Cns Unit-1
Cns Unit-1
SECURITY CONCEPTS
INTRODUCTION
Cryptography is technique of securing information and communications
through use of codes so that only those person for whom the information is intended
can understand it and process it. Thus preventing unauthorized access to information.
The prefix “crypt” means “hidden” and suffix graphy means “writing”.One is
confidentiality which basically means that we need to be sure that nobody will see
our information as it travels across a network. Authentication and access control is
also another capability provided by cryptography. Some other capabilities provided
by cryptography are non-repudiation and integrity.
In Cryptography the techniques which are use to protect information are
obtained from mathematical concepts and a set of rule based calculations known as
algorithms to convert messages in ways that make it hard to decode it. These
algorithms are used for cryptographic key generation, digital signing, verification to
protect data privacy, web browsing on internet and to protect confidential
transactions such as credit card and debit card transactions.
Basic Concepts
Plaintext can refer to anything which humans can understand and/or relate to. This
may be as simple as English sentences, a script, or Java code. If you can make sense
of what is written, then it is in plaintext.
Key Some critical information used by the cipher, known only to the sender &
receiver.
The Basic Principles
Types of Cryptography
The biggest problem with this technique is the distribution of key as this algorithm
makes use of single key for encryption or decryption.
2. Public Key Cryptography
This type of cryptography technique involves two key crypto system in which
a secure communication can take place between receiver and sender over insecure
communication channel. Since a pair of keys is applied here so this technique is
also known as asymmetric encryption.
In this method, each party has a private key and a public key. The private is
secret and is not revealed while the public key is shared with all those whom you
want to communicate with. If Alice wants to send a message to bob, then Alice will
encrypt it with Bob’s public key and Bob can decrypt the message with its private
key. This is what we use when we setup public key authentication in openssh to
login from one server to another server in the backend without having to enter the
password.
3. Hash Functions
This technique does not involve any key. Rather it uses a fixed length hash
value that is computed on the basis of the plain text message. Hash functions are
used to check the integrity of the message to ensure that the message has not be
altered, compromised or affected by virus.
SECURITY APPROACHES
1. Cryptography Approaches
Cryptography is the backbone of information security, where algorithms are used to
encrypt and decrypt data, ensuring that only authorized entities can access it. The
key approaches in cryptography include:
c. Hash Functions
Hash functions map data of arbitrary size to a fixed size (a hash). They are
used primarily for data integrity verification.
• Examples:
• SHA-256 (Secure Hash Algorithm): Part of the SHA-2 family, used for
creating digital signatures.
• MD5: Widely known but now considered insecure.
• Use Cases: Password hashing, digital signatures, integrity checks, blockchain.
d. Digital Signatures
A digital signature is an encrypted hash of a message that can be verified with
a public key, ensuring authenticity and integrity.
• Examples:
• DSA (Digital Signature Algorithm).
• ECDSA (Elliptic Curve Digital Signature Algorithm).
• Use Cases: Document signing, email signing, code signing.
b. Firewalls
A firewall is a network security system that monitors and controls incoming
and outgoing traffic based on predetermined security rules.
Protecting internal networks from external attacks.
f. Network Encryption
Encrypting data transmitted over networks to prevent interception by attackers.
• IPSec: Used in VPNs and to secure IP communications.
3. Key Management
Managing cryptographic keys is crucial for maintaining the security of cryptographic
systems:
• Public Key Infrastructure (PKI): A framework for managing digital keys and
certificates.
• Key Distribution: Securely distributing symmetric keys, often done using public
key cryptography.
• Key Revocation: Mechanisms to revoke keys that are compromised or no
longer needed.
4. Security Protocols
Security protocols are essential in securing communication between devices and
networks:
• SSL/TLS: Used to secure internet communications (e.g., HTTPS).
• IPSec: For secure IP communications.
• SSH (Secure Shell): For secure remote access.
PRINCIPLES OF SECURITY
1. Confidentiality
The principle of confidentiality specifies that only the sender and the intended
recipient(s) should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access a message.
Example of compromising the confidentiality of a message is shown in Fig. Here, the
user of computer A sends a message to user of computer B.
Another user C gets access to this message, which is not desired and therefore,
defeats the purpose of confidentiality. Example of this could be a confidential email
messagesent by A to B, which is accessed by C without the permission or knowledge
of A and B. This type ofattack is called as interception.
Interception causes loss of message confidentiality.
2. Authentication
3. Integrity
When the contents of a message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is
lost. For example, suppose you write a check forRs. 100 to pay for the goods bought
from the US. However, when you see your next account statement, you are startled
to see that the check resulted in a payment of Rs. 1000. This is the case for loss of
message integrity. Conceptually, this is shown in Fig.
4. Non-repudiation
There are situations where a user sends a message and later on refuses that
she had sent that message. For instance, user A could send a funds transfer request
to bank B over the Internet. After the bank performs the funds transfer as per A’s
instructions, A could claim that she never sent the funds transfer instruction to the
bank! Thus, A repudiates or denies, her funds transfer instruction. The principle of
non-repudiation defeats such possibilities of denying something, having done it. This
is shown in Fig.
5. Access Control
The principle of access control determines who should be able to access what.
For instance, we should be able to specify that user A can view the records in a
database, but cannot update them. However, user B might be allowed to make
updates as well. An access control mechanism can be set up to ensure this.Access
control is broadly related to two areas: role management and rule management.
Rolemanagement concentrates on the user side (which user can do what), whereas
rule management focuseson the resources side (which resource is accessible and
under what circumstances).
6. Availability
The principle of availability states that resources (i.e. information) should be
available to authorized parties at all times. For example, due to the intentional
actions of an unauthorized user C, an authorized user A may not be able to contact
a server computer B, as shown in Fig.
TYPES OF SECURITY ATTACKS
• Modification- For example the attacker may modify the values in a database.
Passive attacks: Passive attacks are those, where in the attacker indulges in
eavesdropping or monitoring of data transmission. In other words, the attacker aims
to obtain information that is intransit. The term passive indicates that the attacker
does not attempt to perform any modifications to the data. Passive attacks do not
involve any modifications to the contents of an original message.
Passive Attacks:
➢ Passive attacks are those where the attacker indulges in eavesdropping or
monitoring of data transmission.
➢ Passive attacks do not involve any modifications to the contents of an original
message.
There are two types of passive attacks.
1) Release of message contents
2) Traffic analysis.
Release of message contents:
The release of message contents is a type of attack that analyzes and read the
message delivered between senders to receiver.
A telephone conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information.
We would like to prevent an opponent from getting the contents of these
transmissions.
Traffic analysis.
The attacker simply listens to the network communication to perform traffic
analysis to determine the location of key nodes, the routing structure, and even
application behavior patterns.
In this type of attack, an intruder observes the frequency and length of msg.
Being exchanged between communicating nodes.
Attacker can then use this information for guessing the nature of communication
that was taking place.
Active attacks Unlike passive attacks, the active attacks are based on modification of
the original message in some manner or the creation of a false message. These
attacks cannot be prevented easily. However, they can be detected with some effort
and attempts can be made to recover from them. These attacks can be in the form
of interruption, modification and fabrication. In active attacks, the contents of the
original message are modified in some way.
Replay: This attack involves capturing a copy of the message sent by the original
sender and retransmitting it later to bring an unauthorized result.
Modification of messages:
Some portion of message is altered or the messages are delayed or recorded, to
produce an unauthorized effect.
For example, a message meaning "Allow John Smith to read confidential file
accounts" is modified to mean "Allow Fred Brown to read confidential file accounts."
Denial Of Service (DOS): attacks make an attempt to prevent legitimate users from
accessing some services, which they are eligible for. For instance, an unauthorized
user might send too many login requests to a server using random user ids one after
the other in quick succession, so as to flood the network and deny other legitimate
users from using the network facilities.
Virus One can launch an application-level attack or a network level attack using a
virus. In simple terms, a virus is a piece of program code that attaches itself to
legitimate program code and runs when the legitimate program runs. It can then
infect other programs in that computer or programs that are in other computers but
on the same network. A virus is a computer program that attaches itself to another
legitimate program and causes damage to the computer system or to the network.
Trojan Horse A Trojan horse is a hidden piece of code, like a virus. However, the
purpose of aTrojan horse is different. Whereas the main purpose of a virus is to
make some sort of modifications to the target computer or network, a Trojan horse
attempts to reveal confidential information to an attacker.
A Trojan horse allows an attacker to obtain some confidential information about a
computer or a network.
Specific Attacks
On the Internet, computers exchange messages with each other in the form of small
blocks of data, called as packets. A packet, like a postal envelope contains the actual
data to be sent and the addressing information. Attackers target these packets, as
they travel from the source computer to the destination computer over the Internet.
(b) Packet spoofing: In this technique, an attacker sends packets with a false source
address. When this happens, the receiver (i.e. the party who receives these packets
containing false address) would in advertently send replies back to this forged
address (called as spoofed address) and not to the attacker.
The attacker can use many techniques to attack the bank’s customers.
When the customer (i.e. the victim) innocently clicks on the URL specified in
the email, she is taken to the attacker’s site and not the bank’s original site.
SECURITY SERVICES
• Authentication: assures recipient that the message is from the source that it
claims to be from.
• Access Control: controls who can have access to resource under what condition
SECURITY MECHANISMS
Network Security is field in computer technology that deals with ensuring security of
computer network infrastructure. As the network is very necessary for sharing of
information whether it is at hardware level such as printer, scanner, or at software
level.
1. Encipherment :
This security mechanism deals with hiding and covering of data which helps data to
become confidential. It is achieved by applying mathematical calculations or
algorithms which reconstruct information into not readable form. It is achieved by
two famous techniques named Cryptography and Encipherment. Level of data
encryption is dependent on the algorithm used for encipherment.
2. Data Integrity :
This security mechanism is used by appending value to data to which is created by
data itself. It is similar to sending packet of information known to both sending and
receiving parties and checked before and after data is received. When this packet or
data which is appended is checked and is the same while sending and receiving data
integrity is maintained.
3. Digital Signature :
This security mechanism is achieved by adding digital data that is not visible to
eyes. It is form of electronic signature which is added by sender which is checked
by receiver electronically. This mechanism is used to preserve data which is not
more confidential but sender’s identity is to be notified.
4. Authentication exchange :
This security mechanism deals with identity to be known in communication. This is
achieved at the TCP/IP layer where two-way handshaking mechanism is used to
ensure data is sent or not
5. Traffic Padding: The insertion of bits into gaps in an information flow is known
as traffic padding. This provide to counter traffic analysis attempts.
6. Routing Control: Routing control allows selection of specific physically secure
routes for specific data transmission and enables routing changes, particularly when a
gap of security is suspected
7. Notarization :
This security mechanism involves use of trusted third party in communication. It acts
as mediator between sender and receiver so that if any chance of conflict is reduced.
This mediator keeps record of requests made by sender to receiver for later denied.
8. Access Control :
This mechanism is used to stop unattended access to data which you are sending. It
can be achieved by various techniques such as applying passwords, using firewall, or
just by adding PIN to data.
9. Bit stuffing :
This security mechanism is used to add some extra bits into data which is being
transmitted. It helps data to be checked at the receiving end and is achieved by
Even parity or Odd Parity.
A model for much of what we will be discussing is captured, in very general terms,
in Figure. A message is to be transferred from one party to another across some sort
of Internet service.
A security-related transformation on the information to be sent, Examples include the
encryption of the message, which scrambles the message so that it is unreadable by
the opponent, and the addition of a code based on the contents of the message,
which can be used to verify the identity of the sender
Some secret information shared by the two principals and, it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the
transformation to scramble the message before transmission and unscramble it on
reception.
Model for Network Security
INTRODUCTION:
Plaintext
The plaintext is the one where the unencrypted data is used as an input for the
encryption process or as the output for the decryption process. It is referred to
anything which is easy to understand by a human with a bare eye. It is quite
common and easy which is why it is known as plaintext.
Ciphertext
Ciphertext is encrypted text transformed from plaintext using an encryption
algorithm. Ciphertext can't be read until it has been converted into plaintext
(decrypted) with a key. The decryption cipher is an algorithm that transforms the
ciphertext back into plaintext.
Substitution-cipher technique:
In the substitution-cipher technique, the each characters of a plain-text message are
replaced by other characters, numbers or symbols.
There are several techniques. They are:
1) Caesar Cipher
2) Modified version of Caesar Cipher
3) Monoalphabetic Cipher
4) Homophonic Substitution Cipher
5) Polygram Substitution Cipher
6) Polyalphabetic Cipher
I. Playfair Cipher
II. Hill Cipher
1) Caesar Cipher
Proposed by Julius Caesar.
Mechanism to make a plaintext message into ciphertext message.
It replacing each letter of the alphabet with the letter standing 3 places further down
the alphabet.
Example: Replace each A with D, B with E, etc.
Note that the alphabet is wrapped around, so that the letter following Z is A. We
can define the transformation by listing all possibilities, as follows:
plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Let us assign a numerical equivalent to each letter:
Then the algorithm can be expressed as follows. For each plaintext letter p, substi-
tute the ciphertext letter C:2
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys.
Three important characteristics of this problem enabled us to use a brute-force
cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
In most networking situations, we can assume that the algorithms are known. What
generally makes brute-force cryptanalysis impractical is the use of an algorithm that
employs a large number of keys.
For example, the triple DES algorithm, makes use of a 168-bit key, giving a key
space of 2168 or greater than 3.7 * 1050 possible keys.
This means that in a given plain-text message, each A can be replaced by any other
alphabet (B through Z), each B can also be replaced by any other random alphabet
(A or C through Z), and so on. The crucial difference being, there is no relation
between the replacement of B and replacement of A. That is, if we have decided to
replace each A with B, we need not necessarily replace each B with C—we can
replace each B with any other character!
Advantages of Monoalphabetic Cipher
•Better Security than Caesar Cipher.
•Provides Encryption and Decryption to data.
•Monoalphabetic Cipher maintains a frequency of letters.
Encryption
The first letter of the plaintext is combined with the first letter of the key. The
column of plain text "J" and row of key "B" intersects the alphabet of "K" in the
vigenere table, so the first letter of ciphertext is "K".
Formula of encryption is,
Ei = (Pi + Ki) mod 26
Formula of decryption is,
Di = (Ei - Ki) mod 26
If any case (Di) value becomes negative (-ve), in this case, we will add 26 in the
negative value.
Example: The plaintext is "cryptoisshortforcryptography", and the key is "ABCD".
Encryption: Ei= (Pi+ Ki) mod 26
Key: A B C D A B C D A B C D A B C D A B C D A B C D
P: c r y p t o i s s h o r t f o r c r y p t o g r
C : C S A S T P K V S I Q U T G Q U C S A S T P I U
Decryption: Di= (Ei - Ki) mod 26
If any case (Di) value becomes negative (-ve), in this case, we will add 26 in the
negative value. Like, the third letter of the ciphertext;
Key: A B C D A B C D A B C D A B C D A B C D A B C D
C : C S A S T P K V S I Q U T G Q U C S A S T P I U
P: c r y p t o i s s h o r t f o r c r y p t o g r
i) Hill Cipher
The Hill cipher works on multiple letters at the same time.
Lester Hill invented this in 1929. The Hill cipher uses the matrix theory of
mathematics.
Encrypting with the Hill cipher is built on the following operation:
Where K is our key matrix and P is the plaintext in vector form. Matrix multiplying
these two terms produces the encrypted ciphertext. Let's do so step by step:
1. Pick a keyword to encrypt your plaintext message. Let’s work with the
random keyword “DCDF”. Convert this keyword to matrix form using your
substitution scheme to convert it to a numerical 2x2 key matrix.
2. Next, we will convert our plaintext message to vector form. Since our key
matrix is 2x2, the vector needs to be 2x1 for matrix multiplication to be
possible. In our case, our message is four letters long so we can split it into
blocks of two and then substitute to get our plaintext vectors.
3. Now, we can matrix multiply the key matrix with each 2x1 plaintext
vector, take the moduli of the resulting 2x1 vectors by 26, and concatenate
the results to get “WWVA”, the final ciphertext.
Decryption
Decrypting with the Hill cipher is built on the following operation:
D(K, C) = (K-1 *C) mod 26
Where K is our key matrix and C is the ciphertext in vector form. Matrix multiplying
the inverse of the key matrix with the ciphertext produces the decrypted plaintext.
Let's do this step by step with our ciphertext, "WWVA":
1. First, we calculate the inverse of the key matrix. In doing so, we must keep, the
result between 0-25 using modulo 26. For this reason, the Extended Euclidean
algorithm is used to find the modular multiplicative inverse of the key matrix
determinant.
2. Next, we will multiply 2x1 blocks of the ciphertext with the inverse of the key
matrix to get our original plaintext message, “CODE,” back.
For example:
Diagraph: "me"
Encrypted Text: cl
Encryption:
m -> c
e -> l
If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
For example:
Diagraph: "st"
Encrypted Text: tl
Encryption:
s -> t
t -> l
If neither of the above rules is true: Form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle.
For example:
Diagraph: "nt"
Encrypted Text: rq
Encryption:
n -> r
t -> q
For example:
Plain Text: "instrumentsz"
Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l, n -> r, t -> q, s -> t, z -> x
Vernam Cipher
Vernam Cipher is a method of encrypting alphabetic text. It is one of the
Substitution techniques for converting plain text into cipher text. In this mechanism,
we assign a number to each character of the Plain-Text, like (a = 0, b = 1, c = 2,
… z = 25).
Method to take key: In the Vernam cipher algorithm, we take a key to encrypt the
plain text whose length should be equal to the length of the plain text.
Encryption Algorithm
•Assign a number to each character of the plain text and the key according to
alphabetical order.
•Bitwise XOR both the number (Corresponding plain-text character number and Key
character number).
c i = p i ⊕ k k i
where
•Subtract the number from 26 if the resulting number is greater than or equal to 26,
if it isn’t then leave it.
Example 1:
Plain-Text: O A K
Key: S O N
O ==> 14 = 0 1 1 1 0
S ==> 18 = 1 0 0 1 0
28 - 26 = 2 ==> C
CIPHER-TEXT: C
One Time Pad algorithm is the improvement of the Vernam Cipher, proposed by An
Army Signal Corp officer, Joseph Mauborgne. It is the only available algorithm that
is unbreakable(completely secure). It is a method of encrypting alphabetic plain text.
It is one of the Substitution techniques which converts plain text into ciphertext. In
this mechanism, we assign a number to each character of the Plain-Text.
•The key is to be used to encrypt and decrypt a single message, and then it is
discarded.
So encrypting every new message requires a new key of the same length as the new
message in one-time pad.
The ciphertext generated by the One-Time pad is random, so it does not have any
statistical relation with the plain text.
input: Message = HELLO, Key = MONEY Output: Cipher – TSYPM,
Message – HELLO
Explanation:
Key — M O N E Y ==> 12 14 13 4 24
Key — M O N E Y==> 12 14 13 4 24
Message ==> H E L L O
Advantages
•One-Time Pad is the only algorithm that is truly unbreakable and can be used
for low-bandwidth channels requiring very high security(ex. for military uses).
Disadvantages
•There is the practical problem of making large quantities of random keys. Any
heavily used system might require millions of random characters on a regular basis.
•For every message to be sent, a key of equal length is needed by both sender and
2) Transposition techniques
Transposition technique is an encryption method which is achieved by
performing permutation over the plain text.
1) Rail-Fence Technique
This technique is a type of Transposition technique which involves writing the plain
text as a sequence of diagonals and then reading row-by-row to produce cipher text.
It uses a simple algorithm,
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in Step 1 as a sequence of rows.
3. Here depth=2.
Example:
Plain Text: meet me Tomorrow
Now, we will write this plain text sequence wise in a diagonal form as you can see
below:
Cipher Text: m e m t m r o e t e o o r w
Now we apply the above algorithm and create the rectangle of 4 columns (we decide
to make a rectangle with four column it can be any number.)
Now let’s decide on an order for the column as 4, 1, 3 and 2 and now we will read
the text in column-wise.
Cipher-text: LHIEEIUESSCEPWMNDLAO
Round 2:
Now, we decide to go with a previous order that is 4,1,3,2.
Cipher-text: EEENLESPICUMHISW
These multi-round columnar techniques are harder to crack as compared to methods
seen earlier.
Symmetric and asymmetric key cryptography is based on the number of keys and the
way these keys work. Let us know about both of them in details:
So, the key is used first by the sender prior to sending the message, and on the
receiver side, that key is used to decipher the encoded message.
One of the good old examples of this encryption technique is Caesar's Cipher.
Modern examples and algorithms that use the concept of symmetric key encryption
are RC4, QUAD, AES, DES, Blowfish, 3DES, etc.
Asymmetric Key Encryption
Asymmetric Encryption is another encryption method that uses two keys, which is a
new and sophisticated encryption technique. This is because it integrates two
cryptographic keys for implementing data security. These keys are termed as Public
Key and Private Key. The "public key", as the name implies, is accessible to all who
want to send an encrypted message. The other is the "private key" that is kept
secure by the owner of that public key or the one who is encrypting.Encryption of
information is done through public key first, with the help of a particular algorithm.
Then the private key, which the receiver possesses, will use to decrypt that
encrypted information. The same algorithm will be used in both encodings as well as
decoding.
The Mathematical Representation is as follows-
P=D(Kd,E(Ke,P))
where Ke –> encryption key
Kd –>decryptionkey
D –>Decryption
E(Ke, P) –>Encryption of plain text using encryption key Ke. P –>plain text
STEGANOGRAPHY
The word Steganography is derived from two Greek words- ‘stegos’ meaning ‘to
cover’ and ‘grayfia’, meaning ‘writing’, thus translating to ‘covered writing’, or
‘hidden writing’. Steganography is a method of hiding secret data, by embedding it
into an audio, video, image, or text file. It is one of the methods employed to
protect secret or sensitive data from malicious attacks.
Key Range: The key range in cryptography refers to the set of possible values that a
cryptographic key can take. It is essentially the numerical or alphanumeric space
within which keys are generated. For example, in symmetric key cryptography, the
key range may be all possible combinations of a fixed number of bits. A key range
is determined by the key length, and the larger the key range, the more secure the
cryptographic system is against brute-force attacks.
Key Size: The key size, often referred to as key length, is the number of bits used in
a cryptographic key. It directly influences the key range. The key size is a crucial
factor in determining the strength of encryption algorithms. Generally, a larger key
size means a larger key range and increased security, but it may also result in a
higher computational cost.
Cryptology has two parts namely, Cryptography which focuses on creating secret
codes and Cryptanalysis which is the study of the cryptographic algorithm and the
breaking of those secret codes. The person practicing Cryptanalysis is called a
Cryptanalyst. It helps us to better understand the cryptosystems and also helps us
improve the system by finding any weak point and thus work on the algorithm to
create a more secure secret code. For example, a Cryptanalyst might try to decipher
a ciphertext to derive the plaintext. It can help us to deduce the plaintext or the
encryption key.
•Adaptive Chosen-Plaintext Analysis (ACPA) : This attack is similar CPA. Here, the
attacker requests the cipher texts of additional plaintexts after they have
ciphertexts for some texts.
•Birthday attack: This attack exploits the probability of two or more individuals
sharing the same birthday in a group of people. In cryptography, this attack is
used to find collisions in a hash function.
•Brute-force attack: This attack involves trying every possible key until the correct
one is found. While this attack is simple to implement, it can be time-consuming
and computationally expensive, especially for longer keys.
•Differential cryptanalysis: This type of attack involves comparing pairs of
plaintexts and their corresponding ciphertexts to find patterns in the encryption
algorithm. It can be effective against block ciphers with certain properties.