Computer Security assignment – 2

Name : Vamsi Asa

DOS : 09-30-2023
1. Consider Substitution cipher vs. the One one-time pad cipher: Which one of these is
called unbreakable and perfectly secure, and why? (5 points)
Ans : The substitution cipher is not thought to be as safe or unbreakable as the one-
time pad cipher. Reasons why are as follows:
Key Length :
A substitution cipher's key is often substantially shorter than the plaintext, making it
susceptible to frequency analysis and brute-force assaults. An attacker might
theoretically decrypt the message if they have access to enough ciphertext to examine
the frequency of letters or symbols.
A one-time pad cipher uses a key that is really random and is the same length as the
plaintext. As a result, it is virtually difficult for an attacker to determine the key using
conventional cryptographic analysis techniques since there are as many potential keys
as there are plaintexts.
Reusability:
Multiple uses of substitution ciphers with the same key result in patterns and repetitions
in the ciphertext that can be taken advantage of by cryptanalysts.
One-time pads should only be used once, as the name implies. Reusing a one-time pad
with the same key for several messages reduces security and makes you more
vulnerable.
Knowledge Theory :
The one-time pad cipher is based on information theory, and under the assumption of a
really random key, each symbol in the ciphertext does not reveal anything about its
corresponding symbol in the plaintext. Since substitution ciphers frequently exhibit
statistical patterns that can be taken advantage of, this feature does not apply to them.
Perfect Confidence:
It is said that the one-time pad offers "perfect secrecy." This indicates that every
conceivable plaintext is equally plausible given the ciphertext and the absence of the
key. It provides the maximum level of security possible in cryptography, to put it another
way.
Because patterns and statistical data may be utilized to deduce the plaintext, especially
with lengthier messages, substitution ciphers do not provide absolute confidentiality.
2. Write your full name in lowercase without any spaces (e.g., "John Smith"
should write his name as "johnsmith"). Encrypt this plaintext into ciphertext
it using Caesar substitution cipher with k=8 (i.e., each letter is shifted by 8
positions forward). Show all of your work. (Hint: Create a table with letters
from your name in different cells of a row and show the cipher text
calculations in the following rows). (10 points)
Ans : Using a Caesar substitution cipher with k=8 (moving each letter 8
places forward in the alphabet), the name "vamsiasa" is encrypted:
Letter Original Shift (k=8) Ciphered
v v d d
a a i i
m m u u
s s a a
i i q q
a a i i
s s a a
a a i i
So, the ciphertext for "vamsiasa" using a Caesar substitution cipher with k=8
is "diuaqiai".
3. Nole Ksum sent you a letter encrypted with a substitution cipher. However,
you do not know the value of the shift (k). How can you figure out the plain
text given only the cipher text? State two ways to do so and explain how
they work. (5 points)
Ans : We can use any of the following two techniques to decrypt a message
encoded using a substitution cipher without being aware of the shift value
(k):
Analysis of Frequency :
Frequency analysis is a method that makes use of the fact that some letters
appear more frequently than others in a given language. The most frequent
letter, for instance, is "E" in English.
I can infer the substitution by examining the frequency of the letters in the
ciphertext and contrasting it with the anticipated frequency distribution of
the letters in the language.
For instance, if a letter appears frequently in the ciphertext, it probably
correlates to the English letter 'E'. To further cut down the possible
substitutes, check for more common letters like "T," "A," and "O."
You may progressively piece together the complete substitution key and
unlock the message as you recognize more letters.
Pattern Identification :
Another strategy is to scan the ciphertext for repeated letter patterns or
other patterns. You may recognize some letter substitutes by looking for
common patterns, such as the English letters "TH" or "ING".
For instance, you may infer that the plaintext's equivalent letters are T and H
if the sequence "TH" regularly appears in the ciphertext.
This basic knowledge may be used to uncover more patterns and create a
partial substitution key. You can decode the full message as you find
additional patterns and replacements.
Both of these approaches rely on linguistic expertise and statistical
examination of the target language. They could work better for longer
ciphertexts that have enough text to examine. The complexity of the
substitution cipher also affects the effectiveness of decryption; more
complicated replacements, such homophonic ciphers, can make decoding
more difficult.

4. Use your name as plain text (lowercase, remove spaces). Use the following
one time pad based to generate the cipher text using one time pad:
"thequickbrownfoxjumpsoverthelazydog". Show all of your work (i.e., name in
one row, letter values in the following row, one time pad in the following row,
letter values of one time pad in the following row, results of applying the one
time pad in the following row, and the corresponding cipher text in the final
row). (10 points)
Ans : Certainly, let's encrypt the plaintext "vamsiasa" using a one-time pad
based on the key "thequickbrownfoxjumpsoverthelazydog".
Here's the step-by-step process:
• Plaintext: vamsiasa (lowercase, no spaces)
• Letter Values (a=0, b=1, c=2, ..., z=25):
• v: 21
• a: 0
• m: 12
• s: 18
• i: 8
• a: 0
• s: 18
• a: 0
• One-Time Pad (Key): thequickbrownfoxjumpsoverthelazydog
• Letter Values of One-Time Pad:
• t: 19
• h: 7
• e: 4
• q: 16
• u: 20
• i: 8
• c: 2
• k: 10
• b: 1
• r: 17
• o: 14
• w: 22
• n: 13
• f: 5
• o: 14
• x: 23
• j: 9
• u: 20
 • m: 12
• p: 15
• s: 18
• o: 14
• v: 21
• e: 4
• r: 17
• t: 19
• h: 7
• e: 4
• l: 11
• a: 0
• z: 25
• y: 24
• d: 3
• o: 14
• g: 6
• Results of Applying the One-Time Pad (Plaintext Value + Key
Value % 26):
• v + t = 21 + 19 = 40 % 26 = 14 (letter value: o)
• a + h = 0 + 7 = 7 (letter value: h)
• m + e = 12 + 4 = 16 (letter value: q)
• s + q = 18 + 16 = 34 % 26 = 8 (letter value: i)
• i + u = 8 + 20 = 28 % 26 = 2 (letter value: c)
• a + i = 0 + 8 = 8 (letter value: i)
• s + c = 18 + 2 = 20 (letter value: u)
• a + k = 0 + 10 = 10 (letter value: k)
• Cipher Text: ohticiuk
So, the corresponding ciphertext for the plaintext "vamsiasa" using the one-
time pad "thequickbrownfoxjumpsoverthelazydog" is "ohticikt".
5. Ecila and Selrahc are exchanging messages over an insecure line. Yrollam
is listening in between and has the ability to modify, delete, or insert
messages. How can Ecila and Serahc ensure each of the following? Explain
the process and the technique(s) for each of the problems below:

a. If Selrahc receives a message from Ecila, the contents have not been
modified by Yrollam. (5 points)

b. If Selrahc receives a message from Ecila, it is not a replay of an older

message previously sent by Ecila, (5 points)

c. If Ecila sends three messages to Selrahc, Yrollam cannot delete the second
message without getting detected by Ecila. (5 points)

d. Yrollam cannot insert a fake message from Ecila to Selrahc (i.e., Yrollam
sends the fake message to Selrahc and pretend that this is actually fro Ecila).
(5 points)
Ans : Ecila and Selrahc can utilize cryptographic methods like digital
signatures and message authentication codes (MACs), as well as methods for
spotting replay attacks and preventing message deletion, to guarantee
message integrity, authenticity, and detection of alterations or insertions.
They may accomplish each of the needed security features by following
these steps:
a. Message Integrity (Yrollam Has Not Modified):
Digital signatures as a technique :
Ecila uses her private key to sign each correspondence with a digital
signature.
She sends Selrahc the original message as well as the digital signature.
The message and the digital signature are delivered to Selrahc.
Ecila's public key is used by Selrahc to validate the signature. If the signature
is genuine, Yrollam has not altered the message in any way.
Since only Ecila's private key was capable to producing a legitimate
signature, Selrahc may have confidence in the message's integrity.
b. Maintaining Message Freshness (Preventing Replay Attacks): Process using
Timestamps or Nonces:
Each communication sent by Ecila contains a timestamp or a one-of-a-kind
random integer (nonce).
Selrahc records the timestamps or nonces for messages that are received.
Selrahc determines whether a message's timestamp or nonce is fresh (i.e.,
hasn't been seen previously or is within a reasonable time limit) when it gets
it.
Selrahc accepts the message if the timestamp or nonce is current; otherwise,
it is viewed as a replay attack and is deleted.
c. Message Deletion Detection:

Technique: Hash Chains

Process:
Ecila and Selrahc establish a hash chain, which is a sequence of hash values
derived from previous hash values.
Each message includes the hash of the previous message in the chain.
When Selrahc receives a message, they compute the hash of the previous
message and compare it to the hash included in the current message.
If the hashes match, the message is part of the chain and hasn't been
deleted. If they don't match, it suggests that Yrollam has tampered with the
message.
c. Avoiding the Insertion of Fake Messages:

Technique : MACs (Message Authentication Codes)

Process:
For each communication she transmits, Ecila creates a MAC (maybe with the
use of a secret key).
She delivers the MAC and the initial message to Selrahc.
Using the same secret key, Selrahc computes a MAC after receiving the
message.
Selrahc contrasts the received and calculated MACs. If they coincide, it
indicates that Yrollam did not insert the message and that it is real.
When the MACs don't line up, Selrahc recognizes that the message is fake
and rejects it.