Cns unit-5

PGP:
The email will be converted into hash
code using some hash algorithm.to
verify the authenticity this hash code
will be converted into digital
signature.now the email and the digital
signature are concatenated and
compressed to zip file. This
compressed output will be encrypted
with the help of s-key(symmetric
key).now receiver can decrypt the
message using the s-key.the
symemetric key will not directly be
send to the receiver.the key will be
encryptedand cipher s-key will be
generated.this cipher s-key is send to
receiver to decrypt the message.
 We are having a message eg. E-Mail
 Apply hash function/algo to the e-
mail to get the hash code(H-hash
algo,h-hash code).
 This hash code will be encrypted
using the private key of a.
 After encryption u will get the
encrypted hash code i.e.E(h).
 Now this E(h) and the message will
be concatenated/appended.
 This appended data will be
compressed with the zip file(z).
 Since we have done the encryption
its relevant cipher text (CT) will be
generated.
 After the cipher text is generated
the compressed data needs to be
decompressed(z^-1).
 Now we have to break the
appended message.
 Now the data is broke in 2 parts i.e.
message and E(h).
 We will apply a hash function on
message and get the hash code.
 Decryption is done on the E(h) with
the help of public key of a.
 Now both the hash codes are
compared.
 If both the hash codes are same
then authenticity is maintained else
not maintained.
 Here in this case there is no
confidentiality because we are not
performing encryption and
decryption on the message.

 Here 1st the message is taken

and compressed to the zip file.
 Now the conventional
encryption method is
performed(it is nothing but
symmetric key encryption)with
the help of one key i.e. k
 Now not only the message but
also the key is encrypted with
the help of public key.
 Now the message and the
encrypted key will be appended.
 Now the appended data will be
breaked.
 Now we have to decrypt the key
with the help of private key and
then perform the conventional
decryption on the message.
  Now the message is
decompressed(z^-1).
 Now u will receive the actual
message.
 In this case we are decrypting
the message also so there will be
confidentiality.

Same as above process but in this

case we will have both
confidentiality and authentication.
S/MIME:
It is extension to the mime protocol.
Transport Layer Security & its Working
Transport layer security protocol is one of the security protocols which are designed to
facilitate privacy and data security for communications over the Internet. The main use of
TLS is to encrypt the communication between web applications and servers, like web
browsers loading a website.

TLS is used to encrypt other communications like email, messaging, and voice over IP
(VoIP). TLS was proposed by the Internet Engineering Task Force (IETF), which is an
international standards organization.

Components

The three main components that TLS accomplishes are as follows −

 Encryption − It is used to hide the data being transferred from third parties.
 Authentication − It always ensures that the parties exchanging information are who
they claim to be.
 Integrity − Integrity verifies that the data has not been tampered with.

Given below is the pictorial representation of the Transport layer security protocol (TLS)
−
Advantages

The advantages of TLS are as follows−

 Encryption
 Interoperability
 Flexibility
 Easy of deployment
 Easy to use.

TLS handshake Protocol

The working condition of the TLS Handshake protocol is shown below

Here,
  A client sends a synchronous message “client hello” requesting a connection and
presents a list of supported cipher suites and a random string of bytes.
 The server responds with a “server hello” message containing a server certificate.
 The server is sending its SSL certificate to the client for the purpose of authentication.
The client then authenticates the server by verifying the server's SSL certificate, and
also sends a certificate for authentication if requested by the server.
 The client sends the client key exchange, change Cipher specification finished
message to the server.
 The server decrypts the message sent by client secret with the private key.
 Both client and server generate session keys from the client random, the server
random, and the secret message.
 The client sends a “finished” message that has been encrypted with a session key.
 The server responds with a finished message which was encrypted with a session key.
 The client and server have successfully achieved secure symmetric encryption,
meaning the handshake is complete and communication can continue with the
established session keys.
 Finally transfer the application data.

Secure Shell (SSH) Protocol & its Working

The SSH(Secure Shell) is an access credential that is used in the SSH Protocol. In other
words, it is a cryptographic network protocol that is used for transferring encrypted data over
the network. The port number of SSH is 22(Twenty-Two). It allows you to connect to a
server, or multiple servers, without having to remember or enter your password for each
system that is to log remotely from one system to another. It always comes in key pairs:

 Public key – Everyone can see it, no need to protect it. (for encryption function).

 Private key – Stays in computer, must be protected. (for decryption function).

Key pairs can be of the following types:

  User Key – If the public key and private key remain with the user.

 Host Key – If public key and private key are on a remote system.

 Session key – Used when a large amount of data is to be transmitted.

Features of SSH

 Encryption: Encrypted data is exchanged between the server and client, which ensures
confidentiality and prevents unauthorized attacks on the system.

 Authentication: For authentication, SSH uses public and private key pairs which provide
more security than traditional password authentication.

 Data Integrity: SSH provides Data Integrity of the message exchanged during the
communication.

 Tunneling: Through SSH we can create secure tunnels for forwarding network connections
over encrypted channels.

SSH Functions

There are multiple functions performed by SSH Function, here below are some functions:

 SSH provides high security as it encrypts all messages of communication between client and
server.

 SSH provides confidentiality

 SSH allows remote login, hence is a better alternative to TELNET

 SSH provides a secure File Transfer Protocol, which means we can transfer files over the
Internet securely

 SSH supports tunneling which provides more secure connection communication

SSH Protocol

To provide security between a client and a server the SSH protocol uses encryption. All user
authentication and file transfers are encrypted to protect the network against attacks.
SSH Protocol

Techniques Used in SSH

There are majorly three major techniques used in SSH, which are

 Symmetric Cryptography: In Symmetric key cryptography the same key used for encrypting
and decrypting the message, a unique single shared key is kept between the sender and
reciever. For ex: DES (Data Encryption Standard) and AES (Advanced Encryption Standard).

Symmetric Cryptography
  Asymmetric Cryptography: In Asymmetric key cryptography the key used for encrypting is
different from the key used for decrypting the message. For ex: RSA (Rivest–Shamir–
Adleman) and Digital Signature Algorithm.

Asymmetric Cryptography

 Hashing: Hashing is a procedure used in cryptography which convert variable length string to
a fixed length string, this fixed length value is called hash value which is generated by hash
function.

Ssl:
 SSL TLS
SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.
SSL (Secure Socket Layer) supports the TLS (Transport Layer Security) does not
Fortezza algorithm. support the Fortezza algorithm.
TLS (Transport Layer Security) is the 1.0
SSL (Secure Socket Layer) is the 3.0 version.
version.
In TLS(Transport Layer Security), a Pseudo-
In SSL( Secure Socket Layer), the Message
random function is used to create a master
digest is used to create a master secret.
secret.
In SSL( Secure Socket Layer), the Message In TLS(Transport Layer Security), Hashed
Authentication Code protocol is used. Message Authentication Code protocol is used.
SSL (Secure Socket Layer) is more complex
TLS (Transport Layer Security) is simple.
than TLS(Transport Layer Security).
SSL (Secure Socket Layer) is less secured as TLS (Transport Layer Security) provides high
compared to TLS(Transport Layer Security). security.
TLS is highly reliable and upgraded. It
SSL is less reliable and slower.
provides less latency.
SSL has been depreciated. TLS is still widely used.
SSL uses port to set up explicit connection. TLS uses protocol to set up implicit connection

IP Security
Authentication Header : The question may arise, that how IP header will know that adjacent
Extension header is Authentication Header. Well, there is protocol field in IP Header which
tells type of header that is present in packet. So, protocol field in IP Header should have value
of “51” in order to detect Authentication Header.

1. Next Header – Next Header is 8-bit field that identifies type of header present after
Authentication Header. In case of TCP, UDP or destination header or some other
extension header it will store correspondence IP protocol number . Like, number 4 in
this field will indicate IPv4, number 41 will indicate IPv6 and number 6 will indicate
TCP.
2. Payload Length – Payload length is length of Authentication header and here we use
scaling factor of 4. Whatever be size of header, divide it by 4 and then subtract by 2.
We are subtracting by 2 because we’re not counting first 8 bytes of Authentication
header, which is first two row of picture given above. It means we are not including
Next Header, Payload length, Reserved and Security Parameter index in calculating
payload length. Like, say if payload length is given to be X. Then (X+2)*4 will be
original Authentication header length.
 3. Reserved – This is 16-bit field which is set to “zero” by sender as this field is
reserved for future use.
4. Security Parameter Index (SPI) – It is arbitrary 32-bit field. It is very important
field which identifies all packets which belongs to present connection. If we’re
sending data from Source A to Destination B. Both A and B will already know
algorithm and key they are going to use. So for Authentication, hashing function and
key will be required which only source and destination will know about. Secret key
between A and B is exchanged by method of Diffie Hellman algorithm. So Hashing
algorithm and secret key for Security parameter index of connection will be fixed.
Before data transfer starts security association needs to be established. In Security
Association, both parties needs to communicate prior to data exchange. Security
association tells what is security parameter index, hashing algorithm and secret key
that are being used.
5. Sequence Number – This unsigned 32-bit field contains counter value that increases
by one for each packet sent. Every packet will need sequence number. It will start
from 0 and will go till – 1 and there will be no wrap around. Say, if all sequence
numbers are over and none of it is left but we cannot wrap around as it is not allowed.
So, we will end connection and re-establish connection again to resume transfer of
remaining data from sequence number 0. Basically sequence numbers are used to stop
replay attack. In Replay attack, if same message is sent twice or more, receiver won’t
be able to know if both messages are sent from a single source or not. Say, I am
requesting 100$ from receiver and Intruder in between asked for another 100$.
Receiver won’t be able to know that there is intruder in between.
6. Authentication Data (Integrity Check Value) – Authentication data is variable
length field that contains Integrity Check Value (ICV) for packet. Using hashing
algorithm and secret key, sender will create message digest which will be sent to
receiver. Receiver on other hand will use same hashing algorithm and secret key. If
both message digest matches then receiver will accept data. Otherwise, receiver will
discard it by saying that message has been modified in between. So basically,
authentication data is used to verify integrity of transmission. Also length of
Authentication data depends upon hashing algorithm you choose.

Modes of operations in Authentication Header:

There are two modes in the authentication header

 Authentication Header Transport Mode:

 Authentication Header Tunnel Mode:

1. Authentication Header Transport Mode: In the authentication header transport

mode, it is lies between the original IP Header and IP Packets original TCP header.
2. Authentication Header Tunnel Mode: In this authentication header tunnel mode,
the original IP packet is authenticated entire and the authentication header is inserted
between the original IP header and new outer IP header. Here, the inner IP header
contains the ultimate source IP address and destination IP address. whereas the outer
IP header contains different IP address that is IP address of the firewalls or other
security gateways.

The diagrammatic representation of ESP has the below-mentioned components :

1. Security Parameter :

 Security parameters are assigned a size of 32 bits for use

 Security Parameter is mandatory to security parameter in ESP for security links and
associations

2. Sequence Number:

 The sequence number is 32 bits in size and works as an incremental counter.

 The first packet has a sequence number 1 assigned to it whenever sent through SA

3. Payload Data:

 Payload data don’t have fixed size and are variable in size to use

 It refers to the data/ content that is provided security by the method of encryption

4. Padding:

 Padding has an assigned size of 0-255 bytes assigned to it.

 Padding is done to ensure that the payload data which needs to be sent securely fits
into the cipher block correctly, so for this padding payloads come to the rescue.

5. Pad Length:

 Pad Length is assigned the size of 8 bits to use

 It is a measure of pad bytes that are preceding

6. Next Header:

 The next header is associated with a size of 8 bits to use

 It is responsible for determining the data type of payload by studying the first header
of the payload

7. Authentication Data:

 The size associated with authentication data is variable and never fixed for use-case

 Authentication data is an optional field that is applicable only when SA is selected. It

serves the purpose of providing integrity

Set:

Secure Electronic Transaction or SET is a system that ensures the security and integrity of
electronic transactions done using credit cards in a scenario. SET is not some system that
enables payment but it is a security protocol applied to those payments. It uses different
encryption and hashing techniques to secure payments over the internet done through credit
cards. The SET protocol was supported in development by major organizations like Visa,
Mastercard, and Microsoft which provided its Secure Transaction Technology (STT), and
Netscape which provided the technology of Secure Socket Layer (SSL).

SET protocol restricts the revealing of credit card details to merchants thus keeping hackers
and thieves at bay. The SET protocol includes Certification Authorities for making use of
standard Digital Certificates like X.509 Certificate.

Before discussing SET further, let’s see a general scenario of electronic transactions, which
includes client, payment gateway, client financial institution, merchant, and merchant
financial institution.

Requirements in SET: The SET protocol has some requirements to meet, some of the
important requirements are:

 It has to provide mutual authentication i.e., customer (or cardholder) authentication by

confirming if the customer is an intended user or not, and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information) confidential
by appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes should be allowed
in the content being transmitted.
  SET also needs to provide interoperability and make use of the best security
mechanisms.

Participants in SET: In the general scenario of online transactions, SET includes similar
participants:

1. Cardholder – customer
2. Issuer – customer financial institution
3. Merchant
4. Acquirer – Merchant financial
5. Certificate authority – Authority that follows certain standards and issues
certificates(like X.509V3) to all other participants.

SET functionalities:

 Provide Authentication
o Merchant Authentication – To prevent theft, SET allows customers to check
previous relationships between merchants and financial institutions. Standard
X.509V3 certificates are used for this verification.
o Customer / Cardholder Authentication – SET checks if the use of a credit
card is done by an authorized user or not using X.509V3 certificates.
 Provide Message Confidentiality: Confidentiality refers to preventing unintended
people from reading the message being transferred. SET implements confidentiality
by using encryption techniques. Traditionally DES is used for encryption purposes.
 Provide Message Integrity: SET doesn’t allow message modification with the help
of signatures. Messages are protected against unauthorized modification using RSA
digital signatures with SHA-1 and some using HMAC with SHA-1,

Dual Signature: The dual signature is a concept introduced with SET, which aims at
connecting two information pieces meant for two different receivers :

Order Information (OI) for merchant

Payment Information (PI) for bank

You might think sending them separately is an easy and more secure way, but sending them
in a connected form resolves any future dispute possible. Here is the generation of dual
signature:
Where,

PI stands for payment information

OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
|| stands for append operation
Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])

Purchase Request Generation: The process of purchase request generation requires three
inputs:

 Payment Information (PI)

 Dual Signature
 Order Information Message Digest (OIMD)

The purchase request is generated as follows:

Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)

Purchase Request Validation on Merchant Side: The Merchant verifies by comparing

POMD generated through PIMD hashing with POMD generated through decryption of Dual
Signature as follows:
Firewalls:

A firewall is a network security device that prevents unauthorized access to a network. It

monitors both incoming and outgoing traffic using a predefined set of security to detect and
prevent threats.

What is Firewall?

A firewall is a network security device, either hardware or software-based, which monitors

all incoming and outgoing traffic and based on a defined set of security rules accepts, rejects,
or drops that specific traffic.

 Accept: allow the traffic

 Reject: block the traffic but reply with an “unreachable error”

  Drop : block the traffic with no reply

A firewall is a type of network security device that filters incoming and outgoing network
traffic with security policies that have previously been set up inside an organization. A
firewall is essentially the wall that separates a private internal network from the open Internet
at its very basic level.

History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing
on routers. ACLs are rules that determine whether network access should be granted or
denied to specific IP address. But ACLs cannot determine the nature of the packet it is
blocking. Also, ACL alone does not have the capacity to keep threats out of the network.
Hence, the Firewall was introduced. Connectivity to the Internet is no longer optional for
organizations. However, accessing the Internet provides benefits to the organization; it also
enables the outside world to interact with the internal network of the organization. This
creates a threat to the organization. In order to secure the internal network from unauthorized
traffic, we need a Firewall.

Working of Firewall

Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined as
any employee from Human Resources department cannot access the data from code server
and at the same time another rule is defined like system administrator can access the data
from both Human Resource and technical department. Rules can be defined on the firewall
based on the necessity and security policies of the organization. From the perspective of a
server, network traffic can be either outgoing or incoming.

Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is
always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of
these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a
source address and destination address. Also, TCP and UDP have port numbers. ICMP uses
type code instead of port number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server
on the firewall. So, it will follow the default policy. If default policy on the firewall is set to
accept, then any computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good practice.

Types of Firewall

Firewalls can be categorized based on their generation.

1. Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring outgoing and
incoming packets and allowing them to pass or stop based on source and destination IP
address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly
uses first 3 layers). Packet firewalls treat each packet in isolation. They have no ability to tell
whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers. Packet filtering firewall maintains a filtering table that
decides whether the packet will be forwarded or discarded. From the given filtering table, the
packets will be filtered according to the following rules:
  Incoming packets from network 192.168.21.0 are blocked.

 Incoming packets destined for the internal TELNET server (port 23) are blocked.

 Incoming packets destined for host 192.168.21.3 are blocked.

 All well-known services to the network 192.168.21.0 are allowed.

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection
state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track
of the state of networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the state
table.

3. Software Firewall

A software firewall is any firewall that is set up locally or on a cloud server. When it comes
to controlling the inflow and outflow of data packets and limiting the number of networks
that can be linked to a single device, they may be the most advantageous. But the problem
with software firewall is they are time-consuming.
4. Hardware Firewall

They also go by the name “firewalls based on physical appliances.” It guarantees that the
malicious data is halted before it reaches the network endpoint that is in danger.

5. Application Layer Firewall

Application layer firewall can inspect and filter the packets on any OSI layer, up to the
application layer. It has the ability to block specific content, also recognize when certain
application and protocols (like HTTP, FTP) are being misused. In other words, Application
layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct
connection between either side of the firewall, each packet has to pass through the proxy.

6. Next Generation Firewalls (NGFW)

NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and
many functionalities to protect the network from these modern threats.

7. Proxy Service Firewall

This kind of firewall filters communications at the application layer, and protects the
network. A proxy firewall acts as a gateway between two networks for a particular
application.

8. Circuit Level Gateway Firewall

This works as the Sessions layer of the OSI Model’s . This allows for the simultaneous setup
of two Transmission Control Protocol (TCP) connections. It can effortlessly allow data
packets to flow without using quite a lot of computing power. These firewalls are ineffective
because they do not inspect data packets; if malware is found in a data packet, they will
permit it to pass provided that TCP connections are established properly.

Functions of Firewall

 Every piece of data that enters or leaves a computer network must go via the firewall.

 If the data packets are safely routed via the firewall, all of the important data remains intact.

 A firewall logs each data packet that passes through it, enabling the user to keep track of all
network activities.

 Since the data is stored safely inside the data packets, it cannot be altered.

 Every attempt for access to our operating system is examined by our firewall, which also
blocks traffic from unidentified or undesired sources.
Advantages of using Firewall

 Protection from unauthorized access: Firewalls can be set up to restrict incoming traffic
from particular IP addresses or networks, preventing hackers or other malicious actors from
easily accessing a network or system. Protection from unwanted access.

 Prevention of malware and other threats: Malware and other threat prevention: Firewalls
can be set up to block traffic linked to known malware or other security concerns, assisting
in the defense against these kinds of attacks.

 Control of network access: By limiting access to specified individuals or groups for particular
servers or applications, firewalls can be used to restrict access to particular network
resources or services.

 Monitoring of network activity: Firewalls can be set up to record and keep track of all
network activity.

 Regulation compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures.

 Network segmentation: By using firewalls to split up a bigger network into smaller subnets,
the attack surface is reduced and the security level is raised.

Disadvantages of using Firewall

 Complexity: Setting up and keeping up a firewall can be time-consuming and difficult,

especially for bigger networks or companies with a wide variety of users and devices.

 Limited Visibility: Firewalls may not be able to identify or stop security risks that operate at
other levels, such as the application or endpoint level, because they can only observe and
manage traffic at the network level.

 False sense of security: Some businesses may place an excessive amount of reliance on their
firewall and disregard other crucial security measures like endpoint security or intrusion
detection systems.

 Limited adaptability: Because firewalls are frequently rule-based, they might not be able to
respond to fresh security threats.

 Performance impact: Network performance can be significantly impacted by firewalls,

particularly if they are set up to analyze or manage a lot of traffic.

 Limited scalability: Because firewalls are only able to secure one network, businesses that
have several networks must deploy many firewalls, which can be expensive.

 Limited VPN support: Some firewalls might not allow complex VPN features like split
tunneling, which could restrict the experience of a remote worker.

 Cost: Purchasing many devices or add-on features for a firewall system can be expensive,
especially for businesses.
Sha:
Kerberos: