Unit 5

PSG Institute of Technology and Applied Research
Neelambur, Coimbatore – 641 062
Department of Computer Science and Engineering
CS8792 Cryptography and

Network Security
Dr.I.Kala
Associate Professor/CSE
PSGiTECH
UNIT V SECURITY PRACTICE AND SYSTEM SECURITY
Electronic Mail security – PGP, S/MIME – IP

security – Web Security – SYSTEM
SECURITY: Intruders – Malicious software –
viruses – Firewalls.
12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 2

Email Security
• email is one of the most widely used and regarded network services
• currently message contents are not secure
– may be inspected either in transit
– or by suitably privileged users on destination system

Email Security Enhancements
• confidentiality
– protection from disclosure
• authentication
– of sender of message
• message integrity
– protection from modification
• non-repudiation of origin
– protection from denial by sender

Pretty Good Privacy (PGP)
• widely used de facto secure email
• developed by Phil Zimmermann
• selected best available crypto algs to use
• integrated into a single program
• available on Unix, PC, Macintosh and Amiga systems
• originally free, now have commercial versions available also

PGP Operation – Authentication
1. sender creates a message
2. SHA-1 used to generate 160-bit hash code of message
3. hash code is encrypted with RSA using the sender's private
key, and result is attached to message
4. receiver uses RSA or DSS with sender's public key to
decrypt and recover hash code
5. receiver generates new hash code for message and
compares with decrypted hash code, if match, message is
accepted as authentic

PGP Operation – Confidentiality
1. sender generates message and random 128-bit number to
be used as session key for this message only
2. message is encrypted, using CAST-128 / IDEA/3DES with
session key
3. session key is encrypted using RSA with recipient's public
key, then attached to message
4. receiver uses RSA with its private key to decrypt and
recover session key
5. session key is used to decrypt message

PGP Operation – Confidentiality &
Authentication
• uses both services on same message
– create signature & attach to message
– encrypt both message & signature
– attach RSA encrypted session key

PGP Operation – Compression
• by default PGP compresses message after signing but before
encrypting
– so can store uncompressed message & signature for later verification
– & because compression is non deterministic
• uses ZIP compression algorithm

PGP Operation – Email Compatibility
• when using PGP will have binary data to send (encrypted message
etc)
• however email was designed only for text
• hence PGP must encode raw binary data into printable ASCII
characters
• uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
• PGP also segments messages if too big

PGP SERVICES
12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate Professor/CSE 11

PGP Operation – Summary

PGP Session Keys
• need a session key for each message
– of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES
• generated using ANSI X12.17 mode
• uses random inputs taken from previous uses and from keystroke
timing of user

PGP Public & Private Keys
• since many public/private keys may be in use, need to identify which
is actually used to encrypt session key in a message
– could send full public-key with every message
– but this is inefficient
• rather use a key identifier based on key
– is least significant 64-bits of the key
– will very likely be unique
• also use key ID in signatures

PGP Key Rings
• each PGP user has a pair of keyrings:
– public-key ring contains all the public-keys of other PGP users known to this
user, indexed by key ID
– private-key ring contains the public/private key pair(s) for this user, indexed by
key ID & encrypted keyed from a hashed passphrase

PGP Key Management
• rather than relying on certificate authorities
• in PGP every user is own CA
– can sign keys for users they know directly
• forms a “web of trust”
– trust keys have signed
– can trust keys others have signed if have a chain of signatures to them
• key ring includes trust indicators
• users can also revoke their keys

S/MIME (Secure/Multipurpose Internet Mail Extensions)
• security enhancement to MIME email
– original Internet RFC822 email was text only
– MIME provided support for varying content types and multi-part messages
– with encoding of binary data to textual form
– S/MIME added security enhancements
• have S/MIME support in various modern mail agents: MS Outlook,
Netscape etc

S/MIME Functions
• enveloped data
– encrypted content and associated keys
• signed data
– encoded message + signed digest
• clear-signed data
– cleartext message + encoded signed digest
• signed & enveloped data
– nesting of signed & encrypted entities

S/MIME Cryptographic Algorithms
• hash functions: SHA-1 & MD5
• digital signatures: DSS & RSA
• session key encryption: ElGamal & RSA
• message encryption: Triple-DES, RC2/40 and others
• have a procedure to decide which algorithms to use

S/MIME Certificate Processing
• S/MIME uses X.509 v3 certificates
• managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web
of trust
• each client has a list of trusted CA’s certs
• and own public/private key pairs & certs
• certificates must be signed by trusted CA’s

Certificate Authorities
• have several well-known CA’s
• Verisign one of most widely used
• Verisign issues several types of Digital IDs
• with increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2+ enroll/addr check email, subs, s/w validate
3+ ID documents e-banking/service access

IP Security
• have considered some application specific security mechanisms
– eg. S/MIME, PGP, Kerberos, SSL/HTTPS
• however there are security concerns that cut across protocol layers
• would like security implemented by the network for all applications

IPSec
• general IP Security mechanisms
• provides
– authentication
– confidentiality
– key management
• applicable to use over LANs, across public & private WANs, & for
the Internet

IPSec Uses

Benefits of IPSec
• in a firewall/router provides strong security to all traffic crossing the
perimeter
• is resistant to bypass
• is below transport layer, hence transparent to applications
• can be transparent to end users
• can provide security for individual users if desired

IP Security Architecture
• specification is quite complex
• defined in numerous RFC’s
– incl. RFC 2401/2402/2406/2408
– many others, grouped by category
• mandatory in IPv6, optional in IPv4

IPSec Services
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
– a form of partial sequence integrity
• Confidentiality (encryption)
• Limited traffic flow confidentiality

Security Associations
• a one-way relationship between sender & receiver that affords
security for traffic flow
• defined by 3 parameters:
– Security Parameters Index (SPI)
– IP Destination Address
– Security Protocol Identifier
• has a number of other parameters
– seq no, AH & EH info, lifetime etc
• have a database of Security Associations

Authentication Header (AH)
• provides support for data integrity & authentication of IP packets
– end system/router can authenticate user/app
– prevents address spoofing attacks by tracking sequence numbers
• based on use of a MAC
– HMAC-MD5-96 or HMAC-SHA-1-96
• parties must share a secret key

Authentication Header

Transport & Tunnel Modes

Encapsulating Security Payload (ESP)
• provides message content confidentiality & limited traffic flow
confidentiality
• can optionally provide the same authentication services as AH
• supports range of ciphers, modes, padding
– incl. DES, Triple-DES, RC5, IDEA, CAST etc
– CBC most common
– pad to meet blocksize, for traffic flow

Encapsulating Security Payload

Transport vs Tunnel Mode ESP
• transport mode is used to encrypt & optionally authenticate IP data
– data protected but header left in clear
– can do traffic analysis but is efficient
– good for ESP host to host traffic
• tunnel mode encrypts entire IP packet
– add new header for next hop
– good for VPNs, gateway to gateway security

Combining Security Associations
• SA’s can implement either AH or ESP
• to implement both need to combine SA’s
– form a security bundle
• have 4 cases (see next)

Combining Security Associations

Key Management
• handles key generation & distribution
• typically need 2 pairs of keys
– 2 per direction for AH & ESP
• manual key management
– sysadmin manually configures every system
• automated key management
– automated system for on demand creation of keys for SA’s in large systems
– has Oakley & ISAKMP elements

Oakley
• a key exchange protocol
• based on Diffie-Hellman key exchange
• adds features to address weaknesses
– cookies, groups (global params), nonces, DH key exchange with authentication
• can use arithmetic in prime fields or elliptic curve fields

ISAKMP
• Internet Security Association and Key Management Protocol
• provides framework for key management
• defines procedures and packet formats to establish, negotiate, modify,
& delete SAs
• independent of key exchange protocol, encryption alg, &
authentication method

ISAKMP

Web Security
• Web now widely used by business, government, individuals
• but Internet & Web are vulnerable
• have a variety of threats
– integrity
– confidentiality
– denial of service
– authentication
• need added security mechanisms

SSL (Secure Socket Layer)
• transport layer security service
• originally developed by Netscape
• version 3 designed with public input
• subsequently became Internet standard known as TLS (Transport
Layer Security)
• uses TCP to provide a reliable end-to-end service
• SSL has two layers of protocols

SSL Architecture

SSL Architecture
• SSL session
– an association between client & server
– created by the Handshake Protocol
– define a set of cryptographic parameters
– may be shared by multiple SSL connections
• SSL connection
– a transient, peer-to-peer, communications link
– associated with 1 SSL session

SSL Record Protocol
• confidentiality
– using symmetric encryption with a shared secret key defined by Handshake
Protocol
– IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
– message is compressed before encryption
• message integrity
– using a MAC with shared secret key
– similar to HMAC but with different padding

SSL Change Cipher Spec
•
Protocol
one of 3 SSL specific protocols which use the SSL Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use

SSL Alert Protocol
• conveys SSL-related alerts to peer entity
• severity
• warning or fatal
• specific alert
• unexpected message, bad record mac, decompression failure, handshake
failure, illegal parameter
• close notify, no certificate, bad certificate, unsupported certificate,
certificate revoked, certificate expired, certificate unknown
• compressed & encrypted like all SSL data

SSL Handshake
Protocol
• allows server & client to:
– authenticate each other
– to negotiate encryption & MAC algorithms
– to negotiate cryptographic keys to be used
• comprises a series of messages in phases
– Establish Security Capabilities
– Server Authentication and Key Exchange
– Client Authentication and Key Exchange
– Finish

SSL Handshake Protocol

TLS (Transport Layer Security)
• IETF standard RFC 2246 similar to SSLv3
• with minor differences
– in record format version number
– uses HMAC for MAC
– a pseudo-random function expands secrets
– has additional alert codes
– some changes in supported ciphers
– changes in certificate negotiations
– changes in use of padding

Secure Electronic
•
Transactions
open encryption & security specification
(SET)
• to protect Internet credit card transactions
• developed in 1996 by Mastercard, Visa etc
• not a payment system
• rather a set of security protocols & formats
– secure communications amongst parties
– trust from use of X.509v3 certificates
– privacy by restricted info to those who need it

SET Components

SET Transaction
• Both cardholders and merchants must register with the CA (certificate
authority) first, before they can buy or sell on the Internet. Once
registration is done, cardholder and merchant can start to do transactions,
• Customer browses the website and decides on what to purchase
• Customer sends order and payment information, which includes two
parts in one message:
a. Purchase order – this part is for merchant
b. Card information – this part is for merchant’s bank only.
• Merchant forwards card information (part b) to their bank
• Merchant’s bank checks with the issuer for payment authorization
• Issuer sends authorization to the merchant’s bank
• Merchant’s bank sends authorization to the merchant
• Merchant completes the order and sends confirmation to the customer
• Merchant captures the transaction from their bank
• Issuer prints credit card bill (invoice) to the customer

Dual Signature
• customer creates dual messages
– order information (OI) for merchant
– payment information (PI) for bank
• neither party needs details of other
• but must know they are linked
• use a dual signature for this
– signed concatenated hashes of OI & PI

Where, PI stands for payment information
OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
|| stands for append operation Dual signature,
DS= E(KPc, [H(H(PI)||H(OI))])

Purchase Request
– Customer

Purchase Request
– Merchant

Purchase Request
– Merchant
1. verifies cardholder certificates using CA sigs
2. verifies dual signature using customer's public signature
key to ensure order has not been tampered with in transit
& that it was signed using cardholder's private signature
key
3. processes order and forwards the payment information to
the payment gateway for authorization (described later)
4. sends a purchase response to cardholder

Payment Gateway
Authorization
1. verifies all certificates
2. decrypts digital envelope of authorization block to obtain symmetric
key & then decrypts authorization block
3. verifies merchant's signature on authorization block
4. decrypts digital envelope of payment block to obtain symmetric key
& then decrypts payment block
5. verifies dual signature on payment block
6. verifies that transaction ID received from merchant matches that in
PI received (indirectly) from customer
7. requests & receives an authorization from issuer
8. sends authorization response back to merchant

Payment Capture
• merchant sends payment gateway a payment capture request
• gateway checks request
• then causes funds to be transferred to merchants account
• notifies merchant using capture response

ACTIVITY
• Forming seven groups 5 members each asked to find the A to

Z web security related words in an minute. The winner team
will be given reward

Intruders
• significant issue for networked systems is hostile or unwanted access
• either via network or local
• can identify classes of intruders:
– masquerader
– misfeasor
– clandestine user
• varying levels of competence
– key goal often is to acquire passwords

Password Guessing
• one of the most common attacks
• attacker knows a login (from email/web page etc)
• then attempts to guess password for it
– try default passwords shipped with systems
– try all short passwords
– then try by searching dictionaries of common words
– intelligent searches try passwords associated with the user (variations on names,
birthday, phone, common words/interests)
– before exhaustively searching all possible passwords
• success depends on password chosen by user
• surveys show many users choose poorly

Password Capture
• another attack involves password capture
– watching over shoulder as password is entered
– using a Trojan horse program to collect
– monitoring an insecure network login (eg. telnet, FTP, web, email)
– extracting recorded info after successful login (web history/cache, last number
dialed etc)

Intrusion Detection

Approaches to Intrusion Detection
• statistical anomaly detection
– threshold
– profile based
• rule-based detection
– Anomaly, based on previous usage pattern
– penetration identification

Audit Records
• fundamental tool for intrusion detection
• native audit records
– part of all common multi-user O/S
• detection-specific audit records
– created specifically to collect wanted info

Statistical Anomaly Detection
• threshold detection
– count occurrences of specific event over time
– if exceed reasonable value assume intrusion
– alone is a crude & ineffective detector
• profile based
– characterize past behavior of users
– detect significant deviations from this
– profile usually multi-parameter

Audit Record Analysis
• foundation of statistical approaches
• analyze records to get metrics over time
– counter, gauge, interval timer, resource use
• use various tests on these to determine if current behavior is
acceptable
– mean & standard deviation, multivariate, markov process, time series,
operational

Base-Rate Fallacy
• practically an intrusion detection system needs to detect a substantial
percentage of intrusions with few false alarms
– if too few intrusions detected -> false security
– if too many false alarms -> ignore / waste time
• this is very hard to do
• existing systems seem not to have a good record

Distributed Intrusion Detection -
Architecture

Honeypots
• decoy systems to lure attackers
– away from accessing critical systems
– to collect information of their activities
– to encourage attacker to stay on system so administrator can respond
• are filled with fabricated information

Password Management
• front-line defense against intruders
• users supply both:
– login – determines privileges of that user
– password – to identify them
• passwords often stored encrypted
– Unix uses multiple DES (variant with salt)
– more recent systems use hash function

Managing Passwords
• need policies and good user education
• protect password file from general access
• Enforce rules for “good” passwords
• Change password periodically
• Run password –guessing program
• Monitor login failures
• Proactive Password Checking

Chapter 19 – Malicious Software
What is the concept of defense: The parrying of a blow. What is

its characteristic feature: Awaiting the blow.
—On War, Carl Von Clausewitz

Viruses and Other Malicious Content
• computer viruses have got a lot of publicity
• one of a family of malicious software
• effects usually obvious
• have figured in news reports, fiction, movies (often exaggerated)
• getting more attention than deserve
• are a concern though

Malicious Software

Logic Bomb
• one of oldest types of malicious software
• code embedded in legitimate program
• activated when specified conditions met
– eg presence/absence of some file
– particular date/time
– particular user
• when triggered typically damage system
– modify/delete files/disks

Trojan Horse
• program with hidden side-effects
• which is usually superficially attractive
– eg game, s/w upgrade etc
• when run performs some additional tasks
– allows attacker to indirectly gain access they do not have directly
• often used to propagate a virus/worm or install a backdoor
• or simply to destroy data

Zombie
• program which secretly takes over another networked computer
• then uses it to indirectly launch attacks
• often used to launch distributed denial of service (DDoS) attacks
• exploits known flaws in network systems

Viruses
• a piece of self-replicating code attached to some other code
– cf biological virus
• both propagates itself & carries a payload
– carries code to make copies of itself
– as well as code to perform some covert task

Virus Operation
• virus phases:
– dormant – waiting on trigger event
– propagation – replicating to programs/disks
– triggering – by event to execute payload
– execution – of payload

Virus Structure
program V :=
{goto main;
1234567;
subroutine infect-executable := {loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto loop
else prepend V to file; }
subroutine do-damage := {whatever damage is to be done}
subroutine trigger-pulled := {return true if some condition holds}
main: main-program := {infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
}

Macro Virus
• macro code attached to some data file
• interpreted by program using file
– eg Word/Excel macros
– esp. using auto command & command macros
• code is now platform independent
• is a major source of new viral infections

Email Virus
• spread using email with attachment containing a macro virus
• triggered when user opens attachment
• or worse even when mail viewed by using scripting features in mail
agent
• usually targeted at Microsoft Outlook mail agent & Word/Excel
documents

Worms
• replicating but not infecting program
• typically spreads over a network

Worm Operation
• worm phases like those of viruses:
– dormant
– propagation
• search for other systems to infect
• establish connection to target remote system
• replicate self onto remote system
– triggering
– execution

Virus Countermeasures
• viral attacks exploit lack of integrity control on systems
• to defend need to add such controls
• typically by one or more of:
– prevention - block virus infection mechanism
– detection - of viruses in infected system
– reaction - restoring system to clean state

Anti-Virus Software
• first-generation
– scanner uses virus signature to identify virus
– or change in length of programs
• second-generation
– uses heuristic rules to spot viral infection
– or uses program checksums to spot changes
• third-generation
– memory-resident programs identify virus by actions
• fourth-generation
– packages with a variety of antivirus techniques
– eg scanning & activity traps, access-controls

Advanced Anti-Virus Techniques
• generic decryption
– use CPU simulator to check program signature & behavior before actually
running it
• digital immune system (IBM)
– general purpose emulation & virus detection
– any virus entering org is captured, analyzed, detection/shielding created for it,
removed

Firewalls – Packet Filters

Firewalls – Packet Filters

Attacks on Packet Filters
• IP address spoofing
– fake source address to be trusted
– add filters on router to block
• source routing attacks
– attacker sets a route other than default
– block source routed packets
• tiny fragment attacks
– split header info over several tiny packets

Firewalls - Application Level Gateway
(or Proxy)

Firewalls - Application Level Gateway
(or Proxy)
• use an application specific gateway / proxy
• has full access to protocol
– user requests service from proxy
– proxy validates request as legal
– then actions request and returns result to user
• need separate proxies for each service
– some services naturally support proxying
– others are more problematic
– custom services generally not supported

Firewalls - Circuit Level Gateway

QUIZ – ASSESSMENT

FEEDBACK

Interaction

Unit 5

Uploaded by

Copyright:

Available Formats

Unit 5

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 5

Uploaded by

Copyright:

Available Formats

PSG Institute of Technology and Applied Research

Neelambur, Coimbatore – 641 062

Department of Computer Science and Engineering

CS8792 Cryptography and

Electronic Mail security – PGP, S/MIME – IP

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 2

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 3

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 4

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 5

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 6

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 7

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 8

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 9

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 10

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate Professor/CSE 11

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 12

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 13

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 14

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 15

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 16

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 17

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 18

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 19

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 20

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 21

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 22

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 23

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 24

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 25

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 26

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 27

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 28

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 29

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 30

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 31

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 32

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 33

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 34

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 35

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 36

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 37

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 38

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 39

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 40

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 41

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 42

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 43

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 44

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 45

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 46

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 47

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 48

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 49

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 50

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 51

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 52

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 53

12/31/23 CS8792: Cryptography and Network Security / Dr I Kala, Associate 54