Lecture 1 Dr.
Alshaimaa Abo-alian
Introduction to Data Security A_alian@cis.asu.edu.eg
Aim of The Course
▪ This course covers the basic knowledge of understanding and using
cryptography to secure data.
▪ The course begins with:
o An overview of the main data security objectives
o Various types of security attacks and threats
o Taxonomy of different cryptographic algorithms.
▪ Topics include:
o Classical encryption techniques
o Symmetric and public-key encryption techniques
o Number theory
o Block ciphers
o Stream ciphers and pseudorandom number generators. 2 2
Course Content
1. Introduction to Data Security
2. Classical Encryption Techniques
3. Block Ciphers & the Data Encryption Standard (DES)
4. Block cipher Operation
5. Random Bit Generators
6. Stream Ciphers
7. Number Theory
8. Public-key Cryptography (PKC) & RSA
9. Other PKCs
10. Cryptographic Hash Functions
3
Marks Distribution
◼ Quizzes: 15% (Week 5 & 9)
◼ Midterm : 15% (Week 7)
◼ Practical (group project): 20%
◼ Final exam : 50 %
◼ Total: 100 %
4 4
Course References
1. William Stallings, “Cryptography and
Network Security: Principles and
Practice”, Prentice Hall, 8h Edition,
2020
2. Menezes, Alfred J.; Vanstone, Scott
A.; Van Oorschot, Paul C, “Handbook of
Applied Cryptography”, CRC, 5th
Edition, 2001
5
Lecture Outline
➢ Security Concepts
➢ Security Objectives
➢ Classes of Attacks
➢ Security Services Vs. Security mechanisms
➢ Cryptographic Algorithms
➢ Evaluation Criteria of Cryptographic Algorithms
➢ Models for Evaluating Security
6
Security Concepts
What is data/information security?
▪ Protection of data from unauthorized access,
corruption, or theft throughout its lifecycle.
▪ Protecting data at rest, in transit, and in use.
▪ Ensuring confidentiality, integrity, and availability (CIA)
of data.
7
Security Concepts
What is network security?
▪ Protection of networks and their service from
unauthorized modification, destruction, or disclosure
▪ Involves protecting network infrastructure, devices, and
communication channels
8
Security Concepts
What is Cryptography?
▪ A branch of mathematics that deals with the
transformation of data in order to ensure information
security.
▪ Cryptography is an essential component in the
secure storage and transmission of data
9
Security Concepts
Cryptology
Cryptography Cryptanalysis
▪ Cryptology is the study of cryptography and cryptanalysis
▪ Cryptanalysis is the study of mathematical techniques for
attempting to defeat/break cryptographic techniques.
▪ A cryptosystem is a general term referring to a set of
cryptographic algorithms used to provide information
security services.
10
Security Objectives
11
Cryptographic/Information
Security Objectives
1. Confidentiality : covers two related concepts:
a) Data confidentiality: Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
b) Privacy : focuses on how personal or sensitive data is
collected, used, shared, and stored, ensuring compliance
with privacy regulations (e.g., GDPR, HIPAA).
➔ A loss of confidentiality is the unauthorized disclosure of
information.
12
Cryptographic/Information
Security Objectives
2. Integrity : Assures that data (both stored and transmitted) are
accurate, consistent and changed only in an authorized manner.
➔ This covers two related concepts:
a) Data authenticity: verifies that data is genuine and originates
from a legitimate source without any unauthorized
modifications.
b) Nonrepudiation: Assures that:
– The sender of information is provided with proof of delivery
– the recipient is provided with proof of the sender’s identity
➔ so neither can later deny having processed the information.
➔ Integrity ensures that data has not been changed, destroyed, or
lost in an unauthorized or accidental manner. 13
Cryptographic/Information
Security Objectives
3. Availability : Assures that systems work promptly, and
service is not denied to authorized users.
4. Authenticity: Assures that users are who they claim to
be (not impersonated) and that each input arriving at the
system came from a trusted source.
5. Accountability: ensures that actions performed by
users or systems are recorded and traceable (allowing
audits).
14
Check Your Info.
What is the corresponding Security objective?
1. Ensures data is from a legitimate source a) Confidentiality
b) Integrity
2. Confirms entities are genuine
c) Availability
3. Protects data from unauthorized access d) Data Authenticity
e) Authenticity
4. Regulates how data is collected and shared
f) Privacy
5. Tracks user actions for security g) Non-repudiation
h) Accountability
6. Ensures data accuracy and consistency
7. Ensures data and systems are accessible
8. Prevents denial of actions
15 15
Classes of Attacks
What is an attack?
Any action that attempts to
compromise the security of
information or facilities
➔Passive attack:
Makes use of information,
but not affect system
resources
➔Active attack
Alters system resources or
operation
16
16
Classes of Attacks
Passive Attack: only threatens confidentiality of data.
Examples
1. Release message contents
2. Traffic analysis
➔ Relatively hard to detect, but easier to prevent
Active Attack: threatens data integrity, authentication and
confidentiality.
Examples
1. Masquerade 3. Modification
2. Replay 4. Denial of service
➔ Relatively hard to prevent, but easier to detect 17
Release Message Content
18
Traffic Analysis Attack
19
Masquerade Attack
20
Replay Attack
21
Modification Attack
22
Denial of Service Attack
23
Security Service Vs. Security Mechanism
Security Service
o A capability that supports one or more of the security
objectives
o Implemented by security mechanisms
Security Mechanism
o A method for preventing, detecting or recovering from
an attack
24
25
Security Services
1. Authentication Assure that the communicating entity is the
one that it claims to be.
2. Access Control Prevent unauthorized use of a resource
3. Data Confidentiality Protect data from unauthorized disclosure
4. Data Integrity Assure data received are exactly as sent by
authorized entity
5. Non-repudiation Protect against denial of one entity involved
in communications of having participated in communications
6. Availability System is accessible and usable on demand by
authorized users according to intended goal
26
Security Mechanisms
▪ No single mechanism can provide all services
▪ Common in most mechanisms: cryptographic algorithms.
▪ Cryptographic Algorithms can be broadly categorized into:
1. Reversible Cryptographic Algorithms: such as
encryption algorithms that allow data to be encrypted
and subsequently decrypted
2. Irreversible (one-way) Cryptographic Algorithms:
include hash algorithms and message authentication
codes, which are used in digital signature and message
authentication applications.
27
Cryptographic Algorithms
Cryptographic Algorithms can also be categorized into:
1. Keyless : Do not use any keys during cryptographic
transformations.
2. Single-key : The result of a transformation is a
function of the input data and a single key, known as
a secret key.
3. Two-key : Two different but related keys are used,
referred to as a private key and a public key.
28
Cryptographic Algorithms
29
Keyless Cryptographic
Algorithms
1. Cryptographic hash function: A function turns a
variable amount of text into a small, fixed-length
value called a hash value, hash code, or digest.
➔Used to ensure data integrity
2. A pseudorandom number generator: produces a
deterministic sequence of numbers or bits that has
the appearance of being a truly random sequence.
➔ Used in key generation
30
Single-key Cryptographic
Algorithms
▪ Encryption algorithms that use a single key are referred to as
symmetric encryption algorithms
▪ With symmetric encryption, an encryption algorithm takes as input
the data to be protected (plaintext) and a secret key and
produces a ciphertext.
▪ A corresponding decryption algorithm takes the ciphertext
(transformed data) and the same secret key and recovers the
original data
31
Single-key Cryptographic
Algorithms
Symmetric encryption takes the following forms:
1. Block cipher
A block cipher operates on data as a sequence of
blocks
2. Stream cipher
A stream cipher operates on data as a sequence of
bits/bytes
Used when the data must be processed one symbol at
a time
32
Block Cipher Vs. Stream Cipher
33
Single-key Cryptographic
Algorithms
Another form of single-key cryptographic algorithm is the
message authentication code (MAC)
A MAC is a unique tag associated with a data block or
message to verify the integrity of the message.
The MAC is generated using a secret key and a
cryptographic hash function of the message
The recipient of the message can check if the calculated
MAC matches the MAC accompanying the message, this
provides assurance that the message has not been
altered
34
Message Authentication Code
(M A C)
MAC algorithm 35
Two-key Cryptographic
Algorithms
▪ Two-key algorithms involve the use of two related keys (private key &
public key).
▪ A private key is known only to a single user or entity, whereas the
corresponding public key is made available to a number of users.
▪ Encryption algorithms that use two keys are referred to as
asymmetric (public-key) encryption algorithms.
36
Two-key Cryptographic
Algorithms
Digital signature algorithm
A digital signature is a value computed with a
cryptographic algorithm and associated with a data object
in such a way that any recipient of the data can use the
signature to verify the data’s origin and integrity
- the signer of a data object uses
the signer’s private key to
generate the signature
- Anyone has the corresponding
public key can verify that
validity of the signature.
37
Evaluation Criteria of
Cryptographic Algorithms
1. Level of security: An upper bound on the amount of
work necessary to defeat the objective.
2. Functionality: Is it most effective for a given objective?
3. Performance: Efficiency in terms of time, memory and
storage usage
4. Ease of implementation: the complexity of
implementation in a software or hardware environment
38
Attacks on Encryption
Schemes
There are two general approaches to attacking any
encryption scheme:
▪ Brute-Force attack
▪ Cryptanalysis (Cryptanalytic attacks)
39
Brute-Force attack
▪ Involves an exhaustive search of the key space.
▪ trying every possible key until an intelligible translation of
the ciphertext into plaintext is obtained.
▪ On average, half of all possible keys must be tried to
achieve success.
➔ the number of keys (i.e., the size of the key space)
should be large enough to make this attack computationally
infeasible.
40
Cryptanalysis (Cryptanalytic
attacks)
Ciphertext-only attack (COA): The attacker tries to deduce the
decryption key or plaintext by only observing ciphertext.
Known-plaintext attack (KPA): The attacker has a set of plaintexts and
corresponding ciphertexts
Chosen-plaintext attack (CPA): The attacker chooses plaintext and is
then given corresponding ciphertext.
Adaptive chosen-plaintext attack (ACPA) is a chosen-plaintext attack
wherein the choice of plaintext may depend on the previous requests.
Chosen-ciphertext attack (CCA): The attacker selects the ciphertext
and is then given the corresponding plaintext.
Adaptive chosen-ciphertext attack (ACCA) is a chosen-ciphertext attack
where the choice of ciphertext may depend on the previous requests.
41
Models For Evaluating Security
▪ Unconditional security (perfect secrecy): Assumes that the
attacker must have unlimited computational resources to defeat
the system.
➔ the key must be at least as long as the message.
▪ Complexity-theoretic security: worst-case analysis is used to
determine the computational power in terms of time and space
(e.g., polynomial, exponential, …)
▪ Provable security: A cryptographic method is said to be provably
secure if the difficulty of defeating it can be proven to be as difficult
as solving a well-known and difficult problem (e.g., integer
factorization)
43
Models For Evaluating Security
▪ Computational security: measures the amount of computational
effort required to defeat a system (e.g. AES-128 would take about
2.61*1012 years to defeat)
▪ An encryption scheme is said to be computationally secure if
either of the two criteria are met:
1. The cost of breaking the cipher exceeds the value of the
encrypted information.
2. The time required to break the cipher exceeds the useful
lifetime of the information.
44
TRUE OR FALSE
1. Passive attacks are very easy to detect because they involve
alteration of the data.
2. Data authenticity assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
3. Nonrepudiation prevents either sender or receiver from
denying a transmitted message.
4. On average, half of all possible keys must be tried to
achieve success with a brute-force attack.
5. The process of converting from plaintext to ciphertext is
known as deciphering or decryption.
45
COMPLETE
1. A loss of __________ is the unauthorized disclosure of
information.
2. Verifying that users are who they claim to be and that each
input arriving at the system came from a trusted source is
_________ .
3. Data appended to a data unit that allows a recipient of the
data unit to prove the source and integrity of the data unit
and protect against forgery is a(n) ___________ .
4. If both sender and receiver use the same key, the encryption
system is referred to as ___________ .
5. The __________ attack is the easiest to defend against
because the opponent has the least amount of information to
work with. 46
Thank you
47