ICS_Unit-I_Foundations of Information Security

Cyber security

Techniques used to protect computers, networks, programs, and data from unauthorized access or attacks.

Confidentiality

The protection of data from unauthorized users.

Integrity

The validity of data.

Availability

The permanence and non-erasure of data.

Security attack

Any action that compromises the security of information owned by an organization.

Security mechanism

A process designed to detect, prevent, or recover from a security attack.

Security service

A processing or communication service that enhances the security of data processing systems and information transfers.

Threat

A potential for violation of security.

Attack

An assault on system security, a deliberate attempt to evade security services.

Passive attack

Makes use of information from the system but does not affect system resources.

Active attack

Modification of the data stream or the creation of a false stream.

Cryptographic techniques

Underlying element of many security mechanisms, such as encipherment and digital signatures.

Security services/goals

Confidentiality, authentication, integrity, non-repudiation, access control, and availability.

Security Policy

A set of rules that outline how a company plans to educate employees about protecting company assets and the procedures for enforcing security measures and evaluating policy effectiveness.

Acceptable Use Policy

Part of a company's security policy that defines what is allowed and not allowed on the system.

Physical Security Policies

Policies aimed at protecting a company's physical assets, such as buildings, equipment, and IT equipment.

Data Security Policies

Policies that protect intellectual property from events like data breaches and leaks.

User-level Policy

Policies related to user authentication, software importing, file protection, equipment management, backups, and problem reporting.

System-level Policy

Policies related to default configurations, installed software, backups, logging, auditing, updates, and principle servers or clients.

Network-level Policy

Policies related to supported and exported services, imported services, and network security mechanisms.

Trust

The level of confidence in the security tools, software, suppliers, and people involved in computer security.

Prevention is better than cure

The idea that it is more effective to prevent security breaches and incidents rather than trying to fix them after they occur.

Policy

A set of detailed rules that define what is allowed and not allowed on a system, including user policies, system policies, network policies, US law, and trust.

Classical Cryptography

The study of encryption principles and methods, including basic terminology like plaintext, ciphertext, key, enciphering, deciphering, cryptography, cryptanalysis, and cryptology.

Symmetric Encryption

Encryption method where the sender and recipient share a common key, such as DES, Triple DES, and AES.

Asymmetric Encryption

Encryption method that uses different keys for encryption and decryption, such as RSA and ECC.

Parameters of Cryptographic Systems

The type of operations used for transforming plaintext to ciphertext, the number of keys used, and the way in which the plaintext is processed.

Substitution Ciphers

Ciphers that replace each element of the plaintext with another element, including classical ciphers, transposition ciphers, and product ciphers.

Caesar Cipher

The earliest known substitution cipher where each letter is replaced by the letter three positions further down the alphabet.

Monoalphabetic Cipher

A cipher where the letters of the plaintext are shuffled and mapped to different random ciphertext letters.

English Letter Frequencies

The relative frequency of letters in the English language, which can be used to analyze and break monoalphabetic ciphers.

One-Time Pad

An encryption method where the key is as long as the plaintext, selected at random, and used only once, providing unbreakable security.

Transposition Cipher

A cipher where the order of alphabets in the plaintext is rearranged to form the ciphertext, including rail fence cipher, row transposition cipher, and single columnar transposition.

Transposition Ciphers

A type of encryption method that rearranges the order of characters in a message to create a cipher.

Double Columnar Transposition

A specific type of transposition cipher that involves arranging the characters of a message in a grid and then reading them out in a specific order.

Feistel Ciphers

Symmetric block ciphers that are based on the Feistel cipher structure, which involves dividing the plaintext into two halves and processing them through multiple rounds of substitution and permutation.

Block Size

The size of the blocks of data that are processed by a cipher. Larger block sizes generally provide greater security.

Key Size

The size of the cryptographic key used in a cipher. A larger key size generally provides greater security.

Number of Rounds

The number of rounds of processing performed by a cipher. A higher number of rounds generally provides greater security.

Sub-key Generation Algorithms

Algorithms used to generate the sub-keys used in each round of a cipher. More complex sub-key generation algorithms generally provide greater difficulty for cryptanalysis.

Round Function

The function used in each round of a cipher to perform a substitution on the left half of the data and combine it with the right half using a sub-key. More complex round functions generally provide greater resistance to cryptanalysis.

Data Encryption Standard (DES)

A symmetric block cipher developed by IBM, based on the Feistel cipher structure. It encrypts 64-bit data using a 56-bit key and has become widely used, especially in financial applications.

Conceptual View of DES

A visual representation of the encryption process in DES, showing the division of data into blocks, the use of a key, and the generation of cipher text.

Initial Permutation (IP)

The initial transposition of the input data in DES, where the bits of the output are taken from specific bits of the input.

Details of One Round in DES

The steps involved in one round of processing in DES, including key transformation, expansion permutation, S-box substitution, P-box permutation, and XOR and swap operations.

Key Transformation and Compression Permutation

The process in DES where the key is transformed and compressed to form a 56-bit key for use in the round.

Expansion Permutation

The process in DES where the right plain text (RPT) is expanded from 32 bits to 48 bits by dividing it into blocks and repeating certain bits.

S-box Substitution

The process in DES where the 48-bit input block is divided into 8 blocks of 6 bits each and substituted using S-boxes, which take 6-bit inputs and produce 4-bit outputs.

P-box Permutation

The final permutation in DES, where the output of the S-boxes is further permuted to produce the final cipher text.

XOR and Swap

The final step in each round of DES, where the left and right plain text blocks are combined using XOR and then swapped to prepare for the next round.

DES Decryption

The process of decrypting cipher text using the same algorithm and key as used for encryption, but with the key reversed.

Variations of DES

Different variations of DES, such as Double DES and Triple DES, which involve using multiple rounds of encryption with different keys to enhance security.

DES Weaknesses

Weaknesses in the design of DES, including vulnerabilities in the S-boxes and P-boxes used in the cipher.

DES

The Data Encryption Standard (DES) is a symmetric block cipher that uses a 56-bit key size and is no longer considered secure.

Initial and Final Permutations

The initial and final permutations used in DES have no security benefits and it is not clear why they were included in the design.

Key Size

DES has a 56-bit key size, which is considered too small and insecure.

DES Vulnerabilities

DES had vulnerabilities that were becoming known, making it less secure.

Speed

DES was too slow in software implementations, which contributed to its obsolescence.

Increased Trust in Cipher

The National Institute of Standards and Technology (NIST) wanted to increase trust in ciphers and suspected that DES had "back doors" compromising its security.

Advanced Encryption Standard (AES)

AES is a symmetric block cipher that was developed to replace DES and has key lengths of 128, 192, and 256 bits.

AES Requirements

AES must support key lengths of 128, 192, and 256 bits, have a block length of 128, 192, and 256 bits, and be implementable in both software and hardware.

AES Finalists

The finalists for the AES development were Rijndael, Serpent, Twofish, RC6, and MARS, with Rijndael ultimately becoming the U.S. Government standard.

Rijndael

Rijndael is the encryption algorithm that became the AES standard, and it is not a Feistel cipher.

Brute Force Attack

The most powerful supercomputer in the world would take 885 quadrillion years to brute force a 128-bit AES key, and the number of operations required to brute force a 256-bit cipher is roughly equal to the number of atoms in the universe.

AES State

The AES algorithm operates on a two-dimensional array of bytes called the State, which is a 4x4 matrix.

AES Round Operations

The AES algorithm consists of an initial round, multiple standard rounds, and a final round, with operations including ByteSub, ShiftRow, MixColumn, and AddRoundKey.

SubBytes Transformation

The SubBytes transformation in AES substitutes bytes in a 16x16 matrix using a distinct set of bytes for each entry.

undefined