C7_Network Security

Network security consists of the policies, processes and practices adopted to

prevent, detect and monitor unauthorized access, misuse, modification, or denial of a
computer network and network-accessible resources. Network security involves the
authorization of access to data in a network, which is controlled by the network administrator.
Network Security protects the network and data from breaches, intrusions and other threats.
Network security is the protection of the underlying networking infrastructure from unauthorized
access, misuse, malfunction, modification, destruction, improper disclosure or theft. It involves
creating a secure infrastructure for devices, applications, users, and applications to work in a
secure manner.
Users choose or are assigned an ID and password or other authenticating information that
allows them access to information and programs within their authority. Network security covers a
variety of computer networks, both public and private, that are used in everyday jobs: conducting
transactions and communications among businesses, government agencies and individuals.
Network security is involved in organizations, enterprises, and other types of institutions. It
secures the network, as well as protecting and overseeing operations being done. The most
common and simple way of protecting a network resource is by assigning it a unique name and a
corresponding password.
A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules. Cisco
offers both threat-focused firewalls and unified threat management (UTM) devices.
Network Security involves access control, virus and antivirus software, application
security, network analytics, types of network-related security (endpoint, web, wireless), firewalls,
VPN encryption and more.

Network security typically consists of three different controls: physical, technical and
administrative.

Physical Network Security: Physical security controls are designed to prevent unauthorized
personnel from gaining physical access to network components such as routers, cabling cupboards
and so on. Controlled access, such as locks, biometric authentication and other devices, is essential.
Technical Network Security: Technical security controls protect data that is stored on the network
or which is in transit across, into or out of the network. Protection is twofold; it needs to protect data
and systems from unauthorized personnel, and it also needs to protect against malicious activities
from employees.
Administrative Network Security: Administrative security controls consist of security policies
and processes that control user behavior, including how users are authenticated, their level of access
and also how IT staff members implement changes to the infrastructure.
Examples of Network security includes: Access Control, Application Security, Firewalls, Virtual
Private Networks(VPN), Behavioral Analytics, Wireless Security, Intrusion Prevention System etc.

Network security mechanisms

Network Access Control: To ensure that potential attackers cannot infiltrate our network,
comprehensive access control policies need to be in place for both users and devices. Network access
control (NAC) can be set at the most granular level. For example, we could grant administrators full
access to the network but deny access to specific confidential folders or prevent their personal devices
from joining the network.

1
Antivirus and Antimalware Software: Antivirus and antimalware software protect an
organization from a range of malicious software, including viruses, ransomware, worms and trojans.
The best software not only scans files upon entry to the network but continuously scans and tracks
files.

Firewall Protection: Firewalls, as their name suggests, act as a barrier between the untrusted
external networks and our trusted internal network. Administrators typically configure a set of
defined rules that blocks or permits traffic onto the network.

Virtual Private Networks: Virtual private networks (VPNs) create a connection to the network
from another endpoint or site. For example, users working from home would typically connect to the
organization's network over a VPN. Data between the two points is encrypted and the user would
need to authenticate to allow communication between their device and the network.

A network is considered secure only when it comprises three key components —

confidentiality, integrity, and availability. This combination, called the CIA triad, is a well-known
standard used while creating network security policies for any organization.
The CIA triad of confidentiality, integrity, and availability is at the heart of information
security. (The members of the classic InfoSec triad—confidentiality, integrity, and availability—
are interchangeably referred to in the literature as security attributes, properties, security goals,
fundamental aspects, information criteria, critical information characteristics and basic building
blocks.)
Primary Goals of Network Security - Confidentiality, Integrity and Availability
Confidentiality: The function of "Confidentiality" is in protecting precious business data (in
storage or in motion) from unauthorized access. Confidentiality part of Network Security
makes sure that the access to business data should be only for authorized individuals who
are permitted to use that data.
A good example of methods used to ensure confidentiality is requiring an account
number or routing number when banking online. Data encryption is another common
method of ensuring confidentiality. User IDs and passwords constitute a standard
procedure; two-factor authentication (2FA) is becoming the norm. Other options include
Biometric verification and security tokens, key fobs or soft tokens.
In addition, users can take precautions to minimize the number of places where
information appears and the number of times it is actually transmitted to complete a
required transaction. Extra measures might be taken in the case of extremely sensitive
documents, such as storing only on air-gapped computers, disconnected storage devices
or, for highly sensitive information, in hard-copy form only.
In information security, confidentiality "is the property, that information is not made
available or disclosed to unauthorized individuals, entities, or processes. Confidentiality is a
component of privacy that implements to protect our data from unauthorized viewers. Examples of
confidentiality of electronic data being compromised include laptop theft, password theft, or
sensitive emails being sent to the incorrect individuals.

Integrity: In IT security, data Integrity is referred to as maintaining and assuring the

accuracy, consistency and completeness of data over its entire lifecycle which means that
data cannot be modified in an unauthorized or undetected manner. The data received by the
recipient must be exactly same as the data sent from the sender, without change in even
single bit of data.
These measures include file permissions and user access controls.
Data might include checksums, even cryptographic checksums, for verification of
integrity. Backups or redundancies must be available to restore the affected data to its
2
correct state. Furthermore, digital signatures can be used to provide effective
nonrepudiation measures, meaning evidence of logins, messages sent, electronic
document viewing and sending cannot be denied.
In IT security, data integrity means maintaining and assuring the accuracy and completeness of data.

Availability: The function of "Availability" in Network Security is to make sure that the
Data, Network Resources or Network Services are continuously available to the legitimate
users, whenever they require it.

Authentication
Authentication is the act of verifying a claim of identity.
There are three different types of information that can be used for authentication:
Something we know: things such as a PIN, a password, or our mother's maiden name.
Something we have: a driver's license or a magnetic swipe card.
Something we are: biometrics, including palm prints, fingerprints, voice prints, and retina (eye)
scans.

Principles of Security
Data confidentiality: This means the privacy of data. Only the person who is the sole bearer of the
data can access and read it.
Data Integrity: The data is present in its original form as it was sent by the sender. There is no
insertion, deletion or modification has been done in the information.
Data availability: This means that the data is always available for access whenever required.
Authentication: This ensures that the communication is being held among the right individuals.
Non-repudiation: According to this, the sender or the receiver cannot deny being responsible for the
data being transmitted.
Other principles such as "accountability" have sometimes been proposed; it has been pointed out that
issues such as non-repudiation do not fit well within the three core concepts.

Types of attack: Networks are subject to attacks from malicious sources. Attacks can be from
two categories: "Passive" when a network intruder intercepts data traveling through the network,

3
and "Active" in which an intruder initiates commands to disrupt the network's normal operation
or to conduct reconnaissance and lateral movements to find and gain access to assets available via the
network.

Types of attacks include:

Active Attacks: An active attack is a network exploit in which attacker attempts to make changes
to data on the target or data en route to the target. Active network attacks are often aggressive,
blatant attacks that victims immediately become aware of when they occur. Active attacks are
highly malicious in nature, often locking out users, destroying memory or files, or forcefully
gaining access to a targeted system or network.
An active attack is easy to detect because the individual gets a notification about the attack
when an unauthorized user tries to access the data illegally. In an active attack, the modification of
information takes place that results in the loss and changes to the data information and
infrastructure. An active attack emphasizes detection.

Sub-types:
Denial of service (DoS): The attacker sends a large number of requests to slow down the server by
which the authorized user cannot get a response from the server. The attacker accesses the stream by
blocking the legal user.
Session replay: A sequence of data units is captured and resent by the attackers.
Masquerade: The attacker uses a false identity and behaves like an authorized user by taking the
privileged status; it grabs all the data.
Message modification: Some portion of the message is altered, reordered, or delayed.

Passive Attacks: A passive attack is a network attack in which a system is monitored and
sometimes scanned for open ports and vulnerabilities, but does not affect system resources.
The main difference between an active attack and a passive attack is that in an active attack,
the attacker makes modifications to the information and also intercepts the connection, whereas, in
the passive attack, the attacker interrupts the connection to read and analyze the information and
does not cause any damage.
In the passive attack, the attacker interrupts the connection to read and analyze the
information but does not cause any damage as the attacker cannot update or modify the data,
which is also known as eavesdropping.
The passive attack looks less harmful, but it is hard to detect as the individual is unaware
of the attack, and damage can be severe if the right information is obtained, e.g., bank or credit
card information, meeting papers, etc.
Passive attacks can be interrupted by using encryption methods. The passive attack does
not result in the loss of the system assets. It threatens data confidentiality.
Snooping, in a security context, is unauthorized access to another person's or company's
data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to
data during its transmission.
Snooping include casual observance of an email that appears on another person's computer
screen or watching what someone else is typing. More sophisticated snooping uses software to
remotely monitor activity on a computer or as communications data traverses a network.
An example of electronic snooping is a keylogger, a program that monitors and captures
keystrokes, including passwords and login information, and can intercept email and other private
communications and data transmissions. Keyloggers are commonly installed on endpoint devices,
such as PCs and laptops, and operate without the user knowing. The keylogger creates a text file
that captures every keyboard command issued. Later, hackers who installed the keylogger retrieve
the keystroke file and analyze it to find information they can use for other malicious purposes,
including accessing other protected resources, bribery or identity theft.

4
 It should also be pointed out that corporations sometimes snoop on employees legitimately to
monitor their use of business computers and track internet usage and productivity. The latest trend
of employees working from home rather than in the office has further fostered the use of remote
snooping tools.

The types of snooping methods and tools can vary widely, including the following:
Keylogger, man-in-the-middle network snooping, packet capture or sniffer, employee
performance monitoring, telephone wiretaps, audio/video surveillance

There are several methods reduce the chance of electronic snooping. Some common examples are the
following:
a. Avoid using public Wi-Fi networks.
b. Use secure Wi-Fi authentication techniques.
c. Keep antivirus software updated.
d. Use strong passwords for email ids, and change them frequently.
e. Use encryption when transmitting and storing sensitive data.
f. Know our surroundings, and turn computer screens away from surveillance cameras.
g. Deploy network monitoring and prevention tools, such as firewalls, virtual private networks
(VPNs) and anti-Address Resolution Protocol/domain name system spoofing services.
h. Segment networks so that secure communications flow through specific portions of the
network that can be better protected from spoofing attacks.

Spoofing is when an attacker impersonates an authorized device or user to steal data,

spread malware, or bypass access control systems. It is a technique through which a
cybercriminal disguises as a known or trusted source.
Spoofing can take many forms, such as spoofed emails, IP spoofing, DNS Spoofing, GPS
spoofing, website spoofing, and spoofed calls. In email spoofing, the adversary can hack an
unsecured mail server in order to hide their true identity. In a MitM attack, an adversary can create a
Wi-Fi access point in order to intercept any web activity and gather personal information.

Three of the most common types of spoofing are:

IP address spoofing - Attacker sends packets over the network from a false IP address
ARP spoofing - Attacker links their MAC address to an authorized IP address already on the
network
DNS spoofing - Attacker initiates a threat such as cache poisoning to reroute traffic intended for a
specific domain name traffic to a different IP address

Email Spoofing
Email spoofing occurs when an attacker purports to be a known, familiar or plausible
contact by either altering the ―From‖ field to match a trusted contact or mimicking the name
and email address of a known contact.
For example, a spoofed email address may use a zero (0) in place of the letter O, or
substitute an uppercase I for a lower-case L. This is called a homograph attack or visual
spoofing. In most email spoofing attacks, the message contains links to malicious websites or
infected attachments. The attacker may also use social engineering techniques to convince the
recipient to divulge personal data or other sensitive information.

Website or Domain Spoofing

Domain spoofing is when an attacker creates a website that mimics an existing site – often
by slightly changing domain names. The goal of these attacks is to have users attempt to log into
their account, at which point the attacker can record their account credentials or other personal
information. The attackers can then use the credentials on a trusted website or sell the

5
information. Website spoof attacks are usually triggered by an email spoof—meaning that the
attacker first reaches out using a fictitious email account and drives traffic to the spoofed website.

IP Spoofing
Attackers can alter their IP address in order to hide their real identity or impersonate
another user. This technique is commonly used by advanced adversaries in a DoS attack. Using
this technique, attackers alter their IP address in order to flood the victim‘s site with traffic,
limiting access for authentic users.

Address Resolution Protocol (ARP) Spoofing

Address Resolution Protocol (ARP) is the process of matching IP addresses to Media
Access Control (MAC) addresses in order to transmit data. In an ARP spoofing attack, the
adversary links their MAC to a legitimate network IP address so the attacker can receive data
meant for the owner of that IP address. ARP spoofing is commonly used to steal or modify data.
However, it can also be used in DoS and man-in-the-middle (MitM) attacks or in session
hijacking.

Man-in-the-middle (MitM) attack

A man-in-the-middle (MITM) attack is a type of cyberattack in which a third party
infiltrates a conversation between a network user and a web application. The goal of this attack is
to surreptitiously collect information, such as personal data, passwords or banking details, and/or
to impersonate one party in order to solicit additional information or spur action, such as changing
login credentials, completing a transaction or initiating a transfer of funds. This type of attack
often includes either email spoofing, website spoofing or both in order to trigger activity and carry
out the transfer of data.
Man-in-the-middle attacks (MITM) allows attackers to eavesdrop on the communication
between two targets. The attack takes place in between two legitimately communicating hosts,
allowing the attacker to ―listen‖ to a conversation they should normally not be able to listen to,
hence the name ―man-in-the-middle.‖
Cybercriminals are able to intercept web traffic between two parties. The spoof comes into
play when the criminals alter the communication between the parties to reroute funds or solicit
sensitive personal information like credit card numbers or logins.
While MitM attacks usually intercept data in the Wi-Fi network, another form of MitM
attack intercepts the data in the browser. This is called a man in the browser (MitB) attack.

A denial-of-service (DoS)
A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it
impossible for legitimate users to access computer systems, network, services or other information
technology (IT) resources. Attackers in these types of attacks typically flood web servers, systems or
networks with traffic that overwhelms the victim's resources and makes it difficult or impossible for
anyone else to access them.
Restarting a system will usually fix an attack that crashes a server, but flooding attacks are
more difficult to recover from. Recovering from a distributed DoS (DDoS) attack in which attack
traffic comes from a large number of sources is even more difficult.
DoS and DDoS attacks often take advantage of vulnerabilities in networking protocols and
how they handle network traffic. For example, an attacker might overwhelm the service by
transmitting many packets to a vulnerable network service from different Internet Protocol (IP)
addresses.
DoS attack aims to obstruct a network or resource by flooding a target with artificial traffic,
which restricts user access to the respective service being attacked.
Denial-of-service (DoS) attacks focus on disrupting or preventing legitimate users from accessing
websites, applications, or other resources. These attacks have been used by criminal organizations
to extort money, by activist groups to ‗make a statement,‘ and by state actors to punish their

6
adversaries. The impact and costs associated with DoS attacks can be wide-ranging; sending a text
bomb to trigger an unexpected reboot of a target‘s smartphone might be considered a minor
inconvenience, while a large-scale attack to prevent an online business from serving its customers
may cost millions of dollars. A
In (DoS attack) the perpetrator seeks to make a machine or network resource unavailable to
its intended users by temporarily or indefinitely disrupting services of a host connected to a
network. Denial of service is typically accomplished by flooding the targeted machine or resource
with superfluous requests in an attempt to overload systems and prevent some or all legitimate
requests from being fulfilled.
In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim
originates from many different sources. More sophisticated strategies are required to mitigate this
type of attack, as simply attempting to block a single source is insufficient because there are multiple
sources.
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a crash. In both instances, the DoS attack
deprives legitimate users (i.e. employees, members, or account holders) of the service or resource
they expected.
Victims of DoS attacks often target web servers of high-profile organizations such as
banking, commerce, and media companies, or government and trade organizations. Though DoS
attacks do not typically result in the theft or loss of significant information or other assets, they
can cost the victim a great deal of time and money to handle.
There are two general methods of DoS attacks: flooding services or crashing services. Flood
attacks occur when the system receives too much traffic for the server to buffer, causing them to
slow down and eventually stop.

A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the device's
normal functioning. DoS attacks typically function by overwhelming or flooding a targeted
machine with requests until normal traffic is unable to be processed, resulting in denial-of-service
to addition users.
A repudiation attack happens when an application or system does not adopt controls to
properly track and log users‘ actions, thus permitting malicious manipulation or forging the
identification of new actions. Its usage can be extended to general data manipulation in the name
of others, in a similar manner as spoofing mail messages.
A masquerade attack is one in which the attacker poses as an authorized user of a system
to gain access to it or greater privileges than they are authorized for. A masquerade can be
attempted by using stolen login IDs and passwords, finding security holes in software, or
bypassing the authentication mechanism.
Adversaries may try to manipulate features of their artifacts to appear legitimate or benign
to users and/or security tools. Masquerading occurs when the name or location of a legitimate or
malicious object is manipulated or abused to evade defenses and observation. This may include
tampering with file metadata, duping users into misidentifying file types, and impersonating
legitimate task or service names.
Weak authentication makes it much easier for an attacker to gain access, causing it one of the
easiest points of entry for a masquerade. Once authorized, the attacker may have full access to the
organization’s important data and may be able to modify and delete software and data, as well as
make changes to network configuration and routing information.

A replay attack (also known as a repeat attack or playback attack) is a form of network
attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is
carried out either by the originator or by an adversary who intercepts the data and re-transmits it,
possibly as part of a spoofing attack by IP packet substitution.

7
 Another way of describing such an attack is: "an attack on a security protocol using a replay of
messages from a different context into the intended (or original and expected) context, thereby
fooling the honest participant(s) into thinking they have successfully completed the protocol run."

A masquerade attack is an attack that uses a fake identity, such as a network identity, to
gain unauthorized access to personal computer information through legitimate access
identification. If an authorization process is not fully protected, it can become extremely
vulnerable to a masquerade attack.
Masquerade attacks can be perpetrated using stolen passwords and logons, by locating
gaps in programs, or by finding a way around the authentication process. The attack can be
triggered either by someone within the organization or by an outsider if the organization is
connected to a public network.
In case of an insider attack, a masquerade attacker gains access to the account of a legitimate
user either by stealing the victim's account ID and password, or by using a keylogger. Another
common method is by exploiting a legitimate user's laziness and trust. For example, if a legitimate
user leaves the terminal or session open and logged in, a co-worker may act as a masquerade
attacker.
Masquerade attack consists of a person imitating someone else‘s identity and using
legitimate sources to carry out cyber crimes in the victim‘s name. Attackers send out phishing
emails in order to pose as legitimate online sources and request the users for submission of personal
information.

Prevention/protection from Masquerade Attacks

a. Never open emails or any sort of content that is being sent from anonymous sources.
b. Always confirm the email‘s authenticity by checking with the sender if possible or not
indulging in opening the unimportant emails.
c. It is always advised using lengthy and difficult to crack passwords that consist of various type
of characters.
d. If the option of two-factor authentication is available on an application then its always better
to put it as an extra layer of security.
e. Logging out of the accounts after a session is complete is necessary to avoid such threats.
f. Periodically changing passwords and never setting the same password for two applications.

Model for Network Security

There are four basic tasks in designing a particular security service:
a. Design an algorithm for performing the security-related transformation.
b. Generate the secret information to be used with the algorithm.
c. Develop methods for the distribution and sharing of secret information.
d. Specify a protocol to be used by the two principals that make use of the security algorithm and
the secret information to achieve a particular security service.

Principles of Cryptography: Symmetric key and Public Key

Cryptography is about constructing and analyzing protocols that prevent third
parties or the public from reading private messages. Modern cryptography exists at the
intersection of the disciplines of mathematics, computer science, information security,
electrical engineering, digital signal processing, physics, and others. Practical applications
of cryptography include electronic commerce, chip-based payment cards, digital
currencies, computer passwords, and military communications. Core concepts related to
information security (data confidentiality, data integrity, authentication, and non-
repudiation) are also central to cryptography

.
8
Applications Of Cryptography:
Computer passwords, Digital Currencies, Secure web browsing, Electronic Signatures,
Authentication, Cryptocurrencies, End-to-end encryption
Cryptography which looks synonymous with encryption is converting readable
information (plaintext) to unintelligible nonsense text (ciphertext), which can only be read
by reversing the process (decryption). The sender of an encrypted (coded) message shares
the decryption (decoding) technique only with intended recipients to preclude access
from adversaries.
Modern cryptography is heavily based on mathematical theory and computer
science practice. Until modern times, cryptography referred almost exclusively to
"encryption", which is the process of converting ordinary information (called plaintext)
into an unintelligible form (called ciphertext). Decryption is the reverse, i.e. moving from
the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms
that carry out the encryption and the reversing decryption.
There are two main types of cryptosystems: symmetric and asymmetric. In
symmetric systems, the same secret key encrypts and decrypts a message. Data
manipulation in symmetric systems is significantly faster than in asymmetric systems.
Asymmetric systems use a "public key" to encrypt a message and a related "private
key" to decrypt it. The advantage of asymmetric systems is that the public key can be
freely published, allowing parties to establish secure communication without having a
shared secret key. In practice, asymmetric systems are used to first exchange a secret key,
and then secure communication proceeds via a more efficient symmetric system using that
key.
Examples of asymmetric systems include Diffie–Hellman key exchange, RSA (Rivest–
Shamir–Adleman), ECC (Elliptic Curve Cryptography), and Post-quantum cryptography.

9
Secure symmetric algorithms include the commonly used AES (Advanced Encryption
Standard) which replaced the older DES (Data Encryption Standard).

A. Symmetric-key cryptography
Symmetric-key cryptography refers to encryption methods in which both the
sender and receiver share the same key. Symmetric key ciphers are implemented as either
block ciphers or stream ciphers.
A block cipher enciphers input in blocks of plaintext as opposed to individual
characters, the input form used by a stream cipher. The Data Encryption Standard (DES)
and the Advanced Encryption Standard (AES) are block cipher designs. Despite its (DES)
deprecation as an official standard, DES is still used across a wide range of applications,
from ATM encryption to e-mail privacy and secure remote access.
A Stream ciphers, in contrast to the 'block' type, create an arbitrarily long stream of
key material, which is combined with the plaintext bit-by-bit or character-by-character,
somewhat like the one-time pad. In a stream cipher, the output stream is created based on
a hidden internal state that changes as the cipher operates. That internal state is initially
set up using the secret key material. RC4 is a widely used stream cipher. Block ciphers can
be used as stream ciphers by generating blocks of a keystream (in place of a
Pseudorandom number generator) and applying an XOR operation to each bit of the
plaintext with each bit of the keystream.

B. Asymmetric Key Cryptography (Public – key Cryptography)

Symmetric-key cryptosystems use the same key for encryption and decryption of a
message, although a message or group of messages can have a different key than others.
In public-key (asymmetric key) cryptography there are two different but
mathematically related keys used—a public key and a private key.
In public-key cryptosystems, the public key may be freely distributed, while its
paired private key must remain secret. In a public-key encryption system, the public key
is used for encryption, while the private or secret key is used for decryption.
Public-key cryptography is also used for implementing digital signature schemes.
A digital signature is reminiscent of an ordinary signature. Digital signatures can also be
permanently tied to the content of the message being signed; they cannot then be 'moved'
from one document to another, for any attempt will be detectable. In digital signature
schemes, there are two algorithms: one for signing, in which a secret key is used to process
the message (or a hash of the message, or both), and one for verification, in which the
matching public key is used with the message to check the validity of the signature. RSA
and DSA are two of the most popular digital signature schemes. Digital signatures are
central to the operation of public key infrastructures and many network security schemes
(e.g., SSL/TLS, many VPNs, etc.).
Most public-key algorithms involve operations such as modular multiplication and
exponentiation, which are much more computationally expensive than the techniques
used in most block ciphers, especially with typical key sizes. As a result, public-key
cryptosystems are commonly hybrid cryptosystems, in which a fast high-quality
symmetric-key encryption algorithm is used for the message itself, while the relevant
symmetric key is sent with the message, but encrypted using a public-key algorithm.

10
 Public-key cryptography, or asymmetric cryptography, is the field of cryptographic
systems that use pairs of related keys. Each key pair consists of a public key and a
corresponding private key. Key pairs are generated with cryptographic algorithms based
on mathematical problems termed one-way functions. Security of public-key
cryptography depends on keeping the private key secret; the public key can be openly
distributed without compromising security.
In a public-key encryption system, anyone with a public key can encrypt a message,
yielding a ciphertext, but only those who know the corresponding private key can decrypt
the ciphertext to obtain the original message.
In a digital signature system, a sender can use a private key together with a message
to create a signature. Anyone with the corresponding public key can verify whether the
signature matches the message, but a forger who does not know the private key cannot
find any message/signature pair that will pass verification with the public key.
For example, a software publisher can create a signature key pair and include the
public key in software installed on computers. Later, the publisher can distribute an
update to the software signed using the private key, and any computer receiving an
update can confirm it is genuine by verifying the signature using the public key. As long
as the software publisher keeps the private key secret, even if a forger can distribute
malicious updates to computers, they cannot convince the computers that any malicious
updates are genuine.

11
Public key algorithms are fundamental security primitives in modern cryptosystems,
including applications and protocols which offer assurance of the confidentiality,
authenticity and non-repudiability of electronic communications and data storage.
They underpin numerous Internet standards, such as Transport Layer Security
(TLS), SSH, S/MIME and PGP. Some public key algorithms provide key distribution and
secrecy (e.g., Diffie–Hellman key exchange), some provide digital signatures (e.g., Digital
Signature Algorithm), and some provide both (e.g., RSA). Compared to symmetric
encryption, asymmetric encryption is rather slower than good symmetric encryption, too
slow for many purposes. Today's cryptosystems (such as TLS, Secure Shell) use both
symmetric encryption and asymmetric encryption, often by using asymmetric encryption
to securely exchange a secret key which is then used for symmetric encryption.

Symmetric-key algorithms are algorithms for cryptography that use the same
cryptographic keys for both the encryption of plaintext and the decryption of ciphertext.
The keys may be identical, or there may be a simple transformation to go between the two
keys. The keys, in practice, represent a shared secret between two or more parties that can
be used to maintain a private information link. The requirement that both parties have
access to the secret key is one of the main drawbacks of symmetric-key encryption, in
comparison to public-key encryption (also known as asymmetric-key encryption).
However, symmetric-key encryption algorithms are usually better for bulk encryption.
Symmetric-key encryption can use either stream ciphers or block ciphers.

Stream ciphers encrypt the digits (typically bytes), or letters (in substitution ciphers) of a
message one at a time. Substitution ciphers are well-known ciphers, but can be easily
decrypted using a frequency table.
Block ciphers take a number of bits and encrypt them in a single unit, padding the
plaintext to achieve a multiple of the block size. The Advanced Encryption Standard
(AES) algorithm uses 128-bit blocks.
Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael),
Camellia, Salsa20, ChaCha20, Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack,
Safer, and IDEA.
Symmetric ciphers cannot be used for non-repudiation purposes except by
involving additional parties.

Two of the best-known uses of public key cryptography are:

Public key encryption, in which a message is encrypted with the intended
recipient's public key. For properly chosen and used algorithms, messages cannot in
practice be decrypted by anyone who does not possess the matching private key, who is
thus presumed to be the owner of that key and so the person associated with the public
key.
Digital signatures, in which a message is signed with the sender's private key and
can be verified by anyone who has access to the sender's public key. This verification
proves that the sender had access to the private key, and therefore is very likely to be the
person associated with the public key. It also proves that the signature was prepared for

that exact message, since verification will fail for any other message one could devise
without using the private key.
Eavesdropping is the act of secretly or stealthily listening to the private conversation
or communications of others without their consent in order to gather information.

12
 Cryptography is the art of keeping information secure by transforming it into
form that unintended recipients cannot understand. In cryptography, an original human
readable message, referred to as plaintext, is changed by means of an algorithm, or series
of mathematical operations, into something that to an uninformed observer would look
like gibberish; this gibberish is called ciphertext.
It is a method of protecting information and communications through the use of
codes, so that only those for whom the information is intended can read and process it.
In computer science, cryptography refers to secure information and communication
techniques derived from mathematical concepts and a set of rule-based calculations called
algorithms, to transform messages in ways that are hard to decipher. These deterministic
algorithms are used for cryptographic key generation, digital signing, verification to
protect data privacy, web browsing on the internet and confidential communications such
as credit card transactions and email.
Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It
includes techniques such as microdots, merging words with images and other ways to
hide information in storage or transit. However, cryptography is most often associated
with scrambling plaintext into ciphertext (a process called encryption), then back again
(known as decryption).
Cryptographic systems require some method for the intended recipient to be able to
make use of the encrypted message—usually, though not always, by transforming the
ciphertext back into plaintext.
Cryptography literally means "secret writing." Cryptology, meanwhile, means
something like "knowledge of secrecy"; if cryptography is the practice of writing secret
messages, then cryptology is the theory. Encryption—"making secret"—is what we call the
process of turning plaintext into ciphertext Encryption is an important part of
cryptography, but doesn't encompass the entire science. It‘s opposite is decryption.
One important aspect of the encryption process is that it almost always involves both an
algorithm and a key. A key is just another piece of information, almost always a number,
that specifies how the algorithm is applied to the plaintext in order to encrypt it.
Some of the specific applications of cryptography are, from keeping military secrets
to transmitting financial data safely across the internet.
Using cryptographic techniques, security pros can:
a. Keep the contents of data confidential
b. Authenticate the identity of a message's sender and receiver
c. Ensure the integrity of the data, showing that it hasn't been altered
d. Demonstrate that the supposed sender really sent this message, a principle known
as non-repudiation
Cryptography concerns itself with the following four objectives:
Confidentiality: The information cannot be understood by anyone for whom it was
unintended.
Integrity: The information cannot be altered in storage or transit between sender and
intended receiver without the alteration being detected.
Non-repudiation: The creator/sender of the information cannot deny at a later stage their
intentions in the creation or transmission of the information.
Authentication: The sender and receiver can confirm each other's identity and the
origin/destination of the information.
A cryptosystem is also called a cypher system. It implements cryptographic
techniques using various cryptographic components such as plain text, encryption
algorithm, cypher text, decryption algorithm, and encryption key to provide information

13
security services. There are two types of a cryptosystem, such as Symmetric Key
Encryption and Asymmetric Key Encryption.
If the sender wants to send a message to a receiver secretly, without revealing it to
any third party, to accomplish that, the cryptosystem comes into the picture. At the sender
system, the cryptosystem takes the sender Message i. Plain text and using a secret key
(encryption key) it performs some encryption algorithm, forms a ciphertext, and then sends
it to the receiver. After receiving ciphertext at the receiver side cryptosystem perform
decryption algorithms using a secret key (decryption key) and convert cipher text into plain
text. The cryptosystem’s goal is to send private data from sender to receiver without
interpretation of any third party.

Diffie–Hellman key exchange.

Components of Cryptosystem
Let us discuss some of the components below.
1) Plain text
The plain text is a message or data which can understand by anyone.
2) Ciphertext
The ciphertext is a message or data that is not readable; it is accomplished by performing the
encryption algorithm on plain text using an encryption key.
3) Encryption Algorithm
It is a process of converting plain text into Ciphertext using an encryption key. It takes two
inputs, i.e. plain text and encryption key, to produce ciphertext.
4) Decryption Algorithm
It is an opposite process of an encryption algorithm; it converts cipher text into plain text
using the decryption key. It takes two inputs, i.e. ciphertext and decryption key, to produce
plain text.
5) Encryption Key
It is a key which sender used to convert plain text into ciphertext.
6) Decryption Key
It is a Key which the receiver uses to convert ciphertext into plain text.

Symmetric-key algorithms: are algorithms for cryptography that use the same
cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys
may be identical, or there may be a simple transformation to go between the two keys. The keys,
in practice, represent a shared secret between two or more parties that can be used to maintain a
private information link.
The requirement that both parties have access to the secret key is one of the main drawbacks of
symmetric-key encryption, in comparison to public-key encryption (also known as asymmetric-
key encryption). Symmetric-key encryption algorithms are usually better for bulk encryption. They
have a smaller key size, which means less storage space and faster transmission. Due to this,
asymmetric-key encryption is often used to exchange the secret key for symmetric-key encryption.

Cryptography focuses on four different objectives:

Confidentiality: Confidentiality ensures that only the intended recipient can decrypt the
message and read its contents.
Non-repudiation: Non-repudiation means the sender of the message cannot backtrack in
the future and deny their reasons for sending or creating the message.
Integrity: Integrity focuses on the ability to be certain that the information contained
within the message cannot be modified while in storage or transit.

14
Authenticity: Authenticity ensures the sender and recipient can verify each other‘s
identities and the destination of the message.

Secret Key Cryptography, or symmetric cryptography, uses a single key to encrypt

data. Both encryption and decryption in symmetric cryptography use the same key. The
cryptographic algorithm utilizes the key in a cipher to encrypt the data, and when the data
must be accessed again, a person entrusted with the secret key can decrypt the data. Secret
Key Cryptography can be used on both in-transit and at-rest data, but is commonly only
used on at-rest data, as sending the secret to the recipient of the message can lead to
compromise.
Examples: DES, AES, Caesar Cipher

15
Public Key Cryptography, or asymmetric cryptography, uses two keys to encrypt
data. One is used for encryption, while the other key can decrypts the message. Unlike
symmetric cryptography, if one key is used to encrypt, that same key cannot decrypt the
message, rather the other key will be used.
One key is kept private, and is called the ―private key‖, while the other is shared
publicly and can be used by anyone, hence it is known as the ―public key‖. The
mathematical relation of the keys is such that the private key cannot be derived from the
public key, but the public key can be derived from the private. The private key should not
be distributed and should remain with the owner only. The public key can be given to
any other entity. Examples: ECC, Diffie-Hellman, DSS

Cryptography is the study and practice of techniques for secure communication in

the presence of third parties called adversaries which deals with developing and
analyzing protocols which prevents malicious third parties from retrieving information
being shared between two entities.
Secure Communication refers to the scenario where the message or data shared
between two parties can‘t be accessed by an adversary. In Cryptography, an Adversary is a
malicious entity (third party), which aims to retrieve precious information or data thereby
undermining the principles of information security.
Data Confidentiality, Data Integrity, Authentication and Non-repudiation are core
principles of modern-day cryptography.

Confidentiality refers to certain rules and guidelines usually executed under

confidentiality agreements which ensure that the information is restricted to certain
people or places.
Data integrity refers to maintaining and making sure that the data stays accurate and
consistent over its entire life cycle.
Authentication is the process of making sure that the piece of data being claimed by the
user belongs to it.
Non-repudiation refers to ability to make sure that a person or a party associated with a
contract or a communication cannot deny the authenticity of their signature over their
document or the sending of a message.

Secret Key Cryptography ( Symmetric encryption)

Secret key cryptography uses a single key to encrypt and decrypt a message. The sender
encrypts the plaintext message using the key and sends it to the recipient who then uses
the same key to decrypt it and unlock the original plaintext message.
Symmetric Key Cryptography (secret –key creyptrograpy/ private-key encryption)
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message. The most popular symmetric–
key system is the Data Encryption Standard (DES)

Transposition Ciphers : In Cryptography, a transposition cipher is a method of encryption

by which the positions held by units of plaintext (which are commonly characters or groups of
characters) are shifted according to a regular system, so that the ciphertext constitutes a
permutation of the plaintext.
That is, the order of the units is changed (the plaintext is reordered). Mathematically, a bijective
function is used on the characters‘ positions to encrypt and an inverse function to decrypt.

16
Substitution Cipher: Method of encryption by which units of plaintext are replaced with
ciphertext, according to a fixed system; the ―units‖ may be single letters (the most common), pairs
of letters, triplets of letters, mixtures of the above, and so forth.

Stream Ciphers: Stream ciphers work on a single bit or byte at any time and constantly
change the key using feedback mechanisms. A self-synchronizing stream cipher ensures
the decryption process stays in sync with the encryption process by recognizing where it
sits in the bit keystream. A synchronous stream cipher generates the keystream
independently of the message stream and generates the same keystream function at both
the sender and the receiver.
Symmetric or secret-key encryption algorithm that encrypts a single bit at a time. With a
Stream Cipher, the same plaintext bit or byte will encrypt to a different bit or byte every time it is
encrypted.
Block Ciphers: Block ciphers encrypt one block of fixed-size data at a time. It will always
encrypt a plaintext data block to the same ciphertext when the same key is used. An
example of this is the Feistel cipher, which uses elements of key expansion, permutation,
and substitution to create vast confusion and diffusion in the cipher.
The stages of encryption and decryption are similar if not identical, which means
reversing the key reduces the code size and circuitry required for implementing the cipher
in a piece of software or hardware. An encryption method that applies a deterministic
algorithm along with a symmetric key to encrypt a block of text, rather than encrypting
one bit at a time as in stream ciphers.

Example: A common block cipher, AES, encrypts 128-bit blocks with a key of predetermined
length: 128, 192, or 256 bits. Block ciphers are pseudorandom permutation (PRP) families that
operate on the fixed size block of bits. PRPs are functions that cannot be differentiated from
completely random permutations and thus, are considered reliable until proven unreliable.

17
Stream Cipher

Block Cipher

18
Digital Signature:
A digital signature is an electronic, encrypted, stamp of authentication on digital
information such as email messages, macros, or electronic documents. A signature
confirms that the information originated from the signer and has not been altered.
A digital signature is a mathematical scheme for verifying the authenticity of
digital messages or documents. A valid digital signature, where the prerequisites are
satisfied, gives a recipient very high confidence that the message was created by a known
sender (authenticity), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and
are commonly used for software distribution, financial transactions, contract management
software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, which
includes any electronic data that carries the intent of a signature, but not all electronic
signatures use digital signatures. Electronic signatures have legal significance in some
countries, including USA, Canada, South Africa, India, Brazil, Indonesia, Mexico, Saudi
Arabia, Uruguay, Switzerland, Chile, Algeria, Turkey, and the countries of the European
Union. Digital signatures employ asymmetric cryptography.
A digital signature scheme typically consists of three algorithms:
A key generation algorithm that selects a private key uniformly at random from a set of
possible private keys. The algorithm outputs the private key and a corresponding public
key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either
accepts or rejects the message's claim to authenticity.
Two main properties are required. First, the authenticity of a signature generated from a
fixed message and fixed private key can be verified by using the corresponding public
key. Secondly, it should be computationally infeasible to generate a valid signature for a
party without knowing that party's private key.
Therefore A digital signature is an authentication mechanism that enables the
creator of the message to attach a code that acts as a signature. The Digital Signature
Algorithm (DSA), developed by the National Institute of Standards and Technology, is
one of many examples of a signing algorithm.

The following terms and definitions show what assurances are provided by digital
signatures.
Authenticity: The signer is confirmed as the signer.
Integrity: The content hasn‘t been changed or tampered with since it was digitally signed.
Non-repudiation Proves to all parties the origin of the signed content. Repudiation
refers to the act of a signer denying any association with the signed content.
Notarization Signatures in Microsoft Word, Microsoft Excel, or Microsoft PowerPoint
files, which are time stamped by a secure time-stamp server, under certain circumstances,
have the validity of a notarization.

The benefits of digital signatures

Security is the main benefit of digital signatures. Security capabilities embedded in
digital signatures ensure a document is not altered and signatures are legitimate.
Security features and methods used in digital signatures include the following:

19
Personal identification numbers (PINs), passwords and codes. Used to authenticate and
verify a signer's identity and approve their signature. Email, username and password are
the most common methods used.
Asymmetric cryptography. Employs a public key algorithm that includes private and
public key encryption and authentication.
Checksum. A long string of letters and numbers that represents the sum of the correct
digits in a piece of digital data, against which comparisons can be made to detect errors or
changes. A checksum acts as a data fingerprint.
Cyclic redundancy check (CRC). An error-detecting code and verification feature used in
digital networks and storage devices to detect changes to raw data.
Certificate authority (CA) validation. CAs issue digital signatures and act as trusted third
parties by accepting, authenticating, issuing and maintaining digital certificates. The use
of CAs helps avoid the creation of fake digital certificates.
Trust service provider (TSP) validation. A TSP is a person or legal entity that performs
validation of a digital signature on a company's behalf and offers signature validation
reports.
Time Stamping. By providing the date and time of a digital signature, timestamping is
useful when timing is critical, such as for stock trades, lottery ticket issuance and legal
proceedings.
Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. Because of the international
standard, a growing number of countries are accepting digital signatures as legally
binding.
Time savings. Digital signatures simplify the time-consuming processes of physical
document signing, storage and exchange, enabling businesses to quickly access and sign
documents.
Traceability. Digital signatures create an audit trail that makes internal record-keeping
easier for business. With everything recorded and stored digitally, there are fewer
opportunities for a manual signee or record-keeper to make a mistake or misplace
something.

Communication Security: IPSEC, VPN, FIREWALL, WIRELESS SECURITY:

Firewall (Packet Filter, Circuit Level Gateway, Application Level Gateway, Stateful
Multilayer Inspection)
Wireless Security (WEP, WPA, WPA2, WPA3)
Contd…….
The End
20