Professional Documents
Culture Documents
Unit - 4
The size of encrypted text is same or lessThe size of encrypted text is more than
than the original text. the size of original text.
Diffie-Hellman Key Exchange Algorithm
The Diffie-Hellman key exchange algorithm is cryptographic method
used to secure the exchange of cryptographic keys over a potentially
insecure communication channel.
Diffie-Hellman key exchange is a specific method of exchanging keys
implemented within the field of cryptography.
The Diffie-Hellman key exchange method allows two parties that have
no prior knowledge of each other to jointly establish a shared secret key
over an insecure communications channel.
This key can then be used to encrypt subsequent communication using
a symmetric key cipher.
The symmetric (shared) key in the Diffie-Hellman protocol is K = G^(xy)
mod N.
Diffie-Hellman Key Exchange Algorithm
1. Registration
2. Initialization
3. Certification
4. Key-pair recovery
5. Key pair update
6. Revocation request
7. Cross certification
Kerberos
Kerberos is a computer network authentication protocol, which allows
individuals communicating over a non-secure network to prove their
identity to one another in a secure manner.
Initially developed by the Massachusetts Institute of Technology (MIT)
for Project Athena in the late 80s.
Now, it is default authorization technology in Microsoft Windows.
It is also implemented in other Operating Systems like Apple OS,
FreeBSD, UNIX, and LINUX.
Kerberos is primarily aimed at a client-server model, it provides mutual
authentication to both the user and the server to verify each other’s
identity.
Kerberos
Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC).
Kerberos protocol messages are protected against eavesdropping and
replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted
third party.
There are four entities involved in the Kerberos protocol:
The client workstation such as user.
Authentication Server (AS): Verifies (authenticates) the user during
login.
Ticket Granting Server (TGS): The Ticket Granting Server issues the
ticket for the Server.
Server offering services such as network printing, file sharing or an
application program.
Overview of
Kerberos
Overview of Kerberos
Step-1: User login and request services on the host. Thus user requests
for ticket-granting service.
Step-2: Authentication Server verifies user’s access right using database
and then gives ticket-granting-ticket and session key. Results are
encrypted using the Password of the user.
Step-3: The decryption of the message is done using the password then
send the ticket to Ticket Granting Server. The Ticket contains
authenticators like user names and network addresses.
Step-4: Ticket Granting Server decrypts the ticket sent by User and
authenticator verifies the request then creates the ticket for requesting
services from the Server.
Overview of Kerberos
Step-5: The user sends the Ticket and Authenticator to the Server.
Step-6: The server verifies the Ticket and authenticators then generate
access to the service. After this User can access the services.
Kerberos Version 4 Kerberos Version 5
Launched in 1980s. Launched in 1990.
It provides Ticket support. It provides ticket support with extra
facilities for forwarding, renewing and
postdating tickets.
Works on Receiver-make-Right Works on ASN.1 encoding system.
encoding system.
It doesn’t support transitive cross- It supports transitive cross-realm
realm authentication. authentication.
It uses DES for encryption. It uses any encryption techniques as
the cipher text is tagged with an
encryption identifier.
The ticket lifetime has to be specified The ticket lifetime is specified with the
in units for a lifetime of 5 minutes. freedom of arbitrary time.
Electronic Mail Security
Email security refers to the collective measures used to secure the
access and content of an email account or service.
It involves ensuring the confidentiality, integrity, and availability of
email messages, as well as safeguarding against phishing attacks, spam,
viruses, and another form of malware.
It allows an individual or organization to protect the overall access to
one or more email addresses/accounts.
SSL, TLS refers to the standard protocol used to secure email
transmission.
TLS provide a way to encrypt a communication channel between two
computers over the internet.
Pretty Good Privacy (PGP)
It was designed by Phil Zimmermann in 1991.
Pretty Good Privacy (PGP) is an encryption algorithm that provides
cryptographic privacy and authentication for data communication.
PGP was designed to provide all four aspects of security, i.e., privacy,
integrity, authentication, and non-repudiation in the sending of email.
PGP uses a combination of public-key and conventional encryption to
provide security for electronic mail message and data file.
PGP is an open source and freely available software package for email
security.
PGP provides authentication through the use of Digital Signature.
It provides confidentiality through the use of symmetric block
encryption.
S/MIME
It is secure version of MIME, aka S/MIME (Secure/Multipurpose Internet
Mail Extension).
It is used to support encryption of email messages.
S/MIME is widely accepted protocol for sending digitally signed and
encrypted messages.
It is based on MIME standard and provides the security services for
email applications: authentication, message integrity and data security.
S/MIME uses public key cryptography to sign and encrypt E-mail.
Every participant has two keys:
A private key, which is kept private.
A public key, which is available to everyone.
Previous Year Questions
2 Marks Questions:
What are the services provided by the PGP?
What is realm?
Compute 3 mod 7.
61