CNS

Module 1
INTRODUCTION
Computer security concepts - OSI security architecture - security attacks service mechanism -
model for network security – classical encryption techniques.

Computer security refers to protecting and securing computers and their related data, networks, software,
hardware from unauthorised access, misuse, theft, information loss, and other security issues.

Three key objectives of computer security:

1.Confidentiality: Confidentiality means protecting information so that only authorised people can access it. If
someone who is not allowed sees the information, that's a loss of confidentiality.
A loss of confidentiality is the unauthorised disclosure of information.

• Data confidentiality: Ensures that sensitive or private data is not seen by unauthorised people.
• Privacy: Gives individuals control over their personal data—like who can collect, store, and share it.

2.Integrity: Integrity means making sure that information is accurate and hasn’t been changed in an
unauthorised way. If someone alters or deletes information without permission, that’s a loss of integrity.

• Data integrity: Ensures that information and programs are only changed in allowed and authorised manner.
• System integrity: Ensures the system functions correctly, without being damaged or tampered with.

3.Availability: Availability means that authorised users should be able to access information and systems when
they need to. A loss of availability means users can’t access what they need, possibly due to attacks or technical
failures. Assures that systems work promptly and service is not denied to authorised users.

Types of computer security

1. Cyber Security: Cyber security means securing our computers, electronic devices, networks , programs,
systems from cyber attacks. Cyber attacks are those attacks that happen when our system is connected to the
Internet.

2. Information Security: Information security means protecting our system’s information from theft, illegal
use and piracy from unauthorized use. Information security has mainly three objectives: confidentiality,
integrity, and availability of information.

3. Application Security: Application security means securing our applications and data so that they don’t get
hacked and also the databases of the applications remain safe and private to the owner itself so that user’s data
remains confidential.

4. Network Security: Network security means securing a network and protecting the user’s information who
is connected through that network. Over the network, hackers steal the packets of data through sniffing and
spoofing attacks, man in the middle attack, war driving, etc, and misuse the data for their benefits.

Types of cyber attack

1

 1. Denial of service attack or DOS: A denial of service attack is a kind of cyber attack in which the attackers
disrupt the services of the particular network by sending infinite requests and temporary or permanently making
the network or machine resources unavailable to the intended audience.

2. Backdoor: In a backdoor attack, malware or virus gets installed in our system and start affecting it’s security
along with the main file. Consider an example: suppose you are installing free software from a certain website
on the Internet. Now, unknowingly, along with this software, a malicious file also gets installed, and as soon as
you execute the installed software, it starts affecting your computer security. This is known as a backdoor.

3.Eavesdropping: Eavesdropping refers to secretly listening to someone’s talk without their permission or
knowledge. Attackers try to steal, manipulate, modify, hack information or systems by passively listening to
network communication, knowing passwords etc. A physical example would be, suppose if you are talking to
another person of your organization and if a third person listens to your private talks then he/ she is said to
eavesdrop on your conversation. Similarly, your conversation on
the internet maybe eavesdropped by attackers listening to your private conversation by connecting to your
network if it is insecure.

4. Phishing: Phishing is pronounced as “fishing” and is similar to it. While fishing, we catch fish by luring
them with bait. Similarly, in phishing, a user is tricked by the attacker who gains the trust of the user or acts as
if he is a genuine person and then steals the information by ditching. Not only attackers but certain websites
that seem to be genuine, actually are fraud sites. These sites trick the users and they end up giving their personal
information such as login details or bank details or card number etc. Phishing is of many types: Voice phishing,
text phishing etc.

5. Spoofing: Spoofing is the act of masquerading (pretending to be someone else) as a valid entity through
falsification of data(such as an IP address or username), in order to steal information or resources and cause
harm. Spoofing is of several types- email spoofing, IP address spoofing, MAC spoofing , biometric spoofing
etc.

6. Malware: Malware is made up of two terms: Malicious + Software = Malware. Malware enters into the
system and is designed to damage our computers. Different types of malware are adware, spyware,
ransomware, Trojan horse, etc.

7. Social engineering: Social engineering attack involves manipulating users psychologically and
extracting confidential or sensitive data from them by gaining their trust. The attacker generally exploits the
trust of people or users by relying on their cognitive basis.

8. Polymorphic Attacks: Poly means “many” and morph means “form”, polymorphic attacks are those in
which attacker adopts multiple forms and changes them so that they are not recognized easily. These kinds of
attacks are difficult to detect due to their changing forms.

OSI security architecture: OSI (Open Systems Interconnection)

security refers to a set of protocols,
standards, and techniques used to ensure the security of data and
communications in a network environment based on the OSI model.
Conceptual framework for understanding how different networking
protocols interact within a layered architecture.

Security Attacks
2

 1. Passive Attack: In passive attacks, a third-party intruder monitors or intercepts data without altering it. The
sender and receiver remain unaware of the breach. Passive attacks are typically focused on gathering
information or intelligence, rather than causing damage or disruption. The message/ data transmitted remains in
its usual form without any deviation from its usual behavior. This makes passive attacks very risky as there is
no information provided about the attack happening in the communication process.

• Eavesdropping: The attacker secretly listens to communications between parties without consent. This can
involve techniques like packet sniffing or man-in-the-middle attacks.

• Traffic analysis: The attacker observes network traffic patterns and metadata to gather information about the
system, network or device, without accessing actual content. Techniques include protocol or flow analysis.

2. Active Attacks: Active attacks involve tampering with or disrupting the system. The data is altered, and
neither the sender nor the receiver may know about it. Active attacks are typically focused on causing damage
or disruption, rather than gathering information or intelligence. The message/ data transmitted doesn’t remain in
its usual form and shows deviation from its usual behavior. This makes active attacks dangerous as there is no
information provided of the attack happening in the
communication process.

• Masquerade: An attacker pretends to be an authorized user to gain access, often by using stolen or
forged credentials.

• Replay: The attacker intercepts a message and fraudulently retransmits it later to deceive the receiver.

• Modification of Message: The attacker alters a message to make it misleading or corrupted before it
reaches the recipient.

• Denial of Service (DoS): Overwhelms a system with excessive traffic, making it unavailable to
legitimate users.

Security Mechanism

Security mechanisms are tools or methods used to detect or prevent breaches and protect systems from threats:

• Encipherment (Encryption): Converts data into a secure format using algorithms. Only users with the
correct decryption key can access the original data.

• Digital Signature: Uses cryptographic methods to verify the authenticity and integrity of digital
documents or messages.

• Traffic Padding: Adds extra data to network traffic to conceal actual content and prevent analysis.

• Routing Control: Chooses secure routes for data transmission and adjusts routing when security threats
are suspected.

Security Services

Security services are designed to prevent, detect, and respond to security threats:

• Authentication: Verifies the identity of users or devices before granting access.

3

 • Access Control: Enforces policies to regulate who can access specific system resources.

• Data Confidentiality: Ensures that information is only accessible to authorised individuals.

• Data Integrity: Maintains the accuracy and consistency of data during transmission or storage.

• Non-repudiation: Prevents the sender from denying the origin or delivery of a message by providing
verifiable records.

Classical encryption techniques: Symmetric cipher model

Plaintext: This is the original readable message or data that is kept as a secret, and is fed into the algorithm as
input.
Encryption algorithm: A set of rules or steps used to transform plaintext into cipher text using a key.
It does the actual "scrambling" of the message. performs various substitutions and transformations on the
plaintext.
Secret key: A piece of information shared between sender and receiver that controls the encryption and
decryption process. The same key is used for both processes in symmetric encryption. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.
Cipher text: This is the scrambled message produced as output. It looks unreadable and meaningless to anyone
who doesn’t have the key. It depends on the plaintext and the secret key.
Decryption algorithm: A set of steps used to convert cipher text back to plaintext, using the same secret key. It
reverses the encryption process.

Two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an
opponent who knows the algorithm and has access to one or more cipher texts would be unable to decipher the
cipher text or figure out the key. This requirement is usually stated in a stronger form.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key
secure. If someone can discover the key and knows the algorithm, all communication using this key is readable.

CRYPTOGRAPHY

Cryptography is the science of securing information by transforming it into a format that cannot be understood
by unauthorised people. It is the process of converting data into a secret code (called encryption) to protect it,
and then converting it back to its original form (decryption) when needed.

Types (Asymmetric Cryptography (Public Key Cryptography)

Symmetric Cryptography (Private Key Cryptography): Also known as conventional encryption or

single-key encryption, is a method where both the sender and the recipient share a common secret key. This
shared key is used for both encrypting and decrypting the data. the Most widely used encryption method.

Two requirements for secure use of symmetric encryption

1. The encryption algorithm must be strong and capable of resisting cryptographic attacks.
4

 2. The secret key must be known only to the sender and the receiver, ensuring it remains confidential.

GENERAL APPROACHES: When attempting to break or weaken encryption, attackers typically follow two
main approaches:

1) CRYPTANALYSIS
Cryptanalysis is the science of analyzing and breaking encryption algorithms by exploiting weaknesses in their
design or implementation. Unlike brute-force attacks, which try all possible keys, cryptanalysis relies on
intelligence and strategy.
Ciphertext-only attack: The attacker has only the encrypted message and tries to deduce the plaintext or key.
Known-plaintext attack: The attacker has access to both some plaintext and its corresponding ciphertext.
Chosen-plaintext attack: The attacker can choose arbitrary plaintexts and obtain the corresponding
ciphertexts.
Chosen-ciphertext attack: The attacker can choose ciphertexts and get them decrypted (used in analyzing
decryption oracles).

2) BRUTE-FORCE ATTACK
It involves guessing the key by trying every possible key, until an intelligible translation of the cipher text into
plaintext is found. Process known as exhaustive key search. This method does not rely on any weaknesses in
the encryption algorithm itself but instead relies on the assumption that the key space is limited and can
eventually be searched completely.

CLASSICAL ENCRYPTION TECHNIQUES

1. SUBSTITUTION TECHNIQUE
Each element in the plaintext is replaced with another
element according to a specific rule or key.
PLAINTEXT: bag CIPHER TEXT: XMA

2. TRANSPOSITION TECHNIQUE
The positions of characters in the plaintext are
rearranged according to a specific system, but the actual characters themselves are not altered.
PLAINTEXT: NESO CIPHER TEXT: ESON

A. CAESAR CIPHER: The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.

C = E(k, p) = (p + k) mod 26……….(1)

p = D(k, C) = (C - k) mod 26..........(2)

B. MONOALPHABETIC CIPHER: In substitution ciphers, like the Caesar cipher, each letter is always
substituted for another unique letter. Such ciphers are said to be monoalphabetic.

C. POLY ALPHABETIC CIPHER: Playfair Cipher is a polyalphabetic substitution cipher, meaning that one
letter can be denoted by different letters in its encryption, depending on the keyword used, which is given
to both parties.
5

 D. PLAYFAIR CIPHER: A 5x5 matrix is drawn, and letters are filled in each cell, starting with the keyword,
followed by the letters in the alphabet. I/J are filled in the same cell. All repeating letters are removed,
giving us a matrix.
RULE-1: Plaintext sentence: Meet me at the bridge: me et me at th eb ri dg ex (padding with the letter x in
case of an odd number of letters.)
RULE-2: same row; eb would be replaced by sd; ng would be replaced by gi/gj (RIGHT)
RULE-3: same column; dt would be replaced by my; ty would be replaced by yr (BOTTOM)
RULE-4: me would be replaced by gd; et would be replaced by do (CLOCKWISE)

E. HILL CIPHER: The Hill cipher is another polyalphabetic cipher. The plaintext is broken into blocks of
size m. However, the key in the Hill cipher is an in m x m matrix of integers between 0 and 25.

🔄 Confusion

De nition: Confusion makes the relationship between the key and the
ciphertext as complex as possible.
Purpose: To prevent attackers from guring out the encryption key, even
if they know some parts of the plaintext and ciphertext.
How it's done: Confusion is usually achieved using substitution
(replacing pieces of data with something else). In modern ciphers, this
happens through S-boxes (substitution boxes).

🔀 Diffusion

De nition: Diffusion spreads out the plaintext information across the

ciphertext.
Purpose: To hide patterns in the plaintext. This way, even small changes
in the input cause big, unpredictable changes in the output.
How it's done: Usually with permutations or mixing operations (like bit
shuf ing, matrix operations, or mixing multiple inputs).

Confusion hides the key; Diffusion hides the structure of the message.

6

fi
fi
fl
fi
 Module -2
SYMMETRIC CIPHERS
Traditional Block Cipher structure, Data encryption standard (DES), The AES Cipher

• Symmetric Encryption is the most basic and old method of encryption. It uses only one key for the process of
both the encryption and decryption of data. Thus, it is also known as Single-Key Encryption.

DES (DATA ENCRYPTION STANDARD)

Symmetric block cipher (processes fixed-size blocks of data, usually 64 or 128 bits, to produce ciphertext)
(Same Key will be used in Encryption and Decryption), It is an Data Encryption algorithm, It was adopted by
NIST in 1977 and Its is not used nowadays because of security vulnerability. Replaced by AES (Advance
Encryption standard) in 2001.
Input (Plain text): 64 bits (DES Encrypts 64 bits at a time)
Output (Cipher text): 64 bits (DES Decrypts 64 bits output Key)
Main Key: 64 bits (Key given as input to the algorithm )
Subkey :56 bits (64 bits original key converted to 56 bits)
Round key: 48 bits (Round of Encryption)
No of Rounds: 16 Rounds (16 times 48 bit round key will be generated)

AES (ADVANCED ENCRYPTION STANDARD)

• Symmetric block cipher
• AES encryption uses various key lengths (128, 192, or 256 bits) to provide strong protection against
unauthorised access. Encrypts data in blocks of 128 bits each.That means it takes 128 bits as input an outputs
128 bits of encrypted cipher text. AES relies on the substitution-permutation network principle, which is
performed using a series of linked operations that involve replacing and shuffling the input data.

7

 Creation of Round Keys
•A Key Schedule algorithm calculates all the round keys from the key.
So the
initial key is used to create many different round keys which will be
used in the
corresponding round of the encryption.

ENCRYPTION
AES considers each block as a 16-byte (4
byte x 4 byte = 128 ) grid in a column-
major arrangement.
Each round comprises of 4 steps :
• SubBytes (Substitution)
• ShiftRows (Permutation)
• MixColumns (Substitution)
• Add Round Key (Substitution)

Step1. Sub Bytes

• First transformation function of AES. Also known as Forward substitute bytes transformation.
• This step implements the substitution.
• In this step, each byte is substituted by another byte. It is performed using a lookup table also called the S-
box, which contains a permutation of all possible 256 8-bit values. This substitution is done in a way that a
byte is never substituted by itself and also not substituted by another byte which is a compliment of the
current byte. The result of this step is a 16-byte (4 x 4 ) matrix.
• These row and column values serve as an index into the S-box to select a unique 8-bit output value

8

 Step2. Shift Rows
• Second transformation function of AES. Also known as
Forward shift row transformation.
• Each row is shifted a particular number of times. The
first row is not shifted. The second row -> 1 byte circular
left shift. Third row -> 2 byte circular left shift. Fourth row -> 3 byte circular shift

Step 3: Mix Columns

• This step is a matrix multiplication. Each column is multiplied
with a specific matrix and thus the position of each byte in the
column is changed as a result.
• Not present in the last round

Step 4: Add Round Keys

• Fourth transformation function.Forward add round key
transformation.
• The 128-bits of state are bitwise XORed either the 128 bits
of the round key.
• After all these rounds 128 bits of encrypted data are given
back as output. This process is repeated until all the data to
be encrypted undergoes this process.

DECRYTPION
The stages in the rounds can be easily undone as these stages have an opposite to it which when performed
reverts the changes. Each 128 blocks goes through the 10,12 or 14 rounds depending on the key size.
The stages of each round of decryption are as follows :
• AES inverse Sub bytes (Uses inverse S-box in decryption);
• AES inverse Shift rows (Rows are shifted opposite in decryption);
• AES inverse Mix columns (Different matrix in decryption);
• AES inverse Add Round key (same as in encryption)
The decryption process is the encryption process done in reverse so

Module -3
ASYMMETRIC CIPHERS
9

 Principles of Public-Key cryptosystems, The RSA algorithm, Diffie - Hellman Key Exchange,
Elliptic Curve Arithmetic, Elliptic Curve Cryptography.

A public key encryption scheme has the following

ingredients

• Plaintext; Encryption algorithm; Cipher text; Decryption

Algorithm;
Public keys and Private keys − Set of keys, one can be used
for encryption, and the other can be used for
decryption;

Principles of Public-Key Cryptosystems (asymmetric cryptosystems)

Two-Key Mechanism: Each user has a public key (shared with others) and a private key (kept secret).
Data encrypted with one key can only be decrypted with the other.

Key Distribution without Shared Secrets: Unlike symmetric systems, no need to pre-share a secret key.
This solves the key distribution problem found in traditional cryptography.

Con dentiality and Authentication: Ensures con dentiality by encrypting data using the recipient’s public
key; Ensures authentication and digital signatures by signing with a private key (veri able with the sender’s
public key).

Mathematical One-Way Functions: Security is based on hard mathematical problems (e.g., factoring large
primes in RSA, discrete logs in ECC), making it computationally infeasible to derive the private key from the
public key.

Applications: Widely used for secure data transmission, digital signatures, and key exchange,

RSA ALGORITHM

• RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key cryptography algorithm. Two

different keys are used: Public Key and Private Key.
• The Public Key is used for encryption and is known to everyone, while the Private Key is used for decryption
and must be kept secret by the receiver. RSA Algorithm is named after Ron Rivest, Adi Shamir and Leonard
Adleman, who published the algorithm in 1977.
• Block cipher in which the plain text and cipher text are integers bw 0 and n-1
• Example of Asymmetric Cryptography:
If Person A wants to send a message securely to Person B: Person A encrypts the message using Person B’s
Public Key. Person B decrypts the message using their Private Key.
• (e, n) public key is used in encryption; (d, n) private key is used for decryption

The 3 phases of RSA algorithm.

Key generation, Encryption, Decryption

Diffie-Hellman Key
10

fi
fi
fi
 Exchange Algorithm

•Not an encryption algorithm

•When a key is being sent to the
receiver, it can be attacked in between,
So this algo is used
•Used to establish a shared secret that
can be used for secret communications
while exchanging data over a public network. It uses elliptic curve

mathematics to
generate public and
private key pairs and
calculates a shared
secret key using the
other party’s public
key and one’s own
private key.

Elliptic Curve Cryptography (ECC)

• It is asymmetric/ public key cryptosystem.
• Compared to RSA, It appears to provide equal security for a smaller key size reducing processing overhead,
and significant bandwidth savings over RSA. (SMALLER KEY SIZE AND HIGH SECURITY)
• Encryption process takes less time and decryption process takes more time.
• Security: much safer than RSA.
• Cryptography technique that
works on a mathematical model
of elliptic curves - (are not
ellipses)
is a type of equation in two

11

 variables with coefficients, written as y2 = x3 + ax + b, where a and b are constants, cubic equation (degree 3
in x, degree 2 in y)
Symmetric to x axis
For cryptography, the variables and coefficients are restricted to elements in a finite fields (whole numbers).
Must satisfy the non-singularity condition to be useful in ECC i.e., it has no sharp corners.
Consider the equation Q=KP; where Q,P are points on the curve and K< n

Module -4
INTEGRITY CHECKS AND AUTHENTICATION ALGORITHMS
MD5 message digest algorithm , Secure hash algorithm (SHA),Digital Signatures: Digital
Signatures, authentication protocols, digital signature standards (DSS) - proof of digital
signature.

Hashing is the process of scrambling a piece of data or information beyond recognition. We can achieve this
using hash functions which are algorithms that perform mathematical operations on the main plain text. They
are designed to be irreversible, no decryption key can convert a digest back to its original plain text value. We
pass the input through a hash function to calculate the Hash value or Digest.
ORIGINAL DATA + HASH FUNCTION —> HASH VALUE/ DIGEST

MD5
• One way cryptographic hash algorithm - MD5 (Message Digest Method 5)
• Creates 128-bit digest (radically different from the plain text) size for input of any size. (arbitrary length)
• Minor changes to the input string result in considerably different digests. This is needed to reduce the chance
of hash collisions, or the formation of similar hashes.
• Initially designed for digital signatures.
• Designed by Ronald Rivest in1991 to enable the verification of digital signatures.
• INPUT STRING + MD5 FUNCTION —> 128-BIT DIGEST

SHA
12

 SHA stands for secure hashing algorithm, is a family of cryptographic hash functions. Data is hashed
using SHA, a modified version of
MD5.
Hashing is one-way, meaning that once data is hashed, a brute force attack is needed to break the
resulting hash digest. This is the primary difference between hashing and encryption.

INPUT STRING + SHA-1 HASH FUNCTION —> 160-BIT DIGEST/ HASH VALUE
To be considered cryptographically secure, the hash function must meet two requirements:
1. Impossible for an attacker to generate a message that matches a specific hash value.
2. Impossible for an attacker to create two messages producing the exact same hash value. Even a single
character changes in the message, SHA is intended to provide a unique hash.
3. Prevents hash collisions which happens when two different plain texts have the same digest

DIGITAL SIGNATURES

• A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital
document, message or software. It's the digital equivalent of a handwritten signature or stamped seal, but it
offers far more security. A digital signature is intended to solve the problem of tampering and impersonation
in digital communications.
• Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions.
• Signers can also use them to acknowledge informed consent. In many countries, including the U.S., digital
signatures are considered legally binding in the same way as traditional handwritten document signatures.

13

 How do digital signatures work?
• Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a
public key algorithm such as RSA, two keys are generated, one private and one public.

• Signature must use some info unique to the sender, to prevent forgery and denial. Must be easy to produce,
verify and recognise
• For encryption and decryption,

Sender (signer) creates a digital signature:

• Takes the original document and creates a hash (e.g., using
SHA-256).
Encrypts the hash using their private key → this becomes the
digital signature.
Sends the document + signature to the recipient.

Recipient veri es the signature:

• Receives both the document and the signature.

Computes the hash of the received document.
Decrypts the signature using the sender’s public key to retrieve the original hash.
Compares both hashes:
If they match → ✅ the document is authentic and untampered.
If they don’t match → ❌ it means the document or signature has been tampered with or is invalid.

• Private key should be kept a secret. If someone else has access to the private signing key, that party
could create fraudulent digital signatures in the name of the private key holder.

• The Digital Signature Standard (DSS) is a federal standard in the United States that de nes algorithms
used to create and verify digital signatures.
Standardization: It speci es the use of the Digital Signature Algorithm (DSA) for generating and
verifying digital signatures and ensuring the integrity, authenticity and security of electronic documents.
Security: DSS speci es secure cryptographic algorithms like DSA, ensuring that digital signatures are
resistant to tampering and forgery.
Interoperability: DSS ensures that digital signatures can be used and veri ed across different systems.

• Key components of DSS: Digital Signature Algorithm (DSA): DSS speci es the use of DSA for
creating and verifying digital signatures, ensuring secure and reliable document signing • Public and
Private Keys • Hash Function • Veri cation Process

14

fi
fi
fi
fi
fi
fi
fi
 Module
5:
NETWORK AND INTERNET SECURITY
Transport level security – web security issues – secure socket layer ( SSL ) – transport layer
security ( TLS ) – HTTPS – Secure shell – pretty good privacy ( PGP ) – firewalls – IP
security.

Transport Layer Security (TLS)

TLS is a security protocol that works at the transport layer to protect data sent over the internet. It is the
successor of SSL (Secure Socket Layer) and is widely used for secure web communication.

Bene ts of TLS:

1. Encryption – Protects data by converting it into unreadable code.

2. Interoperability – Works with most web browsers and operating systems.

3. Algorithm Flexibility – Supports different encryption, authentication, and hashing methods.

4. Ease of Deployment – Can be easily installed and used with many applications.

5. Ease of Use – Works in the background; users don’t need to do anything.

Features of TLS

Encryption: Protects data from eavesdroppers.

Authentication: Veri es identity using certi cates.

Data Integrity: Prevents data tampering using hash functions (like SHA-256).

Forward Secrecy: Even if the long-term keys are stolen, past communication remains secure.

Working of TLS (Transport Layer Security)

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two
communicating applications. It is widely used to secure communications over the internet, especially in web
browsers.

15

fi
fi
fi
 The working of TLS begins when the client connects to the server using the TCP protocol. The client sends a
message called "Client Hello", which includes several speci cations such as the TLS version it supports, the
list of cipher suites (encryption algorithms), and the compression methods it can use.

The server responds with a "Server Hello" message. This message contains the chosen TLS version, one of
the cipher suites selected from the client’s list, and an optional compression method. The server also sends its
digital certi cate, which contains its public key and is used to prove its identity to the client.

The client then veri es the server’s certi cate to ensure that it is issued by a trusted Certi cate Authority
(CA). If the certi cate is valid, the client proceeds with the connection. If the certi cate is invalid or untrusted,
the connection is terminated.

After the server is authenticated, both the client and the server perform a key exchange. This process may
involve the client sending a randomly generated value called a PreMasterSecret, encrypted with the server’s
public key, or using algorithms like Dif e-Hellman to securely agree on a shared key.

Once the key exchange is complete, both parties generate the same session key, which is used for symmetric
encryption during the session. This ensures that the data exchanged is both encrypted and secure from third-
party access.

Finally, the TLS handshake is completed, and the client and server can begin secure communication. At the
end of the session, the TCP connection is properly closed by both sides to prevent data tampering or
unexpected disconnections.

TLS also supports features like forward secrecy, where new keys are generated for each session, and even if
long-term keys are compromised in the future, past sessions remain secure.

TLS Handshake Protocol:

The TLS handshake protocol is a crucial phase in establishing a secure connection between the client and
the server. It involves
multiple steps, including negotiating the TLS version, cipher suite, and exchanging cryptographic
parameters. The handshake
concludes with the exchange of key material used to derive session keys for encrypting and decrypting
data.

Web Security Threats

Web security threats are attacks that try to damage websites, steal data, or access private information through
the internet. These threats target both users and website owners, and are very common in today’s digital world.

Whenever we enter passwords, credit card numbers, or personal data on websites, web security helps protect
that information.

Top Web Security Threats

• Denial of Service • Cross-site scripting (XSS) • SQL Injection • Phishing • Ransomware • Spyware

16

fi
fi
fi
fi
fi
fi
fi
fi
 In today’s digital world, people share sensitive information (like passwords and card numbers) online. To
protect this information, we use secure protocols like HTTPS and SSL. These technologies help keep our data
private, safe, and unchangeable during transmission.

SSL

SSL stands for Secure Sockets Layer.

It is a security technology that creates a secure (encrypted) connection between your browser and the web
server.

Originally, data on the web was transmitted in plaintext, making it easy for anyone who intercepted the message
to read it. For example, if someone logged into their email account, their username and password would travel
across the Internet unprotected.
SSL was created to solve this problem and protect user privacy. By encrypting data between a user and a web
server, SSL ensures that anyone who intercepts the data sees only a scrambled mess of characters. This keeps
the user’s login credentials safe, visible only to the email service.

🔐 Functions of SSL:

1. Encryption: Scrambles the data so no one can read it during transmission.

2. Authentication: Con rms the identity of the server using digital certi cates.

3. Data Integrity: Ensures that data is not changed while being transferred.

SSL helps prevent cyber attacks by:

• Authenticating Web Servers: Ensuring that users are connecting to the legitimate website, not a fake one set
up by attackers.

• Preventing Data Tampering: Acting like a tamper-proof seal, SSL ensures that the data sent and received
hasn’t been altered during transit.

17

fi
fi
 HTTPS

HTTPS stands for HyperText Transfer Protocol Secure.

It is the secure version of HTTP that uses SSL or TLS to protect the communication.

• Normal HTTP sends data as plain text (anyone can read it).

• HTTPS adds SSL/TLS encryption to protect that data.

In simple terms, HTTPS = HTTP + SSL/TLS

You can recognize HTTPS in a browser by the lock symbol and “https://” in the website address bar.

How HTTPS Works:

1. You open a website with https://.

2. Your browser asks the server for its SSL certi cate.

3. It checks if the certi cate is valid and trusted.

4. If valid, both browser and server agree on a secret key.

5. All data is now encrypted and safely exchanged.

6. It uses an asymmetric public key infrastructure for

securing a communication link. There are two different kinds of keys used for encryption –
• Private Key: It is used for the decryption of the data that has been encrypted by the public key. It
resides on the server-side and is controlled by the owner of the website. It is private in nature.
• Public Key: It is public in nature and is accessible to all the users who communicate with the server.
The private key is used for the decryption of the data that has been encrypted by the public key.

Why HTTPS is Important:

• Protects passwords, card details, and personal info

• Prevents hacking and eavesdropping

• Builds user trust (search engines also prefer HTTPS websites)

SSL is like the bodyguard, and HTTPS is the VIP using the bodyguard for protection.

Secure Shell (SSH)

SSH (Secure Shell) is a cryptographic network protocol used for securely transferring encrypted data over a
network. It is commonly used for remote access to servers and systems.

• Port Number: SSH operates over port 22.

• Authentication: SSH allows users to securely connect to servers without repeatedly entering
passwords for each system.

Key Pair Mechanism in SSH: SSH relies on a key pair system for secure communication. The key
pair includes:
18

fi
fi
 • Public Key:

◦ Can be shared with anyone; Used for encryption; Does not require protection

• Private Key:

◦ Stays securely on the user's device; Used for decryption; Must be kept con dential

Types of SSH Keys

1. User Key: Both the public and private keys are managed by the user.

2. Host Key: The key pair is stored on a remote server or host system.

3. Session Key: Temporarily generated and used for encrypting large volumes of data during a session.

Features of SSH (Secure Shell)

1. Encryption: SSH ensures all data exchanged between client and server is encrypted, maintaining
con dentiality and preventing unauthorized access.

2. Authentication: Uses public-private key pairs for secure authentication, offering stronger protection
than traditional passwords.

3. Data Integrity: Ensures that messages are not altered during transmission, maintaining their original
form.

4. Tunneling: SSH can create secure tunnels for forwarding network connections, protecting data as it
travels through insecure networks.

Functions of SSH
1. Secure Communication: Encrypts all communication between the client and server, ensuring high-
level security.

2. Con dentiality: Protects data from being exposed or intercepted during transmission.
3. Remote Login: Allows users to safely log in to remote systems, serving as a secure alternative to
TELNET.

4. Secure File Transfer: Supports protocols like SCP (Secure Copy) and SFTP (SSH File Transfer
Protocol) to securely transfer les over the internet.

5. Supports Tunneling: Enables secure communication channels by encapsulating data inside encrypted
SSH sessions.

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is a data encryption and decryption program used for securing digital
communications such as emails, les, and texts. It ensures con dentiality, integrity, and authentication
of data using cryptographic techniques.

19

fi
fi
fi
fi
fi
fi
 Working Principle:
PGP uses a hybrid cryptographic model:

• Symmetric-key encryption for encrypting the main message (fast).

• Public-key encryption to securely exchange the symmetric key.

Core Services Provided by PGP:

1. Authentication – Con rms the sender’s identity.

2. Con dentiality – Ensures only the intended recipient can read the message.

3. Email Compatibility – Supports email formatting and processing.

4. Segmentation – Splits long messages for easier transmission and reassembly.

Authentication in PGP (Digital Signature):

At Sender’s End:

1. Hash the message using SHA-1.

2. Encrypt the hash with sender’s private key (KPa) to create a digital signature.

3. Append the signature to the message, compress, and send.

At Receiver’s End:

1. Decompress the message.

2. Decrypt the signature using the sender’s public key (PUa) to get the original hash.

3. Hash the message again and compare both hashes.

4. If they match → message is authentic and unaltered.

Con dentiality in PGP (Message Encryption):

At Sender’s End:

1. Compress the message.

2. Encrypt with a random session key (Ks) using symmetric encryption (e.g., CAST-128, IDEA, 3DES).

3. Encrypt Ks with the receiver’s public key (PUb) using RSA.

4. Send the encrypted message + encrypted session key.

At Receiver’s End:
20

fi
fi
fi
 1. Decrypt the session key with private key (KPb).

2. Use session key to decrypt the message.

3. Decompress to restore the original message.

Even if intercepted, the session key is unreadable without the private key—ensuring data con dentiality.

Firewall
A rewall is a network security system that monitors and controls incoming and outgoing traf c based on
prede ned security rules.
It acts like a gatekeeper between your computer/network and the outside world (Internet), deciding what data
is safe to let in or out. It acts like a security guard that helps keep your digital
world safe from unwanted visitors and potential threats

Working of Firewall
A rewall functions by comparing network traf c against a set of prede ned rules:

• If a rule matches, the rewall takes a speci c action (e.g., allow, block, log).

• For example:

◦ A rule might block HR department users from accessing the code server.

◦ Another rule may allow system administrators to access all departments.

Rule De nition:

• Rules are based on organizational needs and security policies.

• Traf c is categorized as incoming or outgoing:

◦ Outgoing traf c (from the internal network) is usually allowed, but can be restricted for added
security.

◦ Incoming traf c is more strictly controlled to prevent unauthorized access.

Protocols Handled by Firewall:

Most of the traf c inspected by a rewall uses Transport Layer protocols:

• TCP (Transmission Control Protocol)

• UDP (User Datagram Protocol)

21


fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 • ICMP (Internet Control Message Protocol)

Each packet has:

• Source and destination IP addresses

• Port numbers (TCP/UDP) or type codes (ICMP) to identify the nature and purpose of the
communication.

What is IPSec?
Imagine you are sending a secret message to your friend through a messenger. But you're afraid someone
might read it, change it, or pretend to be your friend.

So you:

• Lock the message in a box (encryption)

• Add a label to prove it's from you (authentication)

• Seal it tightly (integrity check)

This is what IPSec does for data over the Internet!

IPSec (Internet Protocol Security)

De nition:
IPSec is a suite of protocols used to secure IP communications by authenticating and encrypting each IP
packet in a communication session. It ensures con dentiality, integrity, and authenticity of data transferred
over a network.

Importance of IPSec
• Data Encryption: Protects data by making it unreadable to unauthorized users.

• Data Integrity: Ensures the data is not altered during transmission.

• Used in VPNs: Commonly implemented in Virtual Private Networks to create secure tunnels.

• Protection from Cyber Attacks: Defends against eavesdropping, spoo ng, and man-in-the-middle
attacks.

Features of IPSec
1. Authentication: Veri es the identity of the sender using digital signatures or shared secrets.

2. Con dentiality: Encrypts data to protect it from unauthorized access.

3. Integrity: Detects any tampering or corruption of data packets.

22

fi
fi
fi
fi
fi
 4. Key Management: Uses Internet Key Exchange (IKE) to generate and manage encryption keys.

5. Tunneling Support: Allows encapsulation of IP packets within other protocols (e.g., GRE, L2TP).

6. Flexibility: Supports point-to-point, site-to-site, and remote access connections.

7. Interoperability: As an open standard, IPSec works across various devices and vendors.

How IPSec Works

Modes of Operation:

• Transport Mode: Encrypts only the data portion of the IP packet. Used for end-to-end communication.

• Tunnel Mode: Encrypts the entire IP packet. Commonly used in VPNs.

Core Protocols:

• AH (Authentication Header): Ensures the data source is authentic and data is untampered.

• ESP (Encapsulating Security Payload): Provides both encryption and authentication.

Key Exchange:

• IKE (Internet Key Exchange): Establishes a shared secret key between devices to encrypt and decrypt
data.

Working Steps:

1. Two devices initiate a secure session.

2. They authenticate each other using passwords or digital certi cates.

3. A secure tunnel is established using IKE.

4. Data is transmitted through this encrypted and authenticated tunnel.

5. Once the communication ends, the tunnel is closed securely.

IPSec Connection Establishment Process

IPSec secures IP communication by authenticating and encrypting each data packet. The process of establishing
an IPSec connection occurs in two key phases:

Phase 1: Establishing the IKE (Internet Key Exchange) Tunnel

The goal of Phase 1 is to create a secure channel (IKE tunnel) for negotiating IPSec parameters.

Modes of Operation:

• Main Mode:
23

fi
 ◦ Involves six message exchanges.

◦ More secure but takes more time.

◦ Hides identity during negotiation.

• Aggressive Mode:

◦ Faster, with only three messages exchanged.

◦ Less secure, as it exposes more identity information.

Phase 2: Establishing the IPSec Tunnel

This phase is known as Quick Mode. It uses the secure IKE tunnel to establish IPSec Security Associations
(SAs).

Modes of Operation:

• Tunnel Mode:

◦ Encrypts the entire IP packet (header + payload).

◦ Commonly used in site-to-site VPNs.

• Transport Mode:

◦ Encrypts only the payload (data portion), leaving the IP header intact.

◦ Used for end-to-end communication between individual hosts.

Summary

• Phase 1 ensures a secure communication channel using IKE.

• Phase 2 builds the IPSec tunnel to securely transmit data using negotiated encryption/authentication
methods.

24