Computer Security

●
●
●

Computer security refers to protecting and securing computers and their related data,
networks, software, hardware from unauthorized access, misuse, theft, information loss, and
other security issues. The Internet has made our lives easier and has provided us with lots of
advantages but it has also put our system’s security at risk of being infected by a virus, of
being hacked, information theft, damage to the system, and much more.
Technology is growing day by day and the entire world is in its grasp. We cannot imagine
even a day without electronic devices around us. With the use of this growing technology,
invaders, hackers and thieves are trying to harm our computer’s security for monetary gains,
recognition purposes, ransom demands, bullying others, invading into other businesses,
organizations, etc. In order to protect our system from all these risks, computer security is
important.

Computer Security, also known as cybersecurity, refers to the practice of protecting

computer systems, networks, and data from unauthorized access, theft, damage, or disruption.
It ensures that systems and data maintain their confidentiality, integrity, and availability.

1. Introduction to Computer Security

Computer security aims to safeguard:

● Hardware: Physical devices like computers, servers, and storage devices.

● Software: Operating systems, applications, and utilities.
● Data: User data, organizational data, and confidential information.

It addresses various threats such as hacking, viruses, malware, and unauthorized access.

2. Need for Security

Computer security is essential for:

1. Protection of Data: Ensuring sensitive information is safe from theft or misuse.

2. Prevention of Unauthorized Access: Restricting access to authorized users only.
3. Business Continuity: Preventing cyberattacks that may disrupt operations.
4. Legal Compliance: Adhering to regulations like GDPR, HIPAA, or IT Act, 2000
(India).
5. Safeguarding Reputation: Avoiding reputational damage due to breaches.
3. Principles of Security
1. Confidentiality: Ensuring information is only accessible to authorized users.
2. Integrity: Protecting data from being altered without authorization.
3. Availability: Ensuring data and systems are available when needed.
4. Authentication: Verifying the identity of users or systems.
5. Authorization: Ensuring users have permission to access specific resources.
6. Non-repudiation: Preventing users from denying their actions.
7. Accountability: Logging and tracking activities for auditing purposes.

4. Types of Attacks
1. Active Attacks:
o Man-in-the-Middle (MITM): Intercepting communications between two
parties.
o Denial of Service (DoS)/Distributed Denial of Service (DDoS): Overloading
systems to disrupt services.
o Phishing: Deceptive emails to steal sensitive information.
o Malware: Viruses, worms, ransomware, etc.
o
2. Passive Attacks:
o Eavesdropping: Intercepting data without altering it.
o Traffic Analysis: Inferring information by analyzing communication patterns.
o
3. Insider Threats: Security breaches caused by trusted individuals.

4. Physical Attacks: Targeting physical infrastructure.

Principles of Security
The principles of security are fundamental concepts used to ensure data integrity,
confidentiality, and availability in any system. These principles are often summarized as the
CIA Triad:

1. Confidentiality: Ensures that sensitive information is accessible only to those

authorized to access it. Techniques include encryption and access control.
2. Integrity: Guarantees that data is accurate and has not been tampered with during
storage or transit. Techniques like checksums and hashing are used to verify integrity.
3. Availability: Ensures that authorized users can access information and resources
when needed. This includes measures to prevent system downtime due to attacks or
failures.

Additional principles:

● Authentication: Verifying the identity of users or systems.

● Authorization: Ensuring users have access only to the resources they are allowed to
use.
 ● Non-repudiation: Preventing parties from denying their actions (e.g., digital
signatures).
● Accountability: Tracking and logging actions performed by users or systems for
audit purposes.

Types of Attacks
Attacks on security can be classified broadly into two categories: Active and Passive.
1. Active Attacks
These involve attempts to alter or manipulate the data or systems directly. Examples include:

● Man-in-the-Middle (MITM): Intercepting and modifying communications between

two parties.
● Denial of Service (DoS)/Distributed Denial of Service (DDoS): Overloading
systems to make them unavailable.
● Malware: Viruses, worms, ransomware, and trojans designed to harm or steal data.
● Phishing: Deceiving users to reveal sensitive information.
● SQL Injection: Manipulating database queries through malicious inputs.

2. Passive Attacks
These involve monitoring or eavesdropping on communications without altering the data.
Examples include:

● Eavesdropping: Listening to or intercepting communications.

● Traffic Analysis: Analyzing metadata (e.g., sender/receiver identities) to infer
information.
● Shoulder Surfing: Observing user actions to gain information (e.g., PINs).

3. Insider Attacks
These are caused by trusted individuals misusing their access privileges, either intentionally
or unintentionally.
4. Physical Attacks
Targeting physical infrastructure like servers, storage devices, or networks.

Cryptography
Cryptography is the science of securing information by transforming it into an unreadable
format for unauthorized users. It is classified into the following categories:
1. Types of Cryptography

● Symmetric Key Cryptography:

o The same key is used for both encryption and decryption.
o Example: AES, DES.
● Asymmetric Key Cryptography:
o Uses a pair of keys: public (for encryption) and private (for decryption).
o Example: RSA, Elliptic Curve Cryptography (ECC).
● Hashing:
 o Converts data into a fixed-length hash value that cannot be reversed.
o Example: SHA-256, MD5.

2. Applications of Cryptography

● Encryption: Secures data in transit or at rest.

● Digital Signatures: Ensures authenticity and non-repudiation.
● Secure Communication Protocols: SSL/TLS for internet security.
● Blockchain: Uses cryptographic hashing to secure transaction records.

3. Common Cryptographic Techniques

● Substitution and Transposition Ciphers: Basic cryptographic techniques used in

classical cryptography.
● Key Management: Proper storage, distribution, and revocation of keys to ensure
security.
● Quantum Cryptography: Uses quantum mechanics principles to secure
communications.

1. Plain Text and Cipher Text

● Plain Text: The original, readable message or data that needs to be encrypted to
protect its confidentiality.
o Example: "HELLO"
● Cipher Text: The encrypted version of the plain text that is unreadable without
decryption.
o Example (using Caesar Cipher): "KHOOR"

Encryption is the process of converting plain text into cipher text, while decryption is the
reverse process.

2. Substitution Techniques
Substitution techniques replace elements of the plain text with corresponding elements from a
predefined set of rules or key.
a. Caesar Cipher

● One of the simplest substitution techniques.

● Each letter in the plain text is shifted by a fixed number of positions in the alphabet.
o Encryption Rule: C=(P+k)mod 26C = (P + k) \mod 26C=(P+k)mod26
▪ PPP: Position of the plain text letter.
▪ kkk: Shift value (key).
▪ CCC: Position of the cipher text letter.
o Example: For k=3k = 3k=3:
▪ Plain text: "HELLO"
▪ Cipher text: "KHOOR"
● Decryption Rule: P=(C−k)mod 26P = (C - k) \mod 26P=(C−k)mod26
b. Mono-alphabetic Cipher

● Each letter of the plain text is substituted with another letter based on a key mapping.
● Example:
o Key: A→Q,B→W,C→E,…A \to Q, B \to W, C \to E, \
dotsA→Q,B→W,C→E,…
o Plain text: "HELLO"
o Cipher text: "ZEBBW"
● Unlike Caesar Cipher, it uses a random substitution for each letter, making it more
secure.

c. Polygram Substitution Cipher

● Instead of substituting single letters, this technique substitutes blocks of letters (n-
grams).
● Example:
o Block substitution rule: "TH" → "XY", "HE" → "PQ"
o Plain text: "THE CAT"
o Cipher text: "XYP QXZ"

3. Encryption and Decryption

● Encryption: The process of converting plain text into cipher text using an algorithm
and a key.
o Example (Symmetric Encryption):
▪ Plain text: "DATA"
▪ Encryption key: "SECRET"
▪ Cipher text: "FTWXP"
● Decryption: The reverse process of converting cipher text back into plain text using a
key and algorithm.
o Example:
▪ Cipher text: "FTWXP"
▪ Decryption key: "SECRET"
▪ Plain text: "DATA"

4. Symmetric and Asymmetric Key Cryptography

a. Symmetric Key Cryptography

● A single key is used for both encryption and decryption.

● It is faster and suitable for large data encryption.
● Examples:
o Algorithms: AES, DES, 3DES.
o Use Cases: File encryption, database encryption.
b. Asymmetric Key Cryptography

● Uses a pair of keys:

o Public Key: Used for encryption.
o Private Key: Used for decryption.
● More secure but slower than symmetric cryptography.
● Examples:
o Algorithms: RSA, ECC.
o Use Cases: Digital signatures, secure email, SSL/TLS.

Steganography Overview
Steganography is the practice of concealing a secret message within another non-secret
message, file, image, or other medium such that the presence of the hidden information is not
apparent. Unlike cryptography, which focuses on making the content of the message
unreadable, steganography aims to hide the fact that a message even exists.

1. Key Concepts in Steganography

● Cover Medium: The original, non-secret file or data in which the hidden information is
embedded (e.g., image, video, audio, text).
● Payload: The secret message or data to be hidden.
● Stego Medium: The result of embedding the payload within the cover medium.
● Embedding: The process of hiding the payload within the cover medium.
● Extraction: Retrieving the hidden payload from the stego medium.

2. Types of Steganography
a. Text Steganography

● Hiding data within text files by manipulating:

o White spaces, font formatting, or letter arrangement.
o Example: Using the first letter of each word to spell out a secret message.

b. Image Steganography

● Hiding data within digital images by altering the pixel values.

o Least Significant Bit (LSB): The most common technique where the least significant
bit of each pixel is modified to encode the hidden message.
o Example: An image file is altered in such a way that the visual differences are
imperceptible to the human eye.

c. Audio Steganography

● Embedding data within audio files like MP3 or WAV by modifying:

o Frequency, amplitude, or phase of the sound wave.
o Example: Altering inaudible parts of audio signals to hide the payload.
d. Video Steganography

● Concealing information within video files by manipulating frames, colors, or metadata.

o Example: Hiding text within specific frames of a video file.

e. Network Steganography

● Hiding data within network protocols or traffic patterns.

o Example: Encoding a message in the timing or size of data packets.

Overview of Symmetric Key Cryptography

Symmetric Key Cryptography is a type of encryption where the same key is used for both
encryption and decryption. It is widely used for secure communication due to its efficiency
and speed.

Key Features of Symmetric Key Cryptography

1. Single Key Usage: Both the sender and the receiver share the same secret key.
2. High Speed: Encryption and decryption processes are computationally efficient.
3. Confidentiality: Ensures data security as long as the key remains secret.
4. Vulnerability: If the key is compromised, the security of the data is lost.

Applications

● Secure file storage.

● VPNs for secure data transfer.
● Secure Socket Layer (SSL) for encrypted internet communication.

1. Data Encryption Standard (DES)

The Data Encryption Standard is a block cipher, meaning a cryptographic key and algorithm are
applied to a block of data simultaneously rather than one bit at a time. To encrypt a plaintext message,
DES groups it into 64-bit blocks.

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is
64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64
bits of the key are not used by the encryption algorithm (function as check bits only).

Feistel Cipher model is a structure or a design used to develop many block ciphers such
as DES.

How does DES work?

DES uses the same key to encrypt and decrypt a message, so both the sender and
the receiver must know and use the same private key.
DES was once the go-to, symmetric key algorithm for the encryption of electronic
data, but it has been superseded by the more secure Advanced Encryption Standard
(AES) algorithm.

DES is one of the earliest symmetric key encryption algorithms developed by IBM in the
1970s and adopted as a standard by the U.S. government.
Key Features of DES

1. Block Cipher: Operates on 64-bit blocks of data.

2. Key Length: Uses a 56-bit key (effective length) and 8 bits for parity, making it a total of 64
bits.
3. Structure: Based on the Feistel Network, which divides data into two halves and processes
them through multiple rounds.
4. Rounds: DES performs 16 rounds of encryption.
5. Substitution and Permutation: DES uses substitution (S-boxes) and permutation (P-boxes)
for confusion and diffusion.

Steps of DES

1. Initial Permutation: Rearranges the bits of the plaintext.

2. 16 Rounds of Processing:
o Key generation for each round.
o Mixing of the key with data.
o Substitution and permutation operations.
3. Final Permutation: Produces the 64-bit ciphertext.

1617158

Sneha

EAFGJ

Advantages of DES

● Simple and easy to implement.

● Suitable for hardware implementations.

Disadvantages of DES

● Vulnerable to brute-force attacks due to the small key size.

● Replaced by more secure algorithms like AES (Advanced Encryption Standard).

2. International Data Encryption Algorithm (IDEA)

IDEA is a symmetric encryption algorithm developed in 1991 by Xuejia Lai and James
Massey. It is designed to overcome the limitations of DES.
The International Data Encryption Algorithm (IDEA) is a symmetric-key block
cipher that was first introduced in 1991.

It was designed to provide secure encryption for digital data and is used in a
variety of applications, such as secure communications, financial transactions, and
electronic voting systems.

In cryptography, block ciphers are very important in the designing of many

cryptographic algorithms and are widely used to encrypt the bulk of data in
chunks.

By chunks, it means that the cipher takes a fixed size of the plaintext in the
encryption process and generates a fixed-size ciphertext using a fixed-length key.

An algorithm’s strength is determined by its key length.

What is IDEA?

IDEA uses a block cipher with a block size of 64 bits and a key size of 128 bits. It
uses a series of mathematical operations, including modular arithmetic, bit shifting,
and exclusive OR (XOR) operations, to transform the plaintext into ciphertext.
The cipher is designed to be highly secure and resistant to various types of attacks,
including differential and linear cryptanalysis.
One of the strengths of IDEA is its efficient implementation in software and
hardware.
The algorithm is relatively fast and requires only a small amount of memory and
processing power. This makes it a popular choice for use in embedded systems and
other applications where resources are limited.

Key Features of IDEA

1. Block Cipher: Operates on 64-bit blocks of data.

2. Key Length: Uses a 128-bit key, making it more resistant to brute-force attacks than DES.
3. Structure: Based on a mix of mathematical operations such as XOR, modular addition, and
multiplication.
4. Rounds: IDEA consists of 8.5 rounds of encryption.

Steps of IDEA

1. Input Division: The plaintext is divided into 64-bit blocks.

2. Subkey Generation: The 128-bit key is divided into smaller subkeys used in each round.
3. Round Operations:
o XOR, addition, and multiplication operations are applied to mix the data.
4. Final Transformation: Combines the intermediate results to produce the ciphertext.
Advantages of IDEA

● Stronger encryption than DES due to its 128-bit key.

● Resistant to differential and linear cryptanalysis.

Disadvantages of IDEA

● Slower compared to DES in some implementations.

● Requires more computational resources.

Comparison of DES and IDEA

Feature DES IDEA
Block Size 64 bits 64 bits
Key Size 56 bits 128 bits
Combination of
Structure Feistel Network
operations
Rounds 16 8.5
Vulnerable to brute
Security Stronger encryption
force
Performan
Faster Slower but more secure
ce

Conclusion

● Symmetric key cryptography, including DES and IDEA, plays a critical role in data security.
● DES, although ground breaking in its time, is now considered insecure and has been replaced
by more advanced algorithms.
● IDEA, with its longer key length and robust structure, offers better security and is suitable for
modern cryptographic applications.