PUBLIC KEY INFRASTRUCTURE (PKI)

Public key infrastructure is an important aspect of internet security. It is the set of technology and
processes that make up a framework of encryption to protect and authenticate digital communications.

PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the
device or user sending the digital communication. Digital certificates are issued by a trusted source, a
certificate authority (CA), and act as a type of digital passport to ensure that the sender is who they say
they are.

Public key infrastructure projects and authenticates communications between servers and users, such as
between your website (hosted on your web server) and your clients (the user trying to connect through
their browser. It can also be used for secure communications within an organization to ensure that the
messages are only visible to the sender and recipient, and they have not been tampered with in transit.

The main components of public key infrastructure include the following:

1. Certificate authority (CA): The CA is a trusted entity that issues, stores, and signs the digital
certificate. The CA signs the digital certificate with their own private key and then publishes the public
key that can be accessed upon request.
2. Registration authority (RA): The RA verifies the identity of the user or device requesting the digital
certificate. This can be a third party, or the CA can also act as the RA.
3. Certificate database: This database stores the digital certificate and its metadata, which includes how
long the certificate is valid.
4.Central directory: This is the secure location where the cryptographic keys are indexed and stored.
5. Certificate management system: This is the system for managing the delivery of certificates as well
as access to them.
6. Certificate policy: This policy outlines the procedures of the PKI. It can be used by outsiders to
determine the PKI’s trustworthiness.
Understanding how PKI works
Public key infrastructure uses asymmetric encryption methods to ensure that messages remain private
and also to authenticate the device or user sending the transmission.

Asymmetric encryption involves the use of a public and private key. A cryptographic key is a long string
of bits used to encrypt data.

The public key is available to anyone who requests it and is issued by a trusted certificate authority. This
public key verifies and authenticates the sender of the encrypted message.

The second component of a cryptographic key pair used in public key infrastructure is the private, or
secret, key. This key is kept private by the recipient of the encrypted message and used to decrypt the
transmission.

Complex algorithms are used to encrypt and decrypt public/private key pairs. The public key
authenticates the sender of the digital message, while the private key ensures that only the recipient can
open and read it.

Uses of PKI
1.Email encryption and authentication of the sender
2.Signing documents and software
3.Using database servers to secure internal communications
4.Securing web communications, such as e-commerce
5.Authentication and encryption of documents
6.Securing local networks and smart card authentication
7.Encrypting and decrypting files
8.Restricted access to VPNs and enterprise intranets
9.Secure communication between mutually trusted devices such as IoT (internet of things) devices

X.509 CERTIFICATE
X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or International
Telecommunication Union X.509 standard, in which the format of PKI certificates is defined. X.509
digital certificate is a certificate-based authentication security framework that can be used for providing
secure transaction processing and private information. These are primarily used for handling the security
and identity in computer networking and internet-based communications.

Working of X.509 Authentication Service Certificate:

The core of the X.509 authentication service is the public key certificate connected to each user. These
user certificates are assumed to be produced by some trusted certification authority and positioned in
the directory by the user or the certified authority. These directory servers are only used for providing
an effortless reachable location for all users so that they can acquire certificates. X.509 standard is built
on an IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509 certificate format
uses an associated public and private key pair for encrypting and decrypting a message.
Once an X.509 certificate is provided to a user by the certified authority, that certificate is attached to it
like an identity card. The chances of someone stealing it or losing it are less, unlike other unsecured
passwords. With the help of this analogy, it is easier to imagine how this authentication works: the
certificate is basically presented like an identity at the resource that requires authentication.

Format of X.509 Authentication Service Certificate: Generally, the certificate includes the elements
given below:
1.Version number: It defines the X.509 version that concerns the certificate.
2.Serial number: It is the unique number that the certified authority issues.
3.Signature Algorithm Identifier: This is the algorithm that is used for signing the certificate.
4.Issuer name: Tells about the X.500 name of the certified authority which signed and created the
certificate.
5.Period of Validity: It defines the period for which the certificate is valid.
6.Subject Name: Tells about the name of the user to whom this certificate has been issued.
7.Subject’s public key information: It defines the subject’s public key along with an identifier of the
algorithm for which this key is supposed to be used.
8.Extension block: This field contains additional standard information.
9.Signature: This field contains the hash code of all other fields which is encrypted by the certified
authority private key.

Applications of X.509 Authentication Service Certificate: Many protocols depend on X.509 and it
has many applications, some of them are given below:
➢ Document signing and Digital signature
➢ Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer
(SSL) certificates
 ➢ Email certificates
➢ Code signing
➢ Secure Shell Protocol (SSH) keys
➢ Digital Identities

IP SECURITY
IPSec refers to a collection of communication rules or protocols used to establish secure network
connections. Internet Protocol (IP) is the common standard that controls how data is transmitted across
the internet. IPSec enhances the protocol’s security by introducing encryption and authentication. For
example, it encrypts data at the source and then decrypts it at the destination. It also verifies the source
of the data.

IPv6: IPv6 or Internet Protocol Version 6 is a network layer protocol that allows communication to take
place over the network. IPv6 was designed by the Internet Engineering Task Force (IETF) in December
1998 with the purpose of superseding IPv4 due to the global exponentially growing internet of users.

Representation of IPv6: An IPv6 address consists of eight groups of four hexadecimal digits separated
by ‘ . ‘ and each Hex digit representing four bits so the total length of IPv6 is 128 bits. Structure given
below.
The first 48 bits represent Global Routing Prefix. The next 16 bits represent the student ID and the last
64 bits represent the host ID. The first 64 bits represent the network portion and the last 64 bits represent
the interface id.
1. Global Routing Prefix: The Global Routing Prefix is the portion of an IPv6 address that is used to
identify a specific network or subnet within the larger IPv6 internet. It is assigned by an ISP or a regional
internet registry (RIR).
2. Student Id: The portion of the address used within an organization to identify subnets. This usually
follows the Global Routing Prefix.
3. Host Id: The last part of the address, is used to identify a specific host on a network.

Types of IPv6 Address

1. Unicast Addresses: Only one interface is specified by the unicast address. A packet moves from one
host to the destination host when it is sent to a unicast address destination.
2. Multicast Addresses: It represents a group of IP devices and can only be used as the destination of a
datagram.
3. Anycast Addresses: The multicast address and the anycast address are the same. The way the anycast
address varies from other addresses is that it can deliver the same IP address to several servers or devices.
Keep in mind that the hosts do not receive the IP address. Stated differently, multiple interfaces or a
collection of interfaces are assigned an anycast address.

IPSec: IPSec (IP Security) uses two protocols to secure the traffic or data flow. These protocols are ESP
(Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture includes
protocols, algorithms, DOI, and Key Management. All these components are very important in order to
provide the three main services:
➢ Confidentiality
➢ Authentication
➢ Integrity

IP Security Architecture
1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions,
protocols, algorithms, and security requirements of IP Security technology.

2. ESP Protocol: ESP (Encapsulation Security Payload) provides a confidentiality service.

Encapsulation Security Payload is implemented in either two ways:
➢ ESP with optional Authentication.
➢ ESP with Authentication.

Packet Format

➢ Security Parameter Index (SPI): This parameter is used by Security Association. It is used to
give a unique number to the connection built between the Client and Server.
➢ Sequence Number: Unique Sequence numbers are allotted to every packet so that on the receiver
side packets can be arranged properly.
➢ Payload Data: Payload data means the actual data or the actual message. The Payload data is in
an encrypted format to achieve confidentiality.
➢ Padding: Extra bits of space are added to the original message in order to ensure confidentiality.
Padding length is the size of the added bits of space in the original message.
➢ Next Header: Next header means the next payload or next actual data.
➢ Authentication Data This field is optional in ESP protocol packet format.

3. Encryption algorithm: The encryption algorithm is the document that describes various encryption
algorithms used for Encapsulation Security Payload.

4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity

service. Authentication Header is implemented in one way only: Authentication along with Integrity.
Authentication Header covers the packet format and general issues related to the use of AH for packet
authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of documents that describe
the authentication algorithm used for AH and for the authentication option of ESP.

6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and ESP protocols. It
contains values needed for documentation related to each other.

7. Key Management: Key Management contains the document that describes how the keys are
exchanged between sender and receiver.

WEB SECURITY
SSL: SSL, or Secure Sockets Layer, is an Internet security protocol that encrypts data to keep it safe. It
was created by Netscape in 1995 to ensure privacy, authentication, and data integrity in online
communications. SSL is the older version of what we now call TLS (Transport Layer Security).

How does SSL work?

1. Encryption: SSL encrypts data transmitted over the web, ensuring privacy. If someone intercepts the
data, they will see only a jumble of characters that is nearly impossible to decode.
2. Authentication: SSL starts an authentication process called a handshake between two devices to
confirm their identities, making sure both parties are who they claim to be.
3. Data Integrity: SSL digitally signs data to ensure it hasn’t been tampered with, verifying that the data
received is exactly what was sent by the sender.

Secure Socket Layer Protocols

1. SSL Record Protocol: SSL Record provides two services to SSL connection.
➢ Confidentiality
➢ Message Integrity

In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and
then encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash
Protocol) and MD5 (Message Digest) is appended. After that encryption of the data is done and in last
SSL header is appended to the data.

2. Handshake Protocol: Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages to each other. Handshake
protocol uses four phases to complete its cycle.
Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher
suite and protocol version are exchanged for security purposes.
Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the
Server-hello-end packet.
Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol ends.

3. Change-Cipher Protocol: This protocol uses the SSL record protocol. Unless Handshake Protocol
is completed, the SSL record Output will be in a pending state. After the handshake protocol, the Pending
state is converted into the current state. Change-cipher protocol consists of a single message which is 1
byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be
copied into the current state.

4. Alert Protocol: This protocol is used to convey SSL-related alerts to the peer entity. Each message
in this protocol contains 2 bytes.

HTTPS: Hypertext Transfer Protocol Secure is a protocol that is used to communicate between the user
browser and the website. It also helps in the transfer of data. It is the secure variant of HTTP. To make
the data transfer more secure, it is encrypted. Encryption is required to ensure security while transmitting
sensitive information like passwords, contact information, etc.

How Does HTTPS Work? HTTPS establishes the communication between the browser and the web
server. It uses the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocol for
establishing communication. The new version of SSL is TLS (Transport Layer Security).
HTTPS uses the conventional HTTP protocol and adds a layer of SSL/TLS over it. The workflow of
HTTP and HTTPS remains the same, the browsers and servers still communicate with each other using
the HTTP protocol. However, this is done over a secure SSL connection. The SSL connection is
responsible for the encryption and decryption of the data that is being exchanged to ensure data safety.

Advantage of HTTPS
1. Secure Communication: HTTPS establishes a secure communication link between the communicating
system by providing encryption during transmission.
2. Data Integrity: By encrypting the data, HTTPS ensures data integrity. This implies that even if the
data is compromised at any point, the hackers won’t be able to read or modify the data being exchanged.
3. Privacy and Security: HTTPS prevents attackers from accessing the data being exchanged passively,
thereby protecting the privacy and security of the users.
4. Faster Performance: TTPS encrypts the data and reduces its size. Smaller size accounts for faster data
transmission in the case of HTTPS.

Mail Security: Email security refers to the steps where we protect the email messages and the
information that they contain from unauthorized access, and damage. It involves ensuring the
confidentiality, integrity, and availability of email messages, as well as safeguarding against phishing
attacks, spam, viruses, and another form of malware. It can be achieved through a combination of
technical and non-technical measures.

Why is email security important?

1. Protection Against Cyberattacks: Email is a top goal for cybercriminals. Malware, phishing attacks,
and other threats often arrive via email. In fact, 94% of malware is delivered through email channels1.
By implementing robust email security measures, organizations can defend against these threats.
2. Reducing Risk: Cybersecurity incidents can have devastating consequences, including financial
losses, operational disruptions, and damage to an organization’s reputation. Effective email security
helps protect your brand, reputation, and bottom line.
3. Compliance: Email security ensures compliance with data protection laws like GDPR and HIPAA.
By safeguarding sensitive information, organizations avoid legal fines and other intangible costs
associated with cyberattacks.
4. Productivity Enhancement: With email security in place, disruptions caused by threats like phishing
emails are minimized. This allows organizations to focus more on business growth and less on handling
security incidents.

Benefits of Email Security

1. Shielding Against Phishing and Spoofing Attacks: Email security isn’t just about tech jargon; it’s like
having a digital bodyguard. It helps spot and tackle threats like phishing or spoofing. These sneaky
attacks can lead to serious breaches and even unleash malware or other nasty viruses.
2. Locking Down Data: Think of email encryption as a virtual vault. It keeps sensitive info—like credit
card numbers, bank accounts, and employee details—safe from prying eyes. No more accidental leaks
or costly data breaches!
3. Whispers Only: Secure email encryption ensures that only the right people get the message. It’s like
passing a secret note in class—except the teacher won’t intercept it. Your confidential content stays
confidential.
4. Spotting the Bad Apples: Email security acts like a spam filter on steroids. It sniffs out malicious or
spammy emails that might sneak past regular defenses. No more falling for those “You’ve won a million
dollars!” scams!
5. Top-Secret Protection: Imagine your company’s secrets—intellectual property, financial records, and
classified info—wrapped in a digital force field. Email security shields them from cyber villains like
hackers and cybercriminals.
6. Real-Time Guardian: Zero-day exploits? Not on our watch! Email security solutions provide real-
time protection. It’s like having a superhero squad that fights off malware and spam before they even
knock on your inbox.
7. Locking Up Identity Theft: Email encryption keeps attackers from swiping your login credentials or
personal data. No more compromised accounts or identity theft nightmares.

PGP: Pretty Good Privacy (PGP) is an encryption software program software designed to ensure the
confidentiality, integrity, and authenticity of virtual communications and information. Developed with
the aid of Phil Zimmermann in 1991, PGP has emerged as a cornerstone of present-day cryptography,
notably regarded as one of the best methods for securing digital facts.

1. Authentication in PGP: Authentication basically means something that is used to validate something
as true or real. To login into some sites sometimes we give our account name and password, that is an
authentication verification procedure.

As shown in the above figure, the Hash Function (H) calculates the Hash Value of the message. For the
hashing purpose, SHA-1 is used and it produces a 160-bit output hash value. Then, using the sender’s
private key (KPa), it is encrypted and it’s called as Digital Signature. The Message is then appended to
the signature. All the process happened till now, is sometimes described as signing the message. Then
the message is compressed to reduce the transmission overhead and is sent over to the receiver.

At the receiver’s end, the data is decompressed and the message, signature are obtained. The signature
is then decrypted using the sender’s public key (PUa) and the hash value is obtained. The message is
again passed to hash function and its hash value is calculated and obtained.

2. Confidentiality in PGP: Sometimes we see some packages labelled as ‘Confidential’, which means
that those packages are not meant for all the people and only selected persons can see them. The same
applies to the email confidentiality as well. Here, in the email service, only the sender and the receiver
should be able to read the message, that means the contents have to be kept secret from every other
person, except for those two.

Then, the session key (Ks) itself gets encrypted through public key encryption (EP) using receiver’s
public key (KUb) . Both the encrypted entities are now concatenated and sent to the receiver.
As you can see, the original message was compressed and then encrypted initially and hence even if
anyone could get hold of the traffic, he cannot read the contents as they are not in readable form and
they can only read them if they had the session key (Ks). Even though session key is transmitted to the
receiver and hence, is in the traffic, it is in encrypted form and only the receiver’s private key (KPb)can
be used to decrypt that and thus our message would be completely safe.

At the receiver’s end, the encrypted key is decrypted using KPb and the message is decrypted with the
obtained session key. Then, the message is decompressed to obtain the M. RSA algorithm is used for
the public-key encryption and for the symmetric key encryption, CAST-128(or IDEA or 3DES) is used.

S/MIME: S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Through encryption,
S/MIME offers protection for business emails. S/MIME comes under the concept of Cryptography.
S/MIME is a protocol used for encrypting or decrypting digitally signed E-mails. This means that users
can digitally sign their emails as the owner(sender) of the e-mail.

How S/MIME Works? S/MIME enables non-ASCII data to be sent using Secure Mail Transfer
Protocol (SMTP) via email. Moreover, many data files are sent, including music, video, and image files.
This data is securely sent using the encryption method. The data which is encrypted using a public key
is then decrypted using a private key which is only present with the receiver of the E-mail. The receiver
then decrypts the message and then the message is used. In this way, data is shared using e-mails
providing an end-to-end security service using the cryptography method.

Advantages of S/MIME
➢ It offers verification.
➢ It offers integrity to the message.
➢ By the use of digital signatures, it facilitates non-repudiation of origin.
➢ It offers seclusion.
➢ Data security is ensured by the utilization of encryption.
➢ Transfer of data files like images, audio, videos, documents, etc. in a secure manner.

Services of S/MIME
➢ Digital Signature, which can maintain data integrity.
➢ S/MIME can be used in encrypting messages.
➢ By using this we can transfer our data using an e-mail without any problem.
FIREWALL
A firewall is a network security device, either hardware or software-based, which monitors all incoming
and outgoing traffic and based on a defined set of security rules accepts, rejects, or drops that specific
traffic.
➢ Accept: allow the traffic
➢ Reject: block the traffic but reply with an “unreachable error”
➢ Drop: block the traffic with no reply

A firewall is a type of network security device that filters incoming and outgoing network traffic with
security policies that have previously been set up inside an organization. A firewall is essentially the
wall that separates a private internal network from the open Internet at its very basic level.

Types of Firewalls: Firewalls can be categorized based on their generation.

1. Packet Filtering Firewall: Packet filtering firewall is used to control network access by monitoring
outgoing and incoming packets and allowing them to pass or stop based on source and destination IP
address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers). Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is
part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet
headers. Packet filtering firewall maintains a filtering table that decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be filtered according to the
following rules:

➢ Incoming packets from network 192.168.21.0 are blocked.

➢ Incoming packets destined for the internal TELNET server (port 23) are blocked.
➢ Incoming packets destined for host 192.168.21.3 are blocked.
➢ All well-known services to the network 192.168.21.0 are allowed.
2. Stateful Inspection Firewall: Stateful firewalls (performs Stateful Packet Inspection) are able to
determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.
It keeps track of the state of networks connection travelling across it, such as TCP streams. So the
filtering decisions would not only be based on defined rules, but also on packet’s history in the state
table.

3. Software Firewall: A software firewall is any firewall that is set up locally or on a cloud server.
When it comes to controlling the inflow and outflow of data packets and limiting the number of networks
that can be linked to a single device, they may be the most advantageous. But the problem with software
firewall is they are time-consuming.

4. Hardware Firewall: They also go by the name “firewalls based on physical appliances.” It guarantees
that the malicious data is halted before it reaches the network endpoint that is in danger.

5. Application Layer Firewall: Application layer firewall can inspect and filter the packets on any OSI
layer, up to the application layer. It has the ability to block specific content, also recognize when certain
application and protocols (like HTTP, FTP) are being misused. In other words, Application layer
firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either
side of the firewall, each packet has to pass through the proxy.

6. Next Generation Firewalls (NGFW): NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern
threats.

7. Proxy Service Firewall: This kind of firewall filters communications at the application layer, and
protects the network. A proxy firewall acts as a gateway between two networks for a particular
application.

8. Circuit Level Gateway Firewall: This works as the Sessions layer of the OSI Model’s. This allows
for the simultaneous setup of two Transmission Control Protocol (TCP) connections. It can effortlessly
allow data packets to flow without using quite a lot of computing power. These firewalls are ineffective
because they do not inspect data packets; if malware is found in a data packet, they will permit it to pass
provided that TCP connections are established properly.

Functions of Firewall
➢ Every piece of data that enters or leaves a computer network must go via the firewall.
➢ If the data packets are safely routed via the firewall, all of the important data remains intact.
➢ A firewall logs each data packet that passes through it, enabling the user to keep track of all
network activities.
➢ Since the data is stored safely inside the data packets, it cannot be altered.
➢ Every attempt for access to our operating system is examined by our firewall, which also blocks
traffic from unidentified or undesired sources.