Home | Products | Services | Case Studies | Technical Information | Press Room
 

 

  
CONTENTS    

1. INTRODUCTION

A definition of LANs

A brief history of LANs

2. MAIN TYPES OF LAN

Carrier Sense Multiple Access with Collision Detect (CSMA/CD) – Ethernet

Carrier Sense Multiple Access with Collision Detection

Token Ring

Token Bus

Fibre Distributed Data Interface (FDDI)

Other types of LAN

Apple Talk

ARCnet

3. PHYSICAL MEDIA

Copper Cabling

Co-axial

Thick Ethernet

Thin Coax

Twisted Pair

Crossover wiring

Backwards compatibility

Power over Ethernet

Fibre Optic Cabling

Types of Fibre

Structured Wiring

Wireless LAN

Introduction

802.11

Wireless LAN In PCs

The future of wireless networks

4. NETWORK COMPONENTS

PC Cards

Intelligent PC cards

Terminal Servers

Host Servers

Resources

File Servers

Printers

5. NETWORKING LANs

Network Repeaters

Network Hubs

Network Bridges

Spanning Tree

Network Routers

Transport of WAN Protocols Over Routers

Ethernet Switches

Ethernet Switch Introduction

Forwarding Methods

Gateways

6. LIMITATIONS OF LANS

Capacity

RMON

7. SOFTWARE ARCHITECTURES

Netware

IBM APPC

Netbios

LAN Manager

Windows NT

OSI – Open Systems Interconnection

Introduction

OSI Standards

MAP – Manufacturing Automation Protocol

TOP – Technical and Office Protocols

GOSIP (Government Open Systems Interconnection Profile)

8. ETHERNET & TCP/IP – DE FACTO STANDARDS

Introduction

TCP/IP Architectures

Transmission Control Protocol

Layer 1 – The Physical Layer

Layer 2 – The Data Link Layer

Layer 3 – The Network Layer

Layer 4 – Transport Layer

Layer 7 – Application layer

9. NETWORK FEATURES

Quality of Service

Why do we require a Quality of Service?

Applications requiring QoS

Obtaining QoS

Types of QoS

IntServ

DiffServe

MultiLayer Network Equipment

MPLS (Multiprotocol Label Switching)

10. VIRTUAL LANS

Introduction

VLAN Standards

Types of VLAN

Virtual Private Networks

What is a VPN?

Types of VPN

IP Sec- IP Security

Introduction to Ipsec

IP Sec and IPV6

IP Sec Protocols Operate at Layer 3

11. ENCRYPTION

Introduction

What is encryption?

Types of Cipher

Encryption Algorithms

12. PRODUCT TRENDS

Industry Standard Hardware and Open Source Software

Why Don’t All Organisations Purchase Open Source products?

 

SUMMARY

GLOSSARY

SUMMARY OF STANDARDS AND RECOMMENDATIONS

BIBLIOGRAPHY

WEB REFERENCES
 

11. ENCRYPTION

Introduction

Security over the WAN and within the LAN is becoming an issue and encryption of data is becoming almost a mandatory. This section outlines some of the encryption systems commonly used today.

What is encryption?

Encryption is the process of obscuring information to make it unreadable without special knowledge. While encryption has been used to protect communications for centuries, only organisations and individuals with an extraordinary need for secrecy have made use of it. In the mid-1970s, strong encryption emerged from the sole preserve of secretive government agencies into the public domain, and is now employed in protecting widely-used systems, such as Internet e-commerce, mobile telephone networks and bank automatic teller machines.

Encryption can be used to ensure secrecy, but other techniques are still needed to make communications secure, particularly to verify the integrity and authenticity of a message; for example, a message authentication code (MAC) or digital signatures. Another consideration is protection against traffic analysis.

Types of Cipher

Stream cipher

A stream Cipher is a symmetric cipher in which the input digits are encrypted one at a time, and in which the transformation of successive digits varies during the encryption. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state. In practice, the digits are typically single bits or bytes.

Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: some modes of operation use a block cipher primitive in such a way that it then acts effectively as a stream cipher. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly.

Well know stream ciphers are – RC4, A5/1, A5/2, Chameleon, FISH, Helix, ISAAC, LEVIATHAN, MUGI, Panama Pike, SEAL, SOBER, SOBER-128, WAKE.

Block cipher

A block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might take a (for example) 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext. The exact transformation is controlled using a second input — the secret key. Decryption is similar: the decryption algorithm takes a 128-bit block of ciphertext together with the secret key, and yields the original 128-bit block of plaintext.To encrypt messages longer than the block size (128 bits in the above example), a mode of operation is used. The distinction between the two types is not always clear-cut: a block cipher, when used in certain modes of operation, acts effectively as a stream cipher.

An early and highly influential block cipher design was the Data Encryption Standard (DES), developed at IBM and published as a standard in 1977. A successor to DES, the Advanced Encryption Standard (AES), was adopted in 2001.

Some algorithms that make use of block cipher – 3-Way AES, Blowfish, CAST-128, CAST-256, DEAL, DES, DES-X, FEAL, MAGENTA, RC2, RC5, RC6, SAFER, Serpent, Triple DES, Twofish.

Top 

Encryption Algorithms

There are a good many encryption algorithms and its outside the scope of this book to detail all of the algorithms. However we have provided a brief overview of some of the better know algorithms here.

DES

The Data Encryption Standard (DES) is a cipher selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. The algorithm was initially controversial, with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny, and motivated the modern understanding of block ciphers and their cryptanalysis.

DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; DES keys have been broken in less than 24 hours. There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).

Triple DES

Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. It was developed by Walter Tuchman (the leader of the DES development team at IBM) and is specified in FIPS Pub 46-3. There are several ways to use DES three times; not all are Triple-DES and not all are as secure. Triple-DES is defined as performing a DES encryption, then a DES decryption, and then a DES encryption again.

Triple-DES has a key length of 168-bits (three 56-bit DES keys), but because of an attack it has an effective key size of 112 bits. A variant reduces the key size to 112 bits. This mode is susceptible to some attacks, though.

DES is not a group; if it were one, the Triple-DES construction would be equivalent to a single DES operation and no more secure. Veteran 3DES stands unbroken to this day (according to publicly available information), but its demise is inevitable due to the cipher's miserably slow speed. The original DES design was meant for hardware-only use and it lends itself particularly poorly to implementation on modern 32-bit operating systems. An appliance capable of 3 Mbit/s VPN throughput over 3DES could easily achieve 10-22 Mbits when using the Blowfish block cipher.

Blowfish

Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. While no effective cryptanalysis of Blowfish has been found to date, more attention is now given to block ciphers with a larger block size, such as AES or Twofish.

Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems associated with other algorithms. At the time, many other designs were proprietary, encumbered by patents or kept as government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone." Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits.

Top 

Advanced Encryption Standard – AES

Advanced Encryption Standard also known as Rijndael, is a block cipher adopted as an encryption standard by the US government, and is expected to be used worldwide and analysed extensively, as was the case with its predecessor, the Data Encryption Standard (DES). It was adopted by National Institute of Standards and Technology (NIST) as US FIPS PUB 197 in November 2001after a 5-year standardisation process.

The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen AES is fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale.

Strictly speaking, AES is not precisely Rijndael (although in practice they are used interchangeably) as Rijndael supports a larger range of block and key sizes; AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits, whereas Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits. As of 2005, no successful attacks against AES have been recognised. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used for classified information:

TwoFish

Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the AES contest, but was not selected for standardisation. Twofish is related to the earlier block cipher Blowfish.

Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. Twofish borrows some elements from other designs; for example, the Pseudo-Hadamard Transform (PHT) from the SAFER family of ciphers. Twofish uses the same Feistel structure as DES.

On most software platforms Twofish is slightly slower than Rijndael (the chosen algorithm for AES) for 128-bit keys, but somewhat faster for 256-bit keys.

As of 2004, there is no known attack on Twofish more efficient than brute force key search.

Top 

SAFER

SAFER (Secure And Fast Encryption Routine) is the name of a family of block ciphers designed primarily by James Massey (one of the designers of IDEA) on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions — SAFER+ and SAFER++ — were submitted as candidates to the AES process and the NESSIE project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.

The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a key size of 64 bits. There was some demand for a version with a larger 128-bit key, and the following year Massey published such a variant incorporating new key schedule designed by the Singapore Ministry for Home affairs: SAFER K-128. However, both Lars Knudsen and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named SAFER SK-64 and SAFER SK-128 respectively.

Serpent

Serpent is a symmetric key block cipher which was a finalist in the Advanced Encryption Standard contest, where it came second to Rijndael.

Like other AES submissions, Serpent has a block size of 128 bits and supports a key size of 128, 192 or 256 bits. The cipher is a 32-round substitution-permutation network operating on a block of four 32-bit words. Each round uses 32 copies of the same 4-bit to 4-bit S-box. Serpent was designed so that all operations can be executed in parallel, using 32 1-bit slices. This maximises parallelism, but also makes use of the extensive cryptanalysis work performed on DES.

Serpent was widely viewed as taking a more conservative approach to security than the other AES finalists, opting for a larger security margin: the designers deemed 16 rounds to be sufficient against known types of attack, but specified 32 rounds as insurance against future discoveries in cryptanalysis.

 

Top 

 

< Previous section Next section >

 

    
Technical Information > Case Pocket Books > This page  
 Top Copyright © Case Communications 2005