Cisco Packet Tracer

 Router Serial Interface explained –

 how to insert Se interface in new router physically

 How to assign IPs over Router’s different Interfaces
 How to assign Clocking for synchronous Transmission b/w two
routers
Message Authentication Codes
 protects against active attacks
 verifies received message is authentic
 contents unaltered (integrity)
 from authentic source
 timely and in correct sequence
 can use conventional encryption
 only sender & receiver have key needed
 or separate authentication mechanisms
 append authentication tag to cleartext message
Message Authentication Codes
Message Authentication Codes
Formula
If 2 Parties say “A” & “B” have shared Secret Key
“KAB” then the required Message Authentication
Code calculation at A & B is:
MACM = MD = F (KAB, M) where;
“F” is the function of the Message & the Key,
“KAB” is the shared Secret KEY between A & B
“M” is the original Message to be sent from A to B
 Message Authentication Codes
Principle
- Receiver B performs exactly the same calculations to generate its
own MACB via same (shared) secret KEY on receiving the
message from A.
- Both Sides of MACs will then be compared for Message &
Sender ‘s Authenticity & Integrity.
- AES is recommended to be used to generate an encrypted
version of Message.
- the last bits of Ciphertext are used as the CODE.
- Typically a 16 or 32 bits code is generated.
Secure Hash Functions
 Secure Hash Functions
(One-Way Hash function)

- An Alternative approach to the Message Authentication code.

- Accepts a variable-size Message “M” as input.
- Produces a fixed-size Message digest “H(M) = h” as output.
- Does not take a Secret Key as input.
- For Message Authenticity, message digest is sent with the
message in such a way that the message digest is authentic.
- Bside Authenticaton, provides INTEGRITY of Data as well.
Message
Auth
using
one-way
Hash
Function
 Hash Function Formula
 If 2 Parties say “A” & “B” have shared Secret
Key “K” then the required Hash Function
(Message Digest) calculation will be:
 Hash/MDM = H (K || M || K ||) where;
 “H” is the function of concatenation of Message & the Key,
 Both “Ks” are the shared Secret KEY between A & B
 “M” is the original Message to be sent from A to B
 Hash Function
Principle
- Sender A calculates the hash function by formula,
MDM = H (K || M || K ||).
- Finally sends {M || MDM} to part B (Receiver).
- B recomputes its own H (K || M || K ||) & verifies MDM .
- Note that Secret Key is used as both prefix & suffix.

- As far as the secret key remains secret, it should not be

possible for attacker/hacker to generate/replay/manipulate a false
message.
 Hash Functions
 two attack approaches
 cryptanalysis
• exploit logical weakness in algorithm.
 brute-force attack
• trial many inputs
• strength is proportional to the size of hash code
 SHA most widely used hash algorithm
 SHA-1 gives 160-bit hash
 more recent SHA-256, SHA-384, SHA-512 provide
improved size and security
 HMAC (Hash+Mac)
 It is the variation of “Using Secret Value” Hash Function in which
HASH Function and MAC techniques are combindly used.
 Any cryptographic hash function, such as MD5 or SHA-1, may
be used in the calculation of an HMAC; the resulting MAC
algorithm is termed HMAC-X, where X is the hash function used
(e.g. HMAC-MD5 or HMAC-SHA-1).
 It is the one adopted for IP security (IPSec) ,SSL/TLS (Transport
Layer Security) & SET (Secure Electronic Transaction).
 It has also been specified for SNMPv3/PRTG/MRTG.
HMAC
Public Key Encryption – Asymmetric
Encryption
Public Key Authentication
 Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to
encrypt messages
3. computationally easy for receiver knowing private key to
decrypt ciphertext
4. computationally infeasible for opponent to determine private
key from public key
5. computationally infeasible for opponent to otherwise recover
original message
6. useful if either key can be used for each role
 Public Key Algorithms
 RSA (Rivest, Shamir, Adleman)
 developed in 1977
 only widely accepted public-key encryption algo
 given tech advances need 1024+ bit keys, 1024 & 2048 these days
 Diffie-Hellman key exchange algorithm (Not an Encryption)
 only allows exchange of a secret key
 Digital Signature Standard (DSS)
 provides only a digital signature function with SHA-1
 Elliptic curve cryptography (ECC)
 new, security like RSA, but with much smaller keys
Symmetric vs. Asymmetric Algorithms
 Cryptography algorithms are either symmetric
algorithms, which use symmetric keys (also called
shared secret keys), or asymmetric/public key encry
algorithms, which use diff keys (also called public and
private keys).
 The two different asymmetric keys are mathematically
related. If a message is encrypted by one key, the
other key is required in order to decrypt the message.
 Symmetric vs. Asymmetric
Algorithms.....
 Asymmetric algorithms are slower than symmetric
algorithms because they use much more complex
mathematics to carry out their functions, which
requires more processing time and memory.
 Although they are slower, asymmetric algorithms can
provide authentication and non-repudiation,
depending on the type of algorithm being used.
 Strengths & Weaknesses
Of Asymmetric Encryption
Strengths
 Better key distribution than symmetric systems
 Better scalability than symmetric systems
 Can provide authentication and nonrepudiation
Weaknesses
 Works much more slowly than symmetric systems
 Mathematically intensive tasks
Symmetric Vs. Asymmetric
 Core Cryptographic Processes
Encrytion Confidentiality Authentication
Technique
Symmetric Applicable. Sender Not applicable.
Key encrypts with key
Encryption shared with the
receiver.

Public Key Applicable. Sender Applicable. Sender

Encryption encrypts with (supplicant) encrypts with
receiver’s public own private key. Receiver
key. Receiver (verifier) decrypts with the
decrypts with the public key of the true party,
receiver’s own usually obtained from the
private key. true party’s digital certificate.
 Asymmetric key cryptography uses two
separate keys: one private and one public.

Locking and unlocking in asymmetric-key cryptosystem

Public Key Encryption for Confidentiality &
Authentication

Raymond R.
Panko
Keys Nature in Asymmetric Senario

It is not possible to encrypt and

decrypt using the same key when
using an asymmetric key encryption
technology because, although
mathematically related, the two keys
are not the same key, as they are in
symmetric cryptography
 Open Message Format
 If authentication is the most important security service to
the sender, then he would encrypt the data with his private
key.
 This provides assurance to the receiver that the only
person who could have encrypted the data is the individual
who has possession of that private key.
 If the sender encrypted the data with the receiver’s public
key, authentication is not provided because this public key
is available to anyone.
 Open Message Format
 Encrypting data with the sender’s private key
is called an open message format because
anyone with a copy of the corresponding
public key can decrypt the message

 Confidentiality is not ensured.

Secure (Close) Message Format
 Ifconfidentiality is the most important
security service to a sender, he would
encrypt the file with the receiver’s public
key.
 This is called a secure message format
because it can only be decrypted by the
person who has the corresponding private
key.
 Public Key Cryptosystems
Applications
Public Key Cryptosystems can be classified into three catogories:
1. Encrption/Decryption (RSA)– The sender encrypts a message with
the recipient’s public Key
2. Digital Signature (HMAC)– The sender signs a message with its
private key. Signing is acheived by cryptographic algorithms.
3. Key Exchange (DF) – two sides cooperate to exchange a session
key. For the purpose several different approaches are possible,
involving the Private Key of one or both parties.
 Public Key Requirements
1. computationally easy to create key pairs (PU – Public Key & PR –
Private Key)
2. computationally easy for sender knowing public key to encrypt
messages - C = E (PUb, M).
3. computationally easy for receiver knowing private key to decrypt
ciphertext – M = D (PRb, C).
4. computationally infeasible for opponent to determine private key
from public key.
5. computationally infeasible for opponent to otherwise recover
original message.
6. useful if either key can be used for each role. i.e, PU/PR for
Encryption and PR/PU for De-cryption.
 Public Key Requirements
cont......
C = E(PUb, M) – (Encrpytion via pub)
Computationally easy for receiver knowing private key to
decrypt ciphertext ;
M = D(PRb, C) – (Decryption via prv)
M = D(PRb, E(PUb, M))
Useful if either key can be used for each role. i.e, PU/PR for
Encryption and PR/PU for De-cryption;
M = D(PUb, E(PRb, M)) = D(PRb, E(Pub, M))
 Public Key Algorithms
 These Algos are based on Mathematical functions
rather than on simple ops on bit patterns.
 RSA (Rivest, Shamir, Adleman)
 developed in 1977
 only widely accepted public-key encryption algo
 given tech advances need 1024+ bit keys
 Diffie-Hellman key exchange algorithm
 only allows exchange of a secret key
 Digital Signature Standard (DSS)
 provides only a digital signature function with SHA-1
 RSA
 RSA (Rivest, Shamir, Adleman)
 It is a Block Cipher in which the Plaintext & Ciphertext
are integers between 0 and n-1 for some “n”
 developed in 1977

 only widely accepted public-key encryption algo

 given tech advances need 1024+ bit keys

 Encryption/Decryption are of the following form

some plaintext block M & ciphertext block C:

Cipher = Me mod n
Message = Cd mod n
 RSA...Conti...
 Both sender & receiver must know the values of “n”
& “e” and only the receiver know the value of “d”
 Algo with a public key of KU = {e, n} & private key of

KR = {d, n}
 Following requirements must be fulfilled:

I. It is possible to find values of e, d, n such that

“Med mod n = M”, for all M < n.
II. It is relatively easy to calculate M e and Cd for all
values of M < n.
III. It is infeasible to determine “d” given “e” and “n”.
Means it can be met for larg values of e & n.
 RSA...Conti...
 RSA Algorithm consists of Following:
 RSA Calculations
 RSA Algorithm Mathematical Calculations:
 STEPS:
Select two prime numbers, p = 17 & q = 11 where p & q both
are prime numbers & p is not equal to q
Calculate n = p.q = 17x11 = 187
Calculate φ(n) = (p – 1)(q – 1) = 160
Select “e” such that e is relatively prime to φ(n) & less than
φ(n): gcd(φ(n), e) = 1 & 1 < e < φ(n)
Say we select e = 7 here.
Determine “d” such that d.e mod φ(n) = 1 and d < φ(n) :
d.e = 1 mod φ(n) & d < φ(n) then;
d.e = φ(n) + 1
d = 161/7= 23
Resulting Keys are public Key PU = { 7, 187} & private Key
PR = { 23, 187}.
RSA Example