The document covers the basics of cryptography and network security, emphasizing the importance of securing information at various levels through mechanisms and policies. It outlines the goals of security, specifically focusing on the CIA triad: confidentiality, integrity, and availability, while categorizing various security attacks and the mechanisms employed to counter them. Additionally, it discusses modern security practices and the significance of cryptographic techniques in protecting data transmission.

1. CS8792 - Cryptography and
Network Security
VKP

2. Unit – I INTRODUCTION
• Security trends - Legal, Ethical and
Professional Aspects of Security, Need for
Security at Multiple levels, Security Policies -
Model of network security – Security attacks,
services and mechanisms – OSI security
architecture – Classical encryption techniques:
substitution techniques, transposition
techniques, steganography- Foundations of
modern cryptography: perfect security –
information theory – product cryptosystem –

3. What security is about in general?
• Security is about protection of assets
– Prevention
– Detection
– Reaction

4. Internet shopping example
• Prevention
– encrypt your order and card number, enforce
merchants to do some extra checks, using PIN
even for Internet transactions, don’t send card
number via Internet
• Detection
– an unauthorized transaction appears on your
credit card statement
• Reaction
– complain, dispute, ask for a new card number etc

5. Information security in past &
present
• Traditional Information Security
– keep the cabinets locked
– put them in a secure room
– human guards
– electronic surveillance systems
– in general: physical and administrative
mechanisms
• Modern World
– Data are in computers
– Computers are interconnected

6. Definitions
• Computer Security - generic name for the collection
of tools designed to protect data and to thwart
hackers
• Network Security - measures to protect data during
their transmission
• Internet Security - measures to protect data during
their transmission over a collection of interconnected
networks

7. Aim of Course
• our focus is on Internet Security
• which consists of measures to deter, prevent,
detect, and correct security violations that
involve the transmission & storage of
information

8. OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• defines a systematic way of defining and
providing security requirements

9. Security Goals – CIA Triad

10. Confidentiality
• Confidentiality is probably the most common
aspect of information security. We need to
protect our confidential information. An
organization needs to guard against those
malicious actions that endanger the
confidentiality of its information.

11. Integrity
• Information needs to be changed constantly.
Integrity means that changes need to be done
only by authorized entities and through
authorized mechanisms.

12. Availability
• The information created and stored by an
organization needs to be available to
authorized entities. Information needs to be
constantly changed, which means it must be
accessible to authorized entities.

13. Aspects of Security
• consider 3 aspects of information security:
– security attack
– security services
– security mechanism

14. Security Attack
• Any action that compromises the security of
information owned by an organization
• Information security: how to prevent attacks,
or failing that, to detect attacks on information-
based systems
• Note: often threat & attack mean same
• Focus on generic types of attack

15. Passive Attacks

16. Active Attacks

17. ATTACKS
The three goals of
securityconfidentiality, integrity, and
availabilitycan be threatened by security
attacks.

18. Figure 1.2 Taxonomy of attacks with relation to security goals
1.2 Continued

19. 1.2.1 Attacks Threatening Confidentiality
Snooping refers to unauthorized access to or interception
of data.
Traffic analysis refers to obtaining some other type of
information by monitoring online traffic.

20. 1.2.2 Attacks Threatening Integrity
Modification means that the attacker intercepts the
message and changes it.
Masquerading or spoofing happens when the attacker
impersonates somebody else.
Replaying means the attacker obtains a copy
of a message sent by a user and later tries to replay it.
Repudiation means that sender of the message might later
deny that she has sent the message; the receiver of the
message might later deny that he has received the message.

21. 1.2.3 Attacks Threatening Availability
Denial of service (DoS) is a very common attack. It may
slow down or totally interrupt the service of a system.

22. 1.2.4 Passive Versus Active Attacks
Table 1.1 Categorization of passive and active attacks

23. SERVICES AND MECHANISMS
ITU-T provides some security services and some
mechanisms to implement those services. Security
services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to
provide a service..

24. 1.3.1 Security Services
Figure 1.3 Security services

25. Security Services (X.800)
• Authentication - assurance that the communicating
entity is the one claimed
• Access Control - prevention of the unauthorized use
of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as
sent by an authorized entity
• Non-Repudiation - protection against denial by one
of the parties in a communication

26. 1.3.2 Security Mechanism
Figure 1.4 Security mechanisms

27. Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
Crypto
Secret Writing
graphy

28. Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery

29. 1.3.3 Relation between Services and Mechanisms
Table 1.2 Relation between security services and mechanisms

30. Model for Network Security

31. Some Basic Terminology
• Plaintext - original message
• Ciphertext - coded message
• Cipher - algorithm for transforming plaintext to ciphertext
• Key - information used in cipher known only to
sender/receiver
• Encipher (encrypt) - converting plaintext to ciphertext
• Decipher (decrypt) - recovering ciphertext from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key

32. Data Transmission Steps
PT
PT
CT
CT
Encryption
Transmission
DecryptionX – Plain text
Y – Cipher text
K – Key
Y = Ek (X)
X = Dk (Y)

33. Cryptography
• Characterize cryptographic system by:
– Type of encryption operations used
• Substitution / Transposition / Product
– Number of keys used
• Single-key or Private / Two-key or Public
– Way in which plaintext is processed
• Block /

34. Cryptanalysis
• Objective to recover key not just message
• General approaches:
– Cryptanalytic attack
• Knowledge of algorithm and some part of plaintext
– Brute-force attack
• Try every possible key on cipher text to get a meaningful
plain text