CRYPTOGRAPHY AND SYSTEM SECURITY

UNIT 1
Number Theory and Basic Cryptography
 What is Security?
• Security is a continuous process of protecting an
object from attack.
Eg: person , organization like business, computer
system or file, Distributed computer system.

• Security means preventing unauthorized access, use,

alteration, and theft or physical damage to these
resources.

4
 Objectives
Objective of this chapter has:
1) To define security goals.
2) To define security attacks that threaten security
goals.
3) To define security services & how they are related
to the security goals.
4) To define security mechanism to provide security
services.

5
Threat & vulnerability
 Security Goals
• Security defined the three elements:

1) confidentiality-: To prevent unauthorized disclosure of

information to third parties.
2) Integrity-: To prevent unauthorized modification of resources.
3) Availability-: To prevent unauthorized withholding of system
resources from those who need them when they need
them.(means resource should be available to authorized
parties at all times)

fig : Security Goals

8
• Computer security seeks to prevent unauthorized
viewing (confidentiality) or modification (integrity) of
data while preserving access (availability).
 The Vulnerability–Threat–Control
Paradigm
• A vulnerability is a weakness in the system, for
example, procedures, design, or implementation,
that might be exploited to cause loss or harm.
• For example, a particular system may be vulnerable
to unauthorized data manipulation because the
system does not verify a user’s identity before
allowing data access.
• A threat to a computing system is a set of
circumstances that has the potential to cause loss or
harm.
• A control is an action, device, procedure, or
technique that removes or reduces a vulnerability
• A threat is blocked by control of a vulnerability.
Impersonation::an act of pretending
to be another person for the purpose
of fraud.
Computer criminals
 Security Attacks
Security attacks

Passive attack Active attack

1)Release of message contents 1) masquerade
2) Traffic analysis 2) replay
3) modification of message
4) denial of service

14
 Passive Attack
• A passive attack attempts to learn or make use of
information from the system but does not affect
system resources.

Types of Passive Attack :

1) Release of message -: a telephone conversation, an

electronic mail message, transferred files may
contain sensitive or confidential information. We
would like to prevent an opponent from learning
the contents of these transmission.
15
16
2) Traffic Analysis-: we had a way of masking the contents of message or
other information traffic so that opponents could not extract the information
from the message. In a traffic analysis attack, a hacker tries to access the same
network as you to listen (and capture) all your network traffic. From there, the
hacker can analyze that traffic to learn something about you or your company.
So, unlike with other, more popular attacks, a hacker is not actively trying to
hack into your systems or crack your password. Therefore, we classify this
attack as a passive attack.
eg wireshark

17
• Passive attacks are very difficult to detect.
• Neither the sender nor receiver is aware that a third
party has read the message or observed the traffic
pattern.
• Emphasis in dealing with passive attack is on
prevention rather than detection.

18
 Active Attacks-:
• Active Attack-: an active attack attempts to alter
system resources or affect their operation
1. A masquerade-: takes place when one entity
pretends to be a different entity.

19
2. Replay-: The attacker obtains a copy of massage sent
by a user & later tries to replay it.

20
3. Modification of Messages-: Means that some portion of a legitimate
message is altered or that messages are delayed .

21
 4. The Denial of Service-: Makes an attempt to prevent
legitimate users from accessing some services, which they are
eligible for.

22
5. Repudiation-: this type of attack is different from
others because it is performed by one of the two
parties in the communication i.e the sender or
receiver.
• the sender of the message might later deny
that she has sent the message or the receiver of the
message might later deny that he has received
message.

23
Fig : Attacks with relation to security goals

24
Fig : Classification of Passive & Active attack

25
Security Services

Fig-: Security Services

26
Fig : Security Mechanism

27
 Security Mechanism
1. Encipherment-: hiding or covering data can provide
confidentiality. Two technique used for encipherment is
cryptography, stegenography
(Steganography is the practice of concealing a file, message, image,
or video within another file, message, image, or video.
Steganography requires two files: one is the message which has to be
hidden, the other is the cover file which is used to hide the
date/message.)
(In cryptography, one can tell that a message has been encrypted,
but he cannot decode the message without knowing the proper key. )
2. Data Integrity-:added short check value, the receiver receives the
data and the check value, he creates a new check value from
received data and compares the newly created check value with
the one received. If two check value are same that means
integrity of data has been preserved.
3. Digital Signature-: DS is a mean by which the sender can
electronically sign the data and receiver can electronically verify
the signature.
4. Authentication Exchange-: Two entities exchange some message
to provide their identity to each other.
28
5. Traffic Padding-: Inserting some bit of data into the
data traffic to avoid the adversary's attempt to use the
traffic analysis.
6. Routing control-: Selecting and continuously
changing different available routes between the sender
and the receiver to prevent the opponent from
eavesdropping.
7. Notarization-: means selecting a third trusted party
to control the communication between two entities.
8. Access control-: access control use methods to prove
that a user has access right to the data or resources
owned by a system. Eg-: passwords & PINs

29