Network and

Cyber-Security
(21ECE811)
 Subject Co-ordinator :
Professional
elective Dr. Leelavathi H P
Subject: Professor, Department
of ECE, GAT.

21ECE811 : Network and

Cyber Security
 Course Prerequisites and Course Objectives
Course Prerequisites:
The following Skills are essential for understanding NCS

Networking
What is computer networking?
 A computer network is a group of interconnected nodes or computing
devices that exchange data and resources with each other.
 A network connection between these devices can be established using
cable or wireless media.
 Once a connection is established, communication protocols such
as TCP/IP, Simple Mail Transfer Protocol and Hypertext Transfer
Protocol are used to exchange data between the networked devices.
The full form of TCP/IP is Transmission Control Protocol/Internet
Protocol.
Examples of computing devices: PC, Laptops, smartphones. Because
the bulk of your information is stored and accessed via these devices, you
need to take special care in securing them.
Protocols: Network protocols are a set of rules outlining how connected
devices communicate across network to exchange the information easily
and safely.
What is cyber?
 Originally comes from the ancient Greek word kubernetikos,
which means “good at steering/act of controlling.” It converted in
French as cybernetique to mean the art of governing.
 Involving computers or computer networks(such as the internet)
What is Security?
 Refers to protection from hostile / unfriendly forces.
 Computer security is the protection of computer systems and
information from harm, theft, and unauthorized use.
What is the Cyber security
 The application of technologies, which processes and controls to
protect systems, networks, programs, devices and data from cyber
attacks.
 Aims to reduce the risk of cyber attacks and protect against the
unauthorized exploitation of systems, networks, and technologies.
• A cyber attack is a set of actions performed by threat actors
to gain unauthorized access, steal data or cause damage to
computers, computer networks, or other computing systems.
• Cyber attacks can be launched from any location and can be
performed by an individual or a group using one or more
tactics, techniques and procedures (TTPs) .
• The individuals who launch cyber attacks are usually referred
to as cybercriminals, threat actors, bad actors, or hackers.
• They can work alone, in collaboration with other attackers, or
as part of an organized criminal group.
• Cybercriminals try to identify vulnerabilities—problems or
weaknesses in computer systems—and exploit them to further
their goals
There are various types of cyber attacks
• Phishing attacks: These attacks use fake emails or websites to
trick people into revealing sensitive information such as
passwords, credit card numbers, or social security numbers.
• Malware attacks: These attacks use malicious/ bad software to
gain unauthorized access to computer systems to steal the
information or to damage them.
• Ransomware attacks: These attacks encrypt files on a computer
system and demand payment in exchange for the decryption key.
• Denial-of-service (DoS) attacks: Makes a network or machine
unavailable to its users. These attacks flood a computer system
with traffic to make it unavailable to users.
• It’s important to take measures to protect yourself from cyber
attacks. Some of the best practices include using strong
passwords, keeping your software up-to-date, being cautious of
suspicious emails or websites, and using antivirus software .
A cyber attack is an attempt to disable computers, steal
data, or use a breached computer system to launch additional
attacks.
Types of Cyber Attacks
Malware
Malware is a term that describes malicious software, including
spyware, ransomware, viruses, and worms.
Malicious Software is any program or file that is
intentionally harmful to a computer, network or server. Types of
malware include computer viruses, worms, Trojan horses.
Network Security:
 The measures taken by any enterprise or organization to secure its
computer network and data using both hardware and software systems.
 Aims at securing the confidentiality and accessibility of the data and
network.
Advantages:
 Provides protection against external threats like malware and hackers.
 Improve the performance and reliability of a network by preventing
bottlenecks and ensuring that resources are allocated appropriately.
 Measures can help organizations meet regulatory compliance
requirements.
Disadvantages:
 Can be expensive to implement and maintain.
 Can be complex to configure and manage, requiring specialized
knowledge and skills.
 Measures can sometimes slow down network performance or cause
compatibility issues with other applications.
A Cyber Security:
 Provides measure to protect our system from cyber attacks.
 Used to advance the security of the system so that we can
prevent unauthorized access to our system from the attacker.
 Protects cyberspace from attacks and damages.
Advantages of Cyber Security:
 Protects against a wide range of threats, including phishing,
ransomware, and other types of cyber attacks.
 Helps to safeguard sensitive information from theft or misuse
 Reduces the risk of financial losses due to cyber crime.
 Enhances the overall security posture of an organization.
Disadvantages of Cyber Security:
 Can be complex and difficult to implement effectively.
 May require significant resources and expertise to manage.
 Can be time-consuming to monitor and respond to threats
 May not be 100% effective in preventing all types of cyber
attacks.
 Network security and Cyber security are closely related
but distinct concepts.
 Network security focuses on securing computer
networks from unauthorized access, while cyber security
includes all aspects of security in the digital landscape.
 Understanding the differences between these two
concepts is important for individuals and organizations
looking to protect their networks, devices, and data from
cyber threats.
 By implementing effective network security and cyber
security measures, individuals and organizations can better
protect themselves from the growing number of cyber
threats in today’s digital landscape.
 Concepts of network
Course security and encryption.
Learning Finite Fields and
Arithmetic operations.
Objectives Data encryption
Standards and AES
Algorithms.
E-mail security and
Malicious software.
Cyber security issues and
Cyber anti patterns
 Introduction: Computer security
concepts, Security attacks, security
Module-1 Services, Security mechanisms and
Model for network security.
Symmetric ciphers: Symmetric
Cipher Model, Substitution
Techniques: Caesar Cipher, Mono
Alphabetic Cipher, Playfair Cipher,
Hill Cipher, polyalphabetic Cipher
and One-Time Pad (OTP).
Transposition Techniques,
Steganography.
 Finite Fields: Groups, fields.
Modular Arithmetic: Divisors,
properties of modulo operator,
Euclid’s Algorithm, Groups,
modular arithmetic operations
Module-2 and properties, groups, Rings,
Fields. Finite Fields of the form
GF(p)(Galois field), Polynomial
Arithmetic, Finite fields of the
form GF(2n).
 Block Ciphers and Data
Encryption standard:
Block Cipher Principles
Data Encryption Standard
(DES)
Module 3 Strength of DES
Advanced Encryption
Standard (AES) structure
RSA(Rivest-Shamir-
Adleman) algorithm
Diffie - Hellman Key
Exchange algorithm
 Electronic mail Security:
Pretty good privacy and
S/MIME(
Secure/Multipurpose internet
Mail Extensions).
Malicious Software: Types of
Module 4 Malicious Software, Viruses
and Virus Countermeasures.
Firewalls: Need for Firewalls,
Firewall Characteristics, Types
of Firewalls.
 Legal and Ethical Issues:
Cyber-crime and Computer
Crime, Intellectual Property
and Ethical Issues.
The Problems and Cyber anti
Module 5 patterns: Antipatterns concept,
Forces in Cyber antipatterns,
Cyber antipattern templates,
Micro antipattern templates,
Full cyber antipattern template
and Cyber security antipattern
Catalog.
 Evaluate encryption and decryption
for the given key for authentication.
Course Outcomes Explain the structure of
cryptographic algorithms, Finite
fields and their applications.

Solve to generate public/private key

using encryption techniques.

Illustrate the significance of e- mail

security and the Malicious
software.
Describe the Basic Concepts of
Cybercrime and antipatterns.
Question Paper Pattern
• Examination will be conducted for
100 marks with question paper
containing 10 full questions, each
of 20 marks.
• Each full question can have a
maximum of 4 sub questions.
• There will be 2 full questions from
each module covering all the topics
of the module.
• Students will have to answer 5 full
questions, selecting one full
question from each module.
• The total marks will be
proportionally reduced to 50 marks
as SEE marks.
 1. William Stallings,
Cryptography and
Network Security,
Principles and Practice,
5th Edition, Pearson
Textbook: Education, 2010.
2. Thomas J. Mowbray,
Cyber Security, John
Wiley and Sons,1st Edition
2013.
 Background
Use of computer requires automated tools to
protect files and other stored information.
Use of networks and communications links
requires measures/systems to protect data during
transmission.
Continuation….
• A computer network is a group of
interconnected nodes or computing devices that
exchange data and resources with each other.
• A network connection between these devices can
be established using cable or wireless media.
• Once a connection is established, communication
protocols such as TCP/IP, Simple Mail Transfer
Protocol and Hypertext Transfer Protocol are
used to exchange data between the networked
devices.
Continuation….
• Examples of computing devices
Personal computing devices include desktop
computers, laptops, smartphones, and tablets.
Because the bulk of your information is stored and
accessed via these devices, you need to take special
care in securing them.
The full form of TCP/IP is Transmission Control
Protocol/Internet Protocol. It is a protocol or practices
and regulations that control online communication
between computers
Continuation….
Protocols
• Network protocols are a set of rules outlining how
connected devices communicate across a network to
exchange information easily and safely.
Continuation….
• Cyber security is the practice of protecting
systems, networks, and programs from digital
attacks.
• These cyber attacks are usually aimed at
accessing, changing, or destroying sensitive
information; extorting money from users via
ransomware; or interrupting normal business
processes.
Definitions
• Computer Security - Generic name for the
collection of tools designed to protect data and to
prevent hackers.
• Network Security - Measures to protect data
during their transmission.
• Internet Security - Measures to protect data
during their transmission over a collection of
interconnected networks.
 Standards Organizations
National Institute of Standards & Technology (NIST)
Internet Society (ISOC)
International Telecommunication Union Telecommunication
Standardization Sector (ITU-T)
International Organization for Standardization (ISO)
RSA (Rivest-Shamir-Adleman)
 KEY POINTS
• The Open Systems Interconnection (OSI) security
architecture provides a systematic framework for
defining security attacks, mechanisms, and services.
• Security attacks are classified as either passive attacks,
which include unauthorized reading of a message of file
and traffic analysis or active attacks, such as
modification of messages or files, and denial /rejection of
service.
• A security mechanism is any process (or a device
incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. Examples of
mechanisms are encryption algorithms, digital
signatures, and authentication protocols.
• Security services include
Authentication,
Access control,
Data confidentiality
Data integrity,
 nonrepudiation, and
Availability.
• Authentication: The process or action of verifying the identity of
a user or process/The process of proving that something is real,
true, or what people say it is.
Ex: when you go through security in an airport, you show your ID
to authenticate your identity.
when you log into a system you identify yourself, then you
authenticate or prove who you are by providing a password. If the
username and password match, the system will authorize your access
provided you.
• Access control: is a security technique that regulates who or
what can view or use resources in a computing environment.
Access control is used to verify the identity of users attempting to
log in to digital resources. Ex: password.
• Data confidentiality: Protection of data from unauthorized
access and disclosure, including means for protecting personal
privacy information.
• Data integrity :The accuracy, completeness, and consistency of
data.
• Nonrepudiation: The ability to prevent a denial in an
electronic message or transaction that someone cannot deny the
validity of something.
• Availability: means ensuring that authorized users can access
information and resources when needed and that systems and
services are operational and accessible, even in the face of
disruptions.
A Definition of Computer Security
• The protection afforded to an automated information
system to attain the applicable objectives of preserving the
integrity, availability, and confidentiality of information
system resources (includes hardware, software, firmware,
information/ data, and telecommunications)
• Firmware is a form of microcode or program embedded into
hardware devices to help them operate effectively.
• Hardware like cameras, mobile phones, network cards,
optical drives, printers, routers, scanners, and television
remotes rely on firmware built into their memory to function
smoothly.
• Software: System Software, Application Software, and
Programming Software.
Three key objectives that are at the heart of
computer security:
• Confidentiality
• Integrity
• Availability
 Confidentiality:
• Data confidentiality: Assures that private or
confidential information is not made available or
disclosed to unauthorized individuals.
• Privacy: Assures that individual's control or influence
what information related to them may be collected and
stored and by whom and to whom that information may
be disclosed.
• Examples of confidential information are:
Medical information.
Names, dates of birth, addresses, contact details (of staff,
clients, patients, pupils).
Personal bank details and credit card information.
 Integrity:
• Data integrity: Assures that information and programs
are changed only in a specified and authorized
manner.
• System integrity: Assures that a system performs its
intended function in not damaged manner, free from
unintended or unauthorized manipulation of the
system.
• Hence user can have trust on system.
Ex: Validate the identity of a certain computer by using its
IP address, ensures the accuracy, completeness,
consistency, and validity of an organization's data.
Availability
• Availability: Assures that systems work promptly, and
service is not denied to authorized users.
Common examples of availability attacks are denial of service
and jamming authorized users.
The authorized users/ right people have access to information
systems.
CIA triad
• These three concepts form what is often referred to as the CIA
triad
• The three concepts symbolize the fundamental security
objectives for both data and for information and computing
services.
 FIPS(Federal Information Processing
Standard)199 provides a useful characterization
of these three objectives in terms of requirements
and the definition of a loss of security in each
category.

What is the requirements of achieving the objective

Confidentiality
• Confidentiality: Preserving authorized restrictions
on information access and disclosure, including
means for protecting personal privacy and
copyrighted information.
• A loss of confidentiality is the unauthorized
disclosure of information.
• Integrity: Guarding against improper information
modification or destruction, including ensuring
information nonrepudiation (the assurance that
someone cannot deny the validity of something. )and
authenticity.
• A loss of integrity is the unauthorized modification
or destruction of information.
• Availability: Ensuring timely and reliable access
to and use of information.
• A loss of availability is the interruption of access
to or use of information or an information system.
LEVELS OF IMPACT ON OGANIZATION WHEN
BREACH OF SECURITY RESULTS

we use three levels of impact on organizations or

individuals should there be a breach of security
(i.e., a loss of confidentiality, integrity, or
availability). These levels are defined in FIPS .
 Low

 Moderate

 High
• In cybersecurity, a "breach" refers breaking or
to any incident resulting in unauthorized access or
exposure of sensitive data, systems, or networks,
leading to potential risks like data theft, system
compromise, or operational disruption.
Low Impact
 The loss could be expected to have a limited adverse effect
on organizational operations, organizational assets, or
individuals.
 A limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might
(i) Cause a degradation in mission capability to an extent
and duration that the organization can perform its primary
functions, but the effectiveness of the functions is
noticeably reduced.
(ii) Result in minor damage to organizational assets.
(Iii) Result in minor financial loss; or
(iv) Result in minor harm to individuals.
Moderate Impact
 The loss could be expected to have a serious adverse effect
on organizational operations, assets, or individuals.
 A serious adverse effect means that, e.g., the loss might
(i) Cause a significant degradation in mission capability
to an extent and duration that the organization can perform
its primary functions, but the effectiveness of the functions
is significantly reduced;
(ii) Result in significant damage to organizational assets;
(iii) Result in significant financial loss; or
(iv) Result in significant harm to individuals that does
not involve loss of life or serious, life-threatening injuries.
 High Impact

 The loss could be expected to have a severe or terrible adverse

effect on organizational operations, organizational assets, or
individuals.
 A severe or catastrophic adverse effect means that, for example,
the loss might
(i) Cause a severe degradation in or loss of mission capability
to an extent and duration that the organization is not able to
perform one or more of its primary functions;
(ii) Result in major damage to organizational assets;
(iii) Result in major financial loss; or
(iv) Result in severe or catastrophic harm to individuals
involving loss of life or serious life-threatening injuries.
Examples of Security Requirements

Confidentiality – Student Grades Cards

Integrity – Patient Information
Availability – Authentication Service
Authenticity – Admission Ticket
Non-repudiation – Stock Sell Order.
 Computer Security Challenges
Not simple – easy to get it wrong
Must consider potential attacks
Procedures used counter-intuitive i.e a way that is
the opposite of what you would expect or what seems
to be obvious.
Involve algorithms and secret info
Must decide where to deploy mechanisms
Battle of wits between attacker / admin

Wits" refers to intelligence, keenness of mind, and the ability to

think quickly and clearly, especially in a clever and resourceful
way.
Not perceived to be of benefit until it fails
Security requires regular, even constant,
monitoring, and this is difficult in today’s short-
term, overloaded environment
Security is still too often an afterthought (extra)to
be incorporated into a system after the design is
complete rather than being an integral part of the
design process.
Many users and even security administrators view
strong security as an impediment (barrier) to
efficient and user-friendly operation of an
information system or use of information.
Computer Security is not simple to implement
• Most of the major requirements for security
services are achieving confidentiality, authentication,
nonrepudiation, or integrity.
• The mechanisms used to meet those requirements
can be quite complex and complex to configure
and manage, requiring specialized knowledge and
skills.
Must consider potential attacks
In developing a particular security mechanism or
algorithm, one must always consider potential
attacks on those security features.
In many cases, successful attacks are designed by
looking at the problem in a completely different
way, therefore exploiting an unexpected weakness
in the mechanism.
Procedures used counter-intuitive(opp)
• Typically, a security mechanism is complex, and it is
not obvious from the statement of a particular
requirement that such elaborate(rich) measures are
needed.
Involve algorithms and secret info
• Security mechanisms typically involve more than a
particular algorithm or protocol.
• They also require that participants be in possession
(control) of some secret information (e.g., an
encryption key), which raises questions about the
creation, distribution, and protection of that secret
information.
Must decide where to deploy mechanisms

• Having designed various security mechanisms,

it is necessary to decide where to use them.
This is true both in terms of physical placement
(e.g., at what points in a network are certain
security mechanisms needed) and in a logical
sense [e.g., at what layer or layers of an
architecture such as TCP/IP (Transmission
Control Protocol/Internet Protocol) should
mechanisms be placed].
Examples of this type of node are routers, switches,
hubs, gateways, load balancers, and wireless base
stations.
The layers are: Physical, Data Link, Network, Transport,
Session, Presentation and Application.
Battle of wits between attacker / admin

• Computer and network security is essentially a

battle of wits between an attacker who tries to
find holes and the designer or administrator who
tries to close them.
• The great advantage that the attacker has is that
he or she need only find a single weakness,
while the designer must find and eliminate all
weaknesses to achieve perfect security.
• A battle of wits refers to a contest of intelligence, where individuals
use their cleverness, and mental agility to beat their opponents.
Not perceived to be of benefit until it fails
• There is a natural tendency on the part of users
and system managers to perceive little benefit
from security investment until a security failure
occurs.

It highlights the need to take upbeat measures to ensure

that things continue to function smoothly and efficiently,
rather than waiting for them to fail before taking action.
Ex:
McAfee, Norton 360, Kaspersky IS, AVG, Malwarebytes
 Security Attacks
Passive Attacks and Active Attacks
• A passive attack attempts to learn or make use of
information from the system, but does not affect
system resources
• An active attack attempts to alter system resources or
affect their operation.
• Security attacks refer to the sets of actions that the
threat actors perform to gain any unauthorized access,
cause damage to systems/computers, steal data, or
compromise the computer networks. An attacker can
launch a cyber attack from any location.
• Passive attacks are very difficult to detect,
because they do not involve in any alteration
of the data.
• Passive attacks are overhearing on, or monitoring
of transmissions.
• The goal of the opponent is to obtain information
that is being transmitted.
• Two types of passive attacks are
 The release of message contents
 Traffic analysis
Release of Message Contents
• The release of message contents is easily understood from
the Figure shown below.
• A telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential
information.
• We would like to prevent an opponent from learning the
contents of these transmissions.
• The release of message content is
another threat that can compromise the security of
a network.
• This occurs when sensitive or confidential
information is transmitted through telephonic
conversation, electronic mail, or transfer files.
• The goal is to prevent an attacker from learning
the contents of these transmissions.
Passive Attack: Traffic Analysis
• A second type of passive attack, traffic analysis (figure 1.2b).
• Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents, even
if they captured the message, could not extract the
information from the message.
• The common technique for masking contents is encryption.
If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The
opponent could determine the location and identity of
communicating hosts and could observe the frequency and
length of messages being exchanged.
• This information might be useful in guessing the nature of
the communication that was taking place.
• During a traffic analysis attack, the observer analyzes the
traffic, determines the location, identifies communicating
hosts and observes the frequency and length of exchanged
messages.
• He uses all this information to predict the nature of
communication.
• All incoming and outgoing traffic of the network is analyzed
but not altered.
Active attacks
• Involve some modification of the data stream or
the creation of a false stream
can be subdivided into four categories:
• Masquerade(a false show or pretence)
• Replay
• Modification Of Messages
• And Denial Of Service.
A masquerade takes place when one entity pretends to be a
different entity (Figure 1.3a). A masquerade attack usually
includes one of the other forms of active attack. For
example, authentication sequences can be captured and
replayed after a valid authentication sequence has taken
place, thus enabling an authorized entity with few privileges
to obtain extra privileges by mimicing an entity that has
those privileges.
• A masquerade attack is one of the most
serious security threats to organizations and
individuals alike.
• It involves an unauthorized user pretending to be
someone else to gain access to confidential
information or systems.
• This type of attack has become increasingly common
as cybercriminals employ sophisticated techniques to
gain access and exploit weaknesses in networks.
• At its simplest, a masquerade attack involves an
attacker creating a false identity, such as a fake email
address or username, and using it to gain access to
sensitive information.
• Examples of Masquerade Attacks
• Masquerade attacks are a form of cyber attack in which
an attacker mimics another user, typically by using
stolen credentials such as usernames and passwords,
in order to gain unauthorized access to networks,
systems, and data. Examples of masquerade attacks
include:
• 1) Phishing: A type of social engineering attack in
which an attacker sends emails purporting(claim) to be
from a legitimate source (such as a bank or online
store) that contain malicious links or attachments.
These links or attachments can be used to gain access
to the victim's system or personal information.
Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect
(Figure 1.3b).
• There are countless ways for a cybercriminal to target
an organization or an individual, but some types of
cybercrime are more difficult to defend against than
others, and thus more dangerous. Replay attacks fall
into this category.
• For example, imagine a friend or family member is
asking you to loan them some money. You launch your
favorite payment app, and send the money. But a
threat actor is spying, so they resend the request with
modified bank details. You press "send" again,
because you are being prompted to do so, and the
money ends up in their account instead, that is how
replay attacks work.
Modification of messages simply means that some
portion of a legitimate(original) message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect (Figure 1.3c). For example, a message
meaning “Allow John Smith to read confidential file
accounts” is modified to mean “Allow Fred Brown to read
confidential file accounts.”
The denial of service prevents or inhibits the normal use or
management of communications facilities (Figure 1.3d). This
attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination
Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it with
messages so as to degrade performance. Active attacks present
the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent
their success.

 Passive attacks – focus on Prevention

• Easy to stop
• Hard to detect
 Active attacks – focus on Detection and
Recovery
• Hard to stop
• Easy to detect
Security Service
• Security service that is provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers.
• Definition: a processing or communication service that
is provided by a system to give a specific kind of
protection to system resources.
• A capability that supports one, or many, of the security
goals. Examples of security services are key
management, access control, and authentication
• Security services implement security policies and are
implemented by security mechanisms.
Applications of Security Services
 Enhance security of data processing systems and

information transfers of an organization.

 Intended to counter security attacks using one or

more security mechanisms.

 Security attacks refer to the sets of actions that the threat actors
perform to gain any unauthorized access, cause damage to
systems/computers, steal data, or compromise the computer networks.
An attacker can launch attack from any location.
 Often replicates functions normally associated
with physical documents.
• for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be authenticated or witnessed; be
recorded or licensed.
 Security Services
X.800: Defines a security service as a service that is
provided by a protocol layer of communicating open
systems and that ensures adequate security of the
systems or of data transfers.
Clearer definition is found in RFC Request for
control 2828, which provides the following definition:
a processing or communication service that is
provided by a system to give a specific kind of
protection to system resources;
Security services implement security policies and are
executed by security mechanisms.
Security Services (X.800):
Divides these services into six categories and
fourteen specific services
• AUTHENTICATION
• ACCESS CONTROL
• DATA CONFIDENTIALITY
• DATA INTEGRITY
• NON-REPUDIATION
• AVAILABILITY
Authentication - Assurance that communicating entity
is the one that it claims to be..
Access Control - Prevention of the unauthorized use of
a resource.
Data Confidentiality–Protection of data from
unauthorized disclosure.
Data Integrity - Assurance that data received is as sent
by an authorized entity.
Non-Repudiation - Protection against denial of
service by one of the parties in a communication.
Availability – Resource accessible/usable.
 AUTHENTICATION
The assurance that the communicating entity is the
one that it claims to be (authorized).
Peer Entity Authentication
Used in association with a logical connection to
provide confidence in the identity of the entities
connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance that
the source of received data is as claimed( same as
transmitted data) .
ACCESS CONTROL
The prevention of unauthorized use of a resource
i.e., this service controls who can have access to a
resource, under what conditions access can occur,
and what those accessing the resource are allowed
to do.
 DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality
The confidentiality of selected fields within the user
data on a connection
Traffic-Flow Confidentiality
The protection of the information that might be
derived from observation of traffic flows.
DATA INTEGRITY
The assurance that data received are exactly as sent
by an authorized entity (i.e., contain no modification,
insertion, deletion, or replay).
Connection Integrity with Recovery
Provides for the integrity of all user data on a
connection and detects any modification, insertion,
deletion, or replay of any data within an entire data
sequence, with recovery attempted.
Connection Integrity without Recovery
As above but provides only detection without
recovery.
Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user data of
a data block transferred over a connection and takes the form of
determination of whether the selected fields have been
modified, inserted, deleted, or replayed.
Connectionless Integrity
Provides for the integrity of a single connectionless data block
and may take the form of detection of data modification.
Additionally, a limited form of replay detection may be provided.
Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single
connectionless data block; takes the form of determination of
whether the selected fields have been modified.
NONREPUDIATION
• Provides protection against denial of service by one of the
entities involved in a communication of having participated
in all or part of the communication.
• Nonrepudiation, Origin
Proof that the message was sent by the specified party.
• Nonrepudiation, Destination
Proof that the message was received by the specified party.
SECURITY MECHANISMS
Table 1.3 lists the security mechanisms defined in
X.800.
The security mechanisms are divided into two types
 SPECIFIC SECURITY MECHANISMS
 PERVASIVE SECURITY MECHANISMS.
Security Mechanisms (X.800)

SpecificSecurity Mechanisms:
 Encipherment, Digital Signatures, Access
Controls, Data Integrity, Authentication
Exchange, Traffic Padding, Routing Control,
Notarization.
Pervasive Security Mechanisms:
 Trusted Functionality, Security Labels, Event

Detection, Security Audit Trails, Security

Recovery.
SECURITY MECHANISMS
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to
provide some of the OSI (Open Systems Interconnection) security
services.
Encipherment
The use of mathematical algorithms to transform data into a form that
is not readily intelligible. The transformation and subsequent recovery
of the data depend on an algorithm and zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit
that allows a recipient of the data unit to prove the source and
integrity of the data unit and protect against forgery (e.g., by the
recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit
or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means
of information exchange.
Traffic Padding The insertion of bits into gaps in a data stream to
disturb traffic analysis attempts.
Routing Control
Enables selection of physically secure routes for certain data and
allows routing changes, especially when a breach of security is
suspected.
Notarization
The use of a trusted third party to assure certain properties of a data
exchange (when notarization occurs, a notary public certifies the authenticity of any
signature appended to a document).
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service or protocol
layer.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as
established by a security policy).
Security Label
The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and management
functions, and takes recovery actions.
A MODEL FOR NETWORK SECURITY
 Model for Network Security
Using this model requires Admin to:
 Design a suitable algorithm for the security
transformation.
 Generate the secret information (keys) used by the

algorithm.
 Develop methods to distribute and share the secret

information.
 Specify a protocol enabling the principals to use the

transformation and secret information for a security

service.
• A message is to be transferred from one party to
another across Internet service.
• The two parties, who are the principals in this
transaction, must cooperate for the exchange to take
place.
• A logical information channel is established by
defining a route through the Internet from source to
destination and by the cooperative use of
communication protocols (e.g., TCP/IP) by the two
principals.
• Security aspects come into play when it is necessary
to protect the information transmission from an
opponent who may present a threat to confidentiality,
authenticity, and so on.
All the techniques for providing security have two components:
• A Security-related Transformation On The Information To
Be Sent. Examples include the encryption of the message,
which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of
the message, which can be used to verify the identity of the
sender.
• Some secret information shared by the two principals and,
it is unknown to the opponent. An example is an encryption
key used in conjunction with the transformation to scramble the
message before transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure
transmission. For example, a third party may be responsible for
distributing the secret information to the two principals while
keeping it from any opponent.
This general model shows that there are four basic
tasks in designing a particular security service:
1. Design an algorithm for performing the security-
related transformation. The algorithm should be
such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used
with the algorithm.
3. Develop methods for the distribution and
sharing of the secret information.
4. Specify a protocol to be used by the two
principals that makes use of the security
algorithm and the secret information to achieve
a particular security service.
• A general model of network Access security is illustrated
by Figure 1.5, which reflects a concern for protecting
an information system from unwanted access.
• Hackers, who attempt to penetrate systems that can be
accessed over a network.
• They gets satisfaction from breaking and entering a
computer system.
• The intruder can be a dissatisfied employee who wishes
to do damage or a criminal who seeks to exploit computer
assets for financial gain (e.g., obtaining credit card
numbers or performing illegal money transfers).
Hackers can present two kinds of threats:
• Information access threats: Intercept or modify
data on behalf of users who should not have access to
that data.
• Service threats: Exploit service flaws/defects in
computers to inhibit use by legal users.
• The security mechanisms needed to cope with unwanted
access fall into two broad categories (see Figure 1.5).
• The first category might be termed a gatekeeper function used
to reduced the Information access threats.
• It includes password-based login procedures that are designed
to deny access to all but allows authorized users
• The Second category might be termed as Screening logic that is
designed to detect and reject worms, viruses, and other similar
attacks.
• Once either an unwanted user or unwanted software gains access,
the second line of defense consists of a variety of internal
controls that monitor activity and analyze stored information in
an attempt to detect the presence of unwanted intruders
Model for Network Access Security:
It includes password-based login procedures that are designed
to deny access to all but allows authorized users
Model for Network Access Security
Using this Model Requires Admin To:
1. Select Appropriate Gatekeeper Functions To
Identify Users.
2. Implement Security Controls to Ensure Only

Authorized Users Access Designated

Information Or Resources
Note that Model Does Not Include:
1. Monitoring of system for successful penetration
2. Monitoring of authorized users for misuse

3. Audit recording for used in, etc.

A cryptosystem (or cipher system) is a system consisting of
an encryption algorithm, a decryption algorithm, and a well-
defined triple of text spaces:
• plaintexts
• cipher texts
• key texts.
For a given key text, the encryption algorithm will map a
plaintext to a ciphertext.
• Encryption is the process by which a readable message is
converted to an unreadable form to prevent unauthorized
parties from reading it.
• Decryption is the process of converting an encrypted
message back to its original (readable) format. The original
message is called the plaintext message.
• Ciphertext is encrypted text transformed from plaintext
using an encryption algorithm.
• Ciphertext can't be read until it has been converted into
plaintext (decrypted) with a key.
• The decryption cipher is an algorithm that transforms the
ciphertext back into plaintext.
Different forms of cryptosystem
Symmetric encryption
Non-Symmetric encryption
Symmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the same
key. It is also known as conventional encryption.
Symmetric encryption transforms plaintext into ciphertext
using a secret key and an encryption algorithm. Using the
same key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
• An original message is known as the plaintext, while
the coded message is called the ciphertext.
• The process of converting from plaintext to ciphertext
is known as enciphering or encryption.
• Restoring the plaintext from the ciphertext is
deciphering or decryption.
• The many schemes used for encryption constitute the
area of study known as cryptography. Such a scheme
is known as a cryptographic system or a cipher.
• Techniques used for deciphering a message without
any knowledge of the enciphering details fall into the
area of cryptanalysis.
• The areas of cryptography and cryptanalysis together
are called cryptology.
 Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering plaintext from ciphertext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis
Symmetric Cipher Model
A symmetric encryption scheme has five ingredients
Plaintext: This is the original intelligible message or data that
is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs
various substitutions and transformations on the plaintext.
Secret key: The secret key is also input to the encryption
algorithm. The key is a value independent of the plaintext and
of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The
exact substitutions and transformations performed by the
algorithm depend on the key.
Ciphertext: This is the scrambled message produced as
output. It depends on the plaintext and the secret key. For a
given message, two different keys will produce two different
ciphertexts.
Decryption algorithm: This is essentially the encryption
algorithm run in reverse. It takes the ciphertext and the secret
key and produces the original plaintext.
 Requirements
 Two requirements for secure use of symmetric
encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
 Mathematically have:
Y = E(K, X) = EK(X)
X = D(K, Y) = DK(Y)
 Assume Encryption algorithm is known
 security in secrecy of key alone
 implies a secure channel to distribute key
 Central problem in symmetric cryptography
There are two requirements for secure use of
conventional encryption
• We need a strong encryption algorithm: opponent
should be unable to decrypt cipher text or discover
the key even if he or she is in possession of a
number of ciphertexts together with the plaintext
• Sender and receiver must have obtained copies of
the secret key in a secure fashion and must keep the
key secure. If someone can discover the key and
knows the algorithm, all communication using this
key is readable
we do not need to keep the algorithm secret; we need to
keep only the key secret. This feature of symmetric
encryption is what makes it feasible for widespread use
Model of Symmetric Cryptosystem
• Let us take a closer look at the essential elements of a
symmetric encryption scheme, using Figure 2.2. A source
produces a message in plaintext X ={X1, X2….XM}.
• The M elements of X are letters in some finite alphabet.
Traditionally, the alphabet usually consisted of the 26
capital letters. Nowadays, the binary alphabet {0, 1} is
typically used.
• For encryption, a key of the form K=[K1, K2, …..KJ] is
generated. If the key is generated at the message source,
then it must also be provided to the destination by means
of some secure channel. Alternatively, a third party could
generate the key and securely deliver it to both source
and destination.
 Cryptography
 Can characterize cryptographic system by:
 type of encryption operations used
• substitution
• transposition
• product
 Number of keys used
• single-key or private
• two-key or public
 Way in which plaintext is processed
• block
• stream
 Cryptanalysis

 Objective to recover key not just message

 General approaches:
 Cryptanalytic attack: developing method that steal secret

keys from victims' computers and send them back to the

cryptanalyst.
 Brute-force attack: This attack involves trying every
possible key until the correct one is found. While this
attack is simple to implement, it can be time-consuming
and computationally expensive, especially for longer keys
 Cipher Strength

 unconditional security
 No matter how much computer power or time is

available, the cipher cannot be broken since the

ciphertext provides insufficient information to uniquely
determine the corresponding plaintext
 computational security
 Given limited computing resources (e.g. time needed

for calculations is greater than age of universe), the

cipher cannot be broken
 Substitution Techniques
• Classical encryption techniques.
The two basic building blocks of all encryption
techniques are
substitution
 transposition.
• A substitution technique is one in which the letters of
plaintext are replaced by other letters or by numbers or
symbols.
• If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns
with ciphertext bit patterns
 CLASSICAL SUBSTITUTION CIPHERS

 where letters of plaintext are replaced by other letters or

by numbers or symbols
 or if plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with
ciphertext bit patterns
 CAESAR CIPHER

 Earliest known substitution cipher

 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter onThe
earliest known, and the simplest, use of a substitution cig
three places further down the alphabet.
 example:
Plain: meet me after the toga party
Cipher:PHHW PH DIWHU WKH WRJD SDUWB
 Caesar Cipher

 can define transformation as:

Plain: a b c d e f g h i j k l m n o p q r s t u v w x
y z = IN
Ciper:D E F G H I J K L M N O P Q R S T U V W X Y Z A B
C = OUT

 mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

 then have Caesar (rotation) cipher as:

c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)
• If it is known that a given ciphertext is a Caesar
cipher, then a brute-force cryptanalysis is
easily performed: simply try all the 25 possible
keys..
• Three important characteristics of this problem
enabled us to use a brute force cryptanalysis:
1. The encryption and decryption algorithms are
known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and
easily recognizable
Figure 2.3 shows the results of applying this strategy to the
example ciphertext. In this case, the plaintext leaps out as
occupying the third line
Monoalphabetic Cipher
• With only 25 possible keys, the Caesar cipher is far
from secure.
• Rather than just shifting the alphabet could shuffle (
jumble) the letters arbitrarily
• Each plaintext letter maps to a different random
ciphertext letter
• Hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
• Now have a total of 26! = 4 x 1026 keys , with so
many keys, might think is secure
• but would be !!!WRONG!!! , problem is language
characteristics.
• This is 10 orders of magnitude greater than the key
space for DES and would seem to eliminate brute-
force techniques for cryptanalysis. Such an
approach is referred to as a monoalphabetic
substitution cipher, because a single cipher
alphabet (mapping from plain alphabet to cipher
alphabet) is used per message.
• It is vulnerable to Cryptanalysis
• When a cryptanalyst is aware of the nature of the plain
text, he can find the regularities of the language. To
overcome these attacks multiple substitutions for a
single letter can be used.
• Any attackers would simply break the cipher by using
frequency analysis by observing the number of times
each letter occurs in the cipher text and then looking
upon the English letter frequency table.
• Monoalphabetic ciphers are easy to break as they
reflect the frequency of the original alphabet.
• A counter measure is to provide substitutes known as
homophones for a single letter.
Language Redundancy and Cryptanalysis human
languages are redundant
• eg "th lrd s m shphrd shll nt wnt"
• letters are not equally commonly used
• in English E is by far the most common letter
• followed by T,R,N,I,O,A,S
• other letters like Z,J,K,Q,X are fairly rare
• have tables of single, double & triple letter
frequencies for various languages
English Letter Frequencies
 Use in Cryptanalysis

• key concept - monoalphabetic substitution ciphers

do not change relative letter frequencies
• discovered by Arabian scientists in 9th century
• calculate letter frequencies for ciphertext
• compare counts/plots against known values
• if caesar cipher look for common peaks/troughs
• peaks at: A-E-I triple, NO pair, RST triple
• troughs at: JK, X-Z.
• for monoalphabetic must identify each letter
• tables of common double/triple letters help
Playfair Cipher
• The best-known multiple-letter encryption cipher is
the Playfair.
• Invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair.
• Playfair Key Matrix a 5X5 matrix of letters based on a
keyword, fill in letters of keyword.
• Fill rest of matrix with other letters
• Ex. using the keyword MONARCHY
In this case, the keyword is monarchy.
• The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top
to bottom, and then filling in the remainder of the matrix
with the remaining letters in alphabetic order.
• The letters I and J count as one letter.

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Plaintext is encrypted two letters at a time, according to the
following rules.
• Repeating plaintext letters that are in the same pair are
separated with a filler letter, such as x, so that balloon would
be treated as ba lx lo on.
• Two plaintext letters that fall in the same row of the matrix are
each replaced by the letter to the right, with the first element of
the row circularly following the last. For example, ar is
encrypted as RM.
• Two plaintext letters that fall in the same column are each
replaced by the letter beneath, with the top element of the
column circularly following the last. For example, mu is
encrypted as CM
• Otherwise, each plaintext letter in a pair is replaced by the letter
that lies in its own row and the column occupied by the other
plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as
the encipherer wishes).
• The Playfair cipher is a great advance over simple
monoalphabetic ciphers.
• For one thing, whereas there are only 26 letters, so that
identification of individual diagrams is more difficult.
Furthermore, the relative frequencies of individual letters
exhibit a much greater range than that of diagrams,
making frequency analysis much more difficult there are
26 × 26 = 676 diagrams.
• It was used as the standard field system by the British
Army in World War I and still enjoyed considerable use by
the U.S. Army and other Allied forces during World War II.
• Despite this level of confidence in its security, the Playfair
cipher is relatively easy to break, because it still leaves
much of the structure of the plaintext language intact. A
few hundred letters of ciphertext are generally sufficient.
 Security of Playfair Cipher

• security much improved over monoalphabetic

• since have 26 x 26 = 676 digrams
• would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
• and correspondingly more ciphertext
• was widely used for many years
• eg. by US & British military in WW1
• it can be broken, given a few hundred letters
• since still has much of plaintext structure
 Hill Cipher
• Another interesting multi letter cipher is the Hill
cipher, developed by the mathematician Lester Hill in
1929.
• THE HILL ALGORITHM This encryption algorithm m
takes successive plaintext letters and substitutes for
them m ciphertext letters. The substitution is
determined by m linear equations in which each
character is assigned a numerical value (a=0,b=1,
….z=25) . For m=3 , the system can be described a
This can be expressed in terms of row vectors and
matrices

C = PK mod 26
where C and P are row vectors of length 3 representing
the plaintext and ciphertext, and K is a matrix
representing the encryption key. Operations are
performed mod 26. For example, consider the plaintext
“paymoremoney” and use the encryption key.
• The first three letters of the plaintext are represented by the
vector(15,0,24).
• Then(15,0,24)Kmod(26)=
(303,303,531)mod(26)=(17,17,11)=RRL . Continuing in this
fashion, the ciphertext for the entire plaintext is
RRLMWBKASPDH.
• Decryption requires using the inverse of the matrix K. We can
compute det k=23, and therefore inverse (det k) mod(26)=17, .
We can then compute the inverse as.
• Advantages of Hill Cipher
• It perfectly hides a single letter frequencies.
• use of 3X3 hill cyphers can perfectly hide both the single
letter and two letter frequency information
• strong enough against the attacks made only on the
cyber text but, it still can be easily broken is the attack is
through a Known text.
Polyalphabetic Substitution Ciphers
• Improves security using multiple cipher alphabets.
• It is more secure than a monoalphabetic cipher, which
uses only one alphabet.
• Makes cryptanalysis harder with more alphabets to
guess.
• Example of a polyalphabetic cipher are the Vigenère
cipher and Vernam cipher.
VIGENERE `CIPHER
• It is best known, and one of the simplest, polyalphabetic
ciphers.
• In this scheme, the set of related monoalphabetic
substitution rules consists of the 26 Caesar ciphers with
shifts of 0 through 25 are used.
Example of Vigenère Cipher
• Write the plaintext out
• Write the keyword repeated above it
• Use each key letter as a caesar cipher key
• Encrypt the corresponding plaintext letter
• Eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
VERNAM CIPHER
• The ultimate defense against such a cryptanalysis is to
choose a keyword that is as long as the plaintext and has
no statistical relationship to it.
• Such a system was introduced by an AT&T engineer
named Gilbert Vernam in 1918. This system works on
binary data (bits) rather than letters. The system can be
expressed briefly as follows.
One-Time Pad
• If a truly random key as long as the message is used,
the cipher will be secure called a one-time pad.
• It is unbreakable since ciphertext bears no statistical
relationship to the plaintext.
• Can only use the key once.
• Problems in generation & safe distribution of key.
• An Army Signal Corp officer, Joseph Mauborgne,
proposed an improvement to the Vernam cipher that
yields the ultimate in security.
• He suggested using a random key that is as long as the
message, so that the key need not be repeated.
• In addition, the key is to be used to encrypt and decrypt a
single message, and then is discarded.
• Each new message requires a new key of the same
length as the new message. Such a scheme, known as a
one-time pad, is unbreakable.
• It produces random output that bears no statistical
relationship to the plaintext. Because the ciphertext
contains no information whatsoever about the plaintext,
there is simply no way to break the code.
• An example should illustrate our point.
• Suppose that we are using a Vigenère scheme with 27
characters in which the twenty-seventh character is the
space character, but with a one-time key that is as long as
the message. Consider ciphertext
• Suppose that a cryptanalyst had managed to find these
two keys.
• Two possible plaintexts are produced.
• How is the cryptanalyst to decide which is the correct
decryption (i.e., which is the correct key)? If the actual
key were produced in a truly random fashion, then the
cryptanalyst cannot say that one of these two keys is
more likely than the other.
• Thus, there is no way to decide which key is correct and
therefore which plaintext is correct.
• In fact, given any plaintext of equal length to the
ciphertext, there is a key that produces that plaintext.
• Therefore, if you did an broad search of all possible
keys, you would end up with many readable plaintexts,
with no way of knowing which was the intended
plaintext.
• Therefore, the code is unbreakable.
• The security of the one-time pad is entirely due to the
randomness of the key.
• If the stream of characters that constitute the key is
truly random, then the stream of characters that
constitute the ciphertext will be truly random. Thus,
there are no patterns or regularities that a cryptanalyst
can use to attack the ciphertext.
• The one-time pad offers complete security. The one-
time pad is the only cryptosystem that exhibits what is
referred to as perfect secrecy.
Transposition Ciphers
All the techniques examined so far involve the substitution of
a ciphertext symbol for a plaintext symbol. A very different
kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is
referred to as a transposition cipher
• Classical transposition or permutation ciphers.
• Hide the message by rearranging the letter order, without
altering the actual letters used.
Different types of Transposition Ciphers
RAIL FENCE CIPHER
• The simplest such cipher is the rail fence technique, in
which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.
• The example message is: "meet me after the toga party"
with a rail fence of depth 2.
• This sort of thing would be minor to cryptanalyze.
write message letters out diagonally over a number of rows
then read off cipher row by row
• Eg. write message out as:
mematrhtgpry
etefeteoaat
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
COLUMNAR TRANSPOSITION
A more complex scheme is to write the message in a rectangle,
row by row, and read the message off, column by column, but
transpose the order of the columns. The order of the columns
then becomes the key to the algorithm. For example key :4 3 1 2
5 6 7 and plaintext: attack postponed until two am

Thus, in this example, the key is 4312567. To encrypt, start

with the column that is labeled 1, in this case column 3.
Write down all the letters in that column. Proceed to column
4, which is labeled 2, then column 2, then column 1, then
columns 5, 6, and 7.
STEGANOGRAPHY
• We conclude with a discussion of a technique that (strictly
speaking), is not encryption, namely, steganography.
• A plaintext message may be hidden in one of two ways.
• The methods of steganography hide the existence of the
message, whereas the methods of cryptography render
the message unintelligible to outsiders by various
transformations of the text.
• A simple form of steganography, but one that is time-
consuming to construct, is one in which an arrangement of
words or letters within an apparently mild text spells out
the real message.
• For example, the sequence of first letters of each word of
the overall message spells out the hidden message.
• Steganography has a number of drawbacks when
compared to encryption.
• It requires a lot of overhead to hide a relatively few bits of
information, although using a scheme like that proposed
in the preceding paragraph may make it more effective.
• The advantage of steganography is that it can be
employed by parties who have something to lose should
the fact of their secret communication (not necessarily the
content) be discovered.
• Encryption flags traffic as important or secret or may
identify the sender or receiver as someone with
something to hide.
 STEGANOGRAPHY
 An alternative to encryption, not encryption
 Hides existence of message
 using only a subset of letters/words in a longer
message, marked in some way, using invisible ink,
hiding in LSB in graphic image or sound file hide in
“noise”
Has drawbacks
 high overhead to hide relatively few info bits
Advantage is can obscure(unclear) encryption
use