NIS Unit 3
NIS Unit 3
Cryptography
Cryptography is technique of securing information and communications through use of
codes so that only those people for whom the information is intended can understand it
and process it. Thus, preventing unauthorized access to information. The prefix “crypt”
means “hidden” and suffix graphy means “writing”. In Cryptography the techniques which
are used to protect information are obtained from mathematical concepts and a set of
rule-based calculations known as algorithms to convert messages in ways that make it
hard to decode it. These algorithms are used for cryptographic key generation, digital
signing, verification to protect data privacy, web browsing on internet and to protect
confidential transactions such as credit card and debit card transactions.
Techniques used For Cryptography: In today’s age of computers cryptography is often
associated with the process where an ordinary plain text is converted to cipher text which
is the text made such that intended receiver of the text can only decode it and hence this
process is known as encryption. The process of conversion of cipher text to plain text this
is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality: Information can only be accessed by the person for whom it is
intended and no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between
sender and intended receiver without any addition to information being
detected.
3. Non-repudiation: The creator/sender of information cannot deny his intention
to send information at later stage.
4. Authentication: The identities of sender and receiver are confirmed. As well as
destination/origin of information is confirmed.
The most obvious use of cryptography, and the one that all of us use frequently,
is encrypting communications between us and another system. This is most commonly
used for communicating between a client program and a server. Examples are a web
browser and web server, or email client and email server.
Cryptology is the study of codes, both creating and solving them. Cryptography is the art
of creating codes. Cryptanalysis is the art of surreptitiously revealing the contents of coded
messages, breaking codes, that were not intended for you as a recipient. Secondly, there are
nomenclators and enciphers.
1
S.NO Encryption Decryption
Encryption is the process which While decryption is the process which take place
take place at sender’s end. at receiver’s end.
2.
Its major task is to convert the While its main task is to convert the cipher text
3. plain text into cipher text. into plain text.
The same algorithm with the The only single algorithm is used for encryption-
same key is used for the decryption with a pair of keys where each use for
encryption-decryption process. encryption and decryption.
6.
2
Substitution Cipher Technique
In the Substitution Cipher technique, each character is substituted with other
character/number or other symbol. This technique changes the identity of a character but
not its position in the string.
A substitution cipher encrypts a text sequence by replacing letters or units of text with other
letters or units of text. Substitution ciphers are an early form of cryptography that predates
the development of computers and are now largely outdated.
Like B or C, a letter is converted into another letter in a substitution cipher, encrypting the
sequence for a human reader. The problem is that basic substitution ciphers do not encrypt
adequately in terms of computer assessment.
Substitution ciphers became relatively easy for computers to crack with the emergence of
the personal computer. However, some of the substitution cipher's concepts have persisted,
for example, some versions of current encryption may encrypt data using an extensive text
set and a very clever substitution.
3
Difference between Substitution and Transposition Cipher Technique
Detection A letter less frequently used can be A letter near to original position
easily traced. can be easily traced.
4
Examples:
Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Text: ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
Advantages:
• Easy to implement and use thus, making suitable for beginners to learn about
encryption.
• Can be physically implemented, such as with a set of rotating disks or a set of
cards, known as a scytale, which can be useful in certain situations.
• Requires only a small set of pre-shared information.
• Can be modified easily to create a more secure variant, such as by using a
multiple shift values or keywords.
Disadvantages:
• It is not secure against modern decryption methods.
• Vulnerable to known-plaintext attacks, where an attacker has access to both
the encrypted and unencrypted versions of the same messages.
• The small number of possible keys means that an attacker can easily try all
possible keys until the correct one is found, making it vulnerable to a brute
force attack.
• It is not suitable for long text encryption as it would be easy to crack.
• It is not suitable for secure communication as it is easily broken.
• Does not provide confidentiality, integrity, and authenticity in a message.
Algorithm for Caesar Cipher:
Input:
1. A String of lower-case letters, called Text.
2. An Integer between 0-25 denoting the required shift.
Procedure:
• Traverse the given text one character at a time.
• For each character, transform the given character as per the rule, depending on
whether we’re encrypting or decrypting the text.
• Return the new string generated.
5
A program that receives a Text (string) and Shift value(integer) and returns the encrypted
text.
//A Java Program to illustrate Caesar Cipher Technique
class CaesarCipher
{
// Encrypts text using a shift of s
public static StringBuffer encrypt(String text, int s)
{
StringBuffer result= new StringBuffer();
// Driver code
public static void main(String[] args)
{
String text = "ATTACKATONCE";
int s = 4;
System.out.println("Text : " + text);
System.out.println("Shift : " + s);
System.out.println("Cipher: " + encrypt(text, s));
}
}
How to decrypt?
We can either write another function decrypt similar to encrypt, that’ll apply the given
shift in the opposite direction to decrypt the original text. However, we can use the cyclic
property of the cipher under modulo, hence we can simply observe
Cipher(n) = De-cipher(26-n)
Hence, we can use the same function to decrypt, instead, we’ll modify the shift value such
that shift = 26-shift
6
Columnar Transposition technique
The Columnar Transposition Cipher is a form of transposition cipher just like Rail Fence
Cipher. Columnar Transposition involves writing the plaintext out in rows, and then
reading the ciphertext off in columns one by one.
Encryption
In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-
text.
1. The message is written out in rows of a fixed length, and then read out again
column by column, and the columns are chosen in some scrambled order.
2. Width of the rows and the permutation of the columns are usually defined by a
keyword.
3. For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword.
In this case, the order would be “3 1 2 4”.
4. Any spare spaces are filled with nulls or left blank or placed by a character
(Example: _).
5. Finally, the message is read off in columns, in the order specified by the
keyword.
Decryption
1. To decipher it, the recipient has to work out the column lengths by dividing the
message length by the key length.
2. Then, write the message out in columns again, then re-order the columns by
reforming the key word.
7
S.NO Substitution Cipher Technique Transposition Cipher Technique
Steganography
Steganography is the technique of hiding secret data within an ordinary, non-secret, file or
message in order to avoid detection; the secret data is then extracted at its destination. The
use of steganography can be combined with encryption as an extra step for hiding or
protecting data. The word steganography is derived from the Greek
words steganos (meaning hidden or covered) and the Greek root graph (meaning to write).
Steganography can be used to conceal almost any type of digital content, including text,
image, video or audio content; the data to be hidden can be hidden inside almost any other
type of digital content. The content to be concealed through steganography -- called hidden
text -- is often encrypted before being incorporated into the innocuous-seeming cover
text file or data stream. If not encrypted, the hidden text is commonly processed in some
way in order to increase the difficulty of detecting the secret content.
Forms of steganography have been used for centuries and include almost any technique for
hiding a secret message in an otherwise harmless container. For example, using invisible ink
to hide secret messages in otherwise inoffensive messages; hiding documents recorded on
8
microdot -- which can be as small as 1 millimetre in diameter -- on or inside legitimate-
seeming correspondence; and even by using multiplayer gaming environments to share
information.
In modern digital steganography, data is first encrypted or obfuscated in some other way
and then inserted, using a special algorithm, into data that is part of a particular file format
such as a JPEG image, audio or video file. The secret message can be embedded into
ordinary data files in many different ways. One technique is to hide data in bits that
represent the same colour pixels repeated in a row in an image file. By applying the
encrypted data to this redundant data in some inconspicuous way, the result will be an
image file that appears identical to the original image but that has "noise" patterns of
regular, unencrypted data.
While there are many different uses of steganography, including embedding sensitive
information into file types, one of the most common techniques is to embed a text file into
an image file. When this is done, anyone viewing the image file should not be able to see a
difference between the original image file and the encrypted file; this is accomplished by
storing the message with less significant bites in the data file. This process can be completed
manually or with the use of a steganography tool.
Steganography is distinct from cryptography, but using both together can help improve the
security of the protected information and prevent detection of the secret communication. If
steganographically-hidden data is also encrypted, the data may still be safe from detection -
- though the channel will no longer be safe from detection. There are advantages to using
steganography combined with encryption over encryption-only communication.
The primary advantage of using steganography to hide data over encryption is that it helps
obscure the fact that there is sensitive data hidden in the file or other content carrying the
9
hidden text. Whereas an encrypted file, message or network packet payload is clearly
marked and identifiable as such, using steganographic techniques helps to obscure the
presence of the secure channel.
10
The various terms used to describe image steganography include:
• Message - Real data that you can mask within pictures. The message may be in
the form of standard text or an image.
• Embedding text in a picture (like an artist hiding their initials in a painting they’ve
done)
• Embedding a secret message in either the green, blue, or red channels of an RRB
image
Steganography can be used both for constructive and destructive purposes. For example,
education and business institutions, intelligence agencies, the military, and certified ethical
hackers use steganography to embed confidential messages and information in plain sight.
On the other hand, criminal hackers use steganography to corrupt data files or hide
malware in otherwise innocent documents. For example, attackers can use BASH and
PowerShell scripts to launch automated attacks, embedding scripts in Word and Excel
documents. When a poor, unsuspecting user clock one of those documents open, they
activate the secret, hidden script, and chaos ensues. This process is a favoured ransomware
delivery method.
11
Symmetric and Asymmetric Cryptography
At its simplest, encryption simply means to use a key to encrypt data. This key is then
required to decrypt the information as well. If the recipient doesn't have the key, they can't
decrypt the data once it arrives at its destination. If you're new to the world of data
encryption, you should also check out these basic encryption terms to gain a better
understanding.
For instance, if you encrypt an email and send it to a person, they should also receive the
encryption key, otherwise they simply can't view the contents of the email. Symmetric
encryption is the simplest form of encryption, since it requires a single key to encrypt or
decrypt information.
As you can probably guess, symmetric equation is a relatively old form of encryption,
utilizing a secret key that can be an alphanumeric string, a number, or a word. It's also quite
effective, and can even be used for full-disk encryption.
In most cases, the typical length of a symmetric encryption key is either 128 or 256 bits.
Since only a single key is used, it doesn't require lots of resources to encrypt the information
either.
There is also a risk that a hacker may receive bits of information that they can use to
construct the encryption key themselves. This causes issues with scaling since you can't
share the key with others.
12
Asymmetric Encryption
Instead of relying on a single shared key, asymmetric encryption uses a couple of related
keys. This includes a public and a private key, which automatically makes it more secure than
symmetric encryption.
The public key is available to all parties, and is used for decrypting the plain text message
before it is sent. But, in order to decrypt the actual message and read it, the parties must
have access to the private key.
While there's a mathematical relationship between the public and the private key, hackers
can't derive the private key using the information from the public key.
For instance, you can make available a public key to anyone who wishes to send you a
message. But, the second key is kept secret, so only you know that one. Thus, when a
message is encrypted and sent using the public key, a private key must also be required to
decrypt it fully.
It's important to understand that the private key is only known to the person who owns it.
Even the sender doesn't know the private key and can't decrypt the file once it is sent. Every
authorized party in this exchange has their own private key that they can use to decrypt
information.
However, a significant reason why asymmetric encryption is considered more secure and
reliable is because it doesn't involve the exchange of public keys between multiple parties.
Even if a hacker gains access to a public key, there's no risk of them using it for decrypting
the data (since the public key is used for encryption only), as they don't know the private
keys.
More importantly, asymmetric encryption also supports digital signature algorithms and
authentication, unlike symmetric encryption. This allows users to digitally sign documents or
13
messages using their private keys, and others can use the corresponding public keys to
confirm that the signatures are authentic and came from the verified sender.
This has to do with the longer key lengths, and more importantly, the mathematical
calculations involved in asymmetric encryption are considerably more complex, which
means they require more CPU resources for decryption.
Even though there's a link between the public and private keys, asymmetric encryption
relies primarily on longer key lengths to beef up security. It's essentially a compromise
between speed and security.
For instance, as mentioned above, symmetric encryption relies on 128 or 256-bit keys. In
comparison, the RSA encryption key size is generally 2048 bits or higher. And, with quantum
computers seemingly becoming a reality very soon, even that might not be enough to
protect information.
Block Cipher and Stream Cipher belongs to the symmetric key cipher. These two block
ciphers and stream cipher are the methods used for converting the plain text into
ciphertext.
The main difference between a Block cipher and a Stream cipher is that a block cipher
converts the plain text into cipher text by taking plain text’s block at a time. While stream
cipher Converts the plain text into cipher text by taking 1 byte of plain text at a time.
Difference between Block cipher and Stream cipher
Block Cipher Converts the plain text Stream Cipher Converts the plain
1. into cipher text by taking plain text into cipher text by taking 1
text’s block at a time. byte of plain text at a time.
14
S.NO Block Cipher Stream Cipher
Block cipher Uses confusion as well While stream cipher uses only
4.
as diffusion. confusion.
The algorithm modes which are The algorithm modes which are
used in block cipher are ECB used in stream cipher are CFB
6.
(Electronic Code Book) and CBC (Cipher Feedback) and OFB
(Cipher Block Chaining). (Output Feedback).
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64
bits of plain text go as the input to DES, which produces 64 bits of ciphertext. The same
algorithm and key are used for encryption and decryption, with minor differences. The key
length is 56 bits.
DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which
15
is called a round. Each round performs the steps of substitution and transposition. Let us
now discuss the broad-level steps in DES.
• In the first step, the 64-bit plain text block is handed over to an initial
Permutation (IP) function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the permuted block;
saying Left Plain Text (LPT) and Right Plain Text (RPT).
• Now each LPT and RPT go through 16 rounds of the encryption process.
• In the end, LPT and RPT are re-joined and a Final Permutation (FP) is performed
on the combined block
• The result of this process produces 64-bit ciphertext.
The initial permutation (IP) happens only once and it happens before the first round. It
suggests how the transposition in IP should proceed, as shown in the figure. For example,
it says that the IP replaces the first bit of the original plain text block with the 58th bit of
the original plain text, the second bit with the 50th bit of the original plain text block, and
so on.
This is nothing but jugglery of bit positions of the original plain text block. the same rule
applies to all the other bit positions shown in the figure.
16
As we have noted after IP is done, the resulting 64-bit permuted text block
is divided into two half blocks. Each half-block consists of 32 bits, and each
of the 16 rounds, in turn, consists of the broad-level steps outlined in the
figure.
17
which uses the same key for both encryption and decryption. One of the main advantages
is that it eliminates the need to exchange secret keys, which can be a challenging process,
especially when communicating with multiple parties. Additionally, asymmetric encryption
allows for the creation of digital signatures, which can be used to verify the authenticity of
data. Asymmetric encryption is commonly used in various applications, including secure
online communication, digital signatures, and secure data transfer. Examples of asymmetric
encryption algorithms include RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC).
Asymmetric encryption, commonly known as public-key cryptography, employs two distinct
keys for encryption and decoding. The private key is a separate key from the public key that
is kept private by the owner of the public key while the public key is made available to
everyone. Anyone can encrypt a message using the public key, but only the holder of the
private key can unlock it. With no chance of the communication being intercepted and read
by a third party, anyone can send a secure message to the public key’s owner. Asymmetric
encryption is frequently used for secure internet communication, including email
encryption, e-commerce, and online banking. Digital signatures, which are used to confirm
the legitimacy of digital documents and messages, are another application for it.
18
• Authentication: Asymmetric encryption can be used for authentication
purposes which means that the receiver can verify the sender s identity. This is
achieved by the sender encrypting a message with their private key which can
only be decrypted with their public key if the receiver can successfully decrypt
the message, it proves that it was sent by the sender who has the corresponding
private key.
• Non-repudiation: Asymmetric encryption also provides non-repudiation which
means that the sender cannot deny sending a message or altering its contents
this is because the message is encrypted with the sender s private key and only
their public key can decrypt it . Therefore, the receiver can be sure that the
message was sent by the sender and has not been tampered with.
• Key distribution: Asymmetric encryption eliminates the need for a secure key
distribution system that is required in symmetric encryption with symmetric
encryption, the same key is used for both encryption and decryption and the key
needs to be securely shared between the sender and the receiver asymmetric
encryption, on the other hand, allows the public key to be shared openly and the
private key is kept secret by the receiver.
• Versatility: Asymmetric encryption can be used for a wide range of applications
including secure email communication online banking transactions and e-
commerce it is also used to secure SSL/TSL connections which are commonly
used to secure internet traffic.
Overall, the use of asymmetric encryption offers enhanced security authentication non-
repudiation key distribution, and versatility these advantages make it a widely used and
effective method for protecting sensitive data in various applications.
Digital Signature
Digital signatures are the newer, faster, better way of signing documents online. They cut
your costs, require less time, are more environmentally friendly, and make the whole
process easier and faster for everyone involved.
Digital signatures are the digital equivalent of regular ink signatures. Just like ink signatures
signal your approval or involvement in a paper document and its contents, a digital
signature does the same on digital documents.
19
And they do it far better than ink signatures can.
Digital signatures use a Public Key Infrastructure (PKI), a standard format that provides high
security and acceptance to your document. This combination of a public key and a private
key is what makes a digital signature so safe.
Through the PKI and the processes involved in creating electronic signatures and storing
digitally signed documents, you can be sure that your signature cannot be forged, and once
signed. The document cannot be altered.
This makes a digital document with an e-signature secure enough to be valid worldwide,
including anywhere within the United States and the European Union.
20
Vernam Cipher
Plain-Text: O A K
Key: S O N
O ==> 14 = 0 1 1 1 0
S ==> 18 = 1 0 0 1 0
Bitwise XOR Result: 1 1 1 0 0 = 28
Since the resulting number is greater than 26, subtract 26 from it. Then convert the
Cipher-Text character number to the Cipher-Text character.
28 - 26 = 2 ==> C
CIPHER-TEXT: C
Similarly, do the same for the other corresponding characters,
PT: O A K
NO: 14 00 10
KEY: S O N
NO: 18 14 13
New Cipher-Text is after getting the corresponding character from the resulting number.
CT-NO: 02 14 07
CT: C O H
Example 2:
Plain-Text: RAMSWARUPK
Key: RANCHOBABA
Now according to our encryption algorithm, we assign a number to each character of our
plain text and key.
PT: R A M S W A R U P K
NO: 17 0 12 18 22 0 17 20 15 10
KEY: R A N C H O B A B A
NO: 17 0 13 2 7 14 1 0 1 0
21
Now Bitwise XOR the number of Plain-Text and Key and after doing the XOR operation and
subtraction operation (if required), we will get the corresponding Cipher-Text character
number.
CT-NO: 0 0 1 16 17 14 16 20 14 10
Since there are no numbers that are greater than or equal to 26 we do not have to
subtract 26 from any of them.
New Cipher-Text is after getting the corresponding character from the number.
CIPHER-TEXT: A A B Q R O Q U O K
One Time Pad algorithm is the improvement of the Vernam Cipher, proposed by An Army
Signal Corp officer, Joseph Mauborgne. It is the only available algorithm that is
unbreakable (completely secure). It is a method of encrypting alphabetic plain text. It is
one of the Substitution techniques which converts plain text into ciphertext. In this
mechanism, we assign a number to each character of the Plain-Text.
The two requirements for the One-Time pad are
• The key should be randomly generated as long as the size of the message.
• The key is to be used to encrypt and decrypt a single message, and then it is
discarded.
So encrypting every new message requires a new key of the same length as the new
message in one-time pad.
The ciphertext generated by the One-Time pad is random, so it does not have any
statistical relation with the plain text.
A B C D E F G H I J
0 1 2 3 4 5 6 7 8 9
K L M N O P Q R S T
10 11 12 13 14 15 16 17 18 19
U V W X Y Z
20 21 22 23 24 25
22
The relation between the key and plain text: In this algorithm, the length
of the key should be equal to that of plain text.
Examples:
Input: Message = HELLO, Key = MONEY Output: Cipher – TSYPM, Message
– HELLO
Explanation: Part 1: Plain text to Ciphertext
Plain text — H E L L O → 7 4 11 11 14
Key — M O N E Y → 12 14 13 4 24
Plain text + key → 19 18 24 15 38 → 19 18 24 15 12 (= 38 – 26)
Cipher Text → T S Y P M
Part 2: Ciphertext to Message
Cipher Text — T S Y P M → 19 18 24 15 12
Key — M O N E Y→ 12 14 13 4 24
Cipher text – key → 7 4 11 11 -12 → 7 4 11 11 14
Message → H E L L O
Input: Message = SAVE, Key = LIFE
Output: Cipher – DIAI Message – SAVE
Advantages
• One-Time Pad is the only algorithm that is truly unbreakable and can be used
for low-bandwidth channels requiring very high security(ex. for military uses).
Disadvantages
• There is the practical problem of making large quantities of random keys. Any
heavily used system might require millions of random characters on a regular
basis.
• For every message to be sent, a key of equal length is needed by both sender
and receiver. Thus, a mammoth key distribution problem exists.
Cryptographic Hash is a Hash function that takes random size input and yields a fixed-size
output. It is easy to calculate but challenging to retrieve the original data. It is strong and
difficult to duplicate the same hash with unique inputs and is a one-way function so revert
is not possible. Hashing is also known by different names such as Digest, Message
Digest, Checksum, etc.
23
Properties Of Cryptography Hash Function
The ideal cryptographic hash function has the following main properties:
1. Deterministic: This means that the same message always results in the same
hash.
2. Quick: It is quick to compute the hash value for any given message.
3. Avalanche Effect: This means that every minor change in the message results in
a major change in the hash value.
4. One-Way Function: You cannot reverse the cryptographic hash function to get
to the data.
5. Collision Resistance: It is infeasible to find two different messages that produce
the same hash value.
6. Pre-Image Resistance: The hash value shouldn’t be predictable from the given
string and vice versa.
7. Second Pre-Image Resistance: Given an input, it should be difficult to find
another input that has the same hash value.
24
write the message. Applying the rail fence technique in a given text results in a zigzag
pattern, with each letter in a row written out before moving to the next row.
To encrypt a message using the rail fence technique, first, we need to write the message in
the first row of a table. Furthermore, we have to write the second letter of the message in
the second row. We need to continue this process until we’ve written all the letters in the
message. Finally, in order to generate the encrypted message, we read the table row-wise.
Now let’s talk about how we can decrypt a message. To decrypt an encrypted message, the
first step is to determine the number of rows in the table based on the length of the
encrypted message. Furthermore, we need to write the first letter of the encrypted
message in the first row, the second letter in the second row, and so on. We need to
continue this process until we’ve written all the letters in the message.
Overall, the rail fence technique is a relatively simple form of encryption. However, it
doesn’t provide strong security. Someone can easily break it with even a basic
understanding of cryptography. Although, it can still be helpful for simple communication
where a high level of security is not required.
3. Example
First, let’s look at an example of the encryption of a message using the rail fence
technique. Here, we want to encrypt a message with two rows: HELLO SAM. First, we would
write the message in rows:
Now, in order to generate encrypted text, we need to write the first row, followed by the
second row. Hence, our encrypted message is HLOAELSM.
Now let’s start the decryption process. First, we must determine the number of rows
needed to decrypt the message. We already know the number of rows is two here. The total
length of the encrypted message is 8. Hence, each row will contain four letters:
25
The first letter of the plaintext would be the first letter of the first row of the table. Similarly,
the second letter of the plaintext would be the first letter of the second row of the table.
We need to continue this process until we cover all the letters in the encrypted message:
Therefore, we get our plaintext after applying the decryption process: HELLO SAM.
26
The rail fence technique is not a secure form of encryption, as someone can easily break it
with even a basic understanding of cryptography. Additionally, this technique is not highly
effective for longer messages.
Furthermore, the rail fence technique is vulnerable to certain types of attacks, such
as known-plaintext attacks. Therefore, an attacker can easily break the encryption by
launching attacks.
27