CRYPTO M4

CRYPTO M4

techworldthink


1.PGP

  • PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
  • PGP was designed to provide all four aspects of security, i.e., privacy, integrity, authentication, and non-repudiation in the sending of email.
  • PGP uses a digital signature (a combination of hashing and public key encryption) to provide integrity, authentication, and non-repudiation. PGP uses a combination of secret key encryption and public key encryption to provide privacy. Therefore, we can say that the digital signature uses one hash function, one secret key, and two private-public key pairs.
  • PGP is an open source and freely available software package for email security.
  • PGP provides authentication through the use of Digital Signature.
  • It provides confidentiality through the use of symmetric block encryption.
  • It provides compression by using the ZIP algorithm, and EMAIL compatibility using the radix-64 encoding scheme.

Following are the steps taken by PGP to create secure e-mail at the sender site:

  • The e-mail message is hashed by using a hashing function to create a digest.
  • The digest is then encrypted to form a signed digest by using the sender's private key, and then signed digest is added to the original email message.
  • The original message and signed digest are encrypted by using a one-time secret key created by the sender.
  • The secret key is encrypted by using a receiver's public key.
  • Both the encrypted secret key and the encrypted combination of message and digest are sent together.

PGP at the Sender site (A)

Computer Network PGP

Following are the steps taken to show how PGP uses hashing and a combination of three keys to generate the original message:

  • The receiver receives the combination of encrypted secret key and message digest is received.
  • The encrypted secret key is decrypted by using the receiver's private key to get the one-time secret key.
  • The secret key is then used to decrypt the combination of message and digest.
  • The digest is decrypted by using the sender's public key, and the original message is hashed by using a hash function to create a digest.
  • Both the digests are compared if both of them are equal means that all the aspects of security are preserved.

PGP at the Receiver site (B)

Computer Network PGP


Disadvantages of PGP Encryption

  • The Administration is difficult: The different versions of PGP complicate the administration.
  • Compatibility issues: Both the sender and the receiver must have compatible versions of PGP. For example, if you encrypt an email by using PGP with one of the encryption technique, the receiver has a different version of PGP which cannot read the data.
  • Complexity: PGP is a complex technique. Other security schemes use symmetric encryption that uses one key or asymmetric encryption that uses two different keys. PGP uses a hybrid approach that implements symmetric encryption with two keys. PGP is more complex, and it is less familiar than the traditional symmetric or asymmetric methods.
  • No Recovery: Computer administrators face the problems of losing their passwords. In such situations, an administrator should use a special program to retrieve passwords. For example, a technician has physical access to a PC which can be used to retrieve a password. However, PGP does not offer such a special program for recovery; encryption methods are very strong so, it does not retrieve the forgotten passwords results in lost messages or lost files.


Secure/Multipurpose Internet Mail Extensions (S/MIME)

MIME stands for Multipurpose Internet Mail Extensions. It is used to extend the capabilities of Internet e-mail protocols such as SMTP. The MIME protocol allows the users to exchange various types of digital content such as pictures, audio, video, and various types of documents and files in the e-mail. MIME was created in 1991 by a computer scientist named Nathan Borenstein at a company called Bell Communications.

MIME is an e-mail extension protocol, i.e., it does not operate independently, but it helps to extend the capabilities of e-mail in collaboration with other protocols such as SMTP. Since MIME was able to transfer only text written file in a limited size English language with the help of the internet. At present, it is used by almost all e-mail related service companies such as Gmail, Yahoo-mail, Hotmail.

  1. The MIME protocol supports multiple languages in e-mail, such as Hindi, French, Japanese, Chinese, etc.
  2. Images, audio, and video cannot be sent using simple e-mail protocols such as SMTP. These require MIME protocol.


S/MIME is a protocol for the secure exchange of e-mail and attached documents originally developed by RSA Security. Secure/Multipurpose Internet Mail Extensions (S/MIME) adds security to Internet e-mail based on the Simple Mail Transfer Protocol (SMTP) method and adds support for digital signatures and encryption to SMTP mail to support authentication of the sender and privacy of the communication. Note that because HTTP messages can transport MIME data, they can also use S/MIME.

S/MIME is an extension of the widely implemented Multipurpose Internet Mail Extensions (MIME) encoding standard, which defines how the body portion of an SMTP message is structured and formatted. S/MIME uses the RSA public key cryptography algorithm along with the Data Encryption Standard (DES) or Rivest-Shamir-Adleman (RSA) encryption algorithm.


IPSec Architecture

IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture include protocols, algorithms, DOI, and Key Management. All these components are very important in order to provide the three main services: 

  • Confidentiality
  • Authentication
  • Integrity

IP Security Architecture: 

 


1. Architecture: 

Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology. 

2. ESP Protocol: 

ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways: 

  • ESP with optional Authentication.
  • ESP with Authentication.

Packet Format: 

 


  • Security Parameter Index(SPI): 
  • This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server.  
  • Sequence Number: 
  • Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly.  
  • Payload Data: 
  • Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality.  
  • Padding: 
  • Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message.  
  • Next Header: 
  • Next header means the next payload or next actual data.  
  • Authentication Data 
  • This field is optional in ESP protocol packet format. 
  •  

3. Encryption algorithm: 

Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload. 

4. AH Protocol: 

AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header is implemented in one way only: Authentication along with Integrity. 

 


Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity. 

5. Authentication Algorithm: 

Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP. 

6. DOI (Domain of Interpretation): 

DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other. 

7. Key Management: 

Key Management contains the document that describes how the keys are exchanged between sender and receiver.



Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied to those payments. It uses different encryption and hashing techniques to secure payments over the internet done through credit cards. The SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT), and Netscape which provided the technology of Secure Socket Layer (SSL). 

SET protocol restricts the revealing of credit card details to merchants thus keeping hackers and thieves at bay. The SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate. 

Before discussing SET further, let’s see a general scenario of electronic transactions, which includes client, payment gateway, client financial institution, merchant, and merchant financial institution. 

 


Requirements in SET : 

The SET protocol has some requirements to meet, some of the important requirements are : 

 

  • It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is an intended user or not, and merchant authentication.
  • It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
  • It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.
  • SET also needs to provide interoperability and make use of the best security mechanisms.

Participants in SET : 

In the general scenario of online transactions, SET includes similar participants: 

  1. Cardholder – customer
  2. Issuer – customer financial institution
  3. Merchant
  4. Acquirer – Merchant financial
  5. Certificate authority – Authority that follows certain standards and issues certificates(like X.509V3) to all other participants.


SET functionalities :

  • Provide AuthenticationMerchant Authentication – To prevent theft, SET allows customers to check previous relationships between merchants and financial institutions. Standard X.509V3 certificates are used for this verification.
  • Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user or not using X.509V3 certificates.
  • Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purposes.
  • Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1,














Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org