Cryptography
Cryptography
The most commonly used implementations of public key cryptography (also known as public-
key encryption and asymmetric encryption) are based on algorithms presented by Rivest-
Shamir-Adelman (RSA) Data Security.
Public key cryptography involves a pair of keys known as a public key and a private key
(a public key pair), which are associated with an entity that needs to authenticate its
identity electronically or to sign or encrypt data.
Each public key is published and the corresponding private key is kept secret.
Data that is encrypted with the public key can be decrypted only with the corresponding
private key.
Figure 1 shows how you can freely distribute the public key so that only you (the owner of
the private key) can read data that was encrypted with the public key. In general, to send
encrypted data to someone, you must encrypt the data with that person's public key, and
the person receiving the data decrypts it with the corresponding private key.
If you compare symmetric-key encryption with public-key encryption, you will find that
public-key encryption requires more calculations. Therefore, public-key encryption is not
always appropriate for large amounts of data.
IP Security
Uses of IPSec
i. To encrypt application data layer.
ii. Secure routers sending routing data across public internet.
iii. To provide authentication without encryption i.e to authenticate that the
data has originated from a known sender.
iv. To protect data by setting up the IPsec tunneling in which all data is send
between two end points is encrypted.
Replay Protection: ensures that the attacker cannot replay the data after some time.
Components of IP Security –
It has the following components:
Encapsulating Security Payload (ESP) – Esp protocol Provides
confidentiality by encrypting the data and also provides integrity by
authenticating the user using authentication algorithm.
Authentication Header: this protocol provides origin authentication and replay
protection but it does not provide confidentiality.
AH and ESP Combined: VPN allows you to combine AH and ESP for host-to-host
connections in transport mode.
Enhanced cryptographic algorithm: Cryptographic algorithms added to the VPN selection for
Key Exchange Policy and Data policy security association attributes.
IPSec Architecture
Uses two protocol to secure the traffic or data flow. IPSec Architecture includes
protocols, algorithms, DOI, and Key Management. All these components are
very important in order to provide the three main services:
Confidentiality
Authentication
Integrity
Integrity: verifies that the data has not been forged or tampered
with
Working
Uses client server handshake mechanism
Key exchange between client and server (by diffie hellman key exchange algorithm).
Now TLS protocol will open an encryption channel.
Ensures that message are not altered (by MD5/SHA algorithm).
Before the client and the server can begin exchanging application data over TLS, the encrypted
tunnel must be negotiated: the client and the server must agree on the version of the TLS
protocol, choose the ciphersuite, and verify certificates if necessary. Unfortunately, each of
these steps requires new packet roundtrips between the client and the server, which adds
startup latency to all TLS connections.
DNS Security
DNS security is the practice of protecting DNS infrastructure from cyberattacks in
order to keep it performing quickly and reliably. An effective DNS security strategy
incorporates a number of overlapping defenses, including establishing redundant
DNS servers, applying security protocols like DNSSEC, and requiring rigorous DNS
logging
What is SSL?
SSL, or Secure Sockets Layer, is an encryption-based Internet
security protocol. It was first developed by Netscape in 1995 for the
purpose of ensuring privacy, authentication, and data integrity in
Internet communications. SSL is the predecessor to the
modern TLS encryption used today.