1.

1 Introduction to Network Security

Network security means taking steps to keep your network and data safe. Any

company or organization dealing with lots of data has ways to defend against cyber

threats. Network security includes actions to keep your data and network safe and

valuable. It covers software, hardware, procedures, guidelines, and setups for

network use, access, and overall protection.

A simple example of network security is using a password chosen by the user.

Recently, it's become a major focus in cybersecurity, and many organizations are

looking for people skilled in this area. Network security solutions help protect

computer systems from vulnerabilities like users, locations, data, devices, and

applications.

1.2 Need for Security

Ensuring the security of our network is crucial to defend against attackers and

hackers. Network Security involves two main aspects: safeguarding data information

to prevent unauthorized access and loss and ensuring computer security to protect

data and thwart hackers. Network security isn't limited to a single network but

extends to any network or network of networks.

Now, our requirement for network security has evolved into two distinct needs:

information security and computer security.

On the internet or within an organization's network, a multitude of vital information

is exchanged daily, making it susceptible to misuse by attackers. Information security

is imperative for various reasons:

1. Safeguarding secret information accessible only to authorized users.

2. Preventing unauthorized editing, whether accidental or intentional.

3. Protecting information from loss and ensuring proper delivery.

4. Managing acknowledgement of received messages to prevent denial by the

sender, especially in specific situations like a customer ordering shares and

later denying the order due to market fluctuations.

5. Restricting users from sending messages with a third party's name prevents

deceptive practices.

6. Preventing unwanted delays in message transmission for timely delivery,

especially in urgent situations.

7. Avoiding data congestion caused by data or information packets wandering

indefinitely in the network if the destination machine fails to capture them

due to internal faults.

Another integral aspect of network security is computer security, which aims to

protect computer systems from damage caused by the network. Viruses and spyware

pose significant threats, capable of erasing information or causing hardware

problems. Protecting the network from such destructive software deployed by

individuals known as hackers is paramount. Computer security from hackers involves:

1. Protection against replicating and capturing viruses from infected files.

2. Proper defence against worms and bombs.

3. Protection from Trojan Horses, known for their potential danger to computer

systems.
Security approaches

● Firewalls: Firewalls act like a protective barrier between a trusted internal

network and external networks that might not be reliable. They control the flow

of network traffic entering and leaving, positioned at the network's edge to filter

and block any harmful traffic.

● Intrusion Prevention Systems (IPS): Intrusion Prevention Systems (IPS) monitor

the network or system activities for any malicious attempts or breaches of

security policies. They can identify and halt unauthorized access or attacks in real

time.

● VPN: Virtual Private Networks (VPNs) establish a secure online communication

pathway, enabling remote users to connect safely to a private network.

Encryption is employed to protect data during its journey, ensuring

confidentiality.

● NAC: Network Access Control (NAC) enforces rules regarding which devices can

access the network and under what conditions. It assesses the security status of

devices before allowing connection, ensuring compliance with security policies.

● SIEM: Security Information and Event Management (SIEM) systems collect and

analyze log data from various network devices and applications. This aids in

recognizing and responding to security incidents, providing a centralized view of

security events for monitoring and analysis.

1.3 Policies of security

Program policy

Program policies are like master plans for an organization’s info safety. They lay out

the program's purpose, scope, roles, and rules to follow. Also called master or

organizational policies, they're made with input from top managers and aren't tied to

a specific technology. They sometimes change because they're meant to stay

relevant, even with tech and organizational changes.

Issue-specific policy

Issue-specific policies build on general security policies and guide an organization’s

team more specifically. Examples are network security, bring-your-own-device

(BYOD), social media, or remote work policies. They focus on certain tech areas but

are usually broader. For instance, a remote access policy might say offsite access

needs an approved company VPN but won't name a specific VPN client. This way, the

company can switch vendors without significant updates.

System-specific policy

System-specific policies are super detailed IT security rules for a specific system, like

a firewall, web server, or even one computer. Unlike issue-specific policies, these are

more for tech folks maintaining them. NIST says they should have both security goals

and operational rules. IT and security teams help make, enforce, and implement

them, but top managers make the big decisions and rules.

1.4 Summary
2.1 Types of attacks

Various types of attacks target network security. Let's explore the most common

ones:

1. Malware: Malware is speedy, malicious software crafted by hackers to disrupt

systems, damage networks, and gain unauthorized access for stealing data or

personal information. It gets automatically installed through the internet and

swiftly infects all connected computers.

2. Virus: Also, a malicious software, a virus needs user interaction to harm the

system. It can't replicate independently and relies on human involvement,

often through malicious links like email attachments containing harmful code.

Clicking on such links can corrupt files and lead to personal information theft.

3. Worm: A standalone computer malware, worms replicate without human

intervention, spreading through networks by exploiting system flaws. They

don't require a host file and can infiltrate a system through applications,

consuming processing power and causing unresponsiveness.

4. Man-in-the-middle: Man-in-the-middle attack occurs when a person

intercepts and takes away private information or changes it between two

gadgets, like a user's device and a server.

5. Distributed Denial of Service (DDoS): DDoS is a complex type of DoS attack

where the attacker employs many systems to flood the victim's server with

traffic, leading to malfunctions and blocking access. Identifying DDoS threats

is tricky because they originate from different infected systems and are

frequently employed for blackmail or revenge.

 Denial-of-service attacks include:

● Connection flooding

● Vulnerability attacks

● Bandwidth flooding

6. Phishing: Phishing is a sneaky trick used by hackers. They send fake emails to

fool people into giving away personal info like credit card details, online

banking info, usernames, and passwords. These emails look legit but have

harmful stuff hidden in them.

7. IP Spoofing: IP Spoofing is a crafty move by attackers. They change their

computer's ID to pretend they're someone trustworthy. This helps them

break into a system without being noticed.

8. Botnet: A Botnet is like a hacker's team of infected computers. These

computers do what the hacker wants, all working to attack different systems

simultaneously. It's like a zombie army controlled by the hacker.

9. Trojan horse: A seemingly harmless application that turns malicious when

installed, often embedded in games and spreading through social engineering

methods like emails. Trojans can give attackers access to sensitive

information.

10. Packet Sniffer: These tools capture and save transmission packets in a

network. Attackers use sniffers to gather sensitive information such as social

details, financial data, trade secrets, user IDs, and passwords by intercepting

network packets.
2.2 Services

When we discuss network security, the CIA triad emerges as a crucial model guiding

information security policies within an organization. CIA stands for Confidentiality,

Integrity, and Availability—critical objectives for securing a network.

Confidentiality

Confidentiality is about making sure only authorized people can access data. It's the

responsibility of users to keep control systems secure, like passwords for computers

and physical restrictions like ID cards. Employees need to be well-trained in

information security to avoid accidentally sharing data. It's crucial to limit data

sharing and set rules to maintain confidentiality.

Physical restrictions are equally important. Unauthorized access to your building can

lead to unauthorized data access. Door codes should never be written down, and

staff should be cautious to ensure no one is watching or recording them entering

codes. Many organizations require employees to wear ID badges, making it easier to

identify non-employees. ID badges should be worn only at work to prevent criminals

from using your details to gain access. Areas with sensitive information may have

extra access restrictions, like an additional door code.

Integrity

Integrity means ensuring data is accurate and up-to-date. An organisation's

trustworthiness and conscientiousness depend on the integrity of its data. One of the

fundamental principles in data protection is keeping data accurate and up-to-date.

Users must fulfil their legal duties to maintain data integrity. Assigning specific roles

and responsibilities for data integrity helps ensure everyone takes it seriously.

Availability

Availability ensures authorized personnel can reliably access information. Data must

be stored in a logical and secure system to be easily accessible. High availability

supports efficient business processing and benefits the organization. Every user is

responsible for organising desktop documents for future access. Paper copies should

be securely filed and not left unattended.

2.3 Summary

❖ Various types of attacks target network security.

❖ Malware is speedy, malicious software crafted by hackers to disrupt systems,

damage networks, and gain unauthorized access for stealing data or personal

information.

❖ malicious software, a virus needs user interaction to harm the system.

❖ Standalone computer malware, worms replicate without human intervention,

spreading through networks by exploiting system flaws.

❖ Man-in-the-middle attack occurs when a person intercepts and takes away

private information or changes it between two gadgets, like a user's device and a

server.

❖ DDoS is a complex type of DoS attack where the attacker employs many systems

to flood the victim's server with traffic, leading to malfunctions and blocking
3.1 Encryption Techniques

Encryption is a way to safeguard information by turning it into code that can only be

understood by someone with the correct key. It appears chaotic and unreadable if

unauthorized individuals try to access encrypted data.

When we talk about encryption, it's the process of changing data from a readable

form to a scrambled one. This is done to stop anyone from peeking at sensitive data

while it's being transmitted. Encryption can be applied to various things like

documents, files, messages, or any communication over a network.

Plain Text

In simple terms, encrypted communication transforms regular text into code using

cyphers or encryption methods. Plain text is any information that can be read

without a decryption key, including binary files. Everything intended to be encrypted

or already encrypted is considered plain text. A cryptographic system takes this plain

text, processes it, and produces code known as ciphertext. Algorithms help convert

ciphertext back into plain text and vice versa. This process ensures that only the

intended recipient can understand the data.

Protecting plain text stored in computer files is crucial because unauthorized access

can expose the information, leading to potential actions based on that data. To

ensure security, the storage medium, the device, its components, and any backups

must be secured.
Ciphertext

Ciphertext is the result of using encryption methods, often called ciphers. If someone

or something doesn't have the correct cipher, the data appears encrypted and cannot

be understood. The cipher is essential for interpreting the data. Algorithms are used

to transform regular text into ciphertext and vice versa, involving encryption and

decryption processes.

In simpler terms, substitution ciphers replace letters or groups of letters with other

letters, preserving the initial sequence. This cryptographic approach involves

substitutions rather than revealing the original elements.

Substitution Cipher Technique

In the Substitution Cipher technique, characters are replaced with other characters

or symbols, changing their identity but not their position in the string. This method

encrypts text by substituting letters or units of text. While basic substitution ciphers

became easy for computers to crack, some concepts persist in modern encryption.

Transposition Cipher Technique

In the Transposition Cipher Technique, each character's position shifts to a different

position. This encryption method arranges plaintext units predictably, creating a

permutation of the plaintext. One example is the Rail Fence encryption, where the

plaintext is written on imaginary "rails" of a fence and then read in a series of rows.

This technique follows a scytale-like pattern, an ancient Greek device for constructing

transposition ciphers. The Rail Fence Cipher encrypts by coiling a ribbon around a

cylinder, and decoding happens when the ribbon is uncoiled from a cylinder with the
same diameter as the encrypting cylinder.

3.2 Encryption & Decryption

Encryption

Encryption is like a secret code for data. It's a way of jumbling up regular information

(plaintext) so that only the right people can unscramble it back to its original form.

This jumbled-up version is called ciphertext. The idea is to keep unauthorized folks

from understanding the info even if they try to snoop around.

To do this, encryption uses a unique key (think of it as a secret codebreaker) created

by a computer algorithm. Even if someone tries to crack the code without the key, it's

super hard because it takes a lot of computer smarts and time. Only the person

supposed to get the info can easily unscramble it using the key. When data is

encrypted, it looks like a bunch of random letters and numbers.

Once data is locked up with encryption, the only way to open and reread it is by using

the right key. Encryption is crucial for keeping sensitive info safe when it's sent or

stored. There are different types of encryption, like stream ciphers that handle data

bit by bit and block ciphers that deal with larger chunks.

Decryption

Decryption is the opposite of encryption. It's the process of turning encrypted data

back to its original state. It's like using the secret codebreaker (key) to unlock the

jumbled-up info. Decryption needs this unique key or password, and only the right

person can use it to decode the data.

When info travels on the internet, there's a risk of sneaky people trying to peek at it.
That's why we use encryption – to stop data from being stolen. Email, text files,

pictures, and more can be encrypted to keep them safe. When someone needs to

decrypt the info, they usually get a pop-up or window asking for the password. This

ensures that only authorized users can access the protected data.

3.3 Cryptographic attacks

A cryptographic attack allows terrible actors to get around the security of a

cryptographic system by discovering weaknesses in its code, cipher, cryptographic

protocol, or key management scheme. This evasion is also known as "cryptanalysis."

So, these attacks focus on cryptographic or cipher systems that hide data so only a

few people can see it. There are six main types of these attacks, depending on the

cryptographic system and information available to the attacker:

● Brute force attacks: In brute force attacks, the person trying to break into a

system tests different keys to uncover a coded message. For instance, if the

critical size is 8 bits, there are 256 potential keys (2^8). To succeed, the

attacker must know the algorithm and test all 256 keys.

● Ciphertext-only attack: Ciphertext-only attacks happen when an intruder gets

hold of a bunch of coded messages. Even though they can't directly access

the original message, they can deduce it from the coded collection. This

method is typically less effective than brute force.

● Chosen plaintext attack: In chosen plaintext attacks, a cybercriminal

handpicks specific data to obtain the corresponding ciphertext, making it

more straightforward to figure out the encryption key.

 ● Chosen ciphertext attack: Chosen ciphertext attacks involve the attacker

trying to link the coded message to the original one, aiming to guess the key

and obtain secret details.

● Known plaintext attack: This occurs when the attacker already knows the

plaintext of some parts of the ciphertext through information-gathering

techniques.

● Dual key and algorithm attack: The attacker tries to recover the key used for

encryption or decryption by analyzing the cryptographic algorithm.

Active vs. Passive Cryptographic Attacks:

Besides these six types, cryptographic attacks can be either passive or active.

● Passive attacks: Passive attacks are launched to gain unauthorized access to

sensitive data by intercepting or eavesdropping on general communication.

Significantly, in passive attacks, the data and communication are not

tampered with; they remain intact.

● Active attacks: Involve modifying the data or communication. The attacker

gains access to the data and tampers with it.

Key range & Size

● Key range: In cryptography, the key range refers to all the potential values a

cryptographic key can have. A sufficiently sizable key range is crucial to make

it hard for attackers to guess or brute-force the correct key.

When the key range is more extensive, cryptographic algorithms become

 more complex, making it more challenging for attackers to carry out various

attacks, like brute-force attempts.

● Key Size: The key Size, usually measured in bits, is a specific numeric value

within the key range. It shows the length or complexity of the cryptographic

key. In simple terms, a larger key size means a higher level of security. For

instance, a 128-bit key offers more possible combinations than a 64-bit key,

making it more resilient against cryptographic attacks.

As computational power advances, cryptographic algorithms often need to

boost their key sizes to ensure a consistently high level of security.

3.4 Summary

❖ Encryption is a way to safeguard information by turning it into code that can only

be understood by someone with the correct key.

❖ When we talk about encryption, it's the process of changing data from a readable

form to a scrambled one.

❖ In simple terms, encrypted communication transforms regular text into code

using cyphers or encryption methods.

❖ Everything intended to be encrypted or already encrypted is considered plain

text.

❖ A cryptographic system takes this plain text, processes it, and produces code

known as ciphertext.

❖ Ciphertext is the result of using encryption methods, often called ciphers

4.1 Symmetric & Asymmetric Key Cryptography

Symmetric Encryption:

The simplest way to keep information safe is using symmetric encryption. In this

method, a single secret key is used to both lock and unlock the data. It's an old but

effective technique involving a private key, which can be a number, a word, or a

random bunch of letters. This key mixes with the original message, changing its

content in a specific manner. To make this work, both the sender and receiver must

know the secret key for locking and unlocking the messages. Examples of symmetric

encryption methods are Blowfish, AES, RC4, DES, RC5, and RC6, with AES-128,

AES-192, and AES-256 commonly used. However, there's a catch–all parties involved

must share the key before they can unlock the information.

Pros and Cons of Symmetric Encryption:

Pros:

● Faster: Using a single key for encryption and decryption speeds up the

process.

● Identity verification: It employs password authentication for verifying the

receiver's identity.

● Easy to execute & manage: With only one key for encryption and decryption,

it's simple to implement and manage.

Cons:
 ● Secure key sharing is challenging, making it difficult to share keys securely.

● Symmetric encryption could be more scalable, making it unsuitable for

various users.

Asymmetric Encryption:

Asymmetric encryption, also known as public key cryptography, is a relatively recent

method compared to symmetric encryption. This technique utilizes two keys for

encrypting plain text and exchanging secret keys over the Internet or a network. This

prevents malicious individuals from misusing the keys. Notably, anyone possessing

the secret key can decrypt the message, prompting using two related keys to

enhance security. A public key is shared openly for message-senders, while the

second private key remains confidential. Messages encrypted with a public key

require a private key for decryption, and vice versa. With its heightened security,

asymmetric encryption is commonly employed in day-to-day communication

channels, especially over the Internet. Examples include EIGamal, RSA, DSA, Elliptic

curve techniques, and PKCS.

Pros and Cons of Asymmetric Encryption:

Pros:

● Dual keys - public and private - eliminate key distribution issues.

● Scalability: With a pair of keys, communication with multiple parties becomes

manageable in large networks.

Cons:

● Performance: Asymmetric encryption is slower than symmetric encryption.

● Complexity: Implementing and managing asymmetric encryption is more

challenging due to large key sizes.

Algorithm Types & Modes

● Symmetric Key Cryptography

Symmetric Key Cryptography involves encrypting and decrypting messages using a

shared key between the sender and receiver. While it's a faster and simpler system,

securely exchanging the key is the challenge. Notable examples of symmetric critical

cryptography systems include Data Encryption System (DES) and Advanced

Encryption System (AES).

● Hash Function

Hash Functions, on the other hand, don't use any key. They calculate a fixed-length

hash value based on the plaintext, making it nearly impossible to recover the original

content. Many operating systems employ hash functions for password encryption.

● Asymmetric Key Cryptography

In asymmetric key cryptography, also called public-key cryptography, there are two

keys: a private one for the receiver and a public one for everyone. These keys, linked
by math, come in pairs. The public key is open to everyone, while the private key is

only for the person who creates it.

● Digital Signatures

Moving on to Digital Signatures in Cryptography, they are comparable to handwritten

signatures and serve as electronic verifications of the sender. Digital signatures find

everyday use in software distribution and financial transactions, serving three

essential purposes: Authentication, proving the sender in cryptography;

non-repudiation, ensuring someone can't deny validity; and Integrity, maintaining the

quality of the sent and received messages.

Data Encryption Standard (DES):

Data Encryption Standard (DES) is vital in safeguarding data by acting as a block

cipher with a 56-bit key length. Over time, DES has been a critical player in ensuring

data security. However, its popularity has slightly waned due to discovering

vulnerabilities through powerful attacks.

DES operates as a block cipher when processing data, working on 64-bit blocks. This

means it transforms 64 bits of plaintext into 64 bits of ciphertext. Both encryption

and decryption employ the same algorithm and key, and the key has a critical length

of 56 bits.
International Data Encryption Algorithm (IDEA):

Created in 1991, the International Data Encryption Algorithm (IDEA) is a type of

encryption that keeps digital information safe. It uses a 64-bit block size and a 128-bit

key length. To transform regular text into a secret ciphertext code, IDEA uses

mathematical techniques such as modular arithmetic, bit shifting, and XOR

operations. It's good at defending against different attacks, like differential and linear

cryptanalysis. One of IDEA's strong points is that it works well in software and

hardware applications.

IDEA's speed, low memory requirement, and modest processing power make it

suitable for limited-resource applications. Despite being succeeded by newer

algorithms like AES, IDEA remains secure and is still used in some legacy systems and

applications.

Differential & Linear Cryptanalysis:

Cryptanalysis is the process of transforming encrypted communications into readable

format without access to the actual key. Unlike brute force attacks, cryptanalysis

seeks vulnerabilities within a cryptosystem. It involves a concentrated mathematical

attempt at decryption, utilizing available knowledge about the encryption scheme.

Linear Cryptanalysis:

Linear cryptanalysis is a common type of attack against block ciphers. It relies on

discovering affine approximations to a cipher's action to exploit weaknesses in the

encryption process.
Differential Cryptanalysis:

Differential cryptanalysis is a method applicable to block and stream ciphers and

cryptographic hash functions. It explores how changes in input information affect

subsequent differences in the output. In the context of block ciphers, it tracks

differences across transformations to identify non-random behavior and recover the

secret key. Cryptanalysis is crucial for breaking cryptographic security systems and

accessing encrypted messages, even with an unknown cryptographic key.

4.2 Summary

❖ The simplest way to keep information safe is using symmetric encryption. In this

method, a single secret key is used to both lock and unlock the data.

❖ To make this work, both the sender and receiver must know the secret key for

locking and unlocking the messages.

❖ Asymmetric encryption, also known as public key cryptography, is a relatively

recent method compared to symmetric encryption.

❖ Notably, anyone possessing the secret key can decrypt the message, prompting

using two related keys to enhance security.

❖ Messages encrypted with a public key require a private key for decryption, and

vice versa.

❖ Symmetric Key Cryptography involves encrypting and decrypting messages using

a shared key between the sender and receiver.

❖ Hash Functions, on the other hand, don't use any key. They calculate a
5.1 Authentication basics

Authentication is how we check if a person or information is who or what they claim

to be. When someone logs into a computer system, user authentication confirms

their identity. There are various types of authentication systems:

● Token Authentication: It's like a VIP pass for your online accounts. Once you

prove you're you, you get a unique token. Once that token is ready, you can

enter websites or apps without logging in.

● Password Authentication: This is the classic way. Remembering your

username and a secret code (password) is the key. The trick is that the fancier

and more often you change the password, the safer your account's.

● Biometric Authentication: Your body is the password here. Think of

fingerprints or the unique pattern of your iris. The system checks these in real

time against what it has on file. It's easy for you and super secure.

● Certificate-Based Authentication: Picture a digital ID card. This method uses

a digital certificate as your online ID. Without the secret key, it's impossible to

fake. This can prove who you are, what device you're using, or which service

you're accessing. Usually, it comes with a fancy cloud-based system to

manage everything.

● Multi-Factor Authentication (MFA): Double trouble for intruders! MFA means

using two or more of the above methods. It's like having two locks instead of

one. This makes messing with your accounts way more challenging for bad

guys.

● Password less Authentication: No more typing in passwords! You get into

 your app or system without them. Instead, you show other proofs like

fingerprints, a special badge, or codes from a little gadget. Sometimes, this

goes hand-in-hand with MFA and Single Sign-On (SSO), making your life easier

and more secure.

● Passwords: Users have a unique username and password. The system

compares entered credentials with stored ones for access.

5.2 Summary

❖ Authentication is how we check if a person or information is who or what they

claim to be. When someone logs into a computer system, user authentication

confirms their identity.

❖ Token Authentication is like a VIP pass for your online accounts. Once you prove

you're you, you get a unique token.

❖ Password Authentication is the classic way. Remembering your username and a

secret code (password) is the key.

❖ Biometric Authentication: Your body is the password here. Think of fingerprints

or the unique pattern of your iris.

❖ Multi-Factor Authentication (MFA) is Double trouble for intruders! MFA means

using two or more of the above methods.

❖ Users have a unique username and password. The system compares entered

credentials with stored ones for access.

6.1 Cryptography

Cryptography is like a secret language for messages. It's a way of hiding or changing

information so only the person meant to get the message can understand it. People

have been using cryptography to encode messages for ages. Nowadays, it's still

essential for things like bank cards, passwords, and online shopping.

In modern times, unique tricks and secret codes are called algorithms and ciphers for

encoding and decoding information. They use things like 128-bit and 256-bit keys to

keep things super safe. The Advanced Encryption Standard (AES) is one of these

codes that's hard to crack.

When we say cryptography, we mean turning information into secret codes to make

sure only the right person can read it. This cybersecurity trick, also called cryptology,

mixes different fields like computer science, engineering, and math to make

complicated codes that keep the real meaning of a message hidden.

Cryptography goes way back to ancient Egyptian hieroglyphics, but today, it's crucial

for keeping messages and information safe from nosy people. It uses fancy math and

codes to turn messages into puzzles that are tough to solve. Cryptographic keys and

digital signatures help keep data safe when we use credit cards, send emails, or

browse the internet.

Secure inter branch payment transactions

Safe money moves between different company parts, so secret codes are important.

They ensure the money info sent between branches stays private, reliable, and

accurate. These codes, called cryptography, use special tricks to keep sensitive details
safe from sneaky folks. Let's break down how cryptography keeps inter-branch

payments secure:

● Secret Codes: We use challenging secret codes to keep payment info safe

while it travels. Advanced encryption standards (AES) and secure socket layers

(SSL) are popular. These codes turn financial moves into a secret language

only the right people can understand.

● Key Pairs: Public Key Infrastructure (PKI) helps in safe talking by using pairs of

keys. These keys are like special codes - one is public, and the other is private.

They let branches check each other and talk privately.

● Digital Signatures: Consider digital signatures as a stamp of approval for

money moves. They check if the information is accurate and the right people

are involved. This helps stop fake money moves and keeps financial details

safe.

● Token Magic: To make things even safer, we can replace important info like

account numbers with tokens. Even if someone snatches the data, it's only

valid with the particular token system. This extra step helps protect against

sneaky data breaches.

● Double Check with MFA: For an added layer of safety, we use Multi-Factor

Authentication (MFA). This means users have to show multiple IDs before

making a money move. It keeps the system safe, even if someone knows the

login info.

● Safe Talk: Using secure ways to talk online (like HTTPS) or for big data

transfers adds more safety. These methods ensure the info stays unchanged

and secret while moving from one place to another.

 ● Keep Checking and Updating: Staying on top of security is a must. Regular

checks, audits, and quick updates to secret codes help catch and stop new

threats. It's like staying one step ahead to keep the codes solid and ready for

anything.

● Key Care: Taking good care of secret keys is super important. Keep them safe,

change them often, and make sure only the right people can use them. This

way, we stop bad guys from getting in and messing things up.

Conventional Encryption and Message Confidentiality

In conventional encryption, also called symmetric-key encryption, folks use the same

key for locking and unlocking info. This means both the person sending the message

and the one getting it need to know this secret key to keep their chat private. The key

stays hush-hush and acts as the shared secret between them.

There are two main kinds of these encryption tricks:

● Stream Ciphers: These encrypt bits of info one by one. They're handy for live

chats since they can jumble and unjumble data as it goes.

● Block Ciphers: These encrypt chunks of data with a set size. The data gets split

into blocks, and each block gets its code. Some popular ones are the

Advanced Encryption Standard (AES) and Triple DES (3DES).

Message Confidentiality:

One of the big aims of secret codes is to ensure messages stay private. This means

nobody who isn't supposed to can peek at or figure out what's in the locked-up
message. When folks use regular encryption, the message looks like a bunch of

random stuff to anyone who doesn't have the right key.

Conventional Encryption Principles

Traditional encryption, called conventional encryption, is the way people used to

secure information before everyone started using public-key cryptography. In this

method, there's a single key for both locking and unlocking the message. There are

two main kinds: symmetric-key encryption and transposition ciphers.

Symmetric-Key Encryption

Symmetric-key encryption, also known as secret-key encryption, relies on the same

key for locking and unlocking. Both the sender and receiver need to have this secret

key.

There are two types of symmetric-key encryption: stream ciphers and block ciphers.

● Stream Ciphers: In stream ciphers, data gets encrypted one bit or byte at a

time as it's sent. The key usually mixes with the original message to create the

secret code. An example is the RC4 algorithm.

● Block Ciphers: Block ciphers lock in fixed-size chunks of data (like 64 or 128

bits) simultaneously. DES (Data Encryption Standard) and AES (Advanced

Encryption Standard) are common examples. The original message is divided

into blocks, and each gets encrypted independently.

Transposition Ciphers

Transposition ciphers involve mixing up the order of characters in the original

message to create the coded message. The key shows how to rearrange the

characters. An example is the Rail Fence cipher, where characters zigzag in writing

and then get read off in rows.

● Strengths and Weaknesses: Symmetric-key encryption is fast when it comes

to processing lots of data. However, a big challenge is getting the key to both

parties safely. If someone intercepts the key during transmission, they can

unlock the entire conversation. Transposition ciphers are simpler but less

strong than modern block ciphers. They are vulnerable to frequency analysis.

● Key Management: Taking care of symmetric keys is vital for keeping encrypted

communication secure. Methods like crucial exchange protocols and critical

distribution systems help ensure that keys are shared safely between those

talking.

6.2 Conventional Encryption Principles

Conventional Encryption works by changing average messages into secret ones only

the intended receiver can understand. The sender and receiver agree on a private key

for encoding and decoding. Usually, they send this secret key using public essential

encryption methods.
In regular encryption, figuring out the original message from the secret one without

the key is impossible. So, it's super important to keep the key a secret.

These encryption methods are commonly used because they're good at encoding

and decoding quickly. But they have weaknesses. One weakness is related to the

number of keys available to choose from. More extensive key options make it harder

for attackers to guess the right one. Another area for improvement is the length of

the key, as longer keys make it more challenging for patterns to show up in the secret

message. The main aim of regular encryption is to create personal messages that are

truly random, making it challenging for someone to figure them out by analysing the

frequency of symbols or blocks in the secret message.

6.3 Summary

❖ Cryptography is like a secret language for messages. It's a way of hiding or

changing information so only the person meant to get the message can

understand it.

❖ In modern times, unique tricks and secret codes are called algorithms and ciphers

for encoding and decoding information.

❖ When we say cryptography, we mean turning information into secret codes to

make sure only the right person can read it.

❖ Cryptography goes way back to ancient Egyptian hieroglyphics, but today, it's

crucial for keeping messages and information safe from nosy people.

❖ Cryptographic keys and digital signatures help keep data safe when we use credit

cards, send emails, or browse the internet.

7.1 Key Distribution & Management

1. Key Management

In the world of secret codes, sharing keys between the person sending the message

and the one receiving it is tricky. The security plan falls apart if a sneaky third person

gets hold of the key (like a copycat or someone listening in). That's why it's essential

to keep the key exchange safe.

There are two key management things to think about:

● Giving out public keys.

● Using public-key tricks to share secrets.

Let's talk about handing out public keys:

● Public Announcement: This is like shouting the public key to everyone. The

problem here is anyone can pretend to be someone else and trick others. They

can keep fooling people until someone figures out the trick.

● Publicly Available Directory: In this way, the public key is saved in a public list.

People trust these lists with details like who's signed up, who can see what, and

the key they use. Even though these lists can be checked online, they're still at

risk of being tricked or messed with.

● Public Key Authority: It's a bit like the directory, but safer. It makes sure only the

right people get the keys from the list. Users have to know the public key for the

list. When they need the keys, they check the list in real time to get the one they

want.

● Public Certification: This is where a special authority gives a certificate (it ties a

name to the public key). This way, people can share keys without always checking
 the main list. The certificate has extra info like how long it's suitable for and what

it can be used for. The certificate authority's private key signs everything in the

certificate and can be checked by anyone with the public key.

When two people want to talk safely, they both ask the certificate authority for a

certificate. This certificate has a public key and more details. Then, they swap

certificates and start talking securely.

2. Key distribution

Sharing secret keys is crucial in cryptography. In the symmetric critical approach, both

parties need a private key. Getting this key to each other used to be tricky. People

had to meet face-to-face, use a trusted courier, or send the key through an existing

encryption channel. The first two are often not practical and always risky, while the

third relies on the security of a previous key exchange.

Public key cryptography solves this differently. Public keys are shared through public

key servers. When someone creates a key pair, they keep one key private and upload

the other, called the public key, to a server. Anyone can access it to send the user a

personal, encrypted message.

Secure Sockets Layer (SSL) uses Diffie–Hellman key exchange when the client lacks a

public-private key pair and a published certificate in the public key infrastructure. If

the user has both keys and the credential, Public Key Cryptography is used.

Key distribution is a big deal in wireless sensor network (WSN) design. Various

schemes exist in the literature to ensure easy and secure communication among

sensor nodes. The most accepted method in WSNs is key redistribution. This involves

placing secret keys in sensor nodes before deployment. These private keys create the
network once the nodes are in the target area.

KDC

A Key Distribution Center (KDC) is a system that automatically shares keys to enable

connections between users, which can be computers, processes, or applications.

Each user has a unique master key that they share with the KDC.

To grasp how a KDC works, we first need to understand key hierarchies. Key

hierarchies involve at least a two-level structure when using a KDC.

The master key is used to identify the user, and a second key, known as the session

key, encrypts user communication. The session key gets encrypted using the master

key and is then sent to the clients to establish a secure connection.

Each session has a unique key, providing an extra layer of security because different

keys encrypt different traffic.

If an attacker acquires one key, they won't be able to decrypt all messages—only

those encrypted with that specific key.

In cases with numerous users, it might be necessary to have multiple KDCs. This can

be managed by assigning specific areas or IP ranges/networks to each KDC, ensuring

keys are distributed within each KDC's designated area.

When users in different areas or under different KDCs need to communicate, the

request goes to a higher hierarchical level KDC, responsible for sharing the session

key between the two users.

However, there are drawbacks to using a KDC. The main one is that the KDC must be

trustworthy and protected at all levels. If the KDC's security is compromised, all

messages can be easily discovered.

One way to address this drawback is by employing a decentralized approach to key

distribution, which, while not practical for large networks, can be helpful in a local

network.

As an example of a KDC, consider Kerberos—an authentication service developed at

MIT. Kerberos addresses the challenge of authenticating users' access requests to

various servers in a network. This is especially crucial when numerous users need

access to services spread across different servers. Kerberos functions like a KDC in

this scenario, generating session keys to establish secure connections between users

and services.

7.2 Kerberos and certificate authorities

Kerberos

Kerberos is like a security guard for computer networks. It's a protocol that checks if

requests for services between computers are legit, especially when sending

messages over an unsafe place like the Internet. To do this, it uses secret codes and a

trusted helper to ensure that you are who you say you are when you're using apps or

services.

MIT, the clever folks at the Massachusetts Institute of Technology, came up with

Kerberos in the late 1980s. Now, it's the go-to security tech for Microsoft Windows,

and you can find it in other systems like Apple OS, FreeBSD, UNIX, and Linux.
What does Kerberos do?

Kerberos ensure the right people get into a network. Whether it's a company's

network, a school's network, or even an Internet service, Kerberos has three main

jobs:

● User Check: Kerberos ensures the people trying to access the network are

legit. Only the approved folks access specific services, systems, or data.

● Single Sign-On (SSO): This nifty feature lets you log in just once, and then you

can use many different services without repeatedly entering your info.

● Central Control: Kerberos makes things easy by having a central hub, like a

Key Distribution Centre (KDC), to keep everything in check.

Kerberos keeps things safe when your computer talks to a server. Here's how it

works:

● Ask the Authentication Server (AS): Your computer kicks things off by asking

the Authentication Server to get the party started. It shows who you are.

● Get the Ticket: If all is good, the AS checks you out and hands you a special

pass called a Ticket Granting Ticket (TGT). Your secret password helps lock it

up.

● Service Time: When you want to use a specific service, like checking your

email, you show the TGT to the Ticket Granting Server (TGS).

● Get the Service Ticket: The TGS checks your TGT and hands you a Service

Ticket (ST) for your desired service. It's locked up with that service's secret

code.

● Let's Do This: You show the ST to the service, and they ensure it's legit by

checking it with the AS. You get a secret key to start the party if all goes well.
Benefits

● Super Safe: It ensures logins and security follow the rules, making it easier to

control who gets in.

● Time Limits: Every pass has a timer. This helps control when people can get in,

reducing the chance of someone sneaking in later.

● Team Effort: Kerberos lets both sides – you and the service – check each other

out. It's like making sure you're both who you say you are.

● Reuse Power: Once you've proven you're you, you can keep using your pass

for more services without repeatedly typing your details.

Certificate Authorities

A Certification Authority is vital in maintaining security in today's digital world. It's a

trusted entity responsible for creating and endorsing digital certificates, a key Public

Key Infrastructure (PKI) element. Digital certificates issued by CAs confirm the

authenticity of websites, devices, and individuals.

So, what exactly does a Certification Authority do?

It's a reliable organization that issues digital certificates containing verified

identification information to people, companies, and other entities. These

certificates act as a way to establish credibility for those who may not directly know

you or your organization.

Now, let's talk about website security. A certificate authority follows a set of rules to

ensure the integrity of certificates. Before issuing a certificate, it thoroughly

investigates the requesting entity, examining records and documentation from

official sources to verify the authenticity of the business. Once approved, the CA

issues a digital certificate, allowing the company to encrypt and digitally sign its

software, websites, and email correspondence.

As a result, a Certification Authority helps you achieve the following for your

company:

● Substantiate your organization's identity.

● Verify the legitimacy of your organization.

● Confirm the authenticity of your online presence.

How do you identify a legitimate website?

That's where the Certification Authority comes in. CAs verify websites and

organizations, protecting you from sharing sensitive information with hackers.

When you visit a secure website, your browser's URL bar should display a lock icon.

Clicking on it reveals more information, including confirmation of the site's current

certificate. You can even inspect certificate details, such as who it's issued to, who

gave it, the validity period, fingerprints, and more.

If a website shows a warning that the connection is not private and the certificate is

untrusted or invalid, it's likely a fake and unsafe to open. For the system to work

effectively, all certificates must be issued by a reputable entity, be tamper-resistant,

and include information proving their legitimacy.

8.1 Public Key Cryptography and Message Authentication

Public-key cryptography, also known as asymmetric cryptography, involves using pairs

of keys that are related. Each pair has a public key and a matching private key. These

keys are made using special math functions that only go one way. The safety of

public-key cryptography depends on keeping the confidential key secret, while the

public key can be shared openly without causing any security issues.

In a public-key encryption system, anyone with the public key can make a message

secret by encrypting it, turning it into ciphertext. But only those who have the

matching private key can change the ciphertext back to the original message. For

example, a journalist might put the public key on a website, letting sources send

secret messages to the news organization in ciphertext. With the private key, the

journalist can read the messages, keeping them safe from people trying to listen.

Public-key encryption is key because it doesn't keep secret details, such as the

message's origin or send time. It doesn't reveal the sender's identity either; it simply

conceals the message in a code requiring a private key.

In a digital signature setup, the sender uses a private key and the message to create a

signature. Armed with the matching public key, the recipient can check if the

signature aligns with the message. However, a forger lacking the private key cannot

produce a valid message/signature pair. For instance, a software publisher can create

a signature key pair, incorporating the public key in installed software. Updates

signed with the private key can be verified using the public key, ensuring the

authenticity of the update.

Public vital algorithms form the foundation of modern cryptosystems, ensuring

electronic communications and data storage confidentiality, authenticity, and

non-repudiability. They are integral to various Internet standards, including Transport

Layer Security (TLS), SSH, S/MIME, and PGP. Some algorithms facilitate key

distribution and secrecy, while others focus on digital signatures. Despite being

slower than symmetric encryption, asymmetric encryption is widely combined with

symmetric encryption in today's cryptosystems.

Applications:

Applications of public-key cryptography include encrypting communication for

confidentiality, where the sender encrypts a message using the recipient's public key.

Digital signatures provide sender authentication, while non-repudiation systems use

digital signatures to prevent disputes over the authorship of documents or

communications. Additional applications include digital cash,

password-authenticated vital agreements, time-stamping services, and

non-repudiation protocols.

Message Authentication

Message Authentication is about ensuring a message has been kept intact while it's

being sent. It's like double-checking to be sure the message is from who it says it's

from and that it has been fixed during its trip. The whole point is to guarantee the

message is genuine and has yet to be messed with. Ensuring authentic messages

come from the right source is essential for safe communication. Let's talk about a few

ways to do that and a quick look at a handshake thing:

● Digital Signatures: When you send a message with a digital signature, you use
 your secret key to make a unique mark. The person getting it can check this

mark using your public key, making sure the message is genuine and not

messed with.

● Message Authentication Codes (MACs): The sender and receiver share a

secret key. The sender uses it to make a code (MAC) for the message, and

they send it together. The receiver checks the code using the shared key,

making sure the message is safe.

● Hash Functions: Hash functions make a fixed-size code for a message. Even a

tiny change in the message makes a big difference in this code. People often

use hash functions with other methods to keep messages safe.

● Public Key Infrastructure (PKI): PKI uses digital certificates from a trusted

Certificate Authority (CA). The CA's signature on the certificate checks the

certificate owner's identity, ensuring communication between them is secure.

Handshake Mechanism

This is like a friendly chat between two parties to set up a secure way to talk. It goes

like this:

● Initialization: The talk starts with both sides saying they want to chat safely.

● Agreement on Parameters: They agree on how to keep the chat secret, like

what codes and keys to use.

● Key Exchange: They share secret keys safely so nobody else can grab them.

There are different ways to do this, like the Diffie-Hellman dance.

● Authentication: They check each other's IDs to ensure nobody sneaky is

jumping in. This could be with signatures, certificates, or further safety

 checks.

● Secure Communication: Once everything checks out, they start their safe chat

using the agreed-upon codes and keys.

8.2 Summary

❖ Public-key cryptography, also known as asymmetric cryptography, involves using

pairs of keys that are related.

❖ The safety of public-key cryptography depends on keeping the confidential key

secret, while the public key can be shared openly without causing any security

issues.

❖ In a public-key encryption system, anyone with the public key can make a

message secret by encrypting it, turning it into ciphertext.

❖ Public-key encryption is key because it doesn't keep secret details, such as the

message's origin or send time.

❖ In a digital signature setup, the sender uses a private key and the message to

create a signature.

❖ Public vital algorithms form the foundation of modern cryptosystems, ensuring

electronic communications and data storage confidentiality, authenticity, and

non-reputability.

❖ Applications of public-key cryptography include encrypting communication for

confidentiality, where the sender encrypts a message using the recipient's public

key.

❖ Message Authentication is about ensuring a message has been kept intact while
9.1 Hash function

A hash function is like a virtual tool that uses math to change a bunch of letters

(called a "message") into a specific string with a set number of characters (known as

a hash value or just a hash).

So, hashing means you're feeding an input into a formula, and it spits out an output

message with a fixed length. No matter how long the input is, the output will always

have the same number of letters and numbers in a specific order.

People use hashing to make sure data is accurate. If you tweak the message even a

little, the hash value becomes different.

These hash functions are essential tools in fancy computer safety (cryptography).

They help check if transactions, messages, and digital signatures are legit.

Hashing is usually a one-way thing. Turning a message into a hash is easy, but it's

hard to go backwards and get the original message. That takes a lot of computer

power.

This difficulty is crucial for things like Bitcoin. It uses proof-of-work systems, and the

toughness of reversing hashes keeps its blockchain secure.

So, why do we even need hash functions?

● Standard Length: When you hash a message, whether your big or small file

doesn't matter. The math thing makes the output a set length.

● Ensure Data Is Real: Imagine sending a digital message or document. You want to

make sure it gets right on the way. You could send it many times for the other

person to check, but that's only possible if it's a small file. Hash functions make it
 easier. They turn the data into a shorter set of characters, and the sender and

receiver can quickly check if the data is the same by looking at the hashes.

● Verify It's Real: Think about sending an email. It could get grabbed easily,

especially on a not-safe Wi-Fi. The person getting the email won't know if

someone changed it on the way (a "Man-in-the-Middle" attack). But, if the

sender signs the email with their digital signature and mixes it with the email

contents using a hash function, the receiver can check the hash data. If the hash

they make matches the one from the sender, the email is acceptable. Something

changes if they don't match, and the email isn't real.

What are some types of hashing?

● SHA-1

Developed by the National Security Agency (NSA), SHA-1 is a Federal Information

Processing Standard. It is typically shown as a 40-digit hexadecimal number.

● MD5

MD5, or Message Digest Algorithm 5, is a popular hash function created by Ronald

Rivest. It generates a 128-bit hash value, usually shown as a 32-character

hexadecimal number. Like MD4, MD5 has some weaknesses, and people have

conducted collision attacks against it. Nowadays, it's not considered safe for

cryptographic use, and experts suggest using more secure hash functions such as

SHA-256 or SHA-3 for applications that need robust security.

 ● MD4

MD4 is short for Message Digest Algorithm 4. Ronald Rivest made it back in 1990,

and it's a special kind of tool for hiding information. Think of it like a magic recipe

that turns any number of words or data into a secret code with precisely 32 letters

and numbers, all in a particular format called hexadecimal. So, MD4 transforms

whatever you give it into a 128-bit hash value, like a secret code that's 32 characters

long.

9.2 Public-Key Cryptography Principles

Public key cryptography is crucial for keeping information private, mainly because it

deals with how keys are shared between users for secure connections. It also

involves digital signatures, which help verify the identities of users.

Public key cryptography originated from trying to solve problems with symmetric

encryption, which involved distributing keys. In symmetric encryption, both

communicants needed to share a key, creating the challenge of secure key

distribution.

On the other hand, public key cryptography uses asymmetric algorithms that rely on

two keys: one for encryption and another related key for decryption. The key

features of these algorithms are:

It's nearly impossible to determine the decryption key with only knowledge of the

algorithm and encryption key.

Two related keys: one for encryption and the other for decryption.
A public key encryption system includes:

● Plaintext: The readable message or information input into the algorithm.

● Encryption algorithm: Performs various transformations on the plaintext.

● Public and Private keys: A set of keys for encryption and decryption.

● Ciphertext: The scrambled message is generated as output, dependent on the

plaintext and key.

● Decryption Algorithm: Takes the ciphertext and matching key to produce the

original plaintext.

Keys in public key cryptography are extensive, such as 512, 1024, or 2048 bits, and

are stored in devices like USB tokens or hardware security modules.

A significant concern in public key cryptosystems is the potential for an attacker to

impersonate a legitimate user, replacing the public key with a fake one or

intercepting connections.

Public key cryptography is vital for online services like payment and e-commerce,

ensuring the authenticity of public keys and user signatures. Asymmetric

cryptosystems must handle security services like confidentiality, authentication,

integrity, and non-repudiation, with the public key supporting non-repudiation and

authentication. Privacy and integrity, considered part of the encryption process, are

maintained by the user's private key.

RSA and Digital Signatures

Digital Signature

Digital signatures are a modern way to sign documents electronically. They make sure

that the intended user sends the message without any changes from third parties
(attackers). In simple terms, digital signatures confirm the authenticity of

electronically sent messages.

RSA

RSA stands for Rivest-Shamir-Adleman, and it's a popular way to encrypt messages.

It's commonly used for creating digital signatures, too. Let's break down how RSA

works for digital signatures, step by step. Imagine there's a sender (A) and a receiver

(B). A wants to send a message (M) to B, along with a digital signature (DS) calculated

for the message.

● Step 1: A uses SHA-1 Message Digest Algorithm to figure out the message

digest (MD1) for the original message (M).

● Step 2: A then encrypts the message digest with its private key, creating the

Digital Signature (DS) of A.

● Step 3: A sends both the digital signature (DS) and the original message (M)

to B.

● Step 4: When B gets the Original Message (M) and Digital Signature (DS) from

A, it uses the same message-digest algorithm as A to calculate its own

Message Digest (MD2) for M.

● Step 5: B uses A's public key to decrypt the digital signature. This results in the

original Message Digest (MD1) calculated by A.

● Step 6: If MD1 equals MD2, it confirms two things: B accepts the original

message as correct from A, and it proves that the message came from A, not

someone pretending to be A.
This process shows that the original message wasn't tampered with. Even if someone

tries to alter the message, they can't sign it with A's private key because only A

knows it. So, RSA signatures are strong and reliable.

RSA Signature Attacks: While RSA is secure, attackers can attempt some attacks.

● Chosen-message Attack: Attacker convinces the user to sign two different

messages and combines them to claim the user signed a third message.

● Key-only Attack: Assumes the attacker has the public key and tries to make a

signature valid on a different message.

● Known-message Attack: Tries to combine signatures from two different

messages. RSA remains strong against these attacks.

● RSA for Digital Signatures: RSA is widely used for digital signatures due to its

strong security and efficiency. Digital signatures ensure document

authenticity by verifying they haven't been altered. The process involves

hashing, signing, and verification using public and private keys. RSA's security

relies on the complexity of factoring large prime numbers, making it suitable

for various applications like secure email and electronic commerce.

9.3 Summary

❖ A hash function is like a virtual tool that uses math to change a bunch of letters

(called a "message") into a specific string with a set number of characters (known

as a hash value or just a hash).

❖ Hashing is usually a one-way thing. Turning a message into a hash is easy, but it's

hard to go backwards and get the original message.

10.1 Packet filters

This thing operates in the network part of the OSI Model. It looks at each packet and

checks some rules (based on what's in the IP and transport header fields). Depending

on what it finds, it sends the packet or tosses it away.

This packet filter firewall manages the entry to packets by looking at where they

come from and where they're going or by checking the specific type of transport

protocol. This happens at the OSI (Open Systems Interconnection) data link, network,

and transport layers. This packet filter firewall does its thing in the network layer of

the OSI model.

These packet filters only care about the most basic details of each packet, and they

don't have to remember anything about the traffic because they examine each

packet on its own. That's why they can decide what to do with a packet fast.

Here's an example: You can set it up to block all those UDP things and any Telnet

connections. Doing this stops folks from logging into the inside stuff using Telnet and

insiders from logging into stuff outside using Telnet connections.

10.2 Application-level gateways

An application-level gateway, also known as a bastion host, functions at the

application level. On a single host, multiple application gateways can run, with each

gateway operating as a distinct server having its processes.

These firewalls, often referred to as application proxies, offer a high level of security

for data connections. They can inspect every layer of communication, including

application data.
Let's take the example of an FTP service. This service uses commands like getting a

file, putting a file, listing files, and navigating through a directory tree. Some system

admins may block specific commands like "put" while allowing "get" commands,

restricting the listing to specific files, or preventing the user from changing out of a

particular directory. The proxy server acts as an intermediary, mimicking both sides

of this protocol exchange. For instance, it might accept "get" commands and reject

"put" commands.

Here's how it works:

Step 1: The user connects to the application gateway using a TCP/IP application like

HTTP.

Step 2: The application gateway inquires about the remote host the user wants to

connect to and requests the user ID and password needed to access the gateway's

services.

Step 3: After confirming the user's authenticity, the application gateway accesses the

remote host on behalf of the user to transmit the packets.

10.3 Encrypted tunnels

Securing networks is super important, and encrypted tunnels play a significant role.

They make a safe and private path for communication between two points, even on a

not-so-trustworthy network like the Internet. These tunnels protect your data from

prying eyes, tampering, and unauthorized access. Let's break down some critical

things about encrypted tunnels in network security:

Encrypted tunnels are set up to ensure that data travelling between two points on a

network stays private and untouched. They create a secure road for data to travel on,

making it challenging for anyone to intercept or mess with it.

Types of Encrypted Tunnels:

● Site-to-Site Tunnels: Connect entire networks securely, often used for joining

branch offices.

● Remote Access Tunnels: Let individual users connect safely to a network from

a far-off place, like in VPNs for people working from home or on the go.

● VPN (Virtual Private Network): VPNs are like the practical side of encrypted

tunnels. They make a secure connection over the Internet, and you can use

them for all sorts of things, like connecting remotely, linking up different sites,

and keeping communication safe in a spread-out organization.

● Tunneling Protocols: Tunnelling is the process of wrapping up and securing

data for the trip through an encrypted tunnel. There are different ways to do

this, like the Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling

Protocol (L2TP), and OpenVPN.

● Security Considerations: To keep encrypted tunnels safe, it's essential to keep

the encryption methods current, use robust cryptographic algorithms, and

handle keys properly. This helps make sure everything stays secure.
Cookies

When cruising the internet, a web server sends little messages called cookies to your

web browser. These cookies help the server keep tabs on what you're up to on a

specific website. A cookie is a tiny nugget of info that a website tucks away on your

computer. It comes into play when you revisit the site later. Your browser shoots this

info back to the website.

Your web browser stashes this message in a text file, and the message returns to the

server every time your browser asks for a page from that server. The whole point of

cookies is to recogniserecognizing users and create personalized web pages.

The name "cookie" comes from these things in UNIX called magic cookies. They're

like tokens attached to a user or program, changing based on where the user or

program goes.

But don't fret about cookies causing mischief on your computer. They're just plain

text files that are not fancy plugins or programs that can be deleted anytime. Cookies

can't pull off virus shenanigans, and they can't snoop around your hard drive.

They can't peek into your hard drive to dig up info about you. However, any personal

details you hand over to a website, like credit card info, end up stored in a cookie

unless you've switched off cookies for privacy reasons. But here's the catch: the

cookie only holds info you willingly share with the website.
10.4 Web security problem

The issue with web security has three main parts:

1 Securing the Web Server and Its Data: It's crucial to keep the web server

running smoothly. Also, we need to ensure that the information on the server

stays unchanged without proper authorization. Plus, we want to limit who gets

access to this information.

2 Securing Data Between the Web Server and the User: We want to guarantee

that the info users share with the web server (like usernames, passwords, or

financial details) remains confidential and untouched by others. Some network

technologies are at risk of eavesdropping, as the information is broadcast to

every computer on the local area network.

3 Securing the User's Computer: It's essential to assure users that downloading

information, data, or programs won't harm their systems. If they do, they

might be able to use the service. We also want to ensure that downloaded

information is controlled based on the user's license agreement and copyright.

Apart from these concerns, there are other challenges, like:

● Verifying User and Server Identities: Confirm that the user is who they claim

to be and that the server is legitimate.

● Ensuring Timely and Reliable Message Exchange: Messages between the

client and server should be passed promptly, reliably, and without replay.

● Logging and Auditing Transactions: Keeping records of transactions for billing,

conflict resolution, preventing denial of involvement, and investigating

 misuse.

● Balancing Load Among Multiple Servers: Distributing the workload efficiently

among several servers.

Addressing these concerns effectively involves collaborating with our three main

components and the underlying network and operating system framework.

10.5 Summary

❖ Packet filter firewall manages the entry to packets by looking at where they come

from and where they're going or by checking the specific type of transport

protocol.

❖ An application-level gateway, also known as a bastion host, functions at the

application level.

❖ The proxy server acts as an intermediary, mimicking both sides of this protocol

exchange.

❖ The user connects to the application gateway using a TCP/IP application like HTTP.

❖ The application gateway inquires about the remote host the user wants to

connect to and requests the user ID and password needed to access the

gateway's services.

❖ Securing networks is super important, and encrypted tunnels play a significant

role.

❖ Encrypted tunnels are set up to ensure that data travelling between two points

on a network stays private and untouched.

❖ Connect entire networks securely, often used for joining branch offices.
11.1 The Secure Communication

Group key management is a new technology used in an organization's internet and

intranet. Many applications and terminals share access to folders, videos,

multimedia, audio, and conferences. Members within and between groups can

exchange information through various channels like video conferencing, internet

relay chat, point-to-point, and multicast traffic.

The main challenge in group communication is the efficient generation of secure

keys. Supervisors in different departments (A, B, C, and D) have specific permissions.

For instance, if an employee in department A shares work progress, supervisors in B

and C cannot access or decrypt the message due to security measures. However, all

supervisors can securely share messages.

In another scenario, an organization with departments like sales, purchase, personal,

R&D, and accounts faces challenges in securely transmitting information between

teams. For example, when a personal team member needs to send information to

the accounts team, encryption with a shared key is essential. Only the accounts team

can decrypt the information, ensuring secure communication within and between

groups.

The key issues in group communication involve key regeneration and encryption with

shared keys, particularly for inter-group applications. When a member in one team

needs to send a message readable only by another team, a new shared key is

generated and shared. However, this process can lead to communication overhead.

In the related work section, various strategies for secure group communication are

discussed. Authors have proposed different protocols and mechanisms, highlighting

challenges and advantages. Centralized key management schemes face the single

point of failure problem, leading to the suggestion of forming subgroups within

groups, managed by a Group Security Agent (GSA).

The proposed polynomial-based key management introduces a scheme for securing

both inter-group and intra-group networks. Two types of polynomials (P and H(x)) are

used for intra-group and inter-group keys, respectively. The process involves dividing

intra-group members into subgroups, controlling each subgroup with a master,

sharing keys using polynomials, and securely transmitting information.

The evaluation section examines the security and efficiency of the proposed key

management. It addresses security against passive and active attacks, the creation of

group and subgroup controllers, and the overhead involved. The use of polynomials

helps minimize storage and communication overhead, providing a more efficient and

secure solution for group communication.

11.2 Distribution Lists and Key Management

Key management is crucial for securing data. Encryption keys play a vital role in

encrypting and decrypting data. If any encryption key is lost or compromised, it could

jeopardize the security measures in place. Keys also ensure secure data transmission

over the internet. Authentication methods, like code signing, can be exploited by

attackers pretending to be trusted services, leading to potential malware threats.

Keys also help in complying with standards and regulations, ensuring companies

follow best practices in safeguarding cryptographic keys. Well-protected keys are

accessible only to authorized users.

Types of Keys

There are two main types of cryptographic keys: symmetric and asymmetric.

Symmetric keys are used for data-at-rest, where data is stored in a static location, like

a database. Symmetric key encryption involves using the same key for both

encryption and decryption. Asymmetric keys, on the other hand, use two separate

keys – a public key for encryption and a private key for decryption. Asymmetric keys

focus on encrypting data-in-motion, which is data sent across a network connection.

How Key Management Works

Key management follows a lifecycle involving key generation, distribution, use,

storage, rotation, backup/recovery, revocation, and destruction. Secure key

generation is crucial, as weak algorithms or insecure locations can compromise keys.

Distribution should occur through secure TLS or SSL connections to prevent

unauthorized access. Keys are used by authorized users, and after encryption, they

must be securely stored, often in a Hardware Security Module (HSM) or CloudHSM.

Key rotation ensures keys are regularly replaced for enhanced security.

Compliance and Best Practices

Compliance standards and regulations, such as NIST, PCI DSS, FIPS, and HIPAA,

require adherence to best practices for key management. Some key practices include

avoiding hard-coding keys, applying the principle of least privilege, using HSMs for

secure key storage, implementing automation for key lifecycle processes, creating

and enforcing security policies, separating duties related to key management, and
splitting keys into multiple portions for added security.

Encryption Consulting Training and Blogs

Encryption Consulting offers various methods for establishing a successful encryption

key management system. Monthly webinars cover key management, public key

infrastructure (PKI), and more. Assessments and training are provided for HSMs, PKIs,

and compliance standards. Weekly blogs offer insights into best practices for key

management and different aspects of data security.

11.3 Summary

❖ Group key management is a new technology used in an organization's internet

and intranet. Many applications and terminals share access to folders, videos,

multimedia, audio, and conferences.

❖ The main challenge in group communication is the efficient generation of secure

keys. Supervisors in different departments (A, B, C, and D) have specific

permissions.

❖ In another scenario, an organization with departments like sales, purchase,

personnel, R&D, and accounts faces challenges in securely transmitting

information between teams.

❖ The key issues in group communication involve key regeneration and encryption

with shared keys, particularly for inter-group applications. When a member in

one team needs to send a message readable only by another team, a new shared

key is generated and shared.

Course: MCA

Network Security and Cryptography

Module: 12
 Learning Objectives:

1. To understand the Security Assurance in Communication

2. To understand the Pretty Good Privacy (PGP)

Structure:

12.1 Security Assurance in Communication

12.2 Summary

12.3 Keywords

12.4 Self-Assessment Questions

12.5 References
12.1 Security Assurance in Communication

With the expansion of telecommunication networks, communities become more

dependent on networks, exposing them to increased vulnerability to cyber-attacks

that may disrupt, degrade, or destroy essential services. The evolution of information

assurance has been a crucial response to this growing threat, tracing its roots back to

the 1950s with the development of WWMCCS military decision support systems.

Initially, information assurance primarily involved data backup. As data volumes

increased, automation became integral, reducing operator intervention and enabling

instant backups. The latest advancement includes distributed systems like SANs and

NAS, coupled with cloud computing technologies.

Information assurance is closely tied to the progress of information technologies,

categorized into three generations: preventing intrusions, detecting intrusions, and

ensuring survivability. It embodies a collaborative effort across sectors, facilitating

the free and equal exchange of ideas.

The five pillars of information assurance—availability, integrity, authentication,

confidentiality, and non-repudiation—are crucial in safeguarding systems while

efficiently providing services. These pillars are interconnected, impacting each

other's goals. They have evolved to be recognized as the pillars of Cyber Security,

emphasizing their significance in maintaining service and privacy balance.

Authentication involves verifying the validity of transmissions, originators, or

processes within an information system. It instills confidence in both the sender's

validity and the message's authenticity. Bolstering authentication includes personally

identifiable information, access to key tokens, or known information like passwords.

Integrity safeguards information from unauthorized alteration, aiming to ensure data

accuracy throughout its lifespan. User authentication plays a pivotal role in

maintaining information integrity, with redundant chip and software designs

mitigating risks.

Availability focuses on preserving data accessibility for authorized individuals.

Initially, information assurance primarily involved data backup. As data volumes

increased, automation became integral, reducing operator intervention and enabling

instant backups.

Information assurance is closely tied to the progress of information technologies,

categorized into three generations: preventing intrusions, detecting intrusions, and

ensuring survivability.

The five pillars of information assurance—availability, integrity, authentication,

confidentiality, and non-repudiation—are crucial in safeguarding systems while

efficiently providing services.

Authentication involves verifying the validity of transmissions, originators, or

processes within an information system. It instills confidence in both the sender's

validity and the message's authenticity.

Integrity safeguards information from unauthorized alteration, aiming to ensure data

accuracy throughout its lifespan. User authentication plays a pivotal role in

maintaining information integrity, with redundant chip and software designs

mitigating risks.

Availability focuses on preserving data accessibility for authorized individuals.

Measures such as backup power, spare data channels, and off-site capabilities

enhance information availability, guarding against potential breaches from power

outages or hardware failures.

Confidentiality, in contrast to integrity, shields against unauthorized access to data.

Cryptography and steganography are commonly employed for confidentiality,

adhering to regulations like HIPAA for information assurance in healthcare.

Non-repudiation ensures the integrity of data, preventing denial of actions.

Increasing non-repudiation reduces the chances of denying information from a

specific source, making it challenging to dispute data authenticity.

These pillars interact in a complex manner, sometimes impeding or boosting each

other. For example, increasing information availability can directly oppose the goals

of integrity, authentication, and confidentiality.

The information assurance process begins with enumerating and classifying assets,

followed by risk assessment. Vulnerabilities are identified, and threats capable of

exploiting assets are enumerated. A risk management plan proposes

countermeasures, involving prevention, detection, and response to threats.

Frameworks like NIST RMF guide this process, ensuring a cost-effective approach to

managing risks.

Managing risks in business involves three key processes: Risk Assessment, Risk

Mitigation, and Evaluation & Assessment. One of the methodologies businesses use

for effective risk management is Information Assurance. This approach is

implemented through information assurance policies like the "BRICK" framework,

ensuring compliance with federal and international laws, including HIPAA regulations.

Aligning information assurance with corporate strategies is crucial for effective risk

management. This alignment is achieved through training and awareness programs,

active involvement and support from senior management, and fostering

intra-organizational communication. These practices enhance internal control and

contribute to better business risk management.

Many security executives in various firms are increasingly relying on information

assurance to safeguard intellectual property, prevent potential data leakage, and

protect users from security risks. While information assurance is effective in ensuring

pillars like confidentiality and non-repudiation, there is a trade-off between security

and speed due to their conflicting nature. Incorporating information assurance into

the business model enhances reliable decision-making, builds customer trust,

ensures business continuity, and promotes good governance in both public and

private sectors.
Pretty Good Privacy:

PGP, or Pretty Good Privacy, was created by Phil Zimmermann with the aim of

providing comprehensive security for email communication. The four main security

aspects it focuses on are privacy, integrity, authentication, and non-repudiation in the

transmission of emails.

To ensure these security features, PGP employs a digital signature, combining

hashing and public key encryption. This approach guarantees integrity,

authentication, and non-repudiation. Additionally, PGP utilizes both secret key

encryption and public key encryption for privacy, involving one hash function, one

secret key, and two private-public key pairs in the digital signature process.

As an open-source software freely available for email security, PGP employs a digital

signature for authentication, symmetric block encryption for confidentiality, ZIP

algorithm for compression, and radix-64 encoding scheme for EMAIL compatibility.

At the sender's end, PGP follows specific steps to create a secure email:

1. The email message undergoes hashing using a hashing function to generate a

digest.

2. This digest is encrypted, forming a signed digest, using the sender's private key.

3. The original email message receives the signed digest as an addition.

4. Both the original message and the signed digest are encrypted using a one-time

secret key created by the sender.

5. The secret key is then encrypted using the receiver's public key.

6. The encrypted secret key and the encrypted combination of message and digest

are sent together for secure transmission.

12.2 Summary

❖ Information assurance primarily involved data backup.

❖ Availability focuses on preserving data accessibility for authorized individuals.

Initially, information assurance primarily involved data backup.

❖ Availability focuses on preserving data accessibility for authorized individuals.

❖ Confidentiality, in contrast to integrity, shields against unauthorized access to

data.

❖ These pillars interact in a complex manner, sometimes impeding or boosting each

other.

❖ Aligning information assurance with corporate strategies is crucial for effective

risk management.

❖ Many security executives in various firms are increasingly relying on information

assurance to safeguard intellectual property, prevent potential data leakage, and

protect users from security risks.

❖ PGP, or Pretty Good Privacy, was created by Phil Zimmermann with the aim of

providing comprehensive security for email communication.

❖ To ensure these security features, PGP employs a digital signature, combining

hashing and public key encryption.

12.3 Keywords

1. PGP - Pretty Good Privacy: PGP, created by Phil Zimmermann, focuses on privacy,

integrity, authentication, and non-repudiation in email transmission. It employs a

 digital signature, secret key encryption, and public key encryption for

comprehensive security.

12.4 Self-Assessment Questions

1. What's the main aim of ensuring security in communication?

2. How does keeping things private contribute to making communication secure?

3. Why is it crucial to confirm the source of information in secure communication?

4. What does non-repudiation do to make sure communication stays secure?

5. How does providing evidence of submitting something make communication

more secure?

6. What's message flow confidentiality, and why does it matter for secure

communication?

7. How does staying anonymous help keep communication protocols secure?

8. How can using secret codes make sure messages stay private in communication?

9. Explain end-to-end encryption and why it's essential for keeping messages

secure.

10. What difficulties come up when trying to make communication systems more

private?

12.5 References

1. Douglas Stinson, "Cryptography Theory and Practice", 2 nd Edition, Chapman &

Hall/CRC.

2. B. A. Forouzan, "Cryptography & Network Security", Tata Mc Graw Hill.

3. W. Stallings, "Cryptography and Network Security", Pearson Education.

4. Kaufman, C., Perlman, R., and Speciner, M., Network Security, Private

Communication in a public world, 2nd ed., Prentice Hall PTR., 2002.

5. Cryptography and Network Security; McGraw Hill; Behrouz A Forouzan.

6. Information Security Intelligence Cryptographic Principles and App. Calabrese

Thomson
13.1 Knapsack algorithm

The Knapsack Encryption Algorithm, also known as the Merkle-Hellman knapsack

cryptosystem, serves as a method to secure data and communications. It operates

through two keys: a public key and a private key.

History and Development:

Developed in 1978 by Ralph Merkle and Martin Hellman, the Knapsack Encryption

Algorithm gained recognition during the early days of public key cryptography. It was

considered a significant advancement due to its asymmetric-key nature, requiring

two separate keys for encryption and decryption.

However, the algorithm lost favour over time. In 1982, Adleman identified a

vulnerability exploitable with Lenstra's LLL algorithm, making knapsacks impractical.

New encryption techniques like RSA gained prominence, pushing knapsack-based

systems into historical footnotes.

Despite its decline, the Knapsack Encryption Algorithm played a vital role in shaping

modern cryptography practices, leaving a lasting impact on information security

approaches.

How it works:

The Knapsack Encryption Algorithm uses an asymmetric-key system with public and

private keys. Encryption involves converting plaintext into an unreadable form using

the public key, while decryption uses the private key to recover the original message.

The algorithm transforms information into bits multiplied with a sequence from
super-increasing integers. This produces an encrypted code, decipherable only by

someone with knowledge of the private key.

Knapsack Encryption offers quick computations compared to RSA but is vulnerable

when used alone, falling out of favour as encryption standards evolved.

Advantages and Disadvantages:

Security Features and Strengths:

The critical generation process's complexity enhances security. Private and public

keys require a challenging, super-increasing sequence to guess. Each message having

a unique random private key adds another layer of protection against known

plaintext attacks.

Knapsack encryption ensures high message confidentiality, as changing one bit

causes over half of the encrypted bits to change randomly. Brute force attacks are

impractical due to the large number of spaces, making them secure when used

correctly.

In summary, Knapsack Encryption Algorithm's security features, like complex key

generation and resistance to brute force attacks, make it suitable for cybersecurity

applications.

Potential Vulnerabilities and Weaknesses:

Despite its strengths, Knapsack Encryption has vulnerabilities. If attackers determine

a subset of the super increasing sequence in the public key, they could crack the

system. Weak random number generators or poor code implementation may also
compromise security.

Knapsack cryptography is susceptible to lattice-based cryptanalysis, where attackers

use the LLL algorithm to search for short lattice vectors. Careful implementation and

regular updates are suggested to address these vulnerabilities.

Despite concerns, knapsack encryption remains essential for information security

when properly implemented and secured against known threats.

13.2Location of Encryption Devices

Encryption devices are super important in the world of keeping information safe

online. They're like guardians placed in different spots on a computer network,

ensuring data stays private and secure from sneaky access.

One typical spot for these guardians is where the network begins and ends, like at

routers and firewalls. These devices turn data into a secret code before it leaves a

safe zone and then decode it when it reaches its destination. This way, important info

stays protected as it travels.

They're also smartly placed in communication pathways like wireless networks and

internet connections. Here, the devices turn data into code as it goes between

devices. This is super handy in case someone tries to eavesdrop. Even if they

intercept it, they will only understand something with the unique key to decode it.

These encryption guardians also hang out in storage areas, like servers or cloud

platforms. They make sure data stays safe even when it's not on the move. Turning

stored data into a secret code, even if someone breaks into the storage, they can

only understand something with the correct key.

And guess what? In private networks, like when using a VPN, these encryption

devices are there too. They make sure your chat with the network is super secure,

especially when you're dealing with hush-hush info over public networks.

13.3 Summary

❖ The Knapsack Encryption Algorithm, also known as the Merkle-Hellman knapsack

cryptosystem, serves as a method to secure data and communications.

❖ Developed in 1978 by Ralph Merkle and Martin Hellman, the Knapsack

Encryption Algorithm gained recognition during the early days of public key

cryptography.

❖ The algorithm lost favour over time. In 1982, Adleman identified a vulnerability

exploitable with Lenstra's LLL algorithm, making knapsacks impractical.

❖ Despite its decline, the Knapsack Encryption Algorithm played a vital role in

shaping modern cryptography practices, leaving a lasting impact on information

security approaches.

❖ The Knapsack Encryption Algorithm uses an asymmetric-key system with public

and private keys. Encryption involves converting plaintext into an unreadable

form using the public key, while decryption uses the private key to recover the

original message.

❖ Knapsack Encryption offers quick computations compared to RSA but is

vulnerable when used alone, falling out of favour as encryption standards

evolved.

❖ The critical generation process's complexity enhances security. Private and public
14.1 Viruses and malware

Malware is software that sneaks into your computer without asking and tries to take

your private information, like your bank details and passwords. It can also be

annoying by showing pop-up ads and changing your computer settings. Malware can

get into your system in different ways:

1. Free downloads

2. Clicking on suspicious links

3. Opening emails from the wrong sources

4. Visiting harmful websites

5. Not having an updated antivirus program

Different kinds of malware exist, including viruses, worms, logic bombs,

Trojans/backdoors, rootkits, advanced persistent threats, spyware, and adware.

A computer virus is a program that harms computer systems and deletes or damages

files. It copies itself to other programs, spreading on its own. The goal is to infect

weak systems, take control, and steal your sensitive data. Hackers create viruses to

trick online users. Signs that your computer might have a virus include:

● Letters falling on the screen.

● Slow performance.

● Less free memory.

● An entire hard disk.

● Boot failure.

Types of Computer Viruses:

1. Parasitic: Attaches to files and programs, e.g., Jerusalem.

 2. Boot Sector: Spreads through infected drives used to boot computers, e.g.,

Polyboot, Disk killer.

3. Polymorphic: Changes with each infection, making it hard for antivirus

programs to detect, e.g., Involutionary, Cascade.

4. Memory Resident: Installs in computer memory, damaging files when the OS

runs, e.g., Randex, CMJ.

5. Stealth: Hides after infection, making detecting it difficult, e.g., Frodo, Joshi.

6. Macro: Associated with software like Word and Excel, spreading through

infected documents, e.g., DMV, Melissa.

7. Hybrids: Combines features of various viruses, e.g., Happy99 (Email virus).

Preventing Malware: Use security solutions such as firewalls, antivirus, and data leak

prevention systems to prevent malware. Regular testing against the latest attacks

ensures effectiveness. The Cortex XDR agent provides multiple prevention methods,

independent of signatures, to stop known and unknown malware.

Malware Detection: Advanced tools like firewalls and Intrusion Prevention Systems

detect malware. Behavioural threat protection monitors endpoint activity, identifying

malicious event chains.

Malware Removal: Antivirus software removes standard infections, and Cortex XDR

allows administrators to take mitigation steps, such as isolating compromised

endpoints and blocking malicious files.

14.2 Summary

❖ People often use the terms "virus" and "malware" interchangeably, but they're

different.

❖ malware is like an umbrella term for any lousy software, no matter how it works,

what it's up to, or how it spreads.

❖ Viruses spread by hitching a ride on legitimate files and programs. They get

around through infected websites, flash drives, and emails.

❖ Adware bombards you with annoying ads, while spyware snoops around quietly

collecting info about you.

❖ To boost defences, IT pros can update and patch apps and systems. This is crucial

to fend off fileless malware, which targets app weaknesses and can't be easily

caught by antimalware.

❖ Encouraging good data security habits, like clever password use and limiting who

can access what, also helps prevent breaches.

14.3 Keywords

1. Worms: These are solo programs that copy themselves and spread through a

network. Unlike viruses, worms don't need your help; they find weak spots in

your system or come through emails pretending to be regular files. The first

worm, the Morris worm, showed up in 1988.

2. Boot Sector: Spreads through infected drives used to boot computers, e.g.,

Polyboot, Disk killer.

3. Polymorphic: Changes with each infection, making it hard for antivirus programs