NIS_UNIT 4

Syllabus:

4.1 Firewall
 “a network security device either hardware or
so ware-based which monitors all incoming and
outgoing traffic and based on a defined set of
security rules it accepts, rejects, or drops that
specific traffic”
o Need of firewall
o Before firewallsACL performed network
security can’t block packetscan’t keep
threats away
o Firewall can be –
hardware/so ware/combina on
o inspects network traffic
o Accepts or rejects messages- based on set of
rules
o It’s a par on between private(trusted)
n/w & public(un-trusted) n/w passing
through it
o A ributes of firewall: -
 All traffic should pass through it
 It should allow only authorized traffic
 Firewall itself can stop a acks
o Protects system from threats & allows access
to outside world of internet
o Acts as network gateway- to protect internal
resources
o It can control outside resource that
employees are accessing
o It examines packet and forwards towards
des na on
o Firewall is installed on special computer
o separated from network – so incoming
request can’t enter directly into resources
o For mobile networks- firewall helps in secure
login
o Design goals
 All traffic -must pass through
firewall(inside/outside)
  Done by blocking access to local network
 expect via firewall
 If authorized traffic denied by local
security policy will be allowed to pass
through firewall
 Different type of firewall<-> different
type of security policies
 Firewall is immune to unauthorized entry

 Types of firewalls


1. Packet Filter
o Router- part of firewall- performs packet
filtering
o Packet filtering router- applies rules on-
incoming packets- decides to forward or
discard
o Router is configured to filter
packets(incoming/outgoing)
o “Packet filtering firewall maintains a filtering
table that decides whether the packet will be
forwarded or discarded”
o
o filtra on rules are based on:
 Source IP address: IP address of system
genera ng IP packet
 Des na on IP address: IP address of
system where packet is trying to reach
 Source and des na on transport-level
address: TCP or UDP define applica ons
such as – SNMP or TELNET
 IP protocol field: it tells the transport
protocol
 Interface: it is for router using 3 or more
ports interfacing incoming and outgoing
packet

o
o Advantages
  Simplicity
 Transparency to users
 High speed
o Disadvantages
 Difficulty of se ng up packet filtering
rules
 Lack of authen ca on
2. Stateful Packet Filter
o it understands request and reply system
o rules for stateful packets are specified only for
first packet in one direc on
o new rules are created a er first outbound
packet
o then all packets proceed automa cally
o stateful packet filter supports  wide range of
protocols – FTP, IRC, H323
o It keeps track of the state of networks
connec on travelling across it
o filtering decisions - based on packet’s history
in the state table.
 o
3. Applica on Gateway
o Also known as – Proxy Server
o Because – it Acts like proxy and decides flow
of applica on-level traffic
o Internal user- contacts applica on-level
gateway using TCP/IP applica on e.g.
TELNET/FTP/HTTP
o Applica on-level gateway will ask user/host-
about remote host- with which he wants
connec on (for communica on)
o prevents the direct connec on between
either side of the firewall
o User provides info like ID and authen ca on
info gateway contacts applica on on
remote host and relays TCP segment
containing app data between 2 endpoints
o If gateway doesn’t implement proxy code for
an appservice is not supported and can’t be
forwarded across firewall
o Gateways are configured – to support specific
features
o These features are considered by network
administrator while denying other features

1. Advantages
i. High security than packet filtering
ii. Only needs to scru nize a few allowable
applica ons
iii. Easy to log and audit incoming traffic
2. Disadvantages
 i. Addi onal overheadas 2 separate
connec ons between end users and
gateway
ii. Gateway should examine and forward all
traffic in both direc ons
4. Circuit Gateways
o It’s a specialized func on- performs
applica on-level gateway for certain app
o it will not allow end-to-end TCP connec on –
but will set up 2 TCP connec ons:
 between TCP user on inner host and
gateway
 between a gateway and TCP user on
outside host
o a er these 2 connec ons gateway
transmits TCP segments from one connec on
to another without examining contents
o security func on will check which connec on
is allowed
o here system administrator trusts the internal
users
 o gateway can be configured – to support
applica on level or proxy service on inbound
connec ons and circuit-level func ons for
outbound connec ons
o Gateway can acquire processing overhead of
examining incoming app data for prohibited
func ons but does not acquire that overhead
on outgoing data

4.2 Firewall Policies, Configura on, Limita ons, DMZ

 Firewall Policies
 o Allow all type of traffic  but block some
services like– TELNET/SNMP and port number
used by an a acker
o Restric ve policy: - Block all traffic and allow
only useful traffic -HTTP, POP3, SMTP, SSH
o If network administrator forgets to block
something  it is exploited for some me
without knowledge
o Most secure op on: block everything
suspicious (a er complaining by someone allow the protocol)
 Firewall ruleset:
 Firewall allows – HTTP, FTP, SSH, DNS – to
communicate from internal network to
internet
 Allows SMTP – to communicate to mail
server from anywhere
 Allows SMTP and DNS – to communicate
from mail server to internet
 Allows SMTP and POP3- to communicate
from inside to mail server
 Firewall allows only reply packets
 Firewall can block everything else
 Configura on
o Firewall  combina on of packet filter and
applica on-level gateway.
o 3 types of configura ons

1. Screened Host Firewall, Single-Homed

Bas on (dedicated server)
o 2 parts of firewall configura ons:
 A packet filter router: -
 ensures incoming traffic is allowed
 only if it is intended for applica on
gateway
 by examining des na on address field of
each incoming IP packet
 It ensures that outgoing traffic is allowed
 only if originated from applica on-level
gateway
 by examining source address field of
every outgoing packet
  Applica on-level gateway: - performs
authen ca on as well as proxy func ons

o Advantages
 Improves security- by checking both
levels packet and applica on
 Provides flexibility to n/w administrator
to define more security policies
o Disadvantages
 Internal users are connected to both –
applica on gateway and packet filter
router if packet filter is a acked –
whole internal network is exposed to
a acker
2. Screened Host Firewall, Dual-Homed Bas on
o Direct connec on between internal hosts and
packet filter is avoided
o Pkt filter only connects to applica on gateway
o Has separate connec on with internal host
o If packet filter is a acked – only applica on
gateway is visible to a acker

3. Screened Subnet Firewall

o Highly secure among all configura ons
o 2 packet filters are used
 One between internet and applica on
gateway
 Other between applica on gateway and
internal network
 o Achieves 3 levels of security for an a ack to
break into

 Limita ons of Firewalls

o Can’t protect against a acks that bypass the
firewall
o Does not protect against insider threats -
employees innocently cooperates with
external a ackers
o Can’t protect against transfer of virus infected
programs or files
o May not protect against viruses and infected
files as it is not possible to scan all incoming
traffic
o Complexity: Se ng up and keeping up a
firewall can be me-consuming and difficult,
especially for bigger networks
o Limited Visibility: may not be able to iden fy
or stop security risks that operate at other
levels because they can only observe and
manage traffic at the network level
o False Sense of Security: Some businesses may
place an excessive amount of reliance on their
firewall
o Limited adaptability: firewalls are rule-based,
they might not be able to respond to fresh
security threats.
o Limited Scalability: network, businesses that
have several networks must deploy many
firewalls, which can be expensive.
o Cost: Purchasing many devices or add-on
features for a firewall system can be
expensive, especially for businesses.
o
 DMZ (Demilitarized Zone)

 Computer host or small network inserted as a

“neutral zone” in company’s private network and
outside public network
 It avoids outside users – from direct access to
company’s data server
 DMZ is op onal
 More secure approach to firewall
 Effec vely acts as proxy server
 DMZ has separate computer/host – receives request
from users within private network to access websites
or private network
 DMZ host- ini ates session for each request on
public n/w not for private network
 It can only forward packets requested by the host
 Public network users- outside company- can access
DMZ host only
 It can store company’s webpages which can be
served to outside users
 Hence, DMZ can’t give access to company’s data
 If outsider enters DMZ securitywebpages may get
corrupted but other informa on is safe

4.3 Intrusion Detec on System (IDS)

 What is IDS?
 “Process of monitoring events happening in
computer system / network”
 Analyzes system for possible incidents
 threat of viola on of computer security
policies,
 standard security prac ces
  acceptable use policies
 IDS <-> Burglar alarm
 In case of intrusion IDS will provide warning or alert
 Operator then tags the event to Incident Handling
Team for further inves ga on
 IDS – observes surrounding ac vi es- tries to iden fy
undesirable ac vi es
 Purpose-
 to iden fy suspicious/ malicious ac vi es
devia ng normal behavior
 Catalog and classify ac vity
 Reply to the ac vity
 2 types of IDS:
1. Host Based IDS
 Examines ac vi es of individual system like 
mail server, web server, individual PC
 Concerned with only individual system
 Has no visibility to network or systems around
it
2. Network Based IDS
 Examines ac vi es on the network
 Visibility only into traffic monitoring – crossing
network link
  Has no idea of what is happening to individual
systems
 Components of IDS

 Traffic Collector
 To collect the ac vity or event from IDS for
examina on
 HIDS Event can be- log files, audit logs, incoming
or outgoing traffic
 NIDS event can be- mechanism for copying
traffic of n/w link

 Analysis Engine
 This will examine collected n/w traffic
 Compares it with known pa erns of
suspicious/malicious ac vi es
 Malicious ac vi es -stored in signature
database
 Analysis Enginebrain of IDS

 Signature Database
 Stores collec on of pa erns and defini ons of
known suspicious/malicious ac vity on
host/network

 User Interface and Repor ng

 Provides interface with human element
 Provides alert whenever required
 Because of this user can interact with IDS

 Vulnerability Assessment
 Examining the state of network security
 informa on is collected and priori zed as per
vulnerabili es:
 Data about open ports
 s/w packages running
 network topology
 vulnerability assessment- updated regularly – to
handle new threats
 they keep track of security vulnerabili es and
list of available patches

 Misuse Detec on
 looks for pa erns of n/w traffic or ac vity in log
files that are suspicious
 This is known as a ack signature
 It contains-
 no. of failed logins to sensi ve host
 bits of IP address of buffer overflow a ack
 TCP SYN packet of SYN flooding a ack
 For monitoring system – IDS can check security
policy and database to known vulnerabili es
and a ack
 Venders need to update latest a acks and
update the issue database
 Customers need to install updates

 Anomaly Detec on
 To detect intrusion- sta s cal anomaly
detec on uses sta s cal techniques
 Baseline is established
  During opera on – sta s cal analysis of data
monitored is performed
 If different from baseline alarm is raised
 Anomaly  not a ack every mefailed login
due to forge ng password
 Careful a ackers- remain undetected
 Pa ent a ackers- slowly change normal
behavior un l a ack (which no longer generates
alarm)
 Need to be concerned about
 False posi ve- a ack is flagged when nothing
has happened
 False nega ve- a ack is missed when within
range of normal behavior

 Host Based IDS

 Checks- log files, audit trails, network traffic
(incoming/outgoing)
 HIDS – operates in real me- observes ac vi es,
batch mode on periodic basis
 It is self-contained-
 commercial versions take help of central
system
  they also take local system resources to
operate
 Older version-
 work on batch mode hourly or daily basis
 looking for the events in system log files
 New versions-
 processor speed is increased-
 it looks for log files in real me –
 examines data traffic
 Windows examined logs: -applica ons, system
and security event logs
 UNIX examined logs: - message, kernel, error
logs
 Applica on specific HIDS- examine traffic from
specific services

 HIDS is looking for certain log files like:

 Logins at odd hours
 Login authen ca on failure
 Adding new user account
 Modifica on of access of cri cal system files
 Modifica on or removal of binary files
 Star ng or stopping processes
 Privilege escala on
  Use of certain programs

 Advantages
 OS specific and detailed signatures
 Examines data a er decryp on
 Very applica on specific

 Disadvantages
 Needs to be installed on every host spot
 High-cost ownership and maintenance
 Uses local system resources
 Very focused view and cannot relate to ac vity
around it
 Excluded from the network
 Passive in nature, so it just informs about the
attack without doing anything about it.

 Network Based IDS

 Focuses on n/w traffic
 Bits and bytes travelling along cables
interconnec ng system
 Checks traffic according to – protocol, type,
amount, source, des na on, content, traffic
already seen
 Such analysis should occur quickly at the speed
network operates to be effec ve
 Examines traffic in/out- internet, remote offices,
partners etc.
 NIDS looks for certain ac vi es like:
 Denial of service a ack
 Port scans or sweeps
 Malicious content in data in packet
 Vulnerability scanning
 Trojans, viruses, worms
 Tunneling
 Brute-force a acks

 Layout of NIDS
 Advantages
 Provides coverage of fewer systems
 Low cost – deployment, maintenance, upgrade
 Visibility into all n/w traffic
 Can corelate mul ple systems
 Disadvantages
 Ineffec ve for encrypted traffic
 Can’t see traffic that does not pass through it
 it might be slow as compared to the network
speed.
Categories HIDS NIDS

Defini on Host IDS Network IDS

Type It doesn’t work in real- me Operates in real- me

HIDS is related to just a single NIDS is concerned with the

system, as the name suggests it is en re network system;
Concern only concerned with the threats NIDS examines the
related to the Host ac vi es and traffic of all
system/computer, the systems in the network.

NIDS being concerned with

the network is installed at
HIDS can be installed on each and
Installa on places like routers or
every computer or server i.e.,
Point servers as these are the
anything that can serve as a host.
main intersec on points in
the network system

HIDS operates by taking the

snapshot of the current status of
NIDS works in real- me by
the system and comparing it against
Execu on closely examining the data
some already stored malicious
flow and immediately
Process tagged snapshots stored in the
repor ng anything
database, this clearly shows that
unusual.
there is a delay in its opera on and
ac vi es
Categories HIDS NIDS

As the network is very large

making it hard to keep
HIDS are more informed about the
Informa on track of the integra ng
a acks as they are associated with
About A ack func onali es, they are
system files and processes.
less informed of the
a acks

Ease of As it needs to be installed on every Few installa on points

host, the installa on process can be make it easier to install
Installa on resome. NIDS

Response
Response me is slow Fast response me
Time
 Honeypots
 Honeypots: - innova on in IDS
 It’s a computer system- on the internet-setup to
a ract and trap a ackers
 They are designed to:
 Purposely divert hackers from accessing
cri cal system
 Iden fy malicious ac vi es
 Engage a acker for long me  so that he
will stay on the system ll administrator
responds
 Honeypot is designed with sensi ve monitors
and event loggers
 Which detect the accesses and collect
informa on about a ackers
 2 types of Honeypots (based on deployment
method)
1. Produc on Honeypot:
 Used by companies and corpora ons –
for researching hackers aims- diver ng
and mi ga ng risks
2. Research Honeypot:
 Used by non-profit organiza on and
educa onal ins tu ons – for researching
 mo ve and tac cs of hacker community-
for targe ng different networks
 Effec ve method to track hackers’ behavior
 Increasing effec veness of computer security
tools

--XX---XXX—end of unit 4--XX---XXX—

Following por on is from unit 3
3.4 DES (Data Encryp on Standard) Algorithm
DES (Data Encryp on Standard)
 It is a symmetric block cipher algorithm
 Developed by US Govt Standards in 1970
 Was published as Federal Informa on Processing
Standard
 Length of plain text = length of key
 DES encrypts- 64 bit clear-text blocks
 DES Key Length – 56 bits
 DES produces -64-bit Cipher Text
 8 out of 64 bits are not used/discarded
 every 8th bit of the key is discarded to produce a 56-
bit key
 bit posi ons 8, 16, 24, 32, 40, 48, 56, and 64 are
discarded.


 DES is based on 2 a ributes of cryptography
 Subs tu on
 Transposi on
 DES consists of 16 steps called as ROUNDS
 each round performs steps of subs tu on and
transposi on
Steps:
1. 64-bit plain text block is handed over to an
Ini al Permuta on (IP) func on
2. Ini al permuta on is performed on plain
text
3. IP produces 2 halves of permuted block
a. LPT- Le Plain Text
b. RPT- Right Plain Text
4. Each LFT and RPT go through 16 rounds of
encryp on process  each with its own key
 5. At the end LPT and RPT are joined and Final
Permuta on (FP) is performed on combined
blocks
6. The result is 64-bit cipher text

 Ini al Permuta on (IP)

 IP happens -only once – before 1st round
 Transposi on table is read from le to right
 the IP replaces the first bit of the original plain text
block with the 58th bit of the original plain text, the
second bit with the 50th bit of the original plain text
block, and so on. (jugglery of bit posi ons)


 A er IP- resul ng 64-bit block is divided into 2 half
blocks, each with 32 bits (LPT & RPT)
 Now, 16 rounds are performed on these 2 blocks
 Each of the 16 rounds consists of following steps: -

1. Key Transforma on
o 56-bit key is available for every round
o In each round- a separate 28-bit sub-key is
generated from 56- bit key using key
transforma on process
o This is possible by dividing 56-bit key into 2
halves of 28 bits
o These 28 bits are circularly shi ed le by 1 or 2
posi ons depending upon rounds
o E.g. Round= 1,2,9,16 and shi =1
o For remaining the shi is of 2 posi ons

o Discarding Key bits  Compression Permuta on

o Different subset of key in each round makes
DES hard to crack

2. Expansion permuta on
o IP has divided plain text into 32- bit LPT and RPT
o RPT is expanded from 32-bits to 48-bits
o Bitsexpanded as well as permuted
o 32 bit RPT is divided into 8 different blocks
each block consis ng of 4-bits

o next- each 4-bit block of previous step is

expanded to a corresponding 6-bit block  i.e.
per 4-bit block 2 more bits are added these
added bits are actually REPEATED FIRST AND
FOURTH BITS of the 4-bit block
o this results into expansion as well as
permuta on of input bits while crea ng the
output
o 48-bit key is XORed with 48-bit RPT resul ng
output is given to next step S-Box subs tu on.

3. S-Box Subs tu on
o This process accepts 48-bit input from XOR
opera on involving compressed key and
expanded RPT  produces 32-bit output using
subs tu on technique
o Subs tu on is performed by- 8 subs tu on
boxes- containing 6-bit input and 4-bit output
o 48-bit block is divided into 8 sub-blocks
o The output of each S-box is combined to form
32-bit block and given to next stage
4. P-Box Permuta on
o 32-bit outputs are permuted using P-box
o Involves simple permuta on
o It adds confusion and diffusion

o
o E.g. number 16 in the block indicates – bit at 16
posi on of original input – moves to a bit at
posi on 1 in output
5. XOR and Swap
o Le half por on of ini al 64-bit text block is
XORed with output produced by P-box
permuta on
o Result is- new right half  RPT
o Old RPT becomes – new le half in the process of
swapping
o Final permuta on is performed only once at
the end of 1 round
o Output of final permuta on is 64-bit encryp on
block
Modes Of Opera on
 2 categories of encryp on algorithm
o Block cipher (fixed size input same size cipher
text)
o Stream cipher (encrypts bit by bit)

ECB (Electronic Code Book)

o Data – divided into 64-bit blocks
o Each block encrypted one at a me
o Each block’s encryp on is independent of each
other
o So, while sending data on network
transmission error can affect only the block
containing error not others
o Block are rearranged – so remain undetected
o Weakest of all modes- because no addi onal
security measures implemented besides DES
algorithm
o ECB- fastest and easiest to implement
o ECB- used by private encryptor
CBC (Cipher Block Chaining)

o Each block of ECB encrypted ciphertext is XORed

with next plaintext box to be encrypted
o All blocks are dependent on previous blocks
o First block – has no previous block  so
plaintext is XORed with 64-bit number called
Ini aliza on Vector (IV)
o If transmission error (adding or dele ng bits) in
one block  carried to all subsequent
dependent blocks
 o Modifica on of bits does not propagate in all
blocks – it will just affect all the bits in changed
block- and corresponding bits in following block
o This mode is more secure
o Extra XOR steps adds one more layer to
encryp on process

CFB(Cipher Feedback )
 Blocks less than 64-bits can be encrypted
 Special processing is needed for the files whose size is
not mul ple of 8-bytes
 This mode will help in this condi on
 Private Encryptor handles this case by adding
DUMMY bytes at the end of the file before encryp ng
 64-bit block (shi register) -given as input plaintext to
DES for encryp on
 Cipher text is passed through M-Box
o M-BOX M is number of bits to be encrypted
o M-Box selects le most M bits of ciphertext
o Which are further XORed with real plain text
o Output is final ciphertext
 Finally, ciphertext is fed back into shi register 
used as plaintext seed for next block to be encrypted
 Just like CBC error is transmi ed to subsequent blocks
 CFB is similar to CBC but more secure
 But slower that ECB due to added complexity
OFB (Output Feedback)
 Similar to CFB
 But only difference – ciphertext output of DES is given
back into shi register – rather than actual ciphertext
 Shi register is set to an arbitrary value and passed
through DES algorithm
 Output of DES- passed through M-Box – then fed into
shi register to prepare next block
 This value is XORed with real plaintext- result is final
ciphertext
 Transmission error does not propagate – because shi
register generates new plaintext input without any
further data input
 OFB – less accurate than CFB
Cryptographic Error Ini aliza on Key Applica on in Real
Nature Offering
Mode Propaga on Vector Life

Basic encryp on for small

Confiden alit
ECB Block No No data sets, o en found in
y
database cells

Widely used for data

Confiden alit
CBC Block Yes Yes encryp on in protocols
y
like TLS

Confiden alit Stream cipher, o en used

CFB Stream Yes Yes
y in protocols like OpenPGP

Confiden alit Stream cipher, used in

OFB Stream No Yes
y VPNs and disk encryp on
AES (Advanced Encryp on Standard) Algorithm
 It is a symmetric block cipher used for encryp on and
decryp on
 Published by Na onal Ins tute of Standards and
Technology (NIST) in 2001
 It offers robust security and performs efficiently
across various systems
 It’s an alterna ve to DES
 Acceptability requirements and Evalua on Criteria for
AES defined by NIST: -
o AES shall be publicly defined
o AES shall be symmetric block cipher
o AES shall be designed so that the key length may
be increased as needed
o AES shall be implementable in both hardware
and so ware
o AES shall be –
 Freely available
 Available under terms consistent with the
American Na onal Standard Ins tute (ANSI)
patent policy
 o AES mee ng above requirements should be
judged based on following policies
 Security
 Computa onal efficiency
 Memory requirements
 Hardware and so ware suitability
 Simplicity
 Flexibility
 Licensing requirements
A ributes of AES
 It is a symmetric key based algorithm
 It works as a block cipher
 It uses 128-bit blocks
 It can work with key sizes of 128,192,256
 Number of rounds of opera on depends upon key
size
 128-bit key undergoes- 10 rounds
 192-bit key undergoes-12 rounds
 256-bit key undergoes- 14 rounds
 Long key size makes AES highly secure
 Crea ng round key
1. AddRoundKey-
o Transforma on step
o Round key is generated
o XORed with intermediate ciphertext
o Same block for encryp on and decryp on

2. SubBytes-
o Transforma on step
o Intermediate ciphertext undergoes- various
subs tu on opera ons
o used for encryp on process
3. Shi Rows-
o Transforma on step
o Intermediate ciphertext undergoes various row-
wise transposi on opera ons
 o Used for encryp on process
4. MixColumns-
o Transforma on step
o Intermediate ciphertext undergoes various
column-wise transposi on opera ons
o Used for encryp on process
5. InvSubBytes-
o Inverse of SubByte opera on
o Used in decryp on process
6. InvShi ROws-
o Inverse of Shi Rows opera on
o Used in decryp on process
7. InvMixColumn-
o Inverse of MixColumn opera on
o Used in decryp on process

DES AES
Cryptographic Low High
Strength
Key Size 56-Bit 128,192 and 256
bit
Block Size 64- Bit 128-Bit
Rounds 16 10,12,14-based on
key size
Usage Obsolete-Not used Currently used
industry standard
RSA Algorithm
 RSA uses most prac cal public key
 RSAproposed by Rivest-Shamir-Adleman  in 1977
 Uses asymmetric(2 different ) key for- encryp ng
message, exchanging keys and crea ng digital
signatures
 RSA-based on finding prime factoriza on of very large
number
 RSA uses modular arithme c for encryp on and
decryp on
 length of numbers is around 500 digits
RSA Key Length Number of Digits
1024-bit 309
2048-bit 617
4096-bit 1233
A) Key Genera on
 RSA digital signature work on public and private key
pairs
 Generated by- key-pair genera ng method by-
CA(Cer ficate Authority)
 Public key=(n, e)
 Private key=(n, d)
 Where, n- product of prime numbers
e- encryp on exponent
d- decryp on exponent
B) Message Signing
 To sign a message M,
o Calculate Hash value of message M at sender’s
end
o H=hash(M)
o Encrypt h using RSA private key
o Signature S=(h)d mod n
C) Signature Verifica on
 Decrypt signature S using public key
 h’= (S)e mod n
 calculate Hash value of message M at receiver’s end
 h=hash(M)
 if h=h’, the signature is valid else the signature is
invalid
Diffie Helman key exchange algorithm and Man-In Middle
A ack
Diffie-Hellman Algorithm
Algorithm
Man-in Middle A ack
MD5 and SHA Algorithm
Hash Func on: Introduc on, Features of Hash Func on
Working
MD5
 Append Padding Bits
 Append Length
 Ini alize MD Buffer
 Process Message in 16-Word Blocks
 Output
SHA
 Append Padding Bits
 Append Length
 Ini alize MD Buffer
 Process Message in Blocks 512-bit (16-word) blocks
 Output
 The behavior of SHA-1 is as follows
SHA-1 Compression Func on
Digital Signature:
Introduc on and Working of Digital Signature
Digital Signature
 It is a n electronic signature
 Used to authen cate iden ty of sender or signer of a
document
 It ensures that original contents are unchanged
 Can be used with any message
 It is easily transportable
 It is automa cally mestamped
 “If message arrives with digital signature sender
cannot repudiate(refuse) it”
 Digital signature can be used with encrypted plaintext
 So, sender’s iden ty is not tampered

 Digital Cer ficate: - contains digital signature of

cer ficate issuing authority (CA)
 Digital signature based upon hashing func on and
asymmetric cryptography

 How It Works?
 Signing the message- with the private key
 Verifying the message- with the public key
 Let’s understand the above concept using an example:
o Alice decides to send a message to Bob.
o Alice creates the hash value of the document.
 o Alice uses her private key to encrypt the hash
value.
o Alice sends the document along with the encrypted
hash value to Bob.
o When Bob receives the message, he will use Alice’s
public key to decrypt the received hash value.
o Bob will also generate the hash value of the
message received.
o Bob will match the two hash values and if the
values match then Bob will be sure that the
message has not been tampered with. If the values
don’t match then it is confirmed that the message
has been tampered with.

 Digital signature scheme typically consists of 3

algorithms:
 Key Genera on Algorithm:
 G- that randomly produces a “key pair” (PK, SK) from
signer
 PK- verifying key, it is a public key
 SK- signing key, it is a private key

 Signing Algorithm:
 S- that on input of a message m and signing key SK
 Produces a signature
 Signature Verifying Algorithm:
 V that on input a message m, verifying key PK and a
signature either accepts or rejects


 At Sender’s End
 Message digest is generated using hash func on
 Message digest is encrypted using sender’s private key
 Encrypted message is known as digital signature
 Digital signature is a ached to data or message sent to
receiver

 At Receiver’s End
 Receiver uses sender’s public key to decrypt digital
signature to obtain message
 Receiver uses same message digest algorithm
 Receiver compares sender’s and receiver’s message
digest
 If messages are equal  signature is valid else not

 Advantages
o Authen ca on
o Digital signature – can be used to authen cate
source of message
o Ownership of digital signature is bound to specific
user
o Integrity
o As message is digitally signed changes in message
will invalidate the signature
o Modifica on of digitally signed message is difficult
 Disadvantages
o Algorithm does not provide the certainty of the
date and me at which document was signed
o The of keys: Lost or the of keys is one of the
major drawbacks of digital signatures.
o The use of vulnerable storage facili es is one of the
other limita ons.
o Addi onal cost: To effec vely use digital signatures
sender and receiver needs to buy digital cer ficates
and verifica on so ware at a cost.
o Need for standard: There is a strong need for a
standard through which these different methods
can interact
 Feature Digital Signature Digital Cer ficate

Basics / A digital signature secures Digital cer ficate is a file

Defini on the integrity of a digital that ensures holder’s
document in a similar way iden ty and provides
as a fingerprint or security.
a achment.
Process / Hashed value of original It is generated by CA
Steps data is encrypted using (Cer fying Authority)
sender’s private key to that involves four steps:
generate the digital Key Genera on,
signature. Registra on,
Verifica on, Crea on.

Security Authen city of It provides security

Services Sender, integrity of the and authen city of
document and non- cer ficate holder.
repudia on.
Standard It follows Digital Signature It follows X.509
Standard (DSS). Standard Format
Threats to Mobile Phone and Its Security Measures
 Use of mobiles luxury to bare necessity
 Types of a acks on mobile networks – originated from:
1. External Sources: internet connec ons, private
networks, other network operators
2. Within the Mobile Network: devices connected to
network like 
Handsets, smartphones, notebook computers,
desktops can serve as entry points for
a acks

 Vulnerabili es of Mobiles/Cell phones:

Enough Target Terminals:
- More devices to a ack
Enough Func onality
- Extended func onali es or apps increase
probability of malware
Enough Connec vity
- SMS, MMS, Synchroniza on, Bluetooth, Infrared,
WLAN
 A acks on Mobile Phones:
 Mobile the : stealing device to gain access to –
personal informa on, financial details & other sensi ve
data
 Consequences include: -
o Unauthorized Data Access: emails, photos,
contacts, financial apps
o Iden ty The : informa on used to impersonate
the owner
o Financial Loss: payment apps, bank accounts, credit
card details
o Misuse of SIM Card: making unauthorized calls or
fraudulent messages
 Mobile Viruses: spread via 2 key communica on
protocol- Bluetooth, MMS
o Bluetooth Viruses: can propagate within 10-30
meters through Bluetooth enabled devices
o MMS Viruses: replicate by sending copies of
themselves to all contacts from infected device’s
address book
 Mishing:
o Phishing a acks on mobiles  Mishing
o Usage of mobiles for online purchases or banking
 increases vulnerability for Mishing scams
o A ackers impersonate bank employees ask for
personal informa on
 Vishing:
o Fishing a ack over telephone Vishing
o Purpose
 monitory gain
 iden ty the
 purchasing luxury goods and services
 transferring money or funds
 monitoring vic m’s bank account
 applying for loans and credit cards

 Smishing:
o Phishing through SMS
o Smishing tac cs
 Sending fraud links to fake websites
 Reques ng sensi ve informa on (passwords/
credit card details)
 Impersona ng legi mate organiza ons
(banks/service providers)
 Promising rewards/threatening consequences

 Hacking Bluetooth:
o Short range wireless device
o Involves exploi ng vulnerabili es in Bluetooth
enables devices
o To gain access or steal informa on
o A ackers connects to Bluetooth via specialized
so ware installed on his laptop
 o Once connected it can 
 Download – address book, photos, calendar
entries
 Access SIM card details
 Make unauthorized long distance phone calls

 Common Methods Include

o Bluesnarfing:
 Stealing data – contacts, messages, files 
without owner’s consent
o Bluejacking:
 Sending unsolicited message /files to another
Bluetooth-enabled device
o Bluebugging:
 Taking control of device to- make calls, send
messages, access sensi ve informa on
o Car Whisperer:
 Taking control of car’s hands-free system and
 Listening to conversa on, sending audio or
messages through car’s speakers
 Security Measures
o For data:
o Encryp ng sensi ve data
o Encryp ng the en re file system
o Mobile device security:
o Strong password/ biometrics
o Secure informa on about mobile device such as:
 Phone number, make and model, PIN/Security
lock code, IMEI number
o Install an -the s/w
o Download from trusted sources
 Ringtones, games, videos, photos
o Turn off Bluetooth when not in use
o If using IR (infrared) beam  accept data from
trusted source
o Use an virus designed for mobiles
o Use VPN while using financial apps or entering
personal informa on instead of Wi-Fi
o Keep security patches up to date
Organiza onal Measures for Handling Mobile
1. Encryp ng Organiza onal Database: encrypt
cri cal and sensi ve data to protect it from
unauthorized access
2. Security Strategy:
 Implement-strong asset management, virus
checking, loss preven on-to prohibit
unauthorized access
 Secure access to company informa on through
– firewall
 Monitor accounts for unusual ac vity
periodically
3. Organiza onal Security Policy
 Determine whether employees need to use
mobile devices for work-related tasks
 Implement robust security measures  strong
encryp on, device passwords, physical locks
 Enforce comprehensive asset management 
virus scanning, loss preven on, other security
mechanism
 More frequent and detailed audits
 No fy relevant law enforcement agency and
update passwords
 Educate employees and provide trainings
regarding mobile security
 Avoid storing sensi ve organiza onal data on
mobile – such as: passwords, confiden al
emails, strategic informa on, sales
reports,plans etc.