RSA Algorithm

The RSA algorithm is an asymmetric cryptography algorithm; this means that it uses a public key and a private key.

The RSA algorithm is named after those who invented it in 1978: Ron Rivest, Adi Shamir, and Leonard Adleman.

The following steps highlight how it works:

1. Generating the keys

1. Select two large prime numbers, x and y. The prime numbers need to be large so that they will be difficult for someone to figure out.
2. Calculate n = x x y.
3. Calculate the totient function: ϕ(n) = (x−1)(y−1).
4. Select an integer e, such that e is co-prime to ϕ(n) and 1< e < ϕ(n). The pair of numbers (n,e) makes up the public key.

5. Calculate d such that e.d=1 mod ϕ(n). The pair (n,d) makes up the private key.

2. Encryption

Given a plaintext P, represented as a number, the ciphertext C is calculated as:

C=P^e mod n.

3. Decryption

Using the private key (n,d), the plaintext can be found using:

P=C^d mod n.

RSA Algorithm Example

• Choose p = 3 and q = 11
• Compute n = p * q = 3 * 11 = 33
• Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
• Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
• Compute a value for d such that (d * e) % φ(n) = 1.

One solution is d = 3    since [(3 * 7) % 20 = 1]

• Public key is (e, n) => (7, 33)
• Private key is (d, n) => (3, 33)
• The encryption of P = 2 is C = 2⁷ % 33 = 29
• The decryption of C = 29 is P = 29³ % 33 = 2

Advanced Encryption Standard algorithm

The AES algorithm (also known as the Rijndael algorithm) is a symmetrical block cipher algorithm that takes plain text in blocks of 128 bits and converts them to ciphertext using keys of 128, 192, and 256 bits. Since the AES algorithm is considered secure, it is in the worldwide standard.

The AES algorithm uses a substitution-permutation, or SP network, with multiple rounds to produce ciphertext.

The number of rounds depends on the key size being used.

A 128-bit key size dictates ten rounds, a 192-bit key size dictates 12 rounds, and a 256-bit key size has 14 rounds.

Each of these rounds requires a round key, but since only one key is inputted into the algorithm, this key needs to be expanded to get keys for each round, including round 0.

Steps in each round

Each round in the algorithm consists of four steps.

1. Substitution of the bytes
In the first step, the bytes of the block text are substituted based on rules dictated by predefined S-boxes (short for substitution boxes).

2. Shifting the rows
Next comes the permutation step. In this step, all rows except the first are shifted by one.

3. Mixing the columns
In the third step, the Hill cipher is used to jumble up the message more by mixing the block’s columns.

4. Adding the round key

In the final step, the message is XORed with the respective round key.

When done repeatedly, these steps ensure that the final ciphertext is secure.

Applications of AES:

Wireless networks are secured using the Advanced Encryption Standard to authenticate routers and clients.

AES plays a huge role in securing website server authentication from both client and server end. With both symmetric and asymmetric encryption being used, this algorithm helps in SSL/TLS encryption protocols to always browse with the utmost security and privacy.

AES is also used to transfer files between associates in an encrypted format. The encrypted information can extend to chat messages, family pictures, legal documents, etc.

DES(Data Encryption Standard) Algorithm

The DES algorithm takes the plain text of 64-bit as input & produces a ciphertext of 64-bit using a key of 56 bits. Initially, a 64-bit key length is used but an 8-bit is discarded.

The (DES) Data Encryption Standard Algorithm was developed by the IBM team in the 1970s.

The National Institute of Standards and Technology (NIST) later adopted this algorithm.

The DES encryption algorithm uses symmetric keys, which means that the same key is used for encrypting and decrypting the data.

DES Algorithm Steps

• The initial permutation (IP) function receives the 64-bit plaintext block.
• The IP is performed on plaintext.
• The IP then makes two halves of the block that has been permutated. The two halves are known as left plan text (LPT) and right text (RPT).
• All LPTs and RPTs are encrypted 16 times.
• The LPT and RPT are joined, and then the final permutation (FP) is performed on this block.
• The 64-bit ciphertext is now ready.

In the encryption process (step 4), there are five stages:

• Key transformation
• Expansion permutation
• S-Box permutation
• P-Box permutation
• XOR, and swap

In the decryption process, the same algorithm is used with the order of the 16 keys reversed.

The DES algorithm is used whenever a not-very-strong encryption is needed. It can be used in random number generators or even as a permutation generator.

One of the most important practical applications of the DES algorithm is to create triple DES legacy systems with three keys.

Email header - analyzing email header

Email Header

The email header is a code snippet in an HTML email, that contains information about the sender, recipient, email’s route to get to the inbox and various authentication details. The email header always precedes the email body.

Purpose of email header:

• Providing information about the sender and recipient. An email header tells who sent the email and where it arrived. Some markers indicate this information, like “From:”  sender’s name and email address, “To:” the recipient’s name and email address, and “Date:” the time and date of when the email was sent. All of these are mandatory indicators. Other parts of the email header are optional and differ among email service providers.
• Preventing spam. The information displayed in the email header helps email service providers troubleshoot potential spam issues. ESPs(email Service Providers) analyzes the email header, the “Received:” tag, in particular, to decide whether to deliver an email or not.
• Identifying the email route. When an email is sent from one computer to another, it transfers through the Mail Transfer Agent which automatically “stamps” the email with information about the recipient, time and date in the email header. 

Analyzing an Email Header

To analyze it, you need to find the email header and examine the lines of interest to you. All the code from the beginning, until the <body> tag, represents the header. Here is the list of what you can find in the email header:

Received: lines. They show the address of the computer that received the email, as well as other computer’s addresses that an email may have been transferred through. Unlike other email header elements, Received: lines can’t be forged.

MIME-version. Multipurpose Internet Mail Extensions are an Internet standard that extends the format of email by supporting text and non-text attachments like audio, video, images, message bodies with multiple parts, etc.

Message-ID. The message-ID is a globally unique identifier used in email. Message-IDs have a specific format that is generated for a specific email address and message, thus, no two messages have the same Message-ID.

DKIM Signatures. DomainKeys Identified Mail confirms the sender’s authenticity by connecting the domain name with the email. DKIM is the technology that helps to reduce spam and phishing and allows companies to vouch for their email messages.

Srutinizing e-mails (Investigation Using Emails/email forensics)

email forensics/ Srutinizing e-mails (Investigation Using Emails)

Emails play a very important role in communications and have emerged as one of the most important applications on internet. They are a convenient and easy mode for sending messages as well as documents, not only from computers but also from other electronic gadgets such as mobile phones and tablets.

The negative side of emails is that adversaries(criminals) may leak important information about a company through emails.

Hence, the role of emails in digital forensics has been increased in recent years. In digital forensics, emails are considered as crucial evidences and Email Header Analysis has become important to collect evidence during forensic process.

An investigator has the following goals while performing email forensics −

• To identify the adversary(criminal)
• To collect necessary evidences
• To presenting the findings
• To build the case

Challenges in Email Forensics

An email forensic investigator may face the following challenges during the investigation

1. Fake Emails

The biggest challenge in email forensics is the use of fake e-mails that are created by manipulating and scripting headers etc. In this criminals also use temporary email which is a service that allows a registered user to receive email at a temporary address that expires after a certain time period.

2. Spoofing

Another challenge in email forensics is spoofing in which criminals used to present an email as someone else’s. In this case the machine will receive both fake as well as original IP address.

3. Anonymous Re-emailing

Here, the Email server strips identifying information from the email message before forwarding it further. This leads to another big challenge for email investigations.

Techniques Used in Email Forensic Investigation

Email forensics is the study of source and content of email as evidence to identify the actual sender and recipient of a message along with some other information such as date/time of transmission and intention of sender. 

Some of the common techniques which can be used for email forensic investigation are

• Header Analysis

Email headers contain essential information, including the name of the sender and receiver, the path (servers and other devices) through which the message has traversed, etc. The vital details in email headers help investigators and forensics experts in the email investigation.

• Server investigation

Email servers are investigated to locate the source of an email. For example, if an email is deleted from a client application, sender’s, or receiver’s, then related ISP or Proxy servers are scanned as they usually save copies of emails after delivery. Servers also maintain logs that can be analyzed to identify the computer’s address from which the email originated.

• Network Device Investigation

In some cases, logs of servers are not available. This can happen for many reasons, such as when servers are not configured to maintain logs or when an ISPs refuses to share the log files. In such an event, investigators can refer to the logs maintained by network devices such as switches, firewalls, and routers to trace the source of an email message.

• Sender Mailer Fingerprints

X-headers are email headers that are added to messages along with standard headers, like Subject and To. The x-originating-IP header can be used to find the original sender, i.e., the IP address of the sender’s computer.

• Software Embedded Identifiers

Sometimes, the email software used by a sender can include additional information about the message and attached files in the email. For example, it can be found in Multipurpose Internet Mail Extensions (MIME) content as a Transport Neutral Encapsulation Format (TNEF) or custom header. An in-depth analysis of these sections can reveal vital details related to the sender, like the MAC address, Windows login username of the sender and much more.

 

 

 

HTTP Protocols

HTTP Protocols

HTTP (Hypertext Transfer Protocol) is the underlying communication protocol of World Wide Web. HTTP functions as a request–response protocol in the client–server computing model.

HTTP has four versions — HTTP/0.9, HTTP/1.0, HTTP/1.1, and HTTP/2.0. The common version in use is HTTP/1.1 and the future will be HTTP/2.0.

HTTP/0.9 — The One-line Protocol

• It is initial version of HTTP, a simple client-server, request-response, telenet-friendly protocol
• Request nature is single-line (method + path for requested document)
• Methods supported by this version is GET only
• Response type is hypertext only
• Connection  is terminated immediately after the response
• No HTTP headers (cannot transfer other content type files), No status/error codes, No URLs, No versioning

HTTP/1.0 — Building extensibility

• Browser-friendly protocol
• Provided header fields including rich metadata about both request and response (HTTP version number, status code, content type)
• Response is not limited to hypertext (Content-Type header provided ability to transmit files other than plain HTML files — e.g. scripts, stylesheets, media)
• Methods supported are GET , HEAD , POST
• Connection is terminated immediately after the response

HTTP/1.1 — The standardized protocol

• This is the HTTP version currently in common use.
• Introduced critical performance optimizations and feature enhancements — persistent and pipelined connections, chunked transfers, compression/decompression, content negotiations, virtual hosting (a server with a single IP Address hosting multiple domains), faster response and great bandwidth savings by adding cache support.
• Methods supported are GET , HEAD , POST , PUT , DELETE , TRACE , OPTIONS
• Connection is long-lived

HTTP/2.0

With Upgrade header introduced in HTTP/1.1, it is possible to start a connection using a commonly-used protocol, such as HTTP/1.1, then request that the connection switch to an enhanced protocol type like HTTP/2.0 or WebSockets.

HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It uses SSL/TLS for secure encrypted communications.

An HTTPS connection can protect the data transfer from the man-in-the-middle attacks and common security threats by providing bidirectional encryption for communications between a client and server.

Although HTTPS is secure by its design, the SSL/TLS handshake process consumes a significant time before establishing an HTTPS connection. It normally costs 1–2 seconds and drastically slows down the startup performance of a website.

 

 

HTTP Vs HTTPS

HTTP offers set of rules and standards which govern how any information can be transmitted on the World Wide Web.

HTTP provides standard rules for web browsers & servers to communicate.

HTTP is an application layer network protocol which is built on top of TCP.

HTTP uses Hypertext structured text which establishes the logical link between nodes containing text. It is also known as “stateless protocol” as each command is executed separately, without using reference of previous run command.

HTTPS stands for Hyper Text Transfer Protocol Secure. It is highly advanced and secure version of HTTP.

HTTPS allows the secure transactions by encrypting the entire communication with SSL. It is a combination of SSL/TLS protocol and HTTP. It provides encrypted and secure identification of a network server.

Difference between HTTP and HTTPS are:

	HTTP	HTTPS
Protocol	It is hypertext transfer protocol.	It is hypertext transfer protocol with secure.
Security	It is less secure as the data can be vulnerable to hackers.	It is designed to prevent hackers from accessing critical information. It is secure against such attacks.
Port	It uses port 80 by default	It was use port 443 by default.
Starts with	HTTP URLs begin with http://	HTTPs URLs begin with https://
Used for	It’s a good fit for websites designed for information consumption like blogs.	If the website needs to collect the private information such as credit card number, then it is a more secure protocol.
Scrambling	HTTP does not scramble the data to be transmitted. That’s why there is a higher chance that transmitted information is available to hackers.	HTTPS scrambles the data before transmission. At the receiver end, it descrambles to recover the original data. Therefore, the transmitted information is secure which can’t be hacked.
Protocol	It operates at TCP/IP level.	HTTPS does not have any separate protocol. It operates using HTTP but uses encrypted TLS/SSL connection.
Domain Name Validation	HTTP website do not need SSL(Secure Socket Layer).	HTTPS requires SSL certificate.
Data encryption	HTTP website doesn’t use encryption.	HTTPS websites use data encryption.
Search Ranking	HTTP does not improve search rankings.	HTTPS helps to improve search ranking.
Speed	Fast	Slower than HTTP
Vulnerability	Vulnerable to hackers	It Is highly secure as the data is encrypted before it is seen across a network.

 

International Convention on Cyber Space

International Convention on Cyber Space

A convergence of information and communication technologies(ICT’s) together with various governance policies, Have created cyber space.

The need to create a universal and transparent global framework to ensure the effective security and utilization of cyberspace has become important.

The four stakeholders – governments, businesses, academia and civil society of UNGA(General Assembly of United Nations) play a critical role in identifying the strengths and vulnerabilities of Cyber space.

Governments have primary responsibility for cyberspace policies, including cyber security, and the application of cyber technologies for national governance objectives.

The International Convention on Cyber Space (ICCS) is a global framework that aims to promote the safe and secure use of cyberspace. It was first proposed in 2011 by the Dutch government and subsequently adopted at the 2015 Global Conference on Cyber Space held in The Hague, Netherlands.

The ICCS recognizes that cyberspace has become an integral part of our daily lives, and that it poses significant security risks that require international cooperation and coordination. The convention provides a framework for states to work together to address a range of issues, including cybercrime, cyber terrorism, cyber espionage, and the protection of critical infrastructure.

One of the key principles of the ICCS is the idea that all states have the right to use cyberspace for peaceful purposes. The convention also recognizes the importance of protecting human rights and fundamental freedoms in cyberspace, and of promoting the development of a secure and resilient digital ecosystem.

The ICCS is a voluntary agreement, and as of 2021, has been signed by over 30 countries, including the United States, Russia, China, and most European nations. However, the effectiveness of the convention has been questioned by some experts, who argue that it lacks teeth and fails to address some of the most pressing issues in cyberspace, such as the use of cyber weapons by states.

Overall, the ICCS is an important step towards establishing a global framework for cyberspace governance, and highlights the need for international cooperation and collaboration in addressing the challenges posed by the digital age.

OEWG stands for the Open-Ended Working Group on developments in the field of information and telecommunications in the context of international security. It was established by the United Nations General Assembly in 2018 with the goal of exploring and addressing the security challenges and opportunities presented by emerging technologies, particularly in the field of cyberspace.

The OEWG is open to all UN member states and other interested stakeholders, including civil society organizations, industry groups, and academic institutions. Its meetings provide a forum for participants to share their views and experiences on the challenges and opportunities presented by developments in the field of information and telecommunications, and to develop recommendations for the UN General Assembly on how best to address these issues.

The OEWG operates under the guidance of the UN Office for Disarmament Affairs (UNODA), and its work is complementary to other international efforts to promote cybersecurity and cyber resilience, such as the Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security.

The OEWG's mandate was extended in 2020 for another three years, and it continues to play an important role in promoting international cooperation and dialogue on issues related to information security and cyberspace governance.