CN TY SEM I

-NINAD THORAT
CN TY SEM I
CN TY SEM I
APPLICATIO
N LAYER
APPLICATIO
N LAYER
PURPOSE
DOMAIN
NAME
SYSTEM
FLAT NAME
SPACE
HIERARCHICAL
NAME SPACE
DOMAIN NAME & LABELS
FQDN
PQDN
DISTRIBUTION & HIERARCHY OF DOMAIN NAME
SPACE
ZONE

• The DNS is broken up into many different zones. These zones differentiate
between distinctly managed areas in the DNS namespace. A DNS zone is a
portion of the DNS namespace that is managed by a specific organization or
administrator. A DNS zone is an administrative space which allows for more
granular control of DNS components, such as authoritative nameservers. The
domain name space is a hierarchical tree, with the DNS root domain at the top.
A DNS zone starts at a domain within the tree and can also extend down into
subdomains so that multiple subdomains can be managed by one entity.
EXAMPLE

• For example, imagine a hypothetical zone for the cloudflare.com domain and
three of its subdomains: support.cloudflare.com, community.cloudflare.com,
and blog.cloudflare.com. Suppose the blog is a robust, independent site that
needs separate administration, but the support and community pages are
more closely associated with cloudflare.com and can be managed in the same
zone as the primary domain. In this case, cloudflare.com as well as the
support and community sites would all be in one zone, while
blog.cloudflare.com would exist in its own zone.
ZONE
WHAT IS A DNS ZONE FILE?

• A zone file is a plain text file stored in a DNS server that contains an actual
representation of the zone and contains all the records for every domain
within the zone. Zone files must always start with a
Start of Authority (SOA) record, which contains important information
including contact information for the zone administrator.
ZONE
• WHAT IS A REVERSE LOOKUP ZONE?

• A reverse lookup zone contains mapping from an IP address to the host (the
opposite function of most DNS zones). These zones are used for
troubleshooting, spam filtering,
ZONE
TYPES
 ROOT
NAME
SERVERS
HIERARCHY OF NAME SERVERS
• Root name servers – It is contacted by name servers that can not resolve the name. It
contacts authoritative name server if name mapping is not known. It then gets the mapping
and return the IP address to the host.
• Top level server – It is responsible for com, org, edu etc and all top level country domains
like uk, fr, ca, in etc. They have info about authoritative domain servers and know names
and IP addresses of each authoritative name server for the second level domains.
• Authoritative name servers This is organization’s DNS server, providing authoritative
hostName to IP mapping for organization servers. It can be maintained by organization or
service provider. In order to reach cse.dtu.in we have to ask the root DNS server, then it
will point out to the top level domain server and then to authoritative domain name server
which actually contains the IP address. So the authoritative domain server will return the
associative ip address.
INTERNET
DOMAINS
• GENERIC DOMAINS

• It defines the registered hosts according to their generic behavior.

• Each node in a tree defines the domain name, which is an index to the DNS
database.
• It uses three-character labels, and these labels describe the organization type.
 Label Description
GENERIC aero Airlines and aerospace companies
DOMAIN biz Busineasses or firms
com Commercial Organizations
coop Cooperative business Organizations
edu Educational institutions
gov Government institutions
info Information service providers
int International Organizations
mil Military groups
museum Museum & other nonprofit organizations
name Personal names
net Network Support centers
org Nonprofit Organizations
pro Professional individual Organizations
• COUNTRY DOMAIN

• The format of country domain is same as a generic domain, but it uses two-
character country abbreviations (e.g., us for the United States) in place of
three character organizational abbreviations.
ADDRESS
RESOLUTION
• Recursive vs iterative
ELECTRONIC MAIL
• Electronic mail is often referred to as E-mail and it is a method used for exchanging digital
messages.
• Electronic mail is mainly designed for human use.
• It allows a message to includes text, image, audio as well as video.
• This service allows one message to be sent to one or more than one recipient.
• The E-mail systems are mainly based on the store-and-forward model where the E-mail server
system accepts, forwards, deliver and store the messages on behalf of users who only need to
connect to the infrastructure of the Email.
• The Person who sends the email is referred to as the Sender while the person who receives an
email is referred to as the Recipient.
NEED OF AN EMAIL

• By making use of Email, we can send any message at any time to anyone.
• We can send the same message to several peoples at the same time.
• It is a very fast and efficient way of transferring information.
• The email system is very fast as compared to the Postal system.
• Information can be easily forwarded to coworkers without retyping it.
COMPONENTS OF E-MAIL SYSTEM

• 1. User Agent(UA)
• It is a program that is mainly used to send and receive an email. It is also known as an email reader.
• User-Agent is used to compose, send and receive emails.
• It is the first component of an Email.
• User-agent also handles the mailboxes.
• The User-agent mainly provides the services to the user in order to make the sending and receiving process of message easier.
• Given below are some services provided by the User-Agent:
• 1.Reading the Message
• 2.Replying the Message
• 3.Composing the Message
• 4.Forwarding the Message.
• 5.Handling the Message.
Here are some of the potential user agents that you could list:
• Firefox
• Safari
• Chrome
• Opera
• BlackBerry
• Beonex
COMPONENTS OF E-MAIL SYSTEM

• 2. Message Transfer Agent

• The actual process of transferring the email is done through the Message Transfer
Agent(MTA).
• In order to send an Email, a system must have an MTA client.
• In order to receive an email, a system must have an MTA server.
• The protocol that is mainly used to define the MTA client and MTA server on the internet is
called SMTP(Simple Mail Transfer Protocol).
• The SMTP mainly defines how the commands and responses must be sent back and forth
COMPONENTS OF E-MAIL SYSTEM

• 3. Message Access Agent

• In the first and second stages of email delivery, we make use of SMTP.
• SMTP is basically a Push protocol.
• The third stage of the email delivery mainly needs the pull protocol, and at
this stage, the message access agent is used.
• The two protocols used to access messages are POP and IMAP4.
COMPONENTS OF E-MAIL SYSTEM

First Scenario
• When the sender and the receiver of an E-mail are on the same system, then
there is the need for only two user agents.
Second Scenario
• In this scenario, the sender and receiver of an e-mail are basically users on the
two different systems. Also, the message needs to send over the Internet. In this
case, we need to make use of User Agents and Message transfer agents(MTA).
COMPONENTS OF E-MAIL SYSTEM

Third Scenario
• In this scenario, the sender is connected to the system via a point-to-point WAN
it can be either a dial-up modem or a cable modem. While the receiver is directly
connected to the system like it was connected in the second scenario.
• Also in this case sender needs a User agent(UA) in order to prepare the message.
After preparing the message the sender sends the message via a pair of MTA
through LAN or WAN.
COMPONENTS OF E-MAIL SYSTEM

FOURTH SCENARIO
• In this scenario, the receiver is also connected to his mail server with the help of WAN or
LAN.
• When the message arrives the receiver needs to retrieve the message; thus there is a need for
another set of client/server agents. The recipient makes use of MAA(Message access agent)
client in order to retrieve the message.
• In this, the client sends the request to the Mail Access agent(MAA) server and then makes a
request for the transfer of messages.
• This scenario is most commonly used today.
SIMPLE MAIL TRANSFER PROTOCOL (SMTP)

• Email is emerging as one of the most valuable services on the internet today.
Most internet systems use SMTP as a method to transfer mail from one user
to another. SMTP is a push protocol and is used to send the mail whereas
POP (post office protocol) or IMAP (internet message access protocol) are
used to retrieve those emails at the receiver’s side.
MULTIPURPOSE INTERNET MAIL EXTENSION
(MIME) PROTOCOL

• Multipurpose Internet Mail Extension (MIME) is a standard that was

proposed by Bell Communications in 1991 in order to expand the limited
capabilities of email.
MIME is a kind of add-on or a supplementary protocol that allows non-
ASCII data to be sent through SMTP. It allows the users to exchange
different kinds of data files on the Internet: audio, video, images, application
programs as well.
LIMITATIONS OF SIMPLE MAIL TRANSFER
PROTOCOL (SMTP):

• SMTP has a very simple structure

• Its simplicity however comes with a price as it only sends messages in NVT 7-
bit ASCII format.
• It cannot be used for languages that do not support 7-bit ASCII format such as
French, German, Russian, Chinese and Japanese, etc. so it cannot be transmitted
using SMTP. So, in order to make SMTP more broad, we use MIME.
• It cannot be used to send binary files or video or audio data.
• FEATURES OF MIME –

• It is able to send multiple attachments with a single message.

• Unlimited message length.
• Binary attachments (executables, images, audio, or video files) may be
divided if needed.
• MIME provided support for varying content types and multi-part messages.
MIME HEADER:

• It is added to the original e-mail header section to define transformation. There are five headers that we add to
the original header:
• MIME-Version – Defines the version of the MIME protocol. It must have the parameter Value 1.0, which
indicates that message is formatted using MIME.
• Content-Type – Type of data used in the body of the message. They are of different types like text data
(plain, HTML), audio content, or video content.
• Content-Type Encoding – It defines the method used for encoding the message. Like 7-bit encoding, 8-bit
encoding, etc.
• Content Id – It is used for uniquely identifying the message.
• Content description – It defines whether the body is actually an image, video, or audio.
POP

• POP stands for Point of Presence (also known as Post Office Protocol).
• It is a point where many devices share a connection and can communicate with
each other. We can say that it is a man-made demarcation point (a point where
the public network of a company ends and the private network of the customer
begins for eg. the point at which your broadband cable enters the house)
between communicating entities. It basically consists of high-speed
telecommunications equipment and technologies helps in bringing together
people from all over the internet.
POP

• Characteristics of POP :
• Post Office Protocol is an open protocol, defined by Internet RFCs.
• A Request for Comments is a publication in a series, from the principal technical development and
standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force.
• It allows access to new mail from a spread of client platform types.
• It supports download and delete functions even when offline.
• It requires no mail gateways due to its native nature.
• POP can handle email access only while the emails are sent by SMTP.
INTERNET MESSAGE ACCESS PROTOCOL (IMAP)

• Internet Message Access Protocol (IMAP)

• is an application layer protocol that operates as a contact for receiving emails
from the mail server.
FEATURES OF IMAP :

• It is capable of managing multiple mailboxes and organizing them into various

categories.
• Provides adding of message flags to keep track of which messages are being seen.
• It is capable of deciding whether to retrieve email from a mail server before
downloading.
• It makes it easy to download media when multiple files are attached.
FILE TRANSFER PROTOCOL (FTP) IN
APPLICATION LAYER

• File Transfer Protocol(FTP) is an application layer protocol which moves

files between local and remote file systems. It runs on the top of TCP, like
HTTP. To transfer a file, 2 TCP connections are used by FTP in parallel:
control connection and data connection.
What is control connection?
For sending control information like user identification, password,
commands to change the remote directory, commands to retrieve and store
files, etc., FTP makes use of control connection. The control connection is
initiated on port number 21
• What is data connection?
For sending the actual file, FTP makes use of data connection. A data
connection is initiated on port number 20.
• FTP sends the control information out-of-band as it uses a separate control
connection. Some protocols send their request and response header lines and
the data in the same TCP connection. For this reason, they are said to send
their control information in-band. HTTP and SMTP are such examples
Data Structures : FTP allows three types of data structures :
• File Structure – In file-structure there is no internal structure and the file is
considered to be a continuous sequence of data bytes.
• Record Structure – In record-structure the file is made up of sequential
records.
• Page Structure – In page-structure the file is made up of independent
indexed pages.
ANONYMOUS FTP

• Anonymous FTP is enabled on some sites whose files are available for
public access. A user can access these files without having any username
or password. Instead, the username is set to anonymous and password to
the guest by default. Here, user access is very limited. For example, the
user can be allowed to copy the files but not to navigate through
directories.
SIMPLE MODERN CIPHER

• XOR
• The basic idea behind XOR – encryption is, if you don’t know the XOR-encryption key
before decrypting the encrypted data, it is impossible to decrypt the data. For example,
if you XOR two unknown variables you cannot tell what the output of those variables is.
Consider the operation A XOR B, and this returns true. Now if the value of one of the
variable is known we can tell the value of another variable. If A is True then B should be
False or if A is False then B should be true according to the properties of the boolean
XOR operation. Without knowing one of the value we can not decrypt the data and this
idea is used in XOR – encryption.
ROTATION CHIPHER
S-BOX
P BOX
DES
DES ROUND
ECB(ELECTRON
IC CODEBOOK)
ENCRYPTION
ECB DECRYPTION
CBC(CIPHER
BLOCK CHAINING
) ENCRYPTION
CBC
DECRYPTION
CIPHER
FEEDBACK (CFB)
ENCRYPTION
CIPHER
FEEDBACK (CFB)
DECRYPTION
PROPAGATING CIPHER
BLOCK CHAINING
(PCBC) ENCRYPTION
PROPAGATING
CIPHER BLOCK
CHAINING (PCBC)
DECRYPTION
SECURITY SERVICES

• Message confidentiality- with symmetric key

• The message is confidential, so Alice uses a key to encrypt the message. The
original message is called a plaintext while the encrypted message is called a
ciphertext. The ciphertext is sent to Bob, who knows the key and uses the same
symmetric cipher (e.g., AES or 3DES). Thus Bob is able to decrypt the message.
• Alice and Bob share the key, which is called symmetric. They are the only ones who
know the key and no one else is able to read the encrypted message. This way,
confidentiality is achieved.
SECURITY SERVICES

• Message confidentiality- with asymmetric key

• Two keys are used in asymmetric cipher (e.g., RSA)—a public and a private one. The
public one is available for everyone, but the private one is known only by the owner.
When the message is encrypted with the public key, only the corresponding private key
can decrypt it. Moreover, the private key can’t be learned from the public one.
• Asymmetric cipher solves the problem of secure key distribution. Alice takes Bob’s public
key and uses it to encrypt the session key. Only Bob can then decrypt the encrypted
session key, because he is the only one who knows the corresponding private key.
MESSAGE INTEGRITY

• The validity of a transmitted message. Message integrity means that a

message has not been tampered with or altered. The most common approach
is to use a hash function that combines all the bytes in the message with a
secret key and produces a message digest that is difficult to reverse. Integrity
checking is one component of an information security program
MESSAGE INTEGRITY DOCUMENT AND
FINGERPRINT

• On way to preserve the integrity of a document is through the use of a

fingerprint.
• If Alice needs to ensure the content of her document will not changed, she can
put her fingerprint at the bottom of the document. Eve cannot modify the
contents of the document or create a false document because she cannot she
cannot forge Alice’s fingerprint. Q: How to ensure the document not been
changed? A: Compare Alice’s fingerprint on the document with Alice’s
fingerprint on file.
MESSAGE AND MESSAGE DIGEST

• The electronic equivalent of the document and fingerprint pair is the massage
and digest pair.
• A message is passed through an algorithm called a cryptographic hash
function to preserve the integrity.
• The function creates a compressed image of the message that can be used
like a fingerprint
MESSAGE AND MESSAGE DIGEST
MESSAGE AND MESSAGE DIGEST

• The two pairs (document/fingerprint) and (message/ message digest) are similar,
with some differences:
• (document/fingerprint) are physically linked together.
• (message/message digest) can be unlinked and send separately.

• The most important: •

• message digest needs to be safe from any change.
MESSAGE INTEGRITY
MESSAGE AUTHENTICATION

• The message digest guarantees the integrity of a message that not been changed.
• However, message digest does not authenticate the sender of the message. • To provide
message authentication, sender needs to provide proof that he/she sending the message
and not an impostor.
• The digest created by a cryptographic hash function is called a Modification Detection
Code (MDC).
• detect any modification in the message.
• For message authentication, we need a Message Authentication Code (MAC).
MESSAGE AUTHENTICATION

• MDC is a message digest that can prove the integrity of the message that not
been changed during transmission.
• Sender create a message digest MDC, and sends with the message to
receiver.
• Receiver creates a new MDC from the message and compare the MDC
received.
• If they are the same, the message has not been changed.
MDC

• The MDC needs to be transferred through a secure channel.

MESSAGE AUTHENTICATION CODE (MAC)

• To ensure the integrity of the message and the data origin authentication
(message authentication), the MDC needs to be changed to a MAC.
• The different: the MAC included a secret between sender and receiver. •
Note that there is no need to use two channels in this case.
• Both message and MAC can be sent on the same insecure channel.
• Figure 11.9 illustrates the idea
MAC
HMAC
DIGITAL SIGNATURE

• A digital signature is a mathematical technique used to validate the authenticity

and integrity of a message, software or digital document. It's the digital
equivalent of a handwritten signature or stamped seal, but it offers far more
inherent security. A digital signature is intended to solve the problem of
tampering and impersonation in digital communications.
• Digital signatures can provide evidence of origin, identity and status of
electronic documents, transactions or digital messages. Signers can also use
them to acknowledge informed consent.
• HOW DO DIGITAL SIGNATURES WORK?

• Digital signatures are based on public key cryptography, also known as

asymmetric cryptography. Using a public key algorithm, such as RSA (Rivest-
Shamir-Adleman), two keys are generated, creating a mathematically linked
pair of keys, one private and one public.
• Digital signatures work through public key cryptography's two
mutually authenticating cryptographic keys. The individual who creates the
digital signature uses a private key to encrypt signature-related data, while the
only way to decrypt that data is with the signer's public key.
DIGITAL SIGNATURE
ENTITY AUTHENTICATION

• Entity authentication is a technique designed to let one party prove the

identity of another party. An entity can be a person, a process, a client, or a
server. The entity whose identity needs to be proved is called the claimant;
the party that tries to prove the identity of the claimant is called the verifier.
PASSWORD

• The simplest and oldest method of entity authentication is the password-

based authentication, where the password is something that the claimant
knows.
• Fixed Password
• One-Time Password