1. Pretty Good Privacy (PGP) Services.

With the explosively growing reliance on electronic mail for every conceivable pur-
pose, there grows a demand for authentication and confidentiality services. Two
schemes stand out as approaches that enjoy widespread use: Pretty Good Privacy
(PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). The latter is a
security en-hancement to the MIME Internet e-mail format standard, based on
technology from RSA Data Security. Although both PGP and S/MIME are on an
IETF standards track, it appears likely that S/MIME will emerge as the industry
standard for commercial and organisational use, while PGP will remain the choice for
personal e-mail security for many users. In this course we will only be looking at
PGP. S/MIME is discussed in detail in the recommended text.

PGP consists of the following five services:

1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation

1 Authentication

Figure 12.2a illustrates the digital signature service provided by PGP. The figure is
similar to ones we have looked at earlier. The hash function used is SHA-1 which
creates a 160 bit message digest. EP (DP) represents public encryption (decryption)
and the algorithm used can be RSA or DSS (recall that the DSS can only be used for
the digital signature function and unlike RSA cannot be used for encryption or key
exchange). The message may be compressed using and algorithm called ZIP. This is
represented by “Z” in the figure.
The combination of SHA-1 and RSA provides an effective digital signature scheme.
Due to the strength of RSA the recipient is assured that only the possessor of the
matching private key can generate the signature. Because of the strength of SHA-1
the recipient is assured that no one else could generate a new message that matches
the hash code and hence, the signature of the original message.

2 Confidentiality

Another basic service provided by PGP is confidentiality which is provided by

encrypt-ing messages to be transmitted or to be stored locally as files. In both cases,
the user has a choice of CAST-128, IDEA or 3DES in 64 bit cipher feedback (CFB)
mode. The symmetric key is used only once and is created as a random number with
the required number of bits. It is transmitted along with the message and is encrypted
using the recipients public key. Figure 12.2c illustrates the sequence:
 1. The sender generates a message and a random number to be used as a session
key for this message only.

2. The message is encrypted using CAST-128, IDEA or 3DES with the session key.

3. The session key is encrypted with RSA (or another algorithm known as ElGa-
mal) using the recipients public key and is prepended to the message.

4. The receiver uses RSA with its private key to decrypt and recover the session
key.

5. The session key is used to decrypt the message.

As mentioned before, public key encryption is a lot more computationally intensive

than symmetric encryption. For this reason both forms are used as public key encryp-
tion solves the key distribution problem. However as will be noticed, the message
itself (which is the largest part of the transmission) is encrypted using symmetric key
cryptography whereas only the key is encrypted using the public key algorithm.
3 Compression

As a default, PGP compresses the message after applying the signature but before
encryption. This has the benefit of saving space both for e-mail transmission and for
file storage.
The placement of the compression algorithm, indicated by Z for compression and
Z−1 for decompression in figure 12.2 is critical:

1. The signature is generated before compression for two reasons:

(a) It is preferable to sign an uncompressed message so it is free of the need

for a compression algorithm for later verification.
(b) Different version of PGP produce different compressed forms. Applying
the hash function and signature after compression would constrain all
PGP implementation to the same version of the compression algorithm.

2. Message encryption is applied after compression to strengthen cryptographic

security. Because the compressed message has less redundancy than the
original plaintext, cryptanalysis is more difficult.

The compression algorithm used is called ZIP which is described in the

recommended text.

4 E-mail compatibility

Many electronic mail systems only permit the use of blocks consisting of ASCII text.
When PGP is used, at least part of the block to be transmitted is encrypted. This ba-
sically produces a sequence of arbitrary binary words which some mail systems
won’t accept. To accommodate this restriction PGP uses and algorithm known as
radix64 which maps 6 bits of a binary data into and 8 bit ASCII character.
Unfortunately this expands the message by 33% however, with the compression
algorithm the overall compression will be about one third (in general).
 5 Segmentation

E-mail facilities are often restricted to a maximum message length. For example,
many of the facilities accessible throughout the Internet impose a maximum length of
50,000 octets. Any message longer than that must be broken up into smaller
segments, each of which is mailed separately.
To accommodate this restriction, PGP automatically subdivides a message that is
too large into segments that are small enough to sent via e-mail. The segmentation is
done after all the other processing, including the radix-64 conversion. Thus the session
key component and signature component appear only once, at the beginning of the first
segment. At the receiving end.

2. Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the
Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user
is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a
combination of digital certificates and digital signatures among the purchaser, a merchant, and the
purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure
Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure
Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure
(PKI).

SET works:

Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet
Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server.

1. The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind
of bank.
2. The customer receives a digital certificate. This electronic file functions as a credit card for online
purchases or other transactions. It includes a public key with an expiration date. It has been
through a digital switch to the bank to ensure its validity.
3. Third-party merchants also receive certificates from the bank. These certificates include the
merchant's public key and the bank's public key.
4. The customer places an order over a Web page, by phone, or some other means.
5. The customer's browser receives and confirms from the merchant's certificate that the merchant is
valid.
6. The browser sends the order information. This message is encrypted with the merchant's public
key, the payment information, which is encrypted with the bank's public key (which can't be read
by the merchant), and information that ensures the payment can only be used with this particular
order.
7. The merchant verifies the customer by checking the digital signature on the customer's certificate.
This may be done by referring the certificate to the bank or to a third-party verifier.
8. The merchant sends the order message along to the bank. This includes the bank's public key, the
customer's payment information (which the merchant can't decode), and the merchant's
certificate.
9. The bank verifies the merchant and the message. The bank uses the digital signature on the
certificate with the message and verifies the payment part of the message.
10. The bank digitally signs and sends authorization to the merchant, who can then fill the order.
Bottom of Form order.
 3. Intrusion Detection System (IDS) mean?

An intrusion detection system (IDS) is a type of security software designed to automatically alert
administrators when someone or something is trying to compromise information system through
malicious activities or through security policy violations.

An IDS works by monitoring system activity through examining vulnerabilities in the system,
the integrity of files and conducting an analysis of patterns based on already known attacks. It
also automatically monitors the Internet to search for any of the latest threats which could result
in a future attack.

Classification of Intrusion Detection System:

 Network Intrusion Detection System: This system monitors the traffic on individual
networks or subnets by continuously analyzing the traffic and comparing it with the
known attacks in the library. If an attack is detected, an alert is sent to the system
administration. It is placed mostly at important points in the network so that it can keep
an eye on the traffic travelling to and from the different devices on the network. The IDS
is placed along the network boundary or between the network and the server. An
advantage of this system is that it can be deployed easily and at low cost, without having
to be loaded for each system.

 Host Intrusion Detection System: Such system works on individual systems where the
network connection to the system, i.e. incoming and outgoing of packets are constantly
monitored and also the auditing of system files is done and in case of any discrepancy,
the system administrator is alerted about the same. This system monitors the operating
system of the computer. The IDS is installed on the computer. Advantage of this system
is it can accurately monitor the whole system and does not require installation of any
other hardware.

 Signature based Intrusion Detection System: This system works on the principle of
matching. The data is analyzed and compared with the signature of known attacks. Incase
of any matching, an alert is issued. An advantage of this system is it has more accuracy
and standard alarms understood by user.

 Anomaly based Intrusion Detection System: It consists of a statistical model of a

normal network traffic which consists of the bandwidth used, the protocols defined for
the traffic, the ports and devices which are part of the network. It regularly monitors the
network traffic and compares it with the statistical model. In case of any anomaly or
discrepancy, the administrator is alerted. An advantage of this system is they can detect
new and unique attacks.

 Passive Intrusion Detection System: It simply detects the kind of malware operation
and issues an alert to the system or network administrator. (What we have been seeing till
now!).The required action is then taken by the administrator.

 Reactive Intrusion Detection System: It not only detects the threat but also performs
specific action by resetting the suspicious connection or blocks the network traffic from
the suspicious source. It is also known as Intrusion Prevention System.