COMPUTER NETWORK

UNIT-5
Application Layer:
Basic Concept of Application Layer: Domain Name System, World
Wide Web, Hyper Text Transfer Protocol, Electronic mail, File Transfer
Protocol, Remote login.
Introduction to Cryptography: Definition, Goal, Applications,
Attacks, Encryption, decryption, public-key and private key
Cryptography

PART-1
Basic Concept of Application Layer: Domain Name System, World
Wide Web, Hyper Text Transfer Protocol, Electronic mail, File Transfer
Protocol, Remote login.

Domain Name System(DNS):

Domain Name System (DNS) is a hostname for IP address translation service. DNS is a
distributed database implemented in a hierarchy of name servers. It is an application layer
protocol for message exchange between clients and servers. It is required for the functioning
of the Internet.

Need of DNS
Every host is identified by the IP address but remembering numbers is very difficult for
people also the IP addresses are not static therefore a mapping is required to change the
domain name to the IP address. So DNS is used to convert the domain name of the websites
to their numerical IP address.

Types of Domain
There are various kinds of domain:

1. Generic domains: .com(commercial), .edu(educational), .mil(military), .org(nonprofit

organization), .net(similar to commercial) all these are generic domains.
2. Country domain: .in (India) .us .uk
3. Inverse domain: if we want to know what is the domain name of the website. Ip to
domain name mapping.

Generic Domains
o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS database.
o It uses three-character labels, and these labels describe the organization type.

Label Description
aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

mil Military groups

museum Museum & other nonprofit organizations

name Personal names

net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain

The format of country domain is same as a generic domain, but it uses two-character
country abbreviations (e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain

The inverse domain is used for mapping an address to a name. When the server has
received a request from the client, and the server contains the files of only authorized
clients. To determine whether the client is on the authorized list or not, it sends a
query to the DNS server and ask for mapping an address to the name.

Working of DNS
o DNS is a client/server network communication protocol. DNS clients send requests to
the. server while DNS servers send responses to the client.
 o Client requests contain a name which is converted into an IP address known as a
forward DNS lookups while requests containing an IP address which is converted into
a name known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available
on the internet.
o If a client like a web browser sends a request containing a hostname, then a piece of
software such as DNS resolver sends a request to the DNS server to obtain the IP
address of a hostname. If DNS server does not contain the IP address associated with
a hostname, then it forwards the request to another DNS server. If IP address has
arrived at the resolver, which in turn completes the request over the internet protocol.

World Wide Web(WWW):

World Wide Web, which is also known as a Web, is a collection of websites or web
pages stored in web servers and connected to local computers through the internet.
These websites contain text pages, digital images, audios, videos, etc. Users can
access the content of these sites from any part of the world over the internet using
their devices such as computers, laptops, cell phones, etc. The WWW, along with
internet, enables the retrieval and display of text and media to your device.

The building blocks of the Web are web pages which are formatted in HTML and
connected by links called "hypertext" or hyperlinks and accessed by HTTP. These links
are electronic connections that link related pieces of information so that users can
access the desired information quickly. Hypertext offers the advantage to select a
word or phrase from text and thus to access other pages that provide additional
information related to that word or phrase.
A web page is given an online address called a Uniform Resource Locator (URL). A
particular collection of web pages that belong to a specific URL is called a website,
e.g., www.facebook.com, www.google.com, etc. So, the World Wide Web is like a huge
electronic book whose pages are stored on multiple servers across the world.

Small websites store all of their WebPages on a single server, but big websites or
organizations place their WebPages on different servers in different countries so that
when users of a country search their site they could get the information quickly from
the nearest server.

Hyper Text Transfer Protocol(HTTP):

o HTTP stands for HyperText Transfer Protocol.
o It is a protocol used to access the data on the World Wide Web (www).
o The HTTP protocol can be used to transfer the data in the form of plain text,
hypertext, audio, video, and so on.
o This protocol is known as HyperText Transfer Protocol because of its efficiency that
allows us to use in a hypertext environment where there are rapid jumps from one
document to another document.
o HTTP is similar to the FTP as it also transfers the files from one host to another host.
But, HTTP is simpler than FTP as HTTP uses only one connection, i.e., no control
connection to transfer the files.
o HTTP is used to carry the data in the form of MIME-like format.
o HTTP is similar to SMTP as the data is transferred between client and server. The
HTTP differs from the SMTP in the way the messages are sent from the client to the
server and from server to the client. SMTP messages are stored and forwarded while
HTTP messages are delivered immediately.

Features of HTTP:
o Connectionless protocol: HTTP is a connectionless protocol. HTTP client initiates a
request and waits for a response from the server. When the server receives the
request, the server processes the request and sends back the response to the HTTP
client after which the client disconnects the connection. The connection between
client and server exist only during the current request and response time only.
 o Media independent: HTTP protocol is a media independent as data can be sent as
long as both the client and server know how to handle the data content. It is required
for both the client and server to specify the content type in MIME-type header.
o Stateless: HTTP is a stateless protocol as both the client and server know each other
only during the current request. Due to this nature of the protocol, both the client
and server do not retain the information between various requests of the web pages.

HTTP Transactions

The above figure shows the HTTP transaction between client and server. The client
initiates a transaction by sending a request message to the server. The server replies
to the request message by sending a response message.

Messages

HTTP messages are of two types: request and response. Both the message types
follow the same message format.
Request Message: The request message is sent by the client that consists of a
request line, headers, and sometimes a body.

Response Message: The response message is sent by the server to the client that
consists of a status line, headers, and sometimes a body.

Electronic mail:

E-mail is defined as the transmission of messages on the Internet. It is one of the

most commonly used features over communications networks that may contain text,
files, images, or other attachments. Generally, it is information that is stored on a
computer sent through a network to a specified individual or group of individuals.

Email messages are conveyed through email servers; it uses multiple protocols within
the TCP/IP suite. For example, SMTP is a protocol, stands for simple mail transfer
protocol and used to send messages whereas other protocols IMAP or POP are used
to retrieve messages from a mail server.

SMTP
o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
 o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it
also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the
errors such as incorrect email address. For example, if the recipient address is wrong,
then receiving server reply with an error message of some kind.

Components of SMTP

o First, we will break the SMTP client and SMTP server into two components such as
user agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the
message, creates the envelope and then puts the message in the envelope. The mail
transfer agent (MTA) transfers this mail across the internet.
o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be added,
acting either as a client or server to relay the email.

o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a relay
MTA that can be used to receive an email.
Working of SMTP
1. Composition of Mail: A user sends an e-mail by composing an electronic mail
message using a Mail User Agent (MUA). Mail User Agent is a program which is used
to send and receive mail. The message contains two parts: body and header. The
body is the main part of the message while the header includes information such as
the sender and recipient address. The header also includes descriptive information
such as the subject of the message. In this case, the message body is like a letter and
header is like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient and
domain name. For example, [email protected], where "vivek" is the username of the
recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA). To relay
the email, the MTA will find the target domain. It checks the MX record from Domain
Name System to obtain the target domain. The MX record contains the domain name
and IP address of the recipient's domain. Once the record is located, MTA connects to
the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which stores
the e-mail where it waits for the user to retrieve it.
 5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using
MUA (Mail User Agent). MUA can be accessed by using login and password.

POP Protocol

The POP protocol stands for Post Office Protocol. As we know that SMTP is used as a
message transfer agent. When the message is sent, then SMPT is used to deliver the
message from the client to the server and then to the recipient server. But the
message is sent from the recipient server to the actual server with the help of the
Message Access Agent. The Message Access Agent contains two types of protocols,
i.e., POP3 and IMAP.

How is mail transmitted?

Suppose sender wants to send the mail to receiver. First mail is transmitted to the
sender's mail server. Then, the mail is transmitted from the sender's mail server to
the receiver's mail server over the internet. On receiving the mail at the receiver's
mail server, the mail is then sent to the user. The whole process is done with the help
of Email protocols. The transmission of mail from the sender to the sender's mail
server and then to the receiver's mail server is done with the help of the SMTP
protocol. At the receiver's mail server, the POP or IMAP protocol takes the data and
transmits to the actual user.

Since SMTP is a push protocol so it pushes the message from the client to the server.
As we can observe in the above figure that SMTP pushes the message from the client
to the recipient's mail server. The third stage of email communication requires a pull
protocol, and POP is a pull protocol. When the mail is transmitted from the recipient
mail server to the client which means that the client is pulling the mail from the
server.
What is POP3?
The POP3 is a simple protocol and having very limited functionalities. In the case of
the POP3 protocol, the POP3 client is installed on the recipient system while the
POP3 server is installed on the recipient's mail server.

POP3 protocol has undergone various enhancements, the developers maintained a

basic principle that it follows a three-stage process at the time of mail retrieval
between the client and the server. They tried to make this protocol very simple, and
this simplicity makes this protocol very popular today.

Let's understand the working of the POP3 protocol.

To establish the connection between the POP3 server and the POP3 client, the POP3
server asks for the user name to the POP3 client. If the username is found in the
POP3 server, then it sends the ok message. It then asks for the password from the
POP3 client; then the POP3 client sends the password to the POP3 server. If the
password is matched, then the POP3 server sends the OK message, and the
connection gets established. After the establishment of a connection, the client can
see the list of mails on the POP3 mail server. In the list of mails, the user will get the
email numbers and sizes from the server. Out of this list, the user can start the
retrieval of mail.

Once the client retrieves all the emails from the server, all the emails from the server
are deleted. Therefore, we can say that the emails are restricted to a particular
machine, so it would not be possible to access the same mails on another machine.
This situation can be overcome by configuring the email settings to leave a copy of
mail on the mail server.

IMAP: IMAP stands for Internet Message Access Protocol. It is an application layer
protocol which is used to receive the emails from the mail server. It is the most
commonly used protocols like POP3 for retrieving the emails.

It also follows the client/server model. On one side, we have an IMAP client, which is
a process running on a computer. On the other side, we have an IMAP server, which
is also a process running on another computer. Both computers are connected
through a network.

The IMAP protocol resides on the TCP/IP transport layer which means that it
implicitly uses the reliability of the protocol. Once the TCP connection is established
between the IMAP client and IMAP server, the IMAP server listens to the port 143 by
default, but this port number can also be changed.

SNMP
o SNMP stands for Simple Network Management Protocol.
o SNMP is a framework used for managing devices on the internet.
o It provides a set of operations for monitoring and managing the internet.
SNMP Concept

o SNMP has two components Manager and agent.

o The manager is a host that controls and monitors a set of agents such as routers.
o It is an application layer protocol in which a few manager stations can handle a set of
agents.
o The protocol designed at the application level can monitor the devices made by
different manufacturers and installed on different physical networks.
o It is used in a heterogeneous network made of different LANs and WANs connected
by routers or gateways.

Managers & Agents

o A manager is a host that runs the SNMP client program while the agent is a router
that runs the SNMP server program.
o Management of the internet is achieved through simple interaction between a
manager and agent.
o The agent is used to keep the information in a database while the manager is used to
access the values in the database. For example, a router can store the appropriate
variables such as a number of packets received and forwarded while the manager can
compare these variables to determine whether the router is congested or not.
o Agents can also contribute to the management process. A server program on the
agent checks the environment, if something goes wrong, the agent sends a warning
message to the manager.
Management with SNMP has three basic ideas:
o A manager checks the agent by requesting the information that reflects the behavior
of the agent.
o A manager also forces the agent to perform a certain function by resetting values in
the agent database.
o An agent also contributes to the management process by warning the manager
regarding an unusual condition.

Management Components
o Management is not achieved only through the SNMP protocol but also the use of
other protocols that can cooperate with the SNMP protocol. Management is achieved
through the use of the other two protocols: SMI (Structure of management
information) and MIB(management information base).
o Management is a combination of SMI, MIB, and SNMP. All these three protocols such
as abstract syntax notation 1 (ASN.1) and basic encoding rules (BER).

SMI

The SMI (Structure of management information) is a component used in network

management. Its main function is to define the type of data that can be stored in an
object and to show how to encode the data for the transmission over a network.

MIB

o The MIB (Management information base) is a second component for the network
management.
o Each agent has its own MIB, which is a collection of all the objects that the manager
can manage. MIB is categorized into eight groups: system, interface, address
translation, ip, icmp, tcp, udp, and egp. These groups are under the mib object.
SNMP

SNMP defines five types of messages: GetRequest, GetNextRequest, SetRequest,

GetResponse, and Trap.

GetRequest: The GetRequest message is sent from a manager (client) to the agent
(server) to retrieve the value of a variable.

GetNextRequest: The GetNextRequest message is sent from the manager to agent

to retrieve the value of a variable. This type of message is used to retrieve the values
of the entries in a table. If the manager does not know the indexes of the entries,
then it will not be able to retrieve the values. In such situations, GetNextRequest
message is used to define an object.

GetResponse: The GetResponse message is sent from an agent to the manager in

response to the GetRequest and GetNextRequest message. This message contains
the value of a variable requested by the manager.

SetRequest: The SetRequest message is sent from a manager to the agent to set a
value in a variable.

Trap: The Trap message is sent from an agent to the manager to report an event. For
example, if the agent is rebooted, then it informs the manager as well as sends the
time of rebooting.

File Transfer Protocol(FTP):

o FTP stands for File transfer protocol.
o FTP is a standard internet protocol provided by TCP/IP used for transmitting the files
from one host to another.
o It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.

Objectives of FTP

o It provides the sharing of files.

o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.

Why FTP?

Although transferring files from one system to another is very simple and
straightforward, but sometimes it can cause problems. For example, two systems may
have different file conventions. Two systems may have different ways to represent
text and data. Two systems may have different directory structures. FTP protocol
overcomes these problems by establishing two connections between hosts. One
connection is used for data transfer, and another connection is used for the control
connection.

Mechanism of FTP
The above figure shows the basic model of the FTP. The FTP client has three
components: the user interface, control process, and data transfer process. The server
has two components: the server control process and the server data transfer process.

There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command or
line of response at a time. The control connection is made between the control
processes. The control connection remains connected during the entire interactive
FTP session.
o Data Connection: The Data Connection uses very complex rules as data types may
vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes when
the file is transferred.
FTP Clients

o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files
between you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser. This GUI
based FTP client makes the file transfer very easy and also does not require to
remember the FTP commands.

Advantages of FTP:

o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest
way to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get
the entire file.
o Security: To access the FTP server, we need to login with the username and
password. Therefore, we can say that FTP is more secure.
o Back & forth movement: FTP allows us to transfer the files back and forth. Suppose
you are a manager of the company, you send some information to all the employees,
and they all send information back on the same server.

Disadvantages of FTP:

o The standard requirement of the industry is that all the FTP transmissions should be
encrypted. However, not all the FTP providers are equal and not all the providers offer
encryption. So, we will have to look out for the FTP providers that provides
encryption.
o FTP serves two operations, i.e., to send and receive large files on a network. However,
the size limit of the file is 2GB that can be sent. It also doesn't allow you to run
simultaneous transfers to multiple receivers.
o Passwords and file contents are sent in clear text that allows unwanted
eavesdropping. So, it is quite possible that attackers can carry out the brute force
attack by trying to guess the FTP password.
o It is not compatible with every system.
Remote login(TELNET:TERMINAL NETWORK):
o The main task of the internet is to provide services to users. For example, users want
to run different application programs at the remote site and transfers a result to the
local site. This requires a client-server program such as FTP, SMTP. But this would not
allow us to create a specific program for each demand.
o The better solution is to provide a general client-server program that lets the user
access any application program on a remote computer. Therefore, a program that
allows a user to log on to a remote computer. A popular client-server program Telnet
is used to meet such demands. Telnet is an abbreviation for Terminal Network.
o Telnet provides a connection to the remote computer in such a way that a local
terminal appears to be at the remote side.

There are two types of login:

Local Login

o When a user logs into a local computer, then it is known as local

login.
 o When the workstation running terminal emulator, the keystrokes
entered by the user are accepted by the terminal driver. The
terminal driver then passes these characters to the operating
system which in turn, invokes the desired application program.
o However, the operating system has special meaning to special
characters. For example, in UNIX some combination of characters
have special meanings such as control character with "z" means
suspend. Such situations do not create any problem as the terminal
driver knows the meaning of such characters. But, it can cause the
problems in remote login.

Remote login

o When the user wants to access an application program on a remote computer,

then the user must perform remote login.

How remote login occurs

At the local site

The user sends the keystrokes to the terminal driver, the characters are then
sent to the TELNET client. The TELNET client which in turn, transforms the
characters to a universal character set known as network virtual terminal
characters and delivers them to the local TCP/IP stack
At the remote site

The commands in NVT forms are transmitted to the TCP/IP at the remote
machine. Here, the characters are delivered to the operating system and then
pass to the TELNET server. The TELNET server transforms the characters which
can be understandable by a remote computer. However, the characters cannot
be directly passed to the operating system as a remote operating system does
not receive the characters from the TELNET server. Therefore it requires some
piece of software that can accept the characters from the TELNET server. The
operating system then passes these characters to the appropriate application
program.

Network Virtual Terminal (NVT)

o The network virtual terminal is an interface that defines how data and
commands are sent across the network.
o In today's world, systems are heterogeneous. For example, the operating
system accepts a special combination of characters such as end-of-file token
running a DOS operating system ctrl+z while the token running a UNIX
operating system is ctrl+d.
o TELNET solves this issue by defining a universal interface known as network
virtual interface.
o The TELNET client translates the characters that come from the local terminal
into NVT form and then delivers them to the network. The Telnet server then
 translates the data from NVT form into a form which can be understandable
by a remote computer.

PART-2
Introduction to Cryptography: Definition, Goal, Applications,
Attacks, Encryption, decryption, public-key and private key Cryptography

Cryptography
Cryptography, a word with Greek origins, means "secret writing." However, we use the
term to refer to the science and art of transforming messages to make them secure and
immune to attacks.
Components:
1. Sender
Who sends the data.
2. Receiver
Who receives the data.
3. Plain Text
Plain text is a message or data which can understand by anyone.
4. Ciphertext
The ciphertext is a message or data that is not readable; it is accomplished by
performing the encryption algorithm on plain text using an encryption key.
5. Encryption Algorithm
It converts plain text into ciphertext using an encryption key. It takes two inputs, i.e,.
plain text and encryption key, to produce ciphertext.
6. Decryption Algorithm
It is the opposite process of an encryption algorithm; it converts cipher text into plain
text using the decryption key. It takes two inputs, i.e,. ciphertext and decryption key
to produce plain text.
SECURITY GOALS:

Three security goals: confidentiality, integrity, and availability

Confidentiality

Confidentiality is probably the most common aspect of information security. We need to protect our
confidential information. An organization needs to guard against those malicious actions that
endanger the confidentiality of its information. In the military, concealment of sensitive information
is a major concern. In industry, hiding some information from competitors is crucial to the operation
of the organization. In banking, customers’ accounts need to be kept secret.

Integrity

Information needs to be changed constantly. In a bank, when a customer deposits or withdraws

money, the balance of her account needs to be changed. Integrity means that changes need to be
done only by authorized entities and through authorized mechanisms. Integrity violation is not
necessarily the result of a malicious act; an interruption in the system, such as a power surge, may
also create unwanted changes in some information.

Availability

The third component of information security is availability. The information created and stored by an
organization needs to be available to authorized entities. Information is useless if it is not available.
Information needs to be constantly changed, which means it must be accessible to authorized
entities. The unavailability of information is just as harmful for an organization as the lack of
confidentiality or integrity. Imagine what would happen to a bank if the customers could not access
their accounts for transactions.

ATTACKS

Our three goals of security are confidentiality, integrity, and availability that can be threatened by
security attacks.

Although the literature uses different approaches to categorizing the attacks, we will first divide
them into three groups related to the security goals. Later, we will divide them into two broad
categories based on their effects on the system. Figure 1.2 shows the attacks on security

Attacks Threatening Confidentiality

In general, two types of attacks threaten the confidentiality of information: snooping and traffic
analysis.
Snooping
Snooping refers to unauthorized access to or interception of data. For example, a file transferred
through the Internet may contain confidential information. An unauthorized entity may intercept the
transmission and use the contents for her own benefit.
Traffic Analysis
Although the encipherment of data may make it unintelligible for the interceptor, she can obtain
some other type of information by monitoring online traffic. For example, she can find the electronic
address (such as the e-mail address) of the sender or the receiver. She can collect pairs of requests
and responses to help her guess the nature of the transaction.
Attacks Threatening Integrity
The integrity of data can be threatened by several kinds of attacks: modification, masquerading,
replaying, and repudiation.
Modification
After intercepting or accessing information, the attacker modifies the information to make it
beneficial to herself. For example, a customer sends a message to a bank to do some transaction. The
attacker intercepts the message and changes the type of transaction to benefit herself. Note that
sometimes the attacker simply deletes or delays the message to harm the system or to benefit from
it.
Masquerading
Masquerading, or spoofing, happens when the attacker impersonates somebody else. For example,
an attacker might steal the bank card and PIN of a bank customer and pretend that she is that
customer. Sometimes the attacker pretends instead to be the receiver entity. For example, a user
tries to contact a bank, but another site pretends that it is the bank and obtains some information
from the user.
Replaying
Replaying is another attack. The attacker obtains a copy of a message sent by a user and later tries
to replay it. For example, a person sends a request to her bank to ask for payment to the attacker,
who has done a job for her. The attacker intercepts the message and sends it again to receive
another payment from the bank.
Repudiation
This type of attack is different from others because it is performed by one of the two parties in the
communication: the sender or the receiver. The sender of the message might later deny that she has
sent the message; the receiver of the message might later deny that he has received the message.
An example of denial by the sender would be a bank customer asking her bank to send some money
to a third party but later denying that she has made such a request.

Attacks Threatening Availability

We mention only one attack threatening availability: denial of service.
Denial of Service Denial of service (DoS) is a very common attack. It may slow down or totally
interrupt the service of a system. The attacker can use several strategies to achieve this. She might
send so many bogus requests to a server that the server crashes because of the heavy load. The
attacker might intercept and delete a server’s response to a client, making the client to believe that
the server is not responding. The attacker may also intercept requests from the clients, causing the
clients to send requests many times and overload the system.
Passive Versus Active Attacks Let us now categorize the attacks into two groups: passive and active.
Table 1.1 shows the relationship between this and the previous categorization.

Passive Attacks
In a passive attack, the attacker’s goal is just to obtain information. This means that the attack does
not modify data or harm the system. The system continues with its normal operation. However, the
attack may harm the sender or the receiver of the message. Attacks that threaten confidentiality-
snooping and traffic analysis are passive attacks. The revealing of the information may harm the
sender or receiver of the message, but the system is not affected. For this reason, it is difficult to
detect this type of attack until the sender or receiver finds out about the leaking of confidential
information. Passive attacks, however, can be prevented by encipherment of the data.
Active Attacks
An active attack may change the data or harm the system. Attacks that threaten the integrity and
availability are active attacks. Active attacks are normally easier to detect than to prevent because an
attacker can launch them in a variety of ways.
Two Categories
We can divide all the cryptography algorithms (ciphers) into two groups: symmetric-key
(also called secret-key) cryptography algorithms and asymmetric (also called
public-key) cryptography algorithms.

Symmetric·Key Cryptography
In symmetric-key cryptography, the same key is used by both parties. The sender uses
this key and an encryption algorithm to encrypt data; the receiver uses the same key and
the corresponding decryption algorithm to decrypt the data.In symmetric·key cryptography, the
same key is used by the sender(for encryption) and the receiver (for decryption).The key is
shared.
Asymmetric-Key Cryptography
In asymmetric or public-key cryptography, there are two keys: a private key and a public
key. The private key is kept by the receiver. The public key is announced to the public.
In Figure 10.1.2, imagine Alice wants to send a message to Bob. Alice uses the public key
to encrypt the message. When the message is received by Bob, the private key is used to
decrypt the message.
Figure:
In public-key encryption/decryption, the public key that is used for encryption is
different from the private key that is used for decryption. The public key is available to
the public;' the private key is available only to an individual.

Example of RSA algorithm: RSA algorithm

RSA encryption algorithm:

RSA is the most common public-key algorithm, named after its inventors Rivest,
Shamir, and Adelman (RSA).

RSA algorithm uses the following procedure to generate public and private
keys:

o Select two large prime numbers, p and q.

o Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.
o Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such
that 1<e<φ(n), e is prime to φ(n), gcd (e,d(n)) =1
o If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
the public key <e, n>. To find ciphertext from the plain text following formula is used
to get ciphertext C.
C=me mod n

Here, m must be less than n. A larger message (>n) is treated as a concatenation of

messages, each of which is encrypted separately.
 o To determine the private key, we use the following formula to calculate the d such
that:
De mod{(p-1)x(q-1)}=1
Or
De mod φ (n) = 1
o The private key is <d, n>. A ciphertext message c is decrypted using private key <d,
n>. To calculate plain text m from the ciphertext c following formula is used to get
plain text m.
m = cd mod n

Some example of RSA encryption algorithm:

Example 1:
This example shows how we can encrypt plaintext 9 using the RSA public-key
encryption algorithm. This example uses prime numbers 7 and 11 to generate the
public and private keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.

First, we calculate

n=pxq

n = 7 x 11

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that
1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find
ciphertext from the plain text following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following
formula d such that:

De mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43

The private key is <d, n> = (43, 77)

Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate
plain text m from the ciphertext c following formula is used to get plain text m.

m = cd mod n

m = 3743 mod 77

m=9

In this example, Plain text = 9 and the ciphertext = 37

Example 2:
In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to
generate the public and private keys. If the public of A is 35. Then the private key of
A is ……………?.
Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p = 13

q = 17

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.

First, we calculate

n=pxq

n = 13 x 17

n = 221

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -

1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e"
such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (13 - 1) x (17 - 1)

φ (n) = 12 x 16

φ (n) = 192

g.c.d (35, 192) = 1

Step 3: To determine the private key, we use the following formula to calculate the d
such that:

Calculate d = de mod φ (n) = 1

d = d x 35 mod 192 = 1

d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]

Put k = 0
d = (1 + 0 x 192)/35

d = 1/35(note:value will be in points so don’t consider)

Put k = 1

d = (1 + 1 x 192)/35

d = 193/35(note:value will be in points so don’t consider)

Put k = 2

d = (1 + 2 x 192)/35

d = 385/35(note:This value will be consider)

d = 11

The private key is <d, n> = (11, 221)

Hence, private key i.e. d = 11

Example 3:
A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3
and the private key = 7. What is the value of cipher text for a plain text?

Explanation:

Step 1: In the first step, select two large prime numbers, p and q.

p=3

q = 13

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.

First, we calculate

n=pxq

n = 3 x 13

n = 39
Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is
encrypted using public key <e, n>. Thus the public key is <e, n> = (3, 39).

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 53 mod 39

C = 125 mod 39

C=8

Hence, the ciphertext generated from plain text, C = 8.

Example 4:
A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7.
What is the value of ciphertext for a plain text 5 using the RSA public-key encryption
algorithm?

Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p=3

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.

First, we calculate

n=pxq

n = 3 x 11

n = 33

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -

1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e"
such that 1< e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate
φ (n) = (p - 1) x (q-1)

φ (n) = (3 - 1) x (11 - 1)

φ (n) = 2 x 10

φ (n) = 20

Step 4: To determine the public key, we use the following formula to calculate the d
such that:

Calculate e x d = 1 mod φ (n)

e x 7 = 1 mod 20

e x 7 = 1 mod 20

e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3………………]

Put k = 0

e = (1 + 0 x 20) / 7

e = 1/7

Put k = 1

e = (1 + 1 x 20) / 7

e = 21/7

e=3

The public key is <e, n> = (3, 33)

Hence, public key i.e. e = 3

Example of symmetric key cryptography-DES

The Data Encryption Standard (DES) Algorithm

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits
only). General Structure of DES is depicted in the following illustration –

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

• Round function
• Key schedule
• Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES. The initial
and final permutations are shown as follows −
Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key
to the rightmost 32 bits to produce a 32-bit output.
• Expansion Permutation Box − Since right input is 32-bit and round key is a
48-bit, we first need to expand right input to 48 bits. Permutation logic is
graphically depicted in the following illustration −

• The graphically depicted permutation logic is generally described as table in

DES specification illustrated as shown −
• XOR (Whitener). − After the expansion permutation, DES does XOR
operation on the expanded right section and the round key. The
round key is used only in this operation.
• Substitution Boxes. − The S-boxes carry out the real mixing
(confusion). DES uses 8 S-boxes, each with a 6-bit input and a 4-bit
output. Refer the following illustration −

• The S-box rule is illustrated below −

 • There are a total of eight S-box tables. The output of all
eight s-boxes is then combined in to 32 bit section.
• Straight Permutation − The 32 bit output of S-boxes is then
subjected to the straight permutation with rule shown in the
following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of
key generation is depicted in the following illustration −
The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

DES Analysis

The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.

• Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
• Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key
selected are weak keys. These keys shall be avoided.

DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity
of a digital document, message or software. It's the digital equivalent of a handwritten
signature or stamped seal, but it offers far more inherent security. A digital signature is
intended to solve the problem of tampering and impersonation in digital communications.

Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions or digital messages. Signers can also use them to acknowledge informed consent.
In many countries, including the U.S., digital signatures are considered legally binding in the
same way as traditional handwritten document signatures.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm -- such as Rivest-Shamir-Adleman, or RSA --
two keys are generated, creating a mathematically linked pair of keys: one private and one
public.

Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. For encryption and decryption, the person who creates the digital
signature uses a private key to encrypt signature-related data. The only way to decrypt that
data is with the signer's public key.

If the recipient can't open the document with the signer's public key, that indicates there's a
problem with the document or the signature. This is how digital signatures are authenticated.

Digital certificates, also called public key certificates, are used to verify that the public key
belongs to the issuer. Digital certificates contain the public key, information about its owner,
expiration dates and the digital signature of the certificate's issuer. Digital certificates are
issued by trusted third-party certificate authorities (CAs), such as DocuSign or GlobalSign,
for example. The party sending the document and the person signing it must agree to use a
given CA.

Digital signature technology requires all parties trust that the person who creates the signature
image has kept the private key secret. If someone else has access to the private signing key,
that party could create fraudulent digital signatures in the name of the private key holder.
Benefits of digital signatures

Digital signatures offer the following benefits:

Security. Security capabilities are embedded in digital signatures to ensure a legal document
isn't altered and signatures are legitimate. Security features include asymmetric cryptography,
personal identification numbers (PINs), checksums and cyclic redundancy checks (CRCs), as
well as CA and trust service provider (TSP) validation.

Timestamping. This provides the date and time of a digital signature and is useful when
timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings.

Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. With digital signatures
becoming an international standard, more countries are accepting them as legally binding.

Time savings. Digital signatures simplify the time-consuming processes of physical

document signing, storage and exchange, enabling businesses to quickly access and sign
documents.

Cost savings. Organizations can go paperless and save money previously spent on the
physical resources, time, personnel and office space used to manage and transport documents.

Positive environmental effects. Reducing paper use also cuts down on the physical waste
generated by paper and the negative environmental impact of transporting paper documents.

Traceability. Digital signatures create an audit trail that makes internal record-keeping easier
for businesses. With everything recorded and stored digitally, there are fewer opportunities
for a manual signee or record-keeper to make a mistake or misplace something.

APPLICATIONS OF CRYPTOGRAPHY

• Authentication/Digital Signatures. Authentication and digital signatures are a

very important application of public-key cryptography.
• Time Stamping.
• Electronic Money.
• Secure Network Communications.
• Anonymous Remailers.
• Disk Encryption.