paper-6

Cryptography and Network Security

Contents
1. Introduction
1a. Fundamental Requirements
1b.Security Attacks
2. What is Cryptography
2a. Cryptography Terminology
3. Network Security
3a. Why Network Security
3b. Common Security Threats
4. Network security Needs
4a. Security Needs of an Enterprise
4b.Common Network Security Needs
5. Cryptographic Process
5a. Basic Concepts
5b. Key Process Technologies
5c. Hash Functions
5d. Applications of Cryptography
6. Digital Signatures and Certificates
6a. Public Key Encryption for Digital Signatures
6b. Public Key Encryption for Digital Certificates
7. Cryptographic Technologies
7a. Based on Layers
7b. Based on Encryption Algorithms
8. Public Key Infrastructure (PKI)
8a. Introduction
8b. PKI Concepts on Certificates
9. Attacking Cryptography
9a. Cryptanalysis
9b. Brute Force attack
10. Summary


CRYPTOGRAPHY AND NETWORK SECURITY







ABSTRACT



This paper introduces Cryptography “The science of protecting data” and Network Security “keeping information private and Secure from unauthorized Users”. Providing information to the basics of the Cryptography, The Various Key Process Technologies, Digital Signatures & Digital Certificates, Public key infrastructure (PKI), Pretty Good Privacy (PGP) concepts, Types of Encryption Algorithms, Cryptanalysis Process, and Applications of Various Cryptographic Technologies. Why & How to Provide Network Security? The Validity & Trust for Certificate Services, Certificate Revocation in the Internet, Intranet and other Network Communications, the Applications of Network Security to the various Data Transfer techniques and protocols.






1. Introduction

FROM THE DAWN OF CIVILIZATION, to the highly networked societies that we live in Today communication has always been an integral part of our existence.
• Radio communication
• Telephonic communication
• Network communication
• Mobile communication
All these methods and means of communication have played an important role in our lives, but in the past few years, network communication, especially over the Internet, has emerged as one of the most powerful methods of communication with an overwhelming impact on our lives. Such rapid advances in communications technology have also given rise to security threats to individuals and organizations.

1a. Fundamental Requirements

Confidential: Is the process of keeping information private and Secret so that only the intended recipient is able to understand the information.

Authentication: Is the process of providing proof of identity of the sender to the recipient, so that the recipient can be assured that the person sending the information is who and what he or she claims to be.

Integrity: Is the method to ensure that information is not tampered with during its transit or its storage on the network. Any unauthorized person should not be able to tamper with the information or change the
Information during transit

Non-repudiation: Is the method to ensure that information cannot be disowned. Once the non-repudiation process is in place, the sender cannot deny being the originator of the data.

1b.Security Attacks

Interruption: In an attack where one or more of the systems of the organization become unusable due to attacks by unauthorized users. This leads to systems being unavailable for use.
Interception: An unauthorized individual intercepts the message content and changes it or uses it for malicious purposes. After this type of attack, the message does not remain confidential.

Modification: The content of the message is modified by a third party.
This attack affects the integrity of the message.

So for maintaining the data secretly while communicating data between two persons or two organizations data is to be converted to other format and the data is to be transmitted. So now we deal with the Cryptography which is process of transmitting data securely without any interruption. Network security is the security of data transmission in the communication.


Fig 1.1 Cryptography process



2. What is Cryptography?
The term cryptology has its origin in Greek kryptós lógos, which means “hidden word.” Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form, so that Valid User can access Information at the Destination. Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Cryptanalysts are also called attackers. Cryptology embraces both cryptography and cryptanalysis.
2a.Cryptography Terminology

a) Plaintext: The original intelligible message.
b) Cipher text: The transformed message.
c) Cipher: An algorithm for transforming an intelligible message to unintelligible by transposition.
d) Key: Some critical information used by the cipher, known only to the sender & receiver.
e) Encipher :( Encode) the process of converting plaintext to cipher text using a cipher and a key.
f) Decipher :( Decode) the process of converting cipher text back into plaintext using a cipher & key.
g) Cryptanalysis: The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called code breaking
h) Cryptology: Both cryptography and cryptanalysis
i) Code: an algorithm for transforming an intelligible message into an unintelligible one using codes.
j) Hash algorithm: Is an algorithm that converts text string into a string of fixed length.
k) Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
l) Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
m) Pretty Good Privacy (PGP): PGP is a hybrid cryptosystem.
n) Public Key Infrastructure (PKI): PKI feature is Certificate authority.

3. Network Security

For Distributed computing
• Logical set of services distributed over the network
• Physical security model does not work anymore

For Internet and Web
• Increase of security threat
• More stringent security for E-commerce and B2B

3a.Why network security?

When networks were not that pervasive, that is when computing devices were running in their own islands, it was rather easy to deal with security. The only thing they needed to do was to lock the door. Now, as more and more computing devices are getting connected and more and more applications are being built as distributed applications, the physical security model has lost its significance. The advent of the internet and the web has raised the scale and frequency of network Security threats.

3b. Common Security Threats

Identity interception: It means that someone might steal your identity and use it as their own. Masquerading. If you send your username and password in clear text form, someone might be able to grab it from the network and use it elsewhere with the intention of perpetrating fraud.

Replay attack: They might capture your request of withdrawing 1000 dollars from your Bank account and then replay that request over the network.

Data interception and manipulation: If someone can read your credit card information while it is on the wire, they could cause a lot of trouble for you.

Repudiation: When someone performs a transaction and then deny it later can be a big problem in e-commerce. For example, if you are manufacturer of something and you received a 1 million dollar purchase request from a customer, you will want to make sure that person does not deny it after the transaction has been completed. We all know what “denial of service” means.

4. Network Security Needs

4a. Security Needs of an Enterprise

• Single sign-on Internet and intranet
• Controlled access to corporate information
• Secure business transaction over Internet
• Centralized, easy to use security admin tools
• Transparency of security features
• Interoperable security systems
• Various PKI schemes, Kerbos

4b. Common Network Security Needs

• Authentication (Identity verification)
• Access control (Authorization)
• Data confidentiality (Privacy)
• Data integrity (Tamper-proofing)
• Non-repudiation (Proof of transaction)
• Auditing

5. Cryptographic Process

5a. Basic Process

M is the original message K enc is encryption key
M' is the scrambled message K dec is decryption key
It is “difficult” to get M just by knowing M'

E and D are related such that
E(K enc , M) = M'
D(K dec , M') = M
D(K dec , E(K enc , M)) = M

Plaintext—M Cipher text—M' Original Plaintext—M
Decryption function—D Encryption function—E

So how does cryptographic process work? The idea is rather simple. Let's say you have plaintext M. By providing the encryption key and the encryption function you get cipher text, M'. The cipher text can be decrypted using a decryption function and a decryption key and the result is the original text. In cryptographic process the mathematical property is such that it is practically impossible to derive M from M' unless the key is known.

5b. Key Process Techniques
• Symmetric-Key Encryption: One Key
Symmetric-key encryption, also called shared-key encryption or secret-key cryptography, uses a single key that both the sender and recipient possess. This key, used for both encryption and decryption, is called a secret key (also referred to as a symmetric key or session key). Symmetric-key encryption is an efficient method for encrypting large amounts of data. But the drawback is to transfer the Key to Receiver as it is prone to security risks.

• Public-Key Encryption: Two Keys
Two keys—a public key and a private key, which are mathematically related—are used in public-key encryption. To contrast it with symmetric-key encryption, public-key encryption is also sometimes called asymmetric-key encryption. In public-key encryption, the public key can be passed openly between the parties or published in a public repository, but the related private key remains private. Data encrypted with the public key can be decrypted only using the private key. Data encrypted with the private key can be decrypted only using the public key. In Figure 1, a sender has the receiver's public key and uses it to encrypt a message, but only the receiver has the related private key used to decrypt the message.


Fig 5.1 Public Key method
From the Figure it can be observed that Encryption is done with Public Key and Decryption with another key called Private Key. This is called Public Key Cryptography.
5c.Hash functions

An improvement on the Public Key scheme is the addition of a one way hash function in the process. A one-way hash function takes variable length input. In this case, a message of any length, even thousands or millions of bits and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way even by just one bit an entirely different output value is produced.
As long as a secure hash function is used, there is no way to take someone's signature from one document and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature verification process to fail.


Figure 5.2 Hash Functions

5d. Applications Of Cryptography

1. Defense Services 2. Secure Data Manipulation 3. E – Commerce
4. Business Transactions 5. Internet Payment Systems 6. Pass Phrasing
7. Secure Internet Comm. 8. User Identification Systems 9. Access Control
10.Computational Security 11.Secure access to Corp Data 12.Data Security.
6a.Public-Key Encryption for Digital Signatures

A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more.

A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.
6b.Public-Key Encryption for Digital Certificates
Digital certificates, or cert., simplify the task of establishing whether a public key truly belongs to the purported owner. A certificate is a form of credential. Examples might be your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity. Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you.
A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person's public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one person's key for another.
A digital certificate consists of three things:
• A public key.
• Certificate information. ("Identity" information about the user, such as name, user ID, and so on.)
• One or more digital signatures.
The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or is bound to, the public key. Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.

7. Cryptographic Technologies

7a. Based on Layers
• Link layer encryption
• Network layer encryption
• IPSEC, VPN, SKIP
• Transport layer
• SSL, PCT(Private Communication Technology)
• Application layer
• PEM (Privacy Enhanced Mail)
• PGP (Pretty Good Privacy)
• SHTTP
Cryptographic process can be implemented at various layers starting from the link Layer all the way up to the application layer. The most popular encryption scheme is SSL and it is implemented at the transport layer. If the encryption is done at the transport layer, any application that is running on the top of the transport layer can be protected.

7b. Based on Algorithms

Secret-key encryption algorithms (Symmetric algorithms)
• DES (Data Encryption Standard) -- 56 bit key
• Triple DES --112 bit key
• IDEA (International Data Encryption Algorithm) --128bit key

Public-key encryption algorithms (Asymmetric algorithms)
Diffie-Hellman (DH): Exponentiation is easy but computing discrete logarithms from the resulting value is practically impossible
RSA: Multiplication of two large prime numbers is easy but factoring the resulting product is practically impossible
8. Public Key Infrastructure (PKI)

8a. Introduction
The term public key infrastructure (PKI) is used to describe the policies, standards, and software that regulate or manipulate certificates and public and private keys. In practice, PKI refers to a system of digital certificates, certification authorities (CA), and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. Standards for PKI are still evolving, even as they are being widely implemented as a necessary element of electronic commerce. This section will help you understand what a PKI is and what services are required to build a PKI.
8b. PKI concepts on Certificates
Certificate: A public key certificate is a digitally signed statement used for authentication and secure exchange of information on the networks. The issuer and signer of the certificate is known as a certification authority (CA). Certificate has No, Validity, Uses of the Key pair (Public & Secret)
Certification Authority: A certification authority (CA) is an entity trusted to issue certificates to a requesting entity. A CA verifies the requester's information according to the policy of the CA, and then uses its private key to apply its digital signature to the certificate.
CA Policy: A CA issues certificates to requesters based on a set of established criteria. The set of criteria that a CA uses when processing certificate requests is referred to as CA policy. Typically, a CA publishes its policy in a document known as a Certification Practice Statement (CPS).
Types of Certification Authorities
Self-signed CA: The public key in the certificate and the key used to verify the certificate are the same
Subordinate CA: The public key in certificate and the key used to verify the certificates are different.
Rooted CA : This is trusted unconditionally by a client and is at top of a certification hierarchy.
Registration: Registration is the process by which a certificate is issued to the subject, provided that the certificate is in compliance with the criteria established by the CA policy.

Certificate enrollment: The procedure that an end entity follows to request and receive a certificate from a CA. The certificate request provides identity information to the CA
Certificate Revocation: Certificates have a specified lifetime, but CAs can reduce this lifetime by the process known as certificate revocation. The CAs publishes a certificate revocation list (CRL) that lists serial numbers of certificates that it considers no longer usable.

Certificate Chain Validation: In a network, when we generate a request for a new certificate, the information in that request is first passed from the requesting program to Certificate Authority (CA) then passes the appropriate data to a program known as a cryptographic service provider (CSP) A CSP is an independent software module that performs cryptography operations, such as secret-key exchange, digital signing of data, and public-key authentication. Chain-building mechanism attempts to build a certification path (a certificate chain) from the end-entity certificate, such as a user certificate, up to a CA root certificate,

9. Attacking Cryptography

9a. Cryptanalysis
Cryptanalysis is the process of attempting to discover the plaintext and/ or the key. The types of Cryptanalysis attacks are

Differential Cryptanalysis Aattack: The differential cryptanalysis attack looks specifically at pairs of cipher texts whose plaintext has some specific differences. It analyzes these differences as the plaintext propagates through various rounds of Data Encryption Standards (DES) when they are encrypted with the same key.

Linear Cryptanalysis Attack: Linear Cryptanalysis attack was invented by Mitsuru Matsui in 1993. This method is based on the concept that if you XOR some of the plaintext bits together, XOR some cipher text bits together, and then XOR the results, you will get a single bit that is the XOR of some of the key bits. A large number of such plain/cipher texts pairs are used to guess the values of the key bits

9b. Brute Force Attack

The simplest attack to decipher a DES key is the brute force attack. The brute force attack on the DES algorithm is feasible because of the relatively small key length (56 bit) and ever-increasing computational power of the computers. It can break through any cipher by trying all keys that possibly exist. However, in brute force attacks, the time taken to break a cipher is directly proportional to the length of the key. In a brute force attack, keys are randomly generated and applied to the cipher text until the legitimate key is generated. The Average Time Required for Exhaustive Key Search



10. Summary

Cryptography protects users by providing functionality for the encryption of data and authentication of other users. This technology lets the receiver of an electronic message verify the sender, ensures that a message can be read only by the intended person, and assures the recipient that a message has not be altered in transit. This paper describes the cryptographic concepts of symmetric-key encryption, public-key encryption, types of encryption algorithms, hash algorithms, digital signatures, and key exchange. The Cryptography Attacking techniques like Cryptanalysis and Brute Force Attack. This Paper provides information of Network Security Needs and Requirements.

paper-5

INDEX:
1. ABSTRACT
2. INTRODUCTION
2.1. Cryptography
2.2. Purpose of cryptography
3. BASIC CONCEPTS
3.1 secret key cryptography
1. Block Ciphers
2. Stream Ciphers
3.2 Public-key cryptography
1. Encryption
3.3 Hash Function
4. APPLICATIONS OF CRYPTOGRAPHY
4.1 Password Encryption
4.2 Privacy
4.3 Key Agreement
5. Other uses of cryptography
6. DISADVANTAGES
7. CONCLUSION
8. REFERENCES
--------------------------------------------------------------------------------------------------------
1. ABSTRACT
This paper focuses on the need, nature and purpose of cryptography. The need for cryptography in various fields, particularly the internet, is explained. Secure communications data storage, identification and authentication and various other applied cryptographic concepts have been dealt with. The three general types of cryptographic schemes such as SECRET-KEY CRYPTOGRAPHY, PUBLIC-KEY CRYPTOGRAPHY AND HASH FUNCTIONS explained in detail. The techniques in the cryptographic schemes like block and stream ciphers have been explained. In public key Cryptography ENCRYPTION (the science of changing data into unrecognizable form so that any unauthorised person cannot understand it) is explained .The major applications of Cryptography have been mentioned .PRIVACY AND PASSWORD PROTECTION are explained. KEY MANAGEMENT has been effectively dealt with. The KEY-PAIR and key COMPONENT are explained in detail. The disadvantages are mentioned. Conclusion is written dealing with the aspects of “what Cryptography can do” and “what it cannot “. Finally, the references are cited.
2. INTRODUCTION
The science of cryptology is the science of secure communications, formed from the Greek words kryptós, "hidden", and logos, "word".
During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.
One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient.
2.2 PURPOSE OF CRYPTOGRAPHY
Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.
. Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message.
Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext
Cryptography is a particularly interesting field because of the amount of work that is, by necessity, done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are those that are well-known and well-documented because they are also well-tested and well-studied! In fact, time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys;
3. BASIC CONCEPTS
3.1 Traditional Secret-key Cryptography
Traditional cryptography uses a single key to encrypt and decrypt a message. An algorithm that uses the same key to encrypt and decrypt is called symmetric.
This type of cryptography also deals with authentication, the main technique being the creation and verification of message authentication codes (MACs).
The difficulty with secret-key cryptosystems is sharing a key between the sender and receiver without anyone else compromising it. In a system supporting a large number of users the key management problems can become very severe.
The advantage of traditional cryptography is that it is usually much faster than public-key cryptography.
The main techniques are:
• Block Ciphers
• Stream Ciphers
• Message Authentication Codes

1. Block Ciphers
A block cipher transforms a fixed-length block of plaintext into a block of cipher text of the same length, using a secret key. To decrypt, the reverse process is applied to the cipher text block using the same secret key.
In the case of DES, the block size is 64 bits (8 bytes) and the key is 56 bits presented as 8 bytes, the low order bit of each byte being ignored. It is usual to set every 8th bit so that each byte contains an odd number of set bits. This process is known as DES key parity adjustment.
To use a block cipher to encrypt data of arbitrary length, we can use one of the following techniques (or modes of operation):

• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Output Feedback (OFB)
Most good block ciphers transform the secret key into a number of sub keys and the data is encrypted by a process that has several rounds (iterations) each round using a different sub key. The set of sub keys is known as the key schedule. In the case of DES the secret key is transformed into 16 sub keys and consequently DES takes 16 rounds to perform an encryption.
A) Electronic Code Book
In ECB mode, each block of data is encrypted independently.
If we take eK(D) to mean “encrypt block D with key K”, then the plaintext D1,D2,D3,…..,Dn is encrypted as eK(D1),eK(D2),….,eK(Dn).
The trouble with ECB mode is that plaintext patterns show up in the cipher text, because each identical block of plaintext gives an identical block of cipher text. This can lead to attacks based on rearranging, deleting or repeating cipher text blocks.
ECB mode should only be used for encrypting very small blocks of data such as keys.
B) Cipher Block Chaining
In CBC mode each plaintext block is XOR’d with the previous cipher text block before it is encrypted. Because there is no previous cipher text for the first block, an 8-byte block known as the Initial Chaining Value (ICV) is used to start the process.
Patterns in the plaintext are hidden by the exclusive-OR. The ICV should be different for any messages encrypted with the same key, but it does not have to be kept secret and can be transmitted with the encrypted text.
If the total length of the plaintext is not a multiple of 8, it is necessary to deal with the final short block. The obvious way to do this is to pad out the last block to 8 bytes, but the final block must contain a count of the number of filler bytes, so the message length is always increased by a maximum of 8 bytes. If this increase in length is not acceptable, a solution is to XOR the short block by re-enciphering the last complete cipher text block (or, if there isn’t one, the ICV).
C) Cipher Feedback
In CFB mode the previous cipher text block is encrypted and is XOR’d with the plaintext to give the current cipher text block. As with CBC mode, an ICV is needed to start the process. It is possible to define 1-bit, 2-bit, and up to 63-bit cipher feedback. In software implementations there is no advantage over CBC mode, though CFB is often used in link encryption devices. As well as full 64-bit feedback
D) Output Feedback
OFB is similar to CFB mode except that the cipher text XOR’d with each plaintext block is independent of the plaintext and cipher text and is produced by repeatedly encrypting the ICV.
The advantage of OFB mode is that transmission errors are not propagated and do not affect decryption of blocks that follow. It is therefore a useful method for encryption of satellite links where re-transmission of a corrupted message would be inconvenient.
2. STREAM CIPHERS
Stream ciphers are typically much faster than block ciphers. A stream cipher generates a key stream (a sequence of bits or bytes used as a key). The plaintext is combined with the key stream, usually with the XOR operation. Generating the key stream may be independent of the plaintext and cipher text, to give a synchronous stream cipher. Alternatively it may depend on the cipher text, in which case the stream cipher is self-synchronizing. Nearly all stream ciphers are of the synchronous type.
There is no “standard” stream cipher, and in general stream ciphers are best avoided. Certain modes of operation of a block cipher transform it into a key stream generator and so any block cipher can be used as a stream cipher. Examples are DES in CFB or OFB modes.
3.2 PUBLIC-KEY CRYPTOGRAPHY
Public-key cryptography has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University professor Martin Hellmann and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
The mathematical "trick" in PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy whereas their inverse function is relatively difficult. Consider a simple example:
Multiplication vs. factorization: Suppose I tell you that I have two numbers, 9 and 16, and that I want to calculate the product; it should take almost no time to calculate the product, 144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which pair of integers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer because you first need to find the 8 pair of integer factors and then determine which one is the correct pair.




FIGURE 2: Sample application of the three cryptographic techniques for secure communication.


ENCRYPTION
Encryption is the science of changing data so that it is unrecognizable and useless to an unauthorized person. Decryption is changing it back to its original form.
The most secure techniques use a mathematical algorithm and a variable value known as a 'key'.
The selected key (often any random character string) is input on encryption and is integral to the changing of the data. The EXACT same key MUST be input to enable decryption of the data.
This is the basis of the protection... if the key (sometimes called a password) is only known by authorized individual(s), the data cannot be exposed to other parties. Only those who know the key can decrypt it. This is known as 'private key' cryptography, which is the most well known form.



Figure 2
3.3 HASH FUNCTION
When creating a digital signature you hash your message downto a manageable size so that it will fit into the block to be encrypted with the private key
The two most common hash algorithms are
.MD 5(16 byte digit)
.sha-1(20 byte digit)
The two algorithms are similar in form but SHA 1 is preferred because the longer digest reduces the portability of collisions (two messages having the same digest)
Ronald Rivest (message digest 5) invented .MD5
.SHA-1 was a modification of earlier algorithm (secure hash algorithm)
The properties of a good a hash algorithm are:
1. Easy and quick to reduce a message of any size to a fixed digest
2. Computationally infeasible to construct a meaningful message from a given digest
3. Very low portability that two different messages will lead to the same digest

4. APPLICATIONS OF CRYPTOGRAPHY

The basic applications of cryptography include:
• Privacy
• Password encryption
• Authentication
• Key Agreements
• Digital Envelopes


4.1. PASSWORD PROTECTION
Nearly all modern multi-user computer and network operating systems employ passwords at the very least to protect and authenticate users accessing computer and/or network resources. But passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme.
Passwords are not saved in plaintext on computer systems precisely so they cannot be easily compromised. For similar reasons, we don't want passwords sent in plaintext across a network. But for remote logon applications, how does a client system identify itself or a user to the server? One mechanism, of course, is to send the password as a hash value and that, indeed, may be done. A weakness of that approach, however, is that an intruder can grab the password off of the network and use an off-line attack (such as a dictionary attack where an attacker takes every known word and encrypts it with the network's encryption algorithm, hoping eventually to find a match with a purloined password hash). In some situations, an attacker only has to copy the hashed password value and use it later on to gain unauthorized entry without ever learning the actual password.

4.2 PRIVACY
Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. Developed by Phillip in the early 1990s and long the subject of controversy, PGP is available as a plug-in for many e-mail clients, such as Claris Emailer, Microsoft Outlook/Outlook Express, and Qualcomm Eudora.
PGP can be used to sign or encrypt e-mail messages with the mere click of the mouse. Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures.
When PGP is first installed, the user has to create a key-pair. One key, the public key, can be advertised and widely circulated. The private key is protected by use of a pass phrase. The pass phrase has to be entered every time the user accesses their private key

4.3 Key Management
As the entire operation is dependent upon the security of the keys, it is sometimes appropriate to devise a fairly complex mechanism to manage them.
Where a single individual is involved, often direct input of a value or string will suffice. The 'memorized' value will then be re-input to retrieve the data, similar to password usage.
Sometimes, many individuals are involved, with a requirement for unique keys to be sent to each for retrieval/decryption of transmitted data. In this case, the keys themselves may be encrypted. A number of comprehensive and proven key management systems are available for these situations.

CRYPTOGRAPHY KEY BASICS
The two components required to encrypt data are an algorithm and a key. The algorithm is generally known and the key is kept secret.
The key is a very large number that should be impossible to guess, and of a size that makes exhaustive search impractical.
In a symmetric cryptosystem, the same key is used for encryption and decryption. In an asymmetric cryptosystem, the key used for decryption is different from the key used for encryption.

THE KEY PAIR
In an asymmetric system the encryption and decryption keys are different but related. The encryption key is known as the public key and the decryption key is known as the private key. The public and private keys are known as a key pair.
Where a certification authority is used, one has to remember that it is the public key that is certified and not the private key. This may seem obvious, but it is not unknown for a user to insist on having his private key certified!
KEY COMPONENT
Keys should whenever possible be distributed by electronic means, enciphered under previously established higher-level keys. There comes a point, of course when no higher-level key exists and it is necessary to establish the key manually.
A common way of doing this is to split the key into several parts (components) and entrust the parts to a number of key management personnel. The idea is that none of the key parts should contain enough information to reveal anything about the key itself.
Usually, the key is combined by means of the exclusive-OR operation within a secure environment.
In the case of DES keys, there should be an odd number of components, each component having odd parity. Odd parity is preserved when all the components are combined. Further, each component should be accompanied by a key check value to guard against keying errors when the component is entered into the system.
A key check value for the combined components should also be available as a final check when the last component is entered.
A problem that occurs with depressing regularity in the real world is when it is necessary to re-enter a key from its components. This is always an emergency situation, and it is usually found that one or more of the key component holders cannot be found. For this reason it is prudent to arrange matters so that the components are distributed among the key holders in such a way that not all of them need to be present.
Other uses of cryptography

Many techniques also provide for detection of any tampering with the encrypted data. A 'message authentication code' (MAC) is created, which is checked when the data is decrypted. If the code fails to match, the data has been altered since it was encrypted. This facility has many practical applications
OTHER RESOURCES
The Cryptography Management Toolkit is a resource specifically designed to introduce cryptography in detail. It includes presentations, a comprehensive guide book, check lists, source code for common algorithms, and various other items.
5. DISADVANTAGES

The main disadvantages are:
. One way functions
. Factorization problems
. The discrete logarithm problem
Although cryptography is now a core part of modern commerce, it is often regarded as a 'black art'. This is largely because of a fundamental lack of understanding, as well as lack of access to the basic building blocks.

However, understanding and implementing cryptography (encryption, decryption AND key management) need not be a trial. A comprehensive and detailed kit is now available to help understand, audit, review, and implement cryptography.

This is a thorough introduction to cryptography and its application. It is an extensive document explaining not only the background to cryptography, but how to implement it successfully, what pitfalls to avoid, etc. . The following samples help to illustrate the depth and quality of this offering:



6. CONCLCLUSION
Cryptography is the sciences of secure communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet

What CRYPTOGRAPHY Can Do
Potentially, cryptography can hide information while it is in transit or storage. In general, cryptography can:
• Provide SECRECY.
• AUTHENTICATE that a message has not changed in transit.
• Implicitly authenticate the sender.
Cryptography hides words: At most, it can only hide talking about contraband or illegal actions
\One possible application for cryptography is to secure on-line communications between work and home, perhaps leading to a society-wide reduction in driving, something we could all appreciate.

What CRYPTOGRAPHY Can Not Do
Cryptography can only hide information after it is ENCRYPTED and while it remains encrypted. However, secret information generally does not start out encrypted, so there is normally an original period during which the secret is not protected. Moreover, secret information generally is not used in encrypted form, so it is again outside the cryptographic envelope every time the secret is used

paper-4

CRYPTOGRAPHY


NETWORK SECURITY




CONTENTS

• What is Cryptography?

• Types of Cryptography
1. Secret(symmetric) Key Cryptography.
2. Public(asymmetric) Key Cryptography.
3. Hash Functions.
4. Trust Models.

• Todays latest used cryptographic techniques

• Different types of threats to network

• Network Security can be done by various methods
1. VPN (Vitual Private Networks)
2. Firewalls
3. IPSec.
4. AAA Server.

Cryptography and Network Security
Does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications,
Ranging from secure commerce and payments to private
communications and protecting passwords. One essential aspect for
Secure communications is that of cryptography.

Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription.
In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.
Within the context of any application-to-application communication, there are some specific security requirements, including:
• Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication.
The three types of cryptographic algorithms that will be discussed are (Figure 1):
• Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
• Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
• Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information





1. Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption.
As shown in Figure the sender uses the key (or some set of rules) to encrypt the plain text and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.

Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so- called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plain text block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher.
2. Public key cryptography
Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
Generic PKC employs two keys that are mathematically
related although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext. The
important point here is that it does not matter which key is applied
first, but that both keys are required for the process to work (Figure
1B). Because a pair of keys are required, this approach is also called
asymmetric cryptography
3. Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, help preserve the integrity of a file.

4. TRUST MODELS
Secure use of cryptography requires trust. While secret key cryptography can ensure message confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC, PKC solved the secret distribution problem,
There are a number of trust models employed by various cryptographic schemes.
• The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
• Kerberos, a secret key distribution scheme using a trusted third party.
• Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
Each of these trust models differs in complexity, general applicability, scope, and scalability.

Types of authority
• Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.
• Assign authority: Establish what actions the holder may or may not take based upon this certificate.
• Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality).
----------------------------------------------------------------------------

Todays latest used cryptographic techniques:

Hash algorithms that are in common use today include:
• Message Digest (MD) algorithms
• Secure Hash Algorithm (SHA)

Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse.
Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures. And much more techniques used.
Time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys
Encrypt and decrypt messages using any of the classical substitution ciphers discussed, both by hand and with the assistance of programs.
understand the concepts of language redundancy and unicity distance.

Different types of threats to network:

• Application backdoors - Some programs have special features that allow for remote access . Others contain bugs that provide a backdoor , or hidden access , that provides some level of control of the program.

• SMTP session hijacking - SMTP is the most common method of Sending e-mail over the Internet . By gaining access to a list of e- mail Addresses , a person can send unsolicited junk e-mail ( spam ) to thousands of users . This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host , making the actual sender of the spam difficult to trace.
• Operating system bugs - Like applications , some operatingsystems Have backdoors . Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of .

• Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites . This type of attack is nearly Impossible to counter . What happens is that the hacker sends a request to the server to connect to it . When the server responds with an acknowledgement and tries to establish a session , it cannot find the system that made the request . By inundating a server with these unanswerable session requests , a hacker causes the server to slow to a crawl or eventually crash.

• E-mail bombs - An e-mail bomb is usually a personal attack . Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages .

• Macros - To simplify complicated procedures , many applications allow you to create a script of commands that the application can run . This script is known as a macro . Hackers have taken advantage of this to create their own macros that , depending on the application , can destroy your data or crash your computer .

• Viruses - Probably the most well-known threat is computer viruses . A virus is a small program that can copy itself to other computers . This way it can spread quickly from one system to the next . Viruses range from harmless messages to erasing all of your data .

• Spam - Typically harmless but always annoying , spam is the electronic equivalent of junk mail . Spam can be dangerous though . Quite often it contains links to Web sites . Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.

• Redirect bombs - Hackers can use ICMP to change ( redirect ) the Path information takes by sending it to a different router . This is one of the ways that a denial of service attack is set up.
Network security can be done by various methods.

1. Virtual Private Network:

A virtual private network ( VPN ) is a way to use a public telecommunication infrastructure , such as the Internet , to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities , but at a much lower cost

Implementation of network security by VPN.


Step 1. - The remote user dials into their local ISP and logs into the ISP’s network as usual.





Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server authenticates the user and creates the other end of tunnel.




Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection.




Step 4. - The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote user is also encrypted before being sent over the Internet.



2.Firewalls:
A firewall provides a strong barrier between your private network and the Internet . You can set firewalls to restrict the number of open ports , what type of packets are passed through and which protocols are allowed through . You should already have a good firewall in place before you implement a VPN , but a firewall can also be used to terminate the VPN sessions .

3.IPSec -
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption algorithms and more comprehensive authentication . IPSec has two encryption modes : tunnel and transport . Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this Protocol . Also , all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices , such as :

Router to router
Firewall to router
PC to router
PC to server

A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it provides the only point of access between your home network and the Internet .

4. AAA Server - AAA (authentication , authorization and accounting)
servers are used for more secure access in a remote-access VPN environment . When a request to establish a session comes in from a dial up client , the Request is proxies to the AAA server . AAA then checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)

The accounting information is especially useful for tracking client. Use for security auditing , billing or reporting purposes .

And many more but due to limitations not explained.

paper-3

CRYPTOGRAPHY


ABSTRACT
• In the real world, to provide securities there are four areas
They are:
Confidentiality
Authentication
Integrity
Non repudiation.
• The universal technique for providing confidentiality of transmitted data is cryptography. Cryptography is the one branch that deals with encryption and decryption.
• There are two types of hash algorithms. They are:
. MD5
SHA-1

• Due to the advancement in computing power and hash function crypt-analysis have led to the decline in the popularity of MD4 and MD5, two very popular hash functions. In response, newer hash algorithms have been developed with longer hash code length and with features designed to resist specific crypt-analytic attacks






INTRODUCTION




E-commerce on the worldwide web is a rapidly growing and proliferating field. But there are several differences between commerce in the real world and on the Internet, and perhaps the most fundamental issue is that of trust and security. In order to build secure E-commerce applications, we need to establish a definition of various security requirements.

The following four areas have been identified as the framework for secure E-commerce:
• Confidentiality: Protecting the data from all but the intended receiver(s).
• Authentication: Proving one's identity.
• Integrity: Ensuring no unauthorized alteration of data.
• Non-repudiation: Preventing an entity from denying previous commitments or actions.

The basic functionality of cryptography is to hide information. Its operation typically includes two processes:
 Encryption as the process of transforming information so that it is unintelligible to an intruder, and
 Decryption as the process of transforming the encrypted information so that it is intelligible again.

The following figure illustrates these processes.





• The information in its original form is known as plain text, and the encrypted message is called cipher text.

• Exchanging or choosing a key pair (e, d) secretly does secure communication between two persons.

• The security lies in the fact that the mathematical function and the key are only bound to the sender and receiver, not to anybody else.

• Keys are very critical to the functionality of cryptographic algorithms and it is sound cryptographic practice to change keys frequently.


There are 2 important hash functions:

• MD5
• SHA-1
SECURE HASH ALGORITHM

SHA-1 LOGIC:

The algorithm takes as input a message with a maximum length of less than 264 bits and produces as output a 160-bit message digest. length and chaining variable length of 160 bits. The processing consists of the following steps:

 Append padding bits :

The message is padded so that its length in bits is congruent to 48 modulo 512. Padding is always added, even if the message is already of the desired length. The padding consists of a single 1-bit followed by the necessary number of 0-bits.
 Append length :

A block of 64 bits is appended to the message. This block contains the length of the original message.

 Initialize MD buffer :

A 160-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as five 32-bit registers (A, B, C, D, and E).
These registers are initialized as:

A=67452301
B=EFCDAB89
C=98BADCFE
D=10325476
E=C3D2E1F0

These values are stored in big-endian format, which is the most significant byte of a word in the low-address byte position.


As 32-bit strings, the initialization values appears as follows:

Word A: 67 45 23 01
Word B: EF CD AB 89
Word C: 98 BA DC FE
Word D: 10 32 54 76
Word E: C3 D2 E1 F0

 Process message in 512-bit (16-word) blocks :

The hearts of the algorithm is a module that consists of four “rounds” of processing of 20 steps each. The four rounds have a similar structure, but each uses a different primitive logical function, which we refer to as f1, f2, f3, and f4.





The output of the fourth round is added to the input to the first round (CVq) to produce CVq+1.

 Output :
After all L 512-bit blocks have been processed, the output from the Lth stage is the 160-bit message digest.

The behavior of SHA-1can be summarized as:
CV0=IV
CVq+1=SUM32 (CVq, ABCDEq)
MD=CVL


MD5 MESSAGE DIGEST ALGORITHM

MD5 LOGIC


The algorithm takes as input a message of arbitrary length and produces as output a 128-bit message digest. The input is processed in 512-bit blocks.





The processing consists of the following steps:

 Append padding bits :

The message is padded so that its length in bits is congruent to 448 modulo 512.
 Append length :
A 64-bit representation of the length in bits of the original message is appended to the result of step1. Thus, the field contains the length of the original message, modulo 264.
 Initialize MD buffer :

A 128-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as four 32-bit registers (A, B, C, and D). These registers are initialized as:
A=67452301
B=EFCDAB89
C=98BADCFE
D=10325476

As 32-bit strings, the initialization values appear as follows:

Word A: 01 23 45 67
Word B: 89 AB CD EF
Word C: FE DC BA 98
Word D: 76 54 32 10
 Process message in 512-bit (16-word) :

The hearts of the algorithm is a compression function that consists of four “rounds” of processing; Each round takes input the current 512 –bit block being processed (Yq) and the 128-bit buffer value ABCD and updates the content of the buffer.


 Output :
After all L 512-bit blocks have been processed, the output from the Lth stage is the 128-bit message digest.


The behavior of MD5 can be summarized as:
CV0=IV CVq+1=SUM32[CVq,RFI(Yq,RFH(Yq,RFG(Yq,RFF(YqCVq))))] MD=CVL-1



COMPARISION OF SHA-1 AND MD5

The two algorithms are compared using the design goals:


 Security against brute-force attacks:

The most important difference is that the SHA-1 digest is 32-bits longer than the MD5 digest. Using a brute-force technique, the difficulty of producing any message having a given messagedigest is on the order of 2 128 operations for MD5 and 2 160 for SHA-1 and the difficulty of producing two messages having the same message digest is on the order of 2 64 operations for MD5 and 2 80 for SHA-1. Thus, SHA-1 is stronger against brute-force attacks.

 Security against cryptanalysis:
MD5 is vulnerable to cryptanalytic attacks whereas SHA-1 appears not to be vulnerable to such attacks.

 Speed:

Both algorithms rely heavily on addition modulo 2 32, so both do well on a 32-bit architecture. SHA-1 involves more steps and must process a 160-bit buffer compared to MD5’s 128-bit buffer. Thus SHA-1 should execute more slowly than MD5 on the same hardware

 Simplicity and compactness:
Both algorithms are simple to implement and simple to describe and do not require large programs.


 Little-endian versus big-endian architecture:
MD5 uses a little-endian scheme for interpreting a message as a sequence of 32-bit words, whereas SHA-1 uses a big-endian scheme. There appears to be no significant advantage to either approach.



Conclusion:

There is no gain saying the fact that cryptography plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. Public key cryptography, is the most important technology in modern cryptographic schemes to address issues like key management, authentication, non-repudiation and digital signature cryptosystems with smaller key lengths offer virtually no security. Symmetric-key systems offer an advantage over the public-key systems. Private keys in public-key systems are much larger.

paper-2

NETWORK SECURITY
Most computes criminals and hackers strike not because of their knowledge but they bloom because of the ignorance the users, system administrator on using their systems and servers and computer networks.
1.There are open ports on which hackers may attack.
2.There are dangerous kinds of attacks on the servers and administrators
3.There are mechanisms of securing window NT server administrator passwords.
This project is based on practical techniques, tacts, of attacking and the concept and mechanism of their attacks.
Thus for stopping the net criminals from intruding into the systems, the system administrator should know the drawbacks, loopholes of the OS, internet, and networking.
These papers give the details of different kinds of attacks that a hacker may onslaught on the administrator. Concepts and techniques of attacks like DOS attack, controlling and disconnecting remote modems,Trojan attasks, mail bombings etc.
.Emphasis is given on the open ports on which the hacker usually attack

ATTACKS ON THE SERVER.

DOS ATTACKS
Denial Of Service attacks( DOS attacks) are very common hacking attack now. It is defined as : An attack on the target system by a malicious attacker to render the normal services offered by it to legitimate users as unavailable or disable services..It involves the launching of an attack that will make the services offred by the target system or normal services offered by the internet or a network system to a legitimate user.
DOS attack can be described as one in which the target system’s memory is is so much clogged that it cannot serve legal users.Or system target is sent so much data files that,which can’t be handled by it and it crashes or reboot.

KINDS OF DOS ATTACK
PING OF DEATH:- Ping is a part of the ICMP protocol i.e. the internet control message Protocol.This is used to troubleshoot the TCP\IP network.
Ping is a command that sends out a datagram to the specified host. This specified host if alive i.e. turned on ,sends out reply or echoes of the same datagram. If the datagram that returns to our computer has the same datagram that was sent, then it means that the host is alive. Therefore ping is basically a command that allows to check if a host is alive or not. It can also be used to determine the amount of time taken for a datagram to reach the host.
Actually it is so deadly so that it can be used to ping a hostname perpetually, that may cause the host to crash. When a host receives a ping signal, it allocates some of its resources to to attend to or to echo backthe datagram. Now, if a host is pinged perpetually, then a time will come when all resources of the host are used and the host either hangs or restarts.
Due to ping’s deadly nature,most shall account ISP hide the ping utility.
It can be find out by using the command :
Whereis Ping
It is usually hidden in /usr/etc.
The flood ping which pings a host perpetually is:
Ping –t hostname
Ping –a can be usedto resolve addresses of the hosname.
We can even ping ourselves.The IP 127.0.0.1 is the local host. This means that when we connect to 127.0.0.1 , we actually connect to our own machine. Therefore to ping ourselves perpetually, we give the command:
Ping –t 127.0.0.1
However the flood ping no longer works as most of the OS have been updated.
The following ping command creates a giant datagram of the size 65,510.
C:\windows>ping –165510
This might hang the victim’s computer.
FPING UTILITY: this tool allows to send mass echo request to a huge number of systems.The normal ping sends out echoes one by one to eachj system on a network. Against this, fping sends mass echoe requests to the entirenetwork at a single time. Hence it is more efficient.
SYNFLOOD ATTACK:- SYN flooding is flooding the target system with so many connection requests, that all it’s mamorr gets hogged up in trying to establish proper connections with allthese requests .In effect, since all the memory of the target system is used up in trying to establish connections, the target system is unable to provide services even to the legitimate users.The SYN attack TCP/IP in three way handshake.whenever a client wants to establish a connections with a host,three steps takes place,known as three steps handshake:
1. The client system sends a SYN packet to to the remote host.
Client---------------SYN packet---------------Host
2. The remote host replies with a SYN/ACK packet to the client.
Host----------------SYN/ACK packet-------------Client
3. The client replies with an ACK packet,acknowledging the packet sent by the hostin step 2.
Client------------------ASK----------------------Host.
The above is known as three way handshake and only if the above are completed, a complete TCP/IP connection is established between a source and destination.
In SYN attack several SYN packets are sent to the server but all have a bad source IP address.When a server receives these SYN packets with bad IP addresses,it tries to respond to each one of them with a SYN ACK.Now the target system waits for an ACK message to come from the bad IP address.But as the IP doesn’t exist,the target system never receives the message.Hence these requests occupy large number of resources of the target system.As a result,due to large no of requests,the memory of the system gets hogged up and it becomes unable to respond to the legal users.Thus the server eventually crash, hang or reboot.
In accordance with the rules of TCP\IP,after a certain time has passed, a timed out takes place and the connection requests Queued up by the target system are discarded and thus a part of the hogged up memory is freed.Therefore in SYN flood attack, the attacker keeps on sending connection requests at a faster rate then the timed out take place.Thus the attacker keeps the target system hanged.
To know that we have been attacked,type the command:
C:windows>netstat –a
This will show as:
Active Connections
Proto Local Address Foreign Address State
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya *.* ESTABLISHRD
If the above command shows a lot of connections in the SYN_RECEIVED stata,then probably the system is under SYN attack. The connections under ESTABLISHED state are legitimate connections.
CONTROLLING AND DISCONNECTING REMOTE MODEMS.
Let our IP address is xx.xx.xx.xx and the server we are connecting to has the IP yy.yy.yy.yy.Let us assume a single data packet and send it to yy.yy.yy.yy,then the packet will take the following path to reach the destination.
Data packet at source-----------Modem of source-------------Router------------
Modem of Destination---------------Destination Server.
Thus, each data packet goes VIA MODEM, both at the source and the destination.Thus all data goes through modems and this data may be a command.
A syatem controls a modem by issuing the commands which are generally referred as AT commands. The word AT precedes all modem commands with a few exceptions.
An example of the AT commands is that is issued when you dial into your ISP.When you click on the ‘connect’ button, the DUN software sends the following command to your modem:
ATDT and ATDP command followed by the number you want to dial and enter.
To Issue command to the modem, it should be in the command mode.
A modem is always either in the command mode or in the online mode.When the system boot up, the modem, by default, is in the command mode.When the modem is in the command mode, then the AT commands are considered to be commands, while in the online mode all commands are considered to be data packets.
When we are connected to the internet, the modem is in the online mode, and thus can’t accept any command.This means that if we know the IP address of a person,and send a modem command string, the modem will only treat it as normal data and will not react to it.Thus the modem has to be switched in the commend mode.
When the modem is in the online mode, it can be brought to the command mode by sending it the escape characters.i.e.+++.Pressing the escapes character will switch the modem to the command mode and it will start reacting to the AT commands.
To return the modem in the online state, ATO command is given.
Thus if we know the IP address of a person, and we send the +++ string to it followed by the AT modem commands, we can practically control the remote modems.We can do anything with the modem.
H0 is the AT command that instructs the modem to hangup or disconnect.
If we want to disconnect our own modem, then we will issue the following command:
+++ATH0
This command switches the modem from the online mode to command mode and then send it the H0 command which disconnects the modem.
If we send this command to the remote modem, it will disconnect that too.
NOTE:The command ATH0 don’t work on all modems.
The way the command ATH0 works is that it hides escape/control sequences in an ICMP echo request packet.( it contains the string +++ATH0).Actually the string +++ sends the modem into escape mode, and if the guard time on the modem is set very low it will go into command mode instantaneously and we can issue it the AT commands.The system receives the echo request package with a new timestamp and checksum,destination/source hosts and return it to
sender. When it returns, the string is send to the modem and thus execution of the command takes place.There are few conditions that must be met for it to work. These are:
1. The target computer must not filter ICMP echo requestsand must know how to reply to one if it gets one.
2. The target computer must be using a modem
3. The target computer must have a vulnerable modem (i.e. guard time must be set nvery low) .
2. Spoofed ( i.e. with bad IP ) packets must be sent to the target computer, otherwise the target computer will know that from where these are coming from.
TROJAN/KEY LOGGER ATTACKS
Trojan is a tool which when installed in a system,can be misused for malicious purposes by the attacker.They are capable of doing a lot of harm to the target computer.
Almost all Trojans are made up of:
1.THE SERVER PART:This part of the Trojans should be installed and be running on the target system.
2.THE CLIENT PART:This part of the Trojan is installed and running on the attacker’s computer.
The Trojans attack in the following way:
1. The attacker tries to install the server part of the Trojan on the target system, iny of the following methods:
(a). Sending the Trojan disguised as a normal file through ICQ or any other instant messaging software.
(b). Installing the Trojan on the target computer manually.
©. By Trickery:In this method, the attacker either hides the Trojan server part into normal.EXE file.This file is chosen by the attacker on the basis this victim finds this file as useful and he installs this infected file.
2. Once the attacker has been able the Trojan on the server system,it binds a particular port on the target computer and the attacker listens for the connections.Each Trojan has a particular port to which it binds.
3. As soon as the attacker listens for the connections, he tries to know the IP address of the target computer.
4. As soon as the attacker gets the IP address of the target system,he uses the client part of the Trojanof his system and thus the attacker becomes able to control the target system.Thus, using this Trojan, the attacker can enjoy full control on the target system.
DETECTION OF A TROJAN:
Almost all types of Trojans are loaded into the memory each time the window boots up.There some common references or the locations where the are known or hiding are:
(A). THE START UP FOLDER: c:\windows\startmenu\programs\startup
This folder is actually stored in the registry:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell folders]
Common startup=c:\windows start menu\programs startup.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\user shall folders]
Startup= c:\windows start menu\programs startup.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\ shall folders]
Startup= c:\windows start menu\programs startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\user shell folders]
Common startup=c:\windows start menu\programs startup.
(B). SYSTEM FILES: The two system files,win.ini and system.ini are also executed
(c). BATCH FILES: The two batch files, autoexe.bat and winstart.bat arev also executed.These batch files may contain the malicious commands.
(D). THE WINDOW REGISTRY: The Trojan programs may also reside in the window registry and thus the following registry are executed when window boots.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesOnce]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runOnce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\RunOnce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\RunServices.
Thus by monitoring these and other places,we can detect the presence the Trojan viruses.

MAIL BOMBING
Mailbombing means to send a huge amount of emails to a single email account so that the maximum space of the account is filled and the user can’t receive any further email and making it difficult for the user to read the existing emails.
Mailbombing is of two types:
1. THE MASS MAIL BOMBING METHOD: In this kind of attack the user’s account is filled with huge number of the emails.There are mail bombing softwareswhich allow to send a particular message using a SMTP server.These softwares can be maid easily ib pearl.
e.g. #!/bin/pearl
$mprogram=’/usr/lib/sendmail’;
$victim=’victim@hostname.com’;
$var=0;
while($var<1000)
{
open (MAIL,”|$mprogram$victim”)||die”can’t open mail program”;
printMAIL “Mail Bombing”;
close(MAIL);
sleep(4);
$var++;
}
This program will send 1000 emails to the target account.
LIST LINKING: In this mailbombing the target is subscribed to thousands of mailing list. This kind of mail bombing is more effective as the server has to unscribing himself from this long mailing list.
The List Linking mailbombing is done by the use of mail bombing software.This software asks the target email address , the address of the SMTP server,the forged email address from which the mail bomb is to appear.
This software subscribes the victim again and again, abd thus he has a lot of work to do. He even has to miss his incoming important emails and existing emails.
In this type of attack, don’t download all the massages and deleting. Instead, log on to the POP port of your mail server and delete the useless massages using POP commands.And by reading the header , the mailbomber can be easily traced.


PORT SCANNING

There are basically two kinds of ports—Physical(hardware) and Virtual(software).
Hard ware are the slots behind the CPU to which other system davices are connected.A software port is a virtual pipe through which informaion flows. A particularsystem can have a large number of ports. All ports are numbered and on each port a particular service or software is running.
Port scanning is the first step in finding a hackablr server, with a hole or any vulnerability.
If we are to hack our ISPserver, then we first have to find out the hostname of the server run by the ISP.Now each server can have a large number of open ports and it will take days to manually go and search the services running on each port.This is where the port scanning utilities come in.
Tools like SATAN allow to find out the list of the open ports and the services running on them and also the vulnerability of the target system.
Another thing we must be careful about port scanning the ISP is that most port scanners are easily traceable.If caught port scanning on the host, then this is a sure symbol of hacker’s activity.
To find out the list of the open ports on our own system,we have to give the command:
C:\windows>netstst –a
The ports are of three kinds:
1. The well known ports:These ports are the ports which are numbered from 0 to 1023.This range of the port is bound to the sevices running on them. Thus each port has a specific service running on it.
Eg. The FTP runs on Port 21.
3. The registered port number:These ports are from 1024 to 49151.This range of the port is not bound to any specific service. Actually networking utilities like browser email opens a random port within this region and starts the communication with the remoye server.A port number within this region enables us to surf the net .
These ports are simply open so that our software applications can do the desired work.They act as a buffering transferring packets received to the application and vice versa.Once we close our application, these ports are automatically closed.
3. THE DYNAMIC/PRIVATE PORT NUMBER.:These ports are the ports from 49152 to 65535. This range is rarely used and is mostly used by Trojans.
Eg. Sun starts its RPC port at 32768.

BLOCKING THE PORTS:
Thus, this basically shows us to what to do if the netstat command gives us a couple of open ports on our system or server.
1. Check the Trojan list and compare if the open port number matches any Trojan list. If it does ,get a Trojan remover and remove the Trojan.
2. WE can also remap the ports. This is an efficient method to secure our open ports. The remappng is done by the fact that instead of running a service on a well-known port,where it can be easily exploited, it better to run it on a not so known port. Thus a hacker will find it more difficult to find that service.This method is known as remapping.
3. ETHERPEEK is an excellent sniffing software,which can easily trace the port scanner.
4. NUKE NABBER, a window freeware, claims to be an excellent port blocker.
5. There are other utilities such as PORT DUMPER, which can fake daemons (services) like Telnet, Finger printing, etc.

SECURING WINDOWS NT ADMINISTRATOR PASSWORDS
(Source : www.ntbugtraq.ntadvice.com/default.asp )
The NT Security Access Manager (SAM) is the security manager of the passwords of the windows NT Administrator. The SAM stores the list of the usernames of all accounts and their respective passwords in the encrypted form of all local users on that particular domain. Cracking the encrypted passwords stored by SAM is all needed to control the entire network.
By default the backup of SAM is stored in the file %systemroot%\repair\sam._.And by default , This directory allows everyone to read access. Thus it is possible to retrieve the hashed(encrypted) passwords from the file directly. There it is required not to give access to the root directory of the %systemroot% drive against having any system file manipulated.
Recently the algorithm of reversing the NT user hashed passwords into NT user ID’s passwords was published.
This created a scary concern over the relative security of the Window NT Administrator System.
Therefore RECOMMENDATIONS to secure the file %systemroot%\repair\sam._ [this file stores the backup of SAM(SAM stores the passwords),and hence one of the most important file]. These are:
TO SECURE THE %systemroot%\repair\sam._ FILE:
By default, the SAM._ and \repair directory has the following permission:
Administrators; SYSTEM : Full Control
Everyone: Read
Power Users: Change
1. From within Explorer, highlight the SAM._ file, right click, choose properties,security,permissions. Remove all privileges from this file.
2. From DOS prompt, execute the following;
Cacls %systemroots%\repair\sam._ /D Everyone
This will deny the group Everyone permission to the file, ensuring that no other permission can override the file permission.
3. Whenever you need to update your ERD(Emergency Repair Disk), first execute the following at DOS;
Cacls %systemroot%\repair\sam._/T/G Administrators:C
This will grant Administrators change permission to update it during the ERD update. (SAM database is backed up whenever ERD is updated).
4. Once the ERD has been updated, execute the following at DOS;
cacls%systemroot%\repair\sam._/E/R Administrator
This will once again remove the permission for Administrator.
Hence the file is fully secured.