Cryptography and Network Security Unit 1

Unit 1 Concepts of Computer Security

Structure:
1.1 Introduction
Objectives
1.2 Definition and Need of Computer Security
1.3 The OSI Security Architecture
1.4 Security Attacks
1.5 Security Services
1.6 Security Mechanisms
1.7 Network Security Model
1.8 Summary
1.9 Terminal Questions
1.10 Answers

1.1 Introduction
As you know, computers play a very important role in the modern world of
Information Technology (IT) as they have touched almost every aspect of
our lives. We use computers for various applications in different fields. It
would be impossible for us to imagine a single day without encountering a
computer or a device dependent on a computer or information produced by
a computer. At the same time, computing system or a part of it can be the
target of a crime. We know that a computing system refers to a group of
hardware, software, storage media, data, and personnel that an
organization utilizes to carry out their jobs, or tasks. It so possible that
anybody can misuse in innumerable ways the details of customers saved on
paper, or recorded on a storage medium, stored in different forms of
memory like disk drives etc. For example in banking sector, a competitor
bank can use data or details of customers to steal clients or to disrupt
service and disgrace the bank. A dishonest person can transfer money from
one account to another without the knowledge of account holders. This
clearly shows us the need for computer security but it is indeed a very
challenging task. Today IT security managers face many challenges since
they have to take care and maintain a secure environment to protect the
company’s assets and industry reputation with smaller budgets and staff. In
the 1960s the proliferation of computers and communications systems

Sikkim Manipal University B2069 Page No.: 1

Cryptography and Network Security Unit 1

brought with it a demand from the private sector to have means to protect
information in digital form and to provide security services. Data Encryption
Standard (DES) the most well-known cryptographic mechanism in history
remains as a standard for securing electronic commerce for many financial
institutions in the world. In 1976 the most striking development happened in
the history of cryptography when Diffie and Hellman published New
Directions in Cryptography with concept of public-key cryptography. This
unit explains you the basic concepts of computer security which includes
definition of computer security and need, OSI security architecture, security
attacks and services, security Mechanisms and Network Security Model.
Objectives:
After studying this unit, you should be able to:
 define computer security and list its main objectives
 explain the need for computer security
 explain the OSI security architecture
 list and explain types of security attacks
 explain the security services as applied to X.800
 enlist the security mechanisms defined in X.800.

1.2 Definition and Need of Computer Security

Computer security is information security as applied to computers and
computer networks.
NIST Computer Security Handbook defines the term computer security as
“The protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware,
software, firmware, information/ data, and telecommunications).”
The three important objectives of computer security are:
i) Confidentiality: Confidentiality can be in terms of data and privacy.
Data confidentiality means that the confidential information is not
disclosed to unauthorized individuals or not made available to public.
Privacy is about assuring individuals control or influence as what
information is to be collected and stored and by whom and to whom
that information is to be disclosed.

Sikkim Manipal University B2069 Page No.: 2

Cryptography and Network Security Unit 1

ii) Integrity: It refers to the trustworthiness of information resources. It

could be data integrity and system integrity. Data integrity means that
information and programs are changed only in a specified and
authorized manner. In system integrity, a system performs its intended
function in an unimpaired manner, free from deliberate or inadvertent
unauthorized manipulation of the system.
iii) Availability: It means availability of information resources when we
need it. Authorized people should have access to assets at appropriate
times.
These three concepts of confidentiality, integrity and availability form what is
called the CIA triad as shown in figure 1.1.

Figure 1.1: CIA Triad

Apart from these three concepts shown in CIA triad, two additional concepts
are also important. They are:
 Authenticity: In computing security, data, transactions, communications
or documents should be genuine. So it is important for authenticity to
validate that both parties involved are the ones they claim to be. Some
information security systems use authentication called "digital
signatures", to make sure that the message data is genuine and is sent
by the one possessing the proper signing key.
 Accountability: The security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity. This supports

Sikkim Manipal University B2069 Page No.: 3

Cryptography and Network Security Unit 1

nonrepudiation, deterrence, fault isolation, intrusion detection and

prevention, and after-action recovery and legal action. So we must be
able to trace a security breach to a responsible party. Systems must
keep records of their activities so that it may be useful later on for
forensic analysis to trace security breaches or to aid in transaction
disputes.
Need for Security
Computer security means keeping your computer safe from virus and
hacking of information from your computer while you are online. For
effective computer security, one should take care of physical security
measures to ensure that hardware and media are not stolen or damaged, to
minimise the risk and implications of error, failure or loss, by providing
appropriate user authentication, and encryption of sensitive files. We know
that when the "information is free" people can access to any information
they want at anytime, anywhere from wider range of computing devices. But
this poses security problems and control of the resources to which
computers permit access. Information and computer security is of utmost
importance without which many organizations will be targeted by hostile
software or intruders. When there is no security, the attacks can cause
several forms of damage which includes:
 Destruction or damage of computer systems.
 Destruction or damage of internal data.
 Loss of sensitive information to hostile parties.
 Use of sensitive information to steal elements of monetary value.
 Use of sensitive information of the customers thereby resulting in a legal
action by customers against the organization which in turn leads to loss
of customers.
 Damage to the reputation of an organization.
 Monitory damage, due to loss of sensitive information, hostile use of
sensitive data, destruction of data, or damage to the reputation of the
organization.
The Challenges of Computer Security
Computer and network security is a complex process for the following
reasons:
1. Security is not as simple as it appears to the novice. The mechanisms
required for maintaining the confidentiality, authentication and integrity
Sikkim Manipal University B2069 Page No.: 4
Cryptography and Network Security Unit 1

can be quite complex and understanding them may be rather subtle

reasoning.
2. One must be aware of potential attacks on the security features while
developing a particular security mechanism or algorithm. It so happens
that in many cases, successful attacks are designed by looking at the
problem in a completely different way, as there is an exploitation of an
unexpected weakness in the particular mechanism.
3. The procedures used to provide particular services are often counter
intuitive. So considering various aspects of the threat could make
sense for a security mechanism.
4. It is also important to decide the place for using the various security
mechanisms which are applicable to both physical placement (e.g., at
what points in the network the security mechanisms are needed) and in
a logical sense [e.g., at what layer or layers of an architecture such as
TCP/IP (Transmission Control Protocol/Internet Protocol) should
mechanisms be placed].
5. Security mechanisms usually use more than one particular algorithm or
protocol. And participants will be in possession of some secret
information (e.g., an encryption key). This raises room for questions
about the creation, distribution, and protection of secret information.
6. In providing a computer and network security, there could be a battle of
wits between a perpetrator who tries to find holes and the designer who
tries to close them. So to achieve perfect security designer should
eliminate all weaknesses.
7. Naturally there is a tendency of users and system managers to
perceive little benefit from security investment until a security failure
occurs.
8. It is important to have constant and regular monitoring of security. But
achieving this is very difficult in today’s overloaded and short term
environment.
9. Even now, providing security and incorporating it into a system will be
thought only after the design is complete rather than making it an
integral part of the design process.
10. Many users and security administrators feel that strong security as an
impediment to efficient and user-friendly operation of an information
system or use of information.

Sikkim Manipal University B2069 Page No.: 5

Cryptography and Network Security Unit 1

Self-Assessment Questions
1. ______________________ means confidential information is not
disclosed to unauthorized individuals or not made available to public.
2. Confidentiality, integrity and availability form ____________ triad.
3. TCP/IP stands for _______________________________________.

1.3 The OSI Security Architecture

The OSI security architecture focuses mainly on security attacks,
mechanisms, and services. Now let us see the definitions of these:
i) Security attack: It is an action that compromises the security of
information in an organization.
ii) Security mechanism: It is a process that detects, prevents, or
recovers from a security attack.
iii) Security service: It is a communication service or process that
enhances the security of the data processing systems and the
information transfers of an organization. It uses one or more security
mechanisms to provide the service and to counter security attacks.

1.4 Security Attacks

Security is considered as a fundamental component of network design. One
must understand and be aware of the importance of strong security policy
that is required when planning, building, and operating a network. But you
may come across with many security attacks. Now let us discuss types of
security attacks.
Types of security attacks:
There are two types of security attacks. They are:
1. Passive attacks
2. Active attacks.
A passive attack is a type of security attack which tries to make use of
information from the system without affecting or modifying system
resources. An active attack is also a type of security attack that attempts to
change system resources or even affect their operation. Now let us discuss
these two attacks in detail.

Sikkim Manipal University B2069 Page No.: 6

Cryptography and Network Security Unit 1

1. Passive Attacks
Passive attacks involve in eavesdropping (i.e. listening secretly to other’s
private conversation without any consent from them), or monitoring of data
transmissions. Passive attacks do not modify content or data of messages.
The purpose of the opponent (or an enemy or attacker or adversary) is to
obtain information that is being transmitted.
Passive attacks are of two types. They are:
 Release of message contents
 Traffic analysis.
We can understand the release of message contents easily by referring to
figure 1.2.

Figure 1.2: Passive attack of type-Release of message contents

In this type of attacks, an opponent tries to know the content of information

that is being transmitted. Release of our confidential or important messages
to unknown persons against our wishes happens in this attack. For
example, in a telephone conversation or in an email message, or in a file
transferred, there may be sensitive and or confidential information.
Suppose that Bob sends a data or message to Alice (refer to figure 1.2).
During the transmission, the third person by name Darth tries to read the
content of the message without the consent of Alice and Bob. So this
information should be protected and prevented from an opponent from
learning the contents of these during transmissions.

Sikkim Manipal University B2069 Page No.: 7

Cryptography and Network Security Unit 1

The second type of passive attack, traffic analysis is shown in figure 1.3.

Figure 1.3: Passive attack of type -Traffic analysis

In case of traffic analysis attack, the opponent tries to know the pattern of
message and with this pattern he/she may get some clues about the
communication that is taking place. He/she can even determine the location
and identity of communicating hosts and observe the frequency and length
of messages being exchanged. Assume that Bob sends a message using
some code or pattern to Alice (refer to figure 1.3), a third person Darth tries
to observe the pattern and may be able to understand the communication
message.
In passive attacks, the opponent could guess the nature of the
communication that is taking place. It is very difficult for us to detect the
passive attacks. This is because the data will not get altered. So we are not
even aware that a third party has read the messages or observed the traffic
pattern. However we can avoid these attacks capturing the contents of our
messages or other information traffic by using a technique called encryption.
Encryption prevents the success of these attacks.
2. Active Attacks
An active attack is one in which an unauthorized change of the system is
attempted. This involves, for example, the alteration of originally transmitted
or stored data, or the creation of new data streams or false messages. We
cannot prevent these attacks easily.

Sikkim Manipal University B2069 Page No.: 8

Cryptography and Network Security Unit 1

Figure 1.4 shows four sub-categories of active attacks. They are:

 Masquerade or fabrication
 Message Replay
 Message Modification
 Denial of service or interruption of availability

Sikkim Manipal University B2069 Page No.: 9

Cryptography and Network Security Unit 1

Figure 1.4: Active attacks- sub-categories

Masquerade attacks (refer to figure 1.4a) are the attacks that use false or
fake identity in order to acquire or modify information, and in turn achieve an

Sikkim Manipal University B2069 Page No.: 10

Cryptography and Network Security Unit 1

unwarranted privilege status. When the authorization process is not

protected fully, it can become vulnerable to masquerade attacks.
Message replay involves the re-use of captured data at a later time than
originally intended one to repeat some action of benefit to the attacker. For
example, the attacker can capture and replay of an instruction to transfer
funds from a bank account into his account or to one under his control.
However this can be avoided by confirmation of the freshness of a message.
(Refer to figure 1.4b).
Message Modification means altering some portion of a valid or legitimate
message, or delaying the message or reordering, to produce an
unauthorized effect (Refer to figure 1.4c). For example, a message “Allow
Raja to read accounts and confidential files” may be altered as “Allow Raja
Shankar to read accounts and confidential files”. Some times message
modification can result in changing a packet header address to send it
purposefully to an unintended destination.
The denial of service attack prevents the management or normal use of
facilities or communications services (Refer to figure 1.4d). This attack may
be in the form of either a targeted attack on a particular service or a broad,
incapacitating attack. Some of the examples are suppressing all messages
directed to a particular destination or disruption of an entire network, by
disabling the network or by flooding with messages to degrade performance
or to cause the complete collapse of the service.
It very difficult to completely prevent the active attacks and is unrealistic. So
a more appropriate strategy would be detection followed by recovery.

Activity 1:
What example of a replayed message could lead to a masquerade
attack?
Self-Assessment Questions
4. Security attack is an action that compromises the security of
information in an organization. (State True or False)
5. A ___________ attack tries to make use of information from the
system but does not affect system resources.
6. Traffic analysis is a type of _____________ attack.

Sikkim Manipal University B2069 Page No.: 11

Cryptography and Network Security Unit 1

7. A ______________ is one in which an unauthorized change of the

system is attempted.
8. ______________ involves the re-use of captured data at a later time
than the one originally intended in order to repeat some action of
benefit to the attacker.

1.5 Security Services

Security service is a service, provided by a layer of communicating open
systems in order to ensure adequate security of the systems or of data
transfers as per the ITU-T X.800 recommendation. Authoritative definition
that found in RFC 2828 is: “a processing or communication service that is
provided by a system to give a specific kind of protection to system
resources; security services implement security policies and are
implemented by security mechanisms”.
X.800 divides security services into five categories. They are:
1. Authentication
2. Access control
3. Data confidentiality
4. Data Integrity
5. Non repudiation
Table 1.1 shows five security services and fourteen specific services.

Sikkim Manipal University B2069 Page No.: 12

Cryptography and Network Security Unit 1

Table 1.1: Security Services (X.800)

AUTHENTICATION DATA INTEGRITY

The assurance that the communicating The assurance that data received are
entity is the one that it claims to be. exactly as sent by an authorized entity (i.e.,
contain no modification, insertion, deletion,
Peer Entity Authentication
or replay).
Used in association with a logical
connection to provide confidence in the Connection Integrity with Recovery
identity of the entities connected. Provides for the integrity of all user data on
a connection and detects any modification,
Data-Origin Authentication insertion, deletion, or replay of any data
In a connectionless transfer, provides within an entire data sequence, with
assurance that the source of received data recovery attempted.
is as claimed.
Connection Integrity without Recovery
ACCESS CONTROL As above, but provides only detection
The prevention of unauthorized use of a without recovery.
resource
Selective-Field Connection Integrity
DATA CONFIDENTIALITY Provides for the integrity of selected fields
The protection of data from unauthorized within the user data of a data block
disclosure. transferred over a connection and takes
the form of determination of whether the
Connection Confidentiality selected fields have been modified,
The protection of all user data on a inserted, deleted, or replayed.
connection.
Connectionless Integrity
Connectionless Confidentiality Provides for the integrity of a single
The protection of all user data in a single connectionless data block and may take
data block the form of detection ofdata modification.
Selective-Field Confidentiality Additionally, a limited form of replay
The confidentiality of selected fields within detection may be provided.
the user data on a connection or in a single Selective-Field Connectionless Integrity
data block. Provides for the integrity of selected fields
Traffic-Flow Confidentiality within a single connectionless data block;
The protection of the information that might takes the form of determination of whether
be derived from observation of traffic flows. the selected fields have been modified.
NONREPUDIATION
Provides protection against denial by one
of the entities involved in a communication
of having participated in all or part of the
communication.
Nonrepudiation, Origin
Proof that the message was sent by the
specified party.
Nonrepudiation, Destination
Proof that the message was received by
the specified party.

Sikkim Manipal University B2069 Page No.: 13

Cryptography and Network Security Unit 1

1) Authentication
The authentication service assures that the communication is authentic. If
the message is single, authentication service assures the recipient that the
message is from the source that it claims to be from. In the case of an on-
going interaction we need to take care of two aspects that are important for
connection of a terminal to a host. First, at the time of connection initiation,
there should be an assurance from the service that the two entities are
authentic and second, the service must assure that no interference is
present in the connection with no rumour for a third party for the purposes of
unauthorized transmission or reception.
Two specific authentication services defined in X.800 are:
i) Peer entity authentication: This service, when provided by the (N)-
layer, provides corroboration to the (N+1)-entity that the peer entity is
the claimed (N+1)-entity. This means service provides for the
corroboration of the identity of a peer entity in an association. When
two entities implement same protocol in different systems, they are
called peers.
ii) Data origin authentication: This service, when provided by the (N)-
layer, provides corroboration to an (N+1)-entity that the source of the
data is the claimed peer (N+1)-entity. In other words, this service
provides for the source corroboration of a data unit. This authentication
process does not provide any protection against the duplication or
modification of data units. This type of service supports applications
like email where no prior interaction takes palce between
communicating entities.
2) Access Control
In network security, access control means the ability to limit and control the
access to host systems and applications via communications links. We can
achieve protection against unauthorized access and use of resources. So it
is required to identify each entity trying to gain access, so that access rights
can be tailored to the individual.
3) Data Confidentiality
Data confidentiality is the protection of transmitted data from passive
attacks. So it is required to identify several levels of protection. The other
aspect of confidentiality is the protection of traffic flow from analysis. This

Sikkim Manipal University B2069 Page No.: 14

Cryptography and Network Security Unit 1

requires that an attacker not be able to observe the source and destination,
frequency, length, or other characteristics of the traffic on a communications
facility. The different types of confidentiality are:
i) Connection confidentiality: This service provides for the
confidentiality of all user-data on a connection
ii) Connectionless confidentiality: This service is about the
confidentiality of all user data in a single data block.
iii) Selective field confidentiality: This service provides for the
confidentiality of selected fields within the (N)-user-data on an (N)-
connection or in a single data block.
iv) Traffic flow confidentiality: This service protects the information
which might be derived from observation of traffic flows.
4) Data Integrity
Integrity can apply to a stream of messages, a single message, or selected
fields within a message. A connection-oriented integrity service deals with a
stream of messages. It assures that messages are received as sent with no
duplication, insertion, modification, reordering, or replays. This service also
addresses both message stream modification and denial of service. A
connectionless integrity service deals with individual messages. It provides
protection only against message modification.
Now we can make a distinction between service with and without recovery.
Since the integrity service relates to active attacks, the concern is usually
about detection rather than prevention. If any integrity violation is detected,
then the service simply reports this violation. So software or human
intervention is required in this case to recover from the violation. But there
are also mechanisms like automated recovery mechanisms available to
recover from the loss of integrity of data.
5) Nonrepudiation
Nonrepudiation prevents either the sender or the receiver from denying a
transmitted message. Thus, when a message is sent, the receiver can
prove that the alleged sender in fact sent the message. Similarly, when a
message is received, the sender can prove that the alleged receiver in fact
received the message.

Sikkim Manipal University B2069 Page No.: 15

Cryptography and Network Security Unit 1

1.6 Security Mechanisms

Security mechanisms are the means of providing security services. Table
1.3 lists the security mechanisms defined in X.800. These security
mechanisms are divided into those that are implemented in a specific
protocol layer (TCP or an application-layer protocol) and those that are not
specific to any particular protocol layer or security service.
Table 1.2: Security Mechanisms (X.800)

SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS

May be incorporated into the appropriate protocol Mechanisms that are not specific to any
layer in order to provide some of the OSI security particular OSI security service or protocol layer.
services.
Trusted Functionality
Encipherment
That which is perceived to be correct with
The use of mathematical algorithms to transform respect to some criteria (e.g., as established by
data into a form that is not readily intelligible. The a security policy).
transformation and subsequent recovery of the
data depend on an algorithm and zero or more Security Label
encryption keys. The marking bound to a resource (which may
be a data unit) that names or designates the
Digital Signature
security attributes of that resource.
Data appended to, or a cryptographic
transformation of, a data unit that allows a Event Detection
recipient of the data unit to prove the source and Detection of security-relevant events.
integrity of the data unit and protect against
forgery (e.g., by the recipient). Security Audit Trail
Access Control Data collected and potentially used to facilitate
a security audit, which is an independent review
A variety of mechanisms that enforce access and examination of system records and
rights toresources. activities.
Data Integrity Security Recovery
A variety of mechanisms used to assure the
Deals with requests from mechanisms, such as
integrity of a data unit or stream of data units.
event handling and management functions, and
Authentication Exchange takes recovery actions.
A mechanism intended to ensure the identity of
an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically secure
routes for certain data and allows routing
changes, especially when a breach of security is
suspected.
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.

Sikkim Manipal University B2069 Page No.: 16

Cryptography and Network Security Unit 1

X.800 also gives the distinction between reversible encipherment

mechanism and irreversible encipherment mechanism. A reversible
encipherment mechanism is an encryption algorithm that allows data to be
encrypted and subsequently decrypted. On the other hand, an irreversible
encipherment mechanism includes hash algorithms and message
authentication codes, which are used in digital signature and message
authentication applications.

Table 1.3 gives the relationship between security services and security
mechanisms. This is based on one in X.800.

Table 1.3: Relationship between Security Services and Security Mechanisms

Self-Assessment Questions
9. X.800 divides security services into _______________ categories.
10. _____________________ is the protection of transmitted data from
passive attacks.
11. _______________________ prevents either sender or receiver from
denying a transmitted message.
12. A _____________ encipherment mechanism is an encryption algorithm
that allows data to be encrypted and subsequently decrypted.

Sikkim Manipal University B2069 Page No.: 17

Cryptography and Network Security Unit 1

1.7 Network Security Model

The figure 1.5 shows the network security model.

Figure 1.5: Model for Network Security

A message is transferred from one party to another (from sender to

receiver) using Internet service. For this to happen, the two parties must
cooperate so that exchange takes place. A logical information channel
connects the source to destination with a defined route using the Internet
with the TCP/IP protocols as shown in the figure 1.5. Security aspects are
also important when it is required to protect the information transmission
from an opponent person or attacker who poses a threat to confidentiality,
authenticity, and so on. All the techniques that are used for providing
security include two components:
i) A security-related transformation on the information to be sent.
Examples, encryption of the message such that it is unreadable by the
opponent, and the addition of a code to verify the identity of the sender.
This is based on the contents of the message in order
ii) Sharing of some secret information by the two parties (or principals)
which is unknown to the opponent. For example, using an encryption
key in conjunction with the transformation to scramble the message
before transmission and unscramble it on reception.

Sikkim Manipal University B2069 Page No.: 18

Cryptography and Network Security Unit 1

A trusted third party may be needed to achieve secure transmission. For

example, a third party may be involved for distributing the secret information
to the two principals or parties keeping away from any opponent.
Four basic tasks are used in designing a particular security service. They
are:
1. Designing an algorithm for performing the security-related
transformation in such a way that an opponent cannot defeat its
purpose.
2. Generating the secret information and using this information with the
algorithm.
3. Developing methods for sharing and the distribution of the secret
information.
4. Specifying a protocol required by the two principals using the security
algorithm and the secret information to have better security service.
There are other security-related situations that do not fit in the model shown
in figure 1.5. So these are shown in network security model shown in figure
1.6, which also shows protecting an information system from unwanted
access.

Figure 1.6: Network Access Security Model

We know that hackers try to penetrate systems that can be accessed over a
network. A hacker may have no malign intent, but the habit of breaking and
entering a computer system which gives him some sort of satisfaction. The
intruder can be a dissatisfied employee who wishes to do damage or a
criminal who wants to exploit computer assets for financial needs or gain
(e.g., obtaining credit card numbers or performing illegal money transfers).

Sikkim Manipal University B2069 Page No.: 19

Cryptography and Network Security Unit 1

Another type of unwanted access is keeping a computer system to exploit

vulnerabilities in the system that can affect application programs and utility
programs, such as editors and compilers.
Programs pose two kinds of threats: A threat is a possible danger that can
exploit a vulnerability to breach security causing possible harm.
i) Information access threats: Intercept or modify data on behalf of
users who should not have access to that data.
ii) Service threats: Exploit service flaws in computers to inhibit use by
legitimate users.
The two examples of software attacks are viruses and worms. These
attacks get into a system when a disk is inserted or when a system is
connected to a network.
The security mechanisms needed to prevent unwanted access fall into two
broad categories. The first is a gatekeeper function that includes password-
based login procedures designed to deny access to anyone but the
authorized users and screening logic to detect and reject worms, viruses,
and other similar attacks. Once either an unwanted user or unwanted
software obtains the access, the second line of defence consists of a variety
of internal controls to monitor activity and analyse stored information to
detect the presence of unwanted intruders.
Self-Assessment Questions
13. A logical information channel connects the source to destination with a
defined route using the Internet with the ________________ protocols.
14. Viruses and worms are two examples of hardware attacks. (State True
or false).

1.8 Summary
Let us recapitulate the important concepts discussed in this unit:
 Computer security can be defined as “The protection afforded to an
automated information system in order to attain the applicable objectives
of preserving the integrity, availability, and confidentiality of information
system resources (includes hardware, software, firmware, information/
data, and telecommunications)”.

Sikkim Manipal University B2069 Page No.: 20

Cryptography and Network Security Unit 1

 The three concepts confidentiality, integrity and availability form what is

called the CIA triad.
 The OSI security architecture focuses on security attacks, mechanisms,
and services.
 There are two types of security attacks. They are: Passive attacks and
Active attacks.
 A passive attack tries to make use of information from the system but
does not affect system resources. An active attack attempts to change
system resources or even affect their operation.
 X.800 divides services into five categories: authentication, Access
control, data Confidentiality, data integrity, and Nonrepudiation.
 Data confidentiality is the protection of transmitted data from passive
attacks.
 A reversible encipherment mechanism is an encryption algorithm that
allows data to be encrypted and subsequently decrypted.
 Viruses and worms are two examples of software attacks.

1.9 Terminal Questions

1. Define computer security.
2. List and explain the three important objectives of computer security.
3. Explain OSI security architecture?
4. What is the difference between passive and active security threats?
5. List and define categories of passive security attacks.
6. List and brief the categories of security services.

1.10 Answers
Self-Assessment Questions
1. Data confidentiality
2. CIA
3. Transmission Control Protocol/Internet Protocol
4. True
5. Passive
6. Passive
7. Active attack
8. Message replay
9. Five

Sikkim Manipal University B2069 Page No.: 21

Cryptography and Network Security Unit 1

10. Data confidentiality

11. Nonrepudiation
12. Reversible
13. TCP/IP
14. False
Terminal Questions
1. NIST Computer Security Handbook defines the term computer security
as “The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity, availability,
and confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications)”. Refer
to section 1.2.
2. The three main objectives of computer security are confidentiality,
integrity and availability. )”. Refer to section 1.2 for more details.
3. The OSI security architecture focuses on security attacks, mechanisms,
and services. Refer to section 1.3.
4. A passive attack is a type of security attack which tries to make use of
information from the system without affecting or modifying system
resources. An active attack is a type of security attack that attempts to
change system resources or even affect their operation. Refer to
section 1.4.
5. Passive attacks are of two types. They are: Release of message
contents and Traffic analysis. Refer to section 1.4.
6. X.800 divides services into five categories: Authentication, Access
control, data confidentiality, data integrity, and Nonrepudiation. Refer to
section 1.4 for more details.

Sikkim Manipal University B2069 Page No.: 22