Network and System Security (TCS 619)

B. Tech CSE Elective VI Semester

Instructor:
Dr Mohammad Wazid
Associate Professor, Department of CSE
Graphic Era (Deemed to be University), Dehradun, India
Email: [email protected]
Homepage: https://sites.google.com/site/mwazidiiith/home
About the instructor
Qualification:
1. Postdoc from Cyber Security and Networks Lab, Innopolis
University, Innopolis, Russia.
2. Ph. D (CSE) from Center for Security, Theory and Algorithmic
Research of the International Institute of Information Technology
(IIIT), Hyderabad, India.
3. M. Tech. Computer Network Engineering from Graphic Era
University, Dehradun, India.
4. B. E. (CSE) from KEC, Dwarahat, (Regional Engineering College
(REC) Uttarakhand, India.
About the instructor
Research background:
Published 84 papers in international journals and conferences in the fields
of
Cyber Security
Authentication
Internet of Things (IoT)
Cloud Computing
Big Data
Blockchain
About the instructor
Research background:
Some of the research findings were published in top cited journals, such as
the IEEE TDSC, IEEE Transactions on Smart Grid, IEEE Internet of Things
Journal, IEEE Transactions on Industrial Informatics, IEEE Journal of
Biomedical and Health Informatics, IEEE Consumer Electronics Magazine,
Future Generation Computer Systems, Security and Communication
Networks (Wiley) and Journal of Network and Computer Applications.
Awards:
• University Gold Medal in M. Tech program
• Young Scientist Award by UCOST, Department of Science and Technology,
Government of Uttarakhand
• Dr. A.P.J Abdul Kalam innovator of the year award
• ICT Express (Elsevier) Best Research Reviewer Award for 2019
Course Outcomes
• After completion of the course students will be able to:
1. Understand the basics of computer security
2. Elaborate the cryptographic techniques.
3. Discuss the transport layer security
4. Find the pros and cons of various key distribution methods
5. Analyze the wireless network security
6. Find the level of system security
Grading scheme
• As per the University scheme.
• Criteria for internal marks:
• Performance in the class (queries and answers)
• Performance in the class tests/quizzes/assignments
• Attendance
• Behaviour with the teacher and classmates

• Criteria for external marks:

• Performance in the written exam.
Text/Reference Books:

• Cryptography and Network Security: Principles and Practice by William

Stallings (7th edition)
• Ch. P. Pfleeger, S. L. Pfleeger Security in Computing , 4th Edition
Prentice Hall, 2006
Unit-1
• Computer Security Concepts,
• The OSI Security Architecture,
• Security Attacks,
• Security Services,
• Security Mechanisms,
• Models for network security, standards
Unit-1
Cryptography overview
• Cryptography (from Greek: kryptós “hidden, secret”; and
graphein, “to write”) that is secret writing.
• Cryptography is a mechanism of protecting information through
the use of certain codes so that intended recipient can read and
process it.
• The generated codes allow information to be kept secret.
• It converts data into a format that is unreadable for an
unauthorized user.
• Allowing it to be transmitted without unauthorized entities
decoding it back.
Cryptography overview
• It is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read and
process it.
• Cryptography not only protects data from theft or alteration,
but can also be used for user authentication.
Information security
• Information security is the set of processes that maintain the
confidentiality, integrity and availability of the business data
in its various forms.
• It is designed to protect the confidentiality, integrity and
availability of data from the malicious intentions.
• Confidentiality, integrity and availability are sometimes
referred to as the CIA Triad of information security.
Information security
• It is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification,
inspection, recording or destruction of information.
• Information can be anything like your details or we can
say your profile on social media, your data in mobile
phone, your biometrics etc.
Information security
• Example-
• During First World War, Multi-tier Classification System
was developed keeping in mind sensitivity of information.
• With the beginning of Second World War formal alignment
of Classification System was done.
• Alan Turing was the one who successfully decrypted
Enigma Machine which was used by Germans to encrypt
warfare data.
General security requirements
1. Confidentiality
• This property provides protection of information against any
kind of unauthorized access.
• In another way, it is known as “privacy'' which protects the
exchanged messages against any kind of disclosure attacks.
2. Integrity
• It provides assurance of real and accurate data.
• The content of the received message should not contain
illegal insertion, unapproved modification and deletion.
• Data should be safeguarded against unauthorized
modification.
General security requirements
3. Authentication
• It is used to validate the identities of the communicating
devices and users.
• Mutual verification of identities is mandatory to start a secure
communication and it should be conducted in advance.
• Example- In a IoT environment, authentication may be
happened among the smart IoT devices, various kind of
servers (i.e., cloud, fog, edge servers), different users, the
service providers.
 General security requirements
4. Non-repudiation
• It provides assurance that any entity should not deny the
validity of something for example, a message.
• It is one of important service in “information security” which
provides proof regarding the “origin of the message” and
“integrity of the data” in that message.
• Therefore, it is very difficult for the illegal entities to deny the
“origin of the message” and “authenticity of the message”.
 General security requirements
4. Non-repudiation
• Digital signatures methods are useful for “non-repudiation''.
• For example, in case of a online transactions, where it is important
to assure that a party to whom the contract was made
(communicated party) should not deny the originality of his/her
signature on the report.
• Source's non-repudiation: It provides assurance of genuineness of
the sender. This concludes the message was transmitted by the
genuine source.
• Destination's non-repudiation: It provides assurance of
genuineness of the receiver. This concludes the message was
received by the genuine receiver.
General security requirements
6. Forward secrecy
• If an entity (for example, smart home user, smart IoT device)
leaves the communication network then it must not have any
ability to access the future messages.

7. Backward secrecy
If an entity (for example, smart home user, smart IoT device) is
just deployed in the communication network then it must not
have any ability to access the previously exchanged messages.
Components of a cryptosystem
1. Plaintext
• It is the data to be protected during transmission.
2. Encryption Algorithm
• It is a mathematical process that produces a ciphertext for
any given plaintext and encryption key.
• It is a cryptographic algorithm (i.e., AES) that takes
plaintext and an encryption key as input and produces a
ciphertext. For example, EK(P)=C, E stands for
encryption process, K stands for key used, P stands for
plaintext and C stands for produced ciphertext.
Components of a cryptosystem
3. Ciphertext
• It is the scrambled version of the plaintext produced by
the encryption algorithm using a specific encryption key.
• The ciphertext is not guarded.
• It is transmitted through a public channel.
• It can be intercepted or compromised by anyone who has
access to the communication channel.
Components of a cryptosystem
4. Decryption algorithm
• It is a mathematical process, that produces a unique
plaintext for any given ciphertext and decryption key.
• It is a cryptographic algorithm that takes a ciphertext and
a decryption key as input, and outputs a plaintext.
• The decryption algorithm essentially reverses the
encryption algorithm and is thus closely related to it.
• For example, DK(C)=P, D stands for decryption process,
K stands for key used, C stands for ciphertext and P stands
for obtained plaintext.
Components of a cryptosystem
5. Encryption key
• It is a value that is known to the sender.
• The sender inputs the encryption key into the encryption
algorithm along with the plaintext in order to compute the
ciphertext.
6. Decryption key
• It is a value that is known to the receiver.
• The decryption key is related to the encryption key, but is not
always identical to it.
• The receiver inputs the decryption key into the decryption
algorithm along with the ciphertext in order to compute the
plaintext.
Components of a cryptosystem
• For a given cryptosystem, a collection of all possible
decryption keys is called a key space.
• An interceptor (an attacker) is an unauthorized entity who
attempts to determine the plaintext.
• He can see the ciphertext and may know the decryption
algorithm.
• He, however, must never know the decryption key.
 Symmetric and Asymmetric Encryption
• While communicating on an unsecure channel (i.e.,
Internet) we have to be careful about the confidentiality of
the shared information.
• There are two techniques use to preserve the
confidentiality of your message, Symmetric and
Asymmetric Encryption.
• Symmetric encryption allows encryption and decryption of
the message with the same key.
 Symmetric and Asymmetric Encryption
• However, in asymmetric encryption two keys are required.
Asymmetric encryption uses the public key for the
encryption, and a private key is used for decryption.
Differences of Symmetric and Asymmetric Encryption
BASIS FOR
SYMMETRIC ENCRYPTION ASYMMETRIC ENCRYPTION
COMPARISON

Basic Symmetric encryption uses a single key Asymmetric encryption uses a different key

for both encryption and Decryption. for encryption and decryption.

Performance Symmetric encryption is fast in Asymmetric Encryption is slow in execution

execution. due to the high computational overhead.

Algorithms DES, 3DES, AES. Diffie-Hellman, RSA.

Purpose The symmetric encryption is used for The asymmetric encryption is often used for

bulk data transmission. securely exchanging secret keys.

 Definition of Symmetric Encryption
• Symmetric encryption is a technique which allows the use
of only one key for performing both the encryption and the
decryption of the message.
• It is also known as the conventional method used for
encryption.
• In symmetric encryption, the plaintext is encrypted and is
converted to the ciphertext using a key and an encryption
algorithm.
 Definition of Symmetric Encryption
• While the cipher text is converted back to plain text using
the same key that was used for encryption, and the
decryption algorithm.
• Symmetric encryption algorithm executes faster and is less
complex.
• Hence, they are used for bulk data transmission.
 Definition of Symmetric Encryption
• In symmetric encryption, the host that are participating in
the communication already have the secret key that is
received through the external means.
• The sender of the message will use the key for encrypting
the message, and the receiver will use the same key for
decrypting the message.
• The commonly used symmetric encryption algorithms are
DES, 3 DES and AES.
Definition of Symmetric Encryption

Fig. Procedure of symmetric encryption (source: https://dzone.com/articles/encryption-and-

decryption-using-symmetric-key-in-c
 Definition of Asymmetric Encryption
• Asymmetric encryption is an encryption technique that uses a
pair of key (private key and public key) for encryption and
decryption.
• Asymmetric encryption uses the public key for the encryption
of the message and the private key for the decryption of the
message.
• The public key is available to anyone who is interested in
sending the message.
 Definition of Asymmetric Encryption
• The private key is kept secret with the receiver of the
message.
• Any message that is encrypted by the public key and the
algorithm, is decrypted using the same algorithm and the
matching private key of corresponding public key.
• The execution of asymmetric encryption algorithm is
slow.
• Hence, the asymmetric encryption is used for securely
exchanging the keys instead of the bulk data
transmission.
 Definition of Asymmetric Encryption
• It is generally used for establishing a secure channel over
the non-secure medium i.e., Internet.
• The most common asymmetric encryption algorithm are
Diffie-Hellman and RSA algorithm.

Fig. Procedure of asymmetric

encryption
(source:
https://www.avadaj.com/2017/09
/26/combining-symmetric-and-
assymetric-encryption-for-
transmitting-data
 Definition of Asymmetric Encryption
Lesson learned
• Being a complex and slow encryption technique the
asymmetric encryption is generally used for exchanging the
keys and the symmetric encryption being a faster technique
is used for bulk data transmission.
Quiz time
• Choose one correct option.
• Q1: What are the applications of cryptography:
(a) Secure Web
(b)Secure email
(c) Secure electronic transactions
(d)All
Quiz time
• Choose one correct option.
• Q2: What are the components of an cryptosystem:
(a) Plaintext
(b)Ciphertext
(c) Encryption and decryption algorithm
(d)All
Quiz time
• Choose one correct option.
• Q3: In an asymmetric cryptosystem, we use public key for
the encryption and private key for decryption:
(a) The above statement is correct
(b)The above statement is partially correct
(c) Both option a and b are correct
(d)None
Quiz time
• Choose one correct option.
• Q4: In an symmetric cryptosystem, we use single key for
both encryption and decryption. However, in asymmetric
key cryptosystem more than one keys are used.
(a) The above statement is correct
(b)The above statement is partially correct
(c) Both option a and b are false
(d)None
Quiz time
• Choose one correct option.
• Q5: Following figure depicts:
(a) A symmetric key cryptosystem
(b) A public key cryptosystem
(c) None
 Quiz time
• Choose one correct option.
• Q6: Following figure depicts:
(a) A symmetric key cryptosystem
(b) A public key cryptosystem
(c) None
 Quiz time
• Choose one correct option.
• Q7: A symmetric key cryptosystem executes faster than a
public key cryptosystem
(a) Correct statement
(b)Wrong statement
(c) None
References
 Cryptography and Network Security: Principles and Practice by William Stallings (7th edition)