What are secret-key and public-key signatures?

- Asymmetric cryptography is often referred to as the public-key cryptography. 

- It is a cryptographic algorithm which makes use of two individual keys namely the secret key and the public key. 

- The secret is kept private and the public key is open. 

- Even though these two keys are different, there is some mathematical link between the two. 

- The key which is used for the encryption of the plain text and verification of the digital signature is the public key. 

- So, the private key is one that is used for the decryption of the cipher text in to plain text or for creation of a digital signature. 

- Both these keys are contrast of each other unlike in the symmetric cryptography where the same key serves both the purposes. 

- The public keys are created based up on some mathematical problems for which presently there is no efficient solution such as the following:

Ø  Elliptic curve relationships

Ø  Discrete logarithms

Ø  Integer factorization

- Generating the public and the private key pair is computationally easy for the users. 

- The strength of the public keys lies in the fact that determining the private key from its public key is computationally in feasible or almost impossible. 

- Thus, without fearing any compromise with the security, the public key can be published whereas the private key is kept hidden from everyone so as not to reveal it to anyone who does not has authorization for performing the digital signatures or reading the messages. 

- Unlike for the symmetric key algorithms, a secure initial exchange of the secret keys is not required for the public key algorithms. 

- In the process of message authentication, a private key is used for processing a message for producing the digital signature. 

- After doing so, the signature can be verified by anyone by processing the value of the signature using the corresponding public key of the signer. 

- The result is then compared with the message. 

- The unmodified nature of the message is confirmed a success signal. 

- Also, it is presumed that the private key of the signer has been kept hidden from the others. 

- However, in practical applications, the message’s digest or hash is encrypted and used as the signature. 

- The fundamental security components of the cryptosystems, protocols and applications are the public key algorithms.

These systems underpin the following internet standards:

Ø  PGP

Ø  GPG

Ø  TLS or transport layer security

- Secrecy as well as Key distribution is provided by some of the public key algorithms such as the Diffie-Hellman key exchange algorithm while some algorithms like Digital signature algorithm provide the digital signature and some others offer both the things.

- An example of such algorithm is RSA. 

- All these algorithms have been widely accepted. 

- A pair of cryptographic keys (i.e., a public key for encryption and a private key for decryption) is provided to each of the users. 

- Similarly, for digital signatures the pair of keys consists of a private key for signing and a public key for verification. 

- The concept of the private key has been introduced so as to ensure the confidentiality. 

- The digital signatures can be verified by anyone possessing the corresponding public key. 

- With such a confirmation it is confirmed the private key is possessed by the sender. 

- This is also a way to confirm that no tampering has been done to the message. 

- If the message has been tampered, it will introduce changes in the encoded message digest. 

- Mail box having a mail slot and a personal wax seal can be taken as an analogy to public – key encryption and digital signatures respectively. 

What are two fundamental cryptography principles?

In this article we shall discuss about the two fundamental principles that govern a cryptographic system. 

1. Redundancy

- Some redundancy must be there in all the encrypted messages. 

- By redundancy here, we mean the information that is not required for understanding the message reducing the chances for a passive intruder to make attacks. 

- Passive intruder attacks involve putting the stolen information to misuse without understanding it. 

- This can be more easily understood by an example of a credit card. 

- The credit card number is not alone sent over the internet rather it is accompanied by other side info such as the DOB of the card holder, its validity date and so on. 

- Including such info with the card number cuts down on the changes for making up the number. 

- Adding a good amount of redundancy prevents the active intruders from sending garbage values and then getting it verified as some valid message. 

- The recipient must be capable of determining whether the message is valid or not by  doing some inspection and simple calculation. 

- Without redundancy the attackers would simply send junk message and the recipient will decode it as a valid message. 

- However, there is a little concern also with this. 

- N number of zeroes must not be put at the beginning or the end of the message for redundancy because such messages become easy to be predicted thus facilitating the crypt analysts work.

- Instead of zeroes, a CRC polynomial can be used because it proves to be more work. 

- Using cryptographic hash might be even better.

- Redundancy has also got a role to play in quantum cryptography. 

- Some redundancy is required in the messages for the bob to determine if the message has been tampered. 

- Repetition of the message twice is a crude form of redundancy.

- If the two copies are found to be identical, the bob states that somebody is interfering with the transmission or there is a lot of noise. 

- But such repetition process to be expensive. 

- Therefore, for error detection and correction the methods used are reed Solomon and hamming codes.

2. Update

- Measures must be compulsorily taken for the prevention of the attacks by active intruders who might play back the old messages. 

- The longer an encrypted message is held by an active intruder, the more is the possibility that he can break in to it. 

- One good example of this is the UNIX password file.

- For anybody who has an account on the host, the password is accessible. 

- A copy of this file can be obtained by the intruders and they can then easily de-crypt the password.

- Also, the addition of the redundancy allows the simplification of the messages’ decryption.

- It must be checked whether the message has been sent recently or is an old one. 

- One measure for doing so is including a time stamp of few seconds in the message. 

- This message then can be saved by the recipient for that many seconds and can be used for comparing with the incoming messages and filtering the duplicates.

- Messages which exceed this time period will be rejected as being too old.

Apart from the above two principles the following are some other principles of cryptography:

Ø Authentication: For ensuring that the message was generated by the sender itself and no one else so that no outsider can claim as being the owner of the message.

Ø Integrity: In cryptography, the integrity of the messages must be preserved while sending the message from one host to another. This involves ensuring that the message is not altered on the way. Using cryptographic hash is a way to achieve this.

Ø  Non-repudiation

What is a substitution cipher method?

There are two classic methods for cryptography namely transposition cipher method and the substitution cipher method. In this article we shall discuss about the latter one i.e., the substitution cipher method. 

- This method of encoding involves replacement of the units or letters of the plain text with some other units or letters. 

- The encoded text is then called as the cipher text. 

- The replacement of the units is made based up on some regular system. 

- These units might be individual letters, pairs or triplets of letters and so on. 

- On the receiver’s side, an inverse substitution is required for deciphering the text. 

- We can make a comparison between the transposition ciphers and the substitution ciphers. 

- In the former ciphers, the plain text units are rearranged unlike in substitution cipher where units are replaced.

- The order of rearrangement in the transposition ciphers is somewhat more complex than what is followed by the substitution ciphers and the units are not changed.

- On the other side, the sequence of the units remains same in the substitution cipher but they are themselves altered. 

There are various types of substitution cipher as mentioned below:

Ø  Simple substitution ciphers: 

- This involves substitution of the single letters and thus has been termed as the simple substitution. 

- The alphabet can be written out in some order so as to represent the substitution.

- This alphabet is referred to as the substitution alphabet. 

- This alphabet might be revered or shifted or scrambled in some complex manner. 

- In such cases, it is termed as the deranged alphabet or the mixed alphabet. 

- The creation of the mixed alphabets involves writing out a keyword while removing the repeating letters and then rewriting the leftovers in the same sequence. 

- For avoiding the transmission errors, the cipher text is written in block form and the spaces and the punctuation are omitted. 

- This also helps in creating disguises for the boundaries between the words.

Ø Homophonic substitution: 

- This method is followed for increasing the difficulty for the frequency analysis attacks. 

- The frequencies of the letters of the plain text are disguised by homophony. 

- Here the letters of the plain text are mapped to many symbols of the cipher text. 

- Normally the plain text symbols with highest frequencies are mapped with more equivalents when compared to their low frequency counterparts. 

- This leads to the flattening of the frequency distribution which in turn raises the difficulty of frequency analysis. 

- For the invention of larger alphabets a number of solutions are employed. 

- The simplest of these solutions is using a numeric substitution alphabet. 

- Another method uses the variations of the existing alphabet i.e., writing it upside down, or in upper case and lower case etc. 

- Nomenclature is also a variant of the homophonic substitution. 

- The other two types of homophonic ciphers namely straddling checker board and book cipher.

Ø Polyalphabetic substitution: 

- It involves the use of the multiple cipher alphabets. 

- For the facilitation of the encryption process, these alphabets are written out in a big table which is referred to as the tableau. 

- The particular poly alphabetic cipher is defined by the method with which the tableau is filled and the alphabet is chosen. 

- Some types of the polyalphabetic ciphers are:

             1. Beaufort cipher

             2. Gronsfeld cipher

             3. Running key cipher

             4. Autokey cipher

Ø  Polygraphic substitution: 

Here the letters of the plain text are substituted in terms of large groups instead of individual letter substitution.

Ø Mechanical substitution ciphers: 

Some examples of this type of substitution ciphers are enigma, rotor cipher machines etc.

Ø The one-time pad: 

This one is a special substitution cipher which has been proven that it is unbreakable mathematically.

What is Traditional Cryptography?

- Cryptography is the practice that involves study and application of the techniques for making communication secure with the adversaries or the third parties. 

To be more general, it involves construction and the analyzation of the protocols for overcoming the impact of the adversaries and other aspects concerning the information security such as the following:

Ø  Data confidentiality

Ø  Data integrity

Ø  Authentication

Ø  Non – repudiation

- The modern cryptography in contrast to the traditional cryptography intersects the computer science, mathematical and the engineering disciplines. 

There are various applications of cryptography as in the following:

Ø  ATM cards

Ø  Computer passwords

Ø  Electronic commerce

- The traditional cryptography was synonymous with the process of encryption which involves converting the information which is in readable state to such a state in which it appears like utter nonsense. 

- The one who generated the encrypted message also shared the technique for decoding the message only with the desired recipients, thus the unwanted people are precluded from doing so.

- Cryptography is in use since the World War I and the methods that were used then now have become so complex and eventually its application increased. 

- Modern cryptography’s foundation is based up on the computer science and the mathematical theory. 

- The designing of the cryptographic algorithms is done around the computational hardness assumptions. 

- In practice, this makes these algorithms quite hard to break by any third party. 

- However, theoretically it is possible to break in to such a system but for doing so any known practical means are in-feasible.

- That is why, all these schemes are considered to be computationally safe and secure. 

For the following, the continuous adaptation of these methods is required:

Ø  Improvements in the algorithms for the integer factorization.

Ø  Faster computing technology.

- Also, there are schemes that are information – theoretically secure and even with unlimited computing power, these schemes cannot be broken.

- One such scheme is one time pad. 

- Also, the implementation of these schemes is also quite difficult when compared to the schemes that are computationally secure but are theoretically breakable. 

- Traditionally cryptography referred only to the encryption which involves conversion of the ordinary info in to cipher text or unintelligible text. 

- The reverse process of this is decryption. 

- The pair of algorithms that carry out these two processes is called the cipher. - Each instance of the operation of the cipher is controlled by a key which is kept secret between the communicants. 

- The purpose of this key lies in decryption of the cipher text. 

- Earlier the encryption and the decryption process were carried out directly by the ciphers without involvement of any integrity or authentication checks. 

- Before the advent of the modern cryptography, the traditional cryptography was known to be concerned only with the message confidentiality i.e., converting the message from comprehensible text in to incomprehensible text and vice versa. 

- The message was thus unreadable for the eavesdroppers and the interceptors without key. 

- For ensuring the secrecy in the communications, the encryption process was used. 

- But now the field expands far beyond the confidentiality issues.

- It now consists of techniques for authentication and message integrity checking, secure computation techniques, interactive proofs, digital signatures and so on. 

- Earlier two types of classical ciphers were used namely substitution ciphers and the transposition ciphers. 

- The former type involved replacing the letters by some other letters.

- The transposition ciphers involved rearrangement of the letters. 

- Some examples of early ciphers are caeser cipher, atbash cipher etc. 

- The early ciphers were assisted by some other physical aids and devices. 

- Eventually more complex ciphers could be developed with the development of the digital computers. 

- Any kind of data that could be represented in binary format could be encrypted.

What is link encryption method?

- Link encryption method is one of the classic methods used in the digital communications for the application of the crypto.

- Link encryption method has been designed for hiding the secrets and preventing the forgery of data. 

- It is quite a simple concept that has been discussed here and it fits for all the types of existing applications and software used in the communication.  

- Even though this method does not works well enough for most of the applications, it is the simplest of all. 

- Link encryption method is a security measure that should be used only if your security objectives match with those of the link encryption method. 

- It is commonly used in the applications where a boundary has to be maintained between the internal users and the external users. 

- With the link encryption it gets easy for the internal users to share data whereas it is just the opposite for the external users. 

- It provides transparent protection except for the separation that is maintained between the two classes of the users. 

Below we mention some security objectives that can be met with the link encryption:

Ø  Maintaining confidentiality: Our systems of course store very sensitive data. While exchanging the data with other systems, it is required that the risk of leakage involved should be as minimum as possible.

Ø  Communication with the outsiders: Obviously, we do not want to share our data with the unwanted outsiders and unauthorized sites and so we want these to be blocked. Such exchanges should be prevented from happening even by carelessness or accident.

Ø  Hiding data traffic: As much as possible we want our data and its details to be shielded from the outsiders. This data might contain information about the destination host and other info necessary for communication control. However, here it is assumed that the information will not be leaked by the insiders.

Ø  Familiarity and safety: We rank these two factors above the cost.

Ø  Protection of the data transfers: We need protection for our data against any sort of tampering or forgery by the outsiders during the transition. An assurance is important.  This objective is unconditionally met by this link encryption method.

- From security standpoint, a design is yielded by the link encryption that is highly reliable. 

- If in your organization some security parameter has been established that is strong enough, link encryption is the best technique for its maintenance. 

- A strict control is kept over the flow of physical documents through this security parameter. 

- The link encryption provides a complementary protection for the flow of the electronic documents. 

- We can have an environment with every data link that traverses the boundary having encryptors. 

- The documents will be kept within the parameter limits. 

- The data leaving the parameter will be protector by means of the encryptors. 

- Link encryption method is being used since years in banking organizations and military communications for providing secure links. 

- The link encryption uses the in-line encryptors as its building blocks.

- This hardware devices takes plain text and converts it into cipher text.

The encryptors have their own vulnerabilities as mentioned below:

Ø  Rewrite attacks: It is also known as the plain-text attack, it is used for forging the messages. Few crypto algorithms are vulnerable to these attacks.

Ø  Replay attacks: Most of us think that the encrypted data is self-validating and so by matching the encryptor with its keys a sensibly de-crypting message can be generated. Since the encrypted data is accessible to the outsiders, they can also access the message that decrypts sensibly.

Ø  Covert signaling attacks: This attack is based on the idea that there is always a way to leak info if there exists an internal process that tries to do so. 

How can firewalls secure a network?

Firewalls in computer systems are either software based or hardware based. But they have the same purpose of keeping a control over the incoming as well as the outgoing traffic. 

In this article we discuss about how the network is secured by the firewalls. 

- This control is maintained through the analyzation of the data packets. 

- After analyzation, the firewall’s work is to determine whether to allow these packets to pass or not. 

- This decision is taken based up on some set of rules.

- With this set of rules, a barrier is established by the firewall between the external network that is not considered as secure and trusted and the internal network which is secure and trusted. 

- Most of the personal computer’s operating systems come with a built-in software based firewall for providing protection against the threats from external networks. 

- Some firewall components might also be installed in the intermediate routers in the network. 

- Also some firewalls have been designed to perform routing as well.

There are different types of firewalls which function differently.This classification of the firewalls is based up on the place where the communication is taking place i.e., whether at the network layer or the application layer.

Packet filters or network layer: 

- Firewalls used at the network layer are often termed as the packet filters. 

- This firewall operates at low level of the protocol stack of the TCP/ IP and so does not allow the packets to pass through it unless they satisfy all the rules. 

- These rules might be defined by the administrator of the firewall. 

- These firewalls can also be classified in to two categories namely the stateless firewalls and the state-ful firewall. 

- The former kind use less memory and operates faster in the simple filters, thus taking less time for filtering. 

- These firewalls are used for filtering the stateless network protocols i.e., the protocols which do not follow the session concept. 

- These firewalls are not capable of making complex decisions based up on the state of the communication. 

- The latter kind maintains the context of the active sessions. 

- This state info is used by these firewalls for speeding up the packet processing. 

- A connection is described using any of the properties such as the UDP or TCP ports, IP addresses and so on. 

- If a match is found between an existing connection and the packet, it is allowed to pass. 

- Today firewalls have capabilities of filtering the packets based up on attributes like IP addresses of source and destination hosts, protocols, originator’s netblock, TTL values and so on.

Application layer Firewalls: 

- Firewalls of this type work on the TCP/ IP stack’s application level. 

- All the packets traveling in and out of the application are intercepted by this firewall. 

- This leads to blocking of the other packets also. 

- Firstly, all the packets are inspected for any malicious content for preventing the outspread of the Trojans and worms. 

- Some additional inspection criteria might be used for adding some extra latency to the packet forwarding. 

- This firewall determines whether a given connection should be accepted by a process. 

- This function is established by the firewalls by hooking themselves in to the socket calls for filtering the connections. 

- These application layer firewalls are then termed as the socket filters.

- There way of working is somewhat similar to the packet filters except that the rules are applied to every process rather than connections. 

- Also, the rules are defined using the prompts for those processes that have not been provided with a connection. 

- These firewalls are implemented in combination with the packet filters.

What are the security problems faced by a network?

Making mistakes concerning the network security is very common. The same mistakes are repeated again and again. These problems cannot be solved without changing our working methods. In this article we discuss about some common security problems that are faced by a network.

ØUsing weak and non-complex passwords for accessing the network: 

- Brute forcing is an old school exploit to which many of the system network administrators are open to. 

- The very famous captcha technology has been implemented for correcting this vulnerability of the network security passwords. 

- In the common captcha, the user is required to type in the digits or the letters that are displayed on the screen in some sort of distorted image. 

- This technology has been designed to prevent the network to be accessed by unwanted internet bots.

- However, this is not as safe as it looks. 

- It just gives a false sense to the network admins for countering the brute forcing. 

- Complex password is the solution for this problem. 

- For creating a complex password, more than seven characters need to be combined with special characters and numbers. 

- Apart from the creation of the complex passwords, a password expiration system has to be implemented. 

- This system is for reminding the users for changing their passwords. 

- Also, care should be taken regarding the reuse of the passwords. 

- Cycling of the passwords should not be allowed.

Ø Using server application or software that is outdated: 

- The patches are released by the companies from time to time for ensuring that the system does not become vulnerable to the various threats. 

- Also, new exploits and threats are posed by the hackers that can harm the network if the patches are not properly used. 

- For ensuring the network administrator is kept informed of the new threats, the software or the applications have to be updated regularly.  

Ø Web cookies: 

- Even though the viruses and malware cannot be introduced in to the network through cookies, these cookies can be tracked by some third party cookies for compiling the records of the browsing histories of the individuals. 

- The cookies that are not encrypted pose a major threat because they make the system vulnerable to the cross site scripting (XSS) attacks, thus putting your privacy at risk. 

- The open cookies can provide access to the cookies with the log-in data which can be used by hackers for intruding in to your systems. 

- The solution to this problem is to use the encrypted cookies along with an encoded expiration time. 

- The admins might ask the users to re-log-in before accessing important network directories.

Ø Plain hashes: 

- Hashing is the technique used for indexing and retrieval purposes in the database. 

- In most of the encryption algorithms, the plain hashes are mostly used. 

- A type of encryption is the salt that might be added to the hashes for making the creation of a look-up table that might assist the brute force or directory attacks extremely difficult or let’s say almost impractical. 

- But this works only when large salt is used. 

- Usually a pre-computed look up table might not be used by the attacker in exploitation of the network. 

- This makes the network security system even more complex.

- So even if the attacker is able to break into your system, he won’t be able to access the information from the database. 

- The encryption key should be kept hidden.

Ø Shared web hosting: 

- This service is used by the websites that reside on one same server. 

- Each site is given its own partition. 

- This is economically feasible for most of the systems. 

- But here if the attacker breaches in to system of one website, he can get into other website’s security systems too. 

What are the differences between inter-network routing and intra-network routing?

- The individual networks when combined together form the inter-network. 

- Intermediate inter networking devices are used for making connections between them. 

- All these networking elements combine to work as single large unit. 

- The creation of the internetworking has been made possible because of the packet switching technology. 

- The router is the most common and important device used for performing inter-network routing and intranetwork routing.

- Routing across various networks in the inter network is termed as internetwork routing and routing within the same network is termed intranetwork routing. 

In this article we discuss about the differences between internetwork routing and intranetwork routing. 

- Just like inter-network, intranetwork also uses IP (internet protocol) technology for computing services and sharing information. 

- But what makes it different from internetworking is that it is limited to some organization whereas internetwork extends beyond all i.e., it is not limited.

- Or we can put it in other words: Internetwork is spread across organizations and Intranetwork lies within an organization. 

- In some cases, the term intranetwork might mean only the internal website of the organization, but in other cases it might be a larger part of the IT infrastructure of the organization. 

- Sometimes, it may span over a number of LANs (local area networks). 

- The intranetwork is driven by the goal of minimizing the time, effort and cost of the individual’s desktop in order to make it more competitive, cost efficient, timely as well as productive.

- An intranetwork is capable of hosting multiple websites that are private to organizations and may even constitute an important part of the collaboration and communication between the members of the organization. 

- Intranetwork also makes use of various well known protocols such as the FTP, SMTP and HTTP. 

- The intranets are often incorporated with the technologies for lending a modern interface to the systems that host the corporate data. 

- These systems are known as the legacy systems. 

- We can see intranetwork to be a private analog of the internetwork. 

- It means the internetwork has been simply extended to an organization for its private use. 

- Extranetworks are a modified version of the intranetworks.

- Here, the website might be accessed by the non-members i.e., the suppliers, customers or some other approved third parties and so on. 

- Intranetworks are well equipped with a special protocol called the AAA protocol. 

- The 3 As stand for authentication, authorization and accounting. 

- There are a number of organizations who are concerned about the security of their intranetworks. 

- They have deployed a firewall and a network gateway for controlling the access to their services. 

- The intermediate systems when connect together form the internetwork whereas they may bound together a part of the internetwork which might be an intranetwork. 

- The intranetwork routing involves routing between two routers which lie in the same network whereas in internetwork routing, routing is done between routers which reside across different networks. 

- Intranetwork routing is quite easy when compared to the internetwork routing. 

- Protocols used in both the types of routing are different.

- Interior gateway protocol is responsible for routing in the intranetworks whereas the exterior gateway protocol takes the responsibility of routing across the internetwork. 

- Most common example of interior gateway protocol is the OSPF or the open shortest path first protocol. 

- And most common example of exterior gateway protocol is the border gateway protocol or BGP. 

- Also, the routing graphs for both the types are different. 

- In the intranetwork’s graph, all the routers are simply linked to one another in the same network. 

- There is less mess.

- On the other hand, the inter network’s graph is quite tedious. 

- This is so because routers of different networks have to be inter-linked with one another.