SOUNDARYA INSTITUTE OF

MANAGEMENT & SCIENCE

CRYPTOGRAPHY AND NETWORK

SECURITY

UNIT 1
Introduction
Ref: Behrouz a Forouzan cryptography and network security

SIMS DIVYASHREE D
 Introduction

Why is Security required ?

SIMS DIVYASHREE D
 Introduction

Cryptography in Everyday Life

 Authentication/Digital Signatures
 ElectronicMoney
 Time Stamping
 Secure Network Communications

SIMS DIVYASHREE D
 Introduction
Cryptography in Everyday Life
Examples
One of the prominent examples of cryptography
encryption these days is end-to-end encryption in
WhatsApp.
This feature is included in WhatsApp through the
asymmetry model or via public key methods. Here
only the destined member knows about the actual
message. Once after the installation of WhatsApp is
finished, public keys are registered with the server
and then messages are transmitted.

SIMS DIVYASHREE D
 Cryptography – Benefits
 Cryptography is an essential information security tool. It
provides the four most basic services of information
security −
 Confidentiality − Encryption technique can guard the
information and communication from unauthorized
revelation and access of information.
 Authentication − The cryptographic techniques such as
MAC and digital signatures can protect information against
spoofing and forgeries.
 Data Integrity − The cryptographic hash functions are
playing vital role in assuring the users about the data
integrity.
 Non-repudiation − The digital signature provides the non-
repudiation service to guard against the dispute that may
arise due to denial of passing message by the sender.

SIMS DIVYASHREE D
 Objectives

 Defines security goals, attacks and services.

 Defines security mechanisms
 Introduces techniques like cryptography and
steganography
 Defines the terms and concepts of symmetric-key ciphers.
 Defines the categories used to break the symmetric
ciphers.

SIMS DIVYASHREE D
 Security Goals

Security Goals

Confidentiality Integrity Availability

Data confidentiality Data Integrity Authenticity

Privacy System Integrity Accountability

SIMS DIVYASHREE D
 (i) Confidentiality : An organization needs to guard against
those malicious actions.
 Data confidentiality : private or confidential information is not disclosed
to unauthorized users.
 Privacy: assurance against individual control / influence what information related
to whom and whom to disclose.
(ii) Integrity: Guarding against improper information
modification or destruction.
 Data integrity: assures on information and programs change
only in authorized manner.
 System integrity: assures on unauthorized manipulation of the
system.
(iii) Availability : Ensuring timely and reliable access on
information.
Authenticity : validity and genuinity of message
Accountability : security goal

SIMS DIVYASHREE D
 ATTACKS

Security attacks

Denial of
Passive attack Active attacks
Service Attacks

Snooping/ release of Modification

messages Masquerading
Traffic analysis Replying
Repudiation

SIMS Asst. Prof DIVYASHREE D

 Passive attacks :
solely to gain information about the target and no data is
changed on the target.
 Snooping/ Sniffing / Eavsdropping : refers to
unauthorized access or interception of data.
Example:
• Access data in transit between devices
• File transferred through internet.
• Malicious hacker, keyloggers to monitor keystrokes
• Capture passwords and login information,
• Intercept E-mail and other private communications

 Traffic analysis : encipherment of data may make it non-

intelligible for the intercepter.

SIMS DIVYASHREE D
 Active attacks :
network exploit in which a hacker attempts to make
changes to data on the target or data en route to the
target.
 Modification: after intercepting or accessing
information, the attacker modifies the information to
make it beneficial to themselves.

 Masquerading: masquerading or spoofing happens

when the attacker impersonates somebody or where
the attacker pretends to be an authorized user of a
system in order to gain access. (using fake identity )
Ex: attacker might steal the bank card / PIN.
SIMS DIVYASHREE D
  Replaying : attacker obtains a copy of a message sent by a
user and later tries to replay it. Ex: person sends a request to
her bank to ask for payment to the attacker, who has done job
for her.

 Repudiation : performed by one of the two parties in the

communication.(the sender or receiver )

Attacks Threatening Availability

 Denial of Service: Dos is a very common attack. It will slow
down or totally interrupt the service of a system.
Ex: crashing a server making by heavy load.

SIMS DIVYASHREE D
 SERVICES AND MECHANISM
The ITU-T International Union-Telecommunication
Standardization Sector, provides some security services and some
mechanisms to implement those services.
Security services

Data Data Authentication Nonrepudiation Access

Confidentiality Integrity control

Anti-change Peer entity Proof of orgin

Anti-replay Data origin Proof of delivery

SIMS DIVYASHREE D
 SECURITY MECHANISMS

Encipherment
Data integrity
Digital signature
Authentication exchange

Security
mechanisms Traffic padding
Routing control
Notarization
Access control
Classification of Security Mechanisms

SIMS DIVYASHREE D
 Encipherment
 It is a security mechanism that involves the transformation
of data in some unreadable form.
 Is an algorithm for performing encryption or decryption.
 The use of mathematical algorithms to transform data into a
form that is not readily intelligible.
Data Integrity
 Variety of mechanisms used to assure the integrity of a data
unit or stream of data units.
 Data integrity is the maintenance of, and the assurance of
the accuracy and consistency of, data.
Digital Signature
 Data appended or a cryptographic transformation of a data
unit that allows a recipient of the data unit to prove the
source and integrity of the data.

SIMS DIVYASHREE D
 Authentication Exchange
 Mechanism intended to ensure the identity of an entity by
means of information exchange.
Traffic Padding
 The traffic padding may be used to hide the traffic pattern.
 Traffic padding is insertion of bogus data or bits into gaps in a
data stream to frustrate traffic analysis attempts.
Bit padding: Bit padding is the addition of one or more
extra bits to a transmission or storage unit to make
it conform to a standard size.
Ex: 23 bits patteren
1011 1001 1101 1000 1100 0000 0000
Byte padding: it is applied to messages can be encoded
as an integral number of bytes.
Zero padding: it simply refers to adding zeros to end of a
time domain signal to increase its length.

SIMS DIVYASHREE D
 Routing Control
 It is aspecialized type of network management that aims to
improve internet connectivity, and reduce bandwidth cost and
overall internetwork operations.
Notarization
 It is a data certification, the notary certifies that data is valid or
correct.
Ex digital signature
Access Control:
physical access control : access to campuses, buildings,
rooms and physical IT assets.
Logical access control: limits connections to computer
networks, system files and data.
Ex: Biometric scans, physical or electronic keys

SIMS DIVYASHREE D
 Relationship between the security services and the
security mechanism

Security service Security mechanism

Data confidentiality Encipherment and routing control

Data integrity Encipherment, digital signature,

data integrity

Authentication Encipherment, digital signature

and authentication exchange

Non repudiation Digital signature, data integrity

and notarization

Access control Access control mechanism

SIMS DIVYASHREE D
 TECHNIQUES
There are four different techniques
1) Cryptography 2) Steganography
3) Watermarking 4) Hashing
CRYPTOGRAPHY
 Cryptography is a basic building block in computer security.
 Cryptography a word with greek origin crypto means “secret”
graphy means “writing”.
 Cryptography involves three mechanisms symmentric-key
encipherment, asymmentric-key encipherment and hashing.
 Cryptography is associated with the process of converting
ordinary plain text into unintelligible text and vice-versa.
 It is a method of storing and transmitting data in a particular form
so that only those for whom it is intended can read and process it.
 Cryptography not only protects data from theft or alteration, but
can also be used for user authentication.

SIMS DIVYASHREE D
 Components of Cryptosystem
• Plaintext: orginal data fed into the algorithm as input.
• Encryption algorithm: various substitutions and transformation on
the plaintext.
• Secret key: The key is a value independent of the plaintext and of
the algorithm. The algorithm will produce different output
depending on the specific key being used at the time.
• Ciphertext : scrambled message produced as output.
• Decryption algorithm: this is reverse of encryption algorithm. It
takes the cipher text and the secret key and produces the orginal
plaintext.
• Cryptanalyst :A person expert in analyzing and breaking codes and
ciphers called cryptanalyst.

SIMS DIVYASHREE D
MODEL OF CONVENTIONAL CRYPTOSYSTEM
 CRYPTOGRAPHY ATTACKS (8M)
A cryptographic attack is a method for circumventing the
security of a cryptographic system by finding a weakness in a
code, cipher, cryptographic protocol or key management scheme.
This process is also called "cryptanalysis".
A ciphertext-only attack(COA) :
 In this method, the attacker has access to a set of ciphertext(s).
 He does not have access to corresponding plaintext.
 COA is said to be successful when the corresponding plaintext
can be determined from a given set of ciphertext.
 Occasionally, the encryption key can be determined from this
attack.
 Modern cryptosystems are guarded against ciphertext-only
attacks.
 cryptanalyst obtains a sample of cipher text, without the plaintext
associated with it.

SIMS DIVYASHREE D
 A known-plaintext attack (KPA) :
 In this method, the attacker knows the plaintext for some parts
of the ciphertext.
 The task is to decrypt the rest of the ciphertext using this
information. This may be done by determining the key or via
some other method.
 The best example of this attack is linear cryptanalysis against
block ciphers.
 cryptanalyst obtains a sample of cipher text, with the plaintext
associated with it.

SIMS DIVYASHREE D
 Chosen-plaintext attack (CPA) −
 In this method, the attacker has the text of his choice
encrypted. So he has the ciphertext-plaintext pair of his
choice. This simplifies his task of determining the
encryption key.
 cryptanalyst is able to choose a quantity of plaintext and
then obtain the corresponding encrypted cipher text.
An adaptive-chosen-plaintext
 Attack is a special case of chosen-plaintext attack in which
the cryptanalyst is able to choose plaintext samples
dynamically, and alter his or her choices based on the results
of previous encryptions.

SIMS DIVYASHREE D
 Dictionary Attack −
 This attack has many variants, all of which involve compiling a
‘dictionary’.
 In simplest method of this attack, attacker builds a dictionary of
ciphertexts and corresponding plaintexts that he has learnt over a
period of time.
 In future, when an attacker gets the ciphertext, he refers the
dictionary to find the corresponding plaintext.
Brute Force Attack (BFA) −
 In this method, the attacker tries to determine the key by
attempting all possible keys.
 If the key is 8 bits long, then the number of possible keys is 28 =
256.
 The attacker knows the ciphertext and the algorithm, now he
attempts all the 256 keys one by one for decryption. The time to
complete the attack would be very high if the key is long.

SIMS DIVYASHREE D
 Man in Middle Attack (MIM) −
 The targets of this attack are mostly public key cryptosystems
where key exchange is involved before communication takes
place.
◦ Host A wants to communicate to host B, hence requests
public key of B.
◦ An attacker intercepts this request and sends his public key
instead.
◦ Thus, whatever host A sends to host B, the attacker is able to
read.
◦ In order to maintain communication, the attacker re-encrypts
the data after reading with his public key and sends to B.
◦ The attacker sends his public key as A’s public key so that B
takes it as if it is taking it from A.

SIMS DIVYASHREE D
 Timing Attacks −
 They exploit the fact that different computations take different
times to compute on processor. By measuring such timings, it
is be possible to know about a particular computation the
processor is carrying out. For example, if the encryption takes
a longer time, it indicates that the secret key is long.

SIMS DIVYASHREE D
 Cryptography Advantages

 Confidentiality − Encryption technique can guard the

information and communication from unauthorized revelation
and access of information.
 Authentication − The cryptographic techniques such as MAC
and digital signatures can protect information against spoofing
and forgeries.
 Data Integrity − The cryptographic hash functions are
playing vital role in assuring the users about the data integrity.
 Non-repudiation − The digital signature provides the non-
repudiation service to guard against the dispute that may arise
due to denial of passing message by the sender.

SIMS DIVYASHREE D
 Cryptography Disadvantages

 A strongly encrypted, authentic, and digitally signed information

can be difficult to access even for a legitimate user at a crucial
time of decision-making. The network or the computer system can
be attacked and rendered non-functional by an intruder.
 High availability, one of the fundamental aspects of information
security, cannot be ensured through the use of cryptography. Other
methods are needed to guard against the threats such as denial of
service or complete breakdown of information system.
 Quantum computation is the new phenomenon. While modern
computers store data using a binary format called a "bit" in which a
"1" or a "0" can be stored.
 Traditional systems take billions of years to compute but quantum
could only take a matter of hours or even minutes with a fully
developed quantum computer.

SIMS DIVYASHREE D
 CRYPTOGRAPHY TOOLS
 Cryptography tools provide command-
line tools for code signing, signature verification,
and other cryptography tasks.
 These primitives provide fundamental properties,
which are used to develop more
complex tools called cryptosystems
or cryptographic protocols, which guarantee one
or more high-level security properties.

SIMS DIVYASHREE D
 Public-key Infrastructure (PKI)
 Public Key Infrastructure (PKI) is a popular encryption
and authentication approach used by both small
businesses and large enterprises.
 PKI is an integrated system software, encryption
methodologies, protocols, legal agreements and third
party services that enables users to communicate securely,
PKI system are based on public-key cryptosystems and
include digital certificates and certificate authorites.
Usage Examples of Public Key Infrastructure.
 HTTPS (Hypertext Transfer Protocol Secure) protocol,
 digital signature,
 encryption of documents,
 digital identification.

SIMS DIVYASHREE D
 DIGITAL CERTIFICATES
Illustration of the CA accepts the application from a client to certify his public key

SIMS DIVYASHREE D
 Functions of Certificate Authority

 Generating key pairs

 Issuing Digital Certificates
 Publishing Certificates
 Verifying Certificates
 Revocation of Certificates

SIMS DIVYASHREE D
 CLASSES OF CERTIFICATES
Four typical classes of certificates
 Class 1: These certificates can be easily acquired by
supplying an email address.
 Class 2: These certificates require additional personal
information to be supplied.
 Class 3: These certificates can only be purchased after
checks have been made about requester identity.
 Class 4: These certificates may be used by
governments and financial organizations needing very
high levels of test.

SIMS DIVYASHREE D
 TYPES OF CERTIFICATE
 TLS/SSL server certificate.
 TLS/SSL client certificate.
 Email certificate.
 EMV certificate.(visa card, debit card, credit )
 Code signing certificate.
 Qualified certificate.
 Root certificate.
 Intermediate certificate.

SIMS DIVYASHREE D
 STEGANOGRAPHY
 Steganography is a Greek word steganos means
covered and graphein means write.
 Steganography is technically not a form a
cryptography, it is another way of protecting the
confidentiality of information in transit.
 The most popular modern version of steganography
involves hiding information within files that contain
digital pictures or other images.

SIMS DIVYASHREE D
 Basic Components of stegnosystems
 Cover text: original unaltered message.
 Embedding: process of hiding a message by
embedding into cover-text, using a key to obtain a
stego-text.
 Stegotext: stego-data stego-object.
 Recovering process: extraction process (recovery
process)
 Security requirement: third person watching a
communication.

SIMS DIVYASHREE D
SIMS DIVYASHREE D
 Types of Steganosystems
Pure steganosystems :
 No key is used and also does not require prior
information
 Formula definition is given by quintuple, S=< C, M, E, D
>n,

Secret-key steganosystems
 sceret key is used and also requires prior exchange of
keys, S=< C, M, K, Ek, Dk >.
C is the set of possible cover texts,
M is the secret messages
K is the set of secret keys
Ek : C * M *K*C,
Dk : C` K*M with the property that Dk(Ek(c,m,k),k) = m.

SIMS DIVYASHREE D
 Public-key steganosystems
 It is similar to public key cryptography but does not
require prior exchange of keys.
 It requires two keys one is public key and private key.
 Public key is used in the concealment process where as
private key used in extracting secret message.

SIMS DIVYASHREE D
 STEGANOGRAPHY TECHNIQUES (8M)
 Substitution techniques: substitutes redundant part of the
cover-object with a secret message.
 Transform domain techniques: embedding the secret
message in a transform space of the signal (eg: frequency
domain)
 Spread spectrum techniques: embedding secret messages
adopting ideas from spread spectrum communications.
 Statistical techniques: embedded messages by changing
some statistical properties of the cover-objects.
 Distortion techniques: it store secret messages by signal
distortion and measure the deviation from the original cover
in the extraction step.

SIMS DIVYASHREE D
  Cover generation techniques: it do not embedded the
messages in randomly chosen cover objects, but create
covers that fit a message that need to be hidden.
 Character marking: selected letters of printed or
typewritten text are overwritten in pencil. The marks are
ordinarily not visible unless the paper is held at an angle to
bright light.
 Invisible ink : number of substances can be used for writing
but leave no visible trace until heat or some chemical is
applied to the paper.
 Pin punctures : small pin punctures on selected letters are
ordinary not visible unless the paper is held up in front of a
light.
 Typewriter correction ribbon: used between lines typed with
a black ribbon, the results of typing with the correction tape
are visible only under a strong light.

SIMS DIVYASHREE D
 STEGANOGRAPHIC ATTACKS

 Stego-only attack :only stego-object is availabble for stego

analysis.
 Known cover attack: the orginal cover-object and stego-
object are both available
 Known message attack : sometimes the hidden messages
may be known to the stegoanalyser, analyzing the stego-
object for patterns that corresponding to hidden message.
 Chosen stego attack : stegoanalysis generates a stego-
object from some steganography tools or algorithms from
a chosen message.
 Known stego attack : stegnography algorithm is known
and both orignal and stego-object are known…

SIMS DIVYASHREE D
 APPLICATIONS OF STEGANOGRAPHY
 In military applications.
 In health care and medical imaging systems

SIMS DIVYASHREE D
 Watermarking
A watermark is an identifying image or pattern in
paper that appears as various shades of lightness/darkness
when viewed by transmitted light, caused by thickness or
density variations in the paper.
Watermarking is the process of hiding digital
information in a carrier signal.
Watermarking is a technique used to provide a proof of
ownership of digital data by embedding copyright
statements into video or image digital products.

SIMS DIVYASHREE D
SIMS DIVYASHREE D
 CLASSIFICATION OF WATERMARKS
(i) Based on visibility of watermarks
- Visible watermarks
- Invisible watermarks
(i) Based on the content to be watermarked
- Text watermarking
-Image, Audio, video watermarking
(i) Digital watermarking

SIMS DIVYASHREE D
SIMS DIVYASHREE D
SIMS DIVYASHREE D
SIMS DIVYASHREE D
SIMS DIVYASHREE D
 DIFFERENCE BETWEEN STEGANOGRAPHY AND
WATERMARKING
STEGANOGRAPHY WATERMARKING
Steganography is changing the image Watermarking is used to verify the
in a way that only the sender and the identity and authenticity of the owner
intended recipient is able to detect of a digital image.
the message sent through it.
Goal of steganography is to hide a Goal of watermarking is to hide a
message in one-to-one message in one-to-many
communications communications

Steganography methods usually do Watermarking need to be very robust

not need to provide strong security , attempts to remove or modify a
against remove or modification of the hidden message.
hidden message.

SIMS DIVYASHREE D
 Difference between Steganography / Watermarking
versus Cryptography
 The purpose of both is to provide secret
communication.
 Cryptography hides the contents of the message from
an attacker, but not the existence of the message.
 Steganography / Watermarking system is considered
as insecure , if the detection of Steganography /
Watermarking is possible.

SIMS DIVYASHREE D
 HASH FUNCTIONS
 Hash functions are extremely useful and appear in
almost all information security applications.
 A hash function is a mathematical function that
converts a numerical input value into another
compressed numerical value.
 The input to the hash function is of arbitrary length but
output is always of fixed length.
 Values returned by a hash function are called message
digest or simply hash values.

SIMS DIVYASHREE D
 Representation of Hash function

SIMS DIVYASHREE D
 FEATURES OF HASH FUNCTIONS
Fixed Length Output (Hash Value)
 Hash function coverts data of arbitrary length to a fixed
length. This process is often referred to as hashing the
data.
 In general, the hash is much smaller than the input data,
hence hash functions are sometimes
called compression functions.
 Since a hash is a smaller representation of a larger data,
it is also referred to as a digest.
 Hash function with n bit output is referred to as an n-bit
hash function.
 Popular hash functions generate values between 160
and 512 bits.

SIMS DIVYASHREE D
 PROPERTIES OF HASH FUNCTIONS
(i) Pre-Image Resistance
 This property means that it should be computationally
hard to reverse a hash function.
 In other words, if a hash function h produced a hash
value z, then it should be a difficult process to find any
input value x that hashes to z.
 This property protects against an attacker who only has
a hash value and is trying to find the input.

SIMS DIVYASHREE D
 (ii) Second Pre-Image Resistance

 This property means given an input and its hash, it should be

hard to find a different input with the same hash.

 In other words, if a hash function h for an input x produces

hash value h(x), then it should be difficult to find any other
input value y such that h(y) = h(x).

 This property of hash function protects against an attacker who

has an input value and its hash, and wants to substitute
different value as legitimate value in place of original input
value.

SIMS DIVYASHREE D
 (iii) Collision Resistance
 This property means it should be hard to find two different
inputs of any length that result in the same hash. This
property is also referred to as collision free hash function.
 In other words, for a hash function h, it is hard to find any
two different inputs x and y such that h(x) = h(y).
 Since, hash function is compressing function with fixed
hash length, it is impossible for a hash function not to have
collisions. This property of collision free only confirms that
these collisions should be hard to find.
 This property makes it very difficult for an attacker to find
two input values with the same hash.
 Also, if a hash function is collision-resistant then it is
second pre-image resistant.

SIMS DIVYASHREE D