Coupon Accepted Successfully!


Network Security


To secure data, one has to ensure that it makes sense only to those for whom it is meant. This is the case for data transactions where we want to prevent eavesdroppers from listening to and stealing data.

The various issues in Network security are as follows:

  1. Authentication: We have to check that the person who has requested for something or has sent an e-mail is indeed allowed to do so. In this process we will also look at how the person authenticates his identity to a remote machine.
  2. Integrity: We have to check that the message which we have received is indeed the message which was sent. Here CRC will not be enough because somebody may deliberately change the data. Nobody along the route should be able to change the data.
  3. Confidentiality: Nobody should be able to read the data on the way so we need Encryption
  4. Non-repudiation: Once we sent a message, there should be no way that we can deny sending it and we have to accept that we had sent it.
  5. Authorization: This refers to the kind of service which is allowed for a particular client. Even though a user is authenticated we may decide not to authorize him to use a particular service.

To ensure all this, we take the help of cryptography. We can have two kinds of encryption :

  1. Symmetric Key Encryption: There is a single key which is shared between the two users and the same key is used for encrypting and decrypting the message.
  2. Public Key Encryption: There are two keys with each user : a public key and a private key. The public key of a user is known to all but the private key is not known to anyone except the owner of the key. If a user encrypts a message in his private key then it can be decrypted by anyone by using the sender’s public key. To send a message securely, we encrypt the message in the public key of the receiver which can only be decrypted by the user with his private key.

Key Exchange in Symmetric Key Schemes


The sender first encrypts the message using the symmetric key. Then the sender encrypts the symmetric key first using it’s private key and then using the receiver’s public key. So we are doing the encryption twice. If we send the certificate also along with this then we have authentication also. So what we finally send looks like this:

Z :    Certificatesender + Publicreciever ( Privatesender ( Ek ) ) + Ek ( M )

Here Ek stands for the symmetric key and Ek ( M ) for the message which has been encrypted in this symmetric key.

However this still does not ensure integrity. The reason is that if there is some change in the middle element, then we will not get the correct key and hence the message which we decrypt will be junk. So we need something similar to CRC but slightly more complicated. This is because somebody might change the CRC and the message consistently. This function is called Digital Signature.

Digital Signatures

Suppose A has to send a message to B. A computes a hash function of the message and then sends this after encrypting it using its own private key. This constitutes the signature produced by A. B can now decrypt it, recompute the hash function of the message it has received and compare the two. Obviously, we would need the hash functions to be such that the probability of two messages hashing to the same value is extremely low. Also, it should be difficult to compute a message with the same hash function as another given message. Otherwise any intruder could replace the message with another that has the same hash value and leave the signatures intact leading to loss of integrity. So the message along with the digital signature looks like this :

Z + Privatesender ( Hash ( M ) )

Key exchange in symmetric key schemes is a tricky business because anyone snooping on the exchange can get hold of the key if we are not careful and since there is no public-private key arrangement here, he can obtain full control over the communication.

Test Your Skills Now!
Take a Quiz now
Reviewer Name