Professional Documents
Culture Documents
Information Security
Information Security
1|Page
amounts of data to the target, or by sending requests from a large
number of sources.
Targeted DoS attacks: These attacks exploit vulnerabilities in the
target's software. This can be done by sending specially crafted
requests to the target, or by exploiting known vulnerabilities.
There are a number of things that can be done to prevent DoS attacks,
including:
Conclusion
2|Page
Sniffing attacks can be carried out in a number of ways, including:
Spoofing attacks
3|Page
A spoofing attack is a type of cyberattack where the attacker sends
forged messages to a victim. These messages can be used to trick the
victim into revealing sensitive information, or to take control of the
victim's computer.
There are a number of things that can be done to protect against sniffing
and spoofing attacks, including:
Conclusion
Session hijacking: Session hijacking is a type of attack where the
attacker steals the session ID of a user. This ID is used to
authenticate the user to a website. Once the attacker has the
session ID, they can impersonate the user and access the user's
account.
5|Page
Man-in-the-middle attacks: Man-in-the-middle attacks are a type
of attack where the attacker intercepts all of the traffic between two
computers. This allows the attacker to see all of the data that is
being transmitted, including passwords.
There are a number of things that can be done to protect against web
based password capturing, including:
6|Page
Be careful about what information you click on: Don't click on
links in emails or text messages unless you are sure that they are
from a legitimate source.
Use a firewall: A firewall can help to block unauthorized traffic
from entering your network.
Use a VPN: A VPN encrypts all of the traffic that is transmitted
over the VPN, making it much more difficult for attackers to sniff
data.
Keep your software up to date: Software updates often include
security patches that can help to protect against password
capturing attacks.
7|Page
Denial-of-service (DoS) attacks: DoS attacks overwhelm a victim's
computer or network with so much traffic that it becomes unavailable to
legitimate users.
Here are some additional tips for protecting yourself from virus and
trojan attacks:
8|Page
Keep your software up to date. Software updates often include
security patches that can help to protect your computer from
viruses and trojans.
Use antivirus software. Antivirus software can scan your
computer for viruses and trojans.
Back up your data regularly. If your computer is infected with a
virus or trojan, you may lose data. Back up your data regularly so
that you can restore it if necessary.
9|Page
Deter attackers: Honeypots can be used to deter attackers. By
making it appear that a network contains valuable information,
honeypots can make it less attractive to attackers.
access them.
10 | P a g e
Honeypots can be an effective tool for detecting and deterring attackers.
However, they are not a silver bullet. Honeypots should be used as part
of a comprehensive security strategy.
If you are considering using honeypots, there are a few things you need
to keep in mind:
11 | P a g e
RC4 works by generating a pseudo-random stream of bytes that is used
to encrypt the data. The pseudo-random stream is generated using a
key, which is a secret value that is known only to the sender and
receiver of the encrypted data.
Despite its vulnerabilities, RC4 is still a widely used cipher because of its
speed and efficiency. It is a good choice for applications where speed is
critical, such as web browsing and email.
12 | P a g e
7.Implementation of S-DES algorithm for data encryption
import random
def generate_key():
"""Generates a 10-bit key."""
key = ""
for i in range(10):
key += str(random.randint(0, 1))
return key
Args:
plaintext: The plaintext to encrypt.
key: The key to use for encryption.
Returns:
The encrypted ciphertext.
"""
13 | P a g e
plaintext_bits = "0" * (8 - len(plaintext_bits)) + plaintext_bits
return ciphertext
Args:
ciphertext: The ciphertext to decrypt.
key: The key to use for decryption.
Returns:
The decrypted plaintext.
"""
14 | P a g e
# Decrypt the ciphertext using the key.
plaintext_bits = ""
for i in range(8):
plaintext_bits += str(
(int(ciphertext_bits[i]) ^ int(key_bits[i])) & 1)
return plaintext
if __name__ == "__main__":
# Generate a random key.
key = generate_key()
15 | P a g e
This implementation of S-DES is very simple and can be used to encrypt
and decrypt small amounts of data. However, it is not as secure as more
modern ciphers, such as AES.
Public key
Private key
The Public key is used for encryption, and the Private Key is used for
decryption. Decryption cannot be done using a public key. The two keys
are linked, but the private key cannot be derived from the public key. The
public key is well known, but the private key is secret and it is known
only to the user who owns the key. It means that everybody can send a
message to the user using user's public key. But only the user can
decrypt the message using his private key.
16 | P a g e
The Public key algorithm operates in the following manner:
RSA is the most common public-key algorithm, named after its inventors
Rivest, Shamir, and Adelman (RSA).
17 | P a g e
Select two large prime numbers, p and q.
Multiply these numbers to find n = p x q, where n is called the
modulus for encryption and decryption.
Choose a number e less than n, such that n is relatively prime to
(p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no
common factor except 1. Choose "e" such that 1<e < φ (n), e is
prime to φ (n),
gcd (e,d(n)) =1
If n = p x q, then the public key is <e, n>. A plaintext message m is
encrypted using public key <e, n>. To find ciphertext from the plain
text following formula is used to get ciphertext C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a
concatenation of messages, each of which is encrypted
separately.
To determine the private key, we use the following formula to
calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
The private key is <d, n>. A ciphertext message c is decrypted
using private key <d, n>. To calculate plain text m from the
ciphertext c following formula is used to get plain text m.
m = cd mod n
IP address authentication
Overview
Name:
IP Addresses:
You can add IP addresses by clicking the Add button, which displays the
Add IP Filter dialog. Enter an IP Address and Subnet Mask to indicate
a network to filter.
Important
If requests are made across a proxy, portal, or other such
intermediary, the API Gateway filters on the IP address of the
intermediary. Therefore, you should enter the IP address of the
intermediary on this screen, and not that of the user or client
machine.
You can edit and remove existing IP addresses by selecting the Edit and
Remove buttons.
Access:
192.168.0.16/255.255.255.252
11111111.11111111.11111111.11111100
The top 30 bits of the netmask indicate the network and the last 2 bits
refer to the host on the network. These last 2 bits allow 4 different
addresses as shown in the worked example below.
When the API Gateway receives a request from a certain IP address, the
API Gateway performs a logical AND on the client IP address and the
configured netmask. It also does a logical AND with the IP address
entered in the IP Address filter and the configured subnet mask. If the
AND-ed binary values are the same, the request from the IP address
can be considered in the same network range as that configured in the
filter.
Field Value
IP Address 192.168.0.16
20 | P a g e
Field Value
21 | P a g e
studied, which makes it harder for anyone to guess the key or input of
the algorithm. Cryptography is how we can achieve more secure and
robust connections to elevate our privacy. Advancements in
cryptography makes it harder to break encryptions so that encrypted
files, folders, or network connections are only accessible to authorized
users.
1. Confidentiality
2. Non-repudiation
3. Integrity
4. Authenticity
History of Cryptography
Cryptography began with ciphers, the first of which was the Caesar
Cipher. Ciphers were a lot easier to unravel compared to modern
cryptographic algorithms, but they both used keys and plaintext. Though
simple, ciphers from the past were the earliest forms of encryption.
Today’s algorithms and cryptosystems are much more advanced. They
use multiple rounds of ciphers and encrypting the ciphertext of
messages to ensure the most secure transit and storage of data. There
22 | P a g e
are also methods of cryptography used now that are irreversible,
maintaining the security of the message forever.
The reason for more advanced cryptography methods is due to the need
for data to be protected more and more securely. Most of the ciphers
and algorithms used in the early days of cryptography have been
deciphered, making them useless for data protection. Today’s algorithms
can be deciphered, but it would require years and sometimes decades to
decipher the meaning of just one message. Thus, the race to create
newer and more advanced cryptography techniques continues.
Types of Cryptography
Examples:
AES
DES
Caesar Cipher
23 | P a g e
Public Key Cryptography, or asymmetric cryptography, uses two keys to
encrypt data. One is used for encryption, while the other key can
decrypts the message. Unlike symmetric cryptography, if one key is
used to encrypt, that same key cannot decrypt the message, rather the
other key shall be used.
24 | P a g e
One key is kept private, and is called the “private key”, while the other is
shared publicly and can be used by anyone, hence it is known as the
“public key”. The mathematical relation of the keys is such that the
private key cannot be derived from the public key, but the public key can
be derived from the private. The private key should not be distributed
and should remain with the owner only. The public key can be given to
any other entity.
Examples:
ECC
Diffie-Hellman
DSS
25 | P a g e
good hashing algorithm will produce unique outputs for each input given.
The only way to crack a hash is by trying every input possible, until you
get the exact same hash. A hash can be used for hashing data (such as
passwords) and in certificates.
MD5
SHA-1
SHA-2 family which includes SHA-224, SHA-256, SHA-384, and
SHA-512
SHA-3
Whirlpool
Blake 2
Blake 3
26 | P a g e
iii. The halves are recombined and subject to a
compression permutation to reduce the key from 56
bits to 48 bits. This compressed keys used to
encrypt this round’s plaintext block.
iv. The rotated key halves from step 2 are used in next
round.
v. The data block is split into two 32-bit halves.
vi. One half is subject to an expansion permutation to
increase its size to 48 bits.
vii. Output of step 6 is exclusive-OR’ed with the 48-
itcompressed key from step 3.
viii. Output of step 7 is fed into an S-box, which
substitutes key bits and reduces the 48-bit block
back down to 32-bits.
ix. Output of step 8 is subject to a P-box to permute the bits.
x. The output from the P-box is exclusive-OR’ed with
other half of the data block. k. The two data halves
are swapped and become the next round’s input
27 | P a g e
Advanced Encryption Standard (AES)
28 | P a g e
1. The set of round keys from the cipher key.
2. Initialize state array and add the initial round key
to the starting state array.
3. Perform round = 1 to 9 : Execute Usual Round.
4. Execute Final Round.
5. Corresponding cipher text chunk output of Final
Round Step
ii.
Usual Round : Execute the following operations
which are described above.
1. Sub Bytes
2. Shift Rows
3. Mix Columns
4. Add Round Key , using K(round)
iii.
Final Round: Execute the following operations
which are described above.
1. Sub Bytes
2. Shift Rows
3. Add Round Key, using K(10)
iv.
Encryption : Each round consists of the following
four steps:
i Sub Bytes : The first transformation, Sub Bytes, is
used at the encryption site. To substitute a byte,
we interpret the byte as two hexadecimal digits.
ii Shift Rows : In the encryption, the transformation
is called Shift Rows.
iii Mix Columns : The Mix Columns transformation
operates at the column level; it transforms each
column of the state to a new column.
iv Add Round Key : Add Round Key proceeds one
column at a time. Add Round Key adds a round
key word with each state column matrix; the
operation in Add Round Key is matrix addition.
The last step consists of XO Ring the output of
the previous three steps with four words from the key
schedule. And the last round for encryption does not
involve the “Mix columns” step. [8]
29 | P a g e
v.
Decryption: Decryption involves reversing all the
steps taken in encryption using inverse functions
like a) Inverse shift rows, b) Inverse substitute
bytes, c) Add round key, and d) Inverse mix
columns.
The third step consists of XO Ring the output of
the previous two steps with four words from the key
schedule. And the last round for decryption does not
involve the “Inversemix columns” step
30 | P a g e
AES Encryption and Decryption
Rivest-Shamir-Adleman (RSA)
31 | P a g e
RSA is widely used Public-Key algorithm. RSA
firstly described in 1977. In our proposed work, we are
using RSA algorithm to encrypt the data to provide
security so that only the concerned user can access it.
RSA algorithm involves these steps:
1. Key Generation
2. Encryption
3. Decryption
i
Key Generation
Before the data is encrypted, Key generation
should be done. [9]
Steps:Generate a public/private key pair :
1. Generate two large distinct primes
p and
q
2. Compute
n=
pq and φ = (
p − 1)(
q − 1)
3. Select an
e, 1
< e < φ, relatively prime to φ.
4. Compute the unique integer
d, 1
< d < φ where
ed
≡φ 1.
5. Return public key (
n, e) and private key
d
ii
Encryption
Encryption is the process of converting original
plain text (data) into cipher text (data).
Encryption with key (n , e)
© 2013 Global Journals Inc. (US)
Global Journal of Computer Science and Technology Volume XIII Issue
XV Version I
18( DDDDDDDD ) Year 0132E
1. Represent the message as an integer
32 | P a g e
m € {0
,...,n
−1
}
2. Compute
c=
me
iii
Decryption
mod
n
Decryption is the process of converting the
cipher text (data) to the original plain text(data). [10]
Decryption with key
d: compute
m=
cd mod
n
33 | P a g e
12.Study of Security polices
A security policy is a document that outlines the rules and regulations for
how an organization's information assets are to be used, managed, and
protected. Security policies are important because they help to protect
an organization's data from unauthorized access, use, disclosure,
disruption, modification, or destruction.
34 | P a g e
* **Reduced risk of data breaches:** Security policies can help to reduce
the risk of data breaches by defining the controls that should be applied
to protect sensitive data.
* **Increased compliance with regulations:** Security policies can help
organizations to comply with various regulations, such as the General
Data Protection Regulation (GDPR) and the Health Insurance Portability
and Accountability Act (HIPAA).
* **Improved employee productivity:** Security policies can help to
improve employee productivity by reducing the amount of time that
employees spend dealing with security incidents.
* **Enhanced customer confidence:** Security policies can help to
enhance customer confidence by demonstrating that the organization is
committed to protecting customer data.
Here are some additional tips for developing and implementing security
policies:
35 | P a g e
* **Get buy-in from senior management:** Security policies are more
likely to be successful if they have the support of senior management.
* **Involve employees in the development process:** Employees are
more likely to comply with security policies if they have a say in their
development.
* **Make the policies easy to understand:** Security policies should be
written in plain language and should be easy for employees to
understand.
* **Provide training on the policies:** Employees should receive training
on the organization's security policies.
* **Monitor and enforce the policies:** The organization should monitor
compliance with the security policies and take action to enforce them
when necessary.
36 | P a g e
Firewalls are devices that filter network traffic and prevent unauthorized
access to a network.
37 | P a g e
Access control is the practice of restricting access to a network or
system to authorized users only.
Ethical Hacking
38 | P a g e
Ethical hackers use a variety of techniques to test systems for
vulnerabilities, such as:
Social Engineering
39 | P a g e
Phishing is a technique where the attacker sends an email or text
message that appears to be from a legitimate source, such as a bank or
credit card company. The email or text message will often contain a link
that, when clicked, will take the victim to a fake website that looks like
the real website. Once the victim enters their personal information on the
fake website, the attacker can steal it.
40 | P a g e
Keep your software up to date. Software updates often include
security patches that can help to protect your system from known
vulnerabilities.
Use a firewall and antivirus software. Back up your data regularly.
41 | P a g e