Information Security Management Lectures

Chapter 1
Public Key Infrastructure (PKI)
02/19/15
Vivek Kapoor
Introduction
PKI is closely related to the ideas of asymmetric key cryptography,

mainly including message digests, digital signatures and encryption
services.( as discussed previously)
They are known as passports of web.
Here we will discuss role of certification authorities (CA) ,
registration authorities (RA) , how one CA is related to another, root
CA, self signed certificates & cross certification, validating digital
certificates, special protocols such as CRL, OCSP, SCVP , Popular
standard such as PKIX and PKCS for digital certificates and PKI.
02/19/15
Vivek Kapoor
Introduction
We have discussed the problem of key exchange (Diffie Hellman

key exchange) which can easily lead to man in the middle attack.
Thus there is a problem for key exchange in public key cryptography
also, because openly exchange of keys can lead to man in middle
attack.
This problem was solved with an idea of digital certificates.
Digital certificate is a document such as our passport or driving
license.
Digital certificate is a computer file such as vivek.cer, but in actual
practice the file extensions can be different.
Such as my passport certifies between me and my character tics,
hence digital certificate certifies between me and my public key.
Since passport is certified by a trusted agency such as government,
hence digital certificate is certified by a trusted agengy called
certification Authority (CA).
02/19/15
Vivek Kapoor
Conceptual view of my digital certificate

Fig.
Digital Certificate
Subject Name: Vivek Kapoor
Public Key: <#^&89>
Serial No.: 103467
Other Data: email-vkapoor13@yahoo.com
Valid from: 1 Jan 2001
Valid to: 31 Dec 2004
Issuer Name: VeriSign
.
02/19/15
Vivek Kapoor
Certification Authority (CA)
It is a trusted agency that issue a digital certificate.

Who can be a CA? It is someone to whom everybody trusts i.e
government, reputed organization such as post office, software
company etc.
Two of famous CAs are VeriSign and Entrust Safescrypt Limited, a
subsidiary of Satyam Infoway Ltd. (first Indian CA in 2002).
Thus Ca has an authority to issue digital certificates to individuals
who want to use digital certificates in asymmetric key cryptographic
applications.
A standard called as X.509 defines the structure of a digital
certificate. It was a part of another standard called as X.500 which
was revised twice.
The current version of standard is V3.
02/19/15
Vivek Kapoor
Contents of Digital Certificate.

Fig.
Version
Certificate Serial No.
Issuer Name
Validity ( Not Before/Not after)
Subject public key info.
Issuer Unique identifier
Subject unique identifier
Extensions
Certification Authority Digital Signature
02/19/15
Vivek Kapoor
Version 1
Version 2
Version 3
All Versions
Description of the various fields in a X.509

digital certificate Version 1/2
Version: Identifies a particular version 1,2 3.

Certificate serial No.: Unique serial no. generated by CA.
Signature Algorithm Identifier: Algorithm used by CA to sign the certificate.
Issuer Name: Distinguished Name of CA that created and signed the
certificate.
Validity (Not Before/Not after): Two date time values.
Subject Name: Person to whom certificate is issued.
Subject public key Information: Subjects public key and algorithms related
to that key.
Issuer Unique identifier: Identify a CA uniquely if two or more CAs has
used same issuer no.
Subject Unique Identifier: Identify a subject uniquely if two or more
subjects has used same issuer no.
02/19/15
Vivek Kapoor
Description of the various fields in a X.509

digital certificate Version 3
Authority key identifier: Which pair of key is used to sign this

certificate.
Subject key identifier: Subject pair of key.
Key usage: Scope of operation of public key.
Extended Key usage: Protocols this certificate can interoperate.
Private key usage period: Period limits for the private & public keys
corresponding to this certificate.
Certificate policies:
Policy Mappings: Used only when subject of a given certificate is
also a CA.
Subject alternative name: Alternatives name for the subject.
Issuer alternative name: Alternatives name for the issuer.
Subject Directory Attributes: Additional information about the
subject.
Basic constraints: Indicates weather subject in the CA may act as
CA. 02/19/15
Vivek Kapoor
8
Registration Authority (RA)
CA can delegate some of its task to some third party called

Registration Authority (RA).
Registration authority is between end user and Certification
authority (CA).
RA provider following basic services:
1) Accepting & verifying registration info. About new users.
2) Generating keys on behalf of end users.
3) Accepting & authorizing requests keys backups and recovery.
4) Accepting & authorizing requests for certificate revocation.
Due to RA CA becomes an isolated identity, which makes it less
susceptible to security level attacks.
So communication between RA & CA is highly protected.
RA is mainly set up for facilitating the interaction between end user
and the CA.
Issuing,
revocation, managementVivek
of certificates
is done by CA.
02/19/15
Kapoor
9
Certificate Creation Steps
Fig.
Key Generation
Registration
Verification
Certificate Creation
02/19/15
Vivek Kapoor
10
Certificate Creation Steps (Step 1)
a)
b)
There are two approaches for this purpose:

Subject can create private and public key pair using some
software, usually this software is a part of web browser.
Subject keep the private key secret and then sends public key
along with other information & evidences to the RA.
Alternatively RA can generate a key pair on the users or subject
behalf. This happens when subject does not know the
technicalities involved in key generation.
Major disadvantages in this approach is that RA comes to know
about user private key.
02/19/15
Vivek Kapoor
11
This step is required when user generates key in the first step.
Here subject sends public key along with other information &
evidences to the RA.
For this software provides wizard in which all users enters the data
and submits it. It is called certificate signing request.
This is one of the public key cryptographic standards which we will
study latter.
02/19/15
Vivek Kapoor
12
a)
b)
1)
2)
3)
Verification is done in two respects as follows:

RA verifies users credentials.
The second check is to ensure that user should have private key
corresponding to the public key i.e is send as a part of certificate
request. This check is called proof of possession.
Approaches for proof of possession are:
RA can demand that user must send digitally signed certificate
signing request (CSR) using his private key.
RA can create a random no. challenge encrypt it with users
public key and send it to user. If user successfully decrypt it then it
is assumed that user contains private key.
RA sends the digital certificate to the user encrypted by the user
public key. User will decrypt it using its private key & thus obtains
the certificate.
02/19/15
Vivek Kapoor
13
Assuming that all the previous steps are successful, RA passes on

all details to the CA.
CA then creates the certificate. There are programs to create the
certificate in X.509 format.
CA sends the certificate to the user and retains a copy of it. CAs
copy is maintained in certificates directory. Contents of the directory
is similar to those of telephone directory.
The directory clients can request for and access information from
central repository using Lightweight Directory Access Protocol
(LDAP).
Digital certificate is in unreadable format. An application program
actually intercepts the certificate
We can invoke internet explorer browser to view the certificate.
02/19/15
Vivek Kapoor
14
Why we should trust digital certificate?
Why we trust a passport? Because it is stamped & signed by an

authority.
We cannot trust digital certificate because it contains some
information about user and its public key.
After all digital certificate is a computer file.
Therefore I can create a digital certificate file with whatever public
key I want to use.
02/19/15
Vivek Kapoor
15
How does a CA sign a certificate?
Suppose we want to verify the digital certificate.

We will note that last field in a digital certificate is always the digital
signature of the CA.
So a digital certificate contains not only user information but also the
digital signature, like a passport is always signed by the authority.
02/19/15
Vivek Kapoor
16
Creation of the CA signature on a certificate.

Fig. Version
Issuer Name
Extensions
Certificates authority
private key
A message digest of all but

the last fields of the digital
certificate is created.
Message Digest algorithm
Encrypt
This digital signature is stored

as the last field of the digital
certificate
02/19/15
Message Digest
Digital Signature
Vivek Kapoor
17
How can we verify a digital certificate?

Version
Issuer Name
Extensions
Digital Signature
A message digest of all but

the last fields of the digital
certificate is created.
Message digest algorithm
Message Digest (MD1)
CAs public
key
Is MD1
=MD2?
Yes
Message Digest (MD2)

02/19/15
Vivek Kapoor Valid

Accept it
No
Invalid 18
Reject it
Certificate Hierarchies & Self-Signed

Certificates
Suppose Alice received Bobs certificate & she wants to verify it. For
Alice wants to design the bobs certificate using Bobs CA public key.
How will Alice know Bobs CA public key?
If their CAs are same then there is no problem ? But if they are
different then the problem arises.
To resolve this type of problem Certification Authority Hierarchy is
created. This is also called Chain of Trust. In other terms CAs are
grouped into multiple level of CA hierarchy.
CA hierarchy begins with the root CA.
The root CA has one or more 2nd level CA, which in turn have one or
more third level CAs and so on.
This type of hierarchy relieves the root CA from having to mange all
the possible digital certificates.
02/19/15
Vivek Kapoor
19

Certificates
For example one second level CA could be responsible for the

western region, other for the eastern region and so on
Each of the 2nd level CA can appoint 3rd level CA and so on
Root CA
2nd Level CA
3rd Level CA
02/19/15
2nd Level CA
3rd Level CA
2nd Level CA
3rd Level CA
Vivek Kapoor
3rd Level CA
20

Certificates
For example one second level CA could be responsible for the

western region, other for the eastern region and so on
Each of the 2nd level CA can appoint 3rd level CA and so on
Root CA
2nd Level CA A1
3rd Level CA B1
02/19/15
Alice
2nd Level CA A2
3rd Level CA B2
2nd Level CA A3
3rd Level CA B10
Vivek Kapoor
3rd Level CA B11
Bob
21

Certificates
If Alice has obtained her certificate from a third level CA & Bob has
obtained his certificate from other third level CA, How can Alice verify
Bobs certificate?
Clearly Bob in addition to his own certificate Bob will send certificate
of his CA (i.e B11) to Alice. This would tell Alice the public key of B11.
Using the public key of B11, Alice can design and verify Bobs
certificate.
Now question arises how will Alice will trust B11 certificate.
For this Alice will required A3 certificate since B11 certificate has
obtained certificate from A3 and this will go so on until it reaches the
root certificate.
The root CAs are considered to be trusted CAs, for this Alice web
browser contains pre programmed, hard coded certificate of the root
certificate
Root certificate is self signed certificate i.e root signs its owns
certificate
02/19/15
Vivek Kapoor
22

Certificates
But in actual sequence of operations Bob will send all certificates up

to the root CA in the first message to Alice. This is called Push
Model.
Alice will verify all the certificates. This is called Pull Model.
02/19/15
Vivek Kapoor
23
02/19/15
Vivek Kapoor
24
Cross Certification
It is possible that Alice & Bob live in different countries i.e their root
CAs will be different.
In fact, in one country can have multiple root CAs.
Root CAs in US are VeriSign, Thawte & US postal service.
This could lead us to the same old story of a never ending chain of
certification authority hierarchy and their validations.
Alternative to this problem is cross-certification.
Because single monolithic CA certifying every possible user in the
world is quiet unlikely. This is a concept of decentralization. Of CAs
for different countries.
It helps CAs not only to work with smaller population but also work
independently.
02/19/15
Vivek Kapoor
25
Cross Certification
Fig.
Root CA of
INDIA
Root CA of USA
2nd level CA
(A1)
2nd level CA (P1)
3rd level CA (B1)
Alice
3rd level CA
(B2)
.
02/19/15
3rd level CA
(Q1)
.
Vivek Kapoor
3rd level CA
(Q2)
Bob
26
Certificate Revocation
1)
2)
3)
Some of the common reason for the revocation of the certificates:

The holder of certificate reports that his private key is
compromised.
The CA realizes that it had made some mistake while issuing the
certificate.
The certificate holder leaves the job, and the certificate was
issued specifically while the person was in job.
For this CA must came to know about certification revocation
request.
CA must authenticate the certificate revocation requester before
accepting the revocation request, other someone will misuse it.
There are two mechanisms for Certificate revocation status
mechanisms offline and online.
02/19/15
Vivek Kapoor
27
Certificate Revocation
Fig.
Digital Certification
revocation Checks
Offline revocation status

checks
Certification revocation
List (CRL)
02/19/15
Online revocation
status checks
Online certification
validation protocol (OCSP)
Vivek Kapoor
Online certification
validation protocol (OCSP)
28
Offline certificate revocation status checks
The Certification revocation List (CRL) is the primary means of

checking the status of digital certificate offline.
CRL is a list of certificates published regularly by each CA.
It list only those certificates whose validity is not over, but they are
revoked due to some reason.
A CRL grows over a period of time.
Thus if X wants to verify Ys certificate, he has to do the following in
sequence:
# Certificate expiry check
# Signature check
# Certificate revocation check.
02/19/15
Vivek Kapoor
29
Fig.
CA: XYZ
Certification revocation List (CRL)
This CRL: 1 Jan 2002, 10.00AM
Next CRL: 12 Jan 2002, 10.00AM
Serial No.
Date
Reason
1234567
30-Dec-01
Pvt. Key Compromised
2356115
30-Dec-01
Changed job
02/19/15
Vivek Kapoor
30
Initially CA can send a one-time full up-to-date CRL to the users.

This is called base CRL.
However next time he will not send the full CRL but the changes
(called delta) to the CRL since last update.
This mechanism makes transportation of CRL file easier & reduces
network transmission overheads.
Delta CRL file contains an indicator called as delta CRL indicator
which informs user that this file is not complete.
It also contains a sequence no., which allows user to check all delta
CRLs.
CRL is a offline certification revocation status check because they
are issued periodically.
This latency is a major drawback of CRL approach.
02/19/15
Vivek Kapoor
31
Format of a CRL
Fig.
Version
Signature Algorithm identifier
Header
Fields
This update (Date and Time)

Next update (Date and Time)
User Certification Sr. No. Revocation Date CRL Entry Ext.
..
CRL Ext.
Signature
02/19/15
Vivek Kapoor
Repeating
entries
Trailer
fields
32
Offline certificate status Protocol (OCSP)
1)
2)
3)
It is used to check the validity of a digital certificate at a particular

moment.
It has following steps:
CA provides a server called as an OCSP responder. Client sends
OSCP request to find the validity of a certificate.
The OSCP responder consults X.5000 directory to see particular
certificate is valid or not.
Based on results from X.500 directory, OSCP responder sends
back digitally signed response to the client.
OSCP does not check validity of chain of certificates associated
with current certificate.
02/19/15
Vivek Kapoor
33
Offline certificate status Protocol (OCSP)

It was designed to deal with the drawbacks of OSCP.
Difference between OSCP & SCVP:
OSCP
SCVP
Client request: Sends certificate Sr. No.
Sends entire certificate
Chain of request: Given certificate is checked Intermediate certificate is
checked
Checks:
Certification revocation
Additional checks( full chain of
trust etc)
Returned Info.
Status of certificate
Additional Info. ( Proof of
revocation status,
chain of certification validation)
Additional features None
Certificate can be checked for a
backdated event
02/19/15
Vivek Kapoor
34
Certificate Types
Not all digital certificates have same status and cost. Depending on
requirements they differ.
Certificate types can be classified as follows:
# Email certificates: It includes the users email id. It is used to verify
that signer of an email message has an email id i.e is same as it
appears in users certificate.
# Server-side SSL certificates: These are for merchants who allow
buyers to purchase goods from their online website. They are issued
after careful scrutiny of merchant credentials.
# Client-side SSL certificates: It allow merchant to verify client.
# Code-signing certificates: These are used to sign java applets code
or Microsoft active X codes which are embedded over the web
page.
02/19/15
Vivek Kapoor
35
Roaming Certificates
1)
2)
3)
There is a problem of portability.

Smart cards is one technology for making it possible. But it needs
smart card readers everywhere.
A better solution is Roaming certificates. It works as follows:
The user digital certificates & private keys along with user ids &
passwords are stored in central secure server called credential
server.
User can log into any computer & authenticates himself using id &
password to the credential server.
The credential server verifies the user id & password, using
credential database. If the user is successfully authenticated, the
credential server sends the digital certificate and private key file to
the user.
02/19/15
Vivek Kapoor
36
Attribute Certificates
They are used to established relation between an entity and a set of

attributes related to the entity.
Attribute certificates can be used in authorization services that
control access to networks, databases etc as well as physical
access to buildings.
02/19/15
Vivek Kapoor
37
Protecting private keys
1)
2)
3)
4)
5)
Private key of user should be kept secret. Mechanisms for protecting

private keys are:
Password protection: Pvt. Key is stored in the hard disk of the users
computer as a disk file. The file can only be accessed with the help of
password. Any one can guess the password.
PCMCIA cards: They are chip cards. Pvt. key is stored in it. It reduces
the chances of being stolen. But for encryption pvt. Must travel from
chip to computer hard disk memory from where it can be stolen.
Tokens: Token stores pvt. Key in encrypted form. To decrypt it the user
needs one time password.
Biometrics: The pvt. Key is associated with unique charactertics of the
individual( Finger print, retina scan etc)
Smart cards: Smart card contains a computer chip, which can perform
signing & encryption. Benefit of this scheme is that pvt. Key never
leaves the card. Disadvantages are tht user has to carry smart card
with itself & there should be compatible smart card readers available
02/19/15
Vivek Kapoor
38
Multiple Key Pairs & Key Update
1)
2)
It is recommended that user must possess multiple key pairs.

One key pair should be for certificate signing, other should be for
encryption.
Following guidelines are helpful:
Pvt. Key used for signing (Non repudiation) must not be backed
up after it has archived, because there is a chance that other can
misuse it.
Pvt. key used for encryption must be backed up because
encrypted information can be recovered even at the later date.
Good security practices demand that key pairs should be updated
regularly because over a period of time they become susceptible
to cryptanalysis attacks.
02/19/15
Vivek Kapoor
39
Key Archival
Ca must plan & maintain history of the certificates & the keys of its
users.
This helps us to inquire a document which is signed way back.
It help to avert legal problems.
02/19/15
Vivek Kapoor
40
The PKIX Model
Internet Engineering Task Force (IETF) formed the Public Key

Infrastructure X.509 (PKIX) working group.
It extends the basic philosophy of the X.509 standard & specify how
digital certificates can be deployed in world of internet.
02/19/15
Vivek Kapoor
41
PKIX Services
1)
2)
3)
4)
5)
6)
7)
8)
9)
It offers following broad level services:

Registration: Where an end-entity (subject) makes itself known to CA.
Initialization: How the end-entity is sure that it is talking to right CA?
Certification: Ca creates digital certificate for the end-entity & returns it
to the end-entity, maintains a copy for its own records.
Key pair recovery: Key used for encryption are used at the later date
for decrypting old documents. Basically key archival is done.
Key generation: PKIX specifies that end-entity should be able to
generate Pvt.-Public key pairs, or CA must be able to for end-entity.
Key update: Smooth transition from one expiring key pair to a fresh
one by automatic renewal of digital certificates.
Cross-certification: End-entities certified by different CAs can cross
verify each other.
Revocation: Checking of certification status in two modes : online &
offline.
02/19/15
Vivek Kapoor
42
PKIX Architectural Model
1)
2)
3)
4)
5)
The five areas of architectural model are as follows:

X.509 V3 certificate & V2 certificate revocation list profiles: X.509
standard allows the use of various options while describing the
extensions of a digital certificate. PKIX has grouped all the options
that are deemed fit for internet users.
Operational protocols: It defines underlying protocols that provide
the transport mechanism for delivering certificates.
Management protocols: These protocols enable exchange of
information between various PKI entities (Subject, RA, CA).
Policy outlines: Outlines certificate policies & certificate practice
statements.
Time stamp & Data certification services: These are provided by
third party. Time stamp service helps that a message signed
existed at a particular date & time. Data certification services
verifies correctness of data it has received.
02/19/15
Vivek Kapoor
43
Public Key Cryptographic Standards (PKCS)
PKCS is developed by RSA laboratories with the help of

representatives of government, industry & academicians.
Main purpose of PKCS is to standardize Public Key Infrastructure
(PKI).
This would organizations to develop inter operable PKI solutions.
We will discuss important PKCS standards.
02/19/15
Vivek Kapoor
44

PKCS Standards Summary
Name
Comments
PKCS #1 RSA Cryptography
Defines the mathematical
properties
Standard
and format of RSA public and
private
keys (ASN.1-encoded in clear-text),
and
the basic algorithms and
encoding/padding schemes for performing
RSA encryption,
decryption, and producing and
verifying signatures.
PKCS #2
Withdrawn
No longer active. Covered RSA
encryption of message
digests, but was merged into PKCS #1.
PKCS #3 Diffie-Hellman Key A cryptographic protocol that allows two

Agreement Std. parties that have no prior knowledge of
each other to jointly establish a shared
secret key over an insecure
communications channel.
02/19/15
Vivek Kapoor
45
PKCS #4 Withdrawn
key
merged into PKCS #1.
PKCS #5 Password-based
Encryption Std.
No longer active. Covered RSA

syntax but was
See RFC 2898 and PBKDF2.
PKCS #6 Extended-Certificate Defines extensions to the old v1

Syntax Standard
X.509 certificate specification.
Obsolete by v3 of the same.
PKCS #7 Cryptographic Msg. Used to sign and/or encrypt messages
Syntax Standard
under a PKI. Used also for
certificate
dissemination. Formed the
basis for
S/MIME.
PKCS #8 Private-Key Info.
Used to carry private certificate key pairs
Syntax Standard. (encrypted or unencrypted).
02/19/15
Vivek Kapoor
46

PKCS #9 Selected Attribute Type Defines selected attribute types for
use in PKCS #6 extended certificates,
PKCS #7 digitally signed
messages,
PKCS #8 private-key information,
and
PKCS #10 certificatesigning requests.
PKCS #10 Certification Request Format of messages sent to a
certification Std.
authority to request
certification of
a public
key.
PKCS #11 Cryptographic Token An API defining a generic interface
Interface (Cryptoki) to cryptographic tokens (see also
Hardware Security Module).
Often
used for single sign-on and
Smartcard
02/19/15
Vivek Kapoor
47

PKCS #12 Personal Information
Defines a file format
Exchange Syntax Std. commonly used to
store private keys
with
accompanying public
key certificates, protected
with
a
password-based symmetric key.
PFX is a predecessor to
PKCS#12.
PKCS #13 Elliptic Curve Cryptography Standard
(Under
development.)
PKCS #14 Pseudo-random Number Generation (Under
development.)
02/19/15
Vivek Kapoor
48
PKCS #15 Cryptographic Token Info. Defines a standard allowing

Format Standard
users of cryptographic tokens
to identify themselves to
applications, independent of
the application's Cryptoki
implementation (PKCS #11).
02/19/15
Vivek Kapoor
49
PKCS#5-Password based encryption (PBE)

Standard
They are used to keep symmetric session key safe & protect it from
unauthorized access.
We first encrypt plain text message with the symmetric key, & then
encrypt the symmetric key with key encryption key (KEK). It protect
symmetric key from unauthorized access.
Next question is that where do we store KEK & how to protect it.
To protect KEK is to never store it anywhere.
The approach is to generate it on demand, use it for
encryption/decryption & discard it.
For this purpose, a password is used.
Password is input for key generation process (usually a message
digest algorithm) output is KEK.
Password
02/19/15
Key generation
process
Vivek Kapoor
KEK
50
PKCS#5-Password based encryption (PBE)

Standard
The drawback is that attacker can launch dictionary attack against

this scheme. Since many times password is simple English letters.
To prevent such attack apart from password two additional pieces of
information are used for key generation process. They are Salt &
iteration count.
Salt is simply a bit string which is combined with the password to
produce KEK.
Iteration count specifies no. of operations must be performed on the
combination of the password & salt to generate KEK.
Interestingly salt & iteration count are not kept secret.
So the biggest difference between this attack & previous attack is
that an attacker will not be able launch dictionary attack.
Now he has to combined each word with salt & perform Key
generation process for iteration count no. of times.
This makes task quiet difficult.
02/19/15
Vivek Kapoor
51
PKCS#8/10-Private key information

standard
It describes syntax for storing pvt. key securely so that they cannot
be attacked.
PKCS#10 describes syntax for certification requests.
Certification requests are sent to a certification authority which
transform request to an X.509 public key certificate.
02/19/15
Vivek Kapoor
52
PKCS#11-Cryptographic token interface

standard
This standard specifies the operations performed using hardware

token, such as smart card.
Smart card is smart because it contains cryptographic processor &
memory in it.
Key generation encryption or digital signature is performed directly
in the card itself.
User pvt. Cannot be copied from the card to the computer hard disc.
Small size of card makes it portable.
Just like ATM smart card need smart card readers.
02/19/15
Vivek Kapoor
53
PKCS#12-Personel information exchange

syntax
PKCS#12 standard was developed to solve the problem of

certificate & private key storage & transfer.
All web browser including internet explorer are internally PKCS#12.
02/19/15
Vivek Kapoor
54
PKCS#14-Psuedo-Random number
generation standard
Random no. generation are extremely crucial in cryptography.

This standard defines the requirements for generating random no.
In fact many programming languages are provided with the facility of
generating random no..
But they are not truly random- over a period of time we can predict
them.
Because computers are rule based machines with finite range of
generating random no.
Thus random no. are generated by external means. This process is
called psuedo-random no. generation.
02/19/15
Vivek Kapoor
55
PKCS#14-Psuedo-Random number
generation standard
There are three ways to generate Psuedo-random no. using

computer which are as follows:
Monitor hardware that generates random data: It is best but most
costliest approach of generating random no. using computers. The
generator is an electronic circuit, which is sensitive to some random
physical event, such as diode noise etc. This unpredictable
sequence is transformed into random no.
Collect random data from user interactions: Such as mouse.
Collect data from inside the computer: Data from inside the
computer which is hard to predict. This data can be system clock or
files in the disk etc
02/19/15
Vivek Kapoor
56
PKCS#15-CryptographicToken information
syntax standard
This standard provides interoperability of smart cards.

The Extensible Markup Language (XML) is center stage of the
modern world of technology.
XML is the back bone of all technologies such as web services etc.
Almost every aspect of internet programming is related with XML.
02/19/15
Vivek Kapoor
57
Thank You
-----------------------------------------------------------
02/19/15
Vivek Kapoor
58
Chapter 2
Internet Security Protocols
02/19/15
Vivek Kapoor
59
Static Web Pages
Main players in internet-based communications are web browser

(client) & web server (server).
Hyper text transfer protocol (HTTP) is used for communication
between them.
The type of web pages are used is called static web pages.
A web is created by using Hyper Text Mark Up language & stored on
to the server.
When ever user request for a page, web server sends the page
without performing any additional processing. All he has to do that it
has to locate the page on its hard disc.
They are used where contents do not change often such as
country's home page, history etc
02/19/15
Vivek Kapoor
60
Dynamic Web Pages
Sites where information changes quite often such as stock market

sites, weather sites dynamic web pages are required.
Contents of dynamic web page can change all the day. Creating
dynamic web pages requires server side programming.
1. HTTP request
4. HTTP response
Web browser
02/19/15
Web server
3. Program
executes &
produce HTML
output.
Vivek Kapoor
2. Invokes an
application
program in
response to
HTTP request
61
Active Web Pages

Fig.
1. HTTP request
2. HTTP response
contains
3. Browser interprets
HTML page & also
executes the
program.
02/19/15
HTML Page
----------------------------------------------
Vivek Kapoor
Small prog.
(Applet or
Microsoft
Active X
controls
62
Protocols & TCP/IP
Protocol software act as a universal translator between different

computers & networks.
It defines an abstract model of communication hierarchy, which is
independent of all physical character tics of computer & networks.
Intermediate nodes
Communication link
02/19/15
Vivek Kapoor
63
Protocols & TCP/IP

Fig.
Application
Application
Transport
Transport
Network
Data Link
Physical
02/19/15
Network
Network
Network
Data Link
Data Link
Data link
Physical
Physical
Physical
Vivek Kapoor
64
Protocols & TCP/IP

Fig.
L5 Data
L5 Data
Application
Transport
H4
L4 Data
L3 Data
L5 Data
Internet
H3
H2
L4 Data
Data link
011101010101010100101010
02/19/15
L5 Data
L3 Data
Physical
Vivek Kapoor
H4
H3
H2
011100000110101010110110
65
Secure Socket Layer (SSL)
It is an internet protocol used for exchange of information between

browser & server.
Developed by Netscape corporation & has three versions 2, 3, 3.1.
It is considered as an additional layer & is kept between application
& transport layer.
Here application layer data is not passed directly to transport layer,
instead it is passed to the SSL layer.
Here it performs its encryption on the data received from application
layer & add its own header called SH to the encrypted data.
Thus data from application layer is encrypted, lower level headers
are not encrypted.
If SSL encrypt lower level headers then even IP & physical
addresses of computers would be encrypted & become unreadable.
02/19/15
Vivek Kapoor
66

Fig.
Application
L5 Data
L5 data
SH
L5 Data
H4
L4 Data
L3 Data
L5 Data
SSL
L5 data
Transport
L5 Data
Internet
H3
H2
L4 Data
Data link
011101010101010100101010
SH
H4
H3
L3 Data
Physical
H2
011100000110101010110110
SSL has three sub-protocols, namely the handshake Protocol,

Record Protocol & alert Protocol.
02/19/15
Vivek Kapoor
67

1.
Handshake Protocol.
(a) Establish Security Capabilities.
Client Hello
Server Hello
(b) Server authentication & Key Exchange,
Certificate
Server Key Exchange
Certificate Request
Server Hello Done
(c) Client authentication & Key Exchange
Certificate
Client key Exchange
Certificate Verify
(d) Finish
Change Cipher Specs
Finished
02/19/15
Vivek Kapoor
68

2.
3.
Record Protocol
Fragmentation
Compression
Addition of MAC
Encryption
Append Header
Alert Protocol
Fatal Alerts
Non-Fatal Alerts
02/19/15
Vivek Kapoor
69
Working of SSL (Handshake Protocol)
1.
2.
3.
4.
Handshake protocol consists of series of messages between

client & server.
It is made up of four phases:
Establish security capabilities.
Server authentication & key exchange.
Client authentication & key exchange.
Finish.
Type
Length
Content
1 byte
3 bytes
1 or more bytes
Format of the handshake protocol message types
02/19/15
Vivek Kapoor
70
Working of SSL (Handshake Protocol

Phase:1)
The first phase of SSL handshake is to initiate a logical connection

& establish security capabilities associated with them.
This consist of two messages client hello & server hello.
They contains following parameters:
Version (SSL),
Random ( 32 bit date-time field, 48 bit random no. generated
by software inside the computer),
Session id (zero for no session, non zero for a session),
Cipher suite (Cryptographic algo. Supported such as RSA,
Deffie Hellman etc.),
Compression method.
02/19/15
Vivek Kapoor
71

Phase:2)
Process includes server authentication & key exchange.

Here client is the sole recipient of messages.
It consist of four steps: Certificate, server key exchange, certificate
request, server hello done.
Certificate : Server sends its digital certificate & entire chain leading
to root CA to the client.
Server Key Exchange: It is optional. It is used if server does not
sends its digital certificate instead it sends its
public key.
Certificate Request: Server can request for clients digital certificate.
Client certification is optional.
Server Hello Done: This indicates to client can now optionally verify
the certificates sent by server & ensure all
parameters are acceptable.
02/19/15
Vivek Kapoor
72

Phase:3)
Process includes client authentication & key exchange.

Here server is the sole recipient.
This phase consist of three steps: Certificate, client key exchange,
certificate verify.
Certificate: It is optional. It is only performed only if server has asked
for client info.
Server key exchange: Client sends info. Related to symmetric key
that both parties will use in the session. Client
creates a 48 byte pre-master secret, &
encrypts it with servers public key & sends it
to server.
Certificate verify: It is necessary only if sever has demanded client
authentication. Here client combines pre-master
secret with random no.s generated by client &
server hashing them together to produce master
02/19/15
secret which isVivek
usedKapoor
to produce symmetric key. 73

Phase:4)
Here client initiates the 4th phase which server ends.

This phase consists of four steps.
The first two messages are from client: Change cipher Specs,
Finished.
The server responds back with two identical messages: Change
cipher Specs, Finished.
02/19/15
Vivek Kapoor
74
Master Secret Generation Concept

Fig.
Pre-master
Secret
Client
Random
Server
Random
Message Digest Algorithms
Master Secret
02/19/15
Vivek Kapoor
75
Symmetric Key Generation Concept

Fig.
Master Secret
Client
Random
Server
Random
Message Digest Algorithms
Symmetric
Key
02/19/15
Vivek Kapoor
76
Fig
02/19/15
Vivek Kapoor
77
Working of SSL (Record Protocol)

Record protocol comes into picture after successful handshake is
completed between client & server.
This protocol provides two services to an SSL connection:
Confidentiality: achieved by secret key generated during handshake
protocol.
Integrity: Handshake protocol also defines shared secret key (MAC)
which is used for message integrity.
The operation of record protocol consists of following steps:
Fragmentation: Original message is broken into blocks more than or
equal to 16Kb.
Compression: Fragmented blocks are optionally compressed. It
must be loss-less compression mechanism.
Addition of MAC: MAC for each block is calculated.
02/19/15
Vivek Kapoor
78
Working of SSL (Record Protocol)

Encryption: Output of previous step is now encrypted using
symmetric key established previously in handshake
protocol.
Append header: Finally a header is generated to the encrypted
block. The header consists of following fields:
Contend Type(8 bits): Protocols.
Major Version(8 bits): Major version of SSL
protocol used.
Minor Version(8 bits): Minor version of SSL
protocol used.
Compressed length(16 bits): Specifies length of
bytes of original plain
text block.
02/19/15
Vivek Kapoor
79
Working of SSL (Alert Protocol)
Whenever client or server detects an error, the detecting party

sends an alert message to the other party.
If error is fatal then both parties will immediately close the
connections.
Other errors which are not fatal then parties will handle the error and
correct it.
Alert message consist of two bytes. If first byte consists 1 then error
is fatal otherwise it will consists of 2.
Fatal alerts are: Unexpected message, bad record MAC,
decomposition failure, handshake failure, illegal parameters.
Non-fatal alerts are: No certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired, certificate
unknown, close notify.
02/19/15
Vivek Kapoor
80
Closing & Resuming SSL Connections
Before ending the communication each part should notify the other
close notify alert & end the connection from its side.
The handshake protocol is quite complex & time consuming as it
use asymmetric key cryptography.
Thus it is desired that client-server should reuse earlier connection,
rather than going for new connection.
A SSL connection should not be used after 24 hrs in any case.
02/19/15
Vivek Kapoor
81
Secure Hyper Text Transfer Protocol

(SHTTP)
It is a set of security mechanisms defined for protecting the internet

traffic.
This includes data entry forms & internet transactions.
SHTTP support both authentication & encryption of HTTP traffic
between client & server.
It encrypt individual messages while SSL aims in making the
connection between client & server secure regardless the messages
they are exchanging.
02/19/15
Vivek Kapoor
82
Time Stamping Protocol (TSP)
TSP provides proof that a certain piece of data existed at a

particular time.
It is provided by Time Stamping Authority (TSA).
The TSP is request &response protocol similar to HTTP.
02/19/15
Vivek Kapoor
83
Secure Electronic Transaction (SET)
SET is an open encryption & security specification that is designed

for protecting credit card transactions on he internet.
Work in this area is done jointly by Master card & Visa jointly.
They are joined by IBM, Microsoft, Netscape, RSA, Tersia &
Verisign.
Need for this came from the fact that for e-commerce payment
processing software vendors are coming up with new & conflicting
standards.
To avoid these incompatibilities SET was designed.
SET is not a payment system instead it is a set of security protocols
& formats that enable users credit card payment infrastructure on
the internet in a secure manner.
02/19/15
Vivek Kapoor
84
1.
2.
3.
SET services can be summarized as follows:

Provides secure communication channel among all parties in ecommerce transaction.
Authentication by use of digital certificates.
Confidentiality, i.e information is only available to the parties
involved in a transaction, & that too when & where necessary.
SET is very complex specification.
When released it took 971 pages to describe SET.
SSL version 3 requires 63 pages to describe it.
02/19/15
Vivek Kapoor
85

Participants
Cardholder: Person itself.
Merchant: Businessman selling goods.
Issuer: Financial institution (Bank) that provides card to person.
Acquirer: It is FI that has relationship with merchant for processing

of credit card.
Payment Gateway: This task can be taken by acquirer or by an

organization as a dedicated function. It process the payment
messages on behalf of merchant.
Certification Authority (CA): Explained earlier.

02/19/15
Vivek Kapoor
86
SET Process
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Customer opens a account.

Customer receives a certificate.
Merchant receives a certificate.
Customer places an order.
Merchant is verified.
Order & payment details are sent.
Merchant requests payment authorization.
Payment gateway authorizes the payment.
Merchant confirms the order.
Merchant provides goods or services.
Merchant requests payment.
02/19/15
Vivek Kapoor
87
How SET achieves its objectives
1.
Online payment requires that customer sends its credit card info.
To the merchant.
There are two issue related to it i.e an intruder can get the no. and
use it for malicious intentions.
Second is that credit card no. is made available to the merchant
who can misuse it in future.
First issue is generally dealt by SSL, since SSL sends all the info.
In encrypted form hence an intruder cannot make any sense out
of it.
Second issue is dealt bi SET since it hides credit card information
from the merchant.
For this SET relies on the concept of digital envelope.
The following steps illustrates the idea:
SET software prepares the payment info. (PI) on cardholders
computer.
02/19/15
Vivek Kapoor
88
How SET achieves its objectives

2.
3.
4.
5.
Specific to SET card holders computer creates a one time

session key.
Using this one time session key card holders computer now
encrypts this Payment Information.
Cardholder now wraps this one time session key with the public
key of payment gateway to form digital envelope.
It sends this encrypted info. & digital envelope to the merchant,
who passes it to the payment gateway.
The merchant has access only to the encrypted info.
In order to decrypt the encrypted credit card info. He needs one
time session key which is encrypted by payment gateway public
key.
To decrypt it he needs payment gate way private key.
Thus security is provided & he cannot decrypt original credit card
info.
02/19/15
Vivek Kapoor
89
SET Internals
Major transaction supported by SET:

1. Purchase request
Initiate request.
Initiate response.
Purchase request.
Purchase response.
2. Payment authorization.
Authorization request.
Authorization response.
3. Payment capture.
Capture request.
Capture response.
02/19/15
Vivek Kapoor
90
Purchase Request (Initiate request)

Fig.
Cardholder
02/19/15
Please send digital certificates of you

& payment gateway. Here is a unique
id to identify our interaction & here is
my credit card issuers name.
Vivek Kapoor
Merchant
91
Purchase Request (Initiate response)

Fig.
Cardholder
02/19/15
Here is my transaction id & here are

the digital certificates of payment
gateway & myself.
Vivek Kapoor
Merchant
92
Purchase Request (Purchase request)
1.
Card holder after verifying the Digital Certificates creates Order

Information (OI) & Payment Information (PI).
Transaction id created by merchant is added to both OI & PI.
OI consists of references to the shopping phase between
customer & merchant.
PI consists of details such as credit card info. , purchase amount
& order description.
Card holder now prepare purchase request by generating one
time symmetric key K.
Purchase request message consist of following:
Purchase related info.: a) It consists of PI, PI & OI, OIMD.
b) All these encrypted with K.
c) Digital envelope created by encrypting
K with payment gateways public key.
02/19/15
Vivek Kapoor
93

2.
3.
Order related information: The merchant needs this info. . It

consists of OI, the signature calculated over PI & OI & PIMD.
Cardholder certificate: It contains cardholders public key.
Cardholder
02/19/15
Here is my OI & PI details. I am also

sending my digital certificate that
contains my public key, so that you &
payment gateway can decrypt the
order/payment details.
Vivek Kapoor
Merchant
94
Dual signature:
PI
MD5
PIMD
OI
MD5
OIMD
E = Card holder encrypts with its

own private key
02/19/15
Vivek Kapoor
MD5
POMD
Dual Signature (DS)
95
Cardholder sends the merchant the OI, DS & PIMD.

PIMD
+
OI
MD5
02/19/15
POMD1
OIMD
Dual Signature
(DS)
POMD1
MD5
POMD2
POMD2
Vivek Kapoor
If Yes then
accept else
reject
96
The payment gateway gets PI, DS & OIMD.

OIMD
+
PI
MD5
02/19/15
POMD1
PIMD
Dual Signature
(DS)
POMD1
MD5
POMD2
POMD2
Vivek Kapoor
If Yes then
accept else
reject
97
Purchase Request (Purchase response)
1.
2.
3.
4.
When merchant receives the purchase he does the following:

Verifies cardholder certificates.
Verify signatures created over PI & OI using cardholder public
key.
Process the order & forward the PI to payment gateway for
authorization.
Sends purchase response to the cardholder.
02/19/15
Vivek Kapoor
98
Payment Authorization
Here merchant sends the payment details to the payment gateway.

Payment gateway verifies the details & authorizes the payment.
It consists of two messages: Authorization request & Authorization
response.
Here are:
a) Purchase Information
b) Authorization Information
Merchant
c) Cardholder & my certificates
Payment
Gateway
Authorization request
02/19/15
Vivek Kapoor
99
Payment Authorization
Fig.
Validations are ok. Here are

authorization info., token info., &
my digital certificate
Payment
Gateway
Merchant
Authorization Response
02/19/15
Vivek Kapoor
100
Payment Capture (Capture Request)
It is used for obtaining payment.

It consist of two messages: Capture Request & Capture Response
I need to have payment for this

purchase. Here are transaction
id, amount, & my digital
certificate.
Payment
Gateway
Merchant
Capture Request
02/19/15
Vivek Kapoor
101
Payment Capture (Capture Response)

Fig.
Payment to you is authorized.

Here are the details. Also
enclosed is my digital certificate.
Payment
Gateway
Merchant
Capture Response
02/19/15
Vivek Kapoor
102
SET Model
Fig.
Please verify
cardholders certificate
Request for
Certificate
Merchant
Certificate
Authority (CA)
CA 1
Please verify
merchants certificate
CA 2
Merchant Certificate
Cardholders Certificate
Purchase Response
Request for
Certificate
Cardholder
Purchase Request
Authorization Request
Payment
Authorization Response Gateway
02/19/15
Vivek Kapoor
103
SSL versus SET

F
Issue
SSL
SET
Main Aim
Exchange of data in
encrypted form
E-commerce related payment

mechanism
Certification
Two parties exchange

certificates
All involved parties must be

certified by third authority
Authentication Mechanisms not very

strong
Strong mechanisms
Risk of
merchant
fraud
Possible
Not possible
Risk of
customer
fraud
Possible
Not possible
Practical
Usage
High
Low, expected to grow
02/19/15
Vivek Kapoor
104
3-D Secure Protocol
SET has one limitation, it does not prevent user from providing
someone else credit card no.
New protocol called 3-D Secure protocol helps to achieve this.
Here card holder who wish to participate in a payment transaction
has to enroll on the issuer banks Enrollment server.
At the time of 3-D secure transaction when merchant receives a
payment instruction from cardholder, he forward this request to
issuer bank.
Issuer bank ask cardholder for user id & password which was
created at the time of enrollment process.
Cardholder provides the detail which is verified by the bank.
If authenticated then it accept the card payment.
02/19/15
Vivek Kapoor
105
Electronic Money
It is also called electronic cash or digital cash for making payments

over internet.
It is money represented in form of computer files i.e physical form of
money is converted into binary form computer data.
Here customer opens a account with the bank.
When he needs $100 electronic money, he sends the e-mail to the
bank requesting for the same.
Bank authenticates the message & when sure debits customer
account for the same.
Bank sends the money as a computer file ( which contains a
extremely large random no.) to the customer.
When customer purchases some thing he sends the file to the
merchant.
Merchant in turn sends the file to the bank which verifies it, & credit
merchant account with that much of money.
02/19/15
Vivek Kapoor
106
Electronic Money (Security Mechanism)

Fig.
Bank
Customer
%^^A
$ 100
Encrypt with
banks private key
02/19/15
Encrypt with
customers private
key
Vivek Kapoor
Twice
encrypted data
107
Electronic Money (Security Mechanism)
Fig.
Customer
$ 100
%^^A
Decrypt with
customers private
key
02/19/15
Decrypt with banks

private key
Vivek Kapoor
Original
message
108
Types of electronic money

Classification based on the tracking of money.
Identified electronic money.
Anonymous electronic money.
Classification based on the involvement of the bank in the transaction.
Online electronic money.
offline electronic money.
02/19/15
Vivek Kapoor
109
Identified electronic money

Fig.
$ 100
Bank
Customer
SR 100
$ 100
Customer
Merchant
SR 100
$ 100
Merchant
Bank
SR 100
02/19/15
Vivek Kapoor
1.Bank generates the

serial no. & sends it
along with the e-money
to the customer.
2. Customer spends
the money, so the
merchant has it now.
3. Merchant en cash
the e-money from the
bank. The money still
has the same sreial no.
110
Anonymous electronic money
It is also called blind money.

Here customer creates the serial no. instead of bank.
Customer generates random no. & then multiplies it by another
huge no. ( called blinding factor).
Customer sends the resulting no., called as blinding no. to the bank.
Bank does not knows the original serial no. created by the customer.
Bank signs the blinded no. & sends it back to the customer.
Customer then uses original serial no. while doing transaction.
Here same money can be spent more than once.
02/19/15
Vivek Kapoor
111
Online/Offline money
1.
2.
3.
4.
Online money: Here money offered by the customer is acceptable

or not can be confirmed in real time.
Offline money: Here bank does not participate in transaction
between the customer & merchant.
Merchant accepts the money, but does not
validate it online. It process it at a fixed time
every day.
We have four possibilities of money:
Identified online money.
Identified offline money.
Anonymous online money.
Anonymous offline money.
02/19/15
Vivek Kapoor
112
Double Sending Problem
Here customer could arrange for anonymous e-money by using

blinded money concept.
Later it could spend it in quick succession with two different
merchants.
Here bank cannot determine which customer spent it more than
once, because of the blinding factor.
Thus anonymous money is of little use.
This problem can also occur in offline money also.
02/19/15
Vivek Kapoor
113
Email Security
Email is widely most widely used application on the internet.

RFC 822 defines a format for text email messages.
Email message consists of two portions: contents & headers.
From: John Smith (john@yahoo.com)
Headers
To: Cherry (cherry@hotmail.com)

Subject: Accepting the offer
Date: 4 March 2002
Dear Cherry
I had accepted the offer.
Body
Regards.
John
02/19/15
Vivek Kapoor
114
Email Security
Simple Mail Transfer Protocol (SMTP) is used for email

communications.
Internet
email
Sender
Senders
SMTP server
02/19/15
email
Receiver
SMTP server
Vivek Kapoor
Pull
email
Receiver
115
Email Security
Here there are two SMTP server's i.e Sender & receiver.
Based on clients request for an email transfer message, server
sends back READY FOR MAIL reply, indicating that it can accept an
email message from the client.
Client sends HELO to the server & identifies itself.
Client can now send one or more email messages to the server.
Email transfer begins with MAIL command that identifies the sender.
Recipient allocates the buffers to store the in coming message &
sends back OK response to the client. Server also sends back
response code 250.
Client now sends the list of intended recipients by one or more
RCPT commands ( one per recipient).
The server must send back a 250 OK or 550.
Client sends DATA command, informing server that client is ready to
start transmission of the email message.
02/19/15
Vivek Kapoor
116
Email Security
Server responds back with a 354 start mail input message,

indicating that it is ready to accept the email massage.
Client sends the email message & when it is over, sends the
identifier provided by the server to indicate that its transmission is
over.
Server sends back a 250 OK response.
Client sends a QUIT command to the server.
Server sends back a 221 service closing transmission channel
message, indicating that it is also closing its portion of the
connection.
02/19/15
Vivek Kapoor
117
Privacy Enhanced Mail (PEM)
It is an email security standard adopted by the internet architecture

board (IAB) to provide secure electronic mail communication over
the internet.
Encryption
02/19/15
Non
Repudiation
Vivek Kapoor
Message
integrity
118
PEM starts with a canonical conversation, which is followed by

digital signature, then by encryption & finally by Base-64 encoding.
There are three security options for sending the mail message:
Signature only (steps 1 & 2), Signature & base -64 encoding (Steps
1,2 &4), Signature & encryption & Base-64 encoding (steps 1 to 4)
1. Canonical Conversion
2. Digital Signature
3. Encryption
4. Base 64 Encoding
02/19/15
Vivek Kapoor
119

Canonical Conversion/Digital Signature
There is a possibility that sender & receiver of email message use

computers that have different architectures & operating systems.
In canonical representations regardless of the architecture & the
operating system of the sending & receiving computers, email
message travels in a uniform, independent format.
Step: 2 (Digital Signature)
Email message
MD5
10001
01010
01010
Encrypt
Digital
Signature
Senders
private key
02/19/15
Vivek Kapoor
120
Privacy Enhanced Mail (PEM) Encryption
Here original email & digital signature are encrypted together with a
symmetric key.
For this DES or IDEA is used.
02/19/15
Vivek Kapoor
121
Privacy Enhanced Mail (PEM) Base-64

encoding
It is also called Radix-64 encoding or ASCII amour i.e it transforms

binary input into printable character output.
010101011101010100101010100101010010100
01010101110101 1001010101001 101001010011
01010 0111010 01001010 0100101010
Divided into 24-bit blocks

Each 24 bit is divided into 6-bit
blocks
0101010 11010101 010101010 0101010010
02/19/15
Input bit stream
6-bit block mapped to 8-bit block
Vivek Kapoor
122
Privacy Enhanced Mail (PEM) Base-64

encoding
Fig.
0111010101011101010011100001010
01110101 010111010 1001110 0001010
34
45
Divide into four 6-bit blocks

Write their decimal equivalents
77
01110101 010111010 1001110 0001010
02/19/15
24 bit input
Map to Base64 table
Write ASCII equivalent binary
Vivek Kapoor
123
Pretty Good Privacy (PGP)
Phil Zimmerman is the father of the Pretty Good Privacy (PGP)

protocol.
PGP is simple to use, completely free, supports basic requirements
of cryptography, includes its source code & documentation.
PGP allows four security options when sending an email message:
Signature only, Signature & Base-64 only, Signature, encryption,
enveloping, Base-64 encoding.
1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base 64 Encoding
02/19/15
Vivek Kapoor
124
Secure Multipurpose Internet Mail

Extensions (S/MIME)
Traditional email systems are text based.
If we want to send multimedia files over email then MIME system
provides the functionality.
An MIME email contains normal text message along with some
special headers & formatted sections of text.
Each section consist of ASCII-encoded portion of data.
It starts with an explanation that how the data should be
interpreted/decoded at the recipient end.
Suppose sender attach a graphics file to the email message.
Figure shows that figure actually travels with the email.
Content type MIME header shows that sender has attached a .GIF
file to the message.
When open in an text format it will appear as gibberish.
Recipient email system shall recognized it as .GIF file.
02/19/15
Vivek Kapoor
125
Secure Multipurpose Internet Mail

Extensions (S/MIME)
MIME Headers:
MIME Version: Version which is used.
Content Type: Describes the data contained in the body of
message.
Content-Transfer-Encoding: Type o transformation.
Content-ID:
Content-Description:
MIME Content Types: It specifies 7 content types & 15 content sub
types.
S/MIMIE functionality:
Enveloping the data: Contains encrypted data & encryption key
encrypted with receiver's public key.
Signed data: Content & digital signature are both base 64 encoded.
Clear-signed data: Here digital signature is base 64 encoded.
Signed02/19/15
& Enveloped data:
Vivek Kapoor
126
Chapter 3
User Authentic Mechanisms
02/19/15
Vivek Kapoor
127
Introduction
One of the key aspects of cryptography or network security is

authentication.
Traditionally user ids & passwords are being used. But there are
security concerns i.e passwords travel in clear text & can be stored
in the server in clear text which can be hacked.
Modern password based authentication techniques use alternatives
such as encrypting passwords, or using something derived from the
passwords in order to protect them.
Authentication tokens add randomness to the passwords making
them more secure.
Certificate based authentication use PKI infrastructure or
technology. It is quiet strong if used correctly. Smart cards are also
used here.
Biometrics, Kerberos & single sign (SSO) mechanism is also used .
02/19/15
Vivek Kapoor
128
Authentication Basics
It is determining user before performing actual business

transactions using the system.
It is determining the identity of a person to a required level of
assurance.
Authentication is the first step in any cryptographic solution.
Unless person on the other side is authenticated there is no point in
encrypting the information flowing between them.
Whole idea of authentication is based on secrets.
For example ATM card & PIN no. is one form of authentication.
Here entity being authenticated & authenticator both share same
secret.
02/19/15
Vivek Kapoor
129
Passwords
A password is a string of alphabets, numbers & special characters

which is supposed to be known only to the entity that is being
authenticated.
It is believed that it is the most simple, least expensive mechanism
& it does not require any special hardware or software support.
Here every user in the system is assigned a user id & an initial
password.
Password is stored in the users data base against the user id on
the server.
02/19/15
Vivek Kapoor
130
Passwords (How it works?)
Step 1: Prompt for user id & password : Here application program

sends a screen to the user, prompting for the user id & password.
Step 2 : User enters user id & password: here user enters its user id
& password & press OK button. It causes user id & password to
travel in clear text to the server.
Step 3 : User id & password validation : Server uses its user
authentication program to see if this particular user id & password
combination exist there.
Step 4 : authentication result : Depending upon the success or
failure of the validation of the user id & password, the user
authentication program returns appropriate result back to the server.
Step 5 : Inform user accordingly : Depending upon the outcome
server sends back the appropriate page to the user. If successful it
then sends the application menu to the user.
02/19/15
Vivek Kapoor
131
Passwords ( Problem with this scheme)
1.
2.
3.
Problem 1 database contains passwords in clear text :

If an attacker succeeds in obtaining an access to the data base,
the whole list of user ids and passwords is available to the
attacker.
So passwords in the database must be stored in encrypted form.
Whenever user attempts to log on, on the server side, the users
password should first be encrypted the compared with the
encrypted password in the database.
Problem 2 Password travels in clear text from users computer
to the server : If an attacker breaks into the communication link
between users computer & server, the attacker can easily obtain
the clear text password.
02/19/15
Vivek Kapoor
132
Passwords (Something derived from

passwords)
Here the variation is that not to use password itself but to use
something that is derived from the password.
Here we run some algorithm on the password & store the output of
this algorithm as the (derived) password in the database.
When user wants to get authenticated, the user enters the password
& user computer performs same algorithm locally, & sends the
derived password to the server, where it is verified.
There are several requirements of this scheme:
Each time the algo. Is executed for same password, it must produce
the same output.
Output of algo. Must not provide any clue about the password.
It should be infeasible for any person to provide an incorrect
password, & yet obtain the correct derived password.
These requirements closely match MD5 or SHA-1.
02/19/15
Vivek Kapoor
133
Message digests of passwords
Step 1- Storing Digests as derived passwords in the user database.

Step 2- User authentication: When a user needs to be
authenticated, the user computes the message digests of the
password, & sends the user id & message digest of password to the
server for authentication.
Step 3- Server-side validation:
User id & message digest of password travel to the server over the
communication link.
Server passes this values to the user application program, which
validates the user id & the message digest of the password against
the database.
Server uses the result of this operation to return appropriate
message.
02/19/15
Vivek Kapoor
134
Message digests of passwords
Here attacker may not be able to use the message digest to work
backwards to retrieve the original password.
The attacker can simply listen to the communication between user &
the server involving login request-response pair.
In this he would get the user id & message digest of password.
Attacker will copy that information & submit them after some time to
the server as a new login request.
This is called replay attack because attacker simply replay the
sequence of events of a normal user.
02/19/15
Vivek Kapoor
135
Adding randomness
To improve security, we need to add a bit of unpredictability or

randomness to the earlier scheme.
Here message digest of the password is always same but exchange
of information between client & server computer is not always same.
This will ensure that replay attack is foiled.
Technique for it is:
Step 1- Storing message digests as derived passwords in the user
database.
Step 2- User sends a login request: Here user sends login request
only with her user id.
Step 3- Server creates a random challenge: Server first checks if
user id send is valid or not, if valid then server now creates a
random challenge (a random no. generated using pseudo-random
number generation technique) & sends back to the user as a plain
text.
02/19/15
Vivek Kapoor
136
Adding randomness
Step 4- User signs the random challenge with the message digest of
the password: Here message digest of the password is now used to
encrypt the random challenge received from the server.
Step 5- Server verifies the encrypted random challenge received
from the user: Server receives encrypted random challenge. In
order to verify server must perform following steps:
Server can decrypt the random challenge with the message digest
of the user password stored in the user data base . If decryption
matches the original random challenge available on the server, then
server can be assured.
Step 6- Server returns appropriate message back to the user.
Random challenges are generally 16-bit random numbers.
02/19/15
Vivek Kapoor
137
Password encryption
For security purpose we want that password should travel in

encrypted form.
For this we should provide some sort of cryptographic functionality
on the user side.
In case of internet applications, client is web browser, which does
not have special programming capabilities.
So we must resort to technologies such as Secure Socket Layer
(SSL).
Here encryption of passwords on client side & server side are
different. So server side application logic would perform the
necessary conversions between the two for verification.
02/19/15
Vivek Kapoor
138
The problems with passwords
From the system administrator point of view password based

encryption is quiet problematic.
Organizations has a number of applications, networks, shared
resources & intranets.
These applications have varying needs of security measures, & they
grow over a period of time.
Thus each resource demands its own user id & password.
Thus end user have to remember many user ids & passwords.
Password maintenance is quiet a problem.
A study shows that administrators spends about 40% of their time
creating, resetting or changing user passwords.
02/19/15
Vivek Kapoor
139
Password Policies
The password length must be at least 8 characters.

It must not contain any blanks.
There must be at least one lower case alphabet, one upper case
alphabet, one digit & one special character in the password.
The password must begin with an alphabet.
02/19/15
Vivek Kapoor
140
Authentication Tokens
A authentication token is a small device that generates random

number every time it is used.
It is of size of credit cards 7 it has following features: Processor,
LCD, Battery, Real time clock, Key pad for entering the information.
Each authentication token is pre-programmed with a unique no.
called seed or random seed.
02/19/15
Vivek Kapoor
141
Authentication Tokens
Step 1: Creation of a token:
When ever authentication token is generated, a random seed is
generated by authentication server.
This seed is stored in the users record in the user data base. User
does not know the value of seed.
Step 2: Use of token :
Authentication token automatically generates pseudorandom
numbers called one time passwords based on the seed value.
User send its user id & this pseudorandom number to the server.
Server calls the seed retrieval program which in turns establish
relationship between pseudorandom no. & seed.
Authentication token is generally protected with 4-digit pin.
Step 3 :Server sends the appropriate message back to the user.
02/19/15
Vivek Kapoor
142
Authentication Tokens Types
They are of two main types: Challenge/Response Tokens & Time

based Tokens.
Challenge/Response Tokens:
Step 1 : User sends login request
Step 2 : Server sends random challenge depending upon the
validity of user id.
Step 3 : User signs the random challenge with the message digest
of the password:
Here token accepts the random challenge send by the server &
encrypt with its seed value & result is displayed on the screen &
send to the server as login request.
Step 4 :
Server after receiving the encrypted random challenge from the user
decrypts it with the seed value compare it with random challenge it
has sent. If value matches then user is authenticated otherwise not.
02/19/15
Vivek Kapoor
143
Authentication Tokens Types
Step 5 : Server sends an appropriate message to the user.

The problem with this scheme is that if we use 128 bit seed then
encrypted seed will also be of 128 bit or 16 characters.
For user to read 16 characters from the LCD screen it quiet difficult.
Alternate to it is that instead of encryption message digest of
predetermine length is calculated.
Here there is one more problem that user has to make three entries,
hence he can make an error.
02/19/15
Vivek Kapoor
144
Time based tokens

Here previous disadvantages are addressed.
Step 1: Password generation & login request:
Here password is generate on the user side using two parameters
i.e seed & current system time & sends to the server.
Token automatically generates password using these two values in
every 60 seconds.
Step 2: Server side verification:
Server performs independent cryptographic function on users seed
value & current system time to generate its version of password, if
two values match, it is consider as valid one.
Step 3: Sever sends an appropriate message to the user
Due to its automated nature it is most commonly used.
But What happens if window of 60 seconds is crossed.
Then here every time the window is crossed users computer sends
new login request by advancing its time by 1 minute.
02/19/15
Vivek Kapoor
145
Certificate Based Authentication
It is stronger than all other authentication techniques. Here user

know something (Certificate) & not know something (Password).
Step 1: Creation, storage & distribution of digital certificates: Here
user id, private key, copy of digital certificate is stored in the user
database.
Step 2: Login request: Here user only sends user id to the server.
Step 3: Server creates a random challenge: Here the random
challenge travels as a plain text from server to users computer.
Step 4: User signs the random challenge: It signs it with his private
key & sends it to the server. Server obtains public key of the user
from its database. It then decrypts signed random challenge send
from user & compare it with the original random challenge.
Step 5: Server sends Appropriate message to the user: Depending
upon matching server sends he appropriate message to the user.
02/19/15
Vivek Kapoor
146
Smart Cards
In certificate based authentication smart cards are used.
Card stores digital certificates, public-private key pairs with in the
card in a tamper free fashion.
Public key & digital certificate can be exported outside.
Smart card capable of performing cryptographic functions within the
card.
If we wish to sign a 1MB document using a smart card then to copy &
perform all cryptographic functions with in the card will require 15
mins at the rate of 9600 bits per second.
So to avoid this first generate a message digest of 1MB document
outside the card then feed it to smart card for cryptographic function.
Drawback of smart cards are non availability of smart card readers,
smart card aware cryptographic services software on every
computers.
Cost of smart card & smart card readers are high.
02/19/15
Vivek Kapoor
147
Biometric Authentication
It works on human character tics, such as finger print, voice, &

pattern of lines in your iris.
The user database consists of sample of users biometric character
tics.
During authentication user is required to provide another sample of
users biometric character tics.
These two values are matched & depending upon it validation is
decided.
For example sample taken every time may not be same, such as in
case of finger print recognition finger may be dirty, or have cuts or
other marks.
To over come this problem authentication system defines two
configurable parameters: False accept ratio & False reject ratio.
Best security solution is two combine password/pin, smart card &
biometrics
02/19/15
Vivek Kapoor
148
Kerberos
It is an authentication protocol.
Basis of this protocol is another protocol called Needham-Shroeder.
Kerberos means a multi-headed dog in greek mythology (apperently
used to keep outsiders away).
Version 4 is used in practical implantations, version 5 is also out
now.
There are four parties involved in Kerberos protocol:
Alice: Client work station.
Authentication server (AS): Verifies the user during login.
Ticket Granting server (TGS): Issue tickets to certify proof of identity.
Bob: Server offering services such as network printing, file sharing,
application program etc
02/19/15
Vivek Kapoor
149
How does Kerberos Work? (Step 1)
Alice (Client) sits down at an arbitrary workstation & enters her

name.
Workstation sends her name in plain text to the Authentication
server (AS).
AS
KS + TGT
Encrypt
Output
Symmetric key
Randomly generated
User
Name
derived from Alices
session key (KS)
password (KA)
Symmetric key shared by the
Encrypt
ticket granting server (TGS)
Session Key
(KS)
TGT
KS + TGT
02/19/15
Vivek Kapoor
150
Output
Fig.
Alice
AS
After message is received, Alice work station generates symmetric

key (KA) derived from password & uses that key to extract the
session key (KS) & Ticket Granting Key (TGT).
Alice cannot open TGT since it is encrypted by key of TGS which is
shared between TGS & AS.
02/19/15
Vivek Kapoor
151
Obtaining a service granting ticket (SGT).

Request for a SGT
Output
Timestamp
Encrypt
Encrypted
Timestamp
Session Key (KS)
TGT
Bob
Output
02/19/15
Vivek Kapoor
152
TGT is encrypted by secret key of Ticket granting server (TGS).

Thus TGS can only open it.
Once TGS is satisfied with the credentials of Alice, it creates a
session key KAB, for Alice to have secure communication with Bob.
02/19/15
Vivek Kapoor
153
Output
Fig.
Alice
Bs Secret
key
KAB
Encrypt
Bob
Session
Key (KS)
KAB
Encrypt
Output
02/19/15
Vivek Kapoor
154
User contact Bob for accessing server.

Alice can now send KAB to Bob in order to enter a session with him.
To make it more secure Alice will send encrypted KAB to Bob.
To guard against replay attacks, Alice also sends the timestamp,
encrypted with Bobs secret key.
Bob acknowledges by adding 1 o the time stamp sent by Alice,
encrypts the result with KAB & send it back to the Alice.
Now Alice & Bob communicate with each other using key KAB.
02/19/15
Vivek Kapoor
155
Single Sign On (SSO)
Since Alice needs to authenticate or sign on only once, this

mechanism is called Single Sign On (SSO).
She needs to authenticate to the AS only once.
SSO is very important for corporate networks since network grows
over a period of time.
Thus multiple authentication mechanisms can be segregated into a
single, uniform authentication mechanism using SSO.
There are two broad approaches for SSO: Script based approach,
Agent based approach.
In script based approach SSO software mimics user action i.e by
simulating the user depressing keyboard keys.
In agent based approach every web server must have a piece of
software called as agent, then there must be SSO server which
interacts with the user database.
02/19/15
Vivek Kapoor
156
Thank You
-----------------------------------------------------------
02/19/15
Vivek Kapoor
157
Chapter 4
Network Security
02/19/15
Vivek Kapoor
158
Brief introduction to TCP/IP
Network security is key aspect in internet based security

mechanism.
People are only interested in application level security, but data at
lower level should be protected.
Application
SMTP
Presentation
FTP
Network
HTTP
TELNET
Session
Transport
DNS
Application
TCP
ICMP
UDP
IP
ARP
RARP
Data Link
Physical
02/19/15
Vivek Kapoor
159
TCP Segment Format
Fig.
20 to 60 bytes header consisting of the following fields

2 bytes
4 bytes
2 bytes
Source
port no.
4 bytes
Header
length
2 bytes
Checksum
Destination
port no.
6 bytes
Reserved
Sequence
no.
Ack No.
6 bytes
2 bytes
Flag
2 bytes
4 bytes
Window
Size
0 to 40 bytes
Urgent
pointer
Options
DATA
02/19/15
Vivek Kapoor
160
IP Datagram Format
Fig.
Version
(4bits)
HELEN
(4bits)
Service
Type(8bits)
Identification(16 bits)
Time to live
(8 bits)
Protocol (8 bits)
Total
Length(4bits)
Flags(3
Fragmentation
bits)
Offset (13 bits)
Header Checksum (16 bits)
Source IP address (32 bits)

Destination IP address (32bits)
Data (32 bits)
Options(32 bits)
02/19/15
Vivek Kapoor
161
Firewalls
In internet any computer can be connected to any other computer in
the world.
This is a great advantage for individuals and corporate.
But it is a nightmare for network support staff to protect the corporate
network from variety of attacks.
There is a possibility of leakage of confidential information as well as
viruses & worms can create havoc.
We encrypt the confidential info. To protect it from outside world.
To protect from outside attacks Firewall comes into the picture.
Firewall is just like a guard which checks all the in coming & outgoing
packets in the corporate network.
A firewall is a specialized version of router which it performs with the
help of additional software resources.
02/19/15
Vivek Kapoor
162
Firewalls
Fig.
Internet
Corporate Network
02/19/15
Vivek Kapoor
Firewall
163
Firewalls
All traffic inside & outside must pass through firewall.

Access to local network via firewall should be permitted.
Only traffic authorized as per local security policy should be allowed.
Firewall should render attack on itself.
There are two types of firewalls : Packet filters & Application
Gateway.
02/19/15
Vivek Kapoor
164
Firewalls ( Packet filters)
Packet filter applies a set of rules to each packet, & based on

outcome, decides to forward or discard the packet.
Packet filter is also called screening router or screening filter.
The filtering rules are based on number of fields i.e IP & TCP/UDP
destination headers, source & destination IP addresses, IP protocol
field, TCP/UDP port numbers.
A packet filter performs following functions:
Receive each packet as it arrives.
Pass the packets through a set of rules & see weather it matches
the set of rules or not.
If there is no match then take default action.
The default action may be to accept or discard all packets.
02/19/15
Vivek Kapoor
165
Advantages of packet filters are its simplicity & there fast operating
speed.
Disadvantages are difficulties in setting up packet filter rules & lack
of support for authentication.
Following types of attacks takes place in case of packet filters:
IP address spoofing: An intruder can send packet outside the
network having IP address equal to IP address with in the network.
Source routing attacks: Here attacker specify the route that a packet
should take as it moves with along the internet.
Tiny fragment attacks: IP packets pass through variety of networks
such as Ethernet, Token ring, X.25 etc. So IP packets get
fragmented each time. Attacker feels that packet filter can be fooled,
so that after fragmentation, it checks only 1st fragment & by
intentionally creating the fragments he can intrude into the system.
02/19/15
Vivek Kapoor
166
An advanced type of packet filter called dynamic packet filter or

stateful packet filter is used.
Here it allow in comming TCP packets only if they are responses to
the outgoing TCP packets that have gone through the network.
Dynamic packet filter has to maintain a list of the currently open
connections & outgoing packets in order to deal with this rule.
02/19/15
Vivek Kapoor
167
Firewalls (Application gateways)
It is also called proxy server.

It decides the flow of application level traffic.
It typically work as follows:
An internal user contacts the application gateway using TCP/IP
application.
Application gateway ask the user about the remote host which he
user wants to set up a connection for actual communication & ask for
its user id & password.
The user provides this information.
The application gateway now access the remote host on behalf of
user and passes the packets of the user to the remote host.
There is a variation called circuit gateway.
Here circuit gateway creates a new connection between itself &
remote host.
It also changes source IP address of the user to its own.
02/19/15
Vivek Kapoor
168
Firewalls (Application gateways)
User thinks that a direct connection between itself & remote host
has been established.
Thus computers from internal users are hidden from outside world.
SOCKS server is an example of the real life implementation.
Socks client runs on the internal hosts & server runs on the firewall.
Thus application gateway act as a proxy of the actual end user &
remote host.
It is more secure than packet filters.
Rather examining every packet against number of rules, here we
simply detect that weather user is allowed to work with TCP/IP
application or not.
Disadvantage is that there is a overhead in terms of connections.
There are two sets of connections: between end user & application
gateway another between application gateway & remote host.
02/19/15
Vivek Kapoor
169
Firewall configurations
Firewall is a combination of packet filter & application gateway.

Based on this there are three possible configuration of the firewall.
Screened host firewall, single-homed bastion
Screened host firewall, dual-homed bastion
Screened subnet firewall
02/19/15
Vivek Kapoor
170
Screened host firewall, single-homed bastion
It consist of packet filtering router & application gateway.
Application gateway
Packet filter
Internet
02/19/15
Vivek Kapoor
171
Screened host firewall, Dual-homed bastion
Direct connection between internal host & packet filter are avoided.
Application gateway
Packet filter
Internet
02/19/15
Vivek Kapoor
172
Screened host firewall, Dual-homed bastion
Two packet filters are used one between internet & application
gateway other between application gateway & internal network.
Packet filter
Application gateway
Packet filter
Internet
02/19/15
Vivek Kapoor
173
Demilitarized Zone (DMZ) Networks
It is used where an organization has servers which it need to make

them available to the outside world.
Internet
DMZ
Firewall
02/19/15
Vivek Kapoor
174
Limitations of firewall
Insider intrusions.
Direct internet traffic.
Virus attacks.
02/19/15
Vivek Kapoor
175

Information Security Management Lectures

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Information Security Management Lectures

Diunggah oleh

Hak Cipta:

Format Tersedia

Chapter 1

Public Key Infrastructure (PKI)

PKI is closely related to the ideas of asymmetric key cryptography,

We have discussed the problem of key exchange (Diffie Hellman

Conceptual view of my digital certificate

Certification Authority (CA)

It is a trusted agency that issue a digital certificate.

Contents of Digital Certificate.

Description of the various fields in a X.509

Version: Identifies a particular version 1,2 3.

Description of the various fields in a X.509

Authority key identifier: Which pair of key is used to sign this

Registration Authority (RA)

CA can delegate some of its task to some third party called

Certificate Creation Steps

Certificate Creation Steps (Step 1)

There are two approaches for this purpose:

Certificate Creation Steps (Step 2)

Certificate Creation Steps (Step 3)

Verification is done in two respects as follows:

Certificate Creation Steps (Step 4)

Assuming that all the previous steps are successful, RA passes on

Why we should trust digital certificate?

Why we trust a passport? Because it is stamped & signed by an

How does a CA sign a certificate?

Suppose we want to verify the digital certificate.

Creation of the CA signature on a certificate.

A message digest of all but

Message Digest algorithm

This digital signature is stored

How can we verify a digital certificate?

A message digest of all but

Message digest algorithm

Message Digest (MD1)

Message Digest (MD2)

Vivek Kapoor Valid

Certificate Hierarchies & Self-Signed

Certificate Hierarchies & Self-Signed

For example one second level CA could be responsible for the

Certificate Hierarchies & Self-Signed

For example one second level CA could be responsible for the

3rd Level CA B10

3rd Level CA B11

Certificate Hierarchies & Self-Signed

Certificate Hierarchies & Self-Signed

But in actual sequence of operations Bob will send all certificates up

2nd level CA (P1)

3rd level CA (B1)

Some of the common reason for the revocation of the certificates:

Offline revocation status

Offline certificate revocation status checks

The Certification revocation List (CRL) is the primary means of

Offline certificate revocation status checks

Pvt. Key Compromised

Offline certificate revocation status checks

Initially CA can send a one-time full up-to-date CRL to the users.

This update (Date and Time)

Offline certificate status Protocol (OCSP)

It is used to check the validity of a digital certificate at a particular

Offline certificate status Protocol (OCSP)

There is a problem of portability.

They are used to established relation between an entity and a set of

Protecting private keys

Private key of user should be kept secret. Mechanisms for protecting