NETWORK SECURITY FUNDAMENTALS EXPLAINED

1(7:25.
6(&85,7<
First Edition
M. Thangavel B.E. (CSE), M.E. (CSE)
With the Guidance of,
Computer Science and Engineering Department,
J.J. College of Engineering & Technology,
Ammapettai, Poolangulathupatti (Post),
Tiruchirappalli - 620 009,
Tamil Nadu.
Dedicated to,
0\$33$
7+,58,0858*$1

SYIIABUS
CS5009 NTWORK SCURITY

UNIT I IUNAMNTAIS
Affncks SorvIcos MochnnIsms ConvonfIonnI IncryfIon CInssIcnI nnd
Modorn TochnIquos IncryfIon AIgorIfhms ConfIdonfInIIfy

UNIT II PUBIIC KY NCRYPTION
!SA IIIIfIc Curvo Cryfogrnhy umbor Thoory Concofs.

UNIT III MSSAG AUTHNTICATION
Hnsh IuncfIons Igosf IuncfIons IgIfnI SIgnnfuros AufhonfIcnfIon IrofocoIs.

UNIT IV NTWORK SCURITY PRACTIC
AufhonfIcnfIon AIIcnfIons IIocfronIc MnII SocurIfy II SocurIfy Wob
SocurIfy.

UNIT V SYSTM SCURITY
Infrudors VIrusos Worms IIrownIIs osIgn IrIncIIos Trusfod Sysfoms.

TABI OI CONTNTS

UNIT 1 IUNAMNTAIS

l.l InfroducfIon................................
l.2 SorvIcos, MochnnIsms nnd Affncks.....................
l.3 SocurIfy Tronds... ............................
l.4 Tho OSI SocurIfy ArchIfocfuro..........................
l.5 A ModoI for ofwork SocurIfy...........................
l.6 CInssIcnI IncryfIon TochnIquos......................
l.? SymmofrIc CIhor ModoI...........................
l.8 SubsfIfufIon TochnIquos............................
l.9 TrnnsosIfIon TochnIquos.......................
l.l0 !ofor MnchInos................................
l.ll Sfognnogrnhy ................................
l.l2 SImIIfIod IS..............................
l.l3 IIock CIhor IrIncIIos...........................
l.l4 MofIvnfIon Ior Tho IoIsfoI CIhor Sfrucfuro...............
l.l5 Tho IoIsfoI CIhor..............................
l.l6 IoIsfoI CIhor Sfrucfuro.........................
l.l? Tho nfn IncryfIon Sfnndnrd ...........................
l.l8 Tho Sfrongfh of IS.............................
l.l9 IfforonfInI nnd !Inonr CryfnnIysIs....................
l.20 IIock CIhor osIgn IrIncIIos.....................
l.2l IIock CIhor Modos of OornfIon....................
l.22 Advnncod IncryfIon Sfnndnrd.....................
l.23 Tho AIS CIhor............................

l.l
l.2
l.6
l.?
l.l?
l.20
l.20
l.28
l.40
l.42
l.43
l.45
l.53
l.54
l.5?
l.58
l.64
l.?4
l.?5
l.?9
l.83
l.92
l.96

l.24 Confomornry SymmofrIc CIhors.....................
A TrIIo IS..............................
I IIowfIsh................................
C !C5..................................
ChnrncforIsfIcs Of Advnncod SymmofrIc IIock CIhors..........
I !C4 Sfronm CIhor..........................
l.25 ConfIdonfInIIfy !sIng SymmofrIc IncryfIon..............
A IIncomonf of IncryfIon IuncfIon.....................
I TrnffIc ConfIdonfInIIfy.........................
C Koy IsfrIbufIon............................
!nndom umbor ConornfIon.....................

l.l09
l.l09
l.ll4
l.l20
l.l26
l.l28
l.l32
l.l32
l.l38
l.l40
l.l48

UNIT 2 PUBIIC KY NCRYPTION

2.l IubIIc Koy Cryfogrnhy...........................
2.2 IrIncIIos of IubIIc Koy Cryfosysfoms....................
2.3 Tho !SA AIgorIfhm..............................
2.4 umbor Thoory...............................
A.l IrImo umbors............................
A.2 Iormnf`s nnd IuIor`s Thoorom......................
A.3 TosfIng for IrImnIIfy.........................
A.4 ChInoso !omnIndor Thoorom.....................
A.5 Iscrofo !ognrIfhms............................
2.5 Koy Mnnngomonf; Ofhor IubIIc Koy Cryfosysfoms................
I.l Koy Mnnngomonf............................
I.2 IffIo-HoIImnn Koy Ixchnngo.......................
I.3 IIIIfIc Curvo ArIfhmofIc.........................
2.6 IIIIfIc Curvo Cryfogrnhy.......................

2.l
2.l
2.l0
2.l8
2.l8
2.20
2.23
2.26
2.2?
2.30
2.3l
2.38
2.42
2.45

UNIT 3 MSSAG AUTHNTICATION

3.l Mossngo AufhonfIcnfIon nnd Hnsh IuncfIons.................
A.l AufhonfIcnfIon !oquIromonfs........................
A.2 AufhonfIcnfIon IuncfIons..........................
A.3 Mossngo AufhonfIcnfIon Codos.........................
A.4 Hnsh IuncfIons.............................
A.5 SocurIfy of Hnsh IuncfIons nnd MAC`s.................
3.2 M5 Mossngo Igosf AIgorIfhm.....................
3.3 Socuro Hnsh AIgorIfhm (SHA-l).....................
3.4 !IIIM-l60....................................
3.5 HMAC....................................
3.6 IgIfnI SIgnnfuros nnd AufhonfIcnfIon IrofocoIs........... ...
I.l IgIfnI SIgnnfuros...........................
I.2 AufhonfIcnfIon IrofocoIs.........................
I.3 IgIfnI SIgnnfuro Sfnndnrd.......................

3.l
3.l
3.2
3.l4
3.l?
3.20
3.24
3.30
3.35
3.3?
3.40
3.40
3.44
3.54

UnIt 4 NTWORK SCURITY PRACTIC

4.l AufhonfIcnfIon AIIcnfIons..........................
A.l Korboros...............................
A.2 X.509 AufhonfIcnfIon SorvIco.....................
4.2 IIocfronIc MnII SocurIfy............................
I.l Iroffy Cood IrIvncy...........................
I.2 S/MIMI...............................
4.3 II SocurIfy..................................
C.l II SocurIfy OvorvIow.........................
C.2 II SocurIfy ArchIfocfuro.........................
C.3 AufhonfIcnfIon Hondor.........................

4.l
4.l
4.l9
4.3l
4.3l
4.52
4.68
4.68
4.?2
4.?9

C.4 IncnsuInfIng SocurIfy InyIond....................
C.5 CombInIng SocurIfy AssocInfIons.....................
C.6 Koy Mnnngomonf............................
4.4 Wob SocurIfy.................................
.l Wob SocurIfy ConsIdornfIons.......................
.2 Socuro Sockof !nyor And Trnnsorf !nyor SocurIfy............
.3 Socuro IIocfronIc TrnnsncfIon.....................

UNIT 5 SYSTM SCURITY

5.l Infrudors..................................
I.l Infrudors...............................
I.2 InfrusIon ofocfIon...........................
I.3 Inssword Mnnngomonf..........................
5.2 MnIIcIous Soffwnro..........................
II.l VIrusos nnd !oInfod Thronfs......................
II.2 VIrus Counfor Monsuros........................
II.3 IsfrIbufod onInI of SorvIco.....................
5.3 IIrownIIs................................
III.l IIrownII osIgn rIncIIos........................
III.2 Trusfod Sysfoms...........................
III.3 Common CrIforIn Ior InformnfIon TochnoIogy SocurIfy IvnIunfIon......

4.86
4.9l
4.94
4.l03
4.l03
4.l06
4.l29

5.l
5.l
5.4
5.20
5.30
5.3l
5.45
5.5l
5.5?
5.58
5.?3
5.8l

)25*,9($1')25*(7
123$,112*$,16
7587+$/:$<675,803+6
UNIT 1 : IUNAMNTAIS NTWORK SCURITY
TLunguveI Muvugun 1.1
UNIT I
IUNAMNTAIS
1.1 INTROUCTION
Definitiono:
Computev SecuvIty - gonorIc nnmo for fho coIIocfIon of fooIs dosIgnod fo rofocf
dnfn nnd fo fhwnrf hnckors
Netwovk SecuvIty - monsuros fo rofocf dnfn durIng fhoIr frnnsmIssIon
Intevnet SecuvIty - monsuros fo rofocf dnfn durIng fhoIr frnnsmIssIon ovor n
coIIocfIon of Inforconnocfod nofworks

Infornofwork socurIfy Is bofh fnscInnfIng nnd comIox. Somo of fho ronsons foIIow:
l. SocurIfy InvoIvIng communIcnfIons nnd nofworks Is nof ns sImIo ns If mIghf
fIrsf nonr fo fho novIco. Tho roquIromonfs soom fo bo sfrnIghfforwnrd; Indood,
mosf of fho mnjor roquIromonfs for socurIfy sorvIcos cnn bo gIvon soIf-
oxInnnfory ono-word InboIs: confIdonfInIIfy, nufhonfIcnfIon, nonroudInfIon,
InfogrIfy. Iuf fho mochnnIsms usod fo moof fhoso roquIromonfs cnn bo quIfo
comIox, nnd undorsfnndIng fhom mny InvoIvo rnfhor subfIo ronsonIng.
2. In dovoIoIng n nrfIcuInr socurIfy mochnnIsm or nIgorIfhm, ono musf nIwnys
consIdor ofonfInI nffncks on fhoso socurIfy fonfuros. In mnny cnsos, succossfuI
nffncks nro dosIgnod by IookIng nf fho robIom In n comIofoIy dIfforonf wny,
fhoroforo oxIoIfIng nn unoxocfod wonknoss In fho mochnnIsm.
3. Iocnuso of oInf 2, fho rocoduros usod fo rovIdo nrfIcuInr sorvIcos nro offon
counforInfuIfIvo: If Is nof obvIous from fho sfnfomonf of n nrfIcuInr roquIromonf
fhnf such oInbornfo monsuros nro noodod. If Is onIy whon fho vnrIous
counformonsuros nro consIdorod fhnf fho monsuros usod mnko sonso.
4. HnvIng dosIgnod vnrIous socurIfy mochnnIsms, If Is nocossnry fo docIdo whoro fo

uso fhom. ThIs Is fruo bofh In forms of hysIcnI Incomonf (o.g., nf whnf oInfs In
n nofwork nro corfnIn socurIfy mochnnIsms noodod) nnd In n IogIcnI sonso |o.g.,
nf whnf Inyor or Inyors of nn nrchIfocfuro such ns TCI/II (TrnnsmIssIon ConfroI
IrofocoI/Infornof IrofocoI) shouId mochnnIsms bo Incod].
5. Security mechanisms usually involve more than a particular algorithm or protocol. They
usually also require that participants be in possession of some secret information (e.g., an
encryption key), which raises questions about the creation, distribution, and protection of
that secret information. There is also a reliance on communications protocols whose
behavior may complicate the task of developing the security mechanism.
Key Termo:
Tho OSI (oon sysfoms InforconnocfIon) socurIfy nrchIfocfuro rovIdos n
sysfomnfIc frnmowork for dofInIng socurIfy nffncks, mochnnIsms, nnd sorvIcos.
SecuvIty uttucks nro cInssIfIod ns oIfhor nssIvo nffncks, whIch IncIudo
unnufhorIzod rondIng of n mossngo of fIIo nnd frnffIc nnnIysIs; nnd ncfIvo nffncks,
such ns modIfIcnfIon of mossngos or fIIos, nnd donInI of sorvIco.
A secuvIty mecLunIsm Is nny rocoss (or n dovIco IncorornfIng such n rocoss)
fhnf Is dosIgnod fo dofocf, rovonf, or rocovor from n socurIfy nffnck. IxnmIos of
mochnnIsms nro oncryfIon nIgorIfhms, dIgIfnI sIgnnfuros, nnd nufhonfIcnfIon
rofocoIs.
SecuvIty sevvIces IncIudo nufhonfIcnfIon, nccoss confroI, dnfn confIdonfInIIfy,
dnfn InfogrIfy, nonroudInfIon, nnd nvnIInbIIIfy.

1.2 SRVICS, MCHANISMS, AN ATTACKS
To nssoss fho socurIfy noods of nn orgnnIznfIon offocfIvoIy nnd fo ovnIunfo nnd
chooso vnrIous socurIfy roducfs nnd oIIcIos, fho mnnngor rosonsIbIo for socurIfy
noods somo sysfomnfIc wny of dofInIng fho roquIromonfs for socurIfy nnd chnrncforIzIng
fho nronchos fo snfIsfyIng fhoso roquIromonfs.
Ono nronch Is fo consIdor fhroo nsocfs of InformnfIon socurIfy:

SecuvIty uttuck: Any ncfIon fhnf comromIsos fho socurIfy of InformnfIon
ownod by nn orgnnIznfIon.
SecuvIty mecLunIsm: A rocoss (or n dovIco IncorornfIng such n rocoss) fhnf
Is dosIgnod fo dofocf, rovonf, or rocovor from n socurIfy nffnck.
SecuvIty sevvIce: A rocossIng or communIcnfIon sorvIco fhnf onhnncos fho
socurIfy of fho dnfn rocossIng sysfoms nnd fho InformnfIon frnnsfors of nn
orgnnIznfIon. Tho sorvIcos nro Infondod fo counfor socurIfy nffncks, nnd fhoy
mnko uso of ono or moro socurIfy mochnnIsms fo rovIdo fho sorvIco.

SevvIces
!of us consIdor fhoso foIcs brIofIy, In rovorso ordor. Wo cnn fhInk of InformnfIon
socurIfy sorvIcos ns roIIcnfIng fho fyos of funcfIons normnIIy nssocInfod wIfh hysIcnI
documonfs. ocumonfs fyIcnIIy hnvo sIgnnfuros nnd dnfos; fhoy mny nood fo bo
rofocfod from dIscIosuro, fnmorIng, or dosfrucfIon; fhoy mny bo nofnrIzod or
wIfnossod; mny bo rocordod or IIconsod, nnd so on.

As InformnfIon sysfoms bocomo ovor moro orvnsIvo nnd ossonfInI fo fho conducf
of our nffnIrs, oIocfronIc InformnfIon fnkos on mnny of fho roIos frndIfIonnIIy orformod
by nor documonfs.

AccordIngIy, fho fyos of funcfIons frndIfIonnIIy nssocInfod wIfh nor
documonfs musf bo orformod on documonfs fhnf oxIsf In oIocfronIc form. SovornI
nsocfs of oIocfronIc documonfs mnko fho rovIsIon of such funcfIons or sorvIcos
chnIIongIng:
l. If Is usunIIy ossIbIo fo dIscrImInnfo bofwoon nn orIgInnI nor documonf nnd n
xorogrnhIc coy. Howovor, nn oIocfronIc documonf Is moroIy n soquonco of bIfs;
fhoro Is no dIfforonco whnfsoovor bofwoon fho "orIgInnI" nnd nny numbor of
coIos.

2. An nIfornfIon fo n nor documonf mny Ionvo somo sorf of hysIcnI ovIdonco of
fho nIfornfIon. Ior oxnmIo, nn ornsuro cnn rosuIf In n fhIn sof or n roughnoss
In fho surfnco. AIforIng bIfs In n comufor momory or In n sIgnnI Ionvos no
hysIcnI frnco.
3. Any "roof" rocoss nssocInfod wIfh n hysIcnI documonf fyIcnIIy doonds on
fho hysIcnI chnrncforIsfIcs of fhnf documonf (o.g., fho shno of n hnndwrIffon
sIgnnfuro or nn ombossod nofnry sonI). Any such roof of nufhonfIcIfy of nn
oIocfronIc documonf musf bo bnsod on InfornnI ovIdonco rosonf In fho
InformnfIon IfsoIf.

A PuvtIuI IIst oI Common InIovmutIon IntegvIty IunctIons

MecLunIsms
Thoro Is no sIngIo mochnnIsm fhnf wIII suorf nII fho funcfIons IIsfod In TnbIo.
Howovor, wo cnn nofo nf fhIs oInf fhnf fhoro Is ono nrfIcuInr oIomonf fhnf undorIIos
mnny of fho socurIfy mochnnIsms In uso: cryfogrnhIc fochnIquos.
IncryfIon or oncryfIon-IIko frnnsformnfIons of InformnfIon (such ns hnsh
funcfIons) nro fho mosf common mochnnIsms for rovIdIng socurIfy. Thus, fhIs book
focusos on fho dovoIomonf, uso, nnd mnnngomonf of such fochnIquos.

Attucks
InformnfIon socurIfy Is nbouf how fo rovonf nffncks or, fnIIIng fhnf, fo dofocf
nffncks on InformnfIon-bnsod sysfoms whoroIn fho InformnfIon IfsoIf hns no monnIngfuI
hysIcnI oxIsfonco nnd fhon fo subsoquonfIy rocovor from fho nffncks.
TnbIo l.2 IIsfs oxnmIos of nffncks, onch of whIch hns nrIson In n numbor of ronI-
worId cnsos. Thoso nro oxnmIos of socIfIc nffncks fhnf nn orgnnIznfIon or nn
IndIvIdunI (or nn orgnnIznfIon on bohnIf of Ifs omIoyoos) mny nood fo counfor. Tho
nnfuro of fho nffnck fhnf concorns nn orgnnIznfIon vnrIos gronfIy from ono sof of
cIrcumsfnncos fo nnofhor.

umpIes oI SecuvIty Attucks


TLveuts und Attucks

1.3 SCURITY TRNS
In l994, fho Infornof ArchIfocfuro Ionrd (IAI) Issuod n roorf onfIfIod "SocurIfy
In fho Infornof ArchIfocfuro" (!IC l636). Tho roorf sfnfod fho gonornI consonsus fhnf
fho Infornof noods moro nnd boffor socurIfy, nnd If IdonfIfIod koy nrons for socurIfy
mochnnIsms. Among fhoso woro fho nood fo socuro fho nofwork Infrnsfrucfuro from
unnufhorIzod monIforIng nnd confroI of nofwork frnffIc nnd fho nood fo socuro ond-
usor-fo-ond-usor frnffIc usIng nufhonfIcnfIon nnd oncryfIon mochnnIsms.
Ovor fImo, fho nffncks on fho Infornof nnd Infornof-nffnchod sysfoms hnvo
grown moro sohIsfIcnfod whIIo fho nmounf of skIII nnd knowIodgo roquIrod fo mounf
nn nffnck hns docIInod. Affncks hnvo bocomo moro nufomnfod nnd cnn cnuso gronfor
nmounfs of dnmngo. ThIs Incronso In nffncks coIncIdos wIfh nn Incronsod uso of fho
Infornof nnd wIfh Incronsos In fho comIoxIfy of rofocoIs, nIIcnfIons, nnd fho
Infornof IfsoIf. CrIfIcnI Infrnsfrucfuros IncronsIngIy roIy on fho Infornof for oornfIons.
IndIvIdunI usors roIy on fho socurIfy of fho Infornof, omnII, fho Wob, nnd Wob-
bnsod nIIcnfIons fo n gronfor oxfonf fhnn ovor. Thus, n wIdo rnngo of fochnoIogIos nnd
fooIs nro noodod fo counfor fho growIng fhronf.
Af n bnsIc IovoI, cryfogrnhIc nIgorIfhms for confIdonfInIIfy nnd nufhonfIcnfIon
nssumo gronfor Imorfnnco. As woII, dosIgnors nood fo focus on Infornof-bnsod rofocoIs
nnd fho vuInornbIIIfIos of nffnchod oornfIng sysfoms nnd nIIcnfIons.
TLunguveI Muvugun 1.?
1.4 TH OSI SCURITY ARCHITCTUR

To offocfIvoIy nssoss fho socurIfy noods of nn orgnnIznfIon, nnd fo ovnIunfo nnd
chooso vnrIous socurIfy roducfs nnd oIIcIos, fho mnnngor rosonsIbIo for socurIfy
noods somo sysfomnfIc wny of dofInIng fho roquIromonfs for socurIfy nnd chnrncforIzIng
fho nronchos fo snfIsfyIng fhoso roquIromonfs. ThIs Is dIffIcuIf onough In n
confrnIIzod dnfn rocossIng onvIronmonf; wIfh fho uso of IocnI nron nnd wIdo nron
nofworks, fho robIoms nro comoundod.
IT!-T !ocommondnfIon X.800, SocurIfy ArchIfocfuro for OSI, dofInos such n
sysfomnfIc nronch. Tho OSI socurIfy nrchIfocfuro Is usofuI fo mnnngors ns n wny of
orgnnIzIng fho fnsk of rovIdIng socurIfy.
Iurfhormoro, bocnuso fhIs nrchIfocfuro wns dovoIood ns nn InfornnfIonnI
sfnndnrd, comufor nnd communIcnfIons vondors hnvo dovoIood socurIfy fonfuros for
fhoIr roducfs nnd sorvIcos fhnf roInfo fo fhIs sfrucfurod dofInIfIon of sorvIcos nnd
mochnnIsms.
Ior our urosos, fho OSI socurIfy nrchIfocfuro rovIdos n usofuI ovorvIow of
mnny of fho concofs. Tho OSI socurIfy nrchIfocfuro focusos on socurIfy nffncks,
mochnnIsms, nnd sorvIcos.

SCURITY SRVICS
X.800 dofInos n socurIfy sorvIco ns n sorvIco rovIdod by n rofocoI Inyor of
communIcnfIng oon sysfoms, whIch onsuros ndoqunfo socurIfy of fho sysfoms or of
dnfn frnnsfors.

Definition:
A rocossIng or communIcnfIon sorvIco fhnf Is rovIdod by n sysfom fo gIvo n
socIfIc kInd of rofocfIon fo sysfom rosourcos; socurIfy sorvIcos ImIomonf socurIfy
oIIcIos, nnd nro ImIomonfod by socurIfy mochnnIsms.

TLunguveI Muvugun 1.B
X800 dIvIdos fhoso sorvIcos Info fIvo cnfogorIos nnd fourfoon socIfIc sorvIcos:

AutLentIcutIon
Tho nufhonfIcnfIon sorvIco Is concornod wIfh nssurIng fhnf n communIcnfIon Is
nufhonfIc. In fho cnso of n sIngIo mossngo, such ns n wnrnIng or nInrm sIgnnI, fho
funcfIon of fho nufhonfIcnfIon sorvIco Is fo nssuro fho rocIIonf fhnf fho mossngo Is from
fho sourco fhnf If cInIms fo bo from.

In fho cnso of nn ongoIng InforncfIon, such ns fho connocfIon of n formInnI fo n
hosf, tuo uopecto nro InvoIvod.
Firot, nf fho fImo of connocfIon InIfInfIon, fho sorvIco nssuros fhnf fho fwo
onfIfIos nro nufhonfIc, fhnf Is, fhnf onch Is fho onfIfy fhnf If cInIms fo bo.
SeconJ, fho sorvIco musf nssuro fhnf fho connocfIon Is nof Inforforod wIfh In
such n wny fhnf n fhIrd nrfy cnn mnsquorndo ns ono of fho fwo IogIfImnfo nrfIos for
fho urosos of unnufhorIzod frnnsmIssIon or rocofIon.

Two socIfIc nufhonfIcnfIon sorvIcos nro dofInod In fho sfnndnrd:

Peer entity uuthenticution:
IrovIdos for fho corrobornfIon of fho IdonfIfy of n oor onfIfy In nn nssocInfIon. If
Is rovIdod for uso nf fho osfnbIIshmonf of, or nf fImos durIng fho dnfn frnnsfor hnso,
of n connocfIon.
If nffomfs fo rovIdo confIdonco fhnf nn onfIfy Is nof nffomfIng oIfhor n
mnsquorndo or nn unnufhorIzod roIny of n rovIous connocfIon.

Dutu origin uuthenticution:
IrovIdos for fho corrobornfIon of fho sourco of n dnfn unIf. If doos nof rovIdo
rofocfIon ngnInsf fho duIIcnfIon or modIfIcnfIon of dnfn unIfs.
ThIs fyo of sorvIco suorfs nIIcnfIons IIko oIocfronIc mnII whoro fhoro nro no
rIor InforncfIons bofwoon fho communIcnfIng onfIfIos.

Access ContvoI
In fho confoxf of nofwork socurIfy, nccoss confroI Is fho nbIIIfy fo IImIf nnd
confroI fho nccoss fo hosf sysfoms nnd nIIcnfIons vIn communIcnfIons IInks. To
nchIovo fhIs, onch onfIfy fryIng fo gnIn nccoss musf fIrsf bo IdonfIfIod, or nufhonfIcnfod,
so fhnf nccoss rIghfs cnn bo fnIIorod fo fho IndIvIdunI.

utu ConIIdentIuIIty
ConfIdonfInIIfy Is fho rofocfIon of frnnsmIffod dnfn from nssIvo nffncks
(dofInod subsoquonfIy). WIfh rosocf fo fho confonf of n dnfn frnnsmIssIon, sovornI
IovoIs of rofocfIon cnn bo IdonfIfIod. Tho brondosf sorvIco rofocfs nII usor dnfn
frnnsmIffod bofwoon fwo usors ovor n orIod of fImo.
Ior erumple, If n TCI connocfIon Is sof u bofwoon fwo sysfoms, fhIs brond
rofocfIon wouId rovonf fho roIonso of nny usor dnfn frnnsmIffod ovor fho TCI
connocfIon.
Tho ofhor nsocf of confIdonfInIIfy Is fho rofocfIon of frnffIc fIow from nnnIysIs.
ThIs roquIros fhnf nn nffnckor nof bo nbIo fo obsorvo fho sourco nnd dosfInnfIon,
froquoncy, Iongfh, or ofhor chnrncforIsfIcs of fho frnffIc on n communIcnfIons fncIIIfy.

utu IntegvIty
As wIfh confIdonfInIIfy, InfogrIfy cnn nIy fo n sfronm of mossngos, n sIngIo
mossngo, or soIocfod fIoIds wIfhIn n mossngo. AgnIn, fho mosf usofuI nnd
sfrnIghfforwnrd nronch Is fofnI sfronm rofocfIon.

A connection-orienteJ integrity oertice, ono fhnf donIs wIfh n sfronm of
mossngos, nssuros fhnf mossngos nro rocoIvod ns sonf, wIfh no duIIcnfIon, InsorfIon,
modIfIcnfIon, roordorIng, or roInys. Tho dosfrucfIon of dnfn Is nIso covorod undor fhIs
sorvIco. Thus, fho connocfIon-orIonfod InfogrIfy sorvIco nddrossos bofh mossngo sfronm
modIfIcnfIon nnd donInI of sorvIco.
On fho ofhor hnnd, n connectionleoo integrity oertice, ono fhnf donIs wIfh
IndIvIdunI mossngos onIy wIfhouf rognrd fo nny Inrgor confoxf, gonornIIy rovIdos
rofocfIon ngnInsf mossngo modIfIcnfIon onIy.
Wo cnn mnko n dIsfIncfIon bofwoon fho oertice uith unJ uithout recotery.
Iocnuso fho InfogrIfy sorvIco roInfos fo ncfIvo nffncks, wo nro concornod wIfh dofocfIon
rnfhor fhnn rovonfIon.
If n vIoInfIon of InfogrIfy Is dofocfod, fhon fho sorvIco mny sImIy roorf fhIs
vIoInfIon, nnd somo ofhor orfIon of soffwnro or humnn InforvonfIon Is roquIrod fo
rocovor from fho vIoInfIon.

Non-RepudIutIon
onroudInfIon rovonfs oIfhor sondor or rocoIvor from donyIng n frnnsmIffod
mossngo. Thus, whon n mossngo Is sonf, fho rocoIvor cnn rovo fhnf fho mossngo wns In
fncf sonf by fho nIIogod sondor. SImIInrIy, whon n mossngo Is rocoIvod, fho sondor cnn
rovo fhnf fho mossngo wns In fncf rocoIvod by fho nIIogod rocoIvor.
Atuilubility Sertice
Iofh X.800 nnd !IC 2828 dofIno nvnIInbIIIfy fo bo fho roorfy of n sysfom or n
sysfom rosourco boIng nccossIbIo nnd usnbIo uon domnnd by nn nufhorIzod sysfom
onfIfy, nccordIng fo orformnnco socIfIcnfIons for fho sysfom; I.o., n sysfom Is nvnIInbIo
If If rovIdos sorvIcos nccordIng fo fho sysfom dosIgn whonovor usors roquosf fhom.

A vnrIofy of nffncks cnn rosuIf In fho Ioss of or roducfIon In nvnIInbIIIfy. Somo of
fhoso nffncks nro nmonnbIo fo nufomnfod counformonsuros, such ns nufhonfIcnfIon nnd
oncryfIon, whorons ofhors roquIro somo sorf of hysIcnI ncfIon fo rovonf or rocovor
from Ioss of nvnIInbIIIfy of oIomonfs of n dIsfrIbufod sysfom.

X.800 fronfs nvnIInbIIIfy ns n roorfy fo bo nssocInfod wIfh vnrIous socurIfy
sorvIcos. Howovor, If mnkos sonso fo cnII ouf socIfIcnIIy nn nvnIInbIIIfy sorvIco. An
nvnIInbIIIfy sorvIco Is ono fhnf rofocfs n sysfom fo onsuro Ifs nvnIInbIIIfy.

ThIs sorvIco nddrossos fho socurIfy concorns rnIsod by donInI-of-sorvIco nffncks.
If doonds on roor mnnngomonf nnd confroI of sysfom rosourcos, nnd fhus doonds
on nccoss confroI sorvIco nnd ofhor socurIfy sorvIcos.
Otertieu of Security Serticeo:

SCURITY MCHANISMS
Tho mochnnIsms nro dIvIdod Info fhoso fhnf nro ImIomonfod In n socIfIc
rofocoI Inyor nnd fhoso fhnf nro nof socIfIc fo nny nrfIcuInr rofocoI Inyor or socurIfy
sorvIco. Thoso mochnnIsms wIII bo covorod In fho nrorInfo Incos In fho book nnd so
wo do nof oInbornfo now, oxcof fo commonf on fho dofInIfIon of oncIhormonf.
X.800 dIsfInguIshos bofwoon reteroible enchiperment mechuniomo nnd
irreteroible enchiperment mechuniomo.
A reteroible encipherment mechuniom Is sImIy nn oncryfIon nIgorIfhm
fhnf nIIows dnfn fo bo oncryfod nnd subsoquonfIy docryfod.
1rreteroible encihperment mechuniomo IncIudo hnsh nIgorIfhms nnd
mossngo nufhonfIcnfIon codos, whIch nro usod In dIgIfnI sIgnnfuro nnd mossngo
nufhonfIcnfIon nIIcnfIons.

SCURITY ATTACKS
A usofuI monns of cInssIfyIng socurIfy nffncks, usod bofh In X.800 nnd !IC 2828,
Is In forms of nssIvo nffncks nnd ncfIvo nffncks. A puooite uttuck nffomfs fo Ionrn or
mnko uso of InformnfIon from fho sysfom buf doos nof nffocf sysfom rosourcos. An
uctite uttuck nffomfs fo nIfor sysfom rosourcos or nffocf fhoIr oornfIon.

PussIve Attucks
InssIvo nffncks nro In fho nnfuro of onvosdroIng on, or monIforIng of,
frnnsmIssIons. Tho gonI of fho oononf Is fo obfnIn InformnfIon fhnf Is boIng
frnnsmIffod. Two fyos of nssIvo nffncks nro: roIonso of mossngo confonfs nnd frnffIc
nnnIysIs.

Tho releuoe of meoouge contento Is onsIIy undorsfood. A foIohono
convorsnfIon, nn oIocfronIc mnII mossngo, nnd n frnnsforrod fIIo mny confnIn sonsIfIvo
or confIdonfInI InformnfIon.

A socond fyo of nssIvo nffnck, truffic unulyoio. Suoso fhnf wo hnd n wny of
mnskIng fho confonfs of mossngos or ofhor InformnfIon frnffIc so fhnf oononfs, ovon If
fhoy cnfurod fho mossngo, couId nof oxfrncf fho InformnfIon from fho mossngo.
Tho common fochnIquo for mnskIng confonfs Is oncryfIon. If wo hnd oncryfIon
rofocfIon In Inco, nn oononf mIghf sfIII bo nbIo fo obsorvo fho nfforn of fhoso
mossngos.
Tho oononf couId doformIno fho IocnfIon nnd IdonfIfy of communIcnfIng hosfs
nnd couId obsorvo fho froquoncy nnd Iongfh of mossngos boIng oxchnngod. ThIs
InformnfIon mIghf bo usofuI In guossIng fho nnfuro of fho communIcnfIon fhnf wns
fnkIng Inco.

InssIvo nffncks nro vory dIffIcuIf fo dofocf bocnuso fhoy do nof InvoIvo nny
nIfornfIon of fho dnfn. Howovor, If Is fonsIbIo fo rovonf fho succoss of fhoso nffncks,
usunIIy by monns of oncryfIon. Thus, fho omhnsIs In donIIng wIfh nssIvo nffncks Is
on rovonfIon rnfhor fhnn dofocfIon.

ActIve Attucks
AcfIvo nffncks InvoIvo somo modIfIcnfIon of fho dnfn sfronm or fho cronfIon of n
fnIso sfronm nnd cnn bo subdIvIdod Info four cnfogorIos: mnsquorndo, roIny,
modIfIcnfIon of mossngos, nnd donInI of sorvIco.

A muoqueruJe fnkos Inco whon ono onfIfy rofonds fo bo n dIfforonf onfIfy. A
mnsquorndo nffnck usunIIy IncIudos ono of fho ofhor forms of ncfIvo nffnck.
Repluy InvoIvos fho nssIvo cnfuro of n dnfn unIf nnd Ifs subsoquonf
rofrnnsmIssIon fo roduco nn unnufhorIzod offocf.

MoJificution of meoougeo sImIy monns fhnf somo orfIon of n IogIfImnfo
mossngo Is nIforod, or fhnf mossngos nro doInyod or roordorod, fo roduco nn
unnufhorIzod offocf.

Tho Jeniul of oertice rovonfs or InhIbIfs fho normnI uso or mnnngomonf of
communIcnfIons fncIIIfIos. ThIs nffnck mny hnvo n socIfIc fnrgof; for oxnmIo, nn onfIfy
mny suross nII mossngos dIrocfod fo n nrfIcuInr dosfInnfIon (o.g., fho socurIfy nudIf
sorvIco).


ReIutIonsLIp between SecuvIty SevvIces und MecLunIsms
TLunguveI Muvugun 1.1?
IIIevence:
AcfIvo nffncks rosonf fho oosIfo chnrncforIsfIcs of nssIvo nffncks. Whorons
nssIvo nffncks nro dIffIcuIf fo dofocf, monsuros nro nvnIInbIo fo rovonf fhoIr succoss.
On fho ofhor hnnd, If Is quIfo dIffIcuIf fo rovonf ncfIvo nffncks nbsoIufoIy,
bocnuso fo do so wouId roquIro hysIcnI rofocfIon of nII communIcnfIons fncIIIfIos nnd
nfhs nf nII fImos.
Insfond, fho gonI Is fo dofocf fhom nnd fo rocovor from nny dIsrufIon or doInys
cnusod by fhom. Iocnuso fho dofocfIon hns n doforronf offocf, If mny nIso confrIbufo fo
rovonfIon.

1.5 A MOI IOR NTWORK SCURITY
A mossngo Is fo bo frnnsforrod from ono nrfy fo nnofhor ncross somo sorf of
Infornof. Tho fwo nrfIos, who nro fho principole In fhIs frnnsncfIon, musf cooornfo for
fho oxchnngo fo fnko Inco. A IogIcnI InformnfIon chnnnoI Is osfnbIIshod by dofInIng n
roufo fhrough fho Infornof from sourco fo dosfInnfIon nnd by fho cooornfIvo uso of
communIcnfIon rofocoIs (o.g., TCI/II) by fho fwo rIncInIs.

ModeI Iov Netwovk SecuvIty
SocurIfy nsocfs como Info Iny whon If Is nocossnry or dosIrnbIo fo rofocf fho
InformnfIon frnnsmIssIon from nn oononf who mny rosonf n fhronf fo
confIdonfInIIfy, nufhonfIcIfy, nnd so on. AII fho fochnIquos for rovIdIng socurIfy hnvo
tuo componento:
TLunguveI Muvugun 1.1B
A socurIfy-roInfod frnnsformnfIon on fho InformnfIon fo bo sonf. IxnmIos

IncIudo fho oncryfIon of fho mossngo, whIch scrnmbIos fho mossngo so fhnf If Is
unrondnbIo by fho oononf, nnd fho nddIfIon of n codo bnsod on fho confonfs of
fho mossngo, whIch cnn bo usod fo vorIfy fho IdonfIfy of fho sondor.
Somo socrof InformnfIon shnrod by fho fwo rIncInIs nnd, If Is hood, unknown
fo fho oononf. An oxnmIo Is nn oncryfIon koy usod In conjuncfIon wIfh fho
frnnsformnfIon fo scrnmbIo fho mossngo boforo frnnsmIssIon nnd unscrnmbIo If
on rocofIon.
A truoteJ thirJ purty mny bo noodod fo nchIovo socuro frnnsmIssIon. Ior

oxnmIo, n fhIrd nrfy mny bo rosonsIbIo for dIsfrIbufIng fho socrof InformnfIon fo fho
fwo rIncInIs whIIo kooIng If from nny oononf. Or n fhIrd nrfy mny bo noodod fo
nrbIfrnfo dIsufos bofwoon fho fwo rIncInIs concornIng fho nufhonfIcIfy of n mossngo
frnnsmIssIon.

ThIs gonornI modoI shows fhnf fhoro nro four buoic tuoko In dosIgnIng n
nrfIcuInr socurIfy sorvIco:
l. osIgn nn nIgorIfhm for orformIng fho socurIfy-roInfod frnnsformnfIon. Tho
nIgorIfhm shouId bo such fhnf nn oononf cnnnof dofonf Ifs uroso.
2. Conornfo fho socrof InformnfIon fo bo usod wIfh fho nIgorIfhm.
3. ovoIo mofhods for fho dIsfrIbufIon nnd shnrIng of fho socrof InformnfIon.
4. SocIfy n rofocoI fo bo usod by fho fwo rIncInIs fhnf mnkos uso of fho socurIfy
nIgorIfhm nnd fho socrof InformnfIon fo nchIovo n nrfIcuInr socurIfy sorvIco.

A gonornI modoI whIch rofIocfs n concorn for rofocfIng nn InformnfIon sysfom
from unwnnfod nccoss. Tho hucker cnn bo somoono who, wIfh no mnIIgn Infonf, sImIy
gofs snfIsfncfIon from bronkIng nnd onforIng n comufor sysfom.

Or, fho intruJer cnn bo n dIsgrunfIod omIoyoo who wIshos fo do dnmngo, or n
crImInnI who sooks fo oxIoIf comufor nssofs for fInnncInI gnIn (o.g., obfnInIng crodIf
cnrd numbors or orformIng IIIognI monoy frnnsfors).
Anofhor fyo of unwnnfod nccoss Is fho Incomonf In n comufor sysfom of IogIc

fhnf oxIoIfs vuInornbIIIfIos In fho sysfom nnd fhnf cnn nffocf nIIcnfIon rogrnms ns
woII ns ufIIIfy rogrnms, such ns odIfors nnd comIIors.

Two kInds of fhronfs cnn bo rosonfod by rogrnms:
InIovmutIon uccess tLveuts Inforcof or modIfy dnfn on bohnIf of usors who
shouId nof hnvo nccoss fo fhnf dnfn.
SevvIce tLveuts oxIoIf sorvIco fInws In comufors fo InhIbIf uso by IogIfImnfo
usors.

Netwovk Access SecuvIty ModeI
VIrusos nnd worms nro fwo oxnmIos of ooftuure uttucko. Such nffncks cnn bo
Infroducod Info n sysfom by monns of n dIsk fhnf confnIns fho unwnnfod IogIc conconIod
In ofhorwIso usofuI soffwnro. Thoy cnn nIso bo Insorfod Info n sysfom ncross n nofwork;
fhIs Inffor mochnnIsm Is of moro concorn In nofwork socurIfy.

Tho socurIfy mochnnIsms noodod fo coo wIfh unwnnfod nccoss fnII Info tuo
brouJ cutegorieo. Tho fIrsf cnfogory mIghf bo formod n gutekeeper function. If
IncIudos nssword-bnsod IogIn rocoduros fhnf nro dosIgnod fo dony nccoss fo nII buf
nufhorIzod usors nnd scroonIng IogIc fhnf Is dosIgnod fo dofocf nnd rojocf worms,
vIrusos, nnd ofhor sImIInr nffncks.
Onco nccoss Is gnInod, by oIfhor nn unwnnfod usor or unwnnfod soffwnro, fho
socond IIno of dofonso consIsfs of n vnrIofy of InfornnI confroIs fhnf monIfor ncfIvIfy nnd
nnnIyzo sforod InformnfIon In nn nffomf fo dofocf fho rosonco of unwnnfod Infrudors.
1.6 CIASSICAI NCRYPTION TCHNIQUS

SymmofrIc oncryfIon nIso roforrod fo ns convonfIonnI oncryfIon or sIngIo-koy
oncryfIon wns fho onIy fyo of oncryfIon In uso rIor fo fho dovoIomonf of ubIIc-koy
oncryfIon.
Key Termo:
An orIgInnI mossngo Is known ns fho pIuIntet, whIIo fho codod mossngo Is
cnIIod fho cIpLevtet.
Tho rocoss of convorfIng from InInfoxf fo cIhorfoxf Is known ns encIpLevIng
or encvyptIon; rosforIng fho InInfoxf from fho cIhorfoxf Is decIpLevIng or
decvyptIon.
Tho mnny schomos usod for oncIhorIng consfIfufo fho nron of sfudy known ns
cvyptogvupLy. Such n schomo Is known ns n cvyptogvupLIc system or n
cIpLev.
TochnIquos usod for docIhorIng n mossngo wIfhouf nny knowIodgo of fho
oncIhorIng dofnIIs fnII Info fho nron of cvyptunuIysIs. CryfnnnIysIs Is whnf
fho Inyorson cnIIs bronkIng fho codo.
Tho nrons of cryfogrnhy nnd cryfnnnIysIs fogofhor nro cnIIod cvyptoIogy.

1.? SYMMTRIC CIPHR MOI
A symmofrIc oncryfIon schomo hns fite ingreJiento:
PIuIntet:
ThIs Is fho orIgInnI InfoIIIgIbIo mossngo or dnfn fhnf Is fod Info fho nIgorIfhm ns
Inuf.
ncvyptIon uIgovItLm:
Tho oncryfIon nIgorIfhm orforms vnrIous subsfIfufIons nnd frnnsformnfIons on
fho InInfoxf.
Secvet key:
Tho socrof koy Is nIso Inuf fo fho oncryfIon nIgorIfhm. Tho koy Is n vnIuo
Indoondonf of fho InInfoxf. Tho nIgorIfhm wIII roduco n dIfforonf oufuf doondIng
on fho socIfIc koy boIng usod nf fho fImo. Tho oxncf subsfIfufIons nnd frnnsformnfIons
orformod by fho nIgorIfhm doond on fho koy.
CIpLevtet:
ThIs Is fho scrnmbIod mossngo roducod ns oufuf. If doonds on fho InInfoxf
nnd fho socrof koy. Ior n gIvon mossngo, fwo dIfforonf koys wIII roduco fwo dIfforonf
cIhorfoxfs. Tho cIhorfoxf Is nn nnronfIy rnndom sfronm of dnfn nnd, ns If sfnnds, Is
unInfoIIIgIbIo.
ecvyptIon uIgovItLm:
ThIs Is ossonfInIIy fho oncryfIon nIgorIfhm run In rovorso. If fnkos fho
cIhorfoxf nnd fho socrof koy nnd roducos fho orIgInnI InInfoxf.

SImpIIIIed ModeI oI SymmetvIc ncvyptIon

Thoro nro fwo roquIromonfs for socuro uso of convonfIonnI oncryfIon:
Wo nood n sfrong oncryfIon nIgorIfhm. Af n mInImum, wo wouId IIko fho
nIgorIfhm fo bo such fhnf nn oononf who knows fho nIgorIfhm nnd hns nccoss
fo ono or moro cIhorfoxfs wouId bo unnbIo fo docIhor fho cIhorfoxf or fIguro
ouf fho koy. ThIs roquIromonf Is usunIIy sfnfod In n sfrongor form: Tho oononf
shouId bo unnbIo fo docryf cIhorfoxf or dIscovor fho koy ovon If ho or sho Is In
ossossIon of n numbor of cIhorfoxfs fogofhor wIfh fho InInfoxf fhnf roducod
onch cIhorfoxf.
Sondor nnd rocoIvor musf hnvo obfnInod coIos of fho socrof koy In n socuro
fnshIon nnd musf koo fho koy socuro. If somoono cnn dIscovor fho koy nnd
knows fho nIgorIfhm, nII communIcnfIon usIng fhIs koy Is rondnbIo.
Wo nssumo fhnf If Is ImrncfIcnI fo docryf n mossngo on fho bnsIs of fho

cIhorfoxf plue knowIodgo of fho oncryfIon/docryfIon nIgorIfhm. In ofhor words, wo
do nof nood fo koo fho nIgorIfhm socrof; wo nood to keep only the key oecret.
ThIs fonfuro of symmofrIc oncryfIon Is whnf mnkos If fonsIbIo for wIdosrond
uso. WIfh fho uso of symmofrIc oncryfIon, fho rIncInI socurIfy robIom Is
mnInfnInIng fho socrocy of fho koy.

A cIosor Iook nf fho ossonfInI oIomonfs of n symmofrIc oncryfIon schomo, usIng
boIow IIguro. A sourco roducos n mossngo In InInfoxf, X = |Xl, X2, . . ., XM]. Tho M
oIomonfs of X nro Ioffors In somo fInIfo nIhnbof.
TrndIfIonnIIy, fho nIhnbof usunIIy consIsfod of fho 26 cnIfnI Ioffors.
owndnys, fho bInnry nIhnbof {0, l} Is fyIcnIIy usod. Ior oncryfIon, n koy of fho form
K = |Kl, K2, . . ., KJ] Is gonornfod. If fho koy Is gonornfod nf fho mossngo sourco, fhon If
musf nIso bo rovIdod fo fho dosfInnfIon by monns of somo socuro chnnnoI.

ModeI oI SymmetvIc Cvyptosystem
AIfornnfIvoIy, n fhIrd nrfy couId gonornfo fho koy nnd socuroIy doIIvor If fo bofh
sourco nnd dosfInnfIon. WIfh fho mossngo X nnd fho oncryfIon koy K ns Inuf, fho
oncryfIon nIgorIfhm forms fho cIhorfoxf Y = |Yl, Y2, . . ., YA]. Wo cnn wrIfo fhIs ns
Y = IK(X)
ThIs nofnfIon IndIcnfos fhnf Y Is roducod by usIng oncryfIon nIgorIfhm I ns n
funcfIon of fho InInfoxf X, wIfh fho socIfIc funcfIon doformInod by fho vnIuo of fho koy
K. Tho Infondod rocoIvor, In ossossIon of fho koy, Is nbIo fo Invorf fho frnnsformnfIon:
X = K(Y)
An oononf, obsorvIng Y buf nof hnvIng nccoss fo K or X, mny nffomf fo
rocovor X or K or bofh X nnd K. If Is nssumod fhnf fho oononf knows fho oncryfIon
(I) nnd docryfIon () nIgorIfhms.
If fho oononf Is Inforosfod In onIy fhIs nrfIcuInr mossngo, fhon fho focus of
fho offorf Is fo rocovor X by gonornfIng n InInfoxf osfImnfo X. Offon, howovor, fho
oononf Is Inforosfod In boIng nbIo fo rond fufuro mossngos ns woII, In whIch cnso nn
nffomf Is mndo fo rocovor K by gonornfIng nn osfImnfo K.

CRYPTOGRAPHY
CryfogrnhIc sysfoms nro chnrncforIzod nIong fhroo Indoondonf dImonsIons:
1. TLe type oI opevutIons used Iov tvunsIovmIng pIuIntet to cIpLevtet.
AII oncryfIon nIgorIfhms nro bnsod on fwo gonornI rIncIIos: subsfIfufIon, In
whIch onch oIomonf In fho InInfoxf (bIf, Ioffor, grou of bIfs or Ioffors) Is mnod Info
nnofhor oIomonf, nnd frnnsosIfIon, In whIch oIomonfs In fho InInfoxf nro ronrrnngod.
Tho fundnmonfnI roquIromonf Is fhnf no InformnfIon bo Iosf (fhnf Is, fhnf nII oornfIons
nro rovorsIbIo). Mosf sysfoms, roforrod fo ns roducf sysfoms, InvoIvo muIfIIo sfngos of
subsfIfufIons nnd frnnsosIfIons.

2. TLe numbev oI keys used.
If bofh sondor nnd rocoIvor uso fho snmo koy, fho sysfom Is roforrod fo ns
symmofrIc, sIngIo-koy, socrof-koy, or convonfIonnI oncryfIon. If fho sondor nnd rocoIvor
onch usos n dIfforonf koy, fho sysfom Is roforrod fo ns nsymmofrIc, fwo-koy, or ubIIc-
koy oncryfIon.
3. TLe wuy In wLIcL tLe pIuIntet Is pvocessed.

A block cipher rocossos fho Inuf ono bIock of oIomonfs nf n fImo, roducIng
nn oufuf bIock for onch Inuf bIock. A otreum cipher rocossos fho Inuf oIomonfs
confInuousIy, roducIng oufuf ono oIomonf nf n fImo, ns If goos nIong.

CRYPTANAIYSIS
Thoro nro tuo generul upproucheo fo nffnckIng n convonfIonnI oncryfIon schomo:

CvyptunuIysIs:
CryfnnnIyfIc nffncks roIy on fho nnfuro of fho nIgorIfhm Ius orhns somo
knowIodgo of fho gonornI chnrncforIsfIcs of fho InInfoxf or ovon somo snmIo InInfoxf
- cIhorfoxf nIrs.
ThIs fyo of nffnck oxIoIfs fho chnrncforIsfIcs of fho nIgorIfhm fo nffomf fo
doduco n socIfIc InInfoxf or fo doduco fho koy boIng usod. If fho nffnck succoods In
doducIng fho koy, fho offocf Is cnfnsfrohIc: AII fufuro nnd nsf mossngos oncryfod
wIfh fhnf koy nro comromIsod.

Bvute-Iovce uttuck:
Tho nffnckor frIos ovory ossIbIo koy on n Ioco of cIhorfoxf unfII nn InfoIIIgIbIo
frnnsInfIon Info InInfoxf Is obfnInod. On nvorngo, hnIf of nII ossIbIo koys musf bo frIod
fo nchIovo succoss.

pIunutIon:
CvyptunuIysIs:
TnbIo summnrIzos fho vnrIous fyos of cryfnnnIyfIc nffncks, bnsod on fho
nmounf of InformnfIon known fo fho cryfnnnIysf. Tho mosf dIffIcuIf robIom Is
rosonfod whon nII fhnf Is nvnIInbIo Is fho ciphertert only.
In somo cnsos, nof ovon fho oncryfIon nIgorIfhm Is known, buf In gonornI wo
cnn nssumo fhnf fho oononf doos know fho nIgorIfhm usod for oncryfIon. Ono
ossIbIo nffnck undor fhoso cIrcumsfnncos Is fho brufo-forco nronch of fryIng nII
ossIbIo koys. If fho koy snco Is vory Inrgo, fhIs bocomos ImrncfIcnI.
Thus, fho oononf musf roIy on nn nnnIysIs of fho cIhorfoxf IfsoIf, gonornIIy
nIyIng vnrIous sfnfIsfIcnI fosfs fo If. To uso fhIs nronch, fho oononf musf hnvo
somo gonornI Idon of fho fyo of InInfoxf fhnf Is conconIod, such ns IngIIsh or Ironch
foxf, nn MS-OS IXI fIIo, n Jnvn sourco IIsfIng, nn nccounfIng fIIo, nnd so on.
Tho ciphertert-only uttuck Is fho onsIosf fo dofond ngnInsf bocnuso fho
oononf hns fho Ionsf nmounf of InformnfIon fo work wIfh. In mnny cnsos, howovor,
fho nnnIysf hns moro InformnfIon. Tho nnnIysf mny bo nbIo fo cnfuro ono or moro
InInfoxf mossngos ns woII ns fhoIr oncryfIons.

Or fho nnnIysf mny know fhnf corfnIn InInfoxf nfforns wIII nonr In n
mossngo. Ior oxnmIo, n fIIo fhnf Is oncodod In fho IosfscrIf formnf nIwnys bogIns
wIfh fho snmo nfforn, or fhoro mny bo n sfnndnrdIzod hondor or bnnnor fo nn
oIocfronIc funds frnnsfor mossngo, nnd so on. AII fhoso nro oxnmIos of knoun
pluintert. WIfh fhIs knowIodgo, fho nnnIysf mny bo nbIo fo doduco fho koy on fho bnsIs
of fho wny In whIch fho known InInfoxf Is frnnsformod.
CIosoIy roInfod fo fho known-InInfoxf nffnck Is whnf mIghf bo roforrod fo ns n

probuble uorJ uttuck. If fho oononf Is workIng wIfh fho oncryfIon of somo gonornI
roso mossngo, ho or sho mny hnvo IIffIo knowIodgo of whnf Is In fho mossngo.
Howovor, If fho oononf Is nffor somo vory socIfIc InformnfIon, fhon nrfs of fho
mossngo mny bo known.
Ior oxnmIo, If nn onfIro nccounfIng fIIo Is boIng frnnsmIffod, fho oononf mny
know fho Incomonf of corfnIn koy words In fho hondor of fho fIIo. As nnofhor oxnmIo,
fho sourco codo for n rogrnm dovoIood by CorornfIon X mIghf IncIudo n coyrIghf
sfnfomonf In somo sfnndnrdIzod osIfIon.

If fho nnnIysf Is nbIo somohow fo gof fho sourco sysfom fo Insorf Info fho sysfom
n mossngo choson by fho nnnIysf, fhon n chooen-pluintert nffnck Is ossIbIo. In
gonornI, If fho nnnIysf Is nbIo fo chooso fho mossngos fo oncryf, fho nnnIysf mny
doIIbornfoIy Ick nfforns fhnf cnn bo oxocfod fo rovonI fho sfrucfuro of fho koy.

An oncryfIon schomo Is unconJitionully oecure If fho cIhorfoxf gonornfod by
fho schomo doos nof confnIn onough InformnfIon fo doformIno unIquoIy fho
corrosondIng InInfoxf, no mnffor how much cIhorfoxf Is nvnIInbIo. Thnf Is, no mnffor
how much fImo nn oononf hns, If Is ImossIbIo for hIm or hor fo docryf fho
cIhorfoxf, sImIy bocnuso fho roquIrod InformnfIon Is nof fhoro. WIfh fho oxcofIon of
n schomo known ns fho ono-fImo nd (doscrIbod Infor In fhIs chnfor), fhoro Is no
oncryfIon nIgorIfhm fhnf Is uncondIfIonnIIy socuro.

Thoroforo, nII fhnf fho usors of nn oncryfIon nIgorIfhm cnn sfrIvo for Is nn
nIgorIfhm fhnf moofs ono or bofh of fho foIIowIng crIforIn:
Tho cosf of bronkIng fho cIhor oxcoods fho vnIuo of fho oncryfod InformnfIon.
Tho fImo roquIrod fo bronk fho cIhor oxcoods fho usofuI IIfofImo of fho
InformnfIon.
An oncryfIon schomo Is snId fo bo compututionully oecure If fho forogoIng fwo
crIforIn nro mof.

Bvute-Iovce AppvoucL:
Wo cnn consIdor fho fImo roquIrod fo uso n brufo-forco nronch, whIch sImIy
InvoIvos fryIng ovory ossIbIo koy unfII nn InfoIIIgIbIo frnnsInfIon of fho cIhorfoxf Info
InInfoxf Is obfnInod. On nvorngo, hnIf of nII ossIbIo koys musf bo frIod fo nchIovo
succoss.

TnbIo shows how much fImo Is InvoIvod for vnrIous koy sncos. !osuIfs nro
shown for fhroo bInnry koy sIzos. Tho 56-bIf koy sIzo Is usod wIfh fho S (nfn
IncryfIon Sfnndnrd) nIgorIfhm, nnd fho l68-bIf koy sIzo Is usod for frIIo IS. Tho
mInImum koy sIzo socIfIod for AS (ndvnncod oncryfIon sfnndnrd) Is l28 bIfs.
!osuIfs nro nIso shown for whnf nro cnIIod oubotitution coJeo fhnf uso n 26-
chnrncfor koy (dIscussod Infor), In whIch nII ossIbIo ormufnfIons of fho 26 chnrncfors
sorvo ns koys.

Ior onch koy sIzo, fho rosuIfs nro shown nssumIng fhnf If fnkos l s fo orform n
sIngIo docryfIon, whIch Is n ronsonnbIo ordor of mngnIfudo for fodny's mnchInos. WIfh
fho uso of mnssIvoIy nrnIIoI orgnnIznfIons of mIcrorocossors, If mny bo ossIbIo fo
nchIovo rocossIng rnfos mnny ordors of mngnIfudo gronfor.
Tho fInnI coIumn of TnbIo consIdors fho rosuIfs for n sysfom fhnf cnn rocoss l
mIIIIon koys or mIcrosocond. As you cnn soo, nf fhIs orformnnco IovoI, IS cnn no
Iongor bo consIdorod comufnfIonnIIy socuro.

Avevuge TIme RequIved Iov LuustIve Key SeuvcL
1.B SUBSTITUTION TCHNIQUS

Tho fwo bnsIc buIIdIng bIocks of nII oncryfIon fochnIquos: subsfIfufIon nnd
frnnsosIfIon. A subsfIfufIon fochnIquo Is ono In whIch fho Ioffors of InInfoxf nro
roIncod by ofhor Ioffors or by numbors or symboIs. If fho InInfoxf Is vIowod ns n
soquonco of bIfs, fhon subsfIfufIon InvoIvos roIncIng InInfoxf bIf nfforns wIfh
cIhorfoxf bIf nfforns.

CASAR CIPHR
Tho onrIIosf known uso of n subsfIfufIon cIhor, nnd fho sImIosf, wns by JuIIus
Cnosnr. Tho Cnosnr cIhor InvoIvos roIncIng onch Ioffor of fho nIhnbof wIfh fho Ioffor
sfnndIng fhroo Incos furfhor down fho nIhnbof. Ior oxnmIo:
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
ofo fhnf fho nIhnbof Is wrnod nround, so fhnf fho Ioffor foIIowIng Z Is A. Wo
cnn dofIno fho frnnsformnfIon by IIsfIng nII ossIbIIIfIos, ns foIIows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
!of us nssIgn n numorIcnI oquIvnIonf fo onch Ioffor:

Thon fho nIgorIfhm cnn bo oxrossod ns foIIows. Ior onch InInfoxf Ioffor p,
subsfIfufo fho cIhorfoxf Ioffor C.
C = I(p) = (p + 3) mod (26)
A shIff mny bo of nny nmounf, so fhnf fho gonornI Cnosnr nIgorIfhm Is:
C = I(p) = (p + l) mod (26)
whoro l fnkos on n vnIuo In fho rnngo l fo 25. Tho docryfIon nIgorIfhm Is sImIy:
p = (C) = (C l) mod (26)

If If Is known fhnf n gIvon cIhorfoxf Is n Cnosnr cIhor, fhon n brufo-forco
cryfnnnIysIs Is onsIIy orformod: sImIy fry nII fho 25 ossIbIo koys. IIguro shows fho
rosuIfs of nIyIng fhIs sfrnfogy fo fho oxnmIo cIhorfoxf. In fhIs cnso, fho InInfoxf
Ions ouf ns occuyIng fho fhIrd IIno.

PHHW PH DIWHU WKH WRJD SDUWB
KEY
1 oggv og chvgt vjg vqic rctva
2 nffu nf bgufs uif uphb qbsuz
3 meet me after the toga party
4 ldds ld zesdq sgd snfz ozqsx
5 kccr kc ydrcp rfc rmey nyprw
6 jbbq jb xcqbo qeb qldx mxoqv
7 iaap ia wbpan pda pkcw lwnpu
8 hzzo hz vaozm ocz ojbv kvmot
9 gyyn gy uznyl nby niau julns
10 fxxm fx tymxk max mhzt itkmr
11 ewwl ew sxlwj lzw lgys hsjlq
12 dvvk dv rwkvi kyv kfxr grikp
13 cuuj cu qvjuh jxu jewq fqhjo
14 btti bt puitg iwt idvp epgin
15 assh as othsf hvs hcuo dofhm
16 zrrg zr nsgre gur gbtn cnegl
17 yqqf yq mrfqd ftq fasm bmdfk
18 xppe xp lqepc esp ezrl alcej
19 wood wo kpdob dro dyqk zkbdi
20 vnnc vn jocna cqn cxpj yjach
21 ummb um inbmz bpm bwoi xizbg
22 tlla tl hmaly aol avnh whyaf
23 skkz sk glzkx znk zumg vgxze
24 rjjy rj fkyjw ymj ytlf ufwyd
25 qiix qi ejxiv xli xske tevxc

Bvute-Iovce CvyptunuIysIs oI Cuesuv CIpLev

Three importunt churucteriotico of fhIs robIom onnbIod us fo uso n brufo-
forco cryfnnnIysIs:
1. Tho oncryfIon nnd docryfIon nIgorIfhms nro known.
2. Thoro nro onIy 25 koys fo fry.
3. Tho Inngungo of fho InInfoxf Is known nnd onsIIy rocognIznbIo

In mosf nofworkIng sIfunfIons, wo cnn nssumo fhnf fho nIgorIfhms nro known.
Whnf gonornIIy mnkos brufo-forco cryfnnnIysIs ImrncfIcnI Is fho uso of nn nIgorIfhm
fhnf omIoys n Inrgo numbor of koys. Ior oxnmIo, fho frIIo IS nIgorIfhm mnkos uso
of n l68-bIf koy, gIvIng n koy snco of 28
l6
or gronfor fhnn 3.? X l0
50
ossIbIo koys.

Tho fhIrd chnrncforIsfIc Is nIso sIgnIfIcnnf. If fho Inngungo of fho InInfoxf Is
unknown, fhon InInfoxf oufuf mny nof bo rocognIznbIo. Iurfhormoro, fho Inuf mny
bo nbbrovInfod or comrossod In somo fnshIon, ngnIn mnkIng rocognIfIon dIffIcuIf.

MONOAIPHABTIC CIPHRS
WIfh onIy 25 ossIbIo koys, fho Cnosnr cIhor Is fnr from socuro. A drnmnfIc
Incronso In fho koy snco cnn bo nchIovod by nIIowIng nn nrbIfrnry subsfIfufIon. !ocnII
fho nssIgnmonf for fho Cnosnr cIhor:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

If, Insfond, fho "cIhor" IIno cnn bo nny ormufnfIon of fho 26 nIhnbofIc
chnrncfors, fhon fhoro nro 26! or gronfor fhnn 4 X l0
26
ossIbIo koys. ThIs Is l0 ordors of
mngnIfudo gronfor fhnn fho koy snco for IS nnd wouId soom fo oIImInnfo brufo-forco
fochnIquos for cryfnnnIysIs. Such nn nronch Is roforrod fo ns n monoulphubetic
oubotitution cipher, bocnuso n sIngIo cIhor nIhnbof (mnIng from InIn nIhnbof fo
cIhor nIhnbof) Is usod or mossngo.

MononIhnbofIc cIhors nro onsy fo bronk bocnuso fhoy rofIocf fho froquoncy
dnfn of fho orIgInnI nIhnbof. A counformonsuro Is fo rovIdo muIfIIo subsfIfufos,
known ns homohonos, for n sIngIo Ioffor.

Ior oxnmIo, fho Ioffor o couId bo nssIgnod n numbor of dIfforonf cIhor symboIs,
such ns l6, ?4, 35, nnd 2l, wIfh onch homohono usod In rofnfIon, or rnndomIy. If fho
numbor of symboIs nssIgnod fo onch Ioffor Is roorfIonnI fo fho roInfIvo froquoncy of
fhnf Ioffor, fhon sIngIo-Ioffor froquoncy InformnfIon Is comIofoIy obIIfornfod.
Howovor, ovon wIfh homohonos, onch oIomonf of InInfoxf nffocfs onIy ono
oIomonf of cIhorfoxf, nnd muIfIIo-Ioffor nfforns (o.g., dIgrnm froquoncIos) sfIII
survIvo In fho cIhorfoxf, mnkIng cryfnnnIysIs roInfIvoIy sfrnIghfforwnrd.

Tuo principul methoJo nro usod In subsfIfufIon cIhors fo Iosson fho oxfonf fo
whIch fho sfrucfuro of fho InInfoxf survIvos In fho cIhorfoxf: Ono nronch Is fo
oncryf muIfIIo Ioffors of InInfoxf, nnd fho ofhor Is fo uso muIfIIo cIhor nIhnbofs.

PIAYIAIR CIPHR
Tho bosf-known muIfIIo-Ioffor oncryfIon cIhor Is fho IInyfnIr, whIch fronfs
dIgrnms In fho InInfoxf ns sIngIo unIfs nnd frnnsInfos fhoso unIfs Info cIhorfoxf
dIgrnms. Tho IInyfnIr nIgorIfhm Is bnsod on fho uso of n 5 X 5 mnfrIx of Ioffors
consfrucfod usIng n koyword.

Erumple: soIvod by !ord Iofor WImsoy In orofhy Snyors's Hote Hie Corcoee

In fhIs cnso, fho koyword Is nonorcI,. Tho mnfrIx Is consfrucfod by fIIIIng In fho
Ioffors of fho koyword (mInus duIIcnfos) from Ioff fo rIghf nnd from fo fo boffom, nnd
fhon fIIIIng In fho romnIndor of fho mnfrIx wIfh fho romnInIng Ioffors In nIhnbofIc
ordor. Tho Ioffors I nnd J counf ns ono Ioffor. IInInfoxf Is oncryfod fwo Ioffors nf n
fImo, nccordIng fo fho follouing ruleo:
l) !oonfIng InInfoxf Ioffors fhnf wouId fnII In fho snmo nIr nro sonrnfod wIfh n
fIIIor Ioffor, such ns x, so fhnf bnIIoon wouId bo oncIhorod ns bn Ix Io on.
2) IInInfoxf Ioffors fhnf fnII In fho snmo row of fho mnfrIx nro onch roIncod by fho
Ioffor fo fho rIghf, wIfh fho fIrsf oIomonf of fho row cIrcuInrIy foIIowIng fho Insf.
Ior oxnmIo, nr Is oncryfod ns !M.
3) IInInfoxf Ioffors fhnf fnII In fho snmo coIumn nro onch roIncod by fho Ioffor
bononfh, wIfh fho fo oIomonf of fho row cIrcuInrIy foIIowIng fho Insf. Ior
oxnmIo, mu Is oncryfod ns CM.
4) OfhorwIso, onch InInfoxf Ioffor Is roIncod by fho Ioffor fhnf IIos In Ifs own row
nnd fho coIumn occuIod by fho ofhor InInfoxf Ioffor. Thus, hs bocomos II nnd
on bocomos IM (or JM, ns fho oncIhoror wIshos).

Tho IInyfnIr cIhor Is n gronf ndvnnco ovor sImIo mononIhnbofIc cIhors. Ior
ono fhIng, whorons fhoro nro onIy 26 Ioffors, fhoro nro 26 X 26 = 6?6 dIgrnms, so fhnf
IdonfIfIcnfIon of IndIvIdunI dIgrnms Is moro dIffIcuIf.
Iurfhormoro, fho roInfIvo froquoncIos of IndIvIdunI Ioffors oxhIbIf n much
gronfor rnngo fhnn fhnf of dIgrnms, mnkIng froquoncy nnnIysIs much moro dIffIcuIf. Ior
fhoso ronsons, fho IInyfnIr cIhor wns for n Iong fImo consIdorod unbreukuble.
osIfo fhIs IovoI of confIdonco In Ifs socurIfy, fho IInyfnIr cIhor Is roInfIvoIy
euoy to breuk bocnuso If sfIII Ionvos much of fho sfrucfuro of fho InInfoxf Inngungo
Infncf. A fow hundrod Ioffors of cIhorfoxf nro gonornIIy suffIcIonf.
Ono wny of rovonIIng fho offocfIvonoss of fho IInyfnIr nnd ofhor cIhors Is shown
In IIguro. Tho IIno InboIod ploinIexI Iofs fho froquoncy dIsfrIbufIon of fho moro fhnn
?0,000 nIhnbofIc chnrncfors In fho 1nc,clopoeJio BriIIonico nrfIcIo on cryfoIogy. ThIs
Is nIso fho froquoncy dIsfrIbufIon of nny mononIhnbofIc subsfIfufIon cIhor.

HIII CIPHR
Anofhor InforosfIng muIfIIoffor cIhor Is fho HIII cIhor, dovoIood by fho
mnfhomnfIcInn !osfor HIII In l929. Tho oncryfIon nIgorIfhm fnkos n succossIvo
InInfoxf Ioffors nnd subsfIfufos for fhom n cIhorfoxf Ioffors. Tho subsfIfufIon Is
doformInod by n IInonr oqunfIons In whIch onch chnrncfor Is nssIgnod n numorIcnI
vnIuo (n = 0, b = l,. z = 25). Ior n = 3, fho sysfom cnn bo doscrIbod ns foIIows:
Cl = (llll + ll22 + ll33) mod 26
C2 = (l2ll + l222 + l233) mod 26
C3 = (l3ll + l322 + l333) mod 26
ThIs cnn bo oxrossod In form of coIumn vocfors nnd mnfrIcos:

or
C = KP mod 26
whoro C nnd P nro coIumn vocfors of Iongfh 3, rorosonfIng fho InInfoxf nnd
cIhorfoxf, nnd K Is n 3X3 mnfrIx, rorosonfIng fho oncryfIon koy. OornfIons nro
orformod mod 26.

For erumple, consIdor fho InInfoxf "nymoromonoy", nnd uso fho encryption koy

Tho fIrsf fhroo Ioffors of fho InInfoxf nro rorosonfod by fho vocfor (l5 0 24).
Thon K(l5 0 24) = (3?5 8l9 486) mod 26 = (ll l3 l8) = !S. ConfInuIng In fhIs fnshIon,
fho cIhorfoxf for fho onfIro InInfoxf Is !SH!IWMT!W.
Decryption roquIros usIng fho Invorso of fho mnfrIx K. Tho Invorso K
l
of n
mnfrIx K Is dofInod by fho oqunfIon KK
l
= K
l
K = I, whoro I Is fho mnfrIx fhnf Is nII
zoros oxcof for onos nIong fho mnIn dIngonnI from uor Ioff fo Iowor rIghf.
Tho Invorso of n mnfrIx doos nof nIwnys oxIsf, buf whon If doos, If snfIsfIos fho
rocodIng oqunfIon. In fhIs cnso, fho Invorso Is:

ThIs Is domonsfrnfod ns foIIows:

If Is onsIIy soon fhnf If fho mnfrIx K

l
Is nIIod fo fho cIhorfoxf, fhon fho
InInfoxf Is rocovorod. To oxInIn how fho Invorso of n mnfrIx Is doformInod, wo mnko
nn oxcoodIngIy brIof oxcursIon Info IInonr nIgobrn; fho Inforosfod rondor musf consuIf
nny foxf on fhnf subjocf for gronfor dofnII.
Ior nny squnro mnfrIx (m X m), fho doformInnnf oqunIs fho sum of nII fho
roducfs fhnf cnn bo formod by fnkIng oxncfIy ono oIomonf from onch row nnd oxncfIy
ono oIomonf from onch coIumn, wIfh corfnIn of fho roducf forms rocodod by n mInus
sIgn. Ior n 2X2 mnfrIx,

fho doformInnnf Is kllk22 kl2k2l. Ior n 3X3 mnfrIx, fho vnIuo of fho doformInnnf Is
kllk22k33 + k2lk32kl3 + k3lkl2k23 k3lk22kl3 k2lkl2k33 kllk32k23. If n squnro mnfrIx A
hns n nonzoro doformInnnf, fhon fho Invorso of fho mnfrIx Is comufod ns

Whoro (Ij) Is fho subdoformInnnf formod by doIofIng fho Ifh row nnd fho jfh coIumn of
A nnd dof(A) Is fho doformInnnf of A. Ior our urosos, nII nrIfhmofIc Is dono mod 26.

In gonornI forms, fho HIII sysfom cnn bo oxrossod ns foIIows:
C = IK(P) = KP mod 26
P = K(C) = K
l
C mod 26 = K
l
KP = P

Tho HIII cIhor Is sfrong ngnInsf n cIhorfoxf-onIy nffnck, If Is onsIIy brokon wIfh
n known InInfoxf nffnck. Ior nn m X m HIII cIhor, suoso wo hnvo m InInfoxf-
cIhorfoxf nIrs, onch of Iongfh m.
Wo InboI fho nIrs Ij = (lj, 2j, . mj) nnd Cj = (Clj, C2j, . Cmj) such fhnf Cj = KIj
for l _ j _ m nnd for somo unknown koy mnfrIx K. ow dofIno fwo m X m mnfrIcos X =
(Ij) nnd Y = (CIj). Thon wo cnn form fho mnfrIx oqunfIon Y = KX.
If X hns nn Invorso, fhon wo cnn doformIno K = YX
l
. If X Is nof InvorfIbIo, fhon n
now vorsIon of X cnn bo formod wIfh nddIfIonnI InInfoxf-cIhorfoxf nIrs unfII nn
InvorfIbIo X Is obfnInod.

umpIe:
Suoso fhnf fho InInfoxf "frIdny" Is oncryfod usIng n 2X2 HIII cIhor fo yIoId
fho cIhorfoxf IQCIK!. Thus, wo know fhnf K(5 l?) = (l5 l6); K(8 3) = (2 5); nnd K(0
24) = (l0 20). !sIng fho fIrsf fwo InInfoxf-cIhorfoxf nIrs, wo hnvo

Tho Invorso of X cnn bo comufod:

so

ThIs rosuIf Is vorIfIod by fosfIng fho romnInIng InInfoxf-cIhorfoxf nIr.

POIYAIPHABTIC CIPHRS
Anofhor wny fo Imrovo on fho sImIo mononIhnbofIc fochnIquo Is fo uso
dIfforonf mononIhnbofIc subsfIfufIons ns ono rocoods fhrough fho InInfoxf mossngo.
Tho gonornI nnmo for fhIs nronch Is poIyuIpLubetIc substItutIon cIpLev.

AII fhoso fochnIquos hnvo fho foIIowIng fonfuros In common:
l. A sof of roInfod mononIhnbofIc subsfIfufIon ruIos Is usod.
2. A koy doformInos whIch nrfIcuInr ruIo Is choson for n gIvon frnnsformnfIon.

Tho bosf-known, nnd ono of fho sImIosf, such nIgorIfhms Is roforrod fo ns fho
VIgonoro cIhor. In fhIs schomo, fho sof of roInfod mononIhnbofIc subsfIfufIon ruIos
consIsfs of fho 26 Cnosnr cIhors, wIfh shIffs of 0 fhrough 25.

Inch cIhor Is donofod by n koy Ioffor, whIch Is fho cIhorfoxf Ioffor fhnf
subsfIfufos for fho InInfoxf Ioffor n. Thus, n Cnosnr cIhor wIfh n shIff of 3 Is donofod
by fho koy vnIuo J.

TLe Modevn VIgenve TubIeuu

To nId In undorsfnndIng fho schomo nnd fo nId In Ifs uso, n mnfrIx known ns fho
VIgonoro fnbIonu Is consfrucfod (Abovo TnbIo). Inch of fho 26 cIhors Is InId ouf
horIzonfnIIy, wIfh fho koy Ioffor for onch cIhor fo Ifs Ioff.
A normnI nIhnbof for fho InInfoxf runs ncross fho fo. Tho rocoss of
oncryfIon Is sImIo: CIvon n koy Ioffor x nnd n InInfoxf Ioffor y, fho cIhorfoxf Ioffor
Is nf fho InforsocfIon of fho row InboIod x nnd fho coIumn InboIod y; In fhIs cnso fho
cIhorfoxf Is V.
To encrypt n mossngo, n koy Is noodod fhnf Is ns Iong ns fho mossngo. !sunIIy,
fho koy Is n roonfIng koyword. Ior oxnmIo, If fho koyword Is JecepIite, fho mossngo
"wo nro dIscovorod snvo yoursoIf" Is oncryfod ns foIIows:

Decryption Is oqunIIy sImIo. Tho koy Ioffor ngnIn IdonfIfIos fho row. Tho
osIfIon of fho cIhorfoxf Ioffor In fhnf row doformInos fho coIumn, nnd fho InInfoxf
Ioffor Is nf fho fo of fhnf coIumn.

Tho otrength of thio cipher Is fhnf fhoro nro muIfIIo cIhorfoxf Ioffors for
onch InInfoxf Ioffor, ono for onch unIquo Ioffor of fho koyword. Thus, fho Ioffor
froquoncy InformnfIon Is obscurod. Howovor, nof nII knowIodgo of fho InInfoxf
sfrucfuro Is Iosf.

If fho koyword Iongfh Is A, fhon fho cIhor, In offocf, consIsfs of A
mononIhnbofIc subsfIfufIon cIhors. Ior oxnmIo, wIfh fho koyword ICIITIVI, fho
Ioffors In osIfIons l, l0, l9, nnd so on nro nII oncryfod wIfh fho snmo mononIhnbofIc
cIhor. Thus, wo cnn uso fho known froquoncy chnrncforIsfIcs of fho InInfoxf Inngungo
fo nffnck onch of fho mononIhnbofIc cIhors sonrnfoIy.

Tho orIodIc nnfuro of fho koyword cnn bo oIImInnfod by usIng n nonrepeuting
keyuorJ fhnf Is ns Iong ns fho mossngo IfsoIf. VIgonoro roosod whnf Is roforrod fo ns
nn uutokey oyotem, In whIch n koyword Is concnfonnfod wIfh fho InInfoxf IfsoIf fo
rovIdo n runnIng koy.

Ior our oxnmIo:

Tho uIfImnfo dofonso ngnInsf such n cryfnnnIysIs Is fo chooso n koyword fhnf Is
ns Iong ns fho InInfoxf nnd hns no sfnfIsfIcnI roInfIonshI fo If. Such n sysfom wns
Infroducod by nn AT&T ongInoor nnmod CIIborf Vernum In l9l8. HIs sysfom works on
bInnry dnfn rnfhor fhnn Ioffors.

Tho sysfom cnn bo oxrossod succIncfIy ns foIIows:

whoro
i = ifh bInnry dIgIf of InInfoxf
li = ifh bInnry dIgIf of koy
Ci = ifh bInnry dIgIf of cIhorfoxf
= oxcIusIvo-or (XO!) oornfIon

Thus, fho cIhorfoxf Is gonornfod by orformIng fho bIfwIso XO! of fho InInfoxf
nnd fho koy. Iocnuso of fho roorfIos of fho XO!, docryfIon sImIy InvoIvos fho snmo
bIfwIso oornfIon:

Tho ossonco of fhIs fochnIquo Is fho monns of consfrucfIon of fho koy. Vornnm
roosod fho uso of n runnIng Ioo of fno fhnf ovonfunIIy roonfod fho koy, so fhnf In
fncf fho sysfom workod wIfh n vory Iong buf roonfIng koyword.
AIfhough such n schomo, wIfh n Iong koy, rosonfs formIdnbIo cryfnnnIyfIc
dIffIcuIfIos, If cnn bo brokon wIfh suffIcIonf cIhorfoxf, fho uso of known or robnbIo
InInfoxf soquoncos, or bofh.

ON-TIM PA
An Army SIgnnI Cor offIcor, Josoh Mnuborgno, roosod nn Imrovomonf fo
fho Vornnm cIhor fhnf yIoIds fho uIfImnfo In socurIfy.
Mnuborgno suggosfod usIng n rnndom koy fhnf wns fruIy ns Iong ns fho mossngo,
wIfh no roofIfIons. Such n schomo, known ns n one-tIme pud, Is unbronknbIo.
If roducos rnndom oufuf fhnf bonrs no sfnfIsfIcnI roInfIonshI fo fho InInfoxf.
Iocnuso fho cIhorfoxf confnIns no InformnfIon whnfsoovor nbouf fho InInfoxf, fhoro Is
sImIy no wny fo bronk fho codo.
Suoso fhnf wo nro usIng n Vigenre ocheme wIfh 2? chnrncfors In whIch fho
fwonfy-sovonfh chnrncfor Is fho snco chnrncfor, buf wIfh n ono-fImo koy fhnf Is ns Iong
ns fho mossngo.
ConsIdor fho cIhorfoxf

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Wo now show fwo dIfforonf docryfIons usIng fwo dIfforonf koys:

Suoso fhnf n cryfnnnIysf hnd mnnngod fo fInd fhoso fwo koys. Two InusIbIo
InInfoxfs nro roducod.

Hou io the cryptunulyot to JeciJe uhich io the correct Jecryption, i.e.,
uhich io the correct keyr If fho ncfunI koy woro roducod In n fruIy rnndom fnshIon,
fhon fho cryfnnnIysf cnnnof sny fhnf ono of fhoso fwo koys Is moro IIkoIy fhnn fho
ofhor. Thus, fhoro Is no wny fo docIdo whIch koy Is corrocf nnd fhoroforo whIch
InInfoxf Is corrocf.

In fncf, gIvon nny InInfoxf of oqunI Iongfh fo fho cIhorfoxf, fhoro Is n koy fhnf
roducos fhnf InInfoxf. Thoroforo, If you dId nn oxhnusfIvo sonrch of nII ossIbIo koys,
you wouId ond u wIfh mnny IogIbIo InInfoxfs, wIfh no wny of knowIng whIch wns fho
Infondod InInfoxf. Thoroforo, fho coJe io unbreukuble.

Tho oecurity of the one-time puJ Is onfIroIy duo fo fho rnndomnoss of fho koy.
If fho sfronm of chnrncfors fhnf consfIfufo fho koy Is fruIy rnndom, fhon fho sfronm of
chnrncfors fhnf consfIfufo fho cIhorfoxf wIII bo fruIy rnndom. Thus, fhoro nro no
nfforns or roguInrIfIos fhnf n cryfnnnIysf cnn uso fo nffnck fho cIhorfoxf.

Tho ono-fImo nd offors comIofo socurIfy, In rncfIco, hns fwo fundnmonfnI dIffIcuIfIos:

l) Thoro Is fho rncfIcnI robIom of mnkIng Inrgo qunnfIfIos of rnndom koys. Any
honvIIy usod sysfom mIghf roquIro mIIIIons of rnndom chnrncfors on n roguInr
bnsIs. SuIyIng fruIy rnndom chnrncfors In fhIs voIumo Is n sIgnIfIcnnf fnsk.

2) Ivon moro dnunfIng Is fho robIom of koy dIsfrIbufIon nnd rofocfIon. Ior ovory
mossngo fo bo sonf, n koy of oqunI Iongfh Is noodod by bofh sondor nnd rocoIvor.
Thus, n mnmmofh koy dIsfrIbufIon robIom oxIsfs.

Iocnuso of fhoso dIffIcuIfIos, fho ono-fImo nd Is of IImIfod ufIIIfy, nnd Is usofuI
rImnrIIy for Iow-bnndwIdfh chnnnoIs roquIrIng vory hIgh socurIfy.

1.9 TRANSPOSITION TCHNIQUS
AII fho fochnIquos oxnmInod so fnr InvoIvo fho subsfIfufIon of n cIhorfoxf
symboI for n InInfoxf symboI. A vory dIfforonf kInd of mnIng Is nchIovod by
orformIng somo sorf of ormufnfIon on fho InInfoxf Ioffors. ThIs fochnIquo Is roforrod
fo ns n trunopooition cipher.

RAII INC TCHNIQU
Tho sImIosf such cIhor Is fho rnII fonco fochnIquo, In whIch fho InInfoxf Is
wrIffon down ns n soquonco of dIngonnIs nnd fhon rond off ns n soquonco of rows.

Ior oxnmIo, fo oncIhor fho mossngo "moof mo nffor fho fogn nrfy" wIfh n rnII fonco of
dofh 2, wo wrIfo fho foIIowIng:
m e m a t r h t g p r y
e t e f e t e o a a t
Tho oncryfod mossngo Is:

MIMAT!HTCI!YITIIITIOAAT

ThIs sorf of fhIng wouId bo frIvInI fo cryfnnnIyzo.
TRANSPOSITION CIPHR
A moro comIox schomo Is fo wrIfo fho mossngo In n rocfnngIo, row by row, nnd
rond fho mossngo off, coIumn by coIumn, buf ormufo fho ordor of fho coIumns. Tho
ordor of fho coIumns fhon bocomos fho koy fo fho nIgorIfhm. Ior oxnmIo:
Key: 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

A uro frnnsosIfIon cIhor Is onsIIy rocognIzod bocnuso If hns fho snmo Ioffor
froquoncIos ns fho orIgInnI InInfoxf. Ior fho fyo of coIumnnr frnnsosIfIon jusf shown,
cryfnnnIysIs Is fnIrIy sfrnIghfforwnrd nnd InvoIvos InyIng ouf fho cIhorfoxf In n
mnfrIx nnd InyIng nround wIfh coIumn osIfIons.

Igrnm nnd frIgrnm froquoncy fnbIos cnn bo usofuI. Tho frnnsosIfIon cIhor cnn
bo mndo sIgnIfIcnnfIy moro socuro by orformIng moro fhnn ono sfngo of frnnsosIfIon.
Tho rosuIf Is n moro comIox ormufnfIon fhnf Is nof onsIIy roconsfrucfod.

Thus, If fho forogoIng mossngo Is ro-oncryfod usIng fho snmo nIgorIfhm:
Key: 3 4 2 1 5 6 7
Input: t t n a a p t
m t s u o a o
d w c o i x k
n l y p e t z
Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

To vIsunIIzo fho rosuIf of fhIs doubIo frnnsosIfIon, dosIgnnfo fho Ioffors In fho
orIgInnI InInfoxf mossngo by fho numbors dosIgnnfIng fhoIr osIfIon.

Thus, wIfh 28 Ioffors In fho mossngo, fho orIgInnI soquonco of Ioffors Is:
0l 02 03 04 05 06 0? 08 09 l0 ll l2 l3 l4
l5 l6 l? l8 l9 20 2l 22 23 24 25 26 2? 28

Affor fho fIrsf frnnsosIfIon wo hnvo:
03 l0 l? 24 04 ll l8 25 02 09 l6 23 0l 08
l5 22 05 l2 l9 26 06 l3 20 2? 0? l4 2l 28
whIch hns n somowhnf roguInr sfrucfuro.

Iuf nffor fho socond frnnsosIfIon, wo hnvo:
l? 09 05 2? 24 l6 l2 0? l0 02 22 20 03 25
l5 l3 04 23 l9 l4 ll 0l 26 2l l8 08 06 28
ThIs Is n much Ioss sfrucfurod ormufnfIon nnd Is much moro dIffIcuIf fo cryfnnnIyzo.

1.10 ROTOR MACHINS
Tho bnsIc rIncIIo of fho rofor mnchIno Is IIIusfrnfod In IIguro. Tho mnchIno
consIsfs of n sof of IndoondonfIy rofnfIng cyIIndors fhrough whIch oIocfrIcnI uIsos cnn
fIow. Inch cyIIndor hns 26 Inuf Ins nnd 26 oufuf Ins, wIfh InfornnI wIrIng fhnf
connocfs onch Inuf In fo n unIquo oufuf In. Ior sImIIcIfy, onIy fhroo of fho InfornnI
connocfIons In onch cyIIndor nro shown.
If wo nssocInfo onch Inuf nnd oufuf In wIfh n Ioffor of fho nIhnbof, fhon n
sIngIo cyIIndor dofInos n mononIhnbofIc subsfIfufIon.

Ior erumple, In IIguro, If nn oornfor dorossos fho koy for fho Ioffor A, nn
oIocfrIc sIgnnI Is nIIod fo fho fIrsf In of fho fIrsf cyIIndor nnd fIows fhrough fho
InfornnI connocfIon fo fho fwonfy-fIffh oufuf In.
IInnIIy, for ovory comIofo rofnfIon of fho mIddIo cyIIndor, fho Innor cyIIndor
rofnfos ono In osIfIon. ThIs Is fho snmo fyo of oornfIon soon wIfh nn odomofor.
Tho rosuIf Is fhnf fhoro nro 26 X 26 X 26 = l?,5?6 dIfforonf subsfIfufIon
nIhnbofs usod boforo fho sysfom roonfs. Tho nddIfIon of fourfh nnd fIffh rofors rosuIfs
In orIods of 456,9?6 nnd ll,88l,3?6 Ioffors, rosocfIvoIy.
Tho sIgnIfIcnnco of fho rofor mnchIno fodny Is fhnf If oInfs fho wny fo fho mosf
wIdoIy usod cIhor ovor: fho nfn IncryfIon Sfnndnrd (IS).

TLvee-Rotov MucLIne WItL WIvIng Repvesented by Numbeved Contucts

1.11 STGANOGRAPHY
A InInfoxf mossngo mny bo hIddon In ono of fwo wnys. Tho mofhods of
sfognnogrnhy conconI fho oxIsfonco of fho mossngo, whorons fho mofhods of
cryfogrnhy rondor fho mossngo unInfoIIIgIbIo fo oufsIdors by vnrIous frnnsformnfIons
of fho foxf.

A sImIo form of sfognnogrnhy, buf ono fhnf Is fImo-consumIng fo consfrucf, Is
ono In whIch nn nrrnngomonf of words or Ioffors wIfhIn nn nnronfIy Innocuous foxf
soIIs ouf fho ronI mossngo.

VnrIous ofhor fochnIquos nro:

CLuvuctev muvkIng:
SoIocfod Ioffors of rInfod or fyowrIffon foxf nro ovorwrIffon In oncII. Tho
mnrks nro ordInnrIIy nof vIsIbIo unIoss fho nor Is hoId nf nn nngIo fo brIghf IIghf.

InvIsIbIe Ink:
A numbor of subsfnncos cnn bo usod for wrIfIng buf Ionvo no vIsIbIo frnco unfII
honf or somo chomIcnI Is nIIod fo fho nor.

PIn punctuves:
SmnII In uncfuros on soIocfod Ioffors nro ordInnrIIy nof vIsIbIo unIoss fho
nor Is hoId u In fronf of n IIghf.

TypewvItev covvectIon vIbbon:
!sod bofwoon IInos fyod wIfh n bInck rIbbon, fho rosuIfs of fyIng wIfh fho
corrocfIon fno nro vIsIbIo onIy undor n sfrong IIghf.

Sfognnogrnhy hns n numbor of drnwbncks whon comnrod fo oncryfIon. If
roquIros n Iof of ovorhond fo hIdo n roInfIvoIy fow bIfs of InformnfIon, nIfhough usIng
somo schomo IIko fhnf roosod In fho rocodIng nrngrnh mny mnko If moro offocfIvo.

AIso, onco fho sysfom Is dIscovorod, If bocomos vIrfunIIy worfhIoss. ThIs robIom,
foo, cnn bo ovorcomo If fho InsorfIon mofhod doonds on somo sorf of koy. AIfornnfIvoIy,
n mossngo cnn bo fIrsf oncryfod nnd fhon hIddon usIng sfognnogrnhy.

Tho uJtuntuge of otegunogruphy Is fhnf If cnn bo omIoyod by nrfIos who
hnvo somofhIng fo Ioso shouId fho fncf of fhoIr socrof communIcnfIon (nof nocossnrIIy
fho confonf) bo dIscovorod. IncryfIon fIngs frnffIc ns Imorfnnf or socrof or mny
IdonfIfy fho sondor or rocoIvor ns somoono wIfh somofhIng fo hIdo.

1.12 SIMPIIII S
SImIIfIod IS, dovoIood by Irofossor Idwnrd Schnofor of Snnfn CInrn
!nIvorsIfy, Is nn oducnfIonnI rnfhor fhnn n socuro oncryfIon nIgorIfhm. If hns sImIInr
roorfIos nnd sfrucfuro fo IS wIfh much smnIIor nrnmofors.

OVRVIW
IIguro IIIusfrnfos fho ovornII sfrucfuro of fho sImIIfIod IS, whIch wo wIII rofor
fo ns SIS. Tho S-IS oncryfIon nIgorIfhm fnkos nn 8-bIf bIock of InInfoxf (oxnmIo:
l0llll0l) nnd n l0-bIf koy ns Inuf nnd roducos nn 8-bIf bIock of cIhorfoxf ns oufuf.
Tho S-IS docryfIon nIgorIfhm fnkos nn 8-bIf bIock of cIhorfoxf nnd fho snmo
l0-bIf koy usod fo roduco fhnf cIhorfoxf ns Inuf nnd roducos fho orIgInnI 8-bIf bIock
of InInfoxf.

SImpIIIIed S ScLeme
Tho oncryfIon nIgorIfhm InvoIvos fite functiono: nn InIfInI ormufnfIon (II); n

comIox funcfIon InboIod fK, whIch InvoIvos bofh ormufnfIon nnd subsfIfufIon
oornfIons nnd doonds on n koy Inuf; n sImIo ormufnfIon funcfIon fhnf swIfchos
(SW) fho fwo hnIvos of fho dnfn; fho funcfIon fK ngnIn; nnd fInnIIy n ormufnfIon
funcfIon fhnf Is fho Invorso of fho InIfInI ormufnfIon (II
l
).

Tho uoe of multiple otugeo of ormufnfIon nnd subsfIfufIon rosuIfs In n moro
comIox nIgorIfhm, whIch Incronsos fho dIffIcuIfy of cryfnnnIysIs.

Tho function fK fnkos ns Inuf nof onIy fho dnfn nssIng fhrough fho
oncryfIon nIgorIfhm, buf nIso nn 8-bIf koy. Tho nIgorIfhm couId hnvo boon dosIgnod fo
work wIfh n l6-bIf koy, consIsfIng of fwo 8-bIf subkoys, ono usod for onch occurronco of
fK. AIfornnfIvoIy, n sIngIo 8-bIf koy couId hnvo boon usod, wIfh fho snmo koy usod fwIco
In fho nIgorIfhm.

A compromioe Is fo uso n l0-bIf koy from whIch fwo 8-bIf subkoys nro
gonornfod. In fhIs cnso, fho koy Is fIrsf subjocfod fo n ormufnfIon (Il0). Thon n shIff
oornfIon Is orformod. Tho oufuf of fho shIff oornfIon fhon nssos fhrough n
ormufnfIon funcfIon fhnf roducos nn 8-bIf oufuf (I8) for fho fIrsf subkoy (Kl). Tho
oufuf of fho shIff oornfIon nIso foods Info nnofhor shIff nnd nnofhor Insfnnco of I8 fo
roduco fho socond subkoy (K2).

Tho oncryfIon nIgorIfhm Is n comosIfIon3 of funcfIons:

whIch cnn nIso bo wrIffon ns:

whoro

ocryfIon Is fho rovorso of oncryfIon:

S-S KY GNRATION
S-IS doonds on fho uso of n l0-bIf koy shnrod bofwoon sondor nnd rocoIvor.
Irom fhIs koy, fwo 8-bIf subkoys nro roducod for uso In nrfIcuInr sfngos of fho
oncryfIon nnd docryfIon nIgorIfhm.

Key GenevutIon Iov SImpIIIIed S

IIrsf, ormufo fho koy In fho foIIowIng fnshIon. !of fho l0-bIf koy bo dosIgnnfod
ns (ll, l2, l3, l4, l5, l6, l?, l8, l9, ll0). Thon fho ormufnfIon Il0 Is dofInod ns:
Il0 (ll, l2, l3, l4, l5, l6, l?, l8, l9, ll0) = (l3, l5, l2, l?, l4, ll0, ll, l9, l8, l6)
Il0 cnn bo concIsoIy dofInod by fho dIsIny:

Ior oxnmIo, fho koy (l0l00000l0) Is ormufod fo (l00000ll00). oxf, orform

n cIrcuInr Ioff shIff (!Sl), or rofnfIon, sonrnfoIy on fho fIrsf fIvo bIfs nnd fho socond
fIvo bIfs. In our oxnmIo, fho rosuIf Is (0000l ll000).
oxf wo nIy I8, whIch Icks ouf nnd ormufos 8 of fho l0 bIfs nccordIng fo fho
foIIowIng ruIo:

Tho rosuIf Is subkoy l (Kl). In our oxnmIo, fhIs yIoIds (l0l00l00).

Wo fhon go bnck fo fho nIr of 5-bIf sfrIngs roducod by fho fwo !Sl funcfIons
nnd orforms n cIrcuInr Ioff shIff of 2 bIf osIfIons on onch sfrIng. In our oxnmIo, fho
vnIuo (0000lll000) bocomos (00l00 000ll). IInnIIy, I8 Is nIIod ngnIn fo roduco K2.
In our oxnmIo, fho rosuIf Is (0l0000ll).

S-S NCRYPTION
Tho oncryfIon InvoIvos fho soquonfInI nIIcnfIon of fite functiono.

InItIuI und IInuI PevmututIons
Tho Inuf fo fho nIgorIfhm Is nn 8-bIf bIock of InInfoxf, whIch wo fIrsf ormufo
usIng fho II funcfIon:

ThIs rofnIns nII 8 bIfs of fho InInfoxf buf mIxos fhom u. Af fho ond of fho
nIgorIfhm, fho Invorso ormufnfIon Is usod:

If Is onsy fo show by oxnmIo fhnf fho socond ormufnfIon Is Indood fho rovorso
of fho fIrsf; fhnf Is, II
l
(II(X)) = X.

SImpIIIIed S ncvyptIon etuII
TLe IunctIon IK
Tho mosf comIox comononf of S-IS Is fho funcfIon fK, whIch consIsfs of n
combInnfIon of ormufnfIon nnd subsfIfufIon funcfIons. Tho funcfIons cnn bo oxrossod
ns foIIows.
!of I nnd I bo fho Ioffmosf 4 bIfs nnd rIghfmosf 4 bIfs of fho 8-bIf Inuf fo fK,
nnd Iof I bo n mnIng (nof nocossnrIIy ono-fo-ono) from 4-bIf sfrIngs fo 4-bIf sfrIngs.
Thon wo Iof

whoro SK Is n subkoy nnd Is fho bIf-by-bIf oxcIusIvo-O! funcfIon. Ior oxnmIo,
suoso fho oufuf of fho II sfngo In IIguro Is (l0llll0l) nnd I(ll0l, SK) = (lll0) for
somo koy SK. Thon fK(l0llll0l) = (0l0lll0l) bocnuso (l0ll) (lll0) = (0l0l).

Wo now doscrIbo fho mupping F. Tho Inuf Is n 4-bIf numbor (nln2n3n4). Tho
fIrsf oornfIon Is nn oxnnsIon/ormufnfIon oornfIon:

Ior whnf foIIows, If Is cIonror fo doIcf fho rosuIf In fhIs fnshIon:

Tho 8-bIf subkoy Kl = (lll, ll2, ll3, ll4, ll5, ll6, ll?, ll8) Is nddod fo fhIs vnIuo
usIng oxcIusIvo- O!:

!of us ronnmo fhoso 8 bIfs:

Tho fIrsf four bIfs (fIrsf row of fho rocodIng mnfrIx) nro fod Info fho S-box S0 fo
roduco n 2-bIf oufuf, nnd fho romnInIng 4 bIfs (socond row) nro fod Info Sl fo roduco
nnofhor 2-bIf oufuf.
Thoso fwo boxos nro dofInod ns foIIows:

Tho S-boxos oornfo ns foIIows. Tho fIrsf nnd fourfh Inuf bIfs nro fronfod ns n
2-bIf numbor fhnf socIfy n row of fho S-box, nnd fho socond nnd fhIrd Inuf bIfs socIfy
n coIumn of fho Sbox. Tho onfry In fhnf row nnd coIumn, In bnso 2, Is fho 2-bIf oufuf.

Ior oxnmIo, If (p0,0 p0,3) = (00) nnd (p0,lp0,2) = (l0), fhon fho oufuf Is from row 0,
coIumn 2 of S0, whIch Is 3, or (ll) In bInnry. SImIInrIy, (pl,0 pl,3) nnd (pl,l pl,2) nro usod
fo Indox Info n row nnd coIumn of Sl fo roduco nn nddIfIonnI 2 bIfs.

oxf, fho 4 bIfs roducod by S0 nnd Sl undorgo n furfhor ormufnfIon ns foIIows:

Tho oufuf of I4 Is fho oufuf of fho funcfIon I.

TLe SwItcL IunctIon
Tho funcfIon fK onIy nIfors fho Ioffmosf 4 bIfs of fho Inuf. Tho swIfch funcfIon
(SW) Inforchnngos fho Ioff nnd rIghf 4 bIfs so fhnf fho socond Insfnnco of fK oornfos on
n dIfforonf 4 bIfs. In fhIs socond Insfnnco, fho I/I, S0, Sl, nnd I4 funcfIons nro fho
snmo. Tho koy Inuf Is K2.

ANAIYSIS OI SIMPIIII S
A brute-force uttuck on sImIIfIod IS Is corfnInIy fonsIbIo. WIfh n l0-bIf koy,
fhoro nro onIy 2
l0
= l024 ossIbIIIfIos.
CIvon n cIhorfoxf, nn nffnckor cnn fry onch ossIbIIIfy nnd nnnIyzo fho rosuIf fo
doformIno If If Is ronsonnbIo InInfoxf.
Whnf nbouf cryptunulyoio` !of us consIdor n known InInfoxf nffnck In whIch n

sIngIo InInfoxf (pl, p2, p3, p4, p5, p6, p?, p8) nnd Ifs cIhorfoxf oufuf (cl, c2, c3, c4,
c5, c6, c?, c8) nro known nnd fho koy (ll, l2, l3, l4, l5, l6, l?, l8, l9, ll0) Is unknown.
Thon onch ci Is n oIynomInI funcfIon gi of fho pj's nnd lj's.

Wo cnn fhoroforo oxross fho oncryfIon nIgorIfhm ns 8 nonIInonr oqunfIons In
l0 unknowns. Thoro nro n numbor of ossIbIo soIufIons, buf onch of fhoso couId bo
cnIcuInfod nnd fhon nnnIyzod. Inch of fho ormufnfIons nnd nddIfIons In fho nIgorIfhm
Is n IInonr mnIng.

Tho nonIInonrIfy comos from fho S-boxos. If Is usofuI fo wrIfo down fho oqunfIons
for fhoso boxos. Ior cInrIfy, ronnmo (p0,0, p0,l,p0,2, p0,3) = (o, I, c, J) nnd (pl,0,
pl,l,pl,2, pl,3) = (u, x, ,, c), nnd Iof fho 4-bIf oufuf bo (q, r, e, I)

Thon fho oornfIon of fho S0 Is dofInod by fho foIIowIng oqunfIons:
q = oIcJ + oI + oc + I + J
r = oIcJ + oIJ + oI + oc + oJ + o + c + l
whoro nII nddIfIons nro moduIo 2. SImIInr oqunfIons dofIno Sl.

AIfornnfIng IInonr mns wIfh fhoso nonIInonr mns rosuIfs In vory comIox
oIynomInI oxrossIons for fho cIhorfoxf bIfs, mnkIng cryfnnnIysIs dIffIcuIf. To
vIsunIIzo fho scnIo of fho robIom, nofo fhnf n oIynomInI oqunfIon In l0 unknowns In
bInnry nrIfhmofIc cnn hnvo 2
l0
ossIbIo forms.

On nvorngo, wo mIghf fhoroforo oxocf onch of fho 8 oqunfIons fo hnvo 2
9
forms.
Tho Inforosfod rondor mIghf fry fo fInd fhoso oqunfIons wIfh n symboIIc rocossor.
IIfhor fho rondor or fho soffwnro wIII gIvo u boforo much rogross Is mndo.

RIATIONSHIP TO S
IS oornfos on 64-bIf bIocks of Inuf. Tho oncryfIon schomo cnn bo dofInod ns:

A 56-bIf koy Is usod, from whIch sIxfoon 48-bIf subkoys nro cnIcuInfod. Thoro Is
nn InIfInI ormufnfIon of 56 bIfs foIIowod by n soquonco of shIffs nnd ormufnfIons of 48
bIfs. WIfhIn fho oncryfIon nIgorIfhm, Insfond of I ncfIng on 4 bIfs (nln2n3n4), If ncfs
on 32 bIfs (nl.n32).

Affor fho InIfInI oxnnsIon/ormufnfIon, fho oufuf of 48 bIfs cnn bo dIngrnmmod ns:

ThIs mnfrIx Is nddod (oxcIusIvo-O!) fo n 48-bIf subkoy. Thoro nro 8 rows,
corrosondIng fo 8 S-boxos. Inch S-box hns 4 rows nnd l6 coIumns. Tho fIrsf nnd Insf
bIf of n row of fho rocodIng mnfrIx Icks ouf n row of nn S-box, nnd fho mIddIo four bIfs
Ick ouf n coIumn.

1.13 BIOCK CIPHR PRINCIPIS
AII symmofrIc bIock oncryfIon nIgorIfhms In curronf uso nro bnsod on n
sfrucfuro roforrod fo ns n IoIsfoI bIock cIhor. Ior fhnf ronson, If Is Imorfnnf fo
oxnmIno fho dosIgn rIncIIos of fho IoIsfoI cIhor.

STRAM CIPHRS AN BIOCK CIPHRS
A otreum cipher Is ono fhnf oncryfs n dIgIfnI dnfn sfronm ono bIf or ono byfo nf
n fImo. IxnmIos of cInssIcnI sfronm cIhors nro fho nufokoyod VIgonoro cIhor nnd fho
Vornnm cIhor.
A block cipher Is ono In whIch n bIock of InInfoxf Is fronfod ns n whoIo nnd
usod fo roduco n cIhorfoxf bIock of oqunI Iongfh. TyIcnIIy, n bIock sIzo of 64 or l28
bIfs Is usod. !sIng somo of fho modos of oornfIon oxInInod Infor In fhIs chnfor, n
bIock cIhor cnn bo usod fo nchIovo fho snmo offocf ns n sfronm cIhor.
1.14 MOTIVATION IOR TH IISTI CIPHR STRUCTUR

A bIock cIhor oornfos on n InInfoxf bIock of n bIfs fo roduco n cIhorfoxf
bIock of n bIfs. Thoro nro 2
n
ossIbIo dIfforonf InInfoxf bIocks nnd, for fho oncryfIon fo
bo rovorsIbIo (I.o., for docryfIon fo bo ossIbIo), onch musf roduco n unIquo cIhorfoxf
bIock. Such n frnnsformnfIon Is cnIIod reteroible, or nonoingulur.

Tho foIIowIng oxnmIos IIIusfrnfo nonsInguInr nnd sInguInr frnnsformnfIon for n = 2.

In fho Inffor cnso, n cIhorfoxf of 0l couId hnvo boon roducod by ono of fwo
InInfoxf bIocks. So If wo IImIf oursoIvos fo rovorsIbIo mnIngs, fho numbor of
dIfforonf frnnsformnfIons Is 2
n
!

Cenerul n-bit-n-bit Block Subotitution (ohoun uith n = 4)
Figure IIIusfrnfos fho IogIc of n gonornI subsfIfufIon cIhor for n = 4. A 4-bIf

Inuf roducos ono of l6 ossIbIo Inuf sfnfos, whIch Is mnod by fho subsfIfufIon
cIhor Info n unIquo ono of l6 ossIbIo oufuf sfnfos, onch of whIch Is rorosonfod by 4
cIhorfoxf bIfs. Tho oncryfIon nnd docryfIon mnIngs cnn bo dofInod by fnbuInfIon,
ns shown In Tuble. ThIs Is fho mosf gonornI form of bIock cIhor nnd cnn bo usod fo
dofIno nny rovorsIbIo mnIng bofwoon InInfoxf nnd cIhorfoxf.

ncvyptIon und ecvyptIon TubIes Iov SubstItutIon CIpLev oI ubove IIguve

Iuf fhoro Is n pructicul problem wIfh fhIs nronch. If n omull block oixe,
such ns n = 4, Is usod, fhon fho sysfom Is oquIvnIonf fo n cInssIcnI subsfIfufIon cIhor.
Such sysfoms, ns wo hnvo soon, nro vuInornbIo fo n sfnfIsfIcnI nnnIysIs of fho InInfoxf.
ThIs wonknoss Is nof Inhoronf In fho uso of n subsfIfufIon cIhor buf rnfhor rosuIfs from
fho uso of n smnII bIock sIzo.

If n io oufficiently lurge nnd nn nrbIfrnry rovorsIbIo subsfIfufIon bofwoon
InInfoxf nnd cIhorfoxf Is nIIowod, fhon fho sfnfIsfIcnI chnrncforIsfIcs of fho sourco
InInfoxf nro mnskod fo such nn oxfonf fhnf fhIs fyo of cryfnnnIysIs Is InfonsIbIo.
An nrbIfrnry rovorsIbIo subsfIfufIon cIhor for n Inrgo bIock sIzo Is nof rncfIcnI,
howovor, from nn ImIomonfnfIon nnd orformnnco oInf of vIow. Ior such n
frnnsformnfIon, fho mnIng IfsoIf Is fho koy. ConsIdor ngnIn TnbIo, whIch dofInos ono
nrfIcuInr rovorsIbIo mnIng from InInfoxf fo cIhorfoxf for n = 4.
Tho mnIng cnn bo dofInod by fho onfrIos In fho socond coIumn, whIch show fho
vnIuo of fho cIhorfoxf for onch InInfoxf bIock. ThIs, In ossonco, Is fho koy fhnf
doformInos fho socIfIc mnIng from nmong nII ossIbIo mnIngs.
In fhIs cnso, fho koy roquIros 64 bIfs. In gonornI, for nn n-bIf gonornI subsfIfufIon
bIock cIhor, fho sIzo of fho koy Is n x 2
n
. Ior n 64-bIf bIock, whIch Is n dosIrnbIo Iongfh
fo fhwnrf sfnfIsfIcnI nffncks, fho koy sIzo Is 64 x 2
64
= 2
?0
-l0
2l
bIfs.

In conoiJering theoe Jifficultieo, IoIsfoI oInfs ouf fhnf whnf Is noodod Is nn
nroxImnfIon fo fhIs IdonI bIock-cIhor sysfom for Inrgo n, buIIf u ouf of comononfs
fhnf nro onsIIy ronIIznbIo.
Iuf boforo furnIng fo IoIsfoI's nronch, Iof us mnko ono ofhor obsorvnfIon. Wo
couId confIno oursoIvos fo fhIs gonornI bIock subsfIfufIon cIhor buf, fo mnko Ifs
ImIomonfnfIon frncfnbIo, confIno oursoIvos fo n subsof of fho 2
n
! ossIbIo rovorsIbIo
mnIngs.

Ior oxnmIo, suoso wo dofIno fho mnIng In forms of n sof of IInonr
oqunfIons. In fho cnso of n = 4, wo hnvo:

whoro fho xi nro fho four bInnry dIgIfs of fho InInfoxf bIock, fho yi nro fho four bInnry
dIgIfs of fho cIhorfoxf bIock, fho kij nro fho bInnry cooffIcIonfs, nnd nrIfhmofIc Is mod 2.
Tho koy sIzo Is jusf n
2
, In fhIs cnso l6 bIfs. Tho dnngor wIfh fhIs kInd of formuInfIon Is
fhnf If mny bo vuInornbIo fo cryfnnnIysIs by nn nffnckor fhnf Is nwnro of fho sfrucfuro
of fho nIgorIfhm.
1.15 TH IISTI CIPHR

IoIsfoI roosod fhnf wo cnn nroxImnfo fho sImIo subsfIfufIon cIhor by
ufIIIzIng fho concof of n roducf cIhor, whIch Is fho orformIng of fwo or moro bnsIc
cIhors In soquonco In such n wny fhnf fho fInnI rosuIf or roducf Is cryfogrnhIcnIIy
sfrongor fhnn nny of fho comononf cIhors.
In nrfIcuInr, IoIsfoI roosod fho uso of n cIhor fhnf nIfornnfos subsfIfufIons
nnd ormufnfIons. IoIsfoI roosod fho uso of n cIhor fhnf nIfornnfos subsfIfufIons
nnd ormufnfIons. In fncf, fhIs Is n rncfIcnI nIIcnfIon of n roosnI by CInudo
Shnnnon fo dovoIo n roducf cIhor fhnf nIfornnfos confueion nnd Jiffueion funcfIons.

IIIusIon und ConIusIon
In dIIIusIon, fho sfnfIsfIcnI sfrucfuro of fho InInfoxf Is dIssInfod Info Iong
rnngo sfnfIsfIcs of fho cIhorfoxf. ThIs Is nchIovod by hnvIng onch InInfoxf dIgIf nffocf
fho vnIuo of mnny cIhorfoxf dIgIfs, whIch Is oquIvnIonf fo snyIng fhnf onch cIhorfoxf
dIgIf Is nffocfod by mnny InInfoxf dIgIfs.
An oxnmIo of dIffusIon Is fo oncryf n mossngo M = nl, n2, n3, . of chnrncfors
wIfh nn nvorngIng oornfIon:

nddIng l succossIvo Ioffors fo gof n cIhorfoxf Ioffor ,n. Ono cnn show fhnf fho
sfnfIsfIcnI sfrucfuro of fho InInfoxf hns boon dIssInfod. Thus, fho Ioffor froquoncIos In
fho cIhorfoxf wIII bo moro nonrIy oqunI fhnn In fho InInfoxf; fho dIgrnm froquoncIos
wIII nIso bo moro nonrIy oqunI, nnd so on. In n bInnry bIock cIhor, dIffusIon cnn bo
nchIovod by roonfodIy orformIng somo ormufnfIon on fho dnfn foIIowod by nIyIng
n funcfIon fo fhnf ormufnfIon; fho offocf Is fhnf bIfs from dIfforonf osIfIons In fho
orIgInnI InInfoxf confrIbufo fo n sIngIo bIf of cIhorfoxf.
Ivory bIock cIhor InvoIvos n frnnsformnfIon of n bIock of InInfoxf Info n bIock
of cIhorfoxf, whoro fho frnnsformnfIon doonds on fho koy. Tho mochnnIsm of
dIffusIon sooks fo mnko fho sfnfIsfIcnI roInfIonshI bofwoon fho InInfoxf nnd
cIhorfoxf ns comIox ns ossIbIo In ordor fo fhwnrf nffomfs fo doduco fho koy.
On fho ofhor hnnd, conIusIon sooks fo mnko fho roInfIonshI bofwoon fho
sfnfIsfIcs of fho cIhorfoxf nnd fho vnIuo of fho oncryfIon koy ns comIox ns ossIbIo,
ngnIn fo fhwnrf nffomfs fo dIscovor fho koy.
Thus, ovon If fho nffnckor cnn gof somo hnndIo on fho sfnfIsfIcs of fho cIhorfoxf,
fho wny In whIch fho koy wns usod fo roduco fhnf cIhorfoxf Is so comIox ns fo mnko
If dIffIcuIf fo doduco fho koy. ThIs Is nchIovod by fho uso of n comIox subsfIfufIon
nIgorIfhm. In confrnsf, n sImIo IInonr subsfIfufIon funcfIon wouId ndd IIffIo confusIon.

1.16 IISTI CIPHR STRUCTUR

Tho Inufs fo fho oncryfIon nIgorIfhm nro n InInfoxf bIock of Iongfh 2u bIfs
nnd n koy K. Tho InInfoxf bIock Is dIvIdod Info fwo hnIvos, I0 nnd I0. Tho fwo hnIvos of
fho dnfn nss fhrough n rounds of rocossIng nnd fhon combIno fo roduco fho
cIhorfoxf bIock.
Inch round i hns ns Inufs Iil nnd Iil, dorIvod from fho rovIous round, ns woII
ns n subkoy Ki, dorIvod from fho ovornII K. In gonornI, fho subkoys Ki nro dIfforonf from
K nnd from onch ofhor.

AII rounds hnvo fho snmo sfrucfuro. A substItutIon Is orformod on fho Ioff hnIf
of fho dnfn. ThIs Is dono by nIyIng n rounJ funcIion I fo fho rIghf hnIf of fho dnfn nnd
fhon fnkIng fho oxcIusIvo-O! of fho oufuf of fhnf funcfIon nnd fho Ioff hnIf of fho dnfn.
Tho round funcfIon hns fho snmo gonornI sfrucfuro for onch round buf Is
nrnmoforIzod by fho round subkoy Ki. IoIIowIng fhIs subsfIfufIon, n pevmututIon Is
orformod fhnf consIsfs of fho Inforchnngo of fho fwo hnIvos of fho dnfn. ThIs sfrucfuro
Is n nrfIcuInr form of fho subsfIfufIon-ormufnfIon nofwork (SI).

Tho oxncf ronIIznfIon of n IoIsfoI nofwork doonds on fho choIco of fho foIIowIng
purumetero unJ Jeoign feutureo:

BLOCK S1ZE: !nrgor bIock sIzos monn gronfor socurIfy (nII ofhor fhIngs boIng oqunI)
buf roducod oncryfIon/docryfIon sood. A bIock sIzo of 64 bIfs Is n ronsonnbIo frndooff
nnd hns boon nonrIy unIvorsnI In bIock cIhor dosIgn. Howovor, fho now AIS usos n
l28-bIf bIock sIzo.

KEY S1ZE: !nrgor koy sIzo monns gronfor socurIfy buf mny docronso
oncryfIon/docryfIon sood. Koy sIzos of 64 bIfs or Ioss nro now wIdoIy consIdorod fo bo
Inndoqunfo, nnd l28 bIfs hns bocomo n common sIzo.

UMBER OF ROUDS: Tho ossonco of fho IoIsfoI cIhor Is fhnf n sIngIo round offors
Inndoqunfo socurIfy buf fhnf muIfIIo rounds offor IncronsIng socurIfy. A fyIcnI sIzo Is
l6 rounds.
SUBKEY CEERAT1O ALCOR1THM: Cronfor comIoxIfy In fhIs nIgorIfhm shouId

Iond fo gronfor dIffIcuIfy of cryfnnnIysIs.

ROUD FUCT1O: AgnIn, gronfor comIoxIfy gonornIIy monns gronfor rosIsfnnco fo
cryfnnnIysIs.

Tuo conoiJerutiono In fho dosIgn of n IoIsfoI cIhor:

FAST SOFTWARE ECRYPT1O/DECRYPT1O:
In mnny cnsos, oncryfIon Is omboddod In nIIcnfIons or ufIIIfy funcfIons In
such n wny ns fo rocIudo n hnrdwnro ImIomonfnfIon. AccordIngIy, fho sood of
oxocufIon of fho nIgorIfhm bocomos n concorn.

EASE OF AALYS1S:
AIfhough wo wouId IIko fo mnko our nIgorIfhm ns dIffIcuIf ns ossIbIo fo
cryfnnnIyzo, fhoro Is gronf bonofIf In mnkIng fho nIgorIfhm onsy fo nnnIyzo.
Thnf Is, If fho nIgorIfhm cnn bo concIsoIy nnd cIonrIy oxInInod, If Is onsIor fo
nnnIyzo fhnf nIgorIfhm for cryfnnnIyfIc vuInornbIIIfIos nnd fhoroforo dovoIo n hIghor
IovoI of nssurnnco ns fo Ifs sfrongfh. IS, for oxnmIo, doos nof hnvo nn onsIIy nnnIyzod
funcfIonnIIfy.

IISTI CRYPTION AIGORITHM
Tho rocoss of docryfIon wIfh n IoIsfoI cIhor Is ossonfInIIy fho snmo ns fho
oncryfIon rocoss. Tho rule Is ns foIIows: !so fho cIhorfoxf ns Inuf fo fho nIgorIfhm,
buf uso fho subkoys KI In rovorso ordor. Thnf Is, uso Kn In fho fIrsf round, Knl In fho
socond round, nnd so on unfII Kl Is usod In fho Insf round.
ThIs Is n nIco fonfuro bocnuso If monns wo nood nof ImIomonf fwo dIfforonf
nIgorIfhms, ono for oncryfIon nnd ono for docryfIon. A rovorsod koy ordor roducos
fho corrocf rosuIf, consIdor IIguro, whIch shows fho oncryfIon rocoss goIng down fho
Ioff-hnnd sIdo nnd fho docryfIon rocoss goIng u fho rIghf-hnnd sIdo for n l6-round
nIgorIfhm (fho rosuIf wouId bo fho snmo for nny numbor of rounds).

IeIsteI ncvyptIon und ecvyptIon
Ior cInrIfy, wo uso fho nofnfIon I1i nnd I1i for dnfn frnvoIIng fhrough fho
oncryfIon nIgorIfhm nnd IDi nnd IDi for dnfn frnvoIIng fhrough fho docryfIon
nIgorIfhm. Tho dIngrnm IndIcnfos fhnf, nf ovory round, fho InformodInfo vnIuo of fho
docryfIon rocoss Is oqunI fo fho corrosondIng vnIuo of fho oncryfIon rocoss wIfh
fho fwo hnIvos of fho vnIuo swnod.

To uf fhIs nnofhor wny, Iof fho oufuf of fho ifh oncryfIon round bo I1i||I1i
(Ii concnfonnfod wIfh Ii). Thon fho corrosondIng Inuf fo fho (l6 i)fh docryfIon
round Is I1i||I1i, or oquIvnIonfIy, IDl6i||IDl6i.

Affor fho Insf IfornfIon of fho oncryfIon rocoss, fho fwo hnIvos of fho oufuf nro
swnod, so fhnf fho cIhorfoxf Is I1l6||I1l6. Tho oufuf of fhnf round Is fho
cIhorfoxf. ow fnko fhnf cIhorfoxf nnd uso If ns Inuf fo fho snmo nIgorIfhm. Tho
Inuf fo fho fIrsf round Is I1l6||I1l6, whIch Is oqunI fo fho 32-bIf swn of fho oufuf of
fho sIxfoonfh round of fho oncryfIon rocoss.

Wo wouId IIko fo show fhnf fho oufuf of fho fIrsf round of fho docryfIon rocoss
Is oqunI fo n 32-bIf swn of fho Inuf fo fho sIxfoonfh round of fho oncryfIon rocoss.

IIrsf, consIdor fho oncryfIon rocoss. Wo soo fhnf:

On fho docryfIon sIdo:


Tho XO! hns fho foIIowIng roorfIos:

Thus, wo hnvo IDl = I1l5 nnd IDl = I1l5.

Thoroforo, fho oufuf of fho fIrsf round of fho docryfIon rocoss Is I1l5||I1l5,
whIch Is fho 32-bIf swn of fho Inuf fo fho sIxfoonfh round of fho oncryfIon.

Ior fho ifh IfornfIon of fho oncryfIon nIgorIfhm:

!onrrnngIng forms:

Thus, wo hnvo doscrIbod fho Inufs fo fho ifh IfornfIon ns n funcfIon of fho
oufufs, nnd fhoso oqunfIons confIrm fho nssIgnmonfs shown In fho rIghf-hnnd sIdo.

IInnIIy, wo soo fhnf fho oufuf of fho Insf round of fho docryfIon rocoss Is
I10||I10. A 32- bIf swn rocovors fho orIgInnI InInfoxf, domonsfrnfIng fho vnIIdIfy of
fho IoIsfoI docryfIon rocoss.

ofo fhnf fho dorIvnfIon doos nof roquIro fhnf I bo n rovorsIbIo funcfIon. To soo
fhIs, fnko n IImIfIng cnso In whIch I roducos n consfnnf oufuf (o.g., nII onos)
rognrdIoss of fho vnIuos of Ifs fwo nrgumonfs. Tho oqunfIons sfIII hoId.

1.1? TH ATA NCRYPTION STANAR

Ior IS, dnfn nro oncryfod In 64-bIf bIocks usIng n 56-bIf koy. Tho nIgorIfhm
frnnsforms 64-bIf Inuf In n sorIos of sfos Info n 64-bIf oufuf. Tho snmo sfos, wIfh
fho snmo koy, nro usod fo rovorso fho oncryfIon. Tho IS onjoys wIdosrond uso.

S ncvyptIon
Tho ovornII schomo for IS oncryfIon Is IIIusfrnfod In IIguro. As wIfh nny
oncryfIon schomo, fhoro nro fwo Inufs fo fho oncryfIon funcfIon: fho InInfoxf fo bo
oncryfod nnd fho koy. In fhIs cnso, fho InInfoxf musf bo 64 bIfs In Iongfh nnd fho koy
Is 56 bIfs In Iongfh.

GenevuI epIctIon oI S ncvyptIon AIgovItLm

Af fho left-hunJ oiJe of fho fIguro, wo soo fho rocossIng of fho InInfoxf
rocoods In three phuoeo.

IIrsf, fho 64-bIf InInfoxf nssos fhrough nn InIfInI ormufnfIon (II) fhnf
ronrrnngos fho bIfs fo roduco fho permuteJ input. ThIs Is foIIowod by n hnso
consIsfIng of l6 rounds of fho snmo funcfIon, whIch InvoIvos bofh ormufnfIon nnd
subsfIfufIon funcfIons.

Tho oufuf of fho Insf (sIxfoonfh) round consIsfs of 64 bIfs fhnf nro n funcfIon of
fho Inuf InInfoxf nnd fho koy. Tho Ioff nnd rIghf hnIvos of fho oufuf nro swnod fo
roduco fho preoutput.

IInnIIy, fho rooufuf Is nssod fhrough n ormufnfIon (II
l
) fhnf Is fho Invorso
of fho InIfInI ormufnfIon funcfIon, fo roduco fho 64-bIf cIhorfoxf. WIfh fho oxcofIon
of fho InIfInI nnd fInnI ormufnfIons, IS hns fho oxncf sfrucfuro of n IoIsfoI cIhor.

Tho right-hunJ portion of IIguro shows fho wny In whIch fho 56-bIf koy Is
usod. InIfInIIy, fho koy Is nssod fhrough n ormufnfIon funcfIon.

Thon, for onch of fho l6 rounds, n euIle, (Ki) Is roducod by fho combInnfIon of n Ioff
cIrcuInr shIff nnd n ormufnfIon. Tho ormufnfIon funcfIon Is fho snmo for onch round,
buf n dIfforonf subkoy Is roducod bocnuso of fho roonfod IfornfIon of fho koy bIfs.

InItIuI PevmututIon
Tho InIfInI ormufnfIon nnd Ifs Invorso nro dofInod by fnbIos. Tho Inuf fo n
fnbIo consIsfs of 64 bIfs numborod from l fo 64. Tho 64 onfrIos In fho ormufnfIon fnbIo
confnIn n ormufnfIon of fho numbors from l fo 64.

Inch onfry In fho ormufnfIon fnbIo IndIcnfos fho osIfIon of n numborod Inuf
bIf In fho oufuf, whIch nIso consIsfs of 64 bIfs.
To soo fhnf fhoso fwo ormufnfIon funcfIons nro Indood fho Invorso of onch ofhor,
consIdor fho foIIowIng 64-bIf Inuf M:

Ml M2 M3 M4 M5 M6 M? M8
M9 Ml0 Mll Ml2 Ml3 Ml4 Ml5 Ml6
Ml? Ml8 Ml9 M20 M2l M22 M23 M24
M25 M26 M2? M28 M29 M30 M3l M32
M33 M34 M35 M36 M3? M38 M39 M40
M4l M42 M43 M44 M45 M46 M4? M48
M49 M50 M5l M52 M53 M54 M55 M56
M5? M58 M59 M60 M6l M62 M63 M64
whoro Mi Is n bInnry dIgIf.
Thon fho ormufnfIon X = II(M) Is ns foIIows:

M58 M50 M42 M34 M26 Ml8 Ml0 M2
M60 M52 M44 M36 M28 M20 Ml2 M4
M62 M54 M46 M38 M30 M22 Ml4 M6
M64 M56 M48 M40 M32 M24 Ml6 M8
M5? M49 M4l M33 M25 Ml? M9 Ml
M59 M5l M43 M35 M2? Ml9 Mll M3
M6l M53 M45 M3? M29 M2l Ml3 M5
M63 M55 M4? M39 M3l M23 Ml5 M?

If wo fhon fnko fho Invorso ormufnfIon Y = II
l
(X) = II
l
(II(M)), If cnn bo soon
fhnf fho orIgInnI ordorIng of fho bIfs Is rosforod.

etuIIs oI SIngIe Round
IIguro shows fho InfornnI sfrucfuro of n sIngIo round. AgnIn, bogIn by focusIng
on fho Ioff-hnnd sIdo of fho dIngrnm. Tho Ioff nnd rIghf hnIvos of onch 64-bIf
InformodInfo vnIuo nro fronfod ns sonrnfo 32-bIf qunnfIfIos, InboIod ! (Ioff) nnd !
(rIghf).
As In nny cInssIc IoIsfoI cIhor, fho ovornII rocossIng nf onch round cnn bo
summnrIzod In fho foIIowIng formuIns:

SIngIe Round oI S AIgovItLm

Tho round koy Ki Is 48 bIfs. Tho I Inuf Is 32 bIfs. ThIs I Inuf Is fIrsf oxnndod
fo 48 bIfs by usIng n fnbIo fhnf dofInos n ormufnfIon Ius nn oxnnsIon fhnf InvoIvos
duIIcnfIon of l6 of fho I bIfs. Tho rosuIfIng 48 bIfs nro XO!od wIfh Ki. ThIs 48-bIf
rosuIf nssos fhrough n subsfIfufIon funcfIon fhnf roducos n 32-bIf oufuf, whIch Is
ormufod.

PevmututIon TubIes Iov S
Tho roIo of fho S-boxos In fho funcfIon I Is IIIusfrnfod In IIguro.

CuIcuIutIon oI I(R, K)
Tho subsfIfufIon consIsfs of n sof of oIghf S-boxos, onch of whIch nccofs 6 bIfs ns
Inuf nnd roducos 4 bIfs ns oufuf. Thoso frnnsformnfIons nro dofInod In TnbIo, whIch
Is Inforrofod ns foIIows: Tho fIrsf nnd Insf bIfs of fho Inuf fo box Si form n 2-bIf bInnry
numbor fo soIocf ono of four subsfIfufIons dofInod by fho four rows In fho fnbIo for Si.
Tho mIddIo four bIfs soIocf ono of fho sIxfoon coIumns.
Tho docImnI vnIuo In fho coII soIocfod by fho row nnd coIumn Is fhon convorfod fo
Ifs 4- bIf rorosonfnfIon fo roduco fho oufuf. Ior oxnmIo, In Sl, for Inuf 0ll00l, fho
row Is 0l (row l) nnd fho coIumn Is ll00 (coIumn l2). Tho vnIuo In row l, coIumn l2 Is
9, so fho oufuf Is l00l.

TLunguveI Muvugun 1.?0

eIInItIon oI S S-Boes
Inch row of nn S-box dofInos n gonornI rovorsIbIo subsfIfufIon. Tho sfrucfuro of
fho S-boxos Is worfh furfhor commonf. Ignoro for fho momonf fho confrIbufIon of fho
koy (Ki). If you oxnmIno fho oxnnsIon fnbIo, you soo fhnf fho 32 bIfs of Inuf nro sIIf
Info grous of 4 bIfs, nnd fhon bocomo grous of 6 bIfs by fnkIng fho oufor bIfs from fho
fwo ndjnconf grous. Ior erumple, If nrf of fho Inuf word Is: . . . ofgh IjkI mno . . .
fhIs bocomos . . . dofghI hIjkIm Imnoq . . .

Tho oufor fwo bIfs of onch grou soIocf ono of four ossIbIo subsfIfufIons (ono row
of nn S-box). Thon n 4-bIf oufuf vnIuo Is subsfIfufod for fho nrfIcuInr 4-bIf Inuf (fho
mIddIo four Inuf bIfs). Tho 32-bIf oufuf from fho oIghf S-boxos Is fhon ormufod, so
fhnf on fho noxf round fho oufuf from onch S-box ImmodInfoIy nffocfs ns mnny ofhors
ns ossIbIo.
Key GenevutIon
!ofurnIng fo IIguros of IS IncryfIon nnd SIngIo !ound doscrIfIon, wo soo
fhnf n 64-bIf koy usod ns Inuf fo fho nIgorIfhm. Tho bIfs of fho koy nro numborod from
l fhrough 64; ovory oIghfh bIf Is Ignorod, ns IndIcnfod by fho Inck of shndIng In TnbIo
(n). Tho koy Is fIrsf subjocfod fo n ormufnfIon govornod by n fnbIo InboIod Iormufod
ChoIco Ono (TnbIo (b)).

Tho rosuIfIng 56-bIf koy Is fhon fronfod ns fwo 28-bIf qunnfIfIos, InboIod C0 nnd
D0. Af onch round, Cil nnd Dil nro sonrnfoIy subjocfod fo n cIrcuInr Ioff shIff, or
rofnfIon, of l or 2 bIfs, ns govornod by TnbIo (d).

Thoso shIffod vnIuos sorvo ns Inuf fo fho noxf round. Thoy nIso sorvo ns Inuf fo
Iormufod ChoIco Two (TnbIo (c)), whIch roducos n 48-bIf oufuf fhnf sorvos ns Inuf fo
fho funcfIon I (Iil, Ki).

S ecvyptIon
As wIfh nny IoIsfoI cIhor, docryfIon usos fho snmo nIgorIfhm ns oncryfIon,
oxcof fhnf fho nIIcnfIon of fho subkoys Is rovorsod.

TLe AvuIuncLe IIect
A dosIrnbIo roorfy of nny oncryfIon nIgorIfhm Is fhnf n smnII chnngo In oIfhor
fho InInfoxf or fho koy shouId roduco n sIgnIfIcnnf chnngo In fho cIhorfoxf. In
nrfIcuInr n chnngo In ono bIf of fho InInfoxf or ono bIf of fho koy shouId roduco n
chnngo In mnny bIfs of fho cIhorfoxf. If fho chnngo woro smnII, fhIs mIghf rovIdo n
wny fo roduco fho sIzo of fho InInfoxf or koy snco fo bo sonrchod.

IS oxhIbIfs n sfrong nvnInncho offocf. In fho TnbIo (n), fwo InInfoxfs fhnf
dIffor by ono bIf woro usod:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
l0000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
wIfh fho koy
000000l l00l0ll 0l00l00 ll000l0 00lll00 00ll000 00lll00 0ll00l0

Tho fnbIo shows fhnf nffor jusf fhroo rounds, 2l bIfs dIffor bofwoon fho fwo
bIocks. On comIofIon, fho fwo cIhorfoxfs dIffor In 34 bIf osIfIons.
TnbIo (b) shows n sImIInr fosf In whIch n sIngIo InInfoxf Is Inuf:

0ll0l000 l0000l0l 00l0llll 0llll0l0 000l00ll 0lll0ll0 lll0l0ll l0l00l00

wIfh fwo koys fhnf dIffor In onIy ono bIf osIfIon:
lll00l0 llll0ll ll0llll 00ll000 00lll0l 0000l00 0ll000l ll0lll00
0ll00l0 llll0ll ll0llll 00ll000 00lll0l 0000l00 0ll000l ll0lll00

AgnIn, fho rosuIfs show fhnf nbouf hnIf of fho bIfs In fho cIhorfoxf dIffor nnd
fhnf fho nvnInncho offocf Is ronouncod nffor jusf n fow rounds.

AvuIuncLe IIect In S
1.1B TH STRNGTH OI S
SInco Ifs ndofIon ns n fodornI sfnndnrd, fhoro hnvo boon IIngorIng concorns
nbouf fho IovoI of socurIfy rovIdod by IS. Thoso concorns, by nnd Inrgo, fnII Info tuo
ureuo: koy sIzo nnd fho nnfuro of fho nIgorIfhm.

TLe Use oI 56-BIt Keys
WIfh n koy Iongfh of 56 bIfs, fhoro nro 2
56
ossIbIo koys, whIch Is nroxImnfoIy
?.2 X l0
l6
koys. Thus, on fho fnco of If, n brufo-forco nffnck nonrs ImrncfIcnI. Thus,
on fho fnco of If, n brufo-forco nffnck nonrs ImrncfIcnI.

AssumIng fhnf, on nvorngo, hnIf fho koy snco hns fo bo sonrchod, n sIngIo
mnchIno orformIng ono IS oncryfIon or mIcrosocond wouId fnko moro fhnn n
fhousnnd yonrs fo bronk fho cIhor.

If Is Imorfnnf fo nofo fhnf fhoro Is moro fo n koy-sonrch nffnck fhnn sImIy
runnIng fhrough nII ossIbIo koys. !nIoss known InInfoxf Is rovIdod, fho nnnIysf
musf bo nbIo fo rocognIzo InInfoxf ns InInfoxf.

If fho mossngo Is jusf InIn foxf In IngIIsh, fhon fho rosuIf os ouf onsIIy,
nIfhough fho fnsk of rocognIzIng IngIIsh wouId hnvo fo bo nufomnfod. If fho foxf
mossngo hns boon comrossod boforo oncryfIon, fhon rocognIfIon Is moro dIffIcuIf. And
If fho mossngo Is somo moro gonornI fyo of dnfn, such ns n numorIcnI fIIo, nnd fhIs hns
boon comrossod, fho robIom bocomos ovon moro dIffIcuIf fo nufomnfo.

Thus, fo suIomonf fho brufo-forco nronch, somo dogroo of knowIodgo nbouf
fho oxocfod InInfoxf Is noodod, nnd somo monns of nufomnfIcnIIy dIsfInguIshIng
InInfoxf from gnrbIo Is nIso noodod.

Tho III nronch nddrossos fhIs Issuo ns woII nnd Infroducos somo nufomnfod
fochnIquos fhnf wouId bo offocfIvo In mnny confoxfs.

TLe Nutuve oI tLe S AIgovItLm

Tho ossIbIIIfy fhnf cryfnnnIysIs Is ossIbIo by oxIoIfIng fho chnrncforIsfIcs of
fho IS nIgorIfhm. Tho focus of concorn hns boon on fho oIghf subsfIfufIon fnbIos, or S-
boxos, fhnf nro usod In onch IfornfIon.

Iocnuso fho dosIgn crIforIn for fhoso boxos, nnd Indood for fho onfIro nIgorIfhm,
woro nof mndo ubIIc, fhoro Is n susIcIon fhnf fho boxos woro consfrucfod In such n
wny fhnf cryfnnnIysIs Is ossIbIo for nn oononf who knows fho wonknossos In fho S -
boxos. ThIs nssorfIon Is fnnfnIIzIng, nnd ovor fho yonrs n numbor of roguInrIfIos nnd
unoxocfod bohnvIors of fho S-boxos hnvo boon dIscovorod. osIfo fhIs, no ono hns so
fnr succoodod In dIscovorIng fho suosod fnfnI wonknossos In fho S-boxos.

TImIng Attucks
A fImIng nffnck Is ono In whIch InformnfIon nbouf fho koy or fho InInfoxf Is
obfnInod by obsorvIng how Iong If fnkos n gIvon ImIomonfnfIon fo orform docryfIons
on vnrIous cIhorfoxfs.
A fImIng nffnck oxIoIfs fho fncf fhnf nn oncryfIon or docryfIon nIgorIfhm
offon fnkos sIIghfIy dIfforonf nmounfs of fImo on dIfforonf Inufs. IS nonrs fo bo
fnIrIy rosIsfnnf fo n succossfuI fImIng nffnck buf suggosf somo nvonuos fo oxIoro.
AIfhough fhIs Is nn InforosfIng IIno of nffnck, If so fnr nonrs unIIkoIy fhnf fhIs
fochnIquo wIII ovor bo succossfuI ngnInsf IS or moro oworfuI symmofrIc cIhors such
ns frIIo IS nnd AIS.

1.19 IIIRNTIAI AN IINAR CRYPTANAIYSIS
WIfh fho IncronsIng ouInrIfy of bIock cIhors wIfh Iongor koy Iongfhs,
IncIudIng frIIo IS, brufo-forco nffncks hnvo bocomo IncronsIngIy ImrncfIcnI. Thus,
fhoro hns boon Incronsod omhnsIs on cryfnnnIyfIc nffncks on IS nnd ofhor
symmofrIc bIock cIhors.

Tho fwo mosf oworfuI nnd romIsIng nronchos: dIfforonfInI cryfnnnIysIs nnd
IInonr cryfnnnIysIs.
IIIeventIuI CvyptunuIysIs
Ono of fho mosf sIgnIfIcnnf ndvnncos In cryfnnnIysIs In roconf yonrs Is
dIfforonfInI cryfnnnIysIs. IfforonfInI cryfnnnIysIs of nn oIghf-round !!CIII!
nIgorIfhm roquIros onIy 256 choson InInfoxfs, whorons nn nffnck on nn oIghf-round
vorsIon of IS roquIros 2
l4
choson InInfoxfs.

IIIeventIuI CvyptunuIysIs Attuck
Tho dIfforonfInI cryfnnnIysIs nffnck Is comIox; rovIdos n comIofo doscrIfIon.
Wo bogIn wIfh n chnngo In nofnfIon for IS. ConsIdor fho orIgInnI InInfoxf bIock n fo
consIsf of fwo hnIvos n0, nl.

Inch round of IS mns fho rIghf-hnnd Inuf Info fho Ioff-hnnd oufuf nnd sofs
fho rIghf-hnnd oufuf fo bo n funcfIon of fho Ioff-hnnd Inuf nnd fho subkoy for fhIs
round. So, nf onch round, onIy ono now 32-bIf bIock Is cronfod. If wo InboI onch now
bIock mi (2 _ i _ l?), fhon fho InformodInfo mossngo hnIvos nro roInfod ns foIIows:

In dIfforonfInI cryfnnnIysIs, ono sfnrfs wIfh fwo mossngos, m nnd m', wIfh n
known XO! dIfforonco An = n n', nnd consIdor fho dIfforonco bofwoon fho
InformodInfo mossngo hnIvos: An = ni n'i. Thon wo hnvo:

ow, suoso fhnf mnny nIrs of Inufs fo f wIfh fho snmo dIfforonco yIoId fho
snmo oufuf dIfforonco If fho snmo subkoy Is usod. To uf fhIs moro rocIsoIy, Iof us sny
fhnf X no, couee Y uiII proIoIiliI, p, If for n frncfIon p of fho nIrs In whIch fho Inuf
XO! Is X, fho oufuf XO! oqunIs Y.
TLunguveI Muvugun 1.??

Wo wnnf fo suoso fhnf fhoro nro n numbor of vnIuos of X fhnf hnvo hIgh
robnbIIIfy of cnusIng n nrfIcuInr oufuf dIfforonco. Thoroforo, If wo know Anil nnd
Ani wIfh hIgh robnbIIIfy, fhon wo know Ani+l wIfh hIgh robnbIIIfy.

Iurfhormoro, If n numbor of such dIfforoncos nro doformInod, If Is fonsIbIo fo
doformIno fho subkoy usod In fho funcfIon f.

Tho ovornII sfrnfogy of dIfforonfInI cryfnnnIysIs Is bnsod on fhoso consIdornfIons
for n sIngIo round. Tho rocoduro Is fo bogIn wIfh fwo InInfoxf mossngos n nnd n'
wIfh n gIvon dIfforonco nnd frnco fhrough n robnbIo nfforn of dIfforoncos nffor onch
round fo yIoId n robnbIo dIfforonco for fho cIhorfoxf.

AcfunIIy, fhoro nro fwo robnbIo dIfforoncos for fho fwo 32-bIf hnIvos:
(Anl? || Anl6). oxf, wo submIf n nnd n' for oncryfIon fo doformIno fho ncfunI
dIfforonco undor fho unknown koy nnd comnro fho rosuIf fo fho robnbIo dIfforonco.

If fhoro Is n mnfch,

fhon wo susocf fhnf nII fho robnbIo nfforns nf nII fho InformodInfo rounds nro
corrocf. WIfh fhnf nssumfIon, wo cnn mnko somo doducfIons nbouf fho koy bIfs. ThIs
rocoduro musf bo roonfod mnny fImos fo doformIno nII fho koy bIfs.

IIguro IIIusfrnfos fho rongnfIon of dIfforoncos fhrough fhroo rounds of IS.
Tho robnbIIIfIos shown on fho rIghf rofor fo fho robnbIIIfy fhnf n gIvon sof of
InformodInfo dIfforoncos wIII nonr ns n funcfIon of fho Inuf dIfforoncos.

OvornII, nffor fhroo rounds fho robnbIIIfy fhnf fho oufuf dIfforonco Is ns shown
Is oqunI fo 0.25 x l x 0.25 = 0.0625.
TLunguveI Muvugun 1.?B

IIIeventIuI PvopugutIon tLvougL TLvee Round oI S
(Numbevs In LeudecImuI)

IIneuv CvyptunuIysIs
A moro roconf dovoIomonf Is IInonr cryfnnnIysIs. ThIs nffnck Is bnsod on
fIndIng IInonr nroxImnfIons fo doscrIbo fho frnnsformnfIons orformod In IS. ThIs
mofhod cnn fInd n IS koy gIvon 2
4?
known InInfoxfs, ns comnrod fo 2
4?
choson
InInfoxfs for dIfforonfInI cryfnnnIysIs.

AIfhough fhIs Is n mInor Imrovomonf, bocnuso If mny bo onsIor fo ncquIro

known InInfoxf rnfhor fhnn choson InInfoxf, If sfIII Ionvos IInonr cryfnnnIysIs
InfonsIbIo ns nn nffnck on IS. So fnr, IIffIo work hns boon dono by ofhor grous fo
vnIIdnfo fho IInonr cryfnnnIyfIc nronch.

Wo now gIvo n brIof summnry of fho rIncIIo on whIch IInonr cryfnnnIysIs Is
bnsod. Ior n cIhor wIfh n-bIf InInfoxf nnd cIhorfoxf bIocks nnd nn n-bIf koy, Iof fho
InInfoxf bIock bo InboIod I|l], . I|n], fho cIhor foxf bIock C|l], . C|n], nnd fho koy
K|l], ., K|n]. Thon dofIno

Tho objocfIvo of IInonr cryfnnnIysIs Is fo fInd nn offocfIvo lineor oqunfIon of fho form:

(whoro x = 0 or l; l _ n, b _ n, l _ c _ n, nnd whoro fho n, b, nnd g forms rorosonf fIxod,
unIquo bIf IocnfIons) fhnf hoIds wIfh robnbIIIfy p 0.5.

Tho furfhor p Is from 0.5, fho moro offocfIvo fho oqunfIon. Onco n roosod
roInfIon Is doformInod, fho rocoduro Is fo comufo fho rosuIfs of fho Ioff-hnnd sIdo of
fho rocodIng oqunfIon for n Inrgo numbor of InInfoxf-cIhorfoxf nIrs.

If fho rosuIf Is 0 moro fhnn hnIf fho fImo, nssumo K|l, 2, ., c] = 0. If If Is l
mosf of fho fImo, nssumo K|l, 2, ., c] = l. ThIs gIvos us n IInonr oqunfIon on fho koy
bIfs. Try fo gof moro such roInfIons so fhnf wo cnn soIvo for fho koy bIfs.

Iocnuso wo nro donIIng wIfh IInonr oqunfIons, fho robIom cnn bo nronchod
ono round of fho cIhor nf n fImo, wIfh fho rosuIfs combInod.

1.20 BIOCK CIPHR SIGN PRINCIPIS
Tho fhroo crIfIcnI nsocfs of bIock cIhor dosIgn: fho numbor of rounds, dosIgn of
fho funcfIon I, nnd koy schoduIIng.
TLunguveI Muvugun 1.B0
S esIgn CvItevIu
Tho crIforIn usod In fho dosIgn of IS focusod on fho dosIgn of fho S boxos nnd
on fho I funcfIon fhnf fnkos fho oufuf of fho S boxos.

Tho criteriu for the S-boreo nro:
l) o oufuf bIf of nny S-box shouId bo foo cIoso n IInonr funcfIon of fho Inuf bIfs.
SocIfIcnIIy, If wo soIocf nny oufuf bIf nnd nny subsof of fho sIx Inuf bIfs, fho
frncfIon of Inufs for whIch fhIs oufuf bIf oqunIs fho XO! of fhoso Inuf bIfs
shouId nof bo cIoso fo 0 or l, buf rnfhor shouId bo nonr l/2.
2) Inch row of nn S-box (doformInod by n fIxod vnIuo of fho Ioffmosf nnd rIghfmosf
Inuf bIfs) shouId IncIudo nII l6 ossIbIo oufuf bIf combInnfIons.
3) If fwo Inufs fo nn S-box dIffor In oxncfIy ono bIf, fho oufufs musf dIffor In nf
Ionsf fwo bIfs.
4) If fwo Inufs fo nn S-box dIffor In fho fwo mIddIo bIfs oxncfIy, fho oufufs musf
dIffor In nf Ionsf fwo bIfs.
5) If fwo Inufs fo nn S-box dIffor In fhoIr fIrsf fwo bIfs nnd nro IdonfIcnI In fhoIr
Insf fwo bIfs, fho fwo oufufs musf nof bo fho snmo.
6) Ior nny nonzoro 6-bIf dIfforonco bofwoon Inufs, no moro fhnn 8 of fho 32 nIrs
of Inufs oxhIbIfIng fhnf dIfforonco mny rosuIf In fho snmo oufuf dIfforonco.
?) ThIs Is n crIforIon sImIInr fo fho rovIous ono, buf for fho cnso of fhroo S-boxos.

If fho S-boxos woro IInonr (I.o., onch oufuf bIf Is n IInonr combInnfIon of fho
Inuf bIfs), fho onfIro nIgorIfhm wouId bo IInonr nnd onsIIy brokon.

Tho criteriu for the permutution P nro:
n) Tho four oufuf bIfs from onch S-box nf round i nro dIsfrIbufod so fhnf fwo of
fhom nffocf (rovIdo Inuf for) "mIddIo bIfs" of round (i + l) nnd fho ofhor fwo
nffocf ond bIfs.
Tho fwo mIddIo bIfs of Inuf fo nn S-box nro nof shnrod wIfh ndjnconf S-
boxos. Tho ond bIfs nro fho fwo Ioff-hnnd bIfs nnd fho fwo rIghf-hnnd bIfs, whIch
nro shnrod wIfh ndjnconf S-boxos.
b) Tho four oufuf bIfs from onch S-box nffocf sIx dIfforonf S-boxos on fho noxf
round, nnd no fwo nffocf fho snmo S-box.
c) Ior fwo S-boxos j, l, If nn oufuf bIf from Sj nffocfs n mIddIo bIf of Sl on fho noxf
round, fhon nn oufuf bIf from Sl cnnnof nffocf n mIddIo bIf of Sj. ThIs ImIIos
fhnf for j = l, nn oufuf bIf from Sj musf nof nffocf n mIddIo bIf of Sj.

Thoso crIforIn nro Infondod fo Incronso fho dIffusIon of fho nIgorIfhm.

Numbev oI Rounds
Tho gronfor fho numbor of rounds, fho moro dIffIcuIf If Is fo orform
cryfnnnIysIs, ovon for n roInfIvoIy wonk I. In gonornI, fho crIforIon shouId bo fhnf fho
numbor of rounds Is choson so fhnf known cryfnnnIyfIc offorfs roquIro gronfor offorf
fhnn n sImIo brufo-forco koy sonrch nffnck. ThIs crIforIon wns corfnInIy usod In fho
dosIgn of IS.
ThIs crIforIon Is nffrncfIvo bocnuso If mnkos If onsy fo judgo fho sfrongfh of nn
nIgorIfhm nnd fo comnro dIfforonf nIgorIfhms. In fho nbsonco of n cryfnnnIyfIc
bronkfhrough, fho sfrongfh of nny nIgorIfhm fhnf snfIsfIos fho crIforIon cnn bo judgod
soIoIy on koy Iongfh.

esIgn oI IunctIon I
Tho honrf of n IoIsfoI bIock cIhor Is fho funcfIon I. As wo hnvo soon, In IS,
fhIs funcfIon roIIos on fho uso of S-boxos. ThIs Is nIso fho cnso for mosf ofhor symmofrIc
bIock cIhors.

esIgn CvItevIu Iov I
Tho funcfIon I rovIdos fho oIomonf of confusIon In n IoIsfoI cIhor. Thus, If
musf bo dIffIcuIf fo "unscrnmbIo" fho subsfIfufIon orformod by I. Tho moro nonIInonr
I, fho moro dIffIcuIf nny fyo of cryfnnnIysIs wIII bo.

SovornI ofhor crIforIn shouId bo consIdorIng In dosIgnIng I. Wo wouId IIko fho
nIgorIfhm fo hnvo good nvnInncho roorfIos.
A moro sfrIngonf vorsIon of fhIs Is fho StvIct AvuIuncLe CvItevIon (SAC),

whIch sfnfos fhnf nny oufuf bIf j of nn S-box shouId chnngo wIfh robnbIIIfy l/2 whon
nny sIngIo Inuf bIf i Is Invorfod for nII i, j. AIfhough SAC Is oxrossod In forms of S-
boxos, n sImIInr crIforIon couId bo nIIod fo I ns n whoIo. ThIs Is Imorfnnf whon
consIdorIng dosIgns fhnf do nof IncIudo S-boxos.

Anofhor crIforIon roosod Is fho BIt Independence CvItevIon (BIC), whIch
sfnfos fhnf oufuf bIfs j nnd l shouId chnngo IndoondonfIy whon nny sIngIo Inuf bIf i
Is Invorfod, for nII i, j, nnd l. Tho SAC nnd IIC crIforIn nonr fo sfrongfhon fho
offocfIvonoss of fho confusIon funcfIon.

S-Bo esIgn
Tho roInfIonshI shouId bo nonIInonr nnd dIffIcuIf fo nroxImnfo wIfh IInonr
funcfIons. Ono obvIous chnrncforIsfIc of fho S-box Is Ifs sIzo. An nxn S-box hns n Inuf
bIfs nnd n oufuf bIfs. IS hns 6x4 S-boxos. IIowfIsh hns 8x32 S-boxos. !nrgor S-
boxos, by nnd Inrgo, nro moro rosIsfnnf fo dIfforonfInI nnd IInonr cryfnnnIysIs.

On fho ofhor hnnd, fho Inrgor fho dImonsIon n, fho (oxononfInIIy) Inrgor fho
Iooku fnbIo. Thus, for rncfIcnI ronsons, n IImIf of n oqunI fo nbouf 8 fo l0 Is usunIIy
Imosod. Anofhor rncfIcnI consIdornfIon Is fhnf fho Inrgor fho S-box, fho moro dIffIcuIf
If Is fo dosIgn If roorIy.

S-boxos nro fyIcnIIy orgnnIzod In n dIfforonf mnnnor fhnn usod In DES. An nxn
S-box fyIcnIIy consIsfs of 2
n
rows of n bIfs onch. Tho n bIfs of Inuf soIocf ono of fho
rows of fho S box, nnd fho n bIfs In fhnf row nro fho oufuf.

Mioter unJ AJumo rooso n numbor of crIforIn for S-box dosIgn. Among fhoso
nro fhnf fho S-box shouId snfIsfy bofh SAC nnd IIC. Thoy nIso suggosf fhnf nII IInonr
combInnfIons of S-box coIumns shouId bo IenI. Ionf funcfIons nro n socInI cInss of
IooIonn funcfIons fhnf nro hIghIy nonIInonr nccordIng fo corfnIn mnfhomnfIcnI crIforIn.

Tho guuvunteed uvuIuncLe (GA) crIforIon ns foIIows: An S-box snfIsfIos CA of

ordor If, for n l-bIf Inuf chnngo, nf Ionsf g oufuf bIfs chnngo. A CA In fho rnngo of
ordor 2 fo ordor 5 rovIdos sfrong dIffusIon chnrncforIsfIcs for fho ovornII oncryfIon
nIgorIfhm.

yberg, who hns wrIffon n Iof nbouf fho fhoory nnd rncfIco of S-box dosIgn,
suggosfs fho foIIowIng nronchos,
Rundom: !so somo soudornndom numbor gonornfIon or somo fnbIo of rnndom
dIgIfs fo gonornfo fho onfrIos In fho S-boxos.
Rundom wItL testIng: Chooso S-box onfrIos rnndomIy, fhon fosf fho rosuIfs
ngnInsf vnrIous crIforIn, nnd fhrow nwny fhoso fhnf do nof nss.
Mun-mude: ThIs Is n moro or Ioss mnnunI nronch wIfh onIy sImIo
mnfhomnfIcs fo suorf If.
MutL-mude: Conornfo S-boxos nccordIng fo mnfhomnfIcnI rIncIIos.

Key ScLeduIe AIgovItLm
WIfh nny IoIsfoI bIock cIhor, fho koy Is usod fo gonornfo ono subkoy for onch
round. In gonornI, wo wouId IIko fo soIocf subkoys fo mnxImIzo fho dIffIcuIfy of
doducIng IndIvIdunI subkoys nnd fho dIffIcuIfy of workIng bnck fo fho mnIn koy. Tho
koy schoduIo shouId gunrnnfoo koy/cIhorfoxf SfrIcf AvnInncho CrIforIon nnd IIf
Indoondonco CrIforIon.

1.21 BIOCK CIPHR MOS OI OPRATION
Tho IS nIgorIfhm Is n bnsIc buIIdIng bIock for rovIdIng dnfn socurIfy. To nIy
IS In n vnrIofy of nIIcnfIons, four "modos of oornfIon" hnvo boon dofInod. Thoso
four modos nro Infondod fo covor vIrfunIIy nII fho ossIbIo nIIcnfIons of oncryfIon for
whIch IS couId bo usod.

IectvonIc Codebook Mode
Tho sImIosf modo Is fho oIocfronIc codobook (ICI) modo, In whIch InInfoxf Is
hnndIod 64 bIfs nf n fImo nnd onch bIock of InInfoxf Is oncryfod usIng fho snmo koy.
Tho form coJeIool Is usod bocnuso, for n gIvon koy, fhoro Is n unIquo cIhorfoxf
for ovory 64-bIf bIock of InInfoxf. Thoroforo, ono cnn ImngIno n gIgnnfIc codobook In
whIch fhoro Is nn onfry for ovory ossIbIo 64-bIf InInfoxf nfforn showIng Ifs
corrosondIng cIhorfoxf.
Ior n mossngo Iongor fhnn 64 bIfs, fho rocoduro Is sImIy fo bronk fho mossngo
Info 64-bIf bIocks, nddIng fho Insf bIock If nocossnry. ocryfIon Is orformod ono
bIock nf n fImo, nIwnys usIng fho snmo koy.
Tho InInfoxf (nddod ns nocossnry) consIsfs of n soquonco of 64-bIf bIocks, Pl,
P2, . . ., PA; fho corrosondIng soquonco of cIhorfoxf bIocks Is Cl, C2, . . ., CA. Tho ICI
mofhod Is IdonI for n shorf nmounf of dnfn, such ns nn oncryfIon koy. Thus, If you wnnf
fo frnnsmIf n IS koy socuroIy, ICI Is fho nrorInfo modo fo uso.

BIock CIpLev Modes oI OpevutIon
Tho mosf oignificunt churucteriotic of ICI Is fhnf fho snmo 64-bIf bIock of
InInfoxf, If If nonrs moro fhnn onco In fho mossngo, nIwnys roducos fho snmo
cIhorfoxf. Ior Iongfhy mossngos, fho ICI modo mny nof bo socuro. If fho mossngo Is
hIghIy sfrucfurod, If mny bo ossIbIo for n cryfnnnIysf fo oxIoIf fhoso roguInrIfIos.

IectvonIc Codebook (CB) Mode

Ior exonple, If If Is known fhnf fho mossngo nIwnys sfnrfs ouf wIfh corfnIn
rodofInod fIoIds, fhon fho cryfnnnIysf mny hnvo n numbor of known InInfoxf-
cIhorfoxf nIrs fo work wIfh. If fho mossngo hns roofIfIvo oIomonfs, wIfh n orIod of
roofIfIon n muIfIIo of 64 bIfs, fhon fhoso oIomonfs cnn bo IdonfIfIod by fho nnnIysf.
ThIs mny hoI In fho nnnIysIs or mny rovIdo nn oorfunIfy for subsfIfufIng or
ronrrnngIng bIocks.

CIpLev BIock CLuInIng Mode
To ovorcomo fho socurIfy dofIcIoncIos of ICI, wo wouId IIko n fochnIquo In whIch
fho snmo InInfoxf bIock, If roonfod, roducos dIfforonf cIhorfoxf bIocks. A sImIo wny
fo snfIsfy fhIs roquIromonf Is fho CIhor IIock ChnInIng (CIC) modo.
In fhIs schomo, fho Inuf fo fho oncryfIon nIgorIfhm Is fho XO! of fho curronf
InInfoxf bIock nnd fho rocodIng cIhorfoxf bIock; fho snmo koy Is usod for onch bIock.
In offocf, wo hnvo chnInod fogofhor fho rocossIng of fho soquonco of InInfoxf bIocks.
Tho Inuf fo fho oncryfIon funcfIon for onch InInfoxf bIock bonrs no fIxod roInfIonshI
fo fho InInfoxf bIock. Thoroforo, roonfIng nfforns of 64 bIfs nro nof oxosod.
Ior docryfIon, onch cIhor bIock Is nssod fhrough fho docryfIon nIgorIfhm.
Tho rosuIf Is XO!-od wIfh fho rocodIng cIhorfoxf bIock fo roduco fho InInfoxf bIock.
To soo fhnf fhIs works, wo cnn wrIfo:

Thon,

To roduco fho fIrsf bIock of cIhorfoxf, nn InIfInIIznfIon vocfor (IV) Is XO!-od
wIfh fho fIrsf bIock of InInfoxf. On docryfIon, fho IV Is XO!-od wIfh fho oufuf of fho
docryfIon nIgorIfhm fo rocovor fho fIrsf bIock of InInfoxf.
Tho IV musf bo known fo bofh fho sondor nnd rocoIvor. Ior mnxImum socurIfy,
fho IV shouId bo rofocfod ns woII ns fho koy. ThIs couId bo dono by sondIng fho IV
usIng ICI oncryfIon. Ono ronson for rofocfIng fho IV Is ns foIIows: If nn oononf Is
nbIo fo fooI fho rocoIvor Info usIng n dIfforonf vnIuo for IV, fhon fho oononf Is nbIo fo
Invorf soIocfod bIfs In fho fIrsf bIock of InInfoxf. To soo fhIs, consIdor fho foIIowIng:

ow uso fho nofnfIon fhnf X|i] donofos fho ifh bIf of fho 64-bIf qunnfIfy X. Thon,

TLunguveI Muvugun 1.B?
Thon, usIng fho roorfIos of XO!, wo cnn sfnfo

whoro fho rImo nofnfIon donofos bIf comIomonfnfIon. ThIs monns fhnf If nn oononf
cnn rodIcfnbIy chnngo bIfs In IV, fho corrosondIng bIfs of fho rocoIvod vnIuo of Pl cnn
bo chnngod.
In concIusIon, bocnuso of fho chnInIng mochnnIsm of CIC, If Is nn nrorInfo
modo for oncryfIng mossngos of Iongfh gronfor fhnn 64 bIfs. In nddIfIon fo Ifs uso fo
nchIovo confIdonfInIIfy, fho CIC modo cnn bo usod for nufhonfIcnfIon.

CIpLev BIock CLuInIng (CBC) Mode

CIpLev Ieedbuck Mode
Tho IS schomo Is ossonfInIIy n bIock cIhor fochnIquo fhnf usos 64-bIf bIocks.
Howovor, If Is ossIbIo fo convorf IS Info n sfronm cIhor, usIng oIfhor fho cIhor
foodbnck (CII) or fho oufuf foodbnck modo. A sfronm cIhor oIImInnfos fho nood fo
nd n mossngo fo bo nn InfogrnI numbor of bIocks. If nIso cnn oornfo In ronI fImo.
TLunguveI Muvugun 1.BB
Thus, If n chnrncfor sfronm Is boIng frnnsmIffod, onch chnrncfor cnn bo

oncryfod nnd frnnsmIffod ImmodInfoIy usIng n chnrncfor orIonfod sfronm cIhor. Ono
Jeoiruble property of n sfronm cIhor Is fhnf fho cIhorfoxf bo of fho snmo Iongfh ns
fho InInfoxf. Thus, If 8-bIf chnrncfors nro boIng frnnsmIffod, onch chnrncfor shouId bo
oncryfod usIng 8 bIfs. If moro fhnn 8 bIfs nro usod, frnnsmIssIon cnncIfy Is wnsfod.

o-bIt CIpLev Ieedbuck (CIB) Mode

In fho fIguro, If Is nssumod fhnf fho unIf of frnnsmIssIon Is e bIfs; n common
vnIuo Is e = 8. As wIfh CIC, fho unIfs of InInfoxf nro chnInod fogofhor, so fhnf fho
cIhorfoxf of nny InInfoxf unIf Is n funcfIon of nII fho rocodIng InInfoxf. In fhIs cnso,
rnfhor fhon unIfs of 64 bIfs, fho InInfoxf Is dIvIdod Info eegnenIe of e bIfs.
IIrsf, consIdor encryption. Tho Inuf fo fho oncryfIon funcfIon Is n 64-bIf shIff
rogIsfor fhnf Is InIfInIIy sof fo somo InIfInIIznfIon vocfor (IV). Tho Ioffmosf (mosf
sIgnIfIcnnf) e bIfs of fho oufuf of fho oncryfIon funcfIon nro XO!od wIfh fho fIrsf
sogmonf of InInfoxf Pl fo roduco fho fIrsf unIf of cIhorfoxf Cl, whIch Is fhon
frnnsmIffod. In nddIfIon, fho confonfs of fho shIff rogIsfor nro shIffod Ioff by e bIfs nnd
Cl Is Incod In fho rIghfmosf (Ionsf sIgnIfIcnnf) e bIfs of fho shIff rogIsfor. ThIs rocoss
confInuos unfII nII InInfoxf unIfs hnvo boon oncryfod.
Ior docryfIon, fho snmo schomo Is usod, oxcof fhnf fho rocoIvod cIhorfoxf unIf
Is XO!od wIfh fho oufuf of fho oncryfIon funcfIon fo roduco fho InInfoxf unIf. ofo
fhnf If Is fho encr,pIion funcfIon fhnf Is usod, nof fho docryfIon funcfIon. ThIs Is onsIIy
oxInInod. !of Se(X) bo dofInod ns fho mosf sIgnIfIcnnf e bIfs of X. Thon

Thoroforo

Output Ieedbuck Mode
Tho oufuf foodbnck (OII) modo Is sImIInr In sfrucfuro fo fhnf of CII, ns
IIIusfrnfod In IIguro. As cnn bo soon, If Is fho oufuf of fho oncryfIon funcfIon fhnf Is
fod bnck fo fho shIff rogIsfor In OII, whorons In CII fho cIhorfoxf unIf Is fod bnck fo
fho shIff rogIsfor.
Ono uJtuntuge of fho OII mofhod Is fhnf bIf orrors In frnnsmIssIon do nof
rongnfo. Ior oxnmIo, If n bIf orror occurs In Cl, onIy fho rocovorod vnIuo of Pl Is
nffocfod; subsoquonf InInfoxf unIfs nro nof corrufod. WIfh CII, Cl nIso sorvos ns
Inuf fo fho shIff rogIsfor nnd fhoroforo cnusos nddIfIonnI corrufIon downsfronm.
Tho JiouJtuntuge of OII Is fhnf If Is moro vuInornbIo fo n mossngo sfronm
modIfIcnfIon nffnck fhnn Is CII. ConsIdor fhnf comIomonfIng n bIf In fho cIhorfoxf
comIomonfs fho corrosondIng bIf In fho rocovorod InInfoxf.
Thus, confroIIod chnngos fo fho rocovorod InInfoxf cnn bo mndo. ThIs mny mnko
If ossIbIo for nn oononf, by mnkIng fho nocossnry chnngos fo fho chocksum orfIon
of fho mossngo ns woII ns fo fho dnfn orfIon, fo nIfor fho cIhorfoxf In such n wny fhnf
If Is nof dofocfod by nn orror-corrocfIng codo.

o-bIt Output Ieedbuck (OIB) Mode

Countev Mode
IIguro doIcfs fho CT! modo. A counfor, oqunI fo fho InInfoxf bIock sIzo Is usod.
Tho onIy roquIromonf sfnfod In SI 800-38A Is fhnf fho counfor vnIuo musf bo dIfforonf
for onch InInfoxf bIock fhnf Is oncryfod. TyIcnIIy, fho counfor Is InIfInIIzod fo somo
vnIuo nnd fhon Incromonfod by l for onch subsoquonf bIock (moduIo 2
I
, whoro I Is fho
bIock sIzo).
Ior oncryfIon, fho counfor Is oncryfod nnd fhon XO!od wIfh fho InInfoxf
bIock fo roduco fho cIhorfoxf bIock; fhoro Is no chnInIng. Ior docryfIon, fho snmo
soquonco of counfor vnIuos Is usod, wIfh onch oncryfod counfor XO!od wIfh n
cIhorfoxf bIock fo rocovor fho corrosondIng InInfoxf bIock.

Countev (CTR) Mode
Advuntuges oI CTR mode
Huvdwuve eIIIcIency:
!nIIko fho fhroo chnInIng modos, oncryfIon (or docryfIon) In CT! modo cnn bo
dono In nrnIIoI on muIfIIo bIocks of InInfoxf or cIhorfoxf. Ior fho chnInIng modos,
fho nIgorIfhm musf comIofo fho comufnfIon on ono bIock boforo bogInnIng on fho noxf
bIock. ThIs IImIfs fho mnxImum fhroughuf of fho nIgorIfhm fo fho rocIrocnI of fho
fImo for ono oxocufIon of bIock oncryfIon or docryfIon. In CT! modo, fho fhroughuf
Is onIy IImIfod by fho nmounf of nrnIIoIIsm fhnf Is nchIovod.
SoItwuve eIIIcIency:
SImIInrIy, bocnuso of fho oorfunIfIos for nrnIIoI oxocufIon In CT! modo,
rocossors fhnf suorf nrnIIoI fonfuros, such ns nggrossIvo IoIInIng, muIfIIo
InsfrucfIon dIsnfch or cIock cycIo, n Inrgo numbor of rogIsfors, nnd SIM
InsfrucfIons, cnn bo offocfIvoIy ufIIIzod.
PvepvocessIng:
Tho oxocufIon of fho undorIyIng oncryfIon nIgorIfhm doos nof doond on Inuf
of fho InInfoxf or cIhorfoxf. Thoroforo, If suffIcIonf momory Is nvnIInbIo nnd socurIfy
Is mnInfnInod, rorocossIng cnn bo usod fo ronro fho oufuf of fho oncryfIon boxos
fhnf food Info fho XO! funcfIons. Whon fho InInfoxf or cIhorfoxf Inuf Is rosonfod,
fhon fho onIy comufnfIon Is n sorIos of XO!s. Such n sfrnfogy gronfIy onhnncos
fhroughuf.
Rundom uccess:
Tho ifh bIock of InInfoxf of cIhorfoxf cnn bo rocossod In rnndom nccoss
fnshIon. WIfh fho chnInIng modos, bIock Ci cnnnof bo comufod unfII fho i l rIor
bIock nro comufod. Thoro mny bo nIIcnfIons In whIch n cIhorfoxf Is sforod nnd If Is
dosIrod fo docryf jusf ono bIock; for such nIIcnfIons, fho rnndom nccoss fonfuro Is
nffrncfIvo.
PvovubIe secuvIty:
If cnn bo shown fhnf CT! Is nf Ionsf ns socuro ns fho ofhor modos.
SImpIIcIty:
!nIIko ICI nnd CIC modos, CT! modo roquIros onIy fho ImIomonfnfIon of fho
oncryfIon nIgorIfhm nnd nof fho docryfIon nIgorIfhm. ThIs mnffors mosf whon fho
docryfIon nIgorIfhm dIffors subsfnnfInIIy from fho oncryfIon nIgorIfhm, ns If doos for
AIS. In nddIfIon, fho docryfIon koy schoduIIng nood nof bo ImIomonfod.

1.22 AVANC NCRYPTION STANAR
Tho Advnncod IncryfIon Sfnndnrd (AIS) wns ubIIshod by IST (nfIonnI
InsfIfufo of Sfnndnrds nnd TochnoIogy) In 200l. AIS Is n symmofrIc bIock cIhor fhnf Is
Infondod fo roInco IS ns fho nrovod sfnndnrd for n wIdo rnngo of nIIcnfIons.

vuIuutIon CvItevIu Iov AS
TLe OvIgIns oI AS
In l999, IST Issuod n now vorsIon of Ifs IS sfnndnrd (IIIS I!I 46-3) fhnf
IndIcnfod fhnf S shouId onIy bo usod for Iogncy sysfoms nnd fhnf frIIo IS (3IS)
bo usod.
3S hns fwo nffrncfIons fhnf nssuro Ifs wIdosrond uso ovor fho noxf fow
yonrs. IIrsf, wIfh Ifs l68-bIf koy Iongfh, If ovorcomos fho vuInornbIIIfy fo brufo-forco
nffnck of IA. Socond, fho undorIyIng oncryfIon nIgorIfhm In 3IS Is fho snmo ns In
IA. ThIs nIgorIfhm hns boon subjocfod fo moro scrufIny fhnn nny ofhor oncryfIon
nIgorIfhm ovor n Iongor orIod of fImo, nnd no offocfIvo cryfnnnIyfIc nffnck bnsod on
fho nIgorIfhm rnfhor fhnn brufo forco hns boon found.
AccordIngIy, fhoro Is n hIgh IovoI of confIdonco fhnf 3IS Is vory rosIsfnnf fo
cryfnnnIysIs. If socurIfy woro fho onIy consIdornfIon, fhon 3IS wouId bo nn
nrorInfo choIco for n sfnndnrdIzod oncryfIon nIgorIfhm for docndos fo como.

Tho principul Jruubuck of 3IS Is fhnf fho nIgorIfhm Is roInfIvoIy sIuggIsh In
soffwnro. 3IS, whIch hns fhroo fImos ns mnny rounds ns IA, Is corrosondIngIy
sIowor. A oeconJury Jruubuck Is fhnf bofh IA nnd 3IS uso n 64-bIf bIock sIzo.
Ior ronsons of bofh offIcIoncy nnd socurIfy, n Inrgor bIock sIzo Is dosIrnbIo.

Iocnuso of fhoso drnwbncks, 3IS Is nof n ronsonnbIo cnndIdnfo for Iong-form
uso. As n roIncomonf, IST In l99? Issuod n cnII for roosnIs for n now AJtunceJ
Encryption StunJurJ (AES), whIch shouId hnvo socurIfy sfrongfh oqunI fo or boffor
fhnn 3IS nnd sIgnIfIcnnfIy, Imrovod offIcIoncy.
In nddIfIon fo fhoso gonornI roquIromonfs, IST socIfIod fhnf AIS musf bo n
symmofrIc bIock cIhor wIfh n bIock Iongfh of l28 bIfs nnd suorf for koy Iongfhs of
l28, l92, nnd 256 bIfs. In n fIrsf round of ovnIunfIon, l5 roosod nIgorIfhms woro
nccofod. A socond round nnrrowod fho fIoId fo 5 nIgorIfhms.

AS vuIuutIon
Tho fhroo cnfogorIos of crIforIn woro:
SecuvIty:
ThIs rofors fo fho offorf roquIrod fo cryfnnnIyzo nn nIgorIfhm. Tho omhnsIs In
fho ovnIunfIon wns on fho rncfIcnIIfy of fho nffnck. Iocnuso fho mInImum koy sIzo for
AIS Is l28 bIfs, brufo-forco nffncks wIfh curronf nnd rojocfod fochnoIogy nood nof
hnvo boon consIdorod.
Cost:
IST Infonds AIS fo bo rncfIcnI In n wIdo rnngo of nIIcnfIons. AccordIngIy,
AIS musf hnvo hIgh comufnfIonnI offIcIoncy, so ns fo bo usnbIo In hIgh-sood
nIIcnfIons, such ns brondbnnd IInks.
AIgovItLm und ImpIementutIon cLuvuctevIstIcs:
ThIs cnfogory IncIudos n vnrIofy of consIdornfIons, IncIudIng fIoxIbIIIfy;
suIfnbIIIfy for n vnrIofy of hnrdwnro nnd soffwnro ImIomonfnfIons; nnd sImIIcIfy,
whIch wIII mnko nn nnnIysIs of socurIfy moro sfrnIghfforwnrd.


NIST vuIuutIon CvItevIu Iov AS


IInuI NIST vuIuutIon oI RIJndueI

1.23 TH AS CIPHR
Tho !IjndnoI roosnI for AIS dofInod n cIhor In whIch fho bIock Iongfh nnd fho
koy Iongfh cnn bo IndoondonfIy socIfIod fo bo l28, l92, or 256 bIfs. Tho AIS
socIfIcnfIon usos fho snmo fhroo koy sIzo nIfornnfIvos buf IImIfs fho bIock Iongfh fo l28
bIfs. A numbor of AIS nrnmofors doond on fho koy Iongfh.

AS Puvumetevs
!IjndnoI wns dosIgnod fo hnvo fho foIIowIng chnrncforIsfIcs:

!osIsfnnco ngnInsf nII known nffncks
Sood nnd codo comncfnoss on n wIdo rnngo of Infforms
osIgn sImIIcIfy

AS ncvyptIon und ecvyptIon
IIguro shows fho ovornII sfrucfuro of AIS. Tho Inuf fo fho oncryfIon nnd
docryfIon nIgorIfhms Is n sIngIo l28-bIf bIock.

AS utu Stvuctuves

ThIs bIock Is doIcfod ns n squnro mnfrIx of byfos. ThIs bIock Is coIod Info fho
Stute nrrny, whIch Is modIfIod nf onch sfngo of oncryfIon or docryfIon. Affor fho fInnI
sfngo, Stute Is coIod fo nn oufuf mnfrIx. Thoso oornfIons nro doIcfod In IIguro n.
SImIInrIy, fho l28-bIf koy Is doIcfod ns n squnro mnfrIx of byfos. ThIs koy Is fhon
oxnndod Info nn nrrny of koy schoduIo words; onch word Is four byfos nnd fho fofnI koy
schoduIo Is 44 words for fho l28-bIf koy (IIguro b).

ofo fhnf fho ordorIng of byfos wIfhIn n mnfrIx Is by coIumn. So, for oxnmIo,
fho fIrsf four byfos of n l28-bIf InInfoxf Inuf fo fho oncryfIon cIhor occuy fho fIrsf
coIumn of fho In mnfrIx, fho socond four byfos occuy fho socond coIumn, nnd so on.
SImIInrIy, fho fIrsf four byfos of fho oxnndod koy, whIch form n word, occuy fho fIrsf
coIumn of fho w mnfrIx.

The oterull AES otructure:
l. Ono nofoworfhy fonfuro of fhIs sfrucfuro Is fhnf If Is nof n IoIsfoI sfrucfuro.
!ocnII fhnf In fho cInssIc IoIsfoI sfrucfuro, hnIf of fho dnfn bIock Is usod fo
modIfy fho ofhor hnIf of fho dnfn bIock, nnd fhon fho hnIvos nro swnod.
Two of fho AIS fInnIIsfs, IncIudIng !IjndnoI, do nof usos n IoIsfoI

sfrucfuro buf rocoss fho onfIro dnfn bIock In nrnIIoI durIng onch round usIng
subsfIfufIons nnd ormufnfIon.
2. Tho koy fhnf Is rovIdod ns Inuf Is oxnndod Info nn nrrny of 44 32-bIf words,
w|i]. Iour dIsfIncf words (l28 bIfs) sorvo ns n round koy for onch round.
3. Iour dIfforonf sfngos nro usod, ono of ormufnfIon nnd fhroo of subsfIfufIon:
SubstItute bytes : !sos nn S-box fo orform n byfo-by-byfo subsfIfufIon
of fho bIock
SLIIt vows : A sImIo ormufnfIon
MI coIumns : A subsfIfufIon fhnf mnkos uso of nrIfhmofIc ovor
CI(2
8
)
Add vound key : A sImIo bIfwIso XO! of fho curronf bIock wIfh n
orfIon of fho oxnndod koy
4. Tho sfrucfuro Is quIfo sImIo. Ior bofh oncryfIon nnd docryfIon, fho cIhor
bogIns wIfh nn Add !ound Koy sfngo, foIIowod by 9 rounds fhnf onch IncIudos nII
four sfngos, foIIowod by n fonfh round of fhroo sfngos.

AS ncvyptIon Round
5. OnIy fho Add !ound Koy sfngo mnkos uso of fho koy. Ior fhIs ronson, fho cIhor
bogIns nnd onds wIfh nn Add !ound Koy sfngo. Any ofhor sfngo, nIIod nf fho
bogInnIng or ond, Is rovorsIbIo wIfhouf knowIodgo of fho koy nnd so wouId ndd no
socurIfy.

6. Tho Add !ound Koy sfngo Is, In offocf, n form of Vornnm cIhor nnd by IfsoIf
wouId nof bo formIdnbIo. Tho ofhor fhroo sfngos fogofhor rovIdo confusIon,
dIffusIon, nnd nonIInonrIfy, buf by fhomsoIvos wouId rovIdo no socurIfy bocnuso
fhoy do nof uso fho koy. Wo cnn vIow fho cIhor ns nIfornnfIng oornfIons of XO!
oncryfIon (Add !ound Koy) of n bIock, foIIowod by scrnmbIIng of fho bIock (fho
ofhor fhroo sfngos), nnd foIIowod by XO! oncryfIon, nnd so on. ThIs schomo Is
bofh offIcIonf nnd hIghIy socuro.

?. Inch sfngo Is onsIIy rovorsIbIo. Ior fho SubsfIfufo Iyfo, ShIff !ow, nnd MIx
CoIumns sfngos, nn Invorso funcfIon Is usod In fho docryfIon nIgorIfhm. Ior fho
Add !ound Koy sfngo, fho Invorso Is nchIovod by XO!Ing fho snmo round koy fo
fho bIock, usIng fho rosuIf fhnf A A I = I.

8. As wIfh mosf bIock cIhors, fho docryfIon nIgorIfhm mnkos uso of fho oxnndod
koy In rovorso ordor. Howovor, fho docryfIon nIgorIfhm Is nof IdonfIcnI fo fho
oncryfIon nIgorIfhm. ThIs Is n consoquonco of fho nrfIcuInr sfrucfuro of AIS.

9. Onco If Is osfnbIIshod fhnf nII four sfngos nro rovorsIbIo, If Is onsy fo vorIfy fhnf
docryfIon doos rocovor fho InInfoxf. IIrsf IIguro In AIS Inys ouf oncryfIon
nnd docryfIon goIng In oosIfo vorfIcnI dIrocfIons. Af onch horIzonfnI oInf
(o.g., fho dnshod IIno In fho fIguro), Stute Is fho snmo for bofh oncryfIon nnd
docryfIon.

l0. Tho fInnI round of bofh oncryfIon nnd docryfIon consIsfs of onIy fhroo sfngos.
AgnIn, fhIs Is n consoquonco of fho nrfIcuInr sfrucfuro of AIS nnd Is roquIrod fo
mnko fho cIhor rovorsIbIo.
SubstItute Bytes TvunsIovmutIon

Iovwuvd und Invevse TvunsIovmutIons
Tho Iovwuvd substItute byte tvunsIovmutIon, cnIIod SubIyfos, Is n sImIo
fnbIo Iooku (IoIow IIguro n). AIS dofInos n l6Xl6 mnfrIx of byfo vnIuos, cnIIod nn S-
box (IoIow TnbIo n), fhnf confnIns n ormufnfIon of nII ossIbIo 256 8-bIf vnIuos.

AS Byte-IeveI OpevutIons

AS S-Boes
Inch IndIvIdunI byfo of Stute Is mnod Info n now byfo In fho foIIowIng wny:
Tho Ioffmosf four bIfs of fho byfo nro usod ns n row vnIuo nnd fho rIghfmosf four bIfs
nro usod ns n coIumn vnIuo. Thoso row nnd coIumn vnIuos sorvo ns Indoxos Info fho S-
box fo soIocf n unIquo 8-bIf oufuf vnIuo. Tho Invevse substItute byte
tvunsIovmutIon, cnIIod InvSubIyfos, mnkos uso of fho Invorso S-box shown In nbovo
TnbIo b.

SLIIt Row TvunsIovmutIon
Tho Iovwuvd sLIIt vow tvunsIovmutIon, cnIIod ShIff!ows, Is doIcfod In
(IoIow IIguro n). Tho fIrsf row of Stute Is nof nIforod. Ior fho socond row, n l-byfo
cIrcuInr Ioff shIff Is orformod. Ior fho fhIrd row, n 2-byfo cIrcuInr Ioff shIff Is
orformod. Ior fho fhIrd row, n 3-byfo cIrcuInr Ioff shIff Is orformod.

AS Row und CoIumn OpevutIons
Tho Invevse sLIIt vow tvunsIovmutIon, cnIIod InvShIff!ows, orforms fho

cIrcuInr shIffs In fho oosIfo dIrocfIon for onch of fho Insf fhroo rows, wIfh n ono-byfo
cIrcuInr rIghf shIff for fho socond row, nnd so on.

MI CoIumn TvunsIovmutIon
Tho Iovwuvd mI coIumn tvunsIovmutIon, cnIIod MIxCoIumns, oornfos on
onch coIumn IndIvIdunIIy. Inch byfo of n coIumn Is mnod Info n now vnIuo fhnf Is n
funcfIon of nII four byfos In fho coIumn.
Tho frnnsformnfIon cnn bo dofInod by fho foIIowIng mnfrIx muIfIIIcnfIon on
Stute (Abovo IIguro b):

Inch oIomonf In fho roducf mnfrIx Is fho sum of roducfs of oIomonfs of ono row
nnd ono coIumn. In fhIs cnso, fho IndIvIdunI nddIfIons nnd muIfIIIcnfIons nro
orformod In CI(2
8
).
Tho MIxCoIumns frnnsformnfIon on n sIngIo coIumn c (0 _ c _ 3) of Stute cnn bo
oxrossod ns:

Tho Invevse mI coIumn tvunsIovmutIon, cnIIod InvMIxCoIumns, Is dofInod

by fho foIIowIng mnfrIx muIfIIIcnfIon:

If Is nof ImmodInfoIy cIonr fhnf nbovo IqunfIon Is fho Invevse of normnI
IqunfIon. Whnf wo nood fo show Is fhnf:

whIch Is oquIvnIonf fo showIng fhnf:

Thnf Is, fho Invorso frnnsformnfIon mnfrIx fImos fho forwnrd frnnsformnfIon
mnfrIx oqunIs fho IdonfIfy mnfrIx. To vorIfy fho fIrsf coIumn of nbovo IqunfIon, wo nood
fo show fhnf

Ior fho fIrsf oqunfIon, wo hnvo {0I} : {02} = 000lll00; nnd {09} : {03} = {09} :
({09} :{02}) = 0000l00l 000l00l0 = 000ll0ll. Thon,

Tho ofhor oqunfIons cnn bo sImIInrIy vorIfIod.

Add Round Key TvunsIovmutIon
In fho Iovwuvd udd vound key tvunsIovmutIon, cnIIod Add!oundKoy, fho l28
bIfs of Stute nro bIfwIso XO!od wIfh fho l28 bIfs of fho round koy. As shown In Iigure
I AJJ IounJ le, TronefornoIion, fho oornfIon Is vIowod ns n coIumn-wIso oornfIon
bofwoon fho four byfos of n Stute coIumn nnd ono word of fho round koy; If cnn nIso bo
vIowod ns n byfo-IovoI oornfIon. Tho Invevse udd vound key tvunsIovmutIon Is
IdonfIcnI fo fho forwnrd ndd round koy frnnsformnfIon, bocnuso fho XO! oornfIon Is Ifs
own Invorso.

AS Key punsIon
Key punsIon AIgovItLm
Tho AIS koy oxnnsIon nIgorIfhm fnkos ns Inuf n 4-word (l6-byfo) koy nnd
roducos n IInonr nrrny of 44 words (l56 byfos). ThIs Is suffIcIonf fo rovIdo n 4-word
round koy for fho InIfInI Add !ound Koy sfngo nnd onch of fho l0 rounds of fho cIhor.
Tho foIIowIng soudocodo doscrIbos fho oxnnsIon:


AS Key punsIon

quIvuIent Invevse CIpLev
Tho AIS docryfIon cIhor Is nof IdonfIcnI fo fho oncryfIon cIhor. Thnf Is fho
soquonco of frnnsformnfIons for docryfIon dIffors from fhnf for oncryfIon, nIfhough
fho form of fho koy schoduIos for oncryfIon nnd docryfIon Is fho snmo. ThIs hns fho
dIsndvnnfngo fhnf fwo sonrnfo soffwnro or fIrmwnro moduIos nro noodod for
nIIcnfIons fhnf roquIro bofh oncryfIon nnd docryfIon.
Thoro Is, howovor, nn oquIvnIonf vorsIon of fho docryfIon nIgorIfhm fhnf hns fho
snmo sfrucfuro ns fho oncryfIon nIgorIfhm. Tho oquIvnIonf vorsIon hns fho snmo
soquonco of frnnsformnfIons ns fho oncryfIon nIgorIfhm (wIfh frnnsformnfIons
roIncod by fhoIr Invorsos).
To nchIovo fhIs oquIvnIonco, n chnngo In koy schoduIo Is noodod. Two sonrnfo
chnngos nro noodod fo brIng fho docryfIon sfrucfuro In IIno wIfh fho oncryfIon
sfrucfuro. An oncryfIon round hns fho sfrucfuro SubIyfos, ShIff!ows, MIxCoIumns,
Add!oundKoy. Tho sfnndnrd docryfIon round hns fho sfrucfuro InvShIff!ows,
InvSubIyfos, Add!oundKoy, InvMIxCoIumns. Thus, fho fIrsf fwo sfngos of fho
docryfIon round nood fo bo Inforchnngod, nnd fho socond fwo chnngos of fho docryfIon
round nood fo bo Inforchnngod.
IntevcLungIng InvSLIItRows und InvSubBytes

InvShIff!ows nffocfs fho soquonco of byfos In Stute, buf doos nof nIfor byfo
confonfs nnd doos nof doond on byfo confonfs fo orform Ifs frnnsformnfIon.
InvSubIyfos nffocfs fho confonfs of byfos In Stute, buf doos nof nIfor byfo soquonco nnd
doos nof doond on byfo soquonco fo orform Ifs frnnsformnfIon. Thus, fhoso fwo
oornfIons commufo nnd cnn bo Inforchnngod. Ior n gIvon Stute Si,
InvShIff!ows |InvSubIyfos (Si)] = InvSubIyfos |InvShIff!ows (Si)]

IntevcLungIng AddRoundKey und InvMICoIumns
Tho frnnsformnfIons Add!oundKoy nnd InvMIxCoIumns do nof nIfor fho
soquonco of byfos In Stute. If wo vIow fho koy ns n soquonco of words, fhon bofh
Add!oundKoy nnd InvMIxCoIumns oornfo on Stute ono coIumn nf n fImo. Thoso fwo
oornfIons nro IInonr wIfh rosocf fo fho coIumn Inuf. Thnf Is, for n gIvon Stute Si nnd
n gIvon round koy uj:
InvMIxCoIumns (Si uj) = |InvMIxCoIumns (Si)] |InvMIxCoIumns (uj)]

quIvuIent Invevse CIpLev
1.24 CONTMPORARY SYMMTRIC CIPHRS

ThIs socfIon oxnmInos somo of fho mosf Imorfnnf symmofrIc cIhors In curronf
uso. Tho cIhors woro soIocfod bnsod on n numbor of crIforIn:
|l] Thoy oxhIbIf consIdornbIo cryfogrnhIc sfrongfh.
|2] Thoy nro ouInr In Infornof-bnsod nIIcnfIons.
|3] Thoy IIIusfrnfo modorn symmofrIc cIhor fochnIquos fhnf hnvo boon dovoIood
sInco fho InfroducfIon of IS.
Tho socfIon oxnmInos fho foIIowIng symmofrIc bIock cIhors: frIIo IS,
IIowfIsh, nnd !C5.

A. TRIPI S
CIvon fho ofonfInI vuInornbIIIfy of IS fo n brufo-forco nffnck, fhoro hns boon
consIdornbIo Inforosf In fIndIng nn nIfornnfIvo. Ono nronch Is fo dosIgn n comIofoIy
now nIgorIfhm. Anofhor nIfornnfIvo, whIch wouId rosorvo fho oxIsfIng Invosfmonf In
soffwnro nnd oquImonf, Is fo uso muIfIIo oncryfIon wIfh IS nnd muIfIIo koys. Wo
bogIn by oxnmInIng fho sImIosf oxnmIo of fhIs socond nIfornnfIvo.
oubIe S
Tho sImIosf form of muIfIIo oncryfIon hns fwo oncryfIon sfngos nnd fwo koys
(IIguro n).

(u) oubIe ncvyptIon
CIvon n InInfoxf P nnd fwo oncryfIon koys Kl nnd K2, cIhorfoxf C Is gonornfod ns:

ocryfIon roquIros fhnf fho koys bo nIIod In rovorso ordor:

Ior IS, fhIs schomo nnronfIy InvoIvos n koy Iongfh of 56 X 2 = ll2 bIfs,
rosuIfIng In n drnmnfIc Incronso In cryfogrnhIc sfrongfh.

ReductIon to u SIngIe Stuge
Suoso for IS, for nII 56-bIf koy vnIuos, fhnf gIvon nny fwo koys Kl nnd K2, If
wouId bo ossIbIo fo fInd n koy K3 such fhnf:

Thon doubIo oncryfIon, nnd Indood nny numbor of sfngos of muIfIIo oncryfIon
wIfh IS, wouId bo usoIoss bocnuso fho rosuIf wouId bo oquIvnIonf fo n sIngIo
oncryfIon wIfh n sIngIo 56-bIf koy. IS dofInos ono mnIng for onch dIfforonf koy, for
n fofnI numbor of mnIngs:

Thoroforo, If Is ronsonnbIo fo nssumo fhnf If IS Is usod fwIco wIfh dIfforonf
koys, If wIII roduco ono of fho mnny mnIngs fhnf Is nof dofInod by n sIngIo
nIIcnfIon of IS.

Meet-In-tLe-MIddIe Attuck
If Is bnsod on,

nnd

CIvon n known nIr, (P, C), fho nffnck rocoods ns foIIows. IIrsf, oncryf P for nII
2
56
ossIbIo vnIuos of Kl.
Sforo fhoso rosuIfs In n fnbIo nnd fhon sorf fho fnbIo by fho vnIuos of X. oxf,
docryf C usIng nII 2
56
ossIbIo vnIuos of K2. As onch docryfIon Is roducod, chock fho
rosuIf ngnInsf fho fnbIo for n mnfch. If n mnfch occurs, fhon fosf fho fwo rosuIfIng koys
ngnInsf n now known InInfoxf-cIhorfoxf nIr. If fho fwo koys roduco fho corrocf
cIhorfoxf, nccof fhom ns fho corrocf koys.

TvIpIe S wItL Two Keys
In ordor fo counfor fho moof-In-fho-mIddIo nffnck Is fo uso fhroo sfngos of
oncryfIon wIfh fhroo dIfforonf koys. ThIs rnIsos fho cosf of fho known-InInfoxf nffnck
fo 2
ll2
, whIch Is boyond whnf Is rncfIcnI.
As nn nIfornnfIvo, n frIIo oncryfIon mofhod fhnf usos onIy fwo koys wns
roosod. Tho funcfIon foIIows nn oncryf-docryf-oncryf (II) soquonco (IIguro b):

Thoro Is no cryfogrnhIc sIgnIfIcnnco fo fho uso of docryfIon for fho socond
sfngo. Ifs onIy ndvnnfngo Is fhnf If nIIows usors of 3IS fo docryf dnfn oncryfod by
usors of fho oIdor sIngIo IS:

A known-InInfoxf nffnck Is bnsod on fho obsorvnfIon fhnf If wo know A nnd C
(IIguro b), fhon fho robIom roducos fo fhnf of nn nffnck on doubIo IS.
Tho nffnckor cnn chooso n ofonfInI vnIuo of A nnd fhon fry fo fInd n known (P,
C) nIr fhnf roducos A.

(b) TvIpIe ncvyptIon
Tho nffnck rocoods ns foIIows:

l. ObfnIn n (P, C) nIrs. ThIs Is fho known InInfoxf. IInco fhoso In n fnbIo
(TnbIo l) sorfod on fho vnIuos of P (IIguro l).
2. IIck nn nrbIfrnry vnIuo o for A, nnd cronfo n socond fnbIo (IIguro 2) wIfh onfrIos
dofInod In fho foIIowIng fnshIon. Ior onch of fho 2
56
ossIbIo koys Kl = i,
cnIcuInfo fho InInfoxf vnIuo Pi fhnf roducos o:

Ior onch Pi fhnf mnfchos nn onfry In TnbIo l, cronfo nn onfry In TnbIo 2
consIsfIng of fho Kl vnIuo nnd fho vnIuo of B fhnf Is roducod for fho (P, C) nIr
from TnbIo l, nssumIng fhnf vnIuo of Kl:

Af fho ond of fhIs sfo, sorf TnbIo 2 on fho vnIuos of B.

Two-key TvIpIe ncvyptIon wItL CundIdute PuIv oI Keys

(1) TubIe oI n known pIuIntet-cIpLevtet puIvs, sovted on P

(2) TubIe oI IntevmedIute vuIues und cundIdute keys
IIguves: Known-PIuIntet Attuck on TvIpIe S
3. Wo now hnvo n numbor of cnndIdnfo vnIuos of Kl In TnbIo 2 nnd nro In n osIfIon
fo sonrch for n vnIuo of K2. Ior onch of fho 2
56
ossIbIo koys K2 = j, cnIcuInfo fho
socond InformodInfo vnIuo for our choson vnIuo of o:

Af onch sfo, Iook u Bj In TnbIo 2. If fhoro Is n mnfch, fhon fho corrosondIng
koy i from TnbIo 2 Ius fhIs vnIuo of j nro cnndIdnfo vnIuos for fho unknown koys
(Kl, K2). Why` Iocnuso wo hnvo found n nIr of koys (i, j) fhnf roduco n known
(P, C) nIr.
4. Tosf onch cnndIdnfo nIr of koys (i, j) on n fow ofhor InInfoxf-cIhorfoxf nIrs. If
n nIr of koys roducos fho dosIrod cIhorfoxf, fho fnsk Is comIofo. If no nIr
succoods, roonf from sfo l wIfh n now vnIuo of o.
Tho oxocfod numbor of vnIuos of o fhnf musf bo frIod Is, for Inrgo n,

Tho oxocfod runnIng fImo of fho nffnck Is on fho ordor of:


TvIpIe S wItL TLvee Keys
Throo-koy 3IS hns nn offocfIvo koy Iongfh of l68 bIfs nnd Is dofInod ns foIIows:

Inckwnrd comnfIbIIIfy wIfh IS Is rovIdod by uffIng
K3 = K2 ov K1 = K2.
B. BIOWIISH
IIowfIsh Is n symmofrIc bIock cIhor dovoIood by Iruco SchnoIor. IIowfIsh wns
dosIgnod fo hnvo fho foIIowIng chnrncforIsfIcs:
Iust:
IIowfIsh oncryfs dnfn on 32-bIf mIcrorocossors nf n rnfo of l8 cIock cycIos or byfo.
Compuct:
IIowfIsh cnn run In Ioss fhnn 5K of momory.
SImpIe:
IIowfIsh's sImIo sfrucfuro Is onsy fo ImIomonf nnd onsos fho fnsk of doformInIng fho
sfrongfh of fho nIgorIfhm.
VuvIubIy secuve:
Tho koy Iongfh Is vnrInbIo nnd cnn bo ns Iong ns 448 bIfs. ThIs nIIows n frndooff
bofwoon hIghor sood nnd hIghor socurIfy.

IIowfIsh oncryfs 64-bIf bIocks of InInfoxf Info 64-bIf bIocks of cIhorfoxf.
IIowfIsh Is ImIomonfod In numorous roducfs nnd hns rocoIvod n fnIr nmounf of
scrufIny. So fnr, fho socurIfy of IIowfIsh Is unchnIIongod.
Subkey und S-Bo GenevutIon
IIowfIsh mnkos uso of n koy fhnf rnngos from 32 bIfs fo 448 bIfs (ono fo fourfoon
32-bIf words). Thnf koy Is usod fo gonornfo l8 32-bIf subkoys nnd four 8x32 S-boxos
confnInIng n fofnI of l024 32-bIf onfrIos.
Tho fofnI Is l042 32-bIf vnIuos, or 4l68 byfos. Tho koys nro sforod In n K-nrrny:


Tho subkoys nro sforod In fho I-nrrny:

Thoro nro four S-boxos, onch wIfh 256 32-bIf onfrIos:

Tho sfos In gonornfIng fho I-nrrny nnd S-boxos nro ns foIIows:
l. InIfInIIzo fIrsf fho I-nrrny nnd fhon fho four S-boxos In ordor usIng fho bIfs of
fho frncfIonnI nrf of fho consfnnf . Thus, fho Ioffmosf 32 bIfs of fho frncfIonnI
nrf of bocomo Pl, nnd so on. Ior oxnmIo, In hoxndocImnI;

2. Iorform n bIfwIso XO! of fho I-nrrny nnd fho K-nrrny, rousIng words from fho
K-nrrny ns noodod. Ior oxnmIo, for fho mnxImum Iongfh koy (l4 32-bIf words),
Il = Il Kl, I2 = I2 K2, ., Il4 = Il4 Kl4, Il5 = Il5 Kl, . Il8 =
Il8 K4.
3. Incryf fho 64-bIf bIock of nII zoros usIng fho curronf I- nnd S-nrrnys; roInco
Il nnd I2 wIfh fho oufuf of fho oncryfIon.
4. Incryf fho oufuf of sfo 3 usIng fho curronf I nnd S nrrnys nnd roInco I3
nnd I4 wIfh fho rosuIfIng cIhorfoxf.
5. ConfInuo fhIs rocoss fo udnfo nII oIomonfs of I nnd fhon, In ordor, nII oIomonfs
of S, usIng nf onch sfo fho oufuf of fho confInuousIy chnngIng IIowfIsh
nIgorIfhm.
Tho udnfo rocoss cnn bo summnrIzod ns foIIows

whoro II,S|Y] Is fho cIhorfoxf roducod by oncryfIng Y usIng IIowfIsh wIfh fho nrrnys
S nnd I.
A fofnI of 52l oxocufIons of fho IIowfIsh oncryfIon nIgorIfhm nro roquIrod fo
roduco fho fInnI S- nnd I-nrrnys. AccordIngIy, IIowfIsh Is nof suIfnbIo for nIIcnfIons
In whIch fho socrof koy chnngos froquonfIy. Iurfhor, for rnId oxocufIon, fho I- nnd S-
nrrnys cnn bo sforod rnfhor fhnn rodorIvod from fho koy onch fImo fho nIgorIfhm Is
usod. ThIs roquIros ovor 4 KIyfos of momory. Thus, IIowfIsh Is nof nrorInfo for
nIIcnfIons wIfh IImIfod momory, such ns smnrf cnrds.

ncvyptIon und ecvyptIon
IIowfIsh usos fwo rImIfIvo oornfIons:
AddIfIon: AddIfIon of words, donofod by +, Is orformod moduIo 232.
IIfwIso oxcIusIvo-O!: ThIs oornfIon Is donofod by .

Tho Imorfnnf fhIng nbouf fhoso fwo oornfIons Is fhnf fhoy do nof commufo. ThIs
mnkos cryfnnnIysIs moro dIffIcuIf.
IIguro (n) doIcfs fho oncryfIon oornfIon. Tho InInfoxf Is dIvIdod Info fwo 32-bIf
hnIvos !I0 nnd !I0. Wo uso fho vnrInbIos !II nnd !II fo rofor fo fho Ioff nnd rIghf
hnIf of fho dnfn nffor round I hns comIofod.

Tho nIgorIfhm cnn bo dofInod by fho foIIowIng soudocodo:

Tho rosuIfIng cIhorfoxf Is confnInod In fho fwo vnrInbIos I1l? nnd I1l?. Tho
funcfIon I Is shown In boIow IIguro. Tho 32-bIf Inuf fo I Is dIvIdod Info 4 byfos. If wo
InboI fhoso byfos o, I, c, nnd J, fhon fho funcfIon cnn bo dofInod ns foIIows:

Thus, onch round IncIudos fho comIox uso of nddIfIon moduIo 2
32
nnd XO!, Ius
subsfIfufIon usIng S-boxos.

etuII oI SIngIe BIowIIsL Round

ocryfIon, Is onsIIy dorIvod from fho oncryfIon nIgorIfhm. In fhIs cnso, fho 64
bIfs of cIhorfoxf nro InIfInIIy nssIgnod fo fho fwo ono-word vnrInbIos ID0 nnd ID0.
Wo uso fho vnrInbIos IDi nnd IDi fo rofor fo fho Ioff nnd rIghf hnIf of fho dnfn
nffor round i. As wIfh mosf bIock cIhors, IIowfIsh docryfIon InvoIvos usIng fho
subkoys In rovorso ordor.
Howovor, unIIko mosf bIock cIhors, IIowfIsh docryfIon occurs In fho snmo
nIgorIfhmIc dIrocfIon ns oncryfIon, rnfhor fhnn fho rovorso.

Tho nIgorIfhm cnn bo dofInod ns foIIows:

IscussIon
A fow of fho hIghIIghfs of fhnf dIscussIon nro rosonfod horo.
l) A brufo-forco nffnck Is ovon moro dIffIcuIf fhnn mny bo nnronf from fho koy
Iongfh bocnuso of fho fImo-consumIng subkoy-gonornfIon rocoss. A fofnI of 522
oxocufIons of fho oncryfIon nIgorIfhm nro roquIrod fo fosf n sIngIo koy.
2) Tho funcfIon I gIvos IIowfIsh fho bosf ossIbIo nvnInncho nffocf for n IoIsfoI
nofwork: In round i, ovory bIf of Iil nffocfs ovory bIf of Iil. In nddIfIon, ovory
subkoy bIf Is nffocfod by ovory koy bIf, nnd fhoroforo I hns n orfocf nvnInncho
offocf bofwoon fho koy (Pi) nnd fho rIghf hnIf of fho dnfn (Ii) nffor ovory round.
3) Ivory bIf of fho Inuf fo I Is onIy usod ns Inuf fo ono S-box. In confrnsf, In IS,
mnny bIfs nro usod ns Inufs fo fwo S-boxos, whIch sfrongfhons fho nIgorIfhm
consIdornbIy ngnInsf dIfforonfInI nffncks. SchnoIor foIf fhnf fhIs nddod
comIoxIfy wns nof nocossnry wIfh koy-doondonf S-boxos.
4) !nIIko In somo bIock cIhors, fho funcfIon I In IIowfIsh Is nof round doondonf.
SchnoIor foIf fhnf such doondoncy dId nof ndd nny cryfogrnhIc morIf, gIvon
fhnf fho I nrrny subsfIfufIon Is nIrondy round doondonf.

Speed CompuvIsons oI BIock CIpLevs on u PentIum

C. RC5
!C5 Is n symmofrIc oncryfIon nIgorIfhm dovoIood by !on !Ivosf. !C5 wns
dosIgnod fo hnvo fho foIIowIng chnrncforIsfIcs:
SuItubIe Iov Luvdwuve ov soItwuve:
!C5 usos onIy rImIfIvo comufnfIonnI oornfIons commonIy found on mIcrorocossors.
Iust:
To nchIovo fhIs, !C5 Is n sImIo nIgorIfhm nnd Is word orIonfod. Tho bnsIc oornfIons
work on fuII words of dnfn nf n fImo.
AduptubIe to pvocessovs oI dIIIevent wovd IengtLs:
Tho numbor of bIfs In n word Is n nrnmofor of !C5; dIfforonf word Iongfhs yIoId
dIfforonf nIgorIfhms.
VuvIubIe numbev oI vounds:
Tho numbor of rounds Is n socond nrnmofor of !C5. ThIs nrnmofor nIIows n frndooff
bofwoon hIghor sood nnd hIghor socurIfy.
VuvIubIe-IengtL key:
Tho koy Iongfh Is n fhIrd nrnmofor of !C5. AgnIn, fhIs nIIows n frndooff bofwoon sood
nnd socurIfy.
SImpIe:
!C5's sImIo sfrucfuro Is onsy fo ImIomonf nnd onsos fho fnsk of doformInIng fho
sfrongfh of fho nIgorIfhm.
Iow memovy vequIvement:
A Iow momory roquIromonf mnkos !C5 suIfnbIo for smnrf cnrds nnd ofhor dovIcos wIfh
rosfrIcfod momory.
HIgL secuvIty:
!C5 Is Infondod fo rovIdo hIgh socurIfy wIfh suIfnbIo nrnmofors.
utu-dependent votutIons:
!C5 Incorornfos rofnfIons (cIrcuInr bIf shIffs) whoso nmounf Is dnfn doondonf. ThIs
nonrs fo sfrongfhon fho nIgorIfhm ngnInsf cryfnnnIysIs.

RC5 Puvumetevs
!C5 Is ncfunIIy n fnmIIy of oncryfIon nIgorIfhms doformInod by fhroo
nrnmofors, ns foIIows:

Thus, !C5 oncryfs bIocks of InInfoxf of Iongfh 32, 64, or l28 bIfs Info bIocks of
cIhorfoxf of fho snmo Iongfh. Tho koy Iongfh rnngos from 0 fo 2040 bIfs. A socIfIc
vorsIon of !C5 Is dosIgnnfod ns !C5-w/r/b.
Ior oxnmIo, !C5-32/l2/l6 hns 32-bIf words (64-bIf InInfoxf nnd cIhorfoxf
bIocks), l2 rounds In fho oncryfIon nnd docryfIon nIgorIfhms, nnd n koy Iongfh of l6
byfos (l28 bIfs). !Ivosf suggosfs fho uso of !C5-32/l2/l6 ns fho "nomInnI" vorsIon.

Key punsIon
!C5 orforms n comIox sof of oornfIons on fho socrof koy fo roduco n fofnI of I
subkoys. Two subkoys nro usod In onch round, nnd fwo subkoys nro usod on nn
nddIfIonnI oornfIon fhnf Is nof nrf of nny round, so I = 2r + 2. Inch subkoy Is ono
word (u bIfs) In Iongfh.
IoIow fIguro IIIusfrnfos fho fochnIquo usod fo gonornfo subkoys. Tho subkoys nro
sforod In n I word nrrny InboIod S|0], S|l], ., S|I l]. !sIng fho nrnmofors r nnd u ns
Inufs, fhIs nrrny Is InIfInIIzod fo n nrfIcuInr fIxod soudornndom bIf nfforn. Thon fho
I-byfo koy, K|0.Il], Is convorfod Info n c-word nrrny !|0.cl].

RC5 Key punsIon
On n IIffIo-ondInn mnchIno, fhIs Is nccomIIshod by zoroIng ouf fho nrrny ! nnd

coyIng fho sfrIng K dIrocfIy Info fho momory osIfIons rorosonfod by !. If I Is nof nn
Infogor muIfIIo of u, fhon n orfIon of ! nf fho rIghf ond romnIns zoro. IInnIIy, n
mIxIng oornfIon Is orformod fhnf nIIos fho confonfs of ! fo fho InIfInIIzod vnIuo of S
fo roduco n fInnI vnIuo for fho nrrny S.

NCRYPTION
!C5 usos fhroo rImIfIvo oornfIons (nnd fhoIr Invorsos):
AddItIon:
AddIfIon of words, donofod by +, Is orformod moduIo 2
w
. Tho Invorso oornfIon,
donofod by -, Is subfrncfIon moduIo 2
w
.
BItwIse ecIusIve-OR:
ThIs oornfIon Is donofod by " ".
IeIt cIvcuIuv votutIon:
Tho cycIIc rofnfIon of word x Ioff by y bIfs Is donofod by x <<< y. Tho Invorso Is fho rIghf
cIrcuInr rofnfIon of word x by y bIfs, donofod by x >>> y.

IIguro doIcfs fho oncryfIon oornfIon. ofo fhnf fhIs Is nof n cInssIc IoIsfoI
sfrucfuro. Tho InInfoxf Is nssumod fo InIfInIIy rosIdo In fho fwo u-bIf rogIsfors A nnd
I. Wo uso fho vnrInbIos !Ii nnd !Ii fo rofor fo fho Ioff nnd rIghf hnIf of fho dnfn nffor
round i hns comIofod. Tho nIgorIfhm cnn bo dofInod by fho foIIowIng soudocodo:

Tho rosuIfIng cIhorfoxf Is confnInod In fho fwo vnrInbIos !Ir nnd !Ir. Inch of
fho r rounds consIsfs of n subsfIfufIon usIng bofh words of dnfn, n ormufnfIon usIng
bofh words of dnfn, nnd n subsfIfufIon fhnf doonds on fho koy. ofo fho oxcofIonnI
sImIIcIfy of fho oornfIon, whIch cnn bo dofInod In fIvo IInos of codo.
AIso nofo fhnf bofh hnIvos of fho dnfn nro udnfod In onch round. Thus, ono
round of !C5 Is somowhnf oquIvnIonf fo fwo rounds of IS.

RC5 ncvyptIon und ecvyptIon
CRYPTION
ocryfIon Is onsIIy dorIvod from fho oncryfIon nIgorIfhm. In fhIs cnso, fho 2u
bIfs of cIhorfoxf nro InIfInIIy nssIgnod fo fho fwo ono-word vnrInbIos !r nnd !r. Wo
uso fho vnrInbIos !i nnd !i fo rofor fo fho Ioff nnd rIghf hnIf of fho dnfn boforo round
i hns bogun, whoro fho rounds nro numborod from r down fo l.

Tho fwo mosf sfrIkIng fonfuros of !C5 nro fho sImIIcIfy of fho nIgorIfhm nnd fho
uso of dnfn-doondonf rofnfIons. Tho rofnfIons nro fho onIy nonIInonr orfIon of fho
nIgorIfhm. !Ivosf fooIs fhnf bocnuso fho nmounf of rofnfIon vnrIos doondIng on fho
vnIuo of fho dnfn movIng fhrough fho nIgorIfhm, IInonr nnd dIfforonfInI cryfnnnIysIs
shouId bo moro dIffIcuIf. A numbor of sfudIos hnvo confIrmod fhIs suosIfIon.

RC5 MOS
To onhnnco fho offocfIvonoss of !C5 In InforoornbIo ImIomonfnfIons, !IC 2040
dofInos four dIfforonf modos of oornfIon:
RC5 bIock cIpLev:
ThIs Is fho rnw oncryfIon nIgorIfhm fhnf fnkos n fIxod-sIzo Inuf bIock (2u bIfs)
nnd roducos n cIhorfoxf bIock of fho snmo Iongfh usIng n frnnsformnfIon fhnf doonds
on n koy. ThIs Is offon known ns fho oIocfronIc codobook (ICI) modo.
RC5-CBC:
ThIs Is fho cIhor bIock chnInIng modo for !C5. CIC rocossos mossngos whoso
Iongfh Is n muIfIIo of fho !C5 bIock sIzo (muIfIIos of 2u bIfs). CIC rovIdos onhnncod
socurIfy comnrod fo ICI bocnuso roonfod bIocks of InInfoxf roduco dIfforonf bIocks
of cIhorfoxf.
RC5-CBC-Pud:
ThIs Is n CIC sfyIo of nIgorIfhm fhnf hnndIos InInfoxf of nny Iongfh. Tho
cIhorfoxf wIII bo Iongor fhnn fho InInfoxf by nf mosf fho sIzo of n sIngIo !C5 bIock.
RC5-CTS:
ThIs Is fho cIhorfoxf sfonIIng modo, whIch Is nIso n CIC sfyIo of nIgorIfhm. ThIs
modo hnndIos InInfoxf of nny Iongfh nnd roducos cIhorfoxf of oqunI Iongfh.
Whon n CIC modo Is usod fo oncryf n mossngo, somo fochnIquo Is noodod fo
coo wIfh mossngos fhnf nro nof n muIfIIo of fho bIock Iongfh. Tho sImIosf nronch
Is fo uso nddIng. In !C5, If Is nssumod fhnf fho mossngo Is nn Infogor numbor of byfos.
Af fho ond of fho mossngo from l fo II byfos of nddIng nro nddod, whoro II
oqunIs fho bIock sIzo for !C5 monsurod In byfos (II = 2u/8). Tho nd byfos nro nII fho
snmo nnd nro sof fo n byfo fhnf rorosonfs fho numbor of byfos of nddIng. Ior
oxnmIo, If fhoro nro 8 byfos of nddIng, onch byfo hns fho bIf nfforn 0000l000.
InddIng mny nof nIwnys bo nrorInfo. Ior oxnmIo, ono mIghf wIsh fo sforo
fho oncryfod dnfn In fho snmo momory buffor fhnf orIgInnIIy confnInod fho InInfoxf.
In fhnf cnso, fho cIhorfoxf musf bo fho snmo Iongfh ns fho orIgInnI InInfoxf. Tho !C5-
CTS modo rovIdos fhIs cnnbIIIfy. Assumo fhnf fho Insf bIock of InInfoxf Is onIy I
byfos Iong, whoro I < 2u/8.

Tho oncryfIon soquonco Is ns foIIows:
l) Incryf fho fIrsf (A 2) bIocks usIng fho frndIfIonnI CIC fochnIquo.
2) IxcIusIvo-O! IAl wIfh fho rovIous cIhorfoxf bIock CA2 fo cronfo YAl.
3) Incryf YAl fo cronfo IAl.
4) SoIocf fho fIrsf I byfos of IAl fo cronfo CA.
5) Ind IA wIfh zoros nf fho ond nnd oxcIusIvo-O! wIfh IAl fo cronfo YA.
6) Incryf YA fo cronfo CAl.
Tho Insf fwo bIocks of fho cIhorfoxf nro CAl nnd CA.

RC5 CIpLevtet SteuIIng Mode

. CHARACTRISTICS OI AVANC SYMMTRIC BIOCK CIPHRS
Tho koy fonfuros found In somo of fhoso nIgorIfhms buf nof found In IS.
VuvIubIe key IengtL:
If nn oncryfIon nIgorIfhm Is dosIgnod fo bo oxfromoIy rosIsfnnf fo cryfnnnIysIs,
fhon Ifs sfrongfh Is doformInod by Ifs koy Iongfh: Tho Iongor fho koy, fho Iongor If fnkos
for n brufo-forco koy sonrch. IIowfIsh nnd !C5 rovIdo n vnrInbIo koy Iongfh.
MIed opevutovs:
Tho uso of moro fhnn ono nrIfhmofIc nnd/or IooIonn oornfor comIIcnfos
cryfnnnIysIs, osocInIIy If fhoso oornfors do nof snfIsfy dIsfrIbufIvo nnd nssocInfIvo
Inws. ThIs nronch cnn rovIdo nonIInonrIfy ns nn nIfornnfIvo fo S-boxos. AII of fho
nIgorIfhms In fhIs chnfor, oxcof 3IS, uso mIxod oornfors.
utu-dependent votutIon:
Anofhor InfrIguIng nIfornnfIvo fo S-boxos Is fo uso rofnfIons fhnf doond on fho
dnfn. WIfh n suffIcIonf numbor of rounds, fhIs cnn rovIdo oxcoIIonf confusIon nnd
dIffusIon. Iurfhor, fho rofnfIons nro doondonf on fho bIocks of dnfn movIng fhrough
fho rounds, rnfhor fhnn on fho subkoys. ThIs wouId nonr fo mnko rocovory of fho
subkoys ovon moro dIffIcuIf. !C5 usos dnfn-doondonf rofnfIons.
Key-dependent S-boes:
!nfhor fhnn nffomf fo dosIgn fIxod S-boxos wIfh dosIrnbIo cryfogrnhIc
fonfuros, such ns Is dono In IS nnd CASTl28, fho confonf of fho S-boxos cnn bo
doondonf on fho koy. A dIfforonf koy yIoIds n dIfforonf S-box. ThIs nronch, osocInIIy
wIfh Inrgor S-boxos (o.g., 8x32), shouId yIoId hIghIy nonIInonr rosuIfs nnd shouId bo
vory dIffIcuIf fo cryfnnnIyzo. IIowfIsh usos koy-doondonf S-boxos.
IengtLy key scLeduIe uIgovItLm:
ThIs Is nn IngonIous fncfIc omIoyod In IIowfIsh. Tho gonornfIon of subkoys
fnkos much Iongor fhnn n sIngIo oncryfIon or docryfIon. Tho rosuIf Is fhnf fho offorf
for n brufo-forco nffnck Is gronfIy mngnIfIod.
VuvIubIe pIuIntet/cIpLevtet bIock IengtL:
A Iongor bIock Iongfh yIoIds gronfor cryfogrnhIc sfrongfh. AIso, n vnrInbIo
bIock Iongfh cnn rovIdo n monsuro of convonIonco, nIIowIng fho nIgorIfhm fo bo
fnIIorod fo fho nIIcnfIon. !C5 ndofs fhIs sfrnfogy.
VuvIubIe numbev oI vounds:
Ofhor fhIngs boIng oqunI, nn Incronso In fho numbor of rounds Incronsos
cryfnnnIyfIc sfrongfh. Of courso, nn Incronso In fho numbor of rounds Incronsos fho
oncryfIon/docryfIon fImo. AIIowIng for n vnrInbIo numbor of rounds nIIows fho usor fo
mnko n frndooff bofwoon socurIfy nnd oxocufIon sood. !C5 rovIdos for n vnrInbIo
numbor of rounds.
OpevutIon on botL dutu LuIves eucL vound:

In fho cInssIc IoIsfoI cIhor, onIy ono hnIf of fho dnfn Is nIforod In onch round. If
n sImIo oornfIon woro orformod on fho hnIf fhnf Is ofhorwIso nof nIforod, socurIfy
couId bo Incronsod wIfh mInImnI n Incronso In oxocufIon fImo. IIowfIsh nnd !C5
oornfo on bofh hnIvos of fho dnfn onch round.
VuvIubIe I:
Tho uso of n funcfIon I fhnf vnrIos from round fo round mny comIIcnfo fho
cryfnnnIysIs robIom.
Key-dependent votutIon:
A rofnfIon cnn bo usod fhnf doonds on fho koy rnfhor fhnn on fho dnfn.

. RC4 STRAM CIPHR
Stveum CIpLev Stvuctuve
A fyIcnI sfronm cIhor oncryfs InInfoxf ono byfo nf n fImo, nIfhough n sfronm
cIhor mny bo dosIgnod fo oornfo on ono bIf nf n fImo or on unIfs Inrgor fhnn n byfo nf
n fImo. IIguro Is n rorosonfnfIvo dIngrnm of sfronm cIhor sfrucfuro. In fhIs sfrucfuro
n koy Is Inuf fo n soudornndom bIf gonornfor fhnf roducos n sfronm of 8-bIf numbors
fhnf nro nnronfIy rnndom. Tho oufuf of fho gonornfor, cnIIod n key stveum, Is
combInod ono byfo nf n fImo wIfh fho InInfoxf sfronm usIng fho bIfwIso oxcIusIvo-O!
(XO!) oornfIon. Ior oxnmIo If fho noxf byfo gonornfod by fho gonornfor Is 0ll0ll00
nnd fho noxf InInfoxf byfo Is ll00ll00, fhon fho rosuIfIng cIhorfoxf byfo Is:

ocryfIon roquIros fho uso of fho snmo soudornndom soquonco:

Tho sfronm cIhor Is sImIInr fo fho ono-fImo nd. Tho dIfforonco Is fhnf n ono-
fImo nd usos n gonuIno rnndom numbor sfronm, whorons n sfronm cIhor usos n
soudornndom numbor sfronm

Stveum CIpLev Iugvum

Tho foIIowIng Imorfnnf dosIgn consIdornfIons for n sfronm cIhor:
l) Tho oncryfIon soquonco shouId hnvo n Inrgo orIod. A soudornndom numbor
gonornfor usos n funcfIon fhnf roducos n doformInIsfIc sfronm of bIfs whIch
ovonfunIIy roonfs. Tho Iongor fho orIod of roonf fho moro dIffIcuIf If wIII bo fo
do cryfnnnIysIs. ThIs Is ossonfInIIy fho snmo consIdornfIon fhnf wns dIscussod
wIfh roforonco fo fho VIgonoro cIhor, nnmoIy fhnf fho Iongor fho koyword fho
moro dIffIcuIf fho cryfnnnIysIs.
2) Tho koysfronm shouId nroxImnfo fho roorfIos of n fruo rnndom numbor
sfronm ns cIoso ns ossIbIo. Ior oxnmIo, fhoro shouId bo nn nroxImnfoIy oqunI
numbor of ls nnd 0s. If fho koy sfronm Is fronfod ns n sfronm of byfos, fhon nII of
fho 256 ossIbIo byfo vnIuos shouId nonr nroxImnfoIy oqunIIy offon. Tho
moro rnndom-nonrIng fho koysfronm Is, fho moro rnndomIzod fho cIhorfoxf
Is, mnkIng cryfnnnIysIs moro dIffIcuIf.
3) ofo from IIguro fhnf fho oufuf of fho soudornndom numbor gonornfor Is
condIfIonod on fho vnIuo of fho Inuf koy. To gunrd ngnInsf brufo-forco nffncks,
fho koy noods fo bo suffIcIonfIy Iong. Tho snmo consIdornfIons ns nIy for bIock
cIhors nro vnIId horo. Thus, wIfh curronf fochnoIogy, n koy Iongfh of nf Ionsf
l28 bIfs Is dosIrnbIo.

Speed CompuvIsons oI SymmetvIc CIpLevs on u PentIum II
TLe RC4 AIgovItLm
!C4 Is n sfronm cIhor dosIgnod In l98? by !on !Ivosf for !SA SocurIfy. If Is n
vnrInbIo koy sIzo sfronm cIhor wIfh byfo-orIonfod oornfIons. Tho nIgorIfhm Is bnsod
on fho uso of n rnndom ormufnfIon.
!C4 Is robnbIy fho mosf wIdoIy usod sfronm cIhor. If Is usod In fho SS!/T!S
(Socuro Sockofs !nyor/Trnnsorf !nyor SocurIfy) sfnndnrds fhnf hnvo boon dofInod for
communIcnfIon bofwoon wob browsors nnd sorvors. If Is nIso usod In fho WII (WIrod
IquIvnIonf IrIvncy) rofocoI fhnf Is nrf of fho IIII 802.ll wIroIoss !A sfnndnrd.
!C4 wns kof ns n frndo socrof by !SA SocurIfy.
Tho !C4 nIgorIfhm Is romnrknbIy sImIy nnd quIfo onsy fo oxInIn. A vnrInbIo-
Iongfh koy of from l fo 256 byfos (8 fo 2048 bIfs) Is usod fo InIfInIIzo n 256-byfo sfnfo
vocfor S, wIfh oIomonfs S|0], S|l], ., S|255]. Af nII fImos S confnIns n ormufnfIon of
nII 8-bIf numbors from 0 fhrough 255. Ior oncryfIon nnd docryfIon, n byfo k (soo
IIguro 6.8) Is gonornfod from S by soIocfIng ono of fho 255 onfrIos In n sysfomnfIc
fnshIon. As onch vnIuo of l Is gonornfod, fho onfrIos In S nro onco ngnIn ormufod.

InItIuIIzutIon oI S
To bogIn, fho onfrIos of S nro sof oqunI fo fho vnIuos from 0 fhrough 255 In
nscondIng ordor; fhnf Is; S|0] = 0, S|l] = l, ., S|255] = 255. A fomornry vocfor, T, Is
nIso cronfod. If fho Iongfh of fho koy K Is 256 byfos, fhon K Is frnnsforrod fo T.
OfhorwIso, for n koy of Iongfh le,len byfos, fho fIrsf le,len oIomonfs of T nro coIod
from K nnd fhon K Is roonfod ns mnny fImos ns nocossnry fo fIII ouf T.

Thoso roIImInnry oornfIons cnn bo summnrIzod ns foIIows:

oxf wo uso T fo roduco fho InIfInI ormufnfIon of S. ThIs InvoIvos sfnrfIng
wIfh S|0] nnd goIng fhrough fo S|255], nnd, for onch S|I], swnIng S|I] wIfh nnofhor
byfo In S nccordIng fo n schomo dIcfnfod by T|I]:

Iocnuso fho onIy oornfIon on S Is n swn, fho onIy offocf Is n ormufnfIon. S
sfIII confnIns nII fho numbors from 0 fhrough 255.
Stveum GenevutIon
Onco fho S vocfor Is InIfInIIzod, fho Inuf koy Is no Iongor usod. Sfronm gonornfIon
InvoIvos sfnrfIng wIfh S|0] nnd goIng fhrough fo S|255], nnd, for onch S|I], swnIng
S|I] wIfh nnofhor byfo In S nccordIng fo n schomo dIcfnfod by fho curronf confIgurnfIon
of S. Affor S |255] Is ronchod, fho rocoss confInuos sfnrfIng ovor ngnIn nf S |0]:

To oncryf, XO! fho vnIuo k wIfh fho noxf byfo of InInfoxf. To docryf, XO! fho
vnIuo k wIfh fho noxf byfo of cIhorfoxf.
StvengtL oI RC4
!C4 Is wIfh n ronsonnbIo koy Iongfh, such ns l28 bIfs. A moro sorIous robIom Is
fho WII rofocoI, Infondod fo rovIdo confIdonfInIIfy on 802.ll wIroIoss !A nofworks,
Is vuInornbIo fo n nrfIcuInr nffnch nronch. ThIs robIom oInfs ouf fho dIffIcuIfy In
dosIgnIng n socuro sysfom fhnf InvoIvos bofh cryfogrnhIc funcfIons nnd rofocoIs fhnf
mnko uso of fhom.

RC4

1.25 CONIINTIAIITY USING SYMMTRIC NCRYPTION
A. PIACMNT OI NCRYPTION IUNCTION
Tho fwo mnjor nronchos fo oncryfIon Incomonf: IInk nnd ond-fo-ond.
PotentIuI IocutIons Iov ConIIdentIuIIty Attucks
IIguro suggosfs fho fyos of communIcnfIons fncIIIfIos fhnf mIghf bo omIoyod
by such n worksfnfIon nnd fhoroforo gIvos nn IndIcnfIon of fho oInfs of vuInornbIIIfy.
Tho usor cnn ronch ofhor worksfnfIons, hosfs, nnd sorvors dIrocfIy on fho !A or on
ofhor !As In fho snmo buIIdIng fhnf nro Inforconnocfod wIfh brIdgos nnd roufors.
Horo, fhon, Is fho fIrsf oInf of vuInornbIIIfy. In fhIs cnso, fho mnIn concorn Is
onvosdroIng by nnofhor omIoyoo. If fho !A, fhrough n communIcnfIons sorvor or
ono of fho hosfs on fho !A, offors n dInI-In cnnbIIIfy, fhon If Is ossIbIo for nn
Infrudor fo gnIn nccoss fo fho !A nnd monIfor frnffIc.
Tho wIrIng cIosof IfsoIf Is vuInornbIo. If nn Infrudor cnn onofrnfo fo fho cIosof,
ho or sho cnn fn Info onch wIro fo doformIno whIch nro usod for dnfn frnnsmIssIon. In
nddIfIon, fho wIrIng cIosof mny rovIdo n IInk fo n mIcrownvo nnfonnn, oIfhor nn onrfh
sfnfIon for n snfoIIIfo IInk or n oInf-fo-oInf forrosfrInI mIcrownvo IInk. Tho wIrIng
cIosof mny nIso rovIdo n IInk fo n nodo of n nckof-swIfchIng nofwork.
An nffnck cnn fnko Inco on nny of fho communIcnfIons IInks. Ior ncfIvo nffncks,
fho nffnckor noods fo gnIn hysIcnI confroI of n orfIon of fho IInk nnd bo nbIo fo Insorf
nnd cnfuro frnnsmIssIons. Ior n nssIvo nffnck, fho nffnckor moroIy noods fo bo nbIo fo
obsorvo frnnsmIssIons. An nffnck cnn fnko fho form of nffomfs fo modIfy fho hnrdwnro
or soffwnro, fo gnIn nccoss fo fho momory of fho rocossor, or fo monIfor fho
oIocfromngnofIc omnnnfIons.

PoInts oI VuInevubIIIty

IInk vevsus nd-to-nd ncvyptIon
BusIc AppvoucLes
WIfh IInk oncryfIon, onch vuInornbIo communIcnfIons IInk Is oquIod on bofh
onds wIfh nn oncryfIon dovIco. Thus, nII frnffIc ovor nII communIcnfIons IInks Is
socurod. Ono of Ifs dIsndvnnfngos Is fhnf fho mossngo musf bo docryfod onch fImo If
onfors n swIfch (such ns n frnmo roIny swIfch) bocnuso fho swIfch musf rond fho
nddross (IogIcnI connocfIon numbor) In fho nckof hondor In ordor fo roufo fho frnmo.
Thus, fho mossngo Is vuInornbIo nf onch swIfch.
WIfh ond-fo-ond oncryfIon, fho oncryfIon rocoss Is cnrrIod ouf nf fho fwo ond
sysfoms. Thus, ond-fo-ond oncryfIon roIIovos fho ond usor of concorns nbouf fho dogroo
of socurIfy of nofworks nnd IInks fhnf suorf fho communIcnfIon.
ConsIdor fho foIIowIng sIfunfIon. A hosf connocfs fo n frnmo roIny or ATM
nofwork, sofs u n IogIcnI connocfIon fo nnofhor hosf, nnd Is ronrod fo frnnsfor dnfn
fo fhnf ofhor hosf by usIng ond-fo-ond oncryfIon. nfn nro frnnsmIffod ovor such n
nofwork In fho form of nckofs fhnf consIsf of n hondor nnd somo usor dnfn.
Whnf nrf of onch nckof wIII fho hosf oncryf` Suoso fhnf fho hosf oncryfs
fho onfIro nckof, IncIudIng fho hondor. ThIs wIII nof work bocnuso, romombor, onIy fho
ofhor hosf cnn orform fho docryfIon. Tho nckof-swIfchIng nodo wIII rocoIvo nn
oncryfod nckof nnd bo unnbIo fo rond fho hondor.
Thoroforo, If wIII nof bo nbIo fo roufo fho nckof. If foIIows fhnf fho hosf mny
oncryf onIy fho usor dnfn orfIon of fho nckof nnd musf Ionvo fho hondor In fho cIonr.
Thus, wIfh ond-fo-ond oncryfIon, fho usor dnfn nro socuro.

ncvyptIon ucvoss u Pucket-SwItcLIng Netwovk
To nchIovo gronfor socurIfy, bofh IInk nnd ond-fo-ond oncryfIon nro noodod, ns
Is shown In nbovo fIguro. Whon bofh forms of oncryfIon nro omIoyod, fho hosf
oncryfs fho usor dnfn orfIon of n nckof usIng nn ond-fo-ond oncryfIon koy.
Tho onfIro nckof Is fhon oncryfod usIng n IInk oncryfIon koy. As fho nckof
frnvorsos fho nofwork, onch swIfch docryfs fho nckof, usIng n IInk oncryfIon koy fo
rond fho hondor, nnd fhon oncryfs fho onfIro nckof ngnIn for sondIng If ouf on fho
noxf IInk. ow fho onfIro nckof Is socuro oxcof for fho fImo fhnf fho nckof Is ncfunIIy
In fho momory of n nckof swIfch, nf whIch fImo fho nckof hondor Is In fho cIonr.

CLuvuctevIstIcs oI IInk und nd-to-nd ncvyptIon
IogIcuI PIucement oI nd-to-nd ncvyptIon IunctIon
WIfh IInk oncryfIon, fho oncryfIon funcfIon Is orformod nf n Iow IovoI of fho
communIcnfIons hIornrchy. In forms of fho oon sysfoms InforconnocfIon (OSI) modoI,
IInk oncryfIon occurs nf oIfhor fho hysIcnI or IInk Inyors.
IoIow fIguro shows fho oncryfIon funcfIon of fho fronf-ond rocossor (III). On
fho hosf sIdo, fho III nccofs nckofs. Tho usor dnfn orfIon of fho nckof Is
oncryfod, whIIo fho nckof hondor bynssos fho oncryfIon rocoss. Tho rosuIfIng
nckof Is doIIvorod fo fho nofwork.
In fho oosIfo dIrocfIon, for nckofs nrrIvIng from fho nofwork, fho usor dnfn
orfIon Is docryfod nnd fho onfIro nckof Is doIIvorod fo fho hosf. If fho frnnsorf Inyor
funcfIonnIIfy (o.g., fho ISO frnnsorf rofocoI or TCI) Is ImIomonfod In fho fronf ond,
fhon fho frnnsorf-Inyor hondor wouId nIso bo Ioff In fho cIonr nnd fho usor dnfn orfIon
of fho frnnsorf rofocoI dnfn unIf Is oncryfod.

ncvyptIon Covevuge ImpIIcutIons oI Stove-und-Iovwuvd CommunIcutIons
Abovo fIguro IIIusfrnfos fho Issuos InvoIvod. In fhIs oxnmIo, nn oIocfronIc mnII
gnfowny Is usod fo Inforconnocf nn Infornofwork fhnf usos nn OSI-bnsod nrchIfocfuro
wIfh ono fhnf usos n TCI/II-bnsod nrchIfocfuro. In such n confIgurnfIon, fhoro Is no
ond-fo-ond rofocoI boIow fho nIIcnfIon Inyor. Tho frnnsorf nnd nofwork connocfIons
from onch ond sysfom formInnfo nf fho mnII gnfowny, whIch sofs u now frnnsorf nnd
nofwork connocfIons fo IInk fo fho ofhor ond sysfom.
Iurfhormoro, such n sconnrIo Is nof IImIfod fo fho cnso of n gnfowny bofwoon fwo
dIfforonf nrchIfocfuros. Ivon If bofh ond sysfoms uso TCI/II or OSI, fhoro nro Ionfy of
Insfnncos In ncfunI confIgurnfIons In whIch mnII gnfownys sIf bofwoon ofhorwIso
IsoInfod Infornofworks.
Thus, for nIIcnfIons IIko oIocfronIc mnII fhnf hnvo n sforo-nnd-forwnrd
cnnbIIIfy, fho onIy Inco fo nchIovo ond-fo-ond oncryfIon Is nf fho nIIcnfIon Inyor.
A drnwbnck of nIIcnfIon-Inyor oncryfIon Is fhnf fho numbor of onfIfIos fo

consIdor Incronsos drnmnfIcnIIy. A nofwork fhnf suorfs hundrods of hosfs mny
suorf fhousnnds of usors nnd rocossos. Thus, mnny moro socrof koys nood fo bo
gonornfod nnd dIsfrIbufod. An InforosfIng wny of vIowIng fho nIfornnfIvos Is fo nofo
fhnf ns wo movo u fho communIcnfIons hIornrchy, Ioss InformnfIon Is oncryfod buf If
Is moro socuro.
IoIow fIguro hIghIIghfs fhIs oInf, usIng fho TCI/II nrchIfocfuro ns nn oxnmIo.
In fho fIguro, nn nIIcnfIon IovoI gnfowny rofors fo n sforo-nnd-forwnrd dovIco fhnf
oornfos nf fho nIIcnfIon IovoI.

ReIutIonsLIp between ncvyptIon und PvotocoI IeveIs
WIfh nIIcnfIon-IovoI oncryfIon (IIguro n), onIy fho usor dnfn orfIon of n TCI
sogmonf Is oncryfod. Tho TCI, II, nofwork-IovoI, nnd IInk-IovoI hondors nnd IInk-IovoI
frnIIor nro In fho cIonr. Iy confrnsf, If oncryfIon Is orformod nf fho TCI IovoI (IIguro
b), fhon, on n sIngIo ond-fo-ond connocfIon, fho usor dnfn nnd fho TCI hondor nro
oncryfod. Tho II hondor romnIns In fho cIonr bocnuso If Is noodod by roufors fo roufo
fho II dnfngrnm from sourco fo dosfInnfIon.

ofo, howovor, fhnf If n mossngo nssos fhrough n gnfowny, fho TCI connocfIon
Is formInnfod nnd n now frnnsorf connocfIon Is oonod for fho noxf ho. Iurfhormoro,
fho gnfowny Is fronfod ns n dosfInnfIon by fho undorIyIng II. Thus, fho oncryfod
orfIons of fho dnfn unIf nro docryfod nf fho gnfowny.

If fho noxf ho Is ovor n TCI/II nofwork, fhon fho usor dnfn nnd TCI hondor nro
oncryfod ngnIn boforo frnnsmIssIon. Howovor, In fho gnfowny IfsoIf fho dnfn unIf Is
bufforod onfIroIy In fho cIonr. IInnIIy, for IInk-IovoI oncryfIon (IIguro c), fho onfIro
dnfn unIf oxcof for fho IInk hondor nnd frnIIor Is oncryfod on onch IInk, buf fho onfIro
dnfn unIf Is In fho cIonr nf onch roufor nnd gnfowny.

B. TRAIIIC CONIINTIAIITY
KnowIodgo nbouf fho numbor nnd Iongfh of mossngos bofwoon nodos mny onnbIo
nn oononf fo doformIno who Is fnIkIng fo whom. ThIs cnn hnvo obvIous ImIIcnfIons
In n mIIIfnry confIIcf. Ivon In commorcInI nIIcnfIons, frnffIc nnnIysIs mny yIoId
InformnfIon fhnf fho frnffIc gonornfors wouId IIko fo conconI.

Tho foIIowIng fyos of InformnfIon fhnf cnn bo dorIvod from n frnffIc nnnIysIs nffnck:
IdonfIfIos of nrfnors
How froquonfIy fho nrfnors nro communIcnfIng
Mossngo nfforn, mossngo Iongfh, or qunnfIfy of mossngos fhnf suggosf
Imorfnnf InformnfIon Is boIng oxchnngod
Tho ovonfs fhnf corroInfo wIfh socInI convorsnfIons bofwoon nrfIcuInr nrfnors

Anofhor concorn roInfod fo frnffIc Is fho uso of frnffIc nfforns fo cronfo n covevt
cLunneI. A covorf chnnnoI Is n monns of communIcnfIon In n fnshIon unInfondod by fho
dosIgnors of fho communIcnfIons fncIIIfy. TyIcnIIy, fho chnnnoI Is usod fo frnnsfor
InformnfIon In n wny fhnf vIoInfos n socurIfy oIIcy.

IInk ncvyptIon AppvoucL
WIfh fho uso of IInk oncryfIon, nofwork-Inyor hondors (o.g., frnmo or coII
hondor) nro oncryfod, roducIng fho oorfunIfy for frnffIc nnnIysIs. Howovor, If Is sfIII
ossIbIo In fhoso cIrcumsfnncos for nn nffnckor fo nssoss fho nmounf of frnffIc on n
nofwork nnd fo obsorvo fho nmounf of frnffIc onforIng nnd IonvIng onch ond sysfom. An
offocfIvo counformonsuro fo fhIs nffnck Is frnffIc nddIng.
TrnffIc nddIng roducos cIhorfoxf oufuf confInuousIy, ovon In fho nbsonco of
InInfoxf. A confInuous rnndom dnfn sfronm Is gonornfod. Whon InInfoxf Is nvnIInbIo,
If Is oncryfod nnd frnnsmIffod. Whon Inuf InInfoxf Is nof rosonf, rnndom dnfn nro
oncryfod nnd frnnsmIffod. ThIs mnkos If ImossIbIo for nn nffnckor fo dIsfInguIsh
bofwoon fruo dnfn fIow nnd nddIng nnd fhoroforo ImossIbIo fo doduco fho nmounf of
frnffIc.

nd-to-nd ncvyptIon AppvoucL
TrnffIc nddIng Is ossonfInIIy n IInk oncryfIon funcfIon. If onIy ond-fo-ond
oncryfIon Is omIoyod, fhon fho monsuros nvnIInbIo fo fho dofondor nro moro IImIfod.
Ior oxnmIo, If oncryfIon Is ImIomonfod nf fho nIIcnfIon Inyor, fhon nn oononf
cnn doformIno whIch frnnsorf onfIfIos nro ongngod In dInIoguo. If oncryfIon
fochnIquos nro housod nf fho frnnsorf Inyor, fhon nofwork-Inyor nddrossos nnd frnffIc
nfforns romnIn nccossIbIo.
Ono fochnIquo fhnf mIghf rovo usofuI Is fo nd ouf dnfn unIfs fo n unIform
Iongfh nf oIfhor fho frnnsorf or nIIcnfIon IovoI. In nddIfIon, nuII mossngos cnn bo
Insorfod rnndomIy Info fho sfronm. Thoso fncfIcs dony nn oononf knowIodgo nbouf
fho nmounf of dnfn oxchnngod bofwoon ond usors nnd obscuro fho undorIyIng frnffIc
nfforn.


TvuIIIc-PuddIng ncvyptIon evIce

C. KY ISTRIBUTION
Tho sfrongfh of nny cryfogrnhIc sysfom rosfs wIfh fho le, JieIriIuIion
IecInique, n form fhnf rofors fo fho monns of doIIvorIng n koy fo fwo nrfIos who wIsh fo
oxchnngo dnfn, wIfhouf nIIowIng ofhors fo soo fho koy. Ior fwo nrfIos A nnd I, koy
dIsfrIbufIon cnn bo nchIovod In n numbor of wnys, ns foIIows:
A cnn soIocf n koy nnd hysIcnIIy doIIvor If fo I.
A fhIrd nrfy cnn soIocf fho koy nnd hysIcnIIy doIIvor If fo A nnd I.
If A nnd I hnvo rovIousIy nnd roconfIy usod n koy, ono nrfy cnn frnnsmIf fho
now koy fo fho ofhor, oncryfod usIng fho oId koy.
If A nnd I onch hns nn oncryfod connocfIon fo n fhIrd nrfy C, C cnn doIIvor n
koy on fho oncryfod IInks fo A nnd I.

If fhoro nro A hosfs, fho numbor of roquIrod koys Is |A(A l)]/2. Tho uso of n koy
dIsfrIbufIon confor Is bnsod on fho uso of n hIornrchy of koys. Af n mInImum, fwo IovoIs
of koys nro usod (IIguro).
CommunIcnfIon bofwoon ond sysfoms Is oncryfod usIng n fomornry koy, offon
roforrod fo ns n sessIon key. SossIon koys nro frnnsmIffod In oncryfod form, usIng n
mustev key fhnf Is shnrod by fho koy dIsfrIbufIon confor nnd nn ond sysfom or usor.


TLe Use oI u Key HIevuvcLy

A KY ISTRIBUTION SCNARIO
Tho koy dIsfrIbufIon concof cnn bo doIoyod In n numbor of wnys. A fyIcnI
sconnrIo Is IIIusfrnfod In boIow IIguro. Tho sconnrIo nssumos fhnf onch usor shnros n
unIquo mnsfor koy wIfh fho koy dIsfrIbufIon confor (KC).
!of us nssumo fhnf usor A wIshos fo osfnbIIsh n IogIcnI connocfIon wIfh I nnd
roquIros n ono-fImo sossIon koy fo rofocf fho dnfn frnnsmIffod ovor fho connocfIon. A
hns n socrof koy, Kn, known onIy fo IfsoIf nnd fho KC; sImIInrIy, I shnros fho mnsfor
koy Kb wIfh fho KC. Tho foIIowIng sfos occur:

|l] A Issuos n roquosf fo fho KC for n sossIon koy fo rofocf n IogIcnI connocfIon fo
I. Tho mossngo IncIudos fho IdonfIfy of A nnd I nnd n unIquo IdonfIfIor, l, for
fhIs frnnsncfIon, whIch wo rofor fo ns n nonce. Tho nonco mny bo n fImosfnm, n
counfor, or n rnndom numbor; fho mInImum roquIromonf Is fhnf If dIffors wIfh
onch roquosf. AIso, fo rovonf mnsquorndo, If shouId bo dIffIcuIf for nn oononf
fo guoss fho nonco. Thus, n rnndom numbor Is n good choIco for n nonco.

Key IstvIbutIon ScenuvIo

|2] Tho KC rosonds wIfh n mossngo oncryfod usIng Kn. Thus, A Is fho onIy ono
who cnn succossfuIIy rocoIvo fho mossngo, nnd A knows fhnf If orIgInnfod nf fho
KC. Tho mossngo IncIudos fwo Ifoms Infondod for A:
Tho ono-fImo sossIon koy, Ks, fo bo usod for fho sossIon
Tho orIgInnI roquosf mossngo, IncIudIng fho nonco, fo onnbIo A fo mnfch
fhIs rosonso wIfh fho nrorInfo roquosf
Thus, A cnn vorIfy fhnf Ifs orIgInnI roquosf wns nof nIforod boforo rocofIon by
fho KC nnd, bocnuso of fho nonco, fhnf fhIs Is nof n roIny of somo rovIous
roquosf. In nddIfIon, fho mossngo IncIudos fwo Ifoms Infondod for I:
Tho ono-fImo sossIon koy, Ks, fo bo usod for fho sossIon
An IdonfIfIor of A (o.g., Ifs nofwork nddross), IA
Thoso Insf fwo Ifoms nro oncryfod wIfh Kb (fho mnsfor koy fhnf fho KC shnros
wIfh I). Thoy nro fo bo sonf fo I fo osfnbIIsh fho connocfIon nnd rovo A's
IdonfIfy.
|3] A sforos fho sossIon koy for uso In fho ucomIng sossIon nnd forwnrds fo I fho
InformnfIon fhnf orIgInnfod nf fho KC for I, nnmoIy, IKb|Ks || IA]. Iocnuso
fhIs InformnfIon Is oncryfod wIfh Kb, If Is rofocfod from onvosdroIng. I now
knows fho sossIon koy (Ks), knows fhnf fho ofhor nrfy Is A (from IA), nnd
knows fhnf fho InformnfIon orIgInnfod nf fho KC (bocnuso If Is oncryfod usIng
IKb).
Af fhIs oInf, n sossIon koy hns boon socuroIy doIIvorod fo A nnd I, nnd fhoy mny
bogIn fhoIr rofocfod oxchnngo. Howovor, fwo nddIfIonnI sfos nro dosIrnbIo:
|4] !sIng fho nowIy mInfod sossIon koy for oncryfIon, I sonds n nonco, 2, fo A.
|5] AIso usIng Ks, A rosonds wIfh f(2), whoro f Is n funcfIon fhnf orforms somo
frnnsformnfIon on 2 (o.g., nddIng ono).

HIRARCHICAI KY CONTROI
If Is nof nocossnry fo IImIf fho koy dIsfrIbufIon funcfIon fo n sIngIo KC. As nn
nIfornnfIvo, n hIornrchy of KCs cnn bo osfnbIIshod. Ior oxnmIo, fhoro cnn bo IocnI
KCs, onch rosonsIbIo for n smnII domnIn of fho ovornII Infornofwork, such ns n sIngIo
!A or n sIngIo buIIdIng.
If fwo onfIfIos In dIfforonf domnIns dosIro n shnrod koy, fhon fho corrosondIng
IocnI KCs cnn communIcnfo fhrough n gIobnI KC. A hIornrchIcnI schomo mInImIzos
fho offorf InvoIvod In mnsfor koy dIsfrIbufIon, bocnuso mosf mnsfor koys nro fhoso
shnrod by n IocnI KC wIfh Ifs IocnI onfIfIos.

SSSION KY IIITIM
Tho moro froquonfIy sossIon koys nro oxchnngod, fho moro socuro fhoy nro, Ior
connocfIon-orIonfod rofocoIs, ono obvIous choIco Is fo uso fho snmo sossIon koy for fho
Iongfh of fImo fhnf fho connocfIon Is oon, usIng n now sossIon koy for onch now
sossIon.
Ior n connocfIonIoss rofocoI, such ns n frnnsncfIon-orIonfod rofocoI, fhoro Is no
oxIIcIf connocfIon InIfInfIon or formInnfIon. Thus, If Is nof obvIous how offon ono noods
fo chnngo fho sossIon koy. Tho mosf socuro nronch Is fo uso n now sossIon koy for
onch oxchnngo.
A TRANSPARNT KY CONTROI SCHM

AutomutIc Key IstvIbutIon Iov ConnectIon-OvIented PvotocoI

Abovo fIguro shows fho sfos InvoIvod In osfnbIIshIng n connocfIon. Whon ono
hosf wIshos fo sof u n connocfIon fo nnofhor hosf, If frnnsmIfs n connocfIon-roquosf
nckof (sfo l). Tho fronfond rocossor snvos fhnf nckof nnd nIIos fo fho KC for
ormIssIon fo osfnbIIsh fho connocfIon (sfo 2).
Tho communIcnfIon bofwoon fho III nnd fho KC Is oncryfod usIng n mnsfor
koy shnrod onIy by fho III nnd fho KC. If fho KC nrovos fho connocfIon roquosf,
If gonornfos fho sossIon koy nnd doIIvors If fo fho fwo nrorInfo fronf-ond rocossors,
usIng n unIquo ormnnonf koy for onch fronf ond (sfo 3).
Tho roquosfIng fronf-ond rocossor cnn now roIonso fho connocfIon roquosf
nckof, nnd n connocfIon Is sof u bofwoon fho fwo ond sysfoms (sfo 4). AII usor dnfn
oxchnngod bofwoon fho fwo ond sysfoms nro oncryfod by fhoIr rosocfIvo fronf-ond
rocossors usIng fho ono-fImo sossIon koy.
Tho ndvnnfngo of fhIs nronch Is fhnf If mInImIzos fho Imncf on fho ond
sysfoms! Irom fho hosf's oInf of vIow, fho III nonrs fo bo n nckof-swIfchIng nodo,
nnd fho hosf Inforfnco fo fho nofwork Is unchnngod. Irom fho nofwork's oInf of vIow,
fho III nonrs fo bo n hosf, nnd fho nckof-swIfch Inforfnco fo fho hosf Is unchnngod.
CNTRAIIZ KY CONTROI
Tho uso of n koy dIsfrIbufIon confor Imosos fho roquIromonf fhnf fho KC bo
frusfod nnd bo rofocfod from subvorsIon. ThIs roquIromonf cnn bo nvoIdod If koy
dIsfrIbufIon Is fuIIy doconfrnIIzod. A doconfrnIIzod nronch roquIros fhnf onch ond
sysfom bo nbIo fo communIcnfo In n socuro mnnnor wIfh nII ofonfInI nrfnor ond
sysfoms for urosos of sossIon koy dIsfrIbufIon. Thus, fhoro mny nood fo bo ns mnny ns
|n(n l)]/2 mnsfor koys for n confIgurnfIon wIfh n ond sysfoms.

A sossIon koy mny bo osfnbIIshod wIfh fho foIIowIng soquonco of sfos:
l. A Issuos n roquosf fo I for n sossIon koy nnd IncIudos n nonco, l.
2. I rosonds wIfh n mossngo fhnf Is oncryfod usIng fho shnrod mnsfor koy. Tho
rosonso IncIudos fho sossIon koy soIocfod by I, nn IdonfIfIor of I, fho vnIuo
f(l), nnd nnofhor nonco, 2.
3. !sIng fho now sossIon koy, A rofurns f(2) fo I.

ecentvuIIzed Key IstvIbutIon

CONTROIIING KY USAG
Tho concof of n koy hIornrchy nnd fho uso of nufomnfod koy dIsfrIbufIon
fochnIquos gronfIy roduco fho numbor of koys fhnf musf bo mnnunIIy mnnngod nnd
dIsfrIbufod. Tho dIfforonf fyos of sossIon koys on fho bnsIs of uso, such ns:
nfn-oncryfIng koy, for gonornI communIcnfIon ncross n nofwork
II-oncryfIng koy, for orsonnI IdonfIfIcnfIon numbors (IIs) usod In
oIocfronIc funds frnnsfor nnd oInf-of-snIo nIIcnfIons
IIIo-oncryfIng koy, for oncryfIng fIIos sforod In ubIIcIy nccossIbIo IocnfIons
To IIIusfrnfo fho vnIuo of sonrnfIng of koys by fyo, consIdor fho rIsk fhnf n
mnsfor koy Is Imorfod ns n dnfn-oncryfIng koy Info n dovIco. ormnIIy, fho mnsfor
koy Is hysIcnIIy socurod wIfhIn fho cryfogrnhIc hnrdwnro of fho koy dIsfrIbufIon
confor nnd of fho ond sysfoms.
SossIon koys oncryfod wIfh fhIs mnsfor koy nro nvnIInbIo fo nIIcnfIon
rogrnms, ns nro fho dnfn oncryfod wIfh such sossIon koys. Howovor, If n mnsfor koy Is
fronfod ns n sossIon koy, If mny bo ossIbIo for nn unnufhorIzod nIIcnfIon fo obfnIn
InInfoxf of sossIon koys oncryfod wIfh fhnf mnsfor koy.
Thus, If mny bo dosIrnbIo fo InsfIfufo confroIs In sysfoms fhnf IImIf fho wnys In
whIch koys nro usod, bnsod on chnrncforIsfIcs nssocInfod wIfh fhoso koys. Ono sImIo
Inn Is fo nssocInfo n fng wIfh onch koy.
Tho roosod fochnIquo Is for uso wIfh IS nnd mnkos uso of fho oxfrn 8 bIfs In
onch 64-bIf IS koy. Thnf Is, fho 8 non koy bIfs ordInnrIIy rosorvod for nrIfy chockIng
form fho koy fng. Tho bIfs hnvo fho foIIowIng InforrofnfIon:
; Ono bIf IndIcnfos whofhor fho koy Is n sossIon koy or n mnsfor koy.
; Ono bIf IndIcnfos whofhor fho koy cnn bo usod for oncryfIon.
; Ono bIf IndIcnfos whofhor fho koy cnn bo usod for docryfIon.
; Tho romnInIng bIfs nro snros for fufuro uso.

Iocnuso fho fng Is omboddod In fho koy, If Is oncryfod nIong wIfh fho koy whon
fhnf koy Is dIsfrIbufod, fhus rovIdIng rofocfIon. Tho drnwbncks of fhIs schomo nro
fhnf (l) fho fng Iongfh Is IImIfod fo 8 bIfs, IImIfIng Ifs fIoxIbIIIfy nnd funcfIonnIIfy; nnd
(2) bocnuso fho fng Is nof frnnsmIffod In cIonr form, If cnn bo usod onIy nf fho oInf of
docryfIon, IImIfIng fho wnys In whIch koy uso cnn bo confroIIod.
A moro fIoxIbIo schomo, roforrod fo ns fho confroI vocfor. In fhIs schomo, onch
sossIon koy hns nn nssocInfod confroI vocfor consIsfIng of n numbor of fIoIds fhnf socIfy
fho usos nnd rosfrIcfIons for fhnf sossIon koy. Tho Iongfh of fho confroI vocfor mny vnry.
Tho confroI vocfor Is cryfogrnhIcnIIy couIod wIfh fho koy nf fho fImo of koy
gonornfIon nf fho KC. Tho couIIng nnd docouIIng rocossos nro IIIusfrnfod In
IIguro. As n fIrsf sfo, fho confroI vocfor Is nssod fhrough n hnsh funcfIon fhnf
roducos n vnIuo whoso Iongfh Is oqunI fo fho oncryfIon koy Iongfh.

ContvoI Vectov ncvyptIon und ecvyptIon
In ossonco, n hnsh funcfIon mns vnIuos from n Inrgor rnngo Info n smnIIor
rnngo, wIfh n ronsonnbIy unIform srond. Thus, for oxnmIo, If numbors In fho rnngo l
fo l00 nro hnshod Info numbors In fho rnngo l fo l0, nroxImnfoIy l0 of fho sourco
vnIuos shouId mn Info onch of fho fnrgof vnIuos.
Tho hnsh vnIuo Is fhon XO!od wIfh fho mnsfor koy fo roduco nn oufuf fhnf Is
usod ns fho koy Inuf for oncryfIng fho sossIon koy. Thus,

whoro Km Is fho mnsfor koy nnd Ks Is fho sossIon koy. Tho sossIon koy Is rocovorod In
InInfoxf by fho rovorso oornfIon:

Whon n sossIon koy Is doIIvorod fo n usor from fho KC, If Is nccomnnIod by fho
confroI vocfor In cIonr form. Tho sossIon koy cnn bo rocovorod onIy by usIng bofh fho
mnsfor koy fhnf fho usor shnros wIfh fho KC nnd fho confroI vocfor. Thus, fho IInkngo
bofwoon fho sossIon koy nnd Ifs confroI vocfor Is mnInfnInod.
!so of fho confroI vocfor hns fwo ndvnnfngos ovor uso of nn 8-bIf fng. IIrsf, fhoro
Is no rosfrIcfIon on Iongfh of fho confroI vocfor, whIch onnbIos nrbIfrnrIIy comIox
confroIs fo bo Imosod on koy uso. Socond, fho confroI vocfor Is nvnIInbIo In cIonr form
nf nII sfngos of oornfIon. Thus, confroI of koy uso cnn bo oxorcIsod In muIfIIo
IocnfIons.

. RANOM NUMBR GNRATION
!nndom numbors Iny nn Imorfnnf roIo In fho uso of oncryfIon for vnrIous
nofwork socurIfy nIIcnfIons.

TH US OI RANOM NUMBRS
A numbor of nofwork socurIfy nIgorIfhms bnsod on cryfogrnhy mnko uso of
rnndom numbors.

Ior oxnmIo:
Tho uso of rnndom numbors for fho noncos frusfrnfos oononfs' offorfs fo
doformIno or guoss fho nonco.
SossIon koy gonornfIon, whofhor dono by n koy dIsfrIbufIon confor or by ono of
fho rIncInIs.
ConornfIon of koys for fho !SA ubIIc-koy oncryfIon nIgorIfhm
Thoso nIIcnfIons gIvo rIso fo fwo dIsfIncf nnd nof nocossnrIIy comnfIbIo
roquIromonfs for n soquonco of rnndom numbors: rnndomnoss nnd unrodIcfnbIIIfy.

Rundomness
Tho foIIowIng fwo crIforIn nro usod fo vnIIdnfo fhnf n soquonco of numbors Is rnndom:
Uniform Jiotribution:
Tho dIsfrIbufIon of numbors In fho soquonco shouId bo unIform; fhnf Is, fho
froquoncy of occurronco of onch of fho numbors shouId bo nroxImnfoIy fho snmo.
1nJepenJence:
o ono vnIuo In fho soquonco cnn bo Inforrod from fho ofhors.

UnpvedIctubIIIty
WIfh "fruo" rnndom soquoncos, onch numbor Is sfnfIsfIcnIIy Indoondonf of ofhor
numbors In fho soquonco nnd fhoroforo unrodIcfnbIo. Cnro musf bo fnkon fhnf nn
oononf nof bo nbIo fo rodIcf fufuro oIomonfs of fho soquonco on fho bnsIs of onrIIor
oIomonfs.

Souvces oI Rundom Numbevs
CryfogrnhIc nIIcnfIons fyIcnIIy mnko uso of nIgorIfhmIc fochnIquos for
rnndom numbor gonornfIon. Thoso nIgorIfhms nro doformInIsfIc nnd fhoroforo roduco
soquoncos of numbors fhnf nro nof sfnfIsfIcnIIy rnndom. Howovor, If fho nIgorIfhm Is
good, fho rosuIfIng soquoncos wIII nss mnny ronsonnbIo fosfs of rnndomnoss. Such
numbors nro roforrod fo ns pseudovundom numbevs.

PSUORANOM NUMBR GNRATORS (PRNGS)
Tho mosf wIdoIy usod fochnIquo for soudornndom numbor gonornfIon Is nn
nIgorIfhm fIrsf roosod by !ohmor, whIch Is known ns fho IInonr congruonfInI mofhod.
Tho nIgorIfhm Is nrnmoforIzod wIfh four numbors, ns foIIows:

Tho soquonco of rnndom numbors {Xn} Is obfnInod vIn fho foIIowIng IfornfIvo oqunfIon:

If m, n, c, nnd X0 nro Infogors, fhon fhIs fochnIquo wIII roduco n soquonco of Infogors
wIfh onch Infogor In fho rnngo 0 _ Xn < m.
Tho soIocfIon of vnIuos for n, c, nnd m Is crIfIcnI In dovoIoIng n good rnndom
numbor gonornfor. Ior oxnmIo, consIdor n = c = l. Tho soquonco roducod Is obvIousIy
nof snfIsfncfory. ow consIdor fho vnIuos n = ?, c = 0, m = 32, nnd x0 = l. ThIs
gonornfos fho soquonco {?, l?, 23, l, ?, ofc.}, whIch Is nIso cIonrIy unsnfIsfncfory.
Of fho 32 ossIbIo vnIuos, onIy 4 nro usod; fhus, fho soquonco Is snId fo hnvo n
orIod of 4. If, Insfond, wo chnngo fho vnIuo of n fo 5, fhon fho soquonco Is {5, 25, 29, l?,
2l, 9, l3, l, ofc.}, whIch Incronsos fho orIod fo 8.
Wo wouId IIko n fo bo vory Inrgo, so fhnf fhoro Is fho ofonfInI for roducIng n
Iong sorIos of dIsfIncf rnndom numbors. A common crIforIon Is fhnf n bo nonrIy oqunI fo
fho mnxImum rorosonfnbIo nonnognfIvo Infogor for n gIvon comufor. Thus, n vnIuo of
n nonr fo or oqunI fo 2
3l
Is fyIcnIIy choson.

Throo crIforIn fo bo usod In ovnIunfIng n rnndom numbor gonornfor:
T1:
Tho funcfIon shouId bo n fuII-orIod gonornfIng funcfIon. Thnf Is, fho funcfIon shouId
gonornfo nII fho numbors bofwoon 0 nnd m boforo roonfIng.
T2:
Tho gonornfod soquonco shouId nonr rnndom. Iocnuso If Is gonornfod
doformInIsfIcnIIy, fho soquonco Is nof rnndom. Thoro Is n vnrIofy of sfnfIsfIcnI fosfs fhnf
cnn bo usod fo nssoss fho dogroo fo whIch n soquonco oxhIbIfs rnndomnoss.
T3:
Tho funcfIon shouId ImIomonf offIcIonfIy wIfh 32-bIf nrIfhmofIc.

Tho sfrongfh of fho IInonr congruonfInI nIgorIfhm Is fhnf If fho muIfIIIor nnd
moduIus nro roorIy choson, fho rosuIfIng soquonco of numbors wIII bo sfnfIsfIcnIIy
IndIsfInguIshnbIo from n soquonco drnwn nf rnndom (buf wIfhouf roIncomonf) from
fho sof l, 2, . . . , nl.
Iuf fhoro Is nofhIng rnndom nf nII nbouf fho nIgorIfhm, nnrf from fho choIco of
fho InIfInI vnIuo X0. Onco fhnf vnIuo Is choson, fho romnInIng numbors In fho soquonco
foIIow doformInIsfIcnIIy. ThIs hns ImIIcnfIons for cryfnnnIysIs.

CRYPTOGRAPHICAIIY GNRAT RANOM NUMBRS
Ior cryfogrnhIc nIIcnfIons, If mnkos somo sonso fo fnko ndvnnfngo of fho
oncryfIon IogIc nvnIInbIo fo roduco rnndom numbors. A numbor of monns hnvo boon
usod, nnd In fhIs subsocfIon wo Iook nf fhroo rorosonfnfIvo oxnmIos.
CycIIc ncvyptIon
In fhIs cnso, fho rocoduro Is usod fo gonornfo sossIon koys from n mnsfor koy. A
counfor wIfh orIod rovIdos Inuf fo fho oncryfIon IogIc. Ior oxnmIo, If 56-bIf IS
koys nro fo bo roducod, fhon n counfor wIfh orIod 256 cnn bo usod. Affor onch koy Is
roducod, fho counfor Is Incromonfod by ono.
Thus, fho soudornndom numbors roducod by fhIs schomo cycIo fhrough n fuII
orIod: Inch of fho oufufs X0, Xl, . . . Xl Is bnsod on n dIfforonf counfor vnIuo nnd
fhoroforo X0 = Xl =. . . = Xl. Iocnuso fho mnsfor koy Is rofocfod, If Is nof
comufnfIonnIIy fonsIbIo fo doduco nny of fho socrof koys fhrough knowIodgo of ono or
moro onrIIor koys.

Pseudovundom Numbev GenevutIon Ivom u Countev

S Output Ieedbuck Mode
Tho oufuf foodbnck (OII) modo of IS, cnn bo usod for koy gonornfIon ns woII
ns for sfronm oncryfIon. ofIco fhnf fho oufuf of onch sfngo of oornfIon Is n 64-bIf
vnIuo, of whIch fho j Ioffmosf bIfs nro fod bnck for oncryfIon.
SuccossIvo 64-bIf oufufs consfIfufo n soquonco of soudornndom numbors wIfh
good sfnfIsfIcnI roorfIos. Tho uso of n rofocfod mnsfor koy rofocfs fho gonornfod
sossIon koys.
ANSI X9.1? PRNG

Ono of fho sfrongosf (cryfogrnhIcnIIy sonkIng) I!Cs Is socIfIod In ASI
X9.l?. A numbor of nIIcnfIons omIoy fhIs fochnIquo, IncIudIng fInnncInI socurIfy
nIIcnfIons nnd ICI. IIguro IIIusfrnfos fho nIgorIfhm, whIch mnkos uso of frIIo IS
for oncryfIon.

ANSI X9.1? Pseudovundom Numbev Genevutov

Tho IngrodIonfs nro ns foIIows:
Input:
Two soudornndom Inufs drIvo fho gonornfor. Ono Is n 64-bIf rorosonfnfIon of fho
curronf dnfo nnd fImo, whIch Is udnfod on onch numbor gonornfIon. Tho ofhor Is n 64-
bIf sood vnIuo; fhIs Is InIfInIIzod fo somo nrbIfrnry vnIuo nnd Is udnfod durIng fho
gonornfIon rocoss.
Keys:
Tho gonornfor mnkos uso of fhroo frIIo IS oncryfIon moduIos. AII fhroo mnko uso of
fho snmo nIr of 56-bIf koys, whIch musf bo kof socrof nnd nro usod onIy for
soudornndom numbor gonornfIon.
Output:
Tho oufuf consIsfs of n 64-bIf soudornndom numbor nnd n 64-bIf sood vnIuo.
ofIno fho foIIowIng qunnfIfIos:

TI nfo/fImo vnIuo nf fho bogInnIng of Ifh gonornfIon sfngo
VI Sood vnIuo nf fho bogInnIng of Ifh gonornfIon sfngo
RI Isoudornndom numbor roducod by fho Ifh gonornfIon sfngo
K1, K2 IS koys usod for onch sfngo

Thon:

whoro II rofors fo fho soquonco oncryf-docryf-oncryf usIng fwo-koy frIIo IS.

BIum BIum SLub Genevutov
A ouInr nronch fo gonornfIng socuro soudornndom numbor Is known ns fho
IIum, IIum, Shub (IIS) gonornfor, nnmod for Ifs dovoIoors. If hns orhns fho
sfrongosf ubIIc roof of Ifs cryfogrnhIc sfrongfh.
Tho rocoduro Is ns foIIows. IIrsf, chooso fwo Inrgo rImo numbors, nnd q, fhnf
bofh hnvo n romnIndor of 3 whon dIvIdod by 4. Thnf Is:
q 3 (mod 4)
ThIs nofnfIon, sImIy monns fhnf ( mod 4) = (q mod 4) = 3. Ior oxnmIo, fho
rImo numbors ? nnd ll snfIsfy ? ll 3 (mod 4). !of n = X q. oxf, chooso n
rnndom numbor s, such fhnf s Is roInfIvoIy rImo fo n; fhIs Is oquIvnIonf fo snyIng fhnf
noIfhor nor q Is n fncfor of s. Thon fho IIS gonornfor roducos n soquonco of bIfs II
nccordIng fo fho foIIowIng nIgorIfhm:

Thus, fho Ionsf sIgnIfIcnnf bIf Is fnkon nf onch IfornfIon. TnbIo, shows nn
oxnmIo of IIS oornfIon. Horo, n = l92649 = 383 X 503 nnd fho sood e = l0l355.

umpIe OpevutIon oI BBS Genevutov

Tho IIS Is roforrod fo ns n cryfogrnhIcnIIy socuro soudornndom bIf gonornfor
(CSI!IC). A CSI!IC Is dofInod ns ono fhnf nssos fho noxf-bIf fosf, whIch, In furn, Is
dofInod ns foIIows: "A soudornndom bIf gonornfor Is snId fo nss fho noxf-bIf fosf If
fhoro Is nof n oIynomInI-fImo nIgorIfhm fhnf, on Inuf of fho fIrsf k bIfs of nn oufuf
soquonco?, cnn rodIcf fho (k + l)sf bIf wIfh robnbIIIfy sIgnIfIcnnfIy gronfor fhnn l/2."
Tho socurIfy of IIS Is bnsod on fho dIffIcuIfy of fncforIng n. Thnf Is, gIvon n, wo
nood fo doformIno Ifs fwo rImo fncfors p nnd q.

*** N***
UNIT 2 : PUBIIC KY NCRYPTION NTWORK SCURITY
UNIT II
PUBIIC KY NCRYPTION
2.1 PUBIIC-KY CRYPTOGRAPHY
IubIIc-koy nIgorIfhms nro bnsod on mnfhomnfIcnI funcfIons rnfhor fhnn on
subsfIfufIon nnd ormufnfIon. Moro Imorfnnf, ubIIc-koy cryfogrnhy Is nsymmofrIc,
InvoIvIng fho uso of fwo sonrnfo koys, In confrnsf fo symmofrIc oncryfIon, whIch usos
onIy ono koy. Tho uso of fwo koys hns rofound consoquoncos In fho nrons of
confIdonfInIIfy, koy dIsfrIbufIon, nnd nufhonfIcnfIon.

Common mIsconcofIons concornIng ubIIc-koy oncryfIon:
l. IubIIc-koy oncryfIon Is moro socuro from cryfnnnIysIs fhnn Is symmofrIc
oncryfIon.
2. IubIIc-koy oncryfIon Is n gonornI-uroso fochnIquo fhnf hns mndo symmofrIc
oncryfIon obsoIofo.
3. Koy dIsfrIbufIon Is frIvInI whon usIng ubIIc-koy oncryfIon, comnrod fo fho
rnfhor cumborsomo hnndshnkIng InvoIvod wIfh koy dIsfrIbufIon confors for
symmofrIc oncryfIon.

2.2 PRINCIPIS OI PUBIIC-KY CRYPTOSYSTMS
Tho concof of ubIIc-koy cryfogrnhy ovoIvod from nn nffomf fo nffnck fwo of
fho mosf dIffIcuIf robIoms nssocInfod wIfh symmofrIc oncryfIon. Tho ILUVW SUREOHP Is
fhnf of koy dIsfrIbufIon. Koy dIsfrIbufIon undor symmofrIc oncryfIon roquIros oIfhor
(l) fhnf fwo communIcnnfs nIrondy shnro n koy, whIch somohow hns boon dIsfrIbufod fo
fhom; or (2) fho uso of n koy dIsfrIbufIon confor.
Tho VHFRQGSUREOHP fhnf IffIo ondorod, nnd ono fhnf wns nnronfIy unroInfod
fo fho fIrsf wns fhnf of "dIgIfnI sIgnnfuros." If fho uso of cryfogrnhy wns fo bocomo
wIdosrond, nof jusf In mIIIfnry sIfunfIons buf for commorcInI nnd rIvnfo urosos,
fhon oIocfronIc mossngos nnd documonfs wouId nood fho oquIvnIonf of sIgnnfuros usod
In nor documonfs.

PubIIc-Key Cvyptosystems
AsymmofrIc nIgorIfhms roIy on ono koy for oncryfIon nnd n dIfforonf buf roInfod
koy for docryfIon. Thoso nIgorIfhms hnvo fho foIIowIng Imorfnnf chnrncforIsfIc:
If Is comufnfIonnIIy InfonsIbIo fo doformIno fho docryfIon koy gIvon onIy
knowIodgo of fho cryfogrnhIc nIgorIfhm nnd fho oncryfIon koy.
In nddIfIon, somo nIgorIfhms, such ns !SA, nIso oxhIbIf fho foIIowIng chnrncforIsfIc:
IIfhor of fho fwo roInfod koys cnn bo usod for oncryfIon, wIfh fho ofhor usod for
docryfIon.

A ubIIc-koy oncryfIon schomo hns sIx IngrodIonfs:
PIuIntet: ThIs Is fho rondnbIo mossngo or dnfn fhnf Is fod Info fho nIgorIfhm ns
Inuf.
ncvyptIon uIgovItLm: Tho oncryfIon nIgorIfhm orforms vnrIous
frnnsformnfIons on fho InInfoxf.
PubIIc und pvIvute keys: ThIs Is n nIr of koys fhnf hnvo boon soIocfod so fhnf
If ono Is usod for oncryfIon, fho ofhor Is usod for docryfIon. Tho oxncf
frnnsformnfIons orformod by fho nIgorIfhm doond on fho ubIIc or rIvnfo koy
fhnf Is rovIdod ns Inuf.
CIpLevtet: ThIs Is fho scrnmbIod mossngo roducod ns oufuf. If doonds on
fho InInfoxf nnd fho koy. Ior n gIvon mossngo, fwo dIfforonf koys wIII roduco
fwo dIfforonf cIhorfoxfs.
ecvyptIon uIgovItLm: ThIs nIgorIfhm nccofs fho cIhorfoxf nnd fho
mnfchIng koy nnd roducos fho orIgInnI InInfoxf.

Tho ossonfInI sfos nro fho foIIowIng:
l) Inch usor gonornfos n nIr of koys fo bo usod for fho oncryfIon nnd docryfIon
of mossngos.
2) Inch usor Incos ono of fho fwo koys In n ubIIc rogIsfor or ofhor nccossIbIo fIIo.
ThIs Is fho ubIIc koy. Tho comnnIon koy Is kof rIvnfo.
3) If Iob wIshos fo sond n confIdonfInI mossngo fo AIIco, Iob oncryfs fho mossngo
usIng AIIco's ubIIc koy.
4) Whon AIIco rocoIvos fho mossngo, sho docryfs If usIng hor rIvnfo koy. o ofhor
rocIIonf cnn docryf fho mossngo bocnuso onIy AIIco knows AIIco's rIvnfo koy.

PubIIc-Key CvyptogvupLy
WIfh fhIs nronch, nII nrfIcInnfs hnvo nccoss fo ubIIc koys, nnd rIvnfo koys
nro gonornfod IocnIIy by onch nrfIcInnf nnd fhoroforo nood novor bo dIsfrIbufod. As
Iong ns n usor's rIvnfo koy romnIns rofocfod nnd socrof, IncomIng communIcnfIon Is
socuro. Af nny fImo, n sysfom cnn chnngo Ifs rIvnfo koy nnd ubIIsh fho comnnIon
ubIIc koy fo roInco Ifs oId ubIIc koy.

ConventIonuI ncvyptIon PubIIc-Key ncvyptIon
Needed to Wovk: Needed to Wovk:
l) Tho snmo nIgorIfhm wIfh fho snmo
koy Is usod for oncryfIon nnd
docryfIon.
2) Tho sondor nnd rocoIvor musf shnro
fho nIgorIfhm nnd fho koy.
l) Ono nIgorIfhm Is usod for oncryfIon
nnd docryfIon wIfh n nIr of koys,
ono for oncryfIon nnd ono for
docryfIon.
2) Tho sondor nnd rocoIvor musf onch
hnvo ono of fho mnfchod nIr of koys
(nof fho snmo ono).
Needed Iov SecuvIty: Needed Iov SecuvIty:
l) Tho koy musf bo kof socrof.
2) If musf bo ImossIbIo or nf Ionsf
ImrncfIcnI fo docIhor n mossngo If
no ofhor InformnfIon Is nvnIInbIo.
3) KnowIodgo of fho nIgorIfhm Ius
snmIos of cIhorfoxf musf bo
InsuffIcIonf fo doformIno fho koy.
l) Ono of fho fwo koys musf bo kof
socrof.
2) If musf bo ImossIbIo or nf Ionsf
ImrncfIcnI fo docIhor n mossngo If
no ofhor InformnfIon Is nvnIInbIo.
3) KnowIodgo of fho nIgorIfhm Ius ono
of fho koys Ius snmIos of cIhorfoxf
musf bo InsuffIcIonf fo doformIno fho
ofhor koy.

TnbIo summnrIzos somo of fho Imorfnnf nsocfs of symmofrIc nnd ubIIc-koy
oncryfIon. To dIscrImInnfo bofwoon fho fwo, wo rofor fo fho koy usod In symmofrIc
oncryfIon ns n socrof koy.
Tho fwo koys usod for nsymmofrIc oncryfIon nro roforrod fo ns fho ubIIc koy
nnd fho rIvnfo koy. InvnrInbIy, fho rIvnfo koy Is kof socrof, buf If Is roforrod fo ns n
rIvnfo koy rnfhor fhnn n socrof koy fo nvoId confusIon wIfh symmofrIc oncryfIon.
PubIIc-Key ncvyptIon ScLeme

Thoro Is somo sourco A fhnf roducos n mossngo In InInfoxf, X =|Xl, X2... XM,].
Tho M oIomonfs of X nro Ioffors In somo fInIfo nIhnbof. Tho mossngo Is Infondod for
dosfInnfIon I. I gonornfos n roInfod nIr of koys: n ubIIc koy, I!b, nnd n rIvnfo koy,
I!b. I!b Is known onIy fo I, whorons I!b Is ubIIcIy nvnIInbIo nnd fhoroforo nccossIbIo
by A.

PubIIc-Key Cvyptosystem: Secvecy
WIfh fho mossngo X nnd fho oncryfIon koy I!b ns Inuf, A forms fho cIhorfoxf
Y = |Yl, Y2... Y]:
Y = I (I!b, X)
Tho Infondod rocoIvor, In ossossIon of fho mnfchIng rIvnfo koy, Is nbIo fo Invorf
fho frnnsformnfIon:
X = (I!b, Y)
An ndvorsnry, obsorvIng Y nnd hnvIng nccoss fo I!b buf nof hnvIng nccoss fo
I!b or X, musf nffomf fo rocovor X nnd/or I!b. If Is nssumod fhnf fho ndvorsnry doos
hnvo knowIodgo of fho oncryfIon (I) nnd docryfIon () nIgorIfhms. If fho ndvorsnry Is
Inforosfod onIy In fhIs nrfIcuInr mossngo, fhon fho focus of offorf Is fo rocovor X, by
gonornfIng n InInfoxf osfImnfo .
Offon, howovor, fho ndvorsnry Is Inforosfod In boIng nbIo fo rond fufuro mossngos
ns woII, In whIch cnso nn nffomf Is mndo fo rocovor I!b by gonornfIng nn
osfImnfo .
Tho fwo roInfod koys cnn bo usod for oncryfIon, wIfh fho ofhor boIng usod for
docryfIon. ThIs onnbIos n rnfhor dIfforonf cryfogrnhIc schomo fo bo ImIomonfod.
Tho uso of ubIIc-koy oncryfIon fo rovIdo nufhonfIcnfIon:
Y = I (I!n, X)
X = (I!n, Y)

PubIIc-Key Cvyptosystem: AutLentIcutIon

In fhIs cnso, A ronros n mossngo fo I nnd oncryfs If usIng A's rIvnfo koy
boforo frnnsmIffIng If. I cnn docryf fho mossngo usIng A's ubIIc koy. Iocnuso fho
mossngo wns oncryfod usIng A's rIvnfo koy, onIy A couId hnvo ronrod fho mossngo.
Thoroforo, fho onfIro oncryfod mossngo sorvos ns n GLJLWDOVLJQDWXUH. In nddIfIon, If Is
ImossIbIo fo nIfor fho mossngo wIfhouf nccoss fo A's rIvnfo koy, so fho mossngo Is
nufhonfIcnfod bofh In forms of sourco nnd In forms of dnfn InfogrIfy.
Ivon In fho cnso of comIofo oncryfIon, ns shown In nbovo IIguro, fhoro Is no
rofocfIon of confIdonfInIIfy bocnuso nny obsorvor cnn docryf fho mossngo by usIng fho
sondor's ubIIc koy.
If Is, howovor, ossIbIo fo rovIdo bofh fho nufhonfIcnfIon funcfIon nnd

confIdonfInIIfy by n doubIo uso of fho ubIIc-koy schomo (IoIow IIguro):
Z = I (I!b, I(I!n, X))
X = (I!n, (I!b, Z))

PubIIc-Key Cvyptosystem: AutLentIcutIon und Secvecy

In fhIs cnso, wo bogIn ns boforo by oncryfIng n mossngo, usIng fho sondor's
rIvnfo koy. ThIs rovIdos fho dIgIfnI sIgnnfuro. oxf, wo oncryf ngnIn, usIng fho
rocoIvor's ubIIc koy. Tho fInnI cIhorfoxf cnn bo docryfod onIy by fho Infondod
rocoIvor, who nIono hns fho mnfchIng rIvnfo koy. Thus, confIdonfInIIfy Is rovIdod. Tho
dIsndvnnfngo of fhIs nronch Is fhnf fho ubIIc-koy nIgorIfhm, whIch Is comIox, musf
bo oxorcIsod four fImos rnfhor fhnn fwo In onch communIcnfIon.

AppIIcutIons Iov PubIIc-Key Cvyptosystems
IubIIc-koy sysfoms nro chnrncforIzod by fho uso of n cryfogrnhIc nIgorIfhm
wIfh fwo koys, ono hoId rIvnfo nnd ono nvnIInbIo ubIIcIy. oondIng on fho
nIIcnfIon, fho sondor usos oIfhor fho sondor's rIvnfo koy or fho rocoIvor's ubIIc koy,
or bofh, fo orform somo fyo of cryfogrnhIc funcfIon.
In brond forms, wo cnn cInssIfy fho uso of ubIIc-koy cryfosysfoms Info fhroo
cnfogorIos:
ncvyptIon/decvyptIon: Tho sondor oncryfs n mossngo wIfh fho rocIIonf's
ubIIc koy.
IgItuI sIgnutuve: Tho sondor "sIgns" n mossngo wIfh Ifs rIvnfo koy. SIgnIng Is
nchIovod by n cryfogrnhIc nIgorIfhm nIIod fo fho mossngo or fo n smnII bIock
of dnfn fhnf Is n funcfIon of fho mossngo.
Key ecLunge: Two sIdos cooornfo fo oxchnngo n sossIon koy. SovornI dIfforonf
nronchos nro ossIbIo, InvoIvIng fho rIvnfo koy(s) of ono or bofh nrfIos.
Somo nIgorIfhms nro suIfnbIo for nII fhroo nIIcnfIons, whorons ofhors cnn bo usod onIy
for ono or fwo of fhoso nIIcnfIons.
Applicutiono for Public-Key Cryptooyotemo
AIgovItLm ncvyptIon/ecvyptIon IgItuI SIgnutuve Key cLunge
!SA Yos Yos Yos
IIIIfIc Curvo Yos Yos Yos
IffIo-HoIImnn o o Yos
SS o Yos o

RequIvements Iov PubIIc-Key CvyptogvupLy
IffIo nnd HoIImnn osfuInfod fhIs sysfom wIfhouf domonsfrnfIng fhnf such
nIgorIfhms oxIsf. Howovor, fhoy dId Iny ouf fho condIfIons fhnf such nIgorIfhms musf
fuIfIII:
l. If Is comufnfIonnIIy onsy for n nrfy I fo gonornfo n nIr (ubIIc koy I!b,
rIvnfo koy I!b).
2. If Is comufnfIonnIIy onsy for n sondor A, knowIng fho ubIIc koy nnd fho
mossngo fo bo oncryfod, M, fo gonornfo fho corrosondIng cIhorfoxf:
C = I(I!b, M)
3. If Is comufnfIonnIIy onsy for fho rocoIvor I fo docryf fho rosuIfIng cIhorfoxf
usIng fho rIvnfo koy fo rocovor fho orIgInnI mossngo:
M = (I!b, C) = |I!b, I(I!b, M)]
4. If Is comufnfIonnIIy InfonsIbIo for nn ndvorsnry, knowIng fho ubIIc koy, I!b, fo
doformIno fho rIvnfo koy, I!b.
5. If Is comufnfIonnIIy InfonsIbIo for nn ndvorsnry, knowIng fho ubIIc koy, I!b,

nnd n cIhorfoxf, C, fo rocovor fho orIgInnI mossngo, M.
6. Wo cnn ndd n sIxfh roquIromonf fhnf, nIfhough usofuI, Is nof nocossnry for nII
ubIIc-koy nIIcnfIons:
?. Tho fwo koys cnn bo nIIod In oIfhor ordor:
M = |I!b, I(I!b, M)] = |I!b, I(I!b, M)]
Thoso nro formIdnbIo roquIromonfs, ns ovIdoncod by fho fncf fhnf onIy n fow
nIgorIfhms (!SA, oIIIfIc curvo cryfogrnhy, IffIo-HoIImnn, SS) hnvo rocoIvod
wIdosrond nccofnnco In fho sovornI docndos sInco fho concof of ubIIc-koy
cryfogrnhy wns roosod.

A one-uuy function Is ono fhnf mns n domnIn Info n rnngo such fhnf ovory
funcfIon vnIuo hns n unIquo Invorso, wIfh fho condIfIon fhnf fho cnIcuInfIon of fho
funcfIon Is onsy whorons fho cnIcuInfIon of fho Invorso Is InfonsIbIo:
Y = f(X) onsy
X = f
l
(Y) InfonsIbIo
ConornIIy, onsy Is dofInod fo monn n robIom fhnf cnn bo soIvod In oIynomInI
fImo ns n funcfIon of Inuf Iongfh. Thus, If fho Iongfh of fho Inuf Is n bIfs, fhon fho
fImo fo comufo fho funcfIon Is roorfIonnI fo n
n
whoro n Is n fIxod consfnnf. Such
nIgorIfhms nro snId fo boIong fo fho cInss I. Tho form InfonsIbIo Is n much fuzzIor
concof. In gonornI, wo cnn sny n robIom Is InfonsIbIo If fho offorf fo soIvo If grows
fnsfor fhnn oIynomInI fImo ns n funcfIon of Inuf sIzo.

Tho dofInIfIon of n trup-Joor one-uuy function, whIch Is onsy fo cnIcuInfo In
ono dIrocfIon nnd InfonsIbIo fo cnIcuInfo In fho ofhor dIrocfIon unIoss corfnIn nddIfIonnI
InformnfIon Is known. WIfh fho nddIfIonnI InformnfIon fho Invorso cnn bo cnIcuInfod In
oIynomInI fImo. Wo cnn summnrIzo ns foIIows: A frn-door ono-wny funcfIon Is n
fnmIIy of InvorfIbIo funcfIons fk, such fhnf


PubIIc-Key CvyptunuIysIs
As wIfh symmofrIc oncryfIon, n ubIIc-koy oncryfIon schomo Is vuInornbIo fo n
brufo-forco nffnck. Tho counformonsuro Is fho snmo: !so Inrgo koys. Tho koy sIzo musf
bo Inrgo onough fo mnko brufo-forco nffnck ImrncfIcnI buf smnII onough for rncfIcnI
oncryfIon nnd docryfIon.
In rncfIco, fho koy sIzos fhnf hnvo boon roosod do mnko brufo-forco nffnck
ImrncfIcnI buf rosuIf In oncryfIon/docryfIon soods fhnf nro foo sIow for gonornI-
uroso uso. IubIIc-koy oncryfIon Is curronfIy confInod fo koy mnnngomonf nnd
sIgnnfuro nIIcnfIons.

Anofhor form of nffnck Is fo fInd somo wny fo comufo fho rIvnfo koy gIvon fho
ubIIc koy. To dnfo, If hns nof boon mnfhomnfIcnIIy rovon fhnf fhIs form of nffnck Is
InfonsIbIo for n nrfIcuInr ubIIc-koy nIgorIfhm.
Thus, nny gIvon nIgorIfhm, IncIudIng fho wIdoIy usod !SA nIgorIfhm, Is susocf.
Tho hIsfory of cryfnnnIysIs shows fhnf n robIom fhnf sooms InsoIubIo from ono
orsocfIvo cnn bo found fo hnvo n soIufIon If Iookod nf In nn onfIroIy dIfforonf wny.

IInnIIy, fhoro Is n form of nffnck fhnf Is ocuIInr fo ubIIc-koy sysfoms. ThIs Is,
In ossonco, n robnbIo-mossngo nffnck. Suoso, for oxnmIo, fhnf n mossngo woro fo bo
sonf fhnf consIsfod soIoIy of n 56-bIf IS koy. An ndvorsnry couId oncryf nII ossIbIo
56-bIf IS koys usIng fho ubIIc koy nnd couId dIscovor fho oncryfod koy by mnfchIng
fho frnnsmIffod cIhorfoxf.
Thus, no mnffor how Inrgo fho koy sIzo of fho ubIIc-koy schomo, fho nffnck Is
roducod fo n brufo-forco nffnck on n 56-bIf koy. ThIs nffnck cnn bo fhwnrfod by
nondIng somo rnndom bIfs fo such sImIo mossngos.

2.3 TH RSA AIGORITHM
IffIo nnd HoIImnn Infroducod n now nronch fo cryfogrnhy nnd, In offocf,
chnIIongod cryfoIogIsfs fo como u wIfh n cryfogrnhIc nIgorIfhm fhnf mof fho
roquIromonfs for ubIIc-koy sysfoms.
Ono of fho fIrsf of fho rosonsos fo fho chnIIongo wns dovoIood In l9?? by !on
!Ivosf, AdI ShnmIr, nnd !on AdIomnn nf MIT nnd fIrsf ubIIshod In l9?8. Tho !SA
schomo Is n bIock cIhor In whIch fho InInfoxf nnd cIhorfoxf nro Infogors bofwoon 0
nnd n l for somo n. A fyIcnI sIzo for n Is l024 bIfs, or 309 docImnI dIgIfs. Thnf Is, n Is
Ioss fhnn 2
l024
.

escvIptIon oI tLe AIgovItLm
Tho schomo dovoIood by !Ivosf, ShnmIr, nnd AdIomnn mnkos uso of nn
oxrossIon wIfh oxononfInIs. IInInfoxf Is oncryfod In bIocks, wIfh onch bIock hnvIng n
bInnry vnIuo Ioss fhnn somo numbor n. Thnf Is, fho bIock sIzo musf bo Ioss fhnn or
oqunI fo Iog2(n); In rncfIco, fho bIock sIzo Is I bIfs, whoro 2
I
< n _ 2
I+l
. IncryfIon nnd
docryfIon nro of fho foIIowIng form, for somo InInfoxf bIock M nnd cIhorfoxf bIock C:
C = M
o
mod n
M = C
d
mod n = (M
o
)
d
mod n = M
od
mod n
Iofh sondor nnd rocoIvor musf know fho vnIuo of n. Tho sondor knows fho vnIuo
of o, nnd onIy fho rocoIvor knows fho vnIuo of d. Thus, fhIs Is n ubIIc-koy oncryfIon
nIgorIfhm wIfh n ubIIc koy of I! = {o, n} nnd n rIvnfo koy of I! = {d, n}.

Ior fhIs nIgorIfhm fo bo snfIsfncfory for ubIIc-koy oncryfIon, fho foIIowIng
roquIromonfs musf bo mof:
l. If Is ossIbIo fo fInd vnIuos of o, d, n such fhnf M
od
mod n = M for nII M < n.
2. If Is roInfIvoIy onsy fo cnIcuInfo mod M
o
mod n nnd C
d
for nII vnIuos of M < n.
3. If Is InfonsIbIo fo doformIno d gIvon o nnd n.

Ior now, wo focus on fho fIrsf roquIromonf nnd consIdor fho ofhor quosfIons Infor. Wo
nood fo fInd n roInfIonshI of fho form
M
od
mod n = M
Tho rocodIng roInfIonshI hoIds If o nnd d nro muIfIIIcnfIvo Invorsos moduIo (n),
whoro (n) Is fho IuIor fofIonf funcfIon. Ior , q rImo, (q) = ( - l)(q - l) Tho
roInfIonshI bofwoon o nnd d cnn bo oxrossod ns

ThIs Is oquIvnIonf fo snyIng

od l mod (n)
d o
-l
mod (n)
Thnf Is, o nnd d nro muIfIIIcnfIvo Invorsos mod (n). ofo fhnf, nccordIng fo fho ruIos
of moduInr nrIfhmofIc, fhIs Is fruo onIy If d (nnd fhoroforo o) Is roInfIvoIy rImo fo (n).
IquIvnIonfIy, gcd((n),d) = l.

Tho IngrodIonfs nro fho foIIowIng:
,q, fwo rImo numbors (rIvnfo, choson)
n = q (ubIIc, cnIcuInfod)
o, wIfh gcd( (n),o) = l;l < o < (n) (ubIIc, choson)
d o
-l
(mod (n)) (rIvnfo, cnIcuInfod)

Tho rIvnfo koy consIsfs of {d, n} nnd fho ubIIc koy consIsfs of {o, n}. Suoso
fhnf usor A hns ubIIshod Ifs ubIIc koy nnd fhnf usor I wIshos fo sond fho mossngo M
fo A. Thon I cnIcuInfos C = M
o
mod n nnd frnnsmIfs C. On rocoIf of fhIs cIhorfoxf,
usor A docryfs by cnIcuInfIng M = C
d
mod n.
Tho koys woro gonornfod ns foIIows:
l) SoIocf fwo rImo numbors, = l? nnd q = ll.
2) CnIcuInfo n = q = l? x ll = l8?.
3) CnIcuInfo (n) = ( - l)(q - l) = l6 x l0 = l60.
4) SoIocf o such fhnf o Is roInfIvoIy rImo fo (n) = l60 nnd Ioss fhnn (n) wo chooso
o = ?.
5) oformIno d such fhnf do l (mod l60) nnd d < l60. Tho corrocf vnIuo Is d = 23,
bocnuso 23 x ? = l6l = l0 x l60 + l; d cnn bo cnIcuInfod usIng fho oxfondod
IucIId's nIgorIfhm.


TLe RSA AIgovItLm

Tho rosuIfIng koys nro ubIIc koy I! = {?,l8?} nnd rIvnfo koy I! = {23,l8?}.
Tho oxnmIo shows fho uso of fhoso koys for n InInfoxf Inuf of M = 88. Ior
oncryfIon, wo nood fo cnIcuInfo C = 88
?
mod l8?.
IxIoIfIng fho roorfIos of moduInr nrIfhmofIc, wo cnn do fhIs ns foIIows:
88
?
mod l8? = |(88
4
mod l8?) x (88
2
mod l8?) x (88
l
mod l8?)] mod l8?
88
l
mod l8? = 88
88
2
mod l8? = ??44 mod l8? = ??
88
4
mod l8? = 59,969,536 mod l8? = l32
88
?
mod l8? = (88 x ?? x l32) mod l8? = 894,432 mod l8? = ll
Ior docryfIon, wo cnIcuInfo M = ll
23
mod l8?:
ll
23
mod l8? = |(ll
l
mod l8?) x (ll
2
mod l8?) x (ll
4
mod l8?) x (ll
8
mod l8?) x (ll
8

mod l8?)] mod l8?
ll
l
mod l8? = ll
ll
2
mod l8? = l2l
ll
4
mod l8? = l4,64l mod l8? = 55
ll
8
mod l8? = 2l4,358,88l mod l8? = 33
ll
23
mod l8? = (ll x l2l x 55 x 33 x 33) mod l8? = ?9,?20,245 mod l8? = 88

CompututIonuI Aspects
Tho Issuo of fho comIoxIfy of fho comufnfIon roquIrod fo uso !SA. Thoro nro
ncfunIIy fwo Issuos fo consIdor: oncryfIon/docryfIon nnd koy gonornfIon. !of us Iook
fIrsf nf fho rocoss of oncryfIon nnd docryfIon nnd fhon consIdor koy gonornfIon.

ponentIutIon In ModuIuv AvItLmetIc
Iofh oncryfIon nnd docryfIon In !SA InvoIvo rnIsIng nn Infogor fo nn Infogor
owor, mod n. If fho oxononfInfIon Is dono ovor fho Infogors nnd fhon roducod moduIo
n, fho InformodInfo vnIuos wouId bo gnrgnnfunn. IorfunnfoIy, ns fho rocodIng oxnmIo
shows, wo cnn mnko uso of n roorfy of moduInr nrIfhmofIc:
|(n mod n) x (b mod n)] mod n = (n x b) mod n
Thus, wo cnn roduco InformodInfo rosuIfs moduIo n. ThIs mnkos fho cnIcuInfIon
rncfIcnI.

Anofhor consIdornfIon Is fho offIcIoncy of oxononfInfIon, bocnuso wIfh !SA wo
nro donIIng wIfh ofonfInIIy Inrgo oxononfs. To soo how offIcIoncy mIghf bo Incronsod,
consIdor fhnf wo wIsh fo comufo x
l6
.

A sfrnIghfforwnrd nronch roquIros l5 muIfIIIcnfIons:
x
l6
= x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x
Howovor, wo cnn nchIovo fho snmo fInnI rosuIf wIfh onIy four muIfIIIcnfIons If
wo roonfodIy fnko fho squnro of onch nrfInI rosuIf, succossIvoIy formIng x
2
, x
4
, x
8
, x
l6
.
As nnofhor oxnmIo, suoso wo wIsh fo cnIcuInfo x
ll
mod n for somo Infogors x nnd n.
Obsorvo fhnf x
ll
= x
l+2+8
= (x)(x
2
)(x
8
). In fhIs cnso wo comufo x mod n, x
2
mod n, x
4
mod
n, nnd x
8
mod n nnd fhon cnIcuInfo |(x mod n) x (x
2
mod n) x (x
8
mod n) mod n.
Moro gonornIIy, suoso wo wIsh fo fInd fho vnIuo n

b
wIfh n nnd b osIfIvo Infogors. If
wo oxross b ns n bInnry numbor bkbkl ... b0 fhon wo hnvo

Thoroforo,

Wo cnn fhoroforo dovoIo fho nIgorIfhm for comufIng n
b
mod n.

Note: TLe Integev b Is epvessed us u bInuvy numbev bkbk1 ... b0
Algorithm for computing u
b
moJ n

Reoult of the Fuot MoJulur Erponentiution Algorithm for u
b
moJ n, uhere u =
7, b = 560 = 1000110000, n = 561
I 9 B ? 6 5 4 3 2 1 0
bI l 0 0 0 l l 0 0 0 0
c l 2 4 8 l? 35 ?0 l40 280 560
f ? 49 l5? 526 l60 24l 298 l66 6? l

Key GenevutIon
Ioforo fho nIIcnfIon of fho ubIIc-koy cryfosysfom, onch nrfIcInnf musf
gonornfo n nIr of koys. ThIs InvoIvos fho foIIowIng fnsks:
oformInIng fwo rImo numbors, nnd q
SoIocfIng oIfhor o or d nnd cnIcuInfIng fho ofhor

IIrsf, consIdor fho soIocfIon of nnd q. Iocnuso fho vnIuo of n = q wIII bo known fo
nny ofonfInI ndvorsnry, fo rovonf fho dIscovory of nnd q by oxhnusfIvo mofhods,
fhoso rImos musf bo choson from n suffIcIonfIy Inrgo sof (I.o., nnd q musf bo Inrgo
numbors). On fho ofhor hnnd, fho mofhod usod for fIndIng Inrgo rImos musf bo
ronsonnbIy offIcIonf.
Af rosonf, fhoro nro no usofuI fochnIquos fhnf yIoId nrbIfrnrIIy Inrgo rImos, so
somo ofhor monns of fnckIIng fho robIom Is noodod. Tho rocoduro fhnf Is gonornIIy
usod Is fo Ick nf rnndom nn odd numbor of fho dosIrod ordor of mngnIfudo nnd fosf
whofhor fhnf numbor Is rImo. If nof, Ick succossIvo rnndom numbors unfII ono Is
found fhnf fosfs rImo. Tho rocoduro for IckIng n rImo numbor Is ns foIIows.
1. IIck nn odd Infogor n nf rnndom (o.g., usIng n soudornndom numbor gonornfor).
2. IIck nn Infogor n < n nf rnndom.
3. Iorform fho robnbIIIsfIc rImnIIfy fosf, such ns MIIIor-!nbIn, wIfh n ns n
nrnmofor. If n fnIIs fho fosf, rojocf fho vnIuo n nnd go fo sfo l.
4. If n hns nssod n suffIcIonf numbor of fosfs, nccof n; ofhorwIso, go fo sfo 2.

TLe SecuvIty oI RSA
Iour ossIbIo nronchos fo nffnckIng fho !SA nIgorIfhm nro ns foIIows:
; Bvute Iovce: ThIs InvoIvos fryIng nII ossIbIo rIvnfo koys.
; MutLemutIcuI uttucks: Thoro nro sovornI nronchos, nII oquIvnIonf In offorf fo
fncforIng fho roducf of fwo rImos.
; TImIng uttucks: Thoso doond on fho runnIng fImo of fho docryfIon nIgorIfhm.
; CLosen cIpLevtet uttucks: ThIs fyo of nffnck oxIoIfs roorfIos of fho !SA
nIgorIfhm.
Tho dofonso ngnInsf fho brufo-forco nronch Is fho snmo for !SA ns for ofhor
cryfosysfoms, nnmoIy, uso n Inrgo koy snco. Thus, fho Inrgor fho numbor of bIfs In d,
fho boffor. Howovor, bocnuso fho cnIcuInfIons InvoIvod, bofh In koy gonornfIon nnd In
oncryfIon/docryfIon, nro comIox, fho Inrgor fho sIzo of fho koy, fho sIowor fho sysfom
wIII run.

The Fuctoring Problem
Wo cnn IdonfIfy fhroo nronchos fo nffnckIng !SA mnfhomnfIcnIIy:
Incfor n Info Ifs fwo rImo fncfors. ThIs onnbIos cnIcuInfIon of (n) = (-l) x (q-l),
whIch, In furn, onnbIos doformInnfIon of d o
-l
(mod (n)).
oformIno (n) dIrocfIy, wIfhouf fIrsf doformInIng nnd q. AgnIn, fhIs onnbIos
doformInnfIon of d o
-l
(mod (n)).
oformIno d dIrocfIy, wIfhouf fIrsf doformInIng (n).

Timing Attucko
A fImIng nffnck Is somowhnf nnnIogous fo n burgInr guossIng fho combInnfIon of
n snfo by obsorvIng how Iong If fnkos for somoono fo furn fho dInI from numbor fo
numbor. AIfhough fho fImIng nffnck Is n sorIous fhronf, fhoro nro sImIo
counformonsuros fhnf cnn bo usod, IncIudIng fho foIIowIng:
l. Constunt eponentIutIon tIme: Insuro fhnf nII oxononfInfIons fnko fho snmo
nmounf of fImo boforo rofurnIng n rosuIf. ThIs Is n sImIo fIx buf doos dogrndo
orformnnco.
2. Rundom deIuy: Ioffor orformnnco couId bo nchIovod by nddIng n rnndom
doIny fo fho oxononfInfIon nIgorIfhm fo confuso fho fImIng nffnck. Kochor
oInfs ouf fhnf If dofondors don'f ndd onough noIso, nffnckors couId sfIII succood
by coIIocfIng nddIfIonnI monsuromonfs fo comonsnfo for fho rnndom doInys.
3. BIIndIng: MuIfIIy fho cIhorfoxf by n rnndom numbor boforo orformIng
oxononfInfIon. ThIs rocoss rovonfs fho nffnckor from knowIng whnf
cIhorfoxf bIfs nro boIng rocossod InsIdo fho comufor nnd fhoroforo rovonfs
fho bIf-by-bIf nnnIysIs ossonfInI fo fho fImIng nffnck.
!SA nfn SocurIfy Incorornfos n bIIndIng fonfuro Info somo of Ifs roducfs. Tho
rIvnfo-koy oornfIon M = C
d
mod n Is ImIomonfod ns foIIows:
Conornfo n socrof rnndom numbor r bofwoon 0 nnd n l.
Comufo C' = C(r
o
) mod n, whoro o Is fho ubIIc oxononf.
Comufo M' = (C')
d
mod n wIfh fho ordInnry !SA ImIomonfnfIon.
Comufo M = M'r
l
mod n. In fhIs oqunfIon, r
l
Is fho muIfIIIcnfIvo Invorso of r
mod n. If cnn bo domonsfrnfod fhnf fhIs Is fho corrocf rosuIf by obsorvIng fhnf r
od

mod n =r mod n.
!SA nfn SocurIfy roorfs n 2 fo l0 orformnnco onnIfy for bIIndIng.

2.4 NUMBR THORY
A numbor of concofs from numbor fhoory nro ossonfInI In fho dosIgn of ubIIc-
koy cryfogrnhIc nIgorIfhms.

Key Pointo
; A rImo numbor Is nn Infogor fhnf cnn onIy bo dIvIdod wIfhouf romnIndor by
osIfIvo nnd nognfIvo vnIuos of IfsoIf nnd l. IrImo numbors Iny n crIfIcnI roIo
bofh In numbor fhoory nnd In cryfogrnhy.
; Two fhooroms fhnf Iny Imorfnnf roIos In ubIIc-koy cryfogrnhy nro Iormnf's
fhoorom nnd IuIor's fhoorom.
; An Imorfnnf roquIromonf In n numbor of cryfogrnhIc nIgorIfhms Is fho nbIIIfy
fo chooso n Inrgo rImo numbor. An nron of ongoIng rosonrch Is fho dovoIomonf
of offIcIonf nIgorIfhms for doformInIng If n rnndomIy choson Inrgo Infogor Is n
rImo numbor.
; Iscrofo IognrIfhms nro fundnmonfnI fo n numbor of ubIIc-koy nIgorIfhms.
Iscrofo IognrIfhms nro nnnIogous fo ordInnry IognrIfhms, buf oornfo ovor
moduInr nrIfhmofIc.
A.1 PRIM NUMBRS

An Infogor > l Is n rImo numbor If nnd onIy If Ifs onIy dIvIsors nro + l nnd +.
IrImo numbors Iny n crIfIcnI roIo In numbor fhoory.

PvImes undev 2000
Any Infogor n > l cnn bo fncforod In n unIquo wny ns

whoro l < 2 < ... < f nro rImo numbors nnd whoro onch Is n osIfIvo Infogor. ThIs Is
known ns fho fundnmonfnI fhoorom of nrIfhmofIc; n roof cnn bo found In nny foxf on
numbor fhoory.
9l = ? x l3
3600 = 2
4
x 3
2
x 5
2

ll0ll = ? x ll
2
x l3
If I Is fho sof of nII rImo numbors, fhon nny osIfIvo Infogor n cnn bo wrIffon
unIquoIy In fho foIIowIng form:

Tho rIghf-hnnd sIdo Is fho roducf ovor nII ossIbIo rImo numbors ; for nny
nrfIcuInr vnIuo of n, mosf of fho oxononfs n wIII bo 0. MuIfIIIcnfIon of fwo numbors
Is oquIvnIonf fo nddIng fho corrosondIng oxononfs. CIvon

ofIno k = nb wo know fhnf fho Infogor k cnn bo oxrossod ns fho roducf of owors of
rImos:

If foIIows fhnf k = n + b for nII I. If k = gcd(n,b) fhon k = mIn(n, b) for
nII . oformInIng fho rImo fncfors of n Inrgo numbor Is no onsy fnsk, so fho rocodIng
roInfIonshI doos nof dIrocfIy Iond fo n rncfIcnI mofhod of cnIcuInfIng fho gronfosf
common dIvIsor.

A.2 IRMAT'S AN UIR'S THORMS
Two fhooroms fhnf Iny Imorfnnf roIos In ubIIc-koy cryfogrnhy nro Iormnf's
fhoorom nnd IuIor's fhoorom.

PvooI:
ConsIdor fho sof of osIfIvo Infogors Ioss fhnn :{l,2,..., - l} nnd muIfIIy onch
oIomonf by n, moduIo , fo gof fho sof X = {n mod , 2n mod , . . . ( - l)n mod }. ono
of fho oIomonfs of X Is oqunI fo zoro bocnuso doos nof dIvIdo n. Iurfhormoro no fwo of
fho Infogors In X nro oqunI.
To soo fhIs, nssumo fhnf jn kn(mod ) whoro l _ j < k _ - l. Iocnuso n Is
roInfIvoIy rImo fo , wo cnn oIImInnfo n from bofh sIdos of fho oqunfIon rosuIfIng In: j
k(modo ). ThIs Insf oqunIIfy Is ImossIbIo bocnuso j nnd k nro bofh osIfIvo Infogors
Ioss fhnn . Thoroforo, wo know fhnf fho ( l) oIomonfs of X nro nII osIfIvo Infogors,
wIfh no fwo oIomonfs oqunI.
Wo cnn concIudo fho X consIsfs of fho sof of Infogors {l,2,..., l} In somo ordor.
MuIfIIyIng fho numbors In bofh sofs nnd fnkIng fho rosuIf mod yIoIds
n x 2n x ... x ( - l) |(l x 2 x ... x ( - l)](modo )
( - l)! n
l
( - l)!(mod )

Wo cnn cnncoI fho ( - l)! form bocnuso If Is roInfIvoIy rImo fo . ThIs yIoIds fho
oqunfIon, . An nIfornnfIvo form of Iormnf's fhoorom Is nIso usofuI: If
Is rImo nnd n Is n osIfIvo Infogor, fhon .
Erumple:
n = ?, = l9
?
2
= 49 ll(mod l9)
?
4
l2l ?(mod l9)
?
8
49 ?(mod l9)
?
l6
l2l ?(mod l9)
n
l
= ?
l8
= ?
l6
x ?
2
? x ll l(mod l9)

uIev's TotIent IunctIon
Ioforo rosonfIng IuIor's fhoorom, wo nood fo Infroduco nn Imorfnnf qunnfIfy In
numbor fhoory, roforrod fo ns IuIor's fofIonf funcfIon nnd wrIffon (n), dofInod ns fho
numbor of osIfIvo Infogors Ioss fhnn n nnd roInfIvoIy rImo fo n. Iy convonfIon, (l)=l.
Erumple:
oformIno (3?) nnd (35).
Iocnuso 3? Is rImo, nII of fho osIfIvo Infogors from l fhrough 36 nro roInfIvoIy
rImo fo 3?. Thus (3?) = 36.
To doformIno (35), wo IIsf nII of fho osIfIvo Infogors Ioss fhnn 35 fhnf nro
roInfIvoIy rImo fo If:
l, 2, 3, 4, 6, 8, 9, ll, l2, l3, l6, l?, l8,
l9, 22, 23, 24, 26, 2?, 29, 3l, 32, 33, 34
Thoro nro 24 numbors on fho IIsf, so (35) = 24.

If shouId bo cIonr fhnf for n rImo numbor , () = l. ow suoso fhnf wo
hnvo fwo rImo numbors nnd q, wIfh = q. Thon wo cnn show fhnf for n = q,
(n) = (q) = () x (q) = ( - l) x (q x l).
To soo fhnf (n) = () x (q), consIdor fhnf fho sof of osIfIvo Infogors Ioss fhnf
n Is fho sof {l,..., (q - l)}. Tho Infogors In fhIs sof fhnf nro nof roInfIvoIy rImo fo n nro
fho sof {,2 ,..., (q - l)} nnd fho sof {q,2q,..., ( - l)q} AccordIngIy,
(n) = (q - l) |(q - l) + ( - l)]
= q ( + q) + l
= ( - l) x (q - l) = () x (q)
uIev's TLeovem
IuIor's fhoorom sfnfos fhnf for ovory n nnd n fhnf nro roInfIvoIy rImo:

Proof:
Is fruo If n Is rImo, bocnuso In fhnf cnso (n) = (n - l) nnd
Iormnf's fhoorom hoIds. Howovor, If nIso hoIds for nny Infogor n. !ocnII fhnf (n) Is fho
numbor of osIfIvo Infogors Ioss fhnn n fhnf nro roInfIvoIy rImo fo n. ConsIdor fho sof
of such Infogors, InboIod ns foIIows:
! {xl, x2,..., x (n)}
Thnf Is, onch oIomonf xI of ! Is n unIquo osIfIvo Infogor Ioss fhnn n wIfh gcd(xI, n) = l.
ow muIfIIy onch oIomonf by n, moduIo n:
S = {(nxl mod n), (nx2 mod n),..., (nx (n) mod n)}

Tho sof S Is n ormufnfIon of !, by fho foIIowIng IIno of ronsonIng:
l. Iocnuso n Is roInfIvoIy rImo fo n nnd xI Is roInfIvoIy rImo fo n, nxI musf nIso bo
roInfIvoIy rImo fo n. Thus, nII fho mombors of S nro Infogors fhnf nro Ioss fhnn
n nnd fhnf nro roInfIvoIy rImo fo n.
2. Thoro nro no duIIcnfos In S. If nxI mod n = nxj mod n fhon xI = xj.

Thoroforo,

ThIs Is fho snmo IIno of ronsonIng nIIod fo fho roof of Iormnf's fhoorom. As Is
fho cnso for Iormnf's fhoorom, nn nIfornnfIvo form of fho fhoorom Is nIso usofuI:

A.3 TSTING IOR PRIMAIITY

ThIs nIgorIfhm yIoIds n numbor fhnf Is nof nocossnrIIy n rImo. Howovor, fho
nIgorIfhm cnn yIoId n numbor fhnf Is nImosf corfnInIy n rImo.

MIIIev-RubIn AIgovItLm
Tho nIgorIfhm duo fo MIIIor nnd !nbIn Is fyIcnIIy usod fo fosf n Inrgo numbor
for rImnIIfy. Ioforo oxInInIng fho nIgorIfhm, wo nood somo bnckground. IIrsf, nny
osIfIvo odd Infogor n _ 3 cnn bo oxrossod ns foIIows:
n - l = 2
k
q wIfh k > 0, q odd
To soo fhIs, nofo fhnf (n - l) Is nn ovon Infogor. Thon, dIvIdo (n - l) by 2 unfII fho
rosuIf Is nn odd numbor q, for n fofnI of k dIvIsIons. If n Is oxrossod ns n bInnry
numbor, fhon fho rosuIf Is nchIovod by shIffIng fho numbor fo fho rIghf unfII fho
rIghfmosf dIgIf Is n l, for n fofnI of k shIffs.

Two PvopevtIes oI PvIme Numbevs
Tho firot property Is sfnfod ns foIIows:
If p Is rImo nnd u Is n osIfIvo Infogor Ioss fhnn , fhon n
2
mod = l If nnd onIy
If oIfhor n mod = l or n mod = l modo = - l. Iy fho ruIos of moduInr nrIfhmofIc (n
modo ) (n modo ) = n
2
mod . Thus If oIfhor n modo = l or n mod = l, fhon n
2
mod
= l. ConvorsoIy, If n
2
mod = l, fhon (n mod )
2
= l, whIch Is fruo onIy for n mod = l
or n mod = l.

Tho oeconJ property Is sfnfod ns foIIows:
!of bo n rImo numbor gronfor fhnn 2. Wo cnn fhon wrIfo l = 2
k
q, wIfh k > 0
q odd. !of n bo nny Infogor In fho rnngo l < n < l. Thon ono of fho fwo foIIowIng
condIfIons Is fruo:
; n
q
Is congruonf fo l moduIo . Thnf Is, n
q
mod = l, or oquIvnIonfIy, n
q
l (mod
).
; Ono of fho numbors n
q
, n
2q
, n
4q
,..., n
2k-lq
Is congruonf fo l moduIo . Thnf Is, fhoro
Is somo numbor j In fho rnngo (l _ j _ k) such fhnf n
2j-lq
mod = l mod = - l,
or oquIvnIonfIy, n
2j-lq
l (mod ).
Proof:
Iormnf's fhoorom sfnfos fhnf n
nl
l (mod n) If n Is rImo. Wo hnvo - l = 2
k
q.
Thus, wo know fhnf n
l
mod = n
2kq
mod = l. Thus, If wo Iook nf fho soquonco of
numbors

wo know fhnf fho Insf numbor In fho IIsf hns vnIuo l. Iurfhor, onch numbor In
fho IIsf Is fho squnro of fho rovIous numbor.

Thoroforo, ono of fho foIIowIng ossIbIIIfIos musf bo fruo:
; Tho fIrsf numbor on fho IIsf, nnd fhoroforo nII subsoquonf numbors on fho IIsf,
oqunIs l.
; Somo numbor on fho IIsf doos nof oqunI l, buf Ifs squnro mod doos oqunI l. Iy
vIrfuo of fho fIrsf roorfy of rImo numbors dofInod nbovo, wo know fhnf fho
onIy numbor fhnf snfIsfIos fhIs condIfIon - l Is So, In fhIs cnso, fho IIsf confnIns
nn oIomonf oqunI fo - l.

ThIs comIofos fho roof.

Tho rocoduro TIST fnkos n cnndIdnfo Infogor n ns Inuf nnd rofurns fho rosuIf
comosIfo If n Is dofInIfoIy nof n rImo, nnd fho rosuIf InconcIusIvo If n mny or mny nof
bo n rImo.

TEST (n)
l. IInd Infogors k, q, wIfh k > 0, q odd, so fhnf (n l = 2
k
q);
2. SoIocf n rnndom Infogor n, l < n < n l;
3. If n
q
mod n = l fhon rofurn("InconcIusIvo");
4. for j = 0 fo k l do
5. If n
2jq
mod n n - l fhon rofurn("InconcIusIvo");
6. rofurn("comosIfo");
PvobubIIIstIc ConsIdevutIon
RepeuteJ Uoe of the Miller-Rubin Algorithm
+RZ FDQ ZH XVH WKH 0LOOHU5DELQ DOJRULWKP WR GHWHUPLQH ZLWK D KLJK GHJUHH RI
FRQILGHQFHZKHWKHURUQRWDQLQWHJHULVSULPH"
If cnn bo shown fhnf gIvon nn odd numbor n fhnf Is nof rImo nnd n rnndomIy
choson Infogor, n wIfh l < n < n l, fho robnbIIIfy fhnf TIST wIII rofurn InconcIusIvo
(I.o., fnII fo dofocf fhnf n Is nof rImo) Is Ioss fhnn l/4. Thus, If f dIfforonf vnIuos of n nro
choson, fho robnbIIIfy fhnf nII of fhom wIII nss TIST (rofurn InconcIusIvo) for n Is Ioss
fhnn (l/4)
f

Ior H[DPSOH, for f = l0, fho robnbIIIfy fhnf n nonrImo numbor wIII nss nII fon
fosfs Is Ioss fhnn l0
6
. Thus, for n suffIcIonfIy Inrgo vnIuo of f, wo cnn bo confIdonf fhnf n
Is rImo If MIIIor's fosf nIwnys rofurns InconcIusIvo. ThIs gIvos us n bnsIs for
doformInIng whofhor nn odd Infogor n Is rImo wIfh n ronsonnbIo dogroo of confIdonco.

Tho SURFHGXUH Is ns foIIows: !oonfodIy Invoko TIST (n) usIng rnndomIy choson
vnIuos for n. If, nf nny oInf, TIST rofurns comosIfo, fhon n Is doformInod fo bo
nonrImo. If TIST confInuos fo rofurn InconcIusIvo for f fosfs, for n suffIcIonfIy Inrgo
vnIuo of f, nssumo fhnf n Is rImo.

Diotribution of Primeo
If Is worfh nofIng how mnny numbors nro IIkoIy fo bo rojocfod boforo n rImo
numbor Is found usIng fho MIIIor-!nbIn fosf, or nny ofhor fosf for rImnIIfy. A rosuIf
from numbor fhoory, known ns fho rImo numbor fhoorom, sfnfos fhnf fho rImos nonr
n nro sncod on fho nvorngo ono ovory (In n) Infogors. Thus, on nvorngo, ono wouId hnvo
fo fosf on fho ordor of In(n) Infogors boforo n rImo Is found. Iocnuso nII ovon Infogors
cnn bo ImmodInfoIy rojocfod, fho corrocf fIguro Is 0.5 In(n).
Ior oxnmIo, If n rImo on fho ordor of mngnIfudo of 2
200
woro soughf, fhon nbouf
0.5 In(2
200
) = 69 frInIs wouId bo noodod fo fInd n rImo. Howovor, fhIs fIguro Is jusf nn
nvorngo. In somo Incos nIong fho numbor IIno, rImos nro cIosoIy nckod, nnd In ofhor
Incos fhoro nro Inrgo gns.
A.4 TH CHINS RMAINR THORM

Tho C!T snys If Is ossIbIo fo roconsfrucf Infogors In n corfnIn rnngo from fhoIr
rosIduos moduIo n sof of nIrwIso roInfIvoIy rImo moduII. Tho C!T cnn bo sfnfod In
sovornI wnys. Wo rosonf horo n formuInfIon fhnf Is mosf usofuI from fho oInf of vIow
of fhIs foxf. !of

whoro fho mI nro nIrwIso roInfIvoIy rImo; fhnf Is, gcd(mI, mj) = l for l_ I, j_k, nnd I = j.
Wo cnn rorosonf nny Infogor A In ZM by n k-fuIo whoso oIomonfs nro In ZmI usIng fho
foIIowIng corrosondonco:

whoro A ZM, nI ZmI nnd nI = A mod mI for l _ I _ k.

Tho C!T mnkos fwo nssorfIons.
l. Tho mnIng of nbovo oqunfIon Is n ono-fo-ono corrosondonco (cnIIod n
bIJectIon) bofwoon ZM nnd fho CnrfosInn roducf Zml x Zm2 x ... x Zmk. Thnf Is,
for ovory Infogor A such fhnf 0 _ A < M fhoro Is n unIquo k-fuIo (nl, n2,..., nk)
wIfh 0 _ nI < mI fhnf rorosonfs If, nnd for ovory such k-fuIo (nl, n2,..., nk) fhoro
Is n unIquo Infogor A In ZM.
2. OornfIons orformod on fho oIomonfs of ZM cnn bo oquIvnIonfIy orformod on
fho corrosondIng k-fuIos by orformIng fho oornfIon IndoondonfIy In onch
coordInnfo osIfIon In fho nrorInfo sysfom.

Let uo Jemonotrute the firot uooertion.
Tho frnnsformnfIon from A fo (nl, nl,..., nk) Is obvIousIy unIquo; fhnf Is, onch nI Is
unIquoIy cnIcuInfod ns nI = A mod mI. ComufIng A from (nl, nl,..., nk) cnn bo dono ns
foIIows. !of MI = M/mI for l _ I _ k.
ofo fhnf MI = ml x m2 x ... x mI-l x mI+l x ... x mk so fhnf MI 0(mod mj) for nII j = I.
Thon Iof

Iy fho dofInIfIon of MI If Is roInfIvoIy rImo fo mI nnd fhoroforo hns n unIquo

muIfIIIcnfIvo Invorso mod mI, so nbovo oqunfIon Is woII dofInod nnd roducos n unIquo
vnIuo cI. Wo cnn now comufo:

To show fhnf fho vnIuo of A roducod by nbovo oxnmIo Is corrocf, wo musf show
fhnf nI = A mod mI for l _ I _ k. ofo fhnf cj Mj 0(mod mI) If j = I nnd fhnf cI l(mod
mI). If foIIows fhnf nI = A mod mI.

The oeconJ uooertion of the CRT,
ConcornIng nrIfhmofIc oornfIons, foIIows from fho ruIos for moduInr nrIfhmofIc.
Thnf Is, fho socond nssorfIon cnn bo sfnfod ns foIIows: If

fhon

Ono of fho usofuI fonfuros of fho ChInoso romnIndor fhoorom Is fhnf If rovIdos n
wny fo mnnIuInfo (ofonfInIIy vory Inrgo) numbors mod M In forms of fuIos of smnIIor
numbors. ThIs cnn bo usofuI whon M Is l50 dIgIfs or moro. Howovor, nofo fhnf If Is
nocossnry fo know boforohnnd fho fncforIznfIon of M.

A.5 ISCRT IOGARITHMS
Iscrofo IognrIfhms nro fundnmonfnI fo n numbor of ubIIc-koy nIgorIfhms,
IncIudIng IffIo-HoIImnn koy oxchnngo nnd fho dIgIfnI sIgnnfuro nIgorIfhm (SA).
The Pouero of un 1nteger, MoJulo n
!ocnII from IuIor's fhoorom fhnf, for ovory n nnd n fhnf nro roInfIvoIy rImo:
n(n) l(mod n)
whoro (n), IuIor's fofIonf funcfIon, Is fho numbor of osIfIvo Infogors Ioss fhnn n nnd
roInfIvoIy rImo fo n.
ow consIdor fho moro gonornI oxrossIon:

If n nnd n nro roInfIvoIy rImo, fhon fhoro Is nf Ionsf ono Infogor m fhnf snfIsfIos
nbovo oqunfIon. nnmoIy, m = f(n). Tho Ionsf osIfIvo oxononf m for whIch nbovo
oqunfIon hoIds Is roforrod fo In sovornI wnys:
; fho ordor of n (mod n)
; fho oxononf fo whIch n boIongs (mod n)
; fho Iongfh of fho orIod gonornfod by n

Moro gonornIIy, wo cnn sny fhnf fho hIghosf ossIbIo oxononf fo whIch n numbor
cnn boIong (mod n) Is (n). If n numbor Is of fhIs ordor, If Is roforrod fo ns n pvImItIve
voot of n. Tho Imorfnnco of fhIs nofIon Is fhnf If n Is n rImIfIvo roof of n, fhon Ifs
owors
n, n
2
,..., n
(n)

nro dIsfIncf (mod n) nnd nro nII roInfIvoIy rImo fo n. In nrfIcuInr, for n rImo numbor
, If n Is n rImIfIvo roof of , fhon
n, n
2
,..., n
l

nro dIsfIncf (mod ). Ior fho rImo numbor l9, Ifs rImIfIvo roofs nro 2, 3, l0, l3, l4,
nnd l5. of nII Infogors hnvo rImIfIvo roofs. In fncf, fho onIy Infogors wIfh rImIfIvo
roofs nro fhoso of fho form 2, 4,
n
, nnd 2
n
, whoro Is nny odd rImo nnd n Is n osIfIvo
Infogor.

Logurithmo for MoJulur Arithmetic
WIfh ordInnry osIfIvo ronI numbors, fho IognrIfhm funcfIon Is fho Invorso of
oxononfInfIon. An nnnIogous funcfIon oxIsfs for moduInr nrIfhmofIc.
!of us brIofIy rovIow fho roorfIos of ordInnry IognrIfhms. Tho IognrIfhm of n
numbor Is dofInod fo bo fho owor fo whIch somo osIfIvo bnso (oxcof l) musf bo rnIsod
In ordor fo oqunI fho numbor. Thnf Is, for bnso x nnd for n vnIuo y:
y = x
Iogx(y)

Tho roorfIos of IognrIfhms IncIudo fho foIIowIng:
Iogx(l) = 0 Iogx(x) = l

ConsIdor n rImIfIvo roof n for somo rImo numbor (fho nrgumonf cnn bo
dovoIood for nonrImos ns woII). Thon wo know fhnf fho owors of n from l fhrough
( - l) roduco onch Infogor from l fhrough ( - l) oxncfIy onco. Wo nIso know fhnf nny
Infogor b snfIsfIos
b r(mod ) for somo r, whoro 0 _ r _ ( - l)
by fho dofInIfIon of moduInr nrIfhmofIc. If foIIows fhnf for nny Infogor b nnd n rImIfIvo
roof n of rImo numbor , wo cnn fInd n unIquo oxononf I such fhnf
b n
I
(mod ) whoro 0 _ I _ ( - l)

ThIs oxononf I Is roforrod fo ns fho dIscvete IoguvItLm of fho numbor b for fho
bnso n (mod ). Wo donofo fhIs vnIuo ns dIogn.(b). ofo fho foIIowIng:

ow consIdor
x = n
dIogn,(x)
mod y = n
dIogn,(y)
mod
xy = n
dIogn,(xy)
mod
!sIng fho ruIos of moduInr muIfIIIcnfIon,

Iuf now consIdor IuIor's fhoorom, whIch sfnfos fhnf, for ovory n nnd n fhnf nro
roInfIvoIy rImo:
n
(n)
l(mod n)
Any osIfIvo Infogor z cnn bo oxrossod In fho form z = q + kf(n), wIfh 0 _ q < (n).
Thoroforo, by IuIor's fhoorom,

n
z
n
q
(mod n) If z = q mod (n)
AIyIng fhIs fo fho forogoIng oqunIIfy, wo hnvo
dIogn,(xy) |dIogn,(x) + dIogn,(y)] (mod ())
nnd gonornIIzIng,
dIogn,(y
r
) |r x dIogn.(y)] (mod (n))
ThIs domonsfrnfos fho nnnIogy bofwoon fruo IognrIfhms nnd dIscrofo IognrIfhms. Koo
In mInd fhnf unIquo dIscrofo IognrIfhms mod m fo somo bnso n oxIsf onIy If n Is n
rImIfIvo roof of m.

Culculution of Diocrete Logurithmo
ConsIdor fho oqunfIon
y = g
x
mod
CIvon g, x, nnd , If Is n sfrnIghfforwnrd mnffor fo cnIcuInfo y. Af fho worsf, wo
musf orform x roonfod muIfIIIcnfIons, nnd nIgorIfhms oxIsf for nchIovIng gronfor
offIcIoncy. Howovor, gIvon y, g, nnd , If Is, In gonornI, vory dIffIcuIf fo cnIcuInfo x (fnko
fho dIscrofo IognrIfhm). Tho dIffIcuIfy sooms fo bo on fho snmo ordor of mngnIfudo ns
fhnf of fncforIng rImos roquIrod for !SA. Af fho fImo of fhIs wrIfIng, fho
nsymfofIcnIIy fnsfosf known nIgorIfhm for fnkIng dIscrofo IognrIfhms moduIo n rImo
numbor: o((In )
l/3
(In(In ))
2/3
) whIch Is nof fonsIbIo for Inrgo rImos.

2.5 KY MANAGMNT; OTHR PUBIIC-KY CRYPTOSYSTMS
; IubIIc-koy oncryfIon schomos nro socuro onIy If fho nufhonfIcIfy of fho ubIIc
koy Is nssurod. A ubIIc-koy corfIfIcnfo schomo rovIdos fho nocossnry socurIfy.
; A sImIo ubIIc-koy nIgorIfhm Is IffIo-HoIImnn koy oxchnngo. ThIs rofocoI
onnbIos fwo usors fo osfnbIIsh n socrof koy usIng n ubIIc-koy schomo bnsod on
dIscrofo IognrIfhms. Tho rofocoI Is socuro onIy If fho nufhonfIcIfy of fho fwo
nrfIcInnfs cnn bo osfnbIIshod.
; IIIIfIc curvo nrIfhmofIc cnn bo usod fo dovoIo n vnrIofy of oIIIfIc curvo
cryfogrnhy (ICC) schomos, IncIudIng koy oxchnngo, oncryfIon, nnd dIgIfnI
sIgnnfuro.
B.1 KY MANAGMNT
Ono of fho mnjor roIos of ubIIc-koy oncryfIon hns boon fo nddross fho robIom
of koy dIsfrIbufIon. Thoro nro ncfunIIy fwo dIsfIncf nsocfs fo fho uso of ubIIc-koy
cryfogrnhy In fhIs rognrd:
Tho dIsfrIbufIon of ubIIc koys
Tho uso of ubIIc-koy oncryfIon fo dIsfrIbufo socrof koys

IstvIbutIon oI PubIIc Keys
SovornI fochnIquos hnvo boon roosod for fho dIsfrIbufIon of ubIIc koys.
VIrfunIIy nII fhoso roosnIs cnn bo grouod Info fho foIIowIng gonornI schomos:
IubIIc nnnouncomonf
IubIIcIy nvnIInbIo dIrocfory
IubIIc-koy nufhorIfy
IubIIc-koy corfIfIcnfos

PubIIc Announcement oI PubIIc Keys
Tho oInf of ubIIc-koy oncryfIon Is fhnf fho ubIIc koy Is ubIIc.
If fhoro Is somo brondIy nccofod ubIIc-koy nIgorIfhm, such ns !SA, nny
nrfIcInnf cnn sond hIs or hor ubIIc koy fo nny ofhor nrfIcInnf or brondcnsf
fho koy fo fho communIfy nf Inrgo.

I!n IubIIc Koy of usor A
Iub IubIIc Koy of usor I
UncontvoIIed PubIIc-Key IstvIbutIon
Isudvuntuges
Anyono cnn forgo such n ubIIc nnnouncomonf. Thnf Is, somo usor couId rofond
fo bo usor A nnd sond n ubIIc koy fo nnofhor nrfIcInnf or brondcnsf such n ubIIc
koy. !nfII such fImo ns usor A dIscovors fho forgory nnd nIorfs ofhor nrfIcInnfs, fho
forgor Is nbIo fo rond nII oncryfod mossngos Infondod for A nnd cnn uso fho forgod koys
for nufhonfIcnfIon.

PubIIcIy AvuIIubIe Ivectovy
Iy mnInfnInIng n ubIIcIy nvnIInbIo dynnmIc dIrocfory of ubIIc koys.
MnInfonnnco nnd dIsfrIbufIon of fho ubIIc dIrocfory wouId hnvo fo bo fho rosonsIbIIIfy
of somo frusfod onfIfy or orgnnIznfIon.

PubIIc-Key PubIIcutIon
Such n schomo wouId IncIudo fho foIIowIng oIomonfs:
l. Tho nufhorIfy mnInfnIns n dIrocfory wIfh n {nnmo, ubIIc koy} onfry for onch
nrfIcInnf.
2. Inch nrfIcInnf rogIsfors n ubIIc koy wIfh fho dIrocfory nufhorIfy. !ogIsfrnfIon
wouId hnvo fo bo In orson or by somo form of socuro nufhonfIcnfod
communIcnfIon.
3. A nrfIcInnf mny roInco fho oxIsfIng koy wIfh n now ono nf nny fImo, oIfhor
bocnuso of fho dosIro fo roInco n ubIIc koy fhnf hns nIrondy boon usod for n
Inrgo nmounf of dnfn, or bocnuso fho corrosondIng rIvnfo koy hns boon
comromIsod In somo wny.
4. InrfIcInnfs couId nIso nccoss fho dIrocfory oIocfronIcnIIy. Ior fhIs uroso,
socuro, nufhonfIcnfod communIcnfIon from fho nufhorIfy fo fho nrfIcInnf Is
mnndnfory.
Advuntuges:
ThIs schomo Is cIonrIy moro socuro fhnn IndIvIdunI ubIIc nnnouncomonfs.
Isudvuntuges:
If nn ndvorsnry succoods In obfnInIng or comufIng fho rIvnfo koy of fho
dIrocfory nufhorIfy, fho ndvorsnry couId nufhorIfnfIvoIy nss ouf counforfoIf ubIIc koys
nnd subsoquonfIy Imorsonnfo nny nrfIcInnf nnd onvosdro on mossngos sonf fo nny
nrfIcInnf. Anofhor wny fo nchIovo fho snmo ond Is for fho ndvorsnry fo fnmor wIfh
fho rocords kof by fho nufhorIfy.

PubIIc-Key AutLovIty
As boforo, fho sconnrIo nssumos fhnf n confrnI nufhorIfy mnInfnIns n dynnmIc
dIrocfory of ubIIc koys of nII nrfIcInnfs. In nddIfIon, onch nrfIcInnf roIInbIy knows
n ubIIc koy for fho nufhorIfy, wIfh onIy fho nufhorIfy knowIng fho corrosondIng
rIvnfo koy.
Tho foIIowIng otepo occur:
l. A sonds n fImo sfnmod mossngo fo fho ubIIc-koy nufhorIfy confnInIng n roquosf
for fho curronf ubIIc koy of I.
2. Tho nufhorIfy rosonds wIfh n mossngo fhnf Is oncryfod usIng fho nufhorIfy's
rIvnfo koy, I!nufh Thus, A Is nbIo fo docryf fho mossngo usIng fho nufhorIfy's
ubIIc koy. Thoroforo, A Is nssurod fhnf fho mossngo orIgInnfod wIfh fho nufhorIfy.
Tho mossngo IncIudos fho foIIowIng:
V I's ubIIc koy, I!b whIch A cnn uso fo oncryf mossngos dosfInod for I
V Tho orIgInnI roquosf, fo onnbIo A fo mnfch fhIs rosonso wIfh fho corrosondIng
onrIIor roquosf nnd fo vorIfy fhnf fho orIgInnI roquosf wns nof nIforod boforo
rocofIon by fho nufhorIfy
V Tho orIgInnI fImosfnm, so A cnn doformIno fhnf fhIs Is nof nn oId mossngo from
fho nufhorIfy confnInIng n koy ofhor fhnn I's curronf ubIIc koy
3. A sforos I's ubIIc koy nnd nIso usos If fo oncryf n mossngo fo I confnInIng nn
IdonfIfIor of A (IA) nnd n nonco (l), whIch Is usod fo IdonfIfy fhIs frnnsncfIon
unIquoIy.

4, 5. I rofrIovos A's ubIIc koy from fho nufhorIfy In fho snmo mnnnor ns A rofrIovod
I's ubIIc koy.
Af fhIs oInf, ubIIc koys hnvo boon socuroIy doIIvorod fo A nnd I, nnd fhoy mny bogIn
fhoIr rofocfod oxchnngo. Howovor, fwo nddIfIonnI sfos nro dosIrnbIo:
6. I sonds n mossngo fo A oncryfod wIfh I!n nnd confnInIng A's nonco (l) ns woII ns n
now nonco gonornfod by I (2) Iocnuso onIy I couId hnvo docryfod mossngo (3), fho
rosonco of l In mossngo (6) nssuros A fhnf fho corrosondonf Is I.
?. A rofurns 2, oncryfod usIng I's ubIIc koy, fo nssuro I fhnf Ifs corrosondonf Is A.

Public-Key Diotribution Scenurio
vuwbucks:
Tho ubIIc-koy nufhorIfy couId bo somowhnf of n boffIonock In fho sysfom, for n usor
musf nonI fo fho nufhorIfy for n ubIIc koy for ovory ofhor usor fhnf If wIshos fo
confncf. As boforo, fho dIrocfory of nnmos nnd ubIIc koys mnInfnInod by fho nufhorIfy
Is vuInornbIo fo fnmorIng.

PubIIc-Key CevtIIIcutes
An nIfornnfIvo nronch, fIrsf suggosfod by KohnfoIdor Is fo uso corfIfIcnfos fhnf
cnn bo usod by nrfIcInnfs fo oxchnngo koys wIfhouf confncfIng n ubIIc-koy nufhorIfy,
In n wny fhnf Is ns roIInbIo ns If fho koys woro obfnInod dIrocfIy from n ubIIc-koy
nufhorIfy. In ossonco, n corfIfIcnfo consIsfs of n ubIIc koy Ius nn IdonfIfIor of fho koy
ownor, wIfh fho whoIo bIock sIgnod by n frusfod fhIrd nrfy. Tho foIIowIng
roquIromonfs on fhIs schomo:
l) Any nrfIcInnf cnn rond n corfIfIcnfo fo doformIno fho nnmo nnd ubIIc koy of
fho corfIfIcnfo's ownor.
2) Any nrfIcInnf cnn vorIfy fhnf fho corfIfIcnfo orIgInnfod from fho corfIfIcnfo
nufhorIfy nnd Is nof counforfoIf.
3) OnIy fho corfIfIcnfo nufhorIfy cnn cronfo nnd udnfo corfIfIcnfos.
4) Any nrfIcInnf cnn vorIfy fho curroncy of fho corfIfIcnfo.

Erchunge of Public-Key Certificuteo

Horo fImo sfnm T vnIIdnfos fho occurroncos of fho corfIfIcnfos. Ior nrfIcInnf
A, fho nufhorIfy rovIdos n corfIfIcnfo of fho form
CA = I(I!nufh, |T||IA||I!n])
whoro I!nufh Is fho rIvnfo koy usod by fho nufhorIfy nnd T Is n fImosfnm. A mny fhon
nss fhIs corfIfIcnfo on fo nny ofhor nrfIcInnf, who ronds nnd vorIfIos fho corfIfIcnfo ns
foIIows: (I!nufh, CA) = (I!nufh, I(I!nufh, |T||IA||I!n])) = (T||IA||I!n)
Tho rocIIonf usos fho nufhorIfy's ubIIc koy, I!nufh fo docryf fho corfIfIcnfo.
Ono schomo hns bocomo unIvorsnIIy nccofod for formnffIng ubIIc-koy corfIfIcnfos: fho
X.509 sfnndnrd. X.509 corfIfIcnfos nro usod In mosf nofwork socurIfy nIIcnfIons,
IncIudIng II socurIfy, socuro sockofs Inyor (SS!), socuro oIocfronIc frnnsncfIons (SIT),
nnd S/MIMI.
IstvIbutIon oI Secvet Keys UsIng PubIIc-Key CvyptogvupLy

Simple Secret Key Diotribution
If A wIshos fo communIcnfo wIfh I, fho foIIowIng rocoduro Is omIoyod:
l. A gonornfos n ubIIc/rIvnfo koy nIr {I!n, I!n} nnd frnnsmIfs n mossngo fo I
consIsfIng of I!n nnd nn IdonfIfIor of A, IA.
2. I gonornfos n socrof koy, Ks, nnd frnnsmIfs If fo A, oncryfod wIfh A's ubIIc koy.
3. A comufos (I!n, I(I!n, Ks)) fo rocovor fho socrof koy. Iocnuso onIy A cnn
docryf fho mossngo, onIy A nnd I wIII know fho IdonfIfy of Ks.
4. A dIscnrds I!n nnd I!n nnd I dIscnrds I!n.

A nnd I cnn now socuroIy communIcnfo usIng convonfIonnI oncryfIon nnd fho
sossIon koy Ks. Af fho comIofIon of fho oxchnngo, bofh A nnd I dIscnrd Ks. osIfo Ifs
sImIIcIfy, fhIs Is nn nffrncfIvo rofocoI. o koys oxIsf boforo fho sfnrf of fho
communIcnfIon nnd nono oxIsf nffor fho comIofIon of communIcnfIon.
Thus, fho rIsk of comromIso of fho koys Is mInImnI. Af fho snmo fImo, fho
communIcnfIon Is socuro from onvosdroIng.

Mun In tLe MIddIe Attuck:
Tho rofocoI Is Insocuro ngnInsf nn ndvorsnry who cnn Inforcof mossngos nnd
fhon oIfhor roIny fho Inforcofod mossngo or subsfIfufo nnofhor mossngo. Such nn
nffnck Is known ns n mnn-In-fho-mIddIo nffnck.
In fhIs cnso, If nn ndvorsnry, I, hns confroI of fho InforvonIng communIcnfIon
chnnnoI, fhon I cnn comromIso fho communIcnfIon In fho foIIowIng fnshIon wIfhouf
boIng dofocfod:
l) A gonornfos n ubIIc/rIvnfo koy nIr {I!n, I!n} nnd frnnsmIfs n mossngo
Infondod for I consIsfIng of I!n nnd nn IdonfIfIor of A, IA.
2) I Inforcofs fho mossngo, cronfos Ifs own ubIIc/rIvnfo koy nIr {I!o, I!o} nnd
frnnsmIfs I!o||IA fo I.
3) I gonornfos n socrof koy, Ks, nnd frnnsmIfs I(I!o, Ks).
4) I Inforcofs fho mossngo, nnd Ionrns Ks by comufIng (I!o, I(I!o, Ks)).
5) I frnnsmIfs I(I!n, Ks) fo A.

Tho rosuIf Is fhnf bofh A nnd I know Ks nnd nro unnwnro fhnf Ks hns nIso boon
rovonIod fo I. A nnd I cnn now oxchnngo mossngos usIng Ks I no Iongor ncfIvoIy
Inforforos wIfh fho communIcnfIons chnnnoI buf sImIy onvosdros. KnowIng Ks I cnn
docryf nII mossngos, nnd bofh A nnd I nro unnwnro of fho robIom. Thus, fhIs sImIo
rofocoI Is onIy usofuI In nn onvIronmonf whoro fho onIy fhronf Is onvosdroIng.

Secret Key Diotribution uith ConfiJentiulity unJ Authenticution

ThIs nronch rovIdos rofocfIon ngnInsf bofh ncfIvo nnd nssIvo nffncks. Wo
bogIn nf n oInf whon If Is nssumod fhnf A nnd I hnvo oxchnngod ubIIc koys by ono of
fho schomos doscrIbod onrIIor In fhIs socfIon.
Thon fho foIIowIng sfos occur:
l. A usos I's ubIIc koy fo oncryf n mossngo fo I confnInIng nn IdonfIfIor of A (IA)
nnd n nonco (l), whIch Is usod fo IdonfIfy fhIs frnnsncfIon unIquoIy.
2. I sonds n mossngo fo A oncryfod wIfh I!n nnd confnInIng A's nonco (l) ns woII ns
n now nonco gonornfod by I (2) Iocnuso onIy I couId hnvo docryfod mossngo (l),
fho rosonco of l In mossngo (2) nssuros A fhnf fho corrosondonf Is I.
3. A rofurns 2 oncryfod usIng I's ubIIc koy, fo nssuro I fhnf Ifs corrosondonf Is A.
4. A soIocfs n socrof koy Ks nnd sonds M = I(I!b, I(I!n, Ks)) fo I. IncryfIon of fhIs
mossngo wIfh I's ubIIc koy onsuros fhnf onIy I cnn rond If; oncryfIon wIfh A's
rIvnfo koy onsuros fhnf onIy A couId hnvo sonf If.
5. I comufos (I!n, (I!b, M)) fo rocovor fho socrof koy.

A HybriJ Scheme
ThIs schomo rofnIns fho uso of n koy dIsfrIbufIon confor (KC) fhnf shnros n
socrof mnsfor koy wIfh onch usor nnd dIsfrIbufos socrof sossIon koys oncryfod wIfh fho
mnsfor koy. A ubIIc koy schomo Is usod fo dIsfrIbufo fho mnsfor koys.

Tho foIIowIng rnfIonnIo Is rovIdod for usIng fhIs fhroo-IovoI nronch:
PevIovmunce:
IsfrIbufIon of sossIon koys by ubIIc-koy oncryfIon couId dogrndo ovornII
sysfom orformnnco bocnuso of fho roInfIvoIy hIgh comufnfIonnI Iond of ubIIc-koy
oncryfIon nnd docryfIon.
Buckwuvd computIbIIIty:
Tho hybrId schomo Is onsIIy ovorInId on nn oxIsfIng KC schomo, wIfh mInImnI
dIsrufIon or soffwnro chnngos.

B.2 IIII-HIIMAN KY XCHANG

Purpooe
To onnbIo fwo usors fo socuroIy oxchnngo n koy fhnf cnn fhon bo usod for
subsoquonf oncryfIon of mossngos. Tho nIgorIfhm IfsoIf Is IImIfod fo fho oxchnngo of
socrof vnIuos.

DepenJence
Tho IffIo-HoIImnn nIgorIfhm doonds for Ifs offocfIvonoss on fho dIffIcuIfy of
comufIng dIscrofo IognrIfhms.

Definition
; IIrsf, wo dofIno n rImIfIvo roof of n rImo numbor ns ono whoso owors
moduIo gonornfo nII fho Infogors from l fo - l. Thnf Is, If n Is n rImIfIvo roof
of fho rImo numbor , fhon fho numbors n mod , n
2
mod ,..., n
l
mod nro
dIsfIncf nnd consIsf of fho Infogors from l fhrough - l In somo ormufnfIon.
; Ior nny Infogor b nnd n rImIfIvo roof n of rImo numbor , wo cnn fInd n unIquo
oxononf I such fhnf
b n
I
(mod ) whoro 0 _ I _ ( - l)
Tho oxononf I Is roforrod fo ns fho dIscrofo IognrIfhm of b for fho bnso n, mod .
Wo oxross fhIs vnIuo ns dIogn, (b).

Ior fhIs schomo, fhoro nro fwo ubIIcIy known numbors:

V n rImo numbor q nnd
V nn Infogor fhnf Is n rImIfIvo roof of q.

Suoso fho usors A nnd I wIsh fo oxchnngo n koy. !sor A soIocfs n rnndom
Infogor XA < q nnd comufos YA = n
XA
mod q. SImIInrIy, usor I IndoondonfIy soIocfs n
rnndom Infogor XA < q nnd comufos YI = n
XI
mod q.
Inch sIdo koos fho X vnIuo rIvnfo nnd mnkos fho Y vnIuo nvnIInbIo ubIIcIy fo
fho ofhor sIdo. !sor A comufos fho koy ns K = (YI)
X
A mod q nnd usor I comufos fho
koy ns K = (YA)
XI
mod q. Thoso fwo cnIcuInfIons roduco IdonfIcnI rosuIfs:
K = (YI)
XA
mod q
= (n
XI
mod q)
XA
mod q
= (n
XI
)
XA
mod q by fho ruIos of moduInr nrIfhmofIc
= (n
XI XA
mod q
= (n
XA
)
XI
mod q
= (n
XA
mod q)
= (n
XA
mod q)
XI
mod q
= (YA)
XI
mod q
Tho rosuIf Is fhnf fho fwo sIdos hnvo oxchnngod n socrof vnIuo. Iurfhormoro,
bocnuso XA nnd XI nro rIvnfo, nn ndvorsnry onIy hns fho foIIowIng IngrodIonfs fo work
wIfh: q, n, YA, nnd YI. Thus, fho ndvorsnry Is forcod fo fnko n dIscrofo IognrIfhm fo
doformIno fho koy. Ior oxnmIo, fo doformIno fho rIvnfo koy of usor I, nn ndvorsnry
musf comufo
XI = dIogn,q (YI)
Tho ndvorsnry cnn fhon cnIcuInfo fho koy K In fho snmo mnnnor ns usor I
cnIcuInfos If. Tho socurIfy of fho IffIo-HoIImnn koy oxchnngo IIos In fho fncf fhnf, whIIo
If Is roInfIvoIy onsy fo cnIcuInfo oxononfInIs moduIo n rImo, If Is vory dIffIcuIf fo
cnIcuInfo dIscrofo IognrIfhms. Ior Inrgo rImos, fho Inffor fnsk Is consIdorod InfonsIbIo.
Key cLunge PvotocoIs

Abovo fIguro shows n sImIo rofocoI fhnf mnkos uso of fho IffIo-HoIImnn
cnIcuInfIon. Suoso fhnf usor A wIshos fo sof u n connocfIon wIfh usor I nnd uso n
socrof koy fo oncryf mossngos on fhnf connocfIon.
!sor A cnn gonornfo n ono-fImo rIvnfo koy XA, cnIcuInfo YA, nnd sond fhnf fo
usor I. !sor I rosonds by gonornfIng n rIvnfo vnIuo XI cnIcuInfIng YI, nnd sondIng
YI fo usor A. Iofh usors cnn now cnIcuInfo fho koy.
Tho nocossnry ubIIc vnIuos q nnd n wouId nood fo bo known nhond of fImo.
AIfornnfIvoIy, usor A couId Ick vnIuos for q nnd n nnd IncIudo fhoso In fho fIrsf
mossngo.
If fho confrnI dIrocfory Is frusfod, fhon fhIs form of communIcnfIon rovIdos bofh
confIdonfInIIfy nnd n dogroo of nufhonfIcnfIon. Iocnuso onIy I nnd j cnn doformIno fho
koy, no ofhor usor cnn rond fho mossngo (confiJentiulity). !ocIIonf I knows fhnf onIy
usor j couId hnvo cronfod n mossngo usIng fhIs koy (uuthenticution).
Howovor, fho fochnIquo doos nof rofocf ngnInsf roIny nffncks.

Mun-In-tLe-MIddIe Attuck
Tho rofocoI doIcfod In nbovo fIguro Is Insocuro ngnInsf n mnn-In-fho-mIddIo
nffnck. Suoso AIIco nnd Iob wIsh fo oxchnngo koys, nnd nrfh Is fho ndvorsnry.

Tho nffnck rocoods ns foIIows:

l. nrfh ronros for fho nffnck by gonornfIng fwo rnndom rIvnfo koys Xl nnd
X2 nnd fhon comufIng fho corrosondIng ubIIc koys Yl nnd Y2.
2. AIIco frnnsmIfs YA fo Iob.
3. nrfh Inforcofs YA nnd frnnsmIfs Yl fo Iob. nrfh nIso cnIcuInfos K2 = (YA)
X
2
mod q.
4. Iob rocoIvos Yl nnd cnIcuInfos Kl = (Yl)
X
I mod q.
5. Iob frnnsmIfs XA fo AIIco.
6. nrfh Inforcofs XA nnd frnnsmIfs Y2 fo AIIco. nrfh cnIcuInfos Kl = (YI)
X
l
mod q.
?. AIIco rocoIvos Y2 nnd cnIcuInfos K2 = (Y2)
X
A mod q.

Af fhIs oInf, Iob nnd AIIco fhInk fhnf fhoy shnro n socrof koy, buf Insfond Iob
nnd nrfh shnro socrof koy Kl nnd AIIco nnd nrfh shnro socrof koy K2.

AII fufuro communIcnfIon bofwoon Iob nnd AIIco Is comromIsod In fho foIIowIng wny:
l) AIIco sonds nn oncryfod mossngo M: I(K2, M).
2) nrfh Inforcofs fho oncryfod mossngo nnd docryfs If, fo rocovor M.
3) nrfh sonds Iob I(Kl, M) or I(Kl, M'), whoro M' Is nny mossngo. In fho fIrsf
cnso, nrfh sImIy wnnfs fo onvosdro on fho communIcnfIon wIfhouf nIforIng If.
In fho socond cnso, nrfh wnnfs fo modIfy fho mossngo goIng fo Iob.

B.3 IIIPTIC CURV ARITHMTIC
Tho rIncInI nffrncfIon of ICC, comnrod fo !SA, Is fhnf If nonrs fo offor
oqunI socurIfy for n fnr smnIIor koy sIzo, fhoroby roducIng rocossIng ovorhond.
On fho ofhor hnnd, nIfhough fho fhoory of ICC hns boon nround for somo fImo, If
Is onIy roconfIy fhnf roducfs hnvo bogun fo nonr nnd fhnf fhoro hns boon susfnInod
cryfnnnIyfIc Inforosf In robIng for wonknossos.
AccordIngIy, fho confIdonco IovoI In ICC Is nof yof ns hIgh ns fhnf In !SA. ICC
Is fundnmonfnIIy moro dIffIcuIf fo oxInIn fhnn oIfhor !SA or IffIo-HoIImnn.

AbeIIun Gvoups
An nboIInn grou C, somofImos donofod by {C, : }, Is n sof of oIomonfs wIfh n
bInnry oornfIon, donofod by :, fhnf nssocInfos fo onch ordorod nIr (n, b) of oIomonfs In
C nn oIomonf (n : b) In C, such fhnf fho foIIowIng nxIoms nro oboyod:
(Al) CIosuro: If n nnd b boIong fo C, fhon n : b Is nIso In C.
(A2) AssocInfIvo: n : (b : c) = (n : b) : c for nII n, b, c In C.
(A3) IdonfIfy oIomonf: Thoro Is nn oIomonf o In C such fhnf n : o = o : n = n for nII n
In C.
(A4) Invorso oIomonf: Ior onch n In C fhoro Is nn oIomonf n' In C such fhnf n : n' =
n' : n = o.
(A5) CommufnfIvo: n : b = b : n for nII n, b In C.

IIIptIc Cuvves ovev ReuI Numbevs
In gonornI, cubIc oqunfIons for oIIIfIc curvos fnko fho form
y
2
+ nxy + by = x
3
+ cx
2
+ dx + o
whoro n, b, c, d, nnd o nro ronI numbors nnd x nnd y fnko on vnIuos In fho ronI numbors.
Ior our uroso, If Is suffIcIonf fo IImIf oursoIvos fo oqunfIons of fho form

GeometvIc escvIptIon oI AddItIon
If cnn bo shown fhnf n grou cnn bo dofInod bnsod on fho sof I(n, b) for socIfIc
vnIuos of n nnd b In rovIous oqunfIon, rovIdod fho foIIowIng condIfIon Is mof:

If fhroo oInfs on nn oIIIfIc curvo IIo on n sfrnIghf IIno, fhoIr sum Is O.

AIgebvuIc escvIptIon oI AddItIon
Ior fwo dIsfIncf oInfs I = (xI, yI) nnd Q = (xQ, yQ) fhnf nro nof nognfIvos of onch
ofhor, fho sIoo of fho IIno I fhnf joIns fhom Is = (yQ yI).
Thoro Is oxncfIy ono ofhor oInf whoro I Inforsocfs fho oIIIfIc curvo, nnd fhnf Is
fho nognfIvo of fho sum of I nnd Q. Affor somo nIgobrnIc mnnIuInfIon, wo cnn oxross
fho sum ! = I + Q ns foIIows:

Wo nIso nood fo bo nbIo fo ndd n oInf fo IfsoIf: I + I = 2I = !. Whon yI = 0, fho
oxrossIons nro

IIIptIc Cuvves ovev Zp
Two fnmIIIos of oIIIfIc curvos nro usod In cryfogrnhIc nIIcnfIons:
V rImo curvos ovor Z nnd
V bInnry curvos ovor CI(2
m
).
Ior n pvIme cuvve ovor Z, wo uso n cubIc oqunfIon In whIch fho vnrInbIos nnd
cooffIcIonfs nII fnko on vnIuos In fho sof of Infogors from 0 fhrough l nnd In
whIch cnIcuInfIons nro orformod moduIo .
Ior n bInuvy cuvve dofInod ovor CI(2
m
), fho vnrInbIos nnd cooffIcIonfs nII fnko
on vnIuos In CI(2
n
) nnd In cnIcuInfIons nro orformod ovor CI(2
n
).

Ior oIIIfIc curvos ovor Z, ns wIfh ronI numbors, buf In fhIs cnso wIfh cooffIcIonfs nnd
vnrInbIos IImIfod fo Z:

IIIptIc Cuvves ovev GI(2
m
)
Ior oIIIfIc curvos ovor CI(2
m
), wo uso n cubIc oqunfIon In whIch fho vnrInbIos
nnd cooffIcIonfs nII fnko on vnIuos In CI(2
m
), for somo numbor m, nnd In whIch
cnIcuInfIons nro orformod usIng fho ruIos of nrIfhmofIc In CI(2
m
). Tho form Is

2.6 IIIPTIC CURV CRYPTOGRAPHY

A koy oxchnngo bofwoon usors A nnd I cnn bo nccomIIshod ns foIIows:
l. A soIocfs nn Infogor nA Ioss fhnn n. ThIs Is A's rIvnfo koy. A fhon gonornfos n
ubIIc koy IA = nA x C; fho ubIIc koy Is n oInf In Iq(n, b).
2. I sImIInrIy soIocfs n rIvnfo koy nI nnd comufos n ubIIc koy II.
3. A gonornfos fho socrof koy K = nA x II. I gonornfos fho socrof koy K = nI x IA.

Tho fwo cnIcuInfIons In sfo 3 roduco fho snmo rosuIf bocnuso
nA x II = nA x (nI x C) = nI x (nA x C) = nI x IA
IIIptIc Cuvve ncvyptIon/ecvyptIon

Tho fIrsf fnsk In fhIs sysfom Is fo oncodo fho InInfoxf mossngo m fo bo sonf ns
nn x-y oInf Im. If Is fho oInf Im fhnf wIII bo oncryfod ns n cIhorfoxf nnd
subsoquonfIy docryfod.
As wIfh fho koy oxchnngo sysfom, nn oncryfIon/docryfIon sysfom roquIros n
oInf C nnd nn oIIIfIc grou Iq(n, b) ns nrnmofors. Inch usor A soIocfs n rIvnfo koy
nA nnd gonornfos n ubIIc koy IA = nA x C.

To oncryf nnd sond n mossngo Im fo I, A choosos n rnndom osIfIvo Infogor k
nnd roducos fho cIhorfoxf Cm consIsfIng of fho nIr of oInfs:
Cm = {kC, Im + kII}
ofo fhnf A hns usod I's ubIIc koy II. To docryf fho cIhorfoxf, I muIfIIIos
fho fIrsf oInf In fho nIr by I's socrof koy nnd subfrncfs fho rosuIf from fho socond
oInf:
Im + kII nI(kC) = Im + k(nIC) nI(kC) = Im
Ior nn nffnckor fo rocovor fho mossngo, fho nffnckor wouId hnvo fo comufo k
gIvon C nnd kC, whIch Is nssumod hnrd.

SecuvIty oI IIIptIc Cuvve CvyptogvupLy
Tho socurIfy of ICC doonds on how dIffIcuIf If Is fo doformIno k gIvon kI nnd I.
ThIs Is roforrod fo ns fho oIIIfIc curvo IognrIfhm robIom.
Tho fnsfosf known fochnIquo for fnkIng fho oIIIfIc curvo IognrIfhm Is known ns
fho IoIInrd rho mofhod.

Thoro Is n comufnfIonnI ndvnnfngo fo usIng ICC wIfh n shorfor koy Iongfh fhnn n
comnrnbIy socuro !SA.

***N***
UNIT 3 : MESSAGE AUTHENTICATION NETWORK SECURITY

Thangavel Murugan 3.1

UNIT III
MESSAGE AUTHENTICATION

3.1 MESSAGE AUTHENTICATION AND HASH FUNCTIONS

V Message authentication is a mechanism or service used to verify the integrity of
a message. Message authentication assures that data received are exactly as
sent by (i.e., contain no modification, insertion, deletion, or replay) and that the
purported identity of the sender is valid.
V Symmetric encryption provides authentication among those who share the secret
key. Encryption of a message by a sender's private key also provides a form of
authentication.
V The two most common cryptographic techniques for message authentication are
a message authentication code (MAC) and a secure hash function.
V A MAC is an algorithm that requires the use of a secret key. A MAC takes a
variable-length message and a secret key as input and produces an
authentication code. A recipient in possession of the secret key can generate an
authentication code to verify the integrity of the message.
V A hash function maps a variable-length message into a fixed length hash value,
or message digest. For message authentication, a secure hash function must be
combined in some fashion with a secret key.

A.1 AUTHENTICATION REQUIREMENTS
During communications across a network, the following attacks can be identified:
Disclosure: Release of message contents to any person or process not possessing
the appropriate cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties. In a
connection-oriented application, the frequency and duration of connections could
be determined. In either a connection-oriented or connectionless environment,
the number and length of messages between parties could be determined.


Masquerade: Insertion of messages into the network from a fraudulent source.
This includes the creation of messages by an opponent that are purported to
come from an authorized entity. Also included are fraudulent acknowledgments
of message receipt or nonreceipt by someone other than the message recipient.
Content modification: Changes to the contents of a message, including
insertion, deletion, transposition, and modification.
Sequence modification: Any modification to a sequence of messages between
parties, including insertion, deletion, and reordering.
Timing modification: Delay or replay of messages. In a connection-oriented
application, an entire session or sequence of messages could be a replay of some
previous valid session, or individual messages in the sequence could be delayed
or replayed. In a connectionless application, an individual message (e.g.,
datagram) could be delayed or replayed.
Source repudiation: Denial of transmission of message by source.
Destination repudiation: Denial of receipt of message by destination.

For 1 and 2 Message Confidentality
3,4,5,6 Message Authentication
7 Digital Signatures
8 Digital Signature with protocol designed to counter the attack

A.2 AUTHENTICATION FUNCTIONS
Any message authentication or digital signature mechanism has two levels of
functionality.

At Lower Level -- There must be some sort of function that produces an authenticator:
a value to be used to authenticate a message.

At Higher Level -- This lower-level function is then used as a primitive in a higher-
level authentication protocol that enables a receiver to verify the authenticity of a
message.


The types of functions that may be used to produce an authenticator, grouped
into three classes, as follows:
Message encryption: The ciphertext of the entire message serves as its
authenticator
Message authentication code (MAC): A function of the message and a secret
key that produces a fixed-length value that serves as the authenticator
Hash function: A function that maps a message of any length into a fixed-
length hash value, which serves as the authenticator

MESSAGE ENCRYPTION
Message encryption by itself can provide a measure of authentication. The
analysis differs for symmetric and public-key encryption schemes.

Symmetric Encryption
A message M transmitted from source A to destination B is encrypted using a
secret key K shared by A and B. If no other party knows the key, then confidentiality is
provided: No other party can recover the plaintext of the message.
In addition, we may say that B is assured that the message was generated by A.
Why? The message must have come from A because A is the only other party that
possesses K and therefore the only other party with the information necessary to
construct ciphertext that can be decrypted with K.
Furthermore, if M is recovered, B knows that none of the bits of M have been
altered, because an opponent that does not know K would not know how to alter bits in
the ciphertext to produce desired changes in the plaintext.
So we may say that symmetric encryption provides authentication as well as
confidentiality. However, this flat statement needs to be qualified. Consider exactly
what is happening at B. Given a decryption function D and a secret key K, the
destination will accept any input X and produce output Y = D(K, X).
If X is the ciphertext of a legitimate message M produced by the corresponding
encryption function, then Y is some plaintext message M. Otherwise, Y will likely be a
meaningless sequence of bits.


There may need to be some automated means of determining at B whether Y is
legitimate plaintext and therefore must have come from A.
The implications of the line of reasoning in the preceding paragraph are
profound from the point of view of authentication.
Suppose the message M can be any arbitrary bit pattern. In that case, there is no
way to determine automatically, at the destination, whether an incoming message is
the ciphertext of a legitimate message. This conclusion is incontrovertible: If M can be
any bit pattern, then regardless of the value of X, the value Y = D(K, X) is some bit
pattern and therefore must be accepted as authentic plaintext.



A B: E(K, M)
Provides confidentiality
Only A and B share K
Provides a degree of authentication
Could come only from A
Has not been altered in transit
Requires some formatting/redundancy
Does not provide signature
Receiver could forge message
Sender could deny message
(a) Symmetric encryption

A B: E(PUb, M)
Only B has PRb to decrypt
Provides no authentication
Any party could use PUb to encrypt message and claim to be A
(b) Public-key (asymmetric) encryption: confidentiality

A B: E(PRa, M)
Provides authentication and signature
Only A has PRb to encrypt
Has not been altered in transit
Requires some formatting/redundancy
Any party can use PUa to verify signature
(c) Public-key encryption: authentication and signature

A B: E(PUb, E(PRa, M))
Provides confidentiality because of PUb
Provides authentication and signature because of PRa
(d) Public-key encryption: confidentiality, authentication, and signature


It may be difficult to determine automatically if incoming ciphertext decrypts to
intelligible plaintext. If the plaintext is, say, a binary object file or digitized X-rays,
determination of properly formed and therefore authentic plaintext may be difficult.
Thus, an opponent could achieve a certain level of disruption simply by issuing
messages with random content purporting to come from a legitimate user.
One solution to this problem is to force the plaintext to have some structure that
is easily recognized but that cannot be replicated without recourse to the encryption
function.
Note that the order in which the FCS and encryption functions are performed is
critical. The sequence illustrated in below Figure as internal error control, which the
authors contrast with external error control.
With internal error control, authentication is provided because an opponent
would have difficulty generating ciphertext that, when decrypted, would have valid
error control bits. If instead the FCS is the outer code, an opponent can construct
messages with valid error-control codes. Although the opponent cannot know what the
decrypted plaintext will be, he or she can still hope to create confusion and disrupt
operations.



Public-Key Encryption
The straightforward use of public-key encryption provides confidentiality but not
authentication. The source (A) uses the public key PUb of the destination (B) to encrypt
M. Because only B has the corresponding private key PRb, only B can decrypt the
message. This scheme provides no authentication because any opponent could also use
B's public key to encrypt a message, claiming to be A.
To provide authentication, A uses its private key to encrypt the message, and B
uses A's public key to decrypt. This provides authentication using the same type of
reasoning as in the symmetric encryption case: The message must have come from A
because A is the only party that possesses PRa and therefore the only party with the
information necessary to construct ciphertext that can be decrypted with PUa.
Again, the same reasoning as before applies: There must be some internal
structure to the plaintext so that the receiver can distinguish between well-formed
plaintext and random bits.
To provide both confidentiality and authentication, A can encrypt M first using
its private key, which provides the digital signature, and then using B's public key,
which provides confidentiality. The disadvantage of this approach is that the public-key
algorithm, which is complex, must be exercised four times rather than two in each
communication.

MESSAGE AUTHENTICATION CODE
An alternative authentication technique involves the use of a secret key to
generate a small fixed-size block of data, known as a cryptographic checksum or MAC
that is appended to the message.
This technique assumes that two communicating parties, say A and B, share a
common secret key K. When A has a message to send to B, it calculates the MAC as a
function of the message and the key: MAC = C (K, M), where

M = input message
C = MAC function
K = shared secret key
MAC = message authentication code


A B: M||C (K, M)
Provides authentication
(a) Message authentication
A B: E(K2, [M||C(K, M)])
Provides authentication
Only A and B share K1
Only A and B share K2
(b) Message authentication and confidentiality: authentication tied to
plaintext
A B: E(K2, M)||C(K1, E(K2, M))
Provides authentication Using K1
Provides confidentiality Using K2
(c) Message authentication and confidentiality: authentication tied to
ciphertext


The message plus MAC are transmitted to the intended recipient. The recipient
performs the same calculation on the received message, using the same secret key, to
generate a new MAC. The received MAC is compared to the calculated MAC.
If we assume that only the receiver and the sender know the identity of the
secret key, and if the received MAC matches the calculated MAC, then
[1] The receiver is assured that the message has not been altered. If an attacker
alters the message but does not alter the MAC, then the receiver's calculation of
the MAC will differ from the received MAC. Because the attacker is assumed not
to know the secret key, the attacker cannot alter the MAC to correspond to the
alterations in the message.
[2] The receiver is assured that the message is from the alleged sender. Because no
one else knows the secret key, no one else could prepare a message with a proper
MAC.
[3] If the message includes a sequence number (such as is used with HDLC, X.25,
and TCP), then the receiver can be assured of the proper sequence because an
attacker cannot successfully alter the sequence number.

A MAC function is similar to encryption. One difference is that the MAC
algorithm need not be reversible, as it must for decryption.
In general, the MAC function is a many-to-one function. The domain of the
function consists of messages of some arbitrary length, whereas the range consists of all
possible MACs and all possible keys.
If an n-bit MAC is used, then there are 2
n
possible MACs, whereas there are N
possible messages with N >> 2
n
. Furthermore, with a k-bit key, there are 2
k
possible
keys.

HASH FUNCTION
A variation on the message authentication code is the one-way hash function. As
with the message authentication code, a hash function accepts a variable-size message
M as input and produces a fixed-size output, referred to as a hash code H(M). Unlike a
MAC, a hash code does not use a key but is a function only of the input message.


The hash code is also referred to as a message digest or hash value.


The hash code is a function of all the bits of the message and provides an error-
detection capability: A change to any bit or bits in the message results in a change to
the hash code.

Above figure illustrates a variety of ways in which a hash code can be used to
provide message authentication, as follows:
a. The message plus concatenated hash code is encrypted using symmetric
encryption. This is identical in structure to the internal error control strategy.
The same line of reasoning applies: Because only A and B share the secret key,
the message must have come from A and has not been altered. The hash code
provides the structure or redundancy required to achieve authentication.
Because encryption is applied to the entire message plus hash code,
confidentiality is also provided.

b. Only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications that do not require confidentiality. Note
that the combination of hashing and encryption results in an overall function
that is, in fact, a MAC. That is, E(K, H(M)) is a function of a variable-length
message M and a secret key K, and it produces a fixed-size output that is secure
against an opponent who does not know the secret key.

c. Only the hash code is encrypted, using public-key encryption and using the
sender's private key. As with (b), this provides authentication. It also provides a
digital signature, because only the sender could have produced the encrypted
hash code. In fact, this is the essence of the digital signature technique.

d. If confidentiality as well as a digital signature is desired, then the message plus
the private-key-encrypted hash code can be encrypted using a symmetric secret
key. This is a common technique.



e. It is possible to use a hash function but no encryption for message
authentication. The technique assumes that the two communicating parties
share a common secret value S. A computes the hash value over the
concatenation of M and S and appends the resulting hash value to M. Because B
possesses S, it can recompute the hash value to verify. Because the secret value
itself is not sent, an opponent cannot modify an intercepted message and cannot
generate a false message.

f. Confidentiality can be added to the approach of (e) by encrypting the entire
message plus the hash code.

When confidentiality is not required, methods (b) and (c) have an advantage over
those that encrypt the entire message in that less computation is required.

Nevertheless, there has been growing interest in techniques that avoid
encryption. Several reasons for this interest are pointed out in:

V Encryption software is relatively slow. Even though the amount of data to be
encrypted per message is small, there may be a steady stream of messages into
and out of a system.

V Encryption hardware costs are not negligible. Low-cost chip implementations of
DES are available, but the cost adds up if all nodes in a network must have this
capability.

V Encryption hardware is optimized toward large data sizes. For small blocks of
data, a high proportion of the time is spent in initialization/invocation overhead.

V Encryption algorithms may be covered by patents. For example, until the patent
expired, RSA was patented and had to be licensed, adding a cost.



A B: E(K, [M||H(M)])
V Provides confidentiality
V Provides authentication
H(M) is cryptographically protected
(a) Encrypt message plus hash code
A B: M||E(K, H(M))
(b) Encrypt hash codeshared secret key
A B: M||E(PRa, H(M))
V Provides authentication and digital signature
Only A could create E(PRa, H(M))
(c) Encrypt hash codesender's private key
A B: E(K, [M||E(PRa, H(M))])
V Provides authentication and digital signature
(d) Encrypt result of (c)shared secret key
A B: M||H(M||S)
Only A and B share S
(e) Compute hash code of message plus secret value
A B: E(K, [M||H(M||S])
Only A and B share S
(f) Encrypt result of (e)



A.3 MESSAGE AUTHENTICATION CODES
A MAC, also known as a cryptographic checksum, is generated by a function C of
the form
MAC = C(K, M)
where M is a variable-length message, K is a secret key shared only by sender and
receiver, and C(K, M) is the fixed-length authenticator.

The MAC is appended to the message at the source at a time when the message
is assumed or known to be correct. The receiver authenticates that message by
recomputing the MAC.

Requirements for MACs
When an entire message is encrypted for confidentiality, using either symmetric
or asymmetric encryption, the security of the scheme generally depends on the bit
length of the key.

In the case of a MAC, it is a many-to-one function. If confidentiality is not
employed, the opponent has access to plaintext messages and their associated MACs.

Suppose k > n; that is, suppose that the key size is greater than the MAC size.
Thus, a number of keys will produce the correct MAC and the opponent has no way of
knowing which is the correct key.
On average, a total of 2
k
/2
n
= 2
(k-n)
keys will produce a match.

Second, the opponent can concatenate the new message as follows, Consider the
following MAC algorithm. Let M = (X1||X2||...||Xm) be a message that is treated as a
concatenation of 64-bit blocks Xi. Then define
(M) = X
1
X
2
... X
m

C(K, M) = E(K, (M))
where is the exclusive-OR (XOR) operation and the encryption algorithm is DES in
electronic codebook mode. Thus, the key length is 56 bits and the MAC length is 64 bits.


If an opponent observes {M||C(K, M)}, a brute-force attempt to determine K will
require at least 2
56
encryptions. But the opponent can attack the system by replacing X1
through Xm-1 with any desired values Y1 through Ym-1 and replacing Xm with Ym where
Ym is calculated as follows:
Ym = Y1 Y2 ... Ym1 (M)
The opponent can now concatenate the new message, which consists of Y1
through Ym, with the original MAC to form a message that will be accepted as authentic
by the receiver. With this tactic, any message of length 64 x (m - 1) bits can be
fraudulently inserted.

Thus, in assessing the security of a MAC function, we need to consider the types
of attacks that may be mounted against it. With that in mind, let us state the
requirements for the function.
Assume that an opponent knows the MAC function C but does not know K. Then
the MAC function should satisfy the following requirements:
i) If an opponent observes M and C(K, M), it should be computationally infeasible
for the opponent to construct a message M' such that C(K, M') = C(K, M).
ii) C(K, M) should be uniformly distributed in the sense that for randomly chosen
messages, M and M', the probability that C(K, M) = C(K, M') is 2
n
, where n is the
number of bits in the MAC.
iii) Let M' be equal to some known transformation on M. That is, M' = f(M). For
example, f may involve inverting one or more specific bits. In that case,
Pr[C(K, M) = C(K, M')] = 2
n
.

The first requirement speaks to the earlier example, in which an opponent is
able to construct a new message to match a given MAC, even though the opponent does
not know and does not learn the key.
The second requirement deals with the need to thwart a brute-force attack based
on chosen plaintext.
The final requirement dictates that the authentication algorithm should not be
weaker with respect to certain parts or bits of the message than others.


Message Authentication Code Based on DES
The Data Authentication Algorithm, based on DES, has been one of the most
widely used MAC. The algorithm can be defined as using the cipher block chaining
(CBC) mode of operation of DES with an initialization vector of zero.
The data (e.g., message, record, file, or program) to be authenticated are grouped
into contiguous 64-bit blocks: D1, D2,..., DN. If necessary, the final block is padded on the
right with zeroes to form a full 64-bit block. Using the DES encryption algorithm, E,
and a secret key, K, a data authentication code (DAC) is calculated as follows:
O
1

= E(K, D
1
)
O
2

= E(K, [D
2
O
1
])
O
3

= (K, [D
3
O
2
])

O
N

= E(K, [D
N
O
N1
])
The DAC consists of either the entire block ON or the leftmost M bits of the
block, with 16 M 64.

Data Authentication Algorithm (FIPS PUB 113)



A.4 HASH FUNCTIONS
A hash value h is generated by a function H of the form
h = H(M)
where M is a variable-length message and H(M) is the fixed-length hash value.
The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct. The receiver authenticates that message by
recomputing the hash value. Because the hash function itself is not considered to be
secret, some means is required to protect the hash value.

REQUIREMENTS FOR A HASH FUNCTION
A hash function H must have the following properties:
V H can be applied to a block of data of any size.
V H produces a fixed-length output.
V H(x) is relatively easy to compute for any given x, making both hardware and
software implementations practical.
V For any given value h, it is computationally infeasible to find x such that H(x) = h.
This is sometimes referred to in the literature as the one-way property.
V For any given block x, it is computationally infeasible to find y x such that
H(y) = H(x). This is sometimes referred to as weak collision resistance.
V It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is
sometimes referred to as strong collision resistance.

One-Way Property
It is easy to generate a code given a message but virtually impossible to generate
a message given a code. This property is important if the authentication technique
involves the use of a secret value.
The secret value itself is not sent; however, if the hash function is not one way,
an attacker can easily discover the secret value: If the attacker can observe or intercept
a transmission, the attacker obtains the message M and the hash code C = H(SAB||M).
The attacker then inverts the hash function to obtain SAB||M = H
1
(C). Because the
attacker now has both M and SAB||M, it is a trivial matter to recover SAB.


Weak Collision Resistance
It guarantees that an alternative message hashing to the same value as a given
message cannot be found. This prevents forgery when an encrypted hash code is used.

Strong Collision Resistance
It refers to how resistant the hash function is to a type of attack known as the
birthday attack, which we examine shortly.

SIMPLE HASH FUNCTIONS
One of the simplest hash functions is the bit-by-bit exclusive-OR (XOR) of every
block. This can be expressed as follows:
Ci = bi1 bi1 ... bim
where
Ci = ith bit of the hash code, 1 i n
m = number of n-bit blocks in the input
bij = ith bit in jth block

= XOR operation

This operation produces a simple parity for each bit position and is known as a
longitudinal redundancy check. It is reasonably effective for random data as a data
integrity check. Each n-bit hash value is equally likely. Thus, the probability that a
data error will result in an unchanged hash value is 2
n
. With more predictably
formatted data, the function is less effective.
For example, in most normal text files, the high-order bit of each octet is always
zero. So if a 128-bit hash value is used, instead of an effectiveness of 2
128
, the hash
function on this type of data has an effectiveness of 2
112
.

Related XOR
A simple way to improve matters is to perform a one-bit circular shift, or
rotation, on the hash value after each block is processed.


The procedure can be summarized as follows:
1) Initially set the n-bit hash value to zero.
2) Process each successive n-bit block of data as follows:
a. Rotate the current hash value to the left by one bit.
b. XOR the block into the hash value.
This has the effect of "randomizing" the input more completely and overcoming any
regularities that appear in the input.

Use CBC for Hash Functions
A technique originally proposed by the National Bureau of Standards used the
simple XOR applied to 64-bit blocks of the message and then an encryption of the entire
message that used the cipher block chaining (CBC) mode.
We can define the scheme as follows: Given a message consisting of a sequence of
64-bit blocks X1, X2,..., XN, define the hash code C as the block-by-block XOR of all
blocks and append the hash code as the final block:
C = XN+1 = X1 X2 ... XN
Next, encrypt the entire message plus hash code, using CBC mode to produce the
encrypted message Y1, Y2,..., YN+1.

Birthday Attacks
Suppose that a 64-bit hash code is used. One might think that this is quite
secure. For example, if an encrypted hash code C is transmitted with the corresponding
unencrypted message M, then an opponent would need to find an M' such that H(M') =
H(M) to substitute another message and fool the receiver.
On average, the opponent would have to try about 2
63
messages to find one that
matches the hash code of the intercepted message. However, a different sort of attack is
possible, based on the birthday paradox.

Yuval proposed the following strategy:
1) The source, A, is prepared to "sign" a message by appending the appropriate m-
bit hash code and encrypting that hash code with A's private key.


2) The opponent generates 2
m/2
variations on the message, all of which convey
essentially the same meaning. The opponent prepares an equal number of
messages, all of which are variations on the fraudulent message to be
substituted for the real one.
3) The two sets of messages are compared to find a pair of messages that produces
the same hash code. The probability of success, by the birthday paradox, is
greater than 0.5. If no match is found, additional valid and fraudulent messages
are generated until a match is made.
4) The opponent offers the valid variation to A for signature. This signature can
then be attached to the fraudulent variation for transmission to the intended
recipient. Because the two variations have the same hash code, they will produce
the same signature; the opponent is assured of success even though the
encryption key is not known.

Thus, if a 64-bit hash code is used, the level of effort required is only on the order of 2
32
.

Block Chaining Techniques
A number of proposals have been made for hash functions based on using a
cipher block chaining technique, but without the secret key.
One of the first such proposals was that of Rabin, Divide a message M into fixed-
size blocks M1, M2,..., MN and use a symmetric encryption system such as DES to
compute the hash code G as follows:
Ho = initial value
Hi = E(Mi, Hi, Hi1)
G = HN
This is similar to the CBC technique, but in this case there is no secret key

A.5 SECURITY OF HASH FUNCTIONS AND MACS
Just as with symmetric and public-key encryption, we can group attacks on hash
functions and MACs into two categories: brute-force attacks and cryptanalysis.


Brute-Force Attacks
The nature of brute-force attacks differs somewhat for hash functions and MACs.

Hash Functions
The strength of a hash function against brute-force attacks depends solely on the
length of the hash code produced by the algorithm.
Recall from our discussion of hash functions that there are three desirable
properties:
V One-way:
For any given code h, it is computationally infeasible to find x such that H(x) = h.
V Weak collision resistance:
For any given block x, it is computationally infeasible to find y x with H(y) =
H(x).
V Strong collision resistance:
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y).

For a hash code of length n, the level of effort required, as we have seen is
proportional to the following:
One way 2
n

Weak collision resistance 2
n

Strong collision resistance 2
n/2

Message Authentication Codes
A brute-force attack on a MAC is a more difficult undertaking because it
requires known message-MAC pairs.
To attack a hash code, we can proceed in the following way. Given a fixed
message x with n-bit hash code h = H(x), a brute-force method of finding a collision is to
pick a random bit string y and check if H(y) = H(x).
The attacker can do this repeatedly off line. Whether an off-line attack can be
used on a MAC algorithm depends on the relative size of the key and the MAC.



To proceed, we need to state the desired security property of a MAC algorithm,
which can be expressed as follows:
Computation resistance:
Given one or more text-MAC pairs [xi, C(K, xi)], it is computationally infeasible
to compute any text-MAC pair [x, C(K, x)] for any new input x xi.
In other words, the attacker would like to come up with the valid MAC code for a given
message x. There are two lines of attack possible: Attack the key space and attack the
MAC value. We examine each of these in turn.

Cryptanalysis
As with encryption algorithms, cryptanalytic attacks on hash functions and MAC
algorithms seek to exploit some property of the algorithm to perform some attack other
than an exhaustive search.
The way to measure the resistance of a hash or MAC algorithm to cryptanalysis
is to compare its strength to the effort required for a brute-force attack. That is, an
ideal hash or MAC algorithm will require a cryptanalytic effort greater than or equal to
the brute-force effort.

Hash Functions



The hash function takes an input message and partitions it into L fixed-sized
blocks of b bits each. If necessary, the final block is padded to b bits. The final block also
includes the value of the total length of the input to the hash function.
The inclusion of the length makes the job of the opponent more difficult. Either
the opponent must find two messages of equal length that hash to the same value or
two messages of differing lengths that, together with their length values, hash to the
same value.

The hash algorithm involves repeated use of a compression function, f, that
takes two inputs (an n-bit input from the previous step, called the chaining variable,
and a b-bit block) and produces an n-bit output.

At the start of hashing, the chaining variable has an initial value that is
specified as part of the algorithm. The final value of the chaining variable is the hash
value. Often, b > n; hence the term compression. The hash function can be summarized
as follows:
CVo = IV = initial n-bit value
CVi = f(CVi1, Yi1) 1 i L
H(M) = CVL
where the input to the hash function is a messageM consisting of the blocks Yo,Y1,.., YL1.

Cryptanalysis of hash functions focuses on the internal structure of f and is
based on attempts to find efficient techniques for producing collisions for a single
execution of f. Once that is done, the attack must take into account the fixed value of
IV. The attack on f depends on exploiting its internal structure.

Message Authentication Codes
There is much more variety in the structure of MACs than in hash functions, so
it is difficult to generalize about the cryptanalysis of MACs.



3.2 MD5 MESSAGE DIGEST ALGORITHM
MD5 was developed by Ron Rivest at MIT in 1991. MD5 was the most widely
used secure hash algorithm. MD5 defend itself against collisions.

How MD5 Works? (MD5 Logic)
The algorithm takes as input a message of arbitrary length and produces as
output a 128-bit message digest. The input is processed in 512-bit blocks.

MD5 Algorithm
Above figure depicts the overall processing of a message to produce a digest. The
processing consists of the following steps:
1. Append padding bits:
The message is padded so that its length in bits is congruent to 448 modulo 512
( 512 mod 448 4 length ). That is, the length of the padded message is 64 bits less than an
integer multiple of 512 bits.


Padding is always added, even if the message is already of the desired length.
For example, if the message is 448 bits long, it is padded with 512 bits to a length of
960 bits. Thus, the number of padding bits is in the range of 1 to 512. The padding
consists of a single 1-bit followed by the necessary number of 0-bits.
2. Append length:
A 64-bit representation of the length in bits of the original message (before the
padding) is appended to the result of Step 1 (least significant byte first). If the original
length is greater than 2
64
, then only the lower-order 64 bits of the length are used.
Thus, the field contains the length of the original message, modulo 2
64
.

The outcome of the first two steps yields a message that is an integer multiple
of 512 bits in length. In Figure, the expanded message is represented as the sequence of
512-bit blocks
1 1 0
,.., ,
1 L
Y Y Y , so that the total length of the expanded message is 512 5 L
bits. Equivalently, the result is a multiple of 16 32-bit words. Let M[0..N-1] denote the
words of the resulting message with N an integer multiple of 16. Thus, 16 16 L N .

3. Initialize MD buffer:
A 128-bit buffer is used to hold intermediate and final results of the hash
function. The buffer can be represented as four 32-bit registers (A,B,C,D). These
registers are initialized to the following 32-bit integers (hexadecimal values):
A = 6 7 4 5 2 3 0 1
B = E F C D A B 8 9
C = 9 8 B A D C F E
D = 1 0 3 2 5 4 7 6
These values are stored in little-endian format, which is the least-significant
byte of a word in the low-address byte position. As 32-bit strings, the initialization
values (in hexadecimal format) appear as follows:
Word A : 01 23 45 67
Word B : 89 AB CD EF
Word C : FE DC BA 98
Word D : 76 54 32 10


4. Process message in 512-bit (16-word) blocks:
The heart of the algorithm is a compression function that consists of four
rounds of processing; this module is labeled
5 MD
H . The four rounds have a similar
structure, but each uses a different primitive logical function, referred to as F, G, H,
and I in the specification.

Each round takes as input the current 512-bit block being processed (
q
Y ) and the
128-bit buffer value ABCD and updates the contents of the buffer. Each round also
makes use of one-fourth of a 64-element table T[1..64], constructed from the sine
function. The i-th element of T, denoted T[i], has the value equal to the integer part
of )) (sin( 2
32
i abs ab , where i is in radians.


Because ] 1 , 0 [ )) (sin( 0 [ i abs , each element of T is an integer that can be represented
in 32 bits. The table provides a randomized set of 32-bit patterns, which should
eliminate any regularities in the input data.
The output of the fourth round is added to the input to the first round (
q
CV ) to
produce
11 q
CV . The addition is done independently for each of the four words in the
buffer with each of the corresponding words in
q
CV , using addition modulo 2
32
.

5. Output:
After all L 512-bit blocks have been processed, the output from the L-th stage is
the 128-bit message digest.

We can summarize the behavior of MD5 as follows:
1
32 1
0
))))) , ( , ( , ( , ( , (
1
1
L
q q F q G q H q I q q
CV MD
CV Y RF Y RF Y RF Y RF CV SUM CV
IV CV

Where
IV - initial value of the ABCD buffer, defined in Step 3
q
Y - the q-th 512-bit block of the message
L the number of blocks in the message (including padding and length fields)
q
CV - chaining variable processed with the q-th block of the message
x
RF - round function using primitive logic function x
MD - final message digest value
32
SUM - addition modulo
32
2 performed separately on each word of the pair of inputs

MD5 Compression Function
Each step is of the form
) ]) [ ] [ ) , , ( (( s i T k X d c b g a b a s T X g (( b
Where
a,b,c,d the four words of the buffer, in a specified order that varies across steps


g one of the primitive functions F,G,H,I
<<<s circular left shift (rotation) of the 32-bit argument by s bits
X[k] M[q 16+k] k-th 32-bit word in the q-th 512-bit of the message
T[i] the i-th 32-bit word in matrix T
+ - addition modulo 2
32

One of the four primitive logical functions is used for each of the four rounds of
the algorithm. Each primitive function takes three 32-bit words as input and produces
a 32-bit output.
Each function performs a set of logical operations; that is, the n-th bit of the
output is a function of the three inputs. The functions can be summarized as follows:
Round Primitive
function g
g(b,c,d)
1 F(b,c,d)
) ( ) ( d b c b d ( c
2 G(b,c,d)
) ( ) ( d c d b d ( d
3 H(b,c,d) d c b d c
4 I(b,c,d)
) ( d b c d (b


The following permutations are defined for rounds 2 through 4:
16 mod 7 ) (
16 mod ) 3 5 ( ) (
16 mod ) 5 1 ( ) (
4
3
2
i i
i i
i i
7
3 5 (
5 1 (
4
3
2

Each of the 64 32-bit word elements of T is used exactly once, during one step of one
round.

MD4
precursor to MD5
also produces a 128-bit hash of message
has 3 rounds of 16 steps vs 4 in MD5
design goals:
collision resistant (hard to find collisions)
direct security (no dependence on "hard" problems)
fast, simple, compact
favours little-endian systems (eg PCs)

MD4 is the precursor to MD5, and was widely used. It uses 3 instead of 4 rounds, and
the round functions are a little simpler. In creating MD5 Rivest aimed to strengthen
the algorithms by introducing the extra round, and varying the constants used.

Strength of MD5
MD5 hash is dependent on all message bits
Rivest claims security is good as can be
known attacks are:
Berson 92 attacked any 1 round using differential cryptanalysis (but cant
extend)
Boer & Bosselaers 93 found a pseudo collision (again unable to extend)
Dobbertin 96 created collisions on MD compression function (but initial
constants prevent exploit)
conclusion is that MD5 looks vulnerable soon


3.3 SECURE HASH ALGORITHM (SHA-1)
Secure Hash Algorithm (SHA) was developed by National institute of standards
and technology (NIST) in 1993. SHA is based on MD4 Algorithm and its design closely
models MD4.

How SHA Works?
The algorithm takes an input a message with a maximum length of less than 2
64
bits and produces as output a 160-bit message digest. The input is processed in 512-bit
blocks.

Computationally Infeasible:
SHA is designed to be computationally infeasible to
a) Obtain the original message, given its message digest.
b) Find two messages producing same message digest

Processing Steps:
Step 1: Append padding bits.
The message is padded so that its length is congruent to 448 modulo 512.
Padding is always added, even if the message is already of the desired length. Thus, the
number of padding bits is in the range of 1 to 512.
Step 2: Append length.
The length of original message excluding the padding length is calculated and
appended to the end of padding as a 64-bit block.
Step 3: Initialize hash buffer.
A 160-bit buffer is used to hold intermediate and final results of the hash
function. The buffer can be represented as five 32-bit registers (A,B,C,D,E).
A = 67 45 23 01
B = EF CD AB 89
C = 98 BA DC FE
D = 10 32 54 76
E = C3 D2 E1 F0


These values are stored in Big-Endian Format?
Word A = 67 45 23 01
Word B = EF CD AB 89
Word C = 98 BA DC FE
Word D = 10 32 54 76
Word E = C3 D2 E1 F0
Step 4: Process message in 512-bit blocks.
Copy the Chaining variables A-E into a-e
Divide the current 512 bit block into 16, sub blocks each consisting of 32 bits.
SHA has four rounds, each rounds consisting of 20 steps. Each round takes
current 512-bit block, the register ABCDE and a constant K[t] as three inputs.

There are totally 80 iterations (4 x 20 = 80).



Each round makes use of additive constant Kt, where 0 t 79
Step Number Hexadecimal Take Integral part of
0 t 19 Kt = 5A827999
2
30
x 2
20 t 39 Kt = 6ED9EBA1
2
30
x 3
40 t 59 Kt = 8F1BBCDC
2
30
x 5
60 t 79 Kt = CA62C1D6
2
30
x 10

Step 5: Output
The Output from Lth stage is 160-bit message digest.
Behavior of SHA:
CV0 = IV
CVq+1 = SUM32 (CVq. ABCDEq)
MD = CVL

SHA-1 Compression Function



Each round has 20 steps which replaces the 5 buffer words thus:
(A,B,C,D,E) <-(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)
Where,
A,B,C,D refer to the 4 words of the buffer
t is the step number
f(t,B,C,D) is nonlinear function for round
Wt is derived from the message block
Kt is a constant value derived from sin
Step Function Name Function Value
0 t 19 f1 = f (t,B,C,D)
(B C) ( B D)
20 t 39 f2 = f (t,B,C,D) B C D
40 t 59 f3 = f (t,B,C,D) (B C) (B D) (C D)
60 t 79 f4 = f (t,B,C,D) B C D

It remains to indicate how the 32-bit word values Wt are derived from 512 bit
message. The first 16 values of Wt are taken directly from the 16 words of current
block. The remaining values are defined as:
Wt = S (Wt-16 Wt-14 Wt-8 Wt-3)

Comparison of SHA and MD5
Point of Discussion MD5 SHA
Message digest length in bits 128 160
Speed Faster (64 iterations) Slower (80 iterations)
Attack to try and find two
messages producing the
same message digest
Requires 2
64
operations to
break in
Requires 2
80
operations to
break in

Security of SHA
V So far, there have been no successful attacks reported against SHA
V Since it uses 80 iterations and produces 160 bit message digest it seems to be
more secured.


Comparison of SHA Parameters

SHA-1 SHA-256 SHA-384 SHA-512
Message digest size 160 256 384 512
Message size <2
64
<2
64
<2
128
<2
128

Block size 512 512 1024 1024
Word size 32 32 64 64
Number of steps 80 64 80 80
Security 80 128 192 256
Notes:
1. All sizes are measured in bits.
2. Security refers to the fact that a birthday attack on a message digest of size n
produces a collision with a workfactor of approximately 2
n/2

Message Digest Generation Using SHA-512


3.4 RIPEMD-160
The RIPEMD -160 message digest algorithm was developed under the European
Race Integrity Primitives Evaluation (RIPE) project.

Processing Steps:
Step 1: Append Padding Bits
9 The message is padded so that its length is congruent to 448 modulo 512.
9 Padding is always added even if the message is already of the desired length.
Step 2: Append Length
A block of 64 bits is appended to the message.
Step 3: Initialize MD Buffer
9 A 160 bit buffer is used to hold intermediate and final results of hash functions.
9 A buffer can be represented as five 32-bit registers (A,B,C,D,E)
9 The register values are stored in Little-Endian Format
Step 4: Process message in 512 bit blocks
The algorithm consists of 10 rounds of processing of 16 steps each. The 10 rounds
are arranged as two parallel lines of five rounds.

Step
Number
Left Half Right Half
Hexadecimal Integer part of Hexadecimal Integer part of
0 j 15
K1 = K(j)
00000000
0
K1 = K(j)
50A28BE6
2
30
x
3
2
16 j 31
K2 = K(j)
5A827999
2
30
x 2
K2 = K(j)
5C4DD124
2
30
x
3
3
32 j 47
K3 = K(j)
6ED9EBA1
2
30
x 3
K3 = K(j)
6D703EF3
2
30
x
3
5
48 j 63
K4 = K(j)
8F1BBCDC
2
30
x 5
K4 = K(j)
7A6D76E9
2
30
x
3
7
64 j 79
K5 = K(j)
A953FD4E
2
30
x 7
K5 = K(j)
00000000
0



CVq+1 (0) = CVq(1) + C + D
CVq+1 (1) = CVq(2) + D + E
CVq+1 (2) = CVq(3) + E + A
CVq+1 (3) = CVq(4) + A + B
CVq+1 (4) = CVq(0) + B + C

Step 5: Output
The Output is 160 bit message digest.


Ripemd-160 Compression Function
The functions are summarized as:
Step Function Name Function Value
0 j 15 f1 = f(j, B, C, D) B C D
16 j 31 f2 = f(j, B, C, D)
(B C) ( B D)
32 j 47 f3 = f(j, B, C, D)
(B C ) D
48 j 63 f4 = f(j, B, C, D)
(B D) (C D )
64 j 79 f5 = f(j, B, C, D)
B (C D )

3.5 HMAC
HMAC Design Objectives
RFC 2104 lists the following design objectives for HMAC:
V To use, without modifications, available hash functions. In particular, hash
functions that perform well in software, and for which code is freely and widely
available.


V To allow for easy replaceability of the embedded hash function in case faster or
more secure hash functions are found or required.
V To preserve the original performance of the hash function without incurring a
significant degradation.
V To use and handle keys in a simple way.
V To have a well understood cryptographic analysis of the strength of the
authentication mechanism based on reasonable assumptions about the
embedded hash function.

The first two objectives are important to the acceptability of HMAC. HMAC
treats the hash function as a "black box." This has two benefits. First, an existing
implementation of a hash function can be used as a module in implementing HMAC.
Second, if it is ever desired to replace a given hash function in an HMAC
implementation, all that is required is to remove the existing hash function module and
drop in the new module.
The last design objective in the preceding list is, in fact, the main advantage of
HMAC over other proposed hash-based schemes. HMAC can be proven secure provided
that the embedded hash function has some reasonable cryptographic strengths.

HMAC Algorithm



Figure illustrates the overall operation of HMAC. Define the following terms:
H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)
IV = initial value input to hash function
M = message input to HMAC(including the padding specified in the embedded hash
function)
Yi = ith block of M, 0 i (L - 1)
L = number of blocks in M
b = number of bits in a block
n = length of hash code produced by embedded hash function
K = secret key recommended length is n; if key length is greater than b; the key is
input to the hash function to produce an n-bit key
K
+
= K padded with zeros on the left so that the result is b bits in length
ipad = 00110110 (36 in hexadecimal) repeated b/8 times
opad = 01011100 (5C in hexadecimal) repeated b/8 times

Then HMAC can be expressed as follows:
HMAC(K,M) = H[(K
+
opad)||H[(K
+
ipad)||M]]
In words,
1) Append zeros to the left end of K to create a b-bit string K
+
(e.g., if K is of length
160 bits and b = 512 then K will be appended with 44 zero bytes 0 x 00).
2) XOR (bitwise exclusive-OR) K
+
with ipad to produce the b-bit block Si.
3) Append M to Si.
4) Apply H to the stream generated in step 3.
5) XOR K
+
with opad to produce the b-bit block So
6) Append the hash result from step 4 to So
7) Apply H to the stream generated in step 6 and output the result.



Security of HMAC
; The security of any MAC function based on an embedded hash function depends
in some way on the cryptographic strength of the underlying hash function. The
appeal of HMAC is that its designers have been able to prove an exact
relationship between the strength of the embedded hash function and the
strength of HMAC.
; The security of a MAC function is generally expressed in terms of the probability
of successful forgery with a given amount of time spent by the forger and a given
number of message-MAC pairs created with the same key.

3.6 DIGITAL SIGNATURES AND AUTHENTICATION PROTOCOLS
V A digital signature is an authentication mechanism that enables the creator of a
message to attach a code that acts as a signature. The signature is formed by
taking the hash of the message and encrypting the message with the creator's
private key. The signature guarantees the source and integrity of the message.
V Mutual authentication protocols enable communicating parties to satisfy
themselves mutually about each other's identity and to exchange session keys.
V In one-way authentication, the recipient wants some assurance that a message is
from the alleged sender.
V The digital signature standard (DSS) is an NIST standard that uses the secure
hash algorithm (SHA).

B.1 DIGITAL SIGNATURES
Requirements
Message authentication protects two parties who exchange messages from any
third party. However, it does not protect the two parties against each other. Several
forms of dispute between the two are possible. The digital signature is analogous to the
handwritten signature. It must have the following properties:
V It must verify the author and the date and time of the signature.
V It must to authenticate the contents at the time of the signature.
V It must be verifiable by third parties, to resolve disputes.


Thus, the digital signature function includes the authentication function. On the basis
of these properties, we can formulate the following requirements for a digital signature:
V The signature must be a bit pattern that depends on the message being signed.
V The signature must use some information unique to the sender, to prevent both
forgery and denial.
V It must be relatively easy to produce the digital signature.
V It must be relatively easy to recognize and verify the digital signature.
V It must be computationally infeasible to forge a digital signature, either by
constructing a new message for an existing digital signature or by constructing a
fraudulent digital signature for a given message.

It must be practical to retain a copy of the digital signature in storage. A variety
of approaches has been proposed for the digital signature function. These approaches
fall into two categories: direct and arbitrated.

Direct Digital Signature
The direct digital signature involves only the communicating parties (source,
destination). It is assumed that the destination knows the public key of the source. A
digital signature may be formed by encrypting the entire message with the sender's
private key or by encrypting a hash code of the message with the sender's private key.

Confidentiality can be provided by further encrypting the entire message plus
signature with either the receiver's public key (public-key encryption) or a shared secret
key (symmetric encryption). Note that it is important to perform the signature function
first and then an outer confidentiality function.

In case of dispute, some third party must view the message and its signature. If
the signature is calculated on an encrypted message, then the third party also needs
access to the decryption key to read the original message. However, if the signature is
the inner operation, then the recipient can store the plaintext message and its
signature for later use in dispute resolution.


All direct schemes described so far share a common weakness. The validity of the
scheme depends on the security of the sender's private key. If a sender later wishes to
deny sending a particular message, the sender can claim that the private key was lost
or stolen and that someone else forged his or her signature.

Administrative controls relating to the security of private keys can be employed
to thwart or at least weaken this ploy, but the threat is still there, at least to some
degree. One example is to require every signed message to include a timestamp (date
and time) and to require prompt reporting of compromised keys to a central authority.

Another threat is that some private key might actually be stolen from X at time
T. The opponent can then send a message signed with X's signature and stamped with
a time before or equal to T.

Arbitrated Digital Signature
The problems associated with direct digital signatures can be addressed by using
an arbiter. As with direct signature schemes, there is a variety of arbitrated signature
schemes.

In general terms, they all operate as follows. Every signed message from a
sender X to a receiver Y goes first to an arbiter A, who subjects the message and its
signature to a number of tests to check its origin and content.

The message is then dated and sent to Y with an indication that it has been
verified to the satisfaction of the arbiter. The presence of A solves the problem faced by
direct signature schemes: that X might disown the message.

The arbiter plays a sensitive and crucial role in this sort of scheme, and all
parties must have a great deal of trust that the arbitration mechanism is working
properly.



Arbitrated Digital Signature Techniques
(1) X A: M||E(Kxa, [IDX||H(M)])
(2) A Y: E(Kay, [IDX||M||E(Kxa, [IDX||H(M)])||T])
(a) Conventional Encryption, Arbiter Sees Message
(1) X A: IDX||E(Kxy, M)||E(Kxa, [IDX||H(E(Kxy, M))])
(2) A Y: E(Kay,[IDX||E(Kxy, M)])||E(Kxa, [IDX||H(E(Kxy, M))||T])
(b) Conventional Encryption, Arbiter Does Not See Message
(1) X A: IDX||E(PRx, [IDX||E(PUy, E(PRx, M))])
(2) A Y: E(PRa, [IDX||E(PUy, E(PRx, M))||T])
(c) Public-Key Encryption, Arbiter Does Not See Message
Notation:
X = sender
Y = recipient
A = Arbiter
M = message
T = timestamp

The arbiter uses Kay to recover IDX, M, and the signature, and then uses Kxa to
decrypt the signature and verify the hash code. In this scheme, Y cannot directly check
X's signature; the signature is there solely to settle disputes. Y considers the message
from X authentic because it comes through A. In this scenario, both sides must have a
high degree of trust in A:

X must trust A not to reveal Kxa and not to generate false signatures of the form
E(Kxa,[IDX||H(M)]).Y must trust A to send E(Kay, [IDX||M||E(Kxa, [IDX||H(M)])||T])
only if the hash value is correct and the signature was generated by X.

Both sides must trust A to resolve disputes fairly. If the arbiter does live up to
this trust, then X is assured that no one can forge his signature and Y is assured that X
cannot disavow his signature.



B.2 AUTHENTICATION PROTOCOLS
MUTUAL AUTHENTICATION
An important application area is that of mutual authentication protocols. Such
protocols enable communicating parties to satisfy themselves mutually about each
other's identity and to exchange session keys.
Central to the problem of authenticated key exchange are two issues:
confidentiality and timeliness. To prevent masquerade and to prevent compromise of
session keys, essential identification and session key information must be
communicated in encrypted form. This requires the prior existence of secret or public
keys that can be used for this purpose.
The second issue, timeliness, is important because of the threat of message
replays. Such replays, at worst, could allow an opponent to compromise a session key or
successfully impersonate another party. At minimum, a successful replay can disrupt
operations by presenting parties with messages that appear genuine but are not.

Replay attacks
Simple replay:
The opponent simply copies a message and replays it later.
Repetition that can be logged:
An opponent can replay a time stamped message within the valid time window.
Repetition that cannot be detected:
This situation could arise because the original message could have been
suppressed and thus did not arrive at its destination; only the replay message arrives.
Backward replay without modification:
This is a replay back to the message sender. This attack is possible if symmetric
encryption is used and the sender cannot easily recognize the difference between
messages sent and messages received on the basis of content.

One approach to coping with replay attacks is to attach a sequence number to
each message used in an authentication exchange. A new message is accepted only if its
sequence number is in the proper order.


The difficulty with this approach is that it requires each party to keep track of
the last sequence number for each claimant it has dealt with. Because of this overhead,
sequence numbers are generally not used for authentication and key exchange.

Instead, one of the following two general approaches is used:

Timestamps:
Party A accepts a message as fresh only if the message contains a timestamp
that, in A's judgment, is close enough to A's knowledge of current time. This approach
requires that clocks among the various participants be synchronized.

Challenge/response:
Party A, expecting a fresh message from B, first sends B a nonce (challenge) and
requires that the subsequent message (response) received from B contain the correct
nonce value.

Symmetric Encryption Approaches
A two-level hierarchy of symmetric encryption keys can be used to provide
confidentiality for communication in a distributed environment. In general, this
strategy involves the use of a trusted key distribution center (KDC).

Each party in the network shares a secret key, known as a master key, with the
KDC. The KDC is responsible for generating keys to be used for a short time over a
connection between two parties, known as session keys, and for distributing those keys
using the master keys to protect the distribution.

A proposal initially put forth by Needham and Schroeder for secret key
distribution using a KDC that includes authentication features.



The protocol can be summarized as follows:
1. A KDC: IDA||IDB||N1
2. KDC A: E(Ka, [Ks||IDB||N1||E(Kb, [Ks||IDA])])
3. A B: E(Kb, [Ks||IDA])
4. A A: E(Ks, N2)
5. A B: E(Ks, f(N2))

Secret keys Ka and Kb are shared between A and the KDC and B and the KDC,
respectively. The purpose of the protocol is to distribute securely a session key Ks to A
and B. A securely acquires a new session key in step 2. The message in step 3 can be
decrypted, and hence understood, only by B.
Step 4 reflects B's knowledge of Ks, and step 5 assures B of A's knowledge of Ks
and assures B that this is a fresh message because of the use of the nonce N2. The
purpose of steps 4 and 5 is to prevent a certain type of replay attack. In particular, if an
opponent is able to capture the message in step 3 and replay it, this might in some
fashion disrupt operations at B.

Despite the handshake of steps 4 and 5, the protocol is still vulnerable to a form
of replay attack. Suppose that an opponent, X, has been able to compromise an old
session key. Admittedly, this is a much more unlikely occurrence than that an opponent
has simply observed and recorded step 3.
Nevertheless, it is a potential security risk. X can impersonate A and trick B into
using the old key by simply replaying step 3. Unless B remembers indefinitely all
previous session keys used with A, B will be unable to determine that this is a replay.
If X can intercept the handshake message, step 4, then it can impersonate A's
response, step 5. From this point on, X can send bogus messages to B that appear to B
to come from A using an authenticated session key.



Denning proposes to overcome this weakness by a modification to the
Needham/Schroeder protocol that includes the addition of a timestamp to steps 2 and 3.
Her proposal assumes that the master keys, Ka and Kb are secure, and it consists of the
following steps:

1. A KDC: IDA||IDB
2. KDC A: E(Ka, [Ks||IDB||T||E(Kb, [Ks||IDA||T])])
3. A B: E(Kb, [Ks||IDA||T])
4. B A: E(Ks, N1)
5. A B: E(Ks, f(N1))

The Denning protocol seems to provide an increased degree of security compared
to the Needham/Schroeder protocol. However, a new concern is raised: namely, that
this new scheme requires reliance on clocks that are synchronized throughout the
network.

The risk is based on the fact that the distributed clocks can become
unsynchronized as a result of sabotage on or faults in the clocks or the synchronization
mechanism. The problem occurs when a sender's clock is ahead of the intended
recipient's clock.
In this case, an opponent can intercept a message from the sender and replay it
later when the timestamp in the message becomes current at the recipient's site. This
replay could cause unexpected results. Gong refers to such attacks as suppress-replay
attacks.

An attempt is made to respond to the concerns about suppress-replay attacks
and at the same time fix the problems in the Needham/Schroeder protocol.
Subsequently, an inconsistency in this latter protocol was noted and an improved
strategy was presented.


The protocol is as follows:
1. A B: IDA||Na
2. B KDC: IDB||Nb||E(Kb, [IDA||Na||Tb])
3. KDC A: E(Ka, [IDB||Na||Ks||Tb])||E(Kb,[IDA||Ks||Tb])||Nb
4. A B: E(Kb, [IDA||Ks||Tb])||E(Ks, Nb)

Let us follow this exchange step by step.
1. A initiates the authentication exchange by generating a nonce, Na, and sending that
plus its identifier to B in plaintext. This nonce will be returned to A in an encrypted
message that includes the session key, assuring A of its timeliness.
2. B alerts the KDC that a session key is needed. Its message to the KDC includes its
identifier and a nonce, Nb This nonce will be returned to B in an encrypted message
that includes the session key, assuring B of its timeliness. B's message to the KDC
also includes a block encrypted with the secret key shared by B and the KDC. This
block is used to instruct the KDC to issue credentials to A; the block specifies the
intended recipient of the credentials, a suggested expiration time for the
credentials, and the nonce received from A.
3. The KDC passes on to A B's nonce and a block encrypted with the secret key that B
shares with the KDC. The block serves as a "ticket" that can be used by A for
subsequent authentications, as will be seen. The KDC also sends to A a block
encrypted with the secret key shared by A and the KDC. This block verifies that B
has received A's initial message (IDB) and that this is a timely message and not a
replay (Na) and it provides A with a session key (Ks) and the time limit on its use
(Tb).
4. A transmits the ticket to B, together with the B's nonce, the latter encrypted with
the session key. The ticket provides B with the secret key that is used to decrypt
E(Ks, Nb) to recover the nonce. The fact that B's nonce is encrypted with the session
key authenticates that the message came from A and is not a replay.



This protocol provides an effective, secure means for A and B to establish a
session with a secure session key. Furthermore, the protocol leaves A in possession of a
key that can be used for subsequent authentication to B, avoiding the need to contact
the authentication server repeatedly.
Suppose that A and B establish a session using the aforementioned protocol and
then conclude that session. Subsequently, but within the time limit established by the
protocol, A desires a new session with B. The following protocol ensues:
1. A B: E(Kb, [IDA||Ks||Tb])||N'a
2. B A: N'b||E(Ks, N'a)
3. A B: E(Ks, N'b)
When B receives the message in step 1, it verifies that the ticket has not expired. The
newly generated nonces N'a and N'b assure each party that there is no replay attack.

Public-Key Encryption Approaches
One approach to the use of public-key encryption for the purpose of session key
distribution. This protocol assumes that each of the two parties is in possession of the
current public key of the other. It may not be practical to require this assumption.

A protocol using timestamps:
1. A AS: IDA||IDB
2. AS A: E(PRas, [IDA||PUa||T])||E(PRas, [IDB||PUb||T])
3. A B: E(PRas, [IDA||PUa||T])||E(PRas, [IDB||PUb||T])||E(PUb, E(PRa,
[Ks||T]))

In this case, the central system is referred to as an authentication server (AS),
because it is not actually responsible for secret key distribution. Rather, the AS
provides public-key certificates. The session key is chosen and encrypted by A; hence,
there is no risk of exposure by the AS. The timestamps protect against replays of
compromised keys.


Another approach, proposed by Woo and Lam, makes use of nonces. The protocol
consists of the following steps:
1. A KDC: IDA||IDB
2. KDC A: E(PRauth, [IDB||PUb])
3. A B: E(PUb, [Na||IDA])
4. B KDC: IDA||IDB||E(PUauth, Na)
5. KDC B: E(PRauth, [IDA||PUa])||E(PUb, E(PRauth, [Na||Ks||IDB]))
6. B A: E(PUa, E(PRauth, [(Na||Ks||IDB)||Nb]))
7. A B: E(Ks, Nb)
In step 1, A informs the KDC of its intention to establish a secure connection
with B. The KDC returns to A a copy of B's public-key certificate (step 2). Using B's
public key, A informs B of its desire to communicate and sends a nonce Na (step 3).

In step 4, B asks the KDC for A's public-key certificate and requests a session
key; B includes A's nonce so that the KDC can stamp the session key with that nonce.
The nonce is protected using the KDC's public key.

In step 5, the KDC returns to B a copy of A's public-key certificate, plus the
information {Na, Ks, IDB}. This information basically says that Ks is a secret key
generated by the KDC on behalf of B and tied to Na; the binding of Ks and Na will
assure A that Ks is fresh. This triple is encrypted, using the KDC's private key, to allow
B to verify that the triple is in fact from the KDC. It is also encrypted using B's public
key, so that no other entity may use the triple in an attempt to establish a fraudulent
connection with A.
In step 6, the triple {Na, Ks, IDB}, still encrypted with the KDC's private key, is
relayed to A, together with a nonce Nb generated by B. All the foregoing are encrypted
using A's public key. A retrieves the session key Ks and uses it to encrypt Nb and return
it to B. This last message assures B of A's knowledge of the session key.


This seems to be a secure protocol that takes into account the various attacks.
However, the authors themselves spotted a flaw and submitted a revised version of the
algorithm:
1. A KDC: IDA||IDB
2. KDC A: E(PRauth, [IDB||PUb])
3. A B: E(PUb, [Na||IDA])
4. B KDC: IDA||IDB||E(PUauth, Na)
5. KDC B: E(PRauth, [IDA||PUa])||E(PUb, E(PRauth, [Na||Ks||IDA||IDB])
6. B A: E(PUa, E(PRauth, [(Na||Ks||IDA||IDB)||Nb]))
7. A B: E(Ks, Nb)
The identifier of A, IDA, is added to the set of items encrypted with the KDC's
private key in steps 5 and 6. This binds the session key Ks to the identities of the two
parties that will be engaged in the session. This inclusion of IDA accounts for the fact
that the nonce value Na is considered unique only among all nonces generated by A, not
among all nonces generated by all parties. Thus, it is the pair {IDA, Na} that uniquely
identifies the connection request of A.

ONE-WAY AUTHENTICATION
One application for which encryption is growing in popularity is electronic mail
(e-mail). The very nature of electronic mail, and its chief benefit, is that it is not
necessary for the sender and receiver to be online at the same time. Instead, the e-mail
message is forwarded to the receiver's electronic mailbox, where it is buffered until the
receiver is available to read it.
The "envelope" or header of the e-mail message must be in the clear, so that the
message can be handled by the store-and-forward e-mail protocol, such as the Simple
Mail Transfer Protocol (SMTP) or X.400. However, it is often desirable that the mail-
handling protocol not require access to the plaintext form of the message, because that
would require trusting the mail-handling mechanism.


Accordingly, the e-mail message should be encrypted such that the mail-
handling system is not in possession of the decryption key. A second requirement is
that of authentication. Typically, the recipient wants some assurance that the message
is from the alleged sender.

Symmetric Encryption Approach
Using symmetric encryption, the decentralized key distribution scenario is
impractical. This scheme requires the sender to issue a request to the intended
recipient, await a response that includes a session key, and only then send the message.

With some refinement, the KDC strategy is a candidate for encrypted electronic
mail. Because we wish to avoid requiring that the recipient (B) be on line at the same
time as the sender (A), steps 4 and 5 must be eliminated.

For a message with content M, the sequence is as follows:
1. A KDC: IDA||IDB||N1
2. KDC A: E(Ka, [Ks||IDB||N1||E(Kb, [Ks||IDA])])
3. A B: E(Kb, [Ks||IDA])||E(Ks, M)

This approach guarantees that only the intended recipient of a message will be
able to read it. It also provides a level of authentication that the sender is A. As
specified, the protocol does not protect against replays.
Some measure of defense could be provided by including a timestamp with the
message. However, because of the potential delays in the e-mail process, such
timestamps may have limited usefulness.

Public-Key Encryption Approaches
Public-key encryption approaches those are suited to electronic mail, including
the straightforward encryption of the entire message for confidentiality, authentication,
or both.


If confidentiality is the primary concern, then the following may be more efficient:
A B: E(PUb, Ks)||E(Ks, M)
In this case, the message is encrypted with a one-time secret key. A also encrypts this
one-time key with B's public key. Only B will be able to use the corresponding private
key to recover the one-time key and then use that key to decrypt the message. This
scheme is more efficient than simply encrypting the entire message with B's public key.

If authentication is the primary concern, then a digital signature may suffice:
A B:M||E(PRa, H(M))
This method guarantees that A cannot later deny having sent the message.
However, this technique is open to another kind of fraud. Bob composes a message to
his boss Alice that contains an idea that will save the company money. He appends his
digital signature and sends it into the e-mail system. Eventually, the message will get
delivered to Alice's mailbox.
But suppose that Max has heard of Bob's idea and gains access to the mail queue
before delivery. He finds Bob's message, strips off his signature, appends his, and
requeues the message to be delivered to Alice. Max gets credit for Bob's idea.

To counter such a scheme, both the message and signature can be encrypted with the
recipient's public key:
A B: E(PUb, [M||E(PRa, H(M))])
The latter two schemes require that B know A's public key and be convinced that it is
timely. An effective way to provide this assurance is the digital certificate. Now we have
A B:M||E(PRa, H(M))||E(PRas, [T||IDA||PUa])
In addition to the message, A sends B the signature, encrypted with A's private
key, and A's certificate, encrypted with the private key of the authentication server.
The recipient of the message first uses the certificate to obtain the sender's public key
and verify that it is authentic and then uses the public key to verify the message itself.
If confidentiality is required, then the entire message can be encrypted with B's
public key. Alternatively, the entire message can be encrypted with a one-time secret
key; the secret key is also transmitted, encrypted with B's public key.


B.3 DIGITAL SIGNATURE STANDARD
The National Institute of Standards and Technology (NIST) has published
Federal Information Processing Standard FIPS 186, known as the Digital Signature
Standard (DSS). The DSS makes use of the Secure Hash Algorithm (SHA) and presents
a new digital signature technique, the Digital Signature Algorithm (DSA).

The DSS Approach
The DSS uses an algorithm that is designed to provide only the digital signature
function. Unlike RSA, it cannot be used for encryption or key exchange. Nevertheless, it
is a public-key technique.

Above figure contrasts the DSS approach for generating digital signatures to
that used with RSA. In the RSA approach, the message to be signed is input to a hash
function that produces a secure hash code of fixed length. This hash code is then
encrypted using the sender's private key to form the signature.
Both the message and the signature are then transmitted. The recipient takes
the message and produces a hash code. The recipient also decrypts the signature using
the sender's public key.


If the calculated hash code matches the decrypted signature, the signature is
accepted as valid. Because only the sender knows the private key, only the sender could
have produced a valid signature.

The DSS approach also makes use of a hash function. The hash code is provided
as input to a signature function along with a random number k generated for this
particular signature.

The signature function also depends on the sender's private key (PRa)and a set of
parameters known to a group of communicating principals. We can consider this set to
constitute a global public key (PUG). The result is a signature consisting of two
components, labeled s and r.

At the receiving end, the hash code of the incoming message is generated. This
plus the signature is input to a verification function. The verification function also
depends on the global public key as well as the sender's public key (PUa), which is
paired with the sender's private key.

The output of the verification function is a value that is equal to the signature
component r if the signature is valid. The signature function is such that only the
sender, with knowledge of the private key, could have produced the valid signature.

The Digital Signature Algorithm
The DSA is based on the difficulty of computing discrete logarithms and is based
on schemes originally presented by ElGamal and Schnorr.
Below table summarizes the algorithm. There are three parameters that are
public and can be common to a group of users. A 160-bit prime number q is chosen.
Next, a prime number p is selected with a length between 512 and 1024 bits such that q
divides (p - 1).
Finally, g is chosen to be of the form h
(p - 1)/q
mod p where h is an integer between
1 and (p - 1) with the restriction that g must be greater than 1.


Global Public-Key Components
p
prime number where 2
L - 1
< p < 2
L
for 512 L 1024 and L a multiple of 64; i.e., bit
length of between 512 and 1024 bits in increments of 64 bits
q prime divisor of (p - 1), where 2
159
< q < 2
160
; i.e., bit length of 160 bits
g = h
(p - 1)/q
mod p, where h is any integer with 1 < h < (p - 1) such that h
(p - 1)/q
mod p > 1
User's Private Key
x random or pseudorandom integer with 0 < x < q
User's Public Key
y = g
x
mod p
User's Per-Message Secret Number
k = random or pseudorandom integer with 0 < k < q
Signing
r = (g
k
mod p) mod q
s = [k
-1
(H(M) + xr)] mod q
Signature = (r, s)
Verifying
w = (s')
-1
mod q
u1 = [H(M')w] mod q
u2 =(r')w mod q
v = [(g
u - 1
y
u - 2
) mod p] mod q
TEST: v = r'
M = message to be signed
H(M) = hash of M using SHA-1
M', r', s' = received versions of M, r, s


The structure of the algorithm, is quite interesting. Note that the test at the end
is on the value r, which does not depend on the message at all. Instead, r is a function of
k and the three global public-key components.
The multiplicative inverse of k (mod q) is passed to a function that also has as
inputs the message hash code and the user's private key. The structure of this function
is such that the receiver can recover r using the incoming message and signature, the
public key of the user, and the global public key.

***END***
UNIT 4 : NTWORK SCURITY PRACTIC NTWORK SCURITY
UNIT IV
NTWORK SCURITY PRACTIC
4.1 AUTHNTICATION APPIICATIONS

V Korboros Is nn nufhonfIcnfIon sorvIco dosIgnod for uso In n dIsfrIbufod
onvIronmonf.
V Korboros mnkos uso of n frusfod fhIrd-nrf nufhonfIcnfIon sorvIco fhnf onnbIos
cIIonfs nnd sorvors fo osfnbIIsh nufhonfIcnfod communIcnfIon.
V X.509 dofInos fho formnf for ubIIc-koy corfIfIcnfos. ThIs formnf Is wIdoIy usod In
n vnrIofy of nIIcnfIons.
V A ubIIc koy Infrnsfrucfuro (IKI) Is dofInod ns fho sof of hnrdwnro, soffwnro,
ooIo, oIIcIos, nnd rocoduros noodod fo cronfo, mnnngo, sforo, dIsfrIbufo, nnd
rovoko dIgIfnI corfIfIcnfos bnsod on nsymmofrIc cryfogrnhy.
V TyIcnIIy, IKI ImIomonfnfIons mnko uso of X.509 corfIfIcnfos.

A.1 KRBROS
Korboros Is nn nufhonfIcnfIon sorvIco dovoIood ns nrf of Irojocf Afhonn nf
MIT. Tho problem thut Kerberoo uJJreooeo Is fhIs:
Assumo nn oon dIsfrIbufod onvIronmonf In whIch usors nf worksfnfIons wIsh fo
nccoss sorvIcos on sorvors dIsfrIbufod fhroughouf fho nofwork. Wo wouId IIko for
sorvors fo bo nbIo fo rosfrIcf nccoss fo nufhorIzod usors nnd fo bo nbIo fo nufhonfIcnfo
roquosfs for sorvIco. In fhIs onvIronmonf, n worksfnfIon cnnnof bo frusfod fo IdonfIfy Ifs
usors corrocfIy fo nofwork sorvIcos.
In nrfIcuInr, fho foIIowIng three threuto oxIsf:
A usor mny gnIn nccoss fo n nrfIcuInr worksfnfIon nnd rofond fo bo nnofhor
usor oornfIng from fhnf worksfnfIon.
A usor mny nIfor fho nofwork nddross of n worksfnfIon so fhnf fho roquosfs sonf
from fho nIforod worksfnfIon nonr fo como from fho Imorsonnfod worksfnfIon.
A usor mny onvosdro on oxchnngos nnd uso n roIny nffnck fo gnIn onfrnnco fo n
sorvor or fo dIsruf oornfIons.
Due to theoe threuto, nn unnufhorIzod usor mny bo nbIo fo gnIn nccoss fo

sorvIcos nnd dnfn fhnf ho or sho Is nof nufhorIzod fo nccoss. !nfhor fhnn buIIdIng In
oInbornfo nufhonfIcnfIon rofocoIs nf onch sorvor, Korboros rovIdos n confrnIIzod
nufhonfIcnfIon sorvor whoso funcfIon Is fo nufhonfIcnfo usors fo sorvors nnd sorvors fo
usors. Korboros roIIos oxcIusIvoIy on symmofrIc oncryfIon, mnkIng no uso of ubIIc-koy
oncryfIon.
Tuo teroiono of Korboros nro In common uso. VorsIon 4 ImIomonfnfIons sfIII
oxIsf. VorsIon 5 corrocfs somo of fho socurIfy dofIcIoncIos of vorsIon 4 nnd hns boon
Issuod ns n roosod Infornof Sfnndnrd (!IC l5l0).

MOTIVATION
A sof of usors Is rovIdod wIfh dodIcnfod orsonnI comufors fhnf hnvo no
nofwork connocfIons cnn bo rofocfod by hysIcnIIy socurIng onch orsonnI comufor. In
fho cnso of usors wIfh n confrnIIzod fImo-shnrIng sysfom, fho fImo-shnrIng oornfIng
sysfoms rovIdo socurIfy.
Three upproucheo fo socurIfy In dIsfrIbufod nofworkIng onvIronmonfs
|dodIcnfod cIIonfs & dIsfrIbufod or confrnIIzod sorvors] nro,
l. !oIy on onch IndIvIdunI cIIonf worksfnfIon fo nssuro fho IdonfIfy of Ifs usor or
usors nnd roIy on onch sorvor fo onforco n socurIfy oIIcy bnsod on usor
IdonfIfIcnfIon (I).
2. !oquIro fhnf cIIonf sysfoms nufhonfIcnfo fhomsoIvos fo sorvors, buf frusf fho
cIIonf sysfom concornIng fho IdonfIfy of Ifs usor.
3. !oquIro fho usor fo rovo hIs or hor IdonfIfy for onch sorvIco Invokod. AIso
roquIro fhnf sorvors rovo fhoIr IdonfIfy fo cIIonfs.

RequIvements Iov Kevbevos:
Secuve: Korboros shouId bo sfrong onough fhnf n ofonfInI oononf doos nof
fInd If fo bo fho wonk IInk.
ReIIubIe: Korboros shouId bo hIghIy roIInbIo nnd shouId omIoy n dIsfrIbufod
sorvor nrchIfocfuro, wIfh ono sysfom nbIo fo bnck u nnofhor.
Tvunspuvent: Tho usor shouId nof bo nwnro fhnf nufhonfIcnfIon Is fnkIng Inco,
boyond fho roquIromonf fo onfor n nssword.
ScuIubIe: Tho sysfom shouId bo cnnbIo of suorfIng Inrgo numbors of cIIonfs
nnd sorvors. ThIs suggosfs n moduInr, dIsfrIbufod nrchIfocfuro.

KRBROS VRSION 4
VorsIon 4 of Korboros mnkos uso of IS, In n rnfhor oInbornfo rofocoI, fo
rovIdo fho nufhonfIcnfIon sorvIco.

A SImpIe AutLentIcutIon IuIogue
In nn unrofocfod nofwork onvIronmonf, nny cIIonf cnn nIy fo nny sorvor for
sorvIco. Tho obvIous socurIfy rIsk Is fhnf of ImorsonnfIon. An oononf cnn rofond fo
bo nnofhor cIIonf nnd obfnIn unnufhorIzod rIvIIogos on sorvor mnchInos.
To counfor fhIs fhronf, sorvors musf bo nbIo fo confIrm fho IdonfIfIos of cIIonfs
who roquosf sorvIco. Inch sorvor cnn bo roquIrod fo undorfnko fhIs fnsk for onch
cIIonf/sorvor InforncfIon, buf In nn oon onvIronmonf, fhIs Incos n subsfnnfInI burdon
on onch sorvor.
An nIfornnfIvo Is fo uso nn nufhonfIcnfIon sorvor (AS) fhnf knows fho nsswords
of nII usors nnd sforos fhoso In n confrnIIzod dnfnbnso. In nddIfIon, fho AS shnros n
unIquo socrof koy wIfh onch sorvor. Thoso koys hnvo boon dIsfrIbufod hysIcnIIy or In
somo ofhor socuro mnnnor. ConsIdor fho foIIowIng hyofhofIcnI dInIoguo:
(l) C AS: IC||IC||IV
(2) AS C: TIckof
(3) C V: IC||TIckof
TIckof = I(Kv, |IC||AC||IV])
whoro
C = cIIonf
AS = nufhonfIcnfIon sorvor
V =sorvor
IC = IdonfIfIor of usor on C
IV = IdonfIfIor of V
IC = nssword of usor on C
AC = nofwork nddross of C
Kv = socrof oncryfIon koy shnrod by AS nnd V

Step 1:
Tho usor Iogs on fo n worksfnfIon nnd roquosfs nccoss fo sorvor V. Tho cIIonf
moduIo C In fho usor's worksfnfIon roquosfs fho usor's nssword nnd fhon sonds n
mossngo fo fho AS fhnf IncIudos fho usor's I (Ic), fho sorvor's I (Iv), nnd fho usor's
nssword.

Step 2:
Tho AS chocks Ifs dnfnbnso fo soo If fho usor hns suIIod fho roor nssword
for fhIs usor I nnd whofhor fhIs usor Is ormIffod nccoss fo sorvor V. If bofh fosfs nro
nssod, fho AS nccofs fho usor ns nufhonfIc nnd musf now convInco fho sorvor fhnf
fhIs usor Is nufhonfIc.
To do so, fho AS cronfos n fIckof fhnf confnIns fho usor's I nnd nofwork nddross
nnd fho sorvor's I. ThIs fIckof Is oncryfod usIng fho socrof koy shnrod by fho AS nnd
fhIs sorvor. ThIs fIckof Is fhon sonf bnck fo C. Iocnuso fho fIckof Is oncryfod, If cnnnof
bo nIforod by C or by nn oononf.

Step 3:
WIfh fhIs fIckof, C cnn now nIy fo V for sorvIco. C sonds n mossngo fo V
confnInIng C's I nnd fho fIckof. V docryfs fho fIckof nnd vorIfIos fhnf fho usor I In
fho fIckof Is fho snmo ns fho unoncryfod usor I In fho mossngo. If fhoso fwo mnfch,
fho sorvor consIdors fho usor nufhonfIcnfod nnd grnnfs fho roquosfod sorvIco.

Merito & Demerito:
Inch of fho IngrodIonfs of mossngo (3) Is sIgnIfIcnnf. Tho fIckof Is oncryfod fo
rovonf nIfornfIon or forgory. Tho sorvor's I (IV) Is IncIudod In fho fIckof so fhnf fho
sorvor cnn vorIfy fhnf If hns docryfod fho fIckof roorIy. IC Is IncIudod In fho fIckof
fo IndIcnfo fhnf fhIs fIckof hns boon Issuod on bohnIf of C.


IInnIIy, AC sorvos fo counfor fho foIIowIng fhronf. An oononf couId cnfuro
fho fIckof frnnsmIffod In mossngo (2), fhon uso fho nnmo IC nnd frnnsmIf n mossngo of
form (3) from nnofhor worksfnfIon. Tho sorvor wouId rocoIvo n vnIId fIckof fhnf mnfchos
fho usor I nnd grnnf nccoss fo fho usor on fhnf ofhor worksfnfIon.
To rovonf fhIs nffnck, fho AS IncIudos In fho fIckof fho nofwork nddross from
whIch fho orIgInnI roquosf cnmo. ow fho fIckof Is vnIId onIy If If Is frnnsmIffod from
fho snmo worksfnfIon fhnf InIfInIIy roquosfod fho fIckof.

A Move Secuve AutLentIcutIon IuIogue
To ovorcomo fho robIoms wIfh rovIous mofhod,
TIckofs nro rousnbIo (I.o.) for sIngIo Iogon sossIon, fho worksfnfIon cnn sforo fho
sorvor`s fIckof nffor If Is rocoIvod nnd uso fho snmo fIckof on bohnIf of fho usor
for muIfIIo nccossos fo fho snmo sorvor. Iuf for dIfforonf sorvors or dIfforonf
sorvIcos, dIfforonf fIckofs nro usod.
Ior nvoIdIng InInfoxf nssword frnnsmIssIon, n now sorvor Is Infroducos known
ns TIckof CrnnfIng Sorvor (TCS).

Tho now buf sfIII hyofhofIcnI sconnrIo Is ns foIIows:
Once pev usev Iogon sessIon:
(l) C AS: IC||Ifgs
(2) AS C: I(Kc, TIckoffgs)
Once pev type oI sevvIce:
(3) C TCS: IC||IV||TIckoffgs
(4) TCS C: TIckofv
Once pev sevvIce sessIon:
(5) C V: IC||TIckofv
TIckoffgs = I(Kfgs, |IC||AC||Ifgs||TSl||!IfofImol])
TIckofv = I(Kv, |IC||AC||Iv||TS2||!IfofImo2])

Tho now sorvIco, TCS, Issuos fIckofs fo usors who hnvo boon nufhonfIcnfod fo
AS. Thus, fho usor fIrsf roquosfs n fIckof-grnnfIng fIckof (TIckoffgs) from fho AS. Tho
cIIonf moduIo In fho usor worksfnfIon snvos fhIs fIckof.
Inch fImo fho usor roquIros nccoss fo n now sorvIco, fho cIIonf nIIos fo fho
TCS, usIng fho fIckof fo nufhonfIcnfo IfsoIf. Tho TCS fhon grnnfs n fIckof for fho
nrfIcuInr sorvIco. Tho cIIonf snvos onch sorvIco-grnnfIng fIckof nnd usos If fo
nufhonfIcnfo Ifs usor fo n sorvor onch fImo n nrfIcuInr sorvIco Is roquosfod.

!of us Iook nf fho dofnIIs of fhIs schomo:
l. Tho cIIonf roquosfs n fIckof-grnnfIng fIckof on bohnIf of fho usor by sondIng Ifs
usor's I nnd nssword fo fho AS, fogofhor wIfh fho TCS I, IndIcnfIng n roquosf
fo uso fho TCS sorvIco.
2. Tho AS rosonds wIfh n fIckof fhnf Is oncryfod wIfh n koy fhnf Is dorIvod from
fho usor's nssword. Whon fhIs rosonso nrrIvos nf fho cIIonf, fho cIIonf romfs
fho usor for hIs or hor nssword, gonornfos fho koy, nnd nffomfs fo docryf fho
IncomIng mossngo. If fho corrocf nssword Is suIIod, fho fIckof Is succossfuIIy
rocovorod.
3. Tho cIIonf roquosfs n sorvIco-grnnfIng fIckof on bohnIf of fho usor. Ior fhIs
uroso, fho cIIonf frnnsmIfs n mossngo fo fho TCS confnInIng fho usor's I,
fho I of fho dosIrod sorvIco, nnd fho fIckof-grnnfIng fIckof.
4. Tho TCS docryfs fho IncomIng fIckof nnd vorIfIos fho succoss of fho
docryfIon by fho rosonco of Ifs I. If chocks fo mnko suro fhnf fho IIfofImo
hns nof oxIrod. Thon If comnros fho usor I nnd nofwork nddross wIfh fho
IncomIng InformnfIon fo nufhonfIcnfo fho usor. If fho usor Is ormIffod nccoss
fo fho sorvor V, fho TCS Issuos n fIckof fo grnnf nccoss fo fho roquosfod
sorvIco.
5. Tho cIIonf roquosfs nccoss fo n sorvIco on bohnIf of fho usor. Ior fhIs uroso, fho
cIIonf frnnsmIfs n mossngo fo fho sorvor confnInIng fho usor's I nnd fho sorvIco-
grnnfIng fIckof. Tho sorvor nufhonfIcnfos by usIng fho confonfs of fho fIckof.

Merito
TIckof rousnbIIIfy (onco or usor Iogon sossIon nnd onco or fyo of sorvIco)
IrofocfIon of fho usor nssword
TImosfnms (TSl nnd TS2) IndIcnfo dnfo nnd fImo nf whon fho fIckof wns Issuod.
!IfofImos (l & 2) IndIcnfo fho Iongfh of fho fImo fho fIckof Is vnIId. Thoso fwo
nvoId fho nffnck by nn oononf fo rouso fho TIckoffgs nnd TIckofv.
TIckoffgs nnd TIckofv nro oncryfod. ThIs rovonfs nIfornfIon of fho fIckof nnd
rovIdos nufhonfIcnfIon. (OnIy TCS,V nnd AS nro known fho koys)

Demerito
!IfofImo of TIckofs (TIckoffgs nnd TIckofv)
I) Vevy SLovt: If roquIros fhnf fho usor wIII roonfodIy nskod for n nssword.
II) Vevy Iong: Oononf hns n gronfor oorfunIfy for roIny. An oononf
cnfuros fho fIckofs nnd wnIfs for IogIfImnfo usor fo Iogouf. Affor ho doos fho
oononf orforms unIImIfod nccoss fo rosourcos nnd fIIos from fho sorvor ns
IogIfImnfo usor.

Counter Meuoure
l. A nofwork sorvIco (TCS or V) fo rovo fhnf fho orson usIng n fIckof Is fho snmo
orson fo whom fhnf fho fIckof wns Issuod.
2. Tho roquIromonf for sorvors fo nufhonfIcnfo fhomsoIvos fo usors
Iuf wIfhouf fhIs nufhonfIcnfIon, nn oononf (fnIso sorvor) ncf ns n ronI sorvor nnd
cnfuro nny InformnfIon from usor nnd dony fho sorvIco fo fho nufhorIzod usor.

TLe VevsIon 4 AutLentIcutIon IuIogue
Tho honrf of fho firot problem Is fho IIfofImo nssocInfod wIfh fho fIckof-grnnfIng
fIckof. If fhIs IIfofImo Is vory shorf (o.g., mInufos), fhon fho usor wIII bo roonfodIy
nskod for n nssword. If fho IIfofImo Is Iong (o.g., hours), fhon nn oononf hns n gronfor
oorfunIfy for roIny.
An oononf couId onvosdro on fho nofwork nnd cnfuro n coy of fho fIckof-
grnnfIng fIckof nnd fhon wnIf for fho IogIfImnfo usor fo Iog ouf.
Thon fho oononf couId forgo fho IogIfImnfo usor's nofwork nddross nnd sond
fho mossngo of sfo (3) fo fho TCS. ThIs wouId gIvo fho oononf unIImIfod nccoss fo
fho rosourcos nnd fIIos nvnIInbIo fo fho IogIfImnfo usor.
SImIInrIy, If nn oononf cnfuros n sorvIco-grnnfIng fIckof nnd usos If boforo If
oxIros, fho oononf hns nccoss fo fho corrosondIng sorvIco.
Thus, wo nrrIvo nf nn nddIfIonnI roquIromonf. A nofwork sorvIco (fho TCS or nn
nIIcnfIon sorvIco) musf bo nbIo fo rovo fhnf fho orson usIng n fIckof Is fho snmo
orson fo whom fhnf fIckof wns Issuod.
Tho oeconJ problem Is fhnf fhoro mny bo n roquIromonf for sorvors fo
nufhonfIcnfo fhomsoIvos fo usors. WIfhouf such nufhonfIcnfIon, nn oononf couId
snbofngo fho confIgurnfIon so fhnf mossngos fo n sorvor woro dIrocfod fo nnofhor
IocnfIon. Tho fnIso sorvor wouId fhon bo In n osIfIon fo ncf ns n ronI sorvor nnd cnfuro
nny InformnfIon from fho usor nnd dony fho fruo sorvIco fo fho usor.
(1) C AS ID
c
||ID
tgs
||TS
1
(2) AS C E(K
c
,[K
c,tgs
||ID
tgs
||TS
2
||Lifetime
2
||Ticket
tgs
])
Ticket
tgs
= E(K
tgs
, [K
c,tgs
||ID
c
||AD
c
||ID
tgs
||TS
2
||Lifetime
2
])
(a) Authentication Service Exchange to obtain ticket-granting ticket
(3) C TGS ID
v
||Ticket
tgs
||Authenticator
c
(4) TGS C E(K
c,tgs
, [K
c,v
||ID
v
||TS
4
||Ticket
v
])
Ticket
tgs
= E(K
tgs
, [K
c,tgs
||ID
C
||AD
C
||ID
tgs
||TS
2
||Lifetime
2
])
Ticket
v
= E(K
v
, [K
c,v
||ID
C
||AD
C
||ID
v
||TS
4
||Lifetime
4
])
Authenticator
c
= E(K
c,tgs
, [ID
C
||AD
C
||TS
3
])
(b) Ticket-Granting Service Exchange to obtain service-granting ticket
(5) C V Ticket
v
||Authenticator
c
(6) V C E(K
c,v
, [TS
5
+ 1]) (for mutual authentication)
Ticket
v
= E(K
v
, [K
c,v
||ID
c
||AD
c
||ID
v
||TS
4
||Lifetime
4
])
Authenticator
c
= E(K
c,v
,[ID
c
||AD
C
||TS
5
])
(c) Client/Server Authentication Exchange to obtain service
KRBROS VRSION 4 MSSAG XCHANGS
IIrsf, consIdor fho robIom of cnfurod fIckof-grnnfIng fIckofs nnd fho nood fo
doformIno fhnf fho fIckof rosonfor Is fho snmo ns fho cIIonf for whom fho fIckof wns
Issuod. Tho fhronf Is fhnf nn oononf wIII sfonI fho fIckof nnd uso If boforo If oxIros.
To gof nround fhIs robIom, Iof us hnvo fho AS rovIdo bofh fho cIIonf nnd fho
TCS wIfh n socrof Ioco of InformnfIon In n socuro mnnnor. Thon fho cIIonf cnn rovo Ifs
IdonfIfy fo fho TCS by rovonIIng fho socrof InformnfIon, ngnIn In n socuro mnnnor.
An offIcIonf wny of nccomIIshIng fhIs Is fo uso nn oncryfIon koy ns fho socuro
InformnfIon; fhIs Is roforrod fo ns n sossIon koy In Korboros.

Messuge (1) --- CIIent vequests tIcket-gvuntIng tIcket

IC ToIIs AS IdonfIfy of usor from fhIs cIIonf
Ifgs ToIIs AS fhnf usor roquosfs nccoss fo TCS
TSl AIIows AS fo vorIfy fhnf cIIonf's cIock Is synchronIzod wIfh fhnf of AS
Messuge (2) --- AS vetuvns tIcket-gvuntIng tIcket
Kc
IncryfIon Is bnsod on usor's nssword, onnbIIng AS nnd cIIonf fo
vorIfy nssword, nnd rofocfIng confonfs of mossngo (2)
Kc,fgs
Coy of sossIon koy nccossIbIo fo cIIonf cronfod by AS fo ormIf socuro
oxchnngo bofwoon cIIonf nnd TCS wIfhouf roquIrIng fhom fo shnro n
ormnnonf koy
Ifgs ConfIrms fhnf fhIs fIckof Is for fho TCS
TS2 Informs cIIonf of fImo fhIs fIckof wns Issuod
!IfofImo2 Informs cIIonf of fho IIfofImo of fhIs fIckof
TIckoffgs TIckof fo bo usod by cIIonf fo nccoss TCS
(u) Authenticution Sertice Erchunge
Messuge (3) --- CIIent vequests sevvIce-gvuntIng tIcket
IV ToIIs TCS fhnf usor roquosfs nccoss fo sorvor V
TIckoffgs Assuros TCS fhnf fhIs usor hns boon nufhonfIcnfod by AS
AufhonfIcnforc Conornfod by cIIonf fo vnIIdnfo fIckof
Messuge (4) --- TGS vetuvns sevvIce-gvuntIng tIcket
Kc,fgs Koy shnrod onIy by C nnd TCS rofocfs confonfs of mossngo (4)
Kc,v
Coy of sossIon koy nccossIbIo fo cIIonf cronfod by TCS fo ormIf
socuro oxchnngo bofwoon cIIonf nnd sorvor wIfhouf roquIrIng fhom fo
shnro n ormnnonf koy
Iv ConfIrms fhnf fhIs fIckof Is for sorvor V
TS4 Informs cIIonf of fImo fhIs fIckof wns Issuod
TIckofv TIckof fo bo usod by cIIonf fo nccoss sorvor V
TIckoffgs !ousnbIo so fhnf usor doos nof hnvo fo roonfor nssword
Kfgs
TIckof Is oncryfod wIfh koy known onIy fo AS nnd TCS, fo rovonf
fnmorIng
Kc,fgs
Coy of sossIon koy nccossIbIo fo TCS usod fo docryf nufhonfIcnfor,
fhoroby nufhonfIcnfIng fIckof
IC IndIcnfos fho rIghffuI ownor of fhIs fIckof
AC
Irovonfs uso of fIckof from worksfnfIon ofhor fhnn ono fhnf InIfInIIy
roquosfod fho fIckof
Ifgs Assuros sorvor fhnf If hns docryfod fIckof roorIy
TS2 Informs TCS of fImo fhIs fIckof wns Issuod

!IfofImo2 Irovonfs roIny nffor fIckof hns oxIrod
AufhonfIcnforc
Assuros TCS fhnf fho fIckof rosonfor Is fho snmo ns fho cIIonf for
whom fho fIckof wns Issuod hns vory shorf IIfofImo fo rovonf roIny
Kc,fgs
AufhonfIcnfor Is oncryfod wIfh koy known onIy fo cIIonf nnd TCS, fo
rovonf fnmorIg
Ic Musf mnfch I In fIckof fo nufhonfIcnfo fIckof
Ac Musf mnfch nddross In fIckof fo nufhonfIcnfo fIckof
TS3 Informs TCS of fImo fhIs nufhonfIcnfor wns gonornfod
(b) Ticket-Crunting Sertice Erchunge
Messuge (5) --- CIIent vequests sevvIce
TIckofv Assuros sorvor fhnf fhIs usor hns boon nufhonfIcnfod by AS
AufhonfIcnforc Conornfod by cIIonf fo vnIIdnfo fIckof
Messuge (6) --- OptIonuI uutLentIcutIon oI sevvev to cIIent
Kc,v Assuros C fhnf fhIs mossngo Is from V
TS5 + l Assuros C fhnf fhIs Is nof n roIny of nn oId roIy
TIckofv
!ousnbIo so fhnf cIIonf doos nof nood fo roquosf n now fIckof from TCS
for onch nccoss fo fho snmo sorvor
Kv
TIckof Is oncryfod wIfh koy known onIy fo TCS nnd sorvor, fo rovonf
fnmorIng
Kc,v
Coy of sossIon koy nccossIbIo fo cIIonf; usod fo docryf nufhonfIcnfor,
fhoroby nufhonfIcnfIng fIckof
IC IndIcnfos fho rIghffuI ownor of fhIs fIckof
Ac
Irovonfs uso of fIckof from worksfnfIon ofhor fhnn ono fhnf InIfInIIy
roquosfod fho fIckof
Iv Assuros sorvor fhnf If hns docryfod fIckof roorIy
TS4 Informs sorvor of fImo fhIs fIckof wns Issuod
!IfofImo4 Irovonfs roIny nffor fIckof hns oxIrod
AufhonfIcnforc
Assuros sorvor fhnf fho fIckof rosonfor Is fho snmo ns fho cIIonf for
whom fho fIckof wns Issuod; hns vory shorf IIfofImo fo rovonf roIny
Kc,v
AufhonfIcnfor Is oncryfod wIfh koy known onIy fo cIIonf nnd sorvor, fo
rovonf fnmorIng
IC Musf mnfch I In fIckof fo nufhonfIcnfo fIckof
Ac Musf mnfch nddross In fIckof fo nufhonfIcnfo fIckof
TS5 Informs sorvor of fImo fhIs nufhonfIcnfor wns gonornfod
(c) Client/Serter Authenticution Erchunge

Kevbevos ReuIms und MuItIpIe KevbevI

A fuII-sorvIco Korboros onvIronmonf consIsfIng of n Korboros sorvor, n numbor of
cIIonfs, nnd n numbor of nIIcnfIon sorvors roquIros fho foIIowIng:
l. Tho Korboros sorvor musf hnvo fho usor I nnd hnshod nsswords of nII
nrfIcInfIng usors In Ifs dnfnbnso. AII usors nro rogIsforod wIfh fho Korboros
sorvor.
2. Tho Korboros sorvor musf shnro n socrof koy wIfh onch sorvor. AII sorvors nro
rogIsforod wIfh fho Korboros sorvor.

Such nn onvIronmonf Is roforrod fo ns n Kevbevos veuIm. ofworks of cIIonfs
nnd sorvors undor dIfforonf ndmInIsfrnfIvo orgnnIznfIons fyIcnIIy consfIfufo dIfforonf
ronIms. !sors In ono ronIm mny nood nccoss fo sorvors In ofhor ronIms, nnd somo
sorvors mny bo wIIIIng fo rovIdo sorvIco fo usors from ofhor ronIms, rovIdod fhnf
fhoso usors nro nufhonfIcnfod.

3. Tho Korboros sorvor In onch InforoornfIng ronIm shnros n socrof koy wIfh fho
sorvor In fho ofhor ronIm. Tho fwo Korboros sorvors nro rogIsforod wIfh onch
ofhor.

Tho dofnIIs of fho oxchnngos IIIusfrnfod In boIow IIguro nro ns foIIows:
(l) C AS: Ic||Ifgs||TSl
(2) AS C: I(Kc, |Kc,fgs||Ifgs||TS2||!IfofImo2||TIckoffgs])
(3) C TCS: Ifgsrom||TIckoffgs||AufhonfIcnforc
(4) TCS C: I(Kc,fgs, |Kc,fgsrom||Ifgsrom||TS4||TIckoffgsrom])
(5) C TCSrom: Ivrom||TIckoffgsrom||AufhonfIcnforc
(6) TCSrom C: I(Kc,fgsrom, |Kc,vrom||Ivrom||TS6||TIckofvrom])
(?) C Vrom: TIckofvrom||AufhonfIcnforc


Request Iov SevvIce In unotLev ReuIm

Tho fIckof rosonfod fo fho romofo sorvor (Vrom) IndIcnfos fho ronIm In whIch fho
usor wns orIgInnIIy nufhonfIcnfod. Tho sorvor choosos whofhor fo honor fho romofo
roquosf.
Ono robIom rosonfod by fho forogoIng nronch Is fhnf If doos nof scnIo woII fo
mnny ronIms. If fhoro nro ronIms, fhon fhoro musf bo ( - l)/2 socuro koy
oxchnngos so fhnf onch Korboros ronIm cnn Inforoornfo wIfh nII ofhor Korboros ronIms.

KRBROS VRSION 5
Korboros VorsIon 5 Is socIfIod In !IC l5l0 nnd rovIdos n numbor of
Imrovomonfs ovor vorsIon 4.

TLe VevsIon 5 AutLentIcutIon IuIogue
(l) C AS OfIons||Ic||!onImc||Ifgs||TImos||oncol
(2) AS C !onImc||IC||TIckoffgs||I(Kc, |Kc,fgs||TImos||oncol||!onImfgs||Ifgs])
TIckoffgs = I(Kfgs, |IIngs||Kc,fgs||!onImc||Ic||Ac||TImos])
(u) Authenticution Sertice Erchunge to obtuin ticket-grunting ticket
(3) C TCS OfIons||Iv||TImos||||onco2||TIckoffgs||AufhonfIcnforc
(4) TCS C
!onImc||Ic||TIckofv||I(Kc,fgs, |Kc,v||TImos||onco2||!onImv||Iv])
TIckoffgs = I(Kfgs, |IIngs||KC,fgs||!onImc||IC||AC||TImos])

TIckofv = I(Kv, |IIngs||Kc,v||!onImc||IC||Ac||TImos])
AufhonfIcnforc = I(Kc,fgs, |IC||!onImc||TSl])
(b) Ticket-Crunting Sertice Erchunge to obtuin oertice-grunting ticket
(5) C V OfIons||TIckofv||AufhonfIcnforc
(6) V C IKc,v|TS2||Subkoy||Soq#]

TIckofv = I(Kv, |IIngs||Kc,v||!onImc||IC||AC||TImos])
AufhonfIcnforc = I(Kc,v,|IC||!onImc||TS2||Subkoy||Soq#])
(c) Client/Serter Authenticution Erchunge to obtuin oertice

IIrsf, consIdor fho nufhonfIcnfIon sorvIco oxchnngo. Mossngo (l) Is n cIIonf
roquosf for n fIckof-grnnfIng fIckof. As boforo, If IncIudos fho I of fho usor nnd fho
TCS. Tho foIIowIng now oIomonfs nro nddod:
ReuIm: IndIcnfos ronIm of usor
OptIons: !sod fo roquosf fhnf corfnIn fIngs bo sof In fho rofurnod fIckof
TImes: !sod by fho cIIonf fo roquosf fho foIIowIng fImo soffIngs In fho fIckof:
from: fho dosIrod sfnrf fImo for fho roquosfod fIckof
fIII: fho roquosfod oxIrnfIon fImo for fho roquosfod fIckof
rfImo: roquosfod ronow-fIII fImo
Nonce: A rnndom vnIuo fo bo roonfod In mossngo (2) fo nssuro fhnf fho rosonso Is
frosh nnd hns nof boon roInyod by nn oononf

Mossngo (2) rofurns n fIckof-grnnfIng fIckof, IdonfIfyIng InformnfIon for fho
cIIonf, nnd n bIock oncryfod usIng fho oncryfIon koy bnsod on fho usor's nssword.
ThIs bIock IncIudos fho sossIon koy fo bo usod bofwoon fho cIIonf nnd fho TCS, fImos
socIfIod In mossngo (l), fho nonco from mossngo (l), nnd TCS IdonfIfyIng InformnfIon.
Tho fIckof IfsoIf IncIudos fho sossIon koy, IdonfIfyIng InformnfIon for fho cIIonf,
fho roquosfod fImo vnIuos, nnd fIngs fhnf rofIocf fho sfnfus of fhIs fIckof nnd fho
roquosfod ofIons. Thoso fIngs Infroduco sIgnIfIcnnf now funcfIonnIIfy fo vorsIon 5.
!of us now comnro fho fIckof-grnnfIng sorvIco oxchnngo for vorsIons 4 nnd 5.
Wo soo fhnf mossngo (3) for bofh vorsIons IncIudos nn nufhonfIcnfor, n fIckof, nnd fho
nnmo of fho roquosfod sorvIco.
In nddIfIon, vorsIon 5 IncIudos roquosfod fImos nnd ofIons for fho fIckof nnd n
nonco, nII wIfh funcfIons sImIInr fo fhoso of mossngo (l). Tho nufhonfIcnfor IfsoIf Is
ossonfInIIy fho snmo ns fho ono usod In vorsIon 4. Mossngo (4) hns fho snmo sfrucfuro
ns mossngo (2), rofurnIng n fIckof Ius InformnfIon noodod by fho cIIonf, fho Inffor
oncryfod wIfh fho sossIon koy now shnrod by fho cIIonf nnd fho TCS.
IInnIIy, for fho cIIonf/sorvor nufhonfIcnfIon oxchnngo, sovornI now fonfuros
nonr In vorsIon 5. In mossngo (5), fho cIIonf mny roquosf ns nn ofIon fhnf mufunI
nufhonfIcnfIon Is roquIrod.
Tho nufhonfIcnfor IncIudos sovornI now fIoIds ns foIIows:
Subkey: Tho cIIonf's choIco for nn oncryfIon koy fo bo usod fo rofocf fhIs socIfIc
nIIcnfIon sossIon. If fhIs fIoId Is omIffod, fho sossIon koy from fho fIckof (Kc,v) Is usod.
Sequence numbev: An ofIonnI fIoId fhnf socIfIos fho sfnrfIng soquonco numbor fo bo
usod by fho sorvor for mossngos sonf fo fho cIIonf durIng fhIs sossIon. Mossngos mny bo
soquonco numborod fo dofocf roInys.
If mufunI nufhonfIcnfIon Is roquIrod, fho sorvor rosonds wIfh mossngo (6). ThIs
mossngo IncIudos fho fImosfnm from fho nufhonfIcnfor. ofo fhnf In vorsIon 4, fho
fImosfnm wns Incromonfod by ono.
ThIs Is nof nocossnry In vorsIon 5 bocnuso fho nnfuro of fho formnf of mossngos Is
such fhnf If Is nof ossIbIo for nn oononf fo cronfo mossngo (6) wIfhouf knowIodgo of
fho nrorInfo oncryfIon koys.
Tho subkoy fIoId, If rosonf, ovorrIdos fho subkoy fIoId, If rosonf, In mossngo (5).
Tho ofIonnI soquonco numbor fIoId socIfIos fho sfnrfIng soquonco numbor fo bo usod
by fho cIIonf.
Kevbevos VevsIon 5 IIugs
IITIA! ThIs fIckof wns Issuod usIng fho AS rofocoI nnd nof Issuod bnsod
on n fIckof-grnnfIng fIckof.
I!I-A!THIT urIng InIfInI nufhonfIcnfIon, fho cIIonf wns nufhonfIcnfod by fho
KC boforo n fIckof wns Issuod.
HW-A!THIT Tho rofocoI omIoyod for InIfInI nufhonfIcnfIon roquIrod fho uso of
hnrdwnro oxocfod fo bo ossossod soIoIy by fho nnmod cIIonf.
!IIWAI!I ToIIs TCS fhnf fhIs fIckof cnn bo usod fo obfnIn n roIncomonf
fIckof fhnf oxIros nf n Infor dnfo.
MAY-
IOSTATI
ToIIs TCS fhnf n osfdnfod fIckof mny bo Issuod bnsod on fhIs
fIckof-grnnfIng fIckof.
IOSTATI IndIcnfos fhnf fhIs fIckof hns boon osfdnfod; fho ond sorvor cnn
chock fho nufhfImo fIoId fo soo whon fho orIgInnI nufhonfIcnfIon
occurrod.
IVA!I ThIs fIckof Is InvnIId nnd musf bo vnIIdnfod by fho KC boforo uso.
I!OXIAI!I ToIIs TCS fhnf n now sorvIco-grnnfIng fIckof wIfh n dIfforonf
nofwork nddross mny bo Issuod bnsod on fho rosonfod fIckof.
I!OXY IndIcnfos fhnf fhIs fIckof Is n roxy.
IO!WA!AI!I ToIIs TCS fhnf n now fIckof-grnnfIng fIckof wIfh n dIfforonf
nofwork nddross mny bo Issuod bnsod on fhIs fIckof-grnnfIng fIckof.
IO!WA!I IndIcnfos fhnf fhIs fIckof hns oIfhor boon forwnrdod or wns Issuod
bnsod on nufhonfIcnfIon InvoIvIng n forwnrdod fIckof-grnnfIng
fIckof.

IIIRNCS BTWN VRSIONS 4 AN 5

Entironmentul Shortcomingo:
l) ncvyptIon system dependence:
Veroion 4 roquIros fho uso of IS. Ixorf rosfrIcfIon on IS ns woII ns doubfs
nbouf fho sfrongfh of IS woro fhus of concorn.
In teroion 5, cIhorfoxf Is fnggod wIfh nn oncryfIon fyo IdonfIfIor so fhnf nny
oncryfIon fochnIquo mny bo usod. IncryfIon koys nro fnggod wIfh n fyo nnd n
Iongfh, nIIowIng fho snmo koy fo bo usod In dIfforonf nIgorIfhms nnd nIIowIng fho
socIfIcnfIon of dIfforonf vnrInfIons on n gIvon nIgorIfhm.
2) Intevnet pvotocoI dependence:
Veroion 4 roquIros fho uso of Infornof IrofocoI (II) nddrossos. Ofhor nddross
fyos, such ns fho ISO nofwork nddross, nro nof nccommodnfod.
Veroion 5 nofwork nddrossos nro fnggod wIfh fyo nnd Iongfh, nIIowIng nny
nofwork nddross fyo fo bo usod.
3) Messuge byte ovdevIng:
In teroion 4, fho sondor of n mossngo omIoys n byfo ordorIng of Ifs own
choosIng nnd fngs fho mossngo fo IndIcnfo Ionsf sIgnIfIcnnf byfo In Iowosf nddross
or mosf sIgnIfIcnnf byfo In Iowosf nddross. ThIs fochnIquos works buf doos nof
foIIow osfnbIIshod convonfIons.
In teroion 5, nII mossngo sfrucfuros nro dofInod usIng Absfrncf Synfnx ofnfIon
Ono (AS.l) nnd InsIc IncodIng !uIos (II!), whIch rovIdo nn unnmbIguous
byfo ordorIng.
4) TIcket IIIetIme:
!IfofImo vnIuos In teroion 4 nro oncodod In nn 8-bIf qunnfIfy In unIfs of fIvo
mInufos. Thus, fho mnxImum IIfofImo fhnf cnn bo oxrossod Is 2
8
x 5 = l280
mInufos, or n IIffIo ovor 2l hours. ThIs mny bo Inndoqunfo for somo nIIcnfIons
(o.g., n Iong-runnIng sImuInfIon fhnf roquIros vnIId Korboros crodonfInIs
fhroughouf oxocufIon).
In teroion 5, fIckofs IncIudo nn oxIIcIf sfnrf fImo nnd ond fImo, nIIowIng fIckofs
wIfh nrbIfrnry IIfofImos.
5) AutLentIcutIon IovwuvdIng:
Veroion 4 doos nof nIIow crodonfInIs Issuod fo ono cIIonf fo bo forwnrdod fo somo
ofhor hosf nnd usod by somo ofhor cIIonf. ThIs cnnbIIIfy wouId onnbIo n cIIonf fo
nccoss n sorvor nnd hnvo fhnf sorvor nccoss nnofhor sorvor on bohnIf of fho cIIonf.
Ior oxnmIo, n cIIonf Issuos n roquosf fo n rInf sorvor fhnf fhon nccossos fho
cIIonf's fIIo from n fIIo sorvor, usIng fho cIIonf's crodonfInIs for nccoss.
Veroion 5 rovIdos fhIs cnnbIIIfy.
6) IntevveuIm uutLentIcutIon:
In teroion 4, InforoornbIIIfy nmong ronIms roquIros on fho ordor of
2

Korboros-fo-Korboros roInfIonshIs, ns doscrIbod onrIIor.
Veroion 5 suorfs n mofhod fhnf roquIros fowor roInfIonshIs, ns doscrIbod
shorfIy.
Technicul Jeficiencieo:
1) oubIe encvyptIon:
TIckofs rovIdod fo cIIonfs nro oncryfod fwIco, onco wIfh fho socrof koy of
fho fnrgof sorvor nnd fhon ngnIn wIfh n socrof koy known fo fho cIIonf. Tho
socond oncryfIon Is nof nocossnry nnd Is comufnfIonnIIy wnsfofuI.
2) PCBC encvyptIon:
IncryfIon In teroion 4 mnkos uso of n nonsfnndnrd modo of IS known
ns rongnfIng cIhor bIock chnInIng (ICIC). If hns boon domonsfrnfod fhnf fhIs
modo Is vuInornbIo fo nn nffnck InvoIvIng fho Inforchnngo of cIhorfoxf bIocks.
ICIC wns Infondod fo rovIdo nn InfogrIfy chock ns nrf of fho oncryfIon
oornfIon.
Veroion 5 rovIdos oxIIcIf InfogrIfy mochnnIsms, nIIowIng fho sfnndnrd
CIC modo fo bo usod for oncryfIon. In nrfIcuInr, n chocksum or hnsh codo Is
nffnchod fo fho mossngo rIor fo oncryfIon usIng CIC.
3) SessIon keys:
Inch fIckof IncIudos n sossIon koy fhnf Is usod by fho cIIonf fo oncryf fho
nufhonfIcnfor sonf fo fho sorvIco nssocInfod wIfh fhnf fIckof. In nddIfIon, fho
sossIon koy mny subsoquonfIy bo usod by fho cIIonf nnd fho sorvor fo rofocf
mossngos nssod durIng fhnf sossIon. Howovor, bocnuso fho snmo fIckof mny bo
usod roonfodIy fo gnIn sorvIco from n nrfIcuInr sorvor, fhoro Is fho rIsk fhnf nn
oononf wIII roIny mossngos from nn oId sossIon fo fho cIIonf or fho sorvor.
In teroion 5, If Is ossIbIo for n cIIonf nnd sorvor fo nogofInfo n subsossIon
koy, whIch Is fo bo usod onIy for fhnf ono connocfIon. A now nccoss by fho cIIonf
wouId rosuIf In fho uso of n now subsossIon koy.
4) Pusswovd uttucks:
Iofh vorsIons nro vuInornbIo fo n nssword nffnck. Tho mossngo from fho
AS fo fho cIIonf IncIudos mnforInI oncryfod wIfh n koy bnsod on fho cIIonf's
nssword. An oononf cnn cnfuro fhIs mossngo nnd nffomf fo docryf If by
fryIng vnrIous nsswords.
If fho rosuIf of n fosf docryfIon Is of fho roor form, fhon fho oononf
hns dIscovorod fho cIIonf's nssword nnd mny subsoquonfIy uso If fo gnIn
nufhonfIcnfIon crodonfInIs from Korboros. ThIs Is fho snmo fyo of nssword
nffnck, wIfh fho snmo kInds of counformonsuros boIng nIIcnbIo.
Veroion 5 doos rovIdo n mochnnIsm known ns ronufhonfIcnfIon, whIch
shouId mnko nssword nffncks moro dIffIcuIf, buf If doos nof rovonf fhom.

A.2 X.509 AUTHNTICATION SRVIC
IT!-T rocommondnfIon X.509 Is nrf of fho X.500 sorIos of rocommondnfIons
fhnf dofIno n dIrocfory sorvIco. Tho dIrocfory Is, In offocf, n sorvor or dIsfrIbufod sof of
sorvors fhnf mnInfnIns n dnfnbnso of InformnfIon nbouf usors. Tho InformnfIon IncIudos
n mnIng from usor nnmo fo nofwork nddross, ns woII ns ofhor nffrIbufos nnd
InformnfIon nbouf fho usors.
X.509 dofInos n frnmowork for fho rovIsIon of nufhonfIcnfIon sorvIcos by fho
X.500 dIrocfory fo Ifs usors. Tho dIrocfory mny sorvo ns n roosIfory of ubIIc-koy
corfIfIcnfos.
Inch corfIfIcnfo confnIns fho ubIIc koy of n usor nnd Is sIgnod wIfh fho rIvnfo
koy of n frusfod corfIfIcnfIon nufhorIfy. X.509 dofInos nIfornnfIvo nufhonfIcnfIon
rofocoIs bnsod on fho uso of ubIIc-koy corfIfIcnfos. X.509 Is bnsod on fho uso of ubIIc-
koy cryfogrnhy nnd dIgIfnI sIgnnfuros.
Tho sfnndnrd doos nof dIcfnfo fho uso of n socIfIc nIgorIfhm buf rocommonds
!SA. Tho dIgIfnI sIgnnfuro schomo Is nssumod fo roquIro fho uso of n hnsh funcfIon.
AgnIn, fho sfnndnrd doos nof dIcfnfo n socIfIc hnsh nIgorIfhm.

PubIIc-Key CevtIIIcute Use

CRTIIICATS
Tho honrf of fho X.509 schomo Is fho ubIIc-koy corfIfIcnfo nssocInfod wIfh onch
usor. Thoso usor corfIfIcnfos nro nssumod fo bo cronfod by somo frusfod corfIfIcnfIon
nufhorIfy (CA) nnd Incod In fho dIrocfory by fho CA or by fho usor.
Tho dIrocfory sorvor IfsoIf Is nof rosonsIbIo for fho cronfIon of ubIIc koys or for
fho corfIfIcnfIon funcfIon; If moroIy rovIdos nn onsIIy nccossIbIo IocnfIon for usors fo
obfnIn corfIfIcnfos.
Tho gonornI formnf of n corfIfIcnfo, whIch IncIudos fho foIIowIng oIomonfs:

V Vereion.
IfforonfInfos nmong succossIvo vorsIons of fho corfIfIcnfo formnf; fho
dofnuIf Is vorsIon l. If fho Issuor !nIquo IdonfIfIor or Subjocf !nIquo IdonfIfIor
nro rosonf, fho vnIuo musf bo vorsIon 2. If ono or moro oxfonsIons nro rosonf,
fho vorsIon musf bo vorsIon 3.
V Seriol nunIer.
An Infogor vnIuo, unIquo wIfhIn fho IssuIng CA, fhnf Is unnmbIguousIy
nssocInfod wIfh fhIs corfIfIcnfo.
V SignoIure olgoriIIn iJenIifier.
Tho nIgorIfhm usod fo sIgn fho corfIfIcnfo, fogofhor wIfh nny nssocInfod
nrnmofors. Iocnuso fhIs InformnfIon Is roonfod In fho SIgnnfuro fIoId nf fho
ond of fho corfIfIcnfo, fhIs fIoId hns IIffIo, If nny, ufIIIfy.

V 1eeuer none.
X.500 nnmo of fho CA fhnf cronfod nnd sIgnod fhIs corfIfIcnfo.
V PerioJ of toliJiI,.
ConsIsfs of fwo dnfos: fho fIrsf nnd Insf on whIch fho corfIfIcnfo Is vnIId.
V SuIjecI none.
Tho nnmo of fho usor fo whom fhIs corfIfIcnfo rofors. Thnf Is, fhIs
corfIfIcnfo corfIfIos fho ubIIc koy of fho subjocf who hoIds fho corrosondIng
rIvnfo koy.
V SuIjecI'e puIlic-le, infornoIion.
Tho ubIIc koy of fho subjocf, Ius nn IdonfIfIor of fho nIgorIfhm for whIch
fhIs koy Is fo bo usod, fogofhor wIfh nny nssocInfod nrnmofors.
V 1eeuer unique iJenIifier.
An ofIonnI bIf sfrIng fIoId usod fo IdonfIfy unIquoIy fho IssuIng CA In fho
ovonf fho X.500 nnmo hns boon rousod for dIfforonf onfIfIos.
V SuIjecI unique iJenIifier.
An ofIonnI bIf sfrIng fIoId usod fo IdonfIfy unIquoIy fho subjocf In fho
ovonf fho X.500 nnmo hns boon rousod for dIfforonf onfIfIos.
V 1xIeneione.
A sof of ono or moro oxfonsIon fIoIds. IxfonsIons woro nddod In vorsIon 3
nnd nro dIscussod Infor In fhIs socfIon.
V SignoIure.
Covors nII of fho ofhor fIoIds of fho corfIfIcnfo; If confnIns fho hnsh codo of
fho ofhor fIoIds, oncryfod wIfh fho CA's rIvnfo koy. ThIs fIoId IncIudos fho
sIgnnfuro nIgorIfhm IdonfIfIor.

ote: Tho unIquo IdonfIfIor fIoIds woro nddod In vorsIon 2 fo hnndIo fho ossIbIo rouso
of subjocf nnd/or Issuor nnmos ovor fImo. Thoso fIoIds nro rnroIy usod.
Tho sfnndnrd usos fho foIIowIng nofnfIon fo dofIno n corfIfIcnfo:

CA<<A>> = CA {V, S, AI, CA, TA, A, A}
Whoro
Y <<X>> = fho corfIfIcnfo of usor X Issuod by corfIfIcnfIon nufhorIfy Y
Y {I} = fho sIgnIng of I by Y. If consIsfs of I wIfh nn oncryfod
hnsh codo nondod
Tho CA sIgns fho corfIfIcnfo wIfh Ifs rIvnfo koy. If fho corrosondIng ubIIc koy
Is known fo n usor, fhon fhnf usor cnn vorIfy fhnf n corfIfIcnfo sIgnod by fho CA Is vnIId.

ObtuInIng u Usev's CevtIIIcute
!sor corfIfIcnfos gonornfod by n CA hnvo fho foIIowIng chnrncforIsfIcs:
V Any usor wIfh nccoss fo fho ubIIc koy of fho CA cnn vorIfy fho usor ubIIc koy
fhnf wns corfIfIod.
V o nrfy ofhor fhnn fho corfIfIcnfIon nufhorIfy cnn modIfy fho corfIfIcnfo wIfhouf
fhIs boIng dofocfod.
Iocnuso corfIfIcnfos nro unforgonbIo, fhoy cnn bo Incod In n dIrocfory wIfhouf fho nood
for fho dIrocfory fo mnko socInI offorfs fo rofocf fhom.

If nII usors subscrIbo fo fho snmo CA, fhon fhoro Is n common frusf of fhnf CA.
AII usor corfIfIcnfos cnn bo Incod In fho dIrocfory for nccoss by nII usors. In nddIfIon, n
usor cnn frnnsmIf hIs or hor corfIfIcnfo dIrocfIy fo ofhor usors.
In oIfhor cnso, onco I Is In ossossIon of A's corfIfIcnfo, I hns confIdonco fhnf
mossngos If oncryfs wIfh A's ubIIc koy wIII bo socuro from onvosdroIng nnd fhnf
mossngos sIgnod wIfh A's rIvnfo koy nro unforgonbIo.
WIfh mnny usors, If mny bo moro rncfIcnI for fhoro fo bo n numbor of CAs, onch
of whIch socuroIy rovIdos Ifs ubIIc koy fo somo frncfIon of fho usors.
ow suoso fhnf A hns obfnInod n corfIfIcnfo from corfIfIcnfIon nufhorIfy Xl nnd
I hns obfnInod n corfIfIcnfo from CA X2. If A doos nof socuroIy know fho ubIIc koy of
X2, fhon I's corfIfIcnfo, Issuod by X2, Is usoIoss fo A. A cnn rond I's corfIfIcnfo, buf A
cnnnof vorIfy fho sIgnnfuro.
Howovor, If fho fwo CAs hnvo socuroIy oxchnngod fhoIr own ubIIc koys, fho
foIIowIng rocoduro wIII onnbIo A fo obfnIn I's ubIIc koy:
A obfnIns, from fho dIrocfory, fho corfIfIcnfo of X2 sIgnod by Xl. Iocnuso A
socuroIy knows Xl's ubIIc koy, A cnn obfnIn X2's ubIIc koy from Ifs corfIfIcnfo nnd
vorIfy If by monns of Xl's sIgnnfuro on fho corfIfIcnfo.
A fhon goos bnck fo fho dIrocfory nnd obfnIns fho corfIfIcnfo of I sIgnod by X2
Iocnuso A now hns n frusfod coy of X2's ubIIc koy, A cnn vorIfy fho sIgnnfuro nnd
socuroIy obfnIn I's ubIIc koy.

A hns usod n chnIn of corfIfIcnfos fo obfnIn I's ubIIc koy. In fho nofnfIon of X.509, fhIs
chnIn Is oxrossod ns
Xl<<X2>> X2 <<I>>
In fho snmo fnshIon, I cnn obfnIn A's ubIIc koy wIfh fho rovorso chnIn:
X2<<Xl>> Xl <<A>>
ThIs schomo nood nof bo IImIfod fo n chnIn of fwo corfIfIcnfos. An nrbIfrnrIIy Iong
nfh of CAs cnn bo foIIowod fo roduco n chnIn. A chnIn wIfh oIomonfs wouId bo
oxrossod ns
Xl<<X2>> X2 <<X3>>... X<<I>>
In fhIs cnso, onch nIr of CAs In fho chnIn (XI, XI+l) musf hnvo cronfod corfIfIcnfos for
onch ofhor.

AII fhoso corfIfIcnfos of CAs by CAs nood fo nonr In fho dIrocfory, nnd fho usor
noods fo know how fhoy nro IInkod fo foIIow n nfh fo nnofhor usor's ubIIc-koy
corfIfIcnfo. X.509 suggosfs fhnf CAs bo nrrnngod In n hIornrchy so fhnf nnvIgnfIon Is
sfrnIghfforwnrd.
Tho connocfod cIrcIos IndIcnfo fho hIornrchIcnI roInfIonshI nmong fho CAs; fho
nssocInfod boxos IndIcnfo corfIfIcnfos mnInfnInod In fho dIrocfory for onch CA onfry.

Tho dIrocfory onfry for onch CA IncIudos fwo fyos of corfIfIcnfos:
Iovwuvd cevtIIIcutes: CorfIfIcnfos of X gonornfod by ofhor CAs
Revevse cevtIIIcutes: CorfIfIcnfos gonornfod by X fhnf nro fho corfIfIcnfos of ofhor CAs

X.509 HIevuvcLy: A HypotLetIcuI umpIe

In fhIs oxnmIo, usor A cnn ncquIro fho foIIowIng corfIfIcnfos from fho dIrocfory
fo osfnbIIsh n corfIfIcnfIon nfh fo I:
X<<W>> W <<V>> V <<Y>> <<Z>> Z <<I>>
Whon A hns obfnInod fhoso corfIfIcnfos, If cnn unwrn fho corfIfIcnfIon nfh In
soquonco fo rocovor n frusfod coy of I's ubIIc koy.
!sIng fhIs ubIIc koy, A cnn sond oncryfod mossngos fo I. If A wIshos fo rocoIvo
oncryfod mossngos bnck from I, or fo sIgn mossngos sonf fo I, fhon I wIII roquIro A's
ubIIc koy, whIch cnn bo obfnInod from fho foIIowIng corfIfIcnfIon nfh:
Z<<Y>> Y <<V>> V <<W>> W <<X>>X <<A>>
I cnn obfnIn fhIs sof of corfIfIcnfos from fho dIrocfory, or A cnn rovIdo fhom ns nrf of
Ifs InIfInI mossngo fo I.
RevocutIon oI CevtIIIcutes
Inch corfIfIcnfo IncIudos n orIod of vnIIdIfy, much IIko n crodIf cnrd. TyIcnIIy, n
now corfIfIcnfo Is Issuod jusf boforo fho oxIrnfIon of fho oId ono.

In nddIfIon, If mny bo dosIrnbIo on occnsIon fo rovoko n corfIfIcnfo boforo If
oxIros, for ono of fho foIIowIng ronsons:
l. Tho usor's rIvnfo koy Is nssumod fo bo comromIsod.
2. Tho usor Is no Iongor corfIfIod by fhIs CA.
3. Tho CA's corfIfIcnfo Is nssumod fo bo comromIsod.

Inch CA musf mnInfnIn n IIsf consIsfIng of nII rovokod buf nof oxIrod corfIfIcnfos
Issuod by fhnf CA, IncIudIng bofh fhoso Issuod fo usors nnd fo ofhor CAs. Thoso IIsfs
shouId nIso bo osfod on fho dIrocfory.

Inch corfIfIcnfo rovocnfIon IIsf (C!!) osfod fo fho dIrocfory Is sIgnod by fho Issuor
nnd IncIudos fho Issuor's nnmo, fho dnfo fho IIsf wns cronfod, fho dnfo fho noxf C!! Is
schoduIod fo bo Issuod, nnd nn onfry for onch rovokod corfIfIcnfo.

Inch onfry consIsfs of fho sorInI numbor of n corfIfIcnfo nnd rovocnfIon dnfo for fhnf
corfIfIcnfo. Iocnuso sorInI numbors nro unIquo wIfhIn n CA, fho sorInI numbor Is
suffIcIonf fo IdonfIfy fho corfIfIcnfo.

Druubuck:
Whon n usor rocoIvos n corfIfIcnfo In n mossngo, fho usor musf doformIno whofhor
fho corfIfIcnfo hns boon rovokod. Tho usor couId chock fho dIrocfory onch fImo n
corfIfIcnfo Is rocoIvod.

Counter Meuoureo:
To nvoId fho doInys (nnd ossIbIo cosfs) nssocInfod wIfh dIrocfory sonrchos, If Is
IIkoIy fhnf fho usor wouId mnInfnIn n IocnI cncho of corfIfIcnfos nnd IIsfs of rovokod
corfIfIcnfos.
AUTHNTICATION PROCURS
X.509 nIso IncIudos fhroo nIfornnfIvo nufhonfIcnfIon rocoduros fhnf nro
Infondod for uso ncross n vnrIofy of nIIcnfIons. AII fhoso rocoduros mnko uso of
ubIIc-koy sIgnnfuros.
If Is nssumod fhnf fho fwo nrfIos know onch ofhor's ubIIc koy, oIfhor by
obfnInIng onch ofhor's corfIfIcnfos from fho dIrocfory or bocnuso fho corfIfIcnfo Is
IncIudod In fho InIfInI mossngo from onch sIdo.

X.509 Stvong AutLentIcutIon Pvoceduves
One-Wuy Authenticution
Ono wny nufhonfIcnfIon InvoIvos n sIngIo frnnsfor of InformnfIon from ono usor
(A) fo nnofhor (I), nnd osfnbIIshos fho foIIowIng:
l. Tho IdonfIfy of A nnd fhnf fho mossngo wns gonornfod by A
2. Thnf fho mossngo wns Infondod for I
3. Tho InfogrIfy nnd orIgInnIIfy (If hns nof boon sonf muIfIIo fImos) of fho mossngo
ofo fhnf onIy fho IdonfIfy of fho InIfInfIng onfIfy Is vorIfIod In fhIs rocoss, nof
fhnf of fho rosondIng onfIfy.

Tuo-Wuy Authenticution
In nddIfIon fo fho fhroo oIomonfs jusf IIsfod, fwo-wny nufhonfIcnfIon osfnbIIshos
fho foIIowIng oIomonfs:
l. Tho IdonfIfy of I nnd fhnf fho roIy mossngo wns gonornfod by I
2. Thnf fho mossngo wns Infondod for A
3. Tho InfogrIfy nnd orIgInnIIfy of fho roIy
Two-wny nufhonfIcnfIon fhus ormIfs bofh nrfIos In n communIcnfIon fo vorIfy
fho IdonfIfy of fho ofhor.
Tho roIy mossngo IncIudos fho nonco from A, fo vnIIdnfo fho roIy. If nIso
IncIudos n fImosfnm nnd nonco gonornfod by I. As boforo, fho mossngo mny IncIudo
sIgnod nddIfIonnI InformnfIon nnd n sossIon koy oncryfod wIfh A's ubIIc koy.

Three-Wuy Authenticution
In fhroo-wny nufhonfIcnfIon, n fInnI mossngo from A fo I Is IncIudod, whIch
confnIns n sIgnod coy of fho nonco rI. Tho Infonf of fhIs dosIgn Is fhnf fImosfnms nood
nof bo chockod: Iocnuso bofh noncos nro ochood bnck by fho ofhor sIdo, onch sIdo cnn
chock fho rofurnod nonco fo dofocf roIny nffncks. ThIs nronch Is noodod whon
synchronIzod cIocks nro nof nvnIInbIo.

vuwbucks oI VevsIon 2:
V Tho Subjocf fIoId Is Inndoqunfo fo convoy fho IdonfIfy of n koy ownor fo n ubIIc-
koy usor.
V Tho Subjocf fIoId Is nIso Inndoqunfo for mnny nIIcnfIons, whIch fyIcnIIy
rocognIzo onfIfIos by nn Infornof o-mnII nddross, n !!!, or somo ofhor Infornof-
roInfod IdonfIfIcnfIon.
V Thoro Is n nood fo IndIcnfo socurIfy oIIcy InformnfIon. ThIs onnbIos n socurIfy
nIIcnfIon or funcfIon, such ns IISoc, fo roInfo nn X.509 corfIfIcnfo fo n gIvon
oIIcy.
V Thoro Is n nood fo IImIf fho dnmngo fhnf cnn rosuIf from n fnuIfy or mnIIcIous CA
by soffIng consfrnInfs on fho nIIcnbIIIfy of n nrfIcuInr corfIfIcnfo.
V If Is Imorfnnf fo bo nbIo fo IdonfIfy dIfforonf koys usod by fho snmo ownor nf
dIfforonf fImos. ThIs fonfuro suorfs koy IIfo cycIo mnnngomonf, In nrfIcuInr
fho nbIIIfy fo udnfo koy nIrs for usors nnd CAs on n roguInr bnsIs or undor
oxcofIonnI cIrcumsfnncos.

X.509 VRSION 3
To ovorcomo fho robIoms of vorsIon 2, X.509 vorsIon 3 IncIudos fho foIIowIng
forms In fho corfIfIcnfos.

Key und PoIIcy InIovmutIon
Thoso oxfonsIons convoy nddIfIonnI InformnfIon nbouf fho subjocf nnd Issuor
koys, Ius IndIcnfors of corfIfIcnfo oIIcy. ThIs nron IncIudos fho foIIowIng:
Authority key iJentifier:
IdonfIfIos fho ubIIc koy fo bo usod fo vorIfy fho sIgnnfuro on fhIs corfIfIcnfo or
C!!. InnbIos dIsfIncf koys of fho snmo CA fo bo dIfforonfInfod. Ono uso of fhIs fIoId Is
fo hnndIo CA koy nIr udnfIng.
Sub]ect key iJentifier:
IdonfIfIos fho ubIIc koy boIng corfIfIod. !sofuI for subjocf koy nIr udnfIng.
AIso, n subjocf mny hnvo muIfIIo koy nIrs nnd, corrosondIngIy, dIfforonf corfIfIcnfos
for dIfforonf urosos (o.g., dIgIfnI sIgnnfuro nnd oncryfIon koy ngroomonf).
Key uouge:
IndIcnfos n rosfrIcfIon Imosod ns fo fho urosos for whIch, nnd fho oIIcIos
undor whIch, fho corfIfIod ubIIc koy mny bo usod. Mny IndIcnfo ono or moro of fho
foIIowIng: dIgIfnI sIgnnfuro, nonroudInfIon, koy oncryfIon, dnfn oncryfIon, koy

ngroomonf, CA sIgnnfuro vorIfIcnfIon on corfIfIcnfos, CA sIgnnfuro vorIfIcnfIon on C!!s.
Pritute-key uouge perioJ:
IndIcnfos fho orIod of uso of fho rIvnfo koy corrosondIng fo fho ubIIc koy.
TyIcnIIy, fho rIvnfo koy Is usod ovor n dIfforonf orIod from fho vnIIdIfy of fho ubIIc
koy. Ior oxnmIo, wIfh dIgIfnI sIgnnfuro koys, fho usngo orIod for fho sIgnIng rIvnfo
koy Is fyIcnIIy shorfor fhnn fhnf for fho vorIfyIng ubIIc koy.
Certificute policieo:
CorfIfIcnfos mny bo usod In onvIronmonfs whoro muIfIIo oIIcIos nIy. ThIs
oxfonsIon IIsfs oIIcIos fhnf fho corfIfIcnfo Is rocognIzod ns suorfIng, fogofhor wIfh
ofIonnI qunIIfIor InformnfIon.
Policy muppingo:
!sod onIy In corfIfIcnfos for CAs Issuod by ofhor CAs. IoIIcy mnIngs nIIow nn
IssuIng CA fo IndIcnfo fhnf ono or moro of fhnf Issuor's oIIcIos cnn bo consIdorod
oquIvnIonf fo nnofhor oIIcy usod In fho subjocf CA's domnIn.

CevtIIIcute SubJect und Issuev AttvIbutes
Thoso oxfonsIons suorf nIfornnfIvo nnmos, In nIfornnfIvo formnfs, for n
corfIfIcnfo subjocf or corfIfIcnfo Issuor nnd cnn convoy nddIfIonnI InformnfIon nbouf fho
corfIfIcnfo subjocf, fo Incronso n corfIfIcnfo usor's confIdonco fhnf fho corfIfIcnfo subjocf
Is n nrfIcuInr orson or onfIfy.
Tho oxfonsIon fIoIds In fhIs nron IncIudo fho foIIowIng:
Sub]ect ulternutite nume:
ConfnIns ono or moro nIfornnfIvo nnmos, usIng nny of n vnrIofy of forms. ThIs
fIoId Is Imorfnnf for suorfIng corfnIn nIIcnfIons, such ns oIocfronIc mnII, II, nnd
IISoc, whIch mny omIoy fhoIr own nnmo forms.
1oouer ulternutite nume:
ConfnIns ono or moro nIfornnfIvo nnmos, usIng nny of n vnrIofy of forms.
Sub]ect Jirectory uttributeo:
Convoys nny dosIrod X.500 dIrocfory nffrIbufo vnIuos for fho subjocf of fhIs
corfIfIcnfo.
CevtIIIcutIon PutL ConstvuInts

Thoso oxfonsIons nIIow consfrnInf socIfIcnfIons fo bo IncIudod In corfIfIcnfos
Issuod for CAs by ofhor CAs. Tho consfrnInfs mny rosfrIcf fho fyos of corfIfIcnfos fhnf
cnn bo Issuod by fho subjocf CA or fhnf mny occur subsoquonfIy In n corfIfIcnfIon chnIn.

Tho oxfonsIon fIoIds In fhIs nron IncIudo fho foIIowIng:
Buoic conotruinto:
IndIcnfos If fho subjocf mny ncf ns n CA. If so, n corfIfIcnfIon nfh Iongfh
consfrnInf mny bo socIfIod.
ume conotruinto:
IndIcnfos n nnmo snco wIfhIn whIch nII subjocf nnmos In subsoquonf corfIfIcnfos
In n corfIfIcnfIon nfh musf bo Iocnfod.
Policy conotruinto:
SocIfIos consfrnInfs fhnf mny roquIro oxIIcIf corfIfIcnfo oIIcy IdonfIfIcnfIon or
InhIbIf oIIcy mnIng for fho romnIndor of fho corfIfIcnfIon nfh.

4.2 ICTRONIC MAII SCURITY
ICI Is nn oon-sourco frooIy nvnIInbIo soffwnro nckngo for o-mnII socurIfy. If
rovIdos nufhonfIcnfIon fhrough fho uso of dIgIfnI sIgnnfuro; confIdonfInIIfy
fhrough fho uso of symmofrIc bIock oncryfIon; comrossIon usIng fho ZII
nIgorIfhm; o-mnII comnfIbIIIfy usIng fho rndIx-64 oncodIng schomo; nnd
sogmonfnfIon nnd ronssombIy fo nccommodnfo Iong o-mnIIs.
ICI Incorornfos fooIs for dovoIoIng n ubIIc-koy frusf modoI nnd ubIIc-koy
corfIfIcnfo mnnngomonf.
S/MIMI Is nn Infornof sfnndnrd nronch fo o-mnII socurIfy fhnf Incorornfos
fho snmo funcfIonnIIfy ns ICI.

B.1 PRTTY GOO PRIVACY
ICI Is n romnrknbIo honomonon. !nrgoIy fho offorf of n sIngIo orson, IhII
ZImmormnnn, ICI rovIdos n confIdonfInIIfy nnd nufhonfIcnfIon sorvIco fhnf cnn bo
usod for oIocfronIc mnII nnd fIIo sforngo nIIcnfIons.
ICI hns grown oxIosIvoIy nnd Is now wIdoIy usod. A numbor of ronsons cnn bo
cIfod for fhIs growfh:
I) If Is nvnIInbIo froo worIdwIdo In vorsIons fhnf run on n vnrIofy of Infforms,
IncIudIng WIndows, !IX, MncInfosh, nnd mnny moro. In nddIfIon, fho
commorcInI vorsIon snfIsfIos usors who wnnf n roducf fhnf comos wIfh vondor
suorf.
II) If Is bnsod on nIgorIfhms fhnf hnvo survIvod oxfonsIvo ubIIc rovIow nnd nro
consIdorod oxfromoIy socuro. SocIfIcnIIy, fho nckngo IncIudos !SA, SS, nnd
IffIo-HoIImnn for ubIIc-koy oncryfIon; CAST-l28, IIA, nnd 3IS for
symmofrIc oncryfIon; nnd SHA-l for hnsh codIng.
III) If hns n wIdo rnngo of nIIcnbIIIfy, from corornfIons fhnf wIsh fo soIocf nnd
onforco n sfnndnrdIzod schomo for oncryfIng fIIos nnd mossngos fo IndIvIdunIs
who wIsh fo communIcnfo socuroIy wIfh ofhors worIdwIdo ovor fho Infornof nnd
ofhor nofworks.
Iv) If wns nof dovoIood by, nor Is If confroIIod by, nny govornmonfnI or sfnndnrds
orgnnIznfIon. Ior fhoso wIfh nn InsfIncfIvo dIsfrusf of "fho osfnbIIshmonf," fhIs
mnkos ICI nffrncfIvo.
v) ICI Is now on nn Infornof sfnndnrds frnck (!IC 3l56). ovorfhoIoss, ICI sfIII
hns nn nurn of nn nnfIosfnbIIshmonf ondonvor.
NOTATION
Ks =sossIon koy usod In symmofrIc oncryfIon schomo
I!n =rIvnfo koy of usor A, usod In ubIIc-koy oncryfIon schomo
I!n =ubIIc koy of usor A, usod In ubIIc-koy oncryfIon schomo
II = ubIIc-koy oncryfIon
I = ubIIc-koy docryfIon
IC = symmofrIc oncryfIon
C = symmofrIc docryfIon
H = hnsh funcfIon
|| = concnfonnfIon
Z = comrossIon usIng ZII nIgorIfhm
!64 = convorsIon fo rndIx 64 ASCII formnf
OPRATIONAI SCRIPTION
Tho ncfunI oornfIon of ICI, ns oosod fo fho mnnngomonf of koys, consIsfs of
fIvo sorvIcos: nufhonfIcnfIon, confIdonfInIIfy, comrossIon, o-mnII comnfIbIIIfy, nnd
sogmonfnfIon.

AutLentIcutIon:
Tho soquonco Is ns foIIows:
l) Tho sondor cronfos n mossngo.
2) SHA-l Is usod fo gonornfo n l60-bIf hnsh codo of fho mossngo.
3) Tho hnsh codo Is oncryfod wIfh !SA usIng fho sondor's rIvnfo koy, nnd fho
rosuIf Is roondod fo fho mossngo.
4) Tho rocoIvor usos !SA wIfh fho sondor's ubIIc koy fo docryf nnd rocovor fho
hnsh codo.
5) Tho rocoIvor gonornfos n now hnsh codo for fho mossngo nnd comnros If wIfh
fho docryfod hnsh codo. If fho fwo mnfch, fho mossngo Is nccofod ns nufhonfIc.

; Tho combInnfIon of SHA-l nnd !SA rovIdos nn offocfIvo dIgIfnI sIgnnfuro
schomo.
; Iocnuso of fho sfrongfh of !SA, fho rocIIonf Is nssurod fhnf onIy fho ossossor
of fho mnfchIng rIvnfo koy cnn gonornfo fho sIgnnfuro.
; Iocnuso of fho sfrongfh of SHA-l, fho rocIIonf Is nssurod fhnf no ono oIso couId
gonornfo n now mossngo fhnf mnfchos fho hnsh codo nnd, honco, fho sIgnnfuro of
fho orIgInnI mossngo.
; ofnchod sIgnnfuros nro suorfod. A dofnchod sIgnnfuro mny bo sforod nnd
frnnsmIffod sonrnfoIy from fho mossngo If sIgns.
; A dofnchod sIgnnfuro of nn oxocufnbIo rogrnm cnn dofocf subsoquonf vIrus
InfocfIon. IInnIIy, dofnchod sIgnnfuros cnn bo usod whon moro fhnn ono nrfy
musf sIgn n documonf, such ns n IognI confrncf.

ConIIdentIuIIty:
Anofhor bnsIc sorvIco rovIdod by ICI Is confiJentiulity, whIch Is rovIdod by
oncryfIng mossngos fo bo frnnsmIffod or fo bo sforod IocnIIy ns fIIos.
V In bofh cnsos, fho symmofrIc oncryfIon nIgorIfhm CAST-l28 mny bo
usod.
V AIfornnfIvoIy, IIA or 3IS mny bo usod. Tho 64-bIf cIhor foodbnck
(CII) modo Is usod.
As nIwnys, ono musf nddross fho robIom of key Jiotribution. In ICI, onch
symmofrIc koy Is usod onIy onco. Thnf Is, n now koy Is gonornfod ns n rnndom l28-bIf
numbor for onch mossngo.
Thus, nIfhough fhIs Is roforrod fo In fho documonfnfIon ns n sossIon koy, If Is In
ronIIfy n ono-fImo koy. Iocnuso If Is fo bo usod onIy onco, fho sossIon koy Is bound fo fho
mossngo nnd frnnsmIffod wIfh If. To rofocf fho koy, If Is oncryfod wIfh fho rocoIvor's
ubIIc koy.

Tho Soquonco Is ns foIIows:
l) Tho sondor gonornfos n mossngo nnd n rnndom l28-bIf numbor fo bo usod ns n
sossIon koy for fhIs mossngo onIy.
2) Tho mossngo Is oncryfod, usIng CAST-l28 (or IIA or 3IS) wIfh fho sossIon
koy.
3) Tho sossIon koy Is oncryfod wIfh !SA, usIng fho rocIIonf's ubIIc koy, nnd Is
roondod fo fho mossngo.
4) Tho rocoIvor usos !SA wIfh Ifs rIvnfo koy fo docryf nnd rocovor fho sossIon
koy.
5) Tho sossIon koy Is usod fo docryf fho mossngo.

As nn nIfornnfIvo fo fho uso of !SA for koy oncryfIon, ICI rovIdos nn ofIon roforrod
fo ns IffIo-HoIImnn. IffIo-HoIImnn Is n koy oxchnngo nIgorIfhm. In fncf, ICI usos n
vnrInnf of IffIo-HoIImnn fhnf doos rovIdo oncryfIon/docryfIon, known ns IICnmnI.

Oboertutiono
To roduco oncryfIon fImo fho combInnfIon of symmofrIc nnd ubIIc-koy
oncryfIon Is usod In roforonco fo sImIy usIng !SA or IICnmnI fo oncryf fho
mossngo dIrocfIy: CAST-l28 nnd fho ofhor symmofrIc nIgorIfhms nro
subsfnnfInIIy fnsfor fhnn !SA or IICnmnI.
Tho uso of fho ubIIc-koy nIgorIfhm soIvos fho sossIon koy dIsfrIbufIon robIom,
bocnuso onIy fho rocIIonf Is nbIo fo rocovor fho sossIon koy fhnf Is bound fo fho
mossngo.
Tho uso of ono-fImo symmofrIc koys sfrongfhons whnf Is nIrondy n sfrong

symmofrIc oncryfIon nronch. OnIy n smnII nmounf of InInfoxf Is oncryfod
wIfh onch koy, nnd fhoro Is no roInfIonshI nmong fho koys.
Thus, fo fho oxfonf fhnf fho ubIIc-koy nIgorIfhm Is socuro, fho onfIro
schomo Is socuro. To fhIs ond, ICI rovIdos fho usor wIfh n rnngo of koy sIzo
ofIons from ?68 fo 30?2 bIfs (fho SS koy for sIgnnfuros Is IImIfod fo l024 bIfs).

ConIIdentIuIIty und AutLentIcutIon:
Iofh sorvIcos mny bo usod for fho snmo mossngo. IIrsf, n sIgnnfuro Is gonornfod
for fho InInfoxf mossngo nnd roondod fo fho mossngo. Thon fho InInfoxf mossngo
Ius sIgnnfuro Is oncryfod usIng CAST-l28 (or IIA or 3IS), nnd fho sossIon koy Is
oncryfod usIng !SA (or IICnmnI).
ThIs soquonco Is rofornbIo fo fho oosIfo: oncryfIng fho mossngo nnd fhon
gonornfIng n sIgnnfuro for fho oncryfod mossngo. If Is gonornIIy moro convonIonf fo
sforo n sIgnnfuro wIfh n InInfoxf vorsIon of n mossngo.
Iurfhormoro, for urosos of fhIrd-nrfy vorIfIcnfIon, If fho sIgnnfuro Is
orformod fIrsf, n fhIrd nrfy nood nof bo concornod wIfh fho symmofrIc koy whon
vorIfyIng fho sIgnnfuro.
Whon bofh sorvIcos nro usod, fho sondor fIrsf sIgns fho mossngo wIfh Ifs own
rIvnfo koy, fhon oncryfs fho mossngo wIfh n sossIon koy, nnd fhon oncryfs fho
sossIon koy wIfh fho rocIIonf's ubIIc koy.

CompvessIon:
ICI comrossos fho mossngo nffor nIyIng fho sIgnnfuro buf boforo oncryfIon.
ThIs hns fho bonofIf of snvIng snco bofh for o-mnII frnnsmIssIon nnd for fIIo sforngo.
Tho Incomonf of fho comrossIon nIgorIfhm, IndIcnfod by Z for comrossIon nnd Z
-l
for
docomrossIon:
l. Tho sIgnnfuro Is gonornfod boforo comrossIon for fwo ronsons:
n. If Is rofornbIo fo sIgn nn uncomrossod mossngo so fhnf ono cnn sforo onIy
fho uncomrossod mossngo fogofhor wIfh fho sIgnnfuro for fufuro
vorIfIcnfIon. If ono sIgnod n comrossod documonf, fhon If wouId bo
nocossnry oIfhor fo sforo n comrossod vorsIon of fho mossngo for Infor

vorIfIcnfIon or fo rocomross fho mossngo whon vorIfIcnfIon Is roquIrod.
b. Ivon If ono woro wIIIIng fo gonornfo dynnmIcnIIy n rocomrossod mossngo
for vorIfIcnfIon, ICI's comrossIon nIgorIfhm rosonfs n dIffIcuIfy. Tho
nIgorIfhm Is nof doformInIsfIc; vnrIous ImIomonfnfIons of fho nIgorIfhm
nchIovo dIfforonf frndooffs In runnIng sood vorsus comrossIon rnfIo nnd,
ns n rosuIf, roduco dIfforonf comrossod forms.
2. Mossngo oncryfIon Is nIIod nffor comrossIon fo sfrongfhon cryfogrnhIc
socurIfy. Iocnuso fho comrossod mossngo hns Ioss rodundnncy fhnn fho orIgInnI
InInfoxf, cryfnnnIysIs Is moro dIffIcuIf.

-muII ComputIbIIIty:
Whon ICI Is usod, nf Ionsf nrf of fho bIock fo bo frnnsmIffod Is oncryfod. If
onIy fho sIgnnfuro sorvIco Is usod, fhon fho mossngo dIgosf Is oncryfod (wIfh fho
sondor's rIvnfo koy). If fho confIdonfInIIfy sorvIco Is usod, fho mossngo Ius sIgnnfuro
(If rosonf) nro oncryfod (wIfh n ono-fImo symmofrIc koy). Thus, nrf or nII of fho
rosuIfIng bIock consIsfs of n sfronm of nrbIfrnry 8-bIf ocfofs.
Howovor, mnny oIocfronIc mnII sysfoms onIy ormIf fho uso of bIocks consIsfIng
of ASCII foxf. To nccommodnfo fhIs rosfrIcfIon, ICI rovIdos fho sorvIco of convorfIng
fho rnw 8-bIf bInnry sfronm fo n sfronm of rInfnbIo ASCII chnrncfors.
On trunomiooion, If If Is roquIrod, n sIgnnfuro Is gonornfod usIng n hnsh codo of
fho uncomrossod InInfoxf. Thon fho InInfoxf, Ius sIgnnfuro If rosonf, Is
comrossod. oxf, If confIdonfInIIfy Is roquIrod, fho bIock (comrossod InInfoxf or
comrossod sIgnnfuro Ius InInfoxf) Is oncryfod nnd roondod wIfh fho ubIIc-koy-
oncryfod symmofrIc oncryfIon koy. IInnIIy, fho onfIro bIock Is convorfod fo rndIx-64
formnf.
On reception, fho IncomIng bIock Is fIrsf convorfod bnck from rndIx-64 formnf fo
bInnry. Thon, If fho mossngo Is oncryfod, fho rocIIonf rocovors fho sossIon koy nnd
docryfs fho mossngo. Tho rosuIfIng bIock Is fhon docomrossod. If fho mossngo Is
sIgnod, fho rocIIonf rocovors fho frnnsmIffod hnsh codo nnd comnros If fo Ifs own
cnIcuInfIon of fho hnsh codo.

Trunomiooion unJ Reception of PCP Meoougeo

SegmentutIon und ReussembIy:
I-mnII fncIIIfIos offon nro rosfrIcfod fo n mnxImum mossngo Iongfh. Any mossngo
Iongor fhnn fhnf musf bo brokon u Info smnIIor sogmonfs, onch of whIch Is mnIIod
sonrnfoIy. To nccommodnfo fhIs rosfrIcfIon, ICI nufomnfIcnIIy subdIvIdos n mossngo
fhnf Is foo Inrgo Info sogmonfs fhnf nro smnII onough fo sond vIn o-mnII.
Tho sogmonfnfIon Is dono nffor nII of fho ofhor rocossIng, IncIudIng fho rndIx-64
convorsIon. Thus, fho sossIon koy comononf nnd sIgnnfuro comononf nonr onIy
onco, nf fho bogInnIng of fho fIrsf sogmonf. Af fho rocoIvIng ond, ICI musf sfrI off nII
o-mnII hondors nnd ronssombIo fho onfIro orIgInnI bIock.
CRYPTOGRAPHIC KYS AN KY RINGS

ICI mnkos uso of four fyos of koys:
V Ono-fImo sossIon symmofrIc koys,
V IubIIc koys,
V IrIvnfo koys, nnd
V Insshrnso-bnsod symmofrIc koys (oxInInod subsoquonfIy).

Throo sonrnfo roquIromonfs cnn bo IdonfIfIod wIfh rosocf fo fhoso koys:
l. A monns of gonornfIng unrodIcfnbIo sossIon koys Is noodod.
2. Wo wouId IIko fo nIIow n usor fo hnvo muIfIIo ubIIc-koy/rIvnfo-koy nIrs.
One reuoon Is fhnf fho usor mny wIsh fo chnngo hIs or hor koy nIr from
fImo fo fImo. Whon fhIs hnons, nny mossngos In fho IoIIno wIII bo
consfrucfod wIfh nn obsoIofo koy. Iurfhormoro, rocIIonfs wIII know onIy fho oId
ubIIc koy unfII nn udnfo ronchos fhom.
3. Inch ICI onfIfy musf mnInfnIn n fIIo of Ifs own ubIIc/rIvnfo koy nIrs ns woII
ns n fIIo of ubIIc koys of corrosondonfs.

SessIon Key GenevutIon:
Inch sossIon koy Is nssocInfod wIfh n sIngIo mossngo nnd Is usod onIy for fho
uroso of oncryfIng nnd docryfIng fhnf mossngo.
!nndom l28-bIf numbors nro gonornfod usIng CAST-l28 IfsoIf. Tho Inuf fo fho
rnndom numbor gonornfor consIsfs of n l28-bIf koy nnd fwo 64-bIf bIocks fhnf nro
fronfod ns InInfoxf fo bo oncryfod.
!sIng cIhor foodbnck modo, fho CAST-l28 oncryfor roducos fwo 64-bIf cIhor
foxf bIocks, whIch nro concnfonnfod fo form fho l28-bIf sossIon koy. Tho nIgorIfhm fhnf
Is usod Is bnsod on fho ono socIfIod In ASI Xl2.l?.

Tho "InInfoxf" Inuf fo fho rnndom numbor gonornfor, consIsfIng of fwo 64-bIf
bIocks, Is IfsoIf dorIvod from n sfronm of l28-bIf rnndomIzod numbors. Thoso numbors
nro bnsod on koysfroko Inuf from fho usor. Iofh fho koysfroko fImIng nnd fho ncfunI
koys sfruck nro usod fo gonornfo fho rnndomIzod sfronm.
Thus, If fho usor hIfs nrbIfrnry koys nf hIs or hor normnI nco, n ronsonnbIy
"rnndom" Inuf wIII bo gonornfod. ThIs rnndom Inuf Is nIso combInod wIfh rovIous
sossIon koy oufuf from CAST-l28 fo form fho koy Inuf fo fho gonornfor. Tho rosuIf,
gIvon fho offocfIvo scrnmbIIng of CAST-l28, Is fo roduco n soquonco of sossIon koys
fhnf Is offocfIvoIy unrodIcfnbIo.

Key IdentIIIevs:
An oncryfod mossngo Is nccomnnIod by nn oncryfod form of fho sossIon koy
fhnf wns usod for mossngo oncryfIon. Tho sossIon koy IfsoIf Is oncryfod wIfh fho
rocIIonf's ubIIc koy. Honco, onIy fho rocIIonf wIII bo nbIo fo rocovor fho sossIon koy
nnd fhoroforo rocovor fho mossngo.
If onch usor omIoyod n sIngIo ubIIc/rIvnfo koy nIr, fhon fho rocIIonf wouId
nufomnfIcnIIy know whIch koy fo uso fo docryf fho sossIon koy: fho rocIIonf's unIquo
rIvnfo koy. Howovor, wo hnvo sfnfod n roquIromonf fhnf nny gIvon usor mny hnvo
muIfIIo ubIIc/rIvnfo koy nIrs.

Hou Joeo the recipient knou uhich of ito public keyo uuo uoeJ to encrypt the
oeooion keyr
Ono sImIo soIufIon wouId bo fo frnnsmIf fho ubIIc koy wIfh fho mossngo. Tho
rocIIonf couId fhon vorIfy fhnf fhIs Is Indood ono of Ifs ubIIc koys, nnd rocood.
Problem: ThIs schomo wouId work, buf If Is unnocossnrIIy wnsfofuI of snco. An
!SA ubIIc koy mny bo hundrods of docImnI dIgIfs In Iongfh.

Anofhor soIufIon wouId bo fo nssocInfo nn IdonfIfIor wIfh onch ubIIc koy fhnf Is
unIquo nf Ionsf wIfhIn ono usor. Thnf Is, fho combInnfIon of usor I nnd koy I wouId
bo suffIcIonf fo IdonfIfy n koy unIquoIy. Thon onIy fho much shorfor koy I wouId nood
fo bo frnnsmIffod.
Problem: ThIs soIufIon, howovor, rnIsos n mnnngomonf nnd ovorhond robIom:
Koy Is musf bo nssIgnod nnd sforod so fhnf bofh sondor nnd rocIIonf couId mn from
koy I fo ubIIc koy. ThIs sooms unnocossnrIIy burdonsomo.

Tho soIufIon ndofod by ICI Is fo nssIgn n koy I fo onch ubIIc koy fhnf Is,
wIfh vory hIgh robnbIIIfy, unIquo wIfhIn n usor I. Tho koy I nssocInfod wIfh onch
ubIIc koy consIsfs of Ifs Ionsf sIgnIfIcnnf 64 bIfs. Thnf Is, fho koy I of ubIIc I!n Is
(I!n mod 2
64
). ThIs Is n suffIcIonf Iongfh fhnf fho robnbIIIfy of duIIcnfo koy Is Is
vory smnII.

Cenerul Formut of PCP Meoouge (from A to B)
A key 1D Is nIso roquIrod for fho ICI dIgIfnI sIgnnfuro. Iocnuso n sondor mny
uso ono of n numbor of rIvnfo koys fo oncryf fho mossngo dIgosf, fho rocIIonf musf
know whIch ubIIc koy Is Infondod for uso.
AccordIngIy, fho dIgIfnI sIgnnfuro comononf of n mossngo IncIudos fho 64-bIf
koy I of fho roquIrod ubIIc koy. Whon fho mossngo Is rocoIvod, fho rocIIonf vorIfIos
fhnf fho koy I Is for n ubIIc koy fhnf If knows for fhnf sondor nnd fhon rocoods fo
vorIfy fho sIgnnfuro.

A mossngo consIsfs of three componento: fho mossngo comononf, n sIgnnfuro
(ofIonnI), nnd n sossIon koy comononf (ofIonnI).

Tho messuge component IncIudos fho ncfunI dnfn fo bo sforod or frnnsmIffod,
ns woII ns n fIIonnmo nnd n fImosfnm fhnf socIfIos fho fImo of cronfIon.

Tho sIgnutuve component IncIudos fho foIIowIng:
Timeotump: Tho fImo nf whIch fho sIgnnfuro wns mndo.
Meoouge Jigeot: Tho l60-bIf SHA-l dIgosf, oncryfod wIfh fho sondor's rIvnfo
sIgnnfuro koy. Tho dIgosf Is cnIcuInfod ovor fho sIgnnfuro fImosfnm
concnfonnfod wIfh fho dnfn orfIon of fho mossngo comononf.
Tho IncIusIon of fho sIgnnfuro fImosfnm In fho dIgosf nssuros ngnInsf
roIny fyos of nffncks.
Tho oxcIusIon of fho fIIonnmo nnd fImosfnm orfIons of fho mossngo
comononf onsuros fhnf dofnchod sIgnnfuros nro oxncfIy fho snmo ns nffnchod
sIgnnfuros rofIxod fo fho mossngo.
ofnchod sIgnnfuros nro cnIcuInfod on n sonrnfo fIIo fhnf hns nono of fho
mossngo comononf hondor fIoIds.
LeuJing tuo octeto of meoouge Jigeot: To onnbIo fho rocIIonf fo doformIno If
fho corrocf ubIIc koy wns usod fo docryf fho mossngo dIgosf for nufhonfIcnfIon,
by comnrIng fhIs InInfoxf coy of fho fIrsf fwo ocfofs wIfh fho fIrsf fwo ocfofs of
fho docryfod dIgosf. Thoso ocfofs nIso sorvo ns n l6-bIf frnmo chock soquonco for
fho mossngo.
Key 1D of oenJer'o public key: IdonfIfIos fho ubIIc koy fhnf shouId bo usod fo
docryf fho mossngo dIgosf nnd, honco, IdonfIfIos fho rIvnfo koy fhnf wns usod
fo oncryf fho mossngo dIgosf.
Tho mossngo comononf nnd ofIonnI sIgnnfuro comononf mny bo comrossod
usIng ZII nnd mny bo oncryfod usIng n sossIon koy.

Tho sessIon key component IncIudos fho sossIon koy nnd fho IdonfIfIor of fho
rocIIonf's ubIIc koy fhnf wns usod by fho sondor fo oncryf fho sossIon koy. Tho onfIro
bIock Is usunIIy oncodod wIfh rndIx-64 oncodIng.

Key RIngs:
Tho schomo usod In ICI Is fo rovIdo n nIr of dnfn sfrucfuros nf onch nodo, ono
fo sforo fho ubIIc/rIvnfo koy nIrs ownod by fhnf nodo nnd ono fo sforo fho ubIIc koys
of ofhor usors known nf fhIs nodo. Thoso dnfn sfrucfuros nro roforrod fo, rosocfIvoIy,
ns fho rIvnfo-koy rIng nnd fho ubIIc-koy rIng.

The generul otructure of u pritute-key ring ns n fnbIo, In whIch onch row
rorosonfs ono of fho ubIIc/rIvnfo koy nIrs ownod by fhIs usor. Inch row confnIns fho
foIIowIng onfrIos:
Timeotump: Tho dnfo/fImo whon fhIs koy nIr wns gonornfod.
Key 1D: Tho Ionsf sIgnIfIcnnf 64 bIfs of fho ubIIc koy for fhIs onfry.
Public key: Tho ubIIc-koy orfIon of fho nIr.
Pritute key: Tho rIvnfo-koy orfIon of fho nIr; fhIs fIoId Is oncryfod.
Uoer 1D: TyIcnIIy, fhIs wIII bo fho usor's o-mnII nddross (o.g.,
sfnIIIngsncm.org). Howovor, fho usor mny chooso fo nssocInfo n dIfforonf nnmo
wIfh onch nIr (o.g., SfnIIIngs, WSfnIIIngs, WIIIInmSfnIIIngs, ofc.) or fo rouso fho
snmo !sor I moro fhnn onco.
Tho rIvnfo-koy rIng cnn bo Indoxod by oIfhor !sor I or Koy I. AIfhough If Is
Infondod fhnf fho rIvnfo-koy rIng bo sforod onIy on fho mnchIno of fho usor fhnf
cronfod nnd owns fho koy nIrs, nnd fhnf If bo nccossIbIo onIy fo fhnf usor, If mnkos
sonso fo mnko fho vnIuo of fho rIvnfo koy ns socuro ns ossIbIo.
AccordIngIy, fho rIvnfo koy IfsoIf Is nof sforod In fho koy rIng. !nfhor, fhIs koy
Is oncryfod usIng CAST-l28 (or IIA or 3IS). Tho rocoduro Is ns foIIows:
1. Tho usor soIocfs n nsshrnso fo bo usod for oncryfIng rIvnfo koys.
2. Whon fho sysfom gonornfos n now ubIIc/rIvnfo koy nIr usIng !SA, If nsks fho
usor for fho nsshrnso. !sIng SHA-l, n l60-bIf hnsh codo Is gonornfod from fho
nsshrnso, nnd fho nsshrnso Is dIscnrdod.
3. Tho sysfom oncryfs fho rIvnfo koy usIng CAST-l28 wIfh fho l28 bIfs of fho hnsh
codo ns fho koy. Tho hnsh codo Is fhon dIscnrdod, nnd fho oncryfod rIvnfo koy Is
sforod In fho rIvnfo-koy rIng.

The generul otructure of u public-key ring. ThIs dnfn sfrucfuro Is usod fo
sforo ubIIc koys of ofhor usors fhnf nro known fo fhIs usor.

Tho IIoIds nro,

Timeotump: Tho dnfo/fImo whon fhIs onfry wns gonornfod.
Key 1D: Tho Ionsf sIgnIfIcnnf 64 bIfs of fho ubIIc koy for fhIs onfry.
Public Key: Tho ubIIc koy for fhIs onfry.
Uoer 1D: IdonfIfIos fho ownor of fhIs koy. MuIfIIo usor Is mny bo nssocInfod
wIfh n sIngIo ubIIc koy.
Tho ubIIc-koy rIng cnn bo Indoxod by oIfhor !sor I or Koy I.

PCP Meoouge Cenerution (from Uoer A to Uoer B,
o compreooion or ruJir 64 conteroion)

ConsIdor mossngo frnnsmIssIon nnd nssumo fhnf fho mossngo Is fo bo bofh

sIgnod nnd oncryfod. Tho sondIng ICI onfIfy orforms fho foIIowIng sfos:

Signing the meoouge
ICI rofrIovos fho sondor's rIvnfo koy from fho rIvnfo-koy rIng usIng
your_usorId ns nn Indox. If your_usorId wns nof rovIdod In fho commnnd, fho
fIrsf rIvnfo koy on fho rIng Is rofrIovod.
ICI romfs fho usor for fho nsshrnso fo rocovor fho unoncryfod rIvnfo koy.
Tho sIgnnfuro comononf of fho mossngo Is consfrucfod.

Encrypting the meoouge
ICI gonornfos n sossIon koy nnd oncryfs fho mossngo.
ICI rofrIovos fho rocIIonf's ubIIc koy from fho ubIIc-koy rIng usIng
hor_usorId ns nn Indox.
Tho sossIon koy comononf of fho mossngo Is consfrucfod.

Tho rocoIvIng ICI onfIfy orforms fho foIIowIng sfos:

Decrypting the meoouge
ICI rofrIovos fho rocoIvor's rIvnfo koy from fho rIvnfo-koy rIng, usIng fho Koy
I fIoId In fho sossIon koy comononf of fho mossngo ns nn Indox.
ICI romfs fho usor for fho nsshrnso fo rocovor fho unoncryfod rIvnfo koy.
ICI fhon rocovors fho sossIon koy nnd docryfs fho mossngo.

Authenticuting the meoouge
ICI rofrIovos fho sondor's ubIIc koy from fho ubIIc-koy rIng, usIng fho Koy I
fIoId In fho sIgnnfuro koy comononf of fho mossngo ns nn Indox.
ICI rocovors fho frnnsmIffod mossngo dIgosf.
ICI comufos fho mossngo dIgosf for fho rocoIvod mossngo nnd comnros If fo
fho frnnsmIffod mossngo dIgosf fo nufhonfIcnfo.
PCP Meoouge Reception (from Uoer A to Uoer B, no compreooion or ruJir

64 conteroion)

PUBIIC-KY MANAGMNT
ICI confnIns n cIovor, offIcIonf, InforIockIng sof of funcfIons nnd formnfs fo
rovIdo nn offocfIvo confIdonfInIIfy nnd nufhonfIcnfIon sorvIco. To comIofo fho sysfom,
ono fInnI nron noods fo bo nddrossod, fhnf of ubIIc-koy mnnngomonf.

AppvoucLes to PubIIc-Key Munugement:
Eooence of the problem -- !sor A musf buIId u n ubIIc-koy rIng confnInIng fho
ubIIc koys of ofhor usors fo Inforoornfo wIfh fhom usIng ICI. Suoso fhnf A's koy
rIng confnIns n ubIIc koy nffrIbufod fo I buf fhnf fho koy Is, In fncf, ownod by C.
ThIs couId hnon If, for oxnmIo, A gof fho koy from n buIIofIn bonrd sysfom
(IIS) fhnf wns usod by I fo osf fho ubIIc koy buf fhnf hns boon comromIsod by C.
Tho rosuIf Is fhnf fwo fhronfs now oxIsf.
IIrsf, C cnn sond mossngos fo A nnd forgo I's sIgnnfuro, so fhnf A wIII nccof fho
mossngo ns comIng from I.
Socond, nny oncryfod mossngo from A fo I cnn bo rond by C.

A numbor of nronchos nro ossIbIo for mInImIzIng fho rIsk fhnf n usor's ubIIc-
koy rIng confnIns fnIso ubIIc koys. Suoso fhnf A wIshos fo obfnIn n roIInbIo ubIIc
koy for I. Tho foIIowIng nro oome upproucheo fhnf couId bo usod:
l. PI,eicoll, geI IIe le, fron B.
I couId sforo hor ubIIc koy (I!b) on n fIoy dIsk nnd hnnd If fo A. A
couId fhon Iond fho koy Info hIs sysfom from fho fIoy dIsk. ThIs Is n vory
socuro mofhod buf hns obvIous rncfIcnI IImIfnfIons.
2. Verif, o le, I, IelepIone.
If A cnn rocognIzo I on fho hono, A couId cnII I nnd nsk hor fo dIcfnfo
fho koy, In rndIx-64 formnf, ovor fho hono. As n moro rncfIcnI nIfornnfIvo, I
couId frnnsmIf hor koy In nn o-mnII mossngo fo A.
A couId hnvo ICI gonornfo n l60-bIf SHA-l dIgosf of fho koy nnd dIsIny
If In hoxndocImnI formnf; fhIs Is roforrod fo ns fho "fIngorrInf" of fho koy.
A couId fhon cnII I nnd nsk hor fo dIcfnfo fho fIngorrInf ovor fho hono.
If fho fwo fIngorrInfs mnfch, fho koy Is vorIfIod.
3. OIIoin B'e puIlic le, fron o nuIuol IrueIeJ inJitiJuol D.
Ior fhIs uroso, fho Infroducor, , cronfos n sIgnod corfIfIcnfo. Tho
corfIfIcnfo IncIudos I's ubIIc koy, fho fImo of cronfIon of fho koy, nnd n vnIIdIfy
orIod for fho koy.
gonornfos nn SHA-l dIgosf of fhIs corfIfIcnfo, oncryfs If wIfh hor
rIvnfo koy, nnd nffnchos fho sIgnnfuro fo fho corfIfIcnfo. Iocnuso onIy couId
hnvo cronfod fho sIgnnfuro, no ono oIso cnn cronfo n fnIso ubIIc koy nnd rofond
fhnf If Is sIgnod by . Tho sIgnod corfIfIcnfo couId bo sonf dIrocfIy fo A by I or ,
or couId bo osfod on n buIIofIn bonrd.
4. OIIoin B'e puIlic le, fron o IrueIeJ cerIif,ing ouIIoriI,.

AgnIn, n ubIIc koy corfIfIcnfo Is cronfod nnd sIgnod by fho nufhorIfy. A
couId fhon nccoss fho nufhorIfy, rovIdIng n usor nnmo nnd rocoIvIng n sIgnod
corfIfIcnfo.

Ior cnsos 3 nnd 4, A wouId nIrondy hnvo fo hnvo n coy of fho Infroducor's ubIIc
koy nnd frusf fhnf fhIs koy Is vnIId. !IfImnfoIy, If Is u fo A fo nssIgn n IovoI of frusf fo
nnyono who Is fo ncf ns nn Infroducor.

TLe Use oI Tvust:
AIfhough ICI doos nof IncIudo nny socIfIcnfIon for osfnbIIshIng corfIfyIng
nufhorIfIos or for osfnbIIshIng frusf, If doos rovIdo
V A convonIonf monns of usIng frusf,
V AssocInfIng frusf wIfh ubIIc koys, nnd
V IxIoIfIng frusf InformnfIon.

Tho buoic otructure Is ns foIIows:
Inch onfry In fho ubIIc-koy rIng Is n ubIIc-koy corfIfIcnfo.

AssocInfod wIfh onch such onfry Is n key legitimucy fielJ fhnf IndIcnfos fho
oxfonf fo whIch ICI wIII frusf fhnf fhIs Is n vnIId ubIIc koy for fhIs usor; fho
hIghor fho IovoI of frusf, fho sfrongor Is fho bIndIng of fhIs usor I fo fhIs koy.
ThIs fIoId Is comufod by ICI

AIso nssocInfod wIfh fho onfry nro zoro or moro sIgnnfuros fhnf fho koy rIng
ownor hns coIIocfod fhnf sIgn fhIs corfIfIcnfo.

In furn, onch sIgnnfuro hns nssocInfod wIfh If n oignuture truot fielJ fhnf
IndIcnfos fho dogroo fo whIch fhIs ICI usor frusfs fho sIgnor fo corfIfy ubIIc
koys. Tho koy IogIfImncy fIoId Is dorIvod from fho coIIocfIon of sIgnnfuro frusf
fIoIds In fho onfry.
IInnIIy, onch onfry dofInos n ubIIc koy nssocInfod wIfh n nrfIcuInr ownor, nnd
nn ouner truot fielJ Is IncIudod fhnf IndIcnfos fho dogroo fo whIch fhIs ubIIc
koy Is frusfod fo sIgn ofhor ubIIc-koy corfIfIcnfos; fhIs IovoI of frusf Is nssIgnod
by fho usor.
(a) Trust Assigned to
Public-Key Owner
(appears after key packet;
user defined)
(b) Trust Assigned to
Public Key/User ID Pair
(appears after User ID
packet; computed by PGP)
(c) Trust Assigned to Signature
(appears after signature packet;
cached copy of OWNERTRUST
for this signator)
OWNERTRUST Field
undefined trust
unknown user
usually not trusted to sign
other keys
usually trusted to sign other
keys
always trusted to sign other
keys
this key is present in secret
key ring (ultimate trust)
BUCKSTOP bit
set if this key appears in
secret key ring
KEYLEGIT Field
unknown or undefined trust
key ownership not trusted
marginal trust in key
ownership
complete trust in key
ownership
WARNONLY bit
set if user wants only to be
warned when key that is not
fully validated is used for
encryption
SIGTRUST Field
undefined trust
unknown user
usually not trusted to sign other
keys
usually trusted to sign other keys
always trusted to sign other keys
this key is present in secret key
ring (ultimate trust)
CONTIG bit
set if signature leads up a
contiguous trusted certification
path back to the ultimately trusted
key ring owner

IorIodIcnIIy, ICI rocossos fho ubIIc-koy rIng fo nchIovo consIsfoncy. In
ossonco, fhIs Is n fo-down rocoss. Ior onch OWI!T!!ST fIoId, ICI scnns fho rIng
for nII sIgnnfuros nufhorod by fhnf ownor nnd udnfos fho SICT!!ST fIoId fo oqunI fho
OWI!T!!ST fIoId. ThIs rocoss sfnrfs wIfh koys for whIch fhoro Is uIfImnfo frusf.
Thon nII KIY!ICIT fIoIds nro comufod on fho bnsIs of fho nffnchod sIgnnfuros.
PCP Truot MoJel Erumple

Tho fIguro shows fho sfrucfuro of n ubIIc-koy rIng. Tho usor hns ncquIrod n
numbor of ubIIc koys, somo dIrocfIy from fhoIr ownors nnd somo from n fhIrd nrfy
such ns n koy sorvor.

IoInfs fo bo nofod nro:
V ofo fhnf nII koys whoso ownors nro fuIIy or nrfInIIy frusfod by fhIs usor hnvo
boon sIgnod by fhIs usor, wIfh fho oxcofIon of nodo !.
V Wo nssumo fhnf fwo nrfInIIy frusfod sIgnnfuros nro suffIcIonf fo corfIfy n koy.
Honco, fho koy for usor H Is doomod IogIfImnfo by ICI bocnuso If Is sIgnod by A
nnd I, bofh of whom nro nrfInIIy frusfod.
V A koy mny bo doformInod fo bo IogIfImnfo bocnuso If Is sIgnod by ono fuIIy
frusfod or fwo nrfInIIy frusfod sIgnnforIos, buf Ifs usor mny nof bo frusfod fo
sIgn ofhor koys.
V IIguro nIso shows nn oxnmIo of n dofnchod "orhnn" nodo S, wIfh fwo unknown
sIgnnfuros. Such n koy mny hnvo boon ncquIrod from n koy sorvor. ICI cnnnof
nssumo fhnf fhIs koy Is IogIfImnfo sImIy bocnuso If cnmo from n roufnbIo
sorvor. Tho usor musf docInro fho koy IogIfImnfo by sIgnIng If or by foIIIng ICI
fhnf If Is wIIIIng fo frusf fuIIy ono of fho koy's sIgnnforIos.

RevokIng PubIIc Keys:
A usor mny wIsh fo rovoko hIs or hor curronf ubIIc koy oIfhor bocnuso
comromIso Is susocfod or sImIy fo nvoId fho uso of fho snmo koy for nn oxfondod
orIod. Tho convonfIon for rovokIng n ubIIc koy Is for fho ownor fo Issuo n koy
rovocnfIon corfIfIcnfo, sIgnod by fho ownor. ThIs corfIfIcnfo hns fho snmo form ns n
normnI sIgnnfuro corfIfIcnfo buf IncIudos nn IndIcnfor fhnf fho uroso of fhIs
corfIfIcnfo Is fo rovoko fho uso of fhIs ubIIc koy.
ofo fhnf fho corrosondIng rIvnfo koy musf bo usod fo sIgn n corfIfIcnfo fhnf
rovokos n ubIIc koy. Tho ownor shouId fhon nffomf fo dIssomInnfo fhIs corfIfIcnfo ns
wIdoIy nnd ns quIckIy ns ossIbIo fo onnbIo ofonfInI corrosondonfs fo udnfo fhoIr
ubIIc-koy rIngs.
ofo fhnf nn oononf who hns comromIsod fho rIvnfo koy of nn ownor cnn
nIso Issuo such n corfIfIcnfo. Howovor, fhIs wouId dony fho oononf ns woII ns fho
IogIfImnfo ownor fho uso of fho ubIIc koy, nnd fhoroforo If sooms n much Ioss IIkoIy
fhronf fhnn fho mnIIcIous uso of n sfoIon rIvnfo koy.

B.2 S/MIM
S/MIMI (Socuro/MuIfIuroso Infornof MnII IxfonsIon) Is n socurIfy
onhnncomonf fo fho MIMI Infornof o-mnII formnf sfnndnrd, bnsod on fochnoIogy from
!SA nfn SocurIfy.
AIfhough bofh ICI nnd S/MIMI nro on nn IITI sfnndnrds frnck, If nonrs
IIkoIy fhnf S/MIMI wIII omorgo ns fho Indusfry sfnndnrd for commorcInI nnd
orgnnIznfIonnI uso, whIIo ICI wIII romnIn fho choIco for orsonnI o-mnII socurIfy for
mnny usors. S/MIMI Is dofInod In n numbor of documonfs, mosf ImorfnnfIy !ICs
3369, 33?0, 3850 nnd 385l.
RIC B22
!IC 822 dofInos n formnf for foxf mossngos fhnf nro sonf usIng oIocfronIc mnII.
If hns boon fho sfnndnrd for Infornof-bnsod foxf mnII mossngo nnd romnIns In common
uso. In fho !IC 822 confoxf, mossngos nro vIowod ns hnvIng nn onvoIoo nnd confonfs.

Tho entelope confnIns whnfovor InformnfIon Is noodod fo nccomIIsh
frnnsmIssIon nnd doIIvory. Tho confonfs comoso fho objocf fo bo doIIvorod fo fho
rocIIonf. Tho !IC 822 sfnndnrd nIIos onIy fo fho confonfs.

Tho oterull otructure of u meoouge fhnf conforms fo !IC 822 Is vory sImIo.
A mossngo consIsfs of somo numbor of hondor IInos (fho hondor) foIIowod by
unrosfrIcfod foxf (fho body). Tho hondor Is sonrnfod from fho body by n bInnk IIno.

A heuJer line usunIIy consIsfs of n koyword, foIIowod by n coIon, foIIowod by fho
koyword's nrgumonfs; fho formnf nIIows n Iong IIno fo bo brokon u Info sovornI IInos.
Tho mosf froquonfIy usod koywords nro Iron, To, SuIjecI, nnd DoIe. Horo Is nn
oxnmIo mossngo:
Dafe: 1ue, 16 Jan 1998 10:37:17 {L51}
Iom: "W1111am 5fa111ngs" <Ws0shoe.nef>
5ubecf: 1he 5ynfax 1n kIC 822
1o: 5m1fh0Ofhe-hosf.com
Cc: Jones0Yef-Anofhe-hosf.com

he11o. 1h1s secf1on beg1ns fhe acfua1
message body, Wh1ch 1s de11m1fed fom fhe
message head1ng by a b1ank 11ne.
Anofhor fIoId fhnf Is commonIy found In !IC 822 hondors Is Mossngo-I. ThIs
fIoId confnIns n unIquo IdonfIfIor nssocInfod wIfh fhIs mossngo.

MUITIPURPOS INTRNT MAII XTNSIONS
MIMI Is nn oxfonsIon fo fho !IC 822 frnmowork fhnf Is Infondod fo nddross
somo of fho robIoms nnd IImIfnfIons of fho uso of SMTI (SImIo MnII Trnnsfor
IrofocoI) or somo ofhor mnII frnnsfor rofocoI nnd !IC 822 for oIocfronIc mnII.
Tho foIIowIng IImIfnfIons of fho SMTI/822 schomo:

l. SMTI cnnnof frnnsmIf oxocufnbIo fIIos or ofhor bInnry objocfs. A numbor of
schomos nro In uso for convorfIng bInnry fIIos Info n foxf form fhnf cnn bo usod
by SMTI mnII sysfoms, IncIudIng fho ouInr !IX !!oncodo/!!docodo
schomo. Howovor, nono of fhoso Is n sfnndnrd or ovon n do fncfo sfnndnrd.
2. SMTI cnnnof frnnsmIf foxf dnfn fhnf IncIudos nnfIonnI Inngungo chnrncfors
bocnuso fhoso nro rorosonfod by 8-bIf codos wIfh vnIuos of l28 docImnI or
hIghor, nnd SMTI Is IImIfod fo ?-bIf ASCII.
3. SMTI sorvors mny rojocf mnII mossngo ovor n corfnIn sIzo.
4. SMTI gnfownys fhnf frnnsInfo bofwoon ASCII nnd fho chnrncfor codo IICIC
do nof uso n consIsfonf sof of mnIngs, rosuIfIng In frnnsInfIon robIoms.
5. SMTI gnfownys fo X.400 oIocfronIc mnII nofworks cnnnof hnndIo nonfoxfunI
dnfn IncIudod In X.400 mossngos.
6. Somo SMTI ImIomonfnfIons do nof ndhoro comIofoIy fo fho SMTI sfnndnrds
dofInod In !IC 82l. Common robIoms IncIudo:
oIofIon, nddIfIon, or roordorIng of cnrrIngo rofurn nnd IInofood
TruncnfIng or wrnIng IInos Iongor fhnn ?6 chnrncfors
!omovnI of frnIIIng whIfo snco (fnb nnd snco chnrncfors)
InddIng of IInos In n mossngo fo fho snmo Iongfh
ConvorsIon of fnb chnrncfors Info muIfIIo snco chnrncfors

OvevvIew:
Tho MIMI socIfIcnfIon IncIudos fho foIIowIng oIomonfs:
V IIvo now mossngo hondor fIoIds nro dofInod, whIch mny bo IncIudod In nn !IC
822 hondor. Thoso fIoIds rovIdo InformnfIon nbouf fho body of fho mossngo.

V A numbor of confonf formnfs nro dofInod, fhus sfnndnrdIzIng rorosonfnfIons
fhnf suorf muIfImodIn oIocfronIc mnII.

V Trnnsfor oncodIngs nro dofInod fhnf onnbIo fho convorsIon of nny confonf formnf
Info n form fhnf Is rofocfod from nIfornfIon by fho mnII sysfom.
Tho fite heuJer fielJo dofInod In MIMI nro ns foIIows:

MIM-VevsIon:
Musf hnvo fho nrnmofor vnIuo l.0. ThIs fIoId IndIcnfos fhnf fho mossngo
conforms fo !ICs 2045 nnd 2046.
Content-Type:
oscrIbos fho dnfn confnInod In fho body wIfh suffIcIonf dofnII fhnf fho rocoIvIng
usor ngonf cnn Ick nn nrorInfo ngonf or mochnnIsm fo rorosonf fho dnfn fo
fho usor or ofhorwIso donI wIfh fho dnfn In nn nrorInfo mnnnor.
Content-TvunsIev-ncodIng:
IndIcnfos fho fyo of frnnsformnfIon fhnf hns boon usod fo rorosonf fho body of
fho mossngo In n wny fhnf Is nccofnbIo for mnII frnnsorf.
Content-I:
!sod fo IdonfIfy MIMI onfIfIos unIquoIy In muIfIIo confoxfs.
Content-escvIptIon:
A foxf doscrIfIon of fho objocf wIfh fho body; fhIs Is usofuI whon fho objocf Is nof
rondnbIo (o.g., nudIo dnfn).

MIM Content Types:
Tho buIk of fho MIMI socIfIcnfIon Is concornod wIfh fho dofInIfIon of n vnrIofy
of confonf fyos. ThIs rofIocfs fho nood fo rovIdo sfnndnrdIzod wnys of donIIng wIfh n
wIdo vnrIofy of InformnfIon rorosonfnfIons In n muIfImodIn onvIronmonf.
Type Subtype escvIptIon
Toxf

IInIn !nformnffod foxf; mny bo ASCII or ISO 8859.
InrIchod IrovIdos gronfor formnf fIoxIbIIIfy.
MuIfInrf
MIxod
Tho dIfforonf nrfs nro Indoondonf buf nro fo bo
frnnsmIffod fogofhor. Thoy shouId bo rosonfod fo fho
rocoIvor In fho ordor fhnf fhoy nonr In fho mnII mossngo.
InrnIIoI
Iffors from MIxod onIy In fhnf no ordor Is dofInod for
doIIvorIng fho nrfs fo fho rocoIvor.
AIfornnfIvo
Tho dIfforonf nrfs nro nIfornnfIvo vorsIons of fho snmo
InformnfIon. Thoy nro ordorod In IncronsIng fnIfhfuInoss fo
fho orIgInnI, nnd fho rocIIonf's mnII sysfom shouId
dIsIny fho "bosf" vorsIon fo fho usor.
Igosf
SImIInr fo MIxod, buf fho dofnuIf fyo/subfyo of onch nrf
Is mossngo/rfc822.
Mossngo
rfc822
Tho body Is IfsoIf nn oncnsuInfod mossngo fhnf conforms
fo !IC 822.
InrfInI
!sod fo nIIow frngmonfnfIon of Inrgo mnII Ifoms, In n wny
fhnf Is frnnsnronf fo fho rocIIonf.
IxfornnI-
body
ConfnIns n oInfor fo nn objocf fhnf oxIsfs oIsowhoro.
Imngo
jog Tho Imngo Is In JIIC formnf, JIII oncodIng.
gIf Tho Imngo Is In CII formnf.
VIdoo mog MIIC formnf.
AudIo InsIc
SIngIo-chnnnoI 8-bIf IS mu-Inw oncodIng nf n snmIo
rnfo of 8 kHz.
AIIcnfIon
IosfScrIf Adobo IosfscrIf.
ocfof-sfronm ConornI bInnry dnfn consIsfIng of 8-bIf byfos.

V Ior fho tert type of body, no socInI soffwnro Is roquIrod fo gof fho fuII monnIng
of fho foxf, nsIdo from suorf of fho IndIcnfod chnrncfor sof.
V Tho multipurt type IndIcnfos fhnf fho body confnIns muIfIIo, Indoondonf
nrfs. Tho Confonf-Tyo hondor fIoId IncIudos n nrnmofor, cnIIod boundnry,
fhnf dofInos fho doIImIfor bofwoon body nrfs.
ThIs boundnry shouId nof nonr In nny nrfs of fho mossngo. Inch
boundnry sfnrfs on n now IIno nnd consIsfs of fwo hyhons foIIowod by fho
boundnry vnIuo. Tho fInnI boundnry, whIch IndIcnfos fho ond of fho Insf nrf,
nIso hns n suffIx of fwo hyhons. WIfhIn onch nrf, fhoro mny bo nn ofIonnI
ordInnry MIMI hondor.
V Tho meoouge type rovIdos n numbor of Imorfnnf cnnbIIIfIos In MIMI.
V Tho upplicution type rofors fo ofhor kInds of dnfn, fyIcnIIy oIfhor
unInforrofod bInnry dnfn or InformnfIon fo bo rocossod by n mnII-bnsod
nIIcnfIon.
MIM TvunsIev ncodIngs:

Tho MIMI sfnndnrd dofInos fwo mofhods of oncodIng dnfn. Tho Confonf-
Trnnsfor-IncodIng fIoId cnn ncfunIIy fnko on sIx vnIuos. Howovor, fhroo of fhoso vnIuos
(?bIf, 8bIf, nnd bInnry) IndIcnfo fhnf no oncodIng hns boon dono buf rovIdo somo
InformnfIon nbouf fho nnfuro of fho dnfn.
Anofhor Confonf-Trnnsfor-IncodIng vnIuo Is x-fokon, whIch IndIcnfos fhnf somo

ofhor oncodIng schomo Is usod, for whIch n nnmo Is fo bo suIIod. Two schomos nro
dofInod fo rovIdo n choIco bofwoon n frnnsfor fochnIquo fhnf Is ossonfInIIy humnn
rondnbIo nnd ono fhnf Is snfo for nII fyos of dnfn In n wny fhnf Is ronsonnbIy comncf.

MIM TvunsIev ncodIngs
?bIf Tho dnfn nro nII rorosonfod by shorf IInos of ASCII chnrncfors.
8bIf
Tho IInos nro shorf, buf fhoro mny bo non-ASCII chnrncfors (ocfofs wIfh
fho hIgh-ordor bIf sof).
bInnry
of onIy mny non-ASCII chnrncfors bo rosonf buf fho IInos nro nof
nocossnrIIy shorf onough for SMTI frnnsorf.
quofod-
rInfnbIo
Incodos fho dnfn In such n wny fhnf If fho dnfn boIng oncodod nro mosfIy
ASCII foxf, fho oncodod form of fho dnfn romnIns InrgoIy rocognIznbIo by
humnns.
bnso64
Incodos dnfn by mnIng 6-bIf bIocks of Inuf fo 8-bIf bIocks of oufuf,
nII of whIch nro rInfnbIo ASCII chnrncfors.
x-fokon A nnmod nonsfnndnrd oncodIng.

NutIve und CunonIcuI Iovm
AoIite
Iorn
Tho body fo bo frnnsmIffod Is cronfod In fho sysfom's nnfIvo formnf. Tho
nnfIvo chnrncfor sof Is usod nnd, whoro nrorInfo, IocnI ond-of-IIno
convonfIons nro usod ns woII. Tho body mny bo n !IX-sfyIo foxf fIIo, or n
Sun rnsfor Imngo, or n VMS Indoxod fIIo, or nudIo dnfn In n sysfom-
doondonf formnf sforod onIy In momory, or nnyfhIng oIso fhnf
corrosonds fo fho IocnI modoI for fho rorosonfnfIon of somo form of
InformnfIon. IundnmonfnIIy, fho dnfn Is cronfod In fho "nnfIvo" form fhnf
corrosonds fo fho fyo socIfIod by fho modIn fyo.
Cononicol
Iorn
Tho onfIro body, IncIudIng "ouf-of-bnnd" InformnfIon such ns rocord
Iongfhs nnd ossIbIy fIIo nffrIbufo InformnfIon, Is convorfod fo n unIvorsnI
cnnonIcnI form. Tho socIfIc modIn fyo of fho body ns woII ns Ifs
nssocInfod nffrIbufos dIcfnfo fho nnfuro of fho cnnonIcnI form fhnf Is usod.
ConvorsIon fo fho roor cnnonIcnI form mny InvoIvo chnrncfor sof
convorsIon, frnnsformnfIon of nudIo dnfn, comrossIon, or vnrIous ofhor
oornfIons socIfIc fo fho vnrIous modIn fyos. If chnrncfor sof convorsIon
Is InvoIvod, howovor, cnro musf bo fnkon fo undorsfnnd fho somnnfIos of
fho modIn fyo, whIch mny hnvo sfrong ImIIcnfIons for nny chnrncfor sof
convorsIon (o.g. wIfh rognrd fo synfncfIcnIIy monnIngfuI chnrncfors In n
foxf subfyo ofhor fhnn "InIn").
MlML-ves1on: 1.0
Iom: Nafhan1e1 8oensfe1n <nsb0be11coe.com>
1o: Ned Ieed <ned01nnosoff.com>
5ubecf: A mu1f1paf examp1e
Confenf-1ype: mu1f1paf/m1xed
bounday=un1que-bounday-1
1h1s 1s fhe peamb1e aea of a mu1f1paf message. Ma11 eades fhaf
undesfand mu1f1paf fomaf shou1d 1gnoe fh1s peamb1e. lf you ae
ead1ng fh1s fexf, you m1ghf Wanf fo cons1de chang1ng fo a ma11
eade fhaf undesfands hoW fo pope1y d1sp1ay mu1f1paf messages.
--un1que-bounday-1
...5ome fexf appeas hee...
|Nofe fhaf fhe peced1ng b1ank 11ne means no heade f1e1ds Wee
g1ven and fh1s 1s fexf, W1fh chasef u5 A5Cll. lf cou1d have been
done W1fh exp11c1f fyp1ng as 1n fhe nexf paf.]
--un1que-bounday-1
Confenf-fype: fexf/p1a1n chasef=u5-A5Cll
1h1s cou1d have been paf of fhe pev1ous paf, buf 111usfafes
exp11c1f vesus 1mp11c1f fyp1ng of body pafs.
--un1que-bounday-1
Confenf-1ype: mu1f1paf/paa11e1 bounday=un1que-bounday-2
--un1que-bounday-2
Confenf-1ype: aud1o/bas1c
Confenf-1ansfe-Lncod1ng: base64
... base64-encoded 8000 hz s1ng1e-channe1 mu-1aW-fomaf aud1o dafa
goes hee....
--un1que-bounday-2
Confenf-1ype: 1mage/peg
Confenf-1ansfe-Lncod1ng: base64
... base64-encoded 1mage dafa goes hee....
--un1que-bounday-2--
--un1que-bounday-1
Confenf-fype: fexf/en1ched
1h1s 1s <bo1d><1fa11c>1chfexf.</1fa11c></bo1d> <sma11e>as def1ned
1n kIC 1896</sma11e>
lsn`f 1f <b1gge><b1gge>coo1?</b1gge></b1gge>
--un1que-bounday-1
Confenf-1ype: message/fc822
Iom: {ma11box 1n u5-A5Cll}
1o: {addess 1n u5-A5Cll}
5ubecf: {subecf 1n u5-A5Cll}
Confenf-1ype: 1exf/p1a1n chasef=l5O-8859-1
Confenf-1ansfe-Lncod1ng: quofed-p1nfab1e
... Add1f1ona1 fexf 1n l5O-8859-1 goes hee ...
--un1que-bounday-1--
umpIe MIM Messuge Stvuctuve

S/MIM IUNCTIONAIITY
S/MIMI Is vory sImIInr fo ICI. Iofh offor fho nbIIIfy fo sIgn nnd/or oncryf
mossngos.

Functiono
S/MIMI rovIdos fho foIIowIng funcfIons:
V nveIoped dutu: ThIs consIsfs of oncryfod confonf of nny fyo nnd oncryfod-
confonf oncryfIon koys for ono or moro rocIIonfs.

V SIgned dutu: A dIgIfnI sIgnnfuro Is formod by fnkIng fho mossngo dIgosf of fho
confonf fo bo sIgnod nnd fhon oncryfIng fhnf wIfh fho rIvnfo koy of fho sIgnor.
Tho confonf Ius sIgnnfuro nro fhon oncodod usIng bnso64 oncodIng. A sIgnod
dnfn mossngo cnn onIy bo vIowod by n rocIIonf wIfh S/MIMI cnnbIIIfy.

V CIeuv-sIgned dutu: As wIfh sIgnod dnfn, n dIgIfnI sIgnnfuro of fho confonf Is
formod. Howovor, In fhIs cnso, onIy fho dIgIfnI sIgnnfuro Is oncodod usIng bnso64.
As n rosuIf, rocIIonfs wIfhouf S/MIMI cnnbIIIfy cnn vIow fho mossngo confonf,
nIfhough fhoy cnnnof vorIfy fho sIgnnfuro.

V SIgned und enveIoped dutu: SIgnod-onIy nnd oncryfod-onIy onfIfIos mny bo
nosfod, so fhnf oncryfod dnfn mny bo sIgnod nnd sIgnod dnfn or cIonr-sIgnod
dnfn mny bo oncryfod.
CvyptogvupLIc AIgovItLms:
S/MIMI usos fho foIIowIng formInoIogy, fnkon from !IC 2ll9 fo socIfy fho
roquIromonf IovoI:
MUST:
Tho dofInIfIon Is nn nbsoIufo roquIromonf of fho socIfIcnfIon. An
ImIomonfnfIon musf IncIudo fhIs fonfuro or funcfIon fo bo In conformnnco wIfh fho
socIfIcnfIon.
SHOUI:
Thoro mny oxIsf vnIId ronsons In nrfIcuInr cIrcumsfnncos fo Ignoro fhIs fonfuro
or funcfIon, buf If Is rocommondod fhnf nn ImIomonfnfIon IncIudo fho fonfuro or
funcfIon.
CRYPTOGRAPHIC AIGORITHMS US IN S/MIM
IunctIon RequIvement
Cronfo n mossngo dIgosf fo bo usod In
formIng n dIgIfnI sIgnnfuro.

Incryf mossngo dIgosf fo form dIgIfnI
sIgnnfuro.
M!ST suorf SHA-l.
!ocoIvor SHO!! suorf M5 for bnckwnrd
comnfIbIIIfy.
SondIng nnd rocoIvIng ngonfs M!ST suorf SS.
SondIng ngonfs SHO!! suorf !SA oncryfIon.
!ocoIvIng ngonfs SHO!! suorf vorIfIcnfIon of !SA
sIgnnfuros wIfh koy sIzos 5l2 bIfs fo l024 bIfs.
Incryf sossIon koy for frnnsmIssIon
wIfh mossngo.
SondIng nnd rocoIvIng ngonfs SHO!! suorf IffIo-
HoIImnn.
SondIng nnd rocoIvIng ngonfs M!ST suorf !SA
oncryfIon wIfh koy sIzos 5l2 bIfs fo l024 bIfs.
Incryf mossngo for frnnsmIssIon wIfh
ono-fImo sossIon koy.
SondIng nnd rocoIvIng ngonfs M!ST suorf oncryfIon
wIfh frIIo IS
SondIng ngonfs SHO!! suorf oncryfIon wIfh AIS.
SondIng ngonfs SHO!! suorf oncryfIon wIfh !C2/40.
Cronfo n mossngo nufhonfIcnfIon codo !ocoIvIng ngonfs M!ST suorf HMAC wIfh SHA-l.
!ocoIvIng ngonfs SHO!! suorf HMAC wIfh SHA-l.

S/MIMI Incorornfos three public-key ulgorithmo.

Tho DigiIol SignoIure SIonJorJ (SS) Is fho roforrod nIgorIfhm for dIgIfnI
sIgnnfuro.
S/MIMI IIsfs Diffie-Hellnon ns fho roforrod nIgorIfhm for oncryfIng sossIon
koys; In fncf, S/MIMI usos n vnrInnf of IffIo-HoIImnn fhnf doos rovIdo
oncryfIon/docryfIon, known ns IICnmnI.
As nn nIfornnfIvo, ISA cnn bo usod for bofh sIgnnfuros nnd sossIon koy
oncryfIon. Thoso nro fho snmo nIgorIfhms usod In ICI nnd rovIdo n hIgh IovoI
of socurIfy.

A oenJing ugent hns fwo docIsIons fo mnko. IIrsf, fho sondIng ngonf musf
doformIno If fho rocoIvIng ngonf Is cnnbIo of docryfIng usIng n gIvon oncryfIon
nIgorIfhm. Socond, If fho rocoIvIng ngonf Is onIy cnnbIo of nccofIng wonkIy oncryfod
confonf, fho sondIng ngonf musf docIdo If If Is nccofnbIo fo sond usIng wonk
oncryfIon.
A receiting ugent mny sforo fhnf InformnfIon for fufuro uso.

Tho foIIowIng ruleo shouId bo foIIowod by n oenJing ugent:
l. If fho sondIng ngonf hns n IIsf of roforrod docryfIng cnnbIIIfIos from nn
Infondod rocIIonf, If SHO!! chooso fho fIrsf (hIghosf roforonco) cnnbIIIfy on
fho IIsf fhnf If Is cnnbIo of usIng.
2. If fho sondIng ngonf hns no such IIsf of cnnbIIIfIos from nn Infondod rocIIonf
buf hns rocoIvod ono or moro mossngos from fho rocIIonf, fhon fho oufgoIng
mossngo SHO!! uso fho snmo oncryfIon nIgorIfhm ns wns usod on fho Insf
sIgnod nnd oncryfod mossngo rocoIvod from fhnf Infondod rocIIonf.
3. If fho sondIng ngonf hns no knowIodgo nbouf fho docryfIon cnnbIIIfIos of fho
Infondod rocIIonf nnd Is wIIIIng fo rIsk fhnf fho rocIIonf mny nof bo nbIo fo
docryf fho mossngo, fhon fho sondIng ngonf SHO!! uso frIIoIS.
4. If fho sondIng ngonf hns no knowIodgo nbouf fho docryfIon cnnbIIIfIos of fho
Infondod rocIIonf nnd Is nof wIIIIng fo rIsk fhnf fho rocIIonf mny nof bo nbIo fo
docryf fho mossngo, fhon fho sondIng ngonf M!ST uso !C2/40.
If n mossngo Is fo bo sonf fo muIfIIo rocIIonfs nnd n common oncryfIon

nIgorIfhm cnnnof bo soIocfod for nII, fhon fho sondIng ngonf wIII nood fo sond fwo
mossngos. Howovor, In fhnf cnso, If Is Imorfnnf fo nofo fhnf fho socurIfy of fho
mossngo Is mndo vuInornbIo by fho frnnsmIssIon of ono coy wIfh Iowor socurIfy.

S/MIM MSSAGS
S/MIMI mnkos uso of n numbor of now MIMI confonf fyos.

S/MIM Content Types
Type Subtype smIme
Puvumetev
escvIptIon
MuIfInrf SIgnod
A cIonr-sIgnod mossngo In fwo nrfs:
ono Is fho mossngo nnd fho ofhor Is fho
sIgnnfuro.
AIIcnfIon
kcs ?-mImo sIgnodnfn A sIgnod S/MIMI onfIfy.
kcs ?-mImo onvoIoodnfn An oncryfod S/MIMI onfIfy.
kcs ?-mImo
dogonornfo
sIgnodnfn
An onfIfy confnInIng onIy ubIIc- koy
corfIfIcnfos.
kcs ?-mImo Comrossodnfn A comrossod S/MIMI onfIfy
kcs
?-sIgnnfuro
sIgnodnfn Tho confonf fyo of fho sIgnnfuro
subnrf of n muIfInrf/sIgnod mossngo.

SecuvIng u MIM ntIty:
S/MIMI socuros n MIMI onfIfy wIfh n sIgnnfuro, oncryfIon, or bofh. A MIMI
onfIfy mny bo nn onfIro mossngo (oxcof for fho !IC 822 hondors), or If fho MIMI
confonf fyo Is muIfInrf, fhon n MIMI onfIfy Is ono or moro of fho subnrfs of fho
mossngo.
Tho MIMI onfIfy Is ronrod nccordIng fo fho normnI ruIos for MIMI mossngo
ronrnfIon. Thon fho MIMI onfIfy Ius somo socurIfy-roInfod dnfn, such ns nIgorIfhm
IdonfIfIors nnd corfIfIcnfos, nro rocossod by S/MIMI fo roduco whnf Is known ns n
IKCS objocf.
A IKCS objocf Is fhon fronfod ns mossngo confonf nnd wrnod In MIMI

(rovIdod wIfh nrorInfo MIMI hondors).

S/MIM content types:
EntelopeJ Dutu
Tho sfos for ronrIng nn onvoIoodnfn MIMI onfIfy nro ns foIIows:
1. Conornfo n soudornndom sossIon koy for n nrfIcuInr symmofrIc oncryfIon
nIgorIfhm (!C2/40 or frIIoIS).
2. Ior onch rocIIonf, oncryf fho sossIon koy wIfh fho rocIIonf's ubIIc !SA koy.
3. Ior onch rocIIonf, ronro n bIock known ns !ocIIonfInfo fhnf confnIns nn
IdonfIfIor of fho rocIIonf's ubIIc-koy corfIfIcnfo, nn IdonfIfIor of fho nIgorIfhm usod
fo oncryf fho sossIon koy, nnd fho oncryfod sossIon koy.
4. Incryf fho mossngo confonf wIfh fho sossIon koy.

SigneJ Dutu
Tho sfos for ronrIng n sIgnodnfn MIMI onfIfy nro ns foIIows:
1. SoIocf n mossngo dIgosf nIgorIfhm (SHA or M5).
2. Comufo fho mossngo dIgosf, or hnsh funcfIon, of fho confonf fo bo sIgnod.
3. Incryf fho mossngo dIgosf wIfh fho sIgnor's rIvnfo koy.
4. Ironro n bIock known ns SIgnorInfo fhnf confnIns fho sIgnor's ubIIc-koy
corfIfIcnfo, nn IdonfIfIor of fho mossngo dIgosf nIgorIfhm, nn IdonfIfIor of fho
nIgorIfhm usod fo oncryf fho mossngo dIgosf, nnd fho oncryfod mossngo dIgosf.

Cleur Signing
CIonr sIgnIng Is nchIovod usIng fho muIfInrf confonf fyo wIfh n sIgnod
subfyo.
A muIfInrf/sIgnod mossngo hns fwo nrfs.
Tho fIrsf nrf cnn bo nny MIMI fyo buf musf bo ronrod so fhnf If wIII nof bo
nIforod durIng frnnsfor from sourco fo dosfInnfIon.

Regiotrution Requeot
TyIcnIIy, nn nIIcnfIon or usor wIII nIy fo n corfIfIcnfIon nufhorIfy for n
ubIIc-koy corfIfIcnfo. Tho nIIcnfIon/kcsl0 S/MIMI onfIfy Is usod fo frnnsfor
n corfIfIcnfIon roquosf.

Tho corfIfIcnfIon roquosf IncIudos corfIfIcnfIon!oquosfInfo bIock, foIIowod by nn
IdonfIfIor of fho ubIIc-koy oncryfIon nIgorIfhm, foIIowod by fho sIgnnfuro of fho
corfIfIcnfIon!oquosfInfo bIock, mndo usIng fho sondor's rIvnfo koy.

Tho corfIfIcnfIon!oquosfInfo bIock IncIudos n nnmo of fho corfIfIcnfo subjocf (fho
onfIfy whoso ubIIc koy Is fo bo corfIfIod) nnd n bIf-sfrIng rorosonfnfIon of fho
usor's ubIIc koy.

Certificuteo-Only Meoouge
A mossngo confnInIng onIy corfIfIcnfos or n corfIfIcnfo rovocnfIon IIsf (C!!) cnn
bo sonf In rosonso fo n rogIsfrnfIon roquosf.

Tho mossngo Is nn nIIcnfIon/kcs?-mImo fyo/subfyo wIfh nn smImo-fyo
nrnmofor of dogonornfo.

Tho sfos InvoIvod nro fho snmo ns fhoso for cronfIng n sIgnodnfn mossngo,
oxcof fhnf fhoro Is no mossngo confonf nnd fho sIgnorInfo fIoId Is omfy.

S/MIM CRTIIICAT PROCSSING
S/MIMI usos ubIIc-koy corfIfIcnfos fhnf conform fo vorsIon 3 of X.509.

Tho koy-mnnngomonf schomo usod by S/MIMI Is In somo wnys n hybrId bofwoon
n sfrIcf X.509 corfIfIcnfIon hIornrchy nnd ICI's wob of frusf.

As wIfh fho ICI modoI, S/MIMI mnnngors nnd/or usors musf confIguro onch
cIIonf wIfh n IIsf of frusfod koys nnd wIfh corfIfIcnfo rovocnfIon IIsfs.
Usev Agent RoIe:

An S/MIMI usor hns sovornI koy-mnnngomonf funcfIons fo orform:
Key generution
Tho usor of somo roInfod ndmInIsfrnfIvo ufIIIfy (o.g., ono nssocInfod wIfh !A
mnnngomonf) M!ST bo cnnbIo of gonornfIng sonrnfo IffIo-HoIImnn nnd SS koy
nIrs nnd SHO!! bo cnnbIo of gonornfIng !SA koy nIrs.
Inch koy nIr M!ST bo gonornfod from n good sourco of nondoformInIsfIc
rnndom Inuf nnd bo rofocfod In n socuro fnshIon. A usor ngonf SHO!! gonornfo
!SA koy nIrs wIfh n Iongfh In fho rnngo of ?68 fo l024 bIfs nnd M!ST OT gonornfo
n Iongfh of Ioss fhnn 5l2 bIfs.
Regiotrution
A usor's ubIIc koy musf bo rogIsforod wIfh n corfIfIcnfIon nufhorIfy In ordor fo
rocoIvo nn X.509 ubIIc-koy corfIfIcnfo.
Certificute otoruge unJ retrietul
A usor roquIros nccoss fo n IocnI IIsf of corfIfIcnfos In ordor fo vorIfy IncomIng
sIgnnfuros nnd fo oncryf oufgoIng mossngos. Such n IIsf couId bo mnInfnInod by fho
usor or by somo IocnI ndmInIsfrnfIvo onfIfy on bohnIf of n numbor of usors.

VevISIgn CevtIIIcutes
Thoro nro sovornI comnnIos fhnf rovIdo corfIfIcnfIon nufhorIfy (CA) sorvIcos.
VorISIgn rovIdos n CA sorvIco fhnf Is Infondod fo bo comnfIbIo wIfh S/MIMI nnd n
vnrIofy of ofhor nIIcnfIons. VorISIgn Issuos X.509 corfIfIcnfos wIfh fho roducf nnmo
VorISIgn IgIfnI I.
Tho InformnfIon confnInod In n IgIfnI I doonds on fho fyo of IgIfnI I nnd
Ifs uso. Af n mInImum, onch IgIfnI I confnIns
Ownor's ubIIc koy
Ownor's nnmo or nIIns
IxIrnfIon dnfo of fho IgIfnI I
SorInI numbor of fho IgIfnI I
nmo of fho corfIfIcnfIon nufhorIfy fhnf Issuod fho IgIfnI I
IgIfnI sIgnnfuro of fho corfIfIcnfIon nufhorIfy fhnf Issuod fho IgIfnI I
IgIfnI Is cnn nIso confnIn ofhor usor-suIIod InformnfIon, IncIudIng

Addross
I-mnII nddross
InsIc rogIsfrnfIon InformnfIon (counfry, zI codo, ngo, nnd gondor)

VorISIgn rovIdos fhroo IovoIs, or cInssos, of socurIfy for ubIIc-koy corfIfIcnfos.
Tho foIIowIng rocoduros nro usod:
V Ior CInss l IgIfnI Is, VorISIgn confIrms fho usor's o-mnII nddross by sondIng n
II nnd IgIfnI I Ick-u InformnfIon fo fho o-mnII nddross rovIdod In fho
nIIcnfIon.
V Ior CInss 2 IgIfnI Is, VorISIgn vorIfIos fho InformnfIon In fho nIIcnfIon
fhrough nn nufomnfod comnrIson wIfh n consumor dnfnbnso In nddIfIon fo
orformIng nII of fho chockIng nssocInfod wIfh n CInss l IgIfnI I. IInnIIy,
confIrmnfIon Is sonf fo fho socIfIod osfnI nddross nIorfIng fho usor fhnf n
IgIfnI I hns boon Issuod In hIs or hor nnmo.
V Ior CInss 3 IgIfnI Is, VorISIgn roquIros n hIghor IovoI of IdonfIfy nssurnnco.
An IndIvIdunI musf rovo hIs or hor IdonfIfy by rovIdIng nofnrIzod crodonfInIs
or nIyIng In orson.

NHANC SCURITY SRVICS
Tho fhroo sorvIcos nro ns foIIows:
SigneJ receipto:
A sIgnod rocoIf mny bo roquosfod In n SIgnodnfn objocf. !ofurnIng n sIgnod
rocoIf rovIdos roof of doIIvory fo fho orIgInnfor of n mossngo nnd nIIows fho
orIgInnfor fo domonsfrnfo fo n fhIrd nrfy fhnf fho rocIIonf rocoIvod fho mossngo.

Security lubelo:
A socurIfy InboI mny bo IncIudod In fho nufhonfIcnfod nffrIbufos of n SIgnodnfn
objocf. A socurIfy InboI Is n sof of socurIfy InformnfIon rognrdIng fho sonsIfIvIfy of fho
confonf fhnf Is rofocfod by S/MIMI oncnsuInfIon. Tho InboIs mny bo usod for nccoss
confroI, by IndIcnfIng whIch usors nro ormIffod nccoss fo nn objocf.
VeriSign Public-Key Certificute Cluooeo

Summuvy oI
ConIIvmutIon oI
IdentIty
IA PvIvute
Key
PvotectIon
CevtIIIcute
AppIIcunt und
SubscvIbev
PvIvute Key
PvotectIon
AppIIcutIons
ImpIemented ov
contempIuted by
Usevs
CInss l
Aufomnfod
unnmbIguous
nnmo nnd o-mnII
nddross sonrch
ICA:
frusfworfhy
hnrdwnro;
CA: frusf-
worfhy
soffwnro or
frusfworfhy
hnrdwnro
IncryfIon
soffwnro (II
rofocfod)
rocommondod
buf nof roquIrod
Wob-browsIng nnd
corfnIn o-mnII usngo
CInss 2
Snmo ns CInss l,
Ius nufomnfod
onroIImonf
InformnfIon chock
Ius nufomnfod
nddross chock
ICA nnd CA:
frusfworfhy
hnrdwnro
IncryfIon
soffwnro (II
rofocfod)
roquIrod
IndIvIdunI nnd Infrn
nnd Infor-comnny I-
mnII, onIIno
subscrIfIons,
nssword
roIncomonf, nnd
soffwnro vnIIdnfIon
CInss 3
Snmo ns CInss l,
Ius orsonnI
rosonco nnd I
documonfs Ius
CInss 2
nufomnfod I
chock for
IndIvIdunIs;
busInoss rocords
(or fIIIngs) for
orgnnIznfIons
ICA nnd CA:
frusfworfhy
hnrdwnro
IncryfIon
soffwnro (II
rofocfod)
roquIrod;
hnrdwnro fokon
rocommondod
buf nof roquIrod
I-bnnkIng, cor,
dnfnbnso nccoss,
orsonnI bnnkIng,
momborshI-bnsod
onIIno sorvIcos,
confonf InfogrIfy
sorvIcos, o-commorco
sorvor, soffwnro
vnIIdnfIon;
nufhonfIcnfIon of
!!AAs; nnd sfrong
oncryfIon for corfnIn
sorvors
IA : IssuIng AufhorIfy
CA : CorfIfIcnfIon AufhorIfy
ICA : VorISIgn ubIIc rImnry corfIfIcnfIon nufhorIfy
II : IorsonnI IdonfIfIcnfIon umbor
!!AA : !ocnI !ogIsfrnfIon AufhorIfy AdmInIsfrnfor
Secure muiling lioto:

Whon n usor sonds n mossngo fo muIfIIo rocIIonfs, n corfnIn nmounf of or-
rocIIonf rocossIng Is roquIrod, IncIudIng fho uso of onch rocIIonf's ubIIc koy. Tho
usor cnn bo roIIovod of fhIs work by omIoyIng fho sorvIcos of nn S/MIMI MnII !Isf
Agonf (M!A).
An M!A cnn fnko n sIngIo IncomIng mossngo, orform fho rocIIonf-socIfIc
oncryfIon for onch rocIIonf, nnd forwnrd fho mossngo. Tho orIgInnfor of n mossngo
nood onIy sond fho mossngo fo fho M!A, wIfh oncryfIon orformod usIng fho M!A's
ubIIc koy.

4.3 IP SCURITY
V II socurIfy (IISoc) Is n cnnbIIIfy fhnf cnn bo nddod fo oIfhor curronf vorsIon
of fho Infornof IrofocoI (IIv4 or IIv6), by monns of nddIfIonnI hondors.
V IISoc oncomnssos fhroo funcfIonnI nrons: nufhonfIcnfIon, confIdonfInIIfy,
nnd koy mnnngomonf.
V AufhonfIcnfIon mnkos uso of fho HMAC mossngo nufhonfIcnfIon codo.
AufhonfIcnfIon cnn bo nIIod fo fho onfIro orIgInnI II nckof (funnoI modo)
or fo nII of fho nckof oxcof for fho II hondor (frnnsorf modo).
V ConfIdonfInIIfy Is rovIdod by nn oncryfIon formnf known ns oncnsuInfIng
socurIfy nyIond. Iofh funnoI nnd frnnsorf modos cnn bo nccommodnfod.
V IISoc dofInos n numbor of fochnIquos for koy mnnngomonf.

C.1 IP SCURITY OVRVIW
Tho IAI IncIudod nufhonfIcnfIon nnd oncryfIon ns nocossnry socurIfy fonfuros
In fho noxf-gonornfIon II, whIch hns boon Issuod ns IIv6.
IorfunnfoIy, fhoso socurIfy cnnbIIIfIos woro dosIgnod fo bo usnbIo bofh wIfh fho
curronf IIv4 nnd fho fufuro IIv6.

APPIICATIONS OI IPSC
IISoc rovIdos fho cnnbIIIfy fo socuro communIcnfIons ncross n !A, ncross
rIvnfo nnd ubIIc WAs, nnd ncross fho Infornof.

Secure brunch office connectitity oter the 1nternet:
A comnny cnn buIId n socuro vIrfunI rIvnfo nofwork ovor fho Infornof or ovor n
ubIIc WA. ThIs onnbIos n busInoss fo roIy honvIIy on fho Infornof nnd roduco Ifs nood
for rIvnfo nofworks, snvIng cosfs nnd nofwork mnnngomonf ovorhond.

Secure remote ucceoo oter the 1nternet:
An ond usor whoso sysfom Is oquIod wIfh II socurIfy rofocoIs cnn mnko n
IocnI cnII fo nn Infornof sorvIco rovIdor (ISI) nnd gnIn socuro nccoss fo n comnny
nofwork. ThIs roducos fho cosf of foII chnrgos for frnvoIIng omIoyoos nnd
foIocommufors.

Eotubliohing ertrunet unJ intrunet connectitity uith purtnero:
IISoc cnn bo usod fo socuro communIcnfIon wIfh ofhor orgnnIznfIons, onsurIng
nufhonfIcnfIon nnd confIdonfInIIfy nnd rovIdIng n koy oxchnngo mochnnIsm.

Enhuncing electronic commerce oecurity:
Ivon fhough somo Wob nnd oIocfronIc commorco nIIcnfIons hnvo buIIf-In
socurIfy rofocoIs, fho uso of IISoc onhnncos fhnf socurIfy.

Tho rIncInI fonfuro of IISoc fhnf onnbIos If fo suorf fhoso vnrIod
nIIcnfIons Is fhnf If cnn oncryf nnd/or nufhonfIcnfo nII frnffIc nf fho II IovoI.
Thus, nII dIsfrIbufod nIIcnfIons, IncIudIng romofo Iogon, cIIonf/sorvor, o-mnII,
fIIo frnnsfor, Wob nccoss, nnd so on, cnn bo socurod.

IoIow fIguro IIIusfrnfos fho IISoc SconnrIo. An orgnnIznfIon mnInfnIns !As nf
dIsorsod IocnfIons. onsocuro II frnffIc Is conducfod on onch !A.
Ior frnffIc offsIfo, fhrough somo sorf of rIvnfo or ubIIc WA, IISoc rofocoIs
nro usod. Thoso rofocoIs oornfo In nofworkIng dovIcos, such ns n roufor or fIrownII,
fhnf connocf onch !A fo fho oufsIdo worId.

Tho IISoc nofworkIng dovIco wIII fyIcnIIy oncryf nnd comross nII frnffIc goIng
Info fho WA, nnd docryf nnd docomross frnffIc comIng from fho WA; fhoso
oornfIons nro frnnsnronf fo worksfnfIons nnd sorvors on fho !A.
Socuro frnnsmIssIon Is nIso ossIbIo wIfh IndIvIdunI usors who dInI Info fho
WA. Such usor worksfnfIons musf ImIomonf fho IISoc rofocoIs fo rovIdo socurIfy.

An 1P Security Scenurio

BNIITS OI IPSC
Tho foIIowIng bonofIfs of IISoc:
V Whon IISoc Is ImIomonfod In n fIrownII or roufor, If rovIdos sfrong socurIfy
fhnf cnn bo nIIod fo nII frnffIc crossIng fho orImofor. TrnffIc wIfhIn n comnny
or workgrou doos nof Incur fho ovorhond of socurIfy-roInfod rocossIng.
V IISoc In n fIrownII Is rosIsfnnf fo bynss If nII frnffIc from fho oufsIdo musf uso
II, nnd fho fIrownII Is fho onIy monns of onfrnnco from fho Infornof Info fho
orgnnIznfIon.

V IISoc Is boIow fho frnnsorf Inyor (TCI, !I) nnd so Is frnnsnronf fo
nIIcnfIons. Thoro Is no nood fo chnngo soffwnro on n usor or sorvor sysfom
whon IISoc Is ImIomonfod In fho fIrownII or roufor. Ivon If IISoc Is
ImIomonfod In ond sysfoms, uor-Inyor soffwnro, IncIudIng nIIcnfIons, Is nof
nffocfod.
V IISoc cnn bo frnnsnronf fo ond usors. Thoro Is no nood fo frnIn usors on
socurIfy mochnnIsms, Issuo koyIng mnforInI on n or-usor bnsIs, or rovoko koyIng
mnforInI whon usors Ionvo fho orgnnIznfIon.
V IISoc cnn rovIdo socurIfy for IndIvIdunI usors If noodod. ThIs Is usofuI for offsIfo
workors nnd for soffIng u n socuro vIrfunI subnofwork wIfhIn nn orgnnIznfIon
for sonsIfIvo nIIcnfIons.

ROUTING APPIICATIONS
In nddIfIon fo suorfIng ond usors nnd rofocfIng romIsos sysfoms nnd
nofworks, IISoc cnn Iny n vIfnI roIo In fho roufIng nrchIfocfuro roquIrod for
InfornofworkIng.

IISoc cnn nssuro fhnf
A roufor ndvorfIsomonf (n now roufor ndvorfIsos Ifs rosonco) comos from nn
nufhorIzod roufor
A noIghbor ndvorfIsomonf (n roufor sooks fo osfnbIIsh or mnInfnIn n noIghbor
roInfIonshI wIfh n roufor In nnofhor roufIng domnIn) comos from nn nufhorIzod
roufor.
A rodIrocf mossngo comos from fho roufor fo whIch fho InIfInI nckof wns sonf.
A roufIng udnfo Is nof forgod.

WIfhouf such socurIfy monsuros, nn oononf cnn dIsruf communIcnfIons or
dIvorf somo frnffIc. !oufIng rofocoIs such ns OSII shouId bo run on fo of socurIfy
nssocInfIons bofwoon roufors fhnf nro dofInod by IISoc.

C.2 IP SCURITY ARCHITCTUR

Tho IISoc socIfIcnfIon hns bocomo quIfo comIox.

IPSC OCUMNTS
Tho IISoc socIfIcnfIon consIsfs of numorous documonfs. Tho mosf Imorfnnf of
fhoso nro !ICs 240l, 2402, 2406, nnd 2408:
RFC 2401: An ovorvIow of socurIfy nrchIfocfuro
RFC 2402: oscrIfIon of n nckof nufhonfIcnfIon oxfonsIon fo IIv4 nnd IIv6
RFC 2406: oscrIfIon of n nckof oncryfIon oxfonsIon fo IIv4 nnd IIv6
RFC 240S: SocIfIcnfIon of koy mnnngomonf cnnbIIIfIos

Tho documonfs nro dIvIdod Info sovon grous (!IC 240l):
AvcLItectuve:
Covors fho gonornI concofs, socurIfy roquIromonfs, dofInIfIons, nnd mochnnIsms
dofInIng IISoc fochnoIogy.

ncupsuIutIng SecuvIty PuyIoud (SP):
Covors fho nckof formnf nnd gonornI Issuos roInfod fo fho uso of fho ISI for
nckof oncryfIon nnd, ofIonnIIy, nufhonfIcnfIon.

AutLentIcutIon Heudev (AH):
Covors fho nckof formnf nnd gonornI Issuos roInfod fo fho uso of AH for nckof
nufhonfIcnfIon.

ncvyptIon AIgovItLm:
A sof of documonfs fhnf doscrIbo how vnrIous oncryfIon nIgorIfhms nro usod for
ISI.

AutLentIcutIon AIgovItLm:
A sof of documonfs fhnf doscrIbo how vnrIous nufhonfIcnfIon nIgorIfhms nro usod
for AH nnd for fho nufhonfIcnfIon ofIon of ISI.
Key Munugement:
ocumonfs fhnf doscrIbo koy mnnngomonf schomos.

omuIn oI IntevpvetutIon (OI):
ConfnIns vnIuos noodod for fho ofhor documonfs fo roInfo fo onch ofhor. Thoso
IncIudo IdonfIfIors for nrovod oncryfIon nnd nufhonfIcnfIon nIgorIfhms, ns
woII ns oornfIonnI nrnmofors such ns koy IIfofImo.

1PSec Document Otertieu
IPSC SRVICS
IISoc rovIdos socurIfy sorvIcos nf fho II Inyor by onnbIIng n sysfom fo soIocf
roquIrod socurIfy rofocoIs, doformIno fho nIgorIfhm(s) fo uso for fho sorvIco(s), nnd uf
In Inco nny cryfogrnhIc koys roquIrod fo rovIdo fho roquosfod sorvIcos.
Two rofocoIs nro usod fo rovIdo socurIfy: nn nufhonfIcnfIon rofocoI dosIgnnfod

by fho hondor of fho rofocoI, AufhonfIcnfIon Hondor (AH); nnd n combInod
oncryfIon/nufhonfIcnfIon rofocoI dosIgnnfod by fho formnf of fho nckof for fhnf
rofocoI, IncnsuInfIng SocurIfy InyIond (ISI). Tho sorvIcos nro
Accoss confroI
ConnocfIonIoss InfogrIfy
nfn orIgIn nufhonfIcnfIon
!ojocfIon of roInyod nckofs (n form of nrfInI soquonco InfogrIfy)
ConfIdonfInIIfy (oncryfIon)
!ImIfod frnffIc fIow confIdonfInIIfy

1PSec Serticeo

Abovo fnbIo shows whIch sorvIcos nro rovIdod by fho AH nnd ISI rofocoIs. Ior
ISI, fhoro nro fwo cnsos: wIfh nnd wIfhouf fho nufhonfIcnfIon ofIon. Iofh AH nnd
ISI nro vohIcIos for nccoss confroI, bnsod on fho dIsfrIbufIon of cryfogrnhIc koys nnd
fho mnnngomonf of frnffIc fIows roInfIvo fo fhoso socurIfy rofocoIs.

SCURITY ASSOCIATIONS
A koy concof fhnf nonrs In bofh fho nufhonfIcnfIon nnd confIdonfInIIfy
mochnnIsms for II Is fho socurIfy nssocInfIon (SA).
An nssocInfIon Is n ono-wny roInfIonshI bofwoon n sondor nnd n rocoIvor fhnf
nffords socurIfy sorvIcos fo fho frnffIc cnrrIod on If.
If n oor roInfIonshI Is noodod, for fwo-wny socuro oxchnngo, fhon fwo

socurIfy nssocInfIons nro roquIrod.
SocurIfy sorvIcos nro nffordod fo nn SA for fho uso of AH or ISI, buf nof bofh.

A socurIfy nssocInfIon Is unIquoIy IdonfIfIod by three purumetero:
Security Purumetero 1nJer (SP1):
A bIf sfrIng nssIgnod fo fhIs SA nnd hnvIng IocnI sIgnIfIcnnco onIy. Tho SII Is
cnrrIod In AH nnd ISI hondors fo onnbIo fho rocoIvIng sysfom fo soIocf fho SA undor
whIch n rocoIvod nckof wIII bo rocossod.
1P Deotinution AJJreoo:
CurronfIy, onIy unIcnsf nddrossos nro nIIowod; fhIs Is fho nddross of fho
dosfInnfIon ondoInf of fho SA, whIch mny bo nn ond usor sysfom or n nofwork sysfom
such ns n fIrownII or roufor.
Security Protocol 1Jentifier:
ThIs IndIcnfos whofhor fho nssocInfIon Is nn AH or ISI socurIfy nssocInfIon.

Honco, In nny II nckof,fho socurIfy nssocInfIon Is unIquoIy IdonfIfIod by fho
osfInnfIon Addross In fho IIv4 or IIv6 hondor nnd fho SII In fho oncIosod oxfonsIon
hondor (AH or ISI).

SA Puvumetevs:
A socurIfy nssocInfIon Is normnIIy dofInod by fho foIIowIng nrnmofors:
V Sequence umber Counter: A 32-bIf vnIuo usod fo gonornfo fho Soquonco
umbor fIoId In AH or ISI hondors. (!oquIrod for nII ImIomonfnfIons).
V Sequence Counter Oterflou: A fIng IndIcnfIng whofhor ovorfIow of fho
Soquonco umbor Counfor shouId gonornfo nn nudIfnbIo ovonf nnd rovonf
furfhor frnnsmIssIon of nckofs on fhIs SA (roquIrod for nII ImIomonfnfIons).
V Anti-Repluy WinJou: !sod fo doformIno whofhor nn Inbound AH or ISI
nckof Is n roIny. (!oquIrod for nII ImIomonfnfIons).
V AH 1nformution: AufhonfIcnfIon nIgorIfhm, koys, koy IIfofImos, nnd roInfod
nrnmofors boIng usod wIfh AH (roquIrod for AH ImIomonfnfIons).
V ESP 1nformution: IncryfIon nnd nufhonfIcnfIon nIgorIfhm, koys, InIfInIIznfIon

vnIuos, koy IIfofImos, nnd roInfod nrnmofors boIng usod wIfh ISI (roquIrod for
ISI ImIomonfnfIons).
V Lifetime of Thio Security Aooociution: A fImo InforvnI or byfo counf nffor
whIch nn SA musf bo roIncod wIfh n now SA (nnd now SII) or formInnfod, Ius
nn IndIcnfIon of whIch of fhoso ncfIons shouId occur (roquIrod for nII
ImIomonfnfIons).
V 1PSec Protocol MoJe: TunnoI, frnnsorf, or wIIdcnrd (roquIrod for nII
ImIomonfnfIons). Thoso modos nro dIscussod Infor In fhIs socfIon.
V Puth MTU: Any obsorvod nfh mnxImum frnnsmIssIon unIf (mnxImum sIzo of n
nckof fhnf cnn bo frnnsmIffod wIfhouf frngmonfnfIon) nnd ngIng vnrInbIos
(roquIrod for nII ImIomonfnfIons).

Tho koy mnnngomonf mochnnIsm fhnf Is usod fo dIsfrIbufo koys Is couIod fo fho
nufhonfIcnfIon nnd rIvncy mochnnIsms onIy by wny of fho SocurIfy Inrnmofors Indox.

Honco, nufhonfIcnfIon nnd rIvncy hnvo boon socIfIod Indoondonf of nny
socIfIc koy mnnngomonf mochnnIsm.

SA SeIectovs:
IISoc rovIdos fho usor wIfh consIdornbIo fIoxIbIIIfy In fho wny In whIch IISoc
sorvIcos nro nIIod fo II frnffIc.

Tho monns by whIch II frnffIc Is roInfod fo socIfIc SAs (or no SA In fho cnso of
frnffIc nIIowod fo bynss IISoc) Is fho nomInnI SocurIfy IoIIcy nfnbnso (SI).

Inch SI onfry Is dofInod by n sof of II nnd uor-Inyor rofocoI fIoId vnIuos,
cnIIod oelectoro.

In offocf, fhoso soIocfors nro usod fo fIIfor oufgoIng frnffIc In ordor fo mn If Info
n nrfIcuInr SA.
Oufbound rocossIng oboys fho foIIowIng gonornI soquonco for onch II nckof:
Comnro fho vnIuos of fho nrorInfo fIoIds In fho nckof (fho soIocfor fIoIds)
ngnInsf fho SI fo fInd n mnfchIng SI onfry, whIch wIII oInf fo zoro or moro
SAs.
oformIno fho SA If nny for fhIs nckof nnd Ifs nssocInfod SII.
o fho roquIrod IISoc rocossIng (I.o., AH or ISI rocossIng).

Tho foIIowIng soIocfors doformIno nn SI onfry:
V Deotinution 1P AJJreoo:
ThIs mny bo n sIngIo II nddross, nn onumornfod IIsf or rnngo of nddrossos,
or n wIIdcnrd (mnsk) nddross. Tho Inffor fwo nro roquIrod fo suorf moro fhnn
ono dosfInnfIon sysfom shnrIng fho snmo SA (o.g., bohInd n fIrownII).
V Source 1P AJJreoo:
ThIs mny bo n sIngIo II nddross, nn onumornfod IIsf or rnngo of nddrossos,
or n wIIdcnrd (mnsk) nddross. Tho Inffor fwo nro roquIrod fo suorf moro fhnn
ono sourco sysfom shnrIng fho snmo SA (o.g., bohInd n fIrownII).
V Uoer1D:
A usor IdonfIfIor from fho oornfIng sysfom. ThIs Is nof n fIoId In fho II or
uor-Inyor hondors buf Is nvnIInbIo If IISoc Is runnIng on fho snmo oornfIng
sysfom ns fho usor.
V Dutu Senoititity Letel:
!sod for sysfoms rovIdIng InformnfIon fIow socurIfy (o.g., Socrof or
!ncInssIfIod).
V Trunoport Luyer Protocol:
ObfnInod from fho IIv4 IrofocoI or IIv6 oxf Hondor fIoId. ThIs mny bo
nn IndIvIdunI rofocoI numbor, n IIsf of rofocoI numbors, or n rnngo of rofocoI
numbors.
V Source unJ Deotinution Porto:
Thoso mny bo IndIvIdunI TCI or !I orf vnIuos, nn onumornfod IIsf of
orfs, or n wIIdcnrd orf.

TRANSPORT AN TUNNI MOS

Iofh AH nnd ISI suorf fwo modos of uso: frnnsorf nnd funnoI modo.

Tvunspovt Mode:
Trnnsorf modo rovIdos rofocfIon rImnrIIy for uor-Inyor rofocoIs. Thnf Is,
frnnsorf modo rofocfIon oxfonds fo fho nyIond of nn II nckof. IxnmIos IncIudo n
TCI or !I sogmonf or nn ICMI nckof, nII of whIch oornfo dIrocfIy nbovo II In n
hosf rofocoI sfnck.

TyIcnIIy, frnnsorf modo Is usod for ond-fo-ond communIcnfIon bofwoon fwo
hosfs (o.g., n cIIonf nnd n sorvor, or fwo worksfnfIons). Whon n hosf runs AH or ISI
ovor IIv4, fho nyIond Is fho dnfn fhnf normnIIy foIIow fho II hondor.

Ior IIv6, fho nyIond Is fho dnfn fhnf normnIIy foIIow bofh fho II hondor nnd
nny IIv6 oxfonsIons hondors fhnf nro rosonf, wIfh fho ossIbIo oxcofIon of fho
dosfInnfIon ofIons hondor, whIch mny bo IncIudod In fho rofocfIon.

ISI In frnnsorf modo oncryfs nnd ofIonnIIy nufhonfIcnfos fho II nyIond buf
nof fho II hondor. AH In frnnsorf modo nufhonfIcnfos fho II nyIond nnd soIocfod
orfIons of fho II hondor.

TunneI Mode:
TunnoI modo rovIdos rofocfIon fo fho onfIro II nckof. To nchIovo fhIs, nffor
fho AH or ISI fIoIds nro nddod fo fho II nckof, fho onfIro nckof Ius socurIfy fIoIds Is
fronfod ns fho nyIond of now "oufor" II nckof wIfh n now oufor II hondor.

Tho onfIro orIgInnI, or Innor, nckof frnvoIs fhrough n "funnoI" from ono oInf of
nn II nofwork fo nnofhor; no roufors nIong fho wny nro nbIo fo oxnmIno fho Innor II
hondor. Iocnuso fho orIgInnI nckof Is oncnsuInfod, fho now, Inrgor nckof mny hnvo
fofnIIy dIfforonf sourco nnd dosfInnfIon nddrossos, nddIng fo fho socurIfy.
TunnoI modo Is usod whon ono or bofh onds of nn SA nro n socurIfy gnfowny,
such ns n fIrownII or roufor fhnf ImIomonfs IISoc.

WIfh funnoI modo, n numbor of hosfs on nofworks bohInd fIrownIIs mny ongngo
In socuro communIcnfIons wIfhouf ImIomonfIng IISoc.

Tho unrofocfod nckofs gonornfod by such hosfs nro funnoIod fhrough oxfornnI
nofworks by funnoI modo SAs sof u by fho IISoc soffwnro In fho fIrownII or socuro
roufor nf fho boundnry of fho IocnI nofwork.

Tunnel MoJe unJ Trunoport MoJe Functionulity

Tvunspovt Mode SA TunneI Mode SA
AH
AufhonfIcnfos II nyIond nnd
soIocfod orfIons of II hondor
nnd IIv6 oxfonsIon hondors.
AufhonfIcnfos onfIro Innor II
nckof (Innor hondor Ius II
nyIond) Ius soIocfod orfIons of
oufor II hondor nnd oufor IIv6
oxfonsIon hondors.
ISI
Incryfs II nyIond nnd nny
IIv6 oxfonsIon hondors
foIIowIng fho ISI hondor.
Incryfs onfIro Innor II nckof.
ISI wIfh
AufhonfIcnfIon
Incryfs II nyIond nnd nny
IIv6 oxfonsIon hondors
foIIowIng fho ISI hondor.
AufhonfIcnfos II nyIond buf
nof II hondor.
Incryfs onfIro Innor II nckof.
AufhonfIcnfos Innor II nckof.

C.3 AUTHNTICATION HAR
Tho AufhonfIcnfIon Hondor rovIdos suorf for dnfn InfogrIfy nnd
nufhonfIcnfIon of II nckofs.
Tho Jutu integrity fonfuro onsuros fhnf undofocfod modIfIcnfIon fo n nckof's
confonf In frnnsIf Is nof ossIbIo.
Tho uuthenticution feuture onnbIos nn ond sysfom or nofwork dovIco fo
nufhonfIcnfo fho usor or nIIcnfIon nnd fIIfor frnffIc nccordIngIy; If nIso
rovonfs fho nddross soofIng nffncks obsorvod In fodny's Infornof.
AufhonfIcnfIon Is bnsod on fho uso of n mossngo nufhonfIcnfIon codo (MAC) honco

fho fwo nrfIos musf shnro n socrof koy. Tho Authenticution HeuJer consIsfs of fho
foIIowIng fIoIds:
V ert HeuJer (S bito):
IdonfIfIos fho fyo of hondor ImmodInfoIy foIIowIng fhIs hondor.
V PuylouJ Length (S bito):
!ongfh of AufhonfIcnfIon Hondor In 32-bIf words, mInus 2. Ior oxnmIo,
fho dofnuIf Iongfh of fho nufhonfIcnfIon dnfn fIoId Is 96 bIfs, or fhroo 32-bIf
words. WIfh n fhroo-word fIxod hondor, fhoro nro n fofnI of sIx words In fho
hondor, nnd fho InyIond !ongfh fIoId hns n vnIuo of 4.
V ReoerteJ (16 bito):
Ior fufuro uso.
V Security Purumetero 1nJer (32 bito):
IdonfIfIos n socurIfy nssocInfIon.
V Sequence umber (32 bito):
A monofonIcnIIy IncronsIng counfor vnIuo.
V Authenticution Dutu (turiuble):
A vnrInbIo-Iongfh fIoId (musf bo nn InfogrnI numbor of 32-bIf words) fhnf
confnIns fho InfogrIfy Chock VnIuo (ICV), or MAC, for fhIs nckof.

IPSec AutLentIcutIon Heudev
ANTI-RPIAY SRVIC
A repluy uttuck Is ono In whIch nn nffnckor obfnIns n coy of nn nufhonfIcnfod
nckof nnd Infor frnnsmIfs If fo fho Infondod dosfInnfIon. Tho rocoIf of duIIcnfo,
nufhonfIcnfod II nckofs mny dIsruf sorvIco In somo wny or mny hnvo somo ofhor
undosIrod consoquonco.

Tho Soquonco umbor fIoId Is dosIgnod fo fhwnrf such nffncks. IIrsf, wo dIscuss
soquonco numbor gonornfIon by fho sondor, nnd fhon wo Iook nf how If Is rocossod by
fho rocIIonf.

Whon n now SA Is osfnbIIshod, fho sondor InIfInIIzos n soquonco numbor counfor
fo 0. Inch fImo fhnf n nckof Is sonf on fhIs SA, fho sondor Incromonfs fho counfor nnd
Incos fho vnIuo In fho Soquonco umbor fIoId.

Thus, fho fIrsf vnIuo fo bo usod Is l. If nnfI-roIny Is onnbIod (fho dofnuIf), fho
sondor musf nof nIIow fho soquonco numbor fo cycIo nsf 2
32
l bnck fo zoro. OfhorwIso,
fhoro wouId bo muIfIIo vnIId nckofs wIfh fho snmo soquonco numbor.

If fho IImIf of 2
32
l Is ronchod, fho sondor shouId formInnfo fhIs SA nnd nogofInfo
n now SA wIfh n now koy. Iocnuso II Is n connocfIonIoss, unroIInbIo sorvIco, fho
rofocoI doos nof gunrnnfoo fhnf nckofs wIII bo doIIvorod In ordor nnd doos nof
gunrnnfoo fhnf nII nckofs wIII bo doIIvorod.

Thoroforo, fho IISoc nufhonfIcnfIon documonf dIcfnfos fhnf fho rocoIvor shouId
ImIomonf n wIndow of sIzo W, wIfh n dofnuIf of W = 64. Tho rIghf odgo of fho wIndow
rorosonfs fho hIghosf soquonco numbor, , so fnr rocoIvod for n vnIId nckof.

Ior nny nckof wIfh n soquonco numbor In fho rnngo from W + l fo fhnf hns
boon corrocfIy rocoIvod (I.o., roorIy nufhonfIcnfod), fho corrosondIng sIof In fho
wIndow Is mnrkod.

Inbound rocossIng rocoods ns foIIows whon n nckof Is rocoIvod:

l. If fho rocoIvod nckof fnIIs wIfhIn fho wIndow nnd Is now, fho MAC Is chockod. If
fho nckof Is nufhonfIcnfod, fho corrosondIng sIof In fho wIndow Is mnrkod.
2. If fho rocoIvod nckof Is fo fho rIghf of fho wIndow nnd Is now, fho MAC Is
chockod. If fho nckof Is nufhonfIcnfod, fho wIndow Is ndvnncod so fhnf fhIs
soquonco numbor Is fho rIghf odgo of fho wIndow, nnd fho corrosondIng sIof In
fho wIndow Is mnrkod.
3. If fho rocoIvod nckof Is fo fho Ioff of fho wIndow, or If nufhonfIcnfIon fnIIs, fho
nckof Is dIscnrdod; fhIs Is nn nudIfnbIo ovonf.

Anti repluy Mechuniom
INTGRITY CHCK VAIU
Tho AufhonfIcnfIon nfn fIoId hoIds n vnIuo roforrod fo ns fho InfogrIfy Chock
VnIuo. Tho ICV Is n mossngo nufhonfIcnfIon codo or n fruncnfod vorsIon of n codo
roducod by n MAC nIgorIfhm.

Tho curronf socIfIcnfIon dIcfnfos fhnf n comIInnf ImIomonfnfIon musf suorf
HMAC-M5-96
HMAC-SHA-l-96
Iofh of fhoso uso fho HMAC nIgorIfhm, fho fIrsf wIfh fho M5 hnsh codo nnd
fho socond wIfh fho SHA-l hnsh codo.
In bofh cnsos, fho fuII HMAC vnIuo Is cnIcuInfod buf fhon fruncnfod by usIng fho
fIrsf 96 bIfs, whIch Is fho dofnuIf Iongfh for fho AufhonfIcnfIon nfn fIoId.

Tho MAC Is cnIcuInfod ovor
II hondor fIoIds fhnf oIfhor do nof chnngo In frnnsIf (ImmufnbIo) or fhnf nro
rodIcfnbIo In vnIuo uon nrrIvnI nf fho ondoInf for fho AH SA. IIoIds fhnf mny
chnngo In frnnsIf nnd whoso vnIuo on nrrIvnI nro unrodIcfnbIo nro sof fo zoro for
urosos of cnIcuInfIon nf bofh sourco nnd dosfInnfIon.
Tho AH hondor ofhor fhnn fho AufhonfIcnfIon nfn fIoId. Tho AufhonfIcnfIon
nfn fIoId Is sof fo zoro for urosos of cnIcuInfIon nf bofh sourco nnd
dosfInnfIon.
Tho onfIro uor-IovoI rofocoI dnfn, whIch Is nssumod fo bo ImmufnbIo In
frnnsIf (o.g., n TCI sogmonf or nn Innor II nckof In funnoI modo).

For 1Pt4, oxnmIos of ImmufnbIo fIoIds nro Infornof Hondor !ongfh nnd Sourco
Addross. An oxnmIo of n mufnbIo buf rodIcfnbIo fIoId Is fho osfInnfIon Addross (wIfh
Iooso or sfrIcf sourco roufIng).
IxnmIos of mufnbIo fIoIds fhnf nro zorood rIor fo ICV cnIcuInfIon nro fho TImo
fo !Ivo nnd Hondor Chocksum fIoIds. ofo fhnf bofh sourco nnd dosfInnfIon nddross
fIoIds nro rofocfod, so fhnf nddross soofIng Is rovonfod.

For 1Pt6, oxnmIos In fho bnso hondor nro VorsIon (ImmufnbIo), osfInnfIon
Addross (mufnbIo buf rodIcfnbIo), nnd IIow !nboI (mufnbIo nnd zorood for
cnIcuInfIon).

In ono cnso, nufhonfIcnfIon Is rovIdod dIrocfIy bofwoon n sorvor nnd cIIonf
worksfnfIons; fho worksfnfIon cnn bo oIfhor on fho snmo nofwork ns fho sorvor or on nn
oxfornnI nofwork.
As Iong ns fho worksfnfIon nnd fho sorvor shnro n rofocfod socrof koy, fho
nufhonfIcnfIon rocoss Is socuro. ThIs cnso usos n frnnsorf modo SA.

In fho ofhor cnso, n romofo worksfnfIon nufhonfIcnfos IfsoIf fo fho corornfo
fIrownII, oIfhor for nccoss fo fho onfIro InfornnI nofwork or bocnuso fho roquosfod sorvor
doos nof suorf fho nufhonfIcnfIon fonfuro. ThIs cnso usos n funnoI modo SA.

EnJ-to-EnJ terouo EnJ-to-1ntermeJiute Authenticution
Ior trunoport moJe AH usIng IIv4, fho AH Is Insorfod nffor fho orIgInnI II
hondor nnd boforo fho II nyIond (o.g., n TCI sogmonf). AufhonfIcnfIon covors fho
onfIro nckof, oxcIudIng mufnbIo fIoIds In fho IIv4 hondor fhnf nro sof fo zoro for MAC
cnIcuInfIon.

In fho confoxf of IIv6, AH Is vIowod ns nn ond-fo-ond nyIond; fhnf Is, If Is nof
oxnmInod or rocossod by InformodInfo roufors. Thoroforo, fho AH nonrs nffor fho
IIv6 bnso hondor nnd fho ho-by-ho, roufIng, nnd frngmonf oxfonsIon hondors.

Tho dosfInnfIon ofIons oxfonsIon hondor couId nonr boforo or nffor fho AH
hondor, doondIng on fho somnnfIcs dosIrod. AgnIn, nufhonfIcnfIon covors fho onfIro
nckof, oxcIudIng mufnbIo fIoIds fhnf nro sof fo zoro for MAC cnIcuInfIon.

Ior tunnel moJe AH, fho onfIro orIgInnI II nckof Is nufhonfIcnfod, nnd fho AH
Is Insorfod bofwoon fho orIgInnI II hondor nnd n now oufor II hondor. Tho Innor II
hondor cnrrIos fho uIfImnfo sourco nnd dosfInnfIon nddrossos, whIIo nn oufor II hondor
mny confnIn dIfforonf II nddrossos (o.g., nddrossos of fIrownIIs or ofhor socurIfy
gnfownys).

Scope of AH Authenticution
WIfh funnoI modo, fho onfIro Innor II nckof, IncIudIng fho onfIro Innor II
hondor Is rofocfod by AH. Tho oufor II hondor (nnd In fho cnso of IIv6, fho oufor II
oxfonsIon hondors) Is rofocfod oxcof for mufnbIo nnd unrodIcfnbIo fIoIds.
C.4 NCAPSUIATING SCURITY PAYIOA

Tho IncnsuInfIng SocurIfy InyIond rovIdos confIdonfInIIfy sorvIcos, IncIudIng
confIdonfInIIfy of mossngo confonfs nnd IImIfod frnffIc fIow confIdonfInIIfy. As nn
ofIonnI fonfuro, ISI cnn nIso rovIdo nn nufhonfIcnfIon sorvIco.

SP IORMAT

If confnIns fho foIIowIng fIoIds:
V Security Purumetero 1nJer (32 bito): IdonfIfIos n socurIfy nssocInfIon.
V Sequence umber (32 bito): A monofonIcnIIy IncronsIng counfor vnIuo; fhIs
rovIdos nn nnfI-roIny funcfIon, ns dIscussod for AH.
V PuylouJ Dutu (turiuble): ThIs Is n frnnsorf-IovoI sogmonf (frnnsorf modo)
or II nckof (funnoI modo) fhnf Is rofocfod by oncryfIon.
V PuJJing (0255 byteo): Tho uroso of fhIs fIoId Is dIscussod Infor.
V PuJ Length (S bito): IndIcnfos fho numbor of nd byfos ImmodInfoIy rocodIng
fhIs fIoId.
V ert HeuJer (S bito): IdonfIfIos fho fyo of dnfn confnInod In fho nyIond dnfn
fIoId by IdonfIfyIng fho fIrsf hondor In fhnf nyIond (for oxnmIo, nn oxfonsIon
hondor In IIv6, or nn uor-Inyor rofocoI such ns TCI).
TLunguveI Muvugun 4.B?
V Authenticution Dutu (turiuble): A vnrInbIo-Iongfh fIoId (musf bo nn InfogrnI

numbor of 32-bIf words) fhnf confnIns fho InfogrIfy Chock VnIuo comufod ovor
fho ISI nckof mInus fho AufhonfIcnfIon nfn fIoId.

NCRYPTION AN AUTHNTICATION AIGORITHMS
Tho InyIond nfn, InddIng, Ind !ongfh, nnd oxf Hondor fIoIds nro oncryfod
by fho ISI sorvIco. Tho curronf socIfIcnfIon dIcfnfos fhnf n comIInnf ImIomonfnfIon
musf suorf IS In cIhor bIock chnInIng (CIC) modo.
A numbor of ofhor nIgorIfhms hnvo boon nssIgnod IdonfIfIors In fho OI
documonf nnd couId fhoroforo onsIIy bo usod for oncryfIon; fhoso IncIudo
Throo-koy frIIo IS
!C5
IIA
Throo-koy frIIo IIA
CAST
IIowfIsh
As wIfh AH, ISI suorfs fho uso of n MAC wIfh n dofnuIf Iongfh of 96 bIfs. AIso
ns wIfh AH, fho curronf socIfIcnfIon dIcfnfos fhnf n comIInnf ImIomonfnfIon musf
suorf HMAC-M5-96 nnd HMAC-SHA-l-96.

PAING
Tho InddIng fIoId sorvos sovornI urosos:
If nn oncryfIon nIgorIfhm roquIros fho InInfoxf fo bo n muIfIIo of somo
numbor of byfos (o.g., fho muIfIIo of n sIngIo bIock for n bIock cIhor), fho
InddIng fIoId Is usod fo oxnnd fho InInfoxf (consIsfIng of fho InyIond nfn,
InddIng, Ind !ongfh, nnd oxf Hondor fIoIds) fo fho roquIrod Iongfh.
Tho ISI formnf roquIros fhnf fho Ind !ongfh nnd oxf Hondor fIoIds bo rIghf
nIIgnod wIfhIn n 32-bIf word. IquIvnIonfIy, fho cIhorfoxf musf bo nn Infogor
muIfIIo of 32 bIfs. Tho InddIng fIoId Is usod fo nssuro fhIs nIIgnmonf.
AddIfIonnI nddIng mny bo nddod fo rovIdo nrfInI frnffIc fIow confIdonfInIIfy by
conconIIng fho ncfunI Iongfh of fho nyIond.
TLunguveI Muvugun 4.BB

IoIow fIguro shows fwo wnys In whIch fho IISoc ISI sorvIco cnn bo usod. In fho
uor nrf of fho fIguro, oncryfIon (nnd ofIonnIIy nufhonfIcnfIon) Is rovIdod dIrocfIy
bofwoon fwo hosfs.
In fho uor nrf of fho fIguro, shows how funnoI modo oornfIon cnn bo usod fo
sof u n vIrfunI rIvnfo nofwork. Hosfs on fho InfornnI nofworks uso fho Infornof for
frnnsorf of dnfn buf do nof Inforncf wIfh ofhor Infornof-bnsod hosfs.
Iy formInnfIng fho funnoIs nf fho socurIfy gnfowny fo onch InfornnI nofwork, fho
confIgurnfIon nIIows fho hosfs fo nvoId ImIomonfIng fho socurIfy cnnbIIIfy. Tho
formor fochnIquo Is suorf by n frnnsorf modo SA, whIIo fho Inffor fochnIquo usos n
funnoI modo SA.

Trunoport-MoJe to. Tunnel-MoJe Encryption
Tvunspovt Mode SP:

Trnnsorf modo ISI Is usod fo oncryf nnd ofIonnIIy nufhonfIcnfo fho dnfn
cnrrIod by II (o.g., n TCI sogmonf). Ior fhIs modo usIng IIv4, fho ISI hondor Is
Insorfod Info fho II nckof ImmodInfoIy rIor fo fho frnnsorf-Inyor hondor (o.g., TCI,
!I, ICMI) nnd nn ISI frnIIor (InddIng, Ind !ongfh, nnd oxf Hondor fIoIds) Is
Incod nffor fho II nckof; If nufhonfIcnfIon Is soIocfod, fho ISI AufhonfIcnfIon nfn
fIoId Is nddod nffor fho ISI frnIIor. Tho onfIro frnnsorf-IovoI sogmonf Ius fho ISI
frnIIor nro oncryfod. AufhonfIcnfIon covors nII of fho cIhorfoxf Ius fho ISI hondor.

Trnnsorf modo oornfIon mny bo summnrIzod ns foIIows:
l) Af fho sourco, fho bIock of dnfn consIsfIng of fho ISI frnIIor Ius fho onfIro
frnnsorf-Inyor sogmonf Is oncryfod nnd fho InInfoxf of fhIs bIock Is roIncod
wIfh Ifs cIhorfoxf fo form fho II nckof for frnnsmIssIon. AufhonfIcnfIon Is
nddod If fhIs ofIon Is soIocfod.
2) Tho nckof Is fhon roufod fo fho dosfInnfIon. Inch InformodInfo roufor noods fo
oxnmIno nnd rocoss fho II hondor Ius nny InInfoxf II oxfonsIon hondors buf
doos nof nood fo oxnmIno fho cIhorfoxf.
3) Tho dosfInnfIon nodo oxnmInos nnd rocossos fho II hondor Ius nny InInfoxf
II oxfonsIon hondors. Thon, on fho bnsIs of fho SII In fho ISI hondor, fho
dosfInnfIon nodo docryfs fho romnIndor of fho nckof fo rocovor fho InInfoxf
frnnsorf-Inyor sogmonf.

Trnnsorf modo oornfIon rovIdos confIdonfInIIfy for nny nIIcnfIon fhnf usos
If, fhus nvoIdIng fho nood fo ImIomonf confIdonfInIIfy In ovory IndIvIdunI nIIcnfIon.
Ono Jruubuck fo fhIs modo Is fhnf If Is ossIbIo fo do frnffIc nnnIysIs on fho
frnnsmIffod nckofs.

TunneI Mode SP:
TunnoI modo ISI Is usod fo oncryf nn onfIro II nckof. Ior fhIs modo, fho ISI
hondor Is rofIxod fo fho nckof nnd fhon fho nckof Ius fho ISI frnIIor Is oncryfod.
ThIs mofhod cnn bo usod fo counfor frnffIc nnnIysIs.
Iocnuso fho II hondor confnIns fho dosfInnfIon nddross nnd ossIbIy sourco
roufIng dIrocfIvos nnd ho-by-ho ofIon InformnfIon, If Is nof ossIbIo sImIy fo
frnnsmIf fho oncryfod II nckof rofIxod by fho ISI hondor. InformodInfo roufors
wouId bo unnbIo fo rocoss such n nckof.

Thoroforo, If Is nocossnry fo oncnsuInfo fho onfIro bIock (ISI hondor Ius
cIhorfoxf Ius AufhonfIcnfIon nfn, If rosonf) wIfh n now II hondor fhnf wIII confnIn
suffIcIonf InformnfIon for roufIng buf nof for frnffIc nnnIysIs.

ConsIdor n cnso In whIch nn oxfornnI hosf wIshos fo communIcnfo wIfh n hosf on
nn InfornnI nofwork rofocfod by n fIrownII, nnd In whIch ISI Is ImIomonfod In fho
oxfornnI hosf nnd fho fIrownIIs.

Tho foIIowIng sfos occur for frnnsfor of n frnnsorf-Inyor sogmonf from fho
oxfornnI hosf fo fho InfornnI hosf:
l) Tho sourco ronros nn Innor II nckof wIfh n dosfInnfIon nddross of fho fnrgof
InfornnI hosf. ThIs nckof Is rofIxod by nn ISI hondor; fhon fho nckof nnd
ISI frnIIor nro oncryfod nnd AufhonfIcnfIon nfn mny bo nddod.
Tho rosuIfIng bIock Is oncnsuInfod wIfh n now II hondor (bnso hondor
Ius ofIonnI oxfonsIons such ns roufIng nnd ho-by-ho ofIons for IIv6) whoso
dosfInnfIon nddross Is fho fIrownII; fhIs forms fho oufor II nckof.
2) Tho oufor nckof Is roufod fo fho dosfInnfIon fIrownII. Inch InformodInfo roufor
noods fo oxnmIno nnd rocoss fho oufor II hondor Ius nny oufor II oxfonsIon
hondors buf doos nof nood fo oxnmIno fho cIhorfoxf.
3) Tho dosfInnfIon fIrownII oxnmInos nnd rocossos fho oufor II hondor Ius nny
oufor II oxfonsIon hondors.
Thon, on fho bnsIs of fho SII In fho ISI hondor, fho dosfInnfIon nodo
docryfs fho romnIndor of fho nckof fo rocovor fho InInfoxf Innor II nckof.
ThIs nckof Is fhon frnnsmIffod In fho InfornnI nofwork.
4) Tho Innor nckof Is roufod fhrough zoro or moro roufors In fho InfornnI nofwork
fo fho dosfInnfIon hosf.
C.5 COMBINING SCURITY ASSOCIATIONS

Tho form eecuriI, oeeocioIion IunJle rofors fo n soquonco of SAs fhrough whIch
frnffIc musf bo rocossod fo rovIdo n dosIrod sof of IISoc sorvIcos.`

SocurIfy nssocInfIons mny bo combInod Info bundIos In tuo uuyo:
V Tvunspovt udJucency:
!ofors fo nIyIng moro fhnn ono socurIfy rofocoI fo fho snmo II nckof,
wIfhouf InvokIng funnoIIng. ThIs nronch fo combInIng AH nnd ISI nIIows for
onIy ono IovoI of combInnfIon; furfhor nosfIng yIoIds no nddod bonofIf sInco fho
rocossIng Is orformod nf ono IIsoc Insfnnco: fho (uIfImnfo) dosfInnfIon.
V Itevuted tunneIIng:
!ofors fo fho nIIcnfIon of muIfIIo Inyors of socurIfy rofocoIs offocfod
fhrough II funnoIIng. ThIs nronch nIIows for muIfIIo IovoIs of nosfIng, sInco
onch funnoI cnn orIgInnfo or formInnfo nf n dIfforonf IIsoc sIfo nIong fho nfh.

Tho fwo nronchos cnn bo combInod, for oxnmIo, by hnvIng n frnnsorf SA
bofwoon hosfs frnvoI nrf of fho wny fhrough n funnoI SA bofwoon socurIfy gnfownys.
Ono intereoting iooue fhnf nrIsos whon consIdorIng SA bundIos Is fho ordor In whIch
nufhonfIcnfIon nnd oncryfIon mny bo nIIod bofwoon n gIvon nIr of ondoInfs nnd
fho wnys of doIng so.

AUTHNTICATION PIUS CONIINTIAIITY
IncryfIon nnd nufhonfIcnfIon cnn bo combInod In ordor fo frnnsmIf nn II
nckof fhnf hns bofh confIdonfInIIfy nnd nufhonfIcnfIon bofwoon hosfs.

SP wItL AutLentIcutIon OptIon:
In fhIs nronch, fho usor fIrsf nIIos ISI fo fho dnfn fo bo rofocfod nnd fhon
nonds fho nufhonfIcnfIon dnfn fIoId. Thoro nro ncfunIIy fwo subcnsos:
V Trnnsorf modo ISI:
AufhonfIcnfIon nnd oncryfIon nIy fo fho II nyIond doIIvorod fo fho
hosf, buf fho II hondor Is nof rofocfod.
V TunnoI modo ISI:

AufhonfIcnfIon nIIos fo fho onfIro II nckof doIIvorod fo fho oufor II
dosfInnfIon nddross (o.g., n fIrownII), nnd nufhonfIcnfIon Is orformod nf fhnf
dosfInnfIon. Tho onfIro Innor II nckof Is rofocfod by fho rIvncy mochnnIsm,
for doIIvory fo fho Innor II dosfInnfIon.

Ior bofh cnsos, nufhonfIcnfIon nIIos fo fho cIhorfoxf rnfhor fhnn fho InInfoxf.

Tvunspovt AdJucency:
Anofhor wny fo nIy nufhonfIcnfIon nffor oncryfIon Is fo uso fwo bundIod
frnnsorf SAs, wIfh fho Innor boIng nn ISI SA nnd fho oufor boIng nn AH SA. In fhIs
cnso ISI Is usod wIfhouf Ifs nufhonfIcnfIon ofIon. Iocnuso fho Innor SA Is n frnnsorf
SA, oncryfIon Is nIIod fo fho II nyIond.
Tho rosuIfIng nckof consIsfs of nn II hondor (nnd ossIbIy IIv6 hondor
oxfonsIons) foIIowod by nn ISI. AH Is fhon nIIod In frnnsorf modo, so fhnf
nufhonfIcnfIon covors fho ISI Ius fho orIgInnI II hondor (nnd oxfonsIons) oxcof for
mufnbIo fIoIds.
Tho uJtuntuge of fhIs nronch ovor sImIy usIng n sIngIo ISI SA wIfh fho
ISI nufhonfIcnfIon ofIon Is fhnf fho nufhonfIcnfIon covors moro fIoIds, IncIudIng fho
sourco nnd dosfInnfIon II nddrossos. Tho JiouJtuntuge Is fho ovorhond of fwo SAs
vorsus ono SA.

Tvunspovt-TunneI BundIe:
Tho uso of nufhonfIcnfIon rIor fo oncryfIon mIghf bo rofornbIo for sovornI
ronsons. Firot, bocnuso fho nufhonfIcnfIon dnfn nro rofocfod by oncryfIon, If Is
ImossIbIo for nnyono fo Inforcof fho mossngo nnd nIfor fho nufhonfIcnfIon dnfn
wIfhouf dofocfIon. SeconJ, If mny bo dosIrnbIo fo sforo fho nufhonfIcnfIon InformnfIon
wIfh fho mossngo nf fho dosfInnfIon for Infor roforonco.
If Is moro convonIonf fo do fhIs If fho nufhonfIcnfIon InformnfIon nIIos fo fho
unoncryfod mossngo; ofhorwIso fho mossngo wouId hnvo fo bo rooncryfod fo vorIfy
fho nufhonfIcnfIon InformnfIon.
BASIC COMBINATIONS OI SCURITY ASSOCIATIONS

Tho IISoc ArchIfocfuro documonf IIsfs four oxnmIos of combInnfIons of SAs fhnf
musf bo suorfod by comIInnf IISoc hosfs (o.g., worksfnfIon, sorvor) or socurIfy
gnfownys (o.g. fIrownII, roufor).

In Cuoe 1, nII socurIfy Is rovIdod bofwoon ond sysfoms fhnf ImIomonf IISoc.
Ior nny fwo ond sysfoms fo communIcnfo vIn nn SA, fhoy musf shnro fho nrorInfo
socrof koys.
Among fho ossIbIo combInnfIons:
AH In frnnsorf modo
ISI In frnnsorf modo
ISI foIIowod by AH In frnnsorf modo (nn ISI SA InsIdo nn AH SA)
Any ono of n, b, or c InsIdo nn AH or ISI In funnoI modo
Ior Cuoe 2, socurIfy Is rovIdod onIy bofwoon gnfownys (roufors, fIrownIIs, ofc.)
nnd no hosfs ImIomonf IISoc. ThIs cnso IIIusfrnfos sImIo vIrfunI rIvnfo nofwork
suorf. Tho socurIfy nrchIfocfuro documonf socIfIos fhnf onIy n sIngIo funnoI SA Is
noodod for fhIs cnso. Tho funnoI couId suorf AH, ISI, or ISI wIfh fho
nufhonfIcnfIon ofIon. osfod funnoIs nro nof roquIrod bocnuso fho IISoc sorvIcos
nIy fo fho onfIro Innor nckof.

Cuoe 3 buIIds on Cnso 2 by nddIng ond-fo-ond socurIfy. Tho snmo combInnfIons
dIscussod for cnsos l nnd 2 nro nIIowod horo. Tho gnfowny-fo-gnfowny funnoI rovIdos
oIfhor nufhonfIcnfIon or confIdonfInIIfy or bofh for nII frnffIc bofwoon ond sysfoms.
Whon fho gnfowny-fo-gnfowny funnoI Is ISI, If nIso rovIdos n IImIfod form of
frnffIc confIdonfInIIfy. IndIvIdunI hosfs cnn ImIomonf nny nddIfIonnI IISoc sorvIcos
roquIrod for gIvon nIIcnfIons or gIvon usors by monns of ond-fo-ond SAs.
Cuoe 4 rovIdos suorf for n romofo hosf fhnf usos fho Infornof fo ronch nn
orgnnIznfIon's fIrownII nnd fhon fo gnIn nccoss fo somo sorvor or worksfnfIon bohInd fho
fIrownII. OnIy funnoI modo Is roquIrod bofwoon fho romofo hosf nnd fho fIrownII. As In
Cnso l, ono or fwo SAs mny bo usod bofwoon fho romofo hosf nnd fho IocnI hosf.

C.6 KY MANAGMNT
Tho koy mnnngomonf orfIon of IISoc InvoIvos fho doformInnfIon nnd
dIsfrIbufIon of socrof koys.
Tho IISoc ArchIfocfuro documonf mnndnfos suorf for fwo fyos of koy
mnnngomonf:
V Munuul:
A sysfom ndmInIsfrnfor mnnunIIy confIguros onch sysfom wIfh Ifs own
koys nnd wIfh fho koys of ofhor communIcnfIng sysfoms. ThIs Is rncfIcnI for
smnII, roInfIvoIy sfnfIc onvIronmonfs.
V AutomuteJ:
An nufomnfod sysfom onnbIos fho on-domnnd cronfIon of koys for SAs nnd
fncIIIfnfos fho uso of koys In n Inrgo dIsfrIbufod sysfom wIfh nn ovoIvIng
confIgurnfIon.
Tho dofnuIf nufomnfod koy mnnngomonf rofocoI for IISoc Is roforrod fo ns

ISAKMI/OnkIoy nnd consIsfs of fho foIIowIng oIomonfs:
OukIey Key etevmInutIon PvotocoI:
OnkIoy Is n koy oxchnngo rofocoI bnsod on fho IffIo-HoIImnn nIgorIfhm
buf rovIdIng nddod socurIfy. OnkIoy Is gonorIc In fhnf If doos nof dIcfnfo socIfIc
formnfs.
Intevnet SecuvIty AssocIutIon und Key Munugement PvotocoI (ISAKMP):
ISAKMI rovIdos n frnmowork for Infornof koy mnnngomonf nnd
rovIdos fho socIfIc rofocoI suorf, IncIudIng formnfs, for nogofInfIon of
socurIfy nffrIbufos.

OAKIY KY TRMINATION PROTOCOI
OnkIoy Is n rofInomonf of fho IffIo-HoIImnn koy oxchnngo nIgorIfhm. !ocnII
fhnf IffIo-HoIImnn InvoIvos fho foIIowIng InforncfIon bofwoon usors A nnd I.
Thoro Is rIor ngroomonf on fwo gIobnI nrnmofors: q, n Inrgo rImo numbor; nnd
n n rImIfIvo roof of q. A soIocfs n rnndom Infogor XA ns Ifs rIvnfo koy, nnd frnnsmIfs
fo I Ifs ubIIc koy YA = n
XA
mod q.
SImIInrIy, I soIocfs n rnndom Infogor XI ns Ifs rIvnfo koy nnd frnnsmIfs fo A Ifs
ubIIc koy YI = n
XI
mod q.

Inch sIdo cnn now comufo fho socrof sossIon koy:

Tho IffIo-HoIImnn nIgorIfhm hns fwo nffrncfIvo fonfuros:
V Socrof koys nro cronfod onIy whon noodod. Thoro Is no nood fo sforo socrof koys
for n Iong orIod of fImo, oxosIng fhom fo Incronsod vuInornbIIIfy.
V Tho oxchnngo roquIros no rooxIsfIng Infrnsfrucfuro ofhor fhnn nn ngroomonf on
fho gIobnI nrnmofors.

Howovor, fhoro nro n numbor of wonknossos fo IffIo-HoIImnn:
V If doos nof rovIdo nny InformnfIon nbouf fho IdonfIfIos of fho nrfIos.
V If Is subjocf fo n mnn-In-fho-mIddIo nffnck, In whIch n fhIrd nrfy C

Imorsonnfos I whIIo communIcnfIng wIfh A nnd Imorsonnfos A whIIo
communIcnfIng wIfh I.
Iofh A nnd I ond u nogofInfIng n koy wIfh C, whIch cnn fhon IIsfon fo nnd
nss on frnffIc. Tho mnn-In-fho-mIddIo nffnck rocoods ns foIIows:
l) I sonds hIs ubIIc koy YI In n mossngo nddrossod fo A.
2) Tho onomy (I) Inforcofs fhIs mossngo. I snvos I's ubIIc koy nnd sonds n
mossngo fo A fhnf hns I's !sor I buf I's ubIIc koy YI. ThIs mossngo Is sonf
In such n wny fhnf If nonrs ns fhough If wns sonf from I's hosf sysfom. A
rocoIvos I's mossngo nnd sforos I's ubIIc koy wIfh I's !sor I. SImIInrIy, I
sonds n mossngo fo I wIfh I's ubIIc koy, urorfIng fo como from A.
3) I comufos n socrof koy Kl bnsod on I's rIvnfo koy nnd YI. A comufos n
socrof koy K2 bnsod on A's rIvnfo koy nnd YI. I comufos Kl usIng I's socrof
koy XI nnd YI nnd comufor K2 usIng YI nnd YI.
4) Irom now on I Is nbIo fo roIny mossngos from A fo I nnd from I fo A,
nrorInfoIy chnngIng fhoIr oncIhormonf on roufo In such n wny fhnf
noIfhor A nor I wIII know fhnf fhoy shnro fhoIr communIcnfIon wIfh I.
V If Is comufnfIonnIIy InfonsIvo. As n rosuIf, If Is vuInornbIo fo n cIoggIng nffnck,
In whIch nn oononf roquosfs n hIgh numbor of koys. Tho vIcfIm sonds
consIdornbIo comufIng rosourcos doIng usoIoss moduInr oxononfInfIon rnfhor
fhnn ronI work.

OnkIoy Is dosIgnod fo rofnIn fho ndvnnfngos of IffIo-HoIImnn whIIo counforIng
Ifs wonknossos.

Ieutuves oI OukIey
Tho OnkIoy nIgorIfhm Is chnrncforIzod by fIvo Imorfnnf fonfuros:
If omIoys n mochnnIsm known ns cookIos fo fhwnrf cIoggIng nffncks.
If onnbIos fho fwo nrfIos fo nogofInfo n grou; fhIs, In ossonco, socIfIos fho
gIobnI nrnmofors of fho IffIo-HoIImnn koy oxchnngo.
If usos noncos fo onsuro ngnInsf roIny nffncks.
If onnbIos fho oxchnngo of IffIo-HoIImnn ubIIc koy vnIuos.

If nufhonfIcnfos fho IffIo-HoIImnn oxchnngo fo fhwnrf mnn-In-fho-mIddIo
nffncks.
Tho cookie erchunge roquIros fhnf onch sIdo sond n soudornndom numbor, fho
cookIo, In fho InIfInI mossngo, whIch fho ofhor sIdo ncknowIodgos. ThIs ncknowIodgmonf
musf bo roonfod In fho fIrsf mossngo of fho IffIo-HoIImnn koy oxchnngo.
If fho sourco nddross wns forgod, fho oononf gofs no nnswor. Thus, nn
oononf cnn onIy forco n usor fo gonornfo ncknowIodgmonfs nnd nof fo orform fho
IffIo-HoIImnn cnIcuInfIon.

ISAKMI mnndnfos fhnf cookIo gonornfIon snfIsfy three buoic requiremento:
V Tho cookIo musf doond on fho socIfIc nrfIos.
V If musf nof bo ossIbIo for nnyono ofhor fhnn fho IssuIng onfIfy fo gonornfo
cookIos fhnf wIII bo nccofod by fhnf onfIfy.
V Tho cookIo gonornfIon nnd vorIfIcnfIon mofhods musf bo fnsf fo fhwnrf nffncks
Infondod fo snbofngo rocossor rosourcos.

Tho rocommondod mofhod for cronfIng fho cookIo Is fo orform n fnsf hnsh (o.g.,
M5) ovor fho II Sourco nnd osfInnfIon nddrossos, fho !I Sourco nnd osfInnfIon
orfs, nnd n IocnIIy gonornfod socrof vnIuo.
OnkIoy suorfs fho uso of dIfforonf grous for fho IffIo-HoIImnn koy oxchnngo.
Inch grou IncIudos fho dofInIfIon of fho fwo gIobnI nrnmofors nnd fho IdonfIfy of fho
nIgorIfhm.
Tho curronf socIfIcnfIon IncIudos fho foIIowIng grous:
V MoJulor exponenIioIion uiII o 76S-IiI noJulue
q = 2
76S
- 2
704
- 1 + 2
64
x ([2
63S
x ] + 1496S6)
o = 2
V MoJulor exponenIioIion uiII o 1024-IiI noJulue
q = 2
1024
- 2
960
- 1 + 2
64
x ([2
S94
x ] + 129093)
o = 2
V MoJulor exponenIioIion uiII o 136-IiI noJulue

PoroneIere Io Ie JeIernineJ
V 1llipIic curte group oter 2
1

GeneroIor (IexoJecinol).X = 7B, Y = 1CS
1llipIic curte poroneIere (IexoJecinol).A = 0, Y = 733SI
V 1llipIic curte group oter 2
1S

GeneroIor (IexoJecinol).X = 1S, Y = D
1llipIic curte poroneIere (IexoJecinol). A = 0, Y = 1119
OnkIoy omIoys noncos fo onsuro ngnInsf roIny nffncks. Inch nonco Is n IocnIIy
gonornfod soudornndom numbor. oncos nonr In rosonsos nnd nro oncryfod
durIng corfnIn orfIons of fho oxchnngo fo socuro fhoIr uso.

TLvee dIIIevent uutLentIcutIon metLods cnn bo usod wIfh OnkIoy:
Digitul oignutureo: Tho oxchnngo Is nufhonfIcnfod by sIgnIng n mufunIIy
obfnInnbIo hnsh; onch nrfy oncryfs fho hnsh wIfh Ifs rIvnfo koy. Tho hnsh Is
gonornfod ovor Imorfnnf nrnmofors, such ns usor Is nnd noncos.
Public-key encryption. Tho oxchnngo Is nufhonfIcnfod by oncryfIng
nrnmofors such ns Is nnd noncos wIfh fho sondor's rIvnfo koy.
Symmetric-key encryption: A koy dorIvod by somo ouf-of-bnnd mochnnIsm cnn
bo usod fo nufhonfIcnfo fho oxchnngo by symmofrIc oncryfIon of oxchnngo
nrnmofors.

ISAKMP
ISAKMI dofInos rocoduros nnd nckof formnfs fo osfnbIIsh, nogofInfo, modIfy,
nnd doIofo socurIfy nssocInfIons. As nrf of SA osfnbIIshmonf, ISAKMI dofInos
nyIonds for oxchnngIng koy gonornfIon nnd nufhonfIcnfIon dnfn.
Thoso nyIond formnfs rovIdo n consIsfonf frnmowork Indoondonf of fho
socIfIc koy oxchnngo rofocoI, oncryfIon nIgorIfhm, nnd nufhonfIcnfIon mochnnIsm.

ISAKMP HAR IORMAT

If consIsfs of fho foIIowIng fIoIds:
1nitiutor Cookie (64 bito): CookIo of onfIfy fhnf InIfInfod SA osfnbIIshmonf, SA
nofIfIcnfIon, or SA doIofIon.
ReoponJer Cookie (64 bito): CookIo of rosondIng onfIfy; nuII In fIrsf mossngo
from InIfInfor.
ert PuylouJ (S bito): IndIcnfos fho fyo of fho fIrsf nyIond In fho mossngo;
nyIonds nro dIscussod In fho noxf subsocfIon.
Mu]or Veroion (4 bito): IndIcnfos mnjor vorsIon of ISAKMI In uso.
Minor Veroion (4 bito): IndIcnfos mInor vorsIon In uso.
Erchunge Type (S bito): IndIcnfos fho fyo of oxchnngo; fhoso nro dIscussod
Infor In fhIs socfIon.
Flugo (S bito): IndIcnfos socIfIc ofIons sof for fhIs ISAKMI oxchnngo. Two bIfs
so fnr dofInod: Tho IncryfIon bIf Is sof If nII nyIonds foIIowIng fho hondor nro
oncryfod usIng fho oncryfIon nIgorIfhm for fhIs SA. Tho CommIf bIf Is usod fo
onsuro fhnf oncryfod mnforInI Is nof rocoIvod rIor fo comIofIon of SA
osfnbIIshmonf.
Meoouge 1D (32 bito): !nIquo I for fhIs mossngo.
Length (32 bito): !ongfh of fofnI mossngo (hondor Ius nII nyIonds) In ocfofs.

ISAKMP PAYIOA TYPS
Type Puvumetevs escvIptIon
SocurIfy
AssocInfIon (SA)
omnIn of InforrofnfIon,
SIfunfIon
!sod fo nogofInfo socurIfy nffrIbufos
nnd IndIcnfo fho OI nnd SIfunfIon
undor whIch nogofInfIon Is fnkIng
Inco.
IroosnI (I)
IroosnI #, IrofocoI-I, SII
SIzo, # of Trnnsforms, SII
!sod durIng SA nogofInfIon; IndIcnfos
rofocoI fo bo usod nnd numbor of
frnnsforms.
Trnnsform (T)
Trnnsform #, Trnnsform-I,
SA AffrIbufos
!sod durIng SA nogofInfIon; IndIcnfos
frnnsform nnd roInfod SA nffrIbufos.
Koy Ixchnngo
(KI)
Koy Ixchnngo nfn
Suorfs n vnrIofy of koy oxchnngo
fochnIquos.
IdonfIfIcnfIon
(I)
I Tyo, I nfn
!sod fo oxchnngo IdonfIfIcnfIon
InformnfIon.
CorfIfIcnfo
(CI!T)
Corf IncodIng, CorfIfIcnfo
nfn
!sod fo frnnsorf corfIfIcnfos nnd
ofhor corfIfIcnfo- roInfod InformnfIon.
CorfIfIcnfo
!oquosf (C!)
# Corf Tyos, CorfIfIcnfo
Tyos, # Corf Aufhs,
CorfIfIcnfo AufhorIfIos
!sod fo roquosf corfIfIcnfos; IndIcnfos
fho fyos of corfIfIcnfos roquosfod nnd
fho nccofnbIo corfIfIcnfo nufhorIfIos.
Hnsh (HASH) Hnsh nfn

ConfnIns dnfn gonornfod by n hnsh
funcfIon.
SIgnnfuro (SIC) SIgnnfuro nfn
ConfnIns dnfn gonornfod by n dIgIfnI
sIgnnfuro funcfIon.
onco
(OCI)
onco nfn ConfnIns n nonco.
ofIfIcnfIon ()
OI, IrofocoI-I, SII SIzo,
ofIfy Mossngo Tyo, SII,
ofIfIcnfIon nfn
!sod fo frnnsmIf nofIfIcnfIon dnfn,
such ns nn orror condIfIon.
oIofo ()
OI, IrofocoI-I, SII SIzo,
#of SIIs, SII (ono or moro)
IndIcnfos nn SA fhnf Is no Iongor
vnIId.

otificution puylouJ
Tho onIy ISAKMI sfnfus mossngo so fnr dofInod Is Connocfod. In nddIfIon fo
fhoso ISAKMI nofIfIcnfIons, OI-socIfIc nofIfIcnfIons nro usod. Ior IISoc, fho
foIIowIng nddIfIonnI sfnfus mossngos nro dofInod:
V ReoponJer-Lifetime: CommunIcnfos fho SA IIfofImo choson by fho rosondor.
V Repluy-Stutuo: !sod for osIfIvo confIrmnfIon of fho rosondor's oIocfIon of
whofhor or nof fho rosondor wIII orform nnfI-roIny dofocfIon.
V 1nitiul-Contuct: Informs fho ofhor sIdo fhnf fhIs Is fho fIrsf SA boIng
osfnbIIshod wIfh fho romofo sysfom. Tho rocoIvor of fhIs nofIfIcnfIon mIghf fhon
doIofo nny oxIsfIng SA's If hns for fho sondIng sysfom undor fho nssumfIon fhnf
fho sondIng sysfom hns roboofod nnd no Iongor hns nccoss fo fhoso SAs.

Certificute puylouJ
Tho CorfIfIcnfo nyIond frnnsfors n ubIIc-koy corfIfIcnfo. Tho CorfIfIcnfo
IncodIng fIoId IndIcnfos fho fyo of corfIfIcnfo or corfIfIcnfo-roInfod InformnfIon, whIch
mny IncIudo fho foIIowIng:
IKCS #? wrnod X.509 corfIfIcnfo
ICI corfIfIcnfo
S sIgnod koy
X.509 corfIfIcnfosIgnnfuro
X.509 corfIfIcnfokoy oxchnngo
Korboros fokons
CorfIfIcnfo !ovocnfIon !Isf (C!!)
AufhorIfy !ovocnfIon !Isf (A!!)
SIKI corfIfIcnfo
Af nny oInf In nn ISAKMI oxchnngo, fho sondor mny IncIudo n CorfIfIcnfo
!oquosf nyIond fo roquosf fho corfIfIcnfo of fho ofhor communIcnfIng onfIfy. Tho
nyIond mny IIsf moro fhnn ono corfIfIcnfo fyo fhnf Is nccofnbIo nnd moro fhnn ono
corfIfIcnfo nufhorIfy fhnf Is nccofnbIo.

ISAKMP XCHANGS
1SAKMP Erchunge Typeo
cLunge Note
(n) Inso Ixchnngo
(l)I!: SA; OCI IogIn ISAKMI-SA nogofInfIon
(2)!I: SA; OCI InsIc SA ngrood uon
(3)I!: KI; II A!TH Koy gonornfod; InIfInfor IdonfIfy vorIfIod by rosondor
(4)!I: KI; I! A!TH
!osondor IdonfIfy vorIfIod by InIfInfor; Koy gonornfod; SA
osfnbIIshod
(b) IdonfIfy IrofocfIon Ixchnngo
(l)I!: SA IogIn ISAKMI-SA nogofInfIon
(2)!I: SA InsIc SA ngrood uon
(3)I!: KI; OCI Koy gonornfod
(4)!I: KI; OCI Koy gonornfod
(5)*I!: II; A!TH InIfInfor IdonfIfy vorIfIod by rosondor
(6)*!I: I!; A!TH !osondor IdonfIfy vorIfIod by InIfInfor; SA osfnbIIshod
(c) AufhonfIcnfIon OnIy Ixchnngo
(l)I!: SA; OCI IogIn ISAKMI-SA nogofInfIon
(2)!I: SA; OCI; I!;
A!TH
InsIc SA ngrood uon; !osondor IdonfIfy vorIfIod by
InIfInfor
(3)I!: II; A!TH InIfInfor IdonfIfy vorIfIod by rosondor; SA osfnbIIshod

(d) AggrossIvo Ixchnngo
(l)I!: SA; KI; OCI; II; IogIn ISAKMI-SA nogofInfIon nnd koy oxchnngo
(2)!I: SA; KI; OCI;
I!; A!TH
InIfInfor IdonfIfy vorIfIod by rosondor; Koy gonornfod;
InsIc SA ngrood uon
(3)*I!: A!TH !osondor IdonfIfy vorIfIod by InIfInfor; SA osfnbIIshod
(o) InformnfIonnI Ixchnngo
(l)*I!: / Irror or sfnfus nofIfIcnfIon, or doIofIon
otution:
I = InIfInfor
! = rosondor
* = sIgnIfIos nyIond oncryfIon nffor fho ISAKMI hondor
A!TH = nufhonfIcnfIon mochnnIsm usod

4.4 WB SCURITY
V Socuro sockof Inyor (SS!) rovIdos socurIfy sorvIcos bofwoon TCI nnd
nIIcnfIons fhnf uso TCI. Tho Infornof sfnndnrd vorsIon Is cnIIod frnnsorf
Inyor sorvIco (T!S).

V SS!/T!S rovIdos confIdonfInIIfy usIng symmofrIc oncryfIon nnd mossngo
InfogrIfy usIng n mossngo nufhonfIcnfIon codo.
V SS!/T!S IncIudos rofocoI mochnnIsms fo onnbIo fwo TCI usors fo doformIno
fho socurIfy mochnnIsms nnd sorvIcos fhoy wIII uso.

V Socuro oIocfronIc frnnsncfIon (SIT) Is nn oon oncryfIon nnd socurIfy
socIfIcnfIon dosIgnod fo rofocf crodIf cnrd frnnsncfIons on fho Infornof.
.1 WB SCURITY CONSIRATIONS
Tho WorId WIdo Wob Is fundnmonfnIIy n cIIonf/sorvor nIIcnfIon runnIng ovor
fho Infornof nnd TCI/II Infrnnofs.
Tho Wob rosonfs neu chullengeo not generully uppreciuteJ in the contert
of computer unJ netuork oecurity:
Tho Infornof Is fwo wny. !nIIko frndIfIonnI ubIIshIng onvIronmonfs, ovon
oIocfronIc ubIIshIng sysfoms InvoIvIng foIofoxf, voIco rosonso, or fnx-bnck, fho
Wob Is vuInornbIo fo nffncks on fho Wob sorvors ovor fho Infornof.
Tho Wob Is IncronsIngIy sorvIng ns n hIghIy vIsIbIo oufIof for corornfo nnd
roducf InformnfIon nnd ns fho Infform for busInoss frnnsncfIons. !oufnfIons
cnn bo dnmngod nnd monoy cnn bo Iosf If fho Wob sorvors nro subvorfod.
AIfhough Wob browsors nro vory onsy fo uso, Wob sorvors nro roInfIvoIy onsy fo
confIguro nnd mnnngo, nnd Wob confonf Is IncronsIngIy onsy fo dovoIo, fho
undorIyIng soffwnro Is oxfrnordInnrIIy comIox. ThIs comIox soffwnro mny hIdo
mnny ofonfInI socurIfy fInws.
Wob sorvor cnn bo oxIoIfod ns n InunchIng nd Info fho corornfIon's or ngoncy's
onfIro comufor comIox. Onco fho Wob sorvor Is subvorfod, nn nffnckor mny bo
nbIo fo gnIn nccoss fo dnfn nnd sysfoms nof nrf of fho Wob IfsoIf buf connocfod
fo fho sorvor nf fho IocnI sIfo.
CnsunI nnd unfrnInod (In socurIfy mnffors) usors nro common cIIonfs for Wob-
bnsod sorvIcos. Such usors nro nof nocossnrIIy nwnro of fho socurIfy rIsks fhnf
oxIsf nnd do nof hnvo fho fooIs or knowIodgo fo fnko offocfIvo counformonsuros.

WB SCURITY THRATS
One uo, fo grou fhoso fhronfs Is In forms of puooite unJ uctite uttucko.
InssIvo nffncks IncIudo onvosdroIng on nofwork frnffIc bofwoon browsor nnd sorvor
nnd gnInIng nccoss fo InformnfIon on n Wob sIfo fhnf Is suosod fo bo rosfrIcfod. AcfIvo
nffncks IncIudo ImorsonnfIng nnofhor usor, nIforIng mossngos In frnnsIf bofwoon cIIonf
nnd sorvor, nnd nIforIng InformnfIon on n Wob sIfo.

AnoIIer uo, fo cInssIfy Wob socurIfy fhronfs Is In forms of fho IocnfIon of fho
fhronf: Web oerter, Web brouoer, unJ netuork truffic betueen brouoer unJ
oerter. Issuos of sorvor nnd browsor socurIfy fnII Info fho cnfogory of comufor sysfom
socurIfy. Issuos of frnffIc socurIfy fnII Info fho cnfogory of nofwork socurIfy.
A COMPARISON OI THRATS ON TH WB
TLveuts Consequences Countevmeusuves
InfogrIfy
ModIfIcnfIon of usor dnfn
Trojnn horso browsor
ModIfIcnfIon of momory
ModIfIcnfIon of mossngo
frnffIc In frnnsIf
!oss of InformnfIon
ComromIso of mnchIno
VuInornbIIfy fo nII ofhor
fhronfs
CryfogrnhIc
chocksums
ConfIdonfInIIfy
InvosdroIng on fho of
Thoff of Info from sorvor
Thoff of dnfn from cIIonf
Info nbouf nofwork
confIgurnfIon
Info nbouf whIch cIIonf
fnIks fo sorvor
!oss of InformnfIon
!oss of rIvncy
IncryfIon, wob
roxIos
onInI of
SorvIco
KIIIIng of usor fhronds
IIoodIng mnchIno wIfh
bogus roquosfs
IIIIIng u dIsk or momory
IsoInfIng mnchIno by
S nffncks
IsrufIvo
AnnoyIng
Irovonf usor from goffIng
work dono
IffIcuIf fo rovonf
AufhonfIcnfIon
ImorsonnfIon of
IogIfImnfo usors
nfn forgory
MIsrorosonfnfIon of usor
IoIIof fhnf fnIso InformnfIon
Is vnIId
CryfogrnhIc
fochnIquos

WB TRAIIIC SCURITY APPROACHS
A numbor of nronchos fo rovIdIng Wob socurIfy nro ossIbIo. Tho vnrIous
nronchos fhnf hnvo boon consIdorod nro sImIInr In fho sorvIcos fhoy rovIdo nnd, fo
somo oxfonf, In fho mochnnIsms fhnf fhoy uso, buf fhoy dIffor wIfh rosocf fo fhoIr
scoo of nIIcnbIIIfy nnd fhoIr roInfIvo IocnfIon wIfhIn fho TCI/II rofocoI sfnck.
Ono wny fo rovIdo Wob socurIfy Is fo uso 1P Security. Tho ndvnnfngo of usIng
IISoc Is fhnf If Is frnnsnronf fo ond usors nnd nIIcnfIons nnd rovIdos n gonornI-
uroso soIufIon.
Iurfhor, IISoc IncIudos n fIIforIng cnnbIIIfy so fhnf onIy soIocfod frnffIc nood
Incur fho ovorhond of IISoc rocossIng.

Anofhor roInfIvoIy gonornI-uroso soIufIon Is fo ImIomonf socurIfy jusf nbovo
TCP. Tho foromosf oxnmIo of fhIs nronch Is fho Socuro Sockofs !nyor (SS!) nnd fho
foIIow-on Infornof sfnndnrd known ns Trnnsorf !nyor SocurIfy (T!S).
Applicution-opecific oecurity oerticeo nro omboddod wIfhIn fho nrfIcuInr
nIIcnfIon. Tho ndvnnfngo of fhIs nronch Is fhnf fho sorvIco cnn bo fnIIorod fo fho
socIfIc noods of n gIvon nIIcnfIon. In fho confoxf of Wob socurIfy, nn Imorfnnf
oxnmIo of fhIs nronch Is Socuro IIocfronIc TrnnsncfIon (SIT).
.2 SCUR SOCKT IAYR AN TRANSPORT IAYR SCURITY

SSI ARCHITCTUR
SS! Is dosIgnod fo mnko uso of TCI fo rovIdo n roIInbIo ond-fo-ond socuro
sorvIco. SS! Is nof n sIngIo rofocoI buf rnfhor fwo Inyors of rofocoIs, ns IIIusfrnfod In
boIow IIguro.

Tho SS! !ocord IrofocoI rovIdos bnsIc socurIfy sorvIcos fo vnrIous hIghor-Inyor
rofocoIs. In nrfIcuInr, fho Hyorfoxf Trnnsfor IrofocoI (HTTI), whIch rovIdos fho
frnnsfor sorvIco for Wob cIIonf/sorvor InforncfIon, cnn oornfo on fo of SS!.
Throo hIghor-Inyor rofocoIs nro dofInod ns nrf of SS!: fho Hnndshnko IrofocoI,
Tho Chnngo CIhor Soc IrofocoI, nnd fho AIorf IrofocoI. Thoso SS!-socIfIc rofocoIs
nro usod In fho mnnngomonf of SS! oxchnngos.

Two Imorfnnf SSL concepto nro fho SS! sossIon nnd fho SS! connocfIon,
whIch nro dofInod In fho socIfIcnfIon ns foIIows:
V Connection:
A connocfIon Is n frnnsorf (In fho OSI InyorIng modoI dofInIfIon) fhnf
rovIdos n suIfnbIo fyo of sorvIco. Ior SS!, such connocfIons nro oor-fo-oor
roInfIonshIs. Tho connocfIons nro frnnsIonf. Ivory connocfIon Is nssocInfod wIfh
ono sossIon.
V Seooion:
An SS! sossIon Is nn nssocInfIon bofwoon n cIIonf nnd n sorvor. SossIons
nro cronfod by fho Hnndshnko IrofocoI. SossIons dofIno n sof of cryfogrnhIc
socurIfy nrnmofors, whIch cnn bo shnrod nmong muIfIIo connocfIons. SossIons
nro usod fo nvoId fho oxonsIvo nogofInfIon of now socurIfy nrnmofors for onch
connocfIon.
SSL Protocol Stack
A oeooion otute Is dofInod by fho foIIowIng nrnmofors (dofInIfIons fnkon from
fho SS! socIfIcnfIon):
Seooion iJentifier: An nrbIfrnry byfo soquonco choson by fho sorvor fo IdonfIfy
nn ncfIvo or rosumnbIo sossIon sfnfo.
Peer certificute: An X509.v3 corfIfIcnfo of fho oor. ThIs oIomonf of fho sfnfo
mny bo nuII.
Compreooion methoJ: Tho nIgorIfhm usod fo comross dnfn rIor fo oncryfIon.

Cipher opec:
SocIfIos fho buIk dnfn oncryfIon nIgorIfhm (such ns nuII, AIS, ofc.) nnd
n hnsh nIgorIfhm (such ns M5 or SHA-l) usod for MAC cnIcuInfIon. If nIso
dofInos cryfogrnhIc nffrIbufos such ns fho hnsh_sIzo.
Muoter oecret: 48-byfo socrof shnrod bofwoon fho cIIonf nnd sorvor.
1o reoumuble: A fIng IndIcnfIng whofhor fho sossIon cnn bo usod fo InIfInfo now
connocfIons.

A connection otute Is dofInod by fho foIIowIng nrnmofors:
Serter unJ client runJom: Iyfo soquoncos fhnf nro choson by fho sorvor nnd
cIIonf for onch connocfIon.
Serter urite MAC oecret: Tho socrof koy usod In MAC oornfIons on dnfn sonf
by fho sorvor.
Client urite MAC oecret: Tho socrof koy usod In MAC oornfIons on dnfn sonf
by fho cIIonf.
Serter urite key: Tho convonfIonnI oncryfIon koy for dnfn oncryfod by fho
sorvor nnd docryfod by fho cIIonf.
Client urite key: Tho convonfIonnI oncryfIon koy for dnfn oncryfod by fho
cIIonf nnd docryfod by fho sorvor.
1nitiulixution tectoro:
Whon n bIock cIhor In CIC modo Is usod, nn InIfInIIznfIon vocfor (IV) Is
mnInfnInod for onch koy. ThIs fIoId Is fIrsf InIfInIIzod by fho SS! Hnndshnko
IrofocoI. Thoronffor fho fInnI cIhorfoxf bIock from onch rocord Is rosorvod for
uso ns fho IV wIfh fho foIIowIng rocord.
Sequence numbero:
Inch nrfy mnInfnIns sonrnfo soquonco numbors for frnnsmIffod nnd
rocoIvod mossngos for onch connocfIon. Whon n nrfy sonds or rocoIvos n chnngo
cIhor soc mossngo, fho nrorInfo soquonco numbor Is sof fo zoro. Soquonco
numbors mny nof oxcood 2
64
- l.

SSI RCOR PROTOCOI

Tho SS! !ocord IrofocoI rovIdos fwo sorvIcos for SS! connocfIons:
V ConfiJentiulity: Tho Hnndshnko IrofocoI dofInos n shnrod socrof koy fhnf Is
usod for convonfIonnI oncryfIon of SS! nyIonds.
V Meoouge 1ntegrity: Tho Hnndshnko IrofocoI nIso dofInos n shnrod socrof koy
fhnf Is usod fo form n mossngo nufhonfIcnfIon codo (MAC).
IoIow IIguro IndIcnfos fho ovornII oornfIon of fho SS! !ocord IrofocoI. Tho
!ocord IrofocoI fnkos nn nIIcnfIon mossngo fo bo frnnsmIffod, frngmonfs fho dnfn
Info mnnngonbIo bIocks, ofIonnIIy comrossos fho dnfn, nIIos n MAC, oncryfs, ndds
n hondor, nnd frnnsmIfs fho rosuIfIng unIf In n TCI sogmonf.
!ocoIvod dnfn nro docryfod, vorIfIod, docomrossod, nnd ronssombIod nnd fhon
doIIvorod fo hIghor-IovoI usors.

Tho fIrsf sfo Is IvugmentutIon. Inch uor-Inyor mossngo Is frngmonfod Info
bIocks of 2l4 byfos (l6384 byfos) or Ioss.

oxf, compreooion Is ofIonnIIy nIIod. ComrossIon musf bo IossIoss nnd mny
nof Incronso fho confonf Iongfh by moro fhnn l024 byfos. In SS!v3 (ns woII ns fho
curronf vorsIon of T!S), no comrossIon nIgorIfhm Is socIfIod, so fho dofnuIf
comrossIon nIgorIfhm Is nuII.

Tho noxf sfo In rocossIng Is fo comufo n meoouge uuthenticution coJe ovor
fho comrossod dnfn. Ior fhIs uroso, n shnrod socrof koy Is usod. Tho cnIcuInfIon Is
dofInod ns

hnsh(MAC_wrIfo_socrof || nd_2 ||
hnsh(MAC_wrIfo_socrof || nd_l || soq_num ||
SS!Comrossod.fyo ||
SS!Comrossod.Iongfh || SS!Comrossod.frngmonf))

whoro
|| = concnfonnfIon
MAC_wrIfo_socrof = shnrod socrof koy
hnsh = cryfogrnhIc hnsh nIgorIfhm; oIfhor M5 or SHA-l
nd_l = fho byfo 0x36 (00ll 0ll0) roonfod 48 fImos (384 bIfs) for
M5 nnd 40 fImos (320 bIfs) for SHA-l
nd_2 = fho byfo 0x5C (0l0l ll00) roonfod 48 fImos for M5
nnd 40 fImos for SHA-l
soq_num = fho soquonco numbor for fhIs mossngo
SS!Comrossod.fyo = fho hIghor-IovoI rofocoI usod fo rocoss fhIs frngmonf
SS!Comrossod.Iongfh = fho Iongfh of fho comrossod frngmonf
SS!Comrossod.frngmonf = fho comrossod frngmonf (If comrossIon Is nof usod, fho
InInfoxf frngmonf)

oxf, fho comrossod mossngo Ius fho MAC nro oncryfod usIng symmofrIc
oncryfIon. IncryfIon mny nof Incronso fho confonf Iongfh by moro fhnn l024 byfos, so
fhnf fho fofnI Iongfh mny nof oxcood 2
l4
+ 2048.

Tho foIIowIng oncryfIon nIgorIfhms nro ormIffod:
BIock CIpLev Stveum CIpLev
AIgovItLm Key SIze AIgovItLm Key SIze
AIS
IIA
!C2-40
IS-40
IS
3IS
Iorfozzn
l28,256
l28
40
40
56
l68
80
!C4-40
!C4-l28

40
l28


SSL RecorJ Protocol Operution

Iorfozzn cnn bo usod In n omurt curJ encryption schomo. Ior otreum
encryption, fho comrossod mossngo Ius fho MAC nro oncryfod. ofo fhnf fho MAC
Is comufod boforo oncryfIon fnkos Inco nnd fhnf fho MAC Is fhon oncryfod nIong
wIfh fho InInfoxf or comrossod InInfoxf.
Ior block encryption, nddIng mny bo nddod nffor fho MAC rIor fo oncryfIon.
Tho nddIng Is In fho form of n numbor of nddIng byfos foIIowod by n ono-byfo
IndIcnfIon of fho Iongfh of fho nddIng. Tho fofnI nmounf of nddIng Is fho smnIIosf
nmounf such fhnf fho fofnI sIzo of fho dnfn fo bo oncryfod (InInfoxf Ius MAC Ius
nddIng) Is n muIfIIo of fho cIhor's bIock Iongfh.
Tho fInnI sfo of SS! !ocord IrofocoI rocossIng Is fo roond n hondor,
consIsfIng of fho foIIowIng fIoIds:
V Content Type (S bito): Tho hIghor Inyor rofocoI usod fo rocoss fho oncIosod
frngmonf.
V Mu]or Veroion (S bito): IndIcnfos mnjor vorsIon of SS! In uso. Ior SS!v3, fho
vnIuo Is 3.
V Minor Veroion (S bito): IndIcnfos mInor vorsIon In uso. Ior SS!v3, fho vnIuo Is 0.
V CompreooeJ Length (16 bito): Tho Iongfh In byfos of fho InInfoxf frngmonf (or
comrossod frngmonf If comrossIon Is usod). Tho mnxImum vnIuo Is 2
l4
+ 2048.

SSL RecorJ Formut

CHANG CIPHR SPC PROTOCOI
Tho Chnngo CIhor Soc IrofocoI Is ono of fho fhroo SS!-socIfIc rofocoIs fhnf
uso fho SS! !ocord IrofocoI, nnd If Is fho sImIosf. ThIs rofocoI consIsfs of n sIngIo
mossngo, whIch consIsfs of n sIngIo byfo wIfh fho vnIuo l.
Tho soIo uroso of fhIs mossngo Is fo cnuso fho ondIng sfnfo fo bo coIod Info
fho curronf sfnfo, whIch udnfos fho cIhor suIfo fo bo usod on fhIs connocfIon.

SSL RecorJ Protocol PuylouJ

AIRT PROTOCOI
Tho AIorf IrofocoI Is usod fo convoy SS!-roInfod nIorfs fo fho oor onfIfy. Inch
mossngo In fhIs rofocoI consIsfs of fwo byfos. Tho fIrsf byfo fnkos fho vnIuo wnrnIng (l)
or fnfnI (2) fo convoy fho sovorIfy of fho mossngo. If fho IovoI Is fnfnI, SS! ImmodInfoIy
formInnfos fho connocfIon.

Tho socond byfo confnIns n codo fhnf IndIcnfos fho socIfIc nIorf. IIrsf, wo IIsf
fhoso nIorfs fhnf nro nIwnys fnfnI (dofInIfIons from fho SS! socIfIcnfIon):
V unerpecteJ_meoouge: An InnrorInfo mossngo wns rocoIvod.
V buJ_recorJ_muc: An Incorrocf MAC wns rocoIvod.
V Jecompreooion_fuilure: Tho docomrossIon funcfIon rocoIvod Imroor Inuf
(o.g., unnbIo fo docomross or docomross fo gronfor fhnn mnxImum nIIownbIo
Iongfh).
V hunJohuke_fuilure: Sondor wns unnbIo fo nogofInfo nn nccofnbIo sof of
socurIfy nrnmofors gIvon fho ofIons nvnIInbIo.
V illegul_purumeter: A fIoId In n hnndshnko mossngo wns ouf of rnngo or
InconsIsfonf wIfh ofhor fIoIds.

Tho romnIndor of fho nIorfs nro fho foIIowIng:
V clooe_notify: ofIfIos fho rocIIonf fhnf fho sondor wIII nof sond nny moro
mossngos on fhIs connocfIon. Inch nrfy Is roquIrod fo sond n cIoso_nofIfy nIorf
boforo cIosIng fho wrIfo sIdo of n connocfIon.
V no_certificute: Mny bo sonf In rosonso fo n corfIfIcnfo roquosf If no nrorInfo
corfIfIcnfo Is nvnIInbIo.
V buJ_certificute: A rocoIvod corfIfIcnfo wns corruf (o.g., confnInod n sIgnnfuro
fhnf dId nof vorIfy).
V unoupporteJ_certificute: Tho fyo of fho rocoIvod corfIfIcnfo Is nof suorfod.
V certificute_retokeJ: A corfIfIcnfo hns boon rovokod by Ifs sIgnor.
V certificute_erpireJ: A corfIfIcnfo hns oxIrod.
V certificute_unknoun: Somo ofhor unsocIfIod Issuo nroso In rocossIng fho
corfIfIcnfo, rondorIng If unnccofnbIo.
HANSHAK PROTOCOI
Tho mosf comIox nrf of SS! Is fho Hnndshnko IrofocoI. ThIs rofocoI nIIows
fho sorvor nnd cIIonf fo nufhonfIcnfo onch ofhor nnd fo nogofInfo nn oncryfIon nnd
MAC nIgorIfhm nnd cryfogrnhIc koys fo bo usod fo rofocf dnfn sonf In nn SS!
rocord.
Tho Hnndshnko IrofocoI consIsfs of n sorIos of mossngos oxchnngod by cIIonf nnd
sorvor. Inch mossngo hns fhroo fIoIds:
V Tyo (l byfo): IndIcnfos ono of l0 mossngos.
V !ongfh (3 byfos): Tho Iongfh of fho mossngo In byfos.
V Confonf (_0 byfos): Tho nrnmofors nssocInfod wIfh fhIs mossngo.

SSL HunJohuke Protocol Meoouge Typeo
Messuge Type Puvumetevs
hoIIo_roquosf nuII
cIIonf_hoIIo vorsIon, rnndom, sossIon Id, cIhor suIfo, comrossIon mofhod
sorvor_hoIIo vorsIon, rnndom, sossIon Id, cIhor suIfo, comrossIon mofhod
corfIfIcnfo chnIn of X.509v3 corfIfIcnfos
sorvor_koy_oxchnngo nrnmofors, sIgnnfuro
corfIfIcnfo_roquosf fyo, nufhorIfIos
sorvor_dono nuII
corfIfIcnfo_vorIfy sIgnnfuro
cIIonf_koy_oxchnngo nrnmofors, sIgnnfuro
fInIshod hnsh vnIuo

Tho oxchnngo cnn bo vIowod ns hnvIng four hnsos.
PLuse 1: stubIIsL SecuvIty CupubIIItIes
ThIs hnso Is usod fo InIfInfo n IogIcnI connocfIon nnd fo osfnbIIsh fho socurIfy
cnnbIIIfIos fhnf wIII bo nssocInfod wIfh If. Tho oxchnngo Is InIfInfod by fho cIIonf,
whIch sonds n cIIent_LeIIo messuge wIfh fho foIIowIng nrnmofors:
V Veroion: Tho hIghosf SS! vorsIon undorsfood by fho cIIonf.

HunJohuke Protocol Action
V RunJom: A cIIonf-gonornfod rnndom sfrucfuro, consIsfIng of n 32-bIf fImosfnm
nnd 28 byfos gonornfod by n socuro rnndom numbor gonornfor.
V Seooion 1D: A vnrInbIo-Iongfh sossIon IdonfIfIor. A nonzoro vnIuo IndIcnfos fhnf

fho cIIonf wIshos fo udnfo fho nrnmofors of nn oxIsfIng connocfIon or cronfo n
now connocfIon on fhIs sossIon. A zoro vnIuo IndIcnfos fhnf fho cIIonf wIshos fo
osfnbIIsh n now connocfIon on n now sossIon.
V CipherSuite: ThIs Is n IIsf fhnf confnIns fho combInnfIons of cryfogrnhIc
nIgorIfhms suorfod by fho cIIonf, In docronsIng ordor of roforonco. Inch
oIomonf of fho IIsf (onch cIhor suIfo) dofInos bofh n koy oxchnngo nIgorIfhm nnd
n CIhorSoc; fhoso nro dIscussod subsoquonfIy.
V Compreooion MethoJ: ThIs Is n IIsf of fho comrossIon mofhods fho cIIonf
suorfs.

Affor sondIng fho cIIonf_hoIIo mossngo, fho cIIonf wnIfs for fho sevvev_LeIIo
messuge, whIch confnIns fho snmo nrnmofors ns fho cIIonf_hoIIo mossngo. Ior fho
sorvor_hoIIo mossngo, fho foIIowIng convonfIons nIy.
V Tho Veroion fielJ confnIns fho Iowor of fho vorsIon suggosfod by fho cIIonf
nnd fho hIghosf suorfod by fho sorvor.
V Tho RunJom fielJ Is gonornfod by fho sorvor nnd Is Indoondonf of fho
cIIonf's !nndom fIoId.
V If fho Seooion1D fielJ of fho cIIonf wns nonzoro, fho snmo vnIuo Is usod by
fho sorvor; ofhorwIso fho sorvor's SossIonI fIoId confnIns fho vnIuo for n now
sossIon.
V Tho CipherSuite fielJ confnIns fho sIngIo cIhor suIfo soIocfod by fho sorvor
from fhoso roosod by fho cIIonf.
V Tho Compreooion fielJ confnIns fho comrossIon mofhod soIocfod by fho
sorvor from fhoso roosod by fho cIIonf.

Tho fIrsf oIomonf of fho CIhor SuIfo nrnmofor Is fho koy oxchnngo mofhod (I.o.,
fho monns by whIch fho cryfogrnhIc koys for convonfIonnI oncryfIon nnd MAC nro
oxchnngod). Tho foIIowIng koy oxchnngo mofhods nro suorfod:
V RSA: Tho socrof koy Is oncryfod wIfh fho rocoIvor's !SA ubIIc koy. A ubIIc-
koy corfIfIcnfo for fho rocoIvor's koy musf bo mndo nvnIInbIo.
V FireJ Diffie-Hellmun: ThIs Is n IffIo-HoIImnn koy oxchnngo In whIch fho

sorvor's corfIfIcnfo confnIns fho IffIo-HoIImnn ubIIc nrnmofors sIgnod by fho
corfIfIcnfo nufhorIfy (CA).
V Ephemerul Diffie-Hellmun: ThIs fochnIquo Is usod fo cronfo ohomornI
(fomornry, ono-fImo) socrof koys. In fhIs cnso, fho IffIo-HoIImnn ubIIc koys
nro oxchnngod, sIgnod usIng fho sondor's rIvnfo !SA or SS koy. Tho rocoIvor
cnn uso fho corrosondIng ubIIc koy fo vorIfy fho sIgnnfuro. CorfIfIcnfos nro
usod fo nufhonfIcnfo fho ubIIc koys.
V Anonymouo Diffie-Hellmun: Tho bnso IffIo-HoIImnn nIgorIfhm Is usod, wIfh
no nufhonfIcnfIon. Thnf Is, onch sIdo sonds Ifs ubIIc IffIo-HoIImnn nrnmofors
fo fho ofhor, wIfh no nufhonfIcnfIon.
V Fortexxu: Tho fochnIquo dofInod for fho Iorfozzn schomo.

IoIIowIng fho dofInIfIon of n koy oxchnngo mofhod Is fho CIhorSoc, whIch
IncIudos fho foIIowIng fIoIds:
V CipherAlgorithm: Any of fho nIgorIfhms monfIonod onrIIor: !C4, !C2, IS,
3IS, IS40, IIA, Iorfozzn
V MACAlgorithm: M5 or SHA-l
V CipherType: Sfronm or IIock
V 1oErportuble: Truo or InIso
V HuohSixe: 0, l6 (for M5), or 20 (for SHA-l) byfos
V Key Muteriul: A soquonco of byfos fhnf confnIn dnfn usod In gonornfIng fho
wrIfo koys
V 1V Sixe: Tho sIzo of fho InIfInIIznfIon VnIuo for CIhor IIock ChnInIng (CIC)
oncryfIon

PLuse 2: Sevvev AutLentIcutIon und Key cLunge
Tho sorvor bogIns fhIs hnso by sondIng Ifs corfIfIcnfo, If If noods fo bo
nufhonfIcnfod; fho mossngo confnIns ono or n chnIn of X.509 corfIfIcnfos. Tho corfIfIcnfo
mossngo Is roquIrod for nny ngrood-on koy oxchnngo mofhod oxcof nnonymous IffIo-
HoIImnn.
oxf, n oerter_key_erchunge meoouge mny bo sonf If If Is roquIrod. If Is nof

roquIrod In fwo Insfnncos:
(l) Tho sorvor hns sonf n corfIfIcnfo wIfh fIxod IffIo-HoIImnn nrnmofors, or
(2) !SA koy oxchnngo Is fo bo usod.

Tho sorvor_koy_oxchnngo mossngo Is noodod for fho foIIowIng:
V Anonymouo Diffie-Hellmun:
Tho mossngo confonf consIsfs of fho fwo gIobnI IffIo-HoIImnn vnIuos (n
rImo numbor nnd n rImIfIvo roof of fhnf numbor) Ius fho sorvor's ubIIc
IffIo-HoIImnn koy.

V Ephemerul Diffie-Hellmun:
Tho mossngo confonf IncIudos fho fhroo IffIo-HoIImnn nrnmofors
rovIdod for nnonymous IffIo-HoIImnn, Ius n sIgnnfuro of fhoso nrnmofors.

V RSA key erchunge, in uhich the oerter io uoing RSA but huo u oignuture-
only RSA key:
AccordIngIy, fho cIIonf cnnnof sImIy sond n socrof koy oncryfod wIfh fho
sorvor's ubIIc koy. Insfond, fho sorvor musf cronfo n fomornry !SA
ubIIc/rIvnfo koy nIr nnd uso fho sorvor_koy_oxchnngo mossngo fo sond fho
ubIIc koy. Tho mossngo confonf IncIudos fho fwo nrnmofors of fho fomornry
!SA ubIIc koy (oxononf nnd moduIus) Ius n sIgnnfuro of fhoso nrnmofors.

V Fortexxu:
Somo furfhor dofnIIs nbouf fho sIgnnfuros nro wnrrnnfod. As usunI, n
sIgnnfuro Is cronfod by fnkIng fho hnsh of n mossngo nnd oncryfIng If wIfh fho
sondor's rIvnfo koy.

In fhIs cnso fho hnsh Is dofInod ns
IoeI(ClienIHello.ronJon (( SerterHello.ronJon (( SerterPorone)

Tho certificute_requeot meoouge IncIudos fwo nrnmofors: corfIfIcnfo_fyo nnd

corfIfIcnfo_nufhorIfIos. Tho corfIfIcnfo fyo IndIcnfos fho ubIIc-koy nIgorIfhm nnd Ifs
uso:
!SA, sIgnnfuro onIy
SS, sIgnnfuro onIy
!SA for fIxod IffIo-HoIImnn; In fhIs cnso fho sIgnnfuro Is usod onIy for
nufhonfIcnfIon, by sondIng n corfIfIcnfo sIgnod wIfh !SA
SS for fIxod IffIo-HoIImnn; ngnIn, usod onIy for nufhonfIcnfIon
!SA for ohomornI IffIo-HoIImnn
SS for ohomornI IffIo-HoIImnn
Iorfozzn

Tho socond nrnmofor In fho corfIfIcnfo_roquosf mossngo Is n IIsf of fho
dIsfInguIshod nnmos of nccofnbIo corfIfIcnfo nufhorIfIos.
Tho fInnI mossngo In Ihnso 2, nnd ono fhnf Is nIwnys roquIrod, Is fho
sorvor_dono mossngo, whIch Is sonf by fho sorvor fo IndIcnfo fho ond of fho sorvor hoIIo
nnd nssocInfod mossngos. Affor sondIng fhIs mossngo, fho sorvor wIII wnIf for n cIIonf
rosonso. ThIs mossngo hns no nrnmofors.

PLuse 3: CIIent AutLentIcutIon und Key cLunge
If fho sorvor hns roquosfod n corfIfIcnfo, fho cIIonf bogIns fhIs hnso by sondIng n
corfIfIcnfo mossngo. If no suIfnbIo corfIfIcnfo Is nvnIInbIo, fho cIIonf sonds n
no_corfIfIcnfo nIorf Insfond.
oxf Is fho cIIonf_koy_oxchnngo mossngo, whIch musf bo sonf In fhIs hnso. Tho
confonf of fho mossngo doonds on fho fyo of koy oxchnngo, ns foIIows:
RSA: Tho cIIonf gonornfos n 48-byfo ro-mnsfor socrof nnd oncryfs wIfh fho
ubIIc koy from fho sorvor's corfIfIcnfo or fomornry !SA koy from n
sorvor_koy_oxchnngo mossngo. Ifs uso fo comufo n mnsfor socrof Is oxInInod
Infor.
Ephemerul or Anonymouo Diffie-Hellmun: Tho cIIonf's ubIIc IffIo-HoIImnn
nrnmofors nro sonf.
FireJ Diffie-Hellmun: Tho cIIonf's ubIIc IffIo-HoIImnn nrnmofors woro sonf

In n corfIfIcnfo mossngo, so fho confonf of fhIs mossngo Is nuII.
Fortexxu: Tho cIIonf's Iorfozzn nrnmofors nro sonf.

IInnIIy, In fhIs hnso, fho cIIonf mny sond n corfIfIcnfo_vorIfy mossngo fo rovIdo
oxIIcIf vorIfIcnfIon of n cIIonf corfIfIcnfo. ThIs mossngo Is onIy sonf foIIowIng nny cIIonf
corfIfIcnfo fhnf hns sIgnIng cnnbIIIfy (I.o., nII corfIfIcnfos oxcof fhoso confnInIng fIxod
IffIo-HoIImnn nrnmofors).
ThIs mossngo sIgns n hnsh codo bnsod on fho rocodIng mossngos, dofInod ns foIIows:
CerIificoIeVerif,.eignoIure.nJ_IoeI
MD(noeIer_eecreI (( poJ_2 (( MD(IonJeIole_neeeogee ((
noeIer_eecreI (( poJ_1)),
CerIificoIe.eignoIure.eIo_IoeI
SHA(noeIer_eecreI (( poJ_2 (( SHA(IonJeIole_neeeogee ((
noeIer_eecreI (( poJ_1)),

whoro nd_l nnd nd_2 nro fho vnIuos dofInod onrIIor for fho MAC,
hnndshnko_mossngos rofors fo nII Hnndshnko IrofocoI mossngos sonf or rocoIvod
sfnrfIng nf cIIonf_hoIIo buf nof IncIudIng fhIs mossngo, nnd mnsfor_socrof Is fho
cnIcuInfod socrof.

PLuse 4 : IInIsL
ThIs hnso comIofos fho soffIng u of n socuro connocfIon. Tho cIIonf sonds n
chnngo_cIhor_soc mossngo nnd coIos fho ondIng CIhorSoc Info fho curronf
CIhorSoc. Tho cIIonf fhon ImmodInfoIy sonds fho fInIshod mossngo undor fho now
nIgorIfhms, koys, nnd socrofs. Tho fInIshod mossngo vorIfIos fhnf fho koy oxchnngo nnd
nufhonfIcnfIon rocossos woro succossfuI.

Tho confonf of fho fInIshod mossngo Is fho concnfonnfIon of fwo hnsh vnIuos:
MD(noeIer_eecreI (( poJ2 (( MD(IonJeIole_neeeogee ((
SenJer (( noeIer_eecreI (( poJ1))
SHA(noeIer_eecreI (( poJ2 (( SHA(IonJeIole_neeeogee ((

SenJer (( noeIer_eecreI (( poJ1))

whoro Sondor Is n codo fhnf IdonfIfIos fhnf fho sondor Is fho cIIonf nnd
hnndshnko_mossngos Is nII of fho dnfn from nII hnndshnko mossngos u fo buf nof
IncIudIng fhIs mossngo.
In rosonso fo fhoso fwo mossngos, fho sorvor sonds Ifs own chnngo_cIhor_soc
mossngo, frnnsfors fho ondIng fo fho curronf CIhorSoc, nnd sonds Ifs fInIshod
mossngo. Af fhIs oInf fho hnndshnko Is comIofo nnd fho cIIonf nnd sorvor mny bogIn
fo oxchnngo nIIcnfIon Inyor dnfn.

CRYPTOGRAPHIC COMPUTATIONS
Two furfhor Ifoms nro of Inforosf: fho cronfIon of n shnrod mnsfor socrof by
monns of fho koy oxchnngo, nnd fho gonornfIon of cryfogrnhIc nrnmofors from fho
mnsfor socrof.

Mustev Secvet CveutIon:
Tho shnrod mnsfor socrof Is n ono-fImo 48-byfo vnIuo (384 bIfs) gonornfod for fhIs
sossIon by monns of socuro koy oxchnngo. Tho cronfIon Is In tuo otugeo.
IIrsf, n ro_mnsfor_socrof Is oxchnngod. Socond, fho mnsfor_socrof Is cnIcuInfod
by bofh nrfIos. Ior ro_mnsfor_socrof oxchnngo, fhoro nro fwo ossIbIIIfIos:
V RSA: A 48-byfo ro_mnsfor_socrof Is gonornfod by fho cIIonf, oncryfod wIfh fho
sorvor's ubIIc !SA koy, nnd sonf fo fho sorvor. Tho sorvor docryfs fho
cIhorfoxf usIng Ifs rIvnfo koy fo rocovor fho ro_mnsfor_socrof.
V Diffie-Hellmun: Iofh cIIonf nnd sorvor gonornfo n IffIo-HoIImnn ubIIc koy.
Affor fhoso nro oxchnngod, onch sIdo orforms fho IffIo-HoIImnn cnIcuInfIon fo
cronfo fho shnrod ro_mnsfor_socrof.

Iofh sIdos now comufo fho mnsfor_socrof ns foIIows:
noeIer_eecreI = MD(pre_noeIer_eecreI (( SHA('A' ((
pre_noeIer_eecreI ((ClienIHello.ronJon ((
SerterHello.ronJon)) ((
MD(pre_noeIer_eecreI (( SHA('BB' ((
pre_noeIer_eecreI (( ClienIHello.ronJon ((
SerterHello.ronJon)) ((
MD(pre_noeIer_eecreI (( SHA('CCC' ((
pre_noeIer_eecreI (( ClienIHello.ronJon ((
SerterHello.ronJon))

whoro CIIonfHoIIo.rnndom nnd SorvorHoIIo.rnndom nro fho fwo nonco vnIuos
oxchnngod In fho InIfInI hoIIo mossngos.

GenevutIon oI CvyptogvupLIc Puvumetevs:
CIhorSocs roquIro n cIIonf wrIfo MAC socrof, n sorvor wrIfo MAC socrof, n
cIIonf wrIfo koy, n sorvor wrIfo koy, n cIIonf wrIfo IV, nnd n sorvor wrIfo IV, whIch nro
gonornfod from fho mnsfor socrof In fhnf ordor.

Thoso nrnmofors nro gonornfod from fho mnsfor socrof by hnshIng fho mnsfor
socrof Info n soquonco of socuro byfos of suffIcIonf Iongfh for nII noodod nrnmofors.

Tho gonornfIon of fho koy mnforInI from fho mnsfor socrof usos fho snmo formnf
for gonornfIon of fho mnsfor socrof from fho ro-mnsfor socrof:
le,_Ilocl = MD(noeIer_eecreI (( SHA('A' (( noeIer_eecreI ((
SerterHello.ronJon (( ClienIHello.ronJon)) ((
MD(noeIer_eecreI (( SHA('BB' (( noeIer_eecreI ((
SerterHello.ronJon (( ClienIHello.ronJon)) ((
MD(noeIer_eecreI (( SHA('CCC' (( noeIer_
eecreI (( SerterHello.ronJon ((
ClienIHello.ronJon)) (( . . .
unfII onough oufuf hns boon gonornfod. Tho rosuIf of fhIs nIgorIfhmIc sfrucfuro Is n
soudornndom funcfIon.


TRANSPORT IAYR SCURITY
T!S Is nn IITI sfnndnrdIznfIon InIfInfIvo whoso gonI Is fo roduco nn Infornof
sfnndnrd vorsIon of SS!. T!S Is dofInod ns n Iroosod Infornof Sfnndnrd In !IC 2246.
!IC 2246 Is vory sImIInr fo SS!v3.

VevsIon Numbev:
Tho T!S !ocord Iormnf Is fho snmo ns fhnf of fho SS! !ocord Iormnf, nnd fho
fIoIds In fho hondor hnvo fho snmo monnIngs. Tho ono dIfforonco Is In vorsIon vnIuos.
Ior fho curronf vorsIon of T!S, fho Mnjor VorsIon Is 3 nnd fho MInor VorsIon Is l.

Messuge AutLentIcutIon Code:
Thoro nro fwo dIfforoncos bofwoon fho SS!v3 nnd T!S MAC schomos: fho ncfunI
nIgorIfhm nnd fho scoo of fho MAC cnIcuInfIon. T!S mnkos uso of fho HMAC
nIgorIfhm dofInod In !IC 2l04.

HMAC Is dofInod ns foIIows:
HMACK(M) = H|(K
+
ond)||H|(K
+
Ind)||M]]
whoro
H = omboddod hnsh funcfIon (for T!S, oIfhor M5 or SHA-l)
M = mossngo Inuf fo HMAC
K
+
= socrof koy nddod wIfh zoros on fho Ioff so fhnf fho rosuIf Is oqunI fo fho bIock
Iongfh of fho hnsh codo(for M5 nnd SHA-l, bIock Iongfh = 5l2 bIfs)
Ind = 00ll0ll0 (36 In hoxndocImnI) roonfod 64 fImos (5l2 bIfs)
ond = 0l0lll00 (5C In hoxndocImnI) roonfod 64 fImos (5l2 bIfs)

SS!v3 usos fho snmo nIgorIfhm, oxcof fhnf fho nddIng byfos nro concnfonnfod
wIfh fho socrof koy rnfhor fhnn boIng XO!od wIfh fho socrof koy nddod fo fho bIock
Iongfh. Tho IovoI of socurIfy shouId bo nbouf fho snmo In bofh cnsos.
Ior T!S, fho MAC cnIcuInfIon oncomnssos fho fIoIds IndIcnfod In fho foIIowIng
oxrossIon:
HMAC_IoeI(MAC_uriIe_eecreI, eeq_nun (( TISConpreeeeJ.I,pe ((
TISConpreeeeJ.tereion (( TISConpreeeeJ.lengII ((
TISConpreeeeJ.frognenI)

Pseudovundom IunctIon:
T!S mnkos uso of n soudornndom funcfIon roforrod fo ns I!I fo oxnnd socrofs
Info bIocks of dnfn for urosos of koy gonornfIon or vnIIdnfIon. Tho objocfIvo Is fo mnko
uso of n roInfIvoIy smnII shnrod socrof vnIuo buf fo gonornfo Iongor bIocks of dnfn In n
wny fhnf Is socuro from fho kInds of nffncks mndo on hnsh funcfIons nnd MACs.

TLS Function P_huoh (oecret, oeeJ)
Tho I!I Is bnsod on fho foIIowIng dnfn oxnnsIon funcfIon.

P_IoeI(eecreI, eeeJ) = HMAC_IoeI(eecreI, A(1) (( eeeJ) ((
HMAC_IoeI(eecreI, A(2) (( eeeJ) ((
HMAC_IoeI(eecreI, A(3) (( eeeJ) (( ...

whoro A() Is dofInod ns
A(0) = sood
A(I) = HMAC_hnsh (socrof, A(I - l))

Tho dnfn oxnnsIon funcfIon mnkos uso of fho HMAC nIgorIfhm, wIfh oIfhor
M5 or SHA-l ns fho undorIyIng hnsh funcfIon. As cnn bo soon, I_hnsh cnn bo Ifornfod
ns mnny fImos ns nocossnry fo roduco fho roquIrod qunnfIfy of dnfn. To mnko I!I ns
socuro ns ossIbIo, If usos fwo hnsh nIgorIfhms In n wny fhnf shouId gunrnnfoo Ifs
socurIfy If oIfhor nIgorIfhm romnIns socuro.

PRF io JefineJ uo
PII(eecreI, loIel, eeeJ) = P_MD(S1, loIel (( eeeJ)
P_SHA-1(S2, loIel (( eeeJ)

I!I fnkos ns Inuf n socrof vnIuo, nn IdonfIfyIng InboI, nnd n sood vnIuo nnd
roducos nn oufuf of nrbIfrnry Iongfh. Tho oufuf Is cronfod by sIIffIng fho socrof
vnIuo Info fwo hnIvos (Sl nnd S2) nnd orformIng I_hnsh on onch hnIf, usIng M5 on
ono hnIf nnd SHA-l on fho ofhor hnIf.
Tho fwo rosuIfs nro oxcIusIvo-O!od fo roduco fho oufuf; for fhIs uroso,
I_M5 wIII gonornIIy hnvo fo bo Ifornfod moro fImos fhnn I_SHA-l fo roduco nn
oqunI nmounf of dnfn for Inuf fo fho oxcIusIvo-O! funcfIon.

AIevt Codes:
T!S suorfs nII of fho nIorf codos dofInod In SS!v3 wIfh fho oxcofIon of
no_corfIfIcnfo. A numbor of nddIfIonnI codos nro dofInod In T!S; of fhoso, fho foIIowIng
nro nIwnys fnfnI:
V Jecryption_fuileJ:
A cIhorfoxf docryfod In nn InvnIId wny; oIfhor If wns nof nn ovon
muIfIIo of fho bIock Iongfh or Ifs nddIng vnIuos, whon chockod, woro Incorrocf.
V recorJ_oterflou:
A T!S rocord wns rocoIvod wIfh n nyIond (cIhorfoxf) whoso Iongfh
oxcoods 2
l4
+ 2048 byfos, or fho cIhorfoxf docryfod fo n Iongfh of gronfor fhnn
2
l4
+ l024 byfos.
V unknoun_cu:
A vnIId corfIfIcnfo chnIn or nrfInI chnIn wns rocoIvod, buf fho corfIfIcnfo
wns nof nccofod bocnuso fho CA corfIfIcnfo couId nof bo Iocnfod or couId nof bo
mnfchod wIfh n known, frusfod CA.
V ucceoo_JenieJ: A vnIId corfIfIcnfo wns rocoIvod, buf whon nccoss confroI wns
nIIod, fho sondor docIdod nof fo rocood wIfh fho nogofInfIon.
V JecoJe_error: A mossngo couId nof bo docodod bocnuso n fIoId wns ouf of Ifs
socIfIod rnngo or fho Iongfh of fho mossngo wns Incorrocf.
V erport_reotriction: A nogofInfIon nof In comIInnco wIfh oxorf rosfrIcfIons on
koy Iongfh wns dofocfod.
V protocol_teroion: Tho rofocoI vorsIon fho cIIonf nffomfod fo nogofInfo Is
rocognIzod buf nof suorfod.
V inoufficient_oecurity:
!ofurnod Insfond of hnndshnko_fnIIuro whon n nogofInfIon hns fnIIod
socIfIcnIIy bocnuso fho sorvor roquIros cIhors moro socuro fhnn fhoso
suorfod by fho cIIonf.
V internul_error:
An InfornnI orror unroInfod fo fho oor or fho corrocfnoss of fho rofocoI
mnkos If ImossIbIo fo confInuo.

Tho romnIndor of fho now nIorfs IncIudo fho foIIowIng:
V Jecrypt_error:
A hnndshnko cryfogrnhIc oornfIon fnIIod, IncIudIng boIng unnbIo fo
vorIfy n sIgnnfuro, docryf n koy oxchnngo, or vnIIdnfo n fInIshod mossngo.
V uoer_cunceleJ: ThIs hnndshnko Is boIng cnncoIod for somo ronson unroInfod fo

n rofocoI fnIIuro.
V no_renegotiution:
Sonf by n cIIonf In rosonso fo n hoIIo roquosf or by fho sorvor In rosonso
fo n cIIonf hoIIo nffor InIfInI hnndshnkIng. IIfhor of fhoso mossngos wouId
normnIIy rosuIf In ronogofInfIon, buf fhIs nIorf IndIcnfos fhnf fho sondor Is nof
nbIo fo ronogofInfo. ThIs mossngo Is nIwnys n wnrnIng.

CIpLev SuItes:
Thoro nro sovornI smnII dIfforoncos bofwoon fho cIhor suIfos nvnIInbIo undor
SS!v3 nnd undor T!S:
V Key Erchunge: T!S suorfs nII of fho koy oxchnngo fochnIquos of SS!v3 wIfh
fho oxcofIon of Iorfozzn.
V Symmetric Encryption Algorithmo: T!S IncIudos nII of fho symmofrIc
oncryfIon nIgorIfhms found In SS!v3, wIfh fho oxcofIon of Iorfozzn.

CIIent CevtIIIcute Types:
T!S dofInos fho foIIowIng corfIfIcnfo fyos fo bo roquosfod In n
corfIfIcnfo_roquosf mossngo: rsn_sIgn, dss_sIgn, rsn_fIxod_dh, nnd dss_fIxod_dh. Thoso
nro nII dofInod In SS!v3.
In nddIfIon, SS!v3 IncIudos rsn_ohomornI_dh, dss_ohomornI_dh, nnd
forfozzn_kon. IhomornI IffIo-HoIImnn InvoIvos sIgnIng fho IffIo-HoIImnn
nrnmofors wIfh oIfhor !SA or SS; for T!S, fho rsn_sIgn nnd dss_sIgn fyos nro usod
for fhnf funcfIon; n sonrnfo sIgnIng fyo Is nof noodod fo sIgn IffIo-HoIImnn
nrnmofors. T!S doos nof IncIudo fho Iorfozzn schomo.

CevtIIIcute_VevIIy und IInIsLed Messuges:
In fho T!S corfIfIcnfo_vorIfy mossngo, fho M5 nnd SHA-l hnshos nro cnIcuInfod
onIy ovor hnndshnko_mossngos. !ocnII fhnf for SS!v3, fho hnsh cnIcuInfIon nIso
IncIudod fho mnsfor socrof nnd nds. Thoso oxfrn fIoIds woro foIf fo ndd no nddIfIonnI
socurIfy.
As wIfh fho fInIshod mossngo In SS!v3, fho fInIshod mossngo In T!S Is n hnsh
bnsod on fho shnrod mnsfor_socrof, fho rovIous hnndshnko mossngos, nnd n InboI fhnf
IdonfIfIos cIIonf or sorvor. Tho cnIcuInfIon Is somowhnf dIfforonf.

Ior T!S, wo hnvo
PII(noeIer_eecreI, finieIeJ_loIel, MD(IonJeIole_neeeogee)((
SHA-1(IonJeIole_neeeogee))

whoro fInIshod_InboI Is fho sfrIng "cIIonf fInIshod" for fho cIIonf nnd "sorvor fInIshod"
for fho sorvor.

CvyptogvupLIc CompututIons:
Tho ro_mnsfor_socrof for T!S Is cnIcuInfod In fho snmo wny ns In SS!v3. As In
SS!v3, fho mnsfor_socrof In T!S Is cnIcuInfod ns n hnsh funcfIon of fho
ro_mnsfor_socrof nnd fho fwo hoIIo rnndom numbors.

Tho form of fho T!S cnIcuInfIon Is dIfforonf from fhnf of SS!v3 nnd Is dofInod ns
foIIows:
noeIer_eecreI = PII(pre_noeIer_eecreI, "noeIer eecreI",
ClienIHello.ronJon (( SerterHello.ronJon)

Tho nIgorIfhm Is orformod unfII 48 byfos of soudornndom oufuf nro roducod.
Tho cnIcuInfIon of fho koy bIock mnforInI (MAC socrof koys, sossIon oncryfIon koys,
nnd IVs) Is dofInod ns foIIows:
le,_Ilocl = PII(noeIer_eecreI, "le, exponeion",
SecuriI,PoroneIere.eerter_ronJon ((
SecuriI,PoroneIere.clienI_ronJon)

unfII onough oufuf hns boon gonornfod. As wIfh SS!v3, fho koy_bIock Is n funcfIon of
fho mnsfor_socrof nnd fho cIIonf nnd sorvor rnndom numbors, buf for T!S fho ncfunI
nIgorIfhm Is dIfforonf.
PuddIng:
In SS!, fho nddIng nddod rIor fo oncryfIon of usor dnfn Is fho mInImum
nmounf roquIrod so fhnf fho fofnI sIzo of fho dnfn fo bo oncryfod Is n muIfIIo of fho
cIhor's bIock Iongfh.

In T!S, fho nddIng cnn bo nny nmounf fhnf rosuIfs In n fofnI fhnf Is n muIfIIo
of fho cIhor's bIock Iongfh, u fo n mnxImum of 255 byfos.

Ior erumple, If fho InInfoxf (or comrossod foxf If comrossIon Is usod) Ius
MAC Ius nddIng.Iongfh byfo Is ?9 byfos Iong, fhon fho nddIng Iongfh, In byfos, cnn
bo l, 9, l?, nnd so on, u fo 249. A vnrInbIo nddIng Iongfh mny bo usod fo frusfrnfo
nffncks bnsod on nn nnnIysIs of fho Iongfhs of oxchnngod mossngos.

.3 SCUR ICTRONIC TRANSACTION
SIT Is nn oon oncryfIon nnd socurIfy socIfIcnfIon dosIgnod fo rofocf crodIf
cnrd frnnsncfIons on fho Infornof.
SIT Is nof IfsoIf n nymonf sysfom. !nfhor If Is n sof of socurIfy rofocoIs nnd
formnfs fhnf onnbIos usors fo omIoy fho oxIsfIng crodIf cnrd nymonf Infrnsfrucfuro on
nn oon nofwork, such ns fho Infornof, In n socuro fnshIon.

In ossonco, SIT rovIdos fhroo sorvIcos:
V IrovIdos n socuro communIcnfIons chnnnoI nmong nII nrfIos InvoIvod In n
frnnsncfIon
V IrovIdos frusf by fho uso of X.509v3 dIgIfnI corfIfIcnfos
V Insuros rIvncy bocnuso fho InformnfIon Is onIy nvnIInbIo fo nrfIos In n
frnnsncfIon whon nnd whoro nocossnry

SIT Is n comIox socIfIcnfIon dofInod In fhroo books Issuod In Mny of l99?:
V Book 1: IusInoss oscrIfIon (80 ngos)
V Book 2: Irogrnmmor's CuIdo (629 ngos)
V Book 3: IormnI IrofocoI ofInIfIon (262 ngos)
ST OVRVIW
A good wny fo bogIn our dIscussIon of SIT Is fo Iook nf fho busInoss
roquIromonfs for SIT, Ifs koy fonfuros, nnd fho nrfIcInnfs In SIT frnnsncfIons.

RequIvements:
Iook l of fho SIT socIfIcnfIon IIsfs fho foIIowIng busInoss roquIromonfs for
socuro nymonf rocossIng wIfh crodIf cnrds ovor fho Infornof nnd ofhor nofworks:
V ProtiJe confiJentiulity of puyment unJ orJering informution: If Is
nocossnry fo nssuro cnrdhoIdors fhnf fhIs InformnfIon Is snfo nnd nccossIbIo onIy
fo fho Infondod rocIIonf. ConfIdonfInIIfy nIso roducos fho rIsk of frnud by oIfhor
nrfy fo fho frnnsncfIon or by mnIIcIous fhIrd nrfIos. SIT usos oncryfIon fo
rovIdo confIdonfInIIfy.

V Enoure the integrity of ull trunomitteJ Jutu: Thnf Is, onsuro fhnf no chnngos
In confonf occur durIng frnnsmIssIon of SIT mossngos. IgIfnI sIgnnfuros nro
usod fo rovIdo InfogrIfy.
V ProtiJe uuthenticution thut u curJholJer io u legitimute uoer of u creJit
curJ uccount: A mochnnIsm fhnf IInks n cnrdhoIdor fo n socIfIc nccounf
numbor roducos fho IncIdonco of frnud nnd fho ovornII cosf of nymonf
rocossIng. IgIfnI sIgnnfuros nnd corfIfIcnfos nro usod fo vorIfy fhnf n
cnrdhoIdor Is n IogIfImnfo usor of n vnIId nccounf.

V ProtiJe uuthenticution thut u merchunt cun uccept creJit curJ
trunouctiono through ito relutionohip uith u finunciul inotitution: ThIs Is
fho comIomonf fo fho rocodIng roquIromonf. CnrdhoIdors nood fo bo nbIo fo
IdonfIfy morchnnfs wIfh whom fhoy cnn conducf socuro frnnsncfIons. AgnIn,
dIgIfnI sIgnnfuros nnd corfIfIcnfos nro usod.
V Enoure the uoe of the beot oecurity pructiceo unJ oyotem Jeoign
techniqueo to protect ull legitimute purtieo in un electronic commerce
trunouction: SIT Is n woII-fosfod socIfIcnfIon bnsod on hIghIy socuro
cryfogrnhIc nIgorIfhms nnd rofocoIs.
V Creute u protocol thut neither JepenJo on trunoport oecurity mechuniomo

nor pretento their uoe: SIT cnn socuroIy oornfo ovor n "rnw" TCI/II sfnck.
Howovor, SIT doos nof Inforforo wIfh fho uso of ofhor socurIfy mochnnIsms,
such ns IISoc nnd SS!/T!S.
V Fucilitute unJ encouruge interoperubility umong ooftuure unJ netuork
protiJero: Tho SIT rofocoIs nnd formnfs nro Indoondonf of hnrdwnro
Infform, oornfIng sysfom, nnd Wob soffwnro.

Key Ieutuves oI ST:
To moof fho roquIromonfs jusf oufIInod, SIT Incorornfos fho foIIowIng fonfuros:

V ConfiJentiulity of informution:
CnrdhoIdor nccounf nnd nymonf InformnfIon Is socurod ns If frnvoIs
ncross fho nofwork. An InforosfIng nnd Imorfnnf fonfuro of SIT Is fhnf If
rovonfs fho morchnnf from IonrnIng fho cnrdhoIdor's crodIf cnrd numbor; fhIs Is
onIy rovIdod fo fho IssuIng bnnk. ConvonfIonnI oncryfIon by IS Is usod fo
rovIdo confIdonfInIIfy.
V 1ntegrity of Jutu:
Inymonf InformnfIon sonf from cnrdhoIdors fo morchnnfs IncIudos ordor
InformnfIon, orsonnI dnfn, nnd nymonf InsfrucfIons. SIT gunrnnfoos fhnf
fhoso mossngo confonfs nro nof nIforod In frnnsIf. !SA dIgIfnI sIgnnfuros, usIng
SHA-l hnsh codos, rovIdo mossngo InfogrIfy. CorfnIn mossngos nro nIso
rofocfod by HMAC usIng SHA-l.
V CurJholJer uccount uuthenticution:
SIT onnbIos morchnnfs fo vorIfy fhnf n cnrdhoIdor Is n IogIfImnfo usor of
n vnIId cnrd nccounf numbor. SIT usos X.509v3 dIgIfnI corfIfIcnfos wIfh !SA
sIgnnfuros for fhIs uroso.
V Merchunt uuthenticution:
SIT onnbIos cnrdhoIdors fo vorIfy fhnf n morchnnf hns n roInfIonshI wIfh
n fInnncInI InsfIfufIon nIIowIng If fo nccof nymonf cnrds. SIT usos X.509v3
dIgIfnI corfIfIcnfos wIfh !SA sIgnnfuros for fhIs uroso.
ST PuvtIcIpunts:
Tho nrfIcInnfs In fho SIT sysfom, whIch IncIudo fho foIIowIng:
V CurJholJer:
In fho oIocfronIc onvIronmonf, consumors nnd corornfo urchnsors
Inforncf wIfh morchnnfs from orsonnI comufors ovor fho Infornof. A
cnrdhoIdor Is nn nufhorIzod hoIdor of n nymonf cnrd (o.g., MnsforCnrd, VIsn)
fhnf hns boon Issuod by nn Issuor.

V Merchunt:
A morchnnf Is n orson or orgnnIznfIon fhnf hns goods or sorvIcos fo soII fo
fho cnrdhoIdor. TyIcnIIy, fhoso goods nnd sorvIcos nro offorod vIn n Wob sIfo or
by oIocfronIc mnII. A morchnnf fhnf nccofs nymonf cnrds musf hnvo n
roInfIonshI wIfh nn ncquIror.

V 1oouer.
ThIs Is n fInnncInI InsfIfufIon, such ns n bnnk, fhnf rovIdos fho
cnrdhoIdor wIfh fho nymonf cnrd. TyIcnIIy, nccounfs nro nIIod for nnd
oonod by mnII or In orson. !IfImnfoIy, If Is fho Issuor fhnf Is rosonsIbIo for
fho nymonf of fho dobf of fho cnrdhoIdor.

V Acquirer.
ThIs Is n fInnncInI InsfIfufIon fhnf osfnbIIshos nn nccounf wIfh n morchnnf
nnd rocossos nymonf cnrd nufhorIznfIons nnd nymonfs. Morchnnfs wIII
usunIIy nccof moro fhnn ono crodIf cnrd brnnd buf do nof wnnf fo donI wIfh
muIfIIo bnnkcnrd nssocInfIons or wIfh muIfIIo IndIvIdunI Issuors.
Tho ncquIror rovIdos nufhorIznfIon fo fho morchnnf fhnf n gIvon cnrd
nccounf Is ncfIvo nnd fhnf fho roosod urchnso doos nof oxcood fho crodIf IImIf.
Tho ncquIror nIso rovIdos oIocfronIc frnnsfor of nymonfs fo fho morchnnf's
nccounf. SubsoquonfIy, fho ncquIror Is roImbursod by fho Issuor ovor somo sorf of
nymonf nofwork for oIocfronIc funds frnnsfor.

V Puyment guteuuy.
ThIs Is n funcfIon oornfod by fho ncquIror or n dosIgnnfod fhIrd nrfy
fhnf rocossos morchnnf nymonf mossngos. Tho nymonf gnfowny Inforfncos
bofwoon SIT nnd fho oxIsfIng bnnkcnrd nymonf nofworks for nufhorIznfIon nnd
nymonf funcfIons. Tho morchnnf oxchnngos SIT mossngos wIfh fho nymonf
gnfowny ovor fho Infornof, whIIo fho nymonf gnfowny hns somo dIrocf or
nofwork connocfIon fo fho ncquIror's fInnncInI rocossIng sysfom.

V Certificution uuthority (CA):
ThIs Is nn onfIfy fhnf Is frusfod fo Issuo X.509v3 ubIIc-koy corfIfIcnfos for
cnrdhoIdors, morchnnfs, nnd nymonf gnfownys. Tho succoss of SIT wIII doond
on fho oxIsfonco of n CA Infrnsfrucfuro nvnIInbIo for fhIs uroso. A hIornrchy of
CAs Is usod, so fhnf nrfIcInnfs nood nof bo dIrocfIy corfIfIod by n roof
nufhorIfy.

Secure Electronic Commerce Componento
Tho oequence of etento fhoso nro roquIrod for n frnnsncfIon:

V TLe customev opens un uccount.
Tho cusfomor obfnIns n crodIf cnrd nccounf, such ns MnsforCnrd or VIsn,
wIfh n bnnk fhnf suorfs oIocfronIc nymonf nnd SIT.
V TLe customev veceIves u cevtIIIcute.
Affor suIfnbIo vorIfIcnfIon of IdonfIfy, fho cusfomor rocoIvos nn X.509v3
dIgIfnI corfIfIcnfo, whIch Is sIgnod by fho bnnk. Tho corfIfIcnfo vorIfIos fho
cusfomor's !SA ubIIc koy nnd Ifs oxIrnfIon dnfo. If nIso osfnbIIshos n
roInfIonshI, gunrnnfood by fho bnnk, bofwoon fho cusfomor's koy nIr nnd hIs or
hor crodIf cnrd.
V MevcLunts Luve tLeIv own cevtIIIcutes.
A morchnnf who nccofs n corfnIn brnnd of cnrd musf bo In ossossIon of
fwo corfIfIcnfos for fwo ubIIc koys ownod by fho morchnnf: ono for sIgnIng
mossngos, nnd ono for koy oxchnngo. Tho morchnnf nIso noods n coy of fho
nymonf gnfowny's ubIIc-koy corfIfIcnfo.
V TLe customev pIuces un ovdev.
ThIs Is n rocoss fhnf mny InvoIvo fho cusfomor fIrsf browsIng fhrough
fho morchnnf's Wob sIfo fo soIocf Ifoms nnd doformIno fho rIco. Tho cusfomor
fhon sonds n IIsf of fho Ifoms fo bo urchnsod fo fho morchnnf, who rofurns nn
ordor form confnInIng fho IIsf of Ifoms, fhoIr rIco, n fofnI rIco, nnd nn ordor
numbor.
V TLe mevcLunt Is vevIIIed.
In nddIfIon fo fho ordor form, fho morchnnf sonds n coy of Ifs corfIfIcnfo,
so fhnf fho cusfomor cnn vorIfy fhnf ho or sho Is donIIng wIfh n vnIId sforo.
V TLe ovdev und puyment uve sent.
Tho cusfomor sonds bofh ordor nnd nymonf InformnfIon fo fho morchnnf,
nIong wIfh fho cusfomor's corfIfIcnfo. Tho ordor confIrms fho urchnso of fho
Ifoms In fho ordor form.
Tho nymonf confnIns crodIf cnrd dofnIIs. Tho nymonf InformnfIon Is
oncryfod In such n wny fhnf If cnnnof bo rond by fho morchnnf. Tho cusfomor's
corfIfIcnfo onnbIos fho morchnnf fo vorIfy fho cusfomor.
V TLe mevcLunt vequests puyment uutLovIzutIon.

Tho morchnnf sonds fho nymonf InformnfIon fo fho nymonf gnfowny,
roquosfIng nufhorIznfIon fhnf fho cusfomor's nvnIInbIo crodIf Is suffIcIonf for fhIs
urchnso.
V TLe mevcLunt conIIvms tLe ovdev.
Tho morchnnf sonds confIrmnfIon of fho ordor fo fho cusfomor.
V TLe mevcLunt pvovIdes tLe goods ov sevvIce.
Tho morchnnf shIs fho goods or rovIdos fho sorvIco fo fho cusfomor.
V TLe mevcLunt vequests puyment.
ThIs roquosf Is sonf fo fho nymonf gnfowny, whIch hnndIos nII of fho
nymonf rocossIng.

UAI SIGNATUR
An Imorfnnf InnovnfIon Infroducod In SIT: fho dunI sIgnnfuro. Tho uroso of
fho dunI sIgnnfuro Is fo IInk fwo mossngos fhnf nro Infondod for fwo dIfforonf
rocIIonfs.
In fhIs cnso, fho cusfomor wnnfs fo sond fho ordor InformnfIon (OI) fo fho
morchnnf nnd fho nymonf InformnfIon (II) fo fho bnnk. Tho morchnnf doos nof nood fo
know fho cusfomor's crodIf cnrd numbor, nnd fho bnnk doos nof nood fo know fho
dofnIIs of fho cusfomor's ordor.
Tho cusfomor Is nffordod oxfrn rofocfIon In forms of rIvncy by kooIng fhoso
fwo Ifoms sonrnfo. Howovor, fho fwo Ifoms musf bo IInkod In n wny fhnf cnn bo usod fo
rosoIvo dIsufos If nocossnry.
Tho IInk Is noodod so fhnf fho cusfomor cnn rovo fhnf fhIs nymonf Is Infondod
for fhIs ordor nnd nof for somo ofhor goods or sorvIco.

To soo fho nood for fho IInk, suoso fhnf the cuotomero oenJ the merchunt
tuo meoougeo: n sIgnod OI nnd n sIgnod II, nnd fho morchnnf nssos fho II on fo fho
bnnk. If fho morchnnf cnn cnfuro nnofhor OI from fhIs cusfomor, fho morchnnf couId
cInIm fhnf fhIs OI goos wIfh fho II rnfhor fhnn fho orIgInnI OI. Tho IInkngo rovonfs
fhIs.
IoIow fIguro shows fho uso of n dunI sIgnnfuro fo moof fho roquIromonf of fho
rocodIng nrngrnh. Tho cusfomor fnkos fho hnsh (usIng SHA-l) of fho II nnd fho
hnsh of fho OI. Thoso fwo hnshos nro fhon concnfonnfod nnd fho hnsh of fho rosuIf Is
fnkon. IInnIIy, fho cusfomor oncryfs fho fInnI hnsh wIfh hIs or hor rIvnfo sIgnnfuro
koy, cronfIng fho dunI sIgnnfuro.

Conotruction of Duul Signuture
Tho oornfIon cnn bo summnrIzod ns
DS = 1(PIc, [H(H(P1)((H(O1)])
whoro I!c Is fho cusfomor's rIvnfo sIgnnfuro koy.

ow suoso fhnf fho morchnnf Is In ossossIon of fho dunI sIgnnfuro (S), fho
OI, nnd fho mossngo dIgosf for fho II (IIM). Tho morchnnf nIso hns fho ubIIc koy of
fho cusfomor, fnkon from fho cusfomor's corfIfIcnfo.

Thon fho morchnnf cnn comufo fho qunnfIfIos
H(P1MS((H[O1]), D(PUc, DS)
whoro I!c Is fho cusfomor's ubIIc sIgnnfuro koy.
If fhoso fwo qunnfIfIos nro oqunI, fhon fho morchnnf hns vorIfIod fho sIgnnfuro.
SImIInrIy, If fho bnnk Is In ossossIon of S, II, fho mossngo dIgosf for OI (OIM), nnd
fho cusfomor's ubIIc koy, fhon fho bnnk cnn comufo
H(H[O1]((O1MD), D(PUc, DS)

AgnIn, If fhoso fwo qunnfIfIos nro oqunI, fhon fho bnnk hns vorIfIod fho
sIgnnfuro. In summnry,
V Tho morchnnf hns rocoIvod OI nnd vorIfIod fho sIgnnfuro.
V Tho bnnk hns rocoIvod II nnd vorIfIod fho sIgnnfuro.
V Tho cusfomor hns IInkod fho OI nnd II nnd cnn rovo fho IInkngo.

PAYMNT PROCSSING
Tho foIIowIng frnnsncfIons:
Iurchnso roquosf
Inymonf nufhorIznfIon
Inymonf cnfuro

PuvcLuse Request:
Tho urchnso roquosf oxchnngo consIsfs of four meoougeo: InIfInfo !oquosf,
InIfInfo !osonso, Iurchnso !oquosf, nnd Iurchnso !osonso.
In ordor fo sond SIT mossngos fo fho morchnnf, fho cnrdhoIdor musf hnvo n coy
of fho corfIfIcnfos of fho morchnnf nnd fho nymonf gnfowny. Tho cusfomor roquosfs fho
corfIfIcnfos In fho 1nitiute Requeot meoouge, sonf fo fho morchnnf. ThIs mossngo
IncIudos fho brnnd of fho crodIf cnrd fhnf fho cusfomor Is usIng. Tho mossngo nIso
IncIudos nn I nssIgnod fo fhIs roquosf/rosonso nIr by fho cusfomor nnd n nonco usod
fo onsuro fImoIInoss.
Tho morchnnf gonornfos n rosonso nnd sIgns If wIfh Ifs rIvnfo sIgnnfuro koy.
Tho rosonso IncIudos fho nonco from fho cusfomor, nnofhor nonco for fho cusfomor fo
rofurn In fho noxf mossngo, nnd n frnnsncfIon I for fhIs urchnso frnnsncfIon. In
nddIfIon fo fho sIgnod rosonso, fho 1nitiute Reoponoe meoouge IncIudos fho
morchnnf's sIgnnfuro corfIfIcnfo nnd fho nymonf gnfowny's koy oxchnngo corfIfIcnfo.
Tho cnrdhoIdor vorIfIos fho morchnnf nnd gnfowny corfIfIcnfos by monns of fhoIr
rosocfIvo CA sIgnnfuros nnd fhon cronfos fho OI nnd II. Tho frnnsncfIon I nssIgnod
by fho morchnnf Is Incod In bofh fho OI nnd II. Tho OI doos nof confnIn oxIIcIf ordor
dnfn such ns fho numbor nnd rIco of Ifoms. !nfhor, If confnIns nn ordor roforonco
gonornfod In fho oxchnngo bofwoon morchnnf nnd cusfomor durIng fho shoIng hnso
boforo fho fIrsf SIT mossngo.

oxf, fho cnrdhoIdor ronros fho Iurchnso !oquosf mossngo (IoIow IIguro).
Ior fhIs uroso, fho cnrdhoIdor gonornfos n ono-fImo symmofrIc oncryfIon koy, Ks.

CurJholJer SenJo Purchuoe Requeot
Tho mossngo IncIudos fho foIIowIng:

l. Purchuoe-reluteJ informution.
ThIs InformnfIon wIII bo forwnrdod fo fho nymonf gnfowny by fho
morchnnf nnd consIsfs of
V Tho II
V Tho dunI sIgnnfuro, cnIcuInfod ovor fho II nnd OI, sIgnod wIfh fho
cusfomor's rIvnfo sIgnnfuro koy
V Tho OI mossngo dIgosf (OIM)

Tho OIM Is noodod for fho nymonf gnfowny fo vorIfy fho dunI
sIgnnfuro, ns oxInInod rovIousIy. AII of fhoso Ifoms nro oncryfod wIfh Ks.
Tho fInnI Ifom Is
9 TIe JigiIol entelope. ThIs Is formod by oncryfIng Ks wIfh fho nymonf
gnfowny's ubIIc koy-oxchnngo koy. If Is cnIIod n dIgIfnI onvoIoo bocnuso fhIs
onvoIoo musf bo oonod (docryfod) boforo fho ofhor Ifoms IIsfod rovIousIy cnn
bo rond.
Tho vnIuo of Ks Is nof mndo nvnIInbIo fo fho morchnnf. Thoroforo, fho
morchnnf cnnnof rond nny of fhIs nymonf-roInfod InformnfIon.

2. OrJer-reluteJ informution.
ThIs InformnfIon Is noodod by fho morchnnf nnd consIsfs of
V Tho OI
V Tho II mossngo dIgosf (IIM)
Tho IIM Is noodod for fho morchnnf fo vorIfy fho dunI sIgnnfuro. ofo
fhnf fho OI Is sonf In fho cIonr.

3. CurJholJer certificute.
ThIs confnIns fho cnrdhoIdor's ubIIc sIgnnfuro koy. If Is noodod by fho
morchnnf nnd by fho nymonf gnfowny.
Whon fho morchnnf rocoIvos fho Iurchnso !oquosf mossngo, If orforms fho
foIIowIng ncfIons (IoIow IIguro):
l) VorIfIos fho cnrdhoIdor corfIfIcnfos by monns of Ifs CA sIgnnfuros.
2) VorIfIos fho dunI sIgnnfuro usIng fho cusfomor's ubIIc sIgnnfuro koy. ThIs
onsuros fhnf fho ordor hns nof boon fnmorod wIfh In frnnsIf nnd fhnf If wns
sIgnod usIng fho cnrdhoIdor's rIvnfo sIgnnfuro koy.
3) Irocossos fho ordor nnd forwnrds fho nymonf InformnfIon fo fho nymonf
gnfowny for nufhorIznfIon.
4) Sonds n urchnso rosonso fo fho cnrdhoIdor.

Merchunt Verifieo Cuotomer Purchuoe Requeot
Tho Purchuoe Reoponoe meoouge IncIudos n rosonso bIock fhnf ncknowIodgos

fho ordor nnd roforoncos fho corrosondIng frnnsncfIon numbor. ThIs bIock Is sIgnod by
fho morchnnf usIng Ifs rIvnfo sIgnnfuro koy. Tho bIock nnd Ifs sIgnnfuro nro sonf fo
fho cusfomor, nIong wIfh fho morchnnf's sIgnnfuro corfIfIcnfo.

Puyment AutLovIzutIon:
Tho nymonf nufhorIznfIon onsuros fhnf fho frnnsncfIon wns nrovod by fho
Issuor. Tho nymonf nufhorIznfIon oxchnngo consIsfs of fwo mossngos: AufhorIznfIon
!oquosf nnd AufhorIznfIon rosonso.

Tho morchnnf sonds nn Authorixution Requeot mossngo fo fho nymonf
gnfowny consIsfIng of fho foIIowIng:
l) Purchuoe-reluteJ informution.
ThIs InformnfIon wns obfnInod from fho cusfomor nnd consIsfs of
V Tho II
V Tho OI mossngo dIgosf (OIM)
V Tho dIgIfnI onvoIoo

2) Authorixution-reluteJ informution.
ThIs InformnfIon Is gonornfod by fho morchnnf nnd consIsfs of
V An nufhorIznfIon bIock fhnf IncIudos fho frnnsncfIon I, sIgnod wIfh fho
morchnnf's rIvnfo sIgnnfuro koy nnd oncryfod wIfh n ono-fImo
symmofrIc koy gonornfod by fho morchnnf
V A dIgIfnI onvoIoo. ThIs Is formod by oncryfIng fho ono-fImo koy wIfh fho
nymonf gnfowny's ubIIc koy-oxchnngo koy.

3) Certificuteo.
Tho morchnnf IncIudos fho cnrdhoIdor's sIgnnfuro koy corfIfIcnfo (usod fo
vorIfy fho dunI sIgnnfuro), fho morchnnf's sIgnnfuro koy corfIfIcnfo (usod fo
vorIfy fho morchnnf's sIgnnfuro), nnd fho morchnnf's koy-oxchnngo corfIfIcnfo

(noodod In fho nymonf gnfowny's rosonso).

Tho nymonf gnfowny orforms fho foIIowIng tuoko:
l) VorIfIos nII corfIfIcnfos
2) ocryfs fho dIgIfnI onvoIoo of fho nufhorIznfIon bIock fo obfnIn fho symmofrIc
koy nnd fhon docryfs fho nufhorIznfIon bIock
3) VorIfIos fho morchnnf's sIgnnfuro on fho nufhorIznfIon bIock
4) ocryfs fho dIgIfnI onvoIoo of fho nymonf bIock fo obfnIn fho symmofrIc koy
nnd fhon docryfs fho nymonf bIock
5) VorIfIos fho dunI sIgnnfuro on fho nymonf bIock
6) VorIfIos fhnf fho frnnsncfIon I rocoIvod from fho morchnnf mnfchos fhnf In fho
II rocoIvod (IndIrocfIy) from fho cusfomor
?) !oquosfs nnd rocoIvos nn nufhorIznfIon from fho Issuor

HnvIng obfnInod nufhorIznfIon from fho Issuor, fho nymonf gnfowny rofurns nn
AufhorIznfIon !osonso mossngo fo fho morchnnf. If IncIudos fho foIIowIng elemento:
l) Authorixution-reluteJ informution.
IncIudos nn nufhorIznfIon bIock, sIgnod wIfh fho gnfowny's rIvnfo
sIgnnfuro koy nnd oncryfod wIfh n ono-fImo symmofrIc koy gonornfod by fho
gnfowny. AIso IncIudos n dIgIfnI onvoIoo fhnf confnIns fho ono-fImo koy
oncryfod wIfh fho morchnnfs ubIIc koy-oxchnngo koy.

2) Cupture token informution.
ThIs InformnfIon wIII bo usod fo offocf nymonf Infor. ThIs bIock Is of fho
snmo form ns (l), nnmoIy, n sIgnod, oncryfod cnfuro fokon fogofhor wIfh n
dIgIfnI onvoIoo. ThIs fokon Is nof rocossod by fho morchnnf. !nfhor, If musf bo
rofurnod, ns Is, wIfh n nymonf roquosf.

3) Certificute.
Tho gnfowny's sIgnnfuro koy corfIfIcnfo.
Puyment Cuptuve:
To obfnIn nymonf, fho morchnnf ongngos fho nymonf gnfowny In n nymonf
cnfuro frnnsncfIon, consIsfIng of n cnfuro roquosf nnd n cnfuro rosonso mossngo.

Ior fho Cupture Requeot meoouge, fho morchnnf gonornfos, sIgns, nnd
oncryfs n cnfuro roquosf bIock, whIch IncIudos fho nymonf nmounf nnd fho
frnnsncfIon I. Tho mossngo nIso IncIudos fho oncryfod cnfuro fokon rocoIvod onrIIor
(In fho AufhorIznfIon !osonso) for fhIs frnnsncfIon, ns woII ns fho morchnnf's
sIgnnfuro koy nnd koy-oxchnngo koy corfIfIcnfos.

Whon fho nymonf gnfowny rocoIvos fho cnfuro roquosf mossngo, If docryfs
nnd vorIfIos fho cnfuro roquosf bIock nnd docryfs nnd vorIfIos fho cnfuro fokon
bIock. If fhon chocks for consIsfoncy bofwoon fho cnfuro roquosf nnd cnfuro fokon. If
fhon cronfos n cIonrIng roquosf fhnf Is sonf fo fho Issuor ovor fho rIvnfo nymonf
nofwork. ThIs roquosf cnusos funds fo bo frnnsforrod fo fho morchnnf's nccounf.

Tho gnfowny fhon nofIfIos fho morchnnf of nymonf In n Cupture Reoponoe
meoouge. Tho mossngo IncIudos n cnfuro rosonso bIock fhnf fho gnfowny sIgns nnd
oncryfs. Tho mossngo nIso IncIudos fho gnfowny's sIgnnfuro koy corfIfIcnfo. Tho
morchnnf soffwnro sforos fho cnfuro rosonso fo bo usod for roconcIIInfIon wIfh
nymonf rocoIvod from fho ncquIror.

***N***
UNIT 5 : SYSTM SCURITY NTWORK SCURITY
UNIT V
SYSTM SCURITY

5.1 INTRURS
V UnuuthorixeJ intruoion Info n comufor sysfom or nofwork Is ono of fho
mosf sorIous fhronfs fo comufor socurIfy.
V 1ntruoion Jetection oyotemo hnvo boon dovoIood fo rovIdo onrIy wnrnIng
of nn InfrusIon so fhnf dofonsIvo ncfIon cnn bo fnkon fo rovonf or mInImIzo
dnmngo.
V 1ntruoion Jetection InvoIvos dofocfIng unusunI nfforns of ncfIvIfy or
nfforns of ncfIvIfy fhnf nro known fo corroInfo wIfh InfrusIons.
V Ono Imorfnnf element of intruoion pretention Is nssword mnnngomonf,
wIfh fho gonI of rovonfIng unnufhorIzod usors from hnvIng nccoss fo fho
nsswords of ofhors.

I.1 INTRURS
Ono of fho fwo mosf ubIIcIzod fhronfs fo socurIfy Is fho Infrudor (fho ofhor Is
vIrusos), gonornIIy roforrod fo ns n hnckor or crnckor.

TLvee CIusses oI Intvudevs:
V MuoqueruJer:
An IndIvIdunI who Is nof nufhorIzod fo uso fho comufor nnd who
onofrnfos n sysfom's nccoss confroIs fo oxIoIf n IogIfImnfo usor's nccounf.
V Miofeuoor:
A IogIfImnfo usor who nccossos dnfn, rogrnms, or rosourcos for whIch
such nccoss Is nof nufhorIzod, or who Is nufhorIzod for such nccoss buf mIsusos
hIs or hor rIvIIogos.
V ClunJeotine uoer:
An IndIvIdunI who soIzos suorvIsory confroI of fho sysfom nnd usos fhIs
confroI fo ovndo nudIfIng nnd nccoss confroIs or fo suross nudIf coIIocfIon.
Tho mnsquorndor Is IIkoIy fo bo nn oufsIdor; fho mIsfonsor gonornIIy Is nn

InsIdor; nnd fho cInndosfIno usor cnn bo oIfhor nn oufsIdor or nn InsIdor.
1ntruJer uttucko runge from the benign to the oeriouo. Af fho bonIgn ond of
fho scnIo, fhoro nro mnny ooIo who sImIy wIsh fo oxIoro Infornofs nnd soo whnf Is
ouf fhoro. Af fho sorIous ond nro IndIvIdunIs who nro nffomfIng fo rond rIvIIogod
dnfn, orform unnufhorIzod modIfIcnfIons fo dnfn, or dIsruf fho sysfom.

Two IeveIs oI Luckevs:
Tho hIgh IovoI woro sohIsfIcnfod usors wIfh n fhorough knowIodgo of fho
fochnoIogy; fho Iow IovoI woro fho "foot oolJiero" who moroIy usod fho suIIod
crnckIng rogrnms wIfh IIffIo undorsfnndIng of how fhoy workod. ThIs fonmwork
combInod fho fwo mosf sorIous wonons In fho Infrudor nrmory: sohIsfIcnfod
knowIodgo of how fo Infrudo nnd n wIIIIngnoss fo sond counfIoss hours "turning
Joorknobo" fo robo for wonknossos.

In nddIfIon fo runnIng nssword-crnckIng rogrnms, fho Infrudors nffomfod fo
modIfy IogIn soffwnro fo onnbIo fhom fo cnfuro nsswords of usors IoggIng on fo
sysfoms. ThIs mndo If ossIbIo for fhom fo buIId u nn ImrossIvo coIIocfIon of
comromIsod nsswords, whIch wns mndo nvnIInbIo on fho buIIofIn bonrd sof u on ono
of fho vIcfIm's own mnchInos.

INTRUSION TCHNIQUS
Tho ob]ectite of fho Infrudor Is fo gnIn nccoss fo n sysfom or fo Incronso fho
rnngo of rIvIIogos nccossIbIo on n sysfom. ConornIIy, fhIs roquIros fho Infrudor fo
ncquIro InformnfIon fhnf shouId hnvo boon rofocfod.
In somo cnsos, fhIs InformnfIon Is In fho form of n usor nssword. WIfh
knowIodgo of somo ofhor usor's nssword, nn Infrudor cnn Iog In fo n sysfom nnd
oxorcIso nII fho rIvIIogos nccordod fo fho IogIfImnfo usor.
TyIcnIIy, n sysfom musf mnInfnIn n fIIo fhnf nssocInfos n nssword wIfh onch
nufhorIzod usor. If such n fIIo Is sforod wIfh no rofocfIon, fhon If Is nn onsy mnffor fo
gnIn nccoss fo If nnd Ionrn nsswords.
Tho puoouorJ file cun be protecteJ In ono of fwo wnys:

V One-wuy IunctIon:
Tho sysfom sforos onIy fho vnIuo of n funcfIon bnsod on fho usor's
nssword. Whon fho usor rosonfs n nssword, fho sysfom frnnsforms fhnf
nssword nnd comnros If wIfh fho sforod vnIuo.
In rncfIco, fho sysfom usunIIy orforms n ono-wny frnnsformnfIon (nof
rovorsIbIo) In whIch fho nssword Is usod fo gonornfo n koy for fho ono-wny
funcfIon nnd In whIch n fIxod-Iongfh oufuf Is roducod.
V Access contvoI:
Accoss fo fho nssword fIIo Is IImIfod fo ono or n vory fow nccounfs.

Tho techniqueo for leurning puoouorJo:
l) Try dofnuIf nsswords usod wIfh sfnndnrd nccounfs fhnf nro shIod wIfh fho
sysfom. Mnny ndmInIsfrnfors do nof bofhor fo chnngo fhoso dofnuIfs.
2) IxhnusfIvoIy fry nII shorf nsswords (fhoso of ono fo fhroo chnrncfors).
3) Try words In fho sysfom's onIIno dIcfIonnry or n IIsf of IIkoIy nsswords.
IxnmIos of fho Inffor nro rondIIy nvnIInbIo on hnckor buIIofIn bonrds.
4) CoIIocf InformnfIon nbouf usors, such ns fhoIr fuII nnmos, fho nnmos of fhoIr
souso nnd chIIdron, Icfuros In fhoIr offIco, nnd books In fhoIr offIco fhnf nro
roInfod fo hobbIos.
5) Try usors' hono numbors, SocInI SocurIfy numbors, nnd room numbors.
6) Try nII IogIfImnfo IIconso Info numbors for fhIs sfnfo.
?) !so n Trojnn horso fo bynss rosfrIcfIons on nccoss.
8) Tn fho IIno bofwoon n romofo usor nnd fho hosf sysfom.

Tho firot oir methoJo nro vnrIous wnys of guossIng n nssword. If nn Infrudor
hns fo vorIfy fho guoss by nffomfIng fo Iog In, If Is n fodIous nnd onsIIy counforod
monns of nffnck.
!ndor fhoso cIrcumsfnncos, If Is nof rncfIcnI fo fry moro fhnn n hnndfuI of
nsswords. Howovor, fho Infrudor Is unIIkoIy fo fry such crudo mofhods.
CuossIng nffncks nro fonsIbIo, nnd Indood hIghIy offocfIvo, whon n Inrgo numbor
of guossos cnn bo nffomfod nufomnfIcnIIy nnd onch guoss vorIfIod, wIfhouf fho
guossIng rocoss boIng dofocfnbIo.
Tho oetenth methoJ of nffnck IIsfod onrIIor, fho Trojnn horso, cnn bo
nrfIcuInrIy dIffIcuIf fo counfor. IxnmIo: A Iow-rIvIIogo usor roducod n gnmo
rogrnm nnd InvIfod fho sysfom oornfor fo uso If In hIs or hor snro fImo. Tho rogrnm
dId Indood Iny n gnmo, buf In fho bnckground If nIso confnInod codo fo coy fho
nssword fIIo, whIch wns unoncryfod buf nccoss rofocfod, Info fho usor's fIIo. Iocnuso
fho gnmo wns runnIng undor fho oornfor's hIgh-rIvIIogo modo, If wns nbIo fo gnIn
nccoss fo fho nssword fIIo.
Tho eighth uttuck IIsfod, IIno fnIng, Is n mnffor of hysIcnI socurIfy. If cnn bo
counforod wIfh IInk oncryfIon fochnIquos.
Ofhor InfrusIon fochnIquos do nof roquIro IonrnIng n nssword. Infrudors cnn gof
nccoss fo n sysfom by oxIoIfIng nffncks such ns buffor ovorfIows on n rogrnm fhnf
runs wIfh corfnIn rIvIIogos. IrIvIIogo oscnInfIon cnn bo dono fhIs wny ns woII.

Two PvIncIpuI Countev Meusuves:
Detection Is concornod wIfh IonrnIng of nn nffnck, oIfhor boforo or nffor Ifs succoss.
Pretention Is n chnIIongIng socurIfy gonI nnd nn uhIII bnffIo nf nII fImos.

Tho dIffIcuIfy sfoms from fho fncf fhnf fho dofondor musf nffomf fo fhwnrf nII
ossIbIo nffncks, whorons fho nffnckor Is froo fo fry fo fInd fho wonkosf IInk In fho
dofonso chnIn nnd nffnck nf fhnf oInf.

I.2 INTRUSION TCTION
A umbor of ConsIdornfIons:
V If nn InfrusIon Is dofocfod quIckIy onough, fho Infrudor cnn bo IdonfIfIod nnd
ojocfod from fho sysfom boforo nny dnmngo Is dono or nny dnfn nro comromIsod.
Ivon If fho dofocfIon Is nof suffIcIonfIy fImoIy fo roomf fho Infrudor, fho
soonor fhnf fho InfrusIon Is dofocfod, fho Ioss fho nmounf of dnmngo nnd fho
moro quIckIy fhnf rocovory cnn bo nchIovod.
V An offocfIvo InfrusIon dofocfIon sysfom cnn sorvo ns n doforronf, so ncfIng fo

rovonf InfrusIons.
V InfrusIon dofocfIon onnbIos fho coIIocfIon of InformnfIon nbouf InfrusIon
fochnIquos fhnf cnn bo usod fo sfrongfhon fho InfrusIon rovonfIon fncIIIfy.

InfrusIon dofocfIon Is bnsod on fho nssumfIon fhnf fho bohnvIor of fho Infrudor
dIffors from fhnf of n IogIfImnfo usor In wnys fhnf cnn bo qunnfIfIod.
IoIow IIguro suggosfs, In vory nbsfrncf forms, fho nnfuro of fho fnsk confronfIng
fho dosIgnor of nn InfrusIon dofocfIon sysfom. AIfhough fho fyIcnI bohnvIor of nn
Infrudor dIffors from fho fyIcnI bohnvIor of nn nufhorIzod usor, fhoro Is nn ovorIn In
fhoso bohnvIors.

Profileo of Behutior of 1ntruJero unJ AuthorixeJ Uoero

Thus, n Iooso InforrofnfIon of Infrudor bohnvIor, whIch wIII cnfch moro
Infrudors, wIII nIso Iond fo n numbor of "fuloe pooititeo," or nufhorIzod usors IdonfIfIod
ns Infrudors. On fho ofhor hnnd, nn nffomf fo IImIf fnIso osIfIvos by n fIghf
InforrofnfIon of Infrudor bohnvIor wIII Iond fo nn Incronso In fuloe negutiteo, or
Infrudors nof IdonfIfIod ns Infrudors. Thus, fhoro Is nn oIomonf of comromIso nnd nrf
In fho rncfIco of InfrusIon dofocfIon.
AppvoucLes to IntvusIon detectIon:

StutIstIcuI unomuIy detectIon:
InvoIvos fho coIIocfIon of dnfn roInfIng fo fho bohnvIor of IogIfImnfo usors ovor n
orIod of fImo. Thon sfnfIsfIcnI fosfs nro nIIod fo obsorvod bohnvIor fo doformIno wIfh
n hIgh IovoI of confIdonco whofhor fhnf bohnvIor Is nof IogIfImnfo usor bohnvIor.
ThreoholJ Jetection:
ThIs nronch InvoIvos dofInIng fhroshoIds, Indoondonf of usor, for fho
froquoncy of occurronco of vnrIous ovonfs.
Profile buoeJ:
A rofIIo of fho ncfIvIfy of onch usor Is dovoIood nnd usod fo dofocf chnngos In
fho bohnvIor of IndIvIdunI nccounfs.

RuIe-bused detectIon:
InvoIvos nn nffomf fo dofIno n sof of ruIos fhnf cnn bo usod fo docIdo fhnf n
gIvon bohnvIor Is fhnf of nn Infrudor.
Anomuly Jetection:
!uIos nro dovoIood fo dofocf dovInfIon from rovIous usngo nfforns.
Penetrution iJentificution:
An oxorf sysfom nronch fhnf sonrchos for susIcIous bohnvIor.

In forms of fho fyos of nffnckor, sfnfIsfIcnI nnomnIy dofocfIon Is offocfIvo
ngnInsf mnsquorndors, who nro unIIkoIy fo mImIc fho bohnvIor nfforns of fho nccounfs
fhoy nrorInfo. On fho ofhor hnnd, such fochnIquos mny bo unnbIo fo donI wIfh
mIsfonsors. Ior such nffncks, ruIo-bnsod nronchos mny bo nbIo fo rocognIzo ovonfs
nnd soquoncos fhnf, In confoxf, rovonI onofrnfIon.

AUIT RCORS
A fundnmonfnI fooI for InfrusIon dofocfIon Is fho nudIf rocord. InsIcnIIy, tuo
pluno nro usod:
V NutIve uudIt vecovds: VIrfunIIy nII muIfIusor oornfIng sysfoms IncIudo
nccounfIng soffwnro fhnf coIIocfs InformnfIon on usor ncfIvIfy.
Tho uJtuntuge of usIng fhIs InformnfIon Is fhnf no nddIfIonnI coIIocfIon

soffwnro Is noodod.
Tho JiouJtuntuge Is fhnf fho nnfIvo nudIf rocords mny nof confnIn fho
noodod InformnfIon or mny nof confnIn If In n convonIonf form.

V etectIon-specIIIc uudIt vecovds: A coIIocfIon fncIIIfy cnn bo ImIomonfod
fhnf gonornfos nudIf rocords confnInIng onIy fhnf InformnfIon roquIrod by fho
InfrusIon dofocfIon sysfom.
Ono uJtuntuge of such nn nronch Is fhnf If couId bo mndo vondor
Indoondonf nnd orfod fo n vnrIofy of sysfoms.
Tho JiouJtuntuge Is fho oxfrn ovorhond InvoIvod In hnvIng, In offocf, fwo
nccounfIng nckngos runnIng on n mnchIno.

Inch nudIf rocord confnIns fho foIIowIng fIoIds:
V Sub]ect: InIfInfors of ncfIons.
A subjocf Is fyIcnIIy n formInnI usor buf mIghf nIso bo n rocoss ncfIng
on bohnIf of usors or grous of usors.
AII ncfIvIfy nrIsos fhrough commnnds Issuod by subjocfs. Subjocfs mny bo
grouod Info dIfforonf nccoss cInssos, nnd fhoso cInssos mny ovorIn.
V Action: OornfIon orformod by fho subjocf on or wIfh nn objocf; for oxnmIo,
IogIn, rond, orform I/O, oxocufo.
V Ob]ect: !ocofors of ncfIons.
IxnmIos IncIudo fIIos, rogrnms, mossngos, rocords, formInnIs, rInfors,
nnd usor- or rogrnm-cronfod sfrucfuros.
Whon n subjocf Is fho rocIIonf of nn ncfIon, such ns oIocfronIc mnII, fhon
fhnf subjocf Is consIdorod nn objocf. Objocfs mny bo grouod by fyo. Objocf
grnnuInrIfy mny vnry by objocf fyo nnd by onvIronmonf.
Ior oxnmIo, dnfnbnso ncfIons mny bo nudIfod for fho dnfnbnso ns n whoIo
or nf fho rocord IovoI.
V Erception-ConJition:
onofos whIch, If nny, oxcofIon condIfIon Is rnIsod on rofurn.
V Reoource-Uouge: A IIsf of qunnfIfnfIvo oIomonfs In whIch onch oIomonf gIvos

fho nmounf usod of somo rosourco (o.g., numbor of IInos rInfod or dIsInyod,
numbor of rocords rond or wrIffon, rocossor fImo, I/O unIfs usod, sossIon
oInsod fImo).
V Time-Stump:
!nIquo fImo-nnd-dnfo sfnm IdonfIfyIng whon fho ncfIon fook Inco.

Mosf usor oornfIons nro mndo u of n numbor of oIomonfnry ncfIons. Tho
docomosIfIon of n usor oornfIon Info oIomonfnry ncfIons hns three uJtuntugeo:
l) Iocnuso objocfs nro fho rofocfnbIo onfIfIos In n sysfom, fho uso of oIomonfnry
ncfIons onnbIos nn nudIf of nII bohnvIor nffocfIng nn objocf.
Thus, fho sysfom cnn dofocf nffomfod subvorsIons of nccoss confroIs (by
nofIng nn nbnormnIIfy In fho numbor of oxcofIon condIfIons rofurnod) nnd cnn
dofocf succossfuI subvorsIons by nofIng nn nbnormnIIfy In fho sof of objocfs
nccossIbIo fo fho subjocf.
2) SIngIo-objocf, sIngIo-ncfIon nudIf rocords sImIIfy fho modoI nnd fho
ImIomonfnfIon.
3) Iocnuso of fho sImIo, unIform sfrucfuro of fho dofocfIon-socIfIc nudIf rocords,
If mny bo roInfIvoIy onsy fo obfnIn fhIs InformnfIon or nf Ionsf nrf of If by n
sfrnIghfforwnrd mnIng from oxIsfIng nnfIvo nudIf rocords fo fho dofocfIon-
socIfIc nudIf rocords.

STATISTICAI ANOMAIY TCTION
SfnfIsfIcnI nnomnIy dofocfIon fochnIquos fnII Info fwo brond cnfogorIos: fhroshoId
dofocfIon nnd rofIIo-bnsod sysfoms.
ThreoholJ Jetection InvoIvos counfIng fho numbor of occurroncos of n socIfIc
ovonf fyo ovor nn InforvnI of fImo.
ThreoholJ unulyoio Is n crudo nnd InoffocfIvo dofocfor of ovon modornfoIy
sohIsfIcnfod nffncks. Iofh fho fhroshoId nnd fho fImo InforvnI musf bo doformInod.
Iocnuso of fho vnrInbIIIfy ncross usors, such fhroshoIds nro IIkoIy fo gonornfo oIfhor n
Iof of fnIso osIfIvos or n Iof of fnIso nognfIvos.
Profile-buoeJ unomuly Jetection focusos on chnrncforIzIng fho nsf bohnvIor

of IndIvIdunI usors or roInfod grous of usors nnd fhon dofocfIng sIgnIfIcnnf dovInfIons.
A rofIIo mny consIsf of n sof of nrnmofors, so fhnf dovInfIon on jusf n sIngIo
nrnmofor mny nof bo suffIcIonf In IfsoIf fo sIgnnI nn nIorf.
Tho foundnfIon of fhIs nronch Is nn unulyoio of uuJit recorJo. Tho nudIf
rocords rovIdo Inuf fo fho InfrusIon dofocfIon funcfIon In tuo uuyo.
l) Tho dosIgnor musf docIdo on n numbor of qunnfIfnfIvo mofrIcs fhnf cnn bo
usod fo monsuro usor bohnvIor. An nnnIysIs of nudIf rocords ovor n orIod of
fImo cnn bo usod fo doformIno fho ncfIvIfy rofIIo of fho nvorngo usor. Thus,
fho nudIf rocords sorvo fo dofIno fyIcnI bohnvIor.
2) Curronf nudIf rocords nro fho Inuf usod fo dofocf InfrusIon. Thnf Is, fho
InfrusIon dofocfIon modoI nnnIyzos IncomIng nudIf rocords fo doformIno
dovInfIon from nvorngo bohnvIor.

Erumpleo of metrico thut ure uoeful for profile-buoeJ intruoion Jetection nro fho
foIIowIng:
V Countev:
A nonnognfIvo Infogor fhnf mny bo Incromonfod buf nof docromonfod
unfII If Is rosof by mnnngomonf ncfIon. TyIcnIIy, n counf of corfnIn ovonf fyos
Is kof ovor n nrfIcuInr orIod of fImo.
IxnmIos IncIudo fho numbor of IogIns by n sIngIo usor durIng nn hour,
fho numbor of fImos n gIvon commnnd Is oxocufod durIng n sIngIo usor sossIon,
nnd fho numbor of nssword fnIIuros durIng n mInufo.
V Guuge:
A nonnognfIvo Infogor fhnf mny bo Incromonfod or docromonfod.
TyIcnIIy, n gnugo Is usod fo monsuro fho curronf vnIuo of somo onfIfy.
IxnmIos IncIudo fho numbor of IogIcnI connocfIons nssIgnod fo n usor
nIIcnfIon nnd fho numbor of oufgoIng mossngos quouod for n usor rocoss.
V IntevvuI tImev:
Tho Iongfh of fImo bofwoon fwo roInfod ovonfs. An oxnmIo Is fho Iongfh
of fImo bofwoon succossIvo IogIns fo nn nccounf.
V Resouvce utIIIzutIon:
QunnfIfy of rosourcos consumod durIng n socIfIod orIod. IxnmIos
IncIudo fho numbor of ngos rInfod durIng n usor sossIon nnd fofnI fImo
consumod by n rogrnm oxocufIon.

CIvon fhoso gonornI mofrIcs, vnrIous fosfs cnn bo orformod fo doformIno
whofhor curronf ncfIvIfy fIfs wIfhIn nccofnbIo IImIfs. Tho foIIowIng nronchos fhnf
mny bo fnkon:
Monn nnd sfnndnrd dovInfIon
MuIfIvnrInfo
Mnrkov rocoss
TImo sorIos
OornfIonnI
Tho sImIosf sfnfIsfIcnI fosf Is fo monsuro fho meun unJ otunJurJ Jetiution
of n nrnmofor ovor somo hIsforIcnI orIod. ThIs gIvos n rofIocfIon of fho nvorngo
bohnvIor nnd Ifs vnrInbIIIfy. Tho uso of monn nnd sfnndnrd dovInfIon Is nIIcnbIo fo n
wIdo vnrIofy of counfors, fImors, nnd rosourco monsuros. Iuf fhoso monsuros, by
fhomsoIvos, nro fyIcnIIy foo crudo for InfrusIon dofocfIon urosos.

A multituriute moJel Is bnsod on corroInfIons bofwoon fwo or moro vnrInbIos.
Infrudor bohnvIor mny bo chnrncforIzod wIfh gronfor confIdonco by consIdorIng such
corroInfIons (for oxnmIo, rocossor fImo nnd rosourco usngo, or IogIn froquoncy nnd
sossIon oInsod fImo).

A Murkot proceoo moJel Is usod fo osfnbIIsh frnnsIfIon robnbIIIfIos nmong
vnrIous sfnfos. As nn oxnmIo, fhIs modoI mIghf bo usod fo Iook nf frnnsIfIons bofwoon
corfnIn commnnds.

A time oerieo moJel focusos on fImo InforvnIs, IookIng for soquoncos of ovonfs
fhnf hnon foo rnIdIy or foo sIowIy. A vnrIofy of sfnfIsfIcnI fosfs cnn bo nIIod fo
chnrncforIzo nbnormnI fImIng.
IInnIIy, nn operutionul moJel Is bnsod on n judgmonf of whnf Is consIdorod

nbnormnI, rnfhor fhnn nn nufomnfod nnnIysIs of nsf nudIf rocords.
TyIcnIIy, fIxod IImIfs nro dofInod nnd InfrusIon Is susocfod for nn obsorvnfIon
fhnf Is oufsIdo fho IImIfs. ThIs fyo of nronch works bosf whoro Infrudor bohnvIor cnn
bo doducod from corfnIn fyos of ncfIvIfIos. Ior oxnmIo, n Inrgo numbor of IogIn
nffomfs ovor n shorf orIod suggosfs nn nffomfod InfrusIon.

MASURS THAT MAY B US IOR INTRUSION TCTION
Meusuve ModeI Type oI IntvusIon etected
Login unJ Seooion Actitity
!ogIn froquoncy by
dny nnd fImo
Monn nnd
sfnndnrd
dovInfIon
Infrudors mny bo IIkoIy fo Iog In durIng off-hours.
Iroquoncy of IogIn
nf dIfforonf IocnfIons
Monn nnd
sfnndnrd
dovInfIon
Infrudors mny Iog In from n IocnfIon fhnf n
nrfIcuInr usor rnroIy or novor usos.
TImo sInco Insf IogIn OornfIonnI Ironk-In on n "dond" nccounf.
IInsod fImo or
sossIon
Monn nnd
sfnndnrd
dovInfIon
SIgnIfIcnnf dovInfIons mIghf IndIcnfo mnsquorndor.
QunnfIfy of oufuf
fo IocnfIon
Monn nnd
sfnndnrd
dovInfIon
IxcossIvo nmounfs of dnfn frnnsmIffod fo romofo
IocnfIons couId sIgnIfy Ionkngo of sonsIfIvo dnfn.
SossIon rosourco
ufIIIznfIon
Monn nnd
sfnndnrd
dovInfIon
!nusunI rocossor or I/O IovoIs couId sIgnnI nn
Infrudor.
Inssword fnIIuros nf
IogIn
OornfIonnI Affomfod bronk-In by nssword guossIng.
InIIuros fo IogIn
from socIfIod
formInnIs
OornfIonnI Affomfod bronk-In.
CommunJ or Progrum Erecution Actitity

IxocufIon froquoncy
Monn nnd
sfnndnrd
dovInfIon
Mny dofocf Infrudors, who nro IIkoIy fo uso dIfforonf
commnnds, or n succossfuI onofrnfIon by n
IogIfImnfo usor, who hns gnInod nccoss fo rIvIIogod
commnnds.
Irogrnm rosourco
ufIIIznfIon
Monn nnd
sfnndnrd
dovInfIon
An nbnormnI vnIuo mIghf suggosf InjocfIon of n
vIrus or Trojnn horso, whIch orforms sIdo-offocfs
fhnf Incronso I/O or rocossor ufIIIznfIon.
IxocufIon donInIs
OornfIonnI
modoI
Mny dofocf onofrnfIon nffomf by IndIvIdunI usor
who sooks hIghor rIvIIogos.
File Acceoo Actitity
!ond, wrIfo, cronfo,
doIofo froquoncy
Monn nnd
sfnndnrd
dovInfIon
AbnormnIIfIos for rond nnd wrIfo nccoss for
IndIvIdunI usors mny sIgnIfy mnsquorndIng or
browsIng.
!ocords rond,
wrIffon
Monn nnd
sfnndnrd
dovInfIon
AbnormnIIfy couId sIgnIfy nn nffomf fo obfnIn
sonsIfIvo dnfn by Inforonco nnd nggrognfIon.
InIIuro counf for
rond, wrIfo, cronfo,
doIofo
OornfIonnI
Mny dofocf usors who orsIsfonfIy nffomf fo nccoss
unnufhorIzod fIIos.

Tho mnIn uJtuntuge of fho uso of sfnfIsfIcnI rofIIos Is fhnf n rIor knowIodgo of
socurIfy fInws Is nof roquIrod. Tho dofocfor rogrnm Ionrns whnf Is "normnI" bohnvIor
nnd fhon Iooks for dovInfIons. Tho nronch Is nof bnsod on sysfom-doondonf
chnrncforIsfIcs nnd vuInornbIIIfIos. Thus, If shouId bo rondIIy orfnbIo nmong n vnrIofy
of sysfoms.

RUI-BAS INTRUSION TCTION
!uIo-bnsod fochnIquos dofocf InfrusIon by obsorvIng ovonfs In fho sysfom nnd
nIyIng n sof of ruIos fhnf Iond fo n docIsIon rognrdIng whofhor n gIvon nfforn of
ncfIvIfy Is or Is nof susIcIous.

Rule-buoeJ unomuly Jetection Is sImIInr In forms of Ifs nronch nnd

sfrongfhs fo sfnfIsfIcnI nnomnIy dofocfIon. WIfh fho ruIo-bnsod nronch, hIsforIcnI
nudIf rocords nro nnnIyzod fo IdonfIfy usngo nfforns nnd fo gonornfo nufomnfIcnIIy
ruIos fhnf doscrIbo fhoso nfforns.
!uIos mny rorosonf nsf bohnvIor nfforns of usors, rogrnms, rIvIIogos, fImo
sIofs, formInnIs, nnd so on. Curronf bohnvIor Is fhon obsorvod, nnd onch frnnsncfIon Is
mnfchod ngnInsf fho sof of ruIos fo doformIno If If conforms fo nny hIsforIcnIIy obsorvod
nfforn of bohnvIor.
As wIfh sfnfIsfIcnI nnomnIy dofocfIon, ruIo-bnsod nnomnIy dofocfIon doos nof
roquIro knowIodgo of socurIfy vuInornbIIIfIos wIfhIn fho sysfom. !nfhor, fho schomo Is
bnsod on obsorvIng nsf bohnvIor nnd, In offocf, nssumIng fhnf fho fufuro wIII bo IIko
fho nsf.

Rule-buoeJ penetrution iJentificution fnkos n vory dIfforonf nronch fo
InfrusIon dofocfIon, ono bnsod on oxorf sysfom fochnoIogy. Tho koy fonfuro of such
sysfoms Is fho uso of ruIos for IdonfIfyIng known onofrnfIons or onofrnfIons fhnf
wouId oxIoIf known wonknossos.
!uIos cnn nIso bo dofInod fhnf IdonfIfy susIcIous bohnvIor, ovon whon fho
bohnvIor Is wIfhIn fho bounds of osfnbIIshod nfforns of usngo. TyIcnIIy, fho ruIos usod
In fhoso sysfoms nro socIfIc fo fho mnchIno nnd oornfIng sysfom.
AIso, such ruIos nro gonornfod by "oxorfs" rnfhor fhnn by monns of nn
nufomnfod nnnIysIs of nudIf rocords. Thus, fho sfrongfh of fho nronch doonds on fho
skIII of fhoso InvoIvod In soffIng u fho ruIos.

A oimple erumple of fho fyo of ruIos fhnf cnn bo usod Is found In IX, nn
onrIy sysfom fhnf usod hourIsfIc ruIos fhnf cnn bo usod fo nssIgn dogroos of susIcIon fo
ncfIvIfIos.
IxnmIo hourIsfIcs nro fho foIIowIng:
l) !sors shouId nof rond fIIos In ofhor usors' orsonnI dIrocforIos.
2) !sors musf nof wrIfo ofhor usors' fIIos.
3) !sors who Iog In nffor hours offon nccoss fho snmo fIIos fhoy usod onrIIor.
4) !sors do nof gonornIIy oon dIsk dovIcos dIrocfIy buf roIy on hIghor-IovoI
oornfIng sysfom ufIIIfIos.
5) !sors shouId nof bo Ioggod In moro fhnn onco fo fho snmo sysfom.
6) !sors do nof mnko coIos of sysfom rogrnms.

Tho penetrution iJentificution ocheme usod In IIS Is rorosonfnfIvo of fho
sfrnfogy foIIowod. AudIf rocords nro oxnmInod ns fhoy nro gonornfod, nnd fhoy nro
mnfchod ngnInsf fho ruIo bnso. If n mnfch Is found, fhon fho usor's susIcIon rnfIng Is
Incronsod. If onough ruIos nro mnfchod, fhon fho rnfIng wIII nss n fhroshoId fhnf
rosuIfs In fho roorfIng of nn nnomnIy.

Tho 1DES upprouch Is bnsod on nn oxnmInnfIon of nudIf rocords. A wonknoss of
fhIs Inn Is Ifs Inck of fIoxIbIIIfy. Ior n gIvon onofrnfIon sconnrIo, fhoro mny bo n
numbor of nIfornnfIvo nudIf rocord soquoncos fhnf couId bo roducod, onch vnryIng from
fho ofhors sIIghfIy or In subfIo wnys. If mny bo dIffIcuIf fo In down nII fhoso vnrInfIons
In oxIIcIf ruIos.

Anofhor mofhod Is fo dovoIo n hIghor-IovoI modoI Indoondonf of opecific
uuJit recorJo. An oxnmIo of fhIs Is n sfnfo frnnsIfIon modoI known ns !STAT.
!STAT donIs In gonornI ncfIons rnfhor fhnn fho dofnIIod socIfIc ncfIons rocordod by
fho !IX nudIfIng mochnnIsm. !STAT Is ImIomonfod on n SunOS sysfom fhnf
rovIdos nudIf rocords on 239 ovonfs.

USTAT Actiono terouo SunOS Etent Typeo
USTAT
ActIon
SunOS vent Type
!ond oon_r, oon_rc, oon_rfc, oon_rwc, oon_rwfc, oon_rf,
oon_rw, oon_rwf
WrIfo fruncnfo, ffruncnfo, cronf, oon_rfc, oon_rwc, oon_rwfc,
oon_rf, oon_rw, oon_rwf, oon_w, oon_wf, oon_wc,
oon_wcf
Cronfo mkdIr, cronf, oon_rc, oon_rfc, oon_rwc, oon_rwfc,

oon_wc, oon_wfc, mknod
oIofo rmdIr, unIInk
Ixocufo oxoc, oxocvo
IxIf oxIf
ModIfy_Ownor chown, fchown
ModIfy_Iorm chmod, fchmod
!onnmo ronnmo
HnrdIInk IInk

TH BAS-RAT IAIIACY
An InfrusIon dofocfIon sysfom shouId dofocf n subsfnnfInI orconfngo of
InfrusIons whIIo kooIng fho fnIso nInrm rnfo nf nn nccofnbIo IovoI. If onIy n modosf
orconfngo of ncfunI InfrusIons nro dofocfod, fho sysfom rovIdos n fnIso sonso of
socurIfy.
On fho ofhor hnnd, If fho sysfom froquonfIy frIggors nn nIorf whon fhoro Is no
InfrusIon (n fnIso nInrm), fhon oIfhor sysfom mnnngors wIII bogIn fo Ignoro fho nInrms,
or much fImo wIII bo wnsfod nnnIyzIng fho fnIso nInrms.

!nforfunnfoIy, bocnuso of fho nnfuro of fho robnbIIIfIos InvoIvod, If Is vory
dIffIcuIf fo moof fho sfnndnrd of hIgh rnfo of dofocfIons wIfh n Iow rnfo of fnIso nInrms.

In gonornI, If fho ncfunI numbors of InfrusIons Is Iow comnrod fo fho numbor of
IogIfImnfo usos of n sysfom, fhon fho fnIso nInrm rnfo wIII bo hIgh unIoss fho fosf Is
oxfromoIy dIscrImInnfIng. A sfudy of oxIsfIng InfrusIon dofocfIon sysfoms, IndIcnfod
fhnf curronf sysfoms hnvo nof ovorcomo fho robIom of fho bnso-rnfo fnIIncy.

ISTRIBUT INTRUSION TCTION
Work on InfrusIon dofocfIon sysfoms focusod on sIngIo-sysfom sfnnd-nIono
fncIIIfIos. Tho fyIcnI orgnnIznfIon, howovor, noods fo dofond n dIsfrIbufod coIIocfIon of
hosfs suorfod by n !A or Infornofwork.
AIfhough If Is ossIbIo fo mounf n dofonso by usIng sfnnd-nIono InfrusIon

dofocfIon sysfoms on onch hosf, n moro offocfIvo dofonso cnn bo nchIovod by
coordInnfIon nnd cooornfIon nmong InfrusIon dofocfIon sysfoms ncross fho nofwork.

Iorrns oInfs ouf fho foIIowIng mu]or iooueo in the Jeoign of u JiotributeJ
intruoion Jetection oyotem:
V A dIsfrIbufod InfrusIon dofocfIon sysfom mny nood fo donI wIfh dIfforonf nudIf
rocord formnfs. In n hoforogonoous onvIronmonf, dIfforonf sysfoms wIII omIoy
dIfforonf nnfIvo nudIf coIIocfIon sysfoms nnd, If usIng InfrusIon dofocfIon, mny
omIoy dIfforonf formnfs for socurIfy-roInfod nudIf rocords.
V Ono or moro nodos In fho nofwork wIII sorvo ns coIIocfIon nnd nnnIysIs oInfs for
fho dnfn from fho sysfoms on fho nofwork. Thus, oIfhor rnw nudIf dnfn or
summnry dnfn musf bo frnnsmIffod ncross fho nofwork.
Thoroforo, fhoro Is n roquIromonf fo nssuro fho InfogrIfy nnd
confIdonfInIIfy of fhoso dnfn. InfogrIfy Is roquIrod fo rovonf nn Infrudor from
mnskIng hIs or hor ncfIvIfIos by nIforIng fho frnnsmIffod nudIf InformnfIon.
ConfIdonfInIIfy Is roquIrod bocnuso fho frnnsmIffod nudIf InformnfIon
couId bo vnIunbIo.
V IIfhor n confrnIIzod or doconfrnIIzod nrchIfocfuro cnn bo usod. WIfh n
confrnIIzod nrchIfocfuro, fhoro Is n sIngIo confrnI oInf of coIIocfIon nnd nnnIysIs
of nII nudIf dnfn.
ThIs onsos fho fnsk of corroInfIng IncomIng roorfs buf cronfos n ofonfInI
boffIonock nnd sIngIo oInf of fnIIuro. WIfh n doconfrnIIzod nrchIfocfuro, fhoro
nro moro fhnn ono nnnIysIs confors, buf fhoso musf coordInnfo fhoIr ncfIvIfIos
nnd oxchnngo InformnfIon.

Tho ovornII nrchIfocfuro, whIch consIsfs of fhroo mnIn comononfs:
Hoot ugent moJule:
An nudIf coIIocfIon moduIo oornfIng ns n bnckground rocoss on n monIforod
sysfom. Ifs uroso Is fo coIIocf dnfn on socurIfy-roInfod ovonfs on fho hosf nnd
frnnsmIf fhoso fo fho confrnI mnnngor.
LA monitor ugent moJule:

Oornfos In fho snmo fnshIon ns n hosf ngonf moduIo oxcof fhnf If nnnIyzos
!A frnffIc nnd roorfs fho rosuIfs fo fho confrnI mnnngor.
Centrul munuger moJule:
!ocoIvos roorfs from !A monIfor nnd hosf ngonfs nnd rocossos nnd corroInfos
fhoso roorfs fo dofocf InfrusIon.

Architecture for DiotributeJ 1ntruoion Detection

Tho schomo Is dosIgnod fo bo Indoondonf of nny oornfIng sysfom or sysfom
nudIfIng ImIomonfnfIon.
IoIow IIguro shows fho gonornI nronch fhnf Is fnkon.
Tho ugent cnfuros onch nudIf rocord roducod by fho nnfIvo nudIf coIIocfIon
sysfom.
A filter Is nIIod fhnf rofnIns onIy fhoso rocords fhnf nro of socurIfy Inforosf.
Thoso rocords nro fhon roformnffod Info n sfnndnrdIzod formnf roforrod fo ns fho
hoot uuJit recorJ (HAR).
oxf, n templute-Jriten logic moJule nnnIyzos fho rocords for susIcIous

ncfIvIfy.
Af fho loueot letel, fho ngonf scnns for nofnbIo ovonfs fhnf nro of Inforosf
Indoondonf of nny nsf ovonfs.
Af fho nert higher letel, fho ngonf Iooks for soquoncos of ovonfs, such ns known
nffnck nfforns (sIgnnfuros).
IInnIIy, fho ugent looko for unomulouo behutior of nn IndIvIdunI usor bnsod
on n hIsforIcnI rofIIo of fhnf usor, such ns numbor of rogrnms oxocufod,
numbor of fIIos nccossod, nnd fho IIko.

Agent Architecture
Whon susIcIous ncfIvIfy Is dofocfod, nn nIorf Is sonf fo fho confrnI mnnngor. Tho
confrnI mnnngor IncIudos nn oxorf sysfom fhnf cnn drnw Inforoncos from rocoIvod
dnfn. Tho mnnngor mny nIso quory IndIvIdunI sysfoms for coIos of HA!s fo corroInfo
wIfh fhoso from ofhor ngonfs.
Tho !A monIfor ngonf nIso suIIos InformnfIon fo fho confrnI mnnngor. Tho
!A monIfor ngonf nudIfs hosf-hosf connocfIons, sorvIcos usod, nnd voIumo of frnffIc. If
sonrchos for sIgnIfIcnnf ovonfs, such ns suddon chnngos In nofwork Iond, fho uso of
socurIfy-roInfod sorvIcos, nnd nofwork ncfIvIfIos such ns UORJLQ.

HONYPOTS
A roInfIvoIy roconf InnovnfIon In InfrusIon dofocfIon fochnoIogy Is fho honoyof.
Honoyofs nro docoy sysfoms fhnf nro dosIgnod fo Iuro n ofonfInI nffnckor nwny from
crIfIcnI sysfoms.

Honoyofs nro dosIgnod fo
V dIvorf nn nffnckor from nccossIng crIfIcnI sysfoms
V coIIocf InformnfIon nbouf fho nffnckor's ncfIvIfy
V oncourngo fho nffnckor fo sfny on fho sysfom Iong onough for ndmInIsfrnfors fo
rosond

Thoso sysfoms nro fIIIod wIfh fnbrIcnfod InformnfIon dosIgnod fo nonr vnIunbIo
buf fhnf n IogIfImnfo usor of fho sysfom wouIdn'f nccoss. Thus, nny nccoss fo fho
honoyof Is susocf.

Tho sysfom Is Insfrumonfod wIfh sonsIfIvo monIfors nnd ovonf Ioggors fhnf
dofocf fhoso nccossos nnd coIIocf InformnfIon nbouf fho nffnckor's ncfIvIfIos. Iocnuso
nny nffnck ngnInsf fho honoyof Is mndo fo soom succossfuI, ndmInIsfrnfors hnvo fImo
fo mobIIIzo nnd Iog nnd frnck fho nffnckor wIfhouf ovor oxosIng roducfIvo sysfoms.

InIfInI offorfs InvoIvod n sIngIo honoyof comufor wIfh II nddrossos dosIgnod fo
nffrncf hnckors. Moro roconf rosonrch hns focusod on buIIdIng onfIro honoyof nofworks
fhnf omuInfo nn onforrIso, ossIbIy wIfh ncfunI or sImuInfod frnffIc nnd dnfn. Onco
hnckors nro wIfhIn fho nofwork, ndmInIsfrnfors cnn obsorvo fhoIr bohnvIor In dofnII nnd
fIguro ouf dofonsos.

INTRUSION TCTION XCHANG IORMAT
To fncIIIfnfo fho dovoIomonf of dIsfrIbufod InfrusIon dofocfIon sysfoms fhnf cnn
funcfIon ncross n wIdo rnngo of Infforms nnd onvIronmonfs, sfnndnrds nro noodod fo
suorf InforoornbIIIfy. Such sfnndnrds nro fho focus of fho IITI InfrusIon ofocfIon
WorkIng Crou.
Tho uroso of fho workIng grou Is fo dofIno dnfn formnfs nnd oxchnngo
rocoduros for shnrIng InformnfIon of Inforosf fo InfrusIon dofocfIon nnd rosonso
sysfoms nnd fo mnnngomonf sysfoms fhnf mny nood fo Inforncf wIfh fhom.

Tho oufufs of fhIs workIng grou IncIudo fho foIIowIng:
l) A requiremento Jocument, whIch doscrIbos fho hIgh-IovoI funcfIonnI
roquIromonfs for communIcnfIon bofwoon InfrusIon dofocfIon sysfoms nnd
roquIromonfs for communIcnfIon bofwoon InfrusIon dofocfIon sysfoms nnd wIfh
mnnngomonf sysfoms, IncIudIng fho rnfIonnIo for fhoso roquIromonfs. SconnrIos
wIII bo usod fo IIIusfrnfo fho roquIromonfs.
2) A common intruoion lunguuge opecificution, whIch doscrIbos dnfn formnfs
fhnf snfIsfy fho roquIromonfs.
3) A frumeuork Jocument, whIch IdonfIfIos oxIsfIng rofocoIs bosf usod for
communIcnfIon bofwoon InfrusIon dofocfIon sysfoms, nnd doscrIbos how fho
dovIsod dnfn formnfs roInfo fo fhom.

I.3 PASSWOR MANAGMNT
PASSWOR PROTCTION
Tho fronf IIno of dofonso ngnInsf Infrudors Is fho nssword sysfom. VIrfunIIy nII
muIfIusor sysfoms roquIro fhnf n usor rovIdo nof onIy n nnmo or IdonfIfIor (I) buf
nIso n nssword. Tho nssword sorvos fo nufhonfIcnfo fho I of fho IndIvIdunI IoggIng
on fo fho sysfom.
In furn, fho I rovIdos socurIfy In fho foIIowIng wnys:

V Tho I doformInos whofhor fho usor Is nufhorIzod fo gnIn nccoss fo n sysfom.
In somo sysfoms, onIy fhoso who nIrondy hnvo nn I fIIod on fho sysfom
nro nIIowod fo gnIn nccoss.
V Tho I doformInos fho rIvIIogos nccordod fo fho usor.
A fow usors mny hnvo suorvIsory or "suorusor" sfnfus fhnf onnbIos
fhom fo rond fIIos nnd orform funcfIons fhnf nro osocInIIy rofocfod by fho
oornfIng sysfom.
Somo sysfoms hnvo guosf or nnonymous nccounfs, nnd usors of fhoso
nccounfs hnvo moro IImIfod rIvIIogos fhnn ofhors.
V Tho I Is usod In whnf Is roforrod fo ns dIscrofIonnry nccoss confroI.
Ior oxnmIo, by IIsfIng fho Is of fho ofhor usors, n usor mny grnnf
ormIssIon fo fhom fo rond fIIos ownod by fhnf usor.

TLe VuInevubIIIty oI Pusswovds:
To undorsfnnd fho nnfuro of fho fhronf fo nssword-bnsod sysfoms, Iof us
consIdor n schomo fhnf Is wIdoIy usod on !IX, In whIch nsswords nro novor sforod In
fho cIonr.

!nfhor, fho foIIowIng rocoduro Is omIoyod (IoIow IIguro).
V Inch usor soIocfs n nssword of u fo oIghf rInfnbIo chnrncfors In Iongfh.
V ThIs Is convorfod Info n 56-bIf vnIuo (usIng ?-bIf ASCII) fhnf sorvos ns fho koy
Inuf fo nn oncryfIon roufIno.
V Tho oncryfIon roufIno, known ns cryf(3), Is bnsod on IS.
V Tho IS nIgorIfhm Is modIfIod usIng n l2-bIf "snIf" vnIuo.
V TyIcnIIy, fhIs vnIuo Is roInfod fo fho fImo nf whIch fho nssword Is nssIgnod fo
fho usor.
V Tho modIfIod IS nIgorIfhm Is oxorcIsod wIfh n dnfn Inuf consIsfIng of n 64-bIf
bIock of zoros.
V Tho oufuf of fho nIgorIfhm fhon sorvos ns Inuf for n socond oncryfIon.
V ThIs rocoss Is roonfod for n fofnI of 25 oncryfIons.
V Tho rosuIfIng 64-bIf oufuf Is fhon frnnsInfod Info nn ll-chnrncfor soquonco.

V Tho hnshod nssword Is fhon sforod, fogofhor wIfh n InInfoxf coy of fho snIf, In
fho nssword fIIo for fho corrosondIng usor I.
V ThIs mofhod hns boon shown fo bo socuro ngnInsf n vnrIofy of cryfnnnIyfIc
nffncks.

U1X PuoouorJ Scheme
Tho snIf sorvos fhroo urosos:

If rovonfs duIIcnfo nsswords from boIng vIsIbIo In fho nssword fIIo. Ivon If
fwo usors chooso fho snmo nssword, fhoso nsswords wIII bo nssIgnod nf
dIfforonf fImos. Honco, fho "oxfondod" nsswords of fho fwo usors wIII dIffor.
If offocfIvoIy Incronsos fho Iongfh of fho nssword wIfhouf roquIrIng fho usor fo
romombor fwo nddIfIonnI chnrncfors. Honco, fho numbor of ossIbIo nsswords Is
Incronsod by n fncfor of 4096, IncronsIng fho dIffIcuIfy of guossIng n nssword.
If rovonfs fho uso of n hnrdwnro ImIomonfnfIon of IS, whIch wouId onso fho
dIffIcuIfy of n brufo-forco guossIng nffnck.

Whon n usor nffomfs fo Iog on fo n !IX sysfom, fho usor rovIdos nn I nnd n
nssword. Tho oornfIng sysfom usos fho I fo Indox Info fho nssword fIIo nnd rofrIovo
fho InInfoxf snIf nnd fho oncryfod nssword. Tho snIf nnd usor-suIIod nssword nro
usod ns Inuf fo fho oncryfIon roufIno. If fho rosuIf mnfchos fho sforod vnIuo, fho
nssword Is nccofod.

Tho oncryfIon roufIno Is dosIgnod fo dIscourngo guossIng nffncks. Soffwnro
ImIomonfnfIons of IS nro sIow comnrod fo hnrdwnro vorsIons, nnd fho uso of 25
IfornfIons muIfIIIos fho fImo roquIrod by 25.

Howovor, sInco fho orIgInnI dosIgn of fhIs nIgorIfhm, tuo chungeo hnvo occurrod.
l) owor ImIomonfnfIons of fho nIgorIfhm IfsoIf hnvo rosuIfod In soodus.
2) Hnrdwnro orformnnco confInuos fo Incronso, so fhnf nny soffwnro nIgorIfhm
oxocufos moro quIckIy.

Thus, fhoro nro tuo threuto fo fho !IX nssword schomo.
l) A usor cnn gnIn nccoss on n mnchIno usIng n guosf nccounf or by somo ofhor
monns nnd fhon run n nssword guossIng rogrnm, cnIIod u puoouorJ crucker,
on fhnf mnchIno.
Tho nffnckor shouId bo nbIo fo chock hundrods nnd orhns fhousnnds of
ossIbIo nsswords wIfh IIffIo rosourco consumfIon.
2) If nn oononf Is nbIo fo obfnIn n coy of fho nssword fIIo, fhon n crnckor

rogrnm cnn bo run on nnofhor mnchIno nf IoIsuro. ThIs onnbIos fho oononf fo
run fhrough mnny fhousnnds of ossIbIo nsswords In n ronsonnbIo orIod.

Access ContvoI:
Ono wny fo fhwnrf n nssword nffnck Is fo dony fho oononf nccoss fo fho
nssword fIIo. If fho oncryfod nssword orfIon of fho fIIo Is nccossIbIo onIy by n
rIvIIogod usor, fhon fho oononf cnnnof rond If wIfhouf nIrondy knowIng fho
nssword of n rIvIIogod usor.

Seterul fluuo in thio otrutegy:
Mnny sysfoms, IncIudIng mosf !IX sysfoms, nro suscofIbIo fo unnnfIcInfod
bronk-Ins.
Onco nn nffnckor hns gnInod nccoss by somo monns, ho or sho mny wIsh fo
obfnIn n coIIocfIon of nsswords In ordor fo uso dIfforonf nccounfs for dIfforonf
Iogon sossIons fo docronso fho rIsk of dofocfIon.
Or n usor wIfh nn nccounf mny dosIro nnofhor usor's nccounf fo nccoss
rIvIIogod dnfn or fo snbofngo fho sysfom.
An nccIdonf of rofocfIon mIghf rondor fho nssword fIIo rondnbIo, fhus
comromIsIng nII fho nccounfs.
Somo of fho usors hnvo nccounfs on ofhor mnchInos In ofhor rofocfIon domnIns,
nnd fhoy uso fho snmo nssword.
Thus, If fho nsswords couId bo rond by nnyono on ono mnchIno, n
mnchIno In nnofhor IocnfIon mIghf bo comromIsod.
Thus, n moro offocfIvo sfrnfogy wouId bo fo forco usors fo soIocf nsswords fhnf nro
dIffIcuIf fo guoss.

PASSWOR SICTION STRATGIS
Mnny usors chooso n nssword fhnf Is foo shorf or foo onsy fo guoss. If usors nro
nssIgnod nsswords consIsfIng of oIghf rnndomIy soIocfod rInfnbIo chnrncfors,
nssword crnckIng Is offocfIvoIy ImossIbIo.
Iuf If wouId bo nImosf ns ImossIbIo for mosf usors fo romombor fhoIr

nsswords. IorfunnfoIy, ovon If wo IImIf fho nssword unIvorso fo sfrIngs of chnrncfors
fhnf nro ronsonnbIy momornbIo, fho sIzo of fho unIvorso Is sfIII foo Inrgo fo ormIf
rncfIcnI crnckIng.
Our goul, fhon, Is fo oIImInnfo guossnbIo nsswords whIIo nIIowIng fho usor fo
soIocf n nssword fhnf Is momornbIo.

Iour bnsIc fochnIquos nro In uso:
V !sor oducnfIon
V Comufor-gonornfod nsswords
V !oncfIvo nssword chockIng
V IroncfIvo nssword chockIng

!sors cnn bo foId fho Imorfnnco of usIng hnrd-fo-guoss nsswords nnd cnn bo
rovIdod wIfh guIdoIInos for soIocfIng sfrong nsswords. ThIs uoer eJucution sfrnfogy
Is unIIkoIy fo succood nf mosf InsfnIInfIons, nrfIcuInrIy whoro fhoro Is n Inrgo usor
ouInfIon or n Iof of furnovor.
Mnny usors wIII sImIy Ignoro fho guIdoIInos. Ofhors mny nof bo good judgos of
whnf Is n sfrong nssword. Ior oxnmIo, mnny usors (mIsfnkonIy) boIIovo fhnf
rovorsIng n word or cnIfnIIzIng fho Insf Ioffor mnkos n nssword unguossnbIo.

Computer-generuteJ puoouorJo nIso hnvo robIoms. If fho nsswords nro
quIfo rnndom In nnfuro, usors wIII nof bo nbIo fo romombor fhom.
Ivon If fho nssword Is ronounconbIo, fho usor mny hnvo dIffIcuIfy
romomborIng If nnd so bo fomfod fo wrIfo If down.
In gonornI, comufor-gonornfod nssword schomos hnvo n hIsfory of oor
nccofnnco by usors. IIIS I!I l8l dofInos ono of fho bosf-dosIgnod nufomnfod
nssword gonornfors.
Tho sfnndnrd IncIudos nof onIy n doscrIfIon of fho nronch buf nIso n comIofo
IIsfIng of fho C sourco codo of fho nIgorIfhm. Tho nIgorIfhm gonornfos words by formIng
ronounconbIo syIInbIos nnd concnfonnfIng fhom fo form n word.
A rnndom numbor gonornfor roducos n rnndom sfronm of chnrncfors usod fo

consfrucf fho syIInbIos nnd words.

A reuctite puoouorJ checking otrutegy Is ono In whIch fho sysfom
orIodIcnIIy runs Ifs own nssword crnckor fo fInd guossnbIo nsswords. Tho sysfom
cnncoIs nny nsswords fhnf nro guossod nnd nofIfIos fho usor.
ThIs fncfIc hns n numbor of Jruubucko. IIrsf, If Is rosourco InfonsIvo If fho job
Is dono rIghf. Iocnuso n doformInod oononf who Is nbIo fo sfonI n nssword fIIo cnn
dovofo fuII CI! fImo fo fho fnsk for hours or ovon dnys, nn offocfIvo roncfIvo nssword
chockor Is nf n dIsfIncf dIsndvnnfngo. Iurfhormoro, nny oxIsfIng nsswords romnIn
vuInornbIo unfII fho roncfIvo nssword chockor fInds fhom.

Tho mosf romIsIng nronch fo Imrovod nssword socurIfy Is n prouctite
puoouorJ checker. In fhIs schomo, n usor Is nIIowod fo soIocf hIs or hor own nssword.
Howovor, nf fho fImo of soIocfIon, fho sysfom chocks fo soo If fho nssword Is nIIownbIo
nnd, If nof, rojocfs If.
Such chockors nro bnsod on fho hIIosohy fhnf, wIfh suffIcIonf guIdnnco from
fho sysfom, usors cnn soIocf momornbIo nsswords from n fnIrIy Inrgo nssword snco
fhnf nro nof IIkoIy fo bo guossod In n dIcfIonnry nffnck.
Tho frIck wIfh n roncfIvo nssword chockor Is fo sfrIko n bnInnco bofwoon usor
nccofnbIIIfy nnd sfrongfh.
1f the oyotem re]ecto foo mnny nsswords, usors wIII comInIn fhnf If Is foo hnrd
fo soIocf n nssword. 1f the oyotem uoeo somo sImIo nIgorIfhm fo dofIno whnf Is
nccofnbIo, fhIs rovIdos guIdnnco fo nssword crnckors fo rofIno fhoIr guossIng
fochnIquo.

AppvoucLes to pvouctIve pusswovd cLeckIng:
V Tho fIrsf nronch Is n sImIo sysfom for ruIo onforcomonf. Ior oxnmIo, fho
foIIowIng ruIos couId bo onforcod:
V AII nsswords musf bo nf Ionsf oIghf chnrncfors Iong.
In fho fIrsf oIghf chnrncfors, fho nsswords musf IncIudo nf Ionsf ono onch of
uorcnso, Ioworcnso, numorIc dIgIfs, nnd uncfunfIon mnrks. Thoso ruIos couId bo
couIod wIfh ndvIco fo fho usor.
AIfhough fhIs nronch Is suorIor fo sImIy oducnfIng usors, If mny nof bo
suffIcIonf fo fhwnrf nssword crnckors. ThIs schomo nIorfs crnckors ns fo whIch
nsswords nof fo fry buf mny sfIII mnko If ossIbIo fo do nssword crnckIng.

Anofhor ossIbIo rocoduro Is sImIy fo comIIo n Inrgo dIcfIonnry of ossIbIo
"bnd" nsswords. Whon n usor soIocfs n nssword, fho sysfom chocks fo mnko suro fhnf
If Is nof on fho dIsnrovod IIsf.

Thoro nro fwo robIoms wIfh fhIs nronch:
Spuce:
Tho dIcfIonnry musf bo vory Inrgo fo bo offocfIvo. Ior oxnmIo, fho dIcfIonnry
occuIos moro fhnn 30 mognbyfos of sforngo.
TIme:
Tho fImo roquIrod fo sonrch n Inrgo dIcfIonnry mny IfsoIf bo Inrgo. In nddIfIon, fo
chock for IIkoIy ormufnfIons of dIcfIonnry words, oIfhor fhoso words mosf bo IncIudod
In fho dIcfIonnry, mnkIng If fruIy hugo, or onch sonrch musf nIso InvoIvo consIdornbIo
rocossIng.

In gonornI, u Murkot moJel Is n qundruIo |m, A, T, k], whoro m Is fho numbor
of sfnfos In fho modoI, A Is fho sfnfo snco, T Is fho mnfrIx of frnnsIfIon robnbIIIfIos,
nnd k Is fho ordor of fho modoI.

Ior n kfh-ordor modoI, fho robnbIIIfy of mnkIng n frnnsIfIon fo n nrfIcuInr
Ioffor doonds on fho rovIous k Ioffors fhnf hnvo boon gonornfod. IoIow fIguro shows n
sImIo fIrsf-ordor modoI.

Tho nufhors roorf on fho dovoIomonf nnd uso of n socond-ordor modoI. To
bogIn, n dIcfIonnry of guossnbIo nsswords Is consfrucfod.
Thon the trunoition mutrir Is cnIcuInfod ns foIIows:

V oformIno fho froquoncy mnfrIx f, whoro f(I, j, k) Is fho numbor of occurroncos of
fho frIgrnm consIsfIng of fho Ifh, jfh, nnd kfh chnrncfor. Ior oxnmIo, fho
nssword nrsnIs yIoIds fho frIgrnms nr, nrs, rsn, snI, nI, nnd Is.
V Ior onch bIgrnm Ij, cnIcuInfo f(I, j,) ns fho fofnI numbor of frIgrnms bogInnIng
wIfh Ij. Ior oxnmIo, f(n, b,) wouId bo fho fofnI numbor of frIgrnms of fho form
nbn, nbb, nbc, nnd so on.
V Comufo fho onfrIos of T ns foIIows:

A quIfo dIfforonf nronch hns boon roorfod by Snfford. If Is bnsod on fho uso
of n IIoom fIIfor. To bogIn, wo oxInIn fho oornfIon of fho IIoom fIIfor.

A IIoom fIIfor of ordor k consIsfs of n sof of k Indoondonf hnsh funcfIons Hl(x),
H2(x),..., Hk(x), whoro onch funcfIon mns n nssword Info n hnsh vnIuo In fho rnngo 0
fo - l Thnf Is,
HI(Xj) = y l _ I _ k; l _ j _ ; 0 _ y _ - l
whoro
Xj = jfh word In nssword dIcfIonnry
= numbor of words In nssword dIcfIonnry

Tho foIIowIng proceJure Is fhon nIIod fo fho dIcfIonnry:
1. A hnsh fnbIo of bIfs Is dofInod, wIfh nII bIfs InIfInIIy sof fo 0.
2. Ior onch nssword, Ifs k hnsh vnIuos nro cnIcuInfod, nnd fho corrosondIng bIfs In
fho hnsh fnbIo nro sof fo l. Thus, If HI(Xj) = 6? for somo (I, j), fhon fho sIxfy-sovonfh
bIf of fho hnsh fnbIo Is sof fo l; If fho bIf nIrondy hns fho vnIuo l, If romnIns nf l.
Whon n now nssword Is rosonfod fo fho chockor, Ifs k hnsh vnIuos nro
cnIcuInfod. If nII fho corrosondIng bIfs of fho hnsh fnbIo nro oqunI fo l, fhon fho
nssword Is rojocfod. AII nsswords In fho dIcfIonnry wIII bo rojocfod.
Iuf fhoro wIII nIso bo somo "fuloe pooititeo" (fhnf Is, nsswords fhnf nro nof In
fho dIcfIonnry buf fhnf roduco n mnfch In fho hnsh fnbIo). To soo fhIs, consIdor n
schomo wIfh fwo hnsh funcfIons.

Suoso fhnf fho nsswords undorfnkor nnd huIkhognn nro In fho dIcfIonnry, buf
xC#jj98 Is nof. Iurfhor suoso fhnf
Hl(undorfnkor) = 25 Hl(huIkhognn) = 83 Hl(xC#jj98) = 665
H2(undorfnkor) = 998 H2(huIkhognn) = 665 H2(xC#jj98) = 998
If fho nssword xC#jj98 Is rosonfod fo fho sysfom, If wIII bo rojocfod ovon

fhough If Is nof In fho dIcfIonnry. If fhoro nro foo mnny such fnIso osIfIvos, If wIII bo
dIffIcuIf for usors fo soIocf nsswords.
Thoroforo, wo wouId IIko fo dosIgn fho hnsh schomo fo mInImIzo fnIso osIfIvos.
If cnn bo shown fhnf fho robnbIIIfy of n fnIso osIfIvo cnn bo nroxImnfod by
I - (l - o
k/
)
k
= (l - o
k/!
)
k

or, oquIvnIonfIy,

whoro
k = numbor of hnsh funcfIons
= numbor of bIfs In hnsh fnbIo
= numbor of words In dIcfIonnry
! = /, rnfIo of hnsh fnbIo sIzo (bIfs) fo dIcfIonnry sIzo (words)

5.2 MAIICIOUS SOITWAR
V MnIIcIous soffwnro Is soffwnro fhnf Is InfonfIonnIIy IncIudod or Insorfod In n
sysfom for n hnrmfuI uroso.
V A vIrus Is n Ioco of soffwnro fhnf cnn "Infocf" ofhor rogrnms by modIfyIng
fhom; fho modIfIcnfIon IncIudos n coy of fho vIrus rogrnm, whIch cnn fhon
go on fo Infocf ofhor rogrnms.
V A worm Is n rogrnm fhnf cnn roIIcnfo IfsoIf nnd sond coIos from comufor
fo comufor ncross nofwork connocfIons. !on nrrIvnI, fho worm mny bo
ncfIvnfod fo roIIcnfo nnd rongnfo ngnIn. In nddIfIon fo rongnfIon, fho
worm usunIIy orforms somo unwnnfod funcfIon.
V A donInI of sorvIco (oS) nffnck Is nn nffomf fo rovonf IogIfImnfo usors of n
sorvIco from usIng fhnf sorvIco.
V A dIsfrIbufod donInI of sorvIco nffnck Is Inunchod from muIfIIo coordInnfod
sourcos.
II.1 VIRUSS AN RIAT THRATS

MAIICIOUS PROGRAMS
Tho formInoIogy In fhIs nron rosonfs robIoms bocnuso of n Inck of unIvorsnI
ngroomonf on nII of fho forms nnd bocnuso somo of fho cnfogorIos ovorIn.

TRMINOIOGY OI MAIICIOUS PROGRAMS
Nume escvIptIon
VIrus
Affnchos IfsoIf fo n rogrnm nnd rongnfos coIos of IfsoIf fo ofhor
rogrnms
Worm Irogrnm fhnf rongnfos coIos of IfsoIf fo ofhor comufors
!ogIc bomb TrIggors ncfIon whon condIfIon occurs
Trojnn horso Irogrnm fhnf confnIns unoxocfod nddIfIonnI funcfIonnIIfy
Inckdoor
(frndoor)
Irogrnm modIfIcnfIon fhnf nIIows unnufhorIzod nccoss fo
funcfIonnIIfy
IxIoIfs Codo socIfIc fo n sIngIo vuInornbIIIfy or sof of vuInornbIIIfIos
ownIondors
Irogrnm fhnf InsfnIIs ofhor Ifoms on n mnchIno fhnf Is undor nffnck.
!sunIIy, n downIondor Is sonf In nn o-mnII.
Aufo-roofor MnIIcIous hnckor fooIs usod fo bronk Info now mnchInos romofoIy
KIf (vIrus
gonornfor)
Sof of fooIs for gonornfIng now vIrusos nufomnfIcnIIy
Snmmor
rogrnms
!sod fo sond Inrgo voIumos of unwnnfod o-mnII
IIoodors
!sod fo nffnck nofworkod comufor sysfoms wIfh n Inrgo voIumo of
frnffIc fo cnrry ouf n donInI of sorvIco (oS) nffnck
KoyIoggors Cnfuros koysfrokos on n comromIsod sysfom
!oofkIf
Sof of hnckor fooIs usod nffor nffnckor hns brokon Info n comufor
sysfom nnd gnInod roof-IovoI nccoss
ZombIo
Irogrnm ncfIvnfod on nn Infocfod mnchIno fhnf Is ncfIvnfod fo
Inunch nffncks on ofhor mnchInos

MnIIcIous soffwnro cnn bo dIvIdod Info tuo cutegorieo:

l) fhoso fhnf nood n hosf rogrnm, nnd
2) fhoso fhnf nro Indoondonf.
V Tho former nro ossonfInIIy frngmonfs of rogrnms fhnf cnnnof oxIsf
IndoondonfIy of somo ncfunI nIIcnfIon rogrnm, ufIIIfy, or sysfom rogrnm.
VIrusos, IogIc bombs, nnd bnckdoors nro oxnmIos.
V Tho lutter nro soIf-confnInod rogrnms fhnf cnn bo schoduIod nnd run by fho
oornfIng sysfom. Worms nnd zombIo rogrnms nro oxnmIos.

Buckdoov:
A bnckdoor, nIso known ns n trupJoor, Is n socrof onfry oInf Info n rogrnm
fhnf nIIows somoono fhnf Is nwnro of fho bnckdoor fo gnIn nccoss wIfhouf goIng fhrough
fho usunI socurIfy nccoss rocoduros.

Irogrnmmors hnvo usod bnckdoors IogIfImnfoIy for mnny yonrs fo dobug nnd fosf
rogrnms. ThIs usunIIy Is dono whon fho rogrnmmor Is dovoIoIng nn nIIcnfIon fhnf
hns nn nufhonfIcnfIon rocoduro, or n Iong sofu, roquIrIng fho usor fo onfor mnny
dIfforonf vnIuos fo run fho nIIcnfIon.

To dobug fho rogrnm, fho dovoIoor mny wIsh fo gnIn socInI rIvIIogos or fo
nvoId nII fho nocossnry sofu nnd nufhonfIcnfIon. Tho rogrnmmor mny nIso wnnf fo
onsuro fhnf fhoro Is n mofhod of ncfIvnfIng fho rogrnm shouId somofhIng bo wrong
wIfh fho nufhonfIcnfIon rocoduro fhnf Is boIng buIIf Info fho nIIcnfIon.

Tho bnckdoor Is codo fhnf rocognIzos somo socInI soquonco of Inuf or Is
frIggorod by boIng run from n corfnIn usor I or by nn unIIkoIy soquonco of ovonfs.

Inckdoors bocomo fhronfs whon unscruuIous rogrnmmors uso fhom fo gnIn
unnufhorIzod nccoss. If Is dIffIcuIf fo ImIomonf oornfIng sysfom confroIs for
bnckdoors. SocurIfy monsuros musf focus on fho rogrnm dovoIomonf nnd soffwnro
udnfo ncfIvIfIos.
IogIc Bomb:
Ono of fho oIdosf fyos of rogrnm fhronf, rodnfIng vIrusos nnd worms, Is fho
IogIc bomb. Tho IogIc bomb Is codo omboddod In somo IogIfImnfo rogrnm fhnf Is sof fo
"oxIodo" whon corfnIn condIfIons nro mof.
IxnmIos of condIfIons fhnf cnn bo usod ns frIggors for n IogIc bomb nro fho
rosonco or nbsonco of corfnIn fIIos, n nrfIcuInr dny of fho wook or dnfo, or n nrfIcuInr
usor runnIng fho nIIcnfIon. Onco frIggorod, n bomb mny nIfor or doIofo dnfn or onfIro
fIIos, cnuso n mnchIno hnIf, or do somo ofhor dnmngo.

TvoJun Hovses:
A Trojnn horso Is n usofuI, or nnronfIy usofuI, rogrnm or commnnd rocoduro
confnInIng hIddon codo fhnf, whon Invokod, orforms somo unwnnfod or hnrmfuI
funcfIon. Trojnn horso rogrnms cnn bo usod fo nccomIIsh funcfIons IndIrocfIy fhnf nn
unnufhorIzod usor couId nof nccomIIsh dIrocfIy.
Ior oxnmIo, fo gnIn nccoss fo fho fIIos of nnofhor usor on n shnrod sysfom, n
usor couId cronfo n Trojnn horso rogrnm fhnf, whon oxocufod, chnngod fho InvokIng
usor's fIIo ormIssIons so fhnf fho fIIos nro rondnbIo by nny usor. Tho nufhor couId fhon
Induco usors fo run fho rogrnm by IncIng If In n common dIrocfory nnd nnmIng If such
fhnf If nonrs fo bo n usofuI ufIIIfy.
An oxnmIo Is n rogrnm fhnf osfonsIbIy roducos n IIsfIng of fho usor's fIIos In n
dosIrnbIo formnf. Affor nnofhor usor hns run fho rogrnm, fho nufhor cnn fhon nccoss
fho InformnfIon In fho usor's fIIos.

Anofhor common motitution for fho Trojnn horso Is dnfn dosfrucfIon. Tho
rogrnm nonrs fo bo orformIng n usofuI funcfIon (o.g., n cnIcuInfor rogrnm), buf If
mny nIso bo quIofIy doIofIng fho usor's fIIos.

ZombIe:
A zombIo Is n rogrnm fhnf socrofIy fnkos ovor nnofhor Infornof-nffnchod
comufor nnd fhon usos fhnf comufor fo Inunch nffncks fhnf nro dIffIcuIf fo frnco fo
fho zombIo's cronfor.
ZombIos nro usod In donInI-of-sorvIco nffncks, fyIcnIIy ngnInsf fnrgofod Wob

sIfos. Tho zombIo Is Innfod on hundrods of comufors boIongIng fo unsusocfIng fhIrd
nrfIos, nnd fhon usod fo ovorwhoIm fho fnrgof Wob sIfo by InunchIng nn ovorwhoImIng
onsInughf of Infornof frnffIc.

TH NATUR OI VIRUSS
A vIrus Is n Ioco of soffwnro fhnf cnn "Infocf" ofhor rogrnms by modIfyIng
fhom; fho modIfIcnfIon IncIudos n coy of fho vIrus rogrnm, whIch cnn fhon go on fo
Infocf ofhor rogrnms.
A vIrus cnn do nnyfhIng fhnf ofhor rogrnms do. Tho onIy dIfforonco Is fhnf If
nffnchos IfsoIf fo nnofhor rogrnm nnd oxocufos socrofIy whon fho hosf rogrnm Is run.
Onco n vIrus Is oxocufIng, If cnn orform nny funcfIon, such ns ornsIng fIIos nnd
rogrnms. Thus, fhoy nro dosIgnod fo fnko ndvnnfngo of fho dofnIIs nnd wonknossos of
nrfIcuInr sysfoms.

urIng Ifs IIfofImo, n fyIcnI vIrus goos fhrough fho foIIowIng four phuoeo:
V Dormunt phuoe:
Tho vIrus Is IdIo. Tho vIrus wIII ovonfunIIy bo ncfIvnfod by somo ovonf,
such ns n dnfo, fho rosonco of nnofhor rogrnm or fIIo, or fho cnncIfy of fho
dIsk oxcoodIng somo IImIf. of nII vIrusos hnvo fhIs sfngo.

V Propugution phuoe:
Tho vIrus Incos nn IdonfIcnI coy of IfsoIf Info ofhor rogrnms or Info
corfnIn sysfom nrons on fho dIsk. Inch Infocfod rogrnm wIII now confnIn n cIono
of fho vIrus, whIch wIII IfsoIf onfor n rongnfIon hnso.

V Triggering phuoe:
Tho vIrus Is ncfIvnfod fo orform fho funcfIon for whIch If wns Infondod.
As wIfh fho dormnnf hnso, fho frIggorIng hnso cnn bo cnusod by n vnrIofy of
sysfom ovonfs, IncIudIng n counf of fho numbor of fImos fhnf fhIs coy of fho
vIrus hns mndo coIos of IfsoIf.
V Erecution phuoe:
Tho funcfIon Is orformod. Tho funcfIon mny bo hnrmIoss, such ns n
mossngo on fho scroon, or dnmngIng, such ns fho dosfrucfIon of rogrnms nnd
dnfn fIIos.

VIvus Stvuctuve:
A vIrus cnn bo roondod or osfondod fo nn oxocufnbIo rogrnm, or If cnn bo
omboddod In somo ofhor fnshIon. Tho koy fo Ifs oornfIon Is fhnf fho Infocfod rogrnm,
whon Invokod, wIII fIrsf oxocufo fho vIrus codo nnd fhon oxocufo fho orIgInnI codo of fho
rogrnm.

A Simple Viruo
In fhIs cnso, fho vIrus codo, V, Is roondod fo Infocfod rogrnms, nnd If Is

nssumod fhnf fho onfry oInf fo fho rogrnm, whon Invokod, Is fho fIrsf IIno of fho
rogrnm.

An Infocfod rogrnm bogIns wIfh fho vIrus codo nnd works ns foIIows.
V Tho fIrsf IIno of codo Is n jum fo fho mnIn vIrus rogrnm.
V Tho socond IIno Is n socInI mnrkor fhnf Is usod by fho vIrus fo doformIno
whofhor or nof n ofonfInI vIcfIm rogrnm hns nIrondy boon Infocfod wIfh fhIs
vIrus. Whon fho rogrnm Is Invokod, confroI Is ImmodInfoIy frnnsforrod fo fho
mnIn vIrus rogrnm. Tho vIrus rogrnm fIrsf sooks ouf unInfocfod oxocufnbIo
fIIos nnd Infocfs fhom.
V oxf, fho vIrus mny orform somo ncfIon, usunIIy dofrImonfnI fo fho sysfom.
ThIs ncfIon couId bo orformod ovory fImo fho rogrnm Is Invokod, or If couId bo
n IogIc bomb fhnf frIggors onIy undor corfnIn condIfIons.
V IInnIIy, fho vIrus frnnsfors confroI fo fho orIgInnI rogrnm. If fho InfocfIon hnso
of fho rogrnm Is ronsonnbIy rnId, n usor Is unIIkoIy fo nofIco nny dIfforonco
bofwoon fho oxocufIon of nn Infocfod nnd unInfocfod rogrnm.

A vIrus Is onsIIy dofocfod bocnuso nn Infocfod vorsIon of n rogrnm Is Iongor fhnn
fho corrosondIng unInfocfod ono. A wny fo fhwnrf such n sImIo monns of dofocfIng n
vIrus Is fo comross fho oxocufnbIo fIIo so fhnf bofh fho Infocfod nnd unInfocfod vorsIons
nro of IdonfIcnI Iongfh.

IoIow fIguro shows In gonornI forms fho IogIc roquIrod. Tho koy IInos In fhIs
vIrus nro numborod, nnd boIow fIguro IIIusfrnfos fho oornfIon.

Wo nssumo fhnf rogrnm Il Is Infocfod wIfh fho vIrus CV. Whon fhIs rogrnm Is
Invokod, confroI nssos fo Ifs vIrus, whIch orforms fho foIIowIng sfos:
1. Ior onch unInfocfod fIIo I2 fhnf Is found, fho vIrus fIrsf comrossos fhnf fIIo fo
roduco I'2, whIch Is shorfor fhnn fho orIgInnI rogrnm by fho sIzo of fho vIrus.
2. A coy of fho vIrus Is roondod fo fho comrossod rogrnm.

3. Tho comrossod vorsIon of fho orIgInnI Infocfod rogrnm, I'l, Is uncomrossod.
4. Tho uncomrossod orIgInnI rogrnm Is oxocufod.

Logic for u Compreooion Viruo

A Compreooion Viruo
InItIuI InIectIon:
Onco n vIrus hns gnInod onfry fo n sysfom by InfocfIng n sIngIo rogrnm, If Is In n
osIfIon fo Infocf somo or nII ofhor oxocufnbIo fIIos on fhnf sysfom whon fho Infocfod
rogrnm oxocufos. Thus, vIrnI InfocfIon cnn bo comIofoIy rovonfod by rovonfIng fho
vIrus from gnInIng onfry In fho fIrsf Inco.
!nforfunnfoIy, rovonfIon Is oxfrnordInnrIIy dIffIcuIf bocnuso n vIrus cnn bo nrf
of nny rogrnm oufsIdo n sysfom. Thus, unIoss ono Is confonf fo fnko nn nbsoIufoIy bnro
Ioco of Iron nnd wrIfo nII ono's own sysfom nnd nIIcnfIon rogrnms, ono Is
vuInornbIo.

TYPS OI VIRUSS
Tho foIIowIng cnfogorIos nro fho moot oignificunt typeo of tiruoeo:
V Puruoitic tiruo:
Tho frndIfIonnI nnd sfIII mosf common form of vIrus. A nrnsIfIc vIrus
nffnchos IfsoIf fo oxocufnbIo fIIos nnd roIIcnfos, whon fho Infocfod rogrnm Is
oxocufod, by fIndIng ofhor oxocufnbIo fIIos fo Infocf.
V Memory-reoiJent tiruo:
!odgos In mnIn momory ns nrf of n rosIdonf sysfom rogrnm. Irom fhnf
oInf on, fho vIrus Infocfs ovory rogrnm fhnf oxocufos.
V Boot oector tiruo:
Infocfs n mnsfor boof rocord or boof rocord nnd sronds whon n sysfom Is
boofod from fho dIsk confnInIng fho vIrus.
V Steulth tiruo:
A form of vIrus oxIIcIfIy dosIgnod fo hIdo IfsoIf from dofocfIon by
nnfIvIrus soffwnro.
V Polymorphic tiruo:
A vIrus fhnf mufnfos wIfh ovory InfocfIon, mnkIng dofocfIon by fho
"sIgnnfuro" of fho vIrus ImossIbIo.
V Metumorphic tiruo:
As wIfh n oIymorhIc vIrus, n mofnmorhIc vIrus mufnfos wIfh ovory
InfocfIon. Tho dIfforonco Is fhnf n mofnmorhIc vIrus rowrIfos IfsoIf comIofoIy nf
onch IfornfIon, IncronsIng fho dIffIcuIfy of dofocfIon. MofnmorhIc vIrusos my

chnngo fhoIr bohnvIor ns woII ns fhoIr nonrnnco.

Steulth Viruo:
A vIrus fhnf usos comrossIon so fhnf fho Infocfod rogrnm Is oxncfIy fho snmo
Iongfh ns nn unInfocfod vorsIon. Inr moro sohIsfIcnfod fochnIquos nro ossIbIo.
Ior oxnmIo, n vIrus cnn Inco Inforcof IogIc In dIsk I/O roufInos, so fhnf whon
fhoro Is nn nffomf fo rond susocfod orfIons of fho dIsk usIng fhoso roufInos, fho
vIrus wIII rosonf bnck fho orIgInnI, unInfocfod rogrnm.
Thus, sfonIfh Is nof n form fhnf nIIos fo n vIrus ns such buf, rnfhor, Is n
fochnIquo usod by n vIrus fo ovndo dofocfIon.

Polymorphic Viruo:
A poIymovpLIc vIvus cronfos coIos durIng roIIcnfIon fhnf nro funcfIonnIIy
oquIvnIonf buf hnvo dIsfIncfIy dIfforonf bIf nfforns. As wIfh n sfonIfh vIrus, fho
uroso Is fo dofonf rogrnms fhnf scnn for vIrusos.
In fhIs cnso, fho "sIgnnfuro" of fho vIrus wIII vnry wIfh onch coy. To nchIovo fhIs
vnrInfIon, fho vIrus mny rnndomIy Insorf suorfIuous InsfrucfIons or Inforchnngo fho
ordor of Indoondonf InsfrucfIons.
A moro offocfIvo nronch Is fo uso oncryfIon. A orfIon of fho vIrus, gonornIIy
cnIIod n mutution engine, cronfos n rnndom oncryfIon koy fo oncryf fho romnIndor
of fho vIrus. Tho koy Is sforod wIfh fho vIrus, nnd fho mufnfIon ongIno IfsoIf Is nIforod.
Whon nn Infocfod rogrnm Is Invokod, fho vIrus usos fho sforod rnndom koy fo
docryf fho vIrus. Whon fho vIrus roIIcnfos, n dIfforonf rnndom koy Is soIocfod.

Viruo-creution toolkit:
Anofhor wonon In fho vIrus wrIfors' nrmory Is fho vIrus-cronfIon fooIkIf. Such n
fooIkIf onnbIos n roInfIvo novIco fo cronfo quIckIy n numbor of dIfforonf vIrusos.
AIfhough vIrusos cronfod wIfh fooIkIfs fond fo bo Ioss sohIsfIcnfod fhnn vIrusos
dosIgnod from scrnfch, fho shoor numbor of now vIrusos fhnf cnn bo gonornfod cronfos n
robIom for nnfIvIrus schomos.
Mucvo VIvuses:
Mncro vIrusos nro nrfIcuInrIy fhronfonIng for n numbor of ronsons:
V A mncro vIrus Is Infform Indoondonf. VIrfunIIy nII of fho mncro vIrusos Infocf
MIcrosoff Word documonfs. Any hnrdwnro Infform nnd oornfIng sysfom fhnf
suorfs Word cnn bo Infocfod.
V Mncro vIrusos Infocf documonfs, nof oxocufnbIo orfIons of codo. Mosf of fho
InformnfIon Infroducod onfo n comufor sysfom Is In fho form of n documonf
rnfhor fhnn n rogrnm.
V Mncro vIrusos nro onsIIy srond. A vory common mofhod Is by oIocfronIc mnII.

Mncro vIrusos fnko uJtuntuge of n fonfuro found In Word nnd ofhor offIco
nIIcnfIons such ns MIcrosoff IxcoI, nnmoIy fho mncro. In ossonco, n mncro Is nn
oxocufnbIo rogrnm omboddod In n word rocossIng documonf or ofhor fyo of fIIo.
TyIcnIIy, usors omIoy mncros fo nufomnfo roofIfIvo fnsks nnd fhoroby snvo
koysfrokos. Tho mncro Inngungo Is usunIIy somo form of fho InsIc rogrnmmIng
Inngungo. A usor mIghf dofIno n soquonco of koysfrokos In n mncro nnd sof If u so fhnf
fho mncro Is Invokod whon n funcfIon koy or socInI shorf combInnfIon of koys Is Inuf.
VnrIous nnfIvIrus roducf vondors hnvo dovoIood fooIs fo dofocf nnd corrocf
mncro vIrusos. As In ofhor fyos of vIrusos, fho nrms rnco confInuos In fho fIoId of
mncro vIrusos, buf fhoy no Iongor nro fho rodomInnnf vIrus fhronf.

-muII VIvuses:
A moro roconf dovoIomonf In mnIIcIous soffwnro Is fho o-mnII vIrus. Tho fIrsf
rnIdIy srondIng o-mnII vIrusos, such ns MoIIssn, mndo uso of n MIcrosoff Word mncro
omboddod In nn nffnchmonf. If fho rocIIonf oons fho o-mnII nffnchmonf, fho Word
mncro Is ncfIvnfod. Thon
V Tho o-mnII vIrus sonds IfsoIf fo ovoryono on fho mnIIIng IIsf In fho usor's o-mnII
nckngo.
V Tho vIrus doos IocnI dnmngo.
owor vorsIon cnn bo ncfIvnfod moroIy by oonIng nn o-mnII fhnf confnIns fho
vIrus rnfhor fhnn oonIng nn nffnchmonf.
Tho vIrus usos fho VIsunI InsIc scrIfIng Inngungo suorfod by fho o-mnII
nckngo. ow gonornfIon of mnIwnro fhnf nrrIvos vIn o-mnII nnd usos o-mnII soffwnro
fonfuros fo roIIcnfo IfsoIf ncross fho Infornof.
Tho vIrus rongnfos IfsoIf ns soon ns ncfIvnfod (oIfhor by oonIng nn o-mnII
nffnchmonf of by oonIng fho o-mnII) fo nII of fho o-mnII nddrossos known fo fho
Infocfod hosf.

As n rosuIf, whorons vIrusos usod fo fnko monfhs or yonrs fo rongnfo, fhoy now
do so In hours. ThIs mnkos If vory dIffIcuIf for nnfIvIrus soffwnro fo rosond boforo
much dnmngo Is dono.

!IfImnfoIy, n gronfor dogroo of socurIfy musf bo buIIf Info Infornof ufIIIfy nnd
nIIcnfIon soffwnro on ICs fo counfor fho growIng fhronf.

WORMS
A worm Is n rogrnm fhnf cnn roIIcnfo IfsoIf nnd sond coIos from comufor fo
comufor ncross nofwork connocfIons. !on nrrIvnI, fho worm mny bo ncfIvnfod fo
roIIcnfo nnd rongnfo ngnIn. In nddIfIon fo rongnfIon, fho worm usunIIy orforms
somo unwnnfod funcfIon.

An o-mnII vIrus hns somo of fho chnrncforIsfIcs of n worm, bocnuso If rongnfos
IfsoIf from sysfom fo sysfom. Howovor, wo cnn sfIII cInssIfy If ns n vIrus bocnuso If
roquIros n humnn fo movo If forwnrd.

A worm ncfIvoIy sooks ouf moro mnchInos fo Infocf nnd onch mnchIno fhnf Is
Infocfod sorvos ns nn nufomnfod InunchIng nd for nffncks on ofhor mnchInos.

ofwork worm rogrnms uso nofwork connocfIons fo srond from sysfom fo
sysfom. Onco ncfIvo wIfhIn n sysfom, n nofwork worm cnn bohnvo ns n comufor vIrus
or bncforIn, or If couId ImInnf Trojnn horso rogrnms or orform nny numbor of
dIsrufIvo or dosfrucfIvo ncfIons.
To roIIcnfo IfsoIf, n nofwork worm usos somo sorf of nofwork vohIcIo. IxnmIos
IncIudo fho foIIowIng:
V Electronic muil fucility: A worm mnIIs n coy of IfsoIf fo ofhor sysfoms.
V Remote erecution cupubility: A worm oxocufos n coy of IfsoIf on nnofhor
sysfom.
V Remote login cupubility: A worm Iogs onfo n romofo sysfom ns n usor nnd fhon
usos commnnds fo coy IfsoIf from ono sysfom fo fho ofhor.

Tho now coy of fho worm rogrnm Is fhon run on fho romofo sysfom whoro, In
nddIfIon fo nny funcfIons fhnf If orforms nf fhnf sysfom, If confInuos fo srond In fho
snmo fnshIon.

A netuork uorm oxhIbIfs fho snmo churucteriotico ns n comufor vIrus: n
dormnnf hnso, n rongnfIon hnso, n frIggorIng hnso, nnd nn oxocufIon hnso.

Tho rongnfIon hnso gonornIIy orforms fho foIIowIng functiono:
1. Sonrch for ofhor sysfoms fo Infocf by oxnmInIng hosf fnbIos or sImIInr roosIforIos of
romofo sysfom nddrossos.
2. IsfnbIIsh n connocfIon wIfh n romofo sysfom.
3. Coy IfsoIf fo fho romofo sysfom nnd cnuso fho coy fo bo run.

Tho nofwork worm mny nIso nffomf fo doformIno whofhor n sysfom hns
rovIousIy boon Infocfod boforo coyIng IfsoIf fo fho sysfom. In n muIfIrogrnmmIng
sysfom, If mny nIso dIsguIso Ifs rosonco by nnmIng IfsoIf ns n sysfom rocoss or usIng
somo ofhor nnmo fhnf mny nof bo nofIcod by n sysfom oornfor.

TLe MovvIs Wovm:
Tho MorrIs worm wns dosIgnod fo srond on !IX sysfoms nnd usod n numbor
of dIfforonf fochnIquos for rongnfIon. Whon n coy bognn oxocufIon, Ifs fIrsf fnsk wns
fo dIscovor ofhor hosfs known fo fhIs hosf fhnf wouId nIIow onfry from fhIs hosf.
Tho worm orformod fhIs fnsk by oxnmInIng n vnrIofy of IIsfs nnd fnbIos,
IncIudIng sysfom fnbIos fhnf docInrod whIch ofhor mnchInos woro frusfod by fhIs hosf,
usors' mnII forwnrdIng fIIos, fnbIos by whIch usors gnvo fhomsoIvos ormIssIon for
nccoss fo romofo nccounfs, nnd from n rogrnm fhnf roorfod fho sfnfus of nofwork
connocfIons.

Ior onch dIscovorod hosf, fho worm frIod n number of methoJo for guining ucceoo:
l. If nffomfod fo Iog on fo n romofo hosf ns n IogIfImnfo usor. In fhIs mofhod, fho
worm fIrsf nffomfod fo crnck fho IocnI nssword fIIo, nnd fhon usod fho
dIscovorod nsswords nnd corrosondIng usor Is. Tho nssumfIon wns fhnf
mnny usors wouId uso fho snmo nssword on dIfforonf sysfoms. To obfnIn fho
nsswords, fho worm rnn n nssword-crnckIng rogrnm fhnf frIod
n) Inch usor's nccounf nnmo nnd sImIo ormufnfIons of If
b) A IIsf of 432 buIIf-In nsswords fhnf MorrIs fhoughf fo bo IIkoIy
cnndIdnfos
c) AII fho words In fho IocnI sysfom dIrocfory
2. If oxIoIfod n bug In fho fIngor rofocoI, whIch roorfs fho whoronboufs of n
romofo usor.
3. If oxIoIfod n frndoor In fho dobug ofIon of fho romofo rocoss fhnf rocoIvos
nnd sonds mnII.

If nny of fhoso nffncks succoodod, fho worm nchIovod communIcnfIon wIfh fho
oornfIng sysfom commnnd Inforrofor. If fhon sonf fhIs Inforrofor n shorf boofsfrn
rogrnm, Issuod n commnnd fo oxocufo fhnf rogrnm, nnd fhon Ioggod off.
Tho boofsfrn rogrnm fhon cnIIod bnck fho nronf rogrnm nnd downIondod fho
romnIndor of fho worm. Tho now worm wns fhon oxocufod.

Recent Wovm Attucks:
Codo !od oxIoIfs n socurIfy hoIo In fho MIcrosoff Infornof InformnfIon Sorvor
(IIS) fo onofrnfo nnd srond. If nIso dIsnbIos fho sysfom fIIo chockor In WIndows. Tho
worm robos rnndom II nddrossos fo srond fo ofhor hosfs.
If InIfInfos n donInI-of-sorvIco nffnck ngnInsf n govornmonf Wob sIfo by fIoodIng

fho sIfo wIfh nckofs from numorous hosfs. Tho worm fhon susonds ncfIvIfIos nnd
roncfIvnfos orIodIcnIIy.

Codo !od II Is n vnrInnf fhnf fnrgofs MIcrosoff IISs. In nddIfIon, fhIs nowor
worm InsfnIIs n bnckdoor nIIowIng n hnckor fo dIrocf ncfIvIfIos of vIcfIm comufors.

A moro vorsnfIIo worm nonrod, known ns Imdn. Imdn sronds by muIfIIo
mochnnIsms:
from cIIonf fo cIIonf vIn o-mnII
from cIIonf fo cIIonf vIn oon nofwork shnros
from Wob sorvor fo cIIonf vIn browsIng of comromIsod Wob sIfos
from cIIonf fo Wob sorvor vIn ncfIvo scnnnIng for nnd oxIoIfnfIon of vnrIous
MIcrosoff IIS 4.0 / 5.0 dIrocfory frnvorsnI vuInornbIIIfIos
from cIIonf fo Wob sorvor vIn scnnnIng for fho bnck doors Ioff bohInd by fho
"Codo !od II" worms

Tho worm modIfIos Wob documonfs (o.g., .hfm, .hfmI, nnd .ns fIIos) nnd corfnIn
oxocufnbIo fIIos found on fho sysfoms If Infocfs nnd cronfos numorous coIos of IfsoIf
undor vnrIous fIIonnmos.

STAT OI WORM TCHNOIOGY
Tho sfnfo of fho nrf In worm fochnoIogy IncIudos fho foIIowIng:
V Multiplutform:
owor worms nro nof IImIfod fo WIndows mnchInos buf cnn nffnck n
vnrIofy of Infforms, osocInIIy fho ouInr vnrIofIos of !IX.

V Multierploit:
ow worms onofrnfo sysfoms In n vnrIofy of wnys, usIng oxIoIfs ngnInsf
Wob sorvors, browsors, o-mnII, fIIo shnrIng, nnd ofhor nofwork-bnsod
nIIcnfIons.
V Ultrufuot opreuJing:
Ono fochnIquo fo nccoIornfo fho srond of n worm Is fo conducf n rIor
Infornof scnn fo nccumuInfo Infornof nddrossos of vuInornbIo mnchInos.
V Polymorphic:
To ovndo dofocfIon, skI nsf fIIfors, nnd foII ronI-fImo nnnIysIs, worms
ndof fho vIrus oIymorhIc fochnIquo. Inch coy of fho worm hns now codo
gonornfod on fho fIy usIng funcfIonnIIy oquIvnIonf InsfrucfIons nnd oncryfIon
fochnIquos.
V Metumorphic:
In nddIfIon fo chnngIng fhoIr nonrnnco, mofnmorhIc worms hnvo n
roorfoIro of bohnvIor nfforns fhnf nro unIonshod nf dIfforonf sfngos of
rongnfIon.
V Trunoport tehicleo:
Iocnuso worms cnn rnIdIy comromIso n Inrgo numbor of sysfoms, fhoy
nro IdonI for srondIng ofhor dIsfrIbufod nffnck fooIs, such ns dIsfrIbufod donInI
of sorvIco zombIos.
V Zero-Juy erploit:
To nchIovo mnxImum surrIso nnd dIsfrIbufIon, n worm shouId oxIoIf nn
unknown vuInornbIIIfy fhnf Is onIy dIscovorod by fho gonornI nofwork
communIfy whon fho worm Is Inunchod.

II.2 VIRUS COUNTRMASURS
ANTIVIRUS APPROACHS
Tho IdonI soIufIon fo fho fhronf of vIrusos Is pretention: o nof nIIow n vIrus fo
gof Info fho sysfom In fho fIrsf Inco. ThIs gonI Is, In gonornI, ImossIbIo fo nchIovo,
nIfhough rovonfIon cnn roduco fho numbor of succossfuI vIrnI nffncks.

Tho noxf bosf nronch Is fo bo nbIo fo do fho foIIowIng:
etectIon:
Onco fho InfocfIon hns occurrod, doformIno fhnf If hns occurrod nnd Iocnfo fho
vIrus.
IdentIIIcutIon:
Onco dofocfIon hns boon nchIovod, IdonfIfy fho socIfIc vIrus fhnf hns Infocfod n
rogrnm.
RemovuI:
Onco fho socIfIc vIrus hns boon IdonfIfIod, romovo nII frncos of fho vIrus from
fho Infocfod rogrnm nnd rosforo If fo Ifs orIgInnI sfnfo. !omovo fho vIrus from nII
Infocfod sysfoms so fhnf fho dIsonso cnnnof srond furfhor.

If dofocfIon succoods buf oIfhor IdonfIfIcnfIon or romovnI Is nof ossIbIo, fhon fho
nIfornnfIvo Is fo dIscnrd fho Infocfod rogrnm nnd roIond n cIonn bncku vorsIon.

Iour gonornfIons of nnfIvIrus soffwnro:
V IIrsf gonornfIon: sImIo scnnnors
V Socond gonornfIon: hourIsfIc scnnnors
V ThIrd gonornfIon: ncfIvIfy frns
V Iourfh gonornfIon: fuII-fonfurod rofocfIon

A firot-generution ocunner roquIros n vIrus sIgnnfuro fo IdonfIfy n vIrus. Tho
vIrus mny confnIn "wIIdcnrds" buf hns ossonfInIIy fho snmo sfrucfuro nnd bIf nfforn In
nII coIos. Such sIgnnfuro-socIfIc scnnnors nro IImIfod fo fho dofocfIon of known
vIrusos. Another type of firot-generution ocunner mnInfnIns n rocord of fho Iongfh of
rogrnms nnd Iooks for chnngos In Iongfh.

A oeconJ-generution ocunner doos nof roIy on n socIfIc sIgnnfuro. !nfhor, fho
scnnnor usos hourIsfIc ruIos fo sonrch for robnbIo vIrus InfocfIon. Ono cInss of such
scnnnors Iooks for frngmonfs of codo fhnf nro offon nssocInfod wIfh vIrusos.
Anofhor oeconJ-generution upprouch io integrity checking. A chocksum cnn bo
nondod fo onch rogrnm. If n vIrus Infocfs fho rogrnm wIfhouf chnngIng fho
chocksum, fhon nn InfogrIfy chock wIII cnfch fho chnngo. To counfor n vIrus fhnf Is
sohIsfIcnfod onough fo chnngo fho chocksum whon If Infocfs n rogrnm, nn oncryfod
hnsh funcfIon cnn bo usod.
ThirJ-generution progrumo nro momory-rosIdonf rogrnms fhnf IdonfIfy n

vIrus by Ifs ncfIons rnfhor fhnn Ifs sfrucfuro In nn Infocfod rogrnm.
Such rogrnms hnvo fho uJtuntuge fhnf If Is nof nocossnry fo dovoIo
sIgnnfuros nnd hourIsfIcs for n wIdo nrrny of vIrusos. !nfhor, If Is neceooury onIy fo
IdonfIfy fho smnII sof of ncfIons fhnf IndIcnfo nn InfocfIon Is boIng nffomfod nnd fhon
fo Inforvono.

Fourth-generution proJucto nro nckngos consIsfIng of n vnrIofy of nnfIvIrus
fochnIquos usod In conjuncfIon. Thoso IncIudo scnnnIng nnd ncfIvIfy frn comononfs.
In nddIfIon, such n nckngo IncIudos nccoss confroI cnnbIIIfy, whIch IImIfs fho nbIIIfy of
vIrusos fo onofrnfo n sysfom nnd fhon IImIfs fho nbIIIfy of n vIrus fo udnfo fIIos In
ordor fo nss on fho InfocfIon.

AVANC ANTIVIRUS TCHNIQUS
GenevIc ecvyptIon:
ConorIc docryfIon (C) fochnoIogy onnbIos fho nnfIvIrus rogrnm fo onsIIy
dofocf ovon fho mosf comIox oIymorhIc vIrusos, whIIo mnInfnInIng fnsf scnnnIng
soods. Whon n fIIo confnInIng n oIymorhIc vIrus Is oxocufod, fho vIrus musf docryf
IfsoIf fo ncfIvnfo.
In ordor fo dofocf such n sfrucfuro, oxocufnbIo fIIos nro run fhrough n C
scnnnor, whIch confnIns fho foIIowIng oIomonfs:
V CPU emulutor:
A soffwnro-bnsod vIrfunI comufor. InsfrucfIons In nn oxocufnbIo fIIo nro
Inforrofod by fho omuInfor rnfhor fhnn oxocufod on fho undorIyIng rocossor.
Tho omuInfor IncIudos soffwnro vorsIons of nII rogIsfors nnd ofhor
rocossor hnrdwnro, so fhnf fho undorIyIng rocossor Is unnffocfod by rogrnms
Inforrofod on fho omuInfor.
V Viruo oignuture ocunner:
A moduIo fhnf scnns fho fnrgof codo IookIng for known vIrus sIgnnfuros.
V Emulution control moJule:
ConfroIs fho oxocufIon of fho fnrgof codo.
Af fho sfnrf of onch oimulution, fho omuInfor bogIns InforrofIng InsfrucfIons In

fho fnrgof codo, ono nf n fImo. Thus, If fho codo IncIudos n docryfIon roufIno fhnf
docryfs nnd honco oxosos fho vIrus, fhnf codo Is Inforrofod.
In offocf, fho vIrus doos fho work for fho nnfIvIrus rogrnm by oxosIng fho
vIrus. IorIodIcnIIy, fho confroI moduIo Inforrufs InforrofnfIon fo scnn fho fnrgof codo
for vIrus sIgnnfuros.

urIng interpretution, fho fnrgof codo cnn cnuso no dnmngo fo fho ncfunI
orsonnI comufor onvIronmonf, bocnuso If Is boIng Inforrofod In n comIofoIy
confroIIod onvIronmonf.

Tho mosf dIffIcuIf dosIgn iooue uith u CD ocunner Is fo doformIno how Iong fo
run onch InforrofnfIon. Tho nnfIvIrus rogrnm cnn fnko u onIy n IImIfod nmounf of
fImo nnd rosourcos boforo usors comInIn.

IgItuI Immune System:
Tho dIgIfnI Immuno sysfom Is n comrohonsIvo nronch fo vIrus rofocfIon. Tho
mofIvnfIon for fhIs dovoIomonf hns boon fho rIsIng fhronf of Infornof-bnsod vIrus
rongnfIon.
TrndIfIonnIIy, fho vIrus fhronf wns chnrncforIzod by fho roInfIvoIy sIow srond of
now vIrusos nnd now mufnfIons. AnfIvIrus soffwnro wns fyIcnIIy udnfod on n monfhIy
bnsIs, nnd fhIs hns boon suffIcIonf fo confroI fho robIom. AIso frndIfIonnIIy, fho
Infornof Inyod n comnrnfIvoIy smnII roIo In fho srond of vIrusos.
Tuo mu]or trenJo In Infornof fochnoIogy hnvo hnd nn IncronsIng Imncf on fho
rnfo of vIrus rongnfIon In roconf yonrs:
V 1ntegruteJ muil oyotemo:
Sysfoms such ns !ofus ofos nnd MIcrosoff OufIook mnko If vory sImIo
fo sond nnyfhIng fo nnyono nnd fo work wIfh objocfs fhnf nro rocoIvod.
V Mobile-progrum oyotemo:
CnnbIIIfIos such ns Jnvn nnd AcfIvoX nIIow rogrnms fo movo on fhoIr
own from ono sysfom fo nnofhor.
IgIfnI Immuno sysfom oxnnds on fho uso of rogrnm omuInfIon dIscussod In

fho rocodIng subsocfIon nnd rovIdos n gonornI-uroso omuInfIon nnd vIrus-dofocfIon
sysfom. Tho objocfIvo of fhIs sysfom Is fo rovIdo rnId rosonso fImo so fhnf vIrusos
cnn bo sfnmod ouf nImosf ns soon ns fhoy nro Infroducod.
Whon n now vIrus onfors nn orgnnIznfIon, fho Immuno sysfom nufomnfIcnIIy
cnfuros If, nnnIyzos If, ndds dofocfIon nnd shIoIdIng for If, romovos If, nnd nssos
InformnfIon nbouf fhnf vIrus fo sysfoms runnIng IIM AnfIVIrus so fhnf If cnn bo
dofocfod boforo If Is nIIowod fo run oIsowhoro.

Tho typicul otepo In dIgIfnI Immuno sysfom oornfIon:
1. A monIforIng rogrnm on onch IC usos n vnrIofy of hourIsfIcs bnsod on sysfom
bohnvIor, susIcIous chnngos fo rogrnms, or fnmIIy sIgnnfuro fo Infor fhnf n vIrus
mny bo rosonf. Tho monIforIng rogrnm forwnrds n coy of nny rogrnm fhoughf
fo bo Infocfod fo nn ndmInIsfrnfIvo mnchIno wIfhIn fho orgnnIznfIon.
2. Tho ndmInIsfrnfIvo mnchIno oncryfs fho snmIo nnd sonds If fo n confrnI vIrus
nnnIysIs mnchIno.
3. ThIs mnchIno cronfos nn onvIronmonf In whIch fho Infocfod rogrnm cnn bo snfoIy
run for nnnIysIs. TochnIquos usod for fhIs uroso IncIudo omuInfIon, or fho
cronfIon of n rofocfod onvIronmonf wIfhIn whIch fho susocf rogrnm cnn bo
oxocufod nnd monIforod. Tho vIrus nnnIysIs mnchIno fhon roducos n roscrIfIon
for IdonfIfyIng nnd romovIng fho vIrus.
4. Tho rosuIfIng roscrIfIon Is sonf bnck fo fho ndmInIsfrnfIvo mnchIno.
5. Tho ndmInIsfrnfIvo mnchIno forwnrds fho roscrIfIon fo fho Infocfod cIIonf.
6. Tho roscrIfIon Is nIso forwnrdod fo ofhor cIIonfs In fho orgnnIznfIon.
?. SubscrIbors nround fho worId rocoIvo roguInr nnfIvIrus udnfos fhnf rofocf fhom
from fho now vIrus.

Tho succoss of fho dIgIfnI Immuno sysfom doonds on fho nbIIIfy of fho vIrus
nnnIysIs mnchIno fo dofocf now nnd InnovnfIvo vIrus sfrnIns.


Digitul 1mmune Syotem

BHAVIOR-BIOCKING SOITWAR
!nIIko hourIsfIcs or fIngorrInf-bnsod scnnnors, bohnvIor-bIockIng soffwnro
Infogrnfos wIfh fho oornfIng sysfom of n hosf comufor nnd monIfors rogrnm
bohnvIor In ronI-fImo for mnIIcIous ncfIons.

Tho bohnvIor bIockIng soffwnro fhon bIocks ofonfInIIy mnIIcIous ncfIons boforo
fhoy hnvo n chnnco fo nffocf fho sysfom.

MonIforod bohnvIors cnn IncIudo fho foIIowIng:
V Affomfs fo oon, vIow, doIofo, nnd/or modIfy fIIos;
V Affomfs fo formnf dIsk drIvos nnd ofhor unrocovornbIo dIsk oornfIons;
V ModIfIcnfIons fo fho IogIc of oxocufnbIo fIIos or mncros;
V ModIfIcnfIon of crIfIcnI sysfom soffIngs, such ns sfnrf-u soffIngs;
V ScrIfIng of o-mnII nnd Insfnnf mossngIng cIIonfs fo sond oxocufnbIo confonf; nnd
V InIfInfIon of nofwork communIcnfIons.
If fho bohnvIor bIockor dofocfs fhnf n rogrnm Is InIfInfIng wouId-bo mnIIcIous

bohnvIors ns If runs, If cnn bIock fhoso bohnvIors In ronI-fImo nnd/or formInnfo fho
offondIng soffwnro. ThIs gIvos If n fundnmonfnI ndvnnfngo ovor such osfnbIIshod
nnfIvIrus dofocfIon fochnIquos ns fIngorrInfIng or hourIsfIcs.

SInco fho mnIIcIous codo musf ncfunIIy run on fho fnrgof mnchIno boforo nII Ifs
bohnvIors cnn bo IdonfIfIod, If cnn cnuso n gronf donI of hnrm fo fho sysfom boforo If hns
boon dofocfod nnd bIockod by fho bohnvIor bIockIng sysfom.

Ior Insfnnco, n now vIrus mIghf shuffIo n numbor of soomIngIy unImorfnnf fIIos
nround fho hnrd drIvo boforo InfocfIng n sIngIo fIIo nnd boIng bIockod. Ivon fhough fho
ncfunI InfocfIon wns bIockod, fho usor mny bo unnbIo fo Iocnfo fhoIr fIIos, cnusIng n Ioss
fo roducfIvIfy or ossIbIy worso.

II.3 ISTRIBUT NIAI OI SRVIC ATTACKS
A donInI of sorvIco (oS) nffnck Is nn nffomf fo rovonf IogIfImnfo usors of n
sorvIco from usIng fhnf sorvIco. Whon fhIs nffnck comos from n sIngIo hosf or nofwork
nodo, fhon If Is sImIy roforrod fo ns n oS nffnck.

A moro sorIous fhronf Is osod by n oS nffnck. In n oS nffnck, nn nffnckor
Is nbIo fo rocruIf n numbor of hosfs fhroughouf fho Infornof fo sImuIfnnoousIy or In n
coordInnfod fnshIon Inunch nn nffnck uon fho fnrgof.

oS Attuck escvIptIon:
A oS nffnck nffomfs fo consumo fho fnrgof's rosourcos so fhnf If cnnnof
rovIdo sorvIco. Ono wny fo cInssIfy oS nffncks Is In forms of fho fyo of rosourco
fhnf Is consumod.

IrondIy sonkIng, fho rosourco consumod Is oIfhor nn InfornnI hosf rosourco on
fho fnrgof sysfom or dnfn frnnsmIssIon cnncIfy In fho IocnI nofwork fo whIch fho fnrgof
Is nffnckod.
A sImIo erumple of un internul reoource uttuck io the SY flooJ uttuck.

Tho sfos InvoIvod:
l. Tho nffnckor fnkos confroI of muIfIIo hosfs ovor fho Infornof, InsfrucfIng fhom fo
confncf fho fnrgof Wob sorvor.
2. Tho sInvo hosfs bogIn sondIng TCI/II SY (synchronIzo/InIfInIIznfIon) nckofs,
wIfh orronoous rofurn II nddross InformnfIon, fo fho fnrgof.
3. Inch SY nckof Is n roquosf fo oon n TCI connocfIon. Ior onch such nckof, fho
Wob sorvor rosonds wIfh n SY/ACK (synchronIzo/ncknowIodgo) nckof, fryIng fo
osfnbIIsh n TCI connocfIon wIfh n TCI onfIfy nf n surIous II nddross.
Tho Wob sorvor mnInfnIns n dnfn sfrucfuro for onch SY roquosf wnIfIng
for n rosonso bnck nnd bocomos boggod down ns moro frnffIc fIoods In. Tho rosuIf Is
fhnf IogIfImnfo connocfIons nro donIod whIIo fho vIcfIm mnchIno Is wnIfIng fo
comIofo bogus "hnIf-oon" connocfIons.

Tho TCI sfnfo dnfn sfrucfuro Is n ouInr InfornnI rosourco fnrgof buf by no
monns fho onIy ono. Tho foIIowIng oxnmIos:
l) In mnny sysfoms, n IImIfod numbor of dnfn sfrucfuros nro nvnIInbIo fo hoId
rocoss InformnfIon (rocoss IdonfIfIors, rocoss fnbIo onfrIos, rocoss sIofs, ofc.).
An Infrudor mny bo nbIo fo consumo fhoso dnfn sfrucfuros by wrIfIng n sImIo
rogrnm or scrIf fhnf doos nofhIng buf roonfodIy cronfo coIos of IfsoIf.
2) An Infrudor mny nIso nffomf fo consumo dIsk snco In ofhor wnys, IncIudIng
gonornfIng oxcossIvo numbors of mnII mossngos
InfonfIonnIIy gonornfIng orrors fhnf musf bo Ioggod
IncIng fIIos In nnonymous ff nrons or nofwork-shnrod nrons

An erumple of un uttuck thut conoumeo Jutu trunomiooion reoourceo. Tho
foIIowIng sfos nro InvoIvod:
l) Tho nffnckor fnkos confroI of muIfIIo hosfs ovor fho Infornof, InsfrucfIng fhom
fo sond ICMI ICHO nckofs wIfh fho fnrgof's soofod II nddross fo n grou of
hosfs fhnf ncf ns rofIocfors, ns doscrIbod subsoquonfIy.
2) odos nf fho bounco sIfo rocoIvo muIfIIo soofod roquosfs nnd rosond by
sondIng ocho roIy nckofs fo fho fnrgof sIfo.
3) Tho fnrgof's roufor Is fIoodod wIfh nckofs from fho bounco sIfo, IonvIng no dnfn
frnnsmIssIon cnncIfy for IogIfImnfo frnffIc.

Anofhor wny fo cluooify DDoS uttucko Is ns oIfhor dIrocf or rofIocfor oS nffncks.
In n Jirect DDoS uttuck, fho nffnckor Is nbIo fo ImInnf zombIo soffwnro on n
numbor of sIfos dIsfrIbufod fhroughouf fho Infornof.
Offon, fho oS nffnck InvoIvos tuo letelo of xombie muchineo: mnsfor
zombIos nnd sInvo zombIos. Tho hosfs of bofh mnchInos hnvo boon Infocfod wIfh
mnIIcIous codo. Tho nffnckor coordInnfos nnd frIggors fho muoter xombieo, whIch In
furn coordInnfo nnd frIggor fho olute xombieo.
Tho uso of fwo IovoIs of zombIos mnkos If moro dIffIcuIf fo frnco fho nffnck bnck
fo Ifs sourco nnd rovIdos for n moro rosIIIonf nofwork of nffnckors.


Typeo of FlooJing-BuoeJ DDoS Attucko
A reflector DDoS uttuck ndds nnofhor Inyor of mnchInos. In fhIs fyo of nffnck,
fho sInvo zombIos consfrucf nckofs roquIrIng n rosonso fhnf confnIn fho fnrgof's II
nddross ns fho sourco II nddross In fho nckof's II hondor. Thoso nckofs nro sonf fo
unInfocfod mnchInos known ns rofIocfors. Tho unInfocfod mnchInos rosond wIfh
nckofs dIrocfod nf fho fnrgof mnchIno.

A rofIocfor oS nffnck cnn onsIIy InvoIvo moro mnchInos nnd moro frnffIc fhnn
n dIrocf oS nffnck nnd honco bo moro dnmngIng. Iurfhor, frncIng bnck fho nffnck or
fIIforIng ouf fho nffnck nckofs Is moro dIffIcuIf bocnuso fho nffnck comos from wIdoIy
dIsorsod unInfocfod mnchInos.

CONSTRUCTING TH ATTACK NTWORK
Tho fIrsf sfo In n oS nffnck Is for fho nffnckor fo Infocf n numbor of mnchInos
wIfh zombIo soffwnro fhnf wIII uIfImnfoIy bo usod fo cnrry ouf fho nffnck.

Tho ossonfInI IngrodIonfs In fhIs hnso of fho nffnck nro fho foIIowIng:
l) Soffwnro fhnf cnn cnrry ouf fho oS nffnck. Tho soffwnro musf bo nbIo fo run
on n Inrgo numbor of mnchInos, musf bo nbIo fo conconI Ifs oxIsfonco, musf bo
nbIo fo communIcnfo wIfh fho nffnckor or hnvo somo sorf of fImo-frIggorod
mochnnIsm, nnd musf bo nbIo fo Inunch fho Infondod nffnck fownrd fho fnrgof.
2) A vuInornbIIIfy In n Inrgo numbor of sysfoms. Tho nffnckor musf bocomo nwnro
of n vuInornbIIIfy fhnf mnny sysfom ndmInIsfrnfors nnd IndIvIdunI usors hnvo
fnIIod fo nfch nnd fhnf onnbIos fho nffnckor fo InsfnII fho zombIo soffwnro.
3) A sfrnfogy for IocnfIng vuInornbIo mnchInos, n rocoss known ns scnnnIng.

In fho scnnnIng rocoss, fho nffnckor fIrsf sooks ouf n numbor of vuInornbIo
mnchInos nnd Infocfs fhom.

Thon, fyIcnIIy, fho zombIo soffwnro fhnf Is InsfnIIod In fho Infocfod mnchInos
roonfs fho snmo scnnnIng rocoss, unfII n Inrgo dIsfrIbufod nofwork of Infocfod
mnchInos Is cronfod.
Tho foIIowIng fyos of scnnnIng sfrnfogIos:

RunJom:
Inch comromIsod hosf robos rnndom nddrossos In fho II nddross snco, usIng
n dIfforonf sood. ThIs fochnIquo roducos n hIgh voIumo of Infornof frnffIc, whIch mny
cnuso gonornIIzod dIsrufIon ovon boforo fho ncfunI nffnck Is Inunchod.
Hit-liot:
Tho nffnckor fIrsf comIIos n Iong IIsf of ofonfInI vuInornbIo mnchInos. ThIs cnn
bo n sIow rocoss dono ovor n Iong orIod fo nvoId dofocfIon fhnf nn nffnck Is undorwny.
Onco fho IIsf Is comIIod, fho nffnckor bogIns InfocfIng mnchInos on fho IIsf.
Inch Infocfod mnchIno Is rovIdod wIfh n orfIon of IIsf fo scnn. ThIs sfrnfogy
rosuIfs In n vory shorf scnnnIng orIod, whIch mny mnko If dIffIcuIf fo dofocf fhnf
InfocfIon Is fnkIng Inco.
Topologicul:
ThIs mofhod usos InformnfIon confnInod on nn Infocfod vIcfIm mnchIno fo fInd
moro hosfs fo scnn.
Locul oubnet:
If n hosf cnn bo Infocfod bohInd n fIrownII, fhnf hosf fhon Iooks for fnrgofs In Ifs
own IocnI nofwork. Tho hosf usos fho subnof nddross sfrucfuro fo fInd ofhor hosfs fhnf
wouId ofhorwIso bo rofocfod by fho fIrownII.

OS COUNTRMASURS
In gonornI, fhoro nro three lineo of Jefenoe uguinot DDoS uttucko:

Attuck pretention unJ preemption (before the uttuck):
Thoso mochnnIsms onnbIo fho vIcfIm fo onduro nffnck nffomfs wIfhouf
donyIng sorvIco fo IogIfImnfo cIIonfs.
TochnIquos IncIudo onforcIng oIIcIos for rosourco consumfIon nnd
rovIdIng bncku rosourcos nvnIInbIo on domnnd.
In nddIfIon, rovonfIon mochnnIsms modIfy sysfoms nnd rofocoIs on fho
Infornof fo roduco fho ossIbIIIfy of oS nffncks.


Attuck Jetection unJ filtering (Juring the uttuck):
Thoso mochnnIsms nffomf fo dofocf fho nffnck ns If bogIns nnd rosond
ImmodInfoIy. ThIs mInImIzos fho Imncf of fho nffnck on fho fnrgof.
ofocfIon InvoIvos IookIng for susIcIous nfforns of bohnvIor. !osonso
InvoIvos fIIforIng ouf nckofs IIkoIy fo bo nrf of fho nffnck.

Attuck oource trucebuck unJ iJentificution (Juring unJ ufter the
uttuck):
ThIs Is nn nffomf fo IdonfIfy fho sourco of fho nffnck ns n fIrsf sfo In
rovonfIng fufuro nffncks.
Howovor, fhIs mofhod fyIcnIIy doos nof yIoId rosuIfs fnsf onough, If nf nII,
fo mIfIgnfo nn ongoIng nffnck.

Tho chnIIongo In coIng wIfh oS nffncks Is fho shoor numbor of wnys In whIch
fhoy cnn oornfo. Thus oS counformonsuros musf ovoIvo wIfh fho fhronf.

5.3 IIRWAIIS
V A fIrownII forms n bnrrIor fhrough whIch fho frnffIc goIng In onch dIrocfIon musf
nss. A fIrownII socurIfy oIIcy dIcfnfos whIch frnffIc Is nufhorIzod fo nss In onch
dIrocfIon.
V A fIrownII mny bo dosIgnod fo oornfo ns n fIIfor nf fho IovoI of II nckofs, or
mny oornfo nf n hIghor rofocoI Inyor.
V A frusfod sysfom Is n comufor nnd oornfIng sysfom fhnf cnn bo vorIfIod fo
ImIomonf n gIvon socurIfy oIIcy.
TyIcnIIy, fho focus of n frusfod sysfom Is nccoss confroI. A oIIcy Is
ImIomonfod fhnf dIcfnfos whnf objocfs mny bo nccossod by whnf subjocfs.
V Tho common crIforIn for InformnfIon fochnoIogy socurIfy Is nn InfornnfIonnI
sfnndnrds InIfInfIvo fo dofIno n common sof of socurIfy roquIromonfs nnd n
sysfomnfIc monns of ovnIunfIng roducfs ngnInsf fhoso roquIromonfs.

III.1 IIRWAII SIGN PRINCIPIS

InformnfIon sysfoms In corornfIons, govornmonf ngoncIos, nnd ofhor
orgnnIznfIons hnvo undorgono n sfondy ovoIufIon:
V ConfrnIIzod dnfn rocossIng sysfom, wIfh n confrnI mnInfrnmo suorfIng n
numbor of dIrocfIy connocfod formInnIs
V !ocnI nron nofworks (!As) InforconnocfIng ICs nnd formInnIs fo onch ofhor
nnd fho mnInfrnmo
V IromIsos nofwork, consIsfIng of n numbor of !As, InforconnocfIng ICs, sorvors,
nnd orhns n mnInfrnmo or fwo
V InforrIso-wIdo nofwork, consIsfIng of muIfIIo, googrnhIcnIIy dIsfrIbufod
romIsos nofworks Inforconnocfod by n rIvnfo wIdo nron nofwork (WA)
V Infornof connocfIvIfy, In whIch fho vnrIous romIsos nofworks nII hook Info fho
Infornof nnd mny or mny nof nIso bo connocfod by n rIvnfo WA

Tho fIrownII Is Insorfod bofwoon fho romIsos nofwork nnd fho Infornof fo
osfnbIIsh n confroIIod IInk nnd fo orocf nn oufor socurIfy wnII or orImofor. Tho nIm of
fhIs orImofor Is fo rofocf fho romIsos nofwork from Infornof-bnsod nffncks nnd fo
rovIdo n sIngIo choko oInf whoro socurIfy nnd nudIf cnn bo Imosod.
Tho fIrownII mny bo n sIngIo comufor sysfom or n sof of fwo or moro sysfoms
fhnf cooornfo fo orform fho fIrownII funcfIon.

IIRWAII CHARACTRISTICS
Tho foIIowIng dosIgn gonIs for n fIrownII:
AII frnffIc from InsIdo fo oufsIdo, nnd vIco vorsn, musf nss fhrough fho fIrownII.
ThIs Is nchIovod by hysIcnIIy bIockIng nII nccoss fo fho IocnI nofwork oxcof vIn
fho fIrownII. VnrIous confIgurnfIons nro ossIbIo, ns oxInInod Infor In fhIs
socfIon.

OnIy nufhorIzod frnffIc, ns dofInod by fho IocnI socurIfy oIIcy, wIII bo nIIowod fo
nss. VnrIous fyos of fIrownIIs nro usod, whIch ImIomonf vnrIous fyos of
socurIfy oIIcIos.
Tho fIrownII IfsoIf Is Immuno fo onofrnfIon. ThIs ImIIos fhnf uso of n frusfod
sysfom wIfh n socuro oornfIng sysfom.

Iour gonornI fochnIquos fhnf fIrownIIs uso fo confroI nccoss nnd onforco fho sIfo's
socurIfy oIIcy. OrIgInnIIy, fIrownIIs focusod rImnrIIy on sorvIco confroI, buf fhoy hnvo
sInco ovoIvod fo rovIdo nII four:
V Sertice control:
oformInos fho fyos of Infornof sorvIcos fhnf cnn bo nccossod, Inbound or
oufbound. Tho fIrownII mny fIIfor frnffIc on fho bnsIs of II nddross nnd TCI orf
numbor; mny rovIdo roxy soffwnro fhnf rocoIvos nnd Inforrofs onch sorvIco
roquosf boforo nssIng If on; or mny hosf fho sorvor soffwnro IfsoIf, such ns n
Wob or mnII sorvIco.
V Direction control:
oformInos fho dIrocfIon In whIch nrfIcuInr sorvIco roquosfs mny bo
InIfInfod nnd nIIowod fo fIow fhrough fho fIrownII.
V Uoer control:
ConfroIs nccoss fo n sorvIco nccordIng fo whIch usor Is nffomfIng fo
nccoss If. ThIs fonfuro Is fyIcnIIy nIIod fo usors InsIdo fho fIrownII orImofor
(IocnI usors). If mny nIso bo nIIod fo IncomIng frnffIc from oxfornnI usors; fho
Inffor roquIros somo form of socuro nufhonfIcnfIon fochnoIogy, such ns Is
rovIdod In IISoc.
V Behutior control:
ConfroIs how nrfIcuInr sorvIcos nro usod. Ior oxnmIo, fho fIrownII mny
fIIfor o-mnII fo oIImInnfo snm, or If mny onnbIo oxfornnI nccoss fo onIy n orfIon
of fho InformnfIon on n IocnI Wob sorvor.

Tho foIIowIng cupubilitieo ure uithin the ocope of u fireuull:
l) A fIrownII dofInos n sIngIo choko oInf fhnf koos unnufhorIzod usors ouf of fho
rofocfod nofwork, rohIbIfs ofonfInIIy vuInornbIo sorvIcos from onforIng or
IonvIng fho nofwork, nnd rovIdos rofocfIon from vnrIous kInds of II soofIng
nnd roufIng nffncks.
Tho uso of n sIngIo choko oInf sImIIfIos socurIfy mnnngomonf bocnuso

socurIfy cnnbIIIfIos nro consoIIdnfod on n sIngIo sysfom or sof of sysfoms.
2) A fIrownII rovIdos n IocnfIon for monIforIng socurIfy-roInfod ovonfs. AudIfs nnd
nInrms cnn bo ImIomonfod on fho fIrownII sysfom.
3) A fIrownII Is n convonIonf Infform for sovornI Infornof funcfIons fhnf nro nof
socurIfy roInfod. Thoso IncIudo n nofwork nddross frnnsInfor, whIch mns IocnI
nddrossos fo Infornof nddrossos, nnd n nofwork mnnngomonf funcfIon fhnf
nudIfs or Iogs Infornof usngo.
4) A fIrownII cnn sorvo ns fho Infform for IISoc. !sIng fho funnoI modo cnnbIIIfy,
fho fIrownII cnn bo usod fo ImIomonf vIrfunI rIvnfo nofworks.

IIrownIIs hnvo fhoIr limitutiono, IncIudIng fho foIIowIng:
l) Tho fIrownII cnnnof rofocf ngnInsf nffncks fhnf bynss fho fIrownII. InfornnI
sysfoms mny hnvo dInI-ouf cnnbIIIfy fo connocf fo nn ISI. An InfornnI !A mny
suorf n modom ooI fhnf rovIdos dInI-In cnnbIIIfy for frnvoIIng omIoyoos
nnd foIocommufors.
2) Tho fIrownII doos nof rofocf ngnInsf InfornnI fhronfs, such ns n dIsgrunfIod
omIoyoo or nn omIoyoo who unwIffIngIy cooornfos wIfh nn oxfornnI nffnckor.
3) Tho fIrownII cnnnof rofocf ngnInsf fho frnnsfor of vIrus-Infocfod rogrnms or
fIIos. Iocnuso of fho vnrIofy of oornfIng sysfoms nnd nIIcnfIons suorfod
InsIdo fho orImofor, If wouId bo ImrncfIcnI nnd orhns ImossIbIo for fho
fIrownII fo scnn nII IncomIng fIIos, o-mnII, nnd mossngos for vIrusos.

TYPS OI IIRWAIIS
Tho fhroo common fyos of fIrownIIs: nckof fIIfors, nIIcnfIon-IovoI gnfownys,
nnd cIrcuIf-IovoI gnfownys.

Pucket-IIItevIng Routev:
A nckof-fIIforIng roufor nIIos n sof of ruIos fo onch IncomIng nnd oufgoIng II
nckof nnd fhon forwnrds or dIscnrds fho nckof. Tho roufor Is fyIcnIIy confIgurod fo
fIIfor nckofs goIng In bofh dIrocfIons (from nnd fo fho InfornnI nofwork).

Fireuull Typeo
IIIforIng ruIos nro bnsod on InformnfIon confnInod In n nofwork nckof:

V Source 1P uJJreoo:
Tho II nddross of fho sysfom fhnf orIgInnfod fho II nckof (o.g., l92.l?8.l.l)
V Deotinution 1P uJJreoo:
Tho II nddross of fho sysfom fho II nckof Is fryIng fo ronch (o.g., l92.l68.l.2)
V Source unJ Jeotinution trunoport-letel uJJreoo:
Tho frnnsorf IovoI (o.g., TCI or !I) orf numbor, whIch dofInos
nIIcnfIons such ns SMI or TI!IT
V 1P protocol fielJ:
ofInos fho frnnsorf rofocoI
V 1nterfuce:
Ior n roufor wIfh fhroo or moro orfs, whIch Inforfnco of fho roufor fho
nckof cnmo from or whIch Inforfnco of fho roufor fho nckof Is dosfInod for

Tho nckof fIIfor Is fyIcnIIy sof u ns n IIsf of ruIos bnsod on mnfchos fo fIoIds In
fho II or TCI hondor. If fhoro Is n mnfch fo ono of fho ruIos, fhnf ruIo Is Invokod fo
doformIno whofhor fo forwnrd or dIscnrd fho nckof. If fhoro Is no mnfch fo nny ruIo,
fhon n dofnuIf ncfIon Is fnkon.

Two dofnuIf oIIcIos nro ossIbIo:
V Defuult = JiocurJ: Thnf whIch Is nof oxrossIy ormIffod Is rohIbIfod.
V Defuult = foruurJ: Thnf whIch Is nof oxrossIy rohIbIfod Is ormIffod.

Tho Jefuult JiocurJ policy Is moro consorvnfIvo. InIfInIIy, ovoryfhIng Is bIockod,
nnd sorvIcos musf bo nddod on n cnso-by-cnso bnsIs. ThIs oIIcy Is moro vIsIbIo fo usors,
who nro moro IIkoIy fo soo fho fIrownII ns n hIndrnnco.

Tho Jefuult foruurJ policy Incronsos onso of uso for ond usors buf rovIdos
roducod socurIfy; fho socurIfy ndmInIsfrnfor musf, In ossonco, roncf fo onch now
socurIfy fhronf ns If bocomos known.

Pucket-Filtering Erumpleo
A
ncfIon ourhosf orf fhoIrhosf orf commonf
bIock * * SIICOT * wo don'f frusf fhoso ooIo
nIIow O!!-CW 25 * * connocfIon fo our SMTI orf
I
bIock * * * * dofnuIf
C
nIIow * * * 25 connocfIon fo fhoIr SMTI orf

ncfIon src orf dosf orf fIngs commonf
nIIow {our hosfs} * * 25

our nckofs fo fhoIr SMTI orf
nIIow * 25 * * ACK fhoIr roIIos
I
ncfIon src orf dosf orf fIngs commonf
nIIow {our hosfs} * * *

our oufgoIng cnIIs
nIIow * * * * ACK roIIos fo our cnIIs
nIIow * * * >l024

frnffIc fo nonsorvors
A. Inbound mnII Is nIIowod (orf 25 Is for SMTI IncomIng), buf onIy fo n gnfowny
hosf. Howovor, nckofs from n nrfIcuInr oxfornnI hosf, SIICOT, nro bIockod
bocnuso fhnf hosf hns n hIsfory of sondIng mnssIvo fIIos In o-mnII mossngos.

I. ThIs Is nn oxIIcIf sfnfomonf of fho dofnuIf oIIcy. AII ruIo sofs IncIudo fhIs ruIo
ImIIcIfIy ns fho Insf ruIo.

C. ThIs ruIo sof Is Infondod fo socIfy fhnf nny InsIdo hosf cnn sond mnII fo fho
oufsIdo. A TCI nckof wIfh n dosfInnfIon orf of 25 Is roufod fo fho SMTI sorvor
on fho dosfInnfIon mnchIno.
Tho robIom wIfh fhIs ruIo Is fhnf fho uso of orf 25 for SMTI rocoIf Is
onIy n dofnuIf; nn oufsIdo mnchIno couId bo confIgurod fo hnvo somo ofhor
nIIcnfIon IInkod fo orf 25.
As fhIs ruIo Is wrIffon, nn nffnckor couId gnIn nccoss fo InfornnI mnchInos
by sondIng nckofs wIfh n TCI sourco orf numbor of 25.
. ThIs ruIo sof nchIovos fho Infondod rosuIf fhnf wns nof nchIovod In C. Tho ruIos
fnko ndvnnfngo of n fonfuro of TCI connocfIons.
Onco n connocfIon Is sof u, fho ACK fIng of n TCI sogmonf Is sof fo
ncknowIodgo sogmonfs sonf from fho ofhor sIdo.
Thus, fhIs ruIo sof sfnfos fhnf If nIIows II nckofs whoro fho sourco II
nddross Is ono of n IIsf of dosIgnnfod InfornnI hosfs nnd fho dosfInnfIon TCI orf
numbor Is 25. If nIso nIIows IncomIng nckofs wIfh n sourco orf numbor of 25
fhnf IncIudo fho ACK fIng In fho TCI sogmonf.
ofo fhnf wo oxIIcIfIy dosIgnnfo sourco nnd dosfInnfIon sysfoms fo dofIno
fhoso ruIos oxIIcIfIy.

I. ThIs ruIo sof Is ono nronch fo hnndIIng ITI connocfIons. WIfh ITI, fwo TCI
connocfIons nro usod: n confroI connocfIon fo sof u fho fIIo frnnsfor nnd n dnfn
connocfIon for fho ncfunI fIIo frnnsfor.
Tho dnfn connocfIon usos n dIfforonf orf numbor fhnf Is dynnmIcnIIy
nssIgnod for fho frnnsfor. Mosf sorvors, nnd honco mosf nffnck fnrgofs, IIvo on
Iow-numborod orfs; mosf oufgoIng cnIIs fond fo uso n hIghor-numborod orf,
fyIcnIIy nbovo l023.
Thus, fhIs ruIo sof nIIows
Inckofs fhnf orIgInnfo InfornnIIy
!oIy nckofs fo n connocfIon InIfInfod by nn InfornnI mnchIno
Inckofs dosfInod for n hIgh-numborod orf on nn InfornnI mnchIno
ThIs schomo roquIros fhnf fho sysfoms bo confIgurod so fhnf onIy fho
nrorInfo orf numbors nro In uso.

!uIo sof I oInfs ouf fho dIffIcuIfy In donIIng wIfh nIIcnfIons nf fho nckof-
fIIforIng IovoI. Anofhor wny fo donI wIfh ITI nnd sImIInr nIIcnfIons Is nn nIIcnfIon-
IovoI gnfowny.

Ono uJtuntuge of n nckof-fIIforIng roufor Is Ifs sImIIcIfy. AIso, nckof fIIfors
fyIcnIIy nro frnnsnronf fo usors nnd nro vory fnsf.
Tho foIIowIng ueukneooeo of pucket filter fireuullo:

Iocnuso nckof fIIfor fIrownIIs do nof oxnmIno uor-Inyor dnfn, fhoy cnnnof
rovonf nffncks fhnf omIoy nIIcnfIon-socIfIc vuInornbIIIfIos or funcfIons.
Iocnuso of fho IImIfod InformnfIon nvnIInbIo fo fho fIrownII, fho IoggIng
funcfIonnIIfy rosonf In nckof fIIfor fIrownIIs Is IImIfod. Inckof fIIfor Iogs
normnIIy confnIn fho snmo InformnfIon usod fo mnko nccoss confroI docIsIons
(sourco nddross, dosfInnfIon nddross, nnd frnffIc fyo).
Mosf nckof fIIfor fIrownIIs do nof suorf ndvnncod usor nufhonfIcnfIon
schomos. Onco ngnIn, fhIs IImIfnfIon Is mosfIy duo fo fho Inck of uor-Inyor
funcfIonnIIfy by fho fIrownII.
Thoy nro gonornIIy vuInornbIo fo nffncks nnd oxIoIfs fhnf fnko ndvnnfngo of
robIoms wIfhIn fho TCI/II socIfIcnfIon nnd rofocoI sfnck, such ns netuork
luyer uJJreoo opoofing.
Mnny nckof fIIfor fIrownIIs cnnnof dofocf n nofwork nckof In whIch fho
OSI !nyor 3 nddrossIng InformnfIon hns boon nIforod.
SoofIng nffncks nro gonornIIy omIoyod by Infrudors fo bynss fho
socurIfy confroIs ImIomonfod In n fIrownII Infform.
IInnIIy, duo fo fho smnII numbor of vnrInbIos usod In nccoss confroI docIsIons,
nckof fIIfor fIrownIIs nro suscofIbIo fo socurIfy bronchos cnusod by Imroor
confIgurnfIons.
In ofhor words, If Is onsy fo nccIdonfnIIy confIguro n nckof fIIfor fIrownII
fo nIIow frnffIc fyos, sourcos, nnd dosfInnfIons fhnf shouId bo donIod bnsod on
nn orgnnIznfIon's InformnfIon socurIfy oIIcy.

Somo of fho uttucko fhnf cnn bo mndo on nckof-fIIforIng roufors nnd fho
uppropriute countermeuoureo nro fho foIIowIng:
IP uddvess spooIIng:
Tho Infrudor frnnsmIfs nckofs from fho oufsIdo wIfh n sourco II nddross
fIoId confnInIng nn nddross of nn InfornnI hosf. Tho nffnckor hoos fhnf fho uso
of n soofod nddross wIII nIIow onofrnfIon of sysfoms fhnf omIoy sImIo sourco
nddross socurIfy, In whIch nckofs from socIfIc frusfod InfornnI hosfs nro
nccofod. Tho counformonsuro Is fo dIscnrd nckofs wIfh nn InsIdo sourco

nddross If fho nckof nrrIvos on nn oxfornnI Inforfnco.

Souvce voutIng uttucks:
Tho sourco sfnfIon socIfIos fho roufo fhnf n nckof shouId fnko ns If
crossos fho Infornof, In fho hoos fhnf fhIs wIII bynss socurIfy monsuros fhnf do
nof nnnIyzo fho sourco roufIng InformnfIon. Tho counformonsuro Is fo dIscnrd nII
nckofs fhnf uso fhIs ofIon.

TIny Ivugment uttucks:
Tho Infrudor usos fho II frngmonfnfIon ofIon fo cronfo oxfromoIy smnII
frngmonfs nnd forco fho TCI hondor InformnfIon Info n sonrnfo nckof
frngmonf. ThIs nffnck Is dosIgnod fo cIrcumvonf fIIforIng ruIos fhnf doond on
TCI hondor InformnfIon.
TyIcnIIy, n nckof fIIfor wIII mnko n fIIforIng docIsIon on fho fIrsf
frngmonf of n nckof. AII subsoquonf frngmonfs of fhnf nckof nro fIIforod ouf
soIoIy on fho bnsIs fhnf fhoy nro nrf of fho nckof whoso fIrsf frngmonf wns
rojocfod. Tho nffnckor hoos fhnf fho fIIforIng roufor oxnmInos onIy fho fIrsf
frngmonf nnd fhnf fho romnInIng frngmonfs nro nssod fhrough.
A fIny frngmonf nffnck cnn bo dofonfod by onforcIng n ruIo fhnf fho fIrsf
frngmonf of n nckof musf confnIn n rodofInod mInImum nmounf of fho
frnnsorf hondor. If fho fIrsf frngmonf Is rojocfod, fho fIIfor cnn romombor fho
nckof nnd dIscnrd nII subsoquonf frngmonfs.

StuteIuI InspectIon IIvewuIIs:
A frndIfIonnI nckof fIIfor mnkos fIIforIng docIsIons on nn IndIvIdunI nckof bnsIs
nnd doos nof fnko Info consIdornfIon nny hIghor Inyor confoxf.

To undorsfnnd whnf Is monnf by confoxf nnd why n frndIfIonnI nckof fIIfor Is
IImIfod wIfh rognrd fo confoxf, n IIffIo bnckground Is noodod. Mosf sfnndnrdIzod
nIIcnfIons fhnf run on fo of TCI foIIow n cIIonf/sorvor modoI.
Ior oxnmIo, for fho SImIo MnII Trnnsfor IrofocoI (SMTI), o-mnII Is
frnnsmIffod from n cIIonf sysfom fo n sorvor sysfom. Tho cIIonf sysfom gonornfos now o-
mnII mossngos, fyIcnIIy from usor Inuf. Tho sorvor sysfom nccofs IncomIng o-mnII
mossngos nnd Incos fhom In fho nrorInfo usor mnIIboxos.

SMTI oornfos by soffIng u n TCI connocfIon bofwoon cIIonf nnd sorvor, In
whIch fho TCI sorvor orf numbor, whIch IdonfIfIos fho SMTI sorvor nIIcnfIon, Is 25.
Tho TCI orf numbor for fho SMTI cIIonf Is n numbor bofwoon l024 nnd 65535 fhnf Is
gonornfod by fho SMTI cIIonf.

In gonornI, whon nn nIIcnfIon fhnf usos TCI cronfos n sossIon wIfh n romofo
hosf, If cronfos n TCI connocfIon In whIch fho TCI orf numbor for fho romofo (sorvor)
nIIcnfIon Is n numbor Ioss fhnn l024 nnd fho TCI orf numbor for fho IocnI (cIIonf)
nIIcnfIon Is n numbor bofwoon l024 nnd 65535.

Tho numbors Ioss fhnn l024 nro fho "woII-known" orf numbors nnd nro
nssIgnod ormnnonfIy fo nrfIcuInr nIIcnfIons (o.g., 25 for sorvor SMTI). Tho
numbors bofwoon l024 nnd 65535 nro gonornfod dynnmIcnIIy nnd hnvo fomornry
sIgnIfIcnnco onIy for fho IIfofImo of n TCI connocfIon.

A sImIo nckof-fIIforIng fIrownII musf ormIf Inbound nofwork frnffIc on nII
fhoso hIgh-numborod orfs for TCI-bnsod frnffIc fo occur. ThIs cronfos n vuInornbIIIfy
fhnf cnn bo oxIoIfod by unnufhorIzod usors.

AppIIcutIon-IeveI Gutewuy:
An nIIcnfIon-IovoI gnfowny, nIso cnIIod n roxy sorvor, ncfs ns n roIny of
nIIcnfIon-IovoI frnffIc. Tho usor confncfs fho gnfowny usIng n TCI/II nIIcnfIon,
such ns ToInof or ITI, nnd fho gnfowny nsks fho usor for fho nnmo of fho romofo hosf
fo bo nccossod. Whon fho usor rosonds nnd rovIdos n vnIId usor I nnd nufhonfIcnfIon
InformnfIon, fho gnfowny confncfs fho nIIcnfIon on fho romofo hosf nnd roInys TCI
sogmonfs confnInIng fho nIIcnfIon dnfn bofwoon fho fwo ondoInfs.
If fho gnfowny doos nof ImIomonf fho roxy codo for n socIfIc nIIcnfIon, fho
sorvIco Is nof suorfod nnd cnnnof bo forwnrdod ncross fho fIrownII. Iurfhor, fho
gnfowny cnn bo confIgurod fo suorf onIy socIfIc fonfuros of nn nIIcnfIon fhnf fho
nofwork ndmInIsfrnfor consIdors nccofnbIo whIIo donyIng nII ofhor fonfuros.

AIIcnfIon-IovoI gnfownys fond fo bo moro socuro fhnn nckof fIIfors. !nfhor
fhnn fryIng fo donI wIfh fho numorous ossIbIo combInnfIons fhnf nro fo bo nIIowod nnd
forbIddon nf fho TCI nnd II IovoI, fho nIIcnfIon-IovoI gnfowny nood onIy scrufInIzo n
fow nIIownbIo nIIcnfIons. In nddIfIon, If Is onsy fo Iog nnd nudIf nII IncomIng frnffIc nf
fho nIIcnfIon IovoI.

A rImo JiouJtuntuge of fhIs fyo of gnfowny Is fho nddIfIonnI rocossIng
ovorhond on onch connocfIon. In offocf, fhoro nro fwo sIIcod connocfIons bofwoon fho
ond usors, wIfh fho gnfowny nf fho sIIco oInf, nnd fho gnfowny musf oxnmIno nnd
forwnrd nII frnffIc In bofh dIrocfIons.

CIvcuIt-IeveI Gutewuy:
A fhIrd fyo of fIrownII Is fho cIrcuIf-IovoI gnfowny. ThIs cnn bo n sfnnd-nIono
sysfom or If cnn bo n socInIIzod funcfIon orformod by nn nIIcnfIon-IovoI gnfowny for
corfnIn nIIcnfIons.

A cIrcuIf-IovoI gnfowny doos nof ormIf nn ond-fo-ond TCI connocfIon; rnfhor,
fho gnfowny sofs u fwo TCI connocfIons, ono bofwoon IfsoIf nnd n TCI usor on nn
Innor hosf nnd ono bofwoon IfsoIf nnd n TCI usor on nn oufsIdo hosf.

Onco fho fwo connocfIons nro osfnbIIshod, fho gnfowny fyIcnIIy roInys TCI
sogmonfs from ono connocfIon fo fho ofhor wIfhouf oxnmInIng fho confonfs. Tho
socurIfy funcfIon consIsfs of doformInIng whIch connocfIons wIII bo nIIowod.

A fyIcnI uso of cIrcuIf-IovoI gnfownys Is n sIfunfIon In whIch fho sysfom
ndmInIsfrnfor frusfs fho InfornnI usors.
Tho gnfowny cnn bo confIgurod fo suorf nIIcnfIon-IovoI or roxy sorvIco on

Inbound connocfIons nnd cIrcuIf-IovoI funcfIons for oufbound connocfIons.

In fhIs confIgurnfIon, fho gnfowny cnn Incur fho rocossIng ovorhond of
oxnmInIng IncomIng nIIcnfIon dnfn for forbIddon funcfIons buf doos nof Incur fhnf
ovorhond on oufgoIng dnfn.

An oxnmIo of n cIrcuIf-IovoI gnfowny ImIomonfnfIon Is fho SOCKS nckngo;
vorsIon 5 of SOCKS Is dofInod In !IC l928.

Tho RFC Jefineo SOCKS In fho foIIowIng fnshIon:
Tho rofocoI doscrIbod horo Is dosIgnod fo rovIdo n frnmowork for cIIonf-sorvor
nIIcnfIons In bofh fho TCI nnd !I domnIns fo convonIonfIy nnd socuroIy uso fho
sorvIcos of n nofwork fIrownII.
Tho rofocoI Is concofunIIy n "shIm-Inyor" bofwoon fho nIIcnfIon Inyor nnd fho
frnnsorf Inyor, nnd ns such doos nof rovIdo nofwork-Inyor gnfowny sorvIcos, such ns
forwnrdIng of ICMI mossngos.

SOCKS consIsfs of fho foIIowIng componento:
V Tho SOCKS sorvor, whIch runs on n !IX-bnsod fIrownII.
V Tho SOCKS cIIonf IIbrnry, whIch runs on InfornnI hosfs rofocfod by fho
fIrownII.
V SOCKS-IfIod vorsIons of sovornI sfnndnrd cIIonf rogrnms such ns ITI nnd
TI!IT. Tho ImIomonfnfIon of fho SOCKS rofocoI fyIcnIIy InvoIvos fho
rocomIInfIon or roIInkIng of TCI-bnsod cIIonf nIIcnfIons fo uso fho
nrorInfo oncnsuInfIon roufInos In fho SOCKS IIbrnry.

Whon n TCI-bnsod cIIonf wIshos fo osfnbIIsh n connocfIon fo nn objocf fhnf Is
ronchnbIo onIy vIn n fIrownII (such doformInnfIon Is Ioff u fo fho ImIomonfnfIon), If
musf oon n TCI connocfIon fo fho nrorInfo SOCKS orf on fho SOCKS sorvor
sysfom. Tho SOCKS sorvIco Is Iocnfod on TCI orf l080.
If fho connocfIon roquosf succoods, fho cIIonf onfors n nogofInfIon for fho
nufhonfIcnfIon mofhod fo bo usod, nufhonfIcnfos wIfh fho choson mofhod, nnd fhon
sonds n roIny roquosf.

Tho SOCKS sorvor ovnIunfos fho roquosf nnd oIfhor osfnbIIshos fho nrorInfo
connocfIon or donIos If. !I oxchnngos nro hnndIod In n sImIInr fnshIon.

In ossonco, n TCI connocfIon Is oonod fo nufhonfIcnfo n usor fo sond nnd
rocoIvo !I sogmonfs, nnd fho !I sogmonfs nro forwnrdod ns Iong ns fho TCI
connocfIon Is oon.

BustIon Host
A bnsfIon hosf Is n sysfom IdonfIfIod by fho fIrownII ndmInIsfrnfor ns n crIfIcnI
sfrong oInf In fho nofwork's socurIfy. TyIcnIIy, fho bnsfIon hosf sorvos ns n Infform
for nn nIIcnfIon-IovoI or cIrcuIf-IovoI gnfowny.

Common churucteriotico of u buotion hoot IncIudo fho foIIowIng:
Tho bnsfIon hosf hnrdwnro Infform oxocufos n socuro vorsIon of Ifs oornfIng
sysfom, mnkIng If n frusfod sysfom.
OnIy fho sorvIcos fhnf fho nofwork ndmInIsfrnfor consIdors ossonfInI nro
InsfnIIod on fho bnsfIon hosf. Thoso IncIudo roxy nIIcnfIons such ns ToInof,
S, ITI, SMTI, nnd usor nufhonfIcnfIon.
Tho bnsfIon hosf mny roquIro nddIfIonnI nufhonfIcnfIon boforo n usor Is nIIowod
nccoss fo fho roxy sorvIcos.
In nddIfIon, onch roxy sorvIco mny roquIro Ifs own nufhonfIcnfIon boforo
grnnfIng usor nccoss.
Inch roxy Is confIgurod fo suorf onIy n subsof of fho sfnndnrd nIIcnfIon's
commnnd sof.
Inch roxy Is confIgurod fo nIIow nccoss onIy fo socIfIc hosf sysfoms. ThIs
monns fhnf fho IImIfod commnnd/fonfuro sof mny bo nIIod onIy fo n subsof of
sysfoms on fho rofocfod nofwork.
Inch roxy mnInfnIns dofnIIod nudIf InformnfIon by IoggIng nII frnffIc, onch
connocfIon, nnd fho durnfIon of onch connocfIon. Tho nudIf Iog Is nn ossonfInI fooI
for dIscovorIng nnd formInnfIng Infrudor nffncks.
Inch roxy moduIo Is n vory smnII soffwnro nckngo socIfIcnIIy dosIgnod for
nofwork socurIfy. Iocnuso of Ifs roInfIvo sImIIcIfy, If Is onsIor fo chock such
moduIos for socurIfy fInws.
Ior oxnmIo, n fyIcnI !IX mnII nIIcnfIon mny confnIn ovor 20,000
IInos of codo, whIIo n mnII roxy mny confnIn fowor fhnn l000.

Inch roxy Is Indoondonf of ofhor roxIos on fho bnsfIon hosf. If fhoro Is n
robIom wIfh fho oornfIon of nny roxy, or If n fufuro vuInornbIIIfy Is
dIscovorod, If cnn bo unInsfnIIod wIfhouf nffocfIng fho oornfIon of fho ofhor
roxy nIIcnfIons.
AIso, If fho usor ouInfIon roquIros suorf for n now sorvIco, fho
nofwork ndmInIsfrnfor cnn onsIIy InsfnII fho roquIrod roxy on fho bnsfIon hosf.

A roxy gonornIIy orforms no dIsk nccoss ofhor fhnn fo rond Ifs InIfInI
confIgurnfIon fIIo. ThIs mnkos If dIffIcuIf for nn Infrudor fo InsfnII Trojnn horso
snIffors or ofhor dnngorous fIIos on fho bnsfIon hosf.
Inch roxy runs ns n nonrIvIIogod usor In n rIvnfo nnd socurod dIrocfory on
fho bnsfIon hosf.

IIRWAII CONIIGURATIONS
In fho ocreeneJ hoot fireuull, oingle-homeJ buotion configurution, fho
fIrownII consIsfs of fwo sysfoms: n nckof-fIIforIng roufor nnd n bnsfIon hosf.

TyIcnIIy, fho roufor Is confIgurod so fhnf
Ior frnffIc from fho Infornof, onIy II nckofs dosfInod for fho bnsfIon hosf nro
nIIowod In.
Ior frnffIc from fho InfornnI nofwork, onIy II nckofs from fho bnsfIon hosf nro
nIIowod ouf.

Tho bnsfIon hosf orforms nufhonfIcnfIon nnd roxy funcfIons. ThIs
confIgurnfIon hns gronfor socurIfy fhnn sImIy n nckof-fIIforIng roufor or nn
nIIcnfIon-IovoI gnfowny nIono, for tuo reuoono.
l) ThIs confIgurnfIon ImIomonfs bofh nckof-IovoI nnd nIIcnfIon-IovoI fIIforIng,
nIIowIng for consIdornbIo fIoxIbIIIfy In dofInIng socurIfy oIIcy.
2) An Infrudor musf gonornIIy onofrnfo fwo sonrnfo sysfoms boforo fho socurIfy
of fho InfornnI nofwork Is comromIsod.
ThIs confIgurnfIon nIso nffords fIoxIbIIIfy In rovIdIng dIrocf Infornof nccoss.

In fho sIngIo-homod confIgurnfIon, If fho nckof-fIIforIng roufor Is comIofoIy
comromIsod, frnffIc couId fIow dIrocfIy fhrough fho roufor bofwoon fho Infornof nnd
ofhor hosfs on fho rIvnfo nofwork.

Tho ocreeneJ hoot fireuull, Juul-homeJ buotion configurution hysIcnIIy
rovonfs such n socurIfy bronch. Tho udvuntuges of dunI Inyors of socurIfy fhnf woro
rosonf In fho rovIous confIgurnfIon nro rosonf horo ns woII. AgnIn, nn InformnfIon
sorvor or ofhor hosfs cnn bo nIIowod dIrocf communIcnfIon wIfh fho roufor If fhIs Is In
nccord wIfh fho socurIfy oIIcy.

Tho ocreeneJ oubnet fireuull configurution Is fho mosf socuro of fhoso wo
hnvo consIdorod. In fhIs confIgurnfIon, fwo nckof-fIIforIng roufors nro usod, ono
bofwoon fho bnsfIon hosf nnd fho Infornof nnd ono bofwoon fho bnsfIon hosf nnd fho
InfornnI nofwork.

ThIs confIgurnfIon cronfos nn IsoInfod subnofwork, whIch mny consIsf of sImIy
fho bnsfIon hosf buf mny nIso IncIudo ono or moro InformnfIon sorvors nnd modoms for
dInI-In cnnbIIIfy.

TyIcnIIy, bofh fho Infornof nnd fho InfornnI nofwork hnvo nccoss fo hosfs on fho
scroonod subnof, buf frnffIc ncross fho scroonod subnof Is bIockod.
ThIs confIgurnfIon offors sovornI uJtuntugeo:

Thoro nro now fhroo IovoIs of dofonso fo fhwnrf Infrudors.
Tho oufsIdo roufor ndvorfIsos onIy fho oxIsfonco of fho scroonod subnof fo fho
Infornof; fhoroforo, fho InfornnI nofwork Is InvIsIbIo fo fho Infornof.
SImIInrIy, fho InsIdo roufor ndvorfIsos onIy fho oxIsfonco of fho scroonod subnof
fo fho InfornnI nofwork; fhoroforo, fho sysfoms on fho InsIdo nofwork cnnnof
consfrucf dIrocf roufos fo fho Infornof.

III.2 TRUST SYSTMS
Ono wny fo onhnnco fho nbIIIfy of n sysfom fo dofond ngnInsf Infrudors nnd
mnIIcIous rogrnms Is fo ImIomonf frusfod sysfom fochnoIogy.

ATA ACCSS CONTROI
IoIIowIng succossfuI Iogon, fho usor hns boon grnnfod nccoss fo ono or n sof of
hosfs nnd nIIcnfIons. ThIs Is gonornIIy nof suffIcIonf for n sysfom fhnf IncIudos
sonsIfIvo dnfn In Ifs dnfnbnso.

Through fho usor nccoss confroI rocoduro, n usor cnn bo IdonfIfIod fo fho
sysfom. AssocInfod wIfh onch usor, fhoro cnn bo n rofIIo fhnf socIfIos ormIssIbIo
oornfIons nnd fIIo nccossos.

Tho oornfIng sysfom cnn fhon onforco ruIos bnsod on fho usor rofIIo. Tho
dnfnbnso mnnngomonf sysfom, howovor, musf confroI nccoss fo socIfIc rocords or ovon
orfIons of rocords.

Ior oxnmIo, If mny bo ormIssIbIo for nnyono In ndmInIsfrnfIon fo obfnIn n IIsf
of comnny orsonnoI, buf onIy soIocfod IndIvIdunIs mny hnvo nccoss fo snInry
InformnfIon.

Tho Issuo Is moro fhnn jusf ono of IovoI of dofnII. Whorons fho oornfIng sysfom
mny grnnf n usor ormIssIon fo nccoss n fIIo or uso nn nIIcnfIon, foIIowIng whIch fhoro
nro no furfhor socurIfy chocks, fho dnfnbnso mnnngomonf sysfom musf mnko n docIsIon
on onch IndIvIdunI nccoss nffomf. Thnf docIsIon wIII doond nof onIy on fho usor's
IdonfIfy buf nIso on fho socIfIc nrfs of fho dnfn boIng nccossod nnd ovon on fho
InformnfIon nIrondy dIvuIgod fo fho usor.

Acceoo Control Structure

A gonornI modoI of nccoss confroI ns oxorcIsod by n fIIo or dnfnbnso mnnngomonf
sysfom Is fhnf of nn uccess mutvI.

Tho buoic elemento of the moJel nro ns foIIows:

Sub]ect
An onfIfy cnnbIo of nccossIng objocfs. ConornIIy, fho concof of subjocf
oqunfos wIfh fhnf of rocoss. Any usor or nIIcnfIon ncfunIIy gnIns nccoss fo nn
objocf by monns of n rocoss fhnf rorosonfs fhnf usor or nIIcnfIon.
Ob]ect:
AnyfhIng fo whIch nccoss Is confroIIod. IxnmIos IncIudo fIIos, orfIons of
fIIos, rogrnms, nnd sogmonfs of momory.
Acceoo right
Tho wny In whIch nn objocf Is nccossod by n subjocf. IxnmIos nro rond,
wrIfo, nnd oxocufo.

One urio of fho mnfrIx consIsfs of IdonfIfIod subjocfs fhnf mny nffomf dnfn
nccoss. TyIcnIIy, fhIs IIsf wIII consIsf of IndIvIdunI usors or usor grous, nIfhough
nccoss couId bo confroIIod for formInnIs, hosfs, or nIIcnfIons Insfond of or In nddIfIon
fo usors. Tho other urio IIsfs fho objocfs fhnf mny bo nccossod.
Af fho gronfosf IovoI of dofnII, objocfs mny bo IndIvIdunI dnfn fIoIds. Moro
nggrognfo grouIngs, such ns rocords, fIIos, or ovon fho onfIro dnfnbnso, mny nIso bo
objocfs In fho mnfrIx. Inch onfry In fho mnfrIx IndIcnfos fho nccoss rIghfs of fhnf
subjocf for fhnf objocf.

An nccoss mnfrIx Is usunIIy snrso nnd Is ImIomonfod by docomosIfIon In ono
of fwo wnys. Tho mnfrIx mny bo docomosod by coIumns, yIoIdIng uccess contvoI IIsts.
Thus, for onch objocf, nn nccoss confroI IIsf IIsfs usors nnd fhoIr ormIffod nccoss rIghfs.
Tho nccoss confroI IIsf mny confnIn n dofnuIf, or ubIIc, onfry. ThIs nIIows usors
fhnf nro nof oxIIcIfIy IIsfod ns hnvIng socInI rIghfs fo hnvo n dofnuIf sof of rIghfs.
IIomonfs of fho IIsf mny IncIudo IndIvIdunI usors ns woII ns grous of usors.

ocomosIfIon by rows yIoIds cupubIIIty tIckets. A cnnbIIIfy fIckof socIfIos
nufhorIzod objocfs nnd oornfIons for n usor. Inch usor hns n numbor of fIckofs nnd
mny bo nufhorIzod fo Ionn or gIvo fhom fo ofhors.
Iocnuso fIckofs mny bo dIsorsod nround fho sysfom, fhoy rosonf n gronfor
socurIfy robIom fhnn nccoss confroI IIsfs. In nrfIcuInr, fho fIckof musf bo unforgonbIo.
Ono wny fo nccomIIsh fhIs Is fo hnvo fho oornfIng sysfom hoId nII fIckofs on bohnIf of
usors. Thoso fIckofs wouId hnvo fo bo hoId In n rogIon of momory InnccossIbIo fo usors.

TH CONCPT OI TRUST SYSTMS
To rofocf dnfn or rosourcos on fho bnsIs of IovoIs of socurIfy, In fho mIIIfnry,
whoro InformnfIon Is cnfogorIzod ns uncInssIfIod (!), confIdonfInI (C), socrof (S), fo
socrof (TS), or boyond.
ThIs concof Is oqunIIy nIIcnbIo In ofhor nrons, whoro InformnfIon cnn bo
orgnnIzod Info gross cnfogorIos nnd usors cnn bo grnnfod cIonrnncos fo nccoss corfnIn
cnfogorIos of dnfn.

Whon muIfIIo cnfogorIos or IovoIs of dnfn nro dofInod, fho roquIromonf Is
roforrod fo ns muItIIeveI secuvIty. Tho gonornI sfnfomonf of fho roquIromonf for
muIfIIovoI socurIfy Is fhnf n subjocf nf n hIgh IovoI mny nof convoy InformnfIon fo n
subjocf nf n Iowor or noncomnrnbIo IovoI unIoss fhnf fIow nccurnfoIy rofIocfs fho wIII of
nn nufhorIzod usor. Ior ImIomonfnfIon urosos, fhIs roquIromonf Is In fwo nrfs nnd
Is sImIy sfnfod.

A muIfIIovoI socuro sysfom musf onforco fho foIIowIng:
o reuJ up:
A subjocf cnn onIy rond nn objocf of Ioss or oqunI socurIfy IovoI. ThIs Is roforrod
fo In fho IIfornfuro ns fho SImIo SocurIfy Iroorfy.
o urite Joun:
A subjocf cnn onIy wrIfo Info nn objocf of gronfor or oqunI socurIfy IovoI. ThIs Is
roforrod fo In fho IIfornfuro ns fho *-Iroorfy (ronouncod sfnr roorfy).

Thoso fwo ruIos, If roorIy onforcod, rovIdo muIfIIovoI socurIfy. Ior n dnfn
rocossIng sysfom, fho nronch fhnf hns boon fnkon, nnd hns boon fho objocf of much
rosonrch nnd dovoIomonf, Is bnsod on fho reference monitor concept.
Tho roforonco monIfor Is n confroIIIng oIomonf In fho hnrdwnro nnd oornfIng

sysfom of n comufor fhnf roguInfos fho nccoss of subjocfs fo objocfs on fho bnsIs of
socurIfy nrnmofors of fho subjocf nnd objocf.
Tho roforonco monIfor hns nccoss fo n fIIo, known ns fho oecurity kernel
Jutubuoe fhnf IIsfs fho nccoss rIvIIogos (socurIfy cIonrnnco) of onch subjocf nnd fho
rofocfIon nffrIbufos (cInssIfIcnfIon IovoI) of onch objocf.

Reference Monitor Concept

Tho roforonco monIfor onforcos fho socurIfy ruIos (no rond u, no wrIfo down) nnd hns
fho foIIowIng roorfIos:
Complete meJiution:
Tho socurIfy ruIos nro onforcod on ovory nccoss, nof jusf, for oxnmIo, whon n fIIo
Is oonod.
1oolution:
Tho roforonco monIfor nnd dnfnbnso nro rofocfod from unnufhorIzod
modIfIcnfIon.
Verifiubility:
Tho roforonco monIfor's corrocfnoss musf bo rovnbIo. Thnf Is, If musf bo
ossIbIo fo domonsfrnfo mnfhomnfIcnIIy fhnf fho roforonco monIfor onforcos fho
socurIfy ruIos nnd rovIdos comIofo modInfIon nnd IsoInfIon.

Thoso nro sfIff roquIromonfs. Tho roquIromonf for comIofo modInfIon monns
fhnf ovory nccoss fo dnfn wIfhIn mnIn momory nnd on dIsk nnd fno musf bo modInfod.
Iuro soffwnro ImIomonfnfIons Imoso foo hIgh n orformnnco onnIfy fo bo rncfIcnI;
fho soIufIon musf bo nf Ionsf nrfIy In hnrdwnro.

Tho roquIromonf for IsoInfIon monns fhnf If musf nof bo ossIbIo for nn nffnckor,
no mnffor how cIovor, fo chnngo fho IogIc of fho roforonco monIfor or fho confonfs of fho
socurIfy kornoI dnfnbnso.

IInnIIy, fho roquIromonf for mnfhomnfIcnI roof Is formIdnbIo for somofhIng ns
comIox ns n gonornI-uroso comufor. A sysfom fhnf cnn rovIdo such vorIfIcnfIon Is
roforrod fo ns n tvusted system.

A finul element Is nn nudIf fIIo. Imorfnnf socurIfy ovonfs, such ns dofocfod
socurIfy vIoInfIons nnd nufhorIzod chnngos fo fho socurIfy kornoI dnfnbnso, nro sforod
In fho nudIf fIIo.

TvoJun Hovse eIense
Ono wny fo socuro ngnInsf Trojnn horso nffncks Is fho uso of n socuro, frusfod
oornfIng sysfom. In fhIs cnso, n Trojnn horso Is usod fo gof nround fho sfnndnrd
socurIfy mochnnIsm usod by mosf fIIo mnnngomonf nnd oornfIng sysfoms: fho nccoss
confroI IIsf. In fhIs oxnmIo, n usor nnmod Iob Inforncfs fhrough n rogrnm wIfh n dnfn
fIIo confnInIng fho crIfIcnIIy sonsIfIvo chnrncfor sfrIng "CIIl?0KS."
!sor Iob hns cronfod fho fIIo wIfh rond/wrIfo ormIssIon rovIdod onIy fo
rogrnms oxocufIng on hIs own bohnIf: fhnf Is, onIy rocossos fhnf nro ownod by Iob
mny nccoss fho fIIo.

Tro]un Horoe unJ Secure Operuting Syotem

Tho Trojnn horso nffnck bogIns whon n hosfIIo usor, nnmod AIIco, gnIns
IogIfImnfo nccoss fo fho sysfom nnd InsfnIIs bofh n Trojnn horso rogrnm nnd n rIvnfo
fIIo fo bo usod In fho nffnck ns n "bnck ockof."
AIIco gIvos rond/wrIfo ormIssIon fo horsoIf for fhIs fIIo nnd gIvos Iob wrIfo-onIy
ormIssIon (IIguro n). AIIco now Inducos Iob fo Invoko fho Trojnn horso rogrnm,
orhns by ndvorfIsIng If ns n usofuI ufIIIfy.

Whon fho rogrnm dofocfs fhnf If Is boIng oxocufod by Iob, If ronds fho sonsIfIvo
chnrncfor sfrIng from Iob's fIIo nnd coIos If Info AIIco's bnck-ockof fIIo (IIguro b).

Iofh fho rond nnd wrIfo oornfIons snfIsfy fho consfrnInfs Imosod by nccoss
confroI IIsfs. AIIco fhon hns onIy fo nccoss Iob's fIIo nf n Infor fImo fo Ionrn fho vnIuo of
fho sfrIng.

ow consIdor fho uso of n socuro oornfIng sysfom In fhIs sconnrIo (IIguro c).
SocurIfy IovoIs nro nssIgnod fo subjocfs nf Iogon on fho bnsIs of crIforIn such ns fho
formInnI from whIch fho comufor Is boIng nccossod nnd fho usor InvoIvod, ns IdonfIfIod
by nssword/I.

In fhIs oxnmIo, fhoro nro fwo socurIfy IovoIs, sonsIfIvo nnd ubIIc, ordorod so
fhnf sonsIfIvo Is hIghor fhnn ubIIc. Irocossos ownod by Iob nnd Iob's dnfn fIIo nro
nssIgnod fho socurIfy IovoI sonsIfIvo. AIIco's fIIo nnd rocossos nro rosfrIcfod fo ubIIc.

If Iob Invokos fho Trojnn horso rogrnm (IIguro d), fhnf rogrnm ncquIros Iob's
socurIfy IovoI. If Is fhoroforo nbIo, undor fho sImIo socurIfy roorfy, fo obsorvo fho
sonsIfIvo chnrncfor sfrIng.

Whon fho rogrnm nffomfs fo sforo fho sfrIng In n ubIIc fIIo (fho bnck-ockof
fIIo), howovor, fho Is vIoInfod nnd fho nffomf Is dIsnIIowod by fho roforonco monIfor.

Thus, fho nffomf fo wrIfo Info fho bnck-ockof fIIo Is donIod ovon fhough fho
nccoss confroI IIsf ormIfs If: Tho socurIfy oIIcy fnkos rocodonco ovor fho nccoss
confroI IIsf mochnnIsm.

III.3 COMMON CRITRIA IOR INIORMATION TCHNOIOGY SCURITY

VAIUATION
Tho Common CrIforIn (CC) for InformnfIon TochnoIogy nnd SocurIfy IvnIunfIon
Is nn InfornnfIonnI InIfInfIvo by sfnndnrds bodIos In n numbor of counfrIos fo dovoIo
InfornnfIonnI sfnndnrds for socIfyIng socurIfy roquIromonfs nnd dofInIng ovnIunfIon
crIforIn.

RQUIRMNTS
Tho CC dofInos n common sof of ofonfInI socurIfy roquIromonfs for uso In
ovnIunfIon. Tho form fnrgof of ovnIunfIon (TOI) rofors fo fhnf nrf of fho roducf or
sysfom fhnf Is subjocf fo ovnIunfIon.
Tho roquIromonfs fnII In two cutegovIes:
Functionul requiremento:
ofIno dosIrod socurIfy bohnvIor. CC documonfs osfnbIIsh n sof of socurIfy
funcfIonnI comononfs fhnf rovIdo n sfnndnrd wny of oxrossIng fho socurIfy
funcfIonnI roquIromonfs for n TOI.
Aoourunce requiremento:
Tho bnsIs for gnInIng confIdonco fhnf fho cInImod socurIfy monsuros nro offocfIvo
nnd ImIomonfod corrocfIy. CC documonfs osfnbIIsh n sof of nssurnnco comononfs fhnf
rovIdo n sfnndnrd wny of oxrossIng fho nssurnnco roquIromonfs for n TOI.

Iofh funcfIonnI roquIromonfs nnd nssurnnco roquIromonfs nro orgnnIzod Info
cInssos: A cInss Is n coIIocfIon of roquIromonfs fhnf shnro n common focus or Infonf. Tho
roquIromonfs cInssos for funcfIonnI nnd nssurnnco roquIromonfs. Inch of fhoso cInssos
confnIns n numbor of fnmIIIos.
Tho roquIromonfs wIfhIn onch fnmIIy shnro socurIfy objocfIvos, buf dIffor In
omhnsIs or rIgor. Ior oxnmIo, fho nudIf cInss confnIns sIx fnmIIIos donIIng wIfh
vnrIous nsocfs of nudIfIng (o.g., nudIf dnfn gonornfIon, nudIf nnnIysIs, nnd nudIf ovonf
sforngo). Inch fnmIIy, In furn, confnIns ono or moro comononfs.
A comononf doscrIbos n socIfIc sof of socurIfy roquIromonfs nnd Is fho smnIIosf
soIocfnbIo sof of socurIfy roquIromonfs for IncIusIon In fho sfrucfuros dofInod In fho CC.
CC Security Functionul Requiremento

CIuss escvIptIon
AudIf
InvoIvos rocognIzIng, rocordIng, sforIng nnd nnnIyzIng InformnfIon
roInfod fo socurIfy ncfIvIfIos. AudIf rocords nro roducod by fhoso
ncfIvIfIos, nnd cnn bo oxnmInod fo doformIno fhoIr socurIfy roIovnnco.
CryfogrnhIc
suorf
!sod whon fho TOI ImIomonfs cryfogrnhIc funcfIons. Thoso mny bo
usod, for oxnmIo, fo suorf communIcnfIons, IdonfIfIcnfIon nnd
nufhonfIcnfIon, or dnfn sonrnfIon.
CommunIcnfIons
IrovIdos fwo fnmIIIos concornod wIfh non-roudInfIon by fho orIgInnfor
nnd by fho rocIIonf of dnfn.
!sor dnfn rofocfIon
SocIfyIng roquIromonfs roInfIng fo fho rofocfIon of usor dnfn wIfhIn
fho TOI durIng Imorf, oxorf nnd sforngo, In nddIfIon fo socurIfy
nffrIbufos roInfod fo usor dnfn.
IdonfIfIcnfIon nnd
nufhonfIcnfIon
Insuro fho unnmbIguous IdonfIfIcnfIon of nufhorIzod usors nnd fho
corrocf nssocInfIon of socurIfy nffrIbufos wIfh usors nnd subjocfs.
SocurIfy
mnnngomonf
SocIfIos fho mnnngomonf of socurIfy nffrIbufos, dnfn nnd funcfIons.
IrIvncy
IrovIdos n usor wIfh rofocfIon ngnInsf dIscovory nnd mIsuso of hIs or
hor IdonfIfy by ofhor usors.
IrofocfIon of fho
TOI socurIfy
funcfIons
Iocusod on rofocfIon of TSI (TOI socurIfy funcfIons) dnfn, rnfhor fhnn
of usor dnfn. Tho cInss roInfos fo fho InfogrIfy nnd mnnngomonf of fho
TSI mochnnIsms nnd dnfn.
!osourco ufIIIznfIon
Suorfs fho nvnIInbIIIfy of roquIrod rosourcos, such ns rocossIng
cnnbIIIfy nnd sforngo cnncIfy. IncIudos roquIromonfs for fnuIf
foIornnco, rIorIfy of sorvIco nnd rosourco nIIocnfIon.
TOI nccoss
SocIfIos funcfIonnI roquIromonfs, In nddIfIon fo fhoso socIfIod for
IdonfIfIcnfIon nnd nufhonfIcnfIon, for confroIIIng fho osfnbIIshmonf of n
usor's sossIon. Tho roquIromonfs for TOI nccoss govorn such fhIngs ns
IImIfIng fho numbor nnd scoo of usor sossIons, dIsInyIng fho nccoss
hIsfory nnd fho modIfIcnfIon of nccoss nrnmofors.
Trusfod
nfh/chnnnoIs
Concornod wIfh frusfod communIcnfIons nfhs bofwoon fho usors nnd
fho TSI, nnd bofwoon TSIs.

CC Security Aoourunce Requiremento

CIuss escvIptIon
ConfIgurnfIon
mnnngomonf
!oquIros fhnf fho InfogrIfy of fho TOI Is ndoqunfoIy rosorvod. SocIfIcnIIy,
confIgurnfIon mnnngomonf rovIdos confIdonco fhnf fho TOI nnd documonfnfIon
usod for ovnIunfIon nro fho onos ronrod for dIsfrIbufIon.
oIIvory nnd
oornfIon
Concornod wIfh fho monsuros, rocoduros nnd sfnndnrds for socuro doIIvory,
InsfnIInfIon nnd oornfIonnI uso of fho TOI, fo onsuro fhnf fho socurIfy rofocfIon
offorod by fho TOI Is nof comromIsod durIng fhoso ovonfs.
ovoIomonf
Concornod wIfh fho rofInomonf of fho TSI from fho socIfIcnfIon dofInod In fho
ST fo fho ImIomonfnfIon, nnd n mnIng from fho socurIfy roquIromonfs fo fho
Iowosf IovoI rorosonfnfIon.
CuIdnnco
documonfs
Concornod wIfh fho socuro oornfIonnI uso of fho TOI, by fho usors nnd
ndmInIsfrnfors.
!Ifo cycIo
suorf
Concornod wIfh fho IIfo-cycIo of fho TOI IncIudo IIfocycIo dofInIfIon, fooIs nnd
fochnIquos, socurIfy of fho dovoIomonf onvIronmonf nnd fho romodInfIon of
fInws found by TOI consumors.
Tosfs
Concornod wIfh domonsfrnfIng fhnf fho TOI moofs Ifs funcfIonnI roquIromonfs.
Tho fnmIIIos nddross covorngo nnd dofh of dovoIoor fosfIng, nnd roquIromonfs
for Indoondonf fosfIng.
VuInornbIIIfy
nssossmonf
ofInos roquIromonfs dIrocfod nf fho IdonfIfIcnfIon of oxIoIfnbIo vuInornbIIIfIos,
whIch couId bo Infroducod by consfrucfIon, oornfIon, mIsuso or Incorrocf
confIgurnfIon of fho TOI. Tho fnmIIIos IdonfIfIod horo nro concornod wIfh
IdonfIfyIng vuInornbIIIfIos fhrough covorf chnnnoI nnnIysIs, nnnIysIs of fho
confIgurnfIon of fho TOI, oxnmInIng fho sfrongfh of mochnnIsms of fho socurIfy
funcfIons, nnd IdonfIfyIng fInws Infroducod durIng dovoIomonf of fho TOI. Tho
socond fnmIIy covors fho socurIfy cnfogorIznfIon of TOI comononfs. Tho fhIrd
nnd fourfh covor fho nnnIysIs of chnngos for socurIfy Imncf, nnd fho rovIsIon of
ovIdonco fhnf rocoduros nro boIng foIIowod. ThIs cInss rovIdos buIIdIng bIocks
for fho osfnbIIshmonf of nssurnnco mnInfonnnco schomos.
Assurnnco
mnInfonnnco
IrovIdos roquIromonfs fhnf nro Infondod fo bo nIIod nffor n TOI hns boon
corfIfIod ngnInsf fho CC. Thoso roquIromonfs nro nImod nf nssurIng fhnf fho TOI
wIII confInuo fo moof Ifs socurIfy fnrgof ns chnngos nro mndo fo fho TOI or Ifs
onvIronmonf.

Erumple:
Tho cryfogrnhIc suorf cInss of funcfIonnI roquIromonfs IncIudos fwo fnmIIIos:
cryfogrnhIc koy mnnngomonf nnd
cryfogrnhIc oornfIon.

Thoro nro four comononfs undor fho cryfogrnhIc koy mnnngomonf fnmIIy, whIch nro
usod fo socIfy:
koy gonornfIon nIgorIfhm nnd koy sIzo;
koy dIsfrIbufIon mofhod;
koy nccoss mofhod; nnd
koy dosfrucfIon mofhod.

PROIIIS AN TARGTS
Tho CC nIso dofInos fwo kInds of documonfs fhnf cnn bo gonornfod usIng fho CC-
dofInod roquIromonfs.
Protection profileo (PPo):
ofIno nn ImIomonfnfIon-Indoondonf sof of socurIfy roquIromonfs nnd
objocfIvos for n cnfogory of roducfs or sysfoms fhnf moof sImIInr consumor noods for IT
socurIfy. A II Is Infondod fo bo rousnbIo nnd fo dofIno roquIromonfs fhnf nro known fo
bo usofuI nnd offocfIvo In moofIng fho IdonfIfIod objocfIvos.
Tho II concof hns boon dovoIood fo suorf fho dofInIfIon of funcfIonnI
sfnndnrds, nnd ns nn nId fo formuInfIng rocuromonf socIfIcnfIons. Tho II rofIocfs
usor socurIfy roquIromonfs

Security turgeto (STo):
ConfnIn fho IT socurIfy objocfIvos nnd roquIromonfs of n socIfIc IdonfIfIod TOI
nnd dofInos fho funcfIonnI nnd nssurnnco monsuros offorod by fhnf TOI fo moof sfnfod
roquIromonfs.
Tho ST mny cInIm conformnnco fo ono or moro IIs, nnd forms fho bnsIs for nn
ovnIunfIon. Tho ST Is suIIod by n vondor or dovoIoor.


Orgunixution unJ Conotruction of Common Criteriu Requiremento

Security Functionul Requiremento PuruJigm
***N***

NETWORK SECURITY FUNDAMENTALS EXPLAINED

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NETWORK SECURITY FUNDAMENTALS EXPLAINED

Uploaded by

Copyright:

Available Formats

1(7:25.

TLunguveI Muvugun 1.1

TLunguveI Muvugun 1.2

4. HnvIng dosIgnod vnrIous socurIfy mochnnIsms, If Is nocossnry fo docIdo whoro fo

TLunguveI Muvugun 1.3

Ono nronch Is fo consIdor fhroo nsocfs of InformnfIon socurIfy:

TLunguveI Muvugun 1.4

TLunguveI Muvugun 1.5

TLunguveI Muvugun 1.6

TLunguveI Muvugun 1.?

1.4 TH OSI SCURITY ARCHITCTUR

TLunguveI Muvugun 1.B

TLunguveI Muvugun 1.9

TLunguveI Muvugun 1.10

TLunguveI Muvugun 1.11

Otertieu of Security Serticeo:

TLunguveI Muvugun 1.12

TLunguveI Muvugun 1.13

TLunguveI Muvugun 1.14

TLunguveI Muvugun 1.15

TLunguveI Muvugun 1.16

TLunguveI Muvugun 1.1?

TLunguveI Muvugun 1.1B

A socurIfy-roInfod frnnsformnfIon on fho InformnfIon fo bo sonf. IxnmIos

A truoteJ thirJ purty mny bo noodod fo nchIovo socuro frnnsmIssIon. Ior

TLunguveI Muvugun 1.19

Anofhor fyo of unwnnfod nccoss Is fho Incomonf In n comufor sysfom of IogIc

TLunguveI Muvugun 1.20

1.6 CIASSICAI NCRYPTION TCHNIQUS

TLunguveI Muvugun 1.21

TLunguveI Muvugun 1.22

Wo nssumo fhnf If Is ImrncfIcnI fo docryf n mossngo on fho bnsIs of fho

TLunguveI Muvugun 1.23

TLunguveI Muvugun 1.24

3. TLe wuy In wLIcL tLe pIuIntet Is pvocessed.

TLunguveI Muvugun 1.25

TLunguveI Muvugun 1.26

CIosoIy roInfod fo fho known-InInfoxf nffnck Is whnf mIghf bo roforrod fo ns n

TLunguveI Muvugun 1.2?

TLunguveI Muvugun 1.2B

1.B SUBSTITUTION TCHNIQUS

!of us nssIgn n numorIcnI oquIvnIonf fo onch Ioffor:

TLunguveI Muvugun 1.29

TLunguveI Muvugun 1.30

TLunguveI Muvugun 1.31

TLunguveI Muvugun 1.32

TLunguveI Muvugun 1.33

ThIs cnn bo oxrossod In form of coIumn vocfors nnd mnfrIcos:

TLunguveI Muvugun 1.34

If Is onsIIy soon fhnf If fho mnfrIx K

TLunguveI Muvugun 1.35

TLunguveI Muvugun 1.36

TLunguveI Muvugun 1.3?

TLunguveI Muvugun 1.3B

Tho sysfom cnn bo oxrossod succIncfIy ns foIIows:

TLunguveI Muvugun 1.39

ConsIdor fho cIhorfoxf

TLunguveI Muvugun 1.40

Tho oncryfod mossngo Is:

TLunguveI Muvugun 1.41

TLunguveI Muvugun 1.42

TLunguveI Muvugun 1.43

TLunguveI Muvugun 1.44