Unit-4

1-User Authentication And Kerberos:-

Kerberos provides a centralized authentication server whose function is to authenticate
users to servers and servers to users. In Kerberos Authentication server and database is
used for client authentication. Kerberos runs as a third-party trusted server known as the
Key Distribution Center (KDC). Each user and service on the network is a principal.

The main components of Kerberos are: 

 Authentication Server (AS): 
The Authentication Server performs the initial authentication and ticket for
Ticket Granting Service.  
 Database: 
The Authentication Server verifies the access rights of users in the database.  
 Ticket Granting Server (TGS): 
The Ticket Granting Server issues the ticket for the Server 

 Step-1: 
User login and request services on the host. Thus user requests for ticket-granting
service. 
 Step-2: 
Authentication Server verifies user’s access right using database and then gives
ticket-granting-ticket and session key. Results are encrypted using the Password of
the user. 
 
 Unit-4

 Step-3: 
The decryption of the message is done using the password then send the ticket to
Ticket Granting Server. The Ticket contains authenticators like user names and
network addresses. 
 
 Step-4: 
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the
request then creates the ticket for requesting services from the Server. 
 
 Step-5: 
The user sends the Ticket and Authenticator to the Server. 
 
 Step-6: 
The server verifies the Ticket and authenticators then generate access to the service.
After this User can access the services. 
Kerberos Limitations
 Each network service must be modified individually  for use with Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability
 Unit-4

2-certificate based authentication

Authentication is the process of establishing that you are who you claim to be: that
you are authentically you. Certificate-based authentication is the process of
establishing your identity using electronic documents known as digital certificates.

How certificate-based authentication works

Certificate-based authentication servers use certificates and single sign-on (SSO) to
authenticate a user, machine, or device. Authentication is performed through the
interaction of public keys, private keys, and certificate authorities (CAs).
The process is generally as follows:
 
1. A user makes a request to access a protected resource.

2. The server presents its certificate to the browser, and the browser validates the
public certificate.

3. An authentication request is made from the server for the user to authenticate
themselves.

4. While the user is being authenticated, the browser presents the user’s certificate to
the server for validation.

5. The server authenticates the user’s identity and allows access to the network.
 Unit-4

Why use certificate-based authentication?

There are many benefits to using certificate-based authentication:

Increased security. Traditional username and password combinations are among the least
secure forms of authentication. Often, these passwords are easy to guess and are stored in
an insecure manner, such as written down on sticky notes. Certificate-based authentication
is a much stronger form of authentication and eliminates vulnerable passwords. Eliminating
passwords also decreases the possibility of phishing or brute force attacks from bad actors.
Streamline authentication. Certificates allow users to be authenticated without having to
remember several username and password combinations. Users often spend considerable
time guessing and resetting passwords when they have many to remember. Certificate-
based authentication decreases friction for the end user while increasing employee
productivity.
Ease of deployment. Unlike other authentication methods like one-time passcode (OTP)
tokens or biometrics, certificates are stored on the device locally and are implemented
without needing any extra hardware. Certificate-based authentication also makes access
control very simple.

Certificate-Based Authentication Benefits

 Simplifies the authentication process. CBA doesn’t require hard-to-remember or

confusing passwords for the client. When employees don’t need to remember
passwords, it’s easier for authorized users to access privileged services and sites.
Additionally, this reduces IT support costs and employee frustration.
 Reduces insecure password practices. Post-it notes with passwords left on a
desk and shared account logins become a relic of the past.
 Password attacks like brute force and rainbow table are no longer a
threat. With no user passwords, there’s no brute force target for hackers.
 Phishing-resistance. By eliminating passwords that can be phished, intercepted,
stolen, shared or compromised in other ways, organizations can shut down another
very common attack vector.
 Extensible to external users. CBA makes it easy to roll certificates out to users
outside the organization who may need access to the network, such as independent
contractors, partners, vendors, and freelancers. They won’t need much additional
training or any additional software either.
 Responsive to change. Because certificates are managed centrally, actions such
as issuance or revocation will enact an associated response to the corresponding
access immediately.
 Unit-4

3-biometric based authentication

What is biometric authentication?

Biometric authentication is a security process that relies on the unique biological
characteristics of individuals to verify they are who they say they are. Biometric
authentication systems compare physical or behavioral traits to stored, confirmed,
authentic data in a database. If both samples of the biometric data
match, authentication is confirmed. Typically, biometric authentication is used to
manage access to physical and digital resources, such as buildings, rooms and
computing devices.

Biometric authentication methods

The following technologies can be used to digitally identify people or grant
them permission to access a system:

 Chemical biometric devices

o DNA (deoxyribonucleic acid) matching uses genetic material to

identify a person.

 Visual biometric devices

o Retina scans identify subjects by analyzing the pattern of blood

vessels at the back of their eyes.

o Iris recognition uses a picture of the iris to identify people.

o Fingerprint scanning identifies people based on their fingerprints.

o Hand geometry recognition verifies identity or authorizes

transactions using a mathematical representation of the unique
characteristics of people's hands. This is done by measuring the
distances between various parts of the hand, including finger length,
finger breadth and the shape of the valleys between the knuckles.

o Facial recognition relies on the unique characteristics and patterns

of people's faces to confirm their identity. The system identifies 80
 Unit-4

nodal points on a human face, which make up numeric codes

called faceprints.

o Ear authentication verifies identity based on users' unique ear

shape.

o Signature recognition uses pattern recognition to identify

individuals based on their handwritten signature.

 Vein or vascular scanners

o Finger vein ID identifies individuals based on the vein patterns in

their finger.
 Unit-4

4-single Sign on(SSO) approach.

Single Sign On (SSO) is an authentication scheme where users can securely authenticate and
gain access to multiple applications and websites by only logging in with a single username
and password.

For example
logging in to your Google account once will allow you to access Google applications such as
Google Docs, Gmail, and Google Drive.

Without SSO solution, the website maintains a database of login credentials – username and
passwords. Each time the user login to the website, it checks the user’s credentials against
its database and authenticates the user.
How does SSO work ?

 User enters login credentials on the website and the website checks to see if the
user has already been authenticated by SSO solution. If so, the SSO solution would
give the user access to the website. Otherwise, it presents the user with the SSO
solution for login.
 The user enters username and password on the SSO solution.
 The user’s login credentials are sent to SSO solution.
 The SSO solution seeks authentication from the identity provider, such as an Active
Directory, to verify the user’s identity. Once the user’s identity is verified, the
identity provider sends a verification to the SSO solution.
 The authentication information is passed from the SSO solution to the website
where the user will be granted access to the website.
 Unit-4

 Upon successful login with SSO, the website passes authentication data in the form
of tokens as a form of verification that the user is authenticated as the user
navigates to a different application or web page.

Advantages of SSO :
These are advantages for users, for businesses.
For Users –
 Risk of access to 3rd party sites are mitigated as the website database do not store
the user’s login credentials.
 Increased convenience for users as they only need to remember and key in login
information once.
 Increased security assurance for users as website owners do not store login
credentials.
For Businesses –
 Increase customer base and satisfaction as SSO provides lower barrier to entry and
seamless user experience.
 Reduce IT costs for managing customer’s username and passwords.
 Unit-4

Briefly explain the design principles of block cipher.

What is Block Cipher

Block cipher is an encryption method which divides the plain text into
blocks of fixed size. Each block has an equal number of bits. At a time,
block cipher operates only on one block of plain text and applies key on it
to produce the corresponding block of ciphertext.

Block Cipher Principles

A block cipher is designed by considering its three critical aspects which
are listed as below:

1. Number of Rounds
2. Design of Function F
3. Key Schedule Algorithm

1. Number of Rounds

The number of rounds judges the strength of the block cipher algorithm. It
is considered that more is the number of rounds, difficult is for cryptanalysis
to break the algorithm.

It is considered that even if the function F is relatively weak, the number of

rounds would make the algorithm tough to break.

2. Design of Function F

The function F of the block cipher must be designed such that it must be
impossible for any cryptanalysis to unscramble the substitution. The
criterion that strengthens the function F is it non-linearity.

More the function F is nonlinear, more it would be difficult to crack it. Well,
while designing the function F it should be confirmed that it has a good
avalanche property which states that a change in one-bit of input must
reflect the change in many bits of output.

3. Key Schedule Algorithm

It is suggested that the key schedule should confirm the strict avalanche
effect and bit independence criterion.
 Unit-4

Block Cipher Modes of Operation

There are five important block cipher modes of operation defined by NIST.
These five modes of operation enhance the algorithm so that it can be
adapted by a wide range of applications which uses block cipher for
encryption.

1. Electronic Code Book Mode

2. Cipher Block Chaining Mode
3. Cipher Feedback Mode
4. Output Feedback Mode
5. Counter Mode

Diagram
 Unit-4

architecture ip security
IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header). IPSec Architecture includes protocols, algorithms,
DOI, and Key Management. All these components are very important in order
to provide the three main services:

 Confidentiality
 Authentication
 Integrity
IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general concepts,

definitions, protocols, algorithms, and security requirements of IP Security technology.

2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality service.

Encapsulation Security Payload is implemented in either two ways:

 ESP with optional Authentication.

 ESP with Authentication.
 Unit-4

Packet Format:

 Security Parameter Index(SPI): This parameter is used by Security Association. It is

used to give a unique number to the connection built between the Client and Server.
 Sequence Number: Unique Sequence numbers are allotted to every packet so that
on the receiver side packets can be arranged properly.
 Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
 Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
 Next Header: Next header means the next payload or next actual data.
 Unit-4

What are the honey port? KDC IN details

What is a honeypot?
A honeypot is a network-attached system set up as a decoy to lure cyber attackers and
detect, deflect and study hacking attempts to gain unauthorized access to information
systems.

Types of honeypots
Based on design and deployment, there are two main types of honeypots:
production and research.

1. Research honeypots perform close analysis of hacker activity and aim

to discover how hackers develop and progress in order to learn how to
better protect systems against them

2. Production honeypots are usually deployed inside production

networks alongside production servers; the honeypot acts as a decoy,
drawing intruders away from the production network as part of the
intrusion detection system (IDS).

Honeypots can be classified as pure, high-interaction or low-

interaction:

3. Pure honeypots are full-fledged production systems that monitor a

honeypot's link to the network. They are the most complex and
difficult to maintain, but they also appear most realistic to attackers,
complete with mock confidential files and user information.

4. High-interaction honeypots imitate the activities of the production

systems, hosting a variety of services and capturing extensive
information. The goal of a high-interaction honeypot is to entice an
attacker to gain root -- or administrator-level -- access to the server
and then monitor the attacker's activity.

5. Low-interaction honeypots simulate the most common attack

vectors on the network: the ones services attackers frequently
request. Therefore, they are less risky and easier to maintain. They
do not point malicious users to the root system. 
 Unit-4

There are several types of specialized honeypot technologies,

such as the following:

 Malware honeypots. These are honeypots that mimic malware attack

vectors -- places that malware attacks and replicates.

 Spam honeypots. These can detect the methods of spammers, monitor

their activity and block spam.

 Database honeypots. These create decoy databases to mislead

attackers using methods that are sometimes missed by firewalls,
like Structured Query Language (SQL) injections.

 Client honeypots. These actively seek out malicious servers behind

client attacks instead of passively waiting for connections. They use
virtualization to establish themselves on the server and watch for
suspicious modifications to the honeypot.

Benefits and risks of honeypots

Honeypots provide significant benefits, but they also come with
disadvantages and risks.

Benefits

 Real data collection. Honeypots collect data from actual attacks and

other unauthorized activities, providing analysts with a rich source of
useful information.

 Fewer false positives. Ordinary cybersecurity detection technologies

generate alerts that can include a significant volume of false positives,
but a honeypot reduces the number of false positives because there is
no reason for legitimate users to access the honeypot.

 Cost-effectiveness. Honeypots can be good investments because they

only interact with malicious activities and do not require high-
performance resources to process large volumes of network traffic
looking for attacks.
 Unit-4

 Encryption circumvention. Honeypots capture malicious activity, even

if an attacker is using encryption.
Disadvantages

 Limited data. Honeypots only collect information when an attack

occurs. Zero attempts to access the honeypot means there is no data to
analyze.

 Isolated network. Malicious traffic that has been captured is only

collected when an attack targets the honeypot network; if attackers
suspect a network is a honeypot, they will avoid it.

 Distinguishable. Honeypots are often distinguishable from legitimate

production systems, which means experienced hackers can often
differentiate a production system from a honeypot system using system
fingerprinting techniques.
Diagram
 Unit-4

Euler theorem
Euler's theorem is a generalization of Fermat's little theorem handling with powers of
integers modulo positive integers. It increase in applications of elementary number
theory, such as the theoretical supporting structure for the RSA cryptosystem.
This theorem states that for every a and n that are relatively prime −
aϕ(n)≡1(modn)aϕ(n)≡1(modn)
where ϕϕ(n) is Euler's totient function, which counts the number of positive integers
less than n that are relatively prime to n.
Consider the set of such integers −
R = {x1, x2, … xϕϕ(n)}, i.e., each element xi of R is unique positive integer less than n
with ged(xi, n) = 1. Then multiply each element by a and modulo n −
S = {(ax1mod n), (ax2mod n), … (axϕϕ(n)mod n)}
Because a is relatively prime to n and x i is relatively prime to n, axi must also be
relatively prime to n. Therefore, all the members of S are integers that are less than
n and that are relatively prime to n.
There are no duplicates in S.
If axi mod n and n = axj mod n then xi = xj
Therefore,
Πϕ(n)i=1(aximodn)=Πϕ(n)i=1xiΠi=1ϕ(n)(aximodn)=Πi=1ϕ(n)xi
Πϕ(n)i=1axi≡Πϕ(n)i=1xi(modn)Πi=1ϕ(n)axi≡Πi=1ϕ(n)xi(modn)

aϕ(n)x[Πϕ(n)i=1xi]=Πϕ(n)i=1xi(modn)aϕ(n)x[Πi=1ϕ(n)xi]=Πi=1ϕ(n)xi(modn)

aϕ(n)≡1(modn)aϕ(n)≡1(modn)
Euler Totient Function
Euler’s Totient function is the mathematical multiplicative functions which count the
positive integers up to the given integer generally known as as ‘n’ that are a prime
number to ‘n’ and the function can be used to understand the number of prime
numbers that exist up to the given integer ‘n’.
Euler’s Totient function is also called as Euler’s phi function. It plays an essential
role in cryptography. It can discover the number of integers that are both smaller
than n and relatively prime to n. These set of numbers defined by Z∗nZn∗ (number
that are smaller than n and relatively prime to n).
Euler’s totient function is beneficial in several ways. It can be used in the RSA
encryption system, which can be used for security goals. The function deals with the
prime number theory, and it is beneficial in the computation of large calculations
also. The function can be utilized in algebraic computation and simple numbers.
The symbol used to indicate the function is ϕ, and it is also known as phi function.
The function includes more theoretical use instead of practical use. The sensible
requirement of the function is limited.
 Unit-4

The function can be better understood through the several practical examples
instead of only theoretical explanations. There are several rules for computing the
Euler’s totient function, and for different numbers, different rules are to be used.
The Euler totient function ϕϕ(n) calculates the number of elements in Z∗nZn∗ with
the help of the following rules −
 ϕϕ(1) = 0.
 ϕϕ(P) = P − 1 if P is a Prime.
 ϕϕ(m x n) = ϕϕ(m) x ϕϕ(n) if m and n are relatively prime.
 ϕϕ(Pe) = Pe − Pe−1 (if P is a prime. )
The following four rules can be combined to obtain the value of ϕϕ(n), factorize n as
n=Pe11xPe22x⋅⋅⋅Pekkn=P1e1xP2e2x⋅⋅⋅Pkek
ϕ(n)=(Pe11−Pe1−11)(Pe22−Pe2−12)x⋅⋅⋅x(Pekk−Pek−1k)