## Lecture 1 (12:00) - Data Communication Security

### Normal Communication

Alice => Message => Bob

- We assume:
	- A dedicated transmission system
	- Good will, Co-operation, Competence among participants
These are not valid assumptions.

### Security

- Human problem caused by deliberate exploitation of weakness in the transmission system.
	- Bad passwords, spoofing / phishing, config errors
	- Bad procedures, backdoors, overcomplexity
	- Can solve some problems, manage some, and detect some, but cannot fix everything.
- Security threats are generic to all forms of communication, not specifically computers or digital devices. Understanding them is vital to understanding IT.

### Password Security

- Password file must always be assumed to be readable
- Contains encrypted passwords.
- "Dictionary Attacks"
	- Pre-encode a dictionary of words (and combination of words). Then simply look up any encoded passwords.
- "Cracker" Programs / "Brute force attacks"

### Encryption

- Scramble the message in some way so that it is only meaningful to Alice and Bob.
	- Alice takes message and applies some algorithm to each of the letters to generate an encrypted message.
	- Bob applies the reverse algorithm to regenerate the original message
- The aim is that Eve cant do one (or both) of these things
	- If she cant decrypt, she cant eavesdrop
	- If she cant encrypt, she cant masquerade.
- The more keys, the longer it takes to break

#### Caesar-shift

- Each letter is replaced by another letter, k positions later in the alphabet
- If k=3:
	- A becomes D
	- B becomes E
	- C becomes F
	- …
	- "ATTACK AT TEN" becomes
		- DWWDFN DW WHQ
- plaintext - ATTACK AT TEN
- ciphertext - DWWDFN DW WHQ
- Encryption method - Substitution
- Encryption Key - 3
- Decryption Key - 3
- Problem is how to share the key