MODULE 4

Information Security
 Introduction

• One-Way Function: Easy to compute in one

direction. Hard to reverse.

• Trapdoor One-Way Function: Easy to compute

but reversible with trapdoor.
 • Definition: f(x) is easy to
compute. Hard to find x
from f(x).

• Key Use: Basis for

One-Way cryptographic hash
Functions functions.

• Example: Multiplying large

primes (p=61, q=53,
n=p*q=3,233)
 • Definition: One-way but
reversible with a trapdoor
(secret key).
Trapdoor • Key Use: Basis for public
One-Way key cryptography (e.g.,
Functions RSA).

• Example: RSA Encryption:

c = m^e mod n; Trapdoor:
m = c^d mod n
Comparison

One-Way Function Trapdoor One-

Way Function
Hard to reverse for Easy to reverse
anyone with trapdoor
No secret involved Requires secret
key (trapdoor)
 Applications

• One-Way • Trapdoor One-Way

Functions: Hash Functions: Public-key
functions, Digital encryption (e.g.,
signatures RSA), Key exchange
 Conclusion

• One-way functions form the backbone of

cryptography.

• Trapdoor one-way functions enable secure

encryption and decryption.
Example:
•Dice rolling, coin flipping
•Random.org (Generates random
numbers using atmospheric noise)

Real-Time Applications:
•Lottery systems
•Gaming (slot machines, online
games)
•Security tokens (e.g., RSA
SecurID for OTPs)
 Pseudorandom Numbers
• Subheadings:Key Characteristics:
• Deterministic (predictable if seed is known)
• Periodic and repeatable
• Generated by algorithms
• Source:
• Generated through algorithms like Linear
Congruential Generator (LCG)
Real-Time Application
• Game Simulations
• Simple Cryptography
Python's Random Module
)
 Machine
Real-Time
Learning
Application:

Simulations
RSA ALGORITHM
 Security of RSA

• The security of RSA depends on the

difficulty of factoring the large number
nnn, which is the product of two large
prime numbers ppp and qqq.
• As of now, factoring large numbers
(with hundreds or thousands of digits)
is computationally infeasible, providing
the basis for RSA's security.
 • Strong Security
• Widely Adopted
• Public-Key Infrastructure
Advantages
(PKI) Compatibility
of RSA
• Digital Signatures
Algorithm
• Key Exchange in Secure
Communications
• Long-term Reliability
 • Performance Issues (Slow)
• Key Size and Storage
• Susceptibility to Quantum
Computing
• Key Management
Disadvantages
• Potential Weaknesses from Poor
of RSA
Key Generation
Algorithm
• Increased Attack Surface with
Low Exponents
• Not Ideal for Small Systems
• Inflexibility for Secure Bulk
Encryption
 Introduction to Cryptographic Hash Functions

DATA INTEGRITY DIGITAL PASSWORD

SIGNATURES STORAGE
Message Digest 2
(MD2)Developed by:
Ronald Rivest in 1989Hash
Size: 128-bit (16-byte)
Design
ed for
8-bit
compu
ters
Slower
than
Key moder
n
Characteristics: algorit
hms
Vulner
able to
collisio
n
attack
s

Status: Obsolete and

insecure
MD2 Example
 MD2 Use Cases

EARLY DIGITAL LEGACY SYSTEMS WHY NOT USED

SIGNATURES TODAY
 MD5 Overview

Full Name: Message Digest 5 (MD5)

Developed by: Ronald Rivest in 1991

Hash Size: 128-bit (16-byte)

Key Characteristics:
• Faster than MD2
• Widely used for checksums and non-cryptographic purposes
• Vulnerable to Collision Attacks
• Status: Deprecated for secure applications but still used in non-critical cases.
Step-by-Step Explanation of the MD5 Algorithm

• 1. Append Padding Bits

• Goal: The message is padded so that its total
length is 64 bits less than the nearest multiple
of 512.
• Example: If the original message is 1000 bits,
we add 472 padding bits to make the total
length 1472 bits (512 * 3 - 64 = 1472).
Appending the Message Length

After padding, the MD5 algorithm appends 64 bits to

represent the original length of the message (before padding).
Why 64 bits?
o This 64-bit length representation helps ensure that the
total length of the message (original + padding + length
bits) is an exact multiple of 512 bits.
Final Length:
o After adding the padding and the 64-bit length, the total
message length becomes a multiple of 512 bits.
 Initialize MD5 Buffers:

 The MD5 algorithm uses four 32-bit buffers (labeled A, B, C, D) to store

intermediate and final values.
 Initial Values:
o A = 0x67452301
o B = 0xEFCDAB89
o C = 0x98BADCFE
o D = 0x10325476
 These buffers are used to process each 512-bit block of the message.
 Process Each 512-bit
Block
 After preparing the message, the algorithm processes it in chunks
of 512 bits.
 Each 512-bit block is further divided into 16 words of 32 bits.
• The message is processed in several rounds, where different
functions (F, G, H, I) are applied to modify the buffers using the
input block
Apply Hash Functions in Rounds

 The MD5 algorithm consists of 4 rounds, with 16

operations in each round.
 Functions in Each Round:
o F (Round 1): Uses buffers B, C, D to compute a new
value for A.
o G (Round 2): Similar to F, but uses a different
permutation of B, C, D.
o H (Round 3): XOR-based operations are applied to B, C,
D.
o I (Round 4): Different combinations of B, C, D to
calculate A.
Update Buffers:
 After each round, the values in the buffers (A, B, C, D) are updated
by adding the results of the function operations and applying
bitwise shifts.
 The 128-bit result of each round is then used as the input for the
next round.
Final Hash Output (Message Digest):
 Once all the 512-bit blocks have been processed through the
algorithm, the final values in the buffers (A, B, C, D) are
concatenated to produce the final 128-bit MD5 hash.
 The order is from the lower bit buffer A to the higher bit buffer
D, forming the message digest.
MD5 algorithm’s compression function
MD5 Example
 MD5 Use Cases

File Integrity Verification

Example: Software distributions provide an

MD5 checksum for downloaded files.
• Digital Fingerprints
• Password Hashing
• Digital Forensics
 SHA Family Overview

Full Name: Secure Hash Algorithm (SHA)

Developed by: NSA and NIST

Key Variants:
• SHA-1: 160-bit (obsolete)
• SHA-2: Includes SHA-224, SHA-256, SHA-384, SHA-512
• SHA-3: A newer algorithm based on the Keccak function,
uses sponge construction.
 SHA-2 Overview

Variants:
• SHA-224: 224-bit hash
• SHA-256: 256-bit hash (most widely used)
• SHA-384: 384-bit hash
• SHA-512: 512-bit hash (used in high-security applications)

Key Characteristics:
• Based on the Merkle-Damgård construction.
• Resistant to collision and pre-image attacks (unlike MD5 and SHA-1).
• Common in Blockchain, SSL/TLS, Digital Signatures.
 Secure Hash Algorithm (SHA)

• Key Properties of SHA:

 Irreversibility: It is a one-way function, meaning the original
data cannot be reconstructed from the hash value.
 Collision Resistance: SHA ensures that two different inputs do
not produce the same hash output, making it difficult for attackers
to replace data without detection.
 Deterministic: The same input will always produce the same
hash output.
SHA-256 Example
 1.Understanding Merkle-Damgård
Steps involved Construction in SHA-1
• Padding the Message
in SHA-1’s • Initializing Hash Values
Merkle- • Processing Each Block
Damgård • Compression Function
2. 80 Rounds of Operations for
construction SHA-1
Understanding Merkle-Damgård Construction in
SHA-1

Message Expansion: Each 512-bit block is expanded into 80 32-

bit words

Chaining Intermediate Hash Values: After processing each block,

the new hash output is combined with the intermediate hash
from the previous block, chaining the hash values
ElGamal • Key Concepts and
Components
Encryption
1.Cyclic Group Fq
 Advantages

Security Asymmetric Key Digital Signatures

Structure Compatibility
 Disadvantages

PERFORMANCE KEY SIZE REQUIREMENT VULNERABILITY TO

DISCRETE LOGARITHM
ATTACKS
 Real-World Use Cases

EMAIL SECURE DATA BLOCKCHAIN DIGITAL VOTING

ENCRYPTION STORAGE TECHNOLOGY SYSTEMS
 Key Components of DSS
Message (M):
Digital
Signature Hash Function (H)
Standard Signature Function (Sig)
(DSS) Public and Private Keys:
Private Key (PR(a))
Public Key (PU(g))
Verification Function (Ver)
Digital Signature Standard (DSS)
Working Sender Side (Sender
A)
Principle of DSS
1. Generate Hash
Code

2. Generate Signature
Components

3. Send Message and

Signature
Working Principle of DSS
Receiver Side
(Receiver B)

Generate Receiver’s
Hash Code

2. Signature
Verification:
Real-
World
Example
 Enhanced Security

Tracking and Verification

Legally Binding
Benefits
of Digital Non-repudiation
Signatures Immutability

Identification

Fraud Prevention
 Compatibility Issues

Software Dependency
Limitations Loss of Keys
of Digital
Standardization Needs
Signatures
Certificate and Verification Costs

Security Concerns
 Financial Transactions
Real- E-Government and E-Voting
World Healthcare
Use
Legal Contracts
Cases
E-Commerce
KERBEROS
Components
of Kerberos
Kerberos Authentication Process

Step 1: User Step 2:

Requests Authentication
Authentication Server Issues TGT

Step 3: User
Step 4: TGS Issues
Decrypts TGT and
Service Ticket
Sends it to TGS

Step 5: User Sends Step 6: Server

Service Ticket to Verifies Ticket and
the Server Grants Access
Real-Time Use Cases of Kerberos

User Authentication in
Single Sign-On (SSO) Windows Active
Directory (AD)

Mutual Authentication
Network File System
for Secure Network
(NFS) Authentication
Communication

Authorization and
Access Control in
Applications
 Advantages of Kerberos

Secure Authentication

Single Sign-On (SSO)

Mutual Authentication

Centralized Authentication

Widely Used
 Dependency on Time
Synchronization

Single Point of Failure

Limitations of
Scalability
Kerberos
Network Service Modification

Vulnerability to Password Attacks

 Ticket Forging
Is Kerberos
Brute Force Attacks
Infallible?
Malware Attacks
X.509 Authentication Service
 Working of X.509 Authentication Service

Certificate Creation Certificate Verification

Format of X.509 Authentication
Service Certificate
 Example: HTTPS Communication
Real- with an X.509 Certificate

World Step 1: Requesting an HTTPS

Connection
Exampl
Step 2: Server Sends its
e and Certificate
Scenar
Step 3: Verifying the Certificate
io
Step 4: Establishing an Encrypted
Connection
 Document Signing and Digital
Signatures

Web Server Security with SSL/TLS

Applications
of X.509 Email Security
Authenticati
on Service
Certificates Code Signing

SSH Keys for Secure Access

Digital Identities
 Security
Advantages
of X.509
Scalability
Authenticati
on
Trustworthiness

Compatibility
 Dependency on Trusted
Cas
Limitations
of X.509 Certificate Management
Authenticati
on Revocation Complexity

Cost
 Pretty Good Privacy (PGP)
Authentication in PGP
Confidentiality in PGP
The combined authentication and
confidentiality