Purpose: Ensure secure communication between web browsers and servers.
Goals: Authenticate entities, maintain message integrity, and ensure confidentiality.
Location: Sits between the application and transport layers in the TCP/IP protocol suite.
Usage: Supported by major web browsers.
S/MIME (Secure/Multipurpose Internet Mail Extensions):
Usage: Ensures secure email communication.
Based on: MIME standard.
Security Services: Authentication, message integrity, and data security.
Key Setup: Each participant has a private key (kept secret) and a public key (available to everyone).
Steps for Signed Message: a. Write the message in clear text. b. Calculate the message digest (using SHA-1 or MD5). c. Encrypt the message digest with the signer’s private key (DSS or RSA).
PGP (Pretty Good Privacy):
Purpose: Secure communication through encryption and authentication.
Keys: Public key for others, private key for yourself.
SET (Secure Electronic Transaction):
Purpose: Secure credit card transactions over the internet.
Nature: Not a payment system but a set of security protocols.
Foundation: Based on X.509 certificates with extensions.
Techniques: Utilizes digital certificates and public key cryptography.
Goals: Confidentiality of payment/ordering information, integrity of transmitted data.
Encourages: Interoperability among software and network providers.
IPSec (IP Security):
Designed by: Internet Engineering Task Force (IETF).
Layer: Network layer security for IPv4 or IPv6.
Capabilities: Authentication, confidentiality, and key management.
Implementation: Additional headers added to IP packets for security.