1) The document discusses several encryption algorithms and protocols including SHA, SSL, DES, and TLS.
2) SSL is used to securely transmit data between clients and servers over TCP/IP and allows for authentication.
3) TLS establishes an encrypted connection using a handshake protocol to authenticate, agree on encryption, and generate keys before securely transmitting data.
1) The document discusses several encryption algorithms and protocols including SHA, SSL, DES, and TLS.
2) SSL is used to securely transmit data between clients and servers over TCP/IP and allows for authentication.
3) TLS establishes an encrypted connection using a handshake protocol to authenticate, agree on encryption, and generate keys before securely transmitting data.
1) The document discusses several encryption algorithms and protocols including SHA, SSL, DES, and TLS.
2) SSL is used to securely transmit data between clients and servers over TCP/IP and allows for authentication.
3) TLS establishes an encrypted connection using a handshake protocol to authenticate, agree on encryption, and generate keys before securely transmitting data.
SEA-Plaintext: This is the original message or data SHA-The algorithm takes input as a message with a SSL ➢ SSL (Secure
SSL (Secure Socket Layer) is the internet
that is fed into the algorithm as input. 2) Encryption maximum length of less than 2128 bits and security protocol that can be used for point to- algorithm: The encryption algorithm performs produces output as a 512-bit message digest. The point internet connection. SSL operate over TCP/IP various substitutions and transformations on the input is processed in 1024-bit blocks. Step 1 as shown in figure below and ensure secure data plaintext. 3) Secret key: The secret key is also input Append padding bits: The message is padded so transmissions between remote applications and to the algorithm. The exact substitutions and that its length is congruent to 896 modulo 1024 computers. ➢ With SSL - client computers and transformations performed by the algorithm [length 896 (mod 1024)]. Padding is always added, servers authenticate each other when they depend on the key. 4) Ciphertext: This is the even if the message is already of the desired length. establish communication or connectivity for secure scrambled message produced as output. It depends Step 2 Append length: A block of 128 bits is data transfers. ➢ Once after authentication is on the plaintext and the secret key. For a given appended to the message. This block is treated as successful, a secure pipe will be established message, two different keys will produce two an unsigned 128-bit integer and contains the length (logically) and data transfer take place in a different ciphertexts. 5) Decryption algorithm: This of the original message. Step 3 Initialize hash protected mode. ➢ A few practical applications of is essentially the encryption algorithm run in buffer: A 512-bit buffer is used to store both SSL include: • Securing data base access (Client- reverse. It takes the ciphertext and the same secret intermediate and final results of the hash function. server systems) • Remote banking transactions key and produces the original plaintext. Step 4 Process message in 1024-bit (128-word) (Financial Management) • Remote access and blocks: The major processing takes place in module administrative applications (Information Systems) • DES-The plaintext is 64 bits in length and the key is F of the algorithm requiring 80 rounds of On line ticket reservation and secure information 56 bits in length; longer plaintext amounts are processing. Each round takes as input the 512-bit transfer (Travel industry). processed in 64-bit blocks. The DES structure is a buffer value abcdefgh and updates the contents of minor variation of the Feistel network shown in the buffer. The output of the 80th round is added TLS -Record Protocol is a layered protocol. At each Figure 2.2. There are 16 rounds of processing. From to the input to the first round (Hi-1) to produce Hi layer, message may include fields for length, the original 56-bit key, 16 subkeys are generated, the hash code of 512 bits lengths. Step 5 Output: description and content. The record protocol takes one of which is used for each round. The process of After all N 1024-bit blocks have been processed, messages to be transmitted, fragments the data decryption with DES is essentially the same as the the output from the Nth stage is the 512-bit into manageable blocks, optionally compressed the encryption process. The rule is as follows: Use the message. data, applied a message authentication code (MAC) ciphertext as input to the DES algorithm, but use to the data, encrypt it; and transmits the result. the subkeys Ki in reverse order. That is, use K16 on VPNs offer secure communications between Received data is decrypted, verified, decompressed the first iteration, K15 on the second iteration, and network application using a public or unsecured and reassembled, and then delivered to higher level so on until K1 is used on the 16th and last iteration. medium such as the Internet through the use of clients. The TLS Handshake Protocol involves the various technologies offering user authentication, following steps: Step 1: Exchange hello messages to data integrity and access control. Site VPNs-Site agree on algorithms, exchange random values, and VPNs are used by organizations to connect remote check for session resumption. Step 2: Exchange the sites without the need for expensive leased Iines or necessary cryptographic parameters to allow the to connect two different organizations that wish to client and server to agree on a pre-master secret. communicate for some business purpose. Step 3: Exchange certificates and cryptographic Generally, the VPN connects one firewall or border information to allow the client and server to router with another firewall or border router. To authenticate themselves. Step 4: Generate a initiate the connection, one site attempts to send master secret from the premaster secret and traffic to the other. This causes the two VPN end exchanged random values. Step 5: Provide security points to initiate the VPN. The two end points will parameters to the record layer. Step 6: Allow the negotiate the parameters of the connection client and server to verify that their peer has depending on the policies of the two sites. The two calculated the same security parameters and that sites will also authenticate each other by using the handshake occurred without tempering by an some shared secret that has been preconfigured or attacker. public key certificate. Some organizations use site VPNs as backup links for leased lines. IPSec ➢ IPSec is a group of protocols developed by IETF (Internet Engineering Task Force) for CBC-In the cipher block chaining (CBC) mode, the User VPNs- The user VPNs are virtual private encryption and authentication of TCP/IP traffic. ➢ input to the encryption algorithm is the XOR of the networks between an individual user's personal It is observed that SSL protocol authenticates and current plaintext block and the preceding computer (Lap Top PC) and an organization's site or encrypts communication between clients and ciphertext block; the same key is used for each network. • The employees of an organization who servers at the Application layers. Where as IPSec block. The input to the encryption function for each would like to work from home or who would like to secures and authenticates the underlying Network plaintext block bears no fixed relationship to the access organization's internal network (called layers. It is to be noted that in a corporate LAN or plaintext block. For decryption, each cipher block is Intranet) during journey - will be using these user the internet-data packets called the Datagrams are passed through the decryption algorithm. The VPNs. • Here remote user first connects to the transmitted in an un-encrypted manner giving result is XORed with the preceding ciphertext block internet via local ISP dial-up connection, DSL line or room for hijacker or malicious attacker to tamper, to produce the plaintext block. To produce the first cable MODEM and then initiates the VPN to the forge or modify those data packets. Therefore, block of ciphertext, an initialization vector (IV) is organization site via internet with his personal IPSec is intended to safeguard these datagrams or XORed with the first block of plaintext. On computer or lap Top PC. • Consequently- the internet data packets and thereby to create a decryption, the IV is XORed with the output of the organization's site or network requests the user to secure network of computers over insecure decryption algorithm to recover the first block of authenticate and if successful, permits the user to internet channels. To accomplish these tasks-IPsec plaintext. The IV must be known to both the sender access the organization's internal network. But the make use of two protocol's services. Authentication and receiver. For maximum security, the IV should network speed and VPN response time are slower header offers connectionless integrity and data be protected as well as the key. This could be done and limited by the speed of user's internet origin authentication for IP datagrams. by sending the IV using ECB encryption. connection. Also, the VPN is handled by a separate Encapsulating security payload (ESP) offers application on the user's machine (VPN software confidentiality services that covers confidentiality CFB-First, consider encryption. The input to the installed on User Computer). • User VPN may allow of message contents and limited traffic flow encryption function is a b-bit shift register that is the organization to limit the systems or files that confidentiality. initially set to some initialization vector (IV). The the remote user can access. This limitation should leftmost (most significant) s bits of the output of be based on organization policy and depends on the encryption function are XORed with the first the capabilities of the VPN product. unit of plaintext P1 to produce the first unit of ciphertext C1, which is then transmitted. In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted. For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. Note that it is the encryption function that is used, not the decryption function. This is easily explained. Let Ss(X) be defined as the most significant s bits of X. The same reasoning holds for subsequent steps in the process.