4. TRUST MODELS

Secure use of cryptography requires trust. While secret key cryptography can ensure message confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC, PKC solved the secret distribution problem. There are a number of trust models employed by various cryptographic schemes.

· The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.

· Kerberos, a secret key distribution scheme using a trusted third party.

· Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.

Each of these trust models differs in complexity, general applicability, scope, and scalability.

Types of authority

· Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.

· Assign authority: Establish what actions the holder may or may not take based upon this certificate.

· Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality).

----------------------------------------------------------------------------

Todays latest used cryptographic techniques:Hash algorithms that are in common use today include:Message Digest (MD) algorithms

v Secure Hash Algorithm (SHA)

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. PGP can be used to sign or encrypt e-mail messages with mere click of the mouse.

Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures. And much more techniques used.

Time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys

Encrypt and decrypt messages using any of the classical substitution ciphers discussed, both by hand and with the assistance of programs.

understand the concepts of language redundancy and unicity distance.

Different types of threats to network:

· Application backdoors - Some programs have special features that allow for remote access . Others contain bugs that provide a backdoor , or hidden access , that provides some level of control of the program.

· SMTP session hijacking - SMTP is the most common method of Sending e-mail over the Internet . By gaining access to a list of e- mail Addresses , a person can send unsolicited junk e-mail ( spam ) to thousands of users . This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host , making the actual sender of the spam difficult to trace.

· Operating system bugs - Like applications , some operating systems Have backdoors . Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of .

· Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites . This type of attack is nearly Impossible to counter . What happens is that the hacker sends a request to the server to connect to it . When the server responds with an acknowledgement and tries to establish a session , it cannot find the system that made the request . By inundating a server with these unanswerable session requests , a hacker causes the server to slow to a crawl or eventually crash.

· E-mail bombs - An e-mail bomb is usually a personal attack . Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages .

· Macros - To simplify complicated procedures , many applications allow you to create a script of commands that the application can run . This script is known as a macro . Hackers have taken advantage of this to create their own macros that , depending on the application , can destroy your data or crash your computer .

· Viruses - Probably the most well-known threat is computer viruses . A virus is a small program that can copy itself to other computers . This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data .

· Spam - Typically harmless but always annoying , spam is the electronic equivalent of junk mail . Spam can be dangerous though . Quite often it contains links to Web sites . Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.

· Redirect bombs - Hackers can use ICMP to change ( redirect ) the Path information takes by sending it to a different router . This is one of the ways that a denial of service attack is set up.

Network security can be done by various methods.

1. Virtual Private Network:

A virtual private network ( VPN ) is a way to use a public telecommunication infrastructure , such as the Internet , to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities , but at a much lower cost

Implementation of network security by VPN.

Step 1. - The remote user dials into their local ISP and logs into the ISP’s network as usual.

Step 2. - When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The security server authenticates the user and creates the other end of tunnel.

Fig : a) A leased line private network b) A virtual private network

Step 3. - The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection.

Step 4. - The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote user is also encrypted before being sent over the Internet.