access to her
private key used for signing.
The verifier needs to perform only a public key operation on the digital signature
(using the signer's public key) and a hash on the message.
The verifier concludes that the signature is authentic if the results of these two
operations tally,
n
tio
Question Bank (module 2-chapter 2)
1. Explain generic hash computation and HMAC .
2. Define hashing Explain the properties of hashing with a neat figure.
lu
3. Explain SHA-1 computation with a neat illustration.
4. Explain weak and strong collision resistance.
5. Explain digital signature.
So
6. Explain birthday analogy and birthday attack
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned by CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Scanned with CamScanner
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
MODULE 3
Chapters
1.Key Management 2.Authentication-I
n
layer
5.Security at transport layer
tio
CHAPTER 1 Key Management
3.1 INTRODUCTION
Key management is related to the generation, storage, distribution, and backup of keys.
The focus is on the management of public key—private key pairs.
lu
The public key—private key pairs are used for encryption/decryption, signature generation/
To encrypt a session key for use in communication between A and B, A needs to know B's
public key.
So
The key issue hereis "How does A know B's public key?"
Possibility 1:
A may frequently communicate with B in a secure manner, so she may already have
B's public key.
First, B must have securely communicated his public key to A at some point in the
past. A actually receives B's public key and not a public key from someone posing as
B.
If at any time B's private key is compromised, the confidentiality of messages from A
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
(CA)certificate authority.
Certificates may be issued to individuals, to organizations, or even to servers.
The most basic type of certificate may be applied for through regular e-mail with the
tio
applicant stating his/her public key, name, e-mail address, etc.
In this case, the CA requires no credentials from the applicant.
It simply assumes that the applicant is in possession of the (uncompromised) private key
corresponding to the Public key contained in the application received via e-mail.
The verifier of such a certificate should realize that the above certificates are "Trust at your
own risk certificates."
lu
To carry more weight, certificate issuance would require the CA to perform identity
verification of the applicant.
The CA may have to obtain and verify several details of the applicant this task would be
So
delegated by the CA to the registration Authority (RA)
4. Validity period: There are two date fields that specify the start date and end date
between which the certificate is valid.
5. Subject information :This includes the distinguished name of the certificate's subject
or owner.
For example, if a customer intends to communicate with an e-commerce web
server at www.B-Mart.com, then the customer's browser will request B-Mart's
certificate.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
So
Figure 3.1 A digital certificate
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
It may be necessary to check other fields in the certificate such as the subject's web
page URL or e-mail address.
A should check if the certificate is still valid. Since the validity period is contained in
the certificate, this is easily done.
Finally, the certificate must be signed by a CA or RA.
A should verify the signature contained in the certificate.
A requires the CA’s public key for signature verification.
n
The CA may be globally known or may be known to the community that A and B
belong.
In this case A has access to the CA’s public key.
tio
3.3 PUBLIC KEY INFRASTRUCTURE
3.3.1 FUNCTIONS OF A PKI
A public key infrastructure includes the CA’s ,the physical infrastructure(encryption
technologies, hardwareetc.), and the formulation and enforcement of policies/procedure.
It includes the following services:
organization).
He/she could then obtain a new signing key and receive a new certificate carrying the
corresponding public key.
An important function of the PKI is to provide a safe archival facility for all issued
certificates.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
So
U
CA1 could issue certificates to multiple users Ul, U2, etc., enabling any pair of these users to
communicate securely using certificates exchanged between them.
This is represented in above Fig.(a).
Each arc in the figure is a trust relationship.
For example, the arc from the CA1 to U2 expresses the fact that CA1 vouches for U2's public
key in the certificate issued by the CA1 to U2. Such an architecture, however, is not scalable.
There are tens of millions of users who may need certificates. It is not practical for CA1 to
issue certificates to all.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Apractical solution to the problem of scalability is to have CA1 certify other CAs who in turn
certify other CAs and so on.
This creates a tree of CAs known as a hierarchical PKI architecture [see above Fig.(b)].
Here, CA1 issues certificates to CA2, CA3, and CA4.
CA2 in turn issues certificates to CA5 and end user Ul.
n
CA5 issues certificates to users U2 and U3.
The advantage of this approach is easy scalability — each CA is responsible for certifying a
limited number of users or other CAs.
tio
CA1, the root CA, is sometimes referred to as the trust anchor.
every node in the tree will know the root CA's public key.
Suppose U1 in Fig.(b) needs U5's public key.
U5 would have to provide an entire chain of certificates as follows:
(1) Certificate signed by CA1 vouching for CA3's public key
(2) Certificate signed by CA3 vouching for CA6's public key
lu
(3) Certificate signed by CA6 vouching for U5's public key
It is assumed that each node has a copy of the root's public key.
So, upon receiving the above certificate chain, U1 can verify the signature on the first
certificate using CA1's (the trust anchor'! public key.
So
3. Mesh based PKI
A more dense web of trust is shown in Fig. (c) and is referred to as a mesh-based PKI. This
could include mutually trusting CAs — CA1 trusting CA2 and. CA2 trusting CA 1shown by
a bidirectional arc between CA1 and CA2.
In tree based PKI , there may be multiple trust paths between two users.
Example there could be multiple trust paths between user 1 and user 7
Path 1:CA1,CA3, and CA 4
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Figure 10.2(d) shows a bridge CA that extends the web of trust between two existing
organizational PKIs.
Revocation Scenarios
n
However, there are other reasons why a seemingly valid certificate may actually be
invalid.
Scenario 1: The certificates subject, Prashant, was issued a certificate valid between Jan 01,
tio
2010, and Dec 31, 2010.however he quit the organization on April 1, 2010.
Assume that Prashant's certificate is used for key exchange/authentication and that he
has made a copy of it.
The session key itself is then used to encrypt all messages in both directions for the
duration of the ensuing session.
lu
Generally speaking, it is not legal for Prashant to act on behalf of his company beyond
the date of his resignation. However, that is precisely what he could do when he
attempts to establish official business communication with a customer of his company
on say June 10, 2010.
So
Based on the expiration date in Prashant's certificate, the customer would deduce that
the certificate was valid.
Moreover, Prashant would be able to authenticate himself or perform unauthorized
decryption since he knows the private key corresponding to the public key in his
certificate. Thus, Prashant might continue to do business on behalf of his company even
after resigning.
Based on Scenario 1, we need a mechanism to revoke a certificate issued by an
organization to an employee when the he leaves or changes roles.
U
Scenario 2:
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
The attacker would provide a certificate chain of two certificates — the certificate issued
by CA1 vouching for CA3's public key and the above certificate created by him.
This chain is a valid trust path from the root CA to the subject U.
Using the public key of CA1 and the certificate chain, the verifier would accept the
fraudulent signature generated using Y as an authentic signature of U.
Scenario 2 is that if a CA's private key is compromised, then any certificate issued by
that CA is invalid and it should not be included in any trust path or certificate chain.
n
tio
Handling Revocation lu
Figure 3.3 Revocation scenario 2
So
Solution 1:
One possible solution to the problem of certificate revocation is to use an on-line facility that
provides information on the current status of digital certificates.
For this purpose, a protocol called On-line Certificate Status Protocol (OCSP) is employed.
Solution 2:
U
Solution 3
Design a system wherein the signer requires the cooperation of a Trusted Third Party
(TTP) in generating a signature.
Both, the signer and the TTP have a part of the private key with neither party knowing the
other part.
To sign a document, the signer would contact the TTP.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Before requesting to sign , the TTP could check whether the signer's certificate has been
revoked and participate only if the signer's certificate has not been revoked.
Indeed, the TTP may itself maintain certificate revocation information.
The TTP may also act as a timestamp authority and certify the time at which the document
is signed.
This may be done, for example, by signing a value obtained by concatenating a timestamp
with the hash of the document.
n
3.4 IDENTITY-BASED ENCRYPTION
3.4.1 Preliminaries
tio
The digital certificate is a verifiable way of communicating the public key of a entity .
Certificates are transmitted along with messages for purposes such as authentication,
signature verification, and encryption.
An alternative to digital certificates emerged in 1984 in the form of Identity-based
Encryption (IBE).
lu
Shamir's used a scheme wherein a person's public key could be computed as a function of
that person's unique credential such as his/her e-mail address. Thus, anyone can reliably
compute A's public key only knowing A's e-mail address, for example.
IBE assumes the use of a TTP called the Private Key Generator (PKG).
So
Here is how a generic IBE scheme works:
The PKG has a private key and associated public key parameters.(Kpr ,public key
parameters)
To obtain a private key, A informs the PKG that she wishes to receive a private key
corresponding to her ID, say alka@iitb.ac.in
The PKG makes sure that that the credential does indeed belong to A.
The PKG also makes sure that this ID is universally unique, i.e., there is no other individual
U
Disadvantage:With knowledge of the PKG's public parameters and A's unique ID, anyone
can compute A's public key
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
A bilinear mapping ,B(x,y) maps any pair of elements from one given set to an element in
a second set.
The term bilinear follows from the following property mapping:
n
Here u1,u2 and v are elements of the first set and k1 and k2 are integer constants.
An example of dot product of vectors
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
CHAPTER 2
Authentication-I
Authentication is a process in which a principal proves that he/she/it is the entity it claims
to be.
The principal is referred to as the prover, while the party to whom proof is submitted identity
n
verification is called the verifier.
Authentication may be based on what the principal knows (e.g., a password or a passphrase)
or has (an identity card or passport, for example).
tio
A principal is often a human ,a computer, an application, or a robot.
In the case of a human principal, authentication may use physical characteristics such as
voice, a fingerprint, a retinal scan, or even a DNA sample — this form of authentication is
referred to as biometric authentication.
With password-based authentication, an individual is often expected to communicate his/her
password to a verifying entity. However, in many cases it may not be advisable for the
individual to reveal his/her password.
lu
Instead, he/she may be required to perform some "one-way" cryptographic operation using
his/her secret, which cannot be performed without knowledge of it.
Finally, many authentication systems today use a combination of techniques. This is referred
So
to as multi-factor authentication.
One way Authentication
1)password basedAuthentication
2)certificate based authentication
Authentication
Mutual authentication
U
In client—server communications over a campus, network, for example, it is often the case
that the client authenticates itself to the server.
The server may or may not be authenticated to the client. This is referred to as one-way
authentication.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Categorized to
1. password based authentication
2. certificate based authentication
n
The password is the secret that is known only to the user and server.
The login name identifies a user, while the user's knowledge of thecorresponding password
constitutes proof that he/she is the person with the given login name.
tio
As shown in below Figthe server uses the login name "Alka" to index into a database of
(login name, password pairs),
It Verifies that the submitted password matches the one stored against "Alka."
Drawbacks/threats :
First, the password is sent in the clear, so an attacker can eavesdrop on the
lu
messagecontaining the password and later impersonate the real user.
Second, the passwords are stored in unencrypted form in a file on the server.
If an internal attacker obtains access to that file, all passwords stored on that server could get
compromised.
So
Figure a : Communicating Password
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Figure: Password-based one-way authentication
tio
In Fig(b), the cryptographic hash of the password is stored on the server.
Also, the login software prompts the user for his/her password and computes its hash which
is transmitted.
lu
The one-way property of the cryptographic hash helps prevent an attacker from deducing
user passwords from information in the password file or from communications on the
transmission line. However, an attacker could snoop on the communications between Alka
and the server and obtain the hash of the password.
He can, at a later point in time, replay it to the server thus impersonating Alka.
So
Such an attack in which one plays back all or a part of one or more previous messages, with
the intent of impersonating a legitimate user, is referred to as a replay attack.
An effective strategy to thwart a replay attack is for the verifier (in this 'case the server) to
offer a fresh challenge to the prover (the client).
U
In response, the client does not communicate its password but rather proves that it knows
the password.
The server is thus able to verify whether the client is genuine or not.
The freshness of the challenge requires previous response to answer the current challenge.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
f is one-way; so, knowing f(pw, R) and R, it should be infeasible
to compute pw
Given an R, it should be infeasible to compute f(pw, R) even if
tio
one knows
f(pw, R1,), f(pw, R1), f(pw, R3) .. .
the corresponding R1, R2, R3 .. .
lu
which is applied over the concatenation of the password and the
nonce.
So
Another choice is a secret key encryption function with the where
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
In actual implementations, neither the sender nor receiver keeps
track of nonces generated or received.
tio
3.6.2 Certificate-based Authentication
R.
MSG 3:
A responds by "encrypting" the challenge with
her private key.
When B receives EA.pr(R), he "decrypts"
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
chose.
tio
3.7 MUTUAL AUTHENTICATION
lu
So
It is often necessary for both communicating parties to authenticate themselves to each
other.
For example, in Internet banking, it is imperative that a customer interacts with his/her bank
and not some entity posing as the bank.
Likewise, it is important that a bank to verify the identity of the customer.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
One attack scenario [figure (b)]is as follows:
tio
Message 1:An attacker, C, sends a message
to B containing a nonce RA and claiming to
be A
Message 2: B responds to the challenge with
EK(RA) and its own challenge RB as required
bythe above protocol of Fig.(a).
lu
Message 1': Now C attempts to connect to A
claiming it is B. with a challenge RB. Note that
this is the same challenge offered to it by B in
Message 2.
Message 2': A responds to the challenge with
So
EK(RB) and a nonce of its own.
Message 3: C uses A's response EK(RB) to
complete the three-message authentication
protocol with B.
C initiated the authentication protocol with A, presenting to A the same challenge it had
received from B.
A's response to the challenge in Message 2' was used by C to convince B that it was A that
was trying to establish communication with him. This attack is termed a Reflection Attack
since a part of the message received by an attacker is reflected back to the victim.
VT
In this case, the reflected message fragment is EK(RB). This attack is also called a Parallel
Session Attack
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
(c) Corrected protocol
lu
The notation [m]Ameans a messagem, sent together with A's signature on m.
In the protocol of Fig. (a), each party transmits its own nonce and challenges the other to
sign it.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
intends to talk to him.
B responds to what appears to be A's
intention to communicate with him.
Note that, in the current scenario, A may not
tio
wish to communicate with B and is not
aware that C is attempting to do so on her
behalf.
(b) Attack on flawed protocol Yet, after B receives Message 3', he feels A
intends to communicate with him since
Message 3' contains her signature on a nonce
lu chosen by him.
So
One solution to the above problem is for the
entities to include the identity of the
recipient in all messages signed.
This is shown in Fig.(c).
MSG 2:the string obtained by concatenating
nonceRA and RB is signed by B is sent .
(Means encrypted using B’s private key)
U
ecte
d
protocol
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
The key finally chosen could be a simple function of SA and SB, S=SA(xor) SB.
tio
Using secret key cryptography Using public key cryptography
lu
So
Use of Timestamps
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Figure :Mutual authentication with timestamp
tio
B, on receiving the message, checks whether the timestamp is sufficiently recent and
then verifies the with timestamps signature.
He increments the received timestamp, inserts it into his response message to A, and
signs the message.
The notation {m}x.pu, denotes a message, encrypted using the public key of X
lu
If the clocks maintained by A and B are synchronized, the timestamp in Message 1
signed by A convinces B that the message was freshly created by A.
The timestamp implicitly serves as A's challenge to B.
By signing the incremented timestamp, B hopes to satisfy A that he is indeed responding
So
to her message.
Some individuals use permutations of characters in the names of their near relatives or
friends so that they are easily memorizable.
Based on such clues, an attacker can build a dictionary of strings which are potential
passwords of his/her victim.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
23-05-86 Birthdays/anniversaries are convenient but would almost always be part of the
attacker's password dictionary
ashyea Permutation of letters in mother's or spouse's name,
(Ayesha name in this example)is a poor choice especially if the attacker has
personal information about his victim
Kolkata Place names are often part of password dictionaries
n
1. on-line
2. off-line.
1. on-line attack:
tio
In on-line attacks, an intruder attempts to login to the victim's account by using the
victim's login name and a guessed password.
There is usually a system-imposed limit on the number of failed login attempts. So,
unless the attacker is particularly insightful or lucky.
an on-line attack has a limited chance of success.
1. off-line attack:
lu
Unlike an on-line attack, an off-line dictionary attack leaves few fingerprints.
One possibility is for the attacker to get a hold of the password file.
Passwords are typically transformed in some way (by, for example, performing a
cryptographic hash on them) before being stored on the authentication server.
So
The cryptographic hash is a one-way function, so it is not easy for the attacker to
deduce the password given its cryptographic hash.
Another possibility is for the attacker to eavesdrop on the communication link
during authentication.
The attacker could use his/her dictionary of passwords to implement the following
attack.
{
x = f(D[i], R)
if (x = F)
{
print ("CORRECT PASSWORD ")
found = true
}
}
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
One approach to frustrating a dictionary attack is to increase the cost of performing such
an attack. The cost is the time to successfully complete the attack.
The most time-consuming operation in each iteration of the dictionary attack program is
f(D[i], R). Hence, to decrease the attacker's chance of success, the function f(D[i], R)
could be made more computationally expensive.
n
Suppose, for example, instead of the function f being a simple cryptographic hash, it was
the cryptographic hash, h, applied successively a hundred times,that is,
h (... h (h (D[i], R)) ...........)
tio
If the above function were used in the loop of the program, we would expect the program
to run about 100 times slower.
A protocol that virtually eliminates off-line dictionary attacks is the Encrypted Key
Exchange (EKE) protocol.
This is a password-based protocol that combines Diffie—Hellman key exchange with
mutual authentication based on a shared secret.
lu
the Diffie—Hellman protocol is vulnerable to a man-in-the-middle attack which is due to
the unauthenticated exchange of "partial secrets", ga mod p and gb mod p.
To mitigate this attack, EKE uses a novel idea — each side transmits its partial secret
after encrypting it.
So
The encryption key, PW,is the hash of the password.
Below Figure shows the four messages that are exchanged in EKE.
U
VT
After MSG 2, both sides should be able to compute the new session key k = gab mod p
denoted by K in the figure.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
The attacker would attempt to guess the victim's password and hence PW.
If the attacker guessed correctly, he/she would be able to obtain the true values of
a b
g mod p and g mod p. But even so, he/she would not be able to obtain the session
tio
key, gab mod p.
This is so, since the computational Diffie—Hellman problem is infeasible in large groups
that are carefully chosen,
Thus, EKE is not susceptible to an off-line dictionary attack.
Another property of EKE is that it provides perfect forward secrecy
A protocol is said to have perfect forward secrecy if it is not possible for an attacker to
lu
decrypt a session between A and B even if he/she records the entire encrypted session
and then at a later point in time (say a week later) obtains or steals all relevant long term
secrets of A and B.
So
Chapter 3
Authentication-II
Key Distribution Centre (KDC) – a trusted third party that shares long-term
keys-with clients and servers alike.
Two protocols that make use of a KDC—the Needham-Schroeder protocol and
Kerberos.
We then look at the biometric authentication as a complement to and, in some cases,
U
There are a number of advantages of secret key cryptography over public key
cryptography inauthentication protocols.
First, digital certificates and a public key infrastructure (PKI) are needed in
support of public key cryptography.
There is a substantial cost to set up and maintain a PKI.
Also, public key/private key operations are relatively slow compared to secret key
operations.
In secret key cryptography,If the entity communicates with a large number of other
entities over time, it must share a secret with each of those parties.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
One approach to alleviating the risk is to employ a trusted thirdparty which, in
this case, functions as a key distribution centre(KDC).
Each user registers with a KDC and chooses a password.
tio
A long-term secret,which is a function of the password, is to be exclusively
shared by that user and the KDC.
The main function of the KDC is to securely communicate a fresh, common session
key to the two parties who wish to communicate with each other.
In Figbelow,
lu
So
U
Message 3 is encrypted with KB , the secret shared between B and the KDC.
Both A and B decrypt their messages and obtain the short-term session key.
A and B thenall subsequent messages during the session using KAB.
The above Figurewas meant to convey the general idea in using a KDC but the protocol
is susceptible to numerous types of replay and man-in-the-middle attacks.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
session key, KAB.
There are four versions
1. Preliminary version 1
tio
2. Preliminary version 2
3. Preliminary version 3
4. Final version
lu
So
Figure 3.10 a
U
Preliminary Version 1
MSG 1:Identity of A and B
MSG 2: In response KDCencloses the ticket to B.ie EB{A,KAB}
MSG 3: A then forwards the ticketalong with the challenge to B (R1)
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
Figure 3.10 b
Man in the middle attack on Preliminary Version 1
The protocol in Fig. 3.10(a) is susceptible to an impersonation attack shown in Fig.
3.10(b).
Theattacker, X, is an insider who shares a long-term key with the KDC.
lu
The attacker, X, intercepts Message 1, substitutes "B" for "X" and sends the
In response, the KDC creates a ticket encrypted with X's long-term key and sends it to
A in Message 2.
So
Now X Intercepts Message 3. He decrypts the ticket using the long-term secret he
shares with the KDC. He thus obtains the session key, KAX.
Message 3 also contains A's challenge R1.
X uses the session key, KAX to decrypt the part of the message containing A's
challenge. He successfully responds to A's challenge in Message 4.
Thus, X successfully impersonates B to A.
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Preliminary Version 2
A simple fix to the protocol is to include B's identity in the encrypted message from
the KDC to A (Message 2). The modified message is
EA{KAB, "B", EB {"A", KAB}}
n
tio
lu
Figure 3.11 a Preliminary version 2
So
U
Figure 3.11 b Man in the middle attack and replay attack.( B’ is the old key , B is the new key)
Preliminary version 2
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Even then , the following scenario shows X successfully impersonates B to A.
tio
2. X intercepts the KDC's response (Message 2) and instead plays a previous recording of
Message 2.
3. This message contains a ticket encrypted with B's old key, KB'.
4. X then intercepts Message 3 from A, which contains the old ticket and a fresh
challenge to B. Because X has access to B's old key, he can decrypt this ticket and
recover the session key, KAB.
5. Because X knows KAB’, he can respond to A's challenge in Message 4. X's response is
lu
exactlywhat A expected to receive from B. Hence, A is convinced that she is talking to
B.
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Preliminary Version 3
n
tio
Figure 3.12 a Needham-Schroeder protocol: Preliminary version 3
lu
So
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Preliminary version 3
n
The version 3 is still not secure despite the modifications made.
X could still attack the protocol by recording previous messages and selectively replaying
them when the right opportunity presents itself.
tio
Such as he attempts to steal A's password or long-term key.
Assume again that A suspects the compromise of her password and promptly reports this
to the KDC without delay.
X then manages to steal A's long-term key that she shares with the KDC and perform an
impersonation attack.
A’ is the old password generated key
A is new password generated key.
lu
Using the compromised (old)key, X can decrypt this message and recover
Theold session key, KA’B
The old ticket EB{A,KA’B}
So
To impersonate A, X does the following [see Fig.3.12(b)]:
1. X sends,the old ticket and a challenge, R1, encrypted with the old session key.
2. Message 1 to B,
3. B responds to X's challenge and also communicates his own challenge, R2.
4. Because X has the session key, he responds to the challenge by encrypting R2 with
the session key.
B receives the response and is convinced he is talking to A(impersonated by X).
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
Figure 3.13
So
The problem in previous versions could be fixed if B were allowed to choose a
nonce(R4)andthe same nonce were enclosed by the KDC in the ticket it generates.
MSG 1:Identity of A and B sent from A to B
MSG2: random number R4 generated by B
MSG3:A forwards his challenge as R3 along with R4.
MSG 4:KDC generates ticket and includes R4
When B receives this ticket in msg 5, B can verify the random number/nonce
generated in msg 2 is same or not.
U
VT
3.10 Kerberos
A user could use the same password for all servers but distributing and maintaining a
password file across multiple servers poses a securit risk.
A password-based system should ensure the following: y
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
to re-enter her password to access other servers for the duration of the session. This
feature is called single sign-on.
6. The password should reside on a machine for only a few milliseconds after being
tio
entered bythe user.
lu
The KDC used in the Needham—Schroeder protocol is logically split into two entities
here — the Authentication Sewer (AS) and the Ticket Granting Server (TGS).
The sequence of messages exchanged between the client (C), the Kerberos servers (AS
and TGS) and the requested server(S) is shown in Fig.3.14 .
There are three steps — each involving two messages
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Step 1: Receipt of Ticket-Granting Ticket
Mes s age 1
C AS
tio
In Message 1, the client informs the AS that it wishes to communicate with the TGS.
"Times" field specifies the start time and expected duration of the login session.
"C," is the ID of the user/client who has logged in.
R1 is a nonce generated by C
Message 2
AS C - -
lu
The response from the AS (Message 2) contains a session key, Kc,TGS, to be used for
communication between C and the TGS.
This key is encrypted with the long-term key, KC known to C and the AS.
This key is a function of the user's password.
So
AS encrypts the nonce, that it received in Message 1.
The nonce is used to prevent replay attacks.
The AS also includes a TGT (Ticket TGS)in connection with C's request.
Using this Ticket TGS ,TGS server extracts the session key, KC,TGS,known only to C
and the TGS.
As shown above, the Authenticator Cencrypts the current time (timestamp) and ID
usingKC,TGS
VT
Message 4
TGSC
The TGS generates a fresh session key, Kc,s, to be shared between C and S.
This key is encrypted using the session key KC,TGS, so only C can decrypt it.
The fresh nonce, R2, from C is also encrypted by the TGS using K C,TGS
This convinces C that the received message is from the TGS
Finally, the fresh session key Kc,s is enclosed in a service-granting ticket to be
forwarded by C to S.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
The service-granting ticket is encrypted with the long-term secret shared between the
TGS and S.
Message 5
C S
n
C forwards to S the ticket containing the session key, Kc,s.
C also creates and sends to S an authenticator by encrypting a timestamp with the
tio
session key Kc,s
Message 6
S C
lu
S then increments the timestamp and encrypts it with the fresh session key.
The encrypted timestamp serves to authenticate S to C.
So
3.11 BIOMETRICS
3.11.1 Preliminaries
A biometric is a biological featureor characteristic of a person that uniquely identifies
him/her over his/her lifetime.
Common forms of biometric identification include face recognition, voice recognition,
manual signatures, and fingerprints.
More recently, patterns in the iris of the human eye and DNA have been used.
U
Behavioural traits such as keystroke dynamics and a person's walk have also been
suggested for biometric identification.
Biometric forms were first proposed as an alternative or a complement to passwords.
Passwords are based on what a user knows.
VT
Commonly used ID cards, including personal smart cards, are based on what a
person has.
A biometric, on the other hand, links the identity of a person to his/her
physiological or behavioural characteristics.
The two main processes involved in a biometric system are enrolment and
recognition.
1. Enrolment:
In this phase, a subject's biometric sample is acquired.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
reference templates to determine the extent of a match.
tio
1. Authentication
Biometric system stores (login name and biometric sample)
authentication involves a one-to-one match
2. Identification
As in authentication, a biometric sample of the subject is taken but the
lu
subject's identity is not presumed to be known beforehand.
It is assumed that a database of biometric samples of several users
already exists.
The subject's biometric sample is compared with the samples in the
So
database to determine if a match exists with any one of them.
identification involves a one-to-many match
A typical application of authentication is in access control, while
identification finds widespread uses in forensics/criminology.
The characteristics of a good biometric include the following:
Universality: All humans should be able to contribute a sample of
the biometric. For example, the speech-impaired may not be able to
contribute towards a voice recognition system.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Case studies
1. Fingerprints
2. Iris scan
n
1. Fingerprints:
A fingerprint is an impression left by the ridges and valleys of a
human finger .
tio
Each individual fingerprints exhibit distinctive patterns.
During the enrolment and recognition phase ,an image of the fingertip
is taken by placing it on the plane surface of a scanner.
During the recognition phase the input template must match with the
patterns stored in database.
lu
The simplest approach involves identification of distinctive patterns
formed by ridges.these are called as singularities.
Arch : the ridge starts from one side of the finger and forms an arc
and ends on other side.
So
Loop: the ridge starts and ends at the same side of the finger.
Whorls:appear as closed cycles or spirals in a fingerprints.
2. Iris scan
The iris is a thin opaque diaphragm of smooth muscle situated in
front of the lens in the human eye.
Its annular shape surrounds the pupil.
The intricate patterns on the iris appear to be unique.
U
Two identical twins have iris pattern s that are different as those of
two unrelated individuals.
The patterns of an iris are also stable with age.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Chapter 4
IPSec-Security at the Network Layer
4.1 SECURITY AT DIFFERENT LAYERS: PROS AND CONS
Security may be implemented at different layers of the OSI model.
Security is commonly implemented
n
1. In the network layer or
2. between the transport and application layers and/or
3. within the application
tio
IPsec — the best-known protocol for providing security at the network layer.
There are two main IPSec protocols and their modes of operation.
lu
1. Data origin authentication and data integrity
2. Protection from replay attacks
3. Data confidentiality and
So
4. Partial traffic flow confidentiality.
The end-points of the protocol can be two hosts, two gateways, or a host and a
gateway.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Each node has a database of SAs for all connections originating from or terminating at it.
This database is referred to as the SA Database (SADB).
Finally, it should be noted that two communicating parties, A and B, establish two SAs
— one for communications from A to B and another from B to A.
n
AH (Authentication Header)
ESP (Encapsulating Security Payload).
The main differencebetween AH and ESP is that AH has no provision for confidentiality.
tio
ESP provides confidentiality as an option.
These protocols can be used in either transport or tunnel mode.
Below Figure shows the headers introduced by AH and ESP and their coverage of
authentication and encryption.
1. Transport mode
AH in transport mode
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
So
ESP in transport mode
This mode of operation is called transport modebecause it protects the transport header
and the transport payload
U
The IPSec header(AH and ESP) is sandwiched between the IP and TCP headers
HMAC:
Message authentication and integrity areprovided by the use of a keyed MAC
in both cases.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
ESP does not provide protection to any part of the IP header in transport mode.
Sequence number:
All IPSec headers (both AH and ESP in both modes) have 32-bit fields each for the
SPI and a packet sequence number , to protect against replay attacks.
Padding:
Padding is added so that the length of the encrypted payload is a multiple of block size
n
(as required by most encryption algorithms).
Padding also helps in hiding the actual length of the data when ESP is used with the
encryption option turned on.
tio
4.2.2 Tunnel versus Transport Mode
lu
So
To protect the entireIP header, IPSec has an option called tunnel mode.
Both, AH and ESP can employ tunnel mode.
U
With encryption turned on, ESP in tunnel mode encrypts the "inner" IP header thus providing
limited traffic flow confidentiality. Because the inner, IP header is encrypted, an "outer IP
header" is used for routing.
Figure 13.2 shows the order of insertion of the different headers and the scope of
VT
authentication/encryption.
The most compelling use of the IPSec in tunnel mode is in securing host-to-host and host-to-
gateway communications.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
So
Consider the communications between two hosts A and B on different networks,
Network 1 and Network 2, communicating over the Internet [Fig. 13.3(a)].
Suppose that security policy dictates that a packet entering Network 2 should authenticate
itself to the incoming gateway, D. Then A could tunnel its packet to B inside a packet to D.
The IP/IPSec headers generated by A are shown in Fig. 13.3.
The destination address in the outer IP header is D (interface d1). This header is used to
route the packet through the Internet.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
an IPSec SA is analogous to setting up an SSL connection.
It is good security practice to periodically change cryptographic keys used by two
communicating parties.
tio
In Phase 1, longer term keys are derived.
Phase 1 occurs rarely and is more computationallyintensive compared to Phase 2.
In Phase 2, shorter term keys are derived for use between two parties. This key is a
function of the long term keys computed in Phase 1 together with noncesexchanged in
Phase 2.
lu
To prevent DoS attacks, IKE makes extensive use of cookies.
One cookie is created by the initiator, A, and another by the responder, B.
Phase 1 of IKE uses Diffie—Hellman key exchange, which involves the computationally
So
intense modular exponentiation operation.
IKE mandates that B should compute a 64-bit integer called a cookie.
Cookie value computed by A : This is a hash function of many variables including the IP
address of A, an temporary secret known only to B and possibly the time.
A is required to send this cookie to B in all subsequent messages.
On receipt of a message from A, B will check to see whether the cookie corresponds to
A's IP address. If the check fails, B will abort session establishment .
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
The motivation for introducing Main Mode is to hide the identities of the sender and receiver
from eavesdroppers.
The six messages exchanged in Phase 1 for each of these cases.
Main Mode
IKE derives a hierarchy of keys —KEYr, KEYd, , KEYa, and KEYe.
The subscripts r, d, a, and e denote 'root', 'derived', 'authentication', and 'encryption',
respectively.
n
IKE PHASE 1 main mode
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Option 1 :
tio
A and B share a secret key Figure 13.4(a) shows the sequence of messages exchanged
between A and B under the assumption that A and B share a secret key, s.
The first message contains the cryptographic algorithms proposed by A for use in the IKE
security association (in addition to the cookie CA). This is denoted SAA.
Message 2 shows the cryptographic algorithms accepted by B.
In Messages 3 and 4, both sides exchange nonces and the Diffie—Hellman partial keys.
such as keyr,keya,keye.
The main difference between this option and the previous ones is that both sides exchange
their identities earlier in Messages 3 and 4.
Each side generates a nonce (RA or RB) and encrypts it with the other side's public key.
Each side encrypts its identity together with its Diffie—Hellman partial key (ga mod p or
VT
gb
mod p) with temporary keys,.KA and KB in Messages 3 and 4, respectively.
KA and KB are functions of nonces nd cookies as below
KA = hash (RA, CA)
KB = hash,(RB, CB)
In Messages 5 and 6, each side transmits a MAC.
The MAC key is KEYawhich,,in turn, is a function of the two nonces, RA and RB.
If A or B were unable to decrypt (with their private key )the nonce generated by the other
side, then they wouldnot be able to compute the correct MAC .
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Aggressive Mode
,The aggressive mode involves only three messages.
As shown in Fig. 13.5, the identities of A and B are sent in the clear in messages 1 and 2.
Another aspect of IKE Phase 1 in aggressive mode is that the Diffie—Hellman group is used and
the group parameters are decided by A.
n
A computes its partial key and sends it to B in Message 1.
B has no choice but to quietly accept the group chosen by A.
tio
lu
So
U
e
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
IKE phase 2
n
tio
IKE Phase 2
lu
IKE phase 2 to be used for authentication (and encryption) as part of the IPSec SA.
So
Two parties participate in an IKE Phase 2 exchange in order to establish a new IPSec SA.
Either party can initiate this phase in which the cipher suite and the keys that comprise the
new IPSec SA are agreed upon.
Above Figure shows the three messages exchanged in "Quick Mode."
All messages, encrypted using the secret, KEYe, computed in theprevious phase .
Message integrity and data source authentication is provided by using an HMAC.
The key for the HMAC is KEYa, also computed in Phase 1.
A 32-Bit "Message ID”, MID, is used to distinguish this phase 2 session from, possibly,
U
others that may be set up concurrently within the same IKE SA.
The MID together with the two cookies created in Phase 1, CA and CB, are dispatched as
part of each of the three messages.
Both sides send their proposals for a suite of cryptographic algorithms to be used in the
VT
IPSec SA.
These are denoted SAA and SAB in Fig. 13.6.
To guarantee freshness, both sides also generate and transmit nonces, NA and NB.
In addition to the agreement on a cryptographic suite, the purpose of this phase is to agree on
the secrets
These secrets are computedsimultaneously by both sides and are a function of KEYd
computed in Phase 1 and the nonces NA and NB exchanged in this phase.
To integrity protect the messages each side computes a MAC on their messages. MACS
includes integrity protection for both nonces, NA and NB.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
4.4 SECURITY POLICY AND IPSEC
A Security Policy Database (SPD) is used to determine whether a packet sent or received
should pass through security, bypass it, or simply be dropped. Such a decision is made based
tio
on fields in the IP and transport headers.
These fields, called selectors, include the destination IP address, the type of transport layer
protocol (whether TCP or UDP) and type of application (indicated by transport Selectors
are used to index into the SPD.
The output of this lookup indicates whether security should be applied.
lu
If so, and if the packet is part of the IP traffic that already has an existing SA, protocol port
If an SA does not exist or has expired, the IKE protocol is used to establish an SA between
the sender and receiver.
So
4.5 Virtual private networks
A virtual private network (VPN) enables organization to communicate securely over a
public, shared network such as internet.
A secure VPN uses cryptographic techniques to provide not just confidentiality but also
authentication and message integrity.
In a trusted VPN, customer traffic is not usually encrypted ,service provider has to guarantee
confidentiality of traffic.
The two most widely used VPNs are:
U
Site to site VPN: are used to link multiple offices of an organization ,known as intranet.
Site to site VPN may also be used to secure an extranet-a network connecting multiple
business partners.
Remote access VPNs connect teleworkers to their offices.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Chapter 5
Security at the Transport Layer
3.12 INTRODUCTION
Developed by Netscape in 1994, the Secure Sockets Layer (SSL) protocol has emerged
n
as the principal means of securing communications between an Internet client (such as
a browser) and a server.
It was standardized by IETF in 1999 and called Transport Layer Security (TLS).
tio
SSL(Secure Sockets Layer)
SSL is sandwiched between TCP (it only runs over TCP) and an application layer
protocol.
It is application protocol independent.
Protocols such as HTTP, FTP, SMTP, IMAP, and POP can all be run over SSL.
lu
Application protocols secured by SSL are usually suffixed by an "S" and run on
For example, HTTP runs on port 80 but HTTPS runs on port 443.
FTP runs on port 21 but FTPS runs on port 990.
So
SSL is comprised of two main protocols (see Fig. 14.1)
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
3.13 SSL HANDSHAKE PROTOCOL
3.13.1 Steps in the Handshake
The client initiates a handshake with the server to either
tio
(a) Start a new session or
(b) resume an existing session or
(c) Establish a new connection within an existing session.
The main steps in the SSL handshake for establishing a new session
are as follows:
lu
(1) Agreement on a common cipher suiteto be used in the new
session
(2) Receipt and validation of the server certificateby the client
(3) Communication of a "pre-master secret"and computation of
derived secrets
So
(4) Integrity verificationof handshake messages and server
authentication
These steps are realized by the sequence of messages shown in below figure
The steps are:
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
lu
Step 1:Two messages are communicated in this step —Client Hello and Server
So
Hello.
The algorithm to be used in computing the MAC for message integrityinclude MD5
and SHA-1.
The key exchange method used for communicating the pre-master secret.
In addition to agreeing on a cipher suite, both sides choose and exchange two 32-byte
VT
Step 2. The server communicates its certificate to the client (see Fig. 14.2).
On receipt of the certificate, the client checks the owner's name/URL and validity
period.
It also verifies the signature of the CA on the certificate.
Successful verification of these fields does not guarantee the authen ticity of the
sender
Authentication of the server only occurs at the end of Step 4,
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
Step 3.
n
pre defined constants.
The computation uses a standard cryptographic hash function such as the SHA-1
or the MDS.
tio
Master_Secret = f(Pre-Master_Secret R A, R B, constants)
Finally six secrets are derived using HMAC-style functions of the master secret,
the two nonces, anddifferent pre-defined constants
lu
Derived_Secret_i = f(Master_Secret, R A, R B, constants), 1<i<6
So
The six derived secrets are:
Initialization vector for encrypting messages from client to server
Initialization vector for encrypting messages from server to client
Secret key for encrypting messages from client to server
Secret key for encrypting messages from server to client
Secret for computing keyed hash on messages from client to server(Client MAC
Secret)
Secret for computing keyed hash on messages from server to client (Server
MAC Secret)
U
Step 4: This step involves the exchange of two messages in each direction.
The party that sends this message signals that from now on the cipher suite and the keys
computed will be used.
The second message in this step is the "Finished" message.
This message includes a keyed hash on the concatenation of allthe handshake messages sent in the
preceding steps + a pre-defined constant.
The keyed hash serves as an integrity checkon the previous handshake messages.
After the server receives the "Change_Cipher_Spec" and "Finished" messages from the client, it
verifies the computation of the keyed hash.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
It then computes its own keyed hash that covers the previous handshake messages + a pre-
defined constant, which is distinct from the one used by the client.
The client receives the keyed hash and verifies it. Only at this point is the server authenticated
to the client.
On the other hand, client authentication as part of the SSL handshake is optional.
n
Key Exchange Methods
In Step 2, the server dispatches its certificate so the client can use the public key contained in
the certificate to encrypt the pre-master secret.
tio
In some cases, however, the server's certificate may be a "signature-only certificate."
This means that the public key in the certificate and the corresponding private key may
only be used exclusively for signature generation/verification, not for encryption.
In that case, SSL permits the server to create a temporary public key/private key pair.
The public key (including modulus) are signed by the server using the private key
lu
corresponding to the public key in the signature-only certificate.
The signed public key and certificate are communicated by the server to the client.
The client verifies the signature on the public key and then uses it to encrypt the pre-
master secret.
So
SSL offers a rich set of options for key exchange.
Such as RSA-based key exchange methods, Diffie—Hellman key exchange may be used.
Server Authentication
The MAC computed by both parties and sent in step 4 is used as an integrity checkon the
previous handshake messages.
All the handshake messages are sent in the clear (except for encryption of the pre-master
secret).
It is possible for an attacker to alter one or more of the handshake messages.
U
The hash computed by the server and verified by the client uses the server MAC secret,
It is a function of the master secret which in turn is a function of the pre-master secret.
Recall that the pre-master secret is chosen by the client and encrypted with the server's public
key so that the server alone can read it. So, nobody but the server and client could compute
the six secrets.
Only after the client receives and verifies the keyed hash from the server, is it convinced
that it is talking to the authentic server.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
Instead, a new master secret is computed as a function of the existing pre_ master
secret and two fresh notices contributed by the client and server.
The session state includes the pre-master secret, the negotiated cipher suite and, of
tio
course, the session ID.
The state of a connection includes the two nonces, the master secret, the six derived
secrets, and two message sequence(one for each direction of message transfer).
lu
The SSL record layer protocol is used to securely transmit data using the
negotiated cipher suite andthe keys derived during the SSL handshake.
Its main tasks are computation of a per-message MAC and encryption.
If the data to be transmitted is very large, it performs fragmentation.
So
Each fragment is 16 kb or less.
When a connection is established, both sides initialize a sequence counter to zero.
The counter is incremented for each packet sent.
The sequence number itself is not sent. However, it is used in the computation of
the MAC (at the sender) and in its verification (at the receiver).
The MAC is computed on the concatenation of the 64-bit sequence number and
the compressed fragment (if compressionis used).
The next step after computing the MAC is encryption.
U
If the combined size of the data fragment and MAC is not a multiple of block
size,a pad is appended.
The data fragment, MAC, and pad (if any) are then encrypted, prepended with a
header, and passed on to the TCP layer for further processing.
VT
The SSL record layer protocol header :there is a 1-byte Content Type field, which
identifies the higher layer protocol used to process thefragment.
Two bytes are used to specify the Versionnumber.
Finally, the Length field indicates the fragment size in bytes.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 3
n
tio
3.15 OpenSSL lu
So
OpenSSL is open source software that implements the SSL/TLS protocol.
It is comprised of a number of libraries that implement various cryptographic
algorithms.
It provides extensive support for communicating and validating digital
certificates.
OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J.
Hudson.
OpenSSL enhances the productivity of application developers by providing a rich set
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
MODULE 4
Chapters
1.IEEE 802.11 wireless LAN 2.viruses,worms and other
security malware
n
3.firewalls 4.Intrusion Prevention and
detection
tio
5.Web Services Security
1. IEEE 802.11 Wireless LAN Security
➢ Wireless networks present formidable challenges in the area of security.
➢ The open nature of such networks makes it relatively easy to sniff packets or even modify and
inject malicious packets into the network.
lu
➢ The ease with which such attacks are launched necessitates careful design and deployment of
security protocols for wireless networks.
So
1.1 BACKGROUND
Wired network
➢ In many organizations, the wired network is an Ethernet LAN with an existing security
infrastructure that includes an authentication server (AS).
➢ AAA (Authentication/Authorization/Accounting) functionality is often provided by a
RADIUS (Remote Authentication Dial in User Service) server.
WLANs(wireless LANs)
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
Figure: Infrastructure wireless LAN
Infrastructure WLANs :
➢ A station first, sends a frame to an AP and the AP then delivers it to its final destination.
lu
➢ The destination may be another wireless station or it may be a station on the wired network
that the AP is connected to.
➢ The AP thus serves as a bridge between the WLAN and the existing wired network.
➢ The challenge then is to develop protocols that seamlessly integrate the WLAN with the
security infrastructure of the wired network.
So
➢ A network of wireless stations associated with an AP is referred to as a basic service set. Such
a network may be adequate for a home or small enterprise.
➢ The union of the basic service sets comprises an extended service set (ESS).
➢ Each station and AP in the ESS is uniquely identified by a MAC address — a 48-bit quantity.
➢ Each AP is also identified by an SSID (service set ID), which is a character string of length at
most 32 characters.
➢ A wireless station, on power-up, needs to first discover an AP within its range.
➢ This can be done by monitoring the ➢ Alternatively, a station may send a Probe
U
wireless medium for a special kind of Request frame, which probes for APs
frame called a Beacon, which is within its range.
periodically broadcast by the AP. ➢ An AP, on hearing such a request, responds
➢ The Beacon usually contains the SSID of with a Probe Response frame.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ The AP replies with an Associate Response frame if it accepts the request for associating with
it.
1. The earliest protocol that incorporated security in WiFi was WEP.
✓ Designed to provide authentication/access control, data integrity, and
confidentiality, it failed on all three counts.
2. WiFi Protected Access (WPA)
✓ WPA was intended to fix the shortcomings of WEP without requiring new wireless
n
network cards.
✓ But WPA is not perfect — it too is susceptible to attacks on its cryptographic
algorithms.
tio
3. WPA2
✓ All the deficiencies in WEP have been addressed in the IEEE 802.11i
(implemented in WPA2) .
1.2 AUTHENTICATION
1.2.1 Pre-WEP Authentication
➢ Drawbacks:
lu
1. An attacker could easily sniff the value of SSID from frames such as the beacon or probe
So
response and then use it for authentication.
2. Another approach was to restrict admission to the WLAN by MAC address.
✓ The AP would maintain a list of MAC addresses (access control list) of stations
permitted to join the WLAN.
✓ valid MAC addresses could be obtained by sniffing the wireless medium.
✓ The attacker could then modify his network card to spoof a valid MAC address. So,
neither of these approaches was truly secure.
➢
➢ Response From Station: the station computes a keystream, which is a function of a 40-bit
shared secret, S, and a 24-bit Initialization Vector (IV).
➢ The challenge is then XORed with the keystream to create the response.
➢ The response together with the IV is sent by the station to the AP.
➢ The shared secret, S, is common to all stations authorized to use the WLAN.
Drawbacks:
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
1.2.3 Authentication and key agreement in 802.11
➢ 802.11i uses IEEE 802.1x — a protocol that supports authentication at the link layer.
tio
➢ Three entities are involved:
1. Supplicant (the wireless station)
2. Authenticator (the AP in our case)
3. Authentication server
➢ Different authentication mechanisms and message types are defined by the Extensible
lu
authenticationProtocol (EAP) standardized by Internet Engineering Task Force (IETF).
➢ EAP is not really an authentication protocol but rather a framework upon which various
authentication protocolscan be supported.
➢ EAP exchanges are mostly comprised of requests and responses.
So
➢ For example one party requests the ID of another party.
➢ The latter responds with its user_name or e-mail address.
➢ EAP also defines messages that may contain challenges and responses used in authentication
protocols.
➢ The AP broadcasts its security capabilities in the Beacon or Probe Response frames.
➢ The station uses the Associate Request frame to communicate its security capabilities.
➢ 802.11i authentication takes place after the station associates with an AP.
U
IEEE 802.11i
➢ The generic authentication messages in IEEE 802.11i are shown in Fig. 15.2.
➢ The protocol used between the station and the AP is EAP but that used between the AP and
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
lu
Figure 15.2 Authentication and master session key exchange in 802.11i
So
EAP = Extensible Authentication Protocol messages
EAPOL = EAP over LANs
➢ The main authentication methods supported by EAP include the following:
1. EAP-MDS
2. EAP-TLS
3. EAP-TTLS
4. EAP-PEAP
U
1. EAP-MDS
✓ This is most basic of the EAP authentication methods.
✓ Here, the authentication server challenges the station to transmit the
MD5hash of the user's password.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
2. EAP-TLS
✓ EAP-TLS is based on the SSL/TLS protocol
✓ most secure and provides mutual authentication and agreement on a master session
key.
✓ It requires the AP as well as the user (station) to have digital certificates.
✓ It is relatively straightforward to equip each AP with a digital certificate and a
corresponding private key but extending the Via to each user of the WLAN may
n
not be feasible.
3. EAP-TTLS
tio
✓ (tunnelled TLS) requires certificates only at the AP end.
✓ TheAP authenticates itself to the station and both sides construct a secure tunnel
between themselves.
✓ Over this secure tunnel, the station authenticates itself to the AP.
✓ The station could transmit attribute-value pairs such as
user_name = akshay
password = 4rP#mNaS&7
4 Protected EAP (PEAP)
lu
✓ This was proposed by Microsoft, Cisco, and RSA Security, is very similar to EAP-
TTLS.
So
✓ In PEAP, the secure tunnel is used to start a second EAP exchange where in the
station authenticates itself to the authentication server.
✓ The enhanced security offered by EAP-TLS, EAP-TTLS, and PEAP does,
however, come at a steep price in performance measured by the message and
computational overheads incurred during authentication.
Key Hierarchy
➢ The first are pairwise keys used to protect traffic between a station and an AP.
➢ The second type of key is the group key intended to protect broadcast or multicast traffic
between an AP and multiple stations.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ An alternative to computing a fresh PMK for each session is the Pre-Shared Key, (PSK),
which is used as the PMK.
➢ Pairwise Transient Key (PTK).
✓ The 256-bit PMK is used to derive a 384-bit pairwise Transient Key (PTK).
✓ The PTK is a pseudo random function of the PMK.
✓ PRF(nonce of AP,nonce of station,MAC address of AP.MAC address of
station, PMK).
n
➢ Three 128 bit chunks are extracted from the 384 bit PTK for the following purposes:
1. A Temporal Key (TK) is used for both encryption and integrity protection of data between
the AP and the station.
tio
2. A Key Confirmation Key (KCK): Integrity protection is supported by a MAC computed as
a function of the message and and Associate Request Frames andthe KCK.
3. A Key Encryption Key (KEK) is used to encrypt the message containing the group key.
256
lu
So
bit
bi
384bit
t
U
Four-way Handshake
➢ The main goals of the four-way handshake are to
(a)
Verify the cipher suites communicated in the Beacon and Associate Request Frames.
(b)
Communicate the group keys from the AP to the station.
(c)
➢ Figure 15.4 shows the messages comprising the four-way handshake.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
by the station .
✓ AP verifies the integrity and source of message 2 using the key KCK.
✓ Message 3 contains group transient key (GTK).this is the key used by the AP ans
tio
all staions to integrity protect and multicast and broadcast.
4. Message 4:
✓ This is an acknowledgement from the station that it has received the previous
messages without error.
✓ It is a signal to the AP that henceforth all messages will be integrity-protected and
encrypted with the TK.
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
➢ There are many lessons to be learned from WEP — the most important being how not to design
protocols for security.
tio
WEP Encryption and Integrity Checking
➢ WEP uses the stream cipher, RC4, for encrypting messages.
➢ It generates a pseudo-random keystream, KS, which is a function of a static secret shared
between the two communicating parties.
➢ In order to have KS vary from message to message, a random per-message initialization vector,
IV, is also used to generate KS.
lu
➢ Early implementations of WEP used a 40-bit secret, S, concatenated with a 24-bit IV to create,
➢
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ Thus knowing c,c’, and p, we can obtain p’ which is called as known plaintext attack.
Message modification
➢ Consider an attacker who wishes to modify a message sent by a legitimate user.
n
➢ Let the sender's plaintext (not including the CRC checksum) be M1 F M2 where M1, F, and
M2 are each binary strings.
➢ The attacker wishes to substitute the substring, F, with another substring, F',
tio
➢ so that the decrypted message seen by the receiver is M1 F' M2. The attacker does not need to
know the values, M1 and M2. However, we assume that he knows F and F'.
➢ Ideally, the message integrity check should detect any modification to an existing message.
Can the attacker modify the message (including checksum) in such a way so that the
modification is undetected at the receiver end?
lu
➢ For the above plaintext, the ciphertext computed by the sender is :
CT=
So
U
VT
➢ The modified message has a valid CRC and so passes the integrity check at the receiver.
➢ Hence, the receiver accepts the message, unaware that it has been modified by an
attacker.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
lu
➢ The technical name for WPA is Temporal Key Integrity Protocol (TKIP).
➢ By contrast, the encryption key in TKIP is 128 bits.
So
➢ TKIP generates a random and different encryption key for each frame sent. It employs a
process called two-phase key mixing.
➢ The inputs to this process are the 128-bit temporal key, TK, computed as part of the four-
way handshake ,the sender's MAC address and the four most significant bytes of a 48-bit
frame sequence counter.
➢ The randomizing capability of the key mixing function and the large size of the key space
virtually guarantee that "keystream collisions" never occur.
➢ Thus, known plaintext attacks that could be successfully launched on WEP have no
U
➢ Figure 15.6 shows the two phases used in generating the RC4 key.
➢ Two pseudo-random function (PRF1 and PRF2) are employed in the two phases.
➢ The 32 most Significant bits of the sequence counter are input to PRF1.
➢ The least significant 16 bits of the sequence counter are inputs to PRF2 So, the output
of PRF2 changes for each frame sent.
➢ MIC is computed as a function of the data in the frame and also some fields in the MAC
header such as the source and destination addresses.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ It also uses as input a key derived from the PTK which was computed during the four-way
handshake.
➢ Due to design constraints on WEP cards, MIC's implementation uses simple logical
functions, shifts, etc. Hence, it is not as secure as a keyed cryptographic hash.
➢ On the other hand, it is much better compared to the CRC checksum used in WEP.
CCMP
n
➢ The implementation of 802.11i that uses AES is referred to as WPA-2.its technical name
is counter mode with CBC MAC protocol(CCMP).
➢ In CCMP terminology, this count is referred to as a packet number (PN).
tio
➢ The count is maintained at both sender and receiver ends.
➢ The PN is also included in a special CCMP header field in a CCMP frame.
➢ The PN is incremented by the sender after each frame is sent.
➢ Upon receipt of a fresh frame in that session, the receiver compares the value of PN in the
CCM header versus the value stored by it.
➢ If the value is less than the stored value, the frame is likely to be a replayed frame and is
hence discarded.
lu
➢ The first task in preparing a frame for transmission is to compute a MIC.
➢ The MIC is computed using AES in Cipher Block Chaining (CBC) mode with block size
128 bits.
So
➢ The key for performing encryption in each stage of Fig below is TK(temporal key).
➢ The IV for the MIC computation is a "nonce," which includes the 48-bit PN.
➢ The second and third blocks used in the MIC computation are specific fields in the frame
header such as the MAC addresses, sequence control, and frame type.
➢ Next, the blocks in the frame data are sequentially processed resulting in an 8-byte MIC.
➢ The next step is encryption.
➢ The frame data and the MIC are concatenated and then encrypted using AES in counter
mode (Fig. 15.7).
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
lu
So
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
Firewalls
➢ Definition: A firewall acts as a security guard controlling access between an internal protected
network and an external untrusted network based on a given security policy.
➢ Besides preventing intruders getting in, a firewall also helps prevent confidential inside data
from getting out.
n
➢ A firewall may be implemented in hardware as a stand-alone "firewall appliance" or in
software on a PC.
➢ A single firewall may be adequate for small businesses and homes. However, in several large
tio
enterprises, multiple firewalls are deployed to achieve defence in depth.
2.1 BASICS
2.1.1 Firewall Functionality
➢ The main functions of a firewall are listed as follows:
➢ Access Control:
lu
✓ A firewall filters incoming (from the Internet into the organization) as well as outgoing
(from within the organization to the outside) packets.
✓ A firewall is said to be configured with a rule set based on which it decides which
packets are to be allowed and which are to be dropped.
So
➢ Address/Port Translation.
✓ NAT was initially devised to alleviate the serious shortage of IP addresses by providing
a set of private addresses that could be used by system administrators on their internal
networks but that are globally invalid (on the Internet).
✓ it is possible to conceal the addressing schema of these machines from the outside
world through the use of NAT.
✓ Through NAT, internal machines, though not visible on the Internet, can establish a
connection with external machines on the Internet. NATing is often done by firewalls.
U
➢ Logging.
✓ A sound security architecture will ensure that each incoming or outgoing packet
encounters at least one firewall.
✓ The firewall can log all anomalous packets or flows for later study.
VT
✓ These logs are very useful for studying attempts at intrusion together with various
worm and DDoS attacks.
➢ Authentication, Caching, etc. Some types of firewalls perform authentication of external
machines attempting to establish a connection with an internal machine.
➢ A special type of firewall called web proxy authenticates internal users attempting to access an
external service. Such a firewall is also used to cache frequently requested webpages. This
results in decreased response time to the client while saving communication bandwidth.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
addresses of the organization's publicly accessible services such as the web server or
the external e-mail server. However, queries related to the IP addresses of internal
machines should not be entertained.
tio
✓ The organization's employees should be allowed to remotely log into authorized
internal machines. However, all such communication should be authenticated and
encrypted.
✓ Only two types of outgoing traffic are permitted. First, all e-mail from within the
organization to the outside world are permitted. Second, requests emanating from
within the organization for external webpages are permitted. However, requests for
lu
pages from certain "inappropriate" websites should be denied.
➢ High-level policies are translated into a set of rules that comprise an Access Control List.
➢ A rule specifies the action to be taken as a function of
(i) the packet's source IP address and port number
So
(ii) the packet's destination IP address and port number
(iii) the transport protocol in use (TCP or UDP)
(iv) the packet's direction — incoming or outgoing
➢ The Access Control List for the high-level policies is described in Table 21.1.
➢ Policies can, in general, be either permissive or restrictive.
➢ A permissive policy is defined as follows:
✓ Permit all packets except those that are explicitly forbidden.
➢ A restrictive policy, on the other hand, is defined as follows:
U
➢ As soon as a rule is found' that matches the packet's attributes (IP addresses, port numbers,
etc.), the action in that rule (usually permit or deny) is taken and no further rules are processed
for that packet.
➢ The scanning order is important.
➢ For example, if rules 4 and 5 in Table 21.1 are interchanged, then IPSec traffic will be dropped.
➢ Also, from a performance perspective, it makes sense to put the most frequently acted upon
rule earlier on.
➢ By so doing, we can expedite the decision on what to do with a packet.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ Finally, it is important to include the default deny rule at the end of the rule set — this prevents
ambiguity over what action to take for a packet that has not been matched against the attributes
in any of the previous rules.
n
tio
lu
So
2.1.3 Firewall Types
➢ Firewalls can be classified into the categories
1. Packet Filters
2. Stateful Inspection
3. Application Level Firewalls
1. Packet Filters
➢ This involves checking for matches in the IP, TCP, or UDP headers.
➢ For example, it may be necessary to check whether a packet carries a certain specific source
U
packets.
➢ why the packet filtering firewall is inadequate????
Drawbacks:
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ Consider an external mail server (IP address = ABC) that wishes to deliver mail to an
organization.
➢ For this purpose, it should first establish a TCP connection with the organization's mail server,
MS.
➢ Consider the arrival of a packet with the following attributes:
➢ Source IP address = ABC
➢ Destination IP address = MS
n
➢ TCP destination port = 25 (SMTP port)
➢ ACK flag set
➢ Such a packet would be part of a normal flow provided a connection between ABC to MS has
tio
been established. But suppose such a connection has not yet been established.
➢ Should the packet still be allowed in? The simple packet filter will allow the packet to enter
even if no prior connection between ABC and MS was established.
➢ It should be noted that such packets are often used to perform port scans.
➢ A simple packet filter merely inspects the headers of an incoming packet in isolation. It does
view a packet as part of a connection or flow. Hence, it will not be able to filter out such pack
`'t arriving from ABC.
2. Stateful Inspection
lu
➢ A firewall uses packet's TCP flags and sequence/acknowledgement numbers to determine
whether it is part of an existing, authorized flow.
So
➢ If it is participating in the establishment of an authorized connection or if it is already part of
an existing connection, the packet is permitted, otherwise it is dropped.
➢ In the above example of the packet from ABC, the stateful packet inspection firewall will
realize that it has not encountered the first two packets in the three-way handshake and will
hence drop this packet.
3. Application Level Firewalls
➢ A packet-filtering firewall, even with the added functionality of stateful packet inspection, is
still severely limited.
U
➢ What is needed is a firewall that can examine the application payload and scans packets for
worms, viruses, spam mail, and inappropriate content. Such a device is called a deep inspection
firewall.
➢ A special kind of application-level firewall is built using proxy agents. Such a "proxy firewall"
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
lu
Two TCP connections between C and Proxy and between Proxy and S
Figure 21.1 Proxy firewall
➢ There are proxy agents for many application layer protocols including HTTP, SMTP, and FTP.
So
➢ In addition to filtering based on application layer data, proxies can perform client
authentication and logging.
➢ An HTTP proxy can also cache webpages.
➢ Caching has a major impact on performance.
➢ If the webpage is cached in a web proxy server located in the client's organization, the response
time could be greatly reduced compared to that where the page has to be fetched from the
external web server.
➢ Also, caching reduces the demand on external communication bandwidth while easing the
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
1. the Internet,
2. the region containing the publicly accessible servers,
3. and the internal network.
➢ Figure 21.2 depicts a four-zone layout using three firewalls.
n
tio
lu
So
U
VT
➢ Of the three firewalls, the first is really a router (the Border Router) with some packet-filtering
capability.
➢ This is the access router interfaces with the Internet.
➢ It is connected to a stateful firewall, FW-1, which has three interfaces (firewalls that have more
than two interfaces are referred to as multi-homed).
➢ The zone connected to the right interface of FW-1 is referred to as a screened subnet though
it is more commonly referred to as a De-Militarized Zone (DMZ). It is labelled DMZ-1 in Fig.
21.2. A DMZ, in the true sense, is the area between two firewalls.
➢ In Fig. 21.2, the zone between firewalls FW-1 and FW-2 is a real DMZ labelled DMZ-2.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
➢ Demilitarized zones are so called because they often host servers that are accessible to the
Internet and also to the internal network.
➢ Because they are accessible to the public, they are the most likely machines to be compromised
in the entire network.
➢ Once a machine in the DMZ is compromised, other machines in the DMZ could get infected.
➢ DMZ-1 contains the publicly accessible servers.
➢ These include the web server, the external e-mail server, and the DNS server. All incoming
n
mail from the Internet is received by this e-mail server, which checks for virus signatures and
spam mail.
➢ The DNS server resolves names of publicly accessible servers. However, care should be taken
tio
to ensure that it does not contain address records of any of the internal machines. DMZ-2
contains the internal e-mail server. This is the server that hosts the mailboxes of the company
employees. It handles the sending and receiving of all mail between internal parties. It
Periodically establishes a connection to the external mail server (in DMZ-1) to retrieve all
incoming mail.
➢ Outgoing mail (from the internal network to the Internet) can be handled in several ways. The
lu
internal mail server can set up an SMTP connection to a remote mail server to transfer mail.
➢ Alternatively, it can connect to the external mail server (in DMZ-1) and use it to relay all
outgoing mail.
➢ DMZ-2 also contains an Internet proxy server.
So
➢ All internal users who wish to access external webpages connect to the proxy.
➢ The proxy authenticates the internal user and decides whether a page can be accessed (different
restrictions might apply to different classes of users).
➢ The proxy scans incoming webpages for virus signatures and objectionable content. Finally,
the proxy also performs caching of webpages.
➢ The internal network contains application servers, database servers, and user workstations.
➢ It also has an internal DNS server. This DNS server is different from the external DNS server
in that it provides mappings between the domain names of the internal machines and their IP
U
addresses.
➢ The internal machines all have private addresses. It is neither necessary nor desirable for third
parties on the Internet to be aware of the private addresses of the internal machines. Hence,
this DNS server is placed in the internal network.
VT
➢ A feature of the security architecture in Fig. 21.2 is that services such as DNS and e-mail are
split;that is, there is an internal DNS server as well as an external one.
➢ Likewise, there is an internal e-mail server and an external one.
➢ Generally, no external connection should be allowed to the internal servers.
➢ Connections in the reverse direction from the internal servers to hosts on the Internet should
either be forbidden or severely restricted.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
n
tio
TCP connection to any internal machine.
lu
➢ The first rule states that no machine from any other security zone is permitted to establish a
➢ Rules 2-4 assert that, other than connections from internal stations to the internal mail server
(on port 25) and web proxy (on port 80), no other connections are permitted to DMZ-1, DMZ-
So
2, or the Internet.
➢ Table 21.3 shows the ruleset for firewall FW-1.
U
VT
Rule 1 in Table 21.3 states that no TCP connection is to be established to any machine in DMZ-2
from any machine in DMZ-1 or the Internet.
Rule 2 states that the external mail server can accept connections from the internal mail server to
receive incoming mail or to send outgoing mail.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Network Security & Cryptography Module 4(Chapter 1,3)
Rule 3 allows connection to the external mail server from mail server on the internet to deposit
incoming mail.
Rule 4 and 5 permit connections from the internet to the organizations web server and external
DNS server, respectively.
Rule 6 states that no other connection may be set up to any machines in DMZ-1 for any other
purpose.
Rule 7 and 8:the internet proxy in DMZ-2 and external mail server are permitted to make
n
connections to machines on the internet to access webpages and to send outgoing mail.
Rule 9: confirms that no other connection from the organizations machine to the internet for any
other purpose is allowed.
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 4
Viruses, Worms and Other Malware,. Intrusion Prevention and Detection
n
Definition :An intrusion is the act of gaining unauthorized access to a system so as to cause
loss or harm.
Examples of intrusions include the following:
tio
Unauthorized login to a system by illegally acquiring a password (through, for
example, a password guessing attack). –
Worm infections that use the system as a launch pad to spread and infect other
machines.
Injection of spyware that passively monitors the activities of the user and relays this
information back to the attacker (over the Internet, for- example).
lu
Flooding the host with spurious connection requests that attempt to exhaust the
target's resources — processing power, memory, or communication bandwidth.
Two ways of handling intrusions are intrusion prevention and intrusion detection.
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
eliminate software vulnerabilities. An event of interest may be a system call (a
The use of safe string manipulation call made to the operating system) to, for
functions in C/C++ and the use of example, open a file containing sensitive
tio
parameterized SQL queries are some of the data.
practices recommended to protect against Another event of interest may be the
buffer overflow and SQL injection attacks, attempted establishment of a TCP
respectively. connection from a specific IP address to a
Likewise, sanitizing user input from HTML certain port. 2.
forms is one preventive measure against
cross-site scripting attacks. Another set of
preventive measures may be taken by the
computing system (hardware, compiler, or lu An IDS generates a large amount of data
which it then analyzes and converts into
valuable information to be used by system
administrators.
So
operating system) to provide a second line These are examples of thresholds and
of defence. parameters set by a human.
Extensive training should be imparted to On the other hand, it would be highly
system administrators on this and related desirable if the IDS were capable of
tasks. learning what is normal behaviour,
Finally, users should be trained to adhere to detecting anomalous events when they
sound security practices such as password occur, and flagging such events.
protection and be educated on the variety of There are a number of key questions related
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
3. Passwords should be stored securely (not written on sticker pads) and should not be
communicated to friends, relatives, and co-workers.
4. After three consecutive unsuccessful attempts to a specific account, the system should be
designed to disable all further log-in attempts for the next 20 minutes.
Rules 1 and 2 must be enforced by the system.
Rule 3 involves the user alone,
rule 4 involves the system alone.
n
These rules are all measures intended to prevent intrusion.
As a further preventive measure, a high-security organization may mandate two-factor
authentication — passwords in conjunction with biometrics.
tio
In addition to prevention, an IDS may also be deployed to monitor suspicious log-ins.
lu
Other variables are counts of a certain occurrence within a time interval.
We next classify intrusion detection systems based on their functionality.
1) Anomaly versus signature based IDS
2) Host based versus network based IDS
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
normal. attack.
The IDS will have to learn, over time, what Each such pattern is called a signature.
constitutes normal activity, usage, and A signature-based IDS maintains a
tio
behaviour. database of known signatures.
The first six conditions in Table 22.1 are It attempts to obtain a match between the
examples of what an anomaly based IDS currently observed behaviour of the
would monitor. system and an entry in this database.
Consider monitoring the number of TCP A real world signature-based IDS will have
SYN packets (with the SYN flag set) and thousands of attack signatures against
FIN Packets (with the FIN flag set) in each
successive 10-second interval.
A disproportionate number of SYN packets
vis-a-vis FIN packets indicate several half- lu which to compare.
An example of an attack signature is a
specific bit sequence in a worm payload.
In a signature-based IDS it is the presence
So
open TCP connections and possibly the of a specific signature that raises an alert.
onset of a SYN flooding attack. On the other hand, it is possible that a
spread of the worm has caused much
network traffic congestion and greatly
increased CPU utilization on infected
machines.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
They may be deployed at multiple points in system audit trails to identify events
a large organization. related to an intrusion.
Operating system logs, for example, keep
track of when users log in, the number of
unsuccessful login attempts, the
commands executed, network connections
made, etc.
n
Application logs keep track of which files
have been opened or which registry keys
have been accessed during the run of an
tio
application.
File system integrity checkers, for example,
compute a cryptographic hash on the
contents of each file. They detect file
changes by comparing the computed hash
of a file to its stored hash.
lu
Two desirable features of an IDS are speed and accuracy.
Speed is especially important in fast-spreading Internet worms, for example.
So
Early worm detection and an early response mechanism such as automated system shutdown
can help reduce the number of infected 'machines. The IDS should be able to detect every
instance of an intrusion.
An undetected intrusion is referred to as a false negative.
But this could result in collateral damage if the victim is unable to distinguish between SYN
packets that are part of the attack and those from its legitimate clients.
1. One way to reduce collateral damage is to categorize IP addresses as "almost
certainly genuine", "probably spoofed", etc.
2. The "almost certainly genuine" addresses are those with whom normal connections
were established and terminated in the past.
3. Under rapidly increasing load, packets with unfamiliar source addresses are
discarded with high probability.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Another strategy under high-load conditions is to allocate a full buffer of about 300 bytes for
a given TCP connection request only upon completion of the three-way handshake.
1. While the connection is still half-open, minimal information about it is stored in a
hash table called the SYN cache.
2. This information includes the TCP sequence numbers and source/destination
addresses and ports.
n
3. An alternative to the SYN cache is the SYN cookie, which stores no state information
at all for each half-open connection.
4. Instead, the responding machine places a cookie within the Sequence Number field
tio
of the second handshake message.
5. The cookie is computed as a hash function of the source address, destination address,
source port, destination port, and a secret.
6. The initiator of the connection dispatches the cookie it just received in its ACK
message (third message of the three-way handshake).
7. Upon receiving the ACK, the responder re-calculates the cookie and verifies that it
lu
matches the value enclosed in the received ACK.
8. Only then does it reserve buffer space for the connection.
9. If the source IP address in the first message of the handshake were spoofed, the
cookie in second message would not be received by the initiator but by the machine
So
corresponding to the spoofed IP, address.
10. The initiator would not be able to complete the three-way handshake since it does not
know the cookie value. Hence, its connection request would not be granted buffer
space.
The perpetrator hopes to continue the attack for as long as desired and perhaps even resume it
at a later point without being traced.
Solution: The egress router is the last router encountered by any packet generated inside the
network before it exits that network and enters the Internet.
Let A be the set of all externally visible IP addresses within the network (behind the egress
router). The egress router examines the source address of each packet leaving it.
If the address does not match any address in A, it drops the packet.
By thus detecting and filtering spoofed packets' it helps prevent DDoS attacks.
The idea of egress filtering has been extended to routers in the core of the Internet.
Prof. Nagashree. C , Dept of CSE,SVIT Page 6
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
A filter, on the other hand, uses the packet's source address to make a decision on whether or
not to discard the packet.
To implement Distributed Route Filtering (DRF), a filter maintains, for each of its inter-
faces, the set of all source addresses from which packets arrive en route to some destination.
The router uses BGP routing information to obtain the latest mapping between each of its
interfaces and the subset of source addresses using that interface.
The filtering decision is straightforward — if a packet with source IP address = S arrives via
n
an interface that it should not have, that packet is assumed to be spoofed and is hence
discarded.
Figure 22.2(a) shows an example of a router implementing DRF.
tio
lu
So
U
VT
Each of its interfaces is marked with the source addresses that use that interface en route to
some destination.
Note that packets from the same source may enter the router through different interfaces.
For example, packets from source address 7 may arrive through interfaces b, c, or d.
In the simplest implementation of the filter, the router checks whether a packet has arrived
on one of its "acceptable" interfaces based only on the packet's source IP address.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
Another approach is to detect the onset of DoS and then take remedial action.
In a SYN flood attack, the victim sees a disproportionate number of SYN packets compared
to FIN packets.
tio
By a SYN packet, we mean any incoming packet with the SYN flag set.
A FIN packet is sent by the side that wishes to terminate the TCP connection.
If the other party agrees to termination, it responds with its own FIN packet. Thus, SYN and
FIN packets usually occur in pairs.
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
Figure 22.3(b) shows two horizontal timelines — the top line shows the times of SYN packet
tio
arrivals.
The bottom line shows the corresponding FIN arrivals.
Time is slotted into fixed-length observation intervals," T1, , during which we record the
number of SYN arrivals.
The corresponding observation intervals for FINs, T1', T2’, ... are shifted to the right by the
average duration, of a TCP connection.
lu
To construct an anomaly detection system, we define the following variables as
Si# of SYN packet arrivals in the i-th observation interval
Fi = # of FIN packet arrivals in the i-th observation interval
Di = normalized difference between # of SYN and FIN packets in the i-th observation
So
interval, i.e.,
U
The different algorithms that attempt to detect the onset of a SYN Flood Attack by
monitoring the above series.
1. Algorithm 1. Raise an alert if the most recently computed detection variable Di exceeds
the threshold, i.e., D, >T1
VT
Figure 22.4(a) shows D versus time with the threshold set at T1 = 90.
Some of the problems with this approach are as follows:
(i) The IDS may raise many false alarms since it bases its decision on point values.
(ii) A modest spike in D at just one point is very unlikely to result in memory exhaustion
but it does cause the IDS to raise an alarm.
(iii) The cumulative effect of the attack packets across the interval will cripple the system but
this algorithm will not raise an alarm.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
3. Algorithm 3. Define a modified cumulative sum of previous values of D. Raise an alert if
this value exceeds a threshold.
During normal operation, the number of FINs will balance out the number of SYNs
and hence Di will be close to 0.
Let u be an upper bound on the mean of Di during normal operations.
Let Di’ be a shifted versionof Di, i.e.,
Di’ = Di — u.
The decision variable, Mi used here is defined as
Mi = (Mi-1 + D’i) where M0=0;
lu
So
22.4.3 IP Traceback
There are two principal approaches to IP traceback :
packet marking:the packet keeps track of the routers it has visited
packet logging:each router keeps track of the packets passing through it.
hybrid approaches using a combination of packet marking and packet logging have
been proposed.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
They may split a datagram into two or more fragments and send each fragment
separately.
The router at the destination end has the responsibility for reassembling the fragments
To create the original packet.
All the fragments carry the same number in their ID fields, so they can be identified for
re-assembly.
On the assumption that the ID field is often unused, traceback schemes employing PPM
n
use the ID field to store partial information on intermediate routers.
But, given that the length of each IP address is 4 bytes, how can a packet store router
address information in a 16-bit ID field?
tio
The answer lies in computing a global fingerprint for each router — this is, say, 16 or
fewer bits . of the hash of a router's IP address.
An intermediate router writes its fingerprint value into the ID field of a packet with
probability p.
Note that it could over-write a previously written fingerprint of a router closer to the
source of the attack.
lu
To identify the perpetrator of the attack, the ingress router at the victim end will need
to collect a sufficient number of packets that are all part of the same flooding attack.
We assume that each ingress router has a map of all upstream routers from it.
So
Packet Logging
Each router attempts to keep track of every packet that passes through it.
Packet logging makes use of the idea of a packet fingerprint or digest.
This is computed using a well-designed hash function — one that distributes the hash
values uniformly across all possible hash inputs.
An interesting feature of packet logging is that it can help track even a single rogue
packet.
First, assume that each router stores each packet received by it in the last 5 minutes.
U
Suppose the victim wishes to obtain the exact path followed by a packet received by
it.
The idea is that the victim's ingress router, A, queries each of its adjacent routers
whether they have seen the packet.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
In Fig. 22.5(a), A would query B, H, and G.
The router that responds positively, say B, then queries its neighbours, C and M.
lu
The one that responds positively then contacts its neighbours and so on until the
The storage requirements can be further reduced by the use of a space-efficient data
structure called the Bloom Filter.
So
Let n be the maximum number of packets to be stored in a router in a given interval,
say 7 minutes.
Each time an element has to be inserted, one or more hash functions on that element
need to be computed.
Let k be the number of distinct and independent hash functions used. k is a design
parameter.
The output of each hash function returns a w-bit quantity.
The Bloom Filter is basically a bit array.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Suppose the k hash computations yield the values i1, i2, i3, ... ik. Then, check whether
each of the elements of the Bloom Filter are set. If even one of these elements = 0, P
has not been encountered by this router.
We next derive an expression for the probability of a false positive.
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
Virus, Worms and Malware
lu
When a virus-infected program is run, the virus code is executed first.
One of the first tasks of virus code is to seek other programs not yet infected and then
So
pass on the infection to one or more of them.
A truly malicious virus may then perform actions such as deleting certain files.
An innocuous virus may attempt something benign like printing a "hello world"
message.
Execution of the virus code is usually followed by execution of the host's original
program.
All the virus code need not be located at the start of the infected file.
In some cases, virus code is both prepended and appended to the host file.
U
Virus code could be split into several segments and interspersed throughout the
infected file using JUMP statements at the end of each virus segment.
In most of these cases, the size of the infected program is larger than the original host
program. This helps anti-virus software to detect infected code.
VT
To evade detection, some viruses modify the file service interrupt handler that returns
attributes of files. By so doing, the service handler may be programmed to return the
uninfected length of the file.
Another technique is to use compression so that the length of an infected file remains
the same as the length of its original version. The virus writer includes a compression
routine in the viral code. To infect another file, the virus first compresses that file and
then prepends the virus code to the compressed file.
The infected file must be uncompressed just prior to execution.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
One of the characteristic features of many viruses is the set of system calls they make.
System calls are used by application programs to request services of the operating
system.
They are made to read/write files, spawn new processes, establish TCP connections,
etc. Some viruses make calls to copy their own code to other files, create/modify
entries in the Windows registry, or search for e-mail. Such "suspicious" calls are often
used to distinguish malicious from benign code.
n
19.2.2 Worm Characteristics
Classes and features
tio
Worms are most commonly classified based on their vector of propogation.
The main categories include:
1. Internet scanning worms
2. E mail worms
3. P2P wOrms
4. Web worms
5. Mobile worms
Enhanced Targeting
lu
The most important attribute of a Worm is that it spreads its infection to other
So
computers.
Many target selection strategies have been proposed and implemented.
Worms that spread through e-mail, for example, have an easy way to figure out
their targets.
All they need to do is look into their victim's mailbox or e-mail address book
to find a set of targets.
A mobile worm obtains phone numbers of its potential victims from the phone
book in the cellphone hosting the worm.
U
Some web worms use search engines to harvest URLs of potentially vulnerable
targets.
Internet scanning worms, on the other hand, scan the IP address space for
vulnerable machines.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
hosts, thus increasing the rate at which infection is spread.
Some worms reduce infection latency by targeting a buffer overflow
vulnerability on an application that employs UDP rather than TCP.
tio
TCP connection establishment involves a three-way handshake and is time-
consuming.
UDP, by contrast, is connectionless.
This sharply reduces infection latency.
A steep increase in the number of infected machines at the very outset of a
worm epidemic has a multiplicative effect on spreading rate.
lu
For this purpose, the attacker could create one or more hit-lists carrying
addresses of several thousand vulnerable machines.
The first worms to be let loose could carry one such list.
As a worm infects each new machine, it splits its list between itself and the
So
machine it has just infected.
Given that most of the machines on the hit-lists are vulnerable, the worm
spreads rapidly during the initial stage of the epidemic. Thereafter, the infected
machines could spread the infection using random scanning or some other
spreading method.
Enhanced Capabilities
Most worms (and viruses) have unique and distinct signatures — a pattern of bits,
usually assembly language code, which appears in all instances of the worm.
U
Worm and virus signatures are the key to detecting them. However, there are
sophisticated code obfuscation techniques to evade detection.
One such technique is the use of encryption for disguising worm code.
Different instances of the worm may use different keys for encryption. Thus, they
VT
might fail to match any existing worm signatures. Such worms are said to be
polymorphic.
A polymorphic worm would have to be decrypted before being executed. This
suggests that a decryptor routine "in the clear" would have to be part of the worm
code.
Decryptors themselves may be very simple, involving XOR operations or trivial
shift-based substitutions. However, detecting a worm on the assumption that the
decryptor routine is invariant would not always succeed.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Figure 19.1 shows two versions of assembly code that look different but perform
the same function.
The second version is inefficient with spurious instructions.
The second version also has a spurious branch instruction to confuse worm code
detection software that relies on control flow analysis.
Worms that have multiple such versions with or without relying on encryption are
referred to as metamorphic worms.
n
tio
lu
So
Figure 19.1 Polymorphic assembly language versions of same pseudo-code
It is estimated that worms such as Code Red and Nimda caused billions of
dollars in damage.
Analysts estimate costs based on lost productivity, clean-up costs, system
downtime which affects business and revenues.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
provided by a particular version of an OS.
The worm communicates with and delivers its malicious payload to the victim using
standard transport protocols such as TCP or UDP.
tio
Once installed on the victim, it could erase local files, steal secrets, or deface
webpages, but above all it seeks new victims to infect.
lu
It all started on June 18, 2001, when a buffer overflow vulnerability was discovered in
Slammer
U
The SQL Slammer was launched on 25 January, 2003, and targeted a buffer overflow
vulnerability on the Microsoft SQL server 2000.
The worm sent packets on UDP port 1434 — the database software's resolution
service.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
Once infected, a person remains infected and does not recover.
Let N be the size of the total population.
tio
lu
So
U
Kermack—McKendrick Model
The Kermack—McKendrick (K—M) model more accurately models the spread of
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
19.4 Topological worms
For example, Melissa was a macro worm (or "macro virus") that propagated by
sending copies of itself to the first 50 persons in the victim's address book.
One of the best-known e-mail worms of more recent vintage is Sobig, which was let
loose in 2003. It spread by communicating malicious c-mail or copying itself to an
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
Users do not download files from a central server but from their peers located across
the globe.
They are immensely popular as evidenced by the fact that a very large proportion of
tio
Internet traffic is comprised of P2P packets.
To see how P2P worms spread, it is important to understand how a P2P network
operates.
Most P2P networks use an overlay network, which is a logical network of peers.
Two peers are said to be neighbors at any given point of time if there is an active TCP
connection between them.
lu
Here are potential ways in which P2P worms may spread:
1. One of the simplest is for a malicious peer to respond positively to any query.
If the requester then chooses to download the file from the malicious peer, the
latter sends it an infected file whose name is changed to match that of the requested
So
file.
The infected file contains a worm which passes on its infection to the requester.
Once infected, the requester mimics the behaviour of the malicious peer thus
helping to propagate the infection.
Alternatively, various "popular" files stored in the shared folder of a peer may be
infected.
When any of them is downloaded, the infection spreads to the shared folder of the
requesting peer.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
One aspect of P2P worms is that they may result in no apparent traffic anomaly, so
an intrusion detection system monitoring network traffic is unlikely to raise an
alert.
n
forms.
Web worms are written in a high-level language making it easy to perform complex
operations but difficult to execute low-level operations.
tio
On the other hand, many other worms are written in assembly language.
One type of web worm is the XSS worm — so called since it exploits cross-site
scripting vulnerabilities in web servers
The first step in creating an XSS worm is to inject attack code into a vulnerable web
server.
When a user accesses the infected website through his/her browser, the malicious code
lu
(usually Javascript) is downloaded on to the browser.
As in any XSS vulnerability, malicious code executes on the browser.
Given that a key function of a worm is to propagate, the challenging question then is
"How does an XSS worm propagate?"
So
A partial answer to this question may be found through our next case study of the
Samy worm.
networking group.
A user profile may contain information about him including his hobbies, photographs,
etc.
A user profile also contains a list of the user's friends with hyperlinks to their profiles.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
The malicious Javascript uploaded itself on to V1's profile on the MySpace server,
thus infecting it.
This is done by an HTTP Post-request sent from the browser to the server. However,
that would cause the screen to freeze between sending the request and receiving the
HTTP response from the server.
To ensure that the viewer had a normal screen experience, Samy'sJavascript created
an XMLHttpRequest object which was used to send the malicious Javascript to the
n
Myspace server. Unlike the regular HTTP request, the message from an
XMLHttpRequest object is asynchronous nd runs in the background.
tio
19.6 MOBILE MALWARE
19.6.1 Introduction
New—generation smartphones combine the functionality of a cellphone and a lose-end
PC.
They may be used for storing confidential documents, communicating via e-
mail/SMS/MMS, and taking photographs.
lu
They support feature-rich applications that run on top of a complete OS.
The most common OS on smartphones is the Symbian followed by Windows Mobile,
Linux, and recently the Mac OS X (on the iPhone).
So
They provide a rich set of APIs to access the phone book and other files, send
SMS/MMS messages, etc. Unfortunately, these very APIs can also be used by malware
to, for example, read a confidential document on the smartphone and ship it to the
attacker as an MMS attachment.
19.6.2 Bluetooth
Bluetooth is both a communication technology and a protocol stack.
As a communication technology,
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
All devices in the range of the initiator that are in discoverable mode respond sending
their bluetooth device address (BD_ADDR).
This is a 48-bit MAC address — the first 24 bits identify the device
tio
manufacturer/model and the last 24 bits specify a particular instance of that model.
Bluetooth is a connection-oriented protocol.
A device, A, can set up a connection to any other device B. But to set up such a
connection, A should know the BD_ADDR of B.
One way of obtaining B’sBD_ADDR is through the discovery procedure.
A large percentage of users keep their phones in discoverable mode, so this is an
lu
attractive way of harvesting device addresses especially In crowded areas such as
railway stations or malls. However, it should be noted that even with the phone in non -
discoverable mode, there are a number of brute force techniques to extract its
BD_ADDR.
So
Knowing B's BD_ADDR, A could attempt to exchange files with it using the OBEX
(object exchange) protocol.
A session protocol that resembles HTTP, OBEX is used to transfer images, business
cards, and other files between Bluetooth devices.
An attacker, A, could use OBEX Push totransfer a file containing malicious code to
user, B.
User authorization is usually required before a file can be accepted by his smartphone.
Each user selects a PIN which varies between 4 and 16 characters long but 4 characters
U
smartphones allow users to disable the "Authorization Required" option for file
transfers.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Bluetooth uses a procedure called pairing wherein this key is computed by two
participating devices.
Pairing is preceded by discovery/inquiry and paging.
The latter is a procedure whereby the discovering device, A, establishes a connection
with the discovered device, B.
Computing the Link Key
1. The first step in deriving the common link key between A and B is to compute
n
an initialization key, Kinit.
This is a function of the BD_ADDR of B and a nonce, IN_RAND, generated
by A as shown in Fig. 19.7(a).
tio
Before the pairing procedure, the owners of A and B must agree in an off-
line manner on a temporary PIN to be used specifically as part of the pairing
procedure.
Both users then type in the temporary PIN. K init is also a function of this
temporary PIN agreed to by both parties. K init is computed from IN_RAND,
BD_ADDR0, and the PIN using an algorithm, E22, based on a block cipher
called SAFER+.
database of BD_ADDR, link key pairs, one pair per device it is paired up
with.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
For this purpose, it generates a random number, RAND A (a challenge) and sends it to
B.
The response computed by B is E1(KAB,RANDA,BD_ADDRB).
n
These attacks enable an eavesdropper to obtain the link key KAB.
tio
lu
So
U
VT
19.6.3 Examples
Cabir was one of the earliest proof-of concept worms that targeted the Symbian Series
60 OS.
Unleashed in June 2004, it was authored by the International Virus writing group 29A.
Prof. Nagashree. C , Dept of CSE,SVIT Page 26
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
both Bluetooth and MMS.
Like Cabir, it targeted Symbian smartphones.
tio
19.7 BOTNETS
19.7.1 Basics
A botnet is an army of compromised computers or bots connected to the Internet and
remotely controlled by a "botmaster."
The earliest botnets were a collection of zombies that participated in DDoS attacks.
The emergence of botnets is closely linked to the motive of financial gain that is
behind many recent cyber attacks.
lu
They are often used to send spam mail on behalf of third parties,
For example, Bot programs , may contain keyloggers and other forms of spyware that
capture sensitive personal information such as passwords and credit card numbers and
So
send these to the botmaster.
Botnets have also been used as an extortion tool — "Pay up or your website will be
bombarded by a DDoS attack".
How does a computer become a bot?
Bots are created in ways similar to many of the traditional trojan/worm/virus
infections.
A common vector of propagation is e-mail that contains an infected attachment.
Another is through downloading a malicious webpage containing scripts that exploit
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
Likewise, users were lured into downloading free but infected files from websites
containing music of various pop artists.
The primary infection instructed the victim to join the Storm hornet embedded in the
tio
Overnet P2P network.
Once part of the botnet, the bat was programmed to receive the second and subsequent
injections of malicious code. One of the injections instructed the bat to propagate e-
mail viruses. Another injection received some days later instructed the bat to launch a
DDoS attacks on a target specified by the botmaster.
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Web services
• W3c defines a web service as:
• A software system identified by a URI whose public interfaces
and bindings are defined and described by XML.
n
WEB SECURITY • The entities involved are:
• Providers register or publish their services in a public registry.
• Requesters discover services by querying the registry for services
that match certain criteria.
tio
• Once a requester has identified a provider whose services it needs
,it binds to and invokes the service of that provider.
1 2
lu
So
Entities involved in a web service XML
• XML is a meta markup language for text documents
U
/ textual data.
• XML allows to define languages („applications“) to
represent text documents / textual data.
• Easy to understand for human users
• Very expressive (semantics along with the data)
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
1
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
• Attributes
• Very expressive (semantics near data)
• plus some other details
• Very flexible and customizable (no finite tag set)
• Easy to use from programs (libs available)
tio
• Easy to convert into other representations
(XML transformation languages)
• Many additional standards and tools
• Widely used and supported
5 6
lu
So
Elements in XML Documents XML by Example
• (Freely definable) tags: article, title, author
U
7 8
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
2
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
<text> <text>
<abstract>In order to evolve...</abstract> <abstract>In order to evolve...</abstract>
<section number=“1” title=“Introduction”> <section number=“1” title=“Introduction”>
The <index>Web</index> provides the universal... The <index>Web</index> provides the universal...
tio
</section> </section>
</text> </text>
</article> </article>
9 10
lu
So
A Simple XML Document A Simple XML Document
<article> Start Tag <article>
U
</section> </section>
</text> </text>
</article> </article>
Attributes with
Content of name and value
End Tag the Element
Element (Subelements
and/or Text)
11 12
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
3
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
What is the difference between elements and attributes?
• Only one attribute with a given name per element (but an arbitrary
number of subelements) author title text
• Attributes have no structure, simply strings (while elements can number=“1“
have subelements) abstract section
tio
Gerhard title=“…“
As a rule of thumb: Weikum
• Content into elements
In order … The index provides …
• Metadata into attributes
The Web
Example: in 10 years Web
<person born=“1912-06-23“ died=“1954-06-07“>
Alan Turing</person> proved that…
13 14
lu
So
Well-Formed XML Documents Namespace Syntax
A well-formed document must adher to, among others, the <dbs:book xmlns:dbs=“http://www-dbs/dbs“>
U
following rules:
• Every start tag has a matching end tag.
• Elements may nest, but must not overlap.
• There must be exactly one root element. Prefix as abbrevation Unique URI to identify
of URI the namespace
• Attribute values must be quoted.
VT
15 16
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
4
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
duration, language, …) <text>
• Allows defining possible values for elements <abstract>In order to evolve...</abstract>
<section number=“1” title=“Introduction”>
• Allows defining types derived from existing types
The <index>Web</index> provides the universal...
• Allows defining complex types
tio
</section>
• Allows posing constraints on the occurrence of elements </text>
</article>
• Allows forcing uniqueness and foreign keys Attributes with
name and value
18
lu
So
What is SOAP? SOAP Message Format
• SIMPLE OBJECT ACCESS PROTOCOL
• SOAP message consists of three parts:
U
19 20
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
5
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
April 29th, 2003 Organizing and Searching Information with XML 21 22
lu
So
WSDL WSDL
• Web services Definition langauge
U
23 24
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
6
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
UDDI WS security
• UNIVERSAL DESCRIPTION DISCOVERY AND • Token Types
INTEGRATION • XML Encryption
n
• IS a registry or catalogue that allows businesses across • XML signature
the globe to list themselves in internet.
• Clients query the registry services
• Response :access to WSDL.
tio
25 26
lu
So
Token types Token types
• Web security addresses basic problems in securing messages used
U
in web services.
• Its main functions are:
VT
27 28
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
7
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Token types
XML Encryption
n
and keys used for encryption.
• Encryption at different levels of granularity
• An entire document
tio
• A complete XML element within a document
• Content of an XML element.
29 30
lu
So
XML Encryption XML Encryption
• <EncryptedData> element contains:
U
session key.
31 32
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
8
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
XML signature
• Specifies syntax for signatures and signature keys. XML signature
• Canonical form: transformed to • Signed Info
n
• Xml Signature is included in header of soap message.
• Signature Value
– Contains digital signature value.
tio
– On Entire signature element
• Key Info
– the key required to verify digital signature at the receiver end.
33 34
lu
So
U
VT
35 36
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
9
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
2.Authorization
• Defines a standard message exchange protocol. 3.Attributes
Specifies how it is transported.
• Single Sign-On (SSO)
tio
• Portable Trust” - a user, whose identity is established
and verified in one domain, can invoke services in
another domain
37 38
lu
So
SAML
• Assertion is a claim, statement, or declaration of fact
U
to a specified resource
• Attributes -the subject is associated with the supplied
attribute.
39 40
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
10
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
tio
41 42
lu
So
Other standards WS trust
• WS trust
U
• WS security policy
VT
43 44
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
11
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
authentication laid out by relevant entities may be as follows:
• An importer must authenticate himself to his local bank via a
login name and password.
• A local bank must authenticate itself to the global bank using a
tio
challenge-response protocol in conjunction with a digital
certificate.
• An importer must authenticate himself to the given exporter
through a SAML token signed by a global bank.
45 46
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
12
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
MODULE 5
➢ The information technology act ,2000 is an important law related to Indian cyber law.
n
➢ The act strives to achieve the following objectives:
1. To give legal recognition to transactions done by electronic way or by use of the internet.
2. To grant legal recognition to digital signature for accepting any agreement via computer.
tio
3. To provide facility of filling documents online.
4. To authorize any undertaking to store their data in electronic storage.
5. To prevent cyber crime by imposing high penalty for such crimes and protect privacy of
internet users.
electronic form.
Q.Define the following terms wrt to IT act 2000(any terminologies can be asked)
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
8. "Certification practice statement" means a statement issued by a Certifying Authority to
specify the practices that the Certifying Authority employs in issuing Digital Signature
tio
Certificates;
9. "computer" means any electronic magnetic, optical or other high- speed data processing device
or system which performs logical, arithmetic, and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all input, output, processing, storage,
lu
computer software, or communication facilities which are connected or related to the computer
11. "computer system" means a device or collection of devices, including input and output support
devices and excluding calculators which are not programmable and capable of being used in
conjunction with external files, which contain computer programmes, electronic instructions, input
U
data and output data, that performs logic, arithmetic, data storage and retrieval, communication
control and other functions;
12."data" means a representation of information, knowledge, facts, concepts or instructions
VT
which are being prepared or have been prepared in a formalised manner, and is intended to be
processed, is being processed or has been processed in a computer system or computer network,
and may be in any form (including computer printouts magnetic or optical storage media, punched
cards, punched tapes) or stored internally in the memory of the computer;
13."digital signature" means authentication of any electronic record by a subscriber by means
of an electronic method or procedure in accordance with the provisions of section 3;
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
14."electronic form" with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer generated
micro fiche or similar device;
15. "Electronic Gazette" means the Official Gazette published in the electronic form;
1. electronic record" means data, record or data generated, image or sound stored, received or
n
sent in an electronic form or micro film or computer generated micro fiche;
17."information" includes data, text, images, sound, voice, codes, computer programmes,
tio
software and databases or micro film or computer generated micro fiche:
18."intermediary" with respect to any particular electronic message means any person who on
behalf of another person receives, stores or transmits that message or provides any service with
respect to that message;
19."key pair", in an asymmetric crypto system, means a private key and its mathematically related
private key;
Q Explain any important provisions of IT act 2000. lu
public key, which are so related that the public key can verify a digital signature created by the
So
Q Explain any important provisions of IT act 2000 with regard to:
1.digital signature,.
2. Legal recognition of electronic records.
3. Legal recognition of digital signatures
1. Any subscriber may authenticate an electronic record by affixing his digital signature.
2. The authentication of the electronic record shall be effected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic
VT
✓ to derive or reconstruct the original electronic record from the hash result
produced by the algorithm;
Prof. Nagashree. C, Dept of CSE,SVIT Page 3
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
✓ that two electronic records can produce the same hash result using the
algorithm.
3. Any person by the use of a public key of the subscriber can verify the electronic record.
4. The private key and the public key are unique to the subscriber and constitute a
functioning key pair.
n
27.4.2 ELECTRONIC GOVERNANCE : Legal recognition of electronic records.
tio
Where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is—
➢ Where any law provides that information or any other matter shall be authenticated by
So
affixing the signature or any document shall be signed or bear the signature of any person
(then, notwithstanding anything contained in such law, such requirement shall be deemed
to have been satisfied, if such information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the Central Government.
27.4.4 Use of electronic records and digital signatures in Government and its
agencies.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Government.
2. The appropriate Government may, for the purposes of sub-section (1), by rules, prescribe—
✓ the manner and format in which such electronic records shall be filed, created or
issued;
✓ the manner or method of payment of any fee or charges for filing, creation or issue
any electronic record under clause (a).
n
27.4. 6 Retention of electronic records.
1. Where any law provides that documents, records or information shall be retained for any
tio
specific period, then, that requirement shall be deemed to have been satisfied if such
documents, records or information are retained in the electronic form, if—
(a) the information contained therein remains accessible so as to be usable for a
subsequent reference;
lu
(b) the electronic record is retained in the format in which it was originally
generated, sent or received or in a format which can be demonstrated to
represent accurately the information originally generated, sent or received;
So
(c) the details which will facilitate the identification of the origin, destination, date
and time of despatch or receipt of such electronic record are available in the
electronic record:
➢ Where any law provides that any rule, regulation, order, bye-law, notification or any other
U
matter shall be published in the Official Gazette, then, such requirement shall be deemed
to have been satisfied if such rule, regulation, order, bye-law, notification or any other
matter is published in the Official Gazette or Electronic Gazette:
VT
➢ Provided that where any rule, regulation, order, bye-law, notification or any other matter
is published in the Official Gazette or Electronic Gazette, the date of publication shall be
deemed to be the date of the Gazette which was first published in any form.
➢ The Central Government may, for the purposes of this Act, by rules, prescribe—
➢ the type of digital signature;
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
➢ the manner and format in which the digital signature shall be affixed;
➢ the manner or procedure which facilitates identification of the person affixing the digital
signature;
➢ control processes and procedures to ensure adequate integrity, security and confidentiality of
electronic records or payments; and
➢ any other matter which is necessary to give legal effect to digital sigtures.
n
qQ. Explain Attribution,Acknowledgement, And Despatch Of Electronic Records.
tio
27.5 ATTRIBUTION,ACKNOWLEDGEMENT, AND DESPATCH OF ELECTRONIC
RECORDS
27.5.1 Attribution of electronic records.
An electronic record shall be attributed to the originator—
1. if it was sent by the originator himself;
electronic record;
lu
2. by a person who had the authority to act on behalf of the originator in respect of that
(b) any conduct of the addressee, sufficient to indicate to the originator that the
electronic record has been received.
VT
2. Where the originator has stipulated that the electronic record shall be binding only on
receipt of an acknowledgment of such electronic record by him, then unless
acknowledgment has been so received, the electronic record shall be deemed to have been
never sent by the originator.
3. Where the originator has not stipulated that the electronic record shall be binding only on
receipt of such acknowledgment, and the acknowledgment has not been received by the
originator within the time specified or agreed or, if no time has been specified or agreed to
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
within a reasonable time, then the originator may give notice to the addressee stating that
no acknowledgment has been received by him and specifying a reasonable time by which
the acknowledgment must be received by him and if no acknowledgment is received within
the aforesaid time limit he may after giving notice to the addressee, treat the electronic
record as though it has never been sent.
n
27.5 .3 Time and place of despatch and receipt of electronic record.
1. UNLESS as otherwise agreed to between the originator and the addressee, the dispatch of
tio
an electronic record occurs when it enters a computer resource outside the control of the
originator.
2. UNLESS as otherwise agreed between the originator and the addressee, the time of receipt
of an electronic record shall be determined as follows, namely :—
electronic records,—
lu
✓ if the addressee has designated a computer resource for the purpose of receiving
✓ receipt occurs at the time when the electronic, record enters the designated computer
So
resource;
✓ if the electronic record is sent to a computer resource of the addressee that is not the
designated computer resource, receipt occurs at the time when the electronic record is
retrieved by the addressee;
3. UNLESS as otherwise agreed to between the originator and the addressee, an electronic
record is deemed to be dispatched at the place where the originator has his place of
U
business, and is deemed to be received at the place where the addressee has his place of
business.
4. if the originator or the addressee has more than one place of business, the principal place
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
27.6.1 Secure electronic record.
➢ Where any security procedure has been applied to an electronic record at a specific
tio
point of time. then such record shall be deemed to be a secure electronic record from
such point of time to the time of verification.
lu
verified that a digital signature, at the time it was affixed, was—
✓ unique to the subscriber affixing it;
✓ capable of identifying such subscriber;
✓ created in a manner or using a means under the exclusive control of the
So
subscriber and is linked to the electronic record to which it relates in such a
manner that if the electronic record was altered the digital signature would be
invalidated, then such digital signature shall be deemed to be a secure digital
signature.
27.6.3 Security procedure.
➢ The Central Government for the purposes of this Act prescribe the security procedure
U
having regard to commercial circumstances prevailing at the time when the procedure was
used, including—
✓ the nature of the transaction;
VT
✓ the level of sophistication of the parties with reference to their technological capacity;
✓ the volume of similar transactions engaged in by other parties;
✓ the availability of alternatives offered to but rejected by any party;
✓ the cost of alternative procedures; and
✓ the procedures in general use for similar types of transactions or communications.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
2. The Controller shall discharge his functions under this Act subject to the general control
and directions of the Central Government.
3. The Deputy Controllers and Assistant Controllers shall perform the functions assigned
tio
to them by the Controller under the general superintendence and control of the
Controller.
4. The qualifications, experience and terms and conditions of service of Controller,
Deputy Controllers and Assistant Controllers shall be such as may be prescribed by the
Central Government.
lu
5. The Head Office and Branch Office of the office of the Controller shall be at such places
as the Central Government may specify, and these may be established at such places as
So
the Central Government may think fit.
6. There shall be a seal of the Office of the Controller.
Q. who is a controller ?outline his functions.(27.7.1)
Q. outline the controllers powers.(27.7.2 to 27.7. 12)
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
and the remuneration to be paid to them;
10.facilitating the establishment of any electronic system by a Certifying Authority
either solely or jointly with other Certifying Authorities and regulation of such
tio
systems;
11.specifying the manner in which the Certifying Authorities shall conduct their
dealings with the subscribers;
12.resolving any conflict of interests between the Certifying Authorities and the
subscribers;
lu
13.laying down the duties of the Certifying Authorities;
14.maintaining a data base containing the disclosure record of every Certifying
So
Authority containing such particulars as may be specified by regulations, which
shall be accessible to public.
2. Where any Certifying Authority is recognised under sub-section (1), the Digital Signature
Certificate issued by such Certifying Authority shall be valid for the purposes of this Act.
3. The Controller may, if he is satisfied that any Certifying Authority has contravened any of
VT
the conditions and restrictions subject to which it was granted recognition under sub-
section (1) he may, for reasons to be recorded in writing, by notification in the Official
Gazette, revoke such recognition.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
3. The Controller shall maintain a computerised data base of all public keys in such a manner
n
that such data base and the public keys are available to any member of the public.
tio
27.7.4 Licence to issue Digital Signature Certificates.
1. Any person may make an application, to the Controller, for a licence to issue Digital
Signature Certificates.
2. No licence shall be issued under sub-section (1), unless the applicant fulfills such
lu
requirements with respect to qualification, expertise, manpower, financial resources and
other infrastructure facilities, which are necessary to issue Digital Signature Certificates
as may be prescribed by the Central Government
3. A licence granted under this section shall—
So
(a) be valid for such period as may be prescribed by the Central Government;
(c) be subject to such terms and conditions as may be specified by the regulations.
27.7.5 Application for licence
1. Every application for issue of a licence shall be in such form as may be prescribed by the
U
Central Government.
2. Every application for issue of a licence shall be accompanied by—
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
expiry of the period of validity of the licence.
tio
➢ The Controller may, on receipt of an application under sub-section (1) of section 21, after
considering the documents accompanying the application and such other factors, as he
deems fit, grant the licence or reject the application:
27 .7.8 Suspension of licence.
lu
➢ The Controller may, if he is satisfied after making such inquiry, as he may think fit, that a
(a) made a statement in, or in relation to, the application for the issue or renewal
So
of the licence, which is incorrect or false in material particulars;
(b) failed to comply with the terms and conditions subject to which the licence
was granted;
publish notice of such suspension or revocation, as the case may be, in the database
maintained by him.
2. Where one or more repositories are specified, the Controller shall publish notices of such
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
any officer to exercise any of the powers of the Controller under this Chapter.
27.7.11 Power to investigate contraventions.
1. The Controller or any officer authorized by him in this behalf shall take up for investigation
any contravention of the provisions of this Act, rules or regulations made thereunder.
2. The Controller or any officer authorized by him in this behalf shall exercise the like powers
n
which are conferred on Income-tax authorities under Chapter XIII of the Income-tax Act,
1961 and shall exercise such powers, subject to such limitations laid down under that Act.
tio
27.7.12 Access to computers and data.
1. Without prejudice to the provisions of sub-section (1) of section 69, the Controller or any
person authorized by him shall, if he has reasonable cause to suspect that any contravention
of the provisions of this Act, rules or regulations made there under has been committed,
lu
have access to any computer system, any apparatus, data or any other material connected
with such system, for the purpose of searching or causing a search to be made for obtaining
any information or data contained in or available to such computer system.
2. For the purposes of sub-section (1), the Controller or any person authorised by him may,
So
by order, direct any person incharge of, or otherwise concerned with the operation of, the
computer system, data apparatus or material, to provide him with such reasonable technical
and other assistance as he may consider necessary.
(a) make use of hardware, software and procedures that are secure from intrusion and misuse;
(b) provide a reasonable level of reliability in its services which are reasonably suited to the
performance of intended functions;
VT
(c) adhere to security procedures to ensure that the secrecy and privacy of the digital signatures
are assured; and
(d) observe such other standards as may be specified by regulations.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
✓ Every Certifying Authority shall display its licence at a conspicuous place of the premises
in which it carries on its business.
n
1. Every Certifying Authority whose licence is suspended or revoked shall immediately after
such suspension or revocation, surrender the licence to the Controller.
tio
2. Where any Certifying Authority fails to surrender a licence under sub-section (1), the
person in whose favour a licence is issued, shall be guilty of an offence and shall be
punished with imprisonment which may extend up to six months or a fine which may
extend up to ten thousand rupees or with both.
27.7. 17 Disclosure.
lu
1. Every Certifying Authority shall disclose in the manner specified by regulations—
✓ its Digital Signature Certificate which contains the public key corresponding to
So
the private key used by that Certifying Authority to digitally sign another Digital
Signature Certificate;
✓ any certification practice statement relevant thereto;
✓ notice of the revocation or suspension of its Certifying Authority certificate, if
any; and
✓ any other fact that materially and adversely affects either the reliability of a
U
Digital Signature Certificate, which that Authority has issued, or the Authority's
ability to perform its services.
2. Where in the opinion of the Certifying Authority any event has occurred or any situation
VT
has arisen which may materially and adversely affect the integrity of its computer system
or the conditions subject to which a Digital Signature Certificate was granted, then, the
Certifying Authority shall—
(a) use reasonable efforts to notify any person who is likely to be affected by that
occurrence; or
(b) act in accordance with the procedure specified in its certification practice
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
Q Describe the role of certifying authority with regard to issuing digital certificate and
Representation upon issuance,suspension and revocation .(27.8)
n
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
1. Any person may make an application to the Certifying Authority for the issue of a Digital
Signature Certificate in such form as may be prescribed by the Central Government
2. Every such application shall be accompanied by such fee not exceeding twenty- five
n
thousand rupees as may be prescribed by the Central Government, to be paid to the Certifying
Authority:
tio
3. Every such application shall be accompanied by a certification practice statement or where
there is no such statement, a statement containing such particulars, as may be specified by
regulations.
4. On receipt of an application under sub-section (1), the Certifying Authority may, after
(3)
lu
consideration of the certification practice statement or the other statement under sub- section
5. and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or
So
for reasons to be recorded in writing, reject the application:
Provided that no Digital Signature Certificate shall be granted unless the Certifying Authority
is satisfied that—
✓ the applicant holds the private key corresponding to the public key to be listed in the
Digital Signature Certificate;
U
✓ the applicant holds a private key, which is capable of creating a digital signature;
✓ the public key to be listed in the certificate can be used to verify a digital signature
affixed by the private key held by the applicant:
VT
➢ A Certifying Authority while issuing a Digital Signature Certificate shall certify that--
1. it has complied with the provisions of this Act and the rules and regulations made
thereunder,
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
3. the subscriber holds the private key corresponding to the public key, listed in the
Digital Signature Certificate;
4. the subscriber's public key and private key constitute a functioning key pair,
n
5. the information contained in the Digital Signature Certificate is accurate; and
6. it has no knowledge of any material fact, which if it had been included in the Digital
tio
Signature Certificate would adversely affect the reliability of the representations
made in clauses (a) to (d).
lu
1. Subject to the provisions of sub-section (2), the Certifying Authority which has issued a
Digital Signature Certificate may suspend such Digital Signature Certificate,—
3. A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days
U
unless the subscriber has been given an opportunity of being heard in the matter.
4. On suspension of a Digital Signature Certificate under this section, the Certifying Authority
shall communicate the same to the subscriber.
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
(b) a requirement for issuance of the Digital Signature Certificate was not satisfied;
(c) the Certifying Authority's private key or security system was compromised in a manner
tio
materially affecting the Digital Signature Certificate's reliability;
(d) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a
company, which has been dissolved, wound-up or otherwise ceased to exist
3. A Digital Signature Certificate shall not be revoked unless the subscriber has been given an
opportunity of being heard in the matter.
lu
4. On revocation of a Digital Signature Certificate under this section, the Certifying Authority
Q. Describe the duties of subscriber under the section 40, 41, and 42 of IT act
2000(answer:27.9)
VT
➢ Where any Digital Signature Certificate, the public key of which corresponds to the private
key of that subscriber which is to be listed in the Digital Signature Certificate has been
accepted by a subscriber, then, the subscriber shall generate the key pair by applying the
security procedure.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
(b)
tio
rely on the information contained in the Digital Signature Certificate that—
(a) the subscriber holds the private key corresponding to the public key listed in the
Digital Signature Certificate and is entitled to hold the same;
(b) all representations made by the subscriber to the Certifying Authority and all
(c)
are true;
lu
material relevant to the information contained in the Digital Signature Certificate
all information in the Digital Signature Certificate that is within the knowledge of
So
the subscriber is true.
1. Every subscriber shall exercise reasonable care to retain control of the private key
corresponding to the public key listed in his Digital Signature Certificate and take all steps to
prevent its disclosure to a person not authorised to affix the digital signature of the subscriber.
2. If the private key corresponding to the public key listed in the Digital Signature Certificate has
U
been compromised, then, the subscriber shall communicate the same without any delay to the
Certifying Authority in such manner as may be specified by .the regulations.
VT
Discuss the penalties and adjudication under section 43 IT act 2000 for
a) Damage to computer, computer system
b) Failure to protect data.
c) Failure to furnish information return
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
➢ If any person without permission of the owner or any other person who is incharge of a
computer, computer system or computer network, —
1. accesses or secures access to such computer, computer system or computer network;
2. downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or
n
stored in any removable storage medium;
3. introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
tio
4. damages or causes to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer
system or computer network;
5. disrupts or causes disruption of any computer, computer system or computer network;
lu
6. denies or causes the denial of access to any person authorised to access any computer,
computer system or computer network by any means;
7. provides any assistance to any person to facilitate access to a computer, computer system
So
or computer network in contravention of the provisions of this Act, rules or regulations
made thereunder;
8. charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer, computer system, or computer network,
1. he shall be liable to pay damages by way of compensation not exceeding one crore rupees
to the person so affected.
U
✓ "computer contaminant" means any set of computer instructions that are designed—
to modify, destroy, record, transmit data or programme residing within a computer,
computer system or computer network; orby any means to usurp the normal
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
27.10.2 compensation for failure to protect data
✓ If a corporate handling any sensitive information in a computer resource owns, controls or
operates in negligent in maintaining security which causes gain to other person.in such case
tio
the corporate shall be liable to pay damages to the aggrieved party.
27.10.3Penalty for failure to furnish information return, etc.
➢ If any person who is required under this Act or any rules or regulations made thereunder
to—
lu
1. furnish any document, return or report to the Controller or ?he Certifying Authority fails
to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand
rupees for each such failure;
So
2. file any return or furnish any information, books or other documents within the time
specified therefor in the regulations fails to file return or furnish the same within the time
specified therefor in the regulations, he shall be liable to a penalty not exceeding five
thousand rupees for every day during which such failure continues
3. maintain books of account or records, fails to maintain the same, he shall be liable to a
penalty not exceeding ten thousand rupees for every day during which the failure continues.
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
with the provisions of that section.
3. No person shall be appointed as an adjudicating officer unless he possesses such experience
tio
in the field of Information Technology and legal or judicial experience as may be
prescribed by the Central Government.
4. Where more than one adjudicating officers are appointed, the Central Government shall
specify by order the matters and places with respect to which such officers shall exercise
their jurisdiction
lu
5. Every adjudicating officer shall have the powers of a civil court which are conferred oh the
Cyber Appellate Tribunal under sub-section (2) of section 58, and—
So
(a) all proceedings before it shall be deemed to be judicial proceedings within the
meaning of sections 193 and 228 of the Indian Penal Code;
(b) shall be deemed to be a civil court for the purposes of sections 345 and 346 of the
Code of Criminal Procedure, 1973.
27.10.6 Factors to be taken into account by the adjudicating officer.
✓ While adjudging the quantum of compensation under this Chapter, the adjudicating officer
U
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
(1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise
jurisdiction.
tio
27.11.2 Composition of Cyber Appellate Tribunal.
✓ A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the
Residing Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the
Central Government
lu
27.11.3 Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal.
✓ A person shall not be qualified for appointment as the Presiding Officer of a Cyber
So
Appellate Tribunal unless he—
✓ The Presiding Officer of a Cyber Appellate Tribunal shall hold office for a term of five
U
years from the date on which he enters upon his office or until he attains the age of sixty-
five years, whichever is earlier.
VT
27.11.5Salary, allowances and other terms and conditions of service of Presiding Officer.
✓ The salary and allowances payable to, and the other terms and conditions of service
including pension, gratuity and other retirement benefits of. the Presiding Officer of a
Cyber Appellate Tribunal shall be such as may be prescribed.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
✓ If, for reason other than temporary absence, any vacancy occurs in the office n the Presiding
Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another
person in accordance with the provisions of this Act to fill the vacancy and the proceedings
may be continued before the Cyber Appellate Tribunal from the stage at which the vacancy
is filled.
n
27.11.7 Resignation and removal.
1. The Presiding Officer of a Cyber Appellate Tribunal may, by notice in writing under his
tio
hand addressed to the Central Government, resign his office:
Provided that the said Presiding Officer shall, unless he is permitted by the Central
Government to relinquish his office sooner, continue to hold office until the expiry of
three months from the date of receipt of such notice or until a person duly appointed as
the earliest.
lu
his successor enters upon his office or until the expiry of his term of office, whichever is
2. The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his office
So
except by an order by the Central Government on the ground of proved misbehaviour or
incapacity after an inquiry made by a Judge of the Supreme Court in which the Presiding
Officer concerned has been informed of the charges against him and given a reasonable
opportunity of being heard in respect of these charges.
3. The Central Government may, by rules, regulate the procedure for the investigation of
misbehaviour or incapacity of the aforesaid Presiding Officer.
U
27.11.8 Orders constituting Appellate Tribunal to be final and not to invalidate its
proceedings.
✓ No order of the Central Government appointing any person as the Presiding Officer of a
VT
Cyber Appellate Tribunal shall be called in question in any manner and no act or
proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on
the ground merely of any defect in the constitution of a Cyber Appellate Tribunal.
1. The Central Government shall provide the Cyber Appellate Tribunal with such officers
and employees as that Government may think fit
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
2. The officers and employees of the Cyber Appellate Tribunal shall discharge their
functions under general superintendence of the Presiding Officer.
3. The salaries, allowances and other conditions of service of the officers and employees
or' the Cyber Appellate Tribunal shall be such as may be prescribed by the Central
Government.
n
27.11.10 Appeal to Cyber Appellate Tribunal.
1. Save as provided in sub-section (2), any person aggrieved by an order made by Controller
tio
or an adjudicating officer under this Act may prefer an appeal to a Cyber Appellate
Tribunal having jurisdiction in the matter.
2. No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating
officer with the consent of the parties.
3. Every appeal under sub-section (1) shall be filed within a period of tony-five days from the
lu
date on which a copy of the order made by the Controller or the adjudicating officer is
received by the person aggrieved and it shall be in such form and be accompanied by such
fee as may be prescribed:
So
✓ Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry of the
said period of tony-five days if it is satisfied that there was sufficient cause for not filing it
within that period
4. On receipt of an appeal under sub-section (1), the Cyber Appellate Tribunal may, after
giving the parties to the appeal, an opportunity of being heard, pass such orders thereon as
it thinks fit, confirming, modifying or setting aside the order appealed against.
U
5. The Cyber Appellate Tribunal shall send a copy of every order made by it to" the parties to
the appeal and to the concerned Controller or adjudicating officer
6. The appeal filed before the Cyber Appellate Tribunal under sub-section (1) shall be dealt
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
(2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions
under this Act, the same powers as are vested in a civil court under the Code of Civil Procedure,
1908, while trying a suit, in respect of the following matters, namely:—
1. summoning and enforcing the attendance of any person and examining him on oath;
2. requiring the discovery and production of documents or other electronic records
3. receiving evidence on affidavits;
n
4. issuing commissions for the examination of witnesses or documents;
5. reviewing its decisions;
tio
6. dismissing an application for default or deciding it ex pane;
7. any other matter which may be prescribed.
(3). Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial
proceeding within the meaning of sections 193 and 228, and for the purposes of section 196 of
lu
the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed to be a civil court for
the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.
27.11.13 Limitation.
✓ The provisions of the Limitation Act, 1963, shall, as far as may be, apply to an appeal made
to the Cyber Appellate Tribunal.
U
constituted under this Act is empowered by or under this Act to determine and no injunction
shall be granted by any court or other authority in respect of any action taken or to be taken
in pursuance of any power conferred by or under this Act.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
decision or order of the Cyber Appellate Tribunal to him on any question of fact or law
arising out of such order
✓ Provided that the High Court may, if it is satisfied that the appellant was prevented by
sufficient cause from filing the appeal within the said period, allow it to be filed within a
further period not exceeding sixty days.
n
27.11.16 Compounding of contraventions.
(1) Any contravention under this Chapter may, either before or after the institution of
tio
adjudication proceedings, be compounded by the Controller or such other officer as may be
specially authorised by him in this behalf or by the adjudicating officer, as the case may be,
subject to such conditions as the Controller or such other officer or the adjudicating officer may
specify:
27.11.17 Recovery of penalty
lu
✓ A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of
land revenue and the licence or the Digital Signature Certificate, as the case may be,
shall be suspended till the penalty is paid.
So
Q. Explain the offences and punishments ,penalties for offences under the IT act 2000
27.12 OFFENCES
27.12.1 Tampering with computer source documents.
causes another to conceal, destroy or alter any computer source code used for a computer,
computer programme, computer system or computer network, when the computer source code
is required to be kept or maintained by law for the time being in force, shall be punishable with
VT
imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with
both.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
damage to the public or any person destroys or deletes or alters any information residing
in a computer resource or diminishes its value or utility or affects it injuriously by any
means, commits hack
➢ Whoever commits hacking shall be punished with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with both.
27.12.3punishment for receiving stolen computer resource or communication device
n
✓ Whoever dishonestly received or retains any stolen computer resource of
communication device knowing 'on device or having reason to believe the same to be
tio
stolen computer resource or communication three ice, shall be punished with
imprisonment of either description for a term which may extend to years or with fine
which may extend to rupees one lakh or with both [Section 66B].
27.12.4 punishment for identity theft
lu
✓ Whoever fraudulently or dishonestly make use of the electronic signature, password or
any unique identification feature of any other person, shall be punished with
imprisonment of either description for a term which may extend to three years and shall
So
also be liable to fine which may extend to rupees one lakh [Section 66B].
27.12.5 Punishment for cheating by personation by using computer resource
✓ Whoever, by means for any communication device or computer resource cheats by
personating, shall be punished with imprisonment of either description for a term which
may extend to three years and shall also be liable to fine which may extend to one lakh
rupees [Section 66D].
U
the privacy of that person, shall be punished with imprisonment which may extend to
three years or with fine not exceeding two lakh rupees, or with both [Section 66E].
1. Whoever,
(a) With intent to threaten the unity, integrity, security of sovereignty of India or to strike
terror in the people or any section of the people by-
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
(i) denying or cause the denial of access to any person authorized to access
computer resource; or
(ii) attempting to penetrate or access a computer resource without authorization or
exceeding authorized access; or
(iii) introducing or causing to introduce any computer contaminant, and by means of
such conduct causes or is likely to cause death or injuries to persons or damage
n
to or destruction of property or disrupts or knowing that it is likely to cause
damage or disruption of supplies or services essential to the life of the community
tio
or adversely affect the critical information infrastructure specified under Section
70; or
(b) knowingly or intentionally penetrates or accesses a computer resource without
authorization or exceeding authorized access, and by means of such conduct obtains
lu
access to information, data or computer database that is restricted; or any restricted
information, data or computer database, with reasons to believe that such information,
data or computer database so obtained may be used to cause or likely to cause injury to
So
the interests of the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in relation to contempt
of court, defamation or incitement to an offence, or to the advantage of any foreign nation,
group of individuals, or otherwise, commits the offence of cyber terrorism.
material which is lascivious or appeals to the prurient interest or if its effect is such as
to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be
VT
punished on first conviction with imprisonment of either description for a term which
may extend to five years and with fine which may extend to one lakh rupees and in the
event of a second or subsequent conviction with imprisonment of either description for
a term which may extend to ten years and also with fine which may extend to two lakh
rupees.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
(1) The Controller may, by order, direct a Certifying Authority or any employee of such
Authority to take such measures or cease carrying on such activities as specified in the order if
those are necessary to ensure compliance with the provisions of this Act, rules or any regulations
made thereunder.
(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of
n
an offence and shall be liable on conviction to imprisonment for a term not exceeding three years
or to a Fine not exceeding two lakh rupees or to both.
27.12.11Protected system.
tio
(1) The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorise the persons who are
authorized to access protected systems notified under sub-section (1).
(3)
lu
Any person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with imprisonment of either
description for a term which may extend to ten years and shall also be liable to fine.
So
27.12.12Penalty for misrepresentation.
✓ Whoever makes any misrepresentation to, or suppresses any material fact from, the
Controller or the Certifying Authority for obtaining any licence or Digital Signature
Certificate, as the case may be. shall be punished with imprisonment for a term which
may extend to two years, or with fine which may extend to one lakh rupees, or with
both.
U
regulations made thereunder, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the consent
of the person concerned discloses such electronic record, book. register,
correspondence, information, document or other material to any other person shall be
punished with imprisonment for a term which may extend to two years, or with fine
which may extend to one lakh rupees, or with both.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
27.12.14 Penalty for publishing Digital Signature Certificate false in certain particulars.
(1) No person shall publish a Digital Signature Certificate or otherwise make it available to
any other person with the knowledge that—
(a) the Certifying Authority listed in the certificate has not issued it; or
n
(b) the subscriber listed in the certificate has not accepted it; or
tio
unless such publication is for the purpose of verifying a digital signature created prior to such
suspension or revocation.
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.
lu
✓ Whoever knowingly creates, publishes or otherwise makes available a Digital
So
Signature Certificate for any fraudulent or unlawful purpose shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both.
nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an offence or contravention
VT
committed outside India by any person if the act or conduct constituting the offence or
contravention involves a computer, computer system or computer network located in India.
27.12.17Confiscation.
✓ Any computer, computer system, floppies, compact disks, tape drives or any other
accessories related thereto, in respect of which any provision of this Act. rules, orders
or regulations made thereunder has been or is being contravened, shall be liable to
confiscation:
Prof. Nagashree. C, Dept of CSE,SVIT Page 31
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
✓ where it is established to the satisfaction of the court adjudicating the confiscation that
the person in whose possession, power or control of any such computer, computer
system, floppies, compact disks, tape drives or any other accessories relating to is found
is not responsible for the contravention of the provisions of this Act, rules, orders or
regulations made thereunder, the court may, instead of making an order for confiscation
of such computer, computer system, floppies, compact disks, tape drives or any other
n
accessories related thereto, make such other order authorised by this Act against the
person contravening of the provisions of this Act, rules, orders or regulations made
tio
thereunder as it may think fit.
thereunder for any third party information or data made available by him if he proves
that the offence or contravention was committed without his knowledge or that he had
exercised all due diligence to prevent the commission of such offence or contravention.
VT
27.14.1 Power of police officer and other officers to enter, search, etc.
1. Notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police
officer, not below the rank of a Deputy Superintendent of Police, or any other officer of
the Central Government or a State Government authorised by the Central Government in
this behalf may enter any public place and search and arrest without warrant any person
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
2. Where any person is arrested under sub-section (1) by an officer other than a police officer,
such officer shall, without unnecessary delay, take or send the person arrested before a
tio
magistrate having jurisdiction in the case or before the officer-in-charge of a police station.
3. The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of
this section, apply, so far as may be, in relation to any entry, search or arrest, made under
this section.
lu
✓ The provisions of this Act shall have effect notwithstanding anything inconsistent
therewith contained in any other law for the time being in force.
So
27.14.3Controller, Deputy Controller and Assistant Controllers to be public servants.
✓ The Presiding Officer and other officers and employees of a Cyber Appellate Tribunal,
the Controller, the Deputy Controller and the Assistant Controllers shall be deemed to
be public servants within the meaning of section 21 of the Indian Penal Code.
27.14.4Power to give directions.
✓ The Central Government may give directions to any State Government as to the
U
carrying into execution in the State of any of the provisions of this Act or of any rule,
regulation or order made there under.
✓ No suit, prosecution or other legal proceeding shall lie against the Central Government,
the State Government, the Controller or any person acting on behalf of him, the
Presiding Officer, adjudicating officers and the staff of the Cyber Appellate Tribunal
for anything which is in good faith done or intended to be done in pursuance of this Act
or any rule, regulation or order made thereunder.
27.14.6Offences by companies.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
✓ Provided that nothing contained in this sub-section shall render any such person liable
to punishment if he proves that the contravention took place without his knowledge or
tio
that he exercised all due diligence to prevent such contravention.
✓ Notwithstanding anything contained in sub-section (1), where a contravention of any
of the provisions of this Act or of any rule, direction or order made thereunder has been
committed by a company and it is proved that the contravention has taken place with
lu
the consent or connivance of, or is attributable to any neglect on the part of, any
director, manager, secretary or other officer of the company, such director, manager,
secretary or other officer shall also be deemed to be guilty of the contravention and
So
shall be liable to be proceeded against and punished accordingly.
27.14.7Removal of difficulties.
(1) If any difficulty arises in giving effect to the provisions of this Act, the Central
Government may, by order published in the Official Gazette, make such provisions not
inconsistent with the provisions of this Act as appear to it to be necessary or expedient for
removing the difficulty:
U
(2) Every order made under this section shall be laid, as soon as may be after it is made,
before each House of Parliament.
27.14.8Constitution of Advisory Committee.
VT
1. The Central Government shall, as soon as may be after the commencement of this Act,
constitute a Committee called the Cyber Regulations Advisory Committee.
2. The Cyber Regulations Advisory Committee shall consist of a Chairperson and such
number of other official and non-official members representing the interests principally
affected or having special knowledge of the subject-matter as the Central Government may
deem fit.
3. The Cyber Regulations Advisory Committee shall advise—
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
(a) the Central Government either generally as regards any rules or for any other
purpose connected with this Act;
n
27.14.9Special provisions as to evidence relating to electronic record.
✓ The contents of electronic records may be proved in accordance with the provisions of
section 65B.
tio
27.14.10 Admissibility of electronic records.
✓ Any information contained in an electronic record which is printed on a paper, stored,
recorded or copied in optical or magnetic media produced by a computer (hereinafter
referred to as the computer output) shall be deemed to be also a document, if the
lu
conditions mentioned in this section are satisfied in relation to the information and
computer in question and shall be admissible in any proceedings, without further proof
or production of the original, as evidence of any contents of the original or of any fact
So
stated therein of which direct evidence would be admissible.
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website
Downloaded from VTUSOLUTION.IN NOTES | INTERNSHIP | VIDEO LECTURE Like us on FB for regular updates
n
corresponds with the message as fed into his computer for transmission; but the Court
shall not make any presumption as to the person by whom such message was sent.
tio
lu
So
U
VT
Online Chat Support Projects | Technical Seminar Guidance & Support Download our app or visit website