Please do not share these notes on apps like WhatsApp or Telegram.

The revenue we generate from the ads we show on our website and app
funds our services. The generated revenue helps us prepare new notes
and improve the quality of existing study materials, which are
available on our website and mobile app.

If you don't use our website and app directly, it will hurt our revenue,
and we might not be able to run the services and have to close them.
So, it is a humble request for all to stop sharing the study material we
provide on various apps. Please share the website's URL instead.
Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Subject Name: Information Security Subject Code: IT 801

Subject Notes
Syllabus:
Public Key Encryption: Principles of Public Key Cryptosystems, The RSA algorithm, Key Management, Diffie-
Hellman Key Exchange, Elliptic curve cryptography; Message Authentication and Hash Functions:
Authentication requirements, Authentication Functions, Message Authentication Codes, Hash Functions,
Security of Hash Functions and MACs; Hash and MAC algorithms: Secure Hash Algorithm, HMAC; Digital
Signatures and Authentication Protocols, Digital Signature Standard
__________________________________________________________________________________________
Course Objective: The objective of this course is to familiarize the students with the fundamentals of
information security and the methods used in protecting both the information present in computer storage as
well as information traveling over computer networks.
____________________________________________________________________________________________
Course Outcome (CO3): Apply knowledge of various encryption algorithms and authentication mechanisms to
secure information in computer systems and networks.

UNIT-III
Public Key Encryption
Public key encryption, or public key cryptography, is a method of encrypting data with two different keys and
making one of the keys, the public key, available for anyone to use. The other key is known as the private key.
Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the
private key can only be decrypted with the public key. Public key encryption is also known as asymmetric
encryption. It is widely used, especially for TLS/SSL, which makes HTTPS possible.

In cryptography, a key is a piece of information used for scrambling data so that it appears random; often it's a
large number, or string of numbers and letters. When unencrypted data, also called plaintext, is put into an
encryption algorithm using the key, the plaintext comes out the other side as random-looking data. However,
anyone with the right key for decrypting the data can put it back into plaintext form.

Principles of Public Key Cryptosystems

The concept of public key cryptography evolved from an attempt to attack two of the most difficult problems
associated with symmetric encryption.
• Key distribution under symmetric key encryption requires either (1) that two communicants already
share a key, which someone has been distributed to them or (2) the use of a key distribution center.
• Digital signatures.
Public key cryptosystems
Public key algorithms rely on one key for encryption and a different but related key for decryption.
These algorithms have the following important characteristics:

• It is computationally infeasible to determine the decryption key given only the knowledge of the
cryptographic algorithm and the encryption key.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

In addition, some algorithms, such as RSA, also exhibit the following characteristic:
• Either of the two related keys can be used for encryption, with the other used for decryption.
The essential steps are the following:
• Each user generates a pair of keys to be used for encryption and decryption of messages.
• Each user places one of the two keys in a public register or other accessible file. This is the public key.
The companion key is kept private.
• If A wishes to send a confidential message to B, A encrypts the message using B‟s public key.
• When B receives the message, it decrypts using its private key. No other recipient can decrypt the
message because only B knows B‟s private key.
With this approach, all participants have access to public keys and private keys are generated locally by each
participant and therefore, need not be distributed. As long as a system controls its private key, its incoming
communication is secure.
Let the plaintext be X=[X1, X2, X3, …,Xm] where m is the number of letters in some finite alphabets. Suppose A
wishes to send a message to B. B generates a pair of keys: a public key KUb and a private key KRb. KRb is known
only to B, whereas KUb is publicly available and therefore accessible by A.
With the message X and encryption key KUb as input, A forms the cipher text
Y=[Y1, Y2, Y3, … Yn]., i.e., Y=E KUb(X)
The receiver can decrypt it using the private key KRb. i.e., X=D KRb(). The encrypted message serves as a digital
signature.
It is important to emphasize that the encryption process just described does not provide confidentiality. There
is no protection of confidentiality because any observer can decrypt the message by using the sender’s public
key.
It is however, possible to provide both the authentication and confidentiality by a double use of the public
scheme.

Figure 3.1: Public key cryptosystem

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Initially, the message is encrypted using the sender‟s private key. This provides the digital signature. Next, we
encrypt again, using the receiver‟s public key. The final ciphertext can be decrypted only by the intended
receiver, who alone has the matching private key. Thus confidentiality is provided.

RSA algorithm:

RSA algorithm is a public key encryption technique and is considered as the most secure way of encryption. It
was invented by Rivest, Shamir and Adleman in year 1978 and hence name RSA algorithm.
Algorithm
The RSA algorithm holds the following features −
• RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers.
• The integers used by this method are sufficiently large making it difficult to solve.
• There are two sets of keys in this algorithm: private key and public key.
You will have to go through the following steps to work on RSA algorithm −
Step 1: Generate the RSA modulus
The initial procedure begins with selection of two prime numbers namely p and q, and then calculating their
product N, as shown −
N=p*q

Step 2: Derived Number (e)

Consider number e as a derived number which should be greater than 1 and less than (p-1) and (q-1). The
primary condition will be that there should be no common factor of (p-1) and (q-1) except 1
Step 3: Public key
The specified pair of numbers n and e forms the RSA public key and it is made public.
Step 4: Private Key
Private Key d is calculated from the numbers p, q and e. The mathematical relationship between the numbers
is as follows −
ed = 1 mod (p-1) (q-1)
The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and q as the input
parameters.
Encryption Formula
Consider a sender who sends the plain text message to someone whose public key is (n,e). To encrypt the
plain text message in the given scenario, use the following syntax −
C = Pe mod n
Decryption Formula

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

The decryption process is very straightforward and includes analytics for calculation in a systematic approach.
Considering receiver C has the private key d, the result modulus will be calculated as −
Plaintext = Cd mod n
Generating RSA keys
The following steps are involved in generating RSA keys −

• Create two large prime numbers namely p and q. The product of these numbers will be called n, where
n= p*q
• Generate a random number which is relatively prime with (p-1) and (q-1). Let the number be called as
e.
• Calculate the modular inverse of e. The calculated inverse will be called as d.
Key Management
In cryptography it is a very tedious task to distribute the public and private key between sender and receiver.
If key is known to the third party (forger/eavesdropper) then the whole security mechanism becomes
worthless. So, there comes the need to secure the exchange of keys.
There are 2 aspects for Key Management:
1. Distribution of public keys.
2. Use of public-key encryption to distribute secret.
Distribution of Public Key:
Public key can be distributed in 4 ways: Public announcement, Publicly available directory, Public-key
authority, and Public-key certificates. These are explained as following below.
1. Public Announcement:
Here the public key is broadcasted to everyone. Major weakness of this method is forgery. Anyone can
create a key claiming to be someone else and broadcast it. Until forgery is discovered can masquerade
as claimed user.

Figure 3.2: Public Key Announcement

2. Publicly Available Directory:

In this type, the public key is stored at a public directory. Directories are trusted here, with properties

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

like Participant Registration, access and allow to modify values at any time, contains entries like {name,
public-key}.
Directories can be accessed electronically still vulnerable to forgery or tampering.
3. Public Key Authority:
It is similar to the directory but, improve security by tightening control over distribution of keys from
directory. It requires users to know public key for the directory. Whenever the keys are needed, a real-
time access to directory is made by the user to obtain any desired public key securely.
4. Public Certification:
This time authority provides a certificate (which binds identity to the public key) to allow key exchange
without real-time access to the public authority each time. The certificate is accompanied with some
other info such as period of validity, rights of use etc. All of this content is signed by the trusted Public-
Key or Certificate Authority (CA) and it can be verified by anyone possessing the authority’s public-key.
Diffie Hellman Key Exchange-

As the name suggests, This algorithm is used to exchange the secret key between the sender and the receiver.
This algorithm facilitates the exchange of secret key without actually transmitting it.

Diffie Hellman Key Exchange Algorithm-

• Private key of the sender = Xs

• Public key of the sender = Ys
• Private key of the receiver = Xr
• Public key of the receiver = Yr
Using Diffie Hellman Algorithm, the key is exchanged in the following steps-

Step-01:

• One of the parties choose two numbers ‘a’ and ‘n’ and exchange with the other party.
• ‘a’ is the primitive root of prime number ‘n’.
• After this exchange, both the parties know the value of ‘a’ and ‘n’.
Step-02:

• Both the parties already know their own private key.

• Both the parties calculate the value of their public key and exchange with each other.
Sender calculate its public key as-

Ys = aXs mod n
Receiver calculate its public key as-
Yr = aXr mod n

Step-03:
• Both the parties receive public key of each other.
• Now, both the parties calculate the value of secret key.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Sender calculates secret key as-

Secret key = (Yr)Xs mod n
Receiver calculates secret key as-
Secret key = (Ys)Xr mod n
Finally, both the parties obtain the same value of secret key.

Elliptic curve cryptography

Elliptic curve cryptography is a modern public-key encryption technique based on mathematical elliptic
curves and is well-known for creating smaller, faster, and more efficient cryptographic keys. For example,
Bitcoin uses ECC as its asymmetric cryptosystem because of its lightweight nature.
In ECC Focus on the high-level ideas that make ECC work. For the purposes of keeping this article easier to
digest, I’ll omit implementation details and mathematical proofs, we can save those for another time.
What is elliptic curve cryptography used for?
A common use of ECC is to encrypt data so that only authorized parties can decrypt it. This has several obvious
use cases but is most often used to encrypt internet traffic. For example, on the Qvault web app I could used
ECC to encrypt a verification email so that no one but the recipient can read the message.
ECC is public-key cryptography
There are many types of public-key cryptography, and Elliptic Curve Cryptography is just one flavor.
Other algorithms include RSA, Diffie-Helman, etc. Let’s go over a quick background of public-key
cryptography as a jumping-off point, so that I can discuss ECC and build on top of these ideas. By all means,
study more in-depth on public-key cryptography when you have the time.
Public-key cryptography allows the following to happen:

Figure 3.3: ECC is public-key cryptography

We create two keys, a public key, and a private key. The public key is given freely, and any party can encrypt
data by using it. However, the private key is kept secret and only those who hold it will have the ability to
decrypt data.
Message Authentication and Hash Functions
Message Authentication

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

In information security, message authentication or data origin authentication is a property that a message
has not been modified while in transit (data integrity) and that the receiving party can verify the source of
the message. Message authentication does not necessarily include the property of non-repudiation.

Message authentication is typically achieved by using message authentication codes (MACs), authenticated
encryption (AE) or digital signatures. The message authentication code, also known as digital authenticator, is
used as an integrity check based on a secret key shared by two parties to authenticate information
transmitted between them. It is based on using a cryptographic hash or symmetric encryption algorithm.
The authentication key is only shared by exactly two parties (e.g. communicating devices), and the
authentication will fail in the existence of a third party possessing the key since the algorithm will no longer
be able to detect forgeries (i.e. to be able to validate the unique source of the message).In addition, the
key must also be randomly generated to avoid its recovery through brute-force searches and related-key
attacks designed to identify it from the messages transiting the medium.

Hash Functions
Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another compressed
numerical value. The input to the hash function is of arbitrary length but output is always of fixed length.
Values returned by a hash function are called essage
m digest or simply hash values. The following picture
illustrated hash function −

Features of Hash Functions

The typical features of hash functions are −

• Fixed Length Output (Hash Value)

• Hash function coverts data of arbitrary length to a fixed length. This process is often referred to
as hashing the data.
• In general, the hash is much smaller than the input data, hence hash functions are sometimes
called compression functions.
• Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
• Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions
generate values between 160 and 512 bits.
• Efficiency of Operation
• Generally for any hash function h with input x, computation of h(x) is a fast operation.
• Computationally hash functions are much faster than a symmetric encryption.
Authentication requirements

Authentication requirements are policies that dictate how a user must authenticate before access is granted
to a protected web application.
Authentication methods are string values that are ordered in a list by preference. At runtime, the attempted
method of authentication is determined by the order of the authentication methods.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

When a user attempts to access a Ping Access web application configured with an authentication requirement
list containing the values password and certificate, Ping Access redirects the user to Ping Federate requesting
either password or certificate user authentication. Ping Federate authenticates the user based on the
password and issues an Open ID Connect (OIDC) ID token to Ping Access, containing the
authentication method that was used. Ping Access ensures that the authentication method matches the
requirements and redirects the user to the originally requested application with the Ping Access cookie
set. When the user attempts to access a more sensitive application configured with an authentication
requirement list containing the value (certificate), they are redirected to Ping Federate to authenticate with a
certificate.
You can configure applications with authentication requirement lists that have no overlap. For example, if one
list has a password and another list has a certificate, a user navigating between applications might be required
to authenticate each time they visit an application. When configuring authentication requirement lists to
protect higher value applications with step-up authentication, include stronger forms of authentication when
configuring lower value applications.
Authentication function

Any message authentication or digital signature mechanism has two levels of functionality. At the lower level,
there must be some sort of function that produces an authenticator: a value to be used to authenticate a
message. This lower-level func- tion is then used as a primitive in a higher-level authentication protocol that
enables a receiver to verify the authenticity of a message.
This section is concerned with the types of functions that may be used to pro- duce an authenticator. These
may be grouped into three classes.
Hash function: A function that maps a message of any length into a fixed- length hash value, which serves as
the authenticator
Message encryption: The ciphertext of the entire message serves as its authen- ticator Message
authentication code (MAC): A function of the message and a secret key that produces a fixed-length value
that serves as the authenticator.
Message Authentication code: MAC algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a
message to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration −

Figure3.4: MAC algorithm

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Let us now try to understand the entire process in detail −

• The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and
produces a MAC value.
• Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The
major difference between hash and MAC is that MAC uses secret key during the compression.
• The sender forwards the message along with the MAC. Here, we assume that the message is sent in
the clear, as we are concerned of providing message origin authentication, not confidentiality. If
confidentiality is required then the message needs encryption.
• On receipt of the message and the MAC, the receiver feeds the received message and the shared
secret key K into the MAC algorithm and re-computes the MAC value.
• The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If
they match, then the receiver accepts the message and assures himself that the message has been
sent by the intended sender.
• If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine
whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-
line, a receiver safely assumes that the message is not the genuine.

Message Authentication Codes

A brute-force attack on a MAC is a more difficult undertaking because it requires known message-MAC pairs..
To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h =
H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x). The
attacker can do this repeatedly off line. To proceed, we need to state the desired security property of a MAC
algorithm, which can be expressed as follows:

Computation resistance: Given one or more text-MAC pairs (xi, CK[xi]), it is computationally infeasible to
compute any text-MAC pair (x, CK( x)) for any new input x ≠xi.

In other words, the attacker would like to come up with the valid MAC code for a given message x.
There are two lines of attack possible: Attack the key space and attack the MAC value. We examine
each of these in turn.

Security of Hash Functions and MACs

Security of Hash Functions and MACs as in symmetric and public-key encryption, we can group attacks on hash
functions and MACs into two categories: brute-force attacks and cryptanalysis.

Brute-Force Attacks

The nature of brute-force attacks differs somewhat for hash functions and MACs.

Hash Functions

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

The strength of a hash function against brute-force attacks depends solely on the length of the hash code
produced by the algorithm. Recall from our discussion of hash functions that there are three
desirable properties:

• One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h.
• Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x).
• Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H(x) = H(y).
• For a hash code of length n, the level of effort required, as we have seen is proportional to the following:

Security in Message Authentication Codes (MCA)

A brute-force attack on a MAC is a more difficult undertaking because it requires known message-MAC pairs..
To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h =
H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x). The
attacker can do this repeatedly off line. To proceed, we need to state the desired security property of a MAC
algorithm, which can be expressed as follows:

Computation resistance: Given one or more text-MAC pairs (xi, CK[xi]), it is computationally infeasible to
compute any text-MAC pair (x, CK( x)) for any new input x ≠xi.

the attacker would like to come up with the valid MAC code for a given message x. There are two lines of
attack possible: Attack the key space and attack the MAC value. We examine each of these in turn.

Secure Hash and MAC algorithms:

Secure Hash Function (SHA)

Secure Hash Function (SHA) comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from
same family, there are structurally different.

• The original version is SHA-0, a 160-bit hash function, was published by the National Institute of
Standards and Technology (NIST) in 1993. It had few weaknesses and did not become very popular.
Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several widely used
applications and protocols including Secure Socket Layer (SSL) security.
• In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame making
long-term employability of SHA-1 doubtful.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

• SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512 depending up on
number of bits in their hash value. No successful attacks have yet been reported on SHA-2 hash
function.
• Though SHA-2 is a strong hash function. Though significantly different, its basic design is still follows
design of SHA-1. Hence, NIST called for new competitive hash function designs.
• In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers many
benefits, such as efficient performance and good resistance for attacks.

Secure MAC algorithms

cryptographic primitives of Secure MAC Algorithm is the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also provides message
authentication and data integrity. Let us briefly see how this is achieved by the digital signature −
• Message authentication − When the verifier validates the digital signature using public key of a sender,
he is assured that signature has been created only by sender who possess the corresponding secret
private key and no one else.
• Data Integrity − In case an attacker has access to the data and modifies it, the digital signature
verification at receiver end fails. The hash of modified data and the output provided by the verification
algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has
been breached.
• Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he
can only create unique signature on a given data. Thus the receiver can present data and the digital
signature to a third party as evidence if any dispute arises in the future.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide
the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-repudiation.

Hash based Message Authentication Code(HMAC)

HMAC algorithm stands for Hashed or Hash based Message Authentication Code. It is a result of work done on
developing a MAC derived from cryptographic hash functions. HMAC is a great resistant towards cryptanalysis
attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of Hashing and MAC, and thus is
more secure than any other authentication codes. RFC 2104 has issued HMAC, and HMAC has been made
compulsory to implement in IP security. The FIPS 198 NIST standard has also issued HMAC.

Objectives –

• As the Hash Function, HMAC is also aimed to be one way, i.e, easy to generate output from input but
complex the other way round.
• It aims at being less effected by collisions than the hash functions.
• HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the embedded hash functions
with more secure hash functions, in case found.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

• HMAC tries to handle the Keys in more simple manner.

HMAC algorithm –

The working of HMAC starts with taking a message M containing blocks of length b bits. An input signature is
padded to the left of the message and the whole is given as input to a hash function which gives us a
temporary message digest MD’. MD’ again is appended to an output signature and the whole is applied a hash
function again, the result is our final message digest MD.

Here is a simple structure of HMAC:

Figure 3.5 : structure of HMAC

Here, H stands for Hashing function,

M is original message
Si and So are input and output signatures respectively,
Yi is the ith block in original message M, where i ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing
IV is an initial vector (some constant)
The generation of input signature and output signature Si and So respectively.
To a normal hash function HMAC adds a compression instance to the processing. This structural
implementation holds efficiency for shorter MAC values.

Digital Signatures and Authentication Protocols

A digital signature is an authentication mechanism that allows the sender to attach an electronic code with the
message in order to ensure its authenticity and integrity. This electronic code acts as the signature of the
sender and, hence, is named digital signature. Digital signatures use the public-key cryptography technique.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

The sender uses his or her private key and a signing algorithm to create a digital signature, and the
signed document can be made public. The receiver, on the other hand, uses the public key of the
sender and a verifying algorithm to verify the digital signature.

Authentication Protocols

User authentication is the first most priority while responding to the request made by the user to the software
application. There are several mechanisms made which are required to authenticate the access while
providing access to the data. In this blog, we will explore the most common authentication protocols and will
try to explore their merits and demerits.

Kerberos :

Kerberos is a protocol that aids in network authentication. This is used for validating clients/servers during
a network employing a cryptographic key. It is designed for executing strong authentication while reporting
to applications. The overall implementation of the Kerberos protocol is openly available by MIT and is
used in many mass-produced products.

Figure 3.6 : Network authentication

Some advantages of Kerberos :

• It supports various operating systems.
• The authentication key is shared much efficiently than public sharing.
Some disadvantages of Kerberos :
• It is used only to authenticate clients and services used by them.
• It shows vulnerability to soft or weak passwords.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Password Authentication Protocol(PAP)

Password Authentication Protocol is one of the oldest authentication protocols. Authentication is initialized by
the client sending a packet with credentials (username and password) at the beginning of the connection, with
the client repeating the authentication request until acknowledgement is received.[6] It is highly insecure
because credentials are sent "in the clear" and repeatedly, making it vulnerable even to the most simple
attacks like eavesdropping and man-in-the-middle based attacks. Although widely supported, it is
specified that if an implementation offers a stronger authentication method, that method must be offered
before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not
expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.

CHAP - Challenge-handshake authentication protocol

The authentication process in this protocol is always initialized by the server/host and can be performed
anytime during the session, even repeatedly. Server sends a random string (usually 128B long). The client uses
password and the string received as parameters for MD5 hash function and then sends the result
together with username in plain text. Server uses the username to apply the same function and
compares the calculated and received hash. An authentication is successful or unsuccessful.

EAP - Extensible Authentication Protocol

EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in IEEE 802.3,
IEEE 802.11(WiFi) or IEEE 802.16 as a part of IEEE 802.1x authentication framework. The latest
version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication
framework for client-server authentication - the specific way of authentication is defined in its many versions
called EAP-methods

Digital Signature Standard (DSS)

Signature is a way of authenticating the data coming from a trusted individual. Similarly, digital signature is a
way of authenticating a digital data coming from a trusted source.
Digital Signature Standard (DSS) is a Federal Information Processing Standard(FIPS) which defines algorithms
that are used to generate digital signatures with the help of Secure Hash Algorithm(SHA) for the
authentication of electronic documents. DSS only provides us with the digital signature function and not with
any encryption or key exchanging strategies.

Figure 3.7 : Digital Signature Standard (DSS)

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Downloaded from www.rgpvnotes.in, whatsapp: 8989595022

Sender Side:
In DSS Approach, a hash code is generated out of the message and following inputs are given to the signature
function –

1. The hash code.

2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the communicating principles) i.e., PU(g).
These input to the function will provide us with the output signature containing two components –‘s’ and ‘r’.
Therefore, the original message concatenated with the signature is sent to the receiver.

follow us on instagram for frequent updates: www.instagram.com/rgpvnotes.in

Thank you for using our services. Please support us so that we can
improve further and help more people.
https://www.rgpvnotes.in/support-us

If you have questions or doubts, contact us on

WhatsApp at +91-8989595022 or by email at hey@rgpvnotes.in.

For frequent updates, you can follow us on

Instagram: https://www.instagram.com/rgpvnotes.in/.