Cryptography and Network Security Pearson Instant Learning Series ITL Education Solutions Limited Research and Development Wing New Delhi CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd ii 88//33//22001111 33::4488::0055 PPMM Copyright © 2012 Dorling Kindersley (India) Pvt. Ltd Licensees of Pearson Education in South Asia No part of this eBook may be used or reproduced in any manner whatsoever without the publisher’s prior written consent. This eBook may or may not include all assets that were part of the print version. The publisher reserves the right to remove any material present in this eBook at any time. ISBN 9788131764527 eISBN 9788131797662 Head Office: A-8(A), Sector 62, Knowledge Boulevard, 7th Floor, NOIDA 201 309, India Registered Office: 11 Local Shopping Centre, Panchsheel Park, New Delhi 110 017, India CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd iiii 88//33//22001111 33::4488::0066 PPMM Contents Preface v 1. Overview of Network Security 1 2. Cryptography and Finite Fields 9 3. Symmetric-key Ciphers 24 4. Symmetric-key Algorithms 45 5. Number Theory 65 6. Asymmetric-key Algorithms 76 7. Message Authentication and Hash Functions 91 8. Digital Signatures and Authentication Protocols 111 9. Network Security 129 10. System Security 167 Index 185 CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd iiiiii 88//33//22001111 33::4488::0066 PPMM This page is intentionally left blank. CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd iivv 88//33//22001111 33::4488::0066 PPMM Preface Today, the Internet has undoubtedly become the largest public data network that facilitates personal and business communications worldwide. The amount of traffic moving through the Internet as well as corporate networks is growing day by day. More and more people are communicating via e-mails, branch offices are using the Internet to remotely connect to their corporate networks and most com- mercial transactions such as shopping, bill payments and banking are also being done through the networks. Due to growing dependency of users, businesses and organizations on computer networks, it has become important to protect the information being exchanged from various security attacks. In addition, the confidentiality, authenticity and integrity of the messages moving across the networks must be ensured. This is where network security is important. Network security is a set of protocols that facilitates the use of networks without any fear of secu- rity attacks. The most common and traditional technique used for providing network security is cryp- tography, which is a process of transforming messages into an unintelligible form before transmitting and converting them back to the original when received by the receiver. However, with the evolution of cryptography and network security disciplines, more practical and readily available applications such as Kerberos, Pretty Good Privacy (PGP), IPSec, Secure Socket Layer (SSL), Transport Layer Security (TLS) and firewalls have developed to implement the network security. Keeping in mind the importance of network security, almost all universities have integrated the study of cryptography and network security in B.Tech. (CSE and IT), MCA and MBA courses. The book in your hands, Cryptography and Network Security, in its unique easy-to-understand question-and-answer format directly addresses the need of students enrolled in these courses. The book comprises questions and their corresponding answers on the basic issues to be addressed by cryptography and network security capability as well as practical applications that are being used for providing network security. The text has been designed to make it particularly easy for students to understand the principles and practice of cryptography and network security. An attempt has been made to make the book self-contained so that students can learn the subject by themselves. The organized and accessible format allows students to quickly find questions on specific topics. The book Cryptography and Network Security is a part of series named Pearson Instant Learning Series (PILS), which has a number of books designed as quick reference guides. Unique Features 1. Designed as a student friendly self-learning guide, the book is written in a clear, concise and lucid manner. 2. Easy-to-understand question-and-answer format. 3. Includes previously asked as well as new questions organized in chapters. 4. All types of questions including multiple-choice questions, short and long questions are covered. CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd vv 88//33//22001111 33::4488::0066 PPMM 5. Solutions to numerical questions asked at examinations are provided. 6. All ideas and concepts are presented with clear examples. 7. Text is well structured and well supported with suitable diagrams. 8. Inter-chapter dependencies are kept to a minimum. 9. A comprehensive index at the end of the book for quick access to desired topics. Chapter Organization All the questions–answers are organized into ten chapters. A brief description of these chapters is as follows: (cid:2) Chapter 1 provides an overview of basic concepts of network security. It discusses the need, goals and principles of network security as well as different kinds of attacks on computer systems and network. It also gives a brief idea of security services and security mechanisms. (cid:2) Chapter 2 introduces the concept of cryptography, which is the most common technique used for providing network security. It describes important mathematical principles that are central to the design of ciphers. The chapter further discusses modular arithmetic, which is the fundamental concept to understand the working of ciphers. It also discusses the concept of cryptanalysis and various cryptanalysis attacks. (cid:2) Chapter 3 deals with symmetric-key ciphers. It starts with a discussion on traditional symmetric- key ciphers that include various substitution ciphers such as additive, shift, multiplicative, affine, autokey, Playfair, Vigenere and Hill cipher and transposition ciphers. Then, the discussion moves on to two important categories of ciphers, namely stream and block ciphers. The chapter also includes a brief discussion on Shannon’s theory of diffusion and confusion. Finally, the chapter concludes with a discussion on product ciphers proposed by Shannon, and the two categories of product ciphers, namely Feistel and non-Feistel ciphers. (cid:2) Chapter 4 concentrates on the symmetric-key algorithms, which include Data Encryption Standard (DES) and Advanced Encryption Standard (AES). The chapter presents a detailed study on the design and analysis of DES. It also explains the general structure and the key expansion algorithm of AES. (cid:2) Chapter 5 is based on the number theory, which provides a mathematical background required to understand the asymmetric-key cryptography. It covers several important concepts related to prime numbers such as Fermat’s theorem, Euler’s totient function, Euler’s theorem, Miller–Rabin algorithm and Chinese Remainder theorem. (cid:2) Chapter 6 deals with asymmetric-key algorithms, which include RSA, Diffie–Hellman algorithm, ElGamal encryption system and Elliptic curve cryptography (ECC). (cid:2) Chapter 7 focuses on message authentication mechanisms used to ensure that the integrity of the received message has been preserved. It explains various authentication functions and message authentication code (MAC). It also gives a detailed description of standard hash functions such as MD5, SHA-1 and Whirlpool. The chapter also spells out the concept of birthday attacks against hash functions. (cid:2) Chapter 8 familiarizes the reader with the concept of digital signatures, and presents the essential properties and requirements of digital signatures, possible attacks on digital signatures and vari- ous digital signature schemes including RSA, ElGamal and DSS. The chapter then shifts its focus on authentication protocol and discusses its two categories, namely mutual authentication and one-way authentication. CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd vvii 88//33//22001111 33::4488::0066 PPMM (cid:2) Chapter 9 presents the working principle of Kerberos protocol, X.509 authentication service and its certificates. The chapter also describes the security at the application layer covering PGP and S/MIME, security at the transport layer covering SSL and TSL, and security at the network layer describing IPSec. (cid:2) Chapter 10 provides a description on system security, covering the concepts of intrusion preven- tion and detection, Honeypots, malicious software, viruses, digital immune system, behaviour- blocking software, firewalls and trusted systems. Acknowledgements (cid:2) Our publisher Pearson Education, their editorial team and panel reviewers for their valuable contributions toward content enrichment. (cid:2) Our technical and editorial consultants for devoting their precious time to improve the quality of the book. (cid:2) Our entire research and development team who have put in their sincere efforts to bring out a high-quality book. Feedback For any suggestions and comments about this book, please feel free to send an e-mail to [email protected]. Hope you enjoy reading this book as much as we have enjoyed writing it. ROHIT KHURANA Founder and CEO ITL ESL CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd vviiii 88//33//22001111 33::4488::0066 PPMM This page is intentionally left blank. CCRRYYPPTTOOGGRRAAPPHHYY__FFMM..iinndddd vviiiiii 88//33//22001111 33::4488::0066 PPMM 1 Overview of Network Security 1. What is the need for network security? Explain its goals. Ans.: During the last two decades, computer networks have revolutionized the use of information. Information is now distributed over the network. Authorized users can use computer networks for sending and receiving information from a distance. People can also perform various tasks such as shopping, bill payments and banking over a computer network. This implies that the computer net- works are nowadays used for carrying personal as well as fi nancial data. Thus, it becomes important to secure the network, so that unauthorized people cannot access such sensitive information. For secure communication, there are some basic goals of network security that should be achieved. These are as follows: (cid:2) Confi dentiality: This refers to maintaining the secrecy of the message being transmitted over a network. Only the sender and the intended receiver should be able to understand and read the mes- sage, and eavesdroppers should not be able to read or modify the contents of the message. To achieve confi dentiality the message should be transmitted over the network in an encrypted form. (cid:2) Integrity: Any message sent over the network must reach the intended receiver without any modifi cation made to it. If any changes are made, the receiver must be able to detect that some alteration has happened. Integrity can be achieved by attaching a checksum to the message. This checksum ensures that an attacker cannot alter the message and, hence, that integrity is preserved. (cid:2) Availability: Information created and stored by an organization should be available all the time to authorized users, failing which the information ceases to be useful. Availability is also equally important for organizations, because unavailability of information can adversely affect an organi- zation’s day-to-day operations. For example, imagine the status/service of a bank if its customers are unable to make transactions using their accounts. 2. What are the principles of network security? Ans.: The principles of network security include c onfi dentiality, integrity, availability, nonrepu- diation, access control and authentication . (cid:2) Confi dentiality: Refer previous question. (cid:2) Integrity: Refer previous question. CCRRYYPPTTOOGGRRAAPPHHYY__CChh0011..iinndddd 11 88//33//22001111 33::4411::5533 PPMM