INFORMATION SECURITY SYSTEM

# Topic :- Stream and Block Cipher

Block Cipher and Stream Cipher are the types of symmetric key cipher. These
two block ciphers are used to transform plain text into ciphertext.

Block Cipher
A Block Cipher encrypts data in fixed-size blocks usually 64 or 128 bits at a
time. The encryption algorithm processes each block of data separately using
the cryptographic key to transform the plaintext into the ciphertext. Block
ciphers function on complex mathematical computation and permutation to
ensure that the data encrypted is safe. The choice of block size does not directly
affect the strength of the encryption scheme.
The strength of the cipher depends upon the key length. However, any size of the
block is acceptable. The following aspects can be kept in mind while selecting
the size of a block:
• Avoid very small block sizes,
• Do not have very large block sizes
• In Multiples of 8-bit.
Examples: AES, DES and Blowfish.

Stream Cipher
A stream cipher encrypts data one bit or byte at a time. It uses a keystream
generator to produce a stream of pseudo-random bits, which are then combined
with the plaintext bits (usually via XOR operation) to produce ciphertext.
It can be categorized into the synchronous, self-synchronizing and one-time pad
types.

Examples: RC4, Salsa20, and ChaCha20.

Difference Between Block Cipher and Stream Cipher :-

Parameter Stream Cipher Block Cipher

Encrypts data one bit or
Encrypts data in fixed-size
Basic Definition byte at a time using a
blocks (e.g., 64 or 128 bits)
keystream
Data Processing Bit-by-bit or byte-by-byte Block-by-block
Parameter Stream Cipher Block Cipher
Uses a pseudorandom Uses a fixed key to encrypt
Keystream keystream which is XORed entire blocks (may include
with plaintext multiple modes of operation)
Not required as it processes Required if plaintext is not a
Padding
one bit/byte at a time multiple of block size
Faster and suitable for real- Slower, but more secure for
Speed
time data like voice or video large files or structured data
Minimal – errors only affect High – error in one bit can
Error Propagation
one or a few bits corrupt the entire block
More complex due to modes
Simpler to implement and
Complexity (CBC, ECB, GCM, etc.) and
less resource-intensive
padding
Live data streams, secure File encryption, secure
Use Case voice calls, online games, messaging apps, databases,
IoT disk encryption
Security Depends heavily on the Depends on block algorithm
Dependency quality of keystream and mode of operation
Very risky – reusing a
Key/IV Reuse Still risky, but mitigated via
keystream exposes plaintext
Risk IV and chaining modes
(e.g., in RC4)
RC4, A5/1 (GSM), Salsa20,
Popular Examples AES, DES, Blowfish, Twofish
ChaCha20
Implementation Suitable for hardware and Suitable for software and
Suitability constrained environments large data encryption

Block Cipher :- Modes Of Operation

Block Cipher Modes of Operation define how to securely encrypt and decrypt
large amounts of data using a block cipher.
Electronic Code Book (ECB)
The electronic codebook is the easiest block cipher mode of functioning. It is
easier because of the direct encryption of each block of input plaintext and output
is in the form of blocks of encrypted ciphertext. Generally, if a message is larger
than b bits in size, it can be broken down into a bunch of blocks and the
procedure is repeated.
The procedure of ECB is illustrated below:

Advantages of using ECB

• Parallel encryption of blocks of bits is possible, thus it is a faster way of
encryption.
• Simple way of the block cipher.
Disadvantages of using ECB
• Prone to cryptanalysis since there is a direct relationship between plaintext
and ciphertext.
• Identical plaintext blocks produce identical ciphertext blocks, which can
reveal patterns.

Cipher Block Chaining

Cipher block chaining or CBC is an advancement made on ECB since ECB
compromises some security requirements. In CBC, the previous cipher block is
given as input to the next encryption algorithm after XOR with the original
plaintext block. In a nutshell here, a cipher block is produced by encrypting an
XOR output of the previous cipher block and present plaintext block.

Advantages of CBC
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
• More secure than ECB as it hides patterns.
Disadvantages of CBC
• Requires the previous ciphertext block for encryption and decrypiton
making parallel processing difficult.

Cipher Feedback Mode (CFB)

In this mode the cipher is given as feedback to the next block of encryption with
some new specifications: first, an initial vector IV is used for first encryption and
output bits are divided as a set of s and b-s bits.
Advantages of CFB
• Since, there is some data loss due to the use of shift register, thus it is
difficult for applying cryptanalysis.
• Can handle data streams of any size.
Disadvantages of using CFB
• The drawbacks of CFB are the same as those of CBC mode. Both block
losses and concurrent encryption of several blocks are not supported by the
encryption. Decryption, however, is parallelizable and loss-tolerant.
• Slightly more complex and can propagate errors.

Output Feedback Mode

The output feedback mode follows nearly the same process as the Cipher
Feedback mode except that it sends the encrypted output as feedback instead of
the actual cipher which is XOR output. In this output feedback mode, all bits of
the block are sent instead of sending selected s bits. The Output Feedback mode
of block cipher holds great resistance towards bit transmission errors. It also
decreases the dependency or relationship of the cipher on the plaintext.
Advantages of OFB
• In the case of CFB, a single bit error in a block is propagated to all
subsequent blocks. This problem is solved by OFB as it is free from bit
errors in the plaintext block. Thus errors in transmission don’t propagate.
Disadvantages of OFB
• The drawback of OFB is that, because to its operational modes, it is more
susceptible to a message stream modification attack than CFB.
• If the keystream is reused, security is compromised.

Counter Mode
The Counter Mode or CTR is a simple counter-based block cipher
implementation. Every time a counter-initiated value is encrypted and given as
input to XOR with plaintext which results in ciphertext block. The CTR mode is
independent of feedback use and thus can be implemented in parallel.
Advantages of Counter
• Since there is a different counter value for each block, the direct plaintext
and ciphertext relationship is avoided. This means that the same plain text
can map to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages
are not chained as in the case of CBC.
Disadvantages of Counter
• The fact that CTR mode requires a synchronous counter at both the
transmitter and the receiver is a severe drawback. The recovery of plaintext
is inaccurate when synchronization is lost.

Design Principles Of Block Cipher :-

Block ciphers are built in the Feistel cipher structure.Block cipher is a type of
encryption algorithm that processes fixed-size blocks of data, usually 64 or 128
bits, to produce ciphertext. The design of a block cipher involves several
important principles to ensure the security and efficiency of the algorithm. Some
of these principles are :-
1. Number of Rounds – The number of Rounds is regularly considered in
design criteria, it just reflects the number of rounds to be suitable for an
algorithm to make it more complex, in DES we have 16 rounds ensuring it
to be more secure while in AES we have 10 rounds which makes it more
secure.
2. Design of function F – The core part of the Feistel Block cipher structure is
the Round Function. The complexity of cryptanalysis can be derived from
the Round function i.e. the increasing level of complexity for the round
function would be greatly contributing to an increase in complexity. To
increase the complexity of the round function, the avalanche effect is also
included in the round function, as the change of a single bit in plain text
would produce a mischievous output due to the presence of avalanche
effect.
3. Confusion and Diffusion: The cipher should provide confusion and
diffusion to make it difficult for an attacker to determine the relationship
between the plaintext and ciphertext. Confusion means that the ciphertext
should be a complex function of the key and plaintext, making it difficult to
guess the key. Diffusion means that a small change in the plaintext should
cause a significant change in the ciphertext, which makes it difficult to
analyze the encryption pattern.
4. Key Size: The key size should be large enough to prevent brute-force
attacks. A larger key size means that there are more possible keys, making it
harder for an attacker to guess the correct one. A key size of 128 bits is
considered to be secure for most applications.
5. Key Schedule: The key schedule should be designed carefully to ensure
that the keys used for encryption are independent and unpredictable. The
key schedule should also resist attacks that exploit weak keys or key-
dependent properties of the cipher.
6. Block Size: The block size should be large enough to prevent attacks that
exploit statistical patterns in the plaintext. A block size of 128 bits is
generally considered to be secure for most applications.
7. Non-linearity: The S-box used in the cipher should be non-linear to
provide confusion. A linear S-box is vulnerable to attacks that exploit the
linear properties of the cipher.
8. Avalanche Effect: The cipher should exhibit the avalanche effect, which
means that a small change in the plaintext or key should cause a significant
 change in the ciphertext. This ensures that any change in the input results in
a complete change in the output.
9. Security Analysis: The cipher should be analyzed for its security against
various attacks such as differential cryptanalysis, linear cryptanalysis, and
brute-force attacks. The cipher should also be tested for its resistance to
implementation attacks, such as side-channel attacks.

# Topic :- Active and Passive Attacks

A cyber attack occurs when hackers try to penetrate computer systems or
networks with a personal agenda or some purpose to damage or steal information
by gaining unauthorized access to computer systems. It can occur to anyone,
either companies or government agencies, which can then have stolen data and
financial losses.
Active Attacks
Active attacks are unauthorized actions that alter the system or data. In an active
attack, the attacker will directly interfere with the target to damage or gain
unauthorized access to computer systems and networks. This is done by injecting
hostile code into communications, masquerading as another user, or altering data
to get unauthorized access.
Types of active attacks are as follows:
1. Masquerade Attack
2. Modification of Messages
3. Repudiation
4. Replay Attack
5. Denial Of Service Attack (DoS)

Passive Attacks
A Passive attack attempts to learn or make use of information from the system
but does not affect system resources. Passive Attacks are in the nature of
eavesdropping on or monitoring transmission. The goal of the opponent is to
obtain information that is being transmitted. Passive attacks involve an attacker
passively monitoring or collecting data without altering or destroying it.
Types of Passive Attacks :-

Type Description
Attacker listens to private communications to gain
Eavesdropping
sensitive information.
Attacker studies the patterns, size, and timing of the
Traffic Analysis
messages, even if encrypted, to deduce useful info.

Difference Between Active and Passive Attacks

Parameter Passive Attack Active Attack

Attack that involves Attack that involves
Definition monitoring or modifying, disrupting, or
eavesdropping only injecting data
To gain unauthorized To alter, damage, or disrupt
Goal
access to information the system or data
No modification of
Effect on Data Modifies or destroys data
data
Easier to detect (due to
Hard to detect (as no
Detection Difficulty changes in data/system
changes are made)
behavior)
Threat to Confidentiality Integrity and Availability
- Masquerade
- Eavesdropping - Replay attack
Examples
- Traffic analysis - DoS attack
- Data tampering
Victim usually
User Awareness Victim often notices impact
unaware
Parameter Passive Attack Active Attack
- Digital signatures
- Encryption
- Firewalls
Defense Mechanisms - Secure protocols
- Intrusion detection systems
(SSL/TLS)
(IDS)

# Topic :- Security Services And Security Mechanisms

Security services encompass a range of measures and protocols designed to
safeguard information, systems, and networks from unauthorized access, misuse,
or damage. These services are fundamental in ensuring the confidentiality,
integrity, and availability of sensitive data and resources.

Types of Security Services :-

1. Authentication: Verifying the identity of users or entities attempting to
access a system or resource.
2. Authorization: Granting or denying access rights and privileges to
authenticated users.
3. Encryption: Encoding data to prevent unauthorized access, ensuring
confidentiality.
4. Integrity: Ensuring that data remains intact and unaltered during storage,
transmission, or processing.
5. Auditing and Logging: Monitoring and recording activities to track and
analyse security-related events.
6. Intrusion Detection and Prevention: Identifying and responding to
unauthorized access attempts or malicious activities.
7. Firewalls: Implementing barriers to control incoming and outgoing
network traffic based on predetermined security rules.

Security Mechanisms
Security mechanisms are the specific tools, protocols, or procedures employed to
enforce security services. These mechanisms work together to implement and
maintain the desired level of security within an organization's infrastructure.
Examples include encryption algorithms, access control lists, digital signatures,
and secure communication protocols.
Relation between security services and mechanisms
Security Service Security Mechanism
Authentication Biometric scanners, Passwords
Access control lists (ACLs), Role-based access
Authorization
control (RBAC)
Encryption Advanced Encryption Standard (AES), RSA
Integrity Hash functions, Digital signatures
Security Information and Event Management
Auditing and Logging
(SIEM) systems
Intrusion Detection and Intrusion Detection Systems (IDS), Intrusion
Prevention Prevention Systems (IPS)
Firewalls Packet filtering, Stateful inspection

Types of Security Mechanism

Security
Category Purpose / Description
Mechanism
Transforms readable data into
Encryption /
1 Encipherment unreadable form to ensure
Decryption
confidentiality.
Authentication + Verifies origin and integrity of
2 Digital Signature
Integrity messages/documents.
Authorization Controls who can access what
3 Access Control
Mechanism resources under which conditions.
Ensures that data has not been
Hashing,
4 Data Integrity modified or tampered with during
Checksums
transmission or storage.
 Security
Category Purpose / Description
Mechanism
5 Authentication User/System Verifies the identity of entities
Exchange Verification communicating in a system.
Sends additional traffic to hide the
Dummy Data
6 Traffic Padding actual data flow and resist traffic
Insertion
analysis.
Ensures data packets follow secure
7 Routing Control Safe Path Selection
network routes.
Involves a trusted third party (e.g.,
Trusted Third-
8 Notarization timestamping service) to ensure non-
Party Verification
repudiation.
Logs all user and system activities to
9 Audit Trails / System Activity
detect anomalies and investigate
Event Logging Recording
incidents.
10 Intrusion
Monitors system/network activity for
Detection Systems Anomaly Detection
signs of malicious behavior.
(IDS)

# Topic :- Feistal Network Structure

A Feistel Cipher is not a specific algorithm but a design model used to construct
various block ciphers (e.g., DES). It allows encryption and decryption using the
same basic algorithm, with a small difference in key usage for decryption.
Key Parameters Important for Feistel Network
Parameter Explanation
Multiple rounds improve security. Each round applies a
1. Number of
function to part of the data and mixes it with the rest. DES uses
Rounds
16 rounds.
2. Subkeys Derived from the main key and used one per round. In
(Round Keys) decryption, the same subkeys are used but in reverse order.
Parameter Explanation
A crucial component of each round. Takes half the block and a
3. Round
subkey as input, and produces output that is mixed with the
Function (F)
other half (using XOR).
Size of the plaintext input block, usually split into left (L) and
4. Block Size
right (R) halves (e.g., 64 bits → 32-bit L and R).
5. Initial The plaintext block is split into two halves (L0 and R0)
Splitting before the first round begins.
After all rounds, L and R are swapped before combining
6. Swapping
them to form the ciphertext. Without this, decryption using the
(Final Step)
same algorithm won’t work.

Encryption Process in Feistel Cipher

• The plaintext block is divided into two equal halves: Left (L) and Right
(R).
 • The cipher performs multiple rounds, typically 16, depending on the
algorithm.
• In each round:
• A round function is applied to one half (usually R), and the result is
combined with the other half (L).
• This includes substitution and permutation operations to increase
security.
• A unique subkey is used in each round, derived from the main key.
• After all rounds are completed, the final step involves swapping the left
and right halves.
• The combined result of the swapped halves is the ciphertext.

Decryption Process in Feistel Cipher

• The ciphertext is first split into two halves, similar to encryption.
• The decryption process uses the same structure as encryption.
• The only difference is that the round keys are applied in reverse order.
• The same operations (substitution and permutation) are applied during each
round.
• After all rounds, a final swap of the two halves is performed.
• The result is the original plaintext.

# Topic :- Play Fair Cipher Technique

The Playfair cipher was the first practical digraph substitution cipher. The
scheme was invented in 1854 by Charles Wheatstone but was named after Lord
Playfair who promoted the use of the cipher

Encryption Technique
The algorithm consists of 2 steps:
1. Generate the key Square (5×5):
 • The key square is a 5×5 grid of alphabets that acts as the key for
encrypting the plaintext. Each of the 25 alphabets must be unique and
one letter of the alphabet (usually J) is omitted from the table (as the
table can hold only 25 alphabets). If the plaintext contains J, then it is
replaced by I.
• The initial alphabets in the key square are the unique alphabets of the
key in the order in which they appear followed by the remaining
letters of the alphabet in order.
2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two
letters (digraphs). If there is an odd number of letters, a Z is added to the
last letter.

Rules for Encryption

If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom).
If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
If neither of the above rules is true: Form a rectangle with the two letters and
take the letters on the horizontal opposite corner of the rectangle.

For example:
Plain Text: “instrumentsz”
Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l
n -> r
t -> q
s -> t
z -> x

Decryption Technique
Decrypting the Playfair cipher is as simple as doing the same process in reverse.
The receiver has the same key and can create the same key table, and then
decrypt any messages made using that key.
The Algorithm consists of 2 steps:
1. Generate the key Square(5×5) at the receiver’s end:

• The key square is a 5×5 grid of alphabets that acts as the key for
encrypting the plaintext. Each of the 25 alphabets must be unique and
one letter of the alphabet (usually J) is omitted from the table (as the
table can hold only 25 alphabets). If the plaintext contains J, then it is
replaced by I.
• The initial alphabets in the key square are the unique alphabets of the
key in the order in which they appear followed by the remaining
letters of the alphabet in order.
2. Algorithm to decrypt the ciphertext: The ciphertext is split into pairs of two
letters (digraphs).
Note: The ciphertext always have even number of characters.
Rules for Decryption
If both the letters are in the same column: Take the letter above each one (going
back to the bottom if at the top).
If both the letters are in the same row: Take the letter to the left of each one
(going back to the rightmost if at the leftmost position).
If neither of the above rules is true: Form a rectangle with the two letters and
take the letters on the horizontal opposite corner of the rectangle.
For example:
Plain Text: “gatlmzclrqtx”
Decrypted Text: instrumentsz
Decryption:
(red)-> (green)
ga -> in
tl -> st
mz -> ru
cl -> me
rq -> nt
tx -> sz

Advantages:
• Encrypts two letters at a time, making it more secure than simple
substitution.
• Easy to understand and implement manually.
• Provides better resistance to frequency analysis compared to
monoalphabetic ciphers.
Disadvantages:
• Still vulnerable to cryptanalysis with enough ciphertext.
• Cannot handle digits or special characters.
• Merges 'I' and 'J', causing ambiguity.
• Not secure enough for modern encryption needs.

# Topic :- RSA Algorithm

RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key
cryptography algorithm which means it works on two different keys: Public
Key and Private Key. The Public Key is used for encryption and is known to
everyone, while the Private Key is used for decryption and must be kept secret
by the receiver. RSA Algorithm is named after Ron Rivest, Adi Shamir and
Leonard Adleman, who published the algorithm in 1977.
Example of Asymmetric Cryptography:
If Person A wants to send a message securely to Person B:
• Person A encrypts the message using Person B’s Public Key.
• Person B decrypts the message using their Private Key.
RSA Algorithm
RSA Algorithm is based on factorization of large number and modular
arithmetic for encrypting and decrypting data. It consists of three main stages:
1. Key Generation: Creating Public and Private Keys
2. Encryption: Sender encrypts the data using Public Key to get cipher text.
3. Decryption: Decrypting the cipher text using Private Key to get the
original data.
Advantages
• Security: RSA algorithm is considered to be very secure and is widely used
for secure data transmission.
• Public-key cryptography: RSA algorithm is a public-key cryptography
algorithm, which means that it uses two different keys for encryption and
decryption. The public key is used to encrypt the data, while the private key
is used to decrypt the data.
• Key exchange: RSA algorithm can be used for secure key exchange, which
means that two parties can exchange a secret key without actually sending
the key over the network.
• Digital signatures: RSA algorithm can be used for digital signatures,
which means that a sender can sign a message using their private key, and
the receiver can verify the signature using the sender’s public key.
• Widely used: Online banking, e-commerce, and secure communications
are just a few fields and applications where the RSA algorithm is
extensively developed.

Disadvantages
• Slow processing speed: RSA algorithm is slower than other encryption
algorithms, especially when dealing with large amounts of data.
• Large key size: RSA algorithm requires large key sizes to be secure, which
means that it requires more computational resources and storage space.
 • Vulnerability to side-channel attacks: RSA algorithm is vulnerable to
side-channel attacks, which means an attacker can use information leaked
through side channels such as power consumption, electromagnetic
radiation, and timing analysis to extract the private key.
• Limited use in some applications: RSA algorithm is not suitable for some
applications, such as those that require constant encryption and decryption
of large amounts of data, due to its slow processing speed.
• Complexity: The RSA algorithm is a sophisticated mathematical technique
that some individuals may find challenging to comprehend and use.
• Key Management: The secure administration of the private key is
necessary for the RSA algorithm, although in some cases this can be
difficult.
• Vulnerability to Quantum Computing: Quantum computers have the
ability to attack the RSA algorithm, potentially decrypting the data.

# Topic :- DES (Data Encryption Standard) Algorithm

The Data Encryption Standard algorithm is a block cipher algorithm that takes in
64-bit blocks of plaintext at a time as input and produces 64-bit blocks of cipher
text at a time, using a 48-bit key for each input. In block cipher algorithms, the
text to be encrypted is broken into ‘blocks’ of text, and each block is encrypted
separately using the key.
The decryption process is the exact opposite of the encryption. It takes in a 64 bit
block of ciphertext, and produces the 64 bit block of plaintext using the same 48
bit key during encryption.
The encryptor and the decryptor need to use the same key, otherwise, they will
not be able to communicate together.
The DES algorithm was successful in the early days of the internet, but its short
key length of 56 bits makes it too insecure for today’s applications. With the
evolution of technology and the increase in computing power, an attacker with
sufficient computing resources can break the key within a few minutes. It has
however been highly influential in the development and advancement of
cryptography.

DES Encryption: Step-by-Step Explanation

DES encrypts a 64-bit block of plaintext using a 56-bit key through 16 rounds
of complex processing. Let’s break down the steps:

Step 1: Key Preparation

• A 64-bit key is provided, but only 56 bits are used (8 bits are for parity
checking).
• From the 56-bit key, 16 subkeys (each 48 bits) are generated, one for each
round, using key scheduling (involving permutation and shifts).

Step 2: Initial Permutation (IP)

• The 64-bit plaintext block is rearranged according to a fixed Initial
Permutation (IP) table.
• Result: A permuted 64-bit block is obtained.

Step 3: Splitting
• The permuted block is divided into two 32-bit halves:
o Left Half: L0
o Right Half: R0
 Step 4: 16 Rounds of Feistel Structure
Each round (i = 1 to 16) involves the following operations:
1. Expansion (E-box):
o Expand the 32-bit right half Ri-1 to 48 bits using the expansion table
(duplicate certain bits).
2. Key Mixing (XOR):
o XOR the expanded right half with the 48-bit round key (Ki):
E(Ri-1) ⊕ Ki
3. Substitution (S-boxes):
o Divide the 48-bit result into eight 6-bit blocks.
o Pass each block through its corresponding S-box, which reduces it to
4 bits.
o Combine all 8 outputs into a 32-bit block.
4. Permutation (P-box):
o Rearrange the 32-bit output using a fixed P-box permutation.
5. XOR with Left Half:
o New right half: Ri = Li-1 ⊕ P(S(E(Ri-1) ⊕ Ki))
o New left half: Li = Ri-1
This process is repeated for all 16 rounds with a different key for each round.

Step 5: Final Swap

• After 16 rounds, swap the final left and right halves:
Combine as [R16 | L16] (not [L16 | R16])
•

Step 6: Inverse Initial Permutation (IP⁻¹)

• Apply the inverse of the initial permutation to the combined 64-bit block.
• The result is the 64-bit ciphertext.
DES Decryption: Step-by-Step Explanation
DES decryption uses the same Feistel structure as encryption, ensuring that
encryption and decryption operations are almost identical.

Step 1: Receive the Ciphertext

• A 64-bit ciphertext block is taken as input.

Step 2: Initial Permutation (IP)

• The ciphertext block is permuted using the Initial Permutation (IP) table.
• Output is a rearranged 64-bit block.

Step 3: Splitting
• Split the permuted block into two halves:
o Left Half: L0
o Right Half: R0

Step 4: 16 Rounds of Feistel Structure (Subkeys Reversed)

Each round (i = 1 to 16) involves:
1. Expansion (E-box):
o Expand the 32-bit right half to 48 bits.
2. Key Mixing (XOR):
o XOR the result with the round subkey Ki, but this time the keys are
used in reverse order:
▪ In round 1 of decryption, use K16
▪ In round 2, use K15
▪ ... up to K1 in round 16
3. Substitution (S-boxes):
o Divide the 48-bit output into eight 6-bit blocks, pass each through an
S-box, and combine into 32 bits.
4. Permutation (P-box):
o Rearrange the 32-bit output using the P-box.
5. XOR with Left Half:
o New Right Half: Ri = Li-1 ⊕ F(Ri-1, Ki)
o New Left Half: Li = Ri-1
Repeat for 16 rounds, using the subkeys in reverse order from encryption.

Step 5: Final Swap

• After round 16, swap the final left and right halves:
Combine as [R16 | L16].
Step 6: Inverse Initial Permutation (IP⁻¹)
• Apply the inverse permutation to the 64-bit block.
• Output is the original 64-bit plaintext.

Advantages of DES
• Simple and easy to implement.
 • Efficient in hardware.
• Standardized and widely adopted.
• Basis for stronger algorithms (e.g., Triple DES).

Disadvantages of DES
• Short 56-bit key — vulnerable to brute-force attacks.
• Not secure for modern data protection.
• Susceptible to known cryptanalysis techniques.
• Limited 64-bit block size.

Applications of DES
• Early ATM and banking systems.
• Secure voice/data transmission.
• File encryption (historically).
• Legacy systems (limited modern use).

# Topic :- AES (Advanced Encryption Standard) Algorithm

AES is a symmetric key block cipher developed as a replacement for the
insecure DES algorithm.It was adopted as the U.S. Federal Encryption
Standard in 2001.
AES encrypts data in 128-bit blocks using key sizes of 128, 192, or 256 bits.
Unlike DES, AES is not based on the Feistel structure, but on a Substitution–
Permutation Network (SPN)

Working
• AES works on a 4×4 matrix of bytes known as the State.
• The number of rounds depends on the key length:
o 10 rounds for 128-bit key
 o 12 rounds for 192-bit key
o 14 rounds for 256-bit key
• Each round involves a series of transformations to increase confusion and
diffusion of the plaintext.

AES Encryption :-
Step 1: Key Expansion
• The 128-bit cipher key is expanded to generate 11 round keys (each 128-
bit).
• These are used in the 10 rounds + initial round.

Step 2: Initial Round

• AddRoundKey: XOR the initial plaintext block with the first round key.

Step 3: 9 Main Rounds (Rounds 1 to 9)

Each round includes:
1. SubBytes:
o Each byte in the state is substituted using a fixed S-Box (non-linear
substitution).
2. ShiftRows:
o Each row of the state is cyclically shifted to the left:
▪ 1st row → unchanged
▪ 2nd row → shift left by 1 byte
▪ 3rd row → shift left by 2 bytes
▪ 4th row → shift left by 3 bytes
3. MixColumns:
o Each column is transformed using matrix multiplication over a finite
field (improves diffusion).
4. AddRoundKey:
o XOR the current state with the round key.

Step 4: Final Round (Round 10)

• This round skips the MixColumns step.
1. SubBytes
2. ShiftRows
3. AddRoundKey

Output: 128-bit Ciphertext

AES Decryption (Step-by-Step)

The decryption process follows the same number of steps in reverse, using
inverse operations and round keys in reverse order.
 Step 1: Key Expansion
• Same as in encryption: generate all round keys in advance.

Step 2: Initial Round

• AddRoundKey: XOR ciphertext with the final round key.

Step 3: 9 Main Rounds (Rounds 1 to 9)

Each round includes:
1. InvShiftRows:
o Rows are shifted right (reverse of ShiftRows).
2. InvSubBytes:
o Each byte is replaced using the inverse S-Box.
3. AddRoundKey:
o XOR with the appropriate round key.
4. InvMixColumns:
o Columns are transformed using inverse matrix multiplication.

Step 4: Final Round

• This round skips InvMixColumns
1. InvShiftRows
2. InvSubBytes
3. AddRoundKey (initial round key)

Output: 128-bit Plaintext

Advantages:
• Strong Security (against brute-force and cryptanalysis)
 • Flexible Key Lengths (128, 192, 256 bits)
• Fast in both hardware and software
• Widely adopted standard (banks, government, cloud)

Disadvantages:
• Complex algorithm compared to DES.
• Key management is critical (especially in large systems).
• Vulnerable if implemented poorly (e.g., side-channel attacks).

5. Applications of AES
• Data encryption for secure storage (e.g., files, databases)
• SSL/TLS encryption in secure web browsing
• Wi-Fi Security (WPA2/WPA3)
• Mobile app and OS encryption
• Cloud computing and VPN encryption

Difference Between AES and DES :-

Feature AES DES
Full Form Advanced Encryption Standard Data Encryption Standard
Symmetric Block Cipher
Symmetric Block Cipher
Algorithm Type (Substitution-Permutation
(Feistel Structure)
Network)
Block Size 128 bits 64 bits
Key Sizes 128, 192, 256 bits 56 bits (actual key)
Number of 10 (AES-128), 12 (AES-192), 14
16 rounds
Rounds (AES-256)
Feature AES DES
Very high (secure for modern Low (vulnerable to brute-
Security Level
use) force attacks)
Speed and Fast in both hardware and Fast in hardware, slower
Efficiency software in software
Substitution-Permutation
Structure Type Feistel Network
Network
Extensive key expansion for
Key Expansion Simple subkey generation
round keys
Known Vulnerable to brute-force
Minimal if properly implemented
Vulnerabilities and differential attacks
Obsolete; replaced by
Current Status Widely used and recommended
AES and Triple DES

# Topic :- Columnar Transposition Technique

A classical encryption technique based on permutation of plaintext letters.
It rearranges the characters of the plaintext column-wise based on a keyword.
It is a type of transposition cipher, meaning the characters remain the same but
their positions change.
Working of Columnar Transposition Cipher

Encryption Steps:
1. Choose a Keyword:
o Select a keyword which will determine the column order for
rearranging characters.
2. Number the Columns:
o Assign numerical positions to each letter in the keyword based on
alphabetical order.
 3. Arrange Plaintext in a Grid:
o Write the plaintext row-wise in a matrix under each column of the
keyword.
4. Pad if Necessary:
o If the plaintext doesn’t perfectly fill the grid, pad with a filler
character (e.g., 'X').
5. Read Columns in Numbered Order:
o Rearrange and read the columns according to the numerical order of
the keyword letters to get the ciphertext.

Decryption Steps:
1. Determine Grid Size:
o Calculate the number of rows based on ciphertext length and keyword
length.
2. Reconstruct the Column Order:
o Use the keyword to identify the original order of the columns.
3. Fill the Grid Column-Wise:
o Place the ciphertext into the grid column by column according to the
numbered column order.
4. Read Row-Wise:
o Read the grid row by row to reconstruct the original plaintext.

# Topic :- Linear and Differential Cryptoanalysis

Cryptanalysis is the process of transforming or decoding communications from
non-readable to readable format without having access to the real key. OR we
may say it is the technique of retrieving the plain text of the communication
without having access to the key. Cryptoanalysis is the art, science, or practice
of decrypting encrypted messages. The secret key used for encryption and
decoding is considered to be unknown to the cryptologists, mathematicians, and
other scientists participating in the process. In contrast to a brute force attack, this
form of analysis seeks vulnerabilities in a cryptosystem.

Types of Cryptanalytic Attacks:

1. Ciphertext only attack:
1. In this type of cryptanalytic attack, the attacker has the knowledge of only
the ciphertext.
2. The attacker has to detect the plain text using the ciphertext only.
3. This type of attack is not very easy to be implemented.
2. Known plain text only attack:
1. In this type of cryptanalytic attack, the attacker has the knowledge of some
plain text as well as ciphertext.
2. The attacker tries to decrypt the messages using these two.
3. This type of attack is somewhat easy to implement.

Goals of Cryptanalysis :-
1. Recover plaintext without knowing the key.
2. Discover the encryption key used.
3. Find weaknesses in cryptographic algorithms.
4. Evaluate the strength of encryption techniques.
Types :-
1. Linear Cryptanalysis
Definition:
Linear cryptanalysis is a statistical method of cryptanalysis that attempts to find a
linear approximation between plaintext, ciphertext, and key bits.
Working:
• Based on discovering linear relationships between:
o Plaintext bits
o Ciphertext bits
o Key bits
• Uses a large number of plaintext-ciphertext pairs.
• Identifies linear expressions that hold true with a probability significantly
different from 0.5.
• After collecting enough data, statistical analysis helps determine key bits.

Differential Cryptanalysis
Definition:
Differential cryptanalysis is a method that studies how differences in input
(plaintext pairs) affect differences in output (ciphertext pairs) under the same
encryption key.
Working:
• Inputs two plaintexts with a known difference (ΔP).
• Observes the corresponding output difference (ΔC).
• Analyzes how input differences propagate through the rounds of
encryption.
• Finds patterns or probabilities that reveal information about the key.

Difference Between Linear and Differential Cryptanalysis :-

Parameter Linear Cryptanalysis Differential Cryptanalysis
Type of Attack Known Plaintext Attack Chosen Plaintext Attack
Uses linear approximations to Analyzes input differences
Core Technique relate plaintext, ciphertext, and and corresponding output
key bits differences
Identify high-probability
Find biased linear expressions
Main Objective differential patterns
that approximate the cipher
through rounds
Probability bias in linear
Mathematical Probability of differential
equations (e.g., P₁ ⊕ C₁ ≈ K
Basis transitions (ΔP → ΔC)
bits)
Pairs of plaintexts with
Input Large set of known plaintext–
specific known differences
Requirement ciphertext pairs
(ΔP)
Typically requires 2⁴³ known Typically requires 2⁴⁷
Data Complexity
plaintexts (for DES) chosen plaintexts (for DES)
Best suited for SPN
Cipher Structure (Substitution-Permutation Best suited for Feistel
Targeted Networks) and some Feistel ciphers and SPNs
networks
Tracing differential patterns
Key Recovery Solving linear approximations
to eliminate incorrect key
Method statistically to guess key bits
guesses
Effective on ciphers with
Effective on ciphers with linear
Strength of Attack weak differential
vulnerabilities
characteristics
One of the original attacks
Used to break 14 rounds of
Famous Usage on DES by Biham and
DES by Mitsuru Matsui
Shamir
Implementation Mathematically less complex, More complex to
Difficulty but needs many samples implement, but very
Parameter Linear Cryptanalysis Differential Cryptanalysis
powerful with right
conditions

# Topic :- Hill Cipher Technique

The Hill Cipher is a classical symmetric cipher that uses linear algebra
concepts—specifically matrix multiplication—for encryption and decryption. It
was invented by Lester S. Hill in 1929 and is known for its use of matrix-based
substitution.

Key Concepts
• Hill cipher works on blocks of letters (block cipher), typically 2x2 or 3x3
matrices.
• It uses modular arithmetic over the alphabet (mod 26 for English
alphabets).
• A key matrix is used for both encryption and decryption.

Working of Hill Cipher

1. Key Generation:
• Choose an invertible n × n matrix as the encryption key (K).
• All operations are done mod 26.
• The matrix must have an inverse modulo 26 for decryption to be possible.
2. Plaintext Preparation:
• Convert the plaintext into blocks of n letters.
• Convert each letter to a number (A=0, B=1, ..., Z=25).
• Arrange each block as a column vector.
3. Encryption:
• Multiply the key matrix (K) by each plaintext vector (P):
Convert the resulting numbers back to letters to get the ciphertext.
4. Decryption:
• Compute the inverse of the key matrix modulo 26
• Multiply each ciphertext vector (C) by K^(-1):
• Convert the result back to letters for plaintext.

Example (no math shown, just idea):

• Plaintext: "HELP"
• Key Matrix (2x2): [[3, 3], [2, 5]]
• Encrypt "HE" and "LP" using matrix multiplication mod 26.
• Result is a ciphertext like "ZEBB".

Advantages:
• Resistant to frequency analysis due to letter grouping.
• Can encrypt multiple letters at once (block cipher).
• Simple to implement using linear algebra.

Disadvantages:
• Key matrix must be invertible mod 26.
• Vulnerable to known-plaintext attack.
• Requires more complex computation compared to simple ciphers.

Applications:
• Mainly educational; not used in modern cryptographic systems.
• Useful for demonstrating the principles of block ciphers and linear
transformations.
# Topic :- Important Differences
Hash and Message Authentication Code
MAC (Message Authentication
Parameter Hash Function
Code)
Ensures both data integrity and
Purpose Ensures data integrity
authenticity
Accepts a message and a secret
Input Accepts a message or data
key
Produces a fixed-size hash Produces a fixed-size
Output
(digest) authentication tag

Yes, requires a shared secret

Key Used? No key involved
key
Verifies that the data has not
Security Verifies that the data has
been altered and is from a
Guarantee not been altered
legitimate sender
Digital signatures, Authentication in
Use Case checksums, password communication protocols (e.g.,
hashing TLS, IPsec)
Common SHA-256, SHA-3, MD5 HMAC (with SHA-256 or SHA-
Algorithms (deprecated) 1), CMAC, UMAC

Susceptible to Yes, since no secret key No (if key is secret and

Forgery? is involved secure)

Collision Yes, to prevent two

Not as crucial, since MAC uses a
Resistance different inputs from
secret key
Needed? producing same hash
Output Depends only on the Depends on both the message
Dependency message and key

Used in Digital Yes, hash functions are

Signature? used before signing
Public Key and Private Key Cryptography
Private Key Cryptography Public Key Cryptography
Parameter
(Symmetric) (Asymmetric)
Single shared secret key for Pair of keys: public key
Key Used both encryption and (shared) and private key (kept
decryption secret)
Key Sharing Key must be securely No secure key exchange
Requirement exchanged beforehand needed for public key
Slower, due to complex math
Encryption Speed Faster and efficient
operations
Secure, but risk if key is More secure for key exchange
Security Level
intercepted and communication
Algorithm
AES, DES, RC4, Blowfish RSA, ECC, ElGamal
Examples
Ensures confidentiality and
Ensures confidentiality if key
Confidentiality enables secure
remains secret
communication
Authentication Provides authentication and
Not inherently built-in
Support digital signatures
Difficult to manage in large
More scalable (each user has
Scalability networks (n(n-1)/2 keys
one key pair)
needed for n users)
Complex in multi-user Easier (only public keys need
Key Management
environments to be distributed)
Secure email (PGP), SSL/TLS
Data encryption at rest,
Use Cases certificates, blockchain, digital
secure channels (e.g., VPNs)
signatures

Substitution and Transposition Cipher

Parameter Substitution Cipher Transposition Cipher
Replaces each letter or group
Rearranges the positions of
Definition of letters with another
characters in the plaintext
letter/symbol
Operation Type Substitutes characters Shuffles positions
Effect on Characters are replaced but Characters are not changed,
Characters position stays the same only position is altered
Character-by-character or Reordering without altering
Basic Principle
block substitution characters
Security Depends on complexity of Depends on complexity of
Dependence substitution mapping rearrangement pattern
Caesar Cipher,
Columnar Transposition,
Examples Monoalphabetic, Playfair,
Rail Fence Cipher
Vigenère
Frequency Vulnerable (same letter Less vulnerable since
Analysis Attack substitution shows pattern) frequency is preserved
Reversed by reversing the Reversed by applying the
Reversibility
substitution mapping inverse of the permutation
Easier to break with Harder to break without
Ease of Breaking
frequency analysis knowledge of key or pattern
Often used in combination
Use in Modern Rare, mainly educational or in
with substitution (e.g., in
Cryptography hybrid ciphers
block ciphers)

# Topic :- Public Key Infrastructure (PKI)

Public key infrastructure or PKI is the governing body behind issuing digital
certificates. It helps to protect confidential data and gives unique identities to
users and systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the private
key to achieve security. The public keys are prone to attacks and thus an intact
infrastructure is needed to maintain them.
Managing Keys in the Cryptosystem:
The security of a cryptosystem relies on its keys. Thus, it is important that we
have a solid key management system in place. The 3 main areas of key
management are as follows:
• A cryptographic key is a piece of data that must be managed by secure
administration.
• It involves managing the key life cycle which is as follows:

• Public key management further requires:

o Keeping the private key secret: Only the owner of a private key is
authorized to use a private key. It should thus remain out of reach of
any other person.
o Assuring the public key: Public keys are in the open domain and can
be publicly accessed. When this extent of public accessibility, it
becomes hard to know if a key is correct and what it will be used for.
The purpose of a public key must be explicitly defined.
PKI or public key infrastructure aims at achieving the assurance of public key.
Public Key Infrastructure:
Public key infrastructure affirms the usage of a public key. PKI identifies a public
key along with its purpose. It usually consists of the following components:
• A digital certificate also called a public key certificate
• Private Key tokens
• Registration authority
 • Certification authority
• CMS or Certification management system
Working on a PKI:
Let us understand the working of PKI in steps.
• PKI and Encryption: The root of PKI involves the use
of cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. The challenge here is – “how do
you know that the public key belongs to the right person or to the person
you think it belongs to?”. There is always a risk of MITM(Man in the
middle). This issue is resolved by a PKI using digital certificates. It gives
identities to keys in order to make the verification of owners easy and
accurate.
• Public Key Certificate or Digital Certificate: Digital certificates are
issued to people and electronic systems to uniquely identify them in the
digital world. Here are a few noteworthy things about a digital certificate.
Digital certificates are also called X.509 certificates. This is because they
are based on the ITU standard X.509.
o The Certification Authority (CA) stores the public key of a user along
with other information about the client in the digital certificate. The
information is signed and a digital signature is also included in the
certificate.
o The affirmation for the public key then thus be retrieved by validating
the signature using the public key of the Certification Authority.
• Certifying Authorities: A CA issues and verifies certificates. This
authority makes sure that the information in a certificate is real and correct
and it also digitally signs the certificate. A CA or Certifying Authority
performs these basic roles:
o Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
o Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a certificate
to the client. Then CA further signs this certificate digitally so that no
changes can be made to the information.
 o Publishing of certificates – The CA publishes the certificates so that
the users can find them. They can do this by either publishing them in
an electronic telephone directory or by sending them out to other
people.
o Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
o Revocation – In case of suspicious behavior of a client or loss of trust
in them, the CA has the power to revoke the digital certificate.
Classes of a Digital Certificate:
A digital certificate can be divided into four broad categories. These are :
• Class 1: These can be obtained by only providing the email address.
• Class 2: These need more personal information.
• Class 3: This first checks the identity of the person making a request.
• Class 4: They are used by organizations and governments.
Process of creation of certificate:
The creation of a certificate takes place as follows:
• Private and public keys are created.
• CA requests identifying attributes of the owner of a private key.
• Public key and attributes are encoded into a CSR or Certificate Signing
Request.
• Key owner signs that CSR to prove the possession of a private key.
• CA signs the certificate after validation.

Applications of PKI:
• SSL/TLS Certificates (HTTPS websites)
• Secure Email (S/MIME)
• Digital Signatures & Documents
• Virtual Private Networks (VPNs)
• Code Signing
Advantages:
• Provides secure communication using encryption.
• Enables authentication through digital certificates.
• Ensures data integrity and non-repudiation.
• Scalable for large networks.
• Centralized trust via Certificate Authorities (CAs).

Disadvantages:
• Complex and costly to implement and maintain.
• Performance overhead due to slower encryption.
• Trust issues if CA is compromised.
• Managing certificate revocation can be challenging.

# Topic :- User Based Authentication

User authentication methods are techniques used to verify the identity of a
user before granting access to systems, applications, or data. They ensure that
only authorized users can access protected resources.
Main Categories of Authentication Methods:
1. Knowledge-Based Authentication (Something the user knows)
• Description: Relies on information that only the user should know.
• Examples:
o Passwords
o PINs
o Security questions
2. Possession-Based Authentication (Something the user has)
• Description: Based on physical objects the user owns.
• Examples:
o OTP tokens (hardware or software)
 o Mobile phones (SMS or authenticator apps)
o Smart cards or USB security keys (e.g., YubiKey)
3. Biometric Authentication (Something the user is)
• Description: Uses unique physical or behavioral characteristics.
• Examples:
o Fingerprint
o Facial recognition
o Retina or iris scan
o Voice recognition
4. Location-Based Authentication (Somewhere the user is)
• Description: Uses geographic or network location as a factor.
• Examples:
o GPS location tracking
o IP address monitoring
o Wi-Fi or Bluetooth proximity
5. Behavior-Based Authentication (Something the user does)
• Description: Tracks behavioral patterns to verify identity.
• Examples:
o Typing rhythm (keystroke dynamics)
o Mouse movement
o Touchscreen gesture patterns

Multi-Factor Authentication (MFA)

• Definition: Combines two or more of the above methods (e.g., password +
OTP).
• Purpose: Stronger security by requiring multiple independent credentials.
# Topic :- Web Security Threats
Web security threats are the risks and vulnerabilities associated with web
applications and the systems they interact with. These threats can compromise
the confidentiality, integrity, and availability of information. To address these
threats, several approaches are used in information security systems. Here's an
overview:
1. Common Web Security Threats
a) SQL Injection
• Attackers exploit vulnerabilities in the web application's database queries
by injecting malicious SQL statements. This can allow unauthorized access,
data manipulation, and even database destruction.
• Defense Approach: Use prepared statements and parameterized queries to
prevent SQL injection.
b) Cross-Site Scripting (XSS)
• Attackers inject malicious scripts into web pages viewed by users. These
scripts can steal cookies, session data, and personal information or spread
malware.
• Defense Approach: Sanitize and escape user input. Use Content Security
Policy (CSP) headers to restrict resources.
c) Cross-Site Request Forgery (CSRF)
• Attackers trick users into performing unwanted actions on a web
application where they are authenticated. This can lead to unauthorized
transactions.
• Defense Approach: Use anti-CSRF tokens to validate requests.
d) Man-in-the-Middle (MitM) Attacks
• Attackers intercept communication between the user and the server to steal
or manipulate sensitive data.
• Defense Approach: Use HTTPS to encrypt data in transit, ensuring secure
communication.
e) Distributed Denial-of-Service (DDoS) Attacks
• Attackers overwhelm a website's server with excessive traffic, causing it to
become unavailable.
 • Defense Approach: Use rate-limiting, Web Application Firewalls (WAFs),
and DDoS mitigation services.
f) Session Hijacking
• Attackers steal a valid user session to gain unauthorized access.
• Defense Approach: Use secure cookies (with the HttpOnly and Secure
flags), implement session expiration, and enable multi-factor authentication
(MFA).
g) Phishing Attacks
• Attackers impersonate trusted entities (via email, websites, or messaging)
to steal login credentials and sensitive information.
• Defense Approach: Educate users on recognizing phishing attempts and
implement email verification.
h) Malware and Ransomware
• Malicious software is used to steal, damage, or lock user data for extortion.
• Defense Approach: Implement endpoint security, regularly update
software, and use malware detection tools.
2. Approaches to Securing Web Applications
a) Authentication and Authorization
• Proper user authentication (e.g., Multi-Factor Authentication) ensures that
only authorized users have access to the application.
• Proper access controls ensure that users can only access resources for
which they have permission.
b) Input Validation and Data Sanitization
• Ensure all user inputs are properly validated before processing. This
prevents malicious data from being executed (e.g., preventing SQL
injection and XSS).
c) Encryption
• Encrypt sensitive data, both in transit (using HTTPS) and at rest, to protect
it from unauthorized access.
d) Regular Security Audits and Penetration Testing
 • Regularly audit your web application's security and conduct penetration
testing to identify vulnerabilities.
e) Web Application Firewalls (WAF)
• A WAF can filter and monitor HTTP traffic between the web application
and the client to detect and block malicious requests.
f) Security Headers
• Use HTTP security headers (like Content Security Policy, X-Content-Type-
Options, X-Frame-Options, etc.) to protect against common vulnerabilities.
g) Patch Management
• Keep software, libraries, and frameworks up to date with the latest security
patches.
h) Secure Development Lifecycle
• Implement security best practices throughout the software development
lifecycle (SDLC). This includes secure coding, code reviews, and security
testing.

# Topic :- Public Key Certification Scheme

A Public Key Certification Scheme is a mechanism that validates the
authenticity of a public key in a public-key cryptosystem. It ensures that a public
key belongs to the entity or individual it claims to represent, preventing
fraudulent or malicious use of public keys. The certification process is essential
for establishing trust in communication between parties, especially in systems
like SSL/TLS for web security or digital signatures for document verification.
Key Concepts of Public Key Certification
1. Public and Private Keys:
o In public-key cryptography, a public key is used for encrypting data
or verifying signatures, and a private key is used for decrypting data
or creating signatures.
o The public key must be authenticated to ensure it belongs to the
claimed entity.
2. Certificate Authorities (CAs):
 o A Certificate Authority (CA) is a trusted organization that issues
digital certificates, which contain a public key and the identity of the
owner.
o The CA's role is to verify the identity of the entity requesting the
certificate before issuing it.
3. Digital Certificates:
o A digital certificate is an electronic document that associates the
identity of an entity with its public key. It includes:
▪ The public key of the entity.
▪ Information about the entity (e.g., name, domain, email).
▪ Information about the certificate (e.g., issue date, expiration
date).
▪ The signature of the Certificate Authority that issued the
certificate, ensuring the certificate's validity.
4. Certification Process:
o Request for a Certificate (CSR): The entity (e.g., a website or
individual) generates a key pair (public and private key) and submits
the public key to a Certificate Authority in a Certificate Signing
Request (CSR).
o Verification by CA: The CA verifies the identity of the entity using
methods like email verification, domain control validation, or legal
identity checks.
o Issuance of Digital Certificate: If the CA's checks are successful, it
issues a digital certificate that associates the public key with the
verified identity. The CA's signature on the certificate provides trust
that the public key belongs to the entity.
5. Public Key Infrastructure (PKI):
o PKI is the overall system and framework that includes the CA, digital
certificates, and other components necessary for managing public key
encryption. It provides tools for:
▪ Issuing and revoking certificates.
 ▪ Maintaining a certificate revocation list (CRL), which lists
certificates that have been revoked by the CA before their
expiration date.
▪ Managing key pairs and certificates.
6. Trust Model:
o Hierarchical Trust Model: In this model, a root CA issues
certificates to intermediate CAs, which in turn issue certificates to end
entities (e.g., users, servers). Each certificate in the chain is signed by
a trusted entity.
o Web of Trust: In this decentralized model, users or entities trust each
other’s keys directly. It's commonly used in systems like PGP (Pretty
Good Privacy).
Structure of a Digital Certificate
A typical digital certificate includes the following fields:
• Version: The version of the X.509 certificate standard (most common
version is 3).
• Serial Number: A unique identifier for the certificate, issued by the CA.
• Signature Algorithm: The algorithm used by the CA to sign the certificate.
• Issuer: The entity that issued the certificate (typically a CA).
• Validity Period: The certificate's start and expiration dates.
• Subject: Information about the entity the certificate is issued to (e.g.,
domain name, organization).
• Public Key: The public key of the entity to which the certificate belongs.
• Extensions: Additional information or features, such as key usage (e.g.,
encryption, digital signature) or Subject Alternative Names (SAN).
• Signature: The CA's digital signature, which can be verified using the CA's
public key.
Uses of Public Key Certification
1. SSL/TLS for Secure Web Communication:
o When you visit a website, the web server presents a certificate
containing its public key to establish a secure HTTPS connection. The
 certificate ensures that the server is legitimate, and the encryption of
the connection is protected.
2. Email Security:
o Public key certificates are used for encrypting and signing emails
(e.g., S/MIME) to ensure confidentiality, authenticity, and integrity of
email communication.
3. Digital Signatures:
o Public key certificates are used for digitally signing documents or
software, allowing recipients to verify the authenticity and integrity of
the signed content.
4. VPN Authentication:
o Certificates are used in virtual private networks (VPNs) to
authenticate both servers and clients, ensuring secure communication
channels.
Public Key Certification Security Considerations
1. Trust in the CA: The security of the certification scheme relies heavily on
the CA. If a CA is compromised, attackers could issue fraudulent
certificates, undermining the trust system.
2. Revocation of Certificates: If a private key is compromised or if an entity
no longer trusts the certificate, the certificate must be revoked. Users can
check the Certificate Revocation List (CRL) or use Online Certificate
Status Protocol (OCSP) to verify the validity of certificates in real-time.
3. Certificate Expiration: Certificates have a set expiration date to limit the
damage from potential key compromise. Regular renewal and revalidation
are necessary for ongoing security.
4. Certificate Pinning: To avoid man-in-the-middle attacks (MitM), some
applications use certificate pinning to associate a certificate with a
particular server, preventing attackers from using a different certificate.

# Topic :- Hyper Text Transfer Protocol (HTTP)

HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to secure
communication over the internet. It is widely used in information security to
protect data transmitted between a user's browser and a web server. HTTPS adds
a layer of security over the standard HTTP (Hypertext Transfer Protocol) by
encrypting the data sent between the client and the server, ensuring
confidentiality, integrity, and authenticity. Here's an in-depth look at HTTPS in
the context of information security:
1. What is HTTPS?
HTTPS is the secure version of HTTP, the protocol used for transmitting web
pages. It uses Transport Layer Security (TLS) (or its predecessor Secure
Sockets Layer, SSL) to encrypt the data exchanged between the client (browser)
and the web server.
• HTTP: Transmits data in plaintext, making it vulnerable to interception,
man-in-the-middle (MitM) attacks, and eavesdropping.
• HTTPS: Uses encryption (typically through SSL/TLS) to protect the data
from interception, ensuring that sensitive information (like passwords,
credit card numbers, etc.) remains confidential.
2. How HTTPS Works
HTTPS relies on a combination of symmetric encryption, asymmetric
encryption, and hashing to secure data.
a) SSL/TLS Handshake Process:
When a client (browser) connects to a server over HTTPS, the following steps
occur:
1. Client Hello: The client sends a "Client Hello" message to the server,
indicating which cryptographic protocols (SSL/TLS versions and cipher
suites) it supports.
2. Server Hello: The server responds with its chosen protocol and cipher
suite, and also sends its digital SSL/TLS certificate. The certificate
contains the server’s public key, which is used in the encryption process.
3. Authentication and Public Key Exchange: The client verifies the server’s
certificate using the Certificate Authority (CA) that issued the certificate. If
the certificate is valid and trusted, the client generates a pre-master secret
(a random value) and encrypts it using the server's public key. Only the
server can decrypt it using its private key.
4. Session Key Generation: Both the client and the server generate the same
session key using the pre-master secret. This session key will be used for
symmetric encryption during the rest of the session.
 5. Secure Communication: Once the session key is established, the client and
server use symmetric encryption to encrypt the data sent between them.
This ensures both confidentiality (no eavesdropping) and integrity (data
cannot be tampered with).
6. Session Closure: After the secure communication ends, both parties can
close the session, and the session keys are discarded.
b) Role of SSL/TLS Certificates:
• Digital Certificate: Issued by a Certificate Authority (CA), a digital
certificate proves the identity of the server. It contains:
o The public key used for encrypting data.
o The server's identity (domain name, organization).
o The signature of the CA, ensuring the certificate is trusted.
• The CA verifies the legitimacy of the entity requesting the certificate
before issuing it, ensuring trust in the server.
3. Why HTTPS is Important in Information Security
a) Confidentiality (Encryption):
• HTTPS encrypts data transmitted between the browser and the web server,
making it unreadable to attackers who might intercept the communication
(e.g., through man-in-the-middle attacks or packet sniffing).
• Sensitive data like passwords, credit card details, and personal information
are protected from unauthorized access.
b) Data Integrity:
• HTTPS ensures the integrity of the data. It uses cryptographic hash
functions and message authentication codes (MACs) to verify that the data
has not been altered during transmission.
• If the data is tampered with during transmission, the receiver can detect the
changes, preventing malicious modifications.
c) Authentication:
• HTTPS helps verify the authenticity of the website or server you're
communicating with. It ensures you're connected to the legitimate server,
not an imposter or malicious site.
 • By using SSL/TLS certificates, the server proves its identity to the client,
which reduces the risk of phishing attacks.
d) Protection Against Man-in-the-Middle (MitM) Attacks:
• In a MitM attack, an attacker intercepts and potentially alters the
communication between the client and the server. HTTPS prevents this by
encrypting the communication, ensuring the data cannot be altered or
viewed by attackers.
e) Preventing Session Hijacking:
• HTTPS protects against session hijacking, where attackers steal session
cookies to impersonate the user. HTTPS encrypts cookies and session data,
making it difficult for attackers to steal or manipulate them.
f) Trust and Reputation:
• Websites that use HTTPS are considered more trustworthy by users.
Modern browsers (like Chrome and Firefox) mark websites without HTTPS
as "Not Secure," which can lead to a loss of credibility.
• HTTPS is essential for SEO (Search Engine Optimization) because search
engines like Google rank HTTPS websites higher than non-secure HTTP
websites.
4. Common Security Vulnerabilities Addressed by HTTPS
• Eavesdropping: HTTPS prevents third parties from listening in on the
communication.
• Data Tampering: HTTPS ensures the integrity of the transmitted data,
protecting against tampering.
• Phishing: HTTPS helps authenticate the identity of websites, reducing the
risk of phishing attacks where fake websites attempt to steal user data.
• Man-in-the-Middle (MitM) Attacks: The encryption and certificate
verification prevent attackers from intercepting and modifying the
communication.
• Cookie Hijacking: By encrypting session cookies, HTTPS prevents
attackers from stealing session tokens.
5. Implementation of HTTPS
To implement HTTPS on a website, the following steps are typically required:
 1. Obtain an SSL/TLS Certificate: This can be done through a Certificate
Authority (CA). Some CAs offer free certificates (e.g., Let’s Encrypt),
while others provide paid certificates with extended validation (EV).
2. Configure the Web Server: The server needs to be configured to support
HTTPS by installing the SSL/TLS certificate and ensuring the server uses
secure protocols and cipher suites.
3. Redirect HTTP to HTTPS: It's important to ensure that all HTTP traffic is
redirected to HTTPS to prevent users from accessing the site over an
insecure connection.
4. Enable HTTP Strict Transport Security (HSTS): HSTS ensures that
browsers only access the website using HTTPS, even if the user tries to
connect via HTTP.
5. Regular Certificate Renewal: SSL/TLS certificates have expiration dates.
They need to be renewed periodically to maintain secure connections.
6. Challenges with HTTPS
• Performance: SSL/TLS encryption can add a small performance overhead
due to the initial handshake and encryption processes. However, with
modern hardware and optimizations (like HTTP/2), the impact is minimal.
• Certificate Management: Managing SSL/TLS certificates and ensuring
they are renewed on time can be a challenge, especially for organizations
with many domains.
• Mixed Content Issues: If a website uses both secure (HTTPS) and non-
secure (HTTP) resources (e.g., images, scripts), it can trigger mixed content
warnings, potentially reducing the site's security.

# Topic :- Elliptic Curve Cryptosystem

ECC, as the name implies, is an asymmetric encryption algorithm that employs
the algebraic architecture of elliptic curves with finite fields.
• Elliptic Curve Cryptography (ECC) is an encryption technology
comparable to RSA that enables public-key encryption.
• While RSA’s security is dependent on huge prime numbers, ECC leverages
the mathematical theory of elliptic curves to achieve the same level of
security with considerably smaller keys.
 • Victor Miller and Neal Koblitz separately proposed elliptic curve ciphers in
the mid-1980s. On a high level, they are analogs of actual public
cryptosystems in which modular arithmetic is substituted by elliptic curve
operations.
Components of Elliptic Curve Cryptography
Below are the components of elliptic curve cryptography:
1. ECC keys:
• Private key: ECC cryptography’s private key creation is as simple as
safely producing a random integer in a specific range, making it highly
quick. Any integer in the field represents a valid ECC private key.
• Public keys: Public keys within ECC are EC points, which are pairs of
integer coordinates x, and y that lie on a curve. Because of its unique
features, EC points can be compressed to a single coordinate + 1 bit (odd or
even). As a result, the compressed public key corresponds to a 256-bit
ECC.
2. Generator Point:
• ECC cryptosystems establish a special pre-defined EC point called
generator point G (base point) for elliptic curves over finite fields, which
can generate any other position in its subgroup over the elliptic curve by
multiplying G from some integer in the range [0…r].
• The number r is referred to as the “ordering” of the cyclic subgroup.
• Elliptic curve subgroups typically contain numerous generator points, but
cryptologists carefully select one of them to generate the entire group (or
subgroup), and is excellent for performance optimizations in calculations.
This is the “G” generator.
Elliptic Curve Cryptography Algorithms
Based on the arithmetic of elliptic curves over finite fields, Elliptic-Curve
Cryptography (ECC) provides numerous sets of algorithms:
Digital signature algorithms:
• Elliptic Curve Digital Signature Algorithm. (ECDSA): ECDSA, or
Elliptic Curve Digital Signature Algorithm, is a more highly complicated
public-key cryptography encryption algorithm. Elliptic curve cryptography
is a type of public key cryptography that uses the algebraic structure of
 elliptic curves with finite fields as its foundation. Elliptic curve
cryptography is primarily used to generate pseudo-random numbers, digital
signatures, and other data.
• Edwards-curve Digital Signature Algorithm (EdDSA): The Edwards-
curve Digital Signature Algorithm (EdDSA) was proposed as a replacement
for the Elliptic Curve Digital Signature Algorithm for performing fast
public-key digital signatures (ECDSA). Its primary benefits for embedded
devices are higher performance and simple, secure implementations.
During a signature, no branch or lookup operations based on the secret
values are performed. Many side-channel attacks are foiled by these
properties.
Encryption algorithms:
• Elliptic Curve Integrated Encryption Scheme (ECIES): ECIES is a
public-key authenticated encryption scheme that uses a KDF (key-
derivation function) to generate a separate Medium Access Control key and
symmetric encryption key from the ECDH shared secret. Because the
ECIES algorithm incorporates a symmetric cipher, it can encrypt any
amount of data. In practice, ECIES is used by standards such as Intelligent
Transportation Systems.
• EC-based ElGamal Elliptic Curve Cryptography: ElGamal Elliptic
Curve Cryptography is the public key cryptography equivalent of ElGamal
encryption schemes that employ the Elliptic Curve Discrete Logarithm
Problem. ElGamal is an asymmetric encryption algorithm that is used to
send messages securely over long distances. Unfortunately, if the encrypted
message is short enough, the algorithm is vulnerable to a Meet in the
Middle attack.
Key Agreement algorithm:
• Elliptic-curve Diffie–Hellman (ECDH): Elliptic-curve Diffie-Hellman
(ECDH) is a key agreement protocol that enables two parties to establish a
shared secret over an insecure channel, each with an elliptic-curve public-
private key pair. This shared secret can be used directly as a key or to
generate another key. Following that, the key, or the derived key, can be
used to encrypt subsequent communications with a symmetric-key cipher.
• Fully Hashed Menezes-Qu-Vanstone(FHMQV): Fully Hashed Menezes-
Qu-Vanstone is an authenticated key agreement protocol based on the
Diffie-Hellman scheme. MQV, like other authenticated Diffie-Hellman
 schemes, protects against an active attacker. The protocol can be adapted to
work in any finite group, most notably elliptic curve groups, in which it is
recognized as elliptic curve MQV (ECMQV).
Application of Elliptic Curve Cryptography
• Diffie-Hellman: The basic public-key cryptosystem suggested for secret
key sharing is the Diffie-Hellman protocol. If A (Alice) and B (Bob)
initially agree on a given curve, field size, and mathematical type. They
then distribute the secret key in the following manner. We can see that all
we need to build the Diffie-Hellman protocol is scalar multiplication.
• Elliptic Curve Digital Signature Algorithm (ECDSA): ECC is one of the
most widely utilized digital signature implementation approaches in
cryptocurrencies. In order to sign transactions, both Bitcoin and Ethereum
use the field inverse multiplication, but also arithmetic multiplication,
inverse function, and modular operation.
• Online application: Moreover, ECC is not limited to cryptocurrencies. It is
an encryption standard that will be utilized by most online apps in the
future due to its reduced key size and efficiency. Most commonly used in
cryptocurrencies such as Bitcoin and Ethereum, along with single-way
encryption of emails, data, and software.
• Blockchain application: The cryptocurrency Bitcoin employs elliptic
curve cryptography. Ethereum 2.0 makes heavy use of elliptic curve pairs
with BLS signatures, as stated in the IETF proposed BLS specification, to
cryptographically ensure that a specific Eth2 validator has really verified a
specific transaction.
ECC vs RSA
Below is the difference between ECC and RSA:

Parameters ECC RSA

ECC is a cryptography RSA cryptography

technique that works just on a algorithm is primarily
Working mathematical model of elliptic based on the prime
algorithm curves. factorization approach.
Parameters ECC RSA

Bandwidth ECC gives significant RSA provides much lesser

savings bandwidth savings over RSA. bandwidth saving than ECC.

Encryption The encryption process takes The encryption process takes

process less time in ECC. more time in RSA.

Decryption The decryption process takes Decryption is faster than

process more time. ECC.

ECC is much safer than RSA

RSA is heading toward the
and is currently in the process
end of its tenure.
Security of adapting.

Types of Security Attacks

• Side-channel attack: Side-channel attacks in elliptic curve cryptography
are caused by unintended information leaking during processing. The
computation of n*P, where n is a positive number and P is a location on the
elliptic curve E, is a critical operation.
• Backdoor attack: Concerns have been made by cryptographic specialists
that the National Security Agency has installed a kleptographic backdoor
into at least one elliptic curve-based pseudo-random generator. According
to one investigation of the potential backdoor, an attacker in possession of
the algorithm’s secret key might access encryption keys provided only 32
bytes of outputs.
• Quantum computing attacks: By calculating discrete logarithms on a
hypothetical quantum computer, Shor’s technique can be used to break
elliptic curve cryptography. The most recent quantum resource estimates
are 2330 qubits and 126 billion Toffoli gates for cracking a curve with only
a 256-bit modulus (128-bit security level).
Benefits of Elliptic Curve Cryptography
 • Fast key generation: ECC cryptography’s key creation is as simple as
securely producing a random integer in a specific range, making it highly
quick. Any integer in the range represents a valid ECC secret key. The
public keys in the ECC are EC points, which are pairs of integer
coordinates x, and y that lie on a curve.
• Smaller key size: Cipher text, signatures, and Elliptic-curve cryptography
(ECC) is a public-key encryption technique based on the algebraic structure
of elliptic curves with finite fields. Compared to non-EC encryption (based
on ordinary Galois fields), ECC allows for fewer keys to guarantee equal
security.
• Low latency: Signatures can be computed in two stages, allowing latency
much lower. By computing signatures in two stages, ECC achieves lower
latency than the inverse throughout. ECC has robust protocols for
authorized key exchange, and the technology has widespread adoption.
• Less computation power: Since the ECC key is shorter the computation
power is also less computational power, ECC offers high security with
faster, shorter keys compared to RSA and take more energy to factor than it
does to calculate an elliptic curve objective function.
• High security: A 256-bit ECC public key ensures comparable security to a
3072-bit RSA public key. With ECC, you may obtain the same level of
security with smaller keys. ECC provides strong security in a world where
mobile phones must do more and more encryption with fewer
computational resources.
Limitations of Elliptic Curve Cryptography
• Large encryption size: ECC increases the size of the encrypted message
significantly more than RSA encryption. The default key length for ECC
private keys is 256 bits, but many different ECC key sizes are conceivable
depending on the curve.
• A more complex: The ECC algorithm is more complete and more difficult
to implement than RSA. Algorithms cost have been computed from the
computation of the elliptic curve operation and finite field operations that
determine the running time of the scalar multiplication integer sub-
decomposition (ISD) method.
• Complex security: Complicated and tricky to implement securely, mainly
the standard curves. If the key size used is large enough, ECC is regarded to
 be highly secure. For internal communications, the US government needs
ECC with a key size of either 256 or 384 bits, depending on the sensitivity
level of the material being communicated.
• Binary curves: Processing of binary curves is costly. Elliptic curve
cryptography (ECC) employs elliptic curves over finite fields Fp (where p
is prime and p > 3) or F2m (where the field size p = 2 m_). This means that
the field is a p x p square matrix, and the points on the curve can only have
integer locations within the field.