NOTES

U20CS844 – CYBER SECURITY
UNIT I INTRODUCTION TO NUMBER THEORY
Finite Fields and Number Theory: Modular arithmetic, Euclidian Algorithm,

Primality Testing: Fermat’s and Eulers theorem, Chinese Reminder theorem,
Discrete Logarithms
FINITE FIELDS AND NUMBER THEORY:

KEY POINTS
◆Modular arithmetic is a kind of integer arithmetic that reduces all numbers to one o
f a fixed set [0, . . . , n - 1] for some number n. Any integer outside
this range is reduced to one in this range by taking the remainder after division by n.
◆ The greatest common divisor of two integers is the largest positive integer
that exactly divides both integers.
◆ A field is a set of elements on which two arithmetic operations (addition and
multiplication) have been defined and which has the properties of ordinary arithmetic,
such as closure, associativity, commutativity, distributivity, and
having both additive and multiplicative inverses.
◆Finite fields are important in several areas of cryptography. A finite field is simply
a field with a finite number of elements. It can be shown that the
order of a finite field (number of elements in the field) must be a power of
a prime pn, where n is a positive integer.
◆Finite fields of order p can be defined using arithmetic mod p.
◆ Finite fields of order pn, for n > 1, can be defined using arithmetic
over polynomials.
MODULAR ARITHMETIC:
Modular arithmetic is the branch of arithmetic mathematics related with the “mod”
functionality. Basically, modular arithmetic is related with computation of “mod”
of expressions. Expressions may have digits and computational symbols of
addition, subtraction, multiplication, division or any other. Here we will discuss
briefly about all modular arithmetic operations.
Quotient Remainder Theorem:
It states that, for any pair of integers a and b (b is positive), there exist two unique
integers q and r such that:
a = b x q + r where 0 <= r < b
Example: If a = 20, b = 6 then q = 3, r = 2 20 = 6 x 3 + 2
Modular Addition:
Rule for modular addition is:
(a + b) mod m = ((a mod m) + (b mod m)) mod m
Example:
(15 + 17) % 7
= ((15 % 7) + (17 % 7)) % 7
= (1 + 3) % 7
=4%7
=4
The same rule is to modular subtraction. We don’t require much modular
subtraction but it can also be done in the same way.
Modular Multiplication:
The Rule for modular multiplication is:
(a x b) mod m = ((a mod m) x (b mod m)) mod m
Example:
(12 x 13) % 5
= ((12 % 5) x (13 % 5)) % 5
= (2 x 3) % 5
=6%5
=1
Modular Division:
The modular division is totally different from modular addition, subtraction and
multiplication. It also does not exist always.
(a / b) mod m is not equal to ((a mod m) / (b mod m)) mod m.
This is calculated using the following formula:
(a / b) mod m = (a x (inverse of b if exists)) mod m
Modular Inverse:
The modular inverse of a mod m exists only if a and m are relatively prime i.e.
gcd(a, m) = 1. Hence, for finding the inverse of an under modulo m, if (a x b) mod
m = 1 then b is the modular inverse of a.
Example: a = 5, m = 7 (5 x 3) % 7 = 1 hence, 3 is modulo inverse of 5 under 7.
Modular Exponentiation:
Finding a^b mod m is the modular exponentiation. There are two approaches for
this – recursive and iterative. Example:
a = 5, b = 2, m = 7
(5 ^ 2) % 7 = 25 % 7 = 4
There is often a need to efficiently calculate the value of x n mod m. This can be
done in O(logn) time using the following recursion:
It is important that in the case of an even n, the value of x n/2 is calculated only once.
This guarantees that the time complexity of the algorithm is O(logn) because n is
always halved when it is even.
EUCLIDIAN ALGORITHM:
The Euclidean algorithm is a way to find the greatest common divisor of two
positive integers. GCD of two numbers is the largest number that divides both of
them. A simple way to find GCD is to factorize both numbers and multiply
common prime factors.
The Algorithm
The Euclidean Algorithm for finding GCD(A,B) is as follows:
• If A = 0 then GCD(A,B)=B, since the GCD(0,B)=B, and we can stop.

• If B = 0 then GCD(A,B)=A, since the GCD(A,0)=A, and we can stop.
• Write A in quotient remainder form (A = B⋅Q + R)
• Find GCD(B,R) using the Euclidean Algorithm since GCD(A,B) = GCD(B,R)
PRIMALITY TESTING: FERMATS AND EULERS THEOREM
FERMAT’S AND EULER’S THEOREMS

Two theorems that play important roles in public-key cryptography are Fermat’s
theorem and Euler’s theorem.
Fermat’s Theorem
Fermat’s theorem states the following: If p is prime and a is a positive integer not
divisible by p, then
Proof: Consider the set of positive integers less than p: {1, 2, ......., p - 1} and
multiply each element by a, modulo p, to get the set X = {a mod p, 2a mod
p, ..... , (p - 1)a mod p}. None of the elements of X is equal to zero
because p does not divide a. Furthermore, no two of the integers in X are equal. To s
ee this, assume that ja == ka (mod p)), where 1 <= j < k <= p - 1. Because a is
relatively
prime5 to p, we can eliminate a from both sides of the equation [see Equation (4.3)]
resulting in j === k (mod p). This last equality is impossible, because j and k are both
positive integers less than p. Therefore, we know that the (p - 1) elements of X are
all positive integers with no two elements equal. We can conclude the X consists of
the set of integers {1, 2, . . . . , p - 1} in some order. Multiplying the numbers in both
sets (p and X) and taking the result mod p yields
EULER’S THEOREM:
Euler’s theorem states that for every a and n that are relatively prime:
Proof: Equation (8.4) is true if n is prime, because in that case, ϕ(n) = (n - 1) an

d Fermat’s theorem holds. However, it also holds for any integer n. Recall
that f(n) is the number of positive integers less than n that are relatively prime to n.
Consider the set of such integers, labeled as
R = {x1, x2, ...... , xϕ(n)}
That is, each element xi is a unique positive integer less than n with
gcd(xi, n) = 1. Now multiply each element by a, modulo n:
S = {(ax1 mod n), (ax2 mod n), ....., (axϕ(n) mod n)}
The set S is a permutation6 of R, by the following line of reasoning:
Because a is relatively prime to n and xi is relatively prime to n, axi must also be
relatively prime to n. Thus, all the members of S are integers that are less
than n and that are relatively prime to n.
There are no duplicates in S. Refer to Equation (4.5). If axi mod n = axj mod n,
then xi = xj.
Therefore,
which completes the proof. This is the same line of reasoning applied to the proof of
Fermat’s theorem.
CHINESE REMINDER THEOREM:

We are given two arrays num[0..k-1] and rem[0..k-1]. In num[0..k-1], every pair is
coprime (gcd for every pair is 1). We need to find minimum positive number x
such that:
x % num[0] = rem[0],
x % num[1] = rem[1],
.......................
x % num[k-1] = rem[k-1]
Basically, we are given k numbers which are pairwise coprime, and given
remainders of these numbers when an unknown number x is divided by them. We
need to find the minimum possible value of x that produces given remainders.
Chinese Remainder Theorem states that there always exists an x that satisfies
given congruences.
Let num[0], num[1], …num[k-1] be positive integers that are pairwise coprime.
Then, for any given sequence of integers rem[0], rem[1], … rem[k-1], there exists
an integer x solving the following system of simultaneous congruences
EXAMPLE:
DISCRETE LOGARITHMS:
Given three integers a, b and m. Find an integer k such that where a and m are
relatively prime. If it is not possible for any k to satisfy this relation, print -1.
Examples:
A Naive approach is to run a loop from 0 to m to cover all possible values of k

and check for which value of k, the above relation satisfies. If all the values of k
exhausted, print -1. Time complexity of this approach is O(m)
An efficient approach is to use baby-step, giant-step algorithm by using meet in
the middle trick.
UNIT II CRYPTOGRAPHIC TECHNIQUES
Symmetric key cryptographic techniques: Introduction to Stream cipher, Block

cipher: DES, AES, IDEA Asymmetric key cryptographic techniques: principles,
RSA, ElGamal, Elliptic Curve cryptography, Key distribution and Key exchange
protocols.
SYMMETRIC KEY CRYPTOGRAPHIC TECHNIQUES:

It is an encryption system where the sender and receiver of message use a
single common key to encrypt and decrypt messages. Symmetric Key Systems are
faster and simpler but the problem is that sender and receiver have to somehow
exchange key in a secure manner. The most popular symmetric key cryptography
system are Data Encryption System(DES) and Advanced Encryption
System(AES).
Introduction to Stream cipher:
In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits
are encrypted at a time.
Initially, a key(k) will be supplied as input to pseudorandom bit generator and then
it produces a random 8-bit output which is treated as keystream.
The resulted keystream will be of size 1 byte, i.e., 8 bits.
1. Stream Cipher follows the sequence of pseudorandom number stream.
2. One of the benefits of following stream cipher is to make cryptanalysis
more difficult, so the number of bits chosen in the Keystream must be
long in order to make cryptanalysis more difficult.
3. By making the key longer it is also safe against brute force attacks.
4. The longer the key the stronger security is achieved, preventing any
attack.
5. Keystream can be designed more efficiently by including more number
of 1s and 0s, for making cryptanalysis more difficult.
6. Considerable benefit of a stream cipher is, it requires few lines of code
compared to block cipher.
ENCRYPTION:
For Encryption,
• Plain Text and Keystream produces Cipher Text (Same keystream will be
used for decryption.).
• The Plaintext will undergo XOR operation with keystream bit-by-bit and
produces the Cipher Text.
Example –
Plain Text : 10011001
Keystream : 11000011
`````````````````````
Cipher Text : 01011010
DECRYPTION:
For Decryption,
• Cipher Text and Keystream gives the original Plain Text (Same
keystream will be used for encryption.).
• The Ciphertext will undergo XOR operation with keystream bit-by-bit
and produces the actual Plain Text.
Example –
Cipher Text : 01011010
Keystream : 11000011
``````````````````````
Plain Text : 10011001
BLOCK CIPHER:
Encryption algorithms are divided into two categories based on the input type, as
a block cipher and stream cipher. Block cipher is an encryption algorithm that
takes a fixed size of input say b bits and produces a ciphertext of b bits again. If
the input is larger than b bits it can be divided further. For different applications
and uses, there are several modes of operations for a block cipher.
Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier
because of direct encryption of each block of input plaintext and output is in form
of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in
size, it can be broken down into a bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:
What is DES?
Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has
played a significant role in data security. Data encryption standard (DES) has been
found vulnerable to very powerful attacks therefore, the popularity of DES has
been found slightly on the decline. DES is a block cipher and encrypts data in
blocks of size of 64 bits each, which means 64 bits of plain text go as the input to
DES, which produces 64 bits of ciphertext. The same algorithm and key are used
for encryption and decryption, with minor differences. The key length is 56 bits.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the
original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution
(also called confusion) and transposition (also called diffusion). DES consists of
16 steps, each of which is called a round. Each round performs the steps of
substitution and transposition. Let us now discuss the broad-level steps in DES.
• In the first step, the 64-bit plain text block is handed over to an
initial Permutation (IP) function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the permuted
block; saying Left Plain Text (LPT) and Right Plain Text (RPT).
• Now each LPT and RPT go through 16 rounds of the encryption
process.
• In the end, LPT and RPT are rejoined and a Final Permutation (FP) is
performed on the combined block
• The result of this process produces 64-bit ciphertext.
Initial Permutation (IP)

As we have noted, the initial permutation (IP) happens only once and it happens
before the first round. It suggests how the transposition in IP should proceed, as
shown in the figure. For example, it says that the IP replaces the first bit of the
original plain text block with the 58th bit of the original plain text, the second bit
with the 50th bit of the original plain text block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the
same rule applies to all the other bit positions shown in the figure.
ADVANCED ENCRYPTION STANDARD (AES)

Advanced Encryption Standard (AES) is a specification for the encryption of
electronic data established by the U.S National Institute of Standards and
Technology (NIST) in 2001. AES is widely used today as it is a much stronger
than DES and triple DES despite being harder to implement.
Points to remember
• AES is a block cipher.
• The key size can be 128/192/256 bits.
• Encrypts data in blocks of 128 bits each.
That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text
as output. AES relies on substitution-permutation network principle which means
it is performed using a series of linked operations which involves replacing and
shuffling of the input data.
Working of the cipher:
AES performs operations on bytes of data rather than in bits. Since the block size
is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows:
• 128 bits key – 10 rounds
Creation of Round keys:
A Key Schedule algorithm is used to calculate all the round keys from the key.
So, the initial key is used to create many different round keys which will be used
in the corresponding round of the encryption.
Encryption:
AES considers each block as a 16-byte (4 byte x 4 byte = 128) grid in a column
major arrangement.
[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15]
Each round comprises of 4 steps:

• Sub Bytes
• Shift Rows
• Mix Columns
• Add Round Key
The last round doesn’t have the Mix Columns round.
The Sub Bytes does the substitution and Shift Rows and Mix Columns performs
the permutation in the algorithm.
Sub Bytes:
This step implements the substitution.
In this step each byte is substituted by another byte. Its performed using a lookup
table also called the S-box. This substitution is done in a way that a byte is never
substituted by itself and also not substituted by another byte which is a
compliment of the current byte. The result of this step is a 16 byte (4 x 4 ) matrix
like before.
The next two steps implement the permutation.
Shift Rows:
This step is just as it sounds. Each row is shifted a particular number of times.
• The first row is not shifted
• The second row is shifted once to the left.
• The third row is shifted twice to the left.
• The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15] [ b15 | b12 | b13 | b14 ]
Mix Columns:
This step is basically a matrix multiplication. Each column is multiplied with a
specific matrix and thus the position of each byte in the column is changed as a
result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]
Add Round Keys:

Now the resultant output of the previous stage is XOR-ed with the corresponding
round key. Here, the 16 bytes is not considered as a grid but just as 128 bits of
data.
After all these rounds 128 bits of encrypted data is given back as output. This
process is repeated until all the data to be encrypted undergoes this process.
Decryption:
The stages in the rounds can be easily undone as these stages have an opposite to
it which when performed reverts the changes. Each 128 blocks goes through the
10,12 or 14 rounds depending on the key size.
The stages of each round in decryption is as follows:
• Add round key
• Inverse Mix Columns
• Shift Rows
• Inverse Sub Byte
The decryption process is the encryption process done in reverse so i will explain
the steps with notable differences.
Inverse Mix Columns:
This step is similar to the Mix Columns step in encryption, but differs in the
matrix used to carry out the operation.
[ b0] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[b3] [11 13 9 14 ] [c3]
Inverse Sub Bytes:
Inverse S-box is used as a lookup table and using which the bytes are substituted
during decryption.
IDEA ASYMMETRIC KEY CRYPTOGRAPHIC TECHNIQUES:

Asymmetric encryption, also known as public-key cryptography, is a type
of encryption that uses a pair of keys to encrypt and decrypt data. The pair of
keys includes a public key, which can be shared with anyone, and a private key,
which is kept secret by the owner. In asymmetric encryption, the sender uses the
recipient’s public key to encrypt the data. The recipient then uses their private
key to decrypt the data. This approach allows for secure communication between
two parties without the need for both parties to have the same secret key.
Asymmetric encryption has several advantages over symmetric encryption, which
uses the same key for both encryption and decryption. One of the main
advantages is that it eliminates the need to exchange secret keys, which can be a
challenging process, especially when communicating with multiple parties.
Additionally, asymmetric encryption allows for the creation of digital signatures,
which can be used to verify the authenticity of data. Asymmetric encryption is
commonly used in various applications, including secure online communication,
digital signatures, and secure data transfer. Examples of asymmetric encryption
algorithms include RSA, Diffie-Hellman, and Elliptic Curve Cryptography
(ECC). Asymmetric encryption, commonly known as public-key cryptography,
employs two distinct keys for encryption and decoding. The private key is a
separate key from the public key that is kept private by the owner of the public
key while the public key is made available to everyone. Anyone can encrypt a
message using the public key, but only the holder of the private key can unlock it.
With no chance of the communication being intercepted and read by a third party,
anyone can send a secure message to the public key’s owner. Asymmetric
encryption is frequently used for secure internet communication, including email
encryption, e-commerce, and online banking. Digital signatures, which are used
to confirm the legitimacy of digital documents and messages, are another
application for it.
RSA
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually
means that it works on two different keys i.e. Public Key and Private Key. As the
name describes that the Public Key is given to everyone and the Private key is kept
private.
An example of asymmetric cryptography:
1. A client (for example browser) sends its public key to the server and
requests some data.
2. The server encrypts the data using the client’s public key and sends the
encrypted data.
3. The client receives this data and decrypts it.
Since this is asymmetric, nobody else except the browser can decrypt the data even
if a third party has the public key of the browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a
large integer. The public key consists of two numbers where one number is a
multiplication of two large prime numbers. And private key is also derived from
the same two prime numbers. So, if somebody can factorize the large number, the
private key is compromised. Therefore, encryption strength totally lies on the key
size and if we double or triple the key size, the strength of encryption increases
exponentially. RSA keys can be typically 1024 or 2048 bits long, but experts
believe that 1024-bit keys could be broken in the near future. But till now it seems
to be an infeasible task.
ELGAMAL
ElGamal encryption is a public-key cryptosystem. It uses asymmetric key
encryption for communicating between two parties and encrypting the
message. This cryptosystem is based on the difficulty of finding discrete
logarithm in a cyclic group that is even if we know g a and gk, it is extremely
difficult to compute gak.
Idea of ElGamal cryptosystem:
Suppose Alice wants to communicate with Bob.
ELLIPTIC Curve cryptography:
Introduction to Elliptic Curve Cryptography
ECC, as the name implies, is an asymmetric encryption algorithm that employs

the algebraic architecture of elliptic curves with finite fields.
• Elliptic Curve Cryptography (ECC) is an encryption technology
comparable to RSA that enables public-key encryption.
• While RSA’s security is dependent on huge prime numbers, ECC
leverages the mathematical theory of elliptic curves to achieve the same
level of security with considerably smaller keys.
• Victor Miller and Neal Koblitz separately proposed elliptic curve
ciphers in the mid-1980s. On a high level, they are analogs of actual
public cryptosystems in which modular arithmetic is substituted by
elliptic curve operations
Components of Elliptic Curve Cryptography
Below are the components of elliptic curve cryptography:

1. ECC keys:
• Private key: ECC cryptography’s private key creation is as simple as
safely producing a random integer in a specific range, making it highly
quick. Any integer in the field represents a valid ECC private key.
• Public keys: Public keys within ECC are EC points, which are pairs of
integer coordinates x, and y that lie on a curve. Because of its unique
features, EC points can be compressed to a single coordinate + 1 bit
(odd or even). As a result, the compressed public key corresponds to a
256-bit ECC.
2. Generator Point:
• ECC cryptosystems establish a special pre-defined EC point called
generator point G (base point) for elliptic curves over finite fields,
which can generate any other position in its subgroup over the elliptic
curve by multiplying G from some integer in the range [0…r].
• The number r is referred to as the “ordering” of the cyclic subgroup.
• Elliptic curve subgroups typically contain numerous generator points,
but cryptologists carefully select one of them to generate the entire
group (or subgroup), and is excellent for performance optimizations in
calculations. This is the “G” generator.
ELLIPTIC CURVE CRYPTOGRAPHY ALGORITHMS
Based on the arithmetic of elliptic curves over finite fields, Elliptic-Curve

Cryptography (ECC) provides numerous sets of algorithms:
Digital signature algorithms:
• Elliptic Curve Digital Signature Algorithm. (ECDSA): ECDSA, or
Elliptic Curve Digital Signature Algorithm, is a more highly
complicated public-key cryptography encryption algorithm. Elliptic
curve cryptography is a type of public key cryptography that uses the
algebraic structure of elliptic curves with finite fields as its foundation.
Elliptic curve cryptography is primarily used to generate pseudo-
random numbers, digital signatures, and other data.
• Edwards-curve Digital Signature Algorithm (EdDSA): The
Edwards-curve Digital Signature Algorithm (EdDSA) was proposed as
a replacement for the Elliptic Curve Digital Signature Algorithm for
performing fast public-key digital signatures (ECDSA). Its primary
benefits for embedded devices are higher performance and simple,
secure implementations. During a signature, no branch or lookup
operations based on the secret values are performed. Many side-channel
attacks are foiled by these properties.
Encryption algorithms:
• Elliptic Curve Integrated Encryption Scheme (ECIES): ECIES is a
public-key authenticated encryption scheme that uses a KDF (key-
derivation function) to generate a separate Medium Access Control key
and symmetric encryption key from the ECDH shared secret. Because
the ECIES algorithm incorporates a symmetric cipher, it can encrypt
any amount of data. In practice, ECIES is used by standards such as
Intelligent Transportation Systems.
• EC-based ElGamal Elliptic Curve Cryptography: ElGamal Elliptic
Curve Cryptography is the public key cryptography equivalent of
ElGamal encryption schemes that employ the Elliptic Curve Discrete
Logarithm Problem. ElGamal is an asymmetric encryption algorithm
that is used to send messages securely over long distances.
Unfortunately, if the encrypted message is short enough, the algorithm
is vulnerable to a Meet in the Middle attack.
Key Agreement algorithm:
• Elliptic-curve Diffie–Hellman (ECDH): Elliptic-curve Diffie-Hellman
(ECDH) is a key agreement protocol that enables two parties to
establish a shared secret over an insecure channel, each with an elliptic-
curve public-private key pair. This shared secret can be used directly as
a key or to generate another key. Following that, the key, or the derived
key, can be used to encrypt subsequent communications with a
symmetric-key cipher.
• Fully Hashed Menezes-Qu-Vanstone (FHMQV): Fully Hashed
Menezes-Qu-Vanstone is an authenticated key agreement protocol
based on the Diffie-Hellman scheme. MQV, like other authenticated
Diffie-Hellman schemes, protects against an active attacker. The
protocol can be adapted to work in any finite group, most notably
elliptic curve groups, in which it is recognized as elliptic curve MQV
(ECMQV).
KEY DISTRIBUTION AND KEY EXCHANGE PROTOCOLS:
In cryptography, it is a very tedious task to distribute the public and private keys
between sender and receiver. If the key is known to the third party
(forger/eavesdropper) then the whole security mechanism becomes worthless. So,
there comes the need to secure the exchange of keys.
There are two aspects for Key Management:
1. Distribution of public keys.
2. Use of public-key encryption to distribute secrets.
Distribution of Public Key:
The public key can be distributed in four ways:
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.
These are explained as following below:
1. Public Announcement: Here the public key is broadcasted to everyone. The
major weakness of this method is a forgery. Anyone can create a key claiming to
be someone else and broadcast it. Until forgery is discovered can masquerade as
claimed user.
2. Publicly Available Directory: In this type, the public key is stored in a public
directory. Directories are trusted here, with properties like Participant
Registration, access and allow to modify values at any time, contains entries like
{name, public-key}. Directories can be accessed electronically still vulnerable to
forgery or tampering.
3. Public Key Authority: It is similar to the directory but, improves security by
tightening control over the distribution of keys from the directory. It requires
users to know the public key for the directory. Whenever the keys are needed,
real-time access to the directory is made by the user to obtain any desired public
key securely.
4. Public Certification: This time authority provides a certificate (which binds
an identity to the public key) to allow key exchange without real-time access to
the public authority each time. The certificate is accompanied by some other info
such as period of validity, rights of use, etc. All of this content is signed by the
private key of the certificate authority and it can be verified by anyone possessing
the authority’s public key.
First sender and receiver both request CA for a certificate which contains a public
key and other information and then they can exchange these certificates and can
start communication.
UNIT III INTEGRITY AND AUTHENTICATION

Hash functions, Secure Hash Algorithm (SHA)Message Authentication,
Message Authentication Code (MAC), Digital Signature Algorithm: RSA ElGamal
based
Hash functions:
Hashing is the process of generating a value from a text or a list of numbers

using a mathematical function known as a hash function.
A Hash Function is a function that converts a given numeric or alphanumeric
key to a small practical integer value. The mapped integer value is used as an
index in the hash table. In simple terms, a hash function maps a significant
number or string to a small integer that can be used as the index in the hash table.
The pair is of the form (key, value), where for a given key, one can find a value
using some kind of a “function” that maps keys to values. The key for a given
object can be calculated using a function called a hash function. For example,
given an array A, if i is the key, then we can find the value by simply looking up
A[i].
Types of Hash functions
There are many hash functions that use numeric or alphanumeric keys. This
article focuses on discussing different hash functions:
1. Division Method.
2. Mid Square Method.
3. Folding Method.
4. Multiplication Method.
Let’s begin discussing these methods in detail.
1. Division Method:
This is the most simple and easiest method to generate a hash value. The hash
function divides the value k by M and then uses the remainder obtained.
Formula:
h(K) = k mod M
Here,
k is the key value, and
M is the size of the hash table.
It is best suited that M is a prime number as that can make sure the keys are more
uniformly distributed. The hash function is dependent upon the remainder of a
division.
Example:
k = 12345
M = 95
h(12345) = 12345 mod 95
= 90
k = 1276
M = 11
h(1276) = 1276 mod 11
=0
Pros:
1. This method is quite good for any value of M.
2. The division method is very fast since it requires only a single division
operation.
Cons:
1. This method leads to poor performance since consecutive keys map to
consecutive hash values in the hash table.
2. Sometimes extra care should be taken to choose the value of M.
2. Mid Square Method:
The mid-square method is a very good hashing method. It involves two steps to
compute the hash value-
1. Square the value of the key k i.e. k2
2. Extract the middle r digits as the hash value.
Formula:
h(K) = h(k x k)
Here,
k is the key value.
The value of r can be decided based on the size of the table.
Example:
Suppose the hash table has 100 memory locations. So r = 2 because two digits are
required to map the key to the memory location.
k = 60
k x k = 60 x 60
= 3600
h(60) = 60
The hash value obtained is 60
Pros:
1. The performance of this method is good as most or all digits of the key
value contribute to the result. This is because all digits in the key
contribute to generating the middle digits of the squared result.
2. The result is not dominated by the distribution of the top digit or bottom
digit of the original key value.
Cons:
1. The size of the key is one of the limitations of this method, as the key is
of big size then its square will double the number of digits.
2. Another disadvantage is that there will be collisions but we can try to
reduce collisions.
3. Digit Folding Method:
This method involves two steps:
1. Divide the key-value k into a number of parts i.e. k1, k2, k3,….,kn,
where each part has the same number of digits except for the last part
that can have lesser digits than the other parts.
2. Add the individual parts. The hash value is obtained by ignoring the last
carry if any.
Formula:
k = k1, k2, k3, k4, ….., kn
s = k1+ k2 + k3 + k4 +….+ kn
h(K)= s
Here,
s is obtained by adding the parts of the key k
Example:
k = 12345
k1 = 12, k2 = 34, k3 = 5
s = k1 + k2 + k3
= 12 + 34 + 5
= 51
h(K) = 51
Note:
The number of digits in each part varies depending upon the size of the hash
table. Suppose for example the size of the hash table is 100, then each part must
have two digits except for the last part which can have a lesser number of digits.
4. Multiplication Method
This method involves the following steps:
1. Choose a constant value A such that 0 < A < 1.
2. Multiply the key value with A.
3. Extract the fractional part of kA.
4. Multiply the result of the above step by the size of the hash table i.e. M.
5. The resulting hash value is obtained by taking the floor of the result
obtained in step 4.
Formula:
h(K) = floor (M (kA mod 1))
Here,
M is the size of the hash table.
k is the key value.
A is a constant value.
Example:
k = 12345
A = 0.357840
M = 100
h(12345) = floor[ 100 (12345*0.357840 mod 1)]
= floor[ 100 (4417.5348 mod 1) ]
= floor[ 100 (0.5348) ]
= floor[ 53.48 ]
= 53
Pros:
The advantage of the multiplication method is that it can work with any value
between 0 and 1, although there are some values that tend to give better results
than the rest.
Cons:
The multiplication method is generally suitable when the table size is the power
of two, then the whole process of computing the index by the key using
multiplication hashing is very fast.
SECURE HASH ALGORITHM (SHA)MESSAGE
AUTHENTICATION:
SHA Introduction
Secure Hashing Algorithm, or SHA. Data and certificates are hashed with SHA, a
modified version of MD5. By using bitwise operations, modular additions, and
compression functions, a hashing algorithm reduces the input data into a smaller
form that is impossible to comprehend. Can hashing be cracked or decrypted, you
may wonder? The main distinction between hashing and encryption is that hashing
is one-way; once data has been hashed, the resultant hash digest cannot be decrypted
unless a brute force assault is applied. See the illustration below to see how the SHA
algorithm functions.
SHA is designed to provide a different hash even if only one character in the message
changes. As an illustration, consider combining the themes Heaven and Heaven Is
Different. The only difference between a capital and tiny letter, though, is size
The first message is hashed using SHA-1 to get the hash digest
"06b73bd57b3b938786daed820cb9fa4561bf0e8e". The hash digest for the second,
analogous message will look like "66da9f3b8d9d83f34770a14c38276a69433a535b"
if it is hashed with SHA-1. The avalanche effect is what is known for this. This
phenomenon is crucial for cryptography since it implies that even the smallest
alteration to the message being entered entirely alters the output. As a result,
attackers won't be able to decipher what the hash digest initially said or determine
whether the message was altered while in route and inform the message's recipient.
SHAs can aid in identifying any modifications made to an original message. A user
can determine whether even one letter has been altered by consulting the original
hash digest since the hash digests will be entirely different. The fact that SHAs are
deterministic is one of their key features. This implies that any machine or user may
reproduce the hash digest if they know the hash algorithm that was used. Every SSL
certificate on the Internet must have been hashed with the SHA-2 procedure because
of the determinism of SHAs.
Different Types of SHA
Numerous SHA variants are mentioned while discussing SHA forms. There are only
two kinds of SHA-SHA-1 and SHA-2-but they go by several names, such as SHA-
1, SHA-2, SHA-256, SHA-512, SHA-224, and SHA-384. The other higher numbers,
such as SHA-256, are merely SHA-2 variants that include information on the bit
lengths of SHA-2. The first secure hashing algorithm was SHA-1, which produced
a 160-bit hash digest as a result of hashing. Can SHA-2 be cracked like SHA-1, one
may wonder? Yes, it is the solution. SHA-1 is easier to brute force than SHA-2
because to the shorter length of the hash digest, however SHA-2 can also be done.
Due to the limited amount of possible combinations that can be made with 160 bits,
another problem with SHA-1 is that it can provide the same hash digest for two
distinct values. All certificates must utilize SHA-2 since it provides each digest with
a unique value under SHA-2.
SHA-2 can generate hash digests with bit lengths ranging from 256 to 512, giving
each one a fully unique result. When two values have the same hash digest, collisions
happen. Because SHA-1 is prone to collisions, it is simpler for attackers to find two
digests that match and reconstitute the original plaintext. Since 2016, SHA-2, which
is far more secure than SHA-1, has been needed in all digital signatures and
certificates. The most secure hash method is SHA-2 since common assaults like
brute force attacks can take years or even decades to decrypt the hash digest.
Why and How SHA is used?
Secure Hashing Algorithms (SHAs), as was already noted, are used for a variety of
purposes and must be included in all digital signatures and certificates for SSL/TLS
connections. SHAs are also used by programs like IPsec, SSH, and S-MIME (Secure
/ Multipurpose Internet Mail Extensions). Additionally, passwords are hashed using
SHAs so that the server only has to remember the hashes and not the actual
passwords. As a result, if a database holding all the hashes were stolen, an attacker
would not only lack direct access to all the plaintext passwords but would also need
to figure out how to break the hashes in order to utilize the passwords. SHAs can
also serve as markers for the consistency of a file.
Now that we are aware of the purposes of SHAs, we must ask ourselves: why would
anyone ever employ a Secure Hashing Algorithm? Their capacity to repel invaders
is a frequent justification. Although some techniques, such as brute force assaults,
can disclose the plaintext of the hash digests, SHAs make these strategies very
challenging. A basic password may deter many attackers since a password encoded
by a SHA-2 algorithm might take years or even decades to crack. The distinctness
of each hash digest is another justification for using SHAs. The hash digest might
be totally altered by changing just one word in a message if SHA-2 is used since
there are likely to be few to no collisions.
The Secure Hashing Algorithm cannot be broken by the attacker since there are few
or no collisions, making it difficult to identify a pattern. These are only a few
explanations for why SHA is employed so frequently.
The Prospects for Hashing
SHA-2 is now the industry standard for hashing algorithms, although SHA-3 may
eventually overtake it. The NIST, which also developed SHA-1 and SHA-2,
produced SHA-3 in 2015; but, for a variety of reasons, it was not adopted as the
industry standard. Since most businesses were transitioning from SHA-1 to SHA-2
at the time of SHA-3's introduction, it did not make sense to convert to SHA-3
immediately away while SHA-2 was still quite secure. Additionally, SHA-3 was
perceived as being slower than SHA-2, albeit this is not entirely accurate. Although
SHA-3 is slower on the software side than SHA-1 and SHA-2, it is substantially
quicker on the hardware side and gets faster every year.
MESSAGE AUTHENTICATION CODE (MAC):

Apart from intruders, the transfer of message between two people also faces
other external problems like noise, which may alter the original message
constructed by the sender. To ensure that the message is not altered there’s this
cool method MAC.
MAC stands for Message Authentication Code. Here in MAC, sender and
receiver share same key where sender generates a fixed size output called
Cryptographic checksum or Message Authentication code and appends it to the
original message. On receiver’s side, receiver also generates the code and
compares it with what he/she received thus ensuring the originality of the
message. These are components:
• Message
• Key
• MAC algorithm
• MAC value
There are different types of models Of Message Authentication Code (MAC) as
following below:
MAC without encryption –
This model can provide authentication but not confidentiality as anyone can see
the message.
Internal Error Code –
In this model of MAC, sender encrypts the content before sending it through
network for confidentiality. Thus, this model provides confidentiality as well as
authentication.
M' = MAC (M, k)
External Error Code –

For cases when there is an alteration in message, we decrypt it for waste, to
overcome that problem, we opt for external error code. Here we first apply MAC
on the encrypted message ‘c’ and compare it with received MAC value on the
receiver’s side and then decrypt ‘c’ if they both are same, else we simply discard
the content received. Thus, it saves time.
c = E (M, k')
M' = MAC (c, k)
Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature of
operation −
• Establishment of Shared Secret.
o It can provide message authentication among pre-decided legitimate
users who have shared key.
o This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a message originator cannot deny
any previously sent messages and commitments or actions.
o MAC technique does not provide a non-repudiation service. If the
sender and receiver get involved in a dispute over message origination,
MACs cannot provide a proof that a message was indeed sent by the
sender.
o Though no third party can compute the MAC, still sender could deny
having sent the message and claim that the receiver forged it, as it is
impossible to determine which of the two parties computed the MAC.
DIGITAL SIGNATURE ALGORITHM:
A digital signature is a mathematical technique which validates the

authenticity and integrity of a message, software or digital documents. It allows us
to verify the author’s name, date and time of signatures, and authenticate the message
contents. The digital signature offers far more inherent security and intended to solve
the problem of tampering and impersonation (Intentionally copy another person's
characteristics) in digital communications.
The computer-based business information authentication interrelates both

technology and the law. It also calls for cooperation between the people of different
professional backgrounds and areas of expertise. The digital signatures are different
from other electronic signatures not only in terms of process and result, but also it
makes digital signatures more serviceable for legal purposes. Some electronic
signatures that legally recognizable as signatures may not be secure as digital
signatures and may lead to uncertainty and disputes.
Application of Digital Signature
The important reason to implement digital signature to communication is:
o Authentication
o Non-repudiation
o Integrity
Authentication:
Authentication is a process which verifies the identity of a user who wants to access
the system. In the digital signature, authentication helps to authenticate the sources
of messages.
Non-repudiation:
Non-repudiation means assurance of something that cannot be denied. It ensures that

someone to a contract or communication cannot later deny the authenticity of their
signature on a document or in a file or the sending of a message that they originated.
Integrity:
Integrity ensures that the message is real, accurate and safeguards from unauthorized
user modification during the transmission.
Algorithms in Digital Signature:
A digital signature consists of three algorithms:
1. Key generation algorithm
The key generation algorithm selects private key randomly from a set of possible
private keys. This algorithm provides the private key and its corresponding public
key.
2. Signing algorithm
A signing algorithm produces a signature for the document.
3. Signature verifying algorithm
A signature verifying algorithm either accepts or rejects the document's authenticity.
How digital signatures work:
Digital signatures are created and verified by using public key cryptography, also
known as asymmetric cryptography. By the use of a public key algorithm, such as
RSA, one can generate two keys that are mathematically linked- one is a private key,
and another is a public key.
The user who is creating the digital signature uses their own private key to encrypt
the signature-related document. There is only one way to decrypt that document is
with the use of signer's public key.
This technology requires all the parties to trust that the individual who creates the
signature has been able to keep their private key secret. If someone has access the
signer's private key, there is a possibility that they could create fraudulent signatures
in the name of the private key holder.
The steps which are followed in creating a digital signature are:
1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or
file content is encrypted by using a private key of a sender to form the digital
signature.
3. Now, the original message or file content along with the digital signature is
transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original
computed message. The comparison needs to be the same for ensuring
integrity.
Types of Digital Signature:

Different document processing platform supports different types of
digital signature. They are described below:
Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top
of the document. The certified signature contains the name of the document signer
and the certificate issuer which indicate the authorship and authenticity of the
document.
Approval Signatures
The approval digital signatures on a document can be used in the organization's

business workflow. They help to optimize the organization's approval procedure.
The procedure involves capturing approvals made by us and other individuals and
embedding them within the PDF document. The approval signatures to include
details such as an image of our physical signature, location, date, and official seal.
Visible Digital Signature
The visible digital signature allows a user to sign a single document digitally. This
signature appears on a document in the same way as signatures are signed on a
physical document.
Invisible Digital Signature
The invisible digital signatures carry a visual indication of a blue ribbon within a
document in the taskbar. We can use invisible digital signatures when we do not
have or do not want to display our signature but need to provide the authenticity of
the document, its integrity, and its origin.
RSA ELGAMAL BASED:

ElGamal encryption is a public-key cryptosystem. It uses asymmetric key
encryption for communicating between two parties and encrypting the
message. This cryptosystem is based on the difficulty of finding discrete
logarithm in a cyclic group that is even if we know g a and gk, it is extremely
difficult to compute gak.
Idea of ElGamal cryptosystem:
Suppose Alice wants to communicate with Bob.
UNIT IV CYBERCRIMES AND CYBER
OFFENSES
Classification of cybercrimes, planning of attacks, social engineering: Human

based, Computer based: Cyber stalking, Cybercafe and Cybercrimes.
CLASSIFICATION OF CYBERCRIMES:
Cybercrime or a computer-oriented crime is a crime that includes a computer
and a network. The computer may have been used in the execution of a crime or
it may be the target. Cybercrime is the use of a computer as a weapon for
committing crimes such as committing fraud, identity theft, or breaching privacy.
Cybercrime, especially through the Internet, has grown in importance as the
computer has become central to every field like commerce, entertainment, and
government. Cybercrime may endanger a person or a nation’s security and
financial health. Cybercrime encloses a wide range of activities, but these can
generally be divided into two categories:
1. Crimes that aim at computer networks or devices. These types of crimes
involve different threats (like virus, bugs etc.) and denial-of-service
(DoS) attacks.
2. Crimes that use computer networks to commit other criminal activities.
These types of crimes include cyber stalking, financial fraud or identity
theft.
Classification of Cyber Crime:
1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform
violent acts that result in loss of life. This may include different type of
activities either by software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism
committed through the use of cyberspace or computer resources.
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer
system is subjected to or threatened with repeated denial of service or
other attacks by malicious hackers. These hackers demand huge money
in return for assurance to stop the attacks and to offer protection.
3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context
of computers, online control systems and networks. It involves both
offensive and defensive operations concerning to the threat of cyber-
attacks, espionage and sabotage.
4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the
Internet and could include hiding of information or providing incorrect
information for the purpose of deceiving victims for money or property.
Internet fraud is not considered a single, distinctive crime but covers a
range of illegal and illicit actions that are committed in cyberspace.
Challenges of Cyber Crime:
1. People are unaware of their cyber rights-

The Cybercrime usually happen with illiterate people around the world
who are unaware about their cyber rights implemented by the
government of that particular country.
2. Anonymity-
Those who Commit cybercrime are anonymous for us so we cannot do
anything to that person.
3. Less numbers of case registered-

Every country in the world faces the challenge of cybercrime and the
rate of cybercrime is increasing day by day because the people who
even don’t register a case of cybercrime and this is major challenge for
us as well as for authorities as well.
4. Mostly committed by well educated people-

Committing a cybercrime is not a cup of tea for every individual. The
person who commits cybercrime is a very technical person so he knows
how to commit the crime and not get caught by the authorities.
Prevention of Cyber Crime:

Below are some points by means of which we can prevent cybercrime:
1. Use strong password –
Maintain different password and username combinations for each
account and resist the temptation to write them down. Weak passwords
can be easily cracked using certain attacking methods like Brute force
attack, Rainbow table attack etc., so make them complex. That means
combination of letters, numbers and special characters.
2. Use trusted antivirus in devices –

Always use trustworthy and highly advanced antivirus software in
mobile and personal computers. This leads to the prevention of different
virus attack on devices.
3. Keep social media private –

Always keep your social media accounts data privacy only to your
friends. Also make sure only to make friends who are known to you.
4. Keep your device software updated –

Whenever you get the updates of the system software update it at the
same time because sometimes the previous version can be easily
attacked.
5. Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.
PLANNING OF ATTACKS
1. Reconnaissance: The first step involved during a cyber-attack involves

observation, research, and planning of and into potential targets that satisfy the
needs or the mission of the attackers. Attackers gather their Intel/information of
their targets through constantly researching about them through publicly available
sources and websites, i.e. Twitter, Facebook, Instagram, LinkedIn, and other
corporate websites. They start to look for certain vulnerabilities within the
organization network which they can exploit such as applications, target networks,
etc., and start indicating/mapping out the areas where they can take
advantage. Once they successfully identify which defenses are in place, they
choose which weapon is best for their needs to exploit the network, such as bribing
an employee, e-mail attachments with viruses, decrypting Wi-Fi traffic, or some
other phishing tactics.
2. Weaponization and Delivery: After the initial recon stage where they (cyber
attackers) have gathered Intel and identified the vulnerabilities, then the attackers
breach the organization network and install malware or any other viruses or a
reverse shell program through which they gain unfettered access to their targeted
network. Some of the common weaponization tactics involve:
• Ransomware
• Spear Phishing attacks
• Password attacks
3. Exploitation: Based upon any information identified in the previous stage, the
cybercriminals start an exploit against any weakness found in the network system.
They exploit using an exploit kit or weaponization document. For example, an
exploitation code can be dropped on servers and they can obtain any sensitive data
such as password files, certificates, or any other data. After the attackers have
placed themselves inside the network they can go anywhere within the network and
at this stage, the system is compromised and the organization’s data is at risk. Here
the attacker can either wreak havoc on the target system or can ask for ransom.
4. Installation: At this stage, the attacker ensures that he maintains continued
control over the recently compromised network. And as they have established a
foothold in the system, attackers will now install the malware in order to conduct
further operations. For example, after installation, they can maintain access and
escalate the privileges. This escalation allows the attacker to obtain more secure
data. The attacker can also access to the restricted protected systems which require
certain privileges to access.
5. Command and Control: If the data breach remains undetected till at this stage,
then the cyber attackers will eventually be able to take complete control over the
organization network. Here the hacker has the ability to control the network,
automatically listen to packets across the network & even crawl through the
network. At this stage, the attackers will establish a command channel in order to
pass back the data between the infected devices and their own infrastructure.
6. Actions on the objectives: This is the final stage where the attacker executes
the final stage of their mission, i.e., data exfiltration, destruction of critical
infrastructure, defacing web property, or creating fear or any means of extortion.
Once the mission is completed, most targeted attackers do not leave the
environment but maintain access in case a new mission is directed. In the aftermath,
the organization will have to deal with the negative repercussions while restoring
to normal operations.
As of now we have detailed knowledge of how the cyber-attacks happen and which
stage they proceed, and as stated earlier if any obstruction or adversary happens
between any stages then it can create an obstruction to the mission of the cyber
attackers. Therefore, for a brief knowledge, we shall here look at how to create an
obstruction to the mission of the cyber attackers.
Ways to break the Cyber Attack Life Cycle:
• Implement security awareness training so users are mindful about what
should and should not be posted. Along with that performing continuous
inspection of network traffic flows.
• Protecting any perimeter breaches by blocking malicious websites and
detecting unknown malware and automatically delivering protection.
Also providing ongoing education and knowledge to users on spear-
phishing links, unknown emails, etc.
• Limiting local admin access of users and preventing malware installation,
known or unknown, on the endpoint, network, or cloud services.
• Proactively hunt for indicators of compromise on the network using threat
intelligence tools and blocking outbound communication to known URLs
through URL filtering.
SOCIAL ENGINEERING:
Social engineering is a manipulation technique that exploits human error to obtain

private information or valuable data. In cybercrime, the human hacking scams entice
unsuspecting users to disclose data, spread malware infections, or give them
access to restricted systems. Attacks can occur online, in-person, and by other
interactions. Social engineering scams are based on how people think and act.
Hackers try to exploit the user's knowledge. Thanks to technology's speed, many
consumers and employees are not aware of specific threats such as drive-by
downloads. Users cannot realize the value of personal data like phone number.
Many users are unsure of how best to protect themselves and their confidential
information. Social engineering attackers have two goals:
1. Subversion: Interrupting or corrupting data due to loss or inconvenience.

2. Theft: Obtaining valuable items such as information, access or
How does social engineering work?
Most social engineering attacks depend on real communication between attackers

and victims. Instead of using brute force methods to breach the data, the attacker
prompts the user to compromise.
The attack cycle gives the criminals a reliable process to deceive you. The stages of
the social engineering attack cycle are below:
o Prepare by gathering background information on a large group.
o Infiltrate by building trust, establishing a relationship or starting a
conversation.
o Establish the victim once more to confront the attack with confidence and
weakness.
o Once the user takes the desired action, release it.
Many employees and consumers are unaware that certain information can give
hackers access to multiple networks and accounts.
Characteristics of Social Engineering Attack
Social engineering attack centers on the attacker's use

of persuasion and confidence.
High emotions: Emotional manipulation gives attackers the upper hand in any
conversation. The below feelings are used equally to explain to you.
o Fear
o excitement
o Curiosity
o Anger
o Crime
o Sadness
Time-sensitive occasions or requests are other reliable tools in an attacker's arsenal.
Social engineering attacks can be classified into two main categories:
1. Technology-based attacks
A technology-based approach tricks a user into believing that he is
interacting with a ‘real’ computer system and convinces him to provide
confidential information. For example, the user will get a popup window informing
him that the computer application has had a problem and needs immediate fixing.
It will tell the user to reauthenticate a computer application to proceed. As the
user proceeds to reauthenticate, the user provides his ID and password on the
popup window itself. Once they enter the necessary credentials for authentication,
the harm is done.
The hacker or the criminal who created the popup window now has access to
the user’s ID and password and can, therefore, access their network and computer
system.
2. Human interaction-based attacks
In a human interaction-based approach, the victim’s unawareness is exploited
to attack the system or network. This is typically accomplished whereby the
attacker pretends to be a person or authority the victim already knows while hiding
their true identity.
3. Hybrid attacks
Hybrid attacks are the most common form of cyberattacks, where the attacker
uses both technology and human interactions as platforms for conducting the social
engineering attack.
UNIT V CYBER THREATS, ATTACKS AND PREVENTION
Phishing, Password cracking, Keyloggers and Spywares, DoS and DDoS attacks,
SQL Injection Identity Theft (ID) : Types of identity theft, Techniques of ID theft-
SECURITY writing security policies, Internet and email security policies,
Compliance and Enforcement of policies.
PHISHING:
Phishing is one type of cyber attack. Phishing got its name from “phish” meaning
fish. It’s a common phenomenon to put bait for the fish to get trapped. Similarly,
phishing works. It is an unethical way to dupe the user or victim to click on harmful
sites. The attacker crafts the harmful site in such a way that the victim feels it to be
an authentic site, thus falling prey to it. The most common mode of phishing is by
sending spam emails that appear to be authentic and thus, taking away all
credentials from the victim. The main motive of the attacker behind phishing is to
gain confidential information like
• Password
• Credit card details
• Social security numbers
• Date of birth
The attacker uses this information to further target the user and impersonate the
user and cause data theft. The most common type of phishing attack happens
through email. Phishing victims are tricked into revealing information that they
think should be kept private. The original logo of the email is used to make the user
believe that it is indeed the original email
Types of Phishing Attacks

There are several types of Phishing Attacks, some of them are mentioned below.
Below mentioned attacks are very common and mostly used by the attackers.
• Email Phishing: The most common type where users are tricked into
clicking unverified spam emails and leaking secret data. Hackers
impersonate a legitimate identity and send emails to mass victims.
Generally, the goal of the attacker is to get personal details like bank
details, credit card numbers, user IDs, and passwords of any online
shopping website, installing malware, etc. After getting the personal
information, they use this information to steal money from the user’s
account or harm the target system, etc.
• Spear Phishing: In spear phishing of phishing attack, a particular user
(organization or individual) is targeted. In this method, the attacker first
gets the full information of the target and then sends malicious emails to
his/her inbox to trap him into typing confidential data. For example, the
attacker targets someone (let’s assume an employee from the finance
department of some organization). Then the attacker pretends to be like
the manager of that employee and then requests personal information or
transfers a large sum of money. It is the most successful attack.
• Whaling: Whaling is just like spear-phishing but the main target is the
head of the company, like the CEO, CFO, etc. a pressurized email is sent
to such executives so that they don’t have much time to think, therefore
falling prey to phishing.
• Smishing: In this type of phishing attack, the medium of phishing attack
is SMS. Smishing works similarly to email phishing. SMS texts are sent
to victims containing links to phished websites or invite the victims to
call a phone number or to contact the sender using the given email. The
victim is then invited to enter their personal information like bank details,
credit card information, user id/ password, etc. Then using this
information, the attacker harms the victim.
• Vishing: Vishing is also known as voice phishing. In this method, the
attacker calls the victim using modern caller id spoofing to convince the
victim that the call is from a trusted source. Attackers also use IVR to
make it difficult for legal authorities to trace the attacker. It is generally
used to steal credit card numbers or confidential data from the victim.
• Clone Phishing: Clone Phishing this type of phishing attack, the attacker
copies the email messages that were sent from a trusted source and then
alters the information by adding a link that redirects the victim to a
malicious or fake website. Now the attacker sends this mail to a larger
number of users and then waits to watch who clicks on the attachment
that was sent in the email. It spreads through the contacts of the user who
has clicked on the attachment.
PASSWORD CRACKING:
Password cracking is one of the imperative phases of the hacking framework.
Password cracking is a way to recuperate passwords from the information stored
or sent by a PC or mainframe. The motivation behind password cracking is to
assist a client with recuperating a failed authentication or recovering a password,
as a preventive measure by framework chairmen to check for effectively weak
passwords, or an assailant can utilize this cycle to acquire unapproved framework
access.
Types of Password Attacks:
Password cracking is consistently violated regardless of the legal aspects to
secure from unapproved framework access, for instance, recovering a password
the customer had forgotten etc. This hack arrangement depends upon aggressors’
exercises, which are ordinarily one of the four types:
1. Non-Electronic Attacks –
This is most likely the hacker’s first go-to to acquire the target system
password. These sorts of password cracking hacks don’t need any
specialized ability or information about hacking or misuse of
frameworks. Along these lines, this is a non-electronic hack. A few
strategies used for actualizing these sorts of hacks are social
engineering, dumpster diving, shoulder surfing, and so forth.
2. Active Online Attacks –
This is perhaps the most straightforward approach to acquire
unapproved manager-level mainframe access. To crack the passwords, a
hacker needs to have correspondence with the objective machines as it
is obligatory for password access. A few techniques used for actualizing
these sorts of hacks are word reference, brute-forcing, password
speculating, hash infusion, phishing, LLMNR/NBT-NS Poisoning,
utilizing Trojan/spyware/keyloggers, and so forth.
3. Passive Online Attacks –
An uninvolved hack is a deliberate attack that doesn’t bring about a
change to the framework in any capacity. In these sorts of hacks, the
hacker doesn’t have to deal with the framework. In light of everything,
he/she idly screens or records the data ignoring the correspondence
channel to and from the mainframe. The attacker then uses the critical
data to break into the system. Techniques used to perform passive
online hacks incorporate replay attacks, wire-sniffing, man-in-the-
middle attack, and so on.
4. Offline Attacks –
Disconnected hacks allude to password attacks where an aggressor
attempts to recuperate clear content passwords from a password hash
dump. These sorts of hacks are habitually dreary yet can be viable, as
password hashes can be changed due to their more modest keyspace and
more restricted length. Aggressors utilize preprocessed hashes from
rainbow tables to perform disconnected and conveyed network hacks.
Some of the best practices protecting against password cracking include:
1. Perform data security reviews to screen and track password assaults.
2. Try not to utilize a similar password during the password change.
3. Try not to share passwords.
4. Do whatever it takes not to use passwords that can be found in a word
reference.
5. Make an effort not to use clear content shows and shows with weak
encryption.
6. Set the password change technique to 30 days.
7. Try not to store passwords in an unstable area.
8. Try not to utilize any mainframes or PC’s default passwords.
9. Unpatched computers can reset passwords during cradle flood or Denial
of Service assaults. Try to refresh the framework.
10.Empower account lockout with a specific number of endeavors, counter
time, and lockout span. One of the best approaches to oversee
passwords in associations is to set a computerized password reset.
11.Ensure that the computer or server’s BIOS is scrambled with a
password, particularly on devices that are unprotected from real perils,
for instance, centralized servers and PCs.
KEYLOGGERS AND SPYWARES:

1. Adware :
Adware is not exactly malicious but they do breach privacy of the users for
malicious purpose. They display ads (a pop-up window appear) on computer’s
desktop or inside individual programs. They mainly come attached with free to
use software, thus main source of revenue for such developers. They basically
monitor your interests and display relevant ads. An attacker may embed
malicious code inside the software and adware can monitor your system activities
and can even compromise your machine.
2. Spyware:
Spyware is a type of malware that perform certain tasks include watching and
tracking of user actions and collecting personal data. Spyware programs generally
install themselves on user computer and provides profit to the third party by
collecting data of user without his awareness. Moreover, spyware steal passwords
and personal information of the users by running in background in the system.
S.No. ADWARE SPYWARE

Adware is similar to a spyware Spyware is a form of malware
1. and it can be both intrusive and designed to collect your
difficult to eradicate. personal information.
The main objective of adware The main objective of the

2. is to monitor your interests and spyware is to monitor the
display relevant ads. activity of the system.
Adware can be detected and Spyware can be detected and

3. removed by the antivirus removed by the anti-spyware
program. program.
It provides profit to the It provides profit to the third

4. developer by generating online party by collecting data of
advertisement. user without his awareness.
It is unknowingly installing
It is unknowingly attached with
the product when they install
5. free to use software, distributed
some other software or
through pop-up windows.
freeware.
Adware is less harmful than Spyware is more harmful as

6.
spyware. compared.
Fireball, Appearch, Gator and Bonzibuddy, Cydore and

7. dollar revenue are some of the Download ware are some
examples of adware. examples of spyware.
DOS AND DDOS ATTACKS:

1. DOS Attack is a denial-of-service attack, in this attack a computer sends
a massive amount of traffic to a victim’s computer and shuts it down. Dos attack
is an online attack that is used to make the website unavailable for its users when
done on a website. This attack makes the server of a website that is connected to
the internet by sending a large number of traffic to it.
2. DDOS Attack means distributed denial of service in this attack dos
attacks are done from many different locations using many systems.
Difference between DOS and DDOS attacks:
DOS DDOS
DOS Stands for Denial-of-service DDOS Stands for Distributed Denial of

attack. service attack.
In Dos attack single system targets In DDoS multiple systems attacks the
the victim system. victim’s system.
Victim PC is loaded from the packet Victim PC is loaded from the packet of
of data sent from a single location. data sent from Multiple location.
Dos attack is slower as compared to

DDoS attack is faster than Dos Attack.
DDoS.
It is difficult to block this attack as

Can be blocked easily as only one
multiple devices are sending packets and
system is used.
attacking from multiple locations.
In DOS Attack only single device is In DDoS attack, the volume Bots are
used with DOS Attack tools. used to attack at the same time.
DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.
DDoS attacks allow the attacker to send

Volume of traffic in the Dos attack
massive volumes of traffic to the victim
is less as compared to DDos.
network.
Types of DOS Attacks are: 1. Buffer Types of DDOS Attacks are: 1.

overflow attacks 2. Ping of Death or Volumetric Attacks 2. Fragmentation
ICMP flood 3. Teardrop Attack 4. Attacks 3. Application Layer Attacks 4.
Flooding Attack Protocol Attack.
SQL INJECTION IDENTITY THEFT:
Identity Theft also called Identity Fraud is a crime that is being committed
by a huge number nowadays. Identity theft happens when someone steals your
personal information to commit fraud. This theft is committed in many ways by
gathering personal information such as transactional information of another
person to make transactions.
Example: Thieves use different mechanisms to extract information about

customers’ credit cards from corporate databases, once they are aware of the
information, they can easily degrade the rating of the victim’s credit card. Having
this information with the thieves can make you cause huge harm if not notified
early. With these false credentials, they can obtain a credit card in the name of the
victim which can be used for covering false debts.
Types of Identity Thefts:
There are various amount of threats but some common ones are:
• Criminal Identity Theft – This is a type of theft in which the victim is
charged guilty and has to bear the loss when the criminal or the thief
backs up his position with the false documents of the victim such as ID
or other verification documents and his bluff is successful.
• Senior Identity Theft – Seniors with age over 60 are often targets of
identity thieves. They are sent information that looks to be actual and
then their personal information is gathered for such use. Seniors must be
aware of not being the victim.
• Driver’s license ID Identity Theft – Driver’s license identity theft is
the most common form of ID theft. All the information on one’s
driver’s license provides the name, address, and date of birth, as well as
a state driver’s identity number. The thieves use this information to
apply for loans or credit cards or try to open bank accounts to obtain
checking accounts or buy cars, houses, vehicles, electronic equipment,
jewelry, anything valuable and all are charged to the owner’s name.
• Medical Identity Theft – In this theft, the victim’s health-related
information is gathered and then a fraud medical service need is created
with fraud bills, which then results in the victim’s account for such
services.
• Tax Identity Theft – In this type of attack attacker is interested in
knowing your Employer Identification Number to appeal to get a tax
refund. This is noticeable when you attempt to file your tax return or the
Income Tax return department sends you a notice for this.
• Social Security Identity Theft – In this type of attack the thief intends
to know your Social Security Number (SSN). With this number, they
are also aware of all your personal information which is the biggest
threat to an individual.
• Synthetic Identity Theft – This theft is uncommon to the other thefts,
thief combines all the gathered information of people and they create a
new identity. When this identity is being used than all the victims are
affected.
• Financial Identity Theft – This type of attack is the most common type
of attack. In this, the stolen credentials are used to attain a financial
benefit. The victim is identified only when he checks his balances
carefully as this is practiced in a very slow manner.
Techniques of Identity Thefts: Identity thieves usually hack into corporate
databases for personal credentials which requires effort but with several social-
engineering techniques, it is considered easy. Some common identity theft
techniques are:
• Pretext Calling – Thieves pretending to be an employee of a company
over phone asking for financial information are an example of this theft.
Pretending as legitimate employees they ask for personal data with
some buttery returns.
• Mail Theft – This is a technique in which credit card information with
transactional data is extracted from the public mailbox.
• Phishing – This is a technique in which emails pertaining to be from
banks are sent to a victim with malware in it. When the victim responds
to mail their information is mapped by the thieves.
• Internet – Internet is widely used by the world as attackers are aware of
many techniques of making users get connected with public networks
over Internet which is controlled by them and they add spyware with
downloads.
• Dumpster Diving – This is a technique that has made much information
out of the known institutions. As garbage collectors are aware of this
they search for account related documents that contain social security
numbers with all the personal documents if not shredded before
disposing of.
• Card Verification Value (CVV) Code Requests – The Card
Verification Value number is located at the back of your debit cards.
This number is used to enhance transaction security but several
attackers ask for this number while pretending as a bank official.
SECURITY WRITING SECURITY POLICIES:
Security policies are a formal set of rules which is issued by an organization

to ensure that the user who are authorized to access company technology and
information assets comply with rules and guidelines related to the security of
information. It is a written document in the organization which is responsible for
how to protect the organizations from threats and how to handles them when they
will occur. A security policy also considered to be a "living document" which means
that the document is never finished, but it is continuously updated as requirements
of the technology and employee changes.
NEED OF SECURITY POLICIES-
1) It increases efficiency
The best thing about having a policy is being able to increase the level of consistency
which saves time, money and resources. The policy should inform the employees
about their individual duties, and telling them what they can do and what they cannot
do with the organization sensitive information.
2) It upholds discipline and accountability
When any human mistake will occur, and system security is compromised, then the
security policy of the organization will back up any disciplinary action and also
supporting a case in a court of law. The organization policies act as a contract which
proves that an organization has taken steps to protect its intellectual property, as well
as its customers and clients.
3) It can make or break a business deal
It is not necessary for companies to provide a copy of their information security

policy to other vendors during a business deal that involves the transference of their
sensitive information. It is true in a case of bigger businesses which ensures their
own security interests are protected when dealing with smaller businesses which
have less high-end security systems in place.
4) It helps to educate employees on security literacy
A well-written security policy can also be seen as an educational document which

informs the readers about their importance of responsibility in protecting the
organization sensitive data. It involves on choosing the right passwords, to providing
guidelines for file transfers and data storage which increases employee's overall
awareness of security and how it can be strengthened.
We use security policies to manage our network security. Most types of security
policies are automatically created during the installation. We can also customize
policies to suit our specific environment. There are some important cybersecurity
policies recommendations describe below-
1. Virus and Spyware Protection policy
This policy provides the following protection:
o It helps to detect, removes, and repairs the side effects of viruses and security
risks by using signatures.
o It helps to detect the threats in the files which the users try to download by
using reputation data from Download Insight.
o It helps to detect the applications that exhibit suspicious behavior by using
SONAR heuristics and reputation data.
2. Firewall Policy
This policy provides the following protection:
o It blocks the unauthorized users from accessing the systems and networks that
connect to the Internet.
o It detects the attacks by cybercriminals.
o It removes the unwanted sources of network traffic.
3. Intrusion Prevention policy
This policy automatically detects and blocks the network attacks and browser
attacks. It also protects applications from vulnerabilities. It checks the contents of
one or more data packages and detects malware which is coming through legal ways.
4. Live Update policy
This policy can be categorized into two types one is Live Update Content policy,
and another is Live Update Setting Policy. The Live Update policy contains the
setting which determines when and how client computers download the content
updates from Live Update. We can define the computer that clients contact to check
for updates and schedule when and how often client’s computer check for updates.
5. Application and Device Control
This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system. The device control policy applies to
both Windows and Mac computers whereas application control policy can be applied
only to Windows clients.
INTERNET AND EMAIL SECURITY POLICIES:

Email Security:
Basically, Email security refers to the steps where we protect the email messages
and the information that they contain from unauthorized access, and damage. It
involves ensuring the confidentiality, integrity, and availability of email messages,
as well as safeguarding against phishing attacks, spam, viruses, and another form
of malware. It can be achieved through a combination of technical and non-
technical measures.
STEPS TO SECURE EMAIL:
We can take the following actions to protect our email.

• Choose a secure password that is at least 12 characters long, and contains
uppercase and lowercase letters, digits, and special characters.
• Activate the two-factor authentication, which adds an additional layer of
security to your email account by requiring a code in addition to your
password.
• Use encryption, it encrypts your email messages so that only the intended
receiver can decipher them. Email encryption can be done by using the
programs like PGP or S/MIME.
• Keep your software up to date. Ensure that the most recent security
updates are installed on your operating system and email client.
• Beware of phishing scams: Hackers try to steal your personal
information by pretending as someone else in phishing scams. Be careful
of emails that request private information or have suspicious links
because these are the resources of the phishing attack.
• Choose a trustworthy email service provider: Search for a service
provider that protects your data using encryption and other security
measures.
• Use a VPN: Using a VPN can help protect our email by encrypting our
internet connection and disguising our IP address, making it more
difficult for hackers to intercept our emails.
• Upgrade Your Application Regularly: People now frequently access
their email accounts through apps, although these tools are not perfect
and can be taken advantage of by hackers. A cybercriminal might use a
vulnerability, for example, to hack accounts and steal data or send spam
mail. Because of this, it’s important to update your programs frequently.
EMAIL SECURITY POLICIES

The email policies are a set of regulations and standards for protecting the privacy,
accuracy, and accessibility of email communication within the organization. An
email security policy should include the following essential components:
• Appropriate Use: The policy should outline what comprises acceptable
email usage inside the organization, including who is permitted to use
email, how to use it, and for what purpose email we have to use.
• Password and Authentication: The policy should require strong
passwords and two-factor authentication to ensure that only authorized
users can access email accounts.
• Encryption: To avoid unwanted access, the policy should mandate that
sensitive material be encrypted before being sent through email.
• Virus Protection: The policy shall outline the period and timing of email
messages and attachment collection.
• Retention and Detection: The policy should outline how long email
messages and their attachments ought to be kept available, as well as
when they should continue to be removed.
• Training: The policy should demand that all staff members take a course
on email best practices, which includes how to identify phishing scams
and other email-based threats.
• Incident Reporting: The policy should outline the reporting and
investigation procedures for occurrences involving email security
breaches or other problems.
• Monitoring: The policy should outline the procedures for monitoring
email communications to ensure that it is being followed, including any
logging or auditing that will be carried out.
• Compliance: The policy should ensure compliance with all essential laws
and regulations, including the health
• Insurance rules, including the health portability and accountability act
and the General Data Protection Regulation (GDPR)(HIPPA).
• Enforcement: The policy should specify the consequences for violating
the email security policy, including disciplinary action and legal
consequences if necessary.

NOTES

Uploaded by

Copyright:

Available Formats

NOTES

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NOTES

Uploaded by

Copyright:

Available Formats

U20CS844 – CYBER SECURITY

UNIT I INTRODUCTION TO NUMBER THEORY

Finite Fields and Number Theory: Modular arithmetic, Euclidian Algorithm,

FINITE FIELDS AND NUMBER THEORY:

• If A = 0 then GCD(A,B)=B, since the GCD(0,B)=B, and we can stop.

PRIMALITY TESTING: FERMATS AND EULERS THEOREM

FERMAT’S AND EULER’S THEOREMS

Proof: Equation (8.4) is true if n is prime, because in that case, ϕ(n) = (n - 1) an

CHINESE REMINDER THEOREM:

A Naive approach is to run a loop from 0 to m to cover all possible values of k

Symmetric key cryptographic techniques: Introduction to Stream cipher, Block

SYMMETRIC KEY CRYPTOGRAPHIC TECHNIQUES:

Initial Permutation (IP)

ADVANCED ENCRYPTION STANDARD (AES)

Each round comprises of 4 steps:

Add Round Keys:

IDEA ASYMMETRIC KEY CRYPTOGRAPHIC TECHNIQUES:

ELLIPTIC Curve cryptography:

Introduction to Elliptic Curve Cryptography

ECC, as the name implies, is an asymmetric encryption algorithm that employs

Below are the components of elliptic curve cryptography:

ELLIPTIC CURVE CRYPTOGRAPHY ALGORITHMS

Based on the arithmetic of elliptic curves over finite fields, Elliptic-Curve

KEY DISTRIBUTION AND KEY EXCHANGE PROTOCOLS:

UNIT III INTEGRITY AND AUTHENTICATION

Hashing is the process of generating a value from a text or a list of numbers

Different Types of SHA

Why and How SHA is used?

The Prospects for Hashing

MESSAGE AUTHENTICATION CODE (MAC):

M' = MAC (M, k)

External Error Code –

DIGITAL SIGNATURE ALGORITHM:

A digital signature is a mathematical technique which validates the

The computer-based business information authentication interrelates both

Application of Digital Signature

The important reason to implement digital signature to communication is:

Non-repudiation means assurance of something that cannot be denied. It ensures that

Algorithms in Digital Signature:

A digital signature consists of three algorithms:

1. Key generation algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work:

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

Types of Digital Signature:

The approval digital signatures on a document can be used in the organization's

Visible Digital Signature

Invisible Digital Signature

RSA ELGAMAL BASED:

Classification of cybercrimes, planning of attacks, social engineering: Human

Challenges of Cyber Crime:

1. People are unaware of their cyber rights-

3. Less numbers of case registered-

4. Mostly committed by well educated people-

Prevention of Cyber Crime:

2. Use trusted antivirus in devices –

3. Keep social media private –