Cryptographic Tunneling in Networks

SSH - Secure Shell

TLS - Transport Layer Security & SSL - Secure Sockets Layer

Virtual Private Network (VPN)

IPSec - IP Security

IPsec is a suite of cryptographic extensions to the normal TCP/IP protocol suite. Before IPsec, applications had to handle their own cryptography functions (like SSL for HTTP). With IPsec, this logic can be pushed down to the network layer.


Cryptographic Hash & Message Digest

MD5 - Message Digest #5

SHA/SHS - Secure Hash Algorithms / Standard

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function. The algorithms were designed by the National Security Agency (NSA) and published as a US government standard. (From Wikipedia)

ssdeep

ssdeep is a open source (GPL) program for computing and matching Context Triggered Piecewise Hashing (aka Fuzzy Hashing) values, created and maintained by Jesse Kornblum. It is based on a spam detector called spamsum by Andrews Trigdell.

HMAC - Keyed-Hash Message Authentication Code


Public-Key Cryptography

S/MIME - Secure MIME

PGP - Pretty Good Privacy

PGP is a practical utility for cryptography and digital signature (certificate), based on the most modern, safe and efficient cryptography systems known. PGP was originally created and developed by Philip R. Zimmermann in 1991.

The U.S. Government was against Phil Zimmermann claiming violation of export restrictions on PGP criptography. Only in January 1996 the U.S. Courts definetively dropped the legal case. In March of the same year, PGP Inc. was formed, dealing with commercial versions of PGP, with Phil Zimmermann as CEO. In Dezember 1997, Network Associates Inc. (NAI) acquired the property of PGP Inc. company and Phil stayed on with NAI as Senyor Member to provide technical guidance for PGP's continued development, and to ensure the integrity of produced version (up to 7.0.3), free of back doors and with public release of complete source code.

In February 2001, he quits NAI to move on to his own projects on protect personal privacy. Phil launched OpenPGP Consortium, to facilitate interoperability of different implementations of the OpenPGP standard. In June 2002, PGP products and intellectual property were acquired from Network Associates by a new company called PGP Corporation, where Zimmermann now serves as special advisor and consultant. And Phil Zimmermann himself is now also a PGP reseller.


Secret-Key Cryptography

Advanced Encryption Standard (AES) & Rijndael

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen, selected by NIST for the Advanced Encryption Standard (AES).


Authentication and Access Control

Existing authentication methodologies involve three basic factors:
  • Something the user knows (e.g., password, PIN);
  • Something the user has (e.g., ATM card, smart card); and
  • Something the user is (e.g., biometric characteristic, such as a fingerprint).
Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. (FFIEC)

Multi-factor Authentication

HTTP Authentication

Kerberos

SOCKS

SOCKS is a generic proxy protocol for TCP/IP-based networking applications. SOCKS includes two components, the SOCKS server and the SOCKS client. The SOCKS server is implemented at the application layer. The SOCKS client is implemented between applications and transport layer.

PAM - Pluggable Authentication Modules

Single Sign-On (SSO)

  • Single sign-on
    From Wikipedia, the free encyclopedia.
  • CoSign - Collaborative single sign-on
    CoSign is an open source Web Single Sign-On, for secure, intra-institutional web authentication. Also as weblogin.org. By University of Michigan.
  • Central Authentication Service (CAS)
    The JA-SIG Central Authentication Service was originally developed by Yale University Information Technology Services (ITS). It has since become a JA-SIG project. Additional CAS client implementations available for Apache (MOD_CAS, AuthCAS mod_perl), ISAPI (CCCI CAS agent), Java (J2SE, JSP, JSR-168 portlets, Spring/Acegi), ColdFusion, PAM, Perl, PHP (PHP client, Prado), Ruby on Rails, uPortal, WebObjects, Zope (CASUserFolder).
  • ESOE - Enterprise Sign On Engine
    Integrated identity management, single sign on, authorization, federation and accountability for enterprise resources access, in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's engine is built around a reduced version of the OASIS XACML 2.0 standard which they have called Lightweight XACML (LXACML). ESOE is open source, licensed under Apache 2.0.
    ESOE Users wiki: Installation and Administration Documentation, Support and Mailing Lists, Downloads.
  • X/Open Single Sign-on Service (XSSO)
    XSSO Architecture, XSSO Sign-on Services, Pluggable Authentication Modules (PAM), XSSO Account Management Services.
  • See: Java APIs: Security: Single Sign-On (SSO)

Other Protocols and Applications

  • Security Protocols and Specifications
    Cryptographic APIs, Secure Internet Protocols, Secure IP/Datagrams, Random Number Generators, Certificates, Envelopes and MIME, Digital Signing and Content Rating, Privacy Enhancement for Internet MAIL (PEM), Public Key Exchange, Cryptographic Specifications, Public Source, Other References, Privacy & Politics.
  • advICE : Reference : Networking
    Internet Security Systems Reference by Internet Security Systems (ISS, formerly Network ICE).
  • TechFest - Networking Protocols
    By TechFest. Links of general information on networking protocols. TCP/IP, IPv6 & NGI, Routing, IAN, ICMP, E-Mail (POP, IMAP, SMTP), FTP, TFTP, Telnet, HTTP, HTML, UDP, PPP, SLIP, DNS, DHCP, SOCKS, NNTP, NTP, LDAP, NHRP, MPLS, IP Multicast, RSVP, , diffserv, intserv, IPSec, Firewalls, IP over ATM, Voice Over IP (VoIP), Multimedia, OSI, FTAM, Netware IPX, AppleTalk, DECnet, Xerox XNS, Banyan Vines, NETBIOS, SNA, DLS, VLANs, Bridging, Trunking / Link Aggregation, Jini.
  • Cryptomak Cipher Tools
    Cryptomak is collection of php scripts for encryption and decryption purpose. Cryptomak is using Phrame as web application platform which implements MVC (Model, View, Controller) design. At the view layer, Cryptomak is using Smarty as template engine.
    Cryptomak live Demos - Cipher: Simple Shift, Monoalphabetic Substitution, Columnar Transposition, Vigenere Cipher, Permutation, Affine Cipher, Xoft Cipher, Base64 Cipher - Tool: Frequency Distribution, Index of Coincidence.
  • Server Gateway Cryptography (SGC)
    By Microsoft.