Department of Computer Science & Engineering

Year / Semester : IV Year / VIII Semester

Session : 2020-21 (EVEN)
Course Name & Code : Information & Cyber Security[BECSE407T]
Course In-charge : Dr.Sonali Ridhorkar

Unit-I
Syllabus
 Unit I: Need of Information Security: Legal, Ethical and Professional Issues Attributes of security- authentication,
access control, confidentiality, authorization, integrity, non-reproduction. OSI Security Architecture: attacks,
services and mechanisms. Security Attacks, Security services, A model of Internetwork Security. Conventional
Encryption: Classical Encryption Techniques and Problems on classical ciphers, Security architecture.
 Unit II: Introduction to Secret key and cryptography, Encrypt given messages using DES, AES, IDEA, Problems on
cryptography algorithms, Principles, finite fields, stream cipher, block cipher modes of operation, DES, Triple DES,
AES, IDEA, RC5, key distribution.
 Unit III: Introduction to Public key and Cryptography, Encrypt given messages using ECC, Problems on key
generation, cryptography algorithms Principles, Introduction to number theory, RSA- algorithm, security of RSA,
Key management- Diffie-Hellman key exchange, man-in-the-middle attack, Elliptical curve cryptography
 Unit IV: Message Authentication and Hash Functions: Authentication Requirements and Functions, Hash Functions
and their Security, MD5 Message Digest Algorithm, Kerberos. Key Management: Digital Certificates-Certificate
types, X.509 Digital Certificate format, Digital Certificate in action, Public Key Infrastructure-Functions, PKI
Architecture, Certificate Authentication.
 Unit V: Introduction to Network, Transport and Periphery Security, Study of IPSEC, TLS, and SSL. Firewalls - design
principles, trusted systems, Intrusion Detection System, Intrusion Prevention System. Implementation and analysis
of IPSEC, TLS and SSL, Introduction to cryptography - Classical cryptography.
 Unit VI: Software Vulnerability: Phishing, Buffer Overflow, Cross-site Scripting (XSS), SQL Injection. Electronic
Payment: Payment Types, Enabling Technologies-Smart Cards and Smart Phones, Cardholder Present E-Transaction-
Attacks, Chip Card Transactions, Payment over Internet-Issues and Concerns, Secure Electronic
2 Transaction, Online
Rail Ticket Booking. Electronic Mail Security: Pretty Good Privacy, S/MIME
Text and reference Book
 Text Book:
 1. Cryptography and network security - principles and practices, William
Stallings, Pearson Education, 2002.
 Reference Books:
 1. Network Security and Cryptography, Bernard Menezes, Cengage Learning.
2. Information System Security, Nina Godbole, Wiley India, 2008.
 3. Network security, private communication in a public world, Charlie
Kaufman, Radia Perlman and Mike Speciner, Prentice Hall, 2002.
 4. Security architecture, design deployment and operations, Christopher M.
King and Curtis Patton, RSA press, 2001.
 5. Network Security - The Complete Reference, Robert Bragg and Mark
Rhodes, Tata McGraw Hill, 2004.

3
Background

 Information Security requirements have changed

in recent times
 traditionally provided by physical and
administrative mechanisms
 computer use requires automated tools to
protect files and other stored information
 use of networks and communications links
requires measures to protect data during
transmission
Definitions

 Computer Security - generic name for the

collection of tools designed to protect data and
to thwart hackers
 Network Security - measures to protect data
during their transmission
 Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks
Aim of Course

 our focus is on Internet Security

 which consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission & storage of information
 The Definition of Computer Security

“The protection afforded to an automated information system in

order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system
resources (includes hardware, software, firmware,
information/data and telecommunication)”
 Key Security Concepts

The definition of computer

security introduces 3 key
objectives that are at the
heart of computer security.
1. Confidentiality
2. Integrity
3. Availability

This creates a CIA triads or

we can say the security
requirements triads. It
covers security for
data/information and
services both.
 Three Key Objectives
❑ Confidentiality: It covers two related concepts that are data confidentiality and
 privacy.
▪ Data confidentiality: It assures that private or confidential information is not
 made available or disclosed to unauthorized individuals.
▪ Privacy: It assures that individuals control or influence what information related
 to them may be collected and stored and by whom and to whom that information
 may be disclosed.

❑ Integrity: It covers two related concepts that are data integrity and system integrity.
▪ Data integrity: It assures that information and programs are changed only in a
 specified an authorized manner.
▪ System integrity: It assures that a system performs its intended function in an
 unimpaired manner , free from deliberate or inadvertent unauthorized manipulation
 of the system.
 Three Key Objectives & more
❑ Availability: It assures that systems work promptly and services is not denied to
 Authorized users.

➢ Although the use of CIA triad to define security objectives is well established,
 some expert in security field feel that additional concepts are needed to present a
 complete picture. Two of additional concepts are as follows:

❑ Authenticity: The property of being genuine and being able to be verified and
 trusted ; confidence in the validity of transmission, a message, or message originator.
 This means verifying that users are who they say they are and that each input
 arriving at the system came from a trusted source.

❑ Accountability: The security goals that generate the requirement for actions of an
 entity to be traced uniquely to that entity. This supports non-repudiation, deterrence,
 fault isolation, intrusion detection and prevention and after action recovery and
 legal action. We must be able to trace security breach and take action against it.
 X.800 OSI Security Architecture
• The OSI security architecture is useful to managers as a way of organizing the task
 of providing security. The OSI security architecture focuses on security attacks,
 mechanism and services. They are defined as follows:
❑ Security attack: Any action that compromises the security of information owned
by
 an organization.
❑ Security mechanism: A process that is design to detect, prevent or recover from a
 security attack.
❑ Security Services: A processing or communication service that enhances the
 security of the data processing systems and the information transfers of an
 organization. The services are intended to counter security attacks, and they make
 use of security mechanism to provide the service.
 Security Attacks

Active Attack Passive Attack

Masquerade Replay Modification Denial of Release of

Traffic
of message Service message
Analysis
content
 Passive Vs. Active Attack
❑ Passive Attack:
• Passive attacks do not affect system resources.
• Passive attacks are very difficult to detect.
• Message transmission apparently normal.
• No alteration of the data.
• Emphasis on prevention rather than detection by means of encryption.
• There are two types of passive attack, they are, release of message content and
 traffic analysis.

❑ Active Attack:
• Active attacks try to alter system resources or affect their operation.
• Modification of data, or creation of false data.
• A specific target or entire network.
• Difficult to prevent.
• The goal is to detect and recover.
• There are 4 types of active attack, they are masquerade, replay, modification of
 Message and denial of service.
Passive Attack: Release of Message Contents
Passive Attack: Traffic Analysis
Active Attack: Masquerade
Active Attacks: Replay
Active Attacks: Modification of Messages
Active Attacks: Denial of Serv ice
 Security Serv ice(X.800)
▪ Security Service enhance security of data processing systems and information
 transfers of an organization and it is intended to counter security attacks using one
 or more security mechanisms.

▪ It often replicates functions normally associated with physical documents

 which, for example, have signatures, dates; need protection from disclosure,
 tampering, or destruction; be notarized or witnessed; be recorded or licensed.

▪ X.800 is a service provided by a protocol layer of communicating open systems,

 which ensures adequate security of the systems or of data transfers.

▪ RFC 2828 is a processing or communication service provided by a system to give a

 specific kind of protection to system resources.

▪ X.800 services are divided into 5 categories.

 Security Services (X.800)
❑ Authentication – The assurance that communicating entity is the one claimed have
 both peer-entity & data origin authentication.

❑ Access Control -The prevention of the unauthorized use of a resource.

❑ Data Confidentiality –The protection of data from unauthorized disclosure.

❑ Data Integrity – The assurance that data received is as sent by an authorized entity.

❑ Non-Repudiation – The protection against denial by one of the parties in a

 Communication.

❑ Availability –The resource accessible/usable.

 Security Mechanism(X.800)
• The security mechanism defined in X.800 are divided into those that are implemented
 in a specific protocol layer, such as TCP or an application layer protocol and those that
 are not specific to any particular protocol layer or security service. They are:
❑ Specific Security Mechanism (Available in OSI Security Service):
▪ Encipherment
▪ Digital Signature
▪ Access Control
▪ Data Integrity
▪ Authentication Exchange
▪ Traffic Padding
▪ Routing Control
▪ Notarization
❑ Pervasive Security Mechanism (Not part of OSI Security Service):
▪ Trusted Functionality
▪ Security label
▪ Event Detection
▪ Security Audit Trail
▪ Security Recovery
 Specific Security Mechanism
❑ Encipherment: The use of mathematical algorithm to transform data into a form that is not
 readily intelligible.
❑ Digital Signature: Data appended to or a cryptographic transformation of a data unit that
 allows a recipient of data unit to prove the source and integrity of the data unit and protect against
 forgery.

❑ Access Control: A variety of mechanisms that enforce access rights to resources.

❑ Data Integrity: A variety of mechanism used to assure the integrity of a data unit or stream of
 data units.

❑ Authentication Exchange: A mechanism intended to ensure the identity of an entity by means

 of information exchange.
❑ Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
 attempt.

❑ Routing Control: Enables selection of particular physically secure routes for certain data and
 allows routing changes, especially when a breach of security is suspected.
❑ Notarization: The use of a trusted third party to assure certain properties of data
 exchange.
 Pervasive Security Mechanism
❑ Trusted Functionality: That which is perceived to be correct with respect to some criteria.

❑ Security label: The marking bound to a resource that names or designate the security
 attributes of that resource.

❑ Event Detection: Detection of security related events.

❑ Security Audit Trail:Data collection and potentially used to facilitates a security audit,
 which is an independent review and examination of system records and activities.

❑ Security
Recovery: Deals with request from mechanism, such as event handling and
 management functions and takes recovery actions.
Relationship between security service and
Mechanism
Model for Network Security
 Model for Network Security
❑ Fig. Above shows that a message is to be transferred from one party to another
 across some sort of internet service. The two parties, who are the principals in this
 transaction, must cooperate for the exchange to take place.

❑ A logical information channel is established by defining a route through the

 internet from source to destination and by the cooperative use of communication
 protocols (TCP/IP) by the two principals. All the techniques for providing security have
 two components:

▪ A security related transformation on the information to be sent. Examples include

 The encryption of the message, which scramble the message so that it is unreadable by
 The opponent, and the addition of a code based on the contents of the message, which
 can be used to verify the identity of the sender.
▪ Some secret information shared by the two principals and, it is hoped, unknown
 to the opponent. An example is an encryption key used in conjunction with the
 transformation to scramble the message before transmission and unscramble it on
 Reception.
 Model for Network Security
❑ A trusted third party may be needed to achieve secure transmission. For example,
 A third party may be responsible for distributing the secret information to the to
 Principals while keeping it from any opponent.
❑ The general model shows that there are 4 basic task in designing a particular
 security service:
• Design a suitable algorithm for the security transformation
• Generate the secret information (keys) used by the algorithm
• Develop methods to distribute and share the secret information
• Specify a protocol enabling the principals to use the transformation and secret
 information for a security service

❑ Sometimes the above given security model does not full fill all the needed security
 requirements so another model is given to protect the information from unwanted access
 by the hackers/intruder who attempt to penetrate system that can be accessed over a
 network. The threat can be from software also. They may be virus, worms which attack
 on the system in order to harm the system or to steal the passwords and other
 confidential information. The model is shown below:
 Model for Network Access Security
❑The security mechanism needed to cope with unwanted access fall into two broad
categories:
•The first category might be termed a gatekeeper function. It includes password based
login procedures that are designed to deny access to all but authorized users and
screening logic that is designed to detect and reject worms, viruses and other similar
attacks.
•Once either an unwanted user or software gains access, the second line of defense
consists of a variety of internal controls that monitor activity and analyze stored
information in an attempt to detect the presence of unwanted intruders.
 ☺Basic Terminologies that we must remember
• Plaintext - original message always☺
• Cipher text - coded message
• Cipher - algorithm for transforming plaintext to cipher text
• Key - info used in cipher known only to sender/receiver
• Encipher (encrypt) - converting plaintext to cipher text
• Decipher (decrypt) - recovering cipher text from plaintext
• Cryptography - study of encryption/decryption principles/methods
• Cryptanalysis (codebreaking) - study of principles/ methods of deciphering
cipher text without knowing key.
• Cryptology - field of both cryptography and cryptanalysis
 Symmetric Cipher Model or Symmetric Encryption or
Conventional Encryption Model
Fig. given below shows the conventional encryption process. The original intelligible
message, referred to as plaintext is converted into apparently random nonsense referred
to as cipher text. The encryption process consists of an algorithm and key. The key is a
value independent of the plaintext.
 Symmetric Cipher Model or Symmetric Encryption or
Conventional Encryption Model
• The algorithm will produce a different output depending on the specific key being
used at the time . Changing the key changes the output of the algorithm. Once the
cipher text is produced, it may be transmitted.

• Upon reception, the cipher text can be transformed back to the original plaintext by
using a decryption algorithm and the same key that was used for encryption. The
security of conventional encryption depends on several factors.

• First, the encryption algorithm must be powerful enough that it is impractical to

decrypt a message on the basis of cipher text alone. Beyond that the security of
conventional encryption depends on the secrecy of the key, not secrecy of algorithm.
In other words we do not need to keep the algorithm secret.
 Symmetric Cipher Model or Symmetric Encryption or
Conventional Encryption Model
• A source produces a message in plaintext, X=[X1,X2,…..Xm]. The M elements of X are
letters in some finite alphabet. Traditionally, the alphabet usually consisted of the 26 capital
letters. Nowadays the binary alphabets{0,1} are used.
• A key K=[K1,K2,….Kj] is generated. If the key is generated at the message source then it is
also shared with the destination by means of some secure channel. Alternatively the third
party could also generate and distribute the key to sender and receiver.

• With the message X and the encryption key K as input, the encryption algorithm forms the
cipher text Y =[Y1,Y2…..Yn]. We can write this as Y=Ek(X).This notation indicates that Y
is produced by using encryption algorithm E as a function of the plaintext X, with the
specific function determined by the value of the key K.
• The intended receiver, in possession of the key is able to decrypt the message, X=Dk(Y). An
opponent, observing the Y but not having access to K or X may attempt to recover X or K or
both X and K. It is assumed that the opponent knows the encryption (E) and decryption (D)
algorithms.
 Symmetric Cipher Model or Symmetric Encryption or
Conventional Encryption Model
If the opponent is interested in only this particular message, then the focus of the effort is to
recover X by generating a plaintext estimate often, however the opponent is interested in
being able to read future message as well, in which case an attempt is made to recover K by
generating an estimate
 Cryptanalysis and Brute-Force Attack
❑ Typically, the objective of attacking an encryption system is to recover the key in
 Use rather than simply to recover the plaintext of a single cipher text. There are two
 general approaches to attacking a conventional encryption scheme:

 • Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus

 perhaps some knowledge of the general characteristics of the plaintext or even some
 sample plaintext–cipher text pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

 • Brute-force attack: The attacker tries every possible key on a piece of cipher text
 until an intelligible translation into plaintext is obtained. On average, half
 of all possible keys must be tried to achieve success.

 “If either type of attack succeeds in deducing the key, the effect is catastrophic:
 All future and past messages encrypted with that key are compromised”
 Cryptanalysis
❑ Table given below summarizes the various types of cryptanalytic attacks based on
 the amount of information known to the cryptanalyst. The most difficult problem is
 Presented when all that is available is the cipher text only.

❑ In some cases, not even the encryption algorithm is known, but in general, we can
 assume that the opponent does know the algorithm used for encryption. One possible
 attack under these circumstances is the brute-force approach of trying all possible keys.

❑ If the key space is very large, this becomes impractical. Thus, the opponent must
 rely on an analysis of the cipher text itself, generally applying various statistical tests
 to it.

❑ To use this approach, the opponent must have some general idea of the type of
 plaintext that is concealed, such as English or French text, an EXE file, a Java source
 listing, an accounting file, and so on.
 TWO Important Definitions
❑ An encryption scheme is unconditionally secure if the cipher text generated by
the scheme does not contain enough information to determine uniquely the
corresponding plaintext, no matter how much cipher text is available.

❑ While designing any cryptography algorithm we must strive for is an algorithm that
meets one or both of the following criteria:

• The cost of breaking the cipher exceeds the value of the encrypted information.
• The time required to break the cipher exceeds the useful lifetime of the
information.

❑ An encryption scheme is said to be computationally secure if either of the

above two criteria are met. Unfortunately, it is very difficult to estimate the
amount of effort required to cryptanalyze cipher text successfully.
 Brute-Force Attack
➢ A brute-force attack involves trying every possible key until an intelligible
translation of the cipher text into plaintext is obtained. On average, half of all possible
keys must be tried to achieve success.
➢ Table below shows how much time is involved for various key spaces. Results are
shown for four binary key sizes.
Key Size (bits) Number of Time required at 1 Time required at 106
Alternative Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 6.4  106 years

(permutation) years
 Brute-Force Attack
➢ The 56-bit key size is used with the Data Encryption Standard (DES) algorithm,
and the 168-bit key size is used for triple DES. The minimum key size specified
for Advanced Encryption Standard (AES) is 128 bits.

➢ Results are also shown for what are called substitution codes that use a 26-
character key in which all possible permutations of the 26 characters serve as
keys.
➢ For each key size, the results are shown assuming that it takes 1 μs to perform a
single decryption, which is a reasonable order of magnitude for today’s machines.
➢ With the use of massively parallel organizations of microprocessors, it may be
possible to achieve processing rates many orders of magnitude greater.

➢ The final column of Table considers the results for a system that can process 1
million keys per microsecond. As you can see, at this performance level, DES can
no longer be considered computationally secure.
 ❑ Following are classical encryption techniques:
1. Substitution Techniques
2. Transposition Techniques
3. Steganography

❑ Substitution Techniques: A substitution technique is one in which the letters of plaintext

are replaced by other letters or by numbers or symbols. If the plaintext is viewed as a sequence
of bits, then substitution involves replacing plaintext bit patterns with cipher text bit
patterns. Following are the types of substitution techniques:
✓ Caesar Cipher
✓ Monoalphabetic cipher
✓ Playfair Cipher
✓ Hill Cipher
✓ Polyalphabetic Cipher
✓ One Time pad
Substitution Techniques: Caesar Cipher
❑ The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example,
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Let us assign a numerical equivalent to each letter:
Substitution Techniques: Caesar Cipher

❑ Then the algorithm can be expressed as follows. For each plaintext letter p, substitute
the cipher text letter C. A shift may be of any amount, so that the general Caesar algorithm is
where takes on a value in the range 1 to 25.The Encryption/ decryption algorithm is simply
C = E(k, p) = (p + k) mod 26
p = D(k, C) = (C - k) mod 26
❑ If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is
easily performed: simply try all the 25 possible keys. Three important characteristics of this
problem enabled us to use a brute force cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

❑ In most networking situations, we can assume that the algorithms are known. What generally
makes brute-force cryptanalysis impractical is the use of an algorithm that employs a large
Substitution Techniques: Caesar Cipher

❑ The third characteristic is also significant. If the language of the plaintext is unknown, then
plaintext output may not be recognizable. Furthermore, the input may be abbreviated or
compressed in some fashion, again making recognition difficult. For example, Figure below
shows a portion of a text file compressed using an algorithm called ZIP. If this file is then
encrypted with a simple substitution cipher (expanded to include more than just 26 alphabetic
characters), then the plaintext may not be recognized when it is uncovered in the brute-force
cryptanalysis.
 Substitution Techniques: Caesar
Let us take an example..!!
Cipher
46
Cryptanalysis of Caesar Cipher
 only have 26 possible ciphers
 A maps to A,B,..Z
 could simply try each in turn
 a brute force search
 given ciphertext, just try all shifts of letters
 do need to recognize when have plaintext
 eg. break ciphertext "GCUA VQ DTGCM"
 Substitution Techniques: Monoalphabetic Ciphers
❑ Before proceeding, we define the term permutation. A permutation of a finite set of
elements S is an ordered sequence of all the elements of S, with each element appearing
exactly once. For example, if S={a,b,c} , there are six permutations of S :
abc, acb, bac, bca, cab, cba

❑ In general, there are n! permutations of a set of n elements, because the first element can be
chosen in one of n ways, the second in n-1ways, the third in n-2 ways, and so on. Recall the
assignment for the Caesar cipher:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

❑ If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then
there are 26! possible keys. This is 10 orders of magnitude greater than the key space for
DES and would seem to eliminate brute-force techniques for cryptanalysis. Such an
approach is referred to as a monoalphabetic substitution cipher, because a single cipher
alphabet (mapping from plain alphabet to cipher alphabet) is used per message.
 Substitution Techniques: Monoalphabetic Ciphers
❑ There is, however, another line of attack. If the cryptanalyst knows the nature of the
plaintext (e.g., non compressed English text), then the analyst can exploit the regularities of
the language. To see how such a cryptanalysis might proceed, we give a partial example
here: The cipher text to be solved is given below:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
❑ As a first step, the relative frequency of the letters can be determined and compared to a
standard frequency distribution for English, such as is shown in figure below. If the message
were long enough, this technique alone might be sufficient, but because this is a relatively
short message, we cannot expect an exact match. In any case, the relative frequencies of the
letters in the cipher text (in percentages) are as follows:

Fig: Relative frequency of letters in cipher text

 Substitution Techniques: Monoalphabetic Ciphers
❑ Comparing this breakdown with Figure below, it seems likely that cipher letters P
and Z are the equivalents of plain letters e and t, but it is not certain which is which. The
letters S,U,O, M, and H are all of relatively high frequency and probably correspond to plain
letters from the set {a, h, i, n, o, r, s}.
The letters with the lowest frequencies
(namely, A, B,G,Y, I, J) are likely
included in the set {b, j, k, q, v, x, z}.

❑ In our cipher text, the most common

digram is ZW, which appears three
times. So we make the correspondence
of Z with t and W with h. Then, by our
earlier hypothesis, we can equate P
with e. Now notice that the sequence
ZWP appears in the cipher text, and
we can translate that sequence as “the.”
 Substitution Techniques: Monoalphabetic Ciphers
❑ This is the most frequent trigram (three-letter combination) in English, which seems to
indicate that we are on the right track.Next, notice the sequence ZWSZ in the first
line.We do not know that these four letters form a complete word, but if they do, it is of
the form th_t. If so, S equates with a. So far, then, we have:

❑ Only four letters have been identified, but already we have quite a bit of the message.
Continued analysis of frequencies plus trial and error should easily yield a solution from
this point.The complete plaintext, with spaces added between words, follows:
“it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in Moscow”
 Substitution Techniques: Playfair Ciphers
➢ The Playfair algorithm is based on the use of a 5 × 5 matrix of letters constructed
using a keyword. In this case, the keyword is monarchy.

➢ The matrix is constructed by filling in the letters of the keyword (minus duplicates) from
left to right and from top to bottom, and then filling in the remainder of the matrix with
the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time, according to the following rules:
Rules
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such
as x, so that “balloon” would be treated as “ba” ,“lx” , “lo”, “on”.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row circularly following the last. For example,
“ar” is encrypted as “RM”.
 Substitution Techniques: Playfair Ciphers
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath,
with the top element of the column circularly following the last. For example, “mu” is
encrypted as “CM”.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its
own row and the column occupied by the other plaintext letter. Thus, “hs”
becomes “BP: and “ea” becomes “IM” (or “JM”, as the encipherer wishes).

❑The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing,
whereas there are only 26 letters, there are 26 * 26 = 676 digrams, so that identification of
individual digrams is more difficult.
❑Furthermore, the relative frequencies of individual letters exhibit a much greater range
than that of digrams, making frequency analysis much more difficult. For these reasons, the
Playfaircipher was for a long time considered unbreakable.

❑Despite this level of confidence in its security, the Playfair cipher is relatively
easy to break, because it still leaves much of the structure of the plaintext language
intact. A few hundred letters of ciphertext are generally sufficient.
 Substitution Techniques: Playfair Ciphers

Let us take an example..!!

 Substitution Techniques: Hill Ciphers
❑This encryption algorithm takes m successive plaintext letters and substitutes for them m
ciphertext letters. The substitution is determined by m linear equations in which each
character is assigned a numerical value (a = 0, b = 1, c, z = 25). For m = 3, the system can be
described as:
c1 = (k11p1 + k21p2 + k31p3) mod 26
c2 = (k12p1 + k22p2 + k32p3) mod 26
c3 = (k13p1 + k23p2 + k33p3) mod 26

❑This can be expressed in terms of row vectors and matrices:

(c1 c2 c3) = (p1 p2 p3)(k11 k12 k13

k21 k22 k23
k31 k32 k33) mod 26
or

C = PK mod 26
 Substitution Techniques: Hill Ciphers
❑where C and P are row vectors of length 3 representing the plaintext and ciphertext,
and K is a 3 * 3 matrix representing the encryption key. Operations are performed
mod 26. For example, consider the plaintext “paymoremoney” and use the encryption
Key given below:
K = (17 17 5
21 18 21
2 2 19)

❑The first three letters of the plaintext are represented by the vector (15 0 24).
Then(15 0 24)K = (303 303 531) mod 26 = (17 17 11) = RRL.
❑Continuing in this fashion, the ciphertext for the entire plaintext is RRLMWBKASPDH.

❑Decryption requires using the inverse of the matrix K. We can compute det K = 23, and
therefore, (det K) inverse mod 26 = 17. We can then compute the inverse as
K-1 = ( 4 9 15
15 17 6
24 0 17)
 Substitution Techniques: Hill Ciphers
❑This is demonstrated as:
(17 17 5 (4 9 15 (443 442 442 (1 0 0
21 18 21 * 15 17 6 = 858 495 780 mod 26 = 0 1 0
2 2 19) 24 0 17) 494 52 365) 0 0 1)

❑It is easily seen that if the matrix K-1 is applied to the ciphertext, then the plaintext is
recovered. In general terms, the Hill system can be expressed as:

C = E(K, P) = PK mod 26
P = D(K, C) = CK-1 mod 26 = PKK-1 = P

❑As with Playfair, the strength of the Hill cipher is that it completely hides single-letter
frequencies. Indeed, with Hill, the use of a larger matrix hides more frequency information.
Thus, a 3 * 3 Hill cipher hides not only single-letter but also two-letter frequency
information. Although the Hill cipher is strong against a ciphertext-only attack, it is
easily broken with a known plaintext attack.
 Substitution Techniques: Hill Ciphers

Let us take an example…!!

 Substitution Techniques: Polyalphabetic Cipher
❑Another way to improve on the simple monoalphabetic technique is to use different
monoalphabetic substitutions as one proceeds through the plaintext message. The general
name for this approach is polyalphabetic substitution cipher. All these techniques have the
following features in common:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation

❑The best known, and one of the simplest, polyalphabetic ciphers is the Vigenère cipher. In
this scheme, the set of related monoalphabetic substitution rules consists of the 26 Caesar
ciphers with shifts of 0 through 25.
❑Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the
plaintext letter a. Thus, a Caesar cipher with a shift of 3 is denoted by the key value 3.8
We can express the Vigenère cipher in the following manner.

❑Assume a sequence of plaintext letters P = p0, p1, p2, c, pn-1 and a key consisting of the
sequence of letters K = k0, k1, k2, c, km-1, where typically m < n. The sequence of
ciphertext letters C = C0, C1, C2, c, Cn-1 is calculated as follows:
 Substitution Techniques: Polyalphabetic Cipher
C = C0, C1, C2,...., Cn-1 = E(K, P) = E[(k0, k1, k2,....., km-1), (p0, p1, p2,....,
pn-1)]
= (p0 + k0) mod 26, (p1 + k1) mod 26,........., (pm-1 + km-1) mod 26,
(pm + k0) mod 26, (pm+1 + k1) mod 26,....., (p2m-1 + km-1) mod 26........

❑Thus, the first letter of the key is added to the first letter of the plaintext, mod
26, the second letters are added, and so on through the first m letters of the
plaintext. For the next m letters of the plaintext, the key letters are
repeated.This process continues until all of the plaintext sequence is encrypted.
A general equation of the
encryption process is:
Ci = (pi + kimod m)mod 26
Similarly, decryption is given as:
pi = (Ci - kimod m)mod 26

❑To encrypt a message, a key is needed that is as long as the message. Usually,
 Substitution Techniques: Polyalphabetic Cipher
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

❑The strength of this cipher is that there are multiple ciphertext letters for each
plaintext letter, one for each unique letter of the keyword.Thus, the letter
frequency
information is obscured.
 Substitution Techniques: One Time Pad
❑An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the
Vernam cipher that yields the ultimate in security. Mauborgne suggested using a random key
that is as long as the message, so that the key need not be repeated.

❑In addition, the key is to be used to encrypt and decrypt a single message, and then is
discarded. Each new message requires a new key of the same length as the new message.
Such a scheme, known as a one-time pad, is unbreakable. It produces random output that
bears no statistical relationship to the plaintext. Because the ciphertext contains no
information whatsoever about the plaintext, there is simply no way to break the code.

❑An example should illustrate our point. Suppose that we are using a Vigenère scheme with
27 characters in which the twenty-seventh character is the space character, but with a one-
time key that is as long as the message. Consider the ciphertext:

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
We now show two different decryptions using two different keys:
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
 Substitution Techniques: One Time Pad
❑We now show two different decryptions using two different keys:

ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
plaintext: mr mustard with the candlestick in the hall

ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
plaintext: miss scarlet with the knife in the library

❑Suppose that a cryptanalyst had managed to find these two keys. Two plausible plaintexts
are produced. How is the cryptanalyst to decide which is the correct decryption (i.e., which
is the correct key)? If the actual key were produced in a truly random fashion, then the
cryptanalyst cannot say that one of these two keys is more likely than the other.Thus, there is
no way to decide which key is correct and therefore which plaintext is correct.
 Substitution Techniques: One Time Pad
❑In fact, given any plaintext of equal length to the ciphertext, there is a key that produces
that plaintext. Therefore, if you did an exhaustive search of all possible keys, you would end
up with many legible plaintexts, with no way of knowing which was the intended
plaintext.Therefore, the code is unbreakable.

❑The security of the one-time pad is entirely due to the randomness of the key. If the stream
of characters that constitute the key is truly random, then the stream of characters that
constitute the ciphertext will be truly random. Thus, there are no patterns or regularities that
a cryptanalyst can use to attack the ciphertext.

❑In theory, we need look no further for a cipher.The one-time pad offers complete
security but, in practice, has two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys. Any
heavily used system might require millions of random characters on a regular basis.
Supplying truly random characters in this volume is a significant task.
 Substitution Techniques: One Time Pad
2. Even more daunting is the problem of key distribution and protection. For
every message to be sent, a key of equal length is needed by both sender and receiver. Thus,
a mammoth key distribution problem exists.

❑Because of these difficulties, the one-time pad is of limited utility and is useful primarily
for low-bandwidth channels requiring very high security. The one-time pad is the only
cryptosystem that exhibits what is referred to as perfect secrecy
 Transposition Techniques: Rail Fence
❑All the techniques examined so far involve the substitution of a ciphertext symbol for a
plaintext symbol. A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher.

❑The simplest such cipher is the rail fence technique, in which the plaintext is written
down as a sequence of diagonals and then read off as a sequence of rows. For example, to
encipher the message “meet me after the toga party” with a rail fence of depth 2, we write
the following:
mematrhtgpry
etefeteoaat
❑The encrypted message is:
MEMATRHTGPRYETEFETEOAAT

❑This sort of thing would be trivial to cryptanalyze.A more complex scheme is to write the
message in a rectangle, row by row, and read the message off, column by column, but
permute the order of the columns. The order of the columns then becomes the key to the
algorithm. For example:
 Transposition Techniques: Rail Fence
❑This sort of thing would be trivial to cryptanalyze.A more complex scheme is to write the
message in a rectangle, row by row, and read the message off, column by column, but
permute the order of the columns. The order of the columns then becomes the key to the
algorithm. For example,
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
ostpone
duntilt
woamxyz

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

❑Thus, in this example, the key is 4312567.To encrypt, start with the column that is labeled
1, in this case column 3.Write down all the letters in that column. Proceed to column 4,
which is labeled 2, then column 2, then column 1, then columns 5, 6, and 7. The
transposition cipher can be made significantly more secure by performing more than one
stage of transposition.
 Transposition Techniques: ROTOR MACHINES
❑The basic principle of the rotor machine is illustrated in Figure on next slide. The machine
consists of a set of independently rotating cylinders through which electrical pulses can flow.

❑Each cylinder has 26 input pins and 26 output pins, with internal wiring that connects each
input pin to a unique output pin. For simplicity, only three of the internal connections in each
cylinder are shown.

❑If we associate each input and output pin with a letter of the alphabet, then a single cylinder
defines a monoalphabetic substitution. For example, in Figure, if an operator depresses the
key for the letter A, an electric signal is applied to the first pin of the first cylinder and flows
through the internal connection to the twenty-fifth output pin.

❑Consider a machine with a single cylinder.After each input key is depressed, the cylinder
rotates one position, so that the internal connections are shifted accordingly. Thus, a different
monoalphabetic substitution cipher is defined. After 26 letters of plaintext, the cylinder would
be back to the initial position. Thus, we have a polyalphabetic substitution algorithm with a
period of 26.
Transposition Techniques: ROTOR MACHINES
 Transposition Techniques: ROTOR MACHINES
❑A single-cylinder system is trivial and does not present a formidable cryptanalytic task.
The power of the rotor machine is in the use of multiple cylinders, in which the output pins
of one cylinder are connected to the input pins of the next.
❑Figure above shows a three-cylinder system. The left half of the figure shows a position
in which the input from the operator to the first pin (plaintext letter a) is routed through the
three cylinders to appear at the output of the second pin (ciphertext letter B).

❑With multiple cylinders, the one closest to the operator input rotates one pin position with
each keystroke. The right half of Figure above shows the system’s configuration after a
single keystroke. For every complete rotation of the inner cylinder, the middle cylinder
rotates one pin position.

❑Finally, for every complete rotation of the middle cylinder, the outer cylinder rotates one
pin position. This is the same type of operation seen with an odometer. The result is that
there are 26 * 26 * 26 = 17,576 different substitution alphabets used before the system
repeats. The addition of fourth and fifth rotors results in periods of 456,976
and 11,881,376 letters, respectively.
 STEGANOGRAPHY
❑A plaintext message may be hidden in one of two ways. The methods of steganography
conceal the existence of the message, whereas the methods of cryptography render the
message unintelligible to outsiders by various transformations of the text.

❑A simple form of steganography, but one that is time-consuming to construct, is one in

which an arrangement of words or letters within an apparently innocuous text spells out the
real message. For example, the sequence of first letters of each word of the overall message
spells out the hidden message.

❑Figure 2.9 shows an example in which a subset of the words of the overall message is
used to convey the hidden message. See if you can decipher this; it’s not too hard.Various
other techniques have been used historically; some examples are the following:

• Character marking: Selected letters of printed or typewritten text are overwritten in

pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright
light.
 STEGANOGRAPHY
• Invisible ink: A number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.

•Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the
paper is held up in front of a light.

• Typewriter correction ribbon: Used between lines typed with a black ribbon, the results
of typing with the correction tape are visible only under a strong light.

❑Although these techniques may seem archaic, they have contemporary equivalents.
proposes hiding a message by using the least significant bits of frames on a CD. For
example, the Kodak Photo CD format’s maximum resolution is 2048 X 3072 pixels, with
each pixel containing 24 bits of RGB color information.
❑The least significant bit of each 24-bit pixel can be changed without greatly affecting the
quality of the image. The result is that you can hide a 2.3-megabyte message in a single
digital snapshot.There are now a number of software packages available that take this type
of approach to steganography.
 STEGANOGRAPHY
❑Steganography has a number of drawbacks when compared to encryption. It requires a lot
of overhead to hide a relatively few bits of information, although using a scheme like that
proposed in the preceding paragraph may make it more effective. Also, once the system is
discovered, it becomes virtually worthless.

❑ This problem, too, can be overcome if the insertion method depends on some sort of key.
Alternatively, a message can be first encrypted and then hidden using steganography.

❑The advantage of steganography is that it can be employed by parties who have

something to lose should the fact of their secret communication (not necessarily the content)
be discovered. Encryption flags traffic as important or secret or may identify the sender or
receiver as someone with something to hide.