Cyber Security

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet.

System connected to the internet are potential target for eavesdropping and destruction/tempering of the data stored in them.

Website offering services on the internet is vulnerable to attacks.

Introduction

Authorized e-commerce and e-governance transactions could be modified or replayed for commercial gain.

Unauthorized use of computing systems compromise of data and financial losses.

Systems, networks and data have to be protected to guard against such attacks which could originate from within the organization or from outside.

Contd…..

Trojan sometimes referred to as a Trojan horse, is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system.

computer virus a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

Cyber Attacks

Worm A computer worm is a self-replicating Malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.

E-mail spam also known as junk e-mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail.

Cyber Attack

Externally accessible systems are targets of hacking.

Hackers can deface websites and steal valuable information from systems resulting in a significant loss of revenue if it is a financial institution or an e-commerce site.

Phishing is the creation of e-mail message referencing web pages that are replicas of existing sites to make users believe that these are authentic sites.

Hacking

IP Spoofing IP spoofing is used by intruders to gain unauthorized access to computers. Message are sent to the computer with the sender IP address of a trusted system.

Packet headers of the message are modified to make it appear that the message is coming from a trusted system.

Hacking

For externally accessible systems such as web, e-mail and FTP servers, protection can be accorded in following ways:

ScanningDemilitarised zone(DMZ)Turn on system and firewall logsImplement intrusion Detection Systems.Establish proxy serversEstablish an additional networks as a buffer

between the internal and external networks.SSL( Secure sockets layer)

Protection Technologies

Three Pillars of a Secure CommunicationPrivacy

A secure conversation should be private. In other words, only the sender and the receiver should be able to understand the conversation.

IntegrityA secure communication should ensure the integrity of

the transmitted message. This means that the receiving end must be able to know for sure that the message he is receiving is exactly the one that the transmitting end sent him.

authenticationA secure communication should ensure that the parties

involved in the communication are who they claim to be.

Secure communication

Cryptography is "the art of writing in secret characters". Encrypting is the act of translating a 'normal message' to a message written with 'secret characters' (also known as the encrypted message).

Decrypting is the act of translating a message written with 'secret characters' into a readable message (the unencrypted message).

Cryptography-based Solutions

A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a 'key':

Key-based algorithms

Key-based encryption

The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key':

Key-based algorithms

Key-based decryption

Symmetric KeyThese type of algorithm uses the same key for

encryption and decryption.Symmetric cryptosystems began in 1977 when

the Data encryption standard(DES) was adopted as a United States federal standard.

Symmetric system operate either in the block cipher(fixed size block) or in the stream cipher(data of any size).

In block cipher data is encrypted in 64-bit block using a 56-bit key.

Triple-DES follows the same algorithms as DES, using three 56-bit keys. 64-bit data block are first encrypted using key1. the result is encrypted using key 2and again using key 3

Symmetric and asymmetric key-based algorithms

Although this type of algorithms are generally very fast and simple to implement, they also have several drawbacks.

The main drawback is that they only guarantee privacy

Another drawback is that both the sender and the receiver need to agree on the key they will use throughout the secure conversation (this is not a trivial problem).

Pros and cons of symmetric Cryptosystems

Key-based symmetric algorithm

Public-key algorithms are asymmetric algorithms and, therefore, are based on the use of two different keys, instead of just one.

In public-key cryptography, the two keys are called the private key and the public keyPrivate key: This key must be know only by its

owner.Public key: This key is known to everyone (it is

public)Relation between both keys: What one key

encrypts, the other one decrypts, and vice versa. That means that if you encrypt something with my public key (which you would know, because it's public :-), I would need my private key to decrypt the message.

Public key cryptography

In a basic secure conversation using public-key cryptographythe sender encrypts the message using the

receiver's public keyThe encrypted message is sent to the receiving

end, who will decrypt the message with his private key.

Only the receiver can decrypt the message because no one else has the private key.

Also, notice how the encryption algorithm is the same at both ends: what is encrypted with one key is decrypted with the other key using the same algorithm.

A secure conversation using public-key cryptography

Key-based asymmetric algorithm

There is no need to agree on a common key for both the sender and the receiver

if someone wants to receive an encrypted message, the sender only needs to know the receiver's public key

As long as the receiver keeps the private key secret, no one but the receiver will be able to decrypt the messages encrypted with the corresponding public key.

unlike symmetric algorithms, public-key systems can guarantee integrity and authentication, not only privacy.

The main disadvantage of using public-key systems is that they are not as fast as symmetric algorithms.

Pros and cons of public-key systems

Digital Signatures

Electronic Record

1.Very easy to make copies2.Very fast distribution3.Easy archiving and retrieval4.Copies are as good as original5.Easily modifiable

Why Digital Signatures?•To provide Authenticity, Integrity and Non-repudiation to electronic documents•To use the Internet as the safe and secure medium for e-Commerce and e-Governance

Integrity is guaranteed in public-key systems by using digital signatures.

A digital signature is a piece of data which is attached to a message and which can be used to find out if the message was tampered with during the conversation

Digital signatures: Integrity in public-key systems

Digital signatures

The digital signature for a message is generated in two steps:A message digest is generated. A message digest is a

'summary' of the message we are going to transmit, and has two important properties: (1) It is always smaller than the message itself and (2) Even the slightest change in the message produces a different digest. The message digest is generated using a set of hashing algorithms.

The message digest is encrypted using the sender's private key. The resulting encrypted message digest is the digital signature.

Digital Signatures

The digital signature is attached to the message, and sent to the receiver. The receiver then does the following:Using the sender's public key, decrypts the digital

signature to obtain the message digest generated by the sender.

Uses the same message digest algorithm used by the sender to generate a message digest of the received message.

Digital Signature Process

Compares both message digests (the one sent by the sender as a digital signature, and the one generated by the receiver). If they are not exactly the same, the message has been tampered with by a third party. We can be sure that the digital signature was sent by the sender (and not by a malicious user) because only the sender's public key can decrypt the digital signature (which was encrypted by the sender's private key; remember that what one key encrypts, the other one decrypts, and vice versa). If decrypting using the public key renders a faulty message digest, this means that either the message or the message digest are not exactly what the sender sent.

Digital Signature Process(1)

A digital certificate is a digital document that certifies that a certain public key is owned by a particular user.

This document is signed by a third party called the certificate authority (or CA).

Certificates and certificate authorities

Public-Key Certification

Signed by using

CA’sprivate

key

UserName &

other credentials

UserName &

other credentials

User’s Public

key

User’s Public

key

User Certificate

Certificate Database

PublishCertificateRequest

User Name

User’s Public Key

CA’s Name

Validity

Digital Signature of CA

Certificate Class

User’s EmailAddress

Serial No.

Key pair Generation

Private

Public

Web site of CA

User 1 certificate

User 2 certificate.

Public

License issued by CCA

An X.509 certificate is a plain text file which includes a lot of information in a very specific syntax.

four most important things we can find in an X.509 certificate:Subject: This is the 'name' of the user. It is encoded

as a distinguished name (the format for distinguished names will be explained next)

Subject's public key: This includes not only the key itself, but information such as the algorithm used to generate the public key.

Issuer's Subject: CA's distinguished name.Digital signature: The certificate includes a digital

signature of all the information in the certificate. This digital signature is generated using the CA's private key. To verify the digital signature, we need the CA's public key (which can be found in the CA's certificate).

X.509 certificate format

Eavesdropping is the act of secretly listening to the private conversation of others without their consent.

Destruction is the concept of damage to an object, system.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

Espionage or spying involves individual obtaining information that is considered secret or confidential without the permission of the holder of the information.

An intruder is a person or animal who undesirably enters someone else's putative territory.

A cipher is an algorithm for performing encryption or decryption

Terminologies