UNIT 2 System Security Management

Overview of security techniques – attacks and attackers – foundations of computer

security – data vs information – principles of computer security - security management –
risk and threat analysis - cryptographic algorithms – digital signatures – cryptography
pragmatics.

1. Overview of Security Techniques

1.1 Introduction to Security

Security ensures protection against unauthorized access, maintaining confidentiality, integrity,

and availability of systems and data.

Importance:

o Safeguards sensitive data.

o Maintains trust in digital systems.

o Ensures uninterrupted business operations.

1.2 Objectives of Security

• Confidentiality: Prevent unauthorized access to sensitive information.

• Integrity: Ensure data remains unchanged unless altered by authorized entities.

• Availability: Ensure systems and data are accessible whenever required.

1.3 Security Techniques

• Authentication: Verifies identity (e.g., passwords, biometrics, two-factor

authentication).

• Authorization: Assigns appropriate access rights.

• Encryption: Converts data into unreadable formats for unauthorized users.

• Firewalls: Filters and monitors incoming and outgoing traffic.

 • Intrusion Detection Systems (IDS): Identifies malicious activities in real time.

1.4 Layered security model

1. Human Layer

The human layer focuses on minimizing risks caused by human error or lack of knowledge,
which are common reasons for security breaches.

Examples:

• Security awareness training: Educate employees to identify phishing emails.

• Multi-factor authentication: Use additional verification steps like OTPs to secure

accounts.

2. Perimeter Security Layer

The perimeter layer acts as the first line of defense, controlling network traffic based on
established policies.
Examples:

• Firewalls: Filter incoming and outgoing traffic to block unauthorized access.

• VPNs: Enable secure remote access to the internal network.

3. Network Layer

The network layer secures data as it moves between devices, preventing interception or
tampering.

Examples:

• Secure protocols (HTTPS): Protect communication on websites.

• Network segmentation: Divide networks to limit access to sensitive areas.

4. Application Security Layer

This layer ensures software and devices are free from vulnerabilities that attackers could
exploit.

Examples:

• Web Application Firewalls (WAFs): Block attacks like SQL injection.

• Regular testing: Scan applications to detect and fix security flaws.

5. Endpoint Security Layer

The endpoint layer protects devices like computers and smartphones that connect to the
network.

Examples:

• Antivirus programs: Identify and eliminate malware.

• Endpoint Detection and Response (EDR): Detect and block malicious activities on
devices.

6. Data Security Layer

This layer focuses on protecting sensitive data from loss, theft, or unauthorized access.
Examples:

• Encryption: Convert data into a code to secure it from unauthorized access.

• Backups: Create copies of critical data to ensure availability during data loss.

7. Mission-Critical Assets

Protects assets essential for business operations, such as key systems and sensitive information.

Examples:

• Access restrictions: Ensure only authorized users can access critical systems.

• Regular updates: Patch software vulnerabilities to prevent exploitation.

2.Cyber Attacks

A cyber attack happens when hackers try to break into computer systems or networks to steal,
damage, or misuse information. These attacks can target anyone, from individuals to companies
or governments.

Common types:

• Malware: Harmful software like viruses or ransomware.

• Phishing: Fake emails trick people into sharing sensitive information.

• Denial of Service (DoS): Overloading systems to make them unavailable.

• Man-in-the-Middle (MitM): Intercepting communications between two parties.

Types of Cyber Threats

1.Active Attackers

Attackers directly harm systems by altering data, injecting malicious code, or pretending to be
someone else.

Examples:

o Stealing or destroying data.

 o Crashing systems.

Types of active attacks are as follows:

1. Masquerade Attack

2. Modification of Messages

3. Repudiation

4. Replay Attack

5. Denial of Service (DoS) Attack

1.Masquerade Attack:

A masquerade attack happens when an attacker pretends to be someone else, such as a

legitimate user or system, to gain unauthorized access to sensitive data or secured areas. The
goal is often to trick people into sharing private information or giving access to restricted
resources.

Types of Masquerade Attacks

1. Username and Password Masquerade:

Using stolen or fake login credentials to access systems as a valid user.

2. IP Address Masquerade:

Faking an IP address to make the attacker appear as a trusted source.

3. Website Masquerade:

Creating a fake website that looks like a real one to steal user information or spread malware.

4. Email Masquerade:

Sending fake emails that look like they’re from trusted sources to trick recipients into sharing
sensitive data or downloading malicious files.

Masquerade attacks rely heavily on deception, making awareness and strong security measures
essential to prevent them.
2. Modification of Messages

Modification of messages happens when someone alters or changes parts of a message without
permission. This could involve changing the content or the order of the messages to cause
confusion or mischief.

For example, if you send a message saying, "Allow JOHN to read confidential file X," an
attacker could change it to "Allow Smith to read confidential file X," which could lead to
unauthorized access.

This kind of attack destroys trust in the information being sent and can cause serious security
issues, especially if sensitive information is altered or misused.

3.Repudiation

A repudiation attack occurs when someone does something harmful, like sending a damaging
message or making a financial transaction, and then denies doing it. This makes it hard to figure
out who is responsible for the action, complicating the process of tracking and holding the
person accountable.

Types of Repudiation Attacks

1. Message Repudiation:

An attacker sends a message but later denies it. They may alter message headers or exploit
system weaknesses to hide their actions.

2. Transaction Repudiation:

An attacker makes a transaction (like a money transfer) and then denies it when asked for
proof. This could be done by exploiting system weaknesses or using stolen credentials.

3. Data Repudiation:

An attacker changes or deletes data and then denies it. This can happen by exploiting flaws
in the data storage system or using stolen credentials.

Repudiation attacks are dangerous because they allow attackers to escape responsibility for
their actions.

4. Replay

A replay attack happens when an attacker captures a message or data and sends it again later
to cause harm. The attacker doesn’t change the data but reuses it for unauthorized actions.

For example, an attacker might intercept a payment and replay it to make an illegal transaction.

This attack is risky because it allows old, legitimate data to be used wrongly.
5. Denial of Service (DoS) Attack

A Denial of Service (DoS) attack happens when an attacker floods a system or network with
too much traffic or too many requests, causing it to crash or become slow. This prevents real
users from accessing the system.

There are different types of DoS attacks:

• Flood attacks: The attacker sends too many requests or data, overloading the system
and making it crash.

• Amplification attacks: The attacker uses other systems to increase the amount of
traffic directed at the target, making the attack stronger.

How to prevent DoS attacks:

1. Use firewalls and intrusion detection systems to block suspicious traffic.

2. Limit the number of requests to a system.

3. Use load balancers to spread traffic across multiple servers.

4. Implement network segmentation to limit the impact of the attack.

2. Passive Attacks

A Passive attack is when an attacker tries to collect information from a system without
affecting its resources or operations. In this type of attack, the attacker is just listening or
monitoring data being transmitted without changing or damaging it. The goal is to gather
sensitive information, not to harm the system.

Examples of passive attacks include:

 • Eavesdropping: The attacker listens to network traffic to gather sensitive information,
like passwords or private messages.

• Sniffing: The attacker captures and analyzes data packets moving through the network
to steal confidential information.

Types of Passive attacks are as follows:

1. The Release of Message Content

2. Traffic Analysis

1. The Release of Message Content

Telephonic conversation, an electronic mail message, or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from learning
the contents of these transmissions.

2. Traffic Analysis

Even if encryption is used to protect the content of a message, an attacker can still gain
valuable information through traffic analysis.
While the actual message remains unreadable, the attacker can observe:
• The location and identity of the communicating hosts.
• The frequency and length of messages exchanged.
This type of information can help the attacker infer the nature of the communication, even if
they can't decipher the actual content.
To protect against traffic analysis, the most effective method is encrypting SIP traffic. By
encrypting the communication, an attacker would need to access the SIP proxy or its call log
to determine who made the call, thus adding an extra layer of security.
3.Foundations of Computer Security

3.1 What is Computer Security?

Computer security means protecting computers and their data, software, and networks from
unauthorized access, theft, damage, or misuse. The internet has made life easier, but it also
exposes computers to risks like viruses, hacking, and data theft.

3.2 Why is Computer Security Important?

As technology grows, so do the risks. Hackers and thieves try to harm computer systems for
money, fame, or other purposes. Computer security helps protect our devices and information
from these risks.

3.3 Three Main Goals of Computer Security:

1. Confidentiality: Keeping information private and only accessible to authorized
people. This includes:
o Data confidentiality: Ensuring sensitive data is not accessed by unauthorized
people.
o Privacy: Controlling who can access personal information.
 2. Integrity: Making sure that data is not changed or destroyed without permission. This
includes:
o Data integrity: Ensuring information is not altered or destroyed
inappropriately.
o System integrity: Ensuring the system works as it should without
unauthorized changes.
3. Availability: Ensuring information is available when needed. This means systems
should work properly and not be interrupted or disabled.

3.4 Types of Computer Security:

1. Cyber Security: Protecting computers, devices, and networks from attacks over the
internet.
2. Information Security: Protecting data from theft, misuse, and unauthorized access.
3. Application Security: Securing software and applications to keep data safe from
hackers.
4. Network Security: Protecting the network and the data that is sent over it.

3.5 Types of Cyber Attacks:

1. Denial of Service (DoS): Attackers overload a system with traffic, making it
unavailable to users.
2. Backdoor: Malware secretly installs itself on your system to allow attackers to
control it later.
3. Eavesdropping: Attackers secretly listen to or steal private information by
monitoring network traffic.
4. Phishing: Attackers trick you into giving away personal information like passwords
or bank details.
5. Spoofing: Attackers pretend to be someone else to access your system or data.
6. Malware: Harmful software designed to damage your computer, such as viruses,
spyware, or ransomware.
7. Social Engineering: Attackers manipulate people into sharing personal or sensitive
information.
8. Polymorphic Attacks: Attackers change the form of their attacks to avoid detection.

3.6 Steps to Ensure Computer Security:

 1. Update Your Operating System: Keep your system updated to avoid vulnerabilities.
2. Use Secure Networks: Avoid public Wi-Fi for sensitive activities to reduce the risk
of attacks.
3. Install Antivirus Software: Protect your computer from viruses by using trusted
antivirus programs.
4. Enable a Firewall: Firewalls block unauthorized access to your computer or network.
5. Use Strong Passwords: Create strong, unique passwords to protect your accounts.
Change them regularly.
6. Be Careful Who You Trust: Be cautious about sharing personal information with
others.
7. Protect Your Personal Information: Don’t post too much personal information
online. Be mindful of who sees it.
8. Be Cautious with Email Attachments: Don't open attachments from unknown
sources, as they may contain malware.
9. Shop from Trusted Websites: Only make online purchases from reputable websites
to avoid fraud.
10. Learn About Security: Stay informed about computer security practices to reduce
the risk of attacks.
11. Report Attacks: If you’re attacked, report it to the authorities to protect others and
take action.
12. Avoid Pirated Content: Don’t download pirated software or media, as they may
contain harmful malware.

These steps help protect your computer and personal information from attackers, ensuring a
safer digital experience.

4.Data vs Information

Understanding the distinction between data and information is crucial in today’s digital
landscape. Data comprises raw, unprocessed facts that need context to become useful, while
information is data that has been processed, organized, and interpreted to add meaning and
value. This explanation sets the stage for how businesses can transform data into strategic assets
through effective knowledge management.
4.1 What is Data?

Data represents raw elements or unprocessed facts, including numbers and symbols to text and
images. When collected and observed without interpretation, these elements remain just data—
simple and unorganized. When these pieces are analyzed and contextualized, they transform
into something more meaningful.

Data comes in various forms:

Quantitative data, like an item’s weight, volume, or cost, is provided numerically.

Qualitative data is descriptive but non-numerical, such as a person’s name and sex.

4.2 What is Information?

You get information when data is processed, organized, interpreted, and structured. The
comprehensible output derived from raw data helps inform decisions, strategies, and actions.
Information is essentially data made valuable and accessible—an integral component of
decision-making.

For instance, if data points include daily temperature readings over a year, information is
recognizing the trend of temperatures, understanding seasonal changes, and predicting future
weather conditions.

4.3 Data vs Information in system security management

In the context of system security management, understanding the difference between data and
information is essential to securing sensitive systems and making informed decisions. Data
refers to raw, unprocessed facts that, on their own, don't offer much insight. Information, on
the other hand, is data that has been processed, analyzed, and interpreted to provide meaningful,
actionable insights. In system security, data can represent raw logs, alerts, or system events,
while information represents a deeper understanding of security threats, vulnerabilities, and
effective countermeasures.

What is Data in System Security?

Data in security is the raw, unorganized facts that are collected from systems. This can include:

- Logs: Records of actions taken on a system.

- Network traffic: Data about what’s happening on the network (who’s sending what to
whom).

- User activities: Information about who logged in and what they did.

- Security alerts: Warnings from firewalls or antivirus software.

On its own, this data doesn’t tell you much. It’s like a collection of puzzle pieces waiting to be
put together.

What is Information in System Security?

Information is when that raw data is analyzed and organized to make it meaningful. For
example:

- Finding threats: Realizing that multiple failed login attempts mean someone might be trying
to hack into the system.

- Understanding patterns: Noticing a sudden spike in network traffic, which could be a sign
of a cyberattack.

- Recognizing behavior: Seeing that a user is accessing files they shouldn’t be, which might
mean their account is compromised.

Information helps security teams know what actions to take.

4.4 Key Differences Between Data and Information

1. Data is like raw ingredients, while Information is the final dish that tells you something
useful, like "we’re under attack."
2. Data is raw and unprocessed, but Information gives meaning and helps make decisions.

3. Data can be overwhelming and messy, but Information is clear and useful for solving
problems.

Examples of Data vs. Information

- Data Example: A log showing that a user tried to log in five times in one minute.

- Information Example: Realizing this is a hacker trying to break into the system by using
different passwords.

-Data Example: An alert from the antivirus software saying it found something suspicious.

- Information Example: Understanding that the suspicious file is malware, which needs to be
removed immediately.

5.Principles of Computer Security

In the digital world, protecting data and systems is essential to prevent unauthorized access,
theft, and attacks. Computer security principles provide a framework for ensuring systems are
safe, reliable, and available when needed. These principles help businesses safeguard their
sensitive information and maintain trust among users. Below are five key principles of
computer security explained simply.

1. Confidentiality

Confidentiality refers to the protection of sensitive information from unauthorized access. It

ensures that only those with the proper permissions can view or modify specific data.

For example, when you log into your email account, confidentiality ensures that no one else
can read your private messages. This is often achieved through encryption, strong passwords,
and access control measures. In a business context, ensuring confidentiality means that
customer data, financial records, or trade secrets are kept secure from competitors or hackers.

2. Integrity

Integrity ensures that the data remains accurate, consistent, and trustworthy over its lifecycle.
This principle prevents unauthorized changes or corruption of data, whether by error or
malicious intent.
For example, when a company sends a product order, integrity ensures the information in the
order is not altered during the transmission process. It is maintained by techniques such as
hashing and checksums, which verify that data has not been tampered with, providing
confidence that the information is accurate and reliable.

3. Availability

Availability ensures that systems and data are accessible to authorized users whenever they are
needed. This principle focuses on preventing downtime and ensuring that systems remain
operational even during failures.

For example, a website needs to be available for customers to shop online, and an employee
must be able to access files on a server without interruptions. To ensure availability, businesses
often use backup systems, failover solutions, and regular maintenance checks to minimize
disruptions and protect against cyber-attacks or hardware failures.

4. Authentication

Authentication is the process of verifying the identity of a user, device, or system before
granting access to resources. This principle ensures that only legitimate users can access
sensitive information or perform specific actions.

For example, when you log into your online banking account, the system checks your
username and password to authenticate that you are the account holder. More secure systems
may also use multi-factor authentication (MFA), which requires additional methods such as a
fingerprint scan or a code sent to your phone to confirm your identity.

5. Authorization

Authorization determines what actions or resources an authenticated user is allowed to access.

Once a user is authenticated, the system checks whether they have permission to perform
certain tasks, like accessing specific files or making changes to data.

For example, an employee in a company may be authorized to view inventory data but may not
have the permission to change pricing information. By setting clear roles and permissions,
businesses ensure that users only access what they need to do their jobs, helping to protect
critical systems and data from misuse.
6.Security Management

6.1 What is Security Management?

Security management is the process of protecting an organization’s assets—such as data,

systems, people, and buildings—from various risks. It involves identifying valuable assets,
creating policies to protect them, and continuously updating and improving security measures.
A solid security management strategy helps ensure that the organization can defend against
cyberattacks, theft, or any disruption to its operations.

6.2 Purpose of Security Management

The main purpose of security management is to provide a strong foundation for an

organization’s overall security strategy. This involves creating procedures to identify potential
threats, categorizing assets based on their importance, and assessing risks to decide what needs
protection the most. Effective security management allows organizations to prevent security
incidents, respond quickly when they happen, and maintain control over their assets.

6.3 Types of Security Management

There are different types of security management, each focusing on a specific area of
protection:

1. Information Security Management: This focuses on protecting data from threats by

ensuring its confidentiality, integrity, and availability. Organizations follow security
standards like ISO/IEC 27000 and regulations like HIPAA for healthcare to keep
sensitive information secure.

2. Network Security Management: Network security ensures that an organization’s

network is protected from cyber threats, such as hackers. It includes measures like
monitoring network traffic, controlling who can access the network, and isolating parts
of the network to prevent attacks.

3. Cybersecurity Management: Cybersecurity management covers a broader scope,

protecting all aspects of an organization’s IT infrastructure, including networks, cloud
systems, mobile devices, and applications from cyber threats.

6.4 Security Management Architecture

A good security management architecture integrates various tools and policies into one
cohesive system. Instead of using separate security measures, it ensures that everything works
together to enforce security policies consistently across all systems. This approach helps
streamline security management and improve efficiency in protecting an organization.

6.5 Why is Security Management Important?

Security management is critical because it helps organizations protect their data and systems
from cyberattacks, theft, and other risks. Effective security management ensures that
businesses can quickly recover from attacks, reduce downtime, and protect sensitive data. It
also helps organizations stay compliant with regulations and industry standards. Without a
proper security management strategy, companies risk facing significant financial losses, data
breaches, and damage to their reputation.

6.6 How Does Security Management Work?

Security management works through three main phases:

1. Assessment: This is the first step, where security leaders assess the organization’s IT
assets and identify potential vulnerabilities. This helps in creating policies and
procedures to protect these assets.

2. Awareness: Once the security measures are set, the next step is educating employees
about cybersecurity best practices and their specific roles in maintaining security. This
ensures everyone is aware of their responsibilities.

3. Activation: In this phase, security strategies are implemented, and ongoing monitoring
is performed to ensure the system is secure. It includes responding to incidents,
enforcing compliance, and making necessary updates to the security strategy.

7.Risk and Threat Analysis

Risk and threat analysis is a crucial process used by organizations to identify, assess, and
prioritize potential risks and threats to their assets, systems, and operations. By understanding
where vulnerabilities lie and the potential impact of various threats, organizations can develop
effective strategies to mitigate those risks and safeguard their operations.

7.1 What is Risk Analysis?

Risk analysis is the process of identifying and evaluating risks that could negatively impact an
organization. Risks can include anything from cyberattacks to natural disasters, legal issues, or
financial instability. The goal of risk analysis is to understand the likelihood of these events
occurring and the potential damage they could cause. This helps organizations prioritize which
risks need the most attention and resources.

Steps in Risk Analysis

1. Identify Risks: Recognize all possible risks that could affect the business. This could
involve external factors (like cyberattacks) or internal factors (like system failures or human
errors).

2. Assess Likelihood: Estimate the probability of each risk happening. Is it something that
could happen frequently, or is it a rare event?

3. Determine Impact: Evaluate the potential damage a risk could cause, including financial
loss, reputation damage, or legal consequences.

4. Prioritize Risks: Once risks are identified and assessed, they are ranked based on their
likelihood and potential impact. This allows an organization to focus on the most critical risks
first.

7.2 What is Threat Analysis?

Threat analysis focuses specifically on identifying and evaluating the threats that could exploit
an organization’s vulnerabilities. A threat is any circumstance or event that has the potential to
cause harm. In cybersecurity, for example, threats could be hackers, malware, or phishing
attacks. Understanding threats helps organizations prepare defensive strategies to protect
themselves.

Steps in Threat Analysis

1.Identify Threats: Determine possible threats to the organization, such as cyberattacks,

system failures, or employee misconduct.

2.Evaluate Threat Impact: Assess how these threats could harm the organization, such as
through data breaches, operational downtime, or financial loss.
3.Develop Mitigation Strategies: Create strategies to prevent or reduce the likelihood of these
threats materializing. This could include implementing firewalls, security protocols, or
employee training.

The Relationship Between Risk and Threat Analysis

While both risk and threat analysis aim to protect an organization, they focus on different
aspects. Risk analysis looks at the broader picture of potential hazards and their consequences,
while threat analysis focuses specifically on the actors or events that could exploit
vulnerabilities. Both analyses complement each other to help create a comprehensive security
strategy.

Why is Risk and Threat Analysis Important?

Performing risk and threat analysis is essential for identifying and understanding vulnerabilities
in an organization. Without these analyses, businesses would be unprepared for potential
threats, leading to unexpected security breaches, financial losses, or operational disruptions.
By conducting regular assessments, organizations can implement proactive measures to reduce
risk, protect assets, and ensure business continuity.

Benefits of Risk & Threat Analysis

1. Prevents Problems:

Helps identify threats early so you can prevent problems before they happen.

2. Better Security:

Finds weaknesses in your system, allowing you to fix them and protect your data.

3. Smart Resource Use:

Focuses on the most serious risks first, saving time and money.

4. Legal Protection:

Helps meet security rules and regulations, avoiding legal issues.

5. Improves Decisions:

Makes it easier to make smart decisions about security and risk management.

Disadvantages of Risk & Threat Analysis

1. Takes Time and Resources:

The process can be long and requires experts and tools.

2. May Miss Some Risks:

New risks or threats may not be identified in time.

3. False Sense of Security:

Focusing only on known risks can leave other areas unprotected.

4. Can Be Complicated:

Large companies may find it hard to analyze all their systems.

5. Needs Regular Updates:

Risks change over time, so the analysis must be updated regularly.

Risk and threat analysis helps organizations understand potential dangers and plan how to
protect themselves. It has many benefits, like preventing problems and improving security, but
also requires time, resources, and regular updates.

Cryptographic Algorithms
A cryptographic algorithm is a set of steps that can be used to convert plain text into cipher
text. A cryptographic algorithm is also known as an encryption algorithm.
A cryptographic algorithm uses an encryption key to hide the information and convert it into
an unreadable format. Similarly, a decryption key can be used to convert it back into plain-
readable text.
Process of Cryptography
Types of Cryptographic Algorithms
To protect sensitive data and conversations, cryptography uses complex algorithms. These
mathematical formulas enable the encryption, decryption, signature, and verification
processes that protect secret data during transmission and storage.

Major types of cryptographic algorithms

1. Advanced Encryption Standard (AES)

AES (Advanced Encryption Standard) is a popular encryption algorithm which uses the same
key for encryption and decryption It is a symmetric block cipher algorithm with block size
of 128 bits, 192 bits or 256 bits. AES algorithm is widely regarded as the replacement of DES
(Data encryption standard) algorithm, which we will learn more about later in this article.
There are many types of AES depending on the rounds:
• AES-128 uses 10 rounds
• AES-192 uses 12 rounds
• AES-256 uses 14 rounds
The more rounds there are, the safer the encryption. This is why AES-256 is considered the
safest encryption.
Characteristics of AES Algorithm
• Many key sizes: Three key sizes available: 128, 192, and 256 bits
• Security: Strong security measures to protect against threats
• Versatile: It is versatile because it can be used for both hardware and software
• Wide applications: Widely adopted in various applications, including:Google Cloud,
Facebook and Password managers.
2. Data Encryption Standard (DES)
DES is an older encryption algorithm that is used to convert 64-bit plaintext data into 48-bit
encrypted ciphertext. It uses symmetric keys (which means same key for encryption and
decryption). It is kind of old by today's standard but can be used as a basic building block for
learning newer encryption algorithms.
Characteristics of DES
• Same symmetric key: DES uses symmetric-key algorithm and therefore, encryption
and decryption can be done by single key using same algorithm.
• Easier Implementation: DES was designed for hardwares rather than software and
shows efficiency and fast implementation in hardwares.
• Cipher technique: Transposition and substitution cipher is used: This algorithm uses
both transposition cipher and substitution cipher technique.
• Building block: DES technique acts as a building block for other cryptographic
algorithms.
3. RSA Algorithm (Rivest, Shamir, Adleman Algorithm)
So, RSA is an basic asymmetric cryptographic algorithm which uses two different keys for
encryption. The RSA algorithm works on a block cipher concept that converts plain text into
cipher text and vice versa.
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it
works on two different keys i.e. Public Key and Private Key. As the name describes that the
Public Key is given to everyone and the Private key is kept private.
Characteristics of RSA Algorithm
• Security: Many consider the RSA method to be highly secure and widely used for
transmitting data
• Fast Speed: The RSA approach is known for its speed. Can be implemented swiftly
when cryptography needs arise.
• Different keys: In the RSA technique two separate keys are utilized for encrypting and
decrypting data. The public key is used to encrypt the information while the private key
is employed for decryption.
• Key exchange: With the RSA method secure exchange can be achieved, enabling two
parties to swap a key without transmitting it over the network.

4. Secure Hash Algorithm (SHA)

SHA is used to generate unique fixed-length digital fingerprints of input data known as
hashes. SHA variations such as SHA-2 and SHA-3 are commonly used to ensure data
integrity and authenticity. The tiniest change in input data drastically modifies the hash
output, indicating a loss of integrity. Hashing is the process of storing key value pairs with
the help of a hash function into a hash table.
Characteristics of Secure Hash Algorithm (SHA)
• Security: The SHA 256 is highly recognized for its robust security features, among
hashing algorithms. It effectively prevents collision attacks ensuring that different inputs
do not produce the hash value. Websites prioritize user privacy by storing passwords in a
format.
• One-way hashing: Using SHA algorithms for one way hashing enables the storage of
information like passwords. Data hashing into a fixed length output simplifies indexing
and comparisons. Even a minor change in the message results, in a hash when using SHA
algorithms facilitating the identification of corrupted data.
• Avalanche effect: A small change in the input value, even a single bit, completely
changes the resultant hash value. This is called the
• Variable input length and fixed output length: SHA algorithm consits of a variable
input length (meaning the length of input is dynamic) and a fixed output length.

Digital Signature

What is a digital signature?

A digital signature is a mathematical technique used to validate the authenticity and integrity
of a digital document, message or software. It's the digital equivalent of a handwritten signature
or stamped seal, but it offers far more inherent security. A digital signature is intended to solve
the problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions and digital messages. Signers can also use them to acknowledge informed consent.
In many countries, including the U.S., digital signatures are considered legally binding in the
same way as traditional handwritten document signatures.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm, such as Rivest-Shamir-Adleman, or RSA, two
keys are generated, creating a mathematically linked pair of keys: one private and one public.

Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. For encryption and decryption, the person who creates the digital signature
uses a private key to encrypt signature-related data. The only way to decrypt that data is with
the signer's public key.

If the recipient can't open the document with the signer's public key, that indicates there's a
problem with the document or the signature. This is how digital signatures are authenticated.

Digital signing certificates, also called public key certificates, are used to verify that the public
key belongs to the issuer. Signing certificates are sent with the public key; they contain
information about the certificate's owner, expiration dates and the digital signature of the
certificate's issuer. Trusted third-party certificate authorities (CAs), such as DocuSign or
GlobalSign, issue signing certificates.

Digital signature technology requires all parties to trust that the person who creates the
signature image has kept the private key secret. If someone else has access to the private signing
key, that party could create fraudulent digital signatures in the name of the private key holder.

Signing certificate and certificate authority

Digital signatures get their official status through signing certificates. Signing certificates serve
as authentication for transmitted documents, their contents and the author of these documents.
An official third-party certificate authority is responsible for administering these certificates.
CAs verify that organizations are in compliance with cybersecurity standards, such as
International Organization for Standardization (ISO) standards. Only after an organization has
been approved is a certificate provided.
The approval process starts with the CA assessing the needs of the author and ensuring their
methods comply with regulations. The CA then issues a signing certificate and the
cryptographic key pair needed to secure the documents' contents. A mathematical algorithm
generates this key pair to ensure the contents can't be accessed without both keys. Ultimately,
the digital signature includes the following:

• The author's electronic signature of the document.

• A piece of data called a cryptographic hash that is unique to the author's documents and is
used to verify the authenticity of the document.

• The signing certificate from the CA, which contains the public key and the written proof
that the CA has approved the process.

• The private key, which the author must keep confidential and which is used to encrypt the
documents.

Signing certificates assure recipients of the authenticity of both the author and documents and
that the documents are free from prior tampering or forgery. The author sending the documents
and the recipient receiving them must agree to use a given CA.

What are the benefits of digital signatures?

Digital signatures offer the following advantages:

• Security. Security capabilities are embedded in digital signatures to ensure a legal

document isn't altered and signatures are legitimate. Security features include asymmetric
cryptography, personal identification numbers (PINs), checksums and cyclic redundancy
checks (CRCs), as well as CA and trust service provider (TSP) validation.

• Timestamping. This provides the date and time of a digital signature and is useful when
timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings.

• Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. With digital signatures
becoming an international standard, more countries are accepting them as legally binding.
• Time savings. Digital signatures simplify the time-consuming processes of physical
document signing, storage and exchange, letting businesses quickly access and sign
documents.

• Cost savings. Organizations can go paperless and save money previously spent on the
physical resources, time, personnel and office space used to manage and transport
documents.

• Positive environmental effects. Reducing paper use cuts down on the physical waste
paper generates and the negative environmental impact of transporting paper documents.

• Traceability. Digital signatures create an audit trail that makes internal record-keeping
easier for businesses. With everything recorded and stored digitally, there are fewer
opportunities for a manual signee or record-keeper to make a mistake or misplace
something.

What are the challenges of digital signatures?

Challenges sometimes crop up when organizations use digital signatures. These include the
following:

• Insecure channels. Despite the security layer digital signatures provide, the channels used
to transmit documents can still have inadequate security measures. Without proper
encryption and authentication, they could lead to compromised documents and data loss.

• Key management. Compromised or lost keys are useless; therefore, organizations must be
prepared to craft policies and procedures for employees to properly manage their keys,
which can be complicated.

• Compliance. Different standards are used in different jurisdictions regarding digital

signatures, so an organization must consult with legal experts or have a knowledgeable
person to handle these matters.

How do you create a digital signature?

To create a digital signature, signing software, such as an email program, is used to provide a
one-way hash of the electronic data to be signed.

A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital
signature creator's private key is used to encrypt the hash. The encrypted hash -- along with
other information, such as the hashing algorithm -- is the digital signature.
The reason for encrypting the hash instead of the entire message or document is because a hash
function can convert an arbitrary input into a fixed-length value, which is usually much shorter.
This saves time, as hashing is much faster than signing.

The value of a hash is unique to the hashed data. Any change in the data -- even a modification
of a single character -- results in a different value. This attribute lets others use the signer's
public key to decrypt the hash to validate the integrity of the data.

If the decrypted hash matches a second computed hash of the same data, it proves that the data
hasn't changed since it was signed. But, if the two hashes don't match, the data has either been
tampered with in some way and is compromised or the signature was created with a private
key that doesn't correspond to the public key presented by the signer. This signals an issue with
authentication.

A
person creates a digital signature using a private key to encrypt a signature. At the same time,
hash data is created and encrypted. The recipient uses a signer's public key to decrypt the
signature.

A digital signature can be used with any kind of message, whether or not it's encrypted, simply
so the receiver can be sure of the sender's digital identity and that the message arrived intact.
Digital signatures make it difficult for the signer to deny having signed something, as the digital
signature is unique to both the document and the signer, and it binds them together. This
property is called nonrepudiation.
The signing certificate is the electronic document that contains the digital signature of the
issuing CA. It's what binds together a public key with an identity and can be used to verify that
a public key belongs to a particular person or entity. Most modern email programs support the
use of digital signatures and signing certificates, making it easy to sign any outgoing emails
and validate digitally signed incoming messages.

Digital signatures are also used to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the internet.

Classes and types of digital signatures

There are three different classes of digital signature certificates (DSCs) as follows:

1. Class 1. This type of DSC can't be used for legal business documents because they're
validated based only on an email ID and username. Class 1 signatures provide a basic level
of security and are used in environments with a low risk of data compromise.

2. Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents,
including income tax returns and goods and services tax returns. Class 2 digital signatures
authenticate a signer's identity against a preverified database. Class 2 digital signatures are
used in environments where the risks and consequences of data compromise are moderate.

3. Class 3. The highest level of digital signatures, Class 3 signatures, require people or
organizations to present in front of a CA to prove their identity before signing. Class 3
digital signatures are used for e-auctions, e-tendering, e-ticketing and court filings, as well
as in other environments where threats to data or the consequences of a security failure are
high.

Use cases for digital signatures

Digital signature tools and services are commonly used in contract-heavy industries, including
the following:

• Government. The U.S. Government Publishing Office publishes electronic versions of

budgets, public and private laws, and congressional bills with digital signatures.
Governments worldwide use digital signatures for processing tax returns, verifying
business-to-government transactions, ratifying laws and managing contracts. Most
government entities must adhere to strict laws, regulations and standards when using digital
 signatures. Many governments and businesses also use smart cards to identify their citizens
and employees. These are physical cards with an embedded chip that contains a digital
signature that provides the cardholder access to an institution's systems or physical
buildings.

• Healthcare. Digital signatures are used in the healthcare industry to improve the efficiency
of treatment and administrative processes, strengthen data security, e-prescribe and process
hospital admissions. The use of digital signatures in healthcare must comply with
the Health Insurance Portability and Accountability Act of 1996.

• Manufacturing. Manufacturing companies use digital signatures to speed up processes,

including product design, quality assurance, manufacturing enhancements, marketing and
sales. The use of digital signatures in manufacturing is governed by ISO and the National
Institute of Standards and Technology Digital Manufacturing Certificate.

• Financial services. The U.S. financial sector uses digital signatures for contracts, paperless
banking, loan processing, insurance documentation and mortgages. This heavily regulated
sector uses digital signatures, paying careful attention to the regulations and guidance put
forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act),
state Uniform Electronic Transactions Act regulations, the Consumer Financial Protection
Bureau and the Federal Financial Institutions Examination Council.

• Cryptocurrencies. Bitcoin and other cryptocurrencies use digital signatures to

authenticate the blockchain they use. They're also used to manage transaction data
associated with a cryptocurrency and as a way for users to show ownership of currency and
their participation in a transaction.

• Non-fungible tokens (NFTs). Digital signatures are used with digital assets, such as
artwork, music and videos, to secure and trace these types of NFTs anywhere on the
blockchain.