Professional Documents
Culture Documents
1
Introduction
• The cryptography techniques are to allow pre-agreed users to communicate or securely transfer
data or information even in the presence of malicious users.
• It is not only used to secure the data while it is communicated also, it is used when data is
stored and processed.
– Confidentiality: This is achieved through encrypting the data that is converting the data into a format that
could not be understood by any until it is reconverted or decrypted.
– Integrity: This is achieved using the hash function or message digests. The hash function takes the arbitrary
size input and produces the fixed size output. The output is used to prove the integrity of the data since a
small change in the data will largely affect the output of the data.
– Non-repudiation: This is to ensure that the sender of the information cannot deny at a later stage that he
or she is the owner of the information.
2
Terminologies
• The terminologies in the cryptosystem are
– The cipher text is the transformed text cannot be understandable by anyone until
it is retransformed.
– The secret key is a piece of information that allows the user to perform secure
encryption and decryption.
3
Process
• The encryption technique takes the plain text input and converts it to the cipher text.
• The cipher text will be transmitted to the receiving end and that will be decrypted using
the decryption algorithm to produce the plain text back.’
• The modern cryptography has two types of cryptosystem: Symmetric Key Cryptography
and Asymmetric Key Cryptography.
4
Symmetric Key Cryptography
• The symmetric key cryptography uses the secret key to encrypt the
plain text and the same key is used to decrypt the cipher text.
K K
The following two cipher methods are used to convert the plain text into cipher text
in the symmetric key cryptography.
Stream Cipher: This converts the plain text into cipher text by taking 1 bit or byte of
plain text at a time. This only uses confusion property and key which can be used
only once
Block Cipher: This converts the plain text into cipher text by taking plain text’s block
at a time. This uses confusion as well as diffusion properties and keys which can be
used more than once.
5
Data Encryption Standard (DES)
• It is a block cipher with 64 bit
size block; 56 bits key out of 64
Left 32 bits Right 32 bits
bits key that is every byte last K1
bit are for the key parity. +
f
K16
after preprocessing the 56 bits
key. f
Network.
Output
6
Problem with Symmetric Key Cryptography
• The symmetric key cryptosystem uses the same key for both encryption as well as
decryption and this should be secure, which means only known to the sender and receiver
of the message.
• For example, the both communicating parties Alice and Bob should know the secret key
and the problem is how this secret key will be shared in the public channel.
• There is an option, both Alice and Bob physically meet in a place and share the secure key.
Later on, whenever they want to share the message then sending party can encrypt using
the shared secret key and send to the receiving party. The receiving party can decrypt the
encrypted message or cipher text using the secret key already available.
• However, physically meeting and sharing a key is not feasible in all the cases. Also, each
one has to share the key with multiple parties and this increases the complexity very
largely.
KPub KPri
b
• The public key cryptosystem is mainly used for the data encryption key sharing.
8
Secure Messaging Process using symmetric and
asymmetric cryptosystem
9
RSA algorithm
5. Public key = (n, e) = (221, 5); Private key = (n,d ) = (221, 269).
• Private and public signature keys: The key pair is to generate and verify digital signatures.
• Symmetric data encryption key: A single key used for encryption as well as decryption of
the data to ensure confidentiality.
• Symmetric random number generation key: This is used as a seed to generate the pseudo
random number.
• Symmetric master key: It is to derive other symmetric keys also knows as key-derivation
key.
11
Attacks
• Ciphertext-only attack (COA) –The assumption here is that the cryptanalyst has
access only to the ciphertext, and has no access to the plaintext.
– Brute force attack or exhaustive key search is a type of ciphertext only attack in which
every possible key is tried until the correct one is found. For example, if the key size is 3
bits then all 2^3 possible keys will be tried to find the exact key. This is complex when the
size of the key is large.
13
Cryptoperiod
– Limits the time available for attempts to penetrate the system to get the key.
After the cryptoperiod, even attacker gaining the key will not give any use for
them.
14
Hash functions
• The cryptographic hash function takes arbitrary size input and produces the
fixed size output.
• However, using the brute force search, the equivalent input can be
identified for the output available but this is very exhaustive process.
15
Example
• A small change in the input will give avalanche effect in the output for
example,
• Input 1: Hello Anna University. I am the student of you and in second year of
the course.
– Function: SHA256
– Output1:
df6ba298ff42e40e44e8be8d6303c2bb08230a4c17b52ca8b7037ef5a57c1360
16
Properties
• Pre-Image Resistance: Hash function should be one-way function not
possible to bring the input from the output using any of the functions.
17
Digital Signature
• The digital signature is a technique to ensure the authenticity and the integrity of the
message that is the message is from the specific source and the message is not
modified.
• The user who wishes to send the message will compute the hash of the message,
encrypt the hash using his/her private key and send the message along with the
encrypted hash to the receiver.
• On arrival of the message and the encrypted hash, the receiver decrypts the encrypted
hash using the sender’s public key. Also compute the hash of the received message.
• If the decrypted hash and the computed hash match then the receiving message from
the specific sender and the message are not modified.
18
Public Key Infrastructure
• The public key infrastructure (PKI) is a set of roles, policies, and procedures
needed to create, manage, distribute, use, store and revoke digital certificates
and manage public-key encryption.
• In simple words, the PKI answer the question how does the receiver ensure
that the public key shared by the sender is the authentic and he/she is the one
sending it.
• For example, when we are accessing the google.com server, the public key of
the Google server is shared with us (this is the internal process of the browser)
but we are not sure whether the key belongs to Google or someone else.
19
Digital Certificate
20
Cryptographic Vulnerabilities
• There are various vulnerabilities present in the different
cryptographic techniques.
21
Malware Protection
• It is vital that all users know how to recognize and protect themselves from
malware in all of its forms.
22
Types of malware
• Virus
• Worm
• Trojan
• Advanced Persistent Threat
• Ransomware
• Web drive-by
• Spyware
• Rootkit
• Bots & Botnets
• Adware
• So on
23
Protection Mechanism
• Personal vigilance: The user must be very careful in
downloading any files or clicking on any anonymous links.
24
Intrusion Detection System
• The Intrusion Detection System (IDS) can be a software or
hardware that regularly monitors the network or system for
malicious activity or the violations of the policy.
25
Firewall
• A packet-filtering firewall examines packets in isolation and does not
know the packet's context as shown in the above example.
• Circuit Level Gateway is a session level monitor. For example, TCP data
packet handshaking will be validated based on firewall rules and policies.
26
IDS vs Firewallvs Anti-Virus
• This is achieved by the Intrusion Detection System that is IDS watches for
attacks that originate from within a system.
• The Anti-Virus also checks the attacks within the system but the
traditional Anti-Virus does not have the capability of IDS cannot check
the violation of policy.
27
Threat and Incident Management
28
Vulnerability
• This is the loophole in the application or system that is exploited by the attackers to
damage or disrupt the services.
– Configuration vulnerabilities: These are the vulnerabilities which originate from flaws like
having default passwords, or not using any passwords for accessing the devices such as
camera and home devices or others. This vulnerability is because of the flawed configuration
by the end user or the manufacturer.
29
Vulnerability Management
• This is the process of identifying, evaluating,
removing and reporting security vulnerabilities
in systems and the software that runs on them.
Detect
Vulnerability
Prioritize
remediation
30
Security information and event
management (SIEM)
• These are also used to log security data and generate reports
for compliance purposes that is to check whether the organization
compliance with a standard or not.
31
SIEM - Capabilities
• Data aggregation: Log management collects and aggregate data from different sources such as
network, servers, databases, applications.
• Correlation: Identify the common attributes, and links events together into meaningful bundles.
This is to perform integrate different sources, in order to turn data into useful information.
• Alerting: The automated analysis of correlated events or any anomaly events in the system or
application and alert the administrators.
• Dashboards: Fetch the event data and present into informational charts to assist in seeing
patterns, or identifying activity that is not forming a standard pattern. This makes the security
team to understand the abnormality very well and useful to convince the non-security
professionals.
• Retention: Providing the long-term storage for the historical data thus facilitate correlation of
data over time, and to provide the retention necessary for compliance requirements.
32
Computer Forensic
• The forensic is the process that happens after the incident to collect the evidence found in
devices and digital storage media.
• The objective is to identify, preserve, recover, analyze and present facts and opinions about the
digital information.
• The use of computer forensics is not always tied to a crime. It also used in data recovery
process to gather data from the crashed server, failed drive, formatted operating system or
other situation where a system has unexpectedly stopped working.
– Database forensics: The examination of information contained in databases, both data and related
metadata to identify the unauthorized modification or insertion of the data.
– Email forensics: The recovery and analysis of emails and other information contained in email platforms,
such as schedules, contacts, contents, etc.
– Malware forensics: Analyzing the code to identify possible malicious programs and analyzing their payload.
Such programs may include Trojan horses, Ransomware or various viruses.
– Mobile forensics: It is used for the recovery of digital evidence or the lost data from mobile devices.
33
Forensic Techniques
• Cross-drive analysis: Correlates information found on multiple hard drives, identify the
connection and detect the anomalies if any.
• Live analysis: The device is analyzed from within the Operating System while the device
is running. The analysis looks at volatile data, which is often stored in cache or RAM.
Also, to collect the encryption keys during the encryption process.
• Stochastic forensics: The analyzer reconstructs digital activity without the use of digital
artifacts. Artifacts include clues related to a digital crime, such as changes to file
attributes during data theft. This type of forensic is frequently used where the attacker
is thought to be an insider, who might not leave digital artifacts or delete it.
34
Computer forensics Process
Tools
• Software Tools (Few)
– Autospy
– Encase
– The Sleuth Kit
– Forensic Toolkit, or FTK,
• Hardware tools (Few)
– Forensic Recovery of Evidence Device (FRED)
– CRU Forensic field kit
35
Local Environment Management
• The organization cannot have the same security plan for all location
because the local environment of each location differs hence the unique
security plan is required.
36
Physical Security
• Physical security is the protection of personnel, hardware, software, networks and data from physical actions
and events that could cause serious loss or damage to an organization.
• Security
– Access control
– Surveillance
– Testing
37
Business Continuity Planning
• The service of a business is always affected by two kinds of threats
– one is natural disaster that is through earthquake, flood, cyclone, etc.
– second is attacker that may be the human or the automated bots.
• The safety and security are required to continue the service and protect the service.
Business Continuity Planning and Disaster Recovery Management is a strategy for
maintaining service continuity even if the infrastructure is disrupted by an
unanticipated activity.
38
Google Business Continuity Plan
39
Identity and Access Management
• The Identity and Access management (IAM) ensures the right people access the allotted
resources. This ensures the secure service provisioning and service access.
– Provisioning process: The users with the accounts and access rights are allowed to access systems and
applications any time.
– User access process: This allows users to access a new system by performing access process acts such as
authentication and sign-on.
– Centralized: All access decisions, provisioning, management, and technology are concentrated in a single
physical or virtual location. Policies, standards, and operations are pushed out to all users/sites from this
single location only.
– Decentralized: The organization entities in local, regional, or business unit level can involve in making the
decisions for all access choices, provisioning, management, and technology.
– Federated: Each organization is allowed to subscribe to a common set of policies, standards, and procedures
for the provisioning and management of users.
40
References
• https://purplesec.us/resources/cyber-security-statistics/ [accessed on 28/7/2021]
• https://www.kaspersky.co.in/resource-center/preemptive-safety/what-is-malware-and-how-to-protect-against-it [accessed on
28/7/2021]
• https://www.soscanhelp.com/blog/how-does-antivirus-work [accessed on 30/7/2021]
• https://antivirus.comodo.com/faq/how-antivirus-works.php [accessed on 30/7/2021]
• https://www.checkpoint.com/cyber-hub/network-security/what-is-an-intrusion-detection-system-ids/ [accessed on 30/7/2021]
• https://www.intechopen.com/chapters/67618 [accessed on 30/7/2021]
• https://digitalguardian.com/blog/what-digital-rights-management [accessed on 30/7/2021]
• RakeshAgrawal, Peter J. Haas, and Jerry Kiernan. Watermarking relationaldata: framework, algorithms and analysis. The VLDB
Journal, 12(2):157–169,2003.
• J. Kiernan and R. Agrawal. Watermarking relational databases. In Proceedingsof the 28th International Conference on Very Large
Databases VLDB, 2002.
• Michael Gertz and SushilJajodia (Editors), Handbook of Database Security: Applications and Trends, ISBN-10: 0387485325.
Springer, 2007
• https://en.wikipedia.org/wiki/Confusion_and_diffusion [accessed on 31/7/2021]
• https://www.di-mgt.com.au/rsa_alg.html [accessed on 1/8/2021]
• https://www.tutorialspoint.com/cryptography/attacks_on_cryptosystems.htm [accessed on 1/8/2021]
• https://en.wikipedia.org/wiki/Attack_model [accessed on 1/8/2021]
• https://en.wikipedia.org/wiki/Digital_signature [accessed on 1/8/2021]
• https://en.wikipedia.org/wiki/Public_key_infrastructure [accessed on 1/8/2021]
• Jason Creasey and Ian Glover, Cyber Security Incident Response Guide Version 1, CREST
41
References
• https://www.crest-approved.org/wp-content/uploads/2014/11/CSIR-Procurement-Guide.pdf[accessed on 1/8/2021]
• https://www.g2.com/articles/vulnerability-management [accessed on 30/7/2021]
• https://en.wikipedia.org/wiki/Security_information_and_event_management [accessed on 1/8/2021]
• https://searchsecurity.techtarget.com/definition/computer-forensics [accessed on 1/8/2021]
• https://searchsecurity.techtarget.com/definition/physical-security [accessed on 2/8/2021]
• https://www.ibm.com/in-en/services/business-continuity/plan [accessed on 30/7/2021]
• https://www.i2k2.com/disaster-backup/business-continuity-consulting/ [accessed on 30/7/2021]
• https://cloud.google.com/architecture/dr-scenarios-planning-guide [accessed on 30/7/2021]
• https://en.wikipedia.org/wiki/Length_extension_attack [accessed on 2/8/2021]
• DanBoneh, Twenty Years of Attacks on the RSA Cryptosystem
• https://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf [accessed on 2/8/2021]
• https://www.di-mgt.com.au/rsa_factorize_n.html [accessed on 2/8/2021]
• Effective Cyber Security: A Guide to Using Best Practices and Standards by William Stallings, Addison-Wesley.
• https://www.tutorialspoint.com/cryptography_with_python/cryptography_with_python_rsa_cipher_encryption.htm
[accessed on 16/8/2021]
• https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding [accessed on 16/8/2021]
• https://comtact.co.uk/blog/what-are-the-different-types-of-malware/ [accessed on 17/8/2021]
• https://www.primaryguard.com/disaster-recovery/ [accessed on 17/8/2021]
• https://keccak.team/sponge_duplex.html[accessed on 18/8/2021]
• https://en.wikipedia.org/wiki/Sponge_function[accessed on 18/8/2021]
• https://en.wikipedia.org/wiki/X.509[accessed on 18/8/2021]
42