Cryptography and network Security--MOD-1.pptx

MrsPrajnaUR 1 views 53 slides May 16, 2025
Slide 1
Slide 1 of 53
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51
Slide 52
52
Slide 53
53

About This Presentation

Cryptography note of first module

Size: 8.74 MB
Language: en
Added: May 16, 2025
Slides: 53 pages

Slide Content

CRYPTOGRAPHY AND NETWORK SECURITY IS62214IC Department of Information Science & Engineering By Prof. Prajna U R Assistant Professor Department of Information Science & Engineering Sahyadri College of Engineering and Management, Adyar Mangaluru Email:[email protected] Mob:8495971075

COURSE OUTCOMES (COs) CO1 Understand the fundamentals of networks security, security architecture, threats and vulnerabilities 1 CL2 CO2 Apply the different cryptographic operations of symmetric cryptographic algorithms. 2 CL3 CO3 Apply the different cryptographic operations of public key cryptography 3 CL3 CO4 Apply the various Authentication schemes to simulate different applications. 4 CL3 CO5 Understand various Security practices and System security standards. 5 CL 4

Text Book List TB1. AtulKahate, Cryptography and Network Security, 4th Edition,2019   TB2. William Stallings, Cryptography and Network Security: Principles and Practices, 7 th Edition,2019.   TB3. Nina Godbole and SunitBelapure , Cyber Security, 1st Edition, 2019.

MODULE-1 Introduction to Network Security

What is Computer network? A computer network is a group of computers that use a set of common communication protocols over digital interconnections for the purpose of sharing recourses located on or provided by the network nodes. What is Network Security? Is described as the implementation of technologies, processes and protocols designed to safeguard an individual or organizations communications and information

Compute Computer Security cur The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).

Security Approaches Prevention - Prevent the treat by identifying underlying causes before they occur. Protection - Treats are ready to occur and eliminating the threat Resilience -Treat is already occurred- Need to adopt some mechanism through which we have to solve the threat

Modern nature of attack Automating attacks- Mirai Botnet, SolarWinds Supply Chain Attack Privacy concerns - Aadhaar Data Breach Distance does not matter-DDoS Attack on GitHub

Security approaches 1) Trusted system A Trusted system is a computer system that can be trusted to a specified extent to enforce a specified security policy. Mandatory Access Control (MAC) Role-Based Access Control (RBAC) Trusted Computing (TC) & Hardware Security - TPM Chips in Laptops – Used in Windows BitLocker to encrypt data. Zero Trust Security Model Blockchain for Trusted Transactions Multi-Factor Authentication (MFA) & Biometric Security End-to-End Encryption (E2EE) for Secure Communication A trusted system integrates multiple security layers to protect data and prevent cyber threats. Organizations use trusted computing, access control models, encryption

2) Security Models No security Security through obscurity Host security Network security

3) Security management practices Security policy Key aspects Affordability( Cost-Effectiveness) Functionality( Effectiveness) Cultural Issues Legality( Compliance with Laws) A good security policy balances cost, effectiveness, cultural differences, and legal requirements to ensure strong protection without causing unnecessary difficulties.

Key Security Concepts P Principles of Security CIA triad Confidentiality Integrity Authentication Non repudiation Access control Availability

Confidentiality Type of attack- Interception Interception Causes loss of message confidentiality

Confidentiality: (Account Information) Data confidentiality: Assures confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Integrity Type of attack- Modification Modification Causes loss of message Integrity.

Integrity: (Patient information) Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Any modification in message should be identified by the security system

Authentication Type of attack- Fabrication Fabrication is possible in the absence of proper authentication mechanisms.

Availability Type of attack- Interruption Interruption puts the availability of recourses in danger.

Availability: Google vs Banking sites Assures that systems work promptly and service is not denied to authorized users. Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. Accountability: truly secure systems are not yet an achievable goal, must be able to trace a security breach to a responsible party

Non Repudiation Non repudiation does not allow the sender of a message to refute the claim of not sending that message.

Access control The principle of Access control determines who should be able to access what. Access control broadly related to two areas. Role management-user side Rule management-resources side Access control specifies and controls who can access what.

OSI SECURITY ARCHITECTURE

OSI SECURITY ARCHITECTURE

Threat v/s Attack

Threat A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

Types of attack General View Criminal attacks Publicity Attack Legal Attacks Technical View Theoretical concepts Practical approaches

Criminal attacks- Financial Gain

Theorical concepts Interception Fabrication Modification Interruption Passive attack and Active attack

Practical side of attacks Application level attacks Attacks happen at Application level –attempts to access modify or prevent access to information Network level attacks-Aim to reducing the capabilities of a network-slow down,bring to halt, on CN.

Attacks on wireless Networks Passive attacks Active attacks Person in the middle attacks Jamming attacks

Programs that attack computer system 1. Virus

Virus Four phases of Virus Dormant Propagation Triggering Execution Classification of viruses Parasitic Memory Resident Boot sector Stealth Polymorphic Metamorphic Macro

2. Worm

3. Trojan Horse

Dealing with viruses Virus elimination steps

Generations of anti-virus software

Specific attacks 1. Sniffing and Spoofing Two forms 1. packet Sniffing(IP sniffing) 2. Packet Spoofing (IP Spoofing) 2.Phishing 3.Pharming(DNS Spoofing)

Phishing Phishing is a form of online fraud in which hackers attempt to get your private information such as passwords, credit cards, or bank account data. This is usually done by sending false emails or messages that appear to be from trusted sources like banks or well-known websites. 

Pharming (DNS Spoofing) DNS spoofing or DNS cache poisoning is an attack in which altered DNS records are used to redirect users or data to a fraudulent website or link  Secure DNS-Protocol
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1
  • Slides 53
  • Age 201 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views
View More in This Category