IP Address Tracker
Arun Anoop M
Monday, December 30, 2013
Sunday, December 22, 2013
OSI Security Architecture:-
1)SECURITY ATTACK:
Any action that compromises the security of information owned by an organisation.
-Passive Attack:
-Release of message contents
-Traffic control
-Active attack:
-Masquerade
-Replay
-Modification of message
-Denial of service
2)SECURITY MECHANISM:
A process that is design to detect,prevent or recover from a security attack.
3)SECURITY SERVICES:
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organisation.
-Authentication
-Access control
-Data confidentiality
-Data Integrity
-Non repudiation
Monday, December 9, 2013
AES - Advanced Encryption standard
Rounds
Add
Round Key stage which is a simple bitwise
XOR of the current block with a portion of the expanded key.
AES Key Scheduling:
- SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
- ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
- MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column.
- AddRoundKey.
AES has 10 rounds in which state the following transformations
(called `layers’):
Byte
substitution (1 S-box used on every byte)
Shift rows
(permute bytes between groups/columns)
Mix columns
(uses matrix multiplication in GF(256))
Add round
key (XOR state with round key)
[1]ByteSub:
Each byte of state is replaced by byte indexed by row (left
4-bits) & column (right 4-bits)
Example: byte {95} is
replaced by byte in row 9 column 5 which has value
{2A}
[2] ShiftRows
Circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2
byte circular shift to left
4th row does 3
byte circular shift to left
Decrypt inverts using shifts to right.
Since state is processed by columns, this step permutes bytes
between the columns.
[3]MixColumn
The MixColumns stage is a
substitution that makes use of arithmetic over GF(2^8). Each byte of a column is mapped into a new value that is
a function of all four bytes in that column. It is designed as a matrix multiplication where each
byte is treated as a polynomial in GF(28). The inverse used
for decryption involves a different set of constants.
[4]AddRoundKey
AES Key Scheduling:
Takes 128-bit (16-byte) key
and expands into array of 44 32-bit words.
AES Key Expansion:
AES Decryption:
AES decryption is not identical to encryption since steps done
in reverse.
AES can be
implemented very efficiently on an 8-bit processor.
AddRoundKey is a bytewise XOR operation.
ShiftRows is a simple byte
shifting operation.
SubBytes operates at the byte
level and only requires a lookup of a 256 byte table S.
MixColumns (matrix multiply)
can be implemented as byte XOR’s. Sunday, December 8, 2013
Diffie-Hellman cipher by Prof G.Samid (http://wesecure.net/)
Diffie-Hellman cipher is a response to the challenge of 'strangers' cryptography. Traditionally Alice and Bob would exchange a cryptographic key over a secure channel, and then use that key to communicate over insecure channels. Alas, the Internet creates a vast need for stragners to exchange secret messages. Such is the case when a customer wishes to purchase an item from an online store. Seller and buyer and strangers to each others; they have not had an opportunity to exchange a secret key and use it later.
This challenge which was first
(a bit awkwardly) addressed by Ralph Merkle has been satisfactorily
addressed by his pals: Diffie and Hellman, extending the Merkle
principle.
The Merkle principle was as follows: Alice prepares a set of
mathematical challenges which involve choice. Bob makes his choice and
communicates it to Alice who can respond to Bob with the advantage of
being the one who prepared these challenges. Hackey the hacker does not
have that edge, and is left in the cold.
The Merkle solution to this
challenge was not very practical, and prompted Diffie and Hellman to
come up with their concept.
Their idea was that a computational result, R, can sometimes be
computed in two different ways: one using information available to
Alice, and the other using information available to Bob -- so that
Hackey will remain out of the loop.
As an example: given a set of 1000 different integers, one wishes
to find the identity of the integer that ranks 401 in the set (bottom
up). One way to find it is to build the ranking from the bottom (lowest
number) upward until the 401st number is spotted. Another way is to
identify the number from the top down, and thereby identify th 599th
number from the top. The result should be the same, but the
computational pathway is different. That is the principle of the Diffie
Hellman cipher.
Alice sends Bob a psuedo-key, and both Alice and Bob use that
psuedo key to generate a pair of keys: one they keep private, the other
they make public so Bob now knows Alice's public key and Alice now knows
Bob's public key. Of course, Hackey now knows these public keys too,
but he does not know either private key by contrast to Alice and Bob who
each knows their own private key -- that's the point!
Now the scheme works by having a mathematical result, R, computed
two ways: each with his or her private key and the other's public key.
Example:
Since the pair of private-public keys chosen by the parties is
mathematically linked, it is necessary to insure that Hacky cannot
derive the private key from the public key. Since it is impossible to
impose such a condition, Diffie and Hellman retreated to impose
intractability -- to find a mathematical arrangement where it would be
exceedingly difficult to derive the private key from the public key (not
impossible, but difficult!). They came to realize that modular log
computation is generally considered difficult:
Y = aXmod n is easy to compute, while:
X = logaY mod n
is intractable. Hence, if Y will be a privae key and X its corresponding
public key, then Hackey will be over his head with trying to compute X
from Y.
Example: compute:
Y = 37mod 5
37= 2187 = 437*5 + 2, hence Y=2
Now: to compute:
X = log32 mod 5
one tries: for
X = 0 =log31 mod 5,
X = 1 =log33 mod 5,
X = 2 =log34 mod 5,
X = 3 =log32 mod 5,
X = 4 =log31 mod 5
X = 5 =log34 mod 5
X = 6 =log34 mod 5
X = 7 =log32 mod 5
X = 8 =log31 mod 5
Since the possible results for Y are only five options, there are many X
values the solve this equation. Which immediately suggests that the mod
basis should be a large number! This should work because there is no
major compuational shortcut to what we tried here, checking the values
of X=0,1,2,3,..
Based on the this assumed intractability Diffie and Hellman made a clever and creative use of a known mathematical relationship:
Z = aXYmod n= (aX)Ymod n= (aY)Xmod n which allowed them to set:
U = aX, and V = aY and write:
Z = UY= VX
which means that the result Z can be computed by one who knows U and Y, as well as by one who knows V and X!
To implement this great idea it is necessary to find good values for n
and a. n we have already reasoned must be a large number. What about a?
Upon examination we see that if a=0, we have Y = 0X= 0 so Y
would be limited to 0,n,2n,3n,....kn. Not good. Remember -- we need
intractability, Hackey must find it difficult to compute. Similarly for
a=1 we have: Y = 1X= 1, and hence Y=1,n+1, 2n+1,....kn+1.
Same problem. So Diffie and Hellman reasoned that a must be a 'root' of
n, defined as a number such that for any residue 0 <=r < n, there
will be some number t such that:
at= r mod n Such an a will pose the required intractability on Hacky. So now we are ready to implement Diffie and Hellman cipher. Alice will choose n and a (the psuedo key), and pass them along to Bob. Both Alice and Bob will choose a random private key: Alice will choose X and Bob will choose Y. Alice will now compute her public key U=aX, and Bob will compute his public key V=aY, and send them to each other. Based on our reasoning above, Hacky, aware of U and V will find it difficult to reverse compute them to either X or Y (intractability!), but Alice and Bob, on the other hand will compute the same result Z:
Z = UY= VX
which will serve as their shared cryptographic key.
Example:
Let n=7, then a=5
Alice selects Ra=3 and computes: Ua = 53mod 7 = 125 mod 7 = 6
Bob selects Rb = 2 and computes Ub = 52mod 7 = 4 mod 7
Alice computes K = 43mod 7 = 1
Bob computes K = 62mod 7 = 1
"1" is the shared result. Remember n must be large (not n=7) for intractability kick in.
RSA by Prof G.Samid (http://wesecure.net/)
The RSA team was quite impressed with Diffie and Hellman, and the clever idea:
Z = aXYmod n= (aX)Ymod n= (aY)Xmod n They then wondered what will happen if Z=a, namely:
Z = ZXYmod n= (ZX)Ymod n
Then one could use Z as a plaintext
and designate ZXas ciphertext.
By so doing X will serve as the encryption key, and Y as the decryption
key -- and Diffie and Hellman have already shown that X and Y are not
easily mutually derviable!
So now the RSA team needed find a proper n (which we have seen with
Diffie and Hellman, should be a large number to insure intractability),
and then they need to find two numbers X and Y that will insure that for
every possible Z (every possible plaintext) it will hold that:
Z = ZXYmod n= (ZX)Ymod n.
So how can we find a pair (X,Y) to fit these requirement? Here comes the RSA ingenuity:
They said: let's pick two primes, p and q, and compute n=pq and
n'=(p-1)(q-1). Let's pick X such that gcd(X,n')=1, and look for Y such
that XY=1 mod n'. This will work because:
ZXY= Zkn'+1 because XY=1 mod n implies that for some k we have XY - 1 = kn' and hence:
ZXY= Zkn'+1= Zkn'Z1 But Zkn'= 1 because of Euler's theorem since fi(n)=n', and hence:
ZXY= Z
and fi(n)=n' hence:
where fi(n) is Euler's function.
Example:
Let us pick two primes: p=5, q=7. We now compute n=pq=35, and
compute n`=(p-1)(q-1)=4*6=24. We now pick the encryption key e such
that gcd(e,n`)=1. Let`s pick e=7 since gcd(7,24)=1
Next we need to find the decryption key, d. We look for a d
such that 7d = 1 mod 24. While this is not very straight forward, there
are computational short cuts available. At any rate, this computation
has to be carried out once per a pair of keys. We can simply try
d=1,2,3,.... and thereby find that for d=31 we have 7*31=217 = 24*9 + 1 =
1 mod 24.
Now we can check if this works. Let`s pick a plaintext M=17, and encrypt it to ciphertext C = 177= 410,338,673 = 11,723,962*35+3 = 3 mod 35.
The recipient will decrypt the ciphertext 3 as follows M=331= 3*(35)6. We compute 35= 243 = 33 mod 35 and continue: (332)3= (1089)3. But 1089 = 4 mod 35, so M = 3*42=
17 mod 35. So we have encrypted M=17 with encryption key 7 to
ciphertext 3, and decrypted 3 back to 17 using decryption key d=31.
We can exchange between the two keys.
AES by Prof G.Samid (http://wesecure.net/)
AES is the official replacement of DES, highly-regarded, widely used symmetric cipher -- efficient in both hardware and software.
AES is a block cipher with 128 bits blocks. It takes in several size
keys: 128, 192, and 256 bits long. 128 bits is the common standard so
far.
AES inherited a lot from DES. The block configuration, the
encryption-decryption algorithmic reversibility, the concept of
successive rounds, and extended round keys, and of course, the rich use
of transposition and substitution. Yet, AES introduces new complexity
schemes which are designed to increase its security compared to DES.
bird`s view:
The 128 bits of the plaintext block are organized in a 4x4 matrix of 16
bytes (each byte has 8 bits). This matrix is called the `state matrix`.
The fitting is column wise: the 128 bits of the plaintext first fill
the first column in the state matrix, then the second, etc. AES
operation is a succession of modifications to the contents of the state
matrix from its input state to its output state.
AES features between 10 ro 14 rounds of state matrix modification. Each round is comprised of:
The per-round elements operate as follows:
box substitution : each of the 16 bytes of the state matrix is substituted with another value according to a pre-written substitution box (S-box). The S-box is a particular arrangement of all possible 256 bytes in a 16x16 matrix. Each byte in the state matrix is interpreted as follows: the leftmost 4 bits define a row in the S-box, and the four rightmost bits define a column there. This way the contents of a state byte points to some other byte value. That value now substitutes for the value that pointed to it.
shift row permutation: The four rows of the state matrix are now shifted as follows: the first row stays in tact, the second is shifted one byte to the left, where the leftmost byte is recycled to the rightmost position. The third row undergoes the same -- twice, and the 4th row shift byte-wise to the left 3 times.
column substitution: In this operation the value of each byte is substituted by a byte that is a function of all the other bytes in the column. The substitution is based on Gallois 28polynomial operation. Accordingly each byte is interprete as an x8polynomial. The state matrix is being multiplied by a fixed matrix:
2 3 1 1
1 2 3 2
1 1 2 3
3 1 1 2
This way the value of each byte in the output matrix depends on the values of all the other bytes in the column. The byte-wise multiplication (byte from the fixed matrix times byte from the state matrix) is conducted modulu:
x8+ x4+ x3+ x + 1
Key XORing: The state matrix is XORed with 128 bits of key material..
Friday, December 6, 2013
Kerberos
-->Dog in Greek mythology guarding gates of hell Software used in a network to establish user’s identity.
-->Uses symmetric key encryption
-->Users/systems are given tickets that can be used to identify themselves to other systems and secret crypto keys are provisioned for secure communications.
-->Three components: Key Distribution Center (KDC), Authentication Service (AS) exchange, and Ticket granting Service (TGS) exchange.
-->Four basic steps:
a. KDC knows secret keys of all clients and servers on network;
b. KDC initially exchanges information with the client and server by using
the secret keys;
c. Kerberos authenticates a client to a requested service on a server
through the TGS, and by issuing temporary symmetric session keys for
communications between the client and KDC, the server and the KDC,
and the client and server; and
d. Communication then takes place between client and server using those
temporary session keys.
-->Uses symmetric key encryption
-->Users/systems are given tickets that can be used to identify themselves to other systems and secret crypto keys are provisioned for secure communications.
-->Three components: Key Distribution Center (KDC), Authentication Service (AS) exchange, and Ticket granting Service (TGS) exchange.
-->Four basic steps:
a. KDC knows secret keys of all clients and servers on network;
b. KDC initially exchanges information with the client and server by using
the secret keys;
c. Kerberos authenticates a client to a requested service on a server
through the TGS, and by issuing temporary symmetric session keys for
communications between the client and KDC, the server and the KDC,
and the client and server; and
d. Communication then takes place between client and server using those
temporary session keys.
Viruses:
1. Program virus — attacks files that contain computer code
2. Boot virus — attacks boot sector on hard or floppy disk
3. System virus — attacks BIOS command and other system files
4. Polymorphic virus — changes as it replicates
5. Multipartite virus — infects in more than one place
6. Macro virus — contained in data files (word documents)
Hacker,Expert Hacker,Ethical hacker,Cracker,Phreaker
Hacker: The people who use and create computer software to gain access to information illegally are termed as hackers.
Expert Hacker: The hacker who develops software scripts and codes to exploit the organisation's information asset is termed as ethical hacker.
Ethical Hacker: A person who hacks into a computer network in order to test or evaluate its security, rather than with malicious or criminal intent.
Cracker: An individual who "cracks" or removes the protective mechanism that is designed to prevent unauthorized duplication.
Phreaker: An individual who hacks the public telephone network and gains information from the communication.
Friday, November 1, 2013
OSI ISO MODEL
ISO(International Standards
Organisation)
OSI(Open System Interconnect)
OSI is a model developed by ISO which describes how data from application on one computer can be transferred to an application on another computer.
OSI(Open System Interconnect)
OSI is a model developed by ISO which describes how data from application on one computer can be transferred to an application on another computer.
All People Seem To Need Data Processing.
(Application,Presentation,Session,Transport,Network,DataLink,
Physical Layers.)
(Application,Presentation,Session,Transport,Network,DataLink,
Physical Layers.)
|
The Seven Layers of the OSI Model
|
||
|
Layer
|
Name
|
Description
|
|
1
|
Physical
|
Governs the layout
of cables and devices such as repeaters and hubs.
Eg:-Cables,
connectors, hubs, and repeaters
|
|
2
|
Data Link
|
Provides MAC
addresses to uniquely identify network nodes and a means for data to be sent
over the Physical layer in the form of packets. Bridges and switches are
layer 2 devices.
Eg:- MAC
address, CSMA/CD, switches, and bridges
|
|
3
|
Network
|
Handles routing of
data across network segments.
Eg:-IP, ICMP, ARP,
RIP, IGRP, and routers
|
|
4
|
Transport
|
Breaks information
into segments and is responsible for connection and connectionless
communication.
Eg:-TCP and UDP
|
|
5
|
Session
|
Establishes sessions
between network applications.
Eg:-NetBIOS
|
|
6
|
Presentation
|
Formats the
information so that it is understood by the receiving system.
Eg:-Compression and
encryption depending on the implementation
|
|
7
|
Application
|
Allows applications
to request network services.
Eg:-SMTP, DNS, HTTP,
and Telnet
|
Subscribe to:
Posts (Atom)