Cryptography and Network

Security
Lecture 1
Computer Security Concepts, The OSI Security
Architecture, Security Attacks, A Model for Network
Security, Symmetric Cipher Model, Cryptography and
Cryptanalysis
-Dr. DIANA PRADHAN
Asst. Prof., Department for CIOT
 Chapter 1

Computer and Network Security Concepts

By WILLIAM STALLING
Cryptographic algorithms and protocols can be grouped into four
main areas:

1. Symmetric encryption: Used to conceal the contents of blocks or streams

of data of any size, including messages, files, encryption keys, and
passwords.
2. Asymmetric encryption: Used to conceal small blocks of data, such as
encryption keys and hash function values, which are used in digital
signatures.
3. Data integrity algorithms: Used to protect blocks of data, such as
messages, from alteration.
4. Authentication protocols: These are schemes based on the use of
cryptographic algorithms designed to authenticate the identity of entities.
 Basic definitions
1. Computer Security - generic name for the collection of tools
designed to protect data and to thwart hackers

2. Network Security - measures to protect data during their

transmission

3. Internet Security - measures to protect data during their

transmission over a collection of interconnected networks
Computer Security: The protection afforded to an automated information system in order to attain the
applicable objectives of preserving the integrity, availability, and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
NIST standard FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems)
lists confidentiality, integrity, and availability as the three security objectives for information and for information
systems. Although the use of the CIA triad to define security objectives is well established, some in the security
field feel that additional concepts are needed to present a complete picture as shown in figure 1.

Confidentiality: Preserving authorized restrictions on information

access and disclosure, including means for protecting personal
privacy and proprietary information.
Integrity: Guarding against improper information modification or
destruction, including ensuring information nonrepudiation and
authenticity.
Availability: Ensuring timely and reliable access to and use of
information.
Authenticity: The property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a
message, or message originator.
Accountability: The security goal that generates the requirement for Figure 1. Essential Network and Computer
actions of an entity to be traced uniquely to that entity. Security Requirements
 OSI Security Architecture
➢ To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the approaches
to satisfying those requirements.
➢ X.800, Security Architecture for OSI, defines such a systematic approach.4 The OSI security
architecture is useful to managers as a way of organizing the task of providing security The
OSI security architecture focuses on security attacks, mechanisms, and services.

Security attack: Any action that compromises the security of information owned by an
organization.

Security mechanism: A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.

Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization.
 Security Attack
It can be classified as two generic types of attacks
❑ Passive attack attempts to learn or make use of information from the system but does not
affect system resources.
❑ Active attack attempts to alter system resources or affect their operation.
 Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted.
 Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream
and can be subdivided into four categories: masquerade, replay, modification of messages,
and denial of service.
Model for Network Security
Model for Network Access
Security
 Chapter 3

Classical Encryption Techniques

By WILLIAM STALLING
 Basic terminology
1) plaintext - original message
2) ciphertext - coded message
3) cipher - algorithm for transforming plaintext to ciphertext
4) key - info used in cipher known only to sender/receiver
5) encipher (encrypt) - converting plaintext to ciphertext
6) decipher (decrypt) - recovering plaintext from ciphertext
7) cryptography - study of encryption principles/methods
8) cryptology - field of both cryptography and cryptanalysis
 Symmetric encryption
✓ Symmetric encryption uses a single key to encrypt and decrypt.
✓ It is also referred to as conventional encryption or single-key encryption.

A symmetric encryption scheme has five ingredients (as shown in next figure):
1. Plaintext: This is the original intelligible message or data that is fed into the algorithm as
input.
2. Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
3. Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message, two different keys will produce two different
ciphertexts.
5. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes
the ciphertext and the secret key and produces the original plaintext.
Symmetric Cipher Model
Two requirements for secure use of symmetric encryption:
➢ a strong encryption algorithm
➢ a secret key known only to sender / receiver
 Cryptography
➢ It is the art and science of achieving security by encoding
messages to make them non-readable.
Readable text Cryptographic Non-readable text
system
➢ It is characterized as:
⚫ type of encryption operations used
• substitution / transposition / product
⚫ number of keys used
• single-key or private / two-key or public
⚫ way in which plaintext is processed
• block / stream
 Cryptanalysis
➢ It is a technique of decoding messages from a non-readable
format back to readable format without even knowing that how
they are initially converted from readable to non-readable
format.
➢ The objective is to recover key not just message.
➢ General approaches to attack a conventional encryption
scheme:
(1) cryptanalytic attack (codebreaking, trial and error based system) -
study of principles/ methods of deciphering ciphertext without knowing key
(2) brute-force attack – An attack, where the attacker attempts to use all
possible permutation and combination of the key until an intelligible translation into
plaintext is obtained.
 Cryptanalytic Attacks
➢ ciphertext only
⚫ only know algorithm & ciphertext, is statistical, know or can identify
plaintext
➢ known plaintext
⚫ know/suspect plaintext & ciphertext
➢ chosen plaintext
⚫ select plaintext and obtain ciphertext
➢ chosen ciphertext
⚫ select ciphertext and obtain plaintext
➢ chosen text
⚫ select plaintext or ciphertext to en/decrypt
CRYPTOGRAPHY + CRYPTANALYSIS = CRYPTOLOGY