Fundamentals of Computer Security and Cryptography
Computer Security refers to the protection of computer systems and networks from theft, damage, unauthorized access, misuse, or disruption of services. It ensures confidentiality, integrity, and availability of data.
The need for security arises because of increasing cyber threats, sensitive data storage (e.G., financial records, medical data), online transactions, and dependence on cloud services. Without security, systems are vulnerable to data breaches, identity theft, and financial losses.
Security approaches include preventive (e.G., firewalls, antivirus), detective (e.G., intrusion detection systems), and corrective (e.G., backups, recovery plans). The principles of security include confidentiality (ensuring only authorized access to data), integrity (protecting data from alteration), availability (ensuring services are accessible when needed), authentication (verifying user identity), and non-repudiation (ensuring actions cannot be denied by the user).
Types of Security Attacks are broadly classified as active and passive.
Passive attacks involve unauthorized monitoring, such as eavesdropping or traffic analysis, without altering the data (e.G., intercepting emails).
Active attacks attempt to modify or disrupt communication, including masquerade attacks (pretending to be someone else), replay attacks (reusing captured messages), modification attacks (altering data in transit), and denial-of-service (DoS)
attacks (overloading a system to make it unavailable). For example, a phishing email tricking users into revealing passwords is a form of active social engineering attack.
Cryptography is the science of securing information by converting it into an unreadable form, ensuring confidentiality, integrity, and authentication.
Plain Text is the original, readable data or message (e.G., “HELLO”), while Cipher Text is the transformed, unreadable form after encryption (e.G., “IFMMP”). Cryptography prevents unauthorized users from understanding sensitive data even if intercepted.
Substitution and Transposition Techniques are classical cryptographic methods. In substitution techniques, characters in the plaintext are replaced with other characters, numbers, or symbols. For example, in the Caesar Cipher, shifting each letter by 3 positions converts “HELLO” into “KHOOR.” In transposition techniques, the position of characters is rearranged without changing the actual characters. For example, if we reverse “HELLO,” the cipher text becomes “OLLEH.” Substitution changes content, while transposition changes structure.
Encryption is the process of converting plaintext into cipher text using an algorithm and a key, while Decryption is the reverse process of converting cipher text back into plaintext. For example, using a Caesar Cipher with a shift of 3, encryption converts “DATA” → “GDWD,” and decryption shifts it back to “DATA.” Symmetric Key Cryptography uses the same key for encryption and decryption (e.G., DES, AES)
, making it faster but requiring secure key sharing.
Asymmetric Key Cryptography uses two keys—a public key for encryption and a private key for decryption (e.G., RSA)
. It is more secure for key exchange but computationally slower compared to symmetric methods.
Symmetric Key Ciphers are encryption techniques where the same secret key is used for both encryption and decryption. They are efficient and faster than asymmetric ciphers, making them suitable for encrypting large volumes of data. However, they require secure key distribution between communicating parties, which can be a challenge.
Block Cipher Principles involve dividing the plaintext into fixed-size blocks (e.G., 64-bit or 128-bit), and then applying a series of substitution and permutation transformations controlled by a secret key. Each block is processed independently, ensuring high security and making block ciphers resistant to brute-force attacks when large key sizes are used.
Data Encryption Standard (DES)
is a symmetric block cipher that uses a 56-bit key and operates on 64-bit blocks. It applies 16 rounds of substitution and permutation. While historically important, it is now considered insecure due to its small key size.
Advanced Encryption Standard (AES)
is a widely used block cipher that supports 128-, 192-, or 256-bit keys with block size fixed at 128 bits. It uses multiple rounds of substitution, shifting, mixing, and key addition, and is considered highly secure.
Blowfish is a fast, flexible block cipher with a variable key length (32–448 bits) and 64-bit block size, often used in applications like password hashing.
RC5 is a symmetric cipher with variable block sizes (32-, 64-, or 128-bit), key lengths, and number of rounds, making it adaptable for different security needs.
IDEA (International Data Encryption Algorithm)
uses a 128-bit key and operates on 64-bit blocks, employing modular arithmetic and XOR operations, and is still regarded as secure.
Asymmetric Key Cryptography, also known as public-key cryptography, uses a pair of keys: a public key for encryption and a private key for decryption. This eliminates the need for secure key exchange, as the public key can be openly shared. The principles of public key cryptosystems are based on mathematical problems that are easy to compute in one direction but hard to reverse without special information (trapdoor functions). Examples include factorization of large prime numbers (used in RSA) and discrete logarithm problems (used in Elgamal and Diffie-Hellman)
.
RSA Algorithm is one of the most widely used public-key cryptosystems. The steps include: (1) Choose two large prime numbers p and q, and compute n = p × q. (2) Compute Euler’s totient φ(n) = (p–1)(q–1). (3) Choose a public key exponent e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. (4) Compute the private key d as the modular inverse of e (d × e ≡ 1 mod φ(n)). For example, let p = 7 and q = 13, then n = 91, φ(n) = 72. If e = 5, then d = 29. To encrypt a message M = 10, compute C = M^e mod n = 10^5 mod 91 = 82. To decrypt, compute M = C^d mod n = 82^29 mod 91 = 10. Thus, encryption and decryption are secure and consistent.
Elgamal Cryptography is an asymmetric encryption scheme based on the discrete logarithm problem. It uses a public key for encryption and a private key for decryption, offering semantic security (different ciphertexts for the same message). It is mainly used in digital signatures and secure key exchanges.
Diffie-Hellman Key Exchange is a method for two parties to securely establish a shared secret key over an insecure channel. Both parties choose private keys and exchange computed public values; using modular arithmetic, they independently arrive at the same shared secret. For example, if both agree on a prime p = 23 and base g = 5, Alice chooses a = 6 and sends g^a mod p = 8, Bob chooses b = 15 and sends g^b mod p = 2. Both then compute the shared key as 2^6 mod 23 = 8^15 mod 23 = 2, establishing a common secret without directly transmitting it.