This document discusses cryptography and network security. It defines the three main security goals of confidentiality, integrity, and availability. It describes different types of attacks that threaten each goal, such as snooping, modification, and denial of service attacks. It also categorizes attacks as passive or active. The document outlines security services like authentication, access control, and non-repudiation that can be provided through mechanisms like cryptography, digital signatures, and access control lists. Finally, it discusses cryptography and steganography as the main techniques used to implement security goals.

1. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.1
Chapter 1
Introduction
Cryptography and Network
Security
CRYPTOGRAPHY AND
NETWORK SECURITY
3e

2. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.2
● To define the three security goals
● To explain security attacks that threaten
confidentiality, integrity, and availability
● To infer to the different categories of cryptographic
attacks
● To relate to the relationship between security
services and their mechanisms.
● To outline the different techniques needed for
implementing security goals.

3. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.3
This section defines three security goals.
1.1.1 Confidentiality
1.1.2 Integrity
1.1.3 Availability
SECURITY GOALS

4. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.4
Security
Goals
Confidentiality
Integrity
Availability
Taxonomy of Security Goals

5. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.5
 It is probably the most common aspect of
information security.
 We need to protect our confidential information.
 An organization needs to guard against those
malicious actions that endanger the confidentiality of
its information.
Confidentiality

6. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.6
 Information needs to be changed constantly.
 Integrity means that changes need to be done only
by authorized entities and through authorized
mechanisms.
Integrity

7. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.7
 The third component of information security is
availability.
 The information created and stored by an
organization needs to be available to authorized
entities.
 Information needs to be constantly changed, which
means it must be accessible to authorized entities.
Availability

8. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.8
The three goals of security - confidentiality, integrity,
and availability - can be threatened by security attacks.
1.2.1 Attacks Threatening Confidentiality
1.2.2 Attacks Threatening Integrity
1.2.3 Attacks Threatening Availability
1.2.4 Passive versus Active Attacks
Topics discussed in this section:
CRYPTOGRAPHIC ATTACKS

9. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.9
Figure : Taxonomy of attacks with relation to security goals

10. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.10
Snooping refers to unauthorized access to or
interception of data.
Traffic analysis refers to obtaining some
other type of information by monitoring
online traffic.
Attacks Threatening Confidentiality

11. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.11
Attacks Threatening Integrity
1) Modification means that the attacker intercepts the
message and changes it.
2) Masquerading or spoofing happens when the attacker
impersonates somebody else.
3) Replaying means the attacker obtains a copy
of a message sent by a user and later tries to replay it.
4) Repudiation means that sender of the message might
later deny that she has sent the message; the receiver of
the message might later deny that he has received the
message.

12. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.12
Attacks Threatening Integrity
Denial of service (DoS) is a very common
attack. It may slow down or totally interrupt
the service of a system.

13. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.13
Table 1.1 Categorization of passive and active attacks

14. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.14
Figure 1.3 Security services
Security Services

15. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.15
Figure: Security mechanisms

16. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.16
Table: Relation between security services and mechanisms

17. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.17
Mechanisms discussed in the previous sections are only
theoretical recipes to implement security. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.
1.4.1 Cryptography
1.4.2 Steganography
Topics discussed in this section:
TECHNIQUES

18. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.18
Cryptography, a word with Greek origins, means
“secret writing.” However, we use the term to refer to
the science and art of transforming messages to make
them secure and immune to attacks.
Cryptography

19. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.19
The word steganography, with origin in Greek, means
“covered writing,” in contrast with cryptography, which
means “secret writing.”
Example: covering data with text
Steganography

20. Copyright © 2015 by McGraw Hill Education (India) Private Limited. All rights reserved.
1.20
Example: using dictionary
Example: covering data under color image
Continued…