Information Theory for Cyber Security

HTCS401

UNIT 5

Digital and network forensics,

Digital Forensics - It involves the recovery and investigation of material found in digital devices, often in relation to
computer crime.
Sub Branches of Digital Forensics: Computer Forensics, Mobile Device Forensics, Network Forensics, Memory Forensics

Process:

Identification: Recognizing and documenting the potential sources of digital evidence.

Preservation: Protecting the integrity of the evidence, ensuring it is not tampered with or destroyed.

Analysis: Examining the evidence to reconstruct activities or find relevant information.

Documentation: Recording the details and findings of the forensic investigation.

Presentation: Presenting the findings in a clear and understandable manner, often in legal settings.
 Digital and network forensics
Network Forensics - It is a sub-branch of digital forensics focusing on monitoring and analyzing computer network traffic
to gather information, detect anomalies, and provide legal evidence.

Key Objectives:

Intrusion Detection: Identifying unauthorized access or attacks on a network.

Incident Response: Investigating security incidents to understand the scope and impact.

Compliance Monitoring: Ensuring that network usage complies with legal and regulatory requirements.

Fraud Detection: Identifying fraudulent activities conducted over networks.

Techniques:

Packet Sniffing: Capturing and analyzing packets of data as they travel through a network.

Log Analysis: Examining logs from network devices like routers, firewalls, and servers to identify suspicious activities.
 Digital and network forensics
Challenges in Digital and Network Forensics

Data Volume: Handling and analyzing vast amounts of data generated by digital devices and networks.

Encryption: Dealing with encrypted data and communications that can hinder analysis.

Anti-forensic Techniques: Overcoming techniques used by attackers to hide or destroy evidence.

Legal and Ethical Considerations: Ensuring that evidence is collected and analyzed in a manner that is legally
admissible and ethically sound.

Rapid Technological Changes: Keeping up with the evolving technology landscape and new types of digital devices
and network architectures.
 Public Key Infrastructure

Public Key Infrastructure (PKI) is a framework that manages digital keys and certificates to ensure secure electronic
transactions and communications.

It plays a crucial role in cybersecurity by providing mechanisms for encryption, decryption, authentication, and digital
signatures.

Key Components of PKI

Digital Certificates: Issued by trusted entities known as Certificate Authorities (CAs) and include information such as
the owner’s public key, the owner’s name, the CA’s name, and the certificate’s validity period.

Certificate Authorities (CAs): These are trusted organizations that issue digital certificates. They verify the identity of
the entities requesting certificates and ensure that the information in the certificates is accurate.

Registration Authorities (RAs): These entities act as intermediaries between users and CAs. They handle the
verification process on behalf of the CA and ensure that the entity requesting a certificate is legitimate.
 Public Key Infrastructure

Public and Private Keys: PKI relies on asymmetric encryption, which uses a pair of keys – a public key and a private
key. The public key is distributed widely and used to encrypt data, while the private key is kept secret and used to
decrypt data.

Certificate Repositories: These are secure databases where digital certificates and public keys are stored. They allow
users to retrieve certificates as needed for secure communications.

Certificate Revocation Lists (CRLs): These lists are published by CAs to indicate certificates that have been revoked
before their expiration date. This ensures that compromised or invalid certificates are not trusted.

How PKI Works

Key Generation: The user or entity generates a pair of keys (public and private). The private key is kept secure, while
the public key is shared.

Certificate Request: The user submits a certificate signing request (CSR) to a CA, including their public key and other
identification information.
 Public Key Infrastructure

Identity Verification: The CA or RA verifies the user’s identity to ensure they are who they claim to be.

Certificate Issuance: Once the identity is verified, the CA signs the user’s public key with its private key and issues a
digital certificate.

Certificate Distribution: The user’s digital certificate is stored in a certificate repository and can be accessed by
anyone who needs to verify the user’s identity or encrypt data for them.

Secure Communication: Other users or entities can use the public key in the digital certificate to encrypt messages or
verify digital signatures. The recipient uses their private key to decrypt the messages.

Applications of PKI

Secure Email: PKI ensures that emails can be encrypted and digitally signed, verifying the sender’s identity and
protecting the message's content.
 Public Key Infrastructure

SSL/TLS: Websites use PKI to establish secure connections via SSL/TLS protocols. Digital certificates verify the
authenticity of websites and encrypt data transmitted between servers and clients.

Code Signing: Developers use PKI to sign software and code, ensuring that it has not been tampered with and
verifying the identity of the publisher.

Document Signing: Digital signatures are used to sign electronic documents, providing authenticity and integrity.

VPNs: Virtual Private Networks use PKI for authenticating users and encrypting data transmitted over the network.

Benefits of PKI

Security: Provides robust encryption and authentication mechanisms.

Trust: Establishes a trust chain through CAs, ensuring entities are who they claim to be.

Data Integrity: Ensures that data has not been altered in transit.
 Light weight cryptography

It is a branch of cryptography designed to provide security for constrained environments where resources such as
computational power, memory, and energy are limited.

These environments include Internet of Things (IoT) devices, RFID tags, sensor networks, and other embedded
systems.

Lightweight cryptography aims to balance security with efficiency, making it suitable for devices with minimal
capabilities.

Key Features of Lightweight Cryptography

Low Computational Overhead: Algorithms are designed to require minimal computational power, making them
suitable for devices with limited processing capabilities.

Low Memory Usage: The algorithms use minimal memory, ensuring they can run on devices with restricted RAM and
storage.
 Light weight cryptography

Energy Efficiency: Lightweight cryptographic algorithms consume less power, which is crucial for battery-operated
devices.

Compact Code Size: The algorithms are implemented in a way that requires less code space, which is beneficial for
devices with limited firmware storage.

Applications of Lightweight Cryptography

Internet of Things (IoT): Ensuring secure communication between IoT devices that have limited resources.

RFID Tags: Protecting the privacy and integrity of data stored on RFID tags used in supply chains, inventory
management, and contactless payments.

Wireless Sensor Networks: Providing security for sensor nodes that collect and transmit data in environmental
monitoring, healthcare, and industrial applications.
 Elliptic Curve Cryptography and applications

Elliptic Curve Cryptography (ECC) is a form of public key cryptography based on the algebraic structure of elliptic curves
over finite fields. ECC is known for providing the same level of security as other public key algorithms like RSA but with
smaller key sizes, which leads to faster computations, reduced storage requirements, and lower power consumption. This
makes ECC particularly suitable for environments with limited resources, such as mobile devices and IoT applications.

Key Concepts of ECC

Elliptic Curves: An elliptic curve is defined by an equation of the form y2=x3+ax+b over a finite field, where a and b
are constants that determine the shape of the curve.

Points on the Curve: Solutions to the elliptic curve equation form a set of points, which, together with a point at infinity,
create an abelian group.

Scalar Multiplication: The primary operation in ECC is scalar multiplication, where a point on the curve is multiplied by
an integer (scalar) to produce another point on the curve.

Key Pairs: In ECC, each user has a private key (a randomly chosen integer) and a public key (the corresponding point
on the elliptic curve obtained by scalar multiplication).
 Elliptic Curve Cryptography and applications

Advantages of ECC

Stronger Security per Bit: ECC provides stronger security for a given key size compared to other public key
cryptosystems. For example, a 256-bit ECC key offers comparable security to a 3072-bit RSA key.

Efficiency: Smaller key sizes lead to faster computations, reduced bandwidth, and lower power consumption, which
are crucial for resource-constrained environments.

Applications of ECC

SSL/TLS: ECC is used in SSL/TLS protocols to establish secure connections between web browsers and servers,
ensuring data confidentiality and integrity.

Digital Signatures: ECC-based digital signature algorithms, such as ECDSA (Elliptic Curve Digital Signature
Algorithm), are used to verify the authenticity and integrity of digital messages and documents.

Cryptographic Key Exchange: ECC algorithms like ECDH (Elliptic Curve Diffie-Hellman) enable secure key exchange
between parties, allowing them to establish a shared secret over an insecure channel.