DOCSLIB.ORG

Pulse Secure Cryptomod Security Policy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Pulse Secure Cryptomod Security Policy Pulse Secure Cryptographic Module FIPS 140-2 Level 1 Non-Proprietary Security Policy Version: 2.5 Last Updated: March 2017 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 http://www.pulsesecure.net 1 Pulse Secure Cryptographic Module Revision History Authors Date Version Comment Pulse Secure, LLC 2017-Mar 2.5 Updated based on review comments Pulse Secure, LLC 2017-Feb 2.4 Updated based on review Pulse Secure, LLC 2016-Oct 2.3 Updated based on lab comments Pulse Secure, LLC 2016-Aug-23 2.2 Add Pulse One to platform list Pulse Secure, LLC 2016-Aug-2 2.1 Update per review comments Pulse Secure, LLC 2016-05-25 2.0 186-4 RSA key generation support Update integrity tests to use HMAC- SHA256 Pulse Secure, LLC 2015-12-16 1.1 Deprecation of X9.31 RNG and Dual EC DRBG Pulse Secure, LLC 2014-12-16 1.1 Changes for rebranding 2 Pulse Secure Cryptographic Module Contents Revision History .............................................................................................................................. 2 1 Introduction ............................................................................................................................. 4 2 Tested Configurations .............................................................................................................. 6 3 Ports and Interfaces ................................................................................................................. 7 4 Modes of Operation and Cryptographic Functionality ............................................................. 8 4.1 Critical Security Parameters and Public Keys ...................................................................... 10 4.2 Special Notes on GCM ........................................................................................................ 12 4.3 Special Notes on Entropy ................................................................................................... 12 5 Roles, Authentication and Services ........................................................................................ 14 6 Self-tests ................................................................................................................................. 16 7 Operational Environment ....................................................................................................... 17 8 Mitigation of Other Attacks .................................................................................................... 17 3 Pulse Secure Cryptographic Module 1 Introduction This document comprises the non-proprietary FIPS 140-2 Security Policy for the Pulse Secure Cryptographic Module, hereafter referred to as the Module. Figure 1 - Block Diagram The Module is a software library providing a C-language application program interface (API) for use by other processes that require cryptographic functionality. The Module is classified by FIPS 140-2 as a software module, multi-chip standalone module embodiment. The physical cryptographic boundary is the general purpose computer on which the Module is installed. The logical cryptographic boundary of the Module is the fipscanister object module, a single object 4 Pulse Secure Cryptographic Module Security Policy module file named fipscanister.o. The Module performs no communications other than with the calling application (the process that invokes the Module’s services). The FIPS 140-2 security levels for the Module are as follows: Security Requirement Security Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 2 Finite State Model 1 Physical Security NA Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks NA Table 1 - Security Level of Security Requirements The Module’s software version for this validation is 2.0. 5 Pulse Secure Cryptographic Module Security Policy 2 Tested Configurations Operational Processor Optimizations Hardware Device Environment (Target) 1. IVE OS 2.0 32-bit Intel Atom Processor N270 (x86) None Pulse Secure MAG2600 2. IVE OS 2.0 64-bit Intel Pentium Processor E2160 (x86) None Pulse Secure MAG 4610 3. IVE OS 2.0 64-bit Intel Pentium Processor E2160 (x86) None Pulse Secure MAG SM160 4. IVE OS 2.0 64-bit Intel Core2 Quad Q9400 (x86) None Pulse Secure MAG SM360 5. IVE OS 2.0 64-bit Intel Celeron Processor J1900 (x86) None Pulse Secure PSA300 6. IVE OS 2.0 64-bit Intel Celeron Processor J1900 (x86) None Pulse Secure PSA3000 7. IVE OS 2.0 64-bit Intel Pentium Processor G3420 (x86) None Pulse Secure PSA5000 8. IVE OS 2.0 64-bit Intel Xeon E3-1275v3 (x86) AES-NI Pulse Secure PSA 7000f 9. IVE OS 2.0 64-bit Intel Xeon E3-1275v3 (x86) AES-NI Pulse Secure PSA 7000c 10. Pulse One version 2.0 Intel Xeon E3-1275v3 (x86) AES-NI Pulse Secure PSA 7000f 11. Pulse One version 2.0 Intel Xeon E3-1275v3 (x86) AES-NI Pulse Secure PSA 7000c 12. IVE OS 2.0 64-bit on Intel Xeon E5-2620 v4 None Dell Power Edge VMware ESXi R430/R530, Intel Xeon E5-2620 v4 Table 2 - Supported Platforms 6 Pulse Secure Cryptographic Module Security Policy 3 Ports and Interfaces The physical ports of the Module are the same as the computer system on which it is executing. The logical interface is a C-language application program interface (API). Logical interface type Description Control input API entry point and corresponding stack parameters Data input API entry point data input stack parameters Status output API entry point return values and status stack parameters Data output API entry point data output stack parameters Table 3 - Logical interfaces As a software module, control of the physical ports is outside the Module’s scope. However, when the Module is performing self-tests, or is in an error state, all output on the logical data output interface is inhibited. The Module is single-threaded and in error scenarios returns only an error value (no data output is returned). 7 Pulse Secure Cryptographic Module Security Policy 4 Modes of Operation and Cryptographic Functionality The Module supports Approved and non-approved mode selection of mode depends on which algorithms are chosen from Tables 4a and 4b. Tables 4a and 4b list the Approved and Non- approved but Allowed algorithms, respectively. Table 4c lists Non-approved algorithms not allowed in FIPS-mode of operation. If any algorithm listed in table 4c is chosen, the module is operating in non-FIPS mode of operation. Function Algorithm Options Cert. # [FIPS 197] AES Encryption, [SP 800-38C] CCM ECB; CBC; CCM; GCM 128/ 192/256 AES 4334 Decryption and CMAC [SP 800-38D] GCM [SP 800-38B] CMAC Encryption, Decryption and CMAC generate and verify AES 4341 CURVES (P-224, P-256, P-384, P-521, K-233, K-283, K- ECC CDH Primitive [SP 800-56A] CVL 1046 409, B-233, B-283, B-409, B-571) Random Number [SP 800-90Ar1] DRBG Hash DRBG (SHA-1, all SHA-2 sizes) Generation; Prediction resistance HMAC DRBG (SHA-1, all SHA-2 sizes) DRBG 1384 Symmetric key supported for all CTR DRBG (AES 128/192/256) generation variations Digital Signature and [FIPS 186-4] DSA PQG Ver, Sig Ver (1024 with SHA-1 only) Asymmetric Key (Legacy use only) Generation PQG Ver, Sig Ver (2048/3072 with all SHA-2 sizes) DSA 1152 Digital Signature and [FIPS 186-4] DSA PQG Gen, Key Pair Gen, Sig Gen (2048/3072 with all Asymmetric Key SHA-2 sizes) Generation [FIPS 186-4] ECDSA SigVer: CURVES (P-192: (SHA-1, 224, 256, Encryption, (Legacy use only) 384, 512) P-224: (SHA-1) P-256: (SHA-1) P-384: (SHA- ECDSA 1026 Decryption and CMAC 1) P-521: (SHA-1) K-163: (SHA-1, 224, 256, 384, 512) K- 233: (SHA-1, 224, 256, 384, 512) K-283: (SHA-1) K-409: (SHA-1) K-571: (SHA-1) B-163: (SHA-1) B-233: (SHA-1) B-283: (SHA-1) B-409: (SHA-1) B-571: (SHA-1) ) [FIPS 186-4] ECDSA PKG: CURVES (P-224 P-256 P-384 P-521 K-224 K-256 K- 384 K-521 B-224 B-256 B-384 B-521 ExtraRandomBits TestingCandidates) PKV: CURVES (ALL-P ALL-K ALL-B ) SigGen: CURVES P-224: (SHA-224, 256, 384, 512) P-256: (SHA-224, 256, 384, 512) P-384: (SHA-224, 256, 384, 512) P-521: (SHA-224, 256, 384, 512) K-233: (SHA-224, 256, 384, 512) K- 283: (SHA-224, 256, 384, 512) K-409: (SHA- 224, 256, 384, 512) K-571: (SHA-224, 256, 384, 512) B-233: (SHA-224, 256, 384, 512) B-283: (SHA-224, 256, 384, 512) B-409: (SHA-224, 256, 384, 512) B-571: (SHA-224, 256, 384, 512) ) SigVer: CURVES (P-192: (SHA-1, 224, 256, 384, 512) P-224: (SHA-1, 224, 256, 384, 512) P- 256: (SHA-1, 224, 256, 384, 512) P-384: (SHA-1, 224, 256, 384, 512) P-521: (SHA-1, 224, 256, 384, 512) K-163: (SHA-1, 224, 256, 384, 512) K- 233: (SHA-1, 224, 256, 384, 512) K-283: (SHA- 8 Pulse Secure Cryptographic Module Security Policy 1, 224, 256, 384, 512) K-409: (SHA-1, 224, 256, 384, 512) K-571: (SHA-1, 224, 256, 384, 512 B- 163: (SHA-1, 224, 256, 384, 512) B-233: (SHA- 1, 224, 256, 384, 512) B-283: (SHA-1, 224, 256, 384, 512) B-409: (SHA-1, 224, 256, 384, 512) B- 571: (SHA-1, 224, 256, 384, 512) ) Keyed Hash [FIPS 198] HMAC HMAC with SHA-1, SHA-2 (224, 256, 384, 512) HMAC 2880 Digital Signature and [FIPS 186-4] RSA SigVer9.31, SigVerPKCS1.5, SigVerPSS (1024/4096 with Asymmetric Key (Legacy use only) all SHA sizes) RSA 2345 Generation [FIPS 186-4] RSA SigVer9.31, SigVerPKCS1.5, SigVerPSS (2048/3072 with all SHA-2 sizes) GenKey9.31, SigGen9.31, SigGenPKCS1.5, SigGenPSS (2048/3072with all SHA-2 sizes) Message Digests [FIPS 180-4] SHA SHA-1, SHA-2 (224, 256, 384, 512) SHS 3577 [SP 800-67] Triple- Triple-DES TECB (Encrypt/Decrypt); TCBC (Encrypt/Decrypt) Encryption, DES 2346 Decryption and CMAC Triple-DES [SP 800-38B] CMAC 3-Key Triple-DES; CMAC generate and verify 2347 Table 4a – FIPS Approved Cryptographic Functions The Module supports only NIST defined curves for use with ECDSA and ECC CDH. Refer to the transition tables available at the CMVP Web site (http://csrc.nist.gov/groups/STM/cmvp/). Category Algorithm Description Key Agreement EC Diffie- Non-compliant (untested) Diffie-Hellman scheme using elliptic curve, Hellman supporting all NIST defined B, K and P curves. Key agreement is a service provided for calling process use, but is not used to establish keys into the Module.
Load more

Recommended publications
  • Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition
    KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Promotor: Proefschrift voorgedragen tot Prof. Dr. ir. Bart Preneel het behalen van het doctoraat in de ingenieurswetenschappen door Souradyuti Paul November 2006 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Jury: Proefschrift voorgedragen tot Prof. Dr. ir. Etienne Aernoudt, voorzitter het behalen van het doctoraat Prof. Dr. ir. Bart Preneel, promotor in de ingenieurswetenschappen Prof. Dr. ir. Andr´eBarb´e door Prof. Dr. ir. Marc Van Barel Prof. Dr. ir. Joos Vandewalle Souradyuti Paul Prof. Dr. Lars Knudsen (Technical University, Denmark) U.D.C. 681.3*D46 November 2006 ⃝c Katholieke Universiteit Leuven { Faculteit Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron- isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2006/7515/88 ISBN 978-90-5682-754-0 To my parents for their unyielding ambition to see me educated and Prof. Bimal Roy for making cryptology possible in my life ... My Gratitude It feels awkward to claim the thesis to be singularly mine as a great number of people, directly or indirectly, participated in the process to make it see the light of day.
    [Show full text]
  • Security Evaluation of the K2 Stream Cipher
    Security Evaluation of the K2 Stream Cipher Editors: Andrey Bogdanov, Bart Preneel, and Vincent Rijmen Contributors: Andrey Bodganov, Nicky Mouha, Gautham Sekar, Elmar Tischhauser, Deniz Toz, Kerem Varıcı, Vesselin Velichkov, and Meiqin Wang Katholieke Universiteit Leuven Department of Electrical Engineering ESAT/SCD-COSIC Interdisciplinary Institute for BroadBand Technology (IBBT) Kasteelpark Arenberg 10, bus 2446 B-3001 Leuven-Heverlee, Belgium Version 1.1 | 7 March 2011 i Security Evaluation of K2 7 March 2011 Contents 1 Executive Summary 1 2 Linear Attacks 3 2.1 Overview . 3 2.2 Linear Relations for FSR-A and FSR-B . 3 2.3 Linear Approximation of the NLF . 5 2.4 Complexity Estimation . 5 3 Algebraic Attacks 6 4 Correlation Attacks 10 4.1 Introduction . 10 4.2 Combination Generators and Linear Complexity . 10 4.3 Description of the Correlation Attack . 11 4.4 Application of the Correlation Attack to KCipher-2 . 13 4.5 Fast Correlation Attacks . 14 5 Differential Attacks 14 5.1 Properties of Components . 14 5.1.1 Substitution . 15 5.1.2 Linear Permutation . 15 5.2 Key Ideas of the Attacks . 18 5.3 Related-Key Attacks . 19 5.4 Related-IV Attacks . 20 5.5 Related Key/IV Attacks . 21 5.6 Conclusion and Remarks . 21 6 Guess-and-Determine Attacks 25 6.1 Word-Oriented Guess-and-Determine . 25 6.2 Byte-Oriented Guess-and-Determine . 27 7 Period Considerations 28 8 Statistical Properties 29 9 Distinguishing Attacks 31 9.1 Preliminaries . 31 9.2 Mod n Cryptanalysis of Weakened KCipher-2 . 32 9.2.1 Other Reduced Versions of KCipher-2 .
    [Show full text]
  • Analysis of Lightweight Stream Ciphers
    ANALYSIS OF LIGHTWEIGHT STREAM CIPHERS THÈSE NO 4040 (2008) PRÉSENTÉE LE 18 AVRIL 2008 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SÉCURITÉ ET DE CRYPTOGRAPHIE PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Simon FISCHER M.Sc. in physics, Université de Berne de nationalité suisse et originaire de Olten (SO) acceptée sur proposition du jury: Prof. M. A. Shokrollahi, président du jury Prof. S. Vaudenay, Dr W. Meier, directeurs de thèse Prof. C. Carlet, rapporteur Prof. A. Lenstra, rapporteur Dr M. Robshaw, rapporteur Suisse 2008 F¨ur Philomena Abstract Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of modern lightweight stream ciphers. We derive and improve cryptanalytic methods for dif- ferent building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the develop- ment of secure and efficient stream ciphers. The best-known building block is the linear feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSR-based stream ciphers are the recent algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key.
    [Show full text]
  • Cryptology: an Historical Introduction DRAFT
    Cryptology: An Historical Introduction DRAFT Jim Sauerberg February 5, 2013 2 Copyright 2013 All rights reserved Jim Sauerberg Saint Mary's College Contents List of Figures 8 1 Caesar Ciphers 9 1.1 Saint Cyr Slide . 12 1.2 Running Down the Alphabet . 14 1.3 Frequency Analysis . 15 1.4 Linquist's Method . 20 1.5 Summary . 22 1.6 Topics and Techniques . 22 1.7 Exercises . 23 2 Cryptologic Terms 29 3 The Introduction of Numbers 31 3.1 The Remainder Operator . 33 3.2 Modular Arithmetic . 38 3.3 Decimation Ciphers . 40 3.4 Deciphering Decimation Ciphers . 42 3.5 Multiplication vs. Addition . 44 3.6 Koblitz's Kid-RSA and Public Key Codes . 44 3.7 Summary . 48 3.8 Topics and Techniques . 48 3.9 Exercises . 49 4 The Euclidean Algorithm 55 4.1 Linear Ciphers . 55 4.2 GCD's and the Euclidean Algorithm . 56 4.3 Multiplicative Inverses . 59 4.4 Deciphering Decimation and Linear Ciphers . 63 4.5 Breaking Decimation and Linear Ciphers . 65 4.6 Summary . 67 4.7 Topics and Techniques . 67 4.8 Exercises . 68 3 4 CONTENTS 5 Monoalphabetic Ciphers 71 5.1 Keyword Ciphers . 72 5.2 Keyword Mixed Ciphers . 73 5.3 Keyword Transposed Ciphers . 74 5.4 Interrupted Keyword Ciphers . 75 5.5 Frequency Counts and Exhaustion . 76 5.6 Basic Letter Characteristics . 77 5.7 Aristocrats . 78 5.8 Summary . 80 5.9 Topics and Techniques . 81 5.10 Exercises . 81 6 Decrypting Monoalphabetic Ciphers 89 6.1 Letter Interactions . 90 6.2 Decrypting Monoalphabetic Ciphers .
    [Show full text]
  • Distinguishing Attack on a Modified Version of MAG Stream Cipher Arash Mirzaei1, Mohammad Dakhil Alian2, Mahmoud Modarres Hashemi3
    Distinguishing Attack on a Modified Version of MAG Stream Cipher Arash Mirzaei1, Mohammad Dakhil Alian2, Mahmoud Modarres Hashemi3 Cryptography & System Security Research Lab. (CSSRL) Isfahan University of Technology, Isfahan, Iran [email protected] 2, 3{mdalian, modarres}@cc.iut.ac.ir Abstract MAG is a synchronous stream cipher designed by Vuckovac submitted to the eSTREAM project. Vuckovac also proposed two modified versions of MAG to avoid the distinguishing attack on the first version of MAG presented by Fischer. In this paper we show that, changing the Fischer’s attack we can apply it to one of the modified versions of MAG. The modified attack requires only 514 successive bytes of known keystream and 5 xor and 2 comparison operations between 16 bit words. In addition, we show that distinguishing and key recovery attack proposed by Simpson and Henricksen on all versions of MAG is feasible just by considering an assumption on initialization of MAG that simplifies this step so much. Therefore, their attack cannot be performed in general. Keywords Cryptanalysis, MAG Stream Cipher, Distinguishing Attack, eSTREAM 1. Introduction modified versions of MAG are described in Section 4. The Simpson and Henricksen’s assumption for MAG is a stream cipher which its internal state initialization of MAG is discussed in Section 5 as well consists of 127 registers Ri of 32 bit size, as well as a as their attack. In Section 6, a distinguishing attack on 32 bit carry register C. To produce the keystream, one of the modified versions of MAG is presented. MAG is clocked iteratively.
    [Show full text]
  • Enjoy-ETSI-MAG-October-2020.Pdf
    OCTOBER 2020 THE INTERVIEW Dr Ulrich Dropmann, Nokia. David Kennedy, Eurescom. p.4-5 SHOWCASE Quantum cryptography implemented. p.16 TECH HIGHLIGHTS Teleportation: science fiction or fact? p.18-19 TECHNOLOGY ON THE R.I.S.E. Editorial The Interview Dr Ulrich Dropmann, Nokia. David Kennedy, Eurescom. P4/5 In this edition, we Meet the New are exploring future Standards people technological P6/7 New member breakthroughs, from Interview artificial intelligence Arkady Zaslavsky, Deakin University. to teleportation. P8/9 Tech Highlights Rounding up ICT standards for Europe. The narrative around technology is very In our Spotlight, we showcase how a diverse depending on your audience facility in Geneva implemented a quantum P10/11 but there can be no doubt that ICT is key distribution system to secure their helping us through times when physical data centres, while the main article gives interpersonal interactions are limited. a helicopter view of ETSI’s versatile In the Spotlight Over the last decades, “e” has become offer for researchers and universities. In The ETSI approach to R.I.S.E. a common prefix to several words: Tech Highlights, we explore the latest e-Meetings, e-Tickets and e-Books, research updates on teleportation, while P13-16 for example. But, will there ever be an our exclusive Interviews touch base on e-Human? several promising future applications. In Tech Highlights In this edition, Technology on the R.I.S.E, the Working Together section, SMEs Teleportation: are on stage and can engage in R&D for where R.I.S.E stands for Research, Science fiction or fact? Innovation, Standards and Ecosystem, EU-funded IoT programmes.
    [Show full text]
  • A Technique to MAGCIPHER for Applying a Data Protection Strategy in Hybrid Cloud
    Malaya Journal of Matematik, Vol. 9, No. 1, 670-674, 2021 https://doi.org/10.26637/MJM0901/0117 A technique to MAGCIPHER for applying a data protection strategy in hybrid cloud D. I. George Amalarethinam1 and J. Madhu Priya2* Abstract Cloud computing is sweeping the globe, and because of its many benefits, the need to secure data stored in the cloud is unavoidable. To hold the data, are using cloud deployment models such as public cloud, private cloud, hybrid cloud, and community cloud. To protect user data from ever being compromised in a cloud environment, data protection must be fully enforced. There are many techniques for preserving a customer’s information. Encryption and digital water marking methods are among them. Cryptographic policies often include the task of encrypting the data in order to convert into unintelligible form. The original data will be retrieved once the decryption process is finished. Before the data is shared to the public cloud, it runs through an encryption process. - specifically, data at rest encryption is done. Keywords Cloud Computing, Data Security, Cryptography, water marking, Encryption, Hybrid Cloud. 1,2Department of Computer Science, Jamal Mohamed College, Affiliated to Bharathidasan University, Trichy, Tamil Nadu, India. Article History: Received 22 December 2020; Accepted 19 February 2021 c 2021 MJM. Contents costs, improved performance, instant software updates, un- limited storage capacity, device independence, Increased data 1 Introduction.......................................670 reliability. 1.1 Cloud Security....................... 671 There are three Service models and four Deployment mod- 2 Related works.....................................671 els in cloud computing. Service models are SaaS -Software As a service, PaaS - Platform As a service and Iaas - Infrastructure 3 Problem definition ................................671 As a service.
    [Show full text]
  • CRYPTOGRAPHY and NETWORK SECURITY LECTURE NOTES for Bachelor of Technology in Computer Science and Engineering & Information Technology
    CRYPTOGRAPHY AND NETWORK SECURITY LECTURE NOTES for Bachelor of Technology in Computer Science and Engineering & Information Technology Department of Computer Science and Engineering & Information Technology Veer Surendra Sai University of Technology (Formerly UCE, Burla) Burla, Sambalpur, Odisha Lecture Note Prepared by: Prof. D. Chandrasekhar Rao Dr. Amiya Kumar Rath Dr. M. R. Kabat DISCLAIMER This document does not claim any originality and cannot be used as a substitute for prescribed textbooks. The information presented here is merely a collection by the committee members for their respective teaching assignments. Various sources as mentioned at the end of the document as well as freely available material from internet were consulted for preparing this document. The ownership of the information lies with the respective authors or institutions. CRYPTOGRAPHY AND NETWORK SECURITY BCS- (3-0-1) Credit-4 Module I ( 12 LECTURES) Introduction to the Concepts of Security: The need for security, Security Approaches, Principles of Security, Types of Attacks. Cryptographic Techniques: Plain Text and Cipher Text, Substitution Techniques, Transposition Techniques, Encryption and Decryption, Symmetric and Asymmetric Key Cryptography, Steganography, Key Range and Key Size, Possible Types of Attacks. Module II ( 8 LECTURES) Computer-based Symmetric Key Cryptographic Algorithms: Algorithm Types and Modes, An overview of Symmetric Key Cryptography, DES, International Data Encryption Algorithm (IDEA), RC5, Blowfish, AES, Differential and Linear Cryptanalysis. Module III ( 8 LECTURES) Computer-based Asymmetric Key Cryptography: Brief History of Asymmetric Key Cryptography, An overview of Asymmetric Key Cryptography, The RSA Algorithm, Symmetric and Asymmetric Key Cryptography Together, Digital Signatures, Knapsack Algorithm, Some other Algorithms. Module IV ( 12 LECTURES) Public Key Infrastructure: Digital Certificates, Private Key Management, The PKIX Model, Public Key Cryptography Standards, XML, PKI and Security.
    [Show full text]
  • January 21,1897
    l he Republican Journal. ; MK (U>-_BELFAST, MAINE, THURSDAY, JANUARY 21, 189L miMRT” solute divorce from his wife. Dr. Tiuker The Maine j Legislature. torneys waited on Gov.Powers Monday after- REPUBLICAN JOURNAL was named as co-respondent.Collector noon in the interests of Judge A. D. Cornish PERSONAL. of Customs ! Bisbee of Jacksonville, Fla., What Is Said and bonv at of Lewiston, who is a candidate for the po- KRY THURSDAY MORNING BY THE Augusta* lias received instructions from Iu sition on the bench to be made va- I Washing- the House Jau. Hth Mr. Stetsou of Ban- supreme Justin Bunlin spent Sunday with friends ton to refuse cant the of the term of clearance to the steamer gor presented a petition with bill attached lwMay by expiration in can of the Walton. Bangor. Journal Pub. Co. i Dauntless, the master of which applied Hampden & Winterport Electric Kail- Judge road and Mrs. Helen M. for a clearance for Xeuvitas, Cuba, with a Light Company, over which there Conant spent Sunday with j will be a tight, as two I cargo of arms and ammunition for Cuba. companies want the friends in Bangor. (’ vculation in Ouy and to oonstruct the Both branches of the legislature held short County. James Crafts of the chemical authority line. The bill is to sessions Tuesday. The following matters W. Miller |.Prof. amend certain acts, so as to went to Boston yesterday department of the Massachusetts Institute said were in the house: ^Geo. a! is the PAPER tor Maine sea permit company to build presented for a of tracks, etc Resolve Walton of week.* Technology was Jan.
    [Show full text]
  • The Cryptology of the German Intelligence Services (U)
    ......... ,.....C..&Wil8 TOP SECRET r War II united states cryptologic history The Cryptology of the German Intelligence Services (U) THIS BSEYMENT eeNTAINS CODEWORD MAIERIAL Clqujfj•d I) tJ6A/e!3M 123-2 BcclussiFJ 811. 81i;inalia; A;cucls Bele1mi11aliu11 Reqoi:u<J -+OP SECRET ::ieclassifi ed and appru.;ed for el ease by ~,JSA. on 04- '13-2009 ~1 ursuantto E.O. ·12958, as amended MDR53595 DOCID 3525898 II Contents of this publication should not be reproduced, or further disseminated outside the U.S. Intelligence Community without the permission of the Director, NSA/CSS . Inquiries about reproduction and dissemination should be directed to the Office of Cryptologic Archives and History, T54. ·l • I ___________Jl • DOCID: 3525898 T-8P SEEREf tlMIRA UNITED STATES CRYPTOLOGIC HISTORY SERIES IV World War II Volume4 The Cryptology of the German Intelligence Services (U) David P. Mowry Thia document is classified TOP SECRET UMBRA in its entirety and can not be used as a source for derivative classification decisions. OFFICE OF ARCHIVES AND HISTORY NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE 1989 l8P SEEREt tlMlltA DOCID: 3525898 TOP SEERET l:JMBR:A Table of Contents Page Foreword ...................................................................... v Introduction . 1 Code Systems . 1 Monoalphabetic Substitution . 2 Polyalphabetic Substitution . 3 Digraphic Substitution . 4 Single Transposition: Columnar . 4 Single Transposition: Combs and Grilles . 6 Aperiodic Polyalphabetic Substitution . 9 Single Transposition/Substitution Systems . 10 Double Transposition . 13 Double Transposition/Substitution . 15 The Kryha Machine . 18 The Menzer Devices . 19 The Coast Guard Solution of Enigma: The Commercial Machine . 22 The Coast Guard Solution of Enigma: The Green Machine . 23 The Coast Guard Solution of Enigma: The Red Machine .
    [Show full text]
  • The Estream Project
    The eSTREAM Project Matt Robshaw Orange Labs 11.06.07 Orange Labs ECRYPT An EU Framework VI Network of Excellence > 5 M€ over 4.5 years More than 30 european institutions (academic and industry) ECRYPT activities are divided into Virtual Labs Which in turn are divided into Working Groups General SPEED eSTREAM Assembly Project Executive Strategic Coordinator Mgt Comm. Committee STVL AZTEC PROVILAB VAMPIRE WAVILA WG1 WG2 WG3 WG4 The eSTREAM Project – Matt Robshaw (2) Orange Labs 1 Cryptography (Overview!) Cryptographic algorithms often divided into two classes Symmetric (secret-key) cryptography • Participants using secret-key cryptography share the same key material Asymmetric (public-key) cryptography • Participants using public-key cryptography use different key material Symmetric encryption can be divided into two classes Block ciphers Stream ciphers The eSTREAM Project – Matt Robshaw (3) Orange Labs Stream Ciphers Stream encryption relies on the generation of a "random looking" keystream Encryption itself uses bitwise exclusive-or 0110100111000111001110000111101010101010101 keystream 1110111011101110111011101110111011100000100 plaintext 1000011100101001110101101001010001001010001 ciphertext Stream encryption offers some interesting properties They offer an attractive link with perfect secrecy (Shannon) No data buffering required Attractive error handling and propagation (for some applications) How do we generate keystream ? The eSTREAM Project – Matt Robshaw (4) Orange Labs 2 Stream Ciphers in a Nutshell Stream ciphers
    [Show full text]
  • Secure and Computationally-Efficient Cryptographic Primitive Based On
    Secure and Computationally-Efficient Cryptographic Primitive based on Cellular Automation Rade Vuckovac January 11, 2019 Abstract Mageto, a random number generator based on one-dimensional cellular automaton (CA) is presented. Three procedures of secure implementation using Mageto is proposed and discussed. Implementations are very effi- cient in a wide range of hardware and software scenarios. It includes the advanced application of the Internet of Things (IoT) and cyber-physical systems which are both needed for computationally-efficient cryptographic primitives. Furthermore, the proposed primitive is inherently resistant against the Side Channel Attack (SCA), where many currently available ciphers, such as AES, require additional hardware or software effort to prevent SCA line of attack. 1 Introduction Cellular automaton (CA) cryptographic use is limited. One significant reason is performance. A survey of CA stream ciphers [14] shows that encrypting one megabyte of data requires five seconds at best. One exception is MAG (My Array Generator) [5], which is a Mageto predecessor. It is a one-dimensional cellular automaton (CA). It belongs to a class of three complexity classification schemes p.12 [9]. That means, nearly every initial state evolves in pseudo- random or chaotic fashion. Two significant attributes which make MAG so arXiv:1901.02993v1 [cs.CR] 10 Jan 2019 exceptional are: • MAG is invariant to the cell size. Both 32-bit and 64-bit cells are inves- tigated, and they show the same behaviour. That fact has a huge impact on performance. • MAG update rule is not entirely boolean and SAT solvers tools, which are generally better than brute force [14], could not be applied.
    [Show full text]