Module 1 Focus - Merged
Module 1 Focus - Merged
Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed
using the
same key.
Symmetric encryption transforms plaintext into cipher text using a secret key and an encryption
algorithm.
Using the same key and a decryption algorithm, the plaintext is recovered from the cipher text.
o Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
on the plaintext.
o Secret key: The secret key is also input to the encryption algorithm. The key is a value independent
o Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the
secret key. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
o Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the secret key and produces the original plaintext.
transformations on the plaintext. It takes in plaintext and key and gives the cipher text.
Secret key: The key is a value independent of the plaintext and of the algorithm. Different keys will
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the
secret key.
Decryption algorithm: Runs on the cipher text and the key to produce the plaintext.This is
essentially the
1. Substitution Techniques
Substitution techniques replace characters or bits of plaintext with other characters, numbers, or
symbols.
Examples:
• Caesar Cipher:
o Shifts each letter of the plaintext by a fixed number of positions in the alphabet.
• Monoalphabetic Cipher:
o Maps each plaintext letter to a different ciphertext letter using a substitution table.
• Playfair Cipher:
o Uses a 5×55 \times 55×5 matrix of letters for substitution, encrypting digrams (pairs
of letters).
2. Transposition Techniques
Transposition techniques rearrange the order of characters in plaintext without changing the
characters themselves.
Examples:
o Writes plaintext in a zigzag pattern across multiple rows, then reads row by row.
o Example:
▪ Plaintext: HELLOWORLD\text{HELLOWORLD}HELLOWORLD
• Message Confidentiality − The principle of confidentiality defines that only the sender and
the intended recipient should be capable to create the element of the message. It protects
the transmitted data from passive attack.
Likewise, when a message is received, the sender can validate that the asserted receiver actually
received the message.
• Access Control − The principle of access control decides who should be capable to access
information or system through communication link. It supports the avoidance of
unauthorized use of a resource.
• Data Integrity − Data integrity is designed to secure information from modification, insertion,
deletion and rehashing by any entity. Data integrity can be used to a flow of message, an
individual message or a selected portion inside a message. Data integrity can be used to
support total stream protection.
An encryption algorithm is composed of several key components that work together to transform
plaintext into ciphertext and vice versa. Here are the components:
---
### **1. Plaintext**
- **Definition:** The original, unencrypted data or message that needs to be protected.
- **Example:** A text message, file, or email in its readable format.
---
---
---
---
---
These components ensure secure data communication and are the foundation of modern cryptographic
systems.
---
- **Definition:** The size of the data block processed at a time (in bits).
- **Impact:**
- Larger block sizes offer stronger security but require more memory and processing power.
- Common block sizes: 64 bits (e.g., DES) and 128 bits (e.g., AES in Feistel-based variants).
---
- **Impact:**
- Larger key sizes enhance security by increasing the difficulty of brute-force attacks.
- Typical key sizes: 56 bits (DES), 128, 192, or 256 bits (modern ciphers).
---
- **Definition:** The number of iterations the algorithm performs to transform the plaintext into
ciphertext.
- **Impact:**
- Common: DES uses 16 rounds, while some modern ciphers use more.
---
- **Impact:**
- A good subkey generation algorithm ensures that keys are highly uncorrelated and sufficiently
random.
---
- **Definition:** The core function applied in each round to one half of the data block.
- **Impact:**
---
- **Impact:**
---
- **Definition:** The cipher's resistance to cryptanalysis while still being mathematically analyzable.
- **Impact:**
- A well-designed Feistel cipher balances complexity and transparency, making it secure yet
understandable for verification.
---
### **Key Advantages of Feistel Cipher Design**
- **Symmetric structure:** Enables the same algorithm to be used for both encryption and
decryption.
- **Flexibility:** Adjusting parameters like block size, key size, and number of rounds allows tailoring
for specific security and performance needs.
Network Security has several benefits, some of which are mentioned below:
• Network Security helps in protecting clients’ information and data which ensures reliable
access and helps in protecting the data from cyber threats.
• Network Security protects the organization from heavy losses that may have occurred from
data loss or any security incident.
• It overall protects the reputation of the organization as it protects the data and confidential
items.
• Protection from Unauthorized Access: Network security measures such as firewalls and
authentication systems prevent unauthorized users from accessing sensitive information or
disrupting network operations.
• Data Confidentiality: Encryption technologies ensure that data transmitted over the network
remains confidential and cannot be intercepted by unauthorized parties.
• Prevention of Malware and Viruses: Network security solutions like antivirus software and
intrusion detection systems (IDS) detect and block malware, viruses, and other malicious
threats before they can infect systems.
• Secure Remote Access: Virtual private networks (VPNs) and other secure remote access
methods enable employees to work remotely without compromising the security of the
organization’s network and data.
The size of ciphertext is the same or smaller The size of ciphertext is the same or
than the original plaintext. larger than the original plaintext.
ECC, as the name implies, is an asymmetric encryption algorithm that employs the algebraic
architecture of elliptic curves with finite fields.
• While RSA’s security is dependent on huge prime numbers, ECC leverages the mathematical
theory of elliptic curves to achieve the same level of security with considerably smaller keys.
1. ECC keys:
• Private key: ECC cryptography’s private key creation is as simple as safely producing a
random integer in a specific range, making it highly quick. Any integer in the field represents
a valid ECC private key.
• Public keys: Public keys within ECC are EC points, which are pairs of integer coordinates x,
and y that lie on a curve. Because of its unique features, EC points can be compressed to a
single coordinate + 1 bit (odd or even). As a result, the compressed public key corresponds to
a 256-bit ECC.
2. Generator Point:
• ECC cryptosystems establish a special pre-defined EC point called generator point G (base
point) for elliptic curves over finite fields, which can generate any other position in its
subgroup over the elliptic curve by multiplying G from some integer in the range [0…r].
• Elliptic curve subgroups typically contain numerous generator points, but cryptologists
carefully select one of them to generate the entire group (or subgroup), and is excellent for
performance optimizations in calculations. This is the “G” generator.
• Diffie-Hellman: The basic public-key cryptosystem suggested for secret key sharing is the
Diffie-Hellman protocol. If A (Alice) and B (Bob) initially agree on a given curve, field size, and
mathematical type. They then distribute the secret key in the following manner. We can see
that all we need to build the Diffie-Hellman protocol is scalar multiplication.
• Elliptic Curve Digital Signature Algorithm (ECDSA): ECC is one of the most widely utilized
digital signature implementation approaches in cryptocurrencies. In order to sign
transactions, both Bitcoin and Ethereum use the field inverse multiplication, but also
arithmetic multiplication, inverse function, and modular operation.
• Online application: Moreover, ECC is not limited to cryptocurrencies. It is an encryption
standard that will be utilized by most online apps in the future due to its reduced key size
and efficiency. Most commonly used in cryptocurrencies such as Bitcoin and Ethereum, along
with single-way encryption of emails, data, and software.
Soln:
gcd(24140,16762) = 34.
Step 1 :
Divide 24140 by 16762 and get the remainder
Step 2 :
Divide 16762 by 7378 and get the remainder
Step 3 :
Divide 7378 by 2006 and get the remainder
Step 4 :
Divide 2006 by 1360 and get the remainder
Step 5 :
Divide 1360 by 646 and get the remainder
1360:646=2 ( remainder is 68 )
Step 6 :
Divide 646 by 68 and get the remainder
646:68=9 ( remainder is 34 )
Step 7 :
Divide 68 by 34 and get the remainder
68:34=2 ( remainder is 0 )
2414 1676
: = 1 remainder ( 7378 )
0 2
1676 737
: = 2 remainder ( 2006 )
2 8
737 20
: = 3 remainder ( 1360 )
8 06
20 13
: = 1 remainder ( 646 )
06 60
6
13
: 4 = 2 remainder ( 68 )
60
6
6
6 remainder
4 : = 9
8 ( 34 )
6
remain
6 3
: = 2 der
8 4
(0)
GCD = 34
Fermat’s little theorem states that if p is a prime number, then for any integer a, the number a p – a is
an integer multiple of p.
Special Case: If a is not divisible by p, Fermat’s little theorem is equivalent to the statement that a p-1-
1 is an integer multiple of p.
ap-1 ≡ 1 (mod p)
OR
ap-1 % p = 1
Here a is not divisible by p.
Example 1:
Let a = 2 and P = 17
2 17 - 1 ≡ 1 mod(17)
we got 65536 % 17 ≡ 1
---
Public key cryptography relies on the use of two mathematically related keys:
- **Public Key:** This key is shared publicly and is used for encrypting messages.
- **Private Key:** This key is kept secret and is used for decrypting messages encrypted with the
corresponding public key.
---
- **Decryption:** The recipient decrypts the message using their private key.
This ensures that only the intended recipient can read the message.
---
- Public key cryptography uses mathematical functions that are easy to compute in one direction
(encryption using a public key) but infeasible to reverse without the private key.
---
- Public key cryptography allows for digital signatures, which provide **authentication, integrity, and
non-repudiation**:
- The receiver can verify the signature using the sender's public key.
---
- Public key cryptography facilitates the secure exchange of symmetric keys in systems like HTTPS.
This hybrid approach combines the efficiency of symmetric encryption with the security of
asymmetric methods.
---
1. **Enhanced Security:** Private keys are not shared, reducing the risk of compromise.
---
Ans : triple des is an encryption algorithm based on the original data encryption standard it is a
symmetric encryption algorithm that uses multiple rounds of data encryption standard to improve
securities it is also known as triple d e s because it uses the data encryption standard cipher which
takes three times to encrypt its data it is essential block cipher use to encrypt data in 64 bit blocks
security wise it out performs the original data encryption standard however triple d e s is less
efficient and slower than advanced encryption standard aes
• It utilizers are triple layer of encryption which means it utilises three different keys to encrypt
the plane text three times
• It's a sports variable key size which range from 128 bits to 192 bits
• It basically involves the uses of a symmetric key encryption system which states that the
same case used for both encryption and decryption
• It is a block cipher encryption algorithm that works with 64 bit blocks of plane text at a time
• It is a suitable for legacy systems that requires secure encryption
Encryption process:-
• Key generation -this is the first step of encryption process of triple d e s in the system three
unit keys are generated using a key derivation algorithm
• Initial permutation-this is step comes after the process of key generation it invoice the
rearrangements of bits of the plain text according to a predefined permutation table
• Three rounds of encryption-this is regarded as the most important round of the encryption
process of triple des it consist of multiple rounds typically 48 rounds in total in the system
the plane text is processed three times and get encrypted each time we take use of different
keys to create three layers of encryption
• Final permutation-it completes the tripleds process in the system the resulting sephet text
blocks under goes a final permutation operation which which the inverse of the initial
permutation and returns the bits of the saffer text blocks to their original order
Advantage of triple d e s
• It provides three layer encryption techniques which provides and hand security features.
• it offers backward compatibility with the data encryption standard which means it can use
the legacy system that uses DES
• it support variable key sizes which lead to enhance security
• it is widely used encryption algorithm and is used with many encryption standards and
protocols
Applications of DeS
• Performance they algorithm is slower than newer encryption standards example aes due to
multiple rounds of processing
• Security councils do much stronger than d e s it is available to specific attacks likes meet in
the middle attacks and is no longer considered sector for most modern applications
RC4 is a stream cipher and variable-length key algorithm. This algorithm encrypts one byte at a time
(or larger units at a time). A key input is a pseudorandom bit generator that produces a stream 8-bit
number that is unpredictable without knowledge of input key, The output of the generator is called
key-stream, is combined one byte at a time with the plaintext stream cipher using X-OR operation.
Key-Generation Algorithm – A variable-length key from 1 to 256 bytes is used to initialize a 256-byte
state vector S, with elements S[0] to S[255]. For encryption and decryption, a byte k is generated
from S by selecting one of the 255 entries in a systematic fashion, then the entries in S are permuted
again.
Features of the RC4 encryption algorithm:
1. Symmetric key algorithm: RC4 is a symmetric key encryption algorithm, which means that
the same key is used for encryption and decryption.
2. Stream cipher algorithm: RC4 is a stream cipher algorithm, which means that it encrypts and
decrypts data one byte at a time. It generates a key stream of pseudorandom bits that are
XORed with the plaintext to produce the ciphertext.
3. Variable key size: RC4 supports variable key sizes, from 40 bits to 2048 bits, making it flexible
for different security requirements.
4. Fast and efficient: RC4 is a fast and efficient encryption algorithm that is suitable for low-
power devices and applications that require high-speed data transmission.
5. Widely used: RC4 has been widely used in various applications, including wireless networks,
secure sockets layer (SSL), virtual private networks (VPN), and file encryption.
6. Vulnerabilities: RC4 has several vulnerabilities, including a bias in the first few bytes of the
keystream, which can be exploited to recover the key. As a result, RC4 is no longer
recommended for use in new applications.
Advantages:
1. Fast and efficient: RC4 is a very fast and efficient encryption algorithm, which makes it
suitable for use in applications where speed and efficiency are critical.
2. Simple to implement: RC4 is a relatively simple algorithm to implement, which means that it
can be easily implemented in software or hardware.
3. Variable key size: RC4 supports variable key sizes, which makes it flexible and adaptable for
different security requirements.
4. Widely used: RC4 has been widely used in various applications, including wireless networks,
secure sockets layer (SSL), virtual private networks (VPN), and file encryption.
Disadvantages:
1. Vulnerabilities: RC4 has several known vulnerabilities that make it unsuitable for new
applications. For example, there is a bias in the first few bytes of the keystream, which can be
exploited to recover the key.
2. Security weaknesses: RC4 has some inherent weaknesses in its design, which make it less
secure than other encryption algorithms, such as AES or ChaCha20.
3. Limited key length: The maximum key length for RC4 is 2048 bits, which may not be
sufficient for some applications that require stronger encryption.
4. Not recommended for new applications: Due to its vulnerabilities and weaknesses, RC4 is
no longer recommended for use in new applications. Other more secure stream cipher
algorithms, such as AES-CTR or ChaCha20, should be used instead.
ECC, as the name implies, is an asymmetric encryption algorithm that employs the algebraic
architecture of elliptic curves with finite fields.
• Elliptic Curve Cryptography (ECC) is an encryption technology comparable to RSA
that enables public-key encryption.
• While RSA’s security is dependent on huge prime numbers, ECC leverages the
mathematical theory of elliptic curves to achieve the same level of security with
considerably smaller keys.
ECC RSA
Parameters
MD5 can have 128 bits length of message Whereas SHA1 can have 160
digest. bits length of message digest.
2. Integration: Since the content was digitally signed, it hasn’t been altered or interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all parties. The act of a
signer denying any affiliation with the signed material is known as repudiation.
Authentication Requirements:
• Revelation: It means releasing the content of the message to someone who does not have an
appropriate cryptographic key.
• Analysis of Traffic: Determination of the pattern of traffic through the duration of
connection and frequency of connections between different parties.
• Deception: Adding out of context messages from a fraudulent source into a communication
network. This will lead to mistrust between the parties communicating and may also cause
loss of critical data.
• Modification in the Content: Changing the content of a message. This includes inserting
new information or deleting/changing the existing one.
• Modification in the sequence: Changing the order of messages between parties. This
includes insertion, deletion, and reordering of messages.
• Modification in the Timings: This includes replay and delay of messages sent between
different parties. This way session tracking is also disrupted.
• Source Refusal: When the source denies being the originator of a message.
• Destination refusal: When the receiver of the message denies the reception.
MODULE 4
1. What is application level gateway?
• Application-level gateway is also called a bastion host. It operates at the application level.
Multiple application gateways can run on the same host but each gateway is a separate
server with its own processes.
• These firewalls, also known as application proxies, provide the most secure type of data
connection because they can examine every layer of the communication, including the
application data.
• Example: Consider FTP service. The FTP commands like getting the file, putting the file, listing
files, and positioning the process at a particular point in a directory tree. Some system admin
blocks put command but permits get command, list only certain files, or prohibit changing
out of a particular directory. The proxy server would simulate both sides of this protocol
exchange. For example, the proxy might accept get commands and reject put commands.
It works as follows:
Step-1: User contacts the application gateway using a TCP/IP application such as HTTP.
Step-2: The application gateway asks about the remote host with which the user wants to establish a
connection. It also asks for the user id and password that is required to access the services of the
application gateway.
Step-3: After verifying the authenticity of the user, the application gateway accesses the remote host
on behalf of the user to deliver the packets.
A virus is a fragment of code embedded in a legitimate program. Viruses are self-replicating and are
designed to infect other programs. They can wreak havoc in a system by modifying or destroying files
causing system crashes and program malfunctions. On reaching the target machine a virus
dropper(usually a trojan horse) inserts the virus into the system.
For more details, refer to this.
• File Virus:
This type of virus infects the system by appending itself to the end of a file. It changes the
start of a program so that the control jumps to its code. After the execution of its code, the
control returns back to the main program. Its execution is not even noticed. It is also called
a Parasitic virus because it leaves no file intact but also leaves the host functional.
• Macro Virus:
Unlike most viruses which are written in a low-level language(like C or assembly language),
these are written in a high-level language like Visual Basic. These viruses are triggered
when a program capable of executing a macro is run. For example, the macro viruses can be
contained in spreadsheet files.
• Source code Virus:
It looks for source code and modifies it to include virus and to help spread it.
• Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up virus
code). So in order to avoid detection by antivirus a polymorphic virus changes each time it is
installed. The functionality of the virus remains the same but its signature is changed.
• Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form. It carries a
decryption algorithm along with it. So the virus first decrypts and then executes.
• Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the
detection of viruses becomes very difficult. For example, it can change the read system call
such that whenever the user asks to read a code modified by a virus, the original form of
code is shown rather than infected code.
• Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in the
interrupt handler chain. Interception programs, which remain in the background of an
operating system and catch viruses, become disabled during the course of a tunneling virus.
Similar viruses install themselves in device drivers.
• Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot sector,
memory, and files. This makes it difficult to detect and contain.
• Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and understand. It uses
a variety of techniques to do so like fooling antivirus to believe that it lies somewhere else
than its real location or using compression to complicate its code.
• Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter the
browser settings. It is also called the browser redirect virus because it redirects your browser
to other malicious sites that can harm your computer system.
Resident viruses installation store for your RAM and meddle together along with your device
operations. They behave in a very secret and dishonest way that they can even connect themselves
for the anti-virus software program files.
• Overwrite virus:
This type of virus deletes the information contained in the file that it infects, rendering them partially
or totally is useless once they have been infected.
• Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the directory of the
computer by modifying the path that indicates the location of a file.
• Companion Virus:
This kind of virus usually use a similar file name and create a different extension of it. For example, if
there’s a file “Hello.exe”, the virus will create another file named “Hello.com” and will hide in the
new file
• FAT Virus:
The File Allocation Table is the part of the disk used to store all information about the location of
files, available space , unusable space etc.
This virus affects the FAT section and may damage crucial information
X.509 defines framework for authentication services by the X.500 directory to its users.X.509 defines
authentication protocols based on public key certificates.
X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or
International Telecommunication Union X.509 standard, in which the format of PKI certificates is
defined. X.509 digital certificate is a certificate-based authentication security framework that can be
used for providing secure transaction processing and private information. These are primarily used
for handling the security and identity in computer networking and internet-based communications.
Many protocols depend on X.509 and it has many applications, some of them are given below:
• Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer
(SSL) certificates
• Email certificates
• Code signing
• Digital Identities
The core of the X.509 authentication service is the public key certificate connected to each user.
These user certificates are assumed to be produced by some trusted certification authority and
positioned in the directory by the user or the certified authority. These directory servers are only
used for providing an effortless reachable location for all users so that they can acquire certificates.
X.509 standard is built on an IDL known as ASN.1. With the help of Abstract Syntax Notation, the
X.509 certificate format uses an associated public and private key pair for encrypting and decrypting
a message.
Once an X.509 certificate is provided to a user by the certified authority, that certificate is attached to
it like an identity card. The chances of someone stealing it or losing it are less, unlike other unsecured
passwords. With the help of this analogy, it is easier to imagine how this authentication works: the
certificate is basically presented like an identity at the resource that requires authentication.
Kerberos Requirements
• Secure – no masquerading
• Reliable – distributed server architecture
• Transparent – user unaware authentication is taking place
• Scalable – support large number of clients and servers
Example
Hash SHA-256, SHA-3 SHA-256, SHA-3, MD5
Functions
Weak collisions resistance: for any given block x, it is computationally infeasible to find y * x with H(y)
= H(x). it is proportional to 2n .
Strong collision resistance: it is computationally infeasible to find any pair (x,y) such that H(x)= H(y). it
is proportional to 2n/2
In internal error control, an error detecting code also known as frame check sequence
or checksum.
In external error control, error detecting codes are appended after encryption.
Error Detection Error control codes are added before Error control codes are added after
Placement encryption. encryption.
Less secure as error control operates on More secure since error control
Security plaintext, making it vulnerable to attacks if operates on ciphertext, protecting
intercepted. the integrity of encrypted data.
MODULE 5
1. List the design goals of firewalls?
1. All traffic from inside to outside and vice versa must pass through the
firewall. This is achieved by physically blocking all access to the local
network except via the firewall. The configurations used for this are
screened Host Firewall (Single and Dual) and Screened Subnet Firewall.
• Content Type (8 bits): The higher layer protocol used to process the enclosed
fragment.
• Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the
value is 3.
• Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is
0.
Compressed Length (16 bits): The length in bytes of the plaintext fragment (or
compressed fragment if compression is used). The maximum value is 214 +
2048.
3. What are the protocols used to provide IP security?
---
---
---
---
---
---
### **Answer:**
The cryptographic keys used in PGP include:
- a) One-time session conventional keys
- b) Public keys
- c) Private keys
- d) Passphrase-based conventional keys
SSL (Secure Socket Layer) supports TLS (Transport Layer Security) does
the Fortezza algorithm. not support the Fortezza algorithm.
SSL (Secure Socket Layer) is the 3.0 TLS (Transport Layer Security) is the
version. 1.0 version.
SSL uses port to set up explicit TLS uses protocol to set up implicit
connection. connection.