Digital Notes

Information Security
III [Link] I Semester
(2024-25)
Department of CSE (Data Science)
School of Engineering
 UNIT-1
SECURITY CONCEPTS
 INTRODUCTION
• Information security is the practice of protecting information by mitigating information risks.
• It involves the protection of information systems and the information processed, stored and
transmitted by these systems from unauthorized access, use, disclosure, disruption,
modification or destruction.
• This includes the protection of personal information, financial information, and sensitive or
confidential information stored in both digital and physical forms.
• Information Security requirements have changed in recent times traditionally provided by
physical and administrative mechanisms computer use requires automated tools to protect
files and other stored information.
• Use of networks and communications links requires measures to protect data during
transmission, where the activities like hacking, viruses, electronic fraud are very common.
Some simple examples are:
• Online purchases using a credit/debit card.
• A customer unknowingly being directed to a false website.
• A hacker sending a message to a person pretending to be someone else.
 Terminology & Security Trends
• Computer Security : Protection
of computer systems and information
from harm, theft, and unauthorized use.

• Network Security : Measures to protect

data during their transmission.

• Internet Security : Measures to protect

data during their transmission over a
collection of interconnected networks.
 NEED FOR SECURITY
• Protecting Confidential Information: Confidential information, such as personal data,
financial records, trade secrets, and intellectual property, must be kept secure to prevent it
from falling into the wrong hands. This type of information is valuable and can be used for
identity theft, fraud, or other malicious purposes.

• Complying with Regulations: Many industries, such as healthcare, finance, and government,
are subject to strict regulations and laws that require them to protect sensitive data. Failure
to comply with these regulations can result in legal and financial penalties, as well as damage
to the organization’s reputation.

• Maintaining Business Continuity: Information security helps ensure that critical business
operations can continue in the event of a disaster, such as a cyber-attack or natural disaster.
Without proper security measures in place, an organization’s data and systems could be
compromised, leading to significant downtime and lost revenue.
• Protecting Customer Trust: Customers expect organizations to keep their data safe and
secure. Breaches or data leaks can erode customer trust, leading to a loss of business and
damage to the organization’s reputation.

• Preventing Cyber-attacks: Cyber-attacks, such as viruses, malware, phishing, and

ransomware, are becoming increasingly sophisticated and frequent. Information security
helps prevent these attacks and minimizes their impact if they do occur.

• Protecting Employee Information: Organizations also have a responsibility to protect

employee data, such as payroll records, health information, and personal details. This
information is often targeted by cybercriminals, and its theft can lead to identity theft and
financial fraud.
 Security approaches
Three aspects of security approaches are : Prevention, Protection, Resilience.

• Security as prevention : This approach seeks to prevent threats from arising in the first place
by addressing the underlying causes that generate them before they emerge.

• Security as protection : This approach seeks to control, defend against, or eliminate a

manifest threat.

• Security as resilience : When threats cannot be controlled or eliminated, security as

resilience focuses on the ability of social systems to “bounce back” and recover from shocks.
It concerns the flexibility and adaptability of societies, their rigidities, and how they can
reduce their vulnerability to disruption and collapse.
 PRINCIPLES OF SECURITY
Security principles denote the basic guidelines that should be used when designing a secure
system. Experience shows that a crucial success factor in the design of a secure system is the
correct consideration of the security principles. Some of the key security fundamentals includes

➢ Confidentiality
➢ Integrity
➢ Availability
➢ Authentication
➢ Authorization
➢ Encryption
➢ Risk management
➢ Incident response
➢ Disaster recovery
 TYPES OF SECURITY ATTACKS
Any action that compromises the security of information owned by an organization information
security is about how to prevent attacks, or failing that, to detect attacks on information-based
systems often threat & attack used to mean same thing have a wide range of attacks. A useful
means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive
attacks and active attacks.

• A passive attack attempts to learn or make use of information from the system but does not
affect system resources.

• An active attack attempts to alter system resources or affect their operation.

• Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.
• The release of message contents A telephone conversation, an electronic mail message, and
a transferred file may contain sensitive or confidential information. We would like to prevent
an opponent from learning the contents of these transmissions.

• A second type of passive attack, traffic analysis, is subtler .Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if
they captured the message, could not extract the information from the message.

Passive attacks are very difficult to detect , because they do not involve any alteration of the data.
Typically, the message traffic is sent and received in an apparently normal fashion, and neither
the sender nor the receiver is aware that a third party has read the messages or observed the
traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
 ACTIVE ATTACKS
Active attacks involve some modification of the data stream or the creation of a false stream and
can be subdivided into four categories: masquerade , replay, modification of messages, and denial
of service.
• A Masquerade takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack. For example, authentication
sequences can be captured and replayed after a valid authentication sequence has taken
place, thus enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
• Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
• Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered , to produce an unauthorized effect. For
example, a message meaning “Allow John Smith to read confidential file accounts” ismodified
to mean “Allow Fred Brown to read confidential file accounts.”
• The Denial of Service prevents or inhibits the normal use or management of communications
facilities .This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service). Another form
of service denial is the disruption of an entire network—either by disabling the network or by
overloading it with messages so as to degrade performance.
Active Attack Passive Attack

In an active attack, Modification in information takes place. While in a passive attack, Modification in the information does not take place.

Active Attack is a danger to Integrity as well as availability. Passive Attack is a danger to Confidentiality.

In an active attack, attention is on prevention. While in passive attack attention is on detection.

Due to active attacks, the execution system is always damaged. While due to passive attack, there is no harm to the system.

In an active attack, Victim gets informed about the attack. While in a passive attack, Victim does not get informed about the attack.

In an active attack, System resources can be changed. While in passive attack, System resources are not changing.

Active attack influences the services of the system. While in a passive attack, information and messages in the system or network are acquired.

While passive attacks are performed by collecting information such as passwords, and messages by
In an active attack, information collected through passive attacks is used during execution.
themselves.

An active attack is tough to restrict from entering systems or networks. Passive Attack is easy to prohibit in comparison to active attack.

Can be easily detected. Very difficult to detect.

The purpose of an active attack is to harm the ecosystem. The purpose of a passive attack is to learn about the ecosystem.

In an active attack, the original information is modified. In passive attack original information is Unaffected.

The duration of an active attack is short. The duration of a passive attack is long.

The prevention possibility of active attack is High The prevention possibility of passive attack is low.

Complexity is High Complexity is low.

 SECURITY SERVICES
• It is a processing or communication service that is provided by a system to give a specific kind
of production to system resources. Security services implement security policies and are
implemented by security mechanisms.
➢ Confidentiality –providing security to the data sent through the network.
➢ Authentication – identification of user identity ( both sender and receiver).
➢ Integrity – no modification should be done during the transmission.
➢ Non-repudiation –preventing from denial f service attacks.
➢ Access Control – preventing unauthorized access to users.

• X.800 divides these services into five categories and fourteen specific services.
 SECURITY MECHANISMS
Feature designed to detect, prevent, or recover from a security attack no single mechanism that
will support all services required (6 services) however one particular element underlies many of
the security mechanisms in use:
• cryptographic techniques

X.800 define security mechanism as follow:

• specific security mechanisms: Encipherment, Digital Signatures, Access Controls, Data

Integrity, Authentication Exchange, Traffic Padding, Routing Control, Notarization
• Pervasive Security Mechanisms: Trusted Functionality, Security Labels, Event Detection,
Security Audit Trails, Security Recovery
RELATIONSHIP BETWEEN SECURITY
SERVICES & MECHANISMS
 MODEL FOR NETWORK SECURITY
• A Network Security Model exhibits how the security service has been designed over the
network to prevent the opponent from causing a threat to the confidentiality or authenticity
of the information that is being transmitted through the network.
• For a message to be sent or receive there must be a sender and a receiver. Both the sender
and receiver must also be mutually agreeing to the sharing of the message. Now, the
transmission of a message from sender to receiver needs a medium i.e. Information
channel which is an Internet service.
• A logical route is defined through the network (Internet), from sender to the receiver and
using the communication protocols both the sender and the receiver established
communication.
Considering this general model of network security, one must consider the following four tasks
while designing the security model.
• To transform a readable message at the sender side into an unreadable format, an
appropriate algorithm should be designed such that it should be difficult for an opponent to
crack that security algorithm.
• Next, the network security model designer is concerned about the generation of the secret
information which is known as a key.
This secret information is used in conjunction with the security algorithm in order to
transform the message.
• Now, the secret information is required at both the ends, sender’s end and receiver’s end. At
sender’s end, it is used to encrypt or transform the message into unreadable form and at the
receiver’s end, it is used to decrypt or retransform the message into readable form.
So, there must be a trusted third party which will distribute the secret information to both
sender and receiver. While designing the network security model designer must also
concentrate on developing the methods to distribute the key to the sender and receiver.
An appropriate methodology must be used to deliver the secret information to the
communicating parties without the interference of the opponent.
 A MODEL FOR NETWORK ACCESS
SECURITY
• There are two ways to secure your system from attacker of which the first is to introduce
the gatekeeper function. Introducing gatekeeper function means introducing login-
id and passwords which would keep away the unwanted access.
• Hacker: The one who is only interested in penetrating into your system. They do not cause
any harm to your system they only get satisfied by getting access to your system.
• Intruders: These attackers intend to do damage to your system or try to obtain the
information from the system which can be used to attain financial gain.

The attacker can place a logical program on your system through the network which can affect
the software on your system. This leads to two kinds of risks:

• Information threat: This kind of threats modifies data on the user’s behalf to which actually
user should not access. Like enabling some crucial permission in the system.
• Service threat: This kind of threat disables the user from accessing data on the system.
CRYPTOGRAPHY CONCEPTS &
TECHNIQUES
 INTRODUCTION
• CIPHER TEXT - the coded message
• CIPHER - algorithm for transforming plaintext to cipher text
• KEY - info used in cipher known only to sender/receiver
• ENCIPHER (ENCRYPT) - converting plaintext to cipher text
• DECIPHER (DECRYPT) - recovering cipher text from plaintext
• CRYPTOGRAPHY - study of encryption principles/methods
• CRYPTANALYSIS (CODEBREAKING) - the study of principles/ methods of deciphering cipher
text without knowing key
• CRYPTOLOGY - the field of both cryptography and cryptanalysis
 PLAIN TEXT & CIPHER TEXT
• In cryptography, plaintext is usually ordinary readable text before it is encrypted into
ciphertext, or readable text after it is decrypted.

• Ciphertext is encrypted text transformed from plaintext using an encryption algorithm.

Ciphertext can't be read until it has been converted into plaintext (decrypted) with a key. The
decryption cipher is an algorithm that transforms the ciphertext back into plaintext.

EXAMPLE: "GOOD DOG" can be encrypted as "PLLX XLP" where "L" substitutes for
"O", "P" for "G", and "X" for "D" in the message.

Transposition of the letters "GOOD DOG" can result in "DGOGDOO".

DIFFERNCES BETWEEN PLAIN TEXT &
CIPHER TEXT

Plaintext Ciphertext
Written in plain language/computer
Algorithmically altered text
code
Readable by humans Unreadable by humans
Unsecured from third parties Secured from third parties
Does not require a cipher to interpret Requires a cipher to interpret
Cryptographic systems are generically classified along three independent dimensions:
• The type of operations used for transforming plaintext to ciphertext. All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and
transposition, in which elements in the plaintext are rearranged. The fundamental
requirement is that no information be lost (that is, that all operations be reversible). Most
systems, referred to as product systems, involve multiple stages of substitutions and
transpositions.
• The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and
receiver each use a different key, the system is referred to as asymmetric, two-key, or public-
key encryption.
• The way in which the plaintext is processed. A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher
processes the input elements continuously, producing output one element at a time, as it
goes along.
• Cryptographic systems are generally classified along two independent dimensions:

• Type of operations used for transforming plain text to cipher text - All the encryption
algorithms are based on two general principles:
– substitution, in which each element in the plaintext is mapped into another element,
and
– transposition, in which elements in the plaintext are rearranged.
 Cryptanalysis and Brute-Force Attack
Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the plaintext or even some simple plaintext-
ciphertext pairs. This type of attack finds characteristics of the algorithm to find a specific
plaintext or to find key.
Brute-force attack: The attacker tries every possible key on a piece of ciphertext until plaintext is
obtained. On average, half of all possible keys must be tried to achieve success.

Based on the amount of information known to the cryptanalyst cryptanalytic attacks can be
categorized as:

• Cipher text Only Attack: The attacker knows only cipher text only. It is easiest to defend.

• known plaintext Attack: In this type of attack, the opponent has some plaintext-cipher text
pairs. Or the analyst may know that certain plaintext patterns will appear in a message. For
example, there may be a standardized header or banner to an electronic funds transfer
message and the attacker can use that for generating plaintext-cipher text pairs.
• Chosen plaintext: If the analyst is able somehow to get the source system to insert into the
system a message chosen by the analyst, then a chosen-plaintext attack is possible. In such a
case, the analyst will pick patterns that can be expected to reveal the structure of the key.

• Chosen Cipher text: In this attack, the analyst has cipher text and some plaintext-cipher text
pairs where cipher text has been chosen by the analyst.

• Chosen Text: Here, the attacker has got cipher text, chosen plaintext-cipher text pairs and
chosen cipher text-plaintext pairs.

• Chosen cipher text and chosen text attacks are rarely [Link] is assumed that the attacker
knows the encryption and decryption [Link], an encryption algorithm is
designed to withstand a known-plaintext attack
 SUBSTITUTION TECHNIQUES
The symmetric key cryptographic method employs one secret key for the operations of
encryption and decryption. Substitution techniques provide two significant approaches, wherein
elements (letters, characters) from the plaintext message are replaced with new elements
according to the rules based on the secret key.
• Caesar Cipher: Caesar cipher has since their predictability is so complete and no complexity is
invested.
• Monoalphabetic Ciphers: This is where the ciphers use one rule of substitution throughout
the message. This may involve replacing letters with numbers, symbols, or another set of
letters in another order.
• Playfair Cipher: Implementation of repeated letters or letter pairs can expose patterns, and
cryptanalysis techniques exist to exploit them.
• Hill Cipher: This cipher operates on blocks of letters (typically bigrams or trigrams) using a
matrix multiplication approach. The Hill ciphers have a limitation on key size and
susceptibility towards cryptanalysis for larger key sizes.
• Polyalphabetic Ciphers: This is the type of cipher where any one of the letters in the
plaintext is substituted by a different letter to keep frequency analysis challenging. For
example, the Vigenère cipher operates with a keyword that would determine the shift value
for each letter in the plaintext.
• One-Time Pad (OTP): It is a theoretically impossible cipher where the key is a random string
of characters that is exactly as long as the message itself. The key is used for a single
encryption and then discarded.
 Caesar Cipher Technique
The Caesar cipher is the simplest and oldest method of cryptography. The Caesar cipher method
is based on a mono-alphabetic cipher and is also called a shift cipher or additive cipher. Julius
Caesar used the shift cipher (additive cipher) technique to communicate with his officers. For this
reason, the shift cipher technique is called the Caesar cipher. The Caesar cipher is a kind of
replacement (substitution) cipher, where all letter of plain text is replaced by another letter.
The formula of encryption is:
En (x) = (x + n) mod 26
The formula of decryption is:
Dn (x) = (xi - n) mod 26
If any case (Dn) value becomes negative (-ve), in this case, we will add 26 in the negative value.
Where,
• E denotes the encryption
D denotes the decryption
x denotes the letters value
• n denotes the key value (shift value)
• "i" denotes the offset of the ith number of the letters, as shown in the table below.
 Use the Caesar cipher to encrypt and decrypt the message "HELLO," and the key (shift) value of
this message is 15.

Encryption
We apply encryption formulas by character, based on alphabetical order.

The formula of encryption is:

En (x) = (x + n) mod 26

Plaintext: H → 07 En: (07 + 15) mod 26 Ciphertext: 22 → W

Plaintext: E → 04 En: (04 + 15) mod 26 Ciphertext: 19 → T

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: O → 14 En: (14 + 15) mod 26 Ciphertext: 03 → D

The encrypted message of this plain text is "WTAAD".

 Decryption
• We apply decryption formulas by character, based on alphabetical order.

The formula of decryption is:

Dn (x) = (xi - n) mod 26

Ciphertext: W → 22 Dn: (22 - 15) mod 26 Plaintext: 07 → H

Ciphertext: T → 19 Dn: (19 - 15) mod 26 Plaintext: 04 → E
Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L
Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L
Ciphertext: D → 03 Dn: (03 - 15) mod 26 Plaintext: 14 → O

The decrypted message is "HELLO".

Advantages of Caesar cipher
• It is very easy to implement.
• This method is the simplest method of cryptography.
• Only one short key is used in its entire process.
• If a system does not use complex coding techniques, it is the best method for it.
• It requires only a few computing resources.

Disadvantages of Caesar cipher

• It can be easily hacked. It means the message encrypted by this method can be easily
decrypted.
• It provides very little security.
• By looking at the pattern of letters in it, the entire message can be decrypted.
 Monoalphabetic Cipher
Monoalphabetic Cipher is a part of the substitution technique in which a single cipher alphabet is
used per message (mapping is done from plain alphabet to cipher alphabet). Monoalphabetic
cipher converts plain text into cipher text and re-convert a cipher text to plain text.
▪ Instead of shifting alphabets by fixed amount as in Caesar cipher, any random permutation is
assigned to the alphabets. This type of encryption is called monoalphabetic substitution
cipher.
▪ For example, A is replaced by Q, B by D, C by T etc. then it will be comparatively stronger
than Caesar cipher.
▪ The number of alternative keys possible now becomes 26!.
▪ Thus, Brute Force attack is impractical in this case.
▪ However, another attack is possible. Human languages are redundant i.e. certain characters
are used more frequently than others. This fact can be exploited.
▪ In English ‘e’ is the most common letter followed by ‘t’, ‘r’, ‘n’, ’o’, ‘a’ etc. Letters like ‘q’, ‘x’, ‘j’
are less frequently used.
▪ Moreover, digrams like ‘th’ and trigrams like ‘the’ are also more frequent.
▪ Tables of frequency of these letters exist. These can be used to guess the plaintext if the
plaintext is in uncompressed English language.
▪ The most common two letter combinations are called as digrams. e.g. th, in, er, re and an.
▪ The most common three letter combinations are called as trigrams. e.g. the, ing, and, and ion
Advantages of Monoalphabetic Cipher
• Better Security than Caesar Cipher.
• Provides Encryption and Decryption to data.
• Monoalphabetic Cipher maintains a frequency of letters.

Disadvantages of Monoalphabetic Cipher

• Monoalphabetic ciphers are easy to break because they reflect the
frequency data of the original alphabet.
• Prone to guessing attack using the English letters frequency of
occurrence of letters.
• The English Language is used so the nature of plain text is known.
• Less secure than a polyalphabetic cipher.
 Playfair cipher
• The Playfair cipher was the first practical digraph substitution cipher. The scheme was
invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted
the use of the cipher. In playfair cipher unlike traditional cipher we encrypt a pair of
alphabets(digraphs) instead of a single alphabet. For the encryption process let us consider
the following example:
Key : monarchy
Message : instruments
• The Playfair Cipher Encryption Algorithm:
The Algorithm consists of 2 steps:

• Generate the key Square(5×5):

– The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet
(usually J) is omitted from the table (as the table can hold only 25 alphabets). If the
plaintext contains J, then it is replaced by I.

– The initial alphabets in the key square are the unique alphabets of the key in the order in
which they appear followed by the remaining letters of the alphabet in order.
• Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters (digraphs).
If there is an odd number of letters, a Z is added to the last letter.
PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz‘
1. Pair cannot be made with same letter. Break the letter in single and add a bogus letter to the
previous letter.
Plain Text: “hello”
After Split: ‘he’ ‘lx’ ‘lo’
Here ‘x’ is the bogus letter.
2. If the letter is standing alone in the process of pairing, then add an extra bogus letter with the
alone letter
Plain Text: “helloe”
AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’
Here ‘z’ is the bogus letter.
• Rules for Encryption:

➢ If both the letters are in the same column: Take the letter below each one (going back to the
top if at the bottom).
For example:
Diagraph: "me"
Encrypted Text: cl
Encryption:
m -> c
e -> l

➢ If both the letters are in the same row: Take the letter to the right of each one (going back to
the leftmost if at the rightmost position).
For example: Diagraph: "st"
Encrypted Text: tl
Encryption:
s -> t
t -> l
• If neither of the above rules is true: Form a rectangle with the two letters and take the letters on
the horizontal opposite corner of the rectangle.
• Diagraph: "nt"
Encrypted Text: rq
Encryption:
n -> r
t -> q

• Plain Text: "instrumentsz"

Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l
n -> r
t -> q
s -> t
z -> x
 Hill Cipher
• The hill cipher is a polygraphic substitution cipher based on Linear Algebra. It was invented
by Lester S. Hill in the year 1929. In simple words, it is a cryptography algorithm used to
encrypt and decrypt data for the purpose of data security.
• The algorithm uses matrix calculations used in Linear Algebra. It is easier to understand if we
have the basic knowledge of matrix multiplication, modulo calculation, and the inverse
calculation of matrices.
• In hill cipher algorithm every letter (A-Z) is represented by a number moduli 26. Usually, the
simple substitution scheme is used where A = 0, B = 1, C = 2…Z = 25 in order to use 2x2 key
matrix.
Encryption
• To encrypt the text using hill cipher, we need to perform the following operation.

E(K, P) = (K * P) mod 26
• Where K is the key matrix and P is plain text in vector form. Matrix multiplication of K and P
generates the encrypted ciphertext.
Steps For Encryption
• Step 1: Let's say our key text (2x2) is DCDF. Convert this key using a substitution scheme
into a 2x2 key matrix as shown below:

• Step 2: Now, we will convert our plain text into vector form. Since the key matrix is 2x2, the
vector must be 2x1 for matrix multiplication. (Suppose the key matrix is 3x3, a vector will be a
3x1 matrix.).In our case, plain text is TEXT that is four letters long word; thus we can put in a
2x1 vector and then substitute as:
• Step 3: Multiply the key matrix with each 2x1 plain text vector, and take the modulo of result
(2x1 vectors) by 26. Then concatenate the results, and we get the encrypted or ciphertext
as RGWL.

How to perform mod operation easily is

• 69%26= 69/26=2.6538461538-2=0.6538461538*26=16.9 (17)
• 58%26=59/26=2.2692307692-2=0.26923076928*26=6
 DECRYPTION
• To encrypt the text using hill cipher, we need to perform the following operation.
D(K, C) = (K-1 * C) mod 26
• Where K is the key matrix and C is the ciphertext in vector form. Matrix multiplication of
inverse of key matrix K and ciphertext C generates the decrypted plain text.
Steps For Decryption
• Step 1: Calculate the inverse of the key matrix. First, we need to find the determinant of the
key matrix (must be between 0-25). Here the Extended Euclidean algorithm is used to get
modulo multiplicative inverse of key matrix determinant
• Step 2: Now, we multiply the 2x1 blocks of ciphertext and the inverse of the key matrix. The
resultant block after concatenation is the plain text that we have encrypted i.e., TEXT.
 Polyalphabetic Ciphers
• Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form
of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on substitution,
using multiple substitution alphabets. The encryption of the original text is done using
the Vigenère square or Vigenère table.
• The table consists of the alphabets written out 26 times in different rows, each alphabet
shifted cyclically to the left compared to the previous alphabet, corresponding to the 26
possible Caesar Ciphers.
• At different points in the encryption process, the cipher uses a different alphabet from one of
the rows.
• The alphabet used at each point depends on a repeating keyword.
• Input : Plaintext : GEEKSFORGEEKS
• Keyword : AYUSH
• Output : Ciphertext : GCYCZFMLYLEIM
• For generating key, the given keyword is repeated in a circular manner until it matches the
length of the plain text. The keyword "AYUSH" generates the key "AYUSHAYUSHAYU" The
plain text is then encrypted using the process explained below.
• Encryption: The first letter of the plaintext, G is paired with A, the first letter of the key. So
use row G and column A of the Vigenère square, namely G. Similarly, for the second letter of
the plaintext, the second letter of the key is used, the letter at row E, and column Y is C. The
rest of the plaintext is enciphered in a similar fashion.
• Decryption: Decryption is performed by going to the row in the table corresponding to the
key, finding the position of the ciphertext letter in this row, and then using the column’s label
as the plaintext. For example, in row A (from AYUSH), the ciphertext G appears in column G,
which is the first plaintext letter. Next, we go to row Y (from AYUSH), locate the ciphertext C
which is found in column E, thus E is the second plaintext letter.
• A more easy implementation could be to visualize Vigenère algebraically by converting [A-Z]
into numbers [0–25].
• Encryption
• The plaintext(P) and key(K) are added modulo 26.
• Ei = (Pi + Ki) mod 26
Decryption: Di = (Ei - Ki) mod 26
• If any case (Di) value becomes negative (-ve), in this case, we will add 26 in the negative
value. Like, the third letter of the ciphertext;
EXAMPLE:
N = 13 and S = 18
Di = (Ei - Ki) mod 26
Di = (13 - 18) mod 26
Di = -5 mod 26
Di = (-5 + 26) mod 26
Di = 21
 One Time Pad
• One Time Pad algorithm is the improvement of the Vernam Cipher, proposed by An Army
Signal Corp officer, Joseph Mauborgne. It is the only available algorithm that is
unbreakable(completely secure). It is a method of encrypting alphabetic plain text. It is one
of the Substitution techniques which converts plain text into ciphertext. In this mechanism,
we assign a number to each character of the Plain-Text.
The two requirements for the One-Time pad are
• The key should be randomly generated as long as the size of the message.
• The key is to be used to encrypt and decrypt a single message, and then it is discarded.
So encrypting every new message requires a new key of the same length as the new message in
one-time [Link] ciphertext generated by the One-Time pad is random, so it does not have any
statistical relation with the plain text.
 Example
• Input: Message = HELLO, Key = MONEY
• Output: Cipher – TSYPM, Message – HELLO
• Explanation:
Part 1: Plain text to Ciphertext

Plain text — H E L L O ? 7 4 11 11 14
Key — M O N E Y ? 12 14 13 4 24
Plain text + key ? 19 18 24 15 38 ? 19 18 24 15 12 (= 38 – 26)
Cipher Text ? T S Y P M

Part 2: Ciphertext to Message

Cipher Text — T S Y P M ? 19 18 24 15 12
Key — M O N E Y? 12 14 13 4 24
Cipher text – key ? 7 4 11 11 -12 ? 7 4 11 11 14
Message ? H E L L O
 TRANSPOSITION TECHNIQUES
Transposition techniques rearrange the order of elements in the plaintext message without
changing the elements themselves.

• Rail Fence Cipher: This is a simple cipher that rearranges the elements by writing the
plaintext message in a zigzag pattern, with the different components written in rows (rails) of
an imaginary fence and then reading through the columns in a standard order. The key to this
is the number of rails used.

• Columnar Transposition: In the case of a plaintext message written in columns and then the
columns rearranged according to a permutation determined by the key, this cipher is known
as columnar transposition. Although it is still vulnerable to cryptanalysis techniques that
exploit the statistical properties of the language.
 Rail Fence Cipher
The rail fence cipher (also called a zigzag cipher) is a form of transposition cipher. It derives its
name from the way in which it is encoded.
Example:
Encryption
Input : "GeeksforGeeks "
Key = 3
Output : GsGsekfrek eoe
Decryption
Input : GsGsekfrek eoe
Key = 3
Output : "GeeksforGeeks "
Encryption
• In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
• In the rail fence cipher, the plain-text is written downwards and diagonally on successive rails
of an imaginary fence.
• When we reach the bottom rail, we traverse upwards moving diagonally, after reaching the
top rail, the direction is changed again. Thus the alphabets of the message are written in a
zig-zag manner.
• After each alphabet has been written, the individual rows are combined to obtain the cipher-
text.
Decryption
The number of columns in rail fence cipher remains equal to the length of plain-text message.
And the key corresponds to the number of rails.
• Hence, rail matrix can be constructed accordingly. Once we’ve got the matrix we can figure-
out the spots where texts should be placed (using the same way of moving diagonally up and
down alternatively ).
• Then, we fill the cipher-text row wise. After filling it, we traverse the matrix in zig-zag manner
to obtain the original text.
Implementation:
Let cipher-text = “GsGsekfrek eoe” , and Key = 3
• Number of columns in matrix = len(cipher-text) = 13
• Number of rows = key = 3
Hence original matrix will be of 3*13 , now marking places with text as ‘*’ we get
 Columnar Transposition
• Columnar Transposition Cipher is a form of transposition cipher just like Rail Fence Cipher.
Columnar Transposition involves writing the plaintext out in rows, and then reading the
ciphertext off in columns one by one.
EXAMPLE:
Encryption
Input : Geeks for Geeks
Key = HACK
Output : e kefGsGsrekoe_
Decryption Input : e kefGsGsrekoe_
Key = HACK
Output : Geeks for Geeks
Encryption
• In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
• The message is written out in rows of a fixed length, and then read out again column by
column, and the columns are chosen in some scrambled order.
• Width of the rows and the permutation of the columns are usually defined by a keyword.
• For example, the word HACK is of length 4 (so the rows are of length 4), and the permutation
is defined by the alphabetical order of the letters in the keyword. In this case, the order
would be “3 1 2 4”.
• Any spare spaces are filled with nulls or left blank or placed by a character (Example: _).
• Finally, the message is read off in columns, in the order specified by the keyword.
Decryption
• To decipher it, the recipient has to work out the column lengths by dividing the message
length by the key length.
• Then, write the message out in columns again, then re-order the columns by reforming the
key word.
 ENCRYPTION & DECRYPTION
• Encryption is the process of converting normal message (plaintext) into meaningless message
(Ciphertext).
• Decryption is the process of converting meaningless message (Ciphertext) into its original
form (Plaintext).
[Link] Encryption Decryption

Encryption is the process of converting normal While decryption is the process of converting
1. message into meaningless message. meaningless message into its original form.

Encryption is the process which take place at While decryption is the process which take
2. sender’s end. place at receiver’s end.

Its major task is to convert the plain text into While its main task is to convert the cipher text
3. cipher text. into plain text.

Any message can be encrypted with either Whereas the encrypted message can be
4. secret key or public key. decrypted with either secret key or private key.

Whereas in decryption process, receiver

In encryption process, sender sends the data to
5. receiver after encrypted it.
receives the information(Cipher text) and
convert into plain text.

The only single algorithm is used for

The same algorithm with the same key is used
6. for the encryption-decryption process.
encryption-decryption with a pair of keys where
each use for encryption and decryption.

Encryption is used to protect the confidentiality Decryption is used to reverse the encryption
7 of data by converting it into an unreadable form process and convert the ciphertext back into
that can only be read by authorized parties. plaintext.

The output of encryption is a ciphertext that is

The output of decryption is the original
8 unintelligible to anyone who does not have the
plaintext message.
decryption key.
 SYMMETRIC & ASYMMETRIC KEY
CRYPTOGRAPHY
A symmetric encryption scheme has five ingredients
• Plaintext : This is the original message or data that is fed into the algorithm as input.
• Encryption algorithm : The encryption algorithm performs various substitutions and
transformations on the plaintext.
• Secret key : The secret key is also input to the algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key.
• Ciphertext : This is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message, two different keys will produce two different
ciphertexts.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the same secret key and produces the original plaintext
SYMMETRIC ENCRYPTION
 Asymmetric key cryptography
• An asymmetric Key cryptography, there are two keys, also known as key pairs: a public key
and a private key. The public key is publicly distributed. Anyone can use this public key to
encrypt messages, but only the recipient, who holds the corresponding private key, can
decrypt those messages. “Public-key cryptography” is another representation used to refer to
Asymmetric Key cryptography.
• This cryptographic system addresses two major challenges faced in traditional (symmetric)
cryptography: key distribution and digital signatures. Asymmetric algorithms use one key for
encrypting data and another, related key for decrypting it. These algorithms possess an
important feature:
• It’s impossible to figure out the decryption key just by knowing the encryption key and the
cryptographic algorithm.
• Either of the two keys can be used for encryption, while the other is used for decryption.
• Asymmetric-key cryptography uses mathematical functions to transform plaintext and
ciphertext represented as numbers for encryption and decryption, while symmetric-key
cryptography involves symbol substitution or permutation. In asymmetric-key cryptography,
plaintext and ciphertext are treated as integers, requiring encoding and decoding processes
for encryption and decryption.
Characteristics of Asymmetric Key Cryptography
• Security Responsibility
• In asymmetric cryptography, the burden of security primarily falls on the receiver, like Bob.
• Bob must generate both a private and a public key, with the public key distributed to the
community.
• Distribution occurs through a public-key channel, which doesn’t need secrecy but requires
authentication and integrity to prevent impersonation.
• Unique Key Pairs
• Bob and Alice can’t share the same key pair for two-way communication.
• Each entity in the community, including Bob and Alice, must create its own private and public
keys.
• Alice uses Bob’s public key to encrypt messages to him, while she needs her own key pair for
responses.
• Key Management
• Bob needs only one private key to receive messages from anyone in the community.
• Alice, on the other hand, needs multiple public keys—one for each entity she communicates
with.
• This means Alice requires a collection of public keys for effective communication.
 Key Components

• Plaintext: This refers to the original, readable message or data that

is inputted into the encryption algorithm.
• Encryption algorithm: This algorithm transforms the plaintext in
various ways.
• Public and private keys: A pair of keys chosen so that if one is used
for encryption, the other is used for decryption. The specific
transformations performed depend on whether the public or
private key is provided as input.
• Ciphertext: The encrypted, scrambled message produced as output.
It can be find using both the plaintext and the key, but uf there are
different keys then it will give different ciphertexts for the same
message or plaintext.
• Decryption algorithm: This algorithm takes the ciphertext and the
corresponding key and retrieves the original plaintext.
Primary Terminologies
• Asymmetric Keys: Two keys, one public and one private, that are used together for different
tasks like locking and unlocking information or verifying signatures.
• Public Key Certificate: A digital document signed by a trusted authority’s private key that
confirms a person’s identity and links it to their public key. This document shows that the
person controls the private key associated with the public key.
• Public Key (Asymmetric) Cryptographic Algorithm: A way to encode information that uses
two keys, one public and one private. It’s designed so that figuring out the private key from
the public one is extremely hard.
• Public Key Infrastructure (PKI): It is the collection of policies, procedures, server platforms,
software and workstations that is used for the objective of administering certificates and
public-private key pairs, it also has the ability to publish, maintain, and revoke public key
certificates.
Working
• Key Generation: Each user generates a pair of keys for encrypting and decrypting messages.
One of the keys is made public, stored in a register or accessible file, while the other key
remains private. Users collect public keys from others.
• Encryption: The sender encrypts the message using the public key of reciever. This
transforms the message into an unreadable format (ciphertext). When Alice wants to send a
confidential message to Bob, Alice encrypts it using Bob’s public key.
• Decryption: The recipient uses their private key to decrypt the ciphertext back to the original
message (plaintext). Upon receiving the message, Bob decrypts it using his private key. Only
Bob can decrypt the message because only he has his private key.
 STEGANOGRAPHY
• Steganography is the practice of concealing information within another message or physical
object to avoid detection. Steganography can be used to hide virtually any type of digital
content, including text, image, video, or audio content. That hidden data is then extracted at
its destination.
• The term ‘steganography’ comes from the Greek words ‘steganos’ (which means hidden or
covered) and ‘graphein’ (which means writing). Steganography has been practiced in various
forms for thousands of years to keep communications private.
 How steganography works

• Steganography works by concealing information in a way that avoids suspicion. One of the
most prevalent techniques is called ‘least significant bit’ (LSB) steganography. This involves
embedding the secret information in the least significant bits of a media file. For example:
• In an image file, each pixel is made up of three bytes of data corresponding to the colors red,
green, and blue. Some image formats allocate an additional fourth byte to transparency, or
‘alpha’.
• LSB steganography alters the last bit of each of those bytes to hide one bit of data. So, to hide
one megabyte of data using this method, you would need an eight-megabyte image file.
• Modifying the last bit of the pixel value doesn’t result in a visually perceptible change to the
picture, which means that anyone viewing the original and the steganographically-modified
images won’t be able to tell the difference.
The same method can be applied to other digital media, such as audio and video, where data is
hidden in parts of the file that result in the least change to the audible or visual output.
 TYPES OF STEGANOGRAPHY
From a digital perspective, there are five main types of steganography. These are:
• Text steganography : Text steganography involves hiding information inside text files. This
includes changing the format of existing text, changing words within a text, using context-free
grammars to generate readable texts, or generating random character sequences.
• Image steganography : This involves hiding information within image files. In digital
steganography, images are often used to conceal information because there are a large
number of elements within the digital representation of an image, and there are various
ways to hide information inside an image.
• Audio steganography : Audio steganography involves secret messages being embedded into
an audio signal which alters the binary sequence of the corresponding audio file. Hiding
secret messages in digital sound is a more difficult process compared to others.
• Video steganography : This is where data is concealed within digital video formats. Video steganography
allows large amounts of data to be hidden within a moving stream of images and sounds. Two types of
video steganography are:

➢ Embedding data in uncompressed raw video and then compressing it later

➢ Embedding data directly into the compressed data stream

• Network steganography : Network steganography, sometimes known as protocol steganography, is the

technique of embedding information within network control protocols used in data transmission such TCP,
UDP, ICMP, etc.
 USES OF STEGANOGRAPHY

In recent times, steganography has been mainly used on computers with digital data being the
carriers and networks being the high-speed delivery channels. Steganography uses include :

• Avoiding censorship: Using it to send news information without it being censored and
without fear of the messages being traced back to their sender.

• Digital watermarking: Using it to create invisible watermarks that do not distort the image,
while being able to track if it has been used without authorization.

• Securing information: Used by law enforcement and government agencies to send highly
sensitive information to other parties without attracting suspicion.
 Steganography techniques
Secure Cover Selection
• Secure Cover Selection involves finding the correct block image to carry malware. Then, hackers compare
their chosen image medium with the malware blocks. If an image block matches the malware, the hackers
fit it into the carrier image, creating an identical image infected with the malware. This image
subsequently passes quickly through threat detection methods.
Least Significant Bit
• That phrase almost sounds like a put-down, doesn’t it? However, in this case, it refers to pixels. Grayscale
image pixels are broken into eight bits, and the last bit, the eighth one, is called the Least Significant Bit.
Hackers use this bit to embed malicious code because the overall pixel value will be reduced by only one,
and the human eye can’t detect the difference in the image. So, no one is even aware that anything is
amiss, and that the image is carrying something dangerous within.
Palette-Based Technique
• Like the Least Significant Bit technique, the Palette-Based Technique also relies on images. Hackers embed
their message in palette-based images such as GIF files, making it difficult for cybersecurity threat hunters
or ethical hackers to detect the attack.
 Steganography tools
• Various tools or software that support steganography are now readily
accessible. Though most hide information, some provide additional
security by encrypting it beforehand. You can find the following free
steganography resources online:
• Steghide: Steghide is a free tool that uses steganography to conceal
information in other files, such as media or text.
• Stegosuite: It is a Java-based, free steganography tool. Stegosuite makes it
simple to obfuscate data in pictures for covert purposes.
• OpenPuff: It is a high-quality steganographic tool that allows you to
conceal data in other media types like images, videos, and Flash
animations.
• Xiao Steganography: To conceal information in BMP images or WAV files,
use the free Xiao Steganography tool.
• SSuite Picsel: The free portable program SSuite Picsel is yet another option
for hiding text within an image file; however, it uses a somewhat different
method than other programs.
 Advantages of steganography
Steganography is a method that makes it easy to conceal a message within another to
keep it secret. The result is that the hidden message remains hidden. A steganography
approach can benefit images, videos, and audio files. Further advantages include:
• Unlike other methods, steganography has the added benefit of hiding
communications so well that they receive no attention. However, in countries
where encryption is illegal, sending an encrypted message that you can easily
decipher will raise suspicion and may be risky.
• Steganography is a form of encryption that protects the information within a
message and the connections between sender and receiver.
• The three essential elements of steganography—security, capacity, and
robustness—make it worthwhile to covert information transfer via text files and
develop covert communication channels.
• You can store an encrypted copy of a file containing sensitive information on the
server without fear of unauthorized parties gaining access to the data.
• Government and law enforcement agencies can communicate secretly with the
help of steganography corporations.
 KEY RANGE & KEY SIZE
• In cryptography, "key size" refers to the length of a cryptographic key, usually expressed in
bits. The larger the key size, the more secure the encryption and decryption process is. The
most commonly used key sizes are 128-bit, 192-bit, and 256-bit.

• "Key range" refers to the set of all possible keys that can be used in cryptography. The range
is determined by the key size and the underlying algorithm, and it affects the security of the
encryption. A larger key range allows for a greater number of possible keys, increasing the
difficulty for an attacker to guess the correct key and decrypt the message.
POSSIBLE TYPES OF ATTACKS
 UNIT-2
SYMMETRIC KEY CIPHERS
 BLOCK CIPHER
• Block Cipher is an encryption algorithm that works with a symmetric key in a deterministic way. The plain text is
divided into several blocks of equal size. If the length of the plain text does not allow block division of equal size,
padding is done over the plain text. His type of encryption method can encrypt on blocks of 128 bits, the key can be
128, 192, or 256 bits. In block ciphers, the length of the plain text is equal to the length of the cipher text.

• This type of encryption process considered each block at a time and gives an output of n bits for an input of n bits. But
if there are two identical blocks, the process will produce two different cipher texts for them. It is a reversible function
having a public and a private key, which makes its computation easy and also a deterministic process.
 Principles of block cipher
Block ciphers are a fundamental component of modern cryptographic systems, used to securely encrypt and decrypt
data. Here are the key principles underlying block ciphers:
Block Size
• Definition: The size of the data blocks that the cipher processes in a single operation. Common block sizes are 64 bits and
128 bits.
• Example: AES (Advanced Encryption Standard) uses a block size of 128 bits.
Key Size
• Definition: The length of the key used to perform the encryption and decryption. Larger keys typically provide stronger
security.
• Example: AES supports key sizes of 128, 192, or 256 bits.
Substitution and Permutation
• Substitution: This operation replaces bits or blocks of bits according to a specific rule or table. It helps to obscure the
relationship between the plaintext and ciphertext.
• Permutation: This operation rearranges the bits or blocks of bits according to a specific pattern, providing diffusion to
spread the influence of each plaintext bit over many ciphertext bits.
Rounds
• Definition: The number of times the substitution and permutation operations are applied. More rounds generally
increase security by making the cipher more resistant to attacks.
• Example: AES uses 10, 12, or 14 rounds depending on the key size.
Feistel Structure
• Definition: A common design model for block ciphers, where the block is split into two halves and processed through a
series of rounds involving substitutions, permutations, and mixing functions. This structure allows for both encryption
and decryption to use the same algorithm.
• Example: DES (Data Encryption Standard) is based on the Feistel structure.
Pseudorandom Function
• Definition: A function used in block ciphers that is designed to produce output that is indistinguishable from random.
This is essential for
the security of the cipher.
• Example: In the Feistel network, the round function serves as a pseudorandom function.
Confusion and Diffusion
• Confusion: The principle that the relationship between the key and ciphertext should be complex and not easily
discernible.
• Diffusion: The principle that the influence of a single plaintext bit should spread over many ciphertext bits to ensure
that patterns in the plaintext are obscured in the ciphertext.
Modes of Operation
• Definition: Techniques used to securely encrypt data that exceeds the block size or to handle various encryption
scenarios. Common modes
include:
• ECB (Electronic Codebook): Encrypts each block independently. Simple but not secure for many applications.
• CBC (Cipher Block Chaining): Each block is XORed with the previous ciphertext block before encryption, adding
an additional layer of security.
• CTR (Counter): Converts a block cipher into a stream cipher by encrypting a counter value and XORing it with the
plaintext.
DES
The Data Encryption Standard (DES) is a symmetric-key block cipher that was widely used for secure data encryption.
Although it has been largely replaced by more secure algorithms like AES due to its relatively short key length (56 bits),
understanding DES is fundamental for grasping the evolution of cryptographic standards.
Overview of DES
• Algorithm Type: Symmetric-key block cipher
• Block Size: 64 bits
• Key Size: 56 bits
• Rounds: 16 rounds of encryption
BLOCK DIAGRAM OF DES
64-bit Plaintext Input : The algorithm starts with a 64-bit block of plaintext, which is the data you want to encrypt.

Initial Permutation (IP) : The 64-bit plaintext undergoes an initial permutation, which rearranges the bits according
to a predefined table. This step is essential for scrambling the data before the actual encryption rounds begin.

Rounds (16 Total Rounds):

• Round 1 to Round 16:The core of the DES algorithm consists of 16 rounds of processing. Each round involves
several steps:
• Key Expansion: A 64-bit key is first reduced to 56 bits using a permutation called "Permuted Choice 1 (PC-1)."
Then, this 56-bit key is divided into two 28-bit halves.
• Left Circular Shift : Each half of the key undergoes a left circular shift (or rotation). The number of shifts varies
depending on the
round number.
• Permuted Choice 2 (PC-2):After the shift, the two halves are combined and permuted again to produce a 48-bit
round key, ( K_n ), where n is the round number.
• Expansion Permutation: The right half of the data block (32 bits) is expanded to 48 bits using an
expansion function, which rearranges and duplicates some of the bits.
• XOR with Key:The expanded 48-bit block is XORed with the 48-bit round key.
• S-Box Substitution: The XORed output is then passed through a series of substitution boxes (S-boxes), which
compress the 48-bit block back to 32 bits.
• Permutation (P-Box):The 32-bit output from the S-boxes is permuted.
• XOR with Left Half:The result is XORed with the left half of the data block.
• Swap:After each round, the left and right halves of the data block are swapped, except in the final round.
4. 32-bit Swap:
- After the 16th round, the left and right halves of the data block are swapped again.

5. Inverse Initial Permutation :

- The final step in the DES encryption process is an inverse initial permutation, which is the reverse of the initial
permutation.

6. 64-bit Ciphertext Output:

- The output after the inverse initial permutation is the 64-bit ciphertext, which is the encrypted version of the original
plaintext.

DES works by taking a 64-bit block of plaintext, encrypting it over 16 rounds using a 56-bit key, and producing a 64-bit
ciphertext. Each round uses a different 48-bit subkey generated from the original key. The series of permutations,
substitutions, and XOR operations ensure that the encryption is secure.
ROUND FUNCTION OF DES
1. Inputs:
• L{i-1} and {i-1}: These are the left and right halves of the data block from the previous round (or the initial permutation
result if it's the first
round). Each half is 32 bits.
• C{i-1} and D{i-1}: These are the left and right halves of the key schedule from the previous round. Each half is 28 bits.

2. Expansion Permutation (E) : The 32-bit right half ( R{i-1} ) is expanded to 48 bits using an expansion permutation (E
table). This step involves rearranging and duplicating certain bits to increase the size of the block.

3. Key Mixing (XOR with K_i):The expanded 48-bit block is XORed with the 48-bit round key ( K_i ). This round key is
derived from the 56-bit key that was originally input into the DES algorithm.

4. Substitution (S-boxes): The result of the XOR operation is passed through eight S-boxes. Each S-box takes 6 bits as
input and produces 4 bits as output. This reduces the 48-bit block back down to 32 bits. The S-boxes perform a nonlinear
substitution, which adds complexity to the encryption.

5. Permutation (P): The 32-bit output from the S-boxes is then permuted using a fixed permutation table (P). This step
further scrambles the bits to ensure that the relationship between the plaintext and ciphertext is highly complex.

6. XOR with L{i-1}:The permuted output is XORed with the left half ( L{i-1} ) of the data block from the previous round. The
result of this XOR
operation becomes the new right half ( R_i ) for the current round.
7. Swapping L_i and R_i: The left half ( L{i-1} ) becomes the new right half ( R_i ) for the next round. The
right half after the XOR operation becomes the new left half ( L_i ).

8. Key Schedule:
• Left Shifts: The key halves ( C{i-1} ) and ( D{i-1} ) undergo a left circular shift. The number of shifts depends on
the round number.
• Permutation (PC-2): After the shift, the halves are combined and permuted using a Permuted Choice 2 (PC-
2) table to produce the 48-bit round key ( K_i ) for the current round.

9. Outputs:
• L_i and R_i:These are the left and right halves of the data block that will be used in the next round.
• C_i and D_i: These are the updated halves of the key schedule that will be used to generate the round key for
the next round.

Each round in the DES algorithm takes the left and right halves of the data block and the key schedule as inputs.
The right half is expanded and XORed with a round key, substituted through S-boxes, permuted, and then XORed
with the left half to produce a new right half. The left half is simply swapped to the right for the next round. The
key schedule is updated through shifts and permutations to produce a new round key.

This process is repeated for 16 rounds, with each round providing a different level of diffusion and confusion,
resulting in a highly secure encrypted output.
Overview of the S-Box Process in DES:

1. 48-bit Input:

- After the Expansion Permutation (E), the right half of the data block (32 bits) is expanded to 48 bits. This 48-bit block is then XORed with the 48-bit
round key. The result of this XOR operation is what gets input into the S-Box.

2. Division into 8 Blocks:

- The 48-bit input is divided into 8 blocks, each containing 6 bits. These blocks are denoted as ( S1 ), ( S2 ), ( S3 ),( S4 ), ( S5 ), ( S6 ), ( S7 ), and ( S8 ). Each of
these corresponds to one of the eight S-Boxes in the DES algorithm

3. S-Box Substitution:
- Each 6-bit block is input into its respective S-Box (from ( S1 ) to( S8 )). The S-Box uses these 6 bits to produce a 4-bit output. The way this
transformation happens is based on a predefined substitution table, which is unique to each S-Box.

How S-Box Works:

- The 6-bit input to each S-Box is split into two parts:
- The first and last bits of the 6-bit block determine the row number (ranging from 0 to 3).
- The middle four bits determine the column number (ranging from 0 to 15).
- Using the row and column, the S-Box looks up a substitution value in its predefined table.
- The result is a 4-bit number, which is the output for that particular S-Box.
Example of s-box
• Each s- box I/P- 6bits
• O/P – 4 bits
s1= 100110
• First value + last value represents row number.
• Between 4 bits represents column number.
• 2-bits combinations will be (0,0) (0,1) (1,0)(1,1) so total four combinations means 4 rows.
• Maximum number is 1111=15
• Minimum number is 0000=0
• So each box contains 4 rows &16 columns.
• In our example : row=1 0 means 2
• 0011 column is 3

• The value is 8 - 1000

Securityand Limitations

• Security: DES is vulnerable to brute-force attacks due to its 56-bit key size. Modern
cryptographic standards, such as AES, offer better security.
• Block Size: DES operates on 64-bit blocks, which is considered insufficient for
modern data sizes and security requirements.
• Key Length: The 56-bit key length is too short by today's standards, making DES insecure
against brute-force attacks.
AES ALGORITHM
• Block size: 128-bit (16 bytes) plain text.
• Rounds: 10 rounds of transformations.
• Key size: 128-bit key, expanded into 44 subkeys (32 bits each).
• Subkeys per round: 4 subkeys, each 32 bits, for a total of 128 bits per round.
• Initial step: Pre-round AddRoundKey, where the plain text is XORed with the first set of subkeys.
• Final result: 128-bit cipher text.
Block Size:
• AES operates on a 128-bit block of plain text.
• This 128-bit block is divided into 4 words or 16 bytes.
• Each word in AES is 32 bits long (4 bytes).
Number of Rounds:
• AES-128 encryption consists of 10 rounds of transformations.
• Each round includes several steps like SubBytes, ShiftRows, MixColumns, and AddRoundKey
(except for the last round where MixColumns is omitted).
Key Size:
• The key used in AES-128 encryption is 128 bits in size, which is also divided into 4 words or 16 bytes.
• The key is expanded into a series of subkeys that are used in each round of encryption.
Number of Subkeys:
• The total number of subkeys (round keys) generated during key expansion is 44 subkeys.
• These subkeys are derived from the original 128-bit key and are used in each round to XOR with the
state matrix during the AddRoundKey step.
Each Subkey Size:
• Each subkey is 32 bits long, which is equal to 1 word or 4 bytes.
• These 32-bit subkeys are combined to form the keys used in each round of AES.
Subkeys Per Round:
• In each round of AES, 4 subkeys are used.
• Since each subkey is 32 bits, the total size of the round key for each round is 128 bits (4 words or 16 bytes),
matching the
block size.
Pre-Round Calculation:
• Before the 10 rounds of AES begin, there is an initial round where the plain text undergoes a process called
AddRoundKey. In this step, the state (plain text) is XORed with the first 4 subkeys (128 bits).
• This initial transformation is important for beginning the encryption process.
Cipher Text:
• After the 10 rounds of transformations, the final output is the cipher text, which is also 128 bits in
size (4 words or 16 bytes).
BLOCK DIAGRAM OF AES
Representations
Substitution Bytes :
Purpose:
• The SubBytes step in AES provides non-linearity and adds confusion to the
encryption process, making it harder for attackers to predict patterns
between input plaintext and output ciphertext.
• This step substitutes each byte in the 4x4 state array (derived from the plaintext) using a precompute
substitution table called the S-Box.

Key Components in the Diagram:

1. State Array:
• The state array is a 4x4 matrix representing 16 bytes (128 bits) of the
plaintext at a given stage of the encryption process.
• Each byte in this state array needs to be replaced by a corresponding byte from the S-Box
• during the SubBytes step.
2.S-Box (Substitution Box):
• The S-Box is a 16x16 lookup table that holds 256 possible 8-bit values.
• This is a fixed, precomputed array, designed to resist various types of cryptanalysis.
• Each byte in the state array is substituted using this S-Box.
• The S-Box maps each byte (from 0 to 255) to another byte.
• For example, an input byte of "X" will be replaced with "Y" based on the S-Box mapping.
3. Row and Column in S-Box:
• In the diagram, the process of substitution involves two key steps for each byte:
• First Four Bits: These bits are used to determine the row index (from 0 to 15) in the S-Box.
• Next Four Bits: These bits are used to determine the column index (from 0 to 15) in the S-Box.
• The row and column values together form an index to locate the substituted byte in the S-Box.
4. Example Process:
• Suppose a byte in the state array is 10101100 (which is in hexadecimal format as AC).
• Split the 8 bits into two parts:
• The first 4 bits 1010 (which is A in hexadecimal) correspond to the row.
• The next 4 bits 1100 (which is C in hexadecimal) correspond to the column.
• Using these values, you look up the S-Box entry at row A and column C. The byte located at this
position in the S-Box
replaces the original byte in the state array.
SUBSTITUTE BYTE TRANSFORMATION
ADD ROUND KEY TRANSFORMATION
Blowfish Algorithm
Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to DES Encryption Technique. It
is significantly faster than DES and provides a good encryption rate with no effective cryptanalysis technique found to
date. It is one of the first, secure block cyphers not subject to any patents and hence freely available for anyone to use. It
is symmetric block cipher algorithm.
Features are : FAST,COMPACT,SECURE,SIMPLE
• blockSize (I/P) : 64-bits
• keySize: 32-bits to 448-bits variable size (K1 TO K14) BECAUSE 32*14=448
• number of subkeys: 18 [P-array]
• number of rounds: 16
• number of substitution boxes: 4 [each having 512 entries of 32-bits each]
• Step1: Generation of subkeys:
• 18 subkeys{P[0]…P[17]} are needed in both encryption as well as decryption process and the same subkeys are used for
both the processes.
• These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
• It is initialized with the digits of pi(?).
• The hexadecimal representation of each of the subkeys is given by:
 Now, each of the subkey is changed
into..
P[0] = P[0] xor 1st 32-bits of input key
P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)
ENCRYPTION PROCESS:
Blowfish Encryption Algorithm
Overview:
• 64-bit Plain Text: The input is a 64-bit block of plain text, which is split into two 32-bit halves, Land R.
• Rounds (Total 16):
• The Blowfish algorithm performs 16 rounds of processing. Each round consists of the following steps:
• XOR Operation: The left half (L) is XORed with a 32-bit subkey Pi to produce a new value.
• F Function: This new value is then passed through a complex function F which combines
substitution and permutation processes.
• Addition and XOR: The output of the F function is XORed with the right half (R) of the data
block, and the two halves are then swapped. Here the function “add” is addition modulo
2^32
• This process is repeated for each round, with the output of one round becoming the input for
the next. After 16
rounds, the final values of Land R are combined to produce the ciphertext.
• Final Round:
• After the 16 rounds, the final 32-bit halves LLL and RRR are subjected to additional operations
using the last two subkeys P17 and P18 to generate the encrypted output.
F- FUNCTION
• The diagram you provided represents the F-function used in the Blowfish encryption algorithm. The F-
function is a crucial part of the Feistel network structure, where it performs a series of operations on
the data before it is passed to the next round. Here's how it works:
• 32-bit Input:
• The function takes a 32-bit input, which is split into four 8-bit segments.
• S-box Substitution:
• Each 8-bit segment is passed through a substitution box (S-box). The S-boxes are a part of the
algorithm's key- dependent lookup tables. They transform each 8-bit input into a 32-bit output,
adding non-linearity to the encryption process.
• Addition and XOR Operations:
• The outputs of the first two S-boxes are added together.
• The result is then XORed with the output of the third S-box.
• The result of this XOR operation is then added to the output of the fourth S-box.
• Final Output:
• The final output of the F-function is a 32-bit value, which is used in the subsequent XOR operation
with the right half of the data block in the Blowfish algorithm.
Rc4
RC4 (Rivest Cipher 4) is a stream cipher designed by Ron Rivest in 1987. It's known for its simplicity and
speed, making it one of the most widely used algorithms for encryption during the late 20th and early 21st
centuries, especially in protocols like SSL/TLS, WEP (Wired Equivalent Privacy), and WPA (Wi-Fi Protected
Access).
▪ Key FeaturesType: Stream cipher.
▪ Key Size: Typically 40 to 2048 bits, with 128-bit keys being common.
▪ Speed: RC4 is simple and fast, well-suited for software implementations.
▪ Security Issues: Though once widely used, RC4 has numerous vulnerabilities and is now considered
insecure for most purposes.
 Block Cipher Operations
• The Electronic Codebook (ECB) mode is one of the simplest block cipher modes of operation. It is used to encrypt data
by dividing it into fixed-size blocks and encrypting each block independently using the same key. Here’s an overview of
how ECB works and its key characteristics:
Encryption Process
• Block Division: The plaintext is divided into blocks of a fixed size (e.g., 64 bits or 128 bits, depending on the block cipher
being used).
• Encryption: Each plaintext block is encrypted separately using the block cipher and the same encryption key.
• Output: The output for each block is the corresponding ciphertext block.

Decryption Process
• Block Division: The ciphertext is divided into blocks of the same size as the plaintext blocks.
• Decryption: Each ciphertext block is decrypted independently using the block cipher and the same key.
• Output: The output for each block is the corresponding plaintext block.
Key Characteristics
• Simplicity: ECB is straightforward to implement since each block is encrypted and decrypted independently.
• Parallelism: ECB mode allows for parallel processing of blocks, which can lead to performance benefits in
some scenarios.
Security Considerations
• Pattern Preservation: ECB mode does not obscure patterns in the plaintext. Identical plaintext blocks will
result in identical
ciphertext blocks. This can reveal patterns in the data, such as repetitive structures or frequent data
elements.
• Lack of Diffusion: Since each block is processed independently, ECB mode does not provide strong
diffusion (spreading out the influence of each plaintext bit over many ciphertext bits).
Typical Use Cases
• Limited Use: Due to its security weaknesses, ECB mode is generally not recommended for most
encryption tasks. It is
primarily used for educational purposes or in situations where security is not a primary concern.
• Image Encryption: ECB mode can sometimes be used for encrypting images, where block patterns are
more visible, and the nature of the data is less sensitive to the lack of diffusion.
Block cipher operations
• Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each block of
input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can
be broken down into a bunch of blocks and the procedure is repeated.

Advantages of using ECB –

• Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
• Simple way of the block cipher.
Disadvantages of using ECB –
• Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext.
• Cipher Block Chaining –
Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In
CBC, the previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext
block. In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous cipher block and
present plaintext block.

Advantages of CBC –
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
• Parallel encryption is not possible since every encryption requires a previous cipher.
• Cipher Feedback Mode (CFB) –
In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an
initial vector IV is used for first encryption and output bits are divided as a set of s and b-s [Link] left-hand side s bits
are selected along with plaintext bits to which an XOR operation is applied. The result is given as input to a shift
register having b-s bits to lhs,s bits to rhs and the process continues. The encryption and decryption process for the
same is shown below, both of them use encryption algorithms.

Advantages of CFB –
• Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis.
Disadvantages of using CFB –
• The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several
blocks are not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.
• Output Feedback Mode –
The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted
output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent
instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission
errors. It also decreases the dependency or relationship of the cipher on the plaintext.

Advantages of OFB –
• In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is
free from bit errors in the plaintext block.
Disadvantages of OFB-
• The drawback of OFB is that, because to its operational modes, it is more susceptible to a message stream modification attack than
CFB.
• Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a counter-initiated value
is encrypted and given as input to XOR with plaintext which results in ciphertext block. The CTR mode is independent
of feedback use and thus can be implemented in parallel.

Advantages of Counter –
• Since there is a different counter value for each block, the direct plaintext and ciphertext relationship is avoided. This
means that the same plain text can map to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages are not chained as in the case of CBC.
Disadvantages of Counter-
• The fact that CTR mode requires a synchronous counter at both the transmitter and the receiver is a severe
drawback. The recovery of plaintext is erroneous when synchronisation is lost.
Stream ciphers
• Stream ciphers are another essential category of symmetric key ciphers used in cryptography. Unlike block ciphers,
which encrypt data in fixed-size blocks, stream ciphers encrypt data one bit or byte at a time. Here are the
fundamental principles and characteristics of stream ciphers:
• Encryption ProcessKey Stream Generation: Stream ciphers generate a key stream (a sequence of bits or bytes) based
on a secret key. This key stream is then combined with the plaintext to produce the ciphertext.

• Combining Key Stream and Plaintext: Typically, this combination is done using the XOR (exclusive OR) operation. For
instance, if K is the key
stream and P is the plaintext, the ciphertext C is computed as C = P XOR K.2.
Types of Stream Ciphers
• Synchronous Stream Ciphers: The key stream is generated independently of the plaintext and ciphertext. Both
the encryption and decryption processes must stay in sync, and any loss or corruption of the key stream can lead to
errors in the decrypted data.
Example: RC4, though now considered deprecated due to security vulnerabilities.
• Asynchronous Stream Ciphers (or Self-Synchronizing): The key stream is generated based on the ciphertext, which
allows the cipher to resynchronize automatically after losing synchronization. This property is useful in noisy
communication channels.
Example: The Fibb (Fibonacci) cipher, which generates key stream based on previous ciphertext
properties
• Speed: Stream ciphers are generally faster than block ciphers when encrypting data of arbitrary lengths,
making them suitable for applications where performance is critical.
• Error Propagation: In stream ciphers, errors in the ciphertext affect only the corresponding bit or byte of the plaintext.
This contrasts with block ciphers where errors can spread due to the chaining of blocks.
• Synchronization: Synchronous stream ciphers require that the sender and receiver stay in sync with the key stream.
Asynchronous stream ciphers can recover from synchronization errors more gracefully.
Security Considerations
• Key Management: The security of a stream cipher is heavily dependent on proper key management and ensuring
that the key stream is truly random and not reused.
• Key Stream Reuse: Reusing the same key stream for multiple messages can lead to serious security vulnerabilities, such
as revealing
patterns or allowing for attacks like the XOR-based cryptanalysis. Therefore, key streams should be unique for each
encryption session.
• Statistical Analysis: The generated key stream must be cryptographically secure to avoid patterns that could be
exploited by attackers.
Popular Stream Ciphers
• RC4: Once widely used in protocols like SSL/TLS and WEP, RC4 has been found to have several
vulnerabilities and is now considered insecure for most uses.
• ChaCha20: A modern stream cipher that is designed to be secure and fast, with applications in
encryption protocols such as TLS and VPNs.
• Salsa20: A precursor to ChaCha20, designed to be a fast and secure stream cipher.
Applications
Stream ciphers are used in various applications, including:
• Network Encryption: In protocols like WPA2 for Wi-Fi security.
• Real-Time Communication: Where low-latency encryption is necessary.
• File Encryption: For encrypting data streams in applications where the size of the data is unknown or
varies.
 Advantages of Stream Ciphers

• Speed: Generally, this type of encryption is quicker than others, such as block ciphers.
• Low complexity: Stream ciphers are simple to implement into contemporary software, and developers
don’t require sophisticated hardware to do so.
• Sequential in nature: Certain companies handle communications written in a continuous manner.
Stream ciphers enable them to transmit data when it’s ready instead of waiting for everything to be
finished because of their bit-by-bit processing.
• Accessibility: Using symmetrical encryption methods like stream ciphers saves businesses from having
to deal with public and private keys. Additionally, computers are able to select the appropriate
decryption key to utilize thanks to mathematical concepts behind current stream ciphers.
 Disadvantages of Stream Ciphers
• If an error occurs during transmission, it can affect subsequent bits, potentially corrupting the entire
message because stream ciphers rely on previously stored cipher bits for decryption
• Maintaining and properly distributing keys to stream ciphers can be difficult, especially in large systems or
networks.
• Some stream ciphers may be predictable or vulnerable to attack if their key stream is not properly
designed, potentially compromising the security of the encrypted data.
ASYMMETRIC KEY CIPHERS
 Public key Cryptosystems
Public key cryptography is a method of secure communication that uses a pair of keys, a public key, which anyone can use
to encrypt messages or verify signatures, and a private key, which is kept secret and used to decrypt messages or sign
documents. This system ensures that only the intended recipient can read an encrypted message and that a signed
message truly comes from the claimed sender. Public key cryptography is essential for secure internet communications,
allowing for confidential messaging, authentication of identities, and verification of data integrity.
Components of Public Key Encryption
• Plain Text: This is the message which is readable or understandable. This message is given to the Encryption algorithm as
an input.
• Cipher Text: The cipher text is produced as an output of Encryption algorithm. We cannot simply understand this
message.
• Encryption Algorithm: The encryption algorithm is used to convert plain text into cipher text.
• Decryption Algorithm: It accepts the cipher text as input and the matching key (Private Key or Public key) and produces
the original plain
text
• Public and Private Key: One key either Private key (Secret key) or Public Key (known to everyone) is used for
encryption and other is used for decryption
 Principles of public key
cryptography
Public key cryptography, also known as asymmetric cryptography, is a cryptographic system that
uses a pair of keys: a public key, which is shared openly, and a private key, which is kept secret. The
key pair is mathematically related, but the private key cannot be easily derived from the public key.
This system underpins many security protocols used in the modern internet, such as SSL/TLS, digital
signatures, and email encryption.
Here are the core principles of public key cryptography systems:
Key Pair Generation
• Asymmetric Key Pair: The system generates two keys—a public key and a private key. These keys
are mathematically related, but it is computationally infeasible to derive the private key from the
public key.
• Public Key: The public key is shared openly and can be distributed widely. It is used to encrypt
data or verify
signatures.
• Private Key: The private key is kept secret by the owner. It is used to decrypt data or create digital
signatures.
Encryption and Decryption
• Encryption with the Public Key: Anyone can use the recipient's public key to encrypt a message.
Once encrypted, only the corresponding private key can decrypt it, ensuring that only the
intended recipient can read the message.
• Decryption with the Private Key: The private key decrypts the message that was encrypted with the
corresponding
public key. This ensures confidentiality.
Digital Signatures
• Signing with the Private Key: The sender can use their private key to create a digital signature on a message. The
signature is unique to
both the message and the private key used to create it.
• Verification with the Public Key: Anyone with the sender’s public key can verify the authenticity of the signature.
This ensures that the message was indeed sent by the holder of the private key and that it has not been altered.
Key Distribution and Trust
• Public Key Distribution: Public keys can be freely distributed, but it's crucial to ensure they are authentic. This is typically
done using digital
certificates issued by trusted Certificate Authorities (CAs).
• Certificate Authorities (CAs): CAs issue digital certificates that bind public keys to the identities of their owners,
ensuring that a public key genuinely belongs to a specific individual or entity.
Confidentiality
• Secure Communication: Public key cryptography ensures that sensitive information can be securely transmitted.
Even if an attacker intercepts the encrypted data, they cannot decrypt it without the private key.
• Key Exchange: Public key cryptography can be used to securely exchange symmetric keys, which can then be used for
faster, symmetric
encryption for bulk data.
Integrity and Authentication
• Integrity: Digital signatures ensure that the message has not been tampered with during transmission. If the
message were altered, the signature would not match, and the verification would fail.
• Authentication: The digital signature process also authenticates the sender of the message, proving that they are indeed
the originator.
Non-Repudiation
• Non-Repudiation: Because only the private key holder can create a valid digital signature, they cannot later deny
having sent a signed message. This ensures accountability and trust in digital communications.
Mathematical Foundation
• One-Way Functions: Public key cryptography relies on one-way mathematical functions that are easy to compute in
one direction but
difficult to reverse without specific knowledge (e.g., factoring large prime numbers or solving discrete logarithm
problems).
• Trapdoor Functions: These are one-way functions with a secret "trapdoor" (the private key) that allows the function to be
reversed.
Security Assumptions
• Computational Hardness: The security of public key systems is based on the computational difficulty of certain
mathematical problems, such as integer factorization (RSA) or elliptic curve discrete logarithms (ECC). If these
problems could be solved easily, the security of the cryptosystem would be compromised.
• Key Length: Longer keys provide greater security, as they increase the difficulty of brute-force attacks. However, they
also require more
computational resources.
Efficiency Considerations
• Performance: While public key operations (encryption, decryption, signing, verification) are more computationally
intensive than symmetric
key operations, they are typically used to secure small amounts of data, such as keys or hashes, rather than bulk data.
• Hybrid Systems: To balance security and performance, public key cryptography is often used in combination with
symmetric key cryptography. For example, in SSL/TLS, public key cryptography is used to securely exchange a
symmetric key, which is then used for faster encryption of the actual data.
Interoperability
• Standards: Public key cryptography systems adhere to widely accepted standards (e.g., RSA, ECC, DSA) to ensure
interoperability across
different platforms and applications.
 RSA Algorithm
• RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir, and Adelman (RSA).
 Example : This example shows how we can encrypt plaintext 9 using the RSA public-key encryption algorithm. This
example uses prime numbers 7 and 11 to generate the public and private keys.
Explanation:
• Step 1: Select two large prime numbers, p, and q.
p=7
q = 11
• Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption. First, we calculate
n=pxq
n = 7 x 11
n = 77
• Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1)
have no common
factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd
(e, d (n)) =1.
S
e
c
o
n
d
,

w
e

c
a
l
c
u
l
a
t
e
φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1)
φ

(
n
)

1
0

φ
 (
n
)

6
0
Let us now choose relative prime e of 60 as 7.
Thus the public key is <e, n> = (7, 77)
• Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following
formula is used to get ciphertext C. To find ciphertext from the plain text following formula is used to get
ciphertext C.
C = me mod n
C = 97 mod 77
C = 37
• Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that:
De mod {(p - 1) x (q - 1)} = 1
7d mod 60 =
1, which
gives d = 43
The private
key is <d, n>
= (43, 77)
• Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext
c following formula is used to get plain text m.
m = cd mod n
m = 3743 mod 77
m=9
In this example, Plain text = 9 and the ciphertext = 37
 RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is the value of ciphertext for a
plain text 5 using the RSA public-key encryption algorithm?
Explanation:
• Step 1: in the first step, select two large prime numbers, p and q.
p=3
q = 11
• Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption. First, we calculate
n=pxq
n = 3 x 11
n = 33
• Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1)
have no common
factor except 1. Choose "e" such that 1< e < φ (n), e is prime to φ (n), gcd
(e, d (n)) =1.
Second, we
calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (3 - 1) x (11 - 1)
φ

(
n
)
=

1
0

(
n
)

2
0
• Step 4: To determine the public key, we use the following formula to calculate the d such that:
Calculate e x d = 1 mod φ (n)
e x 7 = 1 mod 20
e x 7 = 1 mod 20
e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3….............. ]
Put k = 0
e = (1 + 0 x 20) / 7
e = 1/7
Put k = 1
e = (1 + 1 x 20) / 7
e

2
1
/
7

e
 =

3
The public key is <e, n> = (3, 33)
Hence, public key i.e. e = 3
A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key = 7. What
is the value of
cipher text for a plain text?
Explanation:
• Step 1: In the first step, select two large prime numbers, p and q.
p=3
q = 13
• Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption. First, we calculate
n=pxq
n = 3 x 13
n = 39
• Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. Thus
the public key is
<e, n> = (3, 39).
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 53 mod 39
C = 125 mod 39
C=8
• Hence, the ciphertext generated from plain text, C = 8.
Advantages:
• Security: RSA algorithm is considered to be very secure and is widely used for secure data transmission.
• Public-key cryptography: RSA algorithm is a public-key cryptography algorithm, which means that it uses two different
keys for encryption and decryption. The public key is used to encrypt the data, while the private key is used to decrypt
the data.
• Key exchange: RSA algorithm can be used for secure key exchange, which means that two parties can exchange a
secret key without
actually sending the key over the network.
• Digital signatures: RSA algorithm can be used for digital signatures, which means that a sender can sign a message
using their private key, and the receiver can verify the signature using the sender’s public key.
• Speed: The RSA technique is suited for usage in real-time applications since it is quite quick and effective.
• Widely used: Online banking, e-commerce, and secure communications are just a few fields and applications where
the RSA algorithm is
extensively developed.
DISADVANTAGES
• Slow processing speed: RSA algorithm is slower than other encryption algorithms, especially when dealing with large
amounts of data.
• Large key size: RSA algorithm requires large key sizes to be secure, which means that it requires more computational
resources and storage space.
• Vulnerability to side-channel attacks: RSA algorithm is vulnerable to side-channel attacks, which means an attacker
can use information
leaked through side channels such as power consumption, electromagnetic radiation, and timing analysis to extract the
private key.
• Limited use in some applications: RSA algorithm is not suitable for some applications, such as those that require
constant encryption and decryption of large amounts of data, due to its slow processing speed.
• Complexity: The RSA algorithm is a sophisticated mathematical technique that some individuals may find challenging
to comprehend and use.
• Key Management: The secure administration of the private key is necessary for the RSA algorithm, although in some
cases this can be
difficult.
• Vulnerability to Quantum Computing: Quantum computers have the ability to attack the RSA algorithm, potentially
decrypting the data.
 Diffie-Hellman Key Exchange
• This is not an encryption algorithm. This algorithm is used to exchange secret or symmetric key between sender &
receiver.
• Diffie-Hellman algorithm is one of the most important algorithms used for establishing a shared secret.
Knapsack Algorithm
• Knapsack Encryption Algorithm is the first general public key cryptography algorithm. It was developed by Ralph
Merkle and Mertin Hellman in 1978. As it is a Public key cryptography, it needs two different keys. One is the Public
key which is used for the Encryption process and the other one is the Private key which is used for the Decryption
process. In this algorithm, we will use two different knapsack problems one is easy and the other one is hard.
• The easy knapsack is used as the private key and the hard knapsack is used as the public key. The easy knapsack is used
to derive the hard knapsack. For the easy knapsack, we will choose a super-increasing problem. Super increasing
knapsack is a sequence in which every next term is greater than the sum of all preceding terms.
• EXAMPLE:
• Derive the Public key
• Step-1: Choose a super increasing knapsack {1, 2, 4, 10, 20, 40} as the private key.

• Step-2: Choose two numbers n and m. Multiply all the values of the private key by the number n and then find
modulo m. The value of m must be greater than the sum of all values in the private key, for example, 110. The
number n should have no common factor with m, for example, 31.

• Step-3: Calculate the values of the Public key using m and n. Di *n mod m=D

• Thus, our public key is {31, 62, 14, 90, 70, 30}
And Private key is {1, 2, 4, 10, 20, 40}.
• Now take an example for understanding the process of encryption and decryption.

• Example – Let our plain text be 100100111100101110.

• 1. Encryption : As our knapsacks contain six values, so we will split our plain text into groups of six:

• Multiply each value of the public key with the corresponding values of each group and take their sum.

• So, our cipher text is 121 197 205.

• Decryption : The receiver receives the cipher text which has to be decrypted. The receiver also knows
the values of m and n. So, first, we need to find the n−1 n−1 , which is the multiplicative inverse of n
mod m i.e.,

31x n inverse mod110=1

• Now, we have to multiply 71 with each block of cipher text and take modulo m. CIPHER TEXT *X MOD M

• Then, we will have to make the sum of 11 from the values of private key {1, 2, 4, 10, 20, 40} i.e., 1+10=11 so make the
corresponding bits 1 and others 0 which is 100100. Similarly,

• After combining them we

get the decoded text.
100100111100101110
which is our plain text.
MESSAGE AUTHENTICATION
• MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC process, the sender
and receiver share a symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message
authentication.
AUTHENTICATION FUNCTIONS TO PROVIDE
AUTHENTICATOR
• Message encryption: While sending data over the internet, there is always a risk of a Man in the middle(MITM) attack. A possible solution
for this is to use message encryption. In message encryption, the data is first converted to a ciphertext and then sent any further.
• Message authentication code (MAC): A message authentication code is a security code that the user of a computer has to type in order to
access any account or portal. These codes are recognized by the system so that it can grant access to the right user. These codes help in
maintaining information integrity. It also confirms the authenticity of the message.
• Hash function: A hash function is nothing but a mathematical function that can convert a numeric value into another numeric value that is
compressed. The input to this hash function can be of any length but the output is always of fixed length. The values that a hash
function returns are called the message digest or hash values.
• Message (M): The original message is sent by the sender.
• Key (K): A secret key is shared between the sender and the receiver. This key is essential for generating and verifying the MAC.
• MAC Generation:
• The message M is passed through a function (which could be a cryptographic hash function, block cipher, etc.) that takes both the
message M and the key K as inputs.
• The output of this function is the MAC, which is a fixed-length code.
• This MAC is sent along with the message.
• Receiver Verification:
• When the receiver gets the message M, they use the same key K and the same function to compute a new MAC from the received
message.
• The receiver then compares the received MAC with the MAC they just computed.
• If the two MACs match, the message is considered authentic (i.e., it was sent by the legitimate sender and was not altered during
transmission).
• Key Takeaways:
• Integrity: The MAC ensures that the message has not been tampered with. If the message is altered, the computed MAC on the receiver’s
side will not match the sent MAC.
• Authentication: The shared key ensures that only parties with access to the key can generate the correct MAC. This provides a level of
assurance that the message is from an authorized sender.
• In the formula at the top of the diagram, C(M, K) = MAC, this represents the function (denoted as C) that generates the MAC by taking both
the message M and the key K as inputs.
Authentication Requirements:
• Revelation: It means releasing the content of the message to someone who does not have an appropriate cryptographic
key.
• Analysis of Traffic: Determination of the pattern of traffic through the duration of connection and frequency of
connections between different parties.
• Deception: Adding out of context messages from a fraudulent source into a communication network. This will lead to
mistrust between the parties communicating and may also cause loss of critical data.
• Modification in the Content: Changing the content of a message. This includes inserting new information or
deleting/changing the existing one.
• Modification in the sequence: Changing the order of messages between parties. This includes insertion, deletion, and
reordering of messages.
• Modification in the Timings: This includes replay and delay of messages sent between different parties. This way session
tracking is also disrupted.
• Source Refusal: When the source denies being the originator of a message.
• Destination refusal: When the receiver of the message denies the reception.
HMAC
• HMAC (Hash-based Message Authentication Code) is a type of message authentication code that uses a cryptographic hash function in
combination with a secret key. It ensures both data integrity and authenticity.
• Hash Function: HMAC utilizes a hash function like MD5 or SHA (SHA-1, SHA-256, etc.) to generate a message digest (also known as the hash
value).
• Message Authentication: It combines the message and a secret key to produce a fixed-size hash value, which acts as a tag for
authenticating the message.
• HMAC follows a specific sequence to authenticate messages, as
outlined below:
STEPS IN HMAC PROCESS
Advantages of HMAC
• HMACs are ideal for high-performance systems like routers due to the use of hash functions which are calculated and verified quickly unlike
the public key systems.
• Digital signatures are larger than HMACs, yet the HMACs provide comparably higher security.
• HMACs are used in administrations where public key systems are prohibited.

Disadvantages of HMAC
• HMACs uses shared key which may lead to non-repudiation. If either sender or receiver’s key is compromised then it will be easy for
attackers to create unauthorized messages.
• Securely managing and distributing secret keys can be challenging.
• Although unlikely, hash collisions (where two different messages produce the same hash) can occur.
• The security of HMAC depends on the length of the secret key. Short keys are more vulnerable to brute-force attacks.
• The security of HMAC relies on the strength of the chosen hash function (e.g., SHA-256). If the hash function is compromised, HMAC is also
affected.
Applications of HMAC
• Verification of e-mail address during activation or creation of an account.
• Authentication of form data that is sent to the client browser and then submitted back.
• HMACs can be used for Internet of things (IoT) due to less cost.
• Whenever there is a need to reset the password, a link that can be used once is sent without adding a server state.
• It can take a message of any length and convert it into a fixed-length message digest. That is even if you got a long message, the message
digest will be small and thus permits maximizing bandwidth.
Security Properties of HMAC:
• Integrity: HMAC ensures that the message has not been altered during transmission.
• Authenticity: Only someone with access to the secret key can generate the correct HMAC, ensuring that the sender is
authentic.
• Resistance to Length Extension Attacks: Unlike some hash functions, HMAC is resistant to length extension attacks due to
the use of two hashing steps.

HMAC vs. CMAC: While HMAC is based on hash functions, CMAC uses block ciphers like AES for message authentication.
HMAC is simpler to implement in software, whereas CMAC may be preferred in environments where block ciphers are
already in use.
CMAC
• CMAC (Cipher-based Message Authentication Code) is a type of message authentication code that uses a block cipher,
such as AES or DES, to provide integrity and authenticity for a message. Below is a detailed explanation of CMAC:
• CMAC generates a fixed-size output (often 128 bits) regardless of the input message size.
• It ensures message integrity and authenticity but does not provide confidentiality.
• CMAC is based on the use of block ciphers like AES or Triple DES in combination with a secret key.
• The input message is divided into fixed-size blocks. If the message is not a multiple of the block size, padding is applied.
CMAC uses a special kind of padding called "bit padding.“
• Each block is encrypted sequentially using the block cipher (like AES).
• The encrypted blocks are XORed with the next block before the encryption of the subsequent block (like a CBC mode
without an initialization vector).
• The last encrypted block is the CMAC output.
Properties of CMAC:
• Efficiency: CMAC is computationally efficient, as it only requires the same number of block cipher invocations as there are blocks in the
message.
• Security: CMAC is provably secure when used with a secure block cipher like AES.
• Versatility: CMAC can be used with any block cipher, though AES is commonly used.
Applications of CMAC:
• CMAC is used in scenarios requiring message authentication, such as network security protocols.
• It is also used to ensure the integrity of software, firmware, and data files.
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or
digital document.
• Key Generation Algorithms: Digital signature is electronic signatures, which assure that the message was sent by a
particular sender. While performing digital transactions authenticity and integrity should be assured, otherwise, the data
can be altered or someone can also act as if he was the sender and expect a reply.
• Signing Algorithms: To create a digital signature, signing algorithms like email programs create a one-way hash of the
electronic data which is to be signed. The signing algorithm then encrypts the hash value using the private key (signature
key). This encrypted hash along with other information like the hashing algorithm is the digital signature. This digital
signature is appended with the data and sent to the verifier. The reason for encrypting the hash instead of the entire
message or document is that a hash function converts any arbitrary input into a much shorter fixed-length value. This
saves time as now instead of signing a long message a shorter hash value has to be signed and moreover hashing is much
faster than signing.
• Signature Verification Algorithms : Verifier receives Digital Signature along with the data. It then uses Verification
algorithm to process on the digital signature and the public key (verification key) and generates some value. It also applies
the same hash function on the received data and generates a hash value. If they both are equal, then the digital signature
is valid else it is invalid.
The steps followed in creating digital signature are :
• Message digest is computed by applying hash function on the message and then message digest is encrypted using private
key of sender to form the digital signature. (digital signature = encryption (private key of sender, message digest) and
message digest = message digest algorithm(message)).
• Digital signature is then transmitted with the message.(message + digital signature is transmitted)
• Receiver decrypts the digital signature using the public key of sender.(This assures authenticity, as only sender has his
private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
• The receiver now has the message digest.
• The receiver can compute the message digest from the message (actual message is sent with the digital signature).
• The message digest computed by receiver and the message digest (got by decryption on digital signature) need to be same
for ensuring integrity.
• Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.
Assurances about digital signatures
The definitions and words that follow illustrate the kind of assurances that digital signatures offer.
• Authenticity: The identity of the signer is verified.
• Integration: Since the content was digitally signed, it hasn’t been altered or interfered with.
• Non-repudiation: demonstrates the source of the signed content to all parties. The act of a signer denying any affiliation
with the signed material is known as repudiation.
• Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft Excel, or Microsoft PowerPoint
document that has been time-stamped by a secure time-stamp server is equivalent to a notarization.
Benefits of Digital Signatures
• Legal documents and contracts: Digital signatures are legally binding. This makes them ideal for any legal document that
requires a signature authenticated by one or more parties and guarantees that the record has not been altered.
• Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of the seller and the buyer, and
both parties can be sure that the signatures are legally binding and that the terms of the agreement have not been
changed.
• Financial Documents: Finance departments digitally sign invoices so customers can trust that the payment request is from
the right seller, not from a bad actor trying to trick the buyer into sending payments to a fraudulent account.
• Health Data: In the healthcare industry, privacy is paramount for both patient records and research data. Digital signatures
ensure that this confidential information was not modified when it was transmitted between the consenting parties.
Drawbacks of Digital Signature
• Dependency on technology: Because digital signatures rely on technology, they are susceptible to crimes, including
hacking. As a result, businesses that use digital signatures must make sure their systems are safe and have the most recent
security patches and upgrades installed.
• Complexity: Setting up and using digital signatures can be challenging, especially for those who are unfamiliar with the
technology. This may result in blunders and errors that reduce the system’s efficacy. The process of issuing digital
signatures to senior citizens can occasionally be challenging.
• Limited acceptance: Digital signatures take time to replace manual ones since technology is not widely available in India, a
developing nation.
Differences between symmetric key &
asymmetric key cryptography
Differences explained in detail
Key distribution in symmetric key
cryptography
Key distribution in asymmetric key
cryptography
Public key authority
Certificate authority
Kerberos
Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users.
In Kerberos Authentication server and database is used for client authentication. Kerberos runs as a third-party trusted server
known as the Key Distribution Center (KDC). Each user and service on the network is a principal. The main components of
Kerberos are:

• Authentication Server (AS):

The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.

• Database:
The Authentication Server verifies the access rights of users in the database.

• Ticket Granting Server (TGS):

The Ticket Granting Server issues the ticket for the Server
KERBEROS OVERVIEW
• Step-1:
User login and request services on the host. Thus user requests for ticket-granting service.

• Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key.
Results are encrypted using the Password of the user.

• Step-3:
The decryption of the message is done using the password then send the ticket to Ticket Granting Server. The Ticket
contains authenticators like user names and network addresses.

• Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request then creates the ticket for
requesting services from the Server.

• Step-5:
The user sends the Ticket and Authenticator to the Server.

• Step-6:
The server verifies the Ticket and authenticators then generate access to the service. After this User can access the
services.
Kerberos Limitations
• Each network service must be modified individually for use with Kerberos
• It doesn’t work well in a timeshare environment
• Secured Kerberos Server
• Requires an always-on Kerberos server
• Stores all passwords are encrypted with a single key
• Assumes workstations are secure
• May result in cascading loss of trust.
• Scalability
Applications
• User Authentication: User Authentication is one of the main applications of Kerberos. Users only have to input their
username and password once with Kerberos to gain access to the network. The Kerberos server subsequently receives the
encrypted authentication data and issues a ticket granting ticket (TGT).
• Single Sign-On (SSO): Kerberos offers a Single Sign-On (SSO) solution that enables users to log in once to access a variety
of network resources. A user can access any network resource they have been authorized to use after being authenticated
by the Kerberos server without having to provide their credentials again.
• Mutual Authentication: Before any data is transferred, Kerberos uses a mutual authentication technique to make sure
that both the client and server are authenticated. Using a shared secret key that is securely kept on both the client and
server, this is accomplished. A client asks the Kerberos server for a service ticket whenever it tries to access a network
resource. The client must use its shared secret key to decrypt the challenge that the Kerberos server sends via encryption.
If the decryption is successful, the client responds to the server with evidence of its identity.
• Authorization: Kerberos also offers a system for authorization in addition to authentication. After being authenticated, a
user can submit service tickets for certain network resources. Users can access just the resources they have been given
permission to use thanks to information about their privileges and permissions contained in the service tickets.
• Network Security: Kerberos offers a central authentication server that can regulate user credentials and access
restrictions, which helps to ensure network security. In order to prevent unwanted access to sensitive data and resources,
this server may authenticate users before granting them access to network resources.
•
Is Kerberos Infallible?
• No security measure is 100% impregnable, and Kerberos is no exception. Because it’s been around for so long, hackers
have had the ability over the years to find ways around it, typically through forging tickets, repeated attempts at password
guessing (brute force/credential stuffing), and the use of malware, to downgrade the encryption.
• Despite this, Kerberos remains the best access security protocol available today. The protocol is flexible enough to employ
stronger encryption algorithms to combat new threats, and if users employ good password-choice guidelines, you
shouldn’t have a problem!
What is Kerberos Used For?
• Although Kerberos can be found everywhere in the digital world, it is commonly used in secure systems that rely on robust
authentication and auditing capabilities. Kerberos is used for Posix, Active Directory, NFS, and Samba authentication. It is
also an alternative authentication system to SSH, POP, and SMTP.
X.509 Authentication Service
• X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or International
Telecommunication Union X.509 standard, in which the format of PKI certificates is defined. X.509 digital certificate is a
certificate-based authentication security framework that can be used for providing secure transaction processing and
private information. These are primarily used for handling the security and identity in computer networking and internet-
based communications.
Working of X.509 Authentication Service
Certificate:
• The core of the X.509 authentication service is the public key certificate connected to each user. These user certificates are
assumed to be produced by some trusted certification authority and positioned in the directory by the user or the
certified authority. These directory servers are only used for providing an effortless reachable location for all users so that
they can acquire certificates. X.509 standard is built on an IDL known as ASN.1. With the help of Abstract Syntax Notation,
the X.509 certificate format uses an associated public and private key pair for encrypting and decrypting a message.
• Once an X.509 certificate is provided to a user by the certified authority, that certificate is attached to it like an identity
card. The chances of someone stealing it or losing it are less, unlike other unsecured passwords. With the help of this
analogy, it is easier to imagine how this authentication works: the certificate is basically presented like an identity at the
resource that requires authentication.
Format of X.509 Authentication Service Certificate:
Generally, the certificate includes the elements given below:

• Version number: It defines the X.509 version that concerns the certificate.(1,2,3)
• Serial number: It is the unique number that the certified authority issues.
• Signature Algorithm ID: Specifies the algorithm used for the signature, such as SHA256 with RSA.
• Issuer Name: The name of the CA that issued the certificate.
• Period of Validity: It defines the period for which the certificate is valid. ( date and time)
• Subject Name: Tells about the name of the user to whom this certificate has been issued.
• Subject’s public key information: It defines the subject’s public key along with an identifier of the algorithm for which this
key is supposed to be used.
• Extension block: This field contains additional m Identifier: This is the algorithm that is used for signing the certificate.
• Issuer name: Tells standard information.
• Signature: This field contains the hash code of all other fields which is encrypted by the certified authority private key.
Digital Signing Process
This portion explains the cryptographic signing process used in certificate creation:
• Hash Algorithm: The certificate fields (excluding the signature) are input into a hash function (e.g., SHA-256), producing a
fixed-length digest (a unique fingerprint of the data).
• Digest: This is the output of the hash function, which represents the certificate's contents in a compact form.
• Signature Algorithm: The CA uses its private key to sign the digest using a cryptographic signature algorithm (e.g., RSA or
ECDSA).
• Signed Digest: The resulting signed digest is appended to the certificate.
The Hash Algorithm ID + Cipher ID + Parameters used in the signing process are part of the certificate, allowing the recipient
to verify the signature.
Applications of X.509 Authentication Service
Certificate:
Many protocols depend on X.509 and it has many applications, some of them are given below:
• Document signing and Digital signature
• Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates
• Email certificates
• Code signing
• Secure Shell Protocol (SSH) keys
• Digital Identities
What is PGP?
• PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
• PGP was designed to provide all four aspects of security, i.e., privacy, integrity, authentication, and non-repudiation in the sending
of email.
• PGP uses a digital signature (a combination of hashing and public key encryption) to provide integrity, authentication, and non-
repudiation. PGP uses a combination of secret key encryption and public key encryption to provide privacy. Therefore, we can say
that the digital signature uses one hash function, one secret key, and two private-public key pairs.
• PGP is an open source and freely available software package for email security.
• PGP provides authentication through the use of Digital Signature.
• It provides confidentiality through the use of symmetric block encryption.
• It provides compression by using the ZIP algorithm, and EMAIL compatibility using the radix-64 encoding scheme.
• Pretty Good Privacy (PGP) is an encryption software program software designed to ensure the confidentiality, integrity, and
authenticity of virtual communications and information. Developed with the aid of Phil Zimmermann in 1991, PGP has emerge as a
cornerstone of present-day cryptography, notably regarded as one of the best methods for securing digital facts.
• At its core, PGP employs a hybrid cryptographic method, combining symmetric-key and public-key cryptography techniques.
Symmetric-key cryptography entails the use of a single mystery key to each encrypt and decrypt statistics. Conversely, public-key
cryptography utilizes a pair of mathematically associated keys: a public key, that is freely shared and used for encryption, and a
personal key, that is stored in mystery and used for decryption.
Evolution and Advancement of Pretty Good Privacy
(PGP)
• Pretty Good Privacy (PGP) has undergone extensive evolution and advancement because its inception in 1991. Developed with the
aid of Phil Zimmermann, PGP was to start with conceived as a tool to permit stable communique and protect man or woman
privacy in the face of developing concerns approximately authorities surveillance and statistics interception.
• Early Development (1991-1996): PGP turned into first launched as freeware, allowing users to encrypt and decrypt e-mail
messages and files the usage of public-key cryptography. This early version of PGP utilized the RSA algorithm for public-key
encryption and the IDEA cipher for symmetric-key encryption. Despite its groundbreaking skills, PGP faced prison demanding
situations due to export regulations on cryptographic software.
• International Expansion and Standardization (1996-2000): In 1997, PGP changed into acquired with the aid of Network Associates
Inc. (NAI), which continued its improvement and improved its international presence. During this period, PGP have become a de
facto preferred for e mail encryption and digital signatures, with support for multiple platforms and electronic mail customers. The
OpenPGP standard, primarily based on the original PGP protocol, changed into established to make certain interoperability and
compatibility among specific implementations of PGP.
• Open Source Development (2000-Present): In response to concerns about the proprietary nature of PGP and the need for
transparency and security, the OpenPGP Working Group become shaped to increase an open-supply version of PGP. This caused
the advent of GnuPG (GNU Privacy Guard), an open-supply implementation of the OpenPGP trendy. GnuPG remains actively
maintained and widely used as a loose opportunity to industrial PGP software program.
• Modernization and Integration (2000s-Present): PGP has persisted to adapt in response to technological improvements and
changing protection requirements. Modern versions of PGP provide stronger functions together with guide for elliptic curve
cryptography (ECC), stepped forward key management, integration with cloud garage services, and compatibility with cellular
gadgets. Additionally, PGP has been integrated into diverse encryption gear, steady e-mail customers, and agency safety answers,
expanding its utility and reach.
Following are the steps taken by PGP to create secure e-mail at the sender site:
• The e-mail message is hashed by using a hashing function to create a digest.
• The digest is then encrypted to form a signed digest by using the sender's private key, and then signed digest is added to
the original email message.
• The original message and signed digest are encrypted by using a one-time secret key created by the sender.
• The secret key is encrypted by using a receiver's public key.
• Both the encrypted secret key and the encrypted combination of message and digest are sent together.
PGP at sender site (A)
Following are the steps taken to show how PGP uses hashing and a combination of three keys to generate the original
message:
• The receiver receives the combination of encrypted secret key and message digest is received.
• The encrypted secret key is decrypted by using the receiver's private key to get the one-time secret key.
• The secret key is then used to decrypt the combination of message and digest.
• The digest is decrypted by using the sender's public key, and the original message is hashed by using a hash function to
create a digest.
• Both the digests are compared if both of them are equal means that all the aspects of security are preserved.
PGP at receiver (B)
The following are the services offered by PGP:

1. Authentication

2. Confidentiality

3. Email Compatibility

4. Segmentation
• Authentication in PGP
• Authentication basically means something that is used to validate something as true or real. To login into some sites
sometimes we give our account name and password, that is an authentication verification procedure.
• In the email world, checking the authenticity of an email is nothing but to check whether it actually came from the person
it says. In emails, authentication has to be checked as there are some people who spoof the emails or some spams and
sometimes it can cause a lot of inconvenience. The Authentication service in PGP is provided as follows:
• As shown in the above figure, the Hash Function (H) calculates the Hash Value of the message. For the hashing
purpose, SHA-1 is used and it produces a 160 bit output hash value. Then, using the sender’s private key (KP a), it is
encrypted and it’s called as Digital Signature. The Message is then appended to the signature. All the process happened
till now, is sometimes described as signing the message . Then the message is compressed to reduce the transmission
overhead and is sent over to the receiver.
• At the receiver’s end, the data is decompressed and the message, signature are obtained. The signature is then decrypted
using the sender’s public key(PUa) and the hash value is obtained. The message is again passed to hash function and it’s
hash value is calculated and obtained.
• Both the values, one from signature and another from the recent output of hash function are compared and if both are
same, it means that the email is actually sent from a known one and is legit, else it means that it’s not a legit one.
Confidentiality in PGP
• Sometimes we see some packages labelled as ‘Confidential’, which means that those packages are not meant for all the
people and only selected persons can see them. The same applies to the email confidentiality as well. Here, in the email
service, only the sender and the receiver should be able to read the message, that means the contents have to be kept
secret from every other person, except for those two.
• PGP provides that Confidentiality service in the following manner:
• Then, the session key (Ks) itself gets encrypted through public key encryption (EP) using receiver’s public key(KU b) . Both
the encrypted entities are now concatenated and sent to the receiver.
• As you can see, the original message was compressed and then encrypted initially and hence even if any one could get
hold of the traffic, he cannot read the contents as they are not in readable form and they can only read them if they had
the session key (Ks). Even though session key is transmitted to the receiver and hence, is in the traffic, it is in encrypted
form and only the receiver’s private key (KPb)can be used to decrypt that and thus our message would be completely safe.
• At the receiver’s end, the encrypted key is decrypted using KP b and the message is decrypted with the obtained session
key. Then, the message is decompressed to obtain the M.
• RSA algorithm is used for the public-key encryption and for the symmetric key encryption, CAST-128(or IDEA or 3DES) is
used.
• Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
• Note:
• M – Message
• H – Hash Function
• Ks – A random Session Key created for Symmetric Encryption purpose
• DP – Public-Key Decryption Algorithm
• EP – Public-Key Encryption Algorithm
• DC – Asymmetric Decryption Algorithm
• EC – Symmetric Encryption Algorithm
• KPb – A private key of user B used in Public-key encryption process
• KPa – A private key of user A used in Public-key encryption process
• PUa – A public key of user A used in Public-key encryption process
• PUb – A public key of user B used in Public-key encryption process
• || – Concatenation
• Z – Compression Function
• Z-1 – Decompression Function
• PGP Operation – Email Compatibility
When PGP is used, at least part of the block to be transmitted is encrypted, and thus consists of a stream of arbitrary 8-bit
octets. However many electronic mail systems only permit the use of ASCII text. To accommodate this restriction, PGP
provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters. It uses radix-64
conversion, in which each group of three octets of binary data is mapped into four ASCII characters. This format also appends
a CRC to detect transmission errors. The use ofradix 64 expands a message by 33%, but still an overall compression of about
one-third can be achieved.
• PGP Operation - Segmentation/Reassembly
E-mail facilities often are restricted to a maximum message length. For example, many of the facilities accessible through the
Internet impose a maximum length of 50,000 octets. Any message longer than that must be broken up into smaller segments,
each of which is mailed separately. To accommodate this restriction, PGP automatically subdivides a message that is too large
into segments that are small enough to send via e-mail. The segmentation is done after all of the other processing, including
the radix-64 conversion. Thus, the session key component and signature component appear only once, at the beginning of
the first segment. Reassembly at the receiving end is required before verifying signature or decryption.
Advantages of PGP
• The primary benefit of PGP encryption lies in its unbreakable algorithm.
• It is regarded as a top technique for improving cloud security and is frequently utilised by users who need to encrypt their
private conversations.
• This is due to PGP’s ability to prevent hackers, governments, and nation-states from accessing files or emails that are
encrypted with PGP.
Disadvantages of PGP
• The Administration is difficult: The different versions of PGP complicate the administration.
• Compatibility issues: Both the sender and the receiver must have compatible versions of PGP. For example, if you encrypt
an email by using PGP with one of the encryption technique, the receiver has a different version of PGP which cannot read
the data.
• Complexity: PGP is a complex technique. Other security schemes use symmetric encryption that uses one key or
asymmetric encryption that uses two different keys. PGP uses a hybrid approach that implements symmetric encryption
with two keys. PGP is more complex, and it is less familiar than the traditional symmetric or asymmetric methods.
• No Recovery: Computer administrators face the problems of losing their passwords. In such situations, an administrator
should use a special program to retrieve passwords. For example, a technician has physical access to a PC which can be
used to retrieve a password. However, PGP does not offer such a special program for recovery; encryption methods are
very strong so, it does not retrieve the forgotten passwords results in lost messages or lost files.
S/MIME
• Email is probably the most used mode of communication today not only for casual chat purposes but for the transmission
of very sensitive information. It could be business plans, personal information, or other important documents, all of which
you would want to be sure are safe in your email.
• S/MIME can do both symmetric encryption and digital signatures, which are two very important functions for securing
emails in the best possible way. Symmetric encryption guarantees that only the addressee will be able to read your email,
and digital signatures identify who it came from and show that it wasn’t changed on its way to your inbox. With S/MIME,
you will be able to protect your communication against unwanted readers and establish trust with those receiving your
emails.
What is S/MIME
• S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Through encryption, S/MIME offers protection for
business emails. S/MIME comes under the concept of Cryptography. S/MIME is a protocol used for encrypting or
decrypting digitally signed E-mails. This means that users can digitally sign their emails as the owner(sender) of the e-mail.
• Bell Communications launched the MIME standard protocol in 1991 to increase the email’s restricted functionality.
S/MIME is an upgrade of MIME(Multipurpose Internet Mail Extensions). Due to the limitations of MIME, S/MIME came
into play. S/MIME is based on asymmetric cryptography which means that communications can be encrypted or decrypted
using a pair of related keys namely public and private keys.
How S/MIME Works?
• S/MIME enables non-ASCII data to be sent using Secure Mail Transfer Protocol (SMTP) via email. Moreover, many data files
are sent, including music, video, and image files. This data is securely sent using the encryption method. The data which is
encrypted using a public key is then decrypted using a private key which is only present with the receiver of the E-mail.
The receiver then decrypts the message and then the message is used. In this way, data is shared using e-mails providing
an end-to-end security service using the cryptography method.
Advantages of S/MIME
• It offers verification.
• It offers integrity to the message.
• By the use of digital signatures, it facilitates non-repudiation of origin.
• Data security is ensured by the utilization of encryption.
• Transfer of data files like images, audio, videos, documents, etc. in a secure manner.
Services of S/MIME
• Digital Signature, which can maintain data integrity.
• S/MIME can be used in encrypting messages.
• By using this we can transfer our data using an e-mail without any problem.
Versions of S/MIME Versions
• 1st Version: 1995
• 2nd Version: 1998
• 3rd Version: 1999
Microsoft products that support the third version of S/MIME:-
• Microsoft Outlook 2000 and more ( SR-1 ).
• Outlook Express 5.01 and later.
• Microsoft Exchange version 5.5 and later.
How to Get S/MIME Certificates
The following are steps to have S/MIME certificates for securing your emails:
• Choose a Certificate Authority: You can select any trusted Certificate Authority, such as Sectigo, DigiCert, or GlobalSign,
that has the functionality to provide you with S/MIME certificates. Most of these Certificate Authorities provide both free
and paid versions according to one’s needs.
• Get or Apply for a Certificate: Log on to the website of the CA, and select the S/MIME certificate you would like to buy or
apply for. You might be asked for your name, email address, and organizational details.
• Validate Your Identity: The CA may request you to validate your identity before issuing the certificate. It could be in the
form of email verification, sending official documents, or other means of authentication.
• Download and install the certificate: If your identity can be verified, then a CA issues your certificate. Instructions will be
provided about downloading/installing the certificate into your email client say, Outlook or Apple Mail.
• Configuration of Your Email Client: Configure your email client to use the S/MIME certificate for encrypting and digitally
signing all of your messages upon installation. Typically, this step is different for various clients. However, in general, you
will need to pick the certificate within the security settings.
• Test Your Setup: At a minimum, you will have to send an email to test that everything works fine with both encryption and
digital signing.
New S/MIME Requirements in 2024
• This document has seen rather a large number of upcoming modifications to the way S/MIME
certificates are issued during 2024. Many of these changes result from new S/MIME Baseline
Requirements from the CA/Browser Forum.
• New Intermediate CA Certificates: Certificate authorities, including DigiCert, have migrated to
new intermediate CA certificates in order to stay compliant with baseline requirements. This
transition is said to be an improvement in security and trust.
• Mailbox validation: To get an S/MIME certificate for a shared email address, such as Gmail or
Outlook, it requires mailbox validation in order to have a greater degree of control over the email
account.
• Organization Units (OUs) Removed: Public S/MIME Certificates no longer support the use of
Organization Units for public S/MIME certificates, newly-issued to simplify the structure of the
certificate and to increase security.
• Email Address in SAN: Please add the email address in the SAN field of the helping certificate for
better identification.
• Updated OIDs for certificate policy: The object identifiers for the relevant certificate policies have
been updated to accommodate the new S/MIME Baseline Requirements.
Differences between PGP & S/MIME
Features PGP S/MIME

Full form PGP is an abbreviation for Pretty Good Privacy. S/MIME is an abbreviation for Secure/Multipurpose
Internet Mail Extension.

Effectively process It is made to process emails in plain text. It permits emails that also contain multimedia assets.

Cost It is less costly than S/MIME. It is more expensive than PGP.

Dependency It relies on the user key exchange. It relies on a hierarchically valid certificate for key
exchange.

Usage It is useful for both personal and organizational It is suitable for usage in the industry.
purposes.

Efficient It is less efficient. It is more efficient.

Convenient It is less convenient. It is more convenient because all applications are

securely transformed.

Public Keys It has 4096 public keys. It has only 1024 public keys.

Encryption It is the standard for secure encryption. It is a robust encryption standard with some limitations.

Digital Signature It utilizes Diffie hellman's digital signature. It utilizes Elgamal's digital signature.

VPN It may be utilized in VPNs. It is utilized with email services, not VPNs.
key differences between PGP and S/MIME. Some main differences between PGP and S/MIME are as follows:
• PGP is made to process emails in plain text. In contrast, the S/MIME permits emails that also contain multimedia assets.
• PGP is a general-purpose program that is mainly utilized for email security and file protection. On the other hand, the
S/MIME is utilized for email security.
• PGP is a computer program that encrypts and decrypts data and provides cryptographic privacy and authentication for
internet data transfer. In contrast, the S/MIME offers data security features like message integrity, authentication, and
non-repudiation of origin for electronic data transmission applications.
• PGP is a less effective encryption method than S/MIME. In contrast, S/MIME is more effective than PGP.
• There are 4096 public keys in PGP. In contrast, the S/MIME only has 1024 public keys.
• PGP products are more expensive than S/MIME. In contrast, S/MIME products are less expensive than PGP.
• PGP utilizes Diffie hellman's digital signature. In contrast, the S/MIME utilizes Elgamal's digital signature.
• S/MIME is suitable for usage in the industry. On the other hand, PGP is useful for both personal and organizational
purposes.
• PGP is based on the exchange of user keys. On the other hand, the S/MIME depends on a hierarchically valid certificate for
key exchange.
• PGP is the standard for secure encryption. On the other hand, the S/MIME is a robust encryption standard with some
limitations.
IP security (IPSec)
• IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF) standard suite of protocols between two
communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines
the encrypted, decrypted, and authenticated packets. The protocols needed for secure key exchange and key management
are defined in it.
What is IP Security?
• IPSec refers to a collection of communication rules or protocols used to establish secure network connections. Internet
Protocol (IP) is the common standard that controls how data is transmitted across the internet. IPSec enhances the
protocol’s security by introducing encryption and authentication. For example, it encrypts data at the source and then
decrypts it at the destination. It also verifies the source of the data.
Components of IP Security
It has the following components:
• Encapsulating Security Payload (ESP)
• Authentication Header (AH)
• Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data integrity, encryption, authentication, and anti-replay. It also
provides authentication for payload( actual data that contains in the data packet).
2. Authentication Header (AH): It also provides data integrity, authentication, and anti-replay and it does not provide
encryption. The anti-replay protection protects against the unauthorized transmission of packets. It does not protect data
confidentiality.
3. Internet Key Exchange (IKE):
It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association
(SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to
support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association provides a
framework for authentication and key exchange. ISAKMP tells how the setup of the Security Associations (SAs) and how
direct connections between two hosts are using IPsec.
Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard
algorithms such as SHA and MD5. The algorithm’s IP sec users produce a unique identifier for each packet. This identifier then
allows a device to determine whether a packet has been correct or [Link] that are not authorized are discarded and not
given to the receiver.
IP Security Architecture
• IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols are ESP
(Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture includes protocols, algorithms, DOI,
and Key Management. All these components are very important in order to provide the three main services:
• Confidentiality
• Authentication
• Integrity
1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms, and
security requirements of IP Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality service. Encapsulation Security Payload
is implemented in either two ways:
• ESP with optional Authentication.
• ESP with Authentication.
.
• Security Parameter Index(SPI): This parameter is used by Security Association. It is used to give a unique
number to the connection built between the Client and Server.
• Sequence Number: Unique Sequence numbers are allotted to every packet so that on the receiver side
packets can be arranged properly.
• Payload Data: Payload data means the actual data or the actual message. The Payload data is in an
encrypted format to achieve confidentiality.
• Padding: Extra bits of space are added to the original message in order to ensure confidentiality. Padding
length is the size of the added bits of space in the original message.
• Next Header: Next header means the next payload or next actual data.
• Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: The encryption algorithm is the document that describes various encryption
algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity
service. Authentication Header is implemented in one way only: Authentication along with Integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of documents that describe the
authentication algorithm used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and ESP protocols. It
contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how the keys are exchanged
between sender and receiver
Uses of IP Security
IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which all data being sent between the two
endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
Features of IPSec
• Authentication: IPSec provides authentication of IP packets using digital signatures or shared secrets. This helps ensure
that the packets are not tampered with or forged.
• Confidentiality: IPSec provides confidentiality by encrypting IP packets, preventing eavesdropping on the network traffic.
• Integrity: IPSec provides integrity by ensuring that IP packets have not been modified or corrupted during transmission.
• Key management: IPSec provides key management services, including key exchange and key revocation, to ensure that
cryptographic keys are securely managed.
• Flexibility: IPSec can be configured to provide security for a wide range of network topologies, including point-to-point,
site-to-site, and remote access connections.
• Interoperability: IPSec is an open standard protocol, which means that it is supported by a wide range of vendors and can
be used in heterogeneous environments.
Advantages of IPSec
• Strong security: IPSec provides strong cryptographic security services that help protect sensitive data and ensure network
privacy and integrity.
• Wide compatibility: IPSec is an open standard protocol that is widely supported by vendors and can be used in
heterogeneous environments.
• Flexibility: IPSec can be configured to provide security for a wide range of network topologies, including point-to-point,
site-to-site, and remote access connections.
• Scalability: IPSec can be used to secure large-scale networks and can be scaled up or down as needed.
• Improved network performance: IPSec can help improve network performance by reducing network congestion and
improving network efficiency.
Disadvantages of IPSec
• Configuration Complexity: IPSec can be complex to configure and requires specialized knowledge and skills.
• Compatibility Issues: IPSec can have compatibility issues with some network devices and applications, which can lead to
interoperability problems.
• Performance Impact: IPSec can impact network performance due to the overhead of encryption and decryption of IP
packets.
• Key Management: IPSec requires effective key management to ensure the security of the cryptographic keys used for
encryption and authentication.
• Limited Protection: IPSec only provides protection for IP traffic, and other protocols such as ICMP, DNS, and routing
protocols may still be vulnerable to attacks.
Encapsulating security payload
• Encapsulating security payload, also abbreviated as ESP plays a very important role in network security. ESP or
Encapsulating security payload is an individual protocol in IPSec. ESP is responsible for the CIA triad of security
(Confidentiality, Integrity, Availability), which is considered significant only when encryption is carried along with them.
Securing all payload/ packets/ content in IPv4 and IPv6 is the responsibility of ESP.
• It involves encapsulation of the content/ payload encrypts it to suitable form and then there a security check or
authentication takes place for payload in IP Network. Encryption/ encapsulation and security/ authentication make the
payload extremely secure and safe from any kind of harm or threat to content/ data/ payload being stolen by any third
party. The encryption process is performed by authenticated user, similarly, the decryption process is carried out only
when the receiver is verified, thus making the entire process very smooth and secure. The entire encryption that is
performed by ESP is carried on the principle of the integrity of payload and not on the typical IP header.
Working of ESP:
• Encapsulating Security Payload supports both main Network layer
protocols: IPv4 and IPv6 protocols.
• It performs the functioning of encryption in headers of Internet
Protocol or in general say, it resides and performs functions in IP
Header.
• One important thing to note here is that the insertion of ESP is
between Internet Protocol and other protocols such as UDP/
TCP/ ICMP.
Components of ESP:
• An important point to note is that authentication and security are not provided for the entire IP packet in transport mode.
On the other hand for the tunnel mode, the entire IP packet along with the new packet header is encapsulated.
• ESP structure is composed of the following parts as shown below :
The diagrammatic representation of ESP has the below-mentioned components :
1. Security Parameter :
• Security parameters are assigned a size of 32 bits for use
• Security Parameter is mandatory to security parameter in ESP for security links and associations
2. Sequence Number:
• The sequence number is 32 bits in size and works as an incremental counter.
• The first packet has a sequence number 1 assigned to it whenever sent through SA
3. Payload Data:
• Payload data don’t have fixed size and are variable in size to use
• It refers to the data/ content that is provided security by the method of encryption
4. Padding:
• Padding has an assigned size of 0-255 bytes assigned to it.
• Padding is done to ensure that the payload data which needs to be sent securely fits into the cipher block correctly, so for
this padding payloads come to the rescue.
5. Pad Length:
• Pad Length is assigned the size of 8 bits to use
• It is a measure of pad bytes that are preceding
6. Next Header:
• The next header is associated with a size of 8 bits to use
• It is responsible for determining the data type of payload by studying the first header of the payload
7. Authentication Data:
• The size associated with authentication data is variable and never fixed for use-case
• Authentication data is an optional field that is applicable only when SA is selected. It serves the purpose of providing
integrity
Advantages:
• Below listed are the advantages of Encapsulating Security Payload:
• Encrypting data to provide security
• Maintaining a secure gateway for data/ message transmission
• Properly authenticating the origin of data
• Providing needed data integrity
• Maintaining data confidentiality
• Helping with antireplay service using authentication header
Disadvantages:
• Below listed are the disadvantages of Encapsulating Security Payload:
• There is a restriction on the encryption method to be used
• For global use and implementation, weaker encryptions are mandatory to use
Intruders
• In network security, “intruders” are unauthorized individuals or entities who want to obtain access to a
network or system to breach its security. Intruders can range from inexperienced hackers to professional and
organized cyber criminals.
What are Intruders in Network Security?
• Intruders are often referred to as hackers and are the most harmful factors contributing to security
vulnerability. They have immense knowledge and an in-depth understanding of technology and security.
Intruders breach the privacy of users and aim to steal the confidential information of the users. The stolen
information is then sold to third parties, aiming to misuse it for personal or professional gains.
Types of Intruders

• Masquerader: The category of individuals that are not authorized to use the system but still exploit users’
privacy and confidential information by possessing techniques that give them control over the system, such
category of intruders is referred to as Masquerader. Masqueraders are outsiders and hence they don’t have
direct access to the system, they aim to attack unethically to steal data.
• Misfeasor: The category of individuals that are authorized to use the system, but misuse the granted access
and privilege. These are individuals that take undue advantage of the permissions and access given to them,
such category of intruders is referred to as Misfeasor. Misfeasors are insiders and they have direct access to
the system, which they aim to attack unethically for stealing data/ information.
• Clandestine User: The category of individuals who have supervision/administrative control over the system
and misuse the authoritative power given to them. The misconduct of power is often done by superlative
authorities for financial gains, such a category of intruders is referred to as Clandestine Users. A Clandestine
User can be any of the two, insiders or outsiders, and accordingly, they can have direct/ indirect access to
the system, which they aim to attack unethically by stealing data/ information.
Keeping Intruders Away

• Access Control: Implement strong authentication mechanisms, such as two-factor authentication (2FA)
or multi-factor authentication (MFA). Regularly review and update user access permissions to ensure they
align with job roles and responsibilities.
• Network Segmentation: Divide your network into segments to limit lateral movement for intruders. For
example, separate guest Wi-Fi from internal networks. Use firewalls and access control lists (ACLs) to restrict
communication between segments.
• Regular Patching: Keep software, operating systems, and applications up to date. Patch known
vulnerabilities promptly. Monitor security advisories and apply patches as soon as they are released.
• Intrusion Detection and Prevention Systems (IDPS): Deploy Intrusion Detection and Prevention
Systems (IDPS) solutions to detect and prevent suspicious activities. Set up alerts for any unauthorized
access attempts.
• Security Awareness Training: Educate employees about phishing, social engineering, and safe online
practices. Regularly conduct security awareness sessions.
• Encryption: Encrypt sensitive data in transit (using protocols like HTTPS) and at rest (using encryption
algorithms). Use strong encryption keys and rotate them periodically.
Different Ways Adopted by Intruders

• Regressively try all short passwords that may open the system for them.
• Try unlocking the system with default passwords, which will open the system if the user has not made any
change to the default password.
• Try unlocking the system by personal information of the user such as their name, family member names,
address, and phone number in different combinations.
• Making use of a Trojan horse for getting access to the system of the user.
• Attacking the connection of the host and remote user and getting entry through their connection gateway.
• Trying all the applicable information, relevant to the user such as plate numbers, room numbers, and locality
info.
How to Protect From Intruders?

• By being aware of all the security measures that help us to protect ourselves from Intruders.
• By increasing the security and strengthening the security of the system.
• In case of any attack, first, reach out to cyber security experts for a solution to this type of attack.
• Try to avoid becoming a survivor of cybercrime.
 What is an Intrusion Detection System?
A system called an intrusion detection system (IDS) observes network traffic for malicious transactions and
sends immediate alerts when it is observed. It is software that checks a network or system for malicious
activities or policy violations. Each illegal activity or violation is often recorded either centrally using an system
or notified to an administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The intrusion detector
learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections’.
• Working of Intrusion Detection System(IDS)
• An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any suspicious
activity.
• It analyzes the data flowing through the network to look for patterns and signs of abnormal behavior.
• The IDS compares the network activity to a set of predefined rules and patterns to identify any activity that
might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules or patterns, it sends an alert to the system
administrator.
• The system administrator can then investigate the alert and take action to prevent any damage or further
intrusion.
Classification of Intrusion Detection System(IDS)

Intrusion Detection System are classified into 5 types:

• Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up at a
planned point within the network to examine traffic from all devices on the network. It performs an
observation of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks. Once an attack is identified or abnormal behavior is observed, the alert can
be sent to the administrator. An example of a NIDS is installing it on the subnet where firewalls are located in
order to see if someone is trying to crack the firewall.
• Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent hosts
or devices on the network. A HIDS monitors the incoming and outgoing packets from the device only and will
alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system
files and compares it with the previous snapshot. If the analytical system files were edited or deleted, an
alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission-critical
machines, which are not expected to change their layout.
•
• Protocol-Based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS)
comprises a system or agent that would consistently reside at the front end of a server, controlling and
interpreting the protocol between a user/device and the server. It is trying to secure the web server by
regularly monitoring the HTTPS protocol stream and accepting the related HTTP protocol. As HTTPS is
unencrypted and before instantly entering its web presentation layer then this system would need to reside
in this interface, between to use the HTTPS.
• Application Protocol-Based Intrusion Detection System (APIDS): An application Protocol-based Intrusion
Detection System (APIDS) is a system or agent that generally resides within a group of servers. It identifies
the intrusions by monitoring and interpreting the communication on application-specific protocols. For
example, this would monitor the SQL protocol explicitly to the middleware as it transacts with the database
in the web server.
• Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the combination of two or
more approaches to the intrusion detection system. In the hybrid intrusion detection system, the host agent
or system data is combined with network information to develop a complete view of the network system.
The hybrid intrusion detection system is more effective in comparison to the other intrusion detection
system. Prelude is an example of Hybrid IDS.
What is an Intrusion in Cybersecurity?

Intrusion is when an attacker gets unauthorized access to a device, network, or system. Cyber criminals use
advanced techniques to sneak into organizations without being detected. Common methods include:
• Address Spoofing: Hiding the source of an attack by using fake, misconfigured, or unsecured proxy servers,
making it hard to identify the attacker.
• Fragmentation: Sending data in small pieces to slip past detection systems.
• Pattern Evasion: Changing attack methods to avoid detection by IDS systems that look for specific patterns.
• Coordinated Attack: Using multiple attackers or ports to scan a network, confusing the IDS and making it
hard to see what is happening.
Intrusion Detection System Evasion Techniques
• Fragmentation: Dividing the packet into smaller packet called fragment and the process is known
as fragmentation. This makes it impossible to identify an intrusion because there can’t be a malware
signature.
• Packet Encoding: Encoding packets using methods like Base64 or hexadecimal can hide malicious content
from signature-based IDS.
• Traffic Obfuscation: By making message more complicated to interpret, obfuscation can be utilised to hide
an attack and avoid detection.
• Encryption: Several security features, such as data integrity, confidentiality, and data privacy, are provided
by encryption. Unfortunately, security features are used by malware developers to hide attacks and avoid
detection.
Benefits of IDS
• Detects Malicious Activity: IDS can detect any suspicious activities and alert the system administrator before
any significant damage is done.
• Improves Network Performance: IDS can identify any performance issues on the network, which can be
addressed to improve network performance.
• Compliance Requirements: IDS can help in meeting compliance requirements by monitoring network
activity and generating reports.
• Provides Insights: IDS generates valuable insights into network traffic, which can be used to identify any
weaknesses and improve network security.
Advantages
• Early Threat Detection: IDS identifies potential threats early, allowing for quicker response to prevent
damage.
• Enhanced Security: It adds an extra layer of security, complementing other cybersecurity measures to
provide comprehensive protection.
• Network Monitoring: Continuously monitors network traffic for unusual activities, ensuring constant
vigilance.
• Detailed Alerts: Provides detailed alerts and logs about suspicious activities, helping IT teams investigate and
respond effectively.
Disadvantages
• False Alarms: IDS can generate false positives, alerting on harmless activities and causing unnecessary
concern.
• Resource Intensive: It can use a lot of system resources, potentially slowing down network performance.
• Requires Maintenance: Regular updates and tuning are needed to keep the IDS effective, which can be time-
consuming.
• Doesn’t Prevent Attacks: IDS detects and alerts but doesn’t stop attacks, so additional measures are still
needed.
• Complex to Manage: Setting up and managing an IDS can be complex and may require specialized
knowledge.
Password management
Password management is a critical component of network security, as strong passwords are essential for
protecting sensitive information and [Link] are some key aspects to consider:
• Password CreationComplexity: Passwords should include a mix of upper and lower case letters, numbers,
and special [Link]: Aim for a minimum of 12-16 [Link]: Avoid common
words, phrases, or easily guessable information (like birthdays).
• Password Storage Hashing: Store passwords using strong hashing algorithms (e.g., bcrypt, Argon2) to
protect against unauthorized [Link]: Add a unique salt to each password before hashing to defend
against rainbow table attacks.
• Password Policies Regular Changes: Encourage or require users to change passwords periodically, but
balance this with the risk of weaker passwords being [Link] Expiry: Implement policies that
require passwords to expire after a set period.
• Multi-Factor Authentication (MFA)
Use MFA to add an extra layer of security beyond just passwords. This can involve something the user knows
(password), something they have (a phone or hardware token), or something they are (biometric data).
• Password Management Tools
Encourage the use of password managers to help users create, store, and manage complex passwords securely.
• User Education
Provide training on the importance of strong passwords and best practices for creating and managing them.
• Monitoring and Incident Response
Implement monitoring systems to detect suspicious login attempts and have an incident response plan in place
for potential breaches.
• Avoiding Password Reuse
Educate users on the dangers of reusing passwords across different accounts and systems, as this increases
vulnerability if one account is compromised.
• Regular Audits
Conduct regular audits of password policies and practices to identify weaknesses and improve security
measures.
• Secure Password Recovery
Implement secure password recovery processes to prevent unauthorized access during password resets.
By focusing on these aspects, organizations can significantly enhance their password management practices
and improve overall network security.
password practices that can happen in two ways:
• From End Users/Organizational Vulnerabilities:
• Weak and easy to guess: Passwords that are simple or common are more vulnerable to being guessed
by attackers.
• Rarely changed: Passwords that are not updated regularly can be at risk if they’re compromised.
• Same password for all websites: Using the same password across multiple sites increases risk, as a
breach on one platform could lead to vulnerabilities on others.
Technical vulnerabilities
• Weak Encryption Schemes: This refers to using outdated or easily breakable encryption methods to store or
transmit passwords. Weak encryption can make it easier for attackers to decrypt and access sensitive
information, compromising password security.
• Applications that Display Passwords on Screen While Typing: This vulnerability occurs when applications
reveal passwords in plain text as they are being typed, instead of masking them. This makes it easier for
unauthorized individuals to view passwords over the user’s shoulder or through screen monitoring tools.
Password protection strategies
• User Education: Educating users on the importance of strong, unique passwords and best practices for
password security. This can help reduce vulnerabilities caused by human error.
• Using Computer-Generated Passwords: Implementing randomly generated passwords, which are generally
stronger and harder to guess than user-created ones. This reduces the risk of weak or easily guessed
passwords.
• Reactive Password Checking: Periodically checking passwords to ensure they haven’t been compromised.
This involves monitoring for any known data breaches or unauthorized access attempts.
• Proactive Password Checking: Enforcing conditions or rules for password creation to prevent weak
passwords from being used. This includes setting requirements like minimum length, character diversity, and
banning common or easily guessed passwords.
PaSsword selection strategies
• Using Computer-Generated Passwords: This approach involves relying on algorithms or software to create
complex and unique passwords, which are typically harder to guess or crack compared to manually created
ones.
• Reactive Password Checking: In this strategy, systems check passwords against known compromised or
commonly used passwords after they've been created. If a password is found to be weak or previously
compromised, the user may be prompted to change it.
• Proactive Password Checking: Here, passwords are checked for strength during the creation process.
Systems enforce rules (like requiring a mix of letters, numbers, and symbols) to ensure that passwords meet
certain complexity standards, reducing the likelihood of easily guessed passwords.
Virus and its related threats
• Information security threats are actions or events that can compromise the confidentiality, integrity, or
availability of data and systems. These threats can originate from various sources, such as individuals,
groups, or natural events. Information Security threats can be many like Software attacks, theft of
intellectual property, etc. In this article, we will discuss every point about threats to information security.
What is a Threat?
• Threats are actions carried out primarily by hackers or attackers with malicious intent, to steal data, cause
damage, or interfere with computer systems. A threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter, erase, or harm objects. A threat is any potential danger
that can harm your systems, data, or operations. In cybersecurity, threats include activities like hacking,
malware attacks, or data breaches that aim to exploit vulnerabilities.
• Recognizing and understanding these threats is crucial for implementing effective security measures. By
identifying potential threats, you can better protect your sensitive information and maintain the integrity of
your digital assets. Effective threat management is key to maintaining a secure and resilient cybersecurity
posture.
Common Information Security Threats
• Virus: They have the ability to replicate themselves by hooking them to the program on the host computer like songs,
videos etc and then they travel all over the Internet. The Creeper Virus was first detected on ARPANET. Examples include
File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
• Worms: Worms are also self-replicating in nature but they don’t hook themselves to the program on host computer.
Biggest difference between virus and worms is that worms are network-aware. They can easily travel from one computer
to another if network is available and on the target machine they will not do much harm, they will, for example, consume
hard disk space thus slowing down the computer.
• Bots: Bots can be seen as advanced form of worms. They are automated processes that are designed to interact over the
internet without the need for human interaction. They can be good or bad. Malicious bot can infect one host and after
infecting will create connection to the central server which will provide commands to all infected hosts attached to that
network called Botnet.
• Adware: Adware is not exactly malicious but they do breach privacy of the users. They display ads on a computer’s
desktop or inside individual programs. They come attached with free-to-use software, thus main source of revenue for
such developers. They monitor your interests and display relevant ads. An attacker can embed malicious code inside the
software and adware can monitor your system activities and can even compromise your machine.
• Spyware: It is a program or we can say software that monitors your activities on computer and reveal
collected information to an interested party. Spyware are generally dropped by Trojans, viruses or worms.
Once dropped they install themselves and sits silently to avoid detection. One of the most common example
of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp. Thus
capturing interesting information like username, passwords, credit card details etc.
• Ransomware: Ransomware is type of malware that will either encrypt your files or will lock your computer
making it inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e. ransom
in exchange.
• Scareware: It masquerades as a tool to help fix your system but when the software is executed it will infect
your system or completely destroy it. The software will display a message to frighten you and force to take
some action like pay them to fix your system.
• Rootkits: Rootkits are designed to gain root access or we can say administrative privileges in the user
system. Once gained the root access, the exploiter can do anything from stealing private files to private data.
• Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and steal
information rather they wait for the command from hackers.
Information Security Solutions

• Data Security Solutions: These protect sensitive data from unauthorized access. Examples
include encryption, access controls, and data loss prevention tools.
• Network Security: Focuses on securing communication channels and devices within a
network. Firewalls, intrusion detection systems, and VPNs fall into this category.
• Endpoint Security: Protects individual devices (e.g., laptops, smartphones) from threats. Antivirus software
and device management tools are common here.
• Cloud Security: Ensures data security in cloud environments. Encryption, access controls, and monitoring
play key roles.
• Identity and Access Management (IAM): Manages user access to systems and data. IAM solutions include
single sign-on (SSO) and multi-factor authentication (MFA).
• Security Information and Event Management (SIEM): Security Information and Event Management
(SIEM) Collects and analyzes security-related data to detect and respond to threats.
• Physical Security: Protects physical assets (e.g., servers, data centers) through access controls, surveillance,
and alarms.
COUNTER MEASURES
Countermeasures against viruses generally focus on preventing infections, detecting potential threats,
identifying viruses, and removing or replacing any infected or corrupted code. Here’s how each
countermeasure applies specifically to combating viruses:
• Prevention:Prevention strategies aim to stop viruses from infecting a system in the first place. This includes
implementing robust antivirus software, using firewalls, keeping systems and software up-to-date with
security patches, and avoiding downloading files or clicking on links from untrusted [Link]
measures can also include employee training and educating users on recognizing phishing emails and
suspicious downloads, which are common vectors for viruses.
• Detection:Detection involves using antivirus or anti-malware programs to scan for and detect viruses as soon
as they enter the system. Real-time scanning helps monitor incoming files and network traffic, while
scheduled scans ensure that any hidden viruses are [Link] tools use virus definitions (signatures)
or heuristics (behavior analysis) to identify known or suspicious behavior associated with viruses.
• Identification:Once a virus is detected, the next step is to identify the specific type of virus, its origin, and
how it has impacted the system. This includes understanding whether it is a trojan, worm, ransomware, or
another type of malicious [Link] is essential because different types of viruses may require
different methods for effective removal and prevention of further spread. For example, some viruses
replicate and spread quickly, while others remain dormant for a period.
• Removal/Replacement of Code:After identification, the infected files or code need to be removed or
replaced to restore the system’s integrity. Antivirus tools can quarantine and remove infected files, and in
some cases, operating systems or applications may need to be [Link] severe cases, full system
restoration from a clean backup may be necessary if the virus has deeply infiltrated the system.
These countermeasures work together to protect systems and minimize the damage caused by viruses,
ensuring both immediate and long-term security.
 Firewall
What is Firewall?
A firewall is a network security device, either hardware or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules accepts, rejects, or drops that specific traffic.
• Accept: allow the traffic
• Reject: block the traffic but reply with an “unreachable error”
• Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing network traffic with security
policies that have previously been set up inside an organization. A firewall is essentially the wall that separates
a private internal network from the open Internet at its very basic level.
Firewall
A Firewall is a hardware or software to prevent a private computer or a network of computers from unauthorized access, it acts as a
filter to avoid unauthorized users from accessing private computers and networks. It is a vital component of network security. It is the
first line of defense for network security. It filters network packets and stops malware from entering the user’s computer or network
by blocking access and preventing the user from being infected.
Characteristics of Firewall
• Physical Barrier: A firewall does not allow any external traffic to enter a system or a network without its allowance. A firewall
creates a choke point for all the external data trying to enter the system or network and hence can easily block access if needed.
• Multi-Purpose: A firewall has many functions other than security purposes. It configures domain names and Internet Protocol (IP)
addresses. It also acts as a network address translator. It can act as a meter for internet usage.
• Flexible Security Policies: Different local systems or networks need different security policies. A firewall can be modified according
to the requirement of the user by changing its security policies.
• Security Platform: It provides a platform from which any alert to the issue related to security or fixing issues can be accessed. All
the queries related to security can be kept under check from one place in a system or network.
• Access Handler: Determines which traffic needs to flow first according to priority or can change for a particular network or system.
specific action requests may be initiated and allowed to flow through the firewall.
Need and Importance of Firewall Design Principles

• Different Requirements: Every local network or system has its threats and requirements which
needs different structure and devices. All this can only be identified while designing a firewall.
Accessing the current security outline of a company can help to create a better firewall design.
• Outlining Policies: Once a firewall is being designed, a system or network doesn’t need to be
secure. Some new threats can arise and if we have proper paperwork of policies then the security
system can be modified again and the network will become more secure.
• Identifying Requirements: While designing a firewall data related to threats, devices needed to
be integrated, Missing resources, and updating security devices. All the information collected is
combined to get the best results. Even if one of these things is misidentified leads to security
issues.
• Setting Restrictions: Every user has limitations to access different level of data or modify it and it
needed to be identified and taken action accordingly. After retrieving and processing data,
priority is set to people, devices, and applications.
• Identify Deployment Location: Every firewall has its strengths and to get the most use out of it,
we need to deploy each of them at the right place in a system or network. In the case of a packet
filter firewall, it needs to be deployed at the edge of your network in between the internal
network and web server to get the most out of it.
FIREWALL DESIGN PRINCIPLES
• Developing Security Policy
Security policy is a very essential part of firewall design. Security policy is designed according to the
requirement of the company or client to know which kind of traffic is allowed to pass. Without a proper
security policy, it is impossible to restrict or allow a specific user or worker in a company network or anywhere
else. A properly developed security policy also knows what to do in case of a security breach. Without it, there
is an increase in risk as there will not be a proper implementation of security solutions.
• Simple Solution Design
If the design of the solution is complex. then it will be difficult to implement it. If the solution is easy. then it
will be easier to implement it. A simple design is easier to maintain. we can make upgrades in the simple
design according to the new possible threats leaving it with an efficient but more simple structure. The
problem that comes with complex designs is a configuration error that opens a path for external attacks.
• Choosing the Right Device
Every network security device has its purpose and its way of implementation. if we use the wrong device for
the wrong problem, the network becomes vulnerable. if the outdated device is used for a designing firewall, it
exposes the network to risk and is almost useless. Firstly the designing part must be done then the product
requirements must be found out, if the product is already available then it is tried to fit in a design that makes
security weak.
• Layered Defense
A network defense must be multiple-layered in the modern world because if the security is broken, the
network will be exposed to external attacks. Multilayer security design can be set to deal with different levels
of threat. It gives an edge to the security design and finally neutralizes the attack on the system.
• Consider Internal Threats
While giving a lot of attention to safeguarding the network or device from external attacks. The security
becomes weak in case of internal attacks and most of the attacks are done internally as it is easy to access and
designed weakly. Different levels can be set in network security while designing internal security. Filtering can
be added to keep track of the traffic moving from lower-level security to higher level.
Advantages of Firewall:

• Blocks infected files: While surfing the internet we encounter many unknown threats. Any friendly-looking
file might have malware in it. The firewall neutralizes this kind of threat by blocking file access to the system.
• Stop unwanted visitors: A firewall does not allow a cracker to break into the system through a network. A
strong firewall detects the threat and then stops the possible loophole that can be used to penetrate
through security into the system.
• Safeguard the IP address: A network-based firewall like an internet connection firewall(ICF). Keeps track of
the internet activities done on a network or a system and keeps the IP address hidden so that it can not be
used to access sensitive information against the user.
• Prevents Email spamming: In this too many emails are sent to the same address leading to the server
crashing. A good firewall blocks the spammer source and prevents the server from crashing.
• Stops Spyware: If a bug is implanted in a network or system it tracks all the data flowing and later uses it for
the wrong purpose. A firewall keeps track of all the users accessing the system or network and if spyware is
detected it disables it.
 Limitations:
• Internal loose ends: A firewall can not be deployed everywhere when it comes to internal attacks.
Sometimes an attacker bypasses the firewall through a telephone lane that crosses paths with a data lane
that carries the data packets or an employee who unwittingly cooperates with an external attacker.
• Infected Files: In the modern world, we come across various kinds of files through emails or the internet.
Most of the files are executable under the parameter of an operating system. It becomes impossible for the
firewall to keep a track of all the files flowing through the system.
• Effective Cost: As the requirements of a network or a system increase according to the level of threat
increases. The cost of devices used to build the firewall increases. Even the maintenance cost of the firewall
also increases. Making the overall cost of the firewall quite expensive.
• User Restriction: Restrictions and rules implemented through a firewall make a network secure but they can
make work less effective when it comes to a large organization or a company. Even making a slight change in
data can require a permit from a person of higher authority making work slow. The overall productivity drops
because of all of this.
• System Performance: A software-based firewall consumes a lot of resources of a system. Using the RAM and
consuming the power supply leaves very less resources for the rest of the functions or programs. The
performance of a system can experience a drop. On the other hand hardware firewall does not affect the
performance of a system much, because its very less dependent on the system resources.
•
Types of Firewall
• There are mainly three types of firewalls, such as software firewalls, hardware firewalls, or both, depending on their
structure. Each type of firewall has different functionality but the same purpose. However, it is best practice to have both
to achieve maximum possible protection.
• A hardware firewall is a physical device that attaches between a computer network and a gateway. For example- a
broadband router. A hardware firewall is sometimes referred to as an Appliance Firewall. On the other hand, a software
firewall is a simple program installed on a computer that works through port numbers and other installed software. This
type of firewall is also called a Host Firewall.
• Besides, there are many other types of firewalls depending on their features and the level of security they provide. The
following are types of firewall techniques that can be implemented as software or hardware:
• Packet-filtering Firewalls
• Circuit-level Gateways
• Application-level Gateways (Proxy Firewalls)
• Stateful Multi-layer Inspection (SMLI) Firewalls
• Next-generation Firewalls (NGFW)
• Threat-focused NGFW
• Network Address Translation (NAT) Firewalls
• Cloud Firewalls
• Unified Threat Management (UTM) Firewalls
Packet-filtering Firewalls :
A packet filtering firewall is the most basic type of firewall. It acts like a management program that monitors
network traffic and filters incoming packets based on configured security rules. These firewalls are designed to
block network traffic IP protocols, an IP address, and a port number if a data packet does not match the
established [Link] packet-filtering firewalls can be considered a fast solution without many resource
requirements, they also have some limitations. Because these types of firewalls do not prevent web-based
attacks, they are not the safest.
Circuit-level Gateways :
Circuit-level gateways are another simplified type of firewall that can be easily configured to allow or block
traffic without consuming significant computing resources. These types of firewalls typically operate at the
session-level of the OSI model by verifying TCP (Transmission Control Protocol) connections and sessions.
Circuit-level gateways are designed to ensure that the established sessions are protected.
Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls. Like packet-
filtering firewalls, these firewalls do not check for actual data, although they inspect information about
transactions. Therefore, if a data contains malware, but follows the correct TCP connection, it will pass through
the gateway. That is why circuit-level gateways are not considered safe enough to protect our systems.
• Application-level Gateways (Proxy Firewalls)
Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic between two
end systems (e.g., network and traffic systems). That is why these firewalls are called 'Application-level
Gateways'.
Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original clients on the
web-server. This protects the client's identity and other suspicious information, keeping the network safe from
potential attacks. Once the connection is established, the proxy firewall inspects data packets coming from the
source. If the contents of the incoming data packet are protected, the proxy firewall transfers it to the client.
This approach creates an additional layer of security between the client and many different sources on the
network.

• Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection technology and TCP handshake
verification, making SMLI firewalls superior to packet-filtering firewalls or circuit-level gateways. Additionally,
these types of firewalls keep track of the status of established connections.
In simple words, when a user establishes a connection and requests data, the SMLI firewall creates a database
(state table). The database is used to store session information such as source IP address, port number,
destination IP address, destination port number, etc. Connection information is stored for each session in the
state table. Using stateful inspection technology, these firewalls create security rules to allow anticipated
traffic.
In most cases, SMLI firewalls are implemented as additional security levels. These types of firewalls implement
more checks and are considered more secure than stateless firewalls. This is why stateful packet inspection is
implemented along with many other firewalls to track statistics for all internal traffic. Doing so increases the
load and puts more pressure on computing resources. This can give rise to a slower transfer rate for data
packets than other solutions.

• Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as 'next-generation firewalls'. However, there is no
specific definition for next-generation firewalls. This type of firewall is usually defined as a security device
combining the features and functionalities of other firewalls. These firewalls include deep-packet inspection
(DPI), surface-level packet inspection, and TCP handshake testing, etc.
NGFW includes higher levels of security than packet-filtering and stateful inspection firewalls. Unlike traditional
firewalls, NGFW monitors the entire transaction of data, including packet headers, packet contents, and
sources. NGFWs are designed in such a way that they can prevent more sophisticated and evolving security
threats such as malware attacks, external threats, and advance intrusion.
• Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW. Additionally, they also provide advanced
threat detection and remediation. These types of firewalls are capable of reacting against attacks quickly. With
intelligent security automation, threat-focused NGFW set security rules and policies, further increasing the
security of the overall defense system.
In addition, these firewalls use retrospective security systems to monitor suspicious activities continuously.
They keep analyzing the behavior of every activity even after the initial inspection. Due to this functionality,
threat-focus NGFW dramatically reduces the overall time taken from threat detection to cleanup.

• Network Address Translation (NAT) Firewalls

Network address translation or NAT firewalls are primarily designed to access Internet traffic and block all
unwanted connections. These types of firewalls usually hide the IP addresses of our devices, making it safe
from attackers.
When multiple devices are used to connect to the Internet, NAT firewalls create a unique IP address and hide
individual devices' IP addresses. As a result, a single IP address is used for all devices. By doing this, NAT
firewalls secure independent network addresses from attackers scanning a network for accessing IP addresses.
This results in enhanced protection against suspicious activities and attacks.
In general, NAT firewalls works similarly to proxy firewalls. Like proxy firewalls, NAT firewalls also work as an
intermediate device between a group of computers and external traffic.
• Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall or FaaS (firewall-as-
service). Cloud firewalls are typically maintained and run on the Internet by third-party vendors. This type of
firewall is considered similar to a proxy firewall. The reason for this is the use of cloud firewalls as proxy
servers. However, they are configured based on requirements.
The most significant advantage of cloud firewalls is scalability. Because cloud firewalls have no physical
resources, they are easy to scale according to the organization's demand or traffic-load. If demand increases,
additional capacity can be added to the cloud server to filter out the additional traffic load. Most organizations
use cloud firewalls to secure their internal networks or entire cloud infrastructure.

• Unified Threat Management (UTM) Firewalls

• UTM firewalls are a special type of device that includes features of a stateful inspection firewall with anti-
virus and intrusion prevention support. Such firewalls are designed to provide simplicity and ease of use.
These firewalls can also add many other services, such as cloud management, etc.
Unit-5
Web security considerations
What is Web Security?
• Web Security is an online security solution that will restrict access to harmful websites, stop web-based risks, and
manage staff internet usage. Web Security is very important nowadays. Websites are always prone to security
threats/risks. For example- when you are transferring data between client and server and you have to protect that
data that security of data is your web security.
Top Web Security Threats
• Cross-site scripting (XSS)
• SQL Injection
• Phishing
• Ransomware
• Code Injection
• Viruses and worms
• Spyware
• Denial of Service
Security Considerations are:

• Updated Software: You need to always update your software. Hackers may be aware of vulnerabilities in
certain software, which are sometimes caused by bugs and can be used to damage your computer system
and steal personal data. Older versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix vulnerable or exposed areas. That’s
why It is mandatory to keep your software updated, It plays an important role in keeping your personal data
secure.
• Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your database by inserting a
rough code into your query. For e.g. somebody can send a query to your website and this query can be a
rough code while it gets executed it can be used to manipulate your database such as change tables, modify
or delete data or it can retrieve important information also so, one should be aware of the SQL injection
attack.
• Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web pages. E.g. Submission
of forms. It is a term used to describe a class of attacks that allow an attacker to inject client-side scripts into
other users’ browsers through a website. As the injected code enters the browser from the site, the code is
reliable and can do things like sending the user’s site authorization cookie to the attacker.
• Error Messages: You need to be very careful about error messages which are generated to give the
information to the users while users access the website and some error messages are generated due to one
or another reason and you should be very careful while providing the information to the users. For e.g. login
attempt – If the user fails to login the error message should not let the user know which field is incorrect:
Username or Password.
• Data Validation: Data validation is the proper testing of any input supplied by the user or application. It
prevents improperly created data from entering the information system. Validation of data should be
performed on both server-side and client-side. If we perform data validation on both sides that will give us
the authentication. Data validation should occur when data is received from an outside party, especially if
the data is from untrusted sources.
• Password: Password provides the first line of defense against unauthorized access to your device and
personal information. It is necessary to use a strong password. Hackers in many cases use complex software
that uses brute force to crack passwords. Passwords must be complex to protect against brute force. It is
good to enforce password requirements such as a minimum of eight characters long must including
uppercase letters, lowercase letters, special characters, and numerals.
SECURE SOCKET LAYER
• Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server.
SSL encrypts the link between a web server and a browser which ensures that all data passed between them
remain private and free from attack. In this article, we are going to discuss SSL in detail, its protocols, the
silent features of SSL, and the version of SSL.
What is a Secure Socket Layer?
• SSL, or Secure Sockets Layer, is an Internet security protocol that encrypts data to keep it safe. It was created
by Netscape in 1995 to ensure privacy, authentication, and data integrity in online communications. SSL is
the older version of what we now call TLS (Transport Layer Security).
• Websites using SSL/TLS have “HTTPS” in their URL instead of “HTTP.”
How does SSL work?
• Encryption: SSL encrypts data transmitted over the web, ensuring privacy. If someone intercepts the data,
they will see only a jumble of characters that is nearly impossible to decode.
• Authentication: SSL starts an authentication process called a handshake between two devices to confirm
their identities, making sure both parties are who they claim to be.
• Data Integrity: SSL digitally signs data to ensure it hasn’t been tampered with, verifying that the data
received is exactly what was sent by the sender.
Why is SSL Important?
• Originally, data on the web was transmitted in plaintext, making it easy for anyone who intercepted the message to read it.
For example, if someone logged into their email account, their username and password would travel across the Internet
unprotected.
• SSL was created to solve this problem and protect user privacy. By encrypting data between a user and a web server, SSL
ensures that anyone who intercepts the data sees only a scrambled mess of characters. This keeps the user’s login
credentials safe, visible only to the email service.
Additionally, SSL helps prevent cyber attacks by:
• Authenticating Web Servers: Ensuring that users are connecting to the legitimate website, not a fake one set up by
attackers.
• Preventing Data Tampering: Acting like a tamper-proof seal, SSL ensures that the data sent and received hasn’t been
altered during transit.
Secure Socket Layer Protocols
• SSL Record Protocol
• Handshake Protocol
• Change-Cipher Spec Protocol
• Alert Protocol
SSL Record Protocol
• SSL Record provides two services to SSL connection.
• Confidentiality
• Message Integrity
• In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then
encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and
MD5 (Message Digest) is appended. After that encryption of the data is done and in last SSL header is
appended to the data.
Handshake Protocol
Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate
each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its
cycle.
• Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite
and protocol version are exchanged for security purposes.
• Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the
Server-hello-end packet.
• Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key.
• Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol ends.
Change-Cipher Protocol
• This protocol uses the SSL record protocol. Unless Handshake Protocol is completed, the SSL record Output will be in a
pending state. After the handshake protocol, the Pending state is converted into the current state.
• Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s
purpose is to cause the pending state to be copied into the current state.

Alert Protocol
• This protocol is used to convey SSL-related alerts to the peer entity. Each message in this protocol contains 2 bytes.
Transport Layer Security
• Transport layer security protocol is one of the security protocols which are designed to facilitate privacy and
data security for communications over the Internet. The main use of TLS is to encrypt the communication
between web applications and servers, like web browsers loading a website.
• TLS is used to encrypt other communications like email, messaging, and voice over IP (VoIP). TLS was
proposed by the Internet Engineering Task Force (IETF), which is an international standards organization.
Components
• Encryption − It is used to hide the data being transferred from third parties.

• Authentication − It always ensures that the parties exchanging information are who they claim to be.

• Integrity − Integrity verifies that the data has not been tampered with.
Working of TLS:
The client connect to server (using TCP), the client will be something. The client sends number of specification:
• Version of SSL/TLS.
• which cipher suites, compression method it wants to use.

• The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher suite
from one of the clients option (if it supports one) and optionally picks a compression method. After this the
basic setup is done, the server provides its certificate. This certificate must be trusted either by the client
itself or a party that the client trusts. Having verified the certificate and being certain this server really is who
he claims to be (and not a man in the middle), a key is exchanged. This can be a public key,
“PreMasterSecret” or simply nothing depending upon cipher suite.
• Both the server and client can now compute the key for symmetric encryption. The handshake is finished
and the two hosts can communicate securely. To close a connection by finishing. TCP connection both sides
will know the connection was improperly terminated. The connection cannot be compromised by this
through, merely interrupted.
Transport Layer Security (TLS) continues to play a critical role in securing data transmission over networks, especially on the
internet. Let’s delve deeper into its workings and significance:
• Enhanced Security Features:
TLS employs a variety of cryptographic algorithms to provide a secure communication channel. This includes symmetric
encryption algorithms like AES (Advanced Encryption Standard) and asymmetric algorithms like RSA and Diffie-Hellman key
exchange. Additionally, TLS supports various hash functions for message integrity, such as SHA-256, ensuring that data
remains confidential and unaltered during transit.
• Certificate-Based Authentication:
One of the key components of TLS is its certificate-based authentication mechanism. When a client connects to a server, the
server presents its digital certificate, which includes its public key and other identifying information. The client verifies the
authenticity of the certificate using trusted root certificates stored locally or provided by a trusted authority, thereby
establishing the server’s identity.
• Forward Secrecy:
TLS supports forward secrecy, a crucial security feature that ensures that even if an attacker compromises the server’s private
key in the future, they cannot decrypt past communications. This is achieved by generating ephemeral session keys for each
session, which are not stored and thus cannot be compromised retroactively.
• TLS Handshake Protocol:
The TLS handshake protocol is a crucial phase in establishing a secure connection between the client and the
server. It involves multiple steps, including negotiating the TLS version, cipher suite, and exchanging
cryptographic parameters. The handshake concludes with the exchange of key material used to derive session
keys for encrypting and decrypting data.
• Perfect Forward Secrecy (PFS):
Perfect Forward Secrecy is an advanced feature supported by TLS that ensures the confidentiality of past
sessions even if the long-term secret keys are compromised. With PFS, each session key is derived
independently, providing an additional layer of security against potential key compromise.
• TLS Deployment Best Practices:
To ensure the effectiveness of TLS, it’s essential to follow best practices in its deployment. This includes
regularly updating TLS configurations to support the latest cryptographic standards and protocols, disabling
deprecated algorithms and cipher suites, and keeping certificates up-to-date with strong key lengths.
• Continual Evolution:
TLS standards continue to evolve to address emerging security threats and vulnerabilities. Ongoing efforts by
standards bodies, such as the Internet Engineering Task Force (IETF), ensure that TLS remains robust and
resilient against evolving attack vectors.
Advantages
The advantages of TLS are as follows−

• Encryption

• Interoperability

• Flexibility

• Easy of deployment

• Easy to use.
Difference Between Secure Socket Layer (SSL) and
Transport Layer Security (TLS)
SSL TLS

SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.

SSL (Secure Socket Layer) supports the Fortezza algorithm. TLS (Transport Layer Security) does not support the Fortezza algorithm.

SSL (Secure Socket Layer) is the 3.0 version. TLS (Transport Layer Security) is the 1.0 version.

In SSL( Secure Socket Layer), the Message digest is used to create a master In TLS(Transport Layer Security), a Pseudo-random function is used to create
secret. a master secret.

In SSL( Secure Socket Layer), the Message Authentication Code protocol is In TLS(Transport Layer Security), Hashed Message Authentication Code
used. protocol is used.

SSL (Secure Socket Layer) is more complex than TLS(Transport Layer

TLS (Transport Layer Security) is simple.
Security).

SSL (Secure Socket Layer) is less secured as compared to TLS(Transport Layer

TLS (Transport Layer Security) provides high security.
Security).

SSL is less reliable and slower. TLS is highly reliable and upgraded. It provides less latency.

SSL has been depreciated. TLS is still widely used.

SSL uses port to set up explicit connection. TLS uses protocol to set up implicit connection.
Intruders
• In network security, “intruders” are unauthorized individuals or entities who want to obtain access to a
network or system to breach its security. Intruders can range from inexperienced hackers to professional and
organized cyber criminals.
What are Intruders in Network Security?
• Intruders are often referred to as hackers and are the most harmful factors contributing to security
vulnerability. They have immense knowledge and an in-depth understanding of technology and security.
Intruders breach the privacy of users and aim to steal the confidential information of the users. The stolen
information is then sold to third parties, aiming to misuse it for personal or professional gains.
Types of Intruders

• Masquerader: The category of individuals that are not authorized to use the system but still exploit users’
privacy and confidential information by possessing techniques that give them control over the system, such
category of intruders is referred to as Masquerader. Masqueraders are outsiders and hence they don’t have
direct access to the system, they aim to attack unethically to steal data.
• Misfeasor: The category of individuals that are authorized to use the system, but misuse the granted access
and privilege. These are individuals that take undue advantage of the permissions and access given to them,
such category of intruders is referred to as Misfeasor. Misfeasors are insiders and they have direct access to
the system, which they aim to attack unethically for stealing data/ information.
• Clandestine User: The category of individuals who have supervision/administrative control over the system
and misuse the authoritative power given to them. The misconduct of power is often done by superlative
authorities for financial gains, such a category of intruders is referred to as Clandestine Users. A Clandestine
User can be any of the two, insiders or outsiders, and accordingly, they can have direct/ indirect access to
the system, which they aim to attack unethically by stealing data/ information.
Keeping Intruders Away

• Access Control: Implement strong authentication mechanisms, such as two-factor authentication (2FA)
or multi-factor authentication (MFA). Regularly review and update user access permissions to ensure they
align with job roles and responsibilities.
• Network Segmentation: Divide your network into segments to limit lateral movement for intruders. For
example, separate guest Wi-Fi from internal networks. Use firewalls and access control lists (ACLs) to restrict
communication between segments.
• Regular Patching: Keep software, operating systems, and applications up to date. Patch known
vulnerabilities promptly. Monitor security advisories and apply patches as soon as they are released.
• Intrusion Detection and Prevention Systems (IDPS): Deploy Intrusion Detection and Prevention
Systems (IDPS) solutions to detect and prevent suspicious activities. Set up alerts for any unauthorized
access attempts.
• Security Awareness Training: Educate employees about phishing, social engineering, and safe online
practices. Regularly conduct security awareness sessions.
• Encryption: Encrypt sensitive data in transit (using protocols like HTTPS) and at rest (using encryption
algorithms). Use strong encryption keys and rotate them periodically.
Different Ways Adopted by Intruders

• Regressively try all short passwords that may open the system for them.
• Try unlocking the system with default passwords, which will open the system if the user has not made any
change to the default password.
• Try unlocking the system by personal information of the user such as their name, family member names,
address, and phone number in different combinations.
• Making use of a Trojan horse for getting access to the system of the user.
• Attacking the connection of the host and remote user and getting entry through their connection gateway.
• Trying all the applicable information, relevant to the user such as plate numbers, room numbers, and locality
info.
How to Protect From Intruders?

• By being aware of all the security measures that help us to protect ourselves from Intruders.
• By increasing the security and strengthening the security of the system.
• In case of any attack, first, reach out to cyber security experts for a solution to this type of attack.
• Try to avoid becoming a survivor of cybercrime.
 What is an Intrusion Detection System?
A system called an intrusion detection system (IDS) observes network traffic for malicious transactions and
sends immediate alerts when it is observed. It is software that checks a network or system for malicious
activities or policy violations. Each illegal activity or violation is often recorded either centrally using an system
or notified to an administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The intrusion detector
learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections’.
• Working of Intrusion Detection System(IDS)
• An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any suspicious
activity.
• It analyzes the data flowing through the network to look for patterns and signs of abnormal behavior.
• The IDS compares the network activity to a set of predefined rules and patterns to identify any activity that
might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules or patterns, it sends an alert to the system
administrator.
• The system administrator can then investigate the alert and take action to prevent any damage or further
intrusion.
Classification of Intrusion Detection System(IDS)

Intrusion Detection System are classified into 5 types:

• Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up at a
planned point within the network to examine traffic from all devices on the network. It performs an
observation of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks. Once an attack is identified or abnormal behavior is observed, the alert can
be sent to the administrator. An example of a NIDS is installing it on the subnet where firewalls are located in
order to see if someone is trying to crack the firewall.
• Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent hosts
or devices on the network. A HIDS monitors the incoming and outgoing packets from the device only and will
alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system
files and compares it with the previous snapshot. If the analytical system files were edited or deleted, an
alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission-critical
machines, which are not expected to change their layout.
•
• Protocol-Based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS)
comprises a system or agent that would consistently reside at the front end of a server, controlling and
interpreting the protocol between a user/device and the server. It is trying to secure the web server by
regularly monitoring the HTTPS protocol stream and accepting the related HTTP protocol. As HTTPS is
unencrypted and before instantly entering its web presentation layer then this system would need to reside
in this interface, between to use the HTTPS.
• Application Protocol-Based Intrusion Detection System (APIDS): An application Protocol-based Intrusion
Detection System (APIDS) is a system or agent that generally resides within a group of servers. It identifies
the intrusions by monitoring and interpreting the communication on application-specific protocols. For
example, this would monitor the SQL protocol explicitly to the middleware as it transacts with the database
in the web server.
• Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the combination of two or
more approaches to the intrusion detection system. In the hybrid intrusion detection system, the host agent
or system data is combined with network information to develop a complete view of the network system.
The hybrid intrusion detection system is more effective in comparison to the other intrusion detection
system. Prelude is an example of Hybrid IDS.
What is an Intrusion in Cybersecurity?

Intrusion is when an attacker gets unauthorized access to a device, network, or system. Cyber criminals use
advanced techniques to sneak into organizations without being detected. Common methods include:
• Address Spoofing: Hiding the source of an attack by using fake, misconfigured, or unsecured proxy servers,
making it hard to identify the attacker.
• Fragmentation: Sending data in small pieces to slip past detection systems.
• Pattern Evasion: Changing attack methods to avoid detection by IDS systems that look for specific patterns.
• Coordinated Attack: Using multiple attackers or ports to scan a network, confusing the IDS and making it
hard to see what is happening.
Intrusion Detection System Evasion Techniques
• Fragmentation: Dividing the packet into smaller packet called fragment and the process is known
as fragmentation. This makes it impossible to identify an intrusion because there can’t be a malware
signature.
• Packet Encoding: Encoding packets using methods like Base64 or hexadecimal can hide malicious content
from signature-based IDS.
• Traffic Obfuscation: By making message more complicated to interpret, obfuscation can be utilised to hide
an attack and avoid detection.
• Encryption: Several security features, such as data integrity, confidentiality, and data privacy, are provided
by encryption. Unfortunately, security features are used by malware developers to hide attacks and avoid
detection.
Benefits of IDS
• Detects Malicious Activity: IDS can detect any suspicious activities and alert the system administrator before
any significant damage is done.
• Improves Network Performance: IDS can identify any performance issues on the network, which can be
addressed to improve network performance.
• Compliance Requirements: IDS can help in meeting compliance requirements by monitoring network
activity and generating reports.
• Provides Insights: IDS generates valuable insights into network traffic, which can be used to identify any
weaknesses and improve network security.
Advantages
• Early Threat Detection: IDS identifies potential threats early, allowing for quicker response to prevent
damage.
• Enhanced Security: It adds an extra layer of security, complementing other cybersecurity measures to
provide comprehensive protection.
• Network Monitoring: Continuously monitors network traffic for unusual activities, ensuring constant
vigilance.
• Detailed Alerts: Provides detailed alerts and logs about suspicious activities, helping IT teams investigate and
respond effectively.
Disadvantages
• False Alarms: IDS can generate false positives, alerting on harmless activities and causing unnecessary
concern.
• Resource Intensive: It can use a lot of system resources, potentially slowing down network performance.
• Requires Maintenance: Regular updates and tuning are needed to keep the IDS effective, which can be time-
consuming.
• Doesn’t Prevent Attacks: IDS detects and alerts but doesn’t stop attacks, so additional measures are still
needed.
• Complex to Manage: Setting up and managing an IDS can be complex and may require specialized
knowledge.
Password management
Password management is a critical component of network security, as strong passwords are essential for
protecting sensitive information and [Link] are some key aspects to consider:
• Password CreationComplexity: Passwords should include a mix of upper and lower case letters, numbers,
and special [Link]: Aim for a minimum of 12-16 [Link]: Avoid common
words, phrases, or easily guessable information (like birthdays).
• Password Storage Hashing: Store passwords using strong hashing algorithms (e.g., bcrypt, Argon2) to
protect against unauthorized [Link]: Add a unique salt to each password before hashing to defend
against rainbow table attacks.
• Password Policies Regular Changes: Encourage or require users to change passwords periodically, but
balance this with the risk of weaker passwords being [Link] Expiry: Implement policies that
require passwords to expire after a set period.
• Multi-Factor Authentication (MFA)
Use MFA to add an extra layer of security beyond just passwords. This can involve something the user knows
(password), something they have (a phone or hardware token), or something they are (biometric data).
• Password Management Tools
Encourage the use of password managers to help users create, store, and manage complex passwords securely.
• User Education
Provide training on the importance of strong passwords and best practices for creating and managing them.
• Monitoring and Incident Response
Implement monitoring systems to detect suspicious login attempts and have an incident response plan in place
for potential breaches.
• Avoiding Password Reuse
Educate users on the dangers of reusing passwords across different accounts and systems, as this increases
vulnerability if one account is compromised.
• Regular Audits
Conduct regular audits of password policies and practices to identify weaknesses and improve security
measures.
• Secure Password Recovery
Implement secure password recovery processes to prevent unauthorized access during password resets.
By focusing on these aspects, organizations can significantly enhance their password management practices
and improve overall network security.
password practices that can happen in two ways:
• From End Users/Organizational Vulnerabilities:
• Weak and easy to guess: Passwords that are simple or common are more vulnerable to being guessed
by attackers.
• Rarely changed: Passwords that are not updated regularly can be at risk if they’re compromised.
• Same password for all websites: Using the same password across multiple sites increases risk, as a
breach on one platform could lead to vulnerabilities on others.
Technical vulnerabilities
• Weak Encryption Schemes: This refers to using outdated or easily breakable encryption methods to store or
transmit passwords. Weak encryption can make it easier for attackers to decrypt and access sensitive
information, compromising password security.
• Applications that Display Passwords on Screen While Typing: This vulnerability occurs when applications
reveal passwords in plain text as they are being typed, instead of masking them. This makes it easier for
unauthorized individuals to view passwords over the user’s shoulder or through screen monitoring tools.
Password protection strategies
• User Education: Educating users on the importance of strong, unique passwords and best practices for
password security. This can help reduce vulnerabilities caused by human error.
• Using Computer-Generated Passwords: Implementing randomly generated passwords, which are generally
stronger and harder to guess than user-created ones. This reduces the risk of weak or easily guessed
passwords.
• Reactive Password Checking: Periodically checking passwords to ensure they haven’t been compromised.
This involves monitoring for any known data breaches or unauthorized access attempts.
• Proactive Password Checking: Enforcing conditions or rules for password creation to prevent weak
passwords from being used. This includes setting requirements like minimum length, character diversity, and
banning common or easily guessed passwords.
PaSsword selection strategies
• Using Computer-Generated Passwords: This approach involves relying on algorithms or software to create
complex and unique passwords, which are typically harder to guess or crack compared to manually created
ones.
• Reactive Password Checking: In this strategy, systems check passwords against known compromised or
commonly used passwords after they've been created. If a password is found to be weak or previously
compromised, the user may be prompted to change it.
• Proactive Password Checking: Here, passwords are checked for strength during the creation process.
Systems enforce rules (like requiring a mix of letters, numbers, and symbols) to ensure that passwords meet
certain complexity standards, reducing the likelihood of easily guessed passwords.
Virus and its related threats
• Information security threats are actions or events that can compromise the confidentiality, integrity, or
availability of data and systems. These threats can originate from various sources, such as individuals,
groups, or natural events. Information Security threats can be many like Software attacks, theft of
intellectual property, etc. In this article, we will discuss every point about threats to information security.
What is a Threat?
• Threats are actions carried out primarily by hackers or attackers with malicious intent, to steal data, cause
damage, or interfere with computer systems. A threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter, erase, or harm objects. A threat is any potential danger
that can harm your systems, data, or operations. In cybersecurity, threats include activities like hacking,
malware attacks, or data breaches that aim to exploit vulnerabilities.
• Recognizing and understanding these threats is crucial for implementing effective security measures. By
identifying potential threats, you can better protect your sensitive information and maintain the integrity of
your digital assets. Effective threat management is key to maintaining a secure and resilient cybersecurity
posture.
Common Information Security Threats
• Virus: They have the ability to replicate themselves by hooking them to the program on the host computer like songs,
videos etc and then they travel all over the Internet. The Creeper Virus was first detected on ARPANET. Examples include
File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
• Worms: Worms are also self-replicating in nature but they don’t hook themselves to the program on host computer.
Biggest difference between virus and worms is that worms are network-aware. They can easily travel from one computer
to another if network is available and on the target machine they will not do much harm, they will, for example, consume
hard disk space thus slowing down the computer.
• Bots: Bots can be seen as advanced form of worms. They are automated processes that are designed to interact over the
internet without the need for human interaction. They can be good or bad. Malicious bot can infect one host and after
infecting will create connection to the central server which will provide commands to all infected hosts attached to that
network called Botnet.
• Adware: Adware is not exactly malicious but they do breach privacy of the users. They display ads on a computer’s
desktop or inside individual programs. They come attached with free-to-use software, thus main source of revenue for
such developers. They monitor your interests and display relevant ads. An attacker can embed malicious code inside the
software and adware can monitor your system activities and can even compromise your machine.
• Spyware: It is a program or we can say software that monitors your activities on computer and reveal
collected information to an interested party. Spyware are generally dropped by Trojans, viruses or worms.
Once dropped they install themselves and sits silently to avoid detection. One of the most common example
of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp. Thus
capturing interesting information like username, passwords, credit card details etc.
• Ransomware: Ransomware is type of malware that will either encrypt your files or will lock your computer
making it inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e. ransom
in exchange.
• Scareware: It masquerades as a tool to help fix your system but when the software is executed it will infect
your system or completely destroy it. The software will display a message to frighten you and force to take
some action like pay them to fix your system.
• Rootkits: Rootkits are designed to gain root access or we can say administrative privileges in the user
system. Once gained the root access, the exploiter can do anything from stealing private files to private data.
• Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and steal
information rather they wait for the command from hackers.
Information Security Solutions

• Data Security Solutions: These protect sensitive data from unauthorized access. Examples
include encryption, access controls, and data loss prevention tools.
• Network Security: Focuses on securing communication channels and devices within a
network. Firewalls, intrusion detection systems, and VPNs fall into this category.
• Endpoint Security: Protects individual devices (e.g., laptops, smartphones) from threats. Antivirus software
and device management tools are common here.
• Cloud Security: Ensures data security in cloud environments. Encryption, access controls, and monitoring
play key roles.
• Identity and Access Management (IAM): Manages user access to systems and data. IAM solutions include
single sign-on (SSO) and multi-factor authentication (MFA).
• Security Information and Event Management (SIEM): Security Information and Event Management
(SIEM) Collects and analyzes security-related data to detect and respond to threats.
• Physical Security: Protects physical assets (e.g., servers, data centers) through access controls, surveillance,
and alarms.
COUNTER MEASURES
Countermeasures against viruses generally focus on preventing infections, detecting potential threats,
identifying viruses, and removing or replacing any infected or corrupted code. Here’s how each
countermeasure applies specifically to combating viruses:
• Prevention:Prevention strategies aim to stop viruses from infecting a system in the first place. This includes
implementing robust antivirus software, using firewalls, keeping systems and software up-to-date with
security patches, and avoiding downloading files or clicking on links from untrusted [Link]
measures can also include employee training and educating users on recognizing phishing emails and
suspicious downloads, which are common vectors for viruses.
• Detection:Detection involves using antivirus or anti-malware programs to scan for and detect viruses as soon
as they enter the system. Real-time scanning helps monitor incoming files and network traffic, while
scheduled scans ensure that any hidden viruses are [Link] tools use virus definitions (signatures)
or heuristics (behavior analysis) to identify known or suspicious behavior associated with viruses.
• Identification:Once a virus is detected, the next step is to identify the specific type of virus, its origin, and
how it has impacted the system. This includes understanding whether it is a trojan, worm, ransomware, or
another type of malicious [Link] is essential because different types of viruses may require
different methods for effective removal and prevention of further spread. For example, some viruses
replicate and spread quickly, while others remain dormant for a period.
• Removal/Replacement of Code:After identification, the infected files or code need to be removed or
replaced to restore the system’s integrity. Antivirus tools can quarantine and remove infected files, and in
some cases, operating systems or applications may need to be [Link] severe cases, full system
restoration from a clean backup may be necessary if the virus has deeply infiltrated the system.
These countermeasures work together to protect systems and minimize the damage caused by viruses,
ensuring both immediate and long-term security.
 Firewall
What is Firewall?
A firewall is a network security device, either hardware or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules accepts, rejects, or drops that specific traffic.
• Accept: allow the traffic
• Reject: block the traffic but reply with an “unreachable error”
• Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing network traffic with security
policies that have previously been set up inside an organization. A firewall is essentially the wall that separates
a private internal network from the open Internet at its very basic level.
Firewall
A Firewall is a hardware or software to prevent a private computer or a network of computers from unauthorized access, it acts as a
filter to avoid unauthorized users from accessing private computers and networks. It is a vital component of network security. It is the
first line of defense for network security. It filters network packets and stops malware from entering the user’s computer or network
by blocking access and preventing the user from being infected.
Characteristics of Firewall
• Physical Barrier: A firewall does not allow any external traffic to enter a system or a network without its allowance. A firewall
creates a choke point for all the external data trying to enter the system or network and hence can easily block access if needed.
• Multi-Purpose: A firewall has many functions other than security purposes. It configures domain names and Internet Protocol (IP)
addresses. It also acts as a network address translator. It can act as a meter for internet usage.
• Flexible Security Policies: Different local systems or networks need different security policies. A firewall can be modified according
to the requirement of the user by changing its security policies.
• Security Platform: It provides a platform from which any alert to the issue related to security or fixing issues can be accessed. All
the queries related to security can be kept under check from one place in a system or network.
• Access Handler: Determines which traffic needs to flow first according to priority or can change for a particular network or system.
specific action requests may be initiated and allowed to flow through the firewall.
Need and Importance of Firewall Design Principles

• Different Requirements: Every local network or system has its threats and requirements which
needs different structure and devices. All this can only be identified while designing a firewall.
Accessing the current security outline of a company can help to create a better firewall design.
• Outlining Policies: Once a firewall is being designed, a system or network doesn’t need to be
secure. Some new threats can arise and if we have proper paperwork of policies then the security
system can be modified again and the network will become more secure.
• Identifying Requirements: While designing a firewall data related to threats, devices needed to
be integrated, Missing resources, and updating security devices. All the information collected is
combined to get the best results. Even if one of these things is misidentified leads to security
issues.
• Setting Restrictions: Every user has limitations to access different level of data or modify it and it
needed to be identified and taken action accordingly. After retrieving and processing data,
priority is set to people, devices, and applications.
• Identify Deployment Location: Every firewall has its strengths and to get the most use out of it,
we need to deploy each of them at the right place in a system or network. In the case of a packet
filter firewall, it needs to be deployed at the edge of your network in between the internal
network and web server to get the most out of it.
FIREWALL DESIGN PRINCIPLES
• Developing Security Policy
Security policy is a very essential part of firewall design. Security policy is designed according to the
requirement of the company or client to know which kind of traffic is allowed to pass. Without a proper
security policy, it is impossible to restrict or allow a specific user or worker in a company network or anywhere
else. A properly developed security policy also knows what to do in case of a security breach. Without it, there
is an increase in risk as there will not be a proper implementation of security solutions.
• Simple Solution Design
If the design of the solution is complex. then it will be difficult to implement it. If the solution is easy. then it
will be easier to implement it. A simple design is easier to maintain. we can make upgrades in the simple
design according to the new possible threats leaving it with an efficient but more simple structure. The
problem that comes with complex designs is a configuration error that opens a path for external attacks.
• Choosing the Right Device
Every network security device has its purpose and its way of implementation. if we use the wrong device for
the wrong problem, the network becomes vulnerable. if the outdated device is used for a designing firewall, it
exposes the network to risk and is almost useless. Firstly the designing part must be done then the product
requirements must be found out, if the product is already available then it is tried to fit in a design that makes
security weak.
• Layered Defense
A network defense must be multiple-layered in the modern world because if the security is broken, the
network will be exposed to external attacks. Multilayer security design can be set to deal with different levels
of threat. It gives an edge to the security design and finally neutralizes the attack on the system.
• Consider Internal Threats
While giving a lot of attention to safeguarding the network or device from external attacks. The security
becomes weak in case of internal attacks and most of the attacks are done internally as it is easy to access and
designed weakly. Different levels can be set in network security while designing internal security. Filtering can
be added to keep track of the traffic moving from lower-level security to higher level.
Advantages of Firewall:

• Blocks infected files: While surfing the internet we encounter many unknown threats. Any friendly-looking
file might have malware in it. The firewall neutralizes this kind of threat by blocking file access to the system.
• Stop unwanted visitors: A firewall does not allow a cracker to break into the system through a network. A
strong firewall detects the threat and then stops the possible loophole that can be used to penetrate
through security into the system.
• Safeguard the IP address: A network-based firewall like an internet connection firewall(ICF). Keeps track of
the internet activities done on a network or a system and keeps the IP address hidden so that it can not be
used to access sensitive information against the user.
• Prevents Email spamming: In this too many emails are sent to the same address leading to the server
crashing. A good firewall blocks the spammer source and prevents the server from crashing.
• Stops Spyware: If a bug is implanted in a network or system it tracks all the data flowing and later uses it for
the wrong purpose. A firewall keeps track of all the users accessing the system or network and if spyware is
detected it disables it.
 Limitations:
• Internal loose ends: A firewall can not be deployed everywhere when it comes to internal attacks.
Sometimes an attacker bypasses the firewall through a telephone lane that crosses paths with a data lane
that carries the data packets or an employee who unwittingly cooperates with an external attacker.
• Infected Files: In the modern world, we come across various kinds of files through emails or the internet.
Most of the files are executable under the parameter of an operating system. It becomes impossible for the
firewall to keep a track of all the files flowing through the system.
• Effective Cost: As the requirements of a network or a system increase according to the level of threat
increases. The cost of devices used to build the firewall increases. Even the maintenance cost of the firewall
also increases. Making the overall cost of the firewall quite expensive.
• User Restriction: Restrictions and rules implemented through a firewall make a network secure but they can
make work less effective when it comes to a large organization or a company. Even making a slight change in
data can require a permit from a person of higher authority making work slow. The overall productivity drops
because of all of this.
• System Performance: A software-based firewall consumes a lot of resources of a system. Using the RAM and
consuming the power supply leaves very less resources for the rest of the functions or programs. The
performance of a system can experience a drop. On the other hand hardware firewall does not affect the
performance of a system much, because its very less dependent on the system resources.
•
Types of Firewall
• There are mainly three types of firewalls, such as software firewalls, hardware firewalls, or both, depending on their
structure. Each type of firewall has different functionality but the same purpose. However, it is best practice to have both
to achieve maximum possible protection.
• A hardware firewall is a physical device that attaches between a computer network and a gateway. For example- a
broadband router. A hardware firewall is sometimes referred to as an Appliance Firewall. On the other hand, a software
firewall is a simple program installed on a computer that works through port numbers and other installed software. This
type of firewall is also called a Host Firewall.
• Besides, there are many other types of firewalls depending on their features and the level of security they provide. The
following are types of firewall techniques that can be implemented as software or hardware:
• Packet-filtering Firewalls
• Circuit-level Gateways
• Application-level Gateways (Proxy Firewalls)
• Stateful Multi-layer Inspection (SMLI) Firewalls
• Next-generation Firewalls (NGFW)
• Threat-focused NGFW
• Network Address Translation (NAT) Firewalls
• Cloud Firewalls
• Unified Threat Management (UTM) Firewalls
Packet-filtering Firewalls :
A packet filtering firewall is the most basic type of firewall. It acts like a management program that monitors
network traffic and filters incoming packets based on configured security rules. These firewalls are designed to
block network traffic IP protocols, an IP address, and a port number if a data packet does not match the
established [Link] packet-filtering firewalls can be considered a fast solution without many resource
requirements, they also have some limitations. Because these types of firewalls do not prevent web-based
attacks, they are not the safest.
Circuit-level Gateways :
Circuit-level gateways are another simplified type of firewall that can be easily configured to allow or block
traffic without consuming significant computing resources. These types of firewalls typically operate at the
session-level of the OSI model by verifying TCP (Transmission Control Protocol) connections and sessions.
Circuit-level gateways are designed to ensure that the established sessions are protected.
Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls. Like packet-
filtering firewalls, these firewalls do not check for actual data, although they inspect information about
transactions. Therefore, if a data contains malware, but follows the correct TCP connection, it will pass through
the gateway. That is why circuit-level gateways are not considered safe enough to protect our systems.
• Application-level Gateways (Proxy Firewalls)
Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic between two
end systems (e.g., network and traffic systems). That is why these firewalls are called 'Application-level
Gateways'.
Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original clients on the
web-server. This protects the client's identity and other suspicious information, keeping the network safe from
potential attacks. Once the connection is established, the proxy firewall inspects data packets coming from the
source. If the contents of the incoming data packet are protected, the proxy firewall transfers it to the client.
This approach creates an additional layer of security between the client and many different sources on the
network.

• Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection technology and TCP handshake
verification, making SMLI firewalls superior to packet-filtering firewalls or circuit-level gateways. Additionally,
these types of firewalls keep track of the status of established connections.
In simple words, when a user establishes a connection and requests data, the SMLI firewall creates a database
(state table). The database is used to store session information such as source IP address, port number,
destination IP address, destination port number, etc. Connection information is stored for each session in the
state table. Using stateful inspection technology, these firewalls create security rules to allow anticipated
traffic.
In most cases, SMLI firewalls are implemented as additional security levels. These types of firewalls implement
more checks and are considered more secure than stateless firewalls. This is why stateful packet inspection is
implemented along with many other firewalls to track statistics for all internal traffic. Doing so increases the
load and puts more pressure on computing resources. This can give rise to a slower transfer rate for data
packets than other solutions.

• Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as 'next-generation firewalls'. However, there is no
specific definition for next-generation firewalls. This type of firewall is usually defined as a security device
combining the features and functionalities of other firewalls. These firewalls include deep-packet inspection
(DPI), surface-level packet inspection, and TCP handshake testing, etc.
NGFW includes higher levels of security than packet-filtering and stateful inspection firewalls. Unlike traditional
firewalls, NGFW monitors the entire transaction of data, including packet headers, packet contents, and
sources. NGFWs are designed in such a way that they can prevent more sophisticated and evolving security
threats such as malware attacks, external threats, and advance intrusion.
• Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW. Additionally, they also provide advanced
threat detection and remediation. These types of firewalls are capable of reacting against attacks quickly. With
intelligent security automation, threat-focused NGFW set security rules and policies, further increasing the
security of the overall defense system.
In addition, these firewalls use retrospective security systems to monitor suspicious activities continuously.
They keep analyzing the behavior of every activity even after the initial inspection. Due to this functionality,
threat-focus NGFW dramatically reduces the overall time taken from threat detection to cleanup.

• Network Address Translation (NAT) Firewalls

Network address translation or NAT firewalls are primarily designed to access Internet traffic and block all
unwanted connections. These types of firewalls usually hide the IP addresses of our devices, making it safe
from attackers.
When multiple devices are used to connect to the Internet, NAT firewalls create a unique IP address and hide
individual devices' IP addresses. As a result, a single IP address is used for all devices. By doing this, NAT
firewalls secure independent network addresses from attackers scanning a network for accessing IP addresses.
This results in enhanced protection against suspicious activities and attacks.
In general, NAT firewalls works similarly to proxy firewalls. Like proxy firewalls, NAT firewalls also work as an
intermediate device between a group of computers and external traffic.
• Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall or FaaS (firewall-as-
service). Cloud firewalls are typically maintained and run on the Internet by third-party vendors. This type of
firewall is considered similar to a proxy firewall. The reason for this is the use of cloud firewalls as proxy
servers. However, they are configured based on requirements.
The most significant advantage of cloud firewalls is scalability. Because cloud firewalls have no physical
resources, they are easy to scale according to the organization's demand or traffic-load. If demand increases,
additional capacity can be added to the cloud server to filter out the additional traffic load. Most organizations
use cloud firewalls to secure their internal networks or entire cloud infrastructure.

• Unified Threat Management (UTM) Firewalls

• UTM firewalls are a special type of device that includes features of a stateful inspection firewall with anti-
virus and intrusion prevention support. Such firewalls are designed to provide simplicity and ease of use.
These firewalls can also add many other services, such as cloud management, etc.