CRYPTOGRAPHY NETWORK SECURITY

MODULE 1

Introduction:

This is the age of universal electronic connectivity, where the activities like hacking,
viruses, electronic fraud are very common. Unless security measures are taken, a network
conversation or a distributed application can be compromised easily.

Some simple examples are:

Online purchases using a credit/debit card.
A customer unknowingly being directed to a false website.
A hacker sending a message to a person pretending to be someone else.

Information security has been affected by two major developments over the last several
decades. First one is introduction of computers into organizations and the second one being
introduction of distributed systems and the use of networks and communication facilities for
carrying data between users & computers. These two developments lead to ‘computer security’
and ‘network security’, where the computer security deals with collection of tools designed to
protect data and to thwart hackers. Network security measures are needed to protect data during
transmission. But keep in mind that, it is the information and our ability to access that
information that we are really trying to protect and not the computers and networks.

Information Security: It can be defined as “measures adopted to prevent the unauthorized use,
misuse, modification or denial of use of knowledge, facts, data or capabilities”. Three aspects of
IS are:

Security Attack:

Any action that comprises the security of information

Security Mechanism:

A mechanism that is designed to detect, prevent, or recover from a security.

Security Service:

It is a processing or communication service that enhances the security of the data

processing systems and information transfer. The services are intended to counter

1
 CRYPTOGRAPHY NETWORK SECURITY

security attacks by making use of one or more security mechanisms to provide the
service.

Security Attacks

Security attacks can be classified in terms of Passive attacks and Active attacks as per X.800 and
RFC 2828

Different kinds of attacks are:

Interruption

An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on

availability.

Examples:

Destruction of some hardware

Jamming wireless signals

Disabling file management systems

Interception

Sender Receiver

S R

H
2
CRYPTOGRAPHY NETWORK SECURITY
Hacker

An unauthorized party gains access to an asset. Attack on confidentiality.

Examples:

Wire tapping to capture data in a network.

Illicitly copying data or programs

Eavesdropping

3
 CRYPTOGRAPHY NETWORK SECURITY

Modification:

S R

When an unauthorized party gains access and tampers an asset. Attack is on Integrity.

Examples:

Changing data file

Altering a program and the contents of a message

Fabrication

S R

An unauthorized party inserts a counterfeit object into the system. Attack on

Authenticity. Also called impersonation

Examples:

Hackers gaining access to a personal email and sending message

Insertion of records in data files

Insertion of spurious messages in a network

Passive Attacks

4
CRYPTOGRAPHY NETWORK SECURITY
A Passive attack attempts to learn or make use of information from the system, but does not
affect system resources.

Two types:


Release of message content

It may be desirable to prevent the opponent from learning the contents (i.e sensitive or
confidential info) of the transmission.

5
 )


Traffic analysis
A more subtle technique where the opponent could determine the location and identity of
communicating hosts and could observe the frequency & length of encrypted messages being
exchanged there by guessing the nature of communication taking place.

Passive attacks are very difficult to detect because they do not involve any alternation of the
data. As the communications take place in a very normal fashion, neither the sender nor receiver
is aware that a third party has read the messages or observed the traffic pattern. So, the emphasis
in dealing with passive attacks is on prevention rather than detection.

Active Attacks

Active attacks involve some modification of the data stream or creation of a false
stream. An active attack attempts to alter system resources or affect their operation.

Four types:

Masquerade: Here, an entity pretends to be some other entity. It usually includes one of the
other forms of active attack.

Replay: It involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.

Modification of messages: It means that some portion of a legitimate message is altered, or
that messages are delayed to produce an unauthorized effect.
Ex: “John’s acc no is 2346” is modified as “John’s acc no is 7892”

Denial of service: This attack prevents or inhibits the normal use or management of
communication facilities.
Ex: a: Disruption of entire network by disabling it
b: Suppression of all messages to a particular destination by a third party.

Active attacks present the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent their success. On the other hand,
it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential
physical, software and network vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them.

Security Services:

It is a processing or communication service that is provided by a system to give a specific

kind of production to system resources. Security services implement security policies and are
implemented by security mechanisms.
 )

Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. It is used to
prevent the disclosure of information to unauthorized individuals or systems. It has been
defined as “ensuring that information is accessible only to those authorized to have access”.
The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit
card number has to be secured during online transaction.

Authentication
This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from intended source.
For an ongoing interaction two aspects are involved. First, during connection initiation the
service assures the authenticity of both parties. Second, the connection between the two hosts
is not interfered allowing a third party to masquerade as one of the two parties. Two specific
authentication services defines in X.800 are

Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of connection establishment and during data
transmission. Provides confidence against a masquerade or a replay attack

Data origin authentication: Assumes the authenticity of source of data unit, but
does not provide protection against duplication or modification of data units.
Supports applications like electronic mail, where no prior interactions take place
between communicating entities.

Integrity
Integrity means that data cannot be modified without authorization. Like confidentiality,
it can be applied to a stream of messages, a single message or selected fields within a
message. Two types of integrity services are available. They are

Connection-Oriented Integrity Service: This service deals with a stream of
messages, assures that messages are received as sent, with no duplication,
insertion, modification, reordering or replays. Destruction of data is also covered
here. Hence, it attends to both message stream modification and denial of service.

Connectionless-Oriented Integrity Service: It deals with individual messages
regardless of larger context, providing protection against message modification
only.
An integrity service can be applied with or without recovery. Because it is related to
active attacks, major concern will be detection rather than prevention. If a violation is
detected and the service reports it, either human intervention or automated recovery
machines are required to recover.
 
Non-repudiation

Non-repudiation prevents either sender or receiver from denying a transmitted message.

This capability is crucial to e-commerce. Without it an individual or entity can deny that he,
she or it is responsible for a transaction, therefore not financially liable.

Access Control
This refers to the ability to control the level of access that individuals or entities have to a
network or system and how much information they can receive. It is the ability to limit and
control the access to host systems and applications via communication links. For this, each
entity trying to gain access must first be identified or authenticated, so that access rights can
be tailored to the individuals.

Availability
It is defined to be the property of a system or a system resource being accessible and
usable upon demand by an authorized system entity. The availability can significantly be
affected by a variety of attacks, some amenable to automated counter measures i.e
authentication and encryption and others need some sort of physical action to prevent or
recover from loss of availability of elements of a distributed system.

Security Mechanisms:

According to X.800, the security mechanisms are divided into those implemented in a
specific protocol layer and those that are not specific to any particular protocol layer or security
service. X.800 also differentiates reversible & irreversible encipherment mechanisms. A
reversible encipherment mechanism is simply an encryption algorithm that allows data to be
encrypted and subsequently decrypted, where as irreversible encipherment include hash
algorithms and message authentication codes used in digital signature and message
authentication applications

Specific Security Mechanisms:

Incorporated into the appropriate protocol layer in order to provide some of
the OSI security services,
Encipherment: It refers to the process of applying mathematical algorithms for
converting data into a form that is not intelligible. This depends on algorithm used and
encryption keys.
Digital Signature: The appended data or a cryptographic transformation applied to any
data unit allowing to prove the source and integrity of the data unit and protect against
forgery.
Access Control: A variety of techniques used for enforcing access permissions to the
system resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or
am of data units.
 Authentication Exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
Routing Control: Enables selection of particular physically secure routes for certain data
and allows routing changes once a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data
exchange

Pervasive Security Mechanisms:
These are not specific to any particular OSI security service or protocol layer.
Trusted Functionality: That which is perceived to b correct with respect to some
criteria

Security Level: The marking bound to a resource (which may be a data unit) that names
or designates the security attributes of that resource.
Event Detection: It is the process of detecting all the events related to network security.
Security Audit Trail: Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system records and activities.
Security Recovery: It deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.

A Model Of Inter Network Security

Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place. A logical information channel is established by
defining a route through the internet from source to destination by use of communication
protocols by the two parties. Whenever an opponent presents a threat to confidentiality,

7
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

authenticity of information, security aspects come into play. Two components are present in almost
all the security providing techniques.


A security-related transformation on the information to be sent making it unreadable by
the opponent, and the addition of a code based on the contents of the message, used to
verify the identity of sender.

Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception

A trusted third party may be needed to achieve secure transmission. It is responsible for
distributing the secret information to the two parties, while keeping it away from any opponent.
It also may be needed to settle disputes between the two parties regarding authenticity of a
message transmission. The general model shows that there are four basic tasks in designing a
particular security service:

1. Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service

Various other threats to information system like unwanted access still exist. The
existence of hackers attempting to penetrate systems accessible over a network remains a
concern. Another threat is placement of some logic in computer system affecting various
applications and utility programs. This inserted code presents two kinds of threats.

Information access threats intercept or modify data on behalf of users who should not
have access to that data
Service threats exploit service flaws in computers to inhibit use by legitimate users

Viruses and worms are two examples of software attacks inserted into the system by means
of a disk or also across the network. The security mechanisms needed to cope with unwanted
access fall into two broad categories

8
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)


Placing a gatekeeper function, which includes a password-based login
methods that provide access to only authorized users and screening logic to
detect and reject worms, viruses etc

An internal control, monitoring the internal system activities analyzes the
stored information and detects the presence of unauthorized users or intruders.

CRYPTOGRAPHY CONCEPTS AND TECHINIQUES

Plaintext can refer to anything which humans can understand and/or relate to. This may
be as simple as English sentences, a script, or Java code. If you can make sense of what is
written, then it is in plaintext.

Ciphertext, or encrypted text, is a series of randomized letters and numbers which

humans cannot make any sense of. An encryption algorithm takes in a plaintext message,
runs the algorithm on the plaintext, and produces a ciphertext. The ciphertext can be
reversed through the process of decryption, to produce the original plaintext.

9
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Example: We will encrypt a sentence using Caesar Cipher. The key is 7, which means
the letter a becomes h.

Plaintext: This is a plaintext.

Ciphertext: Aopz pz h wshpualea.

Encryption is the process of converting normal message (plaintext) into meaningless

message (Ciphertext). Whereas Decryption is the process of converting meaningless
message (Ciphertext) into its original form (Plaintext). The major distinction between
secret writing associated secret writing is that the conversion of a message into an
unintelligible kind that’s undecipherable unless decrypted. whereas secret writing is that
the recovery of the first message from the encrypted information.

Let’s see that the difference between encryption and decryption:

S.N
O Encryption Decryption

Encryption is the process

of converting normal While decryption is the process of
message into converting meaningless message into
1. meaningless message. its original form.

Encryption is the process

which take place at While decryption is the process which
2. sender’s end. take place at receiver’s end.

1
0
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

S.N
O Encryption Decryption

Its major task is to

convert the plain text into While its main task is to convert the
3. cipher text. cipher text into plain text.

Any message can be Whereas the encrypted message can be

encrypted with either decrypted with either secret key or
4. secret key or public key. private key.

In encryption process, Whereas in decryption process,

sender sends the data to receiver receives the
receiver after encrypted information(Cipher text) and convert
5. it. into plain text.

The same algorithm with The only single algorithm is used for
the same key is used for encryption-decryption with a pair of
the encryption- keys where each use for encryption
6. decryption process. and decryption.

A cryptosystem is an implementation of cryptographic techniques and their

accompanying infrastructure to provide information security services. A cryptosystem is
also referred to as a cipher system.
Let us discuss a simple model of a cryptosystem that provides confidentiality to the
information being transmitted. This basic model is depicted in the illustration below −

1
1
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

 Asymmetric Key Encryption

The main difference between these cryptosystems is the relationship between the
encryption and the decryption key. Logically, in any cryptosystem, both the keys are
closely associated. It is practically impossible to decrypt the ciphertext with the key that is
unrelated to the encryption key.

Symmetric Key Encryption

The encryption process where same keys are used for encrypting and decrypting the
information is known as Symmetric Key Encryption.
The study of symmetric cryptosystems is referred to as symmetric cryptography.
Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are − Digital
Encryption Standard (DES), Triple-DES (3DES), IDEA, and The illustration shows a
sender who wants to transfer some sensitive data to a receiver in such a way that any party
intercepting or eavesdropping on the communication channel cannot extract the data.
The objective of this simple cryptosystem is that at the end of the process, only the sender
and the receiver will know the plaintext.

1
2
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Components of a Cryptosystem

The various components of a basic cryptosystem are as follows −

 Plaintext. It is the data to be protected during transmission.
 Encryption Algorithm. It is a mathematical process that produces a ciphertext for any
given plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and
an encryption key as input and produces a ciphertext.
 Ciphertext. It is the scrambled version of the plaintext produced by the encryption
algorithm using a specific the encryption key. The ciphertext is not guarded. It flows on
public channel. It can be intercepted or compromised by anyone who has access to the
communication channel.
 Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for
any given ciphertext and decryption key. It is a cryptographic algorithm that takes a
ciphertext and a decryption key as input, and outputs a plaintext. The decryption algorithm
essentially reverses the encryption algorithm and is thus closely related to it.
 Encryption Key. It is a value that is known to the sender. The sender inputs the encryption
key into the encryption algorithm along with the plaintext in order to compute the
ciphertext.
 Decryption Key. It is a value that is known to the receiver. The decryption key is related to
the encryption key, but is not always identical to it. The receiver inputs the decryption key
into the decryption algorithm along with the ciphertext in order to compute the plaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a key space.
An interceptor (an attacker) is an unauthorized entity who attempts to determine the
plaintext. He can see the ciphertext and may know the decryption algorithm. He, however,
must never know the decryption key.

Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which
encryption-decryption is carried out in the system −
 Symmetric Key Encryption
BLOWFISH.

1
3
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its
relevance is very high and it is being used extensively in many cryptosystems. It is very
unlikely that this encryption will fade away, as it has certain advantages over asymmetric
key encryption.
The salient features of cryptosystem based on symmetric key encryption are −
 Persons using symmetric key encryption must share a common key prior to exchange of
information.
 Keys are recommended to be changed regularly to prevent any attack on the system.
 A robust mechanism needs to exist to exchange the key between the communicating
parties. As keys are required to be changed regularly, this mechanism becomes expensive
and cumbersome.
 In a group of n people, to enable two-party communication between any two persons, the
number of keys required for group is n × (n – 1)/2.
 Length of Key (number of bits) in this encryption is smaller and hence, process of
encryption-decryption is faster than asymmetric key encryption.
 Processing power of computer system required to run symmetric algorithm is less.

Challenge of Symmetric Key Cryptosystem

There are two restrictive challenges of employing symmetric key cryptography.
 Key establishment − Before any communication, both the sender and the receiver need to
agree on a secret symmetric key. It requires a secure key establishment mechanism in
place.
 Trust Issue − Since the sender and the receiver use the same symmetric key, there is an
implicit requirement that the sender and the receiver ‘trust’ each other. For example, it may
happen that the receiver has lost the key to an attacker and the sender is not informed.
These two challenges are highly restraining for modern day communication. Today, people
need to exchange information with non-familiar and non-trusted parties. For example, a

1
4
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

communication between online seller and customer. These limitations of symmetric key
encryption gave rise to asymmetric key encryption schemes.

Asymmetric Key Encryption

The encryption process where different keys are used for encrypting and decrypting the
information is known as Asymmetric Key Encryption. Though the keys are different, they
are mathematically related and hence, retrieving the plaintext by decrypting ciphertext is
feasible. The process is depicted in the following illustration −

Asymmetric Key Encryption was invented in the 20 th century to come over the necessity of
pre-shared secret key between communicating persons. The salient features of this
encryption scheme are as follows −
 Every user in this system needs to have a pair of dissimilar keys, private key and public
key. These keys are mathematically related − when one key is used for encryption, the
other can decrypt the ciphertext back to the original plaintext.
 It requires to put the public key in public repository and the private key as a well-guarded
secret. Hence, this scheme of encryption is also called Public Key Encryption.
 Though public and private keys of the user are related, it is computationally not feasible to
find one from another. This is a strength of this scheme.
 When Host1 needs to send data to Host2, he obtains the public key of Host2 from
repository, encrypts the data, and transmits.
 Host2 uses his private key to extract the plaintext.

1
5
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

 Length of Keys (number of bits) in this encryption is large and hence, the process of
encryption-decryption is slower than symmetric key encryption.
 Processing power of computer system required to run asymmetric algorithm is higher.
Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are
quite difficult to comprehend.
You may think, how can the encryption key and the decryption key are ‘related’, and yet it
is impossible to determine the decryption key from the encryption key? The answer lies in
the mathematical concepts. It is possible to design a cryptosystem whose keys have this
property. The concept of public-key cryptography is relatively new. There are fewer
public-key algorithms known than symmetric algorithms.

Challenge of Public Key Cryptosystem

Public-key cryptosystems have one significant challenge − the user needs to trust that the
public key that he is using in communications with a person really is the public key of that
person and has not been spoofed by a malicious third party.
This is usually accomplished through a Public Key Infrastructure (PKI) consisting a trusted
third party. The third party securely manages and attests to the authenticity of public keys.
When the third party is requested to provide the public key for any communicating person
X, they are trusted to provide the correct public key.
The third party satisfies itself about user identity by the process of attestation, notarization,
or some other process − that X is the one and only, or globally unique, X. The most
common method of making the verified public keys available is to embed them in a
certificate which is digitally signed by the trusted third party.

Relation between Encryption Schemes

A summary of basic key properties of two types of cryptosystems is given below −

Symmetric Public Key Cryptosystems

Cryptosystems

Relation between Same Different, but mathematically

Keys related

Encryption Key Symmetric Public

Decryption Key Symmetric Private

Due to the advantages and disadvantage of both the systems, symmetric key and public-key
cryptosystems are often used together in the practical information security systems.

1
6
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Cryptography:

Cryptography is classified into symmetric cryptography and asymmetric

cryptography. Below are the description of these types.
1. Symmetric key cryptography – It involves the usage of one secret key along with
encryption and decryption algorithms which help in securing the contents of the
message. The strength of symmetric key cryptography depends upon the number of
key bits. It is relatively faster than asymmetric key cryptography. There arises a key
distribution problem as the key has to be transferred from the sender to the receiver
through a secure channel.

2. Asymmetric key cryptography: It is also known as public-key cryptography

because it involves the usage of a public key along with the secret key. It solves the

1
7
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

problem of key distribution as both parties use different keys for

encryption/decryption. It is not feasible to use for decrypting bulk messages as it is
very slow compared to symmetric key cryptography.

Substitution Technique in Cryptography

Substitution technique is a classical encryption technique where the characters

present in the original message are replaced by the other characters or numbers or by
symbols. If the plain text (original message) is considered as the string of bits, then the
substitution technique would replace bit pattern of plain text with the bit pattern of cipher
text.

We will discuss some of the substitution techniques which will help us to

understand the procedure of converting plain text o cipher text. In this section, we will
study the following substitution techniques:

Substitution Technique:

1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Cipher
6. One-Time Pad

Caesar Cipher
This the simplest substitution cipher by Julius Caesar. In this substitution technique,
to encrypt the plain text, each alphabet of the plain text is replaced by the alphabet three
places further it. And to decrypt the cipher text each alphabet of cipher text is replaced by
the alphabet three places before it.

1
8
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Let us take a simple example:

Plain Text: meet me tomorrow

Cipher Text: phhw ph wrpruurz

Look at the example above, we have replaced, ‘m’ with ‘p’ which occur three
places after, ‘m’. Similarly, ‘e’ is replaced with ‘h’ which occurs in three places after ‘e’.

Note: If we have to replace the letter ‘z’ then the next three alphabets counted after
‘z’ will be ‘a’ ‘b’ ‘c’. So, while counting further three alphabets if ‘z’ occurs it circularly
follows ‘a’.

There are also some drawbacks of this simple substitution technique. If the hacker
knows that the Caesar cipher is used then to perform brute force cryptanalysis, he has only
to try 25 possible keys to decrypt the plain text.
The hacker is also aware of the encryption and decryption algorithm.

Monoalphabetic Cipher
Monoalphabetic cipher is a substitution cipher, where the cipher alphabet for each
plain text alphabet is fixed, for the entire encryption.

In simple words, if the alphabet ‘p’ in the plain text is replaced by the cipher
alphabet ‘d’. Then in the entire plain text wherever alphabet ‘p’ is used, it will be replaced
by the alphabet ‘d’ to form the ciphertext.

Playfair Cipher
Playfair cipher is a substitution cipher which involves a 5X5 matrix. Let us discuss
the technique of this Playfair cipher with the help of an example:

Plain Text: meet me tomorrow

Key: KEYWORD

Now, we have to convert this plain text to ciphertext using the given key. We will
discuss the further process in steps.

Step 1: Create a 5X5 matrix and place the key in that matrix row-wise from left to
right. Then put the remaining alphabets in the blank space.

1
9
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Note: If a key has duplicate alphabets, then fill those alphabets only once in the
matrix, and I & J should be kept together in the matrix even though they occur in the given
key.

Step 2: Now, you have to break the plain text into a pair of alphabets.

Plain Text: meet me tomorrow

Pair: me et me to mo rx ro wz

Note

 Pair of alphabets must not contain the same letter. In case, pair has the same letter
then break it and add ‘x’ to the previous letter. Like in our example letter ‘rr’ occurs in pair
so, we have broken that pair and added ‘x’ to the first ‘r’.
 In case while making pair, the last pair has only one alphabet left then we add ‘z’
to that alphabet to form a pair as in our above example, we have added ‘z’ to ‘w’ because
‘w’ was left alone at last.
 If a pair has ‘xx’ then we break it and add ‘z’ to the first ‘x’, i.e. ‘xz’ and ‘x_’.

Step 3: In this step, we will convert plain text into ciphertext. For that, take the first
pair of plain text and check for cipher alphabets for the corresponding in the matrix. To
find cipher alphabets follow the rules below.

Note

2
0
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

 If both the alphabets of the pair occur in the same row replace them with the
alphabet to their immediate right. If an alphabet of the pair occurs at extreme right then
replace it with the first element of that row, i.e. the last element of the row in the matrix
circularly follows the first element of the same row.
 If the alphabets in the pair occur in the same column, then replace them with the
alphabet immediate below them. Here also, the last element of the column circularly
follows the first element of the same column.
 If the alphabets in the pair are neither in the same column and nor in the same
row, then the alphabet is replaced by the element in its own row and the corresponding
column of the other alphabet of the pair.

Pair: me et me to mo rx ro wz

Cipher Text: kn ku kn kz ks ta kc yo

So, this is how we can convert a plain text to ciphertext using Playfair cipher. When
compared with monoalphabetic cipher Playfair cipher is much more advanced. But still, it
is easy to break.

Hill Cipher
Hill cipher is a polyalphabetic cipher introduced by Lester Hill in 1929. Let us
discuss the technique of hill cipher.

Plain text: Binary

Key: HILL

Choose the key in such a way that it always forms a square matrix. With HILL as
the key, we can form a 2×2 matrix.

Now, of plain text, you have to form a column vector of length similar to the key
matrix. In our case, the key matrix is 2×2 then the column vectors of plain text would be
2×1.

The general equation to find cipher text using hill cipher is as follow:

C = KP mod 26

2
1
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

For our example, our key matrix would be:

And our plain text matrices of 2×1 will be as follow:

Now, we have to convert the key matrix and plain text matrices into numeric
matrices. For that number the alphabets such as A=0, B=1, C=2, …………, Z=25. So,
considering the alphabet numbering:

Key matrix will be:

Plain text matrices would be:

In the first calculation, we would get two cipher alphabets for plain text alphabet
‘B’ & ‘I’.

2
2
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

So, the cipher alphabet for plain text alphabet ‘B’ & ‘I’ is ‘T’ & ‘V’. Similarly, we
have to calculate ciphertext for remaining plain text. And then accumulate them to form the
ciphertext.

The calculated ciphertext for ‘Binary’ using hill cipher is ‘TVNNZJ’.

Polyalphabetic Cipher
Polyalphabetic cipher is far more secure than a monoalphabetic cipher. As
monoalphabetic cipher maps a plain text symbol or alphabet to a ciphertext symbol and
uses the same ciphertext symbol wherever that plain text occurs in the message.
But polyalphabetic cipher, each time replaces the plain text with the different ciphertext.

One-Time Pad
The one-time pad cipher suggests that the key length should be as long as the
plain text to prevent the repetition of key. Along with that, the key should
be used only once to encrypt and decrypt the single message after that the key should be
discarded.

Onetime pad suggests a new key for each new message and of the same length as a
new message. Now, let us see the one-time pad technique to convert plain text into
ciphertext. Assume our plain text and key be:

Plain text: Binary

2
3
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Key: Cipher

Now again convert the plain text and key into the numeric form. For that number
the alphabets such as A=0, B=1, C=2, …………, Z=25. So, our plain text and key in
numeric form would be:

Plain text: 1 8 13 0 17 24

Key: 2 8 15 7 4 17

Now, you have to add the number of the plain text alphabet, to the number of its
corresponding key alphabet. That means, for this example, we will add:

B+C = 1+2 = 2

I+I = 8+8 = 16

N+P = 13+15 = 28

A+H = 0+7 = 7

R+E = 17+4 = 21

Y+R = 24+17 = 41

The resultant ciphertext numbers we get are (2, 16, 28, 7, 21, 41)

If the addition of any plain text number and the key number is >26, then subtract
only that particular number from 26. We have the addition of two pair of plain text number
and a key number, greater than 26, i.e. N+P=28 & Y+R=41.

Subtract them by 26.

N+P = 28 – 26 = 2

Y+R = 41 – 26 = 15

So, the final ciphertext numbers are (2, 16, 2, 7, 21, 1). Now convert this number
to alphabets assuming A to be numbered 0 and B to be 1…..Z to 25.

Ciphertext: Cqchvb.

In this way, we can convert plain text to cipher text using a one-time pad.

So, this is all about the substitution cipher techniques. It has a monoalphabetic
cipher and polyalphabetic cipher technique. Substitution technique is also called classical
substitution technique.

2
4
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Transposition Techniques

1. Rail Fence Transposition

2. Columnar Transposition
3. Improved Columnar Transposition

Rail Fence Cipher

The rail fence cipher is the simplest transposition cipher. The steps to obtain cipher
text using this technique are as follow:

Step 1: The plain text is written as a sequence of diagonals.

Step 2: Then, to obtain the cipher text the text is read as a sequence of rows.
To understand this in a better way, let us take an example:

Plain Text: meet me Tomorrow

Now, we will write this plain text sequence wise in a diagonal form as you can see
below:

Looking at the image, you would get it why it got named rail fence because it
appears like the rail fence.

Once you have written the message as a sequence of diagonals, to obtain the cipher
text out of it you have to read it as a sequence of rows. So, reading the first row the first
half of cipher text will be:

memtmro
reading the second row of the rail fence, we will get the second half of the cipher
text:

eteoorw
Now, to obtain the complete cipher text combine both the halves of cipher text and
the complete cipher text will be:

Cipher Text: M E M T M R O E T E O O R W
Rail fence cipher is easy to implement and even easy for a cryptanalyst to break this
technique. So, there was a need for a more complex technique.

Columnar Transposition Technique

The columnar transposition cipher is more complex as compared to the rail fence.
The steps to obtain cipher text using this technique are as follow:

2
5
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Step 1: The plain text is written in the rectangular matrix of the initially defined
size in a row by row pattern.
Step 2: To obtain the cipher text read the text written in a rectangular matrix
column by column. But you have to permute the order of column before reading it column
by column. The obtained message is the cipher text message.
To understand the columnar transposition let us take an example:

Plain text: meet Tomorrow

Now, put the plain text in the rectangle of a predefined size. For our example, the
predefined size of the rectangle would be 3×4. As you can see in the image below the plain
text is placed in the rectangle of 3×4. And we have also permuted the order of the column.

Now, to obtain the cipher text we have to read the plain text column by column as
the sequence of permuted column order. So, the cipher text obtained by the columnar
transposition technique in this example is:

Cipher Text: MTREOREMOTOW.

Similar to the rail fence cipher, the columnar cipher can be easily broken. The
cryptanalyst only has to try few permutation and combination over the order of column to
obtain the permuted order of column and the get the original message. So, a more
sophisticated technique was required to strengthen the encryption.

Columnar Transposition Technique with Multiple Rounds

It is similar to the basic columnar technique but is introduced with an improvement.

The basic columnar technique is performed over the plain text but more than once. The
steps for columnar technique with multiple rounds are as follow:

Step 1: The plain text is written in the rectangle of predetermined size row by row.
Step 2: To obtain the cipher text, read the plain text in the rectangle, column by
column. Before reading the text in rectangle column by column, permute the order of
columns the same as in basic columnar technique.
Step 3: To obtain the final cipher text repeat the steps above multiple time.

2
6
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Let us discuss one example of a columnar transposition technique for better

understanding. We will consider the same example of a basic columnar technique which
will help in understanding the complexity of the method:

Plain Text: meet Tomorrow

Let us put this plain text in the rectangle of predefined size of 3×4. Proceeding with
the next step, the order of the columns of the matrix is permuted as you can see in the
image below:

Now after the first round the cipher text obtained is as follow:

Cipher Text round 1: MTREOREMOTOW

Now, again we have to put the cipher text of round 1 in the rectangle of size 3×4
row by row and permute the order of columns before reading the cipher text for round 2. In
the second round, the permuted order of the column is 2, 3, 1, 4.

So, the obtained cipher text for round 2 is MOOTRTREOEMW. In this way, we
can perform as many iterations as requires. Increasing the number of iterations increases
the complexity of the techniques.

What Is Steganography?

A steganography technique involves hiding sensitive information within an

ordinary, non-secret file or message, so that it will not be detected. The sensitive
information will then be extracted from the ordinary file or message at its destination, thus
avoiding detection. Steganography is an additional step that can be used in conjunction
with encryption in order to conceal or protect data.

Steganography is a means of concealing secret information within (or even on top

of) an otherwise mundane, non-secret document or other media to avoid detection. It comes

2
7
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

from the Greek words steganos, which means “covered” or “hidden,” and graph, which
means “to write.” Hence, “hidden writing.”

You can use steganography to hide text, video, images, or even audio data. It’s a
helpful bit of knowledge, limited only by the type of medium and the author’s imagination.

Different Types of Steganography

1. Text Steganography − There is steganography in text files, which entails secretly

storing information. In this method, the hidden data is encoded into the letter of each word.

2. Image Steganography − The second type of steganography is image

steganography, which entails concealing data by using an image of a different object as a
cover. Pixel intensities are the key to data concealment in image steganography.

Since the computer description of an image contains multiple bits, images are
frequently used as a cover source in digital steganography.

The various terms used to describe image steganography include:

 Cover-Image - Unique picture that can conceal data.

 Message - Real data that you can mask within pictures. The message may be in
the form of standard text or an image.
 Stego-Image − A stego image is an image with a hidden message.
 Stego-Key - Messages can be embedded in cover images and stego-images with
the help of a key, or the messages can be derived from the photos themselves.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it
protects against unauthorized reproduction. Watermarking is a technique that encrypts one
piece of data (the message) within another (the "carrier"). Its typical uses involve media
playback, primarily audio clips.

4. Video Steganography − Video steganography is a method of secretly embedding

data or other files within a video file on a computer. Video (a collection of still images) can
function as the "carrier" in this scheme. Discrete cosine transform (DCT) is commonly used
to insert values that can be used to hide the data in each image in the video, which is
undetectable to the naked eye. Video steganography typically employs the following file
formats: H.264, MP4, MPEG, and AVI.

2
8
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

5. Network or Protocol Steganography − It involves concealing data by using a

network protocol like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be
used in the case of covert channels, which occur in the OSI layer network model.

Steganography vs. Cryptography

It's a method to
conceal the fact that
Expl communication is taking It's a method for making
anation place information unintelligible

Maintain
Aim communication security Enable data protection

Optional, but
increases security when
Key utilized Necessary prerequisite

Data
Visibility No Yes

You can recover the

Once hidden original message from the
Failu information is decoded, the ciphertext if you can access the
re data can be used by anyone decryption key

2
9
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

Data Does not modify Modifies the overall data

Structure the data's general structure structure

Cryptographic Attacks
The basic intention of an attacker is to break a cryptosystem and to find the
plaintext from the ciphertext. To obtain the plaintext, the attacker only needs to find out the
secret decryption key, as the algorithm is already in public domain.
Hence, he applies maximum effort towards finding out the secret key used in the
cryptosystem. Once the attacker is able to determine the key, the attacked system is
considered as broken or compromised.
Based on the methodology used, attacks on cryptosystems are categorized as
follows −
 Ciphertext Only Attacks (COA) − In this method, the attacker has access to a
set of ciphertext(s). He does not have access to corresponding plaintext. COA is said to be
successful when the corresponding plaintext can be determined from a given set of
ciphertext. Occasionally, the encryption key can be determined from this attack. Modern
cryptosystems are guarded against ciphertext-only attacks.
 Known Plaintext Attack (KPA) − In this method, the attacker knows the
plaintext for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext
using this information. This may be done by determining the key or via some other method.
The best example of this attack is linear cryptanalysis against block ciphers.
 Chosen Plaintext Attack (CPA) − In this method, the attacker has the text of his
choice encrypted. So he has the ciphertext-plaintext pair of his choice. This simplifies his
task of determining the encryption key. An example of this attack is differential
cryptanalysis applied against block ciphers as well as hash functions. A popular public key
cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.
 Dictionary Attack − This attack has many variants, all of which involve
compiling a ‘dictionary’. In simplest method of this attack, attacker builds a dictionary of
ciphertexts and corresponding plaintexts that he has learnt over a period of time. In future,
when an attacker gets the ciphertext, he refers the dictionary to find the corresponding
plaintext.
 Brute Force Attack (BFA) − In this method, the attacker tries to determine the
key by attempting all possible keys. If the key is 8 bits long, then the number of possible
keys is 28 = 256. The attacker knows the ciphertext and the algorithm, now he attempts all
the 256 keys one by one for decryption. The time to complete the attack would be very
high if the key is long.
 Birthday Attack − This attack is a variant of brute-force technique. It is used
against the cryptographic hash function. When students in a class are asked about their
birthdays, the answer is one of the possible 365 dates. Let us assume the first student's

3
0
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

birthdate is 3rd Aug. Then to find the next student whose birthdate is 3 rd Aug, we need to
enquire 1.25*√365 ≈ 25 students.
Similarly, if the hash function produces 64 bit hash values, the possible hash values
are 1.8x1019. By repeatedly evaluating the function for different inputs, the same output is
expected to be obtained after about 5.1x109 random inputs.
If the attacker is able to find two different inputs that give the same hash value, it is
a collision and that hash function is said to be broken.
 Man in Middle Attack (MIM) − The targets of this attack are mostly public key
cryptosystems where key exchange is involved before communication takes place.
o Host A wants to communicate to host B, hence requests public key of B.
o An attacker intercepts this request and sends his public key instead.
o Thus, whatever host A sends to host B, the attacker is able to read.
o In order to maintain communication, the attacker re-encrypts the data after
reading with his public key and sends to B.
o The attacker sends his public key as A’s public key so that B takes it as if it is
taking it from A.
 Side Channel Attack (SCA) − This type of attack is not against any particular
type of cryptosystem or algorithm. Instead, it is launched to exploit the weakness in
physical implementation of the cryptosystem.
 Timing Attacks − They exploit the fact that different computations take different
times to compute on processor. By measuring such timings, it is be possible to know about
a particular computation the processor is carrying out. For example, if the encryption takes
a longer time, it indicates that the secret key is long.
 Power Analysis Attacks − These attacks are similar to timing attacks except that
the amount of power consumption is used to obtain information about the nature of the
underlying computations.
 Fault analysis Attacks − In these attacks, errors are induced in the cryptosystem
and the attacker studies the resulting output for useful information.

KEY RANGE AND KEY SIZE

The concept of key range and key-size are related to each other. Key Range is total
number of keys from smallest to largest available key. An attacker usually is armed with
the knowledge of the cryptographic algorithm and the encrypted message, so only the
actual key value remains the challenge for the attacker.
• If the key is found, the attacker can get original plaintext message. In the brute force
attack, every possible key in the key-range is tried, until we get the right key.
• In the best case, the right key is found in the first attempt, in the worst case, the key is
found in the last attempt. On an average, the right key is found after trying half of the
possible keys in the key-range. Therefore by expanding the key range to a large extent,

3
1
CRYPTOGRAPHY NETWORK SECURITY
NETWORKSecurity (Unit-1)

longer it will take for an attacker to find the key using brute-force attack.
• The concept of key range leads to the principle of key size. The strength of a
cryptographic key is measured with the key size
• Key size is measured in bits and is represented using binary number system. Thus if the
key range from 0 to 8, then the key size is 3 bits or in other words we can say if the size is
bits then the key range is 0 to 256. Key size may be varying, depending upon the
applications and the cryptographic algorithm being used, it can be 40 bits, 56 bits, 128 bits
& so on. In order to protect the cipher-text against the brute-force attack, the key-size
should be such that the attacker can not crack it within a specified amount of time.
• From a practical viewpoint, a 40-bit key takes about 3 hours to crack, however a 41-bit
key would take 6 hours and 42-bit key would take 12 hours & so on. This means every
additional bit doubles the amount of time required to crack the key. We can assume that
128 bit key is quite safe, considering the capabilities of today’s computers. However as the
computing power and techniques improve, these numbers will change in future.

3
2