Chapter 1 and 2

decisioncrunchNetworking and Communications

Nov 20, 2013 (3 years and 8 months ago)

133 views

Cryptography and Security Services:
Mechanisms and Applications

Manuel Mogollon

m_mogollon@verizon.net

M. Mogollon


0

Chapter 1 and 2

Classic Cryptography and
Information Assurance

1

M. Mogollon


1



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Session 1


Contents


Introduction


Classical Cipher Techniques


Substitution Ciphers


Monoalphabetic Substitution


Polyalphabetic Substitution


Transposition Ciphers


Early Cipher Machines


The Saint Cyr Slide


The Jefferson Cylinder


Vernam Cipher


The Rotor Crypto Machines


2

M. Mogollon


2



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Introduction


Scribes in the Egyptian civilization used unusual
hieroglyphics to tell the story of their masters' lives.


The inscriptions were not secret writing, but incorporated one of the
essential elements of cryptography: an intentional transformation of
writing so that only certain people could read it


The Spartans were probably the first to use
cryptography for military purposes.

We need to proceed with the plan


Their crypto device was called the
scytale (stick).

3

M. Mogollon


3



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Crypto Analysis Rules


The Arab civilization, with its advanced mathematics,
was the first to establish specific rules to cryptanalyze
written messages. These rules were the following:


The cryptanalyst must know the language in which the crypto
message is written and its linguistic characteristics.


In every language, there are letters that are never found together in
one word, letters that rarely come together in a word, and
combinations of letters that are not possible.


All letters are not used equally in any language, and the proportions
in which the letters occur remain constant.


4

M. Mogollon


4



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Classical Cipher Techniques


Too weak for serious applications; however, many of
their basic principles are still used in modern
cryptography.


Substitution Ciphers



Monoalphabetic Substitution




The number of possible substitutions is 26! or 4.0329 x 10
26
.


It is a very weak cipher; in any language there are some letters that
occur more often than others.

Plain

a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher


d e f g h i j k l m n o p q r s t u v w x y z a b c


Plain

a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher


h o s b r g v k w c y f p j t a z m x i q d l u e n


5

M. Mogollon


5



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Polyalphabetic Substitution


Introduced by Blaise de
Vigenere in the 16th
century.


Uses one alphabet for each
of the plain letters.


Has several key methods,
such as words, phrases,
and a running key in which
the message itself is its
own key

the so
-
called
autokey.

Key

D N O W I S T H E T I M

Plain

N O W I S T H E T I M E

Cipher

Q B K E A L A L X B U Q

The Vigenere Tableau

(Plain Text)


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


A a b c d e f g h i j k l m n o p q r s t u v w x y z

B b c d e f g h i j k l m n o p q r s t u v w x y z a

C c d e f g h i j k l m n o p q r s t u v w x y z a b

D d e f g h i j k l m n o p q r s t u v w x y z a b c

E e f g h i j k l m n o p q r s t u v w x y z a b c d

F f g h i j k l m n o p q r s t u v w x y z a b c d e

G g h i j k l m n o p q r s t u v w x y z a b c d e f

H h i j k l m n o p q r s t u v w x y z a b c d e f g

I i j k l m n o p q r s t u v w x y z a b c d e f g h

J j k l m n o p q r s t u v w x y z a b c d e f g h i

K k l m n o p q r s t u v w x y z a b c d e f g h i j

L l m n o p q r s t u v w x y z a b c d e f g h i j k

M m n o p q r s t u v w x y z a b c d e f g h i j k l

N n o p q r s t u v w x y z a b c d e f g h i j k l m

O o p q r s t u v w x y z a b c d e f g h i j k l m n

P p q r s t u v w x y z a b c d e f g h i j k l m n o

Q q r s t u v w x y z a b c d e f g h i j k l m n o p

R r s t u v w x y z a b c d e f g h i j k l m n o p q

S s t u v w x y z a b c d e f g h i j k l m n o p q r

T t u v w x y z a b c d e f g h i j k l m n o p q r s

U u v w x y z a b c d e f g h i j k l m n o p q r s t

V v w x y z a b c d e f g h i j k l m n o p q r s t u

W w x y z a b c d e f g h i j k l m n o p q r s t u v

X x y z a b c d e f g h i j k l m n o p q r s t u v w

Y y z a b c d e f g h i j k l m n o p q r s t u v w x

Z z a b c d e f g h i j k l m n o p q r s t u v w x y

Cipher

Q B K E A L A L X B U Q


Key

D N O W I S T H E T I M

Plain

N O W I S T H E T I M E


6

M. Mogollon


6



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Transposition Ciphers


Successive letters of the plaintext are arranged
according to the key.


The key is a group of sequential numbers arranged at
random.


The plaintext is separated into groups of letters in which
each group has the same number of letters as the
number chosen as a key.

Plaintext

n o w i s / t h e t i / m e f o r / a l l x x /

Key

5 1 3 4 2


s n w i o


i t e t h


r m f o e


x a l x l

Ciphertext

s n w i o i t e t h r m f o e x a l x l

7

M. Mogollon


7



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Early Cipher Machines


The Saint Cyr Slide







18
th

Century Wheel Cipher

ABCDEFGHIJKLMNOPQRSTUVWXYZ

A DEFGHIJKLMNOPQRSTUVWXYZABC GHIJHLMNOPQRSTUVWXYZ

Picture from:
http://www.nsa.gov/museum/wheel.html

8

M. Mogollon


8



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Early Cipher Machines


The Vernam Cipher was designed in 1917 by Gilbert Vernam


Is a bit
-
by
-
bit combination of random characters (keystream) with
characters of plaintext using modulo
-
2 addition (the XOR function)



1 + 0 = 1

1 + 1 = 0



0 + 1 = 1

0 + 0 = 0

Enciphering




Deciphering

Plaintext

1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0


Ciphertext

0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1

Keystream

1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1


Keystream

1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1


────────────────────



────────────────────

Ciphertext

0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1

Plaintext

1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0

Plaintext

Plaintext

Encryption Algorithm

Modulo 2 Adder

Ciphertext

Encipher

Decipher

Key
Stream

Key
Stream

+

+

Decryption Algorithm

Modulo 2 Adder

9

M. Mogollon


9



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

The Rotor Crypto Machines


Rotor Crypto Machines implement
polyalphabetic substitution ciphers with
long periods.


These machines consist of several “t”
rotary discs, each one with 26 electrical
contacts called studs.


Each stud is connected at random by wire
to another stud on the other side of the
disc.


After each letter is enciphered, one or more
of the rotors are rotated one step.


A machine with “t” rotors does not return
to its starting position until after 26
t

successive steps.


A five
-
rotor machine has a period of

26
5

= 11,881,376 different alphabets before
it repeats itself.

A

B

C

D

E

F

G

H

I

A

B

C

D

E

F

G

H

I

Encryption

Ciphertext

Plaintext

A

B

C

D

E

F

G

H

I

A

B

C

D

E

F

G

H

I

Decryption

Ciphertext

Plaintext

10

M. Mogollon


10



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

The M 209


Used by the U.S. Army until the
early 1950s.


Polyalphabetic ciphertext with
a period of 26 x 25 x 23 x 21 x
19 x 17 = 101,405,850, nearly
ten times greater than a five
-
rotor machine.


Picture from
http://www.maritime.org/csp1500.htm

The Enigma

Picture from
http://www.nsa.gov/museum/enigma.html

11

M. Mogollon


11



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Information Assurance
and Security Services
& Mechanisms

12

M. Mogollon


12



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Session 1a


Contents


Introduction


OSI and TCP/IP Stack


Crypto Terminology


Security Services and Security Mechanisms



13

M. Mogollon


13



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

NSA Terminology

COMSEC

/

(1960s) Communications security which provided protection
against disclosure to unauthorized parties when information was
transmitted or broadcasted from point
-
to
-
point.

COMPUSEC

/

(Late 1970s) Computer security which provided
protection against unauthorized disclosure of information,
injection of malicious code, or the theft of data on magnetic
media.

INFOSEC

/

(Early 1980s) Information security which was the result of
the convergence of COMSEC and COMPUSEC.

IA

/

(Late 1990s) Information Assurance which deals with providing
protection against unauthorized disclosure of information
(confidentiality), modification of information (integrity), denial of
service (availability), authenticity, and non
-
repudiation.


Definitions taken from Daniel G. Wolf, NSA Director of Information Assurance statement
before the House Select Committee of Homeland Security on July 22, 2003, pages 4 and 5.

14

M. Mogollon


14



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

OSI and TCP/IP Stacks

Application Layer

Transport Layer

Network Layer

Data Layer

SMTP, Telnet, FTP, Gopher

UDP

IP

Ethernet, Token
-
Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer

Session

Transport

Network

Physical

ARP

RARP

Data Link

Application

Presentation

Layer 7

Layer 2

Layer 6

Layer 3

Layer 5

Layer 4

Layer 1

OSI Stack

TCP/IP Stack

TCP

15

M. Mogollon


15



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

TCP/IP


TCP/IP


Transmission Control Protocol/Internet Protocol.


TCP/IP is the protocol suite used by the Internet.


TCP/IP is based on a connectionless networking. Eliminates the need for
the network to support signaling and maintain connections (and thus state
information). All aspects of a reliable connection are moved to Layer 4 and
supported in the endpoints.


TCP/IP has two parts, TCP and IP.


TCP perform the functions of the transport layer in the OSI model (e.g., breaking the
data into smaller packets, numbering them, ensuring each packet is reliably delivered
and putting them in the proper order).


IP performs the role of the network layer in the OSI model (e.g., routing and
addressing).


Some of the protocols used in the TCP/IP suite are:


Data Layer: Frame Relay, ATM, IEEE 802.3, PPP PPP EAP (among others)


Network Layer: IP


Transport Layer: User Data Protocol (UDP), Transmission Control Protocol (TCP)


Applications Layer Applications: HTTP, FTP, SMTP, SNMP

16

M. Mogollon


16



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

TCP/IP Protocol Stack


Application Layer:
Provides services for a user to send and received data over the
network, such as web browsers (HTTP), FTP, SMTP, SNMP, and emails.



Transport Layer:
Provides connection, error and flow control (TCP or UDP), and security.


Network Layer:
Responsible for addressing (IP) and routing the packets.


Data Link Layer:
Defines the electrical, mechanical, and physical interfaces to the network.
It frames the packets for transmission over the physical media, such as Ethernet, Token
Ring, Frame Relay, Asynchronous Transfer Mode (ATM).

Application Layer

Transport Layer

Network Layer

Data Layer

Data

TH

NH

Payload

DH

Payload

NH

DH

Payload

Application Layer

Network Layer

Data Layer

Data

TH

NH

Payload

DH

Payload

Router

Transport Layer

17

M. Mogollon


17



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

TCP/IP Stack and Security Related Protocols


S/MIME


S
-
HTTP


PGP


SET


IPSec
(ISAKMP)


SOCKS V5


SSL, TLS


IPSec (AH,
ESP)


Packet filtering


Tunneling
Protocols

PPP
-
EAP, IEEE
802.1X, CHAP,
PAP, MS
-
CHAP

The Data Layer is also called Network Interface Layer, Link Layer, or
Data
-
Link Layer.

Application Layer

Transport Layer

Network Layer

Data Layer

SMTP, Telnet, FTP, Gopher

UDP

IP

Ethernet, Token
-
Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer

ARP

RARP

TCP

18

M. Mogollon


18



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

What is Cryptography
?


cryptography

/

The art or science that treats of the
principles, means, and methods to render information
unintelligible to all but the intended receiver. The
sender enciphers a message into an unintelligible
form, and the receiver deciphers it into intelligible
form. The word "cryptology" is derived from the
Greek “kryptos” (hidden) and “logos” (word).

19

M. Mogollon


19



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

What is Cryptology?


cryptology
/
The scientific study of cryptography and
cryptanalysis.



cryptanalysis

/
The process of deducting the plaintext
from the ciphertext (breaking a code) without being in
possession of the key or the system (codebreaking).

20

M. Mogollon


20



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Crypto Terminology

Synchronization

Cryptographic
Variables (CV),

Secret Keys,
Private Keys

Cryptographic
Variables (CV),
Secret Keys,
Public Keys

Plaintext

Plaintext

Ciphertext

Encipher

Decipher

Key Stream

Key Stream

Encryption
Algorithm

Encryption
Algorithm

Key
Generator

Key
Generator

As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….

Asdfe8i4*(74mjsd(
9&*nng654mKhna
mshy75*72mnasja
dif3%j*j^3cdf(#421
5kndh_!8g,kla/”2a
cd:{qien*38mnap4
*h&fk>0820&ma01
2M

Message

Message

As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….

Security is based on the crypto variable, not on the encryption
algorithm.

21

M. Mogollon


21



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Crypto Terminology

Synchronization

Cryptographic
Variables (CV),

Secret Keys,
Private Keys

Cryptographic
Variables (CV),
Secret Keys,
Public Keys

Plaintext

Plaintext

Ciphertext

Encipher

Decipher

Encryption
Algorithm
(Block
Cipher)

Encryption
Algorithm
(Block
Cipher)

As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….

Asdfe8i4*(74mjsd(
9&*nng654mKhna
mshy75*72mnasja
dif3%j*j^3cdf(#421
5kndh_!8g,kla/”2a
cd:{qien*38mnap4
*h&fk>0820&ma01
2M

Message

Message

As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….

22

M. Mogollon


22



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Security Services Security Mechanisms

Encryption

Hash Functions

Digital Signatures

Security Tokens

Digital Signatures

Non
-
Repudiation

Access

Authentication

Integrity

Confidentiality

23

M. Mogollon


23



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Typical Protections
-

Need Many Tools Used
in Concert


Physical Security


Physical access (guards, fences, alarms, locks,, etc.)


Environment risk security (power Filtering and UPS devices surge protectors


Fire and flooding protection


Information Assurance


Confidentiality (symmetric and asymmetric encryption)


Integrity (hash functions)


Authentication (digital certificates, tokens, digital signatures, passwords, biometrics, etc.)


Non
-
Repudiation (public key encryption, digital signatures,


System Security


Access controls authentication (firewalls, passwords, biometrics, etc.)


Virus protection tools


Operation system protection (Windows, Unix, Linux)


Network Security


Management tools (sniffers, scanners, profilers, honeypots, shunts, program registers, etc.)


Database security


Disaster Recovery Planning


Contingency plans


Security policies.


EMI/RFI Shielding


Training and Education

24

M. Mogollon


24



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Security Services


Confidentiality


Protection against unauthorized individuals reading information that is
supposed to be kept private.


Data Integrity


Assurance that a message was not accidentally or deliberately modified in
transit by replacement, insertion, or deletion.



Authentication


Assurance that the message is coming from the source from which it claims
to come.


Non
-
Repudiation of Origin


Protection against an individual denying sending or receiving a message.


Access Control


The prevention of the unauthorized use of a resource by identifying or
verifying the eligibility of a station, originator or individual to access specific
categories of information.

A security policy is implemented using security mechanisms to provide
security services.

25

M. Mogollon


25



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

IA Security Policy

Security Mechanisms must be:

Comprehensive, Coordinated, Scaleable, & Technology Agnostic

When

is

provide

Confidentiality,


Integrity,

Availability,

Authenticity,
Non
-
repudiation.

Collected,
Used,
Processed,
Transmitted,
or Stored,

Electronic

Information

the

Security
Mechanisms

26

M. Mogollon


26



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Confidentiality

Encryption
Algorithms

Symmetric

Asymmetric

Stream Ciphers

Block Cipher

Synchronous

Self
-
Synchronous

ECC

RSA

DES

Public
-
Key

Pohlig
Hellman

OFB

CFB

ElGamal

3DES

MARS

CAST

AES

Blowfish

RC5

IDEA

Schnorr

Confidentiality and its Security Mechanisms

Protection of data
from unauthorized
disclosure

RC4

27

M. Mogollon


27



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

HMAC
-
SHA
-
1
-
96

HMAC
-
MD5
-
96

Integrity and its Security Mechanisms

Assurance that a message was not
accidentally or deliberately modified
in transit by replacement, insertion,
or deletion.

Integrity

Hash Functions

MD5

MAC

HMAC

SHA

Digital Signature

Encryption

DES CBC

AES
-
XCBC
-
MAC
-
96

SHA
-
384

SHA
-
512

SHA
-
1

SHA
-
256

28

M. Mogollon


28



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Authentication and its Security Mechanisms

Authentication

Digital Signatures

A Digital Signature is created by taking the message’s hash and
encrypting it with the sender’s private key.

ElGamal

ECDSA

SHA

Hash
Functions

Assurance that the message is
coming from the source from which
it claims to be.

Digital Signatures provide
authentication, non
-
repudiation, and integrity.

SHA

RSA

DSA

MD5

RSA

DSA

29

M. Mogollon


29



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Access Authentication

Access
Authentication

Protocol

IEEE
802.1X

EAP Method

Mechanism

EAP
-
TTLS

EAP
-
PEAP

EAP
-
TLS

MS
-
CHAP
v2

OTP

GTC

CHAP

EAP
-
AKA

EAP
-
PSK

EAP
-
SIM

IEEE 802.1X:
Port
-
based Access Control Protocol

EAP:
Extensible Authentication Protocol

TLS:

Transport Layer Security

TTLS:
Tunneled Transport Layer Security

PEAP:
Protected EAP

CHAP
: Challenge
-
Handshake Authentication Protocol

OTP
: One
-
Time Password

GTC:
Generic Token Card

Digital
Certificates

The prevention of the
unauthorized use of a
resource.

30

M. Mogollon


30



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Non
-
Repudiation and its Security
Mechanisms

Sender enciphers the message with his private
key and recipient deciphers the message with
sender’s public key.

Non
-
Repudiation

Public
-
Key

ElGamal

RSA

ECC

Schnorr

Digital Signature

Encryption

Protection against an
individual denying
sending a message.

31

M. Mogollon


31



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Example: Ecommerce


SSL Application


Firewall


SSL Accelerator

Internet

Buyer



Authenticates seller.


Enciphers information.


Clientless


Access from any computer


Intranet or DMZ

Seller

SSL Accelerator


SSL traffic is encrypted


Offloads expensive public key
operation from backend servers


Normally, 250,000 transactions/sec

Web
Servers

32

M. Mogollon


32



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Example: Remote Access Application


VPNs


Firewall


VPN Gateway

Internet

Remote End



Authenticates remote access user.


Creates tunnel for VPN connection


Enciphers communications using IPSec.

Home office

Firewall

VPN
Gateway

Intranet

Authentication
Server

VoIP

33

M. Mogollon


33



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Example: Remote Wireless Access Application


VPNs


Firewall


VPN Gateway

Internet

Remote End
Wireless Point
Security


Authenticate wireless remote access user.


Create tunnel for VPN connection


Encipher communications using IPSec.


Access to all applications through client
desktop software.

Home office

Firewall

VPN
Gateway

Wireless Security
Switch

Intranet

Authentication
Server

VoIP

WifiVoIP

34

M. Mogollon


34



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Remote Wireless/Wireline Access Application


SSL VPNs


Firewall


SSL VPN


Internet

Remote End
Wireless Point
Security


Authenticate wireless/wireline remote access
user.


Secure communications using SSL IPSec.


Access to selected applications through a web
portal.


Erase any connection information in the access
point after log
-
out.

Home office

Router

Router

VoIP

Intranet

Authentication
Server

35

M. Mogollon


35



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Authentication

Authenticator

Authentication
Server

Radius, Kerberos, PKI,
OTP, Token

Password
Authentication
Database

Token
Authentication
Database

X.509 Directory

Kerberos
Ticket
Granting
Server

Supplicants

EAP over
Internet

EAP Method

36

M. Mogollon


36



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

Placeholder Names Used in Cryptography


Alice

Participant in all protocols


Bob

Participant in two
-
, three
-
, and four
-
party protocols.


Carol

Participant in three
-

and four
-
party protocols


Dave

Participant in four
-
party protocols


Eve

Passive eavesdropper, Eve, while she can listen in on messages between
Alice and Bob, she cannot modify them.


Mallet

Malicious active attacker. Mallet, also called Mallory, can modify
messages, substitute his own messages, replay old messages, and so on.
The problem of securing a system against Mallory is much greater than
against Eve.


Peggy

Prover


Victor

Verifier . Victor, a verifier, and Peggy, a prover, must interact in some way
to show that the intended transaction between Alice and Bob has actually
taken place.


Trent

Trusted Arbitrator


Trudy

Intruder. Trudy can modify messages in transit, therefore, she is more
dangerous than Eve. Bob and Alice ideally should use some integrity
protocols to be able to detect any such modification and either ignore the
changed message, or retrieve the correct message despite the intrusion.


Walter

Warden. He guards Alice and Bob in some protocols.

37

M. Mogollon


37



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

IETF, RFCs, FIPS


The Internet Engineering Task Force (IETF) is a group of network designers,
operators, vendors, and researchers concerned with the evolution of the
Internet architecture and the smooth operation of the Internet.
http://www.ietf.org/


The Request for Comments (RFC) consist of the IETF working documents
of approved standards and protocols for the Internet. This web site is the
RFC repository and it lists all the RFCs.
http://www.ietf.org/rfc.html


The Computer Security Resource Center of the National Institute of
Standards and Technology, develops standards and metrics to test and
validate computer security.

http://csrc.nist.gov/


Federal Information Processing Standards Publications (FIPS PUBS) home
web page.
http://www.itl.nist.gov/fipspubs/


Federal Information Processing Standards Publications (FIPS PUBS) web
page associated with Computer Security.
http://csrc.nist.gov/publications/fips/


Internet Security Glosary, RFC 4949
http://www.ietf.org/rfc/rfc4949.txt?number=4949

38

M. Mogollon


38



Introduction


Classic Cryptography

IA

OSI/TCP Stack

Security Services & Mechanisms

References

Classic Cryptography


Bamford, J. (1982). The Puzzle Palace, A Report on NSA America's Most Secret Agency (p 35).
Boston: Houghton, Mifflin Co.


Lexicon Universal Encyclopedia, Volume 5. (1987) (p 371). New York: Lexicon Publications Inc.


Khan, D. (1967). The Codebreakers (pp. 394
-
398, 411
-
426). New York: Macmillan Publishing Co.,
Inc.


Way, P (1977). The Encyclopedia of Espionage, Codes and Ciphers (pp 62
-
92). London: The
Danbury Press, Published by Aldus Book.

Information Assurance


Abbruscato, C.R. Data Encryption Equipment, IEEE Communications Magazine, Volumen 22, No.
9 (September 1984)


International Standards Organization (ISO), ISO 7498
-
2
-
1988 (E) Security Architecture.


Muftic, S. (1989). Security Mechanisms for Computer Networks. New York: John Wiley & Sons.


National Bureau of Standard, Federal Information Processing Standards (FIPS), Publication 113,
Computer Data Authentication.


Tanenbaum, A. (1981). Computer Networks.., Englewood Cliffs, New Jersey : Prentice
-
Hall, Inc.


Tanenbaum, A. (1981) Networks Protocols. Computing Surveys, Vol. 13, No. 4.


Wolf, D (2003). Cybersecurity Getting it Right. Statement by the Director of Information Assurance
National Security Agency Before The House Select Committee on Homeland Security
Subcommittee on Cybersecurity, Science and Research & Development hearing on July 22, 2003
to the House of Representatives Select Committee on Homeland Security.