Outline

▪ OSI Security Architecture

▪ Security Attacks
▪ Security Services
▪ Security Mechanism
▪ Symmetric Cipher Model
▪ Cryptography
▪ Cryptanalysis and Attacks
▪ Substitution and Transposition Techniques
Introduction to Information & N/W Security
OSI Security Architecture
▪ The OSI (Open Systems Interconnection) security architecture
focuses on Security Attacks, Mechanisms, and Services.
▪ Security Attack: Any action that compromises the security of
information owned by an organization.
▪ Security Mechanism: A process that is designed to detect,
prevent, or recover from a security attack.
▪ Security Service: A communication service that enhances the
security of the data processing systems and the information
transfers of an organization.
Security Attacks
▪ A passive attack attempts to learn or make use of information
from the system but does not affect system resources.
1. Release of message contents
2. Traffic analysis
▪ An active attack attempts to alter system resources or affect their
operation.
1. Masquerade
2. Replay
3. Modification of messages
4. Denial of service.
1) Release of message contents (Passive Attack)

▪ A telephone conversation, an electronic mail message, and a

transferred file may contain sensitive or confidential information.
▪ We would like to prevent an opponent from learning the contents
of these transmissions.
2) Traffic Analysis (Passive Attack)

▪ In such attacks, an adversary, capable of observing network traffic

statistics in several different networks, correlates the traffic
patterns in these networks.
1) Masquerade Attack (Active Attack)

▪ A masquerade takes place when one entity pretends to be a

different entity.
2) Replay Attack (Active Attack)

▪ Replay attack involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect.
3) Modification of messages Attack (Active Attack)

▪ Modification of messages simply means that some portion of a

legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect.
4) Denial of Service Attack (Active Attack)

▪ The denial of service attack prevents the normal use or

management of communications facilities.
Security Services (X.800)
▪ X.800 standard defines a security service as a service that is
provided by a protocol layer of communicating open systems and
that ensures security of the systems or of data transfers.
 Security Services

Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality

Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery

Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery

Selective Field
Selective Repeat
Connection
Confidentiality
Integrity

Traffic Flow Connection less

Confidentiality Integrity

Selective Field
Connection less
Integrity
Authentication
▪ Authentication is the assurance that the communicating entity is
the one that it claims to be.
Who you are ?
1. Peer Entity Authentication: (biometrics)
Used in association with a
logical connection to provide
confidence in the identity of Physical
the entities connected. authentication
2. Data-Origin Authentication: In where you are ?
a connectionless transfer,
provides assurance that the What you know ?
source of received data is as Password
claimed. One-time Passwords
Network address
Access Control
▪ Access control is the prevention of unauthorized use of a resource
▪ This service controls who can have access to a resource, under
what conditions access can occur, and what those accessing the
resource are allowed to do).
Data Confidentiality
▪ Data confidentiality is the protection of data from unauthorized
disclosure.
1. Connection Confidentiality: The
protection of all user data on a
connection.
2. Connectionless Confidentiality: The
protection of all user data in a single
data block.
3. Selective-Field Confidentiality: The
confidentiality of selected fields
within the user data on a connection
or in a single data block.
4. Traffic-Flow Confidentiality: The
protection of the information that
might be derived from observation of
traffic flows.
Data Integrity
▪ Data integrity is the assurance that data received are exactly as
sent by an authorized entity (i.e., contain no modification,
insertion, deletion, or replay).
Data Integrity (Cont…)
▪ Connection Integrity with Recovery: Provides integrity of all user
data on a connection and detects any modification, insertion,
deletion, or replay of any data with recovery attempted.
▪ Connection Integrity without Recovery: As above, but provides
only detection without recovery.
▪ Selective-Field Connection Integrity: Provides integrity of selected
fields within the user data and takes the form of determination of
whether the selected fields have been modified, inserted, deleted,
or replayed.
Data Integrity (Cont…)
▪ Connectionless Integrity: Provides integrity of a single
connectionless data block and may take the form of detection of
data modification. Additionally, a limited form of replay detection
may be provided.
▪ Selective-Field Connectionless Integrity: Provides integrity of
selected fields within a single connectionless data block; takes the
form of determination of whether the selected fields have been
modified.
Non Repudiation
▪ Nonrepudiation is the assurance that someone cannot deny
something.
▪ Typically, nonrepudiation refers to the ability to ensure that a
communication cannot deny the authenticity of their signature on
a document or the sending of a message that they originated.

Transfer Rs. 1,00,000

To Bank
After few days
User A I have never
requested to transfer
Rs. 1,00,000
to Bank Bank
Non Repudiation (Cont…)
▪ Nonrepudiation-Origin: Proof that the message was sent by the
specified party.
▪ Nonrepudiation-Destination: Proof that the message was
received by the specified party.
Security Mechanisms (X.800)
▪ Specific security mechanisms: Integrated into the appropriate
protocol layer in order to provide some of the OSI security
services.
▪ Pervasive security mechanisms: Not integrated to any particular
OSI security service or protocol layer
Security Mechanism (Specific Security)
▪ Encipherment: Hiding or covering data using mathematical
algorithms.
▪ Digital Signature: The sender can electronically sign the data and
the receiver can electronically verify the signature.
▪ Access Control: A variety of mechanisms that enforce access
rights to resources.
▪ Data Integrity: A variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
▪ Authentication Exchange: Two entities exchange some messages
to prove their identity to each other.
Security Mechanism (Specific security)
▪ Traffic Padding: The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
▪ Routing Control: Selecting and continuously changing routes
between sender and receiver to prevent opponent from
eavesdropping.
▪ Notarization: The use of a trusted third party to assure and
control the communication.
Encryption and Decryption

Hello f7#er Hello

Sender Encryption Decryption Receiver
Substitution Techniques
▪ A substitution technique is one in which the letters of plaintext
are replaced by other letters or by numbers or symbols.
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
1) Caesar Cipher
▪ The Caesar cipher involves replacing each letter of the alphabet
with the letter standing three places further down the alphabet.
▪ In encryption each plaintext letter P, substitute the ciphertext
letter C:
C = E(k, P) = (P + k) mod 26
C = E(3, P) = (P + 3) mod 26
▪ For decryption algorithm is:

P = D(k, C) = (C - k) mod 26
Caesar Cipher (Cont…)
▪ Let us assign a numerical equivalent to each letter
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

C = E(3, P) = (P + 3) mod 26
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: d e f g h i j k l m n o p q r s t u v w x y z a b c

Example:
Plaintext: THE QUICK BROWN FOX
Ciphertext: WKH TXLFN EURZQ IRA
Brute force attack on Caesar Cipher
▪ The encryption and decryption algorithms are known.
▪ There are only 25 keys to try.
▪ The language of the plaintext is known and easily recognizable.
Brute force attack on Caesar Cipher
Ciphertext: ZNK WAOIQ HXUCT LUD
Key Transformed text Key Transformed text
1 YMJ VZNHP GWTBS KTC 14 LZW IMAUC TJGOF XGP
2 XLI UYMGO FVSAR JSB 15 KYV HLZTB SIFNE WFO
3 WKH TXLFN EURZQ IRA 16 JXU GKYSA RHEMD VEN
4 VJG SWKEM DTQYP HQZ 17 IWT FJXRZ QGDLC UDM
5 UIF RVJDL CSPXOGPY
18 HVS EIWQY PFCKB TCL
6 THE QUICK BROWN FOX
19 GUR DHVPX OEBJA SBK
7 SGD PTHBJ AQNVM ENW
8 RFC OSGAI ZPMUL DMV 20 FTQ CGUOW NDAIZ RAJ
9 QEB NRFZH YOLTK CLU 21 ESP BFTNV MCZHY QZI
10 PDA MQEYG XNKSJ BKT 22 DRO AESMU LBYGX PYH
11 OCZ LPDXF WMJRI AJS 23 CQN ZDRLT KAXFW OXG
12 NBY KOCWE VLIQH ZIR 24 BPM YCQKS JZWEV NWF
13 MAX JNBVD UKHPG YHQ 25 AOL XBPJR IYVDU MVE
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
2) Monoalphabetic Cipher (Simple substitution)
▪ It is an improvement to the Caesar Cipher.
▪ Instead of shifting the alphabets by some number, this scheme
uses some permutation of the letters in alphabet.
▪ The sender and the receiver decide on a randomly selected
permutation of the letters of the alphabet.
▪ With 26 letters in alphabet, the possible permutations are 26!
which is equal to 4x1026.

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: y n l k x b s h m i w d p j r o q v f e a u g t z c
Attack on Monoalphabetic Cipher
▪ The relative frequencies of the letters in the ciphertext (in
percentages) are

Ciphertext:
uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvuephzhmdzshzowsf
pappdtsvpquzwymxuzuhsxepyepopdzszufpombzwpfupzhmdjudtmohmq

▪ In our ciphertext, the most common digram is ZW, which appears

three times. So equate Z with t, W with h and P with e.
▪ Now notice that the sequence ZWP appears in the ciphertext, and
we can translate that sequence as “the.”
Attack on Monoalphabetic Cipher (Cont…)
▪ If the cryptanalyst knows the nature of the plaintext, then the
analyst can exploit the regularities of the language.
▪ The relative frequency of the letters can be determined and
compared to a standard frequency distribution for English.
▪ If the message were long enough, this technique alone might be
sufficient, but because this is a relatively short message, we
cannot expect an exact match.
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
3) Playfair Cipher
▪ The Playfair algorithm is based on a 5 × 5 matrix (key) of letters.
▪ The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and
then filling in the remainder of the matrix with the remaining
letters in alphabetic order. The letters I and J count as one letter.

O C U R E
Example:
N A B D F
Keyword= OCCURRENCE
Plaintext= TALL TREES G H I/J K L
M P Q S T
V W X Y Z
Playfair Cipher - Encrypt Plaintext
▪ Playfair, treats digrams (two letters) in the plaintext as single units
and translates these units into ciphertext digrams.
▪ Make Pairs of letters add filler letter “X” if same letter appears in
a pair.
Plaintext= TALL TREES
Plaintext= TA LX LT RE ES
▪ If there is an odd number of letters, then add uncommon letter to
complete digram, a X/Z may be added to the last letter.
Playfair Cipher - Encrypt Plaintext
▪ Map each pair in key matrix
O C U R E
Plaintext= TA LX LT RE ES
Ciphertext= PF IZ TZ EO RT N A B D F
G H I/J K L
M P Q S T
V W X Y Z
▪ If the letters appear
the letters are on on
appear different
onthethesamerows
same and columns,
column,
row, replace replace
replace them
them withthem
with the
with thetoimmediately
letters letters on other
their immediate corner
below, of the same
rightwrapping row.
respectively,
around
wrapping
to the around
top toif
▪ The
the order
necessary.
left sideisofimportant - the first letter of the pair should be
the row if necessary.
▪ replaced
For example, first. using the table above, the letter pair
pair RE
LT would be
▪ For example,
encoded TZ.using the table above, the letter pair TA would be
as EO.
encoded as PF.
Playfair Cipher Examples
1. Key= “ engineering ” Plaintext=” test this process ”
2. Key= “ keyword ” Plaintext=” come to the window ”
3. Key= “ moonmission ” Plaintext=” greet ”
E N G I R Encrypted Message: K E Y W O Encrypted Message:
A B C D F pi tu pm gt ue lf gp xg R D A B C lc nk zk vf yo gq ce
H K L M O F G H I L bw
P Q S T U M N P Q S
V W X Y Z T U V X Z
M O N I S Encrypted Message:
A B C D E hq cz du
F G H K L
P Q R T U
V W X Y Z
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
4) Hill Cipher
▪ Hill cipher is based on linear algebra
▪ Each letter is represented by numbers from 0 to 25 and
calculations are done modulo 26.
▪ Encryption and decryption can be given by the following formula:
Encryption: C=PK mod 26

Decryption:
P=CK-1 mod 26
Hill Cipher Encryption
▪ To encrypt a message using the Hill Cipher we must first turn our
keyword and plaintext into a matrix (a 2 x 2 matrix or a 3 x 3
matrix, etc).
Example: Key = “HILL”, Plaintext = “EXAM”
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
Hill Cipher Encryption (Cont…)

C=PK mod 26

Ciphertext = “ELSC”
Hill Cipher Decryption
P=CK-1 mod 26
Step:1 Find Inverse of key matrix
Step:2 Multiply the Multiplicative Inverse of the Determinant by the
Adjoin Matrix
Step:3 Multiply inverse key matrix with ciphertext matrix to obtain
plaintext matrix
Step: 1 Inverse of key matrix
2 X 2 inverse of matrix

3 X 3 inverse of matrix
Step: 1 Inverse of key matrix

▪ -11 mod 26 = 15
▪ Because, modulo for negative
number is = N- (B%N)
= 26 – (11%26)
Step: 2 Modular (Multiplicative) inverse
▪ The inverse of a number A is 1/A since A * 1/A = 1
e.g. the inverse of 5 is 1/5
▪ In modular arithmetic we do not have a division operation.
▪ The modular inverse of A (mod C) is A-1
▪ (A * A-1) ≡ 1 (mod C)
Example:
▪ The modular inverse of A mod C is the A-1 value that makes
A * A-1 mod C = 1
A = 3, C = 11
Since (3*4) mod 11 = 1, 4 is modulo inverse of 3
A = 10, C = 17 , A-1 = ?12
Step 2: Modular (Multiplicative) inverse
Determinants’ multiplicative inverse Modulo 26

Determinant 1 3 5 7 9 11 15 17 19 21 23 25

Inverse Modulo 26 1 9 21 15 3 19 7 23 11 5 17 25
Step 2: Multiply with adjoin of matrix
Hill Cipher Encryption (Cont…)

P=CK-1 mod 26

Plaintext = “EXAM”
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
5) Polyalphabetic Cipher
▪ Monoalphabetic cipher encoded using only one fixed alphabet
▪ Polyalphabetic cipher is a substitution cipher in which the cipher
alphabet for the plain alphabet may be different at different
places during the encryption process.
1. Vigenere cipher
2. Vernam cipher
 Plaintext

K
e
y

PT = HELLO
KEY = GMGMG
CT = NQRXU
Vigenere Cipher
Keyword : DECEPTIVE
Key : DECEPTIVEDECEPTIVEDECEPTIVE
Plaintext : WEAREDISCOVEREDSAVEYOURSELF
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ

An analyst looking at only the ciphertext would detect the repeated

sequences VTW at a displacement of 9 and make the assumption that the
keyword is either three or nine letters in length.
This system
Keyword : DECEPTIVE is referred as
Key : DECEPTIVEWEAREDISCOVEREDSAV an autokey
Plaintext : WEAREDISCOVEREDSAVEYOURSELF system
Vernam Cipher
▪ The ciphertext is generated by applying the logical XOR operation
to the individual bits of plaintext and the key stream.
Substitution Techniques
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
One time pad
▪ The one-time pad, which is a provably secure cryptosystem,
was developed by Gilbert Vernam in 1918.
▪ The message is represented as a binary string (a sequence of 0’s
and 1’s using a coding mechanism such as ASCII coding.
▪ The key is a truly random sequence of 0’s and 1’s of the same
length as the message.
▪ message =‘IF’
▪ then its ASCII code =(1001001 1000110)
▪ key = (1010110 0110001)
▪ Encryption:
• 1001001 1000110 plaintext
• 1010110 0110001 key
• 0011111 1110110 ciphertext
Transposition Techniques
▪ A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.
▪ The simplest such cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.
▪ For example, to send the message “Meet me at the park” to Bob,
Alice writes

▪ She then creates the ciphertext “MEMATEAKETETHPR”.

Rail fence technique
▪ A more complex scheme is to write the message in a rectangle,
row by row, and read the message off, column by column, but
permute the order of the columns.
▪ The order of the columns then becomes the key to the algorithm.

Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ