Transport Layer vs Network Layer

Transport Network Layer

❑ logical communication between ❑ logical communication between
Layer processes end systems
❑ moves messages from application
process to the network layer and
vice-versa: Sending & Receiving
sides
❑ computer network can make multiple
transport layer protocols available
• TCP
• UDP

❑ process-to-process ❑ host-to-host communication

communication
Transport layer duties
Position of transport layer
Types of data deliveries
 Transport Layer Design Issues
⚫ The transport layer delivers the message from one process to another
process running on two different hosts.
⚫ Thus, it has to perform number of functions to ensure the accurate delivery
of message.
⚫ The various functions of transport layer are:

⚫ Establishing, Maintaining & Releasing Connection-Done on the request of

Upper layers, Allocation of buffers for storing user data, synchronizing the
sequence numbers of packets etc
⚫ Addressing-Identifying correct process using Sockets

⚫ Data Transfer-Forming Transport Protocol Data Units, Handling TPDU’s to

Network Layer. The TPDU header contains port number, sequence
number, acknowledgement number, checksum and other fields.
⚫ Flow Control(end-to-end basis)-Transport Layer uses a sliding window
protocol to perform flow control.
⚫ Congestion Control
 Transport Layer Design Issues

• Error Control-

⚫ Error due to damaged bits.

⚫ Error due to non delivery of TPDUs.

⚫ Error due to duplicate delivery of TPDUs.

⚫ Error due to delivery of TPDU to a wrong destination.

• Congestion Control-

⚫ Transport layer also handles congestion in the networks.

⚫ Several different congestion control algorithms are used to avoid congestion .

Figure IP addresses versus port numbers
Figure Socket address
Berkeley service primitives for TCP
Multiplexing and demultiplexing
Multiplexing and demultiplexing
Error control
TCP

Port Numbers
Services
Sequence Numbers
Segments
Connection
Transition Diagram
Flow and Error Control
Silly Window Syndrome
 Table Well-known ports used by TCP
Port Protocol Description
7 Echo Echoes a received datagram back to the sender
9 Discard Discards any datagram that is received
11 Users Active users
13 Daytime Returns the date and the time
20 FTP, Data File Transfer Protocol (data connection)
21 FTP, Control File Transfer Protocol (control connection)
23 TELNET Terminal Network
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name Server
67 BOOTP Bootstrap Protocol
80 HTTP Hypertext Transfer Protocol
111 RPC Remote Procedure Call
TCP segments
 ❑ The bytes of data being transferred in each
connection are numbered by TCP.
The numbering starts with a randomly
generated number.
❑ The value of the sequence number field in a
segment defines the number of the first data
byte contained in that segment.
❑ The value of the acknowledgment field in a
segment defines the number of the next byte a
communicating party expects to receive. The
acknowledgment number is cumulative.

* 16
Example 1
Imagine a TCP connection is transferring a file of 6000 bytes. The
first byte is numbered 10010. What are the sequence numbers for
each segment if data are sent in five segments with the first four
segments carrying 1000 bytes and the last segment carrying 2000
bytes?

Solution
The following shows the sequence number for each segment:
Segment 1 ==> sequence number: 10,010 (range: 10,010 to 11,009)
Segment 2 ==> sequence number: 11,010 (range: 11,010 to 12,009)
Segment 3 ==> sequence number: 12,010 (range: 12,010 to 13,009)
Segment 4 ==> sequence number: 13,010 (range: 13,010 to 14,009)
Segment 5 ==> sequence number: 14,010 (range: 14,010 to 16,009)
TCP Segment format
 Format of TCP Segment
⚫ Source Port:

⚫ It indicates the port number of a source process. It is of 2 bytes.

⚫ Destination Port:

⚫ It indicates the port number of destination process. It is also 2 bytes.

⚫ Sequence Number:

⚫ It specifies the number assigned to the current message. It is of 4 bytes.

⚫ Acknowledgement Number:

⚫ It indicates the sequence number of the next byte of data. It is of 4 bytes.

⚫ Header Length:

⚫ It indicates number of words in the TCP header. It is a 4 bit field.

⚫ Reserved:

⚫ This 6 bit field is reserved for future use.

Figure Control field flags
 Format of TCP Segment
⚫ Window:

⚫ It specifies the size of sender’s receiving window, i.e., the buffer space available

for incoming data. It is of 2 bytes.

⚫ Checksum:

⚫ This 16-bit field contains the checksum.

⚫ Urgent Pointer:

⚫ This 16-bit field is valid only if urgent pointer in flags is set to 1.

⚫ Options:

⚫ It contains the optional information in the TCP header. It is of 32 bytes.

⚫ Data:

⚫ This field contains the upper layer information. It is of variable size.

 Connection Establishment

Three protocol scenarios for establishing a connection using a

three-way handshake.
CR denotes CONNECTION REQUEST.
(a) Normal operation,
(b) Old CONNECTION REQUEST appearing out of nowhere.
(c) Duplicate CONNECTION REQUEST and duplicate ACK.
 Connection Release

Abrupt disconnection with loss of data.

 Connection Release (contd.)
The two-army problem

No protocol exists!!

Simultaneous attack by blue army

Communication is unreliable
 Connection Release (contd.)
The two-army problem
❑ Unfortunately Connection Release Mechanism does not always work. There is a
famous problem that illustrates this issue. It is called the two-army problem. Imagine
that a white army is encamped in a valley, as shown in previous figure. On both of the
surrounding hillsides are blue armies. The white army is larger than either of the blue
armies alone, but together the blue armies are larger than the white army. If either
blue army attacks by itself, it will be defeated, but if the two blue armies attack
simultaneously, they will be victorious.

❑ Now let us improve the protocol by making it a three-way handshake. The initiator of
the original proposal must acknowledge the response. Assuming no messages are lost,
blue army #2 will get the acknowledgement, but the commander of blue army #1 will
now hesitate. After all, he does not know if his acknowledgement got through, and if it
did not, he knows that blue army #2 will not attack. We could now make a four-way
handshake protocol, but that does not help either. In fact, it can be proven that no
protocol exists that works.

❑ To see the relevance of the two-army problem to releasing connections, rather than to
military affairs, just substitute ‘‘disconnect’’ for ‘‘attack.’’ If neither side is prepared to
disconnect until it is convinced that the other side is prepared to disconnect too, the
disconnection will never happen.
 Connection Release (contd.)
• Three-way-handshake + timer

– Send disconnection request

+ start timer RS to resend (at most N times)
the disconnection request

– Ack disconnection request

+ start timer RC to release connection
 Connection Release (contd.)

Four protocol scenarios for releasing a connection.

(a) Normal case of a three-way handshake.
(b) final ACK lost.
 Connection Release (contd.)

6-14, c,d

(c) Response lost.

(d) Response lost and subsequent DRs lost.
Table States for
TCP
State Description

CLOSED There is no connection.

LISTEN The server is waiting for calls from the client.
SYN-SENT A connection request is sent; waiting for acknowledgment.
SYN-RCVD A connection request is received.
ESTABLISHED Connection is established.
FIN-WAIT-1 The application has requested the closing of the connection.
FIN-WAIT-2 The other side has accepted the closing of the connection.
TIME-WAIT Waiting for retransmitted segments to die.
CLOSE-WAIT The server is waiting for the application to close.
LAST-ACK The server is waiting for the last acknowledgment.
State transition diagram
 TCP SYN FLOODING ATTACK
(DENIAL OF SERVICE ATTACK)
Attack Description:
1)In a SYN flood attack, the attacker sends repeated SYN
packets to every port on the targeted server, often using a
fake IP address.
2)The server, unaware of the attack, receives multiple,
apparently legitimate requests to establish communication. It
responds to each attempt with a SYN-ACK packet from each
open port.
3)The malicious client either does not send the expected ACK,
or—if the IP address is spoofed—never receives the SYN-ACK
in the first place. Either way, the server under attack will wait
for acknowledgement of its SYN-ACK packet for some time.
4)During this time, the server cannot close down the
connection by sending an RST packet, and the connection
stays open. Before the connection can time out, another SYN
packet will arrive. This leaves an increasingly large number of
connections half-open – and indeed SYN flood attacks are also
referred to as “half-open” attacks.
5)Eventually, as the server’s connection overflow tables fill,
service to legitimate clients will be denied, and the server
may even malfunction or crash.
 TCP Transmission Policy
TCP Sliding Window
 TCP Transmission Policy
TCP Sliding Window
Window management in TCP decouples the issues of acknowledgement of the correct
receipt of segments and receiver buffer allocation.

For example, suppose the receiver has a 4096-byte buffer, as shown in next Figure. If the
sender transmits a 2048-byte segment that is correctly received, the receiver will
acknowledge the segment. However, since it now has only 2048 bytes of buffer space (until
the application removes some data from the buffer), it will advertise a window of 2048
starting at the next byte expected.
Now the sender transmits another 2048 bytes, which are acknowledged, but the advertised
window is of size 0. The sender must stop until the application process on the receiving
host has removed some data from the buffer, at which time TCP can advertise a larger
window and more data can be sent.
When the window is 0, the sender may not normally send segments, with two exceptions.
First, urgent data may be sent, for example, to allow the user to kill the process running on
the remote machine. Second, the sender may send a 1-byte segment to force the receiver
to reannounce the next byte expected and the window size. This packet is called a window
probe. The TCP standard explicitly provides this option to prevent deadlock if a window
update ever gets lost. Senders are not required to transmit data as soon as they come in
from the application. Neither are receivers required to send acknowledgements as soon as
possible.
 TCP Transmission Policy
TCP Sliding Window
❑ One approach that many TCP implementations use to optimize this situation is
called delayed acknowledgements. The idea is to delay acknowledgements and
window updates for up to 500 msec in the hope of acquiring some data on which
to hitch a free ride. Assuming the terminal echoes within 500 msec, only one
41-byte packet now need be sent back by the remote side, cutting the packet count
and bandwidth usage in half.

❑ Although delayed acknowledgements reduce the load placed on the network by

the receiver, a sender that sends multiple short packets (e.g., 41-byte packets
containing 1 byte of data) is still operating inefficiently. A way to reduce this usage
is known as Nagle’s algorithm (Nagle, 1984). What Nagle suggested is simple:
when data come into the sender in small pieces, just send the first piece and
buffer all the rest until the first piece is acknowledged. Then send all the buffered
data in one TCP segment and start buffering again until the next segment is
acknowledged. That is, only one short packet can be outstanding at any time.
❑ If many pieces of data are sent by the application in one round-trip time, Nagle’s
algorithm will put the many pieces in one segment, greatly reducing the bandwidth
used. The algorithm additionally says that a new segment should be sent ifenough
data have trickled in to fill a maximum segment.
 Silly Window Syndrome

• Sending application program creates data slowly or the

receiving application program consumes data slowly,
or both. (e.g. 1 byte at a time)

• Server application asks client to create data slowly if it

goes continue, window size goes smaller and smaller.

• At a time, it becomes smaller than its header size,

Making data transmission extremely inefficient.
Silly Window Syndrome
 TCP Transmission Policy (2)
❑ Another problem that can degrade TCP performance is the
silly window syndrome (Clark, 1982). This problem
occurs when data are passed to the sending TCP entity in
large blocks, but an interactive application on the receiving
side reads data only 1 byte at a time. Initially, the TCP buffer
on the receiving side is full (i.e., it has a window of size 0) and
the sender knows this.
❑ Then the interactive application reads one character from the
TCP stream. This action makes the receiving TCP happy, so it
sends a window update to the sender saying that it is all right
to send 1 byte. The sender obliges and sends 1 byte.
❑ The buffer is now full, so the receiver acknowledges the
1-byte segment and sets the window to 0. This behavior can
go on forever.
 TCP Transmission Policy (2)
❑ Clark’s solution is to prevent the receiver from sending a window update
for 1 byte. Instead, it is forced to wait until it has a decent amount of
space available and advertise that instead. Specifically, the receiver
should not send a window update until it can handle the maximum
segment size it advertised when the connection was established or until
its buffer is half empty, whichever is smaller.
❑ Furthermore, the sender can also help by not sending tiny segments.
Instead, it should wait until it can send a full segment, or at least one
containing half of the receiver’s buffer size.
❑ Nagle’s algorithm and Clark’s solution to the silly window syndrome are
complementary.
❑ Nagle was trying to solve the problem caused by the sending application
delivering data to TCP a byte at a time. Clark was trying to solve the
problem of the receiving application sucking the data up from TCP a byte
at a time. Both solutions are valid and can work together. The goal is for
the sender not to send small segments and the receiver not to ask for
them.
 Solution to Silly Window Syndrome
• Clark’s Solution: For receiving application
– Do not send a window update of 1 byte until there is
enough space to accommodate a segment of max.
size or until half of the buffer is empty.

• Nagle’s Solution: For sending application

– When data come into sender one byte at a time.
– Send first byte and buffer all the rest until the
outgoing byte is acknowledged.

GOAL: Sender should not send small segment and

the receiver not ask for them
UDP

Port Numbers

User Datagram

Applications
 Introduction to UDP
❑ User Datagram Protocol (UDP) is a connectionless,
unreliable transport protocol.
❑ Like TCP, UDP also provides process-to-process
communication.
❑ Unlike TCP, it does not provide flow control and
error control mechanisms.
❑ It is connectionless, therefore, it transfers data
without establishing a connection.
❑ It is less complex and is simple than TCP, and easy
to implement.
 UDP
The UDP header

User datagram format

 UDP Datagram
⚫ Source Port:

⚫ It indicates the port number of source process. It is of

16 bits.
⚫ Destination Port:
⚫ This 16 bit field specifies the port number of destination process.
⚫ Length:

⚫ It specifies the total length of the user datagram

(header + data). It is of 16 bits.
⚫ Checksum:

⚫ The contains the checksum, and is optional. It is also of 16 bits.

43
 Well-known ports used by UDP

Port Protocol Description

7 Echo Echoes a received datagram back to the sender

9 Discard Discards any datagram that is received

13 Daytime Returns the date and the time

53 Nameserver Domain Name Service

67 Bootps Server port to download bootstrap information

68 Bootpc Client port to download bootstrap information

111 RPC Remote Procedure Call

123 NTP Network Time Protocol

161 SNMP Simple Network Management Protocol

 User Datagram Protocol or
Transmission Control Protocol
Universal Datagram Protocol

Type of
Connection Connection oriented protocol Connection less protocol

Applications in which fast transmission of data Applications having the priority of

Usage
is not required sending the data on time & faster rates

Ordering of data The data packets of same message may

Rearranges data packets in the order specified
packets be ordered differently

Transfer Speed Comparatively slow Comparatively fast

Reliability Reliable Unreliable

Header Size 20 bytes 8 bytes

1. Sequence Number, 2. AcK number, 3. Data offset, 4.

Reserved, 5. Control bit, 6. Window, 7. Urgent Pointer, 8. 1. Length, 2. Source port, 3. Destination port, 4.
Fields
Options, 9. Padding, 10. Check Sum, 11. Source port, 12. Check Sum.
Destination port.

Data is read as a byte stream, thus no distinguishing Packets are sent individually and after the
Streaming of data
indications are transmitted to the signal message arrival the packets are rearranged

It is heavier as it requires three packets to set up a

UDP is lightweight due to no ordering of
Weight socket connection, before any user data can be sent. TCP
messages, no tracking connections, etc.
handles reliability & congestion control.

Data Flow Control TCP controls the flow of data UDP does not have an option for flow control
 The Session Layer

The session layer is responsible for dialog

control and synchronization.
 Session layer
Receiver
Sender
Design Issues of the Session Layer
▪ Dialog control-Communication between two
processes.Decides whose turn it is to
talkImplemented through the use of a data token
▪ Synchronization-Allows a process to add
checkpoints to a stream of data. Achieved
through the use of sequence numbers,major and
minor synchronization points
▪ Activity management-Identifies where data
starts and ends AND divides data stream into
activities
▪ Exception handling-Managing exceptions
 Session Layer Protocols
• ISO-SP: OSI Session Layer Protocol
• PPTP, Point-to-Point Tunneling Protocol
• RPC, Remote Procedure Call Protocol
• RTCP, Real-time Transport Control Protocol
• SQL is a Session layer application that
manages multiple queries to the SQL database.
 Dialogue control
• Communication between two computers involves many mini-conversations.
• One requirement of these mini-conversations is that each host plays dual roles.
They are requesting service, like a client, and replying with service, like a
server. Determining which role they are playing at any given moment is called
dialogue control.
• The session layer decides whether to use two-way simultaneous
conversation or two-way alternate communication. This decision is referred
to as dialogue control.

■ Two-way alternate (TWA)

communication involves the use of
a session layer data token that
allows each host to take turns.

■ If two-way simultaneous (TWS)

communication is allowed, then
the communication can go in both
directions at the same time.
 Dialogue Separation
• Dialogue separation is the orderly initiation, termination, and managing of
communication.
• The session layer provides a way to insert checkpoints into the data stream, so if the
data flow is interrupted, only the data after the last checkpoint has to be repeated.

• The graphic illustrates a minor

synchronization. At the "Time Axis, t =
checkpoint", the host A session layer
sends a synchronization message to
host B, at which time both hosts
perform the following routine:
• back up the particular files
• save the network settings
• save the clock settings
• make note of the end point in
the conversation
• A major synchronization would
involve more back-and-forth steps
and conversation than is shown in this
diagram.
 Steps in making a
Remote Procedure Call
Timing (Synchronous RPC)
• RPC between a client and server program.
 Steps of a Remote Procedure Call
1. Client procedure calls client stub in normal way
2. Client stub builds message, calls local OS
3. Client's OS sends message to remote OS
4. Remote OS gives message to server stub

5. Server stub unpacks parameters, calls server

6. Server does work, returns result to the stub
7. Server stub packs it in message, calls local OS
8. Server's OS sends message to client's OS

9. Client's OS gives message to client stub

10. Stub unpacks result, returns to client
Passing Value Parameters
• Steps involved in doing remote computation through RPC

55
Presentation Layer
Presentation layer

The presentation layer is responsible for translation,

compression, and encryption.
 Presentation Layer
❑ The presentation layer responds to service
requests from the application layer and issues
service requests to the session layer.

❑ Concerned with syntax and semantics of the

information exchanged between two systems.

❑ Specific responsibilities of presentation layer:

– Data Representation
– Data Compression
– Encryption
 Translation of Data
(Encoding/Decoding)
A sending computer receiving data from the application
layer will need to convert data from the receiving format
(eg ASCII) to a format understood and accepted by other
layers of the OSI model to ensure smooth file transfer.

The receiving computer is responsible for the conversion

of “the external format” with which data is received
from the sending computer to one accepted by the other
layers in the host computer.

Data formats include postscript (a programming language that

describes the appearance of a printed page), ASCII (American Standard Code
for Information Interchange), or BINARY such as EBCDIC ( Extended
Binary Coded Decimal Interchange Code )
 Data Representation
❑ Different computers have different
representations for characters in text data.

❑ If two dissimilar computers are to exchange

text, say e-mail, they must agree on the
representation to be used in the exchange.
Then one must translate from, or into, the
agreed upon representation.
 Data Representation
❑ Converting the complex data structures used by an
application (strings, integers, structures, etc. ) into a byte
stream transmitted across the network.
❑ Representing information in such a way that communicating
peers agree to the format of the data being exchanged.
E.g., How many bits does an integer contain ? ASCII or
EBCDIC ( Extended Binary Coded Decimal Interchange Code )
character
set?
❑ Example:
ASN.1 – Abstract Syntax Notation One (ASN.1) is an interface description language
for defining data structures that can be serialized and deserialized in a standard,
cross-platform way. It's broadly used in telecommunications and computer
networking, and especially in cryptography.
 DATA COMPRESSION
Data compression implies sending or storing a
smaller number of bits. Although many methods
are used for this purpose, in general these methods
can be divided into two broad categories: lossless
and lossy methods.
LOSSLESS COMPRESSION

In lossless data compression, the integrity of the data

is preserved. The original data and the data after
compression and decompression are exactly the same
because, in these methods, the compression and
decompression algorithms are exact inverses of each
other: no part of the data is lost in the process.
Redundant data is removed in compression and added
during decompression. Lossless compression methods
are normally used when we cannot afford to lose any
data.
LOSSY COMPRESSION METHODS
Our eyes and ears cannot distinguish subtle changes. In
such cases, we can use a lossy data compression
method. These methods are cheaper—they take less
time and space when it comes to sending millions of
bits per second for images and video. Several methods
have been developed using lossy compression
techniques. JPEG (Joint Photographic Experts Group)
encoding is used to compress pictures and graphics,
MPEG (Moving Picture Experts Group) encoding is used
to compress video, and MP3 (MPEG audio layer 3) for
audio compression.
 Image Compression
JPEG encoding
An image can be represented by a two-dimensional
array (table) of picture elements (pixels).
A grayscale picture of 307,200 pixels is represented
by 2,457,600 bits, and a color picture is represented
by 7,372,800 bits.

In JPEG, a grayscale picture is divided into blocks of 8

× 8 pixel blocks to decrease the number of
calculations because, as we will see shortly, the
number of mathematical operations for each picture
is the square of the number of units.
The whole idea of JPEG is to change the picture into
a linear (vector) set of numbers that reveals the
redundancies. The redundancies (lack of changes)
can then be removed using one of the lossless
compression methods we studied previously. A
simplified version of the process is shown in Figure
below-

The JPEG compression process

Discrete cosine transform (DCT)

In this step, each block of 64 pixels goes through a

transformation called the discrete cosine transform
(DCT). The transformation changes the 64 values so
that the relative relationships between pixels are kept
but the redundancies are revealed. The formula is
given in Appendix G. P(x, y) defines one value in the
block, while T(m, n) defines the value in the
transformed block.
To understand the nature of this transformation, let us show
the result of the transformations for three cases.

Case 1: uniform grayscale

Case 2: two sections
Case 3: gradient grayscale
Quantization
After the T table is created, the values are
quantized to reduce the number of bits
needed for encoding. Quantization divides
the number of bits by a constant and then
drops the fraction. This reduces the required
number of bits even more. In most
implementations, a quantizing table (8 by 8)
defines how to quantize each value. The
divisor depends on the position of the value
in the T table. This is done to optimize the
number of bits and the number of 0s for
each particular application.
Compression
After quantization the values are read from the
table, and redundant 0s are removed. However,
to cluster the 0s together, the process reads the
table diagonally in a zigzag fashion rather than
row by row or column by column. The reason is
that if the picture does not have fine changes,
the bottom right corner of the T table is all 0s.

JPEG usually uses run-length encoding at the

compression phase to compress the bit pattern
resulting from the zigzag linearization.
Reading the table
 Video compression
MPEG encoding
The Moving Picture Experts Group (MPEG)
method is used to compress video. In principle, a
motion picture is a rapid sequence of a set of
frames in which each frame is a picture. In other
words, a frame is a spatial combination of pixels,
and a video is a temporal combination of frames
that are sent one after another. Compressing video,
then, means spatially compressing each frame and
temporally compressing a set of frames.
Spatial compression
The spatial compression of each frame is done with
JPEG, or a modification of it. Each frame is a picture
that can be independently compressed.

Temporal compression
In temporal compression, redundant frames are
removed. When we watch television, for example, we
receive 30 frames per second. However, most of the
consecutive frames are almost the same. For example, in
a static scene in which someone is talking, most frames
are the same except for the segment around the speaker’s
lips, which changes from one frame to the next.
Figure MPEG frames
 Audio compression
Audio compression can be used for speech or music.
For speech we need to compress a 64 kHz digitized
signal, while for music we need to compress a 1.411
MHz signal. Two categories of techniques are used
for audio compression:
predictive encoding
and
perceptual encoding.
Predictive encoding
In predictive encoding, the differences between samples are
encoded instead of encoding all the sampled values. This
type of compression is normally used for speech. Several
standards have been defined such as GSM (13 kbps), G.729
(8 kbps), and G.723.3 (6.4 or 5.3 kbps). Detailed discussions
of these techniques are beyond the scope of this book.

Perceptual encoding: MP3

The most common compression technique used to create
CD-quality audio is based on the perceptual encoding
technique. This type of audio needs at least 1.411 Mbps,
which cannot be sent over the Internet without compression.
MP3 (MPEG audio layer 3) uses this technique.
 Cryptography
• Cryptography is the science of secret, or
hidden writing
• It has two main Components:
1. Encryption
– Practice of hiding messages so that they can not be
read by anyone other than the intended recipient
2. Authentication & Integrity
– Ensuring that users of data/resources are the
persons they claim to be and that a message has not
been surreptitiously altered
Encryption
Cipher
• Cipher is a method for encrypting messages

Cipher
Plain Text Encryption Decryption Plain Text
Text
Algorithm Algorithm

Key A Key B
• Encryption algorithms are standardized & published
• The key which is an input to the algorithm is secret
– Key is a string of numbers or characters
– If same key is used for encryption & decryption the algorithm is called
symmetric
– If different keys are used for encryption & decryption the algorithm is
called asymmetric
Encryption
Symmetric Algorithms
• Algorithms in which the key for encryption and
decryption are the same are Symmetric
– Example: Caesar Cipher
• Types:
1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits, or 128 bits)
– Used for a single message
2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information
Symmetric Encryption
Key Strength
• Strength of algorithm is determined by the size of the key
– The longer the key the more difficult it is to crack
• Key length is expressed in bits
– Typical key sizes vary between 48 bits and 448 bits
• Set of possible keys for a cipher is called key space
– For 40-bit key there are 240 possible keys
– For 128-bit key there are 2128 possible keys
– Each additional bit added to the key length doubles the security
• To crack the key the hacker has to use brute-force
(i.e. try all the possible keys till a key that works is found)
– Super Computer can crack a 56-bit key in 24 hours
– It will take 272 times longer to crack a 128-bit key
(Longer than the age of the universe)
Substitution Ciphers
Caesar Cipher
• Caesar Cipher is a method in which each letter in the
alphabet is rotated by three letters as shown

ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC
Substitution Ciphers
Caesar Cipher
Encryption
Cipher Text
Plain Text
Cipher:
Message:
Message: Caesar Cipher
Dwwdfn Dw
Attack At Dawn Algorithm
Gdyq

Key (3)
Decryption
Cipher Text
Plain Text
Cipher:
Message:
Caesar Cipher Message:
Dwwdfn Dw
Algorithm Attack at Dawn
Gdyq

Key (3)

How many different keys are possible?

Substitution Cipher
Monoalphabetic Cipher
• Any letter can be substituted for any other letter
– Each letter has to have a unique substitute

ABCDEFGH I JKLMNOPQRSTUVWXYZ

MNBVCXZASDFGHJ KLPO IUYTREWQ

• There are 26! pairing of letters (~1026)

• Brute Force approach would be too time consuming
– Statistical Analysis would make it feasible to crack the key
 Substitution Cipher
Polyalphabetic Caesar Cipher
• Developed by Blaise de Vigenere
– Also called Vigenere cipher
• Uses a sequence of monoalpabetic ciphers in tandem
– e.g. C1, C2, C2, C1, C2

Plain Text ABCDEFGH I JKLMNOPQRSTUVWXYZ

C1(k=6) FGH I JKLMNOPQRSTUVWXYZABCDE

C2(k=20) TUVWXYZABCDEFGH I JKLMNOPQRS
• Example

Message: Encrypted
Cipher: Message:
Bob, I love you. Monoalphabetic Gnu, n etox dhz.
Alice Cipher tenvj

Key
Substitution Cipher
Using a key to shift alphabet
Transposition Cipher
Columnar Transposition
• This involves rearrangement of characters on the plain text into
columns
• The following example shows how letters are transformed
– If the letters are not exact multiples of the transposition size there may be
a few short letters in the last column which can be padded with an
infrequent letter such as x or z

Plain Cipher
Text Text
THISI TSSOH
SAMES OANIW
SAGET HAASO
OSHOW LRSTO
HOWAC IMGHW
OLUMN UTPIR
ARTRA SEEOA
NSPOS MROOK
ITION ISTWC
WORKS NASNS
Ciphers
Shannon’s Characteristics of “Good” Ciphers
• The amount of secrecy needed should determine the
amount of labor appropriate for the encryption and
decryption.
• The set of keys and the enciphering algorithm
should be free from complexity.
• The implementation of the process should be as
simple as possible.
• Errors in ciphering should not propagate and cause
corruption of further information in the message.
• The size of the enciphered text should be no larger
than the text of the original message.
Encryption Systems
Properties of Trustworthy Systems
• It is based on sound mathematics.
– Good cryptographic algorithms are are derived from
solid principles.
• It has been analyzed by competent experts and
found to be sound.
– Since it is hard for the writer to envisage all possible
attacks on the algorithm
• It has stood the “test of time.”
– Over time people continue to review both mathematical
foundations of an algorithm and the way it builds upon
those foundations.
– The flaws in most algorithms are discovered soon after
their release.
Cryptanalysis
Techniques
• Cryptanalysis is the process of breaking an encryption code
– Tedious and difficult process
• Several techniques can be used to deduce the algorithm
– Attempt to recognize patterns in encrypted messages, to be able to
break subsequent ones by applying a straightforward decryption
algorithm
– Attempt to infer some meaning without even breaking the
encryption, such as noticing an unusual frequency of communication
or determining something by whether the communication was short
or long
– Attempt to deduce the key, in order to break subsequent messages
easily
– Attempt to find weaknesses in the implementation or environment
of use of encryption
– Attempt to find general weaknesses in an encryption algorithm,
without necessarily having intercepted any messages
Data Encryption Standard (DES) Basics
• Goal of DES is to completely scramble the data and
key so that every bit of cipher text depends on every
bit of data and ever bit of key
• DES is a block Cipher Algorithm
– Encodes plaintext in 64 bit chunks
– One parity bit for each of the 8 bytes thus it reduces to
56 bits
• It is the most used algorithm
– Standard approved by US National Bureau of Standards
for Commercial and nonclassified US government use in
1993
Data Encryption Standard (DES) Basics
• DES run in reverse to decrypt
• Cracking DES
– 1997: 140 days
– 1999: 14 hours
• TripleDES uses DES 3 times in
tandem
– Output from 1 DES is input
to next DES
Symmetric Encryption
Limitations

• Any exposure to the secret key compromises

secrecy of ciphertext
• A key needs to be delivered to the recipient of the
coded message for it to be deciphered
– Potential for eavesdropping attack during transmission
of key
Asymmetric Encryption
Basics
• Uses a pair of keys for encryption
– Public key for encryption
– Private key for decryption
• Messages encoded using public key can only be decoded by
the private key
– Secret transmission of key for decryption is not required
– Every entity can generate a key pair and release its public key

Cipher
Plain Text Plain Text
Cipher Text Cipher

Public Key Private Key

Digital Signature:
 Asymmetric Encryption
RSA (Rivest–Shamir–Adleman) Algorithm

❑ RSA algorithm is asymmetric cryptography algorithm.

❑ The idea! The idea of RSA is based on the fact that it is difficult to
factorize a large integer. The public key consists of two numbers
where one number is multiplication of two large prime numbers.
And private key is also derived from the same two prime
numbers.
❑ So if somebody can factorize the large number, the private key is
compromised. Therefore encryption strength totally lies on the key
size and if we double or triple the key size, the strength of
encryption increases exponentially. RSA keys can be typically 1024
or 2048 bits long, but experts believe that 1024 bit keys could be
broken in the near future. But till now it seems to be an infeasible
task.
Asymmetric Encryption
RSA Algorithm
• Choose two large prime numbers p & q
• Compute n=pq and z=(p-1)(q-1)
• Choose number e, less than n, which has no common factor
(other than 1) with z
• Find number d, such that ed – 1 is exactly divisible by z
• Keys are generated using n, d, e
– Public key is (n,e)
– Private key is (n, d)
• Encryption: c = me mod n
– m is plain text
– c is cipher text
• Decryption: m = cd mod n
• Public key is shared and the private key is hidden
Asymmetric Encryption
RSA

• P=5 & q=7

• n=5*7=35 and z=(4)*(6) = 24
• e=5
• d = 29 , (29x5 –1) is exactly divisible by 24
• Keys generated are
– Public key: (35,5)
– Private key is (35, 29)
• Encrypt the following words using (c = me mod n)
– Assume that the alphabets are between 1 & 26

Plain Text Numeric Representation me Cipher Text (c = m e mod n)

l 12 248832 17
o 15 759375 15
e 5 3125 10
Asymmetric Encryption
RSA

• Decrypt the word loe using (m = cd mod n)

– n = 35, c=29

Cipher cd (m = me mod n) Plain

Text Text
17 48196857210675091509141182522307200 12 l
0
15 12783403948858939111232757568359400 15 o
10 100000000000000000000000000000 5 e
 Asymmetric Encryption
Weaknesses

• Efficiency is lower than Symmetric Algorithms

– A 1024-bit asymmetric key is equivalent to 128-bit
symmetric key
• Potential for man-in-the middle attack
• It is problematic to get the key pair generated for the
encryption