TECH2400

Cyber Security

Workshop 4
Cryptography Basics and
Network Fundamentals Review
 COMMONWEALTH OF AUSTRALIA
Copyright Regulations 1969

WARNING

This material has been reproduced and communicated to you by or on behalf of

Kaplan Business School pursuant to Part VB of the Copyright Act 1968 (the Act).

The material in this communication may be subject to copyright under the Act.
Any further reproduction or communication of this material by you may be the
subject of copyright protection under the Act.

Do not remove this notice.

Subject Learning Outcomes
Explain the terminology associated with cyber
LO1: security.

Explain the vulnerabilities and threats pertaining to

LO2: the IT infrastructure of organisations.

Analyse risk mitigation strategies that address

LO3: cyber security vulnerabilities and threats.

Describe privacy, legal, ethical and security issues

LO4: and solutions related to the IT infrastructure and
use of technologies in organisations.
 Weekly Schedule
Week Topic
Week 1 Introduction and Cyber Security Foundations

Week 2 Cyber Threat Landscape

Week 3 Risk Management in Cyber Security

Week 4 Cryptography Basics and Network Fundamentals Review

Week 5 Network Security Fundamentals

Week 6 Study Success Week

Week 7 Access Control and Authentication

Week 8 Ethics and Legal Aspects of Cyber Security

Week 9 Incident Response and Management (Part 1)

Week 10 Incident Response and Management (Part 2)

Week 11 Introduction to Secure Software Development

Week 12 In-Class Assessment

 Weekly Schedule
Week Topic
Week 1 Introduction and Cyber Security Foundations

Week 2 Cyber Threat Landscape

Week 3 Risk Management in Cyber Security

Week 4 Cryptography Basics and Network Fundamentals Review

Week 5 Network Security Fundamentals

Week 6 Study Success Week

Week 7 Access Control and Authentication

Week 8 Ethics and Legal Aspects of Cyber Security

Week 9 Incident Response and Management (Part 1)

Week 10 Incident Response and Management (Part 2)

Week 11 Introduction to Secure Software Development

Week 12 In-Class Assessment

What to expect from this workshop
- Cryptography Basics:
o Learn key concepts in cryptography, such as encryption,
hashing, and digital signatures.
- Real-World Applications:
o Understand how cryptographic principles secure data and
networks.
- Hands-On Activities:
o Practical exercises using OpenSSL for encryption, decryption,
and generating file hashes.
- Network Fundamentals Review:
o A quick refresher on networking principles including IP
addresses, subnets, and routing.
 What is Cryptography?
Cryptography is the practice and study of techniques for
securing communication and data from adversaries.

In cyber security, cryptography is most commonly used to secure

online communication, including protecting data transmitted over the
internet.
Key areas that rely heavily on cryptography:
• Secure web browsing
• Email encryption
• Virtual Private Networks (VPNs)
• Online banking
• Messaging apps
• Digital signatures
• Password protection
• Blockchain technology
 Types of Cryptography
Cryptography works differently based on its purpose
and implementation. The main types include:

1) Encryption
2) Hashing
3) Digital Signatures

Each type serves a specific role in cyber security,

such as security communications, verifying data,
and authenticating users.
 1) Encryption
Encryption is the process of converting plaintext into ciphertext
using an algorithm and a key, making it unreadable without the
proper key.

How It Works:
1) A sender encrypts the data using an encryption
algorithm and a key
2) The recipient decrypts it using the corresponding
decryption key
Common Uses:
1) Securing internet communications (HTTPS, VPNs)
2) Protecting stored data (disk encryption, encrypted
messaging apps)
3) Safeguarding sensitive transactions (online banking,
digital payments)
 1) Encryption

This Photo by Unknown Author is licensed under CC BY

 1) Encryption
Two main types: Symmetric & Asymmetric
Feature Symmetric Encryption Asymmetric Encryption
Keys Used Single shared key Public and private key pair
Speed Fast Slower due to computational
complexity
Security Requires secure key More secure, no key sharing
sharing needed
Ideal for Bulk data encryption Secure communication and
(files, databases, VPNs, authentication (TLS/SSL
Wi-Fi security) certificates, digital
signatures, secure email,
cryptocurrency transactions)
 Symmetric Encryption Algorithms
Algorithm Unique Feature Common Uses

AES (Advanced A widely-used encryption algorithm that Encrypting files, securing

Encryption uses the same key for both encryption internet traffic (e.g.,
Standard) and decryption; known for its speed and HTTPS)
security
DES (Data An older encryption algorithm that uses Legacy systems (now
Encryption a 56-bit key and is now considered outdated), educational
Standard) insecure due to its short key length purposes
3DES (Triple Applies the DES algorithm three times Legacy systems, securing
DES) with different keys for stronger security financial transactions
Blowfish A fast and flexible encryption algorithm Encrypting data in
that uses a variable-length key (32 to applications, file encryption
448 bits)
RC4 A stream cipher that uses a variable- Legacy systems, SSL/TLS
length key, known for its speed but encryption (now
considered insecure today deprecated)
 Asymmetric Encryption Algorithms
Algorithm Unique Feature Common Uses

RSA (Rivest– Uses two keys: a public key for Encrypting messages,
Shamir– encryption and a private key for digital signatures, SSL/TLS
Adleman) decryption; widely used for secure certificates
communications
ECC (Elliptic Uses smaller keys compared to RSA Mobile devices, secure
Curve but provides the same level of security, communications (e.g.,
Cryptography) based on elliptic curve mathematics HTTPS)
DSA (Digital A digital signature algorithm that uses a Digital signatures in
Signature private key to sign and a public key to certificates, government
Algorithm) verify, based on mathematical theory systems
ElGamal Based on the Diffie-Hellman key Secure messaging,
exchange, using two keys for encrypting data in
encryption and decryption, and known government and banking
for its flexibility systems
Diffie-Hellman A key exchange algorithm, not directly Securing communication
used for encryption but allows two channels (e.g., VPNs, TLS)
parties to securely share a secret key
over an insecure channel
 Activity: Encryption
AES Encryption & Decryption

In this individual activity, you will encrypt a file using

AES, making it unreadable without the correct key.

You will then decrypt it to restore the original

content, demonstrating how encryption protects
sensitive data.
 Activity: Encryption
Step 1: Install OpenSSL

On Windows
- Download OpenSSL: https://slproweb.com/products/Win32OpenSSL.html
- Install the software
- Select "The OpenSSL binaries (/bin) directory" to be added to the system
PATH
- Open Command Prompt and enter the following command to verify
installation: openssl version
- If it shows you a version, the installation was successful.
 Activity: Encryption
Step 1: Install OpenSSL

On MacOS (Catalina and later)

- From a terminal, install Homebrew by running the following command:
/bin/bash -c "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- Follow the on-screen instructions
- Verify Homebrew installation by running: brew doctor
- If it says "Your system is ready to brew!", the installation was successful
- Install Open SSL with: brew install openssl
- Add OpenSSL to your system path by running:
•echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc
- Apply the changes by running: source ~/.zshrc
- Verify your installation by running: openssl version
- If it shows you a version, the installation was successful.

*on older Mac versions, replace ~/.zshrc with ~/.bash_profile

 Activity: Encryption
Step 2: Create a Sample File
- Open a text editor and type in a short message
- Name the file as message.txt and save it in an easy-to-access
location (e.g., Desktop or Documents)

Step 3: Navigate to your folder

- Open Command Prompt or Terminal
- Navigate to the folder where message.txt is saved.
(e.g. cd C:\Users\YourUsername\Desktop)
 Activity: Encryption
Step 4: Encrypt the File Using AES
- Run the encryption command:
openssl enc -aes-256-cbc -salt -in message.txt -out message.enc
-pass pass:Student123

Command breakdown:
enc -aes-256-cbc Encrypt using AES-256 in cipher block chaining
(CBC) mode.
-salt Adds randomness to prevent dictionary attacks.
-in message.txt Input file.
-out message.enc Encrypted output file.
-pass pass:Student123 Uses "Student123" as the encryption key.
 Activity: Encryption
Step 5: Verify encryption
- Check your directory to see if message.enc was created
- Open the file to see if the message has been encrypted

Step 6: Decrypt the file

- Run the decryption command
openssl enc -aes-256-cbc -d -in message.enc -out decrypted.txt -
pass pass:Student123

Step 7: Verify decryption

- Open decrypted.txt. It should match the original message.txt

Bonus:
What happens if you use the wrong password?
Try decrypting with a wrong key to see the effect.
 2) Hashing
Hashing ensures data integrity by generating a unique
fixed-length value from input data, detecting any
modifications.

How It Works:
1) Input data is processed through a hash function.
2) A unique fixed-length hash value is generated.
3) Any change in the input results in a drastically
different hash.
Common Uses:
1) Password storage (hashed passwords in
databases).
2) Data integrity verification (checksums, file
integrity monitoring).
3) Digital signatures and certificates.
 2) Hashing

This Photo by Unknown Author is licensed under CC BY

 Hashing Algorithms
Algorithm Unique Feature Common Uses

SHA-256 A secure and widely-used algorithm that Blockchain (Bitcoin),

creates a unique 256-bit output for any checking if data has been
input changed
SHA-3 The newest version of the SHA family, Digital security, verifying
designed to be more secure and data integrity
resistant to certain attacks
MD5 A fast algorithm that creates a 128-bit Legacy use for file checks,
output but is now considered insecure but not recommended for
due to vulnerabilities security

RIPEMD-160 A different hash algorithm that creates a Used in digital signatures

160-bit output, known for its focus on and cryptographic
safety and speed certificates
HMAC Combines a hash function with a secret Verifying identity in APIs
key for extra security, making it harder and checking data integrity
to tamper with data
 Activity: Hashing
SHA Hashing & Integrity Check

In this individual activity, you will generate an SHA-

256 hash of a file and observe how even a tiny
change completely alters the hash.

This will help you understand how hashing ensures

data integrity.
 Activity: Hashing
Step 1: Generate a Hash of the Original File

- Run the following command:

openssl dgst -sha256 message.txt

Your output should look something like this:

SHA256(message.txt)=
9c56a289b7a91d3fd9a93b7df83827f8c1c0d048f26f
4d6d689e20a5dfddaf8c
 Activity: Hashing
Step 2: Modify the File
- Open message.txt and change the text slightly
(e.g., add "hello" at the end of your message).
- Save the file.

Step 3: Generate the hash again

- Run the same command:
• openssl dgst -sha256 message.txt

Step 4: Compare the new hash with the previous one.

 3) Digital Signatures
Digital signatures are cryptographic mechanisms that
verify the authenticity and integrity of digital messages or
documents.

How It Works:
1) A sender signs a message using their private key,
generating a digital signature.
2) The recipient verifies the signature using the
sender’s public key.
Common Uses:
1) Authenticating emails and documents.
2) Securing software updates (code signing).
3) Ensuring transaction integrity in blockchain
technology.
 3) Digital Signatures

"Digital Signature diagram" by Acdx is licensed under CC BY-SA 3.0

 Digital Signature Algorithms
Algorithm Unique Feature Common Uses

RSA Uses two keys: a public key to verify Signing emails, verifying
and a private key to sign, ensuring identity in websites
secure communication (SSL/TLS)
DSA A widely-used algorithm for creating Verifying authenticity of
and verifying digital signatures, often digital certificates and
used with government systems government documents
ECDSA A faster and more efficient version of Blockchain transactions,
DSA that uses elliptic curve secure websites (TLS/SSL)
mathematics, offering more security
with smaller keys
EdDSA A modern algorithm designed for speed Secure communications,
and security, often used for creating cryptographic protocols
very strong digital signatures
 Activity: Digital Signatures
Digital Signatures & Verification

In this individual activity, you will create an RSA key

pair, digitally sign a file, and verify its authenticity
using the public key.

This will show how digital signatures confirm the

source and integrity of a message.
 Activity: Digital Signatures
Step 1: Generate a private key
- Run the following command:
openssl genkey –algorithm RSA –out private.pem

Command breakdown:

openssl genkey Generates a private key

–algorithm RSA Specifies RSA algorithm for the key
–out private.pem Saves the private key to private.pem
 Activity: Digital Signatures
Step 2: Extract the public key from the private key
- Run the following command:
openssl rsa -pubout -in private.pem -out public.pem

Command breakdown:

openssl rsa Works with RSA keys

-pubout Extracts the public key from the private key
-in private.pem Reads the private key from private.pem
-out public.pem Saves the extracted public key to public.pem
 Activity: Digital Signatures
Step 3: Create a signature
- Run the following command:
openssl dgst -sha256 -sign private.pem -out message.sig
message.txt

Command breakdown:
openssl dgst Tells OpenSSL to compute a hash (message digest) of
the input file.
-sha256 Specifies use of SHA-256 hashing algorithm
-sign private.pem Uses the private key for signing
-out message.sig Saves the digital signature as message.sig
message.txt Specifies the input file you are signing
 Activity: Digital Signatures
Step 4: Verify the signature using the public key
- Run the following command:
openssl dgst -sha256 -verify public.pem -signature
message.sig message.txt

Command breakdown:
openssl dgst Tells OpenSSL to compute a hash (message
digest) of the input file.
-sha256 Specifies use of SHA-256 hashing algorithm
-verify public.pem Specifies use of public.pem to verify signature
-signature message.sig Specifies the signature file to verify
message.txt Specifies the original input file to verify

If the signature is valid, it will return "Verified OK"

 Trust and Certificates
One of the key challenges in cryptography is trust.

• Trust is essential in any secure communication system.

• Without a reliable way to verify identities, cryptographic systems
can be compromised.
• How do we ensure that the public keys we use for encryption
belong to the entities they claim to represent?
 Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) Provides a Solution to Trust

PKI is a framework that manages public and private key pairs and
distributes digital certificates.

Digital Certificates: Ensures that the public keys used in encryption

actually belong to the entities they claim to represent.

Certificate Authorities (CAs): PKI uses trusted entities, known as

certificate authorities, to verify and sign digital certificates.
Transport Layer Security (TLS)
Transport Layer Security (TLS) builds to PKI to secure
communications.

TLS (successor of SSL) is one of the most widely used protocols for
securing communications over the internet (e.g., HTTPS).

It uses PKI-based certificates for authentication and to establish a

secure session.

TLS Handshake:
• The server presents its digital certificate (signed by a trusted CA)
to the client.
• The client verifies the certificate to ensure the server is who it
claims to be.
• Secure communication begins once both parties have exchanged
keys and agreed on encryption methods.
 PKI & TLS
• PKI creates a trustworthy environment by verifying public keys
using trusted CAs.

• TLS ensures secure communications by leveraging PKI to

authenticate and encrypt network traffic.

• Trust is built on the foundation of verified certificates and secure

communication protocols.
Network Security Recap

Review some concepts from TECH2100 in

preparation for Week 5:
- IP addresses & default gateways
- Subnets, routing, and packet structures
- Understanding threats in networking
- Overview of firewalls
 IP Addresses
A unique identifier assigned to each device on a network.

Two Types:
• IPv4: 32-bit address
o e.g., 192.168.1.1
• IPv6: 128-bit address
o e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334

Public vs. Private:

• Public IP: Accessible from the internet.
• Private IP: Used within a local network
o e.g., 192.168.x.x, 10.x.x.x
 IP Addresses
Static IP vs Dynamic IP
- Static IPs remain the same
- Dynamic IPs change periodically (assigned by DHCP).

NAT (Network Address Translation)

- Maps private IP addresses to a single public IP address
to enable multiple devices on a local network to share
one internet connection.
- Static NAT, Dynamic NAT, and PAT (Port Address
Translation).
 Default Gateway
A default gateway is a device (usually a router) that
forwards traffic from a local network (LAN) to external
networks, such as the internet or other remote networks.

Role in Networking:
• Devices on a local network use private IP addresses to
communicate within the same network.
• To access external networks (e.g., the internet), they send
data to a default gateway (usually a router).
• The gateway forwards traffic to destinations outside the
local network, determining the next steps to deliver the
data.
 Subnets
A subdivision of an IP network that allows efficient
management of IP addresses.

Subnet Mask: Used to divide an IP address into network

and host parts (e.g., 255.255.255.0).

CIDR Notation: A shorthand for subnet masks

(e.g., 192.168.1.0/24).

Subnetting divides a large network into smaller, manageable

sections, improving performance and simplifying network
management. It enhances security by limiting broadcast
traffic and isolating sensitive devices, reducing the attack
surface.
 Subnets
Vulnerability:
Misconfigured subnets or improper segmentation can
expose sensitive parts of a network to unauthorized users.

Potential attack:
- IP Spoofing: Malicious actors impersonating a trusted IP
address.
 Routing
The process of forwarding data packets between networks
based on IP address.

Static Routing: Routes are manually configured.

Dynamic Routing: Routes are learned and adjusted

automatically.

Routing Table: A table that stores routes used for

forwarding packets.
 Routing
Vulnerability:
Insecure or poorly configured routing protocols can allow
attackers to redirect traffic to malicious sites (e.g., Man-in-
the-Middle (MitM) attacks).

Potential attack:
- BGP Hijacking: Attackers manipulate routing tables to
redirect traffic.
 Packet Structures
Packet Header: Contains metadata such as source and
destination IP addresses, protocol type, and other control
information.

Packet Payload: The actual data being transmitted.

Types of Packets:
- ICMP: Used for network diagnostics (e.g., ping).
- TCP: Connection-based, reliable communication.
- UDP: Connectionless, faster but unreliable.
 Packet Structures
Vulnerability:
Unencrypted packets or insecure protocols can expose
sensitive information.

Potential attacks:
- Packet Sniffing: Intercepting and reading network traffic.
- Packet Injection: Injecting malicious packets into a
network to disrupt communication or exploit
vulnerabilities.
 Firewall Overview
A network security system that monitors and controls
incoming and outgoing network traffic based on
predetermined security rules.

Types of Firewalls:
- Network Firewalls: Control traffic between networks
(e.g., between internal network and internet).
- Host-based Firewalls: Installed on individual devices to
control traffic for that device.

Without a firewall, a network is exposed to unauthorized

access, cyberattacks (like malware or DDoS), and data
breaches, leaving sensitive information vulnerable.
 Next Week

Week 5: Network Security Fundamentals

- Key network tools

- Firewall configuration (pfSense)
- Testing firewall effectiveness