UNIT-I

FUNDAMENTALS OF CLOUD
SECURITY CONCEPTS

UNIT 1 1
1.1 OVERVIEW OF CLOUD SECURITY

Cloud security definition

Cloud security is a discipline of cyber security dedicated to securing cloud computing

systems. This includes keeping data private and safe across online-based infrastructure,
applications, and platforms. Securing these systems involves the efforts of cloud providers and the
clients that use them, whether an individual, small to medium business, or enterprise uses.

What is cloud security?

Cloud security is the whole bundle of technology, protocols, and best practices that protect
cloud computing environments, applications running in the cloud, and data held in the cloud.
Securing cloud services begins with understanding what exactly is being secured, as well as, the
system aspects that must be managed.
Scope of Cloud Security
 Physical networks — routers, electrical power, cabling, climate controls, etc.
 Data storage — hard drives, etc.
 Data servers — core network computing hardware and software
 Computer virtualization frameworks — virtual machine software, host machines, and
guest machines
 Operating systems (OS) — software that houses
 Middleware — application programming interface (API) management,
 Runtime environments — execution and upkeep of a running program
 Data — all the information stored, modified, and accessed
 Applications — traditional software services (email, tax software, productivity suites, etc.)
 End-user hardware — computers, mobile devices, Internet of Things (IoT) devices, etc.

Cloud computing components are secure from two main viewpoints

1. Cloud service types are offered by third-party providers as modules used to create the cloud
environment. Depending on the type of service, you may manage a different degree of the
components within the service.
Software-as-a-Service (SaaS)
Platform-as-a-Service
Infrastructure-as-a-Service (IaaS)
 Software-as-a-Service (SaaS) cloud services provide clients access to applications that
are purely hosted and run on the provider's servers. Providers manage the applications,

UNIT 1 2
 data, runtime, middle ware, and operating system. Clients are only tasked with getting their
applications. SaaS examples include Google Drive, Slack, Salesforce, Microsoft 365,
Cisco WebEx, Evernote.
 Platform-as-a-Service cloud services provide clients a host for developing their own
applications, which are run within a client’s own “sandboxed” space on provider servers.
Providers manage the runtime, middleware, operating system. Clients are tasked with
managing their applications, data, user access, end-user devices, and end-user networks.
PaaS examples include Google App Engine, Windows Azure.
 Infrastructure-as-a-Service (IaaS) cloud services offer clients the hardware and remote
connectivity frameworks to house the bulk of their computing, down to the operating
system. Providers only manage core cloud services. Clients are tasked with securing all
that gets stacked atop an operating system, including applications, data, runtimes,
middleware, and the OS itself. In addition, clients need to manage user access, end-user
devices, and end-user networks. IaaS examples include Microsoft Azure, Google Compute
Engine (GCE), Amazon Web Services (AWS).

2. Cloud environments are deployment models in which one or more cloud services create a
system for the end-users and organizations. These segments the management
responsibilities including security between clients and providers.
The currently used cloud environments are:
 Publiccloud environments are composed of multi-tenant cloud services where a client
shares a provider’s servers with other clients, like an office building or co-working space.
These are third-party services run by the provider to give clients access via the web.
 Privatethird-party cloud environments are based on the use of a cloud service that
provides the client with exclusive use of their own cloud. These single-tenant
environments are normally owned, managed, and operated off site by an external provider.
 Private in-house cloud environments also composed of single-tenant cloud service
servers but operated from their own private data center. In this case, this cloud
environment is run by the business themselves to allow full configuration and setup of
every element.
 Multi-cloud environments include the use of two or more cloud services from separate
providers. These can be any blend of public and/or private cloud services.
 Hybridcloud environments consist of using a blend of private third-party cloud and/or
onsite private cloud data center with one or more public clouds.

UNIT 1 3
 Categories of cloud security
 Data security
 Identity and access management (IAM)
 Governance (policies on threat prevention, detection, and mitigation)
 Data retention (DR) and business continuity (BC) planning
 Legal compliance

Data security is an aspect of cloud security that involves the technical end of threat
prevention. Tools and technologies allow providers and clients to insert barriers between the
access and visibility of sensitive data. Among these, encryption is one of the most powerful tools
available. Encryption scrambles your data so that it's only readable by someone who has the
encryption key. If your data is lost or stolen, it will be effectively unreadable and meaningless.
Data transit protections like virtual private networks (VPNs) are also emphasized in cloud
networks.
Identity and access management (IAM) pertains to the accessibility privileges offered to
user accounts. Managing authentication and authorization of user accounts also apply here. Access
controls are pivotal to restrict users — both legitimate and malicious — from entering and
compromising sensitive data and systems. Password management, multi-factor authentication, and
other methods fall in the scope of IAM.
Governance focuses on policies for threat prevention, detection, and mitigation. With SMB
and enterprises, aspects like threat intel can help with tracking and prioritizing threats to keep
essential systems guarded carefully. However, even individual cloud clients could benefit from
valuing safe user behavior policies and training.
These apply mostly in organizational environments, but rules for safe use and response to threats
can be helpful to any user.
Data retention (DR) and business continuity (BC) planning involve technical disaster
recovery measures in case of data loss. Central to any DR and BC plan are methods for data
redundancy such as backups. Additionally, having technical systems for ensuring uninterrupted
operations can help. Frameworks for testing the validity of backups and detailed employee
recovery instructions are just as valuable for a thorough BC plan.
Legal compliance revolves around protecting user privacy as set by legislative bodies.
Governments have taken up the importance of protecting private user information from being
exploited for profit. As such, organizations must follow regulations to abide by these policies. One
approach is the use of data masking, which obscures identity within data via encryption methods.

UNIT 1 4
Cloud security risks

Security threats include:

 Risks of cloud-based infrastructure including incompatible legacy IT frameworks, and
third-party data storage service disruptions.
 Internal threats due to human error such as misconfiguration of user access controls.
 External threats caused almost exclusively by malicious actors, such as malware,
phishing, and DDoS attacks.

Principles of cloud security

1. Never leave the default settings unchanged. Using the default settings gives a hacker
front-door access. Avoid doing this to complicate a hacker’s path into your system.
2. Never leave a cloud storage bucket open. An open bucket could allow hackers to see the
content just by opening the storage bucket's URL.
3. If the cloud vendor gives you security controls that you can switch on, use them. Not
selecting the right security options can put you at risk.

 Use strong passwords. Including a mix of letters, numbers and special characters will
make your password more difficult to crack. Try to avoid obvious choices, like replacing
an S with a $ symbol. The more random your strings are, the better.
 Use a password manager. You will be able to give each application, database, and service
you use separate passwords, without having to remember them all. However, you must
make sure you protect your password manager with a strong primary password.
 Protect all the devices you use to access your cloud data, including smartphones and
tablets. If your data is synchronized across numerous devices, any one of them could be a
weak link putting your entire digital footprint at risk.
 Back up your data regularly so that in the event of a cloud outage or data loss at your
cloud provider, you can restore your data fully. That backup could be on your home PC, on
an external hard drive, or even cloud-to-cloud, as long as you are certain the two cloud
providers don't share infrastructure.
 Modify permissions to prevent any individual or device from having access to all your
data unless it is necessary. For instance, businesses will do this through database
permission settings. If you have a home network, use guest networks for your children, for
IoT devices, and for your TV. Save your 'access all areas' pass for your own usage.
 Protect yourself with anti-virus and anti-malware software. Hackers can access your
account easily if malware makes its way into your system.

UNIT 1 5
  Avoid accessing your data on public Wi-Fi, particularly if it doesn't use strong
authentication. However, use a virtual private network (VPN) to protect your gateway to
the cloud.

1.2 SECURITY SERVICES

 The OSI Architecture is a frameworks that provides a systematic way of defining the
requirements for security and characterizing the approaches to satisfying those
requirements.

 The documents defines security attacks, mechanisms and services and the relationship
among these categories.

 X.800 defines a security service as a service provided by a protocols layer of

comunicating open systems,which ensures adequate security of the systems or of data
transfer.

 A processing or communication service that is provided by a system to give a specific kind

of protection to systems resources.

 Security services implement security policies and area implemented by security

mechanisms.

 Authentication

 Access control

 Data confidentiality

 Data Integrity

 Non reputation

AUTHENTICATION
The authentication service is concerned with assuring that a communication authentic.
In the case of a single message, such as a warning or alarm single, the function of the
authentication service is to assure the recipient that the message is from the source that it
claims to be from.
ACCESS CONTROL
In the context of network security, access control is the ability to limit and control the
access to host systems and applications via communications links.
To achieves this, each entity trying to gain access must first be identified, or authenticated,
so that access rights can be tailored to the individual.

UNIT 1 6
 DATA CONFIDENTIALITY
Confidentiality is the protection of transmitted data from passive attacks. With respect to
the content of a data transmission, several levels of protection can be identified.
The broadest service protects all user data transmitted between two users over a period of time.
The other aspect of confidentiality is the protection of traffic flow from analysis.
This requires that an attacker not be able to observe the sources and destination, frequency,
length, or other characteristics of the traffic on a communication facility.
DATA INTEGRITY
As with confidentiality, integrity can apply to a stream of messages, a single message, or
selected fields with in a message. Again, the most useful and straightforward approach is total
stream protection.
NON REPUTATION
Non reputation prevents either sender or receiver from denying a transmitted messages.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the
message. Similarly, when a message is received, the sender can proves that the alleged
receiver in fact received the message.

1.3 CONVENTIONAL AND PUBLIC - KEY CRYPTOGRAPHY

Conventional encryption is a cryptographic system that uses the same key used by the sender
to encrypt the message and by the receiver to decrypt the message. It was the only type of
encryption in use prior to the development of public-key encryption.

UNIT 1 7
 Conventional encryption has mainly 5 ingredients :

1. Plain text
It is the original data that is given to the algorithm as an input.

2. Encryption algorithm
This encryption algorithm performs various transformations on plain text to convert it into
cipher text.

3. Secret key
The secret key is also an input to the algorithm. The encryption algorithm will produce
different outputs based on the keys used at that time.

4. Cipher text
It contains encrypted information because it contains a form of original plain text that is
unreadable by a human or computer without proper cipher to decrypt it. It is output from
the algorithm.

Decryption algorithm
This is used to run encryption algorithms in reverse. Cipher text and Secret key is input
here and it produces plain text as output.

Requirements for secure use of conventional encryption :

1. We need a strong encryption algorithm.
2. The sender and Receiver must have obtained copies of the secret key in a secure fashion
and must keep the key secure.

Advantages of Conventional Encryption:

1. Simple
This type of encryption is easy to carry out.

2. Uses fewer computer resources

Conventional encryption does not require a lot of computer resources when compared to
public-key encryption.

3. Fast
Conventional encryption is much faster than asymmetric key encryption.

UNIT 1 8
 Disadvantages of Conventional Encryption Model:
1. Origin and authenticity of the message cannot be guaranteed, since both sender and
receiver use the same key, messages cannot be verified to have come from a particular
user.
2. It isn’t much secured when compared to public-key encryption.
3. If the receiver lost the key, he/she cannot decrypt the message and thus making the whole
process useless.
4. This scheme does not scale well to a large number of users because both the sender and the
receiver have to agree on a secret key before transmission.

1.3.1 SYMMETRIC ENCRYPTION

Symmetric encryption is also referred to as conventional encryption or single-key
encryption. It was the only type of encryption in use prior to the development of public-
key encryption. It remains by far the most widely used of the two types of encryption.
A symmetric encryption scheme has five ingredients:
1. Plain text: This is the Original intelligible message or data that is fed in to the algorithm as
input.
2. Encryption Algorithm: The encryption algorithm performs various substitutions and
transformation on the plain text to convert it into cipher text.
3. Secret Key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plain text. The algorithm will produce a different output depending on
the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
4. Cipher text: This is the scrambled message produced as output. It depends on the plain
text and the secret key. For a given message, two different keys will produce different
cipher texts. The cipher text is an apparently random stream of data and, as it stands, is
unintelligible.
5. Decryption Algorithm: This is essentially the encryption algorithm run in reverse. It takes
the cipher text and the secret key as the input and produces the original plain text.

UNIT 1 9
 Fig 1 Simplified Model of Conventional Encryption
There are two requirements for secure use of conventional encryption-
 We need a strong encryption algorithm. At a minimum, we would like the algorithm to be
such that an opponent who known the algorithm and has access to one or more cipher text
would be unable to decipher the cipher text or figure out the key. Usually, this requirement
is stated in a stronger form. The opponent should be unable to decrypt cipher text or
discover the key even if he or she is in possession of a number of cipher text together with
the plain text that produce each cipher text
 Sender and Receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure. If someone can discover the key and knows the algorithm, all
information using this key is readable.

Public Key Cryptography

 Instead of a single key, there is a key pair.

 One of the Keys is kept secret (private key).

 The other key is made available to anyone (public key).

UNIT 1 10
  If one key encrypts, then the other decrypts.

 If one key decrypts, then the other encrypts.

 “Computationally infeasible” to derive the private key from the public-key.

When the two parties communicate to each other to transfer the intelligible or sensible
message, referred to as plain text, is converted into apparently random nonsense for
security purpose referred to as cipher text.
Encryption:
The process of changing the plain text into the cipher text is referred to as encryption.
The encryption process consists of an algorithm and a key. The key is a value
independent of the plain text.

The security of conventional encryption depends on the major two factors:

1. The Encryption algorithm
2. Secrecy of the key

Once the cipher text is produced, it may be transmitted. The Encryption algorithm will
produce a different output depending on the specific key being used at the time.
Changing the key changes the output of the algorithm.
Once the cipher text is produced, it may be transmitted. Upon reception, the cipher text
can be transformed back to the original plain text by using a decryption algorithm and the
same key that was used for encryption.
Decryption:
The process of changing the cipher text to the plain text that process is known as
decryption.
Public Key Encryption : Asymmetric is a form of Cryptosystem in which encryption and
decryption are performed using different keys-Public key (known to everyone) and
Private key (Secret key). This is known as Public Key Encryption.
Difference between Encryption and Public-key Encryption:
Basis Encryption Public-Key Encryption
Required for  Same algorithm with the same  One algorithm is used for encryption and a
Work: key is used for encryption and related algorithm decryption with pair of
decryption. keys, one for encryption and other for
 The sender and receiver must decryption.
share the algorithm and key.

UNIT 1 11
  Receiver and Sender must each have one
of the matched pair of keys (not identical).

 Key must be kept secret.  One of the two keys must be kept secret.
 If the key is secret, it is very  If one of the key is kept secret, it is very
impossible to decipher message. impossible to decipher message.
Required for
 Knowledge of the algorithm plus  Knowledge of the algorithm plus one of
Security:
samples of cipher text must be the keys plus samples of cipher text must
impractical to determine the key. be impractical to determine the other key.

Characteristics of Public Encryption key:

 Public key Encryption is important because it is infeasible to determine the decryption key
given only the knowledge of the cryptographic algorithm and encryption key.
 Either of the two keys (Public and Private key) can be used for encryption with other key
used for decryption.
 Due to Public key cryptosystem, public keys can be freely shared, allowing users an easy
and convenient method for encrypting content and verifying digital signatures, and private
keys can be kept secret, ensuring only the owners of the private keys can decrypt content
and create digital signatures.
 The most widely used public-key cryptosystem is RSA (Rivest–Shamir–Adleman). The
difficulty of finding the prime factors of a composite number is the backbone of RSA.

Example:
Public keys of every user are present in the Public key Register. If B wants to send a
confidential message to C, then B encrypt the message using C Public key. When C
receives the message from B then C can decrypt it using its own Private key. No other
recipient other than C can decrypt the message because only C know C’s private key.

UNIT 1 12
 Components of Public Key Encryption:
 Plain Text:
This is the message which is readable or understandable. This message is given to the
Encryption algorithm as an input.
 Cipher Text:
The cipher text is produced as an output of Encryption algorithm. We cannot simply
understand this message.
 Encryption Algorithm:
The encryption algorithm is used to convert plain text into cipher text.
 Decryption Algorithm:
It accepts the cipher text as input and the matching key (Private Key or Public key) and
produces the original plain text
 Public and Private Key:
One key either Private key (Secret key) or Public Key (known to everyone) is used for
encryption and other is used for decryption

Weakness of the Public Key Encryption:

 Public key Encryption is vulnerable to Brute-force attack.
 This algorithm also fails when the user lost his private key, then the Public key Encryption
becomes the most vulnerable algorithm.
 Public Key Encryption also is weak towards man in the middle attack. In this attack a third
party can disrupt the public key communication and then modify the public keys.
 If user private key used for certificate creation higher in the PKI(Public Key Infrastructure)
server hierarchy is compromised, or accidentally disclosed, then a “man-in-the-middle
attack” is also possible, making any subordinate certificate wholly insecure. This is also
the weakness of public key Encryption.

Applications of the Public Key Encryption:

 Encryption/Decryption:
Confidentiality can be achieved using Public Key Encryption. In this the Plain text is
encrypted using receiver public key. This will ensure that no one other than receiver
private key can decrypt the cipher text.
 Digital signature:
Digital signature is for senders authentication purpose. In this sender encrypt the plain text

UNIT 1 13
 using his own private key. This step will make sure the authentication of the sender
because receiver can decrypt the cipher text using sender’s public key only.
 Key exchange:
This algorithm can use in both Key-management and securely transmission of data.

1.4 HASH FUNCTION

Hashing is the process of generating a value from a text or a list of numbers using a
mathematical function known as a hash function.
A Hash Function is a function that converts a given numeric or alphanumeric key to a
small practical integer value. The mapped integer value is used as an index in the hash table. In
simple terms, a hash function maps a significant number or string to a small integer that can be
used as the index in the hash table.
The pair is of the form (key, value), where for a given key, one can find a value using
some kind of a “function” that maps keys to values. The key for a given object can be calculated
using a function called a hash function. For example, given an array A, if i is the key, then we
can find the value by simply looking up A[i].
Types of Hash functions
There are many hash functions that use numeric or alphanumeric keys. This article
focuses on discussing different hash functions:

1. Division Method.
2. Mid Square Method.
3. Folding Method.
4. Multiplication Method.
Let’s begin discussing these methods in detail.

1. Division Method:
This is the most simple and easiest method to generate a hash value. The hash function
divides the value k by M and then uses the remainder obtained.

Formula:
h(K) = k mod M
Here,
k is the key value, and
M is the size of the hash table.
It is best suited that M is a prime number as that can make sure the keys are more
uniformly distributed. The hash function is dependent upon the remainder of a division.
Example:

UNIT 1 14
 k = 12345
M = 95
h(12345) = 12345 mod 95
= 90

k = 1276
M = 11
h(1276) = 1276 mod 11
=0

Pros:
1. This method is quite good for any value of M.
2. The division method is very fast since it requires only a single division operation.
Cons:
1. This method leads to poor performance since consecutive keys map to consecutive hash values in
the hash table.
2. Sometimes extra care should be taken to choose the value of M.
2. Mid Square Method:
The mid-square method is a very good hashing method. It involves two steps to compute
the hash value-

1. Square the value of the key k i.e. k 2

2. Extract the middle r digits as the hash value.
Formula:
h(K) = h(k x k)
Here,
k is the key value.
The value of r can be decided based on the size of the table.
Example:
Suppose the hash table has 100 memory locations. So r = 2 because two digits are
required to map the key to the memory location.

k = 60
k x k = 60 x 60
= 3600
h(60) = 60

The hash value obtained is 60

UNIT 1 15
Pros:
1. The performance of this method is good as most or all digits of the key value contribute to the
result. This is because all digits in the key contribute to generating the middle digits of the
squared result.
2. The result is not dominated by the distribution of the top digit or bottom digit of the original key
value.
Cons:
1. The size of the key is one of the limitations of this method, as the key is of big size then its
square will double the number of digits.
2. Another disadvantage is that there will be collisions but we can try to reduce collisions.

3. Digit Folding Method:

This method involves two steps:

1. Divide the key-value k into a number of parts i.e. k1, k2, k3,….,kn, where each part has the same
number of digits except for the last part that can have lesser digits than the other parts.
2. Add the individual parts. The hash value is obtained by ignoring the last carry if any.
Formula:
k = k1, k2, k3, k4, ….., kn
s = k1+ k2 + k3 + k4 +….+ kn
h(K)= s
Here,
s is obtained by adding the parts of the key k
Example:
k = 12345
k1 = 12, k2 = 34, k3 = 5
s = k1 + k2 + k3
= 12 + 34 + 5
= 51
h(K) = 51

Note:
The number of digits in each part varies depending upon the size of the hash table.

UNIT 1 16
Suppose for example the size of the hash table is 100, then each part must have two digits except
for the last part which can have a lesser number of digits.

4. Multiplication Method
This method involves the following steps:

1. Choose a constant value A such that 0 < A < 1.

2. Multiply the key value with A.
3. Extract the fractional part of kA.
4. Multiply the result of the above step by the size of the hash table i.e. M.
5. The resulting hash value is obtained by taking the floor of the result obtained in step 4.

Formula:
h(K) = floor (M (kA mod 1))
Here,
M is the size of the hash table.
k is the key value.
A is a constant value.
Example:
k = 12345
A = 0.357840
M = 100

h(12345) = floor[ 100 (12345*0.357840 mod 1)]

= floor[ 100 (4417.5348 mod 1) ]
= floor[ 100 (0.5348) ]
= floor[ 53.48 ]
= 53

Pros:
The advantage of the multiplication method is that it can work with any value between 0
and 1, although there are some values that tend to give better results than the rest.

Cons:
The multiplication method is generally suitable when the table size is the power of two,
then the whole process of computing the index by the key using multiplication hashing is very
fast.

UNIT 1 17
Commonly used hash functions:
Hash functions are widely used in computer science and cryptography for a variety of
purposes, including data integrity, digital signatures, password storage, and more.

There are many types of hash functions, each with its own strengths and weaknesses.
Here are a few of the most common types:

1. SHA (Secure Hash Algorithm): SHA is a family of cryptographic hash functions designed
by the National Security Agency (NSA) in the United States. The most widely used SHA
algorithms are SHA-1, SHA-2, and SHA-3. Here’s a brief overview of each:
 SHA-1: SHA-1 is a 160-bit hash function that was widely used for digital signatures and other
applications. However, it is no longer considered secure due to known vulnerabilities.
 SHA-2: SHA-2 is a family of hash functions that includes SHA-224, SHA-256, SHA-384, and SHA-
512. These functions produce hash values of 224, 256, 384, and 512 bits, respectively. SHA-2 is
widely used in security protocols such as SSL/TLS and is considered secure.
 SHA-3: SHA-3 is the latest member of the SHA family and was selected as the winner of the NIST
hash function competition in 2012. It is designed to be faster and more secure than SHA-2 and
produces hash values of 224, 256, 384, and 512 bits.
2. CRC (Cyclic Redundancy Check): CRC is a non-cryptographic hash function used
primarily for error detection in data transmission. It is fast and efficient but is not suitable for
security purposes. The basic idea behind CRC is to append a fixed-length check value, or
checksum, to the end of a message. This checksum is calculated based on the contents of the
message using a mathematical algorithm, and is then transmitted along with the message.
When the message is received, the receiver can recalculate the checksum using the same
algorithm, and compare it with the checksum transmitted with the message. If the two
checksums match, the receiver can be reasonably certain that the message was not corrupted
during transmission.

The specific algorithm used for CRC depends on the application and the desired level of
error detection. Some common CRC algorithms include CRC-16, CRC-32, and CRC-CCITT.

3. MurmurHash: MurmurHash is a fast and efficient non-cryptographic hash function designed

for use in hash tables and other data structures. It is not suitable for security purposes as it is
vulnerable to collision attacks.
4. BLAKE2: BLAKE2 is a cryptographic hash function designed to be fast and secure. It is an
improvement over the popular SHA-3 algorithm and is widely used in applications that require
high-speed hashing, such as cryptocurrency mining.

UNIT 1 18
BLAKE2 is available in two versions: BLAKE2b and BLAKE2s. BLAKE2b is optimized for
64-bit platforms and produces hash values of up to 512 bits, while BLAKE2s is optimized for 8-
to 32-bit platforms and produces hash values of up to 256 bits.

5. Argon2: Argon2 is a memory-hard password hashing function designed to be resistant to

brute-force attacks. It is widely used for password storage and is recommended by the Password
Hashing Competition. The main goal of Argon2 is to make it difficult for attackers to crack
passwords by using techniques such as brute force attacks or dictionary attacks. It achieves this
by using a computationally-intensive algorithm that makes it difficult for attackers to perform
large numbers of password guesses in a short amount of time.
Argon2 has several key features that make it a strong choice for password hashing and key
derivation:

 Resistance to parallel attacks: Argon2 is designed to be resistant to parallel attacks,

meaning that it is difficult for attackers to use multiple processing units, such as GPUs or
ASICs, to speed up password cracking.
 Memory-hardness: Argon2 is designed to be memory-hard, meaning that it requires a large
amount of memory to compute the hash function. This makes it more difficult for attackers
to use specialized hardware to crack passwords.
 Customizable: Argon2 is highly customizable, and allows users to adjust parameters such as
the memory usage, the number of iterations, and the output length to meet their specific
security requirements.
Resistance to side-channel attacks: Argon2 is designed to be resistant to side-channel attacks,
such as timing attacks or power analysis attacks, that could be used to extract information about
the password being hashed.

6. MD5 (Message Digest 5): MD5 is a widely-used cryptographic hash function that produces a
128-bit hash value. It is fast and efficient but is no longer recommended for security purposes
due to known vulnerabilities. The basic idea behind MD5 is to take an input message of any
length, and produce a fixed-length output, known as the hash value or message digest. This hash
value is unique to the input message, and is generated using a mathematical algorithm that
involves a series of logical operations, such as bitwise operations, modular arithmetic, and
logical functions.
MD5 is widely used in a variety of applications, including digital signatures, password
storage, and data integrity checks. However, it has been shown to have weaknesses that make it
vulnerable to attacks. In particular, it is possible to generate two different messages with the
same MD5 hash value, a vulnerability known as a collision attack.

UNIT 1 19
 There are many other types of hash functions, each with its own unique features and
applications. The choice of hash function depends on the specific requirements of the
application, such as speed, security, and memory usage.

1.5 AUTHENTICATION
In authentication, the user or computer has to prove its identity to the server or client.
Usually, authentication by a server entails the use of a user name and password. Other ways to
authenticate can be through cards, retina scans, voice recognition, and fingerprints.
1.6 DIGITAL SIGNATURE
A digital signature is an electronic, encrypted, stamp of authentication on digital
information such as email messages, macros, or electronic documents. A signature confirms that
the information originated from the signer and has not been altered.
Signing certificate and certificate authority
Signing certificate To create a digital signature, you need a signing certificate, which proves
identity. When you send a digitally-signed macro or document, you also send your certificate and
public key. Certificates are issued by a certification authority, and like a driver’s license, can be
revoked. A certificate is usually valid for a year, after which, the signer must renew, or get a new,
signing certificate to establish identity.
Certificate authority (CA) A certificate authority is an entity similar to a notary public. It
issues digital certificates, signs certificates to verify their validity and tracks which certificates
have been revoked or have expired.

UNIT 1 20
2 marks Questions
1. Define Cryptography.
2. List the any four Substitution techniques
3. Difference between Passive attack and Active attack.
4. Draw the Diagram for Network Security Model.
5. Convert “COPMPUTER SECURITY” using Caesar cipher.
6. Give the advantages of Symmetric key cryptography?
7. List the security mechanisms?
8. Using One Time Pad PT= “hello” Key= “quick” CT=?
9. Draw the Diagram for model of conventional cryptosystem.
10. Convert the given plain text “CLOUD SECURITY” into cipher text using Caesar
cipher.
11. Define Cloud Computing.
12. List out any four elements of security design?
13. Using One Time Pad PT= “welcome” Key= “compute” CT=?
14. List the applications of cryptography?
15. Write any four comparison of hash function and Digital Signature?

Big Questions
16. Explain Symmetric Encryption Model with neat sketch
17. Using playfair Cipher encrypts the message “security”. The key for encryption is “are you ok”
18. Explain Security Services in Cloud.
19. Using hill Cipher encrypt the message “ESSSENTIAL”. The key for encryption is
ABCBCACAB

UNIT 1 21