CNS-UNIT-I - Computer Networks And Information Security

lOMoARcPSD|50362539
 CNS –UNIT-I
Security Concepts: Introduction, The need for security, Security approaches, Principles of
security, Types of Security attacks, Security services, Security Mechanisms, A model for
Network Security
Cryptography Concepts and Techniques: Introduction, plain text and cipher text,
substitution techniques, transposition techniques, encryption and decryption, symmetric and
asymmetric key cryptography, steganography, key range and key size, possible types of
attacks.
1.1 INTRODUCTION
The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system
resources (includes hardware, software, firmware, information/data, and
telecommunications).
The NIST Computer Security Handbook [NIST95] defines the term computer security as
follows:
 Confidentiality: This term covers two related concepts:
 Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
 Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
 Integrity: This term covers two related concepts:
 Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
 System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation
of the system.
 Availability: Assures that systems work promptly and service is not denied to authorized
users.

FIPS 199 provides a useful characterization of these three objectives in terms of

requirements and the definition of a loss of security in each category:
• Confidentiality: Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary
information. A loss of confidentiality is the unauthorized disclosure of information.
 lOMoARcPSD| 50362539

• Integrity: Guarding against improper information modification or destruction,

including ensuring information nonrepudiation and authenticity. A loss of integrity is
the unauthorized modification or destruction of information.
• Availability: Ensuring timely and reliable access to and use of information. A loss of
availability is the disruption of access to or use of information or an information
system.

 Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message originator.
This means verifying that users are who they say they are and that each input arriving
at the system came from a trusted source.
 Accountability: The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence,
fault isolation, intrusion detection and prevention, and after action recovery and legal
action. Because truly secure systems are not yet an achievable goal, we must be able
to trace a security breach to a responsible party. Systems must keep records of their
activities to permit later forensic analysis to trace security breaches or to aid in
transaction disputes.

1.2 THE NEED FOR SECURITY (Challenges)

1. Security is not as simple as it might first appear to the novice. The requirements seem to
be straightforward; indeed, most of the major requirements for security services can be
given self-explanatory, one-word labels: confidentiality, authentication, nonrepudiation,
or integrity. But the mechanisms used to meet those requirements can be quite complex,
and understanding them may involve rather subtle reasoning.
2. In developing a particular security mechanism or algorithm, one must always consider
potential attacks on those security features. In many cases, successful attacks are designed
by looking at the problem in a completely different way, therefore exploiting an
unexpected weakness in the mechanism.
3. Because of point 2, the procedures used to provide particular services are often
counterintuitive. Typically, a security mechanism is complex, and it is not obvious from
the statement of a particular requirement that such elaborate measures are needed. It is
only when the various aspects of the threat are considered that elaborate security
mechanisms make sense.
4. Having designed various security mechanisms, it is necessary to decide where to use
them. This is true both in terms of physical placement (e.g., at what points in a network
are certain security mechanisms needed) and in a logical sense (e.g., at what layer or
layers of an architecture such as TCP/IP [Transmission Control Protocol/Internet
Protocol] should mechanisms be placed).
5. Security mechanisms typically involve more than a particular algorithm or protocol. They
also require that participants be in possession of some secret information (e.g., an
encryption key), which raises questions about the creation, distribution, and protection of
that secret information. There also may be a reliance on communications protocols whose
behavior may complicate the task of developing the security mechanism. For example, if
the proper functioning of the security mechanism requires setting time limits on the
transit time of a message from sender to receiver, then any protocol or network that
introduces variable, unpredictable delays may render such time limits meaningless.
 lOMoARcPSD| 50362539

6. Computer and network security is essentially a battle of wits between a perpetrator who
tries to find holes and the designer or administrator who tries to close them. The great
advantage that the attacker has is that he or she need only find a single weakness, while
the designer must find and eliminate all weaknesses to achieve perfect security.
7. There is a natural tendency on the part of users and system managers to perceive little
benefit from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s short-
term, overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system after the design
is complete rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system or use of information.

1.3 SECURITY APPROACHES

The key factor that discerns the three approaches is what they target: the root causes of
threats, the threats themselves, or the characteristics of the referent that is threatened. But the
three approaches can also be distinguished in a number of other ways, as outlined in the table
below.
Security Security as Security as Control Security as Resilience
Approach: Prevention (Protection)
Definition This approach This approach seeks When threats cannot be
seeks to prevent to control, defend controlled or eliminated,
threats from arising against, or eliminate security as resilience
in the first place by a manifest threat. focuses on the ability of
addressing the social systems to “bounce
underlying causes back” and recover from
that generate them shocks. It concerns the
before they emerge. flexibility and adaptability
of societies, their rigidities,
and how they can reduce
their vulnerability to
disruption and collapse.
Focus/Target The underlying The threats The threatened, particularly
of the causes of threats themselves the ability of the threatened
Approach referent to recover or adapt
to threats.
Ontology Threats are A Newtonian- A complex universe
generated from the mechanistic universe composed of too many
combination of of relatively simple variables to measure,
broad underlying and predictable emergent properties, non-
structural causes, causation with a linear causation, phase-
and proximate manageable amount shifts, low predictability,
causes that of variables. and unforeseen shocks.
mobilize these Problems can be Threats emerge from the
 lOMoARcPSD| 50362539

foundations into reduced to their interactions of a multitude

concrete threats. component parts and of variables, and are not
isolated. reducible to particular parts.

1.4 PRINCIPLES OF SECURITY

In present day scenario security of the system is the sole priority of any organisation. The
main aim of any organization is to protect their data from attackers. In cryptography, attacks
are of two types such as of passive attacks and active attacks
Passive attacks are those that retrieve information from the system without affecting the
system resources while active attacks are those that retrieve system information and make
changes to the system resources and their operations. The Principles of Security can be
classified as follows:

Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle
specifies that only the sender and receiver will be able to access the information shared
between them. Confidentiality compromises if an unauthorized person is able to access a
message.

Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the
identity of the person trying to access the information. The authentication is mostly secured
by using username and password. The authorized person whose identity is preregistered can
prove his/her identity and can access the sensitive information.
Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the
content of the message is changed after the sender sends it but before reaching the intended
receiver, then it is said that the integrity of the message is lost.

Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent through
a network. In some cases the sender sends the message and later denies it. But the non-
repudiation does not allow the sender to refuse the receiver.

Access control:
The principle of access control is determined by role management and rule management.
Role management determines who should access the data while rule management determines
up to what extent one can access the data. The information displayed is dependent on the
person who is accessing it.

Availability:
The principle of availability states that the resources will be available to authorize party at all
times. Information will not be useful if it is not available to be accessed. Systems should have
sufficient availability of information to satisfy the user request.
 lOMoARcPSD| 50362539

1.5 TYPES OF SECURITY ATTACKS

A useful means of classifying security attacks, used both in X.800 and RFC 4949, is in terms
of passive attacks and active attacks. A passive attack attempts to learn or make use of
information from the system but does not affect system resources. An active attack attempts
to alter system resources or affect their operation.

Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.

The release of message contents is easily understood. A telephone conversation, an

electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of these
transmissions.

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption protection in place, an
opponent might still be able to observe the pattern of these messages.

Passive attacks are very difficult to detect, because they do not involve any alteration of the
data. Typically, the message traffic is sent and received in an apparently normal fashion, and
neither the sender nor receiver is aware that a third party has read the messages or observed
the traffic pattern.
Active Attacks

Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service. A masquerade takes place when one entity pretends to be a
different entity (path 2 of Figure 1.1b is active). A masquerade attack usually includes one of
the other forms of active attack. For example, authentication sequences can be captured and
replayed after a valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an entity that has those
privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect (paths 1, 2, and 3 active).

Modification of messages simply means that some portion of a legitimate message is altered,
or that messages are delayed or reordered, to produce an unauthorized effect (paths 1 and 2
active). For example, a message meaning “Allow John Smith to read confidential file
accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”

The denial of service prevents or inhibits the normal use or management of communications
facilities (path 3 active). This attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network, either by disabling the
network or by overloading it with messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks
are difficult to detect, measures are available to prevent their success. On the other hand, it is
quite difficult to prevent active attacks absolutely
 lOMoARcPSD| 50362539

1.6 SECURITY SERVICES

X.800 divides these services into five categories and fourteen specific services (Table 1.2).

1.7 SECURITY MECHANISMS

Table 1.3 lists the security mechanisms defined in X.800. The mechanisms are divided into
those that are implemented in a specific protocol layer, such as TCP or an application-layer
protocol, and those that are not specific to any particular protocol layer or security service.
These mechanisms will be covered in the appropriate places in the book. So we do not
elaborate now, except to comment on the definition of encipherment. X.800 distinguishes
between reversible encipherment mechanisms and irreversible encipherment mechanisms.
 lOMoARcPSD| 50362539

A reversible encipherment mechanism is simply an encryption algorithm that allows data to

be encrypted and subsequently decrypted. Irreversible encipherment mechanisms include
hash algorithms and message authentication codes, which are used in digital signature and
message authentication applications.

Table 1.4, based on one in X.800, indicates the relationship between security services and
security mechanisms.
 lOMoARcPSD| 50362539

1.8 A MODEL FOR NETWORK SECURITY

A model for much of what we will be discussing is captured, in very general terms, in Figure
1.2. A message is to be transferred from one party to another across some sort of Internet
service. The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is established by defining a route
through the Internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals.

Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and
so on. All the techniques for providing security have two components:
. A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can
be used to verify the identity of the sender.
. Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third
party may be responsible for distributing the secret information to the two principals while
keeping it from any opponent. Or a third party may be needed to arbitrate disputes between
the two principals concerning the authenticity of a message transmission.
 lOMoARcPSD| 50362539

This general model shows that there are four basic tasks in designing a particular security
service:

1. Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

Another type of unwanted access is the placement in a computer system of logic that exploits
vulnerabilities in the system and that can affect application programs as well as utility
programs, such as editors and compilers. Programs can present two kinds of threats:

 Information access threats: Intercept or modify data on behalf of users who should
not have access to that data.
 Service threats: Exploit service flaws in computers to inhibit use by legitimate users.
 lOMoARcPSD| 50362539

The security mechanisms needed to cope with unwanted access fall into two broad categories
(see Figure 1.3). The first category might be termed a gatekeeper function. It includes
password-based login procedures that are designed to deny access to all but authorized users
and screening logic that is designed to detect and reject worms, viruses, and other similar
attacks. Once either an unwanted user or unwanted software gains access, the second line of
defense consists of a variety of internal controls that monitor activity and analyze stored
information in an attempt to detect the presence of unwanted intruders.

1.9 CRYPTOGRAPHY CONCEPTS AND TECHNIQUES: INTRODUCTION, PLAIN

TEXT AND CIPHER TEXT

Introduction:
An original message is known as the plaintext, while the coded message is called the
ciphertext. The process of converting from plaintext to ciphertext is known as enciphering
or encryption; restoring the plaintext from the ciphertext is deciphering or decryption.
The many schemes used for encryption constitute the area of study known as
cryptography. Such a scheme is known as a cryptographic system or a cipher. Techniques
used for deciphering a message without any knowledge of the enciphering details fall into
the area of cryptanalysis. Cryptanalysis is what the layperson calls “breaking the code.”
The areas of cryptography and cryptanalysis together are called cryptology.

Plain Text and Cipher Text:

A symmetric encryption scheme has five ingredients (Figure 2.1):

• Plaintext: This is the original intelligible message or data that is fed into the algorithm
as input.

 Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.
 lOMoARcPSD| 50362539

 Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the key.
 Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The ciphertext is an apparently random stream of data and, as it
stands, is unintelligible.
 Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key and produces the original plaintext

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm

to be such that an opponent who knows the algorithm and has access to one or more
ciphertexts would be unable to decipher the ciphertext or figure out the key. This
requirement is usually stated in a stronger form: “ The opponent should be unable
to decrypt ciphertext or discover the key even if he or she is in possession of a
number of cipher texts together with the plaintext that produced each
ciphertext.”

2. Sender and receiver must have obtained copies of the secret key in a secure fashion
and must keep the key secure. If someone can discover the key and knows the
algorithm, all communication using this key is readable.
 lOMoARcPSD| 50362539

We assume that it is impractical to decrypt a message on the basis of the ciphertext plus
knowledge of the encryption/decryption algorithm. In other words, we do not need to keep
the algorithm secret; we need to keep only the key secret. This feature of symmetric
encryption is what makes it feasible for widespread use. The fact that the algorithm need not
be kept secret means that manufacturers can and have developed low-cost chip
implementations of data encryption algorithms. These chips are widely available and
incorporated into a number of products. With the use of symmetric encryption, the principal
security problem is maintaining the secrecy of the key.

Let us take a closer look at the essential elements of a symmetric encryption scheme, using
Figure 2.2. A source produces a message in plaintext, X = [X1, X2, c, XM]. The M elements of
X are letters in some finite alphabet.

Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the binary
alphabet {0, 1} is typically used. For encryption, a key of the form K = [K1, K2, c, KJ] is
generated. If the key is generated at the message source, then it must also be provided to the
destination by means of some secure channel. Alternatively, a third party could generate the
key and securely deliver it to both source and destination.

With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2, c, YN]. We can write this as Y = E(K, X)
This notation indicates that Y is produced by using encryption algorithm E as a function of
the plaintext X, with the specific function determined by the value of the key K.

The intended receiver, in possession of the key, is able to invert the transformation: X = D(K,
Y)

An opponent, observing Y but not having access to K or X, may attempt to recover X or K or

both X and K. It is assumed that the opponent knows the encryption (E) and decryption (D)
algorithms. If the opponent is interested in only this particular message, then the focus of the
effort is to recover X by generating a plaintext estimate X n. Often, however, the opponent is
interested in being able to read future messages as well, in which case an attempt is made to
recover K by generating an estimate K n.

Cryptography

Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All

encryption algorithms are based on two general principles: substitution, in which each
element in the plaintext (bit, letter, group of bits or letters) is mapped into another
element, and transposition, in which elements in the plaintext are rearranged. The
fundamental requirement is that no information be lost (i.e., that all operations are
 lOMoARcPSD| 50362539

reversible). Most systems, referred to as product systems, involve multiple stages of

substitutions and transpositions.

2. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the
sender and receiver use different keys, the system is referred to as asymmetric, two-
key, or public-key encryption.

3. The way in which the plaintext is processed. A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a
time, as it goes along.

Cryptanalysis and Brute-Force Attack

Typically, the objective of attacking an encryption system is to recover the key in use rather
than simply to recover the plaintext of a single ciphertext. There are two general approaches
to attacking a conventional encryption scheme:

 Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample
plaintext–ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
 Brute-force attack: The attacker tries every possible key on a piece of ciphertext
until an intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success.

If either type of attack succeeds in deducing the key, the effect is catastrophic:

All future and past messages encrypted with that key are compromised. We first consider
cryptanalysis and then discuss brute-force attacks.

A brute-force attack involves trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to
achieve success. That is, if there are X different keys, on average an attacker would discover
the actual key after X>2 tries. It is important to note that there is more to a brute-force attack
than simply running through all possible keys
 lOMoARcPSD| 50362539

10. SUBSTITUTION TECHNIQUES

A substitution technique is one in which the letters of plaintext are replaced by other letters or
by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit patterns.

Caesar Cipher
The Caesar cipher involves replacing each letter of the alphabet with the letter standing three
places further down the alphabet. For example,
plain: meet me after the toga party
Cipher: PHHW PH DIWHU WKH WRJD SDUWB

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the
ciphertext letter C:
C = E(3, p) = (p + 3) mod 26

A shift may be of any amount, so that the general Caesar algorithm is C = E(k, p) = (p + k)
mod 26
Where k takes on a value in the range 1 to 25.

The decryption algorithm is simply p = D(k, C) = (C - k) mod 26

Monoalphabetic Ciphers
A dramatic increase in the key space can be achieved by allowing an arbitrary substitution.
Before proceeding, we define the term permutation. A permutation of a finite set of elements
 lOMoARcPSD| 50362539

S is an ordered sequence of all the elements of S, with each element appearing exactly once.
For example, if S = {a, b, c}, there are six permutations of S:

Recall the assignment for the Caesar cipher:

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: z y xw v u t s r q po n m l k j i h g f e d c b a

Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertext digrams.

Step 1: Creation and Population of matrix

This technique uses a 5 x 5 matrix which stores a keyword (or phrase) that becomes the key
for encryption or decryption. This involves some set of fixed rule, those are:
1. Fill the keyword in the matrix row-wise from left to right, top to down.
2. Remove all repeated letters.
3. Enter the remaining spaces in the matrix with the rest of the English alphabets (A-Z)
that were not a part of our keyword. In this process, combine I and J in the same cell
of the table; in other words, if I and J is a part of the keyword disregard
both I and J while filling the remaining slots.

Example:
Let's take our keyword as 'INCLUDE HELP IS AWESOME'. Then 5 x 5 matrix will look
as:

Step 2: Encryption
This process consist of the following process:
1. The plain-text we want to encrypt need to broke down into a pair of alphabets. For
example, if our message is "MY NAME IS POGO", it will become "MY NA ME
IS PO GO".
2. If both alphabets are the same (or only left), add an X after the first alphabet in a pair.
Encrypt the new pair (after adding X) then continue.
a. If pair appears in the same row of the matrix, replace them with a letter at its
right, if it's at the right end of the row then wrapping around the left side of the
row.
3. If pair appears in the same column of the matrix, replace them with the alphabet
below them. If it's on the bottom then wrapping around the top of the row.
 lOMoARcPSD| 50362539

4. If the pairis not in the same row or column, replace them with the alphabets in the
same row respectively, but at the other pair of cornersof the rectangle defined by the
original pair. The order is quite significant here. The first encrypt alphabet of the pair
is the one that is present on the same row as the first plaintext alphabet.

Explanation:
"MY NA ME IS PO GO"
So we start with MY now in the above matrix it was not in the same row or column then rule
5 will apply.

Now we replace 'MY' with the diagonals that are 'KZ'.

Let's move to 'NA' again they are not in the same row or column, rule 5 will apply.

Now, 'NA' will be replaced with 'UE'.

Similarly, "MY NA ME IS PO GO" will become "KZ UE FA LO DS BS".
For the decryption process, we will just follow the exact opposite steps.

Hill Cipher
The Hill cipher is based on polygraphic substitution that is it works on multiple letters at the
same time, introduced by Lester Hill in 1929. This method related to the matrix theory of
mathematics, specifically how to compute the inverse of a matrix.

Let's see how it works:

1. Every Letter of plain-text will be represented by a number, so that A=0, B=1,...,Z=25.
2. We will make a matrix of the plain-text message using the above knowledge.
For example, 'CAT', so C=2, A=0, T=19. Thus our matrix lookslike:
 lOMoARcPSD| 50362539

3. Now, we multiply our matrix with randomly chosen keys. The size of the key must
be n x n where n is a number of rows of our plain-text matrix.
Forexample:

4. Now multiply the above matrices,

5. Now we will calculate a mod 26 value of the above matrix, that is remainder after
dividing 26.

6. Translate back number to alphabets, 5=F, 8=I, 13=N. Therefore, our cipher-text
is "FIN".
7. For Decryption, take the cipher-text matrix and multiply it with the inverse of our
original key matrix:

Vernam Cipher

Vernam Cipher The ultimate defense against such a cryptanalysis is to choose a keyword
that is as long as the plaintext and has no statistical relationship to it. Such a system was
introduced by an AT&T engineer named Gilbert Vernam in 1918.

His system works on binary data (bits) rather than letters. The system can be expressed
succinctly as follows (Figure 2.7):
 lOMoARcPSD| 50362539

ci = pi ⊕ ki

Where
pi = ith binary digit of plaintext
ki = ith binary digit of key
ci = ith binary digit of ciphertext
⊕ = exclusive-or (XOR) operation

Thus, the ciphertext is generated by performing the bitwise XOR of the plaintext and the key.
Because of the properties of the XOR, decryption simply involves the same bitwise
operation:

pi = ci ⊕ ki

One-Time Pad
It produces random output that bears no statistical relationship to the plaintext. Because the
ciphertext contains no information whatsoever about the plaintext, there is simply no way to
break the code

Algorithm:
1. Plain text character will be represented by the numbers as A=0, B=1, C=2,... Z=25.
2. Add each corresponding number of a plain text message to the input cipher text
alphabet numbers.
3. If the sum is greater than or equal to 26, subtract 26 from it.
4. Translate each number back to corresponding letters and we got our cipher text.

Example:
Our message is "INCLUDEHELP" and input cipher text is "ATQXRZWOBYV"
 lOMoARcPSD| 50362539

11. TRANSPOSITION TECHNIQUES

Transposition Techniques are based on the permutation of the plain-text instead of

substitution.
1) Rail-Fence Technique
This technique is a type of Transposition technique and does is write the plain text as a
sequence of diagonals and changing the order according to each row.
It uses a simple algorithm,
1. Writing down the plaintext message into a sequence of diagonals.
2. Row-wise writing the plain-text written from above step.
Example,
Let’s say, we take an example of “INCLUDE HELP IS AWESOME”.

So the Cipher-text are, ICUEEPSWSMNLDHLIAEOW.

First, we write the message in a zigzag manner then read it out direct row-wise to change it to
cipher-text.
Now as we can see, Rail-Fence Technique is very to break by any cryptanalyst.

2) Columnar Transition Technique

Basic Technique
It is a slight variation to the Rail-fence technique, let’s see its algorithm:
1. In a rectangle of pre-defined size, write the plain-text message row by row.
2. Read the plain message in random order in a column-wise fashion. It can be any order
such as 2, 1, 3 etc.
3. Thus Cipher-text is obtained.
Let’s see an example:
Original message: "INCLUDE HELP IS AWESOME".
Now we apply the above algorithm and create the rectangle of 4 columns (we decide to make
a rectangle with four column it can be any number.)
 lOMoARcPSD| 50362539

Now let’s decide on an order for the column as 4, 1, 3 and 2 and now we will read the text in
column-wise.

Cipher-text: LHIEEIUESSCEPWMNDLAO

Now, we decide to go with a previous order that is 4,1,3,2.

Cipher-text: EEENLESPICUMHISW

12. ENCRYPTION AND DECRYPTION

Encryption is the process of converting normal message (plaintext) into meaningless
message (Ciphertext). Whereas Decryption is the process of converting meaningless
message (Ciphertext) into its original form (Plaintext).

The major distinction between secret writing associated secret writing is that secret writing is
that the conversion of a message into an unintelligible kind that’s undecipherable unless
decrypted. whereas secret writing is that the recovery of the first message from the encrypted
information.

S.N Encryption Decryption

O
1. Encryption is the process of While decryption is the process of converting
converting normal message into meaningless message into its original form.
meaningless message.
2. Encryption is the process which While decryption is the process which take
take place at sender’s end. place at receiver’s end.
3. Its major task is to convert the While its main task is to convert the cipher
plain text into cipher text. text into plain text.
4. Any message can be encrypted Whereas the encrypted message can be
 lOMoARcPSD| 50362539

with either secret key or public decrypted with either secret key or private
key. key.
5. In encryption process, sender Whereas in decryption process, receiver
sends the data to receiver after receives the information(Cipher text) and
encrypted it. convert into plain text.

13. SYMMETRIC AND ASYMMETRIC KEY CRYPTOGRAPHY

Symmetric Key Cryptography Asymmetric Key Cryptography
There is just one key (symmetric key) For encryption and decryption, two different
used, and it is the same key used to cryptographic keys (asymmetric keys), known
encrypt and decrypt the message. as the public and private keys, are used.
Since it is a straightforward procedure, It is a much more complex and time-consuming
the encryption method can be completed mechanism than symmetric key encryption.
easily.
Key lengths are usually 128 or 256 bits, The key length is even greater; for asymmetric
depending on the security criteria. encryption example, the recommended RSA key
size is 2048 bits or higher.
It is also called secret-key cryptography Asymmetric key is also called a conventional
or private key cryptography. cryptography system or public-key
cryptography.
Represented mathematically Represented mathematically
as:P=D(K,E(P)) as:P=D(Kd,E(Ke,P))
It uses fewer resources It consumes more resources
than an than symmetric key
asymmetric key cipher uses. cryptography.
It is used where massive amounts of It is mainly used in smaller transactions to
data may be transmitted. authenticate and create a stable contact channel
before data transfer.
The secret key is shared. As a result, the Since the private key is not shared, the overall
likelihood of compromise is increased. process is more reliable than symmetric
encryption.
Symmetric encryption is an old Asymmetric encryption is relatively new.
technique.
RC4, AES, DES, 3DES, and other RSA, Diffie-Hellman, ECC, and other
algorithms are examples. asymmetric encryption algorithms are
examples.

SYMMETRIC KEY CRYPTOGRAPHY

The versatility of the symmetric encryption method is its most significant advantage.
However, the versatility of symmetric encryption algorithms is not without flaws — it suffers
from a problem known as “key distribution.”

Advantages
 A symmetric cryptosystem is more effective.

9
  Encrypted data can be transmitted over a network in Symmetric Cryptosystems even
though it is certain that the data would be intercepted. Since no key is sent with the
files, the chances of data decryption are zero.
 To confirm the receiver’s existence, a symmetric cryptosystem employs password
authentication.
 A message can only be decrypted by a device that has a hidden key.
 Prevents widespread message protection breaches. For communicating with each
party, a separate secret key is used. Only communications from a specific pair of
sender and recipient are impacted when a key is corrupted. Communication with
others is always safe.
 This type of encryption is simple to implement. All users need to do is specify and
exchange the secret key until they can begin encrypting and decrypting messages.
 Encrypt and decrypt your files. There is no need to build separate keys if you use
encryption for messages or data that you wish to access just once. For this, single-key
encryption is ideal.
 Symmetric key encryption is much faster than asymmetric key encryption.
 Uses fewer computer resources. As opposed to public-key encryption, single-key
encryption needs fewer computing resources.

Disadvantages
 Key transportation is a concern in symmetric cryptosystems. The secret key must be
sent to the receiving device before the final message is sent. Electronic
communication is unreliable, and no one can guarantee the communication networks
will not be tapped. As a result, the only safe method of sharing keys will be to do it in
person.
 It is not possible to have digital signatures that cannot be revoked.
 The message’s origin and validity cannot be assured. Messages cannot be proven to
have originated from a specific person since both sender and recipient use the same
key. If there is a disagreement, this may be a challenge.
 For communication between each different party, a new shared key must be created.
This poses a challenge with handling and securing both of these key

ASYMMETRIC KEY CRYPTOGRAPHY

Asymmetric encryption is an alternative mode of cryptography that helps overcome the major
distribution issues that arise due to the symmetric encryption process. As with all the other
aspects of the world, everything has a cost — and asymmetric encryption is no exception. In
this scenario, the cost is reduced by speed and computing resources due to the use of longer
keys in this encryption algorithm. As a result, asymmetric encryption is deemed slower but
more reliable than symmetric encryption.
Advantages
 There is no need to exchange keys in asymmetric or public key cryptography,
eliminating the key distribution issue.
 lOMoARcPSD| 50362539

The main benefit of public-key cryptography is improved security: private keys are
never exchanged or exposed to others.
 May provide digital signatures that can be revoked.
 Message verification is provided by public-key cryptography, which requires the use
of digital signatures, which allows the receiver of a message to check that the message
is actually from a specific sender.
 The usage of digital signatures in public-key cryptography helps the recipient to
determine whether or not the message was altered during transit. A digitally signed
message cannot be altered without rendering the signature null.
 Signing a message digitally is analogous to physically signing a document. Since it is
an acknowledgement of the message, the sender cannot reject it.
Disadvantages
 One drawback of using public-key cryptography for encryption is the lack of speed.
Popular secret-key encryption systems are substantially quicker than any commonly
accessible public-key encryption technique.
 Authentication of public keys is recommended/required. No one can be certain that a
public key corresponds to the individual it identifies, so everybody must verify that
their public keys are theirs.
 It consumes more computer resources. It necessitates much more computing resources
than single-key encryption.
 A widespread security breach is likely if an intruder obtains a person’s private key and
reads his or her entire message.
 The loss of a private key can be irreversible. When a private key is lost, all incoming
messages cannot be decrypted.

While asymmetric cryptography is more advanced than symmetric cryptography, both are
still in use today — and are often used in tandem. This is because each solution has its
advantages and disadvantages. There are two significant trade-offs between symmetric and
asymmetric cryptography: speed and security.

Since it does not include the exchange of keys, asymmetric encryption is thought to be more
reliable. A user’s private key is never revealed or shared. Symmetric encryption takes longer
than symmetric encryption and is generally a slower process. However, this is not a
significant disadvantage, and it is commonly used to encrypt data where confidentiality is the
primary concern.

14. STEGANOGRAPH, KEY RANGE AND KEY SIZE, POSSIBLE TYPES OF

ATTACKS.

STEGANOGRAPH
The word Steganography is derived from two Greek words- ‘stegos’ meaning ‘to cover’ and
‘grayfia’, meaning ‘writing’, thus translating to ‘covered writing’, or ‘hidden
writing’. Steganography is a method of hiding secret data, by embedding it into an audio,
lOMoARcPSD| 50362539
video, image, or text file. It is one of the methods employed to protect secret or sensitive data
from malicious attacks.

How is it different from cryptography

Cryptography and steganography are both methods used to hide or protect secret data.
However, they differ in the respect that cryptography makes the data unreadable, or hides
the meaning of the data, while steganography hides the existence of the data.
In layman’s terms, cryptography is similar to writing a letter in a secret language: people can
read it, but won’t understand what it means. However, the existence of a (probably secret)
message would be obvious to anyone who sees the letter, and if someone either knows or
figures out your secret language, then your message can easily be read.
If you were to use steganography in the same situation, you would hide the letter inside a pair
of socks that you would be gifting the intended recipient of the letter. To those who don’t
know about the message, it would look like there was nothing more to your gift than the
socks. But the intended recipient knows what to look for, and finds the message hidden in
them.
Similarly, if two users exchanged media files over the internet, it would be more difficult to
determine whether these files contain hidden messages than if they were communicating
using cryptography.

Key Range and Key Size:

The encrypted message can be attacked and the crypt analyst may have the following
information:
1. The Encryption Decryption Algorithm
2. The Encrypted Message
3. Key

The attack may be in terms of following types:

a. Plain text only attack (Known plain text
attack)
b. Cipher text only attack (Known cipher
text attack)
c. Chosen plain text attack d. Chosen
cipher text attack
The simplest type of attack is brute force attack in which all types of substitution techniques
are used to fetch original message. A Brute force attack works on a principle of trying every
possible key from the key range. Key range is different concept from key size. A key range
may contain individual single arbitrary quantity whereas key size defines the total or
maximum capacity of all the keys.
Exhaustive key search:
It is basically used by the side of cryptanalyst. Basically the procedure for exhaustive key
search becomes more complex as the key size that means number of bits are increased. The
time required for single encryption message and entire message would be automatically
increased. lOMoARcPSD| 50362539
All encryption algorithm are having two main criteria for encryption–
1. The cost of breaking the cipher exceeds the value of encryption information.
2. The time required to break the cipher exceeds the useful timeline of the information.
An encryption scheme is said to be comparatively secure if the above two criteria are met.
Average time required for Exhaustive key search –
Key Size (bits) Number of Time required at 1 Time required at
alternative keys cryptanalysis/µs 106 cryptanalysis/µs
32 232 =4.3*109 231 µs = 35.8 minutes 2.15 milliseconds
56 2 =7.2*10
56 16
255 µs = 1142 years 10.01 hours
128 2 =3.4*10
128 38
2 µs
127
= 5.4*1018 years
5.4*1024 years

POSSIBLE TYPES OF ATTACKS:

Based on the methodology used, attacks on cryptosystems are categorized as follows −

 Ciphertext Only Attacks (COA) − In this method, the attacker has access to a set of
ciphertext(s). He does not have access to corresponding plaintext. COA is said to be
successful when the corresponding plaintext can be determined from a given set of
ciphertext. Occasionally, the encryption key can be determined from this attack.
Modern cryptosystems are guarded against ciphertext-only attacks.

 Known Plaintext Attack (KPA) − In this method, the attacker knows the plaintext
for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext using
this information. This may be done by determining the key or via some other method.
The best example of this attack is linear cryptanalysis against block ciphers.

 Chosen Plaintext Attack (CPA) − In this method, the attacker has the text of his
choice encrypted. So he has the ciphertext-plaintext pair of his choice. This simplifies
his task of determining the encryption key. An example of this attack is differential
cryptanalysis applied against block ciphers as well as hash functions. A popular public
key cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.

 Dictionary Attack − This attack has many variants, all of which involve compiling a
‘dictionary’. In simplest method of this attack, attacker builds a dictionary of
ciphertexts and corresponding plaintexts that he has learnt over a period of time. In
future, when an attacker gets the ciphertext, he refers the dictionary to find the
corresponding plaintext.

 Brute Force Attack (BFA) − In this method, the attacker tries to determine the key
by attempting all possible keys. If the key is 8 bits long, then the number of possible
keys is 28 = 256. The attacker knows the ciphertext and the algorithm, now he
attempts all the 256 keys one by one for decryption. The time to complete the attack
would be very high if the key is long.
 lOMoARcPSD| 50362539

 Birthday Attack − This attack is a variant of brute-force technique. It is used against

the cryptographic hash function. When students in a class are asked about their
birthdays, the answer is one of the possible 365 dates. Let us assume the first student's
birthdate is 3rd Aug. Then to find the next student whose birthdate is 3 rd Aug, we need
to enquire 1.25* √365 ≈ 25 students.

Similarly, if the hash function produces 64 bit hash values, the possible hash values are
1.8x1019. By repeatedly evaluating the function for different inputs, the same output is
expected to be obtained after about 5.1x109 random inputs.

If the attacker is able to find two different inputs that give the same hash value, it is
a collision and that hash function is said to be broken.

 Man in Middle Attack (MIM) − The targets of this attack are mostly public key
cryptosystems where key exchange is involved before communication takes place.

o Host A wants to communicate to host B, hence requests public key of B.

o An attacker intercepts this request and sends his public key instead.

o Thus, whatever host A sends to host B, the attacker is able to read.

o In order to maintain communication, the attacker re-encrypts the data after

reading with his public key and sends to B.

o The attacker sends his public key as A’s public key so that B takes it as if it is
taking it from A.

 Side Channel Attack (SCA) − This type of attack is not against any particular type of
cryptosystem or algorithm. Instead, it is launched to exploit the weakness in physical
implementation of the cryptosystem.

 Timing Attacks − They exploit the fact that different computations take different
times to compute on processor. By measuring such timings, it is be possible to know
about a particular computation the processor is carrying out. For example, if the
encryption takes a longer time, it indicates that the secret key is long.

 Power Analysis Attacks − These attacks are similar to timing attacks except that the
amount of power consumption is used to obtain information about the nature of the
underlying computations.

 Fault analysis Attacks − In these attacks, errors are induced in the cryptosystem and
the attacker studies the resulting output for useful information.