Computer Virus, Worm and Trojan Horse

Virus: A computer virus is a program, script, or macro designed to cause damage, steal personal information, modify data, send e-mail, display messages, or some combination of these actions.When the virus is executed, it spreads by copying itself into or over data files, programs, or boot sector of a computer’s hard drive, or potentially anything else writable. To help spread an infection the virus writers use detailed knowledge of security vulnerabilities, zero days, or social engineering to gain access to a host’s computer.

Types of Virus:
1)Boot Sector Virus:A Boot Sector Virus infects the first sector of the hard drive, where the Master Boot Record (MBR) is stored. The Master Boot Record (MBR) stores the disk’s primary partition table and to store bootstrapping instructions which are executed after the computer’s BIOS passes execution to machine code. If a computer is infected with Boot Sector Virus, when the computer is turned on, the virus launches immediately and is loaded into memory, enabling it to control the computer.Examples of boot viruses are polyboot and antiexe.

2)File Deleting Viruses:A File Deleting Virus is designed to delete critical files which are the part of Operating System or data files.

3)Mass Mailer Viruses:Mass Mailer Viruses search e-mail programs like MS outlook for e-mail addresses which are stored in the address book and replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program.

4)Macro Virus: Document or macro viruses are written in a macro language. Such languages are usually included in advanced applications such as word processing and spreadsheet programs. The vast majority of known macro viruses replicate using the MS Office program suite, mainly MS Word and MS Excel, but some viruses targeting other applications are known as well. The symptoms of infection include the automatic restart of computer again and again. Commonly known types of macro viruses are Melissa A, Bablas and Y2K Bug.

5)File Infector:Another common problem of the computer programmers is the file infector viruses which automatically interrupt during the processing or while writing and infects the file. Or they work on execution of the file. Unwanted dialog boxes starts appearing on the screen with unknown statements with extensions .com and .exe. They destroy the original copy of the file and save the infected file with the same as original. Once infected, it is very hard to recover the original data.

6)Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus software by making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature which helps them to hide from heuristic detection.

7)Resident Virus:These are the threat programs that permanently penetrates in the Random access memory of the computer system .when the computer gets started it is automatically transmitted to the secondary storage media and interrupts all the sequential operations of the processor and corrupt all the running programs. For instance Randex and CMJ are commonly known resident viruses .if these viruses gets into the hard disk then one has to replace the secondary storage media and some times RAM even.

8)Polymorphic Viruses: Polymorphic viruses change their form in order to avoid detection and disinfection by anti-virus applications. After the work, these types of viruses try to hide from the anti-virus application by encrypting parts of the virus itself. This is known as mutation.

9)Retrovirus is another type virus which tries to attack and disable the anti-virus application running on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses attack the anti-virus application and stop it from running or some other destroys the virus definition database.

Worms:
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. Worms are often confused with computer viruses; the difference lies in how they spread. Computer worms self-replicate and spread across networks, exploiting vulnerabilities, automatically; that is, they don’t need a cyber criminal’s guidance, nor do they need to latch onto another computer program.

A mail worm is carried by an email message, usually as an attachment but there have been some cases where the worm is located in the message body. The recipient must open or execute the attachment before the worm can activate. The
attachment may be a document with the worm attached in a virus-like manner, or it may bean independent file. The worm may very well remain undetected by the user if it is attached to a document. The document is opened normally and the user’s attention is probably focused on the document contents when the worm activates. Independent worm files usually fake an error message or perform some similar action to avoid detection.

Pure worms have the potential to spread very quickly because they are not dependent on any human actions, but the current networking environment is not ideal for them. They usually require a direct real-time connection between the source and target computer when the worm replicates.

Trojan Virus:
A trojan in computing is malicious code hidden within software or data that is designed to compromise security, execute disruptive or damaging commands, or allow improper access to computers, networks and electronic systems.
Trojans are similar to worms and viruses, but trojans do not replicate themselves or seek to infect other systems once installed on a computer.As software programs, Trojan horses can appear as a game, a mobile application, a utility program, or a textual hyperlink. Each intends to enhance interest and to entice an unsuspecting user to download the disguised malware or virus. Once downloaded and installed, the infection is free to collect personal information, destroy files and records, and eventually render your computer or network unusable.Cybercriminals purposely create malware and virus packages with the intention of either obtaining personal information or destroying computer records and files. By hiding the malicious code and making it appear innocent, many individuals will overlook the possibility of a Trojan horse and download the package without thinking.

Classification of Trojan Horse Virus:

Backdoor: These are created to give an unauthorized user remote control of a computer. Once installed on a machine, the remote user can then do anything they wish with the infected computer. This often results in uniting multiple backdoor Trojan-infected computers working together for criminal activity.

Rootkit: Programmed to conceal files and computer activities, rootkits are often created to hide further malware from being discovered. Normally, this is so malicious programs can run for an extended period of time on the infected computer.

DDoS: A sub sect of backdoor Trojans, denial of service (DoS) attacks are made from numerous computers to cause a web address to fail.

Banker: Trojan-bankers are created for the sole purpose of gathering users’ bank, credit card, debit card and e-payment information.

FakeAV: This type of Trojan is used to convince users that their computers are infected with numerous viruses and other threats in an attempt to extort money. Often, the threats aren’t real, and the FakeAV program itself will be what is causing problems in the first place.

Ransom: Trojan-Ransoms will modify or block data on a computer either so it doesn’t work properly or so certain files can’t be accessed. The person disrupting the computer will restore the computer or files only after a user has paid a ransom. Data blocked this way is often impossible to recover without the criminal’s approval.




SAMPL and OAuth2 Authentication

1)SAML (Security Assertion Markup Language) is an open standard for exchanging authentication information between a service provider and an identity provider (IdP). A third-party IdP is used to authenticate users and to pass identity information to the service provider in the form of a digitally signed XML(Extensible Mark-up language) document. Tableau Server is a service provider. Examples of IdPs include PingOne and OneLogin.SAML is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.

Image result for saml authentication

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts.Some SSO services use protocols such as Kerberos and the security assertion markup language (SAML).

The three main components of the SAML protocol:

  • Assertions – Most common are the following 2 SAML assertions:
    • Authentication assertions are used to make people prove their identities.
    • Attribute assertions are used to generate specific information about the person, for example their phone number or email address.
  • Protocol – This defines the way that SAML asks for and gets assertions, for example, using SOAP over HTTP.
  • Binding – This details exactly how SAML message exchanges are mapped into SOAP exchanges.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

2)OAuth 2

OAuth, which was first released in 2007, was conceived as an authentication method for the Twitter application program interface (API). In 2010, The IETF OAuth Working Group published OAuth 2.0. Like the original OAuth, OAuth 2.0 provides users with the ability to grant third-party access to web resources without sharing a password. Updated features available in OAuth 2.0 include new flows, simplified signatures and short-lived tokens with long-lived authorizations.OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.

Image result for oauth works

OAuth defines four roles:

  • Resource owner (the User) – An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.
  • Resource server (the API server) – The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
  • Client – An application making protected resource requests on behalf of the resource owner and with its authorization. The term client does not imply any particular implementation characteristics (e.g. whether the application executes on a server, a desktop, or other devices).
  • Authorization server – The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

OpenID Connect is an open standard published in early 2014 that defines an interoperable way to use OAuth 2.0 to perform user authentication. In essence, it is a widely published recipe for chocolate fudge that has been tried and tested by a wide number and variety of experts. Instead of building a different protocol to each potential identity provider, an application can speak one protocol to as many providers as they want to work with. Since it’s an open standard, OpenID Connect can be implemented by anyone without restriction or intellectual property concerns.

OpenID Connect is built directly on OAuth 2.0 and in most cases is deployed right along with (or on top of) an OAuth infrastructure. OpenID Connect also uses the JSON Object Signing And Encryption (JOSE) suite of specifications for carrying signed and encrypted information around in different places. In fact, an OAuth 2.0 deployment with JOSE capabilities is already a long way to defining a fully compliant OpenID Connect system, and the delta between the two is relatively small.

QAuth Grants:

Image result for OAuth 2.0 grant should I implement?

 




Kerberos Notes

Kerberos is an authentication protocol and a software suite implementing this protocol. Kerberos uses symmetric cryptography to authenticate clients to services and vice versa. For example, Windows servers use Kerberos as the primary authentication mechanism, working in conjunction with Active Directory to maintain centralized user information. Other possible uses of Kerberos include allowing users to log into other machines in a local-area network, authentication for web services, authenticating email client and servers, and authenticating the use of devices such as printers.Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network.

Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

Kerberos uses the concept of a ticket as a token that proves the identity of a user. Tickets are digital documents that store session keys. They are typically issued during a login session and then can be used instead of passwords for any Kerberized services. During the course of authentication, a client receives two tickets:
– A ticket-granting ticket (TGT), which acts as a global identifier for a user and a session key
– A service ticket, which authenticates a user to a particular service
These tickets include time stamps that indicate an expiration time after which they become invalid. This expiration time can be set by Kerberos administrators depending on the service.

To accomplish secure authentication, Kerberos uses a trusted third party known as a key distribution center (KDC), which is composed of two components, typically integrated into a single server:
– An authentication server (AS), which performs user authentication
– A ticket-granting server (TGS), which grants tickets to users
The authentication server keeps a database storing the secret keys of the users and services. The secret key of a user is typically generated by performing a one-way hash of the user-provided password. Kerberos is designed to be modular, so that it can be used with a number of encryption protocols, with AES being the default cryptosystem.
Kerberos aims to centralize authentication for an entire network—rather than storing sensitive authentication information at each user’s machine, this data is only maintained in one presumably secure location.

Image result for kerberos authentication

To start the Kerberos authentication process, the initiating client sends a request to an authentication server for access to a service. The initial request is sent as plaintext because no sensitive information is included in the request.The authentication server retrieves the initiating client’s private key, assuming the initiating client’s username is in the KDC database. If the initiating client’s username cannot be found in the KDC database, the client cannot be authenticated and the authentication process stops. If the client’s username can be found in the KDC database, the authentication server generates a session key and a ticket granting ticket. The ticket granting ticket is timestamped and encrypted by the authentication server with the initiating client’s password.The initiating client is then prompted for a password; if what is entered matches the password in the KDC database, the encrypted ticket granting ticket sent from the authentication server is decrypted and used to request a credential from the ticket granting server for the desired service. The client sends the ticket granting ticket to the ticket granting server, which may be physically running on the same hardware as the authentication server, but performing a different role.

The ticket granting service carries out an authentication check similar to that performed by the authentication server, but this time sends credentials and a ticket to access the requested service. This transmission is encrypted with a session key specific to the user and service being accessed. This proof of identity can be used to access the requested “kerberized” service, which, once having validated the original request, will confirm its identity to the requesting system.The timestamped ticket sent by the ticket granting service allows the requesting system to access the service using a single ticket for a specific time period without having to be re-authenticated. Making the ticket valid for a limited time period makes it less likely that someone else will be able to use it later; it is also possible to set the maximum lifetime to 0, in which case service tickets will not expire. Microsoft recommends a maximum lifetime of 600 minutes for service tickets; this is the default value in Windows Server implementations of Kerberos.

Kerberos Advantages
• The Kerberos protocol is designed to be secure even when performed over an insecure network.
• Since each transmission is encrypted using an appropriate secret key, an attacker cannot forge a valid ticket to gain unauthorized access to a service without compromising an encryption key or breaking the underlying encryption algorithm, which is assumed to be secure.
• Kerberos is also designed to protect against replay attacks, where an attacker eavesdrops legitimate Kerberos communications and retransmits messages from an authenticated party to perform unauthorized actions.
– The inclusion of time stamps in Kerberos messages restricts the window in which an attacker can retransmit messages.
– Tickets may contain the IP addresses associated with the authenticated party to prevent replaying messages from a different IP address.
– Kerberized services make use of a “replay cache,” which stores previous authentication tokens and detects their reuse.
• Kerberos makes use of symmetric encryption instead of public-key encryption, which makes Kerberos computationally efficient
• The availability of an open-source implementation has facilitated the adoption of Kerberos.

Kerberos Disadvantages
• Kerberos has a single point of failure: if the Key Distribution Center becomes unavailable, the authentication scheme for an entire network may cease to function. – Larger networks sometimes prevent such a scenario by having multiple KDCs, or having backup KDCs available in case of emergency.
• If an attacker compromises the KDC, the authentication information of every client and server on the network would be revealed.
• Kerberos requires that all participating parties have synchronized clocks, since time stamps are used.




Web Application Security and IPSec

Web application security is the process of securing confidential data stored online from unauthorized access and modification. This is accomplished by enforcing stringent policy measures. Security threats can compromise the data stored by an organization is hackers with malicious intentions try to gain access to sensitive information.
The aim of Web application security is to identify the following:

  • Critical assets of the organization
  • Genuine users who may access the data
  • Level of access provided to each user
  • Various vulnerabilities that may exist in the application
  • Data criticality and risk analysis on data exposure
  • Appropriate remediation measures

Image result for web application security

Most commonly, the following tactics are used in to attack these applications:

  • SQL Injection
  • XSS (Cross Site Scripting)
  • Remote Command Execution
  • Path Traversal

1)SQL Injection: SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren’t found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways and by injecting a SQL statement, like ‘ ) OR 1=1–, the attacker can access information stored in the web site’s database. Of course, the example used above represents a relatively simple SQL statement. Ones used by attackers are often much more sophisticated if they know what the tables in the database are since these complex statements can generally produce better results.

SQL injection is mostly known as an attack vector for websites.

Image result for sql injection

2)Cross Site Scripting: Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Image result for xss attack3)Remote Command Execution:Remote Command Execution vulnerabilities allow attackers to pass arbitrary commands to other applications. In severe cases, the attacker can obtain system level privileges allowing them to attack the servers from a remote location and execute whatever commands they need for their attack to be successful.

4)Path Traversal:Path Traversal vulnerabilities give the attacker access to files, directories, and commands that generally are not accessible because they reside outside the normal realm of the web document root directory. Unlike the other vulnerabilities discussed, Path Traversal exploits exist due to a security design error – not a coding error.

HTTPS was originally used mainly to secure sensitive web traffic such as financial transactions, but it is now common to see it used by default on many sites we use in our day to day lives such as social networking and search engines. The HTTPS protocol uses the Transport Layer Security (TLS) protocol, the successor to the Secure Sockets Layer (SSL) protocol, to secure communications. When configured and used correctly, it provides protection against eavesdropping and tampering, along with a reasonable guarantee that a website is the one we intend to be using. Or, in more technical terms, it provides confidentiality and data integrity, along with authentication of the website’s identity.

IPSec:IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. It is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

Image result for IPSec

IPSec contains the following elements:

1)Encapsulating Security Payload (ESP): Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.Unlike Authentication Header (AH), ESP in transport mode does not provide integrity and authentication for the entire IP packet. However, in Tunnel Mode, where the entire original IP packet is encapsulated with a new packet header added, ESP protection is afforded to the whole inner IP packet (including the inner header) while the outer header (including any outer IPv4 options or IPv6 extension headers) remains unprotected. ESP operates directly on top of IP, using IP protocol number 50.

 

The ESP header contains the following fields:

  • Security Parameters Index    Identifies, when used in combination with the destination address and the security protocol (AH or ESP), the correct security association for the communication. The receiver uses this value to determine the security association with which this packet should be identified.
  • Sequence Number    Provides anti-replay protection for the SA. It is 32-bit, incrementally increasing number (starting from 1) that indicates the packet number sent over the security association for the communication. The sequence number is never allowed to cycle. The receiver checks this field to verify that a packet for a security association with this number has not been received already. If one has been received, the packet is rejected.

The ESP trailer contains the following fields:

  • Padding    0 to 255 bytes is used for 32-bit alignment and with the block size of the block cipher.
  • Padding Length    Indicates the length of the Padding field in bytes. This field is used by the receiver to discard the Padding field.
  • Next Header    Identifies the nature of the payload, such as TCP or UDP.

The ESP Authentication Trailer contains the following field:

Authentication Data    Contains the Integrity Check Value (ICV), and a message authentication code that is used to verify the sender’s identity and message integrity. The ICV is calculated over the ESP header, the payload data and the ESP trailer.

2)Authentication Header (AH):Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets (see below).

  • In IPv4, the AH protects the IP payload and all header fields of an IP datagram except for mutable fields (i.e. those that might be altered in transit), and also IP options such as the IP Security Option (RFC 1108). Mutable (and therefore unauthenticated) IPv4 header fields are DSCP/ToS, ECN, Flags, Fragment Offset, TTL and Header Checksum.
  • In IPv6, the AH protects most of the IPv6 base header, AH itself, non-mutable extension headers after the AH, and the IP payload. Protection for the IPv6 header excludes the mutable fields: DSCP, ECN, Flow Label, and Hop Limit.

AH operates directly on top of IP, using IP protocol number 51.

3)Internet Key Exchange (IKE): The Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access. Specified in IETF Request for Comments (RFC) 2409, IKE defines an automatic means of negotiation and authentication for IPsec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the preconfiguration that would otherwise be required.

Benefits provided by IKE include:

  • Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.
  • Allows you to specify a lifetime for the IPSec security association.
  • Allows encryption keys to change during IPSec sessions.
  • Allows IPSec to provide anti-replay services.
  • Permits Certification Authority (CA) support for a manageable, scalable IPSec implementation.
  • Allows dynamic authentication of peers.

 




Cryptography ,Diffie Hellman and RSA Algorithm

Cryptography can reformat and transform our data, making it safer on its trip between computers. The technology is based on the essentials of secret codes, augmented by modern mathematics that protects our data in powerful ways.

• Computer Security – generic name for the collection of tools designed to protect data and to thwart hackers

• Network Security – measures to protect data during their transmission

• Internet Security – measures to protect data during their transmission over a collection of interconnected networks.

Security Attacks, Services and Mechanisms: To assess the security needs of an organization effectively, the manager responsible for security needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements. One approach is to consider three aspects of information security:

  • Security attack – Any action that compromises the security of information owned by an organization.
  • Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack.
  • Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service.

Basic Concepts:

Cryptography:The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form

Plaintext The original intelligible message

Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender& receiver

Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key

Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called code breaking.Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities and break into cryptography or information security systems.

Cryptanalysis attack types include:

  • Known-Plaintext Analysis (KPA): Attacker decrypt ciphertexts with known partial plaintext.
  • Chosen-Plaintext Analysis (CPA): Attacker uses ciphertext that matches arbitrarily selected plaintext via the same algorithm technique.
  • Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.
  • Man-in-the-Middle (MITM) Attack: Attack occurs when two parties use message or key sharing for communication via a channel that appears secure but is actually compromised. Attacker employs this attack for the interception of messages that pass through the communications channel. Hash functions prevent MITM attacks.
  • Adaptive Chosen-Plaintext Attack (ACPA): Similar to a CPA, this attack uses chosen plaintext and ciphertext based on data learned from past encryptions.

Cryptology Both cryptography and cryptanalysis

Code An algorithm for transforming an intelligible message into an unintelligible one using a code-book

Cryptography:

Cryptographic systems are generally classified along 3 independent dimensions:

Type of operations used for transforming plain text to cipher text All the encryption algorithms are based on two general principles: substitution, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged.

The number of keys used If the sender and receiver uses same key then it is said to be symmetric key (or) single key (or) conventional encryption. If the sender and receiver use different keys then it is said to be public key encryption.

The way in which the plain text is processed A block cipher processes the input and block of elements at a time, producing output block for each input block. A stream cipher processes the input elements continuously, producing output element one at a time, as it goes along.

Cryptanalysis:

The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst.

There are various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst.

  • Cipher text only – A copy of cipher text alone is known to the cryptanalyst. Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
  • Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They cannot open it to find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the resulting cipher texts to deduce the key.
  • Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the key.

Diffie-Hellman:

  • a method of exchanging cryptographic keys
  • establishes a shared secret that can be used for secret communications
  • vulnerable to Man-in-the-middle attack
  • Key identity: (gens1)s2 = (gens2)s1 = shared secret   (mod prime)
  • Where:
    • gen is an integer whose powers generate all integer in [1, prime)   (mod prime)
    • s1 and s2 are the individuals’ “secrets”, only used to generate the symmetric key

RSA is used to come up with a public/private key pair for asymmetric (“public-key”) encryption:

Working: (based upon the above paint example)

  • alice and bob produces a mix based upon their secret colour
  • exchange the mix between them
  • finalize a common secret

 

RSA:

  • Used to perform “true” public-key cryptography
  • an encryption algorithm
  • very slow for bulk data encryption
  • Key identity: (me)d = m   (mod n)   (lets you recover the encrypted message)
  • Where:
    • n = prime1 × prime2    (n is publicly used for encryption)
    • φ = (prime1 – 1) × (prime2 – 1)   (Euler’s totient function)
    • e is such that 1 < e < φ, and (e, φ) are coprime    (e is publicly used for encryption)
    • d × e = 1   (mod φ)    (the modular inverse d is privately used for decryption)

Working:

  • sender encrypts the data to be transferred using using the public key of the recipient
  • receiver decrypts the encrypted data using his private key