5. CONFIDENTIALITY
• Keeping private or sensitive information from being disclosed to unauthorised individuals, entities or
processes.
• Information should not be accessible to an unauthorized person. It should not be intercepted during the
transmission.
6. INTEGRITY
• The ability to protect data from being altered or destroyed by unauthorised access or accidental manner.
• Information should not be altered during its transmission over the network.
8. AUTHENTICITY
• There should be a mechanism to authenticate a user before giving him/her an access to the required
information.
• To Make sure that the message senders or principles are who they say they are.
9. NON - REPUDIABILITY
• It is the protection against the denial of order or denial of payment.
• Once a sender sends a message, the sender should not be able to deny sending the message
• the recipient of message should not be able to deny the receipt.
11. SSL(SECURE SOCKET LAYER)
•SECULAR SOCKET LAYER IS A COMMUNICATION PROTOCOL IS
CREATED BY NETSCAPE IN 1994 TO ENSURE SECURE
TRANSACTIONS BETWEEN WEB SERVERS AND BROWSERS.
•"HTTPS://" IS TO BE USED FOR HTTP URLS WITH SSL,
WHEREAS "HTTP:/" IS TO BE USED FOR HTTP URLS WITHOUT
SSL .
12. WHAT IS SSL USED FOR?
• The SSL protocol is used by millions of online business to protect their customers, ensuring their online
transactions remain confidential.
• A web page should use encryption when it expects users to submit confidential data, including
personal information, passwords, or credit card details.
• All web browsers have the ability to interact with secured sites so long as the site's certificate is issued
by a trusted certificate authority.
13. WHY SSL ? SSL PROVIDES…..
• Confidentiality (Privacy)
• Data integrity (Tamper-proofing)
• Server authentication (Proving a server is what it claims it is)
• Used in typical B2C transaction
• Optional client authentication
• Would be required in B2B (or Web services environment in which program talks to program)
15. FIREWALL
• A firewall is a system of hardware and software components designed to restrict access between or
among networks, most often between the Internet and a private Internet.
• The firewall is part of an overall security policy that creates a perimeter defense designed to protect the
information resources of the organization.
16. HARDWARE V/S SOFTWARE FIREWALLS.
• Hardware firewalls
- Protect an entire network
- Implemented on router level
- Usually more expensive, harder to configure.
• Software firewalls
- protect a single computer
- Usually less expensive, easier to configure.
17. DIGITAL SIGNATURE:
• Digital signature ensures the authenticity of the information.
• A digital signature is an e-signature authenticated through encryption and
password.
18. ENCRYPTION :
• It is a very effective and practical way to safeguard the data being transmitted over the network.
• It is the process of converting information or data into a code, especially to prevent unauthorized
access.
• Sender of the information encrypts the data using a encryption technique and only the specified
receiver can decrypt the data using the same or a different encryption technique.
20. DRAWBACKS OF ENCRYPTION
• Sometimes it may be difficult to access even for a legitimate user
• High availability
• selective access control
• Does not guard threats that emerge from the poor design of systems
• Costly
• based on the computational difficulty of mathematical problems
21. MESSAGE AUTHENTICATION
• Threat: the user is not sure about the originator of the message
• Message Authentication Code Algorithm
22. LIMITATIONS OF MAC
1. Establishment of Shared Secret
2. Inability to Provide Non-Repudiation
Limitations of MAC can be overcome by Digital signature
24. ORIGIN
• Humans want to (1)share information and (2) selectively
• This need gives birth to art of “coding messages”
• The art and science of concealing the messages to introduce secrecy in information security is called
cryptography.
• “ Cryptography “ from GREEK .. KRYPTO (hidden) + GRAPHENE (writing)
25. HISTORY
• HIEROGLYPH is the oldest technique used by Egyptians 4000 years ago
• Around 500-600 BC mono-alphabetic substitution ciphers were used
• Roman method (Caesar Shift Cipher) relies on shifting of a message by an agreed number
• Steganography (slightly different)
26. EVOLUTION
• Started during European Renaissance
• Vigenere Coding came in 15th Century
• After 19th Century it evolved from ad hoc approach to sophisticated art and science
• In early 20th Century machines were invented e.g. Enigma Rotor machine
• During WW2 both cryptography and cryptanalysis became excessively mathematical
• With advances govts. , military units and corporate houses started adopting it
27. MODERN CRYPTOGRAPHY
• It is called as cornerstone of communications security.
• Based on number theory, computational-complexity and probability theory
Classic Cryptography Modern Cryptography
It manipulates traditional characters It operates on binary bit sequences
Based on ‘security through obscurity’ Relies on mathematical algorithms.
Secrecy is obtained through secret key
It requires entire cryptosystem for
communicating confidentially
Requires parties interested in secure
communication to possess the secret key
31. TYPES OF CRYPTOSYSTEMS [1. SYMMETRIC KEY ]
Examples: Digital Encryption Standard(DES), Triple- DES(3DES), IDEA and TWOFISH
32. FIESTEL BLOCK CIPHER
• The input block to each round is divided into two halves that can
be denoted as L and R for the left half and the right half
• In each round, the right half of the block, R, goes through
unchanged. But the left half, L, goes through an operation that
depends on R and the encryption key
• each round uses a different key, although all these subkeys are
related to the original key
• The permutation step at the end of each round swaps the
modified L and unmodified R.
• Above substitution and permutation steps form a ‘round’.
The number of rounds are specified by the algorithm design
• Once the last round is completed then the two sub blocks,
‘R’ and ‘L’ are concatenated in this order to form the ciphertext
block
• difficult part of designing a Feistel Cipher is selection of round
function ‘f’
33. FEATURES OF SYMMETRIC KEY ENCRYPTION
• Persons using it must share a common key prior to exchange of information
• Keys are recommended to be changed regularly to prevent any attack on the system
• robust mechanism needs to exist to exchange the key between the communicating parties
• Length of Key (number of bits) in this encryption is smaller and hence, process of encryption-decryption
is faster than asymmetric key encryption
• Processing power of computer system required to run symmetric algorithm is less
34. CHALLENGES OF USING SYMMETRIC KEY ENCRYPTION
1. Key Establishment
2. Trust Issue
• But, today we need to communicate to non-familiar parties..
35. TYPES OF CRYPTOSYSTEMS [2. ASYMMETRIC KEY]
• Different keys are used for encrypting and
decrypting the information
User have 2 dissimilar keys mathematically
related called private key and public key
Public key –public repository
Private key –well guarded secret
When Host1 needs to send data to Host2,
he obtains the public key of Host2 from
repository, encrypts the data, and transmits
Host2 uses his private key to extract the plaintext.
o Length of keys is large so slower
o Processing power of computer system required to run asymmetric algorithm is higher
36. CHALLENGES OF PUBLIC KEY CRYPTOSYSTEM
• the user needs to trust that the public key that he is using in communications with a person really is the
public key of that person and has not been spoofed by a malicious third party
• This is usually accomplished through a Public Key Infrastructure (PKI) consisting a trusted third party
37. PUBLIC KEY ENCRYPTION: RSA CRYPTOSYSTEM
• Used even today
• Invented by: Ron Rivest, Adi Shamir, Len Adleman
• Two things are involved: (1) Generation of key pair (2) Encryption- Decryption modes
38. 1. GENERATION OF RSA KEY PAIR
• The process is as follows:
1. Generate the RSA modulus(n)
• Select two large primes, p and q
• Calculate n=p*q.
2. Find Derived Number(e)
• Number e must be greater than 1 and less than (p − 1)(q − 1)
• There must be no common factor for e and (p − 1)(q − 1) except for 1
3. Form the public key
• The pair of numbers (n, e) form the RSA public key and is made public
4. Generate the Private Key
• Private Key d is calculated from p, q, and e. For given n and e, there is
unique number d
• Number d is the inverse of e modulo (p − 1)(q – 1)
• Example:
1. Generate the RSA modulus(n)
• P=7, q=13. Thus, n=p*q=7*13=91
2. Find Derived Number(e)
• Select e = 5 because , there is no number that is common factor of 5
and (p − 1)(q − 1) = 6 × 12 = 72
3. Form the public key
• The pair of numbers (n, e) = (91, 5) forms the public key
4. Generate the Private Key
• Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The
output will be d = 29
• Check: de = 29 × 5 = 145 = 1 mod 72
Each party has to generate a pair of keys i.e. public key and private key
though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in
finite time the two primes (p & q) used to obtain n
39. RSA ENCRYPTION
• Encryption:
• sender wish to send some text message to
someone whose public key is (n, e)
• the sender then represents the plaintext as a
series of numbers less than n
• To encrypt the first plaintext P, which is a
number modulo n.
• Decryption:
• receiver of public-key pair (n, e) has received a
ciphertext C
• Receiver raises C to the power of his private key
d. The result modulo n will be the plaintext P
• Returning again to our numerical example,
the ciphertext C = 82 would get decrypted to
number 10 using private key 29
RSA does not directly operate on strings of bits as in case of symmetric key
It operates on numbers modulo n
it is necessary to represent the plaintext as a series of numbers less than n