CHAPTER 5: SECURITY

5.1 ENCRYPTION AND ENCRYPTION PROTOCOLS 

 5.1.1 Encryption Concepts 

 Plain Text: Original data before encryption. 

 Cipher Text: Result of applying encryption algorithm to data. 

 Encryption: Process of making cipher text from plain text. 

 Key: Value used by encryption/decryption algorithm. 

 5.1.2 Symmetric Key Encryption 

 Definition: Same key used for encryption and decryption. 

 Process: 

 

 Sender and receiver share secret key 

 Sender encrypts plain text with key → cipher text 

 Cipher text transmitted 

 Receiver decrypts with same key → plain text 

 

 Advantages: 

 

 Fast 

 Simple 

 

 Disadvantages: 

 

 Key distribution problem 

 Multiple keys needed for multiple recipients 

 

 Examples: 

 

 AES (Advanced Encryption Standard) 

 DES (Data Encryption Standard) 

 

 5.1.3 Asymmetric Key Encryption 

 Definition: Different keys for encryption and decryption. 

 Public Key: 

 

 Shared with everyone 

 Used for encryption 

 Used for signature verification 

 

 Private Key: 

 

 Kept secret 

 Used for decryption 

 Used for digital signatures 

 

 Sending Private Message: 

 

 Receiver sends public key to sender 

 Sender encrypts message with public key 

 Only receiver (with private key) can decrypt 

 

 Sending Verified Message: 

 

 Sender encrypts with private key 

 Anyone can decrypt with public key 

 Message verified as from sender 

 

 5.1.4 Digital Signatures 

 Process: 

 

 Calculate hash of message (digest) 

 Encrypt digest with sender's private key → digital signature 

 Send message + signature 

 Receiver decrypts signature with public key → digest 

 Receiver calculates hash of message 

 If digests match → message authentic 

 

 5.1.5 Digital Certificates 

 Purpose: Verify that public key belongs to claimed entity. 

 Certificate Contents: 

 

 Entity's public key 

 Entity's identity information 

 CA's digital signature 

 

 Obtaining Certificate: 

 

 Entity contacts Certification Authority (CA) 

 CA confirms entity's identity 

 CA creates certificate with entity's public key 

 CA signs certificate with its private key 

 Entity posts certificate on website 

 

 5.1.6 SSL/TLS Protocol 

 Purpose: Provide secure communication between client and server. 

 Uses: 

 

 Online shopping 

 Online banking 

 HTTPS websites 

 

 Process: 

 

 Client connects to server (port 443) 

 Server sends certificate 

 Client validates certificate 

 Client generates session key 

 Client encrypts session key with server's public key 

 Server decrypts session key 

 Secure session begins 

 

 

 5.2 MALWARE AND RESTRICTION METHODS 

 5.2.1 Types of Malware 

 

 

 

 

 Type 

 Description 

 Exploits 

 

 

 

 

 Virus 

 Replicates inside executable files 

 Executable files 

 

 

 Worm 

 Runs independently, propagates to networks 

 Shared networks 

 

 

 Spyware 

 Collects and transmits information 

 Background processes 

 

 

 Phishing 

 Emails requesting confidential info 

 User trust 

 

 

 Pharming 

 Bogus website redirects 

 Website appearance 

 

 

 

 

 

 5.2.2 Restriction Methods 

 

 

 

 

 Malware 

 Restriction Method 

 

 

 

 

 Virus 

 Anti-virus software with daily scans 

 

 

 Worm 

 Firewall protection 

 

 

 Spyware 

 Real-time anti-spyware 

 

 

 Phishing 

 Check sender email address 

 

 

 Pharming 

 Verify website URL