Introduction

Introduction to Cyberspace & it’s Architecture

Cyberspace It can be defined as an intricate environment that involves interactions between people, software, and services. It is maintained by the worldwide distribution of information and communication technology devices and networks. With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups.

The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it.

Cybersecurity

Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.

ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.

The Ministry of Communication and Information Technology under the government of India provides a strategy outline called the National Cybersecurity Policy. The purpose of this government body is to protect the public and private infrastructure from cyber-attacks.

EVOLUTION AND BASIC CONCEPTS OF INTERNET:

There are so many networks exiting in the world, often with different hardware and software. But Internet is a term which is very common to all irrespective to any age group. Perhaps there is no such human being in the universes, who is unaware of the term Internet.

HISTORY OF THE INTERNET

The Internet has a glorious history. It has come across a long way to reach its current position.When traditional circuit-switched telephone networks were considered too vulnerable, DoD (Department of Defence of USA) turned to its research arm, Advanced Research projects Agency (ARPA).

ARPA was created in response to the Soviet Union’s launching Sputnik in 1957 and had the mission of advancing technology that might be useful to the military. This network is popularly known as ARPANET.

In the late 1970s, NSF (The U.S. National Science Foundation) found the enormous impact the ARPANET was having on University research, allowing scientists across the contry to share data and collaborate on research projects. However, to get on the ARPANET, a University had to have a research contact with the DoD, which many did not have. This lack of Universal access prompted NSF to set up a virtual network, CSNET, centered around a single machine at BBN that supported Dial-up lines and had connections to the ARPANET and other networks.

 

SERVICES PROVIDED BY THE INTERNET

Communication Service -Electronic Mail(E-mail)

-USENET newsgroup (forums) -Chatting -Instant Messaging -Telnet -Internet Telephony -Internet Fax

Internet Ownership & Management

Internet is the network of networks around the globe or interconnections of Networks. Lakhs of computers are connected through Internet so the term “Internet ownership” is very critical in terms of language. But from the maintenance point of view, these must be maintained by humans by, machine or with the help of technology, within a legal framework.

Everyone understands that the internet is crucial for the functioning of modern economecs, societies, and even governments, and everybody it should to be reliable and secure. But internet possesses such a decentralized status that there is no authority to control over cyberspace

INTERNET OWNERSHIPAny network needs some centralized control to

function. The Global Phone system, for example, is administered by the world’s oldest international treaty organization, the International Telecommunication Union, founded in 1865 and now a part of the UN family.

Similarly, the Internet should be administered under a multilateral treaty. ICANN (Internet Corporation for Assigned Names and Numbers), coordinated by a private sector non-profit organization which was set up by the Unites States in 1998, took the activities performed for 30 years , amazingly , by a single pony tailed professor in California.

It has the responsibility for internet protocol (IP) address space allocation, protocol identifier assignment, generic (GTLD) and country code (CCTLD) Top level Domain name system management and root server system management function. It supports the United States only, though Governmental Advisory Committee, composed of delegates from other nations, having no real powers.

Firstly, there are domain names such as www.careindia.org. Somebody must decide who will operate the database of generic names ending with suffixes such as “.com”, “.org” and others. Also someone must appoint the operators of two-letter countrycode suffixes (such as “.in.” for India)

 Secondly, there are internet protocol numbers, of up to 12 digit codes, and invisible to users, that every machine on the networks needs to have in order to be recognized by other machines

Thirdly, what is the meaning of Root servers? Somebody must decide who should operate the root servers. Where will those operators be based?

INTERNET SERVICE PROVIDER (ISP)

An ISP (Internet Service Provider) is a service provider company that collects a monthly or yearly fee in exchange for providing the subscriber with Internet access or remote access as per Government prescribed framework.

An ISP might provide dial-up service, cable, ADSL, TI, leased line or other types of Internet access. Some ISPs are local while others are national. A national ISP will provide access throughout most of the nation, while a local ISP will only serve subscribers in a limited geographical region.

WORKING OF INTERNET AND ROLE OF ISPper user, kbps Technology

155,000 Virtual reality, medical imaging ATM

3,000 Video-conferencing, Multimedia T3/E3

1,500 Sample video, Digital voice T1/E1

128 Browsing ISDN, Frame relay28.8 IP, E-mail, File Transfer New

modem19.2 Telnet Old modem4.8 Paging Wireless WAN

VALUE ADDED SERVICES

- Web Hosting- Virtual Private Network- Usages of VPN- Voice Over Internet- E-Mail- Cable Internet 

DATA SECURITY AND MANAGEMENT

During the first few decades of their existence, computer networks were primarily used by defense personnel for security by university researchers for research purposes and by corporate employees for sharing printers and other peripherals. Under these conditions, security of data transmission did not get much attention as there were very few people using the networks.

SECURITY PROBLEM VIS-À-VIS INTERNET Threats to Computing System

There are basically two types of threats to a computing system.

Program Threats:-Trojan Horse- Trap doors

What Makes a Good Security Policy?1. It must be implementable through system

administration procedures, publishing of acceptable use guidelines, or other appropriate methods.

2 . It must be enforceable with security tools, where appropriate, and with sanctions, where actual prevention is not technically feasible.

3 . It must clearly define the areas of responsibility for the users, administrators, and management.

DATA ENCRYPTION Cryptography Cryptography, is a Greek word, means “secret

writing”. However we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. Figure shows components involved in cryptography. Sender Receive

r

Encryption DecryptionCipher text

Plain text Plain text

Plain text and Cipher textThe original message, before being transformed, is called plain text. After the message is transformed, it is called as cipher text. An encryption algorithm transforms the plain text into cipher text.An decryption algorithm transforms cipher text back into plain text.

CryptographyCipherThe term cipher is also used to refer to different categories of algorithms used in cryptography.KeyA key is number (or set of numbers) that the cipher (an algorithm), operates on.Two categoriesThe cryptography algorithms (ciphers) divided into two groups Symmetric Key (also called Secret Key) cryptography algorithms.Asymmetric Key (also called Public Key) cryptography algorithms.

Symmetric Key Asymmetric Key

Cryptography

Symmetric-Key Cryptography• In symmetric-key cryptography, the same key is used by both parties.• The same key is used by the sender (for encryption) and the receiver (for decryption).• The key is Shared.

Sender Receiver

Encryption DecryptionCipher text

Plain text Plain text

Shared secret Key

Asymmetric-Key Cryptography• In asymmetric-key cryptography, there are two types of keys.• The private key is kept by the receiver.• The public key is announced to the public.

Alice Bob

Encryption DecryptionCipher text

Plain text Plain text

Bob’s public key

Bob’s private key

To the Public

Symmetric-Key CryptographyTraditional Ciphers• Traditional ciphers are character oriented.

Traditional Ciphers

Substitution Ciphers

Transposition Ciphers

Monoalphabetic Polyalphabetic

Digital Signature

A digital signature is a technique to validate the legitimacy of a digital message or a document. A valid digital signature provides the surety to the recipient that the message was generated by a known sender, such that the sender cannot deny having sent the message.

Digital signatures are mostly used for software distribution, financial transactions, and in other cases where there is a risk of forgery.

Electronic Signature

An electronic signature or e-signature, indicates either that a person who demands to have created a message is the one who created it.

A signature can be defined as a schematic script related with a person. A signature on a document is a sign that the person accepts the purposes recorded in the document. In many engineering companies digital seals are also required for another layer of authentication and security. Digital seals and signatures are same as handwritten signatures and stamped seals.

United Nations Commission on International Trade Law(UNCITRAL)->Digital Signature was the term defined in

the old I.T. Act, 2000. ->Electronic Signature is the term defined

by the amended act (I.T. Act, 2008).

The concept of Electronic Signature is broader than Digital Signature. Section 3 of the Act delivers for the verification of Electronic Records by affixing Digital Signature.

As per the amendment, verification of electronic record by electronic signature or electronic authentication technique shall be considered reliable.

According to the United Nations Commission on International Trade Law (UNCITRAL), electronic authentication and signature methods may be classified into the following categories:

-> Those based on the knowledge of the user or the recipient, i.e.,passwords, personal identification numbers (PINs), etc.

-> Those bases on the physical features of the user, i.e., biometrics.

-> Those based on the possession of an object by the user, i.e., codes orother information stored on a magnetic card.

-> Types of authentication and signature methods that, without falling underany of the above categories might also be used to indicate the originatorof an electronic communication (Such as a facsimile of a handwrittensignature, or a name typed at the bottom of an electronic message).

According to the UNCITRAL MODEL LAW on Electronic Signatures, the following technologies are presently in use:

- Digital Signature within a public key infrastructure (PKI)-Biometric Device- PINs- Passwords- Scanned handwritten signature- Signature by Digital Pen- Clickable “OK” or “I Accept” or “I Agree” click boxes

Referenceswww. wikipedia.comwww.cybersecureasia.com/