Unit4:- Data Integrity Algorithms And Web Security

Cryptographic Hash Function:-

Hash function is used to map data of arbitrary size to generate an output of a fixed size.
A hash value h is generated by a function H of the form
h = H(M)
M:- variable – length message
H(M):- fixed – length hash value

Requirement & Security:-

 The purpose of hash function is to produce a fingerprint of a file, message or other
block of data.
 Properties:-
1. H can be applied to a block of data of any size
2. H produces a fixed length output
3. H(x) is relatively easy to compute for any given x, making both h/w & s/w
implementations practical.
4. For any given value h, it is computationally infeasible to find z such that H(x) =
h. This is called one-way property.
5. For any given block x, it is computationally infeasible to find y /= x such that
H(y) = H(x). This is called as weak collision resistance.
6. It is computatinality infeasible to find anu pair (x,y) such that H(x) = H(y) This
is called as strong collision resistance.

Applications:-
1. Message Authentication
2. Digital signature
3. To create a one way pswd file (store hash of pswd not actual pswd)
4. For intrusion detection & virus detection

Two simple hash function:-

One of the simplest hash functions is the bit-by-bit exclusive-OR (XOR) of every block.
Ci = bi1 ⊕ bi2 ⊕… ⊕ bim
Where Ci = ith bit of the hash code, 1 ≤i ≤ n
m = number of n-bit blocks in the input
bij= ith bit in jth block
⊕ = XOR operation
 Disadvantage Each n-bit hash value is equally [Link] more predictably formatted
data, the function is less effective.
 Improve perform a one-bit circular shift, or rotation , on the hash value after each
block is processed.
1. Initially set the n-bit hash value to zero.
2. Process each successive n-bit block of data as follows
3. Rotate the current hash value to the left by one bit.
4. XOR the block into the hash value.

Hash Functions Based on Cipher Block Chaining:-

 hash functions based on using a cipher block chaining technique, but without using
the secret key.
 Divide a message M into fixed-size blocks M1, M2, ….. , MN
 use a symmetric encryption system DES to compute the hash code G as
H0 = initial value
Hi = E(Mi, Hi - 1)
G = HN
 Similar to the CBC technique, no secret key. this scheme is subject to the birthday
attack

Message Digest:-
 It is also known as hash function or cryptographic hash function.
 It accepts a msg as input & generates a fixed length o/p which is generally less than
the length of input msg.
 MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate
a 128-bit digest from a string of any length. It represents the digests as 32 digit
hexadecimal numbers. 5 steps:-
1. Append padding bits
2. Append length
3. Initialize MD buffer
4. Process msg in 16 word blocks
5. Output

6.
Message Authentication Codes:-
 An alternative authentication technique involves the use of a secret key to generate a
small fixed-size block of data, known as a cryptographic checksum or MAC, that is
appended to the message.
 This technique assumes that two communicating parties, say A and B, share a
common secret key K.
 When A has a message to send to B, it calculates the MAC as a function of the
message and the key:
MAC = C(K, M)
where M = input message
C = MAC function
K = shared secret key
MAC = message authentication code

Message Authentication Requirements:-

1. Disclosure:- Release of msg contents to any person or process not processing
appropriate cryptographic key.
2. Traffic analysis:- Discovery of the pattern of traffic between parties.
3. Masquerade:-Insertion of msg into n/w from a fraudulent source.
4. Content Modification:-Changes to content of msg including insertion deletion
transposition & modification.
5. Sequence Modification:- Any modification to a sequence of msgs between parties,
including insertion deletion & reordering.
6. Timing modification:- Delay or replay of msgs.
7. Source repudiation:- Denial of transmission of msgs by destination.
8. Destination repudiation:- Denial of receipt of msgs by source.

Message Authentication Functions: 

  Any message authentication or digital signature mechanism has two levels of
functionality.
 At the lower level, there must be some sort of function that produces an
authenticator: a value to be used to authenticate a message.
 This lower-level function is then used as a primitive in a higher-level authentication
protocol that enables.

Digital Signatures:-
 It is an authentication mechanism that enables creator of a msg to attach a code that
acts as a signature.
 Two general schemas for digital signature:-
1. Direct:- It involves only the communicating parties & it is based on public
keys. Sender knowns public key of receivers.
2. Arbitrated:- every signed msg from A to B goes to an arbiter BB(big brother)
that everybody trusts.
 Digital Signature Standard:- It makes use of secure hash algorithm(SHA) & presents a
new digital signature technique . It cannot be used for encryption or key exchange.

X.509 Certificate:-
It defines authentication services.
Web Security issues:-
 The web is very visible. The WWW is widely used by businesses, government
agencies and many individuals.
 Complex s/w hides many security flaws. Web severs are easy to configure & manage .
Users are not aware of the risks.


HTTPS(Hyper Text Transfer Protocol):-

SSH(Secure Socket Shell):-

IPv4 Header Format:-

IP Security (IPSec):-
It is the capability that can be added to present version of internet protocol (IPv4 & IPv6) by
means of additional headers for secure communication across LAN, WAN & internet.

 Architecture:-covers security requirements

definitions IPSec technology.
 ESP(Encapsulating security payload):- covers
packet format , packet encryption authentication.
 AH(Authentication Header):- covers packet format
, general issues.
 Authentication algo:- Encryption algorithm used
for ESP.
 Key management:- Key management schemas.
 Domain Of Interpretation:- values relate
document with each other.
 Applications of IPSec:-
1. Secure connectivity over the internet
2. Secure remote access over the internet
3. Extranet & intranet connectivity
4. Enhanced electronic- commerce security

 Benefits of IPSec:-
1. It provides strong security within & across LANs.
2. No need to change s/w for implementing IPSec.
3. Transparent to end users also.
4. Can provide security to individual users.
 Unit 5- Network and System Security
OSI Security Architecture:-

OSI Security
Architecture

Security Security
Security Attacks
Services Mechanism

 Security Attacks:- Action that compromise the security of information owned by the
organisation.
o Two Types of attacks
o Passive attack
o Active attack
 Security Services:- Process that enhance the security of data processing system &
information transfer.
 Security Mechanism:- :- A process that is designed to detect, prevent or recover
from attack.

Access control:-
 It ia an imp tool of security to protect data & other resources.
 It refers to prevention of unauthorized use of a resource.
 It includes:-
1. Authentication of users
2. Authorization of their privileges
 3. Auditing to monitor & record user actios
 Types of Access Control:-
1. Discretionary access control (Identity Based Access):- When user set an
access control mechanism to allow or deny access to an object such
mechanism is a DAC.
2. Mandatory access control (Rule-based access) :-When system mechanism
control access to an object & individual user cannot alter that access then
such control called as MAC.
3. Role-based access control (Non- Discretionary access control) :- It is a method
of regulating access to computer or n/w resource based on their role.

Flooding Attacks(Denial Of Service):-

They are classified based on n/w protocol used:-
1. ICMP flooding
2. UDP flooding
3. TCP SYN flooding

Distributed DOS Attacks:-

 It ia an attempt to make an online service unavailable by overwhelming it with traffic
from multiple sources.

 DDOS Attacks can be classified into one of following categories:-

1. Resource exhaustion
2. Vulnerability attacks
3. Protocol attacks

Intrusion Detection System:-

 Intrusion an act of gaining unauthorized access to a system so as to cause loss.
 Intrusion Detection is the act of detecting unwanted traffic on n/w or a device.
 Functions of Intrusion Detection system:-
 1. Monitoring & analysis of user & system activity
2. Recognition of activity patterns reflecting known attacks
3. Statistical analysis for abnormal activity pattern
 Types of IDS:-
1. Anomaly Detection:- It is a system for detecting computer intrusion & misuse
by monitoring system activity & classifying it as either normal or abnormal.
• Advantages:-
1. Ability to detect symtoms of attacks
2. Can produce info
• Disadvantages:-
1. False alarms
2. Requires training set
2. Signature-based Detection:- It will monitor packets on n/w & compare them
against database of signature or attributes From known malicious threats.
 Advantages:-
1. Signature are easy to develop
2. Understand if you know what n/w behavior you are trying to
identify
 Disadvantages:-
1. High false positive rate
2. Largely ineffective
3. Database must be continually updated & maintained
3. N/w based System:-It attempts to crack into computers by n/w security
monitoring of n/w traffic.
• Advantages:-
1. Can monitor large n/w
2. Can be made very secure against attack
• Disadvantages:-
1. Difficulty in processing all packets
2. Cannot analyze encrypted information

4. Host Based system:- It logs for evidence of malicious or suspicious

applications activity in real time.
• Advantages:-
1. Can detect attack that cannot be seen by n/w based IDS
2. Can often operate in an environment in which n/w traffic is
encrypted
• Disadvantages:-
1. Can be disabled by certain DOS attacks
2. Hard to manage
Distributed IDS:-
 A distributed collection of hosts supported by a LAN or intern/w is called DIDS.
 Major Components:-
1. Host agents module
2. LAN monitor agent module
3. Central manager module
Honeypot:-
Honeypot is a n/w attached system used to trap for cyber attackers to detect & study the
tricks & types of attacks used by hackers.
 HoneyNet is a combination of 2 or more honeypots on a n/w.
 Types of Honeypot:-
1. Research Honeypot:-Used by researchers to analyze hacker attacks
2. Production Honeypot:-Deployed in production n/w along with the server.
 Advantages:-
1. Improves security
2. Wastes hacker’s time & resources
3. Identifies malicious activity even if encryption is used
 Disadvantages:-
1. Fingerprinting
2. Can be easily identified by experienced attackers

Firewall:-
It acts as a
barrier between
internal private
n/w & external
sources.
Types of firewall:-
1. Packet filtering router
2. Application level gateways
3. Circuit level gateways
Limitations :-
1. Firewalls cannot stop users from accessing malicious websites, making it vulnerable to
internal threats or attacks.
2. Firewalls cannot prevent misuse of passwords.
3. Firewalls cannot protect if security rules are misconfigured.
4. Firewalls cannot secure the system which is already infected.
Need of firewalls:-
1. Open Access
2. Lost or Comprised Data
3. Network Crashes
Characteristics of Firewall :-
1. Physical Barrier
2. Multi-Purpose:
3. Flexible Security Policies
4. Security Platform
5. Access Handler
 Firewall Policy - Defines how to inspect packets.
 Applications & URL Filtering - Defines how to control Internet browsing and application
usage.

Intrusion prevention system (IPS):-

An intrusion prevention system (IPS) is a network security tool that continuously monitors a
network for malicious activity and takes action to prevent it, including reporting, blocking, or
dropping it, when it does occur.

Types of intrusion prevention

 Network intrusion prevention system (NIPS): This type of IPS is installed only at
strategic points to monitor all network traffic and proactively scan for threats.
 Host intrusion prevention system (HIPS): In contrast to a NIPS, a HIPS is installed on
an endpoint (such as a PC) and looks at inbound and outbound traffic from that
machine only. It works best in combination with a NIPS, as it serves as a last line of
defense for threats that have made it past the NIPS.
 Network behavior analysis (NBA): This analyzes network traffic to detect unusual
traffic flows, such as DDoS (Distributed Denial of Service) attacks.
 Wireless intrusion prevention system (WIPS): This type of IPS simply scans a Wi-Fi
network for unauthorized access and kicks unauthorized devices off the network.
Benefits of intrusion prevention system:
1. Additional security
2. Increased efficiency for other security controls
3. Time savings
4. Customization

Operating system Security

 The process of ensuring OS availability, confidentiality, integrity is known as operating
system security.
 OS security refers to the processes or measures taken to protect the operating
system from dangers, including viruses, worms, malware, and remote hacker
intrusions.
 Operating system security comprises all preventive-control procedures that protect
any system assets that could be stolen, modified, or deleted if OS security is
breached.
  Security refers to providing safety for computer system resources like software, CPU,
memory, disks, etc. It can protect against all threats, including viruses and
unauthorized access.
 It can be enforced by assuring the operating system's integrity, confidentiality, and
availability. If an illegal user runs a computer application, the computer or data
stored may be seriously damaged.

Application Security
Application security is the process of developing, adding, and testing security features within
applications to prevent security vulnerabilities against threats such as unauthorized access
and modification.

Security maintenance
Following steps:-
1. Monitoring & analyzing logging info
2. Performing regular backups
3. Recovering from security compromises
4. Regularly testing system security
5. Using appropriate s/w maintenance processes to patch & update all critical s/w & to
monitor & revise configuration as needed

Multilevel Security
 Multilevel security is a security policy that allows the classification of data and users
based on a system of hierarchical security levels combined with a system of non-
hierarchical security categories
 A multilevel-secure security policy has two primary goals
1. The controls must prevent unauthorized individuals from accessing
information at a higher classification than their authorization.
2. The controls must prevent individuals from declassifying information.
 Characteristics of a multilevel-secure system include the following:
1. The system controls access to resources.
2. The system labels all hardcopy with security information.
3. The system optionally hides the names of data sets, files and directories from
users who do not have access to those data objects

Trusted System
 Trusted Systems are special systems designed to serve the purpose of providing
security.
  Multilevel Security: This type of Trusted system ensures that security is maintained at
different levels of the computer system. It ensures that the information is prevented
from being at risk.
1. Top Secret Level
2. Secret Level
3. Confidential Level
4. Unclassified
 Data Access Control: This type of Trusted system provides additional security to the
verified process of [Link] are three basic models of Data Access Control:
1. Access Matrix: They are composed of three parts
 Subject
 Object
 Access right
2. Access Control List
3. Capability
 Importance of Trusted System:
1. Identity Verification
2. Safety Maintained
3. Limiting Access
4. Preventing Malicious Activities
5. Ensuring Compliance
 Examples of Trusted Systems:
 Windows BitLocker
 TPM (Trusted Platform Module)
 Trusted Boot

Trusted computing
 Trusted Computing (TC) is a technology developed and promoted by the Trusted
Computing Group.
 The term is taken from the field of trusted systems and has a specialized meaning
that is distinct from the field of confidential computing.
 With Trusted Computing, the computer will consistently behave in expected ways,
and those behaviors will be enforced by computer hardware and software.
 Enforcing this behavior is achieved by loading the hardware with a unique encryption
key that is inaccessible to the rest of the system and the owner
 Unit6:- Cyber Security and Tools

Cybercrime:- is defined as a crime committed on internet using computer as either a

tool or a targeted victim .
Cybercrime:- is defined as a crime in which a computer is the object of the crime(hacking,
phishing, spamming) or is used as a tool to commit an offense(child pornography, hate
crimes)

Cyber Terrorism:-
It is the premeditated, politically motivated attack against information, computer system,
programs and data which result in violence against noncombatant targets by sub natinal
groups or agents.

Classification of Cyber Crimes:-

 Cyber crimes against Individual (E-Mail Spoofing, Spamming, Phishing, Cyber Stalking,
Cyber Defamation)
 Cyber crimes against Property (Credit Card Skimming, Intellectual Property Crimes,
Software Piracy, Domain Name Disputes, Internet Time Theft, Identity Thef)
 Cyber crimes against Organization (Hacking, Denial of Service Attack (Dos Attack), E-mail
Bombing, Salami Attacks, Logic Bomb)
  Cyber crimes against Society (Cyber Pornography:, Sale of Illegal Articles, Cyber Terrorism)

Cybercrime & Information security:-

1. Programmers:- Write code or programs used by cybercriminal organization.
2. Distributors:- Distribute & sell stolen data & goods from associated cybercriminals.
3. IT experts:- Maintain a cybercriminal organization IT infrastructure such as servers,
encryption technologies & databases.
4. Hackers:- Exploit system applications & network vulnerabilities.
5. Fraudsters:- Create & deploy schemas like spam & phishing.
6. System hosts & providers:- host sites & servers that posses illegal contents.
7. Cashiers:- Provide account names to cybercriminals & control drop account.

Types of Cybercrime :-
1. Hacking:- Person’s computer is broken into so his personal or sensitive info can be
accessed.
2. Theft:- occurs when a person violates copyrights & downloads music, movies, games
& s/w.
3. Cyberstalking:- online harassment where victim is subjected to a barrage of online
msgs & emails.
4. Identity theft:- criminal accesses data about person’s bank details to siphon money
or buy things online.
5. Malicious s/w:- internet based s/w or program used to distrupt n/w.
6. Child soliciting & abuse:- criminals solicit minors via chats room .
Information Security life cycle :-

Botnets:-
 A botnet is an interconnected n/w of computers infected with malware without
user’s knowledge & controlled by cybercriminals.
 Word Botnet :- ‘Robot’ + ‘Netweork’
 Used to:-
1. send spam emails
2. transmit viruses
3. Commit advertisting fraud
4. Distribute malware or spyware
 Known as zombie army, botnets (biggest online threats today).
 Computers become nodes in botnet when attacker illicitly install malware that
secretly connect computers to botnet.
 Keep phishing websites & frequently change their domain to remain anonymous.

Zombie:-
  It is a computer connected to internet that has been compromised & controlled by
an attacker without user’s consent.
 They are under remote control by an attacker.
 Control them thr some command & control centre to perform illegal activities.

The legal perspective- Indian perspective:-

 The Indian government has created necessary legal & administrative framework thr
enactment IT Act 2000.
 Which combines 3-commerce transactions & computer misuse & frauds rolled into
an omnibus Act.
 The Controller of Certifying Authority ( CCA ) has been put in place for effective
implementation of IT Act 2000.

Indian IT Act :-
 Aims to provide the legal infrastructure for e-commerce in india.
 Cyber laws have major impact for e-business & new economy in india.
 Aim to provide legal recognition of electronic records & digital signature.
 To provide legal recognition to transaction carried out Electronic Data
Interchange(EDI) .
 To establish regulatory body to supervised certifying authorities issuing digital
signature.

Global perspective:-
 These crimes have virtually no boundries & may affect any country across globe.
 New boundary which is made up of the screens & psed, separate “CyberWorld” from
“real world” of atoms.
 Territorially based law-making & law-enforcing authorities find this new environment
deeply threatening.

Social Engineering:-
 Social Engineering is the art of manipulating people so they give up confidential info.
 Criminals use social engineering tactics bcoz it is easy to exploit natural inclination to
trust than it is to discover ways to hack s/w.
 It in nothing new in digital age but experts say criminal are using it more as
companies have gotten better at security their n/w.
 In this context use of social n/w (Facebook, Twitter).

Cyber Stalking:-
Threating behaviour or unwanted advances directed at another using internet & other forms
of online & computer communications.
It is defined as repeated use of internet, e-mails or related digital electronics communication
devise to annoy, alarm or threaten a specific individual.
Stalkers target victims through chat rooms, WhatsApp, hangouts, e-mail, facebook,ect.
Diff. Types of cyber stalking:-
• Threatening e-mails
• Spam
• Online verbal abuse
• Tracing internet activity
• Inappropriate msgs
Effects cyber stalking on person:-
• Changes in sleeping & eating pateerns
• Nightmares
• Anxiety
• Helplessness
• Fear for safety
• Shock & disbelief
Types of stalkers:-
• simple obsessional
• Delusional
• Vengeful
Motivations :-
• Sexual harassment
• Obsession for love
• Ego & power trips

Proxy Servers:-
 It is a s/w that acts on behalf of an application that is trying to communicate from
one n/w to another.
 The Second broad category of firewall technology is application level technology.
 Devices in this category are called application gateways which are computers running
proxy server s/w.
 Proxy server s/w caan run on a machine by itself or along with other s/w such as
packet filtering.

Anonymizers:-
 An anonymizer is a proxy server that makes internet activity untraceable.
  An anonymizer protects personally identifying info by hiding private info on user’s
behalf.
 A number of free proxy anonymizers use proxy servers from free, open, proxy lists.
 If we use commercial or free proxy anonymizer that does not use SSL or SSH
encryption then we are anonymous when connecting to standard unsecured sites.
 When users anonymize their personal identification:-
1. Risk minimization
2. Taboo electronic communication
3. Identity theft prevention
4. Protection of search history
5. Avoidence of legal & social consequences.

Phishing:-
 It is a type of deception designed to steal your valuable personal data(credit card
details, pswd, account data) by masquerading as a trustworthy entity.
 Phishing typically carried out by e-mails or instant messaging.
 How to avoid phishing:-
1. e-mails like “dear sir or madam” rather than “dear [Link]”.
2. Never fill out forms in email msgs that ask for confidential info.
3. Check beginning of web address
4. Regularly check bank, credit, debit card.

Password Cracking:-
 It refers to various measures used to discover computer pswd.
 This is usually accomplished by recovering pswds from data stored in computer
system.
 It is done by either repeatedly guessing pswd or through computer algorithm.
 It is used to gain access to accounts & resourses.

Keyloggers & Spywares:-

 It is a technology that tracks & records consecutive key dtrokes on a keyboard.
 Bcoz sensitive info(username, pswd) are often entered on a keyboard.
 It can be very dangerous technology.
 They are often part of malware, spyware or an external virus.