UNIT 1-CNS NOTES

Computer Security: The protection afforded to an automated information system in order to

attain the applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources (includes hardware, software, firmware, information/data, and
telecommunications).
Need for Security
Network security is important for home networks as well as in the business world. Most homes
with high-speed internet connections have one or more wireless routers, which could be
exploited if not properly secured.  A solid network security system helps reduce the risk of data
loss, theft and sabotage.
Information Security is not only about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use,
disclosure, disruption, modification, inspection, recording or destruction of information.
Information can be physical or electronic one. Information can be anything like our details or
we can say our profile on social media, our data in mobile phone, our biometrics etc. Thus
Information Security spans so many research areas like Cryptography, Mobile Computing,
Cyber Forensics, Online Social Media etc.
Information Security programs are built around 3 objectives, commonly known as CIA –
Confidentiality,Integrity,Availability. 
 
1. Confidentiality – means information is not disclosed to unauthorized individuals, entities
and process. For example if we say I have a password for my Gmail account but someone
saw while I was doing a login into Gmail account. In that case my password has been
compromised and Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This means data cannot
be edited in an unauthorized way. For example if an employee leaves an organization then
in that case data for that employee in all departments like accounts, should be updated to
reflect status to JOB LEFT so that data is complete and accurate and in addition to this only
authorized person should be allowed to edit employee data.
3. Availability – means information must be available when needed. For example if one
needs to access information of a particular employee to check whether employee has
outstanded the number of leaves, in that case it requires collaboration from different
organizational teams like network operations, development operations, and incident
response and policy/change management. 
Denial of service attack is one of the factor that can hamper the availability of information.
Apart from this there is one more principle that governs information security programs. This is
Non repudiation.
Apart from this there is one more principle that governs information security programs. This is
Non repudiation. 
 
 Non repudiation – means one party cannot deny receiving a message or a transaction nor
can the other party deny sending a message or a transaction. For example in cryptography it
is sufficient to show that message matches the digital signature signed with sender’s private
key and that sender could have a sent a message and nobody else could have altered it in
transit. Data Integrity and Authenticity are pre-requisites for Non repudiation.  
 
 Authenticity – means verifying that users are who they say they are and that each input
arriving at destination is from a trusted source. This principle if followed guarantees the
valid and genuine message received from a trusted source through a valid transmission. For
example if take above example sender sends the message along with digital signature
which was generated using the hash value of message and private key. Now at the receiver
side this digital signature is decrypted using the public key generating a hash value and
message is again hashed to generate the hash value. If the 2 value matches then it is known
as valid transmission with the authentic or we say genuine message received at the
recipient side
 Accountability – means that it should be possible to trace actions of an entity uniquely to
that entity. For example as we discussed in Integrity section Not every employee should be
allowed to do changes in other employees data. For this there is a separate department in an
organization that is responsible for making such changes and when they receive request for
a change then that letter must be signed by higher authority for example Director of college
and person that is allotted that change will be able to do change after verifying his bio
metrics, thus timestamp with the user (doing changes) details get recorded. Thus we can
say if a change goes like this then it will be possible to trace the actions uniquely to an
entity.
At the core of Information Security is Information Assurance, which means the act of
maintaining CIA of information, ensuring that information is not compromised in any way
when critical issues arise. These issues are not limited to natural disasters, computer/server
malfunctions etc. 
Thus, the field of information security has grown and evolved significantly in recent years. It
offers many areas for specialization, including securing networks and allied infrastructure,
securing applications and databases, security testing, information systems auditing, business
continuity planning etc.
Security Services
X.800 defines a security service as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the systems or of data
transfers. Perhaps a clearer definition is found in RFC 4949, which provides the following
definition: a processing or communication service that is provided by a system to give a specific
kind of protection to system resources; security services implement security policies and are
implemented by security mechanisms. X.800 divides these services into five categories and
fourteen specific services (Table 1.2). We look at each category in turn.
Authentication
The authentication service is concerned with assuring that a communication is authentic. In the
case of a single message, such as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the source that it claims to be from. In
the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are
involved. First, at the time of connection initiation, the service assures that the two entities are
authentic, that is, that each is the entity that it claims to be. Second, the service must assure that
the connection is not interfered with in such a way that a third party can masquerade as one of
the two legitimate parties for the purposes of unauthorized transmission or reception. Two
specific authentication services are defined in X.800:

• Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an
association. Two entities are considered peers if they implement to same protocol in different
systems; for example two TCP modulesin two communicating systems. Peer entity
authentication is provided for use at the establishment of, or at times during the data transfer
phase of, a connection. It attempts to provide confidence that an entity is not performingeither a
masquerade or an unauthorized replay of a previous connection.
• Data origin authentication: Provides for the corroboration of the source of a data unit. It does
not provide protection against the duplication or modification of data units. This type of service
supports applications like electronic mail, where there are no prior interactions between the
communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the access to
host systems and applications via communications links. To achieve this, each entity trying to
gain access must first be identified, or authenticated, so that access rights can be tailored to the
individual.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. Withrespect to the
content of a data transmission, several levels of protection can beidentified. The broadest service
protects all user data transmitted between twousers over a period of time. For example, when a
TCP connection is set up betweentwo systems, this broad protection prevents the release of any
user data transmittedover the TCP connection. Narrower forms of this service can also be
defined,including the protection of a single message or even specific fields within a
message.These refinements are less useful than the broad approach and may even be
morecomplex and expensive toimplement.The other aspect of confidentiality is the protection of
traffic flow from analysis.This requires that an attacker not be able to observe the source and
destination, frequency,length, or other characteristics of the traffic on a communications facility.
Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or selected
fields within a message. Again, the most useful and straightforward approach is total stream
protection. A connection-oriented integrity service, one that deals with a stream of messages,
assures that messages are received as sent with no duplication, insertion, modification,
reordering, or replays. The destruction of data is also covered underthis service. Thus, the
connection-oriented integrity service addresses both message stream modification and denial of
service. On the other hand, a connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally provides protection against message
modification only. We can make a distinction between service with and without recovery.
Because the integrity service relates to active attacks, we are concerned with detection rather
than prevention. If a violation of integrity is detected, then the service may simply report this
violation, and some other portion of software or human intervention is required to recover from
the violation. Alternatively, there are mechanisms available to recover from the loss of integrity
of data, as we will review subsequently. The incorporation of automated recovery mechanisms
is, in general, the more attractive alternative.
Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact
received the message.
Availability Service
Both X.800 and RFC 4949 define availability to be the property of a system or a system resource
being accessibleand usable upon demand by an authorized system entity, according to
performance specifications for the system(i.e., a system is available if it provides services
according to the system design whenever users request them). Avariety of attacks can result in
the loss of or reduction in availability. Someof these attacks are amenable to automated
countermeasures, such as authenticationand encryption, whereas others require some sort of
physical action to preventor recover from loss of availability of elements of a distributed
system.X.800 treats availability as a property to be associated with various securityservices.
However, it makes sense to call out specifically an availability service. Anavailability service is
one that protects a system to ensure its availability. This service
Addresses the security concerns raised by denial-of-service attacks. It dependson proper
management and control of system resources and thus depends on accesscontrol service and
other security services.

Security attacks

Security Mechanism
Table 1.3 lists the security mechanisms defined in X.800. The mechanisms are divided into those
that are implemented in a specific protocol layer, such as TCP or an application-layer protocol,
and those that are not specific to any particular protocol layer or security service. These
mechanisms will be covered in the appropriate places in the book. So we do not elaborate now,
except to comment on the definition of encipherment. X.800 distinguishes between reversible
encipherment mechanisms and irreversible encipherment mechanisms. A reversible
encipherment mechanism is simply an encryption algorithm that allows data to be encrypted and
subsequently decrypted. Irreversible encipherment mechanisms include hash algorithms and
message authentication codes, which are used in digital signature and message authentication
applications. Table 1.4, based on one in X.800, indicates the relationship between security
services and security mechanisms.
Table 1.4, based on one in X.800, indicates the relationship between security services and
security mechanisms.
A model for Network Security
A model for much of what we will be discussing is captured, in very general terms, in Figure 1.2.
A message is to be transferred from one party to another across some sort of Internet service. The
two parties, who are the principals in this transaction, must cooperate for the exchange to take
place. A logical information channel is established by defining a route through the Internet from
source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by
the two principals. Security aspects come into play when it is necessary or desirable to protect
the information transmission from an opponent who may present a threat to confidentiality,
authenticity, and so on. All the techniques for providing security have two components:
 A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.
 Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure transmission. Forexample, a third party
may be responsible for distributing the secret information.
SYMMETRIC CYPHER MODEL
A symmetric encryption scheme has five ingredients
 Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
 Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the Plaintext.
 Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the key.
 Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The ciphertext is an apparently random stream of data and, as it
stands, is unintelligible.
 Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key and produces the original plaintext.
MODEL OF SYMMETRIC CRYPTOSYSTEM

Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different ciphertexts.
The ciphertext is an apparently random
stream of data and, as it stands, is unintelligible.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the secret key and produces the original plaintext.
SUBSTITUTION TECHNIQUES
The two basic building blocks of all encryption techniques are substitution and transposition.
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns.

Caesar Cipher
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example,
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c
Let us assign a numerical equivalent to each letter:

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the
ciphertext letter C:2
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: simply try all the 25 possible keys.
Three important characteristics of this problem enabled us to use a brute-force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

Monoalphabetic Ciphers
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key
space can be achieved by allowing an arbitrary substitution. Before proceeding, we define the
term permutation. A permutation of a finite set of elements S is an ordered sequence of all the
elements of S, with each element appearing exactly once. For example, if S = {a, b, c}, there are
six permutations of S: abc, acb, bac, bca, cab, cba. In general, there are n! permutations of a set
of n elements, because the first element can be chosen in one of n ways, the second in n - 1 ways,
the third in n – 2 ways, and so on. Recall the assignment for the Caesar cipher:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there
are 26! or greater than 4 * 1026 possible keys. This is 10 orders of magnitude greater than the
key space for DES and would seem to eliminate brute-force techniques for cryptanalysis. Such
an approach is referred to as a monoalphabetic substitution cipher, because a single cipher
alphabet (mapping from plain alphabet to cipher alphabet) is used per message.
There is, however, another line of attack. If the cryptanalyst knows the nature of the plaintext
(e.g., non-compressed English text), then the analyst can exploit the regularities of the language.
To see how such a cryptanalysis might proceed, we give a partial example here that is adapted
from one in [SINK09]. The ciphertext to be solved is
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
As a first step, the relative frequency of the letters can be determined and compared to a standard
frequency distribution for English, such as is shown in Figure 2.5 (based on [LEWA00]). If the
message were long enough, this technique alone might be sufficient, but because this is a
relatively short message, we cannot expect an exact match. In any case, the relative frequencies
of the letters in the ciphertext (in percentages) are as follows:

Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in the
plaintext as single units and translates these units into ciphertext digrams.3 The Playfair
algorithm is based on the use of a 5 * 5 matrix of letters constructed using a keyword. Here is an
example, solved by Lord Peter Wimsey in Dorothy Sayers’s Have His Carcase

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as
one letter. Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x,
so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as CM.
 4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or
JM, as the encipherer wishes).

PolyAlphabetic substitution Cipher

Vernam Cipher is a method of encrypting alphabetic text. It is one of the Substitution
techniques for converting plain text into cipher text. In this mechanism we assign a number to
each character of the Plain-Text, like (a = 0, b = 1, c = 2, … z = 25). 
Method to take key: In the Vernam cipher algorithm, we take a key to encrypt the plain text
whose length should be equal to the length of the plain text. 
Encryption Algorithm: 
1. Assign a number to each character of the plain-text and the key according to alphabetical
order. 
2. Bitwise XOR both the number (Corresponding plain-text character number and Key character
number). 
3. Subtract the number from 26 if the resulting number is greater than or equal to 26, if it isn’t
then leave it.
Plain-Text: O A K
Key: S O N
O ==> 14 = 0 1 1 1 0
S ==> 18 = 1 0 0 1 0
Bitwise XOR Result: 1 1 1 0 0 = 28
One Time Pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used
only once to encrypt a message that is then decrypted by the receiver using a matching one-time
pad and key.
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked, but
requires the use of a single-use pre-shared key that is not smaller than the message being sent. In
this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad).
Then, each bit or character of the plaintext is encrypted by combining it with the corresponding
bit or character from the pad using modular addition.
The resulting ciphertext will be impossible to decrypt or break if the following four conditions
are met:
The key must be at least as long as the plaintext.

1. The key must be random (uniformly distributed in the set of all possible keys
and independent of the plaintext), entirely sampled from a non-algorithmic, chaotic
source such as a hardware random number generator. It is not sufficient for OTP keys to
 pass statistical randomness tests as such tests cannot measure entropy, and the number of
bits of entropy must be at least equal to the number of bits in the plaintext. For example,
using cryptographic hashes or mathematical functions (such as logarithm or square root)
to generate keys from fewer bits of entropy would break the uniform distribution
requirement, and therefore would not provide perfect secrecy.
2. The key must never be reused in whole or in part.
3. The key must be kept completely secret by the communicating parties.
It has also been mathematically proven that any cipher with the property of perfect
secrecy must use keys with effectively the same requirements as OTP keys. [3] Digital versions of
one-time pad ciphers have been used by nations for critical diplomatic and military
communication, but the problems of secure key distribution make them impractical for most
applications.
TRANSPOSTION TECHNIQUES
Transposition Cipher is a cryptographic algorithm where the order of alphabets in the
plaintext is rearranged to form a cipher text. In this process, the actual plain text alphabets are
not included.
1. Rail-Fence Technique
2. Simple columnar transposition techniques
Rail-Fence is the simple Transposition technique that involves writing plain text as a sequence of
diagonals and then reading it row by row to produce the ciphertext.
Algorithm
Step 1: Write down all the characters of plain text message in a sequence of diagnosis.
Step 2: Read the plain text written in step 1 as a sequence of rows.
To understand it in a better manner, let’s take an example.
Example: Suppose plain text corporate bridge, and we want to create the ciphertext of
the given.
First, we arrange the plain text in a sequence of diagnosis, as shown below.

Now read the plain text by row-wise, i.e. croaerdeoprtbig.

So, here the plain text is a corporate bridge, and ciphertext is croaerdeoprtbig.
The Rail-Fence technique is quite easy to break.
2. Simple columnar transposition techniques
The simple columnar transposition technique can be categorized into two parts – Basic
technique and multiple rounds.
Simples columnar transposition technique – basic technique. The simple columnar
transposition technique simply arranges the plain text in a sequence of rows of a rectangle
and reads it in a columnar manner.
 How does this algorithm work?
Step 1: Write all the characters of plain text message row by row in a rectangle of
predefined size.
Step 2: Read the message in a columnar manner, i.e. column by column.
Note: For reading the message, it needs not to be in the order of columns. It can happen
in any random sequence.
Step 3: The resultant message is ciphertext.
Example: Let’s assume that Plain text is a corporate bridge, and we need to calculate the
cipher text using a simple columnar transposition technique.
Let’s take 6 columns and arrange the plain text in a row-wise manner.

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6

c o r p o r

a t e b r i

d g e
Decide the column order for reading the message – let’s assume 1,3,5,2,4,6 is an order.
Now read the message in a columnar manner using the decided order. – cadreeorotgpbri
cadreeorotgpbri is a ciphertext.
Steganography
The purpose of steganography is to conceal and deceive. It is a form of covert
communication and can involve the use of any medium to hide messages. It's not a form
of cryptography, because it doesn't involve scrambling data or using a key. Instead,
it is a form of data hiding and can be executed in clever ways.
EX:
Backward masking a message in an audio file (remember those stories of evil messages
recorded backward on rock and roll records?) Concealing information in either metadata
or within a file header. Hiding an image in a video, viewable only if the video is played at
a particular frame rate.
Depending on the nature of the cover object(actual object in which secret data is embedded),
steganography can be divided into five types:
 Text Steganography.
 Image Steganography.
 Video Steganography.
 Audio Steganography.
 Network Steganography.