20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
20CS3041AA– CRYPT ANLAYSIS
AND CYBER DEFENCE
LECTURE NOTES
TEAM CRYPT ANLAYSIS AND CYBER DEFENCE
KONERU LAKSHMAIAH EDUCATION FOUNDATION | CACD-20CS3041AA
1
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
CO-1
WHAT IS CRYPTOGRAPHY?
Cryptography is the study of secure communications techniques that allow only the sender and intended
recipient of a message to view its contents.
The term is derived from the Greek word kryptos, which means hidden.
MODEL FOR NETWORK SECURITY - TERMINOLOGY
• Plaintext - the original message
• Cipher text - the coded message
• Cipher - algorithm for transforming plaintext to cipher text
• Key - info used in cipher known only to sender/receiver
• Encipher (Encrypt) - converting plaintext to cipher text
• Decipher (Decrypt) - recovering cipher text from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (code breaking) - the study of principles/ methods of deciphering cipher text without
knowing key
• Cryptology - the field of both cryptography and cryptanalysis
CRYPTOGRAPHY:
Cryptography is the art and science of making a cryptosystem that is capable of providing information
security. Cryptography deals with the actual securing of digital data. It refers to the design of mechanisms
based on mathematical algorithms that provide fundamental information security services.
CRYPTOSYSTEM:
A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure
to provide information security services. A cryptosystem is also referred to as a cipher system.
2
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
Computer Security: The protection afforded to an automated information system to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
This definition introduces three key objectives that are at the heart of computer security:
Confidentiality(C): Preserving authorized restrictions on information access and disclosure, including
means for protecting personal privacy and proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.
Integrity(I): Guarding against improper information modification or destruction, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
Availability (A): Ensuring timely and reliable access to and use of information. A loss of availability is
the disruption of access to or use of information or an information system.
These three concepts form what is often referred to as the CIA triad. The three concepts embody the
fundamental security objectives for both data and for information and computing services.
Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to
unauthorized individuals.
Privacy: Assures that individual’s control or influence what information related to them may be collected
and stored and by whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a specified and authorized
manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly, and service is not denied to authorized users. Although
the use of the CIA triad to define security objectives is well established, some in the security field feel that
additional concepts are needed to present a complete picture. Two of the most mentioned are as follows:
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator. This means verifying that users are who they
3
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
say they are and that each input arriving at the system came from a trusted source.
Accountability: The security goal that generates the requirement for actions of an entity to be traced
uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action.
SECURITY GOALS:
Cryptographic Attacks:
Accessing of data by unauthorized entity is called as attack
➢ Passive Attacks
➢ Active Attacks
Passive Attacks:
In a passive attack, the attacker’s goal is just to obtain information. This means that the attack does not
modify data or harm the system.
Active Attacks:
An active attack may change the data or harm the system. Attacks that threaten the integrity and availability
are active attacks.
4
20CS3041AA– CRYPT ANLAYSIS
AND CYBER DEFENCE
LECTURE NOTES
TEAM CRYPT ANLAYSIS AND CYBER DEFENCE
KONERU LAKSHMAIAH EDUCATION FOUNDATION | CACD-20CS3041AA
1
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
CO-1
WHAT IS CRYPTOGRAPHY?
Cryptography is the study of secure communications techniques that allow only the sender and intended
recipient of a message to view its contents.
The term is derived from the Greek word kryptos, which means hidden.
MODEL FOR NETWORK SECURITY - TERMINOLOGY
• Plaintext - the original message
• Cipher text - the coded message
• Cipher - algorithm for transforming plaintext to cipher text
• Key - info used in cipher known only to sender/receiver
• Encipher (Encrypt) - converting plaintext to cipher text
• Decipher (Decrypt) - recovering cipher text from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (code breaking) - the study of principles/ methods of deciphering cipher text without
knowing key
• Cryptology - the field of both cryptography and cryptanalysis
CRYPTOGRAPHY:
Cryptography is the art and science of making a cryptosystem that is capable of providing information
security. Cryptography deals with the actual securing of digital data. It refers to the design of mechanisms
based on mathematical algorithms that provide fundamental information security services.
CRYPTOSYSTEM:
A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure
to provide information security services. A cryptosystem is also referred to as a cipher system.
2
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
Computer Security: The protection afforded to an automated information system to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
This definition introduces three key objectives that are at the heart of computer security:
Confidentiality(C): Preserving authorized restrictions on information access and disclosure, including
means for protecting personal privacy and proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.
Integrity(I): Guarding against improper information modification or destruction, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
Availability (A): Ensuring timely and reliable access to and use of information. A loss of availability is
the disruption of access to or use of information or an information system.
These three concepts form what is often referred to as the CIA triad. The three concepts embody the
fundamental security objectives for both data and for information and computing services.
Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to
unauthorized individuals.
Privacy: Assures that individual’s control or influence what information related to them may be collected
and stored and by whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a specified and authorized
manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly, and service is not denied to authorized users. Although
the use of the CIA triad to define security objectives is well established, some in the security field feel that
additional concepts are needed to present a complete picture. Two of the most mentioned are as follows:
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator. This means verifying that users are who they
3
, 20CS3041AA_ CRYPT ANLAYSIS AND CYBER DEFENCE
say they are and that each input arriving at the system came from a trusted source.
Accountability: The security goal that generates the requirement for actions of an entity to be traced
uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action.
SECURITY GOALS:
Cryptographic Attacks:
Accessing of data by unauthorized entity is called as attack
➢ Passive Attacks
➢ Active Attacks
Passive Attacks:
In a passive attack, the attacker’s goal is just to obtain information. This means that the attack does not
modify data or harm the system.
Active Attacks:
An active attack may change the data or harm the system. Attacks that threaten the integrity and availability
are active attacks.
4
