Cryptography: Encryption and Decryption – Summary

Cryptography

Cryptography is the science and art of protecting information by transforming it into a secure
format. It involves techniques to:

 Encrypt data (turn readable data into unreadable form) so that only authorized parties
can understand it.
 Decrypt data (turn encrypted data back into readable form).
 Ensure data:
o Confidentiality — only the intended recipient can read it.
o Integrity — data has not been altered or tampered with.
o Authentication — proving the identity of the parties involved.
o Non-repudiation — ensuring a sender cannot deny sending a message.

Cryptography is foundational for secure communications, banking, e-commerce, and much more.

Network Security

Network Security is the practice of protecting computer networks and their data from
unauthorized access, misuse, modification, or attacks. It includes:

 Protecting data as it travels across networks (e.g., internet, private networks).

 Preventing threats like hacking, malware, phishing, denial-of-service attacks.
 Using technologies like:
o Firewalls
o Encryption (cryptography applied to network data)
o Intrusion detection/prevention systems
o Secure protocols (e.g., HTTPS, VPNs)

The goal is to ensure that the network remains available, confidential, and trustworthy for
users.

In short:

 Cryptography: How you secure the data itself.

 Network Security: How you secure the channels and devices through which data moves.
Both are critical and often used together to build safe digital communication systems.

📄 Plain Text vs Cipher Text

 Plain text (clear text): Readable data without protection.

 Encryption: The process of converting plain text into unreadable gibberish (called
cipher text) to hide its content.
 Decryption: Reverses encryption by transforming cipher text back into its original plain
text.

📄 Security Goals in Communication

In application-to-application communication, cryptography helps meet several key security

requirements:

1. Authentication
o Verifies the identity of a user or system.
o Common methods (like name-based or address-based) are weak on their own.
2. Privacy / Confidentiality
o Ensures that only the intended recipient can read the message.
o Achieved through encryption.
3. Integrity
o Confirms that the message was not altered during transmission.
o Techniques like cryptographic hashing help ensure integrity.
4. Non-repudiation
o Guarantees that the sender cannot deny having sent the message.
o Often implemented with digital signatures.

📄 Key Takeaways

 Encryption protects data confidentiality by turning it into cipher text.

 Decryption restores the original data from cipher text.
 Cryptography addresses critical issues: authentication, privacy, integrity, and non-
repudiation, which are essential for secure communication.

Cryptography – Summary
📄 What is Cryptography?
  Cryptography is the science of encryption and decryption of data.
 It ensures that sensitive information can be securely stored or transmitted across
insecure networks (e.g., the Internet) so that only the intended recipient can read it.
 It involves hiding information from unauthorized access.

📄 Academic Context

 Cryptography is considered a branch of:

o Mathematics
o Computer Science
 Closely linked to:
o Information Theory
o Computer Security
o Engineering

📄 Real-World Applications

Cryptography is foundational in:

 ATM card security

 Computer password protection
 Electronic commerce (e.g., online payments)

📄 Types of Cryptographic Algorithms

Cryptographic algorithms can be classified based on how many keys are used for encryption and
decryption:

1. Secret Key Cryptography (SKC)

 Also called symmetric encryption.

 Uses the same key for both encryption and decryption.
 Efficient but requires secure key sharing.

2. Public Key Cryptography (PKC)

 Also called asymmetric encryption.

 Uses a pair of keys:
o Public key for encryption.
o Private key for decryption.
 Enables secure communication without prior key sharing.

3. Hash Functions
  No keys involved.
 Uses a mathematical transformation to convert data into a fixed-length hash.
 Irreversible (one-way), used for:
o Integrity checking
o Digital signatures
o Password hashing

Why Are There Three Encryption Techniques?

There are three major cryptographic techniques:

1. Hash Functions
2. Secret Key Cryptography (Symmetric)
3. Public Key Cryptography (Asymmetric)

The reason for having multiple schemes is that each is optimized for specific applications:

1. Hash Functions

 Ideal for data integrity.

 Even a small change in the input results in a completely different hash.
 Used to verify that a message has not been altered.
 Extremely unlikely for two different messages to have the same hash.

🧪 Use Case: Message integrity verification.

2. Secret Key Cryptography (Symmetric Encryption)

 Best for confidentiality and privacy.

 Same key is used for both encryption and decryption.
 Efficient and fast.
 Often used with session keys (keys created for one-time use).

🧪 Use Case: Fast, secure message encryption.

3. Public Key Cryptography (Asymmetric Encryption)

  Solves the problem of key exchange.
 Involves a key pair: public and private keys.
 Can also ensure:
o Authentication
o Non-repudiation (sender can’t deny sending the message)
 Less efficient for encrypting large messages compared to symmetric encryption (about
1000× slower).

🧪 Use Case: Secure key exchange, digital signatures, identity verification.

📄 Combining Techniques for Secure Communication

In practice:

 Public-key cryptography is used to securely exchange a symmetric session key.

 The session key is then used for fast symmetric encryption of data.
 Hash functions are used to verify integrity of the message.

This hybrid approach ensures:

 Confidentiality
 Integrity
 Authentication
 Efficiency

🧪 Figure 2 likely illustrated this combined application visually.

📄 Diffie-Hellman Key Exchange

📄 Purpose

 A key exchange algorithm that allows two parties (e.g., Alice and Bob) to agree on a
shared secret key over an insecure channel.
 First published public-key algorithm (1976).
 Based on the mathematical difficulty of the discrete logarithm problem.

📄 How It Works (Algorithm Overview)

1. Public Agreement:
 o Choose a large prime number n and a primitive root g such that g < n.

🧪 g is primitive to n if all numbers from 1 to n-1 can be produced as powers of g

modulo n.

2. Private Key Generation:

o Alice chooses a private number x and computes X = g^x mod n
o Bob chooses a private number y and computes Y = g^y mod n
3. Key Exchange:
o Alice sends X to Bob.
o Bob sends Y to Alice.
4. Shared Secret Computation:
o Alice computes KA = Y^x mod n
o Bob computes KB = X^y mod n
o Both compute the same key: g^(xy) mod n

📄 Example (for illustration only, with small numbers)

Let:

 n = 7, g = 3

Alice:

 Picks x = 2
 Sends: X = 3^2 mod 7 = 9 mod 7 = 2

Bob:

 Picks y = 5
 Sends: Y = 3^5 mod 7 = 243 mod 7 = 5

Compute Shared Key:

 Alice: KA = 5^2 mod 7 = 25 mod 7 = 4

 Bob: KB = 2^5 mod 7 = 32 mod 7 = 4
🧪 Shared Key: 4

📄 Key Takeaways
  Each cryptographic method has a distinct role:
🧪 Hash → Integrity
🧪 Secret Key → Confidentiality
🧪 Public Key → Key Exchange, Authentication
 Diffie-Hellman allows secure key sharing without transmitting the secret key.
 Real implementations use very large values for n, g, and private numbers to ensure
security.

Diffie-Hellman Key Exchange

Purpose:
Generate a shared secret key between two parties (Alice and Bob) over an insecure channel.

How it works:

 Alice and Bob agree on a large prime number nnn and a base ggg.
 Alice picks a secret xxx, sends X=gxmod nX = g^x \mod nX=gxmodn to Bob.
 Bob picks a secret yyy, sends Y=gymod nY = g^y \mod nY=gymodn to Alice.
 Both compute the shared key:
o Alice computes KA=Yxmod nK_A = Y^x \mod nKA=Yxmodn
o Bob computes KB=Xymod nK_B = X^y \mod nKB=Xymodn
 Both keys are equal: KA=KB=gxymod nK_A = K_B = g^{xy} \mod nKA=KB
=gxymodn, which becomes their secret key.

Security:

 An eavesdropper (Mallory) can see n,g,X,Yn, g, X, Yn,g,X,Y but cannot easily find xxx
or yyy because of the discrete logarithm problem.
 Therefore, the shared key remains secure.

Note: Diffie-Hellman is for key agreement only, not encryption.

2. RSA Public-Key Cryptography

Purpose:
Used for key exchange, encrypting small blocks of data, and digital signatures.

Key Generation Steps:

1. Choose two large primes ppp and qqq.

2. Compute n=p×qn = p \times qn=p×q.
3. Choose eee (public exponent) relatively prime to (p−1)(q−1)(p-1)(q-1)(p−1)(q−1).
4. Compute ddd (private exponent) so that (ed−1)(ed - 1)(ed−1) is divisible by
(p−1)(q−1)(p-1)(q-1)(p−1)(q−1).
Keys:

 Public key: (n,e)(n, e)(n,e)

 Private key: ddd

Encryption:
C=Memod nC = M^e \mod nC=Memodn, where MMM is the message.

Decryption:
M=Cdmod nM = C^d \mod nM=Cdmodn

Security:
Based on the difficulty of factoring the large number nnn into primes ppp and qqq.

Note: RSA is often used to encrypt symmetric keys (e.g., from Diffie-Hellman) rather than the
full message due to performance.

3. DES (Data Encryption Standard)

Purpose:
Symmetric-key block cipher for data encryption.

Key Size:

 64-bit key length with 56 bits used as the effective key; 8 bits are parity bits for error
checking.

Security:

 Now considered weak due to the small key size vulnerable to brute-force attacks with
modern computing.

Historical Importance:

 Widely used historically but mostly replaced by stronger algorithms like AES today.

Summary Table

Algorithm Type Main Use Security Basis

Diffie- Generate shared secret Discrete logarithm
Public-key (key exchange)
Hellman keys problem
 Algorithm Type Main Use Security Basis
Public-key Encrypt keys, sign Integer factorization
RSA
(encryption/signature) data problem
Brute-force key search
DES Symmetric-key Encrypt data
(weak)

DES (Data Encryption Standard)

Overview:
DES is a symmetric-key block cipher operating on 64-bit blocks with a 56-bit effective key. It
uses 16 rounds of complex permutations and substitutions to encrypt data.

Steps:

1. Initial Permutation (IP):

The 64-bit plaintext block is permuted by rearranging bits according to a fixed table (e.g.,
1st bit goes to 58th position).
2. Split:
The permuted block is split into two 32-bit halves: Left (L0L_0L0) and Right (R0R_0R0
).
3. 16 Rounds of Feistel Operations:
For each round nnn (1 to 16):
o Ln=Rn−1L_n = R_{n-1}Ln=Rn−1
o Rn=Ln−1⊕f(Rn−1,Kn)R_n = L_{n-1} \oplus f(R_{n-1}, K_n)Rn=Ln−1
⊕f(Rn−1,Kn)

Where:

o KnK_nKn is a 48-bit subkey derived from the main 56-bit key via a key schedule.
o fff is the DES cipher function combining expansion, key mixing, substitution, and
permutation:
 Expansion (E): 32-bit Rn−1R_{n-1}Rn−1 expanded to 48 bits by
duplicating certain bits.
 Key Mixing: XOR with 48-bit round key KnK_nKn.
 Substitution (S-boxes): The 48-bit output is divided into eight 6-bit
chunks, each passed through an S-box, producing 4-bit outputs (total 32
bits).
 Permutation (P): The 32 bits are permuted for diffusion.
4. Final Permutation (Inverse IP):
After 16 rounds, L16L_{16}L16 and R16R_{16}R16 are combined and permuted back
by the inverse initial permutation to get the 64-bit ciphertext.

AES (Advanced Encryption Standard) / Rijndael

Overview:
AES (based on Rijndael) is a symmetric block cipher supporting block/key sizes of 128, 192, or
256 bits. It uses multiple rounds of substitution and permutation on a block represented as a 4-
row by Nb-column array (where Nb depends on block size).

Key Parameters:

AES Variant Block Size (Nb) Key Size (Nk) Number of Rounds (Nr)
AES-128 4 (128 bits) 4 (128 bits) 10
AES-192 4 (128 bits) 6 (192 bits) 12
AES-256 4 (128 bits) 8 (256 bits) 14

Data Representation:

 The block and key are represented as 4xNb byte arrays.

 Example (128-bit block, 192-bit key):

vbnet
CopyEdit
State: Key:
s0,0 s0,1 ... k0,0 k0,1 ...
s1,0 s1,1 ... k1,0 k1,1 ...
s2,0 s2,1 ... k2,0 k2,1 ...
s3,0 s3,1 ... k3,0 k3,1 ...

AES Encryption Process:

1. AddRoundKey:
XOR the state with a round key derived from the cipher key.
2. Rounds: (Repeated Nr−1Nr-1Nr−1 times)
o SubBytes: Byte-by-byte substitution using an S-box (nonlinear byte substitution).
o ShiftRows: Rows are cyclically shifted by different offsets to achieve diffusion.
o MixColumns: Columns are mixed via matrix multiplication over a finite field to
diffuse bytes.
o AddRoundKey: XOR with a round key.
3. Final Round:
Same as above but without the MixColumns step.

SubBytes Transformation (Example)

 Each byte in the state is replaced using a fixed substitution box (S-box).
 For example, an input byte 0x6B (decimal 107) becomes 0x7F (decimal 127) after
substitution.
 The transformation can be represented as:
 si,j′=S-box(si,j)s'_{i,j} = S\text{-box}(s_{i,j})si,j′=S-box(si,j)

AES ShiftRows Transformation

 AES state is represented as a 4-row by Nb-column array of bytes.

 The ShiftRows step cyclically shifts the bytes in each of the bottom three rows to the left
by a fixed offset.
 For AES (Nb = 4, block size 128 bits):
o Row 0: No shift
o Row 1: Shift left by 1 byte
o Row 2: Shift left by 2 bytes
o Row 3: Shift left by 3 bytes

Example:

Row Original After ShiftRows

0 s0,0 s0,1 s0,2 s0,3 s0,0 s0,1 s0,2 s0,3

1 s1,0 s1,1 s1,2 s1,3 s1,1 s1,2 s1,3 s1,0

2 s2,0 s2,1 s2,2 s2,3 s2,2 s2,3 s2,0 s2,1

3 s3,0 s3,1 s3,2 s3,3 s3,3 s3,0 s3,1 s3,2

AES MixColumns Transformation

 This step treats each column of the state as a four-term polynomial over a finite field.
 It mixes the bytes in each column by multiplying the column by a fixed polynomial
matrix.
 MixColumns changes the values within each column but does not change the column
position.
 The operation provides diffusion by combining bytes in the column mathematically.

Mathematically:
si,c′=MixColumns(si,c),i=0..3s'_{i,c} = \text{MixColumns}(s_{i,c}), \quad i=0..3si,c′=MixColumns(si,c
),i=0..3

Where ccc is the column index, and iii indexes rows in that column.

AES Round Key Generation (Key Expansion)

 AES keys can be 128, 192, or 256 bits.

  The key schedule expands the cipher key into multiple round keys, one for each
encryption round plus one initial key.
 The expanded key size depends on key length and number of rounds:

Key Size (bits) Nr (Rounds) Expanded Key Size (bits) Expanded Key Size (32-bit words)

128 10 1408 (128 * (10 + 1)) 44

192 12 1664 (128 * (12 + 1)) 52

256 14 1920 (128 * (14 + 1)) 60

 The original cipher key occupies the first NkNkNk words.

 The key schedule algorithm derives remaining words WiW_iWi to complete the
expanded key.
 The expanded key can be divided into Nr+1 round keys (each Nb words long).

AES AddRoundKey Transformation

 Each round key is XORed with the state array byte-by-byte.

 Since round keys and the state are the same size (Nb columns x 4 rows), this is a simple
bitwise XOR.
 This operation is done before the first round and after every transformation round
(including the final one).

Mathematically:
s′=s⊕RoundKeys' = s \oplus \text{RoundKey}s′=s⊕RoundKey

Message Authentication and Hash Functions

1. Authentication Requirements
To ensure secure communication, message authentication must address threats including:

 Disclosure: Unauthorized access to message contents.

 Traffic analysis: Detecting communication patterns (frequency, size, duration).
 Masquerade: Forging messages or acknowledgments from unauthorized sources.
  Content modification: Altering message contents (insertion, deletion, transposition).
 Sequence modification: Changing the order or presence of messages (insertion, deletion,
reordering).
 Timing modification: Delaying or replaying messages, including replay of entire
sessions.
 Source repudiation: Sender denies sending the message.
 Destination repudiation: Receiver denies receiving the message.

2. Authentication Functions
Message authentication generally relies on producing an authenticator for a message. This can
be done in three main ways:

 Message encryption: Use ciphertext of the entire message as an authenticator.

 Message Authentication Code (MAC): A fixed-length value computed from the
message and a secret key.
 Hash function: A fixed-length hash computed from the message alone.

3. Message Encryption and Authentication

 With symmetric encryption, encrypting a message with a shared secret key ensures
confidentiality.
 The ciphertext can also act as an authenticator because only someone with the key could
have generated it.
 However, encryption alone may not guarantee full authentication properties.

4. Hash Functions
 A hash function HHH maps messages of any length MMM to a fixed-length hash value
h=H(M)h = H(M)h=H(M).
 The hash value is appended to the message and sent.
 The receiver recomputes the hash to verify authenticity.
 Since hash functions themselves are not secret, additional protection is needed (e.g.,
keyed hashes).

Requirements for Hash Functions

A secure hash function must satisfy:

1. Variable input size: Accept any size message.

2. Fixed output size: Produce a fixed-length hash.
3. Efficiency: Easy to compute in hardware/software.
4. One-way property: Given hash hhh, infeasible to find xxx such that H(x)=hH(x) =
hH(x)=h.
5. Weak collision resistance: For given xxx, infeasible to find y≠xy \neq xy =x such that
H(y)=H(x)H(y) = H(x)H(y)=H(x).
6. Strong collision resistance: Infeasible to find any pair x,yx,yx,y with x≠yx \neq yx =y
where H(x)=H(y)H(x) = H(y)H(x)=H(y).

Note: Different literature terms like one-way hash, collision-resistant hash, weak/strong one-way
hash functions vary but relate to these properties.

Importance of These Properties

 The one-way property protects secret values combined with messages.

 Weak collision resistance prevents forgeries by ensuring alternative messages can't
produce the same hash.
 Strong collision resistance protects against birthday attacks (finding any two colliding
inputs).

5. Simple Hash Functions

 Example: XOR all blocks bit-by-bit (longitudinal redundancy check).
 Vulnerable to predictable data patterns.
 Improvement: After processing each block, rotate the hash value by one bit, then XOR in
the next block.

Process:

1. Initialize hash to 0.
2. For each block:
o Rotate hash left by 1 bit.
o XOR the block with hash.

6. Message Authentication Code (MAC)

  MACs use a secret key KKK with the message MMM to produce a fixed-size
cryptographic checksum:

MAC=C(K,M)MAC = C(K, M)MAC=C(K,M)

 Both sender and receiver share KKK.

 The MAC guarantees authenticity and integrity of the message.

7. Security of Hash Functions and MACs

 Attacks can be grouped into:
o Brute-force attacks: Exhaustive attempts to find collisions or keys.
o Cryptanalysis: Exploiting structural weaknesses in algorithms.

Whirlpool Hash Function

Overview
Whirlpool is a block-cipher-based hash function designed to address traditional drawbacks of
such hash functions and provide strong security with good performance.

Traditional drawbacks of block-cipher-based hash functions:

1. Invertibility: Block ciphers are invertible (not truly randomizing), which may lead to
vulnerabilities.
2. Cipher weaknesses: Underlying block cipher properties can introduce vulnerabilities.
3. Performance: Typically slower than hash functions designed specifically for hashing.
4. Hash length limits: Historically limited to 64-bit blocks (e.g., DES), resulting in weak
hash lengths.

Why Whirlpool?
 Uses a strong block cipher based on AES, which is widely trusted and secure.
 Produces a 512-bit hash, matching the longest SHA hash size.
 Designed to resist common attacks on block-cipher-based hash functions.
 Can be efficiently implemented in both hardware and software.
Security Goals of Whirlpool
For any nnn-bit substring of the output:

 Collision resistance: About 2n/22^{n/2}2n/2 operations are required to find two

messages with the same hash.
 Preimage resistance: About 2n2^{n}2n operations to find a message that hashes to a
given value.
 Second preimage resistance: About 2n2^{n}2n operations to find a different message
with the same hash as a given message.
 Strong resistance to linear and differential attacks — no detectable correlation between
input and output bits.

Note: These goals are based on practical confidence, not formal proofs.

How Whirlpool Works

Given a message split into blocks m1,m2,…,mtm_1, m_2, \ldots, m_tm1,m2,…,mt, Whirlpool
processes as follows:

{H0=initial value (all zeros)Hi=E(Hi−1,mi)for i=1,2,…,tHt=final hash output\begin{cases} H_0

= \text{initial value (all zeros)} \\ H_i = E(H_{i-1}, m_i) \quad \text{for } i = 1, 2, \ldots, t \\ H_t
= \text{final hash output} \end{cases}⎩⎨⎧H0=initial value (all zeros)Hi=E(Hi−1,mi
)for i=1,2,…,tHt=final hash output

Where:

 EEE is the underlying block cipher.

 The encryption key for each round is the previous hash Hi−1H_{i-1}Hi−1.
 The plaintext is the current message block mim_imi.
 The feedforward value is Hi−1⊕miH_{i-1} \oplus m_iHi−1⊕mi.

Processing Steps
1. Padding:
o Message is padded so its length is an odd multiple of 256 bits.
o Padding is always added, even if the message length is already suitable.
o Padding consists of a single 1 bit followed by enough 0 bits to reach the required
length.
 o For example: a 768-bit message is padded to 1280 bits by adding 512 bits.
2. Length append:
o Append a 256-bit block representing the length of the original message (before
padding) as a big-endian integer.
o After this, the total message length is a multiple of 512 bits.
3. Hash state initialization:
o The internal hash state HiH_iHi is an 8x8 matrix of bytes (64 bytes = 512 bits).
o Initially set to all zero bits.
4. Message processing:
o The padded message is divided into 512-bit blocks.
o Each block is processed in sequence using the block cipher EEE with the current
hash state as key.
o After processing all blocks, the final hash matrix HtH_tHt is output as the 512-bit
digest.

Additional Notes
 The internal representation of blocks and state as an 8x8 matrix of bytes supports the
AES-like structure of the underlying cipher.
 Whirlpool’s design makes it suitable for both software and hardware implementations.
 It aims to provide a hash strength competitive with SHA-2 family hash functions.

Lecture on HASH and MAC Algorithms

1. Secure Hash Algorithm (SHA)

 Background:
o Developed by NIST and standardized as FIPS 180 in 1993.
o Revised as FIPS 180-1 in 1995, commonly called SHA-1.
o SHA-1 produces a 160-bit hash value.
o SHA-1 is based on MD4 and specified in RFC 3174.
 Later versions:
o FIPS 180-2 (2002) introduced SHA-256, SHA-384, and SHA-512 with hash sizes
of 256, 384, and 512 bits respectively.
o NIST planned to phase out SHA-1 due to vulnerabilities; collisions can be found
faster than previously thought.
 SHA-512 Hash Generation Process:
o Step 1: Append padding bits so that message length ≡ 896 (mod 1024). Padding
is a 1-bit followed by zeros.
 o Step 2: Append 128-bit block representing the length of the original message.
o Step 3: Initialize eight 64-bit registers as the hash buffer for intermediate and
final hash values.

2. Digital Signatures

 Need for Digital Signatures:

o Message authentication only protects against third parties, not disputes between
sender and receiver.
o Problems:
 Receiver may forge a message.
 Sender may deny sending a message.
 Properties of Digital Signatures:
o Verify author, date, and time.
o Authenticate contents at signing time.
o Verifiable by third parties for dispute resolution.
 Requirements:
o Signature depends on the message.
o Uses information unique to the sender to prevent forgery and denial.
o Easy to produce and verify.
o Computationally infeasible to forge.
o Practical to store digitally.

3. Types of Digital Signatures

 Direct Digital Signature:

o Only sender and receiver involved.
o Signature formed by encrypting the message or its hash with sender’s private key.
o Confidentiality added by encrypting with receiver's public key.
o Weakness: sender can deny sending by claiming key compromise.
 Arbitrated Digital Signature:
o Involves a trusted third party (arbiter).
o Arbiter verifies and timestamps messages.
o Provides stronger protection against repudiation.

4. Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)

 DSS:
o Published by NIST as FIPS 186.
o Uses SHA for hashing.
 o Provides only signature functionality, unlike RSA which can also encrypt.
 DSA Details:
o Based on discrete logarithm problem (hard to solve).
o Uses global public parameters: primes p,qp, qp,q, and ggg.
o User keys:
 Private key xxx (random integer).
 Public key y=gxmod py = g^x \mod py=gxmodp.
o Signing uses random per-message number kkk.
o Signature is two numbers (r,s)(r, s)(r,s).
o Verification uses public keys and signature components.

5. Message Authentication Code (MAC) and HMAC

 MAC:
o Ensures data integrity and authenticity.
o Traditional MACs based on symmetric block ciphers (e.g., DES).
o Hash-based MACs gained popularity due to speed and code availability.
 Why Hash-based MAC (HMAC)?
o Faster in software than block ciphers.
o Easier to replace embedded hash functions if security is compromised.
o Widely standardized and used (e.g., RFC 2104, FIPS 198).
 HMAC Design Objectives:
o Use unmodified existing hash functions.
o Allow easy replacement of hash function.
o Maintain performance.
o Simple key handling.
o Provide strong cryptographic assurances based on underlying hash strength.
 HMAC Structure:
o Treats hash function as a “black box.”
o Uses a secret key mixed with the message before hashing.
o Resilient against attacks if the embedded hash is secure.

Summary:

 SHA family provides secure hash functions of various lengths.

 Digital Signatures add authentication, non-repudiation, and integrity.
 DSA is a widely used digital signature algorithm based on discrete logarithms.
 HMAC offers a strong keyed hash mechanism for message authentication, combining the
speed of hash functions with security of secret keys.
PGP (Pretty Good Privacy) Key Management

PGP uses four types of keys:

 One-time session symmetric keys: Used to encrypt the actual message data quickly.
 Public keys: Used to encrypt session keys and verify digital signatures.
 Private keys: Kept secret by the user, used to decrypt session keys and create digital
signatures.
 Passphrase-based symmetric keys: Protect private keys with a passphrase.

Key Requirements:

1. Generate unpredictable session keys (strong randomness).

2. Support multiple public/private key pairs per user, allowing:
o Key rotation over time.
o Different keys for different groups or enhanced security by limiting data
encrypted under one key.
3. Maintain local storage of own keys and public keys of correspondents.

2. S/MIME (Secure/Multipurpose Internet Mail Extensions)

 S/MIME builds on the MIME email format and uses RSA-based cryptography.
 It is likely to become the industry standard for commercial/organizational email
security, while PGP remains popular for personal use.
 S/MIME is specified by several RFCs (3369, 3370, 3850, 3851).

3. Background on Email Formats

RFC 822

 Defines the standard text message format for email.

 Separates envelope (routing info) and contents (message body).
 The standard covers only contents, including header fields that help create the envelope.

MIME (Multipurpose Internet Mail Extensions)

 Extension to RFC 822 to address SMTP limitations:

1. SMTP cannot transmit binary/executable files directly.
2. SMTP is limited to 7-bit ASCII, so it cannot transmit 8-bit national characters.
3. Size limits on messages.
4. Inconsistent character mappings in SMTP gateways.
5. Limited support for non-text data with X.400 email gateways.
 6. SMTP implementations sometimes violate standards (e.g., line wrapping).
 MIME introduces:
o New header fields (e.g., MIME-Version, Content-Type, Content-Transfer-
Encoding).
o Standard content types for multimedia data.
o Transfer encodings for safe transmission over SMTP.

4. MIME Header Fields

 MIME-Version: Must be 1.0 to indicate compliance.

 Content-Type: Specifies the data type (e.g., text, image, audio).
 Content-Transfer-Encoding: How the message body is encoded for transport.
 Content-ID: Unique identifier for MIME parts.
 Content-Description: Describes non-readable data (optional).

5. Cryptographic Algorithms in S/MIME

 Message Digest: SHA-1 (mandatory).

 Digital Signature Encryption: DSS (mandatory), RSA (recommended).
 Session Key Encryption: RSA (mandatory), Diffie-Hellman (recommended).
 Message Encryption: Triple DES (mandatory), AES and RC2/40 (recommended).
 Message Authentication Code: HMAC with SHA-1 (mandatory).

6. Choosing Encryption Algorithms

Sending agents must:

 Use the recipient’s preferred decrypting capabilities if known.

 Use the last used encryption algorithm if no preferences are known but prior messages
exist.
 Use triple DES by default if no knowledge exists and the sender is willing to risk
incompatibility.
 Use RC2/40 if no knowledge exists and the sender is not willing to risk incompatibility.

7. S/MIME Content Types

 Type Subtype Description
multipart/signed Clear signed message (message + signature)
application/pkcs7-mime signedData Signed S/MIME entity
application/pkcs7-mime envelopedData Encrypted S/MIME entity
application/pkcs7-mime degenerate signedData Entity with only public-key certificates
application/pkcs7-mime compressedData Compressed S/MIME entity
application/pkcs7-signature signedData Signature part of multipart message

8. S/MIME Message Preparation

 Start with a MIME entity (the message or parts of it).

 Add security-related data (algorithm IDs, certificates).
 Process with S/MIME to produce a PKCS object.
 Wrap the PKCS object in MIME format for transmission.

9. S/MIME Certificate Processing

 Uses X.509 version 3 certificates.

 Hybrid of strict X.509 hierarchy and PGP’s web of trust.
 Users/administrators maintain trusted keys and revocation lists locally.
 Certificates signed by certification authorities (CAs).

10. User Agent Responsibilities

 Key generation: Generate strong keys (Diffie-Hellman, DSS mandatory; RSA

recommended) using good randomness.
 Registration: Register public key with a CA to get an X.509 certificate.
 Certificate management: Store and retrieve certificates locally.

11. VeriSign Certificates

 A popular commercial CA providing certificates compatible with S/MIME.

 Issues VeriSign Digital IDs with public key, owner info, expiration, serial number, CA
signature, etc.
 Offers 3 classes of certificates:
o Class 1: Email address verification only.
o Class 2: Verified identity with automated database check and postal confirmation.
 o Class 3: High assurance with notarized identity proof or in-person application.

Trust Models in Cryptography: Summary

Cryptography provides confidentiality and integrity through secret key or public key
mechanisms, but trust is essential to ensure you know who you're communicating with.

Why Trust Matters

 Secret key cryptography (SKC) requires both parties to share a secret key beforehand.
 Public key cryptography (PKC) solves key distribution but doesn't inherently verify
identity.
 How can Alice be sure that the "Bob" she's communicating with is really Bob, and not an
impostor like Mallory?

Three Common Trust Models

1. PGP Web of Trust

 Used by: Pretty Good Privacy (PGP) users.

 Each user maintains a local keyring of trusted public keys.
 Trust is user-defined and decentralized: Alice trusts keys based on her personal
judgment and relationships.
 Trust is not necessarily transitive: Just because Alice trusts Carol, and Carol trusts
Dave, doesn’t mean Alice trusts Dave.
 Keys can be obtained from various sources like email, key servers, or friends.
 There is no central authority; trust is subjective and based on a "web" of user
relationships.

2. Kerberos Authentication Protocol

 Used in: Network authentication, especially in enterprise environments.

 Based on a trusted third party: the Key Distribution Center (KDC).
 The KDC consists of:
o Authentication Server (AS): verifies clients.
o Ticket-Granting Server (TGS): issues service tickets.
 Process:
1. Client authenticates to AS, receives a Ticket-Granting Ticket (TGT).
2. Client uses TGT to request service tickets from TGS.
3. Client presents service tickets to application servers to access services.
 Relies on secret keys shared between hosts and the KDC.
 Kerberos provides centralized trust and scalable key management within a "realm."
 Current version: Kerberos V5 (supports multiple encryption algorithms).

3. Public Key Certificates and Certificate Authorities (CAs)

 Necessary for widespread e-commerce and Internet security.

 Certificates function like a digital driver’s license:
o Identify the holder.
o Bind a public key to an entity.
o State what the holder is authorized to do.
o Have an expiration date.
o Are issued by a trusted authority (CA).
 The CA acts like a trusted third party that signs and validates certificates.
 Certificates include:
o Public key.
o Subject (owner) information.
o Issuer (CA) information.
o Expiration date.
o Digital signature of the CA.
 Browsers and systems maintain a list of trusted root CAs.
 Certificate chains allow one CA to trust another CA’s certificates.
 The most common standard is X.509 Version 3.

Key Takeaways:
 Trust is a fundamental element that underpins secure communication.
 Trust models vary from decentralized (PGP) to centralized (Kerberos and CAs).
 The choice of trust model depends on the application, scalability, and environment.
 Certificates and CAs form the backbone of secure Internet communications today.

RFID Systems: Lecture Summary

What is RFID?
An RFID system is used to identify and track objects wirelessly using radio waves. It mainly
consists of:

1. RFID Tags (Transponders)

 Small data carriers attached to objects.

 Store information such as a unique identifier (ID) and other descriptive properties of the
object.
 Can be passive (powered by the reader’s signal) or active (have their own power source).

2. RFID Readers (Transceivers)

 Devices that read data from RFID tags.

 Some readers can also write data to rewritable tags.

3. Back-end Database

 Stores all data related to tags and business processes.

 Maintains information like tag IDs, object descriptions, reading locations, and
timestamps.

Security in RFID Systems

Symmetric-Key Cryptography in RFID

 Uses shared secret keys between tags and readers.

 Works well in closed environments where keys are well protected.
 A big risk: if keys leak, system security is compromised.

Public-Key Cryptography in RFID

 More suited for open environments with many devices.

 Each tag and reader has a public-private key pair.
 Advantages:
o Prevents eavesdropping during communication.
o Provides digital signatures for mutual authentication.
o Readers do not need to store or search many secret keys, simplifying
management.

Identity-Based Cryptography (IBC) for RFID

  Uses a Private Key Generator (PKG) to manage keys.
 Each reader and tag has a unique identity (ID) stored in memory.
 Key Setup Process:
1. PKG generates a master public key (PU_pkg) and master private key
(PR_pkg).
2. RFID reader authenticates itself to PKG with its identity (ID_re).
3. If authenticated, PKG generates a unique private key (PR_re) for the reader and
sends it along with PU_pkg.
4. RFID tag authenticates to PKG with its identity (ID_ta).
5. If authenticated, PKG generates a unique private key (PR_ta) for the tag and
sends it along with PU_pkg and the reader’s identity.

Why Use Identity-Based Cryptography?

 Simplifies key management.
 Keys are directly derived from identities, reducing the need for certificates.
 Enhances security by ensuring only authenticated readers and tags can communicate.

Lecture on Secure Electronic Transaction

(SET)

What is SET?
Secure Electronic Transaction (SET) is an open security specification designed to secure
credit card transactions over the Internet. It uses encryption and digital signatures to protect
the confidentiality, integrity, and authenticity of payment information.

Business Requirements of SET

 Confidentiality: Ensure that payment and order details are only accessible to authorized
parties.
 Data Integrity: Guarantee that transaction data is not altered during transmission.
 Cardholder Authentication: Verify that the user is the legitimate cardholder.
 Merchant Authentication: Confirm the merchant’s authorization to accept credit cards.
  Use Best Security Practices: Implement strong cryptographic algorithms and system
designs.
 Transport Independence: Operate securely even over plain TCP/IP, while being
compatible with SSL/TLS or IPSec.
 Interoperability: Support multiple platforms, operating systems, and web software.

Key Features of SET

 Confidentiality: Cardholder’s credit card number is encrypted so that the merchant never
sees it—only the issuing bank does.
 Integrity: Uses RSA digital signatures and SHA-1 hashing to protect message content.
 Cardholder Authentication: Uses X.509v3 digital certificates signed with RSA.
 Merchant Authentication: Also verified via X.509v3 certificates signed by a trusted
authority.
 Fixed Algorithms: Unlike SSL or IPSec, SET uses a fixed set of cryptographic
algorithms for simplicity.

Participants in SET Transactions

1. Cardholder: The authorized user of a payment card (e.g., Visa, MasterCard).
2. Merchant: Sells goods or services and accepts payment cards.
3. Issuer: The bank or financial institution that issues the payment card.
4. Acquirer: The financial institution that manages the merchant’s account and payment
processing.
5. Payment Gateway: A system that processes payment authorizations between the
merchant and acquirer.
6. Certification Authority (CA): Issues digital certificates to participants to enable trust
and authentication.

Typical SET Transaction Flow

1. Account Setup: Cardholder obtains a payment card and receives an X.509 certificate
verifying their identity.
2. Merchant Certification: Merchant obtains certificates for signing and key exchange.
3. Customer Browses & Orders: Customer selects goods/services; merchant sends an
order form.
4. Merchant Authentication: Merchant sends certificate to customer for verification.
 5. Order & Payment Sent: Customer sends order information (OI) to merchant and
payment information (PI) to the payment gateway—PI is encrypted so the merchant can’t
see the card number.
6. Payment Authorization: Merchant requests payment approval from payment gateway.
7. Order Confirmation: Merchant confirms order to the customer.
8. Goods/Services Provided: Merchant delivers the purchased goods/services.
9. Payment Request: Merchant requests payment settlement from payment gateway.

Important Concept: Dual Signature

 Links two separate messages — Order Information (OI) for the merchant and Payment
Information (PI) for the bank — to maintain privacy.
 Prevents the merchant from accessing the cardholder’s credit card details.
 Prevents the bank from seeing the customer’s order details.
 The customer creates a dual signature by hashing both OI and PI, concatenating those
hashes, hashing the result again, and signing it with their private key.
 Both merchant and bank can verify this linkage without seeing the other’s data.

SET Transaction Types

 Cardholder/Merchant Registration: Registration with Certification Authorities.
 Purchase Request: Customer sends order/payment info to merchant.
 Payment Authorization: Merchant requests payment approval from gateway.
 Payment Capture: Merchant requests actual payment from gateway.
 Certificate Inquiry: Check status of certificate requests.
 Purchase Inquiry: Check order processing status.
 Authorization Reversal: Cancel or adjust authorization.
 Capture Reversal: Correct payment capture errors.
 Credit/Credit Reversal: Process returns or refunds.
 Batch Administration & Error Messages: Manage batches and error handling.

Purchase Request Details

 Customer sends an Initiate Request asking for merchant and gateway certificates.
 Merchant replies with Initiate Response containing certificates and nonces for security.
 Customer verifies certificates, creates OI and PI, and generates a one-time symmetric
key (Ks).
 Customer sends Purchase Request:
o PI, dual signature, and OIMD encrypted with Ks (only gateway can decrypt).
 o OI, dual signature, and PIMD sent in clear to merchant.
o Customer’s certificate sent for verification.
 Merchant verifies dual signature and forwards encrypted PI to the payment gateway.

Purchase Request

 Goal: The cardholder sends order info (OI) and payment info (PI) securely.
 Process:
o Cardholder requests certificates from the merchant.
o Merchant responds with its certificate and payment gateway’s certificate.
o Cardholder verifies certificates, prepares OI and PI.
o Creates a dual signature to link OI and PI securely.
o Sends purchase request to merchant including encrypted PI and OI, plus the
cardholder certificate.
 Merchant Actions:
o Verifies cardholder certificate.
o Verifies dual signature (authenticity and integrity).
o Processes order and forwards payment info to payment gateway.
o Sends purchase response with signed confirmation to cardholder.
 Cardholder Action: Verifies merchant’s response and certificate.

2. Payment Authorization

 Goal: Merchant requests authorization from payment gateway (which gets approval from
issuer).
 Merchant Sends:
o PI, dual signature, OI message digest, digital envelope (encrypted symmetric
key).
o Authorization block (transaction ID), encrypted and signed.
o Relevant certificates (cardholder’s and merchant’s).
 Payment Gateway Actions:
o Verifies certificates.
o Decrypts authorization block and payment block.
o Verifies merchant’s signature and dual signature.
o Checks transaction ID consistency.
o Requests authorization from issuer.
 Authorization Response from Gateway:
o Signed and encrypted authorization block.
o Capture token (to be used later for payment capture).
o Gateway’s certificate.
 Result: Merchant gets authorization to fulfill the order.
3. Payment Capture

 Goal: Merchant requests actual payment transfer after goods/services are delivered.
 Merchant Sends:
o Signed and encrypted capture request (amount, transaction ID).
o Encrypted capture token received earlier.
o Merchant’s certificates.
 Payment Gateway Actions:
o Decrypts and verifies capture request and capture token.
o Sends clearing request to issuer to transfer funds.
 Gateway Sends: Capture response (signed, encrypted) to merchant, including gateway
certificate.
 Merchant: Stores capture response for reconciliation.

Key Security Mechanisms

 Dual Signature: Links order and payment info while keeping them private to merchant
and bank respectively.
 Digital Envelopes: Protect symmetric keys used for encrypting sensitive info.
 Digital Certificates (X.509v3): Authenticate cardholder, merchant, and payment
gateway.
 Signatures: Ensure integrity, authenticity, and non-repudiation of messages.
 Encryption: Provides confidentiality of sensitive data.

What is a Firewall?

A firewall is a device or software that inspects and controls network traffic between zones of
different trust levels (e.g., internal network vs. the Internet), allowing or blocking traffic based
on set rules.

 Internal Network – High trust

 External Network – No trust
 DMZ (Demilitarized Zone) – Intermediate trust; hosts public-facing services like
web/FTP servers

Why Firewalls are Important

 Control Internet access (e.g., VPNs, public sites)

 Protect enterprise networks from:
o Unauthorized access
o Eavesdropping
o Denial of service (DoS) attacks (e.g., SYN floods)
 o Data tampering
 Permit only authenticated and necessary access

Access Models:

 Permissive Access – Allow everything except known risks

 Restrictive Access – Block everything except what's necessary
(Most modern firewalls use this approach)

Limitations of Firewalls

 Cannot detect hidden/masked threats in normal traffic

 Limited virus/malware protection (especially for unknown threats)
 Not a complete solution – must be used with other security layers

Types of Firewalls

1. Gateway – Connects internal network to the Internet

2. Circuit-Level Gateway – Filters traffic once a connection is established
3. NAT (Network Address Translation) – Hides internal IP addresses
4. Proxy Server – Intercepts and anonymizes traffic; controls access
5. Packet Filtering Firewall – Inspects packet headers and filters traffic (basic)
6. Screening Routers – Border routers with filtering rules
7. Application-Level Gateway – Filters traffic based on specific applications
8. Bastion Host – Hardened system exposed to external traffic, placed between trusted and
untrusted networks
9. DMZ – Hosts public servers while isolating them from the internal network

Firewall Architectures

 Dial-Up Architecture – Uses a third network card for filtered DMZ

 Single Router Architecture – Can use router-level filtering; may have limitations if ISP
controls the router
 Firewall with Proxy Server – Monitors user activity; all traffic routed through proxy for
control
Introduction to Biometrics

 Biometrics = “bios” (life) + “metrikos” (measure).

 Biometric systems identify individuals using physical or behavioral traits, unlike
traditional systems based on passwords or tokens.

2. Key Biometric Properties

To be usable, a biometric trait must be:

 Universal – Exists in all individuals.

 Distinctive – Uniquely identifies a person.
 Permanent – Remains stable over time.
 Collectible – Easy and measurable to capture.
 Performant – Accurate, fast, and resource-efficient.
 Acceptable – Non-intrusive and user-friendly.
 Hard to Circumvent – Resistant to fraud or spoofing.

3. Types of Biometric Techniques

A. Physiological Biometrics

Based on biological traits:

 Fingerprint Recognition – Analyzes ridges, loops, and whorls.

 Iris Recognition – Analyzes the colored part of the eye.
 Retina Scan – Captures blood vessel patterns at the back of the eye.
 Facial Recognition – Uses thermal or visual facial features.
 Hand Geometry – Measures hand shape and finger length.
 DNA & Body Odor – Less common, highly unique.

B. Behavioral Biometrics

Based on actions or behavior:

 Voice Recognition – Combines physical and behavioral traits.

 Signature Verification – Analyzes how a person signs.
 Keystroke Dynamics – Measures typing rhythm.
 Gait Analysis – Observes walking style.
4. Errors in Biometric Systems

 False Match (False Acceptance - FA): Incorrectly identifies a non-matching person as

valid.
 False Non-Match (False Rejection - FR): Fails to recognize a legitimate user.

5. Advantages of Biometrics

 Can't be lost, forgotten, or stolen.

 Typically permanent and unique.
 Eliminates need for re-issuance of passwords/tokens.

6. Limitations of Biometrics

 Susceptible to accuracy issues and environmental factors.

 Biometric data is not secret.
 Privacy concerns – data is personal and legally protected.
 Data protection laws must be followed.

7. Security Requirements for Biometric Systems

Outlined by Firesmith, categorized into:

A. Authentication

 Verify users before granting access.

 Lock system after failed attempts.
 Restrict admin rights by roles (enrollment, security, audit).
 Ensure sample is from a live human.

B. Identification

 Identify all users and administrators.

 Avoid multiple re-identification in one session.
 Block self-enrollment without admin oversight.

C. Physical Security

 Secure all biometric devices and connections.

 Protect hardware from tampering or damage.
  Maintain device authenticity (model, config, etc.).

D. Immunity

 Scan for malware in templates.

 Ensure all client applications are virus-free.
 Alert administrators to threats.

E. Privacy

 Secure sensitive data and control access.

 Encrypt biometric data.
 Avoid storing unrelated personal info.
 Don’t disclose matching scores to users.

F. Intrusion Detection

 Detect and prevent repeated or exact matches.

 Use intrusion detection systems.

G. Auditing

 Record and report unauthorized access.

 Maintain detailed logs for identification, authorization, and authentication.
 Protect audit logs.

H. Integrity

 Preserve biometric data integrity and confidentiality.

 Prevent unauthorized changes or corruption.

I. Survivability

 Maintain system function even if one biometric fails.

 Protect communication channels.

J. Maintenance

 Maintain/enhance security during hardware/software updates.

K. Non-Repudiation

 Require signatures or approval before modifying records.

Network Forensics: Overview
Definition:
Network forensics is the science of identifying, collecting, analyzing, and preserving evidence
from network activity in a manner that makes it legally admissible in court.

It differs from intrusion detection in that it must meet both technical and legal standards.

Legal Requirements for Network Forensics

To be used in court, network forensic evidence must follow the five rules of evidence:

1. Admissible – Must be acceptable in a legal setting.

2. Authentic – Must be directly related to the incident.
3. Complete – Must include all evidence, even that which may exonerate suspects.
4. Reliable – Must be credible and trustworthy.
5. Believable – Must be understandable and convincing to others.

Daubert Criteria (For Scientific Evidence Admissibility)

Evidence must also meet the Daubert v. Merrell standards:

 Testability – Has the method been reliably tested?

 Peer Review – Has it been reviewed and published by experts?
 Error Rate – What’s the known/potential error rate?
 General Acceptance – Is it accepted by the scientific community?

Common Network Forensics Use Cases

Network forensics applies to various types of crimes and sectors, such as:

 Homeland Security
 Corporate Espionage
 Cyber-enabled Traditional Crimes (e.g., drug trafficking, fraud)
 Child Pornography Investigations
 Employee Monitoring
 Medical Record Abuse (e.g., fraud)
Digital Forensics Communities
1. Law Enforcement:
o Focus: Prosecution
o Typically reactive (after a crime has occurred)
2. Military:
o Focus: Service Continuity
o Emphasis on real-time monitoring and prevention
3. Business/Industry:
o Focus: Service Availability
o May prioritize continuity over prosecution

Users of Network Forensics

 Criminal Prosecutors – Use evidence to prove crimes (fraud, murder, etc.)
 Insurance Companies – Verify or disprove fraud claims
 Law Enforcement – Assist with warrants and seized device analysis
 Private Individuals – Use evidence for personal legal claims (e.g., harassment)

Core Steps in Network Forensics Investigation

1. Identification – Recognize evidence relevant to the incident.
2. Preservation – Protect evidence from tampering or loss.
3. Collection – Acquire data using sound, legally approved methods.

What Is Penetration Testing?

Penetration Testing (Pen Testing) is a controlled, ethical hacking process used to find and
exploit security vulnerabilities in a system to assess how secure it really is.

📄 Types of Security Assessments

1. External Assessment – Tests from outside the organization (e.g., internet-based attacks).
2. Internal Assessment – Tests conducted from within the organization:
o Insider Simulation (employee with access)
o Black Hat Simulation (attacker with no access)
📄 Three Phases of Pen Testing
1. Preattack Phase (Reconnaissance)

 Gather data: WHOIS, DNS, IP scanning, OS fingerprinting

 Create network maps
 Test firewalls, proxies, and filters for misconfigurations or defaults

2. Attack Phase

 Penetrate the Perimeter: Exploit open ports, input vulnerabilities, and protocol flaws
(e.g., SQL injection, buffer overflow)
 Acquire the Target: Use tools or social engineering to gain access
 Privilege Escalation: Gain admin-level control
 Execute & Retract: Prove exploitation without harming systems (some clients limit
actions)

3. Postattack Phase

 Clean up: Restore systems to pre-test state

 Analyze results: Document findings, vulnerabilities, and recommendations
 Report: Provide two versions (technical + executive summary)

📄 Pen Test Report Deliverables

 List of findings (ranked by risk)
 Analysis and explanation
 Remediation advice
 Log files and evidence
 Tester name & test date
 Positive security practices observed

📄 Pen Testing Areas

1. External Testing – Test internet-facing systems
2. Internal Testing – Exploit from inside the network
3. Router Testing – Critical for network access and routing
4. Firewall Testing – Check both external and internal firewalls
 5. IDS/IPS Testing – Bypass intrusion detection/prevention systems
6. Wireless Testing – Examine encryption, rogue APs, signal range
7. DoS Testing – (Only if authorized) Simulate attacks to disrupt services
8. Password Cracking – Brute-force, dictionary attacks, etc.
9. Social Engineering – Phishing, impersonation, phone calls
10. Application Testing – Test apps for code and input flaws
11. Physical Security Testing – Test locks, access control, entry protocols
12. Database Testing – Direct/indirect attacks on data
13. VoIP Testing – Hijack, DoS, or misuse VoIP systems

📄📄 Ethical Hacking
 Must be authorized: Signed contracts required
 Confidentiality: NDAs and secure handling of data
 Stay within scope: Follow client-agreed boundaries (e.g., no DoS if not approved)
 Do no harm: Protect business continuity and data

📄 Pen Testing Methodology (LPT by EC-Council)

1. Information Gathering – Learn everything about the target
2. Vulnerability Analysis – Identify weaknesses (logical, physical, procedural)

📄 Key Techniques & Tools

Reconnaissance & Scanning

 Port Scanning – Find open services (e.g., IPEye)

 Network Scanning – Identify active hosts
 Vulnerability Scanning – Find known weaknesses

Enumeration

 Find usernames, shares, and services

 Tools: SuperScan, SNMP scanning, GetAcct

Common Penetration Tools

 Tool Purpose
TOR Anonymity, bypass firewalls
Netcraft OS/web server detection
SmartWhois Domain/IP owner info
Wireshark Packet sniffing
L0phtCrack Password cracking
Metasploit Exploitation framework
WebCracker HTTP password brute force
PsExec Execute commands remotely
Omnipeek Wireless packet capture
SMAC MAC address spoofing
ImageHide / MP3Stego Steganography (data hiding)
KFSensor / Sobek / Specter Honeypots
Evidence Eliminator Log/data cleaner

📄 Real-World Scenarios
 Web Server Exploits: Banner grabbing, Metasploit attacks
 Wireless Attacks: Locate SSIDs, crack weak encryption
 Social Engineering: Physical access, impersonation, phishing
 Steganography: Hide malicious data in media files