Professional Documents
Culture Documents
Chapter 1
1.1
Introduction
1.2
Application Security
Computer security
Data Security
Information Security
Network Security
Vishesh Shrivastava
1.3
Principle of Security
Vishesh Shrivastava
Access Control
Access control mechanism is used to prevent unauthorized access
of resources. This helps the operating system to allow the access to
particular data or resource. Whereas authentication controls who
can access network resources, authorization says what they can do
after they have accessed the resources. Authorization grants
Data Confidentiality
It is used to protect the content of data from unauthorized
disclosure. Basically Confidentiality is the protection of
transmitted data from passive attacks. Confidentiality refers to
limiting information access and disclosure to authorized users -"the right people" -- and preventing access by or disclosure to
unauthorized ones -- "the wrong people."
Data Integrity
The concept of data integrity is used to protect data from
unauthorized modifications. Integrity, in terms of data and
network security, is the assurance that information can only be
accessed or modified by those authorized to do so. Measures
taken to ensure integrity include controlling the physical
environment of networked terminals and servers, restricting
access to data, and maintaining authentication practices. Practices
followed to protect data integrity in the physical environment
include: making servers accessible only to network
Vishesh Shrivastava
Non-repudiation
Non- repudiation is the assurance that someone cannot deny
something. Typically, no repudiation refers to the ability to ensure
that a party to a contract or a communication cannot deny the
authenticity of their signature on a document or the sending of a
message that they originated. To repudiate means to deny. For
many years, authorities have sought to make repudiation
impossible in some situations. You might send registered mail, for
example, so the recipient cannot deny that a letter was delivered.
Similarly, a legal document typically requires witnesses to signing
so that the person who signs cannot deny having done so.
On the Internet, a digital signature is used not only to ensure that
a message or document has been electronically signed by the
person that purported to sign the document, but also, since a
digital signature can only be created by one person, to ensure that
a person cannot later deny that they furnished the signature.
Since no security technology is absolutely fool-proof, some
experts warn that a digital signature alone may not always
Availability (Usability)
It assures that a system or a resource is accessible and useable
upon demand of authorized users. Data availability is a term used
by some computer storage manufacturers and storage service
providers to describe products and services that ensure that data
continues to be available at a required level of performance in
situations ranging from normal through "disastrous." In general,
data availability is achieved through redundancy involving where
the data is stored and how it can be reached. Some vendors
describe the need to have a data center and a storage-centric
rather than a server-centric philosophy and environment.
Relationship between Security Service and mechanism
Security Service
Peer entity Authentication
Data origin authentication
Access control
Confidentiality
Traffic flow confidentiality
Data integrity
Non-Repudation
Availability
Data
integrity
exchange.
Vishesh Shrivastava
authentication
Passive Attack
Vishesh Shrivastava
Phishing Attack
In phishing attack the hacker creates a fake web site that looks
exactly like a popular site such as the SBI bank or paypal. The
phishing part of the attack is that the hacker then sends an e-mail
message trying to trick the user into clicking a link that leads to
the fake site. When the user attempts to log on with their account
information, the hacker records the username and password and
then tries that information on the real site.
Hijack attack
In a hijack attack, a hacker takes over a session between you and
another individual and disconnects the other individual from the
communication. You still believe that you are talking to the
original party and may send private information to the hacker by
accident.
Spoof attack
In a spoof attack, the hacker modifies the source address of the
packets he or she is sending so that they appear to be coming from
someone else. This may be an attempt to bypass your firewall
rules.
Buffer overflow
A buffer overflow attack is when the attacker sends more data to
an application than is expected. A buffer overflow attack usually
results in the attacker gaining administrative access to the system
in a command prompt or shell.
Exploit attack
Vishesh Shrivastava
Password attack
An attacker tries to crack the passwords stored in a network
account database or a password-protected file. There are three
major types of password attacks: a dictionary attack, a brute-force
attack, and a hybrid attack. A dictionary attack uses a word list
file, which is a list of potential passwords. A brute-force attack is
when the attacker tries every possible combination of characters.
1.5 Cryptography
Cryptographyis the science of using mathematics to encrypt and
decrypt data. The word is Cryptography derived from the Greek
kryptos, the meaning of kryptos is Hidden. Cryptography is
closely related to the disciplines of cryptology and cryptanalysis.
Cryptography includes techniques such as microdots, merging
words with images, and other ways to hide information in storage
or transit. However, in today's computer-centric world,
Vishesh Shrivastava
Now you will think how does cryptography work? The answer is
A cryptographic algorithm, orcipher, is a mathematical function
used in the encryption and decryption process. A cryptographic
algorithm works in combination with a key a word, number, or
phrase; to encrypt the plaintext. The same plaintext encrypts to
different ciphertext with different keys. The security of encrypted
data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key.
The shift cipher is very simple for encryption of any plain text in
which each letter of the message is shifted a fixed distance down
the alphabet. Our "alphabet," including punctuation and both
upper and lowercase letters, is numbered from 0 to 94.
O
14
P
15
Q
16
R
17
S
18
T
19
U
20
V
21
W
22
X
23
Y
24
Z
25
Vishesh Shrivastava
Y
B
N
Q
A
D
M
P
E
H
I
L
S
V
K
L
H
K
A
D
N
Q
13
25
14
13
19
11
14
Y
25
32
N
14
21
A
1
8
M
13
20
E
5
12
I
9
16
S
19
26
K
11
17
H
8
15
A
1
8
N
14
21
Vishesh Shrivastava
13-25-14-1-13-5-9-19-11-8-1-14
Now we can put the alphabets in place of the numbers and
retrieve the plain text MY NAME IS KHAN.
1.7
b.
c.
d.
e.
f.
Y
B
N
Q
A
D
M
P
E
H
I
L
S
V
K
L
H
K
A
D
N
Q
The cipher text will be: PBQDPHLVNKDQ. Here the key for
encryption is 3 now every alphabet in the plaintext will be
replaced by the third alphabet down the order. As M P,
YB, NQ and so and to make it more complex the spaces
between the words are removed.
b. Modified Caesar Cipher
In the Caesar Cipher, the key is single key, say for e.g. 3, so when
we encrypt the message AA we will get DD. We observe that
Vishesh Shrivastava
But in the Modified Caesar Cipher the key length is variable, say
BC. The first and the second characters were the same As but
Only
group Z26. Just as Brutus helped kill Casear, a brute force attack
so on.
c. Mono-alphabetic cipher
This system was described by Suetonius in his biography of
Caesar and by Caesar himself. Each letter is replaced by the
third letter to follow it alphabetically. Upon reaching the end
of our ciphertext alphabet, we jot down the A, B, C that
werent yet used.
values
strictly
between
and
26
offer
distinct
Vishesh Shrivastava
a. Affine Cipher
The Affine cipher is an example of substitution cipher, and very
much similar to shift cipher. Since a shift cipher can produce only
25 different distinct transformations for the text, it is not a very
secure encryption method. The affine cipher is a generalization of
the shift cipher that provides a little bit more security. The affine
cipher applies multiplication and addition to each character using
the function:
y =(ax+b)MODm
where
x= Numerical value of the letter in the plaintext,
Vishesh Shrivastava
Vishesh Shrivastava
T U V WX
U V WX Y
V WX Y Z
WX Y Z A
X Y Z A B
Y Z A B C
Z A B C D
Y
Z
A
B
C
D
E
Z
A
B
C
D
E
F
A
B
C
D
E
F
G
B
C
D
E
F
G
H
C
D
E
F
G
H
I
D
E
F
G
H
I
J
E
F
G
H
I
J
K
F
G
H
I
J
K
L
G H I J K L MN
H I J K L MN O
I J K L MN O P
J K L MN O P Q
K L MN O P Q R
L MN O P Q R S
MN O P Q R S T
O
P
Q
R
S
T
U
P
Q
R
S
T
U
V
QR S
R S T
S T U
T U V
U V W
V WX
WX Y
A B C D E F G H I J K L MN O P Q R S T U V WX Y Z
B C D E F G H I J K L MN O P Q R S T U V WX Y Z A
C D E F G H I J K L MN O P Q R S T U V WX Y Z A B
D E F G H I J K L MN O P Q R S T U V WX Y Z A B C
E F G H I J K L MN O P Q R S T U V WX Y Z A B C D
F G H I J K L MN O P Q R S T U V WX Y Z A B C D E
G H I J K L MN O P Q R S T U V WX Y Z A B C D E F
H I J K L MN O P Q R S T U V WX Y Z A B C D E F G
I J K L MN O P Q R S T U V WX Y Z A B C D E F G H
J K L MN O P Q R S T U V WX Y Z A B C D E F G H I
K L MN O P Q R S T U V WX Y Z A B C D E F G H I J
L MN O P Q R S T U V WX Y Z A B C D E F G H I J K
MN O P Q R S T U V WX Y Z A B C D E F G H I J K L
N O P Q R S T U V WX Y Z A B C D E F G H I J K L M
O P Q R S T U V WX Y Z A B C D E F G H I J K L MN
P Q R S T U V WX Y Z A B C D E F G H I J K L MN O
Q R S T U V WX Y Z A B C D E F G H I J K L MN O P
R S T U V WX Y Z A B C D E F G H I J K L MN O P Q
S T U V WX Y Z A B C D E F G H I J K L MN O P Q R
Primary key = L
Plaintext = MY NAME IS KHAN
Plain Text
M Y N A M
K H
A N
Key
Y N
M E
H A
Cipher Text
Q M
A C R
A N
Vishesh Shrivastava
Key
Q M
A C R
A N
Cipher Text
Y N
M E
H A
Plain Text
N A
K H
A N
10
. The sender will
4
then calculate:
10 5 6 10
(mod 26)
A =
4
4 8 4
74
= Mod26
72
22
=
20
The first two letters of the ciphertext correspond to 22,20 and are
therefore WU. This step is repeated for the entire plaintext. If
there are not enough letters to form blocks of 2, pad the message
with some letter, say Z.
The message: KESCOLLEGE will be enciphered as:
WU YK GO BY CE
Decipher
To decipher a message, first calculate the inverse of the key A.
d bmod26
A-1 = det(A)-1
c a
5 6mod26
A-1 = (40-24)-1
4
8
5 6
-1
-1
mod26
A = 16
4
8
Vishesh Shrivastava
M=
4
To decrypt the message,the first two letters are 10, 4 which
correspond to K and E. The receiver will repeat this step for every
pair of letters in the ciphertext to recover the original message
KESCOLLERGE.
To use a Hill cipher with different block size the number of rows
and columns in matrix A should be equal to the block size. For
example if the block size is 4 the A should be a matrix of size 4 x
4Rather than working with such large numbers, the Hill cipher
works on groups of letters in a somewhat different manner. The
Hill cipher works by viewing a group of letters as a vector, and
encryption is done by matrix multiplication.
To encrypt the same message consider the following method.
First, our key consists of four numbers which we call a, b, c, and d.
These numbers must be chosen so that the quantity ad-by is
relatively prime to the length of the alphabet, 26 in our case, so
ad-bc cannot be even or a multiple of 13.
To encrypt a pair of letters, we look up their numeric equivalents
as usual. Suppose these numbers are x and y. Then the
corresponding letters in the ciphertext are given by
(ax + by)mod 26 and (cx+dy)mod 26
Forexample, let's encipher the phrase MY NAME IS KHAN
with the key a=2, b=3, c=5, and d=6.
Before using the key lets verify whether it is a valid key or not.
Since,
(ad-bc) = (2*6 2*5) = -3 = 23(mod 26)
this is a valid key. To encode, we break our text up into pairs, and
since there are an odd number of letters, we add x to the end.
PlainText
MY
NA
ME
IS
KH
AN
(13,25)
(14,1)
(13,5) (9,19)
(11,8)
(1,14)
(ax + by)mod26
23
15
23
20
18
(cx + dy)mod26
24
17
25
11
Ciphertext
XH
DY
OQ
XD
UZ
SL
Vishesh Shrivastava
Plaintext
Keystream
Ciphertext XOR
100110111101000011100101000110111101
101010101010101010101010101010101010
001100010111101001001111101100010111
Vishesh Shrivastava
001100010111101001001111101100010111
101010101010101010101010101010101010
100110111101000011100101000110111101
a.
b.
c.
d.
e.
Vishesh Shrivastava
Example:
c. Simple columnar
rounds:
transposition
with
multiple
COLUMN 1
S
M
Algorithm:
Now rewrite column wise using the same key sequence the
ciphertext will be:
XEGXEEFOKTNDUETLOCLSSMAAI
Vishesh Shrivastava
e. Book Cipher
After encryption the sender sends the message to the receiver the
reciever now decodes the encoded message to get the actual data
this process is called as decryption. Decryption is defined as it is
a process to retrive the original plain text from the ciphertext. For
the purpose of encryption we use some methodology considered
as cryptography and that rerquires some encryption key.
Similarly to decrypt the message the decryption key is required.
And the entire process of encryption of plain text using the key at
sender side and decryption of data using the key ar receiver side
is called as Cryptography. We can conclude from the above that
every encryption and decryption process requires two aspects:
Algorithm and Key.
Accordingly the cryptographic mehods depending upon the key
used are divided into two categories:
Plain Text
K
10
E
4
S
18
C
2
O
14
L
11
L
11
E
4
G
6
E
4
OTP
P
15
L
11
A
0
I
8
N
13
T
19
E
4
X
23
T
19
M
12
Initial Total
25
15
18
10
27
30
15
27
25
16
Subtract 26 25
if >26
Cipher text Z
15
18
10
15
25
16
Now the cipher text for the given plain text is ZPSKBEPBZQ.
Vishesh Shrivastava
but the user private key cannot be derived from the widely used
public key.
The problem with symmetric key is the communication of the key
to the receiver this particular problem is overcome by the Diffie
Hellman Key Exchange Algorithm.
Vishesh Shrivastava
Here we can see K1=K2 and hence we can say the key can be
exchanged securely.
1.12 Steganography
B= gy mod n
A and B need not to be kept secret.
5. Sender now calculates the secret key K1 as
K1 = Bx mod n
6. Receiver now calculates the secret key K2 as
K2= Ay mod n
Example:1. Sender and Receiver agree to use a prime
number n = 23 and base g = 5(which is a primitive root
modulo 23).
2. Sender chooses a secret integer x = 6, then sends
Receiver A = gx mod n
A = 56 mod 23 = 8
Vishesh Shrivastava
2.
3.
plaintexts.
4.
guess.
decrypted from it. In an actual real life case this would require
the analyst to have access to the communication channel and
the recipient end.
5.
perform.