Model for computer security The assets of a computer system are as follows:

• Hardware: Including computer systems and other data processing, data storage,
and data communications devices
• Software: Including the operating system, system utilities, and applications.
• Data: Including files and databases, as well as security-related data, such as
password files.
• Communication facilities and networks: Local and wide area network
communication links, bridges, routers, and so on.
Adversary (threat agent) : An entity that attacks, or is a threat to, a system.
Attack: an intelligent act that is a deliberate attempt to evade security services
and violate the security policy of a system.
Countermeasure An action, device, procedure, or technique that reduces a threat,
a vulnerability, or an attack by eliminating or preventing it.
Risk An expectation of loss expressed as the probability that a threat will exploit a
vulnerability with a harmful result.
Security Policy A set of rules and practices that specify or regulate how a system
or organization provides security services to protect sensitive and critical system
resources
OSI Security architecture

••The security manager is responsible for :

•Assessing and evaluating the security needs of an organization effectively,
•Evaluating and choosing various security products, policies,
•He needs some systematic way of defining the requirements for security
and characterizing the approaches to satisfying those requirements.
•Designing the above needs is too difficult in a centralized data processing
environment; which uses local and wide area networks.
Security architecture and design contains the concepts, principles,
structures, and standards used to design, monitor, and secure; operating
systems, equipment, networks, applications, and those controls used to
enforce various levels of availability, integrity, and confidentialityThe OSI
security architecture is useful to managers as a way of organizing the task
of providing security.

•This architecture was developed as an international standard

•All computer and communications vendors have developed security

features for their products and services that relate to this structured
definition of services and mechanisms.

•The OSI security architecture focuses on security attacks, mechanisms,

and services. These are defined briefly in the next slide.

•Security attack: Any action that compromises the security of information

owned by an organization.

•Security mechanism: A process (or a device incorporating such a

process) that is designed to detect, prevent, or recover from a security
attack. Security service: A processing or communication service that
enhances the security of the data processing systems and the information
transfers of an organization.
•The services are intended to counter security attacks, and they make use
of one or more security mechanisms to provide the service.
•Threat: A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability.

•Attack: An assault on system security that derives from an intelligent threat; that
is, an intelligent act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security policy of
a system.

Two types of attacks:

• Active attack: An attempt to alter system resources or affect their operation.

Passive attack: An attempt to learn or make use of information from the system
that does not affect system resources.

We can also classify attacks based on the origin of the attack:

• Inside attack: Initiated by an entity inside the security perimeter (an

“insider”).The insider is authorized to access system resources but uses them in a
way not approved by those who granted the authorization.

• Outside attack: Initiated from outside the perimeter, by an unauthorized or

illegitimate user of the system (an “outsider”).

On the Internet, potential outside attackers range from amateur pranksters to

organized criminals, international terrorists, and hostile governments

Active Attacks- Types of Active Attacks- a.A masquerade takes place

when one entity pretends to be a different entity.

b.Replay involves the passive capture of a data unit and its subsequent
re-transmission to produce an unauthorized effect.

C.Modification of messages simply means that some portion of a legitimate

message is altered, or that messages are delayed or reordered, to produce an
unauthorized effects.
 D.The denial of service:Prevents or inhibits the normal use or management of
communications facilities.•may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the security audit
service).

Passive attacks-A passive attack attempts to learn or make use of information

from the system but does not affect system resources

Types of Passive attacks-a.Release of message contents -•Eavesdropping on, or

monitoring of, transmissions. The goal of the opponent is to obtain information
that is being transmitted.A phone conversation, an email or a file under
transmission may be eavesdropped. b. Traffic analysis-If the messages are
encrypted the opponents cannot extract the information even if they
captured the message.Opponent might still be able to observe the pattern
of these messages.

Active Vs Passive attacks

•Active attacks present the opposite characteristics of passive attacks.

•Passive attacks are difficult to detect. Measures are available to prevent

their success.

•On the other hand, it is quite difficult to prevent active attacks absolutely,
because of the wide variety of potential physical, software, and network
vulnerabilities.

•The goal is to detect active attacks and to recover from any disruption or
delays caused by them.
•Symmetric encryption is a form of cryptosystem in which encryption and
decryption are performed using the same key. It is also known as conventional
encryption.Symmetric encryption transforms plaintext into ciphertext using a
secret key and an encryption algorithm. Using the same key and a decryption
algorithm, the plaintext is recovered from the ciphertext.

Symmetric Cipher Model-A Symmetric encryption scheme has five

ingredients :-

1.Plaintext: the original message or data that is fed into the algorithm as input.

2.Encryption algorithm: The encryption algorithm performs various substitutions

and transformations on the plaintext.

3.Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm.

4.Ciphertext: This is the scrambled message produced as output. It depends on

the plaintext and the secret key

.5.Decryption algorithm: This is essentially the encryption algorithm run in

reverse. It takes the ciphertext and the secret key and produces the original
plaintext

There are two requirements for secure use of conventional encryption:

1.We need a strong encryption algorithm.

2.Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure.

Cryptography- Cryptographic systems are characterized along three

independent dimensions: •The type of operations used for transforming
plaintext to ciphertext. ØSubstitution, in which each element in the plaintext
(bit, letter, group of bits or letters) is mapped into another element.
ØTransposition, in which elements in the plaintext are rearranged.•The number
of keys used. ØIf both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption.

ØIf the sender and receiver use different keys, the system is referred to as
asymmetric, two-key, or public-key encryption.•The way in which the plaintext is
processed. ØA block cipher processes the input one block of elements at a time,
producing an output block for each input block. ØA stream cipher processes the
input elements continuously, producing output one element at a time.

Cryptanalysis and Brute-Force Attack

There are two general approaches to attacking a conventional encryption

scheme:

•Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus

perhaps some knowledge of the general characteristics of the plaintext or even
some sample plaintext–ciphertext pairs.

•Brute-force attack: The attacker tries every possible key on a piece of

ciphertext until an intelligible translation into plaintext is obtained.
Advanced Encryption Standard (AES) is a highly trusted encryption algorithm
used to secure data by converting it into an unreadable format without the
proper key. It is developed by the National Institute of Standards and
Technology (NIST) in 2001. It is is widely used today as it is much stronger than
DES and triple DES despite being harder to implement. AES encryption uses
various key lengths (128, 192, or 256 bits) to provide strong protection against
unauthorized access. This data security measure is efficient and widely
implemented in securing internet communication, protecting sensitive data, and
encrypting files. AES, a cornerstone of modern cryptography, is recognized
globally for its ability to keep information safe from cyber threats.

AES is a Block Cipher.

The key size can be 128/192/256 bits.

Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher
text. AES relies on the substitution-permutation network principle, which is
performed using a series of linked operations that involve replacing and
shuffling the input data.

Working of The Cipher

AES performs operations on bytes of data rather than in bits. Since the block size
is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.

Creation of Round Keys

A Key Schedule algorithm calculates all the round keys from the key. So the
initial key is used to create many different round keys which will be used in the
corresponding round of the encryption.
Each round comprises of 4 steps : SubBytes,ShiftRows,MixColumn, Add Round

Applications of AES-AES is widely used in many applications which require

secure data storage and transmission. Some common use cases include:

Wireless security: AES is used in securing wireless networks, such as Wi-Fi

networks, to ensure data confidentiality and prevent unauthorized access.

Database Encryption: AES can be applied to encrypt sensitive data stored in

databases. This helps protect personal information, financial records, and other
confidential data from unauthorized access in case of a data breach.

Secure communications: AES is widely used in protocols such as internet

communications, email, instant messaging, and voice/video calls. It ensures that
the data remains confidential.

Data storage: AES is used to encrypt sensitive data stored on hard drives, USB
drives, and other storage media, protecting it from unauthorized access in case
of loss or theft.
Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has
played a significant role in data security. Data encryption standard (DES) has been
found vulnerable to very powerful attacks therefore, the popularity of DES has
been found slightly on the decline. DES is a block cipher and encrypts data in
blocks of size of 64 bits each, which means 64 bits of plain text go as the input to
DES, which produces 64 bits of ciphertext. The same algorithm and key are used
for encryption and decryption, with minor differences. The key length is 56 bits.
Key Generation and Initial Setup: The original 64-bit key is reduced to a 56-bit key
by discarding every 8th bit (bits at positions 8, 16, 24, 32, 40, 48, 56, and 64).​
DES works based on two cryptographic principles: substitution (confusion) and
transposition (diffusion), which are applied across 16 rounds of encryption.​
Encryption Process:

1.​ Initial Permutation (IP):​

The 64-bit plaintext block undergoes a bit reordering, where each bit is
mapped to a new position according to a predefined table (Initial
Permutation table).This results in a permuted block that is split into two
halves: Left Plain Text (LPT) and Right Plain Text (RPT), each 32 bits long.​

2.​ Key Transformation:The 56-bit key is split into two 28-bit halves.Each half is
circularly shifted (1 or 2 positions per round) to generate a new 48-bit
subkey for each of the 16 rounds.A Compression Permutation selects 48
bits from the 56-bit key to form the subkey, making sure a unique subset of
key bits is used in each round.​

3.​ Rounds of Encryption (16 rounds):​

Each round involves several steps:​
Expansion Permutation: The 32-bit RPT is expanded to 48 bits, dividing it
into 8 blocks of 4 bits, each expanded into 6 bits.​
XOR Operation: The 48-bit RPT after expansion is XORed with the 48-bit
subkey generated in the current round.​
S-Box Substitution: The result of the XOR operation is passed through a set
of S-Boxes (substitution boxes) to perform substitution (confusion).​
 Permutation: The substituted output is permuted (transposed) to ensure
diffusion.The left half (LPT) is then XORed with the permuted output of the
current round and swapped with the right half (RPT).​
Final Permutation (FP):After completing all 16 rounds, the two halves of
the data (LPT and RPT) are combined and undergo a Final Permutation
(FP).The result is a 64-bit ciphertext.​

Key Features of DES: Substitution (S-Boxes): Replaces input bits with different bits
based on a predefined table. Permutation: Transposes bits for diffusion, spreading
the information across the ciphertext.Key Transformation and Compression: Key
bits are reduced and shifted to create subkeys for each round.

​
DES's Strength:The use of substitution and permutation, along with shifting and
compressing the key, creates a highly complex encryption system, making it
resistant to simple attacks.Weaknesses:DES is vulnerable to brute-force attacks
due to the relatively small 56-bit key size (now considered insecure for modern
applications).​