Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Introduction to Information Security And Cryptograph, Study notes of Computer Science

Security: Protecting systems and data from unauthorized access using tools like antivirus software and encryption (e.g., HTTPS). Types of Attacks: Active (e.g., MITM, DoS) and Passive (e.g., eavesdropping) attacks. Cyber Criminals: Hackers, Crackers, and Cyber Terrorists. Security Services: Ensuring Confidentiality, Integrity, Authentication, Non-repudiation, and Availability. Security Mechanisms: Tools like Encryption (e.g., AES), Access Control, IDS, and Firewalls. Cryptography: Concepts like Substitution Ciphers, Symmetric/Asymmetric Encryption, and DES Modes (ECB, CBC). Practical Uses: Hash Functions, Key Exchange, Digital Signatures, and SSL/TLS Certificates for secure communication.

Typology: Study notes

2024/2025

Available from 07/02/2025

rohit-kumar-2dk
rohit-kumar-2dk 🇮🇳

1 document

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Information Security & CyberLaw
Security: Security refers to the measures taken to protect computers, systems, and networks
from unauthorized access, data breaches, or attacks. These measures are essential to ensure that
sensitive information and resources are safeguarded against malicious activities.
Example:
Antivirus software is used as a security measure to protect systems from malware and viruses, which
can steal sensitive data or damage systems.
Encryption is used to secure information during transmission over the internet (e.g., HTTPS for secure
browsing).
Attacks: Attacks can be classified into two types:
Active Attacks: Active attacks involve tampering with data or disrupting the normal functioning of a system.
Examples:
Man-in-the-Middle Attack (MITM): An attacker intercepts the communication between two parties
and may alter the content being exchanged.
Denial of Service (DoS): The attacker overwhelms a system with a flood of traffic, causing it to
become unavailable.
Passive Attacks: In passive attacks, the attacker intercepts or monitors communication without
altering the data.
Examples:
Eavesdropping: An attacker secretly listens to private communication (e.g., capturing data packets over
an unencrypted Wi-Fi network).
Traffic Analysis: The attacker analyzes patterns of communication to infer sensitive information
without altering the actual content.
pf3
pf4
pf5

Partial preview of the text

Download Introduction to Information Security And Cryptograph and more Study notes Computer Science in PDF only on Docsity!

Information Security & CyberLaw

Security: Security refers to the measures taken to protect computers, systems, and networks

from unauthorized access, data breaches, or attacks. These measures are essential to ensure that

sensitive information and resources are safeguarded against malicious activities.

Example :

Antivirus software is used as a security measure to protect systems from malware and viruses, which can steal sensitive data or damage systems.

Encryption is used to secure information during transmission over the internet (e.g., HTTPS for secure browsing).

Attacks: Attacks can be classified into two types:

Active Attacks : Active attacks involve tampering with data or disrupting the normal functioning of a system.

Examples :

Man-in-the-Middle Attack (MITM) : An attacker intercepts the communication between two parties and may alter the content being exchanged.

Denial of Service (DoS) : The attacker overwhelms a system with a flood of traffic, causing it to become unavailable.

Passive Attacks : In passive attacks, the attacker intercepts or monitors communication without

altering the data.

Examples :

Eavesdropping : An attacker secretly listens to private communication (e.g., capturing data packets over an unencrypted Wi-Fi network).

Traffic Analysis : The attacker analyzes patterns of communication to infer sensitive information without altering the actual content.

Computer Criminals

Computer criminals are individuals who exploit computer systems and networks for malicious

purposes.

Examples :

Hackers : Unauthorized individuals who gain access to systems, often for malicious reasons. For example, hackers may break into a company’s network to steal data.

Crackers : Similar to hackers, but with the intention to cause harm, such as spreading malware or disrupting systems.

Cyber Terrorists : Individuals or groups who use computer networks to cause damage to national security, such as disrupting critical infrastructure.

Security Services: Security services are designed to provide essential protections for

information systems. The key security services are:

Confidentiality : Ensures that information is accessible only to authorized individuals. Unauthorized access to sensitive data is prevented.

Example : Snort IDS : An open-source intrusion detection system that monitors network traffic and alerts administrators of suspicious activity.

Firewalls : A network security system that monitors and controls incoming and outgoing traffic based on security rules.

Example : Hardware Firewalls : Used to protect a network by blocking unauthorized access to systems, while allowing legitimate communication.

Thank you for the clarification! Below are the updated notes following the format you've provided:

Substitution Ciphers

Security : ciphers transform plaintext into ciphertext by replacing each letter or symbol in the plaintext with another. The key for this cipher determines how each letter is substituted.

Example : Caesar Cipher : A common substitution cipher where each letter in the plaintext is shifted by a fixed number of places in the alphabet. For example, with a shift of 3, A becomes D, B becomes E, and so on.

Transposition Ciphers

Security : ciphers rearrange the order of characters in the plaintext, making it difficult for an attacker to decipher the original message without knowing the key.

Example : Columnar Transposition : In this method, the plaintext is written in rows of a fixed length, then the columns are permuted according to a key. For example, with the key "4312", the columns would be reordered in that specific order.

Confusion and Diffusion

These are principles from Claude Shannon, designed to strengthen encryption.

Confusion

Security : ensures that the relationship between the key and ciphertext is complex, meaning that even slight changes in the key should result in drastic changes in the ciphertext.

Example : AES achieves confusion by substituting each byte in the block based on the key, making it difficult for attackers to deduce the key from the ciphertext.

Diffusion

Security : spreads the influence of each plaintext character over multiple ciphertext characters, ensuring that small changes in the plaintext result in significant changes in the ciphertext.

Example :

DES achieves diffusion by permuting the bits of the input data, so each output bit depends on many input bits.

Symmetric Encryption

Security : encryption uses the same key for both encryption and decryption. Both parties involved in communication must securely share the key in advance.

Example : AES (Advanced Encryption Standard) : A widely-used symmetric encryption algorithm that encrypts data in fixed-size blocks. AES uses multiple rounds of transformations to ensure the confidentiality of data.

Asymmetric Encryption

Security : encryption involves two keys: a public key for encryption and a private key for decryption. The public key can be shared openly, while the private key remains secret.

Example : RSA (Rivest–Shamir–Adleman) : A popular asymmetric encryption algorithm that uses large prime numbers to generate a public-private key pair. Public keys are used for encryption, and private keys are used for decryption.

DES (Data Encryption Standard)

Security : DES is a symmetric encryption algorithm that was widely used but is now considered insecure due to its small key size (56 bits). It encrypts data in blocks of 64 bits.

Example : DES applies a series of substitutions and permutations to the plaintext in 16 rounds. Due to advancements in computing, DES can now be broken by brute force

Modes of DES

ECB (Electronic Codebook Mode)

Security : In ECB , each block of plaintext is encrypted independently using the same key. This mode is considered insecure because identical plaintext blocks produce identical ciphertext blocks, making it vulnerable to pattern analysis.

Digital Signatures

Security : Digital signatures are used to ensure the authenticity and integrity of digital messages. They are created using the sender’s private key and can be verified by anyone using the sender's public key.

Example : Signing an Email : A person digitally signs an email to prove that the message has not been altered and that it was indeed sent by them.

Digital Certificates

Security : Digital certificates are issued by trusted Certificate Authorities (CAs) and are used to verify the ownership of a public key. They help ensure that the public key used in encryption is legitimate.

Example : SSL/TLS Certificates : These certificates are used to secure websites by encrypting the communication between the server and the client (e.g., for online banking or shopping sites).