Unit - I Introduction to Computer and Information

Security
Definition of Computer Security

Computer Security is the protection of computer systems, networks, and information from
unauthorized access, misuse, modification, damage, or destruction.
Its main aim is to ensure that data remains private, accurate, available, and reliable.

Need of Computer Security

Computer security is required to:
• Protect sensitive and confidential information
• Prevent unauthorized access and cyber attacks
• Ensure secure data storage and transmission
• Maintain system reliability and user trust
• Support safe online services like banking and communication

Security Basics
Security basics are the fundamental principles used to secure information systems.

1. Confidentiality (Data Privacy)

Confidentiality ensures that information is accessible only to authorized users and
data privacy is maintained.
• Prevents data leakage
• Implemented using access control, passwords, encryption
Example:
Only authorized employees can view company data.

2. Integrity (Data Accuracy)

Integrity ensures that data remains correct and unchanged during storage or
transmission.
 • Prevents unauthorized modification
• Achieved using hashing and digital signatures
Example:
Financial records should not be altered illegally.

3. Availability (Data Access)

Availability ensures that data and systems are available whenever required by
authorized users.
• Protects against system failure and DoS attacks
• Uses backup and recovery mechanisms
Example:
Online services available 24×7.

CIA Triad Diagram ⭐

Confidentiality
(Data Privacy)
▲
|
Integrity ---------------- Availability
(Data Accuracy) (Data Access)

This is known as the CIA Triad of Computer Security.

4. Authentication
Authentication is the process of verifying the identity of a user or system before
granting access.
• Uses passwords, OTPs, biometrics
• Prevents unauthorized users from entering the system
Example:
Login using username and password.
5. Accountability
Accountability ensures that each user is responsible for their actions in the system.
• Activities are recorded in logs and audit trails
• Helps in tracking misuse
Example:
Log files showing who accessed data.

Authentication & Accountability Diagram

User → Login → Authentication → Access Granted
|
↓
Logs / Audit Trail

6. Non-Repudiation
Non-repudiation ensures that a user cannot deny an action once it is performed.
• Uses digital signatures and encryption
• Provides proof of communication or transaction
Example:
Sender cannot deny sending an email.

7. Reliability
Reliability ensures that systems perform consistently and correctly over time.
• Reduces system failure
• Increases confidence of users
Example:
A server working properly without frequent crashes.

Exam Key Points ⭐

 • Confidentiality → Data Privacy
• Integrity → Data Accuracy
• Availability → Data Access
• Authentication → Identity verification
• Accountability → User responsibility
• Non-repudiation → Proof of action
• Reliability → Consistent performance

Information Security Overview

Introduction to Information

Information is processed data that has meaning and value.

In organizations, information is an important asset and must be protected from misuse, loss, or
unauthorized access.

Examples of information:

• Personal details

• Business records

• Financial data

• Login credentials

Need and Importance of Information Security

Information Security is required to protect information from various threats.

Importance of information security:

• Protects confidential and sensitive data

• Prevents data theft, data loss, and cyber attacks

• Ensures safe storage and transmission of information

• Maintains privacy and trust of users

 • Supports legal and organizational requirements

Information Classification

Information Classification is the process of grouping information based on its sensitivity, value,
and importance.

Purpose of information classification:

• Apply proper security controls

• Decide access level for users

• Reduce risk of data misuse

Types of Information Classification

1. Public Information

a. Information that can be shared openly

b. No major security required

c. Example: Company website details

2. Internal Information

a. Used only inside the organization

b. Limited access

c. Example: Internal policies

3. Confidential Information

a. Sensitive information

b. Access only to authorized users

c. Example: Employee records

4. Highly Confidential / Secret Information

a. Very sensitive and critical data

 b. Highest level of security required

c. Example: Passwords, financial data

Criteria for Information Classification

Information is classified based on the following criteria:

• Sensitivity – How sensitive the information is

• Value – Importance of information to organization

• Impact – Damage caused if information is leaked

• Legal requirements – Laws and regulations

• Access level – Who should access the information

• Life cycle – How long the information is useful

Key Points ⭐

• Information is a valuable asset

• Information security protects data from threats

• Classification helps apply correct security level

• Criteria decide how information is classified

Types of Attacks

A security attack is any action that tries to steal, damage, modify, or disrupt information or
systems.

Passive Attack

In a passive attack, the attacker only observes or listens to the data.

• No change in data
 • Hard to detect

• Main aim is information gathering

Example: Eavesdropping, sniffing

Active Attack

In an active attack, the attacker modifies data or disrupts system operations.

• Data is changed or destroyed

• Easy to detect

• Causes serious damage

Example: DoS, masquerade attack

Masquerade Attack

In a masquerade attack, the attacker pretends to be an authorized user.

• Uses stolen passwords or IDs

• Gains illegal access to system

Example: Logging in using someone else’s credentials.

Denial of Service (DoS) Attack

A DoS attack tries to make a system or network unavailable to users.

• Floods system with fake requests

• Crashes or slows down servers

Example: Website not opening due to heavy traffic attack.

Backdoors and Trapdoors

 • Backdoor: A secret entry point in a system that bypasses security

• Trapdoor: A hidden access created during development

Attackers use them to gain unauthorized access.

Sniffing

Sniffing is the process of capturing data packets from a network.

• Steals passwords and sensitive data

• Works on unsecured networks

Example: Capturing login details on public Wi-Fi.

Phishing

Phishing is a fake communication attack to steal personal information.

• Uses fake emails or websites

• Tricks users into sharing data

Example: Fake bank email asking for password.

Spoofing

Spoofing means faking identity to appear as a trusted source.

• IP spoofing

• Email spoofing

Example: Fake email showing original sender address.

Man-in-the-Middle (MITM) Attack

In MITM attack, the attacker secretly sits between two users.

 • Reads or changes communication

• Both users think communication is safe

Example: Attacker between user and bank website.

Replay Attack

In replay attack, attacker captures valid data and reuses it later.

• No need to crack encryption

• Uses previously sent messages

Example: Reusing captured login session.

TCP/IP Hacking

TCP/IP hacking exploits weaknesses in TCP/IP protocol.

• Session hijacking

• Port scanning

• Packet manipulation

Social Engineering

Social engineering attacks human psychology instead of systems.

• Tricks users into revealing information

• Uses trust, fear, or urgency

Example: Fake tech support call asking for OTP.

Key Points ⭐

• Passive → Only observe

 • Active → Modify or destroy

• DoS → Make service unavailable

• Phishing → Fake messages

• Social Engineering → Human attack

Types of Malwares

Malware (Malicious Software) is software designed to damage, disrupt, steal data, or gain
unauthorized access to a computer system.

1. Virus

A virus is a malware that attaches itself to a program or file.

• Spreads when infected file is executed

• Damages files and system performance

Example:

File virus infecting executable files.

2. Worm

A worm is a self-replicating malware that spreads automatically over networks.

• Does not need a host file

• Consumes network bandwidth

Example:

Email worm spreading through contacts.

3. Trojan Horse
A Trojan horse looks like a legitimate program but performs malicious actions.

• Does not self-replicate

• Steals data or creates backdoor

Example:

Fake software download.

4. Spyware

Spyware secretly monitors user activities.

• Collects personal data

• Sends information to attacker

Example:

Tracking browsing habits.

5. Adware

Adware automatically displays unwanted advertisements.

• Slows system

• Often bundled with free software

Example:

Pop-up ads.

6. Ransomware

Ransomware encrypts data and demands payment to restore access.

• Locks files or entire system

• Causes data loss

Example:

Message asking for money to unlock files.

7. Logic Bomb

A logic bomb is a malicious code that activates when a specific condition is met.

• Time-based or event-based

• Hard to detect

Example:

Deletes files on a specific date.

8. Rootkit

A rootkit hides malware and gives attacker full system control.

• Avoids detection

• Modifies system files

Example:

Hidden admin access.

9. Keylogger

A keylogger records keystrokes typed by the user.

• Steals passwords and PINs

• Runs silently in background

Example:

Capturing login credentials.

Key Points ⭐
 • Virus → Needs host file

• Worm → Self-spreading

• Trojan → Fake legitimate software

• Ransomware → Demands money

• Keylogger → Records keystrokes

Operating System Updates

Operating System (OS) updates are released to fix bugs, improve security, and enhance
system performance.

They protect the system from new threats and vulnerabilities.

1. HotFix

A HotFix is a small and immediate update released to fix a specific problem or critical issue.

• Applied quickly

• Fixes one particular bug

• Usually released after problem is identified

Example:

Fix for sudden system crash.

2. Patch

A Patch is a software update used to fix security vulnerabilities, bugs, or errors.

• More general than hotfix

• Improves system security

• May include multiple fixes

Example:
Security patch fixing virus vulnerability.

3. Service Pack

A Service Pack is a collection of patches, hotfixes, and updates released together.

• Large update

• Improves stability and performance

• Installed after long intervals

Example:

Windows Service Pack.

Difference

Update Type Description Size

HotFix Fixes one specific issue Small
Patch Fixes bugs and security issues Medium
Service Pack Collection of updates Large

Exam Key Points

• HotFix → Immediate solution

• Patch → Security and bug fix

• Service Pack → Group of updates

Threats to Security

Security threats are conditions or actions that can harm information, systems, or assets.

To understand threats clearly, we must know assets, vulnerability, threat, and risk.

Asset
An asset is anything that has value to an organization and needs protection.

• Hardware (computers, servers)

• Software (applications, OS)

• Data (files, databases, personal information)

• Network resources

Example:

Customer database of a company.

Vulnerability

A vulnerability is a weakness or flaw in a system that can be exploited.

• Can be technical or human-related

• Makes system open to attack

Example:

Weak password, outdated software.

Threat

A threat is a possible danger that can exploit a vulnerability and harm an asset.

• Can be intentional or unintentional

• Can be internal or external

Example:

Hacker, malware, natural disaster.

Risk

Risk is the possibility of loss or damage when a threat exploits a vulnerability.

 • Depends on impact and probability

• Higher vulnerability = higher risk

Example:

Data theft due to weak security.

Relation Between Asset, Vulnerability, Threat, and Risk

• Asset is something valuable

• Vulnerability is a weakness in the asset

• Threat uses the vulnerability

• Risk is the potential damage caused

Relationship Diagram

Asset
↓
Vulnerability
↓
Threat
↓
Risk (Loss/Damage)

Simple Relation Statement

Risk occurs when a threat exploits a vulnerability of an asset.

Exam Key Points

• Asset → Valuable resource

• Vulnerability → Weakness
• Threat → Possible attack

• Risk → Chance of loss

Unit - II User Authentication and Access Control

Identification and Authentication Methods

Identification is the process of claiming an identity (who the user is).

Authentication is the process of verifying that identity.

Example:

• Username → Identification
• Password → Authentication

Electronic User Authentication

Electronic user authentication is the process of verifying a user’s identity electronically

before giving access to a system.

• Used in computers, networks, and online services

• Prevents unauthorized access

Example:

Logging into email or online banking.

Username and Password Authentication

This is the most common authentication method.

• User provides username and password

• System checks stored credentials
• Access is granted if both match

Advantages:

• Simple and easy to use

Limitations:

• Weak passwords can be hacked

Example:

Login to social media account.

Multi-Factor Authentication (MFA)

Multi-factor authentication uses more than one factor to verify identity.

Authentication factors:

1. Something you know – password, PIN

2. Something you have – mobile, token, smart card
3. Something you are – fingerprint, face scan
• Provides higher security
• Reduces risk of unauthorized access

Example:

Password + OTP sent to mobile.

Token-Based Authentication

In token-based authentication, the user uses a physical or digital token to authenticate.

• Token generates a one-time password (OTP)

• Used along with username/password

Types of tokens:

• Hardware tokens
• Software tokens

Example:

OTP generated by authentication app.

Simple Authentication Flow Diagram

User → Identification → Authentication → Access Granted

Key Points ⭐

• Identification → Who you are

• Authentication → Proof of identity
• Username/password → Basic method
• MFA → High security
• Token-based → Uses OTP or device

Password Attacks

Password attacks are methods used by attackers to steal or break user passwords in order to
gain unauthorized access to systems and data.

1. Guessing Password

In password guessing attack, the attacker tries different possible passwords.

• Uses common words, names, dates

• Weak passwords are easily guessed

Example:

Trying passwords like 123456, admin, password.

2. Piggybacking

Piggybacking is a physical attack where an attacker follows an authorized user to enter a

restricted area.
 • No password cracking required
• Takes advantage of user trust

Example:

Entering office by following an employee without ID.

3. Shoulder Surfing

In shoulder surfing, the attacker observes the user while they enter the password.

• Can be done in public places

• Uses direct observation or cameras

Example:

Watching someone type ATM PIN.

4. Dumpster Diving

Dumpster diving is the act of searching discarded material to find passwords or sensitive
information.

• Looks into trash, papers, notes

• Often used in organizations

Example:

Finding written passwords in dustbin.

Key Points

• Guessing → Try common passwords

• Piggybacking → Follow authorized user
• Shoulder surfing → Watch password entry
• Dumpster diving → Search trash for info
One-Line Revision

• Guessing → Weak password attack

• Piggybacking → Physical access attack
• Shoulder surfing → Visual attack
• Dumpster diving → Information from waste

Biometrics

Biometrics is an authentication method that uses unique physical or behavioral

characteristics of a person to verify identity.

• More secure than passwords

• Difficult to copy or share

Example:

Fingerprint unlock in mobile phone.

Types of Biometrics

1. Fingerprint Recognition

Fingerprint authentication uses the unique patterns of ridges and valleys on fingers.

• Fast and accurate

• Widely used

Example:

Mobile fingerprint lock.

2. Hand Print Recognition

Hand print recognition measures shape, size, and geometry of the hand.
 • Used in secure areas
• Less detailed than fingerprint

Example:

Access control in offices.

3. Retina Scan Patterns

Retina scanning uses the blood vessel pattern at the back of the eye.

• Very high accuracy

• Difficult to fake

Example:

High-security military systems.

4. Voice Patterns

Voice recognition identifies a person using voice tone, pitch, and speech pattern.

• Affected by noise and illness

• Used in call centers

Example:

Voice authentication in customer care.

5. Face Recognition

Face recognition uses facial features such as eyes, nose, and jaw structure.

• Non-contact method
• Used in surveillance systems

Example:
Face unlock in smartphones.

6. Signature and Writing Patterns

This method analyzes style of writing or signing, including speed and pressure.

• Behavioral biometric
• Used in banking

Example:

Signature verification in cheques.

7. Keystroke Dynamics

Keystroke biometrics analyze typing speed, rhythm, and key pressure.

• Continuous authentication
• Difficult to imitate

Example:

User identification while typing.

Key Points

• Biometrics → Based on human characteristics

• Fingerprint & retina → Physical biometrics
• Voice & keystroke → Behavioral biometrics
• High security, hard to duplicate

One-Line Revision

• Fingerprint → Finger pattern

 • Retina → Eye blood vessels
• Face → Facial features
• Keystroke → Typing behavior

Authorization

Authorization is the process of deciding what actions or resources a user is allowed to access
after successful authentication.

• It comes after authentication

• Controls user permissions and access rights

Example:

A user can log in (authenticated) but cannot access admin files (not authorized).

Goals of Authorization

The main goals of authorization are:

• Ensure users access only permitted resources

• Protect confidential and sensitive information
• Prevent unauthorized operations
• Enforce access control policies
• Reduce risk of misuse or data leakage

Authorization Flow

User → Authentication → Authorization → Access to Resources

Key Points ⭐

• Authorization → What user can do

• Authentication → Who user is
 • Authorization controls access rights

One-Line Revision

• Authorization = Permission
• Authentication = Identity check

Access Controls

Access Control is the process of restricting access to resources to authorized users only.

It ensures that only permitted users can perform specific operations on resources like files,
systems, or networks.

Example:

Only HR department can access employee salary data.

Authentication Mechanism

Before access control is applied, the system authenticates the user to verify identity.

Common mechanisms:

• Passwords
• Biometrics
• Smart cards / tokens
• Multi-factor authentication

Access Control Principles

1. Least Privilege – User gets only minimum permissions needed

2. Need to Know – User can access information only if required
3. Separation of Duties – Critical tasks divided among multiple users
4. Accountability – Every action must be traceable
Access Rights and Permissions

• Access Rights → What operations a user can perform (read, write, execute)
• Permissions → Authorization to perform those operations on a resource

Example:

• Read-only access to a file → Access right = read, Permission = granted

• Admin can modify files → Access right = write, Permission = granted

Access Control Policies

1. Discretionary Access Control (DAC)

• Owner of resource decides who can access it

• Flexible but less secure

Example:

File owner sets permissions for other users.

2. Mandatory Access Control (MAC)

• System enforces access rules based on security labels

• Users cannot change permissions
• High security

Example:

Military system: Top Secret, Secret, Confidential.

3. Role-Based Access Control (RBAC)

• Access is based on user role

 • Users with same role have same permissions

Example:

HR role → access employee records

Manager role → access reports

4. Attribute-Based Access Control (ABAC)

• Access is based on user attributes, resource attributes, and environment

• More flexible and fine-grained

Example:

Access allowed if user is from HR department and during office hours.

Access Control Diagram

User → Authentication → Access Control → Resource

↓
Access based on policy (DAC / MAC / RBAC / ABAC)

Key Points ⭐

• Access control = Restrict resource access

• DAC → Owner decides
• MAC → System enforces
• RBAC → Role-based
• ABAC → Attribute-based
• Principles → Least privilege, Need to know, Separation of duties, Accountability
Unit - III Cryptography

Introduction to Cryptography

Cryptography is the science of protecting information by transforming it into an

unreadable format so that only authorized users can access it.

Key Terms

1. Plain Text

• The original readable message or data before encryption.

• Example: "Hello, how are you?"

2. Cipher Text

• The encoded version of plain text after encryption.

• Unreadable to unauthorized users.
• Example: "Xy12#ghQ9"

3. Cryptography

• The art and science of securing information using codes and ciphers.
• Provides confidentiality, integrity, and authentication.

Example:

Encrypting a message before sending over the internet.

4. Cryptanalysis

• The study of breaking or decoding encrypted messages without the key.

• Used by attackers to crack codes.

Example:

Hacker trying to decode encrypted bank data.

5. Cryptology

• Combination of cryptography and cryptanalysis.

• It includes creating secure systems and breaking weak ones.

6. Encryption

• The process of converting plain text into cipher text using a key or algorithm.

Example:

Sending "Hello" → encrypted as "Xy12#"

7. Decryption

• The process of converting cipher text back into plain text using a key.

Example:

Cipher text "Xy12#" → decrypted as "Hello"

Simple Encryption/Decryption Diagram

Plain Text → [Encryption] → Cipher Text → [Decryption] → Plain Text

Exam Key Points

• Plain Text → Original message

• Cipher Text → Encrypted message
• Cryptography → Secure data
• Cryptanalysis → Break encryption
• Cryptology → Cryptography + Cryptanalysis
• Encryption → Encode message
• Decryption → Decode message
Symmetric and Asymmetric Cryptography

Cryptography techniques are mainly of two types: Symmetric (Single Key) and Asymmetric
(Two Key / Public Key).

1. Symmetric Cryptography

Introduction

• Uses one secret key for both encryption and decryption.

• Also called Single-Key or Private-Key Cryptography.

Example:

AES, DES, 3DES

Working

1. Sender and receiver share the same secret key.

2. Sender encrypts plain text using the key → cipher text.
3. Receiver decrypts cipher text using the same key → plain text.

Diagram :

Plain Text → [Encryption using Key K] → Cipher Text

Cipher Text → [Decryption using Key K] → Plain Text

Key Management

• Key must be kept secret between sender and receiver.

• Key distribution is challenging for large networks.
• If key is leaked → security is broken.

Advantages

• Fast encryption and decryption

• Simple algorithms
Limitations

• Key distribution is difficult

• Single key compromise → entire communication compromised

2. Asymmetric Cryptography

Introduction

• Uses two keys: Public Key (shared) and Private Key (kept secret).
• Also called Public-Key Cryptography.

Example:

RSA, ECC, Diffie-Hellman

Working

1. Sender encrypts message using receiver’s public key.

2. Only receiver can decrypt it using their private key.
3. For digital signatures: sender encrypts with private key, anyone can verify with public
key.

Diagram :

Plain Text → [Encryption using Receiver's Public Key] → Cipher Text

Cipher Text → [Decryption using Receiver's Private Key] → Plain Text

Key Management

• Public key can be freely shared

• Private key must be kept secret
• No need to share secret key, solves symmetric key distribution problem

Public Key Distribution

• Public keys are distributed using certificates

• Managed by Certificate Authority (CA)
 • Ensures key belongs to the claimed user

Advantages

• Solves key distribution problem

• Supports digital signatures and authentication

Limitations

• Slower than symmetric encryption

• Requires more computational power

Symmetric vs Asymmetric Quick Comparison

Feature Symmetric Asymmetric

Keys Single key Public + Private key
Speed Fast Slower
Key Distribution Difficult Easy (public key)
Example AES, DES RSA, ECC
Use Case Bulk data Secure key exchange, digital
signature

Key Points ⭐

• Symmetric → One key, fast, key must be secret

• Asymmetric → Two keys, solves key sharing problem
• Public key → shared openly
• Private key → kept secret
• Certificates & CA → verify public key authenticity

Substitution Techniques

Substitution cipher is a cryptography technique in which each character of plain text is

replaced by another character according to some rule.

• Provides confidentiality
• Used in classical cryptography
1. Caesar Cipher

Introduction

• One of the simplest substitution ciphers

• Each letter is shifted by a fixed number of positions in the alphabet

Working

• Shift value (key) decides how many positions each letter moves
• Encryption: C = (P + K) mod 26
• Decryption: P = (C - K) mod 26

Example:

• Key = 3
• Plain text: HELLO → Cipher text: KHOOR

Diagram (Exam ):

Plain Text → [Shift + Key 3] → Cipher Text

Cipher Text → [Shift - Key 3] → Plain Text

2. Playfair Cipher

Intro

• Encrypts pairs of letters (digraphs) instead of single letters

• Uses a 5×5 key matrix

Working

1. Prepare 5×5 matrix with key letters + remaining letters

2. Split plain text into pairs of letters
3. Apply rules for same row, same column, rectangle

Example:
 • Key = MONARCHY
• Plain text: HELLO → Cipher text: KDMMP

Advantage:

• More secure than Caesar cipher

3. Vigenère Cipher

Introduction

• Polyalphabetic substitution cipher

• Uses a keyword to shift letters

Working

• Each letter in plain text is shifted by corresponding letter in keyword

• Encryption: C = (P + K) mod 26

Example:

• Plain text: HELLO

• Key: KEY → Cipher text: RIJVS

Advantage:

• Stronger than Caesar and Playfair

4. Vernam Cipher (One-Time Pad)

Introduction

• Uses random key (pad) equal to plain text length

• Key is used only once → Perfect secrecy
Working

• Encryption: C = P ⊕ K (XOR operation)

• Decryption: P = C ⊕ K

Example:

• Plain text: HELLO

• Key: XMCKL → Cipher text: XOR result

Advantage:

• Unbreakable if key is truly random and used once

Substitution Techniques Summary

Cipher Type Key Notes

Caesar Monoalphabetic Fixed shift Simple, easy to break
Playfair Digraph 5×5 matrix Encrypts letter pairs
substitution
Vigenère Polyalphabetic Keyword More secure than
Caesar
Vernam One-time pad Random Unbreakable if used
pad once

Key Points

• Substitution → Replace letters according to rule

• Caesar → Shift letters
• Playfair → Encrypt pairs
• Vigenère → Use keyword, shifts vary
• Vernam → One-time pad, perfect secrecy
Transposition Techniques

Transposition cipher is a cryptography method in which the positions of characters in

plain text are shifted according to a rule, without changing the actual characters.

• Provides confidentiality
• Rearranges letters instead of substituting

1. Rail Fence Technique

Introduction

• Also called zig-zag cipher

• Letters of plain text are written in zig-zag across multiple “rails” (rows)

Working

1. Choose number of rails (rows)

2. Write letters diagonally down and up in zig-zag
3. Read letters row by row → Cipher text

Example:

• Plain text: HELLO WORLD

• Rails = 3

H . . . L . . . O
. E . L . W . R .
. . L . . . O . D

• Cipher text: HLOELWRLOD

Diagram:

Rail 1: H L O
Rail 2: E L W R
Rail 3: L O D
→ Read row-wise = HLOELWRLOD
2. Simple Columnar Technique

Introduction

• Plain text is written row-wise into columns using a keyword

• Columns are then reordered according to alphabetical order of keyword letters
• Cipher text is read column-wise

Working

1. Write plain text in rows under keyword letters

2. Number columns based on alphabetical order of keyword
3. Read columns in order → Cipher text

Example:

• Plain text: HELLO WORLD

• Keyword: KEY → Column order K=2, E=1, Y=3

K E Y
H E L
L L O
W O R
L D

• Cipher text (column-wise by order 1-2-3): ELHLOWLDR

Diagram :

Write in table → Reorder columns → Read column-wise → Cipher text

Transposition Techniques Summary

Technique Method Notes

Rail Fence Zig-zag / row-wise Read row-wise, simple
 Simple Column Uses keyword, moderate
Columnar permutation security

Exam Key Points

• Transposition → Rearrange letters

• Rail Fence → Zig-zag pattern
• Columnar → Arrange in columns + reorder by keyword
• Cipher text contains same letters, only positions change

Steganography

Steganography is the science of hiding information within other media so that the
existence of the information is concealed.

• Unlike cryptography, where the message is visible but unreadable, steganography

keeps the message completely hidden.
• Used to send secret data without alerting attackers.

Key Points

• Purpose: Hide secret message within a cover medium

• Cover Medium: Image, audio, video, text
• Secret Message: Actual information to hide
• Stego Medium: Medium after embedding the secret message

How Steganography Works

1. Choose a cover medium (e.g., an image)

2. Embed secret message into the medium using algorithms
3. Send the stego medium to the recipient
4. Recipient extracts the hidden message using a decoding algorithm

Diagram
Secret Message → [Embedding Algorithm] → Cover Medium → Stego Medium →
Transmission → [Extraction] → Secret Message

Advantages

• Conceals existence of message

• Can be combined with cryptography for extra security
• Difficult to detect for attackers

Limitations

• Limited amount of data can be hidden

• Large data may distort the cover medium
• Not a replacement for encryption

Exam Key Points

• Steganography = Hide data

• Cover medium → Carrier of secret data
• Stego medium → Contains hidden message
• Works with images, audio, video, text
Unit - IV Firewall and Encryption Algorithms
Firewall

Need of Firewall

A firewall is a network security system that monitors and controls incoming and outgoing
network traffic based on predefined security rules.

Purpose / Need:

• Protect internal network from unauthorized access

• Block malicious traffic (viruses, hackers)
• Control access to sensitive resources
• Monitor and log network activity
• Enforce security policies

Types of Firewalls

1. Packet Filtering Firewall

• Works at Network Layer (Layer 3)

• Checks IP addresses, protocol, port numbers of each packet
• Decision: Allow or block packet
• Fast and simple, but cannot detect complex attacks

Example: Block packets from a specific IP address

2. Stateful Packet Filtering Firewall

• Works at Network + Transport Layers

• Keeps track of active connections
• Can make decisions based on state of connection
• More secure than simple packet filters

Example: Allows only packets part of an established connection

3. Application Gateway / Proxy Firewall

• Works at Application Layer (Layer 7)

• Acts as a proxy between client and server
• Can inspect content and block malicious requests
• Slower but highly secure

Example: Web proxy firewall filtering HTTP requests

4. Circuit-Level Gateway Firewall

• Works at Transport Layer

• Monitors TCP handshakes and sessions
• Does not inspect packet contents
• Ensures valid connection establishment

Example: Allows only TCP connections after proper handshake

Firewall Diagram

[Internet] → [Firewall] → [Internal Network]

Types of firewall: Packet filter / Stateful / Proxy / Circuit

Key Points :

• Firewall = Network security device/software

• Blocks unauthorized access
• Packet Filter → Checks IP/port, fast
• Stateful → Checks connection state
• Application Gateway → Inspects application content
• Circuit Gateway → Checks TCP sessions
Firewall Policies, Configuration, Limitations & DMZ

1. Firewall Policies

Firewall policies are rules that determine which network traffic is allowed or blocked.

Key points:

• Define allow/deny rules for IP addresses, ports, and protocols

• Can be Inbound (coming from internet) or Outbound (going to internet)
• Ensure network security and compliance

Example:

• Block all incoming traffic except HTTP (port 80)

• Allow email server traffic only to internal mail server

2. Firewall Configuration

Configuration steps:

1. Define network zones – Internal, External, DMZ

2. Set access rules – Who can access what
3. Enable logging and alerts – Monitor traffic and attacks
4. Test rules – Ensure legitimate traffic is not blocked
5. Update regularly – Keep rules updated for new threats

Example:

• Internal users can access internet but internet cannot initiate connection to internal
network

3. Limitations of Firewalls

• Cannot protect against internal attacks

• Cannot block encrypted threats like VPN traffic unless decrypted
• Cannot detect malware in allowed traffic
 • Misconfiguration may allow unauthorized access
• Cannot protect against social engineering attacks

4. Demilitarized Zone (DMZ)

DMZ is a separate network segment between internal network and the internet.

Purpose:

• Hosts public-facing services like web servers, mail servers

• Adds extra layer of security between internet and internal network
• Traffic from internet can reach DMZ but not the internal network directly

Diagram :

Internet
│
▼
[Firewall] → DMZ → Public Servers (Web, Mail)
│
▼
[Firewall] → Internal Network → Private Servers, Users

Benefits:

• Limits exposure of internal network

• Allows controlled access to public services

Key Points

• Firewall policies = Rules to allow/block traffic

• Configuration → Define zones, rules, logging, test
• Limitations → Internal attacks, encrypted traffic, malware
• DMZ → Isolated network for public services, protects internal network
Cryptographic Algorithms

Cryptography algorithms are used to secure data using encryption and decryption.

There are symmetric and asymmetric algorithms.

1. DES (Data Encryption Standard)

• Symmetric-key algorithm
• Developed in 1977
• Uses 56-bit key to encrypt 64-bit blocks of data

Working

1. Plain text divided into 64-bit blocks

2. Each block passes through 16 rounds of substitution and permutation
3. Cipher text generated
4. Same key used for decryption

Diagram (Exam ):

Plain Text → [16 Rounds of Substitution & Permutation using 56-bit

Key] → Cipher Text
Cipher Text → [Decryption with same Key] → Plain Text

Advantages

• Simple and fast

• Widely used in past

Limitations

• Key size (56-bit) is small → vulnerable to brute force attacks

• Mostly replaced by AES today
2. AES (Advanced Encryption Standard)

• Symmetric-key algorithm
• Developed in 2001 to replace DES
• Supports 128-bit, 192-bit, 256-bit keys
• Encrypts data in 128-bit blocks

Working

1. Plain text divided into 128-bit blocks

2. Each block passes through multiple rounds of substitution, permutation, and
mixing
a. Number of rounds: 10 (128-bit), 12 (192-bit), 14 (256-bit)
3. Generates cipher text
4. Same key used for decryption

Diagram:

Plain Text → [SubBytes → ShiftRows → MixColumns → AddRoundKey] ×

Rounds → Cipher Text

Advantages

• High security (resistant to brute force)

• Fast and efficient
• Standard for modern encryption

Limitations

• More complex than DES

• Requires more computation

3. RSA (Rivest-Shamir-Adleman) Algorithm

• Asymmetric-key algorithm (Public Key Cryptography)

 • Developed in 1977
• Uses public and private keys

Working

1. Generate two large prime numbers → p and q

2. Compute modulus n = p × q
3. Compute public key (e, n) and private key (d, n)
4. Encryption: C = P^e mod n
5. Decryption: P = C^d mod n

Diagram :

Plain Text → [Encryption using Public Key] → Cipher Text

Cipher Text → [Decryption using Private Key] → Plain Text

Advantages

• Solves key distribution problem

• Supports digital signatures and authentication

Limitations

• Slower than symmetric algorithms

• Requires large key sizes for strong security

Quick Comparison

Algorithm Type Key Size Block Size Notes

DES Symmetric 56-bit 64-bit Fast, but insecure
today
AES Symmetric 128/192/256- 128-bit Modern standard,
bit secure
RSA Asymmetric 1024/2048-bit Variable Public/private key, slow
Exam Key Points ⭐

• DES → Old symmetric, small key, replaced

• AES → Modern symmetric, strong, multiple key sizes
• RSA → Asymmetric, uses public/private keys, digital signatures

Diffie–Hellman Key Exchange Algorithm

Introduction

Diffie–Hellman is a key exchange algorithm used to securely share a secret key

between two parties over an insecure network.

It is not used for encryption, only for key generation.

Working of Diffie–Hellman

1. Two users (Alice and Bob) agree on:

a. A public prime number (p)
b. A public base (g)
2. Alice chooses a private key (a)
3. Bob chooses a private key (b)
4. Alice computes:
a. A = g^a mod p → sends to Bob
5. Bob computes:
a. B = g^b mod p → sends to Alice
6. Both compute same secret key:
a. Alice: K = B^a mod p
b. Bob: K = A^b mod p
Diffie–Hellman Diagram

Public values: p, g

Alice Bob
Private key: a Private key: b
A = g^a mod p --------> B = g^b mod p
<--------
Shared Secret Key = g^(ab) mod p

Advantages

• Secure key exchange over public network

• No need to send secret key directly

Limitations

• Vulnerable to Man‑in‑the‑Middle attack

• Does not provide authentication

Man‑in‑the‑Middle (MITM) Attack

Introduction

A Man‑in‑the‑Middle attack occurs when an attacker secretly intercepts and alters

communication between two users without their knowledge.

How MITM Attack Works

1. User A thinks he is communicating with User B

2. Attacker places himself between A and B
3. Attacker reads, modifies, or steals data
4. Both users believe communication is secure
MITM Diagram
User A ←→ Attacker ←→ User B
(Thinks talking to B) (Thinks talking to A)

MITM in Diffie–Hellman

• Attacker exchanges separate keys with Alice and Bob

• Alice and Bob think they share a secret key
• Actually, attacker can read and modify all messages

Prevention Methods

• Use authentication (digital certificates)

• Use HTTPS / SSL / TLS
• Use authenticated Diffie–Hellman

Exam Key Points ⭐

• Diffie–Hellman → Key exchange algorithm

• No direct secret key transmission
• MITM attack → Attacker sits between two users
• Diffie–Hellman alone is vulnerable to MITM

Hash Functions

Introduction

A hash function is a one-way function that takes input data (message) and produces a
fixed-size output called hash value or message digest.

• One-way: Cannot retrieve original message from hash

• Used for: Data integrity, digital signatures, password storage

Example:
Plain text → Hash function → Fixed-length hash value

Features of Hash Functions

1. Deterministic – Same input always gives same hash

2. Fixed-length output – No matter the input size
3. Fast computation – Easy to calculate hash
4. Pre-image resistance – Cannot reverse the hash to get input
5. Collision-resistant – Two different inputs should not produce same hash
6. Avalanche effect – Small change in input changes hash drastically

1. MD5 (Message Digest 5)

Introduction

• Developed in 1991
• Produces 128-bit hash value
• Widely used for data integrity verification

Working

1. Input message is padded to 512-bit blocks

2. Processed in four rounds of operations (bitwise operations, modular addition,
etc.)
3. Produces 128-bit message digest

Diagram (Exam )

Plain Text → [MD5 Hash Function] → 128-bit Hash Value

Advantages

• Fast and simple

• Commonly used in checksums
Limitations

• Vulnerable to collision attacks

• Not recommended for high-security applications

2. SHA (Secure Hash Algorithm)

Introduction

• Developed by NIST
• Produces 160-bit (SHA-1), 256-bit (SHA-256), 512-bit (SHA-512) hash values
• More secure than MD5

Working

1. Input message divided into 512-bit blocks

2. Uses logical functions, modular addition, and bitwise operations
3. Produces fixed-length message digest

Diagram

Plain Text → [SHA Algorithm] → Fixed-length Hash Value (160/256/512-

bit)

Advantages

• Stronger than MD5

• Resistant to collisions (SHA-256 and SHA-512)
• Used in digital signatures, SSL, blockchain

Limitations

• Slightly slower than MD5

• SHA-1 is now considered weak for modern security
Quick Comparison: MD5 vs SHA

Feature MD5 SHA

Output Size 128-bit 160/256/512-bit
Security Weak (collisions) Stronger
Speed Faster Slightly slower
Use Checksums, SSL, Blockchain, Digital
legacy Signatures

Exam Key Points ⭐

• Hash function → One-way, fixed-size output

• Features → Deterministic, collision-resistant, avalanche effect
• MD5 → 128-bit, fast, less secure
• SHA → 160/256/512-bit, more secure, widely used

Digital Signature

Introduction

A digital signature is a cryptographic technique used to:

• Verify the authenticity of a message or document

• Ensure integrity (message is not altered)
• Provide non-repudiation (sender cannot deny sending)
• It is the electronic equivalent of a handwritten signature
• Uses asymmetric cryptography (public/private key)

Working of Digital Signature

1. Sender creates message digest of the plain text using a hash function (e.g., SHA-
256)
2. Digest is encrypted with sender’s private key → Digital signature
 3. Digital signature sent along with original message
4. Receiver decrypts signature using sender’s public key → Obtains digest
5. Receiver also computes digest from received message
6. If both digests match → message is authentic and unaltered

Diagram (Exam )

Sender: Plain Text → [Hash Function] → Digest → [Encrypt with Private

Key] → Digital Signature
Send → Message + Digital Signature
Receiver: Digital Signature → [Decrypt with Public Key] → Digest
Compare with Hash(Received Message) → Match = Authentic

Advantages of Digital Signature

• Verifies sender identity

• Ensures message integrity
• Provides non-repudiation
• Secure and tamper-proof

Limitations

• Requires secure key management

• Slower than plain message transmission
• Depends on trusted certificate authorities (CA)

Digital Certificate

• A digital certificate is an electronic document issued by a Certificate Authority

(CA)
• It binds a public key to an individual, organization, or device

Purpose

• Verify identity of sender

 • Ensure public key belongs to claimed entity
• Used in SSL/TLS, secure emails, and digital signatures

Contents of Digital Certificate:

• Owner’s public key

• Owner details (name, organization)
• Issuer details (CA name)
• Validity period
• Digital signature of CA

Digital Certificate Diagram

User A wants to send secure message → Uses Receiver’s Public Key

Digital Certificate issued by CA → Confirms public key ownership →
Receiver verifies sender

Key Points

• Digital Signature → Authenticate + Integrity + Non-repudiation

• Uses hash function + private key
• Digital Certificate → Binds public key to user
• Issued by Certificate Authority (CA)

• Enables trust in digital communication

Unit - V Network and Database Security

Intrusion Detection System (IDS)

Introduction

Intrusion Detection System (IDS) is a security system that monitors network or system
activities for malicious activities or policy violations.

• Detects attacks, unauthorized access, and security breaches

• Sends alerts to administrators
• Does not prevent attacks (contrast with IPS)

Types of IDS

1. Network-based IDS (NIDS)

• Monitors network traffic for suspicious activity

• Placed at strategic points in the network
• Detects attacks like:
o Port scanning
o Denial of Service (DoS)
o Malware propagation

Example: Snort

Diagram (Exam )

[Network Traffic] → [NIDS Sensor] → [Alert / Log]

2. Host-based IDS (HIDS)

• Monitors activities on a single host or server

 • Detects unauthorized file changes, login attempts, system logs
• Can monitor:
o File integrity
o System calls
o Application logs

Example: OSSEC

Diagram (Exam )

[Host System] → [HIDS Agent] → [Alert / Log]

3. Honeypots

• Decoy systems designed to attract attackers

• Used to study attacker behavior without risking real systems
• Can be:
o Low-interaction → Simulates services
o High-interaction → Full operating system environment

Benefits:

• Diverts attacker from real systems

• Collects intelligence about attacks

Diagram (Exam )

[Attacker] → [Honeypot] → [Monitor & Analyze]

Advantages of IDS

• Detects intrusions early

• Monitors network and host activities
• Provides audit and alerting
Limitations of IDS

• Cannot prevent attacks

• High false positive rate possible
• Requires constant monitoring and maintenance

Exam Key Points ⭐

• IDS → Monitors for attacks, sends alerts

• NIDS → Network traffic monitoring
• HIDS → Host/system monitoring
• Honeypots → Decoy systems to trap attackers
• IDS ≠ IPS (IDS detects, IPS blocks)

Kerberos

Introduction

Kerberos is a network authentication protocol that allows secure authentication over

an insecure network.

• Uses symmetric key cryptography and tickets

• Developed at MIT for secure client-server communication

Components of Kerberos

1. Authentication Server (AS)

a. Verifies user credentials
b. Issues Ticket Granting Ticket (TGT) to authenticated users
2. Ticket Granting Service (TGS)
a. Issues service tickets based on TGT
b. Allows user to access specific network services
3. Service Server (SS)
a. Provides the requested service to the user
b. Validates service ticket
Working of Kerberos

Step-by-Step:

1. User logs in → Sends credentials to AS

2. AS verifies → Issues TGT
3. User sends TGT to TGS → Requests access to a specific service
4. TGS issues service ticket
5. User presents service ticket to SS → Access granted

Diagram :

User → AS → TGT
User + TGT → TGS → Service Ticket
User + Service Ticket → SS → Access Granted

Advantages

• Provides mutual authentication

• Protects credentials over network
• Uses time-stamped tickets to prevent replay attacks

Limitations

• Single point of failure if AS is compromised

• Requires time synchronization
IP Security (IPSec)

Overview

IPSec is a protocol suite to secure IP communications by authenticating and encrypting

each IP packet.

• Works at network layer

• Provides: Confidentiality, Integrity, Authentication

IPSec Protocols

1. Authentication Header (AH)

• Provides authentication and integrity of IP packets

• Does not encrypt data
• Ensures packet is from a trusted source

2. Encapsulating Security Payload (ESP)

• Provides confidentiality, integrity, and authentication

• Encrypts IP packet payload
• Can also provide anti-replay protection

IPSec Modes

1. Transport Mode

• Encrypts only the payload of the IP packet

• Header remains unchanged
• Used for end-to-end communication
2. Tunnel Mode

• Encrypts entire IP packet

• Encapsulates it in a new IP packet with new header
• Used for VPNs / gateway-to-gateway communication

Diagram

Transport Mode: [IP Header][Encrypted Payload]

Tunnel Mode: [New IP Header][Encrypted [Original IP Header +
Payload]]

Key Points ⭐

Kerberos:

• AS → Authenticate user & issue TGT

• TGS → Issue service ticket
• SS → Provides service
• Uses symmetric keys & time-stamped tickets

IPSec:

• AH → Authentication & integrity (no encryption)

• ESP → Authentication + Integrity + Encryption
• Transport → encrypt payload only
• Tunnel → encrypt entire IP packet

E-mail Security

Introduction

E-mail security ensures that electronic mails are protected against:

• Unauthorized access
• Alteration
• Forgery
• Replay attacks
It provides confidentiality, integrity, authentication, and non-repudiation.

1. Simple Mail Transfer Protocol (SMTP)

Introduction

• SMTP is a protocol used to send emails across networks

• By default, SMTP is not secure (plain text transmission)

Security Enhancement

• SMTP can be combined with:

o STARTTLS → encrypts communication
o SMTP Authentication (SMTP AUTH) → verifies sender identity

Diagram (Exam )

User → SMTP Server → Internet → Recipient SMTP Server → Recipient

2. Pretty Good Privacy (PGP)

Introduction

• Developed by Phil Zimmermann

• Provides encryption and digital signatures for emails
• Uses hybrid cryptography:
o Symmetric key for message encryption
o Asymmetric key for key exchange and signatures

Working

1. Message encrypted with session key

2. Session key encrypted with recipient’s public key
3. Sender signs message with private key
4. Recipient decrypts session key → decrypts message → verifies signature
Diagram :

Plain Text → [Encrypt with Symmetric Key] → Cipher

Symmetric Key → [Encrypt with Receiver's Public Key]
Message + Encrypted Key → Sent → Receiver decrypts

3. Secure/Multipurpose Internet Mail Extensions (S/MIME)

Introduction

• Standard for public key encryption and signing of emails

• Provides:
o Confidentiality (encrypt message)
o Integrity & Authentication (digital signature)
• Widely used in enterprise email systems

Diagram (Exam )

Message → [S/MIME Encryption & Signature] → Sent → Receiver verifies &

decrypts

4. Privacy Enhanced Mail (PEM)

Introduction

• Developed to provide privacy and authentication for emails

• Uses:
o Digital signatures
o Encryption
o X.509 certificates for key management

Working

• Messages are digitally signed and/or encrypted

• Receiver verifies signature → decrypts message
Diagram (Exam )

Plain Text → [Encrypt + Sign using PEM] → Send → Receiver decrypt &
verify

Key Points ⭐

Protocol/Method Purpose Key Feature

SMTP Sending emails Requires security
enhancements
PGP Encryption + digital Hybrid cryptography
signature
S/MIME Encryption + signing Enterprise email security
standard
PEM Privacy, authentication Digital signatures + X.509
certs

Notes:

• PGP & S/MIME → provide confidentiality, integrity, authentication

• PEM → Older standard, replaced by S/MIME in practice
• All methods protect email from eavesdropping & tampering

Database Security

Introduction

Database security refers to protecting database systems from unauthorized access,

misuse, and attacks.

• Ensures confidentiality, integrity, and availability of data

• Protects sensitive information in organizations
1. Need for Database Security

• Databases store critical and sensitive data (e.g., banking, healthcare)

• Protect against unauthorized access and data theft
• Prevent data tampering (accidental or intentional)
• Maintain data availability for authorized users
• Comply with legal and regulatory standards

2. SQL Injection Attack

Introduction

• SQL Injection is a common attack on web applications

• Attacker injects malicious SQL code into input fields to manipulate database

How it works

1. User input not properly validated

2. Attacker enters SQL code in input field
3. Database executes malicious query → Unauthorized access or data leakage

Example:

• Input: ' OR '1'='1

• Query becomes: SELECT * FROM users WHERE username='' OR '1'='1' →
Returns all records

Prevention:

• Use parameterized queries / prepared statements

• Input validation and sanitization
• Limit database privileges

Diagram (Exam )
User Input → [Web Application] → Malicious SQL → Database → Data
leaked / manipulated

3. Database Encryption

Introduction

• Encrypts sensitive data stored in the database

• Even if database is compromised, data remains unreadable without key

Methods

1. Transparent Data Encryption (TDE) → Encrypts entire database or specific

columns
2. Field-level encryption → Encrypts sensitive columns (e.g., passwords, credit cards)
3. Backup encryption → Ensures database backups are secure

Diagram (Exam )

Plain Data → [Encryption Key] → Encrypted Data → Stored in Database

Advantages of Database Security

• Prevents unauthorized access

• Protects against SQL injection & data theft
• Ensures data confidentiality and integrity

Limitations

• Encryption may slow down database operations

• Requires key management
• Cannot prevent insider attacks alone → need access control
 Exam Key Points ⭐

• Database security → Protects data from unauthorized access & attacks

• SQL Injection → Exploit input fields, prevent via validation & prepared statements
• Database encryption → Data unreadable without key, methods: TDE, field-level,
backup

Cloud Security

Introduction

Cloud security refers to the set of policies, technologies, and controls used to protect
data, applications, and infrastructure in cloud computing environments.

• Ensures confidentiality, integrity, and availability of cloud resources

• Protects against cyber attacks, data breaches, and unauthorized access

1. Essential Characteristics of Cloud

1. On-demand self-service → Users can provision computing resources as needed

2. Broad network access → Accessible from multiple devices and locations
3. Resource pooling → Multiple users share resources dynamically
4. Rapid elasticity → Resources can scale up or down quickly
5. Measured service → Usage is monitored, controlled, and billed

2. Cloud Service Models

Model Description Examples

IaaS (Infrastructure as a Provides virtualized computing AWS EC2, Google Compute
Service) resources Engine
PaaS (Platform as a Provides platform & tools for app Google App Engine,
Service) development Microsoft Azure
SaaS (Software as a Provides ready-to-use applications Gmail, Office 365,
Service) over internet Salesforce
3. Cloud Deployment Models

Model Description
Public Cloud Resources hosted by third-party provider, shared by multiple
users
Private Cloud Cloud infrastructure owned by a single organization, private
access
Hybrid Cloud Combination of public and private clouds for flexibility
Community Cloud Shared by organizations with common concerns or
requirements

Diagram (Exam )

User → Public / Private / Hybrid / Community Cloud → Cloud Services

(IaaS, PaaS, SaaS)

4. Cloud-Specific Security Threats

1. Data Breach → Unauthorized access to sensitive data

2. Account Hijacking → Theft of cloud credentials
3. Insider Threats → Malicious actions by cloud provider employees
4. Insecure APIs → Vulnerabilities in cloud service interfaces
5. Denial of Service (DoS) → Attacker overloads cloud service
6. Shared Technology Vulnerabilities → Multi-tenant architecture risks

Diagram

[User / Applications] → [Cloud Infrastructure] → Threats: Data Breach,

Hijacking, DoS, Insider Attack

Exam Key Points ⭐

• Cloud security → Protect data, applications, infrastructure

• Essential characteristics → On-demand, scalable, network accessible, resource
pooling
• Service models → IaaS, PaaS, SaaS
• Deployment models → Public, Private, Hybrid, Community
• Threats → Data breach, account hijacking, insider threats, insecure APIs, DoS