Page 64

Q15.
DEFINE MESSAGE AUTHENTICATION.
LIST APPROACHES USED IN MESSAGE AUTHENTICATION.
EXPLAIN MESSAGE ENCRYPTION APPROACH.

ANS
MESSAGE authentication is a technique used to assure message sent by
genuine identity only.

Three approaches to message authentication are

1.message authentication code
2.message encryption
3.Hash function.

Message encryption an authentication process that prevents

messages from being read by an unintended or unauthorized persons.
Message encryption is necessary for sharing sensitive information

2 types of msg encryption

Sysmetric key encryption. A symmetric key is used to encrypt and decrypt
information
Public key encryption in which encryption and decryption is done using
different keys-public and private key.
Page 66
Explain message authentication code.
Message authentication code: MAC ensures that the message is
coming from the correct sender, has not been changed,
Process to ensure message is sent by genuine entity only.
Mac is a small block of data having fixed size and generated using secret key.
It is appended to the message.

MAC PROCESS
Step 1:Sender has a secret key K message M with him
Mac is generated using 2 values
MAC=MAC(K,M)

Step2 this MAC is sent to receiver along with message

Step 3.in possession of secret key K and message sent by sender,receiver
generates MAC value
Mac value of receiver is matched with mac value of sender. If they do not
match receiver understands the msg has been altered.
Hash functions are mathematical functions that transform
given data set into bit strings of fixed size also known as hash
value.
Message encryption approach:- encryption is way of
scrambling data(UNREADABLE FORM) so that only authorised
parties can understand the information.
PAGE 100 LONG BOOK
INTERNET PROTOCOL SECURITY
IPSEC AUTHENTICATE HEADER
Authentication header verifies orgin of data and payload to confirm if there
has been modification done in transmission.

Explanation only
Uses hash function and symmetric key to create message digest which is
inserted into authentication header.

FINGER PRINT OF MSG-HASH VALUE,ENCRYPT USING

SYMETRIC KEY.

Authentication header protects data within IP pack from tampering.

Anyone can read data.modify data receiver will know it.
Various fields associated with authentic header are

IP HEADER AH PAYLOAD OR DATA

FIELDS WITH AH HEADER ARE

NEXT HEADER.8 BIT FIELD used to identify the header types that immediately
follows authentication header.
If ESP follows ah,field contains 50 value
If AH follow ah,field contains 51 value
PAYLOAD LENGTH:8 BITS IN SIZE….SPECIFIES LENGTH OF AUTHENTICATION
HEADER
Reserved:16 bit field which is reserved for future use
Security parameter index: The security parameter index is an identification tag
added to the header while using ipsec for tunnelling the IP TRAFFIC.

Only explanation
This tag helps the kernel discern between two traffic streams
where different encryption rules and algorithms may be in use.

Sequence no:in relay attack,same packet is received twice.to overcome this

problems,the authentication header uses a sequence number field.(to keep
track of packets).
Authentication data: Authentication data field contains integrity check value.
This value is used for authentication purporse is in MAC form.
Integrity Check Value is calculated by generating MAC using the HMAC
digest algorithm.
Esp format…encapsulating security payload.
This protocol encrypts payload of data packet and provides authenticity and
integrity checking.
Provides confidentiality through encryption of packet.
IP HEADER ESP
Fields with ESP DATA FORMAT.
NEXT HEADER: 8 BITS IN SIZE.DETERMINES THE DATA PRESENT IN PAYLOAD
PAYLOAD DATA :PAYLOAD DATA FIELD REPRESENTS ENCRYTED DATA WHICH
IS TO BE TRANSFERRED.
Security parameter index:32 bit field which determines security association.
SEQUENCE NO:increasing 32 bit value used to protect against relay attacks
AUTHENTICATION DATA.AUTHENTICATION DATA FIELD CONTAINS INTEGRITY
CHECK VALUE

Page 80
Q28.
Explain general format of PGP message .(pretty good privacy.
A message consists of three components:
the message component,
a signature (optional),
and a session key component (optional).

1.The message component includes the actual data to be stored

or transmitted, as well as a filename and a timestamp that specifies
the time of creation.
Signature components contains the following
Timestamp: the time at which the signature was made
Create Message digest or hash and encrypt with senders key

SESSION KEY component:pgp creates a random session key.this session key is

encrypted using public key of the receipient.

At a basic level, PGP encryption uses a combination of two forms of encryption: symmetric
key encryption, and public-key encryption.

NOTE BELOW IS ONLY EXPLANATION IN BOX/DUBBA.

Functionality of pgp.

Step 1:Sender wants to send a message to Receiver

Step 2: Receiver generates public and private key

Step 3:Receiver keeps private key and sends public key to sender

Step 4 Sender encrypts his email using receiver public key .

Step 5: Sender sends encrypted mail to Receiver

Step 6: Receiver decrypts msg with private key.

Page no 84
Describe clearly about public key management in PGP

PGP uses the public key system in which every user has a unique
encryption key known publicly and a private key that only they
know.
A message is encrypted when a user sends it to someone using
their public key, then decrypted when the recipient opens it with
their private key.

It is very tedious task to distribute public and private keys between sender
and receiver.
There is a need to secure exchange of keys

To mininise risks ,many approaches are provided.

Approach 1: one of the methods is store public key in a storage devices and
personally hand it over to the person.
Approach 2:send public key using email msg
Approach 3:Acquire public key from a mutually trusted person.
Approach 4:Acquire public key from an authority that is certified and trusted
as well.