CHAPTER

Introduction

1.1 SECURITY
Today most of the time we use the word security in our day to day life. This word
security indicates the state or the quality of being secure. It means particular object,
softwareor system is to be free from any hazard. It means to be protected from
attackers who would do harm, may be intentionally or unintentionally. In case of
network security, the word security means protection of our network and allow only the
authorised people to access the network. To protect the operation of any organisation
and provide the security to the organisation, the following security layers are needed:
Physical security layer: The security layer which provides the seeurity to
physical objects. It includes the access control to unauthorised person to
physical devices such as pen drive, hard disk, CD/DVD, or computer.
This layer provides the security to the individual or a group.
Private security:
Project security: When we provide the security to the details of any project
Such as design, code etc. then it 1s called project or operational security.

Today, the use of computer with internet is increasing rapidly. At the same
time security challenges are also increasing. A number of software tools are available
which help the attackers to attack easily without much knowledge of computer field.
1s a n emerging field which helps to protect the
Therefore, today's information security
attacks and also provides the awareness about security amone
computer from various
people. Information security supports to protect the information from
the common
unauthorised persons.
confined to computer security but it inelisdao
Information security not only
information in dilferent forms. We u s e conmputer for various
the security of data o r
to protect o u r computer so that unauthorised nerson
applications so it is very important
and modity or delete or read the data. This modification o
cannot access o u r system
1
2 Cryptography and Information Security

p e n e d in storage, processing or transit of information. Many times the atEackers

2 e the system busy so that the authorised users are unable to get the service. At
nGsame time unauthorised users may access the information. This type of attack is
caled denial of service attack. Information security can be defined in various ways
penaing upon the usages or applications. Some people assume that the computer
Security and information security are the same. There are different terminologies
5ed by diferent people for information security. Nomenclatures may be different but
ltimate goal is to secure our computer system and information from attackers.
ntormation security field includes not only the security of information but it covers
the security of all infrastructures related to computer system and
interneb
None can claim that the methods or mechanisms used for the security of
ne
system or information is perfect. No one can ever get rid of all risks from the
unauthorised use of the system or
to protect their
information, though they sue the proper mecnanism
system. This happens due to the new challenges in information security
emerging day-to-day. One of the challenges is no prior knowledge about hacking 1s
required to the attacker as a number of tools are freely available. The degree of security
depends upon the importance of the information. Another
ignore challenge is that many people
or hesitate to use the security measures.

1.2 ELEMENTS OF INFORMATION SECURITY

The information
security provides services such as
confidentiality, integrity and
availability to the user. Each of them is discussed here.

1.2.1 Confidentiality

The most important service of information

that only authorised
security is confidentiality. It makes sure
can access the
user data. The data should not be
accessible to
unauthorised person or group of unauthorised persons.
as the protection of data from unauthorised disclosure. Confidentiality can be definedT

1.2.2 Integrity

Another important service of information security is

integrity. The validity of the
data is checked by integrity. Integrity gives the information whether there is any
change in the data or not. Integrity means assurance
as sent by an authorised sender, i.e., in that data received are exactly
transmission
the data. This modification or change includes
there is no change
happens iîn
deletion, modification and creation of
new information in the data.

1.2.3 Availability Thre DOS

The next service of information security availability. It is the measure to which a
1s

svstem or information is accessibleand usable upon request by an authorised user

at any particular time. Availability means a functioning condition of a system at any
xAutlnvtleation: should evwws tat e wu
receive Introduction frem atlual sundb 3
particular instance. For example, the access to asystem or information should not De
prevented to the
legitimate users.
Initially at the end of the 20th century, the most significant elements of
Cryptography and network security were confidentiality. The next
to
the ntegrity of the information. As compared to importance is given
considered as low priority element in information above two services, availabinuy
21st century, these
priorities had changed and the
security. But in the first decade oI the
important service in information availability is treated as the
most
security. The Information Security Model gives
guarantee of
security. Assurance is the main element us the
which helps to achieve variousS
objectives of information security.
the intormation. This Assurance also helps to achieve
helps to secure the information confidenti1ality or

the services
like integrity and and the system. It also provides
Mon Ae pndhatiom:(eysuve noboku
availability. i . o 1t árt ire Mag0he t
1.3 SECURITY POLÍc mnkc. idevtthed obody aflei tng
ntormation security or computer security is concerned with the control of threats
related to the use of information or computer.
develop a secure computing platform so that we To achieve this objective, we should
can restrict
particular actions that i permitted to him or her. For the users to perform only
be created. Here this secure environment should
computer security
is related to the
security of
is the subpart security engineering. Security engineering is computer
of systems. It
a broad term which
focuses on broader issues in
computer, network, information and internet
We can permit only
the authorised users of any particular system to use thatsecurity.
system.
At the same time restrict these users to misuse their rights to use the That
is called access system.
control.
As per the requirement of system's
security status, different techniques have to
be used to provide the necessary security. Any
particular technique cannot provide the
full fledge security to a system. This may happens due to some
fundamental flaws
present in the system.
The security tothe information or. computer system can be provided by using
following approaches:
1. External approach
2. Internal approach
Suppose the computer system is secure from attackers. In this case we should
protect the system from external attacks. For this, necessary measures are applied. This
approach is called external approach., In the second case, if the internal environment
and the system itself is not secure so necessary measures have to be applied to protect
from internal attacks then this is called internal approach.

1.4 SECURITY TECHNIQUES

Strong security to the system or information 1s provided by using cryptography and
authentication techniques. We know that the channel which is used for transmission
We can provide the security to our information by using
of information is not secure.
 Security
Information transit.
and in

4 Yptography
modification

technique.
of
data

It
can
be
parties
used

This helps ro the p a

various cryptographic techniques, security is
a u t h e n t i c a t i o r
are
r e c e i v e r

and
Another technique used for strong sender

1.e., se ues.
communication endpoints,
technique

TO guarantee that secure

who they claim. provided by using

can be
of the computer svstem
ne security
authentic.
been
has
Some of the secure techniques are: use
he user
=mm that all
software
c o n t r o l l e d .
If the
This ensures
is
of confiadence:
denied.
computer is
*res user

to the data
or such
to
2. Acces control: The access
then the
access

own
computer

to him/her of your
misuses the privileges give friend friend
to y o u r that your
found out
access

For example, suppose account.

But you of y o u r
a d m i n i s t r a t o r

user
by giving him/her separate activities
then as an access your
some other cannot
m i s u s e your system by so that he
account
you c a n delete
that user
puer

c o m p u t e r a n y more.
provides n o
application
When an
known flaws: not u s e it.
3. Ability to detect unpatch condition do
flaws, in such
known security
backup. We
can
way to scrap already
our data by taking regular "Today
We can secure
another location.
Backup of data: another copy of data at
secure our data by storing which are portable. This provides
available for storage
number of devices a r e
data.
security to our
available which provide
Number of antivirus software are

5. Antivirussoftuwaze: malicious software.

system from
the security to our
external
the internal network from
Firewall is used to protect
6. Fireuwalls: from the outside network and
Firewall observes the traffic coming
attacks.
there. It is acting like a security door
to our
attacks find out block it
if any
network.
used to protect the information.
Encryption: It is the cryptographic technique
7. for encryption. We will learn later on these
There are different techniques
alloWs only authorised users to read the data. There
techniques. Encryption and asymmetric encryptions.
are two
methods of encryption, 1.e., Symmetre

8. Intrusion-detection systems (D
t
detect the internal as well as
neips to
vternal attacks on a computer Or a netwOrK. Tnere are two types of IDS,

missed-based and anomaly-based IDS. Also IDS ean be classified as

h a sed and network-based IDS. DS Just detect the attack and sends the
v s t e m administrator. It cannot protect the system or network
from attack directly.
9. Information security awareness It educates the pople about the use of
or
and precaution taking while e use
mputer and
internet,
using
g internet. Also
internet.
about the use of social sites. These o
educate the people awareness
eness help to avoid
avoid
individual or organisation while usine int
to net.
the damage

BETTER SECURITYY
STEPS FOR
1.5
important:
nect of computer world. For better security, we
Security
is the most
steps
should
following
foltow the
 Introduction 5
is to be protected.
ASSets: The first identify what data and computer
step is to
Tdentify the important information which need to be protected
assets to be protectedhave been identified
Risks After the information or

the threat, attacks, vulnerabilities and risks to the information.

hen identify of the
Frotections: Next step is to find out the solution for the protection
information.
for the
Tools and techniques: Select the appropriate tools and techniques
protection of the information.
techniques for the protectionn of
Priorities: Decide the order of the tools and
the information.

1.6 CATEGORY OF COMPUTER SECURITY

Computer security can be categorised into the following:
Cryptography also called secret writing which is used to hide the original message.
Cryptography is simply the mathematical "scrambling" of data. Only the person
having the necessary information (i.e., key) can read the information. Actually, the
cryptography is used from ancient time for sending the information in the secret
form. The original message is called plaintext. This plaintext is converted into some
meaningless text called ciphertext. This conversion of plaintext to ciphertext is called
encryption. Julius Caesar around 100 BC was known to use the technique for hiding
information is the first cipher. But during 16th centur Vigenere designed a cipher
which was used a key for encryption.
Data security refers to the protective measures which ensure that data or computer
is kept safe from modification or corruption. It also prevents unauthorised access to
data or computer. Thus, data security helps to provide privacy to the data. Thus,
data security and privacy help the organisation to prevent data breaches, ensure the
integrity of data and protect the important information from disclosure.
Computer security models are the formal description of security policies. It refers to
the underlying computer architectures, specifications, protection mechanisms, security
issues, and formal models that provide the framework for information systems security
policy.
Network security means protection of data on the network during transmission. It
consists of different policies and provisions adopted by the administrator. It involves the
authorisation and access control of the network. Network administrator is responsible
for the proper implementation of access control and authentication to provide the

security.
Computer security includes the protection, prevention and detection of unauthorised
use of computer systems as well as data stored in the computer.
Security exploit is related to computer security vulnerabilities and their exploits.
It is an unintended and unpatched flaws in the software which helps the attackers
or hackers for attack. Security exploit includes hacking of
computer, various types of
attacks, viruses, worms, Trojan horses etc.
There are many measures available to provide the
security to the computer
system. Some of the security software used on large scale are Firewall, Intrusion
Prevention System and Antivirus Software.
 6
Cyptography and Information Security
1.7 THE OPERATIONAL
TEKATIONAL MODEL OF NETwORK SECURILT
1 s a well-known
SUmed
umed in
in case
thought that "Prevention is
case of
of c o t that "Prevention better than
is better than cure". The same thought was
our computer security. yThat is, if we cu hody from accessingg
n a t computer
then
our preven
though we apply computer is secure. This is as the reality 1s
us
100% various pariauy
security measures to protecu te
guarantee of the wo Drotection of the
security
COmputer system, i.e., access of computer
systems. 1
Oni PtOVde the
control does not mean
preveno o ho computer system.
mechanisms such as necessary protection to our data by using different security
encryption.
ecure transmission of the data can
slssion of the data. We can be done by using
use some nasswords. keys can besecure aigori
y o the data, There are different used to prov
TOr key distribution. Using algorithms such as Diffie-Hellman, ava
these algorithms we can
F1gure 1.1
shows the transmit our data secuey
Sender A wants to working model of network security. From Figure 1.l, suppose
communicate with B. He writes some message and
a person to give it to B. The hand
over
the postcard is delivered to B, message is open (assume it is like
any third person
a
postcard). Betore
postcard from A to B can including the
read it. Now we want to avoid person who transfer this
instead of postcard and this, so we
can use envelop
sealed it with our
read the signature.
message. If he/she tries to do it, he/she has to Now, any third person cannot
B knows that break the seal. But in this case,
to send the
somebody already read the message. The same
digital information by encrypting process we can apply
which is known to A and B the original message by some password
only. Any third party cannot decrypt the
password is not known to them. Here this password is known message as the
as key.

Trusted third party

Sender
Information Recipient

Message Encrypted (Encrypted

message message Message
Attacker

Figure 1.1 Operational model of network security.

1.8 SECURITY SERVICES

i t r services which help to to provide +h
different security Services provide the strong
strong security.
securits
Some
There are
authentication,
confidentiality,
data control
access
are
them t h e s e services one by one
of We will
discuss

repudiation.
 Introduction

Authentication: It is the process of confirming or verifying that someone j8

who he claim he is. In cryptography and network security, digital signature
of the user is used for authentication. Most general and most widely used
method of authentication in our daily life is password.
Data confidentiality: It is the process of protection of data or information
from unauthor1sed disclosure. It ensures that information is accessibfe
only to the authorised person. In çryptography and network security dat ,
confidentiality is done by using encryption techniques.
Access control: This ensures that privileged access is withdrawn when
privileges are revoked. For example, deleting a user account should also stop
any processes that are running with that user's privileges.
sent
ntegrity: Integrity means assurance that data received are exactly as
by an authorised sender, i.e., in transmission there is no change happens
inthe data. This modification or change includes deletion, modification and
creation of new information in the data. We can use Hashing algorithms like
MD5, SHA to check the integrity of the message.
Non-repudiation: It is the assurance against denial by one of the parties
in a communication. When a message is sent, the receiver can prove that the
message was in fact sent by the alleged sender. When a message is received,
the sender can prove that the message was in fact received by the alleged
receiver. Digital signature can be used for this purpose.
Availability: It is the measure to which a system or information is accessible
and usable upon request by an authorised user at any particular time.
Availability means a functioning condition of a system at any particular
instance. For example, (the access to a system or information should not be
prevented to the legitimate users.

Initially at the end of the 20th century, confidentiality was the most significant
element of information security. The next importance is given to the integrity of the
information. As compared to confidentiality and integrity, availability considered as 1low
But in the first decade of 21st century, these
priority element in information security.
is treated as the most important service in
priorities had changed and the availability
Information Security gives us the guarantee of
information security. The Models for
is assurance. It helps to achieve various objectives
security. Another element of security to achieve confidentiality of the information.
of information security. Assurance helps
and the system. It also provides the services like
This helps to s e c u r e the information
integrity and availability.

1.9 BASIC NETWORK SECURITY TERMINOLOGY

1.9.1 Cryptography
It is the science of using mathematics to encrYpt and decrypt data. Cryptography
is the art of secret writing. The user can secure his/her message using different
He/she can securely store or transmit the message using
technigues of cryptography.
these techniques..
 Information Security
and
Cyptography

1.9.2 Hacking
hacker. 1sa person or a
in day-to-day life, A_
1s the most frequently used term software and hardware of the
group of persons who creates, deletes and/or _modifies system.
tools to break the security of the computer
computer. Hacker uses different The hackers break the
security for different
available online.
ESe tools are readily types depend upon the purpose,
1.e., etnical hacking and
purposes. Hacking is of two
unethical hacking.

Types of Hackers We learn

and grey hat. each
Hackers are of three types such as white hat black
hat
of these type in brief as follows.
They use their
type of hacker is also called ethical hacker. our
White hat:. This if we forget password
knowledge for the best of the society. For example, break the password. In
of In this case, a hacker helps u s to
our computer.
software company, before the release of the software, the security of the
sottware is checked by the experts. This is also called wuhite hat hacker.

hacker is also known cracker. They break the

Black hat: This type of as

security of the computer for wicked intention.

Grey hat: A hacker who is a combination of both white hat and black hat is
known as grey hat.
1.9.3 Encryption
Eneryptionis a technique of translation of data (plaintext) into a secret code (ciphertext).
This can be done by using secret key orkeys. Using encryption, we can achieve more
security to the data.
Depending upon the number of keys used for encryption and decryption, there
are two types of classical encryption techniques:

1. Symmetric encryption (only one key for encryption and decryption)

2. Asymmetric encryption (also.called public-key encryption)
In symmetric encryption, only one key 1s required. The same key is used for
encryption as well as of the
decryption data. There are many symmetric encryption
algorithms. Some of them are DES, AES, IDEA, and 3DES.
In asymmetric encryption, two different keys are
required. These keys are
mathematically related to
each other. These keys are called public key and private
bey. The key which is publically available for all are called public key whereas the
kev which is known to the owner ol une Key 1s called private key. There are many
aemmetricencryption algorithms. Some oI them are Diffie-Hellman, RSA, and Elliptic
Curve Cryptography (ECC).

1.9.4 Decryption
Decryption is a technique of translation of decoded data (ciphertext) into original data
(Dlaintext). A secret key is used for decryption. This can be done by using secret key
or keys.
 Introduction
K
1.9.5 Cryptanalysis (Avt brea king. Ciphev's)
without knowing the key used
It is the art of deciphering the encrypted message/data
cryptanalysis. Some of them are
for encryption. There are ditferent techniques for
chosen plaintext attack, known plaintext attack, and man
in the middle attack.
Chosen plaintext attack: Here the key is not known to
the attacker. He/she
it to get the desired ciphertext. The
assumes some plaintext and try to encrypt chosen plaintext
is to get the key, Example of known
purpose of this attack
used against block ciphers.
attack is differential cryptanalysis which is
or guess about some part
Known plaintext attack: In this, the attacker knows
uses this information to decrypt rest
of the plaintext (original message). He attack is linear cryptanalysis
of the ciphertext.,Example of known plaintext
which is used against block ciphers. have information
Ciphertext only attack: this, the attacker does not
In any
ciphertext. Using this ciphertext,
about the original message. He/she only have practise,
the original message called plaintext. In
the attacker tries to find out
about the plaintext using the frequency analySIS
it is possible to make guesses not work well against modern
technigue. But this frequency analysis techniquethis
ciphers. Modern ciphers are not weak against attack.
attack is related to key transmission. Suppose
Man in the middle attack: This communicate to each other. In this attack,
to
two parties A and B a r e trying
between two parties A and B. Then the attacker
the attacker place himselfand B transfer to each other. Then attacker performs
captures the data which A sent
separately with A and B. A and B use the different keys
key exchange send by two
now able to decrypt any message
by the attacker. The attacker
parties A and B.

1.10 SECURITY ATTACKKS

have increased significantly which

and internet
In the last 35 years, use of computers Number of tools
in increase in threats to the security of the computer system.
result to create new vulnerabilities. These
attackers which make easy
are easily available for to use. Security attack can be defined
tools require very little
or no prior knowledge
security of computer systems
or the information.
compromises the
as any action that

Types of Attack
classified into two categories
as:
Attacks are

1. Passive attack
2. Active attack

1,10.1 Passive Attack

the attacker tries to learn something from
the data or to make
The attacks in which attack does not harm the information or
use of information from the system. Passive ********7
 and Information Security
10 Cryptography

Computer system. The attacker captures the data

or information during transition
sition of
data. This type of attacks are made by Eavesdropping (Figure I.2). Eavesdropnin ing
means unauthorised listening of the private communication of others without t h a

consent. Private communication includes phone call, instant message, videoconferer

etc. It also includes monitoring the flow of information during transmission to obtain

message contents.

Sender Recipient

Encryption

Figure 1.2 Passive attack.

Passive attacks are of two types, i.e., release of message contents and traffic
analysis.
Release of message contents: In this type of passive attack,
captures the contents ofa message without the knowledge of thethe attacker
the _recipient. Encryption can be used to protect the sender and
of attack. message from this type
Traffic analysis: The attacker observes the
during transmission. Using this observation, thepattern of flow of information
about the flow of traffic. This attack can be attacker
done
draws the conclusion
even if
encrypted. So the solution for this attack is messages are
encryption algorithm. masking and use of strong

It is difficult to
detect the passive attack as there is no
in the original message. modification or changes

1.10.2 Active Attack

The attacks in which the attempts are

made to alter, change or modify the data
information. This is a direct attack of the users. In this attack, the attacker or
done the modification of information or either
false data or information and send it data during transmission, or he/she create
to-recipient.
Active attacks are classified into four
may
categories:
Masquerade
Message replay
Message modification
Denial of service
cowat
 Introduction
11
Masquerade
When one entity pretends to be a different entity then it is a masquerade active attack.
The solution for this attack is authentication.(Suppose two friends A and B are in
communication with each other. In this, the attacker communicate with B by saying
hat he is AFigure 1.3).

Attacker

Figure 1.3 Active attack masquerade.

Message Replay
When messages or information ordata is captured during transit. Then replay or
retransmit the previous messages (Figure 1.4).

Sender Recipient}

Attacker

Figure 1.4 Active attack-message replay.

Message Modification
In this type of attack the messages are modified during transmission. In this attack,
like message reply attack, first capture the message then modify it and retransmit or
resend the modified message.

Denial of Service Attacks-(DoS)

In this attack, the server is overloaded by sending number of false request to the
server. This prevent legitimate or authorised users of the server to use the system
resources or services of the server.
Classification of attack is shown in Figure 1.5.
12 Cryptography and Information Security

Attacks

Passive attacks Active attacks

Release of Traffic
message analysis
contents

Message Denial of
Masquerade Messagee service
modification
or fabrication replay

Figure 1.5 Attack classification.

SUMMARY
 CHAPTER 2 Data Encryption Techniques

2.1 INTRODUCTION
100%
guarantee of security.
Nobody gives you the
in today's world nothing
issecure.
attackers. Due to rapid
o u r computer and data from the
So, there is a
need to protect his/her information is having
individual a s well a s
increase in the u s e of internet, every
beneficial to a n individual
Some information which is
attackers.
threat from the the companies o r business
them by the attacker. In
a
be used against
or a group may measures a r e very important
competition, the security
organisations due to huge m e a s u r e s include authentications,
data/information. These security
to protect the
confidentiality, etc.
encryptions, a c c e s s control, in
the original information which is
Encryption is the process of converting unreadable
readable form (in cryptography we called it as plaintext) into
meaningful and
form (in cryptography we
called it ciphertext).
as Encryption process requires a key
for this conversion. The process
of converting the ciphertext into plaintext is called
deeryption. Decryption is the reverse process of encryption. Decryption process also
uSes a key for conversion. There are a number of algorithms available for encryption.
Depending upon the number of key/keys used encryption is divided into two types:

1 . Symmetric encryption
2. Asymmetric encryption

We will discuss these methods in detail in the next section. A model used for
nCryntion and decryption process 1s. caled a cryptosystem. The area of study in which
necan study various tecngues O encrypuon is known as cryptography. There are
techniques available to derive the plaintext or decrypt the ciphertext without
various rledge about the key and plantext.
ThisThis procese e Ciphertext withouor
much of crvpto
areas of
The areas
process is called cryptanalysis
cryptanalysis O
hreaking
breaking
code. The
the code. cryptography
and c r y p t a n o l . e d
explains encryption and
and cryptanalysis together are
ed
Figure 2.1
decryption cal
cryptologKY. proces
ess.
14
 Data Encryption Techniques
15
Original
Plaintext|
Encryption Ciphertext|
Sender plaintext
Decryption Recipient

Figure 2.1 Encryption and decryption.

2.2 ENCRYPTION METHODS

The encryption algorithms are comparatively simple. The same encryption

can be used for decryption but the subkeys should be used in reverse algorithm
algorithms are classified into two types: order. Encryption
1. Symmetric eneryption
2 . Asymmetric encryption also called
public key cryptography
2.2.1 Symmetric Encryption

An encryption technique in which only one key is required for encryption aswell as
decryption called symmetric encryption. It is also called conventional encryption
is
technique. As the name indicates, symmetric encryption algorithms use same key for
encryption as well as for decryption.
For example, two friends A and B want to communicate with each other.
They
agreed on a symmetric encryption algorithm and a secret key. Friend A first encrypt
the message by using the encryption algorithm and a secret key. Then he sends
this encrypted message to B. The recipient B uses the same key and algorithm to
decrypt the message. The detail graphical representation of this procedure is shown in
Figure 2.2.

Insecure channe
Message Message

Sender Recipient
Opponent
Figure 2.2 Symmetric encryption and decryption.

Most of the people use locks to keep the home secure. Similarly,
encryption technique is used to provide the security to our message. To symmetric
provide the
security to our home we use a lock of some company to close the door. The same
required to open and lock the door. If we use another key of the same key is
to company open
or close the door, it cannot work for that lock.
Similarly, in symmetric key encryption,
 Security
Intomation

16 Cyptography
and

of the
message. A
A few

well as
decryption
st like the
model of the
as just
the same key is required for encryption
everyone The s e c u r i t y
could
use

of
h o m e depends
t h e home
of the
well-examined encryption algorithms that different. encryption
lgorithm
alg
lock may be the same, but the keys
keys aare
re security
of our
the
quality of the lock, in the same
way
the as
apon various
COmponents

have
depends upon the key. decrvotion
techniques
are:
encryption and
eric
of symmetric encryptlO sender 1s called
OWn n Figure 2.3. The components send

created by the
written or
message algorithm.
1. Plaimtext: e original cryption
lable for
the availa
plaintext. It is used as input for algorithms
various
message, 1.e.,
2. Encryption algorithm: There are we can encrypt
the

algorithms
Cyption. Using one of the
convert the plaintext to ciphertext. Recipient
Ciphertext
Sender
Decryption
Plain
text
Encrypted algorithm
Plain Encryption Encrypted message
text algorithm message/

encryption and decryption.

Figure 2.3 Components of symmetric

used to convert the

alphabets/numbers
pattern of
3. Key: Key is nothing but the encryption, the s a m e key
is used for
In symmetric
plaintext into ciphertext. security of any encryption
algorithm depends
encryption and decryption. The
for every n e w message.
provide more security, use n e w key
upon the key. To into unreadable
The encryption algorithm converts the plaintext
4. Ciphertext: The s a m e key always
This output is called ciphertext.
form using the key. Whereas different keys will
the same cipher for the same plaintext.
produces for the same plaintext.
produce different ciphertexts the ciphertext into
algorithm: The algorithm used to convert
5. Decryption
lt uses the s a m e key for symmetric
plaintext is called the decryption algorthm.can be used for decryption but in
Same èncryption algorithm
encryption.
reverse order.

2.2.2 Asymmetric Encryption

summetric encryption, two

different
keys are used, one key for encryption and other
deervption. These keys are mathematically related to each other. Sometimne
metric eneryption, each user uses two keys called public key and private key
hically available so only that not sende
and recipient but any body
key
Public key is is private key which is a secrete
the key. Another
(owner) of the
t.
key key and known to
key. Asymmetric cryptography is also known as public
(owner)
origimator
key AsVmmetric
the cryptography. Asyr encryption algorithms cannot.be decrypy easily, For
n algo
asymmetric encryption algorithms key distribition is not required as each user have
 Data Encryption Techniques
17
their owm keys. Therefore, public key cryptography provides more security as comparea
to symmetric encryption. We will see more detail about this in section 7.2.

2.3 CRYPTOGRAPHY

ryptography is the practise of mathematical serambling of word. Different encryption

techniques are used for this purpose.
Parameters used by cryptographic systems are:
peratons used: Encryption algorithms use various operations to convert
plaintext into ciphertext. These include substitution, transpositions, etc.
n substitution operation, one element in the plaintext is replaced by
another element. In transposition operation, the order of rearrangement of
theelementis done. Most of the encryption algorithms use substitutions and
transpositions.
Key Symmetric encryption_technique_use only _one (same key) key for
encryption and decryption. Whereas asymmetric encryption, two keys aare
required. Asymmetric encryption is also called public key encryption.
ypes of processing: Encryption techniques are classified into two types,
stream cipher and block cipher, depending on processing. In block cipher the
input plaintext is divided into a number of blocks. Each block having fixed
number of elements. Then at a time one block is processed and the ciphertext
.
is generated as a block having the same number of elementsjIn stream cipher
plaintext is processed one bit at a time. One bit of plaintext is converted into
one bit of ciphertext at a time.

2.4 SUBSTITUTION CIPHERS

Classical encryption techniques are divided into two basic types: substitution ciphers
and transposition ciphers.
substituted by other
I n the substitution_ciphers, one element of plaintext is
element. These ciphers are also called monoalphabetic ciphers. Example of this cipher
ciphers, the group of
bits are another
replaced by of
group
is Caesar cipher. In some
of this
called polygraphic substitution ciphers. Examples
bits. These ciphers are also
cipher are Hill cipher and Playfair cipher.
In the following section, we discuss different monoalphabetic and polygraphic
substitution ciphers.

2.4.1 The Caesar Cipher

The Caesar cipheris the simplest substitution cipher. In this cipher,

oldest and the
the plaintext by same distance.
the ciphertext is generated by shifting each letter from
It was first proposed by Julius Caesar so known as Caesar cipher. He used this cipher
for his private communication. He used to replace each element in the plaintext by a
shift of 3, so the plaintext letter PTi 18 enciphered as ciphertext letter CTi such as:
CTi = E(PTi) =(PTi +8) mod 26
18 Cyptography and
Information Security

-z = 25.
such a s a 0; i* = b
AS there are pner, each
total 26 alphabet
letters is isnumbered
mod 28 used to convert the last three letters such as

X, y and z into a, b and c

respectively. ciphertext using Caesar cipher
conversion
e below. of each element of plaintext into
is given
k m
Plaintext a b C d e
h i
L M N O P
Ciphertext D E F G H J K
Plaintext n t u V W X y Z
p S

Ciphertext Q R S T U W X Y Z A B C
Sing this encryption, the message work patiently would be encoded as:

Plaintext W k a t e n

Ciphertext Z R H Q WO B
UN sS D WL

Advantages
This cipher(encryption algorithm) is easy to implement.
This cipher is very simple.

Disadvantages
Brute force attack is easily possible.
I t s observable pattern helps the attacker to find out plaintext easily.
Maximum number of keyspace (total number of keys) are 25 which can easily
find out.

2.4.2 Monoalphabetic Ciphers

The monoalphabetic cipher is also known as a cryptogram.
The KEY for this cipher
is generated by doing the rearrangement of the alphabets. These
different alphabets
a r e then substituted for the alphabets in the
plaintext. The result is a ciphertext. The
same KEY is used to generate the plaintext from the
ciphertext. The monoalphabetic
cipher can be a permutation ot the
26
characters. alphabetie So there areonly 26!
or greater than 4 x 10 possible keys. This large number of
the brute force attack. Suppose tor each alphabet we
keys help toeliminate
assign the key as shown below:
Plaintext a b d e f h
k m
P H V E J
Key S B Y O T G X
r
Plaintext n t u V w X
Key C R z L W M F K Q D U
is "we are the
Now, suppose the plaintext best then, the
ciphertext is as belowW:
e e
Plaintext W h b
P S S t
K S M Y
Ciphertext
ciphertext is "KSPISMYSHSWM" It 1s
S H S
S W M1
Here the
difficult to the
attacker to break as compared
to Caeco meaningless and also very
 Data Encryption Techniques 19
Cryptanalysis of Monoalphabetic Ciphers
The cryptanalysis of the monoalphabetic ciphers is easy as the ciphertext retlects the
frequency count of the original message. In the above example, letter "S is oceurrng
4 times as compared to other letters. If we study the frequency analysis of the
English letters we observe that some letters such as "e, a, I' occurs more than letters
like "i, z, x'. This frequency analysis of the English language is used to perform the
cryptanalysis. So monoalphabetic cipher is not more secure.

2.4.3 Playfair Cipher

Playfair cipher is the wel-known encryption algorithm. It divided the plaintext into
the key,
a group of two letters each. Each group is treated as a single unit. Using
groups of plaintext corresponding ciphertext groups are generated. The key generat1on
letters to
procedure is discussed below. As the Playfair cipher uses groups of two
two. The total encryption
generate the ciphertext, it is a block cipher of block size
process 1s divided into three parts:

1. Preparing the Plaintext

2. Preparing the KXey
3. Encryption

Preparing the Plaintext. and then split

lower case, remove the punctuations
The message is first converted into then split that
each. If any group has the same letters,
it into a group of two letters
like x between these two
letters. For example, if some
extra letters
group by adding second letter l is paired with
the letters l1, then we can split it like lx and
group having shifted by one position to
and then all the letters are
the first letter of the next pair contains
replaced with i's. This particular example
the right. If j is present all j's are
from the following example.
no j's. We will
illustrate this in more detail
world full of beauty.
Message: We live in a
lowercase letters and remove punctuations.
Convert this message into
Step 1
weliveinaworidiullðtbeauty

2 Split the text into a pair of two.

Step fu ll ld auty of be
we li ve in a w or
letter in that
only then append any one
one letter,
If the last group is having this
make a pair. Tf both the letters in a pair are same, then split
group to the groups. In
adding any letter in between the
letters and rearrange
pair by same letters "Il (shown in bold).
Add
the having
this example, onë of the letters, so the group is "lxl". But the group should
pairs

letter "x" in between

so shift the last
letters of this group to the right by one
be of two letters,
rewrite the groups again.
position and
we li ve in aw or ld fu lx lo tb ea ut y

is having only one letter, so append one more letter to

Here the last group last letter
the pair. Here we append "z with the "y" as shown below:
complete
in ld fu lx lo fb ea ut yz
we li ve aw or
 Security
20 Cyptography
and
Infomation

are
there as bwn hel.
shown below:
5 pairs
Ste 3 Now, write the grou such that in one row
aw
ve
in
we li lo
Ix
or ld fu
fb ea ut yz

Now, the plaintext is ready to encryp.

Preparing the Key the duplicate letters

from the kev
Remove
y having any number of letters.
letters. To prepare
t the key,
Tf any.e uppercase
Convert all the letters of the.key intokey preparing procedure as shown below:
matrix is constructed. Weillustrate the
Suppose the keyis "another
1 Convert the key into uppercase letters, the key become
Step
ANOTHER
letters in one row as shown
Step 2 Write the letters in the 5 x 5 matrix form, i.e., 5
below:
A N T H
E R R
not present in the key are
Step 3 The remaining letters of the alphabet which are

filled in the alphabetical order as shown below:

A N T H
R B D
F G IVJ K L
M P Q S U
W X Y Z

As we have to form 5 x5 matrix and there are total 26 alphabets, we have to omit
one alphabet. Generally we select such alphabet which occur less in the language, i.e.
thefrequency of that letter is less. Here we omit j. Still ifj occurs in the plaintext, i is
thereplacement for j in this particular example. If the key length is long, the message
is more secure. But cryptanalysis ofthe Playfairis easy as compared to modern ciphers

Encryption
mr
The next step is encryption where the two letters (a pair) of the plaintext is encrvpted
at a time. Take any pair of letters irom tne plaintext. The letters in the pair compare
rith the 5 x 5 key matrix. The letters in a pair may be in the same row, in the same
column, or in different rows and columns of the key matrix. The encryption procedure
steps:
is illustrated using the following
Step 1 Read a pair of letters trom.e prepared plaintext.If both the letters.of-pair
are on the same row, then each letter of a pair is replaced by the letter to
 Data Encryption Techniques
21
the right of that letter. If the letter in a pair is the last letter (rightmost) on
the row, then
replace it with the first letter of the same
Suppose the plaintext pair is "nt", then corresponding row. ciphertext is "OH".
Here n and t are on the same
row, so we select the right side letters from
the key matrix. The right side
letter of n is O and the t is H. Therefore "OH"
is the ciphertext for "nt".
Z and w becomes X, so "ZX" is
Similarly if the plaintext is "yw', then y becomes
the ciphertext for "yw". If the plaintext pair
1s "rd, then r is
replaced by B and d is replaced by E (as there is no letter
to the right of d, the first
letter from the same row, i.e., E, is selected. The
ciphertext for "rd" is "BE".
Step 2 f both the letters ofpair are in the same column, then each letter is
by the next letter (i.e., letter below the plaintext letter) replaced
in
If the letter in a pair is the last letter in the column, then the same column.
the first letter of the same column. replace it with
Suppose the plaintext pair is "em", then corresponding ciphertext is "FV".
Here e and m are in the same column, so we select the
next letter in thhe
same column from the
key matrix. The next letter of e is F and the m is V.
Therefore "FV" is the ciphertext for "em". If the
c is
plaintext pair is "cy", then
replaced by K and y is replaced by T (as there is no letter below y in
the same column, the first letter from the same
row, i.e., T, is selected. The
ciphertext for "cy" is "KT".
Step 3 If boththe letters of pair are neither in the same row
then the substitution for plaintext pair is based upon nor in the same column
their intersection in the
key matrix. Take the first letter from the plaintext pair. LOcate its position in
the key matrix. Then move across the row, 1.e., left or
right until it is lined
up with the second letter in pair. Then start with the second letter
a
and
move up and down the column until it is lined up with the first letter. The
letters at the intersections are the ciphertext for the said pair.
Suppose the plaintext pair is "gs"', then corresponding ciphertext is "KP".
We have to apply above steps on all the pairs of the
for the above plaintext is:
plaintext. The ciphertext

VRFKAFGONVNBULLMIZIHIEFESHZY
In this
cipher, there are 26 x 26 676 diagrams. The identification of individual
=

diagrams is more difficult, and also the frequencies of individual letters have
ranges which provide more security to this cipher. greater

Decryption
For decryption, the reverse process we have to follow.
Step 1 Break the ciphertext into pairs of letters:
VR FK AF GO NV
NB UL LM IZ IH
IE FE SH ZY
 Secuity

22
Information
and
Ciyptography

square
with the key "ANOTHER"
alphabet
ep 2 Same as encrvption, write down the
T
H
A N D
E R B L
IJ K
F G U
M P Q Z
X Y
V W letters of pair
If both the
ciphertext.
p5 Kead a pair of letters
from the prepared
letter of a pair is replaced by
the1 to letter
are on the same row, then each is the first
letter (lettmost) on
If the letter in a pair
he reft of that letter.
row.
the same
last letter of
the
the row, then replace it with column, then
each letter is replaced
in the same
in the same
ep 4 f both the letters.of pair are above the plaintext letter)
the previous letter (i.e., letter then replace
by in the column,
in a pair is the first letter
column. If the letter
1twitr the-tast 1etter of the same column.
the same row
nor in the same column,
neither in
Step 5 If both the letters of pair are
their intersection in the
is based upon
then the substitution for plaintext pair pair. Locate its position in
the first letter from the plaintext
keymatrix. Take i.e., right o r lett
until it is lined
matrix. Then move across the row,
the key second letter and
in a pair. Then
start with the
with the second letter
up with the first letter. The
move down and up the
column until it is lined up
for the said pair.
letters at the intersections are the ciphertext
direction from that used for
Transform the pairs of letters in the opposite
encryption:
LI VE IN AW
WE
OR LD FU LX LO
FB EA UT YZ
and substitutions
This message is now readable, although removing the extra spaces
for double letters makes it more readable:
We live in a world full of beauty.
Cryptanalysis of the Playfair cipher is easy, as for the same pair of letters always
converted into a same pair of ciphertext.

2.4.4 The Hill Cipher

The next classical cipher for encryption is the Hill cipher. It is a polygraphic substitution
cpher. The Hill cipher is based on linear algebra. Lester S. Hill was invented this
cIDher in 1929. It was the first cipher in which more than three symbols operate at

a time.

Working
The Hill cipher uses the basie matrix multiplication. So, the alphabets are converted
into numbers. Each letter fromA to 4 1s assigned a digit from 0 to 25 such as A = 0,
B - 1, C 2, - - - - . a n d z = 25. As t h e r e a r e total 26 l e t t e r s , t h e b a s e i s u s e d as 26.
 Data Encryption Techniques
23
The total encryption process is divided into three parts:
1. Preparing the Plaintext
2. Preparing the Key
3. Encryption
 2.4.5 Polyalphabetic Ciphers

Above ciphers aresimple substitution ciphers. They are not secure as the cryptanalysis
of these ciphers are easy due to frequency analysis. If the
large, cryptanalysis can.be_nmade. Given a sufficiently large ciphertext
is sufficiently
be broken. For large ciphertext, it is ciphertext, it can easily
possible to find out the letter
frequencies easily.
Therefore, to provide more security and solve the problem of
is a need to design a new cipher. frequency analysis, there
Polyalphabetic cipher solves this problem.In the
polyalphabetic cipher, a single letter of plaintext can be converted to several
letters of the ciphertext instead of just one letter different
The well-known polyalphabetic substitution cipher is
cipher, a set of related mon0alphabetic substitution Vigenere cipher. In this
ciphers. The Caesar cipher uses the shitt.of placesrules consists of the 26 Caesar
e A

shifts of O to 25. The key is the permutations of the whereas Vigenere cipher uses
In this cipher, there are 25 rows and 25 columns. alphabet called a Vigenere square.
as keys, where the row number
25 rows of this square can be_used
gives the amount it is shifted.
There are two different methods
to form a polyalphabetic cipher from
select all the 25 rows of the Vigenere
ciphers. In the first method during
encryption,
sauare one by one. Therefore, every 2 letter is Vigenere
second method, a key 1s created whnich gives encrypted with the same key. In the
This means only selected roWS AreUsea the order of the rows is to be selected.
Hor example, the key is created could be K
lnstead of all 25 rows of the Vigenere square.
(5, 2, 16) and then
repetition these
+hree rows is done. It means
everynrd letter is encrypted with the sameofkey. In
+hie cinher each single
leuterOLpiaLext 1s encrypted using only one key.
Therefore,
itworks like_monoalphabetic ciphers.
1igenere cipher, proposed Dy Blaise de
polyalphabetic substitutionbased cipher on Table Vigenere in the 16th century, is a
 Data Encryption Techniques
27
Table 2.1 The Vigenere table
b c d e f g h i j k 1 mn o p qr s t u v W X y Z
a A B C D E FG H. I J K L MN O PQR S TU V W X Y Z
bBC DE F GHI J K L M N OP QRS TUV W X Y ZA
c CD EF G HIJ K L M N O PQR S T U V W X Y Z A B
d DE FGHI J K L M N O P QR SS T U V W X Y Z A BC
e EF GH I J K L M N O P QR S T U V W X Y Z A B CD
fFG HI J K L M N 0 P QR S T U V W X Y Z A BC D E
gGH I J KL M N O P QR s T U v w X Y Z A BC D EF
h HI J K L M NO P Q RS T U V W X Y Z A B C D E FG
iI J KL MN O PQ R S T U V W X Y Z A B C D E FG H
JK L M N 0 P Q R S T UV W X Y Z A B C D E FG HI
k K L MN 0 P Q R S T U V W X Y Z A B C D E FGH I J
1 L M N OP RST U v W x Y z A B c D E F GHI JK
m MNo P R sTUv w x Y z A B c D E F G H I J KL
nNO P R S TU V W x Y z A B c D E F G H I J K L M
o 0 P R S TUV w x Y z A B C D E F G H I J K L M N
PP RS T U V W X Y Z A BC D E FGH I J KL M No
qQR S T U V W X Y Z A BC D EF GHI J K L M N 0 P
r R S T U V W X Y Z A B C D E FGH I J K L M N OP Q
s ST U V W XY Z A BC D E FG HI J K L M N O P Q R
UV W X Y Z A BC D EF G HI J KL M N O PQR S
u UV W X Y Z A B CD E F GHI J K L MN O P R S T
vVW X Y Z A B C DE F GHI J K L M N O P QR S T UU
w W X Y Z A BC D E FG HI J KL M NO P QRS T U V
xX Y z A B C D E F GHI J K L M N 0 P Q RST Uv w
yY Z A B C D E F G HI J K L M N o P QR STUv W X
z Z A B C D E F GH I J K L M NO P QRS TU V W X Y

There are 25 rows and 25 columns in the Vigenere.square. Each row of the table
first row, a shift
corresponds to a Caesar cipher.,There is a shift of O positions in the
position in the n row.
of 1 position in the second row, a shift of
n

For example, the message 1s:

She is very happy and beautiful girl.

And the key is 'another'.

To encrypt this message, first write the key. The letters of the key is repeated as
many tmes as the length of the..plaintext..Write
the plaintext below the key so that
one letter of the plaintext is below the one letter of the plaintext.
thera nothe ranot heran
Keyword: anoth erano

ndbea
Plaintext: sheis veryh appya utifu lgirl
The ciphertext is generated using the. Vigenere square. Key letters indicate the
row and plaintext letters indicate the column. First find the intersection of the row
and column using each letter of the key with corresponding letter in the plaintext.
Note down all the intersections. This gives you the ciphertext.
 Security
28 Cryptography and
Information

below:
cipher is shown
Lne ciphertext generated using Vigenere
thera
nothe
ranot heran
Keyword: anoth erano
ndbea lgirl
utifu
Plaintext sheis veryh
ZVRLV
appya
TWTPA
ARULE LTVTN SKZRY
Ciphertext: SUSBZ
wrTte_the.letters of the
The decryption also followed the same procedure. Firstthe cipnertext below the
write
as we write for encryption. Then
Key in the s a m e way
letters of key as shown below:
thera nothe heran
ranot
Keyword: anoth erano

ZVRLV TWTPA
ARULE LTVTN SKZRY
Ciphertext: SUSBZ
and ciphertext letter indicate
decryption, the key letters indicate the column
For then select the
roW Correspond to the

row. Select the column for a key letter, and

plaintext letter.The intersection is the plaintext for
the corresponding Ciphertext letter,
The plaintext generated is shown below:
thera nothe ranot heran
Keyword anoth erano

ZVRLV TWTPA ARULE LTVTN SKZRY

Ciphertext: SUSBZ
APPYA NDBEA UTIFU LGIRL
Plaintext: SHEIS VERYH

In Vigenere cipher, for the plaintext there a r e multiple ciphertext. This

same
makes the cipher secure. For
helps to avoid the frequency analysis of the cipher and
example, in the above plaintext there are 3 e's that they have been encrypted by 'S,'
V, L, respectively. This helps to hide the count of occurrence of e in the plaintext. So,
it makes frequency analysis of the letters in the plaintext difficult. The implementation
of this cipher is easy.

Cryptanalysis of the Vigenere Cipher

The Vigenere cipher is secure from the attack using frequency analysis. But it is not
completely secure cipher. If the attacker is able to find out the length of the key,
then frequency analysis 1s possible. The chosen-plaintext attack is possible against
this cipher.

2.4.6 One-time Pad or Vernam Cipher

In 1918, Gilbert Verman developed a cipher called as one-time pad. It is the most secure
cryptographic algorithm. In this cipher, the key is a set of random numbers generated
by pseudo-random number generator. This generator 1s used only once to encrypt a
message. One-timepad and key 1s Used for decryption. Mauborgne developeda method
of one-time pad. A one-time pad 1s a very simple symmetric cipher. The key is selectea
randomly so that every time neW key 1s used for encryption. Therefore, for the same
message next time different ciphertext is generated, So, t is difficult to break this
inher. For decryption, same key 1s used, so secure
key transmission is the problem
of One-time Pad
Properties
1 T h e number of possible keys 1s equal to the number of possible plaintexts.
The key is selected at random.
2
3. Key should be used only once.