Network Security

An Overview of Cryptographic Techniques and Cyber Threats

Introduction to Cryptography
• Definition: Cryptography is the practice of securing communication
using mathematical algorithms.
• Origin: Derived from Greek words "kryptos" (hidden) and "grapho"
(writing).
• Purpose: Protects information from unauthorized access and
tampering.

Dr. Sohid, CSE 1

 Cryptographic Components

• Plaintext: The original message.

• Encryption Algorithm: Transforms plaintext into ciphertext.
• Secret Key: Used in encryption/decryption.
• Ciphertext: The encrypted message.
• Decryption Algorithm: Converts ciphertext back to plaintext.

Dr. Sohid, CSE 2

 Goals of Cryptography

• Confidentiality: Ensures data is accessible only to authorized parties.

• Integrity: Prevents unauthorized modification of data.
• Availability: Ensures timely access to data.
• Authenticity: Verifies sender identity.
• Accountability: Prevents denial of sending a message.

Dr. Sohid, CSE 3

 Types of Cryptography
• Symmetric-Key Cryptography: Uses one key for both encryption and
decryption.
• Asymmetric-Key Cryptography: Uses public and private keys for
encryption and decryption.
• Hash Functions: Provides integrity by generating unique hashes for
data.

Dr. Sohid, CSE 4

 Types and difference of Cryptography:

• Cryptography can be broadly classified into several

types based on the methods used to secure data.
• The two primary types are symmetric-key cryptography
and asymmetric-key cryptography
• Specialized techniques like hashing and digital
signatures.

Dr. Sohid, CSE 5

 Symmetric-Key Cryptography (Secret Key
Cryptography)
In symmetric-key cryptography, the same key is used for both encryption and decryption. This means that both
the sender and the recipient must share the secret key before communication can take place. Symmetric-key
cryptography is fast and efficient, making it ideal for encrypting large amounts of data.
• Examples of Symmetric Algorithms:
• AES (Advanced Encryption Standard)
• DES (Data Encryption Standard)
• RC4
• 3DES (Triple DES)
Advantages:
• Faster and more efficient, especially for encrypting large amounts of data.
• Suitable for bulk data encryption.
Disadvantages:
• Key distribution is a challenge, as the key must be securely shared between the parties involved.
• If the key is intercepted, the communication is compromised.

Dr. Sohid, CSE 6

 Asymmetric-Key Cryptography (Public Key
Cryptography)
• In asymmetric cryptography, there are two keys: a public key and a
private key. The public key is used to encrypt the message, and the
private key is used to decrypt it. The public key can be freely shared
with anyone, while the private key must remain secret. This method
allows secure communication between parties who have never
shared a key in advance.
• Examples of Asymmetric Algorithms:
• RSA (Rivest-Shamir-Adleman)
• ECC (Elliptic Curve Cryptography)
• DSA (Digital Signature Algorithm)

Dr. Sohid, CSE 7

 Contd..
• Advantages:
• Solves the problem of key distribution because only the public key is
shared.
• Provides mechanisms for digital signatures, allowing for
authentication and non-repudiation.
• Disadvantages:
• Slower than symmetric-key encryption, which makes it less efficient
for encrypting large volumes of data.
• Requires more computational resources.

Dr. Sohid, CSE 8

 RSA algorithm:
• Step 1: Select two large prime numbers (p, q).
• Step 2: Compute n = p × q.
• Step 3: Calculate φ(n) = (p - 1) × (q - 1).
• Step 4: Choose an encryption key e such that 1 < e < φ(n) and gcd(e,
φ(n)) = 1.
• Step 5: Compute the decryption key d such that (d × e) mod φ(n) = 1.
• Step 6: Public Key = (e, n), Private Key = (d, n).
• Encryption: Ciphertext C = M^e mod n.
• Decryption: Plaintext M = C^d mod n.

Dr. Sohid, CSE 9

Hello using RSA
• Encrypted Message:
b'"7\x05\xdf\x7f}"\x9e\xa1\x96\xf7\xfd:\xbbW\xed\x00\x85\xd4O\x
b0\xad\x89\x1b\x11\xa5A\xb1&=\xb2\x89\x064\xb7\xfc\xa9\x1d\xd
2\xf8~\xd5j5\x8d\xda\x95o\xb1\x9b\xe4\x92\xa0\xdb\xea0\x93\xa0
~e\xa5\xfdEX\x86\xc4\x07B\xd5e[j\xfb\xb2&d\xd9\xf2\x11\xe3\x07
p\x97$\xe0s\xd8\x98\xc6.\xa4\xe6\x05\xe8d(XTL7\x8dbSp\xd4\x88$
\xab\xbb\x8a\xc4\xbc\xdc\xd5g\x83\xdc\xf6Q\x1b\xda\x94]G\xf4\xd
7F\xd5'
• Decrypted Message: Hello

Dr. Sohid, CSE 10

 Types of Attacks
• Active Attacks: Involves modification of data.
• Passive Attacks: Involves eavesdropping or
monitoring.

Dr. Sohid, CSE 11

 Active Attacks
1.Modification of Data: In this case, an attacker intercepts data and
alters it in transit, which could be an example of a man-in-the-middle
attack (MITM).
2.Denial of Service (DoS): These attacks flood the target system with
excessive requests, rendering the service unavailable to legitimate
users.
3.Replay Attack: An attacker intercepts and then retransmits a valid
data transmission, usually to gain unauthorized access or confuse the
system.
4.Masquerading/Impersonation: The attacker pretends to be someone
else by using a forged identity (e.g., falsifying the source address).

Dr. Sohid, CSE 12

 Passive attack
• A passive attack involves eavesdropping or monitoring
communication or data flows without altering the data or the system.
• Interception: This is the most common form of passive attack, where
an attacker secretly listens in on communications or traffic to gain
access to sensitive information (like passwords or private messages).
• Traffic Analysis: Even without knowing the exact contents of the
messages, an attacker can analyze traffic patterns to infer important
details like communication frequency, timing, and sender/receiver
identity.
In passive attacks, the attacker does not affect the data itself but may still gather
enough information to later execute active attacks or gain unauthorized access.

Dr. Sohid, CSE 13