CRYPTOGRAPHY AND CYBER SECURITY

UNIT -01

OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks, mechanisms,

and services. These can be defined briefly as follows: Security attack – Any
action that compromises the security of information owned by an organization
Security mechanism – A mechanism that is designed to detect, prevent or
recover from a security attack Security service – A service that enhances the
security of the data processing systems and the information transfers of an
organization.
SECURITY ATTACK

There are two types of attacks

 Passive attacks
 Active attacks
PASSIVE ATTACK
Passive attacks attempt to learn or make use of information from the
system but do not affect system resources. The goal of the opponent is to obtain
information that is being transmitted.

Passive attacks are of two types:

 Release of message contents
 Traffic analysis
Release of message contents:
The opponent would learn the contents of the transmission. A
telephone conversation, an e-mail message and a transferred file may
contain sensitive or confidential information. We would like to prevent
the opponent from learning the contents of these transmissions.

Traffic analysis:
The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing
the nature of the communication that was taking place. Passive attacks
are very difficult to detect, because they do not involve any alteration
of the data. However, it is feasible to prevent the success of these attacks.

ACTIVE ATTACKS:
These attacks involve some modification of the data stream or the
creation of a false stream.

Active attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity. Here,
the attacker capturers the authentication and impersonifies the sender.
Replay –
The attacker captures the message and retransmits the message
without modification to produce unauthorized effect.

Modification of messages –
The attacker captures the message and retransmits the message
with modification to produce unauthorized effect.

Denial of service –
The attacker may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it with
messages so as to degrade performance. It is quite difficult to prevent
 active attacks absolutely, because to do so would require physical
protection of all communication facilities and paths at all times. Instead,
the goal is to detect them and to recover from any disruption or delays
caused by them.

SECURITY SERVICES X.800

Defines a security service as a service that is provided by a
protocol layer of communicating open systems and that ensures adequate
security of the systems or of data transfers. The classification of security
services are as follows:

1. Authentication:
The authentication service is concerned with assuring that a
communication is authentic.
Two specific authentication services are defined in X.800:
 Peer entity authentication: Provide confidence in the identity of
entities connected.
 Data origin authentication: Provide assurance that the source of
received data is as claimed.

(ii) Access control: Access control is the ability to limit and control the access
to host systems and applications.
(iii) Data Confidentiality: Confidentiality is the protection of transmitted data
from passive attacks.
 Connection Confidentiality The protection of all user data on a
connection
 Connectionless Confidentiality The protection of all user data in a
single data block
  Selective-Field Confidentiality The confidentiality of selected fields
within the user data on a connection or in a single data block
 Traffic-Flow Confidentiality The protection of the information that
might be derived from observation of traffic flows
(iv) Data Integrity: The assurance that data received are exactly as sent by an
authorized entity. Connection Integrity with Recovery Provides for the integrity
of all user data on a connection and detects any modification, insertion,
deletion, or replay of any data within an entire data sequence, with recovery
attempted.
 Connection Integrity without Recovery As above, but provides only
detection without recovery.
 Selective-Field Connection Integrity Provides for the integrity of selected
fields within the user data of a data block transferred over a connection and
takes the form of determination of whether the selected fields have been
modified, inserted, deleted, or replayed.
 Connectionless Integrity Provides for the integrity of a single
connectionless data block and may take the form of detection of data
modification. Additionally, a limited form of replay detection may be provided.
 Selective-Field Connectionless Integrity Provides for the integrity of
selected fields within a single connectionless data block; takes the form of
determination of whether the selected fields have been modified.
(v)Non repudiation: Provides protection against denial by one of the entities
involved in a communication of having participated in all or part of the
communication.
 Nonrepudiation, Origin Proof that the message was sent by the specified party
 Nonrepudiation, Destination Proof that the message was received by the
specified party

SECURITY MECHANISMS
Encipherment: It uses mathematical algorithm to transform data into a form
that is not readily intelligible. It depends upon encryption algorithm and key.
Digital signature: Data appended to or a cryptographic transformation of a
data unit that is to prove integrity of data unit and prevents from forgery.
Access control: A variety of mechanisms that enforce access rights to
resources.
Data integrity: A variety of mechanism are used to ensure integrity of data unit
Traffic padding: The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.
Notarization: The use of a trusted third party to assure certain properties of a
data exchange

A MODEL FOR NETWORK SECURITY

Encryption/Decryption methods fall into two categories.
 Symmetric key
 Public key
In symmetric key algorithms, the encryption and decryption keys are
known both to sender and receiver. The encryption key is shared and the
decryption key is easily calculated from it. In many cases, the encryption and
decryption keys are the same. In public key cryptography, encryption key is
made public, but it is computationally infeasible to find the decryption key
without the information known to the receiver.

A message is to be transferred from one party to another across some sort of

internet. The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place. A logical information channel is
established by defining a route through the internet from source to destination
and by the cooperative use of communication protocols (e.g., TCP/IP) by the
two principals.

All the techniques for providing security have two components:

 A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so that it is
unreadable by the opponent.
 Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in conjunction
with the transformation to scramble the message before transmission.

A trusted third party may be needed to achieve secure transmission.

For example, a third party may be responsible for distributing the secret
information to the two principals while keeping it from any opponent. This
general model shows that there are four basic tasks in designing a particular
security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the
security algorithm and the secret information to achieve a particular security
service.

SUBSTITUTION TECHNIQUES
A substitution technique is one in which the letters of plaintext are replaced by
other letters or by numbers or symbols. Substitution ciphers can be categorized
as either
i) Monoalphabetic ciphers or
ii) polyalphabetic ciphers.

In monoalphabetic substitution, the relationship between a symbol in the

plaintext to a symbol in the ciphertext is always one-to-one.

In polyalphabetic substitution, each occurrence of a character may have

a different substitute. The relationship between a character in the
plaintext to a character in the ciphertext is one-to-many.

Various substitution ciphers are

(i) Caesar Cipher
 (ii) Mono alphabetic cipher
(iii) Playfair cipher
(iv) Hill cipher
(v) Poly alphabetic cipher
(vi) Vignere cipher

(i) CAESAR CIPHER (OR) SHIFT CIPHER:

Caeser cipher was proposed by Julius Caesar. The Caesar cipher involves
replacing each letter of the alphabet with the letter standing 3 places further
down the alphabet.

Note that the alphabet is wrapped around, so that letter following ‘z’ is
‘a’. For each plaintext letter p, substitute the cipher text letter c such that
c = E(3, p) = (p+3) mod 26
Decryption is

p=D(3,c)=(c-3) mod 26

The general Caesar algorithm is

 C = E(k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25.
The decryption algorithm is simply
p = D(k, c) = (C - k) mod 26
If it is known that a given cipher text is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys.
Cryptanalysis of Caesar Cipher
1. The encryption and decryption algorithms are known
2. There are only 25 possible keys. Hence brute force attack takes place
3. The language of the plaintext is known and easily recognizable

(ii) MONOALPHABETIC CIPHER

Each plaintext letter maps to a different random cipher text letter. Here, 26!
Possible keys are used to eliminate brute force attack There is, however, another
line of attack. If the cryptanalyst knows the nature of the plaintext (e.g., non-
compressed English text), then the analyst can exploit the regularities of the
language.