INSTITUTE OF BUSINESS & MANAGEMENT SCIENCES

THE UNIVERSITY OF AGRICULTURE PESHAWAR

Week-1

Introduction to information security

Concept of Confidentiality, integrity, availability, authenticity and
accountability.
What is Information Security (InfoSec)?

Information security covers the tools and processes that organizations use to
protect information. Information security protects sensitive information
from unauthorized activities, the goal is to ensure the safety and privacy of
critical data such as customer account details, financial data or intellectual
property.

Confidentiality:

Confidentiality measures are designed to prevent unauthorized disclosure of

information. The purpose of the confidentiality principle is to keep personal
information private and to ensure that it is visible and accessible only to
those individuals who own it or need it to perform their organizational
functions.

Integrity:

Consistency includes protection against unauthorized changes (additions,

deletions, alterations, etc.) to data. The principle of integrity ensures that
data is accurate and reliable and is not modified incorrectly, whether
accidentally or maliciously.

Availability:

Availability is the protection of a system’s ability to make software systems

and data fully available when a user needs it. The purpose of availability is to
make the technology infrastructure, the applications and the data available
when they are needed for an organizational process or for an organization’s
customers.

1|Page Information Security

Authenticity:

Authenticity is assurance that a message, transaction, or other exchange of

information is from the source it claims to be from. Authenticity involves
proof of identity. We can verify authenticity through authentication. The
process of authentication usually involves more than one “proof” of identity
(although one may be sufficient). The proof might be something a
user knows, like a password. Or, a user might prove their identity with
something they have, like a keycard. Modern (biometric) systems can also
provide proof based on something a user is. Biometric authentication
methods include things like fingerprint scans, hand geometry scans, or
retinal scans.

Accountability:
According to CIDS, accountability means that people will be held responsible
for their actions and for how they perform their duties. Accountability
involves having control and verification systems in place, and, if necessary,
the ability to arrest, prosecute and convict offenders for illegal, or corrupt
behavior. All personnel must be held accountable under the law regardless
of rank, status or office.

 Threats and attack

 Threats:
Any circumstance or event with the potential to adversely impact
organizational operations (including mission, functions, image, or
reputation), organizational assets, individuals, other organizations, or the
Nation through an information system via unauthorized access, destruction,
disclosure, modification of information, and/or denial of service.

Attack:
An attack is an information security threat that involves an attempt to
obtain, alter, destroy, remove, implant or reveal information without
authorized access or permission

2|Page Information Security

  Malware
o Virus, Worms, Anti-malware
 Hacking, Intruder

Malware:
Malware, or malicious software, is any program or file that is intentionally
harmful to a computer, network or server.
Virus:
A computer virus is a type of malicious software, or malware, that spreads
between computers and causes damage to data and software. 
Worms:
A computer worm is a type of malware that spreads copies of itself from
computer to computer. A worm can replicate itself without any human
interaction, and it does not need to attach itself to a software program in
order to cause damage.
Anti-malware:
An anti-malware is a software that protects the computer from malware
such as spyware, adware, and worms. It scans the system for all types of
malicious software that manage to reach the computer. An anti-malware
program is one of the best tools to keep the computer and personal
information protected.
Hacking:
Hacking is an attempt to exploit a computer system or a private
network inside a computer. Simply put, it is the unauthorized access to
or control over computer network security systems for some illicit
purpose.

Intruders:
Intruders are the attackers who attempt to breach the security of a network.
They attack the network in order to get unauthorized access.

Week-2

 Security Basic

3|Page Information Security

  Security approach
 Security Attack Active Attack Vs Passive Attack
 Types of Security Threat
1 Interception 2 Interruption 3 Modification 4 Fabrication

Active Attack:

An active attack involves intercepting a communication or message and

altering it for malicious effect. There are three common variants of an active
attacks:

Interception

An interception means that some unauthorized party has gained access to

an asset. The outside party can be a person, a program, or a computing
system

Interruption

the attacker interrupts the original communication and creates new,

malicious messages, pretending to be one of the communicating parties.

Modification

the attacker uses existing communications, and either replays them to fool
one of the communicating parties, or modifies them to gain an advantage.

Fabrication

creates fake, or synthetic, communications, typically with the aim of

achieving denial of service (DoS). This prevents users from accessing systems
or performing normal operations.

Passive Attack:

In a passive attack, an attacker monitors a system and illicitly copies

information without altering it. They then use this information to disrupt
networks or compromise target systems. The attackers do not make any

4|Page Information Security

change to the communication or the target systems. This makes it more
difficult to detect. However, encryption can help prevent passive attacks
because it obfuscates the data, making it more difficult for attackers to make
use of it.

Week-3

 Cryptanalysis
 Brute force Attack
 Cryptanalytic Attack
 Chosen Plain Text
 Chosen Cipher Text
 Chosen Text
 Cipher Text only
 Known plain text
Cryptanalysis:
Cryptanalysis is the study of methods for obtaining the meaning of
encrypted information, without access to the secret information that is
typically required to do so. Typically, this involves knowing how the system
works and finding a secret key. Cryptanalysis is also referred to as
codebreaking or cracking the code. 

Brute force Attack:

A brute force attack uses trial-and-error to guess login info, encryption keys,
or find a hidden web page. Hackers work through all possible combinations
hoping to guess correctly. These attacks are done by ‘brute force’ meaning
they use excessive forceful attempts to try and ‘force’ their way into your
private account(s).

Cryptanalytic attacks:
To determine the weak points of a cryptographic system, it is important to
attack the system. This attacks are called Cryptanalytic attacks. The attacks
rely on nature of the algorithm and also knowledge of the general
characteristics of the plaintext

Chosen-Plaintext Analysis (CPA) :

In this type of attack, the attacker chooses random plaintexts and
obtains the corresponding cipher texts and tries to find the encryption
5|Page Information Security
 key. It’s very simple to implement like KPA but the success rate is quite
low.

Cipher text-Only Analysis (COA) :

In this type of attack, only some cipher-text is known and the attacker
tries to find the corresponding encryption key and plaintext. Its the
hardest to implement but is the most probable attack as only cipher text
is required.

Known-Plaintext Analysis (KPA):

The attacker is aware of plaintext-cipher text pairings in this case. An

attacker just needs to map those pairings to find the encryption key. This
assault is quite simple since the attacker already has a wealth of
information at his disposal.

Week-4
 Types of Cryptography
 Symmetric Encryption
o Substitution
 Ceaser cipher, Mono alphabetic, Play fair, Hill cipher
 Poly alphabetic
 Vegner cipher
 Vernam
o Transposition
o Steganography
 Public Key Cryptography
 Hash Algorithm

Week-5
 Famous Algorithm of Private Key Cryptography (DES & IDEA)
 DES (Data Encryption Standard)
 Initial & Final Permutation
 DES Round
 Per-Round Key generation
 Mangler function

Week-6
 Using Secret/Private Key Cryptography to Encrypt Large Messages
6|Page Information Security
  Electronic Code Book
 Cipher Block Chaining

Week-7
 Modular Mathematics
 Method to Encrypt messages
 Congruence
 Totient function

Week-8
 RSA Public Key System
 Deffie-Hellman Algorithm

Week-9
 Authentication
 Password Based
 Address Based
 Cryptographic Based

Week-10
 Hash Algorithm/Message Digest
 MD2
 MD4
Week-11
 Digital Signature
 Trusted Intermediaries
 Key Distribution Protocol

Week-12
 Digital Certificate
 Certification Authority
 Certificate Revocation List(CRL)

Week-13
 Kerberos
 Notation
 Simple Authentication
 Establish Secure Channels

Week-14
 Assumption of Kerberos and ticket
 Attacks against IP

7|Page Information Security

Week-15-16
 Firewalls
 Packet Filter
 Application level Gateway
 Hybrid

Total Marks: 100

Recommended Text Book:

Cryptography and Network Security: Principles and Practice
By: William Stallin

8|Page Information Security