JAINIK PATEL, profile picture
Uploaded byJAINIK PATEL
PPT, PDF736 views

security issue

This document discusses security issues related to mobile technology. It begins by explaining the importance of understanding threats when building a security system. It then discusses different types of attacks like interception, modification, and interruption that can target both static and dynamic assets. The document also covers security concepts like confidentiality, integrity, authorization, and availability. It explains symmetric and asymmetric encryption techniques as well as protocols like SSL, TLS, and WTLS that use these techniques to securely transmit data over networks.

Embed presentation

Download to read offline
Security Issues in Mobile Technology •presented By: - Parmar Pallavi[112343]. Solanki Urmi[112324].
In any defense system, we need to know our enemy. To build an information security system, we need to answer the following question: 1) who is the enemy ? 2) what are the weak links in the system? 3) what needs special protection? 4) To protect our assets from attack, we need to build a security system. How much does the security system cost in terms of money, resource and time? Information Security
Attack A security system is a system to defend our asset from attacks. In the physical world, these attacks are carried at the weak point in the defense system.. Loss can be either 1.Static information asset(static asset). 2.Dynamic asset
Static assets cover a large portion of theasset base. All the databases, files, documents etc. In the computer fall in this category. Example of attacks on static asset are virus deleting files in a computer or jamming a network. Example of an attack on a dynamic asset is the theft of a credit card number while a user is doing a credit card transaction on the web.
Interception:- An unauthorized party gaining access to an asset will be part of this attack. This is an attack on confidentiality like unauthorized copying of files or tapping a conversation between parties. Modification:- An unauthorized party gaining control of an asset and tampering with it is part of this attack. This is an attack on integrity like changing the content of a message being transmitted through the network Attack on dynamic asset can be of following type
Febrication:- An unauthorized party inserts counterfeited objects into the system. For example , impersonating someone and inserting a spurious message in network. Interruption:- An asset is destroyed or made unusable. This is an attack on availibility. this attack can be on a static assent or a dynamic asset. An example could be cutting a communication line or making the router so busy that a user cannot use a server in a network
Forcenturies,informationsecurity was synonymous with secrecy. The art of keeping a message secret was to encrypt the message and thus hide from others getting to know of it. Thereare six types component of information security are as follows: 1) Confidentiality 2) Availability 3) Integrity 4) Non-repudiation 5) Authorization 6) Trust 7) Accounting
Confidentiality (privacy):- isthe property where the information is kept secret so that unauthorized person cannot get at the information. integrity:- Integrity is to ensure the integrity of the message. Authorization:- It deals with privileges(authority). In any transaction, there is a subject (a person) and an object(data items or file).The subject wants some function to be performed ononthe objects.
Availability (obtainment):- media management is not within the scope of security protocols and algorithms. Media management is needed to ensure a availability of service. Trust :- Trust involves developing a security trust-based security management is necessary. Trust involves developing a securitypolicy,assigningcredentials(identity card) toentities,verifyingthat the credentials fulfill the policy.
Accounting :- It is the process by which the usage of the service is metered. Based upon the usage, the service provider collects the feeeitherdirectly from the customer or through the home network.
In a symmetric key cryptography, the same key is used for both encryption and decryption. This is like a lock where the same key is used to lock and unlock In this type of encryption , the key is secret and known only to the encrypting (sender) and decrypting(receiver) parties. Therefore, it is also known as a secret key algorithm. Some authors refer to symmetric key cryptography as shared key...because the same key is shared between the sender and the receiver of the message.
In a symmetric cryptography, there are four components. 1) plaintext, 2) encryption/decryption algorithm, 3) secret key (key for encryption and decryption), 4)ciphertext.
The most popular symmetric key algorithms are: 1) DES : Data Encryption Standard, this algorithm is the most widely used, researched and has had the longest life so far. 2) 3DES: This is the modification DES. In This algorithm, DES Is used 3 times in succession 3) AES: Advances Encryption Standard, this is the current accepted standard for encryption by FIPS(Federal Information Processing Standards) of USA. 4) Skip jack: this is a token-bases algorithm used by defense personnel in the US.
In symmetric key encryption we use the same key for both encryption and decryption. In public key cryptography we use the different keys, one key for encryption and a different key for decryption. As there are two different keys used, this is also called asymmetric key cryptography. Public key cryptosystem is based on mathematical functions rather than permutation and substitution.
There are six components: 1) plain Text: This is the human readable message or data given to the public key algorithm as input for encryption 2)Ciphertext:- This is a unique data and depends only on the unique key used for encryption. 3) Encryption Algorithm :- This is the algorithm that does computation and various transformation on the inputpalintext. 4) Decryption algorithm :- This algorithm does the reverse function of the encryption algorithm. 5) Public key :- This is one of the keys from the key pair. This key is made public for anybody toaccess.Thiskey is either used for encryption and decryption. 6) Private key :- This is called the privatekey,becausethe key is secret..
Hashing function are one-way functions used for message digests. Hash function takes input data of any size and give the output of the fixed size. The outputs are collision (clash)free. This means that two different inputs will not produce the same output. The most commonly used hash functions are MD5 AND SHA-1.
MD5 MD5 is stands for Message Digest version 5. The MD5 algorithm is an extension of the MD4 message – digest algorithm and is slower than MD4. The algorithm can also 512 bits of the input message in blocks.
SHA Algorithm SHA stands for Secure Hash Algorithm. It was developed by the NIST(National Institute of Standard and Technology). SHA was first published in 1993. Later in, 1995, a revised version of the algorithm was published as SHA-1. SHA processes input in 512 bits block and produces 160 bits of output. Like MD5 ,SHA-1 is also based on MD4 algorithm.
MAC stands for Message Authentication Code. it is used to integrity check the message. A secret key is used to generate a small fixed size data block from the message. Both the sender and the receiver share the same secret key for MAC. When the sender has a message to be sent to the receiver, the message is sent along with the MAC. The receiver receives themessage;andcalculate the MAC from the message and the shared key. The receiver checks the MAC received from the sender. if they are the same, the message is considered to be in perfect state.
Security Protocol We need to device protocols that will use these algorithms in such a fashion that vulnerabilities are eliminated and security is ensured. There are many protocols for secured communication.
The most popular protocol is SSL(Secure Socket Layer). SSL was originally developed by Netscape. The Internet standars for TLS (Transport Layer Security) and WTLS(wireless Transport Layer Security) have been derives from the SSL protocol.
Security Socket Layer (SSL) SSL protocol is used to provide security of data over public networks like Internet. it runs above the TCP/IP protocol layer and below higher level protocols such as HTTP. SSL allows both machines(server and client) to establish a secured encrypted channel
•Public-key encryption provides better authentication techniques. •Symmetric key encryption is much faster than the public key encryption. •An SSL session begins with SSL handshake. •SSL handshake allow the server to authenticate itself to the client using public-key techniques.
•SSL handshake also allow the client o authenticate itself to the server. •It then allows the client and server to cooperate in the creation of symmetric key. •It then uses this shared key for payload encryption, decryption and tamper detection the session that follows.
TLS Transport Layer Security or TLS in short is a security protocol to offer secure communication at the transport layer. TLS protocol is the Internet standard and based on the SSL 3.0 protocol specification. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. At the lower levels, TLS uses TCP transport protocol. The TLS protocol is composed of two layers: the TLS Handshake protocol and the TLS Record Protocol.
WTLS oThe transport layer security protocol in the WAP architecture is called the Wireless Transport Layer Security. oWTLS provide functionality similar to TLS 1.0 and in corporates new feature such as datagram support, optimized handshake and dynamic key refreshing. oThe WTLS layer operates above the transport protocol layer similar to TLS.
oWTLS provides an interface for creating and terminating secure connections. oThe primary goal of the WTLS layer is to provide, data integrity and authentication between two communicating applications.
Thank You

More Related Content

PPT
Introduction to distributed system
byishapadhy
 
PPTX
2
byAnkit Anand
 
PPT
Client server computing in mobile environments
byPraveen Joshi
 
DOC
Distributed Computing Report
byIIT Kharagpur
 
PPTX
Distributed Systems - Information Technology
bySagar Mehta
 
PPTX
Distributed architecture (SAD)
byKhubaib Ahmad Kunjahi
 
PDF
Implementation of Agent Based Dynamic Distributed Service
byCSCJournals
 
PPTX
Data management issues
byNeha Bansal
 
Introduction to distributed system
byishapadhy
 
2
byAnkit Anand
 
Client server computing in mobile environments
byPraveen Joshi
 
Distributed Computing Report
byIIT Kharagpur
 
Distributed Systems - Information Technology
bySagar Mehta
 
Distributed architecture (SAD)
byKhubaib Ahmad Kunjahi
 
Implementation of Agent Based Dynamic Distributed Service
byCSCJournals
 
Data management issues
byNeha Bansal
 

What's hot

PPTX
Introduction to Distributed System
bySunita Sahu
 
PPT
Ch12
byphanleson
 
PPTX
Distributed System ppt
byOECLIB Odisha Electronics Control Library
 
PPTX
Client server architecture
byRituBhargava7
 
PPT
1. Overview of Distributed Systems
byDaminda Herath
 
PPTX
Distributed system
byअङ्किता त्रिपाठी
 
PPT
Client Server Architecture1
byBosch Software Innovations
 
DOC
04 Client Server Computing
byLaguna State Polytechnic University
 
PPT
Distributed network
byDhani Ahmad
 
PPT
Client Server Computing : unit 1
byTHIRUNEELAKANDAN ARCHUNAN
 
PDF
improve cloud security
byBalkees Shereek
 
PPT
3 Tier Architecture
byguestd0cc01
 
PDF
An approach of software engineering through middleware
byIAEME Publication
 
PPTX
Introduction to Cloud Computing
byBharat Kalia
 
PPT
Client Server Computing Slides by Puja Dhar
bypuja_dhar
 
PPT
Components of client server application
byAshwin Ananthapadmanabhan
 
PPT
Mobile agents
bySantosh Pandey
 
PPT
Distributed System-Multicast & Indirect communication
byMNM Jain Engineering College
 
PPTX
1. intro
bykhoahuy82
 
PDF
Client server based computing
byMohammad Affan
 
Introduction to Distributed System
bySunita Sahu
 
Ch12
byphanleson
 
Distributed System ppt
byOECLIB Odisha Electronics Control Library
 
Client server architecture
byRituBhargava7
 
1. Overview of Distributed Systems
byDaminda Herath
 
Distributed system
byअङ्किता त्रिपाठी
 
Client Server Architecture1
byBosch Software Innovations
 
04 Client Server Computing
byLaguna State Polytechnic University
 
Distributed network
byDhani Ahmad
 
Client Server Computing : unit 1
byTHIRUNEELAKANDAN ARCHUNAN
 
improve cloud security
byBalkees Shereek
 
3 Tier Architecture
byguestd0cc01
 
An approach of software engineering through middleware
byIAEME Publication
 
Introduction to Cloud Computing
byBharat Kalia
 
Client Server Computing Slides by Puja Dhar
bypuja_dhar
 
Components of client server application
byAshwin Ananthapadmanabhan
 
Mobile agents
bySantosh Pandey
 
Distributed System-Multicast & Indirect communication
byMNM Jain Engineering College
 
1. intro
bykhoahuy82
 
Client server based computing
byMohammad Affan
 

Viewers also liked

PPT
Mobile Computing
byJAINIK PATEL
 
PPT
MMS Introduction
bymamahow
 
PPTX
Issue with Internet in college (Computer Security and Cyber Law)
byGovinda Aryal
 
PPTX
Single Sign-On security issue in Cloud Computing
byRahul Roshan
 
PPTX
MMS presentation
bymodernmichelle
 
PDF
Journal of Network Security vol 4 issue 3
bySTM Journals
 
PPTX
Cybersecurity 4 security is sociotechnical issue
bysommerville-videos
 
PPS
Mobile Messaging - Part 5 - Mms Arch And Transactions
byGwenaël Le Bodic
 
PDF
Application Security Trends and Issues
byDedi Dwianto
 
PPT
Big Data (security Issue)
byExport Promotion Bureau
 
PPS
Ch5
byRonak Patel
 
PPTX
SMS & MMS Technologies
byArun Shukla
 
PPT
IMS IP multimedia subsystem presentation
byWaldir R. Pires Jr
 
PPT
Short message service
byVishnu Kudumula
 
PPT
Sms &mms
byNaveen Sihag
 
PPT
Wap ppt
byAbhijit Nath
 
PPT
10 Slides to SMS
byseanraz
 
PDF
Need For Ethical & Security Issue In It
bySonali Srivastava
 
Mobile Computing
byJAINIK PATEL
 
MMS Introduction
bymamahow
 
Issue with Internet in college (Computer Security and Cyber Law)
byGovinda Aryal
 
Single Sign-On security issue in Cloud Computing
byRahul Roshan
 
MMS presentation
bymodernmichelle
 
Journal of Network Security vol 4 issue 3
bySTM Journals
 
Cybersecurity 4 security is sociotechnical issue
bysommerville-videos
 
Mobile Messaging - Part 5 - Mms Arch And Transactions
byGwenaël Le Bodic
 
Application Security Trends and Issues
byDedi Dwianto
 
Big Data (security Issue)
byExport Promotion Bureau
 
Ch5
byRonak Patel
 
SMS & MMS Technologies
byArun Shukla
 
IMS IP multimedia subsystem presentation
byWaldir R. Pires Jr
 
Short message service
byVishnu Kudumula
 
Sms &mms
byNaveen Sihag
 
Wap ppt
byAbhijit Nath
 
10 Slides to SMS
byseanraz
 
Need For Ethical & Security Issue In It
bySonali Srivastava
 

Similar to security issue

PPTX
Chapter 1 information assurance and security
bygaredew32
 
PPTX
Cyber security
byJahirUddinKomol
 
PPTX
Introduction to Network Security
byShitiz Upreti
 
PPTX
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
byabduganiyevbekzod011
 
PDF
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
PDF
chapter 1-4.pdf
byzerihunnana
 
PPTX
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
PPTX
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
PPTX
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
bySisodetrupti
 
PPTX
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
PPTX
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
PPT
CNS Unit-I_final.ppt
bySwapnaPavan2
 
PDF
Secure 3 kany-vanda
byVanda KANY
 
PPTX
Network security & cryptography
bypinkutinku26
 
PPTX
Network security & cryptography
byKiran Patil
 
PPTX
Seminar Information Protection & Computer Security (Cryptography).pptx
byumardanjumamaiwada
 
PPTX
Encryption techniques
byMohitManna
 
PPTX
Key distribution code.ppt
byPrabhat Kumar
 
PPTX
chapter 7.pptx
byMelkamtseganewTigabi1
 
PPTX
Internet Security
byJainamParikh3
 
Chapter 1 information assurance and security
bygaredew32
 
Cyber security
byJahirUddinKomol
 
Introduction to Network Security
byShitiz Upreti
 
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
byabduganiyevbekzod011
 
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
chapter 1-4.pdf
byzerihunnana
 
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
bySisodetrupti
 
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
CNS Unit-I_final.ppt
bySwapnaPavan2
 
Secure 3 kany-vanda
byVanda KANY
 
Network security & cryptography
bypinkutinku26
 
Network security & cryptography
byKiran Patil
 
Seminar Information Protection & Computer Security (Cryptography).pptx
byumardanjumamaiwada
 
Encryption techniques
byMohitManna
 
Key distribution code.ppt
byPrabhat Kumar
 
chapter 7.pptx
byMelkamtseganewTigabi1
 
Internet Security
byJainamParikh3
 

More from JAINIK PATEL

PPT
Facade pattern
byJAINIK PATEL
 
PPTX
The Singleton Pattern Presentation
byJAINIK PATEL
 
PPTX
SMS
byJAINIK PATEL
 
PPT
Architecture of Mobile Computing
byJAINIK PATEL
 
PPTX
112321 112333 wirless application protocol
byJAINIK PATEL
 
PPTX
Facadepattern
byJAINIK PATEL
 
Facade pattern
byJAINIK PATEL
 
The Singleton Pattern Presentation
byJAINIK PATEL
 
SMS
byJAINIK PATEL
 
Architecture of Mobile Computing
byJAINIK PATEL
 
112321 112333 wirless application protocol
byJAINIK PATEL
 
Facadepattern
byJAINIK PATEL
 

Recently uploaded

PPTX
Return For Exchange in Odoo 18 Inventory
byCeline George
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PPTX
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
PDF
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Return For Exchange in Odoo 18 Inventory
byCeline George
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
java full stack programming and interview questions
byrajuashokit
 
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 

security issue

  • 1.
    Security Issues inMobile Technology •presented By: - Parmar Pallavi[112343]. Solanki Urmi[112324].
  • 2.
    In any defensesystem, we need to know our enemy. To build an information security system, we need to answer the following question: 1) who is the enemy ? 2) what are the weak links in the system? 3) what needs special protection? 4) To protect our assets from attack, we need to build a security system. How much does the security system cost in terms of money, resource and time? Information Security
  • 3.
    Attack A security systemis a system to defend our asset from attacks. In the physical world, these attacks are carried at the weak point in the defense system.. Loss can be either 1.Static information asset(static asset). 2.Dynamic asset
  • 4.
    Static assets covera large portion of theasset base. All the databases, files, documents etc. In the computer fall in this category. Example of attacks on static asset are virus deleting files in a computer or jamming a network. Example of an attack on a dynamic asset is the theft of a credit card number while a user is doing a credit card transaction on the web.
  • 5.
    Interception:- An unauthorized partygaining access to an asset will be part of this attack. This is an attack on confidentiality like unauthorized copying of files or tapping a conversation between parties. Modification:- An unauthorized party gaining control of an asset and tampering with it is part of this attack. This is an attack on integrity like changing the content of a message being transmitted through the network Attack on dynamic asset can be of following type
  • 6.
    Febrication:- An unauthorized partyinserts counterfeited objects into the system. For example , impersonating someone and inserting a spurious message in network. Interruption:- An asset is destroyed or made unusable. This is an attack on availibility. this attack can be on a static assent or a dynamic asset. An example could be cutting a communication line or making the router so busy that a user cannot use a server in a network
  • 10.
    Forcenturies,informationsecurity was synonymouswith secrecy. The art of keeping a message secret was to encrypt the message and thus hide from others getting to know of it. Thereare six types component of information security are as follows: 1) Confidentiality 2) Availability 3) Integrity 4) Non-repudiation 5) Authorization 6) Trust 7) Accounting
  • 11.
    Confidentiality (privacy):- isthe propertywhere the information is kept secret so that unauthorized person cannot get at the information. integrity:- Integrity is to ensure the integrity of the message. Authorization:- It deals with privileges(authority). In any transaction, there is a subject (a person) and an object(data items or file).The subject wants some function to be performed ononthe objects.
  • 12.
    Availability (obtainment):- media managementis not within the scope of security protocols and algorithms. Media management is needed to ensure a availability of service. Trust :- Trust involves developing a security trust-based security management is necessary. Trust involves developing a securitypolicy,assigningcredentials(identity card) toentities,verifyingthat the credentials fulfill the policy.
  • 13.
    Accounting :- It isthe process by which the usage of the service is metered. Based upon the usage, the service provider collects the feeeitherdirectly from the customer or through the home network.
  • 15.
    In a symmetrickey cryptography, the same key is used for both encryption and decryption. This is like a lock where the same key is used to lock and unlock In this type of encryption , the key is secret and known only to the encrypting (sender) and decrypting(receiver) parties. Therefore, it is also known as a secret key algorithm. Some authors refer to symmetric key cryptography as shared key...because the same key is shared between the sender and the receiver of the message.
  • 16.
    In a symmetriccryptography, there are four components. 1) plaintext, 2) encryption/decryption algorithm, 3) secret key (key for encryption and decryption), 4)ciphertext.
  • 17.
    The most popularsymmetric key algorithms are: 1) DES : Data Encryption Standard, this algorithm is the most widely used, researched and has had the longest life so far. 2) 3DES: This is the modification DES. In This algorithm, DES Is used 3 times in succession 3) AES: Advances Encryption Standard, this is the current accepted standard for encryption by FIPS(Federal Information Processing Standards) of USA. 4) Skip jack: this is a token-bases algorithm used by defense personnel in the US.
  • 18.
    In symmetric keyencryption we use the same key for both encryption and decryption. In public key cryptography we use the different keys, one key for encryption and a different key for decryption. As there are two different keys used, this is also called asymmetric key cryptography. Public key cryptosystem is based on mathematical functions rather than permutation and substitution.
  • 19.
    There are sixcomponents: 1) plain Text: This is the human readable message or data given to the public key algorithm as input for encryption 2)Ciphertext:- This is a unique data and depends only on the unique key used for encryption. 3) Encryption Algorithm :- This is the algorithm that does computation and various transformation on the inputpalintext. 4) Decryption algorithm :- This algorithm does the reverse function of the encryption algorithm. 5) Public key :- This is one of the keys from the key pair. This key is made public for anybody toaccess.Thiskey is either used for encryption and decryption. 6) Private key :- This is called the privatekey,becausethe key is secret..
  • 20.
    Hashing function areone-way functions used for message digests. Hash function takes input data of any size and give the output of the fixed size. The outputs are collision (clash)free. This means that two different inputs will not produce the same output. The most commonly used hash functions are MD5 AND SHA-1.
  • 21.
    MD5 MD5 is standsfor Message Digest version 5. The MD5 algorithm is an extension of the MD4 message – digest algorithm and is slower than MD4. The algorithm can also 512 bits of the input message in blocks.
  • 22.
    SHA Algorithm SHA standsfor Secure Hash Algorithm. It was developed by the NIST(National Institute of Standard and Technology). SHA was first published in 1993. Later in, 1995, a revised version of the algorithm was published as SHA-1. SHA processes input in 512 bits block and produces 160 bits of output. Like MD5 ,SHA-1 is also based on MD4 algorithm.
  • 23.
    MAC stands forMessage Authentication Code. it is used to integrity check the message. A secret key is used to generate a small fixed size data block from the message. Both the sender and the receiver share the same secret key for MAC. When the sender has a message to be sent to the receiver, the message is sent along with the MAC. The receiver receives themessage;andcalculate the MAC from the message and the shared key. The receiver checks the MAC received from the sender. if they are the same, the message is considered to be in perfect state.
  • 24.
    Security Protocol We needto device protocols that will use these algorithms in such a fashion that vulnerabilities are eliminated and security is ensured. There are many protocols for secured communication.
  • 25.
    The most popularprotocol is SSL(Secure Socket Layer). SSL was originally developed by Netscape. The Internet standars for TLS (Transport Layer Security) and WTLS(wireless Transport Layer Security) have been derives from the SSL protocol.
  • 27.
    Security Socket Layer(SSL) SSL protocol is used to provide security of data over public networks like Internet. it runs above the TCP/IP protocol layer and below higher level protocols such as HTTP. SSL allows both machines(server and client) to establish a secured encrypted channel
  • 28.
    •Public-key encryption providesbetter authentication techniques. •Symmetric key encryption is much faster than the public key encryption. •An SSL session begins with SSL handshake. •SSL handshake allow the server to authenticate itself to the client using public-key techniques.
  • 29.
    •SSL handshake alsoallow the client o authenticate itself to the server. •It then allows the client and server to cooperate in the creation of symmetric key. •It then uses this shared key for payload encryption, decryption and tamper detection the session that follows.
  • 31.
    TLS Transport Layer Securityor TLS in short is a security protocol to offer secure communication at the transport layer. TLS protocol is the Internet standard and based on the SSL 3.0 protocol specification. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. At the lower levels, TLS uses TCP transport protocol. The TLS protocol is composed of two layers: the TLS Handshake protocol and the TLS Record Protocol.
  • 32.
    WTLS oThe transport layersecurity protocol in the WAP architecture is called the Wireless Transport Layer Security. oWTLS provide functionality similar to TLS 1.0 and in corporates new feature such as datagram support, optimized handshake and dynamic key refreshing. oThe WTLS layer operates above the transport protocol layer similar to TLS.
  • 33.
    oWTLS provides aninterface for creating and terminating secure connections. oThe primary goal of the WTLS layer is to provide, data integrity and authentication between two communicating applications.
  • 34.