This document provides an overview of a university course on Cryptography and Network Security. It begins with the course syllabus, which outlines topics like security concepts, cryptography concepts and techniques, and types of security attacks. It then discusses key security concepts such as security services, security mechanisms, security attacks, and models for network and access security. It provides examples of security services like authentication, access control, and data confidentiality. It also describes security mechanisms and different classes of security attacks. The document concludes by listing reference books, online videos, related courses, tutorials, and sample multiple choice and problems related to cryptography and network security.

1. CRYPTOGRAPHY & NETWORK
SECURITY
Dr R Jegadeesan Prof-CSE
Jyothishmathi Institute of Technology and Science, karimnagar

2. Syllabus
UNIT – I:
Security Concepts: Introduction, The need for security, Security approaches,
Principles of security, Types of Security attacks, Security services, Security
Mechanisms, A model for Network Security Cryptography Concepts and
Techniques: Introduction, plain text and cipher text, substitution techniques,
transposition techniques, encryption and decryption, symmetric and asymmetric
key cryptography, steganography, key range and key size, possible types of
attacks

3. Security Concepts
Aim & Objective :
➢ Our focus is on Internet Security
➢ Consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission of information
Security Introduction
3

4. Security Concepts
Security Introduction:
➢ Information Security requirements have changed in recent times.
➢ traditionally provided by physical and administrative mechanisms.
➢ computer use requires automated tools to protect files and other stored
information.
➢ use of networks and communications links requires measures to protect
data during transmission.
Security Background
4

5. Security Concepts
Security Introduction & Definitions:
➢ Computer Security - generic name for the collection of tools designed to
protect data and to thwart hackers
➢ Network Security - measures to protect data during their transmission
➢ Internet Security - measures to protect data during their transmission
over a collection of interconnected networks.
Security -Definitions
5

6. Security Concepts
➢ Need systematic way to define requirements
➢ consider three aspects of information security:
➢ security attack
➢ security mechanism
➢ security service
➢consider in reverse order
Services, Mechanisms, Attacks
6

7. Security Concepts
➢ Is something that enhances the security of the data processing
systems and the information transfers of an organization
➢ Intended to counter security attacks
➢ Make use of one or more security mechanisms to provide the service
➢ Replicate functions normally associated with physical documents
➢ eg have signatures, dates; need protection from disclosure,
tampering, or destruction; be notarized or witnessed; be recorded
or licensed
Security Services
7

8. Security Concepts
➢ A mechanism that is designed to detect, prevent, or recover from a
security attack.
➢ No single mechanism that will support all functions required.
➢ However one particular element underlies many of the security
mechanisms in use: cryptographic techniques.
➢ Hence our focus on this area.
Security Mechanism
8

9. Security Concepts
➢ Any action that compromises the security of information owned by
an organization.
➢ Information security is about how to prevent attacks, or failing that, to
detect attacks on information-based systems.
➢ Have a wide range of attacks.
➢ Can focus of generic types of attacks.
➢ Note: often threat & attack mean same.
Security Attacks
9

10. Security Concepts
➢ ITU-T X.800 Security Architecture for OSI.
➢ Defines a systematic way of defining and providing security
requirements.
➢ For us it provides a useful, if abstract, overview of concepts we will
study.
OSI Security Architecture
10

11. Security Concepts
➢ X.800 defines it as: a service provided by a protocol layer of
communicating open systems, which ensures adequate security of
the systems or of data transfers.
➢ RFC 2828 defines it as: a processing or communication service
provided by a system to give a specific kind of protection to system
resources.
➢ X.800 defines it in 5 major categories
Security Services
11

12. Security Concepts
Authentication - Aassurance that the communicating entity is the
one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality –protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an
authorized entity
Non-Repudiation - protection against denial by one of the parties in
a communication.
Security Services (X.800)
12

13. Security Concepts
➢specific security mechanisms:
Encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control, notarization.
➢pervasive security mechanisms:
Trusted functionality, security labels, event detection, security audit trails,
security recovery.
Security Mechanisms (X.800)
13

14. Security Concepts
passive attacks - eavesdropping on, or monitoring of, transmissions to:
•obtain message contents, or
•monitor traffic flows
active attacks – modification of data stream to:
•masquerade of one entity as some other
•replay previous messages
•modify messages in transit
•denial of service
Classify Security Attacks as
14

15. Security Concepts
Model for Network Security
15

16. Security Concepts
using this model requires us to:
✓ Design a suitable algorithm for the security transformation
✓ Generate the secret information (keys) used by the algorithm
✓ Develop methods to distribute and share the secret information
✓ Specify a protocol enabling the principals to use the transformation
and secret information for a security service
Model for Network Security
16

17. Security Concepts
Model for Network Access Security
17

18. Security Concepts
➢using this model requires us to:
• Select appropriate gatekeeper functions to identify users
• Implement security controls to ensure only authorised users
access designated information or resources
➢trusted computer systems can be used to implement this model
Model for Network Access Security
18

19. Security Concepts
Text & Reference Books
19
Book Details :
TEXT BOOKS:
1. Cryptography and Network Security – Principles and Practice: William Stallings, Pearson
Education, 6th Edition
2. Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
REFERENCE BOOKS:
1. Cryptography and Network Security: C K Shyamala, N Harini, Dr T R Padmanabhan, Wiley
India, 1st Edition.
2. Cryptography and Network Security : Forouzan Mukhopadhyay, Mc Graw Hill, 3rd Edition
3. Information Security, Principles, and Practice: Mark Stamp, Wiley India.
4. Principles of Computer Security: WM. Arthur Conklin, Greg White, TMH
5. Introduction to Network Security: Neal Krawetz, CENGAGE Learning
6. Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

20. Security Concepts
Video reference
20
Video Link details (NPTEL, YOUTUBE Lectures and etc.)
•https://nptel.ac.in/courses/106105031/
•https://nptel.ac.in/courses/106105162/
•http://www.nptelvideos.in/2012/11/cryptography-and-network-
security.html

21. Security Concepts
Security courses
21
courses available on <www.coursera.org>, and http://neat.aicte-india.org
https://www.coursera.org/
Course 1 : Introduction to Cyber Security
Cyber Security. An introduction to modern information and system protection technology and
methods.
Course 2: Cyber security Specialization
-Cyber security Fundamentals. Construction of Secure Systems

22. Security Concepts
Security Tutorials
22
Tutorial topic wise
➢Cryptography Tutorial – Tutorialspoint www.tutorialspoint.com › cryptography
➢Cryptography Introduction – GeeksforGeeks www.geeksforgeeks.org › cryptography-
introduction
➢www.cse.iitm.ac.in › ~chester › courses › slides › 01_ Introduction

23. Security Concepts
Network Security MCQs
23
CNS – MCQs
1.In symmetric-key cryptography, the key locks and unlocks the box is
a. same b. shared c. private d. public
2.The keys used in cryptography are
a. secret key b. private key c. public key d. All of them
3.The ciphers of today are called round ciphers because they involve
a. Single Round b. Double Rounds c. Multiple Round d. Round about
4.Symmetric-key cryptography started thousands of years ago when people needed to
exchange
a. Files b. Packets c. Secrets d. Transmission
5.The relationship between a character in the plaintext to a character is
a. many-to-one relationship b. one-to-many relationship
c. many-to-many relationship d. None

24. Security Concepts
Security Tutorial
24
CNS –Tutorial Problems:
❑There are many businesses that don’t have a complete inventory of all of the IT assets that
they have tied into their network. This is a massive problem. If you don’t know what all of the
assets are on your network, how can you be sure your network is secure?
❑Many businesses are concerned with “zero day” exploits. These exploits are those unknown
issues with security in programs and systems that have yet to be used against anyone.
However, zero day vulnerabilities aren’t the problem—unpatched known vulnerabilities are the
problem.

25. Security Concepts
CNS Questions
25
Universities & Important Questions:
1. Compare Active and Passive attacks.
2. Lists the OSI Security mechanisms.
3. Mention the ingredients of Symmetric cipher model.
4. Lists the five Security Services.
5. Define Steganography.
6. State Fermat’s theorem.
7. Find GCD (1970, 1066) using Euclid's algorithm.
8. Define Euler Totient Function and calculate φ(37)
9. Find 117 mod 13.

26. 26
Thank you