Information Security

Notes outlines
No#1
Topic:Security Foundation
on security has started to cover emerging topics such as
cloud
computing security, smart cities’ security and privacy,
healthcare and telemedicine,
the Internet-of-Things (IoT) security [1], the Internet-of-
Vehicles security, and several types of wireless
sensInformation security has extended to include several
research directions like user authentication and
authorization, network security, hardware security, software
security, and data cryptography. Information security has
become a crucial need for
protecting almost all information transaction applications.
Security is considered as
an important science discipline whose many multifaceted
complexities deserve the
synergy of the computer science and engineering
communities.
Recently, due to the proliferation of Information and
Communication Technologies, informatior networks security
[2,3]. In addition, information security
has extended further to cover not only technical security
problems but also social and
organizational security challenges [4,5].
Traditional systems’ development approaches were focusing
on the system’s
usability where security was left to the last stage with less
priority. However, the
new design approaches consider security-in-design process
where security is considered at the early phase of the
design process. The new designed systems should be
well protected against the available security attacks. Having
new systems such as IoT
or healthcare without enough security may lead to a leakage
of sensitive data and, in
some cases, life threatening situations.
Taking the social aspect into account, security education is a
vital need for both
practitioners and system users [6]. Users’ misbehaviour due
to a lack of security
knowledge is the weakest point in the system security chain.
The users’ misbehaviour
is considered as a security vulnerability that may be
exploited for launching security
attacks. A successful security attack such as distributed
denial-of-service attack will
impose incident recovery cost in addition to the downtime
cost.
NO#2
Topic:Security Mechanism
Deffination:A security mechanism is a process or device that
detects, prevents, or recovers from a security attack. Some
notes on security mechanisms include:
Security mechanism types
Security mechanisms can be specific to a protocol layer,
such as TCP, or they can be pervasive and not specific to a
particular protocol layer or security service
Various mechanisms are designed to recover from these
specific attacks at various protocol layers.
Security Mechanism:
 Encipherment
 Access Control
 Notarization
 Data Integrity
 Authenticaion Exchange
 Bit stuffing
 Digital signature
Conclusion
Security methods are critical for protecting data and network infrastructure from
unauthorized access, attacks, and other threats. They protect data integrity,
secrecy, and availability, hence preserving trust in digital transactions. Organizations
can protect sensitive information and maintain secure network communication by
using techniques such as encipherment, access control, notarization, and digital
signatures.

No# 3
Symitric Cryptography
Symmetric cryptography is also known as a private-key cryptography. It is called
symmetric because, it makes use of the same key for both encryption of plain text
(sending message) and decryption of cipher text (received message).
Types:
 AES (Advanced Encryption Standard)
 DES (Data Encryption Standard)
 IDEA (International Data Encryption Algorithm)
 Blowfish (Drop-in replacement for DES or IDEA)
one key:
Symmetric encryption uses one key to encrypt and decrypt. If you encrypt a zip file
and then decrypt with the same key, you are using symmetric encryption. Symmetric
encryption is also called “secret key” encryption: the key must be kept secret from
third parties.
 Asymitric Cryptography
Asymmetric cryptography is defined as a cryptographic method where each user
possesses a pair of mathematically related keys - a public key and a private key.
The public key is shared openly, while the private key is kept confidential, enabling
secure data exchange and digital signatures.
 Key Components
 Plaintext: This refers to the original, readable message or data that is inputted
into the encryption algorithm.
 Encryption algorithm: This algorithm transforms the plaintext in various ways.
 Public and private keys: A pair of keys chosen so that if one is used for
encryption, the other is used for decryption. The specific transformations
performed depend on whether the public or private key is provided as input.
 Ciphertext: The encrypted, scrambled message produced as output. It can be
find using both the plaintext and the key, but uf there are different keys then it
will give different ciphertexts for the same message or plaintext.
 Decryption algorithm: This algorithm takes the ciphertext and the
corresponding key and retrieves the original plaintext.
No# 4
Topic:Encryption
What is encryption?
Encryption is the method by which information is converted into secret code that
hides the information's true meaning. The science of encrypting and decrypting
information is called cryptography.

Encryption has long been used to protect sensitive information. Historically, it was
used by militaries and governments. In modern times, encryption is used to protect
data both at rest and in motion. At-rest data is the type stored on computers and
storage devices. In-motion data refers to data in transit between devices and over
networks.

Why is encryption important?

Encryption plays a vital role in securing different types of IT assets and personally
identifiable information (PII). To this end, encryption serves four essential functions:

1. Confidentiality. Encodes the data to prevent it from being understood if it is

intercepted.
2. Authentication. Verifies the origin of the data that has been encrypted.
3. Integrity. Validates that the data has not been altered since it was encrypted.
4. Nonrepudiation. Prevents senders from denying they sent the encrypted data.
No#5
 Topic:Hash function

What is a Hash Function?

A hash function is a function that takes an input (or ‘message’) and returns a fixed-
size string of bytes. The output, typically a number, is called the hash code or hash
value. The main purpose of a hash function is to efficiently map data of arbitrary
size to fixed-size values, which are often used as indexes in hash tables.

Key Properties of Hash Functions

 Deterministic: A hash function must consistently produce the same output for
the same input.
 Fixed Output Size: The output of a hash function should have a fixed size,
regardless of the size of the input.
 Efficiency: The hash function should be able to process input quickly.
 Uniformity: The hash function should distribute the hash values uniformly across
the output space to avoid clustering.
 Pre-image Resistance: It should be computationally infeasible to reverse the
hash function, i.e., to find the original input given a hash value.
 Collision Resistance: It should be difficult to find two different inputs that
produce the same hash value.
 Avalanche Effect: A small change in the input should produce a significantly
different hash value.
Applications of Hash Functions
 Hash Tables: The most common use of hash functions in DSA is in hash tables,
which provide an efficient way to store and retrieve data.
 Data Integrity: Hash functions are used to ensure the integrity of data by
generating checksums.
 Cryptography: In cryptographic applications, hash functions are used to create
secure hash algorithms like SHA-256.
 Data Structures: Hash functions are utilized in various data structures such as
Bloom filters and hash sets.
Types of Hash Functions
There are many hash functions that use numeric or alphanumeric keys. This article
focuses on discussing different hash functions:
1. Division Method.
2. Multiplication Method
3. Mid-Square Method
4. Folding Method
5. Cryptographic Hash Functions
6. Universal Hashing
7. Perfect Hashing
No#6
 Topic:Digital Signature
What is a digital signature?
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a digital document, message or software.
It's the digital equivalent of a handwritten signature or stamped seal, but
it offers far more inherent security. A digital signature is intended to
solve the problem of tampering and impersonation in digital
communications.
How do digital signatures work?
Digital signatures are based on public key cryptography, also known
as asymmetric cryptography. Using a public key algorithm, such as Rivest-
Shamir-Adleman, or RSA, two keys are generated, creating a mathematically
linked pair of keys: one private and one public.

Digital signatures work through public key cryptography's two mutually

authenticating cryptographic keys. For encryption and decryption, the person
who creates the digital signature uses a private key to encrypt signature-
related data. The only way to decrypt that data is with the signer's public key.