Fundementals of Cyber Security and Digital Forensics

Module: 1 & 2

Mrs. Soumi Banerjee

Assistant Professor- Information Technology
Ramrao Adik Institute of Technology,
D Y Patil Deemed to be University, Nerul, Navi Mumbai
 Contents

Lecture 4-Introduction of Cybersecurity: Comprehensive IT security Policy 4

Lecture 5-Introduction of Cybersecurity: Cryptography 11

Lecture 6-Introduction of Cybersecurity: Cryptanalysis and Modern Ciphers 24

2
Module 1:

Lecture 4: A Comprehensive IT
Security Policy
 A Comprehensive IT Security Policy

• To ensure that you are effectively protecting your data, you need something
that works to prevent breaches, detect potential threats, analyze suspicious
activity, and provide remediation in the event that something does occur.

• Benefits of having a Security Policy

• Enhance organization’s overall security posture.
• It helps you to better prepare for auditing and compliance
requirements.
• It leads to increased operational efficiency.
• It also leads to increased accountability for both users and
stakeholders.
• It provides your organization with a solid strategy around effective
communication and enforcement of policies.

4 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• Acceptable Use of data Systems Policy: The purpose of this policy is to

stipulate the suitable use of computer devices at the corporate/company.
These rules protect the authorized user and therefore the company also.

• Account Management Policy: The purpose of this policy is to determine a

typical for the creation, administration, use, and removal of accounts that
facilitate access to information and technology resources at the corporate.

• Anti-Virus: This policy was established to assist prevent attacks on corporate

computers, networks, and technology systems from malware and other
malicious code.

• E-Commerce Policy: Ecommerce security refers to the measures taken to

secure businesses and their customers against cyber threats.

5 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• E-Mail Policy: Email security may be a term for describing different procedures
and techniques for shielding email accounts, content, and communication
against unauthorized access, loss, or compromise. Email is usually wont to
spread malware, spam, and phishing attacks.

• Hardware And Electronic Media Disposal Policy: The company-owned surplus

hardware, obsolete machines, and any equipment beyond reasonable repair or
reuse, including media, are covered by this policy.

• Security Incident Management Policy: This policy defines the need for
reporting and responding to incidents associated with the company’s
information systems and operations.

• Information Technology Purchasing Policy: The reason for this strategy is to

characterize norms, methods, and limitations for the acquisition of all IT
equipment, programming, PC-related parts, and specialized administrations
bought with organization reserves.

6 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• Web Policy: The reason for this policy is to set up the guidelines for the
utilization of the organization’s Internet for access to the Internet or the
Intranet.

• Log Management Policy: Log management is often of great benefit during a

sort of scenario, with proper management, to reinforce security, system
performance, resource management, and regulatory compliance.

• Network Security And VPN Acceptable Use Policy: The purpose of this policy
is to define standards for connecting to the company’s network from any host.

• Password Policy: The purpose of this policy is to determine a typical for the
creation of strong passwords, the protection of these passwords, and therefore
the frequency of change password must be followed.

7 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• Patch Management Policy: Security vulnerabilities are inherent in computing

systems and applications. These flaws allow the event and propagation of
malicious software, which may disrupt normal business operations,
additionally placing the corporate in danger. To effectively mitigate this risk,
software “patches” are made available to get rid of a given security
vulnerability.

• Cloud Computing Adoption: The purpose of this policy is to make sure that the
corporate can potentially make appropriate cloud adoption decisions and at an
equivalent time doesn’t use, or allow the utilization of, inappropriate cloud
service practices.

• Server Security Policy: The purpose of this policy is to define standards and
restrictions for the bottom configuration of internal server equipment owned
and/or operated by or on the company’s internal network(s) or related
technology resources via any channel.

8 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• Social Media Acceptable Use Policy: Tools to determine barriers between

personal and personal networks and tools to centrally manage accounts are
only starting to emerge. Involvement by the IT Department for security, privacy,
and bandwidth concerns is of maximal importance.

• Systems Monitoring And Auditing Policy: System monitoring and auditing are
employed to work out if inappropriate actions have occurred within a data
system. System monitoring is employed to seem for these actions in real-time
while system auditing looks for them after the very fact.

• Vulnerability Assessment: The purpose of this policy is to determine standards

for periodic vulnerability assessments. This policy reflects the company’s
commitment to spot and implement security controls, which can keep risks to
data system resources at reasonable and appropriate levels.

9 Lecture 4: Comprehensive IT Security Policy

 Comprehensive IT Security Policy

• Website Operation Policy: The purpose of this policy is to determine

guidelines with reference to communication and updates of the company’s
public-facing website.

10 Lecture 4: Comprehensive IT Security Policy

Module 2:

Lecture 5: Introduction to
Cryptography
CLASSICAL ENCRYPTION TECHNIQUES

As opposed to modern cryptography

Goals:
•To introduce basic concepts & terminology of encryption
•To prepare us for studying modern cryptography
Basic Terminology:
•Plaintext: original message to be encrypted

•Ciphertext: the encrypted message

•Enciphering or encryption: the process of converting plaintext into ciphertext

•Encryption algorithm: performs encryption

•Two inputs: a plaintext and key/keys

Lecture 5: CLASSICAL
12
ENCRYPTION TECHNIQUES
SYMMETRIC CIPHER MODEL

•Deciphering or decryption: recovering plaintext from ciphertext

•Decryption algorithm: performs decryption

•Two inputs: ciphertext and secret key/keys

Lecture 5: CLASSICAL ENCRYPTION

13 TECHNIQUES
SYMMETRIC CIPHER MODEL

14 Lecture 1- Services of OSI Layers

CIPHERS

Symmetric cipher: same key used for encryption and decryption

Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits)
Stream cipher: encrypts data one bit or one byte at a time

Asymmetric cipher: different keys used for encryption and decryption

15 Lecture 5- Stream and Block

SYMMETRIC ENCRYPTION

•Or conventional / secret-key / single-key

•Sender and recipient share a common key
•All classical encryption algorithms are symmetric
•The only type of ciphers prior to the invention of asymmetric-key ciphers in 1970’s
•By far most widely used
Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
X = plaintext
Y = ciphertext
K = secret key
E = encryption algorithm
D = decryption algorithm
Both E and D are known to public

16 Lecture 1- Services of OSI Layers

Classical Ciphers

•Plaintext is viewed as a sequence of elements (e.g., bits or characters)

•Substitution cipher: replacing each element of the plaintext with another element.
•Transposition (or permutation) cipher: rearranging the order of the elements of the
plaintext.
•Product cipher: using multiple stages of substitutions and transpositions

Caesar Cipher:
•Earliest known substitution cipher
•Invented by Julius Caesar
•Each letter is replaced by the letter three positions further down the alphabet.
• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
• Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
•Example: ohio state  RKLR VWDWH

17 Lecture 5- Classical Ciphers

Caesar Cipher

Mathematically, map letters to numbers:

a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
Can be generalized with any alphabet.

18 Lecture 5- Caesar Cipher

Monoalphabetic Cipher Security
•Now we have a total of 26! = 4 x 1026 keys.
•With so many keys, it is secure against brute-force attacks.
•But not secure against some cryptanalytic attacks.
•Problem is language characteristics.
•Human languages are not random.
•Letters are not equally frequently used.
•In English, E is by far the most common letter, followed by T, R, N, I, O, A, S.
•Other letters like Z, J, K, Q, X are fairly rare.
•There are tables of single, double & triple letter frequencies for various
languages
Monoalphabetic Substitution Cipher:
Shuffle the letters and map each plaintext letter to a different random
ciphertext letter:
Plain letters: hello
Cipher letters: KHOOR
Plaintext: hello
Cipher text: ABNZF

19 Lecture 5- Monoalphabetic
Polyalphabetic Substitution Ciphers

•A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in turn to encrypt
letters.
•A key determines which sequence of ciphers to use.
•Each plaintext letter has multiple corresponding ciphertext letters.
•This makes cryptanalysis harder since the letter frequency distribution will be
flatter.

20 Lecture 5- Polyalphabetic Ciphers

Playfair Cipher

•Not even the large number of keys in a monoalphabetic cipher provides security.
•

•One approach to improving security is to encrypt multiple letters at a time.

•The Playfair Cipher is the best known such cipher.
•Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
•Use a 5 x 5 matrix.
•Fill in letters of the key (w/o duplicates).
•Fill the rest of matrix with other letters.
•E.g., key = MONARCHY.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
21 Lecture 5:Playfair and Hill cipher
Encrypting and Decrypting

Plaintext is encrypted two letters at a time.

1. If a pair is a repeated letter, insert filler like 'X’.
2. If both letters fall in the same row, replace each with the letter to its right
(circularly).
3. If both letters fall in the same column, replace each with the letter below it
(circularly).
4. Otherwise, each letter is replaced by the letter in the same row but in the
column of the other letter of the pair.
Security of Playfair:
Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters.
Security is much improved over the simple monoalphabetic cipher.
Was widely used for many decades
eg. by US & British military in WW1 and early WW2
Once thought to be unbreakable.
Actually, it can be broken, because it still leaves some structure of plaintext intact.

22 Lecture 5- Classical Ciphers

Transposition Techniques: Keyed and Keyless

The decryption:We need to find an inverse matrix modulo 26 to use as our

'decryption key'. i.e. we want something that will take 'PFO' back to 'ATT'. If our 3 by 3
key matrix is called K, our decryption key will be the 3 by 3 matrix K-1, which is the
inverse of K.

Where,

23 Lecture 5- Classical Ciphers

Module 2:

Lecture 6: Cryptanalysis and

Modern Ciphers
CRYPTANALYSIS Key Number Time Time
Size of required at required
(bits Alternati 1 at 106
) ve Keys decryption/ decrypti
Objective: to recover the plaintext of a µs ons/µs
ciphertext or, more typically, to recover the 32 232 = 4.3 231 µs 2.15
secret key.  109 = 35.8 milliseco
minutes nds
Kerckhoff’s principle: the adversary knows
all details about a cryptosystem except the
56 256 = 7.2 255 µs 10.01
secret key.  1016 = 1142 hours
Two general approaches: years
brute-force attack 128 2128 = 3.4 2127 µs 5.4  1018
non-brute-force attack (cryptanalytic  1038 = 5.4  1024 years
years
attack)
Brute-Force Attack:
168 2168 = 3.7 2167 µs 5.9  1030
•Try every key to decipher the ciphertext.  1050 = 5.9  1036 years
•On average, need to try half of all possible years
keys
•Time needed proportional to size of key 26 26! = 4  2  1026 µs 6.4  106
chara 1026 = 6.4  1012 years
space cters years

25 Lecture 6- Cryptanalysis
CRYPTANALYTIC ATTACKS

•May be classified by how much information needed by the attacker:

•Ciphertext-only attack
•Known-plaintext attack
•Chosen-plaintext attack
•Chosen-ciphertext attack

26 Lecture 6- Cryptanalysis
Ciphertext-only attack

Given: a ciphertext c
Q: what is the plaintext m?
An encryption scheme is completely insecure if it cannot resist ciphertext-only
attacks.

27 Lecture 6- Cryptanalysis
Known-plaintext attack

Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c.

Q: what is the plaintext of c?

Q: what is the secret key in use?

28 Lecture 6- Cryptanalysis
Chosen-plaintext attack

Given: (m1,c1), (m2,c2), …, (mk,ck), where m1, m2, …, mk are chosen by the adversary;
and a new ciphertext c.

Q: what is the plaintext of c, or what is the secret key?

Example: chosen-plaintext attack:
In 1942, US Navy cryptanalysts discovered that Japan was planning an attack on
“AF”.
They believed that “AF” means Midway island.
Pentagon didn’t think so.
US forces in Midway sent a plain message that their freshwater supplies were low.
Shortly, US intercepted a Japanese ciphertext saying that “AF” was low on water.
This proved that “AF” is Midway.

29 Lecture 6- Cryptanalysis
Chosen-ciphertext attack

Given: (m1,c1), (m2,c2), …, (mk,ck), where c1, c2, …, ck are chosen by the adversary; and
a new ciphertext c.

Q: what is the plaintext of c, or what is the secret key?

30 Lecture 6- Cryptanalysis
Chosen-ciphertext attack

31 Lecture 6- Cryptanalysis
Modern Block Ciphers

•Will now look at modern block ciphers

•One of the most widely used types of cryptography algorithms
•Provide strong secrecy and/or authentication services
•In particular will introduce DES (data encryption standard)

Block vs Stream Ciphers:

•Block ciphers process messages into blocks, each of which is then en/decrypted
Like a substitution on very big characters
64-bits or more
•Stream ciphers process messages a bit or byte at a time when en/decrypting
Many current ciphers are block ciphers
Hence are focus of course

32 Lecture 6: Modern Ciphers

Block Cipher Principles

•Block ciphers look like an extremely large substitution

•Would need table of 264 entries for a 64-bit block
•Arbitrary reversible substitution cipher for a large block size is not practical
•64-bit general substitution block cipher, key size 2 64!
•Most symmetric block ciphers are based on a feistel cipher structure
•Needed since must be able to decrypt ciphertext to recover messages efficiently

33 Lecture 6: Modern Ciphers

C. Shannon and Substitution-Permutation Ciphers

•In 1949 shannon introduced idea of substitution-permutation (S-P) networks

Modern substitution-transposition product cipher
•These form the basis of modern block ciphers
•S-P networks are based on the two primitive cryptographic operations we have
seen before:
Substitution (s-box)
Permutation (p-box) (transposition)
•Provide confusion and diffusion of message

34 Lecture 6: Modern Ciphers

Diffusion and Confusion

•Introduced by claude shannon to thwart cryptanalysis based on statistical analysis

-Assume the attacker has some knowledge of the statistical characteristics of
the plaintext
•Cipher needs to completely obscure statistical properties of original message
•A one-time pad does this

More practically shannon suggested combining elements to obtain:

•Diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
•Confusion – makes relationship between ciphertext and key as complex as possible

35 Lecture 6: Modern Ciphers

Feistel Cipher Structure

•Horst feistel devised the feistel cipher

oImplements shannon’s substitution-
permutation network concept
•Partitions input block into two halves
oProcess through multiple rounds which
oPerform a substitution on left data half
oBased on round function of right half &
subkey
oThen have permutation swapping halves

36 Lecture 6: Modern Ciphers

Feistel Cipher

•n sequential rounds
•A substitution on the left half Li
•1. Apply a round function F to the right half Ri and
•2. Take XOR of the output of (1) and Li
•The round function is parameterized by the subkey Ki
•Ki are derived from the overall key K

37 Lecture 6: Modern Ciphers

Feistel Cipher Design Principles

•Block size
•Increasing size improves security, but slows cipher
•Key size
•Increasing size improves security, makes exhaustive key searching
harder, but may slow cipher
•Number of rounds
•Increasing number improves security, but slows cipher
•Subkey generation
•Greater complexity can make analysis harder, but slows cipher
•Round function
•Greater complexity can make analysis harder, but slows cipher
•Fast software en/decryption & ease of analysis
•Are more recent concerns for practical use and testing

38 Lecture 6: Modern Ciphers

Feistel Cipher Decryption

39 Lecture 6: Modern Ciphers

Thank You