Step ahead for securing our data using cryptography.

2. MR. Sourabh S. Badve
(CEH/ECSA)
Working as a freelancing Cyber Security Expert

3. •Information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction
Cryptography (from Greek "hidden, secret") is the practice and study of hiding
information
•Information security is concerned with the confidentiality, integrity and availability
of data regardless of the form the data may take: electronic, print, or other
forms.
•Cryptography is used in applications present in technologically advanced societies;
examples include the security of ATM cards, computer passwords, and
electronic commerce, which all depend on cryptography.

4. •Information security uses cryptography to transform usable information
into a form that renders it unusable by anyone other than an authorized
user; this process is called encryption
•Encrypted information can be transformed back into its original form by an
authorized user, who possesses the cryptographic key, through the process
of decryption
•Cryptography is used in information security to protect information from
unauthorized users while the information is in transit and storage
•Cryptography provides information security with improved authentication
methods, message digests, digital signatures, and encrypted network
communications

5. Modern Information Security
• Computer Security
It mainly focuses on shared system, such as time-sharing system and
necessary to provide some tools to protect file and other information stored
on the computer
• Network (Communication) Security
It mainly concerns distributed system, such as internet and its purpose is to
protect the information over the internet
It also focuses on measures to deter, prevent, detect and correct security
violations that involve the transmission of information.

6. • Confidentiality : Information is accessible only for reading
• Authentication : Information is correctly identified, with an assurance
that identity is not false
• Integrity : Only authorized parties are able to modify computer
system assets and transmitted information
• Nonrepudiation : Both the sender and receiver of message are unable
to deny the transmission.
• Access Control : Requires that access to information resources may be
controlled by or for the target system..

7. INTERRUPTION MODIFICATION
Source Destination Source Destination
INTERCEPTION FABRICATION
Source Destination Source Destination

8. Passive Attacks
Passive threats
Interception
Release of message contents Traffic analysis
Active Attacks
Passive threats
Interruption Modification Fabrication
(availability) (integrity) (authenticity)

9. Confidentiality
Integrity Avaliability

10. The art or science encompassing the principles and methods of transforming
an intelligible message into unintelligibleone, and then retransforming that
message back to original form.
Plaintext Encipher(encode)
Ciphertext Decipher(decode)
Cipher Cryptanalysis
Key Cryptology
code

11. World War II brought about many advancements in information security
and mark the beginning of the professional field of information security
German Lorenz cipher machine

12. The development of digital computers and
electronics after WWII made possible
much more complex ciphers
Many computer ciphers can be charact-
erized by their operation on binary bit
sequences,unlike classical and
mechanical schemes
The Enigma machine, used, in several
variants, by the German military between
the late 1920s and the end of
World War II
Enigma machine

13. Cryptography, then, not only protects data from theft or alteration, but can
also be used for user authentication. There are, in general, three types of
cryptographic schemes typically used to accomplish these goals
•Secret key cryptography (or symmetric)
•Public-key cryptography (or asymmetric)
•Hash functions,

14. •In this form single key is used for both encryption and decryption
•The sender uses the key to encrypt the plaintext and sends the ciphertext
to the receiver. The receiver applies the same key to decrypt the message
and recover the plaintext
•Because a single key is used for both functions, secret key cryptography is
also called symmetric encryption

15. •Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
•Stream ciphers operate on a single bit (byte or computer word) at a time
and implement some form of feedback mechanism so that the key is
constantly changing.
• A block cipher is so-called because the scheme encrypts one block of
data at a time using the same key on each block.
• In general, the same plaintext block will always encrypt to the same
ciphertext when using the same key in a block cipher whereas the same
plaintext will encrypt to different ciphertext in a stream cipher.

16. •PKC depends upon the existence of so-called one-way functions,that
are easy to computer whereas their inverse function is difficult to compute
•It employs two keys that are mathematically related although knowledge
of one key does not allow someone to easily determine the other key
•One key is used to encrypt the plaintext and the other key is used to
decrypt the ciphertext

17. Hash functions, also called message digests and one-way encryption, are
algorithms that, in some sense, use no key
A fixed-length hash value is computed based upon the plaintext that makes
it impossible for either the contents or length of the plaintext to be
recovered.
Hash algorithms are typically used to provide a digital fingerprint of a file's
contents and are also commonly employed by many operating systems to
encrypt passwords and then, provide a measure of the integrity of a file

18. Combines all functions to form a secure transmission comprising digital signature and
digital envelope

19. •Nearly all modern network operating systems employ passwords at the
very least to protect and authenticate users accessing computer and
network resources
•But passwords are not typically kept on a host or server in plaintext, but
are generally encrypted using some sort of hash scheme
•As the passwords are not saved in plaintext on computer systems
precisely,they cannot be easily compromised.
•An even stronger authentication method uses the password to modify a
shared secret between the client and server, but never allows the
password in any form to go across the network.

20. •PGP can be used to sign or encrypt e-mail messages with the mere
click of the mouse
•Depending upon the version of PGP, the software uses SHA or MD5
for calculating the message hash; CAST, Triple-DES, or IDEA for
encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital
signatures.
•PGP is available as a plug-in for many e-mail clients, such as Claris
Emailer, Microsoft Outlook and Qualcomm Eudora
•Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs, developed by Philip Zimmermann in the early
1990s

21. •In typical applications workstation are attached to LAN. The user can
reach other hosts, workstations and servers in the same LAN that are
interconnected via bridges and routers.
•Transmissions from station to station is visible on the LAN to all
station. Data is transmitted in the form of packets which contain
source/destination Ids, and other information.
•On this basis, an eavesdropper can monitor and capture traffic
packets. Eavesdropper needs not be a local LAN user; it could be
anyone to whom the LAN offers a dial-up capacity.
•Eavesdropping may also occur in any of the communication links
which provide connectivity to the system

22. Link Encryption
Each vulnerable communication link is equipped on both end with an
encryption devices
End-to-End Encryption
Data is encrypted only at the source node and decrypted at the destination
node
Problem
Data consists of packets have a header portion and content portion. we can’t
encrypt the header. So the data is secure and the traffic pattern is not
Solution
Use a combination of above two approaches.