UNIT I INTRODUCTION 9

Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at Multiple
levels, Security Policies - Model of network security – Security attacks, services and mechanisms –
OSI security architecture – Classical encryption techniques: substitution techniques, transposition
techniques, steganography).- Foundations of modern cryptography: perfect security – information
theory – product cryptosystem – cryptanalysis.

Important Terminologies

Plain text: An original message is known as the plaintext.

Cipher text: The coded message is called the cipher text.
Encryption: The process of converting from plaintext to cipher text is known as enciphering or
encryption.
Decryption: The process of converting from cipher text in to plain text is known as deciphering or
decryption.
Cryptography The many schemes used for encryption constitute the area of study known as
cryptography. Such a scheme is known as a cryptographic system or a cipher.
Cryptanalysis: Techniques used for deciphering a message without any knowledge of the
enciphering details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls
“breaking the code.”
Cryptology: The areas of cryptography and cryptanalysis together are called cryptology.

OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks, mechanisms, and services. These can be
defined briefly as follows:

Security attack – Any action that compromises the security of information owned by an
organization
Security mechanism – A mechanism that is designed to detect, prevent or recover from a security
attack
Security service – A service that enhances the security of the data processing systems and the
information transfers of an organization.
SECURITY ATTACK
There are two types of attacks
• Passive attacks
• Active attacks
Passive attack
Passive attacks attempt to learn or make use of information from the system but do not affect
system resources. The goal of the opponent is to obtain information that is being transmitted.
Passive attacks are of two types
➢ Release of message contents
➢ Traffic analysis:
Release of message contents: The opponent would learn the contents of the transmission. A
telephone conversation, an e-mail message and a transferred file may contain sensitive or
confidential information. We would like to prevent the opponent from learning the contents of
these transmissions.
Traffic analysis: The opponent could determine the location and identity of communicating
hosts and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was taking
place. Passive attacks are very difficult to detect, because they do not involve any alteration of
the data. However, it is feasible to prevent the success of these attacks.
Active attacks
These attacks involve some modification of the data stream or the creation of a false stream.

Active attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity. Here, the attacker capturers the
authentication and impersonifies the sender.

Replay – The attacker captures the message and retransmits the message without modification to
produce unauthorized effect.
 Modification of messages – The attacker captures the message and retransmits the message with
modification to produce unauthorized effect.

Denial of service – The attacker may suppress all messages directed to a particular destination.
Another form of service denial is the disruption of an entire network, either by disabling the network
or by overloading it with messages so as to degrade performance.
It is quite difficult to prevent active attacks absolutely, because to do so would require
physical protection of all communication facilities and paths at all times. Instead, the goal is to detect
them and to recover from any disruption or delays caused by them.

SECURITY SERVICES
X.800 defines a security service as a service that is provided by a protocol layer of communicating
open systems and that ensures adequate security of the systems or of data transfers.
The classification of security services are as follows:

(i) Authentication: The authentication service is concerned with assuring that a communication is
authentic.
Two specific authentication services are defined in X.800:
• Peer entity authentication: Provide confidence in the identity of entities connected.
• Data origin authentication: Provide assurance that the source of received data is as claimed.

(ii) Access control: Access control is the ability to limit and control the access to host systems and
applications.

(iii) Data Confidentiality: Confidentiality is the protection of transmitted data from passive attacks.
• Connection Confidentiality
The protection of all user data on a connection
• Connectionless Confidentiality
The protection of all user data in a single data block
• Selective-Field Confidentiality
The confidentiality of selected fields within the user data on a connection or in a single data
block
• Traffic-Flow Confidentiality
The protection of the information that might be derived from observation of traffic flows
(iv)Data Integrity: The assurance that data received are exactly as sent by an authorized entity.
• Connection Integrity with Recovery
Provides for the integrity of all user data on a connection and detects any modification,
insertion, deletion, or replay of any data within an entire data sequence, with recovery
attempted.
• Connection Integrity without Recovery
As above, but provides only detection without recovery.
• Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user data of a data block transferred
over a connection and takes the form of determination of whether the selected fields have
been modified, inserted, deleted, or replayed.
• Connectionless Integrity
Provides for the integrity of a single connectionless data block and may take the form of
detection of data modification. Additionally, a limited form of replay detection may be
provided.
• Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single connectionless data block;
takes the form of determination of whether the selected fields have been modified.

(v)Non repudiation: Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
• Nonrepudiation, Origin
Proof that the message was sent by the specified party
• Nonrepudiation, Destination
Proof that the message was received by the specified party

SECURITY MECHANISMS
• Encipherment:

It uses mathematical algorithm to transform data into a form that is not readily intelligible. It
depends upon encryption algorithm and key

• Digital signature:

Data appended to or a cryptographic transformation of a data unit that is to prove integrity of

data unit and prevents from forgery

• Access control

A variety of mechanisms that enforce access rights to resources.

• Data integrity

A variety of mechanism are used to ensure integrity of data unit

• Traffic padding

The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

• Notarization
The use of a trusted third party to assure certain properties of a data exchange
 A MODEL FOR NETWORK SECURITY
Encryption/Decryption methods fall into two categories.
Symmetric key
Public key
In symmetric key algorithms, the encryption and decryption keys are known both to sender and
receiver. The encryption key is shared and the decryption key is easily calculated from it. In many
cases, the encryption and decryption keys are the same. In public key cryptography, encryption key is
made public, but it is computationally infeasible to find the decryption key without the information
known to the receiver.

A message is to be transferred from one party to another across some sort of internet. The two parties,
who are the principals in this transaction, must cooperate for the exchange to take place. A logical
information channel is established by defining a route through the internet from source to destination
and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

All the techniques for providing security have two components:

• A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent.
• Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it from
any opponent.

This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should be
such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the
secret information to achieve a particular security service.

SYMMRTIC CIPHER MODEL

Symmetric encryption also referred to as conventional encryption or single-key encryption. Here, the
sender and recipient share a common key.

A symmetric encryption scheme has five ingredients

• Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.

Encryption algorithm: The encryption algorithm performs various substitutions and transformations
on the plaintext.

• Secret key: The secret key is also input to the encryption algorithm. The key is a value independent
of the plaintext and of the algorithm. The algorithm will produce a different output depending on the
specific key being used at the time. The exact substitutions and transformations performed by the
algorithm depend on the key.

• Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the
secret key. For a given message, two different keys will produce two different cipher texts. The cipher
text is an apparently random stream of data and, as it stands, is unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
cipher text and the secret key and produces the original plaintext.

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm.
2. Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure.

It is impractical to decrypt a message on the basis of the cipher text plus knowledge of the
encryption/decryption algorithm. In other words, we do not need to keep the algorithm secret; we
need to keep only the key secret.
 Model of symmetric cryptosystem

A source produces a message in plaintext

X = [X1, X2,..., XM].
M- elements of X are letters.
For encryption, a key of the form
K = [K1, K2, …, KJ] is generated.
If the key is generated at the message source, then it must also be provided to the destination by
means of some secure channel. Alternatively, a third party could generate the key and securely deliver
it to both source and destination.
With the message X and the encryption key K as input, the encryption algorithm forms the
cipher text
Y = [Y1, Y2,…, YN].
Y = E(K, X)
Y- cipher text
E- Encryption algorithm
K- Key
X-Plain text
At the receiver side the transformation:
X = D(K, Y)
Y- cipher text
D-Decryption algorithm
K- Key
X-Plain text
If the opponent is interested in only this particular message only, tries to find the message
estimate . But when the opponent is interested in the current and future messages, tries to find key

estimate .
Cryptographic systems are generally classified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text
All the encryption algorithms are based on two general principles:
➢ Substitution, in which each element in the plaintext is mapped into another
element
➢ Transposition, in which elements in the plaintext are rearranged.
 The number of keys used
➢ If the sender and receiver uses same key then it is said to be symmetric key
(or) single key (or) conventional encryption.
➢ If the sender and receiver use different keys then it is said to be public key
encryption.
The way in which the plain text is processed
➢ A block cipher processes the input and block of elements at a time, producing
output block for each input block.
➢ A stream cipher processes the input elements continuously, producing output
element one at a time, as it goes along.

CRYPTANALYSIS AND BRUTE-FORCE ATTACK

There are two general approaches to attacking a conventional encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm and some knowledge of the
general characteristics of the plaintext or even some sample plaintext–cipher text pairs.
• Brute-force attack: The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained.

There are various types of cryptanalytic attacks based on the amount of information known to the
cryptanalyst.
Type of Attack Known to Cryptanalyst
Cipher text Only • Encryption algorithm
• Cipher text
Known Plaintext • Encryption algorithm
• Cipher text
• One or more plaintext–cipher text pairs formed with the secret key
Chosen • Encryption algorithm
Plaintext • Cipher text
• Plaintext message chosen by cryptanalyst, together with its corresponding
Cipher text generated with the secret key
Chosen Cipher • Encryption algorithm
text • Cipher text
• Cipher text chosen by cryptanalyst, together with its corresponding
decrypted plaintext generated with the secret key
Chosen Text • Encryption algorithm
• Cipher text
• Plaintext message chosen by cryptanalyst, together with its corresponding
Cipher text generated with the secret key
• Cipher text chosen by cryptanalyst, together with its corresponding
decrypted plaintext generated with the secret key

Encryption algorithms are to be

➢ Unconditionally secure
➢ Computationally secure

An encryption scheme is unconditionally secure if the cipher text generated by the scheme does
not contain enough information to determine uniquely the corresponding plaintext.
An encryption scheme is said to be computationally secure

➢ If the cost of breaking the cipher exceeds the value of the encrypted information
➢ If the time required to break the cipher exceeds the useful lifetime of the information.
 I .SUBSTITUTION TECHNIQUES

• A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols.
• Substitution ciphers can be categorized as either
i) Monoalphabetic ciphers or ii) polyalphabetic ciphers.
• In monoalphabetic substitution, the relationship between a symbol in the plaintext to a
symbol in the ciphertext is always one-to-one.
• In polyalphabetic substitution, each occurrence of a character may have a different
substitute. The relationship between a character in the plaintext to a character in the
ciphertext is one-to-many.

Various substitution ciphers are

(i) Caesar Cipher

(ii) Mono alphabetic cipher

(iii) Playfair cipher

(iv) Hill cipher

(v) Poly alphabetic cipher

(vi) Vignere cipher

(i)CAESAR CIPHER (OR) SHIFT CIPHER

Caeser cipher was proposed by Julius Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the letter standing 3 places further down the alphabet.

Let us assign a numerical equivalent to each letter:

Note that the alphabet is wrapped around, so that letter following ‘z’ is ‘a’.
For each plaintext letter p, substitute the cipher text letter c such that
c = E(3, p) = (p+3) mod 26
Decryption is
p=D(3,c)=(c-3) mod 26
The general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25.
The decryption algorithm is simply
p = D(k, c) = (C - k) mod 26
If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: simply try all the 25 possible keys.
Cryptanalysis of Caesar Cipher
1. The encryption and decryption algorithms are known
2. There are only 25 possible keys. Hence brute force attack takes place
3. The language of the plaintext is known and easily recognizable

Brute-Force Cryptanalysis of Caesar Cipher

(ii) MONOALPHABETIC CIPHER
• Each plaintext letter maps to a different random cipher text letter
• Here, 26! Possible keys are used to eliminate brute force attack
There is, however, another line of attack. If the cryptanalyst knows the nature of the plaintext (e.g.,
non-compressed English text), then the analyst can exploit the regularities of the language.

As a first step, the relative frequency of the letters can be determined and compared to a standard
frequency distribution for English
 Relative frequency of letters in English text

Only four letters have been identified, but already we have quite a bit of the message. Continued
analysis of frequencies plus trial and error should easily yield a solution from this point. The complete
plaintext, with spaces added between words, follows:
(iii) PLAYFAIR CIPHER

The best known multiple letter encryption cipher is the playfair, which treats digrams in the
plaintext as single units and translates these units into cipher text digrams. The playfair algorithm is
based on the use of 5x5 matrix of letters constructed using a keyword.
Let the keyword be “monarchy‟.
The matrix is constructed by
• Filling in the letters of the keyword from left to right and from top to bottom
• Duplicates are removed
• Remaining unfilled cells of the matrix is filled with remaining alphabets in
alphabetical order.
The matrix is 5x5. It can accommodate 25 alphabets. To accommodate the 26th alphabet I and J are
counted as one character.

Rules for encryption

• Repeating plaintext letters that would fall in the same pair are separated with a filler letter
such as ‘x’.
• Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
• Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as
CM.
• Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own
row and the column occupied by the other plaintext letter. Thus, hs becomes BP and
ea becomes IM (or JM, as the encipherer wishes).
Example

Plain text: Balloon

Ba ll oo n

Ba lx lo on

Ba→I/JB

lx→SU

lo→PM

on→NA

Strength of playfair cipher

Playfair cipher is a great advance over simple mono alphabetic ciphers.
Since there are 26 letters, 26x26 = 676 diagrams are possible, so identification of individual digram
is more difficult.
Frequency analysis is much more difficult.
Disadvantage
Easy to break because it has the structure and the resemblance of the plain text language
(iv) HILL CIPHER
It is a multi-letter cipher. It is developed by Lester Hill. The encryption algorithm takes m successive
plaintext letters and substitutes for them m cipher text letters. The substitution is determined by m
linear equations in which each character is assigned numerical value (a=0,b=1…z=25). For m =3 the
system can be described as follows:

C=KP mod 26
Decryption

Decryption algorithm is done as P=K-1C mod 26

Example 1

Plain Text= ‘PAY’

Key= RRFVSVCCT

Encryption

Decryption

P=K-1C mod 26

Det(K)=17(342-42)-17(399-42)+5(42-36)= -939
adj(K)=

P=

939y

(939*1)%26=3
(939*2)%26=6

……..
(939*9)%26=1
Therefore, y=9

Covert the negative number in to

positive number

Ie -11=➔26-11=15
= =

Example 2

Plain Text= ‘ACT’

Key= GYBNQKURP
Encryption
Decryption

P=K-1C mod 26

Det(K)=6(16*15-17*10)-24(15*13-20*10)+1(17*13-20*16)= 441

adj(K)=

P=

441y

(441*1)%26=25

(441*2)%26=24

……..

(441*25)%26=1

Therefore, y=25

= =
Merits and Demerits
• Completely hides single letter and 2 letter frequency information.
• Easily attacked with known plain text attack

(v)POLYALPHABETIC CIPHERS

Poly alphabetic cipher is a simple technique to improve mono-alphabetic technique.

The features are
A set of related mono-alphabetic substitution rules are used
A key determines which particular rule is chosen for a given transformation.

Example: Vigenere Cipher

Each of the 26 ciphers is laid out horizontally, with the key letter for each cipher to its left. A
normal alphabet for the plaintext runs across the top. The process of encryption is simple: Given a key
letter x and a plaintext letter y, the cipher text is at the intersection of the row labelled x and the
column labelled y; in this case, the cipher text is V. To encrypt a message, a key is needed that is as
long as the message. Usually, the key is a repeating keyword.
Key=deceptive
Plain text= we are discovered save yourself
e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e
PT = w e a r e d i s c o v e r e d s a v e y o u r s e l f
CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Decryption is equally simple. The key letter again identifies the row. The position of the cipher text
letter in that row determines the column, and the plaintext letter is at the top of that column.

Strength of Vigenere cipher

o There are multiple ciphertext letters for each plaintext letter.
o Letter frequency information is obscured

(vi) VERNAM CIPHER or ONE-TIME PAD

It is an unbreakable cryptosystem. It represents the message as a sequence of 0s and 1s. This
can be accomplished by writing all numbers in binary, for example, or by using ASCII. The key is a
random sequence of 0‟s and 1‟s of same length as the message. Once a key is used, it is discarded and
never used again.
The system can be expressed as follows:
 Ci = Pi Ki
Ci - ith binary digit of cipher text Pi - ith binary digit of plaintext Ki - ith binary digit of key
 – exclusive OR operation
Thus the cipher text is generated by performing the bitwise XOR of the plaintext and the key.
Decryption uses the same key. Because of the properties of XOR, decryption simply involves the
same bitwise operation:
Pi = Ci  Ki
Cipher Text: SCVC

Plain text: R O C K

Keyword: B O T S

Cipher Text= (Plain text+Keyword)mod 26

R(17) O(14) C(2) K(10)

B(1) O(14) T(19) S(18)

18(S) 28(C) 21(V) 28(C)

Cipher Text= SCVC

Advantages
• It is unbreakable since cipher text bears no statistical relationship to the plaintext
• Not easy to break
Drawbacks
• Practically impossible to generate a random key as to the length of the message
• The second problem is that of key distribution and key protection.
Due to the above two drawbacks, one time pad is of limited use and is used for low band width
channel which needs high security.

II .TRANSPOSITION TECHNIQUES
A very different kind of mapping is achieved by performing some sort of permutation on the
plaintext letters. This technique is referred to as a transposition cipher.
RAIL FENCE CIPHER
It is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows.
Plaintext = meet at the school house
To encipher this message with a rail fence of depth 2,
We write the message as follows:
m e a t e c o l o s
e t t h s h o h u e
The encrypted message Cipher text MEATECOLOSETTHSHOHUE
ROW TRANSPOSITION CIPHERS-
A more complex scheme is to write the message in a rectangle, row by row, and read the message off,
column by column, but permute the order of the columns. The order of columns then becomes the key
of the algorithm.
e.g., plaintext = meet at the school house
Key = 4 3 1 2 5 6 7
PT = m e e t a t t
hes choo
l hous e
CT = ESOTCUEEHMHLAHSTOETO
Demerits
• Easily recognized because the frequency is same in both plain text and cipher text.
• Can be made secure by performing more number of transpositions.

STEGANOGRAPHY
In Steganography, the plaintext is hidden. The existence of the message is concealed. For example,
the sequence of first letters of each word of the overall message spells out the hidden message.
Various other techniques have been used historically; some examples are the following:
• Character marking: Selected letters of printed or typewritten text are overwritten in pencil. The
marks are ordinarily not visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing but leave no visible trace until heat or
some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is
held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of typing
with the correction tape are visible only under a strong light.
Drawback
• It requires a lot of overhead to hide a relatively few bits of information.
• Once the system is discovered, it becomes virtually worthless