Unit 5 | HTCS401 Notes | Information Theory for Cybersecurity Notes | Aktu Notes

Unit 5 Information Theory for Cybersecurity Notes | HTCS401 Notes | Aktu Notes

Digital and Network Forensics

- Digital and network forensics involve the investigation and analysis of digital evidence to uncover and understand cyber incidents or crimes.

- Essential for identifying perpetrators, understanding attack vectors, and reconstructing digital events.

Processes:

  - Evidence Collection: Gathering digital data from devices, networks, or storage media.

  - Analysis: Examining data for traces of malicious activities, such as intrusion attempts or data breaches.

  - Reporting: Documenting findings to support legal proceedings or security improvements.

Example:

  - A forensic analyst uses specialized tools to recover deleted files from a compromised computer to determine the source of a data leak.

Public Key Infrastructure (PKI)

- PKI is a framework of policies and procedures that establish, manage, distribute, and revoke digital certificates and public keys.

- Enables secure communication and authentication over insecure networks.

Components:

  - Certificate Authority (CA): Issues and verifies digital certificates.

  - Registration Authority (RA): Assists in certificate enrollment and validation processes.

  - Public Key: Shared openly and used for encryption and verification.

  - Private Key: Kept secret and used for decryption and signing.

Example:

  - HTTPS uses PKI to secure web communication by encrypting data exchanged between a web browser and a server using SSL/TLS certificates.

Lightweight Cryptography

- Lightweight cryptography focuses on efficient cryptographic algorithms suitable for constrained devices with limited computational resources.

- Ensures secure communication and data protection in IoT devices, smart cards, and embedded systems.

Characteristics:

  - Low Power Consumption: Minimizes energy usage for battery-operated devices.

  - Low Memory Footprint: Reduces storage requirements for embedded systems.

  - Fast Execution: Optimizes processing speed for real-time applications.

Example:

  - The SIMON and SPECK block ciphers are lightweight cryptographic algorithms designed by the NSA for use in resource-constrained environments.

Elliptic Curve Cryptography (ECC) and Applications

- ECC is a public key cryptography technique based on the algebraic structure of elliptic curves over finite fields.

- Offers stronger security with shorter key lengths compared to traditional cryptographic algorithms.

Advantages:

  - Security: Resistant to attacks even with smaller key sizes.

  - Efficiency: Requires less computational power and memory resources.

  - Scalability: Suitable for both small embedded devices and high-performance servers.

Applications:

  - Digital Signatures: Securely verify the authenticity of messages and software updates.

  - Key Exchange: Establish shared secret keys for secure communication using protocols like ECDH (Elliptic Curve Diffie-Hellman).

  - Blockchain: ECC secures transactions and ensures integrity in decentralized networks like Bitcoin and Ethereum.

Example:

  - Apple uses ECC in iMessage to encrypt messages sent between Apple devices, ensuring privacy and data protection for users.

These notes provide a foundational understanding of digital and network forensics, public key infrastructure (PKI), lightweight cryptography, and elliptic curve cryptography (ECC) and their applications in cybersecurity. Understanding these concepts is crucial for implementing secure communication protocols and protecting digital assets in modern IT infrastructures.