07-05-2011, 12:03 PM
Presented by:
suvendu kumar sahu
[attachment=13397]
Introduction
History:
• The Concept of IP Spoofing was Discussed in 1980’s
• Spoofing problem Arises due to in-depth Security problem in TCP/IP Protocol Suite
• Spoofing can still be used and needs to be addressed by all security administrators.
Definition of ip:
The Internet Protocol is a network-layer protocol that contains addressing information and some control information that enables
packets to be routed .
WHAT IS SPOOFING…???
Spoofing refers to creation of IP packets with a forged IP source address.
TYPES OF SPOOFING ?
• IP Spoof
• Web Spoof
• E-mail Spoof
• Non Technical Spoof
Some background on AES
In 1997 the US National Institute of Standards and Technology put out a call for candidates for a replacement for the ageing Data Encryption Standard, DES. 15 candidates were accepted for further consideration, and after a fully public
process and three open international conferences, the number of candidates was reduced to five. In February 2001, the final candidate was announced and comments were solicited. 21 organizations and individuals submitted comments..
AES is founded on solid and well-published mathematical ground, and appears to resist all known attacks well. There’s a strong indication that in fact no
back-door or known weakness exists since it has been published for a long time, has been the subject of intense scrutiny by researchers all over the world, and
such enormous amounts of economic value and information is already
successfully protected by AES. There are no unknown factors in its design,
and it was developed by Belgian researchers in Belgium therefore voiding the conspiracy theories sometimes voiced concerning an encryption standard
developed by a United States government agency. A strong encryption algorithm need only meet only single main criteria:
• There must be no way to find the unencrypted clear text if the key is unknown, except brute force, i.e. to try all possible keys until the right one is found.
• The number of possible keys must be so large that it is computationally infeasible to actually stage a successful brute force attack in short enough a time.
The older standard, DES or Data Encryption Standard, meets the first criterion, but no longer the secondary one – computer speeds have caught up with it,
or soon will. AES meets both criteria in all of its variants: AES-128, AES-192
and AES-256.
Encryption must be done properly
AES may, as all algorithms, be used in different ways to perform encryption. Different methods are suitable for different situations. It is vital that the correct method is applied in the correct manner for each and every situation, or the
result may well be insecure even if AES as such is secure. It is very easy to implement a system using AES as its encryption algorithm, but much more skill and experience is required to do it in the right way for a given situation. No more than a hammer and a saw will make anyone a good carpenter, will AES make a system secure by itself. To describe exactly how to apply AES for varying
purposes is very much out of scope for this short introduction.
Strong keys
Encryption with AES is based on a secret key with 128, 192 or 256 bits. But if the key is easy to guess it doesn’t matter if AES is secure, so it is as critically vital to use good and strong keys as it is to apply AES properly. Creating good and strong keys is a surprisingly difficult problem and requires careful design when done
with a computer. The challenge is that computers are notoriously deterministic, but what is required of a good and strong key is the opposite – unpredictability
and randomness. Keys derived into a fixed length suitable for the encryption algorithm from passwords or pass phrases typed by a human will seldom correspond to 128 bits much less 256. To even approach 128--bit equivalence in a pass phrase, at least 10 typical passwords of the kind frequently used in day-to-day work are needed. Weak keys can be somewhat strengthened by special techniques by adding computationally intensive steps which increase the amount of computation necessary to break it. The risks of incorrect usage,
implementation and weak keys are in no way unique for AES; these are shared
by all encryption algorithms. Provided that the implementation is correct, the security provided reduces to a relatively simple question about how many bits the chosen key, password or pass phrase really corresponds to.
suvendu kumar sahu
[attachment=13397]
Introduction
History:
• The Concept of IP Spoofing was Discussed in 1980’s
• Spoofing problem Arises due to in-depth Security problem in TCP/IP Protocol Suite
• Spoofing can still be used and needs to be addressed by all security administrators.
Definition of ip:
The Internet Protocol is a network-layer protocol that contains addressing information and some control information that enables
packets to be routed .
WHAT IS SPOOFING…???
Spoofing refers to creation of IP packets with a forged IP source address.
TYPES OF SPOOFING ?
• IP Spoof
• Web Spoof
• E-mail Spoof
• Non Technical Spoof
Some background on AES
In 1997 the US National Institute of Standards and Technology put out a call for candidates for a replacement for the ageing Data Encryption Standard, DES. 15 candidates were accepted for further consideration, and after a fully public
process and three open international conferences, the number of candidates was reduced to five. In February 2001, the final candidate was announced and comments were solicited. 21 organizations and individuals submitted comments..
AES is founded on solid and well-published mathematical ground, and appears to resist all known attacks well. There’s a strong indication that in fact no
back-door or known weakness exists since it has been published for a long time, has been the subject of intense scrutiny by researchers all over the world, and
such enormous amounts of economic value and information is already
successfully protected by AES. There are no unknown factors in its design,
and it was developed by Belgian researchers in Belgium therefore voiding the conspiracy theories sometimes voiced concerning an encryption standard
developed by a United States government agency. A strong encryption algorithm need only meet only single main criteria:
• There must be no way to find the unencrypted clear text if the key is unknown, except brute force, i.e. to try all possible keys until the right one is found.
• The number of possible keys must be so large that it is computationally infeasible to actually stage a successful brute force attack in short enough a time.
The older standard, DES or Data Encryption Standard, meets the first criterion, but no longer the secondary one – computer speeds have caught up with it,
or soon will. AES meets both criteria in all of its variants: AES-128, AES-192
and AES-256.
Encryption must be done properly
AES may, as all algorithms, be used in different ways to perform encryption. Different methods are suitable for different situations. It is vital that the correct method is applied in the correct manner for each and every situation, or the
result may well be insecure even if AES as such is secure. It is very easy to implement a system using AES as its encryption algorithm, but much more skill and experience is required to do it in the right way for a given situation. No more than a hammer and a saw will make anyone a good carpenter, will AES make a system secure by itself. To describe exactly how to apply AES for varying
purposes is very much out of scope for this short introduction.
Strong keys
Encryption with AES is based on a secret key with 128, 192 or 256 bits. But if the key is easy to guess it doesn’t matter if AES is secure, so it is as critically vital to use good and strong keys as it is to apply AES properly. Creating good and strong keys is a surprisingly difficult problem and requires careful design when done
with a computer. The challenge is that computers are notoriously deterministic, but what is required of a good and strong key is the opposite – unpredictability
and randomness. Keys derived into a fixed length suitable for the encryption algorithm from passwords or pass phrases typed by a human will seldom correspond to 128 bits much less 256. To even approach 128--bit equivalence in a pass phrase, at least 10 typical passwords of the kind frequently used in day-to-day work are needed. Weak keys can be somewhat strengthened by special techniques by adding computationally intensive steps which increase the amount of computation necessary to break it. The risks of incorrect usage,
implementation and weak keys are in no way unique for AES; these are shared
by all encryption algorithms. Provided that the implementation is correct, the security provided reduces to a relatively simple question about how many bits the chosen key, password or pass phrase really corresponds to.
