Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Lecture notes on Information Security for B.Tech III Year - II Sem students. The notes cover topics such as attacks on computers and computer security, cryptography, symmetric and asymmetric key ciphers, message authentication algorithms and hash functions, and e-mail security. from the Department of Computer Science and Engineering at Malla Reddy College of Engineering & Technology, an autonomous institution recognized under 2(f) and 12 (B) of UGC ACT 1956, affiliated to JNTUH, Hyderabad, approved by AICTE, and accredited by NBA & NAAC – ‘A’ Grade - ISO 9001:2015 Certified.
Typology: Lecture notes
1 / 143
This page cannot be seen from the preview
Don't miss anything!
Recognized under 2(f) and 12 (B) of UGC ACT 1956 (Affiliated to JNTUH, Hyderabad, Approved by AICTE - Accredited by NBA & NAAC – ‘A’ Grade - ISO 9001:2015 Certified) Maisammaguda, Dhulapally (Post Via. Hakimpet), Secunderabad – 500100, Telangana State, India
III Year B. Tech. CSE – II Sem L T/P/D C 4 1/- / - 3 (R15A0519) INFORMATION SECURITY
Explain the objectives of information security Explain the importance and application of each of confidentiality, integrity, authentication and availability Understand various cryptographic algorithms. Understand the basic categories of threats to computers and networks Describe public-key cryptosystem. Describe the enhancements made to IPv4 by IPSec Understand Intrusions and intrusion detection Discuss the fundamental ideas of public-key cryptography. Generate and distribute a PGP key pair and use the PGP package to send an encrypted e-mail message. Discuss Web security and Firewalls UNIT — I Attacks on Computers and Computer Security: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography: Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks. UNIT — II Symmetric key Ciphers: Block Cipher principles & Algorithms(DES, AES, Blowfish), Differential and Linear Cryptanalysis, Block cipher modes of operation, Stream ciphers, RC4,Location and placement of encryption function, Key distribution Asymmetric key Ciphers: Principles of public key cryptosystems, Algorithms(RSA, Diffie-Hellman, ECC), Key Distribution. UNIT — III Message Authentication Algorithms and Hash Functions: Authentication requirements, Functions, Message authentication codes, Hash Functions, Secure hash algorithm, Whirlpool, HMAC, CMAC, Digital signatures, knapsack algorithm Authentication Applications: Kerberos, X. Authentication Service, Public — Key Infrastructure, Biometric Authentication UNIT — IV E-Mail Security: Pretty Good Privacy, S/MIME IP Security: IP Security overview, IP Security architecture, Authentication Header, Encapsulating security payload, Combining security associations, key management
Attacks on Computers and Computer Security (^01) - 08 Cryptography: Concepts and Techniques 08 - 14 II Symmetric key Ciphers 15 - 35 Asymmetric key Ciphers 35 - 50 III Message Authentication Algorithms and Hash Functions 51 - 74 Authentication Applications 74 - 85 IV E-Mail Security 86 - 95 IP Security 96 - 111 V Web Security (^112) – 126 Intruders, Virus and Firewalls 126 - 138
UNIT – I Attacks on Computers and Computer Security: Introduction, The need of Security, Security approaches, Principles of Security, Types of Security Attacks, Security Services, Security Mechanisms, A model for Network Security. Cryptography: Concepts and Techniques: Introduction, Plain text and Cipher Text, Substitution Techniques, Transposition Techniques, Encryption and Decryption, Symmetric and Asymmetric Cryptography, Steganography, Key Range and Key Size, Possible types of Attacks. Introduction: This is the age of universal electronic connectivity, where the activities like hacking, viruses, electronic fraud are very common. Unless security measures are taken, a network conversation or a distributed application can be compromised easily. Some simple examples are: Online purchases using a credit/debit card. A customer unknowingly being directed to a false website. A hacker sending a message to a person pretending to be someone else. Network Security has been affected by two major developments over the last several decades. First one is introduction of computers into organizations and the second one being introduction of distributed systems and the use of networks and communication facilities for carrying data between users & computers. These two developments lead to ‘computer security’ and ‘network security’, where the computer security deals with collection of tools designed to protect data and to thwart hackers. Network security measures are needed to protect data during transmission. But keep in mind that, it is the information and our ability to access that information that we are really trying to protect and not the computers and networks.
Because there are threats Threats A threat is an object, person, or other entity that represents a constant danger to an asset The 2007 CSI survey 494 computer security practitioners 46% suffered security incidents 29% reported to law enforcement Average annual loss $350, 1/5 suffered ‗targeted attack‘ The source of the greatest financial losses? Most prevalent security problem Insider abuse of network access Email Threat Categories Acts of human error or failure Compromises to intellectual property
30 can focus of generic types of attacks Passive Active Passive Attack Active Attack
An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability. Examples: Destruction of some hardware Jamming wireless signals Disabling file management systems
An unauthorized party gains access to an asset. Attack on confidentiality. Examples : Wire tapping to capture data in a network. Illicitly copying data or programs Eavesdropping
When an unauthorized party gains access and tampers an asset. Attack is on Integrity. Examples : Changing data file Altering a program and the contents of a message
An unauthorized party inserts a counterfeit object into the system. Attack on Authenticity. Also called impersonation Examples: Hackers gaining access to a personal email and sending message Insertion of records in data files Insertion of spurious messages in a network
It is a processing or communication service that is provided by a system to give a specific kind of production to system resources. Security services implement security policies and are implemented by security mechanisms.
Confidentiality is the protection of transmitted data from passive attacks. It is used to prevent the disclosure of information to unauthorized individuals or systems. It has been defined as “ensuring that information is accessible only to those authorized to have access”.The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit card number has to be secured during online transaction.
This service assures that a communication is authentic. For a single message transmission, its function is to assure the recipient that the message is from intended source. For an ongoing interaction two aspects are involved. First, during connection initiation the service assures the authenticity of both parties. Second, the connection between the two hosts is not interfered allowing a third party to masquerade as one of the two parties. Two specific authentication services defines in X.800 are Peer entity authentication: Verifies the identities of the peer entities involved in communication. Provides use at time of connection establishment and during data transmission. Provides confidence against a masquerade or a replay attack Data origin authentication: Assumes the authenticity of source of data unit, but does not provide protection against duplication or modification of data units. Supports
Incorporated into the appropriate protocol layer in order to provide some of the OSI security services, Encipherment: It refers to the process of applying mathematical algorithms for converting data into a form that is not intelligible. This depends on algorithm used and encryption keys. Digital Signature: The appended data or a cryptographic transformation applied to any data unit allowing to prove the source and integrity of the data unit and protect against forgery. Access Control: A variety of techniques used for enforcing access permissions to the system resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes once a breach of security is suspected. Notarization: The use of a trusted third party to assure certain properties of a data exchange
These are not specific to any particular OSI security service or protocol layer. Trusted Functionality: That which is perceived to b correct with respect to some criteria Security Level: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: It is the process of detecting all the events related to network security. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: It deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.
Data is transmitted over network between two communicating parties, who must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination by use of communication protocols by the two parties. Whenever an opponent presents a threat to confidentiality, authenticity of information, security aspects come into play. Two components are present in almost all the security providing techniques. A security-related transformation on the information to be sent making it unreadable by the opponent, and the addition of a code based on the contents of the message, used to verify the identity of sender. Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception A trusted third party may be needed to achieve secure transmission. It is responsible for distributing the secret information to the two parties, while keeping it away from any opponent. It also may be needed to settle disputes between the two parties regarding authenticity of a message transmission. The general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose 2. Generate the secret information to be used with the algorithm 3. Develop methods for the distribution and sharing of the secret information 4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service Various other threats to information system like unwanted access still exist. The existence of hackers attempting to penetrate systems accessible over a network remains a concern. Another threat is placement of some logic in computer system affecting various applications and utility programs. This inserted code presents two kinds of threats. Information access threats intercept or modify data on behalf of users who
CLASSICAL ENCRYPTION TECHNIQUES There are two basic building blocks of all encryption techniques: substitution and transposition. SUBSTITUTION TECHNIQUES A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns.
The earliest known use of a substitution cipher and the simplest was by Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter standing 3 places further down the alphabet. e.g., plain text : pay more money Cipher text: SDB PRUH PRQHB Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟. For each plaintext letter p, substitute the cipher text letter c such that C = E(p) = (p+3) mod 26 A shift may be any amount, so that general Caesar algorithm is C = E (p) = (p+k) mod 26 Where k takes on a value in the range 1 to 25. The decryption algorithm is simply P = D(C) = (C-k) mod 26
Here, Plaintext characters are substituted by a different alphabet stream of characters shifted to the right or left by n positions. When compared to the Caesar ciphers, these monoalphabetic ciphers are more secure as each letter of the ciphertext can be any permutation of the 26 alphabetic characters leading to 26! or greater than 4 x 10 26 possible keys. But it is still vulnerable to cryptanalysis, when a cryptanalyst is aware of the nature of the plaintext, he can find the regularities of the language. To overcome these attacks, multiple substitutions for a single letter are used. For example, a letter can be substituted by different numerical cipher symbols such as 17, 54, 69….. etc. Even this method is not completely secure as each letter in the plain text affects on letter in the ciphertext. Or, using a common key which substitutes every letter of the plain text. The key ABCDEFGHIIJ KLMNOPQRSTUVWXYZ QWERTYUIIOPAS DFGHJ KLZXCV BNM Would encrypt the message II think therefore II am into OZIIOFAZIITKTYGKTOQD But any attacker would simply break the cipher by using frequency analysis by observing the number of times each letter occurs in the cipher text and then looking upon the English letter frequency table. So, substitution cipher is completely ruined by these attacks. Monoalphabetic ciphers are easy to break as they reflect the frequency of the original alphabet. A countermeasure is to provide substitutes, known as homophones for a single letter.
It is the best known multiple – letter encryption cipher which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair Cipher is a digram substitution cipher offering a relatively weak method of
lo RV lx YV encryption. It was used for tactical purposes by British forces in the Second Boer War and in World War I and for the same purpose by the Australians and Germans during World War II. This was because Playfair is reasonably fast to use and requires no special equipment. A typical scenario for Playfair use would be to protect important but non-critical secrets during actual combat. By the time the enemy cryptanalysts could break the message, the information was useless to them. It is based around a 5x5 matrix, a copy of which is held by both communicating parties, into which 25 of the 26 letters of the alphabet (normally either j and i are represented by the same letter or x is ignored) are placed in a random fashion. For example, the plain text is Shi Sherry loves Heath Ledger and the agreed key is sherry. The matrix will be built according to the following rules. in pairs, without punctuation, All Js are replaced with Is. SH IS HE RR YL OV ES HE AT HL ED GE R Double letters which occur in a pair must be divided by an X or a Z. E.g. LI TE RA LL Y LI TE RA LX LY SH IS HE RX RY LO VE SH EA TH LE DG ER The alphabet square is prepared using, a 5*5 matrix, no repetition letters, no Js and key is written first followed by the remaining alphabets with no i and j. S H E R Y A B C D F G I K L M N O P Q T U V W X Z For the generation of cipher text, there are three rules to be followed by each pair of letters. letters appear on the same row: replace them with the letters to their immediate right respectively letters appear on the same column: replace them with the letters immediately below respectively not on the same row or column: replace them with the letters on the same row respectively but at the other pair of corners of the rectangle defined by the original pair. Based on the above three rules, the cipher text obtained for the given plain text is HE GH ER DR YS IQ WH HE SC OY KR AL RY Another example which is simpler than the above one can be given as: Here, key word is playfair. Plaintext is Hellothere hellothere becomes ---- he lx lo th er ex. Applying the rules again, for each pair, If they are in the same row, replace each with the letter to its right (mod 5) If they are in the same column, replace each with the letter below it (mod 5) Otherwise, replace each with letter we’d get if we swapped their column indices So the cipher text for the given plain text is KG YV RV QM GI KU he KG
The main advantages of hill cipher are given below: perfectly hides single-letter frequencies. It Use of^ 3x3^ Hill ciphers can perfectly hide both the single letter and two-letter frequency information. Strong enough against the attacks made only on the cipher text. But, it still can be easily broken if the attack is through a known plaintext.
In order to make substitution ciphers more secure, more than one alphabet can be used. Such ciphers are called polyalphabetic , which means that the same letter of a message can be represented by different letters when encoded. Such a one-to-many correspondence makes the use of frequency analysis much more difficult in order to crack the code. We describe one such cipher named for Blaise de Vigenere a 16-th century Frenchman. The Vigenere cipher is a polyalphabetic cipher based on using successively shifted alphabets, a different shifted alphabet for each of the 26 English letters. The procedure is based on the tableau shown below and the use of a keyword. The letters of the keyword determine the shifted alphabets used in the encoding process.
For the message COMPUTING GIVES INSIGHT and keyword LUCKY we proceed by repeating the keyword as many times as needed above the message, as follows. Encryption is simple: Given a key letter x and a plaintext letter y, the ciphertext letter is at the intersection of the row labeled x and the column labeled y ; so for L, the ciphertext letter would be N. So, the ciphertext for the given plaintext would be given as: Decryption is equally simple: The key letter again identifies the row and position of ciphertext letter in that row decides the column and the plaintext letter is at the top of that column. The strength of this cipher is that there are multiple ciphetext letters for each plaintext letter, one for each unique letter of the keyword and thereby making the letter frequency information is obscured. Still, breaking this cipher has been made possible because this reveals some mathematical principles that apply in cryptanalysis. To overcome the drawback of the periodic nature of the keyword, a new technique is proposed which is referred as an autokey system, in which a key word is concatenated with the plaintext itself to provide a running key. For ex In the above example, the key would be luckycomputinggivesin Still, this scheme is vulnerable to cryptanalysis as both the key and plaintext share the same frequency distribution of letters allowing a statistical technique to be applied. Thus, the ultimate defense against such a cryptanalysis is to choose a keyword that is as long as plaintext and has no statistical relationship to it. A new system which works on binary data rather than letters is given as Ci = pi ki where, pi = ith binary digit of plaintext ki = ith binary digit of key Ci= ith binary digit of ciphertext = = exclusive-or operation. Because of the properties of XOR, decryption is done by performing the same bitwise operation. pi = Ci ki A very long but, repeation key word is used making cryptanalysis difficult.
UNIT – 2 Symmetric Key Ciphers: Block Cipher Principles and Algorithms (DES, AES, and Blowfish), Differential and Linear Cryptanalysis, Block Cipher Modes of Operations, Stream Ciphers, RC4, Location and Placement of encryption function, Key Distribution. Asymmetric Key Ciphers: Principles of Public Key Cryptosystems, Algorithms (RSA, Diffie- Hellman, ECC), Key Distribution. CONVENTIONAL ENCRYPTION PRINCIPLES A Conventional/Symmetric encryption scheme has five ingredients
not be kept secret made it feasible for wide spread use and enabled manufacturers develop low cost chip implementation of data encryption algorithms. With the use of conventional algorithm, the principal security problem is maintaining the secrecy of the key. FEISTEL CIPHER STRUCTURE The input to the encryption algorithm are a plaintext block of length 2w bits and a key K. the plaintext block is divided into two halves L 0 and R 0. The two halves of the data pass through „n‟ rounds of processing and then combine to produce the ciphertext block. Each round „i‟ has inputs Li- 1 and Ri- 1 , derived from the previous round, as well as the subkey Ki, derived from the overall key K. in general, the subkeys Ki are different from K and from each other. All rounds have the same structure. A substitution is performed on the left half of the data (as similar to S-DES). This is done by applying a round function F to the right half of the data and then taking the XOR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey ki. Following this substitution, a permutation is performed that consists of the interchange of the two halves of the data. This structure is a particular form of the substitution-permutation network. The exact realization of a Feistel network depends on the choice of the following parameters and design features: Block size - Increasing size improves security, but slows cipher Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow cipher Number of rounds - Increasing number improves security, but slows cipher Subkey generation - Greater complexity can make analysis harder, but slows cipher Round function - Greater complexity can make analysis harder, but slows cipher Fast software en/decryption & ease of analysis - are more recent concerns for practical use and testing
