Unit 21

Security
Encryption Fundamentals:-
The process of encryption involves converting plain text (data before encryption) into ciphertext (result
after applying encryption algorithm to data) for safely storing and transmitting data using computer
technology. Encryption becomes essential when data needs to be sent while maintaining:-
• Confidentiality (only intended recipient should decrypt data)
• Authenticity (the receiver must be sure of who sent the text)
• Integrity (data must not have changed during transmission)
• Non-Repudiation (neither sender or receiver should be able to deny involvement in the transmission)
• Availability (the receiver should not be prevented from receiving transmission)
Encryption Algorithm must be public whereas the Encryption Key must be secret.

In Symmetric Encryption only ONE key is used to both encrypt and decrypt data. This key must be
kept secret and that is why there must be a secure method to make sure that both and sender and
receiver are provided with a key (key distribution problem).

In Asymmetric Encryption the receiver must have two keys (a public key and private key). The the
receiver will send the public key to the sender using which a message will be encrypted and sent.
The receiver will then use a private key (which is only known to receiver) to decrypt the message.
Both public key and private key are matched pair that is why only the intended receiver can
decrypt the message. For two way communication both sender and receiver need private keys while
sending matching public keys to the other person.

For the key to be effective the encryption algorithm must be complex and the number of bits used
to define the key must be large (for example a 128 bit key).
Digital Signatures:-
A mathematical technique to authenticate and validate
the integrity of a message. Using Digital Signatures
we can assure that a message was sent by a particular
sender only. If Digital Signatures are not used, data
can be altered and also the sender can also be
manipulated.
• Programs like emails create a ONE WAY Hash value
of the data that is to be signed (This is also
known as the Digest).
• This Hash is encrypted using a Private Key.
• The Digital Signature (Encrypted Hash + Hashing
Algo) is appended with the actual data and sent to
the verifier/receiver.
• The verifier decrypts the Hash Value to get the
digest using Public Key and uses the hashing algo
to re-create the Hash Value/Digest. Both recreated
and sent Hash Values are compared if they are same
then the Digital Signature is valid else it is
invalid.

Digital Signature is used to verify that the message is sent by the known user and not
modified, while Digital Certificate is used to verify the identity of the user, maybe
sender or receiver. Both are used for security. Most websites use digital certificate to
enhance trust of their users.
Digital Certificates:-
The authenticity only confirms to the receiver that the message was sent from the person who had sent
them the public key. It does not consider the fact that someone might create a public key and pretend
to be someone else. more strict way of ensuring authentication is needed.

Certificates are issued by a trusted Third Party (The Certification Authority CA) which proves the
identities among both senders and receivers. Digital signature is used to attach public key with a
particular individual or an entity. A Digital Certificate contains:-
• Name of certificate holder.
• Serial number which is used to uniquely identify a certificate
• Expiration dates.
• Copy of certificate holder's public key.(used for encrypting messages and digital signatures)
• Digital Signature of the certificate issuing authority.

1 An individual (person A) who is a would-be receiver and has a

public–private key pair contacts a local CA.
2 The CA confirms the identity of person A.
3 Person A’s public key is given to the CA.
4 The CA creates a public-key certificate (a digital
certificate) and writes person A’s public key into this
document.
5 The CA uses encryption with the CA’s private key to add a
digital signature to this document.
6 The digital certificate is given to person A.
7 Person A posts the digital certificate on a website.
Secure Socket Layer (SSL) and TLS (Transport Layer Security) :-
Secure Socket Layer (SSL) is primarily applied using a Client Server infrastructure. As discussed
before, the TCP services the Application Layer through various ports.
The Combination of an IP address and Port make up a SOCKET.
The SSL serves as additional layer between the TCP in the transport layer and the Application
Layer. When the SSL layer is active the protocol goes form being HTTP to HTTPS. Apart from which
the following steps also take place:-

1. The HANDSHAKE PROTOCOL creates a session that allows the client and sever to communicate.

2. A request is made by browser for server to send its SSL certificate which is a digital
certificate confirming its identity.

3. The server sends this SSL certificate plus its public key.

4. both parties agree on encryption algorithms and session keys that are going to be used during
transmission for symmetric encryption.

5. Once the above has been established the SSL will allow for an encrypted transmission between the
client and server. The data will also be compressed and checked for integrity during the
exchange.

6. All data related to encryption is reset once the sessions is completed.

Quantum Cryptography:-
Quantum mechanics provides fundamental laws Quantum Key Distribution
of physics applicable to the behaviour of In the first phase,
particles. The particles that transmit • Alice will communicate to Bob over a quantum channel.
light are called photons. The direction • Alice begins by choosing a random string of bits and for
each photon vibrates in is called its each bit, Alice will randomly choose a basis, rectilinear
polarisation. A photon can be created with or diagonal, by which to encode the bit.
a specific polarisation to represent a • She will transmit a photon for each bit with the
value for a bit. If we allow four corresponding polarization, as just described, to Bob.
possibilities for the state of polarisation • For every photon Bob receives, he will measure the
there are two ways to represent a 1 and two photon's polarization by a randomly chosen basis.
ways to represent a 0. • If, for a particular photon, Bob chose the same basis as
Alice, then in principle, Bob should measure the same
polarization and thus he can correctly infer the bit that
Alice intended to send.
• If he chose the wrong basis, his result, and thus the bit
he reads, will be random.
In the second phase,
• Bob will notify Alice over any insecure channel what basis
he used to measure each photon.
• Alice will report back to Bob whether he chose the correct
basis for each photon.
• At this point Alice and Bob will discard the bits
corresponding to the photons which Bob measured with a
different basis.
• Bob and Alice should now both have an identical string of
bits which is called a sifted key. (this is the shared
secret)
Sender Unauthorised Listener Receiver

Sent ‘0’ Using wrong filter causes Value to be

Using Rectlinear Filter changed to ‘1’ and will be ignored.

At random the
hacker will use
Diagonal Filter

Since key has been agreed upon before it will

become evident that someone is listening in
onto the transmission.
Symmetric Encryption Technique:-
Simple Data Encryption Standard (S-DES) to be discusses
separately.

Asymmetric Encryption Technique:-

Rivest Shamir Adleman (RSA) method. Will be discussed
Separately.