Escolar Documentos
Profissional Documentos
Cultura Documentos
Network Security
Using
Cryptography
subject, historically only tackled by well- what are the best ciphers currently in use.
security over network, Solutions for those • Plaintext: The original intelligible
attacks, Introduction of cryptography, message (i.e.: Original data)
Algorithms of Cryptography and some • Cipher text: The transformed message
• Cipher: An algorithm for transforming WHAT IS A NETWORK?
an intelligible message into one that is A “network” has been defined as “any
unintelligible by transposition and/or set of interlinking lines resembling a net, a
substitution methods network of roads, an interconnected
• Key: Some critical information used by system, a network of alliances”. This
the cipher, known only to the sender & definition suits well for network:
receiver A Computer Network is simply an
process of converting cipher text back making sure that nosy people could not
into plaintext using a cipher and a key either access or alter the information
To keeping your data and keyspace usually is huge, the bigger the
SKIPJACK 64 80
data. The full message is divided into fixed which is often very hard to implement.
ASYMMETRIC OR PUBLIC-KEY As the public key is available to anyone,
ALGORITHMS privacy is assured without the need for a
These algorithms address the major secure key-exchange channel. Parties who
drawback of symmetric ciphers, the wish to communicate retrieve each other's
requirement of the secure key-exchange public key.
channel. The idea is that two different keys AUTHENTICATION AND NON-REPUDIATION
should be used: USING DIGITAL SIGNATURES
An interesting property of the
Public key which, as the name implies, is
public-key algorithms is that they can
known to everyone, and
provide authentication. The private key is
Private key, which is to be kept in tight
used for encryption. Since anyone has
security by the owner.
access to the corresponding public key and
The private key cannot be determined from
can decrypt the message, This provides no
the public key.
privacy. However, it authenticates the
A clear text encrypted with the
message. If one can successfully decrypt it
public key can only be decrypted with the
with the claimed sender's public key, then
corresponding private key.
the message has been encrypted with the
A clear text encrypted with the
corresponding private key, which is known
private key can only be decrypted with the
by the real sender only. Thus, the sender's
corresponding public key.
identity is verified. Encryption with the
Thus, if someone sends a message
private key is used in Digital Signatures.
encrypted with the recipient's public key, it
The principle is shown in figure. Alice
can be read by the intended recipient only.
encrypts her message with her private key
The process is shown in figure where Alice
("signs" it), in order to enable Bob to verify
sends an encrypted message to Bob.
the authenticity of the message.
Going a step further, encrypting with the provide a unique digital "fingerprint" of the
private key gives non-repudiation too. message, that identifies it with high
Additionally, if a timestamp is included, confidence, much like a real fingerprint
then the exact date and time can also be identifying a person.
proven. There are protocols involving A hash function that takes a key as a
trusted third parties that prevent the sender second input parameter and its output
from using phony timestamps. depends on both the message and the key is
HASH FUNCTIONS called a Message Authentication Code
Hash functions (also called message (MAC), as shown in figure
digests) are fundamental to cryptography.
A hash function is a function that
takes variable-length input data and
produces fixed length output data (the hash
value), which can be regarded as the
"fingerprint" of the input. That is, if the
hashes of two messages match, it is highly Put simply, if you encrypt a hash, it
probable that the messages are the same. becomes a MAC. If you add a secret key to
Cryptographically useful hash a message, then hash the concatenation, the
functions must be one-way, which means result is a MAC. Both symmetric and
that they should be easy to compute, but asymmetric algorithms can be used to
infeasible to reverse. An everyday example generate MACs.
of a one-way function is mashing a potato; Hash functions are primarily used to
it is easy to do, but once mashed, assure integrity and authentication :
reconstructing the original potato is rather • The sender calculates the hash of the
difficult. message and appends it to the message.
A good hash function should also be • The recipient calculates the hash of the
collision-resistant. It should be hard to find received message and then compares the
two different inputs that hash to the same result with the transmitted hash.
value. As any hash function maps an input • If the hashes match, the message was not
set to a smaller output set, theoretically it is tampered with.
possible to find collisions. The point is to
• If the encryption key (symmetric or used. Encrypting all the messages in their
asymmetric) is only known by a trusted entirety would not yield noticeable benefits
sender, a successful MAC decryption and performance would dramatically
indicates that the claimed and actual decrease. The encryption of a hash with the
senders are identical. The Message* and private key is called a Digital Signature.
MAC* notations reflect the fact that the The encryption of a secret key with a public
message might have been altered while key is called a digital envelope. This is a
crossing the untrusted channel. common technique used to distribute secret
keys for symmetric algorithms.
RANDOM-NUMBER GENERATORS
An important component of a cryptosystem
is the random-number generator. Many
times random session keys and random
initialization variables (often referred to as
initialization vectors) are generated.
The quality, that is the randomness
of these generators, is more important than
you might think. The ordinary random
One could argue that the same result can be
function provided with most programming
obtained with any kind of encryption,
language libraries is good enough for
because if an intruder modifies an
games, but not for cryptography. Those
encrypted message, the decryption will
random-number generators are rather
result in nonsense, thus tampering can be
predictable; if you rely on them, be
detected. The answer is that many times
prepared for happy cryptanalysts finding
only integrity and/or authentication is
interesting correlations in your encrypted
needed, maybe with encryption on some of
output. The fundamental problem faced by
the fields of the message. Also encryption
the random-number generators is that the
is very processor-intensive. Examples
computers are ultimately deterministic
include the personal banking machine
machines, so real random sequences cannot
networks, where only the PIN’s are
be produced.
encrypted, however MAC’s are widely
As John von Neumann ironically Consider whether you need to provide
said: "Anyone who considers arithmetical this service, bearing in mind that it allows
methods of producing random digits is, of any user to attach an unauthorized host to
course, in a state of sin." That's why the your network. This increases the risk of
term “pseudorandom generator” is more attacks via techniques such as IP address
appropriate. spoofing, packet sniffing, etc. Users and
Cryptographically strong pseudorandom site management must appreciate the risks
generators must be unpredictable. It must involved. If you decide to provide walk-up
be computationally infeasible to determine connections, plan the service carefully and
the next random bit, even with total define precisely where you will provide it
knowledge of the generator. A common so that you can ensure the necessary
practical solution for pseudorandom physical access security.
generators is to use hash functions. This A walk-up host should be
approach provides sufficient randomness authenticated before its user is permitted to
and it can be efficiently implemented. access resources on your network. As an
Military-grade generators use specialized alternative, it may be possible to control
devices that exploit the inherent physical access. For example, if the service
randomness in physical phenomena. An is to be used by students, you might only
interesting solution can be found in the provide walk-up connection sockets in
PGP software. The initial seed of the student laboratories. If you are providing
pseudorandom generator is derived from walk-up access for visitors to connect back
measuring the time elapsed between the to their home networks (e.g., to read e-mail,
keystrokes of the user. etc.) in your facility, consider using a
that have the feature of a two-part A feature that is being built into some
procedure to establish a connection. The routers is the ability to session encryption
first part is the remote user dialing into the between specified routers. Because traffic
system, and providing the correct userid traveling across the Internet can be seen by
and password. The system will then drop people in the middle who have the
the connection, and call the authenticated resources (and time) to snoop around, these
are advantageous for providing world, and is also the largest purchaser of
connectivity between two sites, such that computer hardware in the world.
there can be secure routes. Governments in general have always been
Other Network Technologies prime employers of cryptologists. The NSA
Technologies considered here probably possesses cryptographic expertise
include X.25, ISDN, SMDS, DDS and many years ahead of the public state of the
Frame Relay. All are provided via physical art, and can undoubtedly break many of the
links which go through telephone systems used in practice; but for reasons of
exchanges, providing the potential for them national security almost all information
to be diverted. Crackers are certainly about the NSA is classified.
interested in telephone switches as well as
in data networks! CONCLUSION
Permanent Virtual Circuits or Closed User alternative to protect Internet data and it
Groups whenever this is possible. does the job well. New cryptographic
evolving rapidly; consider using them on applications. Thus these Crypto techniques
government. It was given its charter by Bellovin, S. M., and Merrit. M., “Augmented
President Truman in the early 50's, and has Encrypted Key Exchange”
Websites browsed:
www.crypto.com
www.cryptography.com
www.infosyssec.net
www.uow.edu.au
www.amazon.com
www.phptr.com
www.csrc.nist.gov