Professional Documents
Culture Documents
Lecture 1 Inf Security
Lecture 1 Inf Security
Lecture 1 Inf Security
Information security
1.1 Modern information society and
information security. Basic terms and notions.
1.2 Classification of information security
threats
1.3 Information security services and
mechanisms
1.4 Cryptology
1.5 Elementary ciphers
1
Literature
• Handbook of Applied Cryptography.
A.Menezes, P.van Oorschot, S.Vanstone.
https://doc.lagout.org/security/Handbook_
of_Applied_Cryptography-A.Menezes-P.va
nOorschot-S.Vanstone-CRC_Press_1996.
pdf
• Applied Cryptography. Protocols,
Algorithms, and Source Code in C.
Bruce Schneier
2
1.1 Modern information society and
information security
Modern society is an information society:
- Sharp, well-timed information and
technologies are the most expensive
goods because it is a key to success in
any field of activity.
- Everybody wants to have such expensive
goods.
- The problem of information security
becomes more actual from day to day.
3
1.1 Basic terms and notions
Information security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction.
Information security is the condition of information system
then the price of any attack is bigger than possible
damage for owner or user of information or information
system.
Information security threat is a possible situation which
leads to the damage of owner or user of information or
information system.
An information security service is a method to provide
some specific aspect of security.
4
1.1 Basic terms and notions
Breaking an information security service (which often
involves more than simply encryption) implies defeating
the objective of the intended service.
A passive adversary is an adversary who is capable only of
reading information from an unsecured channel.
An active adversary is an adversary who may also
transmit, alter, or delete information on an unsecured
channel.
Cryptography is the study of mathematical techniques
related to aspects of information security such as
confidentiality, data integrity, entity authentication, and
data origin authentication.
5
1.2 Classification of information
security threats
• Active and passive (influence on
information systems from adversary)
• With standard equipments or with
additional equipments
• Is the adversary an employee or not?
• Deliberate or undeliberate threats (intend)
Entity authentication or +
identification
Message authentication + +
Access control +
Non-repudiation +
Logging +
8
1.4 Cryptology
Crypto – secret; logy – science.
Cryptology is the study of cryptography and cryptanalysis.
Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more
generally, information security services.
cryptology
cryptography cryptanalysis
9
Cryptographic primitives
10
1.5 Elementary ciphers
• Cryptology was born at the same time as
systems of writing
• The elementary ciphers are easy
implemented with using paper and pen.
• Almost all elementary ciphers can be
broken with using computer.
• Nowadays combinations of elementary
ciphers are used in modern symmetric
ciphers.
11
1.5 Elementary ciphers.
Substitutions.
Key:
a b c d e f g h i j k l m n o p q r s t u v w x y z _
b p r z c g t l w y x a _ n q s v f u h j i k o e m d
Enciphering:
Plaintext t o d a y _ i s _ a _ m o n d a y
Ciphertext h q z b e d w u d b d _ q n z b e
3. Enciphering
0 1 2 3 4 0 1 2 3 4 0 1 2 3 4 0 1 2 3 4
Plaintext t o d a y _ i s _ a _ m o n d a y _ _ _
Ciphertext d a t y o s _ _ a i o n _ d _ _ _ a _ y
13
1.5 Elementary ciphers. Modular
additions.
1 Choose the key.
Some word or phrase.
For example: FRIDAY
2 Convert plaintext and key to digital form
3 Add by module 27 (number of symbols in
alphabet) corresponding symbols of
plaintext and key
4 Convert digits of ciphertext to symbols
14
1.5 Elementary ciphers. Modular
additions. Example
15