UNIT I

Attacks on Computers and Computer Security: Introduction, The need of Security, Security
approaches, Principles of Security, Types of Security Attacks, Security Services, Security
Mechanisms, A model for Network Security.
Cryptography: Concepts and Techniques: Introduction, Plain text and Cipher Text,
Substitution Techniques, Transposition Techniques, Encryption and Decryption, Symmetric
and Asymmetric Cryptography, Steganography, Key Range and Key Size, Possible types of
Attacks.

Introduction:
This is the age of universal electronic connectivity, where the activities like hacking,
viruses, electronic fraud are very common. Unless security measures are taken, a network
conversation or a distributed application can be compromised easily.

Some simple examples are:

i. Online purchases using a credit/debit card.
ii. A customer unknowingly being directed to a false website.

iii. A hacker sending a message to person pretending to be someone else.

Network Security has been affected by two major developments over the last several
decades. First one is introduction of computers into organizations and the second one being
introduction of distributed systems and the use of networks and communication facilities for
carrying data between users & computers. These two
security deals with collection of tools
designed to protect data and to thwart hackers. Network security measures are needed to
protect data during transmission. But keep in mind that, it is the information and our ability
to access that information that we are really trying to protect and not the computers and
networks.

Why We Need Information Security?

Because there are threats:
Threats
A threat is an object, person, or other entity that represents a constant danger to an asset
The 2007 CSI survey
494 computer security practitioners
46% suffered security incidents
29% reported to law enforcement
Average annual loss $350,424

2
 The source of the greatest financial losses?
Most prevalent security problem
Insider abuse of network access
Email

Threat Categories
Acts of human error or failure
Compromises to intellectual property
Deliberate acts of espionage or trespass
Deliberate acts of information extortion
Deliberate acts of sabotage or vandalism
Deliberate acts of theft
Deliberate software attack
Forces of nature
Deviations in quality of service
Technical hardware failures or errors
Technical software failures or errors
Technological obsolesce

Definitions
Computer Security - generic name for the collection of tools designed to protect
data and to thwart hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a
collection of interconnected networks
our focus is on Internet Security

3
 which consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission & storage of information

Aspects Of Security
consider 3 aspects of information security:

Security Attack
Security Mechanism
Security Service

Security Attack
any action that compromises the security of information owned by an
organization
information security is about how to prevent attacks, or failing that, to
detect attacks on information-based systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks

Passive
Active

4
Passive Attack

Active Attack

Interruption
An asset of the system is destroyed or becomes unavailable or unusable. It is an
attack on availability.
Examples:

Destruction of some hardware

Jamming wireless signals
Disabling file management systems
Interception
An unauthorized party gains access to an asset. Attack on confidentiality.
Examples:
Wire tapping to capture data in a network.
Illicitly copying data or programs
Eavesdropping
Modification

5
 When an unauthorized party gains access and tampers an asset. Attack is on
Integrity.
Examples:
Changing data file
Altering a program and the contents of a message

Fabrication
An unauthorized party inserts a counterfeit object into the system. Attack on
Authenticity. Also called impersonation

Examples:
Hackers gaining access to a personal email and sending message
Insertion of records in data files
Insertion of spurious messages in a network

Security Services
It is a processing or communication service that is provided by a system to give a
specific kind of production to system resources. Security services implement security policies
and are implemented by security mechanisms.
Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. It is used to

prevent the disclosure of information to unauthorized individuals or systems. It has been

6
The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit
card number has to be secured during online transaction.

Authentication

This service assures that a communication is authentic. For a single message

transmission, its function is to assure the recipient that the message is from intended source.
For an ongoing interaction two aspects are involved. First, during connection initiation the
service assures the authenticity of both parties. Second, the connection between the two hosts
is not interfered allowing a third party to masquerade as one of the two parties. Two specific
authentication services defines in X.800 are

Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of Mediaconnectionestblishment and during data
transmission. Provides confidence against a masquera or replay attack
Data origin authentication: Assumes the authenticity of source of data unit, but does not
provide protection against duplication or modification of data units. Supports applications
like electronic mail, where no prior interactions take place between communicating entities.
Integrity

Integrity means that data cannot be modified without authorization. Like

confidentiality, it can be applied to a stream of messages, a single message or selected fields
within a message. Two types of integrity services are available. They are:

Connection-Oriented Integrity Service: This service deals with a stream of

messages, assures that messages are received as sent, with no duplication, insertion,
modification, reordering or replays. Destruction of data is also covered here. Hence, it attends
to both message stream modification and denial of service.
Connectionless-Oriented Integrity Service: It deals with individual messages
regardless of larger context, providing protection against message modification only.

An integrity service can be applied with or without recovery. Because it is related to

active attacks, major concern will be detection rather than prevention. If a violation is

7
detected and the service reports it, either human intervention or automated recovery machines
are required to recover.
Non-repudiation

Non-repudiation prevents either sender or receiver from denying a transmitted

message. This capability is crucial to e-commerce. Without it an individual or entity can deny
that he, she or it is responsible for a transaction, therefore not financially liable.
Access Control
This refers to the ability to control the level of access that individuals or entities have
to a network or system and how much information they can receive. It is the ability to limit
and control the access to host systems and applications via communication links. For this,
each entity trying to gain access must first be identified or authenticated, so that access rights
can be tailored to the individuals.
Availability

It is defined to be the property of a systemMediaorasystemresource being accessible

and usable upon demand by an authorized system entity. The v ilability can significantly be
affected by a variety of attacks, some amenable to automated counter measures i.e
authentication and encryption and others need some sort of physical action to prevent or
recover from loss of availability of elements of distributed system.

Security Mechanisms
According to X.800, the sec rity mechanisms are divided into those implemented in a
specific protocol layer and those that are not specific to any particular protocol layer or
security service. X.800 also differentiates reversible & irreversible encipherment
mechanisms. A reversible encipherment mechanism is simply an encryption algorithm that
allows data to be encrypted and subsequently decrypted, whereas irreversible encipherment
include hash algorithms and message authentication codes used in digital signature and
message authentication applications
Specific Security Mechanisms
Incorporated into the appropriate protocol layer in order to provide some of the OSI
security services,
Encipherment: It refers to the process of applying mathematical algorithms for converting
data into a form that is not intelligible. This depends on algorithm used and encryption keys.

Digital Signature: The appended data or a cryptographic transformation applied to any data
unit allowing to prove the source and integrity of the data unit and protect against forgery.

8
Access Control: A variety of techniques used for enforcing access permissions to the system
resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream
of data units.
Authentication Exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing Control: Enables selection of particular physically secure routes for certain data
and allows routing changes once a breach of security is suspected.
Notarization: The use of a trusted third party to assure cert in properties of a data exchange
Pervasive Security Mechanisms
These are not specific to any particular OSI security service or protocol layer.
Trusted Functionality: That which is perceived to b correct with respect to some criteria
Security Level: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection: It is the process of detecting all the events related to network security.
Security Audit Trail: Data collected and potentially used to facilitate a security audit, which
is an independent review and examination of system records and activities. Security
Recovery: It deals with requests from mechanisms, such as event handling and management
functions, and takes recovery actions.

9
Model For Network Security

Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place. A logical information channel is established by
defining a route through the internet from source to destination by use of communication
protocols by the two parties. Whenever an opponent presents a threat to confidentiality,
authenticity of information, security aspects come into play. Two components are present in
almost all the security providing techniques.
A security-related transformation on the information to be sent making it unreadable

10
by the opponent, and the addition of a code based on the contents of the message, used to
verify the identity of sender.
Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception
A trusted third party may be needed to achieve secure transmission. It is responsible
for distributing the secret information to the two parties, while keeping it away from any
opponent. It also may be needed to settle disputes between the two parties regarding
authenticity of a message transmission. The general model shows that there are four basic
tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm
should be such that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service various other
threats to information system like unwanted access still exist.
5. The applications
remains
various aexistence
concern.ofAnother
hackers
and utility attempting
threat
programs. to penetrate
is placement
This in erted
of ome syst
code msin accessible
logic
presents
computer
two kindsover
system a affecting
network
of threats.
Information access threats intercept or modify data on behalf of users who should not have
access to that data Service threats exploit service flaws in computers to inhibit use by
legitimate users Viruses and worms are two examples of software attacks inserted into the
system by means of a disk or also across the network. The security mechanisms needed to
cope with unwanted access fall into two broad categories.
Some basic terminologies used
1. CIPHER TEXT - the coded message
2. CIPHER - algorithm for transforming plaintext to cipher text
3. KEY - info used in cipher known only to sender/receiver
4. ENCIPHER (ENCRYPT) - converting plaintext to cipher text
5. ECIPHER (DECRYPT) - recovering cipher text from plaintext
6. CRYPTOGRAPHY - study of encryption principles/methods
7. CRYPTANALYSIS (CODEBREAKING) - the study of principles/ methods of
deciphering cipher text without knowing key
8. CRYPTOLOGY - the field of both cryptography and cryptanalysis

Cryptography
Cryptographic systems are generally classified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text:
All the encryption algorithms are a based on two general principles: substitution, in
which each element in the plaintext is mapped into another element, and transposition, in
which elements in the plaintext are rearranged.

11
The number of keys used:

If the sender and receiver uses same key then it is s to be symmetric key (or) single
key (or) conventional encryption. If the sender and receiver use different keys then it is said
to be public key encryption.
The way in which the plain text is processed:
A block cipher processes the input and block of elements at a time, producing output
block for each input block. A Stream cipher processes the input elements continuously,
producing output element one at a time, as it goes along.

Cryptanalysis
The process of attempting to discover X or K or both is known as cryptanalysis. The
strategy used by the cryptanalysis depends on the nature of the encryption scheme and the
information available to the cryptanalyst. There are various types of cryptanalytic attacks
based on the amount of information known to the cryptanalyst.
Cipher text only A copy of cipher text alone is known to the cryptanalyst.

Known plaintext The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.

Chosen plaintext The cryptanalysts gains temporary access to the encryption machine.
They cannot open it to find the key, however; they can encrypt a large number of suitably
chosen plaintexts and try to use the resulting cipher texts to deduce the key.
Chosen cipher text The cryptanalyst obtains temporary access to the decryption machine,
uses it to decrypt several string of symbols, and tries to use the results to deduce the key.

Classical Encryption Techniques

There are two basic building blocks of all encryption techniques: substitution and
transposition.

Substitution Techniques
In which each element in the plaintext is mapped into another element.
1. Caesar Cipher
2. Monoalphabetic cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Cipher
6. One Time Pad

Caesar Cipher

It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by another

letter to form the cipher text. It is a simplest form of substitution cipher scheme.

12
This cryptosystem is generally referred to as the Shift Cipher. The concept is to replace each

the alphabet. This number which is between 0 and 25 becomes the key of encryption.

Process of Shift Cipher

In order to encrypt a plaintext letter, the sender positions the sliding ruler underneath
the first set of plaintext letters and slides it to LEFT by the number of positions of the
secret shift.
The plaintext letter is then encrypted to the cipher text letter on the sliding ruler
underneath. The result of this process is depicted in the following illustration for an

cipher text cipher text

On receiving the cipher text, the receiver who also knows the secret shift, positions his
sliding ruler underneath the cipher text alphabet and slides it to RIGHT by the agreed
shift number, 3 in this case.
He then replaces the cipher text letter by the plaintext letter on the sliding ruler
underneath. Hence the cipher text
decrypt a message encoded with a Shift of 3, generate the plaintext alphabet using a
-

Security Value

Caesar Cipher is not a secure cryptosystem because there are only 26 possible keys to try
out. An attacker can carry out an exhaustive key search with available limited computing
resources.

Simple Substitution Cipher

It is an improvement to the Caesar Cipher. Instead of shifting the alphabets by some number,
this scheme uses some permutation of the letters in alphabet.

alphabet. Permutation is nothing but a jumbled up set of alphabets.

With 26 letters in alphabet, the possible permutations are 26! (Factorial of 26) which is equal
to 4x1026. The sender and the receiver may choose any one of these possible permutation as a
cipher text alphabet. This permutation is the secret key of the scheme.

13
Process of Simple Substitution Cipher

Write the alphabets A, B, C,...,Z in the natural order.

The sender and the receiver decide on a randomly selected permutation of the letters
of the alphabet.
Underneath the natural order alphabets, write out the chosen permutation of the letters
of the alphabet. For encryption, sender replaces each plaintext letters by substituting
the permutation letter that is directly beneath it in the table. This process is shown in
the following illustration. In this example, the chosen permutation is K, D, G, O. The

Here is a jumbled Cipher text alphabet, where the order of the cipher text letters is a key.

On receiving the ciphertext, the receiver, who also knows the randomly chosen
permutation, replaces each ciphertext letter on the bottom row with the corresponding

Security Value

Simple Substitution Cipher is a considerable improvement over the Caesar Cipher. The
possible number of keys is large (26!) and even the modern computing systems are not yet
powerful enough to comfortably launch a brute force attack to break the system. However,
the Simple Substitution Cipher has a simple design and it is prone to design flaws, say
choosing obvious permutation, this cryptosystem can be easily broken.

Monoalphabetic and Polyalphabetic Cipher

Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet
for each plain alphabet is fixed throughout

All of the substitution ciphers we have discussed earlier in this chapter are monoalphabetic;
these ciphers are highly susceptible to cryptanalysis.

Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain
alphabet may be different at different places during the encryption process. The next two
examples, playfair and Vigenere Cipher are polyalphabetic ciphers.

Playfair Cipher

In this scheme, pairs of letters are encrypted, instead of single letters as in the case of simple
substitution cipher.

In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that
acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one
letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets
instead of 26. If the plaintext contains J, then it is replaced by I.

14
characters (going left to right) in the table is the phrase, excluding the duplicate letters. The
rest of the table will be filled with the remaining letters of the alphabet, in natural order. The

Process of Playfair Cipher

First, a plaintext message is split into pairs of two letters (digraphs). If there is an
odd number of letters, a Z is added to the last letter. Let us say we want to encrypt

HI DE MO NE YZ

o If both the letters are in the same column, take the letter below each one
(going back to the top if at the bottom)

T U ORI
AL S BC
DE F GH
KMNP Q
VWXYZ

If both letters are in the same row, take the letter to the right of each one (going back
to the left if at the farthest right)

T U ORI
AL S BC
DE F GH
KMNP Q
VWXYZ

If neither of the preceding two rules are true, form a rectangle with the two letters and
take the letters on the horizontal opposite corner of the rectangle.

15
QC EF NU MF ZV

Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has
the same key and can create the same key table, and then decrypt any messages made using
that key.

Security Value

It is also a substitution cipher and is difficult to break compared to the simple substitution
cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as
well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26
different possible alphabets.

The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is
quick to use and requires no special equipment.

Vigenere Cipher

This scheme of cipher uses a text string (say, a word) as a key, which is then used for doing a
number of shifts on the plaintext.

respective numeric value: In this case,

Thus, the key is: 16 15 9 14 20.

Process of Vigenere Cipher

The sender and the receiver decide on a key. Sa

16
 He now shifts each plaintext alphabet by the number written below it to create

Here, each plaintext character has been shifted by a different amount and that
amount is determined by the key. The key must be less than or equal to the size of
the message.
For decryption, the receiver uses the same key and shifts received ciphertext in
reverse order to obtain the plaintext.

Security Value

Vigenere Cipher was designed by tweaking the standard Caesar cipher to reduce the
effectiveness of cryptanalysis on the ciphertext and make a cryptosystem more robust. It is
significantly more secure than a regular Caesar Cipher.

In the history, it was regularly used for protecting sensitive political and military information.
It was referred to as the unbreakable cipher due to the difficulty it posed to the
cryptanalysis.

Variants of Vigenere Cipher

The keyword length is same as plaintext message. This case is called Vernam
Cipher. It is more secure than typical Vigenere cipher.
Vigenere cipher becomes a cryptosystem with perfect secrecy, which is called
One-time pad.

One-Time Pad

The length of the keyword is same as the length of the plaintext.

The keyword is a randomly generated string of alphabets.
The keyword is used only once.

17
Security Value

Let us compare Shift cipher with one-time pad.

In case of Shift cipher, the entire message could have had a shift between 1 and 25. This is a
very small size, and very easy to brute force. However, with each character now having its
own individual shift between 1 and 26, the possible keys grow exponentially for the message.

One-

-time pad. It is a 5 letter text. To break the

cipher text by brute force, you need to try all possibilities of keys and conduct computation
for (26 x 26 x 26 x 26 x 26) = 265
Thus, for a longer message, the computation grows exponentially with every additional
alphabet. This makes it computationally impossible to break the cipher text by brute force.

Transposition Techniques

All the techniques examined so far involve the substitution of a cipher text symbol for a
plaintext symbol. A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher.

Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.

Plaintext = meet at the school house

To encipher this message with a rail fence of depth 2,

We write the message as follows: m e a t e c o l o s e t t h s h o h u e

The encrypted message is MEATECOLOSETTHSHOHUE

Row Transposition Ciphers-A more complex scheme is to write the message in a rectangle,
row by row, and read the message off, column by column, but permute the order of the
columns. The order of columns then becomes the key of the algorithm.

e.g., plaintext = meet at the school house

Key = 4 3 1 2 5 6 7

PT = m e e t a t t h e s c h o o l h o u s e

18
CT = ESOTCUEEHMHLAHSTOETO

A pure transposition cipher is easily recognized because it has the same letter frequencies as
the original plaintext. The transposition cipher can be made significantly more secure by
performing more than one stage of transposition. The result is more complex permutation that
is not easily reconstructed.

Steganography
A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of cryptography
render the message unintelligible to outsiders by various transformations of the text. A simple
form of steganography, but one that is time consuming to construct is one in which an
arrangement of words or letters within an apparently innocuous text spells out the real
message. e.g., (i) the sequence of first letters of each word of the overall message spells out
the real (hidden) message. (ii) Subset of the words of the overall message is used to convey
the hidden message. Various other techniques have been used historically, some of them are:

Character marking selected letters of printed or typewritten text are

overwritten in pencil. The marks are ordinarily not visible unless the paper is held
to an angle to bright light.
Invisible ink a number of substances can be used for writing but leave no
visible trace until heat or some chemical is applied to the paper.
Pin punctures small pin punctures on selected letters are ordinarily not visible
unless the paper is held in front of the light.
Typewritten correction ribbon used between the lines typed with a black
ribbon, the results of typing with the correction tape are visible only under a
strong light.

Drawbacks of Steganography
Requires a lot of overhead to hide a relatively few bits of information.
Once the system is discovered, it becomes virtually worthless.

19