DNS PPT
-
Upload
desamsetti-kranthi-kiran -
Category
Documents
-
view
433 -
download
0
Transcript of DNS PPT
![Page 1: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/1.jpg)
PRESENTED BY
V.ANJALI REDDY(0671003)
D.KARUNA SRI(0671013)M.MYTHRI(0671023)K.RAMA SEETHA(0671033)S.SPANDANA(0671044)T.SWARNA LATHA(0671054)
PUBLIC KEY VALIDATION FOR DNS
SECURITY EXTENSIONS
![Page 2: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/2.jpg)
OBJECTIVE
To provide security by combining the concept of both the Digital Signature and Asymmetric (public key) cryptography by sending the Public key over the Network.
![Page 3: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/3.jpg)
DNS Architecture
![Page 4: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/4.jpg)
Domain names are chosen from a tree-structured name space. A domain name is either a leafor an interior node of the tree space. Each leaf nodeholds a set of resource records. An interior node alsoholds a set of resource records, some of which willprovide information about other nodes in the tree.Servers hold information about the tree structure andresource records.
![Page 5: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/5.jpg)
CRYPTOGRAPHIC TECHNIQUE USED
No key (Digital Signature)
One key (Symmetric Key)
Two key (Asymmetric key)
SECURITY
![Page 6: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/6.jpg)
DATAFLOW DIAGRAM 1
DOMAIN-1 VERIFYSUB DOMAIN
IDENTIFYENCRYPTED
MESSAGE
ENCRYPTED
MESSAGE
IP ADDRESSENCRYPTDMESSAGE
SERVER
![Page 7: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/7.jpg)
DATAFLOW DIAGRAM 2
SERVERVERIFY
SUB DOMAIN
IDENTIFYENCRYPTED
MESSAGE
ENCRYPTED
MESSAGE
IP ADDRESSENCRYPTDMESSAGE
DOMAIN-2
![Page 8: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/8.jpg)
ENCRYPTION,KEY GENERATION,
SIGNATURE GENERATION,SIGNATURE VERIFICATION,
DECRYPTION
SENDERRECEIVER
ORIGINAL
MESSAGE
ORIGINAL
MESSAGE
DATA FLOW DIAGRAM 3
![Page 9: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/9.jpg)
IMPLEMENTATION
• Authentication • Message Encryption using Message
Digest Algorithm • Key Generation using PRNG
Algorithm• Signature Generation• Verifying Signature and Decrypting
![Page 10: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/10.jpg)
AUTHENTICATION
ENTER THE USER NAME AND PASSWORD
AUTHENTICATION
VERIFY
LOGIN
SEND MESSAGE OR ATTACHMENT
![Page 11: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/11.jpg)
MESSAGE ENCRYPTION
MESSAGE ENCRYPTION
CONVERT EACH CHARACTER TO ASCII CODE
CONVERT THE ASCII CODE TO HEX CODE
ENCRYPTED MESSAGE
READ CHARACTER BY CHARACTER
![Page 12: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/12.jpg)
When the sender clicks the send button, a message digest is produced by converting the message to its ASCII value, which in turn gets converted into Hex code then calling the digest method in the security package.
MESSAGE DIGESION
![Page 13: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/13.jpg)
FIG : DFD FOR MESSAGE ENCRYPTION
SENDER
PRODUCEDIGEST USING
MESSAGEDIGEST
ALGORITHM
ENCRYPTED MESSAGE
ENCRYPTED,COMPRESSED
MESSAGE
MESSAGE.TXT
1.0
MESSAGE DIGESTION
![Page 14: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/14.jpg)
The MD5 Message-Digest Algorithm
The algorithm takes as input
a message of arbitrary length and produces as output a 128-bit or "message digest" of the input. The MD5 algorithm is intended for digital signature applications.
![Page 15: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/15.jpg)
Steps involved in MD-5 algorithm
Append Padding Bits Append Length Initialize MD Buffer Process Message in 16-Word
Blocks Output
![Page 16: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/16.jpg)
KEY GENERATION
PRNG ALGORITHM
CALL THE METHOD IN THE CODING
GENERATE TWO RANDOM NUMBERS(PUBLIC AND PRIVATE KEY)
DISPLAY THE KEYS IN THE BACK END
GENERATE SIGNATURE AND SEND
![Page 17: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/17.jpg)
As soon as the user clicks the send button key generation also takes place simultaneously. The key pair (public and private key) is generated using the Cryptography PRNG (Pseudo Random Number Generator) Algorithm. The keys are stored in separate text files (Public.txt, Private.txt).
KEY GENERATION
![Page 18: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/18.jpg)
FIG : DFD FOR KEY GENERATION
KEY GENERATIONUSING
CRYPTOGRAPHY PRNG
PUBLIC KEY
PRIVATE KEY
PUBLIC.TXT,PRIVATE.TXT
MESSAGE
KEY GENERATION
![Page 19: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/19.jpg)
Random Number Generator
Random Number Generators (RNGs)used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers.
![Page 20: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/20.jpg)
There are two basic classes: deterministic nondeterministic A deterministic RNG consists of an
algorithm that produces a sequence of bits from an initial value called a seed.
![Page 21: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/21.jpg)
PRNG mechanism
PRNGs work by keeping an internal state. Typically this is a seed and a key, which are kept secret. When a consumer requests random data, a cryptographic algorithm operates on the seed and the key to produce pseudo-random output. The internal state is then updated so that the next request does not produce the same data.
![Page 22: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/22.jpg)
Some typical pseudo-code for a PRNG generator might be
INPUT: (Key, Seed) OUTPUT: random_data, (Key', Seed') random_data = F(Key, Seed) Key' = F(Key, Seed+1) Seed' = F(Key', Seed) return random_data
![Page 23: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/23.jpg)
SIGNATURE GENERATION
DSA ALGORITHM
PRIVATE KEY + ENCRYPTED TEXT FILE
GENERATE SIGNATURE
PUBLIC KEY + SIGNATURE
SEND THROUGH THE NETWORK
![Page 24: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/24.jpg)
The encrypted message and the private key are combined to generate the Digital Signature using DSA Algorithm. The generated signature is stored in a text file (signature.txt). The encrypted message is send along with the public key and signature.
SIGNATURE GENERATION
![Page 25: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/25.jpg)
FIG DFD FOR SIGNATURE GENERATION
SIGNATURE GENERATION
USINGDSA
ALGORITHM
ENCRYPTED
MESSAGE
PRIVATE KEY
DIGITAL
SIGNATURE
SIGNATURE.TXT
MESSAGE.TXT
PRIVATE.TXT
SIGNATURE GENERATION
![Page 26: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/26.jpg)
DSA Algorithm
Choose a prime q with the same number of bits as the output of H.
Choose a L-bit prime p such that p–1 is a multiple of q.
Choose g such that g = h(p–1)/q(1 < h < p-1) Choose x by some random method, where 0 < x < q. Calculate y = gx mod p.
![Page 27: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/27.jpg)
Signing
Generate a random per-message value k where
0 < k < q Calculate r = (gk mod p) mod q Calculate s = (k-1(H(m) + x*r)) mod q Recalculate the signature in the unlikely case
that r=0 or s=0 The signature is (r,s) Where H is the hashing function and m is the
message
![Page 28: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/28.jpg)
VERIFYING SIGNATURE AND DECRYPTING
DESTINATION
PUBLIC KEY ,SIGNATURE FROM THE SENDER
GENERATE SIGNATURE USING DSA ALGORITHM
DECRYPT THE MESSAGE OR FILE
REPLY TO THE SOURCE
VERIFY THE SIGNATURE
IF MATCHES
DISCARDNO MATCH
![Page 29: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/29.jpg)
In the receiver side, by using the public key with DSA Algorithm a signature is generated. The generated signature is verified with the received signature. If the signature matches it decrypts the message or otherwise it exits without decrypting.
![Page 30: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/30.jpg)
Verifying
Reject the signature if either 0< r <q or 0< s <q is not satisfied. Calculate w = (s)-1 mod q Calculate u1 = (H(m)*w) mod q Calculate u2 = (r*w) mod q Calculate v = ((gu1*yu2) mod p) mod q
![Page 31: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/31.jpg)
OUTPUT SCREENS
![Page 32: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/32.jpg)
![Page 33: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/33.jpg)
![Page 34: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/34.jpg)
![Page 35: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/35.jpg)
![Page 36: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/36.jpg)
![Page 37: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/37.jpg)
![Page 38: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/38.jpg)
![Page 39: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/39.jpg)
ADVANTAGES DNSSEC (short for DNS Security Extensions)
adds security to the Domain Name System. • Described in RFC’s 4033, 4034, 4035 & 4310 • Protects against data spoofing and
corruption • It is a set of DNS security extensions which
provide: – Origin authentication of DNS data – Data integrity but not confidentiality – authenticated denial of existence
![Page 40: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/40.jpg)
APPLICATIONS
E-mail is one of the more popular applications that use DNS.
Recently, many protocols in the Internet are proposing the use of public key cryptography in support of integrity and authentication security services.
![Page 41: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/41.jpg)
The DNS as deployed in the Internet today meets three of the previously stated criteria
global availability real-time access to public keys globally unique and unambiguous
names
![Page 42: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/42.jpg)
LIMITATIONS
The whole procedure is very time and space consuming.
Many rather long public keys have to be stored.
The keys have to be obtained before they can be used.
The calculations to encrypt and decrypt message digests may take too long to support the goal of the Domain Name System of efficiency.
![Page 43: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/43.jpg)
FUTURE ENHANCEMENT
A recent protocol includes the specification of a global infrastructure that could be usedto distribute and manage public keys for otherprotocols: the secure Domain Name System (DNS) [9].As of this writing, it has been submitted forconsideration as a Proposed Internet Standard. It is anenhancement of the DNS [5,6,7,8], an existing globalinfrastructure.
![Page 44: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/44.jpg)
SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS PROCESSOR III AND ABOVE 20 GB HARD DISK 256 DDR RAM
SOFTWARE REQUIREMENTS JDK 1.5 (SWINGS)
![Page 45: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/45.jpg)
CONCLUSION
The security threats for DNS was overcome by using public key validation and it was implemented and executed successfully
![Page 46: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/46.jpg)
![Page 47: DNS PPT](https://reader036.fdocuments.us/reader036/viewer/2022081413/546d0d44b4af9f08038b46f3/html5/thumbnails/47.jpg)