Unit 4.

CRYPTOGRAPHY AND NETWORK SECURITY:

Introduction to Cryptography

Cryptography is the science of using mathematics to encrypt and decrypt

data.

The art and science of concealing the messages to introduce secrecy in

information security is recognized as cryptography.

Cryptography is the study and practice of techniques for secure

communication in the presence of third parties called adversaries.

Data Confidentiality, Data Integrity, Authentication and Non-

repudiation are core principles of modern-day cryptography.
1. Confidentiality refers to certain rules and guidelines usually
executed under confidentiality agreements which ensure that
the information is restricted to certain people or places.
2. Data integrity refers to maintaining and making sure that the
data stays accurate and consistent over its entire life cycle.
3. Authentication is the process of making sure that the piece of
data being claimed by the user belongs to it.
4. Non-repudiation refers to ability to make sure that a person or
a party associated with a contract or a communication cannot
deny the authenticity of their signature over their document or
the sending of a message.

Data Encryption
Data encryption translates data into another form, or code, so that only
people with access to a secret key (formally called a decryption key) or
password can read it. Encrypted data is commonly referred to as cipher
text, while unencrypted data is called plain text.
ENCRYPTION
Encryption is the process in which a sender converts the original
information to another form
The sender requires an encryption algorithm and a key to transform the
plaintext (original message) into a ciphertext (encrypted message)
DECRYPTION
Decryption inverts the encryption process in order to convert the
message back to its real form.

The receiver uses a decryption algorithm and a key to transform

the ciphertext back to original plaintext.

TYPES OF CRYPTOGRAPHY

The following are two types of cryptography

1. Symmetric key
2. Asymmetric key

Symmetric key Cryptography

Symmetric Key Cryptography also known as Symmetric Encryption
is when a secret key is used for both encryption and decryption
functions. 
 Both sender and receiver use a common key to encrypt and decrypt
the message.
 This secret key is known only to the sender and to the receiver.
 It is also called as secret key cryptography.
  Beforestarting the communication, sender and receiver shares the
secret key.

 This secret key is shared through some external means.

 At sender side, sender encrypts the message using his copy of the
key.
 The cipher text is then sent to the receiver over the communication
channel.
 At receiver side, receiver decrypts the cipher text using his copy of
the key.
 After decryption, the message converts back into readable format.
Advantages-
 
The advantages of symmetric key algorithms are-
 They are efficient.
 They take less time to encrypt and decrypt the message.

Asymmetric Key Cryptography-

 Sender and receiver use different keys to encrypt and decrypt the
message.
 It is called so because sender and receiver use different keys.
 It is also called as public key cryptography.
Public key encryption algorithm uses pair of keys, one of which is a
secret key and one of which is public
At sender side,
 Sender encrypts the message using receiver’s public key.
 The public key of receiver is publicly available and known to
everyone.
 Encryption converts the message into a cipher text.
 This cipher text can be decrypted only using the receiver’s private
key.

The cipher text is sent to the receiver over the communication channel.

At receiver side,
 Receiver decrypts the cipher text using his private key.
 The private key of the receiver is known only to the receiver.
 Using the public key, it is not possible for anyone to determine the
receiver’s private key.
 After decryption, cipher text converts back into a readable format.

Advantages-
 
The advantages of public key cryptography are-
 It is more robust.
 It is less susceptible to third-party security breach attempts.
Message Authentication
Message authentication can be provided using the cryptographic
techniques that use secret keys as done in case of encryption.
• The service used to provide message authentication is a Message
Authentication Code (MAC).

 The sender uses some publicly known MAC algorithm, inputs the
message and the secret key K and produces a MAC value.
 Similar to hash, MAC function also compresses an arbitrary long
input into a fixed length output. The major difference between hash
and MAC is that MAC uses secret key during the compression.
 The sender forwards the message along with the MAC. Here, we
assume that the message is sent in the clear, as we are concerned of
providing message origin authentication, not confidentiality. If
confidentiality is required, then the message needs encryption.
 On receipt of the message and the MAC, the receiver feeds the
received message and the shared secret key K into the MAC
algorithm and re-computes the MAC value.
 The receiver now checks equality of freshly computed MAC with the
MAC received from the sender. If they match, then the receiver
accepts the message and assures himself that the message has been
sent by the intended sender.
 If the computed MAC does not match the MAC sent by the sender,
the receiver cannot determine whether it is the message that has been
altered or it is the origin that has been falsified. As a bottom-line, a
receiver safely assumes that the message is not the genuine.
Digital Signatures
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software or digital document.
A digital signature is basically a way to ensure that an electronic
document (e-mail, spread sheet, text file, etc.) is authentic
Authentic means that you know who created the document and you know
that it has not been altered in any way since that person created it.
Digital signatures use a certificate-based digital ID issued by an
accredited Certificate Authority (CA) or Trust Service Provider (TSP) so
when you digitally sign a document, your identity is uniquely linked to
you.
The signature is bound to the document with encryption, and everything
can be verified using underlying technology known as Public Key
Infrastructure (PKI).

Working of Digital Signature:

Digital signatures are based on Public Key Infrastructure (PKI). By this
mechanism, two keys are generated, a Public Key and Private Key. The
private key is kept by the signer, and it should be kept securely. On the
other hand, the receiver must have the public key to decrypt the message.

What are the benefits of digital signatures?

Security features and methods used in digital signatures include the
following:

 Personal identification numbers (PINs), passwords and

codes. Used to authenticate and verify a signer's identity and
 approve their signature. Email, username and password are the
most common methods used.
 Asymmetric cryptography. Employs a public
key algorithm that includes private and public key encryption
and authentication.
 Checksum. A long string of letters and numbers that represents
the sum of the correct digits in a piece of digital data, against
which comparisons can be made to detect errors or changes. A
checksum acts as a data fingerprint.
 Cyclic redundancy check (CRC). An error-detecting code and
verification feature used in digital networks and storage devices
to detect changes to raw data.
 Certificate authority (CA) validation. CAs issue digital
signatures and act as trusted third parties by accepting,
authenticating, issuing and maintaining digital certificates. The
use of CAs helps avoid the creation of fake digital certificates.
 Trust service provider (TSP) validation. A TSP is a person or
legal entity that performs validation of a digital signature on a
company's behalf and offers signature validation reports.

Applications of Cryptography
Digital Currency: A much-known application of cryptography is digital
currency wherein cryptocurrencies are traded over the internet. Top
cryptocurrencies like Bitcoin, Ethereum, and Ripple have been
developed and traded over time.
Unregulated by any government or banks, cryptocurrencies are our
upcoming future.

E-commerce:
 Ecommerce helps us to shop online and to do online payments.
These transactions are encrypted and perhaps cannot be altered by
any third party. Moreover, the passwords we set for such sites are
also protected under keys to ensure that no hacker gets access to our
e-commerce details for harmful purposes.
Military operations: cryptography Used for encrypting military
communication channels, military encryption devices convert the
real communication characters so that the enemies cannot come to
know about their upcoming plans.
On the large scale, it can be widely used for declaring wars and
sending crucial messages without the involvement of a messenger.
Secure communications: The most obvious use of cryptography, and the
one that all of us use frequently, is encrypting communications between
us and another system.
To make the internet more secure, most communication protocols have
adopted encryption. Many older protocols have been dropped in favour of
newer, encrypted replacements.

Storing Data: We all store a large amount of data, and any data is
valuable to at least the person who generated it. Every operating system
uses encryption in some of the core components to keep passwords secret,
conceal some parts of the system, and make sure that updates and patches
are really from the maker of the system.

FIRE WALL.
A firewall is a network security device, either hardware or software-
based, which monitors all incoming and outgoing traffic and based on a
defined set of security rules it accepts, rejects or drops that specific
traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
 History and Need for Firewall
•Before Firewalls, network security was performed by Access Control Lists
(ACLs) residing on routers.
•ACLs are rules that determine whether network access should be granted or
denied to specific IP address.
•ACL cannot determine the nature of the packet it is blocking .
• ACL alone does not have the capacity to keep threats out of the network

How Firewall Works:

•Firewall match the network traffic against the rule set defined in its
table.
•Once the rule is matched, associate action is applied to the network
traffic.
•Rules are defined as any employee from HR department cannot
access the data from code server and at the same time another
rule is defined like system administrator can access the data from
both HR and technical department.