1.

Introduction
Main points:
 Introduction,
 OSI security architecture
 Secure design principles
 A model for network security
 Classic Crypto: Substitution
 Transposition ciphers
 Taxonomy of Cryptography and Cryptanalysis.

Cybersecurity is the protection of information that is stored,

transmitted, and processed in a networked system of computers, other
digital devices, and network devices and transmission lines, including the
Internet. Protection encompasses confidentiality, integrity, availability,
authenticity, and accountability. Methods of protection include
organizational policies and procedures, as well as technical means such
as encryption and secure communications protocols.
Information security: This term refers to preservation of confidentiality,
integrity, and availability of information. In addition, other properties,
such as authenticity, accountability, nonrepudiation, and reliability can
also be involved.
Network security: This term refers to protection of networks and their
service from unauthorized modification, destruction, or disclosure, and
provision of assurance that the network performs its critical functions
correctly and there are no harmful side effects.

Security Objectives (CIA Triad)

The cybersecurity definition introduces three key objectives that are at
the heart of information and network security:
Confidentiality: This term covers two related concepts:
- Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
- Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and by
whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts:
- Data integrity: Assures that data (both stored and in transmitted
packets) and programs are changed only in a specified and
authorized manner. This concept also encompasses data
authenticity, which means that a digital object is indeed what it
claims to be or what it is claimed to be, and nonrepudiation, which is
assurance that the sender of information is provided with proof of
 delivery and the recipient is provided with proof of the sender’s
identity, so neither can later deny having processed the information.
- System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.

Availability: Assures that systems work promptly and service is not

denied to authorized users.
- Confidentiality: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal
privacy and proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.
- Integrity: Guarding against improper information modification or
destruction, including ensuring information nonrepudiation and
authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
- Availability: Ensuring timely and reliable access to and use of
information. A loss of availability is the disruption of access to or use
of information or an information system.
- Authenticity: The property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a
message, or message originator. This means verifying that users are
who they say they are and that each input arriving at the system
came from a trusted source.
- Accountability: The security goal that generates the requirement
for actions of an entity to be traced uniquely to that entity. This
supports nonrepudiation, deterrence, fault isolation, intrusion
detection and prevention, and after-action recovery and legal action.
Because truly secure systems are not yet an achievable goal, we
must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.

The OSI Security Architecture

The OSI security architecture provides a useful, if abstract, overview of
many of the concepts that this book deals with. The OSI security
architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as:
 Security attack: Any action that compromises the security of
information owned by an organization.
 Security mechanism: A process (or a device incorporating such a
process) that is designed to detect, prevent, or recover from a
security attack.
  Security service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are intended
to counter security attacks, and they make use of one or more
security mechanisms to provide the service.
Security Attacks
A useful means of classifying security attacks, used both in X.800, is in
terms of passive attacks and active attacks. A passive attack attempts to
learn or make use of information from the system but does not affect
system resources. An active attack attempts to alter system resources or
affect their operation.
 Passive Attacks: Passive attacks are in the nature of
eavesdropping on, or monitoring of, transmissions. The goal of the
attacker is to obtain information that is being transmitted. Two types
of passive attacks are the release of message contents and traffic
analysis. The release of message contents is easily understood. A
telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of
these transmissions.
A second type of passive attack, traffic analysis, is subtler.
Suppose that we had a way of masking the contents of messages or
other information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The
common technique for masking contents is encryption. If we had
encryption protection in place, an opponent might still be able to
observe the pattern of these messages. The opponent could
determine the location and identity of communicating hosts and
could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature
of the communication that was taking place.
Passive attacks are very difficult to detect because they do not
involve any alteration of the data. Typically, the message traffic is
sent and received in an apparently normal fashion and neither the
sender nor receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it is feasible to
prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on
prevention rather than detection.
 Active Attacks: Active attacks involve some modification of the
data stream or the creation of a false stream and can be subdivided
into four categories: replay, masquerade, modification of messages,
and denial of service.
 A masquerade takes place when one entity pretends to be a
different entity. A masquerade attack usually includes one of the
other forms of active attack. For example, authentication sequences
can be captured and replayed after a valid authentication sequence
has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that
has those privileges.
Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect. Data
modification simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to
produce an unauthorized effect. For example, a message stating,
“Allow John Smith to read confidential file accounts” is modified to
say, “Allow Fred Brown to read confidential file accounts.”
The denial of service prevents or inhibits the normal use or
management of communication facilities. This attack may have a
specific target; for example, an entity may suppress all messages
directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages
so as to degrade performance.

Security Services
A security service is a capability that supports one or more of the security
requirements (confidentiality, integrity, availability, authenticity, and
accountability). Security services implement security policies and are
implemented by security mechanisms. A service that enhances the
security of data processing systems and information transfers. X.800
divides the services into five categories
 Data Confidentiality
 Data Integrity
 Authentication
 Access Control
 Non-repudiation

 Authentication:
The authentication service is concerned with assuring that a
communication is authentic. In the case of a single message, such as a
warning or alarm signal, the function of the authentication service is to
assure the recipient that the message is from the source that it claims to
be from. In the case of an ongoing interaction, such as the connection of
a client to a server, two aspects are involved. First, at the time of
connection initiation, the service assures that the two entities are
authentic, that is, that each is the entity that it claims to be. Second, the
service must assure that the connection is not interfered with in such a
way that a third party can masquerade as one of the two legitimate
parties for the purposes of unauthorized transmission or reception. Two
specific authentication services are defined in X.800:
■ Peer entity authentication: Provides for the corroboration of the
identity of a peer entity in an association. Two entities are considered
peers if they implement the same protocol in different systems; for
example, two TCP modules in two communicating systems. Peer entity
authentication is provided for use at the establishment of, or at times
during the data transfer phase of, a connection. It attempts to provide
confidence that an entity is not performing either a masquerade or an
unauthorized replay of a previous connection.
■ Data origin authentication: Provides for the corroboration of the
source of a data unit. It does not provide protection against the
duplication or modification of data units. This type of service supports
applications like electronic mail, where there are no ongoing interactions
between the communicating entities.
 Access Control
In the context of network security, access control is the ability to limit and
control the access to host systems and applications via communications
links. To achieve this, each entity trying to gain access must first be
identified, or authenticated, so that access rights can be tailored to the
individual.
 Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks.
With respect to the content of a data transmission, several levels of
protection can be identified. The broadest service protects all user data
transmitted between two users over a period of time. For example, when
a TCP connection is set up between two systems, this broad protection
prevents the release of any user data transmitted over the TCP
connection. Narrower forms of this service can also be defined, including
the protection of a single message or even specific fields within a
message. These refinements are less useful than the broad approach and
may even be more complex and expensive to implement.
The other aspect of confidentiality is the protection of traffic flow from
analysis. This requires that an attacker not be able to observe the source
and destination, frequency, length, or other characteristics of the traffic
on a communications facility.
 Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a
single message, or selected fields within a message. Again, the most
useful and straightforward approach is total stream protection. A
connection-oriented integrity service, one that deals with a stream of
messages, assures that messages are received as sent with no
duplication, insertion, modification, reordering, or replays. The destruction
of data is also covered under this service. Thus, the connection-oriented
integrity service addresses both message stream modification and denial
of service. On the other hand, a connectionless integrity service, one that
deals with individual messages without regard to any larger context,
generally provides protection against message modification only. We can
make a distinction between service with and without recovery. Because
the integrity service relates to active attacks, we are concerned with
detection rather than prevention. If a violation of integrity is detected,
then the service may simply report this violation, and some other portion
of software or human intervention is required to recover from the
violation. Alternatively, there are mechanisms available to recover from
the loss of integrity of data, as we will review subsequently. The
incorporation of automated recovery mechanisms is, in general, the more
attractive alternative.
 Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a
transmitted message. Thus, when a message is sent, the receiver can
prove that the alleged sender in fact sent the message. Similarly, when a
message is received, the sender can prove that the alleged receiver in
fact received the message.
 Availability Service
Availability is the property of a system, or a system resource being
accessible and usable upon demand by an authorized system entity,
according to performance specifications for the system (i.e., a system is
available if it provides services according to the system design whenever
users request them). A variety of attacks can result in the loss of or
reduction in availability. Some of these attacks are amenable to
automated countermeasures, such as authentication and encryption,
whereas others require some sort of physical action to prevent or recover
from loss of availability of elements of a distributed system.

Security Mechanisms
A process that is designed to detect, prevent or recover from the security
attack
Types of security mechanisms are:
 Encipherment (Cryptographic Algorithms)
 Digital signature
 Data Integrity mechanism
 Authentication exchange
 Traffic Padding
 Routing control
 Notarization
 Access control mechanism
■ Cryptographic algorithms: We can distinguish between reversible
cryptographic mechanisms and irreversible cryptographic mechanisms. A
reversible cryptographic mechanism is simply an encryption algorithm
that allows data to be encrypted and subsequently decrypted. Irreversible
cryptographic mechanisms include hash algorithms and message
authentication codes, which are used in digital signature and message
authentication applications.
■ Data integrity: This category covers a variety of mechanisms used to
assure the integrity of a data unit or stream of data units.
■ Digital signature: Data appended to, or a cryptographic
transformation of, a data unit that allows a recipient of the data unit to
prove the source and integrity of the data unit and protect against
forgery.
■ Authentication exchange: A mechanism intended to ensure the
identity of an entity by means of information exchange.
■ Traffic padding: The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
■ Routing control: Enables selection of particular physically or logically
secure routes for certain data and allows routing changes, especially
when a breach of security is suspected.
■ Notarization: The use of a trusted third party to assure certain
properties of a data exchange.
■ Access control: A variety of mechanisms that enforce access rights to
resources.

Cryptography
Cryptography is a branch of mathematics that deals with the
transformation of data. Cryptographic algorithms are used in many ways
in information security and network security. Cryptography is an essential
component in the secure storage and transmission of data, and in the
secure interaction between parties.
Cryptographic algorithms can be divided into three categories :
■ Keyless: Do not use any keys during cryptographic
transformations.
 ■ Single-key: The result of a transformation is a function of the
input data and a single key, known as a secret key.
■ Two-key: At various stages of the calculation, two different but
related keys are used, referred to as a private key and a public key.

Cryptosystem

This diagram represents a cryptosystem, illustrating how secure

communication takes place between a sender and a recipient using
encryption. Here's an explanation of the key components shown:
1. Sender:
The sender initiates the communication by creating a message that
needs to be transmitted securely.
2. Security-Related Transformation:
The sender applies some form of encryption to the message using secret
information, typically a key. This process transforms the plain message
into a secret (encrypted) message. This is the step where
cryptographic algorithms (e.g., AES, RSA) are used.
3. Secrete Message:
Once the message is encrypted, it becomes unreadable to any
unauthorized party. This secret message is then transmitted over the
communication or information channel.
4. Information Channel:
The information channel represents the medium through which the
secret message travels. It could be a network, a wireless signal, or even a
physical carrier. However, this channel is vulnerable to attacks, and an
opponent (i.e., an adversary or hacker) may attempt to intercept or
manipulate the message.
5. Opponent:
The opponent is anyone trying to eavesdrop on, intercept, or tamper with
the secret message while it is in transit. However, due to the encryption,
the message remains secure unless the opponent can break the
cryptosystem.
6. Trusted Third Party or Key Distribution Center (KDC):
This is a trusted third party responsible for managing and distributing
the secret keys used for encryption and decryption. The KDC ensures that
both the sender and recipient share the same secret key securely. The
KDC could be a server, a certificate authority, or another entity
responsible for key management.
7. Recipient:
The recipient receives the secret message and, using the same or
corresponding secret information (key), applies a security-related
transformation (decryption) to convert the secret message back into
the original plain message.
8. Security-Related Transformation (Decryption):
This is the reverse process of encryption. Using the secret information
(key), the recipient decrypts the secret message, making it readable
again.

Cryptology, Cryptography and Cryptanalysis

Cryptology: Cryptology is the broad field that encompasses both the
study of techniques for secure communication (cryptography) and the
study of methods for breaking such communication (cryptanalysis). It
refers to the science of encoding and decoding information.
Cryptography: Cryptography is the practice and study of securing
communication and information through encoding methods, so only
authorized parties can access and understand the data. It involves
techniques like encryption (converting plaintext to ciphertext) and
decryption (converting ciphertext back to plaintext). The primary goal is
to ensure confidentiality, integrity, authentication, and non-repudiation of
information.
Cryptanalysis: Cryptanalysis is the study of methods for defeating
cryptographic techniques, i.e., breaking encryption codes, ciphers, or
protocols, without having prior knowledge of the encryption key. It
involves finding weaknesses or vulnerabilities in cryptographic algorithms
to decipher the hidden information. Cryptanalysis is often used in the
context of testing and improving cryptographic systems.

Substitution Cipher Technique

In the Substitution Cipher Technique, plain text characters are replaced
with other characters, numbers, and symbols depending on a key. In
substitution Cipher Technique, the character’s identity is changed while
its position remains unchanged.
Types:
 Shift-by-n cipher
 Monoalphabetic Cipher
 Polyalphabetic Cipher (Playfair Cipher)
 Hill Cipher

Shif-by-n-cipher
The Shift-by-n Cipher, also known as the Caesar Cipher, is one of the
simplest and oldest encryption techniques. Each letter in the plaintext is
shifted by a fixed number nnn down or up the alphabet.
The encryption can be represented using modular arithmetic by first
transforming the letters into numbers, according to the scheme, A = 0, B
= 1,…, Z = 25. Encryption of a letter by a shift n can be described
mathematically as.
E(x)=(x+n) mod 26 (Encryption Phase with shift n)
D(x)=(x-n) mod 26 (Decryption Phase with shift n)

Monoalphabetic Cipher
A Monoalphabetic Cipher replaces each letter of the plaintext with
another letter, where the substitution pattern is fixed throughout the
message. Unlike Caesar Cipher, the mapping is arbitrary but consistent.
Algorithm:
1. Create a substitution rule (mapping one letter to another).
2. For each letter in the plaintext, substitute it with the corresponding
letter from the substitution rule.
3. The resulting text is the ciphertext.

Polyalphabetic Cipher (Playfair Cipher)

A Polyalphabetic Cipher uses multiple substitution alphabets to encrypt
a message. The Playfair Cipher, invented by Charles Wheatstone, is a
type of polyalphabetic cipher that uses a 5x5 matrix of letters to encrypt
digraphs (pairs of letters) rather than single letters.
Algorithm for Playfair Cipher:
1. Create a 5x5 matrix using a keyword (repeated letters are
removed, and 'I' and 'J' are treated as the same letter).
o Keyword: "MONARCHY"
o The matrix is filled by first placing the letters of the keyword,
followed by the remaining letters of the alphabet:
 MONAR
CHYBD
E F G I/J K
LPQST
UVWXZ
2. Encryption:
o Divide the plaintext into digraphs (pairs of two letters).
 If a pair has identical letters, insert a filler letter (usually
'X').
o Apply the following rules for each digraph:
1. Same Row: Replace each letter with the letter to its
immediate right (wrap around if necessary).
2. Same Column: Replace each letter with the letter
immediately below (wrap around if necessary).
3. Rectangle: If the letters form the corners of a
rectangle, replace them with the letters on the same
row but at the opposite corners of the rectangle.
Hill Cipher
The Hill Cipher is a polygraphic substitution cipher, which means it
operates on groups of letters (blocks of text) at once, unlike simple
ciphers that encrypt one letter at a time. The cipher uses linear algebra,
specifically matrix multiplication, to encrypt plaintext, and was invented
by Lester S. Hill in 1929.
The strength of the Hill Cipher comes from its ability to work on multiple
letters simultaneously, which makes it more resistant to frequency
analysis attacks than monoalphabetic ciphers.
Hill Cipher Algorithm
Step-by-step Explanation:
1. Choose the Key Matrix:
o Select an n×nn \times nn×n matrix KKK (called the key matrix)
where nnn is the size of the block of letters you want to
encrypt.
o The matrix must be invertible (i.e., it must have a modular
inverse in modulo 26).
2. Convert Plaintext to Numbers:
o Convert the plaintext message into a series of numerical
values. Use A=0, B=1, ..., Z=25
3. Divide Plaintext into Blocks:
o Break the plaintext into blocks of size n (the size of the key
matrix). If the last block is not complete, you can pad it with
extra letters (commonly ‘X’).
4. Matrix Multiplication:
 o For each block, treat it as a vector. Multiply the key matrix by
this vector, then take the result modulo 26.
o This produces a new vector of numbers, which are then
converted back to letters.
5. Decrypting:
o Decryption requires the inverse of the key matrix. After finding
the inverse matrix K−1, multiply it by the ciphertext vector (mod
26) to retrieve the original plaintext.
Encryption: C =K * P MOD 26
Decryption: P = K-1 * C MOD 26

Transposition Cipher Technique

A transposition cipher is a type of encryption technique where the
positions of the letters in the plaintext message are rearranged to form a
ciphertext message. This technique does not alter the letters themselves
but rather the order in which they appear. In the transposition Cipher
Technique. The position of the character is changed but the character’s
identity is not changed.
Product Cipher
A Product Cipher is a cryptographic technique that combines two or
more simple ciphers to produce a more secure encryption scheme. The
idea behind product ciphers is to use multiple layers of encryption to
provide security that is stronger than the individual ciphers would provide
on their own.
Product ciphers generally involve combining different types of ciphers,
such as substitution ciphers and transposition ciphers, into a single
process. This design takes advantage of the strengths of both techniques:
substitution provides confusion, while transposition adds diffusion (terms
introduced by Claude Shannon in cryptography). Product ciphers are
widely used in modern encryption algorithms like the Data Encryption
Standard (DES) and Advanced Encryption Standard (AES).

Substitution Cipher Technique Transposition Cipher Technique

In substitution Cipher Technique, plain text In transposition Cipher Technique, plain
characters are replaced with other text characters are rearranged with
characters, numbers and symbols. respect to the position.
Substitution Cipher’s forms are: Mono Transposition Cipher’s forms are: Key-
alphabetic substitution cipher and poly less transposition cipher and keyed
alphabetic substitution cipher. transposition cipher.
In substitution Cipher Technique, While in transposition Cipher
character’s identity is changed while its Technique, The position of the
position remains unchanged. character is changed but character’s
identity is not changed.
In substitution Cipher Technique, The letter While in transposition Cipher
with low frequency can detect plain text. Technique, The Keys which are nearer

The example of substitution Cipher is
Caesar Cipher, monoalphabetic cipher,
and polyalphabetic cipher.
Involves replacing plaintext letters or
groups of letters with ciphertext letters or
groups of letters according to a specific
algorithm or key.
The frequency distribution of the plaintext
letters is typically obscured, but patterns
can still be detected with statistical
analysis.
Vulnerable to frequency analysis attacks,
where the most commonly used letters or
letter combinations in the language can be
identified and used to deduce the key.
Relatively easy to understand and
implement, making it suitable for simple
applications.
to correct key can disclose plain text.
The example of transposition Cipher is
Rail Fence Cipher, columnar
transposition cipher, and route cipher.
Involves rearranging the order of the
plaintext letters or groups of letters
according to a specific algorithm or key.
The frequency distribution of the
plaintext letters remains the same, but
the order is scrambled, making it
difficult to detect patterns with
statistical analysis.
Less vulnerable to frequency analysis
attacks, but still susceptible to attacks
such as brute force and known
plaintext attacks.
Can be more difficult to implement and
understand, but can be more secure
than substitution ciphers for certain
applications.

Cryptography:
Cryptography is broadly classified based on the techniques and the types
of keys used. It can be categorized into two main types: Symmetric
Key Cryptography and Asymmetric Key Cryptography. Additionally,
it can also be classified by the mode of encryption (block ciphers, stream
ciphers) and purpose (data encryption, digital signatures, authentication).
A. Types of Cryptography
1. Symmetric Key Cryptography (Private-Key Cryptography):
 Definition: Symmetric cryptography uses the same key for both
encryption and decryption.
 Properties:
o Fast and efficient.
o Requires secure key exchange to avoid compromise.
o Used for bulk data encryption (e.g., secure communications,
storage).
  Examples: AES (Advanced Encryption Standard), DES (Data
Encryption Standard), 3DES, Blowfish, IDEA.
Example:
If Alice wants to send an encrypted message to Bob using a symmetric
algorithm, they both need the same secret key. Alice uses this key to
encrypt the message, and Bob uses the same key to decrypt it. If an
attacker intercepts the key, they can decrypt the message.
2. Asymmetric Key Cryptography (Public-Key Cryptography):
 Definition: Uses two keys — a public key for encryption and a
private key for decryption. The public key is shared, while the
private key is kept secret.
 Properties:
o Slower than symmetric key algorithms.
o Solves the key distribution problem since public keys can be
shared openly.
o Primarily used for key exchange, digital signatures, and
authentication.
 Examples: RSA, Diffie-Hellman, Elliptic Curve Cryptography (ECC),
ElGamal.
Example:
If Alice wants to send an encrypted message to Bob using an asymmetric
algorithm, she will use Bob's public key to encrypt the message. Bob will
then use his private key to decrypt the message. Even if an attacker
intercepts the message, they won’t be able to decrypt it without Bob's
private key.

3. Hash Functions:
 Definition: Hash functions take an input (message) and return a
fixed-size string, called a hash or digest. These functions are one-
way and collision-resistant, meaning it’s computationally hard to
find two inputs with the same hash value.
 Purpose: Mainly used for data integrity, digital signatures, and
password storage.
 Examples: MD5 (obsolete), SHA-1 (deprecated), SHA-2 (still secure),
SHA-3.
Example:
If Alice wants to ensure that a file she sends to Bob has not been altered
during transmission, she could generate a hash of the file and send it
along with the file. When Bob receives the file, he can compute the hash
and compare it with Alice’s hash to check for integrity.
B. Types of Encryption Based on Modes of Operation
1. Block Ciphers: Encrypts data in fixed-size blocks (e.g., 128 bits).
Popular for bulk data encryption.
 o Example: AES, DES.
2. Stream Ciphers: Encrypts data as a stream of bits or bytes, usually
bit by bit.
o Example: RC4, A5/1 (used in GSM encryption).
C. Uses of Cryptography
1. Encryption: Secures communication by transforming plaintext into
ciphertext.
2. Authentication: Verifies the identity of a party (e.g., digital
signatures).
3. Integrity: Ensures the data has not been altered (e.g., hash
functions).
4. Non-repudiation: Ensures a party cannot deny having sent a
message (e.g., digital signatures).

Cryptanalysis:
Cryptanalysis is the study of analysing cryptographic systems to find
vulnerabilities, weaknesses, or flaws. It involves techniques to break
ciphers or recover information without access to the secret key.
A. Types of Cryptanalysis
1. Ciphertext-only Attack:
 Definition: The attacker has access only to the ciphertext and must
deduce the plaintext or the key used in encryption.
 Difficulty: Harder than other attack types because there’s minimal
information available.
Example:
If an attacker intercepts encrypted messages without knowing the key or
the plaintext, they can attempt to analyse patterns in the ciphertext to
guess the encryption scheme and eventually the key.
2. Known-plaintext Attack:
 Definition: The attacker has access to both the plaintext and the
corresponding ciphertext. Using this information, they attempt to
deduce the encryption key.
 Difficulty: Easier than a ciphertext-only attack because the attacker
can use the known plaintext-ciphertext pair to uncover the key.
Example:
If an attacker knows that part of the ciphertext corresponds to the
plaintext "HELLO", they can use this information to reverse-engineer the
encryption method or key.
3. Chosen-plaintext Attack:
 Definition: The attacker can choose arbitrary plaintexts to be
encrypted and then has access to the corresponding ciphertexts.
The goal is to deduce the key or encryption method.
  Difficulty: Even easier because the attacker can deliberately choose
specific plaintexts to maximize the effectiveness of their analysis.
Example:
An attacker can send specific plaintexts like "AAAAA" or "HELLO" to an
encryption oracle, get the corresponding ciphertext, and use this
information to find patterns in the encryption method.
4. Chosen-ciphertext Attack:
 Definition: The attacker can choose arbitrary ciphertexts and obtain
their corresponding decrypted plaintexts. This allows them to
attempt to reverse the encryption process and discover the key.
 Difficulty: One of the most dangerous types of attacks because the
attacker has the most control.
Example:
An attacker might send specific ciphertexts to a decryption oracle, receive
the plaintext, and analyse how the decryption works to infer the
encryption key or exploit vulnerabilities.
5. Brute-force Attack:
 Definition: The attacker tries all possible keys until the correct one
is found.
 Difficulty: The effectiveness depends on the key length. For
example, shorter keys (e.g., in DES with a 56-bit key) are vulnerable
to brute-force attacks because modern computers can try many
combinations quickly.
Example:
If an attacker knows the encryption algorithm being used and wants to
decrypt a message, they might try every possible key until they find one
that successfully decrypts the message.
6. Side-channel Attack:
 Definition: This type of attack exploits physical information (e.g.,
power consumption, timing information, electromagnetic leaks) to
find the encryption key.
 Difficulty: Often requires specialized knowledge and equipment.
Example:
By measuring how long it takes a device to perform encryption operations
or analyzing power usage during the encryption process, an attacker
might be able to deduce the key.

7. Man-in-the-Middle Attack:
 Definition: The attacker intercepts and potentially alters
communication between two parties who believe they are
communicating directly with each other.
 Example: Diffie-Hellman key exchange is vulnerable to this if the
exchange is not authenticated. An attacker could intercept the keys
being exchanged and substitute their own keys, allowing them to
decrypt messages and re-encrypt them to pass to the other party.