Scribd
Upload
19 views37 pages

CSE2203 - Lecture 2 - Introduction To Cryptography

This document outlines the course structure for CSE 2203: Computer and Information Security Fundamentals at the University of Guyana, detailing weekly topics and learning objectives related to cryptography and security principles. It emphasizes the importance of cryptography in securing communications and discusses different types of cryptosystems, including symmetric and asymmetric methods. Additionally, it addresses the balance between individual rights to privacy and government interests in security.

Uploaded by

kareemrichards61
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views37 pages

CSE2203 - Lecture 2 - Introduction To Cryptography

This document outlines the course structure for CSE 2203: Computer and Information Security Fundamentals at the University of Guyana, detailing weekly topics and learning objectives related to cryptography and security principles. It emphasizes the importance of cryptography in securing communications and discusses different types of cryptosystems, including symmetric and asymmetric methods. Additionally, it addresses the balance between individual rights to privacy and government interests in security.

Uploaded by

kareemrichards61
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

The University of Guyana

Faculty of Natural Sciences

LECTURE 2
Computer and
Information Security
Fundamentals
(CSE 2203)
SEMESTER II (2024-2025)

Sandra Khan BSc MSc CISSP PG Dip Education (Higher Ed)


[email protected]

Department of Computer Science


The University of Guyana
Faculty of Natural Sciences
Course Outline
Week 1 – Security Basics
Week 2 – Introduction to Cryptography
Week 3 - Authentication, Encryption (DES/RSA), Hashing
Week 4 - Integrity – Digital Certificates, Message Digests
Week 5 – Network and Internet Security
Week 6 - Internet Commerce, SSL, IPSec, Firewalls
Week 7 – VPN / IDS
Week 8 & 9 – Wireless Security
Week 10 – System Security
Week 11 – Access Control
Week 12 – Application Security
Week 13 – Cyber Crime

Department of Computer Science / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Faculty of Natural Sciences
Learning Objectives
By the end of this lesson students will be able to:

●Discuss the role of Cryptography in securing information

●Explain basic Cryptosystems

●Describe Classical Ciphers

Distinguish between two types of Cryptography: Symmetric


and Asymmetric

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Faculty of Natural Sciences
Recap

In the last lecture, we discussed:

● The nature of the Computer and Information Security challenge


● The major security goals (CIA Triad)
● Some terminology – Vulnerabilities, Threats, Control Paradigm
● The M-O-M Framework

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Faculty of Natural Sciences
Recap Quiz

What is the term that best describes the following: a sender is


not able to deny sending a message, e.g. an email or text
message
a)message integrity
b)message confidentiality
c)message availability
d)message nonrepudiation

Komisarczuk, P., Martin, K. & Alis, J. (2019), Information Security: Context and Introduction [Coursera course]

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Faculty of Natural Sciences
Recap Quiz

A message has integrity if:

a) it is authenticated
b) it contains the truth
c) it is verifiably unaltered
d) it contains the senders handwritten signature

Komisarczuk, P., Martin, K. & Alis, J. (2019), Information Security: Context and Introduction [Coursera course]

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Faculty of Natural Sciences
Recap Quiz
A third party (e.g. a spy) is not able to read a message when:

a)The message is using a cryptographic protocol to


implement confidentiality
b)The message has high availability
c)The message is sent with integrity
d)The message is sent using a nonrepudiation technique

Komisarczuk, P., Martin, K. & Alis, J. (2019), Information Security: Context and Introduction [Coursera course]

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Information Security
The University of Guyana
Faculty of Natural Sciences
Requirements

Let’s imagine an old “computer


free” office, where everything is
done by telephone and
paperwork.

What are the basic security


processes in the physical world
that help us to make security
decisions about information
that we receive?
(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Information Security
Requirements in the
The University of Guyana
Faculty of Natural Sciences
Digital Age

Now imagine a modern fully networked office


environment. Let’s suppose that nobody has
implemented any information security controls.

●How do you identify the sender of a file?


●Can anyone else read an email that you send to a

colleague?
●How do you sign a contract?
●Is this a more secure environment than the old office?
(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Basic Security
Requirement in the
The University of Guyana
Faculty of Natural Sciences
Digital Age

“The basic security requirement is the


need for the translation of the basic
security mechanisms used in the
physical world into mechanisms
suitable for application in an
electronic environment. “
(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Business Security
Requirement in the
The University of Guyana
Faculty of Natural Sciences
Digital Age
“For businesses (and organisations in general), the Internet
represents both a great opportunity and a significant risk.

The main business security requirement is that increased


automation and adoption of new technologies should not
lead to a decrease in the overall security of conducting
business.”
A central aim of today's lesson is to discuss what role cryptography
plays in this translation process.
(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Meet Alice and Bob
The University of Guyana
Faculty of Natural Sciences

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Meet Alice and Bob
The University of Guyana
Faculty of Natural Sciences

If Alice and Bob are to have any assurances about the security
of the communication that they have just exchanged then they
must ask themselves some serious questions.
What questions should Alice be thinking about before she sends

her information to Bob?

●After he has received the


information, what questions
should Bob be contemplating
with regard to his newly received
(Martin, 2009)
information?
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
Role of Cryptography
The University of Guyana
Faculty of Natural Sciences

What is the role of


Cryptography?

What is Cryptography?

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Cryptography
The University of Guyana
Faculty of Natural Sciences

What is the role of


Cryptography?
•Cryptography is not a new concept –
used for thousands of years preceding
the Information Age.

What is Cryptography?
•Cryptography is the art and science of
designing techniques for secure
communication in the presence of
malicious third parties called adversaries.

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Cryptanalysis / Cryptology
The University of Guyana
Faculty of Natural Sciences

Cryptanalysis is a process
of finding weaknesses in
cryptographic algorithms
and using these
weaknesses to
decipher the ciphertext
without knowing the secret
key.

Cryptology is the science


that underpins cryptography
and cryptanalysis.

(OWASP, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Ciphers in Public Imagination
Faculty of Natural Sciences

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Classical Ciphers
Faculty of Natural Sciences

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Ciphers in Public Imagination
Faculty of Natural Sciences

http://www.themakeupgallery.info/hair/shaved/rushhour3.htm

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Ciphers in Public Imagination
Faculty of Natural Sciences

http://www.themakeupgallery.info/hair/shaved/rushhour3.htm

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Ciphers in Public Imagination
Faculty of Natural Sciences

http://www.themakeupgallery.info/hair/shaved/rushhour3.htm

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Historical Cryptography -
The University of Guyana
Faculty of Natural Sciences Caesar Cipher

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Caesar Cipher
Faculty of Natural Sciences

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana
Decipher the following:
Faculty of Natural Sciences

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


Digital
The University of Guyana
Faculty of Natural Sciences Cryptographic Primitives

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
What is a Cryptosystem
Faculty of Natural Sciences

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
A Cryptosystem
Faculty of Natural Sciences

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
A Symmetric Cryptosystem
Faculty of Natural Sciences

In symmetric cryptosystems the decryption key is easily


obtained from the encryption key. Often, in a symmetric
cryptosystem the encryption key and the decryption key are
exactly the same.

All practical cipher systems prior to the 1980’s were symmetric


cryptosystems. Indeed symmetric cryptosystems are still heavily
used today and there is no sign that their popularity is fading.

The study of symmetric cryptosystems is often referred to as


symmetric cryptography.

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
A Symmetric Cryptosystem
Faculty of Natural Sciences

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
Public Key Cryptosystems
Faculty of Natural Sciences

In public key cryptosystems it is computationally infeasible


(in other words, practically impossible) to determine the
decryption key from the encryption key.

In this case the encryption key and the decryption key


must be different. For this reason, public key cipher
systems are sometimes referred to as asymmetric
cryptosystems.

The study of public key cryptosystems is often referred to


as public key cryptography.
(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
Public Key Cryptosystems
Faculty of Natural Sciences

(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana
Questions
Faculty of Natural Sciences

.1. Can cryptography prevent a communication from being


intercepted?

2. Which of the following need to be kept secret?


a) Encryption algorithm
b) Decryption algorithm
c) Encryption key
d) Decryption key
3. Does using a good encryption algorithm guarantee the
confidentiality of a message?
(Martin, 2009)
LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan
The University of Guyana Perspectives on Cryptography
Faculty of Natural Sciences

Individual Perspective:
Individuals have a right to use cryptography as they see fit.
Cryptography enables perceived rights such as privacy and freedom of
expression.

Government Perspective:

On the other hand, governments may wish to control crime and manage
issues of national security. They may try to do this by imposing certain
barriers and introducing other laws and regulations.

(Martin, 2009)

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana FURTHER INFORMATION
Faculty of Natural Sciences

Course notes and references are available via Moodle.

Required Readings:

Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in


computing: Chapter 2

Department of Computer Science


The University of Guyana Faculty of
Natural Sciences
Readings
Required Reading(s)
Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in computing.
Prentice Hall Professional Technical Reference.

Stallings, W. (2006). Cryptography and Network Security, 4/E.


Pearson Education India.

Recommended Reading(s)
Stallings, W. (2007). Network security essentials: applications and
standards. Pearson Education India.

https://www.sans.org/security-resources/glossary-of-terms/

Department of Computer Science / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


The University of Guyana REFERENCES
Faculty of Natural Sciences

Martin,K.(2009). Intro to Cryptography [PowerPoint


Presentation]. Retrieved from Royal Holloway ISG

Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in


computing. Prentice Hall Professional Technical Reference.

LECTURE 2 / CSE2203 / 2024-2025 / Lecturer: Sandra Khan


End of Lecture 2

You might also like