Network and Data Security

CIA Model
• Confidentiality
• Integrity
• Availability
Confidentiality:
• It means that only authorized users can view or access the
system.
• The data which is sent over the network should not be
accessed by an unauthorized users.
• Use of Encryption algorithms to safeguard the data from
the attacker.
• Example AES, DES, VPN ( which helps the data to move
securely on the network)
Integrity:

• It means the accuracy of the data means the focus is

to make sure that the data has not been modified.

• Hash function is used to check whether the data has

been modified or not.

• Hash function is used at both sender and receiver side.

Availability:

• It means that the network should be readily available

to its users.

• All necessary network hardware, make regular updates

and prevent bottleneck in a network.

• Some attacks render a network unavailable as the

resources of the network get exhausted.
Network security Vs. Cyber Security
• Network security is defined as the activity created to protect
the integrity of the network and data.
• It is the practice of protecting a computer network from
unauthorized access, misuse, or attacks.
• It involves using tools, technologies, and policies to ensure
that data traveling over the network is safe and secure,
keeping sensitive information away from hackers and other
threats.
• network security focuses on protecting the infrastructure of a
network, cybersecurity, on the other hand, focuses on
protecting data stored within the network.
• Cyber Security is the measure to protect our system from
Attacks (cyber attacks and malicious attacks).

• It protects cyberspace from attacks and damages.

• Network security is a subset of cyber security and cyber

security is a subset of information security.

Information Security
Cyber Security Network Security
Threat, Vulnerability, Risk
A cyber threat is a malicious act that seeks to steal or damage data or
discompose the digital network or system.

Threats can also be defined as the possibility of a successful cyber

attack to get access to the sensitive data of a system unethically.

Examples of threats include computer viruses, Denial of Service

(DoS) attacks

Types of threat are Intentional, unintentional, natural

In cybersecurity, a vulnerability is a flaw in a system’s design,
security procedures, internal controls, etc., that can be exploited by
cyber criminals.

Cyber risk is a potential consequence of the loss or damage of

assets or data caused by a cyber threat.

Risk can never be completely removed, but it can be managed to a

level that satisfies an organization’s tolerance for risk.
Risk = Threat + Vulnerability.
Risk can be external or internal.
Active Attacks:
Active attacks are the type of attacks in which, the attacker efforts
to change or modify the content of messages.

Active Attack is dangerous to Integrity as well as Availability.

Due to active attack system is always damaged and System

resources can be changed.

The most important thing is that, In an active attack, Victim gets

informed about the attack.
• Passive Attacks:
Passive Attacks are the type of attacks in which, the attacker
observes the content of messages or copies the content of
messages.

Passive Attack is a danger to Confidentiality.

Due to passive attack, there is no harm to the system.

The most important thing is that In a passive attack, Victim does

not get informed about the attack.
Cyber attacks:

• A cyberattack is an attempt to steal, alter, destroy, disrupt, or

disable information resources and systems found in computer
networks and systems.

1. Malware
• Cyber attackers use harmful software such as spyware, viruses,
ransomware, and worms known as malware to access the system's
data.
• When we click on a malicious attachment or link, the malware
can install itself and become active on our device.
2. Password Attack
• It is a form of attack wherein a hacker cracks your password with
various programs and password cracking tools like Aircrack, Cain,
Abel, John the Ripper, Hashcat, etc. There are different types of
password attacks like brute force attacks, dictionary attacks, and
keylogger attacks.
3. Phishing
• Phishing attacks rely on communication methods like email to
convince you to open the message and follow the instructions
inside.
• If you follow the attackers’ instructions, they gain access to
personal data, such as credit cards, and can install malware on
your device.
4. Spoofing
• Cyber attackers will sometimes imitate people or companies to
trick you into giving up personal information.
• This can happen in different ways. A common spoofing strategy
involves using a fake caller ID, where the person receiving the
call doesn’t see that the number is falsified.
5. Backdoor Trojan
• Backdoor Trojan attacks involve malicious programs that can
deceptively install malware or data and open up what’s referred to as
the “backdoor” to your computer system.
• When attackers gain access to the backdoor, they can hijack the device
without it being known to the user.
6. Denial-of-service attack
• A denial-of-service attack causes an entire device or operating system
to shut down by overwhelming it with traffic, causing it to crash.
• Attackers don’t often use this method to steal information. Instead, it
costs the victim time and money to get their systems up and running
again.
• Typically use this method when the target is a trade organization or
government entity.
7. Ransomware
• It is malicious software that cyber attackers can install on your
device, allowing them to block your access until you pay the
attackers a ransom.
• However, paying the ransom doesn’t guarantee the removal of the
software, so experts often advise individuals not to pay the ransom
if possible.
Cryptography:
The objective of the cryptography is to secure and
protect sensitive information by encoding it in a way that
only authorized parties can understand it.
• Types of Cryptography
Symmetric Key Cryptography:
• It is an encryption system where the sender and receiver of a message
use a single common key to encrypt and decrypt messages.
• It is faster and simpler but the problem is that the sender and receiver
must somehow exchange keys securely
• DES (Data Encryption System) and AES (Advanced Encryption
System) are the most common example.
Asymmetric Key Cryptography:
• In this a pair of keys is used to encrypt and decrypt
information.
• A receiver’s public key is used for encryption and a
receiver’s private key is used for decryption.
• RSA is an example of Asymmetric key cryptography.
Cipher
• A method or a set of rules for performing encryption or decryption of
information – a step-by-step process.
Types of cipher
1. Substitution cipher
2. Transposition cipher
Substitution ciphers involve replacing each member of the plaintext
with another member which can be of the same set.
One of the early examples of the substitution technique is the Caesar
cipher
• Transposition ciphers are those forms of ciphers that work on
the principle of shifting the positions of the characters of the
plaintext to create the ciphertext.

• While in substitution ciphers the actual letters are replaced,

by replacing characters of the plaintext to create the
ciphertext.
Monoalphabetic cipher Vs. Polyalphabetic cipher

A Monoalphabetic Cipher is a cipher where each letter in the

plaintext is always mapped to the same letter in the ciphertext
Example: Ceaser cipher
While a Polyalphabetic Cipher is a cipher where each letter in
the plaintext can be encrypted to multiple possible letters in the
ciphertext, depending on its position and a more complex
algorithm.
Example: Hill cipher
• Caesar Cipher
It is a simple encryption technique that was used by Julius Caesar to
send secret messages.
It works by shifting the letters in the plaintext message by a certain
number of positions, known as the “shift” or “key”.
For example with a shift of 1, A would be replaced by B, B would
become C, and so on.
E​(x)=(x+n)mod 26
(Encryption Phase with shift n)
D(x)=(x−n)mod 26
(Decryption Phase with shift n)
Playfair Cipher
Key: monarchy
Plaintext: instruments Ciphertext: gatlmzclrqtx
• Hill cipher
The encrypted message will be obtained by using
C= KP mod 26
Where K= key, P= plaintext
The decryption is given as
P= Inverse(A)C mod 26

Input : Plaintext: ACT

Key: GYBNQKURP
Output : Ciphertext: POH
Data Encryption Standard (DES)

• It is a block cipher with a 56-bit key length that has played a

significant role in data security.

• It has been found vulnerable to very powerful attacks

therefore, the popularity of DES has been found slightly on
the decline.

• It is a block cipher and encrypts data in blocks of size of 64

bits each, which means 64 bits of plain text go as the input to
DES, which produces 64 bits of ciphertext.
• The key length is 56 bits.

• Actually, The initial key consists of 64 bits. However, before

the DES process even starts, every 8th bit of the key is
discarded to produce a 56-bit key. That is bit positions 8, 16,
24, 32, 40, 48, 56, and 64 are discarded.

• Thus, the discarding of every 8th bit of the key produces a 56-
bit key from the original 64-bit key.

• DES is based on the two fundamental attributes

of cryptography: substitution (also called confusion) and
transposition (also called diffusion).
• DES consists of 16 steps, each of which is called a round. Each
round performs the steps of substitution and transposition.
• In the first step, the 64-bit plain text block is handed over to an
initial Permutation (IP) function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the
permuted block; saying Left Plain Text (LPT) and Right Plain
Text (RPT).
• Now each LPT and RPT go through 16 rounds of the
encryption process.
• In the end, LPT and RPT are rejoined and a Final Permutation
(FP) is performed on the combined block
• The result of this process produces 64-bit ciphertext.
Initial Permutation:
It happens only once and it happens before the first round. It suggests
how the transposition in IP should proceed
For example, it says that the IP replaces the first bit of the original
plain text block with the 58th bit of the original plain text, the second
bit with the 50th bit of the original plain text block, and so on.
• The resulting 64-bit permuted text block is divided into two half
blocks. Each half-block consists of 32 bits, and each of the 16
rounds, in turn, consists of the broad-level steps outlined in the
figure.
 Asymmetric
Encryption
RSA (Rivest–Shamir–Adleman)
Algorithm
❑ RSA algorithm is asymmetric cryptography algorithm.

❑ The idea! The idea of RSA is based on the fact that it is difficult to
factorize a large integer. The public key consists of two numbers
where one number is multiplication of two large prime numbers.
And private key is also derived from the same two prime
numbers.
❑ So if somebody can factorize the large number, the private key is
compromised. Therefore encryption strength totally lies on the key
size and if we double or triple the key size, the strength of
encryption increases exponentially. RSA keys can be typically 1024
or 2048 bits long, but experts believe that 1024 bit keys could be
broken in the near future. But till now it seems to be an infeasible
task.
Asymmetric Encryption
RSA Algorithm
• Choose two large prime numbers p & q
• Compute n=pq and z=(p-1)(q-1)
• Choose number e, less than n, which has no common factor
(other than 1) with z
• Find number d, such that ed – 1 is exactly divisible by z
• Keys are generated using n, d, e
– Public key is (n,e)
– Private key is (n, d)
• Encryption: c = me mod n
– m is plain text
– c is cipher text
• Decryption: m = cd mod n
• Public key is shared and the private key is hidden
Asymmetric Encryption
RSA

• P=5 & q=7

• n=5*7=35 and z=(4)*(6) = 24
• e=5
• d = 29 , (29x5 –1) is exactly divisible by 24
• Keys generated are
– Public key: (35,5)
– Private key is (35, 29)
• Encrypt the following words using (c = me mod n)
– Assume that the alphabets are between 1 & 26

Plain Text Numeric Representation me Cipher Text (c = m e mod n)

l 12 248832 17
o 15 759375 15
e 5 3125 10
RSA
Asymmetric Encryption
• Decrypt the word loe using (m = cd mod n)
– n = 35, c=29

Ciphe cd (m = me mod n) Plai

r n
Text Text

17 481968572106750915091411825223072000 12 l

15 12783403948858939111232757568359400 15 o

10 100000000000000000000000000000 5 e
 Asymmetric Encryption
Weaknesses

• Efficiency is lower than Symmetric Algorithms

– A 1024-bit asymmetric key is equivalent to 128-bit
symmetric key
• Potential for man-in-the middle attack
• It is problematic to get the key pair generated for the
encryption
Advanced Encryption
Standard(AES)
•Goals:
•
To review the overall structure of AES and to focus particularly on
the four steps
•
(1) byte substitution,
•
(2) shift rows,
•
(3) mix columns
•
(4) round key.
 • F E AT U R E S O F A E S
•
AES is a block cipher with a block length of 128 bits.
•
AES allows for three different key lengths: 128, 192, or 256 bits.

• the main thing that changes in A E S is how you generate the key schedule from the key.

•
Encryption consists of 10 rounds of processing for 128-bit keys,
•
12 rounds for 192-bit keys,
•
14 rounds for 256-bit keys.
•
Except for the last round in each case, all other rounds are identical.
•
Each round of processing includes one single-byte based substitution step, a row-wise
permutation step, a column-wise mixing step, and the addition of the round key. T h e order
in which these four steps are executed is diff erent for encrypti on
• and decrypti on.
1. To appreciate the use of “row” and “column” in the previous bullet, you need to
think of the input 128-bit block as consisting of a 4 × 4 array of bytes, arranged
as follows:

2. Notice that the fi rst four bytes of a 128-bit input block occupy the first column
in the 4 × 4 array of bytes. The next four bytes occupy the second column, and so
on.
3. AES also has the notion of a word. A word consists of four bytes, that is 32
bits. Therefore, each column of the state array is a word, as is each row.

4. Each round of processing works on the input state array and produces an
output state array.

5. The output state array produced by the last round is rearranged into a 128-bit
output block.
•
Unlike DES, the decryption algorithm differs substantially from the
encryption algorithm. Although, overall, very similar steps are used in
encryption and decryption, their implementations are not identical
and the order in which the steps are invoked is different, as
mentioned previously.
•
AES uses is a substi tuti on-permutati on network in a more
general sense. Each round of processing in AES involves byte-level
substitutions followed by word-level permutations.
•
DES also involves substitutions and permutations, except that the
permutations are based on the Feistel notion of dividing the input
block into two halves, processing each half separately, and then
swapping the two halves.
Diffie-Hellman algorithm:
The Diffie-Hellman algorithm is being used to establish a shared secret
that can be used for secret communications while exchanging data over
a public network.
•For the sake of simplicity and practical implementation of the algorithm,
we will consider only 4 variables, one prime P and G (a primitive root of
P) and two private values a and b.
•P and G are both publicly available numbers. Users (say Alice and Bob)
pick private values a and b and they generate a key and exchange it
publicly. The opposite person receives the key and that generates a
secret key, after which they have the same secret key to encrypt.

Step-by-Step explanation is as follows:

 Alice Bob
Public Keys available = P, G Public Keys available = P, G

Private Key Selected = a Private Key Selected = b

Key generated = Key generated =

x=GamodPx=GamodP y=GbmodPy=GbmodP

Exchange of generated keys takes place

Key received = y key received = x

Generated Secret Key = Generated Secret Key =

ka=yamodPka​=yamodP kb=xbmodPkb​=xbmodP
Algebraically, it can be shown that
ka​=kb​
Step 1: Alice and Bob get public numbers P = 23, G = 9

Step 2: Alice selected a private key a = 4 and

Bob selected a private key b = 3

Step 3: Alice and Bob compute public values

Alice: x =(9^4 mod 23) = (6561 mod 23) = 6
Bob: y = (9^3 mod 23) = (729 mod 23) = 16

Step 4: Alice and Bob exchange public numbers

Step 5: Alice receives public key y =16 and

Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 = 9
Bob: kb = x^b mod p = 216 mod 23 = 9

Step 7: 9 is the shared secret.

Conclusion
The value of P : 23
The value of G : 9
The private key a for Alice : 4
The private key b for Bob : 3
Secret key for the Alice is : 9
Secret key for the Bob is : 9