MODULE I INTRODUCTION Computer data often travels from one computer to another leaving the safety of its protected physical surroundings Once the data is out of hand people with bad intention could modify or forge your data either for amusement or for their own benefit Cryptography can reformat and transform our data making it safer on its trip between computers The technology is based on the essentials of secret codes augmented by modern mathematics that protects our data in powerful ways Computer Security generic name for the collection of tools designed to protect data and to thwart hackers Network Security measures to protect data during their transmission Internet Security measures to protect data during their transmission over a collection of interconnected networks Security Attacks Services and Mechanisms To assess the security needs of an organization effectively the manager responsible for security needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements One approach is to consider three aspects of information security Security attack Any action that compromises the security of information owned by an organization Security mechanism A mechanism that is designed to detect prevent or recover from a security attack Security service A service that enhances the security of the data processing systems and the information transfers of an organization The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service Basic Concepts Cryptography The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible and then retransforming that message back to its original form Plaintext The original intelligible message Cipher text The transformed message Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and or substitution methods Key Some critical information used by the cipher known only to the sender receiver Encipher encode The process of converting plaintext to cipher text using a cipher and a key Decipher decode the process of converting cipher text back into plaintext using a cipher and a key Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key Also called code breaking Cryptology Both cryptography and cryptanalysis Code An algorithm for transforming an intelligible message into an unintelligible one using a code book Cryptography Cryptographic systems are generally classified along 3 independent dimensions Type of operations used for transforming plain text to cipher text All the encryption algorithms are based on two general principles substitution in which each element in the plaintext is mapped into another element and transposition in which elements in the plaintext are rearranged The number of keys used If the sender and receiver uses same key then it is said to be symmetric key or single key or conventional encryption If the sender and receiver use different keys then it is said to be public key encryption The way in which the plain text is processed A block cipher processes the input and block of elements at a time producing output block for each input block A stream cipher processes the input elements continuously producing output element one at a time as it goes along Cryptanalysis The process of attempting to discover X or K or both is known as cryptanalysis The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst There are various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst Cipher text only A copy of cipher text alone is known to the cryptanalyst Known plaintext The cryptanalyst has a copy of the cipher text and the corresponding plaintext Chosen plaintext The cryptanalysts gains temporary access to the encryption machine They cannot open it to find the key however they can encrypt a large number of suitably chosen plaintexts and try to use the resulting cipher texts to deduce the key Chosen cipher text The cryptanalyst obtains temporary access to the decryption machine uses it to decrypt several string of symbols and tries to use the results to deduce the key STEGANOGRAPHY A plaintext message may be hidden in any one of the two ways The methods of steganography conceal existence the of the message whereas the of methods cryptography render the message unintelligible to outsiders by various transformations of the text A simple form of steganography but one that is time consuming to construct is one in which an arrangement of words or letters within an apparently innocuous text spells out the real message e g i the sequence of first letters of each word of the overall message spells out the real Hidden message ii Subset of the words of the overall message is used to convey the hidden message Various other techniques have been used historically some of them are Character marking selected letters of printed or typewritten text are overwritten in pencil The marks are ordinarily not visible unless the paper is held to an angle to bright light Invisible ink a number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper Pin punctures small pin punctures on selected letters are ordinarily not visible unless the paper is held in front of the light Typewritten correction ribbon used between the lines typed with a black ribbon the results of typing with the correction tape are visible only under a strong light Drawbacks of steganography Requires a lot of overhead to hide a relatively few bits of information Once the system is discovered it becomes virtually worthless SECURITY SERVICES The classification of security services are as follows Confidentiality Ensures that the information in a computer system a n d transmitted information are accessible only for reading by authorized parties E g Printing displaying and other forms of disclosure Authentication Ensures that the origin of a message or electronic document is correctly identified with an assurance that the identity is not false Integrity Ensures that only authorized parties are able to modify computer system assets and transmitted information Modification includes writing