UNIT I

INTRODUCTION

Basics of cryptography, conventional and public-key cryptography, hash functions,

authentication, and digital signatures.

Security:

Security is a broad and crucial concept that encompasses various measures and practices
designed to protect individuals, organizations, systems, and data from threats, attacks, and
unauthorized access. It is a multidimensional field that spans physical, digital, and information
security. Here are some key aspects of security:
1. Cybersecurity:
 Focuses on safeguarding computer systems, networks, and data from cyber threats.
 Includes measures such as firewalls, antivirus software, encryption, and regular software
updates.
2. Network Security:
 Concerned with securing communication networks to prevent unauthorized access, data
interception, and other network-based attacks.
 Involves the use of firewalls, intrusion detection/prevention systems, and virtual private
networks (VPNs).
3. Information Security:
 Encompasses the protection of sensitive information and data.
 Involves data encryption, access controls, secure data storage, and employee training on
data handling.

1.Basics Of Cryptography:

Cryptography:
According to “Phil Zimmermann”,
- Cryptography is the science of using mathematics to encrypt and decrypt data.

According to “Bruce Schneier”,

- Cryptography is the art and science of keeping messages secure.
 The art and science of concealing the messages to introduce secrecy in information
security is recognized as cryptography.

Terminologies Of Cryptography:
1. Cipher:
 A system or algorithm for encrypting and decrypting data.
2. Encryption:
 The process of converting plaintext (unencrypted data) into ciphertext (encrypted data)
using an algorithm and a key.
3. Decryption:
 The process of converting ciphertext back into plaintext using the appropriate key.
4. Key:
 A parameter used in cryptographic algorithms to control the transformation of plaintext
into ciphertext (encryption) or vice versa (decryption).
5. Symmetric Key Cryptography:
 A type of cryptography where the same key is used for both encryption and decryption.
6. Asymmetric Key Cryptography (Public Key Cryptography):
 A type of cryptography that uses a pair of public and private keys. The public key is
used for encryption, while the private key is used for decryption.
7. Public Key:
 The key in an asymmetric key pair that is shared openly and is used for encryption.
8. Private Key:
 The key in an asymmetric key pair that must be kept secret and is used for decryption.
9. Hash Function:
 A one-way mathematical function that transforms input data into a fixed-size string of
characters, often used for data integrity verification.
10. Digital Signature:
 A cryptographic technique that verifies the authenticity and integrity of a message or
document using a digital key pair.
11. Certificate Authority (CA):
 A trusted entity that issues digital certificates to verify the ownership of a public key.
12. Digital Certificate:
 A digitally signed document that binds a public key to an individual or entity, providing
a means for others to verify the authenticity of the public key.
13. Plaintext:
 The original, unencrypted text or data.
14. Ciphertext:
 The encrypted output resulting from applying an encryption algorithm to plaintext using
a key.
15. Cryptanalysis:
 The study of techniques to break cryptographic systems or to find weaknesses in them.
16. Nonce:
 A "number used once," often a random or pseudo-random value, used to protect against
certain types of attacks in cryptographic protocols.
17. Zero-Knowledge Proof:
 A cryptographic method where one party proves to another that they know a specific
piece of information without revealing the information itself.
18. Man-in-the-Middle (MitM) Attack:
 An attack where an adversary intercepts and potentially alters the communication
between two parties without their knowledge.

The Osi Security Architecture

The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as follows:
Security attack – Any action that compromises the security of information
owned by an organization
Security mechanism – A mechanism that is designed to detect, prevent or
recover from a security attack
Security service – A service that enhances the security of the data processing
systems and the information transfers of an organization.
Security Trends:
The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system
resources (includes hardware, software, firmware, information/ data, and telecommunications)
This definition introduces three key objectives that are at the heart of computer security:
• Confidentiality: This term covers two related concepts:
 Data confidentiality: Assures that private or confidential information is not made available
or disclosed to unauthorized individuals.
 Privacy: Assures that individuals control or influence what information related to them may
be collected and stored and by whom and to whom that information may be disclosed.
• Integrity: This term covers two related concepts:
 Data integrity: Assures that information and programs are changed only in a specified and
authorized manner.
 System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.
• Availability: Assures that systems work promptly and service is not denied to authorized
users
These three concepts form what is often referred to as the CIA triad.

CIA Triad

Security Attack:
There are two types of attacks
 Passive attacks
 Active attacks

Passive attack
 Passive attacks attempt to learn or make use of information from the system
but do not affect system resources. The goal of the opponent is to obtain information
that is being transmitted.

Passive attacks are of two types

 Release of message contents
 Traffic analysis

Release of message contents: The opponent would learn the contents of the
transmission. A telephone conversation, an e-mail message and a transferred
file may contain sensitive or confidential information. We would like to
prevent the opponent from learning the contents of these transmissions.
Traffic analysis: The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages
being exchanged. This information might be useful in guessing the nature of
the communication that was taking place. Passive attacks are very difficult to
detect, because they do not involve any alteration of the data. However, it is
feasible to prevent the success of these attacks.

Active attacks

These attacks involve some modification of the data stream or the creation of a false
stream.
Active attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity. Here, the attacker
capturers the authentication and impersonifies the sender.

Replay – The attacker captures the message and retransmits the message without
modification to produce unauthorized effect.

Modification of messages – The attacker captures the message and retransmits the
message with modification to produce unauthorized effect.

Denial of service – The attacker may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages so as to degrade
performance.
It is quite difficult to prevent active attacks absolutely, because to do so would
require physical protection of all communication facilities and paths at all times.
Instead, the goal is to detect them and to recover from any disruption or delays
caused by them.
ACTIVE ATTACK VS PASSIVE ATTACK:

ACTIVE ATTACK PASSIVE ATTACK

In an active attack, Modification in While in a passive attack, Modification in the information

information takes place. does not take place.

Active Attack is a danger to Integrity as well

Passive Attack is a danger to Confidentiality.
as availability.

In an active attack, attention is on prevention. While in passive attack attention is on detection.

Due to active attacks, the execution system is While due to passive attack, there is no harm to the
always damaged. system.

In an active attack, Victim gets informed While in a passive attack, Victim does not get informed
about the attack. about the attack.

In an active attack, System resources can be While in passive attack, System resources are not
changed. changing.

Active attack influences the services of the While in a passive attack, information and messages in
system. the system or network are acquired.

Active attack can be easily detected.

Passive attack is very difficult to detect.

An active attack is tough to restrict from Passive Attack is easy to prohibit in comparison to active
entering systems or networks. attack.

In an active attack, information collected While passive attacks are performed by collecting
through passive attacks is used during information such as passwords, and messages by
execution. themselves.

The purpose of an active attack is to harm the The purpose of a passive attack is to learn about the
ecosystem. ecosystem.

In an active attack, the original information is

In passive attack original information is Unaffected.
modified.
ACTIVE ATTACK PASSIVE ATTACK

The duration of an active attack is short. The duration of a passive attack is long.

The prevention possibility of active attack is

The prevention possibility of passive attack is low.
High

Complexity is High Complexity is low.

THREATS VS ATTACK:

THREAT ATTACK

Can be intentional or unintentional It is intentional

May or may not be malicious It is malicious

Circumstance that has the ability to cause damage Objective is to cause damage

Chance for information alteration and damage is

Information may or may not be altered or damaged
very high

Comparatively hard to detect Comparatively easy to detect

Cannot be blocked by just controlling the

Can be blocked by control of vulnerabilities
vulnerabilities

Can be initiated by the system itself as well as by

Is always initiated by an outsider (system or user)
outsider

Can be classified into Physical threat, internal Can be classified into Virus, Spyware, Phishing,
threat, external threat, human threat, and non- Worms, Spam, Botnets, DoS attacks, Ransomware,
physical threat. Breaches.

Model For Network Security:

Encryption/Decryption methods fall into two categories.
 Symmetric key
 Public key
In symmetric key algorithms, the encryption and decryption keys are known both
to sender and receiver. The encryption key is shared and the decryption key is
easily calculated from it. In many cases, the encryption and decryption keys are
thesame. In public key cryptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information known
to the receiver.

A message is to be transferred from one party to another across some sort of internet.
The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is established by
 defining a route through the internet from source to destination
and by thecooperative use of communication protocols (e.g.,
TCP/IP) by the two principals.

All the techniques for providing security have two components:

 A security-related transformation on the information to be
sent. Examples include the encryption of the message, which
scrambles the message so that it is unreadable by the
opponent.
 Some secret information shared by the two principals and, it
is hoped, unknown to the opponent. An example is an
encryption key used in conjunction with the transformation to
scramble the message before transmission.

Conventional And Public-Key Cryptography:

Conventional encryption is a cryptographic system that uses the same key
used by the sender to encrypt the message and by the receiver to decrypt the
message. It was the only type of encryption in use prior to the development of
public-key encryption.
. Suppose A wants to send a message to B, that message is called plaintext.
Now, to avoid hackers reading plaintext, the plaintext is encrypted using an
algorithm and a secret key (at 1). This encrypted plaintext is called ciphertext.
Using the same secret key and encryption algorithm run in reverse(at 2), B can
get plaintext of A, and thus the message is read and security is maintained.

Conventional encryption has mainly 5 ingredients :

1. Plain text –
It is the original data that is given to the algorithm as an input.

2. Encryption algorithm –
This encryption algorithm performs various transformations on plain text to
convert it into ciphertext.

3. Secret key –
The secret key is also an input to the algorithm. The encryption algorithm
will produce different outputs based on the keys used at that time.

4. Ciphertext –
It contains encrypted information because it contains a form of original
plaintext that is unreadable by a human or computer without proper cipher
to decrypt it. It is output from the algorithm.

5. Decryption algorithm –
This is used to run encryption algorithms in reverse. Ciphertext and Secret
key is input here and it produces plain text as output.
Advanced Encryption Standard (AES)
AES performs operations on bytes of data rather than in bits. Since the block
size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at
a time.

The number of rounds depends on the key length as follows :

 128 bit key – 10 rounds

 192 bit key – 12 rounds
 256 bit key – 14 rounds

Creation of Round keys :

A Key Schedule algorithm is used to calculate all the round keys from the key.
So the initial key is used to create many different round keys which will be
used in the corresponding round of the encryption.
Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a
column major arrangement.
[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]
Each round comprises of 4 steps :

 SubBytes
 ShiftRows
 MixColumns
 Add Round Key
SubBytes :
This step implements the substitution.
In this step each byte is substituted by another byte. Its performed using a
lookup table also called the S-box. This substitution is done in a way that a
byte is never substituted by itself and also not substituted by another byte
which is a compliment of the current byte. The result of this step is a 16 byte
(4 x 4 ) matrix like before.

The next two steps implement the permutation.

ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.
 The first row is not shifted
 The second row is shifted once to the left.
 The third row is shifted twice to the left.
 The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
MixColumns :
This step is basically a matrix multiplication. Each column is multiplied with a
specific matrix and thus the position of each byte in the column is changed as
a result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = |1 2 3 1| | b1 |
| c2 | |1 1 2 3| | b2 |
[ c3 ] [3 1 1 2] [ b3 ]
Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the
corresponding round key. Here, the 16 bytes is not considered as a grid but just
as 128 bits of data.
After all these rounds 128 bits of encrypted data is given back as output. This
process is repeated until all the data to be encrypted undergoes this process.

Decryption :
The stages in the rounds can be easily undone as these stages have an opposite
to it which when performed reverts the changes.Each 128 blocks goes through
the 10,12 or 14 rounds depending on the key size.
The stages of each round in decryption is as follows :

 Add round key

 Inverse MixColumns
 ShiftRows
 Inverse SubByte
The decryption process is the encryption process done in reverse so i will
explain the steps with notable differences.
Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in the
matrix used to carry out the operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]
Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.

Applications:
AES is widely used in many applications which require secure data storage
and transmission. Some common use cases include:

 Wireless security: AES is used in securing wireless networks, such as Wi-

Fi networks, to ensure data confidentiality and prevent unauthorized access.
 Database Encryption: AES can be applied to encrypt sensitive data stored
in databases. This helps protect personal information, financial records, and
other confidential data from unauthorized access in case of a data breach.
 Secure communications: AES is widely used in protocols like such as
internet communications, email, instant messaging, and voice/video calls.It
ensures that the data remains confidential.
 Data storage: AES is used to encrypt sensitive data stored on hard drives,
USB drives, and other storage media, protecting it from unauthorized
access in case of loss or theft.
 Virtual Private Networks (VPNs): AES is commonly used in VPN
protocols to secure the communication between a user’s device and a
 remote server. It ensures that data sent and received through the VPN
remains private and cannot be deciphered by eavesdroppers.
 Secure Storage of Passwords: AES encryption is commonly employed to
store passwords securely. Instead of storing plaintext passwords, the
encrypted version is stored. This adds an extra layer of security and
protects user credentials in case of unauthorized access to the storage.
 File and Disk Encryption: AES is used to encrypt files and folders on
computers, external storage devices, and cloud storage. It protects sensitive
data stored on devices or during data transfer to prevent unauthorized
access.

Public Key Cryptography

Unlike symmetric key cryptography, we do not find historical use of public-key

cryptography. It is a relatively new concept.

Symmetric cryptography was well suited for organizations such as

governments, military, and big financial corporations were involved in the
classified communication.

With the spread of more unsecure computer networks in last few decades, a
genuine need was felt to use cryptography at larger scale. The symmetric key
was found to be non-practical due to challenges it faced for key management.
This gave rise to the public key cryptosystems.

The process of encryption and decryption is depicted in the following

illustration −
The most important properties of public key encryption scheme are −

 Different keys are used for encryption and decryption. This is a property
which set this scheme different than symmetric encryption scheme.
 Each receiver possesses a unique decryption key, generally referred to as
his private key.
 Receiver needs to publish an encryption key, referred to as his public key.
 Some assurance of the authenticity of a public key is needed in this
scheme to avoid spoofing by adversary as the receiver. Generally, this
type of cryptosystem involves trusted third party which certifies that a
particular public key belongs to a specific person or entity only.
 Encryption algorithm is complex enough to prohibit attacker from
deducing the plaintext from the ciphertext and the encryption (public)
key.
  Though private and public keys are related mathematically, it is not be
feasible to calculate the private key from the public key. In fact,
intelligent part of any public-key cryptosystem is in designing a
relationship between two keys.

There are three types of Public Key Encryption schemes. We discuss them in
following sections −

RSA Cryptosystem

This cryptosystem is one the initial system. It remains most employed

cryptosystem even today. The system was invented by three scholars Ron
Rivest, Adi Shamir, and Len Adleman and hence, it is termed as RSA
cryptosystem.

We will see two aspects of the RSA cryptosystem, firstly generation of key pair
and secondly encryption-decryption algorithms.

Generation of RSA Key Pair

Each person or a party who desires to participate in communication using

encryption needs to generate a pair of keys, namely public key and private key.
The process followed in the generation of keys is described below −

 Generate the RSA modulus (n)

o Select two large primes, p and q.
o Calculate n=p*q. For strong unbreakable encryption, let n be a
large number, typically a minimum of 512 bits.
 Find Derived Number (e)
o Number e must be greater than 1 and less than (p − 1)(q − 1).
o There must be no common factor for e and (p − 1)(q − 1) except for
1. In other words two numbers e and (p – 1)(q – 1) are coprime.
  Form the public key
o The pair of numbers (n, e) form the RSA public key and is made
public.
o Interestingly, though n is part of the public key, difficulty in
factorizing a large prime number ensures that attacker cannot find
in finite time the two primes (p & q) used to obtain n. This is
strength of RSA.
 Generate the private key
o Private Key d is calculated from p, q, and e. For given n and e,
there is unique number d.
o Number d is the inverse of e modulo (p - 1)(q – 1). This means that
d is the number less than (p - 1)(q - 1) such that when multiplied by
e, it is equal to 1 modulo (p - 1)(q - 1).
o This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)

The Extended Euclidean Algorithm takes p, q, and e as input and gives d as

output.

Example

An example of generating RSA Key pair is given below. (For ease of

understanding, the primes p & q taken here are small values. Practically, these
values are very high).

 Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.

 Select e = 5, which is a valid choice since there is no number that is
common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
  The pair of numbers (n, e) = (91, 5) forms the public key and can be made
available to anyone whom we wish to be able to send us encrypted
messages.
 Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The
output will be d = 29.
 Check that the d calculated is correct by computing −
de = 29 × 5 = 145 = 1 mod 72
 Hence, public key is (91, 5) and private keys is (91, 29).

Encryption and Decryption

Once the key pair has been generated, the process of encryption and decryption
are relatively straightforward and computationally easy.

Interestingly, RSA does not directly operate on strings of bits as in case of

symmetric key encryption. It operates on numbers modulo n. Hence, it is
necessary to represent the plaintext as a series of numbers less than n.

RSA Encryption

 Suppose the sender wish to send some text message to someone whose
public key is (n, e).
 The sender then represents the plaintext as a series of numbers less than
n.
 To encrypt the first plaintext P, which is a number modulo n. The
encryption process is simple mathematical step as −
C = Pe mod n
 In other words, the ciphertext C is equal to the plaintext P multiplied by
itself e times and then reduced modulo n. This means that C is also a
number less than n.
  Returning to our Key Generation example with plaintext P = 10, we get
ciphertext C −
C = 105 mod 91

RSA Decryption

 The decryption process for RSA is also very straightforward. Suppose

that the receiver of public-key pair (n, e) has received a ciphertext C.
 Receiver raises C to the power of his private key d. The result modulo n
will be the plaintext P.
Plaintext = Cd mod n
 Returning again to our numerical example, the ciphertext C = 82 would
get decrypted to number 10 using private key 29 −
Plaintext = 8229 mod 91 = 10

RSA Analysis

The security of RSA depends on the strengths of two separate functions. The
RSA cryptosystem is most popular public-key cryptosystem strength of which is
based on the practical difficulty of factoring the very large numbers.

 Encryption Function − It is considered as a one-way function of

converting plaintext into ciphertext and it can be reversed only with the
knowledge of private key d.
 Key Generation − The difficulty of determining a private key from an
RSA public key is equivalent to factoring the modulus n. An attacker thus
cannot use knowledge of an RSA public key to determine an RSA private
key unless he can factor n. It is also a one way function, going from p & q
values to modulus n is easy but reverse is not possible.
If either of these two functions are proved non one-way, then RSA will be
broken. In fact, if a technique for factoring efficiently is developed then RSA
will no longer be safe.

The strength of RSA encryption drastically goes down against attacks if the
number p and q are not large primes and/ or chosen public key e is a small
number.

Hash functions
 Hash functions are extremely useful and appear in almost all
information security applications.
 A hash function is a mathematical function that converts a
numerical input value into another compressed numerical value.
 The input to the hash function is of arbitrary length but output is
always of fixed length.
 Values returned by a hash function are called message digest or
simply hash values. The following picture illustrated hash
function −
Features of Hash Functions
The typical features of hash functions are −

 Fixed Length Output (Hash Value)

o Hash function coverts data of arbitrary length to a fixed
length. This process is often referred to as hashing the
data.
o In general, the hash is much smaller than the input data,
hence hash functions are sometimes called
compression functions.
o Since a hash is a smaller representation of a larger
data, it is also referred to as a digest.
o Hash function with n bit output is referred to as an n-bit
hash function. Popular hash functions generate values
between 160 and 512 bits.
 Efficiency of Operation
o Generally for any hash function h with input x,
computation of h(x) is a fast operation.
 Properties of Hash Functions
 Pre-Image
Resistance
o This property means that it should be computationally hard to
reverse a hash function.
o In other words, if a hash function h produced a hash
value z, then it should be a difficult process to find
any input value x that hashes to z.
o This property protects against an attacker who only has a
hash value and is trying to find the input.
 Second Pre-Image Resistance
o This property means given an input and its hash, it should
be hard to find a different input with the same hash.
o In other words, if a hash function h for an input x
produces hash value h(x), then it should be difficult to
find any other input value y such that h(y) = h(x).
o This property of hash function protects against an attacker
who has an input value and its hash, and wants to substitute
different value as legitimate value in place of original input
value.
 Collision Resistance
o This property means it should be hard to find two
different inputs of any length that result in the same
hash. This property is also referred to as collision free
hash function.
o In other words, for a hash function h, it is hard to find any
two different inputs x and y such that h(x) = h(y).
o Since, hash function is compressing function with fixed
 hash length, it is impossible for a hash function not to
have collisions. This property of collision free only
confirms that these collisions should be hard to find.
o This property makes it very difficult for an attacker to
find two input values with the same hash.
o Also, if a hash function is collision-resistant then it is
second pre-image resistant.
Design of Hashing Algorithms

At the heart of a hashing is a mathematical function that operates on

two fixed-size blocks of data to create a hash code. This hash
function forms the part of the hashing algorithm.

The size of each data block varies depending on the algorithm.

Typically the block sizes are from 128 bits to 512 bits. The following
illustration demonstrates hash function −

Hashing algorithm involves rounds of above hash function like a

block cipher. Each round takes an input of a fixed size, typically a
combination of the most recent message block and the output of the
last round.
networks, wireless access points, databases, websites, and other
 network-based applications and services.
Once authenticated, a user or process is usually subjected to an
authorization process to determine whether the authenticated entity
should be given access to a specific protected resource or system. A
user can be authenticated but not provided access to a resource if that
user wasn't granted permission to access it.
While the terms authentication and authorization are often used
interchangeably and implemented together, they are distinct
functions. Authentication involves validating the identity of a
registered user or process before enabling access to protected
networks and systems. Authorization is a more granular process that
ensures the authenticated user or process has been granted
permission to gain access to the specific resource requested.
The process by which access to some protected resources is restricted
to certain users is called access control. In access control models,
authentication always comes before authorization. Different types of
access control require different layers of authentication.

Digital Signatures
Encryption – Process of converting electronic data into another form,
called ciphertext, which cannot be easily understood by anyone except
the authorized parties. This assures data security. Decryption– Process
of translating code to data.
 The message is encrypted at the sender’s side using various

encryption algorithms and decrypted at the receiver’s end with

the help of the decryption algorithms.
 When some message is to be kept secure like username,

password, etc., encryption and decryption techniques are used to

assure data security.
Types of Encryption
1. Symmetric Encryption– Data is encrypted using a key and the
decryption is also done using the same key.
2. Asymmetric Encryption-Asymmetric Cryptography is also
known as public-key cryptography. It uses public and private
keys to encrypt and decrypt data. One key in the pair which can
be shared with everyone is called the public key. The other key
in the pair which is kept secret and is only known by the owner
is called the private key. Either of the keys can be used to
encrypt a message; the opposite key from the one used to
encrypt the message is used for decryption.
Public key– Key which is known to everyone. Ex-public key of A is 7,
this information is known to everyone.
Private key– Key which is only known to the person who’s private key it
is.
Authentication-Authentication is any process by which a system verifies
the identity of a user who wishes to access it.
Non- repudiation– Non-repudiation means to ensure that a transferred
message has been sent and received by the parties claiming to have sent
and received the message. Non-repudiation is a way to guarantee that the
sender of a message cannot later deny having sent the message and that
the recipient cannot deny having received the message.
Integrity– to ensure that the message was not altered during the
transmission.
Message digest -The representation of text in the form of a single string
of digits, created using a formula called a one way hash function.
Encrypting a message digest with a private key creates a digital signature
which is an electronic means of authentication..
Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
1. Key Generation Algorithms: Digital signature is electronic signatures,
which assure that the message was sent by a particular sender. While
performing digital transactions authenticity and integrity should be
assured, otherwise, the data can be altered or someone can also act as if
he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms
like email programs create a one-way hash of the electronic data which
is to be signed. The signing algorithm then encrypts the hash value
using the private key (signature key). This encrypted hash along with
other information like the hashing algorithm is the digital signature.
This digital signature is appended with the data and sent to the verifier.
The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a
much shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and
moreover hashing is much faster than signing.

3. Signature Verification Algorithms : Verifier receives Digital

Signature along with the data. It then uses Verification algorithm to
process on the digital signature and the public key (verification key)
and generates some value. It also applies the same hash function on the
received data and generates a hash value. Then the hash value and the
output of the verification algorithm are compared. If they both are
equal, then the digital signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the
message and then message digest is encrypted using private key
of sender to form the digital signature. (digital signature =
encryption (private key of sender, message digest) and message
digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message
+ digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of
sender.(This assures authenticity, as only sender has his private
key so only sender can encrypt using his private key which can
thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message
(actual message is sent with the digital signature).
6. The message digest computed by receiver and the message
digest (got by decryption on digital signature) need to be same
for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.
Benefits of Digital Signatures
 Legal documents and contracts: Digital signatures are legally
binding. This makes them ideal for any legal document that
requires a signature authenticated by one or more parties and
guarantees that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both
parties can be sure that the signatures are legally binding and
that the terms of the agreement have not been changed.
Financial Documents: Finance departments digitally sign
invoices so customers can trust that the payment request is from the right
seller, not from a bad actor trying to trick the buyer into sending payments
to a fraudulent account.

 Health Data: In the healthcare industry, privacy is paramount

for both patient records and research data. Digital signatures
ensure that this confidential information was not modified when
it was transmitted between the consenting parties.
 Federal, state, and local government agencies have stricter
 policies and regulations than many private sector companies.
From approving permits to stamping them on a timesheet, digital
signatures can optimize productivity by ensuring the right
person is involved with the proper approvals.
 Shipping Documents: Helps manufacturers avoid costly
shipping errors by ensuring cargo manifests or bills of lading are
always correct. However, physical papers are cumbersome, not
always easily accessible during transport, and can be lost. By
digitally signing shipping documents, the sender and recipient
can quickly access a file, check that the signature is up to date,
and ensure that no tampering has occurred.

Drawbacks of Digital Signatures

 Dependence on Key Management: Digital signatures rely on
the secure management of cryptographic keys. This means that
the sender must keep their private key safe and secure from
unauthorized access, while the recipient must verify the sender’s
public key to ensure its authenticity. Any failure in key
management can compromise the security of the digital
signature.
 Complexity: Digital signatures require a complex process of
key generation, signing, and verification. This can make them
difficult to implement and use for non-technical users.
 Compatibility: Different digital signature algorithms and
formats may not be compatible with each other, making it
difficult to exchange signed messages across different systems
and applications.
 Legal Recognition: Although digital signatures have legal
recognition in many countries, their legal status may not be clear
 in all jurisdictions. This can limit their usefulness in legal or
regulatory contexts.
 Revocation: In case of key compromise or other security issues,
digital signatures must be revoked to prevent their misuse.
However, the revocation process can be complex and may not be
effective in all cases.
 Cost: Digital signatures may involve additional costs for key
management, certificate issuance, and other related services,
which can make them expensive for some users or organizations.
 Limited Scope: Digital signatures provide authentication and
integrity protection for a message, but they do not provide
confidentiality or protection against other types of attacks, such
as denial-of-service attacks or malware.