uGefjyLwmuGef,ufvkHNcKHa&; 1/ uGef,ufvkHNcKHa&;qkdwmbmvJ ? Alice xHuae Bob xHukd vQdKU0SufpmwpfapmifykdUvkdw,fqkdygpkdY/ tJ'Dae&mrSm Alice u vkHNcKHrIr&SdwJY qufoG,frIpepfuae Bob wpfa,mufwnf;odvkdYwJY pmwpfapmifukd ykdYrdvkdufw,f/ tJ'DvkHNcKHrIr&SdwJY qufoG,frIpepfuae tjcm;olwpfa,mufu Mum;jzwfzrf;Ekdifw,f^ zwfEkdif w,f/ rvkdvm;tyfwJY tzsufvkyfief;awG vyk faqmifNyD; xyfqifYay;ykdYEkdifw,f/ Bob bufuvJ Alice qDu wu,fykdUvkdufwJY rl&if;pmvkdYvJ xifEkdifw,f/ Alice uvJ olykdYwJY rl&if;twkdif; Bob qD a&mufoGm;NyDvkdY ,lqr,f/ tJ'gqkd&if jyóemaygi;f rsm;pGm jzpaf y:vmygr,f/ tJ'DvHkNcKHwYJ qufoG,frIpepf&zkdY atmufygtcsufrsm;ukd owdxm;&rSm jzpfygw,f/ - Confidentiality (vQdKU0SufOya'o) ay;ykdYolESifh vufcHolESpfOD;wnf;om; ay;ykdUwJY Message &JU Content qkdwm- (1) Sender encrypts message jzpfw,f/ (2) Receiver decrypts message 'grSom Mum;jzwfzrf;,lol (eavesdroppers) u message ukd Mum;jzwfzrf;,l aprdumrl encrypts b,fvkdvkyf&rvJ/ decrypts b,fvkd vkyfxm;&rvJ rod&SdEkdifyg/ xkdokdY ESpfOD;ESpfzufem;vnfxm;aom message &JU Content aMumifh vkHNcKHwJY qufoG,frpI epfukd &&SdrSm jzpfygw,f/ xkdYaMumifY uREfkyfwkdY[m encrypting ESifh decrypting Data rsm;twGuf Cryptographic Techniques ukdavYvmxm;&rnf/ xkdokdYavYvmxm;rSom vkHNcKHrIpepftwGuf Encrypt , Decrypt tokH;jyKwJYtcg aomYcsuf Key awG&JU wnfrDrIukd em;vnfaprnfjzpfonf/ - Authentication (oufaotaxmuftxm;) ay;ykdUolESifh vufcHolESpfOD;pvkH;onf qufoG,frItwGif; tjcm;wpfOD;wpfa,mufrS Mum;0ifí tcGifhta&;,lrI&Sd^r&Sdodxm;oifhonf/ tcsif;csif;awGYqkHrI&SdaevQif txufygudpöukd tvG,fwulajyvnfEkdifonf/ okdYaomfrjzpfEdkifaom Mum;cHrSwqifh qufoG,faomtcg txufyg udpörSm vG,fulawmYrnfr[kwfay/ bmaMumifYvJ/ oifYxHukd e-mail wpfapmifa&mufvmNyD
qkdygpdkU/ tJ'D e-mail u oifYrdwfaqGxJu e-mail vkdYajymxm;w,f/ oifYrdwfaqGxJu e-mail vkdY ,kHMunf&ygYrvm;/ xkdYtwl wpfa,mufa,mufu oifhxHzkef;qufNyD; oifY&JU bPfemrnf? bPf account eHygwfESifh vQdKU0Suf PIN eHygwfawGukd pDppfjcif;jyKvkyf&eftwGuf ar;jref;vmygu oifu zkef;xJuaeajymoifYovm;/ ,kHMunfpdwfcsxm;í r&yg/ xkdYaMumifhuREfkyfwkdYu Atuhertication Techinques ukd vnf; avYvmxm;&rnf/ - Message Integrity and Nonrepudiation (wnfwHUckdifNrJrIESifh ,kHMunfvufcHrI) ay;ykdYolESifhvufcHolESpfOD;vkH;[m qufoG,frItwGif; ajymif;vJjyifqifxm;jcif;r&Sdaom Message awGukd &,lvkdMuonf/ Transports ESifh Data Links Protocals awGu Message Integrity ukd taxmuftulay;Ekdifygonf/ ,if;ukd Checksumming Techniques vkdYac:NyD; uREfkyfwkdY avYvm xm;&ygrnf/ - Availability and Access Control (vkyfykdifciG fhxdef;csKyfjcif;) twdwfumvukd jyefvnfokH;oyfygu uREkfyfwYk\\d uGef,uftwGif;? uRefjyLwmrsm;ESifh Network Infrastructure rsm;onf trsm;tjym;twkduftcdkufcHcJY&NyD; Network Security onf tm; enf;cJYygonf/ emrnfBuD;urÜPDrsm;&JU Website rsm;vnf;twkduftckdufcH cJY&onf/ xkdYaMumihf qufoG,fa&;vkHNcKHrItwGuf vkyfaqmif&ef aemufxyfwpfckxyfrH vkdtyfvmcJYonf/ uGe,f uf twGif;okH;pJGoltcsdKUonf w&m;0ifjzpfaeaomfvnf; tcsdKUonf w&m;0ifokH;pJGolrsm; r[kwfacs/ xkdUaMumifh uGef,uftwGif; okH;pJGolrsm;tm; tqifhtwef;vkdufí &,lokH;pJGykdifcGifh(okdY) vkyfykdifcGifh rsm;uefYowfay;xm;&efvkdtyfygonf/ 2/ Principles of Cryptography (0Sufpma&;jcif;Oya'o) 0Sufpmrsm;a&;om;tokH;jyKcJYjcif;ukd *sL;vD;,ufqDZmvufxufuwnf;u pwifcJYonf/ tifwmeufwGiftokH;jyKaom acwfopf0Sufpma&;om;enf;rsm;ukd vGefcJYaomESpf(30)cefYrS pí tokH;jyKcJYMuonf/ xkdYaMumifY0Sufpmukd a&;om;tokH;jyKcJYMuonfrmS umv&SnfMumcJYNyDjzpfygonf/ Network twGif; tokH;jyKcJYaom0Sufpma&;om;jcif;rsm;rSm EkdifiHa&;ESifh vlrIa&;wkdYtay:wGif rlwnfNyD; tcsdefESifhtrQajymif;vJvmcJY&m ,cktcsdefwGif vkHNcKHrItxl;aumif;rGefaom 0Sufpm
a&;om;jcif;tqifhokdY a&muf&SdvmcJYonf/ 0Sufpma&;om;enf;rsm; aqG;aEG;&rnfqkdygupmtkyf wpftkyfpmavmufpmrsufESmay;&rnfjzpfygonf/ xkdYaMumifh t\"duvkdtyfaom tykdif;ukdom aqG;aEG;oGm;ygrnf/ aqG;aEG;rnfh 0Sufpma&;om;jcif;Oya'o taMumif;t&mrsm;onf Authentication Message Integrity ESifh Nonrepudiation wkdYESifh qufpyfaeaMumif;ukd awGYjrif &ygrnf/ 0Sufpmenf;ynmonf ay;ykdYol\\ Data ukd Mum;jzwfzrf;,loltm; rnfonfh tcsuftvufrQr&atmif jyKvkyfay;onf/ vufcHolrSom rlv Data tm; jyefvnf&,lEkdifonf/ ykH(1)wGifMunfhyg/ Data Data Control, data Secure Secure sender receiver Channe Alice Bob Trudy ykH(1) Sender, receiver and intruder ykH(1)wGif ay;ykdYolrS &kdufESdyfxm;aom Plain text message tm; Encryption Algorithm, KE wGif xnfhoGif;vkdufygu Ciphertext tjzpf&&Sdrnfjzpfonf/ ,if; Ciphertext ukd Mum;jzwf zrf;,lEdkifygu Unknown text tjzpfomawGYjrif&rnfjzpfygonf/ vufcHolxHokdY a&muf&Sdaomtcg vufcHolu Decryption Algorithm, KD jzifh azmfxkwfrSom Ciphertext rS Plain text tjzpf&&Sdrnfjzpfygonf/ ykHaoenf;jzifhazmfjy&vQif M + KE = KE (m) Plain text + encryption = ciphertext
KD (KE(m)) = m Decryption ( Ciphertext) = Plain text N= Plain text, KE = encryption KE(m) = Ciphertext KD = Decryption 2.1/ Symmetric Key Cryptography Symmetric key qkdonfrSm ay;ykdYolESifh vufcHolwkdYwlnDaom key ukd tokH;jyKMuNyD; 4if; key ukd vQdKU0Sufxm;onf/ acwfopf0Sufpma&;om;enf;pepuf kd ravYvmcif *sL;vD;,ufqDZm vufxufu tokH;jyKcJYaom Symmetric key ukd avYvmMunfhyg/ qDZm tokH;jyKcJYaom 0Sufpmjzpf í Caesar Cipher [kac:onf/ t*Fvdyfpm pmvkH;wGif Ceasar Cipher \\ tvkyfvkyfykHrSm Plaintext \\ pmvkH;rsm; ywfvnfpDxm;onf/ Oyrm k = 3 jzpfvQif plain text rS ‘a’ onf ciphertext wGif ‘d’ jzpfvmonf/ xkdYtwl b onf e jzpfvmonf/ ykH(2)wGif Munfhyg/ Plain text a b c d --------- x y z Cipher text d e f g --------- a b c yHk ( 2 ) k \\ wefzkd;ukd key tjzpf owfrSwfjcif;jzpfonf/ Ceasar Cipher rSwpfqifh wkd;wufajymif;vJvmum monoalphabetic tqifhokdY a&muf&Sdvmonf/ 4if;wGifvnf; pmvkH;wpfckpDukd tpm;xkd;pmvkH;xnfhoGif;jcif;jzpfonf/ okdYaomf tpm;xkd;ykHpHrSm ykHaoykHpjHzpfonf/ ykH(3)wGifMunfhyg/
Plain text abcdefghijknmlopqrstuvwhyz Cipher text mn b v c x z a s d f g h j k l p o i u y t r e w q yHk ( 3 ) Monoalphabetic Cipher ay:aygufvm&mwGif Ceasar Cipher xuf ykdrkd aumif;rGefvmaMumif;awGY&onf/ Oyrm t*Fvdyftu©&mwGif “e” ESifh “t” wkdYonf tokH;rsm;aom tu©&mrsm;jzpfonf/ a&wGufMunfhygu “e” onf (13)&mckdifEIef;ESifh “t” onf (9)&mckdifEIef; &Sdonf/ Ceacer Cipher ukd ‘in’ ‘it’ ‘the’ ‘ton’ ‘ing’ paom pmvkH;rsm;ESifh qufpyfazmfxkwfygu vkHNcKHrI aygufMum;rnfjzpfonf/ Monoalphabetic ay:aygufNyD; ESpfaygif;ig;&mcefYMumaomtcg ykdrkdaumif;rGefaom polyalphabetic encryption [laom0Sufpma&;om;enf;ay:aygufvmonf/ polyalphabetic encryption rSm monoaphabetic cipher ukd trsdK;rsdK;vSnfhí okH;pJGjcif;jzpfonf/ xkdokdUokH;pJGjcif;jzifh pmvkH;wlapumrl ae&muJGjym;rIaMumifh 0SufpmpmvkH;rsm; rwlnDawmYay/ Oyrm rwlnDaom Ceasar Cipher ESpfck ( k = 5 ESifh k = 19 ) tokH;jyKonfhqkdygu ykH(4)wGifMunhfyg/ xyfqifh pmvkH;azmfykHpHrSm pmvkH;(5)vkH;pDtwGuf C1, C2, C2, C1, C2 [kowfrSwcf JYaomf “may I have you?” [laompmvkH;ukd encrypt vkyfaomf “ rtr q afox dhz ” [kawGYjrif&rnf/ Plaintext letter: abcdefghijklmnopq rstuvw xyz C1 ( k = 5 ) f g h i j k lmno p q r s t u v wx yz a b cd e C2 ( k = 19 ) t u v w x y z a b c d e f g h i j k l mn o p q r s yHk ( 4 ) Data Encryption Standard (DES) and Advanced Encryption Standard (AES) 1993 ckESpfwGif Symmetric key Encryption rS toGifajymif;vJvmNyD; Data Encryption Standard (DES) [laom ykHpHopfwpfckxyfrHay:aygufvmonf/ DES wGif Plain text ukd encode vkyfonfhtcg 64 bit key ukd tokH;jyKonf/ DES \\ tvkyfvkyfaqmifykHukd ykH(5) wGif azmfjyxm;onf/
64-bit permute 56-bit key L1 R1 48-bit K1 f (L1. R1. L2 R2 48-bit K2 f (L2. R2. L3 R3 48-bit K16 L17 R17 permute 64-bit yHk(5) Basic Operation of DES DES wGif 64 bits key tokH;jyKykHrSm Plain text &SdpmvkH;rsm;ukd 64 bits cJGí b,f 32 bits ESifh nm 32 bits [lí ESpfykdif;cJGjcm;vkdufonf/ ykHpHwl (16)qifhjzifh b,f^nmcJGNyD;0Sufonf/ yxrtqifh b,f 32 bits rSm nm 32 bits jzpfoGm;NyD; nm 32 bits rSm b,f 32 bits jzpfoGm;onf/ wpfenf;qkdaomf yxrtqifhrS output b,f 32 bits ESifh nm 32 bits wkdYrSm 'kwd,tqihf Input twGuf nm 32 bits ESifh b,f 32 bits tjzpfa&muf&SdoGm;onf/ xkdenf;twkdif; tqihf(16)qihf0Sufí aemufqkH;ü 64 bits output tjzpf Encryption text ukd &&Sdrnfjzpfonf/
Decryption vkyfief;pOfrSm Encryption \\ajymif;jyefjzpfonf/ DES pepfrSmvnf; vkHNcKHrItwGuf tmrcHcsufray;Ekdifacs/ xkdYaMumifh ykdrkdaumif;rGefaom 0Sufpmpepfrsm;ukd wDxGifMu&mrS 2001 ckESpf Ekd0ifbmvwGif Advenced Encryption Standard (AES) pepf ay:aygufvmcJYonf/ 4if;pepfukd Rijndael algorithm [kvnf;ac:qdkMuonf/ DES \\ 64 bits key ae&mwGif 128 bits key ukd tokH;jyKxm;í vkHNcKHrIykdrdkaumif;;rGefaponf/ vkHNcKHrIwGufcsufjcif;t& 128 bits key jzifh 0Sufxm;aom 0Sufpmukd wpfpuúefYwGif 255 keys tokH;jyKEkdifaom crack machine jzihf BudK;pm;azmfxkwfygu ESpfaygif; 149 x&D,HrQ Mumrnfjzpfonf/ 2.2 Public key Encryption Symmetric key wGif ay;ykdUolESifh vufcHolESpfOD;vkH; wlnaD om key ukd tokH;jyKMuonf/ tu,fí ESpfOD;ESpfzufawGYqkHEkdifjcif;r&SdbJ Symmetric key ay;&eftcuftcJjzpfcsdefwGif ajz&Sif;&eftwGuf enf;vrf;wpfckxyfrHvkdtyfvmygonf/ xkdrSwpfqifh ,aeYacwfwGif wGifus,fpGm tokH;jyKvQuf&Sdaom prG f;tm;jrifh vkHNcKHrI&Sdonfh Public key cryptography pepfukd 1976 ckESpfwGif tpysdK;wDxGifcJMYuonf/ aemufykdif;wGif ,if;pepfü encryption twGufomru authentication ESifh Digital Signatures paom vkyfaqmifcsufrsm; yg0ifvmonf/ Public key encryption qkd&mü Public key ESifh Private key [lí ESpfrsdK;&Sdonf/ Public key onf ay;ykdUolESifh vufcHoltygt0if okH;pJGoltm;vkH;odMuonf/ Private key onf vufcHol wpfOD;wnf;omod&Sdonf/ twkdaumuftaejzifh Public key ukd KB+ ESifh Private key ukd KB- [kowfrSwof nf/ ay;ykdUolu pmwpfapmifukd ay;ydkYaomtcg Plain text ukd Public key EiS fh encryption vkyfonf/ ,if; encryption pmukd vufcHolu 4if;wpfOD;wnf;od&Sdaom Private key ESifY decryption vkyfí Plain text message ukd &&SdEkdifonf/ ykH(6)wGifMunfhyg/ Public key cryptography aygif;ajrmufjrm;pGm&Sdaomfvnf; RSA algorithm pepftm; avYvmMunfhyg/ RSA onf okawoejyKvkyfol ( Ron Rinest , ADE Shamir ESihf Leonad Adleman ) wkdYokH;OD;xHrS trnftwkdaumuf ,lxm;jcif;jzpfonf/ RSA tm; t\"du taMumif;t&mESpfckjzifh avYvmrnf/ (1) Public ESifh Private key a&G;cs,fjcif; (2) encryption ESifh decryption enf;Oya'
Plaintext Ciphertext KB+ Public encryption key message, m KB+ (m) KB- Private decryption key Encryption Plaintext algorithm message, m Decryption m = KB- ( KB- ( m ) ) algorithm Channe Alice Bob yHk(6) Public Key Cryptography (1) Public ESifh Private key a&G;cs,fjcif;/ (u) (n) tBuD;qkH;t\"dueHygwf p ESifh q ukd a&G;cs,fyg/ p ESifh q wGif encoding ESifh decoding vkyf&ef b,f*Pef;u BuD;vJa&G;cs,f&rnf/ tzJGYtpnf;wpfcktwGuf 1024 bits ESifh vlyk*d¾KvfwpfOD;wpfa,muftwGuf 768 bits ukd tokH;jyK&efa&G;cs,favY&Sdonf/ (c) n = pq ESifh z = (p-1)(q-1) ukdwGufyg/ (*) (n) xufi,foam (e) ukd *Pef;wpfck a&G;cs,fyg/ (z) ESifh bkHqcJGudef;rwlaom (1) r[kwfonfh *Pef;jzpf&rnf/ (e) ukd encryption twGuf tokH;jyKonf/ (C) d ukda&G;yg/ (ed-1) onf z jzifh pm;í jywf&rnf/ (t<uif;r&Sdap&/) (d) ukd decryption twGuf tokH;jyKonf/ d ukd a&G;cs,faomtcg udef;jynfhjzpf&rnf/ wpfenf;qkdaomf ed/z =1 jzpf&rnf/ (i) Public key (KB+) onf (n,e) eHygwftwJGjzpfonf/ private key (KB-) onf (n,d) eHygwftwJGjzpfonf/ ay;ykdYolESifh vufcHol\\tpDtpOfrSm- ay;ykdYolonf message, m ukdykdUonf/ eHygwf n onf eHygwf m xufBuD;&rnf/ (m < n) / encode vkyf&ef me ukd n ESifh pm;yg/ xkdYaMumifh ay;ykdYol encode vkyfNyD;aompmrSm Cipher text c= me mod n jzpfonf/
vufcHolonf cipher text ukd decode vkyf&eftwGuf m=cd mod n jzpfonf/ xkdYaMumifh private key (n) ESifh (d) ukdtokH;jyK&rnf/ Oyrm vufcHolonf p = 5, q = 7 ukda&G;onf/ n = p , q = 35 , z = (p-1)(q-1) = 24 e = 5 ukda&G;onf/ (e = 5 ESifh z = 24 wkdYonf bkHqcJGudef;r[kwfyg/) aemufqkH;wGif (ed-1) onf z jzifhpm;í jywf&rnfjzpfaomaMumifh d=29 ukd (5*29)-1 = 145-1 = 144 = 0 24 24 24 xkdYaMumifh vufcHolonf Public key ESpfcktwGuf n = 35 ESifh e = 5 ukd a&G;onf/ private key twGuf d = 29 ukda&G;í vQdKU0Sufxm;&rnf/ Public key ESpfckukd avYvmMunfhyg/ ay;ykdYol rS ‘L’ ‘O’ ‘V’ ‘E’ [laompmom;ukd ay;ykdYonfqkdygpkdY/ a ukd 1 [lí tpOfvkduftwkdif; z ukd 26 [k,lonf/ Z,m;(1) ESifh (2)ukdMunfhyg/ encryption ESifh decryption vkyfief;pOfukd awGY&rnf/ Plaintext letter m: numeric me Cypertext representation c = me mod n 248832 l 12 759375 17 o 15 5153632 15 v 22 3125 22 e5 10 Z,m;(1) Alice’s RSA encryption Cipertext Cd m = Cd mod n Plaintext C Letter 12 l 481968572106750915091411825223071697 15 L o 12783403948858939111232757568359375 22 O v 851643319086537701956194499721106030592 5 V e 100000000000000000000000000000 E Z,m;(2) Bob’s RSA decryption
3/ Authentication vufcHolu rl&if;ay;ykdYoltrSefjzpfaMumif; oufaotaxmuftxm;jzpfonf/ uREfkyfwkdYwGif oufaotaxmuftxm;&,laom enf;vrf;rsm;pGm&Sdonf/ vltcsif;csif;awG qkHaom tcgwGifvnf;aumif;? w,fvDzkef;ajymí toHMum;onfhtcgwGif vnf;aumif;? ywfpykdUwGif \"gwfykHukdMunfhívnf;aumif;? rSef^rSef oufaotaxmuftxm;qkH;jzwfEkdifonf/ ,ckaqG;aEG;rnfh taMumif;t&mrSm uGef,uftwGif; ae&mESpfckqufoG,af omtcg &,lEkdifonfh oufaotaxmuftxm;jzpfonf/ uGef,uaf y:wGif tajccH message rsm;ESifh Data vJvS,fjcif;wkdYtwGuf wpfckwnf;aom oufaocHtaxmuftxm;rSm authentication protocol jzpfonf/ authentication protocol onf data transfer protocol, routing table exchange protocol ponfh protocol rsm; tvkyfrvkyfcif pwif tvkyfvkyfonf/ authentication protocol onf ay;ykdU^vufcH rSefuefrI&Sd^r&Sdom tjcm; protocol rsm;ukd qufvuftvkyfvkyfcGifhay;onf/ authentication protocol ukd twkdaumuftm;jzifh (ap) [kac:onf/ 3.1/ authentication protocol ap 1.0 t&kd;&Sif;qkH; (ap) jzpfonf/ ay;ykdYolESifh vufcHoljrifawGY&NyD; pum;ajym&ouYJokdU &kd;&Sif;onf/ ykH(7)ukdMunfhyg/ ay;ykdUotl rSefjzpfvQif vufcHolu trSefwu,fodEkdifí ay;ydkUoltwkta,mifjzpfu vufcHolrS jiif;y,foGm;rnfjzpfonf/ Alice Bob Alice Bob I am Alice I am Alice Trudy Trudy yHk(7) Protocol ap 1.0 and a failure scenario
3.2/ authentication protocol ap 2.0 tNrJwrf;qufoG,frI,laejcif;aMumifh IP Address ukdMunfhí tvG,fwulod&SdEkdifonf/ vufcHolu ay;ykdUol\\ IP Address ukdodxm;onf/ ay;ykdUolxHrS message a&muf&Sdaomtcg IP Address ukdMunfhí Authentication ukd&&Sdonf/ wpfenf;qkdaomf Source IP Address rSaeí oufaotaxmuftxm;&&Sdjcif;jzpfonf/ ykH(8)wGifMunfhyg/ Alice Bob I am Alice Alice Bob Alice’s IP addr I am Alice Alice’s IP addr Trudy Trudy yHk(8) Protocol ap 2.0 and a failure scenario qufvufí Network ESifh Data Link Layer wkdYwGif tvkyfvkyfykHtaMumif;ukd avYvm&rnf/ 4if;wGifvnf; cufcJrIr&Sdyg/ Network wpfckwnf;r[kwfbJ Network wpfckESifh wpfck router rsm;jzifh csdwfqufxm;vQif IP wpfckwnf;Munfh&Iygu xifa,mifxifrSm; jzpfEkdifonf/ xkdokdYaom tajctaersdK;wGif first-hop router rSm Link-Layer protocol ukd xyfrHMunfh&INyD; authentication ay;&rnfjzpfonf/ 3.3/ authentication protocol ap 3.0 vQdKU0Suf Password udk tokH;jyKonfh authentication protocol jzpfonf/ uREfkyfwkdYxHwGif&Sdaom PIN eHygwfonf Operating System wpfcktwGuf owfrSwfay;xm;aom login password jzpfonf/ 4if; password onf okH;pJGolESifh oufaocHcGifh tmPmykdifwkdYtMum; vQdKU0SufokH;pJGonf/ http, telnet ESifh FTP wkdYwGif Password Authenitication tokH;jyKxm;onfukd tvG,fwuljrifEkdifonf/ ykH(9)wGif Munfhyg/
Alice Bob Alice Bob I am Alice I am Alice OK password password OK key key Trudy Trudy yHk(9) Protocol ap 3.0 and a failure scenario Passwords rsm;ukd us,fus,fjyefYjyefY tokH;jyKjcif;jzifh uREfkyfwkdYonf ap 3.0 vkHNcKHonf[k xifrSwfEkdifonf/ vkHNcKHrIr&SdEkdifyg/ rdrdtokH;jyKaom Password jzifh login 0ifa&mufum message rsm; jzefYa0ay;ykdUEkdifonf/ xkdYaMumifh ap.3.0 tm;,kHMunf pdwfcspGm okH;pJG&ef roifhyg/ 3.4/ Authentication Protocol ap 3.1 ap 3.1 uJYokdY Password wpfckwnf;okH;pJGjcif;r[kwfbJ Password ukd encrypt vyk íf okH;pJGjcif;jzpfonf/ Password tm; encrypting jyKvkyfjcif;jzifh Passwod ckd;,lrIrS umuG,fEkdifonf/ ay;ykdYolESifh vufcHolwkdYxHwGif wlnDaom Symonetric secrect key &&Sdrnf/ ay;ykdYolu message ay;ykdUonfhtjyif encrypted password ukdygay;ykdYonf/ ,if; encrypted password ukd vufcHolu decrypt vkyfírSefuefrI&SdrSom authentication &&Sdrnfjzpfonf/ ap 3.1 onf Password ckd;,lrIrS umuG,fEkdifaomfvnf; authentication jyóemukd ajz&Sif;Ekdif;jcif;r&Sdacs/ Mum;jzwfzrf;,lolrS yxrwpfBudrfom ay;ykdYol\\ Password ukd encrypt vkyfonfhykHpHukd encrypt vyk fí message trSm;rsm; ay;ykdYEkdifonf/ ykH(9)wGifMunfhyg/xkdYaMumifh Password ukd encrypt vkyfaom ap 3.1 tm; okH;pJG&efoifY^roifh qkH;jzwfEkdifygonf/ 3.5/ Authentication Protocol ap 4.0 ap 3.1 wGif wlnDaom Password ukd xyfcgxyfcg tokH;jyKcJYonf/ ,if;jyóemukd ajz&Sif;&eftwGuf rwlnDaom Password rsm;ukd wpfBudrfpDom tokH;jyKrnfh authentication
jzpfonf/ ay;ykdYolESifh vufcHolESpfOD;tMum; tokH;jyKonfh Password Z,m;ukd oabmwl od&Sdxm;&rnf/ xkd Password Z,m;twkdif; wpfBudrfwGif Password wpfckomtokH;jyK&rnf/ 4if;enf;pepfonfvnf; yg;eyfvSaom Mum;jzwfzrf;,lolESifh awGYqkHygu vkHNcKHa&; usdK;aygufEkdifonf/ xkdYaMumifh ykdívkHNcKHpdwfcs&aom ap 4.0 pepfay:aygufvmonf/ Protocol wpfcktwGuf eHygwfwpfck (R) ukd,lí wpfBudrof mtokH;jyKyg/ qkdvkdonfrSm xkd Protocol tm; wpfBudrwf nf;om tokH;jyKNyD;aemufxyftokH;rjyKjcif;jzpfonf/ ap 4.0 tokH;jyKyHkrSm atmufygwkdif;jzpfonf/ 1. Alice onf Bob xH ‘I am Alice’ [laom message ukdykdYonf/ 2. Bob onf protocol (R) eHygwfukd Alice xHokdYykdYonf/ 3. Alice onf (R) ukd Alice ESifh Bob wkdY\\ Symmetric Secret Key KA-B ukdokH;í encrypt vkyfonfum Bob xHjyefykdYonf/ 4. xkdYaemuf Bob onf vufcH&&adS om encrypt value ukd decrypt vkyfum Alice xHrS ay;ykdYaMumif;aocsmaponf/ NyD;aemuf Alice rSm Authentication &&Sdonf/ ykH(10)ukdMunfhyg/ Alic Bob I am Alice R KA-B (R) yHk(10) Protocol ap 4.0 and no failure scenario 5. vufcHolu value (R) ukdwpfBudrfwnf; tokH;jyKay;ykdYí ay;ykdYolrS jyefvnf ay;ykdUaom encrypted value KA-B (R) ukdMunfhí ay;ykdYolppfrSefaMumif; twnfjyKonfh pepfwpcf kjzpfonf/
3.6/ Authentication Protocol ap 5.0 ap 4.0 wGif Symmetric key cryptography ukd tokH;jyKjcif;tm;jzifh authentication jyóemukdajyvnfaponf/ okdYaomfvnf; ay;ykdYolESifh vufcHolESpfOD;onf Secret Key twGuf yxrqkH;wpfBudrfawGYqkH&ef vkdtyof nf/ ap 4.0 ae&mwGif public key cryptography tokH;jyKjcif;jzifh ap 5.0 jzpfay:vmonf/ ap 5.0 vkyfaqmifykHrSm atmufygtwkdif;jzpof nf/ 1. Alice onf Bob xH ‘I am Alice’ [laom message ydkYonf/ 2. Bob onf protocol (R) eHygwfukd Alice xHykdYonf/ 3. Alice onf ol\\ private key (KA-) ukdtokH;jyKí (R) ukd encrypt vyk uf m KA- (R) value ukd Bob xHydkYonf/ 4. Bob onf Alice \\ public key ukdtokH;jyKí KA-(R)value ukd decrypt vkyfonf/ KA+(KA-(R)) = R /xkdYaemuf R ukdMunfhí Alice tm; authentication &&Sdaponf/ap 4.0 ESifh 5.0 rSm oabmw&m;csif; twlwljzpfonf/ Symmetric key ae&mwGif public key okH;xm;jcif; jzpfonf/ ykH(11)ukdMunfhyg/ Alic Bo I am Alice Bob compute KA+(KA-(R)) = R , R KA-B (R) Authenticating Send me your public key KA+ KA-B (R) yHk(11) Protocol ap 5.0 working correctly
4/ Integrity (taxmuftxm;) uREkfyfwkdYonf ae&mawmfawmfrsm;rsm;ü pm&Gufay:wGif vufrSwfa&;xkd;cJYMu&onf/ &kH;rsm;ESifhpmay;pm,lvkyfief;rsm;wGifvufrSwfa&;xkd;jcif;jzifh4if;wkdYonfvufrSwfa&;xkd;ol\\ pmjzpf aMumif;twnfjyKcJYMuonf/ vuf&Sd digital acwfwGif digital Signature onf Cryptographic enf;ynmwpfckyifjzpfonf/ ,cktcsdeftcgwGif pm&Gufay:wGif vufrSwfa&;xkd;ouJYokdU Digital Signature rsm;jyKvkyfjcif;onfvnf; jiif;y,fí r&Ekdifacs/ Digital Signature rsm;xnfhoGif;jcif;jzifh message rsm;ay:wGif ay;ykdYoljzpfaMumif; twnfjyKaponf/ public key cryptography tm;tokH;jyKjcif;jzifh ,if;enf;ynmtm; vG,fulapygonf/ 4.1/ Digital Signature zef;wD;jcif; ykH(12)wGif Bob onf document wpfapmifukd digital signature a&;xkd;í ykdYvkdufonf/ 4if; sign twGuf Bob onf private key KB- ukd tokH;jyKonf/ KB-(m) jzpfonf/ Bob onf ol\\ document twGuf encrypt jyKvkyfjcif;r[kwf/ vufrSwfwpfcktwGufom jyKvkyfjcif;jzpfonf/ xkdYaMumifh Bob wGif document (m) ESifh encrypt vkyfxm;aom digital Signature KB-(m) ESpfck&Sdaernf/ Message: m Encryption Signed message algorithm KB- (m) Dear Alice, Sorry I have Bob’s private qwemcircadin been key, KB- asdkj;iesezce …………… …………… …………… …………… …………. yHk(12) Creating a digital signature for a document
xkdYtwl Alice wGifvnf; m ESifh KB-(m) &Sdaernf/ olr\\ Bob xHrSvmaom message ukd Bob \\ public key KB+ jzifh digital Signature KB-(m) ESifh document (m) ukdzGifhMunfhonf/ olr\\ wGufcsufrIrSm KB-( KB- (m))=m jzpfonf/ &&Sdaom m onf rlv document ESifh digital Signature wpfxyfwnf;usaom document ukd&&Sdrnf/ - rnfolrqkd private key KB- ukdtokH;jyKí signature ukdwGufcsuf&rnf/ xkdYaMumifh KB+ (KB- (m))=m - private key KB- onf Bob wpfOD;wnf;om od&Sdonf/ Public key, KB+ od&kHESifh private key, KB- ukd rod&SdEkdifay/xkdYaMumifh KB- odxm;aom Bob qDüom (KB+) key wpfckvkH;&Sdaeonf/ Bob taeESifh KB- key ukd rnfolrQ ay;í r&acs/ xkdYaMumifh Digital signature onf uREfkyfwkdY\\ Document rsm;ukd wpfpdwfwpfa'o tjzpfumuG,frIay;onfukd od&Sdxm;&ygrnf/ 4.2/ Message Digests ( message twkdcsKyfjcif;) Public key enf;ynmukdtokH;jyKí Digital Signature jyKvkyfykHukd uREfkyfwkdYjriaf wGYcJY&onf/ encryption ESifh decryption jyKvkyfjcif;onf rsm;jym;aom ukefusp&dwfrsm;jzpfygu wpfrsdK;xyfrHpOf;pm;&efvkdtyfonf/ digital Signing onf ta&;BuD;onf rSefaomfvnf; tBuD;pm; aumfya&;&Sif;vkyfief;rsm;ESifh uav;okH;vkyfief;rsm;Mum; ukefusp&dwfu ykdí ta&;BuD;onf/ rsm;jym;aom Network devices rsm;ESifh omrefvkyf&kd;vkyfpOf Data rsm;ay;ykdYjcif;twGuf encrypt jyKvkyf&efrvkdtyfacs/ okdYaomf aocsmatmif jyKvkyfvkdygu - ay;ykdYol Data Signature tm; oHo,jzpfygu ,if; Signature ukd ppfaq;oifhonf/ - Data rsm; rajymif;vJEdkif&eftwGuf ay;ykdYolrS Data Signature xnfhay;&rnf/ txufazmfjyyg encryption / decryption ESifh signing data rsm; tjyeftvSef encrypt vkyfjcif; decryption vkyfjcif;rsm;ukd xyfwvJvJBuKHawGYcJY&onf/ message digests ukdtokH;jyKí message wpfckvkH; encrypt rvkyfbJ tokH;jyK&aom enf;vrf;wpfckukd aqG;aEG;ygrnf/ message digest onf data rsm;ukd pkpnf;aygif;pyfxm;jcif;jzpfonf/ message digest algorithms onf &Snfvsm;aom message wpfapmif(m) ukd,lí wGufcsufum uspfvpfodyfonf;aom message tjzpfajymif;vJay;jcif;ukd message digest (H(m)) [kac:onf/
message digest onf data rsm;ajymif;vJjcif;ukd umuG,fay;onf/ tu,fí message (m) tm; m’ [k ajymif;vJxm;ygu H(m’) ESifh H(m) ukdufnDjcif;&SdawmYrnf r[kwfyg/ t\"duajymif;vJrIrSm Bob onf message ukd KB-(m) jzifhwGufcsufí digital sign xnfhoGif;vkdufonfhae&mwGif &SdNyD; message, m tm; digital sign xnfhoGif;jcif;jzpfNyD; message KB-(H(m)) ukd &&Sdrnfjzpfonf/ xkdYaMumifY m ESifh KB-(H(m)) wkdYonf twkta,mifjyKvkyfjcif;? ykHwljyKvkyfjcif;wkdY &Ekdifrnf r[kwfawmYacs/ message digest jyKvkyfenf;ukd hash function [kac:onf/ yk(H 13)udkMunyhf g/ hash function onf message m ukd ,lí fixed size &atmifwGufcsufrnf/ message digest algorithm wGifatmufyg*kPfowdå&Sdonf/ - uJGjym;aom message x ESifh y jzpfaom H(x) ESifh H(y) wkdYukd wGufcsufay;Ekdifonf/ ,if;*kPfowdå &Sdjcif;aMumifh message digest onf rl&if; message ae&mü tjcm; message tpm;xkd;jcif;rS umuG,fEkdifonf/ ay;ykdYolonf message m ESifh message digest H(m) wkdYzefwD;NyD;ygu Mum;jzwfzrf;,lolrS tjcm; message ESifh tpm;xkd;í r&jcif;jzpfonf/ Long Message: m Many-to-one Fixed-length hash function message digest: KB- (m) Dear Alice, Sorry I have been qwemcircadin asdkj;iesezce …………… …………… …………… …………… …………. Bob …………. yHk(13) Hash functions are used to create message digest 4.3/ Hash Function Algorithms &kd;&kd; checksum wGufcsufjcif;rsm;wGif tm;enf;csufrsm;&Sdonf/ atmufygwGufcsufrIrsm;ukd Munfhyg/ wpfBudrfvQif four byte tokH;jyKNyD; character wpfckpDESifh byte rsm;aygif;xnfhum checksum wpfckukd wGufcsufygrnf/ Bob onf Alice xHrS $100.99 acs;vkdonf/ xkdYaMumifh
Bobu Alice xH ‘IOU 100.99 Bob’ [laom message wpfapmifydkYvkdufonf/ ASC11 (hexadecimal notation) u &nfñTef;aom 4if;pmrSm 49, 4F, 55, 31, 30, 30, 2E, 39, 39, 42, 4F, 42 jzpfonf/ ykH(14)ukdMunfhyg/ Message ASC11 Representation IOU1 49 4F 55 31 OO.9 30 30 2E 39 9BOB 39 42 4F 42 B2 C1 D2 AC Checksum yHk(14) Initial message have checksum Message twGuf four byte checksum jyKvkyf&mwGif B2 C1 D2 AC ukd&&Sdonf/ ykH(15)ukdMunfhyg/ message “IOU 100.99 BOB” ESifh “IOU 900.19 BOB” wkdYwGif checksum tajzwlnDaeonf/ Message ASC11 Representation IOU9 49 4F 55 39 OO.1 30 42 2E 31 9BOB 39 42 4F 42 B2 C1 D2 AC checksum yHk(15) fraudulent message have checksum þonfukdMunfhjcif;tm;jzifh rlv Data ESifh checksum csif;wlnDaom tjcm; Data wpfckukd jyKvkyfEkdifonf/ xkdYaMumifh Security taejzifh okH;oyfygu checksum twGuf pGrf;tm;jrifh hash Function wpfckvkdtyfonf/ ,cktcsdefwGif MDS message algorithm tm; us,fus,fjyefYjyeftY okH;jyKaeonf/4if;onf 128 bit message ukd four-step process jzifh digest vkyfonf/ wlnDaom message wpfck zefwD;&efjzpfEkdifacs 2128jzpfonf/
5/ Key Distribution and Certification Symmetric key cryptography twGuf ,kHMunfpdwfcs&aomMum;cHukd Key Distribution center (KDC) [kac:onf/ Public key cryptography twGuf ,kHMunfpdwfcs&aom Mum;cHudk Certification Aughority [kac:onf/ 5.1/ Key Distribution Center(KDC) Bob ESifh Alice wkdYonf Symmetric key cryptography ukd okH;í qufoG,fvkdMuonf/ okdYaomf olwkdYonfrawGYqkHEkdifaomaMumifh secret key ukday;í r&acs/ xkdokdYaom tcuftcJrsm;ukd Key Distribution Center tm; tokH;jyKjcif;jzifh ajyvnfapygonf/ KDC onf Server jzpfí rSwfykHwifxm;aom okH;pJGolrsm;twGuf rwlnDaom vQdKU0Suf symmetric key ukdxkwfay;onf/ okH;pJGolurSwfykHwifNyD;aomtcg key ukd server ü install vkyf&rnf/ KDC onf okH;pJGolwpfOD;csif;pDtwGuf secret key ukdodon/f xkdYaMumifhokH;pJGolwkdif;u KDC \\ key ukd tokH;jyKí vkHNcKHpGmqufoG,frIjyKvkyfEkdifonf/ key wpfckonf okH;pJGolwpfOD;om cGifhjyKxm;NyD; rSwfykHwifxm;aom okH;pJGolwpfOD;ESifh vkHNcKHpdwfcspGm qufoG,frIjyKvkyfEkdifonf/ Alice ESifh Bob wkdYonf KDC rS okH;pJGolrsm;jzpof nf/ olwkdYwGif udk,fykdif key wpfckpD&Sdonf/ vkyfaqmifykHtqifhqifYukd ykH(16)wGifazmfjyxm;onf/ yHk(16) Setting up a one-time session key using a key distribution center
Alice (A) onf KA-KDC ukdokH;í Bob(B)ESifh qufoG,fvkdaMumif;ukd KDC xH message ykdUvkdufon/f ,if; message twkdaumufrSm KA-KDC(A,B)jzpfonf/ 1. KDC onf,if; message ukdodí decrypt vkyfonf/ KDC xkwfay;aom random eHygwfrSm (R1)jzpfonf/ 4if;onf Alice ESifh Bob wkdYqufoG,frnfh symmetic encryption \\ shared key jzpfonf/ ,if; key onfwpfBudrftokH;jyK&eftwGufjzpfonf/ xkdYaMumifh KDC rS Alice xHokdU KA-KDC ukdtokH;jyKí encrypt vkyfxm;aom message ukdykdYonf/ message ü xnhfoGif;ay;vkdufaom value rsm;rSm atmufygtwkdif;jzpof nf/ - Alice ESifh Bob wkdYwpfBudrfomtokH;jyKEkdifaom key R1 - KDC rS A ESifh R1wefbkd;ukd encrypt vkyfxm;aom Bob tokH;jyKEkdifrnfh KB-KDC xkdYaMumifh KDC rS Alice xHykdYaom message rSm KA-KDC {R1,KB- KDC(A,R1)} jzpfonf/ 2. Alice onf ,if; message ukdvufcH&Sdaomtcg R1ukd extract vkyfonf/ xkdtcg Alice rSm shared key ukd&&Sdonf/ xkdYtwl Alice onf KB- KDC(A,R1) ukd extract vkyfí Bob xHokdYykdYonf/ 3. Bob onf vufcH&&Sdaom KB-KDC (A,R1) ukd KB-KDC tokH;jyKí decrypt vkyfonf/ A ESifh R1 ukdvnf; extract vkyfonf/ xdktcg Bob onf share key R1 ukod dí A onf rnfoljzpfaMumif;ukd odoGm;onf/ 5.2/ Public key Certification Certification Authority (CA) onf Public key xkwfay;aom Xmejzpfonf/ CA onf vkHNcKHpdwfcs&aomw&m;0if taxmuftxm;ukd xkwfay;onf/ CA wGif atmufygu@rsm; yg0ifonf/ - CA onf vlwpfOD;? Router wpfckponfh owfrSwfcsufrsm;ukd rSefuefaMumif; twnfjyKay;onf/
- xkdYtwl CA onf Public key twGuf oufaotaxmuftxm; (certificate) ukd zefwD;ay;onf/ 4if; certificate onf digital enf;ynmjzpfonf/ ykH(17)ukdMunfhyg/ yHk(17) Bob obtains a certificate from the certification authority. CA onf Mum;jzwfzrf;,lolrsm;ukd rnfokdY tumtuG,fay;onfukd atmufyg twkdif;od&SdEkdifonf/ Alice onf CA \\ Public key ukdtokH;jyKí Bob \\ CA vufrSwfukd ppfaq;onf/ CA ESifh Public key onf ykHESdyfxkwfa0xm;aomaMumifh rnfolrqkdodEkdiof nf/ xkdYaMumifh Alice onf Bob \\ CA tm; ,kHMunfrIr&SdvQif ykHwGifjyxm;onfhtwkdif; CA rS Public key encryption ukd &,lonf/ uREfkyfwkdYonf CA Certificate ukd Internet Explorer wGif Tools, Internet Options, Content, Certificate wGif odrf;Ekdifonf/ pHcsdefpHñTef;rSD CA xkwfay;Edkifaom tzJGUtpnf;(2)ckrSm International Telecommunication Union (ITU) ESifh Internet Engineering Task Force (IETF) wkdUjzpfonf/ 6/ Access Control: Firewalls Firewall qkdonfrSm Hardware ESifh Software aygif;pyfxm;NyD; Internet Network twGuf Internet rSvmaom Packets rsm;om cGifhjyKNyD; tjcm;rvkdtyfaom aESmuf,SufrIrsm;ukd wm;qD;ay;onf/ Firewall \\ Access Control ukd administrator u xdef;csKyfNyD; jyifyavmuESifh pDrHcefYcJGEkdifaom Network wkdYukd vkdtyfovkd xed f;ñ§day;onf/ ykH(18)ukdMunfhyg/
yHk(18) Firewall placement between the administered network and the outside world. Firewall onf pDrHcefYcJGEkdifaom Network ESifh Internet Mum;eH&HozG,f um&Hay;onf/ tzJGYtpnf;twGuf multiple levels ukd tokH;jyKí Point wpfckESifhom csdwfqufonf/ xkdYtjyif pDrHcefYcJGrIjyKvkyfjcif;ESifh vkHNcKHa&;tqifhtwef;owfrSwfjcif;wkdYukd tvG,fwulaqmif&GufEkdifonf/ 6.1/ Packet Filtering (packet ppfxkwfjcif; ) tzJGYtpnf;wpfcktwGif; Internet Network twGuf gateway router wpfck&SdNyD; Internet twGuf ISP wpfckESifh csdwfqufonf/ Internal Network twGuf packet t0iftxGufrsm;onf router ukd jzwfoef;&onf/ 4if; router wGif Packet filtering udk jyKvkyfonf/ Packet filter (rnfonfh Packet ukdcGifhjyKonf/rnfonfh Packet ukdcGifhrjyK) ukd administrator u owfrSwfonf/ filttering twGuf atmufygwkdYukd tajccH pOfpm;onf/ - IP Source (okdY) OD;wnfonfh IP address - TCP (okdY) UDP ESifh OD;wnfonfh port eHygwf - ICMP message ykHpH - TCP (okdY) ACK tokH;jyKxm;aom qufoG,frIvrf;aMumif; ta&;BuD;qkH; Firewall owfrSwfcsufrsm;onf vG,fulpGmaqmif&Gufaomfvnf; vkdtyfovkd tcef;u@wGif yg0ifonf/ rsm;jym;vSaom owfrSwfcsufrsm;ukdvnf; pDrHcefYcJGrIay;EkdifvQif vkHNcKHrI ykdrkd &&Sdrnfjzpfonf/
6.2/ Application Gateway Firewall wGif packet Filter tm; okH;ouJYokdU ykdrkdaumif;rGefaom vkHNcKHrIpepfukd &&Sd&ef application gateway ESifh aygif;pyftokH;jyK&onf/ application gateway qkdonfrSm txl;jyKvkyfxm;aom application server wpfcjk zpfí application data rsm;ukd jzwfoe;f cGifah y;onf/ Application gateway onf Internal users rsm;twGuf telnet jzifh tjyifokdY rxGuf&efESifh external users rsm;tm;vkH; rdrd network okdY r0ifa&mufEkdif&ef design jyKvkyfxm;onf/xkdYtwl router twGif;&Sd packet filter ESifh telnet application gateway wkdYaygif;pyftokH;jyKjcif;jzifh vkHNcKHrIpepf ykdrkdaumif;rGefaponf/ ykH(19)ukdMunfhyg/ yHk(19) Firewall consisting of an application gateway and a filter Router &Sd filter wGif application gateway ü owrf Swfxm;aom IP address rsm;rSty telnet connection rsm;tm;vkH;ukd r0ifa&mufEikd f&ef wm;qD;xm;Ekdifonf/ Telnet jzifh jyifyokdYoGm;a&mufvkdaom Internal user twGuf User name / password cGifhjyKay;onf/
wpfcgwpf&H Internet Network wGif multiple application gateway &Sdwwfonf/ Oyrm Telnet, FTP,HTTP ESihf e-mail wkdYtwGuf gateway jzpof nf/ tzJGYtpnf;wpfck\\ mail server ESifh web cache (proxy) wkdY wdusaocsmaom tykdvkyfaqmifcsufrsm;ukdvnf; jyKvkyfEkdifonf/ ,if;rSm - xnfhoGif;xm;aom software onf user awmifqkdaom application gateway ukdjzwfí external server okdY csdwfqufvkdjcif;ESifh rnfokdY external server ukd csdwfquf&rnfukd ajymqkd&efod&Sdjcif;(okdY) - aplication gateway tm; jzwfí external server okdYwdwdusus csdwfqufEkdifjcif; tcsKyftm;jzifhqkdaomf firewall (jyifyrS vmaom Intenal Network twGuf) tm;vkH;ukd ajz&Sif;ay;onf/ application gateway onf firewall tvkyfrvkyfEkdifaom external network okdY xGufvkdonfh Internet user rsm;twGuf vkHNcKHrIqkdif&m upd ö&yfrsm;ukd ajz&Sif;y;onf/ 7/ Attack and Countermeasures (wkdufckdufjcif;ESifh wefjyefpDrHcsuf) Codered worm ESifh Melissa virus tp&SdonfwkdYukd network twGif;okdY 0ifa&mufí vkHNcKHa&;aqmif&Gufcsufrsm;tm; Internet rSwpfqifh wkdufckdufEkdifonf/ 4if;wkdYonf Internet xJü jzefYusufxm;NyD; Operation System (OS) ESifh application Softwere rsm;tm; wkdufckduf zsufqD;avY&Sdonf/ xkdYaMumifh uREkfyfwkdY Network ukd twkdufcH&jcif; ESifh ywfoufí aqG;aEG; oGm;ygrnf/ 7.1/ Mapping ,aeYacwfwGif ukojcif;xuf umuG,fjcif;onf ykdí xda&mufonf [laom pum;ykHukd vlwkdif;vufcHxm;;Muonf/ wkdufckdufolrsm;onf Network wpfckukd wkdufckdufrIrpwifrD Operating System ESifh IP address wkdYukd OD;pGm od&Sd&onf/ ,if; information wkdYukd &&SdrSom wkdufckdufrIukd pwifEkdifonf/ xkdokdY information rsm;&,ljcif;ukd mapping vkyfjcif;[kac:onf/ Command mode rSaeí ping ac:jcif;jzifh IP address ac:jcif;jzifh IP address ukd od&SdEkdifouJYokdY port scanning vkyfjcif;jzifh pufwpfck\\ port eHygwfwkdYukd od&SdEkdifonf/ firewall
rsm;onf mapping vkyfjcif;ukd wm;qD;ay;í jzpfay:vmonfh tajctaersm;ukd network manager xH owif;ydkYay;onf/ 7.2/ Packet sniffing (packet &SmazGjcif;) Packet sniffer onf data link layer &Sd data rsm;ukd vufcHaom network attached device ay:wGif tvkyfvkyfaom program wpfckjzpfonf/ Ethernet Card (NIC) rsm;onf packet Sniffer wm0efxrf;aqmifonf/ 4if; packet sniffer onf promiscuous mode tjzpf owfrSwfvQif vufcH&&Sdaom Ethernet frame rsm;tm;vkH;ukd cGifhjyKonf/ Ethernet frame rsm;onf application level wGif application programs rsm;ukdyg cGifhjyKay;Ekdifonf/ ykH(20)ukdMunfhyg/ yHk(20) Packet sniffing ykHwGif A rS B okdY Telnet jzifh0ifa&muf&ef login password ukday;ykdYonf/ xkdYtwl C okdYvnf; password twGuf &SmazGvkdufonf/ &&Sdvkdufaom user rsm;\\ password ukdtokH;jyKí pwifwkdufckdufjcif;jyKvkyfEkdifonf/ packet sniffing onf ESpfzufcRefpmESifhwlonf/ 4if;onf wefzkd;rjzwfEkdifaom Network administrator tvkyfudk vkyEf kdifouJYokdY hacker wpfa,mufuJYokdYvnf; jyKvkyfEkdifonf/ packet sniffing software rsm;ukd Website awmfawmfrsm;rsm;wGif tcrJY &,lEkdifonf/ vkyif ef;pOfvkyfaqmifEkdif&eftwGuf application level wGif data program wnfaqmuf&efomvkdtyfonf/
packet sniffing ukdumuG,fay;aom key onf Network Interfaces rsm;ukd umuG,fay;onf/ Enterprise Level wGif Network Manager rsm;onf Enterprise Computer rsm;ukd umuG,fay;&ef ,if; key rsm;ukd Install vkyfxm;onf/ xkdokdYjzifh Interface rsm;ukd remote rS 0ifa&mufjcif;ukd umuG,fay;onf/ 7.3/ Spoofing(vSnfjzm;jcif;) rnfonfh Internet-connected device rqkd network twGif;okdY IP Diagram ukd ay;ykdYEkdifonf/ Network device software ukd tjynft0 xdef;csKyfEkdifaom user wpfa,mufonf network twGif;&Sd IP address rsm;ukd vkdovkd jyKjyifrIrsm; vkyfaqmifEkdifonf/ þokdYjyKvkyfjcif;ukd spooting jyKvkyfjcif;[kac:onf/ tcsdKU ae&mrsm;wGif IP spooting wkdufckdufjcif;rS umuG,f&ef IP address ukd azsmufxm;onf/ þokdYjzifh IP address tm; Spooting vkyfjcif;ukd cufcJaponf/ 7.4/ Denial-of –Service and Distributed Denial-of-Service Attack vkHNcKHrINcdrf;ajcmufcH&aom tajctae wpf&yfukd Denial-of-service(DOS) attack [kac: onf/ w&m;0ifokH;pJGaeaom user rsm;\\ Network, host ESifh tjcm;aom Network Intrastructure rsm;ukd okH;pJG&efr&&SdEkdifatmif DoS u wkdufckdufavY&Sdonf/ SYN Flooding onf Spooted IP address &Sdí Server &Sd TCP SYN packet rsm;ukd tjyif;txefwkdufckdufonf/ xkdYaMumifh Server onf vuf&Sd SYN ESifh wkdufckdufcH&aom spooted SYN wkdYukdcJGjcm;Ekdifjcif;r&SdawmYacs/ xkdYaemuf Server \\ Connection ajrmufrsm;pGmjzpfay:vmNyD; Memory rsm; avsmYusvmum Server rS vkyfaqmifwmrsm;ukd vkyfaqmifEkdifjcif;r&SdawmYacs/ xkdYtwl NyD;jynfpkHjcif;r&Sdaom IP tykdif;? tykdif; rsm;ukd host qDokdY ay;ykdYonf/ host wGifvnf; ,if; IP rsm; qufvufay;ykdYjcif;jzihf Storage memory avsmYusEkdifonf/ xkdtcg host onf ,if; IP rsm;ukd tppftrSef xifrSwfí ICMP (Internet Control Message Protocol ) awmif;qkdrIrsm;ukd Reply jyefay;onf/ awmif;qkdrIrsm; wajz;ajz;rsm;vmí reply jyefrIrsm;vnf; rsm;jym;vmum host onfvnf; vkyfief;rsm; &yfqkdif;oGm;onf/
Distributed Denial-of-Service (DDOS) wGif wkdufcdkufolonf Internet rSaeí host rsm;ay:&Sd user rsm;\\ account rsm;ukd OD;pGm&,lonf/ ykH(21)ukdMunhfyg/xkdYaemuf ,if; host rsm;okdY 0ifa&muf&m wdwfwqdwf rEkdif0efxrf;aqmif&aom slave program ukd Install vkyfonf/ 4if; slave program rsm; pwiftvkyfvkyfaom tcg DOS attack onf ,if; host rsm;ukd pwifwkdufckdufonf/ xkdtcg ajrmufrsm;pGmaom host rsm;onf wpfcsdefwnf; wpfNydKifwnf; DOS attack \\ wkdufckdufjcif;ukd cH&awmYonf/ yHk(20) A distributed denial-of-service attack DOS ESihf DDOS wkYdonf ukd,fwdkiuf muG,fEdki&f ef cufcJonf/ Firewall rS packet filter jyKvkyfxm;ygu attack jyKvkyfaom packet rsm;ukd umuG,fEkdifaomfvnf; w&m;0if packet rsm;ukd vnf; cGifYjyKawmYrnf r[kwfacs/ okawoejyKvkyfrIrsm;t& 4if;wkdYukd umuG,f&ef IP Assign ay;olrS Router wGif DOS Datagram \\ Source IP rsm;ukd filter jyKvkyfjcif;onfom taumif;qkH;jzpfaMumif;awGY&Sd&onf/ 7.5/ Hijacking (tydkifpD;jcif;) Alice ESifh Bob wdkUonf qufoG,frI,laepOf Trudy onf olwdkESpfOD;Mum; Packet flow udk apmifhMunfhaeonf/ ,if;jzpfpOfwGif Trudy onf Hijack jyKvkyfEdkifonf/ Trudy onf Bob udk Alice ESifh qufoG,fvdkaMumif; ,HkMunfatmifajymonf/ xdkUaemuf Trudy onf Alice xH DoS Attack jzifh pwifwdkufcdkufonf/ Alice ESifh Bob wdkUqufoG,frI,lpOf tcsdefuwnf;u Trudy
onf Alice rS Bob xH qufoG,faom TCP connection \\ tajctae t&yf&yf ( Oyrm- Sequence number, ACK number, receiver advertised window ponf) wdkUudk od&Sdxm;onf/ Trudy onf Bob xH Alice \\ Address udktoHk;jyKí spoof IP udkydkUvdkufonf/ ,if;wGif TCP Segment ESifh &SKyfaxG;aom jyóem rsm;yg0ifonf/ trSefrSm Trudy onf Alice ESifh Bob wdkU\\ tm;enf;aom qufoG,frItay:wGif tcGifhaumif;,l tydkifpD;oGm;jcif;jzpfonf/ 8/ Summry tcsKyftm;jzifhqdkaomf uGefjyLwmuGef,ufvHkNcHKa&;wGif t\"dutm;jzifh wpfOD;ESifh wpfOD; qufoG,f rI,laomtcg vHkNcHKrI&Sdap&ef ESifh uGef,uftwGif; toHk;jyKaom Hardware ESifh Software rsm;vHkNcHKa&; wdkUudk wifjyxm;onf/ umu,G fjcif;onf ukojcif;xufydkrdkaumif;rGefonf qdkaom oabmw&m;ESifhtnD uGef,ufvHkNcHKa&;twGuf &eof lrS rwdkufcdkufcif jzpfEdkifacs&Sdaom enf;vrf;rsm;tm;vHk;udk MudKwifumuG,fxm;oifhonf/ azmfjycJhaom taMumif;t&mrsm;wGif &efolrS wdkufcdkufyHk? wdkufcdkufenf;rsm; udkt\"du azmfjycJhonf/ wdkufcdkufyHkenf;vrf;rsm;onfvnf; NyD;jynfhpHkonfr[kwf/ tjcm;axmifaygif;rsm;pGm aom enf;vrf;rsm;vnf;&Sdonf/ topftopfaom wdkufcdkufenf;rsm;vnf; ay:aygufvmrnfrSm rvTJacs/ umuG,fwm;qD;yHkenf;vrf;rsm;onfvnf; NyD;jynfhpHkjcif;r&Sdacs/ umuG,fwm;qD;Edkif&ef Oyrm tcsdKUomazmfjyxm;onf/ wm;qD;jcif;vkyfief;rsm;onfvnf; Manual ajz&Sif;í r&Edkifyg/ Hardware tm;jzifhaomf4if;? Software tm;jzifhaomf4if;? tcaMu;aiGjzifh0,f,lxm;aom tmrcHXmersm;rS vdkifpifwpfckck jzifhaomf4if;? ajz&Sif;Mu&rnfjzpfonf/ ed*Hk;csKyftm;jzifh Cyber World wGif tcsdefESifhtrQ ICT enf;ynm rSm t&Sdeft[kefjzifh wdk;wufvQuf&Sdonf/ ICT toHk;jyKolrsm;jym;vmouJhodkU vHkNcHKa&;usdK;ayguf&ef wdkufcdkufolrsm; vnf; rsm;jym;vmrnfjzpfonf/ enf;ynmrsm; qef;opfvmouJhodkU wdkufcdkufrIenf;vrf;rsm;vnf; qef;opfvmrnfjzpfonf/ xdkUaMumif; Cyber World wGif vuf&Sdtajctae\\ umuG,fwm;qD;rI enf;vrf;rsm;udk aqmif&Gufxm;ouJhodkU tem*wfwGif jzpaf y:vmEdkifaom vHkNcHKa&;qdkif&m udpö&yf rsm;udkvnf; rjywfqnf;yl;avhvm umuG,fwm;qD;Mu&rnfjzpfonf/ bmomjyef – Munf; 32373 AdkvfBuD;aomfZif
Search
Read the Text Version
- 1 - 28
Pages: