Scribd
Upload
91 views4 pages

Cryptography - Module 1

Cryptology involves cryptography, which focuses on creating secret codes, and cryptanalysis, which is the study of breaking secret codes. A cryptanalyst tries to decipher ciphertexts to derive the original plaintext or encryption key. Computer security principles include confidentiality, availability, integrity, non-repudiation, access control, and authentication. Approaches to security include symmetric and asymmetric cryptography, hash functions, and digital signatures, while common attacks are known-plaintext analysis, chosen-plaintext analysis, ciphertext-only analysis, man-in-the-middle attacks, and brute-force attacks.

Uploaded by

Arka Kundu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
91 views4 pages

Cryptography - Module 1

Cryptology involves cryptography, which focuses on creating secret codes, and cryptanalysis, which is the study of breaking secret codes. A cryptanalyst tries to decipher ciphertexts to derive the original plaintext or encryption key. Computer security principles include confidentiality, availability, integrity, non-repudiation, access control, and authentication. Approaches to security include symmetric and asymmetric cryptography, hash functions, and digital signatures, while common attacks are known-plaintext analysis, chosen-plaintext analysis, ciphertext-only analysis, man-in-the-middle attacks, and brute-force attacks.

Uploaded by

Arka Kundu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cryptology has two parts namely,

Cryptography: Focuses on creating secret codes.


Cryptanalysis: The study of the cryptographic algorithm and the
breaking of those secret codes.
The person practicing Cryptanalysis is called a Cryptanalyst.
For example, a Cryptanalyst might try to decipher a ciphertext to
derive the plaintext. It can help us to deduce the plaintext or the
encryption key.

Need for Computer Security:


 Data Protection
 Preventing Cyber Threats
 Privacy Preservation
 Adaptation to Evolving Threats
 User Awareness

Principles of Security:

Confidentiality:
The principle specifies that only the sender and receiver will be
able to access the information shared between them.
Confidentiality compromises if an unauthorized person is able to
access a message.

Availability:
The principle of availability states that the resources will be
available to authorize party at all times.

Integrity:
Integrity gives the assurance that the information received is
exact and accurate.
 System Integrity: Assures that a system performs free from
deliberate or unauthorized manipulation of the system.

 Data Integrity: Assures that information (both stored and


in transmitted packets) and programs are changed only in a
specified and authorized manner.

Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the
message content sent through a network.
In some cases, the sender sends the message and later denies it.
But the non-repudiation does not allow the sender to refuse the
receiver.

Access control:
Role management determines who should access the data while
rule management determines up to what extent one can access
the data. The information displayed is dependent on the
person who is accessing it.

Authentication:
Authentication is to identify the user or system or the entity. It
ensures the identity of the person trying to access the
information. The authentication is mostly secured by using
username and password.

Issues of ethics and law:


 Privacy: Individuals’ right to access personal information.
 Property: It is concerned with the information’s owner.
 Accessibility: An organization’s right to collect information.
Security Approaches:

Symmetric Cryptography:
Uses a single, shared key for both encryption and decryption.
Fast and computationally efficient. || Key distribution can be
challenging.
Asymmetric Cryptography:
Uses a pair of public and private keys for encryption and
decryption.
Provides a secure means of key exchange and digital signatures.
Computationally more intensive than symmetric cryptography.

Hash Functions:
Converts input data into a fixed-size string of characters, often
for verification purposes.
Efficient for data integrity checks. || Irreversibility (hashes
cannot be easily decrypted).

Digital Signatures:
Verifies the authenticity and integrity of a message using
asymmetric cryptography.
Provides non-repudiation and message integrity.
Requires the management of public and private key pairs.

Quantum Cryptography:
Leverages principles of quantum mechanics to secure
communication channels.
Potentially resistant to attacks by quantum computers.
Practical implementation and scalability.
Types of Attacks:

Known-Plaintext Analysis (KPA):


Some plaintext-ciphertext pairs are already known. Attacker
maps them in order to find the encryption key. This attack is
easier to use.
Chosen-Plaintext Analysis (CPA):
The attacker chooses random plaintexts and obtains the
corresponding ciphertexts and tries to find the encryption key.
Very simple to implement but the success rate is quite low.
Ciphertext-Only Analysis (COA):
Some cipher-text is known and the attacker tries to find the
corresponding encryption key and plaintext. It is the hardest to
implement but is the most probable attack as only ciphertext is
required.
Man-In-The-Middle (MITM) attack:
Attacker intercepts the message/key between two communicating
parties through a secured channel.
Adaptive Chosen-Plaintext Analysis (ACPA):
Similar like CPA. The attacker requests the cipher texts of
additional plaintexts after they have ciphertexts for some texts.
Brute-force attack:
It involves trying every possible key until the correct one is found.
Simple to implement, it can be time-consuming and
computationally expensive, especially for longer keys.

You might also like