Chapter 1

Public Key Infrastructure (PKI)

05/13/22 Vivek Kapoor 1

 Introduction

• PKI is closely related to the ideas of asymmetric key cryptography,

mainly including message digests, digital signatures and encryption
services.( as discussed previously)
• They are known as passports of web.
• Here we will discuss role of certification authorities (CA) ,
registration authorities (RA) , how one CA is related to another, root
CA, self signed certificates & cross certification, validating digital
certificates, special protocols such as CRL, OCSP, SCVP , Popular
standard such as PKIX and PKCS for digital certificates and PKI.

05/13/22 Vivek Kapoor 2

 Introduction
• We have discussed the problem of key exchange (Diffie Hellman
key exchange) which can easily lead to man in the middle attack.
• Thus there is a problem for key exchange in public key cryptography
also, because openly exchange of keys can lead to man in middle
attack.
• This problem was solved with an idea of digital certificates.
• Digital certificate is a document such as our passport or driving
license.
• Digital certificate is a computer file such as vivek.cer, but in actual
practice the file extensions can be different.
• Such as my passport certifies between me and my character tics,
hence digital certificate certifies between me and my public key.
• Since passport is certified by a trusted agency such as government,
hence digital certificate is certified by a trusted agengy called
certification Authority (CA).

05/13/22 Vivek Kapoor 3

 Conceptual view of my digital certificate

Fig.
Digital Certificate
Subject Name: Vivek Kapoor
Public Key: <#^&89>
Serial No.: 103467
Other Data: [email protected]
Valid from: 1 Jan 2001
Valid to: 31 Dec 2004
Issuer Name: VeriSign
…
….
05/13/22 Vivek Kapoor 4
 Certification Authority (CA)

• It is a trusted agency that issue a digital certificate.

• Who can be a CA? It is someone to whom everybody trusts i.e
government, reputed organization such as post office, software
company etc….
• Two of famous CA’s are VeriSign and Entrust Safescrypt Limited, a
subsidiary of Satyam Infoway Ltd. (first Indian CA in 2002).
• Thus Ca has an authority to issue digital certificates to individuals
who want to use digital certificates in asymmetric key cryptographic
applications.
• A standard called as X.509 defines the structure of a digital
certificate. It was a part of another standard called as X.500 which
was revised twice.
• The current version of standard is V3.

05/13/22 Vivek Kapoor 5

 Contents of Digital Certificate.

Fig.
Version Version 1
Certificate Serial No.
Issuer Name Version 2
Validity ( Not Before/Not after)
Subject public key info. Version 3
Issuer Unique identifier
Subject unique identifier
Extensions
Certification Authority Digital Signature All Versions

05/13/22 Vivek Kapoor 6

 Description of the various fields in a X.509
digital certificate Version 1/2
• Version: Identifies a particular version 1,2 3.
• Certificate serial No.: Unique serial no. generated by CA.
• Signature Algorithm Identifier: Algorithm used by CA to sign the certificate.
• Issuer Name: Distinguished Name of CA that created and signed the
certificate.
• Validity (Not Before/Not after): Two date time values.
• Subject Name: Person to whom certificate is issued.
• Subject public key Information: Subject’s public key and algorithms related
to that key.
• Issuer Unique identifier: Identify a CA uniquely if two or more CA’s has
used same issuer no.
• Subject Unique Identifier: Identify a subject uniquely if two or more
subject’s has used same issuer no.

05/13/22 Vivek Kapoor 7

 Description of the various fields in a X.509
digital certificate Version 3
• Authority key identifier: Which pair of key is used to sign this
certificate.
• Subject key identifier: Subject pair of key.
• Key usage: Scope of operation of public key.
• Extended Key usage: Protocols this certificate can interoperate.
• Private key usage period: Period limits for the private & public keys
corresponding to this certificate.
• Certificate policies:
• Policy Mappings: Used only when subject of a given certificate is
also a CA.
• Subject alternative name: Alternatives name for the subject.
• Issuer alternative name: Alternatives name for the issuer.
• Subject Directory Attributes: Additional information about the
subject.
• Basic constraints: Indicates weather subject in the CA may act as
CA.
05/13/22 Vivek Kapoor 8
 Registration Authority (RA)
• CA can delegate some of its task to some third party called
Registration Authority (RA).
• Registration authority is between end user and Certification
authority (CA).
• RA provider following basic services:
1) Accepting & verifying registration info. About new users.
2) Generating keys on behalf of end users.
3) Accepting & authorizing requests keys backups and recovery.
4) Accepting & authorizing requests for certificate revocation.
• Due to RA CA becomes an isolated identity, which makes it less
susceptible to security level attacks.
• So communication between RA & CA is highly protected.
• RA is mainly set up for facilitating the interaction between end user
and the CA.
•05/13/22
Issuing, revocation, management of certificates is done by CA.
Vivek Kapoor 9
 Certificate Creation Steps

• Fig.

Key Generation

Registration

Verification

Certificate Creation

05/13/22 Vivek Kapoor 10

 Certificate Creation Steps (Step 1)

• There are two approaches for this purpose:

a) Subject can create private and public key pair using some
software, usually this software is a part of web browser.
Subject keep the private key secret and then sends public key
along with other information & evidences to the RA.
b) Alternatively RA can generate a key pair on the user’s or subject
behalf. This happens when subject does not know the
technicalities involved in key generation.
Major disadvantages in this approach is that RA comes to know
about user private key.

05/13/22 Vivek Kapoor 11

 Certificate Creation Steps (Step 2)

• This step is required when user generates key in the first step.
• Here subject sends public key along with other information &
evidences to the RA.
• For this software provides wizard in which all users enters the data
and submits it. It is called certificate signing request.
• This is one of the public key cryptographic standards which we will
study latter.

05/13/22 Vivek Kapoor 12

 Certificate Creation Steps (Step 3)

• Verification is done in two respects as follows:

a) RA verifies user’s credentials.
b) The second check is to ensure that user should have private key
corresponding to the public key i.e is send as a part of certificate
request. This check is called proof of possession.
• Approaches for proof of possession are:
1) RA can demand that user must send digitally signed certificate
signing request (CSR) using his private key.
2) RA can create a random no. challenge encrypt it with user’s
public key and send it to user. If user successfully decrypt it then
it is assumed that user contains private key.
3) RA sends the digital certificate to the user encrypted by the user
public key. User will decrypt it using its private key & thus obtains
the certificate.

05/13/22 Vivek Kapoor 13

 Certificate Creation Steps (Step 4)

• Assuming that all the previous steps are successful, RA passes on

all details to the CA.
• CA then creates the certificate. There are programs to create the
certificate in X.509 format.
• CA sends the certificate to the user and retains a copy of it. CA’s
copy is maintained in certificates directory. Contents of the directory
is similar to those of telephone directory.
• The directory clients can request for and access information from
central repository using Lightweight Directory Access Protocol
(LDAP).
• Digital certificate is in unreadable format. An application program
actually intercepts the certificate
• We can invoke internet explorer browser to view the certificate.

05/13/22 Vivek Kapoor 14

 Why we should trust digital certificate?

• Why we trust a passport? Because it is stamped & signed by an

authority.
• We cannot trust digital certificate because it contains some
information about user and its public key.
• After all digital certificate is a computer file.
• Therefore I can create a digital certificate file with whatever public
key I want to use.

05/13/22 Vivek Kapoor 15

 How does a CA sign a certificate?

• Suppose we want to verify the digital certificate.

• We will note that last field in a digital certificate is always the digital
signature of the CA.
• So a digital certificate contains not only user information but also the
digital signature, like a passport is always signed by the authority.

05/13/22 Vivek Kapoor 16

Creation of the CA signature on a certificate.
Fig. Version A message digest of all but
Certificate Serial No. the last fields of the digital
Issuer Name certificate is created.
Validity ( Not Before/Not after)
Subject public key info. Message Digest algorithm
Issuer Unique identifier
Subject unique identifier
Extensions
Certification Authority Digital Signature
Certificates authority Encrypt
Message Digest
private key

This digital signature is stored

as the last field of the digital Digital Signature
certificate

05/13/22 Vivek Kapoor 17

 How can we verify a digital certificate?
A message digest of all but
Version the last fields of the digital
Certificate Serial No. certificate is created.
Issuer Name
Validity ( Not Before/Not after)
Subject public key info. Message digest algorithm
Issuer Unique identifier
Subject unique identifier
Extensions
Certification Authority Digital Signature Message Digest (MD1)

Digital Signature CA’s public Is MD1

key =MD2?

Yes No
Message Digest (MD2) Valid
05/13/22 Vivek Kapoor Invalid 18
Accept it Reject it
 Certificate Hierarchies & Self-Signed
Certificates
• Suppose Alice received Bob’s certificate & she wants to verify it. For
Alice wants to design the bob’s certificate using Bob’s CA public
key.
• How will Alice know Bob’s CA public key?
• If their CA’s are same then there is no problem ? But if they are
different then the problem arises.
• To resolve this type of problem Certification Authority Hierarchy is
created. This is also called Chain of Trust. In other terms CA’s are
grouped into multiple level of CA hierarchy.
• CA hierarchy begins with the root CA.
• The root CA has one or more 2nd level CA, which in turn have one or
more third level CA’s and so on.
• This type of hierarchy relieves the root CA from having to mange all
the possible digital certificates.

05/13/22 Vivek Kapoor 19

 Certificate Hierarchies & Self-Signed
Certificates
• For example one second level CA could be responsible for the
western region, other for the eastern region and so on…
• Each of the 2nd level CA can appoint 3rd level CA and so on…
Root CA

2nd Level CA 2nd Level CA 2nd Level CA

3rd Level CA 3rd Level CA 3rd Level CA 3rd Level CA

….
05/13/22 Vivek Kapoor … 20
…
 Certificate Hierarchies & Self-Signed
Certificates
• For example one second level CA could be responsible for the
western region, other for the eastern region and so on…
• Each of the 2nd level CA can appoint 3rd level CA and so on…
Root CA

2nd Level CA A1 2nd Level CA A2 2nd Level CA A3

3rd Level CA B1 3rd Level CA B2 3rd Level CA B10 3rd Level CA B11
….
05/13/22 Alice Vivek Kapoor … Bob 21
…
 Certificate Hierarchies & Self-Signed
Certificates
• If Alice has obtained her certificate from a third level CA & Bob has
obtained his certificate from other third level CA, How can Alice verify
Bob’s certificate?
• Clearly Bob in addition to his own certificate Bob will send certificate
of his CA (i.e B11) to Alice. This would tell Alice the public key of
B11.
• Using the public key of B11, Alice can design and verify Bob’s
certificate.
• Now question arises how will Alice will trust B11 certificate.
• For this Alice will required A3 certificate since B11 certificate has
obtained certificate from A3 and this will go so on until it reaches the
root certificate.
• The root CA’s are considered to be trusted CA’s, for this Alice web
browser contains pre programmed, hard coded certificate of the root
certificate
• Root certificate is self signed certificate i.e root signs its owns
certificate
05/13/22 Vivek Kapoor 22
 Certificate Hierarchies & Self-Signed
Certificates
• But in actual sequence of operations Bob will send all certificates up
to the root CA in the first message to Alice. This is called Push
Model.
• Alice will verify all the certificates. This is called Pull Model.

05/13/22 Vivek Kapoor 23

05/13/22 Vivek Kapoor 24
 Cross Certification

• It is possible that Alice & Bob live in different countries i.e their root
CA’s will be different.
• In fact, in one country can have multiple root CA’s.
• Root CA’s in US are VeriSign, Thawte & US postal service.
• This could lead us to the same old story of a never ending chain of
certification authority hierarchy and their validations.
• Alternative to this problem is cross-certification.
• Because single monolithic CA certifying every possible user in the
world is quiet unlikely. This is a concept of decentralization. Of CA’s
for different countries.
• It helps CA’s not only to work with smaller population but also work
independently.

05/13/22 Vivek Kapoor 25

 Cross Certification
• Fig.
Root CA of Root CA of USA
INDIA

2nd level CA 2nd level CA

(A1) (P1)

3rd level CA (B1) 3rd level CA 3rd level CA 3rd level CA

(B2) (Q1) (Q2)

Alice
…. …. Bob

05/13/22 Vivek Kapoor 26

 Certificate Revocation
• Some of the common reason for the revocation of the certificates:
1) The holder of certificate reports that his private key is
compromised.
2) The CA realizes that it had made some mistake while issuing the
certificate.
3) The certificate holder leaves the job, and the certificate was
issued specifically while the person was in job.
• For this CA must came to know about certification revocation
request.
• CA must authenticate the certificate revocation requester before
accepting the revocation request, other someone will misuse it.
• There are two mechanisms for Certificate revocation status
mechanisms offline and online.

05/13/22 Vivek Kapoor 27

 Certificate Revocation

• Fig. Digital Certification

revocation Checks

Offline revocation status Online revocation

checks status checks

Certification revocation Online certification Online certification

List (CRL) validation protocol (OCSP) validation protocol (OCSP)

05/13/22 Vivek Kapoor 28

 Offline certificate revocation status checks

• The Certification revocation List (CRL) is the primary means of

checking the status of digital certificate offline.
• CRL is a list of certificates published regularly by each CA.
• It list only those certificates whose validity is not over, but they are
revoked due to some reason.
• A CRL grows over a period of time.
• Thus if X wants to verify Y’s certificate, he has to do the following in
sequence:
# Certificate expiry check
# Signature check
# Certificate revocation check.

05/13/22 Vivek Kapoor 29

 Offline certificate revocation status checks

• Fig.
CA: XYZ
Certification revocation List (CRL)
This CRL: 1 Jan 2002, 10.00AM
Next CRL: 12 Jan 2002, 10.00AM

Serial No. Date Reason

1234567 30-Dec-01 Pvt. Key Compromised
2356115 30-Dec-01 Changed job
…. …. ….

05/13/22 Vivek Kapoor 30

 Offline certificate revocation status checks

• Initially CA can send a one-time full up-to-date CRL to the users.

This is called base CRL.
• However next time he will not send the full CRL but the changes
(called delta) to the CRL since last update.
• This mechanism makes transportation of CRL file easier & reduces
network transmission overheads.
• Delta CRL file contains an indicator called as delta CRL indicator
which informs user that this file is not complete.
• It also contains a sequence no., which allows user to check all delta
CRL’s.
• CRL is a offline certification revocation status check because they
are issued periodically.
• This latency is a major drawback of CRL approach.

05/13/22 Vivek Kapoor 31

 Format of a CRL

• Fig.
Version Header
Fields
Signature Algorithm identifier
This update (Date and Time)
Next update (Date and Time)
User Certification Sr. No. Revocation Date CRL Entry Ext. Repeating
……… …………. …………… entries

……… ………… …………..

CRL Ext. Trailer
fields
Signature

05/13/22 Vivek Kapoor 32

 Offline certificate status Protocol (OCSP)

• It is used to check the validity of a digital certificate at a particular

moment.
• It has following steps:
1) CA provides a server called as an OCSP responder. Client sends
OSCP request to find the validity of a certificate.
2) The OSCP responder consults X.5000 directory to see particular
certificate is valid or not.
3) Based on results from X.500 directory, OSCP responder sends
back digitally signed response to the client.
• OSCP does not check validity of chain of certificates associated
with current certificate.

05/13/22 Vivek Kapoor 33

 Offline certificate status Protocol (OCSP)

• It was designed to deal with the drawbacks of OSCP.

• Difference between OSCP & SCVP:
OSCP SCVP
Client request: Sends certificate Sr. No. Sends entire certificate
Chain of request: Given certificate is checked Intermediate certificate is
checked
Checks: Certification revocation Additional checks( full chain of
trust etc)
Returned Info. Status of certificate Additional Info. ( Proof of
revocation status,
chain of certification validation)
Additional features None Certificate can be checked for a
backdated event

05/13/22 Vivek Kapoor 34

 Certificate Types

• Not all digital certificates have same status and cost. Depending on
requirements they differ.
• Certificate types can be classified as follows:
# Email certificates: It includes the user’s email id. It is used to verify
that signer of an email message has an email id i.e is same as it
appears in user’s certificate.
# Server-side SSL certificates: These are for merchants who allow
buyers to purchase goods from their online website. They are
issued after careful scrutiny of merchant credentials.
# Client-side SSL certificates: It allow merchant to verify client.
# Code-signing certificates: These are used to sign java applets code
or Microsoft active X codes which are embedded over the web
page.

05/13/22 Vivek Kapoor 35

 Roaming Certificates

• There is a problem of portability.

• Smart cards is one technology for making it possible. But it needs
smart card readers everywhere.
• A better solution is Roaming certificates. It works as follows:
1) The user digital certificates & private keys along with user id’s &
passwords are stored in central secure server called credential
server.
2) User can log into any computer & authenticates himself using id &
password to the credential server.
3) The credential server verifies the user id & password, using
credential database. If the user is successfully authenticated, the
credential server sends the digital certificate and private key file to
the user.

05/13/22 Vivek Kapoor 36

 Attribute Certificates

• They are used to established relation between an entity and a set of

attributes related to the entity.
• Attribute certificates can be used in authorization services that
control access to networks, databases etc… as well as physical
access to buildings.

05/13/22 Vivek Kapoor 37

 Protecting private keys
• Private key of user should be kept secret. Mechanisms for protecting
private keys are:
1) Password protection: Pvt. Key is stored in the hard disk of the user’s
computer as a disk file. The file can only be accessed with the help of
password. Any one can guess the password.
2) PCMCIA cards: They are chip cards. Pvt. key is stored in it. It reduces
the chances of being stolen. But for encryption pvt. Must travel from
chip to computer hard disk memory from where it can be stolen.
3) Tokens: Token stores pvt. Key in encrypted form. To decrypt it the
user needs one time password.
4) Biometrics: The pvt. Key is associated with unique charactertics of
the individual( Finger print, retina scan etc…)
5) Smart cards: Smart card contains a computer chip, which can perform
signing & encryption. Benefit of this scheme is that pvt. Key never
leaves the card. Disadvantages are tht user has to carry smart card
with itself & there should be compatible smart card readers available

05/13/22 Vivek Kapoor 38

 Multiple Key Pairs & Key Update

• It is recommended that user must possess multiple key pairs.

• One key pair should be for certificate signing, other should be for
encryption.
• Following guidelines are helpful:
1) Pvt. Key used for signing (Non repudiation) must not be backed
up after it has archived, because there is a chance that other can
misuse it.
2) Pvt. key used for encryption must be backed up because
encrypted information can be recovered even at the later date.
• Good security practices demand that key pairs should be updated
regularly because over a period of time they become susceptible
to cryptanalysis attacks.

05/13/22 Vivek Kapoor 39

 Key Archival

• Ca must plan & maintain history of the certificates & the keys of its
user’s.
• This helps us to inquire a document which is signed way back.
• It help to avert legal problems.

05/13/22 Vivek Kapoor 40

 The PKIX Model

• Internet Engineering Task Force (IETF) formed the Public Key

Infrastructure X.509 (PKIX) working group.
• It extends the basic philosophy of the X.509 standard & specify how
digital certificates can be deployed in world of internet.

05/13/22 Vivek Kapoor 41

 PKIX Services
1) It offers following broad level services:
2) Registration: Where an end-entity (subject) makes itself known to CA.
3) Initialization: How the end-entity is sure that it is talking to right CA?
4) Certification: Ca creates digital certificate for the end-entity & returns it
to the end-entity, maintains a copy for its own records.
5) Key pair recovery: Key used for encryption are used at the later date for
decrypting old documents. Basically key archival is done.
6) Key generation: PKIX specifies that end-entity should be able to
generate Pvt.-Public key pairs, or CA must be able to for end-entity.
7) Key update: Smooth transition from one expiring key pair to a fresh one
by automatic renewal of digital certificates.
8) Cross-certification: End-entities certified by different CAs can cross
verify each other.
9) Revocation: Checking of certification status in two modes : online &
offline.
05/13/22 Vivek Kapoor 42
 PKIX Architectural Model

• The five areas of architectural model are as follows:

1) X.509 V3 certificate & V2 certificate revocation list profiles: X.509
standard allows the use of various options while describing the
extensions of a digital certificate. PKIX has grouped all the options
that are deemed fit for internet users.
2) Operational protocols: It defines underlying protocols that provide
the transport mechanism for delivering certificates.
3) Management protocols: These protocols enable exchange of
information between various PKI entities (Subject, RA, CA).
4) Policy outlines: Outlines certificate policies & certificate practice
statements.
5) Time stamp & Data certification services: These are provided by
third party. Time stamp service helps that a message signed
existed at a particular date & time. Data certification services
verifies correctness of data it has received.
05/13/22 Vivek Kapoor 43
Public Key Cryptographic Standards (PKCS)

• PKCS is developed by RSA laboratories with the help of

representatives of government, industry & academicians.
• Main purpose of PKCS is to standardize Public Key Infrastructure
(PKI).
• This would organizations to develop inter operable PKI solutions.
• We will discuss important PKCS standards.

05/13/22 Vivek Kapoor 44

Public Key Cryptographic Standards (PKCS)
• PKCS Standards Summary
Name Comments
• PKCS #1 RSA Cryptography Defines the mathematical properties
Standard and format of RSA public and private
keys (ASN.1-encoded in clear-text), and the basic algorithms
and encoding/padding schemes for performing RSA encryption,
decryption, and producing and verifying signatures.

PKCS #2 Withdrawn No longer active. Covered RSA

encryption of message
digests, but was merged into PKCS #1.

• PKCS #3 Diffie-Hellman Key A cryptographic protocol that allows two

Agreement Std. parties that have no prior knowledge of
each other to jointly establish a shared
secret key over an insecure
communications channel.

05/13/22 Vivek Kapoor 45

Public Key Cryptographic Standards (PKCS)

• PKCS #4 Withdrawn No longer active. Covered RSA key

syntax but was
merged into PKCS #1.
• PKCS #5 Password-based
Encryption Std. See RFC 2898 and PBKDF2.

• PKCS #6 Extended-Certificate Defines extensions to the old v1

Syntax Standard X.509 certificate specification.
Obsolete by v3 of the same.
• PKCS #7 Cryptographic Msg. Used to sign and/or encrypt messages
Syntax Standard under a PKI. Used also for certificate
dissemination. Formed the basis for
S/MIME.
• PKCS #8 Private-Key Info. Used to carry private certificate key pairs
Syntax Standard. (encrypted or unencrypted).

05/13/22 Vivek Kapoor 46

Public Key Cryptographic Standards (PKCS)

• PKCS #9 Selected Attribute Type Defines selected attribute types for

use in PKCS #6 extended certificates,
PKCS #7 digitally signed
messages, PKCS #8 private-key
information, and PKCS #10
certificate-signing requests.
• PKCS #10 Certification Request Format of messages sent to a
certification Std. authority to request
certification of a public key.
• PKCS #11 Cryptographic Token An API defining a generic interface
Interface (Cryptoki) to cryptographic tokens (see also
Hardware Security
Module). Often used for single sign-on
and Smartcard

05/13/22 Vivek Kapoor 47

Public Key Cryptographic Standards (PKCS)

• PKCS #12 Personal Information Defines a file format

Exchange Syntax Std. commonly used to

store private keys with

accompanying public key
certificates, protected with
a password-based symmetric key.
PFX is a predecessor to
PKCS#12.

• PKCS #13 Elliptic Curve Cryptography Standard (Under

development.)
• PKCS #14 Pseudo-random Number Generation (Under
development.)
05/13/22 Vivek Kapoor 48
Public Key Cryptographic Standards (PKCS)

• PKCS #15 Cryptographic Token Info. Defines a standard allowing

Format Standard users of cryptographic
tokens to identify themselves to
applications, independent
of the application's Cryptoki
implementation (PKCS
#11).

05/13/22 Vivek Kapoor 49

PKCS#5-Password based encryption (PBE)
Standard
• They are used to keep symmetric session key safe & protect it from
unauthorized access.
• We first encrypt plain text message with the symmetric key, & then
encrypt the symmetric key with key encryption key (KEK). It protect
symmetric key from unauthorized access.
• Next question is that where do we store KEK & how to protect it.
• To protect KEK is to never store it anywhere.
• The approach is to generate it on demand, use it for
encryption/decryption & discard it.
• For this purpose, a password is used.
• Password is input for key generation process (usually a message
digest algorithm) output is KEK.
Key generation
Password process KEK
05/13/22 Vivek Kapoor 50
PKCS#5-Password based encryption (PBE)
Standard
• The drawback is that attacker can launch dictionary attack against
this scheme. Since many times password is simple English letters.
• To prevent such attack apart from password two additional pieces of
information are used for key generation process. They are Salt &
iteration count.
• Salt is simply a bit string which is combined with the password to
produce KEK.
• Iteration count specifies no. of operations must be performed on the
combination of the password & salt to generate KEK.
• Interestingly salt & iteration count are not kept secret.
• So the biggest difference between this attack & previous attack is
that an attacker will not be able launch dictionary attack.
• Now he has to combined each word with salt & perform Key
generation process for iteration count no. of times.
• This makes task quiet difficult.
05/13/22 Vivek Kapoor 51
 PKCS#8/10-Private key information
standard
• It describes syntax for storing pvt. key securely so that they cannot
be attacked.
• PKCS#10 describes syntax for certification requests.
• Certification requests are sent to a certification authority which
transform request to an X.509 public key certificate.

05/13/22 Vivek Kapoor 52

 PKCS#11-Cryptographic token interface
standard
• This standard specifies the operations performed using hardware
token, such as smart card.
• Smart card is smart because it contains cryptographic processor &
memory in it.
• Key generation encryption or digital signature is performed directly
in the card itself.
• User pvt. Cannot be copied from the card to the computer hard disc.
• Small size of card makes it portable.
• Just like ATM smart card need smart card readers.

05/13/22 Vivek Kapoor 53

 PKCS#12-Personel information exchange
syntax
• PKCS#12 standard was developed to solve the problem of
certificate & private key storage & transfer.
• All web browser including internet explorer are internally PKCS#12.

05/13/22 Vivek Kapoor 54

 PKCS#14-Psuedo-Random number
generation standard
• Random no. generation are extremely crucial in cryptography.
• This standard defines the requirements for generating random no.
• In fact many programming languages are provided with the facility of
generating random no..
• But they are not truly random- over a period of time we can predict
them.
• Because computers are rule based machines with finite range of
generating random no.
• Thus random no. are generated by external means. This process is
called psuedo-random no. generation.

05/13/22 Vivek Kapoor 55

 PKCS#14-Psuedo-Random number
generation standard
• There are three ways to generate Psuedo-random no. using
computer which are as follows:
• Monitor hardware that generates random data: It is best but most
costliest approach of generating random no. using computers. The
generator is an electronic circuit, which is sensitive to some random
physical event, such as diode noise etc. This unpredictable
sequence is transformed into random no.
• Collect random data from user interactions: Such as mouse.
• Collect data from inside the computer: Data from inside the
computer which is hard to predict. This data can be system clock or
files in the disk etc………

05/13/22 Vivek Kapoor 56

 PKCS#15-CryptographicToken information
syntax standard
• This standard provides interoperability of smart cards.
• The Extensible Markup Language (XML) is center stage of the
modern world of technology.
• XML is the back bone of all technologies such as web services etc.
• Almost every aspect of internet programming is related with XML.

05/13/22 Vivek Kapoor 57

 Thank You

-----------------------------------------------------------

05/13/22 Vivek Kapoor 58

 Chapter 2
Internet Security Protocols

05/13/22 Vivek Kapoor 59

 Static Web Pages

• Main players in internet-based communications are web browser

(client) & web server (server).
• Hyper text transfer protocol (HTTP) is used for communication
between them.
• The type of web pages are used is called static web pages.
• A web is created by using Hyper Text Mark Up language & stored
on to the server.
• When ever user request for a page, web server sends the page
without performing any additional processing. All he has to do that it
has to locate the page on its hard disc.
• They are used where contents do not change often such as
country's home page, history etc…

05/13/22 Vivek Kapoor 60

 Dynamic Web Pages

• Sites where information changes quite often such as stock market

sites, weather sites dynamic web pages are required.
• Contents of dynamic web page can change all the day. Creating
dynamic web pages requires server side programming.
1. HTTP request

4. HTTP response

Web browser Web server

2. Invokes an
3. Program
application
executes &
program in
produce HTML
response to
output.
HTTP request
05/13/22 Vivek Kapoor 61
 Active Web Pages

Fig.

1. HTTP request

2. HTTP response

contains

3. Browser interprets Small prog.

HTML Page (Applet or
HTML page & also
executes the ---------------- Microsoft
program. ---------------- Active X
---------------- controls

05/13/22 Vivek Kapoor 62

 Protocols & TCP/IP

• Protocol software act as a universal translator between different

computers & networks.
• It defines an abstract model of communication hierarchy, which is
independent of all physical character tics of computer & networks.
Intermediate nodes

Communication link
05/13/22 Vivek Kapoor 63
 Protocols & TCP/IP

Fig.
Application Application

Transport Transport

Network Network
Network Network
Data Link
Data Link Data Link Data link

Physical Physical
Physical Physical

05/13/22 Vivek Kapoor 64

 Protocols & TCP/IP

Fig.

L5 Data Application L5 Data

L5 Data H4 Transport
L5 Data H4

L4 Data H3 Internet
L4 Data H3

L3 Data H2 Data link L3 Data H2

011101010101010100101010 Physical 011100000110101010110110

05/13/22 Vivek Kapoor 65

 Secure Socket Layer (SSL)

• It is an internet protocol used for exchange of information between

browser & server.
• Developed by Netscape corporation & has three versions 2, 3, 3.1.
• It is considered as an additional layer & is kept between application
& transport layer.
• Here application layer data is not passed directly to transport layer,
instead it is passed to the SSL layer.
• Here it performs its encryption on the data received from application
layer & add its own header called SH to the encrypted data.
• Thus data from application layer is encrypted, lower level headers
are not encrypted.
• If SSL encrypt lower level headers then even IP & physical
addresses of computers would be encrypted & become unreadable.

05/13/22 Vivek Kapoor 66

 Secure Socket Layer (SSL)

Fig.

L5 Data Application
L5 Data
L5 data SH SSL L5 data SH

L5 Data H4 Transport
L5 Data H4

L4 Data H3 Internet
L4 Data H3

L3 Data H2 Data link L3 Data H2

011101010101010100101010 Physical 011100000110101010110110

SSL has three sub-protocols, namely the handshake Protocol,

Record Protocol & alert Protocol.
05/13/22 Vivek Kapoor 67
 Secure Socket Layer (SSL)
1. Handshake Protocol.
(a) Establish Security Capabilities.
Client Hello
Server Hello
(b) Server authentication & Key Exchange,
Certificate
Server Key Exchange
Certificate Request
Server Hello Done
(c) Client authentication & Key Exchange
Certificate
Client key Exchange
Certificate Verify
(d) Finish
Change Cipher Specs
Finished
05/13/22 Vivek Kapoor 68
 Secure Socket Layer (SSL)
2. Record Protocol
Fragmentation
Compression
Addition of MAC
Encryption
Append Header
3. Alert Protocol
Fatal Alerts
Non-Fatal Alerts

05/13/22 Vivek Kapoor 69

 Working of SSL (Handshake Protocol)

• Handshake protocol consists of series of messages between

client & server.
• It is made up of four phases:
1. Establish security capabilities.
2. Server authentication & key exchange.
3. Client authentication & key exchange.
4. Finish.

Type Length Content

1 byte 3 bytes 1 or more bytes

Format of the handshake protocol message types

05/13/22 Vivek Kapoor 70

 Working of SSL (Handshake Protocol
Phase:1)
• The first phase of SSL handshake is to initiate a logical connection
& establish security capabilities associated with them.
• This consist of two messages client hello & server hello.
• They contains following parameters:
Version (SSL),
Random ( 32 bit date-time field, 48 bit random no.
generated by software inside the computer),
Session id (zero for no session, non zero for a session),
Cipher suite (Cryptographic algo. Supported such as
RSA, Deffie Hellman etc.),
Compression method.

05/13/22 Vivek Kapoor 71

 Working of SSL (Handshake Protocol
Phase:2)
• Process includes server authentication & key exchange.
• Here client is the sole recipient of messages.
• It consist of four steps: Certificate, server key exchange, certificate
request, server hello done.
Certificate : Server sends its digital certificate & entire chain leading
to root CA to the client.
Server Key Exchange: It is optional. It is used if server does not
sends its digital certificate instead it sends its
public key.
Certificate Request: Server can request for client’s digital certificate.
Client certification is optional.
Server Hello Done: This indicates to client can now optionally verify
the certificates sent by server & ensure all
parameters are acceptable.

05/13/22 Vivek Kapoor 72

 Working of SSL (Handshake Protocol
Phase:3)
• Process includes client authentication & key exchange.
• Here server is the sole recipient.
• This phase consist of three steps: Certificate, client key exchange,
certificate verify.
Certificate: It is optional. It is only performed only if server has asked
for client info.
Server key exchange: Client sends info. Related to symmetric key
that both parties will use in the session. Client
creates a 48 byte pre-master secret, &
encrypts it with server’s public key & sends it to server.
Certificate verify: It is necessary only if sever has demanded client
authentication. Here client combines pre-master
secret with random no.’s generated by client & server
hashing them together to produce master secret which is
used to produce symmetric key.
05/13/22 Vivek Kapoor 73
 Working of SSL (Handshake Protocol
Phase:4)
• Here client initiates the 4th phase which server ends.
• This phase consists of four steps.
• The first two messages are from client: Change cipher Specs,
Finished.
• The server responds back with two identical messages: Change
cipher Specs, Finished.

05/13/22 Vivek Kapoor 74

 Master Secret Generation Concept

Fig. Pre-master Client Server

Secret Random Random

Message Digest Algorithms

Master
Secret

05/13/22 Vivek Kapoor 75

 Symmetric Key Generation Concept

Fig. Master Client Server

Secret Random Random

Message Digest Algorithms

Symmetric
Key

05/13/22 Vivek Kapoor 76

Fig

05/13/22 Vivek Kapoor 77

 Working of SSL (Record Protocol)

• Record protocol comes into picture after successful handshake is

completed between client & server.
• This protocol provides two services to an SSL connection:
Confidentiality: achieved by secret key generated during
handshake protocol.
Integrity: Handshake protocol also defines shared secret key
(MAC) which is used for message integrity.
• The operation of record protocol consists of following steps:
Fragmentation: Original message is broken into blocks more than or
equal to 16Kb.
Compression: Fragmented blocks are optionally compressed. It
must be loss-less compression mechanism.
Addition of MAC: MAC for each block is calculated.
05/13/22 Vivek Kapoor 78
 Working of SSL (Record Protocol)

Encryption: Output of previous step is now encrypted using

symmetric key established previously in handshake
protocol.
Append header: Finally a header is generated to the encrypted
block. The header consists of following fields:
Contend Type(8 bits): Protocols.
Major Version(8 bits): Major version of SSL
protocol used.
Minor Version(8 bits): Minor version of SSL
protocol used.
Compressed length(16 bits): Specifies length of
bytes of original
plain text block.

05/13/22 Vivek Kapoor 79

 Working of SSL (Alert Protocol)

• Whenever client or server detects an error, the detecting party

sends an alert message to the other party.
• If error is fatal then both parties will immediately close the
connections.
• Other errors which are not fatal then parties will handle the error and
correct it.
• Alert message consist of two bytes. If first byte consists 1 then error
is fatal otherwise it will consists of 2.
• Fatal alerts are: Unexpected message, bad record MAC,
decomposition failure, handshake failure, illegal parameters.
• Non-fatal alerts are: No certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired, certificate
unknown, close notify.

05/13/22 Vivek Kapoor 80

 Closing & Resuming SSL Connections

• Before ending the communication each part should notify the other
close notify alert & end the connection from its side.
• The handshake protocol is quite complex & time consuming as it
use asymmetric key cryptography.
• Thus it is desired that client-server should reuse earlier connection,
rather than going for new connection.
• A SSL connection should not be used after 24 hrs in any case.

05/13/22 Vivek Kapoor 81

 Secure Hyper Text Transfer Protocol
(SHTTP)
• It is a set of security mechanisms defined for protecting the internet
traffic.
• This includes data entry forms & internet transactions.
• SHTTP support both authentication & encryption of HTTP traffic
between client & server.
• It encrypt individual messages while SSL aims in making the
connection between client & server secure regardless the messages
they are exchanging.

05/13/22 Vivek Kapoor 82

 Time Stamping Protocol (TSP)

• TSP provides proof that a certain piece of data existed at a

particular time.
• It is provided by Time Stamping Authority (TSA).
• The TSP is request &response protocol similar to HTTP.

05/13/22 Vivek Kapoor 83

 Secure Electronic Transaction (SET)

• SET is an open encryption & security specification that is designed

for protecting credit card transactions on he internet.
• Work in this area is done jointly by Master card & Visa jointly.
• They are joined by IBM, Microsoft, Netscape, RSA, Tersia &
Verisign.
• Need for this came from the fact that for e-commerce payment
processing software vendors are coming up with new & conflicting
standards.
• To avoid these incompatibilities SET was designed.
• SET is not a payment system instead it is a set of security protocols
& formats that enable users credit card payment infrastructure on
the internet in a secure manner.

05/13/22 Vivek Kapoor 84

 Secure Electronic Transaction (SET)

• SET services can be summarized as follows:

1. Provides secure communication channel among all parties in e-
commerce transaction.
2. Authentication by use of digital certificates.
3. Confidentiality, i.e information is only available to the parties
involved in a transaction, & that too when & where necessary.
• SET is very complex specification.
• When released it took 971 pages to describe SET.
• SSL version 3 requires 63 pages to describe it.

05/13/22 Vivek Kapoor 85

 Secure Electronic Transaction (SET)
Participants
• Cardholder: Person itself.

• Merchant: Businessman selling goods.

• Issuer: Financial institution (Bank) that provides card to person.

• Acquirer: It is FI that has relationship with merchant for processing

of credit card.

• Payment Gateway: This task can be taken by acquirer or by an

organization as a dedicated function. It process the payment
messages on behalf of merchant.

• Certification Authority (CA): Explained earlier.

05/13/22 Vivek Kapoor 86

 SET Process

1. Customer opens a account.

2. Customer receives a certificate.
3. Merchant receives a certificate.
4. Customer places an order.
5. Merchant is verified.
6. Order & payment details are sent.
7. Merchant requests payment authorization.
8. Payment gateway authorizes the payment.
9. Merchant confirms the order.
10. Merchant provides goods or services.
11. Merchant requests payment.

05/13/22 Vivek Kapoor 87

 How SET achieves its objectives

• Online payment requires that customer sends its credit card info.
To the merchant.
• There are two issue related to it i.e an intruder can get the no. and
use it for malicious intentions.
• Second is that credit card no. is made available to the merchant
who can misuse it in future.
• First issue is generally dealt by SSL, since SSL sends all the info.
In encrypted form hence an intruder cannot make any sense out
of it.
• Second issue is dealt bi SET since it hides credit card information
from the merchant.
• For this SET relies on the concept of digital envelope.
• The following steps illustrates the idea:
1. SET software prepares the payment info. (PI) on cardholder’s
computer.
05/13/22 Vivek Kapoor 88
 How SET achieves its objectives

2. Specific to SET card holder’s computer creates a one time

session key.
3. Using this one time session key card holder’s computer now
encrypts this Payment Information.
4. Cardholder now wraps this one time session key with the public
key of payment gateway to form digital envelope.
5. It sends this encrypted info. & digital envelope to the merchant,
who passes it to the payment gateway.
• The merchant has access only to the encrypted info.
• In order to decrypt the encrypted credit card info. He needs one
time session key which is encrypted by payment gateway public
key.
• To decrypt it he needs payment gate way private key.
• Thus security is provided & he cannot decrypt original credit card
info.
05/13/22 Vivek Kapoor 89
 SET Internals

• Major transaction supported by SET:

1. Purchase request
Initiate request.
Initiate response.
Purchase request.
Purchase response.
2. Payment authorization.
Authorization request.
Authorization response.
3. Payment capture.
Capture request.
Capture response.

05/13/22 Vivek Kapoor 90

 Purchase Request (Initiate request)

Fig.

Please send digital certificates of you

Cardholder & payment gateway. Here is a unique Merchant
id to identify our interaction & here is
my credit card issuer’s name.

05/13/22 Vivek Kapoor 91

 Purchase Request (Initiate response)

Fig.

Here is my transaction id & here are

Cardholder the digital certificates of payment Merchant
gateway & myself.

05/13/22 Vivek Kapoor 92

 Purchase Request (Purchase request)

• Card holder after verifying the Digital Certificates creates Order

Information (OI) & Payment Information (PI).
• Transaction id created by merchant is added to both OI & PI.
• OI consists of references to the shopping phase between
customer & merchant.
• PI consists of details such as credit card info. , purchase amount
& order description.
• Card holder now prepare purchase request by generating one
time symmetric key K.
• Purchase request message consist of following:
1. Purchase related info.: a) It consists of PI, PI & OI, OIMD.
b) All these encrypted with K.
c) Digital envelope created by
encrypting K with payment gateway’s
public key.
05/13/22 Vivek Kapoor 93
 Purchase Request (Purchase request)

2. Order related information: The merchant needs this info. . It

consists of OI, the signature calculated over PI & OI & PIMD.
3. Cardholder certificate: It contains cardholder’s public key.

Here is my OI & PI details. I am also

Cardholder sending my digital certificate that Merchant
contains my public key, so that you &
payment gateway can decrypt the
order/payment details.

05/13/22 Vivek Kapoor 94

 Purchase Request (Purchase request)

• Dual signature:

PI MD5 PIMD

+ MD5 POMD E

OI MD5 OIMD Dual Signature (DS)

E = Card holder encrypts with its

own private key
05/13/22 Vivek Kapoor 95
 Purchase Request (Purchase request)

• Cardholder sends the merchant the OI, DS & PIMD.

PIMD

+ MD5 POMD1
OI MD5 OIMD

Dual Signature
D POMD2
(DS)

POMD1 POMD2 If Yes then

= accept else
reject
05/13/22 Vivek Kapoor 96
 Purchase Request (Purchase request)

• The payment gateway gets PI, DS & OIMD.

OIMD

+ MD5 POMD1
PI MD5 PIMD

Dual Signature
D POMD2
(DS)

If Yes then
POMD1 = POMD2
accept else
reject
05/13/22 Vivek Kapoor 97
 Purchase Request (Purchase response)

• When merchant receives the purchase he does the following:

1. Verifies cardholder certificates.
2. Verify signatures created over PI & OI using cardholder public
key.
3. Process the order & forward the PI to payment gateway for
authorization.
4. Sends purchase response to the cardholder.

05/13/22 Vivek Kapoor 98

 Payment Authorization

• Here merchant sends the payment details to the payment gateway.

• Payment gateway verifies the details & authorizes the payment.
• It consists of two messages: Authorization request & Authorization
response.

Here are:
a) Purchase Information
b) Authorization Information
Merchant c) Cardholder & my certificates Payment
Gateway

Authorization request

05/13/22 Vivek Kapoor 99

 Payment Authorization

Fig.

Validations are ok. Here are

authorization info., token info., &
my digital certificate

Merchant Payment
Gateway

Authorization Response

05/13/22 Vivek Kapoor 100

 Payment Capture (Capture Request)

• It is used for obtaining payment.

• It consist of two messages: Capture Request & Capture Response

I need to have payment for this

purchase. Here are transaction
id, amount, & my digital
certificate.
Merchant Payment
Gateway

Capture Request

05/13/22 Vivek Kapoor 101

 Payment Capture (Capture Response)

Fig.

Payment to you is authorized.

Here are the details. Also
enclosed is my digital certificate.

Merchant Payment
Gateway

Capture Response

05/13/22 Vivek Kapoor 102

 SET Model
Please verify Please verify
Fig. cardholder’s certificate
Certificate merchant’s certificate
Authority (CA)

CA 1 CA 2
Request for Request for
Certificate Certificate
Merchant Certificate Cardholders Certificate
Merchant Cardholder
Purchase Response

Purchase Request
Authorization Request

Payment
Authorization Response Gateway

05/13/22 Vivek Kapoor 103

 SSL versus SET
Issue SSL SET
F Main Aim Exchange of data in E-commerce related payment
encrypted form mechanism
Certification Two parties All involved parties must be
exchange certificates certified by third authority
Authentication Mechanisms not very Strong mechanisms
strong
Risk of Possible Not possible
merchant
fraud
Risk of Possible Not possible
customer
fraud
Practical High Low, expected to grow
Usage
05/13/22 Vivek Kapoor 104
 3-D Secure Protocol

• SET has one limitation, it does not prevent user from providing
someone else credit card no.
• New protocol called 3-D Secure protocol helps to achieve this.
• Here card holder who wish to participate in a payment transaction
has to enroll on the issuer bank’s Enrollment server.
• At the time of 3-D secure transaction when merchant receives a
payment instruction from cardholder, he forward this request to
issuer bank.
• Issuer bank ask cardholder for user id & password which was
created at the time of enrollment process.
• Cardholder provides the detail which is verified by the bank.
• If authenticated then it accept the card payment.

05/13/22 Vivek Kapoor 105

 Electronic Money
• It is also called electronic cash or digital cash for making payments
over internet.
• It is money represented in form of computer files i.e physical form of
money is converted into binary form computer data.
• Here customer opens a account with the bank.
• When he needs $100 electronic money, he sends the e-mail to the
bank requesting for the same.
• Bank authenticates the message & when sure debits customer
account for the same.
• Bank sends the money as a computer file ( which contains a
extremely large random no.) to the customer.
• When customer purchases some thing he sends the file to the
merchant.
• Merchant in turn sends the file to the bank which verifies it, & credit
merchant account with that much of money.

05/13/22 Vivek Kapoor 106

 Electronic Money (Security Mechanism)

Fig.
Bank
Customer

$ 100 %^^A

Encrypt with Twice

Encrypt with
bank’s private key encrypted data
customer’s private
key

05/13/22 Vivek Kapoor 107

 Electronic Money (Security Mechanism)

• Fig.
Customer

%^^A $ 100

Decrypt with Original

Decrypt with bank’s
customer’s private message
private key
key

05/13/22 Vivek Kapoor 108

 Types of electronic money

• Classification based on the tracking of money.

Identified electronic money.
Anonymous electronic money.
• Classification based on the involvement of the bank in the transaction.
Online electronic money.
offline electronic money.

05/13/22 Vivek Kapoor 109

 Identified electronic money

Fig.
$ 100
Bank Customer
SR 100 1.Bank generates the
serial no. & sends it
along with the e-money
to the customer.
$ 100
Customer Merchant 2. Customer spends
SR 100 the money, so the
merchant has it now.
3. Merchant en cash
$ 100 the e-money from the
Merchant Bank
SR 100 bank. The money still
has the same sreial no.

05/13/22 Vivek Kapoor 110

 Anonymous electronic money

• It is also called blind money.

• Here customer creates the serial no. instead of bank.
• Customer generates random no. & then multiplies it by another
huge no. ( called blinding factor).
• Customer sends the resulting no., called as blinding no. to the bank.
• Bank does not knows the original serial no. created by the
customer.
• Bank signs the blinded no. & sends it back to the customer.
• Customer then uses original serial no. while doing transaction.
• Here same money can be spent more than once.

05/13/22 Vivek Kapoor 111

 Online/Offline money

• Online money: Here money offered by the customer is acceptable

or not can be confirmed in real time.
• Offline money: Here bank does not participate in transaction
between the customer & merchant.
Merchant accepts the money, but does not
validate it online. It process it at a fixed time
every day.
• We have four possibilities of money:
1. Identified online money.
2. Identified offline money.
3. Anonymous online money.
4. Anonymous offline money.

05/13/22 Vivek Kapoor 112

 Double Sending Problem

• Here customer could arrange for anonymous e-money by using

blinded money concept.
• Later it could spend it in quick succession with two different
merchants.
• Here bank cannot determine which customer spent it more than
once, because of the blinding factor.
• Thus anonymous money is of little use.
• This problem can also occur in offline money also.

05/13/22 Vivek Kapoor 113

 Email Security

• Email is widely most widely used application on the internet.

• RFC 822 defines a format for text email messages.
• Email message consists of two portions: contents & headers.

From: John Smith ([email protected]) Headers

To: Cherry ([email protected])
Subject: Accepting the offer
Date: 4 March 2002
Dear Cherry
I had accepted the offer. Body
Regards.
John
05/13/22 Vivek Kapoor 114
 Email Security

• Simple Mail Transfer Protocol (SMTP) is used for email

communications.
Internet
Pull

email email email

Sender Sender’s Receiver Receiver

SMTP server SMTP server

05/13/22 Vivek Kapoor 115

 Email Security

• Here there are two SMTP server's i.e Sender & receiver.
• Based on client’s request for an email transfer message, server
sends back READY FOR MAIL reply, indicating that it can accept an
email message from the client.
• Client sends HELO to the server & identifies itself.
• Client can now send one or more email messages to the server.
Email transfer begins with MAIL command that identifies the sender.
• Recipient allocates the buffers to store the in coming message &
sends back OK response to the client. Server also sends back
response code 250.
• Client now sends the list of intended recipients by one or more
RCPT commands ( one per recipient).
• The server must send back a 250 OK or 550.
• Client sends DATA command, informing server that client is ready
to start transmission of the email message.

05/13/22 Vivek Kapoor 116

 Email Security

• Server responds back with a 354 start mail input message,

indicating that it is ready to accept the email massage.
• Client sends the email message & when it is over, sends the
identifier provided by the server to indicate that its transmission is
over.
• Server sends back a 250 OK response.
• Client sends a QUIT command to the server.
• Server sends back a 221 service closing transmission channel
message, indicating that it is also closing its portion of the
connection.

05/13/22 Vivek Kapoor 117

 Privacy Enhanced Mail (PEM)

• It is an email security standard adopted by the internet architecture

board (IAB) to provide secure electronic mail communication over
the internet.

Privacy Enhanced Mail (PEM)

Non Message
Encryption
Repudiation integrity

05/13/22 Vivek Kapoor 118

 Privacy Enhanced Mail (PEM)

• PEM starts with a canonical conversation, which is followed by

digital signature, then by encryption & finally by Base-64 encoding.
• There are three security options for sending the mail message:
• Signature only (steps 1 & 2), Signature & base -64 encoding (Steps
1,2 &4), Signature & encryption & Base-64 encoding (steps 1 to 4)
1. Canonical Conversion

2. Digital Signature

3. Encryption

4. Base 64 Encoding
05/13/22 Vivek Kapoor 119
 Privacy Enhanced Mail (PEM)
Canonical Conversion/Digital Signature
• There is a possibility that sender & receiver of email message use
computers that have different architectures & operating systems.
• In canonical representations regardless of the architecture & the
operating system of the sending & receiving computers, email
message travels in a uniform, independent format.
• Step: 2 (Digital Signature)
Email message 10001
MD5 01010 Digital
01010 Encrypt
Signature

Sender’s
private key

05/13/22 Vivek Kapoor 120

 Privacy Enhanced Mail (PEM) Encryption

• Here original email & digital signature are encrypted together with a
symmetric key.
• For this DES or IDEA is used.

05/13/22 Vivek Kapoor 121

 Privacy Enhanced Mail (PEM) Base-64
encoding
• It is also called Radix-64 encoding or ASCII amour i.e it transforms
binary input into printable character output.
Input bit stream
010101011101010100101010100101010010100

01010101110101 1001010101001 101001010011 Divided into 24-bit blocks

01010 0111010 01001010 0100101010 Each 24 bit is divided into 6-bit

blocks

0101010 11010101 010101010 0101010010 6-bit block mapped to 8-bit block

05/13/22 Vivek Kapoor 122

 Privacy Enhanced Mail (PEM) Base-64
encoding
Fig. 0111010101011101010011100001010 24 bit input

01110101 010111010 1001110 0001010 Divide into four 6-bit blocks

6 34 45 77 Write their decimal equivalents

I H U K Map to Base64 table

01110101 010111010 1001110 0001010 Write ASCII equivalent binary

05/13/22 Vivek Kapoor 123

 Pretty Good Privacy (PGP)

• Phil Zimmerman is the father of the Pretty Good Privacy (PGP)

protocol.
• PGP is simple to use, completely free, supports basic requirements
of cryptography, includes its source code & documentation.
• PGP allows four security options when sending an email message:
Signature only, Signature & Base-64 only, Signature, encryption,
enveloping, Base-64 encoding. 1. Digital Signature

2. Compression

3. Encryption

4. Enveloping

5. Base 64 Encoding
05/13/22 Vivek Kapoor 124
 Secure Multipurpose Internet Mail
Extensions (S/MIME)
• Traditional email systems are text based.
• If we want to send multimedia files over email then MIME system
provides the functionality.
• An MIME email contains normal text message along with some
special headers & formatted sections of text.
• Each section consist of ASCII-encoded portion of data.
• It starts with an explanation that how the data should be
interpreted/decoded at the recipient end.
• Suppose sender attach a graphics file to the email message.
• Figure shows that figure actually travels with the email.
• Content type MIME header shows that sender has attached a .GIF
file to the message.
• When open in an text format it will appear as gibberish.
• Recipient email system shall recognized it as .GIF file.
05/13/22 Vivek Kapoor 125
 Secure Multipurpose Internet Mail
Extensions (S/MIME)
• MIME Headers:
 MIME Version: Version which is used.
 Content Type: Describes the data contained in the body of
message.
 Content-Transfer-Encoding: Type o transformation.
 Content-ID:
 Content-Description:
• MIME Content Types: It specifies 7 content types & 15 content sub
types.
• S/MIMIE functionality:
 Enveloping the data: Contains encrypted data & encryption key
encrypted with receiver's public key.
 Signed data: Content & digital signature are both base 64 encoded.
 Clear-signed data: Here digital signature is base 64 encoded.
 Signed & Enveloped data: Vivek Kapoor
05/13/22 126
 Chapter 3
User Authentic Mechanisms

05/13/22 Vivek Kapoor 127

 Introduction

• One of the key aspects of cryptography or network security is

authentication.
• Traditionally user ids & passwords are being used. But there are
security concerns i.e passwords travel in clear text & can be stored
in the server in clear text which can be hacked.
• Modern password based authentication techniques use alternatives
such as encrypting passwords, or using something derived from the
passwords in order to protect them.
• Authentication tokens add randomness to the passwords making
them more secure.
• Certificate based authentication use PKI infrastructure or
technology. It is quiet strong if used correctly. Smart cards are also
used here.
• Biometrics, Kerberos & single sign (SSO) mechanism is also used .

05/13/22 Vivek Kapoor 128

 Authentication Basics

• It is determining user before performing actual business

transactions using the system.
• It is determining the identity of a person to a required level of
assurance.
• Authentication is the first step in any cryptographic solution.
• Unless person on the other side is authenticated there is no point in
encrypting the information flowing between them.
• Whole idea of authentication is based on secrets.
• For example ATM card & PIN no. is one form of authentication.
• Here entity being authenticated & authenticator both share same
secret.

05/13/22 Vivek Kapoor 129

 Passwords

• A password is a string of alphabets, numbers & special characters

which is supposed to be known only to the entity that is being
authenticated.
• It is believed that it is the most simple, least expensive mechanism
& it does not require any special hardware or software support.
• Here every user in the system is assigned a user id & an initial
password.
• Password is stored in the user’s data base against the user id on
the server.

05/13/22 Vivek Kapoor 130

 Passwords (How it works?)

• Step 1: Prompt for user id & password : Here application program

sends a screen to the user, prompting for the user id & password.
• Step 2 : User enters user id & password: here user enters its user id
& password & press OK button. It causes user id & password to
travel in clear text to the server.
• Step 3 : User id & password validation : Server uses its user
authentication program to see if this particular user id & password
combination exist there.
• Step 4 : authentication result : Depending upon the success or
failure of the validation of the user id & password, the user
authentication program returns appropriate result back to the server.
• Step 5 : Inform user accordingly : Depending upon the outcome
server sends back the appropriate page to the user. If successful it
then sends the application menu to the user.

05/13/22 Vivek Kapoor 131

 Passwords ( Problem with this scheme)

• Problem 1 – database contains passwords in clear text :

1. If an attacker succeeds in obtaining an access to the data base,
the whole list of user ids and passwords is available to the
attacker.
2. So passwords in the database must be stored in encrypted form.
3. Whenever user attempts to log on, on the server side, the user’s
password should first be encrypted the compared with the
encrypted password in the database.
• Problem 2 – Password travels in clear text from user’s computer
to the server : If an attacker breaks into the communication link
between user’s computer & server, the attacker can easily obtain
the clear text password.

05/13/22 Vivek Kapoor 132

 Passwords (Something derived from
passwords)
• Here the variation is that not to use password itself but to use
something that is derived from the password.
• Here we run some algorithm on the password & store the output of
this algorithm as the (derived) password in the database.
• When user wants to get authenticated, the user enters the password
& user computer performs same algorithm locally, & sends the
derived password to the server, where it is verified.
• There are several requirements of this scheme:
 Each time the algo. Is executed for same password, it must produce
the same output.
 Output of algo. Must not provide any clue about the password.
 It should be infeasible for any person to provide an incorrect
password, & yet obtain the correct derived password.
• These requirements closely match MD5 or SHA-1.

05/13/22 Vivek Kapoor 133

 Message digests of passwords

• Step 1- Storing Digests as derived passwords in the user database.

• Step 2- User authentication: When a user needs to be
authenticated, the user computes the message digests of the
password, & sends the user id & message digest of password to the
server for authentication.
• Step 3- Server-side validation:
 User id & message digest of password travel to the server over the
communication link.
 Server passes this values to the user application program, which
validates the user id & the message digest of the password against
the database.
 Server uses the result of this operation to return appropriate
message.

05/13/22 Vivek Kapoor 134

 Message digests of passwords

• Here attacker may not be able to use the message digest to work
backwards to retrieve the original password.
• The attacker can simply listen to the communication between user &
the server involving login request-response pair.
• In this he would get the user id & message digest of password.
• Attacker will copy that information & submit them after some time to
the server as a new login request.
• This is called replay attack because attacker simply replay the
sequence of events of a normal user.

05/13/22 Vivek Kapoor 135

 Adding randomness

• To improve security, we need to add a bit of unpredictability or

randomness to the earlier scheme.
• Here message digest of the password is always same but exchange
of information between client & server computer is not always same.
• This will ensure that replay attack is foiled.
• Technique for it is:
 Step 1- Storing message digests as derived passwords in the user
database.
 Step 2- User sends a login request: Here user sends login request
only with her user id.
 Step 3- Server creates a random challenge: Server first checks if
user id send is valid or not, if valid then server now creates a
random challenge (a random no. generated using pseudo-random
number generation technique) & sends back to the user as a plain
text.
05/13/22 Vivek Kapoor 136
 Adding randomness

 Step 4- User signs the random challenge with the message digest of
the password: Here message digest of the password is now used to
encrypt the random challenge received from the server.
 Step 5- Server verifies the encrypted random challenge received
from the user: Server receives encrypted random challenge. In
order to verify server must perform following steps:
 Server can decrypt the random challenge with the message digest
of the user password stored in the user data base . If decryption
matches the original random challenge available on the server, then
server can be assured.
 Step 6- Server returns appropriate message back to the user.
• Random challenges are generally 16-bit random numbers.

05/13/22 Vivek Kapoor 137

 Password encryption

• For security purpose we want that password should travel in

encrypted form.
• For this we should provide some sort of cryptographic functionality
on the user side.
• In case of internet applications, client is web browser, which does
not have special programming capabilities.
• So we must resort to technologies such as Secure Socket Layer
(SSL).
• Here encryption of passwords on client side & server side are
different. So server side application logic would perform the
necessary conversions between the two for verification.

05/13/22 Vivek Kapoor 138

 The problems with passwords

• From the system administrator point of view password based

encryption is quiet problematic.
• Organizations has a number of applications, networks, shared
resources & intranets.
• These applications have varying needs of security measures, & they
grow over a period of time.
• Thus each resource demands its own user id & password.
• Thus end user have to remember many user ids & passwords.
• Password maintenance is quiet a problem.
• A study shows that administrators spends about 40% of their time
creating, resetting or changing user passwords.

05/13/22 Vivek Kapoor 139

 Password Policies

• The password length must be at least 8 characters.

• It must not contain any blanks.
• There must be at least one lower case alphabet, one upper case
alphabet, one digit & one special character in the password.
• The password must begin with an alphabet.

05/13/22 Vivek Kapoor 140

 Authentication Tokens

• A authentication token is a small device that generates random

number every time it is used.
• It is of size of credit cards 7 it has following features: Processor,
LCD, Battery, Real time clock, Key pad for entering the information.
• Each authentication token is pre-programmed with a unique no.
called seed or random seed.

05/13/22 Vivek Kapoor 141

 Authentication Tokens

• Step 1: Creation of a token:

 When ever authentication token is generated, a random seed is
generated by authentication server.
 This seed is stored in the user’s record in the user data base. User
does not know the value of seed.
• Step 2: Use of token :
 Authentication token automatically generates pseudorandom
numbers called one time passwords based on the seed value.
 User send its user id & this pseudorandom number to the server.
 Server calls the seed retrieval program which in turns establish
relationship between pseudorandom no. & seed.
 Authentication token is generally protected with 4-digit pin.
• Step 3 :Server sends the appropriate message back to the user.

05/13/22 Vivek Kapoor 142

 Authentication Tokens Types

• They are of two main types: Challenge/Response Tokens & Time

based Tokens.
• Challenge/Response Tokens:
• Step 1 : User sends login request
• Step 2 : Server sends random challenge depending upon the
validity of user id.
• Step 3 : User signs the random challenge with the message digest
of the password:
 Here token accepts the random challenge send by the server &
encrypt with its seed value & result is displayed on the screen &
send to the server as login request.
• Step 4 :
 Server after receiving the encrypted random challenge from the user
decrypts it with the seed value compare it with random challenge it
has sent. If value matches then user is authenticated otherwise not.
05/13/22 Vivek Kapoor 143
 Authentication Tokens Types

• Step 5 : Server sends an appropriate message to the user.

• The problem with this scheme is that if we use 128 bit seed then
encrypted seed will also be of 128 bit or 16 characters.
• For user to read 16 characters from the LCD screen it quiet difficult.
• Alternate to it is that instead of encryption message digest of
predetermine length is calculated.
• Here there is one more problem that user has to make three entries,
hence he can make an error.

05/13/22 Vivek Kapoor 144

 Time based tokens

• Here previous disadvantages are addressed.

• Step 1: Password generation & login request:
 Here password is generate on the user side using two parameters
i.e seed & current system time & sends to the server.
 Token automatically generates password using these two values in
every 60 seconds.
• Step 2: Server side verification:
 Server performs independent cryptographic function on user’s seed
value & current system time to generate its version of password, if
two values match, it is consider as valid one.
• Step 3: Sever sends an appropriate message to the user
• Due to its automated nature it is most commonly used.
• But What happens if window of 60 seconds is crossed.
• Then here every time the window is crossed user’s computer sends
new login request by advancing its time by 1 minute.
05/13/22 Vivek Kapoor 145
 Certificate Based Authentication

• It is stronger than all other authentication techniques. Here user

know something (Certificate) & not know something (Password).
• Step 1: Creation, storage & distribution of digital certificates: Here
user id, private key, copy of digital certificate is stored in the user
database.
• Step 2: Login request: Here user only sends user id to the server.
• Step 3: Server creates a random challenge: Here the random
challenge travels as a plain text from server to user’s computer.
• Step 4: User signs the random challenge: It signs it with his private
key & sends it to the server. Server obtains public key of the user
from its database. It then decrypts signed random challenge send
from user & compare it with the original random challenge.
• Step 5: Server sends Appropriate message to the user: Depending
upon matching server sends he appropriate message to the user.

05/13/22 Vivek Kapoor 146

 Smart Cards

• In certificate based authentication smart cards are used.

• Card stores digital certificates, public-private key pairs with in the
card in a tamper free fashion.
• Public key & digital certificate can be exported outside.
• Smart card capable of performing cryptographic functions within the
card.
• If we wish to sign a 1MB document using a smart card then to copy
& perform all cryptographic functions with in the card will require 15
mins at the rate of 9600 bits per second.
• So to avoid this first generate a message digest of 1MB document
outside the card then feed it to smart card for cryptographic function.
• Drawback of smart cards are non availability of smart card readers,
smart card aware cryptographic services software on every
computers.
• Cost of smart card & smart card readers are high.
05/13/22 Vivek Kapoor 147
 Biometric Authentication

• It works on human character tics, such as finger print, voice, &

pattern of lines in your iris.
• The user database consists of sample of user’s biometric character
tics.
• During authentication user is required to provide another sample of
user’s biometric character tics.
• These two values are matched & depending upon it validation is
decided.
• For example sample taken every time may not be same, such as in
case of finger print recognition finger may be dirty, or have cuts or
other marks.
• To over come this problem authentication system defines two
configurable parameters: False accept ratio & False reject ratio.
• Best security solution is two combine password/pin, smart card &
biometrics
05/13/22 Vivek Kapoor 148
 Kerberos

• It is an authentication protocol.
• Basis of this protocol is another protocol called Needham-Shroeder.
• Kerberos means a multi-headed dog in greek mythology (apperently
used to keep outsiders away).
• Version 4 is used in practical implantations, version 5 is also out
now.
• There are four parties involved in Kerberos protocol:
• Alice: Client work station.
• Authentication server (AS): Verifies the user during login.
• Ticket Granting server (TGS): Issue tickets to certify proof of identity.
• Bob: Server offering services such as network printing, file sharing,
application program etc……………

05/13/22 Vivek Kapoor 149

 How does Kerberos Work? (Step 1)

• Alice (Client) sits down at an arbitrary workstation & enters her

name.
• Workstation sends her name in plain text to the Authentication
server (AS).
AS
KS + TGT

Symmetric key Randomly generated

Encrypt derived from Alice’s User Name session key (KS)
password (KA)
Symmetric key shared by the Encrypt
ticket granting server (TGS)
Output
Session Key TGT
(KS)

KS + TGT
05/13/22 Vivek Kapoor 150
 How does Kerberos Work? (Step 1)
Output
• Fig.

AS Alice

• After message is received, Alice work station generates symmetric

key (KA) derived from password & uses that key to extract the
session key (KS) & Ticket Granting Key (TGT).
• Alice cannot open TGT since it is encrypted by key of TGS which is
shared between TGS & AS.

05/13/22 Vivek Kapoor 151

 How does Kerberos Work? (Step 2)

• Obtaining a service granting ticket (SGT).

Request for a SGT

Output

Timestamp

Encrypt Session Key (KS)

Encrypted
Timestamp TGT Bob

Output

05/13/22 Vivek Kapoor 152

 How does Kerberos Work? (Step 2)

• TGT is encrypted by secret key of Ticket granting server (TGS).

Thus TGS can only open it.
• Once TGS is satisfied with the credentials of Alice, it creates a
session key KAB, for Alice to have secure communication with Bob.

05/13/22 Vivek Kapoor 153

 How does Kerberos Work? (Step 2)
Output
• Fig.

Alice KAB

B’s Secret Encrypt

key

Bob KAB

Session Encrypt
Key (KS)

Output
05/13/22 Vivek Kapoor 154
 How does Kerberos Work? (Step 3)

• User contact Bob for accessing server.

• Alice can now send KAB to Bob in order to enter a session with him.
• To make it more secure Alice will send encrypted KAB to Bob.
• To guard against replay attacks, Alice also sends the timestamp,
encrypted with Bob’s secret key.
• Bob acknowledges by adding 1 o the time stamp sent by Alice,
encrypts the result with KAB & send it back to the Alice.
• Now Alice & Bob communicate with each other using key KAB.

05/13/22 Vivek Kapoor 155

 Single Sign On (SSO)

• Since Alice needs to authenticate or sign on only once, this

mechanism is called Single Sign On (SSO).
• She needs to authenticate to the AS only once.
• SSO is very important for corporate networks since network grows
over a period of time.
• Thus multiple authentication mechanisms can be segregated into a
single, uniform authentication mechanism using SSO.
• There are two broad approaches for SSO: Script based approach,
Agent based approach.
• In script based approach SSO software mimics user action i.e by
simulating the user depressing keyboard keys.
• In agent based approach every web server must have a piece of
software called as agent, then there must be SSO server which
interacts with the user database.

05/13/22 Vivek Kapoor 156

 Thank You

-----------------------------------------------------------

05/13/22 Vivek Kapoor 157

 Chapter 4

Network Security

05/13/22 Vivek Kapoor 158

 Brief introduction to TCP/IP

• Network security is key aspect in internet based security

mechanism.
• People are only interested in application level security, but data at
lower level should be protected.
Application SMTP FTP DNS HTTP
Presentation TELNET
Session Application

Transport TCP UDP

Network ICMP IP ARP RARP

Data Link

Physical

05/13/22 Vivek Kapoor 159

 TCP Segment Format

• Fig.
20 to 60 bytes header consisting of the following fields
2 bytes 2 bytes 4 bytes 4 bytes
Source Destination Sequence Ack No.
port no. port no. no.
4 bytes 6 bytes 6 bytes 2 bytes
Header Reserved Flag Window
length Size
2 bytes 2 bytes 0 to 40 bytes
Checksum Urgent Options
pointer

DATA

05/13/22 Vivek Kapoor 160

 IP Datagram Format

• Fig. Version HELEN Service Total

(4bits) (4bits) Type(8bits) Length(4bits)
Identification(16 bits) Flags(3 Fragmentation
bits) Offset (13 bits)
Time to Protocol (8 bits) Header Checksum (16 bits)
live (8 bits)
Source IP address (32 bits)

Destination IP address (32bits)

Data (32 bits)

Options(32 bits)

05/13/22 Vivek Kapoor 161

 Firewalls

• In internet any computer can be connected to any other computer in

the world.
• This is a great advantage for individuals and corporate.
• But it is a nightmare for network support staff to protect the
corporate network from variety of attacks.
• There is a possibility of leakage of confidential information as well
as viruses & worms can create havoc.
• We encrypt the confidential info. To protect it from outside world.
• To protect from outside attacks Firewall comes into the picture.
• Firewall is just like a guard which checks all the in coming &
outgoing packets in the corporate network.
• A firewall is a specialized version of router which it performs with the
help of additional software resources.
05/13/22 Vivek Kapoor 162
 Firewalls

• Fig.

Internet

Corporate Network

05/13/22 Vivek Kapoor Firewall 163

 Firewalls

• All traffic inside & outside must pass through firewall.

• Access to local network via firewall should be permitted.
• Only traffic authorized as per local security policy should be allowed.
• Firewall should render attack on itself.
• There are two types of firewalls : Packet filters & Application
Gateway.

05/13/22 Vivek Kapoor 164

 Firewalls ( Packet filters)

• Packet filter applies a set of rules to each packet, & based on

outcome, decides to forward or discard the packet.
• Packet filter is also called screening router or screening filter.
• The filtering rules are based on number of fields i.e IP & TCP/UDP
destination headers, source & destination IP addresses, IP protocol
field, TCP/UDP port numbers.
• A packet filter performs following functions:
 Receive each packet as it arrives.
 Pass the packets through a set of rules & see weather it matches
the set of rules or not.
 If there is no match then take default action.
 The default action may be to accept or discard all packets.

05/13/22 Vivek Kapoor 165

 Firewalls ( Packet filters)

• Advantages of packet filters are its simplicity & there fast operating
speed.
• Disadvantages are difficulties in setting up packet filter rules & lack
of support for authentication.
• Following types of attacks takes place in case of packet filters:
 IP address spoofing: An intruder can send packet outside the
network having IP address equal to IP address with in the network.
 Source routing attacks: Here attacker specify the route that a packet
should take as it moves with along the internet.
 Tiny fragment attacks: IP packets pass through variety of networks
such as Ethernet, Token ring, X.25 etc…. So IP packets get
fragmented each time. Attacker feels that packet filter can be fooled,
so that after fragmentation, it checks only 1st fragment & by
intentionally creating the fragments he can intrude into the system.
05/13/22 Vivek Kapoor 166
 Firewalls ( Packet filters)

• An advanced type of packet filter called dynamic packet filter or

stateful packet filter is used.
• Here it allow in comming TCP packets only if they are responses to
the outgoing TCP packets that have gone through the network.
• Dynamic packet filter has to maintain a list of the currently open
connections & outgoing packets in order to deal with this rule.

05/13/22 Vivek Kapoor 167

 Firewalls (Application gateways)

• It is also called proxy server.

• It decides the flow of application level traffic.
• It typically work as follows:
• An internal user contacts the application gateway using TCP/IP
application.
• Application gateway ask the user about the remote host which he
user wants to set up a connection for actual communication & ask for
its user id & password.
• The user provides this information.
• The application gateway now access the remote host on behalf of
user and passes the packets of the user to the remote host.
• There is a variation called circuit gateway.
• Here circuit gateway creates a new connection between itself &
remote host.
• It also changes source IP address of the user to its own.
05/13/22 Vivek Kapoor 168
 Firewalls (Application gateways)

• User thinks that a direct connection between itself & remote host
has been established.
• Thus computers from internal users are hidden from outside world.
• SOCKS server is an example of the real life implementation.
• Socks client runs on the internal hosts & server runs on the firewall.
• Thus application gateway act as a proxy of the actual end user &
remote host.
• It is more secure than packet filters.
• Rather examining every packet against number of rules, here we
simply detect that weather user is allowed to work with TCP/IP
application or not.
• Disadvantage is that there is a overhead in terms of connections.
• There are two sets of connections: between end user & application
gateway another between application gateway & remote host.

05/13/22 Vivek Kapoor 169

 Firewall configurations
• Firewall is a combination of packet filter & application gateway.
• Based on this there are three possible configuration of the firewall.
• Screened host firewall, single-homed bastion
• Screened host firewall, dual-homed bastion
• Screened subnet firewall

05/13/22 Vivek Kapoor 170

 Screened host firewall, single-homed bastion

• It consist of packet filtering router & application gateway.

Application gateway

Packet filter

Internet

05/13/22 Vivek Kapoor 171

Screened host firewall, Dual-homed bastion

• Direct connection between internal host & packet filter are avoided.

Application gateway

Packet filter

Internet

05/13/22 Vivek Kapoor 172

Screened host firewall, Dual-homed bastion

• Two packet filters are used one between internet & application
gateway other between application gateway & internal network.

Packet filter

Application gateway

Packet filter

Internet

05/13/22 Vivek Kapoor 173

 Demilitarized Zone (DMZ) Networks

• It is used where an organization has servers which it need to make

them available to the outside world.

Internet
DMZ

Firewall
05/13/22 Vivek Kapoor 174
 Limitations of firewall

• Insider intrusions.
• Direct internet traffic.
• Virus attacks.

05/13/22 Vivek Kapoor 175