There are 5 points that to me mentioned while understanding security in TCP/IP –
- Encryption – It’s the scramble of data such a manner that in between the data can’t be read. Also at the receiving end the the data must be descramble.
- Integrity – It’s the guarantee that data that is received is same as originally sent.
- Nonrepudiation – A person cannot deny that they took a specific action.
- Authentication – It means that who ever is accessing the data is the person you want to access the data. username & password defines the authentication.
- Authorization – It means what an authenticated person do with the data.
A packet of data on the Internet often comes with a port number encapsulated in the segment or datagram, for example, so a bad guy quickly knows what type of data he’s reading. All data starts as cleartext, which roughly means the data hasn’t been encrypted yet.
Here comes the encryption and we use cipher. A cipher is a general term for a way to encrypt data. An algorithm is the mathematical formula that underlies the cipher. When you run plaintext through a cipher algorithm using a key, you get the encrypted ciphertext.
Types of encryption –
- Symmetric Encryption – It is the encryption algorithm which use single key to both encrypt and decrypt the data. So the key must be shared between the sender and receiver. There are major two kind of symmetric key –
- Block cipher – Here it divide the data in blocks and encrypt each block. usually 128 bit block.
- Stream cipher – Here the algorithm encrypt each bit coming from stream of bits.
- Asymmetric Encryption – There was a major drawback in the symmetric encryption that the key is tampered then the communication is vulnerable. For that we use asymmetric encryption. Here suppose there is two people Alice & David and alice wants to send the data to the david then alice will create a key pair of public and private key. The public key is used for the encryption and the private key is used for the decryption. So the alice will give her public key to david and david will encrypt the data and send it to the david. Now alice will decrypt the data with the help of her private key.
- It’s a mathematical function that we run in a string and get a fixed length of string(checksum or message digest).
- The message digest will always be same length regardless of the input string length.
- The hash is a one way function that we can’t get back the message from the hash.
- When we download any file from the internet the download provider also provide a message digest of the download file.
- We first download the checksum and download the file.
- Then we compare our checksum with the downloaded checksum.
- If the checksum is not correct then the data has been tampered in the middle.
It is the proof of truth about someone took some action in a network. and they can’t deny it.
- First sender hashes the message and encrypt with sender’s private key.
- Then send the data to the receiver.
- Then the receiver decrypts the message with the help of sender’s public key.
- If the hash match then it’s the proof that the sender has sent the message.
The invention of SSH was heavily related to the telnet protocol because the telnet protocol was completely unsecured that everything was transferred in plain text. Then a student from Helsinki University Of Technology Tatu Ylonen created another protocol called SSH after his network was breached because of telnet.
- When a client wants to connect to the server for the first time the server sends it’s public key to the client.
- Then the client create a session ID and encrypt it using the public key and sends it back to the server.
- Then the server decrypt the session ID using it’s private key and use in all the data communication going forward.
- Then the client server decides the type of encryption will be used for the session(Generally AES).
SSH can use public key for encryption and we can turn off the password based authentication.
Use Public/Private Key for authentication –
- client first generate a key pair using ssh-keygen.
- The the public key is sent to the server and the private key is kept safe in the client machine.
- WHen you connect to the server the client create a signature using it’s private key and send to server.
- The server check the signature using it’s public key and if everything matches you are authenticated to the server.