COMPUTER NETWORKS AND SECURITY

UNIT II – NETWORK SECURITY FUNDAMENTALS

Understanding the need for network security-Common security threats: malware, phishing,
DoS attacks-Vulnerability assessment and risk management-Security policies and best
practices-Principles of cryptography: encryption, decryption, hashing-Types of encryption
algorithms: symmetric, asymmetric-Public Key Infrastructure (PKI)-Digital signatures and
certificates

Computer Network Security:

Computer network security involves measures to protect networks, systems, and data from
unauthorized access, misuse, or cyberattacks. Security needs differ based on the network size: home
offices need basic security, while businesses require advanced systems to defend against complex
threats.

What is Network Security?

Network security encompasses all measures used to safeguard networks, ensuring the integrity,
confidentiality, and availability of data. It protects sensitive information from cyber threats like
malware and distributed denial of service (DDoS) attacks.

Modern networks consist of devices like computers, servers, and wireless systems that are
vulnerable to attackers. As networks become more complex, security measures must evolve to
combat sophisticated threats.

Advantages of Network Security:

 Data Protection: Safeguards sensitive client and organizational information.

 Reliable Network Performance: Ensures smooth operations without disruptions.

 Cost Efficiency: Reduces financial losses from data breaches.

 Operational Continuity: Provides secure access to systems and data for employees and
customers.

Key Aspects of Network Security:

1. Privacy: Ensures only intended recipients can access transmitted messages. Encryption
protects messages from unauthorized interception.

2. Integrity: Guarantees that data remains unchanged during transmission, preventing

malicious or accidental modifications.

3. Authentication: Verifies the sender's identity to prevent impersonation.

N. Jayapratha AP/AI&DS
 4. Non-Repudiation: Prevents senders from denying they sent a message, ensuring
accountability (e.g., online banking transactions).

How Network Security Works:

Network security relies on a combination of hardware and software tools to monitor and control
access. Policies, encryption techniques, and tools work together to secure data transmission.

Cryptographic Techniques:

1. Secret Key Cryptography: A shared key encrypts and decrypts data (e.g., DES). However,
managing unique keys for large networks can be challenging.

2. Public Key Cryptography: Uses public keys for encryption and private keys for decryption
(e.g., RSA). Public keys are shared, while private keys remain confidential.

3. Message Digest: Hash values (e.g., MD5) are generated and compared to verify data
integrity, often used in password authentication.

Network Security Tools and Software:

 Firewalls: Monitor and control network traffic.

 Access Control: Restricts unauthorized users.

 VPN: Encrypts data between endpoints.

 Intrusion Prevention Systems (IPS): Detect and stop network threats.

 Wireless Security: Protects wireless networks.

 Application Security: Secures software vulnerabilities.

 Behavioral Analysis: Detects anomalies in network activity.

Challenges in Network Security:

1. Evolving Cyber Threats: New techniques, like cryptojacking or ransomware, require constant
updates to defence strategies.

2. User Compliance: Ensuring all users follow security policies can be difficult.

3. Mobile and Remote Work: BYOD (Bring Your Own Device) and remote work increase the
complexity of securing networks.

4. Third-Party Risks: Vendors, cloud service providers, and external partners may introduce

Types of Network Security Attacks:

1. Virus: Malicious code that corrupts system files and spreads across networks.
2. Malware: Self-replicating software that provides unauthorized access to systems and
networks, often spreading through internet connections and external devices .

N. Jayapratha AP/AI&DS
Understanding the Need for Network Security:
In today’s interconnected digital world, network security plays a critical role in safeguarding systems,
data, and operations from cyber threats. With the increasing dependence on technology for
communication, transactions, and operations, networks have become prime targets for cyberattacks,
data breaches, and unauthorized access. Implementing robust network security measures is essential
to ensure data protection, business continuity, and trust.

Key Reasons for Network Security

1. Protect Sensitive Data

Organizations and individuals handle vast amounts of sensitive information, such as financial
records, personal data, and business secrets. Network security prevents this data from being
stolen, leaked, or altered, protecting privacy and confidentiality.

2. Prevent Unauthorized Access

Hackers and unauthorized users attempt to gain access to networks to steal data or disrupt
operations. Security tools like firewalls, access controls, and authentication protocols help
block unauthorized access and ensure that only legitimate users can enter the network.

3. Defend Against Cyber Threats

Modern networks face sophisticated threats such as malware, ransomware, phishing, and
Denial-of-Service (DoS) attacks. Network security tools like antivirus software, intrusion
prevention systems (IPS), and web filters detect and neutralize these threats before they
cause harm.

4. Ensure Business Continuity

Cyberattacks can disrupt operations, leading to downtime, financial losses, and reputational
damage. Strong network security ensures systems remain functional and resilient,
maintaining smooth and uninterrupted business operations.

5. Support Remote Work

With the rise of remote work, employees access corporate networks from various devices
and locations. Network security solutions like VPNs and endpoint protection secure these
connections, protecting data during transmission and ensuring safe remote access.

6. Meet Compliance Requirements

Many industries must adhere to strict data protection laws and regulations, such as GDPR,
HIPAA, and PCI-DSS. Network security helps organizations comply with these standards,
avoiding legal penalties and building trust with clients.

7. Build Customer and Stakeholder Trust

Customers and stakeholders expect businesses to keep their data safe. A strong network
security framework demonstrates responsibility and reliability, fostering trust and long-term
relationships.

N. Jayapratha AP/AI&DS
Common security threats: malware, phishing, DoS attacks:
1. Malware:

Malware refers to malicious software designed to infect systems and exploit vulnerabilities,
leading to data theft, extortion, or system damage.
Common Types of Malware:
1. Ransomware: Encrypts files and demands a ransom for decryption. Example: DMA
Locker.
2. Worms: Self-replicating malware spreading across systems, often creating botnets.
Examples: NgrBot, ILOVEYOU.
3. Trojan: Disguises as legitimate software but delivers malware. Example: Tiny Banker
Trojan (Tinba).
4. Rootkits: Grants unauthorized access, hides malware, and alters system settings.
Example: Flame.
5. Backdoors: Bypasses authentication to allow remote access for malicious control.
Found in IoT devices.
6. Adware: Displays intrusive ads, often installed via browser vulnerabilities.
7. Spyware: Collects personal data without consent. Example: Keyloggers for tracking
keystrokes.
Malware Detection & Prevention:
 Web Application Firewall (WAF): Blocks malware injection attacks.
 Backdoor Protect: Detects hidden backdoors and traces obfuscated malware.
 Login Protect: Provides 2FA to block unauthorized access.

2. Phishing:

Phishing is a social engineering attack where attackers impersonate trusted entities to trick
users into revealing sensitive data (e.g., login credentials, credit card info) or installing
malware.
Phishing Attack Examples
 Spoofed Email: Fake emails mimic legitimate ones, urging users to click malicious
links (e.g., a fake password renewal page).
 Reflected XSS: Redirected scripts hijack session cookies to gain privileged access.
Common Techniques
1. Email Phishing: Mass emails with urgent prompts and fake URLs (e.g., misspelled
domains).
2. Spear Phishing: Targeted attacks on individuals or organizations using customized,
researched content (e.g., fake invoices).
Prevention
1. For Users:
o Watch for subtle mistakes (e.g., spelling errors, fake URLs).
o Avoid clicking on suspicious links.
2. For Enterprises:
o Two-Factor Authentication (2FA): Adds an extra login verification step.
o Password Policies: Enforce strong, unique passwords and frequent
changes.
o Education: Train employees to identify phishing emails.

N. Jayapratha AP/AI&DS
 Imperva Solutions
 Login Protect: Simplifies 2FA for secure logins.
 Web Application Firewall (WAF): Blocks malicious requests and prevents malware
injections.

3. DoS attacks:

Distributed Denial of Service Attack (DDoS) Definition

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the availability
of an online service by overwhelming its server with traffic. The attack is carried out by a
network of compromised devices, called a botnet, which sends massive traffic to a target
server, making it unable to respond to legitimate requests.

DDoS attacks differ from Denial of Service (DoS) attacks in that they involve multiple devices
sending malicious traffic to the target, while a DoS attack uses a single device.

DDoS attacks can be categorized into three main types:

1. Volume-Based Attacks

These attacks aim to saturate the target’s bandwidth using floods of traffic, such as UDP
floods and ICMP floods. The scale of these attacks is measured in bits per second (bps).

2. Protocol Attacks

These attacks exploit weaknesses in network protocols (TCP/IP), overwhelming servers or

networking equipment like firewalls and routers. Examples include SYN floods and Ping of
Death. Protocol attacks are measured in packets per second (Pps).

3. Application Layer Attacks

These attacks target the application layer of a web server, aiming to exhaust its resources by
sending seemingly legitimate requests. This type of attack is measured in Requests per
second (Rps).

Common DDoS Attack Types

 Volumetric (Gbps): The most common type of DDoS attack, where a large amount of
traffic floods the target, overwhelming its bandwidth.

 Protocol (Pps): Attacks targeting network protocols, such as SYN floods or NTP
amplification.

 Application Layer (Rps): Attacks targeting web applications, exploiting vulnerabilities

in the application layer.

Multi-Vector Attacks

Attackers often combine volumetric, protocol, and application layer attacks to create more
complex and impactful multi-vector attacks. These attacks increase the likelihood of service
disruption by targeting multiple levels of the target’s infrastructure.

Volumetric DDoS Attack (Gbps)

N. Jayapratha AP/AI&DS
 Volumetric attacks flood the target with high amounts of traffic, typically using amplification
techniques. For example, DNS amplification uses small requests to trigger large responses
from a DNS server, directing them to the victim. Botnets made up of IoT devices, which often
lack basic security, are frequently used to carry out these attacks. The Mirai botnet is a well-
known example of such an attack.

Network Protocol DDoS Attack (Pps)

Protocol attacks exploit the inherent vulnerabilities in network communication protocols like
TCP/IP. These attacks often work at OSI layers 3 and 4, targeting network devices such as
routers. Examples include UDP floods, SYN floods, and DNS amplification.

 Ping of Death: Exploits the size limitations of a packet to overflow memory buffers.

 TCP SYN Flood: Floods a server with TCP SYN requests, overwhelming its ability to
respond.

Application Layer DDoS Attack (Rps)

Application layer attacks aim to exhaust server resources by sending low-volume requests
that force the server to perform resource-intensive operations, like loading files or querying
databases. These attacks are difficult to detect since they mimic legitimate user behavior.
They often require fewer resources but can significantly impact the server.

Multi-vector attacks that combine volumetric, protocol, and application layer tactics are
becoming more common due to their complexity and effectiveness.

Motivation Behind DDoS Attacks

The motivations behind DDoS attacks include:

1. Ideology: "Hacktivists" may attack websites to promote their political or social

causes.

2. Business Rivalries: Companies may use DDoS attacks to disrupt competitors.

3. Boredom: "Script-kiddies" or amateur hackers launch attacks for fun or to gain

experience.

4. Extortion: Attackers may demand money from a target in exchange for ceasing the
attack.

5. Cyber Warfare: Governments may use DDoS attacks as part of a larger strategy to
damage an enemy’s infrastructure.

Vulnerability Assessment:
A vulnerability assessment is a procedure that is employed in an information system to determine
and rate potential risks. It seeks to identify vulnerabilities that can be leveraged by an attacker to
compromise the system and to employ tools and techniques that ensure that data confidentiality,
integrity, and availability are achieved. This systematic review assists organizations in identifying
security issues like cross-site scripting (XSS) and SQL injection before they can be leveraged.

Importance of Vulnerability Assessments

N. Jayapratha AP/AI&DS
Vulnerability assessments are very important in the protection of information systems and data. They
help by:

 Preventing Data Breaches: Directing single and exclusive attention to every risk in line with
time and noticing the recurrent threats so as to treat them before they bring about
expensive security invasions.

 Ensuring Regulatory Compliance: Conformity to the laws and evasion of the law.

 Managing Risks: Risk priority and risk control to improve the general shareholder’s risk
evaluation.

 Enhancing Security Posture: Periodic evaluations enhance security by making provisions of

security to cater for emerging threats.

 Cost-Effective Security: This solution lowers the expensive costs associated with security
incidents that occur when the vulnerabilities are not tended to as soon as they are identified.

Types of Vulnerability Assessments

 Host Vulnerability Assessment: Conducts analysis on the servers and host systems so as to
expose and contain backend attacks.

 Database Vulnerability Assessment: Provides for the prevention of unauthorized access of

data within the database in terms of confidentiality, integrity and availability.

 Network Vulnerability Assessment: Evaluates the security of networks with the aim of
attainable protection against oncoming and existing network complexity.

 Application Scan Vulnerability Assessment: Scans application code for application level
vulnerabilities in frontend and backend auto-mated tools.

How Does a Vulnerability Assessment Work?

 Planning and Scoping: Identify the parameters, aims and objectives and target system of the
assessment.

 Discovery: Collect general information about the system: hosts, ports, and software, etc.
Collect it with using specialized software and through manual assessment.

 Scanning: Make a scan to each host in order to detect open ports, mistakes or problems in
configurations.

 Analysis: Analyze scan information to identify imperatives and determine their potential
vulnerability.

 Reporting: Record exploits, their consequences and rank suggestions for insurance.

 Remediation: Apply remedies, modify settings and work on the fortification of the
architecture.

 Follow-Up: Ensure fix and verify that fix is correct & look for new vulnerability.

How Does Vulnerability Assessment Help?

It helps any organization safeguard itself from cyber attacks by identifying the loopholes in advance.
Here are some threats that we can prevent if we use vulnerability assessment.

N. Jayapratha AP/AI&DS
  Injection attacks like XSS and SQL injection

 Authentication faults that lead to unidentified access to important data

 Insecure settings and weak defaults

The Process of Vulnerability Assessment

The process of Vulnerability Assessment is divided into four stages. Let us discuss them one by one.

 Testing or Vulnerability Identification: All the aspects of a system like networks, servers, and
databases are checked for possible threats, weaknesses, and vulnerabilities. The goal of this
step is to get a list of all the possible loopholes in the security of the system. The testing is
done through machines as well as manually and all parameters are kept in mind while doing
so.

 Analysis: From the first step, we get a list of vulnerabilities. Then, it is time that these are
analyzed in detail. The goal of this analysis is to identify where things went wrong so that
rectification can be done easily. This step aims at finding the root cause of vulnerabilities.

 Risk Assessment: When there are many vulnerabilities, it becomes important to classify
them on the basis of risks they might cause. The main objective of this step is to prioritize
vulnerabilities on the basis of data and systems they might affect. It also gauges the severity
of attacks and the damage they can cause.

 Rectification: Once if have a clear layout of the risks, their root cause, and their severity, we
can start making corrections in the system. The fourth step aims at closing the gaps in
security by introducing new security tools and measures.

Tools for Vulnerability Assessment

Manually testing an application for possible vulnerabilities might be a tedious job. There are some
tools that can automatically scan the system for vulnerabilities. A few such tools include:

 Simulation tools that test web applications.

 Scanners that test network services and protocols.

 Network scanners that identify malicious packets and defects in IP addresses.

Advantages of Vulnerability Assessment

 Detect the weakness of your system before any data breach occurs.

 A list of all possible vulnerabilities for each device present in the system.

 Record of security for future assessments.

Disadvantages of Vulnerability Assessment

 Some advanced vulnerabilities might not be detected.

 Assessment tools might not give exact results.

N. Jayapratha AP/AI&DS
Risk Management:
A Risk Management Strategy focuses on identifying, assessing, and addressing risks to information
systems, protecting sensitive data, and preventing unauthorized access. According to the
International Organization for Standardization (ISO), risk is “the effect of uncertainty on objectives,”
but for cybersecurity, it’s more specifically about risks to systems and data.

The strategy includes identifying risks, assessing their impact, and creating plans for detection,
prevention, and remediation. This helps prioritize high-risk threats while managing low-risk ones.

7 Tips for a Comprehensive Risk Management Strategy

1. Cultivate a Security-Conscious Culture

Create an environment where employees understand their role in security, such as avoiding
phishing attempts. This can lead to quicker detection and response to potential risks.

2. Use Risk Registers

Maintain detailed risk registers to describe potential risks. This includes categorizing risks,
assessing their likelihood, impact, and the necessary mitigation steps, helping prioritize
efforts.

3. Prioritize Low-Cost Proactive Remediation

Address simple, high-impact risks, like improving password policies, as they provide
immediate benefits without significant costs.

4. Treat Risk Management as an Ongoing Process

Risk management should be continuous, adapting to new threats such as AI-enhanced
phishing or supply chain attacks.

5. Invest in Penetration Testing

Regular penetration testing helps identify vulnerabilities, including zero-day threats, allowing
you to fix gaps and improve security.

6. Implement NIST Cybersecurity Framework

Follow the NIST Cybersecurity Framework to structure risk management practices, including
categorizing systems, selecting controls, and continuously monitoring risks.

7. Consider False Positives

False positives can skew assessments and cause unnecessary security measures. Ensure your
risk assessment accounts for these to avoid wasting resources or hindering legitimate
operations.

Network security policies:

A network security policy outlines standardized practices and procedures for controlling network
access, network architecture, security environments, and enforcement rules. However, policies alone
aren't enough to guarantee protection against data breaches or social engineering attacks. Regular
security vulnerability assessments and penetration tests are essential for an added layer of security.

Here are key security policies for network protection:

N. Jayapratha AP/AI&DS
 1. Account Management Policy: Establishes standards for creating, administering, using, and
removing accounts for access to company resources.

2. Clean Desk Policy: Ensures confidential data is not exposed to unauthorized individuals by
promoting a tidy workspace.

3. Email Security Policy: Protects confidential data from exposure through email by setting
guidelines for secure email handling.

4. Security Incident Management Policy: Defines procedures for reporting and responding to
security incidents, ensuring prompt detection and remediation.

5. Log Management Policy: Provides guidelines for managing logs to enhance security,
performance, and compliance.

6. Network Security & VPN Acceptable Use Policy: Defines standards for connecting to the
company network, minimizing risks from unauthorized use.

7. BYOD (Bring Your Own Device) Policy: Sets standards and restrictions for employees
accessing corporate data using personal devices.

8. Password Policy: Establishes standards for strong passwords, protection, and frequent
updates.

9. Patch Management Policy: Addresses vulnerabilities in systems and applications by requiring

timely security patches.

10. Server Security Policy: Defines standards and restrictions for the configuration of internal
servers on the company’s network.

11. Systems Monitoring & Auditing Policy: Describes the monitoring and auditing of systems to
detect inappropriate actions.

12. Vulnerability Assessment Policy: Sets standards for conducting periodic assessments to
identify and mitigate security risks.

13. Workstation Configuration Security Policy: Provides guidelines for workstation security and
configuration, ensuring compliance with company standards.

14. Telecommuting Policy: Addresses the security of IT equipment used by employees working
remotely, specifying responsibilities for securing company-provided devices.

These policies are essential for mitigating risks, and combined with regular security assessments,
they help strengthen the organization's security posture.

Network security Best Practices:

Here are some essential network security practices to protect data and information from
attacks:
1. Data Loss Prevention
Execution or implementation of data loss prevention software is mainly important and the
major data breaches involve internal factors which include employee breaches. Therefore,

N. Jayapratha AP/AI&DS
 this is the reason why implementation of data loss prevention software is needed.
Advantages:
o Monitors the network for data security violations.
o Prevents both accidental and malicious data leaks.
2. Prevent Social Engineering Attacks
Looking out for social engineering attacks is another important network practice that is used
to obtain access credentials and passwords by manipulating individuals. They are mostly
dependent on exploiting human behavior rather than technical vulnerabilities in the system.
Advantages:
o Email filtering and strong password policies help prevent attacks.
o Regular reassessment of access credentials and multi-factor authentication reduce
risks.
3. Educate the Employees
Educating the employees is one of the best network security practices that can be taken by
the organization to prevent social engineering attacks by teaching individuals about
dangerous applications and phishing techniques.
Advantages:
o Promotes strong password creation and phishing awareness.
o Employees understand data protection policies and procedures.
4. Use Regular Data Backups
The organizations mainly store, collect, and produce large amounts of data, and losing
control over these data causes a loss to the organizations. Therefore, backing up the data
regularly is one of the good practices of network security as it protects from data loss.
Advantages:
o Ensures data is recoverable after accidental deletions or ransomware.
o Regular backups ensure protection against data loss.
5. Audit the Network and Check the Security
Having an understanding and knowledge of network security is important in maintaining a
secure environment. Auditing helps to assess the efficiency of the security infrastructure.
Advantages:
o Identifies potential threats and vulnerabilities.
o Assesses firewall strength and the state of networked systems.
6. Set Appropriate Access Controls
Managing access effectively and setting appropriate access controls helps protect the
network by defining who can access which resources.
Advantages:
o Controls who can access sensitive information.
o Ensures strong password management and implements multi-factor authentication.
7. Update Anti-malware Software
Regularly updating anti-malware software is one of the best practices for preventing
malicious software attacks.
Advantages:
o Protects devices from various threats.
o Ensures up-to-date protection through real-time scanning.
8. Aggregate Data in a SIEM
Security Information and Event Management (SIEM) technologies aggregate network activity

N. Jayapratha AP/AI&DS
 and provide insights by analyzing historical data and real-time alerts.
Advantages:
o Centralizes data for easier threat detection.
o Helps identify vulnerabilities and analyze security data.
9. Secure Your Routers
Securing network routers involves ensuring they are not easily accessible or tampered with,
as security breaches can occur by manipulating routers.
Advantages:
o Secures routers by changing default login credentials.
o Protects routers from theft with physical security measures.
10. Access to the PCAP
PCAP (Packet Capture) involves intercepting data packets as they move through the network
and storing them temporarily for further analysis to ensure security.
Advantages:
 Helps diagnose and solve network security issues.
 Detects security incidents and abnormal network traffic.

Principles of cryptography: encryption, decryption, hashing:

Cryptography is the practice of securing communication and information through the use of
mathematical techniques. It ensures data confidentiality, integrity, authenticity, and non-repudiation.
It is essential in the digital world for protecting sensitive information from unauthorized access and
tampering. Cryptography uses various algorithms and protocols to secure data, including encryption,
decryption, and hashing.

Now, let's explore the detailed principles of cryptography:

1. Encryption

Encryption is the process of transforming readable data (plaintext) into an unreadable format
(ciphertext) using a specific algorithm and key. The main purpose of encryption is to protect the data
from unauthorized access during transmission or storage.

 Symmetric Encryption: In symmetric encryption, the same key is used for both encryption
and decryption. Both the sender and receiver must have access to this secret key.

 Asymmetric Encryption: Asymmetric encryption uses two keys: a public key (for encryption)
and a private key (for decryption). This method allows secure communication between
parties who have never shared a secret key before.

Example:

 AES (Advanced Encryption Standard): A widely used symmetric encryption algorithm.

 RSA (Rivest-Shamir-Adleman): A common asymmetric encryption algorithm.

2. Decryption

Decryption is the reverse process of encryption. It converts the encrypted data (ciphertext) back into
its original readable format (plaintext). The process requires a decryption key corresponding to the
encryption key.

N. Jayapratha AP/AI&DS
  Symmetric Decryption: Uses the same key for decryption as was used for encryption.

 Asymmetric Decryption: Involves using the private key to decrypt the message encrypted
with the corresponding public key.

Example:
If a message is encrypted using a public key, only the recipient with the corresponding private key
can decrypt it and read the original message.

3. Hashing

Hashing is the process of converting data into a fixed-length string of characters, known as a hash
value or hash digest. Hashing is used primarily for data integrity and authentication purposes, as it is
a one-way function (i.e., you cannot reverse the hash value back into the original data).

 One-Way Function: Once data is hashed, it cannot be decrypted or restored to its original
form.

 Uses of Hashing: It is used in password storage, digital signatures, and data integrity checks
to detect any changes in the data.

Example:

 SHA-256 (Secure Hash Algorithm): A cryptographic hash function that produces a 256-bit
hash value.

 MD5 (Message Digest Algorithm 5): An older, less secure hash function that has been largely
replaced by more secure algorithms like SHA-256.

Summary:

 Encryption ensures confidentiality by converting data into unreadable formats.

 Decryption is the process of converting encrypted data back to its original form using a key.

 Hashing ensures data integrity and is used for validating data and protecting passwords by
generating a unique hash value.

Each of these cryptographic methods plays a crucial role in ensuring the security of data in various
digital transactions, from communications to data storage.

Types of encryption algorithms: symmetric, asymmetric:

What is Encryption?

Encryption in cryptography is a process by which plain text or a piece of information is converted into
cipher text or text that can only be decoded by the receiver for whom the information was intended.
The algorithm used for the encryption process is known as cipher. It helps to protect consumer
information, emails, and other sensitive data from unauthorized access as well as secures
communication networks. Presently there are many options to choose from and find the most secure
algorithm that meets our requirements.

Types of Encryption

N. Jayapratha AP/AI&DS
There are two methods or types through which encryption take place, these below are two types of
encryption:

1. Symmetric Key Encryption

2. Asymmetric Key Encryption

Symmetric Encryption:
When the plaintext is encrypted and decrypted using the same key, it is know as symmetric
encryption. It is also known as "shared-key" or "private-key" encrytption.

The key is a piece of a shared secret between the two parties involved hence it is 'shared-key' and is
kept secret, hence the name 'private-key' is justified.

Working on Symmetric Encryption

These operations are performed to share the message securely over the network using the
symmetric encryption technique.

1. Key Generation

This is the first step in the symmetric encryption technique in which the private key needs to be
chosen and must be securely communicated/ transferred over the network for the further use.

2. Encryption

In this step, the plaintext (this is the original message to be sent over the network) is converted to
some bogus, unintelligible text called the ciphertext using the shared secret key and the some
algorithm.

3. Transfer of CipherText

In this step the ciphertext is transferred over the network, since we have encrypted the original
message even if this ciphertext is intercepted it will be unintelligible to the interceptor unless and
until our shared secret key and algorithm is also compromised.

4. Decryption

This is the last step where the receiver uses the reverse encryption algorithm and the shared secret
key to convert the ciphertext back to the plaintext this is called decryption.

Challenges of Symmetric Encryption

Although symmetric encryption is considered very much because of its speed and efficiency, it also
has some challenges:

 The main challenge is securely sharing the secret key because if this key is compromised the
entire communication is compromised.

 Storing the key securely is also a major challenge for this technique.

 As the number of users is increasing day-by-day, the complexity of managing and securely
sharing these secret keys will increase exponentially.

Asymmetric Encryption:
Asymmetric encryption, also known as public-key cryptography, uses two distinct keys:

N. Jayapratha AP/AI&DS
 1. Public Key – Used to encrypt data (freely shared).

2. Private Key – Used to decrypt data (kept secret).

The encryption process ensures that only the private key holder can decrypt the data encrypted
with the corresponding public key. This enables secure communication between two parties without
sharing a single secret key, as in symmetric encryption.

How Does Asymmetric Encryption Work?

1. Sender encrypts the message using the recipient's public key.

2. Recipient decrypts the message using their private key.

Key Features of Asymmetric Encryption:

1. Dual Keys: Separate public and private keys.

2. Encryption/Decryption: Public key for encryption, private key for decryption.

3. Digital Signatures: Verifies authenticity by encrypting the data hash with the sender's private
key.

4. Secure Key Exchange: Establishes shared keys (e.g., Diffie-Hellman).

5. Security: No need to share private keys, enhancing data protection.

6. Slower Processing: Computationally intensive compared to symmetric encryption.

Advantages of Asymmetric Encryption:

1. Enhanced Security: Public keys can be shared openly; private keys remain secret.

2. Authentication: Confirms sender's identity using digital signatures.

3. Non-Repudiation: Ensures the sender cannot deny sending the message.

4. Secure Key Distribution: Eliminates the need for secure key exchange channels.

5. Versatility: Used in SSL/TLS, email encryption, online banking, and e-commerce.

Example of Asymmetric Encryption:

 Scenario: Alice wants to send Bob a secure email.

o Alice encrypts the message using Bob's public key.

o Bob decrypts the message using his private key.

This ensures only Bob can read the message, guaranteeing confidentiality.

Common Algorithms:

 RSA

 Diffie-Hellman

 Elliptic Curve Cryptography (ECC)

N. Jayapratha AP/AI&DS
Asymmetric encryption is essential for secure internet communications, digital signatures, and key
exchange mechanisms. While slower than symmetric encryption, its security benefits make it
indispensable for modern applications.

Features of Encryption

 Confidentiality: Information can only be accessed by the person for whom it is intended and
no other person except him can access it.
 Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
 Non-repudiation: The creator/sender of information cannot deny his intention to send
information at later stage.
 Authentication: The identities of sender and receiver are confirmed. As well as you can
detect the origination of information is confirmed.

Encryption Algorithms:
To secure information, you can employ a variety of data encryption algorithms. The algorithms differ
in terms of how accurately they safeguard data as well as how complex they are. Some of the more
popular algorithms that have been in use over the years are listed below:

 Symmetric Encryption Algorithms

Symmetric encryption uses a single key for both encryption and decryption.

1. AES (Advanced Encryption Standard)

2. Triple DES

3. Twofish

4. Blowfish

 Asymmetric Encryption Algorithms

Asymmetric encryption uses a pair of keys (public key for encryption, private key
for decryption).

1. RSA (Rivest, Shamir, and Adleman)

1. AES(Advance Encryption Standard)

Advance Encryption Standard also abbreviated as AES, is a symmetric block cipher which is chosen by
United States government to protect significant information and is used to encrypt sensitive data of
hardware and software. AES has three 128-bit fixed block ciphers of keys having sizes 128, 192 and
256 bits. Key sizes are unlimited but block size is maximum 256 bits.The AES design is based on a
substitution-permutation network (SPN) and does not use the Data Encryption Standard (DES) Feistel
network.

2. RSA ( Rivest, Shamir and Adleman)

RSA is an asymmetric key algorithm which is named after its creators Rivest, Shamir and Adleman.
The algorithm is based on the fact that the factors of large composite number is difficult: when the
integers are prime, this method is known as Prime Factorization. It is generator of public key and

N. Jayapratha AP/AI&DS
private key. Using public key we convert plain text to cipher text and private key is used for
converting cipher text to plain text. Public key is accessible by everyone whereas Private Key is kept
secret. Public Key and Private Key are kept different.Thus making it more secure algorithm for data
security.

3. Triple DES

Triple DES is a block cipher algorithm that was created to replace its older version Data Encryption
Standard(DES). In 1956 it was found out that 56 key-bit of DES was not enough to prevent brute force
attack, so Triple DES was discovered with the purpose of enlarging the key space without any
requirement to change algorithm. It has a key length of 168 bits three 56-bit DES keys but due to
meet-in-middle-attack the effective security is only provided for only 112 bits. However Triple DES
suffers from slow performance in software. Triple DES is well suited for hardware implementation.
But presently Triple DES is largely replaced by AES (Advance Encryption Standard).

4. Twofish

Twofish algorithm is successor of blowfish algorithm. It was designed by Bruce Schneier, John Kesley,
Dough Whiting, David Wagner, Chris Hall and Niels Ferguson. It uses block ciphering It uses a single
key of length 256 bits and is said to be efficient both for software that runs in smaller processors such
as those in smart cards and for embedding in hardware. It allows implementers to trade off
encryption speed, key setup time, and code size to balance performance.

5. Blowfish

Blowfish was created to solve the DES algorithm’s problem. The algorithm is freely usable by
everyone and has been released into the public domain. The technique uses a 64-bit block size, and
the length of the key can range from 32 to 448 bits. It is the best permutation technique for cipher-
related encryption and operates on the Feistel structure using a 16-bit round cipher. The information
in the Blowfish algorithm is encrypted and decrypted using a single key.

Advantages of Encryption

 Data encryption keeps the data isolated from the security of the device on which it is stored.
 Encryption improves the security of our information.
 When the data is encrypted, it can only decrypt by the person having key.

Disadvantages of Encryption

 If the password or key is lost, the user will be unable to open the encrypted file.
 Although data encryption is a useful data security strategy, it requires a lot of resources,
including time, data processing, and the use of many encryption and decryption techniques.

Future of Encryption

With advancement in technology it becomes more easier to encrypt data, with neural networks it
becomes easier to keep data safe. Neural Networks of Google Brain have worked out to create
encryption, without teaching specifics of encryption algorithm. Data Scientist and Cryptographers are
finding out ways to prevent brute force attack on encryption algorithms to avoid any unauthorized
access to sensitive data.

N. Jayapratha AP/AI&DS
Public Key Infrastructure (PKI):
Public Key Infrastructure (PKI) is a framework for managing digital certificates and public-key
encryption. It plays a critical role in securing communications and ensuring that identities in the
digital world are authentic.

PKI uses two cryptographic keys: the public key and the private key. The public key is widely
accessible but vulnerable to attacks, while the private key must remain confidential to its owner.
Managing these keys effectively is crucial to maintaining the security of a PKI system.

Managing Keys in Cryptosystem

The security of a cryptosystem depends heavily on its keys. A solid key management system is
essential to protect sensitive data. The lifecycle of a cryptographic key involves creation, storage,
distribution, use, and eventual expiration or revocation.

Key management requires:

 Securing the private key: Only the owner should have access to their private key.

 Assuring the public key: Public keys are accessible to everyone, but their purpose must be
clearly defined to avoid misuse.

PKI ensures public key assurance by validating public keys and their usage.

Public Key Infrastructure:

 Digital Certificates (X.509 certificates): Digital certificates verify the identity of users and
systems, binding a public key to an entity.

 Private Key Tokens: Secure storage for private keys.

 Registration Authority (RA): Verifies the identity of entities requesting a digital certificate.

 Certification Authority (CA): Issues and verifies digital certificates.

 Certification Management System (CMS): Manages certificate lifecycle operations.

Working on a PKI:

1. PKI and Encryption

N. Jayapratha AP/AI&DS
PKI is built around cryptography, specifically public key encryption. A major challenge in encryption
is confirming that a public key belongs to the intended recipient. Man-in-the-middle (MITM) attacks
are a risk, which PKI mitigates by issuing digital certificates. These certificates establish the
authenticity of public keys, ensuring they belong to the correct entity.

2. Digital Certificate or Public Key Certificate

Digital certificates serve as proof of identity in the digital world. They contain a public key and other
identifying information about the owner, signed by the Certification Authority (CA). The CA's
signature on a certificate ensures its authenticity, and it can be validated using the CA's public key.

3. Certifying Authorities (CAs)

CAs are responsible for issuing and verifying digital certificates. They perform several important
functions:

1. Key Pair Generation: Generates the public-private key pairs.

2. Issuing Certificates: Issues digital certificates after validating the identity of the entity
requesting it.

3. Publishing Certificates: Makes certificates available for verification.

4. Verification: Verifies the validity of a certificate and its associated public key.

5. Revocation: The CA can revoke a certificate if trust is lost.

Digital Certificate Classes

Digital certificates are categorized into four classes:

 Class 1: Issued with only an email address.

 Class 2: Requires more personal information.

 Class 3: Involves identity verification of the requester.

 Class 4: Used by organizations and governments.

Creation of a Digital Certificate

1. Key Pair Generation: Public and private keys are generated.

2. CSR (Certificate Signing Request): The public key and identity attributes are encoded into a
CSR.

3. Signing: The key owner signs the CSR to prove ownership of the private key.

4. CA Validation and Signing: The CA verifies the CSR, then signs the certificate.

Trust Hierarchy in PKI

N. Jayapratha AP/AI&DS
PKI systems rely on a hierarchical trust model, where root CAs issue certificates to subordinate CAs.
The root certificate is self-signed, and its security is paramount. Root CAs should remain offline to
minimize risks, only coming online to create new keys and issue certificates.

PKI in the Digital Age

PKI is used extensively in today's digital environment, from securing web browsers via SSL/TLS to
authenticating users in VPNs and Intranets. With the rise of IoT (Internet of Things), PKI is becoming
increasingly vital for securing devices such as medical equipment and automobiles, which require
encrypted communication and identity verification.

Challenges and Use Cases

PKI is widely used to address various challenges, including:

 Securing Web Browsers: SSL/TLS certificates ensure secure communication between users
and websites.

 VPN Authentication: PKI provides secure access to corporate networks.

 Digitally Signed Software: PKI enables secure software distribution by verifying the identity
of software publishers.

However, PKI faces challenges like:

 Speed: The use of complex cryptographic algorithms can slow down processes.

 Private Key Compromise: If a private key is compromised, attackers can decrypt sensitive
information, undermining the security of the system.

Despite these challenges, PKI continues to be a fundamental technology for securing digital
communications and data.

Digital Signatures:
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which assure that the
message was sent by a particular sender. While performing digital transactions authenticity
and integrity should be assured, otherwise, the data can be altered or someone can also act
as if he was the sender and expect a reply.

2. Signing Algorithms: To create a digital signature, signing algorithms like email programs
create a one-way hash of the electronic data which is to be signed. The signing algorithm
then encrypts the hash value using the private key (signature key). This encrypted hash along
with other information like the hashing algorithm is the digital signature. This digital
signature is appended with the data and sent to the verifier. The reason for encrypting the
hash instead of the entire message or document is that a hash function converts any
arbitrary input into a much shorter fixed-length value. This saves time as now instead of

N. Jayapratha AP/AI&DS
 signing a long message a shorter hash value has to be signed and moreover hashing is much
faster than signing.

3. Signature Verification Algorithms : Verifier receives Digital Signature along with the data. It
then uses Verification algorithm to process on the digital signature and the public key
(verification key) and generates some value. It also applies the same hash function on the
received data and generates a hash value. If they both are equal, then the digital signature is
valid else it is invalid.

The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and then message
digest is encrypted using private key of sender to form the digital signature. (digital signature
= encryption (private key of sender, message digest) and message digest = message digest
algorithm(message)).

2. Digital signature is then transmitted with the message.(message + digital signature is

transmitted)

3. Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity, as only sender has his private key so only sender can encrypt using his private
key which can thus be decrypted by sender’s public key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message is sent with
the digital signature).

6. The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which computation
of hash value of a message is easy but computation of the message from hash value of the message
is very difficult.

Assurances about digital signatures

N. Jayapratha AP/AI&DS
The definitions and words that follow illustrate the kind of assurances that digital signatures offer.

1. Authenticity: The identity of the signer is verified.

2. Integration: Since the content was digitally signed, it hasn’t been altered or interfered with.

3. Non-repudiation: demonstrates the source of the signed content to all parties. The act of a
signer denying any affiliation with the signed material is known as repudiation.

4. Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft Excel, or

Microsoft PowerPoint document that has been time-stamped by a secure time-stamp server
is equivalent to a notarization.

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This makes them ideal
for any legal document that requires a signature authenticated by one or more parties and
guarantees that the record has not been altered.

 Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of
the seller and the buyer, and both parties can be sure that the signatures are legally binding
and that the terms of the agreement have not been changed.

 Financial Documents: Finance departments digitally sign invoices so customers can trust that
the payment request is from the right seller, not from a bad actor trying to trick the buyer
into sending payments to a fraudulent account.

 Health Data: In the healthcare industry, privacy is paramount for both patient records and
research data. Digital signatures ensure that this confidential information was not modified
when it was transmitted between the consenting parties.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on technology, they are

susceptible to crimes, including hacking. As a result, businesses that use digital signatures
must make sure their systems are safe and have the most recent security patches and
upgrades installed.

 Complexity: Setting up and using digital signatures can be challenging, especially for those
who are unfamiliar with the technology. This may result in blunders and errors that reduce
the system’s efficacy. The process of issuing digital signatures to senior citizens can
occasionally be challenging.

 Limited acceptance: Digital signatures take time to replace manual ones since technology is
not widely available in India, a developing nation.

Digital Certificates:
Digital certificate is issued by a trusted third party which proves sender’s identity to the receiver and
receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity of the
certificate holder. Digital certificate is used to attach public key with a particular individual or an
entity.

N. Jayapratha AP/AI&DS
Digital certificate contains

 Name of certificate holder.

 Serial number which is used to uniquely identify a certificate, the individual or the entity
identified by the certificate

 Expiration dates.

 Copy of certificate holder’s public key.(used for decrypting messages and digital signatures)

 Digital Signature of the certificate issuing authority.

Digital certificate is also sent with the digital signature and the message.

Advantages of Digital Certificate

 NETWORK SECURITY : A complete, layered strategy is required by modern cybersecurity

methods, wherein many solutions cooperate to offer the highest level of protection against
malevolent actors. An essential component of this puzzle is digital certificates, which offer
strong defence against manipulation and man-in-the-middle assaults.

 VERIFICATION : Digital certificates facilitate cybersecurity by restricting access to sensitive

data, which makes authentication a crucial component of cybersecurity. Thus, there is a
decreased chance that hostile actors will cause chaos. At many different endpoints,
certificate-based authentication provides a dependable method of identity verification.
Compared to other popular authentication methods like biometrics or one-time passwords,
certificates are more flexible.

 BUYER SUCCESS : Astute consumers demand complete assurance that the websites they visit
are reliable. Because digital certificates are supported by certificate authority that users’
browsers trust, they offer a readily identifiable indicator of reliability.

Disadvantages of Digital Certificate

 Phishing attacks: To make their websites look authentic, attackers can fabricate bogus
websites and obtain certificates. Users may be fooled into providing sensitive information,
such as their login credentials, which the attacker may then take advantage of.

 Weak encryption: Older digital certificate systems may employ less secure encryption
methods that are open to intrusions.

 Misconfiguration: In order for digital certificates to work, they need to be set up correctly.
Websites and online interactions can be attacked due to incorrectly configured certificates.

Digital certificate vs digital signature

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring that the
message is sent by the known user and not modified, while digital certificate is used to verify the
identity of the user, maybe sender or receiver. Thus, digital signature and certificate are different kind
of things but both are used for security. Most websites use digital certificate to enhance trust of their
users

N. Jayapratha AP/AI&DS
 Feature Digital Signature Digital Certificate
Basics / Definition A digital signature secures the Digital certificate is a file that
integrity of a digital document ensures holder’s identity and
in a similar way as a fingerprint provides security.
or attachment.
Process / Steps Hashed value of original data is It is generated by CA
encrypted using sender’s (Certifying Authority) that
private key to generate the involves four steps: Key
digital signature. Generation, Registration,
Verification, Creation.
Security Services Authenticity of It provides security
Sender, integrity of the and authenticity of certificate
document and non- holder.
repudiation.
Standard It follows Digital Signature It follows X.509 Standard
Standard (DSS). Format

N. Jayapratha AP/AI&DS