Unit 5- Network Security, Cyber Laws & Standards Total Marks-14

Topics and Sub-topics

5.1 Kerberos: Working, AS,TGS, SS
5.2 IP Security-Overview, Protocols, AH, ESP, Modes- Transport and
Tunnel.
5.3 Email Security- SMTP, PEM, PGP

5.4 Public Key Infrastructure(PKI): Introduction, Certificates, Certificate

Authority, Registration Authority, X.509/PKIX Certificate Format.
5.5 Cyber Crime: Introduction, Hacking, Digital Forgery, Cyber
Stalking/Harashment, Cyber Pornography, Identity Theft and Fraud, 5.6
Cyber Terrorism, Cyber Defamation.
Cyber Laws: Introduction, Need.
5.1 Kerberos:
• Kerberos is a network authentication protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography.
• The main components of Kerberos are: 

1. Authentication Server (AS): 

The Authentication Server performs the initial authentication and ticket for Ticket Granting Service. 

2. Database: 
The Authentication Server verifies the access rights of users in the database. 

3. Ticket Granting Server (TGS): 

The Ticket Granting Server issues the ticket for the Server.

• How Kerberos does works?

• Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of

authentication where both the client and server agree to use a single encryption/decryption key for

sending and receiving data.

• When working with the encryption key, the details are actually sent to a key distribution center

(KDC), instead of sending the details directly between each computer.

5.1.1 Working of Kerberos:
• The entire process takes a total of eight steps, as shown below:
Step 1: The authentication service, or AS, receives the request by the client and
verifies that the Client is indeed the computer it claims to be. This is usually
just a simple database lookup of the user’s ID.
5.1.1 Working of Kerberos: Continue……
Step 2: Upon verification, a timestamp is crated. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp
is 8 hours. The encryption key is then created. The timestamp ensures that when
8 hours is up, the encryption key is useless. (This is used to make sure a hacker
doesn’t intercept the data, and try to crack the key. Almost all keys are able to be
cracked, but it will take a lot longer than 8 hours to do so)
5.1.1 Working of Kerberos: Continue……
Step 3: The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the authentication

service. It is used for authentication the client for future reference.
Step 4: The client submits the ticket-granting ticket to the ticket-granting
server, or TGS, to get authenticated.
5.1.1 Working of Kerberos: Continue……
Step 5: The TGS creates an encrypted key with a timestamp, and grants the client a
service ticket.
5.1.1 Working of Kerberos: Continue……
Step 6: The client decrypts the ticket, tells the TGS it has done so, and then sends its
own encrypted key to the service.
5.1.1 Working of Kerberos: Continue……
Step 7: The service decrypts the key, and makes sure the timestamp is still valid. If it
is, the service contacts the key distribution center to receive a session that is
returned to the client.

Step 8: The client decrypts the ticket. If the keys are still valid, communication is
initiated between client and server.
5.2 IP Security:(IP Sec)
• IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF)
standard suite of protocols between two communication points across the IP
network that provide data authentication, integrity, and confidentiality.
• It also defines the encrypted, decrypted, and authenticated packets. The
protocols needed for secure key exchange and key management are defined in it.
• IPSec layer sits in between the transport and the Internet layers of conventional
TCP/IP protocol stack.

• IPSec actually consists of two main protocols

• a) Authentication Header (AH):
• b) Encapsulating Security Payload (ESP):
5.2 IP Security:(IP Sec) Continue......
 5.2 IP Security:(IP Sec) Continue......
a) Authentication Header (AH): The AH provides support for data integrity and
authentication of IP packets. The data integrity service ensures that data inside IP
packet is not altered during the transit.
• The authentication service enables an end user or computer system to authenticate
the user or the application at the other end and decides to accept or reject packets
accordingly.
• This also prevents IP spoofing attacks. AH is based on MAC protocol, which means
that the two communicating parties must share a secret key in order to use AH.

b) Encapsulating Security Payload (ESP): ESP is a member of the Ipsec protocol suite.
In IPsec it provides origin authenticity, integrity and confidentiality protection of
packets.
• ESP also supports encryption-only and authentication-only configurations, but using
encryption without authentication is strongly discouraged because it is insecure.
 5.2 IP Security:(IP Sec) Continue......
• Modes of operation: Both AH and ESP works in two modes:
1. Tunnel mode: In tunnel mode, IPsec protects the entire IP datagram. It takes an IP
datagram, adds the IPSec header and trailer and encrypts the whole thing. It then
adds new IP header to this encrypted datagram.

2. Transport mode: Transport mode does not hide the actual source and destination
addresses. They are visible in plain text, while in transit.
• In the transport mode, IPSec takes the transport layer payload, adds IPSec header
and trailer, encrypted datagram.
• Uses of IP Security
• IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which all data
being sent between the two endpoints is encrypted, as with a Virtual Private
Network(VPN) connection.
5.3 Email Security:
• Email security is a term for describing different procedures and techniques for
protecting email accounts, content, and communication against unauthorized
access, loss or compromise.
• Email is often used to spread malware, spam and phishing attacks. Attackers use
deceptive(misleading) messages to attract recipients to part with sensitive
information, open attachments or click on hyperlinks that install malware on the
victim’s device.
• Email is also a common entry point for attackers looking to gain a foothold in an
enterprise network and obtain valuable company data.
• Email encryption involves encrypting, or disguising, the content of email
messages to protect potentially sensitive information from being read by anyone
other than intended recipients.
• Email encryption often includes authentication.
5.3.1 Email Security Best Practices:
• While email is not secure by default, there are proactive best practices that
individuals and organizations can take to significantly improve email security,
including the following:

1. Enforce encrypted connections: All connections to and from an email

platform should occur over an SSL/TLS connection that encrypts the data as it
transits the public internet.

2. Encrypt email: While perhaps not an ideal option for every user at every
organization, encrypting email messages provides an additional layer of privacy
that can help to protect against unauthorized information disclosure.

3. Create strong passwords: For users, it is important that any passwords are

complex and not easy to guess. It's often recommended that users have
passwords with a combination of letter, numbers and symbols.
5.3.1 Email Security Best Practices: Continue…..
4. Implement 2FA or MFA: While strong passwords are helpful, they often aren't
enough. Implementing two-factor authentication (2FA) or multifactor
authentication (MFA) provides an additional layer of access control that can help
to improve email security.

5. Train on anti-phishing: Phishing is a common email threat. It's important to

train users to avoid risky behaviors and spot phishing attacks that get through to
their inbox.

6. Use domain authentication: The use of domain authentication protocols and

techniques, including domain-based message authentication, reporting and
conformance, can help to reduce the risk of domain spoofing.
5.3.2 Email Security Protocols:
5.3.2.1 Privacy Enhanced Mail (PEM) :
• It is an email security standard to provide secure electronic mail communication over the
internet.
• Security of email messages has become extremely important nowadays. In order to deal with the
security issues of emails the internet architecture board has adopted it.
• The PEM mainly provides the following services –
1. Confidentiality :
• Confidentiality refers to the act of preventing unauthorized access to the information hence
protecting it.
• The confidentiality is obtained in PEM by encrypting the messages by using various standard
algorithms such as Data Encryption Standard (DES).
2. Integrity –
• Data integrity refers to the consistency of data through out its life cycle.
• This is obtained by using a unique concept called as message digest where message digest is a
hash function which converts the message into an image called digest on taking the message as
input.
• PEM uses RSA encryption, MD2 and MD5 hash functions to generate the digests.
Working of PEM :
• The PEM works basically in 4 main steps.

Step 1-Canonical Conversion :

• This step involves the conversion of the message into a standard format that is
independent of the computer architecture and the operating system of the
sender and the receiver.
• If the sender and receiver has different computer architecture or operating
system. It may lead to generation of different message digest due to difference in
their interpretation because of syntactical difference from one operating system
to an other.

.
Working of PEM : Continue….
Step 2-Digital Signature :
• In this step, the digital signature is generated by encrypting the message digest of
an email message with the sender’s private key.
Working of PEM : Continue….
Step 3- Encryption :
• The encrypted message is generated by encrypting the original message and
digital signature together along with the symmetric key as shown in the figure
below.
• This step is very crucial in order to obtain the confidentiality.
Working of PEM : Continue….
Step 4- Base- 64 encoding:
• This process transforms arbitrary binary input into printable character output.
• The binary input is processed in blocks of 3 octets or 24 bits. These 24 bits are
considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.
5.3.2.2 Pretty Good Privacy (PGP) :
• It is a popular program used to encrypt and decrypt email over the internet.
• It becomes a standard for email security. It is used to send encrypted code (digital
signature) that lets the receiver verify the sender’s identity and takes care that
the route of message should not change.
• PGP can be used to encrypt files being stored so that they are in unreadable form
and not readable by users or intruders It is available in Low cost and Freeware
version.
• It is most widely used privacy ensuring program used by individuals as well as
many corporations.
5.3.2.2 Pretty Good Privacy (PGP) :
• There are five steps as shown below:
1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with sender’s private key.
The result is the sender’s digital signature.
2. Compression: The input message as well as digital signature are compressed together
to reduce the size of final message that will be transmitted. For this the Lempel -Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with receivers public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-bits).these
24 bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits
is mapped into an 8-bit output character in this process.
5.3.2.3 Simple Mail Transfer Protocol (SMTP):
• Working Principle of SMTP:
• It is a protocol for sending e-mail messages between servers. Most e-mail
systems that send mail over the Internet use SMTP to send messages from one
server to another; the messages can then be retrieved with an e-mail client using
either POP or IMAP.
• In addition, SMTP is generally used to send messages from a mail client to a mail
server. This is why you need to specify both the POP or IMAP server and the
SMTP server when you configure your e-mail application.
• SMTP usually is implemented to operate over Internet port 25. An alternative to
SMTP that is widely used in Europe is X.400. Many mail servers now support
Extended Simple Mail Transfer Protocol (ESMTP), which allows multimedia files to
be delivered as e-mail.
5.3.2.3 SMTP: Continue…….

• A message (Notes or SMTP-based) is created on the The user sends the message
via the Domino 6 server.
• Lotus Domino executes a TCP/IP DNS (Domain Name System) resolution and finds
the target server.
• The message is transferred to target recipient’s server and then delivered to the
recipient.
What is an SMTP server?
• An SMTP server is an application or computer that sends, receives and relays email.
These servers typically use TCP on port 25 or 587.
• The port number identifies specific processes when an internet or network message is
forwarded to a server. All network-connected devices come equipped with
standardized ports that have an assigned number.
• Each number is reserved for certain protocols and their associated functions.
• SMTP servers are set to an always-on listening mode and as soon as a server detects a
TCP connection from a client, the SMTP process initiates a connection to port 25 to
send the email.
• Outgoing SMTP servers send messages for users. Email clients which are used to read
and send emails, must also have the Internet Protocol (IP) address of the SMTP server.
• To handle issues such as spam, server administrators must control which clients can use
the server. They can do this either by restricting users by their IP address or, more likely,
by imposing a system or command that requires the authentication of clients.
How SMTP works?
• SMTP uses a client-server model as follows:

• An email server uses SMTP to send a message from an email client to another email server.

• The email server uses SMTP as a relay service to send the email to the receiving email server.

• The receiving email server uses an email client to download incoming mail via IMAP, for
example, and places it in the recipient's inbox.

• So, for example, when a user clicks the "send" button, a TCP connection is established that links
to an SMTP server. When the SMTP server receives the TCP connection from a client, the SMTP
process starts a connection through port 25 to send the email.

• From here, the SMTP client tells the server what to do with information such as the sender's
and recipient's email addresses and the email's content.

• A mail transfer agent (MTA) then checks if both email addresses are from the same email
domain. If they're from the same domain, the email is sent; if not, the server uses the domain
name system (DNS) to identify the recipient's domain and then sends it to the correct server.

• The recipient then uses IMAP or POP3 protocols to receive the email.
How SMTP works?
• This image shows SMTP's role in sending an email -- from the user creating the
email to the recipient receiving it.