NETWORK SECURITY

UNIT 1
Introduction to Network Security
Network Security is a branch of cybersecurity focused on protecting computer
networks and the data that travels through them from unauthorized access, misuse,
alteration, or destruction. It involves a combination of hardware, software, policies,
and procedures to secure data and systems.

Network security is essential for all organizations and individuals using digital
platforms. As the world becomes increasingly connected, threats like malware,
phishing, ransomware, and hacking become more sophisticated and widespread,
making strong network protection more critical than ever.

The Need for Network Security

Network security is vital for several reasons:

1. Protection of Sensitive Data: Organizations and individuals deal with highly

sensitive data such as financial records, medical information, personal
identification details, and intellectual property. Unauthorized access could lead
to severe consequences, including identity theft or corporate espionage.

2. Prevention of Unauthorized Access: Without proper security, attackers can

infiltrate systems, access data, and potentially cause irreparable damage to a
company’s operations or reputation.

3. Business Continuity: Network security ensures that services remain available

and operational without disruption caused by attacks such as Distributed Denial
of Service (DDoS).

4. Compliance and Legal Obligations: Many industries must adhere to regulatory

standards (like GDPR, HIPAA, PCI-DSS) that mandate network security.

5. Reputation Management: A single security breach can damage an

organization’s public image and customer trust, impacting revenue and long-
term success.

Security Approaches
There are several methodologies and strategies for achieving network security. They can
be broadly categorized as follows:

1. Preventive Security
These are mechanisms put in place to stop attacks before they occur.

• Firewalls: Block unauthorized access based on rules.

• Antivirus software: Scans and removes malicious software.

• Access Control: Ensures only authorized individuals can access certain systems.

2. Detective Security

These systems detect and report potential or actual security incidents.

• Intrusion Detection Systems (IDS)

• Security Information and Event Management (SIEM)

• Log analysis

3. Corrective Security

These respond to and recover from security breaches.

• Backups and recovery plans

• Incident response teams

• Software patches and updates

PRINCIPLES OF SECURITY SERVICES

The classification of security services are as follows:

- Confidentiality: Ensures that the information in a computer system and transmitted

information are accessible only for reading by authorized parties. E.g. Printing,
displaying and other forms of disclosure.

-Authentication: Ensures that the origin of a message or electronic document is

correctly identified, with an assurance that the identity is not false.

- Integrity: Ensures that only authorized parties are able to modify computer system
assets and transmitted information. Modification includes writing, changing status,
deleting, creating and delaying or replaying of transmitted messages.

- Non repudiation: Requires that neither the sender nor the receiver of a message be
able to deny the transmission.

-Access control: Requires that access to information resources may be controlled by or

the target system.

- Availability: Requires that computer system assets be available to authorized parties

when needed.
SECURITY MECHANISMS
Security mechanisms are the tools and techniques used to protect data and resources
in a network from unauthorized access, misuse, or attacks. They enforce security
services such as confidentiality, integrity, and availability.

Key Security Mechanisms:

1. Encryption:
Converts plaintext into ciphertext to ensure confidentiality of data during
transmission (e.g., SSL/TLS, AES).

2. Authentication:
Verifies the identity of users or systems before granting access (e.g., passwords,
biometrics, digital certificates).

3. Access Control:
Determines who is allowed to access or use network resources (e.g., role-based
access control - RBAC).

4. Integrity Checking:
Ensures data is not altered during transmission using techniques like hashing
(e.g., SHA-256, HMAC).

5. Firewalls:
Hardware or software tools that filter incoming and outgoing traffic based on
security rules, protecting against unauthorized access.

6. Intrusion Detection and Prevention Systems (IDPS):

Monitor network traffic to detect and respond to suspicious activity or attacks.

7. Security Auditing and Logging:

Records network activities for monitoring and forensic analysis to detect
breaches and policy violations.

SECURITY ATTACKS
Security attacks are deliberate attempts to compromise the confidentiality, integrity, or
availability of network data or services. They can be classified into two main types:
Passive and Active attacks.

1. Passive Attacks:

These attacks involve monitoring or eavesdropping on transmissions without altering

them.

• Eavesdropping (Sniffing):
Attacker secretly listens to data being transmitted over a network.
 • Traffic Analysis:
Attacker observes patterns in the traffic (like size, frequency) to gather sensitive
information.

Goal: To gather information without detection.

2. Active Attacks:

These attacks involve modifying, disrupting, or forging network communications.

• Masquerade Attack:
An attacker pretends to be an authorized user to gain access.

• Replay Attack:
A valid data transmission is captured and resent to trick the recipient.

• Modification Attack:
Data is altered during transmission to change its meaning.

• Denial of Service (DoS):

Attacker floods a network or server with traffic to make it unavailable to
legitimate users.

A MODEL FOR NETWORK SECURITY

A conceptual model helps understand how data security is applied during transmission:

Components:

1. Sender and Receiver: The communicating parties.

2. Message: Data being sent.

3. Transmission Medium: Internet or intranet used to send the message.

4. Security Services: The application of confidentiality, integrity, etc.

5. Security Mechanisms: Tools used (encryption, digital signatures, etc.)

6. Opponent/Attacker: Entity attempting to compromise the communication.

This model shows that network security is not just about securing endpoints, but also
about protecting the entire path and process.

Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place. A logical information channel is established
by defining a route through the internet from source to destination by use of
communication protocols by the two parties. Whenever an opponent presents a threat
to confidentiality, authenticity of information, security aspects come into play. Two
components are present in almost all the security providing techniques.

A security-related transformation on the information to be sent making it unreadable by

the opponent, and the addition of a code based on the contents of the message, used
to verify the identity of sender.

Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception
A trusted third party may be needed to achieve secure transmission. It is responsible for
distributing the secret information to the two parties, while keeping it away from any
opponent. It also may be needed to settle disputes between the two parties regarding
authenticity of a message transmission. The general model shows that there are four
basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation. The

algorithm should be such that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service
various other threats to information system like unwanted access still exist.

Classical Encryption Techniques

There are two basic building blocks of all encryption techniques: substitution and
transposition.

Substitution Techniques
In cryptography, substitution techniques are methods used to replace elements of
the plaintext (original readable message) with other elements to create the ciphertext
(encrypted message).

The key idea behind substitution is:

"Replace each character or bit of the original message with something else to
disguise it."

This disguises the original message and protects it from being easily understood if
intercepted.

How Does Substitution Work?

Substitution works by taking each unit of the plaintext (this could be a letter, number,
or binary bit) and replacing it with a different unit according to a specific rule or key.

For example:

• Replace the letter A with M

• Replace B with N

• And so on...

So the word “HELLO” could become “URYYB” under a certain substitution rule (like
the ROT13 cipher).
 Purpose of Substitution

• Hide the meaning of the message

• Protect information from unauthorized access

• Provide a basic form of data confidentiality

• Used in the foundation of many encryption algorithms

Substitution can be used alone or combined with other techniques (like

transposition) to create more secure ciphers.

Types of Substitution Techniques

Here are the main types of substitution methods, explained in more detail:

Caesar Cipher

It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by

another letter to form the cipher text. It is a simplest form of substitution cipher
scheme.

This cryptosystem is generally referred to as the Shift Cipher. The concept is to replace
each alphabet by another alphabet which is ‘shifted’ by some fixed number between 0
and 25.

For this type of scheme, both sender and receiver agree on a ‘secret shift number’ for
shifting the alphabet. This number which is between 0 and 25 becomes the key of
encryption.

The name ‘Caesar Cipher’ is occasionally used to describe the Shift Cipher when the
‘shift of three’ is used.

Monoalphabetic and Polyalphabetic Cipher

Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher
alphabet for each plain alphabet is fixed throughout the encryption process. For
example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will
always get encrypted to ‘D’.

Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain
alphabet may be different at different places during the encryption process. The next
two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.

Playfair Cipher

In this scheme, pairs of letters are encrypted, instead of single letters as in the case of
simple substitution cipher.
In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets
that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be
unique and one letter of the alphabet (usually J) is omitted from the table as we need
only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I.

The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the
first characters (going left to right) in the table is the phrase, excluding the duplicate
letters. The rest of the table will be filled with the remaining letters of the alphabet, in
natural order.

One-Time Pad

The circumstances are –

 The length of the keyword is same as the length of the plaintext.

 The keyword is a randomly generated string of alphabets.

 The keyword is used only once.

Transposition Techniques
In the realm of cryptography and network security, transposition techniques are used to
protect information by rearranging the characters or bits of the plaintext. Unlike
substitution techniques—which replace characters with others—transposition
maintains the original characters but alters their positions based on a specific algorithm
or key.

These techniques are designed to achieve diffusion, a principle in cryptography which

ensures that redundancies in plaintext are scattered, making patterns less detectable
by attackers.

How Transposition Works

The fundamental idea behind transposition is:

• The message (plaintext) is taken.

• Its letters are rearranged in a specific manner.

• The result is ciphertext that appears jumbled but retains all original characters.

Types of Transposition Techniques

A. Rail Fence Cipher (Zigzag Cipher)

This is the simplest form of transposition cipher.

Method:
 • Write the text in a zigzag pattern across multiple "rails" (lines).

• Then read row by row to produce the ciphertext.

Steganography
Steganography is the art and science of hiding information in a way that prevents
detection. Unlike cryptography, which hides the content of a message, steganography
hides the existence of the message itself.

In network security, steganography is used to embed secret data within digital media
(e.g., images, audio, video, or even network protocols), allowing covert communication.

A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various transformations
of the text. A simple form of steganography, but one that is time consuming to construct
is one in which an arrangement of words or letters within an apparently innocuous text
spells out the real message. e.g.,

(i) the sequence of first letters of each word of the overall message spells out the
real (hidden) message.
(ii) (Subset of the words of the overall message is used to convey the hidden
message.

Various other techniques have been used historically, some of them are:

 Character marking – selected letters of printed or typewritten text are overwritten in

pencil. The marks are ordinarily not visible unless the paper is held to an angle to bright
light.

 Invisible ink – a number of substances can be used for writing but leave no visible
trace until heat or some chemical is applied to the paper.

 Pin punctures – small pin punctures on selected letters are ordinarily not visible
unless the paper is held in front of the light.

 Typewritten correction ribbon – used between the lines typed with a black ribbon, the
results of typing with the correction tape are visible only under a strong light.

Common Steganography Techniques

1. Image Steganography

• Most popular form

• Hides information in the pixels of an image

• Often uses LSB (Least Significant Bit) substitution

Example:

• Each pixel in a 24-bit image has RGB values (e.g., 11100110)

• The least significant bit of each color channel is changed to match the secret
data

• Human eyes can't perceive the small change

2. Audio Steganography

• Hides data in audio files (.wav, .mp3)

• Uses techniques like:

o LSB encoding

o Echo hiding

o Phase coding

3. Video Steganography

• Hides data in video frames or motion vectors

 • High capacity and harder to detect due to dynamic nature

4. Text Steganography

• Alters text format to hide data

o Extra spaces

o Capitalization

o Font manipulation

• Less common due to low capacity

5. Protocol Steganography (Network Steganography)

• Hides data in network protocols, e.g.:

o TCP/IP header fields (unused bits)

o Timing patterns of packets (covert channels)

o DNS queries

Example: Embedding data in the TTL or sequence number fields in IP packets.

What Are Keys in Network Security?

In cryptography, a key is a sequence of bits (binary digits) that is used by cryptographic
algorithms to encrypt (lock) or decrypt (unlock) information. The idea is similar to a
physical key: only someone with the right key can open the lock and access what’s
inside—in this case, sensitive or private data.

Cryptographic systems use keys to ensure:

• Confidentiality – Only the right people can read the data.

• Integrity – The data hasn’t been tampered with.

• Authentication – The sender is who they claim to be.

What is Key Size?

Key size refers to the length of the cryptographic key, measured in bits. It determines the
amount of information (in binary form) that makes up the key.

Examples of Key Sizes:

• A 56-bit key means the key is 56 bits long (used in DES encryption, which is now
considered insecure).

• A 128-bit key means there are 128 binary digits (0s and 1s) in the key.
 • A 256-bit key is even longer and more secure.

Why is Key Size Important?

The key size directly affects how secure an encryption algorithm is. The longer the key,
the harder it is for an attacker to guess or crack it using brute-force methods (which
means trying every possible combination until the correct one is found).

What is Key Range?

The key range is the total number of unique keys that can be generated using a key of a
certain size. It defines the number of possible combinations or permutations of keys.

Formula:

Key Range = 2ⁿ (where n = key size in bits)

This is because each bit can have two possible values (0 or 1). So with n bits, there are 2
to the power of n possible combinations.

Examples of Key Ranges:

Key Size Possible Keys (Key Range) Description

8 bits 2⁸ = 256 Can generate 256 different keys

16 bits 2¹⁶ = 65,536 Better than 8 bits, but still weak

56 bits 2⁵⁶ ≈ 7.2 x 10¹⁶ Used in DES, now considered weak

128 bits 2¹²⁸ ≈ 3.4 x 10³⁸ Very secure (used in AES)

256 bits 2²⁵⁶ ≈ 1.1 x 10⁷⁷ Extremely secure

So, if a system uses a 128-bit key, an attacker would theoretically have to try 3.4 x 10³⁸
combinations to break it, which is practically impossible with current technology.

Cryptanalysis in Network Security

Cryptanalysis is the study and practice of analyzing and breaking cryptographic
systems. In network security, it involves techniques to uncover plaintext, keys, or other
sensitive data from encrypted messages without knowing the secret key.

Main Objectives:

• To evaluate the strength of encryption algorithms.

• To find weaknesses in cryptographic protocols.

• To recover data without the key.

Types of Cryptanalysis:

1. Brute Force Attack:

Trying every possible key until the correct one is found. Time-consuming but
always possible in theory.

2. Ciphertext-Only Attack:
The attacker only has access to encrypted data (ciphertext) and tries to deduce
the plaintext or key.

3. Known-Plaintext Attack:
The attacker has access to some plaintext and its matching ciphertext and uses
this to find the key.

4. Chosen-Plaintext Attack:
The attacker can encrypt plaintexts of their choice to observe the resulting
ciphertexts, helping them uncover the key.

5. Differential and Linear Cryptanalysis:

Mathematical techniques used especially against symmetric block ciphers to
detect patterns and weaken the cipher.

Importance in Network Security:

• Helps in identifying and fixing vulnerabilities in encryption algorithms.

• Supports the development of more secure communication systems.

• Ensures data confidentiality and integrity.

UNIT 2
Symmetric Cipher Model
Symmetric Encryption is the most basic and old method of encryption. It uses only one
key for the process of both the encryption and decryption of data. Thus, it is also known
as Single-Key Encryption.

A few basic terms in Cryptography are as follows:

Plain Text: original message to be communicated between sender and receiver

Cipher Text: encoded format of the original message that cannot be understood by
humans

Encryption (or Enciphering): the conversion of plain text to cipher text

Decryption (or Deciphering): the conversion of cipher text to plain text, i.e., reverse of
encryption
Symmetric Cipher: General Idea of Symmetric Key Cryptography
Symmetric key cryptography is a method of encryption in which the same secret key is
used for both encryption (converting plaintext into ciphertext) and decryption (reverting
ciphertext back into plaintext). It is also known as private key cryptography because
both the sender and the receiver must privately share the same key and keep it
confidential.

Key Concepts:

1. Shared Secret Key: Both communicating parties use a single, identical key. The
key must be exchanged securely before communication begins.

2. Encryption & Decryption: The sender encrypts the message using the key, and
the receiver decrypts it using the same key. Without the key, the ciphertext is
meaningless.

3. High Speed: Symmetric algorithms are computationally faster and more efficient
than asymmetric cryptography, especially when encrypting large volumes of
data.

4. Key Management Challenge: The biggest difficulty in symmetric encryption is

securely distributing and managing keys, especially across many users.

Examples of Symmetric Algorithms:

• DES (Data Encryption Standard): A now-outdated 56-bit block cipher.

• AES (Advanced Encryption Standard): A secure and widely used block cipher
with 128, 192, or 256-bit keys.

• RC4, Blowfish, ChaCha20: Other symmetric algorithms used in software and

network applications.
Types of Symmetric Ciphers:

• Block Ciphers: Encrypt data in fixed-size blocks (e.g., AES: 128-bit blocks).

• Stream Ciphers: Encrypt data one bit or byte at a time (e.g., RC4).

Application in Network Security:

• VPNs (Virtual Private Networks)

• Wi-Fi security (WPA2/WPA3)

• TLS/SSL (used in HTTPS for web encryption)

• File and disk encryption tools

Advantages:

• Fast and suitable for real-time data transfer.

• Efficient for large data volumes.

• Simple design and implementation.

Limitations:

• Key distribution is complex and must be secure.

• Not scalable for large numbers of users (as each pair needs a unique key).

Symmetric key cryptography plays a fundamental role in network security by

providing fast and secure data protection. However, secure key management and
exchange remain critical challenges, often mitigated by combining symmetric
encryption with asymmetric methods in modern systems.

Classical Symmetric Ciphers

Unit 1 (Classical encryption techniques- substitution and transposition)
Algorithm Types and Modes in Symmetric Key Cryptography
In symmetric key cryptography, algorithms define how plaintext is converted into
ciphertext using a shared key. These algorithms are categorized based on how they
process the data. Furthermore, modes of operation define how block ciphers handle
large messages or streams of data securely and efficiently.

I. Algorithm Types

There are two main types of symmetric algorithms:

Stream Ciphers

The encryption process begins with the stream cipher's algorithm generating a
pseudo-random keystream made up of the encryption key and the unique randomly
generated number known as the nonce. The result is a random stream of bits
corresponding to the length of the ordinary plaintext. Then, the ordinary plaintext is
also deciphered into single bits.

These bits are then joined one by one to the keystream bits, gradually converting the
ordinary plaintext into the ciphertext using the XOR bitwise operations. When the
recipient wants to decrypt the encrypted plaintext, they must generate a new
keystream made during the encryption. The encrypted plaintext is then deciphered
one by one to derive the encrypted plaintext at the recipient's end.

The most common stream cipher algorithms are

Rivest Cipher 4 (RC4)

• Strengths: The initial appeal of RC4 came from its efficient design and capability
to handle variable-length data streams.

• Current Status: Due to these identified weaknesses, RC4 is no longer considered

secure for most applications. Its use is strongly prohobited by cryptographic
standards bodies.

Salsa20

• Strengths: It's fast and efficient, with a simple and elegant design. Most
importantly, the security it offers against known attacks is robust. Apart from
that, Salsa20 serves as a building block for other cryptographic protocols,
exhibiting its versatility.

• Current Status: Salsa20 is a very widely used and well-respected stream cipher.
It's used for many applications where performance and security balance.

Grain-128
• Strengths of Grain-128 include efficiency, lightweight implementation, and the
ability to perform well with limited processing power and memory, making it ideal
for radio frequency identification (RFID) tags and sensor networks. Importantly,
Grain-128 still provides strong security with such simplicity.

• Current Status: Grain-128 is useful in some resource-limited situations where an

application needs to be run with huge restrictions in the amount of data that is
available for use.

Block Cipher

The result of a block cipher is a sequence of blocks that are then encrypted with the
key. The output is a sequence of blocks of encrypted data in a specific order. When
the ciphertext travels to its endpoint, the receiver uses the same cryptographic
key to decrypt the ciphertext blockchain to the plaintext message.

The most common block cipher algorithms are

Advanced Encryption Standard (AES)

• It has support for three-length keys: 128 bits, 192 bits, or 256 bits, the most
commonly used one is a 128-bit key.

• It includes secure communication, data encryption in storage devices, digital

rights management (DRM), and so on.

Data Encryption Standard (DES)

• In DES, the 64-bit blocks of plaintext are encrypted using a 56-bit key.

• This weakness caused by the small key size led to the development of a more
secure algorithm, called AES.

Triple Data Encryption Algorithm (Triple DES)

• The development of the Triple DES, also called Triple-DES or TDEA, was triggered
by the weak security resulting from the small key size in the DES.

• Triple DES denotes a method of three times applying the DES algorithm
sequentially (encrypt-decrypt-encrypt) on every plaintext block.
 Operation Modes in Symmetric Cryptography

Electronic Codebook (ECB)

• ECB is one of the simplest modes of operation for block ciphers.

• A major limitation of ECB is that the same plaintext block produces identical
ciphertext blocks that can be used for subsequent attacks, and patterns in the
plaintext are visible in the ciphertext.

Cipher Block Chaining (CBC)

• CBC mode links each plaintext block with the previous ciphertext block before
encryption.

• Each plaintext block is XORed with the previous ciphertext block before
encryption, adding randomness and preventing patterns in the plaintext from
being apparent in the ciphertext.

Cipher Feedback (CFB)

• CFB mode operates like a stream cipher, generating a keystream to XOR with the
plaintext block before encryption.

• One drawback of CFB mode is error propagation, if an error occurs in one

ciphertext block, it will affect subsequent blocks.

Output Feedback (OFB)

• It is a method for switching a block cipher to a stream cipher, creating

enciphering through interpolating the plaintext directly.

• It produces a separate keystream, which will be the XOR with the plaintext to
derive the ciphertext.

Counter (CTR) mode

• CTR mode transforms a block cipher into a stream cipher by using a counter
value as the input to the block cipher.

• CTR mode is highly parallelizable and efficient, making it suitable for scenarios
where performance is critical, such as disk and network encryption.

Types of attack

Attacks are typically categorised based on the action performed by the attacker. An
attack thus can be active or passive.
Active attack: An active attack involves changing the information in some way by
conducting some process on the information. For example,

-Alteration of authentication data such as originator name.

-Unauthorised deletion of data.

-Denial of access to information for legitimate users(denial of service).

Passive attack:

-The primary goal of passive attack is to obtain unauthorised access to the information.
For example, actions such as intercepting and eavesdropping on the communication
channel can be regarded as a passive attack.

-These actions are passive in nature, as they neither affect information nor disrupt the
communication channel. A passive attack is often seen as stealing physical goods and
stealing information is that theft of data still leaves the owner in possession of that data.

POSSIBLE TYPES OF ATTACKS

Based on the discussion so far, when the sender of a message encrypts a plain-text
message into its corresponding cipher text, there are five possibilities for an attack on
this message

Ciphertext-only Attack: Attacker has only the ciphertext.

Known-plaintext Attack: Attacker has access to plaintext and corresponding

ciphertext.

Chosen-plaintext Attack: Attacker can choose plaintexts and get corresponding

ciphertexts.

Chosen-ciphertext Attack: Attacker can decrypt chosen ciphertexts to learn about the
encryption.

Chosen text attack: Essentially a combination of both chosen plain text attack and
chosen cipher text attack.
Attacks on Symmetric Key Cryptography

There are two general approaches to attacking a Symmetric Key Cryptography scheme:

Cryptanalysis

Cryptanalytic attacks depend on the ciphertext characteristics of the algorithm plus

possibly some knowledge of general characteristics of plaintext or perhaps even some
sample plaintext–ciphertext pairs. This type of attack attempts to deduce some specific
plaintext or to deduce the key being used through an examination of algorithmic
characteristics.

Brute-Force Attack

The attacker attempts all the possible keys on the piece of encrypted data until they get
a readable translation into plain text. It takes on average 50% of all the possible keys to
get this far. If either of these attacks gets the key right, then all of the future and previous
messages encrypted with this key are lost. This is why a large key size offers protection
from brute force attacks by making them infeasible to compute.

Difference Between Symmetric and Asymmetric

Encryption is one of the most basic concepts in the world of cybersecurity as it ensures
that some information does not fall into the wrong hands. There are two primary types of
encryption techniques namely, symmetric key encryption and asymmetric key
encryption. Anyone involved in data security must know the differences between these
two methods.

What is Symmetric cipher model?

In Symmetric-key encryption the message is encrypted by using a key and the same key
is used to decrypt the message which makes it easy to use but less secure. It also
requires a safe method to transfer the key from one party to another.

• It uses one key for both encryption and decryption.

• Faster and more efficient for large amounts of data.

• Requires a secure method to share the key between sender and receiver.

• Common algorithms include AES, DES, Blowfish.

• It is used in file encryption, VPNs, and secure data storage.

What is Asymmetric cipher model?

Asymmetric key encryption is one of the most common cryptographic methods that
involve using a single key and its pendent, where one key is used to encrypt data and the
second one is used to decrypt an encrypted text. The second key is kept highly secret,
while the first one which is called a public key can be freely distributed among the
service’s users.

• It uses two keys a public key for encryption and a private key for decryption.

• More secure but slower than symmetric encryption.

• No need to share the private key, reducing the risk of exposure.

• Common algorithms include RSA, ECC, Diffie-Hellman.

• It is used in digital signatures, SSL/TLS, and secure email communication.

DES (Data Encryption Standard)

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST). DES is an implementation of a
Feistel Cipher. It uses a 16 round Feistel structure. The block size is 64-bit. Though the
key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of
the key are not used by the encryption algorithm (function as check bits only).
Since DES is based on the Feistel Cipher, all that is required to specify DES is -

-Round function

-Key schedule

-Any additional processing - Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES. The initial and
final permutations are shown as follows-

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to
the rightmost 32 bits to produce a 32-bit output.

-Expansion Permutation Box- Since right input is 32-bit and the round key is a 48-bit, we
first need to expand right input to 48 bits. The graphically depicted permutation logic is
generally described as a table in DES specification.

-XOR (Whitener). - After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
-Substitution Boxes. - The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6 bit- input and a 4 bit output.

-There are a total of eight S-box tables. The output of all eight s-boxes is then combined
into32-bit section.

-Straight Permutation, The 32-bit output of S-boxes, is then subjected to the straight
permutation.

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.

Advanced Encryption Standard(AES)

Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to
secure data by converting it into an unreadable format without the proper key. It is
developed by the National Institute of Standards and Technology (NIST) in 2001. It is is
widely used today as it is much stronger than DES and triple DES despite being harder
to implement. AES encryption uses various key lengths (128, 192, or 256 bits) to provide
strong protection against unauthorized access. This data security measure is efficient
and widely implemented in securing internet communication, protecting sensitive data,
and encrypting files. AES, a cornerstone of modern cryptography, is recognized globally
for its ability to keep information safe from cyber threats.

• AES is a Block Cipher.

• The key size can be 128/192/256 bits.

• Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES
relies on the substitution-permutation network principle, which is performed using a
series of linked operations that involve replacing and shuffling the input data.
Working of The Cipher

AES performs operations on bytes of data rather than in bits. Since the block size is 128
bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

N (Number of Key Size (in

Rounds) bits)

10 128

12 192

14 256

Key Generation and Expansion in AES Algorithm

In the AES algorithm, the initial cipher key is not used directly in every round. Instead, it
is expanded into multiple round keys using a key expansion or key schedule algorithm.

This process ensures confusion and diffusion in the encryption process and protects
against attacks like brute force and linear cryptanalysis.

For use in AES encryption, a single initial key can be expanded into a series of round
keys using the AES (Advanced Encryption Standard) key expansion technique. These
round keys are needed for each round of AES encryption and decryption.

The AES key expansion method receives a four-word (16-byte) key and returns a linear
array of 44 words (176 bytes). This is sufficient to provide both the initial Add Round Key
step and a four-word round key for each of the cipher's ten rounds.

Applications of AES

• Secure Wi-Fi (WPA2/WPA3)

• VPNs and IPsec

• SSL/TLS (HTTPS)

• Secure file storage (BitLocker, VeraCrypt)

• Messaging apps (WhatsApp, Signal)

UNIT 3
RSA Algorithm in Cryptography
RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key
cryptography algorithm which means it works on two different keys: Public
Key and Private Key. The Public Key is used for encryption and is known to everyone,
while the Private Key is used for decryption and must be kept secret by the receiver. RSA
Algorithm is named after Ron Rivest, Adi Shamir and Leonard Adleman, who published
the algorithm in 1977.

Example of Asymmetric Cryptography:

If Person A wants to send a message securely to Person B:

• Person A encrypts the message using Person B's Public Key.

• Person B decrypts the message using their Private Key.

Used in: Secure emails, digital signatures, web security (SSL/TLS), cryptocurrency
wallets, and more.

RSA Algorithm

RSA Algorithm is based on factorization of large number and modular arithmetic for
encrypting and decrypting data. It consists of three main stages:

1. Key Generation: Creating Public and Private Keys

2. Encryption: Sender encrypts the data using Public Key to get cipher text.

3. Decryption: Decrypting the cipher text using Private Key to get the original data.

RSA Key Generation Steps

To use RSA, both public and private keys must be generated securely:

Step-by-step RSA Key Generation:

1. Choose two large prime numbers:

p and q (e.g., 512-bit primes)

2. Compute modulus n:
n=p×q
This n is used in both keys and determines the key size (e.g., 1024, 2048 bits).

3. Compute Euler's totient function φ(n):

φ(n) = (p − 1) × (q − 1)
 4. Choose public exponent e:
A small number such that 1 < e < φ(n) and gcd(e, φ(n)) = 1
Common choice: e = 65537 (for efficiency)

5. Compute private exponent d:

d = e⁻¹ mod φ(n)
(i.e., the modular inverse of e)

Final Keys:

• Public Key: (e, n) – used to encrypt messages.

• Private Key: (d, n) – used to decrypt messages.

How Do RSA Keys Work?

RSA uses the public key to encrypt and the private key to decrypt:

🔹 Encryption:

Given a plaintext message M, the ciphertext C is:

C = M^e mod n

🔹 Decryption:

To retrieve the original message:

M = C^d mod n

The values of M, e, d, and n must be in integer form. Large messages are often divided
and padded.

What is the RSA Private Key?

Definition:

The RSA private key is a number d (along with n) that allows the receiver to decrypt
messages that were encrypted using their public key.

Key Functions:

• Decryption: Recovers the original plaintext.

• Digital Signature: Encrypts a hash of the message to prove authenticity (signed
with private key).
 Confidentiality:

• Must be kept secret and never shared.

• If leaked, an attacker can decrypt all encrypted communications and forge
signatures.

Format:

Often stored in PEM format (Base64-encoded),

Asymmetric & Symmetric key cryptography together

In cryptography, there are two main types of encryption:

• Symmetric Key Cryptography: Uses the same secret key for encryption and
decryption.
• Asymmetric Key Cryptography: Uses a public-private key pair where the public
key encrypts and the private key decrypts.

Both have strengths and weaknesses, so modern secure systems combine them to
leverage the advantages of each.

Why Combine Both?

Aspect Symmetric Key Asymmetric Key

Speed Fast Slow
Key Management Difficult (secure key sharing) Easier (public keys are public)
Computational Load Low High
Use case Bulk data encryption Secure key exchange, signatures

Because asymmetric encryption is computationally expensive and slower, it’s

impractical for encrypting large amounts of data directly. Symmetric encryption is much
faster but requires a secure way to share the key.

Hybrid Cryptography Model

Hybrid cryptography combines the strengths of both:

1. Generate a random symmetric session key.

2. Encrypt the bulk data/message using symmetric encryption (e.g., AES) with the
session key — fast and efficient.
 3. Encrypt the symmetric session key using the receiver’s public key (asymmetric
encryption) (e.g., RSA).
4. Send both the encrypted session key and the encrypted data to the receiver.

How It Works – Step-by-Step

Sender Side Receiver Side
1. Use private key to decrypt the
1. Create symmetric key (session key)
encrypted session key
2. Use decrypted session key to decrypt
2. Encrypt data using symmetric key
the data
3. Encrypt symmetric key using
receiver’s public key
4. Send encrypted session key +
encrypted data

Advantages of Combining Both

• Performance: Large data encrypted quickly with symmetric keys.

• Security: Symmetric key securely exchanged using asymmetric encryption.
• Scalability: Public keys can be distributed openly; no need to share secret keys
over insecure channels.
• Flexibility: Can implement additional services like digital signatures to ensure
authentication and non-repudiation.

Digital Envelopes

A Digital Envelope is a secure method for transmitting encrypted information using

both symmetric and asymmetric encryption. The data itself is encrypted with a
symmetric key, which is faster for processing large amounts of data. The symmetric
key is then encrypted with the recipient’s public key using asymmetric encryption,
ensuring that only the intended recipient, who holds the corresponding private key,
can decrypt the symmetric key and access the original data.

It is widely used in email encryption, secure messaging, and network protocols

like SSL/TLS.

Diagram: Digital Envelope Workflow

Key Components of a Digital Envelope

• Symmetric Encryption: The data is encrypted using a symmetric encryption

algorithm like AES, which is efficient for encrypting large amounts of data.
• Asymmetric Encryption: The symmetric key is encrypted using the recipient’s
public key, ensuring that only they can decrypt it using their private key.
• Public and Private Keys: The recipient’s public key encrypts the symmetric key,
while their private key decrypts it to retrieve the original data.
• Encryption Algorithm: Algorithms such as RSA are used for the asymmetric
encryption of the symmetric key within the digital envelope.

Digital signatures & digital certificates & public key infrastructure

Digital signatures, digital certificates, and Public Key Infrastructure (PKI) are crucial
components of network security, ensuring the authenticity, integrity, and confidentiality
of data and communication. Digital signatures verify the origin and integrity of data,
while digital certificates authenticate the identity of entities and enable encryption. PKI
provides the framework for managing these digital certificates, ensuring secure
communication and transactions.

Digital Signatures:

• A digital signature is a cryptographic method used to authenticate a message or

document.
• It is generated using the sender's private key and ensures that the message has
not been tampered with.
• The receiver uses the sender's public key (provided in a digital certificate) to
verify the signature.
 • Digital signatures provide non-repudiation, meaning the sender cannot deny
sending the message.

Digital Certificates:

• A digital certificate is a document that binds a public key to an entity's identity.

• They are issued by trusted Certificate Authorities (CAs) and verify that the public
key belongs to the entity.
• Certificates enable secure communication by allowing entities to encrypt and
decrypt data using their respective public and private keys.
• They are used for various purposes, including securing websites, verifying
emails, and enabling secure online transactions.

Public Key Infrastructure (PKI):

• PKI is a framework that provides the infrastructure for creating, managing,

distributing, and revoking digital certificates.
• It relies on public-key cryptography, which uses a pair of keys: a public key for
encryption and a private key for decryption.
• PKI includes various components like Certificate Authorities (CAs), Registration
Authorities (RAs), and certificate databases.
• CAs are trusted entities that issue and manage digital certificates.
• RAs verify the identity of users or entities requesting certificates.
• Certificate databases store and manage digital certificates and related
information.

How they work together:

1. A user or entity generates a key pair (public and private key).

2. The entity submits their public key and other identity information to a CA for
verification.

3. The CA issues a digital certificate, binding the public key to the entity's identity.

4. The digital certificate is used to authenticate the entity's identity and enable
secure communication.

5. When an entity wants to send a signed message, they use their private key to
create a digital signature.

6. The recipient uses the sender's public key (from their digital certificate) to verify
the signature and the message's integrity.
UNIT 4
Information Security Protocols
Information Security Protocols are a set of standardized procedures and rules
designed to secure data communication, storage, and access in digital environments.
They ensure confidentiality, integrity, authentication, and non-repudiation during
transmission and storage of data.

These protocols are crucial in preventing unauthorized access, tampering, and

eavesdropping across networks like the internet, intranets, and secure applications.

Key Security Objectives of Protocols

Security Goal Description

Confidentiality Ensures that only authorized parties can read the data.

Integrity Ensures data is not altered during transmission.

Authentication Verifies the identity of users/senders.

Non-repudiation Prevents the sender from denying the transmission.

Access Control Restricts access to sensitive resources.

Secure Socket Layer (SSL)

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security
of a message transmission on the Internet. SSL has recently been succeeded by
Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located
between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control
Protocol (TCP) layers.

-SSL is included as part of both the Microsoft and Netscape browsers and most Web
server products. Developed by Netscape, SSL also gained the support of Microsoft and
other Internet client/server developers as well and became the de facto standard until
evolving into Transport Layer Security.

-The "sockets" part of the term refers to the sockets method of passing data back and
forth between a client and a server program in a network or between program layers in
the same computer.

-SSL uses the public-and-private key encryption system from RSA, which also includes
the use of a digital certificate.
-TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a
Web site is on a server that supports SSL, SSL can be enabled, and specific Web pages
can be identified as requiring SSL access.

-Any Web server can be enabled by using Netscape's SSL Ref program library which can
be downloaded for non-commercial use or licensed for commercial use. TLS and SSL
are not interoperable. However, a message sent with TLS can be handled by a client that
handles SSL but not TLS.

SHTTP(Secure Hyper Text Transfer Protocol)

HTTPS stands for Hyper Text Transfer Protocol Secure. It is the most common protocol
for sending data between a web browser and a website. HTTPS is the secure variant of
HTTP and is used to communicate between the user's browser and the website,
ensuring that data transfer is encrypted for added security.

Any website, especially those requiring login details, should use HTTPS. You can see a
padlock icon in the URL bar, which means the page is secure. Browsers, like Google
Chrome, treat HTTPS seriously and mark non-HTTPS websites as "Not Secure."

How Does HTTPS Work?

HTTPS establishes the communication between the browser and the web server. It uses
the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocol for
establishing communication. The new version of SSL is TLS(Transport Layer Security).

HTTPS uses the conventional HTTP protocol and adds a layer of SSL/TLS over it.
The workflow of HTTP and HTTPS remains the same, the browsers and servers still
communicate with each other using the HTTP protocol. However, this is done over a
secure SSL connection. The SSL connection is responsible for the encryption and
decryption of the data that is being exchanged to ensure data safety.

Time Stamping Protocol (TSP)

In the digital world, verifying the exact time at which a document, message, or
transaction was created is essential for authenticity, integrity, and legal validity. The
Time Stamping Protocol (TSP) is a standardized method used to prove that data
existed at a certain point in time, even if the data itself is not publicly disclosed.

• Defined in RFC 3161.

• Operates as part of Public Key Infrastructure (PKI).

Objective of TSP

• Provide proof of existence for a piece of digital data.

• Ensure data integrity over time.
• Provide non-repudiation: sender cannot deny that the data existed at the time
claimed.

How Time Stamping Works (Steps)

Step 1: Hash Generation

Client generates a hash (digest) of the document to be timestamped.

Step 2: Time Stamp Request

Client sends this hash to the TSA in a Time Stamp Request (TSR).
 Step 3: Time Stamp Token Generation

The TSA:

• Appends the current time.

• Signs the hash and timestamp with its private key.
• Generates a Time Stamp Token (TST).

Step 4: Response

The TSA sends back the TST to the client, which can now prove that the original data
existed at the timestamped moment.

Diagram: TSP Workflow

Applications of TSP

• Digital Signatures
• Legal & Compliance Records
• Financial Transactions
• Blockchain
• Software Integrity

3-D Secure Protocol

3-D Secure (Three-Domain Secure) is an XML-based security protocol used to enhance

the security of online credit and debit card transactions. It adds an authentication step
for online payments to reduce fraud and unauthorized usage.
 • Developed by Visa (as Verified by Visa) and later adopted by other card providers:
o Mastercard – SecureCode
o American Express – SafeKey
o JCB – J/Secure

2. Objective of 3-D Secure

• To authenticate the cardholder during online payments.

• To prevent fraudulent transactions in card-not-present (CNP) scenarios.
• To shift liability from the merchant to the card issuer if fraud occurs.

How 3-D Secure Works (Step-by-Step)

1. Cardholder Initiates Payment

o Customer enters card details on the merchant's website.
2. ACS Redirection
o The merchant redirects the user to the Access Control Server (ACS) of the
card issuer for authentication.
3. Authentication
o The ACS prompts the user for verification (e.g., password, OTP, biometric,
or app approval).
4. Result Returned
o If verified, the ACS sends a successful authentication response back to
the merchant via the payment gateway.
5. Transaction Completed
o The merchant proceeds with the transaction and processes the payment.

Diagram: 3-D Secure Workflow

Email Security

Email is a widely used method of communication, but it is inherently insecure by

default. Email security refers to techniques and protocols that protect email content,
sender/receiver identity, and attachments from unauthorized access, tampering,
spoofing, and malware.
Threats to Email Security

• Spoofing – Faking the sender’s address.

• Eavesdropping – Interception of unencrypted emails.
• Malware/Phishing – Malicious attachments and fake messages.
• Spam – Unwanted or harmful bulk messages.

Diagram: Email Security Concept

Benefits of Email Security

• Protects confidential communication.

• Verifies legitimate sources.
• Shields users from spam and phishing.
• Helps organizations maintain compliance with data protection laws.

Kerberos

Kerberos is a network authentication protocol that uses secret-key cryptography to

securely authenticate users and services over insecure networks. It was developed at
MIT and is widely used in enterprise environments like Windows Active Directory.

Core Objective

• Provide mutual authentication (client and server authenticate each other).

• Eliminate the need to send passwords over the network.
• Enable Single Sign-On (SSO).

Working Steps

1. Login & Authentication

o User logs in and sends an encrypted request to the AS.
2. TGT Issuance
o AS verifies the user and sends back a Ticket Granting Ticket (TGT).
3. Service Ticket Request
 o Client sends the TGT to TGS to request access to a service.
4. Service Ticket Issuance
o TGS issues a Service Ticket for the requested service.
5. Access Granted
o Client presents the ticket to the Service Server, which validates it and
allows access.

Diagram: Kerberos Authentication Flow

UNIT 5
Diffie-Hellman Key Exchange

The Diffie-Hellman Key Exchange (DHKE) is a cryptographic protocol that allows two
parties to securely share a secret key over an insecure communication channel without
prior key exchange. It was invented in 1976 by Whitfield Diffie and Martin Hellman, and it
laid the foundation for modern public-key cryptography.

DHKE is based on the difficulty of solving the Discrete Logarithm Problem (DLP) in a
finite field.

• Uses modular arithmetic and prime numbers.

• Security relies on the assumption that computing exponentiation is easy, but
reversing it (logarithm) is hard.

For the sake of simplicity and practical implementation of the algorithm, we will
consider only 4 variables, one prime P and G (a primitive root of P) and two private
values a and b.

P and G are both publicly available numbers. Users (say Alice and Bob) pick private
values a and b and they generate a key and exchange it publicly. The opposite person
receives the key and that generates a secret key, after which they have the same
secret key to encrypt .

Step-by-Step explanation is as follows:

Applications of DHKE

• Establishing session keys in SSL/TLS.

• Used in VPNs, IPSec, and SSH.
• Backbone of Perfect Forward Secrecy (PFS) in secure messaging apps like
Signal.

Firewall
Network Firewalls are the devices that are used to prevent private networks from
unauthorized access. A Firewall is a security solution for the computers or devices that
are connected to a network, they can be either in the form of hardware as well as in
form of software. It monitors and controls the incoming and outgoing traffic (the amount
of data moving across a computer network at any given time ).

The major purpose of the network firewall is to protect an inner network by separating it
from the outer network. An inner Network can be simply called a network created inside
an organization and a network that is not in the range of an inner network can be
considered an Outer Network.

Types of Network Firewalls

Packet Firewalls

It is a technique used to control network access by monitoring outgoing and incoming

packets and allowing them to pass or halt based on the source and destination Internet
Protocol (IP) addresses, protocols, and ports. This firewall is also known as a static
firewall.

Stateful Inspection Firewalls

It is also a type of packet filtering that is used to control how data packets move through
a firewall. It is also called dynamic packet filtering. These firewalls can inspect that if
the packet belongs to a particular session or not. It only permits communication if and
only if, the session is perfectly established between two endpoints else it will block the
communication.
Application Layer Firewalls

These firewalls can examine application layer (of OSI model) information like
an HTTP request. If finds some suspicious application that can be responsible for
harming our network or that is not safe for our network then it gets blocked right away.

IP Security

IP Security (IPSec) refers to a collection of communication rules or protocols used to

establish secure network connections. Internet Protocol (IP) is the common standard
that controls how data is transmitted across the internet. IPSec enhances the protocol
security by introducing encryption and authentication. IPSec encrypts data at the
source and then decrypts it at the destination. It also verifies the source of the data.

Importance of IPSec

IPSec (Internet Protocol Security) is important because it helps keep your data safe and
secure when you send it over the Internet or any network. Here are some of the
important aspects why IPSec is Important:

• IPSec protects the data through Data Encryption.

• IPSec provides Data Integrity.

• IPSec is often used in Virtual Private Networks (VPNs) to create secure, private
connections.

• IPSec protects from Cyber Attacks.

How Does IPSec Work

IPSec (Internet Protocol Security) is used to secure data when it travels over the
Internet. IPSec works by creating secure connections between devices, making sure
that the information exchanged is kept safe from unauthorized access. IPSec majorly
operates in two ways i.e. Transport Mode and Tunnel Mode.

To provide security, IPSec uses two main protocols: AH (Authentication

Header) and ESP (Encapsulating Security Payload). Both protocols are very useful
as Authentication Header verifies the data that whether it comes from a trusted
source and hasn’t been changed, and ESP has the work of performing authentication
and also encrypts the data so that it becomes difficult to read.

For Encryption, IPSec uses cryptographic keys. It can be created and shared using a
process called IKE (Internet Key Exchange), that ensures that both devices have the
correct keys to establish a secure connection.

When two devices communicate using IPSec, the devices first initiate the connection
by sending a request to each other. After that, they mutually decide on protection of
data using passwords or digital certificates. Now, they establish the secure tunnel for
communication. Once the tunnel is set up, data can be transmitted safely, as IPSec is
encrypting the data and also checking the integrity of the data to ensure that data has
not been altered. After the communication is finished, the devices can close the secure
connection. In this way, the IPSec works.

Virtual Private Networks

A VPN (Virtual Private Network) is a technology that creates a secure, encrypted

connection between your device and the internet. It essentially acts as a private tunnel
for your internet traffic, preventing hackers, ISPs, and even governments from
monitoring your activities. When using a VPN, your IP address is masked, and your
online actions are routed through a remote server, making it harder to track your online
activity.

Key Benefits of Using a VPN:

1. Privacy Protection: A VPN hides your IP address, ensuring that your browsing
habits and activities remain private.
 2. Security on Public Networks: Public Wi-Fi networks are often insecure, but a VPN
encrypts your connection, making it safer to browse the internet on networks like
those in cafes or airports.

3. Bypass Geo-restrictions: A VPN allows you to access content that may be

blocked in certain regions (such as streaming platforms, social media sites,
etc.).

4. Prevent Data Throttling: Some ISPs throttle your connection speed when you
stream or play games. A VPN can bypass this, allowing for faster internet speeds.

5. Accessing Remote Work Resources: A VPN enables secure access to private

networks, making it ideal for businesses and remote workers.

How Does a VPN Work

A VPN works by creating an encrypted tunnel between your device and a remote server.
Here's the process simplified:

1. Connection Establishment: When you activate a VPN on your device, it connects

to a server operated by the VPN provider.

2. Encryption: The VPN encrypts your data (information, files, web traffic) so that
it’s unreadable to anyone trying to intercept it, whether it's a hacker on the same
Wi-Fi network or an entity trying to monitor your browsing.

3. Traffic Redirection: Your device’s internet traffic is routed through the VPN server,
which can be located in any country. This makes it appear as though you’re
browsing from the server’s location, masking your actual IP address.

4. Decryption: Once your data reaches the VPN server, it is decrypted and sent to
the destination (such as a website, app, or service). Any response from the
server is then sent back to you through the encrypted tunnel.

This end-to-end encryption ensures that your sensitive data stays private and your
location remains anonymous.

Intrusion Detection System (IDS)

Intrusion is when an attacker gets unauthorized access to a device, network, or system.

Cyber criminals use advanced techniques to sneak into organizations without being
detected.
Intrusion Detection System (IDS) observes network traffic for malicious transactions
and sends immediate alerts when it is observed. It is software that checks a network or
system for malicious activities or policy violations. Each illegal activity or violation is
often recorded either centrally using an SIEM system or notified to an administration.
IDS monitors a network or system for malicious activity and protects a computer
network from unauthorized access from users, including perhaps insiders. The intrusion
detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal)
connections’.

Common Methods of Intrusion

• Address Spoofing: Hiding the source of an attack by using fake or unsecured

proxy servers making it hard to identify the attacker.

• Fragmentation: Sending data in small pieces to slip past detection systems.

• Pattern Evasion: Changing attack methods to avoid detection by IDS systems

that look for specific patterns.

• Coordinated Attack: Using multiple attackers or ports to scan a network,

confusing the IDS and making it hard to see what is happening.

Working of Intrusion Detection System(IDS)

• An IDS (Intrusion Detection System) monitors the traffic on a computer network

to detect any suspicious activity.

• It analyzes the data flowing through the network to look for patterns and signs of
abnormal behavior.

• The IDS compares the network activity to a set of predefined rules and patterns
to identify any activity that might indicate an attack or intrusion.

• If the IDS detects something that matches one of these rules or patterns, it
sends an alert to the system administrator.

• The system administrator can then investigate the alert and take action to
prevent any damage or further intrusion.
IP Spoofing

IP Spoofing is a network attack technique in which an attacker falsifies the source IP

address in the header of IP packets. The goal is to make the packets appear as
though they are coming from a trusted source, tricking the target system into
accepting the communication.

How IP Spoofing Works

Normally, an IP packet includes:

• Source IP address (the sender)

• Destination IP address (the receiver)

In IP spoofing, the attacker modifies the source IP address to mask their identity or
impersonate another device.

This can bypass IP-based authentication systems or cause the victim to respond to
the wrong host.

Types of IP Spoofing

1. Denial-of-service attacks: In denial of service attack, an attacker can use IP

Spoofing to flood a network or system with a large number of requests, making it
unavailable to legitimate users.
2. Unauthorized access: An attacker can use IP Spoofing to bypass access controls
and gain unauthorized access to a system or network.

3. Data interception: An attacker can use IP Spoofing to intercept sensitive data,

such as login credentials, financial information, or personal information.

4. Reputation damage: IP Spoofing can damage the reputation of legitimate

businesses and organizations, as the attack can appear to be coming from their
IP address.

DNS spoofing

DNS spoofing, also known as DNS poisoning or DNS cache poisoning, is a

cyberattack where attackers manipulate Domain Name System (DNS) records to
redirect users to malicious websites or fake versions of legitimate sites. This
redirection can be used to steal credentials, spread malware, or intercept sensitive
information.

In above image -

1. Request to Real Website: User hits a request for a particular website it goes to
the DNS server to resolve the IP address of that website.
2. Inject Fake DNS entry: Hackers already take control over the DNS server by
detecting the flaws and now they add false entries to the DNS server.
3. Resolve to Fake Website: Since the fake entry in the DNS server redirect the user
to the wrong website.

How DNS Works (Briefly)

When a user types a domain (e.g., www.bank.com):

• DNS translates it into an IP address (e.g., 192.0.2.1).
• The browser uses this IP to connect to the correct web server.

In DNS spoofing, this process is hijacked to send users to fake IPs.

Diagram – DNS Spoofing Process

Implementing DNSSEC, using secure DNS servers, and maintaining cache hygiene
are critical to defending against such attacks.

Introduction to Blockchain Technology and Cryptocurrency

Blockchain technology is a distributed ledger system that enables secure,

transparent, and tamper-proof recording of data across a network of computers. It
was originally created to support cryptocurrencies, the most famous being Bitcoin,
but has since found applications in many other fields such as finance, supply chain,
healthcare, and voting systems.

A blockchain is a chain of blocks, where each block contains:

• A list of transactions/data.
• A timestamp.
• A reference (hash) to the previous block.
• A unique hash for integrity verification.

Once data is added to the blockchain, it becomes immutable, meaning it cannot be

altered without changing all subsequent blocks—a practically impossible task due
to consensus mechanisms.

How does Blockchain Technology Work?

One of the famous use of Blockchain is Bitcoin. Bitcoin is a cryptocurrency and is

used to exchange digital assets online. Bitcoin uses cryptographic proof instead of
third-party trust for two parties to execute transactions over the Internet. Each
transaction protects through a digital signature.
Diagram: Blockchain Transaction Process

Key Features of Blockchain

Feature Description
No central authority; every node in the network holds a
Decentralization copy of the ledger.
Immutability Data, once recorded, cannot be altered or deleted.
Transparency All participants can view the transaction history.
Transactions are verified through mechanisms like Proof of
Consensus
Work or Proof of Stake.
Auditability Easy to track and audit past transactions.

What Is Cryptocurrency?
 Cryptocurrency is a digital or virtual currency that uses cryptography for security
and operates independently of a central authority (such as a bank). Most
cryptocurrencies run on blockchain technology, which acts as their public
transaction ledger.

Key Characteristics of Cryptocurrency

• Decentralized: Not controlled by governments or central banks.

• Secure: Uses cryptographic algorithms to secure transactions.
• Anonymous/Pseudonymous: Users can transact without revealing personal
identity.
• Blockchain-based: Transactions are recorded on a blockchain.
• Global and fast: Transactions occur across borders in minutes.

Popular Cryptocurrencies
Cryptocurrency Symbol Purpose

Bitcoin BTC First and most widely used cryptocurrency.

Ethereum ETH Supports smart contracts and dApps.

Ripple XRP Focused on fast, low-cost international transactions.

Litecoin LTC Designed for fast transactions and lower fees.