UNIT-1

Introduction:
• The Process of Protecting information is called as Information security,
means securing the data that is made available on network.
• The mainly information security provides availability, privacy and integrity.
• The generic name for the collection of tools designed to protect data and to
thwart hackers is+ computer security.
• Hackers use their technological skills to break into computer systems and
access confidential information. Hackers are people, who make a living from
break through information security systems. People within the company also
try to hack the systems, this is the biggest threat to information security.
• Network Security measure s are needed to protect data during data
transmission, the term network security is somewhat misleading, becau se
virtually all business, government and academic organizations interconnect
their data processing equipment with a collection of interconnected networks,
such a collection is often referred to as an internet and the term internet
security is used.

The need for security:

• Security provider privacy for your data means no other party can view your
data.
• Security is required because the widespread use of data processing
equipment, the security of information felt to be valuable to an organization.
• Network Security measures are needed to protect data during their
transmission.
Following are the examples of security violations:
• User A transmits a sensitive information file to User B. The Unauthorized User
C is able to monitor the transmission and capture a copy of the file during its
transmission.
• A message is sent from a customer to a stock broker with instructions for
various transactions, subsequently the investments lose value and the
customer denies sending the message.
• While transmitting the message between two users, the unauthorized user
intercepts the message, alters its contents to add or delete entries, and then
forwards the message to destination user.

OSI Security Architecture:

 • The International Telecommunication Union Telecommunication (ITU-T)
recommendation X.800, Security Architecture for OSI, defines such a
Systematic approach]
• The OSI Security architecture is useful to manager as a way of organizing the
task of providing Security.
• It mainly focuses on security attacker, mechanisms and Services
1) Security attack: Any action that compromises the security information owned
by an organization.
2) Security mechanism: A process that is designed to detect, prevent or recover
from a security attack.
3) Security Service: A processing or communication service that enhances the
security of the data processing Systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.

Security Attacks:
There are four general categories of attacks.
1) Interruption: An Asset of the system is destroyed or becomes unavailable. This is
a threat to availability.
eg: cutting of communication line
2) Interception : An unauthorized party gain access to an asset. This is a threat to
Secrecy.
eg: wiretapping to capture data in a network.
3) Modification : An Unauthorized party not only gains access but tampers with an
asset. This is a threat to integrity.
eg: changing values in a data file
4) Fabrication: This is also a threat to integrity. An unauthorized party inserts
counter fit objects into the System.
Eg: Addition of records to a file
Attack: Any action that compromises the security of information owned by an
organization.
Security attacks are of two types:
1. Passive attacks
2. Active attacks
1. Passive attacks:
Passive are in the nature of eavesdropping on or monitoring of transmissions. The
goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are
1. Release of message contents
2. Traffic analysis

1. Release of message contents:

A telephone conversation, an electronic mail message and a transferred file
may contain sensitive or confidential information. We would like to prevent an
opponent from learning the Í9content of these transmissions.

2) Traffic analysis:
Mask the contents of message so that opponents could not extract the
information from the message. Encryption is used for masking.

Active Attack: Active attacks involve some modification of the data stream or the
creation of a false stream.
 Active attacks can be sub divided into four categories.
1) masquerade: It takes place when one entity pretends to be a different entity

Eg: Authentication sequences can be captured and replayed after a valid

authentication sequence has taken place, thus enabling an authorized entity
with few privileges to obtain extra privileges by impersonating an entity that
has those privileges.Interruption attacks are called as masquerade attacks.

2) Replay: It involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.

3) Modification of message: It involves some change to the original message. It

produces an unauthorized effect.

926

4) Denial of service: It prevents or inhibits the normal use or management of

communication facilities. Fabrication causes denial of service attacks.
 • Another form of denial service is the disruption of an entire network, either by
disabling the network or by overloading it with messages so as to degrade
performance.o0

Security Approaches:
• An organization can take several approaches to implement its security model.
• The various approaches are
1. No Security : In this simplest case, the approach could be a decision to implement
no security at all
2. Security through obscurity: In this model, a system is secure simply because
nobody knows about its existence and contents. This approach cannot work for too
long as there are many ways an attacker can come to know about it.
3. Host Security: In this scheme, the security for each host is enforced individually.
This is a very safe approach, but the trouble is
• That it cannot scale well. The complexity and diversity of modern
organizations makes the task even harder.
4.Network Security: Host Security is tough to achieve as organization grow is
become more diverse. In this, the focus is to control network access to various
hosts and their services, rather than individual host security. This is a very
efficient and scalable model.

Security services:
• A Security Service is a service that provides security for data that transferring
from source system to destination system.
• X.800 divides security services into different categories.
1. Authentication: Authentication means identifying the origin of a message
correctly and it should ensure that the identity is not false.
The authentication service is concerned with assuring that a
communication is authentic. In public & private computer networks, authentication is
commonly done through the use of login, passwords.
 • Two specific authentication services are defined in X.800
• Peer entity authentication: It is used in association with a logical connection
to provide confidence in the identity of the entities connected.
• Data origin authentication : It does not provide protection against the
duplication or modification of data units. This type of service supports
applications like electronic mail where there are no prior Interactions between
the communicating entities.
2.Access control: It is the ability to limit and control the access to host systems and
applications via communication links. To achieve this, each entity trying to gain
access must first be identified, or authenticated, so that access rights can be
tailored to the individual.
3. Data Confidentiality: It is the protection of transmitted data from passive attacks
with respect…………………………. to the content of a data transmission, several levels of
protection can be identified.
• The other aspect of confidentiality is the protection of traffic flow from
analysis.
• This requires that an attacker not be able to observe the source & destination,
frequency, length or other characteristics of the traffic on a communications
facility.
• Confidentiality is classified into
i. Connection confidentiality: The protection of all user data on a connection
ii. Connectionless confidentiality: The protection of all user data in a single
data block
iii. Selective field confidentiality : The confidentiality of selected fields within
the user data on a connection or in a single data block.
iv. Traffic flow confidentiality : The protection of the information that might
be derived from observation of traffic flows.
4.Data Integrity: message that is sent through network cannot be modifiable by
other party.
• Integrity means data that is sent through the secure channel is not altered or
tampered by others.
• Altering of message means message may be deleted, edited or new message
may be added or delay the transmission etc.
• Integrity ensures that message received is as it is sent.
• Modification causes loss of message integrity.
• Data integrity can be classified as
i. Connection integrity with recovery
 ii. Connection integrity without recovery
iii. Selective field connection integrity
iv. Connectionless integrity
v. Selective field connectionless integrity
5.Non-repudiation: Once the transaction is completed through secure channel
further sender or receiver cannot deny the transmission
• Non-repudiation prevents either sender or receiver from denying a transmitted
message.
• When a message is received, the sender can prove that the alleged receiver in
fact received the message.
6. Availability: A variety of attacks can result in the loss of or reduction in availability.
X.800 treats availability as a property to be associated with various security services.
• An availability service is one that protects a system to ensure its availability.

Security Mechanisms:
• To ensure the security we have some mechanisms.
1) Specific security mechanisms: It may be incorporated into the appropriate
protocol layer in order to provide some of the OSI Security services
a) Encipherment:
• The data will be hidden by cipher.
• The sender will convert the data into a unreadable format means sender hides
the data.
• When the receiver, receives the data which is in unreadable that is converted
into readable format.
b) Digital signature:
• Some special identity which is used for authentication.
• It is like a thumbnail and stamp.
• It is also used to Integrity of data.
c) Access control:
• Restricting the permissions to several levels.
• In any organization, upto what extent of permissions can be given to a
particular persons.
d) Authentication Exchange:
• Declaring the user as an authenticated user by comparing the username and
 password with the data that we are having in database. Ex: login Instagram.
e) Traffic Padding:t
• We have to add extra bits in the beginning or in the middle or in the ending in
order to confuse the observer or hacker.
f) Routing control:
• Enabler selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspended.
g) Notarization:
• The use of a trusted third party to assure certain properties of a data
exchange.
2.Pervasive security mechanisms: Mechanisms that are not specific to any
particular OSI security service or protocol layer.
a) Trusted functionality:
• That which is perceived to be correct with respect to some criteria
b) Event detection :
• Detection of security relevant events
c) Security label :
• The marking bound to resource that names or designates the security
attributes of that resource.
d) Security recovery:
• Deals with requests from mechanisms, such as event handling and
management functions and takes recovery actions.

A Model for Network Security:

• A message is to be transferred from source to destination across some sort
of internet. Both the sides must Co-operate for the exchange of the data.
• A logical information channel is established by defining a route through the
internet from source to destination.
• All the techniques for providing security have two components.
1. A security related transformation on the information to be sent.
2. Some Secret information shared by the two principles, it is hoped, unknown to
the nopponent.
 • A trusted third party is needed to achieve secure transmission.
Basic tasks in designing a particular security service:
1. Design an algorithm f or performing the security related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principles that makes use of the
Security algorithm.
• Another type of unwanted access is the placement in a computer system of
logic that exploits vulnerabilities in the system & that can affect application
programs as well as utility programs. Programs can present two kinds of
threats.
1. Information access threats: Intercept or modify data on behalf of users who
should not have access to that data.
2. Service threats: Exploit Service flows in computer to inhibit use by legitimate
user

Cryptography Concepts and Techniques:

Introduction:
Cryptography: Cryptography means secret writing, is the science of converting a
message into a coded form that hides the information contained in the message. We
encrypt a message before its transmission ,so that can eavesdropper may not get
the information contained in the message.
There are many ways of carrying out encryption , These are called cryptography
or ciphers.

Plain Text and Cipher Text:

Plain Text: This is the original message or data that is fed into algorithm as input.
Cipher Text: This is the Scrambled message produced as output. It depends on the
Plain text and the Secret Key. For a given message, two different keys will produced.
Encryption : The process of converting plain text into Cipher text is Known as
encryption.
Decryption : The process of converting cipher text into plain text is known as
decryption.
A cryptography system consists of two components
1. A Set of complementary algorithms, encryption algorithm(E) and decryption
algorithm(D).
2. Cipher key(K)
Cryptographic Systems are generally classified along three independent dimensions
1. The type of operations used for transforming plain text to cipher text: All
encryption algorithms are based on two general principles.
i) Substitution
ii) Transposition
i) Substitution: It means replacing a symbol of the plain text with another
symbol
Eg: COMPUTER--- DPNQVUFS
ii) Transposition: It means rearranging the order of appearance of the symbols of
the message.
Eg: COMPUTER- CMUEOPTR
2. The number of keys used: If both sender and receiver use the same key, the
system is referred to as Symmetric, Single key or Conventional encryption.
 If the sender and receiver each use a different key, the system is referred to as
Symmetric , two key or public key encryption.
3) The way in which the plain text is processed:
A block cipher processes the input one block of elements at a time, producing
an output block for each input block. A Stream cipher processes the input
elements continuously , Producing output one element at a time, as it goes along.
There are two general approaches to attacking a conventional encryption scheme.
1) Cryptanalysis:
It is the art of deciphering an encrypted message without complete Knowledge of
the key required for decryption. An attempted cryptanalysis is called a
cryptanalytic attack.
Cryptanalytic Attacks:
A Cryptanalyst can attack a Cryptosystem in several ways.
The following are the various type of attacks.

Substitution Techniques:
A Substitution Technique is one in which the letters of plain text are replaced by
other letters or by number or symbols.
The Various substitution Techniques are:
1) Caeser Cipher:
• Letters are replaced by other letters.
• The earlier known and simplest method used be Julius Caeser.
• Replacing each letter of the alphabet with the letter standing three places
further down the alphabet.

Algorithm:
For each plaintext letter ‘p’, substitute the ciphertext letter ‘C’.
 C=E(p,k)mod 26= (p+k) mod 26
P=D(C,k)mod 26=(C-k) mod 26
Ex: Let key K=3
word= NEW
N=>m=12, C=(12+3) mod 26=15=>P
E=>m=4, C=(4+3) mod 26=7=>H
W=>m=22, C=(22+3) mod 26=25=>Z
• Caeser cipher is also Known as additive cipher or shift ciphers
2) Monoalphabetic substitution cipher:
• In monoalphabetic substitution, the relationship between a symbol in the
plain text to a symbol in the cipher text is always one-to-one.
• After sender and receiver agreed to a single key , that key is used to encrypt
each letter in the plain text or decrypt each letter in the cipher text.
• A better solution is to create a mapping between each plain text character and
the corresponding cipher text character.
• An example key for monoalphabetic substitution cipher

Eg:Message is machine
Plain text: machine
Cipher text:PDFKLQH
3) Playfair cipher:
• Aka Playfair square or Wheatstone-Playfair cipher.
• Manual symmetric encryption technique.
• The first literal digraphs substitution cipher.
• Invented in 1854 by Charles Wheatstone.
• Bore the name of Lord Playfair for promoting its use.
The Playfair Cipher Encryption Algorithm:
The Algorithm consists of 2 steps:
 1) Generate the key Square(5×5):
The key square is a 5×5 grid of alphabets that acts as the key for encrypting
the plaintext. Each of the 25 alphabets must be unique and one letter of the
alphabet (usually J) is omitted from the table (as the table can hold only 25
alphabets). If the plaintext contains J, then it is replaced by I.
The initial alphabets in the key square are the unique alphabets of the key in
the order in which they appear followed by the remaining letters of the
alphabet in order.

Ex: key is Monarchy

2) Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters
(digraphs). If there is an odd number of letters, a Z is added to the last letter.
For example:
PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz'
i) Pair cannot be made with same letter. Break the letter in single and add a
bogus letter to the previous letter.
Plain Text: “hello”
After Split: ‘he’ ‘lx’ ‘lo’
Here ‘x’ is the bogus letter.
ii) If the letter is standing alone in the process of pairing, then add an extra
bogus letter with the alone letter
Plain Text: “helloe”
AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’
Here ‘z’ is the bogus letter.
Rules for Encryption:
1) If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom). For example:
Diagraph: "me“
Encrypted Text: cl
Encryption:
m -> c
e -> l
2) If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
For example:

Diagraph: "st"
Encrypted Text: tl
Encryption:
s -> t
t -> l
3) If neither of the above rules is true: Form a rectangle with the two letters
and take the letters on the horizontal opposite corner of the rectangle.
For example:
 Diagraph: "nt"
Encrypted Text: rq
Encryption:
n -> r
t -> q
For example:
Plain Text: "instruments“
Keyword: Monarchy
After split: in st ru me nt sz

Encrypted Text: gatlmzclrqtx

4) Hill Cipher:
• The hill cipher takes a mathematical approach to Multi-letter substitution.
• A numerical value assigned to each letter of the alphabet.
• Ex: Integers 0 through 25 - A through Z
Hill Algorithm:
Encryption:
Here C:Cipher E:Encryption K:Key P:Plain text

Hill Cipher example:

Plaintext: ACT
Key: GYBNQKURP
• We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which
can be written as the nxn matrix:Here G-> 6 number, Y->24 number,B->1
number so…on

• The message ‘ACT’ is written as vector:Here A->0 number,C->2 number,T->19

number
The enciphered vector is given as:

MOD 26

MOD 26

• Here 15->P,14->O,7->H, so cipher text is POH

5) Polyalphabetic Cipher:
• To improve on the simple monoalphabetic technique.
i)Vigenere Cipher:
 • It consists of the 26 Caesar ciphers with shifts of 0 through 25.
Encryption process:

Decryption process :

Example:
Key : deceptivedeceptivedeceptive
Plaintext : wearediscoveredsaveyourself
Ciphertext :ZICVTWQNGRZGVTWAVZHCQYGLMG

Key 3 4 2 4 15 19 8 21 4 3 4 2 4 15

PT 2 4 0 17 4 3 8 18 2 14 21 4 17 4
2

CT 2 8 2 21 19 22 16 13 6 17 25 6 21 19
5

Ke 1 8 2 4 3 4 2 4 1 1 8 2 4
y 9 1 5 9 1
PT 3 1 0 2 4 2 1 2 1 1 4 1 5
8 1 4 4 0 7 8 1
CT 2 0 2 2 7 2 1 2 6 1 1 6 9
2 1 5 6 4 1 2

ii)One Time Pad:

• Improvement to the vigenere cipher.
• It yields the ultimate in Security.
• Random key that is as long as the message.
 • The Key need not be repeated.
• In addition, the key is to be used to encrypt and decrypt a single message and
then is discarded.
• Each new message requires a new key of the same length as the new
message
Two Fundamental Difficulties:
• The practical problem of making large quantities of random keys.
• Even more daunting is the problem of key distribution and protection.
• Because of these difficulties, the one-time pad is of limited utility and is useful
primarily for low-bandwidth channels requiring very high securi
ty.
Ex:Input: Message = HELLO,
Key = MONEY
Output: Cipher – TSYPM,
Message – HELLO
Explanation:
Part 1: Plain text to Ciphertext 1+
Plain text — H E L L O = 7 4 11 11 14
Key — M O N E Y = 12 14 13 4 24
Plain text + key = 19 18 24 15 38
Cipher – TSYPM

Transposition Techniques :
• In transposition Techniques, the letters of plain text remain same, but their
original sequence is changed in symmetric way.
i) Rail Fence Technique:
• The plaintext is written down as a sequence of diagonals and then read off as
a sequence of rows.
Example:
Encipher the message “ Vignan is the best” with a rail fence of depth 2
• Plaintext: Vignan is the best
• Depth: 2

V g a i T e e t
 i n n s h b s

• Ciphertext:VGAITEETINNSHBS
ii) Row Column Transposition:
• A More Complex Scheme.
• Create Rectangle box.
• Write : Row by Row
• Read :Column by Column
Example: Encrypt the message “ Guard leaves at fifteen hours”
• Plaintext: Guard leaves at fifteen hours
• Key : 5263174

5 2 6 3 1 7 4
G U A R D L E

A V E S A T F

I F T E E N H

O U R S X Y Z

Ciphertext: DAEXUVFURSESEFHZGAIOAETRLTNY

Steganography:
• The technique of hiding message in another message or picture or
audio/sound or video or any another source is known as steganography.
• Example for Steganography:
1) Image Steganography: Hide message in a message without disturbing the
picture.
2) Audio Steganography: Hide message in an audio stream without effecting the
actual sound
3) Video Steganography: Hide message in a video
4) Invisible ink: number of substances can be used for writing but leave no
visible trace until heat or some chemical is applied to the paper.
5) Pin Punctur es: Small pin punctures on selected letters are ordinarily not
visible unless the paper is held up in front of a light.