Professional Documents
Culture Documents
UNIT-1 INTRODUCTION
Security trends - Legal, Ethical and Professional Aspects of Security, Need for
Security at Multiple levels, Security Policies - Model of network security – Security
attacks, services and mechanisms – OSI security architecture – Classical encryption
techniques: substitution techniques, transposition techniques, steganography).-
Foundations of modern cryptography: perfect security – information theory – product
cryptosystem – cryptanalysis
OBJECTIVE:
To understand OSI security architecture and classical encryption techniques.
CRYPTOGRAPHY [2-Marks]
Cryptography is the art of protecting information by transforming it into an
unreadable format
Three key objectives of the computer security are confidentially, integrity and
availability.
In 1990 to 2001.
In 1990 Intruders(Hackers) knowledge is high so they easily hack our data.So we
started to invent many techniques and software to overcome the hacking.
Credential stuffing
Credential stuffing is a type of cyberattack in which the attacker collects stolen
account credentials, typically consisting of lists of usernames or email addresses
and the corresponding passwords.
DOS Attack
DOS Attack-Denial of Service attack is an attack meant to shut down a machine
or network,making it inaccessible to the intended users.
Widespread Attack
Hijacking huge volume of email passwords and other sensitive data from multiple
governments and private companies.
COPYRIGHTS
Copyright law protects the tangible or fixed expression of an idea, not the idea itself.
A creator can claim copyright, and file for the copyright at a national government
copyright office, if the following conditions are fulfilled:
• The proposed work is original.
• The creator has put this original idea into a concrete form, such as hard copy
(paper), software, or multimedia form
COPYRIGHTS - INFRINGEMENT
Reproduction right: Lets the owner make copies of a work
Organizational Response
Organizations need to deploy both management controls and technical measures to
comply with laws and regulations concerning privacy as well as to implement
corporate policies concerning employee privacy.
Privacy and Data Surveillance
*Data transformation
*Anonymization
*Selective revelation
*Immutable audit
*Associative memory
The security mechanisms needed to cope with unwanted access fall into two
broad categories
1.The first category might be termed a gatekeeper function. [Functions or
Responsibility of GateKeeper]
It includes password-based login procedures that are
2. Once either an unwanted user or unwanted software gains access, the second line
of defense consists of a variety of internal controls that monitor activity and analyze
stored information in an attempt to detect the presence of unwanted intruders
Topic 1.5 Model Network Security
Threat[2-marks]
A potential for violation of security, because of
(1). Circumstances, (2). Capability, (3). Action or event that break security and cause
harm.
Threat is possible that might create Vulnerability.
Attack[2-marks].
It is an intelligent act that is a deliberate attempt to
(1). Avoid security services and (2). Violate the security policy of a system.
1.6 Security attacks, services and mechanisms.
Security attack
Any action that compromises the security of information owned by an organization.
Security mechanism
A mechanism that is designed to detect, prevent or recover from a security attack.
Security service.
A service that enhances the security of the
(1). Data processing systems and
(2). The information transfers of an organization.
CS8792-CRYPTOGRAPHY AND NETWORK SECURITY UNIT -1 PAGE NO -42
The services are proposed to oppose security attacks and they make use of one or more
security mechanisms to provide the service.
Passive Attack do not involve any modification to the contents of an original message
(eaves dropping.)
It is very difficult to detect because they do not involve any alteration of the data..So we
can’t tell they have been attacked.
Types of Passive attacks are
(i) Release of message content
(ii)Traffic Analysis
(i) Release of message content
(i)A telephone conversation,
(ii)Traffic Analysis
Observer the pattern of message from Sender to Receiver [Bob to Alice]
Watch the flow of data
The opponent could determine the location and identity of communication hosts
and could observe the frequency and length of messages being exchanged.
This information might be useful in guessing the nature of communication that was
taking place.
Example
CS8792-CRYPTOGRAPHY AND NETWORK SECURITY UNIT -1 PAGE NO -45
Message from Darth to Alice where Alice thinks of message send by Bob.
(ii)Replay
The attacker sends same information again and again.
(iii)Modification of
Messages
Modification of messages
simply means that some portion of a legitimate(valid) message is altered, or that
messages are delayed or reordered,to produce an unauthorized effect.
It means that some portion of a message is altered by Darth and send to Alice.
Note:There are situations where a user sends a message and later on refuses that she
had sent that message.
CS8792-CRYPTOGRAPHY AND NETWORK SECURITY UNIT -1 PAGE NO -50
1.6 .3 Security Mechanism
Refer Handwritten Notes
1.7Classical Encryption Techniques
Substitution Techniques
Refer Class Notes
Hill Cipher