virtualgate's picture

Network Security,Application Layer

RSA Cryptosystem

RSA Cryptosystem
 The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and hence, it is termed as RSA cryptosystem.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to generate a pair of keys, namely public key and private key. The process followed in the generation of keys is described below −

  • Generate the RSA modulus (n)

    • Select two large primes, p and q.

    • Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of 512 bits.

  • Find Derived Number (e)

    • Number e must be greater than 1 and less than (p − 1)(q − 1).

    • There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e and (p – 1)(q – 1) are coprime.

  • Form the public key

    • The pair of numbers (n, e) form the RSA public key and is made public.

    • Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.

  • Generate the private key

    • Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.

    • Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).

    • This relationship is written mathematically as follows −

ed = 1 mod (p − 1)(q − 1)

The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.

An example of generating RSA Key pair is given below. (For ease of understanding, the primes p & q taken here are small values. Practically, these values are very high).

  • Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.

  • Select e = 5, which is a valid choice since there is no number that is common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.

  • The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone whom we wish to be able to send us encrypted messages.

  • Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d = 29.

  • Check that the d calculated is correct by computing −

de = 29 × 5 = 145 = 1 mod 72
  • Hence, public key is (91, 5) and private keys is (91, 29).

Encryption and Decryption

Once the key pair has been generated, the process of encryption and decryption are relatively straightforward and computationally easy.

Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as a series of numbers less than n.

RSA Encryption

  • Suppose the sender wish to send some text message to someone whose public key is (n, e).

  • The sender then represents the plaintext as a series of numbers less than n.

  • To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple mathematical step as −

C = Pe mod n
  • In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced modulo n. This means that C is also a number less than n.

  • Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −

C = 105 mod 91

RSA Decryption

  • The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e) has received a ciphertext C.

  • Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P.

Plaintext = Cd mod n
  • Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10 using private key 29 −

Plaintext = 8229 mod 91 = 10

Contributor's Info

Created: Edited:
Diffie-Hellman key exchange

The Diffie-Hellman key agreement protocol (1976) was the first practical method for establishing a shared secret over an unsecured communication channel. The point is to agree on a key that two parties can use for a symmetric encryption, in such a way that an eavesdropper cannot obtain the key.
1. Alice and Bob agree on a prime number p and a base g.
2. Alice chooses a secret number a, and sends Bob ( ga mod p).
3. Bob chooses a secret number b, and sends Alice ( gb mod p).
4.  Alice computes (( gb mod p )a mod p).
5. Bob computes (( ga mod p )b mod p).
Both Alice and Bob can use this number as their key. Notice that p and g need not be protected.

Contributor's Info

Created: Edited:
Basics of Wi-Fi

Wi-Fi stands for Wireless Fidelity and is used to define any of the IEEE 802.11 wireless standards.It is primarily a local area networking (LAN) technology designed to provide in-building broadband coverage.Current Wi-Fi systems support a peak physical-layer data rate of 54 Mbps and typically provide indoor coverage over a distance of 100 feet.

Wi-Fi – IEEE Standards: The 802.11 standard is defined through several specifications of WLANs. It defines an over-the-air interface between a wireless client and a base station or between two wireless clients.

  • 802.11 − This pertains to wireless LANs and provides 1 – or 2-Mbps transmission in the 2.4-GHz band using either frequency-hopping spread spectrum (FHSS) or direct-sequence spread spectrum (DSSS).
  • 802.11a − This is an extension to 802.11 that pertains to wireless LANs and goes as fast as 54 Mbps in the 5-GHz band. 802.11a employs the orthogonal frequency division multiplexing (OFDM) encoding scheme as opposed to either FHSS or DSSS.
  • 802.11b − The 802.11 high rate WiFi is an extension to 802.11 that pertains to wireless LANs and yields a connection as fast as 11 Mbps transmission (with a fallback to 5.5, 2, and 1 Mbps depending on strength of signal) in the 2.4-GHz band. The 802.11b specification uses only DSSS. Note that 802.11b was actually an amendment to the original 802.11 standard added in 1999 to permit wireless functionality to be analogous to hard-wired Ethernet connections.
  • 802.11g − This pertains to wireless LANs and provides 20+ Mbps in the 2.4-GHz band.

802.11 MAC Frame
The 802.11 MAC frame, as shown in the following figure, consists of a MAC header, the frame body, and a frame check sequence (FCS). The numbers in the following figure represent the number of bytes for each field.

802.11 MAC Frame Format

( )
a). Frame Control Field
:-The Frame Control field, shown in the following figure, contains control information used for defining the type of 802.11 MAC frame and providing information necessary for the following fields to understand how to process the MAC frame. The numbers in the following figure represent the number of bits for each field.

( )
A description of each Frame Control field subfield are as follows:

Protocol Version:- This provides the current version of the 802.11 protocol used.
Type and Subtype:- This determines the function of the frame. There are three different frame type fields: control, data, and management. There are multiple subtype fields for each frame type . Each subtype determines the specific function to perform for its associated frame type.
To DS and From DS:- This indicates whether the frame is going to or exiting from the DS (distributed system), and is only used in data type frames of STAs associated with an AP.
More Fragments:- This indicates whether more fragments of the frame, either data or management type, are to follow.
Retry:- indicates whether or not the frame, for either data or management frame types, is being retransmitted.
Power Management:- This indicates whether the sending STA is in active mode or power-save mode.
More Data:- This indicates to a STA in power-save mode that the AP has more frames to send. It is also used for APs to indicate that additional broadcast/multicast frames are to follow.
WEP:- This indicates whether or not encryption and authentication are used in the frame. It can be set for all data frames and management frames, which have the subtype set to authentication.
Order:- This indicates that all received data frames must be processed in order.

b). Duration/ID Field:- This field is used for all control type frames, except with the subtype of Power Save (PS) Poll, to indicate the remaining duration needed to receive the next frame transmission. When the sub-type is PS Poll, the field contains the association identity (AID) of the transmitting STA.

c). Address Fields:-Depending upon the frame type, the four address fields will contain a combination of the following address types:

  • BSS Identifier (BSSID)
  • Destination Address (DA) 
  • Source Address (SA)
  • Receiver Address (RA)
  • Transmitter Address (TA)

d). Sequence Control:- The Sequence Control field contains two subfields, Fragment Number field(4 bits) and Sequence Number field(12 bits).
e). Frame Body:- The frame body contains the data or information included in either management type or data type frames.
f). Frame Check Sequence:- The transmitting STA uses a cyclic redundancy check (CRC) over all the fields of the MAC header and the frame body field to generate the FCS value. The receiving STA then uses the same CRC calculation to determine its own value of the FCS field to verify whether or not any errors occurred in the frame during the transmission.

Note-  Wi-Fi uses CSMA-CA, not CSMA-CD because Wi-Fi devices have no way of detecting collisions, they can't send and receive at the same time (a wireless network operates at half-duplex).

Contributor's Info

Created: Edited:
Network Security
Content covered: 

Network Security

More Less

  • This quiz contains 5 questions on the topic Application Layer and Security
  • Lean well before you attempt the quiz
  • You can attempt the quiz unlimited number of times.

Difficulty Level:  basic