UNIT-1

Introduction
Outline
 OSI Security Architecture
 Security Attacks
 Security Services
 Security Mechanism
 Symmetric Cipher Model
 Cryptography
 Cryptanalysis and Attacks
 Substitution and Transposition Techniques
Introduction to Information & N/W Security
OSI Security Architecture
 The OSI (Open Systems Interconnection) security architecture
focuses on Security Attacks, Mechanisms, and Services.
 Security Attack: Any action that compromises the security of
information owned by an organization.
 Security Mechanism: A process that is designed to detect,
prevent, or recover from a security attack.
 Security Service: A communication service that enhances the
security of the data processing systems and the information
transfers of an organization.
Security Attacks
 A passive attack attempts to learn or make use of information
from the system but does not affect system resources.
1. Release of message contents
2. Traffic analysis
 An active attack attempts to alter system resources or affect their
operation.
1. Masquerade (impersonating a legitimate user)
2. Replay (valid data transmission is maliciously repeated or
delayed)
3. Modification of messages
4. Denial of service
1) Release of message contents (Passive Attack)

 A telephone conversation, an electronic mail message, and a

transferred file may contain sensitive or confidential information.
 We would like to prevent an opponent from learning the contents
of these transmissions.
2) Traffic Analysis (Passive Attack)

 In such attacks, an adversary, capable of observing network traffic

statistics in several different networks, correlates the traffic patterns
in these networks.
1) Masquerade Attack (Active Attack)

 A masquerade takes place when one entity pretends to be a

different entity.
2) Replay Attack (Active Attack)

 Replay attack involves the passive capture of a data unit and its subsequent
retransmission/delay to produce an unauthorized effect.
3) Modification of messages Attack (Active Attack)

 Modification of messages simply means that some portion of a

legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect.
4) Denial of Service Attack (Active Attack)

 The denial of service attack prevents the normal use or

management of communications facilities.
Security Services (X.800)
 X.800 standard defines a security service as a service that is
provided by a protocol layer of communicating open systems and
that ensures security of the systems or of data transfers.
 Security Services

Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality

Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery

Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery

Selective Field
Selective Repeat
Connection
Confidentiality
Integrity

Traffic Flow Connection less

Confidentiality Integrity

Selective Field
Connection less
Integrity
Authentication
 Authentication is the assurance that the communicating entity is
the one that it claims to be. Who you are ?
(biometrics)
1. Peer Entity Authentication: Use of physical or
Used in association with a behavioral
characteristics
logical connection to provide
confidence in the identity of Physical
the entities connected. authentication
2. Data-Origin Authentication: In Geolocation (GPS data)
a connectionless transfer, where you are ?
provides assurance that the What you know ?
source of received data is as Knowledge-based Authentication
claimed. • Password
• One-time Passwords
• Network address
Access Control
 Access control is the prevention of unauthorized use of a resource
 This service controls who can have access to a resource, under
what conditions access can occur, and what the accessing
resource is allowed to do).
Data Confidentiality
 Data confidentiality is the protection of data from unauthorized
disclosure.
1. Connection Confidentiality: The
protection of all user data during a
continuous connection.
2. Connectionless Confidentiality: The
protection of all user data regardless
of the absence of a continuous
connection.
3. Selective-Field Confidentiality: The
confidentiality of selected fields
within the user data on a connection
or in a single data block.
4. Traffic-Flow Confidentiality: The
protection of the information that
might be derived from observation of
traffic flows.
Data Integrity
 Data integrity is the assurance that data received are exactly as
sent by an authorized entity (i.e., contain no modification,
insertion, or deletion).
 Data Integrity (Cont…)
 Connection Integrity with Recovery: Provides integrity of all user
data on a connection and detects any modification, insertion,
deletion, or replay of any data with recovery attempted.
 Connection Integrity without Recovery: As above, but provides
only detection without recovery.
 Selective-Field Connection Integrity: Provides integrity of selected
fields within the user data and takes the form of determination of
whether the selected fields have been modified, inserted, deleted,
or replayed.
Data Integrity (Cont…)
 Connectionless Integrity: Provides integrity of a single
connectionless data block and may detect data modification and
replay.
 Selective-Field Connectionless Integrity: Provides integrity of
selected fields within a single connectionless data block;
Determines whether the selected fields have been modified.
Non Repudiation
 Nonrepudiation is the assurance that someone cannot deny
something.
 Typically, nonrepudiation refers to the ability to ensure that a
party in the communication cannot deny the authenticity of their
signature on a document or message that he originated/received.

Transfer Rs. 1,00,000

To Bank
After few days
User A I have never
requested to transfer
Rs. 1,00,000
to Bank Bank
Non Repudiation (Cont…)
 Nonrepudiation-Origin: Proof that the message was sent by the
specified party.
 Nonrepudiation-Destination: Proof that the message was
received by the specified party.
Security Mechanisms (X.800)
 X.800 provides a structured framework for security in the Open
Systems Interconnection (OSI) environment
 Includes various security services and mechanisms needed to protect
data communications.
 Security Services: defines specific security services such as
authentication, access control, data confidentiality, data integrity, and
non-repudiation.
 Security Mechanisms: pecifies security mechanisms that implement
the security services. These mechanisms include encryption, digital
signatures, access control mechanisms, and data integrity checks.
• Specific security mechanisms: Integrated into the appropriate protocol layer in
order to provide some of the OSI security services.
• Pervasive security mechanisms: Not integrated to any particular protocol layer
Security Mechanism (Specific Security)
 Encipherment: Hiding or covering data using mathematical
algorithms.
 Digital Signature: The sender can electronically sign the data and
the receiver can electronically verify the signature.
 Access Control: A variety of mechanisms that enforce access
rights to resources.
 Data Integrity: A variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
 Authentication Exchange: Two entities exchange some messages
to prove their identity to each other.
…
Security Mechanism (Specific security)
 Traffic Padding: The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
 Routing Control: Selecting and continuously changing routes
between sender and receiver to prevent opponent from
eavesdropping.
 Notarization: The use of a trusted third party to assure and
control the communication. It acts as a mediator between sender
and receiver so that chance of conflict is reduced.
Model for Network Security
Trusted third party
(e.g., arbiter, distributer
of secret information)

Sender Recipient
Security -related Info. Security -related
Channel

Message

Message
Message

Message
Transformation Transformation

Secure
Secure

Secret Secret
Information Opponent Information
Encryption and Decryption

Hello f7#er Hello

Sender Encryption Decryption Receiver
 Symmetric Cipher Model (Conventional Encryption)
Secret key shared by Secret key shared by
sender and recipient sender and recipient
K
K
Transmitted
cipher text
Y = E(K, X)
X X
Plaintext Encryption Algorithm Decryption Algorithm Plaintext
input (e.g. AES) (reverse of encryption output
algorithm)
 Plaintext
An
The secretiskey
original
Decryption
Ciphertext the isoriginal
message
isalgorithm
the also isis intelligible
input
scrambled known
to the
essentially
message message
asencryption
the
the oralgorithm.
plaintext,
encryption
produced data that the
while is fed
algorithm
as output. into
coded
run in
 the
The algorithm
messagekey isison
reverse.
It depends aas
called input.
the
value
the ciphertext.
independent
plaintext of thekey.
and the secret plaintext and of the
 Encryption
The process
algorithm.
It takes ofalgorithm
the ciphertext
ciphertext convertingandperforms
is an apparentlyfrom
the secret various
plaintext
key
random and substitutions
to ciphertext
produces
stream isthe
of data known and
as
original
and, as it
 transformations
enciphering
The algorithm
plaintext.
stands, on
orwill
is unintelligible. the plaintext.
encryption;
produce a restoring the plaintext
different output depending from
on the
ciphertext
specific keyisbeing
deciphering
used at or thedecryption.
time.
 An opponent, observing Y but not having access to K or X, may
attempt to recover X or K or both X and K.
 If the opponent is interested in only this particular message, then
he will focus to recover X by generating a plaintext estimate .
 Often, however, the opponent is interested in being able to read
future messages as well, in which case an attempt is made to
recover K by generating an estimate .
Cryptanalysis and Brute-Force Attack
Cryptanalysis is the study and practice of analyzing and breaking
cryptographic systems. The main goal of cryptanalysis is to uncover the
underlying plaintext from ciphertext without knowing the secret key
used for encryption.
 Cryptanalytic attacks rely on the nature of the algorithm and some
knowledge of the general characteristics of the plaintext or even
some sample plaintext–ciphertext pairs.
 This type of attack exploits the characteristics of the algorithm to
attempt to derive a specific plaintext or to derive the key being used.
 Brute-force attack: The attacker tries every possible key on a piece of
ciphertext until an intelligible translation into plaintext is obtained.
 On an average, half of all possible keys must be tried to achieve
success.
Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Ciphertext Only Encryption algorithm, Ciphertext
Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Known Plaintext Encryption algorithm, Ciphertext, One or more plaintext-
cipher text pairs formed with the secret key
Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen Plaintext Encryption algorithm, Ciphertext, Plaintext message chosen by
cryptanalyst with its corresponding ciphertext
Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen Encryption algorithm, Ciphertext, Ciphertext chosen by
Ciphertext cryptanalyst, with its corresponding decrypted plaintext
generated with the secret key
Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen text Encryption algorithm, Ciphertext, Plaintext chosen by
cryptanalyst, with its corresponding ciphertext generated with
the secret key , Ciphertext chosen by cryptanalyst, with its
corresponding decrypted plaintext generated with the secret
key
Substitution Techniques
 A substitution technique is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols.
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
1) Caesar Cipher
 The Caesar cipher involves replacing each letter of the alphabet
with the letter standing k places further down the alphabet.
 In encryption each plaintext letter P, substitute the ciphertext
letter C:
C = E(k, P) = (P + k) mod 26
C = E(3, P) = (P + 3) mod 26
 For decryption algorithm is:

P = D(k, C) = (C - k) mod 26
Caesar Cipher (Cont…)
 Let us assign a numerical equivalent to each letter
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

C = E(3, P) = (P + 3) mod 26
plain: a b c d e f g h i j k l m n o p q r s t u v w x
y z
cipher: d e f g h i j k l m n o p q r s t u v w x y z a
Example:
b c
Plaintext: THE QUICK BROWN FOX
Ciphertext: WKH TXLFN EURZQ IRA
Brute force attack on Caesar Cipher
 The encryption and decryption algorithms are known.
 There are only 25 keys to try.
 The language of the plaintext is known and easily recognizable.
Brute force attack on Caesar Cipher
Ciphertext: ZNK WAOIQ HXUCT LUD
Key Transformed text Key Transformed text
1 YMJ VZNHP GWTBS KTC 14 LZW IMAUC TJGOF XGP
2 XLI UYMGO FVSAR JSB 15 KYV HLZTB SIFNE WFO
3 WKH TXLFN EURZQ IRA 16 JXU GKYSA RHEMD VEN
4 VJG SWKEM DTQYP HQZ 17 IWT FJXRZ QGDLC UDM
5 UIF RVJDL CSPXOGPY
18 HVS EIWQY PFCKB TCL
6 THE QUICK BROWN FOX
19 GUR DHVPX OEBJA SBK
7 SGD PTHBJ AQNVM ENW
8 RFC OSGAI ZPMUL DMV 20 FTQ CGUOW NDAIZ RAJ
9 QEB NRFZH YOLTK CLU 21 ESP BFTNV MCZHY QZI
10 PDA MQEYG XNKSJ BKT 22 DRO AESMU LBYGX PYH
11 OCZ LPDXF WMJRI AJS 23 CQN ZDRLT KAXFW OXG
12 NBY KOCWE VLIQH ZIR 24 BPM YCQKS JZWEV NWF
13 MAX JNBVD UKHPG YHQ 25 AOL XBPJR IYVDU MVE
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
2) Monoalphabetic Cipher (Simple substitution)
 It is an improvement to the Caesar Cipher.
 Instead of shifting the alphabets by some number, this scheme
uses some permutation of the letters in alphabet.
 The sender and the receiver decide on a randomly selected
permutation of the letters of the alphabet.
 With 26 letters in alphabet, the possible permutations are 26!
which is equal to 4x1026.

plain: a b c d e f g h i j k l m n o p q r s t u v w x
y z
cipher: y n l k x b s h m i w d p j r o q v f e a u g t
z c
Attack on Monoalphabetic Cipher
Ciphertext:
uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvu
ephzhmdzshzowsfpappdtsvpquzwymxuzuhsxepyepopdzs
zufpombzwpfupzhmdjudtmohmq
 The relative frequencies of the letters in the ciphertext
(in percentages) are
…Attack on Monoalphabetic Cipher

Standard
Frequency
Distribution
chart for
English

Matching ciphertext frequency in the standard distribution chart of

English

 In our ciphertext, the most common digram is ZW, which appears three times.
So equate Z with t, W with h and P with e.
 Now notice that the sequence ZWP appears in the ciphertext, and we can
translate that sequence as “the.”
…Attack on Monoalphabetic Cipher
 If the cryptanalyst knows the nature of the plaintext, then the
analyst can exploit the regularities of the language.
 The relative frequency of the letters can be determined and
compared to the standard frequency distribution for English.
 If the message were long enough, this technique alone might be
sufficient, but because in this example, message is relatively short,
we cannot expect an exact match.
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
3) Playfair Cipher
 The Playfair algorithm is based on a 5 × 5 matrix (key) of letters.
 The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and
then filling in the remainder of the matrix with the remaining
letters in alphabetic order. The letters I and J count as one letter.
O C U R E
Example: N A B D F
Keyword= OCCURRENCE
Plaintext= TALL TREES G H I/J K L
M P Q S T
V W X Y Z
Playfair Cipher - Encrypt Plaintext
 Playfair, treats digrams (two letters) in the plaintext as single units
and translates these units into ciphertext digrams.
 Make Pairs of letters add filler letter “X” if same letter appears in a
pair.
Plaintext= TALL TREES
Plaintext= TA LX LT RE
 ES
If there is an odd number of letters, then add uncommon letter to
complete digram, a X/Z may be added to the last letter.
Playfair Cipher - Encrypt Plaintext
 Map each pair in key matrix
O C U R E
Plaintext= TA LX LT RE
ES N A B D F
Ciphertext= PF IZ TZ EO
RT G H I/J K L
M P Q S T
V W X Y Z
 If
If the
theletters
the areappear
letters
letters on different
appear rows
ononthe and
thesame
samecolumns,
row, replace
column, replacethem
replace themwith with
them the
withletters
the
on otherto
letters corner of immediate
the same
immediately
their row.right
below, wrapping
respectively,
around
wrapping
to the around
top to if
 The order is important - the first letter of the pair should be replaced first.
the
necessary.
 For left sideusing
example, of thetherow
tableifabove,
necessary.
the letter pair TA would be encoded as PF.
 IfFor example,
both using
the letters thethetable
are in sameabove,
above,
column:the
the
Takeletter
letter pair
pairbelow
the letter RE
LT would be
each one
encoded
(going backasto EO.
TZ.
the top if at the bottom).
 If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
Playfair Cipher Examples
1. Key= “ engineering ” Plaintext=” test this process ”
2. Key= “ keyword ” Plaintext=” come to the window ”
3. Key= “ moonmission ” Plaintext=” greet ”
E N G I R Encrypted Message: K E Y W Encrypted Message:
A B C D F pi tu pm gt ue lf gp xg O lc nk zk vf yo gq ce
bw
H K L M O R D A B
P Q S T U C
V W X Y Z F G H I
M O N I S Encrypted Message: L
A B C D E hq cz du M N P Q
F G H K L S
P Q R T U T U V X
V W X Y Z Z
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
4) Hill Cipher
 Hill cipher is based on linear algebra
 Each letter is represented by numbers from 0 to 25 and
calculations are done modulo 26.
 Encryption and decryption can be given by the following formula:
Encryption: C=PK mod 26

Decryption: P=K-1C mod 26

mod 26
Hill Cipher Encryption
 To encrypt a message using the Hill Cipher we must first turn our
keyword and plaintext into a matrix (a 2 x 2 matrix or a 3 x 3
matrix, etc).
Example: Key = “HILL”, Plaintext = “EXAM”
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

=
Hill Cipher Encryption (Cont…)
== Plaintext
( X )( M ) (23 )( 12)
E A
=
4 0

C=PK mod 26
( 7
11
8
11 )( )
4
23 ( 7
11
8
11 )( )
0
12

x 4 + 8 x 23 = 212 x 0 + 8 x 12 = 96
x 4 + 11 x 23 = 297 x 0 + 11 x 12 = 132

( 7
11
8
11 )( ) (
4
23
=
2 12
297 ) ( 7
11
8
11 )( ) (
0
12
=
96
132 )
= mod 26 = = mod 26 =

Ciphertext = “ELSC”
Hill Cipher Decryption
P=K-1C mod 26
Step:1 Find Inverse of key matrix
Step:2 Multiply the Multiplicative Inverse of the Determinant by the
Adjoin Matrix
Step:3 Multiply inverse key matrix with ciphertext matrix to obtain
plaintext matrix
Step: 1 Inverse of key matrix
2 X 2 inverse of matrix

[ ] [ ]
−1
a b 1 d −b
=
c d ad − cb −c a

3 X 3 inverse of matrix

−1 1
A = ∙ adjoin( A )
determinant ( A )
Step: 1 Inverse of key matrix
( ) ( )
−1
1
I nverse Key ¿ 7 8 = 11 −8
11 11 77 − 88 − 11 7

¿
1
(
11
− 11 − 1 1
−8
7 )
 -11 mod 26 = 15
¿
(
1 11
15 15
18
7)mod 26  Because, modulo for negative
number is = N- (B%N)
= 26 – (11%26)
Step: 2 Modular (Multiplicative) inverse
 The inverse of a number A is 1/A since A * 1/A = 1
e.g. the inverse of 5 is 1/5
 In modular arithmetic we do not have a division operation.
 The modular inverse of A (mod C) is A-1
 (A * A-1) ≡ 1 (mod C)
Example:
 The modular inverse of A mod C is the A-1 value that makes
A * A-1 mod C = 1
A = 3, C = 11
Since (3*4) mod 11 = 1, 4 is modulo inverse of 3
12
A = 10, C = 17 , A-1 = ?
Step 2: Modular (Multiplicative) inverse
Determinants’ multiplicative inverse Modulo 26

Determinant 1 3 5 7 9 11 15 17 19 21 23 25

Inverse Modulo 26 1 9 21 15 3 19 7 23 11 5 17 25

¿
1
15 ( 11
15
18
7 ) mod 26
 Multiplicative inverse of is 7
Step 2: Multiply with adjoin of matrix
¿7
( 11
15 ) (
18
7
=
77
105
1 26
49 ) (
=
25
1
22
23 )
mod 26

¿ thus , if K =
(11
7 8
)
11
−1
then K =
(
25
1
22
23 )
Hill Cipher Decryption
= Ciphertext
( )( ) ( )( )
E
L
S
C
=
4
11
18
2

P=K-1C mod 26
( 25
1
22
23 )( )
4
11 ( 25
1
22
23 )( )
18
2
x 4 + 22 x 11 = 342 x 18 + 22 x 2 = 494
x 4 + 23 x 11 = 257 x 18 + 23 x 2 = 64

( )( ) ( ) ( )( ) ( )
25 22 4 342 25 22 18 494
= =
1 23 11 257 1 23 2 64

= mod 26 = = mod 26 =

Plaintext = “EXAM”
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
5) Polyalphabetic Cipher
 Monoalphabetic cipher encoded using only one fixed alphabet
 Polyalphabetic cipher is a substitution cipher in which the cipher
alphabet for the plain alphabet may be different at different
places during the encryption process.
1. Vigenere cipher
2. Vernam cipher
 Plaintext

K
e
y

PT = HELLO
KEY = GMGMG
CT = NQRXU
Vigenere Cipher
Keyword : DECEPTIVE
Key : DECEPTIVEDECEPTIVEDECEPTIVE
Plaintext : WEAREDISCOVEREDSAVEYOURSELF
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
C =( P1 + K 1 , P 2+ K 2 , … P m + K m ) mod 26
P =( C 1 − K 1 ,C 2 − K 2 , … Cm − K m ) mod 26

An analyst looking at only the ciphertext would detect the repeated

sequences VTW at a displacement of 9 and make the assumption that the
keyword is either three or nine letters in length.
This system is
Keyword : DECEPTIVE referred as
Key : DECEPTIVEWEAREDISCOVEREDSAV an autokey
Plaintext : WEAREDISCOVEREDSAVEYOURSELF system
Vernam Cipher
 The ciphertext is generated by applying the logical XOR operation
to the individual bits of plaintext and the key stream.
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
One time pad
 The one-time pad, which is a provably secure cryptosystem,
was developed by Gilbert Vernam in 1918.
 The message is represented as a binary string (a sequence of 0’s
and 1’s using a coding mechanism such as ASCII coding.
 The key is a truly random sequence of 0’s and 1’s of the same
length as the message.
 message =‘IF’
 then its ASCII code =(1001001 1000110)
 key = (1010110 0110001)
 Encryption:
• 1001001 1000110 plaintext
• 1010110 0110001 key
• 0011111 1110110 ciphertext
Transposition Techniques
 A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.
 The simplest such cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.
 For example, to send the message “Meet me at the park” to Bob,
Alice writes

 She then creates the ciphertext “MEMATEAKETETHPR”.

...Transposition Techniques
 A more complex scheme is to write the message in a rectangle,
row by row, and read the message off, column by column, but
permute the order of the columns.
 Transposition (Columnar): The order of the columns then becomes
the key to the algorithm.
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Cryptography and Cryptanalysis
 Cryptography and Cryptanalysis
• Cryptography is the study of the design of techniques for
ensuring the secrecy and/or authenticity of information
• Cryptanalysis deals with the defeating such techniques to
recover information, or forging information that will be
accepted as authentic
Cryptographic Algorithms
 Cryptographic algorithms and protocols can be grouped into four
main areas
Cryptographic
algorithms and
protocols

Symmetric Asymmetric Data integrity Authentication

encryption encryption algorithms protocols

 Data integrity
Authentication
Symmetric
Asymmetric algorithms
Protocols
encryption
encryption usedused
used to to
are
to protect
schemes
conceal
secure theblocks
based
small of
ondata,
contents
blocks the
of
of such
data,
blocks as
usesuch
of
or
messages,
streams
as offrom
cryptographic
encryptiondata alteration.
algorithms
keys
of any designed
and size,
hash to authenticate
including
function messages,
values, whichtheare
files, identity
used of
encryption
in
entities.
keys,
digital
and
signatures.
passwords
 Steganography

• an alternative to encryption
• hides existence of message
– using only a subset of letters/words in a longer
message marked in some way
– using invisible ink
– hiding in LSB in graphic image or sound file
• has drawbacks
– high overhead to hide relatively few info bits
• advantage is can obscure encryption use
 Demo

• https://stylesuxx.github.io/steganography/
Security Objectives
 Security objectives for information and computing services are
Confidentiality, Integrity, Availability, Authenticity, Accountability.
1) Confidentiality:
• Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
• Privacy: Assures that individuals control what information
related to them may be collected and stored and by whom and
to whom that information may be disclosed.
Security Objectives (Cont…)
2) Integrity:
• Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
• System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
3) Availability: Assures that systems work promptly and service is
not denied to authorized users.
Security Objectives (Cont…)
4) Authenticity:
• The property of being genuine and being able to be verified
and trusted; confidence in the validity of a transmission, a
message, or message originator.
• This means verifying that each input arriving at the system
came from a trusted source.
5) Accountability:
• The security goal that generates the requirement for actions of
an entity to be traced uniquely to that entity.
• This supports nonrepudiation, deterrence, fault isolation,
intrusion detection and prevention, and after-action recovery
and legal action.
Threat and Attack
 Threat: A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could
crack security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
 Attack: An violation on system security that derives from an
intelligent threat; that is, an intelligent act that is a calculated
attempt to avoid security services and violate the security policy
of a system.