Addis Ababa University (AAU)

Addis Ababa Institute of Technology- AAiT

School of Information Technology and Engineering – SiTE
BSc – Cybersecurity Stream

Cryptography: Concepts and

Applications
Henock Mulugeta (PhD)

1
Course Objective

• Objective
– Understand the basic concept of cybersecurity
– Understand and analyze the basic concepts of Cryptography
– Understand, apply, and analyze the principles of cryptography
and common applications of Symmetric and Asymmetric
cryptography
– Acquire knowledge on ‘standard’ cryptographic solutions
(algorithms, protocols) used for confidentiality, integrity, non
– repudiation and authenticity and implement cryptographic
standards.
– Understand how to deploy and design Cryptographic
solutions to secure any information system.

2
Learning Outcomes

• After completion of this course, the student will

be able to:
– develop cryptographic solutions and explain their
mathematical structure
– employ modern cryptographic techniques to enhance
overall system security
– use modern cryptographic techniques, such as
– symmetric and asymmetric Cryptography,
– Digital Signatures and Hashing and
– Cryptographic Protocols

3
Course Outline
• Chapter – 1 Introduction to Cybersecurity
– What is Security?
– Computer and Network security definitions
– Cyberspace and cybersecurity definitions
– Who are the attackers
– Sources and consequences of risks
– Types of Vulnerabilities
– Security criteria
– Security attack types
– Security services and mechanisms
– Security model (X.800 and X.805)

4
Course Outline…

• Chapter – 2 Fundamentals of Cryptography

– Cryptography terms and definitions
– Basic concepts in cryptography
– Classical Cryptography
– Principle of modern cryptography
• Chapter - 3 Symmetric cryptography
– Data Encryption Standard (DES) and 3-DES
– Advanced Encryption Standard (AES)

5
Course Outline…
• Chapter – 4 Asymmetric Cryptography
– Introduction to Public key Cryptography
– RSA Public key cryptography
– Key management and distribution protocol
– Diffie – Hellman Public Key Cryptography
• Chapter – 5 Digital signature, PKI, and Certificate Authority
– Digital Signature
• Message authentication
• Security requirements
• Digital Signature Using Public Key
• Digital Signature Using Message Digest (Hash functions)
– Cryptographic Hash functions
• MD5, SHA, MAC
– Public Key Infrastructure (PKI) and Certificate Authorities (CA)
• Distribution of public keys and PKI
• Direct key exchange protocols
• Authenticating users and their public keys with certificates signed by
6
Certificate Authorities (CA)
Course Outline…
Chapter - 6 Applied Cryptography I
• IPSec
– Network Security services
– Types of attacks
– Network Security/Protocols and vulnerabilities
– Attacks on TCP/IP Networks
– Network Layer security
– IP security (IPSec)
– Transport layer attacks and security solutions

7
Course Outline…
Chapter - 7 Applied Cryptography II
• SSL/TLS
– Secured Socket Layer (SSL)
• Secured Electronic Transaction (SET)

Chapter – 8 Introduction to Cryptanalysis

8
Evaluation
• Case study and presentation
• Assignments and Projects
• Quiz and exam

9
Chapter – One

Introduction to Cybersecurity

10
Outline
• What is Security?
• Computer and Network security definitions
• Cyberspace and cybersecurity definitions
• Who are the attackers
• Sources and consequences of risks
• Types of Vulnerabilities
• Security criteria
• Security attack types
• Security services and mechanisms
• Security model (X.800 and X.805)

11
Computer and Network Security
• What is Security?
 Security is about:
• Threats (bad things that may happen, e.g. your money
getting stolen)
• Vulnerabilities (weaknesses in your defenses, e.g. your
front door being made of thin wood and glass)
• Attacks (ways in which the threats may be actualized,
• e.g. a thief breaking through your weak front door
while you and the neighbors are on holiday)

12
Computer and Network Security…

“The most secure

computers are those
not connected
to the Internet and
shielded
from any interference”

13
Computer and Network Security…
• Computer security is about
provisions and policies adopted to
protect information and property from
theft, corruption, or natural disaster
– while allowing the information and
property to remain accessible and
productive to its intended users.
• security of computers against:
– intruders (e.g.,hackers) and
– malicious software (e.g., viruses).

14
Computer and Network Security…
• Network security on the other hand deals with
provisions and policies adopted to prevent and monitor:
– unauthorized access, misuse, modification, or denial of the
computer network and network-accessible resources.

Not Sufficient!!

Internet 15
Cyberspace and Cybersecurity
Definition

• Cyberspace is composed of
hundreds of thousands of
interconnected computers,
servers, routers, switches,
communication link, and
information,
• that allow our critical
infrastructure to work.
Cybersecurity and Cyberspace: Definition…
• Cybersecurity is meant to describe the collection of:
– tools, policies, guidelines, procedures,
– risk management approaches,
– actions, trainings, best practices,
– assurance and technologies
• that can be used to protect the availability, integrity and confidentiality
of assets in the connected infrastructures belong to government,
private organizations and citizens.
• these assets include:
– connected computing devices, personnel, infrastructure, applications,
services, telecommunications systems, and data in the cyber-
environment.
Why Cyberecurity is needed?

• Nations, organizations and their

information systems and networks are
faced with security threats from a wide
range of sources, including:
– Computer-assisted fraud
– Sabotage
– Vandalism
– Fire or flood
– Hacking
– Denial of service attacks
– …
18
Who are the attackers?
• Vandals (Hackers, crackers) driven by intellectual challenge.
• Insiders: employees or customers seeking revenge or gain informal
benefits
• Natural disasters: flooding, fire, storms, earthquake…
• Organized crime seeking financial gain or hiding criminal activities.
• Organized terrorist groups or nation states trying to influence
national policy.
• Foreign agents seeking information (spying) for economic, political, or
military purposes.
• Tactical countermeasures intended to disrupt military capability.
• Large organized terrorist groups
• Cyber attacks

19
Who is a Hacker? Types of Hackers

• A Hacker is a person who finds and exploits the weakness

in computer systems and/or networks to gain access.
• Hackers are usually skilled computer programmers with
knowledge of computer security.
• Hackers are classified according to the intent of their
actions.
• The following list classifies hackers according to their intent.
Types of Hackers
• Ethical Hacker (White hat): A security hacker who gains
access to systems with a view to fix the identified weaknesses.
– They may also perform penetration testing and vulnerability assessments.

• Cracker (Black hat): A hacker who gains unauthorized

access to computer systems for personal gain.
• The intent is usually to steal corporate data, violate privacy rights,
transfer funds from bank accounts etc.

• Grey hat: A hacker who is in between ethical and black hat

hackers.
• He/she breaks into computer systems without authority with a
view to identify weaknesses and reveal them to the system owner.
21
Types of Hackers…
• Script kiddies: A non-skilled person who gains access to
computer systems using already made tools.

• Hacktivist: A hacker who use hacking to send social,

religious, and political, etc. messages.
• This is usually done by hijacking websites and leaving the message
on the hijacked website.

• Phreaker: A hacker who identifies and exploits weaknesses

in telephones instead of computers.

22
Types of Hackers: Motivations and initiatives

Hacktivists Terrorist cyber attack The use of Individual and Insider

might use groups might that steals digital means sophisticated threat actors
computer seek to classified, to attack a criminal typically
network sabotage the sensitive data nation, causing enterprises steal
exploitation to computer or intellectual comparable steal personal proprietary
advance their systems that property to gain harm to information information
political or operate our an advantage actual warfare and extort for personal,
social causes critical over a and/or victims for financial or
infrastructures competitive disrupting the financial gain. ideological
company vital computer reasons.
systems.
23
What kind of War?

• Cyber crime and terrorism has escalated

during recent years
– It is well-organized, advanced technically, well-
financed
• It has adopted a new view
– The old view: quick entry and exit
– The new view: hidden long term presence

We are well not prepared for Cyber War

– and it is Economic war now!!
24
What are the vulnerabilities?

• Physical vulnerabilities (Eg. Computer can be stolen)

• Natural vulnerabilities (Eg. Earthquake)
• Hardware and Software vulnerabilities (Eg. Failures)
• Media vulnerabilities (Eg. Hard disks can be stolen)
• Communication vulnerabilities (Ex. Wires can be tapped)
• Human vulnerabilities (Eg. Insiders)
• Poorly chosen passwords
• Software bugs (non reliability of software)
– buffer overflow attacks
25
What are the vulnerabilities?...
• Automatically running active content: active-x, scripts, Java
programs (applet)
• Open ports: telnet, mail
• Incorrect configuration
– file permissions
– administrative privileges
• Untrained users/system administrators
• Trap doors (intentional security holes)
• Unencrypted communication
• Limited Resources (i.e. TCP connections)

26
Consequences…

• Failure/End of service
• Reduction of QoS, down to Denial of Service (DDoS)
• Internal problems in the enterprise
• Trust decrease from partners (client, providers, share-
holders)
• Technology leakage
• Human consequences (personal data, sensitive data -
medical, insurances, …)

27
Cyberattack eg SCADA

• Supervisory Control & Data

Acquisition Systems (SCADA)
– Used in energy sector for controlling
processes
– Increasingly becoming remotely
controllable via the Internet / wireless!
– Could SCADA be remotely hijacked?
YES

breaching dams, shutting down power

grids, contaminating water supplies etc…
Cybercrime
• Crime committed using a computer and the
internet to steal data and information.

• Categories of cyber-crime:
– The computer as a target: using a computer
to attack other computers.
– The computer as a weapon: using a
computer to commit real world crimes.

29
Cyber-Weapons

• A cyber-weapon is a malware agent

employed for military, terrorist,
or intelligence objectives as part of
a cyberattack.

• The spread of Cyber-weapon will

benefit terrorism efforts.
– Is sponsored or employed by
a state or non-state actor;
– Meets an objective that
require spying or the use of force;
– Is employed against specific targets.
30
Cyber-Warfare
• Cyber-warfare is the use of digital
means for offensive or defensive
military purposes.

• Example
– Israeli attack on the Syrian air defense
system in 2007.
• they shutdown Syrian air defense
system using a cyber-attack.
– USA Sony company attacked by
(Guardians of Peace).
– Irans Stuxnet on nuclear power plant
– Egypt on Ethiopian CIs (GERD dam)
(Cyber_Horus Group) 31
Cyber-Terrorism

• It is an act involving a combination

of the terrorist and the cyber.
• It refers to unlawful attacks and
threats of attacks against computers,
networks and the information stored
therein.
• Cyber-terrorism can either be:
– international,
– domestic, or
– political, ethnic, religious,…
• according to the nature of the act.
32
Weapons of Cyber-terrorist
• IP spoofing
• Password Cracking
• Encryption
• Viruses
• Worms
• Trojan horse
• Logic bombs

• Ransomware

33
Motivations of Cyber-Terrorists
• Cyber terrorist prefer using the cyber-
attack methods because of many advantages
for it.
– It is cheaper than traditional methods.
– The action is very difficult to be tracked.
– There are no physical barriers or check points
to cross.
– They can hide their personalities and location.
– They can use this method to attack a big
number of targets.
– They can do it remotely from anywhere in the
world.
– They can affect a large number of people.
34
Cyberattack surface

Cyber Crime

Will costs $6 trillion greatest transfer of

annually by 2021 economic wealth in
history

greatest threat to the biggest

every company problems with
mankind.
35
Cyber crime cost include

• damage and • Fraud

destruction • telecom, e-
of data commerce

theft of
Technology
intellectual
leakage
property

theft of
DoS and
DDoS
financial
data

• Loss of • lost
Reputation, productivity
brand

36
Cybersecurity Spending

How about we Ethiopians as a nation and

companies? 37
Cybersecurity Challenges

38
Cybersecurity Challenges…

Constant evolution of the nature of cyber threats

New technology may bring new vulnerabilities (SDN, Cloud, IoT,

Blockchain,…)

Increasing sophistication of cybercrime

Evolving tactics used by attackers

Ineffective sharing of threats and mitigation info among stakeholders

Lack of cross-border cooperation

39
Security Requirements
 Properties of Security?
• Security is expressed in terms of:
 Confidentiality (Privacy)
 Integrity
 No repudiation
 Availability (Denial of Service)

• Authentication is a foundations of security

 In its absence, security properties can be violated

40
Security Requirements (in detail)

• To understand the types of threats to security that exist,

first we need to have a definition of security requirements.
• In this section, different security requirements are presented.

Availability
• It requires that computer and network assets are only
available to authorized parties.
• computer and network should provide all the designated services
in the presence of all kinds of security attack.

41
Security Requirements ...

Integrity
• It requires that messages should be modified or altered only by
authorized parties.
– Modification includes writing, changing, deleting, and creating the
message that is supposed to be transmitted across the network.

• Integrity guarantees that no modification, addition, or deletion is

done to the message;
• The altering of message can be malicious or accidental.

42
Security Requirements ...
Confidentiality
• It requires that the message can only be accessible for reading by authorized
parties.
• It also requires that the system should verify the identity of a user.

Authentication
• It means that correct identity is known to communicating parties.
• This property ensures that the parties are genuine not impersonator.

Authorization
• This property gives access rights to different types of users.
– For example a network management can be performed by network
administrator only.

43
Computer and Network Security
Attacks
• Categories of Attacks

– Interruption: An attack on availability

– Interception: An attack on confidentiality

– Modification: An attack on integrity

– Fabrication: An attack on authenticity

44
Computer and Network Security Attacks…
• Categories of Attacks/Threats
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication 45
Security attack types
• The attacks can also be classified by the following criteria.
– Passive or active,
– Internal or external,
– At different protocol layers.
Passive vs. active attacks
• A passive attack attempt to learn or make use of the information
without changing the content of the message and disrupting the
operation of the communication.
• Examples of passive attacks are:
-- Eavesdropping , traffic analysis, and traffic monitoring.

46
Security attack types…

• Active attack attempts to interrupt, modify, delete, or

fabricate messages or information thereby disrupting
normal operation of the network.

• Some examples of active attacks include:

– Jamming, impersonating, modification, denial of service (DoS),
and message replay.

47
Passive Attacks
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
– The goal of the opponent is to obtain information that is being
transmitted
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than detection
• By means of encryption 48
Passive Attacks (1)
Release of Message Contents

49
Passive Attacks (2)
Traffic Analysis

50
Active Attacks
• Active attacks try to alter system resources or affect
their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade of one entity as some other
– Replay previous message
– Modification of messages
– Denial of service (DoS): preventing normal use
• A specific target or entire network

• Difficult to prevent
– The goal is to detect and recover
51
Active Attacks (1)
Masquerade

52
Active Attacks (2)
Replay

53
Active Attacks (3)
Modification of Messages

54
Active Attacks (4)
Denial of Service

55
Security attack types…

Internal vs. External attacks

• External attacks are carried out by hosts that don’t
belong to the network domain, sometimes they are
called outsider.
– E.g.it can causes congestion by sending false routing
information thereby causes unavailability of services.
• In case of internal attack, the malicious node from the
network gains unauthorized access and acts as a genuine
node and disrupts the normal operation of nodes.
• They are also known as insider.

56
Security attack types…
• Attacks on different layers of the TCP/IP model:
• The security attacks can also be classified as according to the
TCP/IP layers. Table shows the attack types at each layer.
Layer Attacks
Application layer E-mail bombing, Repudiation, data
corruption, malicious code attack
(Trojan, maleware,virus,...)
Transport layer Session hijacking, Altering checksum,
SYN flooding.
Network layer IP spoofing, ICMP echo,Worm hole, black
hole, gray hole, Byzantine, flooding
Data link layer Traffic analysis, disruption (E.g MAC
IEEE 802.11 Wi-Fi)
Physical layer Jamming, interception, eavesdropping
Cross-layer attack DoS, impersonation, replay, man-in-the-
57
middle attack
Common security attacks and their
countermeasures
• Finding a way into the network
– Firewalls
• Exploiting software bugs, buffer overflows
– Intrusion Detection Systems
• Denial of Service
– access filtering, IDS
• TCP hijacking
– IPSec
• Packet sniffing
– Encryption (SSL, HTTPS)
• Social problems
58
– Education
Model for Network Security

59
Model for Network Security…
• In considering the place of encryption, its useful to use the
above model.
• Information being transferred from one party to another over an
insecure communications channel,
– in the presence of possible opponents.
• The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place.
• They can use:
– an appropriate security transform (encryption algorithm),
– with suitable keys (secret information),
– possibly negotiated using the presence of a trusted third
party.
60
Model for Network Security…

• Using this model requires to:

1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information (key)
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service

61
Eight Security Dimensions Address the
Breadth of Network Vulnerabilities
•Limit & control access to
network elements, services Access Control
•Provide Proof of Identity
& applications
•Examples: shared secret
•Examples: password, ACL, Authentication key, PKI, digital signature,
firewall
digital certificate
•Prevent ability to deny that
Non-repudiation
an activity on the network •Ensure confidentiality of
occurred data
•Examples: system logs, Data Confidentiality •Example: encryption
digital signatures
•Ensure data is received as
•Ensure information only Communication Security sent or retrieved as stored
flows from source to •Examples: MD5, digital
destination signature, anti-virus
•Examples: VPN, MPLS, Data Integrity
software
L2TP, IPsec, SSL, SSH,…
Availability
•Ensure network elements, •Ensure identification and
services and application network use is kept private
available to legitimate Privacy •Examples: NAT, encryption
users
•Examples: IDS/IPS,
62
network redundancy,
BC/DR
Cybersecurity Challenges
Summary

63
Key Cybersecurity Challenges

Lack of info.
Lack of national Lack of national
security
or regional legal cybersecurity
professionals and
frameworks framework
skills

Lack of international
lack of basic
cooperation
awareness among
between industry
users
experts, academia

Cybersecurity not seen yet as a cross-sector, multi-dimensional

concern.
Still seen as a technical/technology problem. 64
Shift of Cybersecurity Perspective

From To
• Scope: Technical problem Business problem
• Ownership: IT Business
• Costs: Expense Investment
• Execution: Intermittent Integrated, continuous
• Approach: Practice-based Process-based
• Objective: IT security Business continuity

Where are we now?

65
Solutions and recommendations

66
Thank you!

67