SECURITY AND ENCRYPTION

Security and Encryption

Part - 3
 Digital Signature
• Signature is a proof that the document which is
received is coming from that correct verified
user/source.
• In digital signatures, they are used to verify that
the document received is coming from the correct
authentic source. It is to be noted that digital
signatures are mainly used for those documents for
which maintaining their secrecy is not a priority.
But maintaining the Authenticity is the priority.
• In order to send a document, a software is used to
produce a digital signature. The purpose of this software
is to produce a hash value(or digest) of the document.
• These days the most widely used software is SHA256
which is developed by National Security Agency (USA).
• This software uses complex mathematical algorithms and
transformations and then gives the hash value of the
document.
• This hash value is attached to the document and then the
document is encrypted using Asymmetric key encryption.
• At the receiver’s end, the document is decrypted and
then the receiver can again find out the hash value of the
same document using SHA256 software and when the
hash value is found to be same then the receiver can be
sure that the document has come from the right source.
• So, now in the whole process of sending
document using digital signatures there is still
one problem that if someone who poses as
the original sender and has access to their
computers/systems can easily send the
fraudulent document.
• This is where digital certificates come in use.
 Digital Certificate
• Authentication is the digital process of verifying that
people or entities are whom or what they claim to
be.
• Digital certificate are in effect virtual fingerprints, or
retinal scans that authenticate the identity of a
person in a concrete, verifiable way.
• A typical digital certificate is a data file or
information, digitally signed and sealed by using RSA
encryption techniques, that can be verified by
anyone and includes the following :
 Digital Certificate (cont.)
• Digital certificate: Digital document that includes:
– Name of subject or company
– Subject’s public key
– Digital certificate serial number
– Expiration date
– Issuance date
– Digital signature of certification authority (trusted third
party institution) that issues certificate
– Other identifying information
• To create a digital certificate for an individual, the
identity of the person, device, or entity that requested a
certificate must be confirmed through combination of:
– Personal Presence.
– Identification document.
• Various Certification Authorities are VeriSign, GlobalSign.
• In India we have Controller of Certifying Authorities
(CCA) and the Certifying Authorities (CAs); with CCA
being at the root of the trust chain in India.
 HTTP
• HTTP means HyperText Transfer Protocol. HTTP is the
underlying protocol used by the World Wide Web and
this protocol defines how messages are formatted and
transmitted, and what
actions Webservers and browsers should take in
response to various commands.
• For example, when you enter a URL in your browser, this
actually sends an HTTP command to the Web server
directing it to fetch and transmit the requested Web
page.
• For example, "404 File Not Found" is a common HTTP
status code. It means the Web server cannot find the file
you requested. This means the webpage or other
document you tried to load in your Web browser has
either been moved or deleted, or you entered the wrong
URL or document name.
• Knowing the meaning of the HTTP status code can help
you figure out what went wrong. On a 404 error, for
example, you could look at the URL to see if a word looks
misspelled, then correct it and try it again.
 HTTPS
•  HTTPS means Hyper Text Transfer Protocol Secure.
• Basically, it is the secure version of HTTP.
• Communications between the browser and website
are encrypted by Transport Layer Security (TLS), or its
predecessor, Secure Sockets Layer (SSL).
 Secure Sockets Layer (SSL)
• It is introduced in 1995 by Netscape as a components
of its popular Navigator browser and as a means of
providing privacy with respect to information being
transmitted between a user’s browser and the target
server, typically that of a merchant.
• It is used by the most companies to provide security
and privacy and establishes a secure session between
a browser and a server.
 Secure Sockets Layer (cont.)
• A channel is the two way communication
stream established between the browser and
the server, and the definition of a channel
security indicates three basic requirements:
– The channel is reliable.
– The channel is private.
– The channel is authenticated.
 Secure Sockets Layer (cont.)
• This encryption is preceded by a ‘data handshake’
and has two major phases:
– The first phase is used to establish private communication.
– The second phase is used for client authentication.
• Limits of SSL:
– While the possibility is less, successful cryptographic
attacks made against these technologies can render SSL
insecure.
Secure Electronic Transaction (SET)
• It is developed by Visa and Master card in 1996.
• It is more secure protocol.
• The difference between SET and widely used SSL is
that SSL does not include customer certificate
requiring special software called ‘digital wallet’ at the
client site.
• SSL is built into the browser, so no special software is
needed.
• It is build on reducing risk associated with merchant
fraud, and ensuring that the purchaser is an
authorized user of credit card.
 Secure Electronic Transaction (cont.)

• SET did not propagate as fast as most people

expected because of its complexity, slow
response time, and the need to install the
digital wallet into customer computer.
• SET seek to bolster the confidence in the
payment process by ensuring that merchant
are authorized to accept credit card payment
 Limitations of SET and SSL
• A downside of both SSL and SET protocols is that
they both require to use cryptographic algorithms
that place significant load on the computer systems
involved in commerce transactions.
• For the low and medium e-commerce applications,
there is no additional server cost to support SET over
SSL.
• For the large and medium term e-commerce server
application, support of SET requires additional
hardware acceleration resulting in 5-6% difference in
server cost.
 Firewalls
• Software combination installed on a network to control
packet traffic.
• Provides a defense between the network to be protected
and the Internet, or other network that could pose a threat
• A firewall can be implemented in either hardware or
software form, or a combination of both
• Characteristics
– All traffic from inside to outside and from
outside to inside the network must pass
through the firewall
– Only authorized traffic is allowed to pass
• Trusted networks are inside the firewall
 Types of Firewalls
• Packet-filter firewalls
– Firewalls that filter traffic based on the IP address
• Gateway servers
– Firewalls that filter traffic based on the application
requested
• In Windows and macOS, firewalls are built into the operating
system.
• Third-party firewall packages also exist, such as Zone Alarm,
Norton Personal Firewall, Tiny, Black Ice Protection, and
McAfee Personal Firewall.
 Personal Firewalls
• A personal firewall is an application which
controls network traffic to and from a computer, permitting or
denying communications based on a security policy.
• A personal firewall differs from a conventional firewall in terms
of scale.
• A personal firewall will usually protect only the computer on
which it is installed, as compared to a conventional firewall
which is normally installed on a designated interface between
two or more networks. Hence, personal firewalls allow a security
policy to be defined for individual computers, whereas a
conventional firewall controls the policy between the networks
that it connects.
 VPN
• A virtual private network is an encrypted
connection over the Internet from a device to
a network. The encrypted connection helps
ensure that sensitive data is safely
transmitted. It prevents unauthorized people
from eavesdropping on the traffic and allows
the user to conduct work remotely.  VPN
technology is widely used by various business
organizations.
• Because the traffic is encrypted between the
device and the network, traffic remains private
as it travels. An employee can work outside the
office and still securely connect to the
company’s network. Even smartphones and
tablets can connect through a VPN.
• This secure remote access provides a safe,
secure way to connect users and devices
remotely to network.
 IDS
• Keeping your network safe from intrusion is
one of the most vital parts of system and
network administration and security otherwise
it can lead potential downtime, data breaches,
and loss of customer trust.
• An intrusion detection system is a device or
software application that monitors a network
or systems for malicious activity or policy
violations. 
• Intrusion detection systems are usually a part of
other security systems or software, together with
intended to protect information systems. Firewalls
and antivirus or malware software are generally set
up on each individual device in a network, but as
organizations grow larger, more unknown or new
devices start to connect. Firewalls and anti-malware
software alone is not enough to protect an entire
network from attack. They act as one small part of
an entire security system.
 Comparison of IDS with Firewalls:
• IDS and firewall both are related to the
network security but an IDS differs from a
firewall. Firewalls restrict access between
networks to prevent intrusion and if an attack
is from inside the network it doesn’t signal an
alarm. An IDS describes a suspected intrusion
once it has happened and then signals an
alarm.
 IDS and IPS
• An IDS is an intrusion detection system, not a system
designed to respond to an attack. An IDS can be part of a
larger security tool with responses and remedies, but
the IDS itself is simply a monitoring system.
• Another kind of system is the Intrusion Prevention
System or IPS. An IPS is essentially an IDS combined with
a response or control system. IDS doesn’t alter network
packets as they come through, while the IPS will prevent
the packet from being delivered based on the contents
of the packet (e.g., if it sees the packet is malicious).
 Examples IDS
• IDS for Windows
– SolarWinds Security Event Manager
– Snort
– Suricata
– OSSEC
– Stealthwatch
– TippingPoint
• IDS for Mac
– Suricata
– Samhain
– OSSEC
– Stealthwatch
– Zeek
 PKI
• A public key infrastructure (PKI) is a set of
roles, policies, hardware, software and
procedures needed to create, manage,
distribute, use, store and revoke digital
certificates and manage public-key encryption.
• The purpose of a PKI is to facilitate the secure
electronic transfer of information for a range
of network activities such as e-commerce,
internet banking and confidential email.
• It is required for activities where simple passwords
are an inadequate authentication method and more
rigorous proof is required to confirm the identity of
the parties involved in the communication and to
validate the information being transferred.
• PKIs provide a framework that enables cryptographic
data security technologies such as digital certificates
and signatures to be effectively deployed on a mass
scale. PKIs support identity management services
within and across networks
• Although a CA is often referred to as a "trusted third
party," shortcomings in the security procedures of various
CAs in recent years has jeopardized trust in the entire PKI
on which the internet depends. If one CA is compromised,
the security of the entire PKI is at risk. For example, in
2011, Web browser vendors were forced to blacklist all
certificates issued by the Dutch CA DigiNotar after more
than 500 fake certificates were discovered.
• In 2017, Google engineers identified problems with
certificates issued through Symantec's CA business, which
led to subsequent distrust of all certificates issued by
Symantec prior to the sale of its CA business to DigiCert
last year.