EnggTree.com EnggTree.

com

Passive attacks are of two types

 Release of message contents
 Traffic analysis
OSI SECURITY ARCHITECTURE
Release of message contents: The opponent would learn the contents of the
The OSI security architecture focuses on security attacks, mechanisms, and
transmission. A telephone conversation, an e-mail message and a transferred
services. These can be defined briefly as follows: file may contain sensitive or confidential information. We would like to
Security attack – Any action that compromises the security of information owned prevent the opponent from learning the contents of these transmissions.
by an organization Traffic analysis: The opponent could determine the location and identity of
Security mechanism – A mechanism that is designed to detect, prevent or recover communicating hosts and could observe the frequency and length of
from a security attack messages being exchanged. This information might be useful in guessing the
Security service – A service that enhances the security of the data processing nature of the communication that was taking place. Passive attacks are very
systems and the information transfers of an organization. difficult to detect, because they do not involve any alteration of the data.
However, it is feasible to prevent the success of these attacks.
SECURITY ATTACK Active attacks
These attacks involve some modification of the data stream or the creation of a
There are two types of attacks false stream.
 Passive attacks
 Active attacks

Passive attack
Passive attacks attempt to learn or make use of information from the system
but do not affect system resources. The goal of the opponent is to obtain
information that is being transmitted.
Active attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity. Here, the attacker
capturers the authentication and impersonifies the sender.

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com EnggTree.com

Replay – The attacker captures the message and retransmits the message without
modification to produce unauthorized effect.

(i) Authentication: The authentication service is concerned with assuring that a

communication is authentic.
Modification of messages – The attacker captures the message and retransmits the
Two specific authentication services are defined in X.800:
message with modification to produce unauthorized effect.
 Peer entity authentication: Provide confidence in the identity of entities
connected.
 Data origin authentication: Provide assurance that the source of received
data is as claimed.

(ii) Access control: Access control is the ability to limit and control the access to
host systems and applications.

(iii) Data Confidentiality: Confidentiality is the protection of transmitted data

Denial of service – The attacker may suppress all messages directed to a particular from passive attacks.
destination. Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages so as to degrade
performance.  Connection Confidentiality
It is quite difficult to prevent active attacks absolutely, because to do so The protection of all user data on a connection
would require physical protection of all communication facilities and paths at all  Connectionless Confidentiality
times. Instead, the goal is to detect them and to recover from any disruption or The protection of all user data in a single data block
delays caused by them.  Selective-Field Confidentiality
The confidentiality of selected fields within the user data on a connection or
SECURITY SERVICES in a single data block
X.800 defines a security service as a service that is provided by a protocol layer of  Traffic-Flow Confidentiality
communicating open systems and that ensures adequate security of the systems or The protection of the information that might be derived from observation of
of data transfers. traffic flows
The classification of security services are as follows:
(iv)Data Integrity: The assurance that data received are exactly as sent by an
authorized entity.

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com EnggTree.com

 Connection Integrity with Recovery A variety of mechanisms that enforce access rights to resources.
Provides for the integrity of all user data on a connection and detects any
modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.  Data integrity
 Connection Integrity without Recovery A variety of mechanism are used to ensure integrity of data unit
As above, but provides only detection without recovery.
 Selective-Field Connection Integrity  Traffic padding
Provides for the integrity of selected fields within the user data of a data
block transferred over a connection and takes the form of determination of The insertion of bits into gaps in a data stream to frustrate traffic analysis
whether the selected fields have been modified, inserted, deleted, or attempts.
replayed.
 Connectionless Integrity  Notarization
Provides for the integrity of a single connectionless data block and may take The use of a trusted third party to assure certain properties of a data
the form of detection of data modification. Additionally, a limited form of exchange
replay detection may be provided.
 Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single connectionless
data block; takes the form of determination of whether the selected fields
have been modified.

(v)Non repudiation: Provides protection against denial by one of the entities

involved in a communication of having participated in all or part of the
communication.
 Nonrepudiation, Origin
Proof that the message was sent by the specified party
 Nonrepudiation, Destination
Proof that the message was received by the specified party

SECURITY MECHANISMS
 Encipherment:
It uses mathematical algorithm to transform data into a form that is not
readily intelligible. It depends upon encryption algorithm and key

 Digital signature:
Data appended to or a cryptographic transformation of a data unit that is to
prove integrity of data unit and prevents from forgery

 Access control

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com EnggTree.com

defining a route through the internet from source to destination and by the
cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
A MODEL FOR NETWORK SECURITY
All the techniques for providing security have two components:
Encryption/Decryption methods fall into two categories.
 A security-related transformation on the information to be sent. Examples
 Symmetric key
include the encryption of the message, which scrambles the message so that
 Public key
it is unreadable by the opponent.
In symmetric key algorithms, the encryption and decryption keys are known both
 Some secret information shared by the two principals and, it is hoped,
to sender and receiver. The encryption key is shared and the decryption key is
unknown to the opponent. An example is an encryption key used in
easily calculated from it. In many cases, the encryption and decryption keys are the
conjunction with the transformation to scramble the message before
same. In public key cryptography, encryption key is made public, but it is
transmission
computationally infeasible to find the decryption key without the information
known to the receiver.
A trusted third party may be needed to achieve secure transmission. For
example, a third party may be responsible for distributing the secret information to
the two principals while keeping it from any opponent.

This general model shows that there are four basic tasks in designing a particular
security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.
A message is to be transferred from one party to another across some sort of
internet. The two parties, who are the principals in this transaction, must cooperate
for the exchange to take place. A logical information channel is established by

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com EnggTree.com

SUBSTITUTION TECHNIQUES
Let us assign a numerical equivalent to each letter:

 A substitution technique is one in which the letters of plaintext are

replaced by other letters or by numbers or symbols.
 Substitution ciphers can be categorized as either
i) Monoalphabetic ciphers or ii) polyalphabetic ciphers.
 In monoalphabetic substitution, the relationship between a symbol
in the plaintext to a symbol in the ciphertext is always one-to-one.
Note that the alphabet is wrapped around, so that letter following ‘z’ is ‘a’.
 In polyalphabetic substitution, each occurrence of a character may
For each plaintext letter p, substitute the cipher text letter c such that
have a different substitute. The relationship between a character in c = E(3, p) = (p+3) mod 26
the plaintext to a character in the ciphertext is one-to-many.
Various substitution ciphers are Decryption is
(i) Caesar Cipher p=D(3,c)=(c-3) mod 26
(ii) Mono alphabetic cipher
(iii) Playfair cipher The general Caesar algorithm is
(iv) Hill cipher C = E(k, p) = (p + k) mod 26
(v) Poly alphabetic cipher where k takes on a value in the range 1 to 25.
(vi) Vignere cipher
(i)CAESAR CIPHER (OR) SHIFT CIPHER The decryption algorithm is simply
Caeser cipher was proposed by Julius Caesar. The Caesar cipher involves replacing p = D(k, c) = (C - k) mod 26
each letter of the alphabet with the letter standing 3 places further down the
alphabet.

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com
If it is known that a given cipher text is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys.
Cryptanalysis of Caesar Cipher
1. The encryption and decryption algorithms are known
2. There are only 25 possible keys. Hence brute force attack takes place
3. The language of the plaintext is known and easily recognizable
(ii) MONOALPHABETIC CIPHER
 Each plaintext letter maps to a different random cipher text letter
 Here, 26! Possible keys are used to eliminate brute force attack
There is, however, another line of attack. If the cryptanalyst knows the nature of
the plaintext (e.g., non-compressed English text), then the analyst can exploit the
regularities of the language.
As a first step, the relative frequency of the letters can be determined and
compared to a standard frequency distribution for English
Downloaded From EnggTree.com
EnggTree.com
Continued analysis of frequencies plus trial and error should easily yield a solution.
(iii) PLAYFAIR CIPHER
The best known multiple letter encryption cipher is the playfair, which treats
digrams in the plaintext as single units and translates these units into cipher text
digrams. The playfair algorithm is based on the use of 5x5 matrix of letters
constructed using a keyword.
Let the keyword be “monarchy‟.
The matrix is constructed by
 Filling in the letters of the keyword from left to right and from top to
bottom
 Duplicates are removed
 Remaining unfilled cells of the matrix is filled with remaining
alphabets in alphabetical order.
The matrix is 5x5. It can accommodate 25 alphabets. To accommodate the 26 th
alphabet I and J are counted as one character.
Rules for encryption
 Repeating plaintext letters that would fall in the same pair are separated with
a filler letter such as ‘x’.
 Two plaintext letters that fall in the same row of the matrix are each replaced
by the letter to the right, with the first element of the row circularly
following the last. For example, ar is encrypted as RM.
Downloaded From EnggTree.com
 EnggTree.com EnggTree.com

 Two plaintext letters that fall in the same column are each replaced by the
letter beneath, with the top element of the column circularly following the (iv) HILL CIPHER
last. For example, mu is encrypted as CM. It is a multi-letter cipher. It is developed by Lester Hill. The encryption algorithm
 Otherwise, each plaintext letter in a pair is replaced by the letter takes m successive plaintext letters and substitutes for them m cipher text letters.
The substitution is determined by m linear equations in which each character is
that lies in its own row and the column occupied by the other
assigned numerical value (a=0,b=1…z=25). For m =3 the system can be described
plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM,
as follows:
as the encipherer wishes).
Example
Plain text: Balloon
Ba ll oo n
Ba lx lo on
BaI/JB
lxSU
loPM C=KP mod 26
onNA C and P are column vectors of length 3 representing the cipher and plain text
respectively.
Strength of playfair cipher Consider the message 'ACT', and
 Playfair cipher is a great advance over simple mono alphabetic ciphers.
 Since there are 26 letters, 26x26 = 676 diagrams are possible, so
identification of individual digram is more difficult.
 Frequency analysis is much more difficult. The key below (or GYBNQKURP in letters)

Disadvantage
Easy to break because it has the structure and the resemblance of the plain text
language
Thus the enciphered vector is given by:

Downloaded From EnggTree.com Downloaded From EnggTree.com

 EnggTree.com EnggTree.com

The features are

-alphabetic substitution rules are used

which corresponds to a ciphertext of 'POH’

Example: Vigenere Cipher

Decryption

Each of the 26 ciphers is laid out horizontally, with the key letter for each
Decryption algorithm is done as P=K-1C mod 26
cipher to its left. A normal alphabet for the plaintext runs across the top. The
In order to decrypt, we turn the ciphertext back into a vector, then simply multiply
process of encryption is simple: Given a key letter x and a plaintext letter y, the
by the inverse matrix of the key matrix (IFKVIVVMI in letters).
cipher text is at the intersection of the row labelled x and the column labelled y; in
this case, the cipher text is V. To encrypt a message, a key is needed that is as long
as the message. Usually, the key is a repeating keyword.
Key=deceptive
Cipher text of 'POH'
Plain text= we are discovered save yourself
e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e

PT = w e a r e d i s c o v e r e d s a v e y o u r s e l f
Now gets us back the plain text 'ACT'
CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Merits and Demerits

Decryption is equally simple. The key letter again identifies the row. The position
 Completely hides single letter and 2 letter frequency information.
of the cipher text letter in that row determines the column, and the plaintext letter
 Easily attacked with known plain text attack
is at the top of that column.

(v)POLYALPHABETIC CIPHERS

Poly alphabetic cipher is a simple technique to improve mono-alphabetic

technique.

Downloaded From EnggTree.com Downloaded From EnggTree.com