Network Security, Cryptography and Attacks

Questions and Answers

Which of the following is NOT a primary goal of network security?

• Ensuring message integrity during transit.
• Keeping the transmitted message contents confidential.
• Verifying the identity of communicating parties.
• Maintaining uninterrupted network uptime. (correct)

Which security measure is best suited for preventing eavesdropping?

• Cryptographic checksums.
• Firewalls.
• Intrusion detection systems.
• Encryption. (correct)

What is the purpose of cryptographic checksums or hash functions in network security?

• To encrypt message contents.
• To authenticate endpoint identities.
• To prevent denial-of-service attacks.
• To ensure message integrity. (correct)

Which of the following methods is LEAST effective for endpoint authentication in digital communication?

Visual recognition. (D)

Which of the following security measures is primarily designed to control network access and protect against malware infiltration?

Firewalls. (C)

Which type of attack involves an intruder sniffing and recording messages?

Eavesdropping. (C)

What does the concept of 'message tampering' refer to in the context of network security?

Modifying, inserting, or deleting messages. (C)

Which security measure aims to disguise data so unauthorized users cannot access it?

Cryptography. (C)

In cryptography, what is the purpose of using secret keys with publicly known encryption methods?

To prevent unauthorized decryption. (A)

In symmetric key encryption, what is a fundamental requirement for secure communication between two parties?

Both parties share the same secret key. (C)

What is a major vulnerability of the Caesar cipher?

It is vulnerable to frequency analysis. (D)

How does a polyalphabetic cipher improve upon a monoalphabetic cipher?

By using multiple monoalphabetic ciphers in a repeating pattern. (D)

What is the primary characteristic of a block cipher?

It divides plaintext into fixed-size blocks and encrypts each block separately. (D)

Which of the following is a method to improve block ciphers by introducing randomness and preventing identical plaintext blocks from producing identical ciphertext blocks?

Cipher-Block Chaining (CBC). (B)

In a ciphertext-only attack, what type of information does the attacker have access to?

Only the encrypted message. (A)

What is the key innovation of the Diffie-Hellman Key Exchange?

Establishing a shared key over an insecure network. (C)

In RSA cryptography, what is the purpose of the public key?

To encrypt messages. (B)

What is a session key and how is it typically used with RSA?

A temporary key encrypted by RSA, then is used to encrypt the bulk of communication via symmetric encryption. (D)

What primary function does a cryptographic hash function serve in ensuring message integrity?

Creating a fixed-size output from a variable-size input. (B)

What key property must a cryptographic hash function possess to prevent message forgery?

Collision resistance. (C)

What is the purpose of salting a password before hashing it?

To add randomness and prevent rainbow table attacks. (A)

What additional element do Message Authentication Codes (MACs) add to a hash function for improved security?

A shared secret key. (B)

Which of the following is a significant challenge associated with using MACs?

Secure key distribution. (D)

How do digital signatures provide non-repudiation?

By ensuring only the sender can generate a valid signature. (A)

In digital signatures, what role do hash functions play in improving efficiency?

By creating a fixed-length 'fingerprint' of the digest. (D)

What is the main difference between MACs and digital signatures in terms of key usage?

MACs use a shared secret key, while digital signatures use public-private key pairs. (D)

In the context of public key certification, why is using a Certificate Authority (CA) important?

To verify the public key belongs to a specific entity. (B)

In Authentication Protocol AP4.0, what security measure is used to ensure that the user is 'live' and prevent replay attacks?

A nonce (one-time random number). (B)

Which of the following options corresponds to the correct order of steps that Alice undertakes to send a message confidentially using cryptography?

Hashes Message, Signs Hash, Encrypts message (B)

Flashcards

Confidentiality

Ensuring only the sender and receiver understand the message content.

Message Integrity

Ensuring message content remains unaltered during transit.

End-point Authentication

Verifying the identity of the other communicating party.

Operational Security

Protecting networks from attacks like malware and DoS.

Eavesdropping

Sniffing and recording messages.

Message Tampering

Modifying, inserting, or deleting messages.

Security Attacks

Data theft, impersonation, session hijacking and DoS.

Cryptography

Disguising data to protect information from unauthorized users.

Caesar Cipher

Algorithm that shifts each letter by k positions in the alphabet.

Monoalphabetic Cipher

Each letter in the plaintext is substituted with a fixed, but random letter

Block Ciphers

Divides plaintext into fixed-size k-bit blocks and encrypts each block separately.

Data Encryption Standard (DES)

Uses 64-bit blocks with a 56-bit key.

Advanced Encryption Standard (AES)

Uses 128-bit blocks and supports 128, 192 and 256 bit keys

Cipher-Block Chaining (CBC)

Improves block ciphers by adding randomness.

Ciphertext-Only Attack

Attacker has access only to encrypted messages.

Known-Plaintext Attack

Attacker knows plaintext and corresponding ciphertext.

Chosen-Plaintext Attack

Attacker can choose plaintext and obtain corresponding ciphertext.

Diffie-Hellman Key Exchange

Method for two parties to establish shared key over insecure network.

Public-key cryptography

Each user has public key available to everyone and private key known to owner only.

RSA algorithm

Used for secure communication. Relies on difficulty of factoring prime numbers.

Session keys

Temporary, randomly generated key used for single communication session.

Message integrity

Technique that verifies a message originated from claimed sender, hasn't been tampered with.

Hash Function

Computes fixed-size from an input, infeasible to find two messages x and y where H(x)=H(y)

Message Authentication Code (MAC)

Uses a shared secret key between sender and receiver.

Sender authentication

Ensures messages are from real sender and have not been altered.

Digital Signatures

Integrity, authenticates sender, relies on asymmetric. Uses public-private keys.

Public Key Certification

Verifies entity's identity, certificate contains entity's identifier, signed by private key.

Endpoint Authentication

Verifying one entity's identity to another over a network.

Password-Based Authentication

Uses shared secret for auth, encrypted message is sent to bob.

Encrypted Password Auth

Alice sends password to Bob, Bob decrypts, verifies validity.

Study Notes

Network Security Basics

• Only the intended receiver and sender should be capable of understanding the message contents
• Encryption makes intercepted messages unreadable by unauthorized parties
• Ensure that communication content remains unaltered during transit
• Checksums and hash functions help provide message integrity
• End-point Authentication: Digital communication uses passwords, digital certificates and cryptographic challenges to verify identities Networks are subject to attacks like:
  • Malware infiltration
  • Data breaches
  • Network reconnaissance
  • DoS attacks
• Firewalls and intrusion detection systems are necessary to protect infrastructure

Intruders and Common Attacks

• Eavesdropping: Sniffing and recording messages
• Message Tampering: Modifying, inserting, or deleting messages
• Security Attacks: Data theft, impersonation, session hijacking, and DoS

Principles of Cryptography

• Cryptography disguises data from unauthorized users, ensuring confidentiality and integrity
• A sender encrypts plaintext into ciphertext, and the recipient decrypts it
• Modern systems use public encryption methods with secret keys to prevent decryption
• Alice uses a key to transform a plaintext message into ciphertext
• In symmetric key encryption, Alice and Bob share a secret key
• Public key encryption uses a key pair: one public and one private

Symmetric Key Cryptography and Historical Ciphers

• Discusses symmetric key cryptography from historical ciphers to block cipher techniques Caesar Cipher:

  • Shifts each letter by 'k' positions in the alphabet
  • Easily broken with only 25 possible shifts

• Monoalphabetic Cipher:

  • Each plaintext letter maps to a fixed, random letter
  • More secure than Caesar cipher but vulnerable to frequency analysis

• Polyalphabetic Cipher:

  • Uses multiple monoalphabetic ciphers in a repeating pattern
  • Harder to crack than basic ciphers but breakable with pattern analysis

Block Ciphers

• Modern encryption: plaintext is divided into fixed-size blocks
• A one-to-one transforms plaintext into ciphertext
• Data Encryption Standard (DES): 64-bit blocks with a 56-bit key
• Advanced Encryption Standard (AES): 128-bit blocks with up to 256-bit keys

Block Cipher Operation

• Input: 64-bit plaintext block

  • Splitting: Input is divided into eight 8-bit segments
  • Transformation: Each segment undergoes transformation using substitution, permutation, etc
  • Reassembly: The transformed values are recombined through scrambling
  • Bit Mixing: Applies a permutation to shuffle to strengthen the encryption
  • Iteration: The above steps are repeated to ensure a secure encryption
  • Output: Delivers a 64-bit ciphertext, with new transformations and scrambling operations

• Cipher-Block Chaining (CBC):

  • Introduces randomness to prevent identical blocks from producing identical ciphertext
  • An Initialization Vector (IV) is XORed with the first plaintext block before encryption
  • Each ciphertext block modifies the next plaintext block

Attack Methods

• Ciphertext-Only Attack: The attacker uses the encrypted message only
• Known-Plaintext Attack: Uses known plaintext and ciphertext pairs to deduce encryption patterns
• Chosen-Plaintext Attack: Chooses plaintext and obtains corresponding ciphertext to easily break encryption

Symmetric vs Public Key Cryptography

• Shared secret key that both parties use to secure communication
• In 1976, Diffie and Hellman introduced the Diffie-Hellman Key Exchange:
  • Made it possible two parties to establish a key over an insecure network with public key cryptography
  • The user requires both a public and private key

Public Key Use

• Public key: available to everyone
• Private key: known only to the recipient
• Alice sends an encrypted message to Bob using Bob's public key
• Bob decrypts it using his private key, ensuring security
• Verifying a messages authenticity requires digital signatures

RSA Key Generation

1. Choose two prime numbers, P and Q
2. Compute n = p*q
3. Compute euler q = (p-1)(q-1)
4. Select 'e'
5. Message Encryption: C = m^e mod n
6. Message Decryption: M = c^d mod n

• Named after inventors Ron Rivest, Adi Shamir, and Leonard Adleman
• Based on modular arithmetic and the difficulty of factoring prime numbers

RSA Process

• Key Generation (Bob's Setup):
  • Bob chooses two large prime numbers p and q, computes n and z
  • Bob decides upon encryption exponent e with public and private key
• Encryption (Alice to Bob):
  • Converts message into an integer, computes ciphertext
  • Alice sends to Bob
• Decryption (Bob's Process):
  • Bob computes to recover the message

RSA Properties

• Relies on the (me)d mod n = m property
• RSA is computationally expensive
• Efficient session keys are used in combination with symmetric key cryptography like AES
• Depends on factoring large numbers although quantum computing may create risks

Alternative Algorithms

• Diffie-Hellman is another public-key method
• Used for establishing session keys rather than encrypting full messages

Principles of Cryptography and Message Integrity

• Message integrity or authentication ensures a message is from the claimed sender with no tampering during transmission
• Used in network protocols
• Cryptographic hash functions play a key role in ensuring message authentication

Cryptographic Hash Functions

• Hash Function: Computes a fixed-size output H(m) from an input m
• Cryptographic Hash Requirement: Difficult to find messages x and y where H(x) = H(y)
• Prevents message forgery by ensuring an attacker cannot replace a message with the same hash

Weakness of Checksums

• A small change in the message can result in the same checksum
• Easily tampered message

Stronger Hash Functions

• Cryptographic hash functions like MD5 and SHA-1 ensure security MD5 Hash Algorithm (RFC 1321):
  • Creates a 128-bit hash using:
    • Padding (adding bits)
    • Appending message length
    • Initializing an accumulator and processing in rounds
• SHA-1 (FIPS 1995, RFC 1320):
  • A 160-bit hash that offers better security and is a federal hashing standard

Message Authentication Code (MAC)

• Provides integrity which makes sure data is not altered during transmission

• Shared secret key is used between the sender and receiver to improve security

• The sender creates a message while a shared secret key is appended where a has is computed Steps:

  • The sender creates a message m, appends the shared secret s, and computes a hash H(m + s) (the MAC)
  • The sender sends (m, H(m + s)) to the Bob
  • Bob computes and verifies if the message is authentic and matches

• HMAC is the most common standard, using MD5 or SHA-1 and applies hashing twice for added security

• A challenge with MACs is the need for distributing secure keys in networking

Message Authentication Codes

• MACs ensure message integrity and authenticity
• A legitimate sender is confirmed through a shared secret key to generate a valid MAC
• Digital signature is a cryptographic technique used in the physical world
• A signature authentifies and verifies the integrity of a digital document which is non forgeable

Digital Signature Concepts

• Public-Key Cryptography – Digital signatures rely on asymmetric encryption

• The individual has a private key and a corresponding public key

  • Signing a Document – The individual uses his private key to generate a signature
  • Verification – Anyone can verify the signature using public key K+B
    • The guarantee: Only user with Private key can generate the signature therefore is verifiable

• Integrity - If the document is altered, the signature becomes invalid

Hashing and Digital Signature Effectiveness

• Digital signatures use hash functions
• Key Steps:
  • Bob computes a hash of the message, H(m)
  • Bob encrypts with his private key to create a digital signature
  • Bob then sends both the original message (plaintext) and the digital signature to Alice
  • Alice applies the digital signature using Bobs public key

Comparison: Digital Signatures vs. MACS

• MAC: Uses a shared secret key and a hash function
• Digital Signatures: Use asymmetric encryption
• Digital Signatures: Used in PGP for message integrity
• MACS: Used in OSPF and other network security mechanisms
• With hash functions security becomes efficient by using hash functions

Public Key Certification

• Public key certification ensures that a public key belongs to a specific entity
• The pizza prank is an example in which key isnt what it seems

To prevent key attacks a Certification Authority is necessary

• Certification Authority (CA) verifies an entity's identity before issuing a digital certificate
• Certificate contains:
  • Entity public key
  • Identifying info
  • Digitally signed by CA
• Standards for CAs:
  • ITU X.509: Defines authentication services and certificate syntax
  • RFC 1422: Establishes key management architecture for secure mail

Endpoint Authentication

• Endpoint Authentication verifies one entitys identity to another over a network, by exchanging messages and data
• Ensures the claimed identity is authentic

Authentication Protocol AP2.0

• The client authenticates their well-known IP address Attack/Weakness:
  • Attackers are able to forge IP diagrams sending them through the network with modified or false info

Security protocol AP3.0

• A password based authentication using commonly used platforms like Gmail, Facebook etc
• Data is sent to a device for verification via login information Weakness:
  • Information can be intercepted if an attacker gains access

Security Protocol AP3.1

• An encrypted password authentication to prevent password theft
• Requires both a public and a private key to secure info with Bob able to authenticate via private key

Security Protocol AP4.0

• Addresses replay attacks by using a nonce to make sure a user is live during authentication
• Requires both parties to respond with a correct sequence of requests for validation

Securing E-Mail

• Securing E-Mail requires Cryptography to provide safety

Key Security Features:

1. Confidentiality: Data encryption to prevent unauthorized access to data, through symmetric session keys
2. Sender Authentication / Message Intergrity: Ensured messages are not altered through hashes
3. Combining Confidentiality, Authentication, & Integrity

Public Key Certificate

• Public Key Certificates are used to verify a users authenticity
• CA's prevent data from been impersonated or data been stolen

Pretty Good Privacy (PGP)

• Pretty Good Privacy (PGP) is an e-mail encryption that ensures message security and integrity
• Verificaitons also required to ensure only trusted connections are used

Securing TCP Connections: TLS

• Ensures data is transported in a secured way with encryption, and authentication between hosts
• A modified version of TCP secured from data attacks and fraudulent sites
• TLS secures data by using HTTPs which offers API for Developers

Introduction to TLS: Almost TLS

• Ensure confidentiality and integrity through 3 phases
  • Handshake
  • Key deriviation
  • Data transfer

TLS: Handshake Phase

• Establishes a secure session client and remote-host
• TCP initiates the remote connection through the client authenticating its user
• The master secret is exchanged for both parties to ensure connection

TLS: Key Derivation Phase

• Instead of having two hosts directly connect, the keys are separated to create a safe connection
• Encryption:
  • Encryption key and authentication key are used to verify HMAC is the coding used to ensure these processes stay in place

TLS: Data Transfer Phase

• Data transfer is verified through the encryption algorithm
• To prevent data been replayed on the server TLS assigns a sequence on each message to avoid duplication

TLS Hacking

• TLS does not mandate specific encryption algorithms Steps for Authentication:
  • Verify the public keys and use an encryption that corresponds to user
  • Key exchange by Alice, server, verifies public keys etc
  • Master the connections of the new users and clients

Protocols from Man in Middle Attacks

• TLS Ensures handshake integrity by avoiding altering list of cryptographic algorithms from Bobs list

TLS protects the internet by - Authentication of the server - Confidentiality from encrypting session keys - Integrity through detections - Replay is non existent because sequences of numbers

IPsec and Virtual Private Networks

• VPN's ensure confidentiality

• Additional Security Services can be introduced to verify both parties.

• IPSec uses two protocols:

  • Authentication headers , and Encapsulation Security Payload
  • Security Associations (SA) is needed to verify secured communication between the two end points

The SA includes:

• Security parameters

• Source connections with key

• Encryptions for algorithms

• In this process the SAD (Security Assocation Database is used to see who to communicate with)

IPsec Datagram

• Ipsec's consist of a tunnel and transport which simplifies understanding
• When receiving original datagram the router is designed to authenticate user before allowing data transfer
• Transofmration includes 3 items: Ep trailer, ESP header, and a new IP

Destination IPSec Protocol

• Identifies the IPsec and detects its protocol Deciphers the codes: Checks for verification, and extraction Forwards its data

The SA has an algorithm, SPD determines the level of traffic

In conclusion The Tunnel modes encrypts everything protecting header

Description

Understanding network security is crucial for protecting digital communications. Encryption ensures confidentiality, while checksums and hash functions maintain message integrity. Networks face various threats, but security measures can protect infrastructure.