Course: Information and Network Security

Code: 4BCS602
Credits: 3-0-1
D1
 D2

Module 1-Contents
• Introduction – Pillars of information security systems
• Mathematical background for cryptography
Modulo Arithmetic,
The Greatest Common Divisor,
Useful Algebraic Structures,
Chinese Remainder Theorem,
• Cyber-attacks,
• Basics of cryptography - preliminaries,
• Elementary substitution ciphers,
• Elementary transport ciphers,
• Secret key cryptography
3-pillars of information security systems
CIA triad, is a model designed to guide policies for information security within an organization.

• Confidentiality,
• Integrity,
• Availability.

Confidentiality is a set of rules that limits access to the information and provides secrecy.
Integrity is the assurance that the information is trustworthy and accurate.
Availability is a guarantee of reliable access to the information by authorized people.
 Confidentiality
• Ensures that the data or an information system is accessed by only an authorized person.
• It is designed to prevent sensitive information from reaching the wrong people and right
people can get access to their information.
Common method to ensure confidentiality-
• Data encryption.
• User IDs and passwords constitute a standard procedure;
Other methods-
• Two-factor authentication/Multi-factor Authentication,
• Biometric authentication and security tokens,
• key fobs or soft tokens,
• IPsec.
 Integrity:
• Ensures that the data stored on devices is correct and no unauthorized persons
or malicious software has altered data.
• Maintaining the consistency, accuracy, and trustworthiness of data over its entire
life cycle.
measures include :
Version control- to prevent erroneous changes or accidental deletion by authorized users.
Data Verification:
File Hashing
file permissions and user access controls.
cryptographic checksums,
Backups or redundancies must be available to restore the affected data to its correct state.
 Availability:
The ability of a user to access information or resources in a specified location and in
the correct format.
Enables network resources are readily accessible to authorized users.
Availability is best ensured by
• To ensure availability, the network administrator should maintain hardware, make
regular upgrades, Providing adequate communication bandwidth.
• Safeguards against natural disasters- a backup copy may be stored in a
geographically-isolated location.
• Extra security equipment or software such as firewalls and proxy servers can
guard against downtime and unreachable data due to malicious actions such as
denial-of-service (DoS) attacks and network intrusions.
Mathematical background for cryptography
MODULO ARITHMETIC:
 Terminologies
• Plaintext: The original intelligible message.
• Cipher text: The transformed message.
• Cipher: An algorithm / mathematical function for transforming an intelligible message into one
that is unintelligible by transposition and/or substitution methods.
• Key: Some critical information used by the cipher, known only to the sender & receiver.
• Encipher: (encode) the process of converting plaintext to cipher text using a cipher and a key.
• Decipher: (decode) the process of converting cipher text back into plaintext using a cipher and a
key.
• Cryptanalysis: The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called code breaking.
• Cryptology: Both cryptography and cryptanalysis.
• Code: An algorithm for transforming an intelligible message into an unintelligible one using a
code-book.
 Cryptography
• Greek Words, ‘krypto’ means "hidden/ secret" and graphene, means to " study"
write . “Secret writing”.
Cryptography
Art of achieving security by encoding messages to make them non-readable.
Encryption and Decryption
Encryption Algorithms=E
Decryption Algorithms =D
Encryption key=e
Decryption Key =d

Cipher text C= Ee(P)

Plain text P=Dd(C)
 Cryptology = Cryptography + Cryptanalysis
Cryptanalysis:
Technique of decoding messages from a non-readable format back to readable format without
knowing how they were initially converted from readable format to non-readable format.
Secret and Public Key Cryptography
Asymmetric Key Operation
Steganography
• Technique that facilitates hiding of a messages that is to be kept
secret inside other messages.
• concealing messages or information within other non-secret text or
data.
1111111111111111111100000000000000000001
1111011100001000011111100000000000000000
1100000000000000111111110000000000000000
1100000000000001111111111000000000000000
1000000000000011000011111100000000000000
1000000000000010000011111100000000000000
1000000000000010000001111110000000000000
1100000000000110000000111111100000000000
1110000000000110000111111111111000000001
1111011100001111101111111111111100000001
1111111111111110001000111111111100000000
1111111111111110000000111111111110000011
1111111111111110001001111111111110011111
1111111111111111011001111111111111111111
1111111111111111011101111111111111111111
1111111111111111001111111111111111111111
1111111111111111101111111111111111111111
1111111111111111111111111111111111111111
1111111111111111111111111111111111111111
1111111111111111111011111111111111111111
1111111111111111110000011111111111111111
1111111111111111000000001111111101111111
1111111111111110000000001111111111111111
1111111111111110000000001111111111111111
Types of Attacks(cyber attacks)
Main motives for launching cyber attacks
• Theft of sensitive information
• Disruption of services.
• Illegal access to or use of resources.
Theft of sensitive information:

• Many organizations store and communicate sensitive information on new

products to be designed.

• Revenue source can be usually advantageous to a company competitors.

• Military and defense plan details of any nation.

• Private bodies like banks, individual personal information like credit cards,
passwords..etc(Identity theft).
Disruption of services
• Interruption of service against an organization server which causes
unavailable or inaccessible.
Eg: Attacks, being launched by business rivals of e-commerce websites.
Illegal access to or use of resources.
• The goal is to use to obtain free access of services to paid resources.
Eg: Online digital products such as magazines, journal articles, free talk
time…etc..
 Technical View
(Attacks)
Practical Approaches

Passive Attacks Active Attacks

 Passive Attacks
-Interception

Release of Message Traffic Analysis

Contents
Passive Attack: Release of Message contents
Passive Attack: Traffic Analysis

Observe traffic pattern

Active Attack : Masquerade/ Interruption
Trying to pose as another entity
Active Attack: Modification

Modify message
Active Attack: Replay
Active Attack: Denial of Service/ Fabrication
 Programs that Attack
Malware –
Malicious software which is specifically designed to disrupt, monitor
online activity, gain authorized access and damage to a computer
system.
1. Virus
2. Worm
3. Trojan Horse
Virus
A Virus is a computer Program that attaches itself to another legitimate
Program, and Causes damage to the Computer System or to the network

Virus can also triggered by specific events

Worm:
A computer worm is a standalone malware computer program that
replicates itself in order to spread to other computer.
A worm does not perform any destructive actions, and instead only
consumes system resources.
Trojan Horse:
It attempts to reveal confidential information about a computer or a
network to an attacker.
 Dealing with Viruses

• Virus –elimination Steps

Detection • Locate where the virus is.

Identification • Identify the virus.

Removal • Remove all traces, restore order.

2. Phishing:
Phishing is a type of social engineering attack often used to steal user data, including login
credentials and credit card numbers.

Attacker sends a forged email to the innocent victim(customer)

Fake email from the attacker to PayPal user
Fake PayPal site asking for user’s
credit-card details.
3. Pharming (DNS Spoofing/poisoning)
Pharming is a cyber attack intended to redirect a website's traffic to
another, fake site.
DNS
www.bob.com 100.10.10.20
 Plain Text and Cipher Text
Plaintext:
Signifies a message that can be understood by the sender, the recipient , and also by
anyone else who gets access to that message.

Cipher text:
When a plain-text message is codified using any suitable scheme, the resulting
message is caked Cipher text.
Cipher means Code/Secrete
 Techniques for transferring PT to CT

• Substitution Techniques
• Transposition Techniques

Product Cipher :Substitution Techniques + Transposition Techniques

 Substitution Techniques
• Ceasar Cipher
• Modification version of Ceasar Cipher
• Mono-alphabetic Cipher
• Homophonic Substation Cipher
• Polygram Substitution Cipher
• Polyalphabetic Substitution Cipher
• Play fair Cipher
• Hill Cipher
 Caesar cipher
Substitution Cipher: Characters of PT message are replaced by another
characters, numbers or symbols.
Caesar Cipher: Special case of Substitution Technique where in each alphabet in
a message is replaced by an alphabet three places down the line.
Julius Caesar:
 Algorithm to Break Caeser Cipher
WE ARE FROM CMR

Would be encoded as:

WE ARE FROM CMR

Z H DUH IURP FPU
 Modification version of Ceasar Cipher

• Original Plain-text alphabets may not necessarily be 3 positions down the order , but instead can be
any places down the order.
• Alphabet A in PT would not necessarily be replaced by D. It can be replaced by any valid alphabet
i.e, E,F ,G ..so on.
• For each Alphabet there are 25 possibilities of replacement.
Encoded Message:
“ This is INS Class”

The Shifting is done by Key number of positions i.e,

encryption process is cipher text
C=m + e mod26
Decryption process is
m = C+ d mod26
 Mono-Alphabetic Cipher
• Random Substitution
• Given a PT msg , each A can be replaced by any other alphabet(B
trough Z),B can also be replaced by any other random alphabet(A or C
through Z) and So on…
• No relation b/w replacement of B and replacement of A
• Mathematically we have 4*10^26 Possibilities.(Permutations and
Combinations).
 Homophonic Substitution Cipher:
• Similar to mono-alphabetic Cipher.
• One PT alphabet can map to more than one Cipher-text alphabet.
• Eg: A can be replaced by D,H,P,R
• B Can be replaced by E,I,Q, S..etc.

HSC involves substitution of one plain-text character with a Cipher text at a time .
CT character can be any of the chosen set.
 Polygram Substitution Cipher
• A block of alphabets is replaced with another block.
• Replacement happens by Block by Block ,rather than character by
character.
 Polyalphabetic Substitution Cipher
• Leon Battista invented the Polyalphabetic Substitution Cipher in 1568.
Egs: Vigenere Cipher and Beaufort Cipher .
• This Cipher uses multiple one-character Keys.
• Each of the Keys encrypts one PT character.
• After all keys are used they are recycled.
Features of PSC
1) It uses a set of related mono-alphabetic substitution rules.
2) It uses a key that determines which rule is used for which
transformation.
Eg: Vigenere Table

PT: row
Key: Column
CT: Value
Hill cipher
• Treat every message in the Plaintext message as a number, So that
A=0,B=1….Z=25.
• Plaintext: CAT
• Ciphertext: FIN
 Transposition Techniques
• Rail-Fence Technique
• Simple Columnar Transposition Technique
• Vernam Cipher(One-Time Pad)
• Book Cipher/Running-Key Cipher
Rail-Fence Technique
Algorithm:
1. Write down the PT message as a sequence of diagonals
2. Read the plain text written in Step 1 as a sequence of rows.
Plain Text:
“Come home tomorrow”

CipherText:
“cmhmtmrooeoeoorw”
“Writing PT as a sequence of diagonals and then reading it row by row to
produce Cipher text.”
Simple Columnar Transposition Technique

Variation in Simple Transposition Technique.

“Arranges the PT as a sequence of rows of a rectangle that are read in
columns randomly”
Consider a rectangle with 6 columns

Choose the order of Columns : 4,6,1,2,5 and 3

Cipher Text:
“eowoocmroerhmmto”
Simple Columnar Transposition Technique with
Multiple rounds
Plaintext: “Come tome tomorrow”

Random column nos:: 4,6,1,2,5 and 3

CipherText generated in round 1: “eowoocmroerhmmto”

Random column nos:: 4,6,1,2,5 and 3

CipherText generated in round 2:”oeochemmormormot”
Vernam Cipher/One-time Pad
The length of the input Cipher text is equal to the length of the
original plain text
Plaintext: “how are you”
One-time Pad: “NCBTZQARX”

Vernam Cipher uses a one –time pad, which is discard after a single
use, (suitable for short messages)
Book Cipher/Running Key Cipher
Eg: 222:9:2
page number: line number : Word num.
character/word will be used as a One-time Pad.
Product Cipher
• Substitution + Transposition Ciphers