Lecture 1

Information security
1.1 Modern information society and
information security. Basic terms and notions.
1.2 Classification of information security
threats
1.3 Information security services and
mechanisms
1.4 Cryptology
1.5 Elementary ciphers
1
 Literature
• Handbook of Applied Cryptography.
A.Menezes, P.van Oorschot, S.Vanstone.
https://doc.lagout.org/security/Handbook_
of_Applied_Cryptography-A.Menezes-P.va
nOorschot-S.Vanstone-CRC_Press_1996.
pdf
• Applied Cryptography. Protocols,
Algorithms, and Source Code in C.
Bruce Schneier
2
1.1 Modern information society and
information security
Modern society is an information society:
- Sharp, well-timed information and
technologies are the most expensive
goods because it is a key to success in
any field of activity.
- Everybody wants to have such expensive
goods.
- The problem of information security
becomes more actual from day to day.
3
 1.1 Basic terms and notions
Information security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction.
Information security is the condition of information system
then the price of any attack is bigger than possible
damage for owner or user of information or information
system.
Information security threat is a possible situation which
leads to the damage of owner or user of information or
information system.
An information security service is a method to provide
some specific aspect of security.

4
 1.1 Basic terms and notions
Breaking an information security service (which often
involves more than simply encryption) implies defeating
the objective of the intended service.
A passive adversary is an adversary who is capable only of
reading information from an unsecured channel.
An active adversary is an adversary who may also
transmit, alter, or delete information on an unsecured
channel.
Cryptography is the study of mathematical techniques
related to aspects of information security such as
confidentiality, data integrity, entity authentication, and
data origin authentication.

5
 1.2 Classification of information
security threats
• Active and passive (influence on
information systems from adversary)
• With standard equipments or with
additional equipments
• Is the adversary an employee or not?
• Deliberate or undeliberate threats (intend)

More share and automatic information

system – more threats are possible.
6
 1.3 Information security services
Privacy or confidentiality Keeping information secret from all but those who are
authorized to see it.
Data integrity Ensuring information has not been altered by
unauthorized or unknown means.

Entity authentication or Corroboration of the identity of an entity (e.g., a person,

identification a computer terminal, a credit card, etc.).

Message authentication Corroborating the source of information; also known as

data origin authentication.

Access control Restricting access to resources to privileged entities.

Logging Registration of events that are directly or indirectly related to

information security.

Non-repudiation Preventing the denial of previous commitments or 7

actions.
 1.3 Information security services
and mechanisms
Enciphering Digital signature Hashing Organizing
actions
Privacy or +
confidentiality
Data integrity + +

Entity authentication or +
identification
Message authentication + +

Access control +

Non-repudiation +

Logging +
8
 1.4 Cryptology
Crypto – secret; logy – science.
Cryptology is the study of cryptography and cryptanalysis.
Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more
generally, information security services.

cryptology

cryptography cryptanalysis

9
Cryptographic primitives

10
 1.5 Elementary ciphers
• Cryptology was born at the same time as
systems of writing
• The elementary ciphers are easy
implemented with using paper and pen.
• Almost all elementary ciphers can be
broken with using computer.
• Nowadays combinations of elementary
ciphers are used in modern symmetric
ciphers.
11
 1.5 Elementary ciphers.
Substitutions.

Key:
a b c d e f g h i j k l m n o p q r s t u v w x y z _

b p r z c g t l w y x a _ n q s v f u h j i k o e m d

Enciphering:

Plaintext t o d a y _ i s _ a _ m o n d a y

Ciphertext h q z b e d w u d b d _ q n z b e

Frequency cryptanalysis can be performed.

12
 1.5 Elementary ciphers.
Permutations.

1. Choose the size of block

n. Let n=5.
0 1 2 3 4
2. Choose the key
2 3 0 4 1

3. Enciphering

0 1 2 3 4 0 1 2 3 4 0 1 2 3 4 0 1 2 3 4
Plaintext t o d a y _ i s _ a _ m o n d a y _ _ _
Ciphertext d a t y o s _ _ a i o n _ d _ _ _ a _ y

13
 1.5 Elementary ciphers. Modular
additions.
1 Choose the key.
Some word or phrase.
For example: FRIDAY
2 Convert plaintext and key to digital form
3 Add by module 27 (number of symbols in
alphabet) corresponding symbols of
plaintext and key
4 Convert digits of ciphertext to symbols
14
1.5 Elementary ciphers. Modular
additions. Example

15