This document provides an overview of the topics covered in the course CS8792 - Cryptography and Network Security. The topics include: 1. An introduction to security trends, including the CIA triad of confidentiality, integrity and availability. It also discusses legal, ethical and professional aspects of security. 2. The need for security at multiple levels and the role of security policies in protecting systems and setting access protocols. 3. A model of network security which includes encryption, encryption keys, algorithm design, secret information distribution and security protocols. 4. The OSI security architecture and how it provides a systematic approach to security, organizing tasks like protecting information, key management and recovery procedures. It also discusses security

1. CS8792 –
CRYPTOGRAPHY AND
NETWORK SECURITY
~ S. Janani, AP/CSE
KCET

2. Unit I - Introduction
Topic Teaching Aid Activity
Security trends -
Legal, Ethical and Professional Aspects of Security
PPT -
Need for Security at Multiple levels, Security Policies PPT -
Model of network security,
Security attacks, services and mechanism,
OSI security architecture
PPT Quiz
Classical Encryption techniques (Symmetric cipher model, substitution
techniques, transposition techniques, steganography)
WB Worksheet
Foundations of modern cryptography: perfect security, information
theory, product cryptosystem, cryptanalysis
PPT Worksheet

3. https://www.youtube.com/watch?v=rYodcvhh7b8

4. 1. Security Trends
 What is security?
 Key Objectives of Computer Security
 Confidentiality
 Data Confidentiality – Confidential data is not available to the unauthorized
individuals
 Privacy - what information related to them may be collected and stored and to whom
that information may be disclosed
 Integrity
 Data Integrity - Assures that information are changed only in a specified and
authorized manner
 System Integrity - Assures that a system performs its intended function in an
unimpaired manner
 Availability - Assures that systems work promptly and service is not denied to
authorized users

5. CIA Triad
 Authenticity - The property of being genuine and being able to be verified and trusted;
 Accountability - The traceability of actions performed on a system to a specific system entity
 Computer Security - collection of tools designed to protect data and to thwart hackers
 Network Security - Measures to protect data during their transmission
 Internet Security - Measures to protect data during their transmission over a collection of
interconnected networks

6. 2. Legal, Ethical and Professional Aspects of
Security
 Online Transactions – more ways to
attack computers and networks
 The laws and ethics are important
aspects in data and network security
 International, national, state, city
laws affect privacy, secrecy
attacks
- Computers as targets
- Computers as storage devices
- Computers as communications
tools
- Illegal access
- Data interference
- System interference
- Computer-related forgery
- Crime related to child
pornography

7. Cryptography and Law
 Some Example laws which are forced on cryptography
 Control use of cryptography
 Cryptography and Escrow
Intellectual Properties
3 Types
 Copyright - protected against infringement such as reproduction right,
modification right, distribution right
 Patent - A patent for an invention is the grant of a property right to the
inventor
 Trademark - to identify the products or services in trade uniquely from
others
• Software
Programs
• Digital
Content
• Algorithm

8. Ethical issues related to computer and info
systems
 Repositories and processors of information –
raises questions of appropriateness or fairness
 Producers of new forms and types of assets
 Symbols of intimidation and deception

9. 3. Need for Security at multiple
levels
 To process information with incompatible
classifications, permit access by users with
different security clearances and needs-to-
know, and prevent users from obtaining
access to information for which they lack
authorization.

10. 3.1 Role of security policy
 Includes protection of sensitive information and
communications, key management, and procedures to
ensure encrypted information can be recovered
Role of the Security Policy in Setting up Protocols
 Who should have access to the system?
 How it should be configured?
 How to communicate with third parties or systems?
 Policies are divided in two categories:
 User policies - the limit of the users towards the computer
resources in a workplace
 IT policies - to secure the procedures and functions of IT fields

11. 4. Model of Network Security
encryption of the
message, which
scrambles the
message
encryptio
n key
Design an algorithm for
performing the security-related
transformation
Generate the secret information
Develop methods for the
distribution and sharing of the
secret information
Specify a protocol that makes
use of the security algorithm and
the secret information to achieve
a particular security service

12. Network Access Security Model

13. 5. OSI Security Architecture
 ITU-T Recommendation X.800, Security Architecture for OSI,
defines such a systematic approach
 The OSI security architecture is useful to managers as a way of
organizing the task of providing security
Attacks
• Any action that
compromises
the security of
information
owned by an
organization.
Mechanisms • Process to
detect, prevent,
or recover from
a security attack
Services
• A processing or
communication
service that
enhances the
security of the
data processing
system

14. Security Attacks
(b) Traffic Analysis

15. Active attacks