CHMM COLLEGE ,VARKALA

INFORMATION SECURITY

Module I: Introduction: Computer Security

• Computer security refers to protecting and securing computers and their related
data, networks, software, hardware from unauthorized access, theft, information
loss, and other security issues.
• Computer security is security applied to computing devices such as computers and
smartphones, as well as computer networks such as private and public networks,
including the whole Internet.
• It includes physical security to prevent theft of equipment, to protect the data on
that equipment.

Types of computer security

Computer security can be classified into four types:

1. Cyber Security: Cyber security means securing our computers, electronic devices,
networks, programs, systems from cyber attacks.
2. Information Security: Information security means protecting our system‟s
information from theft, illegal use and piracy from unauthorized use. Information security
has mainly three objectives: confidentiality, integrity, and availability of information.
3. Application Security: Application security means securing our applications and data
so that they don‟t get hacked and also the databases of the applications remain safe and
private to the owner itself so that user‟s data remains confidential.
4. Network Security: Network security means securing a network and protecting the
user‟s information about who is connected through that network. Computer facilities have
been physically protected for three reasons:

• To prevent theft of or damage to the hardware

• To prevent theft of or damage to the information
• To prevent disruption of service

Three key objectives of computer security:

 CHMM COLLEGE ,VARKALA

1. Confidentiality: This term covers two related concepts:

Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
2. Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
3. Availability: Assures that systems work promptly and service is not denied to
authorized users.

These three concepts form what is often referred to as the CIA triad
 CHMM COLLEGE ,VARKALA

SECURITY ATTACKS

A security attack is an activity or act made upon a system with the goal to obtain
unauthorized access to information or resources. It is usually carried out by evading
security policies that are in place in organizations or individual devices.
We can classify security attacks into two groups to facilitate the study:

• Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted.
• Does not affect the system resources.
• Passive attacks are very difficult to detect, because they do not involve any alteration of
the data.
• Types of passive attacks are:

Eavesdropping Attack

• The goal of an eavesdropping attack is to steal data sent between two devices
connected to the internet. Eavesdropping includes traffic analysis.
• An eavesdropping attack occurs when attackers introduce a software package into the
network channel to record future network data for research purposes.
 CHMM COLLEGE ,VARKALA

Release of Messages

• The attackers use a virus or malware to install a program on the device to monitor the
device's operations, such as text messages, emails, or any transmitted files that include
personal data and information. The attackers will use the data to gain access to the
device or network.

Traffic Analysis Attack

A traffic analysis attack occurs when a hacker attempts to access the same network as you
to listen to all of your network communication. The hacker can then examine that traffic
to learn more about you or your firm.

• Active attacks: The goal is to affect system resources.

• Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay,
modification of messages, and denial of service.
• A masquerade takes place when one entity pretends to be a different entity.
• Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.
 CHMM COLLEGE ,VARKALA

• Modification of messages simply means that some portion of a legitimate message

is altered, or that messages are delayed or reordered, to produce an unauthorized
effect.
• For example, a message meaning “Allow John Smith to read confidential file
accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
• The denial of service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for example, an
entity may suppress all messages directed to a particular destination

SECURITY SERVICES:

• X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or
of data transfers.
• Security services implement security policies and are implemented by security
mechanisms.
• Confidentiality: Confidentiality is the protection of transmitted data from passive
attacks. It is used to prevent the disclosure of information to unauthorized individuals
or systems. It has been defined as “ensuring that information is accessible only to
those authorized to have access”. The other aspect of confidentiality is the protection
of traffic flow from analysis. Ex: A credit card number has to be secured during online
transaction.
• Authentication: The assurance that the communicating entity is the one that it claims
to be.
• Two specific authentication services defines in X.800 are:
❖ Peer entity authentication: Verifies the identities of the peer entities
involved in communication. Provides use at time of connection
establishment and during data transmission. Provides confidence against a
masquerade or a replay attack.
❖ Data origin authentication: Assumes the authenticity of source of data
unit, but does not provide protection against duplication or modification of
data units. Supports applications like electronic mail, where no prior
interactions take place between communicating entities.
 CHMM COLLEGE ,VARKALA

• Integrity: The assurance that data received are exactly as sent by an authorized entity
(i.e., contain no modification, insertion, deletion, or replay).
• Two types of integrity services are available. They are:
❖ Connection-Oriented Integrity Service: This service deals with a stream of
messages, assures that messages are received as sent, with no duplication,
insertion, modification, reordering or replays. Destruction of data is also
covered here.
❖ Connectionless-Oriented Integrity Service: It deals with individual messages
regardless of larger context, providing protection against message
modification only.
• An integrity service can be applied with or without recovery. Because it is related to
active attacks, major concern will be detection rather than prevention. If a violation is
detected and the service reports it, either human intervention or automated recovery
machines are required to recover.
• Non-repudiation: Non-repudiation prevents either sender or receiver from denying
a transmitted message. This capability is crucial to e-commerce. Without it
an individual or entity can deny that he, she or it is responsible for a transaction,
therefore not financially liable.
• Access Control: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur,
and what those accessing the resource are allowed to do)
• It is the ability to limit and control the access to host systems and applications via
communication links. For this, each entity trying to gain access must first be identified
or authenticated, so that access rights can be tailored to the individuals.
• Availability: It is defined to be the property of a system or a system resource being
accessible and usable upon demand by an authorized system entity. The availability
can significantly be affected by a variety of attacks, some amenable to automated
counter measures i.e authentication and encryption and others need some sort of
physical action to prevent or recover from loss of availability of elements of a
distributed system.

SECURITY TECHNIQUES/SECURITY MECHANISMS:

 CHMM COLLEGE ,VARKALA

• Security mechanisms are divided into those implemented in a specific protocol layer
and those that are not specific to any particular protocol layer or security service.
• X.800 also differentiates reversible & irreversible encipherment mechanisms.
• A reversible encipherment mechanism is simply an encryption algorithm that
allows data to be encrypted and subsequently decrypted, whereas irreversible
encipherment include hash algorithms and message authentication codes.

SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol

layer in order to provide some of the OSI security services.

• Encipherment: The use of mathematical algorithms to transform data into a form

that is not readily intelligible. The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
• Digital Signature: Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the recipient).
• Access Control: A variety of mechanisms that enforce access rights to resources.
• Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
• Authentication Exchange: A mechanism intended to ensure the identity of an entity
by means of information exchange.
• Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
• Routing Control: Enables selection of particular physically secure routes for certain
data and allows routing changes, especially when a breach of security is suspected.
• Notarization: The use of a trusted third party to assure certain properties of a data
exchange.

PERVASIVE SECURITY MECHANISMS

Mechanisms that is not specific to any particular OSI security service or protocol layer.

• Trusted Functionality: That which is perceived to be correct with respect to some

criteria (e.g., as established by a security policy).
 CHMM COLLEGE ,VARKALA

• Security Label: The marking bound to a resource (which may be a data unit) that
names or designates the security attributes of that resource.
• Event Detection: Detection of security-relevant events.
• Security Audit Trail: Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of system records and
activities.
• Security Recovery: Deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions

NETWORK SECURITY MODEL

• Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place.
• A logical information channel is established by defining a route through the internet
from source to destination by use of communication protocols by the two parties.
• Whenever an opponent presents a threat to confidentiality, authenticity of
information, security aspects come into play.
• Two components are present in almost all the security providing techniques.
• A security-related transformation on the information to be sent making it unreadable
by the opponent, and the addition of a code based on the contents of the message,
used to verify the identity of sender.
 UIT Mukhathala - 2024

Some secret information shared by the two principals and, it is hoped, unknown to the
opponent.

• An example is an encryption key used in conjunction with the transformation to

scramble the message before transmission and unscramble it on reception.
• A trusted third party may be needed to achieve secure transmission.
• It is responsible for distributing the secret information to the two parties, while keeping
it away from any opponent.
• It also may be needed to settle disputes between the two parties regarding
authenticity of a message transmission.
• The general model shows that there are four basic tasks in designing a particular
security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose
 UIT Mukhathala - 2024

2. Generate the secret information to be used with the algorithm

3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service Various
other threats to information system like unwanted access still exist.
The existence of hackers attempting to penetrate systems accessible over a network
remains a concern.
• Another threat is placement of some logic in computer system affecting various
applications and utility programs.
• This inserted code presents two kinds of threats.
• Information access threats intercept or modify data on behalf of users who should not
have access to that data Service threats exploit service flaws in computers to inhibit
use by legitimate users.
• Viruses and worms are two examples of software attacks inserted into the system by
means of a disk or also across the network.

• The security mechanisms needed to cope with unwanted access fall into two broad
categories.
• The first category might be termed a gatekeeper function. It includes password-
based login procedures that are designed to deny access to all but authorized users
and screening logic that is designed to detect and reject worms, viruses, and other
similar attacks.
 UIT Mukhathala - 2024

• Once either an unwanted user or unwanted software gains access, the second line of
defense consists of a variety of internal controls that monitor activity and analyze
stored information in an attempt to detect the presence of unwanted intruders.

BASIC NETWORK SECURITY TERMINOLOGIES

• CIPHER TEXT - the coded message

• CIPHER - algorithm for transforming plaintext to ciphertext
• KEY - info used in cipher known only to sender/receiver
• ENCIPHER (ENCRYPT) - converting plaintext to ciphertext
DECIPHER (DECRYPT) - recovering ciphertext from plaintext
• CRYPTOGRAPHY - study of encryption principles/methods
• CRYPTANALYSIS (CODEBREAKING) - the study of principles/ methods of
deciphering ciphertext without knowing key
• CRYPTOLOGY - the field of both cryptography and cryptanalysis

CRYPTOGRAPHY:

Cryptography is technique of securing information and communications through use of

codes to protect data and communications so only the intended receivers can decode
and understand them. Thus restricting access to information from outside parties."Crypto"
indicates "hidden," and "graphy" indicates "writing," respectively.

Cryptographic systems are generally classified along 3 independent dimensions:

1. Type of operations used for transforming plain text to cipher text. All the
encryption algorithms are based on two general principles: substitution, in which
each element in the plaintext is mapped into another element, and transposition,
in which elements in the plaintext are rearranged.
2. The number of keys used. If the sender and receiver uses same key then it is said
to be symmetric key (or) single key (or) conventional encryption. If the sender
and receiver use different keys then it is said to be public key encryption.
 UIT Mukhathala - 2024

3. The way in which the plain text is processed. A block cipher processes the input
and block of elements at a time, producing output block for each input block. A
stream cipher processes the input elements continuously, producing output
element one at a time, as it goes along.

SYMMETRIC CIPHER MODEL

A symmetric encryption scheme has five ingredients:

1. Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various substitutions
and transformations on the plaintext.
 UIT Mukhathala - 2024

3. Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message, two different keys will produce two different cipher
texts. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
5. Decryption algorithm: This is essentially the encryption algorithm run in reverse.
It takes the ciphertext and the secret key and produces the original plaintext.

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the

algorithm to be such that an opponent who knows the algorithm and has access to
one or more ciphertexts would be unable to decipher the ciphertext or figure out the
key.This requirement is usually stated in a stronger form:The opponent should be
unable to decrypt ciphertext or discover the key even if he or she is in possession of a
number of ciphertexts together with the plaintext that produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure. If someone can discover the key and knows the
algorithm, all communication using this key is readable.
 UIT Mukhathala - 2024

CRYPTANALYSIS AND BRUTE FORCE ATTACK

Cryptology has two parts namely, Cryptography which focuses on creating secret codes
and Cryptanalysis which is the study of the cryptographic algorithm and the breaking of
those secret codes. The person practicing Cryptanalysis is called a Cryptanalyst. The
objective of attacking an encryption system is to recover the key in use rather than simply
to recover the plaintext of a single ciphertext. There are two general approaches to
attacking a conventional encryption scheme:

• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample
plaintext–ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
• Brute-force attack: The attacker tries every possible key on a piece of ciphertext until
an intelligible translation into plaintext is obtained.

CLASSICAL ENCRYPTION TECHNIQUES

There are two basic building blocks of all encryption techniques: substitution and transposition.

SUBSTITUTION TECHNIQUES

A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with cipher text bit patterns.

1. Monoalphabetic Cipher

A monoalphabetic cipher is any cipher in which the letters of the plain text are mapped
to cipher text letters based on a single alphabetic key. Examples of monoalphabetic
ciphers would include the Caesar-shift cipher, where each letter is shifted based on a
numeric key, and the atbash cipher, where each letter is mapped to the letter symmetric
to it about the center of the alphabet.

2. Caesar cipher (or) shift cipher:

 UIT Mukhathala - 2024

The earliest known use of a substitution cipher and the simplest was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing 3
places further down the alphabet.

e.g., Plain text : pay more money

Cipher text: SDB PRUH PRQHB

Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟. For each plaintext letter
p, substitute the cipher text letter c such that C =

E(p) = (p+3) mod 26

A shift may be any amount, so that general Caesar algorithm is C = E (p) = (p+k) mod
26. Where k takes on a value in the range 1 to 25. The decryption algorithm is simply P
= D(C) = (C-k) mod 26

3. Playfair cipher

The best known multiple letter encryption cipher is the playfair, which treats digrams in
the plaintext as single units and translates these units into cipher text digrams. The playfair
algorithm is based on the use of 5x5 matrix of letters constructed using a keyword. Let
the keyword be „monarchy‟. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in
the remainder of the matrix with the remaining letters in alphabetical order.
 UIT Mukhathala - 2024

• The letter „i‟ and „j‟ count as one letter. Plaintext is encrypted two letters at a time
according to the following rules:
• Repeating plaintext letters that would fall in the same pair are separated with a filler
letter such as „x‟.
• Plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row following the last.
• Plaintext letters that fall in the same column are replaced by the letter beneath, with
the top element of the column following the last.
• Otherwise, each plaintext letter is replaced by the letter that lies in its own row and the
column occupied by the other plaintext letter.
• Plaintext = meet me at the school house
• Splitting two letters as a unit => me et me at th es ch ox ol ho us ex Corresponding
cipher text => CL KL CL RS PD IL HY AV MP HF XL IU
Strength of playfair cipher
• Playfair cipher is a great advance over simple mono alphabetic ciphers.
• Since there are 26 letters, 26x26 = 676 diagrams are possible, so identification of individual
digram is more difficult.
4. HILL CIPHER

Hill cipher is a polygraphic substitution cipher based on linear algebra. Each letter is
represented by a number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is
used, but this is not an essential feature of the cipher. To encrypt a message, each block
of n letters (considered as an n-component vector) is multiplied by an invertible n × n
matrix, against modulus 26. To decrypt the message, each block is multiplied by the
inverse of the matrix used for encryption. The matrix used for encryption is the cipher key,
and it should be chosen randomly from the set of invertible n × n matrices
(modulo 26).
Encryption:

E(K, P) = (K * P) mod 26
 UIT Mukhathala - 2024

Where K is the key matrix and P is plain text in vector form. Matrix multiplication of K and P
generates the encrypted ciphertext.

Steps For Encryption

Step 1: Let's say our key text (2x2) is DCDF. Convert this key using a substitution scheme into a
2x2 key matrix as shown below:

Step 2: Now, we will convert our plain text into vector form. Since the key matrix is 2x2,
the vector must be 2x1 for matrix multiplication. (Suppose the key matrix is 3x3, a vector
will be a 3x1 matrix.)

In our case, plain text is TEXT that is four letters long word; thus we can put in a 2x1 vector and
then substitute as:

Step 3: Multiply the key matrix with each 2x1 plain text vector, and take the modulo of
result (2x1 vectors) by 26. Then concatenate the results, and we get the encrypted or
ciphertext as RGWL.
 UIT Mukhathala - 2024

5. Polyalphabetic ciphers
Another way to improve on the simple monoalphabetic technique is to use different
monoalphabetic substitutions as one proceeds through the plaintext message. The
general name for this approach is polyalphabetic cipher. All the techniques have the
following features in common.

• A set of related monoalphabetic substitution rules are used

• A key determines which particular rule is chosen for a given transformation.
6. One-time Pad

It is an unbreakable cryptosystem. It represents the message as a sequence of 0s and 1s.

this can be accomplished by writing all numbers in binary, for example, or by using ASCII.
The key is a random sequence of 0‟s and 1‟s of same length as the message.

Once a key is used, it is discarded and never used again. The system can be expressed as follows:

Thus the cipher text is generated by performing the bitwise XOR of the plaintext and
the key. Decryption uses the same key. Because of the properties of XOR, decryption
simply involves the same bitwise operation:
 UIT Mukhathala - 2024

TRANSPOSITION TECHNIQUES

Transposition Cipher is a cryptographic algorithm where the order of alphabets in the plaintext is
rearranged to form a cipher text.
A simple example for a transposition cipher is columnar transposition cipher where each
character in the plain text is written horizontally with specified alphabet width. The cipher
is written vertically, which creates an entirely different cipher text.

Consider the plain text hello world, and let us apply the simple columnar transposition technique as
shown below

The plain text characters are placed horizontally and the cipher text is created with vertical format
as: holewdlo lr.

STEGANOGRAPHY

A steganography is the technique of hiding sensitive information within an ordinary, non-

secret file or message, so that it will not be detected. The sensitive information will then
be extracted from the ordinary file or message at its destination, thus avoiding detection.
Steganography is an additional step that can be used in conjunction with encryption in
 UIT Mukhathala - 2024

order to conceal or protect data. It comes from the Greek words steganos, which means
“covered” or “hidden,” and graph, which means “to write.” Hence, “hidden writing.”

eg., (i) the sequence of first letters of each word of the overall message spells out the real
(hidden) message.

(ii) Subset of the words of the overall message is used to convey the hidden message. Different
Types of Steganography

1. Text Steganography − In this method, the hidden data is encoded into the letter of
each word.

2. Image Steganography − concealing data by using an image of a different object as a

cover.

3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it

protects against unauthorized reproduction. Watermarking is a technique that encrypts one
piece of data (the message) within another (the "carrier").

4. Video Steganography − Video steganography is a method of secretly embedding data

or other files within a video file on a computer. Video (a collection of still images) can
function as the "carrier" in this scheme.
 UIT Mukhathala - 2024

5. Character marking – selected letters of printed or typewritten text are overwritten in

pencil. The marks are ordinarily not visible unless the paper is held to an angle to bright
light.

6. Invisible ink – a number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.
7. Pin punctures – small pin punctures on selected letters are ordinarily not visible unless
the paper is held in front of the light.

BLOCK AND STREAM CIPHERS

Block cipher and stream cipher are members of the family of symmetric key ciphers,
essentially encryption techniques used for directly transforming the plaintext into
ciphertext.

Block Cipher Mode of Operation

 UIT Mukhathala - 2024

A block cipher is a symmetric cryptographic technique which we used to encrypt a

fixed-size data block using a shared, secret key. During encryption, we used
plaintext and ciphertext is the resultant encrypted text. It uses the same key to encrypt
both the plaintext, and the ciphertext.

o Popularvariations of the block cipher algorithm include the Data Encryption Standard
(DES), TripleDES, and the Advanced Encryption Standard (AES).

What is Stream Cipher?

 UIT Mukhathala - 2024

A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
This encryption works bit-by-bit, utilising keystreams to generate ciphertext for arbitrary
lengths of plain text messages.
 UIT Mukhathala - 2024

FEISTEL CIPHER

Feistel Cipher is not a specific scheme of block cipher. It is a design model from
which many different block ciphers are derived. DES is just one example of a
Feistel Cipher. A cryptographic system based on Feistel cipher structure uses the
same algorithm for both encryption and decryption.

Encryption Process

The encryption process uses the Feistel structure consisting multiple rounds of
processing of the plaintext, each round consisting of a “substitution” step
followed by a permutation step.

Feistel Structure is shown in the following illustration −

 UIT Mukhathala - 2024

• The input block to each round is divided into two halves that can be
denoted as L and R for the left half and the right half.
• In each round, the right half of the block, R, goes through unchanged. But
the left half, L, goes through an operation that depends on R and the
encryption key. First, we apply an encrypting function „f‟ that takes two
input − the key K and R. The function produces the output f(R,K). Then,
we XOR the output of the mathematical function with L.
 UIT Mukhathala - 2024

• The permutation step at the end of each round swaps the modified L and
unmodified R. Therefore, the L for the next round would be R of the
current round. And R for the next round be the output L of the current
round.
• Above substitution and permutation steps form a „round‟. The number of
rounds are specified by the algorithm design.
• Once the last round is completed then the two sub blocks, „R‟ and „L‟ are
concatenated in this order to form the ciphertext block.
DATA ENCRYPTION STANDARD (DES)

DES is a block cipher and encrypts data in blocks of size of 64 bits each, which
means 64 bits of plain text go as the input to DES, which produces 64 bits of
ciphertext. The same algorithm and key are used for encryption and decryption,
with minor differences. The key length is 56 bits.

DES uses the same key to encrypt and decrypt a message, so both the sender
and the receiver must know and use the same private key.
UIT Mukhathala - 2024
 UIT Mukhathala - 2024

Initial and Final Permutation

Rearranging the bits to form the “permuted input”.

The initial and final permutations are straight Permutation boxes (P-boxes) that
are inverses of each other. They have no cryptography significance in DES.
The initial and final permutations are shown as follows −
 UIT Mukhathala - 2024

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48- bit
key to the rightmost 32 bits to produce a 32-bit output.
 UIT Mukhathala - 2024

• Expansion Permutation Box − Since right input is 32-bit and round key
is a 48-bit, we first need to expand right input to 48 bits.
• XOR (Whitener). − After the expansion permutation, DES does XOR
operation on the expanded right section and the round key. The round
key is used only in this operation.
• Substitution Boxes. − The S-boxes carry out the real mixing. There are a
total of eight S-box tables. The output of all eight s-boxes is then
combined in to 32 bit section.

Key Generation
 UIT Mukhathala - 2024

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
DES Analysis

The DES satisfies both the desired properties of block cipher. These two
properties make cipher very strong.

• Avalanche effect − A small change in plaintext results in the very great

change in the ciphertext.
• Completeness − Each bit of ciphertext depends on many bits of plaintext.
PUBLIC-KEY CRYPTOSYSTEM-APPLICATIONS

Public key cryptography is called as asymmetric key cryptography. It is an

essential encryption and decryption pattern in online software. It uses two
different keys termed as public key and private key.

In symmetric key algorithms, only one key is used to implement encryption and
decryption operations. But in public key cryptography, there are two keys are
used to implement encryption and decryption operations. If one key is used to
implement encryption operation, and second key is used to perform decryption
operation vice versa.
 UIT Mukhathala - 2024

Components of Public Key Encryption:

• Plain Text: This is the message which is readable or understandable. This

message is given to the Encryption algorithm as an input.
• Cipher Text: The cipher text is produced as an output of Encryption algorithm.
We cannot simply understand this message.
• Encryption Algorithm: The encryption algorithm is used to convert plain text
into cipher text.
• Decryption Algorithm: It accepts the cipher text as input and the matching key
(Private Key or Public key) and produces the original plain text
• Public and Private Key: One key either Private key (Secret key) or Public Key
(known to everyone) is used for encryption and other is used for decryption

Applications of the Public Key Encryption:

• Encryption/Decryption − The sender encrypts a message with the receiver public key.
• Digital Signature − The sender signs a message with its secret key. Signing is
completed by a cryptographic algorithm used to the message or to a smaller block of
information that is a function of the message.
• Key Exchange − There are two sides agree to exchange a session key. There are
multiple approaches are possible including the private key of one or both parties.
RSA ALGORITHM

RSA encryption algorithm is a type of public-key encryption algorithm.

o Public key o
Private key

The Public key is used for encryption, and the Private Key is used for decryption.
Decryption cannot be done using a public key. The two keys are linked, but the private
key cannot be derived from the public key. The public key is well known, but the private
key is secret and it is known only to the user who owns the key. It means that everybody
 UIT Mukhathala - 2024

can send a message to the user using user's public key. But only the user can decrypt the
message using his private key.

The Public key algorithm operates in the following manner:

o The data to be sent is encrypted by sender A using the public key of the intended receiver
o B decrypts the received ciphertext using its private key, which is known only to B.
B replies to A encrypting its message using A's public key.
o A decrypts the received ciphertext using its private key, which is known only to him.

RSA encryption algorithm:

RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir, and
Adelman (RSA).
 UIT Mukhathala - 2024

RSA algorithm uses the following procedure to generate public and private keys:

o Select two large prime numbers, p and q.

o Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
o Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -
1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose
"e" such that 1<e < φ (n), e is prime to φ (n), gcd (e,d(n)) =1
o If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public
key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext
C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of
messages, each of which is encrypted separately.
o To determine the private key, we use the following formula to calculate the d such
that:
De mod {(p - 1) x (q - 1)} = 1 Or De mod φ (n) = 1
 UIT Mukhathala - 2024

o The private key is <d, n>. A ciphertext message c is decrypted using private key <d,
n>. To calculate plain text m from the ciphertext c following formula is used to
get plain text m. m = cd mod n