PRINCIPLES OF INFORMATION SYSTEM SECURITY

gacop74666 20 views 39 slides Feb 28, 2025

Slide 1 of 39

About This Presentation

Introduction: Information security is more and more important every day in the workplace. If we want to improve our information security, we need a solid understanding of the principles that will help us do that. This guide explores those principles and will guide you to building a more secure environment.

Information Security Principles: There are three basic principles of information security, and all other practices are based on these three:

* Confidentiality: Confidentiality is the basic tenet of information security. Confidentiality means that you don't share private or confidential information with anyone who shouldn't know it. As the name implies, you don't give out confidential information.

* Availability: Availability means that you can access the information you need when you need it. You may not need access to everything all the time, but when you do, you want access quickly. You may need access to your bank account when you pay a bill. This is availability.

* Integrity: If you make a change to something, it should be tracked and logged in a journal or log. That way, you can verify that no unauthorized changes were made to the original information, so we know that the information is genuine. In short, integrity means you can verify that the information hasn't been altered in any way.

There are four key concepts that underpin the practice of information security. These concepts, when integrated and applied appropriately, enable security managers and practitioners to defend against and recover from attacks. The four key concepts are:

* Confidentiality: Confidentiality refers to protecting information from unauthorized access, use, or disclosure. This includes both internal and external threats. Data encryption or access control lists are examples of confidentiality controls.

* Integrity: Integrity refers to protecting the accuracy, completeness, and validity of information. This includes protecting data from being modified without authorization. Data hashing algorithms or message authentication codes are examples of integrity controls.

* Availability: Availability refers to ensuring that information and systems are accessible to authorized users when they need them. This includes measures to prevent service outages or data loss due to natural disasters or accidental or intentional malicious activity. Redundant systems, data backups, and disaster recovery plans are examples of availability controls.

* Accountability: Accountability involves tracing user actions to the identity of the user. If the user's identity is associated with a group, then the actions of the user are also associated with the group. Accountability mechanisms typically involve the use of logs, audit trails, and other monitoring techniques. Accountability controls are also used to identify and fix system weaknesses that could lead to unauthorized access or changes to data and systems.

By following these basic principles, we can help protect our information fro

Size: 1.26 MB

Language: en

Added: Feb 28, 2025

Slides: 39 pages

Slide Content

UNIT-2
PUBLICKEYCRYPTOGRAPHYANDRSA
InformationSecurity
BY
KhushbuGarg
Assistant Professor
Jecrcu

Plain Text to Cipher Text Conversion
Techniques

Introduction
Encryption is the process of converting
plaintext into ciphertext to secure
information.
Importance:
• Used in communication, data security, and
cryptography.

Substitution Ciphers
Caesar Cipher:
• Each letter shifted by a fixed number.
• Example: HELLO → KHOOR (Shift = 3)
Vigenère Cipher:
• Uses a keyword for multiple shifts.
• Example (Keyword = 'KEY'): HELLO →
RIJVS

Transposition Ciphers
Rail Fence Cipher:
• Letters written diagonally, read row-wise.
• Example: HELLO WORLD →
HLOWRDELLOOL (Depth = 2)
Columnar Transposition:
• Text written in a grid and rearranged by
key order.
• Example (Key = 4312): HELLO → OHLLE

PRIVATE-KEYCRYPTOGRAPHY
??????traditionalprivate/secret/single
key cryptographyusesonekey
??????sharedbybothsenderandreceiver
??????ifthiskeyisdisclosedcommunications
are compromised
??????alsoissymmetric,partiesareequal
??????hencedoesnotprotectsenderfromreceiver
forgingamessage&claimingissentbysender

PUBLIC-KEYCRYPTOGRAPHY
??????probablymostsignificantadvanceinthe
3000 yearhistoryofcryptography
??????usestwokeys–apublic&aprivatekey
??????asymmetricsincepartiesarenotequal
??????usescleverapplicationofnumber
theoretic conceptstofunction
??????complementsratherthanreplacesprivate
key crypto

WHYPUBLIC-KEYCRYPTOGRAPHY?
??????developedtoaddresstwokeyissues:
??????keydistribution–howtohavesecure
communicationsingeneralwithouthavingto
trustaKDCwithyourkey
??????digitalsignatures–howtoverifya
message comesintactfromtheclaimed
sender
??????publicinventionduetoWhitfieldDiffie
&MartinHellmanatStanfordUniin
1976
??????knownearlierinclassifiedcommunity

PUBLIC-KEYCRYPTOGRAPHY
??????public-key/two-key/asymmetriccryptography
involves theuseoftwokeys:
??????apublic-key,whichmaybeknownbyanybody,andcan
be usedtoencryptmessages,andverifysignatures
??????aprivate-key,knownonlytotherecipient,usedto
decrypt messages,andsign(create)signatures
??????isasymmetricbecause
??????thosewhoencryptmessagesorverifysignatures
cannot decryptmessagesorcreatesignatures

PUBLIC-KEYCRYPTOGRAPHY

PUBLIC-KEYCHARACTERISTICS
??????Public-Keyalgorithmsrelyontwokeyswhere:
??????itiscomputationallyinfeasibletofinddecryption
key knowingonlyalgorithm&encryptionkey
??????itiscomputationallyeasytoen/decryptmessageswhen
the relevant(en/decrypt)keyisknown
??????eitherofthetworelatedkeyscanbeusedfor
encryption, withtheotherusedfordecryption(forsome
algorithms)

PUBLIC-KEYCRYPTOSYSTEMS

PUBLIC-KEYAPPLICATIONS
??????canclassifyusesinto3categories:
??????encryption/decryption(providesecrecy)
??????digitalsignatures(provideauthentication)
??????keyexchange(ofsessionkeys)
??????somealgorithmsaresuitableforall
uses, othersarespecifictoone

RSA
??????byRivest,Shamir&AdlemanofMITin1977
??????bestknown&widelyusedpublic-keyscheme
??????basedonexponentiationinafinite(Galois)field
over integersmoduloaprime
??????nb.exponentiationtakesO((logn)
3)operations(easy)
??????useslargeintegers(eg.1024bits)
??????securityduetocostoffactoringlargenumbers
??????nb.factorizationtakesO(e
lognloglogn)operations(hard)

RSAKEYSETUP
??????eachusergeneratesapublic/privatekeypair
by:
??????selectingtwolargeprimesatrandom-p,q
??????computingtheirsystemmodulusn=p.q
??????note ø(n)=(p-1)(q-1)
??????selectingatrandomtheencryptionkeye
??????where1<e<ø(n),gcd(e,ø(n))=1
??????solvefollowingequationtofinddecryptionkey
d
??????e.d=1modø(n)and0≤d≤n
??????publishtheirpublicencryptionkey:PU={e,n}
??????keepsecretprivatedecryptionkey:PR={d,n}

RSAUSE
??????toencryptamessageMthesender:
??????obtainspublickeyofrecipientPU={e,n}
??????computes:C=M
e
modn,where0≤M<n
??????todecrypttheciphertextCtheowner:
??????usestheirprivatekeyPR={d,n}
??????computes:M=C
d
modn
??????notethatthemessageMmustbesmaller
than themodulusn(blockifneeded)

WHYRSAWORKS
??????becauseofEuler'sTheorem:
??????a
ø(n)modn=1wheregcd(a,n)=1
??????inRSAhave:
??????n=p.q
??????ø(n)=(p-1)(q-1)
??????carefullychosee&dtobeinversesmodø(n)
??????hencee.d=1+k.ø(n)forsomek
??????hence:
C
d=M
e.d=M
1+k.ø(n)=M
1.(M
ø(n))
k
=M
1
.(1)
k
= M
1
= Mmodn

RSAEXAMPLE-KEYSETUP
1.Selectprimes:p=17&q=11
2.Computen= pq=17x11=187
3.Computeø(n)=(p–1)(q-1)=16x10=160
4.Selecte:gcd(e,160)=1;choosee=7
5.Determined:de=1mod160and d<160Value
isd=23since23x7=161=10x160+1
6.PublishpublickeyPU={7,187}
7.KeepsecretprivatekeyPR={23,187}

RSAEXAMPLE-EN/DECRYPTION
??????sampleRSAencryption/decryption
is:
??????givenmessageM=88(nb.
88<187)
??????encryption:
C=88
7
mod187=11
??????decryption:
M=11
23
mod187=88

EXPONENTIATION
??????canusetheSquareandMultiplyAlgorithm
??????afast,efficientalgorithmforexponentiation
??????conceptisbasedonrepeatedly squaring
base
??????andmultiplyingintheonesthatareneeded
to computetheresult
??????lookatbinaryrepresentationofexponent
??????onlytakesO(log
2n)multiplesfornumbern
??????eg.7
5 =7
4.7
1 =3.7=10
mod11
=3
128.3
1
??????eg.3
129 =5.3=4mod11

EXPONENTIATION
c=0;f=1
fori=kdownto0
doc=2xc
f=(fxf)modn
ifb
i==1then
c=c+1
f=(fxa)modn
returnf

EFFICIENTENCRYPTION
??????encryptionusesexponentiationtopowere
??????henceifesmall,thiswillbefaster
??????oftenchoosee=65537(2
16
-1)
??????alsoseechoicesofe=3ore=17
??????butifetoosmall(ege=3)canattack
??????usingChineseremaindertheorem&3
messages withdifferentmodulii
??????ifefixedmustensuregcd(e,ø(n))=1
??????ierejectanyporqnotrelativelyprimetoe

EFFICIENTDECRYPTION
??????decryptionusesexponentiationtopowerd
??????thisislikelylarge,insecureifnot
??????canusetheChineseRemainderTheorem
(CRT) tocomputemodp&qseparately.then
combinetogetdesiredanswer
??????approx4timesfasterthandoingdirectly
??????onlyownerofprivatekeywhoknowsvalues
of p&qcanusethistechnique

RSAKEYGENERATION
??????usersofRSAmust:
??????determinetwoprimesatrandom-p,q
??????selecteithereordandcomputetheother
??????primesp,qmustnotbeeasilyderived
from modulusn=p.q
??????meansmustbesufficientlylarge
??????typicallyguessanduseprobabilistictest
??????exponentse,dareinverses,souse
Inverse algorithmtocomputetheother

RSASECURITY
??????possibleapproachestoattackingRSAare:
??????bruteforcekeysearch(infeasiblegivensize
of numbers)
??????mathematicalattacks(basedondifficulty
of computingø(n),byfactoringmodulusn)
??????timingattacks(onrunningofdecryption)
??????chosenciphertextattacks(givenpropertiesof
RSA)

InformationSecurity
Diffie–HellmanKeyExchange&
EllipticCurveCryptography

Diffie-HellmanKeyExchange
•firstpublic-keytypeschemeproposed
•byDiffie&Hellmanin1976alongwiththe
expositionofpublickeyconcepts
•note:nowknowthatWilliamson(UKCESG)
secretlyproposedtheconceptin1970
•isapracticalmethodforpublicexchangeofa
secretkey
•usedinanumberofcommercialproducts
[Continue…]

Diffie-HellmanKeyExchange
•apublic-keydistributionscheme
•cannotbeusedtoexchangeanarbitrarymessage
•ratheritcanestablishacommonkey
•knownonlytothetwoparticipants
•valueofkeydependsontheparticipants(and
theirprivateandpublickeyinformation)
•basedonexponentiation inafinite(Galois)field
(moduloaprimeorapolynomial)-easy
•securityreliesonthedifficultyofcomputing
discretelogarithms(similartofactoring)–hard
[Continue…]

Diffie-HellmanSetup
•allusersagreeonglobalparameters:
•largeprimeintegerorpolynomialq
•abeingaprimitiverootmodq
•eachuser(eg.A)generatestheirkey
•choosesasecretkey(number):x
A<q
A
•computetheirpublickey:y=a
x
A
modq
•eachusermakespublicthatkeyy
A
[Continue…]

Diffie-HellmanKeyExchange
•sharedsessionkeyforusersA&BisK
AB:
K
AB
=a
x
A.
x
B
mod q
xB
B
= y
x
A
= y
Amodq
modq
(whichBcancompute)
(whichAcancompute)
•K
ABisusedassessionkeyinprivate-key
encryptionschemebetweenAliceandBob
•ifAliceandBobsubsequentlycommunicate,
theywillhavethesamekeyasbefore,unless
theychoosenewpublic-keys
•attackerneedsanx,mustsolvediscretelog
[Continue…]

Diffie-HellmanExample
•usersAlice&Bobwhowishtoswapkeys:
•agreeonprimeq=353anda=3
•selectrandomsecretkeys:
•Achoosesx
A=97,Bchoosesx
B=233
•computerespectivepublickeys:
A
•y=3
97
B
•y=3
233
mod353=40
mod353=248
(Alice)
(Bob)
•computesharedsessionkeyas:
AB B
•K=y
x
A
97
AB A
•K=y
x
B
mod353=248
mod353=40
233
=160
=160
(Alice)
(Bob)
[Continue…]

KeyExchangeProtocols
•userscouldcreaterandomprivate/publicD-H
keyseachtimetheycommunicate
•userscouldcreateaknownprivate/publicD-H
keyandpublishinadirectory,thenconsulted
andusedtosecurelycommunicatewiththem
•bothofthesearevulnerabletoameet-in-the-
MiddleAttack
•authenticationofthekeysisneeded

DES vs AES Encryption

Introduction to Encryption
• Encryption is used to secure information by
converting plaintext into ciphertext.
• Symmetric encryption uses the same key
for both encryption and decryption.
• DES and AES are two widely known
symmetric encryption algorithms.

DES (Data Encryption Standard)
• Developed by IBM in the 1970s, adopted
by NIST.
• Uses a 56-bit key and encrypts data in 64-
bit blocks.
• 16 rounds of Feistel structure encryption.
• Vulnerable to brute-force attacks due to
small key size.
• Considered obsolete and replaced by AES.

AES (Advanced Encryption Standard)
• Developed by Vincent Rijmen and Joan
Daemen, adopted in 2001.
• Supports 128, 192, or 256-bit key sizes.
• Encrypts data in 128-bit blocks.
• Uses 10, 12, or 14 rounds of substitution-
permutation encryption.
• Highly secure and widely used in modern
encryption.

DES vs AES: Key Differences
• Key Size: DES (56-bit) vs AES (128, 192,
256-bit).
• Block Size: DES (64-bit) vs AES (128-bit).
• Rounds: DES (16 rounds) vs AES (10, 12,
or 14 rounds).
• Security: DES is weak against brute-force
attacks; AES is highly secure.
• Usage: DES is obsolete, AES is widely used
in modern encryption applications.

Conclusion
• DES was a pioneer in symmetric
encryption but is now outdated.
• AES is the modern standard due to its
enhanced security and flexibility.
• AES is used in secure communication, data
protection, and cybersecurity.
• Understanding these algorithms helps in
choosing the right encryption method.

PRINCIPLES OF INFORMATION SYSTEM SECURITY

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

PRINCIPLES OF INFORMATION SYSTEM SECURITY

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx