CompileArtisan

Computer Security

Table of Contents

1. Introduction

1.1. Types of Security

1.1.1. Computer Security

  • It is designed to protect data which is stored in a device with the help of tools.

1.1.2. Network Security

  • It is designed to protect data during transmission using LAN, WAN.

1.1.3. Internet Security

  • It is designed to protect data during their transmission over an interconnected network.

1.2. What is an information system?

  • Any form of hardware or software used to store information.
  • It consists of computing resources (processor, memory, RAM, etc), data, processes, software.

2. CIA Triad: What is Computer Security?

  • The protection provided to an automated information system in order to attain the applicable objectives of preserving the confidentiality, integrity and availability of information system resources.

2.1. Confidentiality

  • Give authorization to access data.
  • Confidentiality covers two concepts:

2.1.1. Data Confidentiality

  • Confidentiality tells us that if you have the authorization, you can access data.

2.1.2. Privacy

  • Privacy tells us that even if you are authorized, you may not be able to access all of the data.

2.2. Integrity

  • The data you store and the data you retrieve should be the same: it shouldn’t be manipulated or destroyed in the process.
  • Again, integrity covers two concepts:

2.2.1. Data Integrity

2.2.2. System Integrity

  • The information system should not be tamper-able.
  • For example, an ATM machine should have system integrity. Data integrity should be ensured in the bank account.

2.3. Availability

  • The data should be available without any hurdles.

3. Three Aspects of Information Security

3.1. Security Attack

  • Actions which compromise on security information.
  • It is an assualt on system security that derives from an intelligent threat.
  • The basic two types of attacks are:

3.1.1. Security Threat

  • It’s a potential danger that might exploit vulnerability.

3.1.2. Two types of Attacks

  1. Active Attack
    • An attacker tries to modify the content of the messages.
    • The data stream is directly modified.
    • This is a threat for System Integrity and Availability.
    • You can’t prevent an active attack. You get to know about it only after the content of the messages is modified.
    • Examples include Password Tracking, Replay Attack and Viruses.
  2. Passive Attack
    • An attacker observes the messages, and uses them for malicious purposes information.
    • Here, the data stream is just monitored, not modified.
    • This is a threat for Confidentiality.
    • You can prevent and detect a passive attack. A passive attack becomes an active attack when data is modified.
    • Examples include snooping, sniffing and eavesdropping.

3.2. Security Service

  • It is intended to counter security attacks by using security mechanisms.
  • It replicates functions normally associated with physical documents.
  • Services are essentially the desired outcomes (essentially the CIA triad) of a protected system.

3.2.1. Definitions by different standards

  1. X.800
    • It’s a
    1. Authentication
    2. Access Control (Data Privacy)
    3. Confidentiality
    4. Data Integrity
    5. Non-Repudiation (Rejection)
      • Protection against Denial of Service.

3.2.2. Notorization

  • It’s an official witness for signing a document. The person/body who does this is called a notary.

3.3. Security Mechanism

  • These are HOW to counter security attacks (detect one, or recover from one).
  • They involve the tools/methods like cryptography or key-establishments.

4. OSI Security Architecture

  • It’s a standard framework of

5. Models for the Security of Network

There are two models for security of networks

5.1. Model for Network Security

  • The sender passes secret information (key) as an argument, and runs a security-related transformation (encryption) on the message.
  • The output of this is an encrypted message.
  • This encrypted message passes through an information channel which is open to anyone and absolutely any passive attack.
  • The reciever passes secret information (key) as an argument, and runs a security-related transformation (decryption) on the encrypted message and gets back the original message.

  • The keys and the information channel is provided by a trusted third party.

    network_security.png

5.2. Model for Network Access Security

  • This model requires to select an appropriate gatekeeper function to identify the user of an information system.
  • The gatekeeper function is a security checkpoint which decides who can enter and what actions are allowed.
  • Even after entry to the system, security continues to provide role-based access control, file-permissions, and login.

5.2.1. Types of attacks on access controls

  1. Brute-Force Attacks
    • You keep trying all combinations of characters in all possible lengths, until you actually crack the password.
  2. Dictionary Attacks
    • Guessing passwords from a predefined dictionary of common words, phrases and passwords,

5.2.2. Layered Security Tools/Devices

Firewall IPS IDS
It’s a network security device Intrusion Prevention System Intrusion Detection System
that filters incoming and is a network security device is a network security device
outgoing traffic based on IP that detects, inspects or software that monitors
address and port numbers. the contents of the packets traffic for malicious
  and classifies traffic. activity and alerts on
    detection.
This should be the first line Should be placed after Should be placed after
of defence. firewall. firewall.
Blocks traffic. Prevents traffic when Alerts on detection of
  anomaly is detected. anomaly.
     

5.2.3. Zero-Day Attack

  • It’s an attack that can happen at any point of time, without any prior signs.
  • Zero-day attack happens when a malicious actor uses a zero-day attack to plant malware.

6. Malicious Program

6.1. Host Dependent Malicious Programs

6.1.1. Virus

  • It’s a malicious program that replicates itself and spread across the files of the same system.

6.1.2. Trojan Horse

  • These are malware that are disguised as legitimate programs/softwares to trick the users into installing them.

6.1.3. Trapdoors/Backdoor

  • Malware which enter using undocumented entry points.

6.1.4. Logic Bomb

  • Malware that remain inactive until some conditions are met.

6.2. Host independent Malicious Programs

6.2.1. Worms

  • It’s a malicious program that replicates itself (just like viruses), but they spread across different systems.
  • The first worm in the world is called the Morris Worm, and was released in November 1988 by Robert Morris (Not Robert Worm).

6.2.2. Zombie

  • It takes control of an entire system.

7. Cryptography

7.1. Basic Terminology

Word Meaning
Plain Text Original Message
Cipher Text Encrypted Message
Cipher Algorithm for encrypting
Key Secret Info, used in Cipher only known to sender and Reciever
Encipher Process of Encrypting
Decipher Process of Decrypting
Cryptography Study of Encryption Principles/Methods
Cryptanalysis Study of deciphering cipher text, without knowing the key
Cryptology Field of both cryptography and cryptanalysis

7.2. Types of Cryptography

7.2.1. Based on Encryption Techniques

  1. Substitution
    1. Classical Substitution Cipher
      • Every occurrence of a plain text symbol is replaced by a corresponding ciphertext character.
      1. Ceaser/Shift Cipher

        This is the earliest known subsitution cipher. \[ C_{1} = e(m_{1}) = m_{1} + k\mod(s) \]

        1. For example, let m = college, k = 3 and s = 26.
          • C1[1] = (position of ’c’) + 3mod(26) = f
          • C1[2] = (position of ’o’) + 3mod(26) = r
          • C1[3] = (position of ’l’) + 3mod(26) = o
          • C1[4] = (position of ’l’) + 3mod(26) = o
          • C1[5] = (position of ’e’) + 3mod(26) = h
          • C1[6] = (position of ’g’) + 3mod(26) = j
          • C1[7] = (position of ’e’) + 3mod(26) = h
          • Hence, C1 = e(college) = froohjh
        2. In general, for alphabets, Ceasar Cipher is given as
          Encryption: \(E(P) = (P+K)\mod(26)\)
          Decryption: \(D(C) = (C-K)\mod(26)\)
        3. For example, Encrypt KHOOR with k=4
          • C1[1] = (position of ’K’) + 4mod(26) = O
          • C1[2] = (position of ’H’) + 4mod(26) = L
          • C1[3] = (position of ’O’) + 4mod(26) = S
          • C1[4] = (position of ’O’) + 4mod(26) = S
          • C1[5] = (position of ’R’) + 4mod(26) = V
          • Hence the string is OLSSV
        4. Decrypt Ciphertext ABC, k=3
          • A: \((0-3)\mod26 = -3\mod(26) = (-3+26)\mod(26) = 23\)
        5. Cryptanalysis
          1. Break the ciphertext WKLV using cryptanalysis

            The program given below is a very simple Python Script to generate all possible plaintexts for a given ciphertext. 

            def breakCaesar(x):
    for k in range(26):
        for c in x.upper():
            shift = (ord(c) - ord('A') - k)%26 
            cipher_char = chr(ord('A')+shift)
            print(cipher_char, end="")
        print(end=", ")
        
breakCaesar("WKLV")


            WKLV, VJKU, UIJT, THIS, SGHR, RFGQ, QEFP, PDEO, OCDN, NBCM, MABL, LZAK, KYZJ, JXYI, IWXH, HVWG, GUVF, FTUE, ESTD, DRSC, CQRB, BPQA, AOPZ, ZNOY, YMNX, XLMW,

            Explanation: For each alphabet, this is what’s happening:

            • ord(c) - ord('A') is basically the difference between the ASCII value of the character in the string, and the ASCII value of the letter ’A’. This difference is in the range 0-25. ord(c) - ord('A') is the value of \(C\) in \(D(C) = (C-K)\mod(26)\).
            • - k is doing the \((C-K)\) part in \(D(C) = (C-K)\mod(26)\).
            • % 26 is doing the \(\mod(26)\) part in \(D(C) = (C-K)\mod(26)\).
            • We add ord('A') to the shift so that we can convert this number back to ASCII.
            • To convert the ASCII value back into a number, we have to typecast it into a character, by passing it into the chr() function.
          2. Break the ciphertext GWTBS
            breakCaesar("GWTBS")

            GWTBS, FVSAR, EURZQ, DTQYP, CSPXO, BROWN, AQNVM, ZPMUL, YOLTK, XNKSJ, WMJRI, VLIQH, UKHPG, TJGOF, SIFNE, RHEMD, QGDLC, PFCKB, OEBJA, NDAIZ, MCZHY, LBYGX, KAXFW, JZWEV, IYVDU, HXUCT,
      2. Railfence Cipher

        \[ \]

        n           k           .
          o       i   e       b  
            t   l       _   o    
              _           b      
    2. Simple Substitution/ Monoalphabetic
      • Rather than shifting the alphabets, you shuffle the alphabets randomly.
      • Every plain text letter maps to a random cipher text letter, hence there are 26 keys.
      • Given a ciphertext, there are \(26!\) possible plain texts.
      • The relative letter frequencies never change.
    3. Polygram
      • A block of plain text symbols is replaced by a corresponding ciphertext block of characters.
      • Sequence of two plain text characters are known as digrams, replaced by other digrams.

      • For example, the word 

        CO LL EG Ex

        This can become, say (random, just for example): 

        xy ab up ld
      1. Playfair Cipher
        1. Explanation
          • Make a \(5 \times 5\) matrix. In these 25 spaces, you’ll have to fill all 26 alphabets. To accommodate the extra alphabet, we merge I and J in one box, by convention.
          • You start by filling the alphabets of the keyword given (without repetition).
          • After you’re done with that, start with the rest of the alphabet, and fill in the rest of the gaps in order without repetition.
          1. Example we’ll be using to learn the rules
            • keyword: CRYPTOGRAPHY CLASS SPRING
            C R Y P T
            O G A H L
            S I/J N B D
            E F K M Q
            U V W X Z
          2. How to Encrypt a given plain text
            1. If letters of a pair are both same, then add an x after the first letter and encrypt the new pair.

              • For example: If you have the word H E L L O, you’d resolve it as: 

                HE LX LO

                and not 

                HE LL O
            2. If letters appear on the same row, replace them with the letters to their immediate right with wrapping, according to the direction.

              • For example, consider one row of the matrix to be:

                O G A H L

                For HA, the corresponding plain text could be LH or AG. In our course, we’ll stick to AG.

            3. If letters appear on the same column, replace them with the letters immediately below, also with wrapping according to the direction.

              • For example, consider one column of the matrix to be:

                Y
                A
                N
                K
                W
                • For NK, the corresponding plain text would be KW.
                • For YW, the corresponding plain text would be AY.
            4. If letters are not on the same row/column, replace them with the letters on the same row respectively but add the other pair of corners of the rectangle, by the original pair.
          3. Demonstration of the plain text being encrypted
            • Consider the plain text “Hello find the solution”.

            • This will be broken into: 

              HE   LX   LO   FI   ND   TH   ES   OL   UT   IO   NZ

            • And the encrypted text will look like: 

              OQ   OZ   OG   IG   BS   PL   SO   GO   ZC   SG   DW
        2. Solving another Example

          • Keyword: KEYWORD

            K E Y W O
            R D A B C
            F G H I/J L
            M N P Q S
            T U V X Z
          1. Plain Text: Why don’t you

            • This will be broken into: 

              WH   YD   ON   TY   OU

            • And the encrypted text will look like: 

              KL   OR   KS   ZK   KZ
          2. Plain Text: Come to the window

            • This will be broken into: 

              CO   ME   TO   TH   EW   IN   DO   WX

            • And the encrypted text will look like: 

              OZ   NK   ZK   VF   YO   GQ   CE   BW
    4. Homophonic
      • If a letter \(x\) appears for \(y\%\) of all characters, we assign \(y\) number of symbols to represent it.
    5. Polyalphabetic
  2. Transposition
  3. Product

7.2.2. Based on Number of Keys

  1. Single/Private Key
    • It’s called symmetric key encryption.
  2. Two-key or Public Key cryptography
    • It’s called assymmetric key encryption.

7.2.3. Based on how plaintext is processed

  1. Block
    • Block Cipher transforms a fixed length of plaintext data into a block of ciphertext of the same length, with the help of a secret key.
    • The most commonly used length of text (size of the block) is 64 bits.
    • Two types are:
      • Transposition
      • Substitution
  2. Stream