Information and Network

Security
UNIT 1

By Shivani Deopa
INTRODUCTION TO SECURITY
• A crucial component of network systems, information security works
to safeguard data and information from unwanted access, use,
disclosure, interruption, alteration, and destruction.
• The security of network systems is now more crucial than ever due to
society's growing reliance on digital technology and the internet.
What is Information Security in Network Systems?
• A combination of practices, policies, and procedures called
information security in network systems is intended to safeguard the
privacy, availability, and integrity of data and information stored,
processed, and sent across a network.
• It entails locating potential risks and vulnerabilities in network
systems, putting those risks under control, and continuously
assessing and enhancing the network's security posture.
Why Is Information Security Essential in Network Systems?
• Information security is essential in network systems for a number of reasons:
1. Protection of sensitive information: Network systems often store and transmit
sensitive information such as financial records, personal identifiable
information (PII), and intellectual property. The security of this information is
critical to protect the privacy and interests of individuals and organizations.
2. Compliance with regulations: Many industries are subject to regulations and
standards that require the implementation of specific security measures to
protect sensitive information. Failure to comply with these regulations can
result in legal and financial consequences.
3. Business continuity: Security breaches can cause disruptions to network
systems, resulting in downtime and lost productivity. By ensuring the security
of network systems, organizations can maintain business continuity and
minimize the impact of security incidents.
4. Reputation and trust: A security breach can damage an organization's
reputation and erode the trust of customers, partners, and stakeholders. By
prioritizing information security, organizations can build and maintain trust
with their stakeholders.
Key Techniques and Best Practices for Information Security in Network Systems

1. Access Control: Access control is the practice of restricting access to network resources to
authorized individuals or systems. This can be achieved through the use of passwords, multi-
factor authentication, and role-based access control (RBAC).
2. Encryption: Encryption is the process of converting plaintext data into ciphertext to protect it
from unauthorized access. Encryption is commonly used to secure data in transit, such as
email messages and web traffic, as well as data at rest, such as files stored on a server.
3. Firewalls: Firewalls are network security devices that monitor and control incoming and
outgoing network traffic based on predefined rules. Firewalls can be implemented at the
network or host level and are an effective way to protect against unauthorized access and
malicious traffic.
4. Intrusion Detection and Prevention: Intrusion detection and prevention systems (IDPS) are
security technologies that monitor network traffic for suspicious activity and can automatically
block or alert security personnel about potential security incidents.
5. Patch Management: Patch management is the practice of regularly updating software and
firmware to address security vulnerabilities and bugs. Timely patching is critical to maintaining
the security of network systems.
6. Employee Training and Awareness: Employees are often the weakest link in network security,
as they can inadvertently expose sensitive information or fall victim to social engineering
attacks. Regular training and awareness programs can help employees identify and prevent
security incidents.
Network security
• Network security has become increasingly important in the current digital era for maintaining the integrity
and safety of our networks. The protection of a computer network and its data from illegal access, theft, or
damage is referred to as network security. Security precautions must be taken in network systems to
protect the network from various forms of assaults, including malware, phishing, denial of service (DoS)
attacks, and more.
• The installation of firewalls is one of the crucial phases in network security. A firewall is a piece of hardware
or software that monitors and regulates network traffic, basing its actions on pre-set security rules. A
firewall can stop potentially hazardous traffic from entering the system and can stop unauthorized users
from accessing the network.
• The use of encryption is yet another crucial component of network security. Data is transformed into a
secret code via encryption to prevent unauthorized access. Sensitive information, like passwords, credit card
numbers, and other personal data, is frequently secured via encryption.
• Network security also entails the deployment of antivirus and anti-malware software in addition to firewalls
and encryption. These tools are made to identify and eliminate dangerous software from the network, such
as Trojan horses, worms, and viruses. Anti-malware software is essential for preventing hackers from
breaking into networks or stealing critical data.
• Monitoring and analyzing network traffic on a regular basis is another essential component of network
security. Network managers must keep an eye on network traffic for any unusually high volumes of traffic or
traffic coming from unidentified sources, among other signs of suspicious activity. Network traffic analysis
can be used to identify and stop attacks before they harm the network.
• Finally, network security is an important component of network systems. It entails using firewalls,
encryption, antivirus and anti-malware software, strong passwords, access control measures, routine
network traffic monitoring and analysis, and regular network device and software upgrades and patches.
Network administrators can defend the network against different assaults and guarantee the integrity and
safety of the network and its data by putting these security measures in place.
Difference between Network security Information security
Information security & Network security focuses on Information security is concerned with
protecting the network infrastructure safeguarding the data that resides on
Network security the network.
• Protecting sensitive Network security measures typically Information security measures include
information and computer include firewalls, intrusion detection encryption, access control, and
systems, and other tools designed to backup and recovery systems.
systems from online threats prevent unauthorized access to the
requires both network network.
security and information Network security is more concerned Information security is more
security. with the technical aspects of securing concerned with the policies and
a network, such as network procedures that govern how data is
• Despite their near architecture, protocols, and devices. accessed, used, and protected.
resemblance, the two have
some variances. The Network security is typically Information security is often the
following are some implemented by network engineers responsibility of dedicated security
important distinctions and administrators, professionals.

between network security Network security focuses on the Information security also includes
confidentiality, integrity, and additional aspects such as
and information security: availability of network resources. authenticity, accountability, and non-
repudiation.
Network security measures can be Information security measures are
implemented at the network typically implemented at the data
perimeter, such as firewalls and level, such as encryption and access
intrusion detection systems. controls.
The OSI Security Architecture
• The OSI (Open Systems Interconnection) Security Architecture defines
a systematic approach to providing security at each layer. It defines security
services and security mechanisms that can be used at each of the seven layers of
the OSI model to provide security for data transmitted over a network.
• These security services and mechanisms help to ensure the confidentiality,
integrity, and availability of the data. OSI architecture is internationally
acceptable as it lays the flow of providing safety in an organization.
• OSI Security Architecture focuses on these concepts:
1. Security Attack:
2. Security mechanism: A security mechanism is a means of protecting a system,
network, or device against unauthorized access, tampering, or other security
threats.
3. Security Service
Benefits of OSI Architecture:
Below listed are the benefits of OSI Architecture in an
organization:
1. Providing Security:
• OSI Architecture in an organization provides the needed
security and safety, preventing potential threats and risks.
• Managers can easily take care of the security and there is
hassle-free security maintenance done through OSI
Architecture.
2. Organising Task:
• The OSI architecture makes it easy for managers to build a
security model for the organization based on strong security
principles.
• Managers get the opportunity to organize tasks in an
organization effectively.
3. Meets International Standards:
• Security services are defined and recognized internationally
meeting international standards.
• The standard definition of requirements defined using OSI
Architecture is globally accepted.
Security Attacks
• A security attack is an attempt by a person or entity to gain
unauthorized access to disrupt or compromise the security of a
system, network, or device.
• These are defined as the actions that put at risk an organization’s
safety.
• They are further classified into 2 sub-categories:
A. Passive Attack
B. Active attack
Passive Attack:
• Attacks in which a third-party intruder tries to access the message/
content/ data being shared by the sender and receiver by keeping a close
watch on the transmission or eave-dropping the transmission is called
Passive Attacks.
• These types of attacks involve the attacker observing or monitoring
system, network, or device activity without actively disrupting or altering
it. Passive attacks are typically focused on gathering information or
intelligence, rather than causing damage or disruption.
• Here, both the sender and receiver have no clue that their message/ data
is accessible to some third-party intruder. The message/ data transmitted
remains in its usual form without any deviation from its usual behavior.
• This makes passive attacks very risky as there is no information provided
about the attack happening in the communication process.
• One way to prevent passive attacks is to encrypt the message/data that
needs to be transmitted, this will prevent third-party intruders to use the
information though it would be accessible to them.
• Passive attacks are further divided into two parts based on their
behavior:
1. Eavesdropping: This involves the attacker intercepting and listening
to communications between two or more parties without their
knowledge or consent. Eavesdropping can be performed using a
variety of techniques, such as packet sniffing, or man-in-the-middle
attacks.
2. Traffic analysis: This involves the attacker analyzing network traffic
patterns and metadata to gather information about the system,
network, or device. Here the intruder can’t read the message but
only understand the pattern and length of encryption. Traffic
analysis can be performed using a variety of techniques, such as
network flow analysis, or protocol analysis.
Active Attacks:
• Active attacks refer to types of attacks that involve the attacker
actively disrupting or altering system, network, or device activity.
• Active attacks are typically focused on causing damage or disruption,
rather than gathering information or intelligence. Here, both the
sender and receiver have no clue that their message/ data is modified
by some third-party intruder.
• The message/ data transmitted doesn’t remain in its usual form and
shows deviation from its usual behavior.
• This makes active attacks dangerous as there is no information
provided of the attack happening in the communication process and
the receiver is not aware that the data/ message received is not from
the sender.
• Active attacks are further divided into four parts based on their behavior:
1. Masquerade is a type of attack in which the attacker pretends to be an
authentic sender in order to gain unauthorized access to a system. This
type of attack can involve the attacker using stolen or forged credentials,
or manipulating authentication or authorization controls in some other
way.
2. Replay is a type of active attack in which the attacker intercepts a
transmitted message through a passive channel and then maliciously or
fraudulently replays or delays it at a later time.
3. Modification of Message involves the attacker modifying the
transmitted message and making the final message received by the
receiver look like it’s not safe or non-meaningful. This type of attack can
be used to manipulate the content of the message or to disrupt the
communication process.
4. Denial of service (DoS) attacks involve the attacker sending a large
volume of traffic to a system, network, or device in an attempt to
overwhelm it and make it unavailable to legitimate users.
Security Services
• Security services refer to the different services available for maintaining the security and
safety of an organization. They help in preventing any potential risks to security. Security
services are divided into 5 types:
• Authentication is the process of verifying the identity of a user or device in order to
grant or deny access to a system or device.
• Access control involves the use of policies and procedures to determine who is allowed
to access specific resources within a system.
• Data Confidentiality is responsible for the protection of information from being
accessed or disclosed to unauthorized parties.
• Data integrity is a security mechanism that involves the use of techniques to ensure that
data has not been tampered with or altered in any way during transmission or storage.
• Non- repudiation involves the use of techniques to create a verifiable record of the
origin and transmission of a message, which can be used to prevent the sender from
denying that they sent the message.
Security Mechanisms
• The mechanism that is built to identify any breach of security or
attack on the organization, is called a security mechanism.
• Security Mechanisms are also responsible for protecting a system,
network, or device against unauthorized access, tampering, or other
security threats.
• Security mechanisms can be implemented at various levels within a
system or network and can be used to provide different types of
security, such as confidentiality, integrity, or availability.
• Some examples of security mechanisms include:
• Encipherment (Encryption) involves the use of algorithms to transform
data into a form that can only be read by someone with the appropriate
decryption key. Encryption can be used to protect data it is transmitted
over a network, or to protect data when it is stored on a device.
• Digital signature is a security mechanism that involves the use of
cryptographic techniques to create a unique, verifiable identifier for a
digital document or message, which can be used to ensure the authenticity
and integrity of the document or message.
• Traffic padding is a technique used to add extra data to a network traffic
stream in an attempt to obscure the true content of the traffic and make it
more difficult to analyze.
• Routing control allows the selection of specific physically secure routes for
specific data transmission and enables routing changes, particularly when a
gap in security is suspected.
Classical Encryption Techniques
Symmetric Cipher Model
• Symmetric Encryption is the most basic and old method of
encryption. It uses only one key for the process of both the
encryption and decryption of data. Thus, it is also known as Single-
Key Encryption.
1. Plain Text (x): This is the original data/message that is to be communicated to the
receiver by the sender. It is one of the inputs to the encryption algorithm.
2. Secret Key (k): It is a value/string/text file used by the encryption and decryption
algorithm to encode and decode the plain text to cipher text and vice-versa
respectively. It is independent of the encryption algorithm. It governs all the
conversions in plain text. All the substitutions and transformations done depend on
the secret key.
3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs and
produces Cipher Text as output. It implies several techniques such as substitutions and
transformations on the plain text using the secret key.
E(x, k) = y
4. Cipher Text (y): It is the formatted form of the plain text (x) which is unreadable for
humans, hence providing encryption during the transmission. It is completely
dependent upon the secret key provided to the encryption algorithm. Each unique
secret key produces a unique cipher text.
5. Decryption Algorithm (D): It performs reversal of the encryption algorithm at the
recipient’s side. It also takes the secret key as input and decodes the cipher text
received from the sender based on the secret key. It produces plain text as output.
D(y, k) = x
Requirements for Encryption:
• There are only two requirements that need to be met to perform
encryption. They are,
1. Encryption Algorithm: There is a need for a very strong encryption
algorithm that produces cipher texts in such a way that the attacker
should be unable to crack the secret key even if they have access to
one or more cipher texts.
2. Secure way to share Secret Key: There must be a secure and robust
way to share the secret key between the sender and the receiver. It
should be leak proof so that the attacker cannot access the secret
key.
Substitution Techniques
• In a Substitution cipher, any character of plain text from the given
fixed set of characters is substituted by some other character from
the same set depending on a key. For example with a shift of 1, A
would be replaced by B, B would become C, and so on.
• The following are some Substitution Cipher Techniques:
- Caesar Cipher
- Monoalphabetic Cipher
- Vernam Cipher
Caesar Cipher
• The Caesar cipher is a simple encryption technique that was used by Julius Caesar to
send secret messages to his allies. It works by shifting the letters in the plaintext
message by a certain number of positions, known as the “shift” or “key”.
• The Caesar Cipher technique is one of the earliest and simplest methods of encryption
technique.
• It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced by a
letter with a fixed number of positions down the alphabet.
• For example with a shift of 1, A would be replaced by B, B would become C, and so on.
The method is apparently named after Julius Caesar, who apparently used it to
communicate with his officials.
• Thus to cipher a given text we need an integer value, known as a shift which indicates
the number of positions each letter of the text has been moved down.
• The encryption can be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a
letter by a shift n can be described mathematically as.
• For example, if the shift is 3, then the letter A would be replaced by the letter D,
B would become E, C would become F, and so on. The alphabet is wrapped
around so that after Z, it starts back at A.
• Here is an example of how to use the Caesar cipher to encrypt the message
“HELLO” with a shift of 3:
• Replace each letter in the plaintext message with the letter that is three positions
to the right in the alphabet.
H becomes K (shift 3 from H)
E becomes H (shift 3 from E)
L becomes O (shift 3 from L)
L becomes O (shift 3 from L)
O becomes R (shift 3 from O)
• The encrypted message is now “KHOOR”.
• To decrypt the message, you simply need to shift each letter back by the same
number of positions. In this case, you would shift each letter in “KHOOR” back by
3 positions to get the original message, “HELLO”.
Monoalphabetic Cipher
• An alphabetic substitution is a substitution cipher where the letters
of the alphabet are replaced by others according to a 1-1
correspondence (a plain letter always corresponds to the same cipher
letter).
• The substitution is said to be monoalphabetic because it uses only
one alphabet, this alphabet is said to be disordered. How to encrypt
using an alphabetical substitution?
• The monoalphabetical substitution consists in using a mixed alphabet
(with the letters in an unusual order) and replacing the letters of the
alphabet normal by it.
• Example: NBAJYFOWLZMPXIKUVCDEGRQSTH is a totally random
alphabet with the 26 letters of the Latin alphabet.
• To understand, write the alphabet over the classic alphabet:
Plain alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Substitution alphabet: NBAJYFOWLZMPXIKUVCDEGRQSTH

• The substitution involves a replacement in the plaintext of all the

letters of the first row with the letters associated with the second
row.
• Here all A become N, all the B remain B, all the C become A, etc.
• Example: With this substitution DCODE is encrypted as JAKJY.
Vernam Cipher
• Vernam Cipher is a method of encrypting alphabetic text. It is one of the
Substitution techniques for converting plain text into cipher text. In this
mechanism we assign a number to each character of the Plain-Text, like (a = 0, b
= 1, c = 2, … z = 25).
• Method to take key: In the Vernam cipher algorithm, we take a key to encrypt
the plain text whose length should be equal to the length of the plain text.
• Encryption Algorithm:
• Assign a number to each character of the plain-text and the key according to
alphabetical order.
• Bitwise XOR both the number (Corresponding plain-text character number and
Key character number).
• Subtract the number from 26 if the resulting number is greater than or equal to
26, if it isn’t then leave it.
Example 1:
Plain-Text: OAK
Key: SON
O ==> 14 =01110
S ==> 18 =10010
Bitwise XOR Result: =11100 = 28
• Since the resulting number is greater than 26, subtract 26 from it. Then convert the Cipher-Text character
number to the Cipher-Text character.
28 - 26 = 2 ==> C
CIPHER-TEXT: C
• Similarly, do the same for the other corresponding characters,
PT: O A K
NO: 14 00 10
KEY: S O N
NO: 18 14 13
• New Cipher-Text is after getting the corresponding character from the resulting number.
CT-NO: 02 14 07
CT: C O H
• Example 2:
Plain-Text: RAMSWARUPK
Key: RANCHOBABA
• Now according to our encryption algorithm, we assign a number to each character of our plain
text and key.
PT: R A M S W A R U P K
NO: 17 0 12 18 22 0 17 20 15 10
KEY: R A N C H O B A B A
NO: 17 0 13 2 7 14 1 0 1 0
• Now Bitwise XOR the number of Plain-Text and Key and after doing the XOR operation and
subtraction operation (if required), we will get the corresponding Cipher-Text character number.
CT-NO: 0 0 1 16 17 14 16 20 14 10
• Since there are no numbers that are greater than or equal to 26 we do not have to subtract 26
from any of them.
• New Cipher-Text is after getting the corresponding character from the number.
CIPHER-TEXT: A A B Q R O Q U O K
Transposition Techniques
• A transposition cipher (also known as a permutation cipher) is a method of
encryption which scrambles the positions of characters (transposition)
without changing the characters themselves.
• Transposition ciphers reorder units of plaintext (typically characters or
groups of characters) according to a regular system to produce
a ciphertext which is a permutation of the plaintext.
• They differ from substitution ciphers, which do not change the position of
units of plaintext but instead change the units themselves.
• The following are some Transposition Cipher Techniques:
- Rail Fence Cipher
- Simple Columnar Technique
Rail Fence Cipher
• The rail fence cipher (also called a zigzag cipher) is a form of transposition
cipher. It derives its name from the way in which it is encoded.
• Encryption
Input : "attack at once" a t c _ t o c
Key = 2
Output : atc toctaka ne
• Decryption t a k a _ n e

Input : "atc toctaka ne"

Key = 2
Output : attack at once
Encryption
• In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
• In the rail fence cipher, the plain-text is written downwards and diagonally on successive rails of an
imaginary fence.
• When we reach the bottom rail, we traverse upwards moving diagonally, after reaching the top rail, the
direction is changed again. Thus the alphabets of the message are written in a zig-zag manner.
• After each alphabet has been written, the individual rows are combined to obtain the cipher-text.
Decryption
• As we’ve seen earlier, the number of columns in rail fence cipher remains equal to the length of plain-text
message. And the key corresponds to the number of rails.
• Hence, rail matrix can be constructed accordingly. Once we’ve got the matrix we can figure-out the spots
where texts should be placed (using the same way of moving diagonally up and down alternatively ).
• Then, we fill the cipher-text row wise. After filling it, we traverse the matrix in zig-zag manner to obtain the
original text.
Implementation:
Let cipher-text = “atc toctaka ne ” , and Key = 3
• Number of columns in matrix = len(cipher-text) = 13
• Number of rows = key = 3
• Hence original matrix will be of 3*13 , now marking places with text as ‘*’ we get
Simple Columnar Technique
• The Columnar Transposition Cipher is a form of transposition cipher just like Rail
Fence Cipher. Columnar Transposition involves writing the plaintext out in rows,
and then reading the ciphertext off in columns one by one.
• Encryption
Input : Geeks on work
H A C K
Key = HACK
3 1 2 4
Output : e w_eoo_Gs kknr_
G e e k
• Decryption s _ o n
Input : e w_eoo_Gs kknr_ _ w o r
Key = HACK k _ _ _
Output : Geeks on work
Encryption
• In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
• The message is written out in rows of a fixed length, and then read out again column by column,
and the columns are chosen in some scrambled order.
• Width of the rows and the permutation of the columns are usually defined by a keyword.
• For example, the word HACK is of length 4 (so the rows are of length 4), and the permutation is
defined by the alphabetical order of the letters in the keyword. In this case, the order would be
“3 1 2 4”.
• Any spare spaces are filled with nulls or left blank or placed by a character (Example: _).
• Finally, the message is read off in columns, in the order specified by the keyword.

Decryption
• To decipher it, the recipient has to work out the column lengths by dividing the message length
by the key length.
• Then, write the message out in columns again, then re-order the columns by reforming the key
word.
Steganography
• Simply put, steganography is the practice of “hiding in plain sight.”
Steganography encodes a secret message within another non-secret object in
such a manner as to make the message imperceptible to those who aren’t aware
of its presence.
• Of course, because of this secrecy, steganography generally requires the
recipient to be aware that a message is forthcoming.
• To understand the meaning of steganography, it’s important to know the origins
of the technique. The practice of steganography dates back to ancient Greece,
from which we also get the word itself: a combination of the Greek words
“steganos” (covered or concealed) and “graphein” (writing).
• For example, the Greek historian Herodotus wrote about how Spartan warriors
used steganography to conceal military intelligence from the enemy. The
Spartans would write messages on wood tablets and cover them with wax, hiding
the information in case the messenger was intercepted. The recipient could then
scrape off the wax and easily read the message.
• Steganography, cryptography, and obfuscation are three related terms; they all
refer to practices that make data more difficult to understand. However, these
words are not interchangeable — subtle yet crucial distinctions exist between
them.
• Below are the differences between steganography, cryptography, and
obfuscation:
• Cryptography attempts to encode a message, making it difficult or impossible for
anyone except the intended recipient to decrypt it. The encoding and decoding
process is accomplished using cryptographic keys that translate back and forth
between the true message and its encrypted version.
• Steganography attempts to hide a message within another object. Not only does
steganography seek to make this information harder to understand, but it also
seeks to conceal that a message is being sent in the first place.
• Obfuscation is any technique that prevents third parties from understanding a
message. For example, a program’s source code may be obfuscated by removing
the whitespace, making the message difficult for humans to read.
• Examples of Steganography
• Steganography has been in use for centuries. Basic physical forms of steganography include invisible ink that
can only be read by exposing it to heat and messages written under the postage stamps of an envelope.
• However, clever practitioners of steganography have developed a range of more sophisticated techniques
that work in various mediums. One example is a laser printer’s Machine Identification Code (MIC), a unique
identifier encoded on any printed document using tiny yellow dots that are invisible to the naked eye.
Secret messages can even use the letters of a crossword or the numbers of a sudoku puzzle.
• More recently, digital stenography has emerged as a practice with both legitimate and criminal uses. The
different algorithms in digital steganography include:
• Least significant bit (LSB): In the LSB algorithm, the least significant bit in each byte of a multimedia file
(e.g., an image or audio) is modified to convey a hidden message.
• Multi-access edge computing can also help save on bandwidth costs and improve security by processing
data locally instead of sending it over the network to central servers.
• Discrete Fourier transform (DFT): In the DFT algorithm, information is hidden inside a multimedia file using
the mathematical technique of discrete Fourier transformation.
• The good news for users of steganography is that they don’t have to code these algorithms from scratch.
Instead, different programming languages come with pre-built steganography libraries and frameworks. For
example, the Python Stegano module can hide messages within an image (PyPI), while the
ImageSteganography library does the same for C++ programmers (GitHub, 2022).
What Are the 5 Types of Steganography?
1. Text steganography
• Text steganography conceals a secret message inside a piece of text.
The simplest version of text steganography might use the first letter
in each sentence to form the hidden message. Other text
steganography techniques might include adding meaningful typos or
encoding information through punctuation.
2. Image steganography
• In image steganography, secret information is encoded within a
digital image. This technique relies on the fact that small changes in
image color or noise are very difficult to detect with the human eye.
For example, one image can be concealed within another by using the
least significant bits of each pixel in the image to represent the
hidden image instead.
3. Video steganography
• Video steganography is a more sophisticated version of image steganography
that can encode entire videos. Because digital videos are represented as a
sequence of consecutive images, each video frame can encode a separate image,
hiding a coherent video in plain sight.
4. Audio steganography
• Audio files, like images and videos, can be used to conceal information. One
simple form of audio steganography is “backmasking,” in which secret messages
are played backwards on a track (requiring the listener to play the entire track
backwards). More sophisticated techniques might involve the least significant
bits of each byte in the audio file, similar to image steganography.
5. Network steganography
• Last but not least, network steganography is a clever digital steganography
technique that hides information inside network traffic. For example, data can be
concealed within the TCP/IP headers or payloads of network packets. The sender
can even impart information based on the time between sending different
packets.
Block Cipher Principles
• Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number
of rounds and keys for generating ciphertext. Block cipher is a type of encryption
algorithm that processes fixed-size blocks of data, usually 64 or 128 bits, to produce
ciphertext.
• The design of a block cipher involves several important principles to ensure the security
and efficiency of the algorithm. Some of these principles are:
• Number of Rounds – The number of Rounds is regularly considered in design criteria, it
just reflects the number of rounds to be suitable for an algorithm to make it more
complex, in DES we have 16 rounds ensuring it to be more secure while in AES we have
10 rounds which makes it more secure.
• Design of function F – The core part of the Feistel Block cipher structure is the Round
Function. The complexity of cryptanalysis can be derived from the Round function i.e.
the increasing level of complexity for the round function would be greatly contributing
to an increase in complexity. To increase the complexity of the round function, the
avalanche effect is also included in the round function, as the change of a single bit in
plain text would produce a mischievous output due to the presence of avalanche effect.
• Confusion and Diffusion: The cipher should provide confusion and
diffusion to make it difficult for an attacker to determine the relationship
between the plaintext and ciphertext. Confusion means that the ciphertext
should be a complex function of the key and plaintext, making it difficult to
guess the key. Diffusion means that a small change in the plaintext should
cause a significant change in the ciphertext, which makes it difficult to
analyze the encryption pattern.
• Key Size: The key size should be large enough to prevent brute-force
attacks. A larger key size means that there are more possible keys, making
it harder for an attacker to guess the correct one. A key size of 128 bits is
considered to be secure for most applications.
• Key Schedule: The key schedule should be designed carefully to ensure
that the keys used for encryption are independent and unpredictable. The
key schedule should also resist attacks that exploit weak keys or key-
dependent properties of the cipher.
• Block Size: The block size should be large enough to prevent attacks that
exploit statistical patterns in the plaintext. A block size of 128 bits is
generally considered to be secure for most applications.
• Non-linearity: The S-box used in the cipher should be non-linear to provide
confusion. A linear S-box is vulnerable to attacks that exploit the linear
properties of the cipher.
• Avalanche Effect: The cipher should exhibit the avalanche effect, which
means that a small change in the plaintext or key should cause a significant
change in the ciphertext. This ensures that any change in the input results
in a complete change in the output.
• Security Analysis: The cipher should be analyzed for its security against
various attacks such as differential cryptanalysis, linear cryptanalysis, and
brute-force attacks. The cipher should also be tested for its resistance to
implementation attacks, such as side-channel attacks.
The Data Encryption Standard
• Developed in early 1970’s at IBM and submitted to NBS. DES is
landmark in cryptographic algorithms.
• DES works based on Feistel Cipher Structure.
• DES is symmetric cipher algorithm and use block cipher method for
encryption and decryption.
Key Discarding Process
Steps of DES
Step – 1: 64-bit plain text block is given to Initial
Permutation (IP) function.
Step – 2: IP performed on 64-bit plain text block.
Step – 3: IP produced two halves of the
permuted block known as Left Plain Text (LPT)
and Right Plain Text (RPT).
Step – 4: Each LPT and RPT performed 16-rounds
of encryption process.
Step – 5: LPT and RPT rejoined and Final
Permutation (FP) is performed on combined
block.
Step – 6: 64-bit Cipher text block is generated.
Initial Permutation (IP) & Generate LPT -RPT
• Initial Permutation performed only once. Bit sequence have changed as
per IP table.
• For Example:
✔1st bit takes 40th Position,
✔58th bit take 1st position

• Output of IP is divided into two equal halves known as LPT, RPT. (LPT – 32
bits, RPT – 32 bit)
16 Rounds of Encryption
Step – 1: Key Transformation (56-bit key)
• Key Bit Shifted per round
• Compression Permutation
Step – 2: Expansion permutation of Plain Text
and X-OR (P.T. size: 48 bit, C.T. size: 48 bit)
Step – 3: S-box Substitution
Step – 4: P-box (Permutation)
Step – 5: X-OR and Swap.
Step – 1: Key Bit Shifted per Round
• 56-bit key is divided into two halves each of 28-bits.
• Circular left shift is performed on each half.
• Shifting of Bit position is depending on round.
• For round number 1,2,9 and 16 shifts are done by one position.
• For remaining rounds shift is done by 2 positions.

Compression Permutation
• 56-bit input with bit shifting position
• Generates 48-bit key (Compression of Key bit)
• Drop 9, 18, 22, 25, 35, 38, 43 and 54 bits.
• Generated 48 bits keys are as below:
Step – 2: Expansion Permutation and X-OR
• 32-bit RPT of IP is expanded to 48-bits
• Expansion permutation steps:
• 32-bit RPT is divided into 8-blocks each of 4-bits

• 48-bit RPT is XORed with 48-bit Key and output is given to S-Box.
Step – 3: S-BOX Substitution
Step -4: P-BOX Permutation
• Output of s-box is given to p-box
• 32-bit is permuted with 16 x 2 permutation table
• For Example: 16th bit of S-box takes 1st Position as per below
permutation table.
Step – 5: XOR and SWAP
• 32-bit LPT is XORed with 32-bit p-box.

• 1st round of encryption is completed. Now remaining 15 rounds will be

performed same as 1st round
Final Permutation
• At the end of the 16 rounds, the final permutation is performed (only
once).
• For Example: 40th bit of input takes 1st Position as per below
permutation table.

• The output of the final permutation is the 64-bit encrypted block (64-
bit cipher text block).
Strength of DES
• Key Length (Use of 56-bit Key): 256 Possible Keys (7.2 x 1016 Keys), Brute force attack
takes more than thousand Years
• Use of S-boxes: Complex Structure of S-box, Scope of attack is very less
• DES is Reversible algorithm

Weakness of DES
• Trying all 256 possible keys are not much harder these days. If you spend at least $25 K
you can build DES password crackers that will successes in few hours.
• Two chosen input to an S-box can create the same output.
• The purpose of initial and final permutation is not clear.

Avalanche Effect in DES

• The small change in Plain text or Key produce a significant change in the Cipher text.
• DES Provide a strong Avalanche effect due to complexity of algorithm.
Advanced Encryption Standard (AES)
• Advanced Encryption Standard (AES) is a specification for the encryption of
electronic data established by the U.S National Institute of Standards and
Technology (NIST) in 2001. AES is widely used today as it is a much
stronger than DES and triple DES despite being harder to implement.
Points to remember
1. AES is a block cipher.
2. The key size can be 128/192/256 bits.
3. Encrypts data in blocks of 128 bits each.
• That means it takes 128 bits as input and outputs 128 bits of encrypted
cipher text as output. AES relies on substitution-permutation network
principle which means it is performed using a series of linked operations
which involves replacing and shuffling of the input data.
Working of the cipher :
• AES performs operations on bytes of data rather than in bits. Since the
block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the
input data at a time.
• The number of rounds depends on the key length as follows :
1. 128 bit key – 10 rounds
2. 192 bit key – 12 rounds
3. 256 bit key – 14 rounds
Creation of Round keys :
• A Key Schedule algorithm is used to calculate all the round keys from the
key.
• So the initial key is used to create many different round keys which will be
used in the corresponding round of the encryption.
Encryption :
• AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major
arrangement.
[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]
• Each round comprises of 4 steps :
1. SubBytes
2. ShiftRows
3. MixColumns
4. Add Round Key
• The last round doesn’t have the MixColumns round.
• The SubBytes does the substitution and ShiftRows and MixColumns performs the
permutation in the algorithm.
SubBytes :
• This step implements the substitution.
• In this step each byte is substituted by another byte. Its performed using a lookup table also
called the S-box. This substitution is done in a way that a byte is never substituted by itself and
also not substituted by another byte which is a compliment of the current byte. The result of this
step is a 16 byte (4 x 4 ) matrix like before.
• The next two steps implement the permutation.
ShiftRows :
• This step is just as it sounds. Each row is shifted a particular number of times.
• The first row is not shifted
• The second row is shifted once to the left.
• The third row is shifted twice to the left.
• The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
MixColumns :
• This step is basically a matrix multiplication. Each
column is multiplied with a specific matrix and thus
the position of each byte in the column is changed as
a result.
• This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]
Add Round Keys :
• Now the resultant output of the previous stage is
XOR-ed with the corresponding round key. Here, the
16 bytes is not considered as a grid but just as 128
bits of data.
• After all these rounds 128 bits of encrypted data is
given back as output. This process is repeated until all
the data to be encrypted undergoes this process.
Decryption :
• The stages in the rounds can be easily undone as these stages have an opposite to it which when performed
reverts the changes.Each 128 blocks goes through the 10,12 or 14 rounds depending on the key size.
• The stages of each round in decryption is as follows :
1. Add round key
2. Inverse MixColumns
3. ShiftRows
4. Inverse SubByte
• The decryption process is the encryption process done in reverse so i will explain the steps with notable
differences.
Inverse MixColumns :
• This step is similar to the MixColumns step in encryption, but differs in the matrix used to carry out the
operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]
Inverse SubBytes :
• Inverse S-box is used as a lookup table and using which the bytes are substituted during decryption.
Applications:
• AES is widely used in many applications which require secure data storage and transmission.
Some common use cases include:
1. Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to ensure
data confidentiality and prevent unauthorized access.
2. Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This
helps protect personal information, financial records, and other confidential data from
unauthorized access in case of a data breach.
3. Secure communications: AES is widely used in protocols like such as internet communications,
email, instant messaging, and voice/video calls.It ensures that the data remains confidential.
4. Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and
other storage media, protecting it from unauthorized access in case of loss or theft.
5. Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the
communication between a user’s device and a remote server. It ensures that data sent and
received through the VPN remains private and cannot be deciphered by eavesdroppers.
6. Secure Storage of Passwords: AES encryption is commonly employed to store passwords
securely. Instead of storing plaintext passwords, the encrypted version is stored. This adds an
extra layer of security and protects user credentials in case of unauthorized access to the
storage.
7. File and Disk Encryption: AES is used to encrypt files and folders on computers, external
storage devices, and cloud storage. It protects sensitive data stored on devices or during data
transfer to prevent unauthorized access.
 AES DES
AES stands for Advanced Encryption Standard DES stands for Data Encryption Standard
The date of creation is 2001. The date of creation is 1977.
Byte-Oriented. Bit-Oriented.
Key length can be 128-bits, 192-bits, and 256-bits. The key length is 56 bits in DES.
Number of rounds depends on key length: 10(128-bits), 12(192-bits), or
DES involves 16 rounds of identical operations
14(256-bits)
The structure is based on a substitution-permutation network. The structure is based on a Feistel network.
AES is more secure than the DES cipher and is the de facto world DES can be broken easily as it has known vulnerabilities. 3DES(Triple
standard. DES) is a variation of DES which is secure than the usual DES.
The rounds in AES are: Byte Substitution, Shift Row, Mix Column and The rounds in DES are: Expansion, XOR operation with round key,
Key Addition Substitution and Permutation
AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.
It can generate Ciphertext of 128, 192, 256 bits. It generates Ciphertext of 64 bits.
AES cipher is derived from an aside-channel square cipher. DES cipher is derived from Lucifer cipher.
AES was designed by Vincent Rijmen and Joan Daemen. DES was designed by IBM.
No known crypt-analytical attacks against AES but side channel attacks
Known attacks against DES include Brute-force, Linear crypt-analysis,
against AES implementations possible. Biclique attacks have better
and Differential crypt-analysis.
complexity than brute force but still ineffective.
It is faster than DES. It is slower than AES.
It is flexible. It is not flexible.
It is efficient with both hardware and software. It is efficient only with hardware.
Multiple Encryption DES
• As we know the Data encryption standard (DES) uses 56 bit key to
encrypt any plain text which can be easily be cracked by using
modern technologies.
• To prevent this from happening double DES and triple DES were
introduced which are much more secured than the original DES
because it uses 112 and 168 bit keys respectively.
• They offer much more security than DES.
Double DES:
• Double DES is a encryption technique which
uses two instance of DES on same plain text.
In both instances it uses different keys to
encrypt the plain text. Both keys are required
at the time of decryption.
• The 64 bit plain text goes into first DES
instance which then converted into a 64 bit
middle text using the first key and then it goes
to second DES instance which gives 64 bit
cipher text by using second key.
• However double DES uses 112 bit key but
gives security level of 2^56 not 2^112 and this
is because of meet-in-the middle attack which
can be used to break through double DES.
Triple DES:
• Triple DES is a encryption technique which
uses three instance of DES on same plain
text.
• It uses there different types of key choosing
technique in first all used keys are different
and in second two keys are same and one is
different and in third all keys are same.
• Triple DES is also vulnerable to meet-in-the
middle attack because of which it give total
security level of 2^112 instead of using 168
bit of key.
• The block collision attack can also be done
because of short block size and using same
key to encrypt large size of text. It is also
vulnerable to sweet32 attack.
Block Cipher Modes of Operation
• Encryption algorithms are divided into two categories based on the
input type, as a block cipher and stream cipher.
• Block cipher is an encryption algorithm that takes a fixed size of input
say b bits and produces a ciphertext of b bits again.
• If the input is larger than b bits it can be divided further.
• For different applications and uses, there are several modes of
operations for a block cipher.
1) Electronic Code Book (ECB) –
• Electronic code book is the easiest block
cipher mode of functioning. It is easier
because of direct encryption of each block
of input plaintext and output is in form of
blocks of encrypted ciphertext. Generally,
if a message is larger than b bits in size, it
can be broken down into a bunch of blocks
and the procedure is repeated.
Advantages of using ECB –
• Parallel encryption of blocks of bits is
possible, thus it is a faster way of
encryption.
• Simple way of the block cipher.
Disadvantages of using ECB –
• Prone to cryptanalysis since there is a
direct relationship between plaintext and
ciphertext.
2) Cipher Block Chaining –
• Cipher block chaining or CBC is an
advancement made on ECB since ECB
compromises some security requirements.
• In CBC, the previous cipher block is given as
input to the next encryption algorithm after
XOR with the original plaintext block.
• In a nutshell here, a cipher block is produced
by encrypting an XOR output of the previous
cipher block and present plaintext block.
Advantages of CBC –
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis
than ECB.
Disadvantages of CBC –
• Parallel encryption is not possible since
every encryption requires a previous cipher.
3) Cipher Feedback Mode (CFB) –
• In this mode the cipher is given as feedback to the
next block of encryption with some new
specifications: first, an initial vector IV is used for first
encryption and output bits are divided as a set of s
and b-s bits.
• The left-hand side s bits are selected along with
plaintext bits to which an XOR operation is applied.
The result is given as input to a shift register having b-
s bits to lhs,s bits to rhs and the process continues.
• The encryption and decryption process for the same
is shown below, both of them use encryption
algorithms.
Advantages of CFB –
• Since, there is some data loss due to the use of shift
register, thus it is difficult for applying cryptanalysis.
Disadvantages of using CFB –
• The drawbacks of CFB are the same as those of CBC
mode. Both block losses and concurrent encryption of
several blocks are not supported by the encryption.
Decryption, however, is parallelizable and loss-
tolerant.
4) Output Feedback Mode –
• The output feedback mode follows nearly the same
process as the Cipher Feedback mode except that it
sends the encrypted output as feedback instead of
the actual cipher which is XOR output.
• In this output feedback mode, all bits of the block are
sent instead of sending selected s bits. The Output
Feedback mode of block cipher holds great resistance
towards bit transmission errors.
• It also decreases the dependency or relationship of
the cipher on the plaintext.
Advantages of OFB –
• In the case of CFB, a single bit error in a block is
propagated to all subsequent blocks. This problem is
solved by OFB as it is free from bit errors in the
plaintext block.
Disadvantages of OFB-
• The drawback of OFB is that, because to its
operational modes, it is more susceptible to a
message stream modification attack than CFB.
5) Counter Mode –
• The Counter Mode or CTR is a simple counter-based
block cipher implementation. Every time a counter-
initiated value is encrypted and given as input to
XOR with plaintext which results in ciphertext block.
The CTR mode is independent of feedback use and
thus can be implemented in parallel.
• Its simple implementation is shown below:
Advantages of Counter –
• Since there is a different counter value for each
block, the direct plaintext and ciphertext
relationship is avoided. This means that the same
plain text can map to different ciphertext.
• Parallel execution of encryption is possible as
outputs from previous stages are not chained as in
the case of CBC.
Disadvantages of Counter-
• The fact that CTR mode requires a synchronous
counter at both the transmitter and the receiver is a
severe drawback. The recovery of plaintext is
erroneous when synchronisation is lost.
Applications of Block Ciphers
1. Data Encryption: Block Ciphers are widely used for the encryption of private and sensitive data
such as passwords, credit card details and other information that is transmitted or stored for a
communication. This encryption process converts a plain data into non-readable and complex
form. Encrypted data can be decrypted only by the authorised person with the private keys.
2. File and Disk Encryption: Block Ciphers are used for encryption of entire files and disks in order
to protect their contents and restrict from unauthorised users. The disk encryption softwares
such as BitLocker, TrueCrypt aslo uses block cipher to encrypt data and make it secure.
3. Virtual Private Networks (VPN): Virtual Private Networks (VPN) use block cipher for the
encryption of data that is being transmitted between the two communicating devices over the
internet. This process makes sure that data is not accessed by unauthorised person when it is
being transmitted to another user.
4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS protocols use block
ciphers for encryption of data that is transmitted between web browsers and servers over the
internet. This encryption process provides security to confidential data such as login
credentials, card information etc.
5. Digital Signatures: Block ciphers are used in the digital signature algorithms, to provide
authenticity and integrity to the digital documents. This encryption process generates the
unique signature for each document that is used for verifying the authenticity and detecting if
any malicious activity is detected.
Stream Ciphers
• In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits
are encrypted at a time.
• Initially, a key(k) will be supplied as input to pseudorandom bit generator and
then it produces a random 8-bit output which is treated as keystream.
• The resulted keystream will be of size 1 byte, i.e., 8 bits.
• Stream Cipher follows the sequence of pseudorandom number stream.
• One of the benefits of following stream cipher is to make cryptanalysis more
difficult, so the number of bits chosen in the Keystream must be long in order to
make cryptanalysis more difficult.
• By making the key more longer it is also safe against brute force attacks.
• The longer the key the stronger security is achieved, preventing any attack.
• Keystream can be designed more efficiently by including more number of 1s and
0s, for making cryptanalysis more difficult.
• Considerable benefit of a stream cipher is, it requires few lines of
code compared to block cipher.
Encryption :
• Plain Text and Keystream produces Cipher Text (Same keystream will
be used for decryption.).
• The Plaintext will undergo XOR operation with keystream bit-by-bit
and produces the Cipher Text.
• Example –
Plain Text : 10011001
Keystream : 11000011
`````````````````````
Cipher Text : 01011010
Decryption :
• Cipher Text and Keystream gives the original Plain Text (Same
keystream will be used for encryption.).
• The Ciphertext will undergo XOR operation with keystream bit-by-bit
and produces the actual Plain Text.
• Example –
Cipher Text : 01011010
Keystream : 11000011
``````````````````````
Plain Text : 10011001
• Decryption is just the reverse process of Encryption i.e. performing
XOR with Cipher Text.
Public-Key Cryptography and RSA
Cryptosystems
• A cryptosystem is an implementation of cryptographic techniques
and their accompanying infrastructure to provide information
security services.
• A cryptosystem is also referred to as a cipher system.
• This basic model is depicted in the illustration below −
• The illustration shows a sender who wants to transfer some sensitive
data to a receiver in such a way that any party intercepting or
eavesdropping on the communication channel cannot extract the data.
• The objective of this simple cryptosystem is that at the end of the
process, only the sender and the receiver will know the plaintext.
• The various components of a basic cryptosystem are as follows −
1. Plaintext. It is the data to be protected during transmission.
2. Encryption Algorithm. It is a mathematical process that produces a ciphertext for any given plaintext
and encryption key. It is a cryptographic algorithm that takes plaintext and an encryption key as input
and produces a ciphertext.
3. Ciphertext. It is the scrambled version of the plaintext produced by the encryption algorithm using a
specific the encryption key. The ciphertext is not guarded. It flows on public channel. It can be
intercepted or compromised by anyone who has access to the communication channel.
4. Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for any given
ciphertext and decryption key. It is a cryptographic algorithm that takes a ciphertext and a decryption
key as input, and outputs a plaintext. The decryption algorithm essentially reverses the encryption
algorithm and is thus closely related to it.
5. Encryption Key. It is a value that is known to the sender. The sender inputs the encryption key into the
encryption algorithm along with the plaintext in order to compute the ciphertext.
6. Decryption Key. It is a value that is known to the receiver. The decryption key is related to the
encryption key, but is not always identical to it. The receiver inputs the decryption key into the
decryption algorithm along with the ciphertext in order to compute the plaintext.
• For a given cryptosystem, a collection of all possible decryption keys is called a key space.
• An interceptor (an attacker) is an unauthorized entity who attempts to determine the plaintext. He can
see the ciphertext and may know the decryption algorithm. He, however, must never know the
decryption key.
Types of Cryptosystems
• Fundamentally, there are two types of cryptosystems based on the
manner in which encryption-decryption is carried out in the system
1. Symmetric Key Encryption
2. Asymmetric Key Encryption
• The main difference between these cryptosystems is the
relationship between the encryption and the decryption key.
• Logically, in any cryptosystem, both the keys are closely associated.
• It is practically impossible to decrypt the ciphertext with the key
that is unrelated to the encryption key.
Symmetric Key Encryption
• The encryption process
where same keys are used for
encrypting and decrypting the
information is known as
Symmetric Key Encryption.
• The study of symmetric
cryptosystems is referred to
as symmetric cryptography.
Symmetric cryptosystems are
also sometimes referred to
as secret key cryptosystems.
• A few well-known examples of
symmetric key encryption
methods are − Digital Encryption
Standard (DES), Triple-DES
(3DES), IDEA etc.
• Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its
relevance is very high and it is being used extensively in many cryptosystems. It is very
unlikely that this encryption will fade away, as it has certain advantages over
asymmetric key encryption.
• The salient features of cryptosystem based on symmetric key encryption are −
• Persons using symmetric key encryption must share a common key prior to exchange
of information.
• Keys are recommended to be changed regularly to prevent any attack on the system.
• A robust mechanism needs to exist to exchange the key between the communicating
parties. As keys are required to be changed regularly, this mechanism becomes
expensive and cumbersome.
• In a group of n people, to enable two-party communication between any two persons,
the number of keys required for group is n × (n – 1)/2.
• Length of Key (number of bits) in this encryption is smaller and hence, process of
encryption-decryption is faster than asymmetric key encryption.
• Processing power of computer system required to run symmetric algorithm is less.
Challenge of Symmetric Key Cryptosystem
• There are two restrictive challenges of employing symmetric key
cryptography.
1. Key establishment − Before any communication, both the sender and
the receiver need to agree on a secret symmetric key. It requires a
secure key establishment mechanism in place.
2. Trust Issue − Since the sender and the receiver use the same symmetric
key, there is an implicit requirement that the sender and the receiver
‘trust’ each other. For example, it may happen that the receiver has lost
the key to an attacker and the sender is not informed.
• These two challenges are highly restraining for modern day
communication. Today, people need to exchange information with non-
familiar and non-trusted parties.
• For example, a communication between online seller and customer.
These limitations of symmetric key encryption gave rise to asymmetric
key encryption schemes.
Asymmetric Key Encryption
• The encryption process
where different keys are used
for encrypting and decrypting
the information is known as
Asymmetric Key Encryption.
• Though the keys are different,
they are mathematically related
and hence, retrieving the
plaintext by decrypting ciphertext
is feasible.
• The process is depicted in the
following illustration −
• Asymmetric Key Encryption was invented in the 20th century to come over the
necessity of pre-shared secret key between communicating persons. The salient
features of this encryption scheme are as follows −
• Every user in this system needs to have a pair of dissimilar keys, private key and public
key. These keys are mathematically related − when one key is used for encryption, the
other can decrypt the ciphertext back to the original plaintext.
• It requires to put the public key in public repository and the private key as a well-
guarded secret. Hence, this scheme of encryption is also called Public Key Encryption.
• Though public and private keys of the user are related, it is computationally not
feasible to find one from another. This is a strength of this scheme.
• When Host1 needs to send data to Host2, he obtains the public key of Host2 from
repository, encrypts the data, and transmits.
• Host2 uses his private key to extract the plaintext.
• Length of Keys (number of bits) in this encryption is large and hence, the process of
encryption-decryption is slower than symmetric key encryption.
• Processing power of computer system required to run asymmetric algorithm is higher.
Relation between Encryption Schemes
• A summary of basic key properties of two types of cryptosystems is
given below −
Symmetric Cryptosystems Public Key Cryptosystems
Relation between Keys Same Different, but mathematically
related
Encryption Key Symmetric Public
Decryption Key Symmetric Private

• Due to the advantages and disadvantage of both the systems,

symmetric key and public-key cryptosystems are often used
together in the practical information security systems.
Principles of Public-Key
• Public Key Cryptography is a cryptographic technique that involves ‘two
distinct keys’ for encryption and decryption. That’s why it is also known
as asymmetric-key cryptography.
• The public key cryptography is totally based on the ‘invertible
mathematical’ function which makes it different from the conventional
symmetric key cryptography.
• It is not that symmetric key cryptosystem is less efficient than public key
or the public key cryptosystem is superior.
• The security of any cryptosystem depends only the length of key and
computation required in cracking the encrypted cipher text.
• In this section, we will be discussing the public key cryptography in brief
along with its requirement, application and cryptanalysis.
• There are two basic principles of any cryptosystem i.e. confidentiality and
authenticity. We have seen that the symmetric cryptosystem has a
problem associated with these two principles.
• In symmetric cryptography, the problem associated with confidentiality is
that we all know in symmetric cryptography a secret key is used to
encrypt as well as decrypt the message.
• So, this key must be shared by both the communicating parties by any
means or they must rely on a third party for the distribution of the key
i.e. key distribution centre.
• But relying on a third party again risk the secrecy of the secret key.
• Symmetric key also had an issue with authentication. To become
widespread there was a need for digital signatures that assure all parties
that a particular message has been sent from a particular person.
• The public key cryptosystem is successful in achieving both these
principles i.e. confidentiality and authenticity. Let us discuss how?
• We begin with first, encrypting the message using the senders private key. Now, as the
message is encrypted using the sender’s private key it is confirmed that the message
has been prepared by the sender. This does the function of the digital signature.
E(PRS, M)
• Nobody is able o modify the message without having the sender’s private key. So,
public key cryptosystem has achieved authentication in both the terms data integrity
and source.
• Now, the message that was first encrypted with the sender’s private key is again
encrypted using the intended receiver’s public key.
M’ = E(PUR ,E(PRS, M)
• The final cipher text can only be decrypted by the intended receiver’s private key
which is only known to him. In this way, the public key cryptography achieves
confidentiality.
• The decryption of the final cipher text is:
M = D(PUS, D(PRR, M’)
• There is a drawback with this approach. We all know that the public key cryptosystem
is based on mathematical function and has too much of computation which makes it
complex. To achieve both confidentiality and authenticity the public key algorithm has
to be applied four times.
• Public key Cryptosystem: Any public key cryptographic algorithm has six elements as follow:
Plain Text
• This is a readable message which is given as input to the algorithm. In a public key algorithm,
the plain text is encrypted in blocks.
Encryption Algorithm
• The encryption algorithm is implemented on the plain text which performs several
transformations on plain text.
Public and Private keys
• These are the set of keys among which if one is used for encryption the other would be used
for decryption. The transformation of plain text by encryption algorithm depends on the key
chosen from the set to encrypt the plain text.
Cipher Text
• This is the output of encryption algorithm. The generated cipher text totally depends on the
key selected from the set of the public and private key. Both of these keys, one at a time with
plain text would produce different cipher texts.
Decryption Algorithm
• This would accept the output of the encryption algorithm i.e. the cipher text and will apply the
related key to produce the original plain text.
• Now let us discuss the steps in public key cryptography.
Step 1: Each user has to generate two keys one of which will be used for
encryption and other for decryption of messages.
Step 2: Each user has a pair of keys, among which one has to be made public by
each user. And the other has to be kept secret.
Step 3: If a user has to send a message to a particular receiver then the sender
must encrypt the message using the intended receivers public key and then send
the encrypted message to the receiver.
Step 4: On receiving the message, the receiver has to decrypt the message using
his private key.

• In public key cryptography, there is no need for key distribution as we have

seen in symmetric key cryptography.
• As long as this private key is kept secret no one can interpret the message. In
future, the user can change its private key and publish its related public key in
order to replace the old public key.
Public Key Cryptography Requirements
• To accomplish the public key cryptography there are following requirements as
discussed below.
• The computation of the pair of keys i.e. private key and the public key must be
easy.
• Knowing the encryption algorithm and public key of the intended receiver,
computation of cipher text must be easy.
• For a receiver of the message, it should be computationally easy to decrypt the
obtained cipher text using his private key.
• It is also required that any opponent in the network knowing the public key
should be unable to determine its corresponding private key.
• Having the cipher text and public key an opponent should be unable to
determine the original message.
• The two keys i.e. public and private key can be implemented in both orders
D[PU, E(PR, M)] = D[PR, E(PU, M)]
Public Key Cryptosystem Applications
• In public key cryptography, every user has to generate a pair of keys among which one
is kept secret known as a private key and other is made public hence called as a public
key. Now, the decision of whether the sender’s private key or receiver’s pubic key will
be used to encrypt the original message depends totally on application.
• We can classify the applications of the public key cryptosystem as below:
a. Encryption/Decryption
• If the purpose of an application is to encrypt and decrypt the message then the sender
has to encrypt the message using the intended receivers public and the receiver can
decrypt the message using his own private key.
b. Digital Signature
• If the purpose of the application is to authenticate the user then the message is signed
or encrypted using the senders private key. As only the sender can have its private key,
it assures all parties that the message is sent by the particular person.
c. Key Exchange
• The two communicating parties exchange a secret key (maybe a private key) for
symmetric encryption to secure a particular transaction. This secret key is valid for a
short period.
Public Key Cryptanalysis
• To prevent the brute force attack the key size must be kept large enough so that it would be impractical
for an adversary to calculate the encryption and decryption. But the key size should not be so large such
that it would become impractical to compute practical encryption and decryption.
• Another type of attack in public key cryptography is that the adversary would try to compute private key
knowing the public key.
• One more type of attack is probable message attack. If an adversary knows that the encrypted message
from a particular sender is a 56-bit key. Then he would simply encrypt all possible 56-bit keys using the
sender’s public key as the public key is known to all. And then match all the encrypted messages with the
cipher text. This type of attack can be prevented by appending some random bits to the original message.

Key Takeaways
• Public key cryptosystem is one which involves two separate keys for encryption and decryption.
• Each user participating in the communication has to generate two keys, one is to be kept secret (private
key) and one is to make public (public key).
• Public key cryptosystem can achieve both confidentiality and authenticity.
• The public key cryptosystem is based on invertible mathematics so it has too much of computation.
• Large key size reduces the probability of brute force attack in public key cryptosystem
• Examples of public key cryptosystem are RSA, Diffie-Hellman, DSS and Elliptic curve.
The RSA Algorithm
• RSA encryption algorithm is a type of public-key encryption algorithm. To
better understand RSA, lets first understand what is public-key encryption
algorithm.
• Each sender is assigned a pair of keys:
1. Public key
2. Private key
• The Public key is used for encryption, and the Private Key is used for
decryption.
• Decryption cannot be done using a public key. The two keys are linked, but the
private key cannot be derived from the public key. The public key is well
known, but the private key is secret and it is known only to the user who owns
the key.
• It means that everybody can send a message to the user using user's public key.
But only the user can decrypt the message using his private key.
• The Public key algorithm operates in the following manner:
1. The data to be sent is encrypted by sender A using the public key
of the intended receiver
2. B decrypts the received ciphertext using its private key, which is
known only to B. B replies to A encrypting its message using A's
public key.
3. A decrypts the received ciphertext using its private key, which is
known only to him.
RSA encryption algorithm:
• RSA is the most common public-key algorithm, named after its
inventors Rivest, Shamir, and Adelman (RSA).
RSA algorithm uses the following procedure to generate public and private keys:
• Select two large prime numbers, p and q.
• Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption.
• Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1)
x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n),
gcd (e,d(n)) =1
• If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. To
find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
• Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each of
which is encrypted separately.
• To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
• The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To calculate plain
text m from the ciphertext c following formula is used to get plain text m.
m = cd mod n
Example 1:
• This example shows how we can encrypt plaintext 9 using the RSA public-key encryption
algorithm. This example uses prime numbers 7 and 11 to generate the public and private keys.
Explanation:
Step 1: Select two large prime numbers, p, and q.
p = 7 q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n = p x q = 7 x 11 = 77
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1) = 6 x 10 = 60
Let us now choose relative prime e of 60 as 7.
Thus the public key is <e, n> = (7, 77)
Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext
from the plain text following formula is used to get ciphertext C.
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 97 mod 77 = 37
Step 5: The private key is <d, n>. To determine the private key, we use the following
formula d such that:
de mod {(p - 1) x (q - 1)} = 1
7d mod 60 = 1, which gives d = 43
The private key is <d, n> = (43, 77)
Step 6: A ciphertext message C is decrypted using private key <d, n>. To calculate plain
text m from the ciphertext c following formula is used to get plain text m.
m = Cd mod n
m = 3743 mod 77 = 9
In this example, Plain text = 9 and the ciphertext = 37
Example 2:
• In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to generate the public and
private keys. If the public of A is 35. Then the private key of A is ……………?.
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p = 13 q = 17
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption.
First, we calculate
n=pxq
n = 13 x 17 = 221
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p -
1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d
(n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (13 - 1) x (17 - 1)
φ (n) = 12 x 16 = 192
g.c.d (35, 192) = 1
Step 4: To determine the private key, we use the following formula to calculate the d such that:
Calculate d = de mod φ (n) = 1
d = d x 35 mod 192 = 1
d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]
Put k = 0
d = (1 + 0 x 192)/35
d = 1/35
Put k = 1
d = (1 + 1 x 192)/35
d = 193/35
Put k = 2
d = (1 + 2 x 192)/35
d = 385/35 = 11
The private key is <d, n> = (11, 221)
Hence, private key i.e. d = 11
Example 3:
• A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key =
7. What is the value of cipher text for a plain text?
Explanation:
Step 1: In the first step, select two large prime numbers, p and q.
p=3 q = 13
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption.
First, we calculate
n = p x q = 3 x 13 = 39
Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>.
Thus the public key is <e, n> = (3, 39).
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 53 mod 39
C = 125 mod 39
C=8
Hence, the ciphertext generated from plain text, C = 8.
Example 4:
• A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is
the value of ciphertext for a plain text 5 using the RSA public-key encryption algorithm?
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p = 3 q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n = p x q = 3 x 11 = 33
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1< e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
= (3 - 1) x (11 - 1)
= 2 x 10 = 20
Step 4: To determine the public key, we use the following formula to calculate the
d such that:
Calculate e x d = 1 mod φ (n)
e x 7 = 1 mod 20
e = (1 + k. φ (n))/ d) [let k =0, 1, 2, 3………………]
Put k = 0
e = (1 + 0 x 20) / 7
= 1/7
Put k = 1
e = (1 + 1 x 20) / 7
= 21/7
=3
The public key is <e, n> = (3, 33)
Hence, public key i.e. e = 3