CRYPTOGRAPHY AND NETWORK SECURITY

1. Introduction to Computer Security

Computer security refers to the protection of computer systems and networks from
unauthorized access, damage, or theft of data. It ensures confidentiality, integrity, and
availability of information. Security measures include encryption, authentication, and
firewalls. The field of cybersecurity has evolved due to
increasing cyber threats such as malware, phishing, and hacking.

Key aspects:
1. Protecting data and systems from cyber threats.
2. Ensuring only authorized users can access sensitive data.
3. Preventing unauthorized modifications and ensuring data integrity.

2. Need for Security

With the growing reliance on computers and the internet, security threats have increased.
Cybercriminals exploit vulnerabilities to steal sensitive information, disrupt operations,
and spread malware. A robust security framework is essential for:
1. Data Protection: Preventing unauthorized access to personal and
organizational data.
2. Business Continuity: Avoiding downtime caused by cyberattacks.
3. Privacy: Ensuring users' sensitive information is not exposed.
4. Legal Compliance: Meeting regulatory requirements like GDPR and
HIPAA.
Example: A bank implementing multi-factor authentication (MFA) to secure customer
transactions.

3. Security Approaches
There are multiple approaches to securing computer systems:
1. Prevention: Involves using firewalls, encryption, and strong authentication to
block attacks before they happen.
2. Protection: When Threat is ready to occur, protect the system.
3. Resilience: Threat has occurred now we need to solve the threat.
4. Detective Approach: Identifies security breaches using intrusion detection
systems (IDS) and monitoring tools.
5. Corrective Approach: Focuses on recovering from security incidents through
backups and disaster recovery plans.
6. Defense-in-Depth: A layered security strategy combining multiple protection
methods like firewalls, antivirus software, and access controls.
 7. Zero Trust Security: Assumes no entity inside or outside the network is
trustworthy without verification.
Example: Implementing both firewalls and IDS for layered protection.

4. Principles of Security
Security principles form the foundation of cybersecurity measures:
1. Confidentiality:
i. Ensures that sensitive data is accessible only to authorized users.
ii. Example: Encrypting data before transmission.
2. Integrity:
i. Ensures data is accurate and not altered without authorization.
ii. Data can be modified by authorized users only.
iii. Example: Using hash functions like SHA-256 to verify data
integrity.
3. Availability:
Ensures systems and data are accessible when needed.
Example: Implementing redundancy and failover mechanisms.
4. Authentication:
i. Verifies the identity of users before granting access.
ii. Example: Using passwords, biometrics, or two-factor
authentication (2FA).
5. Non-Repudiation:
i. Ensures that actions cannot be denied after execution.
ii. Example: Digital signatures in electronic transactions.

5. Types of Attacks
Cyberattacks can be classified into various categories based on their target and impact:

1.Passive Attacks: Attackers eavesdrop on communication without modifying data.

Example: Packet sniffing in a public Wi-Fi network.
It has subparts:
• Release of message contents (attackers can see what is the message)
• Traffic Analysis (attackers cannot read the message but can analyze traffic and
patterns).

2. Active Attacks: Attackers alter data or disrupt services.

Example: Man-in-the-Middle (MITM) attack modifying communication.
It has subparts:
1. Masquerade: Attacker pretends to be someone else to gain unauthorized access or
send fake messages. (with stolen credentials)
 2. Relay: Attacker intercepts and forwards communication between two parties
without altering it.
3. Denial of Service (DoS): Attacker floods a system with traffic to make it
unavailable.

Malware Attacks:
Use of malicious software like viruses, worms, and ransomware.
Example: WannaCry ransomware encrypting files and demanding payment.

Phishing Attacks:
Fraudulent attempts to obtain sensitive information via fake emails or websites.
Example: An email pretending to be from a bank requesting login credentials.

Denial-of-Service (DoS) Attacks:

Overloading and flooding a server to make it unavailable.
Example: A botnet flooding a website with traffic.

SQL Injection Attacks:

Injecting malicious SQL queries to manipulate databases.
Example: Extracting user credentials from a website database.

Brute Force Attacks:

Trying multiple password combinations to gain access.
Example: Automated software attempting millions of passwords.

1. Introduction to Cryptography
Cryptography is the process of securing communication by converting
information into a secure format. It ensures confidentiality, integrity,
authentication, and non-repudiation of data.
• Early Cryptography: Used in ancient civilizations (e.g., Caesar cipher).
• Modern Cryptography: Uses mathematical algorithms for secure
communication.
Example: Online banking transactions use cryptographic algorithms to ensure data
security.

2. Plaintext & Ciphertext

• Plaintext: The original, readable message before encryption.
• Ciphertext: The encrypted message that appears unreadable without a
decryption key.
 Example:

• Plaintext: "HELLO"
• Ciphertext (Caesar Cipher with shift 3): "KHOOR"
Encryption transforms plaintext into ciphertext, and decryption reverses the process.

3. Symmetric Encryption is of 2 types:

o Substitution
o Transposition

Substitution Techniques -
A method where characters in plaintext characters are replaced with other characters
according to a predefined system.

Types of Substitution cipher:

1. Caesar Cipher:
a. Each letter is shifted by a fixed number (e.g., shift of 3: A → D, B → E).
b. C = E (k,p) = (p + k) mod 26. {C->cipher text, p → plain text}
c. P = D (k,C) = (C-k) mod 26.
Weakness: Easily broken using frequency analysis.
2. Monoalphabetic Cipher:
a. Each letter is replaced with another letter, but mapping remains the same.
b. Example: A → M, B → X, C → P (Fixed Substitution). [1 → 1]

3. Polyalphabetic Ciphers:
a. Each character will have a different substituting character.
b. (A → Z, A → X hence AA → ZX). [ 1 → many]

Keyed Ciphers:
4. Vigenère Cipher: (polyalphabetic)
a. Uses a keyword-based shifting mechanism for encryption.
b. Add the key value to plain text,
➢ C = (p + k) % 26.

5. Vernam Cipher: (one time pad)

a. Add the key value to plain text,
➢ C = (p+k)
b. If value exceeds 26 then subtract 26 from it.
c. C = (p+k),
➢ If (C>26), C = C - 26
 6. Playfair Cipher: Uses a 5x5 matrix of letters and encrypts digraphs (pairs of
letters).

7. Hill Cipher:
➢ C = K * P mod 26
a. Key ➔ M*N matrix,
b. break the plain text in Mx1 matrix and multiply with key matrix and do mod
26.

Advantage: Harder to break than Caesar Cipher.

Disadvantage: Still vulnerable to frequency analysis with long ciphertext.

Transposition Techniques - ( keyed / keyless )

A method where plaintext characters are rearranged without changing their identity.
Types of Transposition Ciphers:
1. Rail Fence Cipher: (keyless)
• Letters are written in a ZIG-ZAG pattern (DIAGONAL SEQUENCE) and then
read row-wise.
Example:

"HELLO WORLD" → Zig-zag arrangement → Encrypted text: "HLOOL ELWRD"

2. Columnar Transposition/Row transposition: (keyed/keyless)

• Rearranges plaintext based on a secret key (column order).
• Incase of keyless, just write plaintext in row and read it column wise from 1st
col till last.
Row Transposition Cipher is a transposition technique that involves writing plaintext into
rows and then reading off ciphertext from the columns.
It works by rearranging the order of the characters in the plaintext, according to a specific
pattern or key, and then writing the resulting ciphertext in a grid format. The text is read
according to the key numbers.
3. Double Transposition: Apply Row/Column transposition twice. (More secure)

Advantage: Harder to break than simple substitution.

Disadvantage: Still vulnerable to frequency analysis.
 Shanon’s Confusion & Diffusion Theory

Difference - Stream vs Block Cipher:

Feistel Cipher: Feistel Cipher is a symmetric structure used in the construction of block
ciphers. Forms the basis for many encryption algorithms like DES (Data Encryption
Standard).

Steps:

1. Divide the plaintext into two equal halves: Left and Right.
2. Repeat for several rounds (e.g., 16 rounds):
a. Apply function F(k, R) i.e round fn on Right half and key.
b. XOR result of F(k, R) with Left to get new Right.
c. Now the result of XOR of left becomes new Right and the Right becomes
left for next round.
3. Combine the final Left and Right halves to get the ciphertext.

Encryption & Decryption:

1. Encryption: The process of converting plaintext into ciphertext using an

encryption key.
2. Decryption: The process of converting ciphertext back into plaintext using a
decryption key.

Example (Simple XOR Encryption):

1. Plaintext: “HELLO” (ASCII)

2. Key: “XMCKL”
3. Ciphertext: XOR of plaintext and key.

✅ Purpose: Protects data confidentiality.

❌Challenge: Key management and secure transmission.
Symmetric & Asymmetric Key Cryptography
Symmetric Key Cryptography: it uses a single key for both encryption and decryption
of data.

• Sender encrypts the message using a shared secret key.

• Receiver decrypts the message using the same key.
Example Algorithms:
1. AES (Advanced Encryption Standard)
2. DES (Data Encryption Standard)
3. Blowfish

✅ Pros:

1. Fast and efficient

2. Less computational overhead

❌ Cons:

1. Key distribution is challenging (how to safely share the key?)

2. Not scalable for large networks (each pair needs a unique key)

2. Asymmetric Key Cryptography: it uses two keys: a public key of receiver (for
encryption) and a private key of receiver (for decryption).
How it works:

1. Sender encrypts the message using the receiver’s public key.

2. Only the receiver can decrypt it using their private key.

Example Algorithms:
1. RSA (Rivest–Shamir–Adleman)
2. ECC (Elliptic Curve Cryptography)
3. DSA (Digital Signature Algorithm)
✅ Pros:

1. More secure key distribution

2. Enables digital signatures and authentication
❌ Cons:

1. Slower than symmetric encryption

2. Computationally intensive
Key Range & Key Size
1. Key Range: Number of possible key values for a given encryption system.
2. Key Size: Length of the key (measured in bits).
Key Sizes in Different Algorithms:

Algorithm Key Size

DES 56-bit
AES 128, 192, 256-bit
RSA 1024, 2048, 4096-bit

Larger key sizes provide better security but require more computational power.

1. Introduction to Symmetric Key Algorithm

Symmetric encryption involves using a single secret key to encrypt and decrypt
messages. This method ensures confidentiality and is faster than asymmetric encryption.
However, secure key distribution remains a challenge.

Characteristics of Symmetric Key Algorithms:

1. Uses a single shared key for encryption and decryption.
2. Faster compared to asymmetric encryption.
3. Requires secure key exchange between communicating parties.
4. Used in Bulk Data transfer.
5. Used in applications like SSL/TLS, VPNs, and wireless encryption
(WPA2).

Example: Alice and Bob share a secret key. Alice encrypts a message using this
key, and Bob decrypts it using the same key.
2. Algorithm Types & Modes
Types of Symmetric Key Algorithms:
1. Block Ciphers:
a. Encrypts data in fixed-size blocks (e.g., 64-bit, 128-bit).
b. Example: DES, AES, Blowfish, IDEA, RC5
2. Stream Ciphers:
a. Encrypts data bit-by-bit or byte-by-byte.
b. Example: RC4 (used in SSL, WEP)

Modes of Operation in Block Ciphers: Block ciphers use different modes of operation
to process data securely

Block Cipher Modes Explained:

1. ECB – Electronic Codebook Mode: Each block of plaintext is encrypted independently

using the same key.

➕ Advantages:

1. Simple and fast

2. Easy to implement
3. Allows parallel encryption of blocks
➖ Disadvantages:

1. Pattern leakage: Identical plaintext blocks result in identical ciphertext blocks

2. Not secure for data with repeating patterns
3. Rarely used in practice for sensitive data

2. CBC – Cipher Block Chaining Mode: Each plaintext block is XORed with the
previous ciphertext block before encryption. The first block uses an Initialization Vector
(IV).
➕ Advantages:

1. Hides data patterns.

2. More secure than ECB.
3. Widely used in file and message encryption
➖ Disadvantages:

1. Slower (blocks must be processed in order)

2. One-bit error in ciphertext affects two blocks
3. Needs IV for the first block

3. CFB – Cipher Feedback Mode

Encrypts the previous ciphertext block (or IV), takes s selected bits from the output,
and XORs them with the plaintext to get ciphertext.

➕ Advantages

1. Can be used for streaming data

2. Doesn’t require separate decryption algorithm (same as encryption)
3. Can work on smaller units (e.g., bytes)

➖ Disadvantages

1. Error in one ciphertext byte affects the next few blocks

2. Cannot be parallelized
3. Slower than some other modes.
4. OFB – Output Feedback Mode
Encrypts the previous output (starting with IV), and XORs the result with plaintext to
generate ciphertext. Ciphertext is not fed back.

➕ Advantages

1. Errors don’t propagate — one-bit error affects only that bit

2. Suitable for noisy communication channels
3. Works as a stream cipher
4. Plain text size is flexible

➖ Disadvantages

1. Cannot be parallelized
2. Sensitive to IV reuse . Regenerated IV must use unique IV every time
3. Vulnerable to certain attacks if IV or key is reused
4. Vulnerable to modification attacks

5. CTR – Counter Mode

Encrypts a counter value (which increases with each block), and XORs the output with
plaintext. Acts like a stream cipher.
➕ Advantages

1. Very fast and supports parallel encryption/decryption

2. No chaining → no error propagation
3. Preprocessing possible (encrypt counter in advance)

➖ Disadvantages

1. IV (nonce) and counter must never repeat — reusing them compromises security
2. Slightly more complex counter management
Initialization Vector for first step:
3. Overview of Symmetric Key Cryptography

Advantages:
1. Faster encryption and decryption.
2. Less computationally expensive than asymmetric cryptography. Suitable for bulk
data encryption.
Disadvantages:
1. Key distribution is difficult.
2. If the key is compromised, security is lost.
3. Does not provide authentication (only confidentiality).
Use Cases:
• Data encryption in cloud storage.
• VPN (Virtual Private Network) encryption.
• Wireless security protocols (WPA2, WPA3).

DES (Data Encryption Standard) Algorithm

Developed By: IBM in 1977, later adopted by NIST.
Key Size: 56-bit key (with 64-bit block size).
Structure: 16-round Feistel Cipher.

Steps of DES Encryption:

1. Initial Permutation (IP): Rearranges the bits in the plaintext.
2. 16 Rounds of Feistel Cipher:
Each round involves substitution, permutation, and XOR with a round key.
3. Final Permutation (FP): Produces the ciphertext.

Weaknesses of DES:
• 56-bit key is vulnerable to brute-force attacks.
• Can be cracked using modern computing power.

DES was replaced by AES (Advanced Encryption Standard) and Triple DES (3DES).

Example: Used in legacy banking systems before AES replaced it.

 IDEA (International Data Encryption Algorithm) Algorithm
Developed By: Xuejia Lai and James Massey (1991).
Key Size: 128-bit key.
Block Size: 64-bit.
Structure of IDEA:
• Consists of 8 rounds of encryption.
• Uses modular arithmetic, XOR, and bitwise operations for security.
Steps in IDEA Encryption:
1) Divide the 64-bit plaintext into four 16-bit sub-blocks.
2) Each round involves:
a. Mixing sub-blocks using modular multiplication.
b. XOR operations for diffusion.
c. Swapping certain sub-blocks
3) Final transformation and key mixing to generate ciphertext.

Strengths:
1) Resistant to differential and linear cryptanalysis.
2) Stronger than DES due to a 128-bit key.
Weakness:
1) Patent restrictions made it less widely adopted.
2) Not widely used today due to AES dominance.
3) Example: Used in Pretty Good Privacy (PGP) encryption for emails.
Subkey generation:
RC5 (Rivest Cipher 5) Algorithm

Developed By: Ronald Rivest (1994).

Parameters:

1) Block/Word Size (bits): Possible Values: 16, 32, 64

2) Number of Rounds: Possible Values: 0 – 255
3) Key Size (bytes): Possible Values: 0 – 255
4) Plain text of 64 bits is divided into two blocks of 32 bits each i.e. A & B.
5) Sub keys generated are S0 and S1. These sub keys are added to A & B
respectively to produce C & D.

Each Round consists of:

1. Bitwise XOR,
2. ⁠left circular shift,
3. ⁠addition to the next key for both C & D.
Steps in RC5 Encryption:
1) Key Expansion: Expands the secret key into multiple round keys.
2) Encryption:
i. One time initialisation. S[0] + A & S[1] + B.
ii. XOR A & B
iii. Cyclic left shift of A by B bits
iv. ⁠Add S[2*i] to output of previous step to get new A
v. ⁠XOR B with previous values of A to get new B
vi. Cyclic left shift new value of B by A bits ⁠
vii. Add S[2*i + 1] to output of previous step to get B
viii. Repeat the procedure till r time.
3) Decryption: Reverse of Encryption.
Strengths:
1) Highly flexible (variable block size, key size, and number of rounds).
2) Faster than DES.
Weakness:
1) Vulnerable to related-key attacks if not implemented securely.
2) Example Use Case: Used in wireless security and embedded systems.

Introduction to Asymmetric Key Cryptography

Asymmetric key cryptography (also called Public Key Cryptography) is a
cryptographic system that uses two keys:
• Public Key: Used for encryption.
• Private Key: Used for decryption.
Unlike symmetric encryption, where the same key is used for both encryption and
decryption, asymmetric encryption allows secure communication between two parties
without sharing a secret key beforehand.

Example:

• Alice wants to send a secure message to Bob.

• Alice encrypts the message using Bob's public key.
• Bob decrypts the message using his private key.

Advantages:
1) Secure key exchange (no need to share a secret key).
2) Provides confidentiality, authentication, and non-repudiation.

Disadvantage:
1) Slower than symmetric encryption due to complex mathematical operations.
2) Computationally expensive for large data encryption.

Overview of Asymmetric Key Cryptography

Key Features:

1) Uses public and private key pairs.

2) Provides authentication and confidentiality.
3) Used in secure email, digital certificates, and SSL/TLS protocols.
Common Asymmetric Key Algorithms:
 Algorithm Key Size Usage
RSA (Rivest-Shamir- 1024, 2048, Secure web browsing (HTTPS),
Adleman) 4096 bits email encryption
Elliptic Curve
160-521 bits Mobile encryption, IoT security
Cryptography (ECC)
1024, 2048
Diffie-Hellman (DH) Secure key exchange
bits
DSA (Digital Signature 1024, 2048
Algorithm) Digital signatures
bits

RSA Algorithm (Rivest-Shamir-Adleman)

Developed By: Ron Rivest, Adi Shamir, and Leonard Adleman in 1978.
Key Size: Typically 1024, 2048, or 4096-bit keys.
Security Basis: Based on the difficulty of factoring large prime numbers.

Steps in RSA Encryption & Decryption:

1) Key Generation:
a. Choose two large prime numbers p and q.
b. Compute n = p × q.
c. Compute ϕ(n) = (p-1) × (q-1).
d. Choose an encryption key e (1 < e < ϕ(n), and gcd(e, ϕ(n)) = 1).
e. Compute the private key d such that (d × e) mod ϕ(n) = 1.
f. Public Key: (e, n), Private Key: (d, n).
2) Encryption:
a. Convert plaintext into numerical format M.
b. Compute ciphertext C = M^e mod n.
c. Send C to the receiver.
3) Decryption:
a. Compute M = C^d mod n.
b. Convert M back into plaintext.

Example Calculation:
• Choose p = 7, q = 11 → n = 77.
• Compute ϕ(n) = (7-1) × (11-1) = 60.
• Choose e = 17 (since gcd(17,60) = 1).
• Compute d such that (d × 17) mod 60 = 1 → d = 53.
Public Key: (77, 17), Private Key: (77, 53).

If plaintext M = 10,
Encryption: C = (10^17) mod 77 = 26.
Decryption: M = (26^53) mod 77 = 10.

Strengths of RSA:
1) Highly secure if large key sizes are used.
2) Used in SSL/TLS encryption, VPNs, and digital signatures.

Weaknesses:
1) Slow for large data encryption.
2) Vulnerable to brute force if small key sizes are used.

4. Symmetric & Asymmetric Key Cryptography Together

Asymmetric encryption is slower than symmetric encryption. In many applications, both
are used together to improve efficiency and security.
Example: Hybrid Encryption (SSL/TLS in Web Browsers)
Hybrid Encryption -
It combines symmetric and asymmetric encryption for efficient and secure data
protection. It uses symmetric encryption to encrypt the actual data, which is fast, and
asymmetric encryption to encrypt the symmetric key itself, ensuring secure key
distribution. This approach offers a balance between speed and security, making it
suitable for various applications like secure messaging and data storage.

How it works:
1. A random symmetric key is generated by the sender.
2. Data is encrypted using this symmetric key.
3. The symmetric key is encrypted with the recipient's public key.
4. Both encrypted data and key are sent to the recipient.
5. The recipient decrypts the key with their private key and then decrypts the data.
Example in SSL/TLS (HTTPS):

1) A browser requests a secure connection to a website.

2) The website’s server shares its public key with the browser.
3) The browser encrypts a random symmetric key using this public key.
4) The server decrypts the key using its private key.
5) From this point, symmetric encryption (AES, DES, etc.) is used for fast data
exchange.

Benefit: Security of asymmetric encryption + speed of symmetric encryption.

5. Digital Signature
A digital signature is a cryptographic technique used to verify the authenticity and
integrity of digital messages or documents.

Functions of Digital Signatures:

Authentication: Confirms the sender’s identity.
Integrity: Ensures the message has not been altered.
Non-repudiation: The sender cannot deny sending the message.
Process of Digital Signature Generation & Verification:
1. Sender:
a. Hashes the message using a hash function (SHA-256, MD5, etc).
b. Encrypts the hash using their private key (Digital Signature).
c. Sends the original message + signature to the receiver.
 2. Receiver:
a. Hashes the received message using the same hash function.
b. Decrypts the sender’s signature using the sender’s public key.
c. Compares the two hash values. If they match, the message is authentic.
Example: Used in digital certificates, online transactions, and e-documents
(PDF signing).

MAC for Authentication:

6. Basic Concepts of Message Digest & Hash Function

A message digest is a fixed-length summary of a message, generated using a
hash function.

Properties of Hash Functions:

1) Deterministic: Same input always gives the same output, generates fixed length
o/p.
2) Fast computation: Efficiently generates hash values.
3) Preimage resistance: Hard to reverse a hash value to its original message.
4) Collision resistance: Hard to find two different messages with the same hash.
Common Hash Functions:

Hash Function Output Size Usage

MD5 128-bit Legacy hashing (not secure today)

SHA-1 160-bit Digital signatures (not recommended today)

SHA-256 256-bit Bitcoin, digital signatures

SHA-3 Variable Modern cryptographic hashing

Example:

Hash of "Hello" using SHA-256:

185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969

Use Cases:
1) Password storage (hashed passwords in databases).
2) Data integrity verification, authentication.
3) Blockchain security (Bitcoin mining).
Internet Security Protocols
Security protocols protect data transmission over the internet. These protocols ensure
confidentiality, integrity, and authentication of information exchanged between
systems.

Common Internet Security Protocols:

Protocol Purpose Example Use Case

HTTPS websites,
SSL (Secure Sockets Layer) Encrypts web traffic
online banking

TLS (Transport Layer Successor to SSL,

Secure email, VPNs
Security) stronger encryption

IPSec (Internet Protocol Security) Encrypts and secures IP VPNs, secure

communication network connections

HTTPS (HyperText Transfer Secure version of HTTP E-commerce, online

Protocol Secure) using SSL/TLS payments

Secures email
S/MIME (Secure/Multipurpose messages using Email confidentiality
Internet Mail Extensions) and authentication
encryption

Example: A user accessing an HTTPS website is secured by SSL/TLS encryption,

preventing attackers from intercepting sensitive data.

SSL Protocol (Secure Sockets Layer):

SSL is a cryptographic protocol that secures internet communication between clients
and servers. Ensures Confidentiality, Integrity & Authentication of data.
Working of SSL:
SSL ensures secure communication through:
1) Encryption: Keeps data private by converting it into unreadable text.
2) Authentication: Verifies identities through a handshake process.
3) Data Integrity: Ensures data isn’t altered during transmission.

Example: When you visit https://www.bank.com, SSL ensures secure transmission of

login credentials and transactions.

Benefits of SSL:
1) Encrypts sensitive data (e.g., passwords, credit card details).
2) Provides authentication via digital certificates. Prevents Man-in-the-Middle
(MITM) attacks.
Limitations:
SSL v2 and v3 are deprecated due to vulnerabilities. TLS 1.2 & 1.3 are recommended for
better security.

SSL Handshake Protocol

Alert Protocol

This protocol is used to convey SSL-related alerts to the peer entity. Each message in this
protocol contains 2 bytes.

The level is further classified into two parts:

Warning (level = 1) This Alert has no impact on the connection between sender and
receiver.
Some of them are:
1) Bad Certificate: When the received certificate is corrupt.
2) No Certificate: When an appropriate certificate is not available.
 3) Certificate Expired: When a certificate has expired.
4) Certificate Unknown: When some other unspecified issue arose in processing the
certificate, rendering it unacceptable.
5) Close Notify: It notifies that the sender will no longer send any messages in the
connection.
6) Unsupported Certificate: The type of certificate received is not supported.
7) Certificate Revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection will be
stopped, cannot be resumed but can be restarted.
Some of them are:
1) Handshake Failure: When the sender is unable to negotiate an acceptable set of
security parameters given the options available.
2) Decompression Failure: When the decompression function receives improper
input.
3) Illegal Parameters: When a field is out of range or inconsistent with other fields.
4) Bad Record MAC: When an incorrect MAC was received.
5) Unexpected Message: When an inappropriate message is received.

SSL Record Protocol:

SSL Record provides two services to SSL connection.
➢ Confidentiality & Message Integrity

1. In the SSL Record Protocol application data is divided into fragments.

2. The fragment is compressed and then encrypted MAC (Message Authentication Code)
generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is
appended.
3. After that encryption of the data is done and in last SSL header is appended to the data.

Change-Cipher Protocol:
Used in SSL to switch from a pending to a current secure state after the Handshake is
complete. It sends a 1-byte message to activate the new encryption settings.

Authentication Basics: Authentication is the process of verifying the identity

of users before granting access to a system.
Authentication Factors:

Factor Type Description Example

Something You Knowledge-based

Password, PIN
Know authentication
Something You Possession-based
Have authentication Smart card, OTP token
 Factor Type Description Example
Fingerprint, face
Something You Are Biometric authentication recognition

Strong authentication often combines multiple factors (Multi-Factor Authentication -

MFA).

Password-Based Authentication
A password is a secret combination of characters used for authentication.

Best Practices for Strong Passwords:

1) Use at least 12-16 characters (mix of uppercase, lowercase, numbers, symbols).
2) Avoid common words or personal information.
3) Implement password hashing (e.g., bcrypt, PBKDF2).
4) Use Multi-Factor Authentication (MFA) for additional security.
Weaknesses:
1) Brute force attacks (guessing passwords).
2) Phishing attacks (stealing credentials).
3) Keylogging malware (recording keystrokes).

Example:
Weak password: password123
Strong password: G$8n!yT5@z1wX0

Authentication via Token

A token is a unique piece of information used for authentication. It can be hardware-
based or software-based.

Types of Authentication Tokens:

Type Description Example

A physical device that generates RSA SecureID,

Hardware Token one-time passwords (OTP). YubiKey

A mobile app that generates OTP. Google

Software Token
Authenticator, Authy

Securely transfers user API authentication

JSON Web Token (JWT) authentication data in web apps.
Disadvantages:
1) Token theft can lead to security breaches.
2) Hardware tokens can be lost or damaged.

Example: Google sends an OTP to your phone for login verification.

What is Token-Based Authentication?

Token-based authentication is a two-step security method that issues users a unique

encrypted token after they log in with credentials (username/password, OTP, etc.). This
token allows access to a website or app during a specific session without repeated logins.
Tokens are stateless, meaning they don't store user data on the server and expire after a
session, reducing the risk of hacking.

A common example: OTP (One-Time Password) — a short-lived token used to verify

users.

Key Components:
1) User: Wants to access a service.
2) Client-server: The front-end login page.
3) Authorization server: Verifies user credentials and generates a token.
4) Resource server: Grants access when a valid token is provided.

How It Works (4 Steps):

1) Request: User submits login info (e.g., username, password, OTP, biometrics) via
the client interface.
2) Verification: Credentials go to the authorization server. If valid, a JWT (JSON
Web Token) is generated containing:
a. Header: Token type & signing algorithm.
b. Payload: User data.
c. Signature: Ensures the token's authenticity.
3) Token Validation: The token is submitted to the resource server. If valid, access is
granted. If expired (typically in 30–60 seconds), a refresh token may be used.
Limits are set on attempts to block brute-force attacks.
4) Storage: The token is temporarily stored on the server for the session. Session
times vary — banking apps often have short ones (a few minutes).

Why It Matters:
Enhances security without sacrificing user experience.
Stateless and encrypted — hard for hackers to misuse.
Works on both websites and mobile apps.
Certificate-Based Authentication

Certificate-Based Authentication (CBA) uses digital certificates to verify the identity of

users, devices, or machines before granting access to networks, apps, or other resources.

How Certificate-Based Authentication Works (Simplified)

1) Client connects to server.

2) Server sends its public certificate to prove its identity.
3) Client validates the server’s certificate using trusted Certificate Authorities (CAs).
4) Server requests the client’s certificate.
5) Client signs a random value (nonce) using its private key and sends it back along with
its own certificate.
6) Server verifies:
a. The client’s certificate is valid, not expired/revoked.
b. The signed nonce using the client’s public key (proves identity).
7) If valid, server maps the certificate to a known user/device and grants access.

Format of Digital Certificate:

CBA uses a digital identity certificate, typically following the X.509 standard, which
includes:
1) Public key
2) Subject name
3) Certificate Authority (CA)
4) Validity dates
5) Serial number, etc.

Advantages of Certificate-Based Authentication:

a) No Passwords Needed: Users don’t need to remember or manage passwords.
b) Phishing-Resistant: Eliminates password-related attacks like phishing or brute
force.
c) User-Friendly: Once set up, it works seamlessly without user action.
d) Lower IT Costs: Fewer password resets and support requests.
e) Easy for External Users: Contractors or partners can access systems without extra
tools or training.
f) Stronger Access Control: Restricts access based on users/devices and central
policies.
g) Instant Changes: Revoking or issuing certificates takes effect immediately.
h) Zero Trust Ready: Requires identity verification for every access attempt.
i) Secure MFA: Can be combined with hardware (e.g., TPM) for stronger multi-
factor authentication.
j) No Extra Hardware Needed: Certificates can live on devices—no need for tokens
or biometric scanners.
k) Mutual Authentication: Both client and server can verify each other’s identity.
Note: Certificates need to be renewed periodically.
Disadvantages of Certificate-Based Authentication:
1) Initial Setup Complexity: Requires time, technical skill, and infrastructure (PKI,
CA setup).
2) Management Overhead: Certificates need to be issued, renewed, revoked, and
tracked.
3) Private Key Protection: If a private key is stolen, the certificate can be misused.
4) Device Binding: Certificates are often tied to specific devices—harder to switch or
share access.
5) Lack of Awareness: Users and admins may not be familiar with managing
certificates.
6) Revocation Challenges: If not managed properly, revoked certificates might still
be accepted.
7) Not Ideal for Public Use: Privately issued certificates aren’t trusted on public-
facing apps or websites.
8) Cost: Public certificates (from trusted CAs) can be expensive for large-scale
deployments.
9) Limited Flexibility: Changing user roles or permissions often requires reissuing
certificates.
Example: SSL certificates used in HTTPS websites.

Biometric Authentication
Biometric authentication verifies a user's identity based on biological characteristics.

Types of Biometric Authentication:

Type Description Example

Fingerprint Scans fingerprints for unique Mobile unlocking, banking
Recognition patterns. apps
Analyzes facial features to verify Apple Face ID,
Facial Recognition
identity. surveillance systems
High-security access systems
Iris Recognition Scans the eye’s iris pattern.

Identifies users based on voice Virtual assistants (Alexa, Siri)

Voice Recognition patterns.

Advantages:
1. Difficult to fake or duplicate.
2. Faster authentication compared to passwords.
3. Eliminates the need to remember passwords.

Disadvantages:
1. Privacy concerns over biometric data storage.
2. Biometric scanners may fail due to injuries or environmental factors.
 3. High implementation cost.

Example:
Face id in iPhones.
Fingerprint login on smartphones (e.g., Touch ID in iPhones).

Basics of Email Security:

Email security refers to techniques used to protect email accounts and messages from
cyber threats such as spam, phishing, malware, and eavesdropping.

Common Email Security Threats:

Threat Description Example

Fraudulent emails impersonating

Fake bank emails asking
Phishing legitimate sources to steal
for login details.
credentials.
Unsolicited bulk emails, often Emails promoting fake
Spam
containing malicious links. lottery winnings.
Malware Emails containing infected files A Word document with
Attachments that execute harmful software. a hidden virus.
Hackers monitoring
Man-in-the-Middle Interception of emails to steal or unsecured Wi-Fi
(MITM) Attacks alter information. connections.

Basic Security Measures:

1. Use strong passwords for email accounts.
2. Enable Multi-Factor Authentication (MFA).
3. Avoid clicking on suspicious links or attachments.
4. Use encryption methods (PGP, S/MIME) to protect emails.

Pretty Good Privacy (PGP)

PGP is a widely used email encryption and authentication method developed

by Phil Zimmermann in 1991. It uses asymmetric cryptography to secure email
communication.

How PGP Works:

1) Key Generation:
a. Each user generates a public key (shared with others) and a private key (kept
secret).
 2) Encryption Process:
a. The sender encrypts the email with the recipient's public key.
b. The email is converted into ciphertext, making it unreadable to attackers.
3) Decryption Process:
a. The recipient decrypts the email using their private key, restoring the
original message.
4) Digital Signatures:
a. The sender can digitally sign the email using their private key.
b. The recipient verifies the signature using the sender's public key.

Advantages of PGP:
Provides end-to-end encryption for secure email communication.
Uses public-key cryptography, ensuring only the intended recipient can read the
message.
Allows digital signatures to verify sender authenticity.

Disadvantages of PGP:
❌Complex setup and key management.
❌Requires both sender and receiver to use PGP software.

Example Use Case: Used by journalists and whistleblowers for secure communication.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME is an email encryption and digital signing standard that provides

security for email messages. It is supported by most modern email clients such as
Microsoft Outlook, Apple Mail, and Gmail (enterprise version).

How S/MIME Works:

1) Public Key Infrastructure (PKI):
a. Uses digital certificates issued by a Certificate Authority (CA) to verify
identities.
2) Encryption Process:
a. Emails are encrypted using the recipient’s public key.
3) Decryption Process:
a. The recipient decrypts the email using their private key.
4) Digital Signatures:
a. Ensures message integrity and sender authenticity.
Comparison of PGP & S/MIME:

Feature PGP S/MIME

Users generate their own keys Uses digital certificates issued
Key Management
by CA
Web of trust (users verify each Hierarchical trust (requires CA)
Encryption Type
other)
Business and corporate email
Usage Individual encryption needs
security
Email Client Built into Outlook, Apple Mail,
Support Requires additional setup etc.

Advantages of S/MIME:
✅ Integrated into most email clients (Outlook, Apple Mail).
✅ Uses digital certificates for verification, making it highly secure.

Disadvantages of S/MIME:
❌Requires Certificate Authorities (CAs) for authentication.
❌Expensive compared to PGP, as it requires paid certificates.

Example Use Case: Corporate email security for secure communication between
employees.

Introduction to Firewall
A firewall is a N/W security system that filters incoming and outgoing network traffic
based on a set of rules to prevent unauthorized access. It protects networks from cyber
threats like malware, hacking attempts, and unauthorized access.

Functions of a Firewall:
1. Monitors and filters network traffic.
2. Blocks unauthorized access to private networks.
3. Prevents malware and cyberattacks.
4. Enforces security policies for network users.

Example: A company's firewall blocks unauthorized IP addresses from accessing its

internal servers.
Types of Firewalls
Firewalls can be classified based on their implementation and filtering methods.
Based on Implementation-

Firewall
Description Example Use Case
Type

Hardware A physical device that filters Used in corporate environments to

Firewall traffic between networks. protect enterprise networks.

Software A security program installed Windows Firewall, used in

Firewall on a computer or server. personal computers.

Cloud A firewall hosted in the cloud for Used by cloud service providers
Firewall securing remote networks. (AWS, Azure).

Which Firewall is Best?

a) For home users → Software firewall (Windows Firewall, Mac Firewall).
b) For small businesses → Stateful inspection firewall.
c) For enterprises → Next-Generation Firewall (NGFW).

Types of Firewalls

1. Packet Filtering Firewall

● Function: Filters traffic at the network layer based on a set of predefined rules
(filtering table).
● Criteria: Source IP, Destination IP, Protocol (TCP/UDP), Source Port, Destination
Port.
● Working:
○ Packets are inspected independently without maintaining state.
○ Only headers are checked, not the data payload.

Advantages:
Simple and efficient.
Low cost and low resource usage.

Disadvantages:
❌Stateless: Cannot track active connections.
❌Less secure; vulnerable to IP spoofing and certain attacks.

2. Application-Level Firewall (Proxy Firewall)

● Also Known As: Proxy Server
● Function: Filters traffic at the application layer (e.g., HTTP, FTP, SMTP).
 ● Working:
○ Internal host sends a request to the proxy server.
○ The proxy authenticates the internal host.
○ If valid, the proxy forwards the request to the external host.
○ Response from the external host is again routed through the proxy.
○ Proxy authenticates the external response and sends it back to the internal
host.

Advantages:
High level of security.
Can log and analyze traffic at the application layer.
Hides internal network from the outside world.

Disadvantages:
❌Processing Overhead: Due to deep inspection and application-level filtering.
❌Slower compared to lower-layer firewalls.

3. Circuit-Level Gateway
● Function: Operates at the session layer (Layer 5 of OSI).
● Working:
○ Establishes two TCP connections:
■ One between internal host and the gateway.
■ Another between gateway and external host.
○ Performs security checks before connection is established.
○ Once the connection is approved, data flows freely without inspection.

Advantages:
Faster than packet filtering and proxy firewalls.
Hides internal network structure.
Suitable for session-based protocols.

Disadvantages:
❌Does not inspect data packets after connection is established.
❌Limited visibility into data content —
can allow malicious payloads if connection is trusted.
Next-Generation Firewall (NGFW)

What is it?
A Next-Generation Firewall (NGFW) enhances traditional firewalls by adding deep
packet inspection, application control, intrusion prevention, and user-based policies.
It provides smarter, multi-layered security.

Key Features:
1. Deep Packet Inspection (DPI): Inspects entire packet to detect malware or
suspicious content.
2. Application Control: Identifies and manages apps like Facebook, YouTube,
regardless of port/protocol.
3. Intrusion Prevention System (IPS): Detects and blocks known/unknown threats
like SQL injection, XSS.
4. User Identity Integration: Enforces rules based on users/groups (via Active
Directory, etc.).
5. SSL/HTTPS Inspection: Decrypts encrypted traffic to find hidden threats.
6. Threat Intelligence & Sandboxing: Blocks zero-day threats using cloud-based
analysis and behavior detection.

Advantages:
✅ Strong protection against modern threats.
✅ Greater visibility into traffic and user behavior.
✅ Controls application usage and enforces policies.

Disadvantages:
❌Higher cost and complexity.
❌Requires more system resources and skilled management.

Common Firewall Issues

1. Misconfiguration
Wrong rules may block legit traffic or allow threats.
2. Outdated Software
Unpatched firewalls are vulnerable to attacks.
3. Hardware Failures
Faulty devices can cause downtime or network issues.
4. Connectivity Problems
Bad configs can interrupt network communication.
5. Performance Lag
Slow firewalls can reduce internet speed.
6. Lack of Clear Policies
Inconsistent or missing rules create security gaps.
7. Traffic Blocks
Legit inbound/outbound traffic may be wrongly blocked.
Firewall Configuration:
1. Secure the Firewall
1. Change default passwords to strong, unique ones.
2. Update firmware to fix security vulnerabilities.
3. Disable SMTP and other outdated protocols.
4. Restrict TCP traffic and close unused ports.

2. Manage User Accounts

1. Avoid shared admin accounts.
2. Use Role-Based Access Control (RBAC).
3. Enforce strong password policies and regular changes.

3. Use Firewall Zones

1. Create zones for different resources (e.g., internal, external, DMZ).
2. Place sensitive systems (web, email, VPN servers) in a DMZ.
3. Use clear IP address structures for each zone.

4. Configure Access Control Lists (ACLs)

1. Define rules for traffic based on:
a. Source/destination IP
b. Port numbers
c. Protocols
2. Always end with a "deny all" rule.
3. Block public access to admin interfaces.

5. Ensure Compliance
1. Follow rules like PCI-DSS, HIPAA, etc.
2. Enable logging and auditing of all access.
3. Review logs regularly and store audit data safely.

6. Test and Audit

1. Pen-test and scan for vulnerabilities before going live.
2. Audit firewall rules and logs regularly.
3. Keep firmware updated and monitor for new threats.

Example: A firewall is configured to allow only HTTPS (port 443) traffic and block
insecure HTTP (port 80) traffic.
DMZ (Demilitarized Zone) Network

What is a DMZ (Demilitarized Zone) Network?

A DMZ is a separate, isolated subnetwork that acts as a buffer between an

organization's internal network and the public internet.

It hosts public-facing services (like web, email, and DNS servers), allowing external
access without exposing the internal network to threats.

Why Use a DMZ?

1. Protects internal network from external threats.

2. Hosts public services like web, email, and DNS servers.
3. Prevents direct access to internal systems.
4. If DMZ is attacked, core data remains safe.

How a DMZ Network Works:

1. Traffic Filtering: Firewalls route and filter incoming traffic to DMZ servers based
on rules.
2. Isolated Access: External users can access DMZ services (e.g., web servers), but
cannot reach the internal network.
3. Security Layering: If a DMZ server is hacked, the internal firewall blocks further
access, protecting sensitive data.
4. Inbound & Outbound Access: DMZ allows inbound traffic to public services but
restricts or blocks outbound access to internal systems.

Key Components include:

1. Perimeter Router: Routes external traffic to firewall.

2. External Firewall: Filters incoming traffic to DMZ.
3. DMZ Servers: Host services for external users.
4. Internal Firewall: Protects internal network from DMZ.

Example: A web server in the DMZ allows customers to access a company's website
while keeping the internal database secure.

Best Practices for DMZ Security:

• Use separate firewalls for DMZ and internal networks.
• Only allow necessary traffic to and from the DMZ.
• Regularly update and patch DMZ servers.