ECS401: Cryptography and

Network Security

Module 1: Introduction
Lecture 1
Books to be followed
Text Book(s)
1. William Stallings, Cryptography and Network Security, 5/e, Pearson education, 2010.

References
1. Mao, Modern cryptography: Theory and Practice, Pearson education 2003.
2. Behrouz A. Forouzan, Cryptography and Network Security, TMH, 2008.
3. Atul Kahate, Cryptography and Network Security, 2/e, TMH, 2002.
Outline of the lecture
• Need of Security
• Aspects of Information Security
• Principles of Security
• What is Cryptography?
• Basic Terminologies
• Cryptanalysis
• Attacks
• Passive Attacks
• Active Attacks
• Security Mechanisms
Need of Security

Protects
personal
Surveillance identification
information

Enables the Protects

safe sensitive
operation of data
applications
Safeguarding
technology
assests in
organizations
Aspects of Information Security
• A service that enhances
Security the security of data
processing systems and
service information transfers.

Security • Any action

compromises
that
the
attack security of information.

• A mechanism that is
Security designed to detect,
prevent, or recover
mechanism from a security attack.
Principles of Security Related to a message
• Confidentiality: It specifies that only the sender and
the intended recipient(s) should be able to access a
message.
Confide Attack- Interception
ntiality • Integrity: It ensures that the contents of the message
remains unaltered when it reaches the recipient.
Non- Attack- Modification
repudiat Integrity
• Authentication: It helps to establish proof of identities.
ion Attack- Fabrication
Security • Non-repudiation: It does not allow the sender of a
message to refute the claim of not sending that
Principles message.

Authenti Availabili Related to the overall system

• Access control: It specifies and controls who can access
cation ty what.
• Availability: It states that resources (i.e. information)
Access should be available to authorized parties at all times.
control Attack- Interruption
Principles of Security (Contd..)
Example
Let us assume that a person A wants to send a check worth $100 to another person B. Normally
what are the factors that A and B will think of, in such a case? A will write a check of $100 put it
inside an envelope and send it to B.
A will like to ensure that no one except B gets the envelop and even if someone else gets it. She does not come
to know the details of the check. This is the principle of confidentiality.

A and B will further like to make sure that no one can tamper with the content of the check. This is the
principle of integrity.

B would like to be assured that the check has indeed come from A and not from someone else posing as A.
This is the principle of authentication.

What will happen tomorrow if B deposits check in her account the money is transferred from A's account to B's
account and then A refuses having written/ sent the check? The court of law will use A's signature to disallow
A to refute this claim and settle the dispute. This is the principle of non-repudiation.
Cryptography
Definition:
It is the art and science of achieving security by encoding messages to make them non-
readable.
Basic Terminologies
Key Terms:
• Plain text: Any communication in the language that we speak- that is the human language.
Clear text or plain text signifies a message that can be understood by the sender, the recipient and
also by anyone else who gets access to that message.

Encryption

“Hello” “SNifgNiuk”
[Plaintext] [Ciphertext]

Decryption

• Cipher text means a codified message.

When a plain text message is codified using any suitable scheme, the resulting message is called as
cipher text.
Basic Terminologies (contd..)
Key Terms:
• Encryption: It is the process of converting the original representation of the information, known
as plaintext, into an alternative form known as cipher text.

Symmetric key Asymmetric key

cryptography cryptography

• Decryption: It is the process of reverting cipher text to plaintext.

• Cipher: It is the mathematics (or algorithm) responsible for turning plaintext into cipher text and
reverting cipher text to plaintext.

• Key: It is a piece of information that instructs the cipher in how to encrypt and decrypt the
message.
Basic Terminologies (contd..)
Cryptanalysis
Definition
It is the process of trying to break any cipher text message to obtain the original plain text
message.
Cryptanalysis is the technique of decoding messages from a non-readable format back to readable format
without knowing how they were initially converted from readable format to non-readable format.
Attacks
Interception Fabrication Modification Interruption

• Interception: It means that an unauthorized party has gained access to a resource.

Example(s): Copying of data or programs and listening to network traffic.

• Fabrication: This involves creation of illegal objects on a computer system.

Example(s): The attacker may add fake records to a database.

• Modification: It means altering the contents of the message.

Example(s): The attacker may modify the values in a database.

• Interruption: Here, the resource becomes unavailable, lost or unusable.

Example(s): Causing problems to a hardware device, erasing program, data or operating system
components.
Types of Attacks

Passive
attacks Active
attacks
Passive Attacks
Definition
Passive attacks are those, wherein the attacker indulges in eavesdropping or monitoring of
data transmission.
Passive attacks do not involve any modifications to the contents of an original message.

Passive attacks
(Interception)
Release of message
contents

Traffic analysis

• Release of message contents: Disclosing of message contents against our wishes to someone else.
• Traffic analysis: Analyzing messages to come up with likely patterns which provide clues regarding the communication.
Passive Attacks: Release of message contents
Passive Attacks: Traffic analysis
Active Attacks
Definition
Active attacks are based on modification of the original message in some manner or the
creation of a false message.

In active attacks, the contents of the original message are modified in some way.

Active attacks

Interruption
Fabrication
(Denial of Modification
(Masquerade)
Service)

Replay attacks Alterations

 Active Attacks (contd..)
• It is caused when an unauthorized entity pretends to be another entity.
• Example: The attacker may capture user’s authentication credentials to gain illegal access to the bank account.
Masquerade

• In this attack, a user captures a sequence of events or some data units and re-sends them.
Replay • Example: Sending a second copy of transaction request to the bank without the consent of the sender.
attack

• It involves some change to the original message.

• Example: Suppose user A sends a transaction request: Transfer Rs. 5000 to B’s account to bank. User C might
Alteration of
messages
capture this and change it to Transfer Rs. 10,000 to C’s account.

• This attack makes an attempt to prevent legitimate users from accessing some services, which they are eligible for.
• Example: An unauthorized user might send too many login requests to a server using random user ids one after
Denial of the other in quick succession, so as to flood the network and deny other legitimate users from using the network
Service facilities.
Active Attacks: Masquerade
Active Attacks: Modification (Replay attack)
Active Attacks: Modification (Alterations)
Active Attacks: Interruption (Denial of Service)
Security Mechanisms
Encipherment: Converting data into
form that is not readable
Digital signatures: To check authenticity
and integrity of data
Access controls: Enforcing access rights
to resources

Data integrity

Authentication exchange

Traffic padding: Insertion of bits to

frustrate traffic analysis
Routing control: Selection of secure
routes
Notarization: Use of trusted third party
for data exchange