Lecture 1: Introduction and Basics of Security

• Course Details

• Computer Security and CIA Triad

• Encryption and Decryption (Symmetric Key)

• Attack Model
o Attacker Goals
o Attacker Capabilities
0 Course Details
Who am I?

• Nitya Lakshmanan
• Lecturer at SoC
• Research Area: 4G/5G security
• Office: COM3-02-44
• Email id: nitya.l@[Link]

[Link]
Teaching Team and Support

• Tutors (email ids on Canvas)

o Tutorials TA: for tutorial sessions
o Grey hats: for assignments

• Forum discussion
o Piazza for all discussions
o [Link]

• Consultation
o Every Thursday (2 PM – 4 PM) [Office: COM3-02-44]
o Each TA will also open a weekly consultation.

[Link]
Course Objective

• Introductory module on Information Security

• Illustrates the fundamentals of

o how systems fail due to malicious activities
o how they can be protected

• The module also places emphasis on the practices of secure programming

and implementation.

[Link]
Learning Outcome

• Awareness of common and well-known attacks (e.g. phishing, SQL, XSS, ...)
• Understand basic concepts of security (e.g. availability, confidentiality, ...)

• Understand basic mechanisms & practice of protections (e.g. crypto, PKI,

access control...)

• Awareness of common pitfalls in implementation (Secure programming)

• Develop “adversarial thinking”, i.e., always assume that there are attackers
who try to compromise the system and think like them

[Link]
Lectures and Tutorials

• Lecture (11 lectures):

o In-person lecture (recording will be uploaded in Canvas)
o Students are expected to attend lecture, and the recordings are for revision
o In the events that lead to loss of recording (e.g. system crashed while recording), there would
not be another new recording

• Tutorials (11 Tutorial):

o In-person tutorial
o Attendance will be taken

[Link]
[Link]

[Link]
Quizzes and Assignments
• Quizzes: Best 4 out of 5 quizzes
o Take home (1.5 day deadline, 1 attempt)
o Opens at 12 PM, Thursday after lecture, closes Friday, 23:59 PM
o Scope: Quiz 1( L1, L2), Quiz 2( L3, L4), Quiz 3( L5, L6), Quiz 4( L7, L8), Quiz 5( L9, L10)

• Assignment
o CTF-style 2 assignments
o 3 weeks deadline
o Assignment 1 (Week 5 - Week 7), Assignment 2 (Week 10 - Week 12)
o Piazza and consultation: for clarifications

[Link]
CA Components
CA Component Weightage
Take-home CTF 10% + 10% = 20 %
Quiz (Best 4 out of 5) 6%
Midterm 25%
Tutorial attendance (8 out of 11) 4%
End term 45%
Total: 100%

[Link]
References
• Security in Computing (5th ed). Prentice Hall.
• Computer Security (3rd ed), Dieter Gollman, Wiley.
o Very concise. Abstract concepts clearly explained.
o Good to have if you plan to take higher level security courses.
• Computer Security: Principles and Practice, William Stallings
• Security Engineering (3rd edition), Ross Anderson.
• Introduction to Modern Cryptography (2nd ed), Katz & Y. Lindell

[Link]
Important Dates

• 28th Jan 2025 (Tuesday – after 2PM): Makeup tutorial (Chinese NY)
• 30th Jan 2025 (Thursday): No lecture (Chinese NY)
• 6th March 2025 (Thursday): Midterm exam (lecture time and venue: MPSH 2B)
• 28th March 2025 (Friday): Makeup tutorial (Well-Being Day)
• 31st March 2025 (Monday): Makeup tutorial (Hari-Raya)
• 18th April 2025 (Friday): Makeup tutorial (Good Friday Day)
• 5th May 2025 (Monday): End term test, 5:00 PM - 7:00 PM (Venue: TBA)

[Link]
Registration for Tutorials

• Tutorials slots available – 16 slots

o 6 Monday, 8 Tuesday, 2 Friday
o Slots not available for bidding: T7, T8, T17, T18

• Current vacancy:
o All Monday slots => T1 to T6
o Tuesday Slots => T10, T15, T16
o Friday slots=> filled

[Link]
1 Plagiarism
Zero-Tolerance for Plagiarism​
• [Link]
• All students share the responsibility for upholding the academic standards and reputation
of the University. Academic honesty is a prerequisite condition in the pursuit and
acquisition of knowledge. Academic dishonesty is any misrepresentation with the intent
to deceive or failure to acknowledge the source or falsification of information or
inaccuracy of statements or cheating at examinations/tests or inappropriate use of
resources. There are many forms of academic dishonesty and plagiarism is one of them.
• Plagiarism is generally defined as the practice of taking someone else’s work or
ideas and passing them off as one’s own (The New Oxford Dictionary of English).
• The University does not condone plagiarism.

[Link]
Zero-Tolerance for Plagiarism​
• Students will be reported to University for disciplinary action for plagiarism/cheating
offence​
• Assignment:
o Not allowed:
− Sharing of “flag” and program (essentially materials submitted) is considered plagiarism.
− Using tools in public domain is allowed, except tools that are specifically developed for CS2107
assignments.
− Receive or provide any part of the solution to the assignments
o Allowed:
− Group discussion of assignments without producing a solution for reference
− Discussing course material to understand it better
• Resources:​
o [Link]
o [Link]

[Link]
Plagiarism from Internet/ChatGPT

• The following are always improper uses of AI tools:

o Generating an output and presenting it as your own work or idea.
o Generating an output, paraphrasing it, and then presenting the output as your own work or
idea.
o Processing an original source not created by yourself to plagiarize it (e.g., using an AI
paraphrasing tool to disguise someone else’s original work, or even the output of an AI tool,
and then presenting the final output as your own work or idea).

• If you completed any work with the aid of an AI tool, you should always
acknowledge the use.
o Specify which AI tools were used, in which parts of the process they were used, what were the
prompts used to generate results

[Link]
Unintentional Plagiarism​

• A student may not knowingly intend to plagiarize, but that should not be used
as an excuse for plagiarism.
• Students should seek clarification from their instructors if they are unsure
whether or not they are plagiarizing the work of another person.
• You also need to protect your work. If using GitHub, make it private.

• If your project work is carelessly accessible by others, and they plagiarize, you
are responsible too.​

[Link]
Common theme​

The common theme thus, to avoid plagiarism is

ATTRIBUTION
You must acknowledge the “original sources” of all parts of your
submission at all times.​
GIVE CREDIT to who did the work.

[Link]
3 What is Computer/Information Security
System Failures

• System may fail, which could be due to operator mistakes

o A system file is accidentally deleted leading to system “crash”
o Hardware failures
o Poor implementation (for e.g., year 2000 problem), etc.

• Many systems are robust against typical noise.

• However, some failure are inflicted by deliberate human actions that are
designed to cause failure.
o Possible security issue

[Link]
Security: Intentional Failures

• Security is about such intentional failures.

o An attacker who carries out a particular combination of steps on the ATM to withdraw money
without being recorded[1].

o An attacker uses objects resemble coins to buy drinks from vending machines

• Such combination of steps is extremely unlikely to occur by mistake.

[Link]
Computer/Information Security

• NIST Computer Security Handbook [NIST95]

o Computer Security: The protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources (includes hardware, software, firmware, information/data, and
telecommunications).

• The practice of protecting information and information systems from

unauthorized access, use, disclosure, disruption, modification, or destruction.

[Link]
Vulnerability Threat Control Paradigm

• Vulnerability: A weakness in the system.

o e.g., anyone can reboot the workstation from USB or disk to gain control

• Threat: A set of circumstances that has the potential to cause loss or harm.
o e.g., an attacker with control of the workstation in the lecture theatre could maliciously gather
sensitive info such as passwords

• Control: A countermeasure or security mechanism to counter threats.

o e.g., restrict physical access to the workstation, disable USB booting

A threat is blocked by control of a vulnerability

[Link]
Why Important?

• Protection of Sensitive Information: prevent identity theft, financial loss, etc

• Risk Mitigation: organization can prevent data breaches, DoS, etc

• Regulatory Compliance: adhere to strict govt regulation

• Competitive Advantage: help maintain customer trust and loyalty

• Adaptation to Evolving Threats

[Link]
Internet Security Threat Report [link]

Comprehensive analysis into the cybersecurity landscape

=> trends, tactics, and threats over a specified period

[Link]
 Open Web Application Security Project (OWASP)
[link]

Report outlining security concerns for web

application, focusing on the 10 most critical risks.

[Link]
CrowdStrike [link]

Report examines how adversaries are operating with stealth,

adapting their attacks to move faster and evade detection

[Link]
4 CIA Triad
Security Definitions: C-I-A Triad
Principles that guide the design and implementation of secure systems

Integrity

Confidentiality Availability

Data and
services

[Link]
1. Confidentiality

• Confidentiality: Assures that private or confidential information is not made

available or disclosed to unauthorized individuals.
• Example:
o A student “hacked” into the university system and downloaded the examination
reports. He now know the marks obtained by each student.
o Confidentiality of the exam result is compromised.
o Marks should be known to only the student, their parents, and admin who needs the
info for doing their job.

Reference: Computer Security Principle (William Stalling, Ch 1)

[Link]
1. Confidentiality

• Sometime privacy is also grouped under confidentiality.

• Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
• Example:
o A student “hacked” into the university system and downloaded the examination
reports.
o Privacy of the students is compromised since students’ personal academic information
has been exposed without their consent.
Reference: Computer Security Principle (William Stalling, Ch 1)
[Link]
2. Integrity

• Integrity: Assures that the data has not been altered or tampered with by
unauthorized users.
• Examples:
o A student “hacked” into the university system and modified the grade. Integrity of the
exam result is compromised.
o An application is being modified by an attacker. The integrity of the application is being
compromised.
o The compromised application carries out key-logging. It captures the password
entered by the user and sends it to the attackers. As a result, the confidentiality of the
user password is compromised.

[Link]
3. Availability

• Assures that systems work promptly, and service is not denied to authorized
users.

• Example:
o A botnet floods a web-server with large number of http requests. A legitimate http
request now takes longer time to be processed. Thus, the quality of the service
significantly degraded.
o In the extreme case, the web-server crashed and not able to provide web service
(distributed denial of service attack (DDoS) on the web-server)

[Link]
Other Requirements

• Some literatures group them under C-I-A, whereas some argue that they
are fundamentally different requirements.
• Confidentiality
o Anonymity, Privacy, Covert Channel

• Integrity
o Non-Repudiation (digital signature): The ability of a system to confirm that a sender
cannot convincingly deny having sent something
o Source Authenticity: The ability of a system to confirm the identity of a sender

[Link]
5 Why is it Difficult to be Secure?
Trade-off with Ease-of-use, Performance and Cost
• Ease-of-use: Security mechanisms interfere with working patterns users
originally familiar with (aka usability).
• Performance: Security mechanisms consumes more resources and lowers
performance.
• Cost: Security mechanisms are expensive to develop and manage.

Noun Project: Eucalyp, ZULIANA Sebastian Salomon bsd studio

[Link]
Difficulty in Achieving Security
• Security not considered:
o Many systems do not consider security during the early design stage. So, possibility of
vulnerability.
o In the early stage, typically the main concerns are on usability, cost and performance. (e.g.,
DNS)

• Difficult to formulate requirements:

o Designers not aware of many possible attack scenarios (e.g., many side-channel were
discovered recently).

• Difficult to Design:
o System most vulnerable at its weakest point, and there are many constraints. (e.g., we
understand email spoofing very well. But there is no practical foolproof design.)

[Link]
Difficulty in Achieving Security
• Implementation bugs:
o Even if the design is secure, the system may not be properly implemented, especially for
large, complex systems.
o Also, it is difficult to verify whether an implementation is correct.

• Difficult to operate/manage:
o Human in-the-loop.
o Complexity leads to configuration errors, mismanagement of patches, credential, etc. (e.g.,
developers’ accounts remain in production system)

[Link]
Summary

• Need precise formulation of “Security” for analysis: C-I-A requirement

• Security framework: Vulnerability-Threat-Control paradigm

• Aware of
o Security Trade-off (usability, cost, performance)
o Difficulty to achieve

• Adversarial thinking in analysis (think like the attacker when analysing a

system)

[Link]
6 Encryption and Decryption
Symmetric Key Encryption Scheme

• A way to achieve confidentiality.

• Encryption is the process of converting a message (plaintext) into a

meaningless messages (ciphertext).
• Decryption is the reverse process.
• Alternatively, the terms encode and decode or encipher and decipher are used
instead of encrypt and decrypt.

• A system for encryption and decryption is called a cryptosystem.

[Link]
An Application Scenario
k sent via a secure channel, i.e.,
no one can eavesdrop the info.
Key Key

Encrypt Decrypt
Ek(PT) Dk(CT)

Plaintext, PT Ciphertext, CT Plaintext, PT

Eve can get CT, but without

Ciphertext sent via a public channel.
knowing the key is unable to get
Thus, data might be eavesdropped
any information on PT
Eve
Project Noun: Muhammad Atiq Juicy Fish Naya Putri Arif Hariyanto
[Link]
Properties

• Correctness: For any plaintext x and key k, Dk(Ek(x)) = x

• Security: This is challenging to define and there are different requirements.
o Informally, from the ciphertext, the eavesdropper is unable to derive useful information of
the key k or the plaintext x, even if the eavesdropper can “probe” the system.
o The ciphertext should be “indistinguishable” from a random stream.

• Probabilistic: Encryption could be probabilistic.

o That is, for the same plaintext, there could be different ciphertext.
o Yet they all can be decrypted to the same x.

[Link]
Cryptography (Cryptology)

• Cryptography is the study of techniques in securing communication in the

presence of attackers who have access to the communication.
• Although cryptography is commonly associated with encryption, there are other
primitives such as cryptographic hash, digital signature, etc.
• Terminology: Common placeholders used in cryptography are Alice (usually the
originator of message), Bob (usually the recipient), Eve (eavesdropper: can only
listen), Mallory (malicious: can modify messages)

(see the interesting list in [Link]

[Link]
7 Attack Model or Threat Model
C-I-A is Still a Broad Definition

• We might still need a more precise way to describe the security requirement.
• Consider the fingerprint system that unlocks mobile phone.
o Who are the attackers? What is he capable of?
o Does the system consider an attacker who attempts to unlock the phone by pressing a
fingerprint on the sensor?
o Does the system consider an attacker who dissembles the phone and feed in data to the
communication port?
o Does the system consider an attacker who only wants to steal information of the registered
fingerprints?
o…

[Link]
Which System is more Secure?

• One rigorous way to describe security achieved by a system is by describing the

class of attacks that it can prevent.
o The system is considered secure with respect to those class of attacks.

• We can describe a class of attacks by giving:

o the attacker’s goals
o the attacker’s capabilities (including information and services it has access to).

• This description is also known as attack model, threat model, adversary model &
security model.

[Link]
How is the Attack Model Used?

• With an attack model, we can compare two systems.

• If some attacks are successful on S1, whereas S2 can prevent all possible
attacks (within the class of attacks formulated by the attack model)

• Then S2 is more secure than S1 with respect to the attack model.

[Link]
8 Attacker Goals and Capabilities
Attack Model: Attacker’s Goals

Total Break Partial Break

• The attacker wants to find the key • Want to decrypt a ciphertext but
not interested in the secret key
• Or simply want to extract some
Key
information about the plaintext.
• E.g., whether the plaintext is a jpeg
image or a C program

Possibly an image
[Link]
Attack Model: Attacker’s Goals
• Distinguishability: Most modest goal
o With some “non-negligible” probability more than half, the attacker can correctly
distinguish the ciphertexts of a given plaintext (say, “Y”) from the ciphertext of another
given plaintext (say, “N”).
o If attacker is unable to distinguish, we call this property indistinguishability (IND) or the
scheme is semantically secure.

Prob > 1/2

Y' N'
For rigorous definition see the textbook: J. Katz & Y.
[Link]
Lindell, Introduction to Modern Cryptography, 2nd ed.
Attack Model: Attacker’s Goals
• Total break is the “most difficult” goal. Total Break

• If an attacker can achieve total break, the attacker also can Partial Break
achieve partial break and distinguishability.

• Distinguishability is the “weakest” goal. Distinguishability

• We want to design a secure system that can prevent attacker

from achieving the “weakest” goal.

[Link]
Attack Models: Attacker’s Capability

• Depending on the amount of information attacker have, he can try different

attacks:
o Ciphertext-only attack (CTO)

o Known plaintext attack (KPA)

o Chosen plaintext attack (CPA)

o Chosen ciphertext attack (CCA2)

[Link]
Attacker’s Capability: Ciphertext-Only Attack
(CTO)
• The attacker is given a collection of ciphertext, c and may know some
properties of the plaintext (type of plaintext that is concealed)
o E.g., the plaintext is an English sentence or French text, etc.
o Attacker can’t choose the plaintext

m1, m2,.. c1 = Ek(m1), c2 = Ek(m2),.. m1, m2,..

Encrypt Decrypt
Ek(…) Dk(CT)

m* (some PT
distribution)
Attacker

[Link]
Attacker’s Capability: Ciphertext-Only Attack
(CTO)
• The attacker will analysis of the ciphertext itself, generally applying various
statistical tests to it.
o Exhaustively attempt all possible keys to decrypt the ciphertext and obtain the plaintext.
o Verify if the decrypted plaintext matches the expected plaintext distribution; if it does, the
corresponding key is likely Alice's key.

• Challenge: Test often time is not conclusive.

• Weakest attacker capability because it provides the least amount of
information

[Link]
 Attacker’s Capability: Known-Plaintext Attack
(KPA)
• The attacker is given a collection of plaintext m and their corresponding
ciphertext c (the attacker can’t choose the plaintext.)
• The attacker may be able to capture one or more (plaintext, ciphertext) pairs.

m1, m2,.. c1 = Ek(m1), c2 = Ek(m2),.. m1, m2,..

Encrypt Decrypt
Ek(…) Dk(CT)

m* (some PT
distribution)
Attacker

[Link]
Attacker’s Capability: Known-Plaintext Attack
(KPA)
• The attacker may know that certain plaintext patterns will appear in a
message.
o For example, a file that is encoded in the Postscript format always begins with the same
pattern or standardized header such html, etc

• With this knowledge, the attacker may be able to find the key based on the way
the known-plaintext is transformed.

[Link]
Attacker’s Capability: Chosen-Plaintext Attack
(CPA)
• The attacker can choose arbitrary plaintexts to be encrypted and obtain the
corresponding ciphertexts.
• Model this by considering attacker has access to encryption oracle.

m1, m2,..
Encrypt
Ek(…)
c1 = Ek(m1), c2 = Ek(m2),..
Attacker
Encryption Oracle

[Link]
Attacker’s Capability: Chosen-Plaintext Attack
(CPA)
• The attacker can choose and feed any plaintext, m to the oracle and obtain
the corresponding ciphertext, c (all encrypted with the same key).
• He can see the multiple ciphertext and analyse how different plaintext inputs
affect the ciphertext outputs.
• The attacker can access the oracle many times, as long as it is within the
attacker’s compute power.
Is CPA a
realistic
concern?
Reference: J. Katz & Y. Lindell, Introduction to Modern
Cryptography, 2nd ed. [Link]
Attacker’s Capability: Chosen-Plaintext Attack
(CPA)
• It has been shown that CPA is possible (link)

• Example:
o An attacker is typing on a terminal, which in turn encrypts and sends message using a key
shared with a remote server (and unknown to the attacker).
o Here the attacker exactly controls what gets encrypted and he maps the patterns to
ciphertext over multiple submissions.

Reference: J. Katz & Y. Lindell, Introduction to Modern

Cryptography, 2nd ed. [Link]
Attacker’s Capability: Chosen-Ciphertext Attack
(CCA2)
• Same as chosen plaintext attack, but here, the attacker chooses the ciphertext
and the black-box outputs the plaintext.
• We call the black-box a decryption oracle.

c1 = Ek(m1), c2 = Ek(m2),..
Decrypt
Dk(…)
m1, m2,..
Attacker Decryption Oracle

[Link]
Why assuming the Attacker has Decryption Oracle ?

• Isn’t it already “game over” if the attacker has a decryption oracle?

• There are practical scenarios where the attacker has access to a weaker form
of decryption oracle.
o We are going to see an example: Padding Oracle.
o There could be many different weaker forms of decryption oracle.
o If a cipher can defend against decryption oracle, then the cipher can defend against all other
weaker forms.

[Link]
Why assuming the Attacker has Decryption Oracle ?

• So, from the defender’s point of view

o It make sense to assume that the attacker has access to the decryption oracle
o We want a cipher that can protect against the attacker with the highest capability

• Unfortunately, many systems employ cipher that is only secure against CPA but
not CCA2.

[Link]
Summary

• Encryption is designed for confidentiality. (not necessary provides integrity,

although some do.)
• Attack model (aka threat model) defines classes of attacks to be prevent.
o Attacker’s goal: (in)distinguishability
o Capability & Info available: Ciphertext, plaintext, etc.

• Notion of Oracle to model the capability of the attack

o Encryption Oracle: this is practical, e.g. smart card, protocol
o Decryption Oracle. A special type: Padding Oracle.

[Link]