Course - Should Be Kept PDF

Information System Security
, Dr. rer. nat

Research Professor
2014 9 2 (Draft)

....................................................................... i
1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.1 Terminologies, 7 1.2 Concepts of Information Security, 8 1.3 The OSI Security Architecture, 19 1.4 Attacks, Services, and Mechanisms, 22
Classical Encryption Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.1 Terminologies, 50 2.2 A Short History of Cryptography, 50
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Information System Security

(062062/Fall 2014/KMU International School)
Course Information and Syllabus

1. Logistics
Instructor
Prof. Yongmoo Kim, Dr. rer. nat.
Class Meetings
MR 09001030 @ Rm504, Intl. Hall B
Ofce Hours
W 13001400 @ Rm314, College of Science
E-Mail
yongmoo_kim@kookmin.ac.kr
Textbook
Stallings, William, 2013, Cryptography and Network Security: Principles and

Practice, 6th Ed., Prentice Hall, ISBN-13: 978-0133354690
The 4th edition (Req. No.: 005.8 S782c4i) and the 5th edition (Req. No.: 005.8 St18c5) are available
in the library. There is also a Korean translation available in the library.
, 2005, , . : , ISBN 895727068X (Req.
No.: 005.8 831)
2 Course Description
We are living in the society which was proposed as the successor to industrial society in the early
sixtieth. Although one of the goal of the society is to get more competitive advantage in a creative
and productive way using information technology and relevant infrastructure, we are facing with
the new threat and risk that we have never experienced before.
This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming experience and related basic knowledge and to understand this important priority in society today. The students would gure out the key concepts
and knowledge with basic, but essential skills in information security. The course introduces the underlying general concepts and principles of information security as well as technical and theoretical
backbone knowledge. As the course title intrinsically indicates, it deals intensively with two main
disciplines, cryptography and network security.
The course will be organized around a few broad themes:
Overview: essential concepts of information security, CIA model, OSI security architecture, security mindset, etc
Classical Encryption: concepts of ciphers, afne ciphers, Vigenre cipher, Hill cipher, Enigma, etc
Mathematical Concepts: modular arithmetic, nite elds, factorization, discrete logarithm, elliptic
curves, etc.
Modern Encryption I, Block Ciphers: block ciphers (DES, AES, SEED), block cipher modes, etc
Modern Encryption II, Stream Ciphers: pseudo random number generators, RC4, LFSR, etc
Modern Encryption III, Public-Key Cryptographic systems: RSA, Dife-Hellman key exchange, Elgamal cryptographic system, elliptic curve cryptography, etc
Cryptographic Data Integrity Algorithms: hash functions, MAC, digital signatures, PKI, etc
Network Internet Security: network access control, cloud security, transport-level security, wireless network security, electronic mail security, IP security, etc.
3. Course Objectives
The ultimate destination of this course is to provide you with a background, foundation, and
insight into the many aspects of information security and the methodologies. The knowledge as basis
will help you for further deeper study into selected areas of the eld, or as an important component
in your further studies and involvement in computing, especially in concern of information security,
as a whole. The primary objectives of the course are to help you:
Understanding importance of information security in our increasing computer-driven and network-wooven world.
Understanding cryptography as a tool for protecting information against various level of threat
and risks in information security environment; and network security
Develop a security mindset, so learn how to critically analyze situations of computer and
network usage from a security perspective, identifying the salient issues, viewpoints, and tradeoffs, and more.
Clearly and coherently communicate (both verbally and in writing) about complex technical
topics.
Work and interact collaboratively in groups to examine, understand and explain key aspects of
information security.
3
4. Teaching Philosophy
The main purpose of this course is to help you understand threats and risks to information systems
and how to protect systems against attacks in various levels. Because the subject is so broad and
complex, and is always rapidly changing, it is not something you can learn by instruction alone. My
purpose as instructor is to expose you to a variety of important conceptual and technical aspects of
the subject as well as background knowledge helping to lay a solid foundation with which you can
get a deeper understanding by your own efforts.
I will try to touch many materials based around the main text as well as additional assigned readings or ones that you nd yourself. I will use homework to reinforce your skills and understanding,
and critical writing assignments to make you challenge and evaluate what you read. You will be expected to participate actively in class discussions. You will have many opportunities to express and
defend your views in class and in your assignments, and are expected to take advantage of these
opportunities.
Power Pointless
Digital slideshows are the scourge of higher education.
Rebecca Schuman (http://www.slate.com/)
5. Your Responsibilities
(1) Class Participation: To achieve a great success in the course, one of the best way is active engagement with the material. Part of that engagement surely includes attending and participating
actively in class meetings. You will be expected to prepare all materials including assigned ones
for yourself and others. You will also be expected to study problems, techniques, and approaches
individually and in groups.
If you are unable to attend class, please notify the instructor by E-mail beforehand for consideration of an excused absence. Unexcused absences will be factored into your grade.
(2) Classroom Conduct: In the class meeting, you are expected to be respectful to the instructor and
your fellow students. You have to arrive on time, avoid distracting behaviour and remaining
engaged in the discussion of the material. You may use a laptop at your discretion, as long as
it is required only for the purpose of the class and does not cause a distraction to you or other
students. Cell phones should be silenced or turned off, and should never be answered in class; if
you believe a call is urgent, please step outside to answer it.
During any exam or quiz, all electronic devices must be powered down and put away. Violating
this policy may lead to a zero score and potentially a referral to the Ofce of Student Integrity.
Class meetings will often include interactive discussions among the instructor and students. At
times these discussions may involve challenges or spirited disagreements with one anothers
premises, viewpoints, or conclusions. These are consistent with (and often necessary for) the open
exchange of ideas, but should always be conducted with civility and mutual respect.
(3) Ethics: In this course you will learn about vulnerabilities in information systems, and how they
may potentially be exploited. This is intended in the spirit of open scientic inquiry to help you
understand how such vulnerabilities may be avoided or repaired, and how attackers go about
circumventing security measures. You have the responsibility to use this information responsibly,
legally, and ethically.
6. General Assignment Guidelines
(1) Technical Format: Although the most important thing to do in any assignment is to show that you
have thought about the topic and gained some understanding, grading will also take technical
format and presentation into account.
All written assignments must be typed with the cover where your name and ID, date, and assignment number are shown. Page counts for assignments assume 12-point font, double line spacing,
A4-size paper, and 3-cm margins. Feel free to use any software you nd convenient for writing,
e.g., Word, LATEX, Pages, etc.
(2) Writing Style: Your writing should be clear and concise, with correct grammar and spelling. All
writing assignments should be proofread and corrected before submission; incomplete sentences,
broken grammar, or lack of clarity will adversely affect your score. All mathematical formulae
and proofs should be logically and correctly formulated. For footnotes and bibliographies, use a
standard and consistent citation style. You are encouraged to learn and use standard bibliographic
tools such as EndNote (for Word, available for free from OIT) or BibTEX (for LATEX).
(3) Late Policy: Homework and papers are due at the start of class on the due date, unless otherwise
specied. If permission is obtained in advance from the instructor, late work generally will be
accepted, with a penalty. Work not turned in by a designated nal cut-off will receive a zero
mark. Exceptions to this policy due to extreme hardship will be considered and granted by the
instructor only before the assignments due date.
5
(4) Academic Honesty: All students are expected to maintain high standards of academic integrity
by giving proper credit for all work referenced, quoted, etc. Unless otherwise stated, all work is
individual work by each student. Plagiarism is dened in Websters Dictionary as to [...] pass off
(the ideas or words of another) as ones own: use (anothers production) without crediting the
source. You must quote and attribute any words that are not your own.
7. Grading
Grades will be based on the following evaluated tasks: (Ref.: Art. 59-2, KMU Academic Regulation)
Attendance, Homework, Assignments: 30 %
Midterm Exam, Quiz, Irregular Tests: 30 %
Final Exam: 40 %
Evaluation: Absolute Grading Scale (Ref.: Art. 61-2, KMU Academic Regulation)
Absolute Grading Scale
Grade
Point
A+
4.5
A0
4.0
B+
3.5
B0
3.0
C+
2.5
75 m < 80
C0
2.0
70 m < 75
D+
1.5
D0
1.0
60 m < 64
0.0
0 m < 60
Grading on a Curve
0-40 %
0-50 %
(Not Specied)
(m: Mark scaled of 100)
95 m 100
90 m < 95
85 m < 90
80 m < 85
65 m < 70
Grade scheme is dened in the Art. 30, KMU Regulation
Grades will be posted at T-Square as they become available. If you believe a grading error has been
made, you may contest it by notifying the graders. Contact the instructor about a grading issue only
if you strongly believe that the error is signicant, and that the grader has not satisfactorily resolved
the issue.
Introduction
g yngbng zh f
w sh q
b li
sh w yu y di y
w sh q
b gng
sh w yu su b k gng y
, , ; ,
(The art of war teaches us to rely not on the likelihood of the enemys not coming, but on our
own readiness to receive him; not on the chance of his not attacking, but rather on the fact that
we have made our position unassailable.)
sn z bng f
, (Sun Tzu, The Art of War, Chap. 8, The Nine Variations)
1.0.1 [Learning Objectives]

After studying this chapter, you should be able to:
Understand information security: Computer security & network security.
Describe the key security requirements of condentiality, integrity, and availability.
Discuss the important types of security threats and attacks, and give examples of them.
Summarize the functional requirements for computer security.
Describe the X.800 security architecture for OSI.
1.1
Terminologies
access control
active threat
authentication
authenticity
availability
computer security
data condentiality
data integrity
denial of service
encryption
integrity
intruder
information security
masquerade
network security
nonrepudiation
OSI security architecture
passive threat
replay
security attacks
security mechanisms
security services
security violat
sensitive data
threat
trafc analysis
violation
Introduction
1.2
Concepts of Information Security
In the last several decades, the requirements of information security have been dramatically and signicantly evolved in two major aspects. Before the introduction of electronic computing equipment and
automated data processing, information security meant traditionally just physical and administrative means in many areas. To keep sensitive data in printed form in safe, many organizations used
rugged metal ling cabinets with combination locks, In hiring employees or staffs personnel screening procedures were surely essential.
In many cases, physical protecting mechanisms and administrative roles can be combined for
enhancing the security strength and its effectiveness. To enter or access a limited area or zone, the
visitors should be checked, screened, and controlled or guided by security personnel responsible for
the security of the area. Furthermore, the information of visitors should be collected and recorded
in written form for further reference or later evidence when it needs, especially for legal process.
All relevant security guideline prepared by the orgnization is strictly applied. To access and use a
sensitive document, the person who want to do should get a permission from his or her security
manager.
Before going further, here we shortly review what sensitive information means. Many people
think that sensitive information only requires protection from unauthorized disclosure. However, the
Computer Security Act in the USA provides a much broader denition of the term sensitive information
H. R.1 145 denes sensitive information as any information, the loss, misuse, or unauthorized
access to or modication of which could adversely affect the national interest or the conduct of
federal programs, or the privacy to which individuals are entitled under section 552a of title 5,
United States Code (the Privacy Act), but which has not been specically authorized under criteria
established by an Executive Order or an Act of Congress to be kept secret in the interest of national
defense or foreign policy.
The United States government classication system is established under Executive Order 13526,
issued by President Barack Obama in 2009. In section 1.2 of Executive Order 13526, there are three
1
Here H. R. stands for House Resolution.
different levels in classied information; top secrete,, secrete, and condential.

Sec. 1.2. Classication Levels.
(a) Information may be classied at one of the following three levels:
(1) Top Secret shall be applied to information, the unauthorized disclosure of which
reasonably could be expected to cause exceptionally grave damage to the national security that the original classication authority is able to identify or describe.
(2) Secret shall be applied to information, the unauthorized disclosure of which
reasonably could be expected to cause serious damage to the national security
that the original classication authority is able to identify or describe.
(3) Condential shall be applied to information, the unauthorized disclosure of
which reasonably could be expected to cause damage to the national security
that the original classication authority is able to identify or describe.
(b) Except as otherwise provided by statute, no other terms shall be used to identify
United States classied information.
(c) If there is signicant doubt about the appropriate level of classication, it shall be
classied at the lower level.
1.2.1 Information and Security: Etymological Review! Oxford Dictionay explains the noun information as, rstly, the facts provided or learned about something or someone, or secondly, what is
conveyed or represented by a particular arrangement or sequence of things, like Data as processed,
stored, or transmitted by a computer. This word came from Latin informare means to give form to
the mind, to discipline, or to instruct. The Latin expression formare was derieved from Ancient
Greek word meaning kind, idea, or shape, as used by Plato () and Aristotle
(). The prex in- is usually used either in tangible or intangible way. To negate (as ) or to
strengthen the meaning of the word followed is the former case. The expression informis (formless,
shapeless, deformed, hideous) and informitas (ugliness, unshapeliness) are examples of negation,
and informare is an example of sterengthing the meaning. The intangible use of the prex in- is
the concerning of moral and pedagogical use since the 2nd century. Well known use is Moses was
called populi informator.
Translation of information in Korean is jeong-bo () introduced from the Japanese expres
sion joho ( ). Originally joho was the translation of French renseignement (/ sm /) in
10
Introduction
Japanese. The two syllable word was adopted from the phrase in 1976 (
2005). Until at the end of the 19th century, there was no Japanese translation for informatioin in modern sense2 . This word is still being used as the meaning of intelligence, especially, in foreign and
military affairs. The rst translation of the word information in Japanese was done by Japanese

electrical enginner Hideo Seki () in 1954, after the Claude E. Shannons landmark paper on
information theory in 1948.
RFC 4949 denes information as facts and ideas, which can be represented (encoded) as various
forms of data, and data as information in a specic physical representation, usually a sequence
of symbols that have meaning; especially a representation of information that can be processed or
produced by a computer.
English word data came from Latin word data, nominative plural of datum, meant by that is
given, or neuter past participle of d, meant by I give. In modern English, however, data is generally used in the singular, as a mass noun.
The English word security originated from old French scurit, derived from Latin female
noun securitas, se- (without) + cura (care). In Korean, there are two popular words boho (,
), boan (, ) and anbo (, ). Many Korean people are often say for
information security, however it is grammatically and literaly a little bit controversial. Hence the
more correct expression is which are, of course, often used in the area of information
security. If you prefer the word to , you may use , even though it is not that
much popular in use.
1.2.2 [Two Major Forms of Information Security] The 1990s can be characterized as the era of
the advancement in information technology as well as information security. All the advancements in
computer and telecommunication technologies happened helped also to drive the world economies
to staggering growth through the year 2000. The impact of the advancements on economy and society
was more revolutionary than that of Industrial Revolution of the 18th and 19th centuries.
Entering the era of automated computing systems and intensive use of computers, information
security has been depending also strongly on the electronic process. People, companies, organizations needed automated equipment for storing important les containing valuable data, secrets, and
sensitive information to be kept in a secure way and for protecting them effectively and surely. The
2
1879 information

59

11
situation was getting more acute and severe when systems can be accessed over public telecommunication facilities like telephones or data networks, especially including the Internet. Nowadays all
data can be easily shared and communicated. The generic name for the collection of tools designed to
protect data and to thwart hackers is computer security. The NIST3 Computer Security Handbook denes
the term computer security as follows:
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and condentiality of information system resources
(includes hardware, software, rmware, information/data, and telecommunications).
There was also the second major change that affected information security. The growth of information society and world economy was also strongly driven by the acceptance of the Internet as a
medium for communication among consumers, businesses, governments, and people. It is very cost
effective and efcient to share information. The wide spread of distributed systems and intensive use
of networks and communication facilities for carrying important data between terminals and/or end
users request well developed network security that measures to protect data during their transmission
through such systems.
Virtually all businesses, governments, associations, and academic organizations now interconnect
their data processing equipment with a collection of interconnected networks. Such a collection is
often referred to as an internet. Here we use the term internet with a lowercase i to refer to any
interconnected collection of network. A corporate intranet is an example of an internet. The Internet
with an uppercase I may be one of the facilities used by an organization to construct its internet.
Currently, the Internet is a global system of interconnected computer networks that use the standard
Internet protocol suite (TCP/IP) to link several billion devices worldwide. Internet security measures
to protect data during their transmission over a collection of interconnected networks.
The eld of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. That is a broad statement that
covers a host of possibilities
Of course, there is no clear boundaries between these two forms of security. A typical example
that shows no boundaries between computer and network security is the computer virus. Viruses
may infect a computer system when it arrives over diskette, CD, DVD, USB memory sticks or other
3
National Institute of Standards and Technology
12
Introduction
World Region
Population
(2014 Est.)
Africa
Asia
Europe
Middle East
North America
Latin America
Oceania / Australia
WORLD TOTAL
1, 125, 721, 038

3, 996, 408, 007
825, 802, 657
231, 062, 860
353, 860, 227
612, 279, 181
36, 724, 649
7, 181, 858, 619
Internet Users
Dec. 31, 2000
4, 514, 400
114, 304, 000
105, 096, 093
3, 284, 800
108, 096, 800
18, 068, 919
7, 620, 480
360, 985, 492
Internet Users
Latest Data
240, 146, 482

1, 265, 143, 702
566, 261, 317
103, 829, 614
300, 287, 577
302, 006, 016
24, 804, 226
2, 802, 478, 934
Penetration
(% Population)
21.30 %
31.70 %
68.60 %
44.90 %
84.90 %
49.30 %
67.50 %
39.00 %
Growth
(20002014)
5219.60 %
1006.80 %
438.80 %
3060.90 %
177.80 %
1571.40 %
225.50 %
676.30 %
Users %
of Table
8.60 %
45.10 %
20.20 %
3.70 %
10.70 %
10.80 %
0.90 %
100.00 %
1.1: Internet Usage and World Population Statistics for December 31, 2013 (World Stats) Demographic numbers are based on data from the US Census Bureau and local census agencies. Internet
usage information comes from data published by Nielsen Online, by the International Telecommunications Union, by GfK, local ICT Regulators and other reliable sources.
physical media and is subsequently loaded onto a computer. However, they may arrive also over an
internet and widely and rapidly be spread over other systems also via internet.
1.2.3 [The Role of Information Security]

Information and its technologies have turned into a vital main frame of successful businesses, governments, organizations, and institutes. They are being used to support every part of bussiness from
operations to managerial decision-making and strategic compeitive advantage (OBrien 1999, p. 19).
Until the era of the information society, information security was a concern mainly for organizations
whose line of business demanded a high degree of security. However, the growing use of information
technology is affecting the status of information security so that it is gradually becoming an era that
plays an important role in our everyday lives. As a result, information security issues should now be
regarded on a par with other security issues (Siponen 2001). Therefore in modern business, information is an asset, like other important asset in business. It has great value, sometimes more valuable,
and naturally been considered to be surely and well protected (British Standards Institute 1999, p. 1).
Recent interest in information security was fueled by the largest computer-related crime committed by an American hacker and currently security consultant Kevin David Mitnick (1963 ). In 1999,
he, known as the Condor, was convicted of various computer and communications-related crimes.
He was arrested on February 15, 1995 at his apartment in Raleigh(/(rli/), North Carolina. At that
time he was the most-wanted computer criminal in the United States. Since then, information security
came into the spotlight.
The protection of information as assets seeks to be fulllled by various discipline of information
13
security. Information security is introduced into the information technology environment by implementing controls to protect against possible threats to information assets. According to the British
Standard 7799, the expenditure on security controls should be balanced against the value of the assets and the possible harm that can come to these assets (Barnard and Solms 2000, p. 185).
It is sure, as we have already noticed, that the controls necessary to effectively protect the assets
have been inuenced by technological advancement in the information technology environement.
These advancements have brought computer processing and data communication via network to a
wider group of people as well as employees in business than ever before. (Thomson, 1998, p.8) In
todays information technology environment it is getting more important that the people are guided
as to their information security responsibilities (Solms 1998, p. 174).
1.2.4 [Security Violations and Threats] The advancement of technology, the Internet, and information sharing has both faces, positive and negative impacts. Currently, the negative impacts are
largely and rapidly growing. Just after the threats yesterday we see new advanced threats today, so
the number of threats is increasing at a tremendous rate by the end of 1990s and into the 2000s. Currently we are facing with many situations that threat the privacy and valuable assets. The following
list shows common threats to most information systems.
(1) Unauthorized access, alteration, or destruction of information.
(2) Misuse of authorized access to information.
(3) Malicious software programs, like viruses, worms, Trojans, etc.
A computer virus is a malware program that, when executed, replicates by inserting copies
of itself into other computer programs, data les, or the boot sector of the hard drive. Viruses
often perform some type of harmful activity on infected hosts, such as stealing hard disk
space or CPU time, accessing private information, corrupting data, displaying political or
humorous messages on the users screen, spamming their contacts, or logging their keystrokes.
A computer worm is a standalone malware computer program that replicates itself in
order to spread to other computers.
A Trojan horse, or simply Trojan, in computing is a generally non-self-replicating type
of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible
system harm.
14
Introduction
(4) Social engineering. Here social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging condential information.
(5) System or communications disruptions, like, denial of service and hardware failure.
(6) Accidental alteration or destruction of information.
(7) Improper handling of information.
(8) Physical theft of information and information systems.
(9) Environmental hazards, e.g., ood, re, earthquake, snow, avalanche, tsunami ()
(10) Utility Failure, e.g., power, heat, water.
There are many daily situations that violate information security. Some examples are stated as
below. Here the world violate came from Latin word violare (I threat), present active innitive of
viol from vis meaning strength, power, and force.
(1) User A transmits a le to user B. The le contains sensitive information, like payroll records,
newly developed business projects, personnel information of employees and staffs, and so on,
that are to be protected from disclosure. User C, who is not authorized to read the le, is able to
monitor the transmission and capture a copy of the le during its transmission.
(2) A network manager, D, transmits a message to a computer, E, under its management. The message
instructs computer E to update an authorization le to include the identities of a number of new
users who are to be given access to that computer. User F intercepts the message, alters its contents
to add or delete entries, and then forwards the message to E, which accepts the message as coming
from manager D and updates its authorization le accordingly.
(3) Rather than intercept a message, user F constructs its own message with the desired entries and
transmits that message to E as if it had come from manager D. Computer E accepts the message
as coming from manager D and updates its authorization le accordingly.
(4) An employee is red without warning. The personnel manager sends a message to a server system to invalidate the employees account. When the invalidation is accomplished, the server is to
post a notice to the employees le as conrmation of the action. The employee is able to intercept the message and delay it long enough to make a nal access to the server to retreive sensitive
15
information. The message is the forwarded, the action taken, and the conrmation posted. The
employees action may go unnoticed for some considerable time.
(5) A message is sent from a customer to a stockbroker with instructions for various transactions.
Subsequently, the investments lose value and the customer denies sending the message.
1.2.5 [Information Security Awareness] As we know, over the last twenty years, technical controls for information security have advanced and matured considerably. However, despite these technical advances, information security breaches still occur on a regular basis. It appears that technical
security controls have evolved faster than management controls. Despite efforts at promoting information security awareness there is evidence that human behaviour remains a signicant vulnerability
in any information security system.
Awareness is dened as the process by which an organization communicates the information security policy to individuals or groups that need to be cognisant of some or all of its contents (Layton
Sr. 2005). The relevance of information security awareness is widely agreed upon among information
security researchers, e.g., (McLean 1992; Spurling 1995; Thompson and Solms 1997, 1997; Straub
and Welke 1998). The concept of information security awareness is taken in the literature to mean
that users should be made aware of security objectives and further committed to them. Although
information security awareness is commonly recognized, there are only a few scientic studies that
consider it in any depths (Siponen 2000).
Interestingly, the recent research (Takemura and Komatsu 2013), done by Toshihiko Takemura (
) and Ayako Komatsu ( ), of determining key factors which may effect on employees
behaviours of violating rules related to the information leak shows myopic cognition and hypermetro
cognition scale have effects in almost cases. Furthermore, in many cases individual whose awareness
of information security is higher tends not to violate the rule.
The paper suggests that the behaviour of violating the rule be independent of the degree of the
measure satisfaction and the scale of organization, but be not related to the degree of the workplace
satisfaction and evaluation toward the managers in some cases. In the organization which the permanent employment is introduced, the individual tends to violate the rule. Of course, the psychological
factors, e.g., individuals attitude cannot be controlled, but the factors regard to the organizational
attributes, e.g., degree of workplace satisfaction or employment system can be appropriately and
effectively controlled.
They concludes that it may be effective to improve the information security awareness by in-
16
Introduction
formation security education and training. Here information security awareness represents the degree
to measure individuals evaluation and/or knowledge of the information security. The concept of
awareness is one important of factors and enables to be exogenously cotrolled by education or training members in the organization effectively.
If the goal of security awareness is to inuence human behaviour then disciplines specializing in
the study of inuencing human behaviour such as psychology and marketing offer an opportunity to
review and improve the effectiveness of information security awareness techniques. For this course,
I consult and summarize the technical report by Geordie Buchanan Stewart (Stewart 2009) and a
research paper by Sun-joong Lee and Mi-jung Lee (, 2008).
Psychology is an established discipline of academic research dealing with human behaviour and
motivation. It offers the opportunity for increased understanding and prediction of human action
through the appreciation of the cognitive functions underlying behaviour. This increased understanding could be invaluable to information security professionals when attempting to predict the
outcome of communication efforts directed at information security awareness.
(1) Operant Conditioning: The study of operant conditioning is the study of human behaviour as a
function of punishments and rewards. Positive punishment is the addition of undesirable stimulus
which serves to discourage any associated behaviours while positive reinforcement is the addition
of desirable stimulus and serves to increase the frequency or magnitude of associated behaviour.
When an organization has problems with behaviour impacting information security, it is important to recognize the implications of operant conditioning, which suggests that all behaviour exist
because it is or has been rewarded in some way:
When organizations face problems with costs, quality, productivity and attendance, these problems often stem from ineffective patterns of behaviour that the organization is unwittingly encouraging. To prevent and stop these problems, a behavioural approach to managing people is
often the most effective.
(Makin and Cox 2004)
Punishment often consists of pressure and cajoling from management. This approach, which is
often used to promote compliance with security management controls, may not always be the
most effective motivator in the operant conditioning equation. Recent examples from the eld of
organizational management have shown that rewards can be more effective tools depending on
the situation. The critical factors to consider when deciding the approach to use are the timing
of the response and asymmetry that exists between reward and punishment. In an information
17
security context it is important to consider if there is a difference between punishment and reward
in how quickly the consequence can be delivered.
(2) Fear Response: It is common for information security awareness messages to appeal to fear as
a motivator. While it might be expected that the degree of inuence that a fear has is simply a
function of its severity it appears the results are more complicated. The Boomerang Effect has been
dened by Kim Witte as an explanation for why an individuals response to the severity of fear
eventually has a declining impact.
Where the individual perceives that danger and their own ability to manage the danger is high,
they are likely to take steps to control the risk. However, if the danger is high but the individual
perceives a low ability to manage the danger, the individual is likely to develop a cognitive dissonance. This is when a contradiction exists between two cognitions and thoughts. This could include a contradiction between attitudes and actual behaviour. Psychologist Stephen Pinker states
that cognitive dissonance is an uncomfortable state for the individual. The surprising result is that
instead of changing behaviour to remove the conict the individual is more likely to invent a
new opinion to resolve the conict. This goes some way to explain why so many people continue to take risks even when the awareness of the danger improved. Rather than change their
behaviour they may have adopted a coping mechanism.
Coping mechanisms might include denial or other rationalizations such as it will never happen
to me. A case study is presented in the full thesis for an organization that has used rewards to
motivate compliance behaviour instead of relying on fear sanctions. Since the perception of fear
and perceived control efcacy is an individual property it makes it difcult for an organization
to nd an optimum level of fear appeal where sufcient motivation is gained for some subjects
without creating risk apathy in others. This suggests that organizations should either carefully
target fear appeals to segmented audiences or use rewards instead to avoid the boomerang effect
altogether.
(3) Mental Models: Research into relevant psychology principles shows that the mental models approach advocated by risk communications expert M. Granger Morgan is of signicant benet.
Mapping existing audience beliefs and attitudes is a critical prerequisite to understanding how
an audience will process and interpret risk communications. Risk communications will likely
have unintended consequences if audiences have signicantly different understandings about
any referenced concepts such as risks and threats.
18
Introduction
(4) Heuristics: Heuristics are Rules of thumb that humans use in decision making processes, which
can also be a source of error in the process. Humans appear to be broadly logical creatures but
some systematic failures have been identied in human risk perception. Heuristics are mental
shortcuts that are a consequence of the need to make decisions in a short period of time. Generally,
we focus on risks that are new, unfamiliar, controlled by others and ill-dened in some way (such
as radiation leaks and hackers). Risks which are familiar and can be controlled by the individual
in some way are perceived as less risky (such as our own driving or remembering to backup your
data).
While these mental shortcuts can lead to bias and behaviour which appears illogical, this behaviour is also predictable to some degree. Information security professionals need to measure
and anticipate the cognitive biases present in their audiences and adjust their information security
awareness messages accordingly.
Traditionally, marketing is thought of as an activity which is done for prot. However it is not
always the case that marketing is done to create a demand for a product or service. The closest marketing example for information security awareness would probably be government marketing campaigns such as Think! Road Safety, an initiative that seeks to inuence the behaviour of drivers
and other road users. The similarities to information security awareness are:
Prot is not the primary objective although there may be a signicant shared economic benet
from reducing road accidents
Awareness of risk is one of the key components which the campaign seeks to communicate
Traditional information security awareness campaigns often use a mass marketing format. Generic
messages are sent to an audience via screen savers, posters and mouse mats which promote awareness of information security but often with very little in the way of a measurable behaviour change.
The problem is that a change in awareness does not necessarily result in a change of behaviour.
1.3
The OSI Security Architecture
19
ITU-T4 Recommendation X.8005 , Security Architecture for OSI, denes such a systematic approach6 .
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers.
The recommendation X.200 describes seven layers, labeled from 1 to 7. Layer 1 is the lowest layer in
this model.
(1) Layer 1: Physical Layer: It denes the electrical and physical specications of the data connection
and the relationship between a device and a physical transmission medium, like a copper or bre
optical cable. It includes the layer of pins, voltages, line impedance7 , cable specications, signal
timing, hubs, repeaters network adapters, host bus adapters and more.
It denes also the protocol to establish and terminate a connection between two directly connected
nodes over a communications medium. It denes a protocol for the provision of a connection
between two directly connected nodes, and modulation or conversion between the representation
of digital data in user equipment and the corresponding signals transmitted over the physical
communications channel.
(2) Layer 2: Data Link Layer: It provides a reliable link between two directly connected nodes, by
detecting and possibly correcting errors that may occur in the physical layer. The data link layer
is divided into two sublayers; Media Access Control (MAC) layer and Logical Link Control (LLC)
layer. The former is responsible for controlling how computers in the network gain access to data
and permission to transmit it. The latter is checking cotrol error and synchronizing packet. The
Point-to-Point protocol (PPP) is an example of a data link layer in the TCP/IP protocol stack.
The International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a United
Nations-sponsored agency that develops standards, called Recommendations, relating to telecommunications and to
open systems interconnection (OSI).
5
Here, X is a series of recommendations and 800 is the number of the recommendation. The series X describes
data networks, open system communications and security.
6
The OSI security architecture was developed in the context of the OSI protocol architecture. However, for our purposes in this chapter, an understanding of the OSI protocol architecture is not required.
7
In electronics, impedance is a measure of the opposition to time-varying electric current in an electric circuit. It is
the opposition by a system to the ow of energy from a source, dened as the complex ratio of the voltage phasor to the
electric current phasor. Impedance matching is the practice of designing the input impedance of an electrical load or the
output impedance of its corresponding signal source to maximize the power transfer or minimize signal reection from the
load.
20
Introduction
(3) Layer 3: Network Layer: The network layer provides the functional and procedural means of
transferring variable length data sequences (called datagrams) from one node to another connected
to the same network. A network is a medium to which many nodes can be connected, on which
every node has an address and which permits nodes connected to it to transfer messages to other
nodes connected to it by merely providing the content of a message and the address of the destination node and letting the network nd the way to deliver the message to the destination node.
In addition to message routing, the network may (or may not) implement message delivery by
splitting the message into several fragments, delivering each fragment by a separate route and
reassembling the fragments, report delivery errors, etc.
(4) Layer 4: Transport Layer: It provides the functional and procedural means of transferring variablelength data sequences from a source to a destination host via one or more networks, while maintaining the quality of service functions. An example of a transport-layer protocol in the standard
Internet protocol stack is Transmission Control Protocol (TCP), usually built on top of the Internet
Protocol (IP). The User Datagram Protocol (UDP) is also one of the core members of the Internet
protocol suite. It is suitable for purposes where error checking and correction is either not necessary or is performed in the application.
(5) Layer 5: Session Layer: It controls the dialogues between computers. It establishes, manages and
terminates the connections between the local and remote application. It provides for full-duplex,
half-duplex, or simplex operation8 , and establishes checkpointing, adjournment, termination, and
restart procedures.
(6) Layer 6: Presentation Layer: It establishes context between application-layer entities, in which
the application-layer entities may use different syntax and semantics if the presentation service
8
A duplex communication system is a point-to-point system composed of two connected parties or devices that can
communicate with one another in both directions. There are two types of duplex communication systems: full-duplex
and half-duplex. In a full duplex system, both parties can communicate to the other simultaneously. An example of a
full-duplex device is a telephone; the parties at both ends of a call can speak and be heard by the other party simultaneously. The earphone reproduces the speech of the remote party as the microphone transmits the speech of the local
party, because there is a two-way communication channel between them. In a half-duplex system, in contrast, each party
can communicate to the other, but not simultaneously; the communication is one direction at a time. An example of a
half-duplex device is a walkie-talkie two-way radio that has a push-to-talk button; when the local user wants to speak
to the remote person he pushes this button, which turns on the transmitter but turns off the receiver, so he cannot hear
the remote person. To listen to the other person he releases the button, which turns on the receiver but turns off the
transmitter. Simplex communication refers to communication that occurs in one direction only. The typical and widely
used example of simplex communication is commercial radio and television broadcast. Pagers, baby monitors, surveillance cameras, telemetry (radiosonde, AMR (automatic meter reading), stream gauger, in law enforcement, in falconry,
in HVAC monitoring, etc.) are also examples.
21
provides a mapping between them.

(7) Layer 7: Application Layer: It is the OSI layer closest to the end user, which means both the
OSI application layer and the user interact directly with the software application. Some examples of application-layer are implementations also include Hypertext Transfer Protocol (HTTP),
Hypertext Transfer Protocol Secure (HTTPS)9 , File Transfer Protocol (FTP), Simple Mail Transfer
Protocol (SMTP).
Although we all have an implicit understanding of the nature of a Security Architecture, we were
unable to nd an authoritative denition, furthermore we established that security architecture is interpreted very differently from organization to organization. Traditionally security architecture is a
document, which species which security services are provided how and where, in a layered model.
Originally the model typically referred to OSI layers and specied the security elements or services (IS
7498-2, then superseded by IS 10745) and the mechanisms used to provide them. A Security Architecture is dened as a cohesive security design, which addresses the requirements, e.g. authentication,
authorization, etc., and in particular the risks of a particular environment/scenario, and species
what security controls are to be applied where the design process should be reproducible.
The OSI security architecture is useful to managers as a way of organizing the task of providing
security. Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services
that relate to this structured denition of services and mechanisms.
In the literature, the terms threat and attack are commonly used to mean more or less the same
thing. The followings provide denitions taken from RFC 282810 , Internet Security Glossary.
Threat: A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm.That is, a threat is a possible danger that
9
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather,
it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding
the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to prevent
wiretapping and man-in-the-middle attacks. Here TLS and SSL stand for Transport Layer Security and its predecessor,
Secure Sockets Layer, respectively. It should not be confused with the little-used Secure HTTP (S-HTTP), an alternative
to the HTTPS URI scheme for encrypting web communications carried over HTTP. It was developed by Eric Rescorla
and Allan M. Schiffman, and published in 1999 as RFC 2660.
10
A Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society,
the principal technical development and standards-setting bodies for the Internet.
22
Introduction
might exploit a vulnerability. Originally, the word threat came from old English reat meaning
crowed or army.
Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade security
services and violate the security policy of a system. The word attack was borrowed from French
attaque derived the verb attaquer. The verb came from Italian attaccare meaning to join or
to attach.
The OSI security architecture focuses on security attacks, mechanisms, and services.
1.4
Attacks, Services, and Mechanisms
To assess the security needs of an organization effectively, to evaluate and choose various security
products and policies, to apply and manage them properly, and to check and maintain the security
systems, the security manager needs some systematic way for dening the requirements for security
and characterizing the approaches to satisfying those requirements. In information security, there are
three aspects considered to achieve the goal.
Security Attack: Any action that compromises the security of information owned by an organization or a person.
Security Mechanism: A mechanism that is designed to detect a security attack and prevent or
recover from security attack.
Security Service: A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and
they make use of one of more security mechanism to provice the service.
Here we consider three aspects briey, but in reverse order.
1.4.1 [Security Services] The security services are usually thought as replicating the types of
functions normally associated with physical documents, because human activities in areas like commerce, foreign policy, diplomatic relation, military action, and personal interactions, depend strongly
23
on the use of documents in various form. Typically, documents have signatures and dates. They may
be notarized or witnessed; may be recorded or licenced. They may also need to be protected from
disclosure, tampering, or destruction.
As electronic data processing has been evolved and taken
over many important roles traditionally performed by paper
documents, information security on electronic documents
also play a great role. There are several types of security services listed below, the rst three of them form the CIA triad11
(See gure 1.1). These three concepts embody the fundamental security objectives for both data and for information and
computing services. The NIST standard FIPS 19912 lists condentiality, integrity, and availability as the three security objectives for information and for information systems.
1.1: CIA Triad
X.800 denes a security service as a service that is provided by a protocol layer of communicating
open systems and that ensures adequate security of the systems or of data transfers. Perhaps a clearer
denition is found in RFC 2828, which provides the following denition: Security service is a processing or communication service that is provided by a system to give a specic kind of protection
to system resources; security services implement security policies and are implemented by security
mechanisms. X.800 divides these services into ve categories and fourteen specic services (See Table
1.2). We look at each category in turn13 .
(1) Condentiality: Condentiality prevents sensitive information from reaching the wrong people,
while making sure that the right people can in fact get it. Protection from disclosure to unauthorised persons. Ensures that the information in a computer system and transmitted information are
accessible only for reading by authorized bodies. Of course, this type of access includes printing,
11
It is not related to the Central Intelligence Agency, one of the principal intelligence-gathering agencies of the United
States federal government, located in Langley, Virginia, but the acronym of three words condentiality, integrity, and
availability. It is a model designed to guide policies for information security within an organization. In this context, condentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and
accurate, and availability is a guarantee of ready access to the information by authorized people. This model is sometimes
referred as the CIA triad.
12
Standards for Security Categorization of Federal Information and Information Systems
13
There is no universal agreement about many of the terms used in the security literature. For example, the term
integrity is sometimes used to refer to all aspects of information security. The term authentication is sometimes used to
refer both to verication of identity and to the various functions listed under integrity in this chapter. Our usage here
agrees with both X.800 and RFC 2828.
24
Introduction
Authentication: The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication

Used in association with a logical connection to
provide condence in the identity of the entities
connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance
that the source of received data is as claimed.
Access Control: The prevention of unauthorized
use of a resource (i.e., this service controls who can
have access to a resource, under what conditions
access can occur, and what those accessing the resource are allowed to do).
Data Condentiality: The protection of data from
unauthorized disclosure.
Connection Condentiality
The protection of all user data on a connection.
Connectionless Condentiality
The protection of all user data in a single data
block.
Selective-Field Condentiality
The condentiality of selected elds within the
user data on a connection or in a single data block.
Trafc-Flow Condentiality
The protection of the information that might be
derived from observation of trafc ows.
Data Integrity: The assurance that data received
are exactly as sent by an authorized entity (i.e.,
contain no modication, insertion, deletion, or replay).
Connection Integrity with Recovery

Provides for the integrity of all user data on a connection and detects any modication, insertion,
deletion, or replay of any data within an entire
data sequence, with recovery attempted.
Connection Integrity without Recovery
As above, but provides only detection without recovery.
Selective-Field Connection Integrity

Provides for the integrity of selected elds within
the user data of a data block transferred over a
connection and takes the form of determination
of whether the selected elds have been modied,
inserted, deleted, or replayed.
Connectionless Integrity
Provides for the integrity of a single connectionless data block and may take the form of detection
of data modication. Additionally, a limited form
of replay detection may be provided.
Selective-Field Connectionless Integrity
Provides for the integrity of selected elds within
a single connectionless data block; takes the form
of determination of whether the selected elds
have been modied.
Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the
communication.
Nonrepudiation, Origin
Proof that the message was sent by the specied
party.
Nonrepudiation, Destination
Proof that the message was received by the specied party.
1.2: Security Services (X.800)
25
displaying, and other forms of disclosure, including simply revealing the existence of an object.
This term covers two related concepts:
Data Condentiality: Assures that private or condential information is not made available
or disclosed to unauthorized individuals.
Condentiality is the protection of transmitted data from passive attacks. For example, when
a TCP connection is set up between two systems, this broad protection prevents the release
of any user data transmitted over the TCP connection. Narrower forms of this service can
also be dened, including the protection of a single message or even specic elds within a
message. These renements are less useful than the broad approach and may even be more
complex and expensive to implement.
The other aspect of condentiality is the protection of trafc ow from analysis. This requires
that an attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the trafc on a communications facility
Privacy: Assures that individuals control or inuence what information related to them may
be collected and stored and by whome and to whom that information may be disclosed.
Data encryption is a common method of ensuring condentiality. User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm and biometric verication14 is an option as well. In addition, users can take precautions to minimize the number
of places where the information appears, and the number of times it is actually transmitted to
complete a required transaction.
(2) Integrity: Integrity involves maintaining the consistency, accuracy, and trustworthiness of data
over its entire life cycle. Maintaining data consistency ensures that only authorized bodies are able
to modify computer system assets and transmitted information. Modication includes writing,
14
Biometric identiers are often categorized as physiological versus behaviorural characteristics. Physiological characteristics are related to the shape of the body. Examples include, but are not limited to ngerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent. Behavioural characteristics, some researchers called also behaviometrics, are related to the pattern of behaviour of a person, including but not limited to typing
rhythm, gait, and voice. Fingerprints, Fingerprints offer an infallible means of personal identication. Ancient artifacts
including carvings similar to friction ridge skin have been discovered in many places throughout the world, especially
on ancient Babylonian clay tablets, seals, and pottery. Although ancient peoples probably did not realize that ngerprints
could uniquely identify individuals, references from the age of the Babylonian king Hammurabi (17921750 BCE) indicate that law ofcials would take the ngerprints of people who had been arrested. On 3000-year old clay slabs in King
Tutankhamuns tomb in Egypt ngerprints were found, too. Qin Shi Huang (, 260210 BCE) is reported as being
the rst Chinese Emperor to use clay nger seals for sealing documents (Ashbaugh 1999). By 650, the Chinese historian
Kia Kung-Yen remarked that ngerprints could be used as a means of authentication
26
Introduction
changing status, deleting, creating, and delaying or replaying of transmitted messages. This term
covers also two related concepts:
Data Integrity: Assures that information and programs are changed only in a specic and
authorized manner. As with condentiality, integrity can apply to a stream of messages, a
single message, or selected elds within a message. Again, the most useful and straightforward approach is total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages, assures
that messages are received as sent with no duplication, insertion, modication, reordering, or
replays. The destruction of data is also covered under this service. Therefore, the connectionoriented integrity service addresses both message stream modication and denial of service.
On the other hand, a connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message
modication only.
We can make a distinction between service with and without recovery. Because the integrity
service relates to active attacks, we are concerned with detection rather than prevention. If a
violation of integrity is detected, then the service may simply report this violation, and some
other portion of software or human intervention is required to recover from the violation.
Alternatively, there are mechanisms available to recover from the loss of integrity of data,
as we will review subsequently. The incorporation of automated recovery mechanisms is, in
general, the more attractive alternative.
System Integrity: Assures that a system performs its intended function in an unimpaired
manner, free deliberate or inadvertent unauthorized manipulation of the system.
(3) Availability: Legitimate users have access when they need it. Requires that computer system
assets be available to authorized bodies when needed. It assures that systems work prompltly
and service is not denied to authorized users. It is best ensured by rigorously maintaining all
hardware, performing hardware repairs immediately when needed, providing a certain measure
of redundancy and failover, providing adequate communications bandwidth and preventing the
occurrence of bottlenecks, implementing emergency backup power systems, keeping current with
all necessary system upgrades, and guarding against malicious actions such as denial-of-service
(DoS) attacks.
Both X.800 and RFC 2828 dene availability to be the property of a system or a system resource
being accessible and usable upon demand by an authorized system entity, according to perfor-
27
mance specications for the system. A variety of attacks can result in the loss of or reduction in
availability. Some of these attacks are amenable to automated countermeasures, such as authentication and encryption, whereas others require some sort of physical action to prevent or recover
from loss of availability of elements of a distributed system.
X.800 treats availability as a property to be associated with various security services. However,
it makes sense to call out specically an availability service. An availability service is one that
protects a system to ensure its availability. This service addresses the security concerns raised by
denial-of-service attacks. It depends on proper management and control of system resources and
thus depends on access control service and other security services.
Although the use of the CIA triad to dene security objectives is well established some in the
security eld that additional concepts are needed to present a complete picture.
(4) Authentication: Assurance of identity of person or originator of data. Ensures that the origin of a
message or electronic document is correctly identied, with an assurance that the identity is not
false. Two specic authentication services are dened in X.800.
Peer Entity Authentication: Provides for the corroboration of the identity of a peer entity
in an association. Two entities are considered peers if they implement to same protocol in
different systems; e.g., two TCP modules in two communicating systems. Peer entity authentication is provided for use at the establishment of, or at times during the data transfer
phase of, a connection. It attempts to provide condence that an entity is not performing
either a masquerade or an unauthorized replay of a previous connection.
Data Origin Authentication: Provides for the corroboration of the source of a data unit. It
does not provide protection against the duplication or modication of data units. This type
of service supports applications like electronic mail, where there are no prior interactions
between the communicating entities.
(5) Accountability: The security goal that generates the requirement for actions of an entity is to be
traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion
detection and prevention, then after-action recovery and legal action. Because trul secure systems
are not yet an achievable goal, we must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later forensic analysis to trace security
breaches or to aid in transaction disputes. There are two main categories in this service.
28
Introduction
Nonrepudiation: Originator of communications cant deny it later. Requires that neither the
sender nor the receiver of a message be able to deny the transmission.
Nonrepudiation prevents either sender or receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent
the message. Similarly, when a message is received, the sender can prove that the alleged
receiver in fact received the message
Access Control: Unauthorized users are kept out. Requires that access to information resources may be controlled by or for the target system.
In the context of network security, access control is the ability to limit and control the access to
host systems and applications via communications links. To achieve this, each entity trying
to gain access must rst be identied, or authenticated, so that access rights can be tailored
to the individual.
Remark
The services are usually combined together, e.g., nonrepudiation combined with authen-
tication, user authentication used for access control purposes.
1.4.2 [Examples of Security Services] Here we provide some examples of applications that illustrate the requirements just enumerated. We use three levels (Low, Moderate, High) of impact on
organizations and individuals should there be a breach of security. These levels are dened in FIBS
PUB 199.
1. Low: The loss could be expected to have a limited adverse effect on organizational operations,
organizational assets, or individuals. A limited adverse effect means that, for example, the loss
of condentiality, integrity, or availability might
(i) cause a degradation in mission capability to an extent and duration that the organization
is able to perform its primary functions, but the effectiveness of the functions is noticeably
reduced;
(ii) result in minor damage to organizational assets;
(iii) result in minor nancial loss; or
(iv) result in minor harm to individuals.
2. Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example,
the loss might
29
(i) cause a signicant degradation in mission capability to an extent and duration that the
organization is able to perform its primary functions, but the effectiveness of the functions
is signicantly reduced;
(ii) result in signicant damage to organizational assets;
(iii) result in signicant nancial loss; or
(iv) result insignicant harm to individuals that does not involve loss of life or serious, lifethreatening injuries.
3. High: The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect
means that, for example, the loss might
(i) cause a severe degradation in or loss of mission capability to an extent and duration that
the organization is not able to perform one or more of its primary functions;
(ii) result in major damage to organizational assets;
(iii) result in major nancial loss; or
(iv) result in severe or catastrophic harm to individuals involving loss of life or serious, lifethreatening injuries.
Now we investigate several examples related to individual security services.
1. Condentiality: Student grade information, for example of this service, is an asset whose condentiality is considered to be highly important by students. In the United States, the release
of such information is regulated by the Family Educational Rights and Privacy Act (FERPA).
Grade information should only be available to students, their parents, and employees that require the information to do their job.
Student enrollment information may have a moderate condentiality rating. While still covered
by FERPA, this information is seen by more people on a daily basis, is less likely to be targeted
than grade information, and results in less damage if disclosed.
Directory information, such as lists of students or faculty or departmental lists, may be assigned
a low condentiality rating or indeed no rating. This information is typically freely available to
the public and published on a schools Web site.
30
Introduction
2. Integrity: A hospital patients allergy information stored in a database. The doctor should be able
to trust that the information is correct and current. Now suppose that an employee (e.g., a nurse)
who is authorized to view and update this information deliberately falsies the data to cause
harm to the hospital and patients. The database needs to be restored to a trusted basis as possible
as quickly and it should be possible to trace the error back to the person responsible. Patient
allergy information is an example of an asset with a high requirement for integrity. Inaccurate
information could result in serious harm or death to a patient and expose the hospital to massive
liability.
An example of an asset that may be assigned a moderate level of integrity requirement is a
Web site that offers a forum to registered users to discuss some specic topic. Either a registered
user or a hacker could falsify some entries or deface the Web site. If the forum exists only for
the enjoyment of the users, brings in little or no advertising revenue, and is not used for something important such as research, then potential damage is not severe. The Web master may
experience some data, nancial, and time loss.
An example of a low integrity requirement is an anonymous online poll. Many Web sites, such
as news organizations, offer these polls to their users with very few safeguards. However, the
inaccuracy and unscientic nature of such polls is well understood.
3. Availability: The more critical a component or service, the higher is the level of availability required. Consider a system that provides authentication services for critical systems, applications, and devices. An interruption of service results in the inability for customers to access
computing resources and staff to access the resources they need to perform critical tasks. The
loss of the service translates into a large nancial loss in lost employee productivity and potential customer loss.
An example of an asset that would typically be rated as having a moderate availability requirement is a public Web site for a university; the Web site provides information for current and
prospective students and donors. Such a site is not a critical component of the universitys
information system, but its unavailability will cause some embarrassment.
An online telephone directory lookup application would be classied as a low availability requirement. Although the temporary loss of the application may be an annoyance, there are other
ways to access the information, such as a hardcopy directory or the operator.
1.4.3 [Security Mechanism] There is no single mechanism that provides all the services. A variety of mechanisms come into play for providing services. Among those, cryptographic techniques
31
underlie most of the security mechanism in use. Encryption or encryption-like transformations of

information are the most common means of providing security.
Table 1.3 lists the security mechanisms dened in X.800. The mechanisms are divided into those
that are implemented i n a specic protocol layer, such as TCP or an application-layer protocol, and
those that are not specic to any particular protocol layer or security service. These mechanisms will
be covered in the appropriate places in the course. So we do not elaborate now, except to comment
on the denition of encipherment. X.800 distinguishes between reversible encipherment mechanisms
and irreversible encipherment mechanisms. A reversible encipherment mechanism is simply an encryption
algorithm that allows data to be encrypted and subsequently decrypted. An irreversible encipherment
mechanisms include hash algorithms and message authentication codes (MAC), which are used in
digital signature and message authentication applications.
Table 1.4, based on one in X.800, indicates the relationship between security services and security
mechanisms
1.4.4 [Security Attacks] Gustavus J. Simmons (1930, ), a retired cryptographer and mathematician, points out that information security is about how to prevent cheating or, failing that, to detect
cheating in information-based systems wherein the information itself has no meaningful physical
existence. He also added that
Because there are so many different objectives for cheating where information is concerned, the
subject of information integrity, and hence for the application of cryptographic principles, is consequently very broad. For example, the cheater may wish to impersonate some other participant
in the system, or to eavesdrop on communications between other participants, or to intercept and
modify information being communicated between other users of the system. The cheater may be
an insider who either wishes to disavow communications that he actually originated or to claim to
have received messages that were not sent. He may wish to enlarge his license to gain access to information that he has some level of authorized access for, or to subvert the system to alter (without
authorization) the access license of others. The point is that since information can be enormously
valuable or critical so can its misuse. Consequently, information integrity is concerned with devising means for either preventing or detecting all forms of cheating that depend on tampering with
the information in information-based systems, where the means depend only on the information
itself for their realization as distinguished from other noninformation-dependent means such as
documentary records, physical security, etc.
(Simmons 1999, p. ix)
32
Introduction
Specic Security Mechanisms: May be incorporated into the appropriate protocol layer in order
to provide some of the OSI security services.
Encipherment
The use of mathematical algorithms to transform
data into a form that is not readily intelligible.
The transformation and subsequent recovery of
the data depend on an algorithm and zero or more
encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the
data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the
recipient).
Access Control
A variety of mechanisms that enforce access rights
to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of
an entity by means of information exchange.
Trafc Padding
The insertion of bits into gaps in a data stream to
frustrate trafc analysis attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and allows routing
changes, especially when a breach of security is
suspected.
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.
Pervasive Security Mechanisms
Mechanisms that are not specic to any particular
OSI security service or protocol layer.
Trusted Functionality
That which is perceived to be correct with respect
to some criteria (e.g., as established by a security
policy).
Security Label
The marking bound to a resource (which may be
a data unit) that names or designates the security
attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a
security audit, which is an independent review
and examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as
event handling and management functions, and
takes recovery actions.
1.3: Security Mechanisms (X.800)
33
Y
Y
Notarization
Routing Control
Authentication Exchange
Data Integrity
Y
Y
Access Control
Y
Y
Trafc Padding
Peer Entity Authentication

Data Origin Authentication
Access Control
Condentiality
Trafc Flow Condentiality
Data Integrity
Nonrepudiation
Availability
Digital Signature
Service
Encipherment
Mechanisms
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
1.4: Relationship Between Security Services and Mechanisms

Usually attacks on the security of a computer system or network are best characterized by viewing
the function of the computer system as providing information. In general setting, there is a ow of
information from a source, e.g., a le or a region of main memory, to a destination, e.g., another le or
a user. Security in a computer system is, of course, strongly related to the notion of dependability15 .
We can categorize attacks into four different types of these ows (Peeger and Peeger 2006).
Interruption: This is an attack on availability. An asset of the system is destroyed or becomes unavailable or unusable. Examples include destruction of a piece of hardware, such as hard disk, the
cutting of a communication line, or disabling of the le management system.
Interception: This is an attack on condentiality. An authorized party, e.g., a person, a program, or

a computer, gains access to an asset. Examples include wiretapping to capture data in a network,
the illicit copying of les or programs.
Modication: This is an attack on integrity. An unauthorized party not only gains access to but
15
Informally, a dependable computer system is one that we justiably trust to deliver its services. (Laprie, 1995) Dependability includes availability, reliability, safety, and maintainability.
34
Introduction
1.2: Passive Attack: Release of message contents

tampers with an asset. Examples include changing values in a data le, altering a program so that
it performs differently, and modifying the content of messages being transmitted in a network.
Fabrication: This is an attack on authenticity. An unauthorized party inserts counterfeit objects into
the system. Examples include the insertion of spurious messages in a network or the addition of
records to a le.
A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of
passive attacks and active attacks.
Passive Attack: It is in the nature of eavesdropping on, or monitoring of, transmissions. The main
goal of this kind of attack is to obtain information being transmitted in a network. It can be divided
into to sub-categories: one ie releasing message contents and the other trafc analysis.
a) Releasing Contents: A telephone conversation, an electronic mail message, and a transferred
le many contain sensitive or condential information. See Figure 1.2.
b) Trafc Analysis: It is more subtle. We have a way of masking the content of message or other
information trafc so that opponent, Eve,could not extract the information from the message.
The common way of masking contents is an encryption. However, If we had encrypt the message to protect, the opponent could determine the location and identity of communicating
35
1.3: Passive Attack: Trafc Analysis

hosts and could observe the frequency and length of messages being exchanged. Passive attacks are very difcult to detect, because they do not involve any alteration of the data, but it
is feasible to prevent the success of these attacks. See Figure 1.3.
Active Attack: This type of attacks involve some modication of the date stream or the creation of
a false stream and can be subdivided into four categories.
a) Masquerade: It takes place when one entity pretends to be a different entity. It usually includes
one of the other forms of attack. For example, authentication sequences can be captured and
replace after a valid authentication sequence has take place, thus enabling and authorized
entity with few privileges to obtain extra privileges by impersonating an entity that has those
privileges. See Figure 1.4.
b) Replay: It involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect. See Figure 1.5.
c) Modication of Message: It means that as it literally means. It includes a modication of some
portion of legitimate message is altered, or messages are delayed or reordered, to produce an
unauthorized effect. See Figure 1.6.
d) Denial of Service: It prevents or inhibits the normal use or management of communication
facilities. This attack may have a specic target. The example of this situation is that an entity
36
Introduction
37

may suppress all messages directed to a particular, predetermined destination, e.g., security
audit service. Another form of service denial is the disruption of an entire network, either
by disabling the network or by overloading it with huge amount messages so as to degrade
performance. Active attacks is easy to prevent attackers success because the measures are
available. To do so, we would protect all communication facilities and block every path at all
time. Instead, the goal is to detect them and to recover from any disruption or delays caused
by them. It is because the detection has a deterrent effect, it may also contribute to prevention.
See Figure 1.7.
1.4.5 [Placeholder Names] In cryptology and physics, Alice and Bob are commonly used placeholder names16 .
The following list is drawn mostly from the book Applied Cryptography by Bruce Schneier. Alice
and Bob are archetypes in cryptography; Eve is also common. Names further down the alphabet are
less common.
16
Alice und Bob sind zwei Kunstguren, die seit Jahrzehnten dazu benutzt werden, die Gedankengnge von Kryptologen zu exemplizieren. Es gibt Hunderte von wissenschaftlichen Abhandlungen gespickt mit komplizierten mathematischen Formeln, die sich mit den seltsamen Irrungen und Wirrungen im Leben von Alice und Bob beschftigen.
(Dife, 3. Oct. 2003)
38
Introduction

(1) Alice and Bob: Generally, Alice wants to send a message to Bob. These names were used by Ron
Rivest in the 1978 Communications of the ACM article presenting the RSA cryptosystem, and
in A Method for Obtaining Digital Signatures and Public-Key Cryptosystems published April 4,
1977, revised September 1, 1977, as technical Memo LCS/TM82.
(2) Carol, Carlos or Charlie: As a third participant in communications.
(3) Chuck: As a third participant usually of malicious intent.
(4) Craig: The password cracker.
(5) Dan or Dave: A fourth participant.
(6) Darth: Darth Vader (born Anakin Skywalker) is a ctional character in the Star Wars universe.
He appears in the original trilogy, as well as the prequel trilogy.
(7) Erin: A fth participant.
(8) Eve: An eavesdropper, is usually a passive attacker. While she can listen in on messages between
Alice and Bob, she cannot modify them. In quantum cryptography, Eve may also represent the
environment.
39
(9) Frank: A sixth participant.

(10) Mallet or Mallory: A malicious attacker. Unlike the passive Eve, this one is the active man-inthe-middle attacker who can modify messages, substitute his/her own messages, replay old messages, and so on. The difculty of securing a system against Mallet/Mallory is much greater than
against Eve.
(11) Oscar: An opponent, similar to Mallet/Mallory but not necessarily malicious. Could be white-hat
but still wants to crack, modify, substitute, or replay messages.
(12) Peggy: A prover.
(13) Victor: A verier, It, as well as Peggy, often must interact in some way to show that the intended
transaction has actually taken place. They are often found in zero-knowledge proofs.
(14) Sybil: An attacker who marshals a large number of pseudonymous identities, e.g. to subvert a
reputation system.
(15) Trent: A trusted arbitrator, is some kind of neutral third party, whose exact role varies with the
protocol under discussion.
(16) Walter: A warden, may be needed to guard Alice and Bob in some respect, depending on the
protocol being discussed.
(17) Wendy: A whistleblower, is an insider threat with privileged information.
1.4.6 [The Challenges of Computer Security] Computer and network security is both fascinating
and complex. Some of the reasons follow:
(1) Security is not as simple as you may think. The requirements seem to be straightforward; indeed,
most of the major requirements for security services can be given self-explanatory, one-word labels: condentiality, authentication, nonrepudiation, or integrity. But the mechanisms used to
meet those requirements can be quite complex and understanding them may involve rather subtle reasoning.
(2) In developing a particular security mechanism or algorithm, one must always consider potential
attacks on those security features. In many cases, successful attacks are designed by looking at
the problem in a completely different way, therefore exploiting an unexpected weakness in the
mechanism.
40
Introduction
(3) Because of point (2), the procedures used to provide particular services are often counterintuitive.Typically, a security mechanism is complex, and it is not obvious from the statement of a
particular requirement that such elaborate measures are needed. It is only when the various aspects of the threat are considered that elaborate security mechanisms make sense.
(4) Having designed various security mechanisms, it is necessary to decide where to use them. This
is true both in terms of physical placement (e.g., at what points in a network are certain security
mechanisms needed) and in a logical sense [e.g., at what layer or layers of an architecture such as
TCP/IP (Transmission Control Protocol/Internet Protocol) should mechanisms be placed].
(5) Security mechanisms typically involve more than a particular algorithm or protocol. They also
require that participants be in possession of some secret information (e.g., an encryption key),
which raises questions about the creation, distribution, and protection of that secret information.
There also may be a reliance on communications protocols whose behavior may complicate the
task of developing the security mechanism. For example, if the proper functioning of the security
mechanism requires setting time limits on the transit time of a message from sender to receiver,
then any protocol or network that introduces variable, unpredictable delays may render such
time limits meaningless.
(6) Computer and network security is essentially a battle of wits between a perpetrator who tries to
nd holes and the designer or administrator who tries to close them. The great advantage that
the attacker has is that he or she need only nd a single weakness, while the designer must nd
and eliminate all weaknesses to achieve perfect security.
(7) There is a natural tendency on the part of users and system managers to perceive little benet
from security investment until a security failure occurs.
(8) Security requires regular, even constant, monitoring, and this is difcult in todays short-term,
overloaded environment.
(9) Security is still too often an afterthought to be incorporated into a system after the design is complete rather than being an integral part of the design process.
(10) Many users and even security administrators view strong security as an impediment to efcient
and user-friendly operation of an information system or use of information.
41
1.4.7 [Vulnerabilities] It is sometimes easier to consider vulnerabilities as they apply to all three
broad categories of system resources (hardware, software, and data), rather than to start with the
security goals themselves.
Hardware Vulnerabilities: Hardware is more visible than software, largely because it is composed of physical objects. Because we can see what devices are hooked to the system, it is rather
simple to attack by adding devices, changing them, removing them, intercepting the trafc to
them, or ooding them with trafc until they can no longer function. However, designers can
usually put safeguards in place.
But there are other ways that computer hardware can be attacked physically. Computers have
been drenched with water, burned, frozen, gassed, and electrocuted with power surges. People
have spilled soft drinks, corn chips, ketchup, beer, and many other kinds of food on computing devices. Mice have chewed through cables. Particles of dust, and especially ash in cigarette
smoke, have threatened precisely engineered moving parts. Computers have been kicked, slapped,
bumped, jarred, and punched. Although such attacks might be intentional, most are not; this
abuse might be considered involuntary machine slaughter.
A more serious attack, voluntary machine slaughter or machinicide, usually involves someone who actually wishes to harm the computer hardware or software. Machines have been shot
with guns, stabbed with knives, and smashed with all kinds of things. Bombs, res, and collisions have destroyed computer rooms. Ordinary keys, pens, and screwdrivers have been used
to short-out circuit boards and other components. Devices and whole systems have been carried off by thieves. The list of the kinds of human attacks perpetrated on computers is almost
endless.
Software Vulnerabilities: Computing equipment is of little use without the software (operating
system, controllers, utility programs, and application programs) that users expect. Software can
be replaced, changed, or destroyed maliciously, or it can be modied, deleted, or misplaced
accidentally. Whether intentional or not, these attacks exploit the softwares vulnerabilities.
Software is surprisingly easy to delete. Because of softwares high value to a commercial computing centre, access to software is usually carefully controlled through a process called conguration management so that software cannot be deleted, destroyed, or replaced accidentally.
Conguration management uses several techniques to ensure that each version or release retains its integrity. Software is also vulnerable to modications that either cause it to fail or cause
42
Introduction
it to perform an unintended task. Indeed, because software is so susceptible to off by one errors, it is quite easy to modify. Changing a bit or two can convert a working program into a
failing one.
With a little more work, the change can be much more subtle: The program works well most of
the time but fails in specialized circumstances. For instance, the program may be maliciously
modied to fail when certain conditions are met or when a certain date or time is reached.
Because of this delayed effect, such a program is known as a logic bomb.
Another type of change can extend the functioning of a program so that an innocuous program
has a hidden side effect. For example, a program that ostensibly structures a listing of les
belonging to a user may also modify the protection of all those les to permit access by another
user.
Other categories of software modication include:
Trojan Horse: a program that overtly does one thing while covertly doing another;
Virus: a specic type of Trojan horse that can be used to spread its infection from one
computer to another;
Trapdoor: a program that has a secret entry point; and
Information Leaks in a Program: code that makes information accessible to unauthorized
people or programs.
At last, software theft includes unauthorized copying of software. Software authors and distributors are entitled to fair compensation for use of their product. Unauthorized copying of
software has not been stopped satisfactorily. The legal system is still grappling with the difculties of interpreting paper-based copyright laws for electronic media.
Data Vulnerabilities: Hardware security is usually the concern of a relatively small staff of computing centre professionals. Software security is a larger problem, extending to all programmers
and analysts who create or modify programs. Computer programs are written in a dialect intelligible primarily to computer professionals, so a leaked source listing of a program might
very well be meaningless to the general public.
Printed data, however, can be readily interpreted by the general public. Because of its visible
nature, a data attack is a more widespread and serious problem than either a hardware or software attack. Thus, data items have greater public value than hardware and software because
43
1.8: Model for Network Security

more people know how to use or interpret data. By themselves, out of context, pieces of data
have essentially no intrinsic value. It is hard to measure the value of a given data item.
Typically, both hardware and software have a relatively long life. No matter how they are valued
initially, their value usually declines gradually over time. By contrast, the value of data over time
is far less predictable or consistent. Initially, data may be valued highly. However, some data
items are of interest for only a short period of time, after which their value declines precipitously.
1.4.8 [A Model for Network Security] In a model captured in very general terms in Figure 1.8,
message is to be transferred from one party to another across some sort of Internet service. The two
parties, who are the principals in this transaction, must cooperate for the exchange to take place. A
logical information channel is established by dening a route through the Internet from source to
destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to condentiality, authenticity, and so on. All
the techniques for providing security have two components:
A security-related transformation on the information to be sent. Examples include the encryp-
44
Introduction
tion of the message, which scrambles the message so that it is unreadable by the opponent, and
the addition of a code based on the contents of the message, which can be used to verify the
identity of the sender.
Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble
the message before transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two principals
concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a particular security service:
(1) Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.
(2) Generate the secret information to be used with the algorithm.
(3) Develop methods for the distribution and sharing of the secret information.
(4) Specify a protocol to be used by the two principals that makes use of the security algorithm and
the secret information to achieve a particular security service.
There are other security-related situations of interest that do not neatly t this model but are
considered later in the course. A general model of these other situations is illustrated by Figure 1.9,
which reects a concern for protecting an information system from unwanted access. Most readers
are familiar with the concerns caused by the existence of hackers, who attempt to penetrate systems
that can be accessed over a network.
The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking and
entering a computer system. The intruder can be a disgruntled employee who wishes to do damage or
a criminal who seeks to exploit computer assets for nancial gain (e.g., obtaining credit card numbers
or performing illegal money transfers).
Another type of unwanted access is the placement in a computer system of logic that exploits
vulnerabilities in the system and that can affect application programs as well as utility programs,
such as editors and compilers. Programs can present two kinds of threats:
45
1.9: Network Access Security Model

Information access threats: Intercept or modify data on behalf of users who should not have
access to that data.
Service threats: Exploit service aws in computers to inhibit use by legitimate users.
Viruses and worms are two examples of software attacks. Such attacks can be introduced into
a system by means of a disk that contains the unwanted logic concealed in otherwise useful software.They can also be inserted into a system across a network; this latter mechanism is of more concern in network security.
The security mechanisms needed to cope with unwanted access fall into two broad categories (see
Figure 1.9). The rst category might be termed a gatekeeper function. It includes password-based
login procedures that are designed to deny access to all but authorized users and screening logic that
is designed to detect and reject worms, viruses, and other similar attacks. Once either an unwanted
user or unwanted software gains access, the second line of defense consists of a variety of internal
controls that monitor activity and analyze stored information in an attempt to detect the presence of
unwanted intruders.
1.4.9 [Recommended Reading and Web Sites] There are several books and articles provide a
broad introduction to both computer and network security.
(Stallings and Brown 2012) A good resource for understading both computer and network security in broad way.
(Schneier 2000) A valuable reading of any practioner in the eld of computer or network security. It discusses the limitations of technology, and cryptography in particular, in providing
46
Introduction
security and the need to consider the hardware, the software implementation, the networks,
and the people involved in providing and attacking security.
It is useful to read some of the classic tutorial papers on computer security; these provide a
historical perspective from which to appreciate current work and thinking. The papers to read
are (Browne 1972; Saltzer and Schroeder 1975; Shankar 1977; Ware 1979) and (Summers 1984).
Two more recent, short treatments of computer security are (Andrews and Whittaker 2004) and
(Lampson 2004). (Guttman and Roback 1995) is an exhaustive (290 pages) treatment of the subject. Another good treatment is (National Research Council 1990). Also useful is (Fraser 1997).
The following Web sites are of general interest related to cryptography and network security:
IETF Security Area: Material related to Internet security standardization efforts.
The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
Tom Dunigans Security page: An excellent list of pointers to cryptography and network security Web sites.
Peter Gutmanns home page: Good collection of cryptography material.
Helgar Lipmas Cryptology Pointers: Another excellent list of pointers to cryptography and
network security Web sites.
Cryptology ePrint archive: Provides rapid access to recent research in cryptology; consists of a
collection of unrefereed papers.
IEEE Technical Committee on Security and Privacy: Copies of their newsletter and information
on IEEE-related activities.
Computer Security Resource Center: Maintained by the National Institute of Standards and
Technology (NIST); contains a broad range of information on security threats, technology, and
standards.
Computer and Network Security Reference Index: A good index to vendor and commercial
products, FAQs, newsgroup archives, papers, and other Web sites.
Security Focus: A wide variety of security information, with an emphasis on vendor products
and end-user concerns.
47
SANS Institute: Similar to Security Focus. Extensive collection of white papers.

Risks Digest: Forum on risks to the public in computers and related systems.
Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating
security of operating systems, network devices, and applications. Includes case studies and
technical papers.
1.4.10 [Short History of Computers and Computation]

Historically, it is known that the earliest tool for use in computation was the abacus in period 27002300 BCE in Sumer, currently in southen Iraq. To calculate positions of sky objects, the Antikythera17
mechanism, an ancient analog computer dated c. 100 BCE, was designed. It was found in 1901 in the
Antikythera wreck off the Greek island of Antikythera (), between Kythera () and
Crete (), and currently kept at the National Archaeological Museum of Athens. About thousand
years later in the medieval Islamic world, the mechanically geared astrolabe and the torquetum were
used.
In the early 17th century, Scottish mathematician and physicist John Napier discovered logarithms
that the multiplication and the division of numbers could be performed respectively by the addition
and the subtraction. Shortly after his work, the slide rule, in the USA colloquially known as a slipstick,
was invented in the 1620s based on the idea as well as for calculating other fundamental functions,
e.g., roots and powers, logarithms and exponentials, trignometry, etc., and it was used until electronic
computers were introduced in the 1950s.
Around 1640 French mathematician and writer Blasie Pascal (16231662) constructed a mechanical adding device called Pascaline. Around 1672 German mathematician and philosopher Gottfried
Wilhelm von Leibniz18 (16461716) invented Stepped Reckoner (Staffelwalze) for performing addition
and subtraction as well as multiplication and division19 . He described the binary system in number,
It is pronounded as /ntkr/ or /ntkr/.
When he was grown up, as a adult, Gottfried often introduced himself as Gottfried von Leibniz, and his many
posthumously published editions of his works presented his name on the title page as Freiherr G. W. von Leibniz.
However, no document has ever been found that stated his appointment to any form of nobility.
19
According to the book of David Eugene Smith, Gottfried once said, It is unworthy of excellent men to lose hours
like slaves in the labour of calculation which could safely be relegated to anyone else if machines were used.
17
18
48
Introduction
a central ingredient of all modern computers20 .

In 1801, French weaver and merchant Joseph Marie Charles (Jacquard, 17521834) developed a
loom in which the pattern being woven was controlled by punched cards. The series of cards could be
changed without changing the mechanical design of the loom. Nowadays, it is considered a landmark
achievement in programmability of computers.
It was 1837 that English mechanical engineer Charles Babbage (17911871), considered as a father
of the computer, rst described his Analytical Engine, as the successor to his Difference Engine of 1822,
which was considered as the rst model for modern computers. As his assistant Augusta Ada Byron,
popularly known as Ada Lovelace, developed the early concepts of modern computer program and
designed the rst computer algorithm for computing Bernoulli numbers21 .
The mathematical foundations of modern computer science began with incompleteness theorem
by Kurt Gdel in 1931, in which there were limits to what could be proved or disproved within a
formal system consisting of a nite set of symbols and a grammar with sets of axioms and inference
rules. Later, in 1936, Alan Turing and Alonzo Church introduced the formalization of algorithms,
now called Church-Turing thesis which laid a purely mechanical model for computing. Next year
Alan Turing developed his idea of what are now referred to as Turing machines which is not an actual
machine but a mathematical concept, then described what became known as the Universal Turing
machine designed to formally (or mathematically) determine what can be computed. Because of his
important achievement in the history of computer and computer science, his name is featured on the
Turing Award, an annual prize given by the Association for Computing Machinery (ACM) starting
from 1966, and the Turing Test actually proposed by Alan Turing himself in 1950 to exhibit intelligent
behaviour equivalent to, or indistinguishable from, that of a human.
German civil engineer and inventor Konrad Zuse(19101995) developed the worlds rst functional program-controlled computer, Z3, in 1941. The rst practical computer based on the Turing
machine so that could also run stored programs was the Manchester Baby in 1948.
20
However, up to the 1940s, many subsequent computing machines including Babbages machine of 1822 and even
ENIAC of 1945 were based on the decimal system.
k
21
The coefcients, Bk , of Taylor series of the function exx1 : exx1 =
Bk xk! .
k=0
Classical Encryption Techniques

I am fairly familiar with all the forms of secret writings, and am myself the
author of a triing monograph upon the subject, in which I analyze one hundred and sixty separate ciphers, but I confess that this is entirely new to me.
said Holmes.
The Adventure of the Dancing Men, Sir Arthur Conan Doyle.
2.0.11 [Learning Objectives]

After studying this chapter, you should be able to:
Understand the overall development of cryptography in history.
Present an overview of the main concepts of symmetric cryptography.
Explain the difference between cryptanalysis and brute-force attack.
Understand the operation of monoalphabetic substitution cipher.
Understand the operation of polyalphabetic cipher.
Present an overview of the Vigenere cipher and Hill cipher.
Describe the operation of a rotor machine.
49
50
2.1
Terminologies
block cipher
cryptology
Playfair cipher
brute-force attack
deciphering
polyalphabetic cipher
Caesar cipher
decryption
rail fence cipher
cipher
digram
single-key encryption
ciphertext
enciphering
steganography
computationally
secure encryption
stream cipher
conventional encryption
Hill cipher
symmetric encryption
cryptanalysis
monoalphabetic cipher
transposition cipher
cryptographic system
one-time pad
unconditionally secure
cryptography
plaintext
Vigenre cipher
2.2
A Short History of Cryptography
According to the over 1500 years old Kamasutra ( )1 by Vtsyyana ( ), cryptography, or

the art of understanding writing in cipher, and the writing of words in a peculiar way is the 44th of
64 arts, so-called yogas (), that should be known and practised by both men and women.
Cryptography is one of the oldest elds of technical study, going back at least 4000 years or probably more. It is quite noteworthy that of all the cryptographic systems developed in those 4000 years of
effort, only three systems in widespread serious use remain hard enough to break to be of real value.
1
One of the four main goals of life, known as the purusharthas ( ) in Indian philosophies: Dharma(, virtuous
living), Artha (, material prosperity), Kama (, desire), Moksha ( , liberation). The word kma () means desire,
wish, longing in Indian literature. Book 10 of Rigveda ( ) describes the creation of the universe from nothing by the
great heat. There in hymn 129, it states:
|
||
(Thereafter rose Desire in the beginning, Desire the primal seed and germ of Spirit, Sages who
searched with their hearts thought discovered the existents kinship in the non-existent.)
Rigveda, 15th Century BCE

Plain
Cipher
51
2.1: Atbash: A monoalphabetic cipher

One of them takes too much space for most practical uses, another is too slow for most practical uses,
and the third is widely believed to contain serious weaknesses.
The word cryptography, literally secret writing, came from the composition of two Ancient Greek
words k (concealed, private, hidden, secret) and (to draw, to write, to sketch, to indict,
to prosecute).
2.2.1 [Cryptography in Ancient Time] In his 1976 book The Codebreakers: The Story of Secret Writing, famous English writer, journalist, and historian David Kahn (1930 ) mentioned that cryptography probably began in or around 2000 BCE in Egypt, where hieroglyphics2 were used to decorate the
tombs of deceased rulers and kings.
These hieroglyphics told the story of the life of the king and proclaimed the great acts of his life.
They were purposefully cryptic, but not apparently intended to hide the text. Rather, they seem to
have been intended to make the text seem more regal and important. Khnumhotep II, an Egyptian
noble lived during the 12th Dynasty (19191783 BCE) in Beni Hasan (
), was the hereditary
nomarch of Menet Khufu and the Oryx nome of Upper Egypt. According to David Kahn, the earliest
instance of encoded writing is found in his tomb. It is posited that this was intended to be highlystylized funerary language rather than secret communications.
The cryptographic history of Messopotamia was similar to that of Egypt, in that cuneiforms were
used to encipher text. This technique was also used in Babylon and Asyria. In the Bible, a Hebrew
ciphering method is used at times. In this method, the last letter of the alphabet is replaced by the
rst and vice versa, the second last by the second and vice versa, etc. This ciphering method is called
Atbash (). See table 2.1. In the Book of Jeremiah () , we should read ( Lev Kamai) in
51:1 as ( Kasdim, Chaldeans), and ( Sheshakh) in 25:26 and 51:41 as ( Bavel, Babylon).
In the famous ancient Greek epic poem the Iliad, cryptography was used when Bellerophon (-
The word hieroglyph comes from the Greek adjective , a compound of meaning sacred and
meaning carve, engrave, in turn a calque of Egyptian mdww-nr meaning gods words. In linguistics, a calque or
loan translation is a word or phrase borrowed from another language by literal, word-for-word (verbum pro verbo) or
root-for-root translation.
52
) was sent to the king with a secret tablet which told the king to have him put to death. The king
tried to kill him by having him ght several mythical creatures, but he won every battle.
The Spartans used a system which consisted of a thin sheet of papyrus wrapped around a staff,
called a skytale (/sktli
/, ). Messages were written down the length of the staff, and the
papyrus was unwrapped, then letters are scrambled. In order to read the message, the papyrus had
to be wrapped around a staff of equal diameter. This was used in the 5th century BCE to send secret
messages between greek warriors. Without the right staff, it would be difcult to decode the message
using the techniques available at that time. It was indirectly mentioined by Archilochus (,
c. 680c. 645 BCE), then Apollonius of Rhodes ( , . rst half of 3rd century BCE)
explained its use for cryptographic purpose. A Greek historian, biographer, and essayist Plutarch
(, c. 46 CEc. 120) explained the details of its use in his Lives, a series of biographies of
famous men.
The dispatch-scroll is of the following character. When the ephors3 send out an admiral or a general, they make two round pieces of wood exactly alike in length and thickness, so that each corresponds to the other in its dimensions, and keep one themselves, while they give the other to
their envoy. These pieces of wood they call scytalae. Whenever, then, they wish to send some
secret and important message, they make a scroll of parchment long and narrow, like a leathern
strap, and wind it round their scytale, leaving no vacant space thereon, but covering its surface all
round with the parchment. After doing this, they write what they wish on the parchment, just as it
lies wrapped about the scytale; and when they have written their message, they take the parchment off and send it, without the piece of wood, to the commander. He, when he has received it,
cannot otherwise get any meaning out of it,since the letters have no connection, but are disarranged,unless he takes his own scytale and winds the strip of parchment about it, so that, when
its spiral course is restored perfectly, and that which follows is joined to that which precedes, he
reads around the staff, and so discovers the continuity of the message. And the parchment, like
the staff, is called scytale, as the thing measured bears the name of the measure.
Plutarch, Lysander, 19.57, Bernadotte Perrin, Ed
Another Greek method was developed by Polybius (, c.200c.118 BCE), now called Polybius Square (Hist. X.45.6 ff). The letters of the alphabet would be laid out in a ve by ve square, which
is similar to the later Playfair method. Rows and columns are numbered 1 to 5 so that each letter has
3
Ephor (): Literally it means overseer, originally was derived from (over) and (look). One of
the ve annually-elected senior magistrates in various Dorian states, especially in ancient Sparta, where they oversaw
the actions of Spartan kings. Here he is Lysander ()
1
2
3
4
5
A
F
L
Q
V
B
G
M
R
W
C
H
N
S
X
D
I/J
O
T
Y
E
K
P
U
Z
53
2.2: Polybius Square: Adopted for English alphabet. For Greek alphabet consisting of 24 letters,
there was no problem to put two letters in a single square, like I and J in this example.
a corresponding (row, column) pair. See Table 2.2. These pairs could easily be signaled by torches or
hand signals. Decryption consists of mapping the digit pairs back into their corresponding characters. This system was the rst to reduce the size of the symbol set, and in a loose sense it might be
considered the forerunner of modern binary representations of characters.
An ancient Roman general, statement, and consul as well as a notable author of Latin prose, Gaius
Julius Caesar used a system of cryptography, now called Caesar Cipher, which shifted each letter three
places further through the alphabet, e.g. A shifts to D, E shifts to H, etc. See table 2.3. The general
variation of this sort of cipher is the monoalphabetic substitution cipher wherein each letter is mapped
into another letter in a one to one fashion. Actually, this is just one of Caesars ciphers. In another,
Roman letters were replace by Greek. This represents the rst recorded use of a substitution cipher.
It occurred during the Gallic Wars.
The letter he sent written in Greek characters, lest by intercepting it the enemey might to get to
know of our designs.
The Gallic War, Book V, Caesar
A Roman historian Gaius Suetonius Tranquillus(c. 69after 122) described there were several letters from Caesar to Cicero, in which Caesar used the cipher.
There are also letters of his to Cicero, as well as to his intimates on private affairs, and in the latter,
if he had anything condential to say, he wrote it in cipher, that is, by so changing the order of the
letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and
get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so
with the others.
Suetonius, De vita Caesarum, 56
54

Plain
Cipher
A
D
B
E
C
F
D
G
E
H
F
I
G
K
H
L
I
M
K
N
L
O
M
P
N
Q
O
R
P
S
Q
T
R
V
S
X
T
A
V
B
X
C
2.3: Caesars Shift Cipher: Roman Alphabet has only 21 letters.

Hence, the plain text Gallia est omnis divisa in partes tres becomes the cipher
kdoomdhxarpqmxgmbmxdmqsdvahxavhx,
when we ignore spaces between letters and consider the lower and the upper cases as same letters.
There is evidence that Julius Caesar used more complicated systems as well, and one writer, Aulus
Gellius, refers to a treatise (now lost) on his ciphers.
There is even a rather ingeniously written treatise by the grammarian Probus concerning the secret
meaning of letters in the composition of Caesars epistles.
Aulus Gellius, Attic Nights 17.9.15
Herodotus (, 484-425 BCE), in his Histories, tells us of secret messages physically concealed beneath wax on wooden tablets or as a tattoo on a slaves head concealed by regrown hair,
though these are not properly examples of cryptography per se as the message, once known, is directly readable; this is known as steganography4 .
Demaratus (), a king of Sparta () from 515 until 491 BCE, sent a letter to Cleomenes to warn about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface.
He, however, feared detection and had no other way of informing them than this trick:taking
a double tablet, he scraped away the wax from it, and then wrote the kings plan on the wood.
Next he melted the wax back again over the writing, so that the bearer of this seemingly blank
tablet might not be troubled by the way-wardens. When the tablet came to Lacedaemon,
the Lacedaemonians could not guess its meaning, until at last (as I have been told) Gorgo,
Cleomenes daughter and Leonidas wife, discovered the trick herself and advised them to
scrape the wax away so that they would nd writing on the wood. When they did so, they
4
The word steganography is derived from meaning covered, concealed, or protected. Johannes
Trithemius (14621516) used the term in his Steganographia in 1499.
55
found and read the message, and presently sent it to the rest of the Greeks. This is the story,
as it is told.
Herodotus, The Histories, 7.239, A. D. Godley, Ed.
Histiaeus (, died 493 BCE), the son of Lysagoras and the tyrant of Miletus in the late
6th century BCE, tattooed the message that warns to Greece about Persian invasion plans, then
after the hairs grew over it and the message was hidden. The message was exposed by shaving
the head again.
Since Histiaeus desired to give word to Aristagoras that he should revolt and had no other
safe way of doing so because the roads were guarded, he shaved and branded the head of his
most trustworthy slave. He waited till the hair had grown again, and as soon as it was grown,
he sent the man to Miletus with no other message except that when he came to Miletus he
must bid Aristagoras shave his hair and examine his head. The writing branded on it signied
revolt, as I have already said.
Herodotus, The Histories, 5.35, A. D. Godley, Ed.
Harpagus () letter to Cyrus hidden in a hare and carried by a messagner disguised as

hunter.
[...] he had no plan for sending a message but this: he carefully slit the belly of a hare, and
then leaving it as it was without further harm he put into it a paper on which he wrote what
he thought best. Then he sewed up the hares belly, and sent it to Persia by the most trusted of
his servants, giving him nets to carry as if he were a huntsman. The messenger was instructed
to give Cyrus the hare and tell him by word of mouth to cut it open with his own hands, with
no one else present.
Herodotus, The Histories, 1.123-124, A. D. Godley, Ed.
During the Middle Ages, cryptography started to progress. All of the Western European governments used cryptography in one form or another, and codes started to become more popular. Ciphers
were commonly used to keep in touch with ambassadors. The rst major advances in cryptography
were made in Italy. Venice created an elaborate organization in 1452 with the sole purpose of dealing
with cryptography. They had three cipher secretaries who solved and created ciphers that were used
by the government.
The Italian artist, poet, linguist, and philosopher Leon Battista Alberti (14041472) is was known
as The Father of Western Cryptology in part because of his development of polyalphabetic substitution. Polyalphabetic substitution is any technique which allows different ciphertext symbols to represent the same plaintext symbol. This makes it more difcult to interpret ciphertext using frequency
56
analysis. In order to develop this technique, Alberti analyzed the methods for breaking ciphers, and
devised a cipher which would try to render these techniques invalid. He designed two copper disks,
called stabilis and mobilis, that t into each other, each with the alphabet inscribed upon it. To start
enciphering, a predetermined letter on the inner disk (mobilis) is lined up with any letter on the outer
disk (stabilis), which is written as the rst character of the ciphertext. The disks are kept stationary,
with each plaintext letter on the inner disk aligned with a ciphertext letter on the outer disk. After a
few words of ciphertext, the disks are rotated so that the index letter on the inner disk is aligned with
a new letter on the outer disk, and in this manner, the message is enciphered. By rotating the disk
every few words, the cipher changed enough to limit the effectiveness of frequency analysis. Even
though this technique in its stated form is very weak, the idea of rotating the disks and therefore
changing the cipher many times within a message was a major breakthrough in cryptography.
La guerra di Troia non si far. (Play written in 1935 by French dramatist Jean Giraudoux
The next major step was taken in 1518, by Johannes Trithemius (1462-1516), a German monk who
had a deep interest in the occult. He wrote a series of six books called Polygraphia, and in the fth
book, devised a table that repeated the alphabet with each row a duplicate of the one above it, shifted
over one letter. To encode a message, the rst letter of the plaintext is enciphered with the rst row
of the table, the second letter with the second row, and so on. This produces a message where all
available ciphers are used before being repeated.
In 1553, Giovan Battista Bellaso (1505 ) extended this technique by choosing a keyword that is
written above the plaintext, in a letter to letter correspondence. The keyword is restarted at the beginning of each new plaintext word. The letter of the keyword above the letter of the plaintext is the
rst letter of the cipher line to be used. In other words, if the plaintext letter is b, and its keyword
letter is r, then the line of the Trithemius cipher beginning with r is used to encipher the letter b.
The most famous cryptographer of the 16th century was Blaise de Vigenre (15231596). In 1585,
he wrote Traict des Chiffres ou Secrtes Manires dEscrire in which he used a Trithemius table, but
changed the way the key system worked. One of his techniques used the plaintext as its own key.
Another used the ciphertext. The manner in which these keys are used is known as key scheduling,
and is an integral part of the Data Encryption Standard (DES) which we will discuss later.
In 1628, a Frenchman named Antoine Rossignol (1600-1682)5 helped his army defeat the Hugue-
The family name meant nightingale in French. As early as 1406 the word rossignol has served as the French term
for skeleton key or for any tool which opens that which is locked.
57
nots6 by decoding a captured message. He served with swashbuckling facility in the Court of Louis
XIV. The poet Franois le Mtel de Boisrobert(15921662), who originated the idea of Academie Francaise, wrote the rst poem ever written to a cryptologist entitled Epistres en Vers. He was the court
cryptologist of France in the time when Molire (Jean-Baptiste Poquelin, 16221673) was her dramatist, Blaise Pascal (16231662) her philosopher, Jean de La Fontaine (16211695) her fabulist and the
supreme autocrat of the world her monarch. They were inuenced accordingly.
After Rossignols victory, he was called upon many times to solve ciphers for the French government. He used two lists to solve his ciphers: one in which the plain elements were in alphabetical order and the code elements randomized, and one to facilitate decoding in which the code
elements stood in alphabetical or numerical order while their plain equivalents were disarranged.
When Rossignol died in 1682, his son Bonaventure, and later his grandson Antoine-Bonaventure,
continued his work.
By this time, there were many cryptographers employed by the French government. Together,
they formed the Cabinet Noir (the Black Chamber). By the 1700s, Black Chambers were common
in Europe, one of the most renown being that in Vienna. It was called The Geheime Kabinets-Kanzlei and
was directed by Baron Ignaz de Koch between 1749 and 1763. This organization read through all the
mail coming to foreign embassies, copied the letters, resealed them, and returned them to the postofce the same morning. The same ofce also handled all other political or military interceptions, and
would sometimes read as many as hundred letters a day. The English Black Chamber was formed by
an English mathematician John Wallis (1616-1703), a contemporary of Antoine Rossignol, in 1701.
Until that time, he had been solving ciphers for the government in a variety of unofcial positions.
After his death in 1703, his grandson, William Blencowe, who was taught by his grandfather, took
over his position and was granted the title of Decypherer. The English Black Chamber had a long
history of victories in the cryptographic world.
The recent revelation of the monitoring of global Internet trafc by the NSA has led to a public debate. Do you have have seen anything written on the contract between the NSA and, say, the German
intelligence agency, or do you know someone who has seen or directly heard such a deal between
agencies? Do you believe they are friends, and they share everything? Does the German agency pay
the US agency? Are there other intelligence agencies paying the NSA for revealing German data?
Does the German intelligence agency get exclusivity rights on German data? If you think this is
6
The Huguenots are a religious and cultural group who were members of the Protestant Reformed Church of France
during the 16th and 17th centuries and during the mass exodus for those who ed out of France or stayed in the Cvennes,
a range of mountains in south-central France
58
just unbelievable, then you may read the following text from The Code Book by Simon Lehna Singh
(1964 ). On page 59 he writes the situation of Europe in 17th century.
Each European power had its own so-called Black Chamber, a nerve center for deciphering messages and gathering intelligence. The most celebrated, disciplined and efcient Black Chamber
was the Geheime Kabinets-Kanzlei Vienna. [...] As well as supplying the emperors of Austria with
invaluable intelligence, the Viennese Black Chamber sold the information it harvested to other
powers in Europe.
Simon Singh, The Code Book, p. 59
The intelligence agencies collect information on the public. However, given the blurred line between private and public sector it is quite possible that information is sold to third parties. Just last
year it was revealed that German member of parliament Michael Fuchs is a consultant to Hakluyt &
Company, a private intelligence service founded by former MI6 employees7 . Given that humans are
fallible and that their private data will reveal this, it opens the door to blackmail and can corrupt important policy makers, journalists and others in the private as well as the public sector. In this course
we will understand how information security is so important in modern society driven by electrnoic
technologies and telecommunications.
In the colonies, there was no centralized cryptographic organization. Decryption was done predominantly by interested individuals and men of the cloth. In 1775, a letter intercepted from Dr.
Benjamin Church (17341778), the rst Surgeon General of the U. S. Army, was suspected to be a
coded message to the British, yet the American revolutionaries could not decipher it. Their problem
was solved by Elbridge Gerry (17441814), who later became the fth Vice-President, and Colonel
Elisha Porter of the Massachusetts militia. The message proved Churchs guilty of trying to inform
the Tories, and he was later exiled.
Benedict Arnold (17411801), a general during the American Revolutionary War, used a code
wherein each correspondent has an exact copy of the same codebook. Each word of plaintext is
replaced by a number indicating its position in the book (e.g. 3.5.2, means page 3, line 5, word 2).
Arnolds correspondent was caught and hung, so the codebook wasnt used very much. The revolutionaries also employed ciphers during the war. Abraham Woodhull (17501826), known as Samuel
Culper, and Robert Townsend (17531838) supplied General George Washington with much information about British troop strength and movements in and around New York City. The code they
used consisted of numbers which replaced plaintext words. This code was written by Major Benjamin
7
Michael Fuchs bert privaten Nachrichtendienst, Martin Reyher, abgeordnetenWatch.de
59
Tallmadge (17541835), the founder of a spy ring Culper Ring under orders from General George
Washington. For further assurance, they also used invisible ink.
The father of American cryptology is James Lovell (17371814). He was loyal to the colonies, and
solved many British ciphers, some which led to Revolutionary victories. In fact, one of the messages
that he deciphered set the stage for the nal victory of the war.
Former Vice-President Aaron Burr (17561836) and his assistant General James Wilkinson (1757
1825) were exploring the Southwest for possible colonization at the expense of Spain, and there was
some confusion as to whether this colony would belong to the United States or Aaron Burr. Wilkinson
was a Spanish agent, and changed one of Burrs encrypted letters home to make it appear as if Burrs
intentions were to carve out his own country. This letter fell into the hands of President Thomas
Jefferson. Burr was tried and acquitted, but his name was tainted forever.
Around 1795 the wheel cipher was invented by Thomas Jefferson (17431826), an American
Founding Father, the principal author of the Declaration of Independence (1776) and the third President of the United States, and although he never did very much with it, a very similar system was
still in use by the US navy only a few years ago. The wheel cipher consisted of a set of wheels, each
with random orderings of the letters of the alphabet. The key to the system is the ordering in which
the wheels are placed on an axle. The message is encoded by aligning the letters along the rotational
axis of the axle such that the desired message is formed. Any other row of aligned letters can then
be used as the ciphertext for transmission. The decryption requires the recipient to align the letters
of the ciphertext along the rotational axis and nd a set of aligned letters that makes linguistic sense
as plaintext. This will be the message. There is a very small probability that there will be two sensible messages from the decryption process, but this can be checked simply by the originator. Without
knowing the orderings of symbols on the wheels and the ordering of wheels on the axle, any plaintext
of the appropriate length is possible, and thus the system is quite secure for one time use. Statistical
attacks are feasible if the same wheels are used in the same order many times.
In 1817, Colonel Decius Wadsworth (17681821) developed a set of two disks, one inside the other,
where the outer disk had the 26 letters of the alphabet, and the numbers 28, and the inner disk had
only the 26 letters. The disks were geared together at a ratio of 26:33. To encipher a message, the
inner disk is turned until the desired letter is at the top position, with the number of turn required for
this result transmitted as ciphertext. Because of the gearing, a ciphertext substitution for a character
will not repeat itself until all 33 characters for that plaintext letter have been used. Unfortunately,
Wadsworth never got credit for his design, because Charles Wheatstone (18021875) invented an
60
almost identical machine a few years after Wadsworth, and got all the credit.
In 1844, the development of cryptography was dramatically altered by the invention of the telegraph. Communication with the telegraph was by no means secure, so ciphers were needed to transmit secret information. The publics interest in cryptography blossomed, and many individuals attempted to formulate their own cipher systems. The advent of the telegraph provided the rst instance where a base commander could be in instant communication with his eld commanders during battle. Thus, a eld cipher was needed. At rst, the military used a Vigenre cipher with a short
repeating keyword, but in 1863, a solution was discovered by Friedrich Wilhelm Kasiski (18051881),
a German infantry ofcer, cryptographer and archeologist, for all periodic polyalphabetic ciphers
which up until this time were considered unbreakable, so the military had to search for a new cipher
to replace the Vigenre.
The Black Chambers of Europe continued to operate and were successful in solving most American ciphers, but without a war underway, their usefulness was diminished, and by 1850 they were
dissolved.
In 1854 the Playfair system was invented by Charles Wheatstone and Scottish scientist and Liberal politician Lyon Playfair (18181898) who was born at Chunar (, Bengal, and was the rst
system that used pairs of symbols for encryption. The alphabet is laid out in a random 5 5 square,
and the text is divided into adjacent pairs. The two letters of the pair are located, and a rectangle is
formed with the two letters at opposite corners. The letters at the other two corners are the two letters
of ciphertext. This is very simple to use, but is not extremely difcult to break. The real breakthrough
in this system was the use of two letters at a time. The effect is to make the statistics of the language
less pronounced, and therefore to increase the amount of work and the amount of ciphertext required
to determine a solution. This system was still in limited use in World War II, and was very effective
against the Japanese. In 1859, American scientist, mathematician Pliny Earle Chase (18201886), developed what is known as the fractionating or tomographic cipher. A two digit number was assigned
to each character of plaintext by means of a table. These numbers were written so that the rst numbers formed a row on top of the second numbers. The bottom row was multiplied by nine, and the
corresponding pairs are put back in the table to form the ciphertext.
Friedrich Wilhelm Kasiski developed a cryptanalysis method in 1863 which broke almost every
existing cipher of that time. The method was to nd repetitions of strings of characters in the ciphertext. The distance between these repetitions is then used to nd the length of the key. Since repetitions
of identically ciphered identical plaintext occur at distances which are a multiple of the key length,
61
nding greatest common divisors of repetition distances will lead to the key length. Once the key
length n is known, we use statistics on every n-th character and the frequency of use implies which
character it represents in that set of ciphertext symbols. These repetitions sometimes occur by pure
chance, and it sometimes takes several tries to nd the true length of the key using this method, but
it is considerably more effective than previous techniques. This technique makes cryptanalysis of
polyalphabetic substitution ciphers quite straight forward.
During the Civil War (18611865), ciphers were not very complex. Many techniques consisted
merely of writing words in a different order and substituting code words for proper names and locations. Where the Union had centralized cipher control, the Confederacy tended to let eld commanders decide their own forms of ciphers. The Vigenre system was widely used by eld commanders, and sometimes led to the Union deciphering messages faster than their Confederate recipients.
The Confederacy used three keywords for most of its messages during the War, Manchester Bluff,
Complete Victory, and Come Retribution. They were quickly discovered by three Union cryptanalysts Charles A. Tinker, Albert B. Chandler, and David Homer Bates, and messages encoded using
them were regularly deciphered by the Union. The use of common words as keys to cryptographic
systems has caused many plaintext messages to be discovered. In fact, the use of common words for
passwords is the most common entry point in modern computer system attacks.
In 1883, Auguste Kerckhoffs wrote La Cryptographie Militaire in which he set forth six basic requirements of cryptography. We note that the easily remembered key is very amenable to attack, and
that these rules, as all others, should be questioned before placing trust in them.
Un grand nombre de combinaisons ingnieuses peuvent rpondre au but quon veut atteindre
dans le premier cas; dans le second, il faut un systme remplissant certaines conditions exceptionnelles, conditions que je rsumerai sous les six chefs suivants:
1 Le systme doit tre matriellement, sinon mathmatiquement, indchiffrable ;

2 Il faut quil nexige pas le secret, et quil puisse sans inconvnient tomber entre les mains
de lennemi ;
3 La clef doit pouvoir en tre communique et retenue sans le secours de notes crites, et tre
change ou modie au gr des correspondants ;
4 Il faut quil soit applicable la correspondance tlgraphique ;
5 Il faut quil soit portatif, et que son maniement ou son fonctionnement nexige pas le concours de plusieurs personnes ;
62

6 Enn, il est ncessaire, vu les circonstances qui en commandent lapplication, que le systme
soit dun usage facile, ne demandant ni tension desprit, ni la connaissance dune longue
srie de rgles observer.
The second statement, now called Kerckhoffss principle, was reformulated by Claude Shannon as
[...] the enemy knows the system being used, i.e., one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them. In that form, it is called Shannons maxim. In contrast to security through obscurity, it is widely embraced by cryptographers.
In the beginning of the 20th century, war was becoming likely in Europe. England spent a substantial effort improving its cryptanalytic capabilities so that when the war started, they were able to
solve most enemy ciphers. The cryptanalysis group was called Room 40 because of its initial location in a particular building in London. Their greatest achievements were in solving German naval
ciphers. These solutions were greatly simplied because the Germans often used political or nationalistic words as keys, changed keys at regular intervals, gave away intelligence indicators when keys
were changed, etc.
Just as the telegraph changed cryptography in 1844, the radio changed cryptography in 1895. Now
transmissions were open for anyones inspection, and physical security was no longer possible. The
French had many radio stations by World War I and intercepted most German radio transmissions.
The Germans used a double columnar transposition that they called BCHI (bungschiffrierung),
which was easily broken by French cryptanalysts. In 1917, the Americans formed the cryptographic
organization MI-8. Its director was Herbert Osborne Yardley (18891958). They analyzed all types
of secret messages, including secret inks, encryptions, and codes. They continued with much success
during and after World War I, but in 1929, Herbert Clark Hoover (18741964) decided to close them
down because he thought it was improper to read others mail. Yardley was hard pressed to nd
work during the depression, so to feed his family, he wrote a book describing the workings of MI8. It was titled The American Black Chamber, and became a best seller. Many criticized him for
divulging secrets and glorifying his own actions during the War. Another American, William Frederick Friedman (18911969), a jewish US Army cryptographer born in Kishinev (, currently
Chiinu), Bessarabia (, currently Moldova), worked with his wife, Elizebeth Smith
Friedman (18921980), to become the most famous husband-and-wife team in the history of cryptology. He developed new ways to solve Vigenre-like ciphers using a method of frequency counts
and superimposition to determine the key and plaintext.
63
Up to 1917, transmissions sent over telegraph wires were encoded in Baudot code8 for use with
teletypes. The American Telephone and Telegraph company (AT&T Corp.) was very concerned with
how easily these could be read, so Gilbert Sandford Vernam (18901960) developed a system which
added together the plaintext electronic pulses with a key to produce ciphertext pulses. It was difcult
to use at times, because keys were cumbersome. Vernam developed a machine to encipher messages,
but the system was never widely used.
The use of cryptographic machines dramatically changed the nature of cryptography and cryptanalysis. Cryptography became intimately related to machine design, and security personnel became
involved with the protection of these machines. The basic systems remained the same, but the method
of encryption became reliable and electromechanical.
In 1929, an American mathematician and educator Lester S. Hill published an article Cryptography in an Algebraic Alphabet in The American Mathematical Monthly. Each plaintext letter was
given a numerical value. He then used polynomial equations to encipher plaintext, with values over
25 reduced modulo 26. To simplify equations, Hill transformed them into matrices, which are more
easily multiplied. This method eliminates almost all ciphertext repetitions, and is not broken with a
normal frequency analysis attack. It has been found that if a cryptanalyst has two different ciphertexts from the same plaintext, and if they use different equations of the same type, the equations can
be solved, and the system is thus broken. To counter charges that his system was too complicated for
day to day use, Hill constructed a cipher machine for his system using a series of geared wheels connected together. One problem was that the machine could only handle a limited number of keys, and
even with the machine, the system saw only limited use in the encipherment of government radio
call signs. Hills major contribution was the use of mathematics to design and analyze cryptographic
systems.
The next major advance in electromechanical cryptography was the invention of the rotor. The
rotor is a thick disk with two faces, each with 26 brass contacts separated by insulating material.
The Baudot code, i nvented by French engineer Jean-Maurice-mile Baudot (18451903), is a character set predating
EBCDIC and ASCII. Technically, ve bit codes began in the 16th century, when Francis Bacon (15611626) developed the
cipher now called Bacons cipher. However, this cipher is not a machine cipher and as such is not readily suitable for
telecommunications Baudot invented his original code in 1870 and patented it in 1874. It was a 5-bit code, with equal
on and off intervals, which allowed telegraph transmission of the Roman alphabet and punctuation and control signals.
It was based on an earlier code developed by German mathematician Carl Friedrich Gauss (17771855) and German
physicist Wilhelm Eduard Weber (18041891) in 1834. It was a Gray code developed by Frank Gray (18871969), a physicist
and researcher at Bell Labs, nonetheless, the code by itself was not patented because French patent law does not allow
concepts to be patented.
64
Each contact on the input (plaintext) face is connected by a wire to a random contact on the output
(ciphertext) face. Each contact is assigned a letter. An electrical impulse applied to a contact on the
input face will result in a different letter being output from the ciphertext face. The simple rotor thus
implements a monoalphabetic substitution cipher. This rotor is set in a device which takes plaintext
input from a typewriter keyboard and sends the corresponding electrical impulse into the plaintext
face. The ciphertext is generated from the rotor and printed and/or transmitted.
The next step separates the rotor from previous systems. After each letter, the rotor is turned so
that the entire alphabet is shifted one letter over. The rotor is thus a progressive key polyalphabetic
substitution cipher with a mixed alphabet and a period of 26. A second rotor is then added, which
shifts its position one spot when the rst rotor has completed each rotation. Each electrical impulse
is driven through both rotors so that it is encrypted twice. Since both rotors move, the alphabet now
has a period of 262 = 676. As more rotors are added the period increases dramatically. With three
rotors, the period is 263 = 17576, with four it is 264 = 456976, and with ve it is 265 = 11881376. In
order for a ve-rotor cipher to be broken with frequency analysis, the ciphertext must be extremely
long.
The rotor system can be broken because, if a repetition is found in the rst twenty-six letters, the
cryptanalyst knows that only the rst rotor has moved, and that the connections are changed only
by that movement. Each successive set of twenty-six letters has this property, and using equations,
the cryptanalyst can completely determine this rotor, hence eliminating one rotor from the whole
problem. This can be repeated for each successive rotor as the previous rotor becomes known, with
the additional advantage that the periods become longer, and thus they are guaranteed to have many
repetitions. This is quite complex to do by hand. The rst rotor machine in the U.S. was invented
by Edward Hugh Hebern (1869 1952) in 1917 and patented in 1921 (US1510441) and he instantly
realized what a success it could be. He founded a company called Hebern Electric Code, which he
promised would be a great nancial success. The company died in a bitter struggle, the Government
bought some of his machines, and he continued to produce them on his own, but never with great
success.
In 2003, it emerged that the rst inventors were two Dutch naval ofcers, Theo A. van Hengel
(1875 1939) and R. P. C. Spengler (1875 1955) in 1915. Previously, the invention had been ascribed to
four inventors working independently and at much the same time: Edward Hugh Hebern, a Swedish
engineer and inventor Arvid Gerhard Damm (? 1927; Patent 52279 in 10 Oct. 1919), a Dutch inventor
Hugo Alexander Koch (1870 1928; Patent NL10700 in 1919) and a German electrical engineer Arthur
Scherbius (1878 1929; ENIGMA, Patent DE416219 in 23 Feb. 1918).
65
During Prohibition, alcohol was transported into the country by illegal smugglers (i.e. rum runners) who used coded radio communication to control illegal trafc and help avoid Coast Guard
patrols. In order to keep the Coast Guard in the dark, the smugglers used an intricate system of
codes and ciphers. The Coast Guard hired Mrs. Elizebeth Smith Friedman to decipher these codes,
and thus forced the rum runners to use more complex codes, and to change their keys more often.
She succeeded in sending many rum runners to jail.
During World War II, the neutral country Sweden had one of the most effective cryptanalysis
departments in the world. It was formed in 1936, and by the time the war started, employed 22 people.
The department was divided into groups, each concerned with a specic language. The Swedes were
very effective in interpreting the messages of all the warring nations. They were helped, however,
by bungling cryptographers. Often the messages that were received were haphazardly enciphered,
or even not enciphered at all. The Swedes even solved a German cipher that was implemented on a
Siemens machine similar to a Baudot machine used to encipher wired messages.
During World War II, the Americans had great success at breaking Japanese codes, while the
Japanese, unable to break US codes, assumed that their codes were also unbreakable. Cryptanalysis was used to thwart the Japanese attack on Midway, a decisive battle in the South Pacic. The
US had been regularly reading Japanese codes before the attack on Pearl Harbor, and knew of the
declaration of war that was presented to the President just after the attack on Pearl Harbor, several
hours before the Japanese embassy in Washington had decoded it. German codes in World War II
were predominantly based on the Enigma machine, which is an extension of the electromechanical
rotor machine discussed above. A British cryptanalysis group, in conjunction with an escaped group
of Polish cryptanalysts, rst broke the Enigma early in WW2, and some of the rst uses of computers were for decoding Enigma ciphers intercepted from the Germans. The fact that these codes were
broken was of such extreme sensitivity, that advanced knowledge of bombing raids on England was
not used to prepare for the raids. Instead, much credit was given to radar, and air raids were given
very shortly before the bombers arrived
In 1948, Shannon published A Communications Theory of Secrecy Systems. Shannon was one
of the rst modern cryptographers to attribute advanced mathematical techniques to the science of
ciphers. Although the use of frequency analysis for solving substitution ciphers was begun many
years earlier, Shannons analysis demonstrates several important features of the statistical nature of
language that make the solution to nearly all previous ciphers very straight forward. Perhaps the
most important result of Shannons famous paper is the development of a measure of cryptographic
strength called the unicity distance
66

The unicity distance is a number that indicates the quantity of ciphertext required in order to
uniquely determine the plaintext of a message. It is a function of the length of the key used to encipher
the message and the statistical nature of the plaintext language. Given enough time, it is guaranteed
that any cipher can be broken given a length of ciphertext such that the unicity distance is 1.
Shannon noted that in a system with an innite length random key, the unicity distance is innite,
and that for any alphabetic substitution cipher with a random key of length greater than or equal to
the length of the message, plaintext cannot be derived from ciphertext alone. This type of cipher is
called a one-time-pad, because of the use of pads of paper to implement it in World War II and
before.
The story of cryptography would be at an end if it werent for the practical problem that in order
to send a secret message, an equal amount of secret key must rst be sent. This problem is not severe
in some cases, and it is apparently used in the hot line between Moscow and Washington, but it is
not the ultimate solution for many practical situations.
Shannon assures us that systems are breakable with sufcient ciphertext, but also introduces the
concept of workload, which embodies the difculty in determining plaintext from ciphertext given
the availability of enough ciphertext to theoretically break the system. An alternative to increasing
unicity distance is the use of systems that tend to increase the workload required to determine solutions to cryptograms. Two important concepts due to Shannons paper are the diffusion and
confusion properties. These form the basis for many modern cryptographic systems because they
tend to increase the workload of cryptanalysis.
Diffusion is the dissipation of the statistical structure behind the language being transmitted. As
an example, making a different symbol for each English word makes statistical occurance rates for
many words difcult to detect in the short run. It also increases the quantity of data needed to decode
messages because each word is treated as a symbol, and increases the difculty of analysis once
sufcient data is gathered because meaningful words are rarely repeated and the possible number
of sentences with the, and, or, and other similar oft repeated words, is very large. Similarly, the
random use of obscure synonyms for recurrent words tends to dissipate the ability to make statistical
attacks against this system since it tends to equalize the chances of different words in the language
occurring in the plaintext and thus tends to delay the statistical analysis of word occurance. Strange
sentence structures have a similar effect on the cryptanalysis process.
Confusion is the obscuring of the relationship between the plaintext, the key, and the ciphertext.
As an example, if any bit of the key has a 50 % chance of affecting any bit of the ciphertext, statistical
67
attacks on the key require solving a large number of simultaneous equations. In a simple XOR encoding, where each bit of plaintext is XORed with a single bit of key to give a single bit of ciphertext,
each key bit only effects a single ciphertext bit. For addition in a modulus, each key bit and input bit
potentially effect each output bit (although not with 50 % probability in this case). Multiplication or
exponentiation in a modulus tends to increase confusion to a higher degree than addition, and is the
basis for many ciphers.
Extensions to Shannons basic theories include the derivation of an index of coincidence that
allows approximations of key length to be determined purely from statistical data, the development
of semi-automated techniques for attacking cryptographic systems, and the concept of using computational complexity for assessing the quality of cryptographic systems.
2.2.2 [Hebrew Alphabet] The Hebrew Alphabet ( , alefbet Ivri) has twenty-two letters, from Aleph to Taw. See Table 2.4. It is used in the writing of the Hebrew language, as well as
other Jewish languages, most notably Yiddish, Ladino, and Judeo-Arabic. In the traditional form, the
Hebrew alphabet is an abjad9 consisting only of consonants, written from right to left.
1. It has twenty-two letters and ve (, , , , )of which use different forms at the end of a word.
These special nal forms are called sot( )meaning nal, or ending.
2. Historically, the six consonants , , , , , each had two sounds: one hard (plosive), and one
soft (fricative), depending on the position of the letter and other factors. When vowel diacritics
are used, the hard sounds are indicated by a central dot called dagesh (), while the soft sounds
lack a dagesh. In modern Hebrew, however, the dagesh only changes the pronunciation of ,
,, and doesnt affect the name of the letter. Here ( with dagesh) sounds /b/ like bun, but
( without dagesh) sounds /v/ like van. Similarly, and respectively sound /k/ and //,
like kangaroo and loch, respectively. The letter sounds /p/ like pass and sounds /f/
like f ind.
3. The letter, , represents two separate phonemes10 They are not mutually allophonic11 . The letter
( right dot) sounds // like shop in English, and ( left dot) sounds /s/ like sour in English.
9
An abjad is a type of writing system where each symbol always or usually stands for a consonant, leaving the reader
to supply the appropriate vowel. This word is suggested by Peter T. Daniels (1951 ) to replace the common terms consonantary, consonantal alphabet, or syllabary to refer to the family of scripts called West Semitic.
10
A basic unit of a languages phonology, which is combined with other phonemes to form meaningful units such as
words or morphemes.
11
In phonology, an allophone is one of a set of multiple possible spoken sounds
68

Letter
Aleph
Beth
Gimel
Daleth
He
Waw
Zayin
Heth
Teth
Yod
Kaph
10
20
Lamed
Mem
Nun
Samekh
Ayin
Pe
Sadhe
Qoph
Resh
Shin
Taw
Numeric
Value
30
40
50
60
70
80
90
100
200
300
400
Vowel
Diacritics
Zeire
Segol
Patach
Kamatz
Shuruk
Kubutz
/ i/
/e/
/e/
/ /
//
Holam
Male
/o/
Hiriq
Holam
Haser
/o/
/u/
/u/
Name
Numeric
Value
Letter
Name
IPA
Shva
2.4: Hebrew Alphabet

4. Hebrew letters are used to denote numbers (see also Table 2.4), nowadays used only in specic
contexts, e.g. denoting dates in the Hebrew calendar. The numbers 500, 600, 700, 800 and 900
are commonly represented by the juxtapositions , , , , , respectively. Adding a
geresh ()( , an apostrophe) to a letter multiplies its value by one thousand.
5. In the traditional form, vowels are indicated by the weak consonants Aleph, He, Waw, or Yod
serving as vowel letters, or matres lectionis. To preserve the proper vowel sounds, scholars developed several different sets of vocalization and diacritical symbols called niqqud , literally
applying points.
A5
Notes
69
Bibliography
Andrews, Mike, and James A. Whittaker. 2004. Computer Security. IEEE Security & Privacy (5): 69
71.
Ashbaugh, David R. 1999. Quantitative-Qualitative Friction Ridge Analysis: An Introduction to Basic and
Advanced Ridgeology. Boca Raton: CRC Press.
Barnard, Lynette, and Rossouw von Solms. 2000. A formalized approach to the effective selection
and evaluation of information security controls. Computers & Security 19 (2): 185194.
British Standards Institute. 1999. Code of practice for information security management. (London),
no. DISC PD 0007.
Browne, Peter S. 1972. Computer Security: A Survey. ACM SIGMIS Database 4 (3): 112.
Dife, Whiteld. 3. Oct. 2003. Der Robin Hood der Kryptologie [in German]. Neue Zrcher Zeitung.
http://www.nzz.ch/aktuell/startseite/article94A1X-1.311578.
Fraser, B. 1997. Site Security Handbook: RFC 2196/FYI 8. https://www.ietf.org/rfc/rfc2196.txt.
Guttman, Barbara, and Edward A. Roback. 1995. An Introduction to Computer Security: The NIST Handbook, NIST special Publication 800-12. http://csrc.nist.gov/publications/nistpubs/800-12/.
Lampson, Butler W. 2004. Computer Security in the Real World. Computer 37 (6): 3746.
Layton Sr., Timothy P. 2005. Information Security Awareness: Psychology Behind the Technology. Bloomington: AuthorHouse.
Makin, Peter, and Charles Cox. 2004. Changing Behaviour at Work: A Practical Guide. New York: Routledge.
McLean, Kevin. 1992. Information Security Awareness-Selling the Cause. in Proceedings of the IFIP
TC11, Eighth International Conference on Information Security, IFIP/Sec92, Singapore, 2729 May,
1992, edited by G. G. Gable and Singapore Computer Society, 179193. Amsterdam: NorthHolland Publishing Co.
National Research Council. 1990. Computers at Risk: Safe Computing in the Information Age. Washington,
D.C.: National Academies Press.
71
72
BIBLIOGRAPHY
OBrien, James A. 1999. Managing information systems: Managing information technology in the internetworked enterprise. 4th ed. Berlin: Irwin/McGraw-Hill.
Peeger, Charles P., and Shari Lawrence Peeger. 2006. Security in Computing. 3rd ed. Upper Saddle
River, NJ: Prentice Hall.
Saltzer, Jerome H., and Michael D. Schroeder. 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE 63 (9): 12781308.
Schneier, Bruce. 2000. Secrets and Lies: Digital Security in a Networked World. New York: Wiley.
Shankar, K. S. 1977. The Total Computer Security Problem: An Overview. Computer 10 (6): 5073.
Simmons, Gustavus J. 1999. Contemporary Cryptology: The Science of Information Integrity. IEEE Press.
Siponen, Mikko T. 2000. A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8 (1): 3141.
. 2001. Five Dimensions of Information Security Awareness. ACM SIGCAS Computers and
Society 31 (2): 2429.
Solms, Rossouw von. 1998. Information security management (1): Why information security is so
important. Information Management and Computer Security 6 (4): 174177.
Spurling, Phil. 1995. Promoting Security awarenss and commitment. Information Management and
Computer Security 3 (2): 2026.
Stallings, William, and Lawrence Brown. 2012. Comuputer Security. Upper Saddle River, NJ: Prentice
Hall.
Stewart, Geordie Buchanan. 2009. Maximising the Effectiveness of Information Security Awareness Using
Marketing and Psychology Principles. Technical report. Royal Holloway, University of London.
Straub, Detmar W., and Richard J. Welke. 1998. Coping with Systems Risk: Security Planning Models
for Management Decision Making. MIS Quarterly 22 (4): 441464.
Summers, R. 1984. An Overview of Computer Security. IBM Systems Journal 23 (4).
BIBLIOGRAPHY
73
Takemura, Toshihiko, and Ayako Komatsu. 2013. Who Sometimes Violates the Rule of the Organizations?: Empirical Study on Information Security Behaviors and Awareness. in The Economics of
Information Security and Privacy; Edited Proceeding of the 11th Workshop on the Economics of Information Security (WEIS), Berlin, Germany, 2526, Jun. 2012, edited by Rainer Bhme, 95114. Berlin:
Springer-Verlag.
Thompson, M. E., and Rossouw von Solms. 1997. An effective information security awareness program for industry. in Proceedings of WG 11.2 and WG 11.1 of TC11 (IFIP); Information Security
from small systems to Management of Security Infrastructure.
Ware, Willis Howard. 1979. Security Controls for Computer Systems. Technical report. RAND Report
609-1.
. 2005. (1). 46 (4): 347351.

, . 2008. . 15 (3): 110119.

Course - Should Be Kept PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Course - Should Be Kept PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Information System Security

, Dr. rer. nat

Classical Encryption Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

2.1 Terminologies, 50 2.2 A Short History of Cryptography, 50

Information System Security

Course Information and Syllabus

Prof. Yongmoo Kim, Dr. rer. nat.

MR 09001030 @ Rm504, Intl. Hall B

W 13001400 @ Rm314, College of Science

Stallings, William, 2013, Cryptography and Network Security: Principles and

(m: Mark scaled of 100)

Grade scheme is dened in the Art. 30, KMU Regulation

, (Sun Tzu, The Art of War, Chap. 8, The Nine Variations)

1.0.1 [Learning Objectives]

OSI security architecture

Concepts of Information Security

Here H. R. stands for House Resolution.

Concepts of Information Security

different levels in classied information; top secrete,, secrete, and condential.

sion joho ( ). Originally joho was the translation of French renseignement (/ sm /) in

Concepts of Information Security

National Institute of Standards and Technology

1, 125, 721, 038

240, 146, 482

1.2.3 [The Role of Information Security]

Concepts of Information Security

Concepts of Information Security

(Makin and Cox 2004)

Concepts of Information Security

The OSI Security Architecture

The OSI Security Architecture

The OSI Security Architecture

provides a mapping between them.

Attacks, Services, and Mechanisms

Attacks, Services, and Mechanisms

Peer Entity Authentication

Connection Integrity with Recovery

Selective-Field Connection Integrity

1.2: Security Services (X.800)

Attacks, Services, and Mechanisms

Attacks, Services, and Mechanisms

tication, user authentication used for access control purposes.

Attacks, Services, and Mechanisms

Attacks, Services, and Mechanisms

underlie most of the security mechanism in use. Encryption or encryption-like transformations of

(Simmons 1999, p. ix)

1.3: Security Mechanisms (X.800)

Attacks, Services, and Mechanisms

Peer Entity Authentication

1.4: Relationship Between Security Services and Mechanisms

Interception: This is an attack on condentiality. An authorized party, e.g., a person, a program, or

1.2: Passive Attack: Release of message contents

Attacks, Services, and Mechanisms

1.3: Passive Attack: Trafc Analysis

1.4: Passive Attack: Trafc Analysis

1.5: Passive Attack: Trafc Analysis

Attacks, Services, and Mechanisms

1.6: Passive Attack: Trafc Analysis

1.7: Passive Attack: Trafc Analysis

Attacks, Services, and Mechanisms

(9) Frank: A sixth participant.

Attacks, Services, and Mechanisms

Attacks, Services, and Mechanisms