Skip to content

Introduction to CNS

Curriculum

  • Cryptography and modern cryptography, Need of security, Security services, Basic network security terminology, Security attacks, Classical cryptosystems and their cryptanalysis, Operational model of network security

Introduction

  • Security Layers

    • Physical Security \(\rightarrow\) access control to unauthorised person to physical media and restricted areas
    • Private Security \(\rightarrow\) Security to individual or a group
    • Project Security \(\rightarrow\) Security to details/design of project/operational security.

  • Denial of Service \(\rightarrow\) Make system busy; authorised users cannot access.

  • Information security \(\rightarrow\) includes not only security of information but also security of all infrastructures related to computer system and internet.
  • Degree of security depends on the importance of information.
Elements of Information Security(CIA)
  • Confidentiality
    • only authorised user can access the data
    • Protection of data from unauthorised disclosure
  • Integrity
    • Validity of data is checked by integrity
    • Gives info about any change/modifications in the data.
    • Assurance that data received is as sent by the authorised user.

  • Availability

    • Accessible and usable upon request by authorised user
    • A functioning condition of the server/system at a given instance.

  • Access Control

    • Permit only authorised users
    • Restricts everyone else
  • The security of a computer system can be provided by using secure techniques such as:
    1. Series of Confidence - Using Authentic software
    2. Access Control
    3. Data backup
    4. Ability to detect unpatched known flaws
    5. Antivirus software
    6. Firewalls
    7. Intrusion Detection systems (IDS)
    8. Encryption
    9. Information Security awareness
  • Steps for better security
    • Assets \(\rightarrow\) identify what is imp and to be protected
    • Risks \(\rightarrow\) identify threat, attacks, vulnerability and risks
    • Protections \(\rightarrow\) find out solution for protection of information
    • Tools and Techniques \(\rightarrow\) Select appropriate for protection
    • Priorities \(\rightarrow\) order of tools and techniques for protection of information
  • Category of Computer Security
    • Cryptography
      • aka secret writing
      • used to hide the original message
    • Data security
    • Computer Security models \(\rightarrow\) formal description of security policies
    • Network security
    • Computer Security
    • Security Exploit

  • Security Services

    • Authentication
    • Data confidentiality
    • Access control
    • Integrity \(\rightarrow\) MD5, SHA (hash algorithms) to check integrity of data
    • Non-repudiation
      • Assurance against denial by one of the communication parties.
      • A way to verify who sent the message
      • Digital signature
    • Availability

  • Encryption

    • Plain Text \(\rightarrow\) Cipher Text
    • Types of Encryption (Depending on Number of Keys)
      1. Symmetric (one key for encryption and decryption)
        • E.g. DES, AES, IDEA, 3DES.
      2. Asymmetric (public-key encryption)
        • two different keys are required. (public key & private key)
        • Private key is known to the owner/server
        • E.g. Diffie-Hellman, RSA

  • Decryption

    • Cipher Text \(\rightarrow\) Plain Text

  • Cryptanalysis

    • Art of "Deciphering encrypted message/data" without knowing the key used for encryption
    • various attacks are done to get the plain text
    • The area of Cryptography and cryptanalysis together are called cryptology.

  • Types of Attacks

    • Passive Attack
      • No tampering of data; data is just read by attacker to understand
      • Two Types
        • Release of message contents (to public)
        • Traffic analysis
      • Difficult to detect; as there are no changes in actual data
    • Active Attack
      • Attempts to alter, change or modify information
      • Four categories
        1. Masquerade
          • Attacker pretends to be authorised entity to get access to information
        2. Message Replay
          • Attacker acts as the man in the middle.
          • Receives the data from the server (as server thinks attacker is the authorised user)
          • Attacker then sends the data (replay) to the user to avoid suspicion (attacker acts like server)
        3. Message Modification
          • Original message is captured, tampered and sent to the authorised user
          • Two Types
            • Modification
              • Some parts of original message are modified by attacker
            • Fabrication
              • A completely new fabricated message is sent by attacker
        4. Denial of Service (DoS)
  • The Security of the Encryption algorithm depends upon the key.
  • A key is nothing but a pattern of alphabets/numbers/symbols used to convert plain text to cipher-text.
Asymmetric Encryption
  • Two different keys are used (One for encryption, other for decryption)
  • The keys are mathematically related to each other.
  • Each user has their own public key, thus no need for key distribution.
    • This makes public key cryptography more secure compared to symmetric encryption.
  • Everyone has a public key and a private key
    • If A is communicating with B, both A and B have their public as well as private keys.
    • A and B share their public keys to each other.
    • A encrypt's data using B's public key and sends it to B (Now even A cannot decrypt this as A doesn't have B's private key)
    • B can decrypt the message as it has the private key required to decrypt
  • Real life Example
    • Private key \(\rightarrow\) Mailbox (Only the owner can open it)
    • Public Key \(\rightarrow\) Mailbox (Everyone can put in letters)
    • The owner shares the mailbox address to everyone for them to send message
    • Owner accesses messages using the private key.

Next Unit: Cryptographic Algorithms