1. IT306.01: CRYPTOGRAPHYAND NETWORK SECURITY
Teaching Scheme Theory Practical Total Credit
Hours/week 3 2 5
4
Marks 100 50 150
Sr
No
.
Title of the unit Minimum number
of hours
1. Conventional Encryption 04
2. Block Cipher 12
3. Public Key Cryptography 07
4. Number Theory 04
5. Message Authentication and Hash Function 06
6. Network Security 04
7. IP Security and E-mail Security 04
8. Web Security 04
Text Books:
Behrouz A. Forouzan, Cryptography and Network Security, McGraw-Hill Companies
Reference Books:
William Stallings, Cryptography And Network Principles And Practice, Prentice Hall, Pearson Education Asia
Modules :-
CSPIT-Department Of Information Technology Prepared By: Neha Patel
3. CSPIT-Department Of Information Technology Prepared By: Neha Patel
โข The advancement of technology has made man dependent on Internet for all
his needs.
โข Internet has given man easy access to everything while sitting at one place.
Social networking, online shopping, storing data, gaming, online studying,
online jobs, every possible thing that man can think of can be done through
the medium of internet.
โข Internet is used in almost every sphere.
โข With the development of the internet and its related benefits also developed
the concept of cyber crimes.
โข Cyber crimes are committed in different forms. A few years back, there was
lack of awareness about the crimes that could be committed through internet.
Why Need to Study this Subject?
4. Cyber Attacks
โข Phishing fraud :Escorts MD Nikhil Nanda, son-in-law of Amitabh Bachchan, was cheated into submitting
his email ID, password and date of birth to a fake Microsoft account on July 21-13. The scamsters hacked
two email accounts and his social network profile, and sought money from his contacts by impersonating
him.
โข Sony Cyber Attack One of Worst in Corporate History. Wiper-Malware attack. Nov-14
โ Thousands of files, seized by hackers last week, have been leaked online including personal details of
around 6,000 Sony employees, upcoming Sony feature films and the salary details of top executives.
โข Xbox Live is Struggling Due to a Lizard Squad DDoS Attack .Dec-14
โ This DDoS has resulted in many users being unable to connect to the service, making online play next
to impossible, in addition to impacting update and game downloads.
โข Huawei hacked Indiaโs Biggest telecommunication Network โBSNLโ โFeb -14
โข Sony Xperia Smartphones have default installed Spyware, Sending data to China โoct-14
โข One in Six Smartphone Users Victim of Cyber Attack: Study The Indian News Express.
โข Report by Arbor Networks reveals that India has seen a significant increase in attacks against financial
and government organizations, with 34 percent and 43 percent reporting cyber threats and attacks
respectively, up from last yearโs 15 percent and 19 percent respectively
๏ง Indian News Express
๏ง news.google.co.in
CSPIT-Department Of Information Technology Prepared By: Neha Patel
5. The Internet landscape has been
transformed into a binary battlefield.
Who needs a gun when you have a
keyboard?
CSPIT-Department Of Information Technology Prepared By: Neha Patel
6. Tutorial#1
โข For the two entities A and B to communicate with each other semantically correctly,
โข Identify what are the properties desired in the protocol that facilitates the
communication ?
โข What additional properties are required in presence of an adversary ?
A B
Adversary
CSPIT-Department Of Information Technology Prepared By: Neha Patel
7. Security Goals(CIA)
โข Confidentiality :-
โ The protection of data from unauthorized disclosure.
โข Integrity:-
โ The assurance that data received are exactly as sent by an authorized entity
(i.e., contain no modification, insertion, deletion or replay).
โข Availability
โ The information created and stored by an organization needs to be available
to authorized entities
CSPIT-Department Of Information Technology Prepared By: Neha Patel
8. Attacks
โข Security attack: Any action that compromises the security Goals.
โข The three goals of security confidentiality, integrity, and availability can be
threatened by security attacks.
โข Attacks Threatening Confidentiality:-
CSPIT-Department Of Information Technology Prepared By: Neha Patel
A B
C
9. Attacks Threatening Confidentiality:-
โข Snooping - unauthorized access to or interception of data.
o For example, if you login to a website that uses no encryption, your username and password can
be sniffed off the network by someone who can capture the network traffic between you and the
web site.
โข Traffic Analysis- monitoring online traffic.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
10. Attacks Threatening Integrity.
โข Modification means that the attacker intercepts the message and changes it.
โข An example is the man-in-the-middle attack, in which an intruder reads messages from the
sender and sends (possibly modified) versions to the recipient,
โข Masquerading or spoofing happens when the attacker impersonates somebody
else.
โข Replaying means the attacker obtains a copy of a message sent by a user and later
tries to replay it.
โข Repudiation means that sender of the message might later deny that she has sent
the message; the receiver of the message might later deny that he has received the
message
A B
C
CSPIT-Department Of Information Technology Prepared By: Neha Patel
11. Attacks Threatening Availability
โข Attacks Denial of service (DoS) is a very common attack. It may slow down or
totally interrupt the service of a system
A B
C
CSPIT-Department Of Information Technology Prepared By: Neha Patel
12. โข Passive attack: The goal of the opponent is to obtain information that is being
transmitted.
โข Active attack :Involve some modification of the data stream or the creation of a
false stream
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Passive versus Active Attacks [Forouzan]
13. Cryptanalysis
objective to recover key not just message
โข general approaches:
โ cryptanalytic attack
โ brute-force attack
โข if either succeed all key use compromised
CSPIT-Department Of Information Technology Prepared By: Neha Patel
14. Kerckhoffโs Principle [Forouzan]
Based on Kerckhoffโs principle, one should always assume that
the adversary, Eve, knows the encryption/decryption algorithm.
The resistance of the cipher to attack must be based only on the
secrecy of the key.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
15. Cryptanalytic Attacks
๏ ciphertext only
๏ง only know algorithm & ciphertext, is statistical, know or can identify
plaintext
๏ known plaintext
๏ง know/suspect plaintext & ciphertext
๏ chosen plaintext
๏ง select plaintext and obtain ciphertext
๏ chosen ciphertext
๏ง select ciphertext and obtain plaintext
16. Brute-force attack
โข The attacker tries every possible key on a piece of
ciphper text until an intelligent translation into
plaintext is obtained. On average half of all possible
keys must be tried
CSPIT-Department Of Information Technology Prepared By: Neha Patel
17. The OSI Security Architecture [William Stalling]
โข ITU-T provides some security services and some mechanisms to achieve security
goals services. Security services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to provide a service..
โข Security service: A processing or communication service that enhances the security
of the data processing systems and the information transfers of an organization.
โข Security mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack.
โ Methods or techniques to achieve security services.
Note : For detail study refer Textbook and Reference book
CSPIT-Department Of Information Technology Prepared By: Neha Patel
20. Relation between Services and
Mechanisms[William Stalling]
CSPIT-Department Of Information Technology Prepared By: Neha Patel
21. About Subject
โข In this subject you will learn different security
mechanism/techniques to achieve security goals and services.
โข There are many cryptanalytic techniques.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
22. 1.22
Encipher Techniques
โข The actual implementation of security goals needs some techniques. Two
techniques are prevalent today: cryptography and steganography.
โข Cryptography :
o Cryptography, a word with Greek origins, means โsecret writing.โ However,
we use the term to refer to the science and art of transforming messages to
make them secure and immune to attacks.
โข Steganography
o The word steganography, with origin in Greek, means โcovered/Hide
writing,โ in contrast with cryptography, which means โsecret writing.โ
CSPIT-Department Of Information Technology Prepared By: Neha Patel
23. Cryptography Characteristics
โข can characterize cryptographic system by:
โ type of encryption operations used
โข substitution
โข transposition
โข product
โ number of keys used
โข single-key or private
โข two-key or public
โ way in which plaintext is processed
โข block
โข stream
CSPIT-Department Of Information Technology Prepared By: Neha Patel
24. THE REST OF THE BOOK
The rest of this book is divided into four parts.
Part One: Symmetric-Key Enciphermen
Part Two: Asymmetric-Key Encipherment
Part Three: Integrity, Authentication, and Key Management
Part Four: Network Security
CSPIT-Department Of Information Technology Prepared By: Neha Patel