1

INTRODUCTION
Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security
at Multiple levels, Security Policies - Model of network security – Security attacks,
services and mechanisms – OSI security architecture – Classical encryption techniques:
substitution techniques, transposition techniques, steganography- Foundations of
modern cryptography: perfect security – information theory – product cryptosystem –
cryptanalysis.
1.1 Introduction

 Human being from ages had two inherent needs − (a) to communicate and share
information and (b) to communicate selectively. These two needs gave rise to the art
of coding the messages in such a way that only the intended people could have access
to the information. Unauthorized people could not extract any information, even if the
scrambled messages fell in their hand.

 The art and science of concealing the messages to introduce secrecy in information
security is recognized as cryptography.

 The word ‘cryptography’ was coined by combining two Greek words, ‘Krypto’
meaning hidden and ‘graphene’ meaning writing.

1.1.1 History of Cryptography

 The art of cryptography is considered to be born along with the art of writing. As
civilizations evolved, human beings got organized in tribes, groups, and kingdoms.
This led to the emergence of ideas such as power, battles, supremacy, and politics.
These ideas further fuelled the natural need of people to communicate secretly with
selective recipient which in turn ensured the continuous evolution of cryptography as
well.

 The roots of cryptography are found in Roman and Egyptian civilizations.

 Hieroglyph − The Oldest Cryptographic Technique

 The first known evidence of cryptography can be traced to the use of ‘hieroglyph’.
Some 4000 years ago, the Egyptians used to communicate by messages written in
hieroglyph. This code was the secret known only to the scribes who used to transmit
messages on behalf of the kings. One such hieroglyph is shown below.
  Later, the scholars moved on to using simple mono-alphabetic substitution ciphers
during 500 to 600 BC. This involved replacing alphabets of message with other
alphabets with some secret rule. This rule became a key to retrieve the message
back from the garbled message.

1.2 Security Trends

 Computer data often travels from one computer to another, leaving the safety of its
protected physical surroundings. Once the data is out of hand, people with bad intention
could modify or forge your data, either for amusement or for their own benefit.

 Cryptography can reformat and transform our data, making it safer on its trip between
computers. The technology is based on the essentials of secret codes, augmented by
modern mathematics that protects our data in powerful ways.

 Computer Security - Generic name for the collection of tools designed to

protect data and to thwart hackers.

 Network Security - Measures to protect data during their transmission.

 Internet Security - Measures to protect data during their transmission over a

collection of interconnected networks

1.2.1 Basic Concepts of Cryptography

 The Cryptography is the art or science encompassing the principles and methods of
transforming an intelligible message into one that is unintelligible and then
retransforming that message back to its original form.

 Plaintext: The original intelligible message.

 Ciphertext: The transformed message or coded message.

 Cipher: An algorithm for transforming an intelligible message into one that is

unintelligible by transposition and/or substitution methods.

 Key: Some critical information used by the cipher, known only to the sender&
receiver.
  Encryption (encode): The process of converting plaintext to cipher text using a
cipher and a key.

 Decryption (Decode): The process of converting cipher text back into plaintext
using a cipher and a key.

 Cryptanalysis: The study of principles and methods of transforming an

unintelligible message back into an intelligible message without knowledge of the
key. Also called code breaking.

 Cryptology: The area of cryptography and cryptanalysis together are called

cryptology.

 Code: An algorithm for transforming an intelligible message into an unintelligible

one using a code-book.

 Cryptography: Cryptographic systems are generally classified along 3

independent dimensions:

 Type of operations used for transforming plain text to cipher text:

 All the encryption algorithms are based on two general principles:

substitution, in which each element in the plaintext is mapped into another
element, and transposition, in which elements in the plaintext are rearranged.

 The number of keys used

 If the sender and receiver use same key then it is said to be symmetric key
(or) single key (or) conventional encryption.

 If the sender and receiver use different keys then it is said to be public key
encryption.

 The way in which the plain text is processed

 A block cipher processes the input and block of elements at a time, producing
output block for each input block.

 A stream cipher processes the input elements continuously, producing output

element one at a time, as it goes along.
  Cryptanalysis: The process of attempting to discover X or K or both is known as
cryptanalysis. The strategy used by the cryptanalysis depends on the nature of the
encryption scheme and the information available to the cryptanalyst.

 There are various types of cryptanalytic attacks based on the amount of information
known to the cryptanalyst. They are:

 Cipher text only – A copy of cipher text alone is known to the cryptanalyst.

 Known plaintext – The cryptanalyst has a copy of the cipher text and the
corresponding plaintext.

 Chosen plaintext – The cryptanalysts gain temporary access to the encryption

machine. They cannot open it to find the key, however; they can encrypt a
large number of suitably chosen plaintexts and try to use the resulting cipher
texts to deduce the key.

 Chosen cipher text – The cryptanalyst obtains temporary access to the

decryption machine, uses it to decrypt several strings of symbols, and tries to
use the results to deduce the key.

1.3 Legal, Ethical and Professional Aspects of Security

 Today millions of people perform online transactions every day. There many ways to
attack computer and networks to take advantage of what has made shopping, banking,
transformation of messages, investments and leisure pursuits a simple matter of
dragging and clicking for many people.

 Thus, the laws and ethics are important aspects in data and network security. The
legal system has adapted quite well to computer technology by reusing some old
forms of legal protection (copyrights and patents) and creating laws where no
adequate one existed (malicious access).

 Still the courts are not a perfect form of protection for computer, for two reasons, first
court tends to be reactive instead of proactive. That is, we have to wait for regression
to occur and then adjudicative it, rather than try to prevent it in first place. Second
fixing a problem through the courts can be time consuming and more expensive.
  The latter characteristic prevents all but the wealthy from addressing most wealthy.
On other hand, 1ethics has not had to change , because ethic is more situational and
personal than the law, for example the privacy of personal information becoming
important part of computer network security and although technically this issue is just
an aspect of confidentiality, practically it has a long history in both law and ethics.

 Law and security are related in several ways. First international, national, state, city
laws affect privacy, secrecy. These statutes often apply to the rights of individuals to
keep personal matters private. Second law regulates the use of development, and
ownership of data and programs. Patents, copyrights, and trade secrets are legal
devices to protect the right of developers and owners of the information and data.

Cryptography and Law

 Cyber-Crime: - Criminal activities or attacks in which computer and computer

networks are tool, target, or place of criminal activity. Cybercrime categorize
based on computer roles such as target, storage device and communication tool.

 Computers as targets: To get the information from the computer system or control
the computer system without the authorization or payment or alter the interfaces
or data in the particular system with use of server.

 Computers as storage devices: Computers can be used to further unlawful activity

by using a computer or a computer device as a passive storage medium. For
example, the computer can be used to store stolen password lists, credit card
details and proprietary corporate information.

 Computers as communications tools: Many of the crimes falling within this

category are simply traditional crimes that are committed online. Examples
include the illegal sale of prescription drugs, controlled substances, alcohol, and
guns; fraud; gambling; and child pornography. Other than these crimes there are
more specific crimes in computer networks. There are:
  Illegal access: The access to the whole or any part of a computer system without
right.
Illegal interception: The interception without right, made by technical means, of
non-public transmissions of computer data to, from or within a computer system,
including electromagnetic emissions from a computer system carrying such
computer data.

 Data interference: The damaging, deletion, deterioration, alteration or suppression

of computer data without right.

 System interference: The serious hindering without right of the functioning of a

computer system by inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data.

 Computer-related forgery: The input, alteration, deletion, or suppression of

computer data, resulting in inauthentic data with the intent that it be considered or
acted upon for legal purposes as if it were authentic, regardless whether or not the
data is directly readable and intelligible.

 Crime related to child pornography: Producing child pornography or distribution

through a computer system and making available or distributing or transmitting
child pornography through a computer system.

 The relative lack of success in bringing cyber-criminals to justice has led to an increase
in their numbers, boldness, and the global scale of their operations. It is difficult to
profile cybercriminals in the way that is often done with other types of repeat offenders.

 The success of cybercriminals and the relative lack of success of law enforcement,
influence the behaviour of cybercrime victims. As with law enforcement, many
organizations that may be the target of attack have not invested sufficiently in technical,
physical, and human-factor resources to prevent attacks.

 The law is used regulate people for their own good and for the greater good of society.
Cryptography also regulated activity.
 Some Example laws that are forced on cryptography.

o Control use of cryptography: Closely related to restrictions on content are

restrictions on the use of cryptography imposed on users in certain countries. For
examples, 2 In China, state council order 273 requires foreign organizations or
individuals to apply permission to use encryption in China. Pakistan requires that
all encryption hardware and software be inspected and approved by the Pakistan
telecommunication authority.

o Cryptography and Free speech: The Cryptography involve not just products, it
involves ideas too, although governments effectively control the flow of
products across borders, controlling the floe ideas either head or on the internet,
is also impossible.

o Cryptography and Escrow: Although laws enable governments to read encrypted

communications. In 1996, US government offered to relax the export restriction
for so called escrowed encryption, in which the government would able to obtain
the encryption key for any encrypted communication. The victory in use of law
enforcement depends much more on technical skills of the people. Management
needs to understand the criminal investigation process, the inputs that
investigators need, and the ways in which the victim can contribute positively to
the investigation. Intellectual properties.

o There are three main types of intellectual property for which legal protection is
available.
1) Copy rights: Copyright law protects the tangible or fixed expression of an
idea, not the idea itself. Copy right properties exists when proposed work is
original and creator has put original idea in concrete form and the copyright
owner has these exclusive rights, protected against infringement such as
reproduction right, modification right, distribution right

2) Patents: A patent for an invention is the grant of a property right to the

inventor. There are 3 types in patents:-
  Utility (any new and useful process, machine, article of manufacture,
or composition of matter).

 Design (new, original, and ornamental design for an article of

manufacture)

 Plant (discovers and asexually reproduces any distinct and new variety
ofplant).

3) Trade-Marks: A trademark is a word, name, symbol or expression which

used to identify the products or services in trade uniquely from others. Trade
mark rights used to prevent others from using a confusingly similar mark, but
not to prevent others from making the same goods or from selling the same
goods or services under a clearly different mark.

 Intellectual Property Relevant to Network and Computer Security

A number of forms of intellectual property are relevant in the context of network and
computer security.

 Software programs: software programs are protected by using copyright, perhaps

patent.

 Digital content: audio / video / media / web protected by copy right

Algorithms: algorithms may be able to protect by patenting

 Privacy Law and Regulation: An issue with considerable overlap with computer
security is that of privacy. Concerns about the extent to which personal privacy has
been and may be compromised have led to a variety of legal and technical approaches
to reinforcing privacy rights. A number of international organizations and national
governments have introduced laws and regulations intended to protect individual
privacy.

 European Union Data Protection Directive was adopted in 1998 to ensure member
states protect fundamental privacy rights when processing personal info and prevent
member states from restricting the free flow of personal info within EU organized
 around principles of notice, consent, consistency, access, security, onward transfer
and enforcement. US Privacy Law have Privacy Act of 1974 which permits
individuals to determine records kept, forbid records being used for other purposes,
obtain access to records, ensures agencies properly collect, maintain, and use personal
info and creates a private right of action for individuals.
Cryptography and Ethics.

 There are many potential misuses and abuses of information and electronic
communication that create privacy and security problems. Ethics refers to a system of
moral principles that relates to the benefits and harms of particular actions. An ethic
an objectively defined standard of right and wrong. Ethical standards are often
idealistic principles because they focus on one objective. Even though religious group
and professional organization promote certain standards of ethical behaviour,
ultimately each person is responsible for deciding what do in a specific situation.

Ethical issues related to computer and info systems:

 Computers have become the primary repository of both personal information and
negotiable assets, such as bank records, securities records, and other financial
information.

o Repositories and processors of information: Unauthorized use of otherwise

unused computer services or of information stored in computers raises
questions of appropriateness or fairness.

o Producers of new forms and types of assets: For example, computer programs
are entirely new types of assets, possibly not subject to the same concepts of
ownership as other assets.

o Symbols of intimidation and deception: The images of computers as thinking

machines, absolute truth producers, infallible, subject to blame, and as
anthropomorphic replacements of humans who err should be carefully
considered.
1.4 Need for Security at Multiple levels
 Multilevel security or multiple levels of security (MLS) is the application of a
computer system to process information with incompatible classifications (i.e., at
different security levels), permit access by users with different security
clearances and needs-to-know, and prevent users from obtaining access to information
for which they lack authorization.
 There are two contexts for the use of multilevel security.
o One is to refer to a system that is adequate to protect itself from subversion
and has robust mechanisms to separate information domains, that is,
trustworthy.
o Another context is to refer to an application of a computer that will require the
computer to be strong enough to protect itself from subversion and possess
adequate mechanisms to separate information domains, that is, a system we
must trust. This distinction is important because systems that need to be
trusted are not necessarily trustworthy.
Security Policies
 The Cryptography Policy sets out when and how encryption should be used. It
includes protection of sensitive information and communications, key management,
and procedures to ensure encrypted information can be recovered by the organisation
if necessary.
Role of the Security Policy in Setting up Protocols

Following are some pointers which help in setting u protocols for the security policy of an
organization.

 Who should have access to the system?

 How it should be configured?

 How to communicate with third parties or systems?

Policies are divided in two categories:

 User policies

 IT policies.
  User policies generally define the limit of the users towards the computer resources in
a workplace. For example, what are they allowed to install in their computer, if they
can use removable storages?

Whereas, IT policies are designed for IT department, to secure the procedures and functions
of IT fields.

 General Policies − This is the policy which defines the rights of the staff and access
level to the systems. Generally, it is included even in the communication protocol as
a preventive measure in case there are any disasters.

 Server Policies − This defines who should have access to the specific server and with
what rights. Which software’s should be installed, level of access to internet, how
they should be updated?

 Firewall Access and Configuration Policies − It defines who should have access to
the firewall and what type of access, like monitoring, rules change. Which ports and
services should be allowed and if it should be inbound or outbound?

 Backup Policies − It defines who is the responsible person for backup, what should
be the backup, where it should be backed up, how long it should be kept and the
frequency of the backup.

 VPN Policies − These policies generally go with the firewall policy; it defines those
users who should have a VPN access and with what rights. For site-to-site
connections with partners, it defines the access level of the partner to your network,
type of encryption to be set.

Structure of a Security Policy

When you compile a security policy you should have in mind a basic structure in order to
make something practical. Some of the main points which have to be taken into
consideration are:

 Description of the Policy and what is the usage for?

 Where this policy should be applied?

 Functions and responsibilities of the employees that are affected by this policy.

 Procedures that are involved in this policy.

  Consequences if the policy is not compatible with company standards.

Types of Policies

In this section we will see the most important types of policies.

 Permissive Policy − It is a medium restriction policy where we as an administrator

block just some well-known ports of malware regarding internet access and just
some exploits are taken in consideration.

 Prudent Policy − This is a high restriction policy where everything is blocked

regarding the internet access, just a small list of websites is allowed, and now extra
services are allowed in computers to be installed and logs are maintained for every
user.

 Acceptance User Policy − This policy regulates the behavior of the users towards a
system or network or even a webpage, so it is explicitly said what a user can do and
cannot in a system. Like are they allowed to share access codes, can they share
resources, etc.

 User Account Policy − This policy defines what a user should do in order to have or
maintain another user in a specific system. For example, accessing an e-commerce
webpage. To create this policy, you should answer some questions such as −

o Should the password be complex or not?

o What age should the users have?

o Maximum allowed tries or fails to log in?

o When the user should be deleted, activated, blocked?

 Information Protection Policy − This policy is to regulate access to information, hot

to process information, how to store and how it should be transferred.

 Remote Access Policy − This policy is mainly for big companies where the user and
their branches are outside their headquarters. It tells what should the users access,
when they can work and on which software like SSH, VPN, RDP.

 Firewall Management Policy − This policy has explicitly to do with its

management, which ports should be blocked, what updates should be taken, how to
make changes in the firewall, how long should be the logs be kept.
  Special Access Policy − This policy is intended to keep people under control and
monitor the special privileges in their systems and the purpose as to why they have
it. These employees can be team leaders, managers, senior managers, system
administrators, and such high designation based people.

 Network Policy − This policy is to restrict the access of anyone towards the network
resource and make clear who all will access the network. It will also ensure whether
that person should be authenticated or not. This policy also includes other aspects
like, who will authorize the new devices that will be connected with network. The
documentation of network changes. Web filters and the levels of access. Who should
have wireless connection and the type of authentication, validity of connection
session?

 Email Usage Policy − This is one of the most important policies that should be done
because many users use the work email for personal purposes as well. As a result
information can leak outside. Some of the key points of this policy are the employees
should know the importance of this system that they have the privilege to use. They
should not open any attachments that look suspicious. Private and confidential data
should not be sent via any encrypted email.

 Software Security Policy − This policy has to do with the software’s installed in the
user computer and what they should have. Some of the key points of this policy are
Software of the company should not be given to third parties. Only the white list of
software’s should be allowed, no other software’s should be installed in the
computer. Warez and pirated software’s should not be allowed.

1.5 Model of network security

 When we send our data from source to destination, we have to use some transfer
method like the internet or any other communication channel.

 The two parties, who are the principals in this transaction, must cooperate for each
other to the exchange the message. When the transfer of data happened from one
source to another source some logical information channel is established between
them by defining a route through the internet from source to destination and by the
cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
  It is necessary to protect the information from various types of attackers, who may
launch a threat to confidentiality, authenticity, DoS and so on. All the technique
providing some security components:

 A security-related transformation on the information to be sent. That means,

the encryption of the message, which scrambles the message so that it is
unreadable by the attacker.

 Some of the secret information shared by the two parties. So, it is hoped,
unknown to the attacker.

 A trusted third party may be needed to achieve secure transmission. For

example, a third party may be responsible for distributing the secret
information to the two principals while keeping it from any attacker.

Figure 1.1 Network Security Model

This model (Figure 1.1) shows that there are four basic tasks in designing a particular security
service:
1. Design an algorithm for performing the security-related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the
security algorithm and the secret information to achieve a particular security
service.
 A network access security model is illustrated by Figure 1.2, which reflects a
concern for protecting an information system from unwanted access. The hackers,
 who attempt to penetrate systems that can be accessed over a network. The hacker
can be someone who, with no malign intent, simply gets satisfaction from breaking
and entering a computer system. The intruder can be a disgruntled employee who
wishes to do damage or a criminal who seeks to exploit computer assets for
financial gain (e.g., obtaining credit card numbers or performing illegal money
transfers).

Figure 1.2 Network Access Security Model

 Another type of unwanted access can affect the application programs. The Viruses
and Worms are two types of software attacks. There are two kinds of threat:
 Information access threats: Intercept or modify data on behalf of users who
should not have access to that data.
 Service threats: Exploit service flaws in computers to inhibit use by
legitimate users.

1.6 OSI Security Architecture

 The OSI Security Architecture is a framework that provides a systematic way of
defining the requirements for security and characterizing the approaches to satisfying
those requirements. X. 800 recommends this architecture for OSI.
 The OSI security architecture mainly focuses on:

 Security attacks- Any action that compromises the security of information

 Security services- The services are intended to counter security attacks, and
they make use of one or more security mechanisms to provide the service
 Security mechanisms- A process that is designed to detect, prevent, or recover
from a security attack.
Security Attacks
An assault on system security that derives from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system. The security attacks are broadly
classified into two types:
1. Passive Attack
2. Active Attack
Passive Attack
 A passive attack is a network attack in which a system is monitored and sometimes
scanned for open ports and vulnerabilities. It attempts to learn or make use of
information from the system but does not affect system resources. The attacker aims
to obtain information that is in transit. The attacker does not perform any modification
of data. There are two types of passive attacks.
1. Release of Message Contents
2. Traffic Analysis
Release of Message Contents
 For a release of message content (figure 1.3), a telephonic conversation, an E-
mail message or a transferred file may contain confidential data.
 A passive attack monitors the contents of the transmitted data. When the messages are
exchanged neither the sender nor the receiver is aware that a third party may capture
the messages. We have to prevent an opponent from learning the contents of these
transmissions.

Figure 1.3 Release of Message Contents

Traffic Analysis
 Traffic analysis is the process of intercepting and examining network traffic in order
to deduce information from patterns in communication. It can be performed even
when the traffic is encrypted and cannot be decrypted by the party performing
the analysis. Figure 1.4 shows the traffic analysis attack.

Figure 1.4 Traffic Analysis

 Passive attacks are very difficult to detect, because they do not involve any alteration
of the data. But, using strong encryption algorithm we can prevent this attack.
Active Attack
 Active attacks involve some modification of the data stream or the creation of a false
data and inject into the network.
 It can be subdivided into four categories:
 Masquerade
 Replay
 Modification of messages
 Denial of Service (DoS)
Masquerade
 A masquerade is a type of attack where the attacker pretends to be an authorized user
of a system in order to gain access to it or to gain greater privileges than they are
authorized for. Figure 1.5 shows this attack.
 Figure 1.5 Masquerade
Replay
 A replay attack is a form of network attack in which a valid data transmission is
maliciously or fraudulently repeated or delayed.
 This is carried out either by the originator or by an adversary who intercepts the data
and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.
Figure 1.6 shows replay attack.

Figure 1.6 Replay

Modification of messages
 It simply means that some portion of an authorized message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect.
  For example, a message meaning "Allow Roy to read confidential file accounts" is
changed to "Allow Darwin to read confidential file accounts". Figure 1.7 shows this
attack.

Figure 1.7 Moddification of Message

Denial of Service
 A Denial-of-Service attack (DoS attack) is an attack where an attacker attempts to
disrupt the services provided by a host, by not allowing its intended users to access
the host from the Internet.
 If the attack succeeds, the targeted computer will become unresponsive and nobody
will be able to connect with it.

Figure 1.8 Denial of Service (DoS)

Security Services
  Security service is a service, provided by a layer of communicating open systems,
which ensures adequate security of the systems or of data transfers as defined by ITU-
T X. 800 Recommendation.
 X.800 divides security services into five different categories:
 Authentication
 Access control
 Data confidentiality
 Data integrity
 Nonrepudiation
 Availability Service
Authentication
 Authentication is the process of recognizing a user's identity. It is the mechanism
of associating an incoming request with a set of identifying credentials. The
Identification phase provides a user identity to the security system. This identity
is provided in the form of a user ID.
 Two specific authentication services are defined in X.800:
 Peer entity authentication: Provides for the corroboration of the identity
of a peer entity in an association. Two entities are considered peers if they
implement to same protocol in different systems; e.g., two TCP modules in
two communicating systems. It attempts to provide confidence that an
entity is not performing either a masquerade or an unauthorized replay of a
previous connection.
 Data origin authentication: Provides for the corroboration of the source
of a data unit. It does not provide protection against the duplication or
modification of data units. This type of service supports applications like
electronic mail, where there are no prior interactions between the
communicating entities.
Access control
 The goal of access control is to minimize the risk of unauthorized access to physical
and logical systems.
 Access control is a fundamental component of security compliance programs that
ensures security technology and access control policies are in place to protect
confidential information, such as customer data.
Data confidentiality
 Confidentiality refers to protecting information from being accessed by unauthorized
parties. In other words, only the people who are authorized to do so can gain access to
sensitive data. Such a failure of confidentiality, commonly known as a breach,
typically cannot be remedied.
 Confidentiality is classified into
 Connection Confidentiality

 The protection of all user data on a connection.

 Connectionless Confidentiality

 The protection of all user data in a single data block

 Selective-Field Confidentiality

 The confidentiality of selected fields within the user data on a

connection or in a single data block.

 Traffic Flow Confidentiality

 The protection of the information that might be derived from

observation of traffic flows.

Data integrity

 Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting,
creating and delaying or replaying of transmitted messages.

 Data Integrity can be classified into

 Connection Integrity with Recovery

 Provides for the integrity of all user data on a connection and detects
any modification, insertion, deletion, or replay of any data within an
entire data sequence, with recovery attempted.

 Connection Integrity without Recovery

 It provides only detection without recovery.

 Selective-Field Connection Integrity

  Provides for the integrity of selected fields within the user data of a
data block transferred over a connection and takes the form of
determination of whether the selected fields have been modified,
inserted, deleted, or replayed.

 Connectionless Integrity

 Provides for the integrity of a single connectionless data block and

may take the form of detection of data modification. Additionally, a
limited form of replay detection may be provided.

 Selective-Field Connectionless Integrity

 Provides for the integrity of selected fields within a single

connectionless data block; takes the form of determination of whether
the selected fields have been modified.

Nonrepudiation
 Nonrepudiation Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.

 Nonrepudiation can be related to

 Nonrepudiation, Origin

 Proof that the message was sent by the specified party.

 Nonrepudiation, Destination

 Proof that the message was received by the specified party.

Example: Imagine a user of online banking who has made a transaction, but later denied that.
How the bank can protect itself in a such situation?

Availability Service
 An availability service is one that protects a system to ensure its availability.
This service addresses the security concerns raised by denial-of-service attacks. It
depends on proper management and control of system resources and thus depends on
access control service and other security services.

Security Mechanisms
  Security mechanisms are technical tools and techniques that are used to
implement security services.

 A mechanism might operate by itself, or with others, to provide a particular service.

Examples of common security mechanisms are as follows: Cryptography, Message
digests and digital signatures.

Difference between Active attack and Passive attack

Difference between Threat and Attack

Threat

A potential for violation of security, which exists when there is a circumstance,

capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit a vulnerability.

Attack

An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

1.7 Classical Encryption Techniques

 Classical cryptography is based on the mathematics and it relies on the computational

difficulty of factorizing large number. The security of classical cryptography is based
 on the high complexity of the mathematical problem for the instance factorization of
large number.

Symmetric Cipher Model

 Single key is used for both encryption and decryption. A symmetric encryption
scheme has five ingredients

 Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
 Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
 Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key.
 Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the secret key.
 Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key and produces the original plaintext

Figure 1.8 Symmetruc Cipher Model

Transmission Over Secure Channel
 Two requirements for secure use of symmetric encryption:
o A strong encryption algorithm
o A secret key known only to sender / receiver
 The message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2,, YN].
Y = E (K, X)
 Here, Y that is produced by using encryption algorithm E as a function of the
plaintext X, with the specific function determined by the value of the key K.
  The receiver, in possession of the key, is able to reverse the transformation:
X = D (K, Y)

Figure 1.8 Transmission Over Secure Channel

 An opponent, observing Y but not having access to K or X, may attempt to recover X

or Y or both X and Y. It is assumed that the opponent knows the encryption (E) and
decryption (D) algorithms.

Cryptanalysis and Brute-Force Attack

Cryptanalysis

 Cryptanalysis is the investigation of systems, ciphertext, and ciphers in order to

reveal the hidden meaning or details of the system itself. The goal of this type of
study is to discover the hidden aspects even if the key or main algorithm is unable to
be deciphered.

Brute-Force Attack

 The attacker tries every possible key on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average, half of all possible keys must be
tried to achieve success.
 There are two basic building blocks of all encryption techniques:
 Substitution
 Transposition
Substitution Techniques
 A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with cipher text bit patterns.
Caesar cipher (or) shift cipher
 The earliest known use of a substitution cipher and the simplest was by Julius Caesar.
The Caesar cipher involves replacing each letter of the alphabet with the letter
standing 3 places further down the alphabet. The plaintext will be written in
lowercase, ciphertext will be written in uppercase. Let as assign a numerical
equivalent to each letter.

Where a= 0, z = 25

Example
Plaintext: Pay more money
Ciphertext: SDB PRUH PRQHB
The general Caesar algorithm is,

Example
Let k = 3
C = E (3, P)
C = (P+3) mod 26
Encryption
Plaintext = cat
Let K = 3, C= 2
C = 2+ 3
C= 5
C=F
Next letter, a= 0
C = 0 +3
C=D
Next, t = 19
So, C = w
Ciphertext = FDW
Now, Decryption is just reverse process of Encryption

Drawbacks
 Bruteforce cryptanalysis can be easily performed by trying all the 25 possible keys.
 The language of the plaintext was english.
Monoalphabetic Ciphers

 Rather than just shifting the alphabet

 Could shuffle (jumble) the letters arbitrarily
 Each plaintext letter maps to a different random ciphertext letter
 Hence, key is 26 letters long

 Now have a total of 26! = 4 x 1026 keys

 with so many keys, might think is secure
Drawback
 It is easy to break because they reflect the frequency data of the original alphabet.

Playfair Cipher
 The best-known multiple letter encryption cipher is the Playfair, which treats
diagrams in the plaintext as single units and translates these units into cipher text
diagrams. The Playfair algorithm is based on the use of 5x5 matrix of letters
constructed using a keyword. The technique encrypts pairs of letters instead of single
letters.
Example
 Key: Monarchy
Plaintext: instruments

The Playfair Cipher Encryption Algorithm:

The Algorithm consists of 2 steps:
1. Generate the key Square(5×5):
 The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet
(usually J) is omitted from the table (as the table can hold only 25 alphabets). If the
plaintext contains J, then it is replaced by I.
 The initial alphabets in the key square are the unique alphabets of the key in the order
in which they appear followed by the remaining letters of the alphabet in order.
The key is "monarchy"

Thus the initial entires are

'm', 'o', 'n', 'a', 'r', 'c', 'h', 'y'

followed by remaining characters of a-z(except 'j') in that order.

2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters
(digraphs). If there is an odd number of letters, a Z is added to the last letter.
PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz'
Rules for Encryption:
 If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom).
For example:
Diagraph: "me"
Encrypted Text: cl
 Encryption:
m -> c
e -> l

If both the letters are in the same row: Take the letter to the right of each one (going back
to the leftmost if at the rightmost position).
For example:
Diagraph: "st"
Encrypted Text: tl
Encryption:
s -> t
t -> l

If neither of the above rules is true: Form a rectangle with the two letters and take the
letters on the horizontal opposite corner of the rectangle.
For example:
Diagraph: "nt"
Encrypted Text: rq
Encryption:
n -> r
t -> q

For example:
Plain Text: "instrumentsz"
Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l
n -> r
t -> q
s -> t
z -> x
Decryption
Plain Text: "gatlmzclrqtx"
Decrypted Text: instrumentsz
Decryption:
(red)-> (green)
ga -> in
tl -> st
mz -> ru
cl -> me
rq -> nt
tx -> sz

Advantages
 Play fair cipher is a great advance over simple mono alphabetic ciphers.
 Since there are 26 letters, 26 X 26 = 676 diagrams are possible, so identificaion of
individual diagram is more difficult.
  Frequency analysis is much more difficult.

Hill Cipher
 It is developed by the mathematician Lester Hill in 1929. Hill cipher is a polygraphic
substitution cipher based on linear algebra.Each letter is represented by a number
modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is used, but this is not
an essential feature of the cipher.

 To encrypt a message, each block of n letters (considered as an n-component vector)

is multiplied by an invertible n × n matrix, against modulus 26. To decrypt the
message, each block is multiplied by the inverse of the matrix used for encryption.

 The matrix used for encryption is the cipher key, and it should be chosen randomly
from the set of invertible n × n matrices (modulo 26).

 The hill cipher can be expressed as

C = KP mod 26

Example
Input : Plaintext: ACT
Key: GYBNQKURP
Output : Ciphertext: POH
Encryption
We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which can be
written as the nxn matrix:

The message ‘ACT’ is written as vector:

The enchipered vector is given as:

The Ciphertext is POH

Decryption
 To decrypt the message, we turn the ciphertext back into a vector, then simply
multiply by the inverse matrix of the key matrix (IFKVIVVMI in letters).The inverse
of the matrix used in the previous example is:

For the previous Ciphertext ‘POH’:

The plaintext is ACT

One Time Pad Cipher

 It is an unbreakable cryptosystem. It represents the message as a sequence of 0s and
1s. this can be accomplished by writing all numbers in binary, for example, or by
 using ASCII. The key is a random sequence of 0‟s and 1‟s of same length as the
message.
 Once a key is used, it is discarded and never used again. The system can be expressed
as follows:

 Thus the cipher text is generated by performing the bitwise XOR of the plaintext and
the key. Decryption uses the same key. Because of the properties of XOR, decryption
simply involves the same bitwise operation:

Advantages
 Encryption method is completely unbreakable.
Disadvantages
 It requires a very long key which is expensive to produce and expensive to transmit.
 Once a key is used it is dangerous to reuse it for second message.

Vigenere Cipher
 Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form
of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on
 substitution, using multiple substitution alphabets .The encryption of the original text
is done using the Vigenère square or Vigenère table.
 The table consists of the alphabets written out 26 times in different rows, each
alphabet shifted cyclically to the left compared to the previous alphabet,
corresponding to the 26 possible Caesar Ciphers.
 At different points in the encryption process, the cipher uses a different alphabet from
one of the rows.
 The alphabet used at each point depends on a repeating keyword.
Example:
Input: Plaintext: GEEKSFORGEEKS
Keyword: AYUSH
Output: Cipher text: GCYCZFMLYLEIM
For generating key, the given keyword is repeated in a circular manner until it matches the
length of the plain text.
The keyword "AYUSH" generates the key "AYUSHAYUSHAYU"
The plain text is then encrypted using the process explained below.
Encryption
 The first letter of the plaintext, G is paired with A, the first letter of the key. So use
row G and column A of the Vigenère square, namely G. Similarly, for the second
letter of the plaintext, the second letter of the key is used, the letter at row E and
column Y is C. The rest of the plaintext is enciphered in a similar fashion.
Table to encrypt Geeks
Decryption
 Decryption is performed by going to the row in the table corresponding to the key,
finding the position of the ciphertext letter in this row, and then using the column’s
label as the plaintext.
 For example, in row A (from AYUSH), the ciphertext G appears in column G, which
is the first plaintext letter. Next we go to row Y (from AYUSH), locate the ciphertext
C which is found in column E, thus E is the second plaintext letter.
 A more easy implementation could be to visualize Vigenère algebraically by
converting [A-Z] into numbers [0–25].
Encryption
The plaintext(P) and key(K) are added modulo 26.
Ei = (Pi + Ki) mod 26
Decryption
Di = (Ei - Ki + 26) mod 26

Transposition Techniques
  A very different kind of mapping is achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to as a transposition cipher.
transposition technique rearranges the characters to form a ciphertext
Rail fence
 It is simplest of such cipher, in which the plaintext is written down as sequence of
diagonals and then read off as a sequence of rows.
 The rail fence cipher offers essentially no communication security, and it will be
shown that it can be easily broken even by hand.
Example

The key for the railfence cipher is just the number of rails. To encrypt a piece of text, e.g.
defend the east wall of the castle

We write it out in a special way on a number of rails (the key here is 3)

The ciphertext is read off along the rows:

dnetlhseedheswloteateftaafcl
With a key of 4

The ciphertext is again read off along the rows:

dttfsedhswotatfneaalhcleelee

Row Transposition Ciphers

 In a transposition cipher, the order of the alphabets is re-arranged to obtain
the cipher-text. The message is written out in rows of a fixed length, and then read
out again column by column, and the columns are chosen in some scrambled order.

Example
Encryption
 Input : Geeks for Geeks
Key = HACK
Output : e kefGsGsrekoe_
Decryption
Input : e kefGsGsrekoe_
Key = HACK
Output : Geeks for Geeks
Encryption
In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.

1. The message is written out in rows of a fixed length, and then read out again column
by column, and the columns are chosen in some scrambled order.
2. Width of the rows and the permutation of the columns are usually defined by a
keyword.
3. For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword. In this
case, the order would be “3 1 2 4”.
4. Any spare spaces are filled with nulls or left blank or placed by a character
5. Finally, the message is read off in columns, in the order specified by the keyword.

Steganography
 Steganography is data hidden within data. Steganography is an encryption technique
that can be used along with cryptography as an extra-secure method in which to
 protect data. At any rate, steganography protects from pirating copyrighted materials
as well as aiding in unauthorized viewing.
How is it different from cryptography?
 Cryptography and steganography are both methods used to hide or protect secret data.
However, they differ in the respect that cryptography makes the data unreadable, or
hides the meaning of the data, while steganography hides the existence of the data.
 In layman’s terms, cryptography is similar to writing a letter in a secret language:
people can read it, but won’t understand what it means. However, the existence of a
(probably secret) message would be obvious to anyone who sees the letter, and if
someone either knows or figures out your secret language, then your message can
easily be read.
 If you were to use steganography in the same situation, you would hide the letter
inside a pair of socks that you would be gifting the intended recipient of the letter. To
those who don’t know about the message, it would look like there was nothing more
to your gift than the socks. But the intended recipient knows what to look for, and
finds the message hidden in them.
 Similarly, if two users exchanged media files over the internet, it would be more
difficult to determine whether these files contain hidden messages, than if they were
communicating using cryptography.
Image Steganography
 As the name suggests, Image Steganography refers to the process of hiding data
within an image file. The image selected for this purpose is called the cover-
image and the image obtained after steganography is called the stego-image.
Working Principle
 An image is represented as an N*M (in case of greyscale images) or N*M*3 (in case
of colour images) matrix in memory, with each entry representing the intensity value
of a pixel.
 In image steganography, a message is embedded into an image by altering the values
of some pixels, which are chosen by an encryption algorithm. The recipient of the
image must be aware of the same algorithm in order to known which pixels he or she
must select to extract the message.
 Figure 1.17 Steganography
 Detection of the message within the cover-image is done by the process
of steganalysis.
 This can be done through comparison with the cover image, histogram plotting, or by
noise detection. While efforts are being invested in developing new algorithms with a
greater degree of immunity against such attacks, efforts are also being devoted
towards improving existing algorithms for steganalysis, to detect exchange of secret
information between terrorists or criminal elements.
1.8 Foundations of modern cryptography

 Modern encryption is the key to advanced computer and communication security.

This stream of cryptography is completely based on the ideas of mathematics such as
number theory and computational complexity theory as well as concepts of
probability.

Characteristics of Modern Cryptography

There are four major characteristics that separate modern cryptography from the classical
approach.
Context of Cryptography

Cryptology, the study of cryptosystems, can be subdivided into two branches −

 Cryptography

 Cryptanalysis

Cryptography

 Cryptography is the art and science of making a cryptosystem that is capable of

providing information security.

 Cryptography deals with the actual securing of digital data. It refers to the design of
mechanisms based on mathematical algorithms that provide fundamental information
security services.

Cryptanalysis

 The art and science of breaking the cipher text is known as cryptanalysis.
  Cryptanalysis is the sister branch of cryptography and they both co-exist. The
cryptographic process results in the cipher text for transmission or storage. It
involves the study of cryptographic mechanism with the intention to break them.
Cryptanalysis is also used during the design of the new cryptographic techniques to
test their security strengths.

Note − Cryptography concerns with the design of cryptosystems, while cryptanalysis

studies the breaking of cryptosystems.

Types of Modern Cryptography

 Different algorithms have come up with powerful encryption mechanisms

incorporated in them. It gave rise to two new ways of encryption mechanism for data
security. These are:
o Symmetric key encryption
o Asymmetric key encryption
Key
 It can be a number, word, phrase, or any code that will be used for encrypting as well
as decrypting any ciphertext information to plain text and vice versa.
 Symmetric and asymmetric key cryptography is based on the number of keys and the
way these keys work. Let us know about both of them in details:

Symmetric key encryption

 Symmetric key encryption technique uses a straight forward method of encryption.

Hence, this is the simpler among these two practices. In the case of symmetric key
encryption, the encryption is done through only one secret key, which is known as
"Symmetric Key", and this key remains to both the parties.
 The same key is implemented for both encodings as well as decoding the information.
So, the key is used first by the sender prior to sending the message, and on the
receiver side, that key is used to decipher the encoded message.
 One of the good old examples of this encryption technique is Caesar's Cipher. Modern
examples and algorithms that use the concept of symmetric key encryption are RC4,
QUAD, AES, DES, Blowfish, 3DES, etc.

Asymmetric Key Encryption

  Asymmetric Encryption is another encryption method that uses two keys, which is a
new and sophisticated encryption technique. This is because it integrates two
cryptographic keys for implementing data security. These keys are termed as Public
Key and Private Key.
 The "public key", as the name implies, is accessible to all who want to send an
encrypted message. The other is the "private key" that is kept secure by the owner of
that public key or the one who is encrypting.
 Encryption of information is done through public key first, with the help of a
particular algorithm. Then the private key, which the receiver possesses, will use to
decrypt that encrypted information. The same algorithm will be used in both
encodings as well as decoding.
 Examples of asymmetric key encryption algorithms are Diffie-Hellman and RSA
algorithm.
Security Services of Cryptography
 Confidentiality of information.
 Data Integrity.
 Authentication.
o Message authentication.
o Entity authentication.
 Non-repudiation.
Cryptography Primitives

 Cryptography primitives are nothing but the tools and techniques in Cryptography
that can be selectively used to provide a set of desired security services −

 Encryption

 Hash functions

 Message Authentication codes (MAC)

 Digital Signatures

The following table shows the primitives that can achieve a particular security service on
their own.
1.8.1 Perfect Security

 Perfect Secrecy (or information-theoretic secure) means that the ciphertext conveys
no information about the content of the plaintext. ... However, part of being
provably secure is that you need as much key material as you have plaintext to
encrypt.

1.8.2 Information Theory

 Information theory studies the quantification, storage,

and communication of information.

 It was originally proposed by Claude Shannon in 1948 to find fundamental limits

on signal processing and communication operations such as data compression.

 Its impact has been crucial to the success of the Voyager missions to deep space, the
invention of the compact disc, the feasibility of mobile phones, the development of
the Internet, the study of linguistics and of human perception, the understanding
of black holes, and numerous other fields.

 The field is at the intersection of mathematics, statistics, computer science, physics,

neurobiology, information engineering, and electrical engineering.

 The theory has also found applications in other areas, including statistical
inference, natural language processing, cryptography, neurobiology, human vision,
the evolution and function of molecular codes (bioinformatics), model selection in
statistics, thermal physics, quantum computing, linguistics, plagiarism detection,
pattern recognition, and anomaly detection.
  Important sub-fields of information theory include source coding, algorithmic
complexity theory, algorithmic information theory, information-theoretic
security, Grey system theory and measures of information.

 Applications of fundamental topics of information theory include lossless data

compression (e.g. ZIP files), lossy data compression (e.g. MP3s and JPEGs),
and channel coding (e.g. for DSL).

 Information theory is used in information retrieval, intelligence gathering, gambling,

and even in musical composition.

 A key measure in information theory is entropy. Entropy quantifies the amount of

uncertainty involved in the value of a random variable or the outcome of a random
process. For example, identifying the outcome of a fair coin flip (with two equally
likely outcomes) provides less information (lower entropy) than specifying the
outcome from a roll of a die (with six equally likely outcomes). Some other important
measures in information theory are mutual information, channel capacity, error
exponents, and relative entropy.

Product Cryptosystems

 A product cipher combines two or more transformations in a manner intending that

the resulting cipher is more secure than the individual components to make it resistant
to cryptanalysis.

 The product cipher combines a sequence of simple transformations such

as substitution (S-box), permutation (P-box), and modular arithmetic.

 For transformation involving reasonable number of n message symbols, both of the

foregoing cipher systems (the S-box and P-box) are by themselves wanting.

 The combination could yield a cipher system more powerful than either one alone.
This approach of alternatively applying substitution and permutation transformation
has been used by IBM in the Lucifer cipher system, and has become the standard for
national data encryption standards such as the Data Encryption Standard and
the Advanced Encryption Standard.

 A product cipher that uses only substitutions and permutations is called a SP-
network. Feistel ciphers are an important class of product ciphers.
1.10 Cryptanalysis

 Cryptanalysis is the art of trying to decrypt the encrypted messages without the use of
the key that was used to encrypt the messages. Cryptanalysis uses mathematical
analysis & algorithms to decipher the ciphers.
 The success of cryptanalysis attacks depends

 Amount of time available

 Computing power available
 Storage capacity available

The following is a list of the commonly used Cryptanalysis attacks;

 Brute force attack– this type of attack uses algorithms that try to guess all the
possible logical combinations of the plaintext which are then ciphered and compared
against the original cipher.
 Dictionary attack– this type of attack uses a wordlist in order to find a match of
either the plaintext or key. It is mostly used when trying to crack encrypted
passwords.
 Rainbow table attack– this type of attack compares the cipher text against pre-
computed hashes to find matches.

Other Attacks using Cryptanalysis

 Known-Plaintext Analysis (KPA): Attacker decrypt ciphertexts with known partial

plaintext.
 Chosen-Plaintext Analysis (CPA): Attacker uses ciphertext that matches arbitrarily
selected plaintext via the same algorithm technique.
 Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.
 Man-in-the-Middle (MITM) Attack: Attack occurs when two parties use message or
key sharing for communication via a channel that appears secure but is actually
compromised. Attacker employs this attack for the interception of messages that pass
through the communications channel. Hash functions prevent MITM attacks.
 Adaptive Chosen-Plaintext Attack (ACPA): Similar to a CPA, this attack uses chosen
plaintext and ciphertext based on data learned from past encryptions.