Notes on Cryptography and Network Security (Transcript-Based)

What is Cryptography?

  • Cryptography is a technique for securing information and communications through codes so that only the intended recipients can understand and process it, preventing unauthorized access.
  • Etymology: prefix “crypt” = hidden; suffix “graphy” = writing.
  • Methods rely on mathematical concepts and rule-based calculations called algorithms to convert messages in ways that are hard to decode.
  • Uses include: cryptographic key generation, digital signing, and verification to protect data privacy, web browsing, and confidential transactions (e.g., credit/debit card transactions).

Features Of Cryptography

  • Confidentiality: Information accessible only to the intended recipient.
  • Integrity: Information cannot be modified in storage or transit without detection.
  • Non-repudiation: The sender cannot deny sending the information later.
  • Authentication: Identities of sender and receiver are confirmed, including origin/destination verification.
  • Interoperability: Enables secure communication across different systems and platforms.
  • Adaptability: Evolves to counter security threats and technological advances.

Types Of Cryptography

  • 1. Symmetric Key Cryptography
    • Definition: Sender and receiver share a single common key for both encryption and decryption.
    • Pros: Faster and simpler.
    • Cons: Secure key exchange between parties is challenging.
    • Popular systems: Data Encryption Standard (DES) and Advanced Encryption System (AES).
    • Notation: Ek(P) = C and Dk(C) = P, where k is the shared key.
  • 2. Hash Functions
    • Definition: No key is used; a fixed-length hash value is computed from the plaintext.
    • Purpose: Verify integrity and often store passwords as hashes (cannot recover plaintext from hash).
    • Characteristic: Collision resistance and preimage resistance are typical properties (not explicitly listed in transcript but implied by use).
  • 3. Asymmetric Key Cryptography
    • Definition: Uses a pair of keys—public key for encryption and private key for decryption.
    • Public key is shared openly; only the private key owner can decrypt.
    • Popular algorithm: RSA.
    • Notation: E{pub}(M) = C, D{priv}(C) = M.

Applications Of Cryptography

  • Computer passwords: Passwords are hashed and compared to stored hashes; passwords are encrypted/stored to prevent readable passwords in databases.
  • Digital currencies: Cryptography protects transactions in currencies like Bitcoin via complex algorithms and cryptographic keys.
  • Secure web browsing: SSL/TLS protocols use public-key cryptography to encrypt data between web servers and clients.
  • Electronic signatures: Digital signatures created via cryptography and validated with public-key cryptography; often legally enforceable.
  • Authentication: Cryptography underpins authentication protocols to confirm user identity and access rights.
  • Cryptocurrencies: Bitcoin, Ethereum, etc., rely on cryptographic protections for transactions and network integrity.
  • End-to-end Internet Encryption: End-to-end encryption protects two-way communications (video, messaging, email); apps like WhatsApp and Signal use it; enhances privacy.
  • Network security context: Network security is about protecting the boundary between external and internal networks; robust infrastructure is essential for security posture.

Additional Context: Security Goals And Protocols

  • Public-key cryptography enables secure key exchange and authentication without sharing a secret key in advance.
  • Conventional encryption uses the same key for encryption and decryption; simpler and fast but scales poorly to many users and lacks strong authentication.
  • Key lengths and security considerations:
    • Public key lengths commonly around
      extPublickeylength=2048extbitsext{Public key length} = 2048 ext{ bits}
    • Private key lengths commonly around
      extPrivatekeylength=128extor256extbitsext{Private key length} = 128 ext{ or } 256 ext{ bits}
    • Hash lengths: MD5 = 128 bits; SHA = 160 bits (for SHA-1); other SHA variants include SHA-0, SHA-2, SHA-3.
  • Encryption concepts:
    • Algorithm (cipher): rules for encryption/decryption.
    • Decryption: process to convert ciphertext back to plaintext.
    • Key: random bit string used by the algorithm.
    • Plaintext/ciphertext: original data vs. encrypted data.
    • Public-key cryptography: public key for encryption, private key for decryption.

Conventional Encryption Model And Its Ingredients

  • Concept: A sender encrypts plaintext with an algorithm and a secret key to produce ciphertext; the receiver uses the same key and algorithm to decrypt back to plaintext.
  • Five ingredients of Conventional Encryption:
    • Plain text: original data input.
    • Encryption algorithm: transforms plaintext to ciphertext.
    • Secret key: input to the algorithm; output varies with the key.
    • Ciphertext: encrypted output that is unreadable without the decryption key.
    • Decryption algorithm: reverses encryption to recover plaintext.
  • Requirements for secure use:
    1. A strong encryption algorithm.
    2. Secure distribution and storage of the secret key between sender and receiver.
  • Advantages:
    • Simple to implement.
    • Uses fewer computer resources than public-key schemes.
    • Fast due to symmetric key usage.
  • Disadvantages:
    • Origin and authenticity of the message cannot be guaranteed since the same key is used by sender and receiver.
    • Not as secure as public-key encryption.
    • If the receiver loses the key, decryption is impossible.
    • Does not scale well to a large number of users due to key distribution challenges.

Encryption And Decryption Process (Conventional Model)

  • Setup: A sends a plaintext message to B (plaintext P).
  • Step 1: Encrypt P using a secret key k and algorithm E to obtain ciphertext C: C=Ek(P)C = E_k(P)
  • Step 2: Transmit C to B.
  • Step 3: B decrypts C using the same key k and decryption algorithm D to obtain P: P=Dk(C)P = D_k(C)
  • This illustrates conventional encryption, which predates public-key cryptography.

Security Services And Mechanisms

  • Security Services (goals to protect information):
    • Authentication: verify the sender’s identity.
    • Access Control: restrict who can access resources and under what conditions.
    • Availability: ensure systems and data are available 24/7 to authorized users.
    • Confidentiality: prevent unauthorized disclosure of information.
    • Integrity: prevent unauthorized modification of information.
    • Non-Repudiation: prevent sender/receiver denial of the transaction.
  • Security Mechanisms: the methods and tools used to achieve these services (not exhaustively listed in transcript).

CIA MODEL And Related Mechanisms

  • CIA triad: Confidentiality, Integrity, Availability.
  • Confidentiality: protect data from unauthorized access; encryption standards include AES and DES; VPNs help move data securely.
  • Integrity: use hash functions to verify that data has not been altered; common hash families include MD5, SHA-1, SHA-2, SHA-3.
  • Availability: ensure network and data are accessible; protect against DoS/DDoS through planning, redundancy, and capacity planning.

Hash Functions, Signatures And Protocols (Key Concepts)

  • Hash functions provide data integrity checks; typical hash families mentioned: MD5 (128-bit), SHA family (SHA-1 = 160-bit; SHA-2, SHA-3 variants).
  • Hash verification workflow (example): sender computes hash H1 over data; receiver recomputes hash H2; if H1 = H2, integrity is maintained.
  • Public key cryptography underpins digital signatures and secure web protocols (SSL/TLS).

Security Threats: Network Security Threats And Vulnerabilities

  • Overview: Network security threats arise from vulnerabilities in hardware, software, or procedures that attackers exploit.
  • Vulnerabilities can stem from poor surveillance, outdated OS, inadequate antivirus, etc.
  • Attacks exploit these vulnerabilities; multiple attack methods exist and should be covered by security policies.

Major Types Of Malware And Other Threats (Summary Of Page 5–6)

  • Malware: software designed to damage target systems; common outcomes include slowdowns, freezes, or data exfiltration.
  • 1) Keyloggers: log keystrokes to steal credentials; may capture screenshots or camera feeds; can be kernel-level or user-space.
  • 2) Trojans: disguised as legitimate apps; may harvest financial credentials or provide backdoor access; typically detectable by scanners.
  • 3) Ransomware: freezes devices/files and demands payment; high costs; historical data: 2021 downtime costs around 159extbillion159 ext{ billion}; average payment about 7.9extbillion7.9 ext{ billion}; 24% of organizations paying attackers did not recover data.
  • 4) Adware: forces display of ads; drains resources; indicates insecure systems.
  • 5) Spyware: hides from detection; gathers data (device profiles, location, keystrokes, emails, camera, contacts, financial data) and may feed data to ad networks or criminals.
  • 6) Logic bombs: trigger at a specific condition or time; may unleash malware or worms.
  • 7) Pharming: redirects users to fake websites via DNS vulnerabilities or compromised DNS servers.
  • Viruses: require a host file to spread; often target common file types.
  • Worms: do not require a host file to replicate; can spread quickly and exploit vulnerabilities.
  • Botnets: networks of compromised devices controlled remotely; used for DDoS; IoT devices are commonly exploited.
  • Phishing and social engineering: fraudulent emails to induce clicking links or attachments; costs per incident can be high (average $14.8 million per company).
    • Varieties: spear phishing, whaling, vishing (voice phishing), smishing (SMS phishing), spam.
  • SQL injection: attacker enters malicious code into poorly configured search fields to harvest data.

Physical And Human Threats To Security (Page 8)

  • Shoulder-surfing: observing over a user’s shoulder to steal information in public locations.
  • Tailgating: following credentialed staff into restricted areas.
  • Dumpster diving: discarding sensitive information that can be retrieved and exploited.
  • Mitigation: shred documents and use secure waste management.
  • Vulnerability definitions (Page 8): a weakness in an asset that can be exploited by threats.
  • ISO definition: weakness in an asset that can be exploited by one or more cyber threats.
  • Exploits vs. Threats vs. Vulnerabilities (Page 8): exploits are malicious code used to take advantage; threat is a potentially dangerous event; vulnerability is the weakness that allows exploits to succeed.

Common Vulnerabilities, Exploits, And Threats (Pages 9–10)

  • Main vulnerability types:
    1) Network vulnerabilities: weaknesses in hardware/software that allow attacks (e.g., poorly protected wireless networks, misconfigured firewalls).
    2) Operating system vulnerabilities: exposures in an OS that enable damage (e.g., DoS due to fake requests, unpatched software).
    3) Process vulnerabilities: weak security procedures (e.g., weak passwords).
    4) Human vulnerabilities: user errors and insufficient awareness (e.g., phishing, not applying updates).
  • Common causes of vulnerabilities:
    1) Human error in social engineering.
    2) Software bugs in code.
    3) System complexity leading to misconfigurations.
    4) Increased connectivity with many remote devices.
    5) Poor access control (over-permissioning, stale accounts).

Active vs Passive Attacks (Pages 10–13)

  • Active Attacks:
    • Attacker changes or modifies message content.
    • Endangers integrity and availability.
    • Victim is informed that an attack occurred.
  • Passive Attacks:
    • Attacker observes or copies content without modification.
    • Endangers confidentiality.
    • Victim is not informed about the attack.
  • Key comparison points:
    • Active: modification of information; detection is a focus; information gathering is used during execution; harder to prevent.
    • Passive: information gathering; detection is harder; easier to prohibit than active attacks.
  • Summary differences (Page 11–12):
    • Active attacks modify information; passive attacks do not modify original information.
    • Active threats affect integrity and availability; passive threats affect confidentiality.
    • Prevention is emphasized for active attacks; detection is emphasized for passive attacks.
    • Active attacks are generally harder to restrict; passive attacks are more easily prohibited and detected.
    • Active attacks have short duration; passive attacks can be long.
    • Security goals mapping: active threats to harm ecosystem; passive threats to learn about ecosystem.
    • In active attacks, original information is altered; in passive attacks, information remains unchanged.

Security Services And Mechanisms (Page 13)

  • Security services enumerated:
    • Authentication
    • Access Control
    • Availability
    • Confidentiality
    • Integrity
    • Non-Repudiation
  • These services align with general security mechanisms used to protect information systems (not exhaustively listed in transcript).

Encryption Concepts And The CIA Context (Pages 14–19)

  • Encryption is a primary IT security concern; large expenditure on information security is anticipated to grow.
  • Why encryption is useful:
    • Makes data unreadable to unauthorized parties; only those with the proper authorization can decrypt.
    • Encrypts data in storage and transit; breaks into meaningless bytes without the key.
  • Key concepts:
    • Algorithm: rules for encryption; efficiency depends on key length and algorithm characteristics.
    • Decryption: converting cipher text back to plaintext.
    • Key: random bit string used to encrypt and decrypt; longer keys are harder to break.
    • Public vs private keys: public keys are widely distributed; private keys are kept secret.
  • Conventional encryption (older model):
    • Uses a single key for both encryption and decryption; faster and simpler but limited in scalability and authentication.
    • Diagrammatic description: A (plaintext) --Ek--> C (ciphertext) --Dk--> A (plaintext).
  • Five ingredients of conventional encryption (explicitly listed): plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.
  • Requirements, advantages, and disadvantages summarized (as above).
  • Security emphasis: encryption is a key tool among many; public-key cryptography addresses key distribution and authentication issues.

CIA Triad In Practice (Pages 18–20)

  • Confidentiality:
    • Ensure only authorized entities can view data.
    • Encryption standards include AES and DES; VPNs help move data securely.
  • Integrity:
    • Ensure data is not altered; hash functions verify integrity.
    • Common hash algorithms include MD5 (128-bit) and SHA family (160-bit for SHA-1; SHA-2/3 variants exist).
    • Example workflow: A computes hash H1 of data; B recomputes hash H2; if H1 = H2, integrity is preserved.
  • Availability:
    • Data and services should be available to authorized users.
    • Measures include hardware maintenance, upgrades, failover planning, and avoiding DoS/DDoS incidents.

Architecture Of A DDoS Attack (Page 21)

  • Diagrammatic description:
    • Attacker controls several compromised devices (zombies) via a handler.
    • A coordinated attack involves many zombie machines targeting a victim (server/service).
    • The architecture emphasizes distributed command and control to overwhelm the victim and disrupt availability.

Key Statistical And Real-World References (Embedded Throughout)

  • Malware infection prevalence: around 30% of computers in the USA are infected.
  • Ransomware economics (2021): downtime costs around 159extbillion159 ext{ billion}; average ransom demands around 7.9extbillion7.9 ext{ billion}; 24% of organizations that paid did not recover data.
  • Phishing costs: average incident cost around 14.8extmillion14.8 ext{ million} per company.
  • Public-key cryptography: RSA is the most popular asymmetric algorithm (mentioned in the transcript).
  • Encryption standards and protocols referenced: DES, AES, SSL, TLS, SHA, MD5, SHA-1, SHA-2, SHA-3, VPN.
  • Key lengths and security themes:
    • Public keys: typically around 2048 bits.
    • Private keys: commonly 128 or 256 bits.

Connections To Real-World Relevance

  • Encryption underpins secure e-commerce, online banking, and private communications.
  • End-to-end encryption protects user privacy in messaging apps, affecting personal and organizational security.
  • Digital signatures enable legal enforceability of electronic signatures across jurisdictions.
  • Understanding threats (malware, phishing, SQL injection, DDoS) and vulnerabilities helps in risk assessment and security policy development.

Ethical, Philosophical, And Practical Implications

  • Encryption balances privacy with law enforcement needs; electronic signatures show how law can recognize digital attestations.
  • The prevalence of phishing and social engineering highlights the importance of user education and secure design to reduce human vulnerabilities.
  • Physical threats (shoulder-surfing, tailgating, dumpster diving) underscore the need for holistic security controls, including physical security and data disposal practices.
  • The dual-use nature of security tools means responsible use, compliance with laws, and avoidance of harm to stakeholders are essential considerations.

References To Key Equations And Notation (Quick Recap)

  • Symmetric encryption:
    • C=E<em>k(P)C = E<em>k(P), P=D</em>k(C)P = D</em>k(C)
  • Asymmetric encryption (RSA-like):
    • C=E<em>pub(M)C = E<em>{pub}(M), M=D</em>priv(C)M = D</em>{priv}(C)
  • Hash-based integrity check:
    • If H(P)=H(P)H(P) = H'(P) then data integrity is preserved.
  • Key lengths:
    • Public key length: ext2048bitsext{2048 bits}
    • Private key length: ext128or256bitsext{128 or 256 bits}
  • Hash lengths:
    • MD5: 128extbits128 ext{ bits}
    • SHA-1: 160extbits160 ext{ bits}
    • SHA-2, SHA-3: variable lengths depending on variant
  • Example of a typical crypto workflow: plaintext -> encryption -> ciphertext -> decryption -> plaintext.