SlideShare a Scribd company logo

CNS Unit-I_final.ppt

Download as PPT, PDF
S
SwapnaPavan2

The document discusses network security and cryptography. It provides an overview of security concepts like attacks, services, defense methods, and models. It defines information security, why it is important, and common security attacks like interruption, interception, modification, and fabrication. It also discusses security goals of confidentiality, integrity, and availability. Cryptography techniques like symmetric and asymmetric encryption are introduced along with concepts like plaintext, ciphertext, encryption, decryption, and cryptanalysis.

Education
1 of 84
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Network Security and Cryptography
CNS Unit-I_final.ppt
Outline of Unit- I • Introduction • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Cryptography concepts and steganography
What is Information Security? • Protection of Information against unauthorized access/ modification of Information (disclosed, destroyed or altered un-intentionally/intentionally) • Governments, commercial businesses, and individuals are all storing information electronically
Why Information Security is important? • Nowadays, security has become a central issue in data storage and transmission. The protection of confidential data from unauthorized access is important • The subject “Information Security” is widely present in the curriculum of Computer Science & Engineering, IT and Electronics at UG and PG level • Interesting area of research
Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Information Transferring
Attack: Interruption Cut wire lines, Jam wireless signals, Drop packets,
Attack: Interception Wiring, eavesdrop
Attack: Modification intercept Replaced info
Attack: Fabrication Also called impersonation
Security Attacks
Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modfication: This is an attack on integtrity • Fabrication: This is an attack on authenticity
Security Goals Integrity Confidentiality Avaliability
What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad. Confidentiality Confidentiality measures are designed to prevent unauthorized disclosure of information. The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.
Integrity Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously. Availability Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers.
CNS Unit-I_final.ppt
Passive attacks • Passive attacks do not affect system resources – Eavesdropping, monitoring • Two types of passive attacks – Release of message contents – Traffic analysis • Passive attacks are very difficult to detect – Message transmission apparently normal • No alteration of the data – Emphasis on prevention rather than detection • By means of encryption
Passive Attacks Release of Message Contents
Passive Attacks: Traffic Analysis
• Active attacks try to alter system resources or affect their operation – Modification of data, or creation of false data • Four categories – Masquerade – Replay – Modification of messages – Denial of service: preventing normal use • A specific target or entire network • Difficult to prevent – The goal is to detect and recover Active Attacks
Active Attacks Masquerade
Active Attacks Replay
Active Attacks Modification of Messages
Active Attacks: Denial of Service
Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
Types of Security Mechanism Security mechanism can also be termed as is set of processes that deal with recovery from security attack. Various mechanisms are designed to recover from these specific attacks at various protocol layers.
Types of Security Mechanism are : Encipherment : This security mechanism deals with hiding and covering of data which helps data to become confidential. It is achieved by applying mathematical calculations or algorithms which reconstruct information into not readable form. It is achieved by two famous techniques named Cryptography and Encipherment. Access Control : This mechanism is used to stop unattended access to data which you are sending. It can be achieved by various techniques such as applying passwords, using firewall, or just by adding PIN to data. Notarization : This security mechanism involves use of trusted third party in communication. It acts as mediator between sender and receiver so that if any chance of conflict is reduced. This mediator keeps record of requests made by sender to receiver for later denied.
Data Integrity : This security mechanism is used by appending value to data to which is created by data itself. It is similar to sending packet of information known to both sending and receiving parties and checked before and after data is received. When this packet or data which is appended is checked and is the same while sending and receiving data integrity is maintained. Authentication exchange : This security mechanism deals with identity to be known in communication. This is achieved at the TCP/IP layer where two- way handshaking mechanism is used to ensure data is sent or not.
Bit stuffing : This security mechanism is used to add some extra bits into data which is being transmitted. It helps data to be checked at the receiving end and is achieved by Even parity or Odd Parity. Digital Signature : This security mechanism is achieved by adding digital data that is not visible to eyes. It is form of electronic signature which is added by sender which is checked by receiver electronically. This mechanism is used to preserve data which is not more confidential but sender’s identity is to be notified.
Network Security Model Trusted Third Party principal principal Security transformation Security transformation attacker
Model for Network Security  In considering the place of encryption, its useful to use the following two models. The first models information flowing over an insecure communications channel, in the presence of possible opponents. Hence an appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party.
Model for Network Security
Model for Network Security • using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
Model for Network Access Security  using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorised users access designated information or resource
CRYPTOGRAPHY Cryptography is technique of securing information and communications through use of codes so that only those person for whom the information is intended can understand it and process it. Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix graphy means “writing”.
Features Of Cryptography are as follows: Confidentiality: Information can only be accessed by the person for whom it is intended and no other person except him can access it. Integrity: Information cannot be modified in storage or transition between sender and intended receiver without any addition to information being detected. Non-repudiation: The creator/sender of information cannot deny his or her intention to send information at later stage. Authentication: The identities of sender and receiver are confirmed. As well as destination/origin of information is confirmed.
Some Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
CNS Unit-I_final.ppt
Types Of Cryptography: In general there are three types Of cryptography: Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is Data Encryption System(DES). Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length is calculated as per the plain text which makes it impossible for contents of plain text to be recovered. Many operating systems use hash functions to encrypt passwords. Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for encryption and a private key is used for decryption. Public key and Private Key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.
Symmetric Encryption • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of public- key in 1970’s • and by far most widely used
CNS Unit-I_final.ppt
Symmetric Cipher Model
Requirements • two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver • mathematically have: Y = EK(X) X = DK(Y) • assume encryption algorithm is known • implies a secure channel to distribute key
CNS Unit-I_final.ppt
CNS Unit-I_final.ppt
CNS Unit-I_final.ppt
Classical attacks – It can be divided into a)Mathematical analysis and b) Brute-force attacks. Brute-force attacks runs the encryption algorithm for all possible cases of the keys until a match is found. Encryption algorithm is treated as a black box. Analytical attacks are those attacks which focuses on breaking the cryptosystem by analysing the internal structure of the encryption algorithm. Social Engineering attack – It is something which is dependent on the human factor. Tricking someone to reveal their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party which is not trusted. Implementation attacks – Implementation attacks such as side-channel analysis can be used to obtain a secret key. They are relevant in cases where the attacker can obtain physical access to the cryptosystem.
Symmetric Key Encryption Asymmetric Key Encryption It only requires a single key for both encryption and decryption. It requires two key one to encrypt and the other one to decrypt. The size of cipher text is same or smaller than the original plain text. The size of cipher text is same or larger than the original plain text. The encryption process is very fast. The encryption process is slow. It is used when a large amount of data is required to transfer. It is used to transfer small amount of data. It only provides confidentiality. It provides confidentiality, authenticity and non-repudiation. Examples: 3DES, AES, DES and RC4 Examples: Diffie-Hellman, Gamal, DSA and RSA In symmetric key encryption, resource utilization is low as compared to asymmetric key encryption. In asymmetric key encryption, resource utilization is high.
Cryptography • characterize cryptographic system by: – type of encryption operations used • substitution / transposition / product – number of keys used • single-key or private / two-key or public – way in which plaintext is processed • block / stream
Cryptanalysis • objective to recover key not just message • general approaches: – cryptanalytic attack – brute-force attack
Cryptanalytic Attacks/Possible types of attacks • ciphertext only – only know algorithm & ciphertext, is statistical, know or can identify plaintext • known plaintext – know/suspect plaintext & ciphertext • chosen plaintext – select plaintext and obtain ciphertext • chosen ciphertext – select ciphertext and obtain plaintext • chosen text – select plaintext or ciphertext to en/decrypt
More Definitions • unconditional security – no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security – given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years 168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years 26 characters (permutation) 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
Classical Substitution Ciphers • where letters of plaintext are replaced by other letters or by numbers or symbols • or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
Substitution Cipher • Hiding some data is known as encryption. When plain text is encrypted it becomes unreadable and is known as ciphertext. In a Substitution cipher, any character of plain text from the given fixed set of characters is substituted by some other character from the same set depending on a key. For example with a shift of 1, A would be replaced by B, B would become C, and so on. • Note: Special case of Substitution cipher is known as Caesar cipher where the key is taken as 3.
Caesar Cipher • earliest known substitution cipher • by Julius Caesar • first attested use in military affairs • replaces each letter by 3rd letter on • example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26)
Examples: Plain Text: I am studying Data Encryption Key: 4 Output: M eq wxyhCmrk Hexe IrgvCtxmsr Plain Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ Key: 4 utput: EFGHIJKLMNOPQRSTUVWXYZabcd
Cryptanalysis of Caesar Cipher • only have 26 possible ciphers – A maps to A,B,..Z • could simply try each in turn • a brute force search • given ciphertext, just try all shifts of letters • do need to recognize when have plaintext • eg. break ciphertext "GCUA VQ DTGCM"
Monoalphabetic Cipher • rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random ciphertext letter • hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic and Polyalphabetic Cipher • Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for each plain alphabet is fixed throughout the encryption process. For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to ‘D’. Input : Keyword : secret Message : Zombie Here Output : Ciphered String : ZLJEFT DTOT
Take the first example, we used "secret" keyword there. Plain Text : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z When "secret" keyword is used, the new encrypting text becomes : Encrypting : S E C R T A B D F G H I J K L M N O P Q U V W X Y Z (repeated letters are omitted) This means 'A' means 'S', 'B' means 'E' and 'C' means 'C' and so on. Lets encode the given message "Zombie Here" ZOMBIE HERE becomes ZLJEFT DTOT
Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.
Playfair Cipher • not even the large number of keys in a monoalphabetic cipher provides security • one approach to improving security was to encrypt multiple letters • the Playfair Cipher is an example • invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
Playfair Key Matrix • a 5X5 matrix of letters based on a keyword • fill in letters of keyword (sans duplicates) • fill rest of matrix with other letters • eg. using the keyword MONARCHY M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
Encrypting and Decrypting • plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X’ 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) 3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom) 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair
Security of Playfair Cipher • security much improved over monoalphabetic • since have 26 x 26 = 676 digrams • would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) • and correspondingly more ciphertext • was widely used for many years – eg. by US & British military in WW1 • it can be broken, given a few hundred letters • since still has much of plaintext structure
The sender and the receiver deicide on a particular key, say ‘tutorials’. In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I. playfair cipher
Process of Playfair Cipher •First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as − HI DE MO NE YZ Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be − QC EF NU MF ZV •The rules of encryption are − If both the letters are in the same column, take the letter below each one (going back to the top if at the bottom) •If both letters are in the same row, take the letter to the right of each one (going back to the left if at the farthest right) • If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle.
Polyalphabetic Ciphers • polyalphabetic substitution ciphers • improve security using multiple cipher alphabets • make cryptanalysis harder with more alphabets to guess and flatter frequency distribution • use a key to select which alphabet is used for each letter of the message • use each alphabet in turn • repeat from start after end of key is reached
Vigenère Cipher • simplest polyalphabetic substitution cipher • effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to use • use each alphabet in turn • repeat from start after d letters in message • decryption simply works in reverse
Example of Vigenère Cipher • write the plaintext out • write the keyword repeated above it • use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter • eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
One-Time Pad • if a truly random key as long as the message is used, the cipher will be secure • called a One-Time pad • is unbreakable since ciphertext bears no statistical relationship to the plaintext • since for any plaintext & any ciphertext there exists a key mapping one to other • can only use the key once though • problems in generation & safe distribution of key
One-Time Pad The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the ciphertext by the use of some other pad. Unbreakable Cipher. Choose long random bit string as key (same length of the text?) Use Bit XOR as E and D. Problem: How to distribute and protect the key.
Transposition Ciphers • now consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text
Rail Fence cipher • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT
Row Transposition Ciphers • a more complex transposition • write letters of message out in rows over a specified number of columns • then reorder the columns according to some key before reading off the rows Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Product Ciphers • ciphers using substitutions or transpositions are not secure because of language characteristics • hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a new much harder cipher • this is bridge from classical to modern ciphers
Steganography • an alternative to encryption • hides existence of message – using only a subset of letters/words in a longer message marked in some way – using invisible ink – hiding in LSB in graphic image or sound file • has drawbacks – high overhead to hide relatively few info bits
Other Steganography Techniques • Character marking • Selected letters of printed or typewritten text are over- written in pencil • The marks are ordinarily not visible unless the paper is held at an angle to bright light • Invisible ink • A number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper • Pin punctures • Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in front of a light • Typewriter correction ribbon • Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light
Steganography 3/20/2023 83 3/20/2023 83 3/20/2023 83 3/20/2023 83 3/20/2023 83 Figure.1. Original Image Figure 2. Image after hiding the plaintext
Steganography 3/20/2023 84 3/20/2023 84 3/20/2023 84 84 84 Fig. 1. Gray level image of a cricketer Fig.2. Image after hiding plaintext

More Related Content

PPTX
CNS new ppt unit 1.pptx
RizwanBasha12
 
PDF
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 
PDF
chapter 1-4.pdf
zerihunnana
 
PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PPTX
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
PPTX
cryptography introduction.pptx
BisharSuleiman
 
PPTX
Introduction of network security
sneha padhiar
 
PPTX
Information Assurance and Security all in One Handout.pptx
fernandezpineda1016
 
CNS new ppt unit 1.pptx
RizwanBasha12
 
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 
chapter 1-4.pdf
zerihunnana
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
cryptography introduction.pptx
BisharSuleiman
 
Introduction of network security
sneha padhiar
 
Information Assurance and Security all in One Handout.pptx
fernandezpineda1016
 

Similar to CNS Unit-I_final.ppt (20)

PPTX
Chapter 1 information assurance and security
garedew32
 
PPTX
Unit-1.pptx
ssuseref9c81
 
PDF
ch01.pdf
Samtech6
 
PPTX
Seminar Information Protection & Computer Security (Cryptography).pptx
umardanjumamaiwada
 
PPTX
syllabus of information security for 6th semester
PankilPatel25
 
PPT
Cryptography introduction
Vasuki Ramasamy
 
PPTX
cns unit 1.pptx
Saranya Natarajan
 
PPTX
Network security & cryptography
pinkutinku26
 
PPTX
Network security & cryptography
Kiran Patil
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
PDF
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET Journal
 
PPT
Module-1.ppt cryptography and network security
AparnaSunil24
 
PDF
Cryptography and Network Lecture Notes
FellowBuddy.com
 
PDF
Lec 01.pdf
MohammedElkayesh
 
PPTX
Network Security and Cryptography
Manjunath G
 
PDF
Network security - OSI Security Architecture
BharathiKrishna6
 
PPTX
Unit 1-NETWORK Security.pptx............
r47381047
 
PDF
Cryptography and Network Security ppt . pdf
22cc005
 
PPTX
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
PPTX
Cyber Security Part-I.pptx
RavikumarVadana
 
Chapter 1 information assurance and security
garedew32
 
Unit-1.pptx
ssuseref9c81
 
ch01.pdf
Samtech6
 
Seminar Information Protection & Computer Security (Cryptography).pptx
umardanjumamaiwada
 
syllabus of information security for 6th semester
PankilPatel25
 
Cryptography introduction
Vasuki Ramasamy
 
cns unit 1.pptx
Saranya Natarajan
 
Network security & cryptography
pinkutinku26
 
Network security & cryptography
Kiran Patil
 
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET Journal
 
Module-1.ppt cryptography and network security
AparnaSunil24
 
Cryptography and Network Lecture Notes
FellowBuddy.com
 
Lec 01.pdf
MohammedElkayesh
 
Network Security and Cryptography
Manjunath G
 
Network security - OSI Security Architecture
BharathiKrishna6
 
Unit 1-NETWORK Security.pptx............
r47381047
 
Cryptography and Network Security ppt . pdf
22cc005
 
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
Cyber Security Part-I.pptx
RavikumarVadana
 
Ad

Recently uploaded (20)

PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PPTX
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
PDF
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
PPTX
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PDF
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PPTX
20th Century Theater, Methods, History.pptx
cpadilla9
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
Trump Administration's workforce development strategy
Mebane Rash
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
20th Century Theater, Methods, History.pptx
cpadilla9
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Ad

CNS Unit-I_final.ppt

  • 3. Outline of Unit- I • Introduction • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Cryptography concepts and steganography
  • 4. What is Information Security? • Protection of Information against unauthorized access/ modification of Information (disclosed, destroyed or altered un-intentionally/intentionally) • Governments, commercial businesses, and individuals are all storing information electronically
  • 5. Why Information Security is important? • Nowadays, security has become a central issue in data storage and transmission. The protection of confidential data from unauthorized access is important • The subject “Information Security” is widely present in the curriculum of Computer Science & Engineering, IT and Electronics at UG and PG level • Interesting area of research
  • 6. Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
  • 8. Attack: Interruption Cut wire lines, Jam wireless signals, Drop packets,
  • 13. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modfication: This is an attack on integtrity • Fabrication: This is an attack on authenticity
  • 15. What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad. Confidentiality Confidentiality measures are designed to prevent unauthorized disclosure of information. The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.
  • 16. Integrity Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously. Availability Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers.
  • 18. Passive attacks • Passive attacks do not affect system resources – Eavesdropping, monitoring • Two types of passive attacks – Release of message contents – Traffic analysis • Passive attacks are very difficult to detect – Message transmission apparently normal • No alteration of the data – Emphasis on prevention rather than detection • By means of encryption
  • 19. Passive Attacks Release of Message Contents
  • 21. • Active attacks try to alter system resources or affect their operation – Modification of data, or creation of false data • Four categories – Masquerade – Replay – Modification of messages – Denial of service: preventing normal use • A specific target or entire network • Difficult to prevent – The goal is to detect and recover Active Attacks
  • 26. Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
  • 27. Types of Security Mechanism Security mechanism can also be termed as is set of processes that deal with recovery from security attack. Various mechanisms are designed to recover from these specific attacks at various protocol layers.
  • 28. Types of Security Mechanism are : Encipherment : This security mechanism deals with hiding and covering of data which helps data to become confidential. It is achieved by applying mathematical calculations or algorithms which reconstruct information into not readable form. It is achieved by two famous techniques named Cryptography and Encipherment. Access Control : This mechanism is used to stop unattended access to data which you are sending. It can be achieved by various techniques such as applying passwords, using firewall, or just by adding PIN to data. Notarization : This security mechanism involves use of trusted third party in communication. It acts as mediator between sender and receiver so that if any chance of conflict is reduced. This mediator keeps record of requests made by sender to receiver for later denied.
  • 29. Data Integrity : This security mechanism is used by appending value to data to which is created by data itself. It is similar to sending packet of information known to both sending and receiving parties and checked before and after data is received. When this packet or data which is appended is checked and is the same while sending and receiving data integrity is maintained. Authentication exchange : This security mechanism deals with identity to be known in communication. This is achieved at the TCP/IP layer where two- way handshaking mechanism is used to ensure data is sent or not.
  • 30. Bit stuffing : This security mechanism is used to add some extra bits into data which is being transmitted. It helps data to be checked at the receiving end and is achieved by Even parity or Odd Parity. Digital Signature : This security mechanism is achieved by adding digital data that is not visible to eyes. It is form of electronic signature which is added by sender which is checked by receiver electronically. This mechanism is used to preserve data which is not more confidential but sender’s identity is to be notified.
  • 31. Network Security Model Trusted Third Party principal principal Security transformation Security transformation attacker
  • 32. Model for Network Security  In considering the place of encryption, its useful to use the following two models. The first models information flowing over an insecure communications channel, in the presence of possible opponents. Hence an appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party.
  • 33. Model for Network Security
  • 34. Model for Network Security • using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service
  • 35. Model for Network Access Security
  • 36. Model for Network Access Security  using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorised users access designated information or resource
  • 37. CRYPTOGRAPHY Cryptography is technique of securing information and communications through use of codes so that only those person for whom the information is intended can understand it and process it. Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix graphy means “writing”.
  • 38. Features Of Cryptography are as follows: Confidentiality: Information can only be accessed by the person for whom it is intended and no other person except him can access it. Integrity: Information cannot be modified in storage or transition between sender and intended receiver without any addition to information being detected. Non-repudiation: The creator/sender of information cannot deny his or her intention to send information at later stage. Authentication: The identities of sender and receiver are confirmed. As well as destination/origin of information is confirmed.
  • 39. Some Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
  • 41. Types Of Cryptography: In general there are three types Of cryptography: Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is Data Encryption System(DES). Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length is calculated as per the plain text which makes it impossible for contents of plain text to be recovered. Many operating systems use hash functions to encrypt passwords. Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for encryption and a private key is used for decryption. Public key and Private Key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.
  • 42. Symmetric Encryption • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of public- key in 1970’s • and by far most widely used
  • 45. Requirements • two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver • mathematically have: Y = EK(X) X = DK(Y) • assume encryption algorithm is known • implies a secure channel to distribute key
  • 49. Classical attacks – It can be divided into a)Mathematical analysis and b) Brute-force attacks. Brute-force attacks runs the encryption algorithm for all possible cases of the keys until a match is found. Encryption algorithm is treated as a black box. Analytical attacks are those attacks which focuses on breaking the cryptosystem by analysing the internal structure of the encryption algorithm. Social Engineering attack – It is something which is dependent on the human factor. Tricking someone to reveal their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party which is not trusted. Implementation attacks – Implementation attacks such as side-channel analysis can be used to obtain a secret key. They are relevant in cases where the attacker can obtain physical access to the cryptosystem.
  • 50. Symmetric Key Encryption Asymmetric Key Encryption It only requires a single key for both encryption and decryption. It requires two key one to encrypt and the other one to decrypt. The size of cipher text is same or smaller than the original plain text. The size of cipher text is same or larger than the original plain text. The encryption process is very fast. The encryption process is slow. It is used when a large amount of data is required to transfer. It is used to transfer small amount of data. It only provides confidentiality. It provides confidentiality, authenticity and non-repudiation. Examples: 3DES, AES, DES and RC4 Examples: Diffie-Hellman, Gamal, DSA and RSA In symmetric key encryption, resource utilization is low as compared to asymmetric key encryption. In asymmetric key encryption, resource utilization is high.
  • 51. Cryptography • characterize cryptographic system by: – type of encryption operations used • substitution / transposition / product – number of keys used • single-key or private / two-key or public – way in which plaintext is processed • block / stream
  • 52. Cryptanalysis • objective to recover key not just message • general approaches: – cryptanalytic attack – brute-force attack
  • 53. Cryptanalytic Attacks/Possible types of attacks • ciphertext only – only know algorithm & ciphertext, is statistical, know or can identify plaintext • known plaintext – know/suspect plaintext & ciphertext • chosen plaintext – select plaintext and obtain ciphertext • chosen ciphertext – select ciphertext and obtain plaintext • chosen text – select plaintext or ciphertext to en/decrypt
  • 54. More Definitions • unconditional security – no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security – given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
  • 55. Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years 168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years 26 characters (permutation) 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
  • 56. Classical Substitution Ciphers • where letters of plaintext are replaced by other letters or by numbers or symbols • or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
  • 57. Substitution Cipher • Hiding some data is known as encryption. When plain text is encrypted it becomes unreadable and is known as ciphertext. In a Substitution cipher, any character of plain text from the given fixed set of characters is substituted by some other character from the same set depending on a key. For example with a shift of 1, A would be replaced by B, B would become C, and so on. • Note: Special case of Substitution cipher is known as Caesar cipher where the key is taken as 3.
  • 58. Caesar Cipher • earliest known substitution cipher • by Julius Caesar • first attested use in military affairs • replaces each letter by 3rd letter on • example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
  • 59. Caesar Cipher • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26)
  • 60. Examples: Plain Text: I am studying Data Encryption Key: 4 Output: M eq wxyhCmrk Hexe IrgvCtxmsr Plain Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ Key: 4 utput: EFGHIJKLMNOPQRSTUVWXYZabcd
  • 61. Cryptanalysis of Caesar Cipher • only have 26 possible ciphers – A maps to A,B,..Z • could simply try each in turn • a brute force search • given ciphertext, just try all shifts of letters • do need to recognize when have plaintext • eg. break ciphertext "GCUA VQ DTGCM"
  • 62. Monoalphabetic Cipher • rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random ciphertext letter • hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
  • 63. Monoalphabetic and Polyalphabetic Cipher • Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for each plain alphabet is fixed throughout the encryption process. For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to ‘D’. Input : Keyword : secret Message : Zombie Here Output : Ciphered String : ZLJEFT DTOT
  • 64. Take the first example, we used "secret" keyword there. Plain Text : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z When "secret" keyword is used, the new encrypting text becomes : Encrypting : S E C R T A B D F G H I J K L M N O P Q U V W X Y Z (repeated letters are omitted) This means 'A' means 'S', 'B' means 'E' and 'C' means 'C' and so on. Lets encode the given message "Zombie Here" ZOMBIE HERE becomes ZLJEFT DTOT
  • 65. Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.
  • 66. Playfair Cipher • not even the large number of keys in a monoalphabetic cipher provides security • one approach to improving security was to encrypt multiple letters • the Playfair Cipher is an example • invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
  • 67. Playfair Key Matrix • a 5X5 matrix of letters based on a keyword • fill in letters of keyword (sans duplicates) • fill rest of matrix with other letters • eg. using the keyword MONARCHY M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
  • 68. Encrypting and Decrypting • plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X’ 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) 3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom) 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair
  • 69. Security of Playfair Cipher • security much improved over monoalphabetic • since have 26 x 26 = 676 digrams • would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) • and correspondingly more ciphertext • was widely used for many years – eg. by US & British military in WW1 • it can be broken, given a few hundred letters • since still has much of plaintext structure
  • 70. The sender and the receiver deicide on a particular key, say ‘tutorials’. In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I. playfair cipher
  • 71. Process of Playfair Cipher •First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as − HI DE MO NE YZ Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be − QC EF NU MF ZV •The rules of encryption are − If both the letters are in the same column, take the letter below each one (going back to the top if at the bottom) •If both letters are in the same row, take the letter to the right of each one (going back to the left if at the farthest right) • If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle.
  • 72. Polyalphabetic Ciphers • polyalphabetic substitution ciphers • improve security using multiple cipher alphabets • make cryptanalysis harder with more alphabets to guess and flatter frequency distribution • use a key to select which alphabet is used for each letter of the message • use each alphabet in turn • repeat from start after end of key is reached
  • 73. Vigenère Cipher • simplest polyalphabetic substitution cipher • effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to use • use each alphabet in turn • repeat from start after d letters in message • decryption simply works in reverse
  • 74. Example of Vigenère Cipher • write the plaintext out • write the keyword repeated above it • use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter • eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
  • 75. One-Time Pad • if a truly random key as long as the message is used, the cipher will be secure • called a One-Time pad • is unbreakable since ciphertext bears no statistical relationship to the plaintext • since for any plaintext & any ciphertext there exists a key mapping one to other • can only use the key once though • problems in generation & safe distribution of key
  • 76. One-Time Pad The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the ciphertext by the use of some other pad. Unbreakable Cipher. Choose long random bit string as key (same length of the text?) Use Bit XOR as E and D. Problem: How to distribute and protect the key.
  • 77. Transposition Ciphers • now consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text
  • 78. Rail Fence cipher • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT
  • 79. Row Transposition Ciphers • a more complex transposition • write letters of message out in rows over a specified number of columns • then reorder the columns according to some key before reading off the rows Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
  • 80. Product Ciphers • ciphers using substitutions or transpositions are not secure because of language characteristics • hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a new much harder cipher • this is bridge from classical to modern ciphers
  • 81. Steganography • an alternative to encryption • hides existence of message – using only a subset of letters/words in a longer message marked in some way – using invisible ink – hiding in LSB in graphic image or sound file • has drawbacks – high overhead to hide relatively few info bits
  • 82. Other Steganography Techniques • Character marking • Selected letters of printed or typewritten text are over- written in pencil • The marks are ordinarily not visible unless the paper is held at an angle to bright light • Invisible ink • A number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper • Pin punctures • Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in front of a light • Typewriter correction ribbon • Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light
  • 83. Steganography 3/20/2023 83 3/20/2023 83 3/20/2023 83 3/20/2023 83 3/20/2023 83 Figure.1. Original Image Figure 2. Image after hiding the plaintext
  • 84. Steganography 3/20/2023 84 3/20/2023 84 3/20/2023 84 84 84 Fig. 1. Gray level image of a cricketer Fig.2. Image after hiding plaintext