0% found this document useful (0 votes)
16 views50 pages

Computer Security

The document discusses computer security and threats. It covers security goals of confidentiality, integrity and availability. It describes common security vulnerabilities in hardware, software and data. It also explains different types of threats and attacks that can compromise security goals like disclosure, deception, disruption and usurpation attacks.

Uploaded by

x21e0day
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
16 views50 pages

Computer Security

The document discusses computer security and threats. It covers security goals of confidentiality, integrity and availability. It describes common security vulnerabilities in hardware, software and data. It also explains different types of threats and attacks that can compromise security goals like disclosure, deception, disruption and usurpation attacks.

Uploaded by

x21e0day
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 50

Computer Security All In One

Computer security Introduction changing them , removing them , intercepting the traffic
to them , or flooding them with traffic until they can no
Computer security is the process of preventing and longer function. Computers have been drenched with
detecting unauthorized use of your computer. Privacy is water , burned , frozen , gassed and electrocuted with
the process of protecting he’s or her own personal files power surges.
against any intrusion. Prevention measures help you to
stop unauthorized users (also known as “intruders”) from Software Vulnerability :- Software can be replaced ,
accessing any part of your computer system. Detection changed or destroyed maliciously , or it can be modified ,
helps you to determine whether or not someone attempted deleted or misplaced accidentally. Whether intentional or
to break in to your system , if they were successful and not , these attacks exploit the software’s vulnerabilities.
what they may have done.
Sometimes , the attacks are obvious , as when the
Data security is the practice of keeping data protected software no longer runs. More subtle are attacks in which
from corruption and unauthorized access. The focus the software has been altered but seems to run normally.
behind data security is to ensure privacy while protecting
personal or corporate data. Information Technology Data vulnerability :- A data attack is more widespread and
Security is the process of protecting computer networks , serious problem than either a hardware or a software
programs and data from unintended or unauthorized attack. A data items have greater public value than
access , change or destruction. hardware and software because more people know how to
use or interpret data.
Why do we care about computer security ? Our modern
ways of communication provide a lot of examples of Policies and mechanisms :- Policy is a statement of what
critical situations involving security issues. To illustrate , is, and what is not allowed by users of a system.
communication by phone , be email or by fax , getting Mechanisms is a method , tool or procedure for enforcing
connected to a bank via the internet and performing a security policy.
transactions , digital payment systems , e-voting systems ,
this all demands confidentiality and integrity of Security controls :- controls or counter measures that
exchanged information. attempt to prevent exploiting a computing system’s
vulnerabilities.

Security Goals :- Confidentiality , Integrity , Availability


A) Authentication :- is a process of binding an identity to
Confidentiality (secrecy or privacy) :- It ensures that a subject. Validates the source of a message , to ensure the
computer related assets are accessed only by authorized sender is properly identified. Sender , receiver want to
parties. Confidentiality is sometimes called secrecy or confirm the identity of each other.
privacy , only authorized entities are allowed to view ,
only sender and intended receiver should understand Authentication in computer security is the process of
message contents. verifying the identity of a user or a device before granting
access to a system or resource. The purpose of
Integrity :- Information needs to be changed constantly. authentication is to ensure that only authorized
Integrity means that changes need to be done only by individuals or devices are granted access to sensitive
authorized entities and through authorized mechanisms or information , applications or systems.
assets can be modified only by authorized parties or only
in authorized ways. Ensures the message was not altered Authentication typically involves the user of credentials
by unauthorized individuals. and password , a smart card or biometric factor like a
finger print , that are verified by the system before
Availability :- It means that assets are accessible to granting access. This process can be performed locally on
authorized parties at appropriate times. The information the device or through a remote authentication server.
created and stored by an organization needs to be
constantly changed , which means it must be accessible to
authorized entities. It assures that system works promptly B) Encryption
and service is not denied for authorized users.
C) Auditing
Vulnerability :- is a weakness In the security system.
Weakness can appear in any element of a computer , both D) Standards
in the hardware , operating system and the software.

Hardware Vulnerabilities :- Hardware is more visible than


software. It is rather simple to attack by adding devices ,
CHAPTER TWO
Threats and Attacks :- is a potential violation of security , Threat to confidentiality :-
it is any person , act or object that poses a danger to
computer security / privacy. The fact that the violation snooping :- refers to unauthorized access to or
might occur means that those actions that could cause it to interception of data
occur must be guarded against (or prepared for) and those
actions are called attacks. Those who execute such actions Traffic Analysis :- refers to obtaining some other type of
, or cause them to be executed are called attackers. information by monitoring online traffic.

Types of threats :- The four types of attacks that are Attacks threaten Integrity :-
commonly referred to as the “4D’s” of security are
disclosure , deception , disruption , and usurpation. These Modification :- means that the attacker intercepts
categories are used to classify different types of attacks the message and change it.
based on their objectives and methods.
Masquerading or spoofing :- happens when the
1) Disclosure Attacks :- unauthorized access to attacker impersonates somebody else.
information (also called snooping or interception) : they
are aimed at stealing sensitive information or data. Replaying :- Replaying means the attacker obtain
a copy of a message sent by a user and later tries to reply
2) Deception Attacks(spoffing) :- acceptance of false it.
data , this attacks are aimed to misleading or tricking
users in to taking actions that benefit the attacker , Repudiation :- In computer security repudiation
examples of deception attacks includes phishing scams , refers to the act of denying responsibility or involvement
fake websites. in a particular action or transaction. Specifically ,
repudiation refers to an attack in which an individual
3) Disruption Attacks :- Interruption or prevention of denies having performed a particular action or transaction
correct operation (Modification , unauthorized change of that they actually did perform.
information ) :- this attacks are aimed at disrupting or
disabling the normal operations of a system or a network. For example :- In the context of online transactions ,
repudiations may occur when a user denies having
4) Usurpation attacks :- unauthorized control of some part authorized a particular purchase or transaction , even
of a system , these attacks are aimed at gaining though they actually did authorize it. This can occur if the
unauthorized access to a system network. Example :- transaction was not properly logged or recorded , or of
stealing login credentials. Example :- deny of service , it the user’s credentials were stolen or compromised.
is a process of blocking legitimate users from the system.
Repudiation attacks can have serious consequences ,
An attack is a security threat that involves an attempt to particularly in situations where financial transactions or
obtain , alter , destroy , remove , implant or reveal legal agreements are involved. To prevent repudiation
information without authorized access or permission. It attacks , systems often use techniques such as digital
happens for both individuals and organizations. The goal signatures , transaction logs , and audit trails to provide
of security confidentiality , integrity , availability , strong evidence of who performed a particular action or
authentication or non-repudiation can be threatened by transaction , and to prevent users from denying their
security attacks. involvement or responsibility.

Taxonomy of attacks with relation to security goals.


Attacks threaten Availability :-
- Threat to confidentiality
- Threat to Integrity Denial of service (DOS):- is a very common attack , it
- Threat to availability may slow down or totally interrupt the service of a
system.

WHAT IS SNOOPING IN COMPUTER SECURITY

Snooping in computer security refers to the unauthorized


access of data transmitted over a network or stored on a
computer system. It is an activity in which an individual
or software intercepts and examines network traffic or
data packets without the owner’s consent.

WHAT IS SPOOFING IN A COMPUTER SECURITY


spoofing in computer security is the act of falsifying 3) Delay :- Could be classified as an attack on availability
information to deceive or trick a user , a network or a
system in to believing that the attacker is someone or 4) Denial of service (DOS) :- or degrading of service or
something else. It is a type of cyber-attack where the interruption :- An attack on availability
attacker creates a fake identity or impersonates a
legitimate one to gain access to sensitive data or to =========================================
perform unauthorized actions.
1) Spoofing or Masquerading ;- situation in which one
Spoofing can be done in various ways , including email person or program successfully imitates another
spoofing , IP spoofing. In email spoofing , the attacker (impersonation) by falsifying data and thereby gaining an
send an email that appears to come from a legitimate illegitimate advantages.
source , such as a bank or a government agency , to trick
the recipient in to providing personal or financial 2) Modification or Alteration :- An authorized change of
information. information :-

TYPES OF ATTACKS : ONE WAY OF 3) Delay :- A temporary inhibition of a service , is a form


CATEGORIZING ATTACKS IS AS PASSIVE AND of usurpation. If an attacker can force the delivery to
ACTIVE make more time for a message through manipulation of
system control structures , such as network components or
Passive Attacks :- A passive attack is a type of attack in server components.
which the attacker attempts to obtain information from a
system without modifying or disrupting its operations. 4) Denial of service (DOS) :- OR degrading of service
attacks :-
There are two types of passive attacks : release of
message contents (or sniffing) and traffic analysis Attackers make resources (server , bandwidth)
unavailable to legitimate traffic by overwhelming with
Release of message contents(sniffing) :- A telephone bogus traffic , it is blocking access (prevention) of
conversation , an electronic mail message , and a legitimate users to a service / system , it is a form of
transferred file may contain sensitive or confidential usurpation.
information , we would like to prevent an opponent from
learning the contents of these transmission. It is a type of Active attacks are easy to detect but difficult to prevent.
passive network attack where an attacker uses a software
tool or device to capture data packets transmitted over a
network.

Traffic analysis :- to determine the location and identity of


communicating hosts and to observe the frequency and
length of messages being exchanged (even if the message
is encrypted). This information might be useful in
guessing in nature of the communication that was taking
place.

Note :- Passive attacks are difficult to detect but easy to


prevent. TYPES OF THREATS / ATTACKS – ANOTHER WAY
OF CATEGORIZING ATTACKS
Active Attack :- An active attack is a type of attack in
which the attacker attempts to modify or disrupt the - Physical Attack :- stealing , breaking , or damaging of
normal operations of a system. In active attacks , the computing devices
attacker tries to alter , destroy , or steal data , or gain
unauthorized access to a system. Denial of service (DoS) Attack :-

The transmitted data is fully controlled by the intruder , Malware Attack :- Malware attack is a type of cyber
the attacker can modify , extend , delete or play any data , attack that involves the user of malicious software to gain
modify messages in transmit , Add , delete messages , unauthorized access or cause damage to a computer
denial of service. system or network. Malware is a broad term that refers to
any software designed to harm or exploit a computer
Categories of Active Attacks :- system.

1) Spoofing or Masquerading :- also called fabrication , Hacking (Intrusion) Attack


an attack on authenticity.
Is any attempt to intrude or gain unauthorized access to
2) Modification or Alteration :- An attack on integrity your system either via some operating system flaw or
other means. The purpose may or may not be malicious.
Hacker is any skilled computer expert that use their download and install them , often by disguising
knowledge to overcome a problem. It can be expert themselves as a harmless or legitimate file or program.
programmer more commonly used to refer to someone
who can gain unauthorized access to other computers. Trojans are also different from worms in that they do not
spread independently across network or the internet.
Ethical Hacker (White Hat) :- A hacker who gains access Instead , they are typically spread through social
to system with a view of to fix the identified weakness. engineering tactics , such as phishing emails , or by
They may also perform penetration , testing and exploiting vulnerabilities in software or operating
vulnerability assessment. systems.

Cracker (Black Hat) :- A hacker who gains unauthorized To protect against Trojans , it is important to use antivirus
access to computer system for personal gain. The intent is software and keep software and operating systems up to
usually to steal corporate data , violate privacy of rights , date with security patches. Additionally , it is essential to
transfer funds from bank account etc …. be cautious when downloading files or programs from
unknown sources and to avoid opening email attachments
Grey Hat (both ) :- A hacker is in between ethical and or clicking on links from unknown senders.
black hat hackers. She / he breaks in to computer system
without authority with a view to identify weakness and Spyware
reveal them to the system owner.
A software that literally spies on what you do on your
Malware Attack :- computer.

Examples are :- Viruses , Worms , Trojan horses , Spyware is a type of malicious software (malware) that is
Spywares , Login bombs designed to monitor a user’s computer activity and gather
sensitive information , often without the user’s knowledge
Computer Viruses :- A computer virus is a type of or consent. Spyware can track key strokes , capture
malicious software (malware) that is designed to replicate screenshots , record web browsing history , and steal
itself and spread from one computer to another , often personal information such as login credentials and credit
without the user’s knowledge or consent. Computer card numbers.
viruses are typically spread through email attachments ,
file downloads , infected websites and other types of Cookies :- Any data that the cookie saves can be retrieved
malware. To protect against computer viruses , it is by any website , so your entire internet browsing history
essential to use reliable antivirus software and keep can be tracked.
software and operating systems up to date with security
patches. Key Loggers :- Record all of your key strokes , the most
common use of a key logger is to capture usernames and
Worms :- A worm is a type of malicious software passwords.
(malware) that is designed to spread across a network or
the internet , often without the user’s knowledge or A key logger , also known as keystroke or keystroke
consent. Unlike viruses worms do not need to attach recorder , Is a type of software or hardware device that is
themselves to a host file or program to spread. Instead , designed to record every keystroke made on a computer
they can self – replicated and spread independently by or mobile device. This includes every letter , number and
exploiting vulnerabilities in computer networks and symbol typed on a keyboard , as well as mouse clicks and
software. other input methods.

The main difference between worms and viruses in the Hardware key logger are physical devices that can be
way they spread. Viruses require a host file or a program attached to keyboard or USB port to record keystrokes
to attach themselves to spread , while worms can spread while software key loggers are programs that run in the
independently. background of a computer or mobile device and record
key strokes.
It often creates a denial of service.
Spyware is different from viruses , worms , and Trojan
Trojan Horses :- horses in that it does not usually cause damage to a
computer system. Instead it is focuses on gathering
A trojan horse or Trojan , is a type of malware that is information from the user. While viruses , worms , and
disguised as a legitimate file or program , but once Trojan horses can cause damage to a computer system ,
installed on a computer , it can perform malicious actions. spyware is designed to operate in the background and
Trojan can be designed to steal sensitive information , remain undetected for as long as possible.
create back doors for hackers to gain access to a computer
or network or cause damage to a computer system.
Trojans are different from viruses and worms in several Legal uses of spyware
ways , unlike viruses , Trojans do not self replicated or Positive sides of spyware
infect other files or programs instead they rely on users to
creator can ensure that the logic bomb remains
Employers may use spyware as a means of dormant until the desired trigger event occurs ,
monitoring employee use of company technology making it more difficult for security measures to
detect and prevent its execution.
Parents may use this type of software on their However , identifying the specific condition can also be a
computer to monitor the activities their children key factor in detecting and preventing the logic bomb. By
on the internet to protect their children from understanding the potential trigger events for a logic
bomb , security professionals can implement monitoring
online predators.
and alerting systems to identify and respond to any
unusual or suspicious behavior that may indicate the
Adware presence of a logic bomb.

Adware is a type of software that displays tips to avoid virus and spyware attacks ?
unwanted advertisements on a user’s computer or
mobile device. Adware is often bundled with 1. Keep your operating system and software
other software and installed without the user’s up to date: Make sure that your
knowledge or consent. The ads displayed by computer's operating system and all
adware can take various forms , such as pop- installed software are up to date with the
ups , banners and sponsored search results. latest security patches and updates.

Adware is different from viruses , worms and 2. Be cautious when downloading files or
spyware in that it does not usually cause harm to software: Only download files and
a computer or steal sensitive information. Instead software from reputable sources, and
, it is designed to generate revenue for its
avoid clicking on links or downloading
creators by displaying ads and collecting user
attachments from unknown senders.
data , such as web browsing history and search
queries. 3. Be cautious when opening email
attachments: Don't open email attachments
Logic Bomb
from unknown or suspicious senders, as
Software that lays dormant until some condition they may contain viruses or other
is met ; that condition is usually a data and time malware.
, when the condition is met , the software does
4. Use strong passwords: Use complex
some malicious act such as deleting files ,
altering system configuration or perhaps releasing passwords and two-factor authentication
a virus. to protect your accounts from
unauthorized access.
A specific condition is a requirement for a logic
bomb to be created , as It determines when the 5. Be cautious when using public Wi-Fi:
malicious code will be activated. The condition Avoid using public Wi-Fi for sensitive
can be based on various factors , such as a activities such as online banking or
particular date or time , the occurrence of a shopping, as these networks may be
specific event or a certain user action. unsecured and vulnerable to attack.

For example , a logic bomb might be 6. Use a virtual private network (VPN): Use
programmed to activate when a specific employee a VPN when using public Wi-Fi or
is terminated or when a particular file is accessing sensitive information online to
accessed. This specific condition is included in add an extra layer of security.
the logic bomb’s code and will cause it to
execute the harmful action once the condition is 7. Back up your data regularly: Back up
met. important files and data regularly to
protect against data loss in the event of a
The specific condition is often chosen by the
virus or spyware attack.
creator of the logic bomb to maximize its
potential impact and to make It difficult to
detect. By selecting a unique condition , the
8. Use ad-blocking software: Use ad-blocking CHAPTER THREE
software or browser extensions to
Cryptography is the practice of securing information by
minimize the risk of unwanted ads, which transforming it in to unreadable format using
may contain spyware or other types of mathematical algorithms and methods. It involves
malware. techniques for confidentiality , integrity , and
authentication of data , ensuring that only authorized
9. Be vigilant and skeptical: Always be individuals can access and use of the information.
skeptical of emails, websites, and other
The primary goal of cryptography is to protect sensitive
online content that seems too good to be information from being intercepted , read or modified by
true, and be cautious of unsolicited offers unauthorized individuals. This is accomplished by
encoding the information using a key , which is a set of
or requests for information.
instructions used to transform the data in to a secure
format. The key is kept secret and only those who have
the key can decode the information back to its original
IDENTITY THEFT form.

PHISHING Cryptology :- It’s name is derived from Greek word called


“Kryptos” which means “Hidden Secrets”. It’s is an art
Phishing is a type of cyber attack that involves the use of and science of secret writing. Or it is the science of using
fraudulent emails or messages to trick individuals in to mathematics for encrypting and decrypting data.
divulging sensitive information , such as login
credentials , credit card numbers or personal data. Encryption :- The process by which the plain text is
Phishing attacks typically use social engineering tactics to converted in to cipher text
create a sense of urgency or fear in the victim , in order to
persuade them to click on a link or download an Decryption :- Recovering plain text from the cipher text
attachment that contains malware or directs them to a fake
website that is designed to steal their information. Secret Key :- In cryptography , a secret key (also know
as symmetric key ) is a shared secret between two or more
Phishing attacks can take many forms, including emails parties that is used to encrypt and decrypt information.
The secret key is a single key that is used both to encrypt
that appear to be from legitimate organizations, such as
and decrypt data , meaning that the same key is used for
banks, social media platforms, or government agencies. both processes.
These emails may contain convincing logos, graphics, and
language that make them appear genuine, and may ask the What is secret key ?
recipient to update their account information, verify their
identity, or take other actions that require the disclosure of In cryptography a secret key or shared key is a type of
personal information. cryptographic key that is used fo both encryption and
decryption of data. This means that the same secret key is
To protect against phishing attacks, it's important used for both encrypting and decrypting the data.
to be cautious when receiving emails or messages
The secret key is kept private and must be shared only
from unknown or suspicious sources, and to between the sender and the receiver of the encrypted data.
avoid clicking on links or downloading The security of the encrypted data depends on the security
of the secret key.
attachments from these sources. It's also essential
to keep software and operating systems up to When using symmetric key cryptography , the same
date with security patches and to use reliable secret key is used for both to encrypt and decrypt the
antivirus software to protect against malware. data , this means that the sender and the receiver must
have both access to the same key. This can be a challenge
Finally, it's important to educate yourself and if the sender and the receiver are not in direct
others about the risks of phishing attacks and to communication with each other.
remain vigilant and skeptical of unsolicited
One solution to this problem is to use public key
requests for information. cryptography , which uses a pair of keys , a public key for
encryption and a private key for decryption , in this
system the public key can be freely distributed while the
private key is kept secret , this allows anyone to send
encrypted messages to the owner of the private key ,
without the need for a shared secret key.
The process of using a secret key to encrypt and decrypt THE NEED FOR CRYPTOGRAPHY
information is known as symmetric key cryptography.
The encryption process takes the original message and If you have the best firewall , very tight security policies ,
transforms it in to cipher text using the secret key. The hardened operating systems , virus scanners , intrusion-
cipher text can only be decrypted back to the original detection software , anti spyware and every other
message using the same secret key. computer security angle covered but send your data in
raw , plain text , then you simply are not secure
The strength of the encryption provided by a secret key
depends on the length of the key and the complexity of Description :-
the encryption algorithm used. Longer keys and more
complex algorithms make it more difficult for an attacker * A sender S wants to transmit message M to a receiver R
to guess the key and decipher the message. * To protect the message M , the sender first encrypts it in
to unintelligible message M’
How are we going to use this secret key for both the * After receipt of M’ , R decrypts the message to obtain M
encryption and decryption purposes ? * M is called the plain text : what we want to encrypt
* M’ is called the cipher text : the encrypted output
In a symmetric key cryptography system , the same secret
key is used for both encryption and decryption of data. What is Steganography in cryptography ?
Here is how the key is used :-
Steganography is the practice of hiding a message or
1) Encryption :- To encrypt the data , the sender uses the information with in another object or a medium , such as
secret key to scramble the plain text in to the cipher text , an image , audio file , or text document , in order to keep
the cipher text is then sent to the receiver. the message secret. In the context of cryptograph ,
steganography can be used as a technique for secure
2) Decryption :- To decrypt the data , the receiver uses the communcation by embedding a secret message within a
same secret key to unscramble the cipher text back in to seemingly innocuous cover medium.
the plain text.
For example , In image steganography , a message can be
Cryptography has five ingredients :- hidden with in the pixels of an image file by slightly
altering the values of the pixels to encode the message.
Plain Text :- The original message that is fed in to the The changes are usually small enough to be imperceptible
algorithm as input. to the human eye , but can still be detected and extracted
by a recipient who knows how to decode the message.
Encryption Algorithm :- Performs various substitutions
and transformations on the plain text. Notation :- Given
P = Plain Text
Secret Key ( Smmetrical Key) :- is also input to the C = Cipher Text
algorithm : the exact substitutions and transformations
performed by the algorithm depend on the key ; the larger C = Ek(P) Encryption
key size means greater security but may decrease P = Dk(C) Decryption
encryption / decryption speed.
=> P = Dk(Ek(P))
Cipher Text :- the scrambled message produce as output. => C = Ek(Dk(C))
It depends on the plain text and the secret key : for a
given message , two different keys will produce two TYPES OF CRYPTOGRAPHY
different cipher texts.
1) SYMMETRIC KEY CRYPTOGRAPHY
2) ASYMMETRIC KEY CRYPTOGRAPHY
Decryption Algorithm :- the encryption algorithm run in
reverse. It takes the cipher text and the same secret key SYMMETRIC KEY CRYPTOGRAPHY
(in symmetric key cryptography ) and produces the
original plain text. Symmetric encryption is a form of crypto system in which
encryption and decryption are performed using the same
key. It is also known as conventional encryption.
Symmetric encryption transforms plain text in to cipher
text using a secret key and an encryption algorithm. Using
the same key and a decryption algorithm. Using the same
key and a decryption algorithm , the plain text is
recovered from the cipher text.

Symmetric ciphers are a type of cryptography that uses a


shared secret key to encrypt and decrypt the messages. In
traditional symmetric ciphers , such as the ones used
before the advent of computers , there were two main In this example , the letter H is shifted three positions
techniques used to perform the encryption , these are down to become K , E is shifted three positions to become
substitution and transposition. H , L is shifted three positions to become O , and so on.
The resulting cipher text appears random and is difficult
Substitution techniques involve mapping plain text to read without knowledge of the key.
elements , which can be characters , bits or other
symbols , in to cipher text elements using a predetermined Caesar’s cipher is a simple and easy to use encryption
substitution rule. For-example , a simple substitution technique , but it also very easy to crack using brute-force
cipher might replace each letter of the alphabet with a attacks or frequency analysis , especially if the key is
corresponding number or symbol according to a fixed known to be shift of 1-25 positions. However , it is still a
pattern. The resulting cipher text would be a sequence of useful introduction to the concepts of substitution and
numbers or symbols that represent the original message. cryptography in general.

Transposition techniques , on the other hand , involve WHAT IS BRUTE-FORCE ATTACK


systematically rearranging the positions of plain text
elements to create the cipher text. For example , a Brute force crypto analysis is a method of attempting to
transposition cipher might shift every third letter of the crack a cipher or encrypted message by trying every
message to the front , then every fourth letter to the end , possible key or combination of keys until the correct one
and so on , according to a predetermined pattern. The is found. In other words , it involves systematically trying
resulting cipher text would be a scrambled version of the all possible solutions , without any specialized knowledge
original message that is difficult to read without the of the cipher or encryption method being used.
decryption key.
For examples , if a message is encrypted with a Caesar
In practice , modern symmetric ciphers use much more cipher , which involves shifting each letter by a fixed
complex techniques than simple substitution or number of positions in the alphabet , brute force attack
transposition , but the basic concepts remain the same. would involve trying all 25 possible shift values until the
These techniques are designed to be secure against attacks correct one is found. This can be a time consuming and
such as frequency analysis , where an attacker can computationally expensive process , especially for more
analyze the frequency of certain letters or symbols in the complex ciphers with larger key spaces.
cipher text to deduce the substitution rule or transposition
pattern used to create it. Although brute force attacks are generally not practical
for larger key sizes or complex ciphers , they can still be
SUBSTITUTION CIPHER TECHNIQUES effective against weaker ciphers or in cases where the key
is relatively short or predictable. Therefore , it is
Substitution cipher is a method of encryption by which important to use strong cryptographic algorithms with
units of plain text are substituted with cipher text sufficiently long keys to resist brute force attacks.
according to a regular system.

SUBSTITUTION CIPHER TECHNIQUES ARE :- Encryption :- Suppose we want to encrypt the plain text
message “HELLO WORLD” using Caesar’s cipher with a
➔ Caesar’s Cipher shift of 3. The first step is to assign each letter a
➔ Playfair cipher numerical value based on its position in the alphabet.
➔ Monoalphabetic cipher
➔ Polyalphabetic cipher A= 0 , B = 1 , C = 2 , D = 3 , E = 4 , F = 5 , G = 6 , H = 7
➔ One time pad and Hill cipher , I = 8 , J = 9 , K = 10 , L = 11 , M = 12 , N = 13 , O = 14 ,
P = 15 , Q = 16 , R = 17 , S = 18 , T = 19 , U = 20 , V =
21 , W = 22 , X = 23 , Y = 24 , Z = 25
CAESAR’S CIPHER
Using this mapping , we can then apply the caesar cipher
Caesar’s cipher is a simple substitution cipher that Is encryption function to each letter in the plain text
name after Julius Caesar , who is said to have used it to message.
encrypt his private messages. In Caesar’s cipher , each
letter in the plain text is replaced by a letter some fixed Cipher text = (plain text + shift) mod 26
number of positions down the alphabet. For example , if
the shift is 3 , then A would be replaced by D , B would For example :- to encrypt the letter “H” with a shift of 3 ,
become E and so on. The key for this cipher is the number we would calculate
of positions to shift each letter. Cipher text = (7 + 3) mod 26 = 10

Here is an example of how Caesar’s cipher works with a Therefore , “H” is encrypted to “K” using Caesar’s cipher
shift of 3 :- with a shift of 3 , repeating this process for each letter in
the plain text message gives us the cipher text.
Plain text :- HELLO WORLD
Ciphertext :- KHOOR ZRUOG Plain text :- HELLO WORLD
NUMERICAL :- 7 4 11 11 14 22 14 17 11 3 5) The cipher text is “KHOR”
SHIFT :- 3 3 3 3 3 3 3 3 3 3
CIPHER TEXT :- K H O O R Z R U O G By performing the shift modulo 26 , we ensure
that the resulting cipher text only contains letters
Therefore , the encrypted message is “KHOO RZUOG”
from the alphabet , and that the letters maintain
DECRYPTION their relative positions in the alphabet , this
makes it more difficult for an attacker to decrypt
To decrypt the message , we use the reverse operation. We the message without knowing the key.
subtract the shift value from each letter in the cipher text
message :- When taking the modulus of a number , we find
the remainder when the number is divided by the
Plain text = (Cipher text – shift ) mod 26
modulus. In the case of 10 mod 26 , we are
For example , to decrypt the letter “K” with a shift of 3 , finding the remainder when 10 is divided by 26 ,
we would calculate in this case , 10 is less than 26 , so the
remainder when 10 is divided by 26 is simply 10.
plain text = (10 – 3) mod26 = 7 Therefore , 10 mod 26 is equal to 10.

Therefore , “K” is decrypted to “H” using Caesar’s cipher


If there is a number greater than 26 , we can
with a shift of 3 , repeating this process for each letter in
the cipher text message gives us the plain text. continue to take the modulus until we get a
number between 0 and 25 , for example If we
Cipher text = K H O O R Z R U O G want to find 35 mod 26 :
numerical = 10 7 14 14 17 25 17 20 14 6
Shift :- 3 3 3 3 3 3 3 3 3 3 1) 35 divided by 26 is 1 , with a remainder of 9
plain text = H E L L O W O R L D 2) Therefore , 35 mod 26 is equivalent to 9 mod
WHAT IS MOD REFERS TO ? 26.

In the case of Caesar cipher , each letter of the plain text


is shifted a certain number of places down the alphabet to Monoalphabetic Cipher substitution
create the corresponding cipher text. The shift is technique:
determined by the key , which is a number between 1 and
25. For example if the key is 3 , then each letter in the
plain text is shifted 3 places down the alphabet to create Caesar cipher is far from secure , it can be easily break by
the corresponding cipher text. brute – force cryptanalysis because of the key space are
small , simply try all possible keys , all possible keys are
To add the calculation mod 26 in the Caesar cipher , we 26.
perform the shift modulo 26. This means that after we
shift each letter by the key , we take the result modulo 26 A mono alphabetic substitution cipher is a type of
to get a number between 0 and 25. This number cryptographic cipher where each letter of the plain text is
represents the position of the new letter in the alphabet , replaces by a corresponding letter of the cipher text
starting with A = 0 , B = 1 , C = 2 and so on. If the result according to a fixed substitution rule. In other words ,
of that shift is greater than 25 , we subtract 26 from the each letter of the alphabet is mapped to a different letter ,
result until it is between 0 and 25. so that the same letter in the plain text is always replaced
by the same letter in the cipher text.
For example , if the key is 3 and we want to encrypt the
plain text “HELLO” , we would perform the following The main difference between monoalphabetic substitution
steps :- and Caesar’s cipher is that in monoalphabetic
substitution , each letter of the plain text is replace with a
1) Convert each letter to its corresponding number in the different letter or symbol based on a fixed substitution
alphabet H = 7 , E = 4 , L = 11 , 0 = 14 table , where as in Caesar’s cipher each letter of the plain
text is replaced with a letter that is a fixed number of
2) Add the key to each number : 7 + 3 = 10 , 4 + 3 = 7 , positions down the alphabet.
11 + 3 = 14 , 14 + 3 = 17
In monoalphabetic substitution , the substitution table can
3) Take each result modulo 26 :- 10 mod 26 = 10 , 7 mod be any permutation of letters of the alphabet , meaning
26 = 7 , 14 mod 26 = 14 , 17 mod 26 = 17 that each plain text letter could potentially be replaced
with any letter in the alphabet. This makes mono
4) convert each number back to its corresponding letter in alphabetic substitution much harder to crack than
Caesar’s cipher , because there are many more possible
the alphabet :- 10 = K, 7 = H, 14 = O, 17 = R.
combinations of letters. However , once the substitution
table is discovered , the cipher becomes very easy to immediate right , with the left most letter
decrypt. wrapping around the right side of the grid.

On the other hand , Caesar’s cipher is a very substitution


➢ If the two letters are in the same column
technique , which makes it easy to implement and
understand. However , it is very easy to crack using brute of the grid , they are replaced by the letters
force attacks or frequency analysis , as there are only 25 immediately below them , with the top letter
possible shift values (excluding the case of no shift) wrapping around to the bottom of the grid.
which can be easily tested.
➢ If the two letters are not in the same row
or column of the grid , they are replace by the
Playfair Cipher substitution technique two letters in the same row as the first letter, but
in the column of the second letter and vice versa.
In the playfair cipher , a 5*5 grid of letters is
used to encode plain text messages. The letters of ➢ If a pair of letters contains a repeated
the alphabet are arranged in grid , with the letter letter , a filler letter such as “X” is inserted
“I” typically being combined with the letter “J” between them before encoding.
In a single grid cell. To encode a message , the
plain text is divided in to pairs of letters and Why are we putting i/j in the same element of
each pair is encoded using a set of rules. the table ?

Example :- Solved by lord peter Wismsey in One factor is the limited number of elements in
Dorthy Sayers’s have his Carcase. In this case , the 5*5 matrix used for the cipher. Since there
the keyword is monarchy , the matrix is are only 25 elements in the matrix , it is not
constructed by filling the letter of the keyword possible to include all 26 letters of the alphabet
from left to right and from top to bottom. without duplicating one of the letters. So in order
to include all 26 letters , I and j are combined
in to a single element.
M O N A R
Examples Of Play Fair

Let’s say our key phrase is “SECRET MESSAGE”.


C H Y B D
First we need to remove any duplicate letters
from the key phrase , and then fill in the
remaining letters of the alphabet in order ,
E F G I/J K skipping over any letters that are already in the
key phrase. Here’s what the key phrase looks like
after we’ve removed duplicates and added in the
remaining letters.
L P Q S T
S E C R T
M A G B D
U V W X Z F H IJ K L
N O P Q U
V W X Y Z

The rules for encoding pair of letters in the


No we we have our 5*5 grid , to encrypt a
Playfair cipher are as follows :-
message using the play fair cipher , we take pairs
of letters from the plain text and convert them to
➢ If the two letters are in the same row in
pairs of letters using the following rules :
the grid , they are replaced by the letter to their
1) If the letters are in the same row of the grid , 2) Dive the cipher text in to blocks of n letters
we replace them with the letters to their
immediate right , wrapping around to the left 3) Convert each block of the cipher text in to a column
vector of size n*1
side of the row If necessary.
4) Multiply each column vector by the inverse of the key
2) If the letters are in the same column of the matrix to obtain the corresponding decrypted vector.
grid , we replace them with the letters
immediately below , wrapping around the top of 5) Convert each decrypted vector back in to a block of
the column if necessary. plain text.

The Hill cipher is considered to be relatively strong , as it


3) If the letters are not in the same row or
is resistant to most types of attacks , including brute force
column , we replace them with the letters in the attacks , frequency analysis attacks and known plain text
same row but in the column of the other letter. attacks .

Let’s say we want to encrypt the message Poly alphabetic cipher


“HELLO WORLD” first we need to split the
message in to pairs of letters like this :- This method is built to improve the problem of
mono alphabetic technique , what was the
HE LX LO WO RL DX limitation in the mono alphabetic technique ?

HE -- > OA The poly alphabetic cipher solves the problem of


LX -- > IZ the mono alphabetic cipher by using multiple
LO -- > HU substitution alphabets instead of just one. In a
WO -- > EW mono alphabetic cipher , each letter of the plain
RL -- > TK text is replaced with a single corresponding letter
DX -- > GX in the cipher text using a fixed substitution
alphabet. This makes the encryption vulnerable to
OA IZ HU EW TK GX frequency attacks , where the frequency of letters
In the cipher text can be analyzed to infer the
HILL CIPHER original plain text.

The Hill Cipher is a substitution technique used in In a poly alphabetic cipher , each letter of the
computer security that employs linear algebra concept to plain text is still replaced with a corresponding
perform encryption and decryption. The Hill Cipher letter in the cipher text , but the substitution
works by breaking the plain text in to blocks of n letters
alphabet changes based on the position of the
and performing matrix multiplication on each block. The
matrix used for multiplication is called key matrix and is letter in the plain text and the key being used for
typically a square matrix of size n*n. The key matrix must encryption. This means the same plain text letter
be chosen carefully to ensure that it is invertible , which can be encrypted to different cipher text letters
allows for decryption (D = K-1C mod26). depending on the position in the message and the
specific substitution alphabet used.
To encrypt a message using the Hill Cipher , the
following steps are typically taken ….
Vigenere Cipher
1) Choose a key matrix of size n * n
2) Divide the plain text in to blocks of n letters
3) Convert each block of the plain text in to a column In the vigenere cipher , a popular poly alphabetic
vector of size n*1 cipher , a key word is used to generate a series
4) Multiply each column vector by the key matrix to of substitution alphabets , with each letter of
obtain the corresponding encrypted vector. the key word representing a shift in the
5) Convert each encrypted vector back in to a block of substitution alphabets , with each letter of the
cipher text. key word representing a shift in the substitution
To decrypt a message that has been encrypted using the alphabet , this means the same plain text letter
Hill Cipher , the following steps are typically taken : may be encrypted to different cipher text letters
depending on its position in the message and the
1) Determine the inverse of the key matrix specific shift being used.
By using multiple substitution alphabets in this In addition , the key is to be used to encrypt and
way , the poly alphabetic cipher makes frequency decrypt a single message and then discarded (key
analysis attacks much more difficult , as the never reused).
frequency of each letter in the cipher text will
not match the frequency of that letter in the Gives the best security in the history of the
plain text. This makes it much more difficult for cryptography , this is due to the randomness and
an attacker to determine the original plain text the key never reused nature of the algorithm.
from the cipher text with out knowing the Each new message requires a new key of the
specific substitution alphabets being used. same length as the new message (unbroken in
nature.)
Encryption process
The fundamental difficulties of one time pad
Ei = (Pi + Ki ) mod 26 algorithm

Decryption Process The practical problem of making large quantities


of random keys , notice we are generating a
Di = (Ci – Ki) mode 26 random key for every message we want to
encrypt , this creates a problem of key
Poly alphabetic substitution cipher that I natural distribution and protection.
evolution of the caesar cipher , A key is needed
that is along the message , usually the key is a TRANSPOSITION TECHNIQUES
repeating key word.
Transposition technique is a cryptographic technique that
Example : - If the key is deceptive and the plain converts the plain text to cipher text by performing
permutations on the plain text , that is change the position
message is “we are discovered save yourself ” is
of each character of plain text for each round. It includes
encrypted as follows like Rail fence technique, simple columnar transposition
technique with multiple rounds and book cipher to
Key :- deceptivedeceptivedeceptive encrypt the plain text.
plain:- wearediscoveredsaveyourself
RAIL FENCE TECHNIQUE

The Rail Fence technique is a transposition cipher


technique used in computer security. It is a type of
transposition cipher , which means it involves rearranging
the letters in a message without altering the letters
themselves. In the Rail Fence technique , the plain text is
written out diagonally on a set of number of “rails” or
“lines” , then read off in a difference order to create the
cipher text.

ONE TIME PAD SUBSTITUTION CIPHER

This technique yields the ultimate in security ,


because it uses random key that is as long as the
plain message. So since the key is random and
has a length that is long as the plain message ,
so there is no need for a key to be repeated. One weakness of the Rail Fence technique is that it is
vulnerable to frequency analysis attacks , which involve
So since the key is random and has a length that analyzing the frequency of certain letters or groups of
is as long as the plain message so there is no letters in the cipher text to determine the original
need for a key to be repeated. (This gives message. In addition , the technique can be susceptible to
brute force attacks , which involve , the rail fence
additional security)
technique is not generally considered a secure method of
encryption on its own , but it can be useful part of a more VERNAM CIPHER
complex system.

SIMPLE COLUMNAR TRANSPOSITION TECHNIQUES

Example :- Let’s assume that plain text is a corporate


bridge and we need to calculate the cipher text using a
simple columnar transposition technique. Let’s take 6
columns and arrange the plain text in a row-wise manner.

A Vernam cipher is a type of symmetric


encryption that uses a one-time pad, which is a
random key that is as long as the plaintext
message. The key is combined with the plaintext
message using the XOR (exclusive or) operation to
Decide the column order for reading the message – Let’
produce the ciphertext. The key is used only once
and is never reused, hence the name "one-time
pad".

Here's an example of a Vernam cipher encryption:

let’s assume 1 , 3 , 5 , 2 , 4 , 6 is an order. Suppose we want to encrypt the message


Now read the message in a columnar manner "HELLO" using a one-time pad key of "XMCKL".
using the decided order ---
First, we convert the plaintext message and the
cadreeorotgpbri cadreeorotgpbri is a cipher text.
key to binary:
The simple columnar transposition technique can • Plaintext "HELLO" in ASCII: 01001000
be categorized in to two parts – Basic technique
01000101 01001100 01001100 01001111
and multiple rounds. The simple columnar
• Key "XMCKL" in ASCII: 01011000
transposition technique – basic technique. The
simple columnar transposition technique simply 01001101 01000011 01001011 01001100
arranges the plain text in a sequence of rows of
Next, we perform the XOR operation between the
rectangle and reads it in a columnar manner.
binary representations of the plaintext message
How does this algorithm work ? and the key, bit by bit:

Step 1 :- Write all the character of plain text • Ciphertext: 00010000 00001010 00011100
message row by row in a rectangle of a pre- 00000111 00000011
defined size
Finally, we convert the binary ciphertext back to
Step 2 :- Read the message in a columnar manner ASCII characters, which results in the encrypted
, that is column by column message: "\n".

To decrypt the ciphertext, the recipient needs to


Note :- For reading the message , it needs not to
be in the order of columns. It can be any random have the same one-time pad key, which is used
sequence. to perform the XOR operation with the ciphertext
to recover the original plaintext message.
Step 3 :- The resultant message is cipher text.
One of the main limitations of the Vernam cipher (block cipher) , which are divided in to two 32
is the need for a secure key distribution channel. bit halves. The algorithm uses a series of
Since the key must be randomly generated and permutations and substitutions to transform the
only used once, both the sender and the receiver plain text in to cipher text and vice versa. The
must have access to a secure way of sharing the encryption process involves 16 rounds of these
key. Any compromise in the security of the key transformations , with a different sub key used in
compromises the security of the entire system. each round.

Modern Cryptography The encoding process of each 64-bit block of data


in DES involves several steps :-
A stream cipher is an encryption algorithm that
1) Initial Permutation (IP) :- The 64 bit plain text
encrypts data one bit or one byte at a time , in a
block is first subjected to an initial permutation
continuous stream. Stream ciphers are typically
(IP) which rearranges the bits according to a
used to encrypt real time data such as voice and
specific permutation table. The result of the IP is
video transmission. It generates a key stream that
then divided in to two 32-bit halves.
is combines with the plain text to produce cipher
text.
2) Multiple rounds of encryption :- The IP output
is then subjected to a series of 16 rounds of
One of the advantages of stream ciphers is that
encryption. Each round uses a 48 bit sub key
they are typically faster and more efficient than
that is derived from the original 56-bit key using
block ciphers , as they can encrypt and decrypt
the key scheduling algorithm. In each round , the
data on the fly with out needing to buffer the
32 bit right half of the input is expanded to 48
entire message. However , stream ciphers are
bits using another fixed permutation table. The
generally less secure than block ciphers , as they
resulting 48 bit block is then XORed with the 48
can be vulnerable to attacks such as known plain
bit sub key. The XOR output is then divided in
text attacks and related – key attacks.
to eight 6 bit blocks , each of which is
substituted using a fixed S-box table. The eight 4-
Block cipher is a type of encryption algorithm
bit outputs from the S-boxes are then combined
that encrypts data in fixed length blocks or
to produce a 32 bit output. The 32 bit left half
chunks , typically of 64 or 128 bits. The plain
of the input is then XORed with the 32-bit
text is divided in to blocks , which are then
output of the S-boxes. The resulting 32-bit halves
encrypted using a cryptographic key and a
are swapped to become the input for the next
specific encryption algorithm. Each block is
round.
independent of the other , and the same key and
algorithm are used for each block.
3) Final permutation (FP) :- After the final round
of encryption , the resulting 64-bit block is
Block ciphers are considered more secure than
passed through a fixed permutation table known
stream ciphers because they are less susceptible
as the Final Permutation (FP).
to known plain-text and other cryptographic
attacks. However , block ciphers can be slower
4) Output :- The resulting 64-bit output Is the
and less efficient than stream ciphers , especially
encrypted cipher text.
when encrypting large amounts of data. Many
modern encryption systems use a combination of
The decryption process of DES is simply the
both stream and block ciphers to provide strong
reverse of the encryption process. The cipher text
and efficient encryption.
block is first subjected to the IP , followed by
the 16 rounds of decryption using the same sub
Data Encryption Standard (DES) keys in reverse order. Finally , the resulting 64
bit block is passed through the FP to produce the
DES (Data Encryption Standard) is a symmetric original plain text block.
key encryption algorithm that uses a 56 bit key
to encrypt and decrypt data. It was developed in The working principles of DES
the 1970s by IBM and adopted by the US
government as a standard for protecting sensitive
What is the whole point of DES ?
data. DES operates on 64-bit blocks of data
What is a feistel cipher is mean by ?
The main point of DES is to provide
confidentiality by encrypting data in a way that A Feistel cipher is a symmetric encryption scheme
it can only be decrypted by someone who has the used in many cryptographic applications , it
correct key. This is achieved by using a complex works by dividing the plain text in to two halves
set of mathematical operations that scramble the and then performing multiple rounds of
data in to unintelligible form. Only someone who substitution and permutation operations on these
has the key can perform the reverse operations halves. In each round , one half of the data is
and recover the original data. processed and the result is XORed with the other
half to produce the new half. The halves are then
DES was designed to be a relatively fast and swapped and the process is repeated for a fixed
efficient encryption algorithm that could be number of rounds. The output of the last round
implemented in hardware or software. However , is the cipher text.
it was eventually replaced by more secure and
advanced encryption algorithms , such as the Why are we using initial permutation ?
Advanced Encryption Standard (AES) , due to its
vulnerability to brute force attacks. The initial permutation in DES (Data Encryption
Standard) cryptography is used to ensure that the
Why are we dividing the plain text in to left and input plain text bits are shuffled pr permuted
right half ? before the actual encryption process. The main
purpose of the initial permutation is to provide
In DES encryption , the plain text is divided in confusion and diffusion to the plain text , making
to left and right halves because it is a Feistel it harder for attackers to decipher the original
cipher. A Feistel cipher is a cryptographic message.
algorithm that uses a combination of substitution
and permutation to encrypt data. It operates on The initial permutation swaps the positions of
blocks of data , dividing them in two halves and certain bits in the plain text according to a per-
processing them iteratively through a series of defined permutation table. The permutation table
rounds. consists of 64-bit positions , where each position
corresponds to a specific bit in the plain text.
In the case of DES , the plain text block is The permutation table is fixed and known to both
divided in two 32-bit halves , called the left half the sender and receiver.
and the right half. These halves are processed
independently through the Feistel network , The initial permutation ensures that the plain text
which consists of 16 rounds of processing. During is transformed in to a new sequence of bits that
each round , the right half is fed through a series are not easily recognizable. This helps to increase
of substitution and permutations , using a sub the security of the encryption process and prevent
key derived from the main encryption key. The attackers from identifying patterns in the plain
output of these substitutions and permutations is text that could be exploited to break the
then combines with the left half using an encryption.
exclusive OR operation. The result of this
operation becomes the right half of the next Why are we rounding 16 times to generate the
round , while the previous right half becomes the final key result ?
left half.
The DES algorithm uses 16 rounds to generate
The process of dividing the plain text block in to the final key result. This is because 16 rounds are
two halves is a crucial step in the Feistel cipher considered to be the optimal number of rounds
design , as it allows for the use of the same for achieving both security and efficiency.
processing functions and sub keys on both halves.
This results in a highly efficient encryption During each round , the algorithm performs a
algorithm that can be implemented in hardware series of operations , including permutation ,
and software with minimal computational substitution , and XOR operations , to create a
resources. new key from the previous key. These operations
are designed to make it difficult for attackers to
determine the original key from the encrypted effectiveness in providing both confusion and
data , even if they have access to the algorithm non-linearity.
and the cipher text.
Why are we using a left circular shift in the
If the number of rounds were increased to 17 , key ?
the algorithm may become more secure , but it
may also become less efficient. Conversely , if
the number of rounds were decreased to 15 ,the Why are we using inverse initial permutation ?
algorithm may become less secure. Therefore 16
rounds strike a balance between security and The inverse initial permutation is used in DES to
efficiency that is considered optimal for the DES provide additional security to the encrypted
algorithm. message. After the 16 rounds of encryption are
completed , the resulting cipher text Is subjected
Why are we using the substitution box or S-box ? to a final permutation known as the final
permutation (IP-1) which is the inverse of the
The substitution box or S-box is a crucial initial permutation (IP).
component in the DES encryption algorithm. It is
used to add confusion and non linearity to the The purpose of the inverse initial permutation is
encryption process , making it more secure. to provide a final layer of diffusion to the
encrypted message , making it more difficult for
The s-box works by taking a 6-bit input and an attacker to decipher the message. The inverse
producing a 4-bit output. It achieves this through initial permutation rearranges the positions of the
a series of substitution operations that are bits in the cipher text so that adjacent bits in the
specified in the DES algorithm. The S-box is input message are no longer adjacent in the
essentially a look up table that maps each output cipher text.
possible 6-bit input to a corresponding 4-bit
output. This shuffling of bits provides additional security
it breaks up any patterns that may have been
The reason for using the S-box is to introduce created during the encryption process , making it
non-linearity in to the encryption process , if more difficult for an attacker to analyze the
only linear operations were used , then the cipher text and determine the original message.
encryption process could potentially be broken
using linear algebra. However , by introducing The Technical Working Of DES
non-linearity through the S-box , the encryption
becomes much more resistant to attack. • Block size = 64 bit
• Key size = 64 bit
Non-linearity means that the relationship between • Number of rounds = 16 rounds
the input and output bits is not simple , • The plain text is processed in number of
predictable linear function. In other words , rounds , each one should have a separate
changing a single bit in the input can result in a independent key , so we have 16 sub
completely different output , making it difficult keys for each rounds
for an attacker to analyze and break the • Sub key size = 48 bit sub key – we have
encryption. to generate 48 bit sub keys for each of
the 16 rounds
Another important feature of the S-box is that it
provides confusion , this means that each output
bit is influenced by multiple input bits , making
it difficult for an attacker to determine the
relationship between the input and output bits.

The DES algorithm uses eight S-boxes , each of


which performs a unique substitution operation.
The choice of these s-boxes was based on
extensive testing and analysis to ensure their
K=00010011001101000101011101111001100110111
01111001101111111110001

K+=111100001100110010101010111101010101011
00110011110001111

The PC-1 table, or permutation choice-1, is used


for this initial permutation. The 64-bit key is
divided into two halves, with 28 bits each. Each
half is then subjected to a circular shift according
to a predefined schedule. The shifted halves are
then combined to form a 56-bit key, where each
bit position is determined by the PC-1 table.

The PC-1 table consists of 56 entries, each


corresponding to a specific bit position in the 64-
bit key. The table is designed in such a way that
it selects a subset of bits from the original key,
discarding 8 of the 64 bits. The selected bits are
then permuted according to the table to produce
the 56-bit permutated key.

LEFT CIRCULAR SHIFTS

The DES key scheduling process is used to create


16 sub-keys, each of which is 48 bits long, from
an original 64-bit key.

The first step in the key scheduling process is to


permute the original key, K, using a permutation
known as PC-1. This permutation takes the 64-bit
1) DES KEY SCHEDULING :- CREATING 16 SUB key and transforms it into a 56-bit key known as
KEYS , EACH OF WHICH IS 48 BITS LONG
K+.
In the DES key scheduling process, the original Next, the 56-bit key is split into two halves, C0
64-bit key is first converted into a 56-bit and D0, each with 28 bits. These halves are used
permutation known as the permutated key, to generate 16 blocks, C1 through C16 and D1
denoted as K+. This is achieved through a through D16.
process called the initial permutation or IP-1,
To generate each block, the previous block is
which rearranges the bits in the key according to
shifted left by either one or two bits, depending
a fixed table.
on the block number, and the first bit of the
Original 64-bit key block is cycled to the end. This process is done
separately for both halves.

For example, C3 and D3 are obtained from C2


and D2, respectively, by two left shifts, and C16
and D16 are obtained from C15 and D15,
respectively, by one left shift.
The resulting 16 blocks are then combined to the individual keys Kn. This permutation table is
form the sub-keys. The sub-keys are created by known as PC-2 and is an 8x6 matrix.
taking a 48-bit subset of the 56-bit key for each
To obtain Kn, we take the concatenated pair
round of the encryption process.
CnDn, which is 56 bits long, and apply PC-2 to
it. The first bit of Kn is the 14th bit of CnDn,
the second bit is the 17th, and so on, ending
with the 48th bit of Kn being the 32nd bit of
CnDn.

A left circular shift is an operation that shifts all


the bits in a binary number to the left by a
certain number of positions, and wraps the
shifted-out bits around to the beginning of the
number. This operation is often used in
cryptography and computer science.

For example, suppose we have the binary number


11001100 and we want to perform a left circular
shift by 3 positions. The result would be
01100110, because the three leftmost bits have
been shifted around to the right side of the
number.

We need left circular shifts in the DES key


scheduling algorithm to generate the 16 subkeys.
These shifts are used to create new pairs of 28-
bit blocks Cn and Dn by shifting the bits in the
previous blocks to the left and wrapping the
shifted-out bits around to the right side of the 2) MESSAGE ENCODING
block.
In the process of message encoding, each 64-bit
Note :- Now the left circular shift depends on the block of data is first subjected to an initial
round number , we will decide how many bits permutation (IP) to rearrange the bits according
we have to shift , so for the round 1 , 2 , 9 , 16 to a predefined table. The IP table maps the bits
→ we will perform 1-bit circular shift and for the from their initial order in the message to a new
rest we will perform 2-bit circular shift. arrangement specified in the table. For instance,
the 58th bit of the message becomes the first bit
of IP, the 50th bit becomes the second bit of IP,
Permutation choice 2 and so on until the last bit of the message
In the DES key scheduling process, after creating becomes the 64th bit of IP. This rearranged block
the 16 blocks of subkeys, each of which is 48 of data is then ready to undergo further
bits long, we need to apply a permutation table processing for encryption.
to each of the concatenated pairs CnDn to obtain
corresponding subkey Kn is used in the function
f.

The function f operates on a 32-bit block of data


and a 48-bit subkey Kn, and produces a 32-bit
output. The function f includes several operations,
such as expansion, permutation, substitution, and
XORing. The details of the function f are beyond
the scope of this explanation, but the result of
the function f is XORed with Ln-1 to obtain Rn.

At the end of 16 rounds of encryption, the final


In DES encryption, the 64-bit message block is block is obtained as L16R16. This final block
first permuted using an initial permutation (IP) undergoes a final permutation (FP) using a
table, which rearranges the bits according to a permutation table that is the inverse of the initial
predefined pattern. The IP table specifies the new permutation table. The result is the encrypted
arrangement of bits, where the 58th bit of the message block.
message becomes the first bit of IP, the 50th bit
becomes the second bit of IP, and so on.

For example, suppose the original message block


is: M =
0000000100100011010001010110011110001001101
010111100110111101111

After applying the initial permutation table, the


new block becomes: IP =
1100110000000000110011001111111111110000101
010101111000010101010
In the DES algorithm, the function f operates on
Next, the IP block is divided into two halves: a two blocks - a data block of 32 bits and a
left half L0 of 32 bits and a right half R0 of 32 subkey of 48 bits - to produce a block of 32 bits.
bits. The left half is formed from the first 32 bits The function f consists of four stages: expansion,
of IP, while the right half is formed from the last key mixing, substitution, and permutation.
32 bits.
1. Expansion: The 32-bit data block is first
For example, in the above IP block, we have: L0 expanded to 48 bits using the expansion
= 11001100000000001100110011111111 R0 = permutation, denoted as E in the diagram.
11110000101010101111000010101010 The expansion permutation duplicates
some of the bits to produce a 48-bit
Now, the DES algorithm proceeds through 16
output.
rounds of encryption. In each round, the left half
Ln of the previous round becomes the right half 2. Key mixing: The expanded data block is
Rn-1 of the current round, and the right half Rn then combined with a subkey using an
of the current round is obtained by XORing the XOR operation. There are 16 subkeys in
left half Ln-1 of the previous round with a total, one for each round, which are
function f that operates on Rn-1 and a subkey Kn derived from the main key using the key
of 48 bits. scheduling algorithm. The subkey is also
expanded to 48 bits using a permutation,
The subkeys Kn are generated from the original
called PC-2.
64-bit key using a key schedule algorithm that
generates 16 48-bit subkeys. In each round, the
3. Substitution: After the XOR operation with
the subkey, the block is divided into eight
6-bit pieces before processing by the S-
boxes (substitution boxes). Each of the
eight S-boxes replaces its 6-bit input with
a 4-bit output according to a non-linear
transformation, provided in the form of a
lookup table. The S-boxes provide the
core of the security of DES, as they
introduce non-linearity into the encryption
process, which makes it more difficult to
crack.
KEY MIXING
4. Permutation: Finally, the 32 outputs from
the S-boxes are rearranged according to a Key mixing is the process of combining the
fixed permutation, called the P-box, to output of the expansion function E and a subkey
produce the output of the function f. using an XOR operation to generate a 48-bit
result. This operation is performed in each round
The resulting 32-bit output is then XORed with
of the DES encryption process. The subkeys are
the left half of the input block to produce the
generated from the original 64-bit key using the
right half of the output block. The left half of the
key scheduling algorithm.
input block becomes the right half of the output
block. The key mixing step is important because it adds
additional complexity to the encryption process,
The Expansion
making it more difficult for an attacker to
In the DES algorithm, the function f is used to determine the key or the plaintext message.
mix the right half of the block (32 bits) with a
Here's an example of key mixing in the first
48-bit subkey. The function f consists of several
round of DES encryption:
operations, one of which is the expansion
operation, which expands the 32 bits to 48 bits • Original message block:
by duplicating some of the bits. This expansion 11110000101010101111000010101010
operation is denoted by E and is done using a • Permutation choice 1 (PC-1) output:
selection table that repeats some of the bits in 000110110000001011101111111111000111
the input block. 000001110010
• Left half L0:
To calculate E(R0) from R0, we apply the
11001100000000001100110011111111
selection table to R0 as follows. The first bit of
• Right half R0:
E(R0) is the 32nd bit of R0, the second bit of
11110000101010101111000010101010
E(R0) is the 1st bit of R0, and the third bit of
• Expansion function output E(R0):
E(R0) is the 2nd bit of R0. Similarly, we continue
011110100001010101010101011110100001
applying the selection table to obtain all 48 bits
010101010101
of E(R0).
• Subkey K1:
000110110000001011101111111111000111
000001110010
• XOR of E(R0) and K1:
011000010001011100101010100001110110
101010101111
In this example, we see that the 48-bit result of This process of applying the F-function to
key mixing is generated by XORing the 48 bits of alternate halves of the message data, XORing the
the output of the expansion function E with the output with the other half, and swapping the
48 bits of the subkey K1. This result is then used halves is repeated for 16 rounds to produce the
in the next step of the DES encryption process, final output ciphertext.
which involves substituting values using S-boxes.

A B A XOR B
0 0 0
0 1 1
1 0 1
1 1 0
SUBSTITUTION

In DES, substitution is performed using a set of


eight S-boxes, each taking six input bits and
producing four output bits. The S-boxes
implement a nonlinear transformation, providing
the core of the security of DES. Without them, We now calculate:
the cipher would be linear and easily broken. S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)
Each S-box is a table that maps 6-bit inputs to 4- How are we going to calculate it
bit outputs. The input to an S-box is a 6-bit
S1(011011) :- The first and last bits are rows and
block of the expanded right half of the previous
the middle four bits represent the column number
step (i.e., Rn-1) XORed with the 48-bit subkey
Kn. The output of each S-box is a 4-bit block. 01 :- a two bit :- what is the maximum value
can a two bit represent (11) , which is three and
The S-boxes are defined by a series of tables,
what is the minimum value can a two bit
where each table is a 4x16 matrix. For example,
represent , which is 00 , so the rows will be
the first S-box takes the first six bits of the input
from 0-3 , which is four.
and returns a 4-bit output. This is done by
selecting a row based on the first and last bits of 1101 :- a four bit , what Is the maximum value
the input and a column based on the middle four can a four bit represent (1111) , what is the
bits of the input. The value found in the selected minimum value can a four bit represent (0000) ,
row and column is the 4-bit output of the S-box. so the number of columns will be from 0-15.

After all eight S-boxes have been applied to the So in this typical example the first and the last
input, the resulting 32-bit block is then passed two bits (01) means 1 , which is row 1 and the
through a permutation function, known as the P- middle bits 1101 :- means 13 , which is the 13 th
box, to provide the output of the F-function. The column in our look up table.
P-box rearranges the bits in the 32-bit block
according to a fixed permutation.

The output of the F-function is then XORed with


the left half of the previous step (i.e., Ln-1) to
produce the new right half (Rn) for the current
step. The left half for the current step (Ln) is
simply the right half from the previous step (i.e.,
Rn-1).
If S1 is the function defined in this table and B
is a block of 6 bits, then S1(B) is determined as
follows: The first and last bits of B represent in
base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The
middle 4 bits of B represent in base 2 a number
in the decimal range 0 to 15 (binary 0000 to
1111). Let that number be j.

Look up in the table the number in the i-th row The permutation table specifies which bit of the
and j-th column. It is a number in the range 0 to 32-bit input block goes to which position in the
15 and is uniquely represented by a 4 bit block. output block. For example, the 16th bit of the
That block is the output S1(B) of S1 for the input input block goes to the first position of the
B. For example, for input block B = 011011 the output block, the 7th bit of the input block goes
first bit is "0" and the last bit "1" giving 01 as to the second position of the output block, and
the row. This is row 1. The middle four bits are so on.
"1101". This is the binary equivalent of decimal The output of the permutation P is the final output of the
13, so the column is column number 13. In row function f. It is a 32-bit block that is XORed with the left
1, column 13 appears 5. This determines the half of the input block to produce the right half of the
output; 5 is binary 0101, so that the output is output block.
0101. Hence S1(011011) = 0101. XORING WITH THE LEFT HALF

After completing the Feistel function for the right


half of the block and obtaining the output from
it, we need to combine it with the left half of
the block to obtain the final output. This is done
by performing an XOR operation between the
output of the Feistel function and the left half of
the block.

For example, let's say the left half of the block is


L and the right half is R. After performing the
Feistel function on R, we get the output f. The
final output block is obtained by performing the
Last Permutation XOR operation between L and f:

After applying the S-boxes to the input block, we Output block = L XOR f
get 8 blocks of 4 bits each. These blocks are then This process is repeated for each round of the
concatenated to form a single 32-bit block. The DES algorithm until the final round, where the
permutation P is then applied to this 32-bit left and right halves of the block are swapped
block. and combined to produce the final output.
The permutation P rearranges the bits in the 32-
bit block according to the following table:
Asymmetric Key Encryption

Asymmetric key cryptography , also known as


public key cryptography , is a cryptographic
system that uses two mathematically related
keys , a public key and a private key , to secure
communication between two parties.
The public key can be freely distributed to
anyone who want to communicate with the
owner of the private key. The private key , on
the other hand , must be keep secret by the
owner and should not be shared with anyone.

When someone want to send a secure message to


the owner of the public key , they encrypt the
message using the public key. The owner of the
This is the final step of the DES encryption public key can then decrypt the message using
their private key. This means that only the owner
process. After performing 16 rounds of
of the private key can read the message.
encryption, the 32-bit halves L16 and R16 are
obtained. The order of these halves is reversed, Symmetric key cryptography uses the same key
i.e., R16L16 is formed. for both encryption and decryption. While this
approach is fast and efficient , it has significant
The final permutation IP-1 is applied to R16L16,
limitation in terms of key distribution. If two
which rearranges the bits according to the parties want to communicate securely using
following table. The first bit of R16L16 becomes symmetric key cryptography , they must both
the 40th bit of IP-1. The second bit of R16L16 have the same key. This creates a problem of
becomes the 8th bit of IP-1, and so on. The last securely exchanging the key without anyone else
bit of R16L16 becomes the 48th bit of IP-1. intercepting it.

The resulting 64-bit block in binary format is Asymmetric key cryptography solves this problem
then converted to hexadecimal format to obtain by using two mathematically related keys , a
the ciphertext. In this example, the ciphertext is public key and a private key. The public key can
85E813540F0AB405. This is the encrypted form of be shared widely , while the private key is
secret. This allows for secure communication
the original message M = 0123456789ABCDEF.
between two parties without the need for a
secure key exchange.

Another advantage of asymmetric key


cryptography is that it can be used for digital
signatures , which are used to verify the
authenticity of messages and documents. The
private key is used to generate the digital
signature , while the public key is used to verify
the signature. This allows for secure
authentication and non-repudiation , meaning
that the sender of a message can not deny having
sent it.

Public Key Encryption :-

Both the sender and the receiver own a pair of


keys , one public and the other a closely guarded
private one. To encrypt a message from sender A
to receiver B , both A and B must create their
own pairs of keys.
THE RSA ALGORITHM
Then A and B publicize their public keys – any
body can acquire them. When A is to send a RSA is a widely used public key encryption
message M to B , A uses B’s public key to algorithm in computer security. RSA is based on
encrypt M. On receipt of M , B then uses his or the mathematical concept of the difficulty of
her private key to decrypt the message M. As factoring large numbers in to their prime factors.
long as only B , the recipient , has access to the
private key , then A , the sender , is assured How does factoring large numbers in their prime
that only B , the recipient , can decrypt the factors , will increase the difficulty of breaking
message. the algorithm ?

This ensures data confidentiality. Data integrity is The RSA algorithm involves two keys , a public
also ensured because for data to be modified by key and a private key. The public key can be
an attacker it requires the attacker to have B’s freely distributed to any one who wants to send
the recipient private key. Data confidentiality and encrypted message to the owner of the private
integrity in public key encryption is also key. The private key , on the other hand , must
guaranteed. be kept secret and is only known to the owner.
Public key encryption , also known as asymmetric
key encryption , is used for a variety of reasons. To better understand RSA , let first understand
what is public-key encryption algorithm.
1) Secure Key Exchange :- Public key encryption
allows for secure key exchange without the need Public key encryption algorithm :- Public key
for a secure channel. Each user has a public key encryption algorithm is also called Asymmetric
that can be freely distributed , allowing others to algorithm. Asymmetric algorithms are those
encrypt messages that can only be decrypted by algorithms in which sender and receiver use
the owner of the private key. different keys for encryption and decryption. Each
sender is assigned a pair of keys :- Public Key
2) Digital Signature :- Public key encryption can and a private key.
be used to create digital signature that verify the
authenticity and integrity of messages and The public key is used for encryption and the
documents. The sender uses their private key to private key is used for decryption. Decryption can
generate a digital signature , and the recipient not be done using a public key. The two keys are
can verify the signature using the sender’s public linked , but the private key can not be derived
key. This provides a secure method for from the public key. The public key is well
authentication and non-repudiation , meaning known , but the private key is secret and it is
that the sender of a message can not deny having known only to the user who owns the key. It
sent it. means that everybody can send a message to the
user using user’s public key but only the user can
3) Secure communication :- Public key encryption decrypt the message using his private key.
can be used for secure communication between
two parties , as each user has their own public
and private key. This eliminates the need for a
shared key , which can be compromised if
intercepted by a third party.

4) Key management :- Public key encryption


simplifies key management , as each user only
needs to manage their own private key. This
eliminates the risk of lost or stolen keys
compromising the security of messages encrypted
with that key.
The data to be sent is encrypted by sender A However , if n = 8191 , it is much harder to
using the public key of the intended receiver. B factor it in to its prime factors , which makes the
decrypts the received cipher text using its private RSA encryption and decryption more secure.
key , which is known only to B , B replies to A
encrypting its message using A’s public key. The security of RSA depends on the fact that it is
easy to calculate the modulus n from p and q ,
A decrypts the received cipher text using its but it is very difficult to calculate p and q from
private key , which is known only to him. n. p and q are kept secret in the RSA algorithm.
Encryption using the RSA algorithm involves They are used to calculate the modulus n , which
representing the plain text message as a number is made public , but p and q themselves are not
m and raising it to the power of the public shared. The security of the RSA algorithm relies
exponent e module n. The result , c , is the on the difficulty of factoring n in to p and q , so
cipher text. Decryption involves raising the cipher keeping p and q secret helps to maintain the
text c to the power of the private exponent d security of the system.
modulo n , which yields the original plain text
message m. Multiply these numbers to find n = p * q , where n is
called the modulus for encryption and decryption.
C = Pe mod(n)
In the RSA algorithm the modulus “n” is a
P = Cd mod(n)
product of two large numbers “p” and “q”. The
product “n” is used as the modulus for both
encryption and decryption. The larger value of
“n” the more secure the RSA algorithm , as it
becomes increasingly difficult to factor “n” back
in to its prime factors “p” and “q”. To find
“n” , we need to multiply the two prime
numbers “p” and “q” For example , if we
choose “p” to be 17 and “q” to be 11 , then
the modulus “n”is n = p * q = 17 * 11 =
187 //
RSA algorithm uses the following procedure to
generate public and private keys :- The modulus n is important because it serves as
the basis for the public and private keys used in
Select two large prime numbers , p and q. the RSA algorithm. The public keys is derived
from the modulus and an encryption exponent ,
When it comes to the RSA algorithm , “selecting while the private key is derived from the
two large prime numbers , p and q” means that modulus and a decryption component.
you need to choose two prime numbers that are
sufficiently large. These two prime numbers will Example :- Now let’s go through a simple worked
be used to calculate the modulus n , which is the example where the message / plain text is given to be m =
basis for the public and private keys used in the 6 , p = 7 and q = 19.
RSA algorithm.
A) Key Generation
The choice of these prime numbers is critical for 1) Generate two large prime numbers , p and q
the security of the RSA algorithm. The larger the
prime numbers , the more secure the algorithm To make the example easy to follow small numbers are
will be. This is because factoring large numbers used , but this is not secure. To find random primes , we
in to their prime factors is a difficult start at a random number and go up ascending odd
computational problem , and the security of the numbers until we find a prime. Let’s take the given two
primes for the sake of simplicity.
RSA algorithm is based on the assumption that
factoring large numbers in to their prime factors P = 7 , q = 16
is a hard problem.
2) Let’s compute the modulus , n = p * q
For instance , if n = 55 , it can be factored in to n = 7*19 = 133//
p = 5 , and q = 11. This is relatively easy to do.
3) Let’s compute the Euler Totient
Φ = (p - 1) (q – 1) we don’t know p or q , so in practice a lower bound on p
Φ = (7 - 1) (19 – 1) and q must be published. This can be somewhat below
= 6 * 18 their true value and so isn’t major security concern. For
= 108 // this example , let’s use the message “6”.

C = Pe mod n
What is Euler Totient ? It counts the number of = 65 mod 133
numbers between 1 and n that have no common = 7776 mod 133
factors with n except 1. For example , if n = = 62 //
10 , then the number less than or equal to 10
C) Decryption Process :- This works very much like
that are relatively prime to 10 are 1 , 3 7 , and
encryption , but involves a larger exponential which is
9 , therefore , φ(10) = 4. In cryptography , broken down in to several steps.
Euler’s totient function is often used in RSA
algorithm to generate public and private keys. P = Cd mod n
The function is used to determine the number of = 62 65 mod 133
possible values that can be used for the public = 62 * 62 64 mod 133
and private keys , which is related to the security = 62 * (62 2)32 mod 133
of the encryption. = 62 * ( 3844 ) 32 mod 133
= 6 //
4) Choose a small number , e co prime to Φ
Example :- In an RSA cryptosystem , a particular A uses
E is co prime to Φ , means that the largest two prime numbers , 13 and 17 , to generate the public
and private keys. If the public of A is 35 then the private
number that can exactly divide both e and Φ key of A is …………… ?
(Their greatest common divisor or gcd ) is 1.
Euclud’s algorithm is used to find the gcd of two Step 1 :- In the first step , select two large prime
numbers , but the details are omitted. numbers , p and q.

When we say that E is co-prime to Φ , we mean p = 13


q = 17
that E and Φ do not have any common factor
other than 1. This is important condition for the step 2 :- Multiply these numbers to find n = p * q , where
RSA algorithm because it ensures that the n is called the modulus for encryption and decryption.
encryption and decryption keys are unique and First we calculate ……
that the system is secure.
n=p*q
e=2 == > gcd (e , 108) = 2 [no] n = 13 * 17
e=3 == > gcd (e , 108) = 3 [no] n = 221 //
e=4 == > gcd (e , 108) = 4 [no]
e=5 == > gcd (e , 108) = 1 [Yes !] Step 3 :- Choose a number e , such that n is relatively
prime to (p-1) * (q – 1). It means that e and (p-1) * (q – 1)
How to find the greatest common divisor :- The GCD of have no common factor except 1. Choose “e” such that 1
two integers is the largest positive integer that divides < e < φ (n), e is prime to φ (n) , gcd (e,φ (n))= 1
both numbers without leaving a remainder.
Second , we calculate
5) Find d , such that de % Φ = 1
φ (n) = (p – 1) * (q – 1)
This is equivalent to finding d which satisfies de = 1 + φ (n) = (13 – 1) * (17 – 1)
k*Φ , where k is any integer. We can rewrite this as d = φ (n) = 192
(1 + k*Φ)/e. Now we work through values of k until an g.c.d (35 , 192) = 1 //
integer solution for e is found :-
Step 4 :- To determine the private key , we use
k=0 == > d = 1/ 5 [no] the following to calculate the d such that ….
k=1 == > d = 109 / 5 [no]
k=2 == > d = 217 / 5 [no]
k=3 == > d = 325 / 5 = 65 (yes) calculate :- d = (1 + k.φ (n))/e [let k =0,1, 2 , 3]
put k = 0 ==> (1 + 0 * 192) / 35 [No]
The public key is [n , e] and the private key is [n , d] , so put k = 1 ==> (1 + 1 * 192) / 35 [No]
the public key [133 , 5] and the private key is [133 , 65] put k = 2 ==> (1 + 2 * 192) / 35 = 11 [Yes]
B) Encryption Process :- The message must be a number The private key is <d , n> = (11 , 221) ,
less than the smaller of p and q. However , at this point hence , private key that is d = 11
n = 33 //
Note :- In the RSA encryption algorithm, the
private key consists of two parts: the private Step 3 :- Choose a number “e” less that n , such
exponent (d) and the modulus (n). that n is relatively prime to (p – 1) * (q – 1). It
means that e and (p – 1) * (q – 1) have no
Example :- A RSA crypto system uses two prime common factor except 1. Choose “e” such that 1
numbers 3 and 13 to generate the public key = 3 < e < φ (n) , e is prime to φ (n), gcd (e , d(n))
and the private key = 7 , what is the value of = 1
cipher text for the plain text 5?
Second we calculate :-
Step 1 :- In the firsts step , select two large
prime numbers , p and q. φ (n) = (p – 1) * (q – 1)
φ (n) = (3 – 1) * (11 – 1)
p = 3 φ (n) = 2 * 10
q = 13 φ (n) = 20 //

step 2 :- Multiply these numbers to find n = p * Step 4 :- To determine the public key , we use the
q , where n is called the modulus for encryption following formulat to calcuate the d such that :-
and decryption. First we calculate :-
calculate d* e = (1 + k. φ (n)) [let k =0, 1, 2, 3]
n = p * q
put k = 0 ==> e = (1 + 0 * 20) / 7 == > 1 / 7 [No]
n = 3 * 13 put k = 1 ==> e = (1 + 1 * 20) / 7 == > 21 / 7 , e = 3 //
n = 39 //
The public key is <e , n> = (3 , 33) , hence , public key ,
step 3 :- If n = p * q , then the public key is <e I.e e = 3 //
, n>. A plain text message m is encrypted using
public key <e , n>. Thus the public key is <e ,
n> = (3 , 39). To find cipher text from the plain
text following formula is used to get cipher text
C.

C = me mod n
C = 53 mod 39
C = 125 mod 39
C = 8 //

Example :- A RSA crypto system uses two prime


numbers , 3 and 11 , to generate private key = 7
, what is the value of cipher text for a plain text
5, using the RSA public key encryption algorithm
?

Step 1 :- In the first step , select two large prime


numbers , p and q

p = 3
q = 11

step 2 :- Multiply these numbers to find n = p *


q , where n Is called the modulus for encryption
and decryption.
First we calculate ,
n = p * q
n = 3 * 11
CHAPTER FOUR Network protocols are sets of rules governing
NETWORK SECURITY communication between devices in a network.
They ensure the the data is transmitted reliably
and securely between network devices. Some
WHAT CAN A BAD GUY DO ON A NETWORKING common network protocols include TCP/IP ,
HTTP , FTP , DNS and SMTP.
Eavesdropping, also known as intercepting
messages, is the act of secretly listening to or Computer security involves protecting networks ,
intercepting private communications such as devices , and data from unauthorized access ,
emails, phone calls, or data transmissions. An theft or damage. Security measure include
attacker can eavesdrop on network traffic by firewalls , intrusion detection systems ,
encryption and access control mechanisms.
intercepting packets and decoding the data
contained within.
Network protocols can be vulnerable to security
Inserting messages into a connection, also known threats such as eavesdropping , data tampering ,
and denial of service attacks. These threats can
as a man-in-the-middle (MITM) attack, is when
compromise the confidentiality , integrity , and
an attacker intercepts a communication between
availability of data on a network.
two parties and injects their own data into the
conversation. This can allow the attacker to To protect against theses threats , network
modify or redirect the communication without security protocols are designed to ensure the
either party knowing. secure transmission of data over a network. For
example , the Transport Layer Security (TLS)
Impersonation, also known as spoofing, is the act protocol provides end to end encryption for data
of disguising oneself as someone or something transmitted over the internet. Similarly , the
else. In networking, an attacker can impersonate secure shell (SSH) protocol is used to securely log
another user or device by spoofing their IP in to remote computers.
address or other identifying information. This can
Security measures for network protocols also
allow the attacker to gain unauthorized access or
include access control mechanisms to ensure that
perform malicious actions. only authorized uses can access data on a
Session hijacking is when an attacker takes over network. This can include user authentication ,
password detection and role based access control.
an ongoing communication between two parties
by inserting themselves in place of one of the Network protocols and computer security are
parties. This is typically done by stealing a valid closely interwined. Network protocols provide the
session ID or session token, which allows the foundation for communication and data transfer
attacker to assume the identity of the legitimate between devices , while security measures ensure
user. the confidentiality , integrity , and availability of
data on a network. Effective network security
Denial of service (DoS) attacks are designed to measures include encryption , access control
prevent legitimate users from accessing a mechansims and intrusion detection systems to
network, service, or resource. This is typically protect against security threats.
accomplished by flooding the target with traffic
Attacks on the TCP/IP protocols ?
or overwhelming it with requests, causing it to
become unavailable to other users. DoS attacks Attacks on TCP/IP protocols refer to the various
can be difficult to defend against as they often techniques used by attackers to exploit
involve a large number of compromised systems. vulnerabilities in the TCP/IP protocols. The
TCP/IP protocols are a set of communication
protocols used for transmitting data over
networks , including the internet. Since they are
the back bone of the internet and other computer
networks , attackers constantly look for ways to
exploit vulnerabilities in these protocols to In an ARP spoffing attack , the attacker typically
compromise network security. sends a series of ARP messages to the target
network , with the goal of associating their own
Data - Link Layer → ARP Spoofing :- MAC address with the IP addresses of the
network’s gateway or some other critical device
The Address Resolution Protocol (ARP) is a such as a server. Once the attack is successful ,
protocol used to map a network address (such as the attacker can intercept and modify network
an IP address) to a physical address (such as a traffic , steal data such as passwords or credit
MAC address). It’s main job is to allow network card numbers and potentially launch other attacks
devices to communicate with each other over on the network.
Ethernet or other physical networks. When a
device wants to communicate with another device How does ARP spoofing works ?
on the network , it first checks its ARP cache to
see if it already has the physical address of the
ARP Spoofing is a type of attack that exploits the
device. If not , it sends an ARP request packet to
weakness in the Address Resolution Protocol
the network , asking for the physical address
(ARP) to associate the attacker’s Media Access
associated with the IP address. The device with
Control (MAC) address with the IP address of a
that IP address responds with its physical address
legitimate network device. This allows the
, and the requesting device adds that information
attacker to intercept or modify the network traffic
to its ARP cache. This process is known as ARP
intended for the target device.
resolution.
One way the attacker can use this information is
ARP is a stateless protocol , meaning it does not
to intercept the network traffic meant for the
require any prior communication or negotiation
legitimate device by redirecting it to their own
between devices before sending ARP packets. This
computer. The attacker can the modify the
simplicity makes it vulnerable to attacks such as
network traffic and send it on to its intended
ARP spoofing , where an attacker sends falsified
destination without the sender or receiver being
ARP messages in order to associate their own
aware of the interception.
MAC address with the IP address of a legitimate
device on the network , once this association is
Another way the attacker can use ARP spoofing is
made , the attacker can intercept , modify or
to launch a denial of service attack by flooding
redirect network traffic intended for the
the network with ARP packets. This can cause
legitimate device.
the ARP cache of legitimate devices to become
saturated with false entries , making It difficult
In computer networking , every device on a
for them to communicate on the network.
network has a unique identifier known as a
Media Access Control (MAC) address. This is a
The weakness in the ARP protocol that allows
hardware address that identifies the device’s
ARP spoofing to occur is due to the stateless
network interface card (NIC). Similarly , every
nature of the protocol. This means that ARP
device on a network also has an IP (Internet
requests and replies are sent out without any
Protocol) address , which is a logical address
authentication or verification of the source.
assigned to the device’s network interface for
Additionally , ARP caches are automatically
communication on the network for
updated with any replies received , regardless of
communication on the network.
weather the reply was solicited or not.

ARP spoofing is a type of cyber attack where an


To protect against ARP spoofing attacks , network
attacker sends fake ARP (Address Resolution
administrators can implement various measures
Protocol ) messages on a local area network
such as using static ARP tables , implementing
(LAN) in order to associate their MAC (Media
ARP spoofing detection software and configuring
Access Network) address with the IP address of a
network devices to only accept ARP replies from
another host in a legitimate network device. This
trusted sources.
allows the attacker to intercept and modify
ARP spoofing is a type of data link layer threat ,
network traffic , perform a man in the middle
it involves manipulating the ARP protocol at the
attack and steal sensitive information.
data link layer in order to perform a variety of
attacks such as Man in the Middle attacks or Ipsec (Internet Protocol Security) is a set of
Denial of service attacks. The Spoofed ARP security algorithms and a framework that provide
messages are used to deceive the victim devices secure communication between two entities over
in to sending traffic to the attacker , instead of the internet. The Ipsec protocol provides
the intended destination , allowing the attacker encryption and authentication services , which
to intercept and potentially manipulate the traffic. make it an ideal solution for securing
Therefore , ARP spoofing is a serious security communications across a LAN , WAN , or the
threat that needs to be addressed in network internet.
security.
One of the most significant benefits of Ipsec is its
NETWORK LAYER SECURITY :- IPSEC ability to provide secure branch office
connectivity over the internet. This allows
businesses to connect their remote offices securely
Ipsec (Internet Protocol Security) is a set of
over the internet , without the need for expensive
protocols and standards that provides secure
leased lines or other costly infrastructure. By
communication over IP networks , including the
using IPsec , business can establish a secure
internet , it is used to ensure confidentiality ,
virtual private network (VPN) over the internet or
integrity , and authenticity of IP packets , and to
a public WAN , which enables secure
protect against various network attacks such as
communication between their remote offices.
eavesdropping , tampering and replay attacks.
Ipsec can also be used to provide secure remote
Ipsec operates at the network layer of the OSI
access over the internet. This is particularly
model and provides security services for IP
useful for businesses with remote employees who
packets , including encryption , authentication
need to access their corporate network securely.
and key management. It works by creating a
With Ipsec , employees can securely access their
secure tunnel between two devices over an
organization’s network from anywhere in the
insecure network , such as the internet.
world , using a VPN client that encrypts their
traffic and provides secure authentication.
The three primary services provided by Ipsec are
origin authentication , confidentiality and key
Another use case for Ipsec is establishing intranet
management. Origin authentication guarantees
connectivity with partners. Ipsec can be used to
that the received packet was transmitted by the
secure communication with other organizations ,
party that claims to be the source of the packet
ensuring authentication and confidentiality , and
has not been tampered with during transit. To
providing a key exchange mechanism. This makes
provide origin authentication , IP sec inserts an
it an idea solution for businesses that need to
authentication header (AH) in to the packet. AH
communicate securely with partners , suppliers or
provides message integrity and anti-replay
customers.
services as well.

Finally , Ipsec is also useful for enhancing


Confidentiality , on the other hand , encrypts
electronic commerce security , while some web
messages to prevent unauthorized parties from
and e-commerce applications have built in
reading them. To provide confidentiality , IP sec
security protocols , the use of Ipsec can help
inserts an Encapsulated security payload (ESP)
prevent eavesdropping , tampering and other
header in to the packet. ESP can also provide
attacks that could compromise sensitive data
origin authentication and message integrity in
during electronic transactions.
addition to confidentiality.

Key management is the process of securely IPSec provides the capability to secure
exchanging keys between communicating parties. communications across a LAN , across private
Ipsec uses a protocol called Internet Key and public WANS and across the internet.
Exchange (IKE) to exchange keys. IKE provides a
secure way for two parties to establish a shared IPsec (Internet Protocol Security) is a set of
secret key over an insecure network. protocols and standards that provide security for
Internet Protocol (IP) communication by
encrypting and authenticating IP packets.
IPsec provides the capability to secure this message comes from an authorized router,
communications across a LAN, across private and preventing unauthorized devices from establishing
public WANs, and across the Internet. unauthorized neighbor relationships and
potentially disrupting the network.
IPsec is often used for secure branch office
connectivity over the Internet, providing a secure When a router sends a redirect message to
virtual private network (VPN) over a public WAN. another device, it is directing the device to send
This allows branch offices to connect securely to its traffic to a different router. IPsec ensures that
the main office over the Internet, without the this message comes from the correct router and
need for expensive dedicated lines or leased prevents unauthorized devices from sending
circuits. fraudulent redirect messages that could redirect
traffic to unauthorized destinations.
IPsec can also be used for secure remote access
over the Internet, enabling users to securely Finally, IPsec provides authentication and
connect to a network from a remote location. integrity protection for routing updates, ensuring
that they are not forged or tampered with. This
In addition, IPsec can be used for establishing
prevents attackers from disrupting the routing of
intranet connectivity with partners. This enables
traffic by sending fraudulent routing updates.
organizations to securely communicate with other
organizations, ensuring authentication and Security Gateway
confidentiality, and providing a key exchange
When we send a message over the internet, it
mechanism to prevent unauthorized access.
passes through many different computers before it
IPsec also enhances electronic commerce security reaches its final destination. Sometimes, there are
by providing an additional layer of security to special computers called security gateways that
Web and electronic commerce applications that help protect our message from being seen or
have built-in security protocols. changed by other people.

IPsec can be used to encrypt and authenticate IP A security gateway is like a gatekeeper that
packets, ensuring that data transmitted over the checks to make sure that our message is safe and
Internet is secure and cannot be intercepted or secure as it passes through. It has special tools
tampered with. called IPsec mechanisms that help keep our
message private and protected.
In addition to its role in providing security for
end users and protecting premises systems and An IPsec mechanism is like a secret code that
networks, IPsec also plays a role in routing. encrypts our message so that no one can read it
Specifically, it provides authentication and except for the person we're sending it to. It also
integrity protection for routing messages to makes sure that our message hasn't been changed
ensure that they are not forged or tampered with. or tampered with during its journey.

When a new router advertises its presence on a A security gateway can be a router or gateway,
network, it sends a router advertisement message which are special kinds of computers that help
to notify other devices on the network. IPsec connect different networks together. When a
ensures that this message comes from an message passes through a security gateway, the
authorized router, preventing unauthorized gateway checks to make sure that the message is
devices from claiming to be a router and safe and secure before allowing it to continue on
potentially disrupting the network. its journey.

When a router seeks to establish or maintain a


neighbor relationship with a router in another
routing domain, it sends a neighbor
advertisement message. Again, IPsec ensures that
Transport Layer Security expected ACK , or if the IP address is fake , the
attacker never receives the SYN-ACK in the first
A TCP SYN attack , also known as a SYN flood place. This results in the server waiting for
attack , is a type of denial of service (DOS) acknowledgment of its SYN-ACK packet for some
attack that exploits a weakness in the TCP/IP time , which ties up its resources and can
protocol. The attack works by sending a large ultimately result in denial of service to legitimate
number of TCP connection requests with spoofed users. The attacker keeps sending the requests
IP addresses to a target server , flooding It with faster than the server can process them , causing
traffic and overwhelming its ability to respond to network overload and disrupting service.
legitimate requests.
A TCP SYN flood attack is a type of Distributed
In a normal TCP three-way handshake , when a Denial Of Service (DDoS) attack that exploits a
client sends a SYN message to initiate a weakness in the way the Transmission Control
connection , the server responds with a SYN-ACK Protocol (TCP) works. The attack floods the target
message to acknowledge the request. The client server with a large number of TCP SYN packets ,
then sends an ACK message to confirm the overwhelming the server and causing it to
connection. In a SYN flood attack , the attacker become unresponsive.
sends a large number of SYN messages to those
addresses. When the server does not receive a When two devices such as a client and server ,
response to the SYN-ACK messages , it keeps the establish a TCP connection , they use a three-way
connection half-open , trying up system resources handshake process. The client sends a SYN packet
and eventually causing the server to become to request a connection with the server , the
unresponsive. server responds with a SYN-ACK packet to
acknowledge the request , and the client sends an
A TCP SYN flood attack is a type of denial of ACK packet to confirm the connection , during
service (DoS) attack that targets a server by these process , the server set aside resources to
exploiting the normal TCP three-way handshake handle the connection until it is closed.
process between a client and server. The goal of
this attack is to consume the resources of the In a SYN flood attack , the attacker sends a large
targeted server and make it unavailable to number of SYN packets to the target sever, often
legitimate users. using a fake IP address to mask their identity.
The server , thinking that it is responding to
In a normal TCP three-way-handshake , when a legitimate connection requests , sends SYN-ACK
client sends a SYN (message) to initiate a packets back to the source IP address of each
connection , the server responds with a SYN-ACK coming SYN packet. However , since the attacker
message to acknowledge the request. The client either does not responds or never receives the
then sends an ACK message to confirm the SYN-ACK packets , the server is left waiting for a
connection. In a SYN flood attack , the attacker response that never comes.
sends a large number of SYN messages with
spoofed IP addresses , causing the target server The server sets aside resources to handle each
to send SYN-ACK messages to those addresses. incoming connection request , and in a SYN flood
When the server does not receive a response to attack , these resources quickly become exhausted
the SYN-ACK messages , it keeps the connection as the server is flooded with more connection
half-open , tying up system resources and requests than it can handle. As a result , the
eventually causing the server to become server becomes unresponsive and may even crash,
unresponsive. making it impossible for legitimate users to
connect to the server to access the services it
A TCP SYN flood attack is a type of DDoS attack provides.
in which an attacker sends repeated requests to
connect to a server on every port , often using a TCP SYN attacks can be difficult to detect and
fake IP address. The server receives these prevent , as they appear to be legitimate traffic
requests , thinking they are legitimate connection at first , however , network administrators can
requests and responds with a SYN-ACK packet. use a variety of strategies to mitigate the effects
However , the attacker does not respond with the of SYN floods , such as implementing firewalls or
intrusion detection systems . Limiting the rate of security , and application security. Network
incoming traffic , or using SYN cookies to security involves securing the web server and
prevent the server from keeping connection open other network devices to prevent unauthorized
for too long. access. Server security involves securing the web
server operating system , database server , and
WEB SECURITY other server components. Application security
involves ensuring that web applications are
The web , also known as the world wide web designed with security in mind and are tested
(www) is a client / server application running thoroughly for vulnerabilities.
over the internet or TCP/IP intranet. It is a vast
collection of web pages and other digital content In summary , the popularity of the web has
that is accessed via the internet using web made it a prime target for attackers and web
browsers such as Google Chrome , Mozilla Firefox security is a complex and ever-evolving
, or Microsoft edge. The popularity of the web landscape. It requires a multi-layered approach
has grown exponentially since its inception , and including network security , server security and
it has become a vital tool for business and application security to mitigate the risks and
individuals alike. However , this popularity has ensure the safety of web servers and businesses.
made it target for attacker who seek to exploit
vulnerabilities in web servers and the underlying The Web (WWW) is a client/server application
software. that runs over the internet or TCP/IP intranet , it
presents new challenges for computer and
The web presents new challenges that are not network security that are not well understood.
well appreciated in the context of computer and There are several types of web threats that can
network security. The web is a visible outlet for compromise the integrity , confidentiality and
corporate and business transactions that can lead authentication of web data.
to damages and losses. If the web servers are
subverted , reputations can be damaged , and Integrity :- Data , memory and/or message
money can be lost. Web servers are easy to modification and Trojan horse browser are two
configure and web content is easy to develop and common forms of attacks that can compromise
manage , but the underlying software is getting the integrity of web data. Cryptographic check
extraordinarily complex , which may hide many sums can be used to prevent these attacks by
potential security flaws. providing a digital signature of the web data.
Web servers can be exploited as a launching pad This signature can be compared to a previously
to attack corporate data systems , as users are calculated value to detect any modifications to
usually not aware of the risks. Attackers can use the data.
the web to install malware on user systems ,
steal sensitive data or use the web server as a Confidentiality :-, Theft of data from client and
means to launch further attacks on another information from server , access to information
systems. This can lead to serious consequences about network configuration and access to
for businesses , including financial losses , information about which client is communicating
reputation damage and legal liability. are all examples of attacks that can compromise
the confidentiality of web data. Encryption can
One of the primary challenges with web security be used to prevent these attacks by verifying the
is that it is a constantly evolving landscape , and identity of the user or server and ensuring the
attackers are always finding new vulnerabilities to integrity of the web data.
exploit. Web developers must be vigilant in
keeping up with the latest security threats and Authentication :- Impersonation of legitimate
ensuring that their web applications are designed users and data forgery are two common forms of
with security in mind. This includes using secure attacks that can compromise the authentication of
coding practices , encrypting sensitive data and web data. Cryptographic techniques such as
regularly testing for vulnerabilities. digital certificates and public key infrastructure
(PKI) can be used to prevent these attacks by
Web security also requires a multi-layered verifying the identity of the user or server and
approach , including network security , server ensuring the integrity of the web data.
web server and the browser. The various
Counter measures :- To protect against these web types of threats that can be faced by
threats , several counter measures can be network traffic include eavesdropping,
employed , including firewalls , intrusion
packet sniffing, man-in-the-middle attacks,
detection systems (IDS) , intrusion prevention
and many more. Network traffic security
systems (IPS) , anti-virus software and access
control mechanisms. It is also important to keep is usually managed by implementing
software up to date and apply security patches as security protocols such as SSL, TLS, or
soon as they become available. HTTPS. These protocols ensure secure
communication between the server and
In summary , web threats are significant risk to the client, and prevent unauthorized
the integrity , confidentiality , and authentication
access or tampering with the data.
of web data. Cryptographic techniques such as
encryption , digital signatures , and PKI , as well
There are three standardized schemes that are
as monitoring and detection tools , can be used
becoming increasingly important as part of Web
to prevent these threats and protect against
commerce and that focus on security at the
attacks. It Is important to remain vigilant and
transport layer: SSL/TLS, HTTPS, and SSH
implement best practices for web security to
ensure the safety for sensitive data and prevent
financial and reputational damages. When we use the internet, we often share
information like our passwords, credit card
When it comes to web security, there are various numbers, and other personal details. To keep this
types of threats that can be faced by users. These information safe, we use special tools and
threats can be classified based on their location technologies to encrypt, or scramble, our data so
in the web architecture. The three main areas of that no one else can read it.
focus for web security are the web server, the
One such technology is SSL/TLS. SSL (Secure
web browser, and the network traffic between the
Sockets Layer) and its successor, TLS (Transport
browser and the server.
Layer Security), are protocols that provide secure
1. Web Server Security: The web server is communication between a client and a server
responsible for hosting web pages and over the internet. These protocols are used to
serving them to users who access them encrypt data sent between a client (like a web
via the internet. Therefore, web server browser) and a server (like a website).
security is an important aspect of web
SSL/TLS provides several security services to
security. The various types of threats that
protect your data. For example, it uses symmetric
can be faced by a web server include
encryption to scramble your data so that it
attacks such as denial of service attacks,
cannot be read by anyone except the intended
injection attacks.
recipient. It also uses a message authentication
2. Web Browser Security: Web browsers are code to ensure that the data has not been
the primary means by which users tampered with during transmission.
interact with the web. Therefore, web
In addition to these security services, SSL/TLS
browser security is an essential aspect of
includes protocol mechanisms that allow two
web security. The various types of threats
parties to establish a secure communication
that can be faced by a web browser
channel and agree on the specific security
include attacks such as malware
mechanisms and services they will use.
downloads, phishing attacks, man-in-the-
middle attacks. HTTPS (HTTP over SSL) is a combination of
HTTP (Hypertext Transfer Protocol), which is the
3. Network Traffic Security: Network traffic
standard protocol used for browsing the web, and
security is essential because it ensures the
SSL/TLS. When you visit a website that uses
secure transmission of data between the
HTTPS, your browser and the website use SECURITY SOCKET LAYER (SEL)
SSL/TLS to encrypt your data and protect your
When we use the internet to visit websites, we
privacy.
want to make sure that our information and
When you see "HTTPS" in the web address of a communication is safe and private. That's where
website, it means that the website is using SSL comes in!
SSL/TLS to encrypt your data and protect your
SSL is like a secret code that protects our
privacy. HTTPS is widely used for secure online
information when we send it over the internet. It
transactions, such as online banking and
has two different layers of protocols that work
shopping, and is becoming increasingly important
together to keep our information safe.
for protecting privacy and security on the web.
The first layer is called the SSL Record Protocol
Secure Shell (SSH) is a technology that provides
Layer. This layer is like a special envelope that
secure remote access to another computer or
holds our information and makes sure that it's
server over the internet. It allows you to securely
protected as it travels over the internet.
connect to a remote computer or server and
perform various tasks, such as file transfers, The second layer is made up of three different
remote login, and running remote applications. parts: the SSL Handshake, the SSL Change Cipher
Spec, and the SSL Alert.
SSH is like a secret password that allows us to
safely and securely connect to another computer The SSL Handshake is like a secret handshake
or server over the internet. When we use SSH, that happens between our computer and the
we enter a special password that only we know, website we're visiting. It makes sure that we're
and this password allows us to access the other talking to the right website and that the website
computer or server. is talking to the right computer. It also helps us
agree on how we're going to protect our
Once we're connected, we can do things like
information with a secret code called a
transfer files, run programs, and even log into
cryptographic key.
the other computer or server as if we were sitting
right in front of it! One of these parts is called the SSL Change
Cipher Spec. This part of SSL is like a special
But why is SSH so important? Well, the internet
signal that tells our computer to start using a
can be a dangerous place, and there are many
secret code called a cryptographic key to protect
people who want to steal our information or
our information.
damage our computer. SSH helps protect us from
these bad guys by using special tools to keep our Sometimes, when we're using SSL to visit a website, there
connection safe and secure. might be a delay or a problem with the connection. This
delay or problem can cause a backlog of information that
So, in short, SSH is a secret password that allows needs to be protected with the cryptographic key.
us to safely and securely connect to another
The SSL Alert is like a special message that tells
computer or server over the internet. It's like
us if something goes wrong with our SSL
having a secret key to unlock the door to another
connection. For example, if someone tries to steal
computer or server, and it helps keep us safe
our information or if there's a problem with the
from bad guys who might try to steal our
SSL code, the SSL Alert will warn us and tell us
information or damage our computer
what to do next.

SSL Handshake Protocol Action

The SSL Handshake Protocol is like a special


conversation that happens between our computer
and the website we're visiting. It makes sure that
we're talking to the right website and that the • FTPS: This is a SEAP for FTP (File
website is talking to the right computer. It also Transfer Protocol). It adds extra security
helps us agree on how we're going to protect our features to FTP, such as encryption and
information with a secret code called a authentication, to help protect our files
cryptographic key. when we transfer them over the internet.

During the SSL Handshake Protocol, there are a • HTTPS: This is a SEAP for HTTP
few different actions that happen. First, the (Hypertext Transfer Protocol). It adds
server and the client authenticate each other. extra security features to HTTP, such as
This means that they check to make sure that encryption and authentication, to help
they're both who they say they are. This helps protect our information when we browse
protect us from bad guys who might try to websites or submit forms online.
pretend to be someone else and steal our
• SMTPS: This is a SEAP for SMTP (Simple
information.
Mail Transfer Protocol). It adds extra
Next, the server and the client negotiate on security features to SMTP, such as
encryption, MAC (Message Authentication Code) encryption and authentication, to help
algorithm, and cryptographic keys. This means protect our emails when we send them
that they agree on how they're going to protect over the internet.
our information with a secret code that only they
• DNSSEC: This is a SEAP for DNS (Domain
know. This helps make sure that our information
Name System). It adds extra security
stays safe and private as it travels over the
features to DNS, such as digital signatures
internet.
and validation, to help protect our DNS
Finally, the SSL Handshake Protocol is used queries and responses from being
before any application data is transmitted. This intercepted or modified by bad actors.
means that the SSL Handshake Protocol happens
before any of our personal information, like our
passwords or credit card numbers, are sent over SECURITY ELECTRONIC TRANSACTION
the internet. This helps make sure that our (SET)
information stays protected right from the very
beginning of our interaction with the website. Security in E-commerece (Electronic Payment)

Security Enhanced Application Protocols When we buy things online, we need a way to
pay for them. This is where electronic payment
When we use the internet to send and receive systems come in.
information, we want to make sure that our
information stays safe and private. That's why we Electronic payment systems are like special
use different security protocols to protect our computer programs that allow us to pay for
information. things online. When we use an electronic
payment system, there are usually three main
One type of security protocol is called a Security- players involved: the customer (that's us), the
Enhanced Application Protocol (SEAP). SEAPs are merchant (that's the online store we're buying
special protocols that are designed to enhance the from), and often banks (that help process the
security of different application layer protocols. payment).
They add extra security features to these
protocols to help protect our information when There are different types of electronic payment
we use them. systems that we can use to pay for things online.
These include:
There are several examples of SEAPs that are
commonly used on the internet: • Cash: Some electronic payment systems
allow us to pay for things online using
cash. For example, we might be able to There are several security requirements that must
use a service like Western Union to send be in place in order to ensure safe electronic
cash to the merchant, who will then send payments. These are:
us the product.
1. Authentication: This means verifying the
• Check: Some electronic payment systems identity of the person making the
allow us to pay for things online using a payment. In cash-based systems, this
check. For example, we might be able to might involve using an ATM card and PIN
use a service like PayPal to send a check to authenticate the user. In credit card-
to the merchant, who will then send us based systems, this might involve
the product. verifying the user's identity with their
credit card number and billing address.
• Credit card: One of the most common
electronic payment systems is the use of 2. Encryption: This means protecting the
credit cards. When we use a credit card payment information by using encryption
to pay for something online, we enter our algorithms to scramble the data so that it
credit card information into a secure form can only be read by authorized parties.
on the merchant's website. The merchant Encryption helps to prevent eavesdropping
then sends the credit card information to and other forms of data theft.
a bank, which checks to make sure we
3. Integrity: This means making sure that the
have enough money in our account to pay
payment information has not been
for the purchase. If everything checks out,
tampered with or altered in any way.
the bank sends the money to the
Integrity checks are typically done using
merchant, who then sends us the product.
digital signatures or other cryptographic
techniques.

4. Non-repudiation: This means ensuring that


the person making the payment cannot
later deny that they made the payment.
Non-repudiation measures typically
involve using digital signatures or other
forms of authentication to prove that the
user authorized the payment.

Overall, electronic payment systems are critical to


the success of e-commerce, and security is a key
factor in ensuring their success. By implementing
When we use electronic payment systems to buy
authentication, encryption, integrity, and non-
things online, we want to make sure that our
repudiation measures, we can help to ensure that
payment information stays safe and secure.
our payment information stays safe and secure
In cash based systems (using ATM), the main when we buy things online.
issue is authentication
• Use of magnetic card
• PIN
Credit card or check based system
• No tampering/alteration
• Protection against repudiation (the buyer
denies having made the order)
When we use the internet to buy things, we want • Information made available only when
to make sure that our payment information stays and where necessary (privacy)
safe and private. One way to do this is to use a • ƒEnsure the integrity of all transmitted
security protocol called Secure Sockets Layer data
(SSL). • ƒProvide authentication that a cardholder
is a legitimate user of a credit card
SSL is a protocol that is used by most major web
account
browsers to create a secure channel between the
• Provide authentication that a merchant
consumer (that's us) and the merchant (that's the
can accept credit card transactions
online store we're buying from). This secure through its relationship with a financial
channel helps to protect our payment information institution
from eavesdroppers and other bad actors who
• All parties must have digital certificates
might try to steal it. (trust)
However, SSL is not always enough to protect us • ƒProvides a secure communication channel
from all types of online fraud. For example, some in a transaction
dishonest merchants might set up illegal websites
and claim to be a legitimate business in order to SET PARTICIPANTS
collect our credit card numbers for personal use.
In the SET (Secure Electronic Transaction)
Alternatively, some customers might try to use
protocol, there are several different participants
invalid credit card numbers to buy things online,
who play a role in the transaction:
which can cause problems for the merchant.
1. Cardholder: This is the authorized holder
SET (Secure Electronic Transaction) is an example
of the payment card, also known as the
of an application of cryptography. It was
customer. The cardholder is the individual
developed by Visa and MasterCard, with
who wants to purchase goods or services
involvement from other companies such as IBM,
from the merchant.
Microsoft, Netscape, RSA, Terisa, and Verisign.
SET is designed to protect credit card transactions 2. Merchant: The merchant is the individual
on the internet. or organization that has goods or services
to sell to the cardholder. In the context of
SET is not a payment system itself, but rather a
SET, the merchant is also known as the
security protocol that enables users to securely
web server.
make credit card transactions over an open
network like the internet. It uses encryption and 3. Issuer: The issuer is the financial
other security techniques to ensure that credit institution that issued the payment card to
card information is protected from unauthorized the cardholder. This is typically the
access or tampering. cardholder's bank.

One of the key features of SET is that it is an 4. Acquirer: The acquirer is the financial
open encryption and security specification. This institution that verifies that a card
means that the entire protocol is published and account is active and that the proposed
available for anyone to see and analyze. This purchase does not exceed the credit limit.
makes it easier for security experts to review the The acquirer is connected with the
protocol and identify any potential vulnerabilities merchant.
or weaknesses.
5. Payment gateway: The payment gateway
SET FEATURE AND BUSINESS REQUIREMENT is operated by the acquirer or a
designated third party. The payment
• Provide confidentiality of payment and gateway processes merchant payment
ordering information
messages in order to facilitate the parts in one message. The first part is the
transaction. purchase order, which is for the
merchant. The second part is the card
6. Certificate Authority (CA): The certificate
information, which is for the merchant's
authority is a trusted entity that issues
bank only. The message is sent securely
X.509v3 public key certificates for
to the merchant.
cardholders, merchants, and payment
gateways. The success of SET depends on 2. Merchant forwards card information to its
the CA, as these certificates are used to bank: The merchant separates the card
establish trust between the different information from the purchase order and
participants in the transaction. forwards it to its bank. The purchase
order is kept by the merchant.
These different participants work together to
facilitate secure electronic transactions. The 3. Merchant's bank checks with issuer for
cardholder wants to purchase goods or services payment authorization: The merchant's
from the merchant, and the issuer and acquirer bank checks with the issuer (the financial
help to verify that the transaction is legitimate institution that issued the customer's
and within the cardholder's credit limit. The credit card) to verify that the card is
payment gateway processes the transaction, and valid and has sufficient funds for the
the certificate authority issues the necessary purchase.
certificates to establish trust between the different
4. Issuer sends authorization to merchant's
participants.
bank: If the issuer approves the

Both cardholders and merchants must register transaction, it sends an authorization to


with CA first, before they can buy or sell on the the merchant's bank.
Internet, i.e., The customer opens an account and
5. Merchant's bank sends authorization to
receives a certificate; the Merchants have their
merchant: The merchant's bank sends the
own certificates
authorization to the merchant, allowing
them to complete the order.

6. Merchant completes the order and sends


confirmation to the customer: The
merchant completes the purchase order,
packages and ships the items, and sends a
confirmation message to the customer.

7. Merchant captures the transaction from its


bank: The merchant captures the
transaction from its bank, meaning that
the funds are transferred from the
SEQUENCE EVENTS FOR TRANSACTION IN SET
customer's account to the merchant's
Customer browses a website and decides what to account.
purchase: The customer visits a website, selects 8. Issuer prints credit card bill (invoice) to
the items they want to purchase, and proceeds to customer: The issuer generates a credit
the checkout page to enter their payment card bill (invoice) for the customer, which
information. includes the transaction details and the
1. Customer sends order and payment total amount due. The customer receives
information: The customer enters their the bill and must pay the balance by the
payment information, which includes two due date to avoid interest charges.
This sequence of events provides a secure and What is DNS Spoofing ?
reliable way for customers to purchase goods and
It is a type of cyber attack where an attacker
services online while protecting their sensitive
modifies the DNS records in the Domain Name
payment information. SET employs cryptographic
System (DNS) cache or on a DNS server to
techniques to ensure the confidentiality, integrity, redirect traffic to a malicious website or IP
and authenticity of the payment transaction. address. This can be used to redirect users to
fake websites that look like legitimate ones in
order to steal sensitive information such as
Application Layer Security
usernames , passwords , and credit card numbers.

The application layer is responsible for providing


When we say an attacker gains access to a name
services to the end user. In the context of
server , it means that the attacker has found a
security , application layer security is concerned
way to control or manipulate the DNS records in
with protecting applications that users interact
the Domain Name System cache or DNS server.
with from various types of attacks.
DNS records are used to map human readable
Application layer security refers to the measures
domain names to their corresponding IP
and techniques used to secure the application
addresses. They are essentially information
layer of a computer network , which is the layer
stored in a DNS server that contains information
responsible for providing end user services and
about a particular domain name , including IP
applications. This layer includes web
addresses associated with it.
applications , email clients , file sharing
applications , and other software that allows So in DNS spoofing , refers to the act of
users to interact with the network. falsifying information in order to deceive or trick
a DNS server in to believing that a domain name
DNS spoofing is a type of attack that can be used or IP address corresponds to a different one. This
to redirect users to fake websites. If e attacker can be done by manipulating DNS records or by
gains access to a name server , they can modify poisoning the DNS cache with false information.
it so that it gives false information. This can be The goal of DNS spoofing is often to redirect
used to redirect users to the attackers own traffic to a fake website or to intercept and
website or to steal their login credentials. manipulate communication.

Web browsers can also pose a threat to


Cookies
application layer security. Most browsers are
obtained online and can potentially contain
Cookies are small text files that a website saves
malicious code that can compromise the security
on a user's computer or mobile device when the
of the user. For example , the attacker can be
informed of the activities of the user of user visits the site. Cookies help the website to
passwords typed by the user. Browsers can also remember information about the user's visit, such
have their security downgraded , which can as their preferred language and other settings,
reduce the key length used in SSL. making the website more user-friendly and
personalized.
What is DNS
However, cookies can also be used to track a
DNS(Domain Name System) helps us to translate user's online activity across different websites,
human readable domain names (such as which can lead to privacy violations. For
www.google.com) in to IP addresses (such as example, advertisers can use cookies to track a
172.217.1.4) that machines can understand and user's browsing habits and display targeted ads
use to connect to the appropriate web server. based on their interests.
This makes it easier for users to navigate the
internet using domain names instead of
memorizing long strings of numbers.
Server-side risks: Overall, users should be cautious when obtaining
and using web browsers and helper applications.
Interactive web sites that rely on forms and
They should ensure that they obtain software
scripts can be vulnerable to attacks. By writing
from trusted sources and keep their software up
malicious scripts, a client (i.e., user) can exploit
to date with the latest security patches.
vulnerabilities in the server software and gain
unauthorized access to the server or crash it by
causing a buffer overflow. Email Security
To mitigate these risks, web developers can use Emails are electronic messages that are sent and
secure coding practices and implement security received over the internet. However, during
measures such as input validation and transit, emails pass through various servers,
sanitization, access control, and encryption. It's making them visible to anyone who has access to
also important to keep server software and the servers. This can pose a security risk, as
security patches up-to-date to prevent known emails may contain sensitive or confidential
vulnerabilities from being exploited. Additionally, information.
web servers can use firewalls and intrusion
detection/prevention systems to monitor and The Simple Mail Transfer Protocol (SMTP) is the
block suspicious traffic. standard protocol used for sending and receiving
emails over the internet. However, SMTP has
some security holes and operational limitations
Web browsers as threats that can be exploited by attackers to intercept
and read emails.
Web browsers are essential software tools for
To address these security issues, several tools and
accessing the Internet and online services.
protocols have been developed to enhance email
However, web browsers themselves can be a
security. Two of the most commonly used tools
threat to user security.
for email encryption and authentication are Pretty
When a user obtains a browser from the Internet, Good Privacy (PGP) and Secure Multi-Purpose
there is a potential for the browser to contain Internet Mail Extension (S/MIME).
malicious code that can compromise the user's
PGP is a software program that uses encryption
system. Malicious code within the browser can
to protect email messages and attachments from
inform an attacker about the user's activities and
unauthorized access. PGP uses a combination of
passwords, leading to serious privacy violations.
symmetric-key and public-key cryptography to
Additionally, the malicious code can downgrade
encrypt and decrypt messages. With PGP, users
browser security, for example, reducing the key
can create their own public and private keys,
length used in SSL, making it easier for attackers
which they can use to encrypt and decrypt
to intercept and read sensitive information.
messages. Only the intended recipient, who
Helper applications are used by browsers to view possesses the corresponding private key, can
content retrieved from the web. These decrypt and read the message.
applications are external viewer programs, such
PGP (Pretty Good Privacy) is an encryption
as Windows Media Player, QuickTime Player, or
program that provides cryptographic privacy and
Adobe Reader. However, these helpers can also
authentication for email messages and data files.
contain Trojan horse code that can exploit
It was developed by Phil Zimmermann in 1991
vulnerabilities in the user's system. For example,
and was initially distributed as freeware. PGP
downloaded data can exploit vulnerabilities of
provides various security services, including
helpers, leading to the execution of malicious
confidentiality, integrity, authentication, and non-
code on the user's computer.
repudiation, which are achieved through the use
of encryption and digital signatures.
PGP uses a public-key encryption method that developed. MIME is an extension to SMTP that
involves two keys: a public key that can be allows for the transmission of non-ASCII
distributed freely to anyone, and a private key characters, binary files, and messages over a
that is kept secret by the owner. The public key certain size. MIME also allows for the encoding
can be used to encrypt messages that can only be of non-textual data into ASCII format for
decrypted by the private key owner, providing transmission over SMTP.
confidentiality. Similarly, a digital signature can
S/MIME is a protocol that provides encryption
be created using the private key that can be
and digital signatures for email messages. It uses
verified using the public key, providing
a public key infrastructure (PKI) to provide digital
authentication and integrity.
certificates that can be used to authenticate the
PGP also incorporates tools for developing a sender and encrypt the message. With S/MIME,
public-key trust model and public-key certificate users can sign and encrypt messages, providing
management. Users can create and manage their an additional layer of security to their email
own public key certificates or use a third-party communications.
certificate authority.
S/MIME (Secure/Multipurpose Internet Mail
SMTP (Simple Mail Transfer Protocol) is a Extensions) is a protocol that provides security
protocol used for sending email messages between features for email messages. It is an Internet
servers. It is a basic and widely used protocol for standard approach to email security that
email transmission. However, there are several incorporates the same functionality as PGP (Pretty
limitations with SMTP that can cause problems in Good Privacy). S/MIME uses cryptographic
sending email messages. techniques to protect email messages, such as
encryption and digital signatures.
One limitation is the inability to transmit
executable files or other binary files like JPEG The S/MIME protocol provides several functions
images. This is due to security concerns and the to secure email messages, including:
potential for these files to contain malicious code
1. Enveloped Data: This function encrypts
that can harm the recipient's computer.
the content of the message and also
SMTP also has problems with handling "national encrypts a session key for each recipient.
language" characters, which are non-ASCII The session key is then used to decrypt
characters. This can cause issues with email the message.
messages that contain special characters from
2. Signed Data: This function creates a
other languages.
message digest (a hash of the message)
Messages over a certain size may also have and encrypts it with the sender's private
problems being transmitted using SMTP. This is key. The recipient can then use the
due to the limitations of email servers and the sender's public key to verify the signature
potential for large messages to cause server and ensure the message has not been
overload. tampered with.

ASCII to EBCDIC translation problems can also 3. Clear-Signed Data: This function signs the
occur when using SMTP, as the protocol does not message but does not encrypt it. This
support non-ASCII character sets. allows the recipient to verify the signature
and ensure the message has not been
Lines longer than a certain length (72 to 254 tampered with.
characters)
4. Signed and Enveloped Data: This function
To address some of these limitations, combines the previous two functions,
Multipurpose Internet Mail Extension (MIME) was signing the message digest and then
encrypting both the content of the
message and the signed digest.

S/MIME provides a secure and efficient way of


sending email messages, ensuring confidentiality,
integrity, and authentication. It is widely used in
organizations that require secure email
communication, such as government agencies and
financial institutions.
CHAPTER – 5 number, protocol type, and application type.
They can also be configured to block traffic from
Fire Wall specific geographic regions, as well as to detect
and block known malware and viruses.
A Firewall is a security device used to monitor A firewall is a hardware or software device that
and control traffic between a computer network is used to protect a network or computer system
and the internet or other external networks. Its from unauthorized access and malicious activity.
primary function is to protect a network by It acts as a gatekeeper between an internal
analyzing incoming and outgoing traffic and network and the internet or other external
deciding whether to allow or block it based on a networks.
set of predetermined security rules.
Firewalls are implemented with a set of security
Firewalls are essential for network security policies that determine what traffic is allowed to
because they help prevent unauthorized access to pass through and what traffic is blocked.
a network, protect against malicious traffic such
as viruses and malware, and safeguard sensitive A firewall is an example of a reference monitor ,
which means it should have three characteristics
data from theft or exposure. They act as a barrier
between a trusted internal network and an
✔ Always invoked
untrusted external network, such as the internet, ✔ Tamperproof
and can also help prevent unauthorized access to ✔ small and simple enough for rigorous
specific services and applications running on a analysis
network.

Types of Firewalls

➔ Packet filtering gateways or screening


routers

➔ Stateful inspection firewalls

➔ Application-level gateways , also known


as proxies

➔ Circuit – level gateways


A firewall is a security device that monitors and
controls incoming and outgoing network traffic ➔ Guards
based on predetermined security rules. It acts as
➔ Personal or host-based firewalls
a barrier between a trusted, secure internal
network and an untrusted external network, such Packet filtering gateways or screening routers
as the internet.
These firewalls examine each packet that flows
Firewalls were developed in response to the
through them and compare it against a set of
growing need to protect computer networks from
rules or criteria to determine whether the packet
unauthorized access and malicious attacks. They
should be allowed or blocked.
use a combination of hardware and software
components to inspect traffic and determine Packet filtering gateways work by analyzing the
whether to allow or block it based on a set of source and destination IP addresses, as well as
predetermined rules. the protocol and port numbers of each packet.
Based on these criteria, the firewall decides
Firewalls can be configured to filter traffic based
whether to allow or block the packet.
on various criteria, such as IP address, port
These firewalls are typically implemented using Application-level gateways , also known as
routers that are configured with ACLs (access proxies
control lists) to control the flow of traffic. ACLs
An application-level gateway, also known as a
contain a set of rules that define which packets
proxy firewall, is a type of firewall that operates
are allowed and which are blocked. The rules can
at the application layer of the OSI (Open Systems
be based on a variety of criteria, including the
Interconnection) reference model. It provides an
source and destination IP addresses, the protocol,
additional layer of security by acting as an
and the port numbers.
intermediary between client applications and
When we say "Packet-filtering gateways do not servers.
maintain any information about the state of a
In order to accomplish this, an application-level
connection", it means that the packet-filtering
gateway essentially acts as a proxy for each
firewall or gateway only looks at each packet in
connection it handles. When a client application
isolation and makes decisions based on its
attempts to connect to a server through the
content (such as the source and destination IP
firewall, it first sends a request to the gateway.
addresses, port numbers, and protocol type)
The gateway then establishes its own connection
without taking into account the context of the
to the server on behalf of the client, and passes
connection.
data back and forth between the two endpoints.
In other words, packet-filtering gateways do not
An application proxy acts as an intermediary
keep track of the state of a connection, such as
between a user and a server, and it simulates the
whether it is an ongoing session or whether it
behavior of an application at the application layer
has been established or terminated. They treat
of the OSI model. This ensures that the real
each packet as a separate, standalone entity and
application receives only requests that are valid
evaluate it based on the rules defined in their
and appropriate.
access control lists or policy rules.
✔ Application proxies can be used to filter
Stateful inspection firewalls out dangerous application-layer requests,

Packet filtering gateways maintain no state from ✔ keep logs of requests and accesses,
one packer to the next. They simply look at each
✔ and cache results to save bandwidth.
packet’s IP address and port and compare them
to the configured policies. In practice, the most commonly used type of
application proxy is a web proxy, which
Stateful Inspection Firewall, also known as
companies often use to monitor and filter their
dynamic packet filtering, is a type of firewall that
employees' Internet use.
goes beyond the basic packet filtering approach
used by traditional packet filtering firewalls.
Circuit Level Gateway
Instead of just examining each packet
individually, stateful inspection firewalls maintain A circuit-level gateway, also known as a circuit-
a record, or state table, of the TCP connections level proxy or stateful protocol analysis firewall,
passing through them. This allows the firewall to operates at the session layer (Layer 5) of the OSI
model. It establishes a circuit, or virtual
recognize whether a particular packet belongs to
connection, between two networks or hosts, and
an existing connection or not.
inspects the session setup messages that pass
Stateful inspection firewalls can then apply more between them to determine whether to allow or
deny access.
advanced filters to the traffic, such as filtering
based on the state of the connection (e.g.,
A circuit-level gateway works by establishing a
established, new, or closed) or inspecting virtual circuit, which acts as a tunnel between
application-layer data in the packet payload. two networks. This allows the networks to
communicate as if they were directly connected environments where information must be
to each other. protected at all costs.

A circuit-level gateway, also known as a "proxy The main function of a guard firewall is to
gateway," works at the session layer (Layer 5) of restrict access between two networks, typically an
the OSI model, allowing one network to act as unsecured network and a secured network. The
an extension of another. It establishes a virtual firewall operates at the OSI Layer 2, also known
circuit between the client and server, which
as the data link layer, and can filter incoming
means that it sets up and manages the connection
and outgoing traffic based on predetermined
between them, ensuring that the communication
is secure and private. When a circuit-level security policies.
gateway receives a request from a client, it
Guard firewalls use a combination of hardware
authenticates the request and opens a connection
and software-based technologies to provide a high
to the server on behalf of the client. It then
mediates the communication between the two level of security. They can monitor all traffic
parties, passing between the two networks and filter out
unauthorized or malicious traffic. In addition,
A circuit-level gateway is like a secret door guard firewalls can also detect and prevent any
between two secret clubs. It helps one club to attempts to bypass or tamper with the firewall.
become a part of another club. It works by
creating a special path between the two clubs Guards are a type of firewall that implements a
that only they can use. This special path is like a set of programmable rules to protect a network
secret tunnel that only the members of both clubs or system. These rules are designed to limit
can use to communicate with each other. One
access to or from specific resources based on
way people use this secret path is to create
predefined criteria. Guards can be configured to
something called a VPN, which helps them use
the Internet more safely and privately. monitor user activity, network traffic, or system
processes, and take appropriate actions when
A circuit-level gateway is a type of firewall that necessary to prevent unauthorized access or
allows two separate computer networks to damage to the system.
communicate with each other securely by creating
One of the key features of guards is their
a virtual "circuit" between them. It operates at
flexibility in terms of the rules they can
the session layer of the network stack, which is
implement. For example, guards can be
responsible for managing the connections between
configured to limit the number of email messages
applications on different machines.
a user can receive or to restrict a user's web
For example, if a company has a private network bandwidth. They can also be programmed to
for its employees and wants to allow remote filter documents containing specific keywords or
workers to securely access that network over the phrases like for example , Filtering documents
internet, they could use a circuit-level gateway to containing specific keywords, such as "Secret," is
establish a secure "tunnel" between the two a way to prevent sensitive or confidential
networks. This tunnel encrypts all data that is information from being leaked or transmitted
transmitted between the two networks, protecting outside of a secure network. , and to pass
it from eavesdropping or tampering. downloaded files through a virus scanner to
prevent malware infections.

Guard Guards can also be used to enforce security


policies, such as blocking access to certain
A guard firewall is a type of firewall that is websites or enforcing password complexity
designed to protect sensitive information and requirements. They can be deployed at the
assets from unauthorized access or external network perimeter or within the internal network,
threats. It is typically used in high-security
depending on the specific security requirements network, the firewall cannot prevent the attacker
and the resources being protected. from exploiting or exfiltrating the data. This
highlights the importance of other security
measures, such as access controls and encryption.
Personal Firewalls
Firewalls are the most visible part of an
personal firewall is a type of firewall that is installation to the outside, so they are an
installed on a personal computer and provides attractive target for attack: This means that
protection for individual users. It typically attackers often focus their efforts on bypassing or
monitors and controls incoming and outgoing disabling firewalls to gain access to the network
network traffic based on predefined security rules. or system behind them. This makes it important
Personal firewalls can block incoming traffic that to have strong and updated firewall policies and
is not authorized by the user, preventing configurations, as well as implementing additional
unauthorized access to the computer, and can security measures to mitigate any potential risks.
also prevent the transmission of sensitive Firewalls must be correctly configured, that
information from the computer to the Internet. configuration must be updated as the
They can be configured to allow or block specific environment changes, and firewall activity reports
applications or services from accessing the must be reviewed periodically for evidence of
network, and can also alert the user when attempted or successful intrusion: This means that
suspicious activity is detected. proper configuration and management of firewalls
is crucial to maintaining their effectiveness.
Firewall policies and configurations must be
reviewed and updated regularly to address any
potential vulnerabilities or changes in the
network environment. Firewall logs must be
monitored to detect any unusual or suspicious
activity.

Firewalls exercise only minor control over the


content admitted to the inside, meaning that
inaccurate or malicious code must be controlled
by means inside the perimeter: This means that
while firewalls can control and filter network
traffic based on certain criteria, such as IP
addresses and ports, they cannot fully protect
WHAT FIREWALLS CAN AND CAN NOT DO ? against malware or other malicious content that
is introduced through other means, such as email
Firewalls can protect an environment only if they or USB drives. Therefore, additional security
control the entire perimeter: This means that measures such as antivirus software and user
firewalls must be deployed to cover all entry and education are necessary to mitigate these risks.
exit points to the network or system they are
meant to protect. If there are any unprotected
Intrusion Detection System (IDS)
entry or exit points, attackers can bypass the
firewall and gain unauthorized access to the An intrusion detection system (IDS) is a type of
system or network. security software or hardware that monitors
network traffic, system events, and user behaviors
Firewalls do not protect data outside the
on a computer network or system. The primary
perimeter: This means that if an attacker gains
goal of an IDS is to identify unauthorized or
access to data outside of the firewall-protected
suspicious activity that could indicate an ongoing
or potential security threat.

IDSs come in two main types: signature-based


and anomaly-based. Signature-based IDSs identify
known attack patterns by comparing network
traffic and system events against a database of
signatures of known attacks. Anomaly-based IDSs,
on the other hand, use statistical methods to
establish a baseline of normal behavior for a
system, and then alert security personnel when
deviations from that baseline are detected.

When suspicious activity or potential security


threats are detected, an IDS generates alerts to
security personnel, allowing them to take action
to investigate and respond to the issue. IDSs can
also be configured to take automated actions
when a threat is detected, such as blocking traffic
from a particular IP address.

IDSs can be deployed as standalone systems or as


part of a larger security infrastructure, including
firewalls and intrusion prevention systems (IPSs).
The primary difference between IDSs and IPSs is
that IDSs focus on detecting and alerting on
potential threats, while IPSs take proactive
measures to prevent those threats from occurring
in the first place.

You might also like