Electronic Mail – Email – SMTP

It was created to allow to communicate using computers.

Features of e-mail:
 Composing and sending / receiving mails
 Storing / Forwarding / Deleting messages and replying to a message with facilities like CC, BCC
 Sending mails to more than one person
 Sending text, voice, graphics and video
 Sending a message that interacts with other computer program
Functions of e-mail:
 Composition – The email system can provide features like automatic insertion of receiver’s address while
replying as well as basic editor features.
 Transfer – It takes responsibility of moving message from sender to receiver
 Reporting – It reports to the sender that email messages are sent successfully
 Displaying – It displays messages in special pop-up window
 Disposition – It does forwarding / deleting etc.,
Basic Operation: Mail is created by user agent program in response to user input. An Email consists of Header,
Message. They are queued and provided as input to Mail Transfer Program – Sender Program. SMTP sender program
collects message from mail queue and transmits them to proper destination via many hosts. SMTP receiver accepts
each arriving message from sender and
 It places it in the appropriate user mail box
 or forwards it to the output mail queue

SMTP
UA H Sender
Body

SMTP
Receiver Mail Box

SMTP Commands: SMTP operations are executed using a series of commands and responses exchanged between
SMTP server and receiver. Each command consists of a single line text – beginning with 4 letter command code followed
by argument
Command Description
HELO<space><domain><CRLF> send identification
MAIL<sp> FROM <rev.path><CRLF> Originator identity
RCPT<sp> TO <forward path><CRLF> receiver’s identity
NOOP <CRLF> No operation
DATA <CRLF> Transfer message

SMTP Replies: Each reply begins with 3 digit code followed by additional information
Categories:
a) Positive Completion Reply Requested action has been successfully completed
211 System status
214 Help
251 User not local
b) Positive Intermediate Reply Command is accepted but action is held
354 Start mail input
c) Transient Negative Completion Reply The command was accepted and requested action did not occur
 421 Service not available
450 Requested mail action not taken
451 Requested action aborted
d) Permanent Negative Completion Reply The Command was not accepted and requested action did not occur
500 Syntax error – command unrecognized
501 Syntax error – in parameters
502 Command not implemented
503 Bad sequence of command

Three Phases of SMTP:

1. Connection Setup: Those who wants to send mails to others
 Open a TCP connection with server
 Receiver sends “220 service ready”
 Sender sends HELO to identity itself
 Receiver accepts with “250 okay”
2. Mail Transfer: After establishing the connection, SMTP sender sends messages as
 MAIL command identifying originator of message
 RCPT commands identifying recipients of message
 DATA command transfers message
S: MAIL FROM parvathavardhini@lycos.com
R: 250 ok
S: RCPT TO valli@annauniv.edu
R: 250 ok
S: DATA
R: 354 start
S: ……….
3. Connection closing:
 Sender sends QUIT command and waits for reply
 TCP FIN close is operated
 Receiver after sending reply issue QUIT
Need of MIME: (Multipurpose Internet Mail Extension)
 MIME converts binary files, executed files into text files. Then only it can be transmitted using SMTP
 SMTP cannot transmit text data including national language characters. MIME translates all these non
ASCII codes to SMTP 7 bit ASCII code
 Messages – more than certain size can be translated by MIME into SMTP acceptable size
 MIME is needed to transfer audio and video through SMTP (i.e.) non text data

File Transfer Protocol

File Transfer Protocol(FTP) – A Client – Server Protocol It transfers a file from one host to another host. It is
described in RFC959. Using FTP, an user sitting in front of one host transfers files from a remote host after providing
user identification and a password. Using FTP user can transfer file from Local File Server to Remote File Server and vise
versa. FTP is similar to HTTP.
FTP uses two parallel TCP connections to transfer a file. They are,
 A Control Connection
 Data Connection
Control Connection:
It is used for sending control information like user identification, password, commands to change
Remote Directory and to copy / store files
Data Connection:
It is used to transfer a file.
FTP Working Method: FTP first sets up a control TCP connection on server port number 21. FTP client sends user
identification, password, and commands over control connection
FTP FTP
Client Server
 TCP [Control connection] port: 21 TCP [Data connection] port: 20
FTP opens a TCP data connection with port no. 20, when user requests a file transfer. When user wants to transfer
another file, FTP opens another data connection. So FTP control connection remains open throughout the session but new
data connection is created for each file transfer (Not persistent)
Difference between FTP and HTTP is:
1. FTP – Out – of – band HTTP – In – band
2. FTP server maintains state about user whereas HTTP ib stateless. FTP keeps track of user’s current directory.
It limits total number of sessions that FTP can maintain simultaneously
FTP Commands and Replies:
All commands are sent across control connection in 7 bit ASCII format. FTP Commands are human readable.
Each Command is separated by a carriage return and line feed. Each command consists of 4 uppercase characters and
optimal arguments
Example:
USER username:
PASS password:
LIST : (to ask server to send list of files in current directory)
RETR filename : (used to retrieve a file from current directory)
STOR filename : (used to store a file into current directory)
Each command is followed by a reply from server to client. The replies are 3 digit numbers, with optional message
following it.
 331 ( username okay)
 125 ( Data connection already open )
 425 ( cannot open )
TFTP: Suppose a diskless workstation or router is booted, we need to download bootstrap and configuration files. So we
need some sophistication provided in FTP. TFTP is designed for transferring bootstrap and configuration files. It is
so simple and it can fit into ROM of a diskless memory. TFTP does reading and writing of files. Reading means copying
file from server site to client site. Writing in TFTP means copying a file from client site to server site.

Domain Name System: (DNS)

Every computer has unique IP address. But remembering computer’s IP address is not easy. So identifying
computer networks and computer on network by some name in human readable form is better.
A domain name is a name given to a network for easy reference by humans. Domain refers to a group of
computers called by a single common name. So we need a mechanism to translate these domain names to IP addresses.
In order to make these computer names unique, additional strings or suffixed are added to the names. So a full
name of a computer contains a local name followed by a period (.) and a suffix. Initially all domain names had to end
with 3 character suffix such as com. However as Internet wide spreads, country specific prefixed are added to domain
names.
(example) yahoo.co.in -------------i.e corresponding web server is located in india.
Initially all domain names and their associated IP address were recorded in a single file called host.txt. NIC (n/w
information center) in US maintains this file. By 1980's this file had become extremely large. So problems increase as
traffic increases. It results in more failure effects, maximum delays, difficulty in maintenance. To solve this problem,
DNS was developed as distributed database. This db is scattered across different computers. DNS is a hierarchical domain
based naming architecture. It also facilitates quick retrievals. The Domain Name System is maintained by a distributed
database system the client-server model.
The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that
publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy
is served by the root name server, the servers to query when looking up (resolving) a TLD.
Authoritative name server An authoritative name server is a name server that gives answers that have been
configured by an original sourcein contrast to answers that were obtained via a regular DNS query to another
name server. An authoritative name server only returns answers to queries about domain names that have been
specifically configured by the administrator.
To improve efficiency, reduce DNS traffic across the Internet, and increase performance in end-user
applications, the Domain Name System supports DNS cache servers which store DNS query results for a
period of time determined in the configuration (time-to-live) of the domain name record in question
Internet is divided into many top level domains. Each domain is divided into sub domain and so on. Topmost domains
are categorized into generic and countries.
Generic domain categories are: com- commercial gov-US government edu- educational
org- profile organization mil- US military net- network providers.
country category uk - United kingdom jp - Japan in - India

com

gov edu jp
org net in
mil uk
yahoo rediff
purdue oxford

cse mca

prakash prakash.mca.purdue.edu

Search for a computer name under domain prakash, which is a domain mca which is under a domain purdue, which is
finally under edu. Each domain level is separated by a dot.
How a node locate root server?
In practice not all clients know about the root servers. Each client program running on each internet host is
initialized with the address of local name server. The local name server in turn has resource records for one or
more of root servers.

steps in dealing with a request :

 it supplies IP address if already knows it
 else it contact another DNS server in hierarchy to locate IP
 else it suggests another DNS server name known as root server
 else gives error message.
what an application program of DNS ---Resolver does:
The client-side of the DNS is called a DNS resolver. It is responsible for initiating and sequencing the queries
that ultimately lead to a full resolution (translation) of the resource sought, e.g., translation of a domain name
into an IP address.
A DNS query may be either a non-recursive query or a recursive query:
 A non-recursive query is one in which the DNS server provides a record for a domain for which it is
authoritative itself, or it provides a partial result without querying other servers.
 A recursive query is one for which the DNS server will fully answer the query (or give an error) by
querying other name servers as needed. DNS servers are not required to support recursive queries.
The application program interested in obtaining IP address of a domain name calls a library program "Resolver".
Resolver sends UDP packet to nearest DNS server (local DNS server).Local DNS server looks up domain name and
returns IP address to resolver as in previous part. Resolver returns IP address to application program.

Resource Record (RR) is the basic data element in the domain name system. Each record has a type (A, MX,
etc.), an expiration time limit, a class, and some type-specific data. Resource records of the same type define a
resource record set. The order of resource records in a set, returned by a resolver to an application, is undefined,
but often servers implement round-robin ordering to achieve load balancing.

DNS record types.

Type Name Function
SOA Start of Authority Defines a DNS zone of authority
Zone
NS Name Server Identifies servers for a zone
A Address Name to address translation
Basic PTR Pointer Address to name translation
MX Mail Exchanger Controls EMail routing
CNAME Canonical Name Nicknames for a host
HINFO Host info Identifies hardware and OS
Optional RP Responsible Person Technical contact for a host
WKS Well Known Services Services provided by a host
TXT Text Comments

WORLD WIDE WEB (WWW)

The World Wide Web or the web is a repository of information spread all over the world and linked together. The WWW
has a unique combination of flexibility, portability and user- friendly features that distinguish it from other services
provided by the Internet. The WWW Project was initiated by CERN to create the system to handle distributed resources
necessary for scientific research. The WWW today is distributed client services in which a client using a browser can
access a service using a server. However, the service provided is distributed over many locations called web sites.

Web 1. Web browser Web Server

Browser requests for the page at
www.yahoo.com/index Yahoo.com
2. Web server sends the
page
www.yahoo.com/index

Internet
3. Web browser
interprets the page
and displays its indexfile
contents on screen filwe
 http://www.yahoo.com/index

Protocol to be used Domain name Document/ file name

URL signifies the full, unique path of any file on the Internet.

Hypertext and Hypermedia

The WWW uses the concept of hypertext and Hypermedia. In hypertext environment, information is stored in a set of
documents that are linked together using the concept of pointers, Hypertext documents contain only text, whereas,
hypermedia documents can contain pictures, graphics and sound. A unit of hypertext or hypermedia available on the web
is called a page. This main page for an organization or an individual is known as homepage.
Browser Architecture
All browsers interpret and display a Web document using the same architecture. Each browser usually consists of three
parts a controller, client programs and interpreters. The Controller receives input from the keyboard or the mouse and uses
the client programs to access the document. After the document has been accessed, the controller uses one of the
interpreters to display the document on the screen. The client programs can be one of the following methods (protocols)
such as HTTP, FTP or TELNET. The interpreter can be HTML or Java, Depending of the type of document.
The documents in the WWW can be grouped into three broad categories , static , dynamic and active. The category is
based on the time when the contents of the document are determined.

From Keyboard Controller HTML

(1) Interpreter Driver
(3) Program
For
Screen To display
I/O
(8)

Some
HTTP Interpreter
Client ( 2 ) (4)

Network Interface Card (NIC) ( 7 )

Communication with remote server

STATIC DOCUMENTS

Client Request Server

Client Document Server

Static documents are fixed content documents that are created and stored in a server. The client can get only a copy of the
document. Although the contents in the server can be changed the user cannot change it. When a client accesses the
document, a copy of the document is sent, the user can then use a browsing program to display the document.
HTML HyperText Markup Language is language for creating a web page.
Structure of a Web page: A Web page is made up of two parts, the head and the body.
Head : It is the first part of the web page. It contains the title of the page and other parameters that the browser
will use.
 Body: The actual contents of a page are in the body, which includes the text and the tags. Whereas the text is the
actual information contained in the page, the tags determine the appearance of the documents. Every HTML tags
is a name followed by an option list of attributes all enclosed between less than and greater than brackets ( < and
> ).
An attribute, if present , is followed by an equal sign and the value of the attribute. Some tags can be used alone;
some must be used in pairs. Those that are used in pairs are called starting and ending tags. The starting tag can
have attributes and values. The ending tag cannot have attributes or values but must have a slash (/) before the
name.
Tags The browser makes a decision about the structure of the text based on the tags, which are marks that are
embedded into the text. A tag is enclosed in two brackets and usually come in pairs. The begining tag starts with
the name of the tag and the ending tag starts with the slash followed by the name of the tag.

DYNAMIC DOCUMENTS

Client Request/ Server

Program

Client Server
Running the program and producing the
document
Client Document Server

Dynamic documents do not exist in a predefined format. Instead a dynamic document is created by a web server whenever
a browser requests a document. When a request arrives the web server runs an application program that creates the
dynamic documents. The server returns the output of the program as a response to browser that requested the document.
Because of fresh document is created for each request the contents of a dynamic document can vary from one request to
another. Avery simple example of a dynamic document is getting the time and date from the server.
A server that handles dynamic documents follows these steps.
1. The server examines the URL to find if it defines a dynamic document.
2. If the URL defines a dynamic document, the server executes the program
3. the server sends the output of the program to the client.
COMMON GATEWAY INTERFACE (CGI)
Common gateway Interface (CGI) is a technology that creates and handles dynamic documents. CGI is a set of
standards that defines how a dynamic document should be written how input data should be supplied to the
program, and how the output result should be used.
CGI is not a new language ; instead, it allows programmers to use any of several languages such as C, C++,
Bourne Shell, Korn Shell, Tcl, or Perl. The only thing that CGI defines is a set of rules and terms that the
programmer should follow.
The user of common in CGI indicates that the standard defines a set of rules that are common to any language or
platform. The term gateway here means that a CGI program is a gateway that can be used to access other
resources such as databases, graphic packages, and so on. The term interface here means that there is a set of
predefined terms variables calls and so on that can be used in any CGI program.CGI Program A CGI Program in
its simplest form is code written in one of the languages supporting the CGI. Any programmer that can encode a
sequence of thoughts in a program and knows the syntax of one of the above mentioned languages can write a
simple CGI program.

ACTIVE DOCUMENTS

Client Request for a Server

Program

Client Program Server

 Client Server Running the program and producing the
document

For many applications we need a program to be run at the client site. These are called active documents. An active
document in the server is stored in the form of binary code. However, it does not create overhead for the server in the
same way that a dynamic document does. Although an active document is not run on the server, it is stored as a binary
document that is retrieved by a client. When a Client receives the document it can also store it in its own storage area. In
this way, the client can run the document again without making another request, an active document is transported from
the server to the client in binary form this means that it can be compressed at the server site and decompressed at the client
site, saving both bandwidth and transmission time.
JAVA is a combination of high level programming language, a run time environment, and a class library that allows a
programmer to write an active document and a browser to run it. It can also be used as a stand alone program without
using a browser. However Java is mostly used to create an applet ( a small application program ).
Network security
Network security is to protect data while transmitting.
Security Attack – Any action that compromises the security of information owned by an organization.
Security Mechanism – A Mechanism that detects, prevents or recover from security attack
Security Service – The service that enhances security of information transmitted.
Classification of security services
Confidentiality : Information can be accessible only for reading by authorized parties.
Authentication : Origin of message is identified with identity is not false
Integrity : Only authorized parties are able to modify transformation
Non repudiation : Neither sender nor receiver deny the transmission
Access Control : Access to info is controlled by target system
Availability : Info is available to authorized parties
General Categories of Attack
Interruption

An info asset is destroyed & becomes unavailable – attack on availability.

Interception : An unauthorized party gains access to an asset - attack on confidentiality

Modification : An unauthorized party gains access and changes it. – attack on integrity

Fabrication :An unauthorized party inserts fraud messages – attack on authenticity

Useful categorization of Attacks :

Passive threats Active threats

Interception interruption Modification Fabrication

(eaves dropping traffic analysis)

Conventional Encryption : It provides confidentiality for transmitted data. It is also known as symmetric encryption /
single key encryption.
  Plaintext – original message that is the input to algorithm
 Encryption algorithm – It does various substitutions and transformations on plaintext
 Secret key – It is the key used for encryption by sender and for decryption by receiver.
 Ciphertext – It is the scrambled message produced as o/p
 Decryption algorithm – It converts ciphertext to original messages

P E C D P

key key

Attacks possible on conventional encryption scheme

1. Cryptanalysis
Using nature of encryption algorithm and knowledge of characteristics of plaintext , some plaintext – cipher text
pairs, try to deduce key / plaintext.
2. Brute Force
 Try out all possible combination of keys until an intelligible translation of plaintext is obtained.

Some of the conventional Encryption Algorithms

Simple DES DES Double DES

Triple DES IDEA Blow Fish

Block Cipher Mode: It process block of plaintext and produces a block of cipher text.
Stream cipher Mode: It process plaintext character by character and produces a character o/p.

DES : Data Encryption std.. DES is the block cipher algorithm that takes a fixed-length string of plaintext bits and
transforms it through a series of complicated operations into another cipher text string of the same length. In the case of
DES, the block size is 64 bits. DES also uses a key to customize the transformation, so that decryption can supposedly
only be performed by those who know the particular key used to encrypt. The key consists of 64 bits; however, only 56 of
these are actually used by the algorithm.

Algorithm : 64 bit plain text passes through initial permutation. It is followed by 16 rounds. Then a swap is done.
Preoutput is passed through IP.
Each Round:

Li = Ri-1 and Ri = Li-1 x F(Ri-1, Ki)

F function consists of :
1. Expansion — the 32-bit half-block is expanded to 48 bits using the expansion permutation, denoted E in the diagram,
by duplicating half of the bits.
2. Key mixing — the result is combined with a subkey using an XOR operation. Sixteen 48-bit subkeys — one for each
round — are derived from the main key using the key schedule (described below).
3. Substitution — after mixing in the subkey, the block is divided into eight 6-bit pieces before processing by the S-boxes,
or substitution boxes. Each of the eight S-boxes replaces its six input bits with four output bits according to a non-linear
transformation, provided in the form of a lookup table. The S-boxes provide the core of the security of DES — without
them, the cipher would be linear, and trivially breakable.
4. Permutation — finally, the 32 outputs from the S-boxes is rearranged according to a fixed permutation, the P-box. This
is designed so that, after expansion, each S-box's output bits are spread across 6 different S boxes in the next round.

Decryption of DES is essentially same as encryption processand Use keys in Reverse order

Triple DES: K1 K2 K1

P E D E C

Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits
The encryption algorithm is: ciphertext = EK3(DK2(EK1(plaintext)))
DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse: plaintext = DK1(EK2(DK3(ciphertext)))
I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.In each case the middle operation is the reverse of the first and
last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with
DES with keying option 3.
Keying options
The standards define three keying options:
 Keying option 1: All three keys are independent.
 Keying option 2: K1 and K2 are independent, and K3 = K1.
 Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.
Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.
Keying option 2 provides less security, with 2 × 56 = 112 key bits. This option is stronger than simply DES encrypting
twice, e.g. with K1 and K2, because it protects against meet-in-the-middle attacks.
Keying option 3 is equivalent to DES, with only 56 key bits. This option provides backward compatibility with DES,
because the first and second DES operations cancel out

Key Distribution :
Permanent Key : It is a key used between source & Destination for distributing session keys.
Session Key : For a logical connection, one time session key is used. Using session key all user data are encrypted in one
connection

Two new elements involved in key Distribution.

Key distribution centre : It determines and provides one-time session key between sender and receiver. It is a trusted third
party.
Front end Processor: It performs end to end encryption and obtains session keys on behalf of its host or terminal.
Different Methods for distributing keys between A and B

 A key could selected by A and physically delivered to B(manual)

 A third party could select the key and physically handover to A & B (manual)
 If A and B are already using a key recently than one party could transmit the new key to the other encrypted using
old key.
 When a host wishes to setup a connection to another host, it transmits a connection request packet. FEP saves the
PKT and applies to KDC for permission to establish the connection (using master key between FEP and KDC)
KDC generates session key and delivers it to 2 appropriate front end processors. Now requesting FEP can now
release the connection request packets and connection is setup between 2 end systems
Traffic padding:
It’s a function that produces ciphertext output continuously even in the absence of plaintext. It makes it
impossible for an attacker to distinguish between true data flow and noise – Impossible to deduce amount of traffic.
Message Authentication
It is a procedure that allows communicating parties to verify the received messages are authentic. Message
authentication may be preferable in some situations
Message Authentication Code:
Using a secret key on a small block of a data, a message authentication code is generated . It is appended
to the message. On receiver side it performs same calculation on the received message using same secret
key, it generates a new message authentication code. The received code is compared with calculated code.
If received code matches with calculated code if both are same ,
 Receiver is assured that the method is not altered.
 Receiver is assured that message is from alleged sender
 Receiver is assured that attacker does not alter the sequence number
K

M MAC
M
11
K compare MAC

MAC
MAC
alg MAC(M)
 One way Hash function :
It is a slight variation of MAC. A Hash function accepts a variable – size message M as input and
produces a fixed size message digest H(M). It can be done using conventional encryption / public key
encryption.

M 11 M
H
E(H(M)) Compare
D

H(M) E
Hash function is applied to a block of data of any size and produces a fixed length output.
It is easy to compute H(x) for given x.
It is computationally infeasible to find x show that h = H(x) for given h.
For a given block x, it is computationally infeasible to find y != x with H(y) = H(x)
Public Key Encryption - Asymmetrical Key Encryption
All public key encryption needs
2 separate keys – 1 for encryption and 1 for decryption.
2 separate algorithm – different for encryption and decryption

Public Key Encryption - Asymmetrical Key Encryption

All public key encryption needs
2 separate keys – 1 for encryption and 1 for decryption.
2 separate algorithm – different for encryption and decryption
Public key Encryption Elements are:
1. Plain Text – A readable message or data that is fed into the algorithm as input
2. Encryption algorithm
3. Public key and Private key
4. Ciphertext : Scrambled message output
5. Decryption algorithm
Steps:
1. Each user generates a pair of keys
2. One key is a public key (i.e) accessible to by all
3. If A wants to send a message to B, it encrypts the message using B’s public key
4. This message can be decrypted only by using private key of B

The private key consists of {d, n} and the public key consists of {e, n}. Suppose that user A has published
its public key and that user B wishes to send the message M to A. Then B calculates cipher text and
transmits C. On receipt of this cipher text, user A decrypts by calculating M = Cd mod n.
Example
Select primes: p=17 & q=11 Compute n = pq =17×11=187
Compute ø(n)=(p–1)(q-1)=16×10=160 Select e : gcd(e,160)=1; choose e=7
Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1 Publish public key
KU={7,187} Keep
secret private key KR={23,17,11}
RSA encryption/decryption is:
 given message M = 88 (nb. 88<187)
encryption: C = 887 mod 187 = 11
decryption: M = 1123 mod 187 = 88

Security of RSA
Brute force: This involves trying all possible private keys.
Mathematical attacks: There are several approaches, all equivalent in effort to factoring the product of two
primes.
● Timing attacks: These depend on the running time of the decryption algorithm.
● Chosen cipher text attacks: This type of attack exploits properties of the RSA
algorithm.

PUBLIC KEY