Cryptology

VPN encrypts# the traffic in Network Layer.

Traffic Flow Confidentiality is a kind of #Security Service utilises encryption#, Traffic Padding#, and Routing Control# in order to counter Traffic Analysis#.

MITM is a #known plaintext attack on an #encryption scheme by obtaining the ciphertext in between two encryption algorithms, and comparing the encrypted output from the plaintext and decrypted output from the final ciphertext. This process could be further understood with the following equation:

However, Version 4 is not without flaws. There is a double encryption on the tickets provided to the client (\(\text{Ticket}_{tgs}\) and \(\text{Ticket}_{V}\)). The encryption scheme used by V4 is not secure at all (PCBC, which is a non-standard Data Encryption Standard (DES)#). It is vulnerable to an attack which involves the interchange of the ciphertext blocks. (Version 5 prevents it by providing Cipher Block Chaining (CBC)# mode for encryption). In addition, the same ticket could be used by the client to access a server which is at risk of potential Replay Attack using an old session key. (V5 allows the use of a subsession key, which will be invalid after one connection)

Integrity is a measure on whether how complete (remained unaltered) the received message itself is, as it would be the same or highly similar as the one that being sent. By further utilising encryption#, Digital Signature# and Data Integrity#, it could be used to counter Replay Attack# and Modification#