COSF 312 – FUNDAMENTALS OF CYRPTOGRAPHY AND STEGANOGRAPHY.

CAT 1
BSCSF/M/2949/09/18 – CHRISPINE OSEWE

1. Describe the four core elements involved in the cryptographic process of

transforming data into an unreadable form.
- Transforming data into unreadable format in cryptography involves a number of
elements, namely;
- Plaintext – the original form of the message to be sent. Can either be text, audio
or image.
- Encryption and decryption algorithm – mathematical formula used to encrypt and
decrypt the message.
- Key – a string of bits or values used in the encryption and decryption of the
cipher text.
- Ciphertext – this is the un-readable format of the message. The message is
encrypted and thus cannot be understood without decryption.
2. Differentiate between Steganography and Cryptography?
- CRYPTOGRAPHY is also known as secret writing, in that the message is
converted to ciphertext and is decrypted by the receiver. The structure of the data
is usually altered. Whereas in STEGANOGRAPHY, which is also known as
hidden writing, is a method in which a secret message is hidden in a cover media.
Mostly in graphic medias. The structure of the data is not altered.

b. How can Steganography be used in computer security?

- Steganography can be used to conceal sensitive information that is meant to be

secret

- steganography can be used to deceive attackers who might be having ill

intentions.

- Steganography can be used to administer attacks i.e. using power shell and
BASH Scripts to automate attacks.

c. What are two limitations of Steganography as a security tool?

- Detection challenges – advanced detection methods and tools have

Reduced steganography’s effectiveness.

 - Limited capacity – the amount of data that can be hidden within a cover
Medium is limited. Embedding too much data may distort the image thus
making it noticeable.
3. Describe two different implementations used to ensure data integrity and
explain the role of each.
- HASH functions – cryptographic functions such as SHA-256 or MD5 generate
fixed size hash values for input data and any change to the data results in a
significantly different hash.
- DIGITAL signatures – using asymmetric cryptography, a sender can sign data
with their private key and the recipient can verify the signature using the sender’s
public key. It ensures both integrity and authentication.
4. Explain the concept of non-repudiation and how it is achieved in
cryptography
- Non-repudiation is like an assurance that someone cannot deny the validity of
their own actions or authenticity of a transaction. In cryptography, it is achieved
through digital signatures. This involves the use of asymmetric key pairs: a
private key for generating and signing and a corresponding public key for
verification.
5. Explain one advantage and one disadvantage of each encryption method
- Symmetric encryption – it is simple since it involves the use of only one key for
both encryption and decryption, thus simple to manage. HOWEVER, Key
distribution is a major issue. If during the key transmission process, it was
intercepted and altered, it might not be easy to detect, thus also lack of
authenticity.
- Asymmetric encryption – this encryption method ensures authenticity and
integrity to the data. Digital signatures provide a way to authenticate the sender
and verify integrity of the message. HOWEVER, the encryption method is
computationally complex and thus may pose a challenge in large scale data
encryption and real-time communication.
6. Differentiate between symmetric and asymmetric encryption in terms of key
usage
- The main difference between symmetric and asymmetric encryption is that in
symmetric encryption a single key is shared for both encryption and decryption,
WHEREAS, in asymmetric encryption a pair of keys is involved. A public key
for encryption and private key for decryption.
CRYPTOGRAPHY AND STEGANOGRAPHY
BSCSF/M/2949/09/18 – CHRISPINE OSEWE
CAT 2
1. Describe two common techniques used in Steganography for hiding data in
images
- LSB (Least Significant bit) – embedding data by replacing the least
significant bit of the pixel values with the secret message bits.
- Edge-based Technique – embedding the data along the edges or regions
with higher visual resolution or complexity since it is less likely to be
detected there.
2. Explain two ethical considerations surrounding the use of Steganography.
- Privacy concerns – steganography respects individual rights to privacy,
however, sometimes information is hidden for malicious intentions.
- Criminal intent – one can use steganography to deliberately hide
communication related to an illegal activity.
3. Explain what encryption is and state its three primary objectives
- Encryption is the process of converting data (plaintext/readable format of
data) into an un-readable format (ciphertext) using an algorithm and a
secret key and its three primary objectives are; Data integrity, Data
confidentiality and Data authenticity.
4. In an RSA encryption primes p=11 and q=3.
- (A). Compute n and phi
- To get n = q * p
- So q*p = 11*3 = 33
- n = 33.
- To get phi of n
- Phi(n)=(p-1) *(q-1)
- = (11-1) *(3-1)
- Phi(n)=20
- N = 33 and phi(n) = 20
- (B). Identify a suitable ‘e’
- 1 < e < phi(n)
- Gcd (3,20) = 1 – valid
- Gcd (7,20) = 1 – valid
 - Gcd (11,20) = 1 – valid
- All the values 3,7 and 11 can be the ‘e’ so for my case, I choose my ‘e’ to
be =3
- e=3
- (C) Compute ‘d’.
- D = e-1C mod phi(n)
- D = 3-1 mod 20
- 3*7=21=1 mod 20
- D=7
- (D) state the private and the public key.
- The public key is ‘e’ = 3
- The private key is ‘d’ = 7
5. Given the hill cipher key K = 3 3, 2 5 mod 26 determine the decipherment
key hence decipher the message HIAT to obtain the plain text.
- Decryption= P =K-1C mod 26
- K=1/detK*adjK
- detK= (3*5) – (3*2)
- detK=9
- adjK= 5 -3, -2 3
- 1/9 * (5 -3), (-2 3) mod 26
- 3 (5 23) (24 3) mod 26
- (15 69) (72 9) mod 26
- (15 17) (20 9)
- HI (7,8) * (15 17) (20 9) mod 26
- (7,4)
- AT (0 19) * (15 17) (20 9) mod 26
- (11,15)
- 7=H
- 4=E
- 11=L
- 15=P
- HIAT – HELP
6. Describe the following based on block size, key size, and security claims.
- RC5 – RIVEST cipher 5 is a key block cipher designed by Ron rivest
 - Block-size – has a variable block size that is determined by the word size.
Which is a multiple of 32 bits. Blocks can either be of 32, 64 or 128 bits.
- KEY size – supports variable key sizes. The key size is determined by the
number of bytes in the key.
- Security – RC5 security is related to the number of rounds used in the
algorithm.
- RC2 – RIVEST cipher 2 – also designed by Ron rivest.
- Block-size – has a fixed block size of 64 bits, meaning that the cipher
processes data in blocks of 64 bits during encryption and decryption/
- KEY size – RC2 supports a variable key sizes
- Security – it has vulnerabilities in the key set up process.
7. Describe two benefits and two limitations of using the DES algorithm today.
Benefits.
- Legacy systems compatibility; can be used in situations where
interoperability with legacy systems or older hardware supports DES
encryption only.
- Educational reasons; helps students understand the basics of block
ciphers and cryptographic concepts.
Limitations.
- Small key size – has a fixed key size of 56 bits, which is considered too
small by today’s standards.
- Vulnerable to brute force attacks – Due to the advancement in
technology, DES can be broken through brute force attack with a
reasonable amount of time.
- Limited block size of 64 bits.