Harsh Janardan Jagadale

2314510500
Cryptography and Network Security

Q1. Ciphers: A Technical Description

Ciphers are the methods of cryptic communication in order to prevent information from being
accessed by unauthorized parties. Among the oldest forms of encryption, substitution and
transposition ciphers have been around for ages. These methods form the foundation of
cryptography, which provides elegant but simple ways to secure communication.
Substitution Cipher
A substitution cipher is one where each element of the plaintext-representing letter, number,
or symbol-is replaced with another element under a fixed rule. This ensures that the original
characters are "substituted" with others so that without the key, the text cannot be read.
Substitution Ciphers
1. Caesar Cipher
The Caeser Cipher is named for Julius Caesar; every letter in a plaintext is changed by a
specific amount of positions from the alphabet, such as changing one letter by adding 3 as
follows:
Plaintext: HELLO
Ciphertext: KHOOR
Here is how H to K, E to H etc. Decoded requires reversing of the shift for the 3 spaces.
2. Monoalphabetic Cipher
In this technique, every letter in the plaintext is replaced by randomly selected alphabet letter.
For example:
Key: A to Q, B to W, C to E, D to R .
Plaintext: BAD
Ciphertext: WQE
Since every letter has a unique mapping, this cipher provides more security than the Caesar
cipher but is vulnerable to frequency analysis.
3. Polyalphabetic Cipher
This uses multiple substitution alphabets to enhance security. One famous example is the
Vigenère Cipher. A keyword is used to determine the substitution:
Plaintext: ATTACK
Key: LEMON (repeated as LEMONL)
Ciphertext: LXFOPV
Here, each letter of the plaintext is shifted by the corresponding key letter's position in the
alphabet.
Transposition Cipher
Transposition is actually different from a substitution in the sense that in transposition the
characters of the plaintext are rearranged according to some pattern but it does not substitute
the original letter. In a transposition, the stress lies on "scrambling" the original text.

Types of Transposition Ciphers

1. Rail Fence Cipher
In this method, the plaintext is written in a zigzag pattern across multiple lines and then read
row by row. For example, with 3 rails:
Plaintext: MEETMEAFTERTOMORROW
Zigzag:
M E M A T T O R
E TMAF E T O O O OW E
Ciphertext: MEMATTTOR ETMAFETOOOW
2. Columnar Transposition
In this type of transposition, the plaintext is written row by row into a fixed-width grid, which
is determined by a key, and read column by column. For example, with the key HACK:
Key order: H A C K (3,1,4,2)
Plaintext: HELLOHOWAREYOU
Grid:
HELL
OHOW
AR EY
OU
Ciphertext: LOEAHERYOHLWU
3. Route Cipher
The text is written into a grid and then read according to a pre-defined route, like spirals or
zigzags. The order in which characters are read determines the ciphertext.
Q2. AES is one of the essential parts of present day cryptography and provides excellent
security for a wide rang of applications. The use of AES is as a symmetric block cipher with
the same key for encryption and decryption. It was made to soon substitute for the older DES.
Ever since its formation, AES is widely used to secure sensitive information in our own
personal lives as well as in professional lives.
Role in Modern Cryptography
AES is one of the important components to keep digital information confidential, of integrity,
and authentic. It is used by many finance, healthcare, and government organizations to
prevent unauthorized access to sensitive data. Its flexibility and efficiency make it a first
choice for encrypting data in transit (such as emails and online transactions) and data at rest
(stored files).
Design Principles
The National Institute of Standards and Technology, which established the Advance
Encryption Standard (AES) in 2001, based it on Rijndael, a cipher developed by two Belgian
cryptographers, Vincent Rijmen and Joan Daemen. The assessment of the AES was carried
out with great scrutiny to promote better security and performance.
1. Block and Key Size: AES makes use of 128-bit blocks and is offered in 128, 192, and 256-
bit key sizes. The higher the key size, the more secure is the encryption, though at the
expense of computation.
2. SPN: Substitution-Permutation Network AES is composed of a series of substitution and
permutation operations which perform the job of confusion that obscures the relationship
between plaintext and ciphertext, and diffusion where one plaintext bit impacts parts of the
whole ciphertext. 3. Resistance to Cryptanalysis: AES is built with resistance against most
types of cryptanalysis attacks such as differential and linear cryptanalysis; therefore, it is
resilient and secure against current threats.
AES Working
AES encryption and decryption happen through several rounds of a chosen key in the input
data block. It has numerous rounds based on the size of the key - 10 for 128 bit keys, 12 for
192 bit keys, and 14 for 256 bit keys.
1. Key Expansion: The original key is expanded into a sequence of round keys using the AES
key schedule algorithm.
2. First Round: The plaintext is XORed with the first round key.
3. Rounds: Every round has four operations
SubBytes: Every byte is substituted by using a pre-defined substitution box (S-box).
ShiftRows: The rows of the block shift cyclically to the left.
MixColumns: Column mixing through an arithmetic operation for spreading the byte
influence.
AddRoundKey: The block gets XORed by the round key.
4. Final Round: The main rounds but minus the MixColumns step
Applications
AES is part of many cryptographic protocols and systems:
SSL and TLS protocols for secure web browsing.
Disk encryption tools like BitLocker and FileVault for protecting stored data.
Wi-Fi security protocols like WPA2 and WPA3 for safeguarding wireless communication.
Examples include EMV chip cards and electronic transactions as mechanisms of payment.

Q3. The RSA algorithm is one of the most widely used public key cryptographic systems,
known for its role in securing communications over the internet. Developed in 1977 by Ron
Rivest, Adi Shamir, and Leonard Adleman, it is based on the mathematical challenge of
factoring large prime numbers. RSA is foundational to modern cryptography due to its
balance of security and practicality.
Role in Public Key Cryptography
RSA operates within the framework of asymmetric encryption, where two keys—a public key
and a private key—are used. The public key is shared openly for encrypting data, while the
private key, known only to the recipient, is used for decryption. This separation of keys
eliminates the need for secure key exchanges, which is a limitation in symmetric
cryptography. RSA is commonly used in secure data transmission, digital signatures, and
certificate generation, ensuring confidentiality, authenticity, and integrity.
The Algorithm in Detail
The RSA algorithm relies on three core processes: key generation, encryption, and
decryption. Its strength lies in the difficulty of factoring large numbers into their prime
components, a task that is computationally intensive for modern systems when the numbers
involved are sufficiently large.
Key Generation
Select two large prime numbers, pp and qq, ensuring they remain secret.
Compute nn, the product of pp and qq, which will serve as the modulus for both the public
and private keys:
n=p×qn = p \times q.
Calculate the totient ϕ(n)\phi(n), defined as ϕ(n)=(p−1)×(q−1)\phi(n) = (p-1) \times (q-1).
This represents the number of integers less than nn that are coprime with nn.
Choose a public exponent ee such that 1<e<ϕ(n)1 < e < \phi(n), and ee is coprime with
ϕ(n)\phi(n). Commonly, e=65537e = 65537 is selected for efficiency.
Compute the private key dd, which is the modular multiplicative inverse of ee modulo
ϕ(n)\phi(n). This ensures that d×e≡1mod ϕ(n)d \times e \equiv 1 \mod \phi(n).
The public key consists of (n,e)(n, e), while the private key is dd.
Encryption
To encrypt a message, it is first converted into an integer mm such that 0≤m<n0 \leq m < n.
The ciphertext cc is then computed using the public key:
c≡memod nc \equiv m^e \mod n.
Decryption
The recipient uses their private key dd to recover the original message mm from the
ciphertext cc:
m≡cdmod nm \equiv c^d \mod n.
Applications
RSA is extensively used in securing web communications through protocols like HTTPS,
where it facilitates key exchange in Transport Layer Security (TLS). It is also integral to
digital signatures, ensuring the authenticity of electronic documents and emails. RSA
supports data encryption in secure messaging apps and payment systems, providing a reliable
method to protect sensitive information.
Significance
The RSA algorithm's asymmetric design addresses major security concerns of symmetric
encryption by eliminating the need to share private keys over potentially insecure channels.
Its reliance on mathematical principles ensures robust protection against attacks when large
key sizes are used. While advances in quantum computing pose a potential challenge to RSA,
it remains a critical tool in cryptographic systems today, safeguarding digital interactions
worldwide.

Q4. Public key cryptography indicates the need for public key distribution. Users have to
distribute public keys securely to others for use in key establishment, digital signatures, or
any other area of cryptography. Since public keys can be distributed publicly, emphasis is on
integrity and authenticity to prevent an attacker from introducing a valid key in an
unauthorized manner.
Public Key Distribution Importance
In public key cryptography, every party has a pair of keys. The public key can be widely
distributed; the private key is to be kept secret. The distribution mechanism allows the users
to make sure that distributing public keys provides trust and security. A broken distribution
mechanism might lead to man-in-the-middle attacks where the adversary intercepts and
replaces the public keys with the aim to decrypt or alter sensitive data.
Methods of Public Key Distribution
1. Public Key Infrastructure (PKI)
PKI is the most common framework for distributing public keys. PKI depends on trusted
third parties, referred to as Certificate Authorities (CAs), that verify and issue certificates for
public keys.
A user generates a key pair and submits the public key to a CA along with some proof of
identity.
CA verifies the identity and issues a digital certificate, which contains the public key, the
identity of the user, and the signature of the CA
The recipient can check the certificate against the public key of the CA to verify if the public
key indeed belongs to the user who is intended to use it.
PKI is widely deployed in applications like HTTPS, which use certificates to identify sites.
2. Key Directories
Key directories. A key directory is a central database where users can place their public keys.
The directories, as maintained by trusted entities, contain only authentic, non-tampered keys.
Users submit their public keys along with their identification.
Others query the directory to obtain the public key belonging to a specific user.
Access control mechanisms and digital signatures ensure integrity of keys in the directory.
This is useful in an organizational setting, where employees may need to share public keys
within a controlled environment.
3. Web of Trust
This is a decentralized approach to public key distribution and is generally associated with
PGP. The system works on the principle of trusting each user to authenticate other users'
public keys. Users will sign the public keys of other people they trust in order to build a web
of trust.
Recipients can determine whether a key is authentic by following a chain of trust that leads to
the key.
Practical for smaller-size groups, however, in a large environment it is very confusing to
handle and maintain the web of trust.
4. Key Exchange Protocols
Protocols such as Diffie-Hellman and elliptic curve Diffie-Hellman allow for secure
exchange of keys over an insecure channel. The above methods focus on distribution of
session key rather than the public key, but may supplement the mechanisms of public key
distribution in order to form secure channels of communication.
Public Key Distribution Challenges
Authenticity :The major issue here is that the public key is supposed to be belonging to the
supposed owner.
Scalability: The public key management in large systems with an enormous number of public
keys and associated certificates is very complex. If a private key is compromised, then its
associated public key has to be revoked. For this, there should be an efficient mechanism like
CRL or OCSP.
Secure communications are founded upon public key distribution, and that is central to the
functioning of a significant amount of the current modern cryptographic schemes.

Q5. A VPN is essentially a technology offering private, confidential communications over an

unsecured public network, typically the internet. This is achieved through encryption of
information, masking of IP addresses, and offering a secure "tunnel" between a user's
equipment and a destination server. VPNs are generally used for privacy bypass,
circumventing geo-restrictions, and security to access the internet.
How VPNs Work
When connected to VPN, a user's device will create a secure connection with a VPN server.
All data that transmits from this server to the client is, in fact, encrypted, which leaves
hackers or internet providers unable to figure out what's being transmitted, and one cannot
intercept, hack, or simply read it. The VPN server also assigns the user a new IP address,
which conceals a real location and, therefore, offers anonymity.
Types of VPN
There are several types of VPNs, each suited to specific use cases and requirements. The
most popular among the types are the following: 1. Remote Access VPN
This kind of VPN lets people safely dial into a private network from somewhere else. The
most typical application is the one that grants employees working remotely or traveling
secure access to corporate resources. Corporate resources include files, applications, and
email servers accessed over the internet. Example: An employee accessing his office network
by using a VPN client from some other location.
- Features: Encryption, authentication, and secure access to private resources.
2. Site-to-Site VPN Site-to-site VPNs, also known as router-to-router VPNs, are used to
connect two or more networks securely. They are widely used by organizations with multiple
branch offices to ensure seamless and secure communication between their networks.
Example: A company's headquarters network connecting to a branch office network via a
VPN.
Features: Secure inter-network communication and resource sharing.
3. Client-to-Site VPN
This type is much like the remote access VPNs but is most often used in large organizations,
where users access the company network. For creating the connection, special VPN client
software is installed on the user's device. Example: Employees use a VPN client to access
their organization's internal network in a secure way.
Features: Centralized management and highly scalable.
4. SSL/TLS VPN SSL/TLS VPN enables users to remotely connect to a VPN through any
standard web browser without requiring specific software. It operates with the use of
SSL/TLS for encryption protocol, and hence it is often used by web-based applications.
Example: An employee securely accessing a company's web portal via an SSL VPN.
Characteristics: Easy to use and supported by most devices.
5. Mobile VPN
Mobile VPNs are for users who require secure access while on the move. They establish a
persistent connection even as the user changes from one network to another, be it Wi-Fi,
cellular, or public hotspots. Example: A field worker using a mobile VPN to access secure
company data while traveling.
Characteristics: Session persistence and mobility.
6. Cloud VPN
Cloud VPNs are also known as virtual cloud network (VCN) VPNs. Cloud VPNs enable
secure access to cloud-based resources. Businesses that use cloud infrastructure for storage
and applications make extensive use of cloud VPNs.
Example: Accessing a company's cloud-based resources via a VPN.
It features scalability, reliability, and integration with cloud services.
VPN technology is a very important area that ensures privacy, security, and access to
information without any form of restrictions.

Q6. Intrusion Techniques

Intrusion techniques are the processes and the strategies used by the cyber attackers for
accessing an unauthorized network, system, or an application. The aim of such techniques is
to exploit weaknesses and therefore to obtain sensitive data, to disrupt services or inherit
control of the attacked system. Intrusions also continually change as attackers adjust to new
technology and defense solutions. These tactics can be grouped in a wide spectrum,
including, e.g., network-based, host-based, or application-based attacks.
Common intrusion techniques include: Common intrusion techniques include:
1. Phishing
Phishing is a technique whereby an attacker manipulates a person so as to disclose sensitive
information, such as usernames, passwords or a credit card number, by pretending to be a
legitimate entity. This is usually done through deceptive emails or websites that appear
legitimate.
2. SQL Injection
SQL injection occurs when an attacker injects malicious SQL code into an input field of a
vulnerable web application, thereby enabling them to take control of the underlying database
and retrieve or modify confidential data.
3. Man-in-the-Middle (MITM) Attacks
MITM attacks consist in intercepting and manipulating a communication channel between
two subjects who are unaware of it. It is commonly achieved by taking advantage of
vulnerable networks, like public Wi-Fi, to intercept communication between users and
servers.
4. Denial of Service (DoS) Attacks
A DoS attack aims to overwhelm a system, network, or website with excessive traffic,
rendering it inoperable. A Distributed Denial of Service (DDoS) attack further exacerbates
this by launching a targeted attack with the help of numerous compromised devices,
overwhelming the victim with traffic.
5. Malware
Malware represents whatever software is to inflict damage on a system and/or network.
Malware includes viruses, worms, ransomware, and spyware that can be used to exfiltrate
data, encrypt files, and gain control over infected systems.
6. Brute Force Attacks
In a brute force attack, attackers attempt to guess passwords by systematically trying all
possible combinations until the correct one is found. This method may be especially useful in
evaluating use of weak or frequently used passwords.

Types of Firewalls
A firewall is a security system designed to monitor and control incoming and outgoing
network traffic based on predetermined security rules. Firewalls are generally employed to
prevent unauthorized access, data misuse, and other cyber attacks into a network. The types
can be grouped according to function and deployment, respectively.
1. Packet-Filtering Firewalls
Packet-filtering firewalls are simplest class and operate at the network layer. They check
every piece of information transmitted through the firewall and permit or deny it according to
other criteria, such as IP address, port number, and protocol type. Although relatively simple
and effective, they do not analyze packet content, and are thus susceptible to more advanced
attacks.
2. Stateful Inspection Firewalls
Stateful inference firewalls keep track of the state of an established connection and decides
using not only the fixed rules but also traffic context. They offer increased security than
packet-filtering firewalls, as they keep a record of the session and allow incoming packets to
go through only when they are a component of an established connection.
3. Proxy Firewalls
Proxy firewalls are operating mediators between a client and the server by forwarding
requests and responses. They minutely scrutinise the traffic and add another security level
because they are not allowing access to the network per se. Proxy firewalls can also be run at
the application level and are able to filter traffic by more selective rules such as application
protocols.
4. Next-Generation Firewalls (NGFW)
NGFWs fuse conventional firewall functionalities with state-of-the-art functionalities,
including deep packet inspection (DPI), intrusion detection and prevention (IDP), and
application layer filtering. NGFWs are built to mitigate current security needs, and they offer
an umbrella of protection against more advanced threats such as malware, encrypted traffic,
and application-level attacks, among others.
5. Web Application Firewalls (WAF)
A WAF is tailored to shield web applications against attacks such a SQL injection, cross site
scripting (XSS), and so on. WAFs are run at the application layer on the HTTP/HTTPS traffic
and can identify and block attacks that aim at web applications.
6. Distributed Firewalls
Distributed firewalls are prepared for contemporary, large scale networks, in particular those
that are being attached to the cloud or remote access. They are usually software-based
firewalls, which are run across a number of different network segments or devices, which
provide more flexible and scalable firewaling protection.
Different types offer varying degrees of protection and are dependent on the security needs
and network situation, and frequently, organizations employ a series of firewalls in a multi-
layered defense.