CIA Triad in information security o Solves the problem of secure key exchange.

o Solves the problem of secure key exchange. DES (Data RSA (Rivest-Shamir- SHA (Secure Hash  No Key Transmission: The actual shared key SSS is never transmitted. Only the public
symmetric and asymmetric cryptography. o Slower than symmetric encryption due to complex computations.
Feature values AAA and BBB are exchanged, which makes it difficult for an eavesdropper to
Encryption Standard) Adleman) Algorithm)
CIA Triad in Information Security  Examples: RSA, Elliptic Curve Cryptography (ECC). Number theory deduce the key.
The CIA Triad is a foundational model in information security that ensures comprehensive Algorithm  Discrete Logarithm Problem: The security of Diffie-Hellman relies on the
Feistel network (factoring large One-way hash function
protection for information systems. It comprises three primary principles: Chinese Remainder Theorem and its application in cryptography. Basis mathematical difficulty of solving the discrete logarithm problem:
integers)
1. Confidentiality: o Even if an attacker intercepts ggg, ppp, AAA, and BBB, computing aaa or bbb to
Output length depends on
o Ensures that sensitive information is accessible only to authorized individuals or Chinese Remainder Theorem (CRT) and Its Applications in Cryptography 1024, 2048, or higher deduce S=gabmod pS = g^{ab} \mod pS=gabmodp is computationally infeasible
Key Length 56-bit key version (e.g., SHA-256 = 256
systems. The Chinese Remainder Theorem is a mathematical tool used to solve systems of congruences. bits for large ppp values.
bits)
o Protects data from unauthorized access and disclosure. If there are nnn pairwise coprime integers (m1,m2,…,mnm_1, m_2, \dots, m_nm1,m2,…,mn),  Ephemeral DH (Perfect Forward Secrecy): Using different private keys for each
o Techniques and Tools: the theorem guarantees a unique solution modulo the product M=m1×m2×⋯×mnM = m_1 Speed Fast Slow Fast session ensures that past communications remain secure even if long-term private keys
 Encryption (e.g., AES, RSA). \times m_2 \times \dots \times m_nM=m1×m2×⋯×mn for the system of equations: Vulnerable to brute Secure with sufficient Secure with sufficient output are compromised.
Security
 Access controls (e.g., role-based access, multi-factor authentication). x≡a1mod m1x≡a2mod m2⋮x≡anmod mnx \equiv a_1 \mod m_1 x \equiv a_2 \mod m_2 \vdots force key size size
 Secure protocols (e.g., HTTPS, SSL/TLS). x \equiv a_n \mod m_n x≡a1modm1x≡a2modm2⋮x≡anmodmn Encrypting small Key exchange, digital Key Management Processes
o Example: Encrypting a file to prevent unauthorized viewing during transmission.
Common Uses Message integrity verification Key management refers to the lifecycle of cryptographic keys, ensuring their secure generation,
The solution is computed as: blocks of data signatures
2. Integrity: x=∑i=1naiMiyimod Mx = \sum_{i=1}^n a_i M_i y_i \mod M x=i=1∑naiMiyimodM Examples of Legacy encryption SSL/TLS, PGP, digital Password storage, blockchain, distribution, usage, storage, and disposal. Effective key management is crucial for maintaining
o Ensures the accuracy, completeness, and reliability of data. Where Mi=MmiM_i = \frac{M}{m_i}Mi=miM, and yiy_iyi is the modular multiplicative Use Cases systems certificates file integrity the confidentiality and integrity of cryptographic systems.
o Prevents unauthorized modifications or corruption. inverse of Mimod miM_i \mod m_iMimodmi. Key Management Lifecycle:
o Techniques and Tools: Applications in Cryptography: 1. Key Generation:
Diffie-Hellman key exchange process.
 Hashing algorithms (e.g., SHA-256, MD5). 1. RSA Decryption: o Keys must be generated using secure and random methods to avoid predictability.
 Digital signatures. o CRT is used to optimize RSA decryption. o Examples: Hardware security modules (HSMs), random number generators
Diffie-Hellman Key Exchange Process
 Checksums. o Instead of working with the large modulus n=p×qn = p \times qn=p×q, (RNGs).
The Diffie-Hellman (DH) key exchange protocol allows two parties to establish a shared secret
o Example: Verifying a file’s hash value to ensure it wasn’t altered during computations are split into two smaller moduli ppp and qqq, significantly speeding 2. Key Distribution:
key over an insecure channel without directly transmitting the key itself. This shared key can
download. up decryption. then be used for symmetric encryption to secure further communication. o Symmetric Keys: Secure channels (e.g., Diffie-Hellman, pre-shared keys).
3. Availability: 2. Key Generation in Cryptosystems: Steps in the Diffie-Hellman Key Exchange: o Asymmetric Keys: Public key infrastructure (PKI) ensures public key distribution
o Ensures that authorized users can access data and systems when needed. o CRT is used in algorithms where computations are broken into smaller modular and verification.
1. Agree on Public Parameters:
o Protects against disruptions like system failures or DoS/DDoS attacks. arithmetic tasks, such as lattice-based cryptography. 3. Key Storage:
Both parties agree on two publicly known numbers:
o Techniques and Tools: 3. Error Correction: o Keys should be stored securely in encrypted form or hardware-based secure
o A large prime number ppp.
 Redundancy (e.g., failover systems). o CRT is employed in residue number systems for error detection and correction in storage (e.g., HSMs, TPMs).
o A primitive root ggg of ppp.
 Backups and disaster recovery plans. cryptographic hardware implementations. o Avoid embedding keys in source code or transmitting them in plaintext.
2. Private Key Selection:
 Load balancing. 4. Homomorphic Encryption: 4. Key Usage:
o Each party selects a private key:
o Example: Implementing server clustering to maintain access during high traffic or o CRT helps in modular computations that preserve operations on encrypted data. o Define roles and permissions for who can access or use specific keys.
 Alice chooses aaa.
system failure.  Bob chooses bbb.
o Use keys only for their intended purposes (e.g., separate keys for encryption and
Differences Between DES, RSA, and SHA These private keys are kept secret. signing).
Symmetric and Asymmetric Cryptography DES (Data RSA (Rivest-Shamir- SHA (Secure Hash 3. Calculate Public Keys: 5. Key Rotation/Update:
1. Symmetric Cryptography: Feature o Periodically update keys to limit the impact of compromise.
Encryption Standard) Adleman) Algorithm) o Alice computes A=gamod pA = g^a \mod pA=gamodp.
 Definition: Uses a single key for both encryption and decryption. o Use key rotation policies to transition old keys to new ones seamlessly.
Type of Asymmetric o Bob computes B=gbmod pB = g^b \mod pB=gbmodp.
 Key Features: Symmetric encryption Cryptographic hashing 6. Key Revocation:
Algorithm encryption These public keys (AAA and BBB) are shared with each other.
o Faster and more efficient, making it suitable for encrypting large amounts of data. o If a key is compromised or no longer needed, revoke it to prevent further use.
Single key for 4. Exchange and Compute the Shared Secret:
o Requires secure key exchange between sender and receiver. No keys; one-way o In PKI, this involves adding the key to a Certificate Revocation List (CRL) or
Key Usage encryption and Public-private key pair o Alice computes the shared secret as S=Bamod pS = B^a \mod pS=Bamodp.
 Examples: AES, DES, Triple DES, Blowfish. transformation using Online Certificate Status Protocol (OCSP).
decryption o Bob computes the shared secret as S=Abmod pS = A^b \mod pS=Abmodp.
2. Asymmetric Cryptography: Since gabmod p=gbamod pg^{ab} \mod p = g^{ba} \mod pgabmodp=gbamodp, both parties 7. Key Archival and Recovery:
 Definition: Uses a pair of keys—a public key for encryption and a private key for Data confidentiality o Back up keys securely for recovery purposes (e.g., encrypted backup systems).
Purpose Data confidentiality Data integrity arrive at the same shared secret SSS.
decryption. and integrity o Recovery mechanisms should be strictly controlled to prevent unauthorized access.
 Key Features: 8. Key Destruction:
Prevention of Eavesdropping

o At the end of their lifecycle, keys must be securely deleted to prevent unauthorized Kerberos is a network authentication protocol that uses a trusted third-party (Key Distribution o Monitor and synchronize system clocks to avoid replay attacks. 4. Compatibility Issues:
recovery. Center or KDC) to provide secure authentication. o Redundancy for the KDC to avoid single points of failure. o Not all email clients natively support PGP, requiring plugins or third-party tools.
o Methods: Overwriting, hardware degaussing, or physical destruction. Kerberos Vulnerabilities: 2. For ISAKMP: 5. Revocation Challenges:
1. KDC Single Point of Failure: o Implement strong authentication (e.g., certificates, pre-shared keys). o Revoking compromised keys is not straightforward, as previously encrypted
Certifying Authorities (CAs) and Public Key Infrastructure (PKI) security o If the KDC is unavailable or compromised, the entire authentication system fails. o Enable anti-replay protection and use robust encryption algorithms. messages may remain accessible to attackers with old keys.
2. Password-Based Authentication: o Monitor traffic to detect and block DoS attacks.
Certifying Authorities (CAs): o Kerberos often relies on user passwords to generate keys, making it susceptible to o Regularly update and patch the ISAKMP implementation. Effectiveness:
A Certificate Authority (CA) is a trusted entity responsible for issuing, validating, and weak or compromised passwords. By addressing these vulnerabilities, the security of systems using Kerberos and ISAKMP  High Security: When properly configured, PGP provides a strong defense against
revoking digital certificates. These certificates are used to bind public keys to entities (e.g., 3. Replay Attacks: can be significantly improved. eavesdropping, data tampering, and impersonation.
individuals, organizations) to ensure secure communication. o An attacker can intercept and reuse Kerberos tickets within their validity period if Evaluate the effectiveness of PGP in securing email communication signature-based versus  Limited Usability: Complexity hinders widespread adoption among non-technical users.
Roles of CAs: timestamps are not synchronized. anomaly-based firewalls  Better Alternatives for Certain Scenarios: Protocols like S/MIME or secure
1. Issuing Certificates: 4. Key Compromise: Effectiveness of PGP in Securing Email Communication communication platforms may be simpler for enterprise environments.
o CAs verify the identity of an entity (e.g., using documents, domain control o If the session key or Ticket Granting Ticket (TGT) is stolen, an attacker can Pretty Good Privacy (PGP) is a robust cryptographic tool used to secure email communication
validation) before issuing a digital certificate. impersonate the user. by providing confidentiality, integrity, and authenticity.
o Certificates follow standards like X.509. 5. Pre-Authentication Weakness: Strengths of PGP: Firewall
2. Maintaining Trust: o Older Kerberos versions without pre-authentication are vulnerable to brute-force or 1. Encryption: Feature Signature-Based Firewall Anomaly-Based Firewall
o CAs are trusted third parties in the Public Key Infrastructure (PKI). dictionary attacks. o PGP uses a combination of symmetric (e.g., AES) and asymmetric encryption
Detection Basis Predefined attack signatures Behavioral anomalies
o Their public root certificates are pre-installed in operating systems and browsers. 6. Trust Issues: (e.g., RSA) to ensure confidentiality.
Zero-Day Threats Not detected Can be detected
3. Certificate Revocation: o Kerberos assumes complete trust in the KDC and the infrastructure, which can be o Emails are encrypted with a session key (symmetric), and the session key is
o If a certificate is compromised or no longer valid, CAs revoke it. exploited if an insider threat exists. encrypted with the recipient’s public key (asymmetric). False Positives Low High
o Revocation is managed through Certificate Revocation Lists (CRLs) or Online ISAKMP (Internet Security Association and Key Management Protocol): 2. Authentication and Integrity: Update No frequent updates, but training is
Frequent updates for signatures
Certificate Status Protocol (OCSP). ISAKMP is a protocol used to establish and manage Security Associations (SAs) for secure o Digital signatures created with the sender’s private key allow the recipient to verify Requirements needed
Public Key Infrastructure (PKI): communication, often used with IPsec. the sender’s identity and detect tampering. Fast and efficient for known Resource-intensive due to real-time
Performance
PKI is a framework of policies, procedures, and technologies that use public-key cryptography ISAKMP Vulnerabilities: 3. End-to-End Encryption: threats analysis
to secure communications and validate identities. It ensures confidentiality, integrity, 1. DoS Attacks: o Messages remain encrypted from sender to recipient, preventing interception by Protecting against known Detecting unknown threats or insider
authenticity, and non-repudiation. o Attackers can flood the system with fake ISAKMP requests, overwhelming intermediaries such as mail servers. Best Use Case
attacks activity
Components of PKI: resources. 4. Compatibility:
1. Certification Authority (CA): Issues and manages digital certificates. 2. Man-in-the-Middle (MITM) Attacks: o PGP supports multiple email clients and systems, making it a widely applicable
2. Registration Authority (RA): Verifies the identity of entities requesting certificates and o If proper authentication mechanisms (e.g., digital signatures) are not enforced, an solution.
acts as an intermediary between users and the CA. attacker can intercept or manipulate ISAKMP negotiations. 5. Open Standard:
3. Digital Certificates: Contain public keys and information about the key owner, signed 3. Replay Attacks: o OpenPGP ensures transparency and wide adoption with ongoing community
by the CA to establish trust. o Without proper anti-replay mechanisms, attackers can reuse intercepted ISAKMP scrutiny for vulnerabilities.
4. Public and Private Keys: Used for encryption, decryption, and digital signatures. messages to disrupt or hijack sessions.
5. Certificate Revocation Lists (CRLs) and OCSP: Ensure revoked certificates are not 4. Weak Cryptographic Implementations: Limitations of PGP:
used. o Improper or outdated cryptographic algorithms in ISAKMP can be exploited to 1. Complexity for Users:
Uses of PKI: compromise security. o Requires users to generate and manage public/private keys.
 Secure communication (e.g., HTTPS via SSL/TLS). 5. Configuration Issues: o Mismanagement (e.g., losing private keys) can lead to permanent loss of access to
 Email encryption and signing. o Misconfigured SAs (e.g., weak keys, insecure encryption settings) can expose the encrypted messages.
 Digital signatures for documents. system to unauthorized access. 2. No Metadata Protection:
 User authentication in enterprise systems. o While the email content is encrypted, metadata like sender/recipient addresses and
Mitigating Vulnerabilities: subject lines remain exposed.
Security Vulnerabilities Associated with Kerberos and ISAKMP 1. For Kerberos: 3. Key Distribution and Trust:
Kerberos: o Use strong passwords and enforce policies for periodic changes. o Users must verify and trust the recipient’s public key manually or rely on a web of
o Enable pre-authentication. trust or key servers, which can be prone to misuse or attack.