Information Secutiry On Internet - in Greek

1
: ,
ISBN: 978-960-603-193-9
Copyright , 2015
Creative Commons -
- 3.0.
https://creativecommons.org/licenses/by-nc-nd/3.0/gr/

9, 15780
www.kallipos.gr
......................................................................................................................... 3
- ................................................................................................. 14
1. ................................................................. 16
1.1 ..................................................................................................................................................................... 16
1.2 ...................................................................................................................................... 18
1.3 ........................................................................................................................ 20
1.4 ....................................................................................................................................... 22
...................................................................................................................................... 23
...................................................................................................................... 23
.................................................................................................................................................... 23
2. .................................................................................................. 25
2.1 ..................................................................................................................................................................... 25
2.1.1 ....................................................................................................................................... 25
2.1.2 ........................................................................................................................................ 25
2.1.3 ........................................................................................................................................... 26
2.1.4 ............................................................................................................................... 26
2.2 .......................................................................................................................................................... 26
2.3 ............................................................................................................................... 27
2.3.1 ................................................................................................................................................. 28
2.3.2 .................................................................................................................... 28
2.3.2.1 ................................................................................................................................................. 28
2.3.2.2 ........................................................................................................................... 30
2.3.3 ................................................................................................................................................. 30
2.3.4 ...................................................................................................................................... 30
2.3.4.1 Sniffing ................................................................................................................................................................... 30
2.3.4.2 MAC Spoofing ....................................................................................................................................................... 31
2.4 .................................................................................................................................................... 32
2.4.1 IPv4 ........................................................................................................................................................................... 32
2.4.1.1 Subnetting .............................................................................................................................................................. 32
2.4.1.2 ....................................................................................................................................... 33
2.4.1.3 IP Spoofing ............................................................................................................................................. 34
2.4.2 IPv6 ........................................................................................................................................................................... 34
2.4.3 ............................................................................................................................................................ 36
2.4.4 ICMP......................................................................................................................................................................... 37
2.4.5 ARP ........................................................................................................................................................................... 37
3
2.5 ............................................................................................................................................... 38
2.5.1 TCP................................................................................................................................................ 38
2.5.2 UDP ............................................................................................................................................... 39
2.6. .............................................................................................................................................. 40
2.6.1 ......................................................................................................................................... 40
2.6.2 ............................................................................................................................... 41
2.6.2.1 Packet Interception ............................................................................................................................................... 41
2.6.2.2 Betrayal by Trusted Server .................................................................................................................................. 42
2.6.2.3 Distributed Denial of Service ............................................................................................................................... 42
2.6.2.4 Cache Poisoning .................................................................................................................................................... 42
2.6.3 HTTP ............................................................................................................................................. 42
2.6.4 ................................................................................................................................... 43
2.7 ........................................................................................................................... 44
2.7.1 .................................................................................................................................................. 45
2.7.2 ............................................................................................................................... 45
2.7.3 Internet of Things .................................................................................................................................................... 45
...................................................................................................................................... 46
...................................................................................................................... 46
.................................................................................................................................................... 46
3. ................................................................................................... 49
3.1 ..................................................................................................................................................................... 49
3.1.1 ............................................................................................................................................... 49
3.1.1.1 Hackers .................................................................................................................................................................. 49
3.1.1.2 Script Kiddies ........................................................................................................................................................ 50
3.1.1.3 - ............................................................................................................................................ 50
3.1.1.4 - ........................................................................................................................................... 50
3.1.1.5 Insiders................................................................................................................................................................... 50
3.1.2 ............................................................................................................................................ 50
3.1.3 .................................................................................................................................................... 51
3.1.3.1 Lollipop model ...................................................................................................................................................... 51
3.1.3.2 Onion model .......................................................................................................................................................... 52
3.2 ................................................................................................................................................ 52
3.2.1 ................................................................................................................................................... 52
3.2.2 firewall ............................................................................................................................................................. 53
3.2.2.1 Packet Filters ......................................................................................................................................................... 53
3.2.2.2 Circuit Level Gateways ........................................................................................................................................ 55
3.2.2.3 Application Level Gateways ................................................................................................................................. 56
3.2.3 Bastion hosts ............................................................................................................................................................. 57
4
3.2.4 firewall .................................................................................................................................................. 57
3.2.4.1 Single-Homed Bastion Host ................................................................................................................................. 58
3.2.4.2 Dual-Homed Bastion Host .................................................................................................................................... 58
3.2.4.3 Screened Subnets .................................................................................................................................................. 59
3.2.4.4 DMZ ....................................................................................................................................................................... 59
3.2.5 ................................................................................................................................................ 60
3.2.5.1 IDS ..................................................................................................................................................... 60
3.2.5.2 .......................................................................................................................................... 61
3.2.5.3 ..................................................................................................................................... 61
3.2.5.4 ........................................................................................................................ 62
3.2.5.5 Honeypots .............................................................................................................................................................. 62
3.3 .................................................................................................................................................. 62
3.3.1 ............................................................................................................................................... 63
3.3.2 .................................................................................................................................................... 64
3.3.2.1 .................................................................................................................................. 64
3.3.2.2 service identifier .................................................................................................................................... 65
3.3.2.3 ad-hoc .................................................................................................................... 65
3.3.2.4 ............................................................................................................ 65
3.3.2.5 ............................................................................................................................................... 65
3.3.3 ............................................................................................................................................. 65
3.3.3.1 Wired Equivalent Privacy .................................................................................................................................... 66
3.3.3.2 Wi-Fi Protected Access ......................................................................................................................................... 67
3.3.3.3 IEEE 802.11i - WPA2 ........................................................................................................................................... 67
...................................................................................................................................... 68
....................................................................................................................... 68
.................................................................................................................................................... 68
4. ............................................................................... 70
4.1 ..................................................................................................................................................................... 70
4.2 ......................................................................................................................... 71
4.3 .............................................................................................................................................. 72
4.3.1 ...................................................................................................................................... 73
4.3.2 ................................................................................................................... 73
4.3.3 .......................................................................................................................................... 74
4.3.4 ........................................................................................................................... 74
4.3.5 ................................................................................. 74
4.4. : Java ........................................................................................................................................ 75
4.4.1 ................................................................................................................................................ 78
4.4.2 ................................................................................................................................................... 78
5
4.4.3 ................................................................................................................... 79
4.4.4 ................................................................................................................................................ 80
4.4.5 ........................................................................................................................................ 81
4.4.6 Serialization Deserialization ............................................................................................................................. 82
4.4.7 ................................................................................................................................................. 85
...................................................................................................................................... 86
....................................................................................................................... 87
5. ........................................................................ 89
5.1 ..................................................................................................................................................................... 89
5.2 .............................................................................................................................................. 90
5.3 ............................................................................................................................................. 92
5.3.1 ............................................................................................................................................ 92
5.3.2 ...................................................................................................................................................................... 93
5.4 ................................................................................................... 95
5.4.1 .............................................................................................................................. 96
5.4.2 ..................................................................................................................................................... 97
5.4.3 ......................................................................................................................................................... 97
5.4.4 ............................................................................................................................................. 97
5.4.5 ........................................................................................................................ 98
5.4.6 .................................................................................................................................................. 98
5.4.7 ............................................................................................................................................ 99
5.4.8 ............................................................................................................................................ 99
5.4.9 ............................................................................................................................................ 99
5.4.10 ........................................................................................................................................ 99
.................................................................................................................................... 100
..................................................................................................................... 100
6. .................................................................................... 102
6.1 ................................................................................................................................................................... 102
6.2 ........................................................................................................................................................... 103
6.2.1 ...................................................................................................................................... 103
6.2.2 ....................................................................................................................................................... 104
6.2.3 ...................................................................................................................................................................... 105
6.2.4 ............................................................................................................................... 106
6.2.4.1 ..................................................................................................................................................... 106
6.2.4.2 .......................................................................................................................................... 108
6.2.4.2.1 ........................................................................................................................................ 108
6.2.4.2.2 ............................................................................................................................................ 109
6
6.2.4.3 .................................................................................................................................................... 111
6.3 .......................................................................................................................................................... 111
6.4 ................................................................................................... 113
6.5 Cryptool ...................................................................... 116
6.5.1 ...................................................................................................................................... 117
6.5.1.1 .................................................................................................................................................. 117
6.5.1.2 ............................................................................................................ 119
6.5.2 Vigenere ............................................................................................................................................. 121
6.5.2.1 ....................................................................................................... 121
6.5.2.2 ............................................................................................................ 122
.................................................................................................................................... 125
.................................................................................................................... 126
.................................................................................................................................................. 126
1 ............................................................................................................................................................. 127
2 ............................................................................................................................................................. 127
3 ............................................................................................................................................................. 127
4 ............................................................................................................................................................. 127
................................................................................................................................................. 128
7. ................................................................. 129
7.1 ................................................................................................................................................................... 129
7.2 .............................................................................................................................. 130
7.2.1 DES ......................................................................................................................................................................... 130
7.2.1.1 .................................................................................................................................... 131
7.2.1.2 ............................................................................................................. 132
7.2.1.3 3DES .................................................................................................................................................................... 134
7.2.2 AES ......................................................................................................................................................................... 135
7.2.2.1 .............................................................................................................................................. 137
7.2.2.2 ............................................................................................................................. 139
7.2.2.2.1 AddRoundKey .................................................................................................................................................. 139
7.2.2.2.2 SubBytes ........................................................................................................................................................... 139
7.2.2.2.3 ShiftRows .......................................................................................................................................................... 140
7.2.2.2.4 MixColumns ..................................................................................................................................................... 140
7.2.3 ................................................................................................................................................ 141
7.2.3.1 Electronic Codebook (ECB) ............................................................................................................................... 141
7.2.3.2 Cipher Block Chaining (CBC) ........................................................................................................................... 141
7.2.3.3 Cipher FeedBack Mode (CFB) .......................................................................................................................... 142
7.2.3.4 Output FeedBack Mode (OFB) .......................................................................................................................... 143
7.3 ............................................................................................................................... 143
7
7.3.2 RSA ......................................................................................................................................................................... 144
7.4 Cryptool ................................................................................................... 146
7.4.1 ........................................................................................................................................ 146
7.4.1.1 DES-CBC ............................................................................................................................... 146
7.4.1.2 ECB CBC ..................................................................................................................... 147
7.4.1.3 DES Weak Keys .................................................................................................................................................. 149
7.4.1.4 Brute Force........................................................................................................................................... 149
7.4.1.5 GPG .. Linux................................................................................................................................. 150
7.4.2 ......................................................................................................................................... 152
7.4.2.1 RSA .................................................................................................................... 152
7.4.2.2 RSA ..................................................................................................................... 153
7.4.2.3 RSA .................................................................................................................... 154
7.4.2.4 RSA ........................................................................................................................ 154
7.4.2.5 RSA ............................................................................................................... 155
.................................................................................................................................... 155
..................................................................................................................... 156
.................................................................................................................................................. 156
1 ............................................................................................................................................................. 157
2 ............................................................................................................................................................. 157
3 ............................................................................................................................................................. 157
8. ....................................................... 159
8.1 .............................................................................................................................. 159
8.1.1 .................................................................................................... 159
8.1.2 .................................................................................................................................. 160
8.1.3 ............................................................................... 160
8.2 ................................................................................................ 161
8.2.1 MD5......................................................................................................................................................................... 161
8.2.2 SHA ................................................................................................................................ 162
8.3 ...................................................................................... 163
8.3.1 MDC ......................................................................................................... 164
8.3.2 - MAC ............................................................................................... 164
8.3.3 HMAC..................................................................................................................................................................... 167
.................................................................................................................................... 167
..................................................................................................................... 168
9. .............................................. 170
9.1 ............................................................................................................................................... 170
9.1.2 ........................................................................................................................... 171
8
9.1.2.1 RSA ...................................................................................................................................................................... 171
9.1.2.2 El-Gamal .............................................................................................................................................................. 172
9.1.2.3 DSA/DSS .............................................................................................................................................................. 173
9.2 ................................................................................................................................... 174
9.2.1 ........................................................................................................................................ 175
9.2.2 .................................................................................................... 176
9.2.3 ......................................................................................................... 177
9.2.4 ............................................................................................................................... 178
9.3 ................................................................................................................................................. 179
9.3.1 ........................................................................... 180
9.3.1.1 RootCA ............................................................................................................................................ 180
9.3.1.2 Intermediate CA ............................................................................................................................. 180
9.3.1.3 .............................................................................................. 181
9.3.1.4 .................................................................................................................................... 182
9.3.2 SSL ................................................................................................................................................. 183
9.3.4 ............................................................................................................................. 186
.................................................................................................................................... 186
.................................................................................................................... 187
.................................................................................................................................................. 187
................................................................................................................................................................ 188
10. - VPN ........................................................................... 189

10.1 ................................................................................................................................................................. 189
10.1.1 .................................................................................................................................................... 191
10.1.2 VPN ........................................................................................................................................... 192
10.2 SSH Tunneling ........................................................................................................................................................ 192
10.3. TLS/SSL VPN ........................................................................................................................................................ 193
10.4 IPsec VPN ................................................................................................................................................................ 195
10.4.1 ........................................................................................................................................ 195
10.4.2 ...................................................................................................................................... 196
10.4.2.1 AH ........................................................................................................................................... 196
10.4.2.2 ESP ......................................................................................................................................... 197
10.4.3 IPsec ............................................................................................................................. 198
10.4.3.1 Transport mode................................................................................................................................................. 198
10.4.3.2 Tunnel mode ...................................................................................................................................................... 198
10.4.4 - IKE ....................................................................................................................................... 199
10.4.4.1 Diffie-Hellman .......................................................................................................................... 199
10.4.4.2 IKE Phase 1 ....................................................................................................................................................... 200
10.4.4.2.1 Aggressive Mode ............................................................................................................................................ 200
9
10.4.4.2.2 Main Mode ..................................................................................................................................................... 200
10.4.4.3 IKE Phase 2 ....................................................................................................................................................... 201
10.5 Data-Link Layer VPN ............................................................................................................................................ 202
10.6 ............................................................................................................................................... 202
.................................................................................................................................... 205
..................................................................................................................... 206
.................................................................................................................................................. 206
................................................................................................................................................. 207
11. ............................................................................................. 208

11.1 ................................................................................................................................................................. 208
11.2 ....................................................................................................................................... 210
11.3 ............................................................................................. 211
11.4 , ...................................................................................... 214
11.4.1 ............................................................................................................................... 216
11.4.2 ........................................................................................................................................... 217
11.4.3 ....................................................................................................................................... 217
11.4.4 ....................................................................................................................... 217
11.4.5 ............................................................................................................................... 217
11.4.6 ............................................................................................................................................. 217
11.4.7 ........................................................................................................................ 218
11.4.8 ........................................................................................................................ 218
11.4.9 .............................................................................................................................. 218
11.5 ................................................................................................................................................... 218
11.6 ISO/IEC 17799 ................................................................................................................................... 219
11.6.1 ............................................................................................................................................. 221
11.6.2 ........................................................................................................... 221
11.6.2.1 ....................................................................................................................................... 221
11.6.2.2 ................................................................................................................................................ 221
11.6.3 ............................................................................................................................................... 222
11.6.3.1 ............................................................................................................................ 222
11.6.3.2 ................................................................................................................................ 222
11.6.4 ............................................................................................................................. 222
11.6.4.1 ........................................................................................................................................... 222
11.6.4.2 ......................................................................................................................................... 223
11.6.4.3 .............................................................................................................. 223
11.6.5 .............................................................................................................. 223
11.6.5.1 ............................................................................................................................................. 223
11.6.5.2 ....................................................................................................................................... 224
10
11.6.6 ......................................................................................................... 224
11.6.6.1 ...................................................................................................... 224
11.6.6.2 ............................................................................................ 224
11.6.6.3 ............................................................................................................. 224
11.6.6.4 ............................................................................................................ 225
11.6.6.5 ........................................................................................................ 225
11.6.6.6 ......................................................................................................................... 225
11.6.6.7 .................................................................................................................... 225
11.6.6.8 ................................................................................................................................. 226
11.6.6.9 .................................................................................................................. 226
11.6.6.10 ......................................................................................................................................................... 226
11.6.7 ............................................................................................................................................. 227
11.6.7.1 ........................................................................................ 227
11.6.7.2 ...................................................................................................................... 227
11.6.7.3 .............................................................................................................................................. 227
11.6.7.4 ............................................................................................................................ 227
11.6.7.5 ............................................................................................ 228
11.6.7.6 ..................................................................................... 228
11.6.7.7 ............................................................................................................. 229
11.6.8 , ............................................................. 229
11.6.8.1 ................................................................................... 229
11.6.8.2 ............................................................................................................. 229
11.6.8.3 ................................................................................................................. 230
11.6.8.4 ....................................................................................................................... 230
11.6.8.5 .............................................................................. 230
11.6.8.6 ....................................................................................................................... 230
11.6.9 ........................................................................................................................................... 231
11.6.9.1 ............................................................................................ 231
11.6.9.2 ................................................................................................................... 231
11.6.10 .............................................................................................................. 231
11.6.11 ...................................................................................................................................................... 232
11.6.11.1 ................................................................................................... 232
11.6.11.2 , .................................................................... 232
11.6.11.3 ............................................................................... 232
11.7 - ................................................................................................ 233
.................................................................................................................................... 234
..................................................................................................................... 234
11
12. & Digital Forensics ...................................... 236
12.1 .............................................................................................................................................. 236
12.1.1 .............................................................................................................................................................. 236
12.1.2 CSIRT ................................................................................................................................................................... 237
12.1.2.1 ................................................................................................................................... 237
12.1.2.2 CSIRT .................................................................................................................................................. 238
12.1.3 ....................................................................................... 239
12.1.3.1 .................................................................................... 239
12.1.3.2 ..................................................................................................................... 240
12.1.3.3 .............................................................................................................. 240
12.1.3.4 .......................................................................................................................................... 241
12.1.3.5 ................................................................................................................................... 241
12.1.3.6 ....................................................................................................................................... 242
12.1.3.7 ........................................................................................................................................... 242
12.1.4 .............................................................................................. 243
12.2 Digital Forensics ...................................................................................................................................................... 247
12.2.1 .............................................................................................................................................................. 247
12.2.2 ....................................................................................................................................... 248
12.2.3 ....................................................................................................................................... 249
12.2.4 ................................................................................................................... 249
12.2.5 ......................................................................................................................... 250
12.2.6 .............................................................................................................................. 251
.................................................................................................................................... 252
..................................................................................................................... 252
13. .............................................. 254
13.1 ................................................................................................................................................................. 254
13.2 ....................................................................................................................................................... 255
13.3 ............................................................................................................... 257
13.3.1 ................................................................................................................................................................. 258
13.3.2 .......................................................................................................................................... 258
13.3.3 ............................................................................................................................................... 258
13.3.4 ........................................................................................................................................... 259
13.3.5 ........................................................................................................................................ 259
13.3.6 ..................................................................................................................... 259
13.4 ................................................................................................................................................................. 259
13.5 ........................................................................................................................................................... 260
.................................................................................................................................... 262
12
..................................................................................................................... 262
................................................................................................... 264
- ............................................................................. 267
13
-
3DES Triple-DES
ACL Access control list
AES Advanced Encryption Standard
ARP Address Resolution Protocol
AS Autonomous System
CA Certificate Authority
CBC Cipher Block Chaining
CERT Computer Emergency Response Team
CFB Cipher FeedBack Mode
CRC Cyclic Redundancy Check
CRHF Collision-resistant hash functions
CRL Certificate Revocation List
CSIRT Computer Security Incident Response Team
CSMA/CD Carrier Sense Multiple Access / Collision Detection
DES Data Encryption Standard
DMZ De-Militarized Zone
DSA Digital Signature Algorithm
DSS Digital Signature Standard
ECB Electronic Codebook
ENISA European Union for Network and Information Security
GRC Governance Risk Compliance
HTTP Hyper-Text Transfer Protocol
ICC International Color Consortium
ICG Inverse Congruence Generator
ICMP Internet Control Messaging Protocol
IDS Intrusion Detection System
IETF Internet Engineering Task Force
IoT Internet of Things
ISMS Information Security Management System
ISO International Organization for Standardization
IV Initialization Vector
JDBC Java Database Connectivity
JRE Java Runtime Environment
JSP Java Server Pages
LAN Local Area Network
LCG Linear Congruence Generator
MAC Media Access Control
MAC Message Authentication Code
MAN Metropolitan Area Network
MD5 Message-Digest algorithm 5
MDC Message Detection Code
MSB Most Significant Bit
MTA Mail Transfer Agents
MUA Mail User Agents
NAT/PAT Network/Port Address Translation
NIC Network Interface Controller
OFB Output FeedBack Mode
OSI Open Systems Interconnection Model
OUI Organizationally Unique Identifier
OWHF One-way hash functions
PAN Personal Area Network
PDCA Plan-Do-Check-Act
PKI Public Key Infrastructure
PoC Point of Contact
14
QoS Quality of Service
RA Registration Authority
RFC Request For Comments
RTS/CTS Ready to Send / Clear to Send
SHA Secure Hash Algorithm
SHS Secure Hash Standard
SMTP Simple Mail Transfer Protocol
SSID Service Set Identifier
SSL Secure Sockets Layer
STP Spanning Tree Protocol
TERENA Trans-European Research and Education Networking Association
UDP User Datagram Protocol
VPN Virtual Private Network
WAN Wide Area Network
WEP Wired Equivalent Privacy
WPA Wi-Fi Protected Access
WSN Wireless Sensor Network
WWW World Wide Web
Business impact analysis

P Internet Protocol

15
1.
H , ,

. , .
,
, .
,

.
1.1
,
. , ,
: secrecy, security, safety, insurance,
assurance, dependability.
H (Information Security)
,
. , ,
.
, ,
:
1.1 (3) .

, .
,
. , ,
1.1:
16

(CCTV)

1.1 .
(), .
, ,
1.2:

. (username
password).
.
1.2 .
,
. :
:
,
.
: Merriam-Webster,
.
, ,
. ,
:
(Computer Security):

.
(Communication Security):

.
,
(3) , :
(Confidentiality):
() .
(Integrity):
( ) .
17
(Availability): (
) , .
,
:
(Identification):
(.. ) (.. ).
(Authentication):
.
(Authorization):

,
.
(Non-Repudiation):
.
( )
. ,
,
.
1.2
,
, :
(asset) ( , )
(value) (owner)
.
(user),
(grant) / (privilege)
(access) .
(controller)
.
(danger).
.
(harm).
, ,
(interception) , (modification) , (fabrication)
(interruption) ,
(threat) . :
o ,
.
18
o ,
.
o , ()
.
(attack).
.
(vulnerability)
.
:
o (Human):
()
, (insiders),
.
o : ,
(hardware)
(software).
o (Media):
,
.
o (Communications): ,
, .
o (Physical):
(.. datacenters).
o (Natural): (..
), ..
(impacts) ,
/
.
(controls)
(countermeasures), (.. , ,
)
. (cost)
.
,
1.2:
19
1.2 .
,
( )

.
1.3

,
.
, , ..
, ,
, (Internet).
( 1960),

, . ,
ARPANET . ,

,
, , ,
.
, 4 (Internet Protocol version
4), ,
.
, ,
, .
, IPv4,
. ,
,
.
20
, ,
:
(masquerading):

.
(passive tapping):
, ..
.
(active tapping):
.
(repudiation):
(.. ) .
(denial of service):

.
(replay):
(playback)
(.. ).
(traffic analysis):
( ), /

.
(viruses, Trojan horses, worms):

.

,
. ,
, :
:

..
:
,
..
:

( )
.
, ,
21

.
: ,
.
()
() .
:
. , ,

,
, .

.
,
.
1.4

, 2
.
3,
, (firewalls) (IDS),
.
, (Web
applications). 4 5, ,
, .
,
, . 6,
. ,
, 7
,
.
, 8
, ,
9

(PKI).
10,

(VPN) .
11, ,
, .
(),
(digital forensics) ,

,
( , , , ..),
12.
22
, 13,

.
., . (2002). . :
.
., ., . (2004). . :
.

.
.
1. :
) , .
) , .
) , -.
) , .
2. :
) .
) .
) .
) .
3. :
) .
) .
) .
) .
4. :
) : .
) : .
) : .
) : .
5. :
) .
) .
) .
) .
23
6. :
) .
) .
) .
) .
7. :
) Security.
) Assurance.
) Insurance.
) Police.
8. :
) .
) .
) .
)
9. - :
) .
) .
) .
)
10. :
) .
) .
) .
)
24
2.
,
.
,
.
2.1
, ,
. ,
..
. .
:
(, , .) .
.
.
.
,
(Internet),
,
.
,
. ,
:
(Local Area Networks - LAN).

(Wide Area Networks - WAN).
(Metropolitan Area Networks - MAN).
(Personal Area Networks - PAN).
2.1.1
, ,
, .
, ,
.
,
UTP .
2.1.2
, , ,
.
25
-, ,
. ,
.
2.1.3

(campus) (.. ). ,
.
2.1.4
(personal assistant),
(.. smartphones, smart watches .),
,
. ,
(.. Bluetooth).
2.2
, .
, ,
,
,
.
,
. ,
,
.

(Open Systems Interconnection Model OSI Model) ISO/IEC 7498-1,
(International Organization for Standardization)
1994. (7)
(Reference Model).
TCP/IP
(Internet Model), OSI, 2.1.
, 3 5
, (4) , :
,
.
,
(end-to-end) .
,
, IP,
(packets) .
,
(frames) .
26
2.1 OSI (3 ).
, ,
. ,
. ,

.
2.2 .
, .
.
,
, .
2.3
( ) ,
(frames) ,
(medium access), (error detection), (error
correction), (retransmission) (flow control).
27
,
Network Interface Cards (NIC). (Media
Access Control address), MAC (MAC address) 48 bit.
MAC .
:
24 bit (Organizationally Unique

Identifier OUI) .
.
24 bit (Network Interface Controller NIC)

OUI.
MAC address 1 (FF:FF:FF:FF:FF:FF), broadcast address

( ) .
2.3.1
.
, collision domain.
,
, .
(hub),
collision domain. , ,

. ALOHA, Slotted ALOHA CSMA/CD (Carrier Sense
Multiple Access / Collision Detection).
, (switches) full duplex
, collision domain
switch, broadcast domain.
, , ,
CSMA/CD.
, ,
. ,
. , , ,
CSMA/CD,
CSMA/CA (Carrier Sense Multiple Access / Collision
Avoidance) RTS/CTS (Ready to Send / Clear to Send),
.
2.3.2

. ,
:
.
(CRC).
2.3.2.1
,
. , n - 1 bit.
28
, bit, bit (parity bit). bit
:
1 n bit ,
.
1 n bit ,
.
2.3 8 bit
(1 Byte).
2.3 bit .
n bit,
, bit , 2.4.
2.4 .
(1) parity bit, bit,

bit . , bit,
.
, , bit ,
bit , 2.5.
29
2.5 .
2.3.2.2
(Cyclic Redundancy Check CRC) modulo-2

bit. ,
k bit, r bit
k+r bit. r bit Frame Check Sequence
(FCS).
, ,
r + 1 bit, generator (G), bit (Most Significant Bit -
MSB) 1. , , FCS modulo-
2 k+r G 0. modulo-2
(0),
.
2.3.3

. , (broadcast)
. , STP (Spanning Tree
Protocol), (spanning tree)
- .
2.3.4
, .
2.3.4.1 Sniffing
sniffing ( ) ,
, . ,
.
collision domain ( hub
),
(.. port mirroring).
30
2.6 Sniffing.
sniffing, , ..
( , 802.11x),
, .. ,
.
2.3.4.2 MAC Spoofing
, ,
() (media access control),
MAC address, .
, MAC
, frames

.
2.7 MAC Spoofing.
MAC spoofing,
, . , ,
(NIC)
.
31
2.4

( datagrams) , (routing).
, , ,
, Internet Protocol (IP). ,
Internet 4 (IPv4). ,
, 6 (IPv6).
, IPv4
. IPv4,
, IPv6.
, IP,
, .
2.4.1 IPv4
IP .
, 32 bit, ,
(8) bit (1 Byte). 32 bit ( )
( ). ,
, IP
( Byte ),
.
, (3) , :
1.0.0.0 126.255.255.255.
8 (MSB) bit (host).
B 128.0.0.0 191.255.255.255.
16 bit .
C 192.0.0.0 223.255.255.255.
24 bit .
H D 224.0.0.0 239.255.255.255
(multicast).
O (240.0.0.0 254.255.255.255) ,
127.0.0.0 127.255.255.255 n , loopback
.
, .
, 224 A, 216 B 256
C. , ,
,
224 .
: subnetting
Network/Port Address Translation (NAT/PAT).
2.4.1.1 Subnetting
, bit (Host).
, , , IP
2.8:
32
2.8 .
, , 16 24 bit ,
2.9:
2.9 .
, , bit
. : <_>/< Subnet bit>
, bit
( host bit) 0. , 15.6.0.0/16
. H 16, bit
( subnet bit), , 15.6.0.0
A.
host bit 1, ()
(broadcast). 15.6.255.255.
subnet bit . ,
, 25 , 2, 2 5=32,
. , 5 bit (host bit). ,
(subnet bit) 32 5 = 27 bit. ,
195.251.209.128/27.
2.4.1.2
subnets , IPv4
. , ,
.
, ,
. ,
host ,

(Internet). (private)
:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
(hosts)
Internet; (address translation)
:
33
IP
(,
).
,
(private)
IP
.
, , IP
,
.
Network Address Translation (NAT). ,

IP ,
,
(host) .
Port Address Translation (PAT).
2.4.1.3 IP Spoofing
IP .
, , Internet. IP, ,
IP
.
IP Spoofing (source
address). , (masquerade)
.
, spoofing
.
2.4.2 IPv6
subnetting /PAT IPv4,
.
, 232= 4.294.967.296 ( 4 ),
. ,
(Internet of Things IoT).
, ,
, .
1992 IETF (Internet Engineering Task Force)
IP (Internet Protocol next generation - IPng).
RFC (RFC 1752) 1995.
, IPv6, RFC 2460 1998.
IPv6, 128 bit. bit
2128=340.282.366.920.938.463.463.374.607.431.768.211.456 .
( 340 undecillionths ) (
, )
!
, NAT
, IPv6 , :
34
IPsec: IPsec,
,
. IPv6, IPsec ,
.
: IPv6 IPv4,
. ,
, . , optional
headers ,
.
: 2128.
stateless statefull IP:

,
.
: IPv6
.
: (Quality of Service QoS)

. ,
, (..

). , IPv6
.
: IPv6
(mobility).
IPv6 , 8 ,
- (:) (/)
(prefix length) . prefix IPv6 subnet
IPv4.
IPv6 , (bit 0)
:
leading zeroes
, .
fe80:0000:0000:cd4f:0aff:0000:0000:4afc/64 fe80::cd4f:0aff:0:0:4afc/64
fe80:0000:0000:cd4f:0aff:0000:0000:4afc/64 fe80:0:0:cd4f:0aff:0:0:4afc/64
0000:0000:0000:0000:0000:0000:0000:0001/64 0:0:0:0:0:0:0:1
0000:0000:0000:0000:0000:0000:0000:0001/64 ::1
IPv6 broadcast . IPv6

:
Unicast: host.
35
Multicast: host.
host
.
Anycast: host.
host
.
unicast , :
Global: 1/8
IPv4 (public addresses),
.
o (prefix): 2000::/3 (001)
o 2000:: 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff.
global 2000:db8::1234.
Unique Local (Site-Local): IPv4:

10.0.0.0/8, 172.16.0.0/12 192.168.0.0/16.
d;iktya IR (intranets),
Internet. 48 bit ,
16 .
o prefix: FC00::/7 (1111 110)
Link-Local: IPv4: 169.254.0.0/16.

, ,
network discovery. , , 64 bit
EUI-64 (Extender Unique Identifier), 48 bit
(MAC address) (NIC), RFC
4291.
o prefix: FE80::/10 (1111 1110 10)
Special: (unspecified)
localhost IPv4:
o Unspecified: ::/128 ( 0.0.0.0 IPv4)
o Localhost: ::1/128 ( 127.0.0.1 IPv4)
Transition:
IPv6 IPv4.
2.4.3
(routing), ,
,
36
.
.

(manually).
IP .
() , ,
(default gateway).

,
. , RIP, EIGRP OSPF.
IGP (Interior Gateway Protocols),
(Autonomous System AS).
, EGP (Exterior gateway Protocol),
, BGP.
2.4.4 ICMP
Internet Control Messaging Protocol (ICMP)
IP , . ICMP
Pv4 (ICMP6) IPv6.
(type). ICMP
echo request (ICMP type 8), ICMP echo reply
(type 0) host .
ICMP, , . , ,
ICMP Data. payload
, -
.
, ICMP (Denial of Service -
DoS). , -
. ,
.
2.4.5 ARP
, ,
, . ,
( IP
IP )
MAC (NIC)
MAC .
, IP
MAC .
, IP MAC.
ARP
Address Resolution Protocol (ARP). ARP RFC
826.
ARP
(MAC) (IP).
,
, 2.10.
37
2.10 ARP Poisoning.
2.5
, , .
, ,
, 65535
. ,
. IP (port) socket.
. User Datagram Protocol (UDP)
Transport Control Protocol (TCP). , .
2.5.1 TCP
TCP, RFC793, (connection
oriented) ,
(three-way handshake), 2.11.
2.11 Three-way handshake.
38
, , segment (set) flag SYN
TCP header. segment segment,
flags SYN ACK. A ,
segment, flag ACK.
TCP ,
(SYN flood attack).
, ( segments SYN flag
) .
( DoS) .
IP (best effort). ,
, . To TCP,
, :
(reliable data transfer),

.
. To CP (buffers),
-.
() ()
, .
TCP (window)
buffer .
(congestion control). TCP

.
, RTT,
, , ..,
.
2.5.2 UDP
UDP, RFC 7683, , TCP,
(connectionless) .
, .
UDP best effort ()
.
, UDP
TCP . , UDP
:
, .
()
.
, UDP ,
TCP ( )
.
39
2.6.
, ,
. , , ,
,
.
, ,
. ,
(Web applications),
() /
.
, :
DNS, Internet,
.
SMTP, e-mail ( Internet).
HTTP,
.
2.6.1
host IP, Internet,
IP . , host
IP . ,

.
:
,

.

( ). , ,
, .
, (
www.uom.gr mail.google.com) IPv4, 195.251.213.104 173.194.112.86.
IPv6.
, ,
, , DNS (Domain Name Service).
DNS RFC 1034 1035. :
: .
DNS: .
:
o ,
o ,
40
o ,
o ( ),
o .
: DNS.
(resolvers): (clients)

.
DNS, , Bind Microsoft DNS

Server. DNS, ,
(RFC 3833).
2.6.2
, .
2.6.2.1 Packet Interception
DNS UDP
. , (monkey-in-the-middle),
. ,
resolver ,
.
2.12 .
Security Extensions DNS (DNSSEC),

, , .
, .
41
2.6.2.2 Betrayal by Trusted Server
, (man-in-the-middle),
DNS server, (resolver). ,
host, ( IP
) , (DNS servers). ,
, , ( )
.
2.6.2.3 Distributed Denial of Service
(DDoS)
.
:
ICMP.
(queries).
, DDoS
.
2.6.2.4 Cache Poisoning
DNS . , (resolver)
DNS (server). server (
DNS) domain , server
. ,
, (cache), ,
.
, , DNS server ,
cache. ,
, ,
, .
, DNSSEC,
(. 8). ,
server
cache.
2.6.3 HTTP
HTTP World Wide Web (WWW).
stateless TCP. stateless
(transaction) . ,

. ,
.
HTTP (Hyper-Text Transfer Protocol) ,
HTTP (.. , video, ..), .
HTTP (header), ,
,
. , (body),
.
42
HTTP
4 5.
2.6.4
(e-mail)
Internet. SMTP (Simple Mail Transfer Protocol),
RFC 2821 Internet (
HTTP).
SMTP, , .
SMTP MTA (Mail Transfer Agents),
MUA (Mail User Agents).
2.13 (e-mail).
2.13, MUA (.. Mozilla Thunderbird, Microsoft Outlook, .)

MTA domain (sender), (..
Sendmail) , MTA domain
(recipient). MTA DNS.
MUA MTA
, MUA SMTP commands, 2.14.
2.14 e-mail SMTP.
43
, SMTP server
me@thisisatest.net, , , ,
2.15 :
2.15 .
, SMTP ,
. , MTA
.
(spam mail). ,
, MTA
(open relay).
(plaintext),
. SMTP ASCII 7-bit. ,
, , ,
. ,
ASCII ; ,
ASCII,
Base64.
, :
(plaintext).
server
, .
(.. ).
2.7
,
Mark Weiser,
(ubiquitous / pervasive computing). ,
,
.
44
, .
,
, .
2.7.1
, (context)
. (),
, ,
, . ,
(smart home), ,
.
ad-hoc , ,
. ad-hoc , ,
(authentication) (authorization),
(identity provider),
.
, , resurrecting duckling. (
DVD player) slave . (imprinted) master
, , (
). , master .
slave master
.
2.7.2
(Wireless Sensor Network WSN)
, ,
.
.
, ,
, . ,
, , , .
WSN ,
, () ,
,
.
2.7.3 Internet of Things

(Internet of Things - IoT) ,
,
()
. (things) ,
, ,
, ..
()
, , , , ,
, .. :
,
(single points of failure),
(resilience).
45
,
IoT .
,
.
, IoT . ,

.
Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15),
27872805. http://doi.org/10.1016/j.comnet.2010.05.010
Convery, S. (2004). Network security architectures. Indianapolis, IN: Cisco Press.
de Vivo, M., de Vivo, G. O., & Isern, G. (1998). Internet Security Attacks at the Basic Levels. SIGOPS Oper.
Syst. Rev., 32(2), 415. http://doi.org/10.1145/506133.506136
Jacobsson, M., Niemegeers, I., & Groot, S. H. de. (2010). Personal networks: wireless networking for personal
devices. Chichester, West Sussex; Hoboken, NJ: John Wiley.
Kurose, J. F., & Ross, K. W. (2013). Computer networking: a top-down approach (6th ed). Boston: Pearson.
Stajano, F., & Anderson, R. (2002). The Resurrecting Duckling: security issues for ubiquitous computing.
Computer, 35(4), 2226. http://doi.org/10.1109/MC.2002.1012427
Stallings, W. (2014). Data and computer communications (Tenth edition). Boston: Pearson.
Weber, R. H. (2010). Internet of Things New security and privacy challenges. Computer Law & Security
Review, 26(1), 2330. http://doi.org/10.1016/j.clsr.2009.11.008
Weiser, M. (1993). Some Computer Science Issues in Ubiquitous Computing. Commun. ACM, 36(7), 7584.
http://doi.org/10.1145/159544.159617
Yick, J., Mukherjee, B., & Ghosal, D. (2008). Wireless sensor network survey. Computer Networks, 52(12),
22922330. http://doi.org/10.1016/j.comnet.2008.04.002.

.
.
1. OSI:
) .
) .
) 4 .
) 7 .
46
2. :
) .
) bytes .
) 1 bit.
) CRC.
3. Spanning Tree Protocol (STP):

) (loops).
) (loops).
) byte .
) hub.
4. sniffing:
) .
) aDSL.
) parity bit.
) .
5. 195.251.209.128/29:
) 195.251.109.126.
) 195.251.109.129.
) 195.251.109.135.
) 195.251.109.29.
)
) .
6. (router):
) .
) .
) (interface)
) TCP/IP.
7. :
) CDMA/CD.
) ALOHA.
) TCP.
) SMTP.
) GRE
) HTTP
) UDP
) DNS
) IPv6
8. DoS :
) .
) .
) .
) .
9. HTTP :
) .
) .
) .
) .
47
10. :
) .
) .
) ad-Hoc .
) .
48
3.
,
.
,
, , :
, (firewalls)
(IDS), ,
(.. smartphones, tablets).

1 2.
3.1
, ,
. ,
, , .
,
,
.
, ,
, . ,
: lollipop onion.
3.1.1
.
.
3.1.1.1 Hackers
Hackers ,
, :
Black-Hat hackers: , , .
crackers.
White-Hat hackers: ,
. ,
,
.
Grey-Hat hackers: , , .
White-Hat hackers
(.. ),
,

.
49
3.1.1.2 Script Kiddies
, , hackers,
(hacking tools), ,
.
, ,
,
.
3.1.1.3 -
hackers, - (cyber spies)

. , -
, ,
.
3.1.1.4 -
- (cybercriminals) ,
-. -
, spamming, phishing .
- - (cyberterrorists),
,
(DDoS) .
3.1.1.5 Insiders
,
.
.
,
,
.
3.1.2
, ,
, :
:
, , ,
, ..,
(.. NVD).
: ,
, ,
.
: ,
, ,
,
.
50
: ,
.
: ,
,
, ,
.
: ,
, ,
, ,
.
5,
.
3.1.3
, ,
.

, :
Lollipop model: ,
.
Onion model: , defense in-

depth.
3.1.3.1 Lollipop model
Lollipop, ,
. ,
. ,
.
3.1 Lollipop.
51
3.1.3.2 Onion model
Onion, defense in-depth, ,

, , ,
, ..
,
.
3.2 Onion.
3.2
, , .
, , , ,
, , ,
. , ,
. ,
, (firewall) (IDS).
3.2.1
(firewall) ,
( ).
3.3 .
, , :
52
, (host)
.
,
, ,
.
firewall , :
firewall.
firewall,
.
firewall .
3.2.2 firewall
(firewalls) :
(Packet Filters).
(Circuit-level Gateways).
(Application-level Gateways).
3.2.2.1 Packet Filters
packet filtering firewall firewall. (ingress

filtering) (egress filtering) .
(IP headers) (TCP/UDP headers) :
(protocol field),
(source address),
(source port),
(destination address),
(destination port).
,
. ,
(access control list ACL):
# Src Addr Src Dst Addr Dst Proto Action Comment

Port Port
1 192.168.0.0/16 * 192.168.1.0/24 * * permit Permit outbound traffic
4 any * 192.168.1.21 80 TCP permit Access to web server
5 any * 192.168.1.31 25 TCP permit Access to mail server
6 any 500 192.168.1.2 500 UDP permit Access to isakmp
7 any 4500 192.168.1.2 4500 UDP permit Access to isakmp-nat
8 any * 192.168.1.0/24 * * deny Deny all
3.1 .
53
3.1 8
, :
192.168.0.0/16 192.168.1.0/24
172.16.0.0/12 192.168.1.0/24
10.0.0.0/8 192.168.1.0/24

.
(10.0.0.0/8, 172.16.0.0/16 192.168.0.0/16),
. , spoofing attack,

.
192.168.1.21 80,
web server.
192.168.1.31 25,
mail server.
192.168.1.2 500,
isakmp ( ,
10).
192.168.1.2 500,
isakmp, NAT.
192.168.1.0/24.
(4-7)
, 192.168.1.24/0.
, .

.
,
, stateless packet filtering. ,
:

(action)
. ,
.

, .
stateless packet filter IP Spoofing (

) TCP Fragmentation,
(fragments) FLAGS TCP
firewall.
, packet filters
(state) .
, firewall
(state table). ,
firewall:
54
(established) ,
.
( SYN),
. , ,
.
SYN ,
.
Src Addr Src Port Dst Addr Dst Port Protocol State
192.168.1.41 45523 1.1.1.1 80 TCP ESTABLISHED
192.168.1.47 52214 2.2.2.2 53 UDP ESTABLISHED
3.2 .
, .
. firewall
Stateful.
3.2.2.2 Circuit Level Gateways
(circuit gateways)
.
a packet filters,
,
(gateway). , , segments
.
3.4 .
,
:
1. gateway.
2. gateway .
3. , .
4. gateway , , host .
5. gateway , .
SOCKS.
:
55
SOCKS Server, gateway.
SOCKS Client, ,
, SOCKS, .
To SOCKS Client Library,

firewall.
circuit level
gateway, TCP SOCKS Server ( 1080),
, , UDP.
, , firewall
.
3.2.2.3 Application Level Gateways
(application gateways), proxy servers,

. proxy servers
. , , ,
, proxy server,

.
proxy servers circuit level gateways,

:
proxy servers payload (deep inspection).

,
(.. )
.
proxy servers . ,
proxy server web . mail
server , , proxy server.
firewall ,
, 3.5:
3.5 firewalls.
56
3.5, Client 1 Proxy Server
web server. , (external client)
mail server circuit level gateway. packet
filter .
3.2.3 Bastion hosts

bastion hosts ( )
(Trusted Operating Systems TOS).
:
bastion hosts, circuit

application gateways, :
bastion host ,

.
,
.
bastion host proxies,

.
proxies , ,
.
.
,
.
bastion host
(non-privileged).
bastion host
. proxy ( ) ,
.
3.2.4 firewall

firewall. .
57
3.2.4.1 Single-Homed Bastion Host
Single-Homed Bastion Host, packet

filter. bastion host,
.
3.6 Single-Homed Bastion Host.
To packet filter,
, bastion host,
hosts.
3.2.4.2 Dual-Homed Bastion Host
Dual-Homed Bastion Host, packet filter

bastion host. , .
3.7 Dual-Homed Bastion Host.
, packet filter,
bastion host.
58
3.2.4.3 Screened Subnets
screened subnet, bastion host ,

packet filter.
3.8 Screened subnet.
, .
3.2.4.4 DMZ
, ,
, web services, .
, ,
.

,
, packet filter
packet filter.
, : ,
Internet ,
(De-Militarized Zone DMZ).
59
3. 9 DMZ.
3.2.5
(intrusion detection)
(auditing)
.
.
,
,
Intrusion Detection Systems (IDS).
3.2.5.1 IDS
. ,
IDS :
Host-based IDS, (host),

.
Network-Based IDS, dedicated ,

(promiscuous mode)
. :
60
o Network Tap (.. sniffer), (..
port-mirroring switch port)
.
o Detection Engine,
.
IDS , 3.3.

Network-based

. .

. .

,
. .
Host-Based
,
.
.

. .

.
.
3.3 IDS.
IDS.
. ,
(Hybrid Detection) .
3.2.5.2
(signatures),
.
: home directory .
, home directory ,
IDS .
, ,
IP ,
(source & destination address). Land attack.
3.2.5.3
, IDS
. , .
, (behavior), IDS
. IDS
61
. ,
, , , ,
.. IDS .
,
. ,
(false positive),
.
3.2.5.4
IDS
. , , ,
. ,
, . ,
(Intrusion Prevention Systems IPS).
. (inline), IPS
.
, IPS , ( firewalls),
.
IPS false positive,
. ,
, .
3.2.5.5 Honeypots
,
, honeypot honeynet. honeypot
,
, :
.
.
.
honeypot.
3.3

( ),
. ,

.
1997, IEEE 802.11
.
IEEE 802.11, (,
) , .
, IEEE 802.11
( 2 Mbps).
Gbps
(802.11ac).
.
62
802.11,
:
Infrastructure Mode,
(access point).
3.10 Infrastructure mode.
Ad-hoc Mode, .
3.11 Ad-hoc mode.
3.3.1

( , , tablets
). , , ,
, .
, ,
:
63
(Sniffing)
,
, (eavesdropping)
session
hijacking, replay attacks MAC spoofing.
(Man-in-the-Middle)

.
(Denial of Service)

, .
(Wireless Phishing)
access point SSID
-. , ,
access point,
.
3.3.2
,
. ,
. ,
, . ,
,
, .
3.3.2.1
, ,
:
.
.
.
.
.
.
.
, ,
.
64
,
.
(..
omnidirectional , ,

) ,
, .
3.3.2.2 service identifier
Service Set Identifier (SSID) .

, SSID , .
SSID,
.
, SSID
. ,
SSID Wireless Phishing,
clients SSID ,
.
3.3.2.3 ad-hoc
, ad-hoc
. ,

.
3.3.2.4
, ,
access points
(rogue access points).
access points ,
. , (switches)
(port security).
3.3.2.5
, ,
.
, ,
,
(client isolation).
3.3.3
, ,
. ,
.
.
.
65
3.3.3.1 Wired Equivalent Privacy
Wired Equivalent Privacy (WEP)

,
( ). , access point
. WEP ,
.
WEP access point ().

access point ,
.
Open System authentication,

access point.
Shared-key authentication, -
(challenge-response), :
o access point.
o access point 128 bits (challenge).
o RC4
() access point.
o access point
. ,
(
6), .
WEP,
access point. ,
(Open Shared key) ,

. ,
( sniffing) .
, . ,
,
access point. , ,
, Open Systems Authentication
(
).
frames WEP :
CRC ,
(concatenate) .
, (initialization vector - IV) 24 bit,

40 104 bit, .
(Pseudo-random Number Generator PRNG)
RC4,
.
66
XOR
(cipher text) IV
.
WEP , :
,
.
IV 24 bit. , 224,
16 , IV. ,
, IV .
IV (
),
(keystream attack). ,
XOR
XOR ,

.
: CRC(xy)=CRC(x)CRC(y),
, CRC .
, WEP
WPA.
3.3.3.2 Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) 802.11i Wi-

Fi Alliance WEP
. , , 802.11i.
WEP :
802.1
RADIUS Server (Enterprise Mode) (passphrase)
.
TKIP,
WEP, .. IV
.
WPA RC4, (128 bits)

WEP.
3.3.3.3 IEEE 802.11i - WPA2
WPA2 802.11i. RC4

AES, .
WEP WPA, Rollback, RSN IE
poisoning De-Association.
67

Ciampa, M. (2014). Security+ guide to network security fundamentals (5th Ed). Clifton Park, NY: Cengage
Learning.
Garg, V. K. (2007). Wireless communications and networking. Amsterdam; Boston: Elsevier Morgan
Kaufmann.
Rhodes-Ousley, M. (2013). Information security: the complete reference (2nd. Ed). New York;London:
McGraw-Hill Education.
Wang, J., & Kissel, Z. A. (2015). Introduction to network security: theory and practice (Second edition).
Hoboken, NJ: Singapore: Wiley; HEP.

.
.
1. defense in-depth :
) Lollipop.
) Onion.
) (Waterfall).
) firewall.
2. firewalls :
) (Packet Filters).
) (Circuit-level Filters).
) (Circuit-level Gateways).
) (Application-level Gateways).
3. packet filter:
) (payload).
) .
) , .
) , .
4. stateful packet filter:

) .
) .
) .
) .
5. proxy servers :
) (payload) .
) .
) honeypot.
) SOCKS.
68
6. bastion host:
) .
) .
) .
) (stable) .
7. IDS:
) .
) .
) .
) .
8. :
) .
) .
) .
) .
9. WEP, :
) .
) .
) .
) .
10. .
;
) WPA2
) WPA
) WEP
) RADIUS
69
4.

,
. , ,
,
. , ,
/, (peep-to-
peer). ,
. ,

.

,
(. 1).
4.1
,
, .

. , ,
,
.
(Web application)

.
,
,
.
, .
, .
, :

. ,

.
( C)
,
, (stack), (heap).
, ,
,
.
70

,
.
,
( )
.
4.2
( OWASP) (
CERT Carnegie Mellon),
:
,
.
(attack surface), ,

. (Minimum
Attack Surface Principle).
(by
default) . ,
, .
, , (Principle of Least Privilege),

.

.
,
(
) . ,
,
.
, .
.
(resilience) ,

. , Java
https://www.owasp.org, o (exception handling)
(administrator)
, badCode() :
/*
badCode isUserInRole
, administrator,
.
*/
isAdmin = true;
try {
badCode();
71
isAdmin = isUserInRole( Administrator );
}
catch (Exception ex) {
log.write(ex.toString());
}

.

. ,
.

.
(Separation of Duties)
, (.. )

,
.
,
security by obscurity.
(..
),
.
Linux, ,
,
.

(..
).
,
, (software
engineer) .
(Occams Razor).
4.3

:
(buffer overflow)
(invalidated input)
(race conditions)
(access control)
()
72
4.3.1
(overflow)
(, , ) (buffer).
RAM .
, (break) ,
,

. , 20%
US-CERT .
, RAM
:
(Stack), (memory
address space)
, , .
(Heap), .
,

.
,
/ .
4.3.2
,
(input data)
.

.
,
.
, ,
:
: (field)
. ..
.
:
. ..
, 2
.
: C 0x00 (null
byte) . , null
byte ,

.
73
: .
(black list) ,
. ,
. , .
: .
, (white list)
. ,
,
.
4.3.3
(race condition) (threads)

. ,
(.. synchronized) .
,

, .
. ,
.
4.3.4
(access control)
(authentication) (authorization)

.
, (),
, , , ..
, /
, ,
.
, (..
/), .
4.3.5
, /
().

. ,
--
( ).

.

, .
SQL (SQL Injection).
SQL
SQL
74
.

(input validation).
4.4. : Java
Java
.
,
, .
(bytecode
verifier).
,
.
, Java
,
.
, , , . , ,
() ,
,

.
Java ,
. ,
, .
:
:
,
.
:
.

. ,
final,
-,
override . , SecurityManager
, .
: ,
/
. ,
,
,

. Java ,
Java o (policy files),
, java.security.AccessController.doPrivileged.
Rich Internet (RIA)
(applet) JNLP. ,
jar Manifest ,

75
(sandbox).
,
JRE (Java Runtime Environment),
.
:
,
,
( ). ,

. ,
, ,
(sanitize) (validate)
.
: (Denial
of Service)
,
. , ,
, RAM,
(bandwidth) .
(vector graphics)
( svg font).
, ,
. .
.
( zip),
GIF. ,
.
XPath.

(java serialization/deserialization).
( ),
, (locks)
.
, .
(pattern) Execute Around Method
- . 8 Java,
lambda. :
/*
Execute around method
, ,
76

.
*/
long sum = readFileBuffered(InputStream in -> {

long current = 0;
for (;;) {
int b = in.read();
if (b == -1) {
return current;
}
current += b;
}
});
try-with-resource, 7 Java,
. :
/*
try-with-resource
,
.
*/
public R readFileBuffered(InputStreamHandler handler) throws

IOException {
try (final InputStream in = Files.newInputStream(path)) {
handler.handle(new BufferedInputStream(in));
}
}

. :
/*

java.lang.AutoCloseable.
unlock()
*/
public R locked (Action action) {

lock.lock();
try {
return action.run();
} finally {
lock.unlock();
}
}
, (output buffers).
, .
/*
77
H out.flush() try
,

*/
public void writeFile(OutputStreamHandler handler) throws

IOException {
try (final OutputStream rawOut =
Files.newOutputStream(path)) {
final BufferedOutputStream out = new
BufferedOutputStream(rawOut);
handler.handle(out);
out.flush();
}
}
4.4.1
,
. , (constructor)
java.io.FileInputStream ,
java.io.FileNotFoundException, .
, .
.
, ,
(home directory). SecurityManager
, user.home. ,
SecurityManager
. , , ,

, .

. ,
,
. ,
(stack traces) HTML. ,
(.. ,
..),
. ,
(log files)
.
.

, .
.
4.4.2

, .
, SQL,
(quote)
SQL, .
78
SQL Java Database Connectivity (JDBC),
java.sql.PreparedStatement
java.sql.CallableStatement java.sql.Statement. ,
,
SQL.
java.sql.PreparedStatement
:
String sql = "SELECT * FROM User WHERE userId = ?";

PreparedStatement stmt = con.prepareStatement(sql);
stmt.setString(1, userId);
ResultSet rs = prepStmt.executeQuery();
( )
, HTML XML.
Cross-Site Scripting (XSS) XML Injection.
Java Server Pages (JSP).
( ),
, . ,
.
Unix
(shell),
(options) (.. ).
, Base64.
BMP ICC (International
Color Consortium). ICC ,
,
. ,
BMP, , ICC.
Swing <html> HTML.
, html.disable
Boolean.TRUE. :
label.putClientProperty("html.disable", true);
4.4.3
Containers , package.access.
(class
loaders) .
.
package.access:
private static final String PACKAGE_ACCESS_KEY =

"package.access";
static {
// package.access
String packageAccess =
java.security.Security.getProperty(PACKAGE_ACCESS_KEY);
// package.access
79
java.security.Security.setProperty(PACKAGE_ACCESS_KEY,((
packageAccess == null || packageAccess.trim().isEmpty()) ? ""
:(packageAccess + ","))
+"xx.example.product.implementation.");
}
, ,
. final
. , , :
//H SensitiveClass
public final class SensitiveClass {
// Behavior
private final Behavior;
//
private SensitiveClass(Behavior behavior) {
this.behavior = behavior;
}
//Guarded construction.
public static SensitiveClass newSensitiveClass(Behavior
behavior) {
// ... validate any arguments ...
// ... perform security checks ...
return new SensitiveClass(behavior);

}
}
4.4.4
Java , ,
.., (native code),
,
. ,
(public) . private
public wrapper,
:
public final class NativeMethodWrapper {
// nativeOperation
private native void nativeOperation(byte[] data, int
offset, int len);
// doOperation
nativeOperation
public void doOperation(byte[] data, int offset, int len)
{
data = data.clone();
/*
80
. offset+len
.
offset=1 and len=Integer.MAX_VALUE, offset+len ==
Integer.MIN_VALUE data.length.
, for (int i=offset; i<offset+len;
++i) { ... }
*/
if (offset < 0 || len < 0 || offset > data.length -

len) {
throw new IllegalArgumentException();
}
nativeOperation(data, offset, len);
}
}
4.4.5

. (constructor) non-final
(exception),
.
,
. , non-final
, .
non-final this() super(),
:
public abstract class ClassLoader {

protected ClassLoader() {
//
this(securityManagerCheck());
}
private ClassLoader(Void ignored) {

// ... ...
}
private static Void securityManagerCheck() {

SecurityManager security =
System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
return null;
}
}
Java,
(initialized flag).
. :
public abstract class ClassLoader {
81
//
private volatile boolean initialized;
protected ClassLoader() {
// ClassLoader
securityManagerCheck();
init();
//
this.initialized = true;
}
protected final Class defineClass(...) {

//
checkInitialized();
//...
}
private void checkInitialized() {

if (!initialized) {
throw new SecurityException("NonFinal not
initialized");
}
}
}
4.4.6 Serialization Deserialization

serialization ( ) ,
Java.
serializable, .
serialization , , .
.
serialized, Java
,
serialized . ,
.
serialized :
transient.
serialPersistentFields.
writeObject ObjectOutputStream.putField.
writeReplace.
Externalizable.
H deserialization ( )
. deserialization
, .
ObjectInputStream.readFields ,
:
public final class ByteString implements java.io.Serializable

{
82
private static final long serialVersionUID = 1L;
private byte[] data;
public ByteString(byte[] data) {
//
this.data = data.clone();
}
private void readObject(java.io.ObjectInputStream in)

throws java.io.IOException, ClassNotFoundException {
//
readFields
java.io.ObjectInputStreadm.GetField fields =
in.readFields();
this.data = ((byte[])fields.get("data")).clone();
}
//...
}
readObject, ,
. ,
deserialization, readObject, :
public final class Nonnegative implements java.io.Serializable

{
private static final long serialVersionUID = 1L;
private int value;
public Nonnegative (int value) {

//
this.data = nonnegative(value);
}
private static int nonnegative(int value) {

if (value < 0) {
throw new IllegalArgumentException (value + "
is negative");
}
return value;
}
//
private void readObject(java.io.ObjectInputStream in)
throws java.io.IOException, ClassNotFoundException {
java.io.ObjectInputStreadm.GetField fields =
in.readFields();
this.value = nonnegative(field.get(value, 0));
}
//...
}
serializable SecurityManager ,
readObject readObjectData. :
83
public final class SensitiveClass implements
java.io.Serializable {
public SensitiveClass() {
/*
instantiation
SensitiveClass. securityManager
*/
// ...
}
/*
readObject
.
readObject
/*
private void readObject(java.io.ObjectInputStream in) {
//
//...
}
}
A serializable , public ,
SecurityManager,
readObject. :
public final class SecureName implements java.io.Serializable

{
//
Private String name;
private static final String DEFAULT = "DEFAULT";
public SecureName() {
// name
name = DEFAULT;
/*

. H SetName
SecureName
*/
public void setName(String name) {

if (name!=null ? name.equals(this.name): (this.name
== null)) {
//
84
return;
} else {
/*
.
securityManager
*/
inputValidation(name);
this.name = name;
}
}
/* readObject

private void readObject(java.io.ObjectInputStream in) {
java.io.ObjectInputStream.GetField fields =
in.readFields();
String name = (String) fields.get("name", DEFAULT);
/*

,
*/
if (!DEFAULT.equals(name)) {
inputValidation(name);
}
this.name = name;
}
}
4.4.7
(cached) ,
. ,
API AccessController ,
:
private static final Map cache;

public static Thing getThing(String key) {
// Try cache.
CacheEntry entry = cache.get(key);
if (entry != null) {
/*

cached .
*/
AccessController.checkPermission(entry.getPermission());
return entry.getValue();
}
85
//
Permission perm = getPermission(key);

AccessController.checkPermission(perm);
//
PermissionCollection perms =
perm.newPermissionCollection();
perms.add(perm);
Thing value = AccessController.doPrivileged(
new PrivilegedAction<Thing>() {
public Thing run() {
return createThing(key);
}
},
new AccessControlContext(
new ProtectionDomain[] {
new ProtectionDomain(null, perms)
}
)
);
cache.put(key, new CacheEntry(value, perm));
return value;
}
Checklist: Security Review for Managed Code. (n.d.). Retrieved 30 September 2015, from
https://msdn.microsoft.com/en-us/library/ff648189.aspx
Gong, L., Ellison, G., & Dageforde, M. (2003). Inside Java 2 platform security: architecture, API design, and
implementation (2nd ed). Boston: Addison-Wesley.
Long, F. (2014). Java coding guidelines: 75 recommendations for reliable and secure programs. Upper Saddle
River, NJ: Addison-Wesley.
Long, F., & Carnegie-Mellon University (Eds.). (2012). The CERT Oracle secure coding standard for Java.
Upper Saddle River, NJ: Addison-Wesley.
Secure Coding Guidelines for Java SE. (n.d.). Retrieved 30 September 2015, from
http://www.oracle.com/technetwork/java/seccodeguide-139067.html
Secure Coding Principles - OWASP. (n.d.). Retrieved 30 September 2015, from
https://www.owasp.org/index.php/Secure_Coding_Principles
The Java Language Specification. (n.d.). Retrieved 30 September 2015, from
https://docs.oracle.com/javase/specs/jls/se8/html/
The Java Virtual Machine Specification. (n.d.). Retrieved 30 September 2015, from
https://docs.oracle.com/javase/specs/jvms/se8/html/
86

.
.
1. ;
) Java
) C
) Python
) HTML
2. ;
) CERT, Carnegie Mellon
) NIST
) OWASP
)
3. security by obscurity
) .
) , .
) .
) .
4. ;
) .
) .
) .
) .
5. :
) stack.
) heap.
) buffer.
) .
6. , :
) .
) .
) null bytes.
) .
7. Java :
) java.securityManager.AccessController.doPrivileged
) java.security.AccessManager.doPrivileged
) java.security.AccessController.doPrivileged
) java.security.AccessController.restrictPrivileged
8. :
) BMP .
) .
) XPath.
) .
87
9. SQL :
) java.sql.StealthStatement
) java.sql.PreparedStatement
) java.sSecureSQL.PreparedStatement
) java.sql.Statement
10. Java :
) SecurityManager
) SecurityGuardManager
) SecurityGuard
) TotalSecurityManager
88
5.
(Web
applications), . ,
,
. , ,
,
. ,
,
.

,
(. 1 4).
5.1
,
,
(denial of service). , ,
.
,
.
(firewall), ,
(ports),
. , Secure Sockets Layer (SSL)
,

.

:
:
.
.
:
.
, .
: (.. , , )
.
: .
, , , .
:
. ,
, , .., ,
(registry keys) (configuration data).
89
:
.
()
(.. ).
5.2
,
, ,
:
.
.
.
5.1 .

. , (routers),
(firewalls), (switches).
(.. TCP/IP),
,
.

, .
90
(web server), (application server)
(database server).
,
:

.

.

.
,
.

.

. ,
,
, .

,
,
.
, ,
.
,
.
,

.
(auditing)
. (logging)

(forensics)

.
5.1 .

.
.

,

.

5.2.

, .
91

, (credentials),
(username) (password).

.

(configuration files) (..
..)

, .
(session)
.

.

.

, .
,
.
5.2 .
, 4,
.
5.3
5.3.1

, ,
( ).
5.2.
5.2 .
, ,
.
,
92
.
.
,
.
,
.
. , (Sign In)
.
,
(.. ),
. ,
,
().
,
.
, ,
,
.
(backdoor).

. , ,
, .
,
,
. , (SYN flood attack),
TCP flag SYN,

.
5.3.2
:
, . ,
(IP
spoofing).
: .
, .
:
(.. ).
, .
: .

, ,

.
.
93
:
. ,

.
:

. ,

.
, ,
5.3.

.
( , )
.

.
.
.
.

.
.
.
.
.

.
.
,
.
.
.

.
5.3 .

,
. 5.4, :

.
XSS.
SQL
(brute force)
(dictionary)
(cookie replay).
.
.
.
.
94
.
.
.
.
.
.
.
().
.
.\

SQL.
.
(cookies) HTTP.
.
.
.
.
5.4 .
5.4

, .
, , ,
..

. , HTTP
(stateless),
. ,
, .
,

.

.
. .
.
5.3, ,

.
95
5.3 .
, ,
,
. ,
.
,
.
.

,
. ,
, ,
, ,
, ..

. ,
. ,
.
, ,
, ,
.
, ,

.
,
.
,
.
5.4.1

.
,
XSS, SQL, ..
:
96
.
.
, .
5.4.2
, :
. , ,
.
. , ,
username password.
.
token .
() .
(cookies) .
5.4.3
,
.
.
:
.
.
.
5.4.4

.
,
97
, ,
.
.
:
/ .
5.4.5
,
, , , ..,
. ,
,
.
,
.
, ,
:

, , .
5.4.6
HTTP, , ,
,
. ,
.

:
SSL .
98
5.4.7

.
:
,
.
5.4.8

.
, , cookies, HTTP ..
:
HTTP.
5.4.9

, . ,
. ,
, ,
, , SQL
, ,
.

, .
:
5.4.10

. ,
. ,
.
99
, .

. ,
.
:
Curphey, M., & Araujo, R. (2006). Web Application Security Assessment Tools. IEEE Security & Privacy,
4(4), 3241.
Graff, M., & Van Wyk, K. R. (2003). Secure coding: principles and practices. Beijing; Cambridge: OReilly.
Harwood, M., & Harwood, M. (2015). Internet security: how to defend against attackers on the web (Second
Edition). Burlington, MA: Jones & Bartlett Learning.
Improving Web Application Security: Threats and Countermeasures. (n.d.). Retrieved 30 September2015, from
https://msdn.microsoft.com/en-us/library/ff649874.aspx
Manico, J., & Detlefsen, A. (2015). Iron-clad Java: building secure web applications. New York: McGraw-Hill
Education.
Scheller, F., Jnchen, M., Lampe, J., Prmke, H. J., Blanck, J., & Palecek, E. (1975). Studies on electron transfer
between mercury electrode and hemoprotein. Biochimica Et Biophysica Acta, 412(1), 157167.
Shema, M. (2012). Hacking web apps: detecting and preventing web application security problems.
Amsterdam; Boston: Syngress.
Stuttard, D., & Pinto, M. (2011). The web application hackers handbook: finding and exploiting security flaws
(2nd ed). Indianapolis, IN: Chichester: Wiley; John Wiley [distributor].
Sullivan, B., & Liu, V. (2012). Web application security: a beginners guide. New York: McGraw-Hill.
.
.
1. :
) .
) .
) .
) .
100
2.
) .
)
.
) .
) .
3. ,
) .
) .
) .
) .
4. :
) .
) .
) .
) .
5. ;
) .
) .
) .
) .
6.
) .
) .
) .
) .
7. :
) .
) .
) .
) .
8. ;
) .
) .
) .
) .
9. , ,:
) .
) .
) .
) .
10. ;
) SSL.
) .
) / .
) .
101
6.
,
.

. ,
,
,
Cryptool.
6.1
(cryptology)

.
(confidentiality) . ,
(cryptography)
(cryptanalysis).

.
(steganography).

( )
.
, .
4.000 ,
,
. ,

, .
(plaintext)
.
(Cipher/Encryption algorithm)

.
.
, .
, ,
,
.
, .
, (key) ,

(cipher text).
6.1 (: https://commons.wikimedia.org/wiki/File:Skytale.png)
.
102
6.1 .

, (Decryption/Decipherment).
6.2
, :
(confidentiality).
(integrity).
(authentication).
(non-repudiation).
, :
, Kerckhoff, 1883 Auguste Kerckhoff (1853-

1903)
(security through obscurity),
,
, / .
6.2.1
,
(plaintext), (ciphertext).
, ,
103
.
. ,
.
6.2:
6.2 .
,
,
.
6.2.2

. , ,
,
.
,
:
(Brute-Force Attack): , ,
,
.
(
),
. ,
. ,

(..
). , ,

(
).
(Statistical Analysis Attack):

, ,
. ,
. ,

. ,
104
, ..
( , ..), ,
(autocorrelation),
(.. ) .
,
,
(pattern) , ,
(..
).
,
, :
(ciphertext only):
.
,
,

(known plaintext):

,
.
(chosen plaintext):
,
,
, , .. .
,
.
(chosen ciphertext):

.
(chosen text):

,

.
6.2.3
, ,
, . ,
..
:

,
, .
105
o ,

. ,
,
.
bit.
(brute force attack), ( bit)
,
. ,
64bit, 256, 7x1016
.
60
, 56 bit 1.200.000.000 . ,
(.. 1536 Deep Crack
1998) 781.875 , 217
, 9 . 64bit,
1019 2317 ( 6 )!
6.1
n .
6x107 sec
56 7,2x1016 38 / n
64 1,8x1019 9749 / n
128 3,4x1038 1,8x1023 / n
256 1,16x1077 6,1x1061 / n
512 1,36x10154 7,1x10138 / n
6.1 .
6.2.4
:
6.2.4.1
,
(symmetric) (asymmetric) (public key).
,
() , .
,

( 6.3).
.
106
6.3 .
, , C
.
k(P) C P ,
D Dk(C) P
C .

(secret key), ,
. (session key). ,
(2) n , n (n-1) / 2
. DES,
1977 .
(..
) (.. ).
,
, (..
).
(2) :

. (
) ,
( ). ,
, :
o (+) .
o (-)
.
,
. ,
,
. ,
(),
. .
107
6.4 .
6.2.4.2
,
(block) (stream).
6.2.4.2.1
() , .. 64 bit,
. ,
.
.
, ..
, .
Feistel. H
Feistel . (round)
, ,
(sub-key), .
, K (Ki, i=1 n),
n . ,
: L0 R0. , , 6.5.
, :
: Li = Ri-1
f i,
XOR
: Ri = Li-1 fi(Ri-1).
,
:
: Ri = Li-1
f i,
XOR
: Li = Ri-1 fi(Li-1).
108
6.5 Feistel.
6.2.4.2.2
,
bit, XOR bit ,
(key stream). ,
, .
109
6.6, ,
:
6.6 .
bit bit ,
XOR, :
11001100
01101100
------------
10100000
10100000
01101100
------------
11001100
(correlation attack)
:
. ,
, Linear
Congruence Generator (LCG) Inverse Congruence Generator (LCG).
bit,
.
, .

. ,
0 1. NIST Special Publication 800-22
(randomness tests)
bit .
(linear equivalence).
, bit
bit ( ..
110
LCG) , bit,
.
,
.
, .
, ,

(Web browser), .
, , email
, .
6.2.4.3
,
, .
,
.
,

,
.
.

.
6.3
, , ,
.
,
,
.
. , ,
.
. ,

. , ,
.
, :
.
.
.
,
,
. (Digital Watermarking) (Digital
Fingerprinting)
.
6.7 .
111
6.7 .
, , .

( ).
,
(watermarking), , (fingerprinting),
. , , .
8.

6.8. (embedder) : (payload),
, (cover work),
( ). ,
(stego work),
(detector), .
, .
6.8 .
,
:
: ( )
, .
:
.

. , ,
112
,
.
: , ,
() ,
.
6.4
1948 1949 Claude Shannon : The Mathematical Theory
of Communication Communication Theory of Secrecy Systems,
(Information Theory).
,
.
,
,

. ,

(,
). ,
,
.
, .
,
, 6.9.
6.9 .
(source)
(destination). ,
6.9, :
(Source):
.
(Encoder):
(communication channel). ,
.
(communication channel): ( ),
,
.
113
: (noise),
. ,
bit 1 bit
0.
(Decoder):
.
(Destination): .
, .

, :
;, ;.
,
, ,
.
. ,
bit 1 bit/sec. bit 0 bit 1
. .
bit (
) (0,25).
6.10
6.10 .
, 0,25
. bit
. , bit 1 .
bit ,
. bit 110
bit 1,
.

, ,
(Channel Capacity).
. bit
, (code word)
. bit
(block) bit bit.
114
,
.
1949, Shannon
,
. ,
,
(perfect secrecy).
, ,
, ,
. ,
,
.

bit . ,
{, } 1 bit. H
,
.
1, , n m
p(X1), , p(Xn), p(Xi) 1. H m
:
H X p X i lo g 2 p Xi
i1
(6.1)
2
bit.
, p(Xi) i
log2p(Xi) bit . ,
= {, , }, p(A) = 1/2, p(B) = 1/4 p() = 1/4. ,
, :
1 1 1 1 1 1
H X lo g 2 lo g 2 lo g 2 1, 5 b i t
2 2 4 4 4 4
(6.2)
H , 1.5, bit
. bit
H(X) () + 1. , A, B 2
bit , () < 2 < ()+1. ,
bit .
,
. , ,
( ) i
( ).
.

,
. ,

,
, . ,
FS%S^#
115
1 bit. , 1 bit
. ,
bit :
() ().
6.5 Cryptool
Cryptool ,
.
2000 .
Cryptool :
.
.
.
online .
, Cryptool
. Cryptool :
https://www.cryptool.org/en/ct1-downloads,
,
InfoSec (http://infosec.uom.gr).
6.11 Cryptool.

,

.
, Cryptool.
116
6.5.1

,
. The Gallic
Wars
.
. ,
.
6.5.1.1
(startingexample-
en.txt), 6.12, .
6.12 .
Encrypt/Decrypt Symmetric (classic) Caesar / Rot13

:
Select Variant Caesar.
Options to interpret the alphabet characters

0.
Key entry as Alphabet character -

.
(
)
(),
-.
, Encrypt,
. ; ;
117
, :
Encrypt/Decrypt Symmetric (classic) Caesar / Rot13.
(default) , Decrypt.
,
. ; ;
: Encrypt/Decrypt Symmetric (classic) Caesar /

Rot13.
Key entry as, lphabet character -

().
, Decrypt.
.
. ;
/
Key entry Number Value 8.

: Analysis Tools for Analysis Histogram.

;
(, );
6.13 .
118
6.14 .
6.5.1.2
,
Cryptool.
Cryptool : File
New
, Caesar. ,
:
Gurer ner n ynetr ahzore bs fgrtnabtencuvp zrgubqf gung zbfg

bs hf ner snzvyvne jvgu (rfcrpvnyyl vs lbh jngpu n ybg bs fcl
zbivrf!), enatvat sebz vaivfvoyr vax naq zvpebqbgf gb frpergvat
n uvqqra zrffntr va gur frpbaq yrggre bs rnpu jbeq bs n ynetr
obql bs grkg naq fcernq fcrpgehz enqvb pbzzhavpngvba. Jvgu
pbzchgref naq argjbexf, gurer ner znal bgure jnlf bs uvqvat
vasbezngvba, fhpu nf:
* Pbireg punaaryf (r.t., Ybxv naq fbzr qvfgevohgrq qravny-bs-
freivpr gbbyf hfr gur Vagrearg Pbageby Zrffntr Cebgbpby, be
VPZC, nf gur pbzzhavpngvbaf punaary orgjrra gur "onq thl" naq
n pbzcebzvfrq flfgrz)
* Uvqqra grkg jvguva Jro cntrf
* Uvqvat svyrf va "cynva fvtug" (r.t., jung orggre cynpr gb
"uvqr" n svyr guna jvgu na vzcbegnag fbhaqvat anzr va gur
p:\jvaqbjf\flfgrz32 qverpgbel?)
* Ahyy pvcuref (r.t., hfvat gur svefg yrggre bs rnpu jbeq gb
sbez n uvqqra zrffntr va na bgurejvfr vaabphbhf grkg)
Fgrtnabtencul gbqnl, ubjrire, vf fvtavsvpnagyl zber
fbcuvfgvpngrq guna gur rknzcyrf nobir fhttrfg, nyybjvat n hfre
gb uvqr ynetr nzbhagf bs vasbezngvba jvguva vzntr naq nhqvb
svyrf. Gurfr sbezf bs fgrtnabtencul bsgra ner hfrq va
pbawhapgvba jvgu pelcgbtencul fb gung gur vasbezngvba vf qbhoyl
cebgrpgrq; svefg vg vf rapelcgrq naq gura uvqqra fb gung na
nqirefnel unf gb svefg svaq gur vasbezngvba (na bsgra qvssvphyg
gnfx va naq bs vgfrys) naq gura qrpelcg vg.
Gurer ner n ahzore bs hfrf sbe fgrtnabtencul orfvqrf gur zrer
abirygl. Bar bs gur zbfg jvqryl hfrq nccyvpngvbaf vf sbe fb-
pnyyrq qvtvgny jngreznexvat. N jngreznex, uvfgbevpnyyl, vf gur
ercyvpngvba bs na vzntr, ybtb, be grkg ba cncre fgbpx fb gung
gur fbhepr bs gur qbphzrag pna or ng yrnfg cnegvnyyl
119
nhguragvpngrq. N qvtvgny jngreznex pna nppbzcyvfu gur fnzr
shapgvba; n tencuvp negvfg, sbe rknzcyr, zvtug cbfg fnzcyr
vzntrf ba ure Jro fvgr pbzcyrgr jvgu na rzorqqrq fvtangher fb
gung fur pna yngre cebir ure bjarefuvc va pnfr bguref nggrzcg
gb cbegenl ure jbex nf gurve bja.
Fgrtnabtencul pna nyfb or hfrq gb nyybj pbzzhavpngvba jvguva
na haqretebhaq pbzzhavgl. Gurer ner frireny ercbegf, sbe
rknzcyr, bs crefrphgrq eryvtvbhf zvabevgvrf hfvat fgrtnabtencul
gb rzorq zrffntrf sbe gur tebhc jvguva vzntrf gung ner cbfgrq
gb xabja Jro fvgrf.

( 6.15).
,
, (.. digrams, trigrams ..),
, .
E.

( 6.15),
, (number value)
;
6.15 .
, Cryptool.
; Cryptool
:
There are a large number of steganographic methods that most

of us are familiar with (especially if you watch a lot of spy
movies!), ranging from invisible ink and microdots to secreting
a hidden message in the second letter of each word of a large
body of text and spread spectrum radio communication. With
computers and networks, there are many other ways of hiding
information, such as:
* Covert channels (e.g., Loki and some distributed denial-of-
service tools use the Internet Control Message Protocol, or
ICMP, as the communications channel between the "bad guy" and
a compromised system)
120
* Hidden text within Web pages
* Hiding files in "plain sight" (e.g., what better place to
"hide" a file than with an important sounding name in the
c:\windows\system32 directory?)
* Null ciphers (e.g., using the first letter of each word to
form a hidden message in an otherwise innocuous text)
Steganography today, however, is significantly more
sophisticated than the examples above suggest, allowing a user
to hide large amounts of information within image and audio
files. These forms of steganography often are used in
conjunction with cryptography so that the information is doubly
protected; first it is encrypted and then hidden so that an
adversary has to first find the information (an often difficult
task in and of itself) and then decrypt it.
There are a number of uses for steganography besides the mere
novelty. One of the most widely used applications is for so-
called digital watermarking. A watermark, historically, is the
replication of an image, logo, or text on paper stock so that
the source of the document can be at least partially
authenticated. A digital watermark can accomplish the same
function; a graphic artist, for example, might post sample
images on her Web site complete with an embedded signature so
that she can later prove her ownership in case others attempt
to portray her work as their own.
Steganography can also be used to allow communication within
an underground community. There are several reports, for
example, of persecuted religious minorities using steganography
to embed messages for the group within images that are posted
to known Web sites.
6.5.2 Vigenere
Vigenere
, (.. ).
, ( )
.
6.5.2.1
Vigenere,
(startingexample-en.txt) ,
:
Encrypt / Decrypt Symmetric (classic) Vigenere
- OFLIFE ncrypt,
.
;
;

( 6.16 6.13);
(, );
121
6.16 Vigenere.
6.5.2.2
, , ,
,
Cryptool. , ,
, , .
, ,
.
. ,
.
Cryptool.
: File New ,

Vigenere. , ,
.
TBZJIMTBXYWJJKENZBBOIPWKLHEWCRLVQMSCTFBXHXHSOYOFSAXSTLZBAFMLZ
BDJODQSEJHLTYFYVLRSXSRMZHFYWKMWPGOOSMXWRTMSOJWQXCLSZBFFKJRQTS
XYQENQHJBCJSAFBAYCYJVXASXXQENQHJBPGSEFJBTBBIOVFBXYIOFZFXHTMCT
FGMFGPNBDGMFSERNFBICCYVBTKKJFTMMFYKXXHEFHXSSXLZBYVBPWKLCCFZIG
WOIGPMCRQRYJQLSTFSSAYCINJBNBQMSYFFKDOOIKFYVQMSZMWZPSKXGFSQBNV
XASDNJBSWQHVFHYBSTBJRXSRQWOFSSANHQTPBFQENQHJBFYVXXBBASOQSXWBB
IHLKZVWSMQWBIHEJCTSSONHYJVXASPFGZMWZPSKXPBMOSJGLNHFXBLQCKLSOF
BBFUIJGQNZINBPNGQJRQMSKFHRWOINGQNHEFGQMSEJOOYCCFBBFUIJOKIQXSG
RWSIDPBYORLVQYCCQMXKHBWHXQYFSUFYCSJFQMSQBCJJBXLFBJRQTTFSRLZHT
MSQMSOYVFXKXXDLXGFGZBLSKYZVYVBSOQZFXQWPYHLTYQMSBFUIJWKMWPFFJX
OKIGXNRVTIYJZLSUQTHEJGHDOKIBLYHLYVBJOOYVPYFBYQEKCOYVVTIOBWKLG
XSRCQMQMSBFUIJVLBSSJFTFGZTBCZGBIVBIWASCQPBLBKETVBBOPFBAXSBNBD
YVBHVFHYBSGBFHFSUQMSFWTBJREJXRRDBIRLBBQTPBBWQMHEJAXLOFSIKIWPR
OVJRQMSKFHRWOINGQYCLPHEJSXLZBTBQMSCTZITKFSUAFMRUCKYVBWCLKCCYV
BMCRXSXSRRWUBIVFRODFWKDCRFFBFBBFUIJGQWSQHVCTFQMMLZFTNBDXOKITI
DPRYHEJSXLZBBOPFTOFWATTENGRSYKTKKXSIKOKIKLWZAFBAOIJUSAICTSCKH
SJTFBKCOYVBHVFHYBSTBJRLSHEJHENFAIOVYVBSOQZFXQWPYFLXSBFFIDOKIH
LTYQMSBFUIJCRYCCYVBGOOSMXWRQTOENUERCRSHXNBQMSOJVBMSIIHEJYFSUL
KPFWRPMWDMOYTJBMWJFBAJBZTIOFUBIVFRODFWKXOVNBDDCRFFBFBBFUIJMLZ
122
PBQCKLHLYVBXYVFGTJZIFGQMSBFFQMGQWSQHVCTFQMMLZFTNBDXBLBOKITIDH
EJSXLZBQCLPSAFFLZBAGOZPHLBOOIHEJPXWBVFFAFBAZDQTHEJGHDGQNZIMSA
NRKTHCQMQMSKYVBSOQZFXQWPYZFKHBIVFRGQWOFLVQYCTFFAYVBXIKFBANHEF
DMJBBIHEFHQMSBFUIJPBLOKYCQWSJGZBFBAXZLBZVMSPYFBYQEJRENGTNBDXO
QQOPYKFYVXYFFZAMMOKYQODVBXCXWSAFKXDWKYCQMSEJOSJBPNHJFMYJHEFHQ
MSBFUIJGQNZIWSJJAYJFPYVBHVFHYBSGTNHESCPYOILWXNHJFMBASKGSQMOQM
SLHQXXWLSOIQMOJJFXWQXHEJPXWBVFFAGIQFGCFFXXOKDCKJYKTKPMSEFGKJJ
BWFBYIOSSAYCIJOAYVBQWCJCCFQENQHJBEJKXXOKJODQSBASKYVLZUEMSEFRY
JSKPSMYOKIHXRSAFGXHVFHYBSXRXHINYBYVBJODQSMJCMQSTMCEFJBQSXWBBI
HLYVFSYLKHEJAPJZSJGXXGLRSQMWKLHEJMXWSKYQXSFBISZNRBNBCFJLWCCYV
BNFOJOIUCQJBQNOIYVBDQXSPBHCJJKFSBBWG
: Analysis Tools for Analysis N-Gram
Selection Trigram Compute List

,
( 6.17).
6.17 .
,

(.. digrams, trigrams ..).
THE.
THE, -.
QMS 20 . .
QMS .
.
Vigenere,
Vigenere Square ( 6.2) :
123

.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D R F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F I H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z Z B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S U
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T V
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U W
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V X
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y
Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Z
6.2 Vigenere Square.
, ,
. , :
O Q ,
- .
O F,
F.
O S W,
W.
, XFW.
Cryptool
: Encrypt / Decrypt Symmetric (classic) Vigenere, XFW
Decrypt.
-
.
124
QMS. ,
, THE .
,
: YVB.
5 7

, - (FOX).
, ,
, .
- ;
,
.
,
.
(autocorrelation) Cryptool.

, , .
,
. ,

. 6.3,
3 .
T B Z
J I M
T B X
Y W J
J K E
N Z B
B O I
P W K
L H E
6.3 (3) .
, ( ;)
6.5.1.2 (
). ,
, .
Kahn, D. (1996). The codebreakers: the story of secret writing (Rev. ed.). New York: Scribner.
Manuel, M. (2008). Cryptography and Security Services: Mechanisms and Applications: Mechanisms and
Applications. IGI Global.
Mollin, R. A. (2005). Codes: the guide to secrecy from ancient to modern times. Boca Raton: Chapman &
Hall/CRC.
125
Oppliger, R. (2011). Contemporary Cryptography, Second Edition. Artech House.
Stallings, W. (2014a). Cryptography and network security: principles and practice (Seventh edition). Boston:
Pearson.

.
.
1. :
) .
) .
) .
) .
2. :
) .
) .
) .
) .
3. :
) .
) .
) .
) .
4. , :
) .
) .
) .
d) .
5.
) .
) .
) .
) .
6. :
)
.
)
.
)
.
)
.
126
7. :
) .
) bit bit.
) .
) .
8. :
) .
) .
) .
) .
9. Binary-Exclusive XOR Cryptool:

) .
) .
) .
) XOR .
10. :
) .
) .
) .
) .
1
.
.
2
.
.
.
3
Cryptool Individual Procedures Visualization of Algorithms
Caesar Vigenere
.
4
Enigma. Enigma .
.
127

,
.

, .
128
7.
,
. ,
. ,
, , ,
bit .
, Cryptool,
,
.

, 6,
.
7.1

, .
.
, (.. )
,

:
, .
H M
C.
C ,
M,
.
, ,
,

, .
,
,
,
. , , n
, n(n-1)/2 (.. 2
1, 11 55 ).
,
.
1976, W.Diffie M.E.Hellman New Directions in
Cryptography, ,
129
, ,
Diffie Hellman (DiffieHellman key exchange)
. ,
: (+) (-). ,
, (+)
. , ,
(-). , ,
, n 2n .
,
, .
,
,
,
() .
7.2

. , ,
, DES (Data Encryption Standard),
3DES (triple-DES) AES (Advanced Encryption Standard). ,
.
7.2.1 DES
Data Encryption Standard (DES) ,
(Federal Information Processing Standard) FIPS 46
1977.
1973, , NIST
( NBS)
,
:
.

.
.
.
.
.
.
,
, Lucifer IBM,
, ,
DES. O DES :
(56 bits), 128

bit Lucifer.
(brute-force attacks).
130

.
S-box ( ),
Lucifer, (backdoor),
,
. ,
S-box,

(validation) .
DES Feistel 16 .
48 bit, .
64bit, bit
. (block) 64 bit
(64 bit). , ,
64 bit , ,
64 bit.
:
7.2.1.1
16 48bit, :
64bit, (permutation),
bit 56 , PC1
(Permuted Choice One) 7.1.
, 56bit : C0 D0,
28bit ( 7.1).
16 DES:
o Ci-1 Di-1 ,
1 bit 1, 2, 9 16,
2 bit .
Ci Di
o Ci Di
, PC2 (Permuted Choice Two)
7.2, Ki , 48 bits.
C 57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
D 63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
7.1 PC1.
131
14 17 11 24 1 5 3 28
15 6 21 10 23 19 12 4
26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32
7.2 PC2.
7.2.1.2
DES , 64 bit.
(Initial Permutation),
IP ( 7.3). , ,
L0 32 bit R0 32.
L0 R0 Feister 16 ,
i- :
(Li = Ri-1).
Ri-1,
48bit, (Expansion Permutation),
7.4.
XOR Ri-1 Ki.
XOR, 48bit, 8
8 S-box, 7.5,
4bit, :
o bit, bit
bit, S-box.
o bit, bit
bit, S-box.
o S-box
, S-box.
, 100110 S-box (S1),

, (10)
(0011), 8. , bit: 1000.
(0).
, bit ( 8x4 = 32bit)

, P 7.6,
Ri-1.
H XOR
Ri-1 Li-1 (Ri = Ri-1 Li-1).
64 bit L16 R16,

, (Inverse Permutation
IP-1), 7.6, .
132
L0 58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
R0 57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
7.3 IP.
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
7.4 .
S1 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
S2 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
S3 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
S4 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
S5 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
S6 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
S7 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
S8 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
7.5 S-boxes.
133
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25
7.6 P.
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
7.7 Inverse Permutation IP-1.
7.2.1.3 3DES
, DES
(brute-force attack).
, DES
DES , M C=EDES(2,
EDES(1,)). , Double DES
112bit.
:
K, C=EDES(2, EDES(1,))= EDES(,).

K.
Campbell Wiener 1992.
X=EDES(1,M)=DDES(K2,C). M, C,
M K1. , C
K2.
1 2. , Meet-in-the-
middle Double DES 3DES
(Triple-DES).
, .
, K1,
K2 K1, 7.1.
, 2112 .
7.1 Triple DES.
,

DES, 1=2. , 3DES ,
134
2168 . ,
K3.
7.2.2 AES
1997, o NIST DES.
, :
.
.
128, 192 256 bits.
,
:
MARS, IBM ().

RC6, RSA Laboratories ().
Rijndael, Joan Daemen Vincent Rijmen ().
Serpent, Ross Anderson (), Eli Bihar (), Lars Knudsen
().
Twofish, Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris
Hall, Niels Ferguson ().
, Rijndael,
.
7.8, Rijndael:
(Word/Byte/Bit) 4/16/128 6/24/192 8/32/256

(Word/Byte/Bit) 4/16/128 4/16/128 4/16/128
10 12 14
(Word/Byte/Bit) 4/16/128 4/16/128 4/16/128
7.8 Rijndael.
O Rijndael Advanced Encryption

Standard (AES) (FIPS 197) 128 bit
National Institute of Standards and Technology (NIST) 2001.
AES :
AES, 128bit. bit

4 x 4 byte, state ( 7.2).
Rijndael, 4
.
135
7.2 byte State.
AES :
(XOR) (AddRoundKey).
byte (Sub Bytes),

(Shift Rows), byte (Mix Bytes)
(AddRoundKey).
byte (Sub Bytes),

(Shift Rows) (AddRoundKey).
O ,
7.9.
128 bit 192 bit 256 bit

128 bit 10 12 14
192 bit 12 12 14
256 bit 14 14 14
7.9
, AES Rijndael 128 bit,

10, 12 14 128, 192 256 bits .
7.3.
136
7.3 AES.
7.2.2.1
bit 32, k
(word) 32bit. (
) Nw(Nr+1) , Nw
Nr , :
k ( ) .
Nr :
o k
XOR
k .
o k XOR
k f
.
137
7.4.
7.4 .
n n/k . 128 bit,

4x(10+1)=44 , 44/4=11 (0=),
7.3, n=10.
f Nr
( ), :
.
byte (B0, B1, B2, B3) : (1, 2, 3, 0)
S-box, 7.10,
byte byte S-box
4bit byte
4bit. , byte 7C
byte 10.
, XOR
Rcon Nr
138
( ). 7.11.
f.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
1 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
2 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
3 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
4 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
5 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
6 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
7 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
8 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
9 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16
7.10 AES S-Box.
Nr Rcon
1 01 00 00 00
2 02 00 00 00
3 04 00 00 00
4 08 00 00 00
5 10 00 00 00
6 20 00 00 00
7 40 00 00 00
8 80 00 00 00
9 1B 00 00 00
10 36 00 00 00
11 6C 00 00 00
12 D8 00 00 00
13 AB 00 00 00
14 4D 00 00 00
7.11 Rcon.
7.2.2.2
,
, 7.3.
7.2.2.2.1 AddRoundKey
XOR .
7.2.2.2.2 SubBytes
byte , S-box 7.9

, f.
139
7.2.2.2.3 ShiftRows
.
1 byte.
2 byte.
3 byte.
ShiftRows 7.5.
7.5 ShiftRows.
7.2.2.2.4 MixColumns
Si () , Si
:
'
S 0 ,i S 0 ,i 02 03 01 01
'
S 1 ,i S 01 02 03 01
1 ,i

S 2 ,i
'
S 01 01 02 03
2 ,i

' S
S 3 ,i 3 ,i 03 01 01 02

(7.1)
Sk,i - byte Si modulo(x4-1). :
0 2 0 3
'
S 0 ,i
S 0 ,i
S 1,i S 2 ,i
S 3 ,i
0 2 0 3
'
S 1 ,i S 0 ,i
S 1,i S 2 ,i
S 3 ,i
0 2 0 3
'
S 2 ,i
S 0 ,i
S 1,i S 2 ,i
S 3 ,i
0 3 0 2
'
S 3 ,i S 0 ,i
S 1,i S 2 ,i
S 3 ,i
(7.2)
XOR. , {03} Sk,i = {02} Sk,i Sk,i. T, {02}Sk,i

:
bit Sk,i 0, (left shift) bit (

),
140
bit Sk,i 1, bit
XOR byte
(00011011).
, , D4BF5D30 0466815.
7.2.3
7.2.3.1 Electronic Codebook (ECB)
DES, ,
. o
Electronic CodeBook (ECB). O Codebook ,
, .
( )
().
7.6 ECB.
ECB,
, .
,
.
7.2.3.2 Cipher Block Chaining (CBC)
, ECB,

. , i XOR i+1,
7.7.
141
, ,
(Initialization Vector - IV) . IV
, , .
7.7 CBC.
7.2.3.3 Cipher FeedBack Mode (CFB)
.
.
CFB, ,
1 bit ( byte). k
. , , ,
, (IV).
,
( 7.8)
. , k bit,
XOR,
.
( - feedback) ,
, k bits. ,
.
142
7.8 CFB.
7.2.3.4 Output FeedBack Mode (OFB)
OFB CFB.
k bit
( 7.9).
7.9 OFB.
7.3
,
, , .. bit .

/ , .
,

.
, ,
.
, . ,
143
, ,
(key escrow) .
,
, .. ( , ).
,
:
/:
, .
.
:
.
.

(hashing
function) .
.
:
( ) .

, .
:

RSA
Diffie - Hellman
DSS
Elliptic Curves
7.12 .
7.3.2 RSA
RSA.
Ron Rivest, Adi Shamir, Len Adleman
1977. RSA, (blocks)
,
n.
m
c :
e
c m m od n
(7.3)
, , :
d
m c m od n
(7.4)
{e,n} , {d,n}
.
oi :
144
e, d, n medmodn = m m<n.
me cd m<n.
{d, n}, d,
{e, n}.
.
p q
.
RSA:
p q.
n=pq.
(n)=(p-1)(q-1).
e, (n).
() .
d ed=1mod((n)).
p q,
e n. p q (n)
e d. p q,
(factorization) n, modulus 1024bit
. ,
RSA, .
. ,
p=7 q=11.
n=pq=77.
(n)=(7-1)(11-1)=60.
e, 60. e=13.
{13,77}.
d, ed mod (n) = 1.
37. {37,77}.
3 (3<77) RSA
.
:
e 13
c m m od n 3 m od 77 38
(7.5)
38. ton ,
, n . :
145
d 37
m c m od n 38 m od 77 3
(7.6)
7.4 Cryptool
, Cryptool, PGP
Linux
.
7.4.1
7.4.1.1 DES-CBC
Cryptool, startingexample-en.txt
.
View As Hexdump.
startingexample-en.txt, ASCII.
7.10 HexDump.
Analysis Tools for Analysis Histogram.

, .
. .
256 ( 26);
146
7.11 .

DES :
: Encrypt/ Decrypt Symmetric (modern) DES(CBC)
01 29 38 47 57 66 AB EF
Encrypt
.
Analysis Tools for Analysis Histogram
7.12 .
( )
7.12 7.13. ;
7.4.1.2 ECB CBC
Cryptool
File New. Cryptography
147
( ) (
20 ), .
.
DES (CBC)
DES (ECB), : 01 29 38 47 57 66 AB EF, .
( 7.13). ;
7.13 .
: 01 29 38 47
57 66 AB EF. Encrypt / Decrypt Symmetric (modern) DES (ECB),
Decrypt,
ECB ( 7.14). ; ;
7.14 ECB CBC.
148
7.4.1.3 DES Weak Keys

. :
Cryptool,
CrypTool-en.txt.
: Encrypt/Decrypt Symmetric(modern) DES(ECB)

, : 01 01 01 01 01 01 01 01
Encrypt.
.
. ;
;
7.4.1.4 Brute Force
brute force
, 3DES.
Cryptool
Cryptool-en.txt directory examples
Cryptool.
: Encrypt/Decrypt Symmetric (modern) Triple DES (CBC).
: 01 23 45 67 89 CD EF FE DC BA 98 76 54 32 10 (128bits).
Encrypt.
brute-force .
:
: Analysis Symmetric Encryption (modern) Triple DES (CBC)
, , 24
bits . : ** ** ** 67 89 AB CD EF FE DC BA 98 76 54
32 10 .
Start. .
( 7.15).
.
; ;
149
7.15 .
7.4.1.5 GPG .. Linux
Linux
gpg, which gpg. gpg ,
. , RedHat (CentOS,
Oracle Linux) yum install gpg Debian (Debian, Ubuntu, Mint) apt-get install gpg
.
gpg
( 7.16): gpg --version ,
, : gpg --version | grep Cipher
7.16 .
test-symcrypt :
mkdir test-symcrypt
directory :
cd test-symcrypt
myfile.txt Sample text
echo Sample Text > myfile.txt
AES256 :
150
gpg --symmetric --cipher-algo aes256 -o myfile.txt.gpg
myfile.txt
(.. passphrase)

ls al
cat myfile.txt
gpg d o myfile-decrypted.txt myfile.txt.gpg
, TWOFISH
CAMELLIA256
gpg -symmetric -cipher-algo TWOFISH myfile.txt
gpg -symmetric -cipher-algo CAMELLIA256 myfile.txt
wget http://www.gutenberg.org/cache/epub/1727/pg1727.txt
, ( 7.17):
time gpg -symmetric -cipher-algo aes256 o

odyssey_aes256.txt.gpg pg1727.txt
7.17 .

( 10) user 7.13:
151
(sec) (bits)
DES
3DES
CAST5
BLOWFISH
AES
AES192
AES256
TWOFISH
CAMELLIA128
CAMELLIA256
7.13
(time command)
.

/, (testing).
7.4.2
, RSA,
.
7.4.2.1 RSA
Cryptool : Digital Signatures / PKI PKI Display /

Export Keys
,
Cryptool ( 7.18).
7.18 .
152
, & . :
Digital Signatures / PKI PKI Generate / Import Keys ( 7.19).
7.19 Cryptool.
RSA modulus 2048 bits. (User data). ,

, Jim Bell NSA, :
Last name: Bell

First name: Jim
Key Identifier: NSA
PIN: protect
Generate new key pair. ,

,
( 7.20).
7.20 Cryptool.
, Show key pair
7.4.2.2 RSA
, ,
. ,
:
153
: Digital Signatures / PKI PKI Key Display / Export

Export PSE (PKCS #12) PIN

. , PIN PKCS#12 . PIN

PKCS#12 PIN. , ( 7.21).
7.21 PKCS#12.
,
. ,
email / .
7.4.2.3 RSA
.
Cryptool, : Digital Signatures / PKI PKI Key Generation/ import
PKCS#12 Import.
PIN

7.4.2.4 RSA
Cryptool : File New .

: Encrypt / Decrypt Asymmetric RSA Encryption
. Encrypt
( 7.22).
154
7.22 RSA.
, : File Save as
.
. ;
;
7.4.2.5 RSA
Cryptool .
: Encrypt/Decrypt Asymmetric RSA Decryption.
, PIN Decrypt.
;
;
Delfs, H., & Knebl, H. (2007). Introduction to Cryptography. Berlin, Heidelberg: Springer Berlin Heidelberg.
Retrieved from http://link.springer.com/10.1007/3-540-49244-5
Konheim, A. G. (2007). Computer security and cryptography. Hoboken, N.J: Wiley-Interscience.
Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of applied cryptography. Boca Raton:
CRC Press.
Paar, C., & Pelzl, J. (2010). Understanding cryptography: a textbook for students and practitioners. Heidelberg;
New York: Springer.
Stallings, W. (2014a). Cryptography and network security: principles and practice (Seventh edition). Boston:
Pearson.
Stallings, W. (2014b). Network security essentials: applications and standards (Fifth edition). Boston: Pearson.
Stinson, D. R. (2006). Cryptography: theory and practice (3rd ed). Boca Raton: Chapman & Hall/CRC.
155
., . (2002). . :
.

.
.
1. O DES :
) .
) .
) .
) .
2. O DES-OFB :
) .
) .
) .
) .
3. O ES :
) .
) .
) .
) .
4. AES :
) 64bit.
) 128bit.
) 256bit.
) 512bit.
5. O DES Feistel;
) .
) CBC.
) ECB.
) .
6. S-box AES :
) SubBytes.
) ShiftColumns.
) MixRows.
) AddRoundKey.
) Key Expansion.
7. O RSA :
) p q.
) p q.
) 1024 bits.
156
) 1024 bits.
8.
) 3 20
) 5 20
) 7 20
) 1 20
9. H DES,
3DES :
) K1=K2.
) K1<>K2.
) .
) .
10. RSA {7,33} 2 :

) 27.
) 29.
) 2.
) .
1
Cryptool ( hexdump)
DES ECB CBC mode .
.
2
DES AES
. DES
3DES.
3
Cryptool Encrypt/Decrypt Asymmetric RSA Demonstration
RSA ( 7.23).
.
157
7.23 RSA.
158
8.
,

. ,
, (cryptographic hash functions),
. ,
,
, .

, 6 7,
.
8.1
(hashing function) h m bit,
, h(m) bit , k bit
( ).
(ease-of-computation) , (message digest hash
value).
h m
xi, i = 1n, .
h0, , : hi = f (xi || hi-1), i =
1n, || (concatenation). H hn
h m. ,
f bit ( 8.1).
8.1 .
8.1.1
, (),
( bit), x1, x2, , xn j bit.
j bit, (padding) :
1: ( )
( ).
159
2: (
).
3: 2,
.
, ,
,
2 3, /
. 1
.
8.1.2

():
(preimage resistance) (one-way):

y,
x h(x) = y.
(second preimage resistance)

(weak collision resistance): x h(x),
x h(x)
= h(x).
(collision resistance) (strong

collision resistance):
x x, h(x) = h(x).
x x h(x) = h(x),
, . ,
,
.
,
.
8.1.3
,
(computationally infeasible) (collisions).
, .. (brute force attack),
. ,
,
.
(birthday paradox),

. 23 ,
(365 )
0,5. 23 ,
(365/2) 183 .
160
, k n
( k = 23 n = 365). pn,k
. pn,k e-k(k-1)/(2n)
, , :
k (1 1 8 n lo g 2 ) / 2
(8.1)
(.. n = 365, k 22, 99994) pn,k 1/2.

, k bit x(i) n bit ( 1 i k)
h(x(i)),
bit 0,5.
, -
160 bit ( 256 bit).
8.2
(
DES-CBC), ( MD5
SHA).
, ,
.
8.2.1 MD5
MD5 (Message-Digest algorithm 5), Ron Rivest
[RFC 1321] 1991 ( MD4) ,
(U. S. Department of Homeland Security)
SHA, MD5
(collision resistant) , . MD5
, ,
.
, 512 bit. O MD5
, 512 bit, :
bit 1,
(postfix).
, bit 0,
448 bit.
, ( 64-bit)
.
, MD5 (initial seed) (4)

(A, B, C, D), 32-bit .
8.1.
A 01 23 45 67
B 89 AB CD EF
161
C FE DC BA 98
D 76 54 32 10
8.1 MD5.
, (128-bit),
(buffer) MD5, ,
16- (512-bit).
(4) , 16 .
,
. ,
(message digest).
8.2 MD5.
MD5, Ronald Rivest, : "

264
2128 ".
128-bit string x, m
MD5 x.
, 1996 MD5, 2004
, .
, . ,
SHA, ,
SHA-1.
8.2.2 SHA
SHA, 1993 NIST (FIPS PUB 180),
Secure Hash Standard, SHA-0,
NSA. 1995 SHA-1 (FIPS PUB 180-1).
SHA-1 (Secure Hash Algorithm 1)
.
MD4, MD5. SHA-1
160-bit. SHA-1 MD5,
. SHA-1
264 1 bit, .
O SHA-1 (initial seed) 160 bit
(5) (A, B, C, D, E), 32-bit .
8.2.
162
A 67 45 23 01
B EF CD AB 89
C 98 BA DC FE
D 10 32 54 76
E C3 D2 E1 F0
8.2 SHA-1.
SHA , MD5,
512. 512 bit, 4 (20)
. , 80 ,
5 32 bit (, , C, D, E).
NIST ( 2001 ),
, SHA-2: SHA-224, SHA-256, SHA-
384, SHA-512. SHA,
, 8.3, ,
SHA:

x

SHA-0 160 512 264-1 32 4 x 20
SHA-1 160 512 264-1 32 4 x 20
SHA2 SHA-224 224 512 264-1 32 4 x 16
SHA-256 256 512 264-1 32 4 x 16
SHA-384 384 1024 2128-1 64 4 x 20
SHA-512 512 1024 2128-1 64 4 x 20
8.3 SHA.
2003 Secure Hash Standard (SHS),

(3) . SHS
Digital Signature Algorithm (DSA) . Secure
Shell (SSH), (FIPS PUB 180-2),
SHA SHA-1, SHA-256, SHA-384 SHA-512.
8.3
,

.
(message digests).
,
( ),
( ). , (..
) , ,
.
. , ,
. , .
, o
.
,
(Message Detection Code, MDC), .
163
, (data origin
authentication)
(Message Authentication Code, MAC).
8.3.1 MDC
,
, . ,
.
,
(.. ).
, ,
,
.
(fingerprint)
. 8.3:
8.3 .
, .
,
(
),
.
(Manipulation Detection Code - MDC),
(Message Integrity Code - MIC),
. :
(one-way hash functions OWHF)

, ,
.
(collision-resistant hash functions

CRHF) , ,
.
, , bit,
(unkeyed hash functions).
8.3.2 - MAC
(Message Authentication Code - MAC)
(data origin authentication) .
:
164
,
MAC.
,
- (MAC) , .
MAC :
M A C fk m
(8.2)
f - m, k
.
MAC CBC-MAC,
(.. DES, 3DES, AES)
(mode of operation) CBC.
CBC-MAC n-bit
m-bit MAC (m n). , (padding)
n-bit. , CBC mode. ,
( n-bit) m1, m2, ..., mq , MAC 8.4:
8.4 CBC-MAC.
:
I1 m 1 S V
(8.3)

O1 ek I1
(8.4)
i=1,2,3,,n:
Iq m q
O q 1
(8.5)

O q
ek I
q
(8.6)
Oq m bit
MAC.
165
XOR SV (starting variable)
( plaintext) .
MAC ,
(origin) .
, MAC,
.

MAC. 8.5,
MAC .
8.5 C.
H MAC .
, ,
MAC. ,
.
, :
: .

MAC, .
:
.
,
MAC.

.
MAC cut-and-paste. MAC
CBC (CBC-MAC)
(truncation), m1 m2 MAC
k, , MAC ,
() k.
MAC . , :
MAC1 = ek(m1)
MAC2 = ek(m2)
166
, MAC2 MAC m3 m1 || m2 MAC1,
XOR.
MAC,
, (padding).
8.3.3 HMAC
MAC,
(hash-functions), (concatenation)
.
MAC HMAC (hashed MAC).
(keyed hash functions).
.
h
HMAC, k m :
HM AC m h K 1 || h K 2 || m
(8.7)
h ,
K1 K2 k
|| bit.
K1 K2 k
bit (padding) , : 1 = k || p1 2 = k || p2.
FIPS PUB 198 ( 2002) HMAC
, . HMAC

.
Burnett, S., & Paine, S. (2001). RSA Securitys Official Guide to Cryptography. Berkeley, CA, USA:
Osborne/McGraw-Hill.
Forouzan, B. A. (2008). Introduction to cryptography and network security. Boston: McGraw-Hill Higher
Education.
Konheim, A. G. (2007). Computer Security and Cryptography. Hoboken, NJ, USA: John Wiley & Sons, Inc.
Retrieved from http://doi.wiley.com/10.1002/0470083980
Stallings, W. (2014). Network security essentials: applications and standards (Fifth edition). Boston: Pearson.
Stinson, D. R. (2006). Cryptography: theory and practice (3rd ed). Boca Raton: Chapman & Hall/CRC.
., . (2002). . :
.
167

.
.
1. :
) .
) .
) .
) .
2. :
) 128 bit .
) .
) .
) .
3. MD5 :
) 32 bit
) 64 bit
) 128 bit
) 160 bit
4. :
) .
) .
) .
d) .
5. MAC :
) .
) .
) .
) .
6. :
) Message Authentication Code (MAC)
) Hashed MAC (HMAC)
) SHA1 digest
) MD5 digest
7. (.. 2234 bit), :

) MD5
) SHA1
) SHA224
) SHA512
8. 1040 bytes
SHA256;
) 1
) 2
) 3
) 4
168
9. AC;
) .
) .
) .
) .
10. HMAC :
) .
) .
) .
) .
169
9.
,

,
. ,
,
, .

.

, 1,
6, 7 8.
9.1
6 7,

. ,
,
. .
; , ,

;

(). ,
,
(integrity) . , .
, .
, ,
, .
.
:
(origin authentication):
.
(non-repudiation):
, .
(integrity):
.
,
(Public Key Cryptography PKC).
RSA, DSA/DSS El-Gamal.
170
9.1.2
9.1.2.1 RSA
, RSA
.
, ()
RSA. RSA
. ,

, 9.1.
9.1 .
,
, . ,

, ,
( ),
( 9.2):
,
,
, ,

.
, (
).
( ).
171

.
9.2 RSA.
9.1.2.2 El-Gamal
El-Gamal
El-Gamal, , RSA,
.
, , q
(generator) , q n,
1 q-1, k n = k modq. k ( )
n , mod q : k = inda,q(n).
. XA, 1<XA<q-1.
, :
X
YA a A
m od q
(9.1)
XA.
{q, , YA}.
, :
h , 0<h<q-1.
K, 0<<q-1 K q-1.
: S1=Kmodq.
: S2= K-1(h-XAS1)mod(q-1).
172
, (S1, S2).
: V1=hmodq, h
.
V2=(YA)S1(S1)S2modq.
V1=V2, !
q=11 =2 ( 2 11).
XA=4 .
YA=24mod11=5. {11, 2, 5}.
8. =3
q-1=10.
S1=23mod11=8.
S2= 7(8-4(8))mod(10)=2.
, (8, 2).
, :
V1=28mod11=3.
V2=5882mod11=3.
, .
9.1.2.3 DSA/DSS
Digital Signature Standard (DSS) National Institute of Standards

(NIST) 1994. DSS Digital Signature
Algorithm (DSA), El-Gamal. ,
.
DSA, RSA, ,
,
.
, :
q.
, p 512 1024 bits,

q (p-1).
g=n(p - 1)/q modp, n 1<n<(p-1)
173
x, 0<x<(q-1). x .
x, (p,q,g,y), y
y=gxmodp
h, r s :
r=(gk modp) modp
s=(k-1(h+xr) )modq, k .
, r s h. ,
:
w=s-1 modq
u1=(hw) modq
u2=rw modq
u=(gu1yu2 modp) modq
w=u.
9.2
, ,
. , ,
.
KA-
, KA+ .
KA+, (.. email),
. , ,
KA+ .
KA+ KA-
.
, KA-

(
). , ,
,
. , ,
, :
,
-,
.
(digital certificates)
(Public Key Infrastructures - PKI).
174
9.2.1
,
.
, /
, . ,
.
, .
X.509 ,
:
(version): . (3) ,
3. , .
(serial number): , ,
.
(Signature algorithm identifier):

.
(issuer name):
X.500.
(Validity date): (-)

.
(Subject name):
.
(Subjects public key information):

, .
2,
(Issuer unique identifier):

,
X.500, .
(Subject unique identifier):

, X.500,
.
3, (extensions)
. extension :
(extension name)
(criticality indicator)
(extension value), .
, ,
().
.
, .
, 9.3
175
9.3 X.509.

, ,
( ) (Trusted Third Party TTP).
,
, ...
(Public Key Infrastructure - PKI).
9.2.2
NIST ()
, ,
, .
PKIX (Public Key Infrastructure X.509), IETF (Internet
Engineering Task Force)
, X.509. PKIX, :
- (End entities).
. .
(Certificate Authority - CA). ,

.
176
(Registation Authority - RA).
-
CA.
CRL (CRL Issuer).

(CRL).
(Repository):
(Certificate Revocation Lists CRL).
,
9.4.
9.4 PKIX.
9.2.3
PKIX, :
(registration):
(CA).
(initialization): ,
.
(certification):
CA.
177
(key-pair recovery):
(.. ), .
(key generation):
.
(key update):
, -.
(cross-certification):
CA.
(revocation):
.
9.2.4
CA .
. ,
, :
:
. CA ,
CA. ,
, (Root CA),
(self-signed).
Root CA CA
(Intermediate CA)
CA
-.
Root CA
( 9.5).
9.5 .
178
-: , -
CA . ,
CA,
- ( 9.6).
9.6 -.
: - ,
9.7.
9.7 .
9.3
OpenSSL .. Linux,
. .. Linux,
179
OpenSSL
.
(secure website). :
(/),
CA
,
(browser)
.
9.3.1
9.3.1.1 RootCA
(directories) :
cd ~; mkdir CA; mkdir Site
OpenSSL ( 9.8):
find / -name openssl.cnf 2> /dev/null
9.8 OpenSSL.
9.8 /etc/pki/tls.
,
:
sed -i "/policy = /c\policy = policy_anything" \

/etc/pki/tls/openssl.cnf
, :
cd /etc/pki/CA
touch index.txt
echo 1000 > serial
Root CA,
.
9.3.1.2 Intermediate CA
home directory :
180
cd ~/CA
openssl req -new -x509 -keyout ca.key -out ca.crt
, ca.key CA ca.crt
. OpenSSL
CA, ( 9.9).
9.9 .
ls la
cat ca.key
cat ca.crt
; ;
.
PKILabServer.
O :
cd ~/Site
openssl genrsa -aes128 -out pkilabserver.key 2048
passphrase (.. pkilabserver)

. ; / / /
;
9.3.1.3
.
certificate request (.csr)
. , ,
CA:
openssl req -new -key pkilabserver.key -out pkilabserver.csr
181
domain: pkilabserver.com.
Common Name Certificate Request. Common Name SSL Certificate
(hostname) .
passphrase (
pkilabserver)
. Common Name.
challenge password optional company name, ( 9.10).
9.10 .
,
(csr) . ;
9.3.1.4
CA Certificate Request :
cd ~/CA
openssl ca -in ../Site/pkilabserver.csr -out \
../Site/pkilabserver.crt -cert ca.crt -keyfile ca.key
182
9.11 .
, .
9.3.2 SSL
OpenSSL Web server,
,
cd ~/Site
cat pkilabserver.key pkilabserver.crt > pkilabserver.pem
openssl s_server -cert pkilabserver.pem www

pkilabserver.com (pkilabserver). O Web server 4433. ,
:
openssl s_server -cert pkilabserver.pem www -accept pNum
pNum tcp . UNIX/Linux,

1024.
183
9.12 OpenSSL Web Server.
, browser :
http://<OpenSSL_Server_IP>:4433, <OpenSSL_Server_IP> IP host
Web Server.
; browser;
. ;
9.13 .
browser ,
;
; TLS;
184
9.14 .
9.15 .
185
9.3.4
, OpenSSL
.
myCal :
Cd ~/Site
cal > ./myCal
myCal SHA256
:
openssl dgst -sha256 -sign pkilabserver.key -out \

myCal.sha256 myCal
openssl dgst -sha256 -verify \

<(openssl x509 -in pkilabserver.crt -pubkey -noout)\
-signature myCal.sha256 ./myCal
myCal ( )
. ;
9.16 .
Choudhury, S., Bhatnagar, K., & Haque, W. (2002). Public key infrastructure: implementation and design. New
York, NY: M&T Books.
Housley, R., & Polk, T. (2001). Planning for PKI: best practices guide for deploying public key infrastructure.
New York: Wiley.
Katz, J. (2010). Digital signatures. New York: Springer.
Nash, A. (Ed.). (2001). PKI: implementing and managing E-security. New York: Osborne/McGraw-Hill.
Rhodes-Ousley, M. (2013). Information security: the complete reference (2nd. Ed). New York;London:
McGraw-Hill Education.
Stallings, W. (2014). Cryptography and network security: principles and practice (Seventh edition). Boston:
Pearson.
186
., . (2002). . :
.

.
.
1. :
) .
) .
) .
) .
2. :
) .
) .
) .
) .
3. :
) .
) .
) .
) .
4. DSS:
) .
) .
) .
) .
5. :
) .
) .
) .
) .
6. :
) .
) .
) .
) .
7. Root CA:
) .
) .
187
) CA.
) .
8. version 3 X.509:
) .
) .
) .
) .
9. , (intermediate CA):
) .
) Root CA.
) .
) CA.
10. DSA:
) .
) .
) .
) .
6.
: RSA, El-Gamal DSA (DSS)
. , , .
188
10. - VPN

. , ,
,

. ,
.

,
.
10.1
,
. , ()
,
, .
,
(commuters),
. ,
, .
, (
),
.
,
:
, .
.
, .
, ()
on-demand, dial-up
, .

( ) , (Internet),
.
,
. (virtual connection)

, 10.1.
( ),
- (Virtual Private Network VPN).
189
10.1 .
VPN 3 ,
. , :
(Host-to-Host),
(host).
(Host-to-Gateway),
(gateway).
(Gateway-to-Gateway),
.
,
VPN, :
Hub & Spoke: VPN

( 10.2).
(LAN-to-LAN)
(remote access).
10.2 Hub & Spoke.
Partial Mesh: partial mesh ( 10.3)

,
.
190
10.3 Partial Mesh.
Full Mesh: Full Mesh ( 10.4)

.
10.4 Full Mesh.
, VPN
, . ,
, .
, ,
. ,
VPN.

.
VPN
. ,
, 10.1.
VPN
(Application) SSH Tunneling
(Transport) SSL VPN
(Internet) IPsec VPN
(Data Link) L2LP
10.1 VPN .
10.1.1
VPN ,
:
191
. VPN
() . /
.
.
. VPN, ,
. , ,
,
.
. VPN
.

.
10.1.2 VPN
VPN,
:
: VPN
. ,
, ,
.
: VPN
,
.
:
. ,
.
QoS: (Quality of Service)

. VPN
,
,
(best-effort). , QoS
VPN.
10.2 SSH Tunneling

SSH (Secure Sell), ,
(shell), . SSH
Client-Server. , SSH daemon,
(clients) TCP ( 22). ( )
192
, ,
( 10.5).
10.5 SSH.
SSH,
, (port forwarding).
. ,
SSH .
SSH , SSH tunneling.
10.6 SSH Tunneling.
10.6, (SSH Client)

10000/tcp 192.168.0.21 . SSH tunneling,
, ,
192.168.0.21:10000. .
SSH Tunneling VPN ,
. SSH
( firewall
). , , TCP,
(overhead) ,
.
10.3. TLS/SSL VPN

SSL (Secure Sockets Layer), TLS (Transport Layer Security),
. Netscape 1995 2.0
193
3.0. ,
( PCT STLP Microsoft). , IETF RFC2246 TLS 1.0
SSL 3.0 ( ).
TLS ( SSL),
Web server Web browser. ,
( POP, IMAP, SMTP) (FTP).
, VPN:
Portal VPN: portal VPN (Web server)

Web browser.
( https)
.
portal VPN
Web Server Web . .
,
Web browser URL
Web Server. 10.7 Web server
( )
(.. links file server).
10.7 SSL Portal VPN.
Tunnel VPN: tunnel VPN

SSL/TLS gateway

gateway ( 10.8). , portal VPN
client,
browser (java applet, activeX component ).
TLS Tunnel VPN OpenVPN.
194
10.8 SSL Tunnel VPN.
10.4 IPsec VPN

IPsec IP
,
. , IPsec
:
- Internet Key Exchange (IKE)

o Encapsulating Security Payload (ESP)
o Authentication Header (AH)
(Security Associations SA)

. ,
.
10.4.1

(Security Parameter Index
SPI), .
,
Security Association Database (SAD). SAD:
.
() .
SPI.
(AH / ESP).
(transport / tunnel mode).
.
.
.
.
anti-replay.
.
195
(protect, bypass, discard) ,
, SPD (Security Policy Database),
:
.
(TCP, UDP).
( ).
SAD, .
,
.
10.4.2
IPsec .
AH (Authentication Headers), 51 Protocol
IP (IP header) RFC4302, ESP (Encapsulating Security
Payload), 50 Protocol IP
RFC4303.
10.4.2.1 AH
AH (Authentication Headers)
, . (header)
IP , IP . AH
bit , ICV (Integrity Check Value)
.
AH 10.9:
10.9 AH.
Next Header .
Payload Length AH, 32bit words (4 bytes) 2.

, 192 bit, Payload Length 4
( 192 bit 6word x 32bit, 2).
Reserved 0.
To Security Parameter Index (SPI).
196
Sequence Number
(replay attacks). authenticated data,
.
Authentication Information ( Integrity Check Value ICV)

, . bits
32.
10.4.2.2 ESP
ESP (Encapsulating Security Payload) , AH,

, . ,
IPsec VPN ( , ESP
, AH).
10.10 ESP.
ESP IP header trailer payload (

10.10). header 2 ( AH):
To Security Parameter Index (SPI).

(Sequence Number).
, (Initialization Vector IV),

payload. payload
, .
, trailer :
(padding) bit
payload (blocks) .
(Padding Length).
To Next Header, AH.
To Integrity Check Value, .
197
10.4.3 IPsec
IPsec, .
, transport mode,
tunnel mode gateways .
10.4.3.1 Transport mode
transport mode, ( 10.11

10.12).
10.11 AH Transport Mode.
10.12 ESP Transport Mode.
10.4.3.2 Tunnel mode
tunnel mode, IP ( payload) ( 10.13

10.14).
10.13 AH Tunnel Mode.
10.14 ESP Tunnel Mode.
198
10.4.4 - IKE
- Internet Key Exchange () RFC2409 :
.
.
.
-
:
Internet Security Association and Key Management Protocol (ISAKMP): ISAKMP

RFC2407 (framework) IKE
.
Oakley: Oakley RFC2412

, Diffie-
Hellman.
Secure Key Exchange Mechanism (SKEME): SKEME

,
(repudiatability) .
IKE , 4.4.2 4.4.3

.
10.4.4.1 Diffie-Hellman
Diffie-Hellman 1976 Whitfield Diffie Martin Hellman

.
, .
, p g. p
( 512 bit) g p. p g .
, () n1 n2, . ,
:
n1
y1 g m od p
(10.1)

n2
y 2
g m od p
(10.2)
. , K=K1=K2
:
n1
K 1
y1 m od p
(10.3)

199
n2
K 2
y 2
m od p
(10.4)
K
. p, g, y1 y2
:
lo g g ni
K y i
m od p
(10.5)
(Discrete Logarithm Problem - DLP),

p .
10.4.4.2 IKE Phase 1
IKE ( initiator
responder) , ,
.
. -
(pre-shared keys),
. pre-shared keys ,
.
, -
, ,
, . ,

(IKE SA).
IKE : main mode
aggressive mode. main aggressive mode
.
, main mode, , (6)
, aggressive mode (3) .
10.4.4.2.1 Aggressive Mode
initiator
isakmp, n Diffie-Hellman, nonce
.
responder , n,
, nonce authentication payload.
initiator authentication payload
10.4.4.2.2 Main Mode
initiator
isakmp.
O responder .
200
initiator n nonce.
O responder n nonce.
initiator ( )
authentication message
O responder ( )
authentication message
isakmp :
(.. Pre-Shared Key).
(.. SHA1).
(.. AES).
Diffie-Hellman Group. group numbers,

modp, 10.2:
Group Number modp size

1 768
2 1024
5 1536
14 2048
10.2 Diffie-Hellman Group
10.4.4.3 IKE Phase 2
IKE
. , ,
Diffie-Hellman IKE
SA, . , , Quick Mode,
, :
() (security proposal),
(AH ESP), ,
interesting traffic, (traffic)
.
() .
authentication payload message digest

(replay).
, ,
Perfect Forward Secrecy (PFS). PFS ,
201
Diffie-Hellman. ,
.
, :
ISAKMP SA, IPsec SAs.
IPsec SA,
. traffic SPI header.
IPsec SA, , ,
SPI IPsec header.
10.5 Data-Link Layer VPN

VPN, Data-Link,
IP. ,
, .
Data-Link Layer VPN PPTP, L2F L2TP.
spoofing man-in-the middle (). ,
OSI,
IP.
10.6
, .
IPSEC tunnel mode,
Linux (hosts), ,
hosts ( 10.15).
10.15 .
10.3:

Linux public IP / interface 1.1.1.1 / eth0 2.2.2.2 / eth0
Private Network 192.168.1.0/24 192.168.2.0/24
Linux private IP / interface 192.168.1.1 / eth1 192.168.2.1 / eth1
Windows IP 192.168.1.2 192.168.2.2
10.3 .
202
, ,
.

Linux public IP / interface
Private Network
Linux private IP / interface
Windows IP
10.4 .
, IPsec-Tools.
RedHat (Centos, Oracle UL) :
yum install ipsec-tools
, Linux :
echo 1 > /proc/sys/net/ipv4/ip_forward
(IKE Phase 1) ,
host. ,
IP host, ,
, , . Secret_KeY ,
psk.txt, :
echo 2.2.2.2 Secret_KeY >> /etc/racoon/psk.txt
2.2.2.2 .
pre-shared key, , (
). , , (digital
certificates).
, ,
(), :
chmod 600 /etc/racoon/psk.txt
SA,
/etc/racoon/racoon.conf editor vi, :
vi /etc/racoon/racoon.conf
, ( <>) :
remote 83.212.111.218 {
exchange_mode agressive;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
203
Aggressive mode.
3DES.
SHA1.
- .
DH group 2.
, <ESC>
, :
:wq
, SA ( Phase 2). ,
/etc/racoon/racoon.conf:
vi /etc/racoon/racoon.conf
, 192.168.1.0/24 192.168.2.0/24.
:
sainfo address 10.13.1.0/29[any] any address 10.13.2.0/24[any]

any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
IPsec :
PFS Group 1.
3DES.
HMAC SHA1.
.
, (interesting traffic)
tunnel. editor vi /etc/racoon/ipsec.conf :
#!/usr/sbin/setkey f
spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec

esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec

esp/tunnel/2.2.2.2-1.1.1.1/require;
<ESC> , :wq
, tunnel mode
, :
, hosts. editor
(.. vi) /etc/sysconfig/iptables, .
O
:
204
-A FORWARD -j ACCEPT
ESP:
-A INPUT -p esp -j ACCEPT
O 500 UDP:
-A INPUT -m state --state NEW -m udp -p udp --dport 500 -

j ACCEPT
daemon racoon :
setkey f /etc/racoon/ipsec.conf
racoon -F
, IPsec daemon. ,
:
ping 192.168.2.1
192.168.2.1 IP ( Linux host). ;

ESP ;
SSH session :
tcpdump host 1.1.1.1
ping 2.2.2.2
ping -I 192.168.1.1 192.168.2.1
ping www.google.com
2.2.2.2 192.168.2.1 public local , , Linux host).

, interesting traffic tunnel
, .
.
.. Windows.
Windows , . 192.168.1.1
local IP Linux host 192.168.2.0/24 .
(command prompt) :
route add 192.168.2.0 mask 255.255.255.0 192.168.1.1
; , 192.168.0.0/16
Internet. ;
Kent, S. (2005), IP Authentication Header. Retrieved 30 November 2015, from

https://tools.ietf.org/html/rfc4302
205
Carmouche, J. H. (2007). IPsec virtual private network fundamentals. Indianapolis, Ind: Cisco Press.
Convery, S. (2004). Network security architectures. Indianapolis, IN: Cisco Press.
Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information
Theory, 22(6), 644654. http://doi.org/10.1109/TIT.1976.1055638
Frankel, S. E., Hoffman, P., Orebaugh, A. D., & Park, R. (2008). SP 800-113. Guide to SSL VPNs.
Gaithersburg, MD, United States: National Institute of Standards & Technology.
Krawczyk, H. (1996). SKEME: a versatile secure key exchange mechanism for Internet. In , Proceedings of the
Symposium on Network and Distributed System Security, 1996 (pp. 114127).
http://doi.org/10.1109/NDSS.1996.492418
Northcutt, S. (Ed.). (2005). Inside network perimeter security (2nd ed). Indianapolis, Ind: Sams Pub.
Polk, T., McKay, K., & Chokhani, S. (2014). Guidelines for the selection, configuration, and use of transport
layer security (TLS) implementations (No. NIST SP 800-52r1). National Institute of Standards and
Technology. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
52r1.pdf
RFC 4302 - IP Authentication Header. (n.d.). Retrieved 30 September 2015, from
https://tools.ietf.org/html/rfc4302.

.
.
1. VPN :
) .
) .
) ( ).
) .
2. Linux host,
, :
) SSH Tunneling.
) TLS VPN.
) IPsec VPN.
) L2F.
3. IPsec, o header IP :
) Transport Mode.
) Tunnel Mode.
) .
) .
4. IPsec,
, :
) AH.
) ESP.
206
) GRE.
d) OSPF.
5. (router),
) (packets).
) (packets).
) (frames).
) (frames).
6. ping
) UDP.
) TCP.
) ESP.
) IGMP.
) ICMP.
7. pre-shared , 1, :
) .
) .
) .
) .
8. Diffie-Hellman (DH):
) .
) .
) .
) (1976) .
9. 67 Full Mesh Site-to-Site VPN,

,
;
) 66
) 67
) 2211
) 4488
) 4489
10. / / / interesting traffic, IPsec

tunnel;
) .
) .
) .
) .

,
, ,
.
207
11.
(Information Security)
. ,
,
. ,
,
. , ,
,

.

,

.

(. 1).
11.1
(information security management)
,
.
, ,
, ,
, .
,
(, , ..),
. ,
(.. 80% ).
(information security) , ,

().
, , ,
, .
, , . ,
, .
.

.
(assurance) ,
,
. ,
.
. ,
.
. ,
.
208

:
,
.
, ,
.
,
.

, .

, .

,
. , (firewall)

. ,

. ,
,
. ,
(.., , , .)
.
, .
.
(standards).
.
.
, , , . ,
.
(.. , .)
. , .
209

. ,
, .
, (technical standard),
, .
, de jure
. ,
.
, de facto ,
, .
. ,

().
.
ISO/IEC 27000, Common Criteria.

. ,
.
11.2
, ,
. ,
,
(.. , , ..),
. , (
)
. ,
, .
11.1, ,
.
11.1 .
, 11.1,
. ,
.
( ) . ,
.
, .
, ,
210
,
.

() (controls), , , ,
.
,
.

.
, ( )
. , , , . ,
. ,
.
.
(, , , )
(risk).
, .
, ,
, ,
. ,

,
. ,
,
. ,
, ,
. ,
, , ,
.
11.3
,
:
.
.
.
,
,
. ,
,
(, , ..).
, ,
,
. ,
(Risk
Management).
(Information Security Management System
ISMS) .

211

. :
OCTAVE CERT (Carnegie Mellon University).
COBIT ISACA. : Govern Direct Control

Implement Measure Evaluate Report
FIRM Information Security Forum
NIST. : System Characterization

Threat Identification Vulnerability Identification Control Analysis Likelihood
Determination Impact Analysis Risk Determination Control Recommendations
Results Documentation

(.. ISO/IEC
27001) Plan-Do-Check-Act (PDCA).
PDCA :
(Plan):
,
.
(Do):
.
(Check):
.
(Act): .

.
,
. ,
:
.
( , .).
.
.
.

.
:
(risk assessment) .
, .
, (vulnerability)
, ,
.
212
,
, .
,
.
,

. , :
.
.
.
.
.
,
.
,
.
, ,
.

.
To ISO/IEC 27001, (4) PDCA,
, 11.2.
11.2 ISO/IEC 27001.
To BS 7799-1 ISO/IEC
2000. 2002 ISO/IEC 27002 2005
BS 7799-2 ISO/IEC 27001.
213
H ISO 27K
.
, 23 . ISO/IEC
27001
. , ISO/IEC
27006.
ISO
27000:

ISO/IEC 27000
ISO/IEC 27001
ISO/IEC 27002
ISO/IEC 27003

ISO/IEC 27004
ISO/IEC 27005
ISO/IEC 27006
ISO/IEC 27007
ISO/IEC 27008
ISO/IEC 27010
ISO/IEC 27011
ISO/IEC 27013 ISO/IEC 27001 ISO/IEC 20000-1
ISO/IEC 27014
ISO/IEC 27015
ISO/IEC 27016
ISO/IEC 27018
ISO/IEC 27019
ISO/IEC 27031
ISO/IEC 27032
ISO/IEC 27033
ISO/IEC 27034
ISO/IEC 27035
ISO/IEC 27036 cloud computing
ISO/IEC 27037
ISO/IEC 27038
ISO/IEC 27789
ISO/IEC 27790 ,
ISO/IEC 27799 ISO/IEC 27002
11.1 ISO 27k.
11.4 ,

.
, :
;
;
;
214

. ,
. ,

.
0
.

.
, ,
,

.

, ,
.
(.. )
.

. , ,
. ,
.

. ,
. ..
, ,
, ..
, ,
:
, .
. ,
,

.
,
.
, (R) (P)
(C) .
215
ISO/IEC 27005, . ,
(..
Bayes,
). ,

.

. :
, ,
.. ,
,
.

.
.
,

.
( ) ,
.
NIST :
.
.
.
.
.
.
.
.
.
11.4.1
, .
, , ,
,
. ,
, , ,
, , , ,
, .
:
,
.
.
, .
216
.
11.4.2

. ,

.
11.4.3
,
.
.
,
, ,
. ,
,
,
.
11.4.4
,

.
11.4.5
,
, ,
.
:
, ,
.
, ,
.
, ,
.
11.4.6
(.. )
: ,
.
217
11.4.7
.

.
, , ,
,
. , ,
, :
: .
: .
: .
11.4.8
, ,
. ,
, , ,
, .

.
11.4.9
,
.
,
.

,
.
11.5
.
,
, . .

,
. ,

.
(policy) , ,
, ,
. ,
. , .
, , -
.
.
,
:
218
.
.
.
.
.
.

(http://noc.eap.gr/index.php/home/kentriki-politiki-asfaleias-pol20),
11.3.
11.3 .
() ,

. ,
, ,
.. , , ,
, , ,

11.6 ISO/IEC 17799

,
(best practices), (2000)
ISO/IEC 17799 (International Organization for
219
Standardization / International Electrotechnical Commission). ISO/IEC 17799
BS 7799 (British Standards Institution)
, . 2005 (ISO/IEC
17799:2005) 2007 ISO/IEC 27002, ,
ISO/IEC 27000.
ISO/IEC 17799 ,

.

(compliance)
,
.
ISO/IEC 17799
, . ,
,
.

.
ISO/IEC 17799 11 (clauses) 39
(security categories),
. (
):
- Security Policy.
- Organizing Information Security.
- Asset Management.
- Human Resources Security.
- Physical and Environmental Security.
- Communications and Operations Management .
- Access Control.
, - Information Systems
Acquisition, Development and Maintenance.
- Information Security Incident

Management.
- Business Continuity Management.
Compliance.
,
. :
(objective), .
(controls),
.
220
:
(Control): .
(Implementation guidance):
.
(Other information): , ..
.
11.6.1
(security policy)
.
, .
. :
11.6.2
11.6.2.1
.

.
,
. ,
, ,
.
, , , ,
. :
.
.
.
.
.
.
(special interest groups SIG).
, .. .
11.6.2.2
,
.
.

221
.
. ,
.
(outsourcing)
. :
.
.
.
11.6.3
11.6.3.1
.
.
.
,
. ,
.
:
.
.
.
11.6.3.2
.
,
.
.
,
. :
.
.
11.6.4
11.6.4.1
,
,
, ,
.
.
,
. ,
222
.
. :
.
.
.
11.6.4.2
,
,
,

. -
.
,
,

. ,
. :
.
, .
.
11.6.4.3
,
.

, .
.
:
.
.
.
11.6.5
11.6.5.1
- ,
.
,
. -
, .
. :
.
.
, .
223
.
.
.
11.6.5.2
, ,
.
.
- ,
.
. :
.
.
.
.
.
.
.
11.6.6
11.6.6.1
.

. ,
.
, ,
, . :
.
.
.
, .
11.6.6.2

.
,

. :
.
.
.
11.6.6.3
224
.
,
.
, .
,
. :
11.6.6.4
.

- .
, , , .
.

. :
11.6.6.5

.
. :
11.6.6.6
,
. ,
.
. :
11.6.6.7

. (, .), ,
, - .
:
225
.
.
.
.
11.6.6.8

.
.

. :
.
.
.
.
.
11.6.6.9
.
,
(online transactions)
.
. :
.
,
.
11.6.6.10
.
.

.
.

.
:
.
.
.
.
.
.
226
11.6.7
11.6.7.1
.

,
. :
11.6.7.2
-
.
.
,
, .
,
. :
.
.
(credentials) .
.
11.6.7.3
-
, .
.
, ,
(.. ) .
,
, . :
.
.
.
11.6.7.4
- .
.

. :
(interfaces)
.
227
.
.
.
.
.
.
.
.
11.6.7.5
- .
(.. )
. :
,
.
, .
.
.
.
.
.
11.6.7.6
-
.
.
. :

, ,
228
- ,
,
,
, .
11.6.7.7
,
.
.
.
,

. :

.
.
11.6.8 ,
11.6.8.1
.
, , ,
(off-the-shelf), .

.
.

, ,
. :
11.6.8.2
, -
. ,
.
, .
.
, .
.
:
229
.
.
.
.
11.6.8.3
,
.
. ,
. :
.
.
11.6.8.4
.
,
.
.
:
.
.
.
11.6.8.5
.
.

.

. :
.
.
.
.
(outsourced).
11.6.8.6

. ,
,
230
.
. :
11.6.9
11.6.9.1

. ,
. ,

. ,

. :
.
.
11.6.9.2

.
, ,
.
, .
,
. :
.
.
(forensics).
11.6.10

.
(business
continuity management)
(.. ,
, ) ,
.

, , , .
, ,
(business impact
analysis ). ,
(business continuity plans) .
231

, .
,
,

. :
, .
11.6.11
11.6.11.1
, ,
, . , ,
, ,
.
.
(.. ).
:
.
.
.
.
, .
.
11.6.11.2 ,

.
.
. ,
.
:
.
.
.
11.6.11.3
,
.
232

. ,

. :
.
.
.
11.7 -

.
GRC (Governance Risk Compliance).
H ,
,
. Racz, Weippl Seufert GRC:
, ,

, ,
, , ,
..
GRC, 11.4.
11.4 GRC.
GRC,
.
, ,
, .
233

Blyth, M. (2008). Risk and security management: protecting people and sites worldwide. Hoboken, N.J: John
Wiley & Sons.
Dhillon, G. (Ed.). (2001). Information security management: global challenges in the new millennium. Hershey,
PA: Idea Group Pub.
Fay, J. (2011). Contemporary security management (3rd ed). Burlington, MA: Butterworth-Heinemann.
Initiative, J. T. F. T. (2011). SP 800-39. Managing Information Security Risk: Organization, Mission, and
Information System View. Gaithersburg, MD, United States: National Institute of Standards &
Technology.
ISO/IEC 17799:2005 - Information technology -- Security techniques -- Code of practice for information
security management. (n.d.). Retrieved 30 September 2015, from
NIST Computer Security Resource Center. (n.d.). Retrieved 30 September 2015, from http://csrc.nist.gov/
Ortmeier, P. J. (2002). Security management: an introduction. Upper Saddle River, NJ: Prentice Hall.
Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in Computing (3rd ed.). Prentice Hall Professional Technical
Reference.
Racz, N., Panitz, J., Amberg, M., Weippl, E., & Seufert, A. (2010). Governance, risk & compliance (grc) status
quo and software use: Results from a survey among large enterprises. Governance, 1, 12010.
Sennewald, C. A. (2011). Effective security management (5th ed). Burlington, MA: Butterworth-Heinemann.
Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). SP 800-30. Risk Management Guide for Information
Technology Systems. Gaithersburg, MD, United States: National Institute of Standards & Technology.
Tarantino, A. (Ed.). (2008). Governance, risk, and compliance handbook: technology, finance, environmental,
and international guidance and best practices. Hoboken, N.J: John Wiley & Sons.
Tipton, H. F., & Nozaki, M. K. (Eds.). (2007). Information security management handbook (6th ed). Boca
Raton: Auerbach Publications.
.
.
1. :
)
)
)
)
2. :
) .
) .
) .
) .
3. PDCA :
234
) Plan - Do - Check -Act
) Plan - Design - Check - Act
) People - Do - Check - Act
) Plan - Direct - Computer - Action
4. H ISO/IEC 27K :
) DIN.
) BSI.
) BS.
) IEC.
5. 27K;
) 27000
) 27001
) 27100
) 27010
6. ;
)
)
)
)
7. ;
) COBIT
) OCTAVE
) FRIM
) FIRM
8. NIST;
) 6
) 7
) 8
) 9
9. GRC;
) Governance
) Government
) Risk
) Compliance
10. ISO/IEC 27K ;

) 27001
) 27006
) 27600
)
235
12. & Digital Forensics
()
(), ,
,
: , . ,
, . ,
. ,
, ,
(Incident Response).
, ,

()
, .
(Digital Forensics).

(. 1), (. 3)
(. 6)
12.1
12.1.1
,
. ,
, ,
. ,
, , ,
.
. ,
( , ..) ,
,
. ,
,
.
, , ,
,
. ,
,
.

. ,

.
,
, ( ),
, .
236
(..
, ..).
(..
firewalls, ACL, ..), (
). ,
. ,
, .
, ,
CSIRT (Computer Security Incident Response Team)
, CERT (Computer Emergency Response Team).

, ,
.
Computer Forensics, Digital Forensics, ..
,
.
,
, ,
. (
) , , ,
,
, , .

(hardware) (software).

,
, .
,
.
,

. ,
, ,
.
12.1.2 CSIRT
12.1.2.1
(OAA)

.
2004 ( 460/2004)
(ENISA, European Union for Network and Information Security)
:
N (CSIRT/CERT, WARP
.).
N .
N CSIRT.
237
FIRST (Forum of Incident Response and Security Teams) CSIRT
. FIRST
200 40 . ,
.
(TERENA Trans-
European Research and Education Networking Association) ,
,
,
. Trusted Introducer (TI) -
CERT 2000

. Trusted Introducer

. , ,
. CSIRT
3 . :
(Listed).
(Accredited).
Certified ().
12.1.2.2 CSIRT
CSIRT (Computer Security Incident Response Team)

,
. CSIRT :
,
() .
, .
(
, , .).
CSIRT ( ) ,
. ,
CSIRT , :

(Point of Contact, PoC).
238

()
.

( ).
12.1.3

. ,
,
,
. ,

, . ,

. 12.1,
.
12.1 .
12.1.3.1
,

. CSIRT
.
,
(.. Antivirus, Antimalware),
(.. Firewall). M
,
.
(Intrusion Detection System, IDS)
(
239
)
.
/ (client/server), (sensor)
.
,
.

, , CSIRT.

(vulnerability assessment),
.
,
(backups)
,
,
.
12.1.3.2

. , .
,
.
, ,
/ (IDS/IPS), ( firewall ..),
(administrators) .
, ,
:
.
.
.
(.. , ..).
, ..
12.1.3.3

.
: .
,
( ).
,
.

, , /
. ,

.
(false alarm),
.
240
,
.
12.1.3.4

Digital Forensics, .
,
.
,
, . ,
, ,
.
.
.

/ .
.
(Big Data) ,

. ,

.
:
IDS/IPS, router, firewall.

(Network Monitoring Systems).
(.. syslog).
(authentication servers)
, , :
.
.
.
(ports).
.
(promiscuous mode), ..
12.1.3.5

. ,
, , . , ,
(..
).

, ,
, , (
.).

.
241

, .
12.1.3.6
,

.

,
.
,
. ,
.

, . -

.
12.1.3.7

. ,
,
.

,
, , ,
. ,

.
, :
(..
Access Control Lists, ACLs) .
( ).
242
12.1.4
,
.

. 12.1, , ,
.

.

.
Audit Logging.
.

.
.

.

.
.

.

.

.

. .

.

.

. .

.

.

.

.
&
.

243
,

.
12.1 .
12.2, ,
,
.
12.2 CSIRT.
12.3 12.8
:
244
12.3 Argus.
12.4 Bro IDS.
12.5 Chaosreader.
245
12.6 OSSEC.
12.7 Squill.
12.8 Snorby.
246
12.2 Digital Forensics
12.2.1
(digital forensics) ,

. ,

. ,
,
.

.
,
, .
digital forensics
. , ,
. ,
. , ,
, . ,
()
(.. ) ( ).
digital forensics

.
:
(), () . ,
:
on-line
Internet.
(passwords)

.

, .
, digital forensics,
12.9. .
12.9 digital forensics.
247
12.2.2

, . ,
,
.
, ,
(.. ).
,
.

CD/DVD USB stick
. , ,
, .

(Evidence File)

.
12.10, Evidence File EnCase
Forensic, digital forensics.
12.10 Evidence File EnCase Forensic.
, ddrescue,
sda sdb ( sda sdb Linux):
## ##
ddrescue -f -n /dev/sda /dev/sdb logfile
ddrescue -d -f -r3 /dev/sda /dev/sdb logfile
## (partitions) sdb ##
fdisk /dev/sdb
248
## partitions
##
fsck -v -f /dev/sdb1
fsck -v -f /dev/sdb2
12.2.3

.
,

.
Linux (file
systems)
. ,
FAT12, FAT16, FAT32, NTFS, HPFS, Macintosh, OS/2/, EXT2, EXT3, EXT4, UFS, ReiserFS ..
To Autopsy
( 12.11).
12.11 Autopsy.
12.2.4
,
.
. ,
, (allocation unit),
(cluster).
(
) 128, 32.
84. , 3 clusters (3 x 32),
96. 96 - 84 = 12 slack space ( ). H
slack space.
84, bytes
(, , .)
249
unallocated ( ,
). , ,
,
. 12.12, :
12.12 (unallocated) (slack) .
: ( 128).
: 84.
C: (slack space).
D: .
: (unallocated space).
unallocated
slack space, /
. ,
.

.
12.2.5

.
.
, , (
) unallocated slack space.
(.. hexdump), o
ASCII . ,
,
.
12.13,
Autopsy:
250
12.13 Autopsy.
12.2.6
( )
.
regular expressions,
.

(.. ).
12.14,
Python, P 192.168.56.1.
12.14 .
SIFT
SANS, digital forensics .
251

Bidgoli, H. (Ed.). (2006). Handbook of information security. Hoboken, N.J: John Wiley.
EC-Council Press (Ed.). (2010). Computer forensics: investigation procedures and response. Clifton Park, NY:
Course Technology Cengage Learning.
ENISA. (n.d.). [Plone Site]. Retrieved 1 December 2015, from https://www.enisa.europa.eu/
FIRST.org / FIRST - Improving security together. (n.d.). Retrieved 30 September 2015, from
http://www.first.org/
Molino, L. N. (2006). Emergency incident management systems: fundamentals and applications. Hoboken, N.J:
J. Wiley & Sons, Inc.
Pepe, M., Luttgens, J. T., Kazanciyan, R., & Mandia, K. (2014). Incident response & computer forensics (Third
edition). New York: McGraw-Hill Education.
SANS Information Security Training | Cyber Certifications | Research. (n.d.). Retrieved 30 September2015,
from https://www.sans.org/
Santos, O. (2008). End-to-end network security: defense-in-depth. Indianapolis, Ind: Cisco Press.
TERENA. (n.d.). Retrieved 1 December 2015, from https://www.terena.org/
Wang, J., & Ishisoko, K. C. (2012, September). Analysis of CSIRT/SOC Incidents and Continuous Monitoring
of Threats. Retrieved from http://ntrs.nasa.gov/search.jsp?R=20120016686
.
.
1. H CSIRT :
) Computer Emergency Response Team.
) Cluster Security Response Team.
) Computer Security Incident Response Team.
) .
2. NISA :
) .
)
) .
) .
3. :
) .
) .
) .
) .
4.
) .
) .
252
) .
) .
5. , :
) .
) .
) IDS/IPS.
) .
6. :
) .
) .
) .
) .
7. ;
) Linux
) Solaris
) OS/2
) Macintosh
8. To slack space ;
) .
) .
) .
) .
9. unallocated space :
) .
) .
) , .
) .
10. digital forensics :

) Linux.
) MS Windows.
) Mac OS X.
) .
253
13.
()
.

. ,
. ,
, .

. ,

.Ta
.
, .

(. 1).
13.1
()
, .

.
. ,
,
. , ,
.
(computer crime)
, (cyber crimes). ,
,
.
.
/ .
,
.
.
2001, 26 , 4 (, ,
), (Convention on Cybercrime).

.
,
.
, ,
, .
. ,
254
, ,
.

. , , .
.
.
,
. ,
,
.
, (Digital Forensics), 12,
.
, ,
/ .

.
,
,
,
. .
13.2
,
:
/ .
.
.
.

.
, (.. ).

. ,

. ,
,
. ,
,
,
.
.
370 370
, :
(
), 1 .
,
- ,
10 .
255

, 10 .
/ , 10 .
, 292 :
,
1 (20.000-50.000 ).
,
2 (100.000 - 500.000 ).
,
2 (20.000 - 50.000 ).
, ,
, :
.2225/1994
. 2246/1994
.2472/1997
. 2672/1998
.2774/1999
.2867/2000
.3115/2003
.3431/2006
. 3471/2006
13.1 .
99/93/
.. 150/2001 .
.. 342/2002
2000/31
,
.. 131/2003 ,
..47/2005
13.2 .
3 48
370
370

370
386
13.3 .
,
87/102/ ( 90/88/ ).

90/387/ (Open Network Provision - ONP).
256
91/250/
96/9/ .
97/7/ ' .
1999/93/ .
,
2000/31/ ,
,
2002/19/
2002/20/
2002/21/

2002/22/

2002/58/
2002/77/ .
13.4 .
,
.

(caching), .

.
.
(.. ),
.

.
13.3

.
, ,
1980,
. , ,
:
: .
: .
(.. ).
.
.
Hacking.
: .
.

. ,
. ,

257
13.3.1
H (phishing attack),
email
.

( )
.
, (
)
.

(email), . ,
(hyperlinks)
.
, pop-up
. (Web
server) .
13.3.2
,
, , , ,
.
, .
2
50.000 .

, ,
, ,

.
, , :
.
.
348 , :
.
.
.
.
.
13.3.3

,
.
258
13.3.4

. hacking cracking.
Hacking (
) ,
, ,

.
hacking .
,
. ,
. ,
,

.
13.3.5
, ,
. ,

.
13.3.6
(malware)
(host) , ,
, .
(virus), (worms)
(Trojan Horses).
,
.
.
ransomware,
(Public Key Infrastructure PKI)

( ),
. ransomware
, Tor darknet

.
13.4

.

. , -
, (VPN)
. VPN
259
. ,
.

.
.
(electronic evidence) .
, .
,
.
,

,
.
, ,
.
,
, .
, ,
, , , ,
(news groups) chat rooms
.

.
,
.

.
.
13.5

.
.
. ,
.
. ,
/ ,
.
260
(privacy) ,
, 1890
(the right to be left alone). To 1950
.
. ,
:
: , ,

().
:
(.. , .).
:
(.. .).
:
.
1967 Alan
F. Westin : ,
, ,
.
. , .

,
, ,
. , 1995/46/
,
,
, ,
, , .

.
.

. ,
,
. DRM
(digital rights management), ,
.
,
. ,
, :
Security should be implemented in a manner consistent with the values recognized by democratic societies
including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of
information and communication, the appropriate protection of personal information, openness and
transparency
261

Maniotis, D., Marinos, M.-T., Anthimos, A., Iglezakis, I., & Nouskalis, G. (2011). Cyber law in Greece. Alphen
aan den Rijn, The Netherlands: Kluwer Law International.
Moore, A. D. (2010). Privacy rights: moral and legal foundations. University Park, Pa: Pennsylvania State
University Press.
Nissenbaum, H. F. (2010). Privacy in context: technology, policy, and the integrity of social life. Stanford, Calif:
Stanford Law Books.
Pedneault, S., & Davia, H. R. (2009). Fraud 101: techniques and strategies for understanding fraud (3rd ed.,
Fully rev). Hoboken, N.J: John Wiley & Sons.
Regan, P. M. (2009). Legislating privacy: technology, social values and public policy. Chapel Hill, NC: The
Univ. of North Carolina Press.
, ., & , . (2005). - . 2472/1997,
.
- . - . (n.d.).
Retrieved 30 September 2015, from
http://www.astynomia.gr/index.php?option=ozo_content&perform=view&id=1414.
. [open]. Retrieved 30 September 2015 from
https://eclass.aegean.gr/courses/ICSD117/
. [open].Retrieved
30 September 2015 from https://eclass.aegean.gr/courses/ICSD118/
. [open].Retrieved 30 September 2015 from
https://eclass.aegean.gr/courses/ICSD119/.
.
.
1. ;
) .
) .
) / .
) .
2. ;
) 360
) 370
) 370
) 380
3. :
) .2472/1997
) .2774/1999
) .3115/2003
262
) .3431/2006
4.
:
) 2002/58/
) 2002/20/
) 2000/31/
) 2002/77/
5. DRM;
) Digital Recording Management
) Digital Rights Manager
) Digital Recording Manager
) Digital Rights Management
6.
:
) .
) .
) .
) .
7. ;
) .
) .
) .
) .
8. Hacking Cracking;
) .
) .
) , .
) , .
9. ;
) .
) .
) .
) .
10. :
)
.
) .
)
.
)
263

1.1 (3) . .....................................................................................16

1.1 . ....................................................................................17
1.2 . .................................................17
1.2 . .....................................................................................................................20
2.1 OSI (3 ). ............................................................................27
2.2 . .......................................................................................................................27
2.3 bit . ..........................................................................................................................29
2.4 . .................................................................................................................29
2.5 . ...................................................................................................30
2.6 Sniffing. ......................................................................................................................................................31
2.7 MAC Spoofing. ...........................................................................................................................................31
2.8 . .................................................................................................33
2.9 . ...............................................................................................33
2.10 ARP Poisoning. .........................................................................................................................................38
2.11 Three-way handshake. .............................................................................................................................38
2.12 . ...............................................................................................................................41
2.13 (e-mail). ..................................................................................43
2.14 e-mail SMTP. ...................................................................................43
2.15 . ...................................................................................................................44
3.1 Lollipop. ..................................................................................................................................51
3.2 Onion. .....................................................................................................................................52
3.3 . ....................................................................................................................................52
3.1 . .....................................................................................................................53
3.2 . ............................................................................................................................55
3.4 . .....................................................................................................................................55
3.5 firewalls. ....................................................................................................................................56
3.6 Single-Homed Bastion Host. .......................................................................................................................58
3.7 Dual-Homed Bastion Host. .........................................................................................................................58
3.8 Screened subnet. .......................................................................................................................................59
3. 9 DMZ. .........................................................................................................................................................60
3.3 IDS. ................................................................................................................................................61
3.10 Infrastructure mode. ................................................................................................................................63
3.11 Ad-hoc mode. ...........................................................................................................................................63
5.1 . ..............................................................................................................90
5.1 . ................................................................................91
5.2 ...................................................................................92
5.2 . ............................................................................................................................92
5.3 . ...................................................................................94
5.4 . .....................................................................................................95
5.3 . .....................................................................96
6.1 . ........................................................................................................103
6.2 . ..........................................................................................................................104
6.1 . ..........................................................................................106
6.3 . .....................................................................................................................107
6.4 . .........................108
6.5 Feistel. ............................................................................................................................................109
6.6 . .................................................................................................................110
6.7 . ....................................................................112
6.8 . .................................................................................................112
6.9 . .........................................................................................................................113
6.10 . ........................................................................................................114
6.11 Cryptool. ...........................................................................................................................116
264
6.12 . .................................................................................................................................117
6.13 ...............................................................................................................118
6.14 . .................................................................................................119
6.15 . .................................................................................120
6.16 Vigenere. .................................................................................................122
6.17 . .......................................................................123
6.2 Vigenere Square. ..................................................................................................................124
6.3 (3) ..............................................................................125
7.1 PC1...........................................................................................................................................131
7.2 PC2...........................................................................................................................................132
7.3 IP. ............................................................................................................................................133
7.4 . ............................................................................................................................133
7.5 S-boxes. .................................................................................................................................................133
7.6 P.............................................................................................................................134
7.7 Inverse Permutation IP-1. .........................................................................................................134
7.1 Triple DES. ................................................................................................................................................134
7.8 Rijndael. ..............................................................................135
7.2 byte State. ..........................................................................................................136
7.9 ............................................................................................................136
7.3 AES. .............................................................................................................137
7.4 . .............................................................................................................138
7.10 AES S-Box. ............................................................................................................................................139
7.11 Rcon. .........................................................................................................................................139
7.5 ShiftRows. ..................................................................................................................140
7.6 ECB. .......................................................................................................................................141
7.7 CBC. .......................................................................................................................................142
7.8 CFB. .......................................................................................................................................143
7.9 OFB. .......................................................................................................................................143
7.12 . ..........................................................................................................144
7.10 HexDump. ...............................................................................................................................146
7.11 ...............................................................................................................147
7.12 . ..........................................................................................................147
7.13 . ...................................................................................148
7.14 ECB CBC. ...............................................................148
7.15 . ....................................................................................................................................150
7.16 .................................................................................................................150
7.17 . ..................................................................................................................................151
7.13 .............................................................................152
7.18 ..............................................................................................................152
7.19 Cryptool. ..........................................................................................153
7.20 Cryptool. .....................................................153
7.21 PKCS#12. ........................................................................................154
7.22 RSA. ...............................................................................155
7.23 RSA...........................................................................................................................158
8.1 . ............................................................................................159
8.1 MD5. .........................................................................................................................162
8.2 SHA-1. .......................................................................................................................163
8.3 SHA. .................................................................163
8.3 . ................................................................................164
8.4 CBC-MAC. ...............................................................................................................................165
8.5 C. .................................................................................................................166
9.1 . .................................171
9.2 RSA. ..........................................................................172
9.3 X.509. ....................................................................176
9.4 PKIX. ...............................................................................................................................................177
9.5 . ...........................................................................................................................178
9.6 -. ....................................................................................................................179
265
9.7 . ........................................................................................................................................179
9.8 OpenSSL................................................................................................180
9.9 . ................................................181
9.10 . ....................................................................182
9.11 . ........................................................................................................................183
9.12 OpenSSL Web Server. .............................................................................................................184
9.13 . ...................................................................................................184
9.14 . .........................................................................................................................185
9.15 . ......................................................................................................................185
9.16 . ...................................................................................186
10.1 ................................................................................................190
10.2 Hub & Spoke. .......................................................................................................................190
10.3 Partial Mesh. ........................................................................................................................191
10.4 Full Mesh..............................................................................................................................191
10.1 VPN . ...........................................191
10.5 SSH. ......................................................................................................193
10.6 SSH Tunneling. .......................................................................................................................................193
10.7 SSL Portal VPN. .......................................................................................................................................194
10.8 SSL Tunnel VPN. .....................................................................................................................................195
10.9 AH. ........................................................................................................................196
10.10 ESP. .....................................................................................................................197
10.11 AH Transport Mode. .............................................................................................................................198
10.12 ESP Transport Mode. ............................................................................................................................198
10.13 AH Tunnel Mode. .................................................................................................................................198
10.14 ESP Tunnel Mode. ................................................................................................................................198
10.2 Diffie-Hellman Group ............................................................................201
10.15 . ..............................................................................................................202
10.3 . ............................................................................................................202
10.4 . ........................................................................................................................203
11.1 . ............................................................................210
11.2 ISO/IEC 27001. ..................................................................213
11.1 ISO 27k. ....................................................................................214
11.3 . ........................................................219
11.4 GRC. ........................................................................................................................233
12.1 . ..........................................................................239
12.1 . .................................................................244
12.2 CSIRT. ....................................................................................244
12.3 Argus. .....................................................................................................................................................245
12.4 Bro IDS. ..................................................................................................................................................245
12.5 Chaosreader. ..........................................................................................................................................245
12.6 OSSEC. ....................................................................................................................................................246
12.7 Squill. .....................................................................................................................................................246
12.8 Snorby. ...................................................................................................................................................246
12.9 digital forensics. ...................................................................................................247
12.10 Evidence File EnCase Forensic. .......................................................................................248
12.11 Autopsy. ............................................................249
12.12 (unallocated) (slack) . ......................................................................250
12.13 Autopsy. ..................................................................................251
12.14 . ...............................................................................................................251
13.1 . ....................................................................................................256
13.2 . .........................................................................256
13.3 . ........................................................................256
13.4 . ..........................................................................257
266
-
Access point
Active tapping
Address translation
Application-level Gateways
Asset
Attack
Authentication
Authorization
Availability
Block
Brute-Force Attack
Buffer overflow
Channel Capacity
Ciphertext
Circuit-level Gateways
Collision resistance
Communication Security
Computationally infeasible
Computer Security
Confidentiality
Congestion control
Connectionless
Correlation attack
Cost
Countermeasure
Cryptanalysis
Cryptography
cybercriminals -
cyberterrorists -
Cyclic Redundancy Check
Danger
Datagram
Decoder
Decryption/Decipherment
Denial of service
Destination address
Destination port
Digital Fingerprinting
Digital Forensics
Digital Watermarking
Encoder
Exception handling
Fabrication
Firewall
Flow control
Forensics
Frame
Grant
Harm
Hashing function
Heap
Host
Identification
Identity provider
267
Information and Communication Technologies
nformation Security
Information Security Management System
Information Theory
Initial Permutation
Initialization vector
Integrity
Interception
Internet of Things
Interruption
Intrusion detection
Invalidated input
Local Area Networks
Malware
Man-in-the-middle attack
Masquerading
Media
Message Detection Code
Message digest
Metropolitan Area Networks
Mobility
Modification
Nor-repudiation
Packet Filters
Parity bit
Passive tapping
Personal Area Networks
Personal Digital Assistant
Preimage resistance
Privilege
Protocol field
Race conditions
Replay
Repudiation
Routing
Slack space
Software
Source address
Source port
Stack
Statistical Analysis Attack
Steganography
Stream
Switch
Threads
Threat
Ubiquitous / Pervasive Computing
User
Vulnerability
Web Application
Wide Area Networks
268

Information Secutiry On Internet - in Greek

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Secutiry On Internet - in Greek

Uploaded by

Copyright:

Available Formats

1

10. - VPN ........................................................................... 189

11. ............................................................................................. 208

(viruses, Trojan horses, worms):

(Local Area Networks - LAN).

24 bit (Organizationally Unique

24 bit (Network Interface Controller NIC)

MAC address 1 (FF:FF:FF:FF:FF:FF), broadcast address

(1) parity bit, bit,

(Cyclic Redundancy Check CRC) modulo-2

2.3.4.2 MAC Spoofing

2.7 MAC Spoofing.

Network Address Translation (NAT). ,

stateless statefull IP:

: (Quality of Service QoS)

IPv6 broadcast . IPv6

o (prefix): 2000::/3 (001)

Unique Local (Site-Local): IPv4:

o prefix: FC00::/7 (1111 110)

Link-Local: IPv4: 169.254.0.0/16.

o prefix: FE80::/10 (1111 1110 10)

o Unspecified: ::/128 ( 0.0.0.0 IPv4)

o Localhost: ::1/128 ( 127.0.0.1 IPv4)

2.11 Three-way handshake.

(reliable data transfer),

(congestion control). TCP

SMTP, e-mail ( Internet).

DNS, , Bind Microsoft DNS

2.6.2.1 Packet Interception

Security Extensions DNS (DNSSEC),

2.6.2.3 Distributed Denial of Service

2.6.2.4 Cache Poisoning

2.13, MUA (.. Mozilla Thunderbird, Microsoft Outlook, .)

2.14 e-mail SMTP.

2.7.3 Internet of Things

3. Spanning Tree Protocol (STP):

hackers, - (cyber spies)

Onion model: , defense in-

3.1.3.1 Lollipop model

Onion, defense in-depth, ,

3.2.2.1 Packet Filters

packet filtering firewall firewall. (ingress

# Src Addr Src Dst Addr Dst Proto Action Comment

stateless packet filter IP Spoofing (

3.2.2.2 Circuit Level Gateways

To SOCKS Client Library,

3.2.2.3 Application Level Gateways

(application gateways), proxy servers,

proxy servers circuit level gateways,

proxy servers payload (deep inspection).

3.2.3 Bastion hosts

bastion hosts, circuit

bastion host proxies,

Single-Homed Bastion Host, packet

3.6 Single-Homed Bastion Host.

3.2.4.2 Dual-Homed Bastion Host

Dual-Homed Bastion Host, packet filter

3.7 Dual-Homed Bastion Host.

screened subnet, bastion host ,

3.8 Screened subnet.

Host-based IDS, (host),

Network-Based IDS, dedicated ,

3.10 Infrastructure mode.