You are on page 1of 17

Security services in following layer

 Application layer:
In this layer consist of three services
confidentiality , authentication , integrity.
• Transport layer:
In transport layer security services provided with
help of transport protocol.
• Network layer:
security is provided at the network layer on a host –
host basis.
• Link layer:
when security is provided on a link basis , then the
data in all frames travelling over the link receive the security
services.
Secure E-mail

 Here first we create high – level design of secure e-


mail system.
 Before designing a secure e-mail system we should
consider which security feature most desirable for
them.
 Following feature are used in secure e-mail system
1.confidentiality
2.sender authentication
3.message integrity.
Mr. A uses symmetric session key, to
send a secret e-mail to Mr. B

m Ks(.)
Ks(.) m

+ intern
et -

kB-
ks kB+ Kb+(.) (.)
(.)
Using hash function & digital
signature

m Ks(.) ka Ks(.)

com
+ internet pare
-

kB-
(.)
PGP (PRETTY GOOD PRIVACY):
 PGP is an e-mail encryption scheme that has become a de
facto standard.
 Versions of PGP are available in public domain, and then
PGP versions are PGPI 2004,zimmermann 2004.
 Depending on the version PGP software uses MD5 or SHA
for calculating the message digest.
 Sum of the symmetric key encryptions are CAST, triple-
DES, or IDEA.
 In addition PGP provides data compression.
 When PGP installed ,the software creates a public key pair
for the user..
 PGP also provide a mechanism for public key certification.
m H(.) Ka^-(.)

+ Ks(.)

- interne
t

Kb^+
(.)

cryptography , a hash function,

uses symmetric key cryptography , public key


Features of SSL
 SSL server authentication:
In this case allowing user
to confirm a server identity.
• An SSL – enabled browser maintain list of trusted
certification authorities (CAs) with public key of
CAs;.
• This feature allows the browser to authenticate the
server before the user submits a payment card
number.
• SSL client authentication:
It allowing a server to
confirm a user’s identity .
 Encrypted SSL:
information send between
browser and server.

* Its encrypted by sending software and


decrypted by receiving software.
Secure sockets layer(SSL) and Transport
layer security(TLS)
 Various mechanisms of SSL & TLS:-
1.encryption

2.authentication

3.key distribution

4.message integrity

5.digital signature.
Secure sockets layer(SSL)

 SSL developed by Netscape in 1994.


 This protocol design to provide data encryption &
authentication..
 The protocol begins with handshake phase that
indicates an encryption algorithm..
 Once handshake is completed then all the data will be
encrypted with help of session key.
 Applications:
* internet commerce , browsers and web
server.
Working of SSL

 The browser and server run the handshake


protocol which
(1)authenticates the server
(2)generates a shared symmetric key.

* These tasks make use of RSA public key


technology.
Steps for SSL handshake

 The browser sends the server browser’s SSL


version number & cryptographic preference

 The server sends the browser the server’s


SSL version , cryptographic preference and
it’s certificate.

 The browser has a list of trusted CAs and a


public key for each CA on the list.
 The browser generates a symmetric
key & encrypts with server public
key &sends to the server.
 The browser sends a informing
message to the server ..
 The server sends a informing
message to the browser..
 The SSL handshake is complete and
then the data will be encrypt
&decrypt with help of session key.
High – level overview of the handshake
phase of SSL
Bob browse Alice sends Bob
Alice’s secure her certificate
page

Bob extract
Alice’s
public key

Bob
generates a
random
symmetric Alice extract
key and the symmetric
encrypts it key
using
Limitations of SSL

 SSL was not specifically created for payment


card transaction .

 Client authorization is one of the limitations of


SSL.
Thank you