What is Digital Signature :- mathematical schema for demonstrating the authenticity of digital message or document.

Why Digital Signature :- Authenticity , Integrity , Non-repudiation to eletronic dicument use as secure medium
Private Key:- used for making digital signatures

Private key :- use dto verify digital signature Unit 3

Digital Signatures and Internet Security Protocols

What is a Digital Signature:-

A Digital Signature is mathematical schema for demonstrating the authenticity of digital
message or document.
Why Digital Signature:-
To provide authenticity, integrity & non-repudiation to electronic document to use the
internet as the safe & secure medium for e-commerce.
Private Key:-
Used for making digital Signature.

Public Key:-Used to verify the digital signature.

Write a short note on Digital Signature:-

When sender send message to the receiver. Receiver need to check the authenticity of the
sender. The receiver need to be sure that the messages come from the sender & not form the
unauthorized user. The receiver can ask the sender to sign the message electronically &
electronic signature can prove the authenticity of the sender, we refer this type of signature as
digital signature.
When we signed a document digitally when need to use two documents i.e. message &
signature. The receiver receive both document & verify that signature belong to sender. If this is
prove a message is accepted otherwise it rejected.
In the digital signature system message is encrypted with sender‟s private key to create
the signature. Then the message is send to the receiver along with signature the receiver
decrypted the message using the senders public key, if the result matches then the receiver can
sure that the message has not been modify during the transmission.

Sender message (Authenticate using Digital Signature(Private key)) =======> Verify digital signature(Public key) Receiver

Prof.Nanaware Y.K Page 1

 Digital Signature

Note:-
Encryption:-
Encryption means plain text to coded form.
Decryption:-
Decryption means coded text to plain text.
A digital signature can provide 3 services for security system/approaches.
1) Message Integrity.
MessageAuthentication
2) Message Integrity:- (Permission)
1.integrity of message is preserve of message where there is transmission of message from sender to receiver
2.senderNon-repudiation
3) Message send message with signature(using # Function) with private key
3.receiver receive message and decrypt signature (using # Function) with public key
1) Message Integrity:-
The integrity of the message preserve of the message when there is a transmission from the
sender to the receiver by using # Function , you can check the original message when the
sender send the message in the encrypted form with the digital signature. The sender also
calculate some value by using # Function & send the receiver. The receiver after decrypting
the message also re calculate the value by using # function, if that value match then we can
Message Authentication:-
1.Digital signal
keep the can provideof
originality authentication
the messagereceiver
as it is &can verify that
accepted message
otherwise send
it is by authorize person
rejected.
2.receiver can authenticated sender information
2) Message Authentication:
A secure digital signature can provide the message authentication, the receiver can
verify that message send by the authorize person. The sender‟s publicity can create

Prof.Nanaware Y.K Page 2

 some signature as the unauthorized user can access it. There is different authentication
mechanism such as- long in password, biometric security etc
3) Message Non-repudiation:- sender can not deny the message send by sender

If the sender send the message to the receiver but after some times sender deny that
message is send by he sender. One solution is use a trusted third parity. People can create a
third party among them selves, age & send the message sender identity, receiver identity &
signature to the trusted third party after checking that the public key is valid verify thought
the senders public key that the message come from the sender.
Q) Why do need digital signature?
- Integrity
- Faster Procedure
- Completely Secure
- Eliminate the use of paper
- Authentication
Message Digest:-
- Non-repudiation 1.hash function is a math function
2.hash function arbitrary length but output always
- Low cost. 3. value return by hash function called message digest/hash value
4. even if tiny changes in input changes the output
Message digests

Hash functions are extremely useful and appear in almost all information security applications.

A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.

Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −

Prof.Nanaware Y.K Page 3

 Features of Hash Functions:-
Features of Hash Functions 1. fixed length output
2. efficiency of operation
The typical features of hash functions are −

 Fixed Length Output (Hash Value)

 Efficiency of Operation

Properties of Hash Functions Properties of hash function:-

1.pre-Image Resistance
 Pre-Image Resistance 2.Second Pre-Image Resistance
MD5 Hash Function:- 3.collision Resistance
 Second Pre-Image Resistance
1. popular widely used
2.MD family comprises MD2,MD4,MD5 and MD6 adopted
 Collision Resistance
Internet Standard RFC 1321 it's 128-bit function
3.MD5 widely used provide assurance about integrity of transferred file
 . 4.2004 collision were found in MD5
5.a collision attack resulted in compromised MD5 since MD5 no longer recommeded
Message Digest (MD)
MD5 was most popular and widely used hash function for quite some years.

 The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted
as Internet Standard RFC 1321. It is a 128-bit hash function.

 MD5 digests have been widely used in the software world to provide assurance about
integrity of transferred file. For example, file servers often provide a pre-computed MD5
checksum for the files, so that a user can compare the checksum of the downloaded file
What is MD5 ? Explain in detail?
to it.hash algorithm called MD5(Message Digest Method 5)
1. cryptographic
2.used to create 128 bit digest from arbitrary string length.
 In 2004,
3. hexadecimal numbercollisions wereto found
of 32 bit used in digest
represent MD5. An analytical attack was reported to be
4. method was created in 1991 by RONALD RIVEST enable verification on digital signature
successful
5. it was include severalonly in an hour
framework by using
to improve computer cluster. This collision attack resulted in
security
compromised MD5 and hence it is no longer recommended for use.

What is MD5? Explain in detail

Answer:-

A cryptographic hash algorithm called MD5 (Message Digest Method 5) can be used to create a
128-bit digest from a string of arbitrary length. Hexadecimal numbers of 32 digits are used to
represent the digests.

The method was created in 1991 by Ronald Rivest to enable the verification of digital signatures.
It was included into several different frameworks in order to improve security measures.
Working of MD5

Prof.Nanaware Y.K Page 4

Padding Bits

Verify that the input string's size is 64 bits less than a multiple of 512 when you receive it. In
order to round off the extra characters, you must add zeroes after adding one (1) to the bits of
padding. Padding bits:-
1.to digest message hash function need string size multiples of 512
2.when algorithm receive size less than multiples of 512 then it add bit to fulfill requrement
3. by adding zeros after adding one
4.Definition: These are the individual bits (typically '1' followed by '0's) added to the input data to adjust
its length.

Padding Length

The final string needs to include a few more characters in order to be a multiple of 512. To
achieve this, take the original input's length and represent it as 64 bits. Once the two are
combined, the last string is prepared for hashing.

padding length:-
1. final string need few more char to get in multiples of 512
2. in order to get required length few more char added to input

Prof.Nanaware Y.K Page 5

Initialize MD Buffer:-
1. entire string divide in several blocks each having 512 bits.
2. 4 buffers each having 32 bits
3. each block can be divide into 16 sub blocks each containing 32

Initialize MD Buffer

The entire string is divided into several blocks, each having 512 bits. In addition, four buffers (A,
B, C, and D) need to be initialised. Each of these 32-bit buffers is initialised as follows –

Process Each Block

A 512-bit block can be further divided into 16 sub-blocks, each containing 32 bits. Each of the
four operation rounds makes use of all of the buffers, constant array values, and sub-blocks.

You can refer to this constant array as T[1] ⇒ T[64].

The sub-blocks are identified by the notation M[0] ⇒ M[15].

Application of MD5
 Message digests are used to authenticate and check the integrity of files.
 Data encryption and security were handled using MD5.
 It is used for both password verification and message digestion, whatever the message
size.
 It is also used for graphics and game boards.

Application of MD5:-
1. Authenticate & check integrity of files
2. data encryption and security handled using MD5
3. used for both password verification and message digestion

Prof.Nanaware Y.K Page 6

 What is SHA-512:-
1. it's a secure hash method 512
2. text of arbitrary length ====> fixed size string
3. each output has 512 bits (64 bytes)
4. frequently used for email address hashing , Password Hassing and digital record verification
5. SHA-512
Secure Hash used in block
Function chain technology
(SHA-512)
6. largest function in SHA-2 family
SHA-512, or Secure Hash method 512, is a hashing technique that converts text of arbitrary
length into a fixed-size string. Each output has a SHA-512 length of 512 bits (64 bytes).

This algorithm is frequently used for email address hashing, password hashing, and digital record
verification. SHA-512 is also used in blockchain technology, with the BitShares network
becoming the most known example. Properties of SHA-512:-
1. Deterministic: same input =====> same output
2. data can be calculated very quickly
What is SHA-512? 3. irreversible input (can get input from output)
4.collision resistance: can get same output for different 2 inputs
SHA-512 generates a hash value of 512 bits (64 bytes), making it one of the largest hash
functions in the SHA-2 family. SHA-512, like all cryptographic hash algorithms, has the
following basic properties −

Deterministic − The same input will always get the same result.

Fast to compute − The hash for any given data can be calculated very quickly.

Irreversible − You can not determine the original input from its hash.

Collision-resistant − It is computationally challenging to discover two distinct inputs that

generate the same hash.

Avalanche effect − A small change in input (even flipping a single bit) results in a significantly
different hash.

How SHA-512 Works?

Without going too far into the mathematical concepts, SHA-512 operates as follows −

Initialization − It starts with eight hash values calculated from the square roots of the initial
eight prime numbers.

Pre-processing − The input message is padded so that it is a multiple of the Block size. The
original message's 128-bit length (before padding) is added to the very end of the padded
message.

Parsing − The message is then separated into 1024-bit parts.

Main Loop − The main loop analyses each 1024-bit block in 80 rounds, manipulating the data
via logical operations, bitwise shifts, and modular arithmetic.

Output − After all of the blocks have been processed, the resulting 512-bit message digest is
output as the hash.

Prof.Nanaware Y.K Page 7

 1. Message Padding (Adding Extra Bits)
First, the message is extended (padded) so it fits perfectly into blocks that SHA-512 can
understand.

Padding means adding some extra bits and the original message's length at the end.
Algorithm 2. Initial Values (Starting Point)
SHA-512 starts with 8 secret numbers (they're calculated from math, but you don’t need to
The SHA-512 algorithm
know how). consists of the following steps −

− First,
These are
Message Padding used your
as themessage is padded
starting point for thetoprocess.
ensure that it is the correct size for the
algorithm. This ensures that it can be broken down into blocks and processed.
3. Breaking the Message
The message is broken into parts. Each part is 1024 bits long.
Initial hash values − The algorithm starts with eight initial hash values. These set values serve
as the basis for thedividing
Like hashing procedure.
a long sentence into smaller boxes of the same size.

Message processing − TheEach

4. Processing padded
Partmessage is Work)
(The Main divided into blocks. Each block progresses over a
series of stages
Eachknown as rounds.
part goes throughIn80each round,
rounds the block
of mixing, is mixed
shifting, and adjusted
and combining using
using logicspecific
and math.
techniques.
This helps in scrambling the data in a secure and unique way.
Final hash value − After all blocks have been examined, the hash value is computed. This hash
5. Final Output
value serves After
as a unique fingerprint
processing forSHA-512
all parts, the original
givesmessage.
a 512-bit hash.
Output − The SHA-512
This algorithm
is like a digital generates
fingerprint themessage.
of your final hash result, which is generally a string of
hexadecimal integers. This is the value returned after hashing your original message.
Even if you change just one letter, the hash will be totally different!

Message Authentication Code (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide message

authentication. For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent
along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −
Message Authentication Code:-
1. use symmetric key cryptography technique provide message authentication
2. sender and receiver receive symmetric key K
3. receiver check message authentication and decrypt message

Prof.Nanaware Y.K Page 8

 Working of MAC:-
1. Sender uses some MAC algorithm
2. take arbitrary long input and produce fixed length output
3. similar to hash difference is hash uses asymmetric encryption
4. sender forward message with MAC code
5. On receipt the message and MAC feeded to key and recompute the MAC value
Let us
6. receiver cannow to understand
tryequality
check the entire
of message sendprocess in detail
and message he −received
7. if it match then it receive message
 The
8. if not match sendercannot
e receiver uses some publicly known MAC algorithm, inputs the message and the secret
determine whether key Kit isand
theproduces
messageathat
MAChasvalue.
been altered or it is the origin that has been
falsified. Asa bottom-line, a receiver safely assumes that the message
Similar to hash, MAC function also compresses is not the
an arbitrary longgenuine.
input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during
the compression.
 The sender forwards the message along with the MAC. Here, we assume that the message
is sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.
 On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.
 The receiver now checks equality of freshly computed MAC with the MAC received
from the sender. If they match, then the receiver accepts the message and assures himself
that the message has been sent by the intended sender.
 If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.
Limitation of MAC:-
1.there are two limitation both due symmetric nature
Limitations of MAC 2. Since both parties can generate MACs, the sender can't prove
they sent a message — the receiver could have forged it
3. easy to manipulate message
There are two major limitations of MAC, both due to its symmetric nature of operation −

Establishment of Shared Secret.

 It can provide message authentication among pre-decided legitimate users who have
shared key.

 This requires establishment of shared secret prior to use of MAC.

Types of Message Authentication Codes?

1. One-time MAC

A one-time MAC is a lot like one-time encryption in that a MAC algorithm for a single use is
defined to secure the transmission of data. One-time MACs tend to be faster than other
authentication algorithms.

Types of MAC:-
|
|-- One-time MAC: used for Y.K
Prof.Nanaware one time in message or session Page 9
|-- Carter Wegman MAC similar to One time MAC
|--
|
2. Carter-Wegman MAC

A Carter-Wegman MAC is similar to a one-time MAC, except it also incorporates a

pseudorandom function that makes it possible for a single key to be used many times over.

3. HMAC

With a Keyed-Hash Message Authentication Code (HMAC) system, a one-way hash is used to
create a unique MAC value for every message sent. The input parameters can have various
values assigned, and making them very different from each other may produce a higher level of
security.

Approved Message Authentication Code Algorithms

The approved general-purpose MAC algorithms are HMAC, KECCAK Message Authentication
Code (KMAC), and Cipher-based Method Authentication Code (CMAC). Message
authentication in cryptography depends on hashes, which are used to verify the legitimacy of the
transmission, ensuring the message has not been altered or otherwise corrupted since it was first
transmitted by the sender.

1) Keyed-Hash Message Authentication Code (HMAC)

The HMAC is based on an approved hash function. It performs a function similar to that of the
Rivest-Shamir-Adelman (RSA) cryptosystem, which is one of the oldest methods of sending data
securely. The functions that can be used in HMAC are outlined in the following publications:

1) FIPS 180-4, Secure Hash Standard

2)FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

Guidelines regarding HMAC‟s security are outlined in NIST SP 800-107 Revision 1,

Recommendation for Applications Using Approved Hash Algorithms.

2) KECCAK Message Authentication Code (KMAC)

KMACs consist of keyed cryptographic algorithms, and their parameters are specified in FIPS
202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Two variants
of KECCAK exist: KMAC256 and KMAC128.

Prof.Nanaware Y.K Page 10

3) The CMAC Mode for Authentication

As outlined in SP 800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication, CMAC is built using an approved block cipher, which is an algorithm
that uses a symmetric encryption key, similar to the NIST‟s Advanced Encryption Standard
(AES), which also uses a symmetric key and was used to guard classified information by the
U.S. government.

Knapsack Encryption Algorithm in Cryptography

The Knapsack Encryption Algorithm, also known as the Merkle-Hellman knapsack
cryptosystem, is an asymmetric-key encryption algorithm used to secure data and
communications through two keys: a public key as well as a private key.

How it works?

The Knapsack Encryption Algorithm is an asymmetric-key cryptosystem that requires two

different keys for communication: a public key and a private key. The process of encryption
involves the conversion of the message (plaintext) into an unreadable form using the public key,
while decryption is done using the corresponding private key to retrieve the original plaintext.

The main concept behind the algorithm is to transform a message or the information into a series
of many bits which are then multiplied with another sequence generated from super-increasing
integers. This produces an encrypted code, which can only be deciphered by someone who
knows how to reverse-engineer these calculations using their knowledge of prime factors or
other cryptographic techniques, only possible with possession or knowledge of the private key.

One advantage of Knapsack Encryption is its ability to perform quick computations compared to
other encryption methods like RSA without compromising data security. However, one
disadvantage is its vulnerability when used alone since it has fallen out favor as encryption
standards have evolved over time.

Advantages
1. Optimization: The Knapsack Algorithm helps find the optimal solution for resource-
constrained problems.
2. Efficient: It provides an efficient way to solve problems with a large number of items and
constraints.
3. Scalability: The algorithm can be applied to various problem sizes and complexities.
4. Wide Applicability: The Knapsack Algorithm has applications in various fields, such as:
- Resource allocation
- Logistics

Prof.Nanaware Y.K Page 11

 - Finance
- Computer science

Disadvantages
1. Computational Complexity: The Knapsack Algorithm has a high computational complexity,
especially for large problem instances.
2. Approximation: Heuristics and approximation algorithms are often used to solve Knapsack
Problems, which may not always yield the optimal solution.
3. Sensitivity to Parameters: The algorithm's performance can be sensitive to the choice of
parameters, such as the capacity of the knapsack.

Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography (ECC) is a form of public-key cryptography that is based on

the mathematics of elliptic curves. It provides a secure way to perform cryptographic operations
such as key exchange, digital signatures and encryption. ECC is an alternative to Rivest-Shamir-
Adleman (RSA) encryption, which was first released in 1977.

How does elliptic curve cryptography work?

ECC is based on an area of advanced mathematics called elliptic curves. An elliptic curve is
defined by an equation in the form of y2 = x3 + ax + b, where a and b are constants and the curve
is defined over a finite field. When graphed, it looks like this:

Elliptic curves have some special properties that make them interesting and useful to both
mathematicians and cryptographers. First, elliptic curves are horizontally symmetrical. When
reflected across the x-axis (the horizontal line), both sides are the same, like a mirror image.

Additionally, any non-vertical straight line drawn through an elliptic curve will always intersect
the curve in, at most, three places. In the example below, those points are labeled as P, Q and R.

Prof.Nanaware Y.K Page 12

The security of elliptic curve cryptography is based on the difficulty of solving what‟s known as
the elliptic curve discrete logarithm problem. Given a point P on the curve and a scalar k, it is
extraordinarily difficult to determine the point Q such that Q = k*P – much more difficult than it
is to factor even a very large number.

This property means that ECC can provide comparable or even better security than other public
key encryption algorithms like RSA, with far lower key sizes.

Advantages of elliptic curve cryptography

The fact that ECC provides a very high level of security with short key lengths gives it
advantages over RSA and other public-key cryptography algorithms.

Here are two benefits of using elliptic curve cryptography.

 ECC requires fewer computational resources and less bandwidth for key generation,
encryption and decryption.
 Due to ECC‟s smaller key size, ECC operations, such as key generation, encryption and
decryption, can be performed faster compared to RSA, which means less latency for the end
user.

 ElGamal Encryption Algorithm

ElGamal Encryption is a public-key cryptosystem. It uses asymmetric key encryption
to communicate between two parties and encrypt the message. This cryptosystem is based on
the difficulty of finding discrete logarithms in a cyclic group that is even if we know ga and
gk, it is extremely difficult to compute gak. In this article, we will learn about the Elgamal
algorithm, the components of its algorithm, its advantages & disadvantages, and the
implementation of the ElGamal cryptosystem in Python.
Elgamal Cryptographic Algorithm
The ElGamal cryptographic algorithm is an asymmetric key encryption scheme based on
the Diffie-Hellman key exchange. It was invented by Taher ElGamal in 1985. The algorithm is
widely used for secure data transmission and has digital signatures and encryption applications.
Here‟s an overview of its components and how it works:
Prof.Nanaware Y.K Page 13
Components of the ElGamal Algorithm
1. Key Generation:
 Public Parameters: Select a large prime number p and a generator g of the
multiplicative group Z*p.
 Private Key: Select a private key x such that 1 ≤ x ≤p −2.
 Public Key: Compute h=gx mod p. The public key is (p,g,h) and the private key is x.
2. Encryption:
 To encrypt a message M:
o Choose a random integer k such that 1 ≤ k ≤ p−2.
o Compute C1 = gk mod p.
o Compute C2 =M⋅hk mod p.
o The ciphertext is (c1,c2).
3. Decryption:
 To decrypt the ciphertext (c1,c2) using the private key x:
o Compute the shared secret s= Cx1 mod p.
o Compute s−1 mod p (the modular inverse of s).
o Compute the original message M = C2⋅s−1 mod p.
 ElGamal Encryption Algorithm

Prof.Nanaware Y.K Page 14

Applications of ElGamal Encryption Algorithm
1. Encryption: ElGamal is used for encrypting messages where public
key cryptography is required.
2. Digital Signatures: A variant of ElGamal is used for creating digital signatures,
ensuring message authenticity and integrity.
Advantages
 Security: ElGamal is based on the discrete logarithm problem, which is
considered to be a hard problem to solve. This makes it secure against attacks
from hackers.
 Key distribution: The encryption and decryption keys are different, making it
easier to distribute keys securely. This allows for secure communication between
multiple parties.
 Digital signatures: ElGamal can also be used for digital signatures, which
allows for secure authentication of messages.
Disadvantages
 Slow processing: ElGamal is slower compared to other encryption algorithms,
especially when used with long keys. This can make it impractical for certain
applications that require fast processing speeds.
 Key size: ElGamal requires larger key sizes to achieve the same level of security
as other algorithms. This can make it more difficult to use in some applications.
 Vulnerability to certain attacks: ElGamal is vulnerable to attacks based on the
discrete logarithm problem, such as the index calculus algorithm. This can reduce
the security of the algorithm in certain situations.

Internet Security Protocols

Cyber security protocols are procedures and guidelines put in place to protect computer
systems and networks from unauthorised access, attacks, and damage. They are important
because they help prevent cyber attacks, maintain data confidentiality and integrity, and ensure
the availability of systems and networks
let us look at the various types of Internet Security Protocols :
1. SSL Protocol :
 SSL Protocol stands for Secure Sockets Layer protocol, which is an encryption-based
Internet security protocol that protects confidentiality and integrity of data.
 SSL is used to ensure the privacy and authenticity of data over the internet.
 SSL is located between the application and transport layers.
 At first, SSL contained security flaws and was quickly replaced by the first version of
TLS that‟s why SSL is the predecessor of the modern TLS encryption.
 TLS/SSL website has “HTTPS” in its URL rather than “HTTP”.
 SSL is divided into three sub-protocols: the Handshake Protocol, the Record Protocol,
and the Alert Protocol.
2. TLS Protocol :

Prof.Nanaware Y.K Page 15

 
Same as SSL, TLS which stands for Transport Layer Security is widely
used for the privacy and security of data over the internet.
 TLS uses a pseudo-random algorithm to generate the master secret
which is a key used for the encryption between the protocol client and
protocol server.
 TLS is basically used for encrypting communication between online
servers like a web browser loading a web page in the online server.
 TLS also has three sub-protocols the same as SSL protocol –
Handshake Protocol, Record Protocol, and Alert Protocol.
3. Set Protocol :
 Secure Electronic Transaction (SET) is a method that assures the
security and integrity of electronic transactions made using credit cards.
 SET is not a payment system; rather, it is a secure transaction protocol
that is used via the internet.
 The SET protocol provides the following services:
1. It establishes a safe channel of communication between all
parties engaged in an e-commerce transaction.
2. It provides confidentiality since the information is only available
to the parties engaged in a transaction when and when it is
needed.
 The SET protocol includes the following participants:
1. Cardholder
2. Merchant
3. Issuer
4. Acquire
5. Payment Gateway
6. Certification Authority
 How it Works:-
Both cardholders and merchants must register with CA (certificate authority) first,
before they can buy or sell on the Internet. Once registration is done, cardholder and
merchant can start to do transactions, which involve 9 basic steps in this protocol, which is
simplified.
i. Customer browses website and decides on what to purchase.
ii. Customer sends order and payment information, which includes 2 parts in one message:
a. Purchase Order (PO) – this part is for merchant
b. Card Information (CI) – this part is for merchant‟s bank only.
iii. Merchant forwards card information (part b) to their bank.
iv. Merchant‟s bank checks with Issuer for payment authorization.

Prof.Nanaware Y.K Page 16

 v. Issuer sends authorization to Merchant‟s bank.
vi. Merchant‟s bank send authorization to merchant.
vii. Merchant completes the order and sends confirmation to the customer.
viii. Merchant captures the transaction from their bank.
ix. Issuer prints credit card bill (invoice) to customer.

 Dual Signature :-
An important innovation introduced in SET is the dual signature. The purpose of the
dual signature is to link two messages that are intended for two different recipients. In this
case, the customer wants to send the order information (OI) to the merchant and the payment
information (PI) to the bank.
The merchant does not need to know the customer's credit-card number, and the bank
does not need to know the details of the customer's order. The customer is afforded extra
protection in terms of privacy by keeping these two items separate.
However, the two items must be linked in a way that can be used to resolve disputes
if necessary. The link is needed so that the customer can prove that this payment is intended
for this order and not for some other goods or service.

4. PGP Protocol :
 PGP Protocol stands for Pretty Good Privacy, and it is simple to use
and free, including its source code documentation.
 It also meets the fundamental criteria of cryptography.
 When compared to the PEM protocol, the PGP protocol has grown in
popularity and use.
 The PGP protocol includes cryptographic features such as encryption,
non-repudiation, and message integrity.

Secure Sockets Layer

SSL or Secure Sockets Layer, is an Internet security protocol that encrypts data to keep
it safe. It was created by Netscape in 1995 to ensure privacy, authentication, and data integrity
in online communications. SSL is the older version of what we now call TLS (Transport Layer
Security).
Websites using SSL/TLS have “HTTPS” in their URL instead of “HTTP.”
Working of SSL
 Encryption: SSL encrypts data transmitted over the web, ensuring privacy. If someone
intercepts the data, they will see only a jumble of characters that is nearly impossible to
decode.

Prof.Nanaware Y.K Page 17

 Authentication: SSL starts an authentication process called a handshake between two
devices to confirm their identities, making sure both parties are who they claim to be.
 Data Integrity: SSL digitally signs data to ensure it hasn‟t been tampered with, verifying
that the data received is exactly what was sent by the sender.
Importance of SSL
Originally, data on the web was transmitted in plaintext, making it easy for anyone who
intercepted the message to read it. For example, if someone logged into their email account,
their username and password would travel across the Internet unprotected.
SSL was created to solve this problem and protect user privacy. By encrypting data between a
user and a web server, SSL ensures that anyone who intercepts the data sees only a scrambled
mess of characters. This keeps the user‟s login credentials safe, visible only to the email
service.
Additionally, SSL helps prevent cyber attacks by:
 Authenticating Web Servers: Ensuring that users are connecting to the legitimate website,
not a fake one set up by attackers.
 Preventing Data Tampering: Acting like a tamper-proof seal, SSL ensures that the data
sent and received hasn‟t been altered during transit.
Secure Socket Layer Protocols
1. SSL Record Protocol
2. Handshake Protocol
3. Change-Cipher Spec Protocol
4. Alert Protocol

SSL Record Protocol

SSL Record provides two services to SSL connection.
 Confidentiality
 Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment is
compressed and then encrypted MAC (Message Authentication Code) generated by algorithms
like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After that
encryption of the data is done and in last SSL header is appended to the data.

Prof.Nanaware Y.K Page 18

Handshake Protocol
Handshake Protocol is used to establish sessions. This protocol allows the client and
server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purposes.
 Phase-2: Server sends it certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending it certificate and
Client-exchange-key.
 Phase-4: In Phase-4 Change Cipher Spec occurs and after this the Handshake
Protocol ends.

Prof.Nanaware Y.K Page 19

SSL Handshake Protocol Phases diagrammatic representation

Change-Cipher Protocol
This protocol uses the SSL record protocol. Unless Handshake Protocol is completed, the SSL
record Output will be in a pending state. After the handshake protocol, the Pending state is
converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and can have
only one value. This protocol‟s purpose is to cause the pending state to be copied into the
current state.

Alert Protocol
This protocol is used to convey SSL-related alerts to the peer entity. Each message in this
protocol contains 2 bytes.

Prof.Nanaware Y.K Page 20

The level is further classified into two parts:
Warning (level = 1)
This Alert has no impact on the connection between sender and receiver. Some of them are:
 Bad Certificate: When the received certificate is corrupt.
 No Certificate: When an appropriate certificate is not available.
 Certificate Expired: When a certificate has expired.
 Certificate Unknown: When some other unspecified issue arose in processing the
certificate, rendering it unacceptable.
 Close Notify: It notifies that the sender will no longer send any messages in the
connection.
 Unsupported Certificate: The type of certificate received is not supported.
 Certificate Revoked: The certificate received is in revocation list.
Fatal Error (level = 2):
This Alert breaks the connection between sender and receiver. The connection will be stopped,
cannot be resumed but can be restarted. Some of them are :
 Handshake Failure: When the sender is unable to negotiate an acceptable set of security
parameters given the options available.
 Decompression Failure: When the decompression function receives improper input.
 Illegal Parameters: When a field is out of range or inconsistent with other fields.
 Bad Record MAC: When an incorrect MAC was received.
 Unexpected Message: When an inappropriate message is received.
The second byte in the Alert protocol describes the error.
Salient Features of Secure Socket Layer
 The advantage of this approach is that the service can be tailored to the specific needs of
the given application.
 Secure Socket Layer was originated by Netscape.
 SSL is designed to make use of TCP to provide reliable end-to-end secure service.
 This is a two-layered protocol.
Versions of SSL
SSL 1 – Never released due to high insecurity
SSL 2 – Released in 1995
SSL 3 – Released in 1996
TLS 1.0 – Released in 1999
TLS 1.1 – Released in 2006
TLS 1.2 – Released in 2008
TLS 1.3 – Released in 2018

 E-Mail Security:-
E-mail communication is insecure. E-mails can be read and modified as they are passed
through the Internet as clear-text.
E-Mail is usually sent over the Internet as plain text. It can be read and altered by anyone
whose server it passes through.
Therefore, two basic needs have emerged:

Prof.Nanaware Y.K Page 21

E-Mail Security:-
1. Email are insecure send on internet as plain text
2. there fore 2 basic need have emerged
3. Confidentiality:- read by only recipient not anyone else
 Confidentiality- The e-mail can only be read by the intended recipient. This is ensured using
encryption.
Authentication- The e-mail has been written by particular person and has not been altered on its
way over the Internet. This can be accomplished using digital signatures.
PGP:-
1. provide security at application layer
A] PGP:- 2. designed to make email confidential and authenticated
3.sending an email is one time activity no session generated
1. Stands for Pretty Good Privacy.
2. PGP provides security at Application Layer.
3. PGP is designed to create authenticated and confidential e-mails.

Figure: Position of PGP in the TCP/IP protocol suite

4. Sending an e-mail is a one-time activity. In e-mail, there is no session. „A‟ and „B‟
cannot create a session. „A‟ sends a message to „B‟; sometime later, „B‟ reads the
message and may or may not send a reply.

 How PGP work:-

How PGP encryption works:-
1. When a user encrypts plaintext with PGP, PGP first compresses the plaintext.
2. PGP then creates a session key, which is a one-time-only secret key.
3. This session key works with a very secure, fast conventional encryption algorithm to
encrypt the plaintext; the result is ciphertext.
4. Once the data is encrypted, the session key is then encrypted using the recipient's public
key.
5. This encrypted session key is transmitted along with the ciphertext to the recipient.
user encrypt message with PGP===> PGP create session key one time only secreate key====>
===> session key work with very secure ,fast conventional encryption===>data encrypted with session key
transmitted to receiver ====> receiver decrypt the message

Prof.Nanaware Y.K Page 22

 Decryption work in reverse====> receipts copy of PGP uses his
private key to recover temporary session key.
How PGP encryption works:- PGP uses session to decrypt the conventionally encrypted cipher test.
1. Decryption works in the reverse.
2. The recipient's copy of PGP uses his or her private key to recover the
temporary session key.
3. PGP then uses this session/secrete to decrypt the conventionally- encrypted
cipher text.
 Security Parameters:-
E-mail is a one-time activity. In PGP, the sender of the message needs to include
the identifiers of the algorithms used in the message as well as the values of the keys.

 Services:-
PGP can provide several services based on the requirements of the user. An e-mail
Services:- can use one or more of these services.
|
|--Plaintext:- simplest1.case in whichThe
Plaintext: sender send the
simplest casemessage in the
is to send plaintext
e-mail(no services)
message in plaintext (no service). The
|--Message Authentication:- let sender sign a message. sender create digest of the message send it to the receiver message
sender composes a message and sends it to the receiver. The message is stored in
stored in the message box & retrived by user
receiver
|--Compression:- further improvement mailbox
is tountil it is retrieved
let sender compress bymessage
him. and digest to make package more compact . this
process has no improvement in security but it ease the traffic, compression save transmission time, space .
|--Confidentiality with one time session key:- can be achieves using one time session key sender create session key use it to
encrypt message and send Y.K
Prof.Nanaware key with encrypted message to protect session key sender encrypt the sender's Page public
23key.
|-- Code Conversion:- another service provide by PGP is Code conversion , most email allow message in ASCII characters
to translate in another character not in ASCII set PGP use Radix 64 conversion. each character to be sent converted
into Radix 64
|-- Segmentation :- PGP allow segmentation of the message it has been converted into Radix 64 to make each transmitted unit
the uniform size allowed by the underlying email protocol.
 2. Message Authentication: Probably the next improvement is to let sender sign the
message. Sender creates a digest of the message and signs it with her private key. When
receiver receives the message, he verifies the message by using sender‟s public key.
Two keys are needed for this scenario. Sender needs to know her private key; receiver
needs to know Senders public key.
3. Compression: A further improvement is to compress the message and digest to make
the packet more compact. This improvement has no security benefit, but it eases the
traffic. Compression saves modem transmission time and disk space and more
importantly, strengthens.
4. Confidentiality with One- Time Session Key: Confidentiality in an e-mail system can
be achieved by using conventional encryption with a one-time session key. Sender can
create a session key, use the session key to encrypt the message and the digest, and
send the key itself with the message. However, to protect the session key, Sender
encrypts it with receiver‟s public key.
5. Code Conversion: Another service provided by PGP is code conversion. Most e-mail
systems allow the message to consist of only ASCII characters. To translate other
characters not in the ASCII set, PGP uses Radix 64 conversion. Each character to be
Multipurpose
sent (after encryption) Internet mail
is converted extension
to Radix 64 code.
1. Internet standard help extend limited capabilities of email allow insertion of image, video,
6. Segmentation:text
PGP message
allows segmentation of the message after it has been converted to
2. proposed by Bell Communication 1991 specification defines in 1992 for RFCs 1341 &
Radix 64 to make
1342
each transmitted unit the uniform size allowed by the underlying e-
mail protocol.
3. designed to extend format of email to support ASCII characters other than text format
4. MIME describe message content type of encoding used with the help of header
5. manually composed email shared using SMTP in MIME format association called
 MIME:- SMTP/MIME
1. Stands for Multipurpose Internet Mail Extensions.
2. Multipurpose Internet Mail Extensions (MIME) is an Internet standard that helps extend
the limited capabilities of email by allowing insertion of images, sounds, video and
text in a message.
3. It was proposed by Bell Communications in 1991, and the specification was originally
defined in June 1992 for RFCs 1341 and 1342.
4. MIME was designed to extend the format of email to support non-ASCII characters,
attachments other than text format, and message bodies which contain multiple parts.
5. MIME describes the message content type and the type of encoding used with the help
of headers.
6. All manually composed and automated emails are transmitted through SMTP in MIME
format. The association of Internet email with SMTP and MIME standards is such that
the emails are sometimes referred to as SMTP/MIME email.
7. The features offered by MIME to email services are as follows:
a. Support for multiple attachments in a single message
b. Support for non-ASCII
Features of MIME characters
1. Support multiple attachments in single page
Prof.Nanaware Y.K 2.Support non ASCII characters Page 24
3.Support for layout, font and colors which are categorized as rich text
4. support multiple file format may contain executable audio and video & files
5. support unlimited message length
MIME describes |--MIME version= Describe MIME format used or not value of header is 1.0 show version of header
| |--Content Type= data's intenet media type and the subtype
|-- Special header directive |--Encoding = it use 8 bit , 7 bit , base64 and binary
|-- Encoding used |--Content Description= more info about content of message
|-- Type of message content|--Content ID- unique ID of msg

c. Support for layouts, fonts and colors which are categorized as rich text.
d. Support for attachments which may contain executables, audio, images and video
files, etc.
e. Support for unlimited message length.

8. The format of a message body is described by MIME using special header directives.
Using headers, MIME describes the type message content and the encoding used.
a. MIME Version: The presence of MIME Version generally indicates whether the
message is MIME formatted. The value of the header is 1.0 and it is shown as
MIME-Version: 1.0. The idea behind this was to create more advanced versions of
MIME like 2.0 and so on.
b. Content-Type: This describes the data’s Internet media type and the subtype. It
may consist of a „charset‟ parameter separated by a semicolon specifying the
character set to be used.
For example: Content-Type: Text/Plain.
E.g.: A GIF image, has following MIME type-
Content-Type: image/gif
c. Content-Transfer-Encoding: It specifies the encoding used in the message body.
E.g.: 7 bit, 8 bit, base64, and binary.
d. Content-Description: Provides additional information about the content of the
message.
e. Content-Disposition: Defines the name of the file and the attachment settings and
uses the attribute 'filename'.
f. Content ID: Represents a unique identification for each message segment.

S= provide public key encryption and signing of MIME data

= encrypt emails and digitally sign them
B] S/MIME:-
1. Stands for Secure/Multipurpose Internet Mail Extensions.

2. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public

key encryption and signing of MIME data. S/MIME allows you to encrypt emails and
digitally sign them.

3. S/MIME provides following security services - Authentication, Data integrity, Non-

repudiation of origin (using digital signatures), Privacy and a Data security (Using
Encryption). Together, they ensure recipients that the message came from the sender, and
that the message received is the message that was sent.
4. S/MIME is on an IETF (Internet Engineering Task Force) standards track.
5. S/MIME specifies a protocol to encrypt and digitally sign e-mail messages.

 Signed Mail:
Prof.Nanaware Y.K Page 25
 1. In general, a message could be signed by person A by just encrypting the message
using his private key (= signing).
2. Recipient B can try to decrypt the message using A‟s public key (= verifying).

3. If he succeeds, he can be sure that the message is authentic and has not been altered
with, because a message, that can be decrypted using A‟s public key must have been
encrypted using A‟s private key (to which only A has access).

4. However, for the sake of performance and ease-of-use, S/MIME does signing a bit
differently:

a. Only a message digest is encrypted, which is faster than encrypting the entire
message.

b. Therefore, a copy of the original, unsigned message must be included with the
mail.
The following steps are taken in order to create a signed message:
i. The user writes the message as clear-text.
ii. The message digest is being calculated (using SHA-1[2] or MD5 [3]).
iii. The message digest is being encrypted using the signer‟s private key (DSS [4] or
RSA [5]).

Prof.Nanaware Y.K Page 26

 Table:- Contents of a clear-signed e-mail
 Encrypted Mail:-
1. An encrypted message, sent by A to B, can only be read by B.

2. This is ensured by encrypting the message using B‟s public key, which is available
to everyone.
3. However, only B can decrypt the message, because only he owns his private key.

4. Again, to enhance performance, S/MIME implementations do something slightly

different:

a. The message is not encrypted using B‟s public key but instead using a
randomly created symmetric session key. Symmetric encryption/decryption is
faster than asymmetric algorithms.

b. The temporary session key is being encrypted using B‟s public key. Therefore,
only B can retrieve the session key and thus decrypt the original message.
The following steps are taken in order to create an encrypted message:
i. The user writes the message as clear-text.
ii. A random session key is being created (triple DES [6] or RC2 [7])
iii. The message is being encrypted using the random session key.
iv. For every recipient, the session key is being encrypted using the recipient‟s public
key (DH[8] or RSA[5]).

Prof.Nanaware Y.K Page 27

 Fig.:- Encrypted Mail

Prof.Nanaware Y.K Page 28