Information security

CIA Triad (Confidentiality, Integrity, Availability)

1. Confidentiality
○ Ensures that data is kept private and is only accessible to authorized users.
○ Achieved through encryption, access control, and authentication.
2. Integrity
○ Ensures that data is not altered or tampered with during storage or transmission.
○ Achieved through hashing, checksums, and digital signatures.
3. Availability
○ Ensures that data is accessible when needed.
○ Achieved through regular backups, failover systems, and redundancy.

Symmetric Encryption vs Asymmetric Encryption

● Symmetric Encryption
○ Uses the same key for both encryption and decryption.
○ Faster than asymmetric encryption.
○ Key distribution is a challenge (secure key exchange needed).
○ Example algorithms: AES, DES, 3DES.
● Asymmetric Encryption
○ Uses a pair of keys: a public key for encryption and a private key for decryption.
○ Slower than symmetric encryption but more secure for communication over
insecure channels.
○ The public key can be distributed widely, while the private key is kept secret.
○ Example algorithms: RSA, ECC, ElGamal.

Thread Intelligence:

1. OSINT (Open Source Intelligence)

● Definition: OSINT involves collecting data from publicly available sources, such as news
articles, social media, blogs, and websites.
● Importance: It provides valuable insights into potential threats or vulnerabilities that are
publicly discussed or discovered. It can be used to detect emerging threats, trace threat
actors, or even identify early signs of cyber attacks.
● Example: Social media posts about a new exploit or vulnerabilities reported on GitHub.
 Information security

2. Closed Proprietary Intelligence

● Definition: Information collected from private, often commercial, sources or

intelligence-sharing groups. These sources may include private cybersecurity firms,
threat intelligence vendors, or closed-source forums.
● Importance: Provides access to exclusive, high-quality intelligence that may not be
available through public sources, helping organizations stay ahead of targeted attacks.
● Example: Information from threat intelligence platforms like FireEye or CrowdStrike.

3. Vulnerability Database

● Definition: A centralized repository of known vulnerabilities in software, hardware, or

other systems.
● Importance: These databases provide valuable information about existing
vulnerabilities, including patches and updates, helping organizations identify and
mitigate risks.
● Example: National Vulnerability Database (NVD), CVE (Common Vulnerabilities and
Exposures).

4. Public and Private Information Sharing

● Public Information Sharing:

○ Organizations share threat data, incident reports, and best practices with the
broader community.
○ Helps create a collective defense against common threats.
○ Example: Government websites, threat intelligence forums, public advisories.
● Private Information Sharing:
○ Sharing sensitive information within trusted organizations, often through
Information Sharing and Analysis Centers (ISACs) or private groups.
○ More targeted and specific information that is shared to protect critical
infrastructure.
○ Example: Information shared within a sector (e.g., financial sector) regarding
emerging threats.

5. Dark Web

● Definition: A hidden part of the internet that requires special software (like Tor) to
access and is used primarily for illicit activities.
● Importance: Monitoring the dark web can provide early warning signs of potential
attacks, as threat actors may discuss exploits, sell stolen data, or share attack tools.
● Example: A hacker selling compromised credit card data or discussing zero-day exploits
on dark web forums.
 Information security

6. Indicators of Compromise (IOCs)

● Definition: Artifacts or data points that suggest a security breach has occurred, such as
IP addresses, file hashes, domain names, or URLs associated with malicious activities.
● Importance: Identifying IOCs helps detect, respond to, and mitigate cyber attacks. They
are critical for alerting security teams to potential breaches or ongoing attacks.
● Example: A suspicious IP address linked to known attack activity or malware signatures.

7. Automated Indicator Sharing (AIS)

● Definition: A system or platform that automatically shares indicators of compromise

(IOCs) and threat intelligence data between organizations, typically in real-time.
● Importance: Accelerates the identification of emerging threats, enhances response
times, and reduces the risk of attacks by sharing actionable intelligence quickly.
● Example: Platforms like MISP (Malware Information Sharing Platform) or STIX/TAXII
standards used for automated sharing of threat intelligence.

8. Predictive Analysis

● Definition: Using historical data, machine learning, and statistical methods to predict
future cyber threats, attacks, or vulnerabilities.
● Importance: Helps organizations anticipate potential risks and proactively implement
defenses before threats materialize.
● Example: Predicting a rise in ransomware attacks in a specific sector based on past
attack patterns and trends.

9. Threat Maps

● Definition: Visual representations of real-time cyber threat activity, often displaying

active attacks, compromised systems, or malicious traffic.
● Importance: Provides a geographic or network-centric overview of ongoing threats,
helping organizations understand the scope of an attack or identify patterns.
● Example: Live threat maps showing DDoS attacks, botnet activity, or phishing
campaigns across different regions.

10. File/Code Repositories

● Definition: Platforms where developers and security researchers share code or tools,
which can sometimes be used for malicious purposes.
● Importance: Threat actors may upload malware, exploit code, or attack tools to these
platforms, making them valuable sources of intelligence for detecting and preventing
attacks.
● Example: GitHub repositories containing proof-of-concept (PoC) code for vulnerabilities
or exploits.
 Information security

Common Attacks

1. Man-in-the-Middle (MITM) Attack

○ The attacker intercepts and alters communications between two parties without
them knowing.
○ Can be mitigated using encryption (SSL/TLS).
2. Phishing
○ Fraudulent attempts to obtain sensitive information by pretending to be a
trustworthy entity.
○ Usually carried out through email or malicious websites.
3. Denial-of-Service (DoS) Attack
○ Overloads a network or server, making it unavailable to users.
○ Can be mitigated using firewalls, load balancers, and intrusion detection systems.
4. SQL Injection
○ Malicious code is inserted into an SQL query to manipulate the database.
○ Prevented by using parameterized queries and prepared statements.
5. Brute-Force Attack
○ Attacker tries all possible passwords until the correct one is found.
○ Mitigated using strong passwords and account lockout mechanisms.

1. Caesar Cipher

Working:

● The Caesar Cipher is a substitution cipher where each letter in the plaintext is shifted by
a certain number of positions in the alphabet.
● For example, with a shift of 3, 'A' becomes 'D', 'B' becomes 'E', etc.

Advantages:

● Very simple to implement and understand.

● Fast encryption and decryption.
● Requires minimal computational power.

Disadvantages:

● Extremely weak by modern standards, as there are only 25 possible keys (for an
alphabet of 26 letters).
● Vulnerable to frequency analysis, where the most common letter in the ciphertext is
mapped to the most common letter in the language.

Best For: Educational purposes, simple use cases, or scenarios where security is not a priority.
 Information security

2. Affine Cipher

Working:

● The Affine Cipher is also a substitution cipher but uses a more complex encryption
function:

Advantages:

● Stronger than the Caesar cipher because it uses two keys (a and b).
● Provides more variation and security compared to Caesar.

Disadvantages:

● Still vulnerable to frequency analysis, though harder than Caesar.

● Limited key space compared to more complex ciphers.
● Requires the modular inverse, which may not always exist for some key choices.

Best For: Basic encryption tasks with slightly better security than Caesar Cipher.

3. Playfair Cipher

Working:

● The Playfair Cipher encrypts digraphs (pairs of letters) rather than individual letters.
● It uses a 5x5 matrix of letters (usually excluding 'J', which is combined with 'I'). To
encrypt a digraph:
1. If the letters appear in the same row, replace them with the letters to their right.
2. If they are in the same column, replace them with the letters below.
3. If neither, replace them with the letters on the same row but in the other pair’s
column.
 Information security

Advantages:

● Stronger than simple substitution ciphers, especially since it works on pairs of letters.
● Reduces the impact of frequency analysis because the cipher works on digraphs.

Disadvantages:

● Still not very secure by modern standards.

● The key matrix must be kept secret, and if lost, it can be difficult to recover.
● The absence of some letters like 'J' reduces its effectiveness.

Best For: Better security than Caesar or Affine, but still simple enough for manual
encryption/decryption.

4. Vigenère Cipher

Working:

● The Vigenère Cipher is a polyalphabetic substitution cipher. It uses a keyword to shift

letters differently based on the position in the keyword.

Advantages:

● Much stronger than Caesar, as it uses multiple shifts based on the keyword.
● Resists frequency analysis more effectively because the cipher’s pattern changes with
the keyword.

Disadvantages:

● If the keyword is short, it is vulnerable to Kasiski examination or frequency analysis.

● Still not secure by modern cryptographic standards and can be cracked with enough
ciphertext.

Best For: Simple encryption with a reasonable level of security, better than monoalphabetic
ciphers.

5. Hill Cipher
 Information security

Working:

● The Hill Cipher is a polygraphic cipher that encrypts blocks of text (typically 2x2 or 3x3
matrices) rather than single letters or pairs.
● It uses matrix multiplication for encryption. For a 2x2 matrix key K and a plaintext vector
P, the ciphertext is: C= K×P mod26 Decryption involves calculating the inverse of the
matrix K.

Advantages:

● It provides stronger encryption than simple substitution ciphers and can encrypt multiple
letters at once.
● Matrix-based encryption makes it harder to crack with frequency analysis.

Disadvantages:

● Requires matrix inversion for decryption, which can be computationally expensive.

● If the key matrix is not invertible, decryption will fail.
● Still vulnerable to known-plaintext attacks or chosen-plaintext attacks.

Best For: More robust encryption than traditional ciphers, especially in systems that can handle
matrix operations.

Summary: Comparison
Cipher Strength Complexity Key Size Vulnerability Best Use Case

Caesar Low Low 1 Very vulnerable to Educational,

Cipher frequency analysis simple encryption
tasks

Affine Medium Low 2 Vulnerable to Simple encryption

Cipher frequency analysis tasks with slight
security
improvement
 Information security

Playfair Medium Medium 1 Vulnerable to Better than

Cipher frequency analysis Caesar for manual
but harder than encryption
Caesar and Affine

Vigenère High Medium Variable Can be cracked Good for relatively

Cipher with enough secure encryption
ciphertext or poor with a longer key
keyword

Hill High High Matrix-ba Vulnerable to Robust encryption

Cipher sed known-plaintext with multiple-letter
attacks blocks

Which is Best?

● For simplicity and educational purposes, the Caesar Cipher is a good start.
● For moderate security, Vigenère Cipher offers a balance between simplicity and
strength.
● For stronger security, Hill Cipher and Affine Cipher are better options, though Hill
Cipher is more robust.
● For manual encryption with better security than monoalphabetic ciphers, Playfair
works well but still isn’t as secure as modern cryptography.

Simplified Data Encryption and Decryption

Simplified Data Encryption Standard (S-DES) is a simple version of the DES
Algorithm. It is similar to the DES algorithm but is a smaller algorithm and has
fewer parameters than DES. It was made for educational purposes so that
understanding DES would become simpler. It is a block cipher that takes a block
of plain text and converts it into ciphertext. It takes a block of 8 bit.

It is a symmetric key cipher i.e. they use the same key for both encryption and
decryption. In this article, we are going to demonstrate key generation for s-des
encryption and decryption algorithm. We take a random 10-bit key and produce
two 8-bit keys which will be used for encryption and decryption.
 Information security

Key Generation Concept: In the key generation algorithm, we accept the 10-bit
key and convert it into two 8 bit keys. This key is shared between both sender
and receiver.
 Information security

let b=3, find the value of a greater than 3 that can be utilized to encrypt
'usman'using affine cipher also verify result.
Information security