Public Key Encryption

• PKE uses public and private key for encryption and decryption.
• In this mechanism, public key is used to encrypt the message and
only the corresponding private key can be used to decrypt those
messages.
• To encrypt a message, the sender has to know the recipient’s
public key.

Hash Functions
• a hash function is a function used to map an arbitrary sized data
into a fixed size data.
• values returned by hash function are called : hash values, hash
sums, hash codes or hashes.
• one use is a data structure called hash table (widely used in
software engineering for rapid data lookup).
• A cryptographic hash function is used to verify if the given input
data maps to a given hash value.
• But if if the hash algorithm is not known, it is nearly impossible to
reconstruct the input from the generated hash values.

hashing visual representation

Examples of Hash Functions
• folding → takes a given value, divides it into several parts, then adds
the parts and uses the last four remaining digits as the hash value.
• digit rearrangement → takes digits in certain positions of the input
value (say 3rd and 6th) and reverses their order, and uses the newly
generated data as hash value.

Secure Hash Function Characteristics

• output generated by HF should be of fixed length.
• it should be very easy to find out a hash function for a given
message.
• two different messages should not have the same hash value.
• if hash value is given, it should be impossible to generate message
when the key is not known.

Software Forensics
• It is the science of analysing software source code or binary code to
determine whether intellectual property infringement or theft
occurred.
• It is the center-piece of lawsuits, trials and settlements when
companies are in dispute over issues involving software patents,
copyrights and trade secrets.
• SF can compare code to determine correlation between softwares.

Cryptanalyst ( & Cryptanalysis)

• The goal of a cryptanalyst is to find some weakness or insecurity in
a cryptographic scheme to prevent obtaining plaintext without
keys.
• It refers to the study of ciphers, cipher text or crypto-systems
(“secret-code” systems) with a view of finding weaknesses in them
to permit retrieval of the plaintext from cipher-text (without
necessarily knowing the key or the algorithm).
Cryptographer ( & Cryptography)
• A cryptographer (or cryptography), on the other hand, concerns
only with encryption (plaintext to cipher-text) and decryption
(cipher-text to plaintext).
• Here, plaintext is the ordinary information, and cipher-text is
unintelligible text.
• A cipher is a pair of algorithms that create the encryption and the
reversing decryption.
• A key (ideally known only to the communicants) is a short string of
characters that is needed to decrypt the cipher-text.

Linear Cryptanalysis
• it is a technique based on finding linear approximations to describe
the transformations performed in a block cipher.

Differential Cryptanalysis
• it is a general form of cryptanalysis that is applicable primarily to
block ciphers, but also to stream ciphers and cryptographic hash
functions.
• it is a technique in which chosen plain-texts with particular XOR
difference patterns are encrypted.
• it is the study of how differences in information input can affect the
resultant differences at the output.
• in case of block cipher → it refers to a set of techniques for tracing
differences through the network of transformations → discovering
where the cipher exhibits non-random behaviour → and exploiting
such properties to recover the secret key.
• the difference patterns of the resulting cipher-text provides
information that can be used to determine the encryption key.
Problems with differential cryptanalysis:
 • For any particular cipher, the input differences must be carefully
selected for the attack to be successful.
• Since differential cryptanalysis has become public knowledge, it has
become a basic concern for cipher designers.

Security Services of Cryptography

The goal of cryptography is to provide the following four security services:
• confidentiality → It is the fundamental security service, that keeps
the information away from an unauthorised person. It is
sometimes referred to as privacy and secrecy.
• data integrity → This security service deals with identifying any
alteration to the data, that might have been modified by an
unauthorised entity intentionally or accidentally.
• authentication → This security service provides the identification of
the originator → It confirms to the receiver that the data received
has been sent only by an identified / verified sender. (Two types:
message authentication and entity authentication).
• non-repudiation → This security service ensures that an entity
cannot refuse the ownership of a previous action or commitment.

Crypto-system
• A crypto-system is an implementation of cryptographic techniques
and their accompanying infrastructure to provide information
security services. A crypto-system is also referred to as a cipher
system.
• Let us discuss a simple model of a crypto-system that provides
confidentiality to the information being transmitted. This basic
model is depicted in the illustration below −
 cryptosystem illustration

• The illustration shows a sender who wants to transfer some

sensitive data to a receiver in such a way that any party intercepting
 or eavesdropping on the communication channel cannot extract the
data.
• The objective of this simple crypto-system is that at the end of the
process, only the sender and the receiver will know the plaintext.
• For a given cryptosystem, a collection of all possible decryption keys
is called a key space.
• An interceptor (an attacker) is an unauthorised entity who attempts
to determine the plaintext. He can see the cipher-text and may
know the decryption algorithm. He, however, must never know the
decryption key.

Components of a Crypto-system
• Plaintext. It is the data to be protected during transmission.
• Encryption Algorithm. It is a mathematical process that produces a
cipher-text for any given plaintext and encryption key. It is a
cryptographic algorithm that takes plaintext and an encryption key
as input and produces a cipher-text.
• Cipher-text. It is the scrambled version of the plaintext produced by
the encryption algorithm using a specific the encryption key. The
cipher-text is not guarded. It flows on public channel. It can be
intercepted or compromised by anyone who has access to the
communication channel.
• Decryption Algorithm, It is a mathematical process, that produces a
unique plaintext for any given cipher-text and decryption key. It is a
cryptographic algorithm that takes a cipher-text and a decryption
key as input, and outputs a plaintext. The decryption algorithm
essentially reverses the encryption algorithm and is thus closely
related to it.
• Encryption Key. It is a value that is known to the sender. The sender
inputs the encryption key into the encryption algorithm along with
the plaintext in order to compute the cipher-text.
 • Decryption Key. It is a value that is known to the receiver. The
decryption key is related to the encryption key, but is not always
identical to it. The receiver inputs the decryption key into the
decryption algorithm along with the cipher-text in order to compute
the plaintext.

Types Of Crypto-Systems
• Fundamentally, there are two types of crypto-systems based on the
manner in which encryption-decryption is carried out in the system
−
• Symmetric Key Encryption
• Asymmetric Key Encryption
The main difference between these crypto-systems is the relationship
between the encryption and the decryption key. Logically, in any crypto-
system, both the keys are closely associated. It is practically impossible to
decrypt the cipher-text with the key that is unrelated to the encryption
key.

Symmetric vs Asymmetric Encryption

Symmetric Key Encryption
• The encryption process where same keys are used for encrypting
and decrypting the information is known as Symmetric Key
Encryption.
• The study of symmetric crypto-systems is referred to as symmetric
cryptography. Symmetric crypto-systems are also sometimes
referred to as secret key crypto-systems.
• A few well-known examples of symmetric key encryption methods
are − Digital Encryption Standard (DES), Triple-DES (3DES), IDEA, and
BLOWFISH.
There are two restrictive challenges of employing symmetric key
cryptography:-
• Key establishment − Before any communication, both the sender
and the receiver need to agree on a secret symmetric key. It
requires a secure key establishment mechanism in place.
• Trust Issue − Since the sender and the receiver use the same
symmetric key, there is an implicit requirement that the sender and
the receiver ‘trust’ each other. For example, it may happen that the
receiver has lost the key to an attacker and the sender is not
informed.
These two challenges are highly restraining for modern day
communication. Today, people need to exchange information with non-
familiar and non-trusted parties. For example, a communication between
online seller and customer. These limitations of symmetric key encryption
gave rise to asymmetric key encryption schemes.
Asymmetric Key Encryption
• The encryption process where different keys are used for
encrypting and decrypting the information is known as Asymmetric
Key Encryption. Though the keys are different, they are
mathematically related and hence, retrieving the plaintext by
decrypting cipher-text is feasible. The process is depicted in the
following illustration −
Asymmetric Key Encryption was invented in the 20th century to come
over the necessity of pre-shared secret key between communicating
persons. The salient features of this encryption scheme are as follows −
• Every user in this system needs to have a pair of dissimilar keys,
private key and public key. These keys are mathematically related −
when one key is used for encryption, the other can decrypt the
cipher-text back to the original plaintext.
• It requires to put the public key in public repository and the private
key as a well-guarded secret. Hence, this scheme of encryption is
also called Public Key Encryption.
• Though public and private keys of the user are related, it is
computationally not feasible to find one from another. This is a
strength of this scheme.
• When Host1 needs to send data to Host2, he obtains the public key
of Host2 from repository, encrypts the data, and transmits.
• Host2 uses his private key to extract the plaintext.
 • Length of Keys (number of bits) in this encryption is large and hence,
the process of encryption-decryption is slower than symmetric key
encryption.
• Processing power of computer system required to run asymmetric
algorithm is higher.
Symmetric crypto-systems are a natural concept. In contrast, public-key
crypto-systems are quite difficult to comprehend.
• Public-key crypto-systems have one significant challenge − the user
needs to trust that the public key that he is using in communications
with a person really is the public key of that person and has not
been spoofed by a malicious third party.
• This is usually accomplished through a Public Key Infrastructure
(PKI) consisting a trusted third party. The third party securely
manages and attests to the authenticity of public keys.

Three Approaches to Secure Authentication in Distribution

Environment
1. Rely on each individual client workstation to assure the identity of
its users and rely on each server to enforce a security policy based
on user authentication (ID).
2. Require that client systems authenticate themselves to servers, but
trust the client system concerning the identity of its user.
3. Require the user to prove identity for each service invoked. Also
require that servers prove their identities to clients.

PGP
• Pretty Good Privacy or PGP is a popular program used to encrypt
and decrypt email over the Internet, as well as authenticate
messages with digital signatures and encrypted stored files.
• Pretty Good Privacy uses a variation of the public key system. In this
system, each user has an encryption key that is publicly known and
 a private key that is known only to that user. You encrypt a message
you send to someone else using their public key.
• When they receive it, they decrypt it using their private key. Since
encrypting an entire message can be time-consuming, PGP uses a
faster encryption algorithm to encrypt the message and then uses
the public key to encrypt the shorter key that was used to encrypt
the entire message.
• Both the encrypted message and the short key are sent to the
receiver who first uses the receiver’s private key to decrypt the
short key and then uses that key to decrypt the message.
• PGP comes in two public key versions — Rivest-Shamir-Adleman
(RSA) and Diffie-Hellman. The RSA version, for which PGP must pay
a license fee to RSA, uses the IDEA algorithm to generate a short key
for the entire message and RSA to encrypt the short key.
• The Diffie-Hellman version uses the CAST algorithm for the short key
to encrypt the message and the Diffie-Hellman algorithm to encrypt
the short key.

Five Principle Services Provided By PGP

• authentication
• confidentiality
• compression
• e-mail compatibility
• segmentation

Transport Mode and Tunnel Mode

• Transport mode — provides protection primarily for upper level
protocols → transport mode protection extends to the payload of
an IP packet.
• Pros — It provides end-to-end security, has lower overhead than
tunnel mode, larger MTU.
 • Cons — It requires IPSec to be implemented on the IPS entities, and
has greater difficulties with NAT traversal.
• Tunnel mode — provides protection to the entire IP packet.
• Pros — It is more compatible with existing VPN gateways, doesn’t
have to implement IPSec on IPS entities, easier to traverse NATs.
• Cons — It has more overhead, smaller MTU.

Digital Signature
• It is a mathematical technique used to validate authenticity and
integrity of a message, software or a digital document and uses
encryption techniques to provide proof of original and unmodified
documentation.
• DS are used in e-commerce, software distribution, financial
transactions and other situations that rely on forgery or tampering
detection techniques.
• A DS is also known as an electronic signature.
A DS is applied and verified as follows:
• The document or message sender → signer, or public/private key
supplier shares the public key with the end user / recipient.
• The sender, using his private key, appends the encrypted signature
to the message document.
• The end user decrypts the document and verifies the signature,
which lets the end user know that the document is from the original
sender.

Kerberos
• It is a network authentication protocol.
• Designed to provide strong authentication to client/server
applications by using secret-key cryptography.
• Kerberos requests an encrypted ticket via an authenticated server
sequence to use services.
 • Was created by MIT as a solution to network security issues.
• Kerberos protocol uses strong cryptography so that a client can
prove it’s identity to a server, & vice versa, across an insecure
network connection.
• After the client & server have used Kerberos to prove their identity
→ they can also encrypt all their communications to assure privacy
& data integrity as they go about their business.
• There are two versions of Kerberos: 4 & 5
• Version 4 makes use of DES

S/MIME
• Secure / Multipurpose Internet Mail Extensions
• A technology that allows you to encrypt your emails.
• It is based on asymmetric cryptography to protect your emails from
unwanted access.
• Also allows you to digitally sign your emails to verify you as the
legitimate sender of the message → making it an effective weapon
against many phishing attacks over the internet.
• It incorporates three public key algorithms: DSS for digital
signatures, Diffie-Hellman for encrypting session keys, or RSA.
• It uses SHA1 or MD5 for calculation digests, and 3-key triple DES
for message encryption.
• Ideally, a S/MIME sender has a list of preferred decrypting
capabilities from the intended recipient, in which case it chooses
the best encryption.
• Else if the sender has received any previous mail from the intended
recipient, it then chooses the same encryption mechanism.

Phishing
• A type of Social Engineering Attack
 • Often used to steal user data like login credentials and credit card
numbers.
• It occurs when an attacker is masquerading as a trusted entity,
fools a victim into opening a mail, message, etc.
• The recipient is tricked into clicking the malicious link, that can lead
to installation of malware, freezing the system as part of a
ransomware or the revealing of sensitive information.
• It is a cyber crime.

SQL Injection
• Also known as SQLI
• A common attack in which malicious SQL code is used for backend
database manipulation which is done to access information that
was not intended to be displayed.
• This information can include: any number of items, including
sensitive company data, private consumer details, etc.
• A successful attack results in → unauthorised viewing of user data,
deletion of entire tables, and in some cases, the attacker gains
admin rights to a database.

DNS Spoofing
• A type of computer attack in which a user is forced to navigate to a
fake website disguised to look like a real one, with the intention of
diverting traffic from original website or to steal credentials from
the user.
• It is done by replacing the IP addresses stored in the DNS server
with the ones under control of the attacker.
• Two ways by which DNS spoofing is carried out: DNS cache
poisoningand DNS ID spoofing.

Buffer Flow Attack

• also known as buffer overflow, buffer overrun
 • it is an anomaly where a program → while writing data to buffer →
overruns the buffer’s boundaries and overwrites adjacent memory
locations.
• This is a special case of violation of memory safety.
• buffer overflow can be triggered by inputs that are designed to
execute code to alter the way a program operates.
• this results in → erratic program behaviour (memory access errors,
incorrect results, crash, breach of system security).
• hence, these are considered as a software vulnerability and can
exploit the system maliciously.

Two Problems With The One Time Pad

• There is a large problem in making large quantities of random keys
→ any heavily used system might require millions of random
characters on a regular basis. Supplying truly random characters in
this volume is a significant task.
• The problem of key distribution and protection is even more
daunting → for every message to be sent, a key of equal length is
needed by both the sender and the receiver.

KDC (Key Distribution Centre)

• KDC is a system that is authorised to transmit temporary session
keys to principals.
• Each session key is transmitted in encrypted form, using a master
keythat the key distribution centre shares with the target
principals.

PKC
• A public key certificate contains a public key and other information.
• It is created by a certificate authority and is given to a participant
with the matching private key.
 • A participant conveys its key information to another by transmitting
its certificate → other participants can verify that the certificate was
created by the authority.

Diffie-Hellman Key Exchange

• Two parties each create a public key, private key pair and
communicate the public key to the other party.
• The keys are designed in such a way that both sides can calculate
the same unique secret key based on each side’s private key and
the other side’s public key.

Mono-Alphabetic vs Poly-Alphabetic Substitution Cipher

• A MASC maps a plaintext alphabet to a cipher-text alphabet so that
each letter of the plaintext alphabet maps to a single unique letter
of the cipher-text alphabet.
• A PASC uses a separate mono-alphabetic substitution cipher for
each successive letter of plaintext, depending on a key.

Firewall & Its Characteristics

• A firewall is a software or hardware based network security system
that controls the incoming and outgoing network traffic based on
predefined/applied rule set.
• It establishes a barrier between a trusted, secure internal network
and another network (ex. internet) that is not assumed to be secure
and trusted.
Characteristics:
• All traffic from inside to outside (and vice versa) must pass through
the firewall. → This is achieved by physically blocking all access to
the local network except via the firewall. → various configurations
are possible.
 • Only authorised traffic (defined by security policy) will be allowed to
pass. → various types of firewalls are used which implement various
types of security policies.
• The firewall itself is immune to penetration, This implies that it is a
trusted system with an operating system.

IPSec
• It is an Internet Engineering Task Force (IETF) standard suite of
protocols between 2 communication points across the IP network
that provide data authentication, integrity, and confidentiality. It
also defines the encrypted, decrypted and authenticated packets.
The protocols needed for secure key exchange and key
management are defined in it.
• Uses of IPSec:
• To encrypt application layer data.
• To provide security for routers sending routing data across the
public internet.
• To provide authentication without encryption, like to authenticate
that the data originates from a known sender.
• To protect network data by setting up circuits using IPsec tunnelling
in which all data is being sent between the two endpoints is
encrypted, as with a Virtual Private Network(VPN) connection.

Services Provided By IPSec

• access control
• connectionless integrity
• data origin authentication
• rejection of replayed packets
• confidentiality (encryption)

Circuit-Level Gateway
• It does not permit an end-to-end TCP connection.
 • Instead, this gateway sets up two TCP connections → one between
itself and a TCP user on the inner host, and a TCP user on an outside
host.
• Once the two connections are established, the gateway typically
relays TCP segments from one connection to another without
examining the contents.

DOS and DDOS Attacks

• A Denial of Service (DoS) attack is different from a DDoS attack. The
DoS attack typically uses one computer and one Internet connection
to flood a targeted system or resource. The DDoS attack uses
multiple computers and Internet connections to flood the targeted
resource. DDoS attacks are often global attacks, distributed via
botnets.
• In a DDoS attack, the incoming traffic flooding the victim originates
from many different sources — potentially hundreds of thousands
or more. This effectively makes it impossible to stop the attack
simply by blocking a single IP address; plus, it is very difficult to
distinguish legitimate user traffic from attack traffic when spread
across so many points of origin.
• Short for denial-of-service attack, a type of attack on a network that
is designed to bring the network to its knees by flooding it with
useless traffic. Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP protocols. For all
known DoS attacks, there are software fixes that system
administrators can install to limit the damage caused by the attacks.

Types Of DDOS Attacks

• There are many types of DDoS attacks. Common attacks include the
following:
 • Traffic attacks: Traffic flooding attacks send a huge volume of TCP,
UDP and ICPM packets to the target. Legitimate requests get lost
and these attacks may be accompanied by malware exploitation.
• Bandwidth attacks: This DDoS attack overloads the target with
massive amounts of junk data. This results in a loss of network
bandwidth and equipment resources and can lead to a complete
denial of service.
• Application attacks: Application-layer data messages can deplete
resources in the application layer, leaving the target’s system
services unavailable.

Intrusion Prevention System (IPS)

• IPS is also known as IDPS (intrusion detection and prevention
system).
• These are network security appliances that monitor network and/or
system activities for malicious activity.
• The main functions of IPS are to identify malicious activity, log
information about this activity, attempt to block / stop it, and
report it.
• Unlike IDS, IPS are placed in-line and are able to actively prevent /
block intrusions that are detected.
• More specifically, IPS can take actions like sending an alarm,
dropping malicious packets, resetting connection and / or blocking
traffic from the offending IP address.
• An IPS can also correct CRC (cyclic redundancy check) errors, un-
fragment packet streams, prevent TCP sequencing issues, and clean-
up unwanted transport and network layer options.

Types of IPS
IPS systems can be classified into four different types:
 • NIPS (network-based intruder prevention system) → monitors
entire network for suspicious traffic by analysing protocol activity.
• WIPS (wireless intrusion prevention system) → monitors a wireless
network for suspicious traffic by analysing wireless networking
protocols.
• NBA (network behaviour analysis) → examines network traffic to
identify threats that generate unusual traffic flows → like DDoS
attacks, certain forms of malware and policy violations.
• HIPS (host-based intruder prevention system) → it is an installed
software package that monitors a single host for suspicious activity
by analysing events occurring within that host.

Intrusion Detection System (IDS)

• IDS is a device or software application that monitors network or
system activities for malicious activities or policy violations and
produces electronic reports to a management station.

Types of IDS
There are two types of IDS:
• NIDS (network intrusion detection system) → NIDSs are placed at
strategic points within a network to monitor traffic to and from all
devices on the network. It performs analysis of passing traffic on the
entire subnet, and matches the traffic that is passed on the subnets
to the library of known attacks.
• HIDS (host intrusion detection system) → these run on individual
hosts or devices on network. A HIDS monitors the inbound and
outbound packets from the device only and will alert the user or
admin if any suspicious activity is detected.
All IDS use one of the TWO DETECTION TECHNIQUES:
• Statistical Anomaly-based IDS → IDS based on statistical anomaly
will monitor network traffic and compare it against an established
 baseline. → The baseline will identify what is “normal” for the
network, and if anything “abnormal” is detected, an intrusion seems
to be detected.
• Rule-based IDS → IDS based un rules will detect intrusion by
observing events in the system and applying a set of rules that lead
to the decision regarding whether a given pattern of activity is or
not suspicious. Two types: rule based anomaly detection, rule based
penetration detection).

Side Channel Attacks

• A SSC in cryptography is any attack based on information gained
from the physical implementation of a crypto-system, rather than
brute-force or theoretical weaknesses in the algorithms (like in
cryptanalysis).
• Example: timing information, power consumption, electromagnetic
leaks, or even sound.
• These examples can provide an extra source of information → which
can be exploited to break the system.
• Some SSCs require technical knowledge of the internal operation of
the system on which cryptography is implemented.

Encoding, Encryption, Hashing

• Encoding is used to protect the integrity of data as it crosses
through communication network to keep its original message upon
arriving. It is primarily an insecure function because it is easily
reversible.
• Encryption is designed for confidentiality and data integrity, and is
reversible only if you have the appropriate key.
• With hashing, the operation is one-way and irreversible. It takes an
input (message) and returns a fixed length string (hash value).
Authentication Header & How It Provides Protection to IP
Header
• Authentication header protects IP header and provides complete
authenticity to IP packets.
• AH may work in two ways: transport mode and tunnel mode.
• In tunnel mode, AH protects IP header using two IP header layers
(inner and outer). Inner IP header contains the source and
destination address, and outer IP header is used to contain the
security gateway information.

Elliptic Curve
• It is a curve that is described by cubic equations (similar to those
used for calculating circumference of an ellipse).
• Cubic equations for elliptic curve takes the form:
• a² + axy + by = x³ + cx² + dx + e
• where a, b, c, d, e are real numbers and x and y take on values in
real numbers.

Replay Attack
• It is an attach in which an attacker obtains a copy of authenticated
packets and later transmits them to the intended destination.
• the reception of duplicate and authenticated packets may disrupt
services for the receiver in some way or another.

Packet Filtering Router vs Stateful Inspection Packet Filter

• a traditional packet filter makes filtering decisions on an individual
packet basis and does not take into consideration any higher layer
context.
• a stateful inspection filter tightens up the rules for TCP traffic by
creating a directory of outbound TCP connections → there is an
entry for each currently established connection. → the packet filter
 will now allow incoming traffic to high-numbered ports only for
those packets that fit the profile of one of the entries in the
directory.

MIME
• It is an extension to the RFC 822 framework that is intended to
address some of the problems and limitations of the use of SMTP or
some other mail transfer protocol and RFC 822 for electronic mail.

Firewall Types
Firewall is categorised into three basic types −
• Packet filter (Stateless & Stateful)
• Application-level gateway
• Circuit-level gateway
Packet-filtering firewalls allow or block the packets mostly based on
criteria such as source and/or destination IP addresses, protocol, source
and/or destination port numbers, and various other parameters within
the IP header.
• The decision can be based on factors other than IP header fields
such as ICMP message type, TCP SYN and ACK bits, etc.
Packet filter rule has two parts −
• Selection criteria − It is a used as a condition and pattern matching
for decision making.
• Action field − This part specifies action to be taken if an IP packet
meets the selection criteria. The action could be either block (deny)
or permit (allow) the packet across the firewall.
Circuit Level Gateway (Firewall) is explained on this blog elsewhere.
Application Layer Firewall or proxy gateway, examines and filters
individual packets, rather than simply copying them and blindly
forwarding them across the gateway. Application-specific proxies check
each packet that passes through the gateway, verifying the contents of
the packet up through the application layer. These proxies can filter
particular kinds of commands or information in the application protocols.
• Application gateways can restrict specific actions from being
performed. For example, the gateway could be configured to
prevent users from performing the ‘FTP put’ command. This can
prevent modification of the information stored on the server by an
attacker.
 types of firewalls

Triple DES
• The speed of exhaustive key searches against DES after 1990 began
to cause discomfort amongst users of DES.
• However, users did not want to replace DES as it takes an enormous
amount of time and money to change encryption algorithms that
are widely adopted and embedded in large security architectures.
• The pragmatic approach was not to abandon the DES completely,
but to change the manner in which DES is used. This led to the
modified schemes of Triple DES (sometimes known as 3DES).
The encryption-decryption process is as follows:
• Encrypt the plaintext blocks using single DES with key K1.
• Now decrypt the output of step 1 using single DES with key K2.
• Finally, encrypt the output of step 2 using single DES with key K3.
• The output of step 3 is the cipher-text.
• Decryption of a cipher-text is a reverse process. User first decrypt
using K3, then encrypt with K2, and finally decrypt with K1.
Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it
is possible to use a 3TDES (hardware) implementation for single DES by
setting K1, K2, and K3 to be the same value. This provides backwards
compatibility with DES.
 triple DES visualisation

Diffusion & Confusion Property In Encryption

• The terms confusion and diffusion are the properties for making a
secure cipher.
• * Both Confusion and diffusion are used to prevent the encryption
key from its deduction or ultimately for preventing the original
message.
• Confusion is used for creating clueless cipher-text while diffusion is
used for increasing the redundancy of the plaintext over the major
part of the cipher-text to make it obscure.
• The stream cipher only relies on confusion. Alternatively, diffusion is
used by both stream and block cipher.
 diffusion and confusion comparison

• Confusion refers to making the relationship between the key and

the cipher-text as complex and as involved as possible
• Diffusion refers to the property that redundancy in the statistics of
the plaintext is “dissipated” in the statistics of the cipher-text.

MD5 vs SHA1 Algorithms

MD5
• MD5 is used to create a message digest for digital signatures → it
creates a fixed 128-bit output that sums up to 32 characters long.
• 2¹²⁸ bit operations are required to find original message.
• MD5 is less strong hashing algorithm (since it only outputs 128-bit
digest).
• Its output performance is 335 MiB/s.
 • It is less secure against Brute Force attack.
• It is vulnerable against cryptanalysis.
SHA-1
• SHA-1 is used to create digital signatures → it produces 160-bit
message digests.
• 2¹⁶⁰ bit operations required to find original message.
• A stronger hashing algorithm (outputs 160-bit digest).
• Output performance 192 MiB/s.
• More secure against Brute Force attack.
• Less vulnerable against cryptanalysis.

SSL
• SSL (Secure Sockets Layer) is a standard security protocol for
establishing encrypted links between a web server and a browser in
an online communication. → The usage of SSL technology ensures
that all data transmitted between the web server and browser
remains encrypted.
• An SSL certificate is necessary to create SSL connection. → You
would need to give all details about the identity of your website and
your company as and when you choose to activate SSL on your web
server. Following this, two cryptographic keys are created — a
Private Key and a Public Key.
• The next step is the submission of the CSR (Certificate Signing
Request), which is a data file that contains your details as well as
your Public Key. The CA (Certification Authority) would then validate
your details.
• The newly-issued SSL would be matched to your Private Key.
• On the apparent level, the presence of an SSL protocol and an
encrypted session is indicated by the presence of the lock icon in
 the address bar. A click on the lock icon displays to a user/customer
details about your SSL.
• An SSL Certificate comprises of your domain name, the name of
your company and other things like your address, your city, your
state and your country.
• It would also show the expiration date of the SSL plus details of the
issuing CA. It’s also verified that the CA is one that the browser
trusts, and also that the certificate is being used by the website for
which it has been issued.
• If any of these checks fail, a warning will be displayed to the user,
indicating that the website is not secured by a valid SSL certificate.

SSL/TLS Certificate
• SSL or TLS (Transport Layer Security) certificates are data files that
bind a cryptographic key to the details of an organisation.
• When SSL/TLS certificate is installed on a web server, it enables a
secure connection between the web server and the browser that
connects to it.
• The website’s URL is prefixed with “https” instead of “http” and a
padlock is shown on the address bar. If the website uses an
extended validation (EV) certificate, then the browser may also
show a green address bar.

Active Attacks vs Passive Attacks

Passive Attacks
• The main goal of a passive attack is to obtain unauthorised access
to the information. For example, actions such as intercepting and
eavesdropping on the communication channel can be regarded as
passive attack.
 • These actions are passive in nature, as they neither affect
information nor disrupt the communication channel. A passive
attack is often seen as stealing information.
• The only difference in stealing physical goods and stealing
information is that theft of data still leaves the owner in possession
of that data. Passive information attack is thus more dangerous than
stealing of goods, as information theft may go unnoticed by the
owner.
Active Attacks
An active attack involves changing the information in some way by
conducting some process on the information. For example,
• Modifying the information in an unauthorised manner.
• Initiating unintended or unauthorised transmission of information.
• Alteration of authentication data such as originator name or
timestamp associated with information
• Unauthorised deletion of data.
• Denial of access to information for legitimate users (denial of
service).
 active attack

Security Challenges in Wireless/Mobile Networks

• limited memory & storage
• limited power
• unreliability of communication
• deployment & immense scale
• operation unattended

Private Key vs Public Key

• private key is Symmetric Key Cryptography
• public key is Asymmetric Key Cryptography
AES vs DES

• DES uses Feistal Cipher Structure while AES uses Substitution and
Permutation Principle.
• DES has smaller key (less secure) while AES has larger key
(comparatively more secure).
• DES has data block divided into two halves while AES has the entire
data block processed as a single matrix.
Stream Cipher vs Block Cipher
Types of Attacks Addressed By Message Authentication
• masquerade
• content modification
• sequence modification
• timing modification
Public Key Cryptography
• Unlike symmetric key cryptography, we do not find historical use of
public-key cryptography. It is a relatively new concept.
• Symmetric cryptography was well suited for organizations such as
governments, military, and big financial corporations were involved
in the classified communication.
• With the spread of more unsecure computer networks in last few
decades, a genuine need was felt to use cryptography at larger
scale. The symmetric key was found to be non-practical due to
challenges it faced for key management. This gave rise to the public
key cryptosystems.
• The process of encryption and decryption is depicted in the
following illustration −
 public key cryptography visual aid

The most important properties of public key encryption scheme are −

• Different keys are used for encryption and decryption. This is a
property which set this scheme different than symmetric encryption
scheme.
• Each receiver possesses a unique decryption key, generally referred
to as his private key.
• Receiver needs to publish an encryption key, referred to as his
public key.
• Some assurance of the authenticity of a public key is needed in this
scheme to avoid spoofing by adversary as the receiver. Generally,
this type of crypto-system involves trusted third party which
certifies that a particular public key belongs to a specific person or
entity only.
 • Encryption algorithm is complex enough to prohibit attacker from
deducing the plaintext from the cipher-text and the encryption
(public) key.
• Though private and public keys are related mathematically, it is not
be feasible to calculate the private key from the public key. In fact,
intelligent part of any public-key crypto-system is in designing a
relationship between two keys.

Three Types Of Public Key Encryption Schemes

• RSA Crypto-system
• ElGamel Crypto-system
• Elliptic Curve Cryptography

RSA Cryptosystem
• This crypto-system is one the initial system. It remains most
employed crypto-system even today. The system was invented by
three scholars Ron Rivest, Adi Shamir, and Len Adleman and hence,
it is termed as RSA crypto-system.
• We will see two aspects of the RSA crypto-system, firstly generation
of key pair and secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using
encryption needs to generate a pair of keys, namely public key and
private key. The process followed in the generation of keys is described
below −
• Generate the RSA modulus (n) — Select two large primes, p and q.
Calculate n=p*q. For strong unbreakable encryption, let n be a large
number, typically a minimum of 512 bits.
• Find Derived Number (e) — Number e must be greater than 1 and
less than (p − 1)(q − 1). There must be no common factor for e and
 (p − 1)(q − 1) except for 1. In other words two numbers e and (p —
1)(q — 1) are co-prime.
• Form the public key — The pair of numbers (n, e) form the RSA
public key and is made public. Interestingly, though n is part of the
public key, difficulty in factorising a large prime number ensures
that attacker cannot find in finite time the two primes (p & q) used
to obtain n. This is strength of RSA.
• Generate the private key — Private Key d is calculated from p, q,
and e. For given n and e, there is unique number d. Number d is the
inverse of e modulo (p — 1)(q — 1). This means that d is the number
less than (p — 1)(q — 1) such that when multiplied by e, it is equal
to 1 modulo (p — 1)(q — 1). This relationship is written
mathematically as follows −
ed = 1 mod (p − 1)(q − 1)

The Extended Euclidean Algorithm takes p, q, and e as input and gives d as

output.
Example
An example of generating RSA Key pair is given below. (For ease of
understanding, the primes p & q taken here are small values. Practically,
these values are very high).
• Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 =
91.
• Select e = 5, which is a valid choice since there is no number that is
common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
• The pair of numbers (n, e) = (91, 5) forms the public key and can be
made available to anyone whom we wish to be able to send us
encrypted messages.
• Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm.
The output will be d = 29.
 • Check that the d calculated is correct by computing −
de = 29 × 5 = 145 = 1 mod 72

• Hence, public key is (91, 5) and private keys is (91, 29).

Encryption and Decryption
Once the key pair has been generated, the process of encryption and
decryption are relatively straightforward and computationally easy.
Interestingly, RSA does not directly operate on strings of bits as in case of
symmetric key encryption. It operates on numbers modulo n. Hence, it is
necessary to represent the plaintext as a series of numbers less than n.
RSA Encryption
• Suppose the sender wish to send some text message to someone
whose public key is (n, e).
• The sender then represents the plaintext as a series of numbers less
than n.
• To encrypt the first plaintext P, which is a number modulo n. The
encryption process is simple mathematical step as −
C = Pe mod n

• In other words, the cipher-text C is equal to the plaintext P

multiplied by itself e times and then reduced modulo n. This means
that C is also a number less than n.
• Returning to our Key Generation example with plaintext P = 10, we
get cipher-text C −
C = 105 mod 91

RSA Decryption
• The decryption process for RSA is also very straightforward. Suppose
that the receiver of public-key pair (n, e) has received a ciphertext C.
 • Receiver raises C to the power of his private key d. The result
modulo n will be the plaintext P.
Plaintext = Cd mod n

• Returning again to our numerical example, the ciphertext C = 82

would get decrypted to number 10 using private key 29 −
Plaintext = 8229 mod 91 = 10

RSA Analysis
The security of RSA depends on the strengths of two separate functions.
The RSA crypto-system is most popular public-key crypto-system strength
of which is based on the practical difficulty of factoring the very large
numbers.
• Encryption Function − It is considered as a one-way function of
converting plaintext into cipher-text and it can be reversed only
with the knowledge of private key d.
• Key Generation − The difficulty of determining a private key from an
RSA public key is equivalent to factoring the modulus n. An attacker
thus cannot use knowledge of an RSA public key to determine an
RSA private key unless he can factor n. It is also a one way function,
going from p & q values to modulus n is easy but reverse is not
possible.
If either of these two functions are proved non one-way, then RSA will be
broken. In fact, if a technique for factoring efficiently is developed then
RSA will no longer be safe.
The strength of RSA encryption drastically goes down against attacks if
the number p and q are not large primes and/ or chosen public key e is a
small number.
Elliptic Curve Cryptography
• Elliptic Curve Cryptography (ECC) is a term used to describe a suite
of cryptographic tools and protocols whose security is based on
special versions of the discrete logarithm problem. It does not use
numbers modulo p.
• ECC is based on sets of numbers that are associated with
mathematical objects called elliptic curves. There are rules for
adding and computing multiples of these numbers, just as there are
for numbers modulo p.
• ECC includes a variants of many cryptographic schemes that were
initially designed for modular numbers such as ElGamal encryption
and Digital Signature Algorithm.
• It is believed that the discrete logarithm problem is much harder
when applied to points on an elliptic curve. This prompts switching
from numbers modulo p to points on an elliptic curve.
• Also an equivalent security level can be obtained with shorter keys if
we use elliptic curve-based variants.
• The shorter keys result in two benefits −
• Ease of key management
• Efficient computation
These benefits make elliptic-curve-based variants of encryption scheme
highly attractive for application where computing resources are
constrained.

Honeypots
• A honeypot is a decoy computer system that simulates the
behaviour of a real system having data that seems to be legitimate
part of the network/site, but it is actually isolated and closely
monitored for trapping hackers or tracking unconventional or new
hacking methods, who are then blocked/trapped.
 • The main purpose of a Honeypot is to detect and learn from the
attacks and further use the information to improve security.
• Main reasons to setup honeypots: gather understanding and
gather information.

honeypot visual aid

Types of Honeypots
Based on use-case, two types of honeypots:
• research honeypots — These are mainly used or deployed to gather
information and understand about the various attack
 methodologies, tactics used by the intruders to gain access into a
system/network. → These honeypots doesn’t add direct value to
any specific organisation, but the information helps in improving
their security.
• production honeypots — These are primarily used for detection and
to protect organisations. The main purpose of a production
honeypot is to help mitigate risk in an organisation. → Increasingly,
however, production honeypots are being recognised for the
detection capabilities they can provide and for the ways they can
supplement both network- and host-based intrusion protection.
Based on design criteria of honeypots, three types of honeypots:
• pure honeypots — Pure honeypots are full-fledged production
systems. The activities of the attacker are monitored by using a bug
tap that has been installed on the honeypot’s link to the network.
No other software needs to be installed. Even though a pure
honeypot is useful, stealthiness of the defence mechanisms can be
ensured by a more controlled mechanism.
• high-interaction honeypots — High-interaction honeypots imitate
the activities of the production systems that host a variety of
services and, therefore, an attacker may be allowed a lot of services
to waste his time. By employing virtual machines , multiple
honeypots can be hosted on a single physical machine. Therefore,
even if the honeypot is compromised, it can be restored more
quickly. In general, high-interaction honeypots provide more
security by being difficult to detect, but they are expensive to
maintain. If virtual machines are not available, one physical
computer must be maintained for each honeypot, which can be
exorbitantly expensive. Example: Honey-net .
• low-interaction honeypots — Low-interaction honeypots simulate
only the services frequently requested by attackers. Since they
 consume relatively few resources, multiple virtual machines can
easily be hosted on one physical system, the virtual systems have a
short response time, and less code is required, reducing the
complexity of the virtual system’s security. Example: Honey-d.

Message Authentication Code (MAC) & Its Limitations

• MAC algorithm is a symmetric key cryptographic technique to
provide message authentication. For establishing MAC process, the
sender and receiver share a symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the
underlying message that is sent along with a message to ensure
message authentication.
• The process of using MAC for authentication is depicted in the
following illustration −
Let us now try to understand the entire process in detail −
• The sender uses some publicly known MAC algorithm, inputs the
message and the secret key K and produces a MAC value.
• Similar to hash, MAC function also compresses an arbitrary long
input into a fixed length output. The major difference between hash
and MAC is that MAC uses secret key during the compression.
• The sender forwards the message along with the MAC. Here, we
assume that the message is sent in the clear, as we are concerned of
providing message origin authentication, not confidentiality. If
confidentiality is required then the message needs encryption.
• On receipt of the message and the MAC, the receiver feeds the
received message and the shared secret key K into the MAC
algorithm and re-computes the MAC value.
• The receiver now checks equality of freshly computed MAC with the
MAC received from the sender. If they match, then the receiver
accepts the message and assures himself that the message has been
sent by the intended sender.
• If the computed MAC does not match the MAC sent by the sender,
the receiver cannot determine whether it is the message that has
been altered or it is the origin that has been falsified. As a bottom-
line, a receiver safely assumes that the message is not the genuine.
Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature
of operation −
• Establishment of Shared Secret.
• It can provide message authentication among pre-decided
legitimate users who have shared key.
• This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
 • Non-repudiation is the assurance that a message originator cannot
deny any previously sent messages and commitments or actions.
• MAC technique does not provide a non-repudiation service. If the
sender and receiver get involved in a dispute over message
origination, MACs cannot provide a proof that a message was
indeed sent by the sender.
• Though no third party can compute the MAC, still sender could deny
having sent the message and claim that the receiver forged it, as it is
impossible to determine which of the two parties computed the
MAC.
Both these limitations can be overcome by using the public key based
digital signatures.

Various Block Cipher Schemes

• DES — *described in detail in this blog*
• Triple DES — *described in detail in this blog*
• AES — *described in detail in this blog*
• IDEA — a strong block cipher with a block size of 64 and a key size of
128 bits. Applications like early versions of PGP use IDEA. The use of
IDEA has been limited currently due to patent issues.
• Two-fish — a block cipher with block size 128 bits and a key of
variable length, and is also an AES competition finalists. It is based
on earlier block cipher Blowfish with a block size of 64 bits.
• Serpent — a block cipher with block size 128 bits and key lengths
128, 192 or 256 bits, and is also an AES competition finalists. It is
slower but has more secure design than other block ciphers.

Block Cipher & Criteria For Selecting Block Size

• The basic scheme of a block cipher is depicted as follows −
 block cipher basic scheme

A block cipher takes a block of plaintext bits and generates a block of

cipher-text bits, generally of same size. The size of block is fixed in the
given scheme. The choice of block size does not directly affect to the
strength of encryption scheme. The strength of cipher depends up on the
key length.
Block Size
Though any size of block is acceptable, following aspects are borne in
mind while selecting a size of a block.
• Avoid very small block size − Say a block size is m bits. Then the
possible plaintext bits combinations are then 2m. If the attacker
discovers the plain text blocks corresponding to some previously
sent cipher-text blocks, then the attacker can launch a type of
‘dictionary attack’ by building up a dictionary of plaintext/cipher-
text pairs sent using that encryption key. A larger block size makes
attack harder as the dictionary needs to be larger.
 • Do not have very large block size − With very large block size, the
cipher becomes inefficient to operate. Such plain-texts will need to
be padded before being encrypted.
• Multiples of 8 bit − A preferred block size is a multiple of 8 as it is
easy for implementation as most computer processor handle data in
multiple of 8 bits.

OSI Security Architecture

• The OSI Security Architecture is a framework that provides a
systematic way of defining the requirements for security and
characterising the approaches to satisfying those requirements. The
document defines security attacks, mechanisms, and services, and
the relationships among these categories.
• Threat — A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could
breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
• Attack — An assault on system security that derives from an
intelligent threat; that is, an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
• Security attack — Any action that compromises the security of
information owned by an organisation.
• Security mechanism — A mechanism that is designed to detect,
prevent or recover from a security attack.
• Security service — A service that enhances the security of the data
processing systems and the information transfers of an
organization. The services are intended to counter security attacks
and they make use of one or more security mechanisms to provide
the service.
 OSI model

Cryptography Primitives
• Cryptography primitives are nothing but the tools and techniques in
cryptography, that can be selectively used to provide a set of
desired security services:
• Encryption
• Hash Functions
• MAC
• Digital Signatures
 cryptography primitives and their services offered

Ethical Hacking vs Digital Hacking

• Ethical Hacking is the key to strengthening network security, and is
one of the most desired skills for any IT professional. Ethical hackers
have good knowledge in problem-solving strategies for security
breaches, and can collect and analyse data to monitor and interpret
weaknesses.
• Digital hacking is known as cyber forensics or digital forensics
(already discussed as a separate topic on this blog).

Additive vs Affine Cipher

• Additive ciphers — It is the simplest code → each coded letter is
simply shifted to a certain number of spaces from the plaintext
letter (the number of spaces the letter has been shifted is called the
key).
• Mathematically: c = (p + a) mod 26
 • where p = position of plaintext letter, a = key, c = position of
resulting cipher-text letter.
• Affine cipher — It is a type of mono-alphabetic substitution cipher,
wherein each letter in an alphabet is mapped to its numerical
equivalent, encrypted using a simple mathematical function, and
converted back to a letter. The formula used means that each letter
encrypts to one other letter, and back again, meaning the cipher is
essentially a standard substitution cipher with a rule governing
which letter goes to which. As such, it has the weaknesses of all
substitution ciphers. Each letter is enciphered with the function (ax
+ b) mod 26, where b is the magnitude of shift.

Four Kinds of Cryptanalysis (or Network Security) Attacks

• cipher-text only attack — During cipher-text-only attacks, the
attacker has access only to a number of encrypted messages. He has
no idea what the plaintext data or the secret key may be. The goal is
to recover as much plaintext messages as possible or (preferably) to
guess the secret key. After discovering the encryption key, it will be
possible to break all the other messages which have been encrypted
by this key.
• known plaintext attack — During known-plaintext attacks, the
attacker has an access to the cipher-text and its corresponding
plaintext. His goal is to guess the secret key (or a number of secret
keys) or to develop an algorithm which would allow him to decrypt
any further messages.
• man-in-the-middle attack — During the man-in-the-middle attack,
the hidden intruder joins the communication and intercepts all
messages.
• brute force attack — During the brute-force attack, the intruder
tries all possible keys (or passwords), and checks which one of them
 returns the correct plaintext. A brute-force attack is also called an
exhaustive key search.
• password-based attacks — Password-based access control is a
common factor of most operating system and network security
plans. This means your access rights to a computer and network
resources are determined by your user name and your password.
• eavesdropping — When an attacker is eavesdropping on your
communications, it is referred to as “sniffing” or “snooping”. In an
enterprise, the ability of an eavesdropper to monitor the network is
generally the biggest security problem that administrators face.
• data modification — After an attacker has seen and read your data,
the next logical step he will most probably take is altering it. An
attacker can modify the data without the knowledge of the sender
or receiver. Even if you do not require confidentiality for all
communications, you do not want any of your messages to be
modified in transit.
• DoS or DDoS attacks — *discussed already*

Viruses, Worms, Trojan Horses, Botnets (Malicious Codes)

• A computer virus is a type of malware that propagates by inserting a
copy of itself into and becoming part of another program. It spreads
from one computer to another, leaving infections as it travels.
Viruses can range in severity from causing mildly annoying effects to
damaging data or software and causing denial-of-service (DoS)
conditions.
• Computer worms are similar to viruses in that they replicate
functional copies of themselves and can cause the same type of
damage. In contrast to viruses, which require the spreading of an
infected host file, worms are standalone software and do not
require a host program or human help to propagate.
 • A Trojan is another type of malware named after the wooden horse
that the Greeks used to infiltrate Troy. It is a harmful piece of
software that looks legitimate. Users are typically tricked into
loading and executing it on their systems. After it is activated, it can
achieve any number of attacks on the host, from irritating the user
(popping up windows or changing desktops) to damaging the host
(deleting files, stealing data, or activating and spreading other
malware, such as viruses).
• “Bot” is derived from the word “robot” and is an automated process
that interacts with other network services. Bots often automate
tasks and provide information or services that would otherwise be
conducted by a human being. A typical use of bots is to gather
information, such as web crawlers, or interact automatically with
Instant Messaging (IM), Internet Relay Chat (IRC), or other web
interfaces. They may also be used to interact dynamically with
websites.

Caesar Cipher w. Example

• The Caesar Cipher technique is one of the earliest and simplest
method of encryption technique. It’s simply a type of substitution
cipher, i.e., each letter of a given text is replaced by a letter some
fixed number of positions down the alphabet. For example with a
shift of 1, A would be replaced by B, B would become C, and so on.
The method is apparently named after Julius Caesar, who
apparently used it to communicate with his officials.
Thus to cipher a given text we need an integer value, known as shift
which indicates the number of position each letter of the text has
been moved down.
The encryption can be represented using modular arithmetic by first
transforming the letters into numbers, according to the scheme, A =
0, B = 1,…, Z = 25. Encryption of a letter by a shift n can be described
mathematically as:
encryption and decryption in caesar cipher
 caesar cipher

Examples :
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVWText : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI

Algorithm for Caesar Cipher:

Input:
4. A String of lower case letters, called Text.
5. An Integer between 0–25 denoting the required shift.
Procedure:
• Traverse the given text one character at a time .
• For each character, transform the given character as per the rule,
depending on whether we’re encrypting or decrypting the text.
• Return the new string generated.
Program that receives a Text (string) and Shift value( integer) and returns
the encrypted text.
Play-fair Cipher w. Example
• The Play-fair Cipher is a manual symmetric encryption cipher
invented in 1854 by Charles Wheatstone, however its name and
popularity came from the endorsement of Lord Play-fair.
• The Play-fair cipher encrypts pairs of letters (digraphs), instead of
single letters as is the case with simpler substitution ciphers such as
the Caesar Cipher. Frequency analysis is still possible on the Play-fair
cipher, however it would be against 600 possible pairs of letters
instead of 26 different possible letters. For this reason the Play-fair
cipher is much more secure than older substitution ciphers, and its
use continued up until WWII.
• The play-fair cipher starts with creating a key table. The key table is
a 5×5 grid of letters that will act as the key for encrypting your
plaintext. Each of the 25 letters must be unique and one letter of
the alphabet (usually Q) is omitted from the table (as there are 25
spots and 26 letters in the alphabet).
Hello World Example:
• Let’s say we wanted to use the phrase “Hello World” as our key. The
first characters (going left to right) in the table will be the phrase,
with duplicate letters removed. The rest of the table will be filled
with the remaining letters of the alphabet, in order. Our key table
would look like this:
• HELOW
RDABC
FGIJK
MNPST
UVXYZ
• Now, we need a message to encrypt. In a play-fair cipher the
message is split into digraphs, pairs of two letters. If there is an odd
number of letters, a Z is added to the last letter. Let’s say we want
to encrypt the message “hide the gold”.
• HI DE TH EG OL DZ
 • Now for the actual encryption process. The Play-fair cipher uses a
few simple rules relating to where the letters of each digraph are in
relation to each other. The rules are:
• If both letters are in the same column, take the letter below each
one (going back to the top if at the bottom)
• If both letters are in the same row, take the letter to the right of
each one (going back to the left if at the farthest right)
• If neither of the preceding two rules are true, form a rectangle with
the two letters and take the letters on the horizontal opposite
corner of the rectangle
Using these rules, the result of the encryption of “hide the gold” with the
key of “hello world” would be “LF GD MW DN WO CV”.
This can be a little hard to understand at first, but once it’s understood it
seems lightning fast and, for the most part, it is. Here’s a visual example
of each (input in green and resulting digraph in red):
• Performing this quick encryption process for each digraph in the
message eventually results in the entire plaintext being encrypted.
Decrypting the Play-fair cipher (assuming you have the key) is as
simple as doing the same process in reverse. Assuming you have the
same key you will always be able to create the same key table, and
then decrypt any messages made using that key.
• The Play-fair cipher was used mainly to protect important, yet non-
critical secrets, as it is quick to use and requires no special
 equipment. By the time enemy cryptanalysts could break the code
the information it was protecting would often no longer be relevant.

Operation of DES
• The Data Encryption Standard (DES) is a symmetric-key block cipher
published by the National Institute of Standards and Technology
(NIST).
• DES is an implementation of a Feistel Cipher. It uses 16 round Feistel
structure. The block size is 64-bit. Though, key length is 64-bit, DES
has an effective key length of 56 bits, since 8 of the 64 bits of the
key are not used by the encryption algorithm (function as check bits
only). General Structure of DES is depicted in the following
illustration −
Since DES is based on the Feistel Cipher, all that is required to specify DES
is:
• Round function
• Key schedule
• Any additional processing − Initial and final permutation
DES Analysis
The DES satisfies both the desired properties of block cipher. These two
properties make cipher very strong.
• Avalanche effect − A small change in plaintext results in the very
great change in the cipher-text.
 • Completeness − Each bit of cipher-text depends on many bits of
plaintext.
During the last few years, cryptanalysis have found some weaknesses in
DES when key selected are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been
no significant cryptanalytic attacks on DES other than exhaustive key
search.

Operation of AES
• AES is an iterative rather than Feistel cipher. It is based on
‘substitution–permutation network’. It comprises of a series of
linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around
(permutations).
• Interestingly, AES performs all its computations on bytes rather than
bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes.
These 16 bytes are arranged in four columns and four rows for
processing as a matrix −
• Unlike DES, the number of rounds in AES is variable and depends on
the length of the key. AES uses 10 rounds for 128-bit keys, 12
rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of
these rounds uses a different 128-bit round key, which is calculated
from the original AES key.
• The schematic of AES structure is given in the following illustration −
AES Analysis
In present day cryptography, AES is widely adopted and supported in both
hardware and software. Till date, no practical cryptanalytic attacks against
AES has been discovered. Additionally, AES has built-in flexibility of key
length, which allows a degree of ‘future-proofing’ against progress in the
ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly
implemented and good key management is employed