Unit 4: Encryption used in web application

4.1 Introduction to Cryptography

4.2 Information Security goals
4.2.1 Confidentiality
4.2.2 Integrity
4.2.3 Authentication
4.2.4 Non-Repudiation
4.3 What Is Encryption?
4.4 How Does Encryption Work?
4.4.1 Encryption keys
4.4.1.1 Symmetric Key Encryption
4.4.1.2 AsymmetricKey Encryption
4.5 Different Encryption Algorithms
4.5.1 Data Encryption Algorithm(DES)
4.5.2 Advanced Encryption Standard (AES)
4.5.3 RSA (Rivest–Shamir–Adleman) public key algorithm
4.5.4 Blowfish
4.5.5 Twofish
4.5.6 Format Preserving Encryption (FPE)
4.6 Encryption Applications
4.6.1 Hashes
4.6.2 Digital Certificates
4.7 Internet Security Protocols
4.7.1 Internet Protocol Security (IPsec)
4.7.2 Point-to-Point Tunneling Protocol (PPTP)
4.7.3 Layer 2 Tunneling Protocol
4.7.4 Secure Socket Tunneling Protocol
4.7.5 Secure Sockets Layer (SSL)
4.7.6 Hypertext Transfer Protocol Secure (HTTPS)

105
106
4.1 Introduction to Cryptography
Cryptography is a mathematical technique designed tosecure communication between the sender and
the intended recipient of a confidential message. This technique converts the original message into an
encrypted message format which is sent to the intended recipient and can only be read by the intended
recipient by converting it back to the original message.Cryptography comes from the Greek word
kryptos, which means "hidden". Cryptography involves encrypting ordinary text (also known as
plaintext) by some scrambling technique to convert it to ciphertext. The reverse process is applied at
the receiving end to convert the ciphertext back to plaintext using another process known as decryption.
In addition to this, cryptography is also involved in the obfuscation of confidential information in
images/audio/video/text format using a technique known as steganography. Ancient Egyptians devised
some methods in complex hieroglyphics, and one of the first modern ciphers was introduced by Roman
Emperor Julius Caesar and popularly known as Caesar's cipher.
The most common use of cryptography is in digital communication. Encryption and decryption of e-
mail and other plaintext messages are an example of cryptography. The most
straightforwardcryptography technique uses a standard secret key (a symmetric key) between a sender
and receiver). Data to be communicated (plaintext) is encrypted at the sender's end using this secret
key, and this encrypted message (known as ciphertext)is sent to the recipient. The recipient decrypts
the ciphertext using the secret key and extracts the original plaintext.This technique is termed
symmetric key cryptography as encryption and decryption of the messages are performed using the
same secret key. If an intruder intercepts the transmitted message (ciphertext), he cannot decrypt the
encrypted message as the secret key is not known to the intruder. But the problem is to generate and
share the secret kay between two entities. If the sender generates the secret key and sends it to the
receiver, the chances of leakage of the secret key arise. To handle this problem, asymmetric key
cryptography was devised. This is also known as public-key cryptography. Every user holds set of two
keys: one public key and one private key. These pairs of keys are mathematically related and these key
pairs are generated using a complex algorithm. To start secure communication, the sender requests the
recipient's public key. The sender then encrypts the message and sends it to the receiver using this
public key. When the receiver receives the encrypted message, he uses his private key to decrypt it.
Any third party who intercepts the transmitted message cannot decrypt the message as the only private
key of the intended recipient can successfully decrypt the message.

4.2 Information Security goals

There are four main goals of information security where cryptography is involved: confidentiality,
integrity, authentication, and non-repudiation.

4.2.1 Confidentiality
Confidentiality or privacy is the secrecy of the information while in storage or in transit. This security
goal ensures that only the sender and receiver are able to access the confidential information shared
between them. Confidentiality is said to be compromised if the confidential information is accessed
by or leaked to an unauthorized person.
For example, Consider the situation of sharing confidential information between sender A and receiver
B. When A sends the information to B, it is intercepted by an intruder, C. Now C has access to the
confidential information.

107
4.2.2 Integrity
The integrity goal is to ensure that the information received is not tempered during transit and is
accurate. If an intruder modifies the message in transit and the receiver receives this tempered message,
then the integrity of the message is lost.
4.2.3 Authentication
Authentication is a mechanism to verify the sender of a message, the user using the services, system,
or entity. This mechanism recognizes/confirms the identity of a person trying to get access to the
system or information. The most popular authentication mechanism is the use of username and
password pair to identify an entity. The identities of all authorized users are recorded in the
authentication system. Whenever users try to access the system or information, they need to prove
their identity by submitting a username and password pair.
4.2.4 Non-Repudiation
Non-repudiation is a legal aspect of security and it prevents the denial of the generation and
transmission of the message sent on the network.The sender after sending the message later may
deny it. The mechanism of non-repudiation ensures that the sender can not deny the act of generating
and sending a message as some legal proofs are recorded when a message is sent.
4.3 What Is Encryption?
Encryption is a process of scrambling data or transforming dataso that only authorized recipients can
understand the information. It is transforming plaintext to incomprehensible text, known as ciphertext.
The encryption takes readable plaintext in the simplest form and scrambles it to look like a random
sequence of characters.The encryption process involves use of a secret cryptographic key shared
between the sender and recipient of the message. Every time a given message is encrypted using
different keys, it generates different ciphertexts.
Though the encrypted data (ciphertext) appears random, it is generated using a known algorithm. If
the secret key is known, the receiver can decrypt the ciphertext and convert it back to plaintext. Truly
secure encryption is one that uses a sufficiently long secret key complex enough that attackers cannot
decrypt and find the plaintext using trial and error or brute force technique.
4.4 How Does Encryption Work?
Encryption uses algorithms and secret keys to scramble your information and generate encrypted text.
It is then transmitted to the intended receiver, who can use a similar algorithm to decrypt the encrypted
message using the a secret key.There are wide variety of cryptographicencryption and decryption
algorithms, each one uses different ways of scrambling and encrypting the data.

108
 Figure 1: Encryption and decryption
Source: https://cologix.com/resources/blogs/cyber-smarts-integrity-hashing/

4.4.1 Encryption keys

An encryption key is usually random sequence of bits created explicitly to be used with an encryption
algorithm for encrypting and decrypting the data. Encryption keys are associated with cryptographic
algorithms and large key space is used to ensure that every key is unique and unpredictable.
The longer the encryption key, the harder it is to crack the encrypted text. An encryption key is used
to encrypt, decrypt, or carry out both functions, based on the cryptographic algorithm used. There are
two types of encryption algorithms and encryption keys- symmetric and asymmetric.
4.4.1.1 Symmetric Key Encryption
In this encryption technique, a single secret key is used for both encryption a decryption. Symmetric
encryption algorithms are considered safe and efficient. One such symmetric key encryption algorithm
was adopted by the US Government as Advanced Encryption Standard (AES) to store classified
information. One drawback of use of single secret key is sharing of secret key. During sharing of key
between sender and receiver, it can be leaked or stolen. Some kay management mechanisms are needed
to create, distribute and change the key to enhance the security.
4.4.1.2 Asymmetric Key Encryption
Also known as public key encryption, it is implemented using very secure algorithms. Different
strategy is used for encryption and decryption process and different keys are used. The asymmetric
key encryption algorithms use pair of keys with are mathematically related. One key is a public key
which is known to everyone, and the other one is a private key, a secrecy key for a person or entity.
The public key is used for encryption and it can be freely shared among users.The owner of the private
key must keep the key confidential because it is used to decrypt information encrypted with the public
key.
The algorithms used to encrypt the information use public key. When this information need to be
decrypted, corresponding private key is used. Sender uses public key of receiver to encrypt the
information and sends the encrypted cipher to recipient. Recipient having private key easily decrypt
the received cipher.During entire communication, keys are never shared or exchanged. This is the
reason why asymmetric encryption is considered to be more reliable.

4.5 Different Encryption Algorithms

A wide range of symmetric and asymmetric key encryption algorithms are available, all of which are
generally safe and reliable.Some of these algorithms are discussed here.
4.5.1 Data Encryption Algorithm (DES)
The Data Encryption Standard (DES) is a block cipher that encrypts 64-bit blocks. IBM designed it
under the influence of the National Security Agency (NSA), based on the cypher Lucifer . The National

109
Institute of Standards and Technology (NIST) released the standard in 1977. For the past 30 years,
this has been the most widely used block cipher.
DES is a block cipher encrypts and decrypts 64-bit blocks, as shown in Figure 2.

Figure 2: DES Encryption and Decryption

Source: ICERIE (2021). A Comparative Analysis of Various Cryptographic
Algorithms Ensuring Secrecy and Authenticity of Exchanged Information
February 2021,6th International Conference on Engineering Research,
Innovation and Education, At: SUST, Sylhet, Bangladesh Volume: PP. 760-
766

Let's just emphasis on the encryption procedure because the decryption process is very similar to the
encryption process. The Feistel cypher encryption procedure begins with initial permutations (P-
boxes) and ends with final permutations, with sixteen cycles. A different 48 bit key is utilised for
each round. A 56-bit primary key and a round key generation procedure are used to generate these
sixteen 48-bit keys. The components of the DES encryption mechanism are shown in Figure 3.

Figure 3: Structure of DES encryption

Source: As Figure 2

110
Initial and Final Permutations
Figure 4 shows the initial and final permutations (P-boxes). These are straight permutation boxes
having 64-bit input and 64-bit output. Input bits are scrambled in a predefined way and scrambled
output is generated. These permutations do not make use of any key and are inverse of each other. For
example, in the initial permutation, the 2ndbit of input becomes 8th bit of output, and in final
permutation 8th bit of input becomes the 2nd bit in output. In other words, if 16 rounds do not exist
between initial and final permutation, the bit pattern at output side of final permutation is same as bit
pattern at input side of initial permutation.

Figure 4: Initial and final permutation

Source: As Figure 2

Table 1, shows the permutation rules for these two P-boxes. Each permutation table is made up of 64
items and can be considered of as a 64-entry array. The input port number is defined by the value of
each element in the table, and the output port number is defined by its index

111
 Table 1: Initial and final Permutations
These are keyless, pre-determined permutations that have no cryptographic importance in DES.
Rounds in DES
DES uses 16 rounds. Each round of DES is a Feistel cipher, as shown in Figure 5.

Figure 5: Feistel cipher-one round of DES

Source: As Figure 2

Round I's input is the 64-bit output of the preceding round (I-1) or the output of the initial
permutation. Round I's 64-bit input is split into two 32-bit pieces, LI1 and RI1, and after processing,
32-bit LI and RI are formed, which are sent to the next round or the final permutation box (for round
16). There are two cypher elements in each round: a mixer and a swapper. These elements can be
reversed. The swapper swaps the left and right halves of the text, while the mixer uses the XOR
function.

Feistel Function
Feistel function is at the heart of DES. To produce a 32-bit output, the Feistel function is applied to a
48-bit round key KI and the rightmost 32-bits (RI1) of the round input. As illustrated in Figure 6, this
function is made up of four parts: an expansion P-box, a whitener (that adds key),
a set of eight S-boxes, and a straight P-box.

112
 Figure 6: Feistel function
Source: As Figure 2

Expansion P-box
32-bit RI−1 is expanded into a 48-bit pattern so that it can be XORed with 48-bit round key KI.RI-1 is
split by eight 4-bit portions. After that, each 4-bit sector is enlarged to 6 bits. In DES, this expansion
permutation is pre-determined. Input bits 1, 2, 3, and 4 are duplicated to output bits 2, 3, 4, and 5,
correspondingly, for each segment. Bit 1 of the output comes from the previous section's bit 4; bit 1 of
the next section's output comes from the previous section's bit 1. The same criterion applies to bits 1
and 32 if sections 1 and 8 are considered contiguous portions. Figure 7 shows how expanding P-Box
can be used to expand 32-bit data.

Figure 7: Expansion P-Box

Source: As Figure 2

Whitener (XOR)
This simple XOR operation is applied onthe expanded 48-bit right section and the round key.
S-Boxes
Eight S-boxes do the real mixing of bits and create confusion. Each S-boxes uses 6-bit input and
produces 4-bit output.

113
 Figure 8: S-Boxes
Source: As Figure 2

The XOR operation divides the 48-bit data into eight 6-bit pieces, each of which is sent into its own
S-box. Each S-box produces a 4-bit chunk and merging these eight 4-bit chunks yields a 32-bit output.
Each box's substitute follows a pre-determined rule based on a four-row, sixteen-column table. As
shown in Figure 9, the combination of bits 1 and 6 of the input determines one of four rows, and the
combination of bits 2 through 5 defines one of sixteen columns.

Figure 9: S-Box operation for 6-bit chunk

Source: Wikipedia

Round Key Generation in DES

DES key is 64 bit long and it is converted to 56-bit key by dropping eight parity bits (one in each byte
of the key). This 56-bit key is divided into two 28-bit parts and each part is shifted/rotated left by
predefined bit-shifts and then two 28-bit parts are combined and compressed to generate a 48-bit round
key. Process is explained in figure 10. For each round key generation, amount of shifting is not same
as shown in the figure.

114
 Figure 10: Round key generation in DES
Source: As Figure 9
4.5.2 Advanced Encryption Standard (AES)
Another prominent symmetric key block cypher technique is the AES encryption algorithm (also
known as the Rijndael algorithm), which encrypts one block of 128-bit plain text at a time using keys
of size 128, 192, or 256 bits.
The substitution-permutation, or SP network, is used to design the AES algorithm. It uses multiple
rounds of operations to generate the ciphertext, just like other symmetric key algorithms. The size of
the key utilised determines the number of rounds in the method. 10 rounds are required for 128-bit
keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Only one key (128/192/256 bits) is
used, and a key expansion method is employed to generate several round keys from it.

115
 Figure 11: Rounds in AES for 128-bit key
Source: As Figure 9

16 bytes of 128-bit input plaintext is written in 4x4 matrix known as state in AES. Each round
consisting of four steps transforms this state into a new state which becomes input to the next round.
Four steps of each round are as follows:
1. SubBytes: Substitution of the bytes
Using predefined S-Boxes, each byte of input block text is substituted by another byte.

Figure 12: SubBytes operation

Source: As Figure 9

2. ShiftRows: Shifting the rows

Next is a permutation operation where all rows except the first are shifted by one, as shown below.

116
 Figure 13: ShiftRows operation
Source: As Figure 9

3. MixColumns: Mixing the columns

Hill cipher is used in this step to jumble up the input bits by mixing the columns of the state matrix.

Figure 14:MixColumns operation

Source: As Figure 9

4. AddRoundKey: Adding the round key

In this final step, the input message is XORed with the round key.

Figure 15: AddRoundKey operation

Source: As Figure 9

117
When done repeatedly in 10/12/14 rounds, these steps ensure that the final ciphertext is
secure.

AES modes
Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB)
mode, Output Feedback(OFB) mode and Counter (CTR) mode are the five different modes of
operations that can use the AES algorithm and other symmetric key algorithms.
4.5.3 RSA (Rivest–Shamir–Adleman) public key algorithm
The RSA encryption algorithm was developed by RSA Data Security and is a widely used public-key
encryption technique. The RSA algorithm's security is predicated on the difficulty of factoring
extremely large composite numbers. The RSA technique exploits prime factorization as a trap door for
encryption. It is based on the problem of identifying prime factors p and q of a composite number
n=pq. The production of big prime numbers is required to compute an RSA key, which takes a long
time and a lot of computer power. The RSA algorithm has become the industry standard for encrypting
sensitive data sent over the Internet.
Rivest, Shamir, and Adelman, the technique's creators, are known as RSA.
To implement RSA encryption, we need to find two large prime numbers kept secret. Multiplication
of these two large prime numbers becomesthe foundation for RSA. Using complex mathematical
operations, a pair of keys are generated which are to be used as public and private keys.
Steps in RSA Algorithm
Key Generation
You need to generate a pair of keys known as public and private keys before using them for
performing encryption and decryption. These keys are generated using certain variables and
parameters. Complete process is explained in following paper

To understand complete process, take one example:

118
Let p = 17 and q=13.
n= 17x13 = 221, z=(17-1)x(13-1)=16x12=192
Value of public key e can be chosen as a small number 5 as it satisfies the condition 1 < e <z.
d = e-1 mod 192 = 77
Public Key pair = (5,221)
Private Key pair = (77,221)
Encryption of plaintext m=10 is done as c=105 mod 221 = 108.
When ciphertext 108 is decrypted using private key (77,221), we get m=108 77 mod 221 = 10.
4.5.4 Blowfish
Blowfish is a symmetric key block cypher invented by Bruce Schneier in 1993 that is freely available.
Many cypher suites, security protocols, and encryption solutions use the Blowfish algorithm.
Blowfish's security has been thoroughly tested and validated.As Blowfish is available in public
domain, people have done significant amount of cryptanalysis on blowfish ciphers and no one
succeeded in breaking the cipher. Blowfish is considered one of the fastest block ciphers available in
the public domain. It is best suited for a product like SplashID that is used on a wide range of processors
found notebook, desktop computers, and mobile devices.
Schneier designed Blowfish with intend to replace the popular DES algorithm.Significant features of
Blowfish design are key-dependent S-boxes and a key schedule which is highly complex.
Blowfish encrypts 64-bit block at a time and its key length can vary between 32 bits to 448 bits. It uses
16-round of Feistel cipher large number of key-dependent S-boxes.
The action of Blowfish is depicted in the diagram to the left. Each line denotes a 32-bit value. The
algorithm keeps two subkey arrays: an 18-entry P-array and four 256-entry S-boxes. The S-boxes take
an 8-bit input and output a 32-bit result. One P-array entry is used every round, and each half of the
data block is XORed with one of the two remaining unused P-entries after the final round.
The diagram below shows Blowfish's F-function. The function divides the 32-bit input into four 8-bit
parts and each 8-bit part is fed to S-Box which is different for each part. The output of each S-Box is
a 32-bit number. These outputs from S-Boxes are added in modulo 232 and XORed to produce the final
32-bit output.

119
 Figure 16:The F-function of Blowfish
Source: As Figure 9

Blowfish's key schedule

In Blowfish's key schedule, 18 subkeys (P[0] to P[17]) of 32-bit size are stored in aP-array and 4 S-
boxes(each having 256 entries of 32-bit each) are initialized with values derived from the hexadecimal
digits of pi, which are random in nature. The secret key is then XORed with the P-array in order
(cycling the key if necessary). The resultant ciphertext replaces P-array and then used for entire
encryption process. Four S-boxes S[0] to S[3] are also processed in similar manner.

Figure 17: initial values in P-array in Blowfish

Steps in Blowfish Algorithm
The Blowfish algorithm uses a 64-bit block size, and the resulting key is between 32 bits and 448 bits
long. The algorithm is divided into two sections. The first is for key expansion, while the second is for
data encryption. The key expansion transforms the 448 bits of a key into subkeys once it receives the
request, making the array 4168 bytes long.
The algorithm now employs a 16-round Feistel cipher and big key-dependent S-boxes for data
encryption. S-boxes are necessary components of symmetric key algorithms that use the substitution
approach.
Each cycle of substitution in the S-boxes has a different permutation key. The algorithm is structured
similarly to CAST-128, employing fixed S-boxes.

120
 Figure 18: 16 rounds of Blowfish

4.5.5 Twofish
Twofish is a 128-bit symmetric block cipher having a key size of any length upto 256-bits. NIST
standards are for 128-, 192-, and 256-bit key sizes. Twofishcan be implemented efficiently on 8-bit as
well as 32-bit processors, smart cards, embedded chips, and similar devices and hardware
implementations are also possible. The algorithm is flexible and can be used in some network
applications where keys are changed frequently and can also be implemented in applications with a
minimal amount of RAM/ROM.

121
 Figure 19: Twofish implementation
Source: As Figure 9

As shown in Figure 19, Twofishuses a Feistel network. The input block is divided into two half. The
first half is processed through an F function and then XORed with the second half to generate output
to be fed to the next round.
Twofish cipher has a total of 16 rounds. Two 32-bit words are passed to the F function in each round.
Each 32-bit word is split into four bytes and routed through four separate S-boxes, each of which is
key-dependent. The four output bytes (the S-boxes have 8-bit input and output) are merged into a 32-
bit word using a Maximum Distance Separable (MDS) matrix. The two 32-bit words are then merged
using a Pseudo-Hadamard Transform (PHT), appended to two round subkeys, then XORed with the
text's right half. In addition, there are two 1-bit rotations, one before and one after the XOR. Additional
subkeys are XORed into the text block both before and after the first round in Twofish. This feature
is known as "prewhitening" and "postwhitening."
The round function has bijective steps. In other words, every outcome is possible. We've seen many
attacks on ciphers that lack this characteristic so theybecome non valuable. S-box substitution, an
MDS matrix in GF(28), addition in GF(232), addition in GF(2) (commonly known as XOR), and 1-bit
rotations are all included in the round function. As a result, attacking the algorithm mathematically is
difficult.
The key-dependent S-boxes are intended to resist the two major attacks of the early 1990s—differential
cryptanalysis and linear cryptanalysis—and any future assaults. Too many algorithm designers focus

122
on specific assaults while neglecting to consider resistance to unforeseen threats. Our design
philosophy was a little different: good enough against known attacks, but nasty enough to (hopefully)
fend off unknown attacks. We did this in part by using key-dependent S-boxes.
S-boxes that are key-dependent were not chosen at random, as they were in Blowfish. Instead, we
painstakingly designed S-box building rules and tested them with all 128-bit keys (as well as a subset
of longer keys) to ensure that all S-boxes were indeed strong. We were able to combine the strength
of fixed, strong S-boxes with the strength of secret S-boxes using this method. And, unlike Blowfish
in reduced-round variants, Twofish has no weak keys.
Twofish's MDS matrix has been carefully developed to give good diffusion, preserve its MDS
property even after a 1-bit rotation, and be fast in both hardware and software. This meant we had to
look through all of the matrices available to pick the one that best fit our requirements.
The PHT and key addition provide diffusion between the subblocks and the key. On the Pentium (and
above), we can execute all four additions in only two operations using the LEA instruction.
The round subkeys are carefully calculated using a process related to the S-box building principles to
prevent related-key attacks and guarantee good key mixing. We learned during this process that a good
key schedule is designed in tandem with the cipher, rather than being grafted onto it. We put a lot of
effort into the Twofish key schedule and are pleased with the outcome.
The 1-bit rotation is used to break up the byte structure; otherwise, everything is done in bytes. This
procedure exists to annoy cryptanalysts, and it certainly hampered our efforts to decrypt Twofish.
Prewhitening and postwhitening appear to increase the difficulty of every attack by at least one
round. Keeping the eight XORs in makes sense because they are less expensive than a round.
4.5.6 Format Preserving Encryption (FPE)
FPE (Format-Preserving Encryption) is a new way for encrypting structured data like credit cards and
Social Security numbers. FPE allows data-level encryption to be integrated into legacy business
application frameworks that were previously difficult or impossible to deal with. It encrypts data
without changing its format by combining a documented encryption method with an existing, validated
algorithm. As a result, a powerful encryption technique has been developed that enables for encryption
with little changes to existing apps' functionality.

Voltage's CTO Terence Spies suggested the underlying cryptographic structure of FPE in 2006, and
Voltage has been the leader in the development of FPE and related technologies since then. Voltage
possesses US Patent 7,864,952, which describes the core cryptography of FPE, and it has continued to
build intellectual property around the technology's implementation and application.

Using traditional techniques, small, structured data pieces, such as 16-digit credit card numbers, are
converted into bigger, binary fields. As a result, deploying these algorithms frequently required
updated database and application re-engineering to accommodate the new data quantities and formats.

123
 Figure 20: Format Preserving Encryption

Source: As Figure 9

FPE preserves the original format of encrypted data on a character-by-character basis, allowing
encrypted data to "fit" into existing fields without needing database or application schema changes.

The following are some of the essential features and capabilities:

Data type agnostic — Supports numeric, alphanumeric, and even date fields in any format.
Referential integrity — Maintains referential integrity between applications and data stores,
maintaining consistency.
Data masking — This technique can be used to conceal data in development, test, and analytics
settings.
Published security proofs - Provides formal evidence of security that is recognized by the National
Institute of Standards and Technology (NIST).

4.6 Encryption Applications

4.6.1 Hashes
This cryptographic tool is used to provide secure authentication and message integrity. In public-key
cryptography, a hash function is a significant mathematical procedure that plays an important role. It
can store user credentials in a server database in a secure manner. Data integrity is a major concern
in digital communication channels, and hashing can help ensure that data is not tampered with while
in transit. It also aids with the categorization of material and files and authentication processes.
A hash function in cryptography is a unique identifier for a given piece of information. It is a process
that converts a large variable-length plaintext into a fixed size hash value called digest or hash.
Usually, two different pieces of information cannot have the same hash, and when content changes,
the hash value also changes. As hash value is unique for a given content, it can be used to ensure data
integrity by appending provided content with hash value at the sender's end and verifying the hash
value at the receiver end.

124
 Figure 21: Hash function
Source: As Figure 9

Hash functions are commonly used for authentication, but they can also be utilized for other
purposes.For cryptography, we need strong hash algorithms. Following are requirements for a strong
hash function:

 Determinism — A hashing function is deterministic if it always produces same hash value for
a given content.
 Pre-Image Resistance — If message M is hashed to generate hash digest H, then it is infeasible
to obtain the original message M from a given hash digest H. Hence, the hashing process is a
one-way function irreversible.
 Collision Resistance — If two messages M1 and M2 are hashed to generate hash digests H1
and H2 respectively, then if H1 is equal to H2, we call it a collision. Collision resistance means
So H1 can not be identical to H2 if M1 and M2 are different. It is computationally infeasible
to find out two messages M1 and M2 that generate the same hash digest.
 Avalanche Effect — This means is that if any changes are made to the input of hash function
(changes may be very small like only one bit change), it will result in entirely different hash
digest. So small change in input affects a large number of changes in output, known as the
avalanche effect.
 Hash Speed — We need to have faster computation of hash valuesIn many cases, large size
input is fed to the hashing algorithm and we need the results quickly. Faster computation is
considered as an ideal property of any cryptographic hash function.

Some applications of Hash Functions

Authentication:
User passwords are not stored directly in the server database as chances of password theft exist. To
make the password secure, hash values of passwords are stored in server database along with user ID.
Whenever a user enters the user ID and password on the login screen, the server matches the ID and
gets the password's hash value. This stored hash value is compared with the fresh computed hash value

125
of the input password and if the match is found, authentication is booming, and the user is granted
access.

Provides high-level security:

The hash function technique of storing passwords provides high-level security. If the attacker can break
into the system and access the password database, the attacker only gets user ID and hashed password.
An attacker cannot convert the hash value into a password as it is impossible to obtain the original
password from the given hash value.
Data Integrity check:
To ensure the data integrity of messages during transit, the sender computes hash value of a given
message and sends both the message and the computed hash value to the receiver. The receiver takes
the received message, computes this message's hash value, and then compares the computed hash value
with the received hash value. If the match is successful, the receiver is then sure that the message
integrity is maintained during transit and the message is not altered during transit. This process of
integrity checks are used in many messaging applications like e-mail systems.
Digital Signature:
The digital signature is used to associate a person or entity with a digital message or data. This
association ensures that the person sending the data is solely responsible for this message and the
receiver or third party can verify this association. This digital signature is basically encrypted hash
values and when done using public key cryptography, it cannot be forged, misused or stolen
1.6.2 Digital Certificates
Digital certificates are the association of a public key to an entity and an identity of the entity on
theInternet. Digital certificates are issued by some trusted party and can be treated as an electronic
identity card for an entity.Any user on the Internet, if received some digital certificate of another entity,
it can verify the certificate for authenticity, validity, ownership, and issuer.
SSL protocol is based on use of digital certificates for public key cryptography. Public-private key
pairs used in public key cryptography are simply long binary strings which are mathematically related
to each other. Each user need to keep the private key in a very secure way (may be in encrypted form
in a machine). Public key of all users are published, means they are available to everyone who wants
to communicate. The private key can be used to add a digital signature on each secure content being
communicated from one user to other users. In this scenario, the signer's public key can be used by all
receivers to verify the sender's digital signature and ensure integrity of the content and
authenticity/identity of the sender.
Public-key cryptography systems are based on the trust that a public key belongs to a particular entity
not an imposer. Digital certificates give this confidence to users.
A digital certificate can be used for two purposes: any user can verify and establish the certificate
owner's identity. Once it is done, the certificate owner's public key is available to the user.A certificate
authority (CA) issues a digital certificate, and this is the trusted authority involved and responsible for
all digital certificates issued. Each certificate issued has a limited validity period. When certificate

126
validity expires, the digital certificate verification fails and the owner needs to get the new certificate
issued from certificate authority.
Contents of Digital Certificates
The digital certificate is only available in digital format and includes the following information
about the certificate's owner and certificate authority:
• The owner's name. It combines the owner's name and the directory tree's context (position).
If the owner's common name is PressB, the context is OU=Engineering, and the organisation is
O=ABCDelta, the distinguishing name would be:.CN=PressB.OU=Engineeering.O=ABCDelta
• The public key of the owner.
• The date on which the digital certificate was created.
• The date on which the digital certificate will expire.
• The issuer's distinguished name (distinguished name of the CA).
• The digital signature of the issuer.
• Digital Certificate Security Considerations

Figure 22: Digital Certificate Sample

Source: As Figure 9

A digital certificate alone is not the identity of the certificate holder.Digital certificate owner's digital
signature can be verified using public key present in digital certificate. Public key cryptography
provides this mechanism of verifying someone's digital signature and a digital signature can be forged

127
if private ley is compromised. As a result, the digital certificate's owner must protect the private key
associated with the digital certificate's public key. A digital certificate cannot be misused or falsified
unless it has a private key that corresponds to it.
Certificate Authorities and Trust Hierarchies
Concept of trust is foundation of digital certificates. Each user or organization must decide the trusted
CAs and accept certificates issued by these trusted CAs.
Knowledge of public key cryptography is needed to establish any security service. All users need to
have a public key and for ownership of this public key, they need to get the digital certificate from
some trusted CA. Once the digital certificate is issued, the owner can verify the certificate's authenticity
by verifying the digital signature of issuing CA available in digital certificate. To get the authentic
public key of issuing CA, the user needs a digital certificate of its CA that may have been issued by
some higher level CA. This makes a chain of trust and chain of CAs involved in issuing digital
certificates. Usually, a hierarchy of CAs can issue digital certificates to users or other CAs. CAs
themselves hold a digital certificate issued and signed by higher level CAs.So to verify digital
certificate, a user needs a complete chain of digital certificates from its Ca to the highest level CA in
the hierarchy. Figure 23 shows the complete chain of trust.

Figure 23: Chain of trust and hierarchy in Cas

Source: As Figure 9

Now we can understand that insecure application, when a digital certificate of a subject is sent to a
receiver entity. Along with sender's digital certificate and complete chain of digital certificates (from
its CA to root CA in the hierarchy) are sent to the receiver.

 The trust chain starts with the root CA. The root CA signs the root CA's digital certificate. It's
referred to as a self-signed digital certificate. Using its own private key, the root CA signs its
certification and all other certificates issued. The public key of the root CA can be used to
verify the root CA's digital signature. The public-key user must have gotten the root CA's
digital certificate in one of the following methods to establish the entire chain of trust:

128
  On a storage media, on registered e-mail, or picked up in person.
• The certificate comes with pre-loaded software obtained from a reputable source or downloaded from
a trusted server.

4.7 Internet Security Protocols

Many protocols were developed based on cryptography that fulfill all security goals mentioned earlier
in this chapter. These protocols provide security of client and web application and websites involved
in exchanging information through theInternet.
4.7.1 Internet Protocol Security (IPsec)
It is a suite of protocols that provide secure services for IP network traffic. The protocol is designed
for secure network communication across IP networks. IPsecprovides confidentiality by encrypting
sensitive data and supports authentication and protection against replay attacks.

Figure 24: IPsec protocol suite

Source: As Figure 9

IP network traffic is made secured by using following protocols:

Authentication Header (AH)is a protocol to protect the IP packet data from tampering. Hackers can
tamper while IP packets are being exchanged between client and server. IPsec AH protocol is used to
sign the entire IP packet (including payload) digitally and then this signed packet is used for secure
communication. This mechanism gives security against tempering, spoofing and replay attacks.Point
to remember is that the authentication header can provide the protection against tempering but does
not provide confidentiality of the contents in the packet.
Encapsulating Security Payload (ESP) – This protocol provides confidentiality by encrypting theIP
packet payload and also provides authentication, integrity, andsecurity against replay attacks.
Internet Key Exchange (IKE) – IKE protocol permits the exchange of keys and digital certificates and
helps establish mechanisms and parameters for encryption and encryption keys. In fact, a secure VPN

129
tunnel is established between two entities, and each communication is encrypted at the sender's end
and decrypted at the receiver's end.
IPSec is primarily used to create a dedicated secure tunnel between two hosts that uses IPsec
tunneling to encrypt all communication between the two hosts. It can also be used to encrypt and
secure application layer data, give security to routers delivering data over the Internet, and provide
authentication without encryption.

There are two different modes in which IPsec canbe configured and used:
Transport Mode –End-to-end communications, such as communication between a host and a server,
are handled by transport mode. IP packets are made up of two parts: an IP header and an IP payload.
The IP payload is protected in transport mode. Security activities such as encryption are decided by
the sender and receiver in transport mode.

Figure 25: Transport and Tunnel modes of operation

Source: As Figure 9

Tunnel Mode – Tunnel mode is the default mode of operation in IPsec and the entire IP packet is
encrypted by same. It's typically used to encrypt all traffic between two routers/gateways connected
via IPsec VPN tunnels over the Internet. Cryptographic functions such as encryption and
authentication are handled by routers/gateways at both ends of the tunnels, in addition to the sender
and receiver, in tunnel mode of operation.
4.7.2 Point-to-Point Tunneling Protocol (PPTP)
It is also used for VPN. It is a set of communication rules that allow organizations to extend their
private network over the public Internet using a secure virtual private network (VPN).Large
organization having many remote offices can be connected securely using PPTP protocol to create a
larger local area network (LAN ). This extension of LAN is possible using the infrastructure of a wide
area network (WAN), like the network of a public Internet service provider (ISP) or telecom. This

130
private network extension over a public network is cost-effective compared to laying out own network
infrastructure over such distances.
PPTP uses the public network to create a secure tunnel between the host and enterprise server and
securely exchange the data. PPTP VPN is established over TCP/IP-based networks. Remote usersof
an organization can securely access corporate networks over the Internet as if they are physically
present in the corporate network.
Point-to-point protocols are already used on the Internet and the extension of point-to-point network
is PPTP. Microsoft defined standards for this protocol. Later Microsoft worked with Cisco to propose
Layer 2 Tunneling Protocol. The Internet Engineering Task Force (IETF) may adopt these two
protocols as upcoming standards for VPN.

The following are some of the benefits of PPTP:

• Lower transmission costs: No extra infrastructure is required; all that is necessary is access to the
Internet.
• Low administrative overhead: Administrators merely handle the remote access server (RAS) and user
accounts instead of managing many hardware configurations.
• Lower hardware costs: By separating ISDN cards and modems from RAS servers.
• Enhanced security: The PPTP connection is encrypted and safeguarded over the Internet.
4.7.3 Layer 2 Tunneling Protocol
Layer 2 Tunneling Protocol (L2TP) is used by Internet service providers (ISPs) to create virtual private
networks (VPNs). This computer networking protocol is quite close to the OSI reference model's Data
Link Layer Protocol. However, L2TP is a session layer protocol.
L2TP communication takes place through a User Datagram Protocol (UDP) port. L2TP is frequently
used alongside an encryption protocol such as Internet Protocol security (IPsec) because it does not
provide any data security such as encryption or secrecy.
L2TP is sometimes termed as Virtual Dialup Protocol.
L2TP is an expansion of the Point-to-Point Tunneling Protocol that was first announced in 1999.
(PPTP). It combines Microsoft's (PPTP) and Cisco's (L2TP) protocols. This protocol eliminates the
cost of a dial-up network, which was previously an overhead for every user wishing to connect to their
corporate headquarters remotely. Because of its Point-to-Point Protocol (PPP) extension service over
the Internet, L2TP is also known as Virtual Dialup Protocol.
For example, consider a situation when a user is in Delhi and wants to connect to some person in
Chennai using a dial-up modem. For this the user dials and connects to the Internet and then establishes
a dedicated link from Delhi to Chennai. This dedicated dial-up link has been established using a public
switched telephone network (PSTN) and it only gives the lowest data rate of 64kbps or less as the
PSTN network is being shared among many users.

131
Now, suppose the same user utilises L2TP, a point-to-point protocol configured on both ends (the ISP
and the user site). A secure tunnel is built to transmit user data after successful authentication of the
user's connection request. After the tunnel has been established, the user can begin communicating.
 The following are some of the benefits of L2TP:
 For sensitive applications, high data security is supported.
 To ensure confidentiality, high-level encryption is applied.
 It provides fast and reliable connectivity.
 It is cost-effective, with no further overhead costs after deployment.
 It is an industry-standard best suited for the business sector, as it is quick, dependable, scalable,
and versatile.
 It offers the best authorization policy for users using VPN authentication..
4.7.4 Secure Socket Tunneling Protocol
It is a protocol used for Virtual Private Network (VPN)introduced by Microsoft. All Microsoft
Windows from Vista onwards are offering support for the SSTP protocol.
This VPN protocol secures the online traffic of data and it is much safer protocol compared to PPTP,
L2TP, and IPSec.
SSTP establishes a secure VPN connection between a client and server. A secure tunnel is established
between client and server,entire traffic passing through this tunnel is encrypted. SSTP transports Point-
to-Point Protocol (PTP) traffic using SSL/TLS channel and this the reason SSTP is more secure
compared to PPTP as it supports integrity check, secure key negotiation and encryption. When a VPN
connection is established between client and server, the server is authenticated but client authentication
is optional.

Figure 26: SSTP functioning

Source: As Figure 9

SSTP works on TCP port 443, the port used by HTTPS traffic.SSTP usually doesn't support VPN
tunnels between two sites. SSTP can also support roaming using SSL transmissions. SSTP supports
only user authentication. It does not support device authentication.
Clientnegotiates the server on port 443. The confirmation process at customer side is as follows: client
obtains server's credentials and a verification process is run, If verification fails, the connection is
simply terminated.After successful server verification, the client HTTPS ask to server and SSTP

132
control parcels. The next step is a point-to-point arrangement and IP interfaces for client and server is
established. Now two sides are ready to exchange data through secure tunnel established.
4.7.5 Secure Sockets Layer (SSL)
Netscape developed secure Sockets Layer (SSL) in mid 1990s while Netscapelaunched its popular
web browser. SSL is having three versions but SSL1.0 was never released to the public, and SSL 2.0
had some serious flaws. SSL 3.0 was released for public in 1996 and it was completely revamped, and
became popular in coming years.
TLS vs. SSL
The SSL protocol was adopted and standardized by the Internet Engineering Task Force (IETF), and
it was given the moniker Transport Layer Security (TLS). These two comparable protocols are
sometimes grouped together as SSL/TLS and are updated as a series of protocols.
The TLS protocol can handle all types of internet traffic including web application and website
traffic.If a website address (URL) starts with "https", then the browser is connected to the website
using TLS protocol. There is a padlock on the browser address bar,that tells you that your connection
is secure.
TLS can also be used for other applications like e-mail and UseNet.
Encryption is used to secure the communication over the Internet. If data you are sending over the
Internet is not encrypted, anyone can view the data that is being communicated and accessconfidential
information. The most secure encryption method is public-key cryptography.A pair of public and
private keys is used for encryption and decryption. These keys are using complex mathematics and are
mathematically related. It is nearly impossible to derive the private key using brute force or reverse
engineering knowing the public key. The public key is used to encrypt the data at sender's end and
when encrypted dat reached receiver side, private key is used to decrypt the encrypted data. You can
think of the public key as a location of a mailbox and a slot on the front of a mailbox through which
you can push the letters inside the mailbox and the private key as the key to unlock the mailbox and
take the letters out. Anyone who knows the location of the mailbox can put the message into mailbox,
but if someone need to read these messages, they need the private key.

Figure 27: Various Protocols in SSL

Source: As Figure 9

133
There is a drawback of using public key cryptography for encryption and decryption of all
communication happening. Public key cryptography systems consume much time and computational
resources in encrypting and decrypting the information as complex mathematical operations are
involved. So if this public key cryptography is used for all the communication taking place during
entire session, the system will become slow and lot of computing resources will be involved.SSL/TLS
solves this problem and use public key cryptography only at beginning of the session to establish the
symmetric key between two entities. This happens during handshake phase of the protocol when some
parameters are established between two entities and a symmetric key is established. This symmetric
key becomes available with both the entities and later used to encrypt and decrypt the messages during
entire session. Symmetric key cryptography, where a single key is used for encryption and decryption,
is comparatively efficient and faster than asymmetric key cryptography (public key cryptography).
Since the session and session key are established using public key cryptography, the whole session is
much more secure.

Establishing the session key is known a Handshake and it’s a part of SSL/TLS protocol. Using
handshake protocol, two communicating entities introduce each other, authenticate each other, get to
know their cryptographic capabilities, and agree upon a session key.
SSL handshake
The handshake process little more complicated while some variations are allowed depending upon the
requirements. Here are steps involved during handshake process.
The client initiates the connection and makes a request to the server for a new secure connection. The
server responds with a list of cryptographic parameter options called cipher suites. This cipher suite is
set of supported algorithms for encryption, signature, authentication etc. the server supports. The client
compares the server list with own capabilities, selects algorithms and informs the server about its
selection. Both client and server have agreed to use a predecided cipher suite for a complete session.
The server then sends its digital certificate to verify the authenticity and identity of the server. This
server certificate also contains a server public key to verify the certificate itself and later used to
establish the session key.
Now client and server exchange some parameters and establish a session key using public key
cryptography. This newly created session key will be used to encrypt and decrypt entire
communication during the session using symmetric key cryptography. There are several techniques
for creating the session key. The client may encrypt a random number using server public key and
sends it to the server to decrypt it. Now both the client and server are holding the random number,
which they use to create the session key. Alternately, client and server can use popular key exchange
algorithm-called Diffie–Hellman key exchange to create the session key.
The session key established between client and server is a symmetric cryptography key and will be
used only for this single communication session. Suppose connection between client and server is
interrupted or remains idle for long time. In that case, the server terminated the current session, and
handshake protocol is again used to establish a new session key.
What is an SSL certificate?

134
Let's return to the SSL certificate concept. As described in the previous section, these certificates are
at the heart of the SSL/TLS system: they supply the client with the public cryptographic key required
to begin secure connections. However, their role extends beyond simply supplying the key; they also
verify that the key is indeed associated with the company that is providing it to the client.
What is the mechanism behind this? Certificates are issued by Certificate Authorities (CAs), which
function similarly to a passport office in terms of verifying identities. Organizations that want to
provide TLS-encrypted services must buy certificates from CAs, who then verify that the organizations
are who they say they are. For example, if you wanted to get a certificate to secure a website at
example.com, you'd have to show the CA that you own the domain name example.com. If someone
goes to example.com and receives a valid SSL certificate from a trustworthy CA, they can be certain
that they're dealing with the legitimate owner of the domain. As a result, man-in-the-middle attacks
can be avoided.
In the last paragraph, you'll notice that we used the word "trusted CA." Anyone can start up shop as a
certificate authority; how do you know which ones do the necessary due diligence to authenticate their
clients? Fortunately, software developers are mostly responsible for figuring this out. The Mozilla
Foundation keeps track of which CAs Firefox will trust, and Apple and Microsoft keep track of which
CAs they implement at the OS level for Windows, macOS, and iOS, which Chrome uses on those
systems. As a 2017 fight between Google and Symantec over what Google perceived to be Symantec's
inadequate standards shown, choosing which CAs to trust has high consequences.
The X.509 standard is used to define SSL certificates. This standard permits certificates to convey a
lot more information than simply the public key and the proven identity of the certificate owner;
DigiCert provides a full analysis of the standard in its knowledge base.
SSL checkers
When you communicate with servers that offer TLS-encrypted connections, almost all of the above
information is exchanged and confirmed behind the scenes. You can use an SSL checker website to
acquire a bit more transparency by entering the URL of an SSL/TLS-encrypted site. The checker will
return a variety of details about the certificate used by the tested site, including the server type,
which web browsers will and will not trust it, the issuer, the serial number, and the expiration date.
Most SSL checkers are free services provided by CAs as marketing tools for their products; for
example, many will allow you to set an alert for when an examined certificate expires, assuming that
it's your certificate and you'll be looking for a new one as the expiration date approaches. If you're
looking for a less commercial option, try Qualys SSL Labs' SSL checker, which delivers a very
comprehensive collection of information about inspected websites.
4.7.6 Hypertext Transfer Protocol Secure (HTTPS)
The popular Hyper Text Transfer Protocol (HTTP) was unsecure protocol and security was dependent
upon the application using HTTP. Later a secured version of HTTP known as Hypertext transfer
protocol secure (HTTPS) was proposed, This protocol now ensures secure communication between
browser and web application. HTTPS encrypts every piece of data moving between browser and web
server and ensures data security.This is particularly necessary when sensitive data is shared between
users and web apps.
HTTPS should be used on any website, especially those that require login credentials. Websites that
do not employ HTTPS are marked differently in current web browsers like Chrome than those that

135
do. A green padlock in the URL bar indicates that the webpage is secure. Online browsers take
HTTPS seriously, with Google Chrome and other browsers flagging any non-HTTPS websites as
insecure.
How does HTTPS work?
To encrypt communications, HTTPS employs an encryption protocol. The protocol is now known as
Transport Layer Security (TLS), however, it was previously known as Secure Sockets Layer (SSL)
(SSL). An asymmetric public key infrastructure is used to secure communications in this protocol.
This type of security mechanism encrypts communications between two parties using two separate
keys:
The private key – It is owned by the website's owner and is kept confidential, as the reader would have
guessed. This key is stored on a web server and is used to decrypt data that has been encrypted using
the public key.
The public key –It is accessible to anyone who wishes to interact with the server in a secure manner.
Only the private key can decrypt information encrypted with the public key. Why is HTTPS important?
What happens if a website doesn't have HTTPS?
HTTPS protects websites from having their data broadcast in a way that anyone spying on the network
can see. When data is transferred via standard HTTP, it is split down into packets of data that can be
easily "sniffed" with free software. As a result, communication over an insecure channel, such as public
Wi-Fi, is extremely sensitive to eavesdropping. In fact, all HTTP communications are in plain text,
making them extremely accessible to anyone with the right tools and open to on-path assaults.
HTTPS encrypts traffic so that even if packets are sniffed or otherwise intercepted, they will appear as
nonsensical characters.

136