CRYPTOGRAPHY AND NETWORK SECURITY UNIT 1 NOTES PREPARED BY LINGARAJ PANIGRAHY ASST. PROF.
UNIT – I INTRODUCTION & NUMBER THEORY Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical Encryption techniques (Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields-Modular arithmetic-Euclid‟s algorithm-Finite fieldsPolynomial Arithmetic –Prime numbers-Fermat‟s and Euler‟s theorem-Testing for primality -The Chinese remainder theorem- Discrete logarithms. COMPUTER SECURITY CONCEPTS Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information / data, and telecommunications) Confidentiality Data confidentiality o Assures that private or confidential information is not made available or disclosed to unauthorized Privacy o Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Integrity Data integrity o Assures that information and programs are changed only in a specified and authorized manner. System integrity o Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Availability Assures that systems work promptly and service is not denied to authorized users. CIA Triad Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Availability Ensuring timely and reliable access to and use of information A loss of availability is the disruption of access to or use of information or an information system. Authenticity The property of being genuine and being able to be verified and trusted Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity
The OSI Security Architecture ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic approach The OSI security architecture focuses on security attacks, mechanisms, and services. Security attack Any action that compromises the security of information owned by an organization. Security mechanism A process (or a device) that is designed to detect, prevent, or recover from a security attack. Security service A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service Security Attacks means of classifying security attacks, used both in X.800 and RFC 2828 A passive attack attempts to learn or make use of information but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive Attacks in the nature of eavesdropping on, or monitoring of, transmissions. The goal is to obtain information that is being transmitted. very difficult to detect, because they do not involve any alteration of the data feasible to prevent the success of these attacks, usually by means of encryption emphasis in dealing with passive attacks is on prevention rather than detection Two types of passive attacks Release of message contents Traffic analysis. Release Of Message Contents A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information prevent an opponent from learning the contents of these transmissions Traffic Analysis observe the pattern of these messages The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place 2
Active Attacks Active attacks involve some modification of the data stream or the creation of a false stream detect and to recover from any disruption or delays caused by them can be subdivided into four categories: o masquerade, o replay, o modification of messages o denial of service Masquerade one entity pretends to be a different entity usually includes one of the other forms of active attack Example authentication sequences can be captured and replayed after a valid authentication sequence Replay passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Modification Of Messages some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect Example a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.” Denial Of Service prevents or inhibits the normal use or management of communications facilities may have a specific target; for example, an entity may suppress all messages directed to a particular destination disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance 3