Download Introduction to Information Security And Cryptograph and more Study notes Computer Science in PDF only on Docsity!
Information Security & CyberLaw
Security: Security refers to the measures taken to protect computers, systems, and networks
from unauthorized access, data breaches, or attacks. These measures are essential to ensure that
sensitive information and resources are safeguarded against malicious activities.
Example :
● Antivirus software is used as a security measure to protect systems from malware and viruses, which can steal sensitive data or damage systems.
● Encryption is used to secure information during transmission over the internet (e.g., HTTPS for secure browsing).
Attacks: Attacks can be classified into two types:
Active Attacks : Active attacks involve tampering with data or disrupting the normal functioning of a system.
Examples :
● Man-in-the-Middle Attack (MITM) : An attacker intercepts the communication between two parties and may alter the content being exchanged.
● Denial of Service (DoS) : The attacker overwhelms a system with a flood of traffic, causing it to become unavailable.
Passive Attacks : In passive attacks, the attacker intercepts or monitors communication without
altering the data.
Examples :
● Eavesdropping : An attacker secretly listens to private communication (e.g., capturing data packets over an unencrypted Wi-Fi network).
● Traffic Analysis : The attacker analyzes patterns of communication to infer sensitive information without altering the actual content.
Computer Criminals
Computer criminals are individuals who exploit computer systems and networks for malicious
purposes.
Examples :
● Hackers : Unauthorized individuals who gain access to systems, often for malicious reasons. For example, hackers may break into a company’s network to steal data.
● Crackers : Similar to hackers, but with the intention to cause harm, such as spreading malware or disrupting systems.
● Cyber Terrorists : Individuals or groups who use computer networks to cause damage to national security, such as disrupting critical infrastructure.
Security Services: Security services are designed to provide essential protections for
information systems. The key security services are:
Confidentiality : Ensures that information is accessible only to authorized individuals. Unauthorized access to sensitive data is prevented.
Example : Snort IDS : An open-source intrusion detection system that monitors network traffic and alerts administrators of suspicious activity.
Firewalls : A network security system that monitors and controls incoming and outgoing traffic based on security rules.
Example : Hardware Firewalls : Used to protect a network by blocking unauthorized access to systems, while allowing legitimate communication.
Thank you for the clarification! Below are the updated notes following the format you've provided:
Substitution Ciphers
Security : ciphers transform plaintext into ciphertext by replacing each letter or symbol in the plaintext with another. The key for this cipher determines how each letter is substituted.
Example : Caesar Cipher : A common substitution cipher where each letter in the plaintext is shifted by a fixed number of places in the alphabet. For example, with a shift of 3, A becomes D, B becomes E, and so on.
Transposition Ciphers
Security : ciphers rearrange the order of characters in the plaintext, making it difficult for an attacker to decipher the original message without knowing the key.
Example : Columnar Transposition : In this method, the plaintext is written in rows of a fixed length, then the columns are permuted according to a key. For example, with the key "4312", the columns would be reordered in that specific order.
Confusion and Diffusion
These are principles from Claude Shannon, designed to strengthen encryption.
Confusion
Security : ensures that the relationship between the key and ciphertext is complex, meaning that even slight changes in the key should result in drastic changes in the ciphertext.
Example : AES achieves confusion by substituting each byte in the block based on the key, making it difficult for attackers to deduce the key from the ciphertext.
Diffusion
Security : spreads the influence of each plaintext character over multiple ciphertext characters, ensuring that small changes in the plaintext result in significant changes in the ciphertext.
Example :
● DES achieves diffusion by permuting the bits of the input data, so each output bit depends on many input bits.
Symmetric Encryption
Security : encryption uses the same key for both encryption and decryption. Both parties involved in communication must securely share the key in advance.
Example : AES (Advanced Encryption Standard) : A widely-used symmetric encryption algorithm that encrypts data in fixed-size blocks. AES uses multiple rounds of transformations to ensure the confidentiality of data.
Asymmetric Encryption
Security : encryption involves two keys: a public key for encryption and a private key for decryption. The public key can be shared openly, while the private key remains secret.
Example : RSA (Rivest–Shamir–Adleman) : A popular asymmetric encryption algorithm that uses large prime numbers to generate a public-private key pair. Public keys are used for encryption, and private keys are used for decryption.
DES (Data Encryption Standard)
Security : DES is a symmetric encryption algorithm that was widely used but is now considered insecure due to its small key size (56 bits). It encrypts data in blocks of 64 bits.
Example : DES applies a series of substitutions and permutations to the plaintext in 16 rounds. Due to advancements in computing, DES can now be broken by brute force
Modes of DES
ECB (Electronic Codebook Mode)
Security : In ECB , each block of plaintext is encrypted independently using the same key. This mode is considered insecure because identical plaintext blocks produce identical ciphertext blocks, making it vulnerable to pattern analysis.
Digital Signatures
Security : Digital signatures are used to ensure the authenticity and integrity of digital messages. They are created using the sender’s private key and can be verified by anyone using the sender's public key.
Example : Signing an Email : A person digitally signs an email to prove that the message has not been altered and that it was indeed sent by them.
Digital Certificates
Security : Digital certificates are issued by trusted Certificate Authorities (CAs) and are used to verify the ownership of a public key. They help ensure that the public key used in encryption is legitimate.
Example : SSL/TLS Certificates : These certificates are used to secure websites by encrypting the communication between the server and the client (e.g., for online banking or shopping sites).
