CB3491

CRYPTOGRAPHY AND
NETWORK SECURITY
Book + ALL PPT will be uploaded
William Stallings, “Cryptography and Network Security – Principles and Practice”, Seventh
Edition, Pearson Education, 2017.
 Mother

Arun’s friend
Arun Gopal
What is Cryptography?
Need of Cryptography

● Confidentiality
● Data Integrity
● Authentication
● Secure Transactions
● Privacy and Data Protection
What is Computer Security? - CIA
The protection afforded to an automated information system in order to attain the
applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources (includes hardware, software, firmware,
information/data, and telecommunications).
Main Challenges

1. Simple Objective but complex mechanism - Eg Confidentiality

2. Always think from hackers point of view.
3. Placement of mechanism - Server/Client/Router
4. Need of multiple algorithms to be in sync
5. Need to remove all weaknesses
6. Constant Monitoring
7. The procedures may not ease user experience
8. It is implemented after design is complete
1. Security is not as simple as it seems. The requirements seem to be straightforward; indeed, most of the major requirements for
security services can be given self-explanatory, one-word labels: confidentiality, authentication, nonrepudiation, or integrity. But the
mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning.

2. In developing a particular security mechanism or algorithm, one must always consider potential attacks on those security
features. In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore
exploiting an unexpected weakness in the mechanism.

3. Because of point 2, the procedures used to provide particular services are often counterintuitive. Typically, a security mechanism
is complex, and it is not obvious from the statement of a particular requirement that such elaborate measures are needed. It is only
when the various aspects of the threat are considered that elaborate security mechanisms make sense.

4. Having designed various security mechanisms, it is necessary to decide where to use them. This is true both in terms of physical
placement (e.g., at what points in a network are certain security mechanisms needed) and in a logical sense (e.g., at what layer or
layers of an architecture such as TCP/IP [Transmission Control Protocol/Internet Protocol] should mechanisms be placed).

5. Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in
possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and
protection of that secret information. There also may be a reliance on communications protocols whose behavior may complicate
the task of developing the security mechanism. For example, if the proper functioning of the security mechanism requires setting
time limits on the transit time of a message from sender to receiver, then any protocol or network that introduces variable,
unpredictable delays may render such time limits meaningless.
6. Computer and network security is essentially a battle of wits between a perpetrator
who tries to find holes and the designer or administrator who tries to close them. The
great advantage that the attacker has is that he or she need only find a single weakness,
while the designer must find and eliminate all weaknesses to achieve perfect security.
7. There is a natural tendency on the part of users and system managers to perceive little
benefit from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s
short-term, overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system after the
design is complete rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment
to efficient and user-friendly operation of an information system or use of information.
 OSI Architecture- Standard Rules for Security
● To assess effectively the security needs of an organization and to evaluate
and choose various security products and policies, the manager responsible
for security needs some systematic way of defining the requirements for
security which is difficult enough in a centralized data processing
environment; with the use of local and wide area networks, the problems are
compounded.
● The OSI security architecture is useful to managers as a way of organizing
the task of providing security. Furthermore, because this architecture was
developed as an international standard, computer and communications
vendors have developed security features for their products and services that
relate to this structured definition of services and mechanisms.
Key Components
1. Security Attack - Passive Attack
1. Security Attack - Active Attack
2. Security Service
3. Security Mechanisms
A model for network security
Four Step Process
Key Points
A message is to be transferred from one party to another across some sort of Internet service. The two parties, who are
the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is
established by defining a route through the Internet from source to destination and by the use of TCP/IP protocols.
Security aspects come into play when it is necessary or desirable to protect the information transmission from an
opponent who may present a threat to confidentiality, authenticity, and so on.
All the techniques for providing security have two components:
■ A security-related transformation on the information to be sent. Examples include the encryption of the message,
which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents
of the message, which can be used to verify the identity of the sender.
■ Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an
encryption key used in conjunction with the transformation to scramble the message before transmission and
unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for
distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be
needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission.
Types of security mechanism

1. Gatekeeper function:- It includes password-based login procedures that are

designed to deny access to all but authorized users and screening logic that
is designed to detect and reject worms, viruses, and other similar attacks.
2. Once either an unwanted user or unwanted software gains access, the
second line of defense consists of a variety of internal controls that monitor
activity and analyze stored information in an attempt to detect the presence
of unwanted intruders.
Key Points
● Hackers, who attempt to penetrate systems that can be accessed over a network. The
hacker can be someone who, with no malign intent, simply gets satisfaction from breaking
and entering a computer system. The intruder can be a disgruntled employee who wishes to
do damage or a criminal who seeks to exploit computer assets for financial gain.
● Another type of unwanted access is the placement in a computer system of logic that
exploits vulnerabilities in the system and that can affect application programs as well as
utility programs, such as editors and compilers
● Information access threats: Intercept or modify data on behalf of users who should not
have access to that data.
● Service threats: Exploit service flaws in computers to inhibit use by legitimate users.
● Viruses and worms are two examples of software attacks. Such attacks can be introduced
into a system by means of a disk that contains the unwanted logic concealed in otherwise
useful software. They can also be inserted into a system across a network; this latter
mechanism is of more concern in network security.