2. Syllabus
• Chapter 1: Introduction to Cryptography
• Chapter 2: Mathematical Background – Abstract Algebra and Number Theory
• Chapter 3: Block Ciphers
• Chapter 4: Public Key Cryptography
• Chapter 5: Cryptographic Hash Functions and Digital Signatures
• Chapter 6: Security Practices and System Security
• Chapter 7: Email, IP and WEB Security
3. Why We Need Network Security?
User
www.abc.com
Bogus server
4. Computer Security-Definition
• The protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity , availability and
confidentiality of information system resources (includes hardware ,
software, firmware , information/data and telecommunications).
- NIST
7. CIA Triad Explanation
• Confidentiality: Ensures that information is accessible only to those authorized to access it,
protecting it from unauthorized disclosure. Techniques include encryption, access controls,
and authentication.
• Integrity: Ensures that data is accurate and unaltered except by authorized users. Methods
such as checksums, hashing, and digital signatures help maintain data integrity.
• Availability: Ensures that information and resources are accessible to authorized users
when needed. This is achieved through redundancy, backups, and robust network and server
architectures.
8. Security Breach Levels
• Low Impact:
Affects non-critical systems or data.
Minimal disruption to business operations.
A breach of publicly available data, like a company's marketing material or public website
content.
Minor reputational damage, low financial loss, minimal regulatory implications.
9. Medium Impact
Affects internal systems, sensitive data, or partially disrupts business operations.
Could involve some loss of productivity or trust.
Compromise of employee information (e.g., email addresses, phone numbers) or internal
emails.
Moderate reputational damage, some financial loss, possible regulatory action (e.g., fines),
potential legal liabilities.
10. High Impact
Affects critical systems, highly sensitive data, or results in significant disruption of
operations.
Breach involving financial data, intellectual property, personal health information, or
customer data.
Severe reputational damage, significant financial loss, regulatory penalties (e.g., GDPR fines),
potential lawsuits, loss of customer trust, and in severe cases, business closure.
11. Additional Elements
Authenticity in information security refers to the assurance that data,
communications, or documents are genuine and come from a verified and trusted source. It
ensures that the identities of users, systems, or data sources are confirmed, and that
information has not been tampered with or fabricated.
12. Additional Elements
Accountability in cybersecurity refers to the principle that every action and decision within
an information system can be traced back to a specific user, device, or process. It ensures
that users are responsible for their actions and can be held accountable for any unauthorized
access, misuse, or data breaches.
13. The OSI Security Architecture
• Threats and Attacks (RFC 2828)
Threat : A potential for violation of security, Which exists when there is a
circumstance, capability, action, or even that could breach security and cause
harm. That is a threat is a possible danger that might exploit a vulnerability.
Attack : An Assault on system security that derives from an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique)
to evade security services and violate the security policy of a system.
14. The OSI Security Architecture
Security Attack : Action that compromises the security
Security Mechanism : Detect , prevent or recover from a security attack
Security Service : Enhances the Security , counter security attacks and
provide the service.
16. Security Services
• Authentication - allows the receiving party (such as a server) to verify the identity of another
party (User / Client).
• Access control - Give right privileges to users.
• Data Confidentiality – Secure data before transmitting
• Data integrity – (Sent =Receive)
• Nonrepudiation - proves specific actions by a person or entity at a particular time
17. Security Mechanisms
• Encipherment – Ciphering Technique
• Digital Signature – Prove identity of the server
• Access Control – Giving access rights to users
• Data Integrity – Data modification or altered
• Authentication Exchange – Periodically sending router updates
• Traffic Padding – Dummy data Stream
• Routing Control – Physically Secure Routes
• Notarization – SSL Certificates by the CA
18. Security Attacks
• Action that compromises the security of an individual or an organization.
Types :
1. Active Attack
2. Passive Attack
19. Passive Attacks
• Attempts to learn or make use of information from the system.
• Does not affect system resources.
• Eavesdropping or monitoring the transmissions.
• Obtain information that is being transmitted.
Types :
1. Release of message contents
2. Traffic analysis
22. Active Attacks
• Active attacks involve some modification of the data stream or the creation of a false data
stream.
• Subdivided into four categories
1. Masquerade
2. Replay
3. Modification of Messages
4. Denial of service (DoS)
24. Masquerade (Cont.)
An unauthorized user pretends to be a legitimate one to gain access to sensitive systems,
data, or services.
Involves stealing, forging, or manipulating authentication credentials.
Attacker can bypass security measures and access privileged resources.
Types include Remote Code Execution (RCE), Clickjacking, and Business Logic Flaws.
25. Masquerade (Cont.) – Key steps
Acquires legitimate credentials through phishing, exploiting vulnerabilities, or intercepting
data.
Logs in or interacts with the system as a legitimate user, often blending in with network
traffic.
Performs malicious actions like data theft, malware installation, or system configuration
modification.
Alters or deletes logs and evidence to avoid detection.
Covers tracks to prevent traceability of activities.
26. Masquerade (Cont.) – Common
Techniques
Spoofing: Faking trusted identities to gain access or trick users.
Credential Theft: Using stolen credentials to impersonate legitimate users.
Session Hijacking: Taking over active sessions by stealing session cookies or tokens.
Phishing: Tricking users into providing credentials via fake websites or emails.
Privilege Escalation: Gaining unauthorized access to higher-level system privileges.
Code Injection: Injecting malicious code into legitimate processes.
Man-in-the-Middle (MitM) Attacks: Intercepting and altering communication without their knowledge.
27. Masquerade (Cont.) – Prevention
Mechanism
Multi-Factor Authentication (MFA): Requires multiple verifications for authorized access.
Strong Password Policies: Enforce complex passwords and regular changes to reduce credential theft.
Session Management: Implements secure session handling to prevent hijacking.
Encryption: Protects sensitive data from interception or misuse.
Monitoring and Logging: Continuously monitors activities to detect abnormal behavior.
Role-Based Access Control (RBAC): Restricts access based on user roles.
IP and Device Whitelisting: Limits access to trusted IP addresses and devices.
Security Training: Educates users on phishing attacks.
29. Replay (Cont.)
Involves intercepting valid data transmissions like authentication tokens or credentials.
The attacker retransmits the data to gain unauthorized access.
The attacker doesn't need to decipher the data, just resends it.
30. Replay (Cont.) – Key steps
Attacker listens to or captures network traffic between legitimate users and servers.
Critical data like session IDs, authentication tokens, or encrypted credentials are captured.
Unauthorized access to protected resources is gained using replayed data.
31. Replay (Cont.) – Common Techniques
Man-in-the-Middle (MITM) Attacks: The attacker intercepts communication between two
parties without either party knowing.
Session Hijacking: Attackers capture session tokens and reuse them to take over a session.
32. Replay (Cont.) – Prevention
Mechanism
Limits valid session duration to prevent data reuse.
Implements unique, random numbers for each session or transaction.
Adds timestamps to communications to verify message reuse.
Secures communications with strong encryption to prevent data capture and interpretation.
Uses short-lived session tokens or one-time passwords to reduce replay attacks.
34. Modification of Messages (Cont)
• Unauthorized entity intercepts and alters transmitted messages.
• Attacker aims to alter original message content.
• Potential consequences include manipulation of sensitive data, financial
transactions, or critical system commands.
35. Modification of Messages (Cont) – Key
Steps
Interception involves capturing transmitted message via man-in-the-middle (MITM) attacks.
Resending altered message to intended recipient as original.
Successful attack results in recipient accepting altered message without realizing tampering.
36. Modification of Messages (Cont) –
Common Techniques
Man-in-the-Middle (MITM) Attacks
Involves secretly altering communications between two parties.
Captures and alters legitimate messages.
Replay Attacks with Modification: Captures and resends modified messages.
Packet Injection: Inserts or changes data during transmission.
Trojan Horses: Malware manipulates messages by compromising devices.
37. Modification of Messages (Cont) –
Prevention Mechanism
End-to-End Encryption and Message Authentication
• Uses secure protocols like TLS and SSL for communication protection.
• Encrypts message content to prevent unauthorized access.
Digital Signatures
• Verifies message authenticity and integrity.
• Allows recipient to check signature.
Message Authentication Codes (MACs)
• Ensures message integrity and authenticity.
• Alerts recipient of altered messages.
38. Modification of Messages (Cont) – Prevention
Mechanism
Transport Layer Security
• Uses encryption and certificates for message security.
• Uses intrusion detection systems (IDS) to monitor network traffic.
Time Stamps and Nonces
• Prevents replaying or modification of old messages.
39. Denial of Service (DoS)
Bob
Server
Darth
Darth disrupt service
Provided by server
Sending multiple TCP connections to overload
The server and server cannot established new
Connections or users
Getting HTTP Service
40. Denial of Service (Cont.)
Malicious attempt to make network service unavailable.
Overwhelmed with illegitimate requests or exploited vulnerabilities.
Primary goal: disrupt normal functionality, slow down or crash service.
Makes access difficult or impossible for legitimate users.
41. Denial of Service (Cont.) – Key Types
Volume-Based Attacks
• Flood networks with massive traffic, overwhelming bandwidth or resources.
• Examples include ICMP Floods and UDP Floods.
• Goal: Saturate network, preventing legitimate traffic.
42. Protocol-Based DoS Attacks
Exploit weaknesses in network protocols or resource management.
Common examples: SYN Flood and Ping of Death.
SYN Flood: Attacker sends many requests but never completes, tying up server's resources.
Ping of Death: Malformed or oversized packets cause system crash.
43. Web Application Vulnerabilities Attacks
Cross-Site Scripting (XSS): Injects malicious scripts, leading to data theft.
SQL Injection (SQLi): Malicious SQL queries manipulate databases, allowing unauthorized access.
Cross-Site Request Forgery (CSRF): Tricks users into unintended actions on authenticated sites.
Broken Authentication: Allows attackers to hijack user sessions or accounts.
Insecure Direct Object References (IDOR): Manipulates URLs or inputs to access unauthorized data.
Security Misconfigurations: Exposes systems to attacks.
Sensitive Data Exposure: Leads to breaches and identity theft.
Insufficient Logging/Monitoring: Allows attackers to persist undetected.
44. Distributed Denial of Service (DDoS)
Powerful and damaging form of DoS.
Conducted by multiple compromised systems.
Targets a single victim simultaneously.
Difficult to mitigate due to multiple sources of attack traffic.
45. DDoS Mitigation Strategies
Firewalls detect and block DoS attack traffic patterns.
Intrusion detection and prevention systems (IDPS) monitor network traffic for suspicious activity.
CDNs distribute load across multiple data centers, reducing strain on a single server.
Load balancers distribute incoming traffic across multiple servers for redundancy.
Network administrators block known malicious IP addresses or regions, but may be less effective in
DDoS attacks.
Third-party services offer DDoS mitigation solutions, absorbing and filtering out malicious traffic.
46. Passive attack vs Active attack
Passive attack
• Hard to Detect.
• Neither Sender or Receiver is aware of the
attack.
• Encryption prevents the success of the
passive attacks.
• More emphasis is on prevention than
detection.
Active attack
• Hard to Prevent.
• Difficult to prevent – Physical , Software
and Network Vulnerabilities.
• Detect and recover from any disruption or
delays.
• If the detection has a deterrent effect , it
may also contribute to prevention.
47. Security Services - Definition
• The processing or communication service that is provided by a system to give a specific
kind of protection to system resources , security services implement security policies and
are implemented by security mechanisms
-
RFC 2828
49. Services
Peer Entity Authentication
Ensures identity of the communicating party.
Used in connection-oriented protocols like
SSL/TLS.
Focuses on party identities during
communication.
Often used in secure client-server
communication.
Typically occurs during communication session
establishment.
Data Origin Authentication
Verifies data integrity and authenticity from
legitimate sources.
Focuses on data authenticity, regardless of live
communication.
Used in critical scenarios like digital signatures.
Validates data regardless of sent date, ensuring
authenticity for stored or transmitted data.
50. Access Control
• Security mechanism that regulates who or what can view or use resources in a computing environment. It
ensures that only authorized users have the right permissions (such as read, write, execute) to access
systems, files, or data.
• There are several types of access control:
1. Discretionary Access Control (DAC): Resource owners control access based on user identity and set
permissions.
2. Mandatory Access Control (MAC): Access is regulated by a central authority based on predefined policies.
3. Role-Based Access Control (RBAC): Access is granted based on user roles within an organization.
4. Attribute-Based Access Control (ABAC): Access is determined by attributes (e.g., user, resource,
environment).
51. Data Confidentiality
• Security principle that ensures sensitive information is accessible only to authorized users
and protected from unauthorized access. It aims to prevent data breaches or leaks by using
encryption, access controls, and other security measures to keep information private.
• Key methods to ensure data confidentiality
1. Encryption: Scrambling data so that only authorized parties can decrypt and read it.
2. Access Control: Limiting who can access or manipulate the data.
3. Authentication: Verifying the identity of users accessing the data.
52. Data integrity
• Ensures that information remains accurate, consistent, and unaltered during storage,
transmission, or processing. It protects data from unauthorized modification, deletion, or
corruption, ensuring it is trustworthy and reliable.
• Key techniques to ensure data integrity
1. Checksums and Hashing: Detects data corruption by generating unique values based on
data content.
2. Error Detection: Mechanisms like parity checks ensure data consistency during
transmission.
3. Access Controls: Prevents unauthorized alterations to data.
53. Nonrepudiation
• Security principle that ensures a party in a transaction cannot deny the authenticity of their
actions, such as sending a message or making a commitment. It provides proof of the origin
and integrity of the data, preventing individuals from later disputing their involvement.
• Non-repudiation is typically achieved :
1. Digital Signatures: Verifies the sender's identity and ensures that the message hasn’t been
tampered with.
2. Audit Logs: Records transactions to provide evidence of actions.
54. Network Security Model
S S
Message Secure Message Secure Message Message
Trusted Third Party
Opponent
Secret info Secret info
Sender Receiver
S – Security Related Transformation
