1.

Crime :

Crime is an action prohibited by law, or the failure to fulfil a required duty, which can result
in legal punishment.

1. Cyber crime against individual

2. Cybercrime against property

3. Cybercrime against organization

4. Cybercrime against Society

5. Crimes emanating from Usenet newsgroups.

Email-Spoofing:

• A spoofed E-Mail is one that appears to originate from one source but actually has
been sent from another source.
• For example, Roopa has an email address roopa@gmail.com. Let us her friend Sheela
become her enemy spoof her Email and sends obscene messages to all her
acquaintances.

Spamming:

• People who create electronic Spam are called spammers.

• Spammers are people who send loads of unwanted messages through electronic
channels like emails or texts. It's tough to stop because it's easy for anyone to start,
and lots of spammers are doing it, flooding inboxes with messages nobody asked for.

Cyber defamation:

• Cyber defamation occurs when defamation takes place with the help of computers and
/or the Internet.

• For example, someone publishes defamatory matter about someone on a website or

sends an Email containing defamation information to all friends of that person.
Internet Time Theft:

• Theft occurs when an authorized person uses the Internet hours paid for by another
person.
• Internet time theft comes under hacking because the person who gets access to
someone else’s ISP user ID and password either by hacking or by gaining accessthe
Internet without the other person’s knowledge.

Salami Attack:

• These attacks are used for committing financial crimes. The idea here is to make the
alteration so insignificant that in a single case it would go completely unnoticed.
• For example, a bank employee inserts a program, into the bank’s servers, that deducts
a small amount of money from the account of every customer.

Data Diddling:

• A data diddling attack involves altering raw data just before it is processed by a
computer and then changing it back after the processing is completed.
• Altering the numbers in a financial spreadsheet before submitting it for approval.

Forgery:

• Counterfeit currency notes, postage and revenue stamps, mark sheets etc., can be
forged using sophisticated computers, printers and scanners.
• Outside many colleges there are soliciting the sale of fake mark sheets or even degree
certificates. These are made using computers and high quality scanners and printers.

Web Jacking:

• Web jacking occurs when some forcefully takes control of a website.

• The actual owner of the website does not have any more control over what appears on
that website.

Hacking

• Every act committed toward breaking into a computer and/or network is hacking and
it is an offense.
• Hackers write or use readymade-computer programs to attack the target computer.
• They possess the desire to destruct and they get enjoyment out of such destruction.
• Some hackers hack for personal monetary gains, such as stealing credit card
information, transferring money from various bank accounts to their own account
followed by withdrawal of money.
 • The purposes of hacking are many, the main ones are as follows:

Greed
Power
Publicity
Revenge
Adventure
Desire to access forbidden information
Destructive mindset

Online frauds:

• An online fraud includes Spoofing website and E-Mail security alerts, hoax mails
about virus threats, lottery frauds and spoofing.
• In spoofing websites and E-mail security threats, fraud sets create authentic looking
websites that are actually nothing but a spoof.
• The purpose of these websites is to make the user enter personal information which is
then used to access business and bank accounts.
• Example: Using someone else's credit card information to make unauthorized
purchases online.

Email Bombing/Mail Bombs

• Email bombing refers to sending a large number of E-Mails to the victim to crash
victim’s E-Mail account or to make victim’s mail servers crash.
• Computer program can be written to instruct a computer to do such tasks on a
repeated basis.

2. Kerberos:

Kerberos is a network authentication protocol that was developed by MIT as a

part of Project Athena. It provides secure authentication for users and services
over a non-secure network, such as the internet. The name "Kerberos" is
derived from Greek mythology and refers to the three-headed dog guarding the
entrance to Hades, emphasizing the protocol's focus on security.

Key Components of Kerberos:

1. Authentication Server (AS): The AS authenticates users and issues

Ticket Granting Tickets (TGT) upon successful authentication. TGT is a
temporary encryption key that allows users to request service tickets.
2. Ticket Granting Server (TGS): TGS issues service tickets after verifying
the TGT. Service tickets are used by users to authenticate themselves to
specific services.
3. Key Distribution Center (KDC): KDC is a centralized authentication
server that consists of AS and TGS. It stores authentication information
securely.
 4. Realm: A realm is a Kerberos administrative domain where
authentication and authorization take place.
5. Principal: A principal is a unique entity within a realm, often
representing a user or a service.

How Kerberos Works:

1. Authentication:
• User authenticates with the AS by providing their credentials
(username and password).
• AS verifies the credentials and issues a TGT encrypted with a
secret key derived from the user's password.
2. Authorization:
• User requests a service ticket from TGS for a specific service.
• TGS verifies the TGT and issues a service ticket encrypted with a
session key.
3. Access:
• User presents the service ticket to the desired service.
• The service decrypts the service ticket using the session key and
grants access if valid.
X.509 Certificates:

X.509 is a standard defining the format of public-key certificates. These

certificates are used for secure communication and to establish the identity of
an entity, whether it's a user, a device, or a service, over a network. X.509
certificates are widely used in technologies like HTTPS for secure web
browsing, VPNs, and email encryption.

Components of X.509 Certificates:

1. Public Key: The public key is used for encryption and verifying digital
signatures.
2. Private Key: Kept secret, the private key is used for decrypting data
encrypted with the corresponding public key and for creating digital
signatures.
3. Certificate Authority (CA): A trusted entity that issues digital certificates.
CAs verify the identity of certificate holders before issuing certificates.
4. Subject: The entity the certificate is issued to, such as a person,
organization, or a device.
5. Issuer: The CA that issues the certificate.
6. Validity Period: The timeframe during which the certificate is
considered valid.
7. Digital Signature: A cryptographic technique used to verify the
authenticity and integrity of the certificate.

How X.509 Certificates Work:

1. Certificate Request:
• An entity requests a certificate from a CA.
• The CA verifies the identity of the entity and creates a certificate
containing the entity's public key and other relevant information.
2. Certificate Issuance:
• The CA signs the certificate with its private key, creating a digital
signature.
• The CA's public key, which is widely distributed and trusted, can
be used to verify the CA's signature on the certificate.
3. Certificate Usage:
• The entity can use its private key to encrypt data or create digital
signatures.
• Other parties can use the entity's public key, obtained from the
certificate, to decrypt messages encrypted by the entity or verify
digital signatures created by the entity.
3.Elliptic curve:

An elliptic curve is a smooth, continuous curve defined by a

mathematical equation of the form y^2 = x^3 + ax + b, where a and b are
constants. In the context of cryptography, elliptic curves are used in various
algorithms, including Elliptic Curve Cryptography (ECC), due to their
mathematical properties that make them suitable for secure encryption and
digital signatures.

What is elliptical curve cryptography (ECC)?

Elliptical curve cryptography (ECC) is a public key encryption technique based

on elliptic curve theory that can be used to create faster, smaller and more
efficient cryptographic keys.

ECC is an alternative to the Rivest-Shamir-Adleman (RSA) cryptographic

algorithm and is most often used for digital signatures in cryptocurrencies,
such as Bitcoin and Ethereum, as well as one-way encryption of emails, data
and software.