LECTURE 1 (Attacks on Computers and Computer Security)

Threats - A threat is an object, person, or other entity that represents a constant danger to an
asset.
Threat Categories
• Acts of human error or failure

• Compromises to intellectual property

• Deliberate acts of espionage or trespass

• Deliberate acts of information extortion

• Deliberate acts of sabotage or vandalism

• Deliberate acts of theft

• Deliberate software attack

• Forces of nature

• Deviations in quality of service

• Technical hardware failures or errors

• Technical software failures or errors

• Technological obsolesce

Computer Security - generic name for the collection of tools designed to protect data and to
thwart hackers.

Network Security - measures to protect data during their transmission.

Internet Security - measures to protect data during their transmission over a collection of
interconnected networks.

- ASPECTS OF SECURITY

consider 3 aspects of information security:

• Security Attack

• Security Mechanism

• Security Service
Security Attack
• any action that compromises the security of information owned by an organization

• information security is about how to prevent attacks, or failing that, to detect

• attacks on information-based systems

• often threat & attack used to mean same thing

• have a wide range of attacks

• can focus of generic types of attacks

- Passive
- Active

INTERRUPTION - An asset of the system is destroyed or becomes unavailable or unusable.

It is an attack on availability.
Examples:
Destruction of some hardware
Jamming wireless signals
Disabling file
Examples:management systems
INTERCEPTION - An unauthorized party gains access to an asset. Attack on confidentiality.
Wire tapping to capture data in a network.
Illicitly copying data or programs
Eavesdropping
MODIFICATION - When an unauthorized party gains access and tampers an asset. Attack is
on Integrity.
Examples:
Changing data file
Altering a program and the contents of a message
FABRICATION - An unauthorized party inserts a counterfeit object into the system. Attack on
Authenticity. Also called impersonation

Examples:

Hackers gaining access to a personal email and sending message

Insertion of records in data files

Insertion of spurious messages in a network

Security Services - It is a processing or communication service that is provided by a system

to give a specific kind of production to system resources.
Confidentiality is the protection of transmitted data from passive attacks.
Authentication - This service assures that a communication is authentic. For a single
message transmission, its function is to assure the recipient that the message is from
intended source.
Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of connection establishment and during data
transmission.
Data origin authentication: Assumes the authenticity of source of data unit, but does not
provide protection against duplication or modification of data units. Supports5 applications like
electronic mail, where no prior interactions take place between communicating entities.

Integrity means that data cannot be modified without authorization. Like confidentiality, it can
be applied to a stream of messages, a single message or selected fields within a message.
TWO TYPES OF INTEGRITY SERVICES ARE AVAILABLE:
Connection-Oriented Integrity Service: This service deals with a stream of messages,
assures that messages are received as sent, with no duplication, insertion, modification,
reordering or replays. Destruction of data is also covered here. Hence, it attends to both
message stream modification and denial of service.
Connectionless-Oriented Integrity Service: It deals with individual messages regardless of
larger context, providing protection against message modification only. An integrity service
can be applied with or without recovery. Because it is related to active attacks, major concern
will be detection rather than prevention. If a violation is detected and the service reports it,
either human intervention or automated recovery machines are required to recover.

Non-repudiation: prevents either sender or receiver from denying a transmitted message.

This capability is crucial to e-commerce. Without it an individual or entity can deny that he,
she or it is responsible for a transaction, therefore not financially liable.
Access Control - This refers to the ability to control the level of access that individuals or
entities have to a network or system and how much information they can receive. It is the
ability to limit and control the access to host systems and applications via communication
links. For this, each entity trying to gain access must first be identified or authenticated, so
that access rights can be tailored to the individuals.

Availability - It is defined to be the property of a system or a system resource being

accessible and usable upon demand by an authorized system entity. The availability can
significantly be affected by a variety of attacks, some amenable to automated counter
measures i.e authentication and encryption and others need some sort of physical action to
prevent or recover from loss of availability of elements of a distributed system.

SECURITY MECHANISMS
- According to X.800, the security mechanisms are divided into those implemented in a
specific protocol layer and those that are not specific to any particular protocol layer or
security service. X.800 also differentiates reversible & irreversible encipherment mechanisms.
A reversible encipherment mechanism is simply an encryption algorithm that allows data to be
encrypted and subsequently decrypted, whereas irreversible encipherment include hash
algorithms and message authentication codes used in digital signature and message
authentication applications.

SPECIFIC SECURITY MECHANISMS

-Incorporated into the appropriate protocol layer in order to provide some of the OSI security
services
Encipherment: It refers to the process of applying mathematical algorithms for converting
data into a form that is not intelligible. This depends on algorithm used and encryption keys.

Digital Signature: The appended data or a cryptographic transformation applied to any data
unit allowing to prove the source and integrity of the data unit and protect against forgery.

Access Control: A variety of techniques used for enforcing access permissions to the system
resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream
of data units.

Authentication Exchange: A mechanism intended to ensure the identity of an entity by

means of information exchange.

Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.

Routing Control: Enables selection of particular physically secure routes for certain data and
allows routing changes once a breach of security is suspected.

Notarization: The use of a trusted third party to assure certain properties of a data exchange

Pervasive Security Mechanisms

-These are not specific to any particular OSI security service or protocol layer.

Trusted Functionality: That which is perceived to b correct with respect to some criteria.

Security Level: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.

Event Detection: It is the process of detecting all the events related to network security.

Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is
an independent review and examination of system records and activities.

Security Recovery: It deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
Data - is transmitted over network between two communicating parties, who must cooperate
for the exchange to take place.
A logical information channel is established by defining a route through the internet from
source to destination by use of communication protocols by the two parties. Whenever an
opponent presents a threat to confidentiality, authenticity of information, security aspects
come into play.
Information access threats intercept or modify data on behalf of users who should not have
access to that data
Service threats exploit service flaws in computers to inhibit use by legitimate users Viruses
and worms are two examples of software attacks inserted into the system by means of a disk
or also across the network.
The security mechanisms needed to cope with unwanted access fall into two broad
categories.

SOME BASIC TERMINOLOGIES USED

CIPHER TEXT - the coded message.

CIPHER - algorithm for transforming plaintext to ciphertext.

KEY - info used in cipher known only to sender/receiver.

ENCIPHER (ENCRYPT) - converting plaintext to ciphertext.

DECIPHER (DECRYPT) - recovering ciphertext from plaintext.

CRYPTOGRAPHY - study of encryption principles/methods.

CRYPTANALYSIS (CODEBREAKING) - the study of principles/ methods of deciphering

ciphertext without knowing key.

CRYPTOLOGY - the field of both cryptography and cryptanalysis.

CRYPTANALYSIS
-The process of attempting to discover X or K or both is known as cryptanalysis.

-The strategy used by the cryptanalysis depends on the nature of the encryption scheme and
the information available to the cryptanalyst. There are various types of cryptanalytic attacks
based on the amount of information known to the cryptanalyst.

Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.

Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine.
They cannot open it to find the key, however; they can encrypt a large number of suitably
chosen plaintexts and try to use the resulting cipher texts to deduce the key.

Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine,
uses it to decrypt several string of symbols, and tries to use the results to deduce the key

SUBSTITUTION TECHNIQUES - A substitution technique is one in which the letters of

plaintext are replaced by other letters or by numbers or symbols. If the plaintext is viewed as
a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text
bit patterns.

CAESAR CIPHER - The earliest known use of a substitution cipher and the simplest was by
Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter
standing 3 places further down the alphabet. e.g., plain text : pay more money

Cipher text: SDB PRUH PRQHB

MONOALPHABETIC CIPHERS - Here, Plaintext characters are substituted by a different

alphabet stream of characters shifted to the right or left by n positions. When compared to the
Caesar ciphers, these monoalphabetic ciphers are more secure as each letter of the
ciphertext can be any permutation of the 26 alphabetic characters leading to 26! orgreater
than 4 x 1026 possible keys.

PLAYFAIR CIPHERS - It is the best known multiple –letter encryption cipher which
treats diagrams in the plaintext as single units and translates these units into cipher
text diagrams.

HILL CIPHER - It is also a multi letter encryption cipher. It involves substitution of ‘m’
ciphertext letters for ‘m’ successive plaintext letters.

POLYALPHABETIC CIPHERS

Polyalphabetic means that the same letter of a message can be represented by different
letters when encoded.
Vigenere cipher is a polyalphabetic cipher based on using successively shifted alphabets, a
different shifted alphabet for each of the 26 English letters.
TRANSPOSITION TECHNIQUES
Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.

Row Transposition Ciphers - A more complex scheme is to write the message in a

rectangle, row by row, and read the message off, column by column, but permute the order of
the columns.

STEGANOGRAPY - A plaintext message may be hidden in any one of the two ways. The
methods of steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various transformations of the
text.

Character marking – selected letters of printed or typewritten text are overwritten in pencil.
The marks are ordinarily not visible unless the paper is held to an angle to bright light.
Invisible ink – a number of substances can be used for writing but leave no visible trace until
heat or some chemical is applied to the paper.

Pin punctures – small pin punctures on selected letters are ordinarily not visible unless the
paper is held in front of the light.

Typewritten correction ribbon – used between the lines typed with a black ribbon, the
results of typing with the correction tape are visible only under a strong light.

Drawbacks of Steganography

• Requires a lot of overhead to hide a relatively few bits of information.

• Once the system is discovered, it becomes virtually worthless.

LECTURE 2.1
A hardware vulnerability is an exploitable weakness in a computer system that
enables attack through remote or physical access to system hardware.

A hardware backdoor might be removed by replacing the hardware or reflashing

BIOS, or firmware for net devices, graphics processing, power management, etc.
Directory traversal
Also known as file path traversal is a web security vulnerability that allows an attacker
to read arbitrary files on the server that is running an application. This might include
application code and data, credentials for back-end systems, and sensitive operating system
files. In some cases, an attacker might be able to write to arbitrary files on the server, allowing
them to modify application data or behavior, and ultimately take full control of the server.

Rowhammer is classified as a vulnerability affecting some recent DDR DRAM devices where
repeated access to a memory row can result in bit flips in adjustment rows. This means that,
tentatively, a hacker can change any value of the memory’s bit.

Meltdown RDCL (Rogue Data Cache Load) capitalizes on the non-functional execution
capabilities of Intel CPUs. Hackers can use it to break through the kernel’s privilege
boundaries, which typically safeguard sensitive secrets.

Thunderclap is a collection of hardware vulnerabilities that reside in the Thunderbolt

hardware interface produced by Intel. It can be used by hackers with physical access to a
Thunderbolt port to overtake a target system in just a few seconds, executing arbitrary code
at the highest level of privilege and gaining access to encryption keys, passwords, banking
logins and other data.

Speculative Store Bypass (SBS)

A variant of the Spectre security vulnerability, SSB or Speculative Store Bypass enables
hackers to execute memory readers before memory write addresses are revealed. It can also
be used to leak cross-process data. The vulnerability impacts Intel, AMD and ARM variants of
processors.
Screwed drivers according to researchers at Eclypsium, over 40 drivers from major BIOS
vendors — including Huawei, Asus, Toshiba and NVIDIA — are susceptible to “screwed
drivers” vulnerabilities. These are driver design flaws that enable hackers to escalate user
privileges in order to access OS kernel models. The escalation opens and writes access to
control registers (CR), model-specific registers (MSR), chipset I/O space, kernel and physical
virtual memory.

Foreshadow is an execution-related vulnerability that affects Intel CPUs. Hackers use it to

extract sensitive data from the CPUs’ L1 data cache, which is accessible to all processor
cores. 
Bounds Check Bypass Store (BCBS) enables hackers to compromise the branch prediction
capability of modern-day CPUs. After this, they can utilize the CPU’s cache as a side-channel
exploit to extract data from the memory of other processes.

USBAnywhere - this is a collection of USB vulnerabilities that affect the BMC (baseboard
management controller) on Supermicro’s server hardware. Hackers can use them to hijack
thousands of server boards. 

Virus and other malicious programs

Malware is a catch-all term for various malicious software, including viruses, adware,
spyware, browser hijacking software, and fake security software.

Viruses which are the most commonly-known form of malware and potentially the most
destructive. They can do anything from erasing the data on your computer to hijacking your
computer to attack other systems, send spam, or host and share illegal content.

Spyware collects your personal information and passes it on to interested third parties

without your knowledge or consent. Spyware is also known for installing Trojan viruses.

Adware displays pop-up advertisements when you are online.

Fake security software poses as legitimate software to trick you into opening your system to
further infection, providing personal information, or paying for unnecessary or even damaging
"clean ups".

Browser hijacking software changes your browser settings (such as your home page and
toolbars), displays pop-up ads and creates new desktop shortcuts. It can also relay your
personal preferences to interested third parties.

Memory-resident viruses -These viruses hide inside the computer's memory (RAM) and are
activated when the computer is turned on, infecting opened files.

Macro viruses -Maybe the most common type of virus, it infects applications like Microsoft
Word or Microsoft Excel which use macro languages.

File infectors -These viruses attach themselves to program files, usually certain .COM
or .EXE files. When the program file is run, the virus program inside them is also run.
Boot sector viruses -These viruses attach to the DOS boot sector on diskettes or the master
boot record on hard disks. The find their way onto your computer from floppy disks containing
the boot disk virus.

VIRUS COUNTERMEASURES
Detection:Once the infection has occurred, determine that it has occurred and locate the
virus.

Identification: Once detection has been achieved, identify the specific virus that has infected
a program.

Removal: Once the specific virus has been identified, remove all traces of the virus from the
infected program and restore it to its original state. Remove the virus from all infected
systems so that the disease cannot spread further.  

A first-generation scanner–requires a virus signature to identify a virus. Such signature-

specific scanners are limited to the detection of known viruses. 

A second-generation scanner–does not rely on a specific signature. Rather, the scanner

uses heuristic rules to search for probable virus infection. 

Third-generation programs–are memory-resident programs that identify a virus by its

actions rather than its structure in an infected program.

Fourth-generation products–are packages consisting of a variety of antivirus techniques

used in conjunction.

Generic decryption (GD):technology enables the antivirus program to easily detect even the
most complex polymorphic viruses, while maintaining fast scanning speeds .

CPU emulator:A software-based virtual computer. Instructions in an executable file are

interpreted by the emulator rather than executed on the underlying processor. 

Virus signature scanner: A module that scans the target code looking for known
virus signatures.  

Emulation control module: Controls the execution of the target code.  

The digital immune system–is a comprehensive approach to virus protection developed by
IBM. The motivation for this development has been the rising threat of Internet-based virus
propagation. Two major trends in Internet technology have had an increasing impact on the
rate of virus propagation in recent years:

Integrated mail systems: Systems such as Lotus Notes and Microsoft Outlook make it very
simple to send anything to anyone and to work with objects that are received.  

Mobile-program systems: Capabilities such as Java and ActiveX allow programs to move on
their own from one system to another.
An ntrusion Detection System (IDS) is a system that monitors network traffic for suspicious
activity and issues alerts when such activity is discovered. It is a software application that
scans a network or a system for harmful activity or policy breaching.

Classification of Intrusion Detection System

Network intrusion detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It performs an observation of
passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks.

Host intrusion detection systems (HIDS) run on independent hosts or devices on the
network. A HIDS monitors the incoming and outgoing packets from the device only and will
alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot.
Protocol-based intrusion detection system (PIDS) comprises of a system or agent that
would consistently resides at the front end of a server, controlling and interpreting the protocol
between a user/device and the server.

Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that

generally resides within a group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application specific protocols. 
Hybrid intrusion detection system is made by the combination of two or more approaches
of the intrusion detection system. In the hybrid intrusion detection system, host agent or
system data is combined with network information to develop a complete view of the network
system.
Detection Method of IDS:
Signature-based IDS detects the attacks on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the
basis of the already known malicious instruction sequence that is used by the malware. The
detected patterns in the IDS are known as signatures.

Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware
are developed rapidly. In anomaly-based IDS there is use of machine learning to create a
trustful activity model and anything coming is compared with that model and it is declared
suspicious if it is not found in model.

Password Management
Passwords are a set of strings provided by users at the authentication prompts of we
accounts.
Password management is a set of principles and best practices to be followed by users
while storing and managing passwords in an efficient manner to secure passwords as much
as they can to prevent unauthorized access.
Login spoofing- Passwords are illegally collected through a fake login page by
cybercriminals.

Sniffing attack- Passwords are stolen using illegal network access and with tools like key
loggers.

Shoulder surfing attack- Stealing passwords when someone types them, at times using a
micro-camera and gaining access to user data.

Brute force attack- Stealing passwords with the help of automated tools and gaining access
to user data.

Data breach- Stealing login credentials and other confidential data directly from the website
database.
Traditional methods of password management
• Writing down passwords on sticky notes, post-its, etc.

• Sharing them via spreadsheets, email, telephone, etc.

• Using simple and easy to guess passwords

• Reusing them for all web applications

• Often forgetting passwords and seeking the help of 'Forgot Password' option

How to manage passwords

• Use strong and unique passwords for all websites and applications

• Reset passwords at regular intervals

• Configure two-factor authentication for all accounts

• Securely share passwords with friends, family, and colleagues

• Store all enterprise passwords in one place and enforce secure password policies
within the business environment

• Periodically review the violations and take necessary actions.

LECTURE 3: The Security Problem in Computing

Computer Criminals
Amateurs have committed most of the computer crimes reported to date. Most embezzlers
are not career criminals but rather are normal people who observe a weakness in a security
system that allows them to access cash or other valuables. In the same sense, most
computer criminals are ordinary computer professionals or users who, while doing their jobs,
discover they have access to something valuable.
System crackers,  often high school or university students, attempt to access computing
facilities for which they have not been authorized. Cracking a computer's defenses is seen as
the ultimate victimless crime. The perception is that nobody is hurt or even endangered by a
little stolen machine time.

The career computer criminal understands the targets of computer crime. Criminals seldom
change fields from arson, murder, or auto theft to computing; more often, criminals begin as
computer professionals who engage in computer crime, finding the prospects and payoff
good.
Terrorists
We see terrorists using computers in three ways:
targets of attack: denial-of-service attacks and web site defacements are popular for any
political organization because they attract attention to the cause and bring undesired negative
attention to the target of the attack.
propaganda vehicles: web sites, web logs, and e-mail lists are effective, fast, and
inexpensive ways to get a message to many people.
methods of attack: to launch offensive attacks requires use of computers.

METHODS OF DEFENSE
Encryption provides secrecy for data . The most powerful tool in providing computer security
is coding . By transforming data so that it is unintelligible to the outside observer , the value of
an interception and the possibility of a modification or a fabrication are almost nullified.
Software Controls - Programs themselves are the second link in computer security .
Programs must be secure enough to exclude outside attack . They must also be developed
and maintained so that one can be confident of the dependability of the programs .
Hardware Controls - Numerous hardware devices have been invented to assist in computer
security . These devices range from hardware implementations of encryption to locks limiting
access to theft protection to devices to verify users' identities.
Policies - Some controls on computing systems are achieved through added hardware or
software features , as described above . Other controls are matters of policy . In fact , some of
the simplest controls , such as frequent changes of passwords , can be achieved at
essentially no cost but with tremendous effect .
Physical controls include locks on doors , guards at entry points , backup copies of
important software and data , and physical site planning that reduces the risk of natural
disasters . Often the simple physical controls are overlooked while more sophisticated
approaches are sought .
Effectiveness of Controls - Merely having controls does no good unless they are used
properly . The next section contains a survey of some factors that affect the effectiveness of
controls .
Awareness of Problem - People using controls must be convinced of the need for security;
people will willingly cooperate with security requirements only if they understand why security
is appropriate in each specific situation .
Likelihood of Use - Of course , no control is effective unless it is used . The lock on a
computer room door does no good if people block the door open . 
Principle of Effectiveness - Controls must be used to be effective . They must be efficient ,
easy to use , and appropriate.
Overlapping Controls - Several different controls may apply to one exposure . For example ,
security for a microcomputer application may be provided by a combination of controls on
program access to the data , on physical access to the microcomputer and storage media ,
and even by file locking to control access to the processing programs.
Periodic Review - Few controls are permanently effective . Just when the security specialist
finds a way to secure assets against certain kinds of attacks , the opposition doubles its
efforts in an effort to defeat the security mechanism . Thus , judging the effectiveness of a
control is an ongoing task .

ELEMENTARY CRYPTOGRAPHY
Cryptography
-secret writing is the strongest tool for controlling against many kinds of security threats. Well-
disguised data cannot be read, modified, or fabricated easily.
-is rooted in higher mathematics: group and field theory, computational complexity, and even
real analysis, not to mention probability and statistics.

Substitution Ciphers - this technique is called a mono alphabetic cipher or simple

substitution. A substitution is an acceptable way of encrypting text. In this section, we study
several kinds of substitution ciphers.

The Caesar cipher has an important place in history. Julius Caesar is said to have been the
first to use this scheme, in which each letter is translated to the letter a fixed number of places
after it in the alphabet. Caesar used a shift of 3.

Cryptanalysis of Substitution Ciphers - the techniques described for breaking the Caesar
cipher can also be used on other substitution ciphers. Short words, words with repeated
patterns, and common initial and final letters all give clues for guessing the permutation.

The Cryptographer's Dilemma – A cryptanalyst works by finding patterns. Short messages

give the cryptanalyst little to work with, so short messages are fairly secure with even simple
encryption.

A one-time pad is sometimes considered the perfect cipher. The name comes from an
encryption method in which a large, nonrepeating set of keys is written on sheets of paper,
glued together into a pad.

Long Random Number Sequences - A close approximation of a one-time pad for use on
computers is a random number generator. In fact, computer random numbers are not
random; they really form a sequence with a very long period.

The Vernam cipher is immune to most cryptanalytic attacks. The basic encryption involves
an arbitrarily long nonrepeating sequence of numbers that are combined with the plaintext.

Book Ciphers - Another source of supposedly "random" numbers is any book, piece of
music, or other object of which the structure can be analyzed.
Transpositions, Making “Good” Encryption algorithms
Making “Good” Encryption Algorithms - Substitution algorithms “hide” the plaintext and
dissipate high letter frequencies • Transposition algorithms scramble text • Many “good”
algorithms combine both techniques
Shannon’s Characteristics of “Good” Ciphers - Amount of secrecy needed should
determine the amount of labour appropriate for encryption/decryption. • Set of keys and
enciphering algorithm should be free from complexity. • Implementation should be simple •
Errors in ciphering should not propagate. • Size of ciphertext should be no larger than the size
of the plaintext
Properties of “Trustworthy” Encryption Systems - Based on sound mathematics • Been
analyzed by competent experts and found to be sound • Stood the “test of time” • Three
Examples: • DES (data encryption standard) • RSA (Rivest-Shamir-Adelman) • AES
(Advanced Encryption Standard)
Symmetric and Asymmetric Encryption Systems - Symmetric requires one “secret” key
that is used for encryption AND decryption (e.g. Caesar cipher might use a “key” of 3 to
indicate shift by 3) • As long as key remains secret, authentication is provided • Problem is
key distribution; if there are n users, we need n * (n-1)/2 unique keys
Symmetric and Asymmetric Encryption Systems - Asymmetric requires two keys one of
which is a “public key” • The public key is used for encryption and the “private” key is used for
decryption • If there are n users, there are n public keys that everyone knows and n private
keys known only to the user
Stream and Block Ciphers - Stream ciphers – convert one symbol of plaintext immediately
into a symbol of ciphertext • Transformation depends on the plaintext symbol, the key, and the
algorithm • Error can affect all text after the error
Stream and Block Ciphers - Block cipher encrypts a group of plaintext symbols as one block
(e.g. columnar transposition)

Data Encryption Standard

Data encryption is a method of converting data from a readable format (plaintext) into an
unreadable, encoded format (ciphertext).
Encrypted data can only be read or processed after it has been decrypted, using a
decryption key or password. Only the sender and the recipient of the data should have access
to the decryption key.
Data Encryption Standard (DES) is a now-outdated symmetric encryption algorithm—you
use the same key to encrypt and decrypt a message. DES uses a 56-bit encryption key (8
parity bits are stripped off from the full 64-bit key) and encrypts data in blocks of 64 bits.
These sizes are typically not large enough for today’s uses.

Other encryption algorithms have succeeded DES

Triple DES—was once the standard symmetric algorithm. Triple DES employs three
individual keys with 56 bits each. The total key length adds up to 168 bits, but according to
most experts, its effective key strength is only 112 bits.
RSA—a popular public-key (asymmetric) encryption algorithm. It uses a pair of keys: the
public key, used to encrypt the message, and the private key, used to decrypt the message.
Blowfish—a symmetric cipher that splits messages into blocks of 64 bits and encrypts them
one at a time. Blowfish is a legacy algorithm, which is still effective, but has been succeeded
by Twofish.
Twofish—a symmetric cipher leveraging keys up to 256 bits in length. Twofish is used in
many software and hardware environments. It is fast, freely available and unpatented.
The Advanced Encryption Standard (AES) —this algorithm is the standard currently
accepted by the U.S. Government and other organizations. It works well in 128-bit form,
however, AES can use keys of 192 and 256 bits. AES is considered resistant to all attacks,
except brute force.
Elliptic Curve Cryptography (ECC) - is a key-based technique for encrypting data. ECC
focuses on pairs of public and private keys for decryption and encryption of web traffic.
The AES algorithm (also known as the Rijndael algorithm) is a symmetrical block cipher
algorithm that takes plain text in blocks of 128 bits and converts them to ciphertext using keys
of 128, 192, and 256 bits. Since the AES algorithm is considered secure, it is in the worldwide
standard.

How does AES work?

Substitution of the bytes: In the first step, the bytes of the block text are substituted based
on rules dictated by predefined S-boxes (short for substitution boxes).
Shifting the rows: Next comes the permutation step. In this step, all rows except the first are
shifted by one
Mixing the columns: In the third step, the Hill cipher is used to jumble up the message more
by mixing the block’s columns.
Adding the round key: In the final step, the message is XORed with the respective round
key.

What is public key encryption?

Public key encryption, or public key cryptography, is a method of encrypting data with two
different keys and making one of the keys, the public key, available for anyone to use.
In cryptography, a key is a piece of information used for scrambling data so that it appears
random; often it's a large number, or string of numbers and letters.

Uses of Encryption
Encryption - can help protect data you send, receive, and store, using a device. That can
include text messages stored on your smartphone, running logs saved on your fitness watch,
and banking information sent through your online account.
Encryption -is the process that scrambles readable text so it can only be read by the person
who has the secret code, or decryption key. It helps provide data security for sensitive
information.
 - is the process of taking plain text, like a text message or email, and scrambling it into
an unreadable format — called “cipher text.” This helps protect the confidentiality of digital
data either stored on computer systems or transmitted through a network like the internet.

Symmetric and asymmetric encryption: What’s the difference?

Symmetric encryption: uses a single password to encrypt and decrypt data.
Asymmetric encryption: uses two keys for encryption and decryption. A public key, which is
shared among users, encrypts the data. A private key, which is not shared, decrypts the data.

Types of Encryption
Data Encryption Standard: is considered a low-level encryption standard. The U.S.
government established the standard in 1977. Due to advances in technology and decreases
in the cost of hardware, DES is essentially obsolete for protecting sensitive data.
Triple DES: runs DES encryption three times. Here’s how it works: It encrypts, decrypts, and
encrypts data — thus, “triple.” It strengthens the original DES standard, which became
regarded as too weak a type of encryption for sensitive data.
RSA: takes its name from the familial initials of three computer scientists. It uses a strong and
popular algorithm for encryption. RSA is popular due to its key length and therefore widely
used for secure data transmission.
Advanced Encryption Standard: is the U.S. government standard as of 2002. AES is used
worldwide.
Twofish: is considered one of the fastest encryption algorithms and is free for anyone to use.
It’s used in hardware and software.

Why is encryption important? Here are three reasons:

Internet privacy concerns are real
-Encryption helps protect your online privacy by turning personal information into “for
your eyes only” messages intended only for the parties that need them — and no one else.
Hacking is big business
-Cybercrime is a global business, often run by multinational outfits.
Regulations demand it
-The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare
providers to implement security features that help protect patients’ sensitive health information
online.