MCA644 CU-MCA-SEM-II-Network Security & Cryptography-converted-converted

INSTITUTE OF DISTANCE & ONLINE LEARNING UNIVEESITY Discover. Learn. Empower. NETWORK SECURITY & CRYPTOGRAPHY www.cuchd.in

MASTER OF COMPUTER APPLICATIONS SEMESTER-II NETWORK SECURITY & CRYPTOGRAPHY MCA644 1 CU IDOL SELF LEARNING MATERIAL (SLM)

CHANDIGARH UNIVERSITY Institute of Distance and Online Learning Course Development Committee Prof. (Dr.) R.S.Bawa Pro Chancellor, Chandigarh University, Gharuan, Punjab Advisors Prof. (Dr.) Bharat Bhushan, Director – IGNOU Prof. (Dr.) Majulika Srivastava, Director – CIQA, IGNOU Programme Coordinators & Editing Team Master of Business Administration (MBA) Bachelor of Business Administration (BBA) Coordinator – Dr. Rupali Arora Coordinator – Dr. Simran Jewandah Master of Computer Applications (MCA) Bachelor of Computer Applications (BCA) Coordinator – Dr. Raju Kumar Coordinator – Dr. Manisha Malhotra Master of Commerce (M.Com.) Bachelor of Commerce (B.Com.) Coordinator – Dr. Aman Jindal Coordinator – Dr. Minakshi Garg Master of Arts (Psychology) Bachelor of Science (Travel &Tourism Management) Coordinator – Dr. Samerjeet Kaur Coordinator – Dr. Shikha Sharma Master of Arts (English) Bachelor of Arts (General) Coordinator – Dr. Ashita Chadha Coordinator – Ms. Neeraj Gohlan Academic and Administrative Management Prof. (Dr.) R. M. Bhagat Prof. (Dr.) S.S. Sehgal Executive Director – Sciences Registrar Prof. (Dr.) Manaswini Acharya Prof. (Dr.) Gurpreet Singh Executive Director – Liberal Arts Director – IDOL © No part of this publication should be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording and/or otherwise without the prior written permission of the authors and the publisher. SLM SPECIALLY PREPARED FOR CU IDOL STUDENTS Printed and Published by: TeamLease Edtech Limited www.teamleaseedtech.com CONTACT NO:- 01133002345 For: CHANDIGARH UNIVERSITY 2 Institute of Distance and Online Learning CU IDOL SELF LEARNING MATERIAL (SLM)

First Published in 2020 All rights reserved. No Part of this book may be reproduced or transmitted, in any form or by any means, without permission in writing from Chandigarh University. Any person who does any unauthorized act in relation to this book may be liable to criminal prosecution and civil claims for damages. This book is meant for educational and learning purpose. The authors of the book has/have taken all reasonable care to ensure that the contents of the book do not violate any existing copyright or other intellectual property rights of any person in any manner whatsoever. In the even the Authors has/ have been unable to track any source and if any copyright has been inadvertently infringed, please notify the publisher in writing for corrective action. 3 CU IDOL SELF LEARNING MATERIAL (SLM)

CONTENT Unit 1: Network Security 1 ....................................................................................................5 Unit 2: Network Security 2 ..................................................................................................22 Unit 3: Hash Functions And Message Digests ....................................................................45 Unit 4: Authentication ..........................................................................................................64 Unit 5: Cryptography ...........................................................................................................96 Unit 6: Public Key Cryptography 1 ..................................................................................126 Unit 7: Public Key Cryptography 2 ..................................................................................146 4 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 1: NETWORK SECURITY 1 Structure 1.0 Learning Objectives 1.1 Introduction 1.2 Basic concepts: confidentiality, integrity, availability 1.3 Types of Controls 1.4 Access Control Models 1.5 Security policies 1.5.1 Role of the Security Policy in Setting up Protocols 1.5.2 Structure of a Security Policy 15.3 Types of Policies 1.6 Summary 1.7 Key Words/Abbreviations 1.8 Learning Activity 1.9 Unit End Questions (MCQ and Descriptive) 1.10 References 1.0 LEARNING OBJECTIVES At the end of the unit learner will able to understand and have knowledge of following aspects of Network Security: • Introduction to various basic concepts of security • Understanding various types of control • Having knowledge of various types of Access Control Modes • Knowledge of security policies 5 CU IDOL SELF LEARNING MATERIAL (SLM)

1.1 INTRODUCTION First, let’s define information security. If ten different people were asked to define information security, we might well receive ten different answers, but what is surprising is that they might all be correct. Nevertheless, the universal, classic definition of information security is brief and simple: Information security is the confidentiality, integrity, and availability of information. Indeed, all the principles, standards, and mechanisms you will encounter in this book are dedicated to these three abstract but fundamental goals of confidentiality, integrity, and availability of information and information processing resources—also referred to as the C-I-A triad or information security triad. Information security (InfoSec) enables organizations to protect digital and analog information. InfoSec provides coverage for cryptography, mobile computing, social media, as well as infrastructure and networks containing private, financial, and corporate information. Cybersecurity, on the other hand, protects both raw and meaningful data, but only from internet-based threats. Organizations implement information security for a wide range of reasons. The main objectives of InfoSec are typically related to ensuring confidentiality, integrity, and availability of company information. Since InfoSec covers many areas, it often involves the implementation of various types of security, including application security, infrastructure security, cryptography, incident response, vulnerability management, and disaster recovery. 1.2 BASIC CONCEPTS Confidentiality In the context of information security, confidentiality means that information that should stay secret stays secret and only those persons authorized to access it may receive access. From ancient times, mankind has known that information is power, and in our information age, access to information is more important than ever. Unauthorized access to confidential 6 CU IDOL SELF LEARNING MATERIAL (SLM)

information may have devastating consequences, not only in national security applications, but also in commerce and industry. Main mechanisms of protection of confidentiality in information systems are cryptography and access controls. Examples of threats to confidentiality are malware, intruders, social engineering, insecure networks, and poorly administered systems. Integrity Integrity is concerned with the trustworthiness, origin, completeness, and correctness of information as well as the prevention of improper or unauthorized modification of information. Integrity in the information security context refers not only to integrity of information itself but also to the origin integrity—that is, integrity of the source of information. Integrity protection mechanisms may be grouped into two broad types: preventive mechanisms, such as access controls that prevent unauthorized modification of information, and detective mechanisms, which are intended to detect unauthorized modifications when preventive mechanisms have failed. Controls that protect integrity include principles of least privilege, separation, and rotation of duties—these principles are introduced later in this chapter. Availability Availability of information, although usually mentioned last, is not the least important pillar of information security. Who needs confidentiality and integrity if the authorized users of information cannot access and use it? Who needs sophisticated encryption and access controls if the information being protected is not accessible to authorized users when they need it? Therefore, despite being mentioned last in the C-I-A triad, availability is just as important and as necessary a component of information security as confidentiality and integrity. Attacks against availability are known as denial of service (DoS) attacks. Natural and manmade disasters obviously may also affect availability as well as confidentiality and 7 CU IDOL SELF LEARNING MATERIAL (SLM)

integrity of information, though their frequency and severity greatly differ—natural disasters are infrequent but severe, whereas human errors are frequent but usually not as severe as natural disasters. In cases, business continuity and disaster recovery planning (which at the very least includes regular and reliable backups) is intended to minimize losses. Now that the cornerstone concepts of confidentiality, integrity, and availability have been discussed, let’s take a look at identification, authentication, and authorization processes and methods, which are some of the main controls aimed at protecting the C-I-A triad. Identification Identification is the first step in the identify-authenticate-authorize sequence that is performed every day countless times by humans and computers alike when access to information or information processing resources are required. While particulars of identification systems differ depending on who or what is being identified, some intrinsic properties of identification apply regardless of these particulars—just three of these properties are the scope, locality, and uniqueness of IDs. Identification name spaces can be local or global in scope. To illustrate this concept, let’s refer to the familiar notation of Internet e-mail addresses: while many e-mail accounts named jack may exist around the world, an e-mail address [email protected] unambiguously refers exactly to one such user in the company .com locality. Provided that the company in question is a small one, and that only one employee is named Jack, inside the company everyone may refer to that particular person by simply using his first name. That would work because they are in the same locality and only one Jack works there. However, if Jack were someone on the other side of the world or even across town, to refer to [email protected] as simply jack would make no sense, because user name jack is not globally unique and refers to different persons in different localities. This is one of the reasons why two user accounts should never use the same name on the same system—not only because you would not be able to enforce access controls based on 8 CU IDOL SELF LEARNING MATERIAL (SLM)

non-unique and ambiguous user names, but also because you would not be able to establish accountability for user actions. To summarize, for information security purposes, unique names are required and, depending on their scope, they must be locally unique and possibly globally unique so that access control may be enforced and accountability established. Authentication Authentication, which happens just after identification and before authorization, verifies the authenticity of the identity declared at the identification stage. In other words, it is at the authentication stage that you prove that you are indeed the person or the system you claim to be. The three methods of authentication are what you know, what you have, or what you are. Regardless of the particular authentication method used, the aim is to obtain reasonable assurance that the identity declared at the identification stage belongs to the party in communication. It is important to note that reasonable assurance may mean different degrees of assurance, depending on the particular environment and application, and therefore may require different approaches to authentication: authentication requirements of a national security– critical system naturally differ from authentication requirements of a small company. Because different authentication methods have different costs and properties as well as different returns on investment, the choice of authentication method for a particular system or organization should be made after these factors have been carefully considered. 1.3 TYPES OF CONTROLS Central to information security is the concept of controls, which may be categorized by their functionality (preventive, detective, corrective, deterrent, recovery, and compensating, in this order) and plane of application (physical, administrative, or technical). Physical controls include doors, secure facilities, fire extinguishers, flood protection, and air conditioning. Administrative controls are the organization’s policies, procedures, and guidelines intended to facilitate information security. Technical controls are the various technical measures, such 9 CU IDOL SELF LEARNING MATERIAL (SLM)

as firewalls, authentication systems, intrusion detection systems, and file encryption, among others. Preventive Controls Preventive controls are the first controls met by the adversary. Preventive controls try to prevent security violations and enforce access control. Like other controls, preventive controls may be physical, administrative, or technical: doors, security procedures, and authentication requirements are examples of physical, administrative, and technical preventive controls, respectively. Detective Controls Detective controls are in place to detect security violations and alert the defenders. They come into play when preventive controls have failed or have been circumvented and are no less crucial than detective controls. Detective controls include cryptographic checksums, file integrity checkers, audit trails and logs, and similar mechanisms. Corrective Controls Corrective controls try to correct the situation after a security violation has occurred. Although a violation occurred, not all is lost, so it makes sense to try and fix the situation. Corrective controls vary widely, depending on the area being targeted, and they may be technical or administrative in nature. Deterrent Controls Deterrent controls are intended to discourage potential attackers and send the message that it is better not to attack, but even if you decide to attack we are able to defend ourselves. Examples of deterrent controls include notices of monitoring and logging as well as the visible practice of sound information security management. Recovery Controls 10 CU IDOL SELF LEARNING MATERIAL (SLM)

Recovery controls are somewhat like corrective controls, but they are applied in more serious situations to recover from security violations and restore information and information processing resources. Recovery controls may include disaster recovery and business continuity mechanisms, backup systems and data, emergency key management arrangements, and similar controls. Compensating Controls Compensating controls are intended to be alternative arrangements for other controls when the original controls have failed or cannot be used. When a second set of controls addresses the same threats that are addressed by another set of controls, the second set of controls are compensating controls. 1.4 ACCESS CONTROL MODELS Logical access control models are the abstract foundations upon which actual access control mechanisms and systems are built. Access control is among the most important concepts in computer security. Access control models define how computers enforce access of subjects (such as users, other computers, applications, and so on) to objects (such as computers, files, directories, applications, servers, and devices). Three main access control models exist: the discretionary access control model, the mandatory access control model, and the role-based access control model. Discretionary Access Control (DAC) The discretionary access control model is the most widely used of the three models. In the DAC model, the owner (creator) of information (file or directory) has the discretion to decide about and set access control restrictions on the object in question—which may, for example, be a file or a directory. The advantage of DAC is its flexibility: users may decide who can access information and what they can do with it—read, write, delete, rename, execute, and so on. At the same time, this flexibility is also a disadvantage of DAC because users may make wrong decisions regarding access control restrictions or maliciously set insecure or inappropriate permissions. 11 CU IDOL SELF LEARNING MATERIAL (SLM)

Nevertheless, the DAC model remains the model of choice for the absolute majority of operating systems today, including Solaris. Mandatory Access Control (MAC) Mandatory access control, as its name suggests, takes a stricter approach to access control. In systems utilizing MAC, users have little or no discretion as to what access permissions they can set on their information. Instead, mandatory access controls specified in a system-wide security policy are enforced by the operating system and applied to all operations on that system. MAC-based systems use data classification levels (such as public, confidential, secret, and top secret) and security clearance labels corresponding to data classification levels to decide, in accordance with the security policy set by the system administrator, what access control restrictions to enforce. Additionally, per-group and/or per-domain access control restrictions may be imposed—that is, in addition to having the required security clearance level, subjects (users or applications) must also belong to the appropriate group or domain. For example, a file with a confidential label belonging only to the research group may not be accessed by a user from the marketing group, even if that user has a security clearance level higher than confidential (for example, secret or top secret). This concept is known as compartmentalization or need to know. Although MAC-based systems, when used appropriately, are thought to be more secure than DAC-based systems, they are also much more difficult to use and administer because of the additional restrictions and limitations imposed by the operating system. MAC-based systems are typically used in government, military, and financial environments, where higher than usual security is required and where the added complexity and costs are tolerated. MAC is implemented in Trusted Solaris, a version of the Solaris operating environment intended for high-security environments. Role-Based Access Control (RBAC) 12 CU IDOL SELF LEARNING MATERIAL (SLM)

In the role-based access control model, rights and permissions are assigned to roles instead of individual users. This added layer of abstraction permits easier and more flexible administration and enforcement of access controls. For example, access to marketing files may be restricted to the marketing manager role only, and users Ann, David, and Joe may be assigned the role of marketing manager. Later, when David moves from the marketing department elsewhere, it is enough to revoke his role of marketing manager; no other changes would be necessary. When you apply this approach to an organization with thousands of employees and hundreds of roles, you can see the added security and convenience of using RBAC. Solaris has supported RBAC since release 8. Centralized vs. Decentralized Access Control Further distinction should be made between centralized and decentralized (distributed) access control models. In environments with centralized access control, a single, central entity makes access control decisions and manages the access control system; whereas in distributed access control environments, these decisions are made and enforced in a decentralized manner. Both approaches have their pros and cons, and it is generally inappropriate to say that one is better than the other. The selection of a particular access control approach should be made only after careful consideration of an organization’s requirements and associated risks. 1.5 SECURITY POLICIES In a way they are the regulatory of the behaviours of your employees towards the use of technology in the workplace, that can minimize the risk of being hacked, information leak, internet bad usage and it also ensures safeguarding of company resources. In real life you will notice the employees of your organization will always tend to click on bad or virus infected URL’s or email attachments with viruses. 13 CU IDOL SELF LEARNING MATERIAL (SLM)

1.5.1 Role of the Security Policy in Setting up Protocols Following are some pointers which help in setting u protocols for the security policy of an organization. • Who should have access to the system? • How it should be configured? • How to communicate with third parties or systems? Policies are divided in two categories − • User policies • IT policies. User policies generally define the limit of the users towards the computer resources in a workplace. For example, what are they allowed to install in their computer, if they can use removable storages. Whereas, IT policies are designed for IT department, to secure the procedures and functions of IT fields. • General Policies − this is the policy which defines the rights of the staff and access level to the systems. Generally, it is included even in the communication protocol as a preventive measure in case there are any disasters. • Server Policies − this defines who should have access to the specific server and with what rights. Which software’s should be installed, level of access to internet, how they should be updated. • Firewall Access and Configuration Policies − It defines who should have access to the firewall and what type of access, like monitoring, rules change. Which ports and services should be allowed and if it should be inbound or outbound. 14 CU IDOL SELF LEARNING MATERIAL (SLM)

• Backup Policies − It defines who is the responsible person for backup, what should be the backup, where it should be backed up, how long it should be kept and the frequency of the backup. • VPN Policies − these policies generally go with the firewall policy; it defines those users who should have a VPN access and with what rights. For site-to-site connections with partners, it defines the access level of the partner to your network, type of encryption to be set. 1.5.2 Structure of a Security Policy When you compile a security policy you should have in mind a basic structure in order to make something practical. Some of the main points which have to be taken into consideration are − • Description of the Policy and what is the usage for? • Where this policy should be applied? • Functions and responsibilities of the employees that are affected by this policy. • Procedures that are involved in this policy. • Consequences if the policy is not compatible with company standards. 15.3 Types of Policies In this section we will see the most important types of policies. • Permissive Policy − It is a medium restriction policy where we as an administrator block just some well-known ports of malware regarding internet access and just some exploits are taken in consideration. • Prudent Policy − This is a high restriction policy where everything is blocked regarding the internet access, just a small list of websites are allowed, and now extra 15 CU IDOL SELF LEARNING MATERIAL (SLM)

services are allowed in computers to be installed and logs are maintained for every user. • Acceptance User Policy − This policy regulates the behaviour of the users towards a system or network or even a webpage, so it is explicitly said what a user can do and cannot in a system. Like are they allowed to share access codes, can they share resources, etc. • User Account Policy − this policy defines what a user should do in order to have or maintain another user in a specific system. For example, accessing an e-commerce webpage. To create this policy, you should answer some questions such as − • Should the password be complex or not? • What age should the users have? • Maximum allowed tries or fails to log in? • When the user should be deleted, activated, blocked? • Information Protection Policy − This policy is to regulate access to information, hot to process information, how to store and how it should be transferred. • Remote Access Policy − this policy is mainly for big companies where the user and their branches are outside their headquarters. It tells what should the users access, when they can work and on which software like SSH, VPN, RDP. • Firewall Management Policy − this policy has explicitly to do with its management, which ports should be blocked, what updates should be taken, how to make changes in the firewall, how long should be the logs be kept. • Special Access Policy − this policy is intended to keep people under control and monitor the special privileges in their systems and the purpose as to why they have 16 CU IDOL SELF LEARNING MATERIAL (SLM)

it. These employees can be team leaders, managers, senior managers, system administrators, and such high designation based people. • Network Policy − This policy is to restrict the access of anyone towards the network resource and make clear who all will access the network. It will also ensure whether that person should be authenticated or not. This policy also includes other aspects like, who will authorize the new devices that will be connected with network? The documentation of network changes. Web filters and the levels of access. Who should have wireless connection and the type of authentication, validity of connection session? • Email Usage Policy − This is one of the most important policies that should be done because many users use the work email for personal purposes as well. As a result information can leak outside. Some of the key points of this policy are the employees should know the importance of this system that they have the privilege to use. They should not open any attachments that look suspicious. Private and confidential data should not be sent via any encrypted email. • Software Security Policy − This policy has to do with the software’s installed in the user computer and what they should have. Some of the key points of this policy are Software of the company should not be given to third parties. Only the white list of software’s should be allowed, no other software’s should be installed in the computer. Warez and pirated software’s should not be allowed. 1.6 SUMMARY In this chapter, we explained the fundamental information security concepts and principles, looked at what constitutes good security architectures and practices, and learned that good practices include people, processes, and technology working in concert. We also discussed 17 CU IDOL SELF LEARNING MATERIAL (SLM)

the concepts of accountability, authentication, authorization, privacy, confidentiality, integrity, and non-repudiation, as well as types and functionalities of information security controls and the importance of information systems governance. Network security policies rotate around protecting every resource on a network, right from threats to further exploitation. The policy should be inclusive of all essential network devices, conveyed data; media used for transmission and ought not to only major on the machine established on the network. By the end of this article, you should have understood the various policy aspects where you can impose policies for reliable, secure, and robust network architecture. The policy should be designed by an organization to comply with all its entities to improve its performance and as a defence to possible network vulnerability. Network policy should be strong enough to protect your system against several ways through which it can be compromised such as through code injection, software bugs, malware 1.7 KEY WORDS/ABBREVIATIONS • Information security: is the confidentiality, integrity, and availability of information. • Confidentiality: is the prevention of unauthorized disclosure of information. • Integrity: is the means of ensuring that information is protected from unauthorized or unintentional alteration, modification, or deletion. • Availability: ensures that information is readily accessible to authorized viewers at all times. • Identification: is the means by which a user (human, system, or process) provides a claimed unique identity to a system. • Authentication: is a method for proving that you are who you say you are. • Trust package: An XML file that contains configuration information about the deployment. 18 CU IDOL SELF LEARNING MATERIAL (SLM)

• User Datagram Protocol (UDP): A protocol that allows programs on networked computers to communicate with one another by sending short messages called datagrams. • User ID: A character string that the system uses to identify a user attempting to authenticate 1.8 LEARNING ACTIVITY 1. Discuss the ways to implement information security in any organization 2. Prepare a detail list of Information Security Goals in an Organization 1.9 UNIT END QUESTIONS (MCQ AND DESCRIPTIVE) 19 A. Descriptive Questions 1. Explain C.I.A triad for security. 2. Discuss various types of security policy 3. Discuss and define Access Control Models 4. What are different types of Controls? 5. Describe the role of Network Security Manager in an organization. B. Multiple Choice Questions 1. What type of control is intended to offset deficiencies of other controls? a. Preventive b. Defensive CU IDOL SELF LEARNING MATERIAL (SLM)

c. Compensating d. Recovery 2. Information systems governance is about what? a. Information security b. Effective and risk-aware use of information systems c. Risk management d. All of these 3. What is the advantage of Role-Based Access Control (RBAC) over Discretionary Access Control (DAC)? a. RBAC has no advantages over DAC. b. RBAC is an improved version of DAC. c. RBAC improves management of access control and authorizations. d. RBAC is one level below Mandatory Access Control (MAC). E. All of the above 4. Which authentication method is the most complex to administer? a. What you know b. What you have c. What you are d. Who you are e. All of these 5. What is the purpose of authentication? 20 a. To obtain proof of claimed identity CU IDOL SELF LEARNING MATERIAL (SLM)

b. To implement access control 5.d c. To establish accountability d. All of these Answer 1. c 2.d 3.c 4.c 1.10 REFERENCES • A Role-Based Trusted Network Provides Pervasive Security and Compliance - interview with Jayshree Ullal, senior VP of Cisco • B. A. Forouzan, \"Cryptography & Network Security\", Tata Mc Graw Hill. • Dave Dittrich, Network monitoring/Intrusion Detection Systems (IDS) Archived 2006-08-27 at the Way back Machine, University of Washington. • \"Dark Reading: Automating Breach Detection for The Way Security Professionals Think\". October 1, 2015. • \"Honeypots, Honeynets\". Honeypots.net. 2007-05-26. Retrieved 2011-12-09. • Wright, Joe; Jim Harmening (2009) \"15\" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 257 • \"BIG-IP logout page\" (PDF). Cnss.gov. 1970-01-01. Archived from the original (PDF) on 2012-02-27. Retrieved 2018-09-24. Self-Defending Networks: The Next Generation of Network Security, Duane DeCapite, Cisco Press, Sep. 8, 2006. ISBN 1587052539 • Security Threat Mitigation and Response: Understanding CS-MARS, Dale Tesch/Greg Abelar, Cisco Press, Sep. 26, 2006. ISBN 1587052601 • Securing Your Business with Cisco ASA and PIX Firewalls, Greg Abelar, Cisco Press, May 27, 2005. ISBN 1587052148 21 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 2: NETWORK SECURITY 2 Structure 2.0 Learning Objectives 2.1 Introduction 2.2 Security Attacks 2.3 Integrity check 2.3.1 Understanding the Network Integrity Environment 2.3.2 Overview of Network Integrity Security 2.3.3 Recommended Deployment Topologies 2.4 Hash Algorithm 2.4.1 Features of Hash Functions 2.4.2 Properties of Hash Functions 2.4.3 Secure Hash Algorithms 2.4.4 Design of Hashing Algorithms 2.4.5 Applications of Hash Functions 2.5 Summary 2.6 Key Words/Abbreviations 2.7 Learning Activity 2.8 Unit End Questions (MCQ and Descriptive) 2.9 References 2.0 LEARNING OBJECTIVES At the end of the unit learner will able to understand and have knowledge of following aspects of Security of the network and alerting the network from various security attack. • Introduction to various types of security attacks and methods for preventing them 22 CU IDOL SELF LEARNING MATERIAL (SLM)

• Explain the process of Integrity Check to secure the network • Functions and understanding of Hash Algorithm 2.1 INTRODUCTION Internet is today’s bread-giver as many people rely on it for various professional, social, and personal activities. The communication, sharing of data, business transactions, or in short, the entire trade and commerce industry is dependent on the network. Though the internet can network and connect the world-at-large, some people may attempt to damage and disrupt these networks repeatedly for various reasons. These attackers violate privacy and intrude the internet-connected devices either to retrieve information or to make it inoperable. In the wake of a variety of existing frequent network attacks and the threat of new destructive future attacks, network security has gained prominence in the scope of computer networking. Often, network security engineers, analysts, and administrators are held responsible for the safety of the IT network. Hence, it is important for them to know and understand what the latest and most prominent network security policies are to combat the rising threats. 2.2 SECURITY ATTACKS An insecure application could expose users and systems to various types of damage. When a malicious party uses vulnerabilities or lack of security features to their advantage to cause damage, it is called an attack. We'll take a look at different types of attacks in this guide so you know what to look for when securing your application. Active attacks vs passive attacks Attacks can be divided into two different types: active and passive. Active attacks With an active attack, the attacker tries to break into the application directly. There are a variety of ways this could be done, from using a false identity to access sensitive data 23 CU IDOL SELF LEARNING MATERIAL (SLM)

(masquerade attack) to flooding your server with massive amounts of traffic to make your application unresponsive (denial of service attack). Active attacks can also be done to data in transit. An attacker could modify your application data before it gets to a user's browser, showing modified information on the site or direct the user to an unintended destination. This is sometimes called modification of messages. Passive attack With a passive attack, the attacker tries to collect or learn information from the application but does not affect the application itself. Imagine someone is eavesdropping on your conversation with friends and family, collecting information about your personal life, who your friends are, and where you hang out. The same thing could be done on your web traffic. An attacker could capture data between the browser and the server collecting usernames & passwords, users' browsing history, and data exchanged Common Types of Networking Attacks 1. Virus A virus is not self-executable; it requires the user’s interaction to infects a computer and spread on the network. An example is an email with a malicious link or malicious attachment. When a recipient opens the attachment or clicks the link, the malicious code gets activated and circumvents the systems security controls and makes they inoperable. In this case, the user inadvertently corrupts the device. 2. Malware Malware attack is one of the most severe cyberattacks that is specifically designed to destroy or gain unauthorized access over a targeted computer system. Most malware is self- replicating, i.e., when it infects a particular system, it gains entry over the internet and from 24 CU IDOL SELF LEARNING MATERIAL (SLM)

thereon, infects all the systems connected to the internet in the network. An external endpoint device if connected will also get infected. It works exceptionally faster than other types of malicious content. 3. Worm A worm can enter a device without the help of the user. When a user runs a vulnerable network application, an attacker on the same internet connection can send malware to that application. The application may accept the malware from the internet and execute it, thereby creating a worm. 4. Phishing Phishing is the most common types of network attacks. It stands for sending emails purporting as from known resources or bankers and creating a sense of urgency to excite user to act on it. The email may contain malicious link or attachment or may ask to share confidential information. 5. Botnet It is a network of private computers which are a victim of malicious software. The attacker controls all the computers on the network without the owner’s knowledge. Each computer on the network is considered as zombies as they serve the purpose of spreading and infecting a large number of devices or as guided by the attacker. 6. DoS (Denial of Service) A Denial of Service is a crucial attack that destroys fully or partially, victim’s network or the entire IT infrastructure to make it unavailable to the legitimate users. 25 CU IDOL SELF LEARNING MATERIAL (SLM)

The DoS attacks can be categorized in the following three parts – 1. Connection flooding: The attacker bogs down the host by establishing a large number of TCP connections at the targeted host. These fake connections block the network and make it unavailable to legitimate users. 2. Vulnerability attack: By sending a few well-crafted messages to the vulnerable operating system or application running on the targeted host, stops the service or make it worse to the extent that the host crashes. 3. Bandwidth flooding: The attacker prevents legitimate packets from reaching the server by sending a deluge of packets. The packets sent are large in number so that the target’s link gets blocked for others to access. 7. Distributed Denial of Service (DDoS) It is a complex version of a DoS attack and is much harder to detect and defend compared to a DoS attack. In this attack, the attacker uses multiple compromised systems to target a single DoS attack targeted system. The DDoS attack also leverages botnets. 8. Man-in-the-middle A man-in-the-middle attack is someone who stands in between the conversation happening between you and the other person. By being in the middle, the attacker captures, monitors, and controls your communication effectively. For example, when the lower layer of the network sends information, the computers in the layer may not be able to determine the recipient with which they are exchanging information. 26 CU IDOL SELF LEARNING MATERIAL (SLM)

9. Packet Sniffer When a passive receiver placed in the territory of the wireless transmitter, it records a copy of every packet transmitted. These packets can contain confidential information, sensitive and crucial data, trade secrets, etc. which when flew over a packet receiver will get through it. The packet receiver will then work as a packet sniffer, sniffing all the transmitted packets entering the range. The best defence against packet sniffer is cryptography. 10. DNS Spoofing It is about compromising a computer by corrupting domain name system (DNS) data and then introducing in the resolver’s cache. This causes the name server to return an incorrect IP address. 11. IP Spoofing It is the process of injecting packets in the internet using a false source address and is one of the ways to masquerade as another user. An end-point authentication that ensures the certainty of a message originating from the place we determined would help in defending from IP spoofing. 12. Compromised Key An attacker gains unauthorized access to a secured communication using a compromised key. A key refers to a secret number or code required to interpret secured information without any intimation to the sender or receiver. When the key is obtained by the attacker, it is referred to as a compromised key which serves as a tool to retrieve information. 27 CU IDOL SELF LEARNING MATERIAL (SLM)

2.3 INTEGRITY CHECK An important asset of a unit of information is its integrity which ensures that, at a certain location and time, each bit of the unit has the same numerical value that it did originally. Threats to the integrity of information can be divided into two classes: malicious threats (e.g. an attack on the security of the system), and natural threats 2.3.1 Understanding the Network Integrity Environment When planning your Network Integrity implementation, consider the following: • Which resources must be protected? For example: • You must protect customer data. • You must protect internal data, such as proprietary source code. • You must protect system components from being disabled by external attacks or intentional system overloads. • Who are you protecting data from? For example, if your business has service subscribers, you must protect their data from other subscribers, but someone in your organization might have to access that data to manage it. You can analyse your workflows to determine who needs access to the data; for example, a system administrator could manage your system components without needing to access the system data. • What happens if protections on strategic resources fail? In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource helps you protect it properly 28 CU IDOL SELF LEARNING MATERIAL (SLM)

2.3.2 Overview of Network Integrity Security Figure shows all the various components that can comprise Network Integrity, including the components to which it connects. Each installed or integrated component requires special steps and configurations to ensure system security. Figure 2.1 Understanding the Network Integrity Environment 2.3.3 Recommended Deployment Topologies Figure shows a single-computer installation topology: the simplest Network Integrity deployment architecture. 29 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 2.2 Recommended Deployment Topologies In this topology, all the application components and data are kept on a single system, protected from external attacks by a firewall. The firewall can be configured to block known illegal traffic types. There are fewer resources to secure because all the components are on a single system and all the communication is local. Fewer ports have to be opened through the firewall. Conversely, there are fewer points of attack, and if security is compromised, an attacker would have access to the entire system and data. A single-computer installation topology is best suited for test and lab environments: A single-computer deployment is cost effective for small organizations but does not provide high availability because all components are stored on a single system. Figure shows a tiered installation deployment: a scalable Network Integrity deployment offering greater security and high availability. 30 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 2.3 In this topology, the application tier is isolated by firewalls from both the Internet and the intranet. The database and servers are protected from potential attacks by two layers of firewall. Both firewalls can be configured to block known illegal traffic types. The two layers of firewall provide intrusion containment. Although there are a greater number of components to secure, and more ports have to be opened to allow secure communication between the tiers, the attack surface is spread out 2.4 HASH ALGORITHM Hash functions are extremely useful and appear in almost all information security applications. A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length. Values returned by a hash function are called message digest or simply hash values. The following picture illustrated hash function − 31 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 2.4 HASH ALGORITHM Use of hash functions Document Integrity Verifying the integrity of files / documents / messages. E.g. a SHA256 checksum may confirm that certain file is original (not modified after its checksum was calculated). The above screenshot demonstrates how the SHA256 checksums ensure the integrity of the OpenSSL files at the official Web site of OpenSSL. Storing Passwords Storing passwords and verification of passwords. Instead of keeping a plain-text password in the database, developers usually keep password hashes or more complex values derived from the password (e.g. Scrypt-derived value). The above example comes from the /etc/shadow file in a modern Linux system. The above passwords are stored as multiple-round SHA-512 hashes with salt. 32 CU IDOL SELF LEARNING MATERIAL (SLM)

Generate Unique ID Generate an (almost) unique ID of certain document / message. Cryptographic hash functions almost uniquely identify documents based on their content. In theory collisions are possible with any cryptographic hash function, but are very unlikely to happen, so most systems (like Git) assume that the hash function they use is collision free. Usually a document is hashed and the document ID (hash value) is used later to prove the existence of the document, or to retrieve the document from a storage system. Example of hash-based unique IDs are the commit hashes in Git and GitHub, based on the content of the commit (e.g. 3c3be25bc1757ca99aba55d4157596a8ea217698) and the Bitcoin addresses (e.g. 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2). In the above example the SHA-1 unique ID identifies a certain commit in GitHub. Pseudorandom Number Generation Pseudorandom generation and key derivation. Hash values can serve as random numbers. A simple way to generate a random sequence is like this: start from a random seed (entropy collected from random events, such like keyboard clicks or mouse moves). Append \"1\" and calculate the hash to obtain the first random number, then append \"2\" and calculate the hash to obtain the second random number, etc. We shall give a Python example, implementing the described idea. Proof-of-Work Algorithms Proof-of-work (PoW) algorithms. Most proof-of-work algorithms calculate a hash value which is bigger than certain value (known as mining difficulty). To find this hash value, miners calculate billions of different hashes and take the biggest of them, because hash 33 CU IDOL SELF LEARNING MATERIAL (SLM)

numbers are unpredictable. For example, the proof of work problem might be defined as follows: find a number p, such that hash(x + p) holds 10 zero bits at its beginning. 2.4.1 Features of Hash Functions The typical features of hash functions are − • Fixed Length Output (Hash Value) • Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data. • In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions. • Since a hash is a smaller representation of a larger data, it is also referred to as a digest. • Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits. • Efficiency of Operation • Generally for any hash function h with input x, computation of h(x) is a fast operation. • Computationally hash functions are much faster than a symmetric encryption. 2.4.2 Properties of Hash Functions In order to be an effective cryptographic tool, the hash function is desired to possess following properties − • Pre-Image Resistance 34 CU IDOL SELF LEARNING MATERIAL (SLM)

• This property means that it should be computationally hard to reverse a hash function. • In other words, if a hash function h produced a hash value z, then it should be a difficult process to find any input value x that hashes to z. • This property protects against an attacker who only has a hash value and is trying to find the input. • Second Pre-Image Resistance • This property means given an input and its hash, it should be hard to find a different input with the same hash. • In other words, if a hash function h for an input x produces hash value h(x), then it should be difficult to find any other input value y such that h(y) = h(x). • This property of hash function protects against an attacker who has an input value and its hash, and wants to substitute different value as legitimate value in place of original input value. • Collision Resistance • This property means it should be hard to find two different inputs of any length that result in the same hash. This property is also referred to as collision free hash function. • In other words, for a hash function h, it is hard to find any two different inputs x and y such that h(x) = h(y). • Since, hash function is compressing function with fixed hash length, it is impossible for a hash function not to have collisions. This property of collision free only confirms that these collisions should be hard to find. 35 CU IDOL SELF LEARNING MATERIAL (SLM)

• This property makes it very difficult for an attacker to find two input values with the same hash. • Also, if a hash function is collision-resistant then it is second pre-image resistant. 2.4.3 Secure Hash Algorithms The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including: • SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name “SHA”. It was withdrawn shortly after publication due to an undisclosed “significant flaw” and replaced by the slightly revised version SHA-1. • SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010. • SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA. • SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family. 2.4.4 Design of Hashing Algorithms 36 CU IDOL SELF LEARNING MATERIAL (SLM)

At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of data to create a hash code. This hash function forms the part of the hashing algorithm. The size of each data block varies depending on the algorithm. Typically the block sizes are from 128 bits to 512 bits. The following illustration demonstrates hash function − Figure 2.5 Design of Hashing Algorithms Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes an input of a fixed size, typically a combination of the most recent message block and the output of the last round. This process is repeated for as many rounds as are required to hash the entire message. Schematic of hashing algorithm is depicted in the following illustration − Figure 2.6 Since, the hash value of first message block becomes an input to the second hash operation, output of which alters the result of the third operation, and so on. This effect, known as an avalanche effect of hashing. 37 CU IDOL SELF LEARNING MATERIAL (SLM)

Avalanche effect results in substantially different hash values for two messages that differ by even a single bit of data. Understand the difference between hash function and algorithm correctly. The hash function generates a hash code by operating on two blocks of fixed-length binary data. Hashing algorithm is a process for using the hash function, specifying how the message will be broken up and how the results from previous message blocks are chained together. 2.4.5 Applications of Hash Functions There are two direct applications of hash function based on its cryptographic properties. Password Storage Hash functions provide protection to password storage. • Instead of storing password in clear, mostly all logon processes store the hash values of passwords in the file. • The Password file consists of a table of pairs which are in the form (user id, h(P)). • The process of logon is depicted in the following illustration − 38 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 2.7 Applications of Hash Functions • An intruder can only see the hashes of passwords, even if he accessed the password. He can neither logon using hash nor can he derive the password from hash value since hash function possesses the property of pre-image resistance. 2.5 SUMMARY The global cyber threat continues to evolve at a rapid pace, with a rising number of data breaches each year. A report by Risk Based Security revealed that a shocking 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This figure is more than double (112%) the number of records exposed in the same period in 2018. Medical services, retailers and public entities experienced the most breaches, with malicious criminals responsible for most incidents. Some of these sectors are more appealing to cybercriminals because they collect financial and medical data, but all businesses that use networks can be targeted for customer data, corporate espionage, or customer attacks. 39 CU IDOL SELF LEARNING MATERIAL (SLM)

With the scale of the cyber threat set to continue to rise, the International Data Corporation predicts that worldwide spending on cyber-security solutions will reach a massive $133.7 billion by 2022. Governments across the globe have responded to the rising cyber threat with guidance to help organizations implement effective cyber-security practices. In the U.S., the National Institute of Standards and Technology (NIST) has created a cyber- security framework. To combat the proliferation of malicious code and aid in early detection, the framework recommends continuous, real-time monitoring of all electronic resources. The importance of system monitoring is echoed in the “10 steps to cyber security”, guidance provided by the U.K. government’s National Cyber Security Centre. In Australia, The Australian Cyber Security Centre (ACSC) regularly publishes guidance on how organizations can counter the latest cyber-security threats. 2.6 KEY WORDS/ABBREVIATIONS • A hash: is a function that converts one value to another. • Hashing: is a natural fit for cryptography because it masks the original data with another value. • A hash function: can be used to generate a value that can only be decoded by looking up the value from a hash table. The table may be an array, database, or other data structure. • A checksum: is a small value that is generated based on the bits in a file or block of data such as a disk image. • Virtual host: Physical computer on which a virtual machine is installed. A virtual host helps manage traffic between web-based applications, web-tier deployments, and the associated primary instance and replica instances. 40 CU IDOL SELF LEARNING MATERIAL (SLM)

• Virtual hostname: the publicly-accessible hostname. End users use this virtual hostname to authenticate through the web tier. The system also generates SSL information based on the virtual hostname. • Web tier: A web tier is a platform for installing and deploying the Self-Service Console, Dynamic Seed Provisioning, and the risk-based authentication (RBA) service in the DMZ. 2.7 LEARNING ACTIVITY 1. Draw a detailed study of different application of Hashing in real life 2. Discuss how different hashing functions help to resolve various security needs of organization. 2.8 UNIT END QUESTIONS (MCQ AND DESCRIPTIVE) 41 A. Descriptive Questions 1. Discuss different types of Security attacks 2. What is Integrity Check? 3. Define Hash Algorithm with the help of proper diagram. 4. Explain Distributed denial of services. 5. Discuss various features of Hashing. B. Multiple Choice Questions 1. Which scheme uses a randomization approach? CU IDOL SELF LEARNING MATERIAL (SLM)

a. hashing by division b. hashing by multiplication c. universal hashing d. open addressing 2. Which hash function satisfies the condition of simple uniform hashing? a. h(k) = lowerbound(km) b. h(k)= upperbound(mk) c. h(k)= lowerbound(k) d. h(k)= upperbound(k) 3. What is a hash table? a. A structure that maps values to keys b. A structure that maps keys to values c. A structure used for storage d. A structure used to implement stack and queue 4. If several elements are competing for the same bucket in the hash table, what is it called? a. Diffusion b. Replication c. Collision d. Duplication 42 CU IDOL SELF LEARNING MATERIAL (SLM)

5. Basically, in SHA-512, the message is divided into blocks of size bits for the hash computation. a. 1024 b. 512 c. 256 d. 1248 Answer 1.c 2.a 3.b 4.c 5.a 2.9 REFERENCES • A Role-Based Trusted Network Provides Pervasive Security and Compliance - interview with Jayshree Ullal, senior VP of Cisco • W. Stallings, \"Cryptography and Network Security\", Pearson Education. • Dave Dittrich, Network monitoring/Intrusion Detection Systems (IDS) Archived 2006-08-27 at the Way back Machine, University of Washington. • \"Dark Reading: Automating Breach Detection for The Way Security Professionals Think\". October 1, 2015. • \"Honeypots, Honeynets\". Honeypots.net. 2007-05-26. Retrieved 2011-12-09. • Wright, Joe; Jim Harmening (2009) \"15\" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 257 • \"BIG-IP logout page\" (PDF). Cnss.gov. 1970-01-01. Archived from the original (PDF) on 2012-02-27. Retrieved 2018-09-24. • Deploying Zone-Based Firewalls, Ivan Pepelnjak, Cisco Press, Oct. 5, 2006. ISBN 1587053101 43 CU IDOL SELF LEARNING MATERIAL (SLM)

• Network Security: PRIVATE Communication in a PUBLIC World, Charlie Kaufman | Radia Perlman | Mike Speciner, Prentice-Hall, 2002. ISBN 9780137155880 • Network Infrastructure Security, Angus Wong and Alan Yeung, Springer, 2009. ISBN 978-1-4419-0165-1 44 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 3: HASH FUNCTIONS AND MESSAGE DIGESTS: Structure 3.0 Learning Objectives 3.1 Introduction 3.2 MD2-Algorithm (Padding, checksum, passes.) 3.2.1 MD2 Algorithm Description 3.3 Message Digest Algorithm- MD4 and 5(padding, stages, digest computation) 3.3.1 The Algorithm 3.3.2 Use of MD5 Algorithm 3.3.3 Advantages and Disadvantages of MD5 Algorithm 3.4 Summary 3.5 Key Words/Abbreviations 3.6 Learning Activity 3.7 Unit End Questions (MCQ and Descriptive) 3.8 References 3.0 LEARNING OBJECTIVES At the end of the unit learner will able to understand and have knowledge of Hash Functions and Message Digest and following objectives: • State the Hash Functions • To Know about the Message Digest • Explain algorithm of MD2, MD4 and MD5 45 CU IDOL SELF LEARNING MATERIAL (SLM)

3.1 INTRODUCTION Hash functions are extremely useful and appear in almost all information security applications. A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length. A cryptographic hash function (also called message digest) is a one-way transformation: h: message m of arbitrary length → fixed length value h(m) Properties: • For any message m, it is easy to compute h(m) • Given h(m), there is no way (cheaper than brute force) to find a m that hashes to h(m) •It is computationally impossible to find two different m and m’ which hash to the same value h(m) It is necessary for the transformation that the output must not be predictable: • If 1000 inputs are selected at random, any particular bit in the 1000 resulting outputs should be “1” about half the time • Each output should have about 50% of “1” bits (with high probability) • If two inputs differ only by one bit, the outputs should look like independently chosen random numbers 3.2 MD2-ALGORITHM (PADDING, CHECKSUM, PASSES.) 3.2.1 MD2 Algorithm Description We begin by supposing that we have a b-byte message as input, and that we wish to find its message digest. Here b is an arbitrary nonnegative integer; b may be zero, and it may be arbitrarily large. 46 CU IDOL SELF LEARNING MATERIAL (SLM)

We imagine the bytes of the message written down as follows: m_0 m_1 ... m_{b-1} The following five steps are performed to compute the message digest of the message. Step 1. Append Padding Bytes The message is \"padded\" (extended) so that its length (in bytes) is congruent to 0, modulo 16. That is, the message is extended so that it is a multiple of 16 bytes long. Padding is always performed, even if the length of the message is already congruent to 0, modulo 16. Padding is performed as follows: \"i\" bytes of value \"i\" are appended to the message so that the length in bytes of the padded message becomes congruent to 0, modulo 16. At least one byte and at most 1616 bytes are appended. At this point the resulting message (after padding with bytes) has a length that is an exact multiple of 16 bytes. Let M [0 ... N-1] denote the bytes of the resulting message, where N is a multiple of 16. Step 2. Append Checksum A 16-byte checksum of the message is appended to the result of the previous step. This step uses a 256-byte \"random\" permutation constructed from the digits of pi. Let S[i] denote the i-th element of this table. The table is given in the appendix. Do the following: /* Clear checksum. */ 47 For i = 0 to 15 do: Set C[i] to 0. CU IDOL SELF LEARNING MATERIAL (SLM)

end /* of loop on i */ Set L to 0. /* Process each 16-word block. */ For i = 0 to N/16-1 do /* Checksum block i. */ For j = 0 to 15 do Set c to M[i*16+j]. Set C[j] to S[c xor L]. Set L to C[j]. end /* of loop on j */ end /* of loop on i */ The 16-byte checksum C [0 ... 15] is appended to the message. Let M [0 with checksum), where N' = N + 16. Step 3. Initialize MD Buffer A 48-byte buffer X is used to compute the message digest. The buffer is initialized to zero. Step 4. Process Message in 16-Byte Blocks This step uses the same 256-byte permutation S as step 2 does. Do the following: /* Process each 16-word block. */ For i = 0 to N'/16-1 do 48 CU IDOL SELF LEARNING MATERIAL (SLM)

/* Copy block i into X. */ For j = 0 to 15 do Set X[16+j] to M[i*16+j]. Set X[32+j] to (X[16+j] xor X[j]). end /* of loop on j */ Set t to 0. /* Do 18 rounds. */ For j = 0 to 17 do /* Round j. */ For k = 0 to 47 do Set t and X[k] to (X[k] xor S[t]). end /* of loop on k */ Set t to (t+j) modulo 256. end /* of loop on j */ end /* of loop on i */ 3.5 Step 5. Output The message digest produced as output is X [0 ... 15]. That is, we begin with X [0], and end with X [15]. 49 CU IDOL SELF LEARNING MATERIAL (SLM)