EnggTree.

com

OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks, mechanisms, and

services. These can be defined briefly as follows:

Security attack – Any action that compromises the security of information owned
by an organization
Security mechanism – A mechanism that is designed to detect, prevent or recover
from a security attack
Security service – A service that enhances the security of the data processing
systems and the information transfers of an organization.

SECURITY ATTACK

There are two types of attacks

 Passive attacks
 Active attacks

Passive attack
Passive attacks attempt to learn or make use of information from the system
but do not affect system resources. The goal of the opponent is to obtain
information that is being transmitted.

Downloaded From EnggTree.com

 EnggTree.com

Passive attacks are of two types

 Release of message contents
 Traffic analysis

Release of message contents: The opponent would learn the contents of the
transmission. A telephone conversation, an e-mail message and a transferred
file may contain sensitive or confidential information. We would like to
prevent the opponent from learning the contents of these transmissions.
Traffic analysis: The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place. Passive attacks are very
difficult to detect, because they do not involve any alteration of the data.
However, it is feasible to prevent the success of these attacks.
Active attacks
These attacks involve some modification of the data stream or the creation of a
false stream.

Active attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity. Here, the attacker
capturers the authentication and impersonifies the sender.

Downloaded From EnggTree.com

 EnggTree.com

Replay – The attacker captures the message and retransmits the message without
modification to produce unauthorized effect.

Modification of messages – The attacker captures the message and retransmits the
message with modification to produce unauthorized effect.

Denial of service – The attacker may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages so as to degrade
performance.
It is quite difficult to prevent active attacks absolutely, because to do so
would require physical protection of all communication facilities and paths at all
times. Instead, the goal is to detect them and to recover from any disruption or
delays caused by them.

SECURITY SERVICES
X.800 defines a security service as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the systems or
of data transfers.
The classification of security services are as follows:

Downloaded From EnggTree.com

 EnggTree.com

(i) Authentication: The authentication service is concerned with assuring that a

communication is authentic.
Two specific authentication services are defined in X.800:
 Peer entity authentication: Provide confidence in the identity of entities
connected.
 Data origin authentication: Provide assurance that the source of received
data is as claimed.

(ii) Access control: Access control is the ability to limit and control the access to
host systems and applications.

(iii) Data Confidentiality: Confidentiality is the protection of transmitted data

from passive attacks.

 Connection Confidentiality
The protection of all user data on a connection
 Connectionless Confidentiality
The protection of all user data in a single data block
 Selective-Field Confidentiality
The confidentiality of selected fields within the user data on a connection or
in a single data block
 Traffic-Flow Confidentiality
The protection of the information that might be derived from observation of
traffic flows

(iv)Data Integrity: The assurance that data received are exactly as sent by an
authorized entity.

Downloaded From EnggTree.com

 EnggTree.com

 Connection Integrity with Recovery

Provides for the integrity of all user data on a connection and detects any
modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.
 Connection Integrity without Recovery
As above, but provides only detection without recovery.
 Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user data of a data
block transferred over a connection and takes the form of determination of
whether the selected fields have been modified, inserted, deleted, or
replayed.
 Connectionless Integrity
Provides for the integrity of a single connectionless data block and may take
the form of detection of data modification. Additionally, a limited form of
replay detection may be provided.
 Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single connectionless
data block; takes the form of determination of whether the selected fields
have been modified.

(v)Non repudiation: Provides protection against denial by one of the entities

involved in a communication of having participated in all or part of the
communication.
 Nonrepudiation, Origin
Proof that the message was sent by the specified party
 Nonrepudiation, Destination
Proof that the message was received by the specified party

SECURITY MECHANISMS
 Encipherment:
It uses mathematical algorithm to transform data into a form that is not
readily intelligible. It depends upon encryption algorithm and key

 Digital signature:
Data appended to or a cryptographic transformation of a data unit that is to
prove integrity of data unit and prevents from forgery

 Access control

Downloaded From EnggTree.com

 EnggTree.com

A variety of mechanisms that enforce access rights to resources.

 Data integrity
A variety of mechanism are used to ensure integrity of data unit

 Traffic padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.

 Notarization
The use of a trusted third party to assure certain properties of a data
exchange

Downloaded From EnggTree.com

 EnggTree.com

A MODEL FOR NETWORK SECURITY

Encryption/Decryption methods fall into two categories.

 Symmetric key
 Public key
In symmetric key algorithms, the encryption and decryption keys are known both
to sender and receiver. The encryption key is shared and the decryption key is
easily calculated from it. In many cases, the encryption and decryption keys are the
same. In public key cryptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information
known to the receiver.

A message is to be transferred from one party to another across some sort of

internet. The two parties, who are the principals in this transaction, must cooperate
for the exchange to take place. A logical information channel is established by

Downloaded From EnggTree.com

 EnggTree.com

defining a route through the internet from source to destination and by the
cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

All the techniques for providing security have two components:

 A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so that
it is unreadable by the opponent.
 Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in
conjunction with the transformation to scramble the message before
transmission

A trusted third party may be needed to achieve secure transmission. For

example, a third party may be responsible for distributing the secret information to
the two principals while keeping it from any opponent.

This general model shows that there are four basic tasks in designing a particular
security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

Downloaded From EnggTree.com

 EnggTree.com

SUBSTITUTION TECHNIQUES

 A substitution technique is one in which the letters of plaintext are

replaced by other letters or by numbers or symbols.
 Substitution ciphers can be categorized as either
i) Monoalphabetic ciphers or ii) polyalphabetic ciphers.
 In monoalphabetic substitution, the relationship between a symbol
in the plaintext to a symbol in the ciphertext is always one-to-one.
 In polyalphabetic substitution, each occurrence of a character may
have a different substitute. The relationship between a character in
the plaintext to a character in the ciphertext is one-to-many.
Various substitution ciphers are
(i) Caesar Cipher
(ii) Mono alphabetic cipher
(iii) Playfair cipher
(iv) Hill cipher
(v) Poly alphabetic cipher
(vi) Vignere cipher
(i)CAESAR CIPHER (OR) SHIFT CIPHER
Caeser cipher was proposed by Julius Caesar. The Caesar cipher involves replacing
each letter of the alphabet with the letter standing 3 places further down the
alphabet.

Downloaded From EnggTree.com

 EnggTree.com

Let us assign a numerical equivalent to each letter:

Note that the alphabet is wrapped around, so that letter following ‘z’ is ‘a’.
For each plaintext letter p, substitute the cipher text letter c such that
c = E(3, p) = (p+3) mod 26

Decryption is
p=D(3,c)=(c-3) mod 26

The general Caesar algorithm is

C = E(k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25.

The decryption algorithm is simply

p = D(k, c) = (C - k) mod 26

Downloaded From EnggTree.com

 EnggTree.com

If it is known that a given cipher text is a Caesar cipher, then a brute-force

cryptanalysis is easily performed: simply try all the 25 possible keys.

Cryptanalysis of Caesar Cipher

1. The encryption and decryption algorithms are known
2. There are only 25 possible keys. Hence brute force attack takes place
3. The language of the plaintext is known and easily recognizable

(ii) MONOALPHABETIC CIPHER

 Each plaintext letter maps to a different random cipher text letter
 Here, 26! Possible keys are used to eliminate brute force attack
There is, however, another line of attack. If the cryptanalyst knows the nature of
the plaintext (e.g., non-compressed English text), then the analyst can exploit the
regularities of the language.

As a first step, the relative frequency of the letters can be determined and
compared to a standard frequency distribution for English

Downloaded From EnggTree.com

 EnggTree.com

Continued analysis of frequencies plus trial and error should easily yield a solution.

(iii) PLAYFAIR CIPHER

The best known multiple letter encryption cipher is the playfair, which treats
digrams in the plaintext as single units and translates these units into cipher text
digrams. The playfair algorithm is based on the use of 5x5 matrix of letters
constructed using a keyword.
Let the keyword be “monarchy‟.
The matrix is constructed by
 Filling in the letters of the keyword from left to right and from top to
bottom
 Duplicates are removed
 Remaining unfilled cells of the matrix is filled with remaining
alphabets in alphabetical order.
The matrix is 5x5. It can accommodate 25 alphabets. To accommodate the 26 th
alphabet I and J are counted as one character.

Rules for encryption

 Repeating plaintext letters that would fall in the same pair are separated with
a filler letter such as ‘x’.
 Two plaintext letters that fall in the same row of the matrix are each replaced
by the letter to the right, with the first element of the row circularly
following the last. For example, ar is encrypted as RM.

Downloaded From EnggTree.com

 EnggTree.com

 Two plaintext letters that fall in the same column are each replaced by the
letter beneath, with the top element of the column circularly following the
last. For example, mu is encrypted as CM.
 Otherwise, each plaintext letter in a pair is replaced by the letter
that lies in its own row and the column occupied by the other
plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM,
as the encipherer wishes).
Example
Plain text: Balloon
Ba ll oo n
Ba lx lo on
BaI/JB
lxSU
loPM
onNA

Strength of playfair cipher

 Playfair cipher is a great advance over simple mono alphabetic ciphers.
 Since there are 26 letters, 26x26 = 676 diagrams are possible, so
identification of individual digram is more difficult.
 Frequency analysis is much more difficult.
Disadvantage
Easy to break because it has the structure and the resemblance of the plain text
language

Downloaded From EnggTree.com

 EnggTree.com

(iv) HILL CIPHER

It is a multi-letter cipher. It is developed by Lester Hill. The encryption algorithm
takes m successive plaintext letters and substitutes for them m cipher text letters.
The substitution is determined by m linear equations in which each character is
assigned numerical value (a=0,b=1…z=25). For m =3 the system can be described
as follows:

C=KP mod 26
C and P are column vectors of length 3 representing the cipher and plain text
respectively.
Consider the message 'ACT', and

The key below (or GYBNQKURP in letters)

Thus the enciphered vector is given by:

Downloaded From EnggTree.com

 EnggTree.com

which corresponds to a ciphertext of 'POH’

Decryption

Decryption algorithm is done as P=K-1C mod 26

In order to decrypt, we turn the ciphertext back into a vector, then simply multiply
by the inverse matrix of the key matrix (IFKVIVVMI in letters).

Cipher text of 'POH'

Now gets us back the plain text 'ACT'

Merits and Demerits

 Completely hides single letter and 2 letter frequency information.
 Easily attacked with known plain text attack

(v)POLYALPHABETIC CIPHERS

Poly alphabetic cipher is a simple technique to improve mono-alphabetic

technique.

Downloaded From EnggTree.com

 EnggTree.com

The features are

-alphabetic substitution rules are used

Example: Vigenere Cipher

Each of the 26 ciphers is laid out horizontally, with the key letter for each
cipher to its left. A normal alphabet for the plaintext runs across the top. The
process of encryption is simple: Given a key letter x and a plaintext letter y, the
cipher text is at the intersection of the row labelled x and the column labelled y; in
this case, the cipher text is V. To encrypt a message, a key is needed that is as long
as the message. Usually, the key is a repeating keyword.
Key=deceptive
Plain text= we are discovered save yourself
e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e

PT = w e a r e d i s c o v e r e d s a v e y o u r s e l f
CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Decryption is equally simple. The key letter again identifies the row. The position
of the cipher text letter in that row determines the column, and the plaintext letter
is at the top of that column.

Downloaded From EnggTree.com

 EnggTree.com

Strength of Vigenere cipher

o There are multiple ciphertext letters for each plaintext letter.
o Letter frequency information is obscured

(vi) VERNAM CIPHER or ONE-TIME PAD

It is an unbreakable cryptosystem. It represents the message as a sequence of
0s and 1s. This can be accomplished by writing all numbers in binary, for example,
or by using ASCII. The key is a random sequence of 0‟s and 1‟s of same length as
the message. Once a key is used, it is discarded and never used again.
The system can be expressed as follows:
Ci = Pi Ki
Ci - ith binary digit of cipher text Pi - ith binary digit of plaintext Ki - ith binary
digit of key
 – exclusive OR operation

Downloaded From EnggTree.com

 EnggTree.com

Thus the cipher text is generated by performing the bitwise XOR of the
plaintext and the key. Decryption uses the same key. Because of the properties of
XOR, decryption simply involves the same bitwise operation:
Pi = Ci  Ki
Advantages
 It is unbreakable since cipher text bears no statistical relationship to the
plaintext
 Not easy to break
Drawbacks
 Practically impossible to generate a random key as to the length of the
message
 The second problem is that of key distribution and key protection.
Due to the above two drawbacks, one time pad is of limited use and is used for low
band width channel which needs high security.

Downloaded From EnggTree.com

 EnggTree.com

TRANSPOSITION TECHNIQUES
A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition
cipher.

RAIL FENCE CIPHER

It is simplest of such cipher, in which the plaintext is written down as a
sequence of diagonals and then read off as a sequence of rows.
Plaintext = meet at the school house
To encipher this message with a rail fence of depth 2,
We write the message as follows:

m e a t e c o l o s
e t t h s h o h u e

The encrypted message Cipher text MEATECOLOSETTHSHOHUE

ROW TRANSPOSITION CIPHERS-

A more complex scheme is to write the message in a rectangle, row by row, and
read the message off, column by column, but permute the order of the columns.
The order of columns then becomes the key of the algorithm.
e.g., plaintext = meet at the school house
Key = 4 3 1 2 5 6 7
PT = m e e t a t t
hes choo
l hous e

Downloaded From EnggTree.com

 EnggTree.com

CT = ESOTCUEEHMHLAHSTOETO

Demerits
 Easily recognized because the frequency is same in both plain text and
cipher text.
 Can be made secure by performing more number of transpositions.

STEGANOGRAPHY

In Steganography, the plaintext is hidden. The existence of the message is

concealed. For example, the sequence of first letters of each word of the overall
message spells out the hidden message.
Various other techniques have been used historically; some examples are the
following:
• Character marking: Selected letters of printed or typewritten text are
overwritten in pencil. The marks are ordinarily not visible unless the paper is held
at an angle to bright light.
• Invisible ink: A number of substances can be used for writing but leave no
visible trace until heat or some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible
unless the paper is held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon,
the results of typing with the correction tape are visible only under a strong light.
Drawback
 It requires a lot of overhead to hide a relatively few bits of information.
 Once the system is discovered, it becomes virtually worthless

Downloaded From EnggTree.com

 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

STEGANOGRAPHY

A plaintext message may be hidden in one of two ways. The methods of steganography
conceal the existence of the message, whereas the methods of cryp-tography render the message
unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time-consuming to construct, is one in
which an arrangement of words or letters within an apparently innocuous text spells out the real
message. For example, the sequence of first letters of each word of the overall message spells
out the hidden message. Figure 2.9 shows an example in which a subset of the words of the
overall message is used to convey the hidden message. See if you can decipher this; it’s not too
hard.

Reference :William Stallings, Cryptography and Network Security: Principles and Practice, PHI 3rd Edition, 2006
Various other techniques have been used historically; some examples are the following:

• Character marking: Selected letters of printed or typewritten text are over-written in pencil.
The marks are ordinarily not visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing but leave novisible trace until
heat or some chemical is applied to the paper.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the
paper is held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon, theresults of
typing with the correction tape are visible only under a strong light.

Although these techniques may seem archaic, they have contemporary equivalents.
Hiding a message by using the least significant bits of frames on a CD. For example, the Kodak
Photo CD format’s maximum resolution is 2048 _ 3072 pixels, with each pixel containing 24
bits of RGB color information.
The least significant bit of each 24-bit pixel can be changed without greatly affecting the
quality of the image. The result is that you can hide a 2.3-megabyte message in a single digital
snapshot. There are now a number of software packages available that take this type of
approach to steganography.
Steganography has a number of drawbacks when compared to encryption. It requires a lot
of overhead to hide a relatively few bits of information, although using a scheme like that
proposed in the preceding paragraph may make it more effective.Also, once the system is
discovered, it becomes virtually worthless. This problem, too, can be overcome if the insertion
method depends on some sort of key. Alternatively, a message can be first encrypted and then
hidden using steganography.
The advantage of steganography is that it can be employed by parties who have
something to lose should the fact of their secret communication (not necessarily the content) be
discovered. Encryption flags traffic as important or secret or may identify the sender or receiver
as someone with something to hide.

Foundations of modern cryptography

Modern cryptography is the cornerstone of computer and communications security. Its

foundation is based on various concepts of mathematics such as number theory, computational-
complexity theory, and probability theory.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

Characteristics of Modern Cryptography

There are three major characteristics that separate modern cryptography from the classical
approach.

Classic Cryptography Modern Cryptography

It manipulates traditional characters, i.e., letters It operates on binary bit sequences.

and digits directly.

It is mainly based on ‘security through It relies on publicly known mathematical

obscurity’. The techniques employed for algorithms for coding the information. Secrecy is
coding were kept secret and only the parties obtained through a secrete key which is used as
involved in communication knew about them. the seed for the algorithms. The computational
difficulty of algorithms, absence of secret key,
etc., make it impossible for an attacker to obtain
the original information even if he knows the
algorithm used for coding.

It requires the entire cryptosystem for Modern cryptography requires parties interested in
communicating confidentially. secure communication to possess the secret key
only.

Perfect Security

▪ A cipher system is said to offer perfect secrecy if, on seeing the ciphertext the interceptor
gets no extra informationabout the plaintext than he had before the ciphertext was
observed.

▪ In a cipher system with perfect secrecy the interceptor is “forced” to guess the plaintext.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ An encryption scheme satisfies perfect secrecy if for all messages m1, m2 in message
space M and all ciphertexts c ∈ C, we have

where both probabilities are taken over the choice of K in K and over the coin tosses of the
(possibly) probabilistic algorithm Enc.

▪ Intuitively, we might want to define perfect security of an encryption scheme as follows:

Given a ciphertext all messages are equally likely.

▪ This can be formulated as: For all m(0) , m(1) ∈ M and c ∈ C we have:

Pr[M = m (0) |C = c] = Pr[M = m (1) |C = c]

▪ The probability here is over the randomness used in the Gen and Enc algorithms and the
probability distribution over the message space.

Definition (One: Perfect Security)

▪ We want the ciphertext to provide no additional information about the message

▪ Definition (One: Perfect Security)

For all m ∈ M and c ∈ C, we have:

Pr[M = m|C = c] = Pr[M = m]

▪ Here we are assuming that c ∈ C has Pr[C = c] > 0. Everywhere this assumption will be
implicit

Definition (Two: Perfect Security)

▪ We want to say that the probability to generate a ciphertext given a message is

independent of the message

▪ Definition (Two: Perfect Security)

For all m ∈ M and c ∈ C we have:

Pr[C = c|M = m] = Pr[C = c]

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

Definition (Three: Perfect Security)

▪ We want to say that the probability of generating a ciphertext given as message m(0) , is
same as the probability of generating that ciphertext given any other different message
m(1)

▪ Definition (Three: Perfect Security)

For any messages m(0) , m(1) ∈ M and c ∈ C we have:

Pr[C = c|M = m (0) ] = Pr[C = c|M = m (1) ]

Shannon’s Original Definition of Secrecy

▪ Shannon defines perfect secrecy for secret-key systems and shows that they exist.

▪ A secret-key cipher obtains perfect secrecy if for all plaintexts x and all ciphertexts y it
holds that Pr(x) = Pr(x|y).

▪ In other words, a ciphertext y gives no information about the plaintext

Information theory

▪ Information theory studies the quantification, storage,

and communication of information.

▪ A key measure in information theory is entropy. Entropy quantifies the amount of

uncertainty involved in the value of a random variable or the outcome of a random
process.

▪ For example, identifying the outcome of a fair coin flip (with two equally likely
outcomes) provides less information (lower entropy) than specifying the outcome from a
roll of a die (with six equally likely outcomes).

▪ Some other important measures in information theory are mutual information, channel
capacity, error exponents, and relative entropy.

Quantities of information

▪ Information theory is based on probability theory and statistics.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ Information theory often concerns itself with measures of information of the distributions
associated with random variables.

▪ Important quantities of information are entropy, a measure of information in a single

random variable, and mutual information, a measure of information in common between
two random variables.

A common unit of information is the bit, based on the binary logarithm

Entropy of an information source

▪ Based on the probability mass function of each source symbol to be communicated, the
Shannon entropy H, in units of bits (per symbol), is given by

▪ where pi is the probability of occurrence of the i-th possible value of the source symbol.

▪ This equation gives the entropy in the units of "bits" (per symbol) because it uses a
logarithm of base 2, and this base-2 measure of entropy has sometimes been called
the shannon in his honor.

▪ If one transmits 1000 bits (0s and 1s), and the value of each of these bits is known to the
receiver (has a specific value with certainty) ahead of transmission, it is clear that no
information is transmitted.

▪ If, however, each bit is independently equally likely to be 0 or 1, 1000 shannons of

information (more often called bits) have been transmitted. Between these two extremes,
information can be quantified as follows.

▪ If 𝕏 is the set of all messages {x1, ..., xn} that X could be, and p(x) is the probability of
some x € X , then the entropy, H, of X is defined:[

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ The special case of information entropy for a random variable with two outcomes is the
binary entropy function, usually taken to the logarithmic base 2, thus having the shannon
(Sh) as unit:

Joint entropy

▪ The joint entropy of two discrete random variables X and Y is merely the entropy of their
pairing: (X, Y). This implies that if X and Y are independent, then their joint entropy is the
sum of their individual entropies.

▪ For example, if (X, Y) represents the position of a chess piece — X the row and Y the
column, then the joint entropy of the row of the piece and the column of the piece will be
the entropy of the position of the piece.

▪ Despite similar notation, joint entropy should not be confused with cross entropy.

Conditional entropy (equivocation)

▪ The conditional entropy or conditional uncertainty of X given random variable Y (also

called the equivocation of X about Y) is the average conditional entropy over Y:

▪ Because entropy can be conditioned on a random variable or on that random variable

being a certain value, care should be taken not to confuse these two definitions of
conditional entropy, the former of which is in more common use. A basic property of this
form of conditional entropy is that:

▪ The conditional entropy or conditional uncertainty of X given random variable Y (also

called the equivocation of X about Y) is the average conditional entropy over Y:

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ Because entropy can be conditioned on a random variable or on that random variable

being a certain value, care should be taken not to confuse these two definitions of
conditional entropy, the former of which is in more common use. A basic property of this
form of conditional entropy is that:

Mutual information (Transinformation)

▪ Mutual information measures the amount of information that can be obtained about one
random variable by observing another. It is important in communication where it can be
used to maximize the amount of information shared between sent and received signals.
The mutual information of X relative to Y is given by:

▪ where SI (Specific mutual Information) is the pointwise mutual information.

▪ A basic property of the mutual information is that

▪ That is, knowing Y, we can save an average of I(X; Y) bits in encoding X compared to not
knowing Y.

▪ Mutual information is symmetric:

Kullback–Leibler Divergence (Information Gain):

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ The Kullback–Leibler divergence (or information divergence, information gain,

or relative entropy) is a way of comparing two distributions: a "true" probability
distribution p(X), and an arbitrary probability distribution q(X).

▪ If we compress data in a manner that assumes q(X) is the distribution underlying some
data, when, in reality, p(X) is the correct distribution, the Kullback–Leibler divergence is
the number of average additional bits per datum necessary for compression.

▪ It is thus defined

Coding theory

▪ Coding theory is one of the most important and direct applications of information theory.

▪ It can be subdivided into source coding theory and channel coding theory.

▪ Using a statistical description for data, information theory quantifies the number of bits
needed to describe the data, which is the information entropy of the source.

▪ Data compression (source coding): There are two formulations for the compression
problem:

▪ lossless data compression: the data must be reconstructed exactly;

▪ lossy data compression: allocates bits needed to reconstruct the data, within a
specified fidelity level measured by a distortion function. This subset of
information theory is called rate–distortion theory.

▪ Error-correcting codes (channel coding): While data compression removes as much

redundancy as possible, an error correcting code adds just the right kind of redundancy
(i.e., error correction) needed to transmit the data efficiently and faithfully across a noisy
channel.

Product Cryptosystems

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ Data encryption scheme in which the ciphertext produced by encrypting a plaintext

document is subjected to further encryption.

▪ By combining two or more simple transposition ciphers or substitution ciphers, a more

secure encryption may result.

▪ A cryptosystem S=(P,K, C,e,d) with the sets ofplaintexts P, keys K and cryptotextsC
andencryption (decryption) algorithms e (d) is called endomorphic if P=C.

▪ If S1=(P,K1, P,e(1),d (1)

) and S2=(P,K2, P,e (2)
,d (2)
) are endomorphic cryptosystems,then
theproduct cryptosystem is

▪ S1ÄS2=(P,K1ÄK2, P,e,d),

▪ where encryption is performed by the procedure

▪ e( k1, k2 )(w) = ek2(ek1(w))

▪ and decryption by the procedure

▪ d( k1, k2 )(c) = dk1(dk2(c) )

Cryptanalysis

▪ Cryptanalysis is the study of analyzing information systems in order to study the hidden
aspects of the systems.

▪ Cryptanalysis is used to breach cryptographic security systems and gain access to the
contents of encrypted messages, even if the cryptographic key is unknown.

▪ In addition to mathematical analysis of cryptographic algorithms, cryptanalysis includes

the study of side-channel attacks that do not target weaknesses in the cryptographic
algorithms themselves, but instead exploit weaknesses in their implementation.

Methods

▪ Ciphertext-only: the cryptanalyst has access only to a collection

of ciphertexts or codetexts.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com
 EnggTree.com
ROHINI COLLEGE OF ENGINEERING AND TECHNOLOGY

▪ Known-plaintext: the attacker has a set of ciphertexts to which he knows the

corresponding plaintext.

▪ Chosen-plaintext (chosen-ciphertext): the attacker can obtain the ciphertexts (plaintexts)

corresponding to an arbitrary set of plaintexts (ciphertexts) of his own choosing.

▪ Adaptive chosen-plaintext: like a chosen-plaintext attack, except the attacker can choose
subsequent plaintexts based on information learned from previous encryptions.
Similarly Adaptive chosen ciphertext attack.

▪ Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain
ciphertexts encrypted under two different keys. The keys are unknown, but the
relationship between them is known; for example, two keys that differ in the one bit.

CS8792-CRYPTOGRPHY AND NETWORK SECURITY

Downloaded From EnggTree.com