IT2006

Security and Cryptography

Security Goals and Services (Ibe, 2018 & Forouzan, 2013)

• Confidentiality is the art of ensuring that data is kept private and accessed only by the intended recipient. It
does not only apply to the storage of information, but it also applies to the transmission of information.
o It is when we send a piece of information to be stored in a remote computer , or when we retrieve a
piece of information from a remote computer, we need to conceal it during transmission.
o It is accomplished through encryption.
• Integrity is the art of ensuring that data is transmitted from source to destination without alteration . It means
that changes need to be done only by authorized entities and through authorized mechanisms.
o It is accomplished with the use of a digital signature, which is a way to know that an electronic
document is legit and authentic.
• Availability is the information created and stored by an organization that needs to be available to authorized
entities. Information is useless if it is not available. Information needs to be constantly changed, which means
it must be accessible to authorized entities.
• Authentication is the process of verifying that the user is exactly who he claims to be.
o Single-factor authentication is usually done through the use of passwords or user IDS.
o Two-factor authentication is a two-step verification that provides an extra layer of security beyond
user ID and password, usually with a software code generator or a hardware-based login key.

Network Attacks (Ibe, 2018 & Forouzan, 2013)

It is an intrusion on network infrastructure.
o The attacker first analyzes the environment and collects information in order to exploit the existing open ports
or vulnerabilities.
o An attack can be performed either from outside of the organization by an unauthorized entity or from within
the company by an “insider” that already has some access to the network.

Attacks Threatening Confidentiality

• Snooping refers to unauthorized access to or interception of data.
• Traffic Analysis. Although encipherment of data may make it unintelligible for the interceptor, she can obtain
some other types of information by monitoring online traffic.
Attacks Threatening Integrity
• Modification. After intercepting or accessing information, the attacker modifies the information to make it
beneficial to herself.
• Masquerading happens when the attacker impersonates somebody else.
• Replaying. The attacker obtains a copy of a message sent by a user and later tries to replay it.
• Repudiation. This type of attack is different from others because it is performed by one of the two parties in
the communication: the sender or the receiver.
Attacks Threatening Availability
• Denial of Service (DoS) may slow down or totally interrupt the service of a system.

Examples of Network Attacks

• Network sniffing (packet sniffing) is a process of capturing the data packets traveling in the network. It is used
by IT professionals to analyze and monitor the traffic to find such things as unexpected suspicious traffic.
o It is also used by attackers to collect data sent in clear text that is easily readable.
o In this case, the intent is to gather login names and passwords used to access the network.
• Spoofing is a process by which an intruder masquerades as a trusted user in order to gain unauthorized access
to a secure environment.
o One of the purposes of spoofing in a corporate environment is to be able to conduct unauthorized
business with another company’s clients.
o Examples:

07 Handout 1 *Property of STI

 [email protected] Page 1 of 3
 IT2006

▪ IP address spoofing is a process of creating IP packets with forged source IP address to

impersonate a legitimate system. This kind of spoofing is often used in denial -of-service
(DoS) attacks.
▪ ARP spoofing is a process of sending fake ARP messages in the network. The purpose of this
type of spoofing is to associate the MAC address with the IP address of another legitimate
host, causing traffic redirection to the attacker’s system.
▪ DNS spoofing is an attack where the wrong data is inserted into the DNS server cache,
causing the DNS server to divert the traffic by returning wrong IP addresses as the results for
client queries.
• Man-in-the-middle (MITM) attack is an attack that involves placing a software agent between the client and
server ends before or during a communication session.
o With neither party being aware of the presence of the malicious agent, the agent simply relays the
data transmissions between client and server as though nothing is happening.
o A replay attack is a variation on the man-in-the-middle attack. In this case, an agent is once again
placed within the client-server line of communication where it records the transaction data. The
express purpose is to allow the data to be modified and replayed to the server at a later time for evil
purposes.
• Denial-of-Service (DoS) is an attack that is aimed at preventing unauthorized users from accessing services on
the network.
o How does DoS disrupt the network?
▪ A DoS attack can be in the form of flooding the network with invalid data until traffic from
authorized network users cannot be processed.
▪ It can also be in the form of disrupting communication between hosts and clients through
the modification of system configurations.
▪ It can be in the form of causing physical network destruction, such as crashing a server or
router in the network.
o An attacker can initiate a DoS attack from multi ple computers or systems. This type of attack is called
a distributed denial-of-service attack (DDoS), which is more difficult to deal with than an attack that
is initiated from one system.
• Trojan horse is a program that installs malicious software while under the guise of doing something else.
Similar to the mythical Trojan horse, the malicious code is hidden in a computer program or other computer
file that may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When the
unsuspecting user executes this computer program or file, the malicious code is also executed, resulting in the
installation of the malicious Trojan horse program.
• Session hijacking refers to the exploitation of a valid computer to gain unauthorized access to information or
services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to
authenticate a user to a remote server.
• Phishing is an attack in which the attacker attempts to fraudulently acquire sensitive information, such as
usernames, passwords, and credit card details, by masquerading as a trustworthy entity in a communication
session. It is typically carried out by e-mail or instant messaging and often directs users to give details on a
website.

Cryptography Terminologies (Ibe, 2018)

• Encryption is a method of concealing information from a recognizable text into encrypted form.
o Encryption transforms readable text, called plaintext (or cleartext), into an unintelligible form, called
ciphertext, using an encryption algorithm.
o The purpose of an encryption algorithm is to scramble a message so that it remains secure even if the
ciphertext is transmitted over a nonsecure medium.
• The process of recovering a plaintext from its ciphertext is called decryption.
• A system that encrypts and decrypts information is called a cryptosystem.
o The art of creating and using cryptosystems is called cryptography, while the art of breaking
encrypted messages (usually by intruders) is called cryptanalysis.
o The study of cryptography and cryptanalysis is called cryptology.

07 Handout 1 *Property of STI

 [email protected] Page 2 of 3
 IT2006

Cryptographic Systems (Ibe, 2018)

Both encryption and decryption use a key, in which in the cryptographic sense, is a long string of characters that
permits a cryptosystem to encrypt or decrypt information in a distinct way.

• Symmetric Cryptosystems

Figure 1. Example of a Symmetric Cryptosystem.

o The same key is used for encryption and decryption.

o Both the originator and the recipient of a message must know the key, which is either known to the
recipient through some prior arrangement or communicated in parallel with the ciphertext.

• Public-Key Cryptosystems (or Asymmetric Cryptosystems)

Figure 2. Example of an Asymmetric Cryptosystem.

o A public-key cryptosystem uses one key (public-key) for encryption and another key (private-key) for
decryption. Each user is assigned a pair of unique and mathematically related keys: a public key and a
private key.
o The private key is a secret key that is available only to the owner, and the public key i s published.

References:
Forouzan, B. (2013). Data communications and network. McGraw-Hill.
Ibe, O. (2018). Fundamentals of data communication networks (1 st ed.). Wiley & Sons, Inc.
Simply Explained. (2017, October 30). Asymmetric Encryption – Simply explained [Video]. YouTube.
https://www.youtube.com/watch?v=AQDCe585Lnc

07 Handout 1 *Property of STI

 [email protected] Page 3 of 3