Unit -1

Information Security
Information security defines protecting information and information
systems from unauthorized access, use, acknowledgment, disruption,
alteration or destruction. Governments, military, financial institutions,
hospitals, and private businesses amass a big deal of confidential data
about their employees, users, products, research and monetary status.
The need for Information security:
Information security is essential for protecting sensitive and valuable data
from unauthorized access, use, disclosure, disruption, modification, or
destruction. Here are some of the key reasons why information security is
important:
Protecting Confidential Information
Protecting Customer Trust
Preventing Cyber-attacks
Protecting Employee Information
Maintaining Business Continuity
• Protecting Confidential Information: Confidential information, such as personal data,
financial records, trade secrets, and intellectual property, must be kept secure to
prevent it from falling into the wrong hands. This type of information is valuable and
can be used for identity theft, fraud, or other malicious purposes.
• Protecting Customer Trust: Customers expect organizations to keep their data safe
and secure. Breaches or data leaks can erode customer trust, leading to a loss of
business and damage to the organization’s reputation.
• Preventing Cyber-attacks: Cyber-attacks, such as viruses, malware, phishing, and
ransomware, are becoming increasingly sophisticated and frequent. Information
security helps prevent these attacks and minimizes their impact if they do occur.
• Protecting Employee Information: Organizations also have a responsibility to protect
employee data, such as payroll records, health information, and personal details. This
information is often targeted by cybercriminals, and its theft can lead to identity theft
and financial fraud.
• Maintaining Business Continuity: Information security helps ensure that critical
business operations can continue in the event of a disaster, such as a cyber-attack or
natural disaster. Without proper security measures in place, an organization’s data and
systems could be compromised, leading to significant downtime and lost revenue.
 Basic Security Terminologies

Threats : a malicious act that aims to corrupt or steal data or disrupt an

organization's systems or the entire organization.
Cyber attacks are a major threat to information security and can take many forms,
including:
Malware: Malicious software designed to damage or disrupt computer systems.
This includes viruses, worms, and Trojans.
Phishing: Fraudulent emails or websites designed to trick users into disclosing
sensitive information such as passwords or credit card numbers.
Denial of Service (DoS) attacks: Attacks that aim to make a system or
network unavailable to its intended users by overwhelming it with
traffic.
Ransomware: Malware that encrypts files on a computer system and
demands a ransom payment in exchange for the decryption key.
Social engineering: The use of psychological manipulation to trick
individuals into disclosing sensitive information or performing actions
that compromise security.
Vulnerabilities
Vulnerabilities are weaknesses in a system that gives threats the opportunity to
compromise assets. All systems have vulnerabilities. Even though the technologies
are improving but the number of vulnerabilities are increasing such as tens of
millions of lines of code, many developers, human weaknesses, etc.
Vulnerabilities mostly happened because of Hardware, Software, Network and
Procedural vulnerabilities.

Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system
hardware through physically or remotely.
Old version of systems or devices
Unprotected storage
Unencrypted devices, etc.
Software Vulnerability:
A software error happen in development or configuration such as the execution
of it can violate the security policy. For examples:
Lack of input validation
Unverified uploads
Cross-site scripting
Unencrypted data, etc.

Network Vulnerability:
A weakness happen in network which can be hardware or software.
Unprotected communication
Malware or malicious software (e.g. Viruses, Key loggers, Worms, etc.)
Social engineering attacks
Misconfigured firewalls
Exploit
An exploit is a program, or piece of code, designed to find and take advantage of a security flaw
or vulnerability in an application or computer system, typically for malicious purposes such as
installing malware. An exploit is not malware itself, but rather it is a method used by
cybercriminals to deliver malware.
Basic Principal of Information Security(CIA)
In network security, the CIA triad is one of the most important models
which is designed to guide policies for information security within an
organization.

C-Confidentiality
I- Integrity
A-Availability
 Authentication
Non-Repudiation
Confidentiality: Confidentiality refers to protecting sensitive information from
unauthorized access or disclosure. This involves keeping confidential data
secure and accessible only to those who are authorized to access it.
Example
methods used to ensure confidentiality is requiring an account number or
routing number when banking online. Data encryption is another common
method of ensuring confidentiality.
Availability
This means that the network should be readily available to its users. This
applies to systems and to data. To ensure availability, the network
administrator should maintain hardware, make regular upgrades, have a plan
for fail-over, and prevent bottlenecks in a network.
Example
The ATM and bank software enforce data integrity by ensuring that any
transfers or withdrawals made via the machine are reflected in the
accounting for the user’s bank account
The machine provides availability because it’s in a public place and is
accessible even when the bank branch is closed
Integrity: Integrity refers to the accuracy and completeness of
information and the prevention of unauthorized or accidental
modification of data. This ensures that data is not tampered with and
remains trustworthy.
Example − Customers who shop online demand precise product and
price information, as well as the assurance that quantity, pricing,
availability, and other details will not change after they make an order
Authentication: Authentication is a crucial aspect of the principle of Information
Security and is used to verify the identity of individuals or systems attempting to
access sensitive information or systems. It is a process of verifying that a person
or system is who or what it claims to be. Authentication is a critical component
of Confidentiality and Availability as it helps prevent unauthorized access to
sensitive information and systems.
There are three basic types of authentication.
The first is knowledge-based — something like a password or PIN code that only
the identified user would know.
The second is property-based, meaning the user possesses an access card, key,
key fob or authorized device unique to them.
The third is biologically based. This type of authentication might be a physical
trait like a user’s fingerprint or retinal pattern. It could also be a behavioral
process unique to each user, like their voiceprints or keystroke dynamics.
Non-Repudiation: Non-repudiation is a principle of Information
Security that refers to the ability to prove that an action or
transaction took place and that it was performed by a specific
individual or system. The term “non-repudiation” implies that an
action or transaction cannot be denied by the individual or system
that performed it.
Example: Notary, Forensic Science
Security attacks and their classifications:

Passive
Security
Attacks
Active
Passive Attack A Passive attack attempts to learn or make use of
information from the system but does not affect system resources.
Passive Attacks are in the nature of eavesdropping on or monitoring
transmission.

The release of
message
content
Passive Attack

Traffic analysis
The release of message content –
Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.
Traffic analysis
Suppose that we had a way of masking (encryption) information, so that the
attacker even if captured the message could not extract any information from the
message.
The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was
taking place.
Active Attacks An active attack attempts to alter system resources or affect their
operations. It is a type of attack in which an attacker attempts to alter, destroy, or
disrupt the normal operation of a system or network.

Masquerade

Modification of messages

Active Attack Repudiation

Replay

Denial of Service
Masquarde
Masquerade is a type of cyber security attack in which an attacker pretends to
be someone else in order to gain access to systems or data. This can involve
impersonating a legitimate user or system to trick other users or systems into
providing sensitive information or granting access to restricted areas.
There are several types of masquerade attacks, including:
 Username and password masquerade
 IP address masquerade
 Website masquerade
 Email masquerade
Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect. Modification is an attack on the
integrity of the original data. It basically means that unauthorized parties not
only gain access to data but also spoof the data by triggering denial-of-service
attacks, such as altering transmitted data packets or flooding the network with
fake data. Manufacturing is an attack on authentication.
Repudiation –
Repudiation attacks are a type of cyber security attack in which an attacker
attempts to deny or repudiate actions that they have taken, such as making a
transaction or sending a message. These attacks can be a serious problem because
they can make it difficult to track down the source of the attack or determine who
is responsible for a particular action.
Replay –
It involves the passive capture of a message and its subsequent transmission to
produce an authorized effect. In this attack, the basic aim of the attacker is to
save a copy of the data originally present on that particular network and later on
use this data for personal uses. Once the data is corrupted or leaked it is insecure
and unsafe for the users.
Denial of Service –
Denial of Service (DoS) is a type of cybersecurity attack that is designed to make a
system or network unavailable to its intended users by overwhelming it with traffic
or requests. In a DoS attack, an attacker floods a target system or network with
traffic or requests in order to consume its resources, such as bandwidth, CPU
cycles, or memory, and prevent legitimate users from accessing it.
To prevent DoS attacks, organizations can implement several measures, such as:

1.Using firewalls and intrusion detection systems to monitor network traffic and block
suspicious activity.

2.Limiting the number of requests or connections that can be made to a system or

network.

3.Using load balancers and distributed systems to distribute traffic across multiple servers
or networks.

4.Implementing network segmentation and access controls to limit the impact of a DoS
attack.
 BASIS FOR COMPARISON ACTIVE ATTACK
Basic Active attack tries to change
the system resources or affect
their operation.
Modification in the information Occurs
Harm to the system Always causes damage to the
system.
Threat to Integrity and availability
Attack awareness The entity (victim) gets
informed about the attack.
Task performed by the attacker The transmission is captured by
physically controlling the
portion of a link.
Emphasis is on Detection
PASSIVE ATTACK
Passive attack tries to read or
make use of information from
the system but does not
influence system resources.
does not take place
Do not cause any harm.
Confidentiality
The entity is unaware of the
attack.
Just need to observe the
transmission.
Prevention
 Mathematical foundation
Prime Number
A prime number is a positive integer having exactly two factors, i.e. 1 and the
number itself. If p is a prime, then its only factors are necessarily 1 and p itself.
Any number that does not follow this is termed a composite number, which can
be factored into other positive integers.
First Ten Prime Numbers
The first ten primes are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29.
Prime Factorization

Prime numbers are used in cryptography because they are difficult to factorize. This means that it is difficult to find
the prime factors of a composite number without knowing the factors to begin with. This makes it difficult for
someone to intercept a message and read it without the proper key.
Relative Prime Number
• Two integers are relatively prime or Coprime when there are no common factors
other than 1. This means that no other integer could divide both numbers
evenly. Two integers a,b are called relatively prime to each other if gcd(a,b)=1
Modular arithmetic
Modular arithmetic is the branch of arithmetic mathematics related with the
“mod” functionality. Basically, modular arithmetic is related with computation of
“mod” of expressions. Expressions may have digits and computational symbols of
addition, subtraction, multiplication, division or any other.

Modular arithmetic has many applications in cryptography and computer science.

It’s often used to detect errors in identification numbers. Think about the kinds of
identification numbers we use everyday. Credit cards, bank accounts, and product
barcodes all involve long strings of numbers.
Discrete Logarithms

Primitive Roots
One way function