UNIT – I

1.1 COMPUTER SECURITY CONCEPT

Computer Security Definition : The protection afforded to an automated information system
in order to attain the applicable objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware, software, firmware,
information/data, and telecommunications)
The three key objectives that are at the heart of computer security:
Confidentiality, Integrity, Availability.
These three concepts form what is often referred to as the CIA triad.
1. Confidentiality:
Preserving authorized restrictions on information access and disclosure, including
means for protecting personal privacy and proprietary information. A loss of
confidentiality is the unauthorized disclosure of information
Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may be
disclosed.
2. Integrity:
Guarding against improper information modification or destruction, including
ensuring information nonrepudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information.
a. Data integrity: Assures that information (both stored and in transmitted
packets) and programs are changed only in a specified and authorized
manner.
b. System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.

3. Availability: Assures that systems work promptly and service is not denied to
authorized users.
Authenticity: The property being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator. This means verifying that
users are who they say they are and that each input arriving at the system came from a
trusted source.
Accountability: Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
The Challenges in Computer Security
1. The mechanisms used to meet those security requirements can be quite complex, and
understanding them may involve rather subtle reasoning.
2. It is only when the various aspects of the threat are considered that elaborate security
mechanisms make sense.
3. In developing a particular security mechanism or algorithm, one must always
consider potential attacks on those security features. In many cases, successful
attacks are designed by looking at the problem in a completely different way,
therefore exploiting an unexpected weakness in the mechanism.
4. Having designed various security mechanisms, it is necessary to decide where to use
them.
5. Security mechanisms typically involve more than a particular algorithm or protocol.
They also require that participants be in possession of some secret information (e.g.,
an encryption key), which raises questions about the creation, distribution, and
protection of that secret information.
6. Computer and network security is essentially a battle of wits between a perpetrator
who tries to find holes and the designer or administrator who tries to close them. The
great advantage that the attacker has is that he or she need only find a single
weakness, while the designer must find and eliminate all weaknesses to achieve
perfect security.
7. There is a natural tendency on the part of users and system managers to see little
benefit from security investment until a security failure occur.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s
short-term, overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system after the
design is complete rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment
to efficient and user-friendly operation of an information system or use of
information.
1.2 The OSI Security Architecture
The OSI security architecture is useful to managers as a way of organizing the task of
providing security.
The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as follows:
● Security attack: Any action that compromises the security of information owned by
an organization.
 ● Security mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack.
● Security service: A processing or communication service that enhances the security
of the data processing systems and the information transfers of an organization. The
services are intended to counter security attacks, and they make use of one or more
security mechanisms to provide the service.
Threat
A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a threat is
a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to
evade security services and violate the security policy of a system.
1.3 Security attacks

A passive attack attempts to learn or make use of information from the system but does not
affect system resources. An active attack attempts to alter system resources or affect their
operation.

1. Passive Attack
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted.

Interception
➢ A malicious actor can access private or confidential information with no
legitimate authorization.
➢ Eavesdropping attacks are a typical example of this category of attack.
Namely, an intruder can refer to several techniques, such as packet sniffing
and man-in-the-middle (MITM)

Traffic Analysis
➢ The common technique for masking contents is encryption. If we had encryption
protection in place, an opponent might still be able to observe the pattern of these
messages.
➢ The opponent could determine the location and identity of communicating hosts and
could observe the frequency and length of messages being exchanged.
 ➢ This information might be useful in guessing the nature of the communication that
was taking place.

Passive attacks are very difficult to detect, because they do not involve any alteration of
the data.
Active Attack:
Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay, modification
of messages, and denial of service

Fabrication/ Masquerade
A masquerade is a type of attack where the attacker pretends to be an authorized user of a
system in order to gain access to it or to gain greater privileges than they are authorized for.

Replay
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect (paths 1, 2, and 3 active).

Modification
Modification of messages simply means that some portion of a legitimate message is
altered.
 Denial of service
The d e n i a l o f s e r v i c e p re v ent s or inhibits the normal use or management of
communications facilities

1.4 Security Services and Mechanism

X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or of data
transfers

A) AUTHENTICATION

The authentication service is concerned with assuring that a communication is authentic.

Peer Entity Authentication

➢ Used in association with a logical connection to provide confidence in the identity

of the entities connected.
➢ Two entities are considered peers if they implement to same protocol in different
systems; for example two TCP modules in two communicating systems.

Data Origin Authentication

➢ It Provides for the validation of the source of a data unit.
➢ It does not provide protection against the duplication or modification of data units

B) ACCESS CONTROL
The prevention of unauthorized use of a resource (i.e., this service controls who can have
access to a resource, under what conditions access can occur, and what those accessing the
resource are allowed to do).

C) DATA CONFIDENTIALITY

➢ Confidentiality is the protection of transmitted data from passive attacks.

➢ With respect to the content of a data transmission, several levels of protection can
be identified.
➢ The broadest service protects all user data transmitted between two users over a
period of time

Connection Confidentiality

The protection of all user data on a connection.

Connectionless Confidentiality

The protection of all user data in a single data block

Selective-Field Confidentiality

The confidentiality of selected fields within the user data on a connection or in a single
data block.

Traffic Flow Confidentiality

The protection of the information that might be derived from observation of traffic flows.

D) DATA INTEGRITY

➢ As with confidentiality, integrity can apply to a stream of messages, a single message,

or selected fields within a message.
➢ The assurance that data received are exactly as sent by an authorized entity
(i.e.,contain no modification, insertion, deletion, or replay).

Connection Integrity with Recovery

➢ A connection-oriented integrity service, one that deals with a stream of messages,

assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays.
➢ The destruction of data is also covered under this service. Thus, the connection-
oriented integrity service addresses both message stream modification and denial of
service

Connection Integrity without Recovery

➢ As above, but provides only detection without recovery.

Selective-Field Connection Integrity

Provides for the integrity of selected fields within the user data of a data block transferred
over a connection and takes the form of determination of whether the selected fields have
been modified, inserted, deleted, or replayed.

Connectionless Integrity

➢ It deals with individual messages without regard to any larger context, generally
provides protection against message modification only.
➢ If a violation of integrity is detected, then the service may simply report this
violation, and some other portion of software or human intervention is required to
recover from the violation.

Selective-Field Connectionless Integrity

➢ Provides for the integrity of selected fields within a single connectionless data
block; takes the form of determination of whether the selected fields have been
modified.

E) NONREPUDIATION

➢ Provides protection against denial by one of the entities involved in a

communication of having participated in all or part of the communication.
Nonrepudiation, Origin
➢ Proof that the message was sent by the specified party.
Nonrepudiation, Destination
➢ Proof that the message was received by the specified party.
F) Availability Services

➢ Both X.800 and RFC 4949 define availability to be the property of a system or a
system resource being accessible and usable upon demand by an authorized system
entity.
➢ A variety of attacks can result in the loss of or reduction in availability
➢ Some of these attacks are amenable to automated counter measures, such as
authentication and encryption, whereas others require some sort of physical action to
prevent or recover from loss of availability of elements of a distributed system.
➢ An availability service is one that protects a system to ensure its availability.
Security Mechanisms
The mechanisms are divided into those that are implemented in a specific protocol layer,
such as TCP or an application-layer protocol, and those that are not specific to any particular
protocol layer or security service

Specific security mechanisms:

Encipherment
The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an
algorithm and zero or more encryption keys.

Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient
of the data unit to prove the source and integrity of the data unit and protect against
forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.

Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units.

Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of information
exchange.

Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Routing Control
Enables selection of particular physically secure routes for certain data and allows
routing changes, especially when a breach of security is suspected.

Notarization
The use of a trusted third party to assure certain properties of a data exchange

Pervasive security mechanisms:

Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as
established by a security policy).
Security Label
The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
 Event Detection
Detection of security-relevant events.

Security Audit Trail

Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.

Security Recovery
Deals with requests from mechanisms, such as event handling and management
functions, and takes recovery actions.

Fig: Relationship Between Security Services and Mechanisms

1.5 A Model for Network Security

➢ When it is required to safeguard the information transmission from an outsider who
might pose a threat to confidentiality, authenticity, and other factors, security
considerations come into play.
➢ All the techniques for providing security have two components:
o A security-related transformation on the information to be sent. Eg:
encryption of the message, which scrambles the message so that it is
unreadable by the opponent, and the addition of a code based on the contents
of the message, which can be used to verify the identity of the sender.
o Some secret information shared by the two principals and, it is expected,
unknown to the opponent. An example is an encryption key used in
 conjunction with the transformation to scramble the message before
transmission and unscramble it on reception.
➢ A trusted third party may be needed to achieve secure transmission.

Fig: Model for Network Security

This general model shows that there are four basic tasks in designing a particular security
service:
1. Design an algorithm for performing the security-related transformation. The algorithm
should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.
➢ The installation of logic in a computer system that takes advantage of security holes in
the system and affects both application and utility applications, including compilers and
editors, is another form of unauthorized access.
➢ Programs may pose two different types of risks:
Information access threats: Intercept or modify data on behalf of users who should not have
access to that data.
Service threats: Exploit service flaws in computers to inhibit use by legitimate users
 \
Fig: Network Access Security Model

1.6 Classical Encryption Techniques

Symmetric encryption is a form of cryptosystem in which encryption and decryption are
performed using the same key. It is also known as conventional encryption.

Symmetric Cipher Model

A symmetric encryption scheme has five ingredients:

Fig: Simplified Model of Symmetric Encryption

• Plaintext: This is the original intelligible message or data that is fed into the algorithm
as input.

• Encryption algorithm: The encryption algorithm performs various substitutions

and transformations on the plaintext.

• Secret key: The secret key is also input to the encryption algorithm. The key is a
Value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the key.

• Ciphertext: This is the scrambled message produced as output. It depends on the

plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The ciphertext is an apparently random stream of data and, as it
stands, is unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It

takes the ciphertext and the secret key and produces the original plaintext.
➢ There are two requirements for secure use of conventional encryption:
o We need a strong encryption algorithm
o Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure.
➢ we do not need to keep the algorithm secret; we need to keep only the key secret.

Fig: Model of Symmetric Cryptosystem

With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2, , YN]. We can write this as Y = E(K, X).
Y is produced by using encryption algorithm E as a function of the plaintext X, with the
specific function determined by the value of the key K.
The intended receiver, in possession of the key, is able to invert the transformation:
X = D(K,Y)
Cryptography
Cryptographic systems are characterized along three independent dimensions:
1. The type of operations used for transforming plaintext to ciphertext. All encryption
algorithms are based on two general principles: substitution, in which each element in
the plaintext is mapped into another element, and transposition, in which elements in
the plaintext are rearranged. The fundamental requirement is that no information be lost
(i.e., that all operations are reversible). Most systems, referred to as product systems,
involve multiple stages of substitutions and transpositions.
2. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the
 sender and receiver use different keys, the system is referred to as asymmetric, two-
key, or public-key encryption.
3. The way in which the plaintext is processed. A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a
time, as it goes along.
Cryptanalysis and Brute-Force Attack
Cryptanalysis: Cryptanalysis is a process of finding weaknesses in cryptographic
algorithms and using these weaknesses to decipher the ciphertext without knowing the
secret key.
Brute-force attack: The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained.

1.6.1 Substitution Techniques

A substitution technique is one in which the letters of plaintext are replaced
by other letters or by numbers or symbols
Caesar cipher
➢ The earliest known, and the simplest, use of a substitution cipher was by Julius
Caesar.
➢ The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.

➢ The alphabet is wrapped around, so that the letter following Z is A.

➢ The transformation by listing all possibilities, as follows:

Let us assign a numerical equivalent to each letter:

➢ Then the algorithm can be expressed as follows.

➢ For each plaintext letter p, substitute the ciphertext letter C.
 C = E(3, p) = (p + 3) mod 26
➢ A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
➢ where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26
➢ In Caesar cipher, brute-force cryptanalysis is easily performed: simply try all the 25
possible keys.
Monoalphabetic Cipher
➢ A mono-alphabetic cipher (simple substitution cipher) is a substitution cipher where
each letter of the plain text is replaced with another letter of the alphabet. It uses a fixed
key which consist of the 26 letters of a “shuffled alphabet”.

➢ If the cryptanalyst knows the nature of the plaintext, then the analyst can exploit the
uniformities of the language.
Play fair Cipher
• The Playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed
using a keyword.

• The keyword is monarchy.

• The matrix is constructed by filling in the letters of the keyword (minus duplicates)
from left to right and from top to bottom, and then filling in the remainder of the matrix
with the remaining letters in alphabetic order.
• The letters I and J count as one letter.
• Plaintext is encrypted two letters at a time, according to the following rules:.
• Repeating plaintext letters that are in the same pair are separated with a filler letter,
such as x, so that balloon would be treated as ba lx lo on.
• Two plaintext letters that fall in the same row of the matrix are each replaced by the
letter to the right, with the first element of the row circularly following the last. For
example, ar is encrypted as RM.
• Two plaintext letters that fall in the same column are each replaced by the letter beneath,
with the top element of the column circularly following the last. For example, mu is
encrypted as CM.
• Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea
becomes IM (or JM, as the encipherer wishes).
• Playfair cipher was for a long time considered unbreakable.
Hill Cipher
• Hill cipher, developed by the mathematician Lester Hill in 1929.
• This encryption algorithm takes m successive plaintext letters and substitutes for them
m ciphertext letters.
• The substitution is determined by m linear equations in which each character is assigned
a numerical value
• (a = 0, b = 1, c, z = 25). For m = 3, the system can be described as
Polyalphabetic Ciphers
The general name for this approach is polyalphabetic substitution cipher. All these
techniques have the following features in common:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.

VIGENÈRE CIPHER
• To encrypt a message, a key is needed that is as long as the message. Usually, the key is
a repeating keyword.
 • We can express the Vigenère cipher in the following manner. Assume a sequence of
plaintext letters P = p0, p1, p2, c, pn-1 and a key consisting of the sequence of letters
K = k0, k1, k2, c, km-1, where typically m < n. The sequence of ciphertext letters C =
C0, C1, C2, Cn-1 is calculated as follows:
C = C0, C1, C2, , Cn-1 = E(K, P) = E[(k0, k1, k2, c, km-1), (p0, p1, p2, c, pn-1)]
• = (p0 + k0) mod 26, (p1 + k1) mod 26, c,(pm-1 + km-1) mod 26
(pm + k0) mod 26, (pm+1 + k1) mod 26, c, (p2m-1 + km-1)
mod 26,

A general equation of the encryption process is Ci = (pi + ki mod m) mod 26

For example, if the keyword is deceptive, the message "we are discovered save yourself" is
encrypted as follows:

key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Vigenère Ciphers
The ultimate defense against such a cryptanalysis is to choose a keyword that is as
long as the plaintext and has no statistical relationship to it.

where
pi = ith binary digit of plaintext
ki = ith binary digit of key
ci = ith binary digit of ciphertext
⊕ = exclusive@or (XOR) operation

Vigenère proposed what is referred to as an autokey system, in which a keyword

is concatenated with the plaintext itself to provide a running key. For our example,
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA

One-Time Pad
• An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the
Vernam cipher that yields the ultimate in security.
• Mauborgne suggested using a random key that is as long as the message, so that the key
need not be repeated. In
• addition, the key is to be used to encrypt and decrypt a single message, and then is
discarded.
• Each new message requires a new key of the same length as the new message.Such a
scheme, known as a one-time pad, is unbreakable.
• It produces random output that bears no statistical relationship to the plaintext

In practice, has two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys.
2. Even more daunting is the problem of key distribution and protection.

TRANSPOSITION TECHNIQUES
• Transposition Cipher is a cryptographic algorithm where the order of alphabets in the
plaintext is rearranged to form a cipher text.
• The simplest such cipher is the rail fence technique, in which the plaintext is written
down as a sequence of diagonals and then read off as a sequence of rows.
• For example, to encipher the message “meet me after the toga party” with a rail fence
of depth 2,
 • we write the following:

The encrypted message is

MEMATRHTGPRYETEFETEOAAT

• A more complex scheme is to write the message in a rectangle, row by row, and read
the message off, column by column, but permute the order of the columns. The order
of the columns then becomes the key to the algorithm. For example,

STEGANOGRAPHY
➢ A plaintext message may be hidden in one of two ways. The methods of steganography
conceal the existence of the message, whereas the methods of cryptography render the
message unintelligible to outsiders by various transformations of the text.
➢ A simple form of steganography, but one that is time-consuming to construct, is one in
which an arrangement of words or letters within an apparently innocuous text spells out
the real message. For example, the sequence of first letters of each word of the overall
message spells out the hidden message.
• some examples are the following:
• Character marking: Selected letters of printed or typewritten text are overwritten in
pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright
light.
• Invisible ink: A number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless
the paper is held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon, the
results of typing with the correction tape are visible only under a strong light.
• The Kodak Photo CD format’s maximum resolution is 3096 * 6144 pixels, with each
pixel containing 24 bits of RGB color information. The least significant bit of each 24-
bit pixel can be changed without greatly affecting the quality of the image. The result
is that you can hide a 130-kB message in a single digital snapshot.
Product Cryptosystems
• A product cryptosystem is a block cipher that repeatedly performs substitutions and
permutations, one after the other, to produce ciphertext.
• ciphers using substitutions or transpositions are not secure because of language
characteristics
hence consider using several ciphers in succession to make harder, but:
o two substitutions make a more complex substitution
o two transpositions make more complex transposition
o but a substitution followed by a transposition makes a new much harder cipher
A substitution followed by a transposition is known as a Product Cipher, and makes a new
much more secure cipher and forms a bridge to modern ciphers
Cryptanalysis
The art and science of breaking the cipher text is known as cryptanalysis. The objective
of attacking an encryption system is to recover the key in use rather than simply to recover the
plaintext of a single ciphertext. There are two general approaches to attacking a conventional
encryption scheme:
Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps Some
knowledge of the general characteristics of the plaintext or even some sample plaintext
ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to
deduce a specific plaintext or to deduce the key being used.
Brute-force attack: The attacker tries every possible key on a piece of ciphertext untilan
intelligible translation into plaintext is obtained. On average, half of all possible keys must be
tried to achieve success.