Cryptography and

Network Security
Dr Muhammad Awais Azam
Lecture 1
Overview
 About This Course
• Suggested Books
• Cryptography and Network security, Principles
and Practice; by William Stallings
• Cryptography: Theory and Practice; by Douglas
R. Stinson
• Any other referenced material
 Grading and Others
• Assignment 20%
• Can be a group paper presentation
• Individual/Group Programming Assignment

• Quiz 20%

• Mid-Term Exam 20%

• Final Exam 40%

 Objectives
• Confidentiality

• Integrity

• Availability
Fundamentals of IT
Security
People

Processes

Technology
 Course Contents
• Section-1
• Introduction
 Ceaser cipher
 World war-I & II
 Ancient times to new Standards (DES, AES)

• Section-2
• The Threat Environment: Attackers & Attacks
 Basic security terminology
 Employee & Ex-Employee Threats
• Section-3
• Cryptography: Introduction
 Definition and concepts
 Steganography
 Types of ciphers (substitutions & transposition)
 Block & Stream ciphers
 Symmetric vs Asymmetric Algorithms
 Message Integrity
 Digital Signatures
 Public Key Infrastructure
 Key Management
 Email Security
 Internet Security Standard
 IPSec
• Section-4
• Network Security Topics
 Enterprise Network Architecture
 Firewall
 System & Server Security
 Web Application Security
 Vulnerability & Penetration Testing
 Other security measures …
 Table 1.1
Threats and Attacks (RFC 4949)
 Security Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

•A passive attack attempts to

learn or make use of
information from the system
but does not affect system
resources

•An active attack attempts to

alter system resources or affect
their operation
 Passive Attacks

• Are in the nature of

eavesdropping on, or
monitoring of, transmissions

• Goal of the opponent is to • Two types of passive

obtain information that is
being transmitted
attacks are:
• The release of message
contents
• Traffic analysis
 Active Attacks
• Involve some modification of the
data stream or the creation of a
false stream
• Difficult to prevent because of
the wide variety of potential
physical, software, and network
vulnerabilities
• Goal is to detect attacks and to
recover from any disruption or
delays caused by them
•Takes place when one entity pretends
to be a different entity
Masquerade •Usually includes one of the other forms
of active attack
•Involves the passive capture of a data
unit and its subsequent retransmission
Replay to produce an unauthorized effect-
(password example)
•Some portion of a legitimate message is
Modification altered, or messages are delayed or
of messages reordered to produce an unauthorized
effect
Denial of •Prevents the normal use or
management of communications
service facilities
Model for Network Security
Network Access Security
Model
Summary