1.

NETWORK SECURITY
In any organization, information security has two dimensions. Those are
1. Computer Security 2. Network Security.
1. Computer Security: In an organization, information is stored in computers. We use some
automated tools to provide the security for our computers. There is a threat or virus attack to
our system or computer. In order to provide security to our system and data in it, we use some
antivirus software. This is the criteria for providing the computer security.
2. Network Security: In an organization several computers are connected in a network. Thus
network may connect again connected to the internet. So, here the message transmission is
done between the computers. Here we need the network security to protect our message
transmissions. This is the criteria of providing network security.
Security Threats: (Categories of Attacks)
An attack on the security of a computer system may be defined as “threat”. The
following are various possible security threats.
1. Interruption: Here the message is destroyed in the middle and is made unavailable to the
receiver. This is also called as an “Attack on Availability”.

2. Interception: Here the message is accessed by an unauthorized user during the process of
the transmission. Here the receiver receives the message and not aware of the introducers.
This is called attack on “Confidentiality”.

3. Modification: Here the intruders or unauthorized party gains the access over the
communication channel and retrieves the message from the sender and then modifies it, and
send it to receiver. This is called as an “Attack on Integrity”.

1
4. Fabrication: Here an intruder will insert a message into the communication channel and
send it to the receiver. This is called as an “Attack on Authentication”.

Classification of Security Threats (Attacks): An attack on computer systems security is

defined as threat or attack. These attacks are classified into two categories.
1. Passive Attacks 2. Active Attacks
1. Passive Attacks: The passive threats are in the nature of monitoring and dropping. The
goal of passive threats is to know the message contents which are being transmitted. Here the
message is not altered in the middle. There are two types of Passive Attacks.
Release of message contents: Here the unauthorized user will know the message
transmission. Ex: A telephonic conversation or content of e-mail message etc.,
Traffic Analysis: In the traffic analysis the unauthorized person always monitors the
authorized person, analysis the number of communications between and also the length of the
message transmission. He also analysis how many times the receiver going to respond and
passing on these factors, the unauthorized person guesses the message transmission.
2. Active Attacks: In the active threats the message is altered in the middle. These threats can
be classified as follows.
1. Masquerade 2. Reply 3. Modification 4. Denial of Service
1. Masquerade: Here an unauthorized party or an intruder pretends to act like an authorized
user and sends the message to all the other authorized users.
2. Reply: Here an unauthorized person copies the previous transmission between the
authorized parties and send it to receiver number of times as reply.
3. Modification: Here the message is being altered by the unauthorized party in the process
of transmission and send to the receiver.
4. Denial of Service: It prevents the normal use communication facilities like description of
an entire network etc.,
Security Services: The following are some of the useful security services.
1. Confidentiality. 2. Authentication 3. Integrity
4. Non-repudiation 5. Access Control 6. Availability

2
1. Confidentiality: This ensures that only authorized parties can able to view the message on
the system or message to be transmitted.
2. Authentication: This ensures that the origin of the message transmission is correctly
identified by the receiver.
3. Integrity: This ensures that only the authorized parties can be able to modify the message
which is transmitted and also ensures whether total message transmission is done. (Received
=Sent)
4. Non repudiation: Either sender or receiver can’t be able to avoid the transmission of the
message.
5. Access Control: The authorized parties control the reading or writing of the particular file.
It can always do by the authorization parties.
6. Availability: The message in the system or the message that is to be transmitted is always
available to the authorized parties sender or receiver.
A Model for Network Security:

The requirement in this scheme both sender and receiver should know the key in the same
way.
Description:
Plain Text (P.T): This is the general English language which can be understand by any
person
3
Cipher Text (C.T): This is resultant after applying encryption algorithm on the P.T w.r.to the
key.
Encryption: This is the process by which the P.T is converted into the C.T using the key.
Decryption: This is the process by which the C.T is converted into the P.T using the same
key.
Key: This is the secret code used by authorized person while encryption and decryption
procedure is doing.
Process in Sender Machine: In the sender machine the P.T (X) is converted into the C.T (Y)
using a key (K) and it is being processed into the communication channel. This is given as
Y= EK(X).
Process in Receiver Machine: In the receiver machine the C.T (Y) is decrypted into the P.T
(X) by using the same key. Thus the P.T will be received by the receiver. This is given as
X=DK(Y).
Threat: A person, thing, event or idea which poses some danger to an as asset in terms of
that assets confidentiality, integrity, availability, or legitimate use.
Accidental Threats
Deliberate Threats: Passive and Active.
Attack: A realization of a threat; any action that attempts to compromise the security of the
information owned by an organization /person.
Types of Attacks:
1. Trojan Horse: Instructions hidden inside an otherwise useful program that do undesirable
things.
2. Virus: A set of instructions that, when executed, inserts copies of itself into other
programs.
3. Worm: A program that replicates itself by installing copies of itself on other machines
across a network.
4. Trapdoor: An undocumented entry point intentionally written into a program, often for
debugging purposes, which can be exploited as security flaw.
5. Logic bomb: malicious instructions that trigger on some event in the future, such as a
particular time occurring.
6. Zombie: malicious instructions installed on a system that can be remotely triggered to
carry out some attack with less traceability because the attack comes from another victim.

4
OSI Reference Model:
Open Systems Interconnection (OSI) model was developed by International
Organization for Standards (ISO) for connecting Open Systems that are open for
communication. It is popularly known as ISOOSI Reference Model.
The main functionality of the layers is enlisted below.
1. Physical Layer: This layer delivers an unstructured stream of bits across a link of some
sort.
2. Data Link Layer: This layer delivers a piece of information across a single link. It
organizes the physical layer’s bits into packets and controls who on a shared link gets each
packet.
3. Network Layer: This layer computes paths across an interconnected mesh of links and
packet switches, and forwards packets over multiple links from source to destination.
4. Transport Layer: This layer establishes a reliable communication stream between a pair
of systems across a network by putting sequence numbers in packets, holding packets at the
destination until they can be delivered in order, and retransmitting lost packets.
5. Session Layer: The OSI session layer adds extra functions to the reliable pair-wise
communication provided by the transport layer. Most network architectures do not have or
need the functionality in this layer.
6. Presentation Layer: This layer encodes application data into a canonical (System
independent) format and decodes into a system dependent format at the receiving end.
7. Application Layer: This is where the applications that use the network, such as web
surfing, file transfer, and electronic mail, reside.
A layer communicates with the equivalent layer in a different node. Each layer uses
the services of the layer below, adds functionality, and provides a service to the layer above.
IP, UDP, and TCP: IP (Internet Protocol), the layer 3 protocol, is defined in RFC 791. Its
job is to deliver data across a network. IP layer adds an envelope (a header) to the data that
specifies the source and destination addresses. But the IP address only specifies the
destination machine.
The two most important layer 4 protocols in the IETF suite are TCP defined in RFC
793 and UDP defined in RFC 768. TCP sends an unlimited size stream of data, reliably. UDP
sends limited-sized individual chunks, with best-effort service. Both TCP and UDP have
fields for SOURCE PORT and DESTINATION PORT, which specify the process to whom
the data belongs. TCP additionally has sequence numbers and acknowledgements to ensure
the data arrives reliably.

5
Directory Service:
In a computer network there is a service which stores information about a name,
including its network layer address. Anything that needs to be found is listed in the service.
Anything that needs to find something searches the services. We call such a service
directory, though some people like to reserve the term “directory” for something in which
you search based on an attribute rather than look up something based on its name. Those
people would call a simple service in which you look up information a naming service.
The Multi-Level Model of Security: The security threats in different environments are very
different as are they best ways to counter them. The following concepts explain the Multi-
Level Model of security.
1. Mandatory Access Controls 2. Levels of Security 3. Mandatory Access Control Rules.
4. Covert Channels 5. The Orange Book.
1. Mandatory (Nondiscretionary) Access Controls: Discretionary means that someone
who owns a resource can make a decision as to who is allowed to access it.Nondiscretionary
access controls enforce a policy where users might be allowed to use information themselves
but might not be allowed to make a copy of it available to someone else.
2. Levels of Security: This is explained using definitions of the U.S. Department of Defense
(DOD). The security label consist two components.
i) A security level (also known as classification), which might be an integer in some range,
but in the U.S. DOD consists one of the four ratings unclassified, confidential, secret, and top
secret, where unclassified <confidential<secret<top secret.
ii) A set of zero or more categories (also known as compartments), which describe kinds of
information. For example, the name CRYPTO might mean information about cryptographic
algorithms, INTEL might mean information about military intelligence, and COMSEC means
information about communications security or NUCLEAR means information about types of
families.
Documents (or Computer files) are marked with a security label, which gives how
sensitive information is
3. Mandatory Access Control Rules: Every person, process and piece of information has a
security label. A person can’t run a process with a label higher than the person’s label, but
may run one with a lower label. Information is only allowed to be read by a process that has
at least as high a rating as the information.

6
 The terminology used for having a process read something with a higher than the
process is read-up. Read-up is illegal and must be prevented.
A process cannot write a piece of information with a rating lower than the process’s
rating. The terminology used for a process writing something with a lower rating than the
process is write-down. Write-down is illegal and must be prevented.
The rules are
i) A human can only run a process that has a security label below or equal to that of the
humans label.
ii) A process can only read information marked with a security label below or equal to that or
the process.
iii) A process can only write information marked with a security label above or equal to that
of the process. Note that if a process writes information marked with a security label above
that of the process, the process can’t subsequently read that information.
The prevention of read-up and write-down is the central idea behind mandatory access
controls.
4. Covert Channels: A Covert channel is hidden channel to sent information secretly. It is a
method for a Trojan horse to circumvent (escape from) the automatic confinement (limit or
boundary) of information within a security parameter.
One kind of covert channel is a timing channel. The Trojan horse program alternately
loops and waits, in cycles of, say, one minute per bit. When the next bit is a 1, the program
loops for one minute. When the next bit is a 0, the program waits for a minute. The bad guys
program running on the same computer but without access to the sensitive data constantly
tests the loading of the system. If the system is sluggish, its conspirator inside the perimeter is
looping, and therefore transmitting a 1; otherwise the conspirator is waiting, and therefore
transmitting a 0.
Another kind of covert channel is called a Storage channel involves the use of shared
resources other than processor cycles. For instance suppose there were a queue of finite size,
say the print queue. The Trojan horse programs called fill the queue to transmit a 1.
The Orange Book: The National Computer Security Center (NCSC), an agency of the U.S.
Government, has published an official standard called “Trusted Computer System Evaluation
Criteria”, universally known as “The Orange Book”. The Orange Book defines a series of
ratings a computer system can have based on its security features, and the care that went into
its design, documentation and testing.

7
 The official categories are D, C1, C2, B1, B2, B3 and A1, which range from least
secure to most secure.
D-Minimal Protection: This simply means the system did not qualify for any of the higher
ratings; it might actually be very secure.
C1-Discretionary Security Protection: The O.S must prevent unprivileged user programs
from overwriting critical portions of its memory.
 Resources must be protected with Access Controls.
 The system must authenticate users by a password or some similar mechanism, and
the password database must be protected, so that it cannot be accessed by
unauthorized users.
C2-Controlled Access protection: This level corresponds roughly to a timesharing system
where security is an important concern but users are responsible for their own fates. The
additional requirements for C2 ratings are
Access control at a per user granularity- It must be possible to permit access to any selected
subset of the user community, probably via ACL’s.
Clearing of Allocated Memory- the O.S must be ensuring that freshly allocated disk space
and memory does not contain “leftover” data deleted by some previous user.
Auditing- the O.S must be capable of recording security –relevant events, including
authentication and object access. It records date, time, user, object and event.
B1-Labeled Security Protection: Security Labels: Sensitivity labels must be maintained for
all users, processes, and files, and read-up and write-down must be prevented by the O.S.
Attached devices must either themselves be labeled as accepting only a single level of
information, or they must accept and know how to process security labels.
Attached printers must have a mechanism for ensuring that there is a human readable
sensitivity label printed on the top and bottom of the each page corresponding to the
sensitivity label of the information being printed.
B2-Structured Protection:
Trusted Path to user, Security level changes, Security kernel
B3-Security Domains:
Active audit, Secure crashing
A1-Verified design:
There are no additional features in an A1 system over a B3 system. Rather there are
formal procedures for the analysis of the design of the system.

8
 2. Introduction to Cryptography
What is Cryptography?
Cryptography is art of secret writing. While cryptographers invent clever secret codes.
Cryptanalysts attempt to break these codes. Cryptographic systems tend to involve both an
algorithm and a secret value. The secret value is known as the key.

Computational Difficulty:
Cryptographic algorithms are not impossible to break without key. A bad guy can
simply try all possible keys until one works. Some times a cryptographic algorithm has a
variable-length key. It can be made more secure by increasing the length of the key.
To Publish or Not to Publish: To publish an algorithm, it is widely known, will enhance its
security. If we, are keeping the algorithm secret must be more secure.
Secret Codes: Here we are using Caesar Cipher algorithm, Caption Midnight code, and
mono-alphabetic cipher.
Breaking an Encryption Scheme: The three basic attacks are known as
1. Cipher text only: It is not difficult for a bad guy to obtain cipher text. A cryptographic
algorithm has to be secure against a cipher text only attack because of the accessibility of the
cipher text to cryptanalysts. In Monoalphabetic cipher, if the only cipher text available to
Fred were XYZ, then there is not enough information. There are many possible letter
substitutions that would lead to a legal three-letter world. Here the XYZ is THE or CAT or
HAT.
2. Known Plain text: Fred has somehow obtained some <plain text, cipher text> pairs. It is
easier for attacker. Some cryptographic schemes might be good enough to be secure against
cipher text only attacks but not good enough against known plain text attack.
3. Chosen Plain text: In a chosen plain text attack Fred can choose any plain text he wants,
and get the system to tell him what the corresponding cipher text is.
Types of Cryptographic Functions:
The cryptographic functions are classified into 3 categories. They are
1. Secret Key Cryptographic functions 2. Public Key Cryptographic functions
3. Hash Functions.
1. Secret key cryptographic function:
If the sender and receiver uses same key to encrypt and decrypt, then it is called
i) Symmetric crypto system ii) Conventional crypto system iii) one key crypto system.

9
DES, IDEA, AES algorithms are all secret key algorithms, the security of this algorithms are
depends upon the secrecy of the key.
Advantages:
1. Security uses of secret key cryptography: The next few sections describe the types of
things one might do with secret key cryptography.
2. Transmitting over an Insecure Channel: Messages are converted in to cipher text and
this cipher text is transmitted over an insecure channel, if any analyst enters into the channel,
he is able to read the cipher text and he is unable to find P.T immediately. Because, C.T. is
obtained after an encryption which uses a secret key that is known to sender and receiver.
3. Secure Storage on Insecure Media: Using encryption, we can convert the file into cipher
text and we can store in any insecure media. Later we require that file; we can use the key to
decrypt it.
4. Authentication: In the concept of Authentication, the users communicate with each other
with the view of authenticate the other person. First, the sender A prepares Challenge and
sends it to B, B gives a response with an encrypted challenge. Here encryption is done by a
shared key between A and B. Similarly, B sends a challenge and A gives an encrypted
response. This is known as Strong authentication or Challenge Response authentication.

5. Integrity Check: The secret key cryptography is used to generate a fixed length check
sum value called cryptographic checksum or MAC. In this method sender first prepares MAC
value and append it to the Original Message and send it to the receiver. After receiving M 1
and CK(M), the receiver prepares MAC value of M1 and compared it with CK(M). These two
values are identical means that, the message is not altered in the middle. The function C uses
a key which is shared by sender and receiver.
2. Public Key Cryptography:
In this system, each person has two keys. Those are a) Public key b) Private Key.
Public key is kept public to all; where as private key is kept secret. Unlike secret key
cryptography, keys are not shared. Instead, each individual has two keys: a private key that
need not be revealed to anyone, and a public key that is preferably known to the entire world.
Unfortunately, both words public and private begin with p. we will sometimes want a single
letter to refer to one of the keys. The letter p won’t do. We will use the letter e to refer to the

10
public key, since the public key is used when encrypting a message. We’ll use the letter d to
refer to the private key, because the private key is used to decrypt a message. Encryption and
decryption are two mathematical functions that are inverses of each other.
1. Security uses of public key cryptography: Public key cryptography can do anything
secret key cryptography can do. Public key cryptography might be used in the beginning of
communication for authentication and to establish a temporary shared secret key.
2. Transmitting over an Insecure Channel: Suppose Alice’s <public key, private key> pair
is <eA, dA>. Suppose Bob’s key pair is <eB, dB>. Assume Alice knows Bob’s public key, and
Bob knows Alice’s public key. Sender performs an encryption using opponent’s public key
and receiver performs decryption using his own private key.

3. Secure storage an Insecure Media: The users prepares a message and encrypt it by using
public key and stores in the media, whenever the file is required, it is decrypted using the
user’s private key.
4. Authentication: The authentication is explained in the following diagram.

5. Digital Signature: Signature uses some private information known only sender. i.e. KRa
used in the encryption side.
3. Hash Function:
The Hash algorithms are known as Message digests or one-way transformations. A
Hash function is a mathematical transformation, which takes arbitrary (random) length of
message and computes a fixed length numerical value. We call the hash of the message as
H(M). We will use the terms hash and message digest interchangeably. The following are the
properties of Hash functions.
i) For any message M, it is relatively easy to compute H (M).
ii) Given H (M), there is no way to find ‘M’ by an attacker.
iii) Many different messages will be transformed to same H (M). But it is computationally
infeasible. To find two messages will generate same value.
1. Password Hashing: When a user types a password, the system has to be able to determine
whether the user got it right. If the system stores the passwords in unencrypted form (i.e., a
file with two columns namely username and password), then if any person can access that

11
file, he knows the passwords of every other user. So, instead of storing in the above form, the
system finds Hash value of each password and stores it. (i.e., a file with two columns
username and H (password)). If this file is accessed by anyone, he can’t understand the
contents of the file, whenever the user enters his username and password, it first calculates
the Hash of password (entered by the user) and then compares it with the above file and
decides the user is allowed in or not.
2. Message Integrity: Cryptographic has functions can be used to generate a MAC to protect
the integrity of messages transmitted over an insecure media. If we sent the message and used
the hash of the message as a MAC, this would not be secure, since the Hash function is well-
known, the bad guy can modify the message and compute a new hash for the new message,
and transmit that.
However, if Alice and Bob have agreed on a secret, Alice can use a hash to generate a
MAC for a message to Bob by taking the message, concatenating the secret, and computing
the hash of message/secret. This is called a keyed hash. Alice then sends the hash and the
message (without the secret) to Bob. Bob concatenates the secret to the received message and
computes the hash of the result. If that matches the received hash, Bob can have confidence
the message was sent by someone knowing the secret.

3. Message Fingerprint: If you want to know whether some large program has been
modified from one day to the next, you could keep a copy of the data on some tamper-proof
backing store and periodically compare it to the active version, with a hash function, you can
save storage; you simply save the message digest of the data on the tamper-proof backing
store. If the message digest hasn’t changed, you can be confident none of the data has.
4. Downline load Security: In a network many special purpose devices are connected, like
routers, printers that do not have the non volatile memory to store the programs they normally
run. Instead, they keep a boot strap program smart enough to get a program from the network
and run it. This scheme is called downline load.
5. Digital Signature efficiency: The best known public key algorithms are sufficiently
processor –intensive that is desirable to compute a message digest of the message and sign
that, rather than to sign the message directly. The message digest algorithms are much less
processor-intensive, and the message digest is much shorter than the message.

12
 3. Secret Key Cryptography
A permutation specifies, for each of the k-input bits, the output position to which it
goes. Ex: The 1st bit may become the 13th bit of output; the 2nd bit would become the 61st bit
of output and so on.
DES (Data Encryption Standard):
DES algorithm converts 64-bit P.T into 64-bit C.T, using a key of 56 bits. Initially the
64-bit P.T is given to IP (Initial Permutation) function. The Output of IP function under
goes 16-rounds of similar function. Each round takes a 64-bit input, 48-bit sub key and gives
64-bit output. The output of round ‘i’ is a given input to the round ‘i+1’ with sub key Ki+1.
The output of 16-round is given to 32-bit swap function is given to inverse permutation
function. Output of IP inverse is 64-bit Cipher text. The following are block diagrams of DES
algorithm.

Fig: Basic Structure of DES

DES decryption is inverse of the encryption. It converts 64-bit C.T into 64-bit P.T. First 64-
bit C.T is given to IP function. The output of IP function undergoes 16 rounds from R1 to R16.
These rounds uses sub keys in the reverse order from K16 to K1. i.e., Round 1 uses K16; Round
2 uses K15 ….. Finally Round 16 uses K1.
The output of Round 16 is swapped and is given to IP inverse function to get the 64-
bit P.T.
13
Detailed Explanation of DES algorithm:
The IP function and IP-1 are used in DES algorithm. The following is the IP and IP-1
function.

The initial P.T is 64-bits, it is written in the form of 8*8 matrixes. It is given to the IP
function.
The IP-1 function is applied at the end of 8-rows swap function. But it satisfies
IP-1(IP(X)) =X
The IP function and IP-1 function are found randomly. The IP follows the following
way. The IP is 8-octets. The first octet becomes last column with some permutation of 2, 4, 6,
8, 1, 3, 5, 7. The second octet becomes 7th column with some permutation and so on. Finally
the 8th octet becomes first column (snapshot is show in figure)

Fig: Initial Permutation of Data Block

14
Generation of sub keys:
A total of 16 sub keys. Each of 48-bit key is used in 16-rounds of DES algorithm.
These are generated from a 56-bit key. The actual key of DES algorithm look likes 64-bit
long. But each and every 8th bit is called odd parity. So, we exclude these bits i.e., we exclude
8, 16, 24, 32, 40, 48, 56, 64. From remaining 56-bits, generate the 16-bit sub keys. Initially
the 56-bits are permutated and divided into two halves (C0, D0). These are as given below.

Initial Permutation of Key

We use the following diagram to generate the sub key

Fig: Round i for generating Ki

Structure of each round in DES:
Each round in DES algorithm takes a 64-bit input and a 48-bit sub key to produce 64-
bit output. The 64-bit input is divided into two 32-bit halves. The following is the internal
structure of each.
15
 Fig: DES Round
Ln+1is equal to Rn, where Rn+1 is obtained as follows. First Rn bits are given to Mangler
function with sub key Kn of 48-bits. The output is exclusive or with Ln to get Rn+1. i.e.,
Ln+1=Rn; Rn+1=Ln Mangler (Rn, Kn)
Mangler Function:
The Mangler function takes 32-bit input and 48-bit key. It gives a 32-bit output. It
first expands the 32-bit input to 48-bits. This is done by means of expansion permutation
function. The 48-bits are ed with sub key 48-bits. We will get output of 48-bits. Now these
48-bits are divided into 8-equal parts of 6-bits each. Each part is given to one S-box. Each S-
box takes 6-bit input and produce 4-bit output. Finally, we combine the outputs of 8 S-boxes,
which is the output of Mangler function. This is shown in the following dig.

Fig: Chunk Transformation

16
IDEA (International Data Encryption Algorithm):
IDEA was originally called (Improved Proposed
Encryption Standard (IPES)). IDEA algorithm converts a 64-bits P.T into 64-bits C.T using a
128-bits Key value.
Here the 64-bits P.T undergoes 8 rounds of similar structure and an output
transformation function to give 64-bits C.T. Each round is further divided into two sub
rounds. Hence we will get totally 17 different rounds. Out of these 17 rounds, all rounds are
having similar structure. Now the IDEA block diagram can be viewed as follows.
Here we generate 52-subkeys of 16-bits. Each from the 128-bit key. Each round uses
6 sub keys and the Output transformation uses 4 sub keys. The following is the block diag.

Explanation:
Sub Key Generation: First we consider the 128-bit key. It is divided into 8-equal parts. The
first part is called K1, second part is called K2 and so on. The last part is K8. In this way, we
generate K1 to K8 keys. i.e., K1(1…..16), K2(17…..32), ………………K8(113…….128).

17
 Now we perform circular left shift of 25-bits on the given key to get 26, 27,
28,128, 1,2,……25. We divide these bits into 8 equal parts and call them as K9 to K15. i.e., K9
(26…..41), K10 (42…….57),……..K16 (10…..25).
Now again, we perform circular left shift of 25-bits on the above input to
get 51………128, 1…25, 26….50.
From this we generate the text 8 sub keys from K17 to K24. Same Procedure
is repeated until we get 52 sub keys.
IDEA Decryption:
In IDEA decryption the 64-bits C.T is converted into 64-bits P.T using the
same 128-bit key.
The 64-bit C.T undergoes 8-rounds and output transformation to get 64-bit
P.T. In Decryption process, we require 52 sub keys of 16-bits each. These are labeled as U1,
U2, U3, …..U52. These keys are identical to K1 to K52 with some permutation, minor changes.
i.e., the decryption keys are generated by using the encryption key in the following way.
Internal Organization of Rounds: In IDEA algorithm, we have 8 rounds of similar structure
and an output transformation function. From the above diagram (Basic structure of IDEA),
we observe that, each round takes a 64-bit input and produces 64-bit input and produces 64-
bit output. Each odd round takes 4-keys, where as each even round takes 2 keys.
Odd Round:
Each round takes four 16-bit values as output. The following is the structure of
odd round. The odd round ‘i’ takes four 16-bit values namely Xa, Xb, Xc, and Xd as inputs
with keys Ka, Kb, Kc, Kd and produce Xa, Xb, Xc, Xd as outputs. The following structure
explains this concept.

18
We compute new Xa, Xb, Xc and Xd as follows.
new Xa=Xa Ka new Xd=Xd Kd
new Xb=Xc + Kc new Xc=Xb + Kb
Even Round:
The even round takes four 16-bit inputs Xa, Xb, Xc, Xd and two key values Ke, Kf
and generate four 16-bit values output as Xa, Xb, Xc, Xd. The following diagram explains this
concept.

19
AES (Advanced Encryption Standard):
This block cipher algorithm is proposed by Rijndael.
This is a substitution permutation network. This is relatively easy to implement when
compared to DES and it occupies less memory space. This algorithm uses a block of P.T and
converts it into a block of C.T using a block key.
Rijndael provides for a variety of block and key sizes. These two
parameters can be chosen independently from 128, 160, 192, 224, and 256 bits. (in particular,
key size and block size can be different). AES mandates a block size of 128-bits and a choice
of key size from 128, 192, and 256 bits, with the resulting versions imaginatively called AES-
128, AES-192, and AES-256, respectively.
Basic Structure:
Rijndael allows a certain amount of flexibility by use of two independent
parameters; with a third parameter derived from the other two:

20
1. The block size, Nb. This is the number of 32-bit words (4-octet columns) in an encryption
block. AES has Nb=4, because its 128-bit block size is four 32-bit words.
2. The key size, Nk. This is the number of 32-bit words (4-octet columns) in an encryption
key. AES-128 has Nk=4, AES-192 has Nk=6, AES-256 has Nk=8. Rijndael allows any Nk
between 4 and 8 inclusive.
3. The number of rounds Nr. This parameter is a function of other two parameters. The
number of rounds needs to be larger for longer keys so that breaking the encryption is as
difficult as a brute-force attack at that key size. So Rijndael specifies that N r= 6+ max (Nb,
Nk). This means that AES-128 has ten rounds. AES-192 has twelve rounds, and AES-256 has
14 rounds.
Rijndael keeps a rectangular array of octets as its state. The state has Nb 4-octet
columns. Initially, the state is filled column by column from the 4 Nb-octet input blocks. The
state is transformed in Nr rounds into a final state, which is then read out column by column
as the output block. Before round 1, between rounds, after round Nr is an into the state.
Primitive Operations:
Rijndael is based on four primitive operations
1. Sub Bytes Step:
In sub bytes step each byte of the input is updated using S-box to get an
output byte. This operation provides a non-linearity in the input. The S-box is generally
derived from the Inverse functions. The following diagram explains the idea.

2. Shift Row Step:

The output of first stage is given to shift rows step. It operates on the
rows of the input. The row1 is unchanged. The second row is shifted one to its left. The third
row is shifted two to its left. The 4th row is shifted three to its left. This is shown in below.

21
3. Mix Column Step:
In this step the 4-bytes of each column are converted into transformations
and multiply with a fixed polynomial x4+1 to get the output. The input to this stage is 4*4
arrays of bytes (output of the shift rows). From this input we get four groups. Each group is
transformed into polynomial. Each such polynomial is multiplied with x4+1 to get another
polynomial. It is again retransformed to group of 4-bytes.

4. Add Round Key Step:

In this step sub or round key is combined with each byte of the input to get
the output. We require a sub key of 4*4 arrays of bytes for each round. These sub keys are
generated from the given 128-bits key using key scheduler process. Each byte of the sub key
is ed with corresponding byte of the input to get an output byte.
The last round does not have Mix Column Step. It has other 3 stages in
the same order.

22
Key Expansion:
Key expansion starts with the key arranged as Nk 4-octet columns (see below fig) and

iteratively generates the next Nk columns of the expanded key (see below diag). To generate
the ith set of Nk columns (i starts at 1; the 0th set is the supplied key), all that is needed is the
(i-1)th set. Column 0 of the new set is gotten by rotating the last column of the (i-1)th set
upward one cell, applying the S-box to each octet, and then ing a constant based on i into
octet 0. The rest of the columns in the set are generated in turn by ing the previous column
with the corresponding column from the previous [(i-1)th] set. There is one exception to this
if Nk>6, then an additional step is required to finish generating column 4, namely the
application of the S-box to each octet. Key expansion terminates as soon as (Nr+1)Nb
columns of expanded key have been generated; this may happen in the middle of a set.

RC4:
A long random string is used to encrypt a message with a simple operation is known
as one-time pad. A stream cipher generates a one-time pad and applies it to a stream of
plaintext with
RC4 is a stream cipher designed by RonRivest. RC4 was a trade secret,
but was “outed” in 1994. This algorithm is extremely simple and faster generator of pseudo-
random streams of octets. The key can be from 1 to 256 octets.
23
 4. Modes of Operations
While encrypting the message of length larger than 64-bits, we use the following
block cipher modes.
1. Electronic Code Book (ECB). 2. Cipher Block Chaining (CBC).
3. k-bit Output Feedback Mode (OFB) 4. k-bit Cipher Feedback Mode (CFB)
5. Counter Mode (CTR)
1. Electronic Code Book (ECB):
Initially the message is divided into 64-bit blocks. If it is necessary the
last block is padded on right side with 0’s (Zero’s) to get exactly 64-bits. Now each block is
encrypted separately with a key, we will get a cipher text block for each P.T block and it is
combined to get C.T of the given message, we have to note that we use the same algorithm
and key for each encryption.

The receiver receives the C.T. He divides it into 64-bits cipher blocks. Each block is
decrypted separately to get P.T blocks. All the blocks are combined to get the original
message. The decrypted process uses the same key which is used in encryption.

The main draw back of this method is, if the two P.T blocks are identical,
the corresponding cipher blocks are also identical. It will give a clue to the analyst. If our
message contains more such identical blocks, the analyst job becomes easy.

24
Randomized Electronic Code Book (RECB):
In this mode, the draw back in ECB is removed. i.e., even if the two P.T
blocks are identical, the corresponding cipher blocks are different. This is expanded in the
following diagram.

The draw back of this method is sender and receiver must share r1, r2 ….rn and Key K. This
draw back is cleared in the next method called CBC method.
2. Cipher Block Chaining (CBC):
CBC is a method of avoiding some of the problems in ECB. In CBC ,
though the same block repeats in the P.T, it will not cause repeats in the C.T. CBC generates
its own random numbers. It uses Ci, as ri+1. i.e., it takes the previous block of C.T uses it as
the random number that will be exclusive or ed into the next P.T.
To avoid having two P.T messages that start the same windup with the same
C.T in the beginning, CBC does select one random number, which gets exclusive or ed into
the first block of P.T and transmit along with the data. This initial random number is known
as an IV (Initialization Vector).

25
3. k-bit Output Feed Back Mode (OFB):
OFB is a stream cipher encryption is performed by the message exclusive or
ed with the one-time pad generated by OFB.
Let us assume that the stream is created 64-bits at a time. A random number
(64-bit) is generated as IV as in CBC mode.
1. The one-time pad can be generated in advance, before the message to be encrypted is
known. When the message arrives to be encrypted, no costly cryptographic operations are
needed. Instead only is required, and is extremely fast.
2. If some of the bits of the C.T get garbled, only those bits of P.T get garbled, as opposed to
in CBC mode where if cn is garbled then mn will be completely garbled and the same portion
of mn+1 as was garbled in cn will be garbled.
3. A message can arrive in arbitrarily sized chunks, and each time a chunk appears, the
associated C.T can be immediately transmitted.

The disadvantages of OFB are

1. If the P.T and C.T are known by a bad guy, he can modify the P.T into anything he wants
by simply ing the C.T with the known P.T, and ing the result with whatever message he
wants to transmit.
4. k-bit Cipher Feed Back Mode (CFB):

26
 In this method, k-bits at a time are generated and ’d with k-bits of P.T. In
OFB, the k-bits that are shifted into the register used as the input to the DES encrypt are the
output bits of the DES encrypt from the previous block. In contrast, in CFB, the k-bits shifted
in are the k-bits of C.T from the previous block. So, in CFB the one-time pad cannot be
generated before the message is known.
5. Counter Mode (CTR):
Counter Mode is similar to Output Feedback Mode in that a one-time pad is generated
and ’d with the data. It is different in that instead of chaining by encrypting each one-time
pad block to get the next one. OFB increments the IV and encrypts the result to get
successive blocks of the one-time pad.

Generating MAC’s:
A secret key system can be used to generate a cryptographic checksum known as
a MAC (Message Authentication Code). A synonym for MAC is MIC (Message Integrity
Code). A standard way for protecting against undetected modifications is to compute the
CBC but send only the last block along with the P.T message. This last block is called the
CBC residue. In order to compute the CBC residue, you have to know the secret key.

1. Ensuring Privacy and Integrity Together:

If we have a message and we want to ensure its privacy, we can CBC-encrypt the
message. If we have a message and we want to ensure its integrity, then we can send the

27
CBC-residue along with the message. It is natural to assume that if we want to be secure
against both modification and eavesdropping.

Multiple Encryptions DES:

The generally accepted method of making DES more secure through multiple
encryptions is known as EDE (for encrypt-decrypt-encrypt) or 3DES.
Actually, any encryption scheme might be made more secure through multiple
encryptions. The standard method for using EDE is:
1. Two keys are used: K1 and K2
2. Each block of P.T is subjected to E with K1, then D with K2, and then E with K1. The
result is simply a new secret key scheme --- 64-bit block is mapped to another 64-bit block.

Decryption simply reverses the operation.

3. CBC is used to turn the block encryption scheme resulting from step 2 into a stream
encryption.
Now we’ll discuss why 3DES is defined this way. There are various choices that could have
been made:

28
How Many Encryptions?
Let’s assume that the more times the block is encrypted, the more secure it is.
1. Encrypting Twice with the Same Key
Suppose we didn’t want to bother reading in two keys. Would it make things more
secure if we encrypted twice in a row with the same key?

2. Encrypting Twice with Two keys

If encrypting twice, using two different keys, were as secure as DES-like scheme with
a key length of 112 bits. We’ll use two DES keys, K1 and K2, and encrypt each block twice,
first using key K1 and then using Key K2.

3. Triple Encryption with only two keys

We are encrypting the data twice with same key K1 and once with second key K2. i.e.,
first encrypt the data with K1 and next with K2 after that again encrypt with K1.

29
 5. HASHES AND MESSAGE DIGESTS
Message Digest:
The output should not be predictable. But it is still possible that two outputs have the
same value although the inputs were different.
How to compute a Message Digest?
a) First idea: convert a secret key algorithm into a message digest algorithm for arbitrary
messages.
b) Used e.g. to store hashes of UNIX passwords instead of the passwords it selves.
c) Given: A secret key algorithm with key k- bits and message block length b bits (e.g. DES:
k=56 and b=64).

Algorithm:
Split message m into k-bit chunks m1, m2, …….
 Use m1 as a key to encrypt a “constant”
 Use m2 to encrypt the previous result
 ………………………………………
 ……………………………………....
 Uses the final b-bit results as message digest.
Problem: 64-bit message digest is too short
 Generate a second 64-bit quantity using the chunks m1, m2,…..e.g. in reverse order
MD2 (Message Digest 2) Algorithm:
This is developed by Ron Rivest. MD2 takes a message equal to an arbitrary number
of octets and produces 128-bit message digest. It cannot handle a message that is not an
integral part number of octets, though it would be simple to MD2. Otherwise, bit-padding is
done to message before feeding it to MD2.

30
MD2 Overview:
1. The input to MD2 is a message whose length is an arbitrary number of octets.
2. The message is padded, according to specified convention, to be a multiple of 16 octets.
3. A 16-octet quantity, which MD2 calls a checksum, is appended to the end. This checksum
is strange function of the padded message defined specifically for MD2.
4. Final pass- The message is processed, 16 octets at a time, each time producing an
intermediate result for the message digest. Each intermediate value of the message digest
depends on the previous intermediate value and the value of the 16 octets of the message
being processed.
MD2 Padding:
1. There must be always being padding (even if the length of the original message is a
multiple of 16 octets).
2. If the length of message is a multiple of 16 octets then add 16 octets of padding.
3. Else add the necessary number of octets to make the message a multiple of 16 octets.
4. Each padding octet contains the number of padding octets.

MD2 Checksum computation:

a) The checksum is similar to a message digest, but not cryptographically secure.
b) It is a 16-octet value C=C0C1…C15, (C=checksum) computed as follows.
i) C is set to 0.
ii) Process message one octet Mn a time
iii) Let m=n mod 16. Byte Cm of the checksum depends on octet Mn of the message,
octet Cm-1 of the checksum and the previous value of byte Cm:

31
c) The checksum is appended to the message and then MD2 processes the concatenated
quantity to obtain the actual message digest.
d) The MD2 ∏ substitution is specified in a certain table.
In the given ∏ substitution table, the first entry is 41, indicating that the value 0 is
mapped to 41. The next is 46, indicating that the value 1 is mapped to 46.
MD2 Final Pass:
Input: the message M with 16-octet checksum
Algorithm:
1. Initialize a 48-octet block X=X0, X1, X2, ……..X47
2. Initialize the first 16 octet of X to 0.
3. Process M in 16-octet chunks:
a) Set the second 16 octets in X to the current message chunk.
b) Set the last 16 octet in X to the XOR of the former both parts.
c) Use a compression function to compute an intermediate state for X:
perform 18 passes, in each pass modifying all 48 octets.
4. Repeat for each 16-octet chunk in M with the result for X0….X15 from the
previous round.
Output after processing all chunks in M: MD=X0…..X15.

32
Message Digest4 (MD4):
MD4 is a message digest algorithm designed by Professor Ronald Rivest in 1990. It
implements a cryptographic hash function for use in Message Integrity checks. The digest
length is 128 bits. This algorithm has influenced later designs, such as the MD5, SHA-1
algorithms.
1 Works on 32-bit words (faster processing on modern CPUs than MD2)
2 The MD has a length of 128-bit.
3. Message has to be multiple of 512 bit (16 32-bit words).
a) The original message is padded by adding a ‘1’ bit, followed by ‘0’bits.
b) A 64-bit length value for the unpadded message, mod 264, is appended.

4. The message is processed in 512-bit chunks (16 32-bit words).

5. The message digest is initialized with a defined intermediate value.
6. Each step in the message digest computation takes the current intermediate digest value
and modifies it using the next chunk of the message.
7. Each step consists of three passes.
Primitive Logical Functions:
The following primitive functions are used in MD4 and MD5 on 32-bit quantity.
a) ~ X: Bitwise Complement.
b) X Y: Bitwise and
c) X Y: Bitwise or
d) X Y: Bitwise Exclusive or
e) X+Y: Bitwise sum with the carry out of the high order bit discards.
f) X Y: Shift X to the left by Y bits (left rotate)

33
MD4 Passes:
Pass1:
A function F (x, y, z) is defined as (x y) (~x z). ~x is the bitwise complement
of x. This function takes three 32-bit words x, y and z, and produces an output 32-bit word.
This function is sometime known as the selection function, because if nth bit of x is 1, it
selects the nth bit of the y for the nth bit of the output, otherwise (if nth bit of x is a 0) it
selects the nth bit of z for the nth bit of the output.
A separate step is done for each of the 16 words of the message. For each integer I
from o through 15.
d(-i) 3 = ( d(-i) 3 + F (d(1-i) , d(2-i)
3 3, d(3-i) 3) + m i) S1(i 3)
Where s1 (i) =3+4i. So the s cycle over the values 3, 7, 11, and 15.
d0 = (d0 + F (d1, d2, d3) + m0) 3
d3 = (d3 + F (d0, d1, d2) + m1) 7
d2 = (d2 + F (d3, d0, d1) + m2) 11
d1 = (d1 + F (d2, d3, d0) + m3) 15
d0 = (d0 + F (d1, d2, d3) + m4) 3
Pass 2:
Output of pass1 is used as input for pass2, a function is defined as
G (x, y, z) = (x y) (x z) (y z). This function is called as Majority function,
because the nth bit of the output is a 1 iff at least two of the three input words nth bits are a 1.
A separate step is done for each of the 16 words of the message. For each integer ‘i’
from 0 through 15. A constant is defined which is defined on the square root of 2. The
constant [230 2] = 5a82799916.
d(-i) 3 = ( d(-i) 3 + G (d(1-i) 3 , d(2-i) 3 , d(3-i) 3 )+ mx(i) + 5a82799916) S2(i 3)
Where x(i) exchange bits (2,3) with (0,1). S2= 3, 5, 9, 13, 3….

d0 = (d0 + G (d1, d2, d3) + m0 + 5a82799916 ) 3

d3 = (d3 + G (d0, d1, d2) + m4 + 5a82799916) 5
d2 = (d2 + G (d3, d0, d1) + m8 + 5a82799916) 9
d1 = (d1 + G (d2, d3, d0) + m12 + 5a82799916) 13
d0 = (d0 + G (d1, d2, d3) + m0 + 5a82799916) 3

34
Pass3:
Output of Pass2 is used as input of pass3. Calculation basis on function
H (x, y, z) = x y z. The constant 230 3 = 6ed9eba116.
d(-i) 3 = ( d(-i) 3 + H(d(1-i) , d(2-i)
3 3, d(3-i) 3)+ mR(i) + 6ed9eba116) S3(i 3)
Where R (i) reverses bits in i; S3 = 3, 9, 11, 15
d0 = (d0 + H (d1, d2, d3) + m0 + 6ed9eba116 ) 3
d3 = (d3 + H (d0, d1, d2) + m4 + 6ed9eba116) 9
d2 = (d2 + H (d3, d0, d1) + m8 + 6ed9eba116) 11
d1 = (d1 + H (d2, d3, d0) + m12 + 6ed9eba116) 15
d0 = (d0 + H (d1, d2, d3) + m2 + 6ed9eba116) 3
The output of pass3 is used as input for pass1 for processing the next message chunk.

35
MD5:
MD5 is more “Conservative” than MD4. It is less concerned with speed and more
concerned with security. It is very similar to MD4. The major differences are
1. MD4 takes three passes over each 16-octet chunk of the message. MD5 makes four passes
over each 16-octet chunk.
2. The functions are slightly different, as are the number of bits in the shifts.
3. MD4 has one constant which is used for each message word in pass2, and a different
constant used for the entire 16 message words in pass3. No constant is used in pass1.
There are 64 32-bit constants used in MD5. We will call them T1 through T64. Ti is
based on sine function. Here Ti = [232 |sin i|]
MD5 Message Padding:
The padding in MD5 is identical in MD4.
Overview of MD5 Message Digest Computation:
Like MD4, in MD5 the message is processed in 512-bit blocks (16 32-bit words). The
message digest is a 128-bit quantity. Each stage consists of computing a function based on
the 512-bit message chunk and the message digest to produce a new intermediate value for
the message digest. The value of the message digest is the result of the output of the final
block of the message.
The MD5 algorithm uses a buffer of 128-bits. The buffer can be represented as 4
registers d0, d1, d2 and d3. The registers are initialized to the following Hexadecimal values.
d0= 6745230116, d1=efcdab8916 d2=98badcfe16 d3=1032547616.

MD5 Message Digest Pass1:

This function is F (x, y, z) is defined as (x y) (~x z)
i values varies from 0 through 15.
d(-i) 3 = d(1-i) 3 + ( d(-i) 3 + F (d(1-i) , d(2-i)
3 3 , d(3-i) 3) + mi + Ti+1) S1(i 3)
Where S1 =7 +5i, so the S cycle over the values 7, 12, 17, 22
d0 = d1 + (d0 + F (d1, d2, d3) + m0 + T1) 7
d3 = d0 + (d3 + F (d0, d1, d2) + m1 + T2) 12
d2 = d3 + (d2 + F (d3, d0, d1) + m2 + T3) 17
d1 = d2 + (d1 + F (d2, d3, d0) + m3 + T4) 22
d0 = d1 + (d0 + F (d1, d2, d3) + m4 + T5) 7

36
MD5 Message Digest Pass2:
The function G (x, y, z) is defined as (x z) (y ~ z)
i values varies from 0 through 15.
d(-i) 3 = d(1-i) 3 + ( d(-i) 3 + G (d(1-i) , d(2-i)
3 3, d(3-i) 3) + m(5i+1) 15 + Ti+17) S2(i 3)
Where S2 (i) = i (i+7)/2 + 5.
d0 = d1 + (d0 + G (d1, d2, d3) + m1 + T17) 5
d3 = d0 + (d3 + G (d0, d1, d2) + m6 + T18) 9
d2 = d3 + (d2 + G (d3, d0, d1) + m11 + T19) 14
d1 = d2 + (d1 + G (d2, d3, d0) + m0 + T20) 20
d0 = d1 + (d0 + G (d1, d2, d3) + m5 + T21) 5

MD5 Message Digest Pass3:

The function H (x, y, z) is defined as x y z
d(-i) 3 = d(1-i) 3 + ( d(-i) 3 + H (d(1-i) , d(2-i)
3 3, d(3-i) 3) + m(3i+5) 15 + Ti+33) S3(i 3)
Where S3 (0) =4, S3 (1) =11, S3 (2) =16, S3 (3) =23. So the S cycle over the values
4,11,16,23
d0 = d1 + (d0 + H (d1, d2, d3) + m5 + T33) 4
d3 = d0 + (d3 + H (d0, d1, d2) + m8 + T34) 11
d2 = d3 + (d2 + H (d3, d0, d1) + m11 + T35) 16
d1 = d2 + (d1 + H (d2, d3, d0) + m14 + T36) 23
d0 = d1 + (d0 + H (d1, d2, d3) + m1 + T37) 4

MD5 Message Digest Pass4:

The function I (x, y, z) is defined as y (x ~ z)
d(-i) 3 = d(1-i) 3 + ( d(-i) 3 + I (d(1-i) , d(2-i)
3 3, d(3-i) 3) + m(7i) 15 + Ti+49) S4(i 3)
Where S4 (i) = (i+3) (i+4)/2. So the S cycle over the values 6, 10, 15, 21.
d0 = d1 + (d0 + I (d1, d2, d3) + m0 + T49) 6
d3 = d0 + (d3 + I (d0, d1, d2) + m7 + T50) 10
d2 = d3 + (d2 + I (d3, d0, d1) + m14 + T51) 15
d1 = d2 + (d1 + I (d2, d3, d0) + m5 + T52) 21
d0 = d1 + (d0 + I (d1, d2, d3) + m12 + T53) 6

37
SHA-1(Secure Hash Algorithm):
The Secure Hash Algorithm takes an arbitrary length of input message and produces
160-bit message digest value.
The algorithm proceeds in the following way:
1. Take message and add padding (1 followed by 0’s). So that the entire message length,
including the padding, is evenly divided by 512.
2. The SHA algorithm works on blocks of 512.
3. Establish Wn for processing such that 0<=n<=79.
a) Wn is a length of 32 bits.
b) Segment the 512 bit block into 16 blocks of 32-bits to obtain W0 through W15.
c) Starting with n =16, use the following calculation to obtain W16 through W79.
Wn = Wn-3 Wn-8 Wn-14 Wn-16
4. The SHA-1 uses a 160-bit buffer, it is divided into five 32 bit registers called A, B, C, D
and E. The initialized values of A, B, C, D and E are as follows.
A = 6745230116, B=efcdab8916, C= 98badcfe16, D=1032547616, E= c3d2e1f016

Inner loop of SHA-1 --- 80 iterations per Block

5. For each round from 0 through 79 A, B, C, D, and E are processed as follows.
A = E + (A 5) + Wt + Kt + f (t, B, C, D)
B = old A, C=Old B 30, D=Old C E = Old D
Where Wt is the tth 32-bit word in the 80-word block. Kt is a constant.
a) Each round also uses the additive constants Kt, where 0<=t<=79 indicates one of
the 80 steps across 4 rounds.
b) In fact only 4 constants are used.
Step number Hexadecimal Integer part of
0 ≤ t ≤ 19 Kt= 5a82799916 230 * 2
20 ≤ t ≤ 39 Kt= 6ed9eba116 230* 3
40 ≤ t ≤ 59 Kt= 8f1bbcdc16 230* 5
60 ≤ t ≤ 79 Kt=ca62c1d616 230* 10
38
6. Each primitive function takes three 32-bit words as input and produces a 32-bit word
output. Each function performs a set of bitwise logical operations.
Step Function Name Function Value
0 ≤ t ≤ 19 f1= f (t, B, C, D) (B C) (~B D)
20 ≤ t ≤ 39 f2= f (t, B, C, D) B C D
40 ≤ t ≤ 59 f3= f (t, B, C, D) (B C) (B D) (C D)
60 ≤ t ≤ 79 f4= f (t, B, C, D) B C D
7. The result of the last round n=79 is added to the initial values of A, B, C, D and E to obtain
the 160 (32*5) bit message digest for the block.
HMAC (MAC with Hash):

39
 6. Public Key Algorithms
Modular Arithmetic:
Most of the Public key algorithms are based on modular arithmetic. Modular
arithmetic uses the non negative integers less than some positive integer ‘n’, performs
ordinary arithmetic operations, such as addition and multiplication and then replaces the
result with its remainder when divided by ‘n’. The result is said to be modulo n or mod n.
a) Modular Addition:

For example: a) 7 + 6 = 13 in regular arithmetic, but the mod 10, answer is 3.

b) 5 + 5 = 0, c) 3 + 9 = 2.
Like regular arithmetic, subtracting x can be done by –x, also known as x’s Additive Inverse.
An Additive inverse of x is the number, we have to add to x to get 0 (Zero).
For example, 4’s inverse will be 6, because in mod 10 arithmetic 4 + 6 = 0.
If the secret key is 4, then to encrypt we have 4 (mod 10) and decrypt we have 6 mod 10.
b) Modular Multiplication: Zn* theorem
The function Zn* is closed under multiplication mod n. This means that the Zn*
modulo multiplication table only includes the numbers which are relatively prime to n.

For example: a) 7 * 6 = 42 in regular arithmetic, but the mod 10, answer is 2.

b) 5 * 5 = 5. c) 3 * 9 = 7.

40
 The multiplicative inverse of x(x-1) is the number by which we have to multiply x to
get 1 (one). Only the numbers {1, 3, 5, 7, 9} have multiplicative inverses mod 10.
For example, 7 is the multiplicative inverse of 3. So encryption could be performed by
multiplying by 3, and decryption could be performed by multiplying 7. 9 and 1 have its own
inverses.
c) Modular Exponentiation:

Modular exponentiation is just like ordinary exponentiation. To get the answer we

have to divide by ‘n’ and get the remainder.
For example: 46 = 6 mod 10 because 46 = 4096 in ordering arithmetic and 4096 = 6 mod 10.
RSA Algorithm:
The RSA was developed in 1977 by Ron Rivest, AdiShamir, Len Adleman at MIT.
Since then, the Rivest – Shamir – Adleman (RSA) scheme has become the most widely
accepted and implemented general – purpose approach to public – key encryption.
This algorithm is used to encrypt integer data. In RSA algorithm the integer message
‘M’ is encrypted by using the following equation.
C = Me mod n.
The receiver uses the following equation for decryption.
M = Cd mod n.
Here both sender and receiver must know the integer value ‘n’. The sender uses the public
key KU = {e, n}. The receiver uses the private key KR = {d, n}.
The following are the requirements for the RSA algorithm.
a) It is possible to fine the values for e, d, n such that M = Med mod n.
b) It is easy to calculate Me, Cd for all M, C.
c) It is computationally infeasible to find‘d’ even {e, n} are known.

41
The RSA algorithm is stated as follows.
1. Select two prime numbers p, q.
2. Calculate n = p * q.
3. Calculate Ф (n) = (p-1) * (q-1).
4. Select an integer ‘e’ such that gcd (Ф (n), e) =1.
5. Find an integer‘d’ such that de = 1 mod Ф (n).
6. From the public key KU = {e, n}
7. From the private key KR = {d, n}
Encryption:
1. Prepare the message ‘M’ (M is an integer value)
2. Calculate Cipher text C = Me mod n
Decryption:
1. Receive the Cipher text ‘C’
2. Calculate the Plaintext M = Cd mod n.
In the RSA scheme, the following conditions are defined.
1. Selected two prime numbers p and q (selected, private)
2. Calculate n (calculated, public)
3. Select ‘e’ such that gcd (Ф (n), e) =1 (select, public)
4. Calculate d such that de = 1 mod Ф (n) (calculated, private)
5. KU is public (KU = {e, n})
6. KR is private (KR = {d, n})
Now the RSA algorithm is explained by using an example.
i) Select two prime numbers p, q let p=7 and q=17.
ii) Calculate n = 7 * 17 = 119.
iii) Calculate Ф (n) = 6 * 16 = 96.
iv) Select integer ‘e’ such that gcd (Ф (n), e) = 1 → gcd (96,e) = 1 and Let e = 5.
v) Calculate‘d’ such that de = 1 mod Ф (n) → de mod Ф (n) = 1 → d5 mod Ф (n) = 1;
→ 5 * 77 mod 96 = 1 → d= 77.
vi) Form public key KU = {5, 119}.
vii) Form private key KR = {77, 119}.
Assume that M = 19.
(Sender) Now C = Me mod n = 195 mod 119 = 66.
Now the receiver performs decryption in the following way.
M = Cd mod n = 6677 mod 119 = 19.

42
Calculation of 195 mod 119:
192 mod 119 = 361mod 119 = 4.
195 = (192 * 192 * 19) = (4 * 4 * 19) mod 119 = 304 mod 119 = 66.
Calculation of 6677 mod 119
662 mod 119 = 4356 mod 119 = 72.
664 mod 119 = ( 662 * 662) mod 119 = (72 * 72) mod 119 =67.
668 mod 119 = (664 * 664) mod 119 = (67 * 67) mod 119 = 86.
6616 mod 119 = (668 * 668) mod 119 = (86 * 86) mod 119 = 18.
6632 mod 119 = (6616 * 6616) mod 119 = (18 * 18) mod 119 = 86.
6664 mod 119 = (6632 * 6632) mod 119 = (86 * 86) mod 119 = 18.
6677 mod 119 = (6664 * 668 * 664 * 66) mod 119
= (18 * 86 * 67 * 66) mod 119 = 19.
Examples:
Perform the encryption and decryption using RSA for the following data.
1) p=5, q=11, e=3, M=9.
2) p=3, q=11, d=7, M=5.
3) p=7, q=11, e=17, M=8.
4) p=11, q=13, e=11, M=7.
5) p=17, q=3, e=7, M=2.
Diffie – Hellman Key Exchange Algorithm:
In a brief, Diffie – Hellman key exchange algorithm is described as follows.
* A symmetric key approach.
* Devised by Whitefield Diffie and Martin Hellman.
* Algorithm:
1. Select a large prime number q such that (q-1) has a large prime factor.
2. Select integer ‘a’ such that 1<= a <= q and a mod q, a2 mod q, a3 mod q …. aq-1 mod q
consists of the integers 1 through q-1 in some permutation.
3. User A generates a private random number XA, then user A calculates YA = aXA mod q.
4. User B generates a private random number XB, then user B calculates YB = a XB mod q.
5. User A generates key KA = (YB)XA mod q.
6. User B generates key KB = (YA)XB mod q.
* used by a number of commercial products.
The purpose of this algorithm is to exchange the key secretly between sender and
receiver. This key is used in subsequent encryptions and decryptions.

43
 First we define a primitive root of a prime number ‘q’ as one whose powers mod q
generates all the integers from 1 to q-1 with some permutation i.e., q is a prime number. If ‘a’
is primitive root, then a1 mod q, a2 mod q, a3 mod q, ……. are all the integers from 1 to q-1
with some permutation.
Ex: q=7 and a=3.
31 mod 7, 32 mod 7, 33 mod 7, 34 mod 7, 35 mod 7, 36 mod 7
3 2 6 4 5 1
? 3 is the primitive root of 7.
In the Diffie – Hellman Algorithm:
1. We have to consider two global (public) elements ‘q’ (primitive number) and ‘a’
(primitive root of q).
2. Each user generates his own secret key like A selects XA, B selects XB.
3. Each user calculates his public key in the following way.
YA = aXA mod q. YB = a XB mod q.
4. Each user generates a secret key in the following way.
KA = (YB)XA mod q. KB = (YA)XB mod q.
KA and KB are identical.
This algorithm is described in the following way.
Global Public Elements User A Key generation
q (Prime no) Select Private Key XA
a (primitive root of q) Calculate Public Key
YA = aXA mod q

User B Key generation Secret Key generation

Select Private Key XB KA = (YB)XA mod q.
Calculate Public Key KB = (YA)XB mod q.
YB = aXB mod q
The final secret key KA and KB are identical in the following way.
KA = (YB)XA mod q
= (a XB mod q)XA mod q
= (a XB) XA mod q
= (a XB. XA) mod q = (a XA. XB) mod q = (a XA) XB mod q
= (aXA mod q) XB mod q = (YA)XB mod q = KB
KA = K B

44
Ex: Let the global values q=97, a =5, the private keys XA = 36, XB = 58. Find the key
which is exchanged between A and B.
Solution: User A public key YA = aXA mod q
= 536 mod q = 536 mod 97 = 50.
YB = a XB mod q
= 558 mod 97
= (532 * 516 * 58 * 52) mod 97
= (35 * 36 * 6 * 25) mod 97 = 44
The secret keys are
KA = (YB)XA mod q.
= (44)36 mod 97 = 75.
KB = (YA)XB mod q = (50)58 mod 97 = 75
Here KA and KB are identical keys. A can encrypt by using 75. B can decrypt by using 75.

Man In the Middle Attack (MIMA) for Diffie – Hellman Key exchange algorithm:
Assume that q, a are the two global public elements. These values are known to every
one. Suppose A wants to exchange key with B. There is an attack X.
Let us assume that user A selects his private key SA. User B selects his private key SB.
User A calculates his public key and he must pass it into B via News Paper. Here A goes to
the news paper and gives an advertisement with his name, public key. The analyst X went to
the news paper and manages, such that in only one news paper the advertisement given by A
is printed. Now the intruder X selects his private key SX, calculates his public key
Yx = aSX mod q and he modifies the advertisement with his public key in the place of user A
public key and this advertisement is printed in all other copies.
Now B receives the advertisement which contains user A’s name, public key of X, B
thinks that this is the public key of A. Now B calculates his public key.
YB = aSB mod q
Now B wants to send this public key to A via news paper. So, B prepares an
advertisement with his name, public key and gives add to the newspaper agency. Now X
enters and manages in the similar way. So, the original add is printed in one paper and it is
received by B. Now he makes the changes to this add such that public key of B is replaced
with public key of X and it is printed in the all other news papers.
Now user A prepares KA, user B prepares KB. They think that these two keys are
identical. Now the intruder X prepares two keys K1 and K2. K1 is prepared with actual public

45
key of A and K2 is prepared with actual public key of B. Here K1 is identical to KA and K2 is
identical to KB. This is known only to X.
Now we call the KA as KAX and KB as KBX. Now A encrypts the message by using KA
(KAX or K1) and send to B. Now X enters into the communications channel by using K1 (KAX
or KA) decrypts and read this message. Now X encrypts this message by using K2 (KB or KBX)
and send to B. Hence B decrypts it using KB (KBX or K2) and reads the original message. So,
this is not identified by sender and receiver.
Problem: Alice and Bob want to establish a secret key using the Diffie – Hellman key
exchange protocol using n = 11, g = 5, X = 2, and Y = 3. Find the values A and B and Secret
key.
Digital Signature Standards (DSS):
This algorithm is known as the Digital Signature Algorithm. This was developed by
NIST (National Institute of Standards and Technology) in 1991. In the DSS approach sender
prepares a message and calculates Hash value and sign on it. The signed Hash value is
appended to the original message and sends it to the receiver. The receiver verifies the
signature and if it matches, he accepts the message. The following diagram explains this idea.

Algorithm:
1. Select a large Prime number p.
2. Select prime number q which is a divisor of (p-1).
3. Select a number h where 1 < h < (p-1).
4. Calculate g = h (p-1)/q mod p such that h (p-1)/q mod p >1.
5. Select a private key which is random number x where 0 < x <q.
6. Then the public key is y = gx mod p.
Per Message Application:
1. Select a random integer K such that 0 < K < q.
2. Let M be the message to be transmitted.
3. Let H (M) be the hash of the message to be transmitted using SHA-1.
4. Calculate r (text uses Tm), where r = (gK mod p) mod q.

46
5. Calculate S (text uses x), where S= (K-1 (H (M) + x * r)) mod q.
6. Transmit M, r and S.
Verifying Signature:
1. Calculate (S1)-1 mod q = w.
2. Calculate H (M1).
3. Calculate u1 (text uses x), where u1 = [H (M1) * w] mod q.
4. Calculate u2 (text uses y), where u2 = (r1 * w) mod q.
5. Calculate v, where v = [(gu1 * y u2) mod p] mod q.
6. If v = r then the signature is verified.
Signature Function:
In the DSS algorithm, we use three global key elements. They are p (prime number), q
(is divisor of p-1) and g (h (p-1)/q mod p such that h (p-1)/q mod p > 1). These three values make
KUG (Global public key elements).
The signature function uses the secret key of sender. i.e., private key x= KRA. The
signature function uses a secret number ‘K’. It is selected randomly. The sender prepares the
message and calculates its Hash Value and gives it to the signature function along with K UG,
KRA and K. Now the signature is produced. It contains two components r and s.
r = (gK mod p) mod q
S= (K-1 (H (M) + x * r)) mod q.
In this way Signature is produced.
Signature Verification:
After receiving M1, r1, s1, the receiver first calculates the Hash Value of the receiving
message. Then the receiver needs to collect KUG, KRA. Then KUG contains three components p,
q, g and the public key of sender is also collected. Earlier the sender calculates his public key
using the following formulae.
KRA = y = gx mod p and public key is kept opened to all. Now the receiver gives
H (M1), r1, s1, KUG and KRA to verification function.
The following expressions are used in verification function.
w = (S1)-1 mod q
u1 = [H (M1) * w] mod q
u2 = (r1 * w) mod q
v = [(gu1 * y u2) mod p] mod q

47
Now the receiver is going to test whether v = r1 or not. If these two are equal means the
signature is verified. Otherwise, Signature is not matched. If Signature is matched, receiver
accepts M1, otherwise he rejects M1.
The following diagrams explain how signature is generated and
verified.
Signature:

Verification:

Elliptic Curve Cryptography (ECC):

The addition operation in ECC is equal to modular multiplication in RSA and
multiple additions are equal to modular exponentiation to form a cryptographic system using
elliptic curves, we need to find a “hard problem” corresponding to factoring the product of
two primes or discrete algorithm.
Analog of Diffie-Hellman Key exchange:
Key exchange in elliptic curves can be done in the following manner.
1. Pick a Large integer q, which is either a prime number p or an integer of the form 2m and
elliptic curve parameters a and b for equation y2 mod p = (x3 + ax2 + b) mod p or
y2 + xy = x3 + ax2 + b.
2. The order n of a point G on an elliptic curve is the smallest +ve integer n such that

48
 nG = O. Eq (a, b) and G are parameters of the cryptosystem known to all participants.
3. Global Public Elements:
a) The above step forms defines the elliptic group of point Eq (a, b) and G are parameters
of the cryptosystem known to all participants.
b) Pick a base point G = (x1, y1) in Ep (a, b) whose order is a very large value n.
4. A Key exchange between A and B (A, B are users) can be accomplished as follows
a) User A key generation: A selects an integer nA less than n. This is A’s private key. ‘A’
then generates a public key PA = nA * G. The public key is a point in Eq (a, b).
b) User B key generation: In the similar manner ‘B’ selects a private key nB less than n
and computes a public key PB = nB * G.
5. ‘A’ generates the secret key K = nA * PB and ‘B’ generates the secret key K = nB * PA
The two calculations in the step 5 produce the same result because
nA * PB = nA * (nB * G)
= nB * (nA * G)
= nB * PA
To break this scheme, an attacker would need to be able to compute ‘K’ given G and
KG, which is assumed hard.
Elliptic curve Encryption/Decryption:
The following steps are required to do the Elliptic Curve encryption/decryption
1. First encode (using the any method) the plaintext message ‘m’ to be sent as an x,y point
Pm.
2. The point Pm that will be encrypted as a cipher text and subsequently decrypted.
3. Using Key exchange system, an encryption/decryption requires a point G and elliptic
group Eq (a, b) as parameters.
4. Each user A selects private key nA and generates public key PA = nA * G.
5. To encrypt and send a message Pm to B. ‘A’ chooses a random +ve integer ‘K’ and
produces the cipher text Cm consisting of the pair of points.
Cm= {KG, Pm + KPB}, A has used B’s Public Key PB.
6. To decrypt the cipher text, B multiplies the first point in the pair by B’s secret key and
subtracts the result form the second point.
Pm + KPB – nB(KG) = Pm + K (nBG) – nB (KG) = Pm
‘A’ has marked the message Pm by adding KPB to it. Nobody but A knows the value
of K, so even though PB is public key. Nobody can remove the mask KPB. However, A also
includes a ‘clue’, which is enough to remove the mask if one knows the private key nB.

49
 7. Authentication
Verifying the identity of another entity
- Computer authenticating to another computer
- Person authenticating to a local computer
- Person authenticating to a remote computer
Password Based Authentication:
Passwords are the most common form of authentication. A password is a string of
alphabets, numbers and special characters.
Clear text passwords:
How it works?
Usually, every user in the system is assigned a user id and an initial password. The
user changes the password periodically for security reasons.
Step1: prompt for user id and password.

Step 2: User enters user id and password.

Step 3: user id and password validation.

Step 4: Authentication result.

50
Step 5: Inform user accordingly.

Problems with the scheme:

Problem 1: Database contains passwords in clear text.
Problem 2: Password travels in clear text form the user’s computer to the server.
Types of Attacks:
There are two types of attacks.
1. Online password attack.
2. Offline or Dictionary password Attack.
Online Password Attack:
One way of guessing passwords is simply to type passwords at the system that is
going to verify the password is known as online password attacking. But the system can make
it impossible to guess too many passwords.
Ex: ATM machines eat our card, if we type three incorrect passwords. Alternatively the
system can be designed to be slow, so as not to allow very many guesses per unit time.
Offline Password Attack:
An intruder can get a quantity x that is derived from a password in known way. Now
the intruder uses an arbitrary amount of compute power to guess passwords and convert them
into known way. In this way the intruder can produce the x. A source of good passwords in a
little dictionary and the intruder can use to get the x value. Therefore, an offline password
guessing is also known as Dictionary attack.
Password Storage:
Passwords can be stored in different ways.
1. Hash of Password.
2. Using Cryptographic techniques, we are encrypting the passwords.
Centralized Password Storage:
1. Authentication Storage node:
- Central server stores password; servers request the password to authenticate the user.
2. Authentication facilitator node:
- Central server storage password: servers send information from user to be
authenticated by the central server.

51
Strengthening Passwords:
- Add biometrics: For example key stroke dynamics, or voice print.
- Graphical Passwords: Goal to increase the size of memorable password space.
UNIX- Style Passwords:
UNIX password system:
- Uses DES encryption as if it were a hash function.
- Encrypt NULL string using password as the key
- Truncates passwords to 8 Characters.
- Artificial slow down: run DES 25 times.
Challenge-Response:
- User and system share a key.
- Challenge: System presents user with some string.
- Response: User computes response based on secret key and challenge.
- Good for systems with pre-installed secret keys.
Address Based Authentication:
There is no confidence to send the passwords around the network using Address
Based Authentication. We can assume to identify the source can inferred based on the
network address from which packets arrive. It was adopted early in the evolution of computer
works by both UNIX and VMS (Virtual Memory System).
The basic idea is that each computer stores information which specifies accounts on
other computers that should have access to its resources. E.g. Suppose account name smith on
the machine residing at network address N is allowed to access to computer c. Requests for
resources are commands like copy a specified file, login or execute the following command
at the specified machine. If a request arrives from address N claiming to be sent on behalf of
user smith, then c will honor the request.
On UNIX, the Berkeley rtools support such access. On VMS, similar functionality is
called PROXY. The general idea can be implemented in following ways.
UNIX Berkeley rtools:
a) Computer B has a list of network addresses of “equivalent machines”. If A is listed,
then any account on A is equivalent to the some account name on B.
b) Computer B has a list of <address, remote account, local account>.
E.g. <A, Alice, Bob>, then request from A with name Alice will be authorized with
account Bob.

52
a) /etc/host.equiv:
Contains a list of computers that have identical user accounts and allow users on these
hosts to login without providing passwords.
b) $ Home/rhosts:
The /etc/hosts.equiv and rhosts files provide the “remote authentication” database for
rlogin (1), rsh (1), rcp (1), and rcmd. The files specify remote hosts and users that are
considered “trusted”. Trusted users are allowed to access the local system without supplying
a password. The library routine ruserok () performs the authentication procedure for
programs by using the /etc/hosts.equiv and .rhosts files. The /etc/hosts.equiv file applies to
the entire system, while individual users can maintain their own .rhosts files in their home
directories.
Those files bypass the standard password-based authentication mechanism. To
maintain system security care must be taken in creating and maintaining these files. The
remote authentication procedure determines whether a user from a remote host should be
allowed to access the local system with the identity of a local user. This procedure first
checks the /etc/hosts.equiv file and then checks the .rhosts file in the home directory of the
local user who is requesting access. Entries in these files can be of two forms. Positive entries
allow access, while negative entries deny access. The authentication succeeds when a
matching positive entry is found. The procedure fails to when the first matching negative
entry is found, or if no matching entries are found in either file. The order of entries is
important. If the files contain both positive and negative entries, the entry that appears first
will prevail. Each entry has the form
Hostname [username].
Possible Threats:
1. when a node is compromised, not only are its resources compromised but also all other
systems` resources that have the users on the compromised system in their .rhosts file.
2. If an intruder can impersonate a network address, it can cause damage on all systems that
have this system and its users in their .rhosts file.
Networks address Impersonation:
Generally, it is not difficulty for trudy to claim Alice’s address as the source address,
but it is more difficult for trudy to receive messages addressed to Alice’s network address.
In IP protocol, Trudy may use source routing to achieve that by sending a message
with source route.
<Alice, Trudy, Destination> and Destination will reply the source route.

53
<Destination, Trudy, Alice> thus Trudy can get the reply.
Cryptographic Authentication Protocols:
Alice proves his identity to Bob by performing a cryptographic operation on a
quantity Bob supplies. The cryptographic operation is performed by Alice is based on Alice’s
secret. We discussed in chapter 2.
Who is Being Authenticated?
1. The user 2. Machine 3. Both
Impact: Machines can store very long passwords; humans can’t write about hashing, secret
key cryptography, and public key cryptography. Explain Caesar Cipher algorithm, Brute
Force attack, Play fair algorithm, Hill Cipher algorithm and Mono-alphabetic Cipher
Algorithm.
Passwords as Cryptographic keys:
Main issue: How to convert the human memorizable password into a machine
generated secret key or private key.
To convert a text string memorable by a human e.g.: oducsc into cryptographic secret
key. E.g. DES Key, do a cryptographic hash of the password and take the 56 bits of the result.
This secret key can also be used to encrypt/decrypt a private key.
Eavesdropping and Server Database Reading:
Public key Cryptography: Makes it easy to perform authentication that both.
i) Secure against eaves dropping &
ii) Protect against an intruder reading the server database.

I am Alice  Bob knows Alice’s public key (e).

R  R (random)
Sign R: X = [R] d  verify: R =[x]e.
Password Hashing:

54
 I am Alice; Alice 329  knows hash of Alice password.
H (Check that: h= MD (Alice 329) eaves dropping.
Shared Secret:

I am Alice  get Alice Secret key K.

R R (random)
Encrypt R: x= K {R} - decrypt= R= K[x] reading the server database.
Trusted Intermediaries:
Assume that the network contains ‘n’ nodes. We know that the network security is
based on the secret key generation.
Each node needs to communicate with other node. So, each node requires n-1 keys.
This is explained in the following diagram.

This is a difficult task to achieve. The solution to it is KDC. KDC is known as

KeyDistributionCenter. KDC is a trusted entity between two parties. It provides distribution
of keys in more efficient way. In this scheme each node needs to share a key with KDC. i.e.,
each user shares a key with KDC. It is known as Master Key, because of this master key,
each user can confidently communicate with KDC. In addition to communicate with KDC,
each user wants to communicate with other users. For this the Key Distribution is used.
This is explained in the following way.
Suppose ‘A’ wants to communicate with ‘B’. Let the master key of two users are KA
and KB.

55
1. First user A prepares a message to KDC which includes identity of A, request to provide a
key to communicate with B. This message is encrypted by using KA, and send to KDC.
2. After decrypting KDC identifies A and KDC knows that A wants to communicate with B.
Now KDC generates a session key and send it to A. Here KDC prepares a message which
includes session key (KS) and an encrypted message to B. The encrypted message includes
session key and an identity of A. The entire message is encrypted by using KA and send to A.
3. After decrypting the packet from KDC using KA, user A identifies that the packet includes
two components. One is session key KS and other is an encrypted message to B. Now user A
accepts KS and sends the second component to B.
4. After receiving the packet from A, user B decrypts it by using the master key KB to get two
components KS and IDA. Now B is able to conclude that there will be a communication with
A and using KS and he accepts KS. Later there will be some communication between A and B
using KS. This is explained in the following diagram.

Certificate Authority (CA):

This scheme is used to distribute the public key. Generally, each user is having two
keys. Public key and private key. The private key is always kept secret; where as public key
is open to all. The public key distribution is done in the following way (Key management).
1. Public Announcement.
2. Public Key Directory.
3. Public Key Certificate.
1. Public Announcement:
In this method, each user will announce the public key to every other user. It is not
easy if the number of users is large.

56
2. Public Key Directory:
In this method, each user’s name, public key are printed in a directory called public
key directory. So, whenever a user wants to know the public key of user x, just he refers to
the public key directory.
This method has a draw back of new usernames and their public keys are not included
in the directory. In this method, an intruder can physically destroy a page from the directory
or while printing a new copy, he changes the public key of some user x.
3. Public key Certificate:
Here, a certificate authority CA acts as a trusted intermediate between the users. The
authority is having its own master public key. It is called KU authority. It is assumed that each
user knows the public key of authority. Whenever user wants a public key certificate, he
sends his identity, public key to the authority in an encrypted way using KU authority.
Now authority decrypts it by using KR authority, then it receives two components KUA,
IDA and it authenticates user A and it prepares CA and it is send to A. Each certificate
contains name of the user, corresponding public key, validity of that public key and signature
of the authority. In this way A got his certificate. Similarly, each user got his own public key
certificate and kept with him. Later whenever a user X wants to communicate with A, he
sends a request to A. As a response A send his certificate to X. Later A and B can
communicate with each other.

Note: KDC is an online means it involves in each and every communication between two
users, because it needs to provide a session key for each communication. If KDC fails, there
is no communication in the network. In KDC, if the administrator at the KDC system, he may
leak our session key to the some intruder.
In CA it provides certification to each user only once. If CA fails, then the existing
users can communicate with each other. But the new users cannot communicate. In CA,
though the administrator may leak the public key of a user to the some intruder, the intruder
cannot decrypt it because he does not know the private key of the user.

57
CRL (Certificate Revocation List):
The certificate authority is having every right to revoke the certificate from a user
when he finds to be guilty or when gone away from our network or organization etc., The
authority frequently periodically prepares a CRL which contains names of those people
whose certificates are revoked and signed by authority and it also contains date and
timestamp. There onwards, each user to refer CRL before the actual communication. The
authority frequently updates this CRL and send to every other user for the reference.
Multiple Trusted Intermediaries:
A problem with KDC’s and CA is that they require that there be a single administration
trusted by all principals in the system. Anyone who consist the KDC or the CA can help
anyone to anyone. But at intercorportate level or international level, we discover that there is
no one who every one trusts and also they would be too busy with more important tasks to
operate and manage a KDC or CA.
The solution is to break the world into domains. Each domain has one trusted
administration. MTI is described as follows.
- Can use multiple KDCs….
- Can have all pairs of KDCs share a key.
- More likely, there will be a hierarchy of KDCs
Multiple KDC Domains:
For example, if Alice and Bob are in the different domains, authentication is possible.
But it is little more complicated. Suppose Alice is in the domain and Bob is in the KGB. The
CIA will manage a KDC and CIA’s KDC will know the Alice’s key similarly, Bob’s key is
know to the KGB’s KDC. For exchanging the information between them through e-mail with
secure, they will use the shared key i.e., KKGB-CIA. This is shown in the following diagram.

KKGB-CIA is used when a user in the CIA wants to have secure communication with a
user in the KGB. Alice, knowing the Bob is in the KGB, tells him KDC that he wants to talk
to the KGB’s KDC. Now it would facilitate communication between two CIA users. It
generates a new random key Knew using the key KKGB-CIA. That message also contains Alice’s
name, will be sent to the KGB’s KDC. This is shown in the following diagram.

58
There are thousands of domains in an international/intercorporate internet work. The users
are allowed to talk from one domain to another using a shared key. So the CIA KDC would
have a shared key, not only with the KGB’s KDC but also with Greenpeace’s, MIT’s and
IBM’s KDC’s. Some times it may be happen that someone may be decided that there was no
reason for traffic between the two domains, in that case those KDCs would not need to share
a key. It may also happen that there are many domains are unworkable to have a pair of
domains defined with a shared key. So it is required to define KDCs in a tree structure or less
structured logical interconnection of KDCs. This is shown in the following diagram.

Users can securely authenticate even if their KDCs are not directly linked, if a chain
of KDCs can be found. Kerberos V4 does not allow chains of KDC s to communicate
between two KDCs without have a shared key. But Kerberos V5 allows arbitrary
connectivity. It assumes default hierarchies with additional links (shared keys) between pairs
of KDCs that are not directly connect in the default hierarchy. This is shown in the diagram.

Multiple CA Domains:
The solution is similar with CA’s. Each CA services a set of users and issues
certificates for those users. The functionality is similarly to a KDC having shared key with a
user. The users of a particular CA can verify each other’s certificates, since all users of a
particular CA know its public key.
How can Alice be sure he knows public key if Alice’s CA is from Bob’s CA?
Solution:
CA1 and CA2 issue certificates to each other and to their own clients.

59
 CA1: issue CAlice and CCA2
CA2: issue CBob and CCA1
Alice can trust Bob if:
CBob is signed by CA2.
CCA2 is signed by CA1.
Similarly Bob can trust Alice if:
CAlice is signed by CA1.
CCA1 is signed by CA2.
Session Key Establishment:
When Alice and Bob are using a shared secret key to authenticate each other they
could continue to use that key to protect their conversation. However, it is a good idea to
generate a separate session key
 A secret per-session key can be generated at the time of authentication and used for
integrity protection and encryption for the remainder of the session.
 If Alice and Bob were to use same secret key for authentication as for integrity-
protecting their data, it might be possible for an intruder to record messages from a
previous Alice-Bob conversation and inject host packets into a current Alice-Bob
conversation, tricking them into thinking the messages were part of the current
session. If the authentication protocol agreed upon a new session key for each
conversation, then replayed messages from previous conversations would not be
accepted as valid.
 If the long-term shared secret key is compromised, it would be nice to prevent an old
recorded conversation from being decryptable. If every conversation is encrypted
with a different per-session key, then a suitable authentication protocol can prevent
old conversations from being decrypted.
 You may want to establish a session and give a relatively untrusted piece of software
the session key, which is good only for that conversation, rather than giving it your
long-term secret key, which the untrusted software could store away for future use.
Delegation:
Sometimes it is necessary to have things act on your behalf. For instance, you might
be logged into system Bob, and then need to access remote files from Bob. In that case, Bob
will need to retrieve the files on your behalf, and will need to have the same privileges for
those files as you have.

60
 One possible means of allowing access is to give your password to everything that
might need to act on your behalf. This might be reasonable if you changed your password
immediately after the work was completed. But most users would not change their password
that frequently. Another possibility is that you could explicitly add every system to every
ACL for every resource that they need to access on you behalf, and then, if you
conscientious, delete them from the ACL when the operation completes. Therefore it is
advisable to have some mover convenient mechanism for giving something permission to act
on your behalf. This permission is known as Delegation or authentication forwarding.
The best mechanism for delegation in a computer network is to generate a special
message, signed by you, specifying you whom you are delegating rights, which rights are
being delegated, and for how long. Once the duration specified by in the message has
expired, the message no longer grants any permissions.

61