UNIT III:

Digital Signatures: Elgamal Digital Signature Scheme, Schnorr Digital Signature NIST
Digital Signature Algorithm
Electronic Mail Security: Internet Mail Architecture, Email Formats, Email Threats
and Comprehensive Email Security, S/MIME. IP Security: IP Security Policy,
Encapsulating Security Payload, Combining Security Associations Internet Key Exchange

Digital Signatures: Elgamal Digital Signature Scheme:

The ElGamal Digital Signature Scheme is a cryptographic algorithm used to ensure the
authenticity and integrity of a message. It is based on the ElGamal encryption system and
relies on the difficulty of the discrete logarithm problem for security.
ElGamal Digital Signature Scheme
 The ElGamal Digital Signature Scheme is a public key cryptographic
algorithm used for generating and verifying digital signatures. It is
based on the principles of the ElGamal encryption system and the
discrete logarithm problem.
ElGamal Digital Signature Scheme
 The ElGamal Digital Signature Scheme is a public key cryptographic
algorithm used for generating and verifying digital signatures. It is
based on the principles of the ElGamal encryption system and the
discrete logarithm problem

Overview of ElGamal Digital Signature Scheme Overview of ElGamal Digital Signature

Scheme

It involves three main processes:

1. Key Generation
2. Signature Generation
3. Signature Verification

1. Key Generation

Choose a generator g of the multiplicative group of integers modulo p, i.e., g ∈ Zₚ*.

 Choose a large prime number p.

 Select a private key x, where 1 < x < p−1.
 Compute the public key: y = g^x mod p.

Public key: (p, g, y)

Private key: x

2. Signature Generation

To sign a message M:
 1. Choose a random number k such that 1 < k < p−1 and gcd(k, p−1) = 1.
2. Compute r = g^k mod p.
3. Compute k⁻¹ mod (p−1) (the modular inverse of k).
4. Compute the hash of the message H(M).
5. Compute s = k⁻¹ (H(M) − x·r) mod (p−1).

Signature: (r, s)

3. Signature Verification

To verify a signature (r, s) on message M:

1. Check that 0 < r < p and 0 < s < p−1.

2. Compute H(M).
3. Check whether:

yr⋅rs≡gH(M)mod py^r \cdot r^s \equiv g^{H(M)} \mod pyr⋅rs≡gH(M)modp

If the equality holds, the signature is valid.

Security Basis

 Based on the discrete logarithm problem.

 The randomness of k is crucial—reusing k can expose the private key.
 Hashing the message (H(M)) adds resistance to forgery and collision attacks.

Schnorr Digital Signature NIST Digital Signature Algorithm

The Schnorr digital signature scheme and the NIST Digital Signature Algorithm
(DSA) are both digital signature algorithms, but they differ in their design and
security properties

The Schnorr digital signature scheme is a method for creating digital signatures based on the
difficulty of solving the discrete logarithm problem. It involves choosing a public key, a
private key, and a random number, then performing mathematical operations to generate a
signature for a message. This signature can then be verified using the public key and the
message.
Key Steps in the Schnorr Signature Scheme:
1. 1. Key Generation:
 Choose a large prime number p and its prime factor q.
 Choose an integer α such that α^q = 1 mod p.
 Choose a private key s with 0 < s < q.
 Calculate the public key v = α^s mod p.
2. 2. Signature Generation:
 Choose a random integer r with 0 < r < q.
 Calculate x = α^r mod p.
 Hash the message M and x to get a challenge e = H(M || x).
 Compute the signature value y = (r + s * e) mod q.
 The signature is the pair (y, e).
3. 3. Signature Verification:
 The verifier calculates x' = α^y * v^e mod p.
 If x' = x (the original value calculated during signature generation) and e = H(M
|| x) (the same hash value), the signature is valid.
Example:
Let's assume we have the following parameters:
 p = 17
 q=5
 α=2
 Private key s = 3
 Message M = "Hello, World!"
 Hash function H = SHA256
1. Key Generation:
 Public key v = α^s mod p = 2^3 mod 17 = 8 mod 17 = 8.
2. Signature Generation:
 Random number r = 4.
 x = α^r mod p = 2^4 mod 17 = 16 mod 17 = 16.
 Hash e = H("Hello, World!" || 16) = 0x.... (The actual hash value would depend on the
SHA256 implementation)
 y = (r + s * e) mod q = (4 + 3 * e) mod 5 = (4 + 3 * 0x...) mod 5 = ... mod 5.
 The signature is (y, e).
3. Verification:
 The verifier calculates x' = α^y * v^e mod p = 2^y * 8^e mod 17.
 If x' = 16 and e = 0x... (the same hash), the signature is valid.
Here's a more detailed explanation:
Key Features and Uses:
 Asymmetric Encryption:
DSA uses a pair of keys, a public key and a private key, for digital signature generation
and verification.
 Digital Signature Generation:
The private key is used to create a signature that proves the message's authenticity and
integrity.
 Digital Signature Verification:
The public key is used to verify the signature, confirming the message's origin and that it
hasn't been tampered with.
 Applications:
DSA is used in various applications, including:
 Authenticating the sender of a message.
 Ensuring the integrity of data, preventing unauthorized changes.
 Providing non-repudiation, meaning the sender cannot deny sending a message.
 Security:
DSA relies on the difficulty of solving discrete logarithm problems to ensure security.
 NIST's Role:
The National Institute of Standards and Technology (NIST) standardized DSA as part of
the Digital Signature Standard (DSS) to provide a reliable and secure method for digital
signatures.
How DSA Works:
1. 1. Key Generation:
A pair of public and private keys is generated using a mathematical process based on
prime numbers and their properties.
2. 2. Signature Generation:
 A random number is generated.
 The message is hashed using a cryptographic hash function (e.g., SHA-256,
SHA-3).
 The signature is generated by performing calculations using the hash, the random
number, the private key, and other parameters.
3. 3. Signature Verification:
 The receiver uses the sender's public key to verify the signature.
 The receiver also uses the same hash function used by the sender.
  By performing calculations with the public key, the hash, and the signature, the
receiver can confirm that the signature is valid and that the message hasn't been
altered.

Electronic Mail Security

Internet Mail Architecture

At a high level, the email system involves the following major components:

1. User Agents (UA)

2. Mail Transfer Agents (MTA)
3. Mail Delivery Agents (MDA)
4. Message Stores
5. Mail Access Agents (MAA)

. User Agent (UA)

 Email client software (e.g., Outlook, Thunderbird).

 Allows users to compose, send, receive, and read emails.

2. Mail Transfer Agent (MTA)

 Responsible for routing and forwarding email.

 Examples: Sendmail, Postfix, Exim.
 Uses SMTP (Simple Mail Transfer Protocol) to send emails between servers.

3. Mail Delivery Agent (MDA)

 Delivers mail to the recipient's mailbox on the server.

 Accepts messages from the MTA and places them in the user's inbox.

4. Message Stores

 Storage area (e.g., mbox or Maildir format) where emails reside until retrieved.
 Managed by the server hosting the user's mailbox.

5. Mail Access Agent (MAA)

 Allows users to access their mailbox remotely.

 Protocols:
o POP3 (Post Office Protocol v3): Downloads and deletes mail from server.
o IMAP (Internet Message Access Protocol): Allows online access and mail
folder management.

🔄 Email Flow: Step-by-Step

1. Composition & Submission

 oUA uses SMTP to submit the message to an MTA.
2. Relaying & Routing
o MTA relays the email across the internet (through multiple MTAs if needed).
3. Delivery
o The final MTA passes the message to the MDA for storage in the recipient's
mailbox.
4. Access
o The recipient’s UA retrieves the email using an MAA (via IMAP or POP3).

📡 Common Protocols Used

Protocol Purpose Used By

SMTP Sending mail UA → MTA, MTA → MTA
POP3 Downloading mail UA ← MAA
IMAP Managing/accessing mail UA ↔ MAA

E-Mail Format
Electronic Mail (e-mail) is one of the most widely used services of the Internet. This
service allows an Internet user to send a message in a formatted manner (mail) to other
Internet users in any part of the world. Message in the mail not only contain text, but it also
contains images, audio and videos data. The person who is sending mail is
called sender and person who receives mail is called the recipient. It is just like postal mail
service.
Format of E-mail :
An e-mail consists of three parts that are as follows :
1)Envelope
2. Header
3. Body
These are explained as following below.
1. Envelope :
The envelope part encapsulates the message. It contains all information that is required for
sending any e-mail such as destination address, priority and security level. The envelope is
used by MTAs for routing message.
2. Header :
The header consists of a series of lines. Each header field consists of a single line of ASCII
text specifying field name, colon and value. The main header fields related to message
transport are :
1. To: It specifies the DNS address of the primary recipient(s).
2. Cc : It refers to carbon copy. It specifies address of secondary recipient(s).
3. BCC: It refers to blind carbon copy. It is very similar to Cc. The only difference
between Cc and Bcc is that it allow user to send copy to the third party without
primary and secondary recipient knowing about this.
4. From : It specifies name of person who wrote message.
5. Sender : It specifies e-mail address of person who has sent message.
6. Received : It refers to identity of sender’s, data and also time message was
received. It also contains the information which is used to find bugs in routing
system.
7. Return-Path: It is added by the message transfer agent. This part is used to
specify how to get back to the sender.
3. Body:- The body of a message contains text that is the actual content/message that needs
to be sent, such as “Employees who are eligible for the new health care program should
contact their supervisors by next Friday if they want to switch.” The message body also
may include signatures or automatically generated text that is inserted by the sender’s email
system.
The above-discussed field is represented in tabular form as follows :

Header Meaning

To: E-mail address of primary receipt(s).

Cc: E-mail address of secondary receipt(s).

Bcc: E-mail address for blind carbon copies.

From: Person or people who have created a message.

 Header Meaning

Sender: E-mail address of the actual sender.

Received: It is used to specify how to get back to the sender.

Return-
It can be used to identify a path back to the sender.
Path

In addition to above-discussed fields, the header may also contain a variety of other fields
which are as follows :

Header Meaning

Date: Date and time when the message was sent.

Reply-To: It contains e-mail address to which replies should be sent.

Message-Id: It refers to the unique number for referencing this message later.

In-Reply-To: Message-Id of a message to which this is as a reply.

References: It contains other relevant message-ids.

Keywords: User-chosen keywords.

Subject: It contains short summary of message for one-line display.

Email Protocols
Email protocols are a collection of protocols that are used to send and receive emails
properly. The email protocols provide the ability for the client to transmit the mail to or
from the intended mail server
The primary email protocols are SMTP for sending, and MIME for enhancing email
capabilities by enabling the transmission of various content types, including non-ASCII
characters, attachments, and multimedia.

Here's a breakdown of how MIME enhances email capabilities:

1. SMTP (Simple Mail Transfer Protocol):

 SMTP is the protocol that handles the actual sending of email messages between mail
servers.
 It's designed to be simple and reliable for transferring text-based messages.
 Historically, SMTP was limited to 7-bit ASCII text, which meant that it couldn't
handle non-English characters, multimedia files, or complex formatting.
2. MIME (Multipurpose Internet Mail Extensions):
  MIME is an extension of SMTP that allows for the transmission of diverse content
types beyond simple text.
 It enables the inclusion of multimedia content (audio, video, images, etc.),
attachments, and non-ASCII characters in email messages.
 MIME achieves this by defining different content types and encoding non-ASCII data
in a way that can be transmitted by SMTP.
How MIME Enhances Email Capabilities:

1. 1. Handling Multimedia Content:

MIME allows the inclusion of various file types like images, audio, and video, making
email communication more engaging and versatile.
2. 2. Supporting Non-ASCII Characters:
MIME can handle emails in different languages and character sets beyond standard
ASCII.
3. 3. Enabling Attachments:
MIME enables the sending of various attachments like documents, presentations, and
spreadsheets, making email a more powerful tool for sharing information.
4. 4. Supporting Different Content Formats:
MIME can handle email messages with different formats, including plain text, HTML,
and combinations of both.
5. 5. Improving Email Reliability:
By defining content types and encoding data, MIME ensures that emails are transmitted
correctly, even when they contain non-ASCII characters or attachments.
Email Threats and Comprehensive Email Security
Email threats like phishing, malware, and ransomware pose significant risks to individuals
and organizations, leading to data breaches, financial losses, and reputational
damage. Comprehensive email security involves a multi-layered approach, including
implementing strong passwords, enabling multi-factor authentication, keeping software up-
to-date, and educating users about phishing and other email threats.
Email Threats:
 Phishing: Attackers impersonate legitimate entities to trick users into revealing
sensitive information or clicking malicious links.
 Malware: Harmful software, such as viruses and ransomware, can be delivered
through email attachments or links, damaging systems or encrypting files.
 Business Email Compromise (BEC): Attackers impersonate business contacts to
steal money or sensitive data.
 Spam: Unsolicited emails can carry malware or be used for phishing.
 Spoofing: Attackers forge email headers to make emails appear to originate from
legitimate sources.
Comprehensive Email Security Measures:
 Strong Passwords & Multi-Factor Authentication (MFA):
Use unique, strong passwords for email accounts and enable MFA for an extra layer of
security.
 Software Updates:
Keep email clients, operating systems, and other software updated to patch
vulnerabilities.
 Antivirus and Anti-Malware Software:
Use reputable software to scan incoming and outgoing emails for threats.
 User Education:
Train users to identify phishing attempts, suspicious emails, and malicious attachments.
 Email Security Solutions:
Consider email security solutions that offer advanced threat protection, including URL
and attachment scanning, as well as spam filtering.
 Data Loss Prevention (DLP):
Implement DLP tools to monitor and prevent unauthorized transfer of sensitive data.
 Data Encryption:
Encrypt sensitive email content to protect it from unauthorized access during
transmission and storage.
 Incident Response Plan:
Develop a plan to address data breaches and other email security incidents.
 Regular Backups:
Maintain regular backups of email data to ensure recovery in case of a breach.
S/MIME: Explain the What is S/MIME (Secure/Multipurpose Internet Mail
Extensions) and how does it work?
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that adds security to
email communication by encrypting email content and digitally signing messages. It ensures
confidentiality and message integrity, meaning the content is protected from unauthorized
access and tampering, and verifies the sender's identity. S/MIME uses asymmetric
cryptography, which involves a public key for encryption and a private key for decryption, to
achieve these security goals.

How S/MIME Works:

1. 1. Digital Signing:
The sender uses their private key to create a digital signature for the email, which
verifies their identity and confirms the message's integrity.
2. 2. Encryption:
The sender uses the recipient's public key to encrypt the email, ensuring only the
intended recipient can decrypt it with their corresponding private key.
3. 3. Delivery:
The encrypted and signed email is sent to the recipient.
4. 4. Decryption and Verification:
The recipient uses their private key to decrypt the email and uses the sender's public key
to verify the digital signature, ensuring the message's authenticity and integrity.

S/Mime Structure

Benefits of using S/MIME:

 Confidentiality: Ensures that email content remains private and cannot be accessed
by unauthorized parties.
 Authentication: Verifies the sender's identity and ensures that the email is genuine.
 Integrity: Guarantees that the email hasn't been altered during transit.
 Enhanced Security: Provides a robust layer of security for email communications,
reducing the risk of phishing and other email-related threats
IP Security:
IP Security (IPSec) refers to a collection of communication rules or protocols used to
establish secure network connections. Internet Protocol (IP) is the common standard that
controls how data is transmitted across the internet. IPSec enhances the protocol security by
introducing encryption and authentication.

IP Security Policy:
 An IP Security Policy defines how IPsec will be used to secure network traffic.
 It establishes rules for which traffic is protected, and the security services
(authentication, integrity, confidentiality) that should be applied.
 IPsec policies are essential for configuring and managing IPsec
IPSec majorly operates in two ways i.e. Transport Mode and Tunnel Mode.
To provide security, IPSec uses two main protocols: AH (Authentication
Header) and ESP (Encapsulating Security Payload).
Encapsulating Security Payload

Encapsulating security payload, also abbreviated as ESP plays a very important role in
network security. ESP or Encapsulating security payload is an individual protocol in IPSec.
ESP is responsible for the CIA triad of security (Confidentiality, Integrity, Availability),
which is considered significant only when encryption is carried along with them. Securing
all payload/ packets/ content in IPv4 and IPv6 is the responsibility of ESP.
Working of ESP:
1. Encapsulating Security Payload supports both main Network layer protocols:
IPv4 and IPv6 protocols.
2. It performs the functioning of encryption in headers of Internet Protocol or in
general say, it resides and performs functions in IP Header.
3. One important thing to note here is that the insertion of ESP is between Internet
Protocol and other protocols such as UDP/ TCP/ ICMP.
Modes in ESP:
Encapsulating Security Payload supports two modes, i.e. Transport mode, and tunnel mode.
Tunnel mode:
1. Mandatory in Gateway, tunnel mode holds utmost importance.
2. Here, a new IP Header is created which is used as the outer IP Header followed
by ESP.
Transport mode:
1. Here, IP Header is not protected via encryption or authentication, making it
vulnerable to threats
2. Less processing is seen in this mode, so the inclusion of ESP is preferred
Advantages:
Below listed are the advantages of Encapsulating Security Payload:
1. Encrypting data to provide security
2. Maintaining a secure gateway for data/ message transmission
3. Properly authenticating the origin of data
4. Providing needed data integrity
5. Maintaining data confidentiality
6. Helping with antireplay service using authentication header
Disadvantages:
Below listed are the disadvantages of Encapsulating Security Payload:
1. There is a restriction on the encryption method to be used
2. For global use and implementation, weaker encryptions are mandatory to use
Components of ESP:
An important point to note is that authentication and security are not provided for the entire
IP packet in transport mode. On the other hand for the tunnel mode, the entire IP packet
along with the new packet header is encapsulated.
ESP structure is composed of the following parts as shown below :

ESP Structure
The diagrammatic representation of ESP has the below-mentioned components :
1. Security Parameter :
 Security parameters are assigned a size of 32 bits for use
 Security Parameter is mandatory to security parameter in ESP for security links
and associations
2. Sequence Number:
 The sequence number is 32 bits in size and works as an incremental counter.
 The first packet has a sequence number 1 assigned to it whenever sent through
SA
3. Payload Data:
 Payload data don't have fixed size and are variable in size to use
 It refers to the data/ content that is provided security by the method of
encryption
4. Padding:
 Padding has an assigned size of 0-255 bytes assigned to it.
 Padding is done to ensure that the payload data which needs to be sent securely
fits into the cipher block correctly, so for this padding payloads come to the
rescue.
5. Pad Length:
 Pad Length is assigned the size of 8 bits to use
 It is a measure of pad bytes that are preceding
6. Next Header:
 The next header is associated with a size of 8 bits to use
 It is responsible for determining the data type of payload by studying the first
header of the payload
7. Authentication Data:
 The size associated with authentication data is variable and never fixed for use-
case
 Authentication data is an optional field that is applicable only when SA is
selected. It serves the purpose of providing integrity
COMBINING SECURITY ASSOCIATIONS
Combining Security Associations (SAs) in IPsec refers to the process of using
multiple SAs together to enhance security, often by applying different security
protocols to the same packet or by nesting SAs. This can be achieved through two
main methods: transport adjacency and iterated tunneling.

 Security associations may be combined into bundles in two ways:

Methods of Combining SAs:

 Transport Adjacency:
This method directly applies security protocols to packets without tunneling. It allows
for one level of combination, where SAs might terminate at different or the same
endpoints.
 Iterated Tunneling:
This method involves multiple layers of tunneling, enabling multiple levels of nesting as
packets pass through different IPsec tunnels. This allows for more complex security
scenarios
 

Basic Combinations of Security Associations

The IPsec Architecture document lists four examples of combinations of SAs that must be
supported by compliant IPsec hosts (e.g., workstation, server) or security
gateways (e.g. firewall, router). These are illustrated in Figure 19.10. The lower part
Internet Key Exchange (IKE) in Network Security
What is the Internet Key Exchange (IKE) protocol? Describe its phases and how it helps
in key management in IPsec.
The Internet Key Exchange (IKE) is a key management protocol that establishes a secure
channel between two devices using IPsec. It facilitates the negotiation and management of
security associations (SAs) needed for secure IP communication. IKE works through two
phases: Phase 1, which sets up the initial secure channel, and Phase 2, which negotiates the
specific IPsec SAs for data traffic.

Phase 1: This phase focuses on establishing a secure channel between the two devices, often
referred to as the ISAKMP tunnel or IKE tunnel. In Phase 1, the devices exchange
information to agree on:

 Authentication methods: How the devices will verify each other's identities (e.g.,
pre-shared keys, digital certificates).
  Encryption algorithms: The algorithms used to encrypt the channel.
 Hash functions: The algorithms used for integrity protection.
 Key exchange protocols: How the devices will agree on a shared secret key (e.g.,
Diffie-Hellman).
Phase 2: Once the ISAKMP tunnel is established, Phase 2 negotiates the specific IPsec SAs
that will be used for protecting data traffic. In this phase, the devices:

 Specify IPsec parameters:

The specific IPsec protocols (AH or ESP) and encryption/authentication algorithms to be
used for data traffic.
 Exchange security proposals:
Devices suggest different algorithms and parameters to be used in the IPsec SAs.
 Establish security associations:
Once agreed upon, these SAs are used to protect the data traffic flowing through the
IPsec tunnel.
How IKE helps in key management for IPsec:

 Secure Channel:
IKE establishes a secure, authenticated channel (the ISAKMP tunnel) over which IPsec
SAs can be negotiated.
 Key Exchange:
IKE facilitates the exchange of cryptographic keys between the devices, ensuring that
only the intended parties have access to the keys.
 Security Association Management:
IKE manages the establishment and modification of IPsec SAs, ensuring that devices
have the necessary parameters for secure communication.
 Protection of Data Traffic:
By setting up the secure channel and negotiating IPsec SAs, IKE ensures that data traffic
flowing through the tunnel is protected by the agreed-upon encryption and
authentication methods.

Network Security refers to the measures taken by any enterprise or organization to secure
its computer network and data using both hardware and software systems. Internet Key
Exchange(IKE) is a key management protocol used to secure communication and key
exchange between two devices over any network. Key exchange is done in two ways:
Manual Key Exchange
In Manual Key Exchange, the system administrator manually configures each system with
their keys. This method is suitable for small and static systems.
Automated Key Exchange
The keys will be created or generated based on the demand or requirement. This method is
suitable for large and distributed systems. Automated Key Exchange has two main
methods:
 Oakley Key Determination Protocol: Oakley key determination protocol is
based on the Diffie-Hellman key exchange protocol with some added security. It
is a generic protocol.
 ISAKMP(Internet Security Association and Key Management Protocol): It
provides a framework for key exchange and specific support i.e the protocol can
be either Authentication Header or Encapsulation Security Protocol.
 SKEME Protocol: It is a key exchange technique that provides anonymity, non-
repudiation, and refreshment.
Phases of Internet Key Exchange(IKE)
IKE can be done in two phases:
IKE Phase-1
There will be two devices i.e. sender and receiver. Initially, the sender will exchange the
proposals for security services like encryption algorithms. authentication algorithm, hash
function, etc. The sender and receiver will form a security association which is a collection
of parameters that the two devices use. Here, the ISAKMP session is established and called
the ISAKMP tunnel or Internet Key Exchange(IKE) Phase-1 tunnel which is bi-directional.
When both ends of the tunnel agree to accept a set of security parameters, Phase-1 is done.
Modes in Phase-1: In Phase-1, we have two modes:
 Main mode: The main mode of phase-1 uses six messages to secure the key
exchange and the Main mode is the more secure. It allows hiding the end-point
identifiers and the ability to select the crypto algorithms. In the six messages:
The first two messages negotiate the policy and the next two messages depict the
Diffie-hellman public values necessary for key exchange and the next two
messages are used to authenticate the Diffie-hellman exchange.
 Aggressive mode: The Aggressive mode of phase-1 uses three messages and it
is less secure than the Main mode. It doesn't allow hiding the endpoints.

Phase-1
IKE Phase-2
There will be two devices i.e. sender and receiver. Once the sender and receiver established
the ISAKMP tunnel in phase-1 they move to phase-2. phase-2 always operates in Quick
mode. Here the security associations and services between the two devices are negotiated.
The devices will choose which protocol(Authentication Header or Encapsulation Security
Protocol) and which algorithm to use.

Phase-2