CNS UNIT 1 NEW NEW UNIT has been s 1.ppt
inaamulh66
34 views
115 slides
May 31, 2024
Slide 1 of 115
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
About This Presentation
You for all of you guys think that it will work out to be honest and a good idea what is going on in my case I can you give a good idea what is going for you guys I was going for me but not as bad news on my phone and a lot for you guys I think we will see how that I could get a chance of the time o...
Slide Content
CS8792 -CRYPTOGRAPHY AND
NETWORK SECURITY
Dr. V.Mala
ASP/CSE
NETWORK SECURITY
Dr. V.Mala
ASP/CSE
UNIT I
INTRODUCTION
Securitytrends–Legal,EthicalandProfessionalAspects
ofSecurity,NeedforSecurityatMultiplelevels,Security
Policies–Modelofnetworksecurity–Securityattacks,
servicesmechanisms–OSIsecurityarchitecture–
Classicalencryptiontechniques:substitutiontechniques,
transpositiontechniques,steganography-Foundationsof
moderncryptography:perfectsecurity–information
theory–productcryptosystem–cryptanalysis
CS8792 CRYPTOGRAPHY AND
NETWORK SECURITY
INTRODUCTION
Securitytrends–Legal,EthicalandProfessionalAspects
ofSecurity,NeedforSecurityatMultiplelevels,Security
Policies–Modelofnetworksecurity–Securityattacks,
servicesmechanisms–OSIsecurityarchitecture–
Classicalencryptiontechniques:substitutiontechniques,
transpositiontechniques,steganography-Foundationsof
moderncryptography:perfectsecurity–information
theory–productcryptosystem–cryptanalysis
CS8792 CRYPTOGRAPHY AND
NETWORK SECURITY
UNIT II
SYMMETRIC CRYPTOGRAPHY
•MATHEMATICSOFSYMMETRICKEYCRYPTOGRAPHY:
Algebraicstructures-Modulararithmetic-Euclid‘s
algorithm-Congruenceandmatrices-Groups,Rings,
Fields-Finitefields-SYMMETRICKEYCIPHERS:SDES–
BlockcipherPrinciplesofDES–StrengthofDES–
Differentialandlinearcryptanalysis-Blockcipher
designprinciples–Blockciphermodeofoperation–
EvaluationcriteriaforAES–AdvancedEncryption
Standard-RC4–Keydistribution.
SYMMETRIC CRYPTOGRAPHY
•MATHEMATICSOFSYMMETRICKEYCRYPTOGRAPHY:
Algebraicstructures-Modulararithmetic-Euclid‘s
algorithm-Congruenceandmatrices-Groups,Rings,
Fields-Finitefields-SYMMETRICKEYCIPHERS:SDES–
BlockcipherPrinciplesofDES–StrengthofDES–
Differentialandlinearcryptanalysis-Blockcipher
designprinciples–Blockciphermodeofoperation–
EvaluationcriteriaforAES–AdvancedEncryption
Standard-RC4–Keydistribution.
UNIT III PUBLIC KEY CRYPTOGRAPHY
MATHEMATICS OFASYMMETRIC KEY
CRYPTOGRAPHY:Primes–PrimalityTesting–
Factorization–Euler‘stotientfunction,Fermat‘s
andEuler‘sTheorem-ChineseRemainder
Theorem–Exponentiationandlogarithm-
ASYMMETRICKEYCIPHERS:RSAcryptosystem–
Keydistribution–Keymanagement–Diffie
Hellmankeyexchange-ElGamalcryptosystem–
Ellipticcurvearithmetic-Ellipticcurve
cryptography.
MATHEMATICS OFASYMMETRIC KEY
CRYPTOGRAPHY:Primes–PrimalityTesting–
Factorization–Euler‘stotientfunction,Fermat‘s
andEuler‘sTheorem-ChineseRemainder
Theorem–Exponentiationandlogarithm-
ASYMMETRICKEYCIPHERS:RSAcryptosystem–
Keydistribution–Keymanagement–Diffie
Hellmankeyexchange-ElGamalcryptosystem–
Ellipticcurvearithmetic-Ellipticcurve
cryptography.
UNIT IV
MESSAGE AUTHENTICATION AND INTEGRITY
Authenticationrequirement–Authentication
function–MAC–Hashfunction–Securityof
hashfunctionandMAC–SHA–Digitalsignature
andauthenticationprotocols–DSS-Entity
Authentication:Biometrics,Passwords,
ChallengeResponseprotocols-Authentication
applications-Kerberos,X.509
MESSAGE AUTHENTICATION AND INTEGRITY
Authenticationrequirement–Authentication
function–MAC–Hashfunction–Securityof
hashfunctionandMAC–SHA–Digitalsignature
andauthenticationprotocols–DSS-Entity
Authentication:Biometrics,Passwords,
ChallengeResponseprotocols-Authentication
applications-Kerberos,X.509
UNIT V
SECURITY PRACTICE AND SYSTEM SECURITY
ElectronicMailsecurity–PGP,S/MIME–IP
security–WebSecurity-SYSTEMSECURITY:
Intruders–Malicioussoftware–viruses–
Firewalls.
SECURITY PRACTICE AND SYSTEM SECURITY
ElectronicMailsecurity–PGP,S/MIME–IP
security–WebSecurity-SYSTEMSECURITY:
Intruders–Malicioussoftware–viruses–
Firewalls.
Cryptography
Cryptography is the study of
"Secret(crypto-) writing(-graphy)
Concerned with developing algorithms:
•Conceal the context of some message from
all except the sender and recipient (privacy or
secrecy), and/or
•Verify the correctness of a message to the
recipient(authentication)
Cryptography is the study of
"Secret(crypto-) writing(-graphy)
Concerned with developing algorithms:
•Conceal the context of some message from
all except the sender and recipient (privacy or
secrecy), and/or
•Verify the correctness of a message to the
recipient(authentication)
Basic Concepts
•Cryptography
Theartorscienceencompassingtheprinciples
andmethodsoftransforminganintelligible
messageintoonethatisunintelligible,and
thenretransformingthatmessagebacktoits
originalform
•Plaintext :The original intelligible message
•Ciphertext :The transformed message
•Cryptography
Theartorscienceencompassingtheprinciples
andmethodsoftransforminganintelligible
messageintoonethatisunintelligible,and
thenretransformingthatmessagebacktoits
originalform
•Plaintext :The original intelligible message
•Ciphertext :The transformed message
Cipher:Analgorithmfortransformingan
intelligiblemessageintounintelligibleby
transpositionand/orsubstitution
Key:Somecriticalinformationusedbythe
cipher,knownonlytothesender&receiver
Encipher(encode):"The process of converting
plaintext to ciphertext
Decipher(decode):"Theprocessofconverting
ciphertextbackintoplaintext
intelligiblemessageintounintelligibleby
transpositionand/orsubstitution
Key:Somecriticalinformationusedbythe
cipher,knownonlytothesender&receiver
Encipher(encode):"The process of converting
plaintext to ciphertext
Decipher(decode):"Theprocessofconverting
ciphertextbackintoplaintext
Cryptanalysis:Thestudyofprinciplesand
methodsoftransforminganunintelligible
messagebackintoanintelligiblemessage
withoutknowledgeofthekey.Alsocalled
codebreaking
Cryptology:Both cryptography and cryptanalysis
Code:Analgorithmfortransformingan
intelligiblemessageintoanunintelligibleone
usingacode-book
methodsoftransforminganunintelligible
messagebackintoanintelligiblemessage
withoutknowledgeofthekey.Alsocalled
codebreaking
Cryptology:Both cryptography and cryptanalysis
Code:Analgorithmfortransformingan
intelligiblemessageintoanunintelligibleone
usingacode-book
DefinitionCryptography is the science of using
mathematics to encrypt and decrypt data.
Phil Zimmermann
Cryptography is the art and science of keeping
messages secure.
Bruce Schneier
The art and science of concealing the messages
to introduce secrecy in information Security is
recognized as cryptography.
mathematics to encrypt and decrypt data.
Phil Zimmermann
Cryptography is the art and science of keeping
messages secure.
Bruce Schneier
The art and science of concealing the messages
to introduce secrecy in information Security is
recognized as cryptography.
Security Trends
Definition of Computer Security
Theprotectionaffordedtoanautomated
informationsysteminordertoattainthe
applicableobjectivesofpreservingtheintegrity,
availability,andconfidentialityofinformation
systemresources(includeshardware,software,
firmware,information/data,and
telecommunications)
Definition of Computer Security
Theprotectionaffordedtoanautomated
informationsysteminordertoattainthe
applicableobjectivesofpreservingtheintegrity,
availability,andconfidentialityofinformation
systemresources(includeshardware,software,
firmware,information/data,and
telecommunications)
Confidentiality
Data confidentiality
Assuresthatprivateorconfidentialinformation
isnotmadeavailableordisclosedto
unauthorized
Privacy
Assuresthatindividualscontrolorinfluence
whatinformationrelatedtothemmaybe
collectedandstoredandbywhomandtowhom
thatinformationmaybedisclosed.
Data confidentiality
Assuresthatprivateorconfidentialinformation
isnotmadeavailableordisclosedto
unauthorized
Privacy
Assuresthatindividualscontrolorinfluence
whatinformationrelatedtothemmaybe
collectedandstoredandbywhomandtowhom
thatinformationmaybedisclosed.
Integrity
Dataintegrity
Assuresthatinformationandprogramsare
changedonlyinaspecifiedandauthorized
manner.
Systemintegrity
Assuresthatasystemperformsitsintended
functioninanunimpairedmanner,freefrom
deliberateorinadvertentunauthorized
manipulationofthesystem.
Dataintegrity
Assuresthatinformationandprogramsare
changedonlyinaspecifiedandauthorized
manner.
Systemintegrity
Assuresthatasystemperformsitsintended
functioninanunimpairedmanner,freefrom
deliberateorinadvertentunauthorized
manipulationofthesystem.
Availability
Assures that systems work promptly and service
is not denied to authorize users.
Assures that systems work promptly and service
is not denied to authorize users.
Confidentiality
Preservingauthorizedrestrictionsoninformation
accessanddisclosure,includingmeansforprotecting
personalprivacyandproprietaryinformation.
Alossofconfidentialityistheunauthorizeddisclosure
ofinformation.
Integrity
Guardingagainstimproperinformationmodificationor
destruction,includingensuringinformation
nonrepudiationandauthenticity.
Alossofintegrityistheunauthorizedmodificationor
destructionofinformation.
Preservingauthorizedrestrictionsoninformation
accessanddisclosure,includingmeansforprotecting
personalprivacyandproprietaryinformation.
Alossofconfidentialityistheunauthorizeddisclosure
ofinformation.
Integrity
Guardingagainstimproperinformationmodificationor
destruction,includingensuringinformation
nonrepudiationandauthenticity.
Alossofintegrityistheunauthorizedmodificationor
destructionofinformation.
Availability
Ensuringtimelyandreliableaccesstoanduseof
information
Alossofavailabilityisthedisruptionofaccesstooruse
ofinformationoraninformationsystem.
Authenticity
Thepropertyofbeinggenuineandbeingabletobe
verifiedandtrusted.
Accountability
Thesecuritygoalthatgeneratestherequirementfor
actionsofanentitytobetraceduniquelytothatentity
Ensuringtimelyandreliableaccesstoanduseof
information
Alossofavailabilityisthedisruptionofaccesstooruse
ofinformationoraninformationsystem.
Authenticity
Thepropertyofbeinggenuineandbeingabletobe
verifiedandtrusted.
Accountability
Thesecuritygoalthatgeneratestherequirementfor
actionsofanentitytobetraceduniquelytothatentity
Legal, Ethical and Professional aspects of
security
To minimize liabilities/reduce risks, the security
practitioner must:
1.Understand current legal environment.
2.Stay current with laws and regulations.
3.Watch for new issues and emerge
security
To minimize liabilities/reduce risks, the security
practitioner must:
1.Understand current legal environment.
2.Stay current with laws and regulations.
3.Watch for new issues and emerge
Laws:Rulesaawhichmandateorprohibitcertainsocietal
behavior.
Ethics:Thisdefinessociallyacceptablebehavior.
Thebasicdifferencebetweenlawsandethicsiswhichlawscarry
thesanctionsofagoverningauthorityandethicsdonot.Ethics
inturnbasedonculturalmoresthatfixedmoralattitudesand
customsofaparticulargroup.
The different types of laws are
Civil: Governs the nation or state.
Criminal:Addressesviolationsisharmfultosociety.
behavior.
Ethics:Thisdefinessociallyacceptablebehavior.
Thebasicdifferencebetweenlawsandethicsiswhichlawscarry
thesanctionsofagoverningauthorityandethicsdonot.Ethics
inturnbasedonculturalmoresthatfixedmoralattitudesand
customsofaparticulargroup.
The different types of laws are
Civil: Governs the nation or state.
Criminal:Addressesviolationsisharmfultosociety.
Tort:Enablesindividualstolookforrecourseagainstothersin
theeventofpersonal,physicalorfinancialinjuries.
Private:Regulatesrelationshipbetweenindividualandthe
organization,andencompassesfamilylaw,commerciallawand
laborlaw.
Public:Regulatesstructureandadministrationofgovernment
agenciesandtheirrelationshipswithcitizens,employees,and
othergovernmentsgivingcarefulchecksandbalances.
theeventofpersonal,physicalorfinancialinjuries.
Private:Regulatesrelationshipbetweenindividualandthe
organization,andencompassesfamilylaw,commerciallawand
laborlaw.
Public:Regulatesstructureandadministrationofgovernment
agenciesandtheirrelationshipswithcitizens,employees,and
othergovernmentsgivingcarefulchecksandbalances.
PolicyVersusLaw:Mostorganizationsdevelop
andformalizeabodyofexpectationsknownas
policy.Policiesserveasorganizationallaws
completewithpenaltiesandsanctionsto
requirecompliance.
Tobeenforceable,policyshouldbedistributed,
readilyavailable,understoodeasilyand
acknowledgedbyemployees.
andformalizeabodyofexpectationsknownas
policy.Policiesserveasorganizationallaws
completewithpenaltiesandsanctionsto
requirecompliance.
Tobeenforceable,policyshouldbedistributed,
readilyavailable,understoodeasilyand
acknowledgedbyemployees.
Ethics and Information Security
The ethical issues particular to information security, follows the Ten Commandments of
Computer Ethics. They are
The Ten Commandments of computer Ethics
From the Computer Ethics institute
1.Not use a computer to harm other people.
2.Not interfere with other people’s computer work
3.Not snoop around in other people’s computer files.
4.Not use a computer to steal.
5.Not use a computer to bear false witness.
6.Not copy or use proprietary software for which you haven’t paid.
7.Not used other people’s computer resourceswithout authorization or
propercompensation.
8.Not appropriate other people’s intellectual output.
9.Not think about the social consequences of the program you are writing or the system
youare designing.
10. Always use a computer in ways which ensure consideration and respect for your fellow
humans.
The ethical issues particular to information security, follows the Ten Commandments of
Computer Ethics. They are
The Ten Commandments of computer Ethics
From the Computer Ethics institute
1.Not use a computer to harm other people.
2.Not interfere with other people’s computer work
3.Not snoop around in other people’s computer files.
4.Not use a computer to steal.
5.Not use a computer to bear false witness.
6.Not copy or use proprietary software for which you haven’t paid.
7.Not used other people’s computer resourceswithout authorization or
propercompensation.
8.Not appropriate other people’s intellectual output.
9.Not think about the social consequences of the program you are writing or the system
youare designing.
10. Always use a computer in ways which ensure consideration and respect for your fellow
humans.
Types of Law
Civil–governanationorstate
Criminal–addressesactivitiesandconduct
harmfultopublic
Private–encompassesfamily,commercial,
labor,andregulatestherelationshipbetween
individualsandorganizations
Public–regulatesthestructureand
administrationofgovernmentagenciesand
theirrelationshipswithcitizens,employees,
andothergovernments
Civil–governanationorstate
Criminal–addressesactivitiesandconduct
harmfultopublic
Private–encompassesfamily,commercial,
labor,andregulatestherelationshipbetween
individualsandorganizations
Public–regulatesthestructureand
administrationofgovernmentagenciesand
theirrelationshipswithcitizens,employees,
andothergovernments
Need for Multilevel Security
Havinginformationofdifferentsecuritylevels
onthesamecomputersystemsposesareal
threat.
Itisnotastraight-forwardmattertoisolate
differentinformationsecuritylevels,even
thoughdifferentusersloginusingdifferent
accounts,withdifferentpermissionsand
differentaccesscontrols.
Havinginformationofdifferentsecuritylevels
onthesamecomputersystemsposesareal
threat.
Itisnotastraight-forwardmattertoisolate
differentinformationsecuritylevels,even
thoughdifferentusersloginusingdifferent
accounts,withdifferentpermissionsand
differentaccesscontrols.
The term multi-level arises from the defense
community's security classifications: Confidential,
Secret, and Top Secret.
Individualsmustbegrantedappropriateclearances
beforetheycanseeclassifiedinformation.Thosewith
Confidentialclearanceareonlyauthorizedtoview
Confidentialdocuments;theyarenottrustedtolookat
SecretorTopSecretinformation.Therulesthatapply
todataflowoperatefromlowerlevelstohigherlevels,
andneverthereverse.Thisisillustratedbelow.
community's security classifications: Confidential,
Secret, and Top Secret.
Individualsmustbegrantedappropriateclearances
beforetheycanseeclassifiedinformation.Thosewith
Confidentialclearanceareonlyauthorizedtoview
Confidentialdocuments;theyarenottrustedtolookat
SecretorTopSecretinformation.Therulesthatapply
todataflowoperatefromlowerlevelstohigherlevels,
andneverthereverse.Thisisillustratedbelow.
Information Security Levels Available data flow using MLS system
•Undersuchasystem,users,computers,andnetworksuse
labelstoindicatesecuritylevels.Datacanflowbetweenlike
levels,forexamplebetween"Secret"and"Secret",orfroma
lowerleveltoahigherlevel.Thismeansthatusersatlevel
"Secret"cansharedatawithoneanother,andcanalso
retrieveinformationfromConfidential-level(i.e.,lower-level),
users.
•However,datacannotflowfromahigherleveltoalower
level.Thispreventsprocessesatthe"Secret"levelfrom
viewinginformationclassifiedas"TopSecret".Italsoprevents
processesatahigherlevelfromaccidentallywriting
informationtoalowerlevel.Thisisreferredtoasthe"noread
up,nowritedown"model.
labelstoindicatesecuritylevels.Datacanflowbetweenlike
levels,forexamplebetween"Secret"and"Secret",orfroma
lowerleveltoahigherlevel.Thismeansthatusersatlevel
"Secret"cansharedatawithoneanother,andcanalso
retrieveinformationfromConfidential-level(i.e.,lower-level),
users.
•However,datacannotflowfromahigherleveltoalower
level.Thispreventsprocessesatthe"Secret"levelfrom
viewinginformationclassifiedas"TopSecret".Italsoprevents
processesatahigherlevelfromaccidentallywriting
informationtoalowerlevel.Thisisreferredtoasthe"noread
up,nowritedown"model.
Security Polices
Following are some points which help in security policy
of an organization.
•Who should have access to the system?
•How it should be configured?
•How to communicate with third parties or systems?
Policies are divided in two categories −
User policies
IT policies
Following are some points which help in security policy
of an organization.
•Who should have access to the system?
•How it should be configured?
•How to communicate with third parties or systems?
Policies are divided in two categories −
User policies
IT policies
Userpoliciesgenerallydefinethelimitofthe
userstowardsthecomputerresourcesina
workplace.
Forexample,whataretheyallowedtoinstallin
theircomputer,iftheycanuseremovable
storages
Whereas,ITpoliciesaredesignedforIT
department,tosecuretheproceduresand
functionsofITfields.
userstowardsthecomputerresourcesina
workplace.
Forexample,whataretheyallowedtoinstallin
theircomputer,iftheycanuseremovable
storages
Whereas,ITpoliciesaredesignedforIT
department,tosecuretheproceduresand
functionsofITfields.
•GeneralPolicies−Thisisthepolicywhichdefinestherightsof
thestaffandaccessleveltothesystems.Generally,itis
includedeveninthecommunicationprotocolasapreventive
measureincasethereareanydisasters.
•ServerPolicies−Thisdefineswhoshouldhaveaccesstothe
specificserverandwithwhatrights.Whichsoftware’sshould
beinstalled,levelofaccesstointernet,howtheyshouldbe
updated.
•FirewallAccessandConfigurationPolicies−Itdefineswho
shouldhaveaccesstothefirewallandwhattypeofaccess,
likemonitoring,ruleschange.Whichportsandservices
shouldbeallowedandifitshouldbeinboundoroutbound.
thestaffandaccessleveltothesystems.Generally,itis
includedeveninthecommunicationprotocolasapreventive
measureincasethereareanydisasters.
•ServerPolicies−Thisdefineswhoshouldhaveaccesstothe
specificserverandwithwhatrights.Whichsoftware’sshould
beinstalled,levelofaccesstointernet,howtheyshouldbe
updated.
•FirewallAccessandConfigurationPolicies−Itdefineswho
shouldhaveaccesstothefirewallandwhattypeofaccess,
likemonitoring,ruleschange.Whichportsandservices
shouldbeallowedandifitshouldbeinboundoroutbound.
•BackupPolicies−Itdefineswhoisthe
responsiblepersonforbackup,whatshould
bethebackup,whereitshouldbebackedup,
howlongitshouldbekeptandthefrequency
ofthebackup.
•VPNPolicies−Thesepoliciesgenerallygowith
thefirewallpolicy,itdefinesthoseuserswho
shouldhaveaVPNaccessandwithwhat
rights.Forsite-to-siteconnectionswith
partners,itdefinestheaccesslevelofthe
partnertoyournetwork,typeofencryptionto
beset.
•
responsiblepersonforbackup,whatshould
bethebackup,whereitshouldbebackedup,
howlongitshouldbekeptandthefrequency
ofthebackup.
•VPNPolicies−Thesepoliciesgenerallygowith
thefirewallpolicy,itdefinesthoseuserswho
shouldhaveaVPNaccessandwithwhat
rights.Forsite-to-siteconnectionswith
partners,itdefinestheaccesslevelofthe
partnertoyournetwork,typeofencryptionto
beset.
•
Structure of a Security Policy
•When you compile a security policy you should have in mind a
basic structure in order to make something practical. Some of
the main points which have to be taken into consideration are
−
Description of the Policy and what is the usage for?
Where this policy should be applied?
Functions and responsibilities of the employees that are
affected by this policy.
Procedures that are involved in this policy.
Consequences if the policy is not compatible with company
standards
•When you compile a security policy you should have in mind a
basic structure in order to make something practical. Some of
the main points which have to be taken into consideration are
−
Description of the Policy and what is the usage for?
Where this policy should be applied?
Functions and responsibilities of the employees that are
affected by this policy.
Procedures that are involved in this policy.
Consequences if the policy is not compatible with company
standards
Types of Policies
PermissivePolicy−Itisamediumrestrictionpolicywhereweas
anadministratorblockjustsomewell-knownportsofmalware
regardinginternetaccessandjustsomeexploitsaretakenin
consideration.
PrudentPolicy−Thisisahighrestrictionpolicywhere
everythingisblockedregardingtheinternetaccess,justasmall
listofwebsitesareallowed,andnowextraservicesareallowed
incomputerstobeinstalledandlogsaremaintainedforevery
user.
PermissivePolicy−Itisamediumrestrictionpolicywhereweas
anadministratorblockjustsomewell-knownportsofmalware
regardinginternetaccessandjustsomeexploitsaretakenin
consideration.
PrudentPolicy−Thisisahighrestrictionpolicywhere
everythingisblockedregardingtheinternetaccess,justasmall
listofwebsitesareallowed,andnowextraservicesareallowed
incomputerstobeinstalledandlogsaremaintainedforevery
user.
AcceptanceUserPolicy−Thispolicyregulatesthebehaviorof
theuserstowardsasystemornetworkorevenawebpage,soit
isexplicitlysaidwhatausercandoandcannotinasystem.Like
aretheyallowedtoshareaccesscodes,cantheyshare
resources,etc.
UserAccountPolicy−Thispolicydefineswhatausershoulddo
inordertohaveormaintainanotheruserinaspecificsystem.
Forexample,accessingane-commercewebpage.Tocreatethis
policy,youshouldanswersomequestionssuchas−
–Shouldthepasswordbecomplexornot?
–Whatageshouldtheusershave?
–Maximumallowedtriesorfailstologin?
–Whentheusershouldbedeleted,activated,blocked?
theuserstowardsasystemornetworkorevenawebpage,soit
isexplicitlysaidwhatausercandoandcannotinasystem.Like
aretheyallowedtoshareaccesscodes,cantheyshare
resources,etc.
UserAccountPolicy−Thispolicydefineswhatausershoulddo
inordertohaveormaintainanotheruserinaspecificsystem.
Forexample,accessingane-commercewebpage.Tocreatethis
policy,youshouldanswersomequestionssuchas−
–Shouldthepasswordbecomplexornot?
–Whatageshouldtheusershave?
–Maximumallowedtriesorfailstologin?
–Whentheusershouldbedeleted,activated,blocked?
•InformationProtectionPolicy−Thispolicyistoregulate
accesstoinformation,hottoprocessinformation,howto
storeandhowitshouldbetransferred.
•RemoteAccessPolicy−Thispolicyismainlyforbig
companieswheretheuserandtheirbranchesareoutside
theirheadquarters.Ittellswhatshouldtheusersaccess,
whentheycanworkandonwhichsoftwarelikeSSH,VPN,
RDP.
•FirewallManagementPolicy−Thispolicyhasexplicitlytodo
withitsmanagement,whichportsshouldbeblocked,what
updatesshouldbetaken,howtomakechangesinthefirewall,
howlongshouldbethelogsbekept
accesstoinformation,hottoprocessinformation,howto
storeandhowitshouldbetransferred.
•RemoteAccessPolicy−Thispolicyismainlyforbig
companieswheretheuserandtheirbranchesareoutside
theirheadquarters.Ittellswhatshouldtheusersaccess,
whentheycanworkandonwhichsoftwarelikeSSH,VPN,
RDP.
•FirewallManagementPolicy−Thispolicyhasexplicitlytodo
withitsmanagement,whichportsshouldbeblocked,what
updatesshouldbetaken,howtomakechangesinthefirewall,
howlongshouldbethelogsbekept
•SpecialAccessPolicy−Thispolicyisintendedtokeeppeople
undercontrolandmonitorthespecialprivilegesintheir
systemsandthepurposeastowhytheyhaveit.These
employeescanbeteamleaders,managers,seniormanagers,
systemadministrators,andsuchhighdesignationbased
people.
•NetworkPolicy−Thispolicyistorestricttheaccessofanyone
towardsthenetworkresourceandmakeclearwhoallwill
accessthenetwork.Itwillalsoensurewhetherthatperson
shouldbeauthenticatedornot.Thispolicyalsoincludesother
aspectslike,whowillauthorizethenewdevicesthatwillbe
connectedwithnetwork?Thedocumentationofnetwork
changes.Webfiltersandthelevelsofaccess.Whoshould
havewirelessconnectionandthetypeofauthentication,
validityofconnectionsession?
undercontrolandmonitorthespecialprivilegesintheir
systemsandthepurposeastowhytheyhaveit.These
employeescanbeteamleaders,managers,seniormanagers,
systemadministrators,andsuchhighdesignationbased
people.
•NetworkPolicy−Thispolicyistorestricttheaccessofanyone
towardsthenetworkresourceandmakeclearwhoallwill
accessthenetwork.Itwillalsoensurewhetherthatperson
shouldbeauthenticatedornot.Thispolicyalsoincludesother
aspectslike,whowillauthorizethenewdevicesthatwillbe
connectedwithnetwork?Thedocumentationofnetwork
changes.Webfiltersandthelevelsofaccess.Whoshould
havewirelessconnectionandthetypeofauthentication,
validityofconnectionsession?
•EmailUsagePolicy−Thisisoneofthemostimportant
policiesthatshouldbedonebecausemanyusersusethe
workemailforpersonalpurposesaswell.Asaresult
informationcanleakoutside.Someofthekeypointsofthis
policyaretheemployeesshouldknowtheimportanceofthis
systemthattheyhavetheprivilegetouse.Theyshouldnot
openanyattachmentsthatlooksuspicious.Privateand
confidentialdatashouldnotbesentviaanyencryptedemail.
•SoftwareSecurityPolicy−Thispolicyhastodowiththe
software’sinstalledintheusercomputerandwhatthey
shouldhave.Someofthekeypointsofthispolicyare
Softwareofthecompanyshouldnotbegiventothirdparties.
Onlythewhitelistofsoftware’sshould
policiesthatshouldbedonebecausemanyusersusethe
workemailforpersonalpurposesaswell.Asaresult
informationcanleakoutside.Someofthekeypointsofthis
policyaretheemployeesshouldknowtheimportanceofthis
systemthattheyhavetheprivilegetouse.Theyshouldnot
openanyattachmentsthatlooksuspicious.Privateand
confidentialdatashouldnotbesentviaanyencryptedemail.
•SoftwareSecurityPolicy−Thispolicyhastodowiththe
software’sinstalledintheusercomputerandwhatthey
shouldhave.Someofthekeypointsofthispolicyare
Softwareofthecompanyshouldnotbegiventothirdparties.
Onlythewhitelistofsoftware’sshould
Model for Network Security
•ComputerSecurity-Genericnameforthe
collectionoftoolsdevelopedtoprotectdata
andtothwarthackers.
NetworkSecurity-Itistheart,which
measurestoprotectdataduringtheir
transmission.
•InternetSecurity-Itmeasurestoprotectdata
duringtheirtransmissionoveracollectionof
interconnectednetworks.
1.1 Services, Mechanisms and attacks
collectionoftoolsdevelopedtoprotectdata
andtothwarthackers.
NetworkSecurity-Itistheart,which
measurestoprotectdataduringtheir
transmission.
•InternetSecurity-Itmeasurestoprotectdata
duringtheirtransmissionoveracollectionof
interconnectednetworks.
1.1 Services, Mechanisms and attacks
•Cryptography:Toassessthesecurityneedsof
anorganizationeffectively,themanager
responsibleforsecurityneeds,some
systematicapproachofdefiningthe
requirementsforsecurityandcharacterization
ofapproachestosatisfythoserequirements.
•One approach is to consider 3 aspects of
information security:
•Securityattack–Anyoftheactionthat
compromisesthesecurityofinformation
ownedbyanorganization
anorganizationeffectively,themanager
responsibleforsecurityneeds,some
systematicapproachofdefiningthe
requirementsforsecurityandcharacterization
ofapproachestosatisfythoserequirements.
•One approach is to consider 3 aspects of
information security:
•Securityattack–Anyoftheactionthat
compromisesthesecurityofinformation
ownedbyanorganization
•Security mechanism–It is a mechanism that
is designed to detect, prevent or recover from
a security attack.
•Security service–A service that develope the
security of the data processing systems and
the information transfers of an organization.
Security services and mechanisms are
closely related because a mechanism or
combination of mechanism are used to
provide service
A mechanism can be used in one or more
service
is designed to detect, prevent or recover from
a security attack.
•Security service–A service that develope the
security of the data processing systems and
the information transfers of an organization.
Security services and mechanisms are
closely related because a mechanism or
combination of mechanism are used to
provide service
A mechanism can be used in one or more
service
•OSI Security Architecture
•ITU-T X.800: The security Architecture for OSI
defines a systematic way of defining and
providing security requirements.
•Activity attack:
1.2 The OSI security architecture
•ITU-T X.800: The security Architecture for OSI
defines a systematic way of defining and
providing security requirements.
•Activity attack:
1.2 The OSI security architecture
•Security Services
•–It enhances the security of data processing
systems and information transfers of an
organization.
•X.800:“A service provided by a protocol layer
of communicating open systems, which
ensures adequate security of the systems or of
data transfers”
••RFC 2828:“a processing or communication
service provided by a system to give a specific
kind of protection to system resources”.
•–It enhances the security of data processing
systems and information transfers of an
organization.
•X.800:“A service provided by a protocol layer
of communicating open systems, which
ensures adequate security of the systems or of
data transfers”
••RFC 2828:“a processing or communication
service provided by a system to give a specific
kind of protection to system resources”.
•Security Services (X.800)
•Authentication-Itistheassurancethat
communicatingentityistheoneclaimedhave
bothpeer-entity&dataoriginauthentication.
•AccessControl-Itisthepreventionofthe
unauthorizeduseofaresource.
•DataConfidentiality-Theprotectionofdata
fromunauthorizeddisclosure.
•DataIntegrity-Theassurancethatdatareceived
isassentbyanauthorizedentity.
•Non-Repudiation-Theprotectionagainstdenial
byoneofthepartiesinacommunication.
•Availability-Theresourceareaccessibleor
usable.
•Authentication-Itistheassurancethat
communicatingentityistheoneclaimedhave
bothpeer-entity&dataoriginauthentication.
•AccessControl-Itisthepreventionofthe
unauthorizeduseofaresource.
•DataConfidentiality-Theprotectionofdata
fromunauthorizeddisclosure.
•DataIntegrity-Theassurancethatdatareceived
isassentbyanauthorizedentity.
•Non-Repudiation-Theprotectionagainstdenial
byoneofthepartiesinacommunication.
•Availability-Theresourceareaccessibleor
usable.
•Security Mechanism
•Featuresaredesignedtoprevent,detect,or
recoverfromasecurityattack,thereisno
singlemechanismthatwillsupportallservices
required.
•Howeveronespecificelementunderlieslotof
thesecuritymechanismsinuse:–
cryptographictechniques.
•Featuresaredesignedtoprevent,detect,or
recoverfromasecurityattack,thereisno
singlemechanismthatwillsupportallservices
required.
•Howeveronespecificelementunderlieslotof
thesecuritymechanismsinuse:–
cryptographictechniques.
•Security Mechanisms (X.800)
•Specific security mechanisms:–
Encipherment,digitalsignatures,access
controls,dataintegrity,authentication
exchange,trafficpadding,routingcontrol,
notarization.
•Pervasive security mechanisms:–Trusted
functionality, security labels, event detection,
security audit trails, security recovery.
•Specific security mechanisms:–
Encipherment,digitalsignatures,access
controls,dataintegrity,authentication
exchange,trafficpadding,routingcontrol,
notarization.
•Pervasive security mechanisms:–Trusted
functionality, security labels, event detection,
security audit trails, security recovery.
•Enciperment:Useofthemathematicalalgorithm
totransformreadabledataintoencodedformat
•Digitalsignature:Mathematicaltechniqueused
tovalidatetheauthenticityandintegrityof
message,softwareordigitaldocument
•AccessControl:Avarietyofmechanismthat
enforcesaccessrightstoresources
•Dataintegrity:Avarietyofmechanismusedto
assuretheintegrityofadataunitorstreamof
dataunits.
•Authenticationexchange:Amechanismintended
toensuretheidentityofanentitybymeansof
informationexchange.
totransformreadabledataintoencodedformat
•Digitalsignature:Mathematicaltechniqueused
tovalidatetheauthenticityandintegrityof
message,softwareordigitaldocument
•AccessControl:Avarietyofmechanismthat
enforcesaccessrightstoresources
•Dataintegrity:Avarietyofmechanismusedto
assuretheintegrityofadataunitorstreamof
dataunits.
•Authenticationexchange:Amechanismintended
toensuretheidentityofanentitybymeansof
informationexchange.
•Trafficpadding:Theinsetionofbitsintogaps
inadatastream
•Non-repudiation:Provideaproduction
againstdenialoneoftheentitiesinvolvedina
communicationofhavingparticipatedinthe
communication.
•AccessControl:Accesscontrolprovides
protectionagainstunauthorizedaccessto
data.
inadatastream
•Non-repudiation:Provideaproduction
againstdenialoneoftheentitiesinvolvedina
communicationofhavingparticipatedinthe
communication.
•AccessControl:Accesscontrolprovides
protectionagainstunauthorizedaccessto
data.
•RoutingControl:Enablesselectionofparticula
physicallysecureroutesforcertaindataand
allowsroutingchanges.
•Notarization:Theuseofatrustedthirdparty
toaccesscertainpropertiesofadata
exchange
physicallysecureroutesforcertaindataand
allowsroutingchanges.
•Notarization:Theuseofatrustedthirdparty
toaccesscertainpropertiesofadata
exchange
MechanismthatarenotspecifictoanyparticularOSI
securityservicesorprotocoliscalledpervasivesecurity
mechanism
•Trustedfunctionality:Isperceivedtobecorrectwith
respecttosomecriteria
•Securitylabel:Themarkingboundtoaresourcethat
namesofdesignatesthesecurityattributesofthat
resource.
•Eventdetection:Detectionofsecurity-relevantevents
•SecurityAudittrail:Facilitatesasecurityaudit,which
isanindependentreviewandexaminationofsystem
recordsandactivities
PERVASIVE SECURITY MECHANISM
securityservicesorprotocoliscalledpervasivesecurity
mechanism
•Trustedfunctionality:Isperceivedtobecorrectwith
respecttosomecriteria
•Securitylabel:Themarkingboundtoaresourcethat
namesofdesignatesthesecurityattributesofthat
resource.
•Eventdetection:Detectionofsecurity-relevantevents
•SecurityAudittrail:Facilitatesasecurityaudit,which
isanindependentreviewandexaminationofsystem
recordsandactivities
PERVASIVE SECURITY MECHANISM
•Security recovery: Deals with request from
mechanisms, such as vent handling and
management and take recovery actions.
Security Attack
Any action that compromise the security of
information owned by the organization
1.Passive attack
2.Active attack
mechanisms, such as vent handling and
management and take recovery actions.
Security Attack
Any action that compromise the security of
information owned by the organization
1.Passive attack
2.Active attack
•Security Attacks
A means of classifying security attacks, used
both in X.800 and RFC 4949, is in terms of
passive attacks and active attacks
• A passive attack attempts to learn or make
use of information from the system but does
not affect system resources
• An active attack attempts to alter system
resources or affect their operation
A means of classifying security attacks, used
both in X.800 and RFC 4949, is in terms of
passive attacks and active attacks
• A passive attack attempts to learn or make
use of information from the system but does
not affect system resources
• An active attack attempts to alter system
resources or affect their operation
•Security Attacks
•A means of classifying
security attacks, used
both in X.800 and RFC
4949, is in terms of
passive attacks and active
attacks
•A passive attack attempts
to learn or make use of
information from the
system but does not
affect system resources
•An active attack attempts
to alter system resources
or affect their operation
•A means of classifying
security attacks, used
both in X.800 and RFC
4949, is in terms of
passive attacks and active
attacks
•A passive attack attempts
to learn or make use of
information from the
system but does not
affect system resources
•An active attack attempts
to alter system resources
or affect their operation
Passive Attacks
•Are in the nature of eavesdropping on, or
monitoring of, transmissions
• Goal of the opponent is to obtain
information that is being transmitted.
Two types of passive attacks are
–The release of message contents (ex.
Eavesdropping telephone converse)
•–Traffic analysis ( ex. Analyzing encrypted
message & gain through cryptanalysis)
•Are in the nature of eavesdropping on, or
monitoring of, transmissions
• Goal of the opponent is to obtain
information that is being transmitted.
Two types of passive attacks are
–The release of message contents (ex.
Eavesdropping telephone converse)
•–Traffic analysis ( ex. Analyzing encrypted
message & gain through cryptanalysis)
• Takes place when one entity pretends to be a
different entity Usually includes one of the
other forms of active attack.
Active Attack
different entity Usually includes one of the
other forms of active attack.
Active Attack
Masquerade
• Takes place when one entity pretends to be
a different entity
• Usually includes one of the other forms of
active attack
Replay
• Involves the passive capture of a data unit and
its subsequent retransmission to produce an
unauthorized effect
• Takes place when one entity pretends to be
a different entity
• Usually includes one of the other forms of
active attack
Replay
• Involves the passive capture of a data unit and
its subsequent retransmission to produce an
unauthorized effect
Modification of messages
•Someportionofalegitimatemessageis
altered,ormessagesaredelayedorreordered
toproduceanunauthorizedeffect
Denialofservice
•Preventsorinhibitsthenormaluseor
managementofcommunicationsfacilities
•Someportionofalegitimatemessageis
altered,ormessagesaredelayedorreordered
toproduceanunauthorizedeffect
Denialofservice
•Preventsorinhibitsthenormaluseor
managementofcommunicationsfacilities
Security Services (X.800)
Security Mechanisms (X.800)
Model for Network Security
Network Access Security Model
Encryption cipher
•Substitution Cipher
•Play fair Cipher
•Hill Cipher
•Transposition Cipher
Stegnography
Classical Encryption Techniques
•Substitution Cipher
•Play fair Cipher
•Hill Cipher
•Transposition Cipher
Stegnography
Classical Encryption Techniques
•Isoneinwhichthelettersofplaintextare
replacedbyotherlettersorbynumbersor
symbols
•Iftheplaintextisviewedasasequenceof
bits,thensubstitutioninvolvesreplacing
plaintextbitpatternswithciphertextbit
patterns
Substitution Technique
replacedbyotherlettersorbynumbersor
symbols
•Iftheplaintextisviewedasasequenceof
bits,thensubstitutioninvolvesreplacing
plaintextbitpatternswithciphertextbit
patterns
Substitution Technique
1.Caesar Cipher
2. Play fair Cipher
3.Poly-alphabetic Cipher
4.Mono-alphabetic Cipher
5.Hill Cipher
6.One Time pad
Substitution Technique Types
2. Play fair Cipher
3.Poly-alphabetic Cipher
4.Mono-alphabetic Cipher
5.Hill Cipher
6.One Time pad
Substitution Technique Types
•Simplestandearliestknownuseofasubstitutioncipher
(usedbyJuliusCaesar)
•Involvesreplacingeachletterofthealphabetwiththeletter
standingthreeplacesfurtherdownthealphabet
•Alphabetiswrappedaroundsothatthe letter
followingZisA
plain: MEET ME AFTER THE TOGA PARTY
cipher: PHHW PH DIWHU WKH WRJD
SDUWB
Caesar Cipher
(usedbyJuliusCaesar)
•Involvesreplacingeachletterofthealphabetwiththeletter
standingthreeplacesfurtherdownthealphabet
•Alphabetiswrappedaroundsothatthe letter
followingZisA
plain: MEET ME AFTER THE TOGA PARTY
cipher: PHHW PH DIWHU WKH WRJD
SDUWB
Caesar Cipher
• Can define transformation as:
a bc d e f g h i j k l m n o pqr s t u vwxyz
D E F G H I J K L M N O P Q R S T U V W X Y Z A B
C
• Mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
20 21 22 23 24 25
Caesar Cipher Algorithm
a bc d e f g h i j k l m n o pqr s t u vwxyz
D E F G H I J K L M N O P Q R S T U V W X Y Z A B
C
• Mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
20 21 22 23 24 25
Caesar Cipher Algorithm
• Algorithm can be expressed as:
c = E(3, p) = (p + 3) mod (26)
A shift may be of any amount, so that the general Caesar
algorithm is:
C = E(k , p ) = (p + k ) mod 26
• Where k takes on a value in the range 1 to 25; the decryption
algorithm is simply:
p = D(k , C ) = (C -k ) mod 26
c = E(3, p) = (p + 3) mod (26)
A shift may be of any amount, so that the general Caesar
algorithm is:
C = E(k , p ) = (p + k ) mod 26
• Where k takes on a value in the range 1 to 25; the decryption
algorithm is simply:
p = D(k , C ) = (C -k ) mod 26
• Best-known multiple-letter encryption cipher
•Treats diagrams in the plaintext as single units and
translates these units into ciphertextdigrams
• Based on the use of a 5 x 5 matrix of letters constructed
using a keyword
• Invented by British scientist Sir Charles Wheatstone in
1854
•Used as the standard field system by the British Army in
World War I and the U.S. Army and other Allied forces
during World War II
PlayfairCipher
•Treats diagrams in the plaintext as single units and
translates these units into ciphertextdigrams
• Based on the use of a 5 x 5 matrix of letters constructed
using a keyword
• Invented by British scientist Sir Charles Wheatstone in
1854
•Used as the standard field system by the British Army in
World War I and the U.S. Army and other Allied forces
during World War II
PlayfairCipher
•Fill in letters of keyword (minus duplicates)
from left to right and from top to bottom,
then fill in the remainder of the matrix with
the remaining letters in alphabetic order
• Using the keyword MONARCHY:
from left to right and from top to bottom,
then fill in the remainder of the matrix with
the remaining letters in alphabetic order
• Using the keyword MONARCHY:
•Plaintext is encrypted two letters at a time, according to the
following rules:
1. Repeating plaintext letters that are in the same pair are separated
with a filler letter, such as x, so that balloon would be treated as balx lo
on.
2. Two plaintext letters that fall in the same row of the matrix are each
replaced by the letter to the right, with the first element of the row
circularly following the last. For example, aris encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by
the letter beneath, with the top element of the column circularly
following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that
lies in its own row and the column occupied by the other plaintext letter.
Thus, hsbecomes BP and ea becomes IM (or JM, as the encipherer
wishes).
following rules:
1. Repeating plaintext letters that are in the same pair are separated
with a filler letter, such as x, so that balloon would be treated as balx lo
on.
2. Two plaintext letters that fall in the same row of the matrix are each
replaced by the letter to the right, with the first element of the row
circularly following the last. For example, aris encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by
the letter beneath, with the top element of the column circularly
following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that
lies in its own row and the column occupied by the other plaintext letter.
Thus, hsbecomes BP and ea becomes IM (or JM, as the encipherer
wishes).
Example for playfair Cipher
key as: monarchy
•Plain text as: balloon => ba lx lo on(since after
ba ll(same letter repeating 2 times in
between ll insert filler x = > lxl)
•Get Cipher text :
key as: monarchy
•Plain text as: balloon => ba lx lo on(since after
ba ll(same letter repeating 2 times in
between ll insert filler x = > lxl)
•Get Cipher text :
Plain Text Cipher Text
ba i b(since ba in same column)
lx su( for lx su is opposite diagonal)
lo mp(for lo mp is oposite diagonal)
on na (since na in same row )
ba i b(since ba in same column)
lx su( for lx su is opposite diagonal)
lo mp(for lo mp is oposite diagonal)
on na (since na in same row )
• Developed by the mathematician Lester Hill in 1929
• Strength is that it completely hides single-letter frequencies
–The use of a larger matrix hides more frequency information
–A 3 x 3 Hill cipher hides not only single-letter but also two-
letter frequency information
• Strong against a ciphertext-only attack but easily broken
with a known plaintext attack
Hill Cipher
• Strength is that it completely hides single-letter frequencies
–The use of a larger matrix hides more frequency information
–A 3 x 3 Hill cipher hides not only single-letter but also two-
letter frequency information
• Strong against a ciphertext-only attack but easily broken
with a known plaintext attack
Hill Cipher
•Concepts from Linear Algebra Before describing the
Hill cipher, let us briefly review some terminology
from linear algebra. Concerned with matrix arithmetic
modulo 26.
•We define the inverse M-1 of a square matrix M by
the equation M(M-1) = M-1M = I, where I is the
identity matrix.
•I is a square matrix that is all zeros except for ones
along the main diagonal from upper left to lower right.
•The inverse of a matrix does not always exist, but when
it
•does, it satisfies the preceding equation. For example,
Hill cipher, let us briefly review some terminology
from linear algebra. Concerned with matrix arithmetic
modulo 26.
•We define the inverse M-1 of a square matrix M by
the equation M(M-1) = M-1M = I, where I is the
identity matrix.
•I is a square matrix that is all zeros except for ones
along the main diagonal from upper left to lower right.
•The inverse of a matrix does not always exist, but when
it
•does, it satisfies the preceding equation. For example,
•encryptthetext“CODE”
•wheretheletterAismappedto0,Bis
mappedto1,etc.tosticktoa2x2keymatrix.
Encryption
E(K, P) = (K*P) mod 26
Where K is our key matrix and P is the plaintext
in vector form. Matrix multiplying these two
terms produces the encrypted ciphertext. :Pick a
keyword to encrypt your plaintext message.
Let’s work with the random keyword “DCDF”.
Convert this keyword to matrix form using your
substitution scheme to convert it to a numerical
2x2 key matrix.
•wheretheletterAismappedto0,Bis
mappedto1,etc.tosticktoa2x2keymatrix.
Encryption
E(K, P) = (K*P) mod 26
Where K is our key matrix and P is the plaintext
in vector form. Matrix multiplying these two
terms produces the encrypted ciphertext. :Pick a
keyword to encrypt your plaintext message.
Let’s work with the random keyword “DCDF”.
Convert this keyword to matrix form using your
substitution scheme to convert it to a numerical
2x2 key matrix.
1.Pick a keyword to encrypt your plaintext
message. Let’s work with the random
keyword “DCDF”. Convert this keyword to
matrix form using your substitution scheme
to convert it to a numerical 2x2 key matrix.
message. Let’s work with the random
keyword “DCDF”. Convert this keyword to
matrix form using your substitution scheme
to convert it to a numerical 2x2 key matrix.
2. we will convert our plaintext message to
vector form. Since our key matrix is 2x2, the
vector needs to be 2x1 for matrix multiplication
to be possible.
our message is four letters long so we can split it
into blocks of two and then substitute to get our
plaintext vectors.
vector form. Since our key matrix is 2x2, the
vector needs to be 2x1 for matrix multiplication
to be possible.
our message is four letters long so we can split it
into blocks of two and then substitute to get our
plaintext vectors.
3. matrix multiply the key matrix with each 2x1
plaintext vector, take the moduli of the resulting
2x1 vectors by 26, and concatenate the results
to get “WWVA”, the final ciphertext.
plaintext vector, take the moduli of the resulting
2x1 vectors by 26, and concatenate the results
to get “WWVA”, the final ciphertext.
Decryption
•Decrypting with the Hill cipher is built on the
following operation:
D(K, C) = (K
-1
*C) mod 26
1.Calculate the inverse of the key matrix., we
must keep the result between 0-25 using
modulo 26.
The Extended Euclidean algorithm is used to
find the modular multiplicative inverse of the
key matrix determinant.
•Decrypting with the Hill cipher is built on the
following operation:
D(K, C) = (K
-1
*C) mod 26
1.Calculate the inverse of the key matrix., we
must keep the result between 0-25 using
modulo 26.
The Extended Euclidean algorithm is used to
find the modular multiplicative inverse of the
key matrix determinant.
2. Multiply 2x1 blocks of the ciphertext with the inverse of the key matrix to
get our original plaintext message, “CODE,” back.
get our original plaintext message, “CODE,” back.
•It uses permutation of letters. So it can
generate 26! Possible ways.
•P and Z has the highest frequency values in
the English distribution table.
•The letters are replaced by finding the letters
which has lowest frequency.
Disadvantage
Easy to break because they reflect the frequency
data of the original alphabet
Monoaplhabetic Cipher
generate 26! Possible ways.
•P and Z has the highest frequency values in
the English distribution table.
•The letters are replaced by finding the letters
which has lowest frequency.
Disadvantage
Easy to break because they reflect the frequency
data of the original alphabet
Monoaplhabetic Cipher
• Polyalphabeticsubstitution cipher
–Improves on the simple mono alphabetic technique by
using different mono alphabetic substitutions as one
proceeds through the plaintext message
All these techniques have the following features in
common:
• A set of related mono alphabetic substitution rules is
used
• A key determines which particular rule is chosen for a
given transformation
Poly alphabetic Ciphers
–Improves on the simple mono alphabetic technique by
using different mono alphabetic substitutions as one
proceeds through the plaintext message
All these techniques have the following features in
common:
• A set of related mono alphabetic substitution rules is
used
• A key determines which particular rule is chosen for a
given transformation
Poly alphabetic Ciphers
•Bestknownandoneofthesimplestpoly
alphabeticsubstitutionciphers
•Inthisschemethesetofrelatedmono
alphabeticsubstitutionrulesconsistsofthe26
Caesarcipherswithshiftsof0through25
•Eachcipherisdenotedbyakeyletterwhichis
theciphertextletterthatsubstitutesforthe
plaintextlettera
VigenèreCipher
alphabeticsubstitutionciphers
•Inthisschemethesetofrelatedmono
alphabeticsubstitutionrulesconsistsofthe26
Caesarcipherswithshiftsof0through25
•Eachcipherisdenotedbyakeyletterwhichis
theciphertextletterthatsubstitutesforthe
plaintextlettera
VigenèreCipher
•To encrypt a message, a key is needed that is as
long as the message
• Usually, the key is a repeating keyword
•For example, if the keyword is deceptive, the
message “we are discovered save yourself” is
encrypted as:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Example of VigenèreCipher
long as the message
• Usually, the key is a repeating keyword
•For example, if the keyword is deceptive, the
message “we are discovered save yourself” is
encrypted as:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Example of VigenèreCipher
• Use a random key that is as long as the message
so that the key need not be repeated
• Key is used to encrypt and decrypt a single
message and then is discarded
• Each new message requires a new key of the same
length as the new message
• Scheme is unbreakable
–Produces random output that bears no statistical
relationship to the plaintext
–Because the ciphertextcontains no information
whatsoever about the plaintext, there is simply no
way to break the code
One-Time Pad
so that the key need not be repeated
• Key is used to encrypt and decrypt a single
message and then is discarded
• Each new message requires a new key of the same
length as the new message
• Scheme is unbreakable
–Produces random output that bears no statistical
relationship to the plaintext
–Because the ciphertextcontains no information
whatsoever about the plaintext, there is simply no
way to break the code
One-Time Pad
• The one-time pad offers complete security but, in practice, has two
fundamental difficulties:
–There is the practical problem of making large quantities of
random keys
•Any heavily used system might require millions of random
characters on a regular basis
–Mammoth key distribution problem
• For every message to be sent, a key of equal length is needed by
both sender and receiver
• Because of these difficulties, the one-time pad is of limited utility
–Useful primarily for low-bandwidth channels requiring very
high security
•The one-time pad is the only cryptosystem that exhibits perfect
secrecy
Difficulties
fundamental difficulties:
–There is the practical problem of making large quantities of
random keys
•Any heavily used system might require millions of random
characters on a regular basis
–Mammoth key distribution problem
• For every message to be sent, a key of equal length is needed by
both sender and receiver
• Because of these difficulties, the one-time pad is of limited utility
–Useful primarily for low-bandwidth channels requiring very
high security
•The one-time pad is the only cryptosystem that exhibits perfect
secrecy
Difficulties
• Simplest transposition cipher
•Plaintext is written down as a sequence of
diagonals and then read off as a sequence of
rows
•To encipher the message “meet me after the
toga party” with a rail fence of depth 2, we would
write:
mematrhtgpry
etefeteoaat
Encrypted message is:
MEMATRHTGPRYETEFETEOAAT
Transposition Technique
1. Rail Fence Cipher
•Plaintext is written down as a sequence of
diagonals and then read off as a sequence of
rows
•To encipher the message “meet me after the
toga party” with a rail fence of depth 2, we would
write:
mematrhtgpry
etefeteoaat
Encrypted message is:
MEMATRHTGPRYETEFETEOAAT
Transposition Technique
1. Rail Fence Cipher
• Is a more complex transposition
•Write the message in a rectangle, row by row, and read the
message off, column by column, but permute the order of the
columns
–The order of the columns then becomes the key to
the algorithm
Key: 4 3 1 2 5 6 7
Plaintext: at t a c k p
o s t p o n e
d u n t il t
wo a m x y z
Ciphertext:
ttnaaptmtsuoaodwcoixknlypetz
2. Row Transposition Cipher
•Write the message in a rectangle, row by row, and read the
message off, column by column, but permute the order of the
columns
–The order of the columns then becomes the key to
the algorithm
Key: 4 3 1 2 5 6 7
Plaintext: at t a c k p
o s t p o n e
d u n t il t
wo a m x y z
Ciphertext:
ttnaaptmtsuoaodwcoixknlypetz
2. Row Transposition Cipher
•Conceals the existence of message
•It is very time consuming to construct
Technique
1.Character marking: Text can be overwritten in
pencil which won’t be visible unless the paper
is held at an angle to bright light.
2.Invisible ink: Here text won’t visible until heat
or chemical is applied to the paper.
Stegnography
•It is very time consuming to construct
Technique
1.Character marking: Text can be overwritten in
pencil which won’t be visible unless the paper
is held at an angle to bright light.
2.Invisible ink: Here text won’t visible until heat
or chemical is applied to the paper.
Stegnography
3.Type writer correction ribbon: Used between
lines typed with a black ribbon, the result of
typing are visible only under strong light.
4.Pin punctures: Not visible unless the paper is
help up in front of a light.
Drawbacks
•Requires lot of overhead even to hide few bits
of information.
•If the system is discovered it is worthless
lines typed with a black ribbon, the result of
typing are visible only under strong light.
4.Pin punctures: Not visible unless the paper is
help up in front of a light.
Drawbacks
•Requires lot of overhead even to hide few bits
of information.
•If the system is discovered it is worthless
Stegnagraphy
•Typewriter correction ribbon
•Used between lines typed with a black
ribbon, the results of typing with the
correction tape are visible only under a strong
light
• Character marking
•Selected letters of printed or typewritten
text are over-written in pencil
•The marks are ordinarily not visible unless
the paper is held at an angle to bright light
Other SteganographyTechniques
•Used between lines typed with a black
ribbon, the results of typing with the
correction tape are visible only under a strong
light
• Character marking
•Selected letters of printed or typewritten
text are over-written in pencil
•The marks are ordinarily not visible unless
the paper is held at an angle to bright light
Other SteganographyTechniques
• Invisible ink
•A number of substances can be used for
writing but leave no visible trace until heat or
some chemical is applied to the paper
• Pin punctures
•Small pin punctures on selected letters are
ordinarily not visible unless the paper is held
up in front of a light
•A number of substances can be used for
writing but leave no visible trace until heat or
some chemical is applied to the paper
• Pin punctures
•Small pin punctures on selected letters are
ordinarily not visible unless the paper is held
up in front of a light
Modern cryptography
•Moderncryptographyisthecornerstoneof
computerandcommunicationssecurity.Its
foundationisbasedonvariousconceptsof
mathematicssuchasnumbertheory,
computational-complexitytheory,and
probabilitytheory.
•Moderncryptographyisthecornerstoneof
computerandcommunicationssecurity.Its
foundationisbasedonvariousconceptsof
mathematicssuchasnumbertheory,
computational-complexitytheory,and
probabilitytheory.
Characteristics of Modern Cryptography
•There are three major characteristics that
separate modern cryptography from the
classical approach.
•There are three major characteristics that
separate modern cryptography from the
classical approach.
Classic Cryptography Modern Cryptography
It manipulates traditional
characters,i.e.,lettersanddigits
directly.
It operates on binary bit sequences.
Itismainlybasedon‘security
throughobscurity’.Thetechniques
employedforcodingwerekept
secretandonlythepartiesinvolved
incommunicationknewabout
them.
Itreliesonpubliclyknownmathematicalalgorithmsforcoding
theinformation.Secrecyisobtainedthroughasecretekeywhich
isusedastheseedforthealgorithms.Thecomputational
difficultyofalgorithms,absenceofsecretkey,etc.,makeit
impossibleforanattackertoobtaintheoriginalinformation
evenifheknowsthealgorithmusedforcoding.
It requires the entire cryptosystem
for communicating confidentially.
Modern cryptography requires parties interested in secure
communication to possess the secret key only.
It manipulates traditional
characters,i.e.,lettersanddigits
directly.
It operates on binary bit sequences.
Itismainlybasedon‘security
throughobscurity’.Thetechniques
employedforcodingwerekept
secretandonlythepartiesinvolved
incommunicationknewabout
them.
Itreliesonpubliclyknownmathematicalalgorithmsforcoding
theinformation.Secrecyisobtainedthroughasecretekeywhich
isusedastheseedforthealgorithms.Thecomputational
difficultyofalgorithms,absenceofsecretkey,etc.,makeit
impossibleforanattackertoobtaintheoriginalinformation
evenifheknowsthealgorithmusedforcoding.
It requires the entire cryptosystem
for communicating confidentially.
Modern cryptography requires parties interested in secure
communication to possess the secret key only.
Context of Cryptography
•Cryptology, the study of cryptosystems, can be
subdivided into two branches −
•Cryptography
•Cryptanalysis
•Cryptology, the study of cryptosystems, can be
subdivided into two branches −
•Cryptography
•Cryptanalysis
What is Cryptography?
Cryptography is the art and science of making a cryptosystem that is capable
of providing information security.
Cryptography deals with the actual securing of digital data. It refers to the
design of mechanisms based on mathematical algorithms that provide
fundamental information security services
Cryptography is the art and science of making a cryptosystem that is capable
of providing information security.
Cryptography deals with the actual securing of digital data. It refers to the
design of mechanisms based on mathematical algorithms that provide
fundamental information security services
Note− Cryptography concerns with the design
of cryptosystems, while cryptanalysis studies the
breaking of cryptosystems.
Security Services of Cryptography
Confidentiality
Data Integrity
Authentication
Non-repudiation
of cryptosystems, while cryptanalysis studies the
breaking of cryptosystems.
Security Services of Cryptography
Confidentiality
Data Integrity
Authentication
Non-repudiation
Cryptography Primitives
•Cryptography primitives are nothing but the
tools and techniques in Cryptography that can
be selectively used to provide a set of desired
security services −
•Encryption
•Hash functions
•Message Authentication codes (MAC)
•Digital Signatures
•Cryptography primitives are nothing but the
tools and techniques in Cryptography that can
be selectively used to provide a set of desired
security services −
•Encryption
•Hash functions
•Message Authentication codes (MAC)
•Digital Signatures
PERFECT SECURITY
To get the perfect security we have to follow the network security service
To get the perfect security we have to follow the network security service
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 34
- Slides 115
- Age 555 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views