CRYPTOGRAPHY AND NETWORK

SECURITY

Dr. Latha M
Dr. B. Dwarakanath
Dr. P. Santhosh Kumar
Dr. K. Danesh
© Copyright, 2023, Author

PUBLISHED BY STRING PRODUCTION

All rights reserved. No part of this book may be reproduced, stored in a

retrieval system, or transmitted, in any form by any means, electronic,
mechanical, magnetic, optical, chemical, manual, photocopying, recording or
otherwise, without the prior written consent of its writer.

ISBN: 978-93-5749-920-0

Price: Rs.549.00

The opinions/ contents expressed in this book are solely of the author and do
not represent the opinions/ standings/ thoughts of Publisher.

Printed in India

2
 AUTHORS BIOGRAPHY

Author-1

Dr. Latha. M (M.E, Ph. D.)

Name: Dr. Latha. M

Designation: Assistant Professor (Faculty of Engineering and
Technology)
Department: Department of Information Technology
Institute: SRM Institute of Science and Technology, Ramapuram
Campus, Chennai 600089
Email: lathasrec@[Link] or latham@[Link]
Scopus Id: 57195967648
Orcid Id: 0000-0001-6730-3194

Dr. Latha M completed her Bachelor of Engineering in Computer Science and

Engineering from Sri Ramakrishna Engineering College, Coimbatore (Affiliated to Anna
University, Chennai) in 2009. She had completed her Master of Engineering (Rank Holder)
in Software Engineering from Ann University, Coimbatore in 2011 and Ph.D. Computer
Science and Engineering from Vels institute of Science, Technology & Advanced Studies,
Chennai in 2020. Currently she is working as an Assistant Professor in the Department of
Information Technology (School of Computing), SRMIST, Ramapuram. She has over 11 years
of full time and 2 years of part time teaching experience in reputed engineering colleges in
Coimbatore and Chennai. She has published 16 and communicated 4 technical papers in
reputed International Journals indexed in Scopus, Springer, WOS and ESCI and have
published 3 patents. Her main areas of interest include Medical Imaging, Data Science, IOT,
Image Processing and Software Engineering.

3
 Author-2

Dr. B. Dwarakanath ([Link]., Ph.D.)

Name: Dr. B. Dwarakanath ([Link]., Ph.D.)

Designation: Assistant Professor (Faculty of Engineering and
Technology)
Department: Department of Information Technology
Institute: SRM Institute of Science and Technology, Ramapuram
Campus, Chennai 600089
Email: dwarakanath2004@[Link] or dwarakab@[Link]
City: Chennai
State: Tamil Nadu

Dr. B. Dwarakanath [Link]., PhD is Assistant Professor in the Department of Information

Technology at SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu.
He has completed his Ph.D., in Machine Learning - Information Technology in 2019 from
Hindustan Institute of Technology and Science, Chennai, Tamil Nadu. He has done his M.
Tech, CSE from Vellore Institute of Technology, Vellore in the year 2004. Dr. B. Dwarakanath
has 20 years of teaching experience and has 30 publications in International Journals and
Conferences. His research interests include Machine Learning, Image Processing, and
Network Programming. He is an active member of ACM, IET, ISTE, CSI, and IEANG.

4
 Author-3

Dr. P. Santhosh Kumar (M.E., Ph.D.)

Name: Dr. P. Santhosh Kumar (M.E., Ph.D.)

Designation: Assistant Professor (Faculty of Engineering and
Technology)
Department: Department of Information Technology
Institute: SRM Institute of Science and Technology, Ramapuram
Campus, Chennai 600089
Email: [Link]@[Link] , santhosp3@[Link]
City: Chennai
State: Tamil Nadu

Dr. P. SANTHOSH KUMAR is currently associated with SRM Institute of Science and
Technology, Ramapuram, Chennai as an Assistant Professor in the Department of IT. He
completed is B.E and M.E in Computer Science and Engineering from Anna University,
Chennai. He received his Doctorate in Sathyabama Institute of Science and Technology,
Chennai under the domain Cloud Computing. He has Teaching and Research Experience of
more than 11 years and worked as an Assistant Professor in the Department of Computer
Science and Engineering at various Engineering Colleges since June 2008 to till date. He has
published more than 10 papers in international journals, three IEEE Conference, ten in
International Conference and eight National conferences. He is holding 4 International and 2
National patents as well. Moreover, he is a member of IAENG, ISTE and ACM Professional
Society Bodies. His area of research interest is Cloud Computing, Software Engineering,
Network Security, Artificial Intelligence, Internet of Things, Machine Learning and Data
Mining.

5
 Author-4

Dr. K. Danesh ([Link]., Ph.D.)

Name: Dr. K. Danesh ([Link]., Ph.D.)

Designation: Assistant Professor
Department: Department of Electronics and Communication
Engineering
Institute: SRM Institute of Science and Technology, Ramapuram
Campus, Chennai 600089
Email: danesh.kn1@[Link]
Orcid Id: 0000-0002-4718-3380
City: Chennai
State: Tamil Nadu

K. Danesh completed his Bachelor of Engineering in Electronics and Instrumentation

Engineering from Thiruvalluvar college of Engineering and Technology, Vandavasi
(Affiliated to Madras University, Chennai) in 2003. He had completed his Master of
Technology in Applied Electronics from Dr. MGR Educational and Research Institute, Chennai
in 2005 and Pursuing Ph. D. in Wireless Communication from Anna University, Chennai.
Currently he is working as Assistant Professor in the Department of Electronics and
Communication Engineering, SRMIST, Ramapuram. He has over 10 years of teaching
experience in reputed Engineering Colleges in Chennai. He has published technical papers in
reputed International Journals indexed in Scopus and SCI. His main areas of interest include
Cognitive Radio Networks, Digital Signal Processing, Artificial Intelligence, and Wireless
Sensor Networks.

6
 CRYPTOGRAPHY
AND
NETWORK SECURITY

7
 Table of Contents

Chapter 1: Computer Security Concepts....................................................................................... 10

Computer security threats.......................................................................................................... 13

Computer Security Practices ..................................................................................................... 15

Types of computer security ....................................................................................................... 16

Steps to ensure computer security ............................................................................................. 19

The Seven Layers of Cybersecurity .......................................................................................... 21

Chapter 2: Symmetric Ciphers ...................................................................................................... 50

Requirements for Encryption .................................................................................................... 54

Types of Symmetric Encryption ............................................................................................... 63

Chapter 3: Asymmetric Ciphers.................................................................................................... 89

Uses of asymmetric cryptography ............................................................................................. 91

Integrated Encryption Schemes Integrated Encryption Schemes ........................................... 100

Digital Signatures .................................................................................................................... 103

Key Exchange Algorithms ...................................................................................................... 104

Chapter 4: Cryptographic Data Integrity Algorithms ................................................................. 106

Simple for Developers ............................................................................................................. 108

Layered Architecture ............................................................................................................... 109

Cryptographic Agility ............................................................................................................. 109

Extensibility ............................................................................................................................ 110

Syntax Agnostic Proofs ........................................................................................................... 110

Conformance ........................................................................................................................... 110

Decentralized identifier (DID) ................................................................................................ 114

Chapter 5: Mutual Trust .............................................................................................................. 144

8
 Certificate authorities in mTLS ............................................................................................... 155

The mutual authentication process involves the following certificates .................................. 158

Chapter 6: Public-Key Encryption and Hash Functions ............................................................. 173

Asymmetric Key Algorithms .................................................................................................. 174

Cryptographic Hash Functions ................................................................................................ 175

Key Stretching ......................................................................................................................... 176

Authenticated Encryption ........................................................................................................ 177

Chapter 7: Network Security Applications ................................................................................. 199

Necessity to learn Network Security ....................................................................................... 199

Applications of Network Security ........................................................................................... 200

Target Audience ...................................................................................................................... 201

Chapter 8: Network and Internet Security .................................................................................. 225

Types of internet security threats ............................................................................................ 226

Internet security solutions ....................................................................................................... 229

Denial-of-service attacks ......................................................................................................... 231

9
 Chapter 1: Computer Security Concepts

Computer security is the protection of computer systems and information from harm, theft, and
unauthorized use. It is the process of preventing and detecting unauthorized use of your computer
system.

Figure 1: Computer Security

One way to ascertain the similarities and differences among Computer Security is by asking what
is being secure. For example,

Information security is securing information from unauthorized access, modification & deletion.

Application Security is securing an application by building security features to prevent from Cyber
Threats such as SQL injection, DoS attacks, data breaches and etc.

Computer Security means securing a standalone machine by keeping it updated and patched.

Network Security is by securing both the software and hardware technologies.

10
Cybersecurity is defined as protecting computer systems, which communicate over the computer
networks.

It’s important to understand the distinction between these words, though there isn’t necessarily a
clear consensus on the meanings and the degree to which they overlap or are interchangeable.

To become a trusted cybersecurity professional, enroll now in the CISSP Certification and get
certified.

So, Computer security can be defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems. Let’s elaborate the definition.

Figure 2: Types of attack

Components of computer system

The components of a computer system that needs to be protected are:

Hardware, the physical part of the computer, like the system memory and disk drive

11
Firmware, permanent software that is etched into a hardware device’s nonvolatile memory and is
mostly invisible to the user.

Software, the programming that offers services, like operating system, word processor, internet
browser to the user.

Figure 3: Mobile devices & web security

The CIA Triad

Computer security is mainly concerned with three main areas:

CIA triad - Computer Security - Edureka

In simple language, computer security is making sure information and computer components are
usable but still protected from people or software that should not access it or modify it.

Go through our new Ethical Hacking Training Course to explore more about ethical hacking. This
course will teach you the most current hacking techniques, tools and methods that hackers use.

Now moving forward with this ‘What is Computer Security?” article let’s look at the most common
security threats.

12
 Figure 4: CIA triad

Computer security threats

Computer security threats are possible dangers that can possibly hamper the normal functioning
of your computer. In the present age, cyber threats are constantly increasing, as the world is going
digital. The most harmful types of computer security are:

Figure 5: Computer security threats

13
Viruses

Virus - What is Computer Security? - eureka computer virus is a malicious program which is
loaded into the user’s computer without user’s knowledge. It replicates itself and infects the files
and programs on the user’s PC. The ultimate goal of a virus is to ensure that the victim’s computer
will never be able to operate properly or even at all.

Figure 6: Viruses

Computer Worm

worm - What is Computer Security? – Edureka A computer worm is a software program that can
copy itself from one computer to another, without human interaction. The potential risk here is
that it will use up your computer hard disk space because a worm can replicate in great volume
and with great speed.

Why is Computer Security Important?

In this digital era, we all want to keep our computers and our personal information secure and
hence computer security is important to keep our personal information protected. It is also

14
important to maintain our computer security and its overall health by preventing viruses and
malware which would impact on the system performance.

Computer Security Practices

Computer security threats are becoming relentlessly inventive these days. There is much need for
one to arm oneself with information and resources to safeguard against these complex and growing
computer security threats and stay safe online. Some preventive steps you can take include:

Secure your computer physically by:

Installing reliable, reputable security and anti-virus software

Activating your firewall, because a firewall acts as a security guard between the internet and your
local area network.

Stay up to date on the latest software and news surrounding your devices and perform software
updates as soon as they become available.

Avoid clicking on email attachments unless you know the source.

Change passwords regularly, using a unique combination of numbers, letters and case types.

Use the internet with caution and ignore pop-ups, drive-by downloads while surfing.

Taking the time to research the basic aspects of computer security and educate yourself on evolving
cyber-threats.

Perform daily full system scans and create a periodic system backup schedule to ensure your data
is retrievable should something happen to your computer.

Apart from these, there are many ways you can protect your computer system. Aspects such as
encryption and computer cleaners can assist in protecting your computers and its files.

15
Unfortunately, the number of cyber threats is increasing at a rapid pace and more sophisticated
attacks are emerging. So, having a good foundation in cybersecurity concepts will allow you to
protect your computer against ever-evolving cyber threats.

If you wish to learn cybersecurity and build a colourful career in cybersecurity, then check out our
Cyber Security Certification Course which comes with instructor-led live training and real-life
project experience. This training will help you understand cybersecurity in depth and help you
achieve mastery over the subject.

Computer security refers to protecting and securing computers and their related data, networks,
software, hardware from unauthorized access, misuse, theft, information loss, and other security
issues. The Internet has made our lives easier and has provided us with lots of advantages, but it
has also put our system’s security at risk of being infected by a virus, of being hacked, information
theft, damage to the system, and much more.

Technology is growing day by day and the entire world is in its grasp. We cannot imagine even a
day without electronic devices around us. With the use of this growing technology, invaders,
hackers and thieves are trying to harm our computer’s security for monetary gains, recognition
purposes, ransom demands, bullying others, invading into other businesses, organizations, etc. In
order to protect our system from all these risks, computer security is important.

Types of computer security

Computer security can be classified into four types:

1. Cyber Security: Cyber security means securing our computers, electronic devices, networks,
programs, systems from cyber-attacks. Cyber-attacks are those attacks that happen when our
system is connected to the Internet.

2. Information Security: Information security means protecting our system’s information from
theft, illegal use and piracy from unauthorized use. Information security has mainly three
objectives: confidentiality, integrity, and availability of information.

16
3. Application Security: Application security means securing our applications and data so that
they don’t get hacked and also the databases of the applications remain safe and private to the
owner itself so that user’s data remains confidential.

4. Network Security: Network security means securing a network and protecting the user’s
information about who is connected through that network. Over the network hackers steal, the
packets of data through sniffing and spoofing attacks, man in the middle attack, war driving, etc,
and misuse the data for their benefits.

Types of cyber attack

1. Denial of service attack or DOS: A denial of service attack is a kind of cyber-attack in which
the attackers disrupt the services of the particular network by sending infinite requests and
temporary or permanently making the network or machine resources unavailable to the intended
audience.

2. Backdoor: In a backdoor attack, malware, trojan horse or virus gets installed in our system and
start affecting its security along with the main file. Consider an example: suppose you are installing
free software from a certain website on the Internet. Now, unknowingly, along with this software,
a malicious file also gets installed, and as soon as you execute the installed software that file’s
malware gets affected and starts affecting your computer security. This is known as a backdoor.

[Link]: Eavesdropping refers to secretly listening to someone’s talk without their

permission or knowledge. Attackers try to steal, manipulate, modify, hack information or systems
by passively listening to network communication, knowing passwords etc. A physical example
would be, suppose if you are talking to another person of your organization and if a third person
listens to your private talks, then he/ she is said to eavesdrop on your conversation. Similarly, your

17
conversation on the internet maybe eavesdropped by attackers listening to your private
conversation by connecting to your network if it is insecure.

4. Phishing: Phishing is pronounced as “fishing” and working functioning is also similar. While
fishing, we catch fish by luring them with bait. Similarly, in phishing, a user is tricked by the
attacker who gains the trust of the user or acts as if he is a genuine person and then steals the
information by ditching. Not only attackers but some certain websites that seem to be genuine, but
actually they are fraud sites. These sites trick the users, and they end up giving their personal
information such as login details or bank details or card number etc. Phishing is of many types:
Voice phishing, text phishing etc.

5. Spoofing: Spoofing is the act of masquerading as a valid entity through falsification of data
(such as an IP address or username), in order to gain access to information or resources that one is
otherwise unauthorized to obtain. Spoofing is of several types- email spoofing, IP address
spoofing, MAC spoofing, biometric spoofing etc.

6. Malware: Malware is made up of two terms: Malicious + Software = Malware. Malware

intrudes into the system and is designed to damage our computers. Different types of malwares are
adware, spyware, ransomware, Trojan horse, etc.

7. Social engineering: Social engineering attack involves manipulating users psychologically and
extracting confidential or sensitive data from them by gaining their trust. The attacker generally
exploits the trust of people or users by relying on their cognitive basis.

18
8. Polymorphic Attacks: Poly means “many” and morph means “form”, polymorphic attacks are
those in which attacker adopts multiple forms and changes them so that they are not recognized
easily. These kinds of attacks are difficult to detect due to their changing forms.

Figure 7: Types of cyber attacks

Steps to ensure computer security.

In order to protect our system from the above-mentioned attacks, users should take certain steps
to ensure system security:

1. Always keep your Operating System up to date. Keeping it up to date reduces the risk of their
getting attacked by malware, viruses, etc.

2. Always use a secure network connection. One should always connect to a secure network. Public
wi-fi’s and unsecured networks should be avoided as they are at risk of being attacked by the
attacker.

3. Always install an Antivirus and keep it up to date. An antivirus is software that scans your PC
against viruses and isolates the infected file from other system files so that they don’t get affected.
Also, we should try to go for paid anti-viruses as they are more secure.

19
4. Enable firewall. A firewall is a system designed to prevent unauthorized access to/from a
computer or even to a private network of computers. A firewall can be either in hardware, software
or a combination of both.

5. Use strong passwords. Always make strong passwords and different passwords for all social
media accounts so that they cannot be key logged, brute forced or detected easily using dictionary
attacks. A strong password is one that has 16 characters which are a combination of upper case
and lower-case alphabets, numbers and special characters. Also, keep changing your passwords
regularly.

6. Don’t trust someone easily. You never know someone’s intention, so don’t trust someone easily
and end up giving your personal information to them. You don’t know how they are going to use
your information.

7. Keep your personal information hidden. Don’t post all your personal information on social
media. You never know who is spying on you. As in the real world, we try to avoid talking to
strangers and sharing anything with them. Similarly, social media also have people whom you
don’t know and if you share all your information on it you may end up troubling yourself.

8. Don’t download attachments that come along with e-mails unless and until you know that e-
mail is from a genuine source. Mostly, these attachments contain malware which, upon execution
infect or harms your system.

9. Don’t purchase things online from anywhere. Make sure whenever you are shopping online you
are doing so from a well-known website. There are multiple fraud websites that may steal your
card information as soon as you checkout and you may get bankrupt by them.

10. Learn about computer security and ethics. You should be well aware of the safe computing
and ethics of the computing world. Gaining appropriate knowledge is always helpful in reducing
cyber-crime.

11. If you are attacked, immediately inform the cyber cell so that they may take appropriate action
and also protect others from getting attacked by the same person. Don’t hesitate to complain just
because you think people may make your fun.

20
12. Don’t use pirated content. Often, people try to download pirated movies, videos or web series
in order to get them for free. These pirated contents are at major risk of being infected with viruses,
worms, or malware, and when you download them, you end up compromising your system
security.

Figure 8: Steps to ensure computer security.

The Seven Layers of Cybersecurity

1. Mission-Critical Assets

This is data that is critical to protect. Whether businesses would like to admit it or not, they face
malicious forces daily. The question is how are leaders dealing with this type of protection? And
what measures have they put in place to guard against breaches?

21
An example of mission-critical assets in the Healthcare industry is Electronic Medical Record
(EMR) software. In the financial sector, its customer’s financial records.

2. Data Security

Data security is when there are security controls put in place to protect both the transfer and the
storage of data. There has to be a backup security measure in place to prevent the loss of data, This
will also require the use of encryption and archiving.

Data security is an important focus for all businesses as a breach of data can have dire
consequences.

3. Endpoint Security

This layer of security makes sure that the endpoints of user devices are not exploited by breaches.
This includes the protection of mobile devices, desktops, and laptops.

Endpoint security systems enable protection either on a network or in the cloud depending on the
needs of a business.

4. Application Security

This involves the security features that control access to an application and that application’s
access to your assets. It also includes the internal security of the app itself.

Most of the time, applications are designed with security measures that continue to provide
protection when the app is in use.

5. Network Security

22
This is where security controls are put in place to protect the business’s network. The goal is to
prevent unauthorized access to the network.

It is crucial to regularly update all systems on the business network with the necessary security
patches, including encryption. It’s always best to disable unused interfaces to further guard against
any threats.

6. Perimeter Security

This security layer ensures that both the physical and digital security methods protect a business
as a whole. It includes things like firewalls that protect the business network against external
forces.

7. The Human Layer

Despite being known as the weakest link in the security chain, the human layer is a very necessary
layer. It incorporates management controls and phishing simulations as an example.

Figure 9: The Seven Layers of Cybersecurity

23
These human management controls aim to protect that which is most critical to a business in terms
of security. This includes the very real threat that humans, cyber attackers, and malicious users
pose to a business.

How To Build A Layered Cybersecurity Approach

Building a layered cybersecurity approach is a gradual and daily process. To start, you need to take
stock of your inventory to ascertain the number of devices used, systems as well as firewalls. Then,
you can add security where necessary in the different layers.

Yes, the world of work has changed and so has the opportunity for attackers to get their hands on
sensitive data.

To protect your business, do regular tests to ensure that your security controls are effective and,
most of all, that they work properly.

If you need new security solutions, it’s best to conduct a security analysis to find out what you
actually need. Find out whether there are quick wins through which you can achieve compliance
with industry regulations.

Building a layered cybersecurity approach will require a strategy to be effective. The reality is that
businesses need to be prepared for an attack, meaning you constantly need to test your security
measures and adjust where necessary.

In A Nutshell

As a business, you need to have backups and a solid incident response plan that relies on
technology, people, and processes to make sure that a layered approach works as best as it possibly
can.

The company culture needs to be one that takes security seriously. You need to ensure that you
and your staff are knowledgeable about the reality of cyberattacks and the importance of protecting

24
data. The best way to approach cybersecurity is to be proactive instead of reactive when threats or
breaches take place.

MicroAge can help develop a cybersecurity strategy that is right for you.

Contact your local MicroAge today.

The internet has become an inseparable part of our lives and it has transformed the way we live
positively. But as technology is increasing at a very high pace, it is also bringing along various
computer security threats with it. To understand what computer security is and how it affects our
lives, you need to keep reading the article so that you can understand the concept and threats
prevailing in this regard.

You cannot avoid the existence of security threats but can sure be aware and stay alert. Various
cyber security standards have been developed to protect the information and data of the people and
it also provides certain measures through which people can seek redressal when they have been
attacked by any sort of cyber security threat. If you wish to become a cyber security professional,
start by enrolling yourself in IT Security classes and gain insights about how cyber security works.

What is Computer Security in Cyber Security?

Computer security is also known as cyber security. It is an operational system that is set up for
computers so that it can protect the data and information that is stored in the particular system.
Computer security means the protection system that is installed in the computer systems so that it
can protect the important data and information that is stored in the computer from unauthorized
access, misuse of information and data, and information and data theft. Computer security in cyber
security protects various applications and systems from other malicious activities.

The definition of computer security somewhat goes like this: Computer security or cyber security
is a system that protects critical information and data that are stored in a computer system from
unauthorized use, harm, theft, misuse, etc.

25
These are generally used for preventing computer software because the computer hardware is
already protected in some sort of locker or safe place. so the computer software is vulnerable and
needs protection which these computer security systems offer. These complex security tactics and
practices are hard to break and prevent hackers from getting their hands on critical information.
These systems are developed for preventing the vulnerable and critical information and data that
if exposed, will cause huge losses to a single entity or a company as a whole.

Figure 10: Computer Security in Cyber Security

Importance of Computer Security

You may have come across questions like 'what is computer security, explain' or 'what is the
importance of computer security?' Computer security is important because it makes sure that your
information and data are safe. It may be related to your business, health, or personal information.
Computer security provides the features of availability, integrity, and confidentiality for the
computer system. The following are the reasons why computer security is considered important:

1. To Protect Personal Information

To prevent yourself from cyber threats, make sure that you protect your personal information and
data. The issue with Information Technology is a big one that is still prevailing which is
responsible for protecting your personal information and critical data.

26
You must keep your information and data safe, and you can do that by implementing the below-
mentioned steps:

Implement an anti-virus software.

Update the operating system of your computer regularly.

Apply smart password and other locks.

Always take a backup of your critical data information.

Use computer locks for safety.

Do not fall for the traps of phishing emails.

2. To Protect Company Properties

A company involves a lot of sensitive information and assets. It is very important to protect the
organization's important information and sensitive data so that it can prevent itself from any
unauthorized access or misuse. So, a company does not compromise the security of its computer
system because if the information gets out then the company has to incur huge losses. Installing a
security system in the computers ensures IT protection which indeed helps the companies to
protect their sensitive data and information.

3. To Prevent Data Theft

Data help means stealing any critical and sensitive information such as account passwords, bank
account details, health-related information, personal information, important documents that are
stored in the computer systems and its servers, and so on.

Data theft can happen for multiple reasons that can be stated as follows:

Stolen and weak credentials.

Errors caused by humans.

27
Presence of any malicious insiders.

Some application vulnerabilities.

To protect your system from Data theft you have to make sure that your system is equipped with
endpoint security, use relevant authentication, identify sensitive data and log down your computer
system.

4. To Prevent Malware and Viruses

Computer viruses and malware can be very annoying at times and computer security can help you
to prevent your system from these unwanted visitors. A computer virus or malware can delete your
important data and corrupt the sensitive information that is stored in your computer system. It can
also harm your hard disk as it can spread from one computer to another with the help of email
programming.

So you must protect your computer system from computer viruses and malware. You can do so
why following these simple steps:

Keep your software updated.

Use paid and good professional software for antivirus.

Apply a strong password to your computer system.

Do not click irrelevant links on your system.

Always back up your sensitive computer data.

Only go through trusted and authorized security websites.

5. To Protect from Unauthorized Access

By installing computer security in your system, you will be able to understand who is trying to get
unauthorized access to your system. You can prevent your computer system from being authorized

28
to access it by implementing computer security. It prevents hackers from getting access to your
computer system and controls your critical information. To stop hackers from humming your
sensitive data, you need to install a security system.

Now you know how to explain computer security and what its importance is.

Computer Security Threats, Issues, Vulnerabilities

Threats to computer security are the potential rests that can cause dysfunction Ing of your computer
system and can harm the sensitive information and data that are stored in your computer. As
technology is ever-increasing, Cybercrimes are also increasing with the number of hackers pacing
in the market.

1. Viruses

A computer virus is a program that can cause a malfunction in your computer system, and it is
installed without the permission or knowledge of the user. A computer virus can replicate itself
and multiply so that it can affect all the files and documents in the computer system. It can very
well corrupt your sensitive information as well. These viruses can cause severe harm to the
computer system of the user and can also make it unusable.

2. Computer Worm

A computer worm also has a similar process of replicating itself just like a computer virus. It does
not need human interaction for replicating from one computer system to another. A computer
worm can corrupt the files in your computer system and can use all the storage space in your hard
disc by continuously replicating itself. It also slows down the speed of the computer system and
can create malfunctioning for the computer resources.

A computer worm also possesses the extra feature of modifying or deleting the existing files and
documents in your computer system. it can give access to other malicious activities in your system.
It is capable of stealing information so that it can provide access to hackers to get into your system
without your knowledge.

3. Phishing

29
Phishing is a cyber-crime that mainly exists in the form of a text message, e-mail,
telecommunication, or any other form of communication to the user for that matter. It is an attempt
by hackers to gain personal information about the users by showing their false legitimacy. They
try to see personal information such as account passwords, OTP, bank details, etc. through which
they can trick the user and make them a victim of a phishing attack.

4. Botnet

The presence and functioning of a Botnet are also similar to that of a computer virus in a way that
the hackers install it in the computer system of the user without their knowledge. It can replicate
itself and transfer from one computer system to another and the affected computers are called
'zombie computers. The zombie computers are not safe for storing any sensitive information on
data because that can anyway be corrupted or completely deleted. The infected computer, which
has turned out to be a Botnet now, performs malicious activities with unauthorized access at a
large scale like DDoS.

5. Rootkit

A Rootkit is a software that is designed to gain unauthorized access to someone else's computer
system without their permission. It can gain access to restricted areas and can also mask its
presence and the user will not know about its existence. Generally, hackers use rootkits for
changing the system configurations so that they can easily execute and go through the files on the
remote computer.

6. Keylogger

A keylogger is also a software that is designed especially for monitoring, tracking, and recording
all keyboard strokes that he does without being aware of the fact that the system has been
corrupted. A keylogger is also called a keystroke logger and hackers to steal the login credentials
of the user generally use it.

30
 Figure 11: Computer Security Threats, Issues, Vulnerabilities

Types of Computer Security

You may often think 'what is computer security and its types?' Here are some of the major types
of computer security practices and tactics that are followed by users and organizations to protect
their sensitive data, Software, and hardware. The different types of computer security are very
important to protect the data stored in electronic systems and networks.

1. Application Security

When security features are introduced in the primary stage of the development process, that is one
it's known as application security. It is very well capable of protecting your computer system from
cyber security threats such as unauthorized access and data breaches. Furthermore, it can also help
your computer system to fight against SQL breaches and denial of service attacks.

Some of the major application tools techniques are used for installing the application security
feature, such as software encryption, antivirus, firewall, etc. and these help your system to build a
wall against cyber-attacks.

31
2. Information Security

Information security is a type of cyber security that specially focuses on the methodology and
techniques that are built for ensuring computer security. Information security, as a Process was
developed to protect the availability, integrity, and confidentiality of computer systems from Data
thefts, unauthorized access, harm, and destruction.

Information security is commonly known as the CIA triad and this model is used for protecting
the integrity, availability, and confidentiality of organizational data so that productivity is
maintained.

3. Network Security

Network security as the name suggests is another type of computer security that protects your
computer system from authorized intrusions and access to your computer networks. It is similar to
information security in a way that it also protects the integrity, availability, and confidentiality of
your computer networks. Network security is designed in a way with a lot of configurations that it
performs to its best abilities. it includes the safety of both Software and hardware.

There are various network security methods and components that help computer networks to be
safe and secure. These are stated as follows:

Application security

Anti-virus software

Behavioural analysis

Firewall

Email security

Web security

Wireless security

32
Network access control

Network segmentation

Virtual private network

4. Endpoint Security

Any error that is committed by a human can be easily exploited by hackers or cyber criminals. End
users are facing a huge security risk in any organization. End users become the victims of
Cybercrimes because of their lack of knowledge about IT protection and policies. Because they
lack awareness, they can unknowingly give access to their computer systems to Cyber criminals.

So, it is important to understand the comprehensive security policies and procedures so that you
do not fall into the trap of cyber criminals and always stay alert. Awareness training programs
should be arranged for enhancing their knowledge about computer security and its threats.

5. Internet Security

Internet security is the most recent type of computer security that has reached a boom period in
recent times. It is a method for creating a perfect set of rules and actions to prevent any
unauthorized use or harm to computer systems that are directly connected to the internet.

It is the newest branch of computer security that specifically deals with the risks and threats that
comes with the internet which is enumerated as follows:

Hacking

33
 Figure 12: Hacking

Computer viruses

Figure 13: Computer viruses

Malware

34
 Figure 14: malware types

Denial of service attacks

As you can see computer security protects the hardware and software of a computer system. If you
want to know more about computer security in detail and become a cyber security professional,
then take the best Ethical Hacking course online and know all about cyber security threats and
protection measures.

Steps to Ensure Computer Security

Whether you use your computer for your personal work or your professional job, make sure it is
free from security threats. A broad range of threats is considered when it comes to computer
security. As an active user, it is your responsibility that you take essential measures for ensuring
the security of your computer system.

35
Here are some of the easy steps by which you can ensure the security of your computer system:

Always keep your computer system and software updated to its latest version.

If you are suspicious about having any malfunction in your system, then do check it thoroughly.

Install a protective firewall in your computer system.

Adjust your browser settings and remove the risks of malware.

Install good antivirus software in your system.

Set a password and protection lock to secure your device.

Make sure that you encrypt your data so that any man cannot get the hang of the information.

Use a VPN for additional production of your device.

Do not click emails or links sent to you by unknown members.

Ignore the pop-ups and do not click on them.

Perform regular system backups and scans.

36
 Figure 15: security of computer system

New defences to security threats are always in demand as cyber-crimes and computer security
threats are ever-increasing. New methods to combat these security threats are always welcome. It
is important to understand how to check whether your computer is maliciously affected and how
to deal with it. Knowledge Hut Cyber Security classes online will teach you everything you should
know about computer security and the new age threats. Make your own computer system security
and guard the security threats on your machine.

Profile

37
 Figure 16: Profile

What is Computer Security?

Disguising as a trustworthy person or business, phishers attempt to steal sensitive financial or

personal information through fraudulent email or instant messages. Phishing in unfortunately very
easy to execute. You are deluded into thinking it’s the legitimate mail and you may enter your
personal information.

There are various types of computer security which is widely used to protect the valuable
information of an organization.

Cyber security refers to every aspect of protecting an organization and its employees and assets
against cyber threats. As cyber-attacks become more common and sophisticated and corporate
networks grow more complex, a variety of cyber security solutions are required to mitigate
corporate cyber risk.

The Different Types of Cybersecurity

Cyber security is a wide field covering several disciplines. It can be divided into seven main pillars:

1. Network Security

38
Most attacks occur over the network, and network security solutions are designed to identify and
block these attacks. These solutions include data and access controls such as Data Loss Prevention
(DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-
Generation Firewall) application controls to enforce safe web use policies.

Figure 17: Network Security

Advanced and multi-layered network threat prevention technologies include IPS (Intrusion
Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and
Reconstruction). Also important are network analytics, threat hunting, and automated SOAR
(Security Orchestration and Response) technologies.

2. Cloud Security

As organizations increasingly adopt cloud computing, securing the cloud becomes a major priority.
A cloud security strategy includes cyber security solutions, controls, policies, and services that
help to protect an organization’s entire cloud deployment (applications, data, infrastructure, etc.)
against attack.

39
While many cloud providers offer security solutions, these are often inadequate to the task of
achieving enterprise-grade security in the cloud. Supplementary third-party solutions are necessary
to protect against data breaches and targeted attacks in cloud environments.

Figure 18: Cloud Security

3. Endpoint Security

The zero-trust security model prescribes creating micro-segments around data wherever it may be.
One way to do that with a mobile workforce is using endpoint security. With endpoint security,
companies can secure end-user devices such as desktops and laptops with data and network
security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and
technologies that provide forensics such as endpoint detection and response (EDR) solutions.

40
 Figure 19: Endpoint Security

4. Mobile Security

Often overlooked, mobile devices such as tablets and smart phones have access to corporate data,
exposing businesses to threats from malicious apps, zero-day, phishing, and IM (Instant
Messaging) attacks. Mobile security prevents these attacks and secures the operating systems and
devices from rooting and jail breaking. When included with an MDM (Mobile Device
Management) solution, this enables enterprises to ensure only compliant mobile devices have
access to corporate assets.

41
 Figure 20: Mobile Security

5. IoT Security

While using Internet of Things (IoT) devices certainly delivers productivity benefits, it also
exposes organizations to new cyber threats. Threat actors seek out vulnerable devices inadvertently
connected to the Internet for nefarious uses such as a pathway into a corporate network or for
another bot in a global bot network.

IoT security protects these devices with discovery and classification of the connected devices,
auto-segmentation to control network activities, and using IPS as a virtual patch to prevent exploits
against vulnerable IoT devices. In some cases, the firmware of the device can also be augmented
with small agents to prevent exploits and runtime attacks.

Figure 21: IoT Security

42
6. Application Security

Web applications, like anything else directly connected to the Internet, are targets for threat actors.
Since 2007, OWASP has tracked the top 10 threats to critical web application security flaws such
as injection, broken authentication, misconfiguration, and cross-site scripting to name a few.

With application security, the OWASP Top 10 attacks can be stopped. Application security also
prevents bot attacks and stops any malicious interaction with applications and APIs. With
continuous learning, apps will remain protected even as DevOps releases new content.

Figure 22: Application Security

7. Zero Trust

The traditional security model is perimeter-focused, building walls around an organization’s

valuable assets like a castle. However, this approach has several issues, such as the potential for
insider threats and the rapid dissolution of the network perimeter.

43
As corporate assets move off-premises as part of cloud adoption and remote work, a new approach
to security is needed. Zero trust takes a more granular approach to security, protecting individual
resources through a combination of micro-segmentation, monitoring, and enforcement of role-
based access controls.

The Evolution of the Cyber Security Threat Landscape

The cyber threats of today are not the same as even a few years ago. As the cyber threat landscape
changes, organizations need protection against cybercriminals’ current and future tools and
techniques.

Gen V Attacks

The cyber security is threat landscape is continually evolving, and, occasionally, these
advancements represent a new generation of cyber threats. To date, we have experienced five
generations of cyber threats and solutions designed to mitigate them, including:

Gen I (Virus): In the late 1980s, virus attacks against standalone computers inspired the creation
of the first antivirus solutions.

Gen II (Network): As cyberattacks began to come over the Internet, the firewall was developed to
identify and block them.

Gen III (Applications): Exploitation of vulnerabilities within applications caused the mass
adoption of intrusion prevention systems (IPS)

Gen IV (Payload): As malware became more targeted and able to evade signature-based defenses,
anti-bot and sandboxing solutions were necessary to detect novel threats.

Gen V (Mega): The latest generation of cyber threats uses large-scale, multi-vectors attacks,
making advanced threat prevention solutions a priority.

44
Each generation of cyber threats made previous cyber security solutions less effective or
essentially obsolete. Protecting against the modern cyber threat landscape requires Gen V cyber
security solutions.

Supply Chain Attacks

Historically, many organizations’ security efforts have been focused on their own applications and
systems. By hardening the perimeter and only permitting access to authorized users and
applications, they try to prevent cyber threat actors from breaching their networks.

Recently, a surge in supply chain attacks has demonstrated the limitations of this approach and
cybercriminals’ willingness and ability to exploit them. Incidents like the SolarWinds, Microsoft
Exchange Server, and Kaseya hacks demonstrated that trust relationships with other organizations
can be a weakness in a corporate cyber security strategy. By exploiting one organization and
leveraging these trust relationships, a cyber threat actor can gain access to the networks of all of
their customers.

Protecting against supply chain attacks requires a zero-trust approach to security. While
partnerships and vendor relationships are good for business, third-party users and software should
have access limited to the minimum necessary to do their jobs and should be continually
monitored.

Figure 23: Supply Chain Attacks

45
Ransomware

While ransomware has been around for decades, it only became the dominant form of malware
within the last few years. The WannaCry ransomware outbreak demonstrated the viability and
profitability of ransomware attacks, driving a sudden surge in ransomware campaigns.

Since then, the ransomware model has evolved drastically. While ransomware used to only encrypt
files, it now will steal data to extort the victim and their customers in double and triple extortion
attacks. Some ransomware groups also threaten or employ Distributed Denial of Service (DDoS)
attacks to incentivize victims to meet ransom demands.

The growth of ransomware has also been made possible by the emergence of the Ransomware as
a Service (RaaS) model, where ransomware developers will provide their malware to “affiliates”
to distribute in exchange for a piece of the ransom. With RaaS, many cybercrime groups have
access to advanced malware, making sophisticated attacks more common. As a result, ransomware
protection has become an essential component of the enterprise cyber security strategy.

Figure 24: Ransomware

46
Phishing

Phishing attacks have long been the most common and effective means by which cybercriminals
gain access to corporate environments. It is often much easier to trick a user into clicking a link or
opening an attachment than it is to identify and exploit a vulnerability within an organization’s
defences.

In recent years, phishing attacks have only grown more sophisticated. While the original phishing
scams were relatively easy to detect, modern attacks are convincing and sophisticated to the point
where they can be virtually indistinguishable from legitimate emails.

Employee cyber security awareness training is not enough to protect against the modern phishing
threat. Managing the risk of phishing requires cyber security solutions that identify and block
malicious emails before they even reach a user’s inbox.

Figure 25: Phishing

Malware

The different generations of cyberattacks have been defined mainly by the evolution of malware.
Malware authors and cyber defenders are playing a continual cat and mouse game, where attackers

47
try to develop techniques that overcome or bypass the latest in security technology. Often, when
they succeed, a new generation of cyberattacks is created.

Modern malware is swift, stealthy, and sophisticated. The detection techniques used by legacy
security solutions (such as signature-based detection) are no longer effective, and, often, by the
time security analysts have detected and responded to a threat, the damage is already done.

Detection is no longer “good enough” to protect against malware attacks. Mitigating the threat of
Gen V malware requires cyber security solutions focused on prevention, stopping the attack before
it begins and before any damage is done.

The Need for a Consolidated Cyber Security Architecture

In the past, organizations could get by with an array of standalone security solutions designed to
address specific threats and use cases. Malware attacks were less common and less sophisticated,
and corporate infrastructures were less complex.

Today, cyber security teams are often overwhelmed while trying to manage these complex cyber
security architectures. This is cause by a number of factors, including:

Sophisticated Attacks: Modern cyber-attacks can no longer be detected with legacy approaches
to cyber security. More in-depth visibility and investigation is necessary to identify campaigns by
advanced persistent threats (APTs) and other sophisticated cyber threat actors.

Complex Environments: The modern corporate network sprawls over on-prem infrastructure and
multiple cloud environments. This makes consistent security monitoring and policy enforcement
across an organization’s entire IT infrastructure much more difficult.

Heterogeneous Endpoints: IT is no longer limited to traditional desktop and laptop computers.

Technological evolution and bring your own device (BYOD) policies make it necessary to secure
a range of devices, some of which the company does not even own.

48
Rise of Remote Work: The response to the COVID-19 pandemic demonstrated that remote and
hybrid work models were viable for many companies. Now, organizations need solutions that
allow them to effectively protect the remote workforce as well as on-site employees.

Trying to solve all of these challenges with an array of disconnected solutions is unscalable and
unsustainable. Only by consolidating and streamlining their security architectures can companies
effectively manage their cyber security risk.

Achieving Comprehensive Cybersecurity with Check Point

A modern cybersecurity infrastructure is one that is consolidated and built from solutions that are
designed to work together. This requires partnering with a security provider with experience in
protecting all of an organization’s assets against a range of cyber threats.

Check Point offers solutions for all of an organization’s security needs, including:

Network Security: Check Point Quantum

IoT Security: Check Point Quantum IoT Protect

Cloud Security: Check Point Cloud Guard

Application Security: Check Point Cloud Guard App Sec

Endpoint Security: Check Point Harmony Endpoint

Mobile Security: Check Point Harmony Mobile

To learn more about the threats that Check Point solutions can help to protect against, check out
the Check Point 2022 cyber security and Mobile Security Reports. You’re also welcome to see
Check Point’s solutions in action for yourself with a demo and try them in your own environment
with a free trial.

49
 Chapter 2: Symmetric Ciphers

A symmetric cipher is one that uses the same key for encryption and decryption.

Ciphers or algorithms can be either symmetric or asymmetric. Symmetric ones use the same key
(called a secret key or private key) for transforming the original message, called plaintext, into
ciphertext and vice versa. Symmetric ciphers are generally faster than their asymmetric
counterparts, which use a closely held private key as well as a public key shared between the two
parties (hence public-key cryptography, or PKC). Examples of symmetric ciphers are Advanced
Encryption Standard (AES), Data Encryption Standard (DES), Blowfish, and International Data
Encryption Algorithm (IDEA).

Figure 26: systemic ciphers

The use of a symmetric cipher presents the familiar challenge of how to share the secret key
between the parties securely, as an unauthorized party to the conversation may intercept it and
eavesdrop on future conversations. As a solution, an asymmetric cipher is typically used for the
key exchange. Examples of widely-used key-exchange asymmetric ciphers include the Diffie–
Hellman key exchange protocol, the Digital Signature Standard (DSS, which incorporates the
Digital Signature Algorithm or DSA), various elliptic curve techniques, and the RSA encryption
algorithm (PKCS#1).

50
Symmetric Encryption is the most basic and old method of encryption. It uses only one key for the
process of both the encryption and decryption of data. Thus, it is also known as Single-Key
Encryption.

A few basic terms in Cryptography are as follows:

Plain Text: original message to be communicated between sender and receiver.

Cipher Text: encoded format of the original message that cannot be understood by humans.

1. Plain Text (x): This is the original data/message that is to be communicated to the receiver by
the sender. It is one of the inputs to the encryption algorithm.

Figure 27: Plain Text (x)

2. Secret Key (k): It is a value/string/text file used by the encryption and decryption algorithm to
encode and decode the plain text to cipher text and vice-versa respectively. It is independent of the
encryption algorithm. It governs all the conversions in plain text. All the substitutions and
transformations done depend on the secret key.

51
 Figure 28: Secret Key (k)

3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs and produces
Cipher Text as output. It implies several techniques such as substitutions and transformations on
the plain text using the secret key.

Figure 29: Encryption Algorithm (E)

52
E (x, k) = y

4. Cipher Text (y): It is the formatted form of the plain text (x) which is unreadable for humans,
hence providing encryption during the transmission. It is completely dependent upon the secret
key provided to the encryption algorithm. Each unique secret key produces a unique cipher text.

Figure 30: Cipher Text (y)

5. Decryption Algorithm (D): It performs reversal of the encryption algorithm at the recipient’s
side. It also takes the secret key as input and decodes the cipher text received from the sender based
on the secret key. It produces plain text as output.

53
 Figure 31: Decryption Algorithm (D)

D (y, k) = x

Requirements for Encryption

There are only two requirements that need to be met to perform encryption. They are,

1. Encryption Algorithm: There is a need for a very strong encryption algorithm that produces
cipher texts in such a way that the attacker should be unable to crack the secret key even if they
have access to one or more cipher texts.

54
 Figure 32: Encryption Algorithm

2. Secure way to share Secret Key: There must be a secure and robust way to share the secret
key between the sender and the receiver. It should be leaking proof so that the attacker cannot
access the secret key.

Symmetric ciphers use symmetric algorithms to encrypt and decrypt data. These ciphers are used
in symmetric key cryptography. A symmetric algorithm uses the same key to encrypt data as it
does to decrypt data. For example, a symmetric algorithm will use key.

Figure 33: Secret Key

55
� k to encrypt some plaintext information like a password into a cipher text. Then, it uses.

� k again to take that cipher text and turn it back into the password.

Symmetric ciphers are the opposite of asymmetric ciphers, like those used in public-key
cryptography. These ciphers use asymmetric algorithms which use one key to encrypt data and a
different key to decrypt ciphers. Typically, those two keys are called public and private keys, as is
the case with RSA encryption. The public key is used to encrypt data, and the private key is used
to decrypt data.

Symmetric ciphers have many important advantages, like speed. But they lack in other areas like
security and key management. Due to these pros, however, there are a number of important
symmetric ciphers in production today. The most popular of these is Advanced Encryption
Standard (AES). Because of its security concerns, however, it is often used on a single machine
for encryption and decryption. This eliminates the need to share the secret key. Symmetric ciphers
are a good place to get started when learning cryptography as they were the first widespread
systems used in modern computing.

In a symmetric-key cipher, both participants1 in a communication share the same key. In other
words, if a message is encrypted using a particular key, the same key is required for decrypting
the message. If the cipher illustrated in Figure 8.1 were a symmetric-key cipher, then the
encryption and decryption keys would be identical. Symmetric-key ciphers are also known as
secret-key ciphers since the shared key must be known only to the participants. (We'll take a look
at the alternative, public-key ciphers, shortly.)

The U.S. National Institute of Standards and Technology (NIST) has issued standards for a series
of symmetric-key ciphers. Data Encryption Standard (DES) was the first, and it has stood the test
of time in that no cryptanalytic attack better than brute force search has been discovered. Brute
force search, however, has gotten faster. DES's keys (56 independent bits) are now too small given
current processor speeds. DES keys have 56 independent bits (although they have 64 bits in total;
the last bit of every byte is a parity bit). As noted above, you would, on average, have to search
half of the space of 256 possible keys to find the right one, giving 255 = 3.6 × 1016 keys. That
may sound like a lot, but such a search is highly parallelizable, so it's possible to throw as many
computers at the task as you can get your hands on—and these days it's easy to lay your hands on

56
thousands of computers ([Link] will rent them to you for a few cents an hour, for example).
By the late 1990s, it was already possible to recover a DES key after a few hours. Consequently,
NIST updated the DES standard in 1999 to indicate that DES should only be used for legacy
systems.

NIST also standardized the cipher Triple DES (3DES), which leverages the cryptanalysis
resistance of DES while in effect increasing the key size. A 3DES key has 168 (= 3 × 56)
independent bits and is used as three DES keys; let's call them DES-key1, DES-key2, and DES-
key3. 3DES encryption of a block is performed by first DES encrypting the block using DES-
key1, then DES de crypting the result using DES-key2, and finally DES encrypting that result
using DES-key3. Decryption involves decrypting using DES-key3, then encrypting using DES-
key2, then decrypting using DES-key1.2

Figure 34: Triple DES (3DES)

Although 3DES solves DES's key-length problem, it inherits some other shortcomings. Software
implementations of DES/3DES are slow because it was originally designed, by IBM, for
implementation in hardware. Also, DES/3DES uses a 64-bit block size; a larger block size is more
efficient and more secure.

3DES is being superseded by the Advanced Encryption Standard (AES) standard issued by NIST
in 2001. The cipher selected to become that standard (with a few minor modifications) was
originally named Rijndael (pronounced roughly like “Rhine dahl”) based on the names of its
inventors, Daemen and Rijmen. AES supports key lengths of 128, 192, or 256 bits, and the block
length is 128 bits. AES permits fast implementations in both software and hardware. It doesn't
57
require much memory, which makes it suitable for small mobile devices. AES has some
mathematically proven security properties and, as of the time of writing, has not suffered from any
significant successful attacks.

A symmetric encryption scheme has five ingredients.

• Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.

• Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.

• Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.

• Cipher text: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different cipher texts. The
cipher text is an apparently random stream of data and, as it stands, is unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
cipher text and the secret key and produces the original plaintext.

58
 Figure 35: Decryption algorithm

We need a strong encryption algorithm. At a minimum, we would like the algorithm to be

such that an opponent who knows the algorithm and has access to one or more ciphertexts would
be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a
stronger form:

opponent should be unable to decrypt ciphertext or discover the key even if he or she is in
possession of a number of ciphertexts together with the plaintext that produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure. If someone can discover the key and knows the algorithm, all communication
using this key is readable

59
We assume that it is impractical to decrypt a message on the basis of the ciphertext plus knowledge
of the encryption/decryption algorithm. In other words, we do not need to keep the algorithm
secret; we need to keep only the key secret. This feature of symmetric encryption is what makes it
feasible for widespread use. The fact that the algorithm need not be kept secret means that
manufacturers can and have developed low-cost chip implementations of data encryption
algorithms. These chips are widely available and incorporated into a number of products. With the
use of symmetric encryption, the principal security problem is maintaining the secrecy of the key.

Figure 36: Secure channel

Let us take a closer look at the essential elements of a symmetric encryption scheme, using Figure
2.2. A source produces a message in plaintext, X = [X1, X2, ..... , XM]. The M elements of X are
letters in some finite alphabet. Traditionally, the alphabet usually consisted of the 26 capital letters.
Nowadays, the binary alphabet {0, 1} is typically used. For encryption, a key of the form K = [K1,
K2, ..... , KJ] is generated. If the key is generated at the message source, then it must also be
provided to the destination by means of some secure channel. Alternatively, a third party could
generate the key and securely deliver it to both source and destination.

60
With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2, ..... , YN]. We can write this as

Y = E(K, X)

This notation indicates that Y is produced by using encryption algorithm E as a function of the
plaintext X , with the specific function determined by the value of the key K .

The intended receiver, in possession of the key, is able to invert the transformation:

X = D(K, Y)

An opponent, observing Y but not having access to K or X , may attempt to recover X or K or

both X and K. It is assumed that the opponent knows the encryption.

(E) and decryption (D) algorithms. If the opponent is interested in only this particular message,
then the focus of the effort is to recover X by generating a plaintext estimate.

X . Often, however, the opponent is interested in being able to read future messages as N well, in
which case an attempt is made to recover K by generating an estimate K.

Block Symmetric Ciphers

Block ciphers work on larger fragments of data (called blocks) at a time, by encrypting data blocks
one by one. During encryption input data are divided into blocks of fixed-length and each of them

61
is processed by several functions with the secret key. Both lengths of data block and key, and the
functions using in the process are determined by the algorithm. The inverse functions are used for
decryption.

Block cipher algorithms are often able to combine data from different blocks in order to provide
additional security (e.g. AES in CBC mode).

Block ciphers may be described as efficient and deterministic functions, which permute contents
of all data blocks. They simply mix all the bits in each block. Permutation functions must be
pseudorandom, and the output should be indistinguishable from pure random data. To allow
decryption, the inverse permutations must be used. The inverse permutations need also to be quite
efficient.

Symmetric encryption is a form of encryption whereby the same key is used to encrypt and
decrypt the message. This is different from asymmetric or public-key encryption, which uses one
key to encrypt a message and another key to decrypt the message.

Symmetric encryption is a kind of computerized cryptography, which uses a particular encryption

key to conceal the contents of an electronic message. Its data conversion utilizes a mathematical
procedure along with a private key, which results in the potential failure to make sense of a
message for somebody who doesn’t have the right tools to decrypt it. Symmetric encryption is a
two-way algorithm because the mathematical procedure is turn back when decrypting the message,
along with using the same private key.

Symmetric encryption is also referred to as private-key encryption and secure-key encryption.

This is the most straightforward form of encryption, comprising only one private key to cipher and
decipher information. Symmetrical encryption is an old and well-known practice. It uses a private
key that can be a number, a word, or a string of random letters. It is mixed with the plain text of a
message to alter the content in a certain way. The sender and the recipient should know the private
key that is used to cipher and decipher all the messages.

Examples of Symmetric Encryption

Blowfish

62
AES (Advanced Encryption Standard)

RC4 (Rivets Cipher 4)

DES (Data Encryption Standard)

RC5 (Rivets Cipher 5)

RC6 (Rivets Cipher 6)

The most commonly used symmetric algorithms are AES-128, AES-192, and AES-256.

The main drawback of the symmetric key encryption is that all individuals engaged in the activity
have to exchange the key used to encrypt the data before they can decrypt it, which isn’t always
convenient.

Types of Symmetric Encryption

Block algorithms are used to encrypt blocks of electronic data. Specified set lengths of bits are
altered, while continuing to use the designated private key. This key is then used for each
block. When network stream data is being encrypted, the encryption system retains the data in its
memory components while waiting for the complete blocks. The time in which the system waits
can lead to a certain security gap and may undermine data security and integrity. The solution to
the problem includes a process where the block of data can be decreased and merged with
preceding encrypted data block contents, until the rest of the blocks arrive. This process is known
as feedback. When the entire block is received, only then is it encrypted.

63
 Figure 37: Block algorithms

Stream algorithms are not retained in the encryption system’s memory but arrive in data stream
algorithms. This type of procedure is considered somewhat safer, since a disk or system is not
retaining the data without encryption in the memory components.

Difference Between Symmetric and Asymmetric Encryption

Symmetric encryption uses a single key that must be shared among the people who need to receive
the message, while asymmetrical encryption uses a pair—consisting of a public key and a private
key—to encrypt and decrypt messages when communicating.

Symmetric encryption is an old practice, while asymmetric encryption is relatively new.

Asymmetric encryption was brought in to fix the problem of the necessity of sharing the key in
the symmetric encryption model, removing the need to share the key by using in its stead a pair of
public-private keys.

64
Asymmetric encryption eats up more time than the symmetric encryption.

When it comes to encryption, the latest systems may often be the best fit. You should always use
the appropriate encryption procedure which is applicable for the task at hand. As a matter of fact,
as cryptography evolves in a new direction, new procedures are being established in a bid to catch
up with would-be hackers and to protect the information in order to improve privacy. Hackers are
destined to make it hard for experts in the coming years, so we can safely expect more innovations
to come from the cryptographic community.

Figure 38: Stream algorithms

Symmetric vs. Asymmetric Encryption – What are differences?

Information security has grown to be a colossal factor, especially with modern communication
networks, leaving loopholes that could be leveraged to devastating effects. This article presents a
discussion on two popular encryption schemes that can be used to tighten communication security
in Symmetric and Asymmetric Encryption. In principle, the best way to commence this discussion
is to start from the basics first. Thus, we look at the definitions of algorithms and key cryptographic

65
concepts and then dive into the core part of the discussion where we present a comparison of the
two techniques.

Figure 39: Symmetric vs. Asymmetric Encryption

Algorithms

An algorithm is basically a procedure or a formula for solving a data snooping problem. An

encryption algorithm is a set of mathematical procedure for performing encryption on data.
Through the use of such an algorithm, information is made in the cipher text and requires the use
of a key to transforming the data into its original form. This brings us to the concept of
cryptography that has long been use in information security in communication systems.

Figure 40: Algorithms

66
Cryptography

Cryptography is a method of using advanced mathematical principles in storing and transmitting

data in a particular form so that only those whom it is intended can read and process it. Encryption
is a key concept in cryptography – It is a process whereby a message is encoded in a format that
cannot be read or understood by an eavesdropper. The technique is old and was first used by Caesar
to encrypt his messages using Caesar cipher. A plain text from a user can be encrypted to a cipher
text, then send through a communication channel and no eavesdropper can interfere with the plain
text. When it reaches the receiver end, the cipher text is decrypted to the original plain text.

Figure 41: Cryptography

Cryptography Terms

Encryption: It is the process of locking up information using cryptography. Information that has
been locked this way is encrypted.

Decryption: The process of unlocking the encrypted information using cryptographic techniques.

Key: A secret like a password used to encrypt and decrypt information. There are a few different
types of keys used in cryptography.

67
Steganography: It is actually the science of hiding information from people who would snoop on
you. The difference between steganography and encryption is that the would-be snoopers may not
be able to tell there’s any hidden information in the first place.

Figure 42: symmetric Encryption

This is the simplest kind of encryption that involves only one secret key to cipher and decipher
information. Symmetric encryption is an old and best-known technique. It uses a secret key that
can either be a number, a word or a string of random letters. It is a blended with the plain text of a
message to change the content in a particular way. The sender and the recipient should know the
secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4, DES, RC5,
and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is
AES-128, AES-192, and AES-256.

68
 Figure 43: symmetric key

The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.

Asymmetric encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a
plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious
persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt
the message and this is why asymmetric encryption uses two related keys to boosting security.
A public key is made freely available to anyone who might want to send you a message. The
second private key is kept a secret so that you can only know.

A message that is encrypted using a public key can only be decrypted using a private key, while
also, a message encrypted using a private key can be decrypted using a public key. Security of the
public key is not required because it is publicly available and can be passed over the internet.
Asymmetric key has a far better power in ensuring the security of information transmitted during
communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially over the
Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA, Elliptic
curve techniques, PKCS.

69
Asymmetric encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a
plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious
persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt
the message and this is why asymmetric encryption uses two related keys to boosting security.
A public key is made freely available to anyone who might want to send you a message. The
second private key is kept a secret so that you can only know.

A message that is encrypted using a public key can only be decrypted using a private key, while
also, a message encrypted using a private key can be decrypted using a public key. Security of the
public key is not required because it is publicly available and can be passed over the internet.
Asymmetric key has a far better power in ensuring the security of information transmitted during
communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially over the
Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA, Elliptic
curve techniques, PKCS.

Asymmetric Encryption in Digital Certificates

To use asymmetric encryption, there must be a way of discovering public keys. One typical
technique is using digital certificates in a client-server model of communication. A certificate is a
package of information that identifies a user and a server. It contains information such as an
organization’s name, the organization that issued the certificate, the users’ email address and
country, and user’s public key.

When a server and a client require a secure encrypted communication, they send a query over the
network to the other party, which sends back a copy of the certificate. The other party’s public key
can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.

SSL/TLS uses both asymmetric and symmetric encryption, quickly look at digitally signed SSL
certificates issued by trusted certificate authorities (CAs).

70
Difference Between Symmetric and Asymmetric Encryption

Symmetric encryption uses a single key that needs to be shared among the people who need to
receive the message while asymmetric encryption uses a pair of public keys and a private key to
encrypt and decrypt messages when communicating.

Symmetric encryption is an old technique while asymmetric encryption is relatively new.

Asymmetric encryption was introduced to complement the inherent problem of the need to share
the key in symmetric encryption model, eliminating the need to share the key by using a pair of
public-private keys.

Asymmetric encryption takes relatively more time than the symmetric encryption.

A symmetric encryption is any technique where the same key is used to both encrypt and decrypt
the data. The Caesar Cipher is one of the simplest symmetric encryption techniques, and of course,
one of the easiest to crack.

Since then, cryptologists have invented many more symmetric encryption techniques, including
the ones used today to encrypt data like passwords.

CAST design procedure for constructing a family of DES-like Substitution-Permutation Network

(SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear
cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic
properties. Details of the design choices in the procedure are given, including those regarding the
component substitution boxes (s-boxes), the overall framework, the key schedule, and the round
function. An example CAST cipher, an output of this design procedure, is presented as an aid to
understanding the concepts and to encourage detailed analysis by the crypto logic community.

In today’s digital era, there is always a threat of unauthorized access to sensitive data. Though
privacy and security are must for all organizations, the most targeted industries are financial
corporations and payment systems. A single data breach, on average, costs an organization around
$3.7 million and the Cybersecurity Ventures estimates that 2021 is going to witness cybercrimes
worth $6 trillion!

71
For safeguarding sensitive information, encryption holds great significance as it considerably
mitigates the associated risks. For this reason, now symmetric encryption is present everywhere in
the digital ecosystem.

What is Symmetric Encryption?

Simply stated, Symmetric Encryption is the technique in which the same key encrypts and decrypts
the data sets, or the messages transacted within various systems.

Such cryptographic techniques were initially used by governmental authorities to make contact
with military heads. Now, to improve data security within computer systems, algorithm-based
symmetric encryption is being used everywhere.

In symmetric encryption, both the sending and receiving units have a similar key, which is kept a
secret.

How Symmetric Encryption Works?

In encryption, the algorithm transforms the data in a format which cannot be understood by anyone.
A special & confidential key is required to decipher that data set into a readable format. As the
intended recipient receives the ciphered data, the confidential key transforms it back to the readable
format.

Three main steps involved in symmetric encryption are:

The sender uses an alpha-numeric string, termed as the encryption key, to cipher confidential data.

The ciphered message, termed as ‘ciphertext’ looks like random numbers whose real meaning
can’t be understood.

The intended recipient has the same deciphering key that transforms the ciphertext into the
previous format.

72
The secret keys used by the senders and the recipients might be a specially developed passcode or
a special sequence developed by the random number generator which also decrypts them back.

Figure 44: Working pattern of Encryption.

There are two main types of symmetric encryption:

A. Block Encryption: In this, the set numbers of bits are ciphered in electronic data blocks with
the help of a secret key. As the information is ciphered, the system stores data in the internal
memory.

B. Stream Encryption: In this tactic, the data encryption directly streams in place of being stored
in the system’s internal memory.

Symmetric Encryption Algorithms

73
The most well-known and the most commonly used algorithms for symmetric encryption are:

Data Encryption Standard

It is a block-type encryption tactic that ciphers data in 64-bit blocks and uses a single key available
in any of the three sizes: 64, 128, 192-bit. DES is one of the earliest symmetric encryption
algorithms but now it is considered to be insecure and obsolete.

Triple Data Encryption Standard

Unlike the DES, this tactic deploys two to three keys, enabling the algorithm to have multiple
rounds of encryption and decryption processes. Triple Data Encryption Standard algorithm is much
more secure than its predecessor- DES.

Advanced Encryption Standard

Now, one will find the advanced encryption standard algorithm being used at all places of the
cyber world. With the key options of 128, 192, 256 bits this algorithm is much more efficient &
secure than the previous ‘predecessors. Though it is a block-type cipher tactic, it operates in the
substitution-permutation network. Therefore, it is much different than other algorithms which
work on Feistel Ciphering.

Apart from these three most commonly used algorithms, other ones are:

IDEA (International Data Encryption Algorithm), Blowfish, RC4, RC5, RC6.

Out of them, RC4 is a stream cipher tactic.

Advantages of Symmetric Encryption

The main advantage of symmetric encryption over other ciphering techniques is its agility and
efficiency for safeguarding a vast amount of sensitive data. The symmetric algorithms provide a

74
greater degree of safety, and the sheer simplicity is also a logical advantage since there is a lesser
need for processing powers.

Furthermore, the protection level can be easily enhanced by increasing the length of the key. With
every bit added to the key, the requirement of the forces to breach the security increases
exponentially.

Disadvantages of Symmetric Encryption

The biggest and the most important challenge in symmetric encryption is the inherent problem in
the transmission of the keys. As the same key is used for ciphering and deciphering the data sets,
if the key is passed over to unauthorized malicious users, then the third parties can easily intercept
the data sets. With a malicious user getting access to the key, the whole system data security comes
into question.

So, for symmetric encryption to work, the sender and the intended user must know and have the
keys secure with them. If anyone else has got the key, then they can easily decrypt data and access
them for any type of use. So, there would be no point in such an encryption process where the keys
are not safe.

Security of the Symmetric Keys

There are few considerations that specify the strength of encrypting keys. Major ones include:

Length of the key

Randomness of Generation

Time taken to decrypt back.

Use Cases

75
Symmetric Encryptions have various use cases across varied industrial verticals. But major ones
needing better security in terms of their data safety are:

Banking and Payment Card Facilities

These industries have a specific standard of security requirements- PCI DSS. This Payment Card
Industry Data Security Standard is a set of 12 basic requirements that businesses and organizations
in the domain must adhere to. In the PCI compliances, symmetric encryption is a vital component
and directly correlates the protection of the data of at-rest cardholders.

Data at Rest

Data at rest is nothing but the state of all your data that is sitting idle on a server or any device.
Being idle means it isn’t being transacted across a network over the internet.

Figure 45: Data at Rest

76
Following are some common products/services that incorporate symmetric encryption to secure
the backups:

Microsoft Azure: The leading cloud computing service platform Microsoft Azure uses symmetric
encryption to cipher and decipher many data sets very quickly.

Sales force: Cloud-based customer relationship management service provider Sales force uses
Advanced Encryption System algorithm 256 bits to secure the data at rest.

Figure 46: Sales force

G-Suite: Many of Google’s G-Suite services use in-transit encryption via HTTPS to secure your
data.

Code Guard: It is a website data backup tool that greatly helps in getting back the data in case of
a failure or complete collapse. It also uses AES-256 encryption to secure all those backups.

77
HTTPS and Websites

Encryption for any active session is done via symmetric encryption and is an integral part of
website security.

Symmetric encryption, aka symmetric key cryptography, uses one single key to encrypt and
decrypt data. You have to share this key with the recipient. Let’s say you want to sent “I love you
Mom”. You would write your email, then set a secret key, or password, to encrypt it. Then, you
would simply send it. When mom receives the message, she would enter the same secret key to
decrypt the email.

Figure 47: Symmetric Encryption

Pros and cons of symmetric encryption

Let’s take a look at some of the pros and cons of symmetric encryption:

Pros:

Easier to implement and use.

Faster than asymmetric encryption

78
Less resource-intensive

Good for handling and transferring larger amounts of data.

Cons:

Loss of a key will mean that data encrypted with it is compromise.

Key has to be share securely with the other party.

How does Mail fence incorporate symmetric key cryptography?

Mail fence offers password-encrypted messages (PEM) based on symmetric encryption. Our
solution allows you to set a password hint that helps the recipient decrypt the message. You can
share your passphrase via SMS, a phone call, or during a physical meeting.

Also, with Mail fence’s PEM, you can set an expiration date for the email. After the expiration
date, the email cannot be decrypted any more. Furthermore, we store password-encrypted
messages in a zero-knowledge environment and encrypt them with your password. That way, only
you and the intended recipient can access the message.

In case you would like to know more, visit our dedicated knowledge base.

Here are some good practices to follow for our PEM:

Never use your OpenPGP passphrase

Never use your Mail fence account password

If you are sending a sensitive message, make sure unwanted readers cannot guess your password.

There are many symmetric encryption algorithms, such as AES, DES, 3DES, IDEA. For your
information, Mail fence uses AES in combination with other ciphers.

79
Symmetric key cryptography is any cryptographic algorithm that is based on a shared key that is
used to encrypt or decrypt text/cyphertext, in contrast to asymmetric key cryptography, where the
encryption and decryption keys are different.

Symmetric encryption is generally more efficient than asymmetric encryption and therefore
preferred when large amounts of data need to be exchanged.

Establishing the shared key is difficult using only symmetric encryption algorithms, so in many
cases, asymmetric encryption is used to establish the shared key between two parties.

Examples of symmetric key cryptography include AES, DES, and 3DES. Key exchange protocols
used to establish a shared encryption key include Diffie-Hellman (DH), elliptic curve (EC) and
RSA.

Symmetric key cryptography relies on a shared key between two parties. Asymmetric key
cryptography uses a public-private key pair where one key is used to encrypt and the other to
decrypt.

Symmetric cryptography is more efficient and therefore more suitable for encrypting/decrypting
large volumes of data. Asymmetric cryptography is not efficient and therefore used only for
exchanging a shared key, after which the symmetric key is used to encrypt/decrypt data.

Asymmetric encryption is also used for creating digital signatures.

Symmetric key encryption uses one the following encryption types:

1) Stream ciphers: encrypt the digits (typically bytes), or letters (in substitution ciphers) of a
message one at a time

80
 Figure 48: Steam cipher

2) Block ciphers: encrypts a number of bits as a single unit, adding the plaintext so that it is a
multiple of the block size. Blocks of 64 bits were commonly used. The Advanced Encryption
Standard (AES) algorithm approved by NIST in December 2001, and the GCM block cipher mode
of operation use 128-bit blocks.

81
 Figure 49: Block ciphers

Symmetric encryption is a way to encrypt or hide the contents of material where the sender and
receiver both use the same secret key. Note that symmetric encryption is not sufficient for most
applications because it only provides secrecy but not authenticity. That means an attacker can’t
see the message, but an attacker can create bogus messages and force the application to decrypt
them. In many contexts, a lack of authentication on encrypted messages can result in a loss of
secrecy as well.

For this reason, it is strongly recommended to combine encryption with a message authentication
code, such as HMAC, in an “encrypt-then-MAC” formulation as described by Colin Percival.
cryptography includes a recipe named Fernet (symmetric encryption) that does this for you. To
minimize the risk of security issues you should evaluate Fernet to see if it fits your needs before
implementing anything using this module.

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both
encrypt and decrypt electronic data. The entities communicating via symmetric encryption must
exchange the key so that it can be used in the decryption process. This encryption method differs

82
from asymmetric encryption where a pair of keys - one public and one private - is used to encrypt
and decrypt messages.

By using symmetric encryption algorithms, data is "scrambled" so that it can't be understood by

anyone who does not possess the secret key to decrypt it. Once the intended recipient who
possesses the key has the message, the algorithm reverses its action so that the message is returned
to its original readable form. The secret key that the sender and recipient both use could be a
specific password/code or it can be random string of letters or numbers that have been generated
by a secure random number generator (RNG). For banking-grade encryption, the symmetric keys
must be created using an RNG that is certified according to industry standards, such as FIPS 140-
2.

There are two types of symmetric encryption algorithms:

Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it
waits for complete blocks.

Figure 50: Block algorithms

83
Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s
memory.

Figure 51: Stream algorithms

Some examples of symmetric encryption algorithms include:

AES (Advanced Encryption Standard)

DES (Data Encryption Standard)

IDEA (International Data Encryption Algorithm)

Blowfish (Drop-in replacement for DES or IDEA)

RC4 (Rivest Cipher 4)

RC5 (Rivest Cipher 5)

RC6 (Rivest Cipher 6)

AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher.

DES

84
In “modern” computing, DES was the first standardized cipher for securing electronic
communications, and is used in variations (e.g., 2-key or 3-key 3DES). The original DES is not
used anymore as it is considered too “weak”, due to the processing power of modern computers.
Even 3DES is not recommended by NIST and PCI DSS 3.2, as well as all 64-bit ciphers. However,
3DES is still widely used in EMV chip cards because of legacy applications that do not have a
crypto-agile infrastructure.

AES

The most commonly used symmetric algorithm is the Advanced Encryption Standard (AES),
which was originally known as Rijndael. This is the standard set by the U.S. National Institute of
Standards and Technology in 2001 for the encryption of electronic data announced in U.S. FIPS
PUB 197. This standard supersedes DES, which had been in use since 1977. Under NIST, the AES
cipher has a block size of 128 bits but can have three different key lengths as shown with AES-
128, AES-192 and AES-256.

What is Symmetric Encryption Used For?

While symmetric encryption is an older method of encryption, it is faster and more efficient than
asymmetric encryption, which takes a toll on networks due to performance issues with data size
and heavy CPU use. Due to the better performance and faster speed of symmetric encryption
(compared to asymmetric), symmetric cryptography is typically used for bulk encryption /
encrypting large amounts of data, e.g., for database encryption. In the case of a database, the secret
key might only be available to the database itself to encrypt or decrypt. Industry-standard
symmetric encryption is also less vulnerable to advances in quantum computing compared to the
current standards for asymmetric algorithms (at the time of writing).

Some examples of where symmetric cryptography are used are:

85
Payment applications, such as card transactions where PII needs to be protected to prevent identity
theft or fraudulent charges.

Validations to confirm that the sender of a message is who he claims to be.

Random number generation or hashing

Key management for symmetric encryption - what we need to consider.

Unfortunately, symmetric encryption does come with its own drawbacks. Its weakest point is its
aspects of key management, including:

Key Exhaustion

Symmetric Encryption suffers from behaviour where every use of a key ‘leaks’ some information
that can potentially be used by an attacker to reconstruct the key. The defences against this
behaviour include using a key hierarchy to ensure that master or key-encryption keys are not over-
used and the appropriate rotation of keys that do encrypt volumes of data. To be tractable, both
these solutions require competent key-management strategies as if (for example) a retired
encryption key cannot be recovered the data is potentially lost.

Attribution data

Unlike asymmetric (public-key) Certificates, symmetric keys do not have embedded metadata to
record information such as expiry date or an Access Control List to indicate the use the key may
be put to - to Encrypt but not Decrypt for example.

The latter issue is somewhat addressed by standards such as ANSI X9-31 where a key can be
bound to information prescribing its usage. But for full control over what a key can be used for
and when it can be used, a key-management system is required.

86
 Figure 52: Attribution data

Key Management at large scale

Where only a few keys are involved in a scheme (tens to low hundreds), the management overhead
is modest and can be handled through manual, human activity. However, with a large estate,
tracking the expiration and arranging rotation of keys quickly becomes impractical.

Consider an EMV payment card deployment: millions of cards multiplied by several keys-per-
card requires a dedicated provision and key-management system.

87
Figure 53: Key Management at large scale

88
 Chapter 3: Asymmetric Ciphers

Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of
related keys -- one public key and one private key -- to encrypt and decrypt a message and protect
it from unauthorized access or use.

A public key is a cryptographic key that can be used by any person to encrypt a message so that it
can only be decrypted by the intended recipient with their private key. A private key -- also known
as a secret key -- is shared only with key's initiator.

Figure 54: Asymmetric cryptography

When someone wants to send an encrypted message, they can pull the intended recipient's public
key from a public directory and use it to encrypt the message before sending it. The recipient of
the message can then decrypt the message using their related private key.

If the sender encrypts the message using their private key, the message can be decrypted only using
that sender's public key, thus authenticating the sender. These encryption and decryption processes
happen automatically; users do not need to physically lock and unlock the message.

89
Many protocols rely on asymmetric cryptography, including the transport layer security (TLS) and
secure sockets layer (SSL) protocols, which make HTTPS possible.

The encryption process is also used in software programs that need to establish a secure connection
over an insecure network, such as browsers over the internet, or that need to validate a digital
signature.

Increased data security is the primary benefit of asymmetric cryptography. It is the most secure
encryption process because users are never required to reveal or share their private keys, thus
decreasing the chances of a cybercriminal discovering a user's private key during transmission.

How does asymmetric cryptography work?

Asymmetric encryption uses a mathematically related pair of keys for encryption and decryption:
a public key and a private key. If the public key is used for encryption, then the related private key
is used for decryption. If the private key is used for encryption, then the related public key is used
for decryption.

The two participants in the asymmetric encryption workflow are the sender and the receiver. Each
has its own pair of public and private keys. First, the sender obtains the receiver's public key. Next,
the plaintext message is encrypted by the sender using the receiver's public key. This creates cipher
text. The cipher text is sent to the receiver, who decrypts it with their private key, returning it to
legible plaintext.

Because of the one-way nature of the encryption function, one sender is unable to read the
messages of another sender, even though each has the public key of the receiver.

90
 Figure 55: Asymmetric cryptography work

Uses of asymmetric cryptography

Asymmetric cryptography is typically used to authenticate data using digital signatures. A digital
signature is a mathematical technique used to validate the authenticity and integrity of a message,
software or digital document. It is the digital equivalent of a handwritten signature or stamped seal.

Based on asymmetric cryptography, digital signatures can provide assurances of evidence to the
origin, identity and status of an electronic document, transaction or message, as well as
acknowledge informed consent by the signer.

Asymmetric cryptography can also be applied to systems in which many users may need to encrypt
and decrypt messages, including:

Encrypted email. A public key can be used to encrypt a message and a private key can be used to
decrypt it.

91
 Figure 56: Encrypted email

SSL/TLS. Establishing encrypted links between websites and browsers also makes use of
asymmetric encryption.

92
 Figure 57: SSL/TLS

Crypto currencies. Bitcoin and other crypto currencies rely on asymmetric cryptography. Users
have public keys that everyone can see and private keys that are kept secret. Bitcoin uses a
cryptographic algorithm to ensure only legitimate owners can spend the funds.

In the case of the Bitcoin ledger, each unspent transaction output (UTXO) is typically associated
with a public key. For example, if user X, who has an UTXO associated with his public key, wants
to send the money to user Y, user X uses his private key to sign a transaction that spends the UTXO
and creates a new UTXO that's associated with user Y's public key.

What are the benefits and disadvantages of asymmetric cryptography?

The benefits of asymmetric cryptography include:

The key distribution problem is eliminated because there's no need for exchanging keys.

Security is increased since the private keys don't ever have to be transmitted or revealed to anyone.

93
The use of digital signatures is enabled so that a recipient can verify that a message comes from a
particular sender.

It allows for nonrepudiation so the sender can't deny sending a message.

Disadvantages of asymmetric cryptography include:

It's a slow process compared to symmetric cryptography. Therefore, it's not appropriate for
decrypting bulk messages.

If an individual loses his private key, he can't decrypt the messages he receives.

Because public keys aren't authenticated, no one can ensure a public key belongs to the person
specified. Consequently, users must verify that their public keys belong to them.

If a malicious actor identifies a person's private key, the attacker can read that individual's
messages.

What's the difference between asymmetric vs. symmetric cryptography?

The main difference between asymmetric versus symmetric cryptography is that asymmetric
encryption algorithms make use of two different but related keys. One key encrypts data and
another key decrypts it. Symmetric encryption uses the same key to perform both encryption and
decryption functions.

Another difference between asymmetric and symmetric encryption is the length of the keys. In
symmetric cryptography, the length of the keys -- which is randomly selected -- are typically set
at 128 bits or 256 bits, depending on the level of security needed.

In asymmetric encryption, there must be a mathematical relationship between the public and
private keys. Since malicious actors can potentially exploit this pattern to crack the encryption,
asymmetric keys need to be longer to offer the same level of security. The difference in the length
of the keys is so pronounced that a 2048-bit asymmetric key and a 128-bit symmetric key provide
about an equivalent level of security.

94
Asymmetric encryption is notably slower than symmetric encryption, which has a faster execution
speed.

What are examples of asymmetric cryptography?

The RSA algorithm -- the most widely used asymmetric algorithm -- is embedded in the SSL/TLS,
which is used to provide secure communications over a computer network. RSA derives its
security from the computational difficulty of factoring large integers that are the product of two
large prime numbers.

Multiplying two large primes is easy, but the difficulty of determining the original numbers from
the product -- factoring -- forms the basis of public-key cryptography security. The time it takes to
factor the product of two sufficiently large primes is beyond the capabilities of most attackers.

RSA keys are typically 1024 or 2048 bits long, but experts believe 1024-bit keys will be broken
soon, which is why government and industry are moving to a minimum key length of 2048-bits.

Figure 58: RSA algorithm

95
Elliptic Curve Cryptography (ECC) is gaining Favor with many security experts as an alternative
to RSA. ECC is a public-key encryption technique based on elliptic curve theory. It can create
faster, smaller and more efficient cryptographic keys through the properties of the elliptic curve
equation.

Figure 59: Elliptic Curve Cryptography (ECC)

To break ECC, an attacker must compute an elliptic curve discrete logarithm, which is significantly
more difficult problem than factoring. As a result, ECC key sizes can be significantly smaller than
those required by RSA while still delivering equivalent security with lower computing power and
battery resource usage.

Whitfield Diffie and Martin Hellman, researchers at Stanford University, first publicly proposed
asymmetric encryption in their 1977 paper, "New Directions in Cryptography."

The history of asymmetric cryptography

96
The concept was independently and covertly proposed by James Ellis several years earlier, while
he was working for the Government Communications Headquarters (GCHQ), the British
intelligence and security organization. The asymmetric algorithm as outlined in the Diffie-
Hellman paper uses numbers raised to specific powers to produce decryption keys. Diffie and
Hellman initially teamed up in 1974 to solve the problem of key distribution.

The RSA algorithm, which was based on the work of Diffie, was named after its three inventors -
- Ronald Rivest, Adi Shamir and Leonard Adleman. They invented the RSA algorithm in 1977
and published it in Communications of the ACM in 1978.

Asymmetric key cryptosystems / public-key cryptosystems (like RSA, elliptic curve cryptography
(ECC), Diffie-Hellman, ElGamal, McEliece, NTRU and others) use a pair of mathematically
linked keys: public key (encryption key) and private key (decryption key).

The asymmetric key cryptosystems provide key-pair generation (private + public key), encryption
algorithms (asymmetric key ciphers and encryption schemes like RSA-OAEP and ECIES), digital
signature algorithms (like DSA, ECDSA and EdDSA) and key exchange algorithms (like DHKE
and ECDH).

A message encrypted by the public key is later decrypted by the private key. A message signed by
the private key is later verified by the public key. The public key is typically shared with everyone,
while the private key is kept secret. Calculating the private key from its corresponding public key
is by design computationally infeasible.

Public-Key Cryptosystems

Well-known public-key cryptosystems are: RSA, ECC, ElGamal, DHKE, ECDH, DSA, ECDSA,
EdDSA, Schnorr signatures. Different public key cryptosystems may provide one or more of the
following capabilities:

Key-pair generation: generate random pairs of private key + corresponding public key.

Encryption / decryption: encrypt date by public key and decrypt data by private key (often using a
hybrid encryption scheme).

97
Digital signatures (message authentication): sign messages by private key and verify signatures by
public key.

Key-exchange algorithms: securely exchange cryptographic key between two parties over insecure
channel.

The most important and most used public-key cryptosystems are RSA and ECC. Elliptic curve
cryptography (ECC) is the recommended and most preferable modern public-key cryptosystem,
especially with the modern highly optimized and secure curves (like Curve25519 and Curve448),
because of smaller keys, shorter signatures and better performance.

The RSA public-key cryptosystem is based on the mathematical concept of modular

exponentiation (numbers raised to a power by modulus), along with some mathematical
constructions and the integer factorization problem (which is considered to be computationally
infeasible for large enough keys).

The elliptic-curve cryptography (ECC) cryptosystem is based on the math of the on the algebraic
structure of the elliptic curves over finite fields and the elliptic curve discrete logarithm problem
(ECDLP), which is considered to be computationally infeasible for large keys. ECC comes
together with the ECDSA algorithm (elliptic-curve digital signature algorithm). ECC uses smaller
keys and signatures than RSA and is preferred in most modern apps. We shall discuss ECC and
ECDSA later in details, along with examples.

Most public-key cryptosystems (like RSA, ECC, DSA, ECDSA and EdDSA) are quantum-
breakable (quantum-unsafe), which means that (at least on theory) a powerful enough quantum
computer will be able to break their security and compute the private key from given public key
in seconds.

Asymmetric Encryption Schemes

Asymmetric encryption is more complicated than symmetric encryption, not only because it uses
public and private keys, but because asymmetric encryption can encrypt / decrypt only small
messages, which should be mapped to the underlying math of the public-key cryptosystem. Some

98
cryptosystems (like ECC) do not provide directly encryption primitives, so more complex schemes
should be used.

In the RSA system, the input message should be transformed to big integer (e.g., using OAEP
padding), while in ECC the message cannot be directly encrypted and more complex encryption
scheme is used, based on the elliptic-curve Diffie-Hellman Key Exchange (ECDH). It will be
explained in detail later in this chapter. Additionally, asymmetric ciphers are significantly slower
than symmetric ciphers (e.g., the RSA encryption is 1000 times slower than AES).

To overcome the above limitations and to allow encrypting messages of any size, modern
cryptography uses asymmetric encryption schemes (also known as public key encryption schemes
/ asymmetric encryption constructions / hybrid encryption schemes), like key encapsulation
mechanisms (KEM) and integrated encrypted schemes, which combine asymmetric encryption
with symmetric key ciphers.

This is how a large document or file can be encrypted by combining public-key cryptography and
symmetric crypto algorithm:

Figure 60: Asymmetric encryption

99
In the above diagram the encrypted symmetric key is known as KEM block (encapsulated key,
with public key encryption) and the encrypted data file is known as DEM block (encapsulated
data, with symmetric encryption). The encrypted message consists of these two blocks together
(encapsulated key + encapsulated data).

This is the corresponding decryption process (decrypt an encrypted large document using public-
key cryptography and symmetric crypto algorithm):

Figure 61: KEM block

Integrated Encryption Schemes Integrated Encryption Schemes

This are modern public key encryption schemes, which combine symmetric ciphers, asymmetric
ciphers and key-derivation algorithms to provide secure public-key based encryption (PKE). In
EIS scheme asymmetric algorithms (like RSA or ECC) are used to encrypt or encapsulate a
symmetric key, used later by symmetric ciphers (like AES or ChaCha20) to encrypt the input
message. Some EIS schemes provide also message authentication. Examples of EIS schemes are
DLIES (Discrete Logarithm Integrated Encryption Scheme) and ECIES (Elliptic Curve Integrated
Encryption Scheme).

Key Encapsulation Mechanisms (KEMs)

100
A key encapsulation mechanisms (KEM) are asymmetric cryptographic techniques used to encrypt
and encapsulate a secret key (called "ephemeral symmetric key"), which is used to encrypt an input
message using a symmetric cryptographic cipher. KEM encapsulates the ephemeral symmetric
encryption key as part of the encrypted message, by encrypting it with the recipient's public key.
In cryptography this process is known as "key encapsulation".

The output from a KEM-based hybrid encryption scheme consists of KEM block, holding the
encapsulated encrypted symmetric key (or certain parameters used to derive it), and DEM block
(data encapsulation mechanism), holding the encapsulated symmetrically encrypted data (cipher
parameters + ciphertext + optionally an authentication tag).

Key encapsulation mechanisms (KEMs) are used in the hybrid encryption schemes and in the
integrated encryption schemes, where a random element is generated in the underlying public-key
cryptosystem and a symmetric key is derived from this random element by hashing. This approach
simplifies the process of combining asymmetric and symmetric encryption. Examples of modern
key encapsulation mechanisms are: RSA-KEM, ECIES-KEM and PSEC-KEM.

Figure 62: Key Encapsulation Mechanisms (KEMs)

Key encapsulation should not be confused with key wrapping.

101
Key encapsulation (KEM) refers to public-key encryption of another key (symmetric or
asymmetric). It is used for creating provably secure hybrid encryption schemes, e.g., to encrypt an
AES secret key by given ECC public key.

Figure 63: Key encapsulation (KEM)

Key wrapping refers to symmetric-key encryption of another key (which can be either a symmetric
key or an asymmetric key). It is used to encrypt, integrity-protect and transport cryptographic keys.
Key wrapping provides privacy and integrity protection for specialized data such as cryptographic
keys, without the use of nonces. For details see RFC 3394.

102
 Figure 64: Key wrapping

Digital Signatures
In cryptography digital signatures provide message authentication, integrity and non-repudiation
for digital documents. Digital signatures work in the public-key cryptosystems and use a public /
private key pair. Message signing is performed by the private key and message verification is
performed by the corresponding public key.

A message signature mathematically guarantees that certain message was signed by certain (secret)
private key, which corresponds to certain (non-secret) public key. After a message is signed, the
message and the signature cannot be modified and thus message authentication and integrity are
provided. Anyone, who knows the public key of the message signer, can verify the signature. after
signing the signature author cannot reject the act of signing (this is known as non-repudiation).

Digital signatures are widely used today for signing digital contracts, for authorizing bank
payments and signing transactions in the public blockchain systems for transferring digital assets.

103
Most public-key cryptosystems like RSA and ECC provide secure digital signature schemes like
DSA, ECDSA and EdDSA. We shall discuss the digital signatures in greater detail later in this
section.

Figure 65: Digital signatures

Key Exchange Algorithms

In cryptography key exchange algorithms (key agreement protocols / key negotiation schemes)
allow cryptographic keys to be exchanged between two parties, allowing the use of a cryptographic
algorithm, in most cases symmetric encryption cipher. For example, when a laptop connects to the
home Wi-Fi router, both parties agree on a session key, used to symmetrically encrypt the network
traffic between them.

Most key-exchange algorithms are based on public-key cryptography and the math behind this
system: discrete logarithms, elliptic curves or other.

104
 Figure 66: Key Exchange Algorithms

Anonymous key exchange, like Diffie–Hellman (DHKE and ECDH), does not provide
authentication of the parties, and is thus vulnerable to man-in-the-middle attacks, but is safe from
traffic interception (sniffing) attacks.

Authenticated key agreement schemes authenticate the identities of parties involved in the key
exchange and thus prevent man-in-the-middle attacks by use of digitally signed keys (e.g. PKI
certificate), password-authenticated key agreement or other method.

105
 Chapter 4: Cryptographic Data Integrity Algorithms

Data integrity in cryptography is perform with a hash function.

It is based on the fact that the output of a hash function changes when the input has changed.

Therefore, by controlling the computed output before and after any processing, you can verify if
the data was changed in transit.

Figure 67: Data integrity in cryptography

The output of this hash operation are known as message digest or digest.

This specification describes mechanisms for ensuring the authenticity and integrity of structured
digital documents using cryptography, such as digital signatures and other digital mathematical
proofs.

106
This specification was publishing by the Credentials Community Group. It is not a W3C Standard
nor is it on the W3C Standards Track. Please note that under the W3C Community Final
Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and
Business Groups.

Figure 68: hash operation

This is an experimental specification and is undergoing regular revisions. It is not fit for production
deployment.

GitHub Issues are preferred for discussion of this specification. Alternatively, you can send
comments to our mailing list.

Cryptographic proofs enable functionality that is useful to implementers of distributed systems.

For example, proofs can be used to:

107
Make statements that can be shared without loss of trust, because their authorship can be verified
by a third party, for example as part of Verifiable Credentials [VC-DATA-MODEL] or social
media posts.

Authenticate as an entity identified by a particular identifier, for example, as the subject identified
by a Decentralized Identifier (DID) [DID-CORE].

Delegate authorization for actions in a remote execution environment, via mechanisms such as
Authorization Capabilities [ZCAP].

Agree to contracts where the agreement can be verified by another party.

Additionally, many proofs that are based on cryptographic digital signatures provide the benefit of
integrity protection, making documents and data tamper evident.

The term Linked Data is used to describe a recommended best practice for exposing, sharing, and
connecting information on the Web using standards, such as URLs, to identify things and their
properties. When information is presented as Linked Data, other related information can be easily
discovered, and new information can be easily linked to it. Linked Data is extensible in a
decentralized way, greatly reducing barriers to large scale integration.

With the increase in usage of Linked Data for a variety of applications, there is a need to be able
to verify the authenticity and integrity of Linked Data documents. This specification adds
authentication and integrity protection to data documents through the use of mathematical proofs
without sacrificing Linked Data features such as extensibility and compos ability.

Design Goals and Rationale

The Data Integrity specification achieves the following design goals:

Simple for Developers

108
The proof format is designed to be easy to use for developers that don't have significant
cryptography training. For example, cryptographic suite identifiers are used instead of specific
cryptographic parameters to ensure that it is difficult to accidentally produce a weak digital proof.

Layered Architecture
A number of historical digital signature mechanisms have had monolithic designs which limited
use cases by combining data normalization, syntax, digital signature, and serialization into a single
specification. This specification layers each component such that a broader range of use cases,
such as generalized selective disclosure and serialization-agnostic signatures, are enable.

Figure 69: Layered Architecture

Cryptographic Agility
Since digital proof mechanisms might be compromised without warning due to technological
advancements, it is important that proof types can be easily and quickly replaced. This

109
specification provides algorithm agility while still keeping the digital proof format easy for
developers to understand.

Extensibility
Creating and deploying new proof types is a fairly trivial undertaking to ensure that the proof
format increases the rate of innovation in the digital proof space.

Syntax Agnostic Proofs

Cryptographic proofs can be serialized in many different but equivalent ways and have often been
tightly bound to the original document syntax. This specification enables one to create
cryptographic proofs that are not bound to the original document syntax, which enable more
advanced use cases such as being able to use a single digital signature across a variety of RDF-
based graph serialization syntaxes such as JSON-LD, N-Quads, and TURTLE, without the need
to regenerate the proof.

Conformance
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and
notes in this specification are non-normative. Everything else in this specification is normative.

110
 Figure 70: Conformance

The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, and SHOULD in
this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only
when, they appear in all capitals, as shown here.

This section defines the terms used in this specification and throughout decentralized identifier
infrastructure. A link to these terms is included whenever they appear in this specification.

Data integrity proof

A set of attributes that represent a digital proof and the parameters required to verify it.

Unsigned data document

A document that does not contain a data integrity proof.

Signed data document.

111
An unsigned data document that has had a data integrity proof added to it.

Figure 71: Data integrity proof

Public key

Cryptographic material that can be used to verify digital proofs created with a corresponding
private key.

private key

Cryptographic material that can be used to generate digital proofs.

proof type

A specified set of cryptographic primitives bundled together into a cryptographic suite for the
purposes of safety and convenience, by cryptographers for developers. A proof type typically
consists of a canonicalization algorithm, a message digest algorithm, and a specific corresponding
proof algorithm (see section 5. Advanced Terminology).

Proof options

A set of options that is included in the proof data. These options might include controller,
challenge, domain, or other data that is specific to the proof format.

proof purpose

The specific intent for the proof; the reason why an entity created it. The protected declaration acts
as a safeguard to prevent the proof from being misused for a purpose other than the one it was
intended for.

112
Challenge

A random or pseudo-random value used by some authentication protocols to mitigate replay

attacks.

Domain

A string value that specifies the operational domain of a digital proof. This could be an Internet
domain name like [Link], an ad-hoc value such as mycorp-level3-access, or a very specific
transaction value like 8zF6T8J34qP3mqP. A signer could include a domain in its digital proof to
restrict its use to particular target, identified by the specified domain.

Authenticate

Authentication is a process by which an entity can prove it has a specific attribute or controls a
specific secret using one or more verification methods. With DIDs, a common example would be
proving control of the cryptographic private key associated with a public key published in a
controller document.

Figure 72: Authenticate

113
Cryptographic suite

A specification defines the usage of specific cryptographic primitives in order to achieve a

particular security goal. These documents are often used to specify verification methods, digital
signature types, their identifiers, and other related properties.

Figure 73: Cryptographic suite

Decentralized identifier (DID)

A globally unique persistent identifier that does not require a centralized registration authority and
is often generated and/or registered cryptographically. The generic format of a is defined in [DID-
CORE]. Many—but not all—methods make use of distributed ledger technology (DLT) or some
other form of decentralized network.

114
 Figure 74: Decentralized identifier

Controller

An entity that has the capability to make changes to a controller document.

Controller document

A set of data that specifies is one or more relationships between a controller and a set of data, such
as a set of public cryptographic keys.

Resolution

The process that takes as its input a [URL] and a set of resolution options and returns a controller
document plus additional metadata.

Resolver

A resolver is a software and/or hardware component that performs the resolution function by
taking a DID as input and producing a conforming controller document as output.

115
Subject

The entity identified by a DID and described by a controller document. Anything can be a subject:
person, group, organization, physical thing, digital thing, logical thing, etc.

Distributed ledger (DLT).

A non-centralized system for recording events. These systems establish sufficient confidence for
participants to rely upon the data recorded by others to make operational decisions. They typically
use distributed databases where different nodes use a consensus protocol to confirm the ordering
of cryptographically signed transactions. The linking of digitally signed transactions over time
often makes the history of the ledger effectively immutable.

Figure 75: Distributed ledger (DLT)

Resource

As defined by [RFC3986]: "...the term 'resource' is used in a general sense for whatever might be
identified by a URI." Similarly, any resource might serve as a subject identified by a DID.

116
Verifiable credential

A standard data model and representation format for cryptographically verifiable digital
credentials as defined by the W3C Verifiable Credentials specification [VC-DATA-MODEL].

Verification method

A set of parameters that can be used together with a process to independently verify a proof. For
example, a cryptographic public key can be used as a verification method with respect to a digital
signature; in such usage, it verifies that the signer possessed the associated cryptographic private
key.

"Verification" and "proof" in this definition are intended to apply broadly. For example, a
cryptographic public key might be used during Diffie-Hellman key exchange to negotiate a shared
symmetric key for encryption. This guarantees the integrity of the key agreement process. It is thus
another type of verification method, even though descriptions of the process might not use the
words "verification" or "proof."

Data Model

This section specifies the data model that is used for expressing data integrity proofs and
verification methods.

Proofs

A data integrity proof is comprised of information about the proof, parameters required to verify
it, and the proof value itself. All of this information is provided using Linked Data vocabularies
such as [SECURITY-VOCABULARY].

117
A data integrity proof typically includes at least the following attributes:

Type

Required. The specific proof type used. For example, an Ed25519Signature2020 type indicates
that the proof includes a digital signature produced by an ed25519 cryptographic key.

Proof Purpose

Required. The specific intent for the proof, the reason why an entity created it. Acts as a safeguard
to prevent the proof from being misused for a purpose other than the one it was intended for. For
example, a proof can be used for purposes of authentication, for asserting control of a Verifiable
Credential (assertion Method), and several others.

Verification Method

Require. A set of parameters required to independently verify the proof, such as an identifier for a
public/private key pair that would be used in the proof.

Created

Required. The string value of an [ISO8601] combined date and time string generated by the Proof
Algorithm.

Domain

Optional. A string value specifying the restricted domain of the proof.

Proof Value

Required. One of any number of valid representations of proof value generated by the Proof
Algorithm.

Authentication

Indicates that a given proof is only to be used for the purposes of an authentication protocol.

Assertion Method

118
Indicates that a proof can only be used for making assertions, for example signing a Verifiable
Credential.

Figure 76: Assertion Method

Key Agreement

Indicates that a proof is used for key agreement protocols, such as Elliptic Curve Diffie Hellman
key agreement used by popular encryption libraries.

Capability Delegation

Indicates that the proof can only be used for delegating capabilities. See the Authorization
Capabilities [ZCAP] specification for more detail.

Capability Invocation

Indicates that the proof can only be used for invoking capabilities. See the Authorization
Capabilities [ZCAP] specification for more detail.

119
Note: The Authorization Capabilities [ZCAP] specification defines additional proof purposes for
that use case, such as capability Invocation and capability Delegation.

A controller document is a set of data that specifies one or more relationships between a controller
and a set of data, such as a set of public cryptographic keys. The controller document SHOULD
contain verification relationships that explicitly permit the use of certain verification methods for
specific purposes.

Verification Methods

A controller document can express verification methods, such as cryptographic public keys, which
can be used to authenticate or authorize interactions with the controller or associated parties. For
example, a cryptographic public key can be used as a verification method with respect to a digital
signature; in such usage, it verifies that the signer could use the associated cryptographic private
key. Verification methods might take many parameters. An example of this is a set of five
cryptographic keys from which any three are required to contribute to a cryptographic threshold
signature.

Verification Method

The verification Method property is OPTIONAL. If present, the value MUST be a set of
verification methods, where each verification method is expressed using a map. The verification
method map MUST include the id, type, controller, and specific verification material properties
that are determined by the value of type and are defined in [Link] Verification Material. A
verification method MAY include additional properties. Verification methods SHOULD be
registered in the Data Integrity Specification Registries [TBD - DIS-REGISTRIES].

id

120
The value of the id property for a verification method MUST be a string that conforms to the
[URL] syntax.

Type

The value of the type of property MUST be a string that references exactly one verification method
type. In order to maximize global interoperability, the verification method type SHOULD be
registered in the Data Integrity Specification Registries [TBD -- DIS-REGISTRIES].

Verification Material

Verification material is any information that is used by a process that applies a verification method.
The type of a verification method is expected to be used to determine its compatibility with such
processes. Examples of verification material properties are publicKeyJwk or publicKeyMultibase.
A cryptographic suite specification is responsible for specifying the verification method type and
its associated verification material. For example, see JSON Web Signature 2020 and Ed25519
Signature 2020. For all registered verification method types and associated verification material
available for controllers, please see the Data Integrity Specification Registries [TBD - DIS-
REGISTRIES].

Ensuring that cryptographic suites are versioned and tightly scoped to a very small set of possible
key types and signature schemes (ideally one key type and size and one signature output type) is a
design goal for most Data Integrity cryptographic suites. Historically, this has been done by
defining both the key type and the cryptographic suite that uses the key type in the same
specification. The downside of doing so, however, is that there might be a proliferation of different
key types in multikey that result in different crypto suites defining the same key material
differently. For example, one crypto suite might use compressed Curve P-256 keys while another
uses uncompressed values. If that occurs, it will harm interoperability. It will be important in the
coming months to years to ensure that this does not happen by fully defining the multikey format
in a separate specification so crypto suite specifications, such as this one, can refer to the multikey

121
specification, thus reducing the chances of multikey type proliferation and improving the chances
of maximum interoperability for the multikey format.

To increase the likelihood of interoperable implementations, this specification limits the number
of formats for expressing verification material in a controller document. The fewer formats that
implementers have to implement, the more likely it will be that they will support all of them. This
approach attempts to strike a delicate balance between ease of implementation and supporting
formats that have historically had broad deployment. Two supported verification material
properties are listed below:

Public Key Jwk

The publicKeyJwk property is OPTIONAL. If present, the value MUST be a map representing a
JSON Web Key that conforms to [RFC7517]. The map MUST NOT contain "d", or any other
members of the private information class as described in Registration Template. It is
RECOMMENDED that verification methods that use JWKs [RFC7517] to represent their public
keys use the value of kid as their fragment identifier. It is RECOMMENDED that JWK kid values
are set to the public key fingerprint [RFC7638]. See the first key in Example 7 for an example of
a public key with a compound key identifier.

122
 Figure 77: Public Key Jwk

Public Key Multiphase

The public Key Multibase property is OPTIONAL. This feature is non-normative. If present, the
value MUST be a string representation of a [MULTIBASE] encoded public key.

A verification method MUST NOT contain multiple verification material properties for the same
material. For example, expressing key material in a verification method using both publicKeyJwk
and publicKeyMultibase at the same time is prohibited.

The Multikey data model is a specific type of verification method that utilizes the
[MULTICODEC] specification to encode key types into a single binary stream that is then encoded
using the [MULTIBASE] specification. To encode a Multikey, the verification method type
MUST be set to Multikey and the publicKeyMultibase value MUST be a [MULTIBASE] encoded
[MULTICODEC] value.

123
 Figure 78: Public Key Multiphase

Referring to Verification Methods

Verification methods can be embedded in or referenced from properties associated with various
verification relationships as described in 2.3.2 Verification Relationships. Referencing verification
methods allows them to be used by more than one verification relationship.

If the value of a verification method property is a map, the verification method has been embedded
and its properties can be accessed directly. However, if the value is a URL string, the verification
method has been included by reference and its properties will need to be retrieved from elsewhere
in the controller document or from another controller document. This is done by dereferencing the
URL and searching the resulting resource for a verification method map with an id property whose
value matches the URL.

124
Verification Relationships

A verification relationship expresses the relationship between the controller and a verification
method.

Different verification relationships enable the associated verification methods to be used for
different purposes. It is up to a verifier to ascertain the validity of a verification attempt by checking
that the verification method used is contained in the appropriate verification relationship property
of the controller document.

The verification relationship between the controller and the verification method is explicit in the
controller document. Verification methods that are not associated with a particular verification
relationship cannot be used for that verification relationship. For example, a verification method
in the value of the authentication property cannot be used to engage in key agreement protocols
with the controller—the value of the key Agreement property needs to be used for that.

The controller document does not express revoked keys using a verification relationship. If a
referenced verification method is not in the latest controller document used to dereference it, then
that verification method is considered invalid or revoked.

The following sections define several useful verification relationships. A controller document
MAY include any of these, or other properties, to express a specific verification relationship. In
order to maximize global interoperability, any such properties used SHOULD be registered in the
Data Integrity Specification Registries [TBD: DIS-REGISTRIES].

Authentication

The authentication verification relationship is used to specify how the controller is expected to be
authenticated, for purposes such as logging into a website or engaging in any sort of challenge-
response protocol.

Authentication

125
The authentication property is OPTIONAL. If present, the associated value MUST be a set of one
or more verification methods. Each verification method MAY be embedded or referenced.

If authentication is established, it is up to the application to decide what to do with that information.

This is useful to any authentication verifier that needs to check to see if an entity that is attempting
to authenticate is, in fact, presenting a valid proof of authentication. When a verifier receives some
data (in some protocol-specific format) that contains a proof that was made for the purpose of
"authentication", and that says that an entity is identified by the id, then that verifier checks to
ensure that the proof can be verified using a verification method (e.g., public key) listed under
authentication in the controller document.

Note that the verification method indicated by the authentication property of a controller document
can only be used to authenticate the controller. To authenticate a different controller, the entity
associated with the value of controller needs to authenticate with its own controller document and
associated authentication verification relationship.

Assertion

The assertion Method verification relationship is used to specify how the controller is expected to
express claims, such as for the purposes of issuing a Verifiable Credential [VC-DATA-MODEL].

126
 Figure 79: Assertion

Assertion Method

The assertion Method property is OPTIONAL. If present, the associated value MUST be a set of
one or more verification methods. Each verification method MAY be embedded or referenced.

This property is useful, for example, during the processing of a verifiable credential by a verifier.
During verification, a verifier checks to see if a verifiable credential contains a proof created by
the controller by checking that the verification method used to assert the proof is associated with
the assertion Method property in the corresponding controller document.

Key Agreement

The key Agreement verification relationship is used to specify how an entity can generate
encryption material in order to transmit confidential information intended for the controller, such
as for the purposes of establishing a secure communication channel with the recipient.

Key Agreement

127
The key Agreement property is OPTIONAL. If present, the associated value MUST be a set of
one or more verification methods. Each verification method MAY be embedded or referenced.

An example of when this property is useful is when encrypting a message intended for the
controller. In this case, the counterparty uses the cryptographic public key information in the
verification method to wrap a decryption key for the recipient.

Capability Invocation

The capability Invocation verification relationship is used to specify a verification method that
might be used by the controller to invoke a cryptographic capability, such as the authorization to
update the controller document.

capability Invocation

The capability Invocation property is OPTIONAL. If present, the associated value MUST be a set
of one or more verification methods. Each verification method MAY be embedded or referenced.

An example of when this property is useful is when a controller needs to access a protected HTTP
API that requires authorization in order to use it. In order to authorize when using the HTTP API,
the controller uses a capability that is associated with a particular URL that is exposed via the
HTTP API. The invocation of the capability could be expressed in a number of ways, e.g., as a
digitally signed message that is placed into the HTTP Headers.

The server providing the HTTP API is the verifier of the capability and it would need to verify that
the verification method referred to by the invoked capability exists in the capability Invocation
property of the controller document. The verifier would also check to make sure that the action
being performed is valid and the capability is appropriate for the resource being accessed. If the
verification is successful, the server has cryptographically determined that the invoker is
authorized to access the protected resource.

128
The capability Delegation verification relationship is used to specify a mechanism that might be
used by the controller to delegate a cryptographic capability to another party, such as delegating
the authority to access a specific HTTP API to a subordinate.

Capability Delegation

The capability Delegation property is OPTIONAL. If present, the associated value MUST be a set
of one or more verification methods. Each verification method MAY be embedded or referenced.

An example of when this property is useful is when a controller chooses to delegate their capability
to access a protected HTTP API to a party other than themselves. In order to delegate the
capability, the controller would use a verification method associated with the capability Delegation
verification relationship to cryptographically sign the capability over to another controller.

Multiple Proofs

The Data Integrity specification supports the concept of multiple proofs in a single document.
There are two types of multi-proof approaches that are identified: Proof Sets (un-ordered) and
Proof Chains (ordered).

Proof Sets

A proof set is useful when the same data needs to be secured by multiple entities, but where the
order of proofs does not matter, such as in the case of a set of signatures on a contract. A proof set,
which has no order, is represented by associating a set of proofs with the proof key in a document.

Proof Chains

A proof chain is useful when the same data needs to be signed by multiple entities and the order
of when the proofs occurred matters, such as in the case of a notary counter-signing a proof that

129
had been created on a document. A proof chain, where order needs to be preserved, is represented
by associating an ordered list of proofs with the proof Chain key in a document.

Proof Types

Signatures

A data integrity signature is a type of cryptographic proof, and is comprised of information about
the signature, parameters required to verify it, and the signature value itself. All of this information
is provided using Linked Data vocabularies such as the [SECURITY-VOCABULARY].

A data integrity signature typically includes at least the following attributes:

Type (required)

A URI that identifies the digital cryptographic suite that was used to create the signature. For
example: Ed25519Signature2020.

Created (required)

The string value of an [ISO8601] combined date and time string generated by the Proof Algorithm.

Domain (optional)

A string value is specifying the restricted domain of the signature.

nonce (optional, but strongly recommended)

A string value that is included in the digital signature and MUST only be used once for a particular
domain and window of time. This value is used to mitigate replay attacks.

signature value (required)

One of any number of valid representations of signature value is generated by the Proof Algorithm.
Example: jaws for detached JSON Web Signatures.

130
Specify algorithm agility mechanisms (additional attributes from the security vocal can be used to
indicate other signing and hash algorithms). Rewrite algorithms to be parameterized on this basis
and move RsaSignature2018 definition to a single supported mechanism; specify its identifier as
a URL. In order to make it easy to specify a variety of combinations of algorithms, introduce a
core type Linked Data Signature that allows for easy filtering/discover of signature nodes, but that
type on its own doesn't specify any default signature or hash algorithms, those must be given via
other properties in the nodes.

Advanced Terminology

These terms are relevant only to implementers of new cryptographic suites.

Canonicalization algorithm

An algorithm that takes an input document that has more than one possible representation and
always transforms it into a deterministic representation. For example, alphabetically sorting a list
of items is a type of canonicalization. This process is sometimes also called normalization.

131
 Figure 80: Canonicalization algorithm

Message digest algorithm

An algorithm that takes an input message and produces a cryptographic output message that is
often many orders of magnitude smaller than the input message. These algorithms are often 1)
very fast, 2) non-reversible, 3) cause the output to change significantly when even one bit of the
input message changes, and 4) make it infeasible to find two different inputs for the same output.

132
 Figure 81: Message digest algorithm

Proof algorithm

An algorithm that takes an input message and produces an output value where the receiver of the
message can mathematically verify that the message has not been modified in transit and came
from someone possessing a particular secret.

Creating New Proof Types

A data integrity proof is designed to be easy to use by developers and therefore strives to minimize
the amount of information one has to remember to generate a proof. Often, just the cryptographic
suite name (e.g., Ed25519Signature2020) is required from developers to initiate the creation of a
proof. These cryptographic suites are often created or reviewed by people that have the requisite
cryptographic training to ensure that safe combinations of cryptographic primitives are used.

This section details the cryptographic primitives that are available to proof type developers.

133
At a minimum, a proof type is expected have the following attributes:

Id

A URL that identifies the cryptographic suite. For example:

[Link]

type

The value Proof Suite.

canonicalization Algorithm

A URL that identifies the canonicalization algorithm to use on the document. For example:
[Link]

digest Algorithm

A URL that identifies the message digest algorithm to use on the canonicalized document. For
example: [Link]

proof Algorithm

A URL that identifies the proof algorithm to use on the data to be signed. For example:
[Link]

Algorithms

The algorithms defined below are generalized in that they require a specific canonicalization
algorithm, message digest algorithm, and proof algorithm to be used to achieve the algorithm's
intended outcome.

Proof Algorithm

The following algorithm specifies how to create a digital proof that can be later used to verify the
authenticity and integrity of a unsigned data document. A unsigned data document, document,
proof options, options, and a private key, private Key, are required inputs. The proof options

134
MUST contain an identifier for the public/private key pair, and an [ISO8601] combined date and
time string, created, containing the current date and time, accurate to at least one second, in
Universal Time Code format. A domain might also be specified in the options. A signed data
document is produced as output. Whenever this algorithm encodes strings, it MUST use UTF-8
encoding.

Create a copy of document, hereafter referred to as output.

Generate a canonicalized document by canonicalizing document according to a canonicalization

algorithm (e.g., the URDNA2015 [RDF-DATASET-C14N] algorithm).

Create a value tbs that represents the data to be signed and set it to the result of running the Create
Verify Hash Algorithm, passing the information in options.

Digitally sign tbs using the private Key and the digital proof algorithm (e.g., JSON Web Proof
using RSASSA-PKCS1-v1_5 algorithm). The resulting string is the proof Value.

Add a proof node to output containing a data integrity proof using the appropriate type and proof
Value values as well as all of the data in the proof options (e.g., created, and if given, any additional
proof options such as domain).

Return output as the signed data document.

Proof Verification Algorithm

The following algorithm specifies how to check the authenticity and integrity of a signed data
document by verifying its digital proof. This algorithm takes a signed data document, signed
document and outputs a true or false value based on whether or not the digital proof on signed
document was verified. Whenever this algorithm encodes strings, it MUST use UTF-8 encoding.

The following algorithm specifies how to check the authenticity and integrity of a signed data
document by verifying its digital proof. This algorithm takes a signed data document, signed

135
document and outputs a true or false value based on whether or not the digital proof on signed
document was verified. Whenever this algorithm encodes strings, it MUST use UTF-8 encoding.

Get the public key by dereferencing its URL identifier in the proof node of the default graph of
signed document. Confirm that the unsigned data document that describes the public key specifies
its controller and that its controllers’ URL identifier can be dereferenced to reveal a bi-directional
link back to the key. Ensure that the key's controller is a trusted entity before proceeding to the
next step.

Let document be a copy of signed document.

Remove any proof nodes from the default graph in document and save it as proof.

Generate a canonicalized document by canonicalizing document according to the canonicalization

algorithm (e.g., the URDNA2015 [RDF-DATASET-C14N] algorithm).

Create a value tbv that represents the data to be verified and set it to the result of running the Create
Verify Hash Algorithm, passing the information in proof.

Pass the proof Value, tbv, and the public key to the proof algorithm (e.g., JSON Web Proof using
RSASSA-PKCS1-v1_5 algorithm). Return the resulting Boolean value.

Create Verify Hash Algorithm

The following algorithm specifies how to create the data that is used to generate or verify a digital
proof. It takes a canonicalized unsigned data document, canonicalized document, canonicalization
algorithm, a message digest algorithm, and proof options, input options (by reference). The proof
options MUST contain an identifier for the public/private key pair, and an [ISO8601] combined
date and time string, created, containing the current date and time, accurate to at least one second,
in Universal Time Code format. A domain might also be specified in the options. Its output is a
data that can be used to generate or verify a digital proof (it is usually further hashed as part of the
verification or signing process).

136
 Figure 82: Create Verify Hash Algorithm

Let options be a copy of input options.

If the proof Value parameter, such as jws, exists in options, remove the entry.

If created does not exist in options, add an entry with a value that is an [ISO8601] combined date
and time string containing the current date and time accurate to at least one second, in Universal
Time Code format. For example: 2017-11-13T[Link]Z.

Generate output by:

Creating a canonicalized options document by canonicalizing options according to the

canonicalization algorithm (e.g., the URDNA2015 [RDF-DATASET-C14N] algorithm).

Hash canonicalized options document using the message digest algorithm (e.g., SHA-256) and set
output to the result.

137
Hash canonicalized document using the message digest algorithm (e.g. SHA-256) and append it
to output.

This last step needs further clarification. Signing implementations usually automatically perform
their own integrated hashing of an input message, i.e. signing algorithms are a combination of a
raw signing mechanism and a hashing mechanism such as RS256 (RSA + SHA-256). Current
implementations of RSA-based data integrity proof suites therefore do not perform this last step
before passing the data to a signing algorithm as it will be performed internally. The
Ed25519Proof2018 algorithm also does not perform this last step -- and, in fact, uses SHA-512
internally. In short, this last step should better communicate that the 64 bytes produced from
concatenating the SHA-256 of the canonicalized options with the SHA-256 of the canonicalized
document are passed into the signing algorithm with a presumption that the signing algorithm will
include hashing of its own.

Security Considerations

The following section describes security considerations that developers implementing this
specification should be aware of in order to create secure software.

Verification Method Binding

Implementers must ensure that a verification method is bound to a particular controller by going
from the verification method to the controller document, and then ensuring that the controller
document also contains the verification method.

Verification Relationship Validation

Implementers need to ensure that when a verification method is used, that it matches the
verification relationship associated with it and that it lines up with the proof purpose.

138
Canonicalization Method Correctness

Canonicalization mechanisms utilized for normalizing input to hashing functions need to have
vetted mathematical proofs associated with them. Canonicalization mechanisms that create
collisions in hash functions can be used to attack digital signatures.

Privacy Considerations

The following section describes privacy considerations that developers implementing this
specification should be aware of in order to create privacy enhancing software.

Unlink ability.

When the contents of a digitally signed payload contain co relatable identifiers, those identifiers
can be used to track individuals. A static digital signature is a co relatable identifier. There are
digital signature schemes that provide un co relatable digital signatures.

Figure 83: Unlink ability.

Selective Disclosure

139
When the contents of a digitally signed payload contain co relatable identifiers, those identifiers
can be used to track individuals. A static digital signature is a co relatable identifier. There are
selective disclosure digital signature schemes, such as BBS+, that are capable of not disclosing co
relatable identifiers and ensuring that a different but valid digital signature is re-created upon every
presentation.

Techniques used For Cryptography: In today’s age of computers cryptography is often associated
with the process where an ordinary plain text is converted to cipher text which is the text made
such that intended receiver of the text can only decode it and hence this process is known as
encryption. The process of conversion of cipher text to plain text this is known as decryption.

Features of Cryptography are as follows:

Confidentiality: The person for whom it is intended can only access Information and no other
person except him can access it.

Integrity: Information cannot be modified in storage or transition between sender and intended
receiver without any addition to information being detected.

Non-repudiation: The creator/sender of information cannot deny his intention to send information
at later stage.

Authentication: The identities of sender and receiver are confirmed. As well as destination/origin
of information is confirmed.

Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message
use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and
simpler, but the problem is that sender and receiver have to somehow exchange key in a secure
manner. The most popular symmetric key cryptography system are Data Encryption System (DES)
and Advanced Encryption System(AES).

140
Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to be recovered.
Many operating systems use hash functions to encrypt passwords.

Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt
information. A receiver’s public key is used for encryption and a receiver’s private key is used for
decryption. Public key and Private Key are different. Even if the public key is known by everyone
the intended receiver can only decode it because he alone knows his private key. The most popular
asymmetric key cryptography algorithm is RSA algorithm.

Applications Of Cryptography:

Computer passwords: Cryptography is widely utilized in computer security, particularly when

creating and maintaining passwords. When a user logs in, their password is hashed and compared
to the hash that was previously stored. Passwords are hashed and encrypted before being stored.
In this technique, the passwords are encrypted so that even if a hacker gains access to the password
database, they cannot read the passwords.

Digital Currencies: To safeguard transactions and prevent fraud, digital currencies like Bitcoin
also use cryptography. Complex algorithms and cryptographic keys are used to safeguard
transactions, making it nearly hard to tamper with or forge the transactions.

Secure web browsing: Online browsing security is provided by the use of cryptography, which
shields users from eavesdropping and man-in-the-middle assaults. Public key cryptography is used
by the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt data
sent between the web server and the client, establishing a secure channel for communication.

Electronic signatures: Electronic signatures serve as the digital equivalent of a handwritten

signature and are used to sign documents. Digital signatures are created using cryptography and
can be validated using public key cryptography. In many nations, electronic signatures are
enforceable by law, and their use is expanding quickly.

141
Authentication: Cryptography is used for authentication in many different situations, such as
when accessing a bank account, logging into a computer, or using a secure network. Cryptographic
methods are employed by authentication protocols to confirm the user’s identity and confirm that
they have the required access rights to the resource.

Crypto currencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and Ethereum
to safeguard transactions, thwart fraud, and maintain the network’s integrity. Complex algorithms
and cryptographic keys are used to safeguard transactions, making it nearly hard to tamper with or
forge the transactions.

End-to-End Encryption: End-to-end encryption is used to protect two-way communications like

video conversations, instant messages, and email. Even if the message is encrypted, it assures that
only the intended receivers can read the message. End-to-end encryption is widely used in
communication apps like WhatsApp and Signal, and it provides a high level of security and privacy
for users.

Figure 84: Applications of Cryptography

142
Advantages

Access Control: Cryptography can be used for access control to ensure that only parties with the
proper permissions have access to a resource. Only those with the correct decryption key can
access the resource thanks to encryption.

Secure Communication: For secure online communication, cryptography is crucial. It offers

secure mechanisms for transmitting private information like passwords, bank account numbers,
and other sensitive data over the internet.

Protection against attacks: Cryptography aids in the defence against various types of assaults,
including replay and man-in-the-middle attacks. It offers strategies for spotting and stopping these
assaults.

Compliance with legal requirements: Cryptography can assist firms in meeting a variety of legal
requirements, including data protection and privacy legislation.

Figure 85: Advantages of Cryptography

143
 Chapter 5: Mutual Trust

Mutual authentication is when two sides of a communications channel verify each other's identity,
instead of only one side verifying the other. Mutual authentication is also known as "two-way
authentication" because the process goes in both directions.

Figure 86: Mutual authentication

When someone uses a rideshare app, they usually check the license plate or the description of the
vehicle to make sure they are getting into the right car. Once they get in, the driver asks the
passenger for their name to confirm they are picking up the right person. The passenger and driver
each check that they are interacting with the intended person — so that the driver is providing the
correct service, the passenger is in a car going to their destination, and both can confirm they are
with someone who has been verified by the rideshare app.

Similarly, mutual authentication verifies both parties in a digital communications channel. For
example, a client and a server using mutual authentication take steps to independently verify each
other's identity, instead of only the client authenticating the server. Device-to-device connections,
like those between Internet of Things (IoT) devices, often use mutual authentication as well.

144
Mutual authentication is most commonly associated with the Transport Layer Security (TLS)
protocol, but it can be used by other protocols and in other contexts too. Learn about mutual TLS.

How does mutual authentication work?

There are three main methods for mutually authenticating the ends of a communications channel:

1. Public key authentication: This method relies on public key cryptography. A key is a string of
data that can be used to encrypt or digitally sign data. Public key cryptography uses two keys — a
public key and a private key. Data encrypted with the public key is decrypted with the private key.

In public key mutual authentication, both sides of the communication advertise a public key, and
both have to prove they possess the private key that accompanies their public key — like someone
showing a government-issued ID card to verify their name. Each side sends a digital signature to
the other side. If the signature can be verified with the public key, then the correct private key was
used, and the party that sent the signature is legitimate.

Figure 87: mutual authentication work framework

145
2. Certificate authentication: This approach is similar to public key authentication, except
instead of just a public key, both parties have a public key certificate. The certificate contains
additional information that helps verify the parties’ identities — including who issued the
certificate and public key, whom the certificate applies to, when the certificate expires, and so on.
TLS certificates can be used for this type of mutual authentication if both sides have one.

3. Username and password: Despite the name, this method of mutual authentication still uses a
certificate on the server side. The server presents a certificate to the client, which verifies the
certificate. On the client side, it is just like typical username/password authentication: the client
sends its username and password combination to the server, which verifies the credentials.

When is mutual authentication used?

One-way authentication happens all the time on the Internet. Every time someone loads a website
that uses HTTPS, their device authenticates the identity of the web server by checking the server's
TLS certificate. Another example would be a person signing into their account on an application
— in this case, the application is authenticating the person.

While mutual authentication eliminates some security flaws and makes some types of attacks far
more difficult to carry out, it adds more time and computing power to the exchange of information.
It also requires some advance setup — both sides of the communication need a set of credentials,
a public-private key pair, or a public key certificate (depending on the kind of authentication in
use). This makes mutual authentication difficult to implement for the average user, and this is why
mutual authentication is not normally a part of TLS when someone is using a web application.

146
 Figure 88: Mutual authentication

The main use cases for mutual authentication include:

IoT: Most IoT devices need to connect to a remote server in order to function properly. They may
need to connect to other IoT devices as well. IoT devices have to do so over an unsecured network
(the Internet). Mutual authentication helps ensure that the data they receive is accurate and from a
legitimate source, reducing the chances that an attacker has compromised their connections.

Figure 89: IoT

147
API security: Authentication ensures that API requests come from a legitimate source. Mutual
authentication is one way to make sure that an API is not accepting requests from attackers, and
that an API user is not accepting spoofed API responses.

Figure 90: API security

Zero Trust security: "Zero Trust" is a philosophy that assumes any user or device could present a
threat. By requiring both sides of a connection to authenticate, mutual authentication ensures only
legitimate users are connected to the network, server, or application. Conversely, users can be sure
they have connected to the correct network, server, or application.

What kinds of attacks does mutual authentication help stop?

148
On-path attacks: In an on-path attack, an attacker is in the middle of a connection between two
parties. The attacker intercepts communications in both directions and impersonates the two ends
of the conversation to each other. Mutual authentication helps stop this type of attack because the
attacker will not be able to authenticate to both ends of the communication.

Spoofing and impersonation: Attackers use these attacks to trick a server or a user into thinking
they are a known and trusted party. An attacker could spoof a web server to a user, or vice versa.
Such attacks are far more difficult when both sides have to authenticate.

Credential theft: Some forms of mutual authentication are password-based, and these could still
be subject to credential theft (when an attacker steals a legitimate user's password). However, since
mutual authentication is usually public key based, credential theft is not possible because there are
no credentials to steal. This can stop phishing attacks from having an effect.

What protocols support mutual authentication?

These networking protocols either have mutual authentication built in or offer the option to use it:

Secure Shell Protocol (SSH): SSH is a tunnelling protocol for securely connecting to a remote
server or device. SSH can use either public key authentication or certificate authentication. In other
words, it is possible to mutually authenticate in SSH with either a public key or with a public key
certificate.

TLS: While TLS does not mutually authenticate both ends of a connection by default, it can be
used for this purpose. Mutual TLS (mTLS) is one of the most commonly applied types of mutual
authentication. In mTLS, both sides of a connection have a TLS certificate. mTLS is commonly
used for API security, IoT security, and Zero Trust security applications.

Does Cloud flare offer mutual authentication?

Mutual authentication is core to several of the Zero Trust security solutions that Cloudflare offers.
Cloudflare Zero Trust, a platform for application access control and Internet browsing, offers

149
mTLS for verifying users and devices. Cloudflare API Shield supports mTLS for API
authentication and security.

What is mutual TLS (mTLS)?

Mutual TLS, or mTLS for short, is a method for mutual authentication. mTLS ensures that the
parties at each end of a network connection are who they claim to be by verifying that they both
have the correct private key. The information within their respective TLS certificates provides
additional verification.

mTLS is often used in a Zero Trust security framework* to verify users, devices, and servers within
an organization. It can also help keep APIs secure.

*Zero Trust means that no user, device, or network traffic is trusted by default, an approach that
helps eliminate many security vulnerabilities.

What is TLS?

Transport Layer Security (TLS) is an encryption protocol in wide use on the Internet. TLS, which
was formerly called SSL, authenticates the server in a client-server connection and encrypts
communications between client and server so that external parties cannot spy on the
communications.

150
 Figure 91: TLs & mTLS

There are three important things to understand about how TLS works:

1. Public key and private key

TLS works using a technique called public key cryptography, which relies on a pair of keys — a
public key and a private key. Anything encrypted with the public key can be decrypted only with
the private key

Therefore, a server that decrypts a message that was encrypted with the public key proves that it
possesses the private key. Anyone can view the public key by looking at the domain's or server's
TLS certificate.

151
 Figure 92: Public key and private key

2. TLS certificate

A TLS certificate is a data file that contains important information for verifying a server's or
device's identity, including the public key, a statement of who issued the certificate (TLS
certificates are issued by a certificate authority), and the certificate's expiration date.

3. TLS handshake

The TLS handshake is the process for verifying the TLS certificate and the server's possession of
the private key. The TLS handshake also establishes how encryption will take place once the
handshake is finished.

152
 Figure 93: TLS certificate & TLS handshake

How does m TLS work?

Normally in TLS, the server has a TLS certificate and a public/private key pair, while the client
does not. The typical TLS process works like this:

Client connects to server.

Server presents its TLS certificate.

Client verifies the server's certificate.

Client and server exchange information over encrypted TLS connection

153
 Figure 94: Client and server exchange

In mTLS, however, both the client and server have a certificate, and both sides authenticate using
their public/private key pair. Compared to regular TLS, there are additional steps in mTLS to verify
both parties (additional steps in bold):

Client connects to server.

Server presents its TLS certificate.

Client verifies the server's certificate.

Client presents its TLS certificate.

Server verifies the client's certificate.

Server grants access

Client and server exchange information over encrypted TLS connection

154
 Figure 95: Client and server exchange information

Certificate authorities in mTLS

The organization implementing mTLS acts as its own certificate authority. This contrasts with
standard TLS, in which the certificate authority is an external organization that checks if the
certificate owner legitimately owns the associated domain (learn about TLS certificate validation).

A "root" TLS certificate is necessary for mTLS; this enables an organization to be their own
certificate authority. The certificates used by authorized clients and servers have to correspond to
this root certificate. The root certificate is self-signed, meaning that the organization creates it
themselves. (This approach does not work for one-way TLS on the public Internet because an
external certificate authority has to issue those certificates.)

Why use mTLS?

mTLS helps ensure that traffic is secure and trusted in both directions between a client and server.
This provides an additional layer of security for users who log in to an organization's network or
applications. It also verifies connections with client devices that do not follow a login process,
such as Internet of Things (IoT) devices.

155
mTLS prevents various kinds of attacks, including:

On-path attacks: On-path attackers place themselves between a client and a server and intercept
or modify communications between the two. When mTLS is used, on-path attackers cannot
authenticate to either the client or the server, making this attack almost impossible to carry out.

Spoofing attacks: Attackers can attempt to "spoof" (imitate) a web server to a user, or vice versa.
Spoofing attacks are far more difficult when both sides have to authenticate with TLS certificates.

Credential stuffing: Attackers use leaked sets of credentials from a data breach to try to log in as
a legitimate user. Without a legitimately issued TLS certificate, credential stuffing attacks cannot
be successful against organizations that use mTLS.

Brute force attacks: Typically carried out with bots, a brute force attack is when an attacker uses
rapid trial and error to guess a user's password. mTLS ensures that a password is not enough to
gain access to an organization's network. (Rate limiting is another way to deal with this type of bot
attack.)

Phishing attacks: The goal of a phishing attack is often to steal user credentials, then use those
credentials to compromise a network or an application. Even if a user falls for such an attack, the
attacker still needs a TLS certificate and a corresponding private key in order to use those
credentials.

Malicious API requests: When used for API security, mTLS ensures that API requests come from
legitimate, authenticated users only. This stops attackers from sending malicious API requests that
aim to exploit a vulnerability or subvert the way the API is supposed to function.

Websites already use TLS, so why is mTLS not used on the entire Internet?

For everyday purposes, one-way authentication provides sufficient protection. The goals of TLS
on the public Internet are 1) to ensure that people do not visit spoofed websites, 2) to keep private
data secure and encrypted as it crosses the various networks that comprise the Internet, and 3) to
make sure that data is not altered in transit. One-way TLS, in which the client verifies the server's
identity only, accomplishes these goals.

156
 Figure 96: use TLS

Additionally, distributing TLS certificates to all end user devices would be extremely difficult.
Generating, managing, and verifying the billions of certificates necessary for this is a near-
impossible task.

But on a smaller scale, mTLS is highly useful and quite practical for individual organizations,
especially when those organizations employ a Zero Trust approach to network security. Since a
Zero Trust approach does not trust any user, device, or request by default, organizations must be
able to authenticate every user, device, and request every time they try to access any point in the
network. mTLS helps make this possible by authenticating users and verifying devices.

How does Cloudflare use mTLS?

Cloudflare Zero Trust uses mTLS for Zero Trust security. Cloudflare API Shield also uses mTLS
to verify API endpoints, ensuring that no unauthorized parties can send potentially malicious API
requests. Learn how to implement mTLS with Cloudflare.

157
Mutual authentication, also known as two-way authentication, is a security process in which
entities authenticate each other before actual communication occurs. In a network environment,
this requires that both the client and the server must provide digital certificates to prove their
identities. In a mutual authentication process, a connection can occur only if the client and the
server exchange, verify, and trust each other's certificates. The certificate exchange occurs by
means of the Transport Layer Security (TLS) protocol. The core of this process is to make sure
that clients communicate with legitimate servers, and servers cooperate only with clients who
attempt access for legitimate purposes.

Figure 97: Cloudflare use mTLS

The mutual authentication process involves the following certificates.

158
Root CA certificate

Used to identify a certificate authority (CA) that signed a client's certificate. It is a self-signed
certificate that meets the X.509 standard, defining the format of public key certificates. In IoT
products, clients upload a root CA certificate or a certificate chain to verify that the certificates
that client devices send to edge servers can be trusted. See Upload the Mutual Authentication root
certificate.

Figure 98: Root CA certificate

Server SSL certificate

Used to identify edge servers to client devices over TLS and to establish a secure connection during
the TLS handshake. It is the enhanced TLS certificate that you provide in your property
configuration. See Associate a property hostname to an edge hostname.

159
 Figure 99: Server SSL certificate

Client SSL certificate

Used to identify client devices to edge servers over TLS. This certificate must meet the X.509
standard, defining the format of public key certificates.

The process of authenticating and establishing an encrypted channel using certificate-based mutual
authentication involves the following steps:

During configuration, administrators provide a root CA certificate or a certificate chain used to

sign certificates on client devices. They can do it in Certificate Provisioning System (CPS). See
Upload the Mutual Authentication root certificate.

The OTA Updates application deploys the certificate chain to the Akamai Platform.

160
Once the signing CA certificates propagate across the Akamai Platform, client device can connect
by using MQTT, HTTP, or WebSocket protocols and request access to a topic.

The edge server presents its certificate to the client device.

The client device checks its list of trusted CAs and verifies the server's certificate.

If successful, the client device sends its certificate to the edge server.

The edge server checks its list of CAs and verifies the client device's certificate.

If successful, a secure connection between the server and the client device is established.

How to verify a certificate chain

To pass certificate verification on edge servers, clients need to provide the root CA certificate or
the root and intermediate certificates that signed the certificate that client devices use to identify
themselves. The certificate authority and intermediate certificates, known as a certificate chain, is
a list of certificates issued by successive certificate authorities (CAs) that enables edge servers to
verify that the client and all CAs are trustworthy.

In the figure, you can see a certificate chain that leads from a certificate that identifies a client
through two intermediary CA certificates to the CA certificate for the root CA. In the figure, you
can see a certificate chain that leads from a certificate that identifies a client through two
intermediary CA certificates to the CA certificate for the root CA.

A certificate chain follows a path of certificates in the hierarchy up to the root CA certificate. In a
certificate chain, each certificate must meet the following conditions:

Each certificate is followed by the certificate of its issuer.

161
Each certificate contains the name (DN) of that certificate's issuer, which is the same as the subject
name of the next certificate in the chain.

Each certificate is signed with the private key of its issuer. The signature can be verified with the
public key in the issuer's certificate, which is the next certificate in the chain.

Create a Mutual Authentication root certificate.

To properly configure Mutual Authentication, you need to create a root certificate that you want
to use to create and validate client certificates.

Before begin.

Make sure your environment meets the minimum requirements to complete this procedure. See
System requirements.

Prepare a CA root certificate configuration file.

Upload the Mutual Authentication root certificate.

In mutual authentication, the edge server asks the client device to present a valid certificate before
a secure connection is established and the service of the server accessed. To verify the certificate
that the device uses to identify itself, you need to provide edge servers with a root CA certificate
or a certificate chain that signed the device's certificate.

To start verifying devices' certificates, you can upload a root CA certificate or a certificate chain
in the Certificate Provisioning System (CPS). You can only upload one file that is a X.509
certificate in PEM format. A PEM certificate is a base64 encoded DER file that contains ----
BEGIN CERTIFICATE----- and -----END CERTIFICATE----- statements. If your CA provides
you with a certificate that is not in PEM format, you can convert it to PEM format using an SSL
converter.

162
Before you begin, use Trust Chain Manager to create a certificate set. Follow Trust Chain Manager.

Go to ☰ > CDN > Certificates.

Select the certificate that you want to use for Mutual Authentication.

From the certificate's Actions menu, select View and Edit Deployment Settings.

In the Mutual Authentication section,

From the Certificate set menu, select a certificate set.

Remote User-Authentication Principles

· Mutual Authentication One-Way Authentication

Remote User-Authentication Using Symmetric Encryption

· Mutual Authentication One-Way Authentication

Kerberos

163
· Motivation Kerberos Version

Figure 100: Motivation Kerberos Version

· Kerberos Version

Remote User Authentication Using Asymmetric Encryption

· Mutual Authentication One-Way Authentication

Federated Identity Management

· Identity Management Identity Federation

164
KEY POINTS

◆ Mutual authentication protocols enable communicating parties to satisfy themselves mutually

about each other’s identity and to exchange session keys.

◆ Kerberos is an authentication service designed for use in a distributed environment.

◆ Kerberos provides a trusted third-party authentication service that enables clients and servers
to establish authenticated communication.

◆ Identity management is a centralized, automated approach to provide enterprise-wide access

to resources by employees and other authorized individuals.

◆ Identity federation is, in essence, an extension of identity management to multiple security

domains.

This chapter examines some of the authentication functions that have been developed to support
network-based use authentication. The chapter begins with an introduction to some of the concepts
and key considerations for user authentication over a network or the Internet. The next section
examines user-authentication protocols that rely on symmetric encryption. This is followed by a
section on one of the earliest and also one of the most widely used authentication services:
Kerberos. Next, the chapter looks at user-authentication protocols that rely on asymmetric
encryption. This is followed by a discussion of the X.509 user-authentication protocol. Finally, the
concept of federated identity is introduced.

Mutual transport layer security (mTLS) or two-way secure socket layer is a method for mutual
authentication. Mutual TLS ensures that both parties sharing information are who they claim to be
by verifying that they both have the correct private key. To better understand how mutual TLS
works, we first need to understand what TLS is and how it works.

Mutual transport layer security (mTLS) is an end-to-end security method for mutual authentication
that ensures that both parties sharing information are who they claim to be before data is shared.

165
In mutual includes an additional step in which the server also asks for the client's certificate and
verifies it at their end. It is considered more secure than TLS, but it’s also more computationally
costly.

Transport layer security (TLS) is a cryptographic protocol that provides end-to-end security of
data sent between applications over the Internet. TLS evolved from secure socket layers (SSL),
which Netscape Communications Corporation developed in 1994 to secure web sessions.

TLS is normally implemented on top of transmission control protocol (TCP) in order to encrypt
application layer protocols such as HTTP, file transfer protocol (FTP), simple mail transfer
protocol (SMTP) and internet message application protocol (IMAP), although it can also be
implemented on user datagram protocol (UDP), datagram congestion control protocol (DCCP) and
stream control transmission protocol (SCTP), as well.

Figure 101: congestion control protocol (DCCP)

It verifies the identity of the server with asymmetric cryptography. So that client can verify it’s
connecting to the intended server only and can prevent man-in-the-middle attacks.

166
It encrypts the connection between the client and server using symmetric key cryptography to
protect the data exchange between the two. This makes sure if someone intercepts the message,
he/she will not be able to read it as it’s encrypted, and they don't have the key to decrypt it.

It also identifies the data alteration during the transmission using a message authentication code
(MAC). This ensures that the message received is intact and no one in the middle has altered the
content of the message. The middleman can’t read it because it’s encrypted, however, they can
alter the message using bit flipping.

In TLS, the client verifies the server’s identity by asking for and validating its certificate. In mutual
TLS, there is an additional step involved in which the server also asks for the client's certificate
and verifies it at their end. A secure connection for data transfer is only established when both
client and server successfully authenticate themselves and verify each other’s certificates. This is
also known as two-way SSL.

Mutual TLS is very similar to the TLS protocol. In mTLS, there’s an additional step involved
before the key exchange. The client sends its public key and certificate to the server, which the
server verifies to identify the request is coming from a known client and has the private key
corresponding to the public key that the client shared.

167
 Figure 102: a message authentication code (MAC).

CLIENT INITIATES THE HANDSHAKE

The client initiates the handshake with the ‘Client Hello.’ It consists of several pieces of
information, including:

Version: Hex code of the highest version of TLS/SSL that the client supports.

Session ID: An 8-byte value, initially all 0s, is used to label the sessions.

Cipher Suits: A list of cipher suites (algorithms) client supports, which is nothing but a set of
cryptographic algorithms, like RSA, Diffi Hellmen, etc.

168
SERVER RESPONDS

Once received, the server responds with ‘Server Hello,’ which consists of the same five pieces of
information for the server, this time with a session ID.

SERVER SENDS ITS CERTIFICATE

Next, the server sends its certificate along with its certificate chain and its public key.

CLIENT VERIFICATION

Now the client needs to verify two things in the certificate:

Is the certificate valid? This done by verifying the signature on the certificate using CA’s public
key (that it was indeed signed by CA using his private key)

Does it belong to the intended server?

SERVER VERIFIES THE CERTIFICATE

To verify whether the certificate belongs to the intended server, the client creates a random secret
key and encrypts it using the server’s public key and sends it to the server.

SERVER DECRYPTS THE RANDOM SECRET KEY

Now the server decrypts the random secret key using its private key.

CLIENT SENDS CERTIFICATE

Next, the client sends its certificate along with its certificate chain and its public key.

169
CLIENT VERIFIES THE CERTIFICATE

Now the client needs to verify two things in the certificate:

Is the certificate valid? This is done by verifying the signature on the certificate using CA’s public
key, that it was indeed signed by CA using its private key, or the server maintains a keystore. The
implementation differs from server to server.

Does it belong to the intended client?

VERIFY THAT THE CERTIFICATE BELONGS TO THE CLIENT

To verify whether the certificate belongs to the client, the server creates a random secret key and
encrypts it using the client’s public key and sends it to the server.

Applications of Mutual TLS

Mutual TLS is often used in zero trust security environments to verify users, devices, and servers
within an organization network. It can also help keep APIs secure. You’ll want to consider mTLS
in situations that include:

In B2B API interactions where the server doesn’t want to expose its services to the entire world
and wants to make sure the request is coming from a known client.

In B2B financial transactions. For example, transactions between two bank servers.

For authenticating and encrypting service-to-service communication between microservices or

with the API gateway.

Device authentication. For example, a payment gateway wants to make sure that the request is
coming from a registered device (POS terminal).

170
 Figure 103: Applications of Mutual TLS

Advantages of Mutual TLS

There are a couple of advantages of mTLS over TLS.

It validates not just the server’s certificate but also the client’s certificate, making it more secure
than TLS.

It reduces the reliance on passwords for security. Passwords are relatively insecure and susceptible
to brute force attacks.

Disadvantages of Mutual TLS

If mTLS is more secure than TLS, then the obvious question is why isn’t it more popular? And
why haven’t we replaced TLS with mTLS across the entire internet? However, there are a few
disadvantages to mTLS:

It’s more complex to implement. The number of clients/servers is huge, and it’s difficult and costly
for the server to maintain certificates for all the clients and validate and verify each client for each
session. Managing and verifying certificates at this scale is not practical.

171
Mutual TLS is computationally costly and slower than TLS. There are more steps/round trips
involved in an M-TLS handshake. It’s an order of magnitude slower than TLS, and hence it’s not
useful for the scenarios where lower latency is a bigger priority than zero trust security.

It can only be implemented in an environment where you have control over the clients, and you
can dictate what type of security each client must have in order to connect to the server.

How to Set Up Mutual TLS

If you’d like to implement your own mutual TLS configuration in JavaScript, here’s what you
need to do. First, let’s create a node server with Mutual TLS configured. This should include the
following features:

The server has its own public/private key pair to share with clients: refer server key and server crt.

The server manages a verified client certificate store, refer options. carry). For all handshake
requests, it verifies the client’s certificate against this store to identify this is a known client.

The option requestCert: true enables mutual TLS for this node server. This server will request the
client to present its certificate for the handshake, and upon failing, it will reject the request.

If it’s able to verify the certificate it will return the 200 OK response.

Figure 104: Advantages of Mutual TLS

172
 Chapter 6: Public-Key Encryption and Hash Functions

Cryptography is at the heart of Blockchain technology. At this post, I will try to explain some of
the basics of Cryptography, Encoding, Encryption and Digital Signature.

Encoding is the process of applying a specific code, such as letters, symbols and numbers, to data
for conversation into an equivalent cipher.

The difference between encoding and encryption is that encryption needs a key to
encrypt/decrypt.

Cryptography

Cryptography is the practice and study of secure communication in the presence of third parties.
In the past cryptography referred mostly to encryption. Encryption is the process of converting
plain text information to cipher text. Reverse is the decryption. Encryption is a mechanism to make
the information confidential to anyone except the wanted recipients. Cipher is the pair of
algorithms that creates encryption and decryption. Cipher operation is depending on algorithm and
the key. Key is the secret that known by communicants. In addition, there are two types of
encryptions by keys used:

Symmetric Key Algorithms

Symmetric key algorithms (Private-key cryptography): same key used for encryption and
decryption. (AES, DES etc.) (AWS KMS uses Symmetric Key Encryption to perform encryption
and decryption of the digital data)

173
 Figure 105: Symmetric Key Algorithms

Symmetric key ciphers implemented as either block ciphers or stream ciphers by type of input
data. A block cipher enciphers input in blocks of plaintext as opposed to individual characters, the
input form used by a stream cipher.

Block Ciphers: encrypt block of data of fixed size. (DES, AES etc.)

Stream Ciphers: encrypt continuous streams of data. (RC4, etc.)

Entropy measures how random data is when used in cryptography.

Asymmetric Key Algorithms

174
Asymmetric key algorithms (Public-key cryptography): two different keys (private and public)
used for encryption and decryption. (RSA, Elliptic Curve etc.)(AWS EC2 key pairs uses
asymmetric encryption.)

Figure 106: Asymmetric Key Algorithms

Data manipulation in symmetric systems is faster than asymmetric systems as they generally use
shorter key lengths. Asymmetric systems use a public key to encrypt a message and a private key
to decrypt it. Use of asymmetric systems enhances the security of communication; however, it
consumes CPU resources heavily.

Cryptographic Hash Functions

Cryptographic hash functions are a third type of cryptographic algorithm. A message of any length
taken as input, and output to a short, fixed length hash. (MD5, SHA etc.) It is a mathematical
algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and designed to be
a one-way function, that is infeasible to invert. Integrity checking is the mechanism to verify if the
information has not changed. To validate the integrity, a thumbprint (also called hash or digest) of
the information created. Thumbprint created by an algorithm that create a shorter bit string from
an information.

175
 Figure 107: Cryptographic Hash Functions

SALT

Random string, or salt, is added to the password (to make the password more secure) and then
hashed. This prevents rainbow table attacks. Salting should be used with Cryptographically Secure
Pseudo Random Number Generator aka CSPRNG. Salts needs to have high entropy. However,
RSA used Dual_EC_DRBG standard for CSPRNG which has been shown not be
cryptographically secure and is believed to have a kleptographic NSA backdoor. Backdoor was
confirmed in 2013 and RSA Security received a $10 million payment from the NSA to do so.

Key Stretching

A cryptographic hash function or a block cipher may be repeatedly applied in a loop. Modern
password-based key derivation functions, such as PBKDF2, use a cryptographic hash, such as
SHA-2, a longer salt (e.g., 64 bits) and a high iteration count (tens or hundreds of thousands).

176
 Figure 108: Key Stretching

Authenticated Encryption
Authenticated encryption provides confidentiality, data integrity, and authenticity assurances on
encrypted data. Authenticated encryption can be generically constructed by combining an
encryption scheme and a message authentication code (MAC). For example AWS KMS Encrypt
API takes plaintext, a customer master key (CMK) identifier, and an encryption context
(Encryption context is a set of non-secret key-value pairs that you can pass to AWS KMS when
you call the Encrypt, Decrypt, ReEncrypt, GenerateDataKey, or
GenerateDataKeyWithoutPlaintext APIs.) and returns ciphertext. The encryption context
represents additional authenticated data (AAD). The encryption process uses the AAD only to
generate an authentication tag. The tag is included with the output ciphertext and used as input to
the decryption process. This means that the encryption context that you supply to the Decrypt API
must be the same as the encryption context you supply to the Encrypt API. Otherwise, the
encryption and decryption tags will not match, and the decryption process will fail to produce
plaintext. Further, if any one of the parameters has been tampered with — specifically if the

177
ciphertext has been altered — the authentication tag will not compute to the same value that it did
during encryption. The decryption process will fail and the ciphertext will not be decrypted.

Digital Signature

Digital signature is a mathematical scheme for demonstrating the authenticity of digital messages
or documents. A valid digital signature enables information integrity (using hash algorithm) to
ensure message is not altered, message created by the sender (authentication) and sender cannot
deny having sent the message (non-repudiation). The digital signature has to be authentic,
unfalsifiable, non-reusable, unalterable and irrevocable. When all this property is gathered, the
authenticity and the integrity of an information can verified.

Figure 109: Digital Signature

178
The signature operation is based on asymmetric cryptography. First a digest of the initial
information is created and this last is encrypted with the private key. This operation is called the
signature.

To validate the signature, the recipient extracts the encrypted digest from the message and use his
public key to unencrypt it. Next the recipient creates a digest from the received information and
compare it with the previously unencrypted digest. This is the signature checking process.

A good way to remember when the private key is used is to know what information is important
in each operation. In signature process, the critical information is the digest, so the private key is
used to sign. In encryption process, the critical information is encrypted: so, the private key is used
to unencrypt.

Modern Encryption

Each encryption algorithm has advantages and convenient therefore Modern Encryption associates
both symmetric and asymmetric techniques. Modern algorithm uses a session key (temporarily
key) to encrypt information with symmetric cryptography. Next, the session key encrypted with
the public key of the recipient. To unencrypt information, first the recipient unencrypts the session
key with his private key and unencrypt information with the session key.

179
 Figure 110: Modern Encryption

On the sender side, following actions performed:

1. A temporarily key called session key (Ks) generated.

2. Information encrypted with session key (Ks).

3. (Ks) Encrypted with the public key (Kpu) of the recipient. This key called Kse;

4. Kse added to the encrypted information file. This file sent to the recipient.

On the recipient side, the below action performed:

180
The encrypted information and Kse are separated.

The Kse key is unencrypt with the private key (Kpr) of the recipient and becomes the Ks.

The document is unencrypted with Ks.

Encryption and Digital Signature Operation

Now that we are aware about encryption, hash algorithm and signature, let have a look how these
elements interact together to make an information confidential, authentic and honest.

Figure 111: hash algorithm and signature

181
When the signature and encryption used together, the signing process done first. Following steps
performed:

1. A digest is created from the initial information.

2. This thumbprint is encrypted with the private key (Kprg).

3. The thumbprint is added to the initial information (in the same file).

4. A temporarily session key is generated (Ks) It will be used to encrypt initial information.

5. The session key is encrypted (Kse) with the public key of the rececipient (Kpub).

6. Kse added to encrypted information file. So this file is contains the encrypted information, the
Kse and the signature.

When the recipient receives the file from the issuer, it begins by unencrypt file and next to verify
the signature:

1. The recipient extract the Kse from the received file. This key is unencrypted with the private
key (Kprb) to obtain session key (Ks);

2. Ks is used to unencrypt information.

3. Next recipient extract the encrypted thumbprint.

4. The public key (Kpug) is used to unencrypt the thumbprint.

5. At the same time, the recipient creates a digest from the previously unencrypted information.

6. To finish, the recipient compares the unencrypted thumbprint with the digest generated from
unencrypted information. If they match, the signature verified.

Proxy Encryption

182
A proxy re-encryption is generally used when one party, say Bob, wants to reveal the contents of
messages sent to him and encrypted with his public key to a third party, Chris, without revealing
his private key to Chris. Bob does not want the proxy to be able to read the contents of his
messages. Bob could designate a proxy to re-encrypt one of his messages that is to be sent to Chris.
This generates a new key that Chris can use to decrypt the message. Now if Bob sends Chris a
message that was encrypted under Bob’s key, the proxy will alter the message, allowing Chris to
decrypt it. This method allows for a number of applications such as e-mail forwarding, law-
enforcement monitoring, and content distribution.

A unidirectional multi-use proxy re-encryption (UM-PRE) scheme allows a semi-trusted proxy to

transform a message encrypted under the key of party A into another ciphertext, containing the
initial plaintext, such that another party B can decrypt the ciphertext with its key. The proxy neither
gets access to the plaintext nor to the decryption keys. The proxy can only transform in one
direction and one ciphertext can be transformed multiple times.

Proxy re-encryption is a form of public-key encryption that allows a user Alice to “delegate” her
decryption rights to another user Bob.

In a proxy re-encryption scheme, Alice delegates a semi-trusted proxy to translate cyphertexts

encrypted under her key into cyphertexts encrypted under Bob’s key. Once delegated, the proxy
operates independently of Alice. The proxy is considered “semi-trusted” because it does not see
the content of the messages being translated, nor can it re-encrypt Alice’s messages to users for
whom Alice has not granted decryption rights.

To delegate her decryption rights to Bob, Alice generates a “delegation key” (or “re-encryption
key”) and sends this key to the proxy server. The proxy server uses this key to translate messages
from Alice’s key to Bob’s key. The schemes implemented by Proxy server are unidirectional. In a
unidirectional scheme, delegations are “one-way”, i.e., the proxy can re-encrypt Alice’s messages
to Bob, but cannot re-encrypt Bob’s messages to anyone. Furthermore, Alice can generate a
delegation key (to Bob) using only Bob’s public key (and her secret key). It is not necessary that
Bob be online or even know that delegation has taken place.

183
 Figure 112: Proxy Encryption

Proxy Reencryption Functions

Proxy re-encryption schemes are similar to traditional symmetric or asymmetric encryption

schemes, with the addition of two functions:

Delegation — allows a message recipient (keyholder) to generate a re-encryption key based on

his secret key and the key of the delegated user. This re-encryption key is used by the proxy as
input to the re-encryption function, which is executed by the proxy to translate ciphertexts to the
delegated user’s key. Asymmetric proxy re-encryption schemes come in bi-directional and uni-
directional varieties.

184
In a bi-directional scheme, the re-encryption scheme is reversible — that is, the re-encryption key
can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can
have various security consequences, depending on the application. One notable characteristic of
bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must
combine their secret keys to produce the re-encryption key.

A uni-directional scheme is effectively one-way; messages can be re-encrypted from Bob to

Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated
party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his
secret key with Charlie’s public key.

Transitivity — Transitive proxy re-encryption schemes allow for a ciphertext to be re-encrypted

an unlimited number of times. For example, a ciphertext might be re-encrypted from Bob to
Charlie, and then again from Charlie to David and so on. Non-transitive schemes allow for only
one (or a limited number) of re-encryptions on a given ciphertext. Currently, the only known uni-
directional, transitive proxy re-encryption is done through the use of Homomorphic Encryption
which allows computation on encrypted data.

Figure 113: Transitivity

185
Identity-based conditional proxy re-encryption (IBCPRE)

Proxy re-encryption (PRE) is a useful cryptographic primitive in which a semi-trusted proxy agent
is given delegation power to transform a ciphertext for Alice into a ciphertext for Bob without
viewing the underlying plaintext. Attribute Based Encryption (ABE) is a promising cryptographic
algorithm that provides confidentiality of data along with owner-enforced fine-grained access
control. With attribute-based encryption, a data owner can use a set of attribute values (i.e., access
policy) for encrypting a message such that only authorized entity who possesses the required set
of attribute values can decrypt the ciphertext. A proxy re-encryption scheme using the merits of
ciphertext-policy anonymous attribute-based encryption. The scheme, termed as PRE-AABE,
reduces the computation burden significantly for updating the access policy of a ciphertext to a
semi-trusted proxy agent (e.g., cloud server). The PRE-AABE scheme hides the access policy
inside the ciphertext, so that parties except the intended receiver will not be able to figure out the
purpose of the ciphertext. At the same time, the proxy agent is able to perform the re-encryption
successfully without learning anything about the plaintext contents or the access policy

An IBCPRE scheme is a natural extension of proxy re-encryption on two aspects. The first aspect
is to extend the proxy re-encryption notion to the identity-based public key cryptographic setting.
The second aspect is to extend the feature set of proxy re-encryption to support conditional proxy
re-encryption. By conditional proxy re-encryption, a proxy can use an IBCPRE scheme to re-
encrypt a ciphertext but the ciphertext would only be well-formed for decryption if a condition
applied onto the ciphertext together with the re-encryption key is satisfied. This allows fine-
grained proxy re-encryption and can be useful for applications such as secure sharing over
encrypted cloud data storage.

Under the identity-based cryptographic setting, the public key of the user can be an arbitrary string
of bits provided that the string can uniquely identify the user in the system. The unique string, for
example, can be an email address, a phone number, and a staff ID (if used only internally within
an organization). However, the corresponding private key is no longer generated by the user. From
the public key, which is a unique binary string, there is a key generation centre (KGC), which
generates and issues the private key to the user. The KGC has a public key, which is assumed to
be publicly known, and the encryption and decryption then work under the unique binary string

186
defined public key and the corresponding private key, respectively, with respect to the KGC’s
public key.

Proxy Re-encryption allows a ciphertext, which originally can only be decrypted by a user, to be
transformed by a public entity, called proxy, to another ciphertext so that another user can also
decrypt. Suppose the two users are Alice and Bob. Alice has some messages: M1, M2, … Mn. She
intends to encrypt them under her public key, and then upload the encrypted messages to some
server.

Now when Alice wants to share these n encrypted messages with Bob, Alice can use a proxy re-
encryption scheme to allow the server to re-encrypt these n encrypted messages so that Bob can
decrypt these re-encrypted messages directly using his own private key.

To do so in the proxy re-encryption scheme, Alice uses her private key and the public key of Bob
to generate a re-encryption key. Alice then sends the re-encryption key to the server. Upon
receiving this re-encryption key, the server uses the key to transform all the n encrypted messages
C1, C2, …, Cn to a new form denoted as D1, D2, …, Dn. Bob can then download D1, D2, …, Dn,
decrypt them, and recover the messages M1, M2, … Mn using his private key.

In an identity-based conditional proxy re-encryption (IBCPRE) system, users set their public keys
as unique identities of the users. One of the main advantages of using identity-based cryptographic
algorithms is the elimination of public key certificates which can help enhance the usability of the
target security applications. The term ‘Conditional’ in IBCPRE refers to an additional feature,
which allows each encrypted message to have a ‘tag’ associated with. In addition to the tag, each
re-encryption key also has a ‘tag’ attached. The IBCPRE is designed so that only if the tag of an
encrypted message matches with the tag of a re-encryption key can the encrypted message be re-
encrypted.

187
 Figure 114: Identity-based conditional proxy re-encryption (IBCPRE)

One of the key features of IBCPRE is that when Alice as a data owner encrypts messages, the
encryption is done for herself and only Alice herself can decrypt the encrypted messages using her
secret key. There is no need for Alice to know in advance about who that she would like to share
the encrypted messages with. In other words, picking the friends to share with by Alice can be
done after she encrypts the messages and uploads to the Server.

Another feature of IBCPRE is that it supports end-to-end encryption. The server which stores the
encrypted messages cannot decrypt the messages both before and after the re-encryption.

IBCPRE supports one-to-many encryption. The data owner Alice can choose multiple friends to
share her data with. For multiple friends to share the encrypted messages with, Alice simply needs
to generate a re-encryption key for each of her friends and sends all the re-encryption keys to the
server for carrying out the re-encryption. The number of re-encryption keys that Alice needs to
generate depends on the number of friends that Alice wants to share the encrypted messages with.
It does not depend on the number of encrypted messages. One re-encryption key will allow the

188
Server to convert all the encrypted messages provided the tag of the encrypted messages and the
tag of the re-encryption key matches.

The conditional ‘tag’ of the IBCPRE facilitates the fine-grained access of encrypted messages. By
setting different tag values onto different encrypted messages, the data owner Alice can control
the exact set of encrypted messages that she wants to share with any particular friends of her with
great flexibility.

Consider a user Alice who encrypts some messages M1, M2, …, Mt with a tag ‘Private’, Mt+1,
Mt+2, …, Mm with a tag ‘toShareWithFamily’, Mm+1, Mm+2, …, Mn with a tag
‘toShareWithFriend’, using IBCPRE under her unique identity, which is considered as the public
key of Alice. Alice then uploads the corresponding encrypted messages C1, C2, …, Ct, Ct+1, …,
Cm, Cm+1, …, Cn to a server.

When Alice is about to share Mm+1, Mm+2, …, Mn with another user Bob, who becomes her
friend recently, Alice generates a re-encryption key using IBCPRE with an associated tag
‘toShareWithFriend’. This generation is done by taking as input Alice’s private key and Bob’s
identity. Then Alice sends the re-encryption key to the server. By using the re-encryption key, the
server runs the IBCPRE re-encryption function on Cm+1, Cm+2, …, Cn for transforming them
into another form, Dm+1, Dm+2, …, Dn so that Bob can decrypt them directly using his private
key. This transformation can be done as the tag associated with the encrypted messages, namely
‘toShareWithFriend’, matches with the tag associated with the re-encryption key. Note that the
server cannot transform C1, C2, …, Ct, Ct+1, …, Cm to another form for Bob to decrypt using the
re-encryption key because the tag of these m encrypted messages, namely ‘Private’ or
‘toShareWithFamily’, does not match with the tag of the re-encryption key.

the proposed Web Authentication API becomes widespread.

189
Before we delve into the main topic, the article starts with an overview of “functions” to warm you
up.

Functions

A function (in math or computer science) is like a machine. It takes an input and produces an
output.

An input is generally part of a whole. For example, the part can be a few numbers, whereas the
whole in this case would be the entire integer set.

The whole is also called the “domain”. Some common examples of domains are: integers, UTF-8
character set, all prime numbers.

If you feed N inputs to a function and if it produces N outputs, then the function is called a map
function. Example: square (1,2,3,4) = (1,4,9,16)

If you feed N inputs to a function and if it produces exactly 1 output, then the function is called a
reduce function. Example: sum (1,2,3,4) = 10

Hashing

Hashing is basically the act of using a hash function in order to produce a hash output. Examples
of popular hash functions are SHA256, MD5, Bcyrpt, RIPEMD

A hash function takes an input of any size (eg : your email password, the full text of the Illiad, or
a blu-ray video of Inception)

The output of a hash function is of fixed size ( say, a 64-character text). The output is also called
a digest.

Real example: sha256sum(“Meet me at 180 10th Ave. New York, NY 10011”) =

8D4364AFA2A79D46DDDA74361F9DF1EE939D84DC81E31FC53FAB221CA54E5E31

190
In hashing, given an input, it is easy to compute the output. But it is practically impossible to
reverse engineer a hash output and derive the input. Hence a hash function is also called a one-
way function.

Corollary: you cannot use hashing for encryption and decryption (as decryption is impossible due
to the one-way nature). Technically, encryption/decryption functions are map functions (N to N).
A hash function is a reduce function (N to 1). So fundamentally, cryptography and hashing are
different beasts, though they may be combined for certain applications (such as public key
cryptography).

A hash output is useful to represent an input. This representation is called a fingerprint. This is
useful if you want to make sure your data is not tampered or corrupted when it travels in a network.
The hash of “sent data” should always equal the hash of “received data”. Basically, comparison of
data is the most common use of hashing.

In theory, it is possible that 2 different inputs can produce the same hash output. This is called
collision. But in practice, a good hash function makes it real hard (time consuming) to find
collisions.

Public Key Cryptography

When you receive a package from Amazon, you want to make sure that: a) Indeed Amazon has
sent the package and not some bioterrorist (signing) b) While in transit, nobody else knows what’s
in the package (confidentiality) c) The package is not tampered while in transit (tamper-proofing)

A network transaction involves: a sender, the network pipe and a receiver. A network transaction
happens when a unit of data is moved at a particular point of time. Securing a transaction is of high
importance. By securing, we mean that confidentiality and tamper-proofing is taken care of.

Public key cryptography solves the problem of signing, confidentiality and tamper-proofing of
network transactions. All in one neat package.

191
Confidentiality is achieved by garbling (mixing up) the data in motion.

A key is a number or a function that can be used to garble a piece of data. This is called encryption.
A key can be used to reconstruct the original data from the garbled data. This is called decryption.

If you use the same key for both encryption and decryption, then it is called symmetric
cryptography. This key is private and is held only by the sender and the receiver.

With symmetric keys, the data can be encrypted. But how would the sender transfer the key to the
receiver? There is no practical/scalable way to do this on the network. Thus, key-sharing is a
fundamental drawback of symmetric key encryption, and it is not used widely.

Asymmetric cryptography was established to fix the key-sharing problem in cryptography. Here,
you use one key for encryption and a different key for decryption.

Public key cryptography is basically asymmetric encryption with some additional steps.

In public key cryptography, there are 5 elements: the actual data, sender’s public key, sender’s
private key, receiver’s public key and receiver’s private key.

A public key is announced and known to the world. A private key is stored in the owner’s mind or
in a physical/digital safety locker. Private key is otherwise called a secret key.

At a given point, a sender can make use of 3 keys: sender’s private key, sender’s public key and
the receiver’s public key. Similarly, a receiver can make use of receiver’s private key, receiver’s
public key, and the sender’s public key. Needless to say, one party can never know another party’s
private key.

The combination of public & private keys is called a key-pair. This pair can be generated on your
computer’s command line program. Some prime-number mathematics goes behind the key-pair
generation (the details are beyond the scope of this write-up). In a nutshell, it is really hard (time
consuming) to know someone’s private key using their public key (through guess work and other
means)

192
It does not matter the order in which you use the keys. You can encrypt a piece of data with a
public key, but the decryption can be done only with its corresponding private key. The reverse is
also true. You can encrypt data with your private key. But it can be decrypted only with your public
key.

A sender would always start with the receiver’s public key for encryption. The receiver would use
its own (receiver) private key for decryption. This fulfils the goal of confidentiality (data
scrambling & reconstruction). So, confidentiality is achieved by using the receiver’s key-pair.

But the receiver still does not know who sent the data. It could have been sent by a hacker. So, the
sender needs to let the receiver know that the data is indeed sent by the sender. This process is
called signing. Signing is done by attaching a small piece of additional data called the signature.
(Note that a signature without data is useless). The next few steps might overwhelm a bit (as the
topic itself cannot be oversimplified). Please feel free to read with a paper and pencil.

A signature is created by using the sender’s key-pair. In this process, the sender first encrypts the
data with sender’s private key. Let’s call the result sender-privkey-encrypted-data (this is the
signature). Now sender combines the signature and the data. Let’s call this “data + sender-privkey-
encrypted-data”.

The sender will again encrypt the “data + sender-privkey-encrypted-data” with the receiver’s
public key. Let’s call this result receiver-pubkey-encrypted-data. This “wrapped and encrypted”
data is sent over the network (note that message in transit is twice the intended size, and this
problem is “fixed” later at point 22). No intruder can decipher this message as only the receiver’s
private key can decrypt receiver-pubkey-encrypted-data.

The receiver would now take the receiver-pubkey-encrypted-data and decrypt it (for the first time)
with the receiver’s private key. The result would be “data + sender-privkey-encrypted-data”.
Receiver alone can see the “data”; hence confidentiality is achieved.

The receiver would now decrypt (for the second time) only the “sender-key-encrypted-data” using
the sender’s public key. Let’s call this “data2”.

If the “data2” matches with “data”, then receiver is sure that the message was indeed sent by the
sender (because only sender’s private key could have encrypted “data” to create “data2”).

193
Data matching also ensures that message is not corrupted. Hence, tamper-proofing is also taken
care of.

Overall, a double-encryption process is used. The sender needs to sign (with sender’s private key)
and sender needs to encrypt (with receiver’s public key).

Note that at point 16 we mentioned that the message in transit is twice the size of the intended
message. This is because of the signature “sender-privkey-encrypted-data”. The size of the
signature can be compressed by hashing the actual data and then encrypting only the hash. Hence,
instead of encrypting a huge “data + sender-privkey-encrypted-data”, we can encrypt only the
“data + sender-privkey-encrypted-hash”.

Figure 115: Public Key Cryptography

This concludes public key cryptography.

In the data security field, encryption and hashing are commonly compared, but why is this the
case. Encryption is a two-way function where data is passed in as plaintext and comes out as

194
ciphertext, which is unreadable. Since encryption is two-way, the data can be decrypted so it is
readable again. Hashing, on the other hand, is one-way, meaning the plaintext is scrambled into a
unique digest, through the use of a salt, that cannot be decrypted. Technically, hashing can be
reversed, but the computational power needed to decrypt it makes decryption infeasible.

Common Encryption and Hashing Algorithms

Encryption comes in two types: Asymmetric and Symmetric. Asymmetric encryption uses two
different keys, a public and private key, for encryption and decryption. The private key is used to
encrypt data and is kept a secret from everyone but the person encrypting the data. The public key
is available for anyone and is used for decryption. Using asymmetric encryption, the authenticity
of the data can be verified, because if the data was modified in transit, it would not be able to be
re-encrypted with the private key. Symmetric encryption uses the same key for both encryption
and decryption. This type of encryption uses less processing power and is faster but is less secure
as only one key is used.

Figure 116: Common Encryption and Hashing Algorithms

195
Symmetric Encryption Algorithms:

Advanced Encryption Standard (AES)

Blowfish

Two fish

Rivets Cipher (RC4)

Data Encryption Standard (DES)

Asymmetric Encryption Algorithms:

Elliptic Curve Digital Signature Algorithm (ECDSA)

Rivest-Shamir-Adleman (RSA)

Diffie-Hellman

Pretty Good Privacy (PGP)

Hashing Algorithms:

Message Digest Algorithm (MD5)

Secure Hashing Algorithm (SHA-1, SHA-2, SHA-3)

WHIRLPOOL

TIGER

Cyclical Reduction Check (CRC32)

196
Though they are similar, encryption and hashing are utilized for different purposes. One of the
uses for hashing is to compare large amounts of data. Hash values are much easier to compare than
large chunks of data, as they are more concise. Hashing is also used for mapping data, as finding
values using hashes is quick, and good hashes do not overlap. Hashes are used in digital signatures
and to create random strings to avoid duplication of data in databases too. As hashing is extremely
infeasible to reverse, hashing algorithms are used on passwords. This makes the password shorter
and undiscoverable by attackers.

Encryption, on the other hand, tends to be used for encrypting data that is in transit. Data being
transmitted is data that needs to be read by the recipient only, thus it must be sent so that an attacker
cannot read it. Encryption hides the data from anyone taking it in the middle of transit and allows
only the decryption key owner to read the data. Other times encryption would be used over hashing
is for storing and retrieving data in databases, authentication methods, and other cases where data
must be hidden at rest but retrieved later.

Encryption Hashing

A two-way function that takes in plaintext data and turns it into undecipherable ciphertext. A one-
way method of hiding sensitive data. Using a hashing algorithm, hashing turns a plaintext into a
unique hash digest that cannot be reverted to the original plaintext, without considerable effort.

Reversible or Irreversible? Reversible Irreversible

Variable or Fixed Length Output? Variable Length Fixed Length

Types Asymmetric and Symmetric Hashing

Common Algorithms AES, RC4, DES, RSA, ECDSA SHA-1, SHA-2, MD5, CRC32,
WHIRLPOOL

197
Figure 117: Encryption Hashing

198
 Chapter 7: Network Security Applications

The process of taking preventive actions to prevent unauthorized access, misuse, malfunction, and
modification of the network infrastructure to protect the network infrastructure is called network
security. In this generation, the internet has become a critical part of our lives. Many people try to
damage our internet-connected computers and our privacy violation and make it impossible to
access the services of the internet. Considering the frequency and different types of attacks and the
possibility of new and future attacks, network security has become an important field in the area
of cybersecurity. Computers, users, and programs can perform critical functions in a secure
environment by implementing network security.

Figure 118: network security

Necessity to learn Network Security

A world of possibilities is opened to us through the internet, and it can be accessed by connecting
our devices to it. Without storing the information on the device permanently, we can access the
information whenever necessary. Communication with others has become easier and it allows us

199
to organize projects and work together. Networks are formed through the connected device, and
they run our lives. But such connections also leave our system vulnerable to damage and theft of
information is possible. This problem can be solved using cybersecurity and network security and
hence it is necessary to learn network security.

Applications of Network Security

Below are the applications of Network Security:

Défense Pro: It is a mitigation device that protects the infrastructure against network and
application downtime.

Défense Flow: Network-wide, multivendor attacks can be detected and mitigated by using Défense
Flow.

App Wall: To ensure the fast, reliable and secure delivery of critical applications, we use App
Wall.

Emergency Response Team: Emergency Response Team is used by the company’s facing denial
of service attacks as it provides twenty-four cross seven security services.

Inflight: Inflight is a monitoring application using which all the user transactions are captured from
inflight network traffic and real-time intelligence is delivered for business applications.

Cloud WAF Service: Web application security is provided by the application, and it protects from
the evolving threats.

Cloud DDOS Protection Service: Enterprise-grade DDOS protection in the cloud is provided by
cloud DDOS protection service.

Cloud Malware Protection Service: Unknown malware is detected based on their unique behaviour
patterns by using patented algorithms on the data collected from a community of two million users
and this collected data is analysed to provide a defence to the organizations against the malware
by cloud malware protection service.

200
 Figure 119: Applications of Network Security

Example

An example of network security is the Intrusion Prevention System (IPS). It is the network security
system that contains a set of rules to figure out the threats and block them by following those rules.

Prerequisites

The reader must have knowledge of computer networks, cryptography, communication protocols
in order to learn network security.

Target Audience

201
Beginners can refer to this tutorial to understand network security basics. This tutorial is helpful
for people who want to pursue a career in the field of network security. This tutorial is good
learning for all other readers.

Network Security protects your network and data from breaches, intrusions and other threats. This
is a vast and overarching term that describes hardware and software solutions as well as processes
or rules and configurations relating to network use, accessibility, and overall threat protection.

Network Security involves access control, virus and antivirus software, application security,
network analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN
encryption and more.

Benefits of Network Security

Network Security is vital in protecting client data and information, keeping shared data secure and
ensuring reliable access and network performance as well as protection from cyber threats. A well-
designed network security solution reduces overhead expenses and safeguards organizations from
costly losses that occur from a data breach or other security incident. Ensuring legitimate access
to systems, applications and data enables business operations and delivery of services and products
to customers.

202
 Figure 120: Benefits of Network Security

Types of Network Security Protections

Firewall

Firewalls control incoming and outgoing traffic on networks, with predetermined security rules.
Firewalls keep out unfriendly traffic and is a necessary part of daily computing. Network Security
relies heavily on Firewalls, and especially Next Generation Firewalls, which focus on blocking
malware and application-layer attacks.

Network Segmentation

Network segmentation defines boundaries between network segments where assets within the
group have a common function, risk or role within an organization. For instance, the perimeter
gateway segments a company network from the Internet. Potential threats outside the network are
prevented, ensuring that an organization’s sensitive data remains inside. Organizations can go
further by defining additional internal boundaries within their network, which can provide
improved security and access control.

203
 Figure 121: Network Segmentation

What is Access Control?

Access control defines the people or groups and the devices that have access to network
applications and systems thereby denying unsanctioned access, and maybe threats. Integrations
with Identity and Access Management (IAM) products can strongly identify the user and Role-
based Access Control (RBAC) policies ensure the person and device are authorized access to the
asset.

Zero Trust

Remote Access VPN

Remote access VPN provides remote and secure access to a company network to individual hosts
or clients, such as telecommuters, mobile users, and extranet consumers. Each host typically has
VPN client software loaded or uses a web-based client. Privacy and integrity of sensitive
information is ensured through multi-factor authentication, endpoint compliance scanning, and
encryption of all transmitted data.

204
Zero Trust Network Access (ZTNA)

The zero trust security model states that a user should only have the access and permissions that
they require to fulfil their role. This is a very different approach from that provided by traditional
security solutions, like VPNs, that grant a user full access to the target network. Zero trust network
access (ZTNA) also known as software-defined perimeter (SDP) solutions permits granular access
to an organization’s applications from users who require that access to perform their duties.

Figure 122: Zero Trust Network Access (ZTNA)

Email Security

Email security refers to any processes, products, and services designed to protect your email
accounts and email content safe from external threats. Most email service providers have built-in
email security features designed to keep you secure, but these may not be enough to stop
cybercriminals from accessing your information.

Data Loss Prevention (DLP)

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and best
practices to prevent the exposure of sensitive information outside of an organization, especially

205
regulated data such as personally identifiable information (PII) and compliance related data:
HIPAA, SOX, PCI DSS, etc.

Intrusion Prevention Systems (IPS)

IPS technologies can detect or prevent network security attacks such as brute force attacks, Denial
of Service (DoS) attacks and exploits of known vulnerabilities. A vulnerability is a weakness for
instance in a software system and an exploit is an attack that leverages that vulnerability to gain
control of that system. When an exploit is announced, there is often a window of opportunity for
attackers to exploit that vulnerability before the security patch is applied. An Intrusion Prevention
System can be used in these cases to quickly block these attacks.

Sandboxing

Sandboxing is a cybersecurity practice where you run code or open files in a safe, isolated
environment on a host machine that mimics end-user operating environments. Sandboxing
observes the files or code as they are opened and looks for malicious behaviour to prevent threats
from getting on the network. For example, malware in files such as PDF, Microsoft Word, Excel
and PowerPoint can be safely detected and blocked before the files reach an unsuspecting end user.

Hyper scale Network Security

Hyper scale is the ability of an architecture to scale appropriately, as increased demand is added
to the system. This solution includes rapid deployment and scaling up or down to meet changes in
network security demands. By tightly integrating networking and compute resources in a software-
defined system, it is possible to fully utilize all hardware resources available in a clustering
solution.

206
 Figure 123: Hyper scale Network Security

Cloud Network Security

Applications and workloads are no longer exclusively hosted on-premises in a local data centre.
Protecting the modern data centre requires greater flexibility and innovation to keep pace with the
migration of application workloads to the cloud. Software-defined Networking (SDN) and
Software-defined Wide Area Network (SD-WAN) solutions enable network security solutions in
private, public, hybrid and cloud-hosted Firewall-as-a-Service (FWaaS) deployments.

Robust Network Security Will Protect Against

Virus: A virus is a malicious, downloadable file that can lay dormant that replicates itself by
changing other computer programs with its own code. Once it spreads those files are infected and
can spread from one computer to another, and/or corrupt or destroy network data.

207
Worms: Can slow down computer networks by eating up bandwidth as well as the slow the
efficiency of your computer to process data. A worm is a standalone malware that can propagate
and work independently of other files, where a virus needs a host program to spread.

Trojan: A trojan is a backdoor program that creates an entryway for malicious users to access the
computer system by using what looks like a real program, but quickly turns out to be harmful. A
trojan virus can delete files, activate other malware hidden on your computer network, such as a
virus and steal valuable data.

Spyware: Much like its name, spyware is a computer virus that gathers information about a person
or organization without their express knowledge and may send the information gathered to a third
party without the consumer’s consent.

Adware: Can redirect your search requests to advertising websites and collect marketing data about
you in the process so that customized advertisements will be displayed based on your search and
buying history.

Ransomware: This is a type of trojan cyberware that is designed to gain money from the person or
organization’s computer on which it is installed by encrypting data so that it is unusable, blocking
access to the user’s system.

Secure Your Network with Check Point

Network Security is vital in protecting client data and information, it keeps shared data secure,
protects from viruses and helps with network performance by reducing overhead expenses and
costly losses from data breaches, and since there will be less downtime from malicious users or
viruses, it can save businesses money in the long-term.

Check Point’s Network Security solutions simplify your network security without impacting the
performance, provide a unified approach for streamlined operations, and enable you to scale for
business growth.

208
Schedule a demo to learn how Check Point protects customers with effective network security for
on-premises, branches, and public and private cloud environments.

Network security software offers multiple layers of security to your devices as well as network.
Each layer in your software has its own set of rules, controls, and policies. These rules, policies,
and controls help the authorized users to access network resources.

What are the key features of Network Security Tools?

Answer: Network security tools come with a number of core What are the key features of Network
Security Tools?

features to ensure the safety and security of your system, data, and network. You can expect to
receive a range of useful features, that include anti-malware, firewalls, intrusion prevention, email
security, application security, and web security.

How can you benefit from Network Security Software?

Answer: Storing our sensitive and confidential data on machines and networks can expose it to
various cybersecurity threats. With the right network security solution, you can prevent security
threats and protect your system, network, and data from malicious attacks.

Network Security refers to the measures taken by any enterprise or organization to secure its
computer network and data using both hardware and software systems. This aims at securing the
confidentiality and accessibility of the data and network. Every company or organization that
handles a large amount of data, has a degree of solutions against many cyber threats.

The most basic example of Network Security is password protection which the user of the network
oneself chooses. In recent times, Network Security has become the central topic of cyber security
with many organizations inviting applications from people who have skills in this area. The
network security solutions protect various vulnerabilities of the computer systems such as:

209
Users

Locations

Data

Devices

Applications

Benefits of Network Security

Network Security has several benefits, some of which are mentioned below:

Network Security helps in protecting clients’ information and data which ensures reliable access
and helps in protecting the data from cyber threats.

Network Security protects the organization from heavy losses that may have occurred from data
loss or any security incident.

It overall protects the reputation of the organization as it protects the data and confidential items.

Working on Network Security

The basic principle of network security is protecting huge, stored data and networks in layers that
ensure the bedding of rules and regulations that have to be acknowledged before performing any
activity on the data.

These levels are:

Physical Network Security

Technical Network Security

Administrative Network Security

210
 Figure 124: Types of network security

These are explained below:

1. Physical Network Security: This is the most basic level that includes protecting the data and
network through unauthorized personnel from acquiring control over the confidentiality of the
network. These include external peripherals and routers that might be used for cable connections.
The same can be achieved by using devices like biometric systems.

2. Technical Network Security: It primarily focuses on protecting the data stored in the network
or data involved in transitions through the network. This type serves two purposes. One is protected
from unauthorized users, and the other is protected from malicious activities.

211
3. Administrative Network Security: This level of network security protects user behaviour like
how the permission has been granted and how the authorization process takes place. This also
ensures the level of sophistication the network might need for protecting it through all the attacks.
This level also suggests necessary amendments that have to be done to the infrastructure.

Types of Network Security

The few types of network securities are discussed below:

Access Control

Antivirus and Anti-Malware Software

Cloud Security

Email Security

Firewalls

Application Security

Figure 125: Aspects of the Network security

Intrusion Prevention System (IPS)

1. Access Control: Not every person should have a complete allowance for the accessibility to the
network or its data. One way to examine this is by going through each personnel’s details. This is

212
done through Network Access Control which ensures that only a handful of authorized personnel
must be able to work with the allowed number of resources.

2. Antivirus and Anti-malware Software: This type of network security ensures that any malicious
software does not enter the network and jeopardize the security of the data. Malicious software
like Viruses, Trojans, and Worms is handled by the same. This ensures that not only the entry of
the malware is protected but also that the system is well-equipped to fight once it has entered.

3. Cloud Security: Now a day, a lot of many organizations are joining hands with cloud technology
where a large amount of important data is stored over the internet. This is very vulnerable to the
malpractices that few unauthorized dealers might pertain to. This data must be protected, and it
should be ensured that this protection is not jeopardized by anything. Many businesses embrace
SaaS applications for providing some of their employees the allowance of accessing the data stored
in the cloud. This type of security ensures creating gaps in the visibility of the data.

4. Email Security: Email Security depicts the services, and products designed to protect the Email
Account and its contents safe from external threats. For Example, you generally see, fraud emails
are automatically sent to the Spam folder. because most email service providers have built-in
features to protect the content.

5. Firewalls: A firewall is a network security device, either hardware or software-based, which

monitors all incoming and outgoing traffic and based on a defined set of security rules accepts,
rejects, or drops that specific traffic. Before Firewalls, network security was performed by Access
Control Lists (ACLs) residing on routers.

213
 Figure 126: Firewall

6. Application Security: Application security denotes the security precautionary measures utilized
at the application level to prevent the stealing or capturing of data or code inside the application.
It also includes the security measurements made during the advancement and design of
applications, as well as techniques and methods for protecting the applications whenever.

7. Intrusion Prevention System (IPS): An intrusion Prevention System is also known as Intrusion
Detection and Prevention System. It is a network security application that monitors network or
system activities for malicious activity. The major functions of intrusion prevention systems are
to identify malicious activity, collect information about this activity, report it, and attempt to block
or stop it.

Network and application security both share the common goal of protecting the organization
against cybersecurity threats. Often, there is also overlap between the two as perimeter-based
network security solutions may also provide protection to web applications against exploitation.

214
However, they also have significant differences, including:

Security Responsibility: Responsibility for network and application security may rest with
different teams within an organization, or responsibilities may be divided between multiple teams.
For example, responsibility for AppSec in development and fixing vulnerabilities may fall to
developers, while IT and security staff may be responsible for network security and protecting
vulnerable apps in production.

Location: Historically, network security was focused on perimeter-based defences deployed on

the enterprise network. AppSec, on the other hand, needs to be deployed to protect applications
where they are (on-prem, cloud-based, etc.).

Attack Surface: AppSec focuses on threats to an organization’s web-facing applications and

APIs. While network security solutions may also protect these apps, they also offer threat detection
and prevention for the rest of an organization’s IT infrastructure as well.

Lifecycle Stages: AppSec applies to every stage of the software development lifecycle as
developers should attempt to identify and correct potential design and implementation issues in an
application from the planning stage. Network security, on the other hand, is limited to production
environments.

Migrate to Zero Trust Model

In the past, application and network security were largely distinct. While perimeter-based solutions
may offer protection against both types of threats, network solutions largely protected the
enterprise network, while AppSec tools focused on protecting web applications and APIs wherever
they are.

As the traditional perimeter dissolves, so do many of the differences between the tools and
approaches that organizations use to implement cyber security solutions. Organizations are
increasingly moving toward a zero-trust security model, which enforces the principle of least
privilege across an organization’s entire IT environment. Before any access request is granted, it
is evaluated to determine if it is legitimate based on predefined access controls.

215
Zero trust security applies to both internal and external access requests, completely erasing the
concept of the perimeter that was previously a core component of network security. By moving
security to where the user, server, apps, or device is, this approach to security more closely
resembles traditional application security. Additionally, many solutions that implement zero-trust
security, such as secure access service edge (SASE) solutions, incorporate both application and
network security solutions as well as secure remote access in the form of zero trust network access
(ZTNA).

Harmony Connect Solution

While corporate networks are evolving away from traditional security models, the need for
application and network security is as great as ever. Companies are the victim of cyberattacks more
frequently than before, and exploitation of web app vulnerabilities is a common attack vector.

Limiting the threat of data breaches and other security incidents requires a security model that
evolves application and network security to meet the needs of the modern enterprise. Learn more
about the differences between App and network security and how zero trust erases these
distinctions in this whitepaper.

As corporate networks evolve to include cloud infrastructure, mobile devices, remote workers, and
the Internet of Things (IoT), the zero trust capabilities of SASE solutions are essential to ensuring
that a company has security wherever it needs it, not just at the network perimeter. To learn more
about protecting your network, apps, and remote workers with zero trust security, sign up for a
free demo of Check Point Harmony Connect.

The common types of network security include Network Access Control, IT Security Policies,
Application Security, Vulnerability Patch Management, Network Penetration Testing, Data Loss
Prevention, Antivirus Software, Endpoint Detection And Response (EDR), Email Security,
Wireless Security, IDS/IPS, Network Segmentation, SIEM, Web Security, Multifactor
Authentication (MFA), and a Virtual Private Network (VPN). Network security is important now
more than ever as threat actors seek ways to exploit the global pandemic and work at home culture
for financial gain.

216
Network security is a combination of technologies, devices, and processes designed to protect an
organization’s network infrastructure from unauthorized access, exploitation of its corporate
resources, improper disclosure, and denial of services.

The methods a company implements to protect its network may vary from one organization to the
next.

However, the main goal of network security is common for any business – ensure the
confidentiality of corporate information, secure the integrity of data, and ensure access to corporate
resources is always available.

Network Security is a critical component that an organization must implement in order to protect
its interests and operate efficiently.

The financial success of an organization today is not totally dependent on savvy marketing
techniques and cash flow.

The internet allows for instant communication and lightning speed transactions which businesses
rely on today.

In contrast, cyber criminals and hackers are continuously developing methods to disrupt, steal, and
compromise this flow of data as it travels on the information superhighway.

217
 Figure 127: corporate networks

2022 was a year filled with extraordinary trends and unexpected occurrences around the world.

The pandemic literally has changed the way businesses operate. Many employees who once
occupied cubicles or open-space desks are now working remotely for an undetermined time period.

Interestingly, businesses that have the means to provide the technology to support a remote
workforce have adapted very well, and many eCommerce businesses continue to be profitable.

Although many organizations have met the challenge and have embraced a remote workforce, this
trend has not deterred the presence of cyber-attacks, in fact, it has simply provided another
opportunity for threat attackers.

Ransomware attacks increased 148% over baseline levels from February 2020. This increase is
primarily the result of direct attacks against home-based users.

The servers, databases, web applications, and cloud applications have not moved, however, the
employees who access them are now remote.

Organizations must be diligent in training employees to be security-aware while at the same time
ensuring that the necessary security controls are in place.

The different types of network security include:

Network Access Control

Network Security Policies

Application Security

Vulnerability Patch Management

Network Penetration Testing

Data Loss Prevention

218
Antivirus Software

Endpoint Detection and Response (EDR)

Email Security

Wireless Security

IDS/IPS

Network Segmentation

SIEM

Web Security

Multifactor Authentication (MFA)

Virtual Private Network (VPN)

Figure 128: Endpoint Detection and Response

219
Network Access Control

With organizations embracing Bring Your Own Device (BYOD) politics, it is critical to have a
solution that provides the visibility, access control, and compliance capabilities that are required
to strengthen your network security infrastructure.

Network Access Control or NAC is a network solution that enables only compliant, authenticated,
and trusted endpoint devices to access network resources and infrastructure.

A NAC system utilizes MAC address control and the SNMP protocol to deny network access to
non-compliant devices, place them in a quarantined area, or give them only restricted access to
computing resources, thus keeping insecure nodes from infecting the network.

A NAC solution can also isolate guests from your internal network, identifying all devices inserted
into network switch ports, and can disable a rogue device from the switch port remotely without
engaging tech support.

Figure 129: Network Access Control

Network Security Policies

220
A network security policy is a set of standardized practices and procedures that outlines rules for
network access, the architecture of the network, and determines how policies are enforced.

Having a network security policy is important because it informs the employees of an organization
for protecting assets within the infrastructure.

These assets take many forms, such as passwords, documents, or even servers. These policies also
establish guidelines for acquiring, configuring, and auditing computer systems and networks.

A network security policy that is easily interpreted and enforced can protect the network from
accidental or intentional data loss, lessen the risk of cyber-attacks, and preserve the integrity of
corporate data.

Figure 130: Network Security Policies

221
Application Security

Application security is the process of developing, adding, and testing security features within
applications to prevent security vulnerabilities against threats such as unauthorized access and
modification.

According to Veracode’s State of Software Security report, 83% of the 85,000 applications it tested
had at one security flaw.

Many had much more, as their research found a total of 10 million flaws, and 20% of all apps had
at least one high severity flaw.

It is important for organizations to perform routine application security testing to identify and
mitigate flaws in code.

This will deter cyber-attackers from compromising or exploiting critical web applications.

Figure 131: Application Security

222
Vulnerability Management

Vulnerability management is a continuous process of identifying, prioritizing, remediating, and

reporting on security vulnerabilities in systems.

Assets on the network are discovered, categorized, and reported on to remediate security
vulnerabilities on target systems.

Vulnerability management is critical today because attackers are constantly crawling the internet
looking for vulnerabilities to exploit—and taking advantage of old vulnerabilities that are
unpatched on corporate systems.

Figure 132: Vulnerability Management

Network Penetration Testing

Network penetration testing is an attempt to measure and evaluate the security of an IT

infrastructure by safely trying to exploit vulnerabilities.

223
These vulnerabilities may exist in operating systems, services and application flaws, improper
firewall configurations or risky end-user behaviour.

A primary reason why penetration testing is important to an organization’s cyber security program
is that it helps personnel learn how to handle cyber-attacks from a malicious entity.

Penetration testing also serves to examine whether an organization’s security policies are
functional and effective in deterring attacks.

Figure 133: Network Penetration Testing

224
 Chapter 8: Network and Internet Security

Network Security protects your network and data from breaches, intrusions and other threats. This
is a vast and overarching term that describes hardware and software solutions as well as processes
or rules and configurations relating to network use, accessibility, and overall threat protection.

Figure 134: Network Security

Network Security involves access control, virus and antivirus software, application security,
network analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN
encryption and more.

internet security is a term that describes security for activities and transactions made over the
internet. It’s a particular component of the larger ideas of cybersecurity and computer security,
involving topics including browser security, online behaviour and network security. We spend a
large proportion of our lives online, and some of the internet security threats we can encounter
include:

225
Hacking, where unauthorized users gain access to computer systems, email accounts, or websites.

Viruses or malicious software (known as malware) which can damage data or make systems
vulnerable to other threats.

Identity theft, where criminals can steal personal and financial information.

Individuals and organizations can protect themselves from these kinds of threats by practicing
internet security.

Internet security consists of a range of security tactics for protecting activities and transactions
conducted online over the internet. These tactics are meant to safeguard users from threats such as
hacking into computer systems, email addresses, or websites; malicious software that can infect
and inherently damage systems; and identity theft by hackers who steal personal data such as bank
account information and credit card numbers. Internet security is a specific aspect of broader
concepts such as cybersecurity and computer security, being focused on the specific threats and
vulnerabilities of online access and use of the internet.

In today's digital landscape, many of our daily activities rely on the internet. Various forms of
communication, entertainment, and financial and work-related tasks are accomplished online. This
means that tons of data and sensitive information are constantly being shared over the internet.
The internet is mostly private and secure, but it can also be an insecure channel for exchanging
information. With a high risk of intrusion by hackers and cybercriminals, internet security is a top
priority for individuals and businesses alike.

Types of internet security threats

While the web presents users with lots of information and services, it also includes several risks.
Cyberattacks are only increasing in sophistication and volume, with many cybercriminals using a
combination of different types of attacks to accomplish a single goal. Though the list of potential
threats is extensive, here are some of the most common internet security threats

226
icon-exploit-kit

Malware: Short for "malicious software," malware comes in several forms, including computer
viruses, worms, Trojans, and dishonest spyware.

icon-ransomware

Computer worm: A computer worm is a software program that copies itself from one computer to
the next. It does not require human interaction to create these copies and can spread rapidly and in
great volume.

spam

Spam: Spam refers to unwanted messages in your email inbox. In some cases, spam can simply
include junk mail that advertises goods or services you aren't interested in. These are usually
considered harmless, but some can include links that will install malicious software on your
computer if they're clicked on.

227
 Figure 135: Internet security

Phishing

Phishing: Phishing scams are created by cybercriminals attempting to solicit private or sensitive
information. They can pose as your bank or web service and lure you into clicking links to verify
details like account information or passwords.

Botnet

Botnet: A botnet is a network of private computers that have been compromised. Infected with
malicious software, these computers are controlled by a single user and are often prompted to
engage in nefarious activities, such as sending spam messages or denial-of-service (DoS) attacks.

228
Internet security requires a combination of several products and technologies to properly safeguard
data. It's important to consider several types of internet security strategies when taking proper
measures to help keep your network secure. These tactics can include:

Browser selection: Each browser has its own security measures in place, but some can have serious
flaws that allow hackers and cybercriminals to exploit and invade. Ensure that you're using a secure
browser to reduce the risk of compromising your computer or network.

Multi-factor authentication (MFA): MFA is a method of controlling computer access by requiring

several separate pieces of evidence to an authentication mechanism. Websites and email accounts
can be made more secure by requiring at least two factors of authentication by a user.

Email security: Email creates a wave of opportunity for viruses, worms, Trojans, and other
unwanted programs. Establishing a multi-layered and comprehensive email security strategy will
help significantly reduce exposure to emerging threats. Email messages can also be protected by
using cryptography, such as signing an email, encrypting the body of an email message, and
encrypting the communication between mail servers.

Firewalls: Firewalls act as filters that protect devices by allowing or denying access to a network.
By applying a specific set of rules to identify if something is safe or harmful, firewalls can prevent
sensitive information from being stolen and keep malevolent code from being embedded onto
networks.

Internet security solutions

229
There are several internet security products and solutions available to help keep your internet usage
secure. These include:

Antivirus software products, which protect devices from attacks by detecting and eliminating
viruses.

Password managers, which help store and organize passwords through encryption.

Endpoint security suites, which include a more comprehensive internet security approach with
firewalls, antivirus, anti-spyware, and more.

Choosing the right package of products is important for securing your data across the internet.
Bringing together web filtering, content inspection, antivirus, zero-day anti-malware, SSL
inspection, data loss prevention, and broad integration, our portfolio delivers a comprehensive web
security solution available on-premises, as a cloud service, or as a hybrid of both.

Malicious software

Malicious software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

Malware, a portmanteau of malicious software, is any software used to disrupt computer operation,
gather sensitive information, or gain access to private computer systems. Malware is defined by
its malicious intent, acting against the requirements of the computer user, and does not include
software that unintentionally causes harm due to some deficiency. The term barware applies to
both malware and unintentionally harmful software.

A botnet is a network of computers that have been taken over by a robot or bot that performs large-
scale malicious acts for its creator.

Computer viruses are programs that can replicate their structures or effects by infecting other files
or structures on a computer. The typical purpose of a virus is to take over a computer to steal data.

Computer worms are programs that can replicate themselves throughout a computer network.

230
Ransomware is a type of malware that restricts access to the computer system that it infects and
demands a ransom in order for the restriction to be removed.

Scareware is a program of usually limited or no benefit, containing malicious payloads, that is sold
via unethical marketing practices. The selling approach uses social engineering to cause shock,
anxiety, or the perception of a threat, generally directed at an unsuspecting user.

Spyware refers to programs that surreptitiously monitor activity on a computer system and report
that information to others without the user's consent.

One particular kind of spyware is key logging malware. Often referred to as keylogging or
keyboard capturing, is the action of recording (logging) the keys struck on a keyboard.

A Trojan horse, commonly known as a Trojan, is a general term for malware that pretends to be
harmless, so that a user will be convinced to download it onto the computer.

Figure 136: Malicious software

Denial-of-service attacks

231
A denial-of-service attack (DoS) or distributed denial-of-service attack (DDoS) is an attempt to
make a computer resource unavailable to its intended users. It works by making so many service
requests at once that the system is overwhelmed and becomes unable to process any of them. DoS
may target cloud computing systems. According to business participants in an international
security survey, 25% of respondents experienced a DoS attack in 2007 and another 16.8% in
2010.[6] DoS attacks often use bots (or a botnet) to carry out the attack.

Network security is the field of cybersecurity focused on protecting computer networks from cyber
threats. Network security has three chief aims: to prevent unauthorized access to network
resources, to detect and stop cyberattacks and security breaches in progress, and to ensure that
authorized users have secure access to the network resources they need, when they need them.

As networks grow in size and complexity, so does the risk of cyberattack. According to IBM's
most recent Cost of a Data Breach report, 83% of companies have been breached more than once,
and the average breach costs USD 4.35 million. Network security safeguards the integrity of
network resources and traffic to thwart these attacks.

What is network security?

Network security is the field of cybersecurity focused on protecting computer networks from cyber
threats. Network security has three chief aims: to prevent unauthorized access to network
resources, to detect and stop cyberattacks and security breaches in progress, and to ensure that
authorized users have secure access to the network resources they need, when they need them.

As networks grow in size and complexity, so does the risk of cyberattack. According to IBM's
most recent Cost of a Data Breach report, 83% of companies have been breached more than once,
and the average breach costs USD 4.35 million. Network security safeguards the integrity of
network resources and traffic to thwart these attacks.

Types of network security technologies

Network security systems work at two levels: at the perimeter and inside the network.

232
At the perimeter, security controls try to stop cyberthreats from entering the network. But network
attackers sometimes break through, so IT security teams also put controls around the resources
inside the network, like laptops and data. Even if attackers get in, they won't have free reign. This
strategy—layering multiple controls between hackers and potential vulnerabilities—is called
"defence in depth."

To build network security systems, security teams combine the following tools:

Firewalls

A firewall is software or hardware that stops suspicious traffic from entering or leaving a network
while letting legitimate traffic through. Firewalls can be deployed at the edges of a network or
used internally to divide a larger network into smaller subnetworks. If one part of the network is
compromised, hackers are still shut off from the rest.

There are different types of firewalls with different features. Basic firewalls use packet filtering to
inspect traffic. More advanced next-generation firewalls (NGFWs) add intrusion prevention, AI
and machine learning, application awareness and control, and threat intelligence feeds for extra
protection.

Network access control (NAC)

Network access control (NAC) solutions act like gatekeepers, authenticating and authorizing users
to determine who is allowed into the network and what they can do inside. "Authentication" means
verifying that a user is who they claim to be. "Authorization" means granting authenticated users’
permission to access network resources.

NAC solutions are often used to enforce role-based access control (RBAC) policies, in which users'
privileges are based on their job functions. For example, a junior developer might be able to view
and edit code but not push it live. In contrast, senior developers could read, write, and push code
to production. RBAC helps prevent data breaches by keeping unauthorized users away from assets
they are not permitted to access.

233
In addition to authenticating users, some NAC solutions can do risk assessments on users'
endpoints. The goal is to keep unsecured or compromised devices from accessing the network. If
a user tries to enter the network on a device with outdated anti-malware software or incorrect
configurations, the NAC will deny access. Some advanced NAC tools can automatically fix non-
compliant endpoints.

Figure 137: Network access control (NAC)

Intrusion detection and prevention systems (IDPSs)

An intrusion detection and prevention system (IDPS), sometimes called an "intrusion prevention
system" (IPS), can be deployed directly behind a firewall to scan incoming traffic for security
threats. These security tools evolved from intrusion detection systems (IDSs), which only flagged
suspicious activity for review. IDPSs have the added ability to automatically respond to possible
breaches, such as by blocking traffic or resetting the connection.

234
Virtual private networks (VPNs)

A virtual private network (VPN) protects a user's identity by encrypting their data and masking
their IP address and location. When someone uses a VPN, they no longer connect directly to the
internet but to a secure server that connects to the internet on their behalf.

VPNs can help remote workers securely access corporate networks, even though unsecured public
wifi connections like those found in coffee shops and airports. VPNs encrypt a user's traffic,
keeping it safe from hackers who might want to intercept their communications.

Instead of VPNs, some organizations use zero trust network access (ZTNA). Rather than using a
proxy server, ZTNA uses zero-trust access control policies to securely connect remote users. When
remote users log into a network through ZTNA, they don't gain access to the whole network.
Instead, they only gain access to the specific assets they're permitted to use, and they must be
reverified every time they access a new resource. See the section titled "A zero trust approach to
network security" for a closer look at how zero trust security works.

Application security

Application security refers to the steps security teams take to protect apps and application
programming interfaces (APIs) from network attackers. Because many companies today use apps
to carry out key business functions or process sensitive data, apps are a common target for
cybercriminals. And because so many business apps are hosted in public clouds, hackers can
exploit their vulnerabilities to break into private company networks.

Application security measures defend apps from malicious actors. Common application security
tools include web application firewalls (WAFs), runtime application self-protection (RASP), static
application security testing (SAST), and dynamic application security testing (DAST).

Email security

235
The IBM Security X-Force Threat Intelligence Index found that phishing is the most common
initial cyberattack vector. Email security tools can help thwart phishing attacks and other attempts
to compromise users' email accounts. Most email services have built-in security tools like spam
filters and message encryption. Some email security tools feature sandboxes, isolated
environments where security teams can inspect email attachments for malware without exposing
the network.

Figure 138: Email security architecture.

Related security technologies

While the following tools are not strictly network security tools, network administrators often use
them to protect areas and assets on a network.

236
Data loss prevention (DLP) refers to information security strategies and tools that ensure sensitive
data is neither stolen nor accidentally leaked. DLP includes data security policies and purpose-
built technologies that track data flows, encrypt sensitive information, and raise alerts when
suspicious activity is detected.

Endpoint security solutions protect any devices that connect to a network—laptops, desktops,
servers, mobile devices, IoT devices—against hackers who try to use them to sneak into the
network. Antivirus software can detect and destroy trojans, spyware, and other malicious software
on a device before it spreads to the rest of the network. Endpoint detection and response (EDR)
solutions are more advanced tools that monitor endpoint behaviours and automatically respond to
security events. Unified endpoint management (UEM) software allows companies to monitor,
manage, and secure all end-user devices from a single console.

Web security solutions, such as secure web gateways, block malicious internet traffic and keep
users from connecting to suspicious websites and apps.

Network segmentation is a way of breaking large networks down into smaller subnetworks, either
physically or through software. Network segmentation can limit the spread of ransomware and
other malware by walling off a compromised subnetwork from the rest of the network.
Segmentation can also help keep legitimate users away from assets they shouldn't access.

Cloud security solutions protect data centres, apps, and other cloud assets from cyberattacks. Most
cloud security solutions are simply standard network security measures—like firewalls, NACs,
and VPNs— applied to cloud environments. Many cloud service providers build security controls
into their services or offer them as add-ons.

User and entity behaviours analytics (UEBA) uses behavioural analytics and machine learning to
flag abnormal user and device activity. UEBA can help catch insider threats and hackers who have
hijacked user accounts.

237
Enterprise network security solutions

While a defence-in-depth approach can protect a company's network, it also means the IT security
team has to manage a number of separate security controls. Enterprise network security platforms
can help streamline network security management by integrating disparate security tools and
allowing security teams to monitor the whole network from a single console. Common network
security platforms include:

Security information and event management (SIEM) collects information from internal security
tools, aggregates it in a central log, and flags anomalies.

Security orchestration, automation, and response (SOAR) solutions collect and analyse security
data and allow security teams to define and execute automated responses to cyberthreats.

Network detection and response (NDR) tools use AI and machine learning to monitor network
traffic and detect suspicious activity.

Figure 139: Related security technologies

238
Extended detection and response (XDR) is an open cybersecurity architecture that integrates
security tools and unifies security operations across all security layers—users, endpoints, email,
applications, networks, cloud workloads and data. With XDR, security solutions that aren’t
necessarily designed to work together can interoperate seamlessly on threat prevention, detection,
investigation and response. XDR can also automate threat detection, incident triage, and threat
hunting workflows.

A zero-trust approach to network security

Traditional company networks were centralized, with key endpoints, data, and apps located on
premises. Traditional network security systems focused on keeping threats from breaching the
network's perimeter. Once a user got in, they were treated as trustworthy and granted practically
unrestricted access.

However, as organizations pursue digital transformation and adopt hybrid cloud environments,
networks are becoming decentralized. Now, network resources exist across cloud data centres, on-
site and remote endpoints, and mobile and IoT devices.

Perimeter-based security controls are less effective in distributed networks, so many IT security
teams are shifting to zero-trust network security frameworks. Instead of focusing on the perimeter,
zero-trust network security places security controls around individual resources. Users are never
implicitly trusted. Every time a user tries to access a resource, they must be authenticated and
authorized, regardless of whether they're already on the company network. Authenticated users are
only granted least-privilege access, and their permissions are revoked as soon as their task is done.

Zero trust network security relies on granular access policies, continuous validation, and data
gathered from as many sources as possible — including many of the tools outlined above — to
ensure that only the right users can access the right resources for the right reasons at the right time.

239
Figure 140: A zero trust approach to network security

240