Abstract image of a woman sitting on books and studying on a laptop

Basics of Data Security and Cryptographic techniques

J
Jay Sahoo

The document outlines the basics of data security, including definitions of threats, vulnerabilities, and key security principles such as confidentiality, integrity, and availability. It categorizes data threats into technical and non-technical types, and discusses cryptographic methods like symmetric and asymmetric encryption, along with authentication techniques. The importance of protecting sensitive data and the challenges in maintaining data integrity are emphasized throughout the text.

1 of 25
Download as PDF, PPTX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Basics of Data Security 1
Threat • A threat is any potential danger to information or systems. • Threats could be an intruder network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity. 2
Common Data Threats • Technical Data Threats o Hacking o Cracking o Malware o Data Leakage o Cloud Computing o Availability Attacks o Advanced Persistent Threats (APT) • Non-Technical Threats o Physical o Environmental o Insider Threat o Social Media o Dumpster Diving o Social Engineering 3
Vulnerability • A vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. • After exploiting a vulnerability, a cyberattack can run malicious code, install malware, and even steal sensitive data. • It exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. 4
Key security goals • Confidentiality: Data not leaked • Integrity: Data not modified • Availability: Data is accessible when needed • Authenticity: Data origin cannot be spoofed 5
Confidentiality • Need to ensure that confidential data is only available to correct people • Need to ensure that the entire database is secure from external and internal system breaches • Need to provide reporting on who has accessed what data and what they have done with it • Mission critical and Legally sensitive data must be highly security at the potential risk of lost business and litigation 6
7 Confidentiality • “Need to know” basis for data access – How do we know who needs what data? Approach: access control specifies who can access what – How do we know a user is the person she claims to be? Need her identity and need to verify this identity Approach: identification and authentication • Analogously: “Need to access/use” basis for physical assets – E.g., access to a computer room, use of a desktop • Confidentiality is: – difficult to ensure – easiest to assess in terms of success (binary in nature: Yes / No)
Integrity • Need to verify that any external data has the correct formatting and other metadata • Need to verify that all input data is accurate and verifiable • Need to ensure that data is following the correct workflow rules for your institution/corporation • Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws. 8
Integrity • Integrity vs. Confidentiality – Concerned with unauthorized modification of assets (= resources) Confidentiality - concered with access to assets – Integrity is more difficult to measure than confidentiality Not binary – degrees of integrity Context-dependent - means different things in different contexts Could mean any subset of these asset properties: { precision / accuracy / currency / consistency / meaningfulness / usefulness / ...} • Types of integrity—an example – Quote from a politician – Preserve the quote (data integrity) but misattribute (origin integrity)
Availability • Data needs to be available at all necessary times • Data needs to be available to only the appropriate users • Need to be able to track who has access to and who has accessed what data 10
Availability • We can say that an asset (resource) is available if: – Timely request response – Fair allocation of resources (no starvation!) – Fault tolerant (no total breakdown) – Easy to use in the intended way – Provides controlled concurrency (concurrency control, deadlock control, ...)
Authenticity • Need to ensure that the data has been edited by an authorized source • Need to confirm that users accessing the system are who they say they are • Need to verify that all report requests are from authorized users • Need to verify that any outbound data is going to the expected receiver 12
QUIZ Determine which of the following violates the principles of confidentiality, integrity, and/or availability (more than one principle may be violated). 1. Robin copies Akhil’s home assignment solution. 2. Akhil crashes Robin’s Computer 3. The Bank employee changes the amount of the customer's check from Rs 10000 to Rs 100000 4. Robin makes a fake signature of Akhil. 5. Robin registers the domain name “iiitkottayam.ac.in" but this domain is not available.
Basic Cryptographic Tools • Encryption • Message Authentication Codes • Digital Signatures 14
• Cipher is a method for encrypting messages • Encryption algorithms are standardized & published • The key which is an input to the algorithm is secret – Key is a string of numbers or characters – If same key is used for encryption & decryption the algorithm is called symmetric – If different keys are used for encryption & decryption the algorithm is called asymmetric Encryption Cipher Plain Text Encryption Algorithm Key A Key B Cipher Text Plain Text Decryption Algorithm
A little more formally, encryption consists of the following three protocols: • KeyGen - a key generation algorithm that generates the necessary cryptographic keys, • Enc(k; p) = c - an encryption algorithm that uses a key k to scramble the plaintext p into cipher text c, • Dec(k; c) = p - a decryption algorithm that uses the key k to recover the plaintext p from the ciphertext c. 16 Encryption
17 Symmetric-key cryptography Asymmetric-key cryptography
Symmetric-key cryptography • EX: AES,DES 3DES • Advantages: – Simple – Faster • Disadvantages: – Key must exchanges in secure way – Easy for hacker to get a key as it is passed in unsecure way.
Asymmetric Encryption 19 • Asymmetric encryption uses two keys, one to encrypt the data, and another key to decrypt the data. • These keys are generated together • One is named a Public key and is distributed freely. The other is named as Private Key and it is kept hidden. • Both the Sender & Recipient has to share their Public Keys for Encryption and has to use their Private Keys for Decryption.
How it WORKS…….? 20
EX: RSA, Diffie-Hellman, Pretty Good Privacy (PGP) Advantages 1. More Secured 2. Authentication Disadvantages 1. Relatively Complex 21
• Authentication is the process of validating the identity of a user or the integrity of a piece of data. • There are three technologies that provide authentication – Message Digests / Message Authentication Codes – Digital Signatures – Public Key Infrastructure • There are two types of user authentication: – Identity presented by a remote or application participating in a session – Sender’s identity is presented along with a message. Authentication Basics
• A message digest is a fingerprint for a document • Purpose of the message digest is to provide proof that data has not altered • Process of generating a message digest from data is called hashing • Hash functions are one way functions with following properties – Infeasible to reverse the function – Infeasible to construct two messages which hash to same digest • Commonly used hash algorithms are – MD5 – 128 bit hashing algorithm by Ron Rivest of RSA – SHA & SHA-1 – 162 bit hashing algorithm developed by NIST Authentication Message Digests Message Message Digest Algorithm Digest
• A message digest created with a key • Creates security by requiring a secret key to be possessed by both parties in order to retrieve the message • HMAC, NMAC Message Authentication Codes Basics Message Message Digest Algorithm Digest Secret Key
• A digital signature is a data item which accompanies or is logically associated with a digitally encoded message. • It has two goals – A guarantee of the source of the data – Proof that the data has not been tampered with Authentication Digital Signatures Message Sent to Receiver Digest Algorithm Digital Signature Sent to Receiver Message Digest Sender’s Private Key Sender’s Public Key Message Digest Signature Algorithm Signature Algorithm Digest Algorithm Message Digest Sender Receiver Same?

More Related Content

PPT
CNS Unit-I_final.ppt
SwapnaPavan2
 
PDF
network security.pdf
KIYALIBAN1
 
PDF
CyberSecurity101.pdf
DhananjaySingh23178
 
PPTX
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
PPTX
Cryptography Introduction Classical Encryption
RajarajanS15
 
PDF
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PPTX
Security Fundamentals Security Issues Earlier
mvk11
 
CNS Unit-I_final.ppt
SwapnaPavan2
 
network security.pdf
KIYALIBAN1
 
CyberSecurity101.pdf
DhananjaySingh23178
 
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
Cryptography Introduction Classical Encryption
RajarajanS15
 
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Security Fundamentals Security Issues Earlier
mvk11
 

Similar to Basics of Data Security and Cryptographic techniques(20)

PPTX
Cyber security
JahirUddinKomol
 
PPTX
security in is.pptx
selvapriyabiher
 
PPT
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
PPTX
Dos unit 5
JebasheelaSJ
 
PPTX
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
PPTX
CNS new ppt unit 1.pptx
RizwanBasha12
 
PPT
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 
PPTX
cryptographydiksha.pptx
DIKSHABORKAR8
 
PDF
Security in computer systems fundamentals
Manesh T
 
PDF
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
PDF
Security Fundamentals
SecureIoT H2020 funded project
 
PDF
Security fundamentals
SofoklisEfremidisAIT
 
PPTX
Cybersecurity-and-Technology-Fundamentals.pptx
thanveerwajidmp
 
PPT
Network sec 1
Jasleen Kaur
 
PPTX
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
PPT
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
PDF
chapter 1-4.pdf
zerihunnana
 
PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PDF
Ccna sec 01
EduclentMegasoftel
 
PPT
Ch8ed12romney
woyaoni
 
Cyber security
JahirUddinKomol
 
security in is.pptx
selvapriyabiher
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
Dos unit 5
JebasheelaSJ
 
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
CNS new ppt unit 1.pptx
RizwanBasha12
 
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 
cryptographydiksha.pptx
DIKSHABORKAR8
 
Security in computer systems fundamentals
Manesh T
 
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Security Fundamentals
SecureIoT H2020 funded project
 
Security fundamentals
SofoklisEfremidisAIT
 
Cybersecurity-and-Technology-Fundamentals.pptx
thanveerwajidmp
 
Network sec 1
Jasleen Kaur
 
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
chapter 1-4.pdf
zerihunnana
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
Ccna sec 01
EduclentMegasoftel
 
Ch8ed12romney
woyaoni
 

Recently uploaded(20)

PPTX
testtesttesttesttesttesttesttesttesttesttesttesttesttest
yamisukehiro9843
 
PDF
Design and Implementation of Low-Cost Electric Vehicles (EVs) Supercharger: A...
pijans
 
PDF
Computer Networks and Internet Protocol Week-1
tonysanthosh87
 
PPTX
Retail.pptx internet of things mtech 2 nd sem
RajeshSahu275956
 
PPT
operating_syatem_bacis_introduction_to_operating_syatem.ppt
alistairb358
 
PPTX
Soumya Das post quantum crypot algorithm
soumyadastue
 
PDF
Foundry.Currently used in the industry pdf
2014marinamartins
 
PDF
PhD defense presentation in field of Computer Science
ssusere081a2
 
PDF
Cisco Packet Tracer Modules 1 to 7 Introduction to Networks v7.0.pdf
Alvin912
 
PDF
Manual variador de corriente directa parker.pdf
AntonioGuadiana1
 
PDF
Object Oriented Analysis Design-UNIT 1 Lecture Material.pdf
UmaKannan20
 
PDF
LAST 3 MONTH VOCABULARY MAGAZINE 2025 . (1).pdf
sandhyakshaythota
 
PDF
IMDb_Product_Teardown_product_management
v2v1441
 
PPTX
CC PPTS unit-I PPT Notes of Cloud Computing
Ramya Nellutla
 
PPT
linux chapter 1 learning operating system
nikhiltanwar6714
 
PPT
Introduction to electronics components.ppt
Vikas Goyal
 
PDF
Recent Trends in Network Security - 2025
IJNSA Journal
 
PDF
Cloud Storage, Monitoring, Management and SLA.pdf
Amol Gaikwad
 
PPTX
240409 Data Center Training Programs by Uptime Institute (Drafting).pptx
AuPslFightForGreatVi
 
PDF
August 2025 Top read articles in International Journal of Database Managemen...
ijdmsjournal
 
testtesttesttesttesttesttesttesttesttesttesttesttesttest
yamisukehiro9843
 
Design and Implementation of Low-Cost Electric Vehicles (EVs) Supercharger: A...
pijans
 
Computer Networks and Internet Protocol Week-1
tonysanthosh87
 
Retail.pptx internet of things mtech 2 nd sem
RajeshSahu275956
 
operating_syatem_bacis_introduction_to_operating_syatem.ppt
alistairb358
 
Soumya Das post quantum crypot algorithm
soumyadastue
 
Foundry.Currently used in the industry pdf
2014marinamartins
 
PhD defense presentation in field of Computer Science
ssusere081a2
 
Cisco Packet Tracer Modules 1 to 7 Introduction to Networks v7.0.pdf
Alvin912
 
Manual variador de corriente directa parker.pdf
AntonioGuadiana1
 
Object Oriented Analysis Design-UNIT 1 Lecture Material.pdf
UmaKannan20
 
LAST 3 MONTH VOCABULARY MAGAZINE 2025 . (1).pdf
sandhyakshaythota
 
IMDb_Product_Teardown_product_management
v2v1441
 
CC PPTS unit-I PPT Notes of Cloud Computing
Ramya Nellutla
 
linux chapter 1 learning operating system
nikhiltanwar6714
 
Introduction to electronics components.ppt
Vikas Goyal
 
Recent Trends in Network Security - 2025
IJNSA Journal
 
Cloud Storage, Monitoring, Management and SLA.pdf
Amol Gaikwad
 
240409 Data Center Training Programs by Uptime Institute (Drafting).pptx
AuPslFightForGreatVi
 
August 2025 Top read articles in International Journal of Database Managemen...
ijdmsjournal
 

Basics of Data Security and Cryptographic techniques

  • 1.
    Basics of DataSecurity 1
  • 2.
    Threat • A threatis any potential danger to information or systems. • Threats could be an intruder network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity. 2
  • 3.
    Common Data Threats •Technical Data Threats o Hacking o Cracking o Malware o Data Leakage o Cloud Computing o Availability Attacks o Advanced Persistent Threats (APT) • Non-Technical Threats o Physical o Environmental o Insider Threat o Social Media o Dumpster Diving o Social Engineering 3
  • 4.
    Vulnerability • A vulnerabilityis a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. • After exploiting a vulnerability, a cyberattack can run malicious code, install malware, and even steal sensitive data. • It exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission. 4
  • 5.
    Key security goals •Confidentiality: Data not leaked • Integrity: Data not modified • Availability: Data is accessible when needed • Authenticity: Data origin cannot be spoofed 5
  • 6.
    Confidentiality • Need toensure that confidential data is only available to correct people • Need to ensure that the entire database is secure from external and internal system breaches • Need to provide reporting on who has accessed what data and what they have done with it • Mission critical and Legally sensitive data must be highly security at the potential risk of lost business and litigation 6
  • 7.
    7 Confidentiality • “Need toknow” basis for data access – How do we know who needs what data? Approach: access control specifies who can access what – How do we know a user is the person she claims to be? Need her identity and need to verify this identity Approach: identification and authentication • Analogously: “Need to access/use” basis for physical assets – E.g., access to a computer room, use of a desktop • Confidentiality is: – difficult to ensure – easiest to assess in terms of success (binary in nature: Yes / No)
  • 8.
    Integrity • Need toverify that any external data has the correct formatting and other metadata • Need to verify that all input data is accurate and verifiable • Need to ensure that data is following the correct workflow rules for your institution/corporation • Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws. 8
  • 9.
    Integrity • Integrity vs.Confidentiality – Concerned with unauthorized modification of assets (= resources) Confidentiality - concered with access to assets – Integrity is more difficult to measure than confidentiality Not binary – degrees of integrity Context-dependent - means different things in different contexts Could mean any subset of these asset properties: { precision / accuracy / currency / consistency / meaningfulness / usefulness / ...} • Types of integrity—an example – Quote from a politician – Preserve the quote (data integrity) but misattribute (origin integrity)
  • 10.
    Availability • Data needsto be available at all necessary times • Data needs to be available to only the appropriate users • Need to be able to track who has access to and who has accessed what data 10
  • 11.
    Availability • We cansay that an asset (resource) is available if: – Timely request response – Fair allocation of resources (no starvation!) – Fault tolerant (no total breakdown) – Easy to use in the intended way – Provides controlled concurrency (concurrency control, deadlock control, ...)
  • 12.
    Authenticity • Need toensure that the data has been edited by an authorized source • Need to confirm that users accessing the system are who they say they are • Need to verify that all report requests are from authorized users • Need to verify that any outbound data is going to the expected receiver 12
  • 13.
    QUIZ Determine which ofthe following violates the principles of confidentiality, integrity, and/or availability (more than one principle may be violated). 1. Robin copies Akhil’s home assignment solution. 2. Akhil crashes Robin’s Computer 3. The Bank employee changes the amount of the customer's check from Rs 10000 to Rs 100000 4. Robin makes a fake signature of Akhil. 5. Robin registers the domain name “iiitkottayam.ac.in" but this domain is not available.
  • 14.
    Basic Cryptographic Tools •Encryption • Message Authentication Codes • Digital Signatures 14
  • 15.
    • Cipher isa method for encrypting messages • Encryption algorithms are standardized & published • The key which is an input to the algorithm is secret – Key is a string of numbers or characters – If same key is used for encryption & decryption the algorithm is called symmetric – If different keys are used for encryption & decryption the algorithm is called asymmetric Encryption Cipher Plain Text Encryption Algorithm Key A Key B Cipher Text Plain Text Decryption Algorithm
  • 16.
    A little moreformally, encryption consists of the following three protocols: • KeyGen - a key generation algorithm that generates the necessary cryptographic keys, • Enc(k; p) = c - an encryption algorithm that uses a key k to scramble the plaintext p into cipher text c, • Dec(k; c) = p - a decryption algorithm that uses the key k to recover the plaintext p from the ciphertext c. 16 Encryption
  • 17.
  • 18.
    Symmetric-key cryptography • EX:AES,DES 3DES • Advantages: – Simple – Faster • Disadvantages: – Key must exchanges in secure way – Easy for hacker to get a key as it is passed in unsecure way.
  • 19.
    Asymmetric Encryption 19 • Asymmetricencryption uses two keys, one to encrypt the data, and another key to decrypt the data. • These keys are generated together • One is named a Public key and is distributed freely. The other is named as Private Key and it is kept hidden. • Both the Sender & Recipient has to share their Public Keys for Encryption and has to use their Private Keys for Decryption.
  • 20.
  • 21.
    EX: RSA, Diffie-Hellman,Pretty Good Privacy (PGP) Advantages 1. More Secured 2. Authentication Disadvantages 1. Relatively Complex 21
  • 22.
    • Authentication isthe process of validating the identity of a user or the integrity of a piece of data. • There are three technologies that provide authentication – Message Digests / Message Authentication Codes – Digital Signatures – Public Key Infrastructure • There are two types of user authentication: – Identity presented by a remote or application participating in a session – Sender’s identity is presented along with a message. Authentication Basics
  • 23.
    • A messagedigest is a fingerprint for a document • Purpose of the message digest is to provide proof that data has not altered • Process of generating a message digest from data is called hashing • Hash functions are one way functions with following properties – Infeasible to reverse the function – Infeasible to construct two messages which hash to same digest • Commonly used hash algorithms are – MD5 – 128 bit hashing algorithm by Ron Rivest of RSA – SHA & SHA-1 – 162 bit hashing algorithm developed by NIST Authentication Message Digests Message Message Digest Algorithm Digest
  • 24.
    • A messagedigest created with a key • Creates security by requiring a secret key to be possessed by both parties in order to retrieve the message • HMAC, NMAC Message Authentication Codes Basics Message Message Digest Algorithm Digest Secret Key
  • 25.
    • A digitalsignature is a data item which accompanies or is logically associated with a digitally encoded message. • It has two goals – A guarantee of the source of the data – Proof that the data has not been tampered with Authentication Digital Signatures Message Sent to Receiver Digest Algorithm Digital Signature Sent to Receiver Message Digest Sender’s Private Key Sender’s Public Key Message Digest Signature Algorithm Signature Algorithm Digest Algorithm Message Digest Sender Receiver Same?