This document provides an overview of cyber security topics including cryptography, cryptanalysis, symmetric and asymmetric key cryptography, hashing, digital signatures, firewalls, user management, and virtual private networks (VPNs). It defines these terms and concepts, compares different techniques like symmetric vs asymmetric cryptography, and packet filtering vs stateful inspection firewalls. The document also discusses the importance of using firewalls and how VPNs can provide privacy and anonymity online.
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
Fundamental of Secure Socket Layer (SSL) | Part - 2 Vishal Kumar
In this presentation we will learn about the Record Protocol, Alert Protocol, Closing and Resuming SSL Connections and Attacks on SSL.
The Part - 1 cab be founded at : https://www.slideshare.net/vishalkumar245/fundamental-of-secure-socket-layer-ssl-part-1
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
Fundamental of Secure Socket Layer (SSL) | Part - 2 Vishal Kumar
In this presentation we will learn about the Record Protocol, Alert Protocol, Closing and Resuming SSL Connections and Attacks on SSL.
The Part - 1 cab be founded at : https://www.slideshare.net/vishalkumar245/fundamental-of-secure-socket-layer-ssl-part-1
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
A NOVEL PARADIGM IN AUTHENTICATION SYSTEM USING SWIFI ENCRYPTION /DECRYPTION ...IJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access and a wide variety of security threats can be challenging. Verifying data integrity and authentication are essential security services in order to secure data transmission process. In this paper we propose a novel security technique which uses new encryption and decryption algorithms to achieve authenticated communication and enhanced data integrity. The proposed technique is very complex for attackers to decode, and it is applicable to client-server architecture.
A novel paradigm in authentication systemIJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access
and a wide variety of security threats can be challenging. Verifying data integrity and authentication are
essential security services in order to secure data transmission process. In this paper we propose a novel
security technique which uses new encryption and decryption algorithms to achieve authenticated
communication and enhanced data integrity. The proposed technique is very complex for attackers to
decode, and it is applicable to client-server architecture.
7/22/2019 TestOut LabSim
https://cdn.testout.com/client-v5-1-10-563/startlabsim.html 1/3
9.2.2 Advanced Cryptography Facts9.2.2 Advanced Cryptography Facts
Advanced cryptography includes the following:
Concepts Definition
Encrypting
The purpose of encryption is obfuscation, making a message obscure so it is difficult to read.
Cryptographic service providers (CSPs) are software libraries that can be used to enhance encryption. Applications can use
these libraries to help secure email and provide strong user authentication.
Key
Exchange
The sender of an encrypted message encrypts a message with a key. Then the message receiver must decrypt the message with a key.
Key families include:
Symmetric. A symmetric key is where the sender uses a private key to encrypt a message. Then the recipient uses that same
private key to decrypt it.
Asymmetric. An asymmetric key is where the sender's key and receiver's key are different for the encryption and decryption
processes.
Key length is the number of bits used in a key by a cryptographic algorithm and can determine the strength.
Modes of
Operation
Modes of operations include:
Block Cipher: Provides confidentiality and authenticity services. A block cipher can encrypt or decrypt one fixed-length
block. It encrypts or decrypts one large chunk of data (or block) at a time, often combining blocks for additional security.
Block ciphers are more useful when the amount of data is known.
Cipher Block Chaining (CBC): A plaintext block is combined with the previous cipher text block, and the result is
encrypted with the key.
Cipher Feedback (CFB): Each cipher text block is fed back into the encryption and then used to encrypt the next plaintext
block.
Output Feedback (OFB): The output blocks are fed back into the block cipher. These blocks then make strings of bits to
feed the encryption algorithm, acting as the key generator.
Counter (CTR): Both the sender and recipient access a reliable counter that computes a new shared value each time a
ciphertext block is exchanged. The counter needs to be synchronized between both parties.
Galois/Counter Mode (GCM): A variation of the Counter mode, GCM throughput rates do not require high performance
hardware to produce acceptable high speed communication channels.
Output
The output from a cryptographic process may exhibit the following:
A simple character change in the plaintext will cause several characters to change in the cipher text. This is called diffusion.
When two different inputs to a cryptographic function produce the same output, this is called a collision. Collisions are not
common, but can occur.
Digital
Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of digital message or document. A valid digital
signature gives a message credibility, guaranteeing the recipient that the message has not been tampered with in transit.
Things to consider when choosing your cryptographic methods:
Concept Definition
L ...
- Security is a concept similar to being cautious
or alert against any danger. Network security is the condition of
being protected against any danger or loss. Thus safety plays a
important role in bank transactions where disclosure of any data
results in big loss. We can define networking as the combination
of two or more computers for the purpose of resource sharing.
Resources here include files, database, emails etc. It is the
protection of these resources from unauthorized users that
brought the development of network security. It is a measure
incorporated to protect data during their transmission and also
to ensure the transmitted is protected and authentic.
Security of online bank transactions here has been
improved by increasing the number of bits while establishing the
SSL connection as well as in RSA asymmetric key encryption
along with SHA1 used for digital signature to authenticate the
user
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
A NOVEL PARADIGM IN AUTHENTICATION SYSTEM USING SWIFI ENCRYPTION /DECRYPTION ...IJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access and a wide variety of security threats can be challenging. Verifying data integrity and authentication are essential security services in order to secure data transmission process. In this paper we propose a novel security technique which uses new encryption and decryption algorithms to achieve authenticated communication and enhanced data integrity. The proposed technique is very complex for attackers to decode, and it is applicable to client-server architecture.
A novel paradigm in authentication systemIJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access
and a wide variety of security threats can be challenging. Verifying data integrity and authentication are
essential security services in order to secure data transmission process. In this paper we propose a novel
security technique which uses new encryption and decryption algorithms to achieve authenticated
communication and enhanced data integrity. The proposed technique is very complex for attackers to
decode, and it is applicable to client-server architecture.
7/22/2019 TestOut LabSim
https://cdn.testout.com/client-v5-1-10-563/startlabsim.html 1/3
9.2.2 Advanced Cryptography Facts9.2.2 Advanced Cryptography Facts
Advanced cryptography includes the following:
Concepts Definition
Encrypting
The purpose of encryption is obfuscation, making a message obscure so it is difficult to read.
Cryptographic service providers (CSPs) are software libraries that can be used to enhance encryption. Applications can use
these libraries to help secure email and provide strong user authentication.
Key
Exchange
The sender of an encrypted message encrypts a message with a key. Then the message receiver must decrypt the message with a key.
Key families include:
Symmetric. A symmetric key is where the sender uses a private key to encrypt a message. Then the recipient uses that same
private key to decrypt it.
Asymmetric. An asymmetric key is where the sender's key and receiver's key are different for the encryption and decryption
processes.
Key length is the number of bits used in a key by a cryptographic algorithm and can determine the strength.
Modes of
Operation
Modes of operations include:
Block Cipher: Provides confidentiality and authenticity services. A block cipher can encrypt or decrypt one fixed-length
block. It encrypts or decrypts one large chunk of data (or block) at a time, often combining blocks for additional security.
Block ciphers are more useful when the amount of data is known.
Cipher Block Chaining (CBC): A plaintext block is combined with the previous cipher text block, and the result is
encrypted with the key.
Cipher Feedback (CFB): Each cipher text block is fed back into the encryption and then used to encrypt the next plaintext
block.
Output Feedback (OFB): The output blocks are fed back into the block cipher. These blocks then make strings of bits to
feed the encryption algorithm, acting as the key generator.
Counter (CTR): Both the sender and recipient access a reliable counter that computes a new shared value each time a
ciphertext block is exchanged. The counter needs to be synchronized between both parties.
Galois/Counter Mode (GCM): A variation of the Counter mode, GCM throughput rates do not require high performance
hardware to produce acceptable high speed communication channels.
Output
The output from a cryptographic process may exhibit the following:
A simple character change in the plaintext will cause several characters to change in the cipher text. This is called diffusion.
When two different inputs to a cryptographic function produce the same output, this is called a collision. Collisions are not
common, but can occur.
Digital
Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of digital message or document. A valid digital
signature gives a message credibility, guaranteeing the recipient that the message has not been tampered with in transit.
Things to consider when choosing your cryptographic methods:
Concept Definition
L ...
- Security is a concept similar to being cautious
or alert against any danger. Network security is the condition of
being protected against any danger or loss. Thus safety plays a
important role in bank transactions where disclosure of any data
results in big loss. We can define networking as the combination
of two or more computers for the purpose of resource sharing.
Resources here include files, database, emails etc. It is the
protection of these resources from unauthorized users that
brought the development of network security. It is a measure
incorporated to protect data during their transmission and also
to ensure the transmitted is protected and authentic.
Security of online bank transactions here has been
improved by increasing the number of bits while establishing the
SSL connection as well as in RSA asymmetric key encryption
along with SHA1 used for digital signature to authenticate the
user
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
1. Cyber Security [105713] – Notes
Module 2
Cryptography and Cryptanalysis: Introduction to Cryptography, Symmetric key Cryptography, Asymmetric key
Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of Firewalls-
Types of Firewalls, User Management, VPN Security, Security Protocols: - security at the Application Layer- PGP
and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec.
Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL, Hash Values Calculations
MD5, SHA1, SHA256, SHA 512, Steganography (Stools)
Introduction to Cryptography
Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or hidden.
Cryptography is the science of secret writing with the intention of keeping the data secret.
Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems. These both
terms are a subset of what is called as Cryptology
Cryptography is classified into symmetric cryptography, asymmetric cryptography
and hashing.
Below are the description of these types:-
Symmetric key cryptography –
It involves usage of one secret key along with encryption and decryption algorithms which help in securing
the contents of the message. The strength of symmetric key cryptography depends upon the number of key
bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the
key has to be transferred from the sender to receiver through a secure channel.
Asymmetric key cryptography –
It is also known as public key cryptography because it involves usage of a public key along with secret key. It
solves the problem of key distribution as both parties uses different keys for encryption/decryption. It is not
feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography.
2. Hashing –
It involves taking the plain-text and converting it to a hash value of fixed size by a hash function. This process
ensures integrity of the message as the hash value on both, sender’s and receiver’s side should match if
the message is unaltered.
Features Of Cryptography are as follows:
Confidentiality: Information can only be accessed by the person for whom it is intended and no other person
except him can access it.
Integrity: Information cannot be modified in storage or transition between sender and intended receiver
without any addition to information being detected.
Non-repudiation: The creator/sender of information cannot deny his or her intention to send information at
later stage.
Authentication: The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC
process, the sender and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message
to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration –
Let us now try to understand the entire process in detail −
3. The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces
a MAC value.
Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The major
difference between hash and MAC is that MAC uses secret key during the compression.
The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear,
as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is
required then the message needs encryption.
On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key
K into the MAC algorithm and re-computes the MAC value.
The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they
match, then the receiver accepts the message and assures himself that the message has been sent by the
intended sender.
If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether
it is the message that has been altered or it is the origin that has been falsified. As a bottom- line, a receiver
safely assumes that the message is not the genuine.
Digital Signature:
Digital signatures are the public-key primitives of message authentication. In the physical world, it is common
to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the
message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be
independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the
signer.
In real world, the receiver of message needs assurance that the message belongs to the sender and he should
not be able to repudiate the origination of that message. This requirement is very crucial in business
applications, since likelihood of a dispute over exchanged data is very high.
Model of Digital Signature
As mentioned earlier, the digital signature scheme is based on public key cryptography. The model of digital signature
scheme is depicted in the following illustration −
The following points explain the entire process in detail −
Each person adopting this scheme has a public-private key pair.
Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key
used for signing is referred to as the signature key and the public key as the verification key.
Signer feeds data to the hash function and generates hash of data.
Hash value and signature key are then fed to the signature algorithm which produces the digital signature on
given hash. Signature is appended to the data and then both are sent to the verifier.
Verifier feeds the digital signature and the verification key into the verification algorithm. The verification
algorithm gives some value as output.
Verifier also runs same hash function on received data to generate hash value.
4. For verification, this hash value and output of verification algorithm are compared. Based on the comparison
result, verifier decides whether the digital signature is valid.
Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot
repudiate signing the data in future.
Overview of Firewalls:
A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing
traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply
A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the
Internet.
Generation of Firewall
Firewalls can be categorized based on its generation.
First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination
IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers).
Packet filtering firewall maintains a filtering table which decides whether the packet will be forwarded or
discarded. From the given filtering table, the packets will be Filtered according to following rules:
1. Incoming packets from network 192.168.21.0 are blocked.
2. Incoming packets destined for internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
4. All well-known services to the network 192.168.21.0 are allowed.
Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are
able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more
efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the
filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on
any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused. In other words, Application
layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between
either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based
on predefined rules.
Note: Application layer firewalls can also be used as Network Address Translator(NAT).
5. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop
modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of
Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the
network from these modern threats.
Types of Firewalls
Firewalls are generally of two types: Host-based and Network-based.
Host- based Firewalls: Host-based firewall is installed on each network node which controls each incoming
and outgoing packet. It is a software application or suite of applications, comes as a part of the operating
system. Host-based firewalls are needed because network firewalls cannot provide protection inside a
trusted network. Host firewall protects each host from attacks and unauthorized access.
Network-based Firewalls: Network firewall function on network level. In other words, these firewalls filter
all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic
using rules defined on the firewall. A Network firewall might have two or more network interface cards
(NICs). A network-based firewall is usually a dedicated system with proprietary software installed.
Network Firewalls are the devices that are used to prevent private networks from unauthorized access. A Firewall is
a security solution for the computers or devices that are connected to a network, they can be either in form of
hardware as well as in form of software.
Types of Network Firewall:
Packet Filters –
It is a technique used to control network access by monitoring outgoing and incoming packets and allowing
them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols, and
ports. This firewall is also known as a static firewall.
Stateful Inspection Firewalls –
It is also a type of packet filtering which is used to control how data packets move through a firewall. It is also
called dynamic packet filtering. These firewalls can inspect that if the packet belongs to a particular session
or not. It only permits communication if and only if, the session is perfectly established between two
endpoints else it will block the communication.
Application Layer Firewalls –
These firewalls can examine application layer (of OSI model) information like an HTTP request. If finds some
suspicious application that can be responsible for harming our network or that is not safe for our network
then it gets blocked right away.
Next-generation Firewalls –
6. These firewalls are called intelligent firewalls. These firewalls can perform all the tasks that are performed
by the other types of firewalls that we learned previously but on top of that, it includes additional features
like application awareness and control, integrated intrusion prevention, and cloud- delivered threat
intelligence.
Circuit-level gateways –
A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) connection security and works between an Open Systems Interconnection (OSI) network
model’s transport and application layers such as the session layer.
Software Firewall –
The software firewall is a type of computer software that runs on our computers. It protects our system from
any external attacks such as unauthorized access, malicious attacks, etc. by notifying us about the danger
that can occur if we open a particular mail or if we try to open a website that is not secure.
Hardware Firewall –
A hardware firewall is a physical appliance that is deployed to enforce a network boundary. All network links
crossing this boundary pass-through this firewall, which enables it to perform an inspection of both inbound
and outbound network traffic and enforce access controls and other security policies.
Cloud Firewall –
These are software-based, cloud-deployed network devices. This cloud-based firewall protects a private
network from any unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud level.
Advantages of Network Firewall:
Monitors network traffic –
A network firewall monitors and analyzes traffic by inspecting whether the traffic or packets passing through
our network is safe for our network or not. By doing so, it keeps our network away from any malicious content
that can harm our network.
Halt Hacking –
In a society where everyone is connected to technology, it becomes more important to keep firewalls in our
network and use the internet safely.
Stops viruses –
Viruses can come from anywhere, such as from an insecure website, from a spam message, or any threat, so
it becomes more important to have a strong defence system (i.e. firewall in this case), a virus attack can easily
shut off a whole network. In such a situation, a firewall plays a vital role.
Better security –
If it is about monitoring and analyzing the network from time to time and establishing a malware-free, virus-
free, spam-free environment so network firewall will provide better security to our network.
Increase privacy –
By protecting the network and providing better security, we get a network that can be trusted.
Disadvantages of Network Firewall:
Cost –
Depending on the type of firewall, it can be costly, usually, the hardware firewalls are more costly than the
software ones.
Restricts User –
Restricting users can be a disadvantage for large organizations, because of its tough security mechanism. A
firewall can restrict the employees to do a certain operation even though it’s a necessary operation.
Issues with the speed of the network –
Since the firewalls have to monitor every packet passing through the network, this can slow down operations
needed to be performed, or it can simply lead to slowing down the network.
Maintenance –
Firewalls require continuous updates and maintenance with every change in the networking technology. As
the development of new viruses is increasing continuously that can damage your system.
The Importance of Using a Firewall:
7. Feature-1 :
Monitoring Network Traffic –
Firewall security starts with effective monitoring of network traffic based on pre-established rules and filters to keep
the systems protected.
Feature-2 :
Stops Virus Attacks and spyware –
With cyber thieves creating hundreds of thousands of new threats every day, including spyware, viruses, and other
attacks like email bombs, denial of service, and malicious macros, it’s critical that you put protections in place to keep
your systems safe.
Feature-3 :
Preventing Hacks –
Cyber threats are evolving at a fast pace and are widespread. Firewalls keep hackers out of your data, emails, systems,
and other sensitive information.
Feature-4 :
Promotes Privacy –
Having a firewall keeps the data safe and builds an environment of privacy that is trustworthy and a system without
a firewall is accepting every connection into the network from anyone.
User Management:
User management (UM) is defined as the effective management of users and their accounts, giving them access to
various IT resources like devices, applications, systems, networks, SaaS services, storage systems, and more.
User management is a core part to any identity and access management (IAM) solution, in particular
directory services tools.
Controlling and managing user access to IT resources is a fundamental security essential for any organization.
User management enables admins to control user access and on-board and off-board users to and from IT
resources.
Subsequently a directory service will then authenticate, authorize, and audit user access to IT resources
based on what the IT admin had dictated.
Virtual Private Network (VPN):
VPN stands for the virtual private network. A virtual private network (VPN) is a technology that creates a safe
and encrypted connection over a less secure network, such as the internet.
A Virtual Private Network is a way to extend a private network using a public network such as the internet.
The name only suggests that it is a Virtual “private network” i.e. user can be part of a local network sitting at
a remote location. It makes use of tunneling protocols to establish a secure connection.
8. Features of VPN :
VPN provides plentiful Server location.
It also provides anonymous DNS servers.
VPNs are generally cost-effective.
VPN supports Router.
The VPN is highly encrypted and secure.
Along with VPN, we get secure VPN protocols.
It provides safety against DNS Leak.
The VPN providers also offer Cross-Platform Compatible Apps.
Applications of VPN:
VPN can easily bypass geographic restrictions on websites or streaming audio and video.
Using a VPN, we can protect ourselves from snooping from untrustworthy Wi-Fi hotspots.
One can gain privacy online by hiding one’s true location.
One can protect themselves from being logged while torrenting.
What does a VPN hide?
A VPN can hide a lot of information like –
User’s Browsing History
User’s IP address and location
User’s location for streaming
User’s device
User’s web activity — to preserve internet freedom
How to choose a VPN?
In order to choose the perfect VPN, one must ask the given questions from their VPN providers as follows.
How much privacy the VPN is providing to you?
Are you able to run all security protocols?
Do they set any limits on your data?
Where is the server of your VPN located?
Are all your devices able to access VPN?
What is the cost of a VPN?
Advantages of VPN :
It Provides you Anonymity.
It Avoid the Geo-restrictions.
It has security Protection from Cyberattacks.
It will Prevent Bandwidth Throttling.
It will help you to Improve Gaming Experience.
9. It has capability to Bypass Firewall.
Disadvantages of VPN :
It can Slow down the Internet Speed.
It has Privacy Issues.
It might be Connection droppings while you will be connected over VPN.
It might have Configuration difficulty.
It has Legality Issues.
Virtual Private Network (VPN) is basically of 2 types:
1. Remote Access VPN:
Remote Access VPN permits a user to connect to a private network and access all its services and resources
remotely. The connection between the user and the private network occurs through the Internet and the
connection is secure and private. Remote Access VPN is useful for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to his/her company’s private
network and remotely access files and resources on the private network.
2. Site to Site VPN:
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies.
Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the
network of one office location to the network at another office location.
Intranet based VPN: When several offices of the same company are connected using Site-to- Site VPN
type, it is called as Intranet based VPN.
Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another
company, it is called as Extranet based VPN.
Types of Virtual Private Network (VPN) Protocols:
1. Internet Protocol Security (IPSec):
Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network.
IPSec secures Internet Protocol communication by verifying the session and encrypts each data packet during
the connection.
IPSec runs in 2 modes:
i. Transport mode
ii. Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the tunneling mode encrypts
the whole data packet. IPSec can also be used with other security protocols to improve the security system.
2. Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN security
protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel between two L2TP
connection points and IPSec protocol encrypts the data and maintains secure communication between the
tunnel.
3. Point–to–Point Tunneling Protocol (PPTP):
PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point-to- Point
Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely used VPN
protocol and has been in use since the early release of Windows. PPTP is also used on Mac and Linux apart
from Windows.
10. 4. SSL and TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the web
browser acts as the client and user access is prohibited to specific applications instead of entire network.
Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web browsers
and with almost no action required from the user as web browsers come integrated with SSL and TLS. SSL
connections have “https” in the initial of the URL instead of “http”.
5. OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and Site-to-Site
connections. It uses a traditional security protocol based on SSL and TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and also ensures that
the tunnel is encrypted. SSH connections are generated by a SSH client and data is transferred from a local
port on to the remote server through the encrypted tunnel.
Security Protocols:
Security at the Application Layer- PGP and S/MIME
1. Pretty Good Privacy (PGP) :
PGP is an open source software package that is designed for the purpose of email security. Phil Zimmerman
developed it. It provides the basic or fundamental needs of cryptography. In this multiple steps such are
taken to secure the email, these are,
Confidentiality
Authentication
Compression
Resemble
Segmentation
E-mail compatibility
2. Secure/Multipurpose Internet Mail Extension (S/MIME) :
S/MIME is a security-enhanced version of Multipurpose Internet Mail Extension (MIME). In this, public key
cryptography is used for digital sign, encrypt or decrypt the email. User acquires a public-private key pair
with a trusted authority and then makes appropriate use of those keys with email applications.
Difference between PGP and S/MIME :
S.NO PGP S/MIME
1.
It is designed for processing
the plain texts
While it is designed to process email as well as
many multimedia files.
2.
PGP is less costly as
compared to S/MIME. While S/MIME is comparatively expensive.
3.
PGP is good for personal as
well as office use. While it is good for industrial use.
11. Security at Transport Layer- SSL and TLS
❖ Transport Layer Security (TLS)
Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was derived from a
security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or tampers with
any message.
There are several benefits of TLS:
Encryption:
TLS/SSL can help to secure transmitted data using encryption.
Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most operating systems
and web servers.
Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing algorithm that
are used during the secure session.
Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its operations are completely invisible to
client.
4.
PGP is less efficient than
S/MIME. While it is more efficient than PGP.
5.
It depends on user key
exchange.
Whereas it relies on a hierarchically valid certificate
for key exchange.
6.
PGP is comparatively less
convenient.
While it is more convenient than PGP due to the
secure transformation of all the applications.
7.
PGP contains 4096 public
keys. While it contains only 1024 public keys.
8.
PGP is the standard for
strong encryption.
While it is also the standard for strong encryption
but has some drawbacks.
9. PGP is also be used in VPNs.
While it is not used in VPNs, it is only used in email
services.
10.
PGP uses Diffie hellman
digital signature. While it uses Elgamal digital signature.
12. Working of TLS:
The client connect to server (using TCP), the client will be something. The client sends number of specification:
i. Version of SSL/TLS.
ii. which cipher suites, compression method it wants to use.
The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher suite from one
of the clients option (if it supports one) and optionally picks a compression method. After this the basic setup is
done, the server provides its certificate. This certificate must be trusted either by the client itself or a party that the
client trusts. Having verified the certificate and being certain this server really is who he claims to be (and not a man
in the middle), a key is exchanged. This can be a public key, “PreMasterSecret” or simply nothing depending upon
cipher suite.
Both the server and client can now compute the key for symmetric encryption. The handshake is finished and the
two hosts can communicate securely. To close a connection by finishing. TCP connection both sides will know the
connection was improperly terminated. The connection cannot be compromised by this through, merely
interrupted.
❖ Secure Socket Layer (SSL)
Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server. SSL
encrypts the link between a web server and a browser which ensures that all data passed between them remain
private and free from attack.
Secure Socket Layer Protocols:
SSL record protocol
Handshake protocol
Change-cipher spec protocol
Alert protocol
SSL Protocol Stack:
SSL Record Protocol:
SSL Record provides two services to SSL connection.
Confidentiality
Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then
encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in last SSL header is appended to the
data.
13. Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each
other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.
Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite
and protocol version are exchanged for security purposes.
Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the
Server-hello-end packet.
Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
Silent Features of Secure Socket Layer:
The advantage of this approach is that the service can be tailored to the specific needs of the given
application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide reliable end-to-end secure service.
This is a two-layered protocol.
There are some differences between SSL and TLS which are given below:
S.NO SSL TLS
1. SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.
2.
SSL (Secure Socket Layer)
supports Fortezza algorithm.
TLS (Transport Layer Security) does not
support Fortezza algorithm.
3.
SSL (Secure Socket Layer) is the 3.0
version. TLS (Transport Layer Security) is the 1.0 version.
14. 4.
In SSL( Secure Socket Layer), Message
digest is used to create master secret.
In TLS(Transport Layer Security), Pseudo-random
function is used to create master secret.
5.
In SSL( Secure Socket Layer), Message
Authentication Code protocol is used.
In TLS(Transport Layer Security), Hashed Message
Authentication Code protocol is used.
6.
SSL (Secure Socket Layer) is complex than
TLS(Transport Layer Security). TLS (Transport Layer Security) is simple.
7.
SSL (Secure Socket Layer) is less secured as
compared to TLS(Transport Layer
Security).
TLS (Transport Layer Security) provides high
security.
Security at Network Layer-IPSec:
IPSec
IPSec stands for Internet Protocol Security.
It is a suite of protocols between two communication points across the IP network that provides data
authentication, data integrity, and confidentiality.
It was developed by Internet Engineering Task Force(IETF) in 1995.
It defines the architecture for security services for IP network traffic and gives a framework for providing
security at the IP layer, as well as the suite of protocols designed to provide security through
authentication and encryption of IP network packets.
IPsec includes the protocols that define the cryptographic algorithms used for encryption, decryption,
and authentication.
Characteristics of IPSec:
Anti-Replay Protection: IPSec assigns unique number to each packet when a packet with duplicate
sequence number is detected then it is replayed and dropped.
Data Authentication-The Hash Message Authentication Code (HMAC) verifies that the packets are not
changed.
Transparency: IPSec works below the transport layer so it is transparent to users and applications.
Confidentiality: Data packets are encrypted by the sender before transmission so the sensitive data will
only reach to intended recipient.
Dynamic Re-Keying: Re-Keying procedure at set intervals replaces manual reconfiguration of secret keys.
Advantages of IPSec:
IPSec operates at layer 3, that is the network layer, as a result it has no impact on higher network layers.
It provides transparency to application. The end-user need not to bother about the IPSec or its
configurations.
As it is implemented at the network layer, IPSec allows monitoring all the traffic that passes over the
network.
15. During any data exchange, IPSec uses a public key that helps in the safe transfer of confidential data, as
a result securing the keys ensures safe data transfer.
IPSec only requires modifications to the operating system, so IPSec based Virtual Private Networks do
not need to worry about the type of application.
Disadvantages of IPSec:
One of the greatest disadvantages of IPSec is its wide access range, giving access to a single device of
IPSec based network, can give privileges for other devices too.
IPSec causes some compatibility issues with software if software developers do not adhere to the
standards of IPSec.
IPSec has high C.P.U usage when the data packet size is small, the performance of the network diminishes
due to large overhead used by IPSec.
Security of certain algorithms used in IPSec is a concern, if someone uses broken algorithm, the server
will be at a greater risk of a hack.
Uses of IP Security –
IPsec can be used to do the following things:
To encrypt application layer data.
To provide security for routers sending routing data across the public internet.
To provide authentication without encryption, like to authenticate that the data originates from a known
sender.
To protect network data by setting up circuits using IPsec tunnelling in which all data is being sent
between the two endpoints is encrypted, as with a Virtual Private Network (VPN) connection.