1(a)

Two individual public keys 𝑌A =40 (the key Alice sent to Bob) and 𝑌B =248 (the key Bob
Alice and Bob’s public keys are given as, the primary key p = 353 and primitive root 3.

sent to Alice) are also given.

Using Diffie–Hellman Key Exchange, we have:
YA = XA mod p
YB = XB mod p
Where XA and XB are the private keys of Alice and Bob respectively
Substituting with the values we have, we get
40 = 3XA mod 353
248 = 3XB mod 353
Prime number is a number that is divisible only by itself and 1. Discrete logarithm for
modulus 353 generates distinct remainders when using base value as 3since 3 is the primitive
root of 353. So the only option to find the value of XA and XB is to do a trial and error for XA
and XB from 1 to 352.

1(b)
As explained above, we need to give values for XA and XB from 1 to 352 in the equations we
have:
40 = 3XA mod 353
248 = 3XB mod 353
For finding XA
31mod 353 = 3
32mod 353 = 9
33mod 353 = 27
34mod 353 = 81
35mod 353 = 243
36mod 353 = 23
37mod 353 = 69
38mod 353 = 207
Etc. and we can find that
397mod 353 = 40
Hence the value of XA = 97

1(c)
From Diffie–Hellman Key Exchange, the value of secret key can be calculated from
K = YBXA mod 353
= 24897 mod 353
= 160
Hence the value of secret key K is 160

2(a)
We will use frequency analysis character substitution technique to decrypt the given cipher
text.
1. First we need to find the occurrence count of characters in the cipher text.
 Most repeated letters are:
i:91
c:89
d:70

3 letter sequences
cei:27
uce:9
icc:8
2. From this we can see that the letters ‘i’, ‘c’ and ‘d’ has the maximum number of
occurrences and the trigram ‘cei’ has 27 occurrence. In English, language, ‘e’, ’th’ and ‘ the’
are the most common letter, bigram and trigram respectively. We can try replacing 'cei' with
'THE'. That is replace all ‘c’ with ‘T’, ‘e’ with ‘H’ and ‘i’ with ‘E’.
6. Now look for the words that can be identified from the text after replacing the letters. Do
the following steps one by one:
- ‘nETTEk’ looks like ‘LETTER’ so replace all ‘n’ with ‘L’ and ‘k’ with ‘R’.
- ‘rHEET’ looks like ‘SHEET’ so replace all ‘r’ with ‘S’.
- ‘pfg’ looks like ‘AND’ so replace all ‘p’ with ‘A’, ‘f’ with ‘N’ and ‘g’ with ‘D’.
- ‘EAqH’ looks like ‘EACH’, so replace all ‘q’ with ‘C’.
- ‘ALSd’ looks like ‘ALSO’, so replace all ‘d’ with ‘O’.
- ‘ENCRwxTED’ looks like ‘ENCRYPTED’, replace all ‘w’ with ‘Y’ and ‘x’ with
‘P’.
- ‘oESSAmE’ looks like ‘MESSAGE’, replace all ‘o’ with ‘M’, ‘m’ with ‘G’.
- ‘LANGvAGE’ looks like ‘LANGUAGE’, replace all ‘v’ with ‘U’.
- Now ‘Ou’ can be confirmed as ‘OF’, replace all ‘u’ with ‘F’.
- ‘DaFFERENT’ - replace all ‘a’ with ‘I’.
- ‘PLAINTEzT’ - replace all ‘z’ with ‘X’.
- ‘FOLLOtING’ - replace all ‘t’ with ‘W’.
- ‘SYMhOL’ - replace all ‘h’ with ‘B’.
- ‘SOLsING’ - replace all ‘s’ with ‘V’.
- ‘iNOWN’ - replace all ‘i’ with ‘K’.
- ‘FREjUENTLY’ - replace all ‘j’ with ‘Q’.
After doing all the above steps, we will get the final text as below:
"ONE OF THE WAYS OF SOLVING AN ENCRYPTED MESSAGE, IF THE
LANGUAGE OF THE PLAINTEXT IS KNOWN, IS TO FIND A DIFFERENT
PLAINTEXT OF THE SAME LANGUAGE LONG ENOUGH TO FILL ONE SHEET OR
SO, AND THEN WE COUNT THE OCCURRENCES OF EACH LETTER. TE NOTE
AND CALL THE MOST FREQUENTLY OCCURRING LETTER THE ‘FIRST’, THE
NEXT MOST OCCURRING LETTER THE ‘SECOND’ THE FOLLOWING MOST
OCCURRING LETTER THE ‘THIRD’, AND SO ON, UNTIL WE ACCOUNT FOR ALL
THE DIFFERENT LETTERS IN THE PLAINTEXT SAMPLE. THEN WE LOOK AT THE
CIPHER TEXT WE WANT TO SOLVE AND WE ALSO CLASSIFY ITS SYMBOLS. TE
FIND THE MOST OCCURRING SYMBOL AND CHANGE IT TO THE FORM OF THE
‘FIRST’ LETTER OF THE PLAINTEXT SAMPLE, THE NEXT MOST COMMON
SYMBOL IS CHANGED TO THE FORM OF THE ‘SECOND’ LETTER, AND THE
FOLLOWING MOST COMMON SYMBOL IS CHANGED TO THE FORM OF THE
‘THIRD’ LETTER, AND SO ON, UNTIL WE ACCOUNT FOR ALL SYMBOLS OF THE
CRYPTOGRAM WE WANT TO SOLVE"
2(b)
The above text is decrypted using frequency analysis technique. In this technique, we analyse
frequency of the letters and/or groups of letters in the cipher text. This technique is based on
the fact that,text content in a given language will have certain letters and/or group of letters
occurring in varying frequencies. For almost all given samples of the language, we could see
that the characteristicdistribution of letters is roughly the same. For example, in the case of
English, some letters are most common - ‘E’, ‘T’, ‘A’ and ‘O’, while some others are very
rare - ‘Z’, ‘Q’ and ‘X’. In the same way, ‘TH’, ‘ER’, ‘ON’ and ‘AN’ are the most
commoncombination of letters. These patterns and features have the potential to be exploited
in a ciphertext-only attack.
)

2(C)
from operator import itemgetter
import string

deffreq_finder(given_text):
d = {}
forltr in given_text:
try:
d[ltr] += 1
except:
d[ltr] = 1
return d

def alphabet():
for alpha in string.letters: yield alpha

defcipher(text):
expected = freq_finder (text)
flist = sorted(expected.iteritems(), key=itemgetter(1), reverse=True)
alphabet_generator = alphabet()
for char, freq in flist:
text = text.replace(char, alphabet_generator.next())
return (text, expected)

def decipher(text, expected):

nal = [ x[0] for x in sorted(expected.iteritems(), key=itemgetter(1), reverse=True) ]
normal_alphabet = ''.join(nal)
transtable = string.maketrans(string.letters[:len(normal_alphabet)], normal_alphabet)
returntext.translate(transtable)
3(a) Cryptography: Concept

Cryptography refers to the procedure that uses advanced mathematical principles for storing
and transmission of data in a specific form (Coron, 2006). This process is undertaken to
ensure that data is being read and processes by only those users who are indented to use the
data. In this procedure user encrypts plain text by using ciphertext key and by using
communication channel that does not eavesdrop sends the message to receiver. At receiver
end this ciphertext then gets decrypted to the original plain text (Brassard, 2003).
3(a).1 Symmetric Encryption
This is simplest kind of Encryption which uses just one secret key (Single Key) for both
encryption and decryption. Both sender and the receiver of message need to know this secret
key which will be used both encryption and decryption of the messages.
Block Cipher is a symmetric key algorithm. It is applied on fixed length groups of characters
for transformation. Block ciphers are widely used for the encryption of bulk data.
Examples of block cipher algorithms are:
- DES: "The Data Encryption Standard" is a symmetric-key algorithm that is used to
encrypt electronic data.
- 3DES: 3DESis a symmetric-key block cipher.It applies the DES algorithm three times
to each of the given data block.
- AES (Advanced Encryption Standard) is a symmetric encryption algorithm. It is very
popular and widely adopted and is supported in both hardware and software.

Stream cipheris a symmetric key cipher majorly used in applications where the length of
plaintext data is not known. In this technique, plaintext digits are used in combination of
pseudorandom cipher digit stream (Camara et al.2012).
3(a).2 Asymmetrical Encryption
This type of encryption is also called as "public key cryptography". Here two keys are used
for encryption of a plain text. First is a public key which is freely available to any use who
wants to send a message. The second is private key which is kept a secret that only specific
recipient knows (Kovalenko & Kochubinskii, 2003).
A message that is encrypted using a public key can only be decrypted using a private key,
while also, a message encrypted using a private key can be decrypted using a public key.
RSA is one of the widely used and first public-key cryptosystems. In this system, the
encryption key is made public and the private key is kept secret which is used for decryption.
Digital signature ensures that the digital messages and documents come from authentic
source. They employ asymmetric cryptography. A valid digital signature ensures
authentication in following ways first the message is created by a known sender, second it
facilitates non-repudiation which implies that the sender cannot deny having sent the message
and then it guarantees integrity by assuring that no alteration was done during the transit.
"Digital Certificate" is also called as "Public Key Certificate" is an electronic document
which proves the ownership of a public key. The certificate has the details of the key, identity
of its owner, and a digital signature. Therefore if the software trusts the issuer of the key and
the signature present in key is valid then the communication can be made securely.
"Public Key Infrastructure": PKI is used for the verification of public keys. The creation,
storage, and distribution of digital certificatesare managed by PKI.
3(a).3 Hashing
Hashing is a one-way cryptographic functionwhich cannot be reversed.It is an algorithm
which converts data of any size into a fixed size data called hash (Orwant, 2002).
An important application is inmessage integrityverificationfor checking whether any change
is made to a message.
Another application is in user authentication. If user passwords are stored as plain text in
database/files, it can result in security breach if the database server/file is compromised.
Storing user passwords as hash will prevent this.
Message digest is a type of cryptographic hash function which contains a string of digits.
This string is created by using one-way hashing formula. They are made in order to protect
the integrity of a piece of data or media. They detect the changes and alterations made to any
part of the message (Doraswamy & Harkins, 2003).

3(b)
While in motion data is highly vulnerable. Therefore protection of information in this state
needs special capabilities. One data moves from one place to the then it is referred as "data in
motion". As a network has many nodes which connected to different clients on the same
network therefore data in motion has to be protected in order to make data more secure.
As compared to process of "private key encryption" process of "Public key encryption" is
slow. "Public key encryption" has to have a complicated feature that enables publishing of
the encryption key without revealing the decryption key. Therefore the process needs more
complicated mathematic than its symmetric encryption. Network bandwidth is another aspect
that impacts the efficiency of an asymmetric encryption. In case of deterministic encryption
one with intention to steal the data can run exhaustive search on the encrypted data. Thus to
stop this activity encryption data needs to have extra randomness. This leads to increase in
data size. Whereas the data size remains constant in symmetric encryption (Vacca, 2004).

One of the key challenges associated with the symmetric encryption is that one has to trust all
the parties that are associated with the process to keep the key secret. This issue is resolved in
public key cryptography as this type of cryptography d o not have any shared secret. The
issue of keeping key secret is of higher concern, even more than the performance. In order to
tackle this issue hybrid approach can be used. Therefore most of the real applications use
hybrid cryptography. In this case the costly public key operations are undertaken for
encryption and an encryption key is exchanged for the symmetric algorithm which will be
used for encryption of the real message (Tysowski & Hasan,2013).

4(a)
SSL or TLS certificates are used for authentication of different entities to one another. With
this certificate each entity in the infrastructure is able to validate the other members’ identity
and encrypt the traffic. Encryption algorithm that scrambles the data is used so that the
attackers cannot read the data that is sent. This ensures that the data that is being transferred
between two entities remain impossible to read. For example while making payment
thorough credit card on website, one has to pass many audits which ensures compliance with
the "Payment Card Industry (PCI) standards". Use of an SSL Certificate is one of the major
requirements (Ingle & Shivkumar, 2010).
A "Public Key Infrastructures" (PKI) enables to bind public keys (which have SSL
certificates) to an individual in manner that allows one to trust the certificate. PKI most
commonly use a Certificate Authority (also called a Registration Authority. This authority is
used for verification of the identity of an entity and it creates certificates that cannot be
forged. Most of the web browsers, servers, email clients, smart cards, and many other types
of hardware and software integrate PKI based on certain standards to be used with each other.
(Firewalls: These are crucial part of any server configuration and add an extra layer of
protection to the services which are already secured. It is a type of software (or hardware)
that takes control of the services that are offered on the network. This software or hardware
blocks or restricts access to all sites except sites that are being publicly available. Private
services are restricted based on the certain criteria and public services are accessed and
available for everyone.

4(b)
SSL is an essential aspect of secure Internet. It is the backbone of the security system and
offers protection of sensitive information when information travels across the world's
computer networks. If information is send using SSL certificate the information transferred
can only be read by the server the information is being sent to otherwise the information is
unreadable. Thus information gets protected from hackers, attackers and identity theft. Apart
from encryption a valid SSL certificate also confirms authentication. This implies that user is
assured that the information send by him is going to the right sever and not the imposter or
hacker (Garfinkel &Spafford, 2002).
Digital signature ensures that the digital messages and documents come from authentic
source. A valid digital signature ensures authentication in following ways first the message is
created by a known sender, second it facilitates non-repudiation which implies that the sender
cannot deny having sent the message and then it guarantees integrity by assuring that no
alteration was done during the transit.
Data integrity implies that the information sent is intact and unaltered without any
modifications. This can be achieved by:
- Secure communication: This ensures that information is securely and correctly sent
from the creator of message to the receiver. Use of a secure connection (SSL/TLS)
will solve this.
 - Safe storage: The data stored in the servers is not altered or modified, and can still be
used for its original purposes. Customer information data like details of customer's
credit and address which online merchants store on their servers.
- Data Audit: At each point where the data undergoes change data should be audited
and verified. Especially when the data contains sensitive information like payment
options, health data etc it is important to know when and who has made changes to
the information.

Encrypt Confidential Data & Files:

- All users confidential data should be encrypted before storing in database / file
system.
- Encryption keys should be managed properly

User passwords should be hashed with proper SALT applied. Hashing with SALT makes
sure that passwords are secure and are not vulnerable to rainbow table attacks.

References

Coron, J. S. (2006). What is cryptography?. IEEE security & privacy, 4(1), 70-73.

Brassard, G. (Ed.). (2003). Advances in Cryptology-CRYPTO'89: Proceedings (Vol. 435).

Springer.

Kamara, S., Papamanthou, C., & Roeder, T. (2012, October). Dynamic searchable symmetric
encryption. In Proceedings of the 2012 ACM conference on Computer and communications
security (pp. 965-976). ACM.

Kovalenko, I. N., & Kochubinskii, A. I. (2003). Asymmetric cryptographic algorithms.

Cybernetics and systems analysis, 39(4), 549-554.

Orwant, J. (2002). Computer Science & Perl Programming: Best of The Perl Journal. "
O'Reilly Media, Inc.

Vacca, J. R. (2004). Public key infrastructure: building trusted applications and Web
services. CRC Press.

Doraswamy, N., & Harkins, D. (2003). IPSec: the new security standard for the Internet,
intranets, and virtual private networks. Prentice Hall Professional.

Tysowski, P. K., & Hasan, M. A. (2013). Hybrid attribute-and re-encryption-based key

management for secure and scalable mobile applications in clouds. IEEE Transactions on
Cloud Computing, 1(2), 172-186.
Ingle, R., & Sivakumar, G. (2010, May). EGSI: TGKA based security architecture for group
communication in grid. In Proceedings of the 2010 10th IEEE/ACM International
Conference on Cluster, Cloud and Grid Computing (pp. 34-42). IEEE Computer Society.

Garfinkel, S., & Spafford, G. (2002). Web security, privacy & commerce. " O'Reilly Media,
Inc.".