Principles of Cryptography and Network Security

UNIT I: Basic Principles

1. Security Goals
Security in cryptography and network security revolves around achieving specific objectives to
ensure data protection and secure communication. The fundamental security goals are:

1. Confidentiality: This ensures that sensitive information is only accessible to authorized users. It
prevents unauthorized access by encrypting data, so even if an attacker intercepts the message, they
cannot understand its contents. Encryption algorithms like AES (Advanced Encryption Standard) help
maintain confidentiality.

2. Integrity: Integrity ensures that data is not altered, modified, or tampered with during
transmission or storage. Even a small change in data should be detectable. Hash functions like SHA
(Secure Hash Algorithm) are used to maintain integrity by generating a fixed-length hash value from
the original data.

3. Availability: This ensures that data and services are accessible when needed. Attacks like
Distributed Denial-of-Service (DDoS) can disrupt service availability by overwhelming a system with
traffic. Security mechanisms like firewalls, redundancy, and load balancing help maintain availability.

4. Authentication: Authentication is the process of verifying the identity of users or devices in a

network. It ensures that only legitimate users can access certain resources. Authentication methods
include passwords, biometrics, digital certificates, and multi-factor authentication (MFA).

5. Non-Repudiation: This prevents an entity from denying their actions. Digital signatures and
cryptographic techniques provide proof that a message was sent and received, preventing fraud or
disputes in transactions.

2. Cryptographic Attacks
Cryptographic systems face various types of attacks that attempt to break encryption and gain
unauthorized access. Some common cryptographic attacks include:

1. Brute Force Attack: This is the simplest type of attack where an attacker tries all possible key
combinations to decrypt an encrypted message. The longer the encryption key, the harder it is to
crack using brute force.

2. Ciphertext-Only Attack (COA): The attacker only has access to the ciphertext (the encrypted
message) and tries to deduce the plaintext (original message) without knowing the encryption key.

3. Known-Plaintext Attack (KPA): The attacker has access to both the plaintext and the
corresponding ciphertext. They analyze this information to derive the encryption key and use it to
decrypt other messages.

4. Chosen-Plaintext Attack (CPA): The attacker can choose plaintext messages and obtain their
corresponding ciphertexts. This helps them understand the encryption process and derive the key

5. Man-in-the-Middle Attack (MITM): In this attack, an attacker secretly intercepts and possibly
alters communication between two parties without them knowing. Secure protocols like TLS
(Transport Layer Security) help prevent MITM attacks.
6. Side-Channel Attacks: These attacks exploit physical properties of cryptographic implementations,
such as power consumption, timing, and electromagnetic leaks, to extract sensitive data.

3. Security Services and Mechanisms

Security services and mechanisms are techniques used to achieve the security goals mentioned
earlier.

Security Services:
1. Confidentiality Service: Ensures that information is only accessible to authorized individuals.
Encryption techniques like AES and RSA are used.

2. Integrity Service: Ensures that data has not been modified. Hash functions like SHA-256 are used.

3. Authentication Service: Verifies the identity of users. Digital certificates and passwords help with
authentication.

4. Access Control: Restricts access to resources based on predefined policies. Role-Based Access
Control (RBAC) is an example.

Security Mechanisms:
1. Encryption: Transforms readable data into an unreadable format using algorithms like AES or RSA.

2. Digital Signatures: Provide authentication and non-repudiation. Used in digital transactions.

3. Firewalls: Monitor and control network traffic to prevent unauthorized access.

4. Intrusion Detection Systems (IDS): Detects malicious activities and alerts administrators.

4. Mathematics of Cryptography
Cryptography relies heavily on mathematical principles. Some fundamental mathematical concepts
used in cryptography include:

1. Modulo Arithmetic: Many encryption algorithms use modular arithmetic, where numbers wrap
around after reaching a certain value (modulus). Example:

10 \mod 3 = 1

3. Discrete Logarithms: Used in asymmetric encryption methods like the Diffie-Hellman key
exchange.

4. Probability and Randomness: Secure encryption relies on randomness in key generation.

5. Symmetric Encryption
Symmetric encryption uses the same key for both encryption and decryption. The key must be kept
secret; otherwise, anyone with access to the key can decrypt the data.

Mathematics of Symmetric Key Cryptography

Symmetric encryption works based on substitution, permutation, and complex mathematical

operations to transform plaintext into ciphertext.
Example:

Let’s say we use a shift cipher where each letter is replaced by the letter three positions ahead in the
alphabet (A → D, B → E, etc.).

Plaintext: HELLO

Encrypted (shifted by 3): KHOOR

While simple ciphers like the shift cipher are easy to break, modern symmetric encryption
algorithms use complex transformations that make decryption without the key extremely difficult.

6. Introduction to Modern Symmetric Key Ciphers

Modern symmetric ciphers include:

1. Block Ciphers: Encrypt fixed-size blocks of data at a time. Example: AES, DES.

2. Stream Ciphers: Encrypt data as a continuous stream. Example: RC4.

7. Data Encryption Standard (DES)

The Data Encryption Standard (DES) was one of the earliest symmetric encryption algorithms
developed by IBM and standardized by NIST in 1977.

Key Features of DES:

Uses a 56-bit key (which is now considered weak due to advances in computing).

Encrypts data in 64-bit blocks.

Uses 16 rounds of encryption with substitution and permutation functions.

Due to its small key size, DES is no longer secure and has been replaced by AES.

8. Advanced Encryption Standard (AES)

AES is the most widely used symmetric encryption algorithm today, adopted as a standard by NIST in
2001.

Key Features of AES:

Supports key sizes of 128, 192, or 256 bits (AES-128, AES-192, AES-256).

Encrypts data in 128-bit blocks.

Uses a series of substitution, permutation, mixing, and key expansion steps.

Resistant to known attacks like brute force and differential cryptanalysis.

AES Encryption Process:

1. Key Expansion: Generates multiple round keys from the original key.

2. Initial Round: Adds the first round key.

3. Main Rounds (10 for AES-128):

SubBytes (substitution using an S-box).

ShiftRows (rows in the matrix are shifted).

MixColumns (mixing operation for diffusion).

AddRoundKey (XOR with round key).

4. Final Round: Same as main rounds but without MixColumns

AES is widely used in applications like SSL/TLS (for secure web browsing), VPNs, and secure
communications.
 UNIT II: Asymmetric Encryption
Asymmetric encryption, also known as public-key cryptography, uses two different keys:

Public Key (used for encryption)

Private Key (used for decryption

This eliminates the key distribution problem of symmetric encryption since the public key can be
shared openly, while only the private key holder can decrypt the message.

1. Mathematics of Asymmetric Key Cryptography

Asymmetric encryption relies on complex mathematical problems that are computationally hard to
solve. Some fundamental concepts include:

a) Prime Numbers

Prime numbers play a key role in asymmetric encryption. A prime number is a number that has only
two divisors: 1 and itself. Examples: 2, 3, 5, 7, 11, 13, 17...

b) Primality Testing

To generate secure encryption keys, cryptographic systems must check whether a number is prime.
Some common primality testing algorithms are:

Trial Division (checks divisibility by smaller numbers)

Fermat’s Primality Test

Miller-Rabin Test (probabilistic but efficient)

c) Factorization

Many encryption systems, such as RSA, rely on the fact that factoring a large number into two prime
factors is computationally hard.

For example, if you are given N = 91, finding that N = 7 × 13 is easy. But for a 2048-bit number, it
would take thousands of years to factor with current technology.

2. Asymmetric Key Cryptography

a) RSA Cryptosystem

The Rivest-Shamir-Adleman (RSA) algorithm is the most widely used public-key encryption system. It
is based on the difficulty of factoring large prime numbers.

RSA Key Generation:

1. Select two large prime numbers: p and q

2. Compute N = p × q (this is the public modulus)

3. Compute ϕ(N) = (p - 1) × (q - 1) (Euler’s totient function)

4. Choose e such that 1 < e < ϕ(N) and gcd(e, ϕ(N)) = 1

5. Compute d, the modular inverse of e mod ϕ(N) (i.e., d × e ≡ 1 mod ϕ(N))

6. Public Key = (e, N), Private Key = (d, N)

RSA Encryption:

Ciphertext C = M^e mod N

RSA Decryption:

Plaintext M = C^d mod N

Example:

Choose p = 3, q = 11 → N = 3 × 11 = 33

ϕ(N) = (3 - 1) × (11 - 1) = 2 × 10 = 20

Choose e = 7 (must be co-prime with 20)

Compute d such that (d × 7) mod 20 = 1, so d = 3

Public key: (7, 33), Private key: (3, 33)

Encrypt M = 5 → C = 5^7 mod 33 = 5,625 mod 33 = 14

Decrypt C = 14 → M = 14^3 mod 33 = 5 (retrieves original message

b) Rabin Cryptosystem

The Rabin cryptosystem is similar to RSA but is based on the difficulty of computing square roots
modulo N.

Key Steps:

1. Choose two large prime numbers p and q

2. Compute N = p × q

3. Encryption: C = M² mod N

4. Decryption: Finding the square root of C mod N is hard, which makes Rabin encryption highly
secure.

c) ElGamal Cryptosystem

ElGamal encryption is based on the Discrete Logarithm Problem, which is computationally difficult.

Key Generation:

1. Choose a prime p and a generator g

2. Select a private key x, where 1 < x < p

3. Compute public key y = g^x mod p

4. Public Key = (p, g, y), Private Key = x

Encryption:

1. Choose a random integer k

2. Compute C1 = g^k mod p

3. Compute C2 = M × y^k mod p

4. Ciphertext = (C1, C2)

Decryption:

Plaintext M = C2 / (C1^x mod p) mod p

d) Elliptic Curve Cryptosystem (ECC)

ECC is an advanced public-key cryptosystem that offers strong security with shorter key lengths. It is
based on the mathematics of elliptic curves.

Advantages of ECC:

Requires smaller key sizes compared to RSA for the same level of security

More efficient and faster than RSA

Commonly used in SSL/TLS encryption

Example of ECC Equation:

An elliptic curve is defined as:

y^2 = x^3 + ax + b

Elliptic Curve Diffie-

Hellman (ECDH) is widely used for secure key exchange.

 UNIT III: Cryptographic Hash Functions and Digital Signatures
1. Cryptographic Hash Functions
A cryptographic hash function is a mathematical algorithm that transforms an input (message) into a
fixed-size string of bytes, known as the hash value or digest.

Characteristics of a Good Hash Function

1. Deterministic: The same input will always produce the same output.

2. Fast Computation: The hash should be generated quickly.

3. Pre-Image Resistance: Given a hash value, it should be computationally hard to determine the
original input.

4. Small Change in Input → Large Change in Output: Also known as the avalanche effect.

5. Collision Resistance: It should be hard to find two different inputs with the same hash value.

2. Applications of Cryptographic Hash Functions

1. Password Storage: Instead of storing actual passwords, systems store their hashed versions for
security.

2. Data Integrity Checks: Hashes are used in digital signatures to verify that data has not been
altered.

3. Blockchain Technology: Cryptographic hash functions are the backbone of blockchain security.

4. Message Authentication Codes (MACs): Used in verifying message authenticity.

5. Digital Signatures: Hashes help generate secure digital signatures.

3. Simple Hash Functions

A simple hash function takes an input and applies mathematical operations to produce a hash.

Example: Modulo-Based Hash Function

If we have a message M = 12345, we can define a hash function as:

H(M) = M \mod 97 H(12345) = 12345 \mod 97 = 24

Though simple, such functions are weak because they do not meet collision resistance and security
requirements.

4. Secure Hash Functions Based on Cipher Block Chaining (CBC)

CBC-based hash functions use block ciphers (like AES or DES) to create secure hashes. The message is
processed block by block, and each block's hash depends on the previous one, preventing
tampering.

5. Secure Hash Algorithm (SHA) Family

SHA is a widely used cryptographic hash function family, developed by NIST.

SHA Variants:
1. SHA-1 (160-bit output, insecure) – No longer recommended due to vulnerabilities.

2.SHA-2 Family: Includes SHA-224, SHA-256, SHA-384, and SHA-512.

SHA-256: Produces a 256-bit (32-byte) hash and is widely used in security protocols.

3. SHA-3: The latest standard, based on the Keccak algorithm, offering improved security over SHA-2.

Example of SHA-256 Hash:

Plaintext: "Hello"

SHA-256 Hash:

185F8DB32271FE25F561A6FC938B2E264306EC304EDA518007D1764826381969

6. Digital Signatures
A digital signature is a cryptographic mechanism that verifies the authenticity and integrity of digital
messages or documents. It provides:

1. Authentication: Confirms the sender's identity.

2. Integrity: Ensures the message has not been altered.

3. Non-Repudiation: The sender cannot deny sending the message.

How Digital Signatures Work:

1. Hashing: The message is first hashed using a hash function (SHA-256, SHA-3).

2. Encryption with Private Key: The sender encrypts the hash using their private key (e.g., using RSA).

3. Signature Transmission: The digital signature (encrypted hash) is sent along with the message.

4. Verification: The recipient:

Hashes the received message

Decrypts the signature using the sender’s public key

Compares both hashes; if they match, the message is authentic.

7. Digital Signature Algorithms

a) RSA Digital Signatures

Uses RSA encryption to sign and verify messages.

Secure but computationally expensive

b) Digital Signature Algorithm (DSA)

A government standard for digital signatures.

Uses modular exponentiation and discrete logarithms.

c) Elliptic Curve Digital Signature Algorithm (ECDSA)

A more efficient version of DSA using elliptic curve cryptography