MODULE 5

PGP

1. PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
2. PGP was designed to provide all four aspects of security, i.e., privacy, integrity,
authentication, and non-repudiation in the sending of email.
3. PGP uses a digital signature (a combination of hashing and public key encryption) to
provide integrity, authentication, and non-repudiation. PGP uses a combination of secret
key encryption and public key encryption to provide privacy. Therefore, we can say that
the digital signature uses one hash function, one secret key, and two private-public key
pairs.
4. PGP is an open source and freely available software package for email security.
5. PGP provides authentication through the use of Digital Signature.
6. It provides confidentiality through the use of symmetric block encryption.
7. It provides compression by using the ZIP algorithm, and EMAIL compatibility using the
radix-64 encoding scheme.

Following are the steps taken by PGP to create secure e-mail at the sender site:

1. The e-mail message is hashed by using a hashing function to create a digest.

2. The digest is then encrypted to form a signed digest by using the sender's private key, and
then signed digest is added to the original email message.
3. The original message and signed digest are encrypted by using a one-time secret key
created by the sender.
4. The secret key is encrypted by using a receiver's public key.
5. Both the encrypted secret key and the encrypted combination of message and digest are
sent together.
PGP at the Sender site (A)

Following are the steps taken to show how PGP uses hashing and a combination of three keys to
generate the original message:

1. The receiver receives the combination of encrypted secret key and message digest is
received.
2. The encrypted secret key is decrypted by using the receiver's private key to get the one-
time secret key.
3. The secret key is then used to decrypt the combination of message and digest.
4. The digest is decrypted by using the sender's public key, and the original message is
hashed by using a hash function to create a digest.
5. Both the digests are compared if both of them are equal means that all the aspects of
security are preserved.

PGP at the Receiver site (B)

Disadvantages of PGP Encryption

1. The Administration is difficult: The different versions of PGP complicate the

administration.
2. Compatibility issues: Both the sender and the receiver must have compatible versions of
PGP. For example, if you encrypt an email by using PGP with one of the encryption
technique, the receiver has a different version of PGP which cannot read the data.
3. Complexity: PGP is a complex technique. Other security schemes use symmetric
encryption that uses one key or asymmetric encryption that uses two different keys. PGP
uses a hybrid approach that implements symmetric encryption with two keys. PGP is
more complex, and it is less familiar than the traditional symmetric or asymmetric
methods.
4. No Recovery: Computer administrators face the problems of losing their passwords. In
such situations, an administrator should use a special program to retrieve passwords. For
example, a technician has physical access to a PC which can be used to retrieve a
password. However, PGP does not offer such a special program for recovery; encryption
methods are very strong so, it does not retrieve the forgotten passwords results in lost
messages or lost files
5. .
6. The following are the services offered by PGP:

7. 1. Authentication
8. 2. Confidentiality
9. 3. Compression
10. 4. Email Compatibility
11. 5. Segmentation
PGP includes the following services which are as follows −
Authentication − The hash function used is SHA-1 which makes a 160 bit message digest. EP
(DP) defines public encryption (decryption) and the algorithm used can be RSA or DSS.
The set of SHA-1 and RSA supports an effective digital signature scheme. Because of the
strength of RSA the recipient is guaranteed that only the possessor of the connecting private key
can make the signature. Because of the strength of SHA-1 the recipient is guaranteed that no one
else can create a new message that connects the hash code and therefore the signature of the
original message.
Confidentiality − It is a service supported by PGP is confidentiality which is provided by
encrypting messages to be transmitted or to be saved locally as files. In some cases, the user has
a best of CAST-128, IDEA or 3DES in 64 bit cipher feedback (CFB) mode. The symmetric key
is used only once and is generated as a random number with the required number of bits. It is
acquired along with the message and is encrypted using the recipient’s public key.
1. The sender creates a message and a random number to be used as a session key for this
message only.
2. The message is encrypted utilizing CAST-128, IDEA or 3DES with the session key.
3. The session key is encrypted with RSA utilizing the recipient’s public key and is
prepended to the message.
4. The receiver uses RSA with its private key to decrypt and restore the session key.
5. The session key can be used to decrypt the message.
Confidentiality and Authentication − The both services can be used for the same message.
First, a signature is produced for the plaintext message and prepended to the message. Therefore
the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES), and the
session key is encrypted using RSA.
This sequence is desirable to the opposite encrypting the message and thus producing a
signature of the encrypted message. It is usually more convenient to save a signature with a
plaintext version of a message. Moreover, for the goals of third party verification, if the
signature is implemented first, a third party need not be concerned with the symmetric key when
testing the signature.
Compression − As a default, PGP restrict the message after using the signature but before
encryption. This has the advantage of storing space both for e-mail transmission and for file
storage.
E-mail compatibility − Some electronic mail systems only allows the use of blocks including
ASCII text. When PGP is used, minimum part of the block to be transmitted is encrypted.
6. Segmentation − E-mail facilities are restricted to a maximum message length. For
instance, some facilities accessible throughout the internet set a maximum length of
50,000 octets. Some message higher than that should be broken up into smaller segments,
each of which is mailed independently

S/MIME IP security

The S/MIME certificate's nitty-gritty will assist you in strengthening your critical security
concerns in the mail while also advancing your commercial goals. Continue reading to learn
more.
Over the last two decades, business and official interactions have shifted from phone
conversations to emails. Because email is the most used mode of communication, according to
Statista, 4.03 billion people will use email in 2021, and that number is expected to climb to 4.48
billion by 2024.
Every day, emails are sent and received across devices, necessitating the need to secure these
interactions. Because of the amount and type of sensitive data in a commercial firm, this
criticality is increased. Assume you work in a field where sensitive data is handled.
1. Intellectual property is something that belongs to you.
2. Personal information about employees
3. Customer information and contact information
4. Card information (credit and debit)
If this is the case, consider safeguarding your emails and safeguarding sensitive information.
Apart from preventing anyone from reading your emails, you must also protect your data from
fraudsters. These individuals are well-known for utilizing your email and concocting phishing
schemes to dupe people into handing over personal information.

What Exactly is S/MIME?

Secure/Multipurpose Internet Mail Extension (S/MIME) is an industry-standard for email

encryption and signature that is commonly used by businesses to improve email security.
S/MIME is supported by the majority of corporate email clients.
S/MIME encrypts and digitally signs emails to verify that they are verified and that their
contents have not been tampered with.

How Does S/MIME Address Email Security Problems?

An S/MIME certificate is an end-to-end encryption solution for MIME data, a.k.a. email
communications, as shown in the preceding sections. The use of asymmetric cryptography by
S/MIME certificates prevents the message's integrity from being compromised by a third party.
In basic English, a digital signature is used to hash the message. The mail is then encrypted to
protect the message's secrecy.
S/MIME employs public encryption to protect communications that can only be decoded with
the corresponding private key obtained by the authorized mail receiver, according to
GlobalSign, a company that provides specialized Public Key Infrastructure (PKI) solutions to
businesses.
Stepping back in time allows us to visualize the situation. Wax seals on letters served as a
unique identifying proof of the sender while also assisting the recipient in determining whether
the letters had been tampered with. S/MIME certificates work on a similar principle.
The sender can use a private key to digitally sign the letter he is sending. The email is then
accompanied by a public key while in transit. The recipient will use it to verify the sender's
digital signature and decode the message using his own private key. Using 'asymmetric
cryptography,' this system uses two separate but mathematically comparable cryptographic keys
to provide end-to-end encryption. The completely encrypted contents of the email will be nearly
hard to crack without both keys.

S/MIME Certificate Characteristics

You receive a slew of cryptographic security features when you use an S/MIME certificate for
email apps.
1. Authentication − It refers to the verification of a computer user's or a website's identity.
2. Message consistency − This is a guarantee that the message's contents and data have not
been tampered with. The message's secrecy is crucial. The decryption procedure entails
checking the message's original contents and guaranteeing that they have not been altered.
3. Use of digital signatures that invoke non-repudiation − This is a circumstance in
which the original sender's identity and digital signatures are validated so that there is no
doubt about it.
4. Protection of personal information − A data breach cannot be caused by an
unintentional third party.
5. Encryption is used to protect data − It relates to the procedures described above, in
which data security is ensured by a mix of public and private keys representing
asymmetric cryptography.
The MIME type is designated by a S/MIME certificate. The enclosed data is referred to by the
MIME type. The MIME entity is completely prepared, encrypted, and packaged inside a digital
envelope.

Support for S/MIME

Some of the most popular email programs that support S/MIME are listed below.
1. iPhone iOS Mail
2. Apple Mail
3. Gmail IBM Notes
4. Mozilla Thunderbird MailMate Microsoft Outlook or Outlook on the Web
5. CipherMail
Although an S/MIME certificate has been around for a long time and is supported by most email
clients, the disadvantages of using it include complicated implementation owing to the public
and private keys of the sender and receiver. As a result, it was restricted to highly classified
government communications and those started by techies.
The adoption trend has improved, thanks to the advent of automated solutions for deploying and
managing S/MIME certificates. The benefits of using S/MIME certificates to safeguard data in
transit and, at rest, have surpassed the disadvantages.

What is the Best Way to Send Encrypted Emails?

Secure email service providers are used by certain companies and individuals to send secure
emails. These services, such as ProtonMail, may allow you to send and receive private messages
for free, but the disadvantage is that both the sender and the recipient must have the same
account. This is a common disadvantage of endto-end encryption services.
Aside from this issue, there is a far more serious one that limits the usability of email services
for businesses. These ostensibly safe email service companies are nonetheless vulnerable to
cyber-attacks. VFEMail is a classic example of a secure email service provider that, after 20
years of operation, fell to a cyber-attack.
A method is to use a S/MIME certificate to digitally sign and send encrypted emails. This
technology is classified as secure public-key encryption by the Internet Engineering Task Force
 (IETF), and it is also suggested by the National Institute of Standards and Technology (NIST) as
a "protocol for email end-to-end authentication and secrecy".

Difference between PGP and S/MIME :

S.NO PGP S/MIME

1. It is designed for processing the plain texts While it is designed to process email as well as many multimedia files.

2. PGP is less costly as compared to S/MIME. While S/MIME is comparatively expensive.

3. PGP is good for personal as well as office use. While it is good for industrial use.

4. PGP is less efficient than S/MIME. While it is more efficient than PGP.

5. It depends on user key exchange. Whereas it relies on a hierarchically valid certificate for key exchange.

6. PGP is comparatively less convenient. While it is more convenient than PGP due to the secure transformation of all the applic

7. PGP contains 4096 public keys. While it contains only 1024 public keys.

8. PGP is the standard for strong encryption. While it is also the standard for strong encryption but has some drawbacks.

9. PGP is also be used in VPNs. While it is not used in VPNs, it is only used in email services.

10. PGP uses Diffie hellman digital signature. While it uses Elgamal digital signature.

IPSecurity Architecture

IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow.
These protocols are ESP (Encapsulation Security Payload) and AH (Authentication
Header). IPSec Architecture includes protocols, algorithms, DOI, and Key Management.
All these components are very important in order to provide the three main services:
1. Confidentiality
2. Authentication
3. Integrity
IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general concepts,

definitions, protocols, algorithms, and security requirements of IP Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service. Encapsulation Security Payload is implemented in either two ways:
1. ESP with optional Authentication.
2. ESP with Authentication.
 Packet Format:

1. Security Parameter Index(SPI): This parameter is used by Security Association. It is

used to give a unique number to the connection built between the Client and Server.
2. Sequence Number: Unique Sequence numbers are allotted to every packet so that on
the receiver side packets can be arranged properly.
3. Payload Data: Payload data means the actual data or the actual message. The Payload
data is in an encrypted format to achieve confidentiality.
4. Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
5. Next Header: Next header means the next payload or next actual data.
6. Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: The encryption algorithm is the document that describes
various encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and
Integrity service. Authentication Header is implemented in one way only: Authentication
along with Integrity.
 Authentication Header covers the packet format and general issues related to the use of
AH for packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and
ESP protocols. It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how the
keys are exchanged between sender and receiver.

IP security (IPSec) overview

The IP security (IPSec) is an Internet Engineering Task Force (IETF)
standard suite of protocols between 2 communication points across the
IP network that provide data authentication, integrity, and
confidentiality. It also defines the encrypted, decrypted and
authenticated packets. The protocols needed for secure key exchange
and key management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
1. To encrypt application layer data.
2. To provide security for routers sending routing data across the
public internet.
3. To provide authentication without encryption, like to authenticate
that the data originates from a known sender.
4. To protect network data by setting up circuits using IPsec tunneling
in which all data is being sent between the two endpoints is
encrypted, as with a Virtual Private Network(VPN) connection.
Components of IP Security –
It has the following components:
1. Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication and anti replay.
It also provides authentication for payload.
2. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it
does not provide encryption. The anti replay protection, protects
against unauthorized transmission of packets. It does not protect
data’s confidentiality.

3. Internet Key Exchange (IKE) –

It is a network security protocol designed to dynamically exchange
encryption keys and find a way over Security Association (SA)
between 2 devices. The Security Association (SA) establishes shared
security attributes between 2 network entities to support secure
communication. The Key Management Protocol (ISAKMP) and
Internet Security Association which provides a framework for
authentication and key exchange. ISAKMP tells how the set up of the
Security Associations (SAs) and how direct connections between two
hosts that are using IPsec.
Internet Key Exchange (IKE) provides message content protection
and also an open frame for implementing standard algorithms such
as SHA and MD5. The algorithm’s IP sec users produces a unique
identifier for each packet. This identifier then allows a device to
determine whether a packet has been correct or not. Packets which
are not authorized are discarded and not given to receiver.
Working of IP Security –

Authentication Header

Authentication Header (AH) is used to provide integrity and authentication to IP datagrams.

Replay protection is also possible. The services are connectionless, that means they work on a
per-packet basis.
AH is used in two modes as follows −

1. Transport mode
2. Tunnel mode
AH authenticates are the same as IP datagram. In transport mode, some fields in the IP header
change en-route and their value cannot be predicted by the receiver. These fields are called
mutable and they are not protected by AH.

Mutable IPv4 fields

The mutable IPv4 fields are as follows −

1. Type of service (TOS)

2. Flags
3. Fragment offset
4. Time to live (TTL)
5. Header checksum
To protect these fields, tunnelling must be used. The payload of the IP packet is considered
immutable and is always protected by AH.
1. AH processing is applied only to non-fragmented IP packets. Whereas an IP packet with
AH applied can be fragmented by intermediate routers.
2. In this case, the destination first reassembles the packet and then applies AH processing to
it.
3. If an IP packet that appears to be a fragment is input to AH processing, and it is discarded.
4. This prevents the overlapping fragment attack, which misuses the fragment reassembly
algorithm to create forged packets and force them through a firewall.
5. Packets that fail authentication are discarded and never delivered to upper layers.
6. This mode of operation greatly reduces the chances of successful denial-of-service
attacks.

Authentication Header format

The AH format is described in RFC 2402. The below shows the position of the Authentication
Header fields in the IP packet.

The fields are as follows −

Next header
It is an 8-bit field which identifies the type of what follows. The value of this field is chosen
from the set of IP header protocol fields, which is set to 51, and the value that would have gone
in the protocol field goes in the AH next header field.

Payload length
It is an 8 bits long field and contains the length of the AH header expressed in 32-bit words,
minus 2. It does not relate to the actual payload length of the IP packet. Suppose if default
options are used, the value is 4 (three 32-bit fixed words plus three 32-bit words of
authentication data minus two).

Reserved
It is reserved for future use. Its length is 16 bits and it is set to zero.

Security parameter index (SPI)

It is 32 bits in length.

Sequence number
This 32-bit field is a monotonically increasing counter, which is used for replay protection. It is
an optional field. The sender always includes this field, and it is at the discretion of the receiver
to process it or not. Starting the sequence number is initialized to zero. The first packet
transmitted using the SA has a sequence number of 1. Sequence numbers are not allowed to
repeat.

Authentication data
This is a variable-length field containing the Integrity Check Value (ICV), and is padded to 32
bits for IPv4 or 64 bits for IPv6.

Encapsulating Security Payload

Encapsulating Security Payload (ESP) provides all encryption services in IPSec based on
integrity for the payload and not for the IP header, confidentiality and authentication that using
encryption, without authentication is strongly discouraged because it is insecure.
Any translations in readable message format into an unreadable format are encrypted and used
to hide the message content against data tampering.
IPSec provides an open framework, such as SHA and MD5 for implementing industry standard
algorithms.
Encryption/decryption allows only the sender and the authorised receiver to make the data to be
received in readable form and only after the integrity verification process is complete, the data
payload in the packet is decrypted.
IPSec uses a unique identifier for each packet, which is a data equivalent of a fingerprint and
checks for packets that are authorised or not. It doesn't sign the entire packet unless it is being
tunnelled—ordinarily, for this IP data payload is protected, not the IP header. In Tunnel Mode,
where the entire original IP packet is encapsulated with a new packet header added.
ESP in transport mode does not provide integrity and authentication for the entire IP packet.
ESP Format
The ESP format is diagrammatically represented as follows −

Explanation
Security Parameters Index (32 bits) − Identifies a security association. This field is
mandatory. The value of zero is reserved for local, implementation- specific use and MUST
NOT be sent on the wire.
Sequence Number (32 bits) − A monotonically increasing counter value; this provides an anti-
replay function, as discussed for AH. The first packet sent using a given SA will have a
Sequence number of 1.
Payload Data (variable) − This is a transport-level segment (transport mode) or IP packet
(tunnel mode) that is protected by encryption. The type of content that was protected is indicated
by the Next Header field.
Padding (0-255 bytes) − Padding for encryption, to extend the payload data to a size that fits
the encryption's cipher block size, and to align the next field.
Pad Length (8 bits) − Indicates the number of pad bytes immediately preceding this field.
Next Header (8 bits) − Identifies the type of data contained in the payload data field by
identifying the first header in that payload.
Authentication Data (variable) − A variable-length field (must be an integral number of 32-bit
words) that contains the Integrity. Check Value computed over the ESP packet minus the
Authentication Data field. This field is optional and is included only if the authentication service
has been selected for the SA in question.

Internet Key Exchange

Internet Key Exchange (also known as IKE, IKEv1 or IKEv2) is a protocol that is used to

generate a security association within the Internet Protocol Security protocol suite. In this

article, we will discuss Internet Key Exchange in detail and explain why it is important

for network security.

If your job title requires a certain degree of knowledge regarding cyber security and/or internet

security, you must have at least heard of the Internet Key Exchange. Abbreviated as IKE,

Internet Key Exchange is a specific protocol that aims to offer an additional layer of security to

the virtual private networks (also known as VPNs). In this article we will explain how Internet

Key Exchange works and how it can be beneficial for the cyber security posture of your

organization.

What is the Internet Key Exchange?

Simply put, the Internet Key Exchange is a hybrid protocol that is often used for key

management purposes in IPSec networks. It is often used as a method of

exchanging encryption keys and/or authentication keys through an unsecured medium like the

Internet. In other words, the Internet Key Exchange aims to provide safe and secure encryption

for unsecure or vulnerable environments.

The Internet Key Exchange dates back to the late 90s. It was defined by the Internet

Engineering Task Force (also known as the IETF) in November 1998. In IETF’s publications

titled Request for Comments, the purpose and scope of the Internet Key Exchange was

thoroughly explained (see RFC 2407, RFC 2408 and RFC 2409 for details). Later in December

2005, October 2006 and October 2014, these descriptions for the Internet Key Exchange were

updated and edited in accordance with the needs posed by new technologies.
 The Internet Key Exchange protocol has its roots in the Oakley

Protocol, SKEME and ISAKMP, as a result it is often referred to as a hybrid protocol. The

Oakley Protocol strictly defines the mechanism for key exchange over a session of Internet Key

Exchange Protocol and sets the default key exchange algorithm as Diffie Hellman algorithm.

Internet Key Exchange offers numerous additional features and a certain degree of flexibility.

That is why it is often opted for enhancing the IPsec.

What are the benefits of the Internet Key Exchange?

The Internet Key Exchange offers numerous additional benefits including flexibility. Below you

can find some of these benefits:

1. Internet Key Exchange offers the change to change encryption during IPsec sessions.

2. Through the use of Internet Key Exchange, the need for manual specification of all the IPSec

security parameters is eliminated.

3. Internet Key Exchange allows certification authority, as a result it offers an additional layer of

security.
4. A specific lifetime can be set for IPsec security association when the Internet Key Exchange is

used.
5. Internet Key Exchange permits the dynamic authentication of peers.

What are the different methods for peer authentication in IKE?

Internet Key Exchange employs three different methods to ensure the peer authentication:
1. Authentication using RSA signatures

2. Authentication using a specific, pre-shared secret

3. Authentication using encrypted RSA nonces
 If you are interested in upgrading the network security or the security posture of your

organization, take a closer look at our SIEM and SOAR solutions.

What are the advantages of using IKE?

IKE includes the following benefits:

1. automatic negotiation and authentication;

2. anti-replay services;

3. ability to change encryption keys during an IPsec session;

4. calculating shared keys;

5. fast connection speeds using NAT and NAT traversal;

6. attempts to restore a connection whenever the connection drops;

7. supports a variety of devices, including desktops and smartphones; and

8. prevents DoS and replay attacks.

9. COMBINING SECURITY ASSOCIATIONS
10. An individual SA can implement either the AH or ESP protocol but
not both. Sometimes a particular traffic flow will call for the services provided by both
AH and ESP. Further, a particular traffic flow may require IPsec services between hosts
and, for that same flow, separate services between security gateways, such as fire-
walls. In all of these cases, multiple SAs must be employed for the same traffic flow
to achieve the desired IPsec services. The term security association bundle refers to a
sequence of SAs through which traffic must be processed to provide a desired set of
IPsec services. The SAs in a bundle may terminate at different endpoints or at the
same endpoints.
11. Security associations may be combined into bundles in two ways:
12. • Transport adjacency: Refers to applying more than one security proto
col to the same IP packet without invoking tunneling. This approach to combining AH
and ESP allows for only one level of combination; further nesting yields no added benefit
since the processing is performed at one IPsec instance: the (ultimate) destination.
13. • Iterated tunneling: Refers to the application of multiple layers of
security protocols effected through IP tunneling. This approach allows for multiple levels
 of nesting, since each tunnel can originate or terminate at a different IPsec site along
the path.
14.

15.
16. The two approaches can be combined, for example, by having a transport SA betwee
n hosts travel part of the way through a tunnel SA between security gateways. One
interesting issue that arises when considering SA bundles is
the order in which authentication and encryption may be applied between a given pair of e
ndpoints and the ways of doing so. We examine that issue next. Then we look at combinati
ons of SAs that involve at least one tunnel.
17. Authentication Plus Confidentiality
18. Encryption and authentication can be combined in order to transmit an IP packet that has
both confidentiality and authentication between hosts. We look at several approaches.
19. ESP WITH AUTHENTICATION OPTION This approach is illustrated in Figure 19.8.
In this approach, the user first applies ESP to the data to be protected and then appends
the authentication data field. There are actually two subcases:
20. • Transport mode ESP: Authentication and encryption apply to the IP p
ayload delivered to the host, but the IP header is not protected.
21. • Tunnel mode ESP: Authentication applies to the entire IP packet
delivered to the outer IP destination address (e.g.,
a firewall), and authentication is performed at that destination. The entire inner IP packet
is protected by the privacy mechanism for delivery to the inner IP destination.
22. For both cases, authentication applies to the ciphertext rather than the plaintext.
23. TRANSPORT ADJACENCY Another way to apply authentication after encryption is to
use two bundled transport SAs, with the inner being an ESP SA and the outer being
an AH SA. In this case, ESP is used without its authentication option. Because the inner
SA is a transport SA, encryption is applied to the IP payload. The resulting
packet consists of an IP header (and possibly IPv6 header extensions) followed by an ESP
. AH is then applied in transport mode, so that authentication covers the ESP plus
the original IP header (and extensions) except for mutable fields. The advantage of
this approach over simply using a single ESP SA with the ESP authentication option is th
at the authentication covers more fields, including the source and destination IP addresses.
The disadvantage is the overhead of two SAs versus one SA.
24. TRANSPORT-TUNNEL BUNDLE The use of authentication prior to encryption might
be preferable for several reasons. First, because the authentication data are protected by
encryption, it is impossible for anyone to intercept the message and
alter the authentication data without detection. Second, it may be desirable to store the au
thentication information
with the message at the destination for later reference. It is more convenient to do this if
the authentication information applies to the unencrypted message; otherwise the
message would have to be reencrypted to verify the authentication information.
25. One approach to applying authentication before encryption between two hosts is to use a
bundle consisting of an inner AH transport SA and an outer ESP tunnel SA. In this case,
 authentication is applied to the IP payload plus the IP header (and extensions) except for
mutable fields. The resulting IP packet is then processed in tunnel mode by ESP; the
result is that the entire, authenticated inner packet is encrypted and a new outer IP header
(and extensions) is added.
26.
27. Basic Combinations of Security Associations
28. The IPsec Architecture document lists four examples of combinations of SAs that must
be supported by compliant IPsec hosts (e.g., workstation, server) or security
gateways (e.g. firewall, router). These are illustrated in Figure 19.10. The lower part
29.

30. of each case in the figure represents the physical connectivity of the elements; the
upper part represents logical connectivity via one or more nested SAs. Each SA can be
either AH or ESP. For host-to-host SAs, the mode may be either transport or
tunnel; otherwise it must be tunnel mode.
31. Case 1. All security is provided between end systems that implement
IPsec. For any two end systems to communicate via an SA, they must share the appropri-
ate secret keys. Among the possible combinations are
32. a. AH in transport mode
33. b. ESP in transport mode
34. c. ESP followed by AH in transport mode (an ESP SA inside an
AH SA)
35. d. Any one of a, b, or c inside an AH or ESP in tunnel mode
36. We have already discussed how these various combinations can be used to
support authentication, encryption, authentication before encryption, and authenti- cation
after encryption.
37. Case 2. Security is provided only between gateways (routers, firewalls, etc.) and no hosts
implement IPsec. This case illustrates simple virtual private network
support. The security architecture document specifies that only a single tunnel SA is
needed for this case. The tunnel could support AH, ESP, or ESP with the authenti- cation
option. Nested tunnels are not required, because the IPsec services apply to the entire
inner packet.
38. Case 3. This builds on case 2 by adding end-to-end security. The same combi- nations
discussed for cases 1 and 2 are allowed here. The gateway-to-gateway tunnel provides
either authentication, confidentiality, or both for all traffic between end systems. When
the gateway-to-gateway tunnel is ESP, it also provides a limited form of traffic
confidentiality. Individual hosts can implement any additional IPsec ser- vices required
for given applications or given users by means of end-to-end SAs.
39. Case 4. This provides support for a remote host that uses the Internet to reach an organizati
on’s firewall and then to gain access to some server or workstation
behind the firewall. Only tunnel mode is required between the remote host and the firewall.
As in case 1, one or two SAs may be used between the remote host and the local host.
40.

CASE STUDIES

Secure Multiparty Computation

n the last few decades, data privacy and security has become the primary concern to everyone.
Due to the rise in technological advancements and the internet, it has been a challenging task to
provide data security and data privacy of the data, when data is distributed over large
 distributed networks. As everyone is now concerned with their data, a lot of research is going
on how to provide data security and privacy to the participants in the network. One of the
techniques which provide the solution to the problems of data security and data privacy
is Secure Multiparty Computation.
The secure multiparty computation may be defined as the problem of ‘n’ players to compute
jointly on an agreed function securely on the inputs without revealing them.

History

Secure multiparty computation started early in the 1970s. It was known as multiparty
computation at that time. It does not gain popularity at that time as it was not implemented
practically. In the 1982’s it was introduced as secure two-party multiparty computation. It is
used to solve a lot of problems of computation without revealing the inputs to other parties.
Finally, it came with a name as secure multiparty computation in which the functions of
different types are computed, that is the reason it is sometimes called SFE- Secure Function
Evaluation.
1. The secure multiparty computation is used for the utilization of data without compromising
privacy.
2. It is the cryptographic subfield that helps in preserving the privacy of the data.
3. Emerging technologies like blockchain, mobile computing, IoT, cloud computing has
resulted in the rebirth of secure multiparty computation.
4. Secure multiparty computation has become the hot area of research in the last decade due
to the rise of blockchain technology.
5. The researchers are now more interested to implement secure multiparty computation in
distributed systems.
6. Unlike in centralized systems, secure multiparty computation may have better performance
in distributed systems.

Architecture

The secure multiparty computation provides a protocol where no individual can see the other
parties data while distributing the data across multi parties. It enables the data scientists and
analysts to compute privately on the distributed data without exposing it.

Multiparty sharing data among each other with any third party using a specified protocol.
 The co-workers want to compute the maximum salary without revealing their individual salary
to others. To perform such a computation, secure multiparty computation is implemented to
calculate the maximum salary. The parties in a distributed manner jointly perform a function to
calculate it without revealing the salary. Data in use is kept in encrypted form, broken up, and
distributed across parties, there are no chances of quantum attacks. It is impossible to have a
trusted party in the real world, as all parties communicate with each other in one or the other
way In such a scenario, the parties may get corrupted. The corrupted parties have behavior like
semi-honest and malicious.

1. A semi-honest opponent is one who follows the specified protocol but makes the parties
corrupted. The protocol is run honestly, but they try to extract information from the
messages exchanged between parties.
2. A malicious adversary makes an attempt to breach security and does not follow the
specified protocol. The adversary can make the changes during the execution process of the
protocol. While using multiparty computation, we assume the party is honest which
follows all the protocols.

Techniques

There are a number of techniques developed for secure multiparty computation protocol
construction having different features. Some techniques used in secure Multiparty computation
are listed below:
1. Shamir Secret Sharing: Secret sharing is utilized as the basic tool when there is an honest
majority in secure multiparty computation. A secret sharing scheme is that a secret s is
shared among n parties, such that t+1 or more parties come together to reconstruct the
secret. The parties lesser than t cannot get any information or reconstruct the secret. The
scheme which fulfills the requirements of t+1 out of n is called the threshold secret sharing
scheme.
2. Honest Majority MPC: The function can either be represented by Boolean or arithmetic
circuit in an honest majority. For MPC-based secret sharing having the honest majority,
there is finite field Zp with p>n for arithmetic circuit and the circuit is Turing complete.
3. Input sharing: Every party shares the input using the Shamir secret sharing. The circuit is
being provided the input for computation. Every party keeps his input private by adding
some random number to the input and finally, after getting the output the random number is
known to the party is removed, and we get the output.
4. Circuit evaluation: The circuit is evaluated by parties one gate at a time. The gates are
evaluated serially from input to output. The evaluation consists of the computation of
addition and multiplication gates. For inputs a(x) and b(x), the output of addition for the ith
party is calculated as c(i) = a(i) + b(i). Similarly, the output of multiplication for the ith
party is calculated as c(i) = a(i) . b(i).
5. Private set intersection: The private set intersection protocol is very efficient for the two
parties’ problems. Two parties who wish to find the elements of intersection with private
set of inputs without revealing the input, the private set intersection is better approach for
both honest and dishonest adversaries.
6. Threshold cryptography: Threshold cryptography aims to carry out the cryptographic
operations for a set of parties without holding the secret by any of the single party. RSA
algorithm is used for the scheme where the basic function is y=xe mod n. RSA is used for
encrypting secrets or messages.
7. Dishonest majority MPC: In the secure multiparty computation, there can be both honest
and dishonest parties. The secure Multiparty computation is secure as long as there is an
honest majority. If the adversaries are corrupt more than the majority, new approaches are
required for security. For the dishonest majority, there are protocols like GMW oblivious
transfer, garbled circuit, Tiny oz and many more protocols.

Benefits Of Secure Multiparty Computation

Let’s discuss some benefits of secure multiparty computation:

1. Trusted third party: In Secure Multiparty Computation, we can share data in a distributed
manner with different organizations without any third party and even the privacy of data
will be preserved while sharing data.
2. Data Privacy: The private data of organizations can be shared for computation purposes.
The concern of data privacy is provided by using secure multiparty computation, which
keeps the data in use in encrypted form. Thus, the data is not revealed or compromised.
3. High accuracy: Secure Multiparty Computation provides highly accurate results for
different computations using cryptography.
4. Quantum safe: The data shared between parties is safe against quantum attacks, as the
data is broken up and encrypted when distributed among parties for computation.

Limitations Of Secure Multiparty Computation

Secure multiparty computation being used for solving different problems, but there are few
limitations. The main limitations are the computational overhead and high communication
costs.
1. Computational overhead: To provide the security we need to generate the random
numbers, the random number generation requires more computation overhead which slows
down runtime.
2. High communication costs: Distributing the data to multiple parties for computation over
the networks leads to higher costs of communication.
 VIRTUAL ELECTIONS

Can cryptography be used to secure

electronic voting systems?
Electronic and internet voting can help improve our election
systems in several different ways. Each of these concepts
rely on cryptography for security - but is cryptography
enough?
We hear a lot of talk about electronic and internet voting as ways to
improve our election processes, but few people understand the
underlying techniques that keep these systems safe.

Cryptography is one of the fundamental fields involved in securing both

electronic and internet voting. Despite its usefulness, the technical
aspects and mathematics of cryptography can’t keep voting systems
secure by themselves. Security also requires the right organization,
processes, and implementations.

To answer our question of whether or not cryptography can be used to

secure electronic and internet voting systems, we first need an
understanding of what aspects make up an effective voting system:

1. Security – Voting systems need to be secure to prevent attacks

and tampering from adversaries, whether they be foreign nations,
our own political parties, or other interest groups.
2. Accuracy – We need systems to return a result that accurately
reflects the way people voted. An impenetrable voting system
would be useless if it just guessed the outcome.
3. Verifiability – It’s also important to be able to verify that the vote is
accurate. Otherwise, the electorate may not trust the result, which
could undermine the validity of an election.
4. Anonymity – Keeping votes a secret is crucial, because it allows
people to vote for who they truly want to. If a person’s vote can be
discovered by others, they may be coerced or pressured into
voting for a different candidate. People may be paid to vote a
certain way, physically threatened, pressured by their peers, or feel
that they have to vote a certain way to advance their career.
5. Usability – A voting system needs to be easy to use. If it’s too
complex, people may refuse to vote, or not be able to cast their
vote correctly.
6. Speed – The election result needs to be determined within a
reasonable timeframe.

It can be difficult to design effective voting systems comes because

these aspects are often in conflict with each other. One of the biggest
complications involves trying to keep votes anonymous while still being
able to verify them.
The easiest way to verify votes would be to keep a public list of how
people voted, but this would obviously violate the anonymity of the vote.
These trade-offs are what makes it far more complex to secure
electronic and internet voting in comparison to systems such as online
banking.

Electronic & internet voting: The underlying cryptography

Before we get into the intricacies of voting and how it can use
cryptography, let’s go through some of the fundamental cryptographic
concepts involved.

Cryptography is especially useful when it comes to finding solutions for

security, accuracy, verifiability and anonymity. Various cryptographic
techniques can be used to produce three major properties that are
particularly useful in voting systems:

1. Confidentiality – This involves keeping information a secret from

unauthorized parties. It is generally achieved through encryption.
2. Authentication – Authentication is the process of validating that
an individual is who they say they are, and that any data transfer is
truly coming from them. It is often done with digital signatures.
3. Integrity – Data’s integrity refers to whether it retains its initial form
and hasn’t been tampered with. Data integrity is often also proven
with digital signatures.

Single Sign On (SSO)

Single Sign On (SSO) is an authentication scheme where users can
securely authenticate and gain access to multiple applications and
websites by only logging in with a single username and password.
For example, logging in to your Google account once will allow you to
access Google applications such as Google Docs, Gmail, and Google
Drive.
 Without SSO solution, the website maintains a database of login
credentials – username and passwords. Each time the user login to the
website, it checks the user’s credentials against its database and
authenticates the user.
With the SSO solution, the website does not store login credentials in
its database. Instead, SSO makes use of a shared cluster of
authentication servers where users are only required to enter their
login credentials once for authentication. With this feature of one login
and multiple access, it is crucial to protect login credentials in SSO
systems.
Hence it is highly recommended to integrate SSO with other strong
authentication means such as smart tokens or one-time passwords to
achieve multi-factor authentication.
How does SSO work ?
1. User enters login credentials on the website and the website checks
to see if the user has already been authenticated by SSO solution. If
so, the SSO solution would give the user access to the website.
Otherwise, it presents the user with the SSO solution for login.
2. The user enters username and password on the SSO solution.
3. The user’s login credentials are sent to SSO solution.
4. The SSO solution seeks authentication from the identity provider,
such as an Active Directory, to verify the user’s identity. Once the
user’s identity is verified, the identity provider sends a verification
to the SSO solution.
5. The authentication information is passed from the SSO solution to
the website where the user will be granted access to the website.
6. Upon successful login with SSO, the website passes authentication
data in the form of tokens as a form of verification that the user is
authenticated as the user navigates to a different application or web
page.
 Advantages of SSO :
These are advantages for users, for businesses.
For Users –
1. Risk of access to 3rd party sites are mitigated as the website
database do not store the user’s login credentials.
2. Increased convenience for users as they only need to remember and
key in login information once.
3. Increased security assurance for users as website owners do not
store login credentials.
For Businesses –
1. Increase customer base and satisfaction as SSO provides lower
barrier to entry and seamless user experience.
2. Reduce IT costs for managing customer’s username and passwords.

Disadvantages of SSO :
1. Increased security risk if login credentials are not securely protected
and are exposed or stolen as adversaries can now access many
websites and applications with a single credential.
2. Authentication systems must have high availability as loss of
availability can lead to denial of service for applications using a
shared cluster of authentication systems.

Single sign-on (SSO) is a meeting and client validation administration (service) that
allows a client to utilize one lot of login certifications - for instance, a name and secret
key - to get to numerous applications.
SSO can be utilized by endeavours, littler associations, and people to facilitate the
administration of different usernames and passwords.
In an essential web SSO administration, an operator module on the application server
recovers the particular validation qualifications for an individual client from a committed
SSO arrangement server, while confirming the client against a client storehouse,
An example of SSO is a Lightweight Directory Access Protocol (LDAP) registry. The
administration confirms the end-client for all the applications the client has been offered
rights to and wipes out future secret phrase prompts for singular applications during a
similar meeting.

SSO Architecture
The architecture of SSO is explained below −
1. Single sign on architecture is an authentication mechanism which means using
the same set of credentials for multiple applications.
2. Users must be logged in the identity provider's application to use the single sign
on feature. Then the user can use it to sign in various applications that enable
this architecture.
3. When a user tries to access an application using SSO, the identity provider sends
a certificate to the application. This certificate ensures that the user is valid and
authenticated.
The SSO architecture is shown in the diagram below −

Advantages
The advantages of SSO are as follows −
1. No need for creating accounts for each and every application.
2. No need for creating password credentials for each and every application.
3. Users do not need to remember the user id and passwords of each and every
application.
4. It prevents keylogging attacks as the user does not need to enter a password.
Nowadays the security of the transactions are very important because these days most
of the things are happening online.
The transactions happen in the following forms −

1. When you go in a market and you use a POS for payment, then a transaction occurs.
2. In your mobile phone when you download an android app to order something like the
eBay app.
3. When you pay something through an online payment service like paypal.com.

Secure Transaction?
Generally a secure transaction happens in an encrypted form which happens between the site that
we are connected to and the browser that we are using. It happens through a file in which the
website provides its details, which we will deal further in the following sections. A simpler
indication is recognizing the difference between a secure and insecure connection of
which Https:// is a secured site, while Http:// is not secured.

If you or your users are using Google Chrome, you can push them to always connect securely, if
the webpage supports it. Always prefer the HTTPS extension, if you are using a Mozilla Firefox
there is an add-on called HTTPS Everywhere.
We should do a transaction only through webpages that we know or when they have a good
reputation. So, in simple words you should visit those webpages that you trust and even though
you trust, it is recommended to do the transactions through payment gateways like PayPal, so
you don’t transmit bank account details to third parties.
A good resource is www.mywot.com that gives you the rates of the websites and their reputation
based on millions of users, who trust their transaction to these websites.
At the end of the month always make a physical check of your transactions if they are matching
to your expenditure or not. If it is not, then it is recommended to block your payment carts or
accounts immediately.
After finishing the transactions, it is recommended that you always clear history, caches and
cookies. Especially if you are using another computer that is not yours.
What Should You do as a System Administrator?
As a system administrator, you should have in mind some rules that will help our customers to
make a secure transaction.
1. In the first place, you should check if there is any policy compliance for the system that
we are offering, like PCI, or HIPAA. Generally, these policies have security guidelines
too, like hardware or software that provides access controls, integrity controls, auditing
and transmission security.
2. Another thing is that a session should be limited based on time and IP. So when your
user signup form is getting the account open, the system will lock out after sometime and
find out if there is a possibility of any man-in-the-middle attack. The IP restriction should
not allow it.
3. Make a Usage Policy for your system, so the user knows their limit and gains knowledge
regarding the security.
4. Check if your system has the proper configuration for making a financial transaction. The
system should have a 2-factor authentication, where a passcode or a pin number is sent
to your client’s mobile phone every time an online transaction takes place and will only
be approved once you confirm the purchase by entering the code. This ensures that the
client is who he says he is by asking for something he knows, and something he has, like
a phone.

How Secure Electronic Transaction

Works?
Secure Electronic Transaction works as follows:

Step 1: Customer Open an Account

The customer opens a credit card account like a master card or visa with a bank, i.e. issuer that

supports electronic payment transactions and the secure electronic transaction protocol.
Step 2: Customer Receive a Certificate
Once the customer identity is verified (Verification can be done by using a passport, business

documents or other documents), it receives a digital certificate which is issued by CA

(Certificate Authority). This certificate contains customer details like name, public key, expiry

date, certificate number, etc.

Step 3: Merchant Receives a Certificate

The merchant who wants to accept certain credit card brands must process a digital certificate for

trustworthiness.

Step 4: Customer Place an Order

It is a shopping cart process where customers borrow an item from the available list, search for

the specific item according to requirements, and place the order. Once the customer places the

orders, the merchant, in return, sends the details of the order, such as a list of items selected, their

quantity and price, total bill, etc., to maintain a record of the order at the customer site.

Step 5: Merchant is Verified

Merchant also sends a digital certificate to the customer to ensure the customers that they are

dealing with an authorized or valid merchant.

Step 6: The Order and Payment Details Are Sent

Along with the customer’s digital certificate customer also sends an order and payment details to

the merchant. The order part is used to confirm the transaction with the reference of items that

are mentioned in the order form. The payment part contains the credit card( master card or visa)

details. This payment information is in encrypted form; even the merchant cannot read it. The

customer certificate ensures the merchant of a customer’s identity.

Step 7: Merchant Requests Payment Authorization
Once the merchant gets the customer’s payment details, it transfers them to the payment gateway

via the acquirer and requests the payment gateway to authorize the payment details. This process

ensures start the customer credit card is valid, and the credit limit is not breached.

Step 8: Payment Gateway Authorizes the Payment

Using the credit card information received from the merchant, the payment gateway cross verify

the customer’s credit card with the help of the issuer. Based on the verification result, it either

authorizes the payment or rejects the payment.

Step 9: Merchant Confirm the Order

Assuming that the payment gateway authorizes the payment, merchants send confirmation of the

order to the customer.

Step 10: Merchant Provides a Goods and Services

Now the merchant provides goods and services according to the customer’s order.

Step 11: Merchant Request Payment

The merchant sends a request to the payment gateway for making payment. After that, the

payment gateway interacts with various financial organizations such as the issuer, acquirer and

the clearinghouse to effect the payment from the customer’s account to the merchant’s account.
Cross-site Scripting (XSS)

Cross-site Scripting (XSS) happens whenever an application takes untrusted data and
sends it to the client (browser) without validation. This allows attackers to execute
malicious scripts in the victim's browser which can result in user sessions hijack,
defacing web sites or redirect the user to malicious sites.
Let us understand Threat Agents, Attack Vectors, Security Weakness, Technical Impact
and Business Impacts of this flaw with the help of simple diagram.
Types of XSS
1. Stored XSS − Stored XSS also known as persistent XSS occurs when user input
is stored on the target server such as database/message forum/comment field
etc. Then the victim is able to retrieve the stored data from the web application.
2. Reflected XSS − Reflected XSS also known as non-persistent XSS occurs when
user input is immediately returned by a web application in an error
message/search result or the input provided by the user as part of the request
and without permanently storing the user provided data.
3. DOM Based XSS − DOM Based XSS is a form of XSS when the source of the
data is in the DOM, the sink is also in the DOM, and the data flow never leaves
the browser.

Example
The application uses untrusted data in the construction without validation. The special
characters ought to be escaped.
http://www.webpage.org/task/Rule1?query=try
The attacker modifies the query parameter in their browser to −
http://www.webpage.org/task/Rule1?query=<h3>Hello from XSS"</h3>
Hands ON
Step 1 − Login to Webgoat and navigate to cross-site scripting (XSS) Section. Let us
execute a Stored Cross-site Scripting (XSS) attack. Below is the snapshot of the
scenario.

Step 2 − As per the scenario, let us login as Tom with password 'tom' as mentioned in
the scenario itself. Click 'view profile' and get into edit mode. Since tom is the attacker,
let us inject Java script into those edit boxes.
<script>
alert("HACKED")
</script>
Step 3 − As soon as the update is over, tom receives an alert box with the message
"hacked" which means that the app is vulnerable.
Step 4 − Now as per the scenario, we need to login as jerry (HR) and check if jerry is
affected by the injected script.

Step 5 − After logging in as Jerry, select 'Tom' and click 'view profile' as shown below.

While viewing tom's profile from Jerry's account, he is able to get the same message
box.
Step 6 − This message box is just an example, but the actual attacker can perform
much more than just displaying a message box.

Preventive Mechanisms
1. Developers have to ensure that they escape all untrusted data based on the
HTML context such as body, attribute, JavaScript, CSS, or URL that the data is
placed into.
2. For those applications that need special characters as input, there should be
robust validation mechanisms in place before accepting them as valid inputs.