PGP

Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet,

as well as authenticate messages with digital signatures and encrypted stored files.

PGP (Pretty Good Privacy) is a data encryption and decryption program used in e-mail messaging, encrypting/decrypting texts,

files, or even disk partitions, in order to provide security of data. The program was created in 1991, by Phil Zimmerman.

Pretty Good Privacy encryption is based on using a serial combination of data compression, hashing, public-key cryptography and

symmetric-key cryptography. Public keys are bound to e-mail addresses or usernames.

How Does PGP Work?

PGP is used for sending messages confidentially. It combines public-key and symmetric-key encryption. A symmetric encryption

algorithm is used for message encryption. One symmetric key can be used only once. That is why it is called “a session key”.

It is encrypted with the public key of the receiver and it can only be decrypted by the receiver. The receiver gets the encrypted

message along with the session key.

Newer systems can create encrypted messages that can’t be decrypted by older PGP systems, even if there is a valid private key.

That is why it is very important that parties agree on PGP settings before they start PGP communication.

PGP supports integrity checking and message authentication.Integrity checking is used for determining whether there have been any 

alterations to the sent message. Message authentication is used to determine whether the message was sent by the entity or person 

claiming to be the message sender.

The person or entity sending the message will use either the DSA or RSA signature algorithms to make a digital signature. 

To do this, PGP will compute a hash from the plaintext, after which the digital signature will be created using the private key

of the sender.

When it comes to security quality, PGP is very well spoken of. There is no method of breaking the encryption by computational or

cryptographic means. Cryptographer Bruce Schneier described the early version of PGP as very close to military-grade encryption.

However, early versions had certain theoretical disadvantages. It is always recommended to use current versions.

PGP encryption is used in data protection in long-term storage of information (e.g. disk files). Such storage options are also called

“data stored”, “data at rest” or “not in transit”.

PGP encryption’s cryptographic security relies on the assumption that it is not possible to break the algorithms by using direct

cryptanalysis. The RSA algorithm used in the original version of PGP was used for session key encryption.

Its security relied on the nature of the one-way function of integer factoring. The second version of PGP used the symmetric key

algorithm, but it has been found to have certain cryptanalytic flaws. Current version of PGP is considered secure are reliable,

and even if there are insecurities – they are unknown to the public

Current versions of Pretty Good Privacy include additional encryption algorithms, and so the vulnerability of these versions actually depends

on which algorithm is used. In 2007, British police were not able to break PGP and they had to use RIPA legislation to get the keys

passwords. In 2009, a British citizen was jailed for nine months because he refused to provide police with keys for PGP encrypted

file.

ATTACKS

Network Security Types of attacks:

Security is a fundamental component of every network design.

When planning, building, and operating a network, you should understand the importance of a strong security policy.

Network Security.

A security policy defines what people can and can't do with network components and resources.

Need for Network Security:

In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These complicated attack tools and generally open networks have generated an increased need for network security and dynamic security policies.

The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks.

Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist.

There is a estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place.

With the development of large open networks, security threats have increased significantly in the past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking knowledge to implement, applications intended for troubleshooting and maintaining and optimizing networks can, in the wrong hands, be used maliciously and pose severe threats.

An adversary

A person that is interested in attacking your network; his motivation can range from gathering or stealing information, creating a DoS, or just for the challenge of it.

Types of attack:

Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.

There are five types of attack:

Passive Attack:

A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

Active Attack:

In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

Distributed Attack:

A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a “trusted” component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.

Insider Attack:

An insider attack involves someone from the inside, such as a disgruntled employee, attacking the network Insider attacks can be malicious or no malicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task.

Close-in Attack:

A close-in attack involves someone attempting to get physically close to network components, data, and systems in order to learn more about a network Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.

One popular form of close in attack is social engineering in a social engineering attack, the attacker compromises the network or system through social interaction with a person, through an e-mail message or phone. Various tricks can be used by the individual to revealing information about the security of company. The information that the victim reveals to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.

Phishing Attack:

In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.

Hijack attack:

Hijack attack In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.

Modification attack:

Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

Buffer overflow:

Buffer overflow A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a ommand prompt or shell.

Exploit attack:

Exploit attack In this type of attack, the attacker knows of a security problem within an operating system or a piece of software and leverages that knowledge by exploiting the vulnerability.

Password attack:

ZZZ

Password attack An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.

cryptography

Cryptography/Introduction:

Cryptography is the study of information of any text or other messages hiding.

cryptography:

The art or science encompassing the principles and methods of transforming an intelligible MESSAGE into one that is unintelligible, and then retransforming that MESSAGE back to its original form

plaintext:

The original intelligible "MESSAGE" from source.

ciphertext:

The transformed message is said to be cypertext.

cipher:

An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods.

examples:by using data encryption,RSA algorithm and somemore.

key:

some critical information used by the cipher, known only to the sender & receiver.

encipher: (encode)

the process of converting plaintext to ciphertext using a cipher and a key.

decipher: (decode)

the process of converting ciphertext back into plaintext using a cipher and a key.

Cryptanalysis:

the study of principles and methods of transforming an unintelligible MESSAGE back into an intelligible MESSAGE without knowledge of the key. Also called codebreaking.

Cryptology:

both cryptography and cryptanalysis.

code:

An algorithm for transforming an intelligible message into an unintelligible one using a code-book.

Me

Introducing Myself- AS a self looped person! My self SWAPNIL KOMMAWAR. I'm going to introduce myself.I have born and grown

up in ADILABAD and I'm studying B'TECH computer science in

this prestigeous Nalla Malla Reddy Engineering college,

Hyderabad. As for my family, I've just one younger

sister. My father is a Business and financial

dealer. My mother has been taking care of house hold. I am a

friendly person, good thinker, can motivate my self in any

situation. I can work for longer hours without any break,if

the task is much complicated in doing so...... only if I'm

interested in that......My life style is very simple.
I'm interested in many things such as music, surfing net

books, learning new things. I love to read love stories and

suspense thrillers. I wanna improve my English skills. I'm

glad to have here. My other hobbies including being with my

friends.
I'm personally interested in becoming an crypt analyser

however, there are many different

career opportunities. I believe that a job should be like a

hobby.
It takes a long time to study an big data course. It is very

difficult and requires a tremendous amount of patience and

hard work. I hope that I'll be able to meet these challenges,

and that my dream will come true.
As for now I'm only focusing my attention on enjoyment. I'm

being my true self with the values, dreams and goals that I

have........
so this is 'Me' standing infront of all of you. Thank

you......