Cryptography & Network Security

BTAIOE604B
Examination Scheme

Theory
CA MSE ESE Total

20 20 60 100
1.1What is computer security?
• Computer security basically is the protection of computer systems and
information from harm, theft, and unauthorized use. It is the process
of preventing and detecting unauthorized use of your computer
system.

OR
• Computer security can be defined as controls that are put in place to
provide confidentiality, integrity, and availability for all components of
computer systems.

• There are various types of computer security which is widely used to

protect the valuable information of an organization.
1.2 Types of Computer Security:
• One way to ascertain the similarities and differences among Computer Security is
by asking what is being secured.

1. Information security: It is securing information from unauthorized access,

modification & deletion.

2. Application Security: It is securing an application by building security

features to prevent from Cyber Threats such as SQL injection, DoS attacks, data
breaches and etc.

3. Computer Security : It means securing a standalone machine by keeping it

updated and patched.

4. Network Security: It is by securing both the software and hardware

technologies.

5. Cyber security: It is defined as protecting computer systems, which

communicate over the computer networks
1.3 Need of Computer Security:
• Computer security is important because it guarantees to safe processing and
storage of business data, healthcare and sensitive information. Cyber
security provides the confidentiality, integrity and availability for all components of
a computer system.

• Here are reasons why is computer security important:

1. To Protect Personal Information.

2. To Protect Organization properties.

3. To Prevent from Data theft.

4. To Prevent Viruses and Malware.

5. To Stop Unauthorized Access.

1.3 Need of Computer Security: Continue….
1. To Protect Personal Information
• To prevent from cyber security risk you have to protect your personal information. IT
security is the first prime issue to protect your personal and others information. You can
keep your information secure using the following tips:
• Use an Antivirus Software
• Update your Computer operating system
• Use strong and smart password
• Backup your sensitive Data
• Lock your computer for safety
• Avoid Phishing Emails

2. To Protect Organization Properties

• It is very important to ensure the organization’s data because every organization has
many sensitive assets and information. So, without computer or IT security you can’t
guarantee the security of organization properties.
1.3 Need of Computer Security: Continue….
3. To Prevent from Data theft

• Data theft is act of stealing sensitive information such as bank account details,
credit card information, passwords, and documents which stored on computers,
servers, or other devices. The most common reasons of data breaches are as
follows:

• Weak and stolen credentials

• Malicious insiders

• Application vulnerabilities and

• Human Error

• So, prevent from data theft you have to ensure that your device is secured by
endpoint security, lock down your system, identify critical data and use
authentication.
1.3 Need of Computer Security: Continue….
4. To Prevent Viruses and Malware
• Computer security is also important to protect from computer viruses and
malware. A computer virus or malware can corrupt or delete your sensitive data,
damage your hard disk and it spreads from one computer to another using email
program and others. So, you have to protect your computer from viruses and
malware using following these tips:

• Keep your software up to date

• Use professional antivirus software

• Use a strong password

• Don’t click suspicious emails links

• Back up your computer data

• Browse only trusted and secured websites

1.3 Need of Computer Security: Continue….
5. To Stop Unauthorized Access
• Computer Security helps to preventing and detecting unauthorized access of
your computer.

• If hackers can get access your computer then they gain control your all sensitive
information. In modern times, hackers are very smart and they will try to get
access your computer system anyway without your acknowledgement.

• They can serious impact on your business or professions. So, security is important
for us in order to stop or prevent from unauthorized users.
1.4 Principles of Computer Security:
• It is important to understand Security principles in order to manage the
information security of any system.

• Security principles are the building blocks to identify the type of attack
and solution for that.

• These are the set of standards that are designed to minimize the
vulnerability of systems and services to attackers who may obtain
unauthorized access to sensitive data and misuse it.

• Following are the principles of Security:

1.4 Principles of Computer Security: Continue….
1. Confidentiality:
• The confidentiality principle of security states that only their intended sender and
receiver should be able to access messages, if an unauthorized person gets access
to this message then the confidentiality gets compromised.

• For example, suppose user X wants to send a message to user Y, and X does not
want some else to get access to this message, or if it gets access, he/she does not
come to know about the details. But if user Z somehow gets access to this secret
message, which is not desired, then the purpose of this confidentiality gets fail.

• This leads to the interception. i.e. if user Z access the secret message or email sent
by user X to Y without permission of X and Y, then it is called an interception.
Interception causes loss of message confidentiality.
1.4 Principles of Computer Security: Continue….
2. Authentication:
• The authentication principle of security establishes proof of identity, it ensures
that the origin of a document or electronic message is correctly identified. For
example suppose user Z sends a message to user Y, however, the trouble is that
user Z posed as user X while sending a message to user Y. How would user Y know
that message comes from Z, not X. This leads to the fabrication attack. For example

• The attacker can act as user X and sends fund transfer request( from X’ account to
attacker account) to a bank, and the bank will transfer the amount as requested
from X’s account to attacker, as banks think fund transfer request comes from user
X. Fabrication is possible in absence of proper authentication mechanism.
1.4 Principles of Computer Security: Continue….
3. Integrity:
• The integrity principle of security states that the message should not be
altered.

• In other words, we can say that, when the content of the message changes
after the sender sends it, but before it reaches the intended receiver, we
can say that integrity of the message is lost.

• For example, suppose user X sends a message to User Y, and attacker Z

somehow gets access to this message during transmission and changes
the content of the message and then sends it to user Y.

• User Y and User X does not have any knowledge that the content of the
message was changed after user X send it to Y. This leads to a
modification. Modification causes loss of message integrity.
1.4 Principles of Computer Security: Continue….
4. Non-repudiation:
• Non-repudiation principle of security does not allow the sender of a message to
refute(reject) the claim of not sending that message.

• There are some situations where the user sends a message and later on refuses
that he/she had sent that message.

• For example, user X sends requests to the bank for fund transfer over the internet.
After the bank performs fund transfer based on user X request, User X cannot
claim that he/she never sent the fund transfer request to the bank. This principle
of security defeats such possibilities of denying something after having done it.
1.4 Principles of Computer Security: Continue….
5. Access control
• Access control principles of security determine who should be able to access what.
i.e. we can specify that what users can access which functions,

• for example, we can specify that user X can view the database record but cannot
update them, but user Y can access both, can view record, and can update them.
This principle is broadly related to two areas – role management and rule
management where role management concentrates on the user side. i.e. which
user can do what and rule management concentrate on the resources side i.e.
which resource is available.

• Based on this matrix is prepared, which lists the user against q list of items they
can access. The access control list is a subset of the access control matrix.
1.4 Principles of Computer Security: Continue….
6. Availability:
• The availability principle of security states that resources should be available to the
authorized person at all times.

• For example, because of the intentional action of another unauthorized user Z, an

authorized user x may not be able to contact server Y, this leads to an interruption
attack, interruption puts the availability of resources in danger.

• A real-life example of this could be, suppose attacker or unauthorized person Z

tries to access the FB Account of user X, as User Z does not know the password of
user X, he/she tries to log in to the X’s account using a random password. after
attempting maxim limit for the password, if it is not correct then X’s account will
be blocked, therefore because of unauthorized person Z, user X could not access
his account.
1.4 Principles of Computer Security: Continue….
7. Ethical and legal issues:
• Ethical issues in the security system are classified into the following categories

• Privacy: It deals with the individual’s right to access the personal information

• Accuracy: It deals with the responsibility of authentication, fidelity, and accuracy

of information

• Property: It deals with the owner of the information

• Accessibility: It deals with what information does an organization has the right to
collect.
1.5 Security Approaches:
• Information security is the set of procedures to protect information from
disruption, misuse, destruction, disclosure, modification, or unauthorized access.

• There are two approaches discussed as follows −

1. Bottom-Up Approach
• The responsibility of the system administrator, cyber engineer, or network security
professional does not include top-level management positions.

• The main duty of such individuals is to secure the information system by using
their expertise, knowledge, education, and training to build a highly secure model.

• Advantages of the Bottom-up Approach:

 The individual or team addresses the complex security of the information system
using their expertise. The company threat is identified to mitigate(reduce) the
possible potential threat.
1.5 Security Approaches: Continue…..
 The existing team or individual is assigned instead of new hire which is a way to
save time, and money in a complex plan. It is a great way to use available valuable
resources.

• Disadvantages of the Bottom-up Approach

• The strategies are not assisted by top-level management or expert and also
incorporation would have thoroughness or longevity.
• The top-level management collaboration gives a wide vantage(advantage) point
using company standards, concerns, resources, etc.

2. Top-Up Approach:
• The approach is created, initiated, or implemented by top-level management. This
approach implements data security by instruction procedures, creating an
information security policy, and following procedures.
• The priority and liability of project activities are taken by top-level management.
• The top-level managers take help from other professionals in the InfoSec system.
1.5 Security Approaches: Continue…..
 The existing team or individual is assigned instead of new hire which is a way to
save time, and money in a complex plan. It is a great way to use available valuable
resources.

• Disadvantages of the Bottom-up Approach

• The strategies are not assisted by top-level management or expert and also
incorporation would have thoroughness or longevity.
• The top-level management collaboration gives a wide vantage(advantage) point
using company standards, concerns, resources, etc.

2. Top-Up Approach:
• The approach is created, initiated, or implemented by top-level management. This
approach implements data security by instruction procedures, creating an
information security policy, and following procedures.
• The priority and liability of project activities are taken by top-level management.
• The top-level managers take help from other professionals in the InfoSec system.
1.5 Security Approaches: Continue…..
• Advantages of the Top-up Approach:
 The top-up approach is more efficient than the bottom-up approach.

 The company’s management level is more powerful for protecting data than an
individual or team considering company-wide priority.

 Each problem is unique and vulnerabilities exist in every department or office.

1.6 Types of Attacks:
• What is Attack?

• An attack is an information security threat that involves an attempt to

obtain, alter, destroy, remove, implant or reveal information without
authorized access or permission.

• It happens to both individuals and organizations.

• Types of Attacks:
• Attacks can be grouped into two types:

1. Active Attack

2. Passive Attack
1. Active Attack:
• An Active attack attempts to alter system resources or affect their operations.

• Active attacks involve some modification of the data stream or the creation of false
statements.

• Active attacks involve an attacker intentionally altering or destroying data, or

disrupting the normal operation of a system.

• Types of active attacks are as follows:

a. Masquerade

b. Modification of messages

c. Repudiation

d. Replay

e. Denial of Service
2. Passive Attack:
• A Passive attack attempts to learn or make use of information from the system but
does not affect system resources.

• Passive Attacks are in the nature of eavesdropping on or monitoring transmission.

• The goal of the opponent is to obtain information that is being transmitted.

Passive attacks involve an attacker passively monitoring or collecting data without
altering or destroying it. Examples of passive attacks include eavesdropping, where
an attacker listens in on network traffic to collect sensitive information, and
sniffing, where an attacker captures and analyzes data packets to steal sensitive
information.

• Types of Passive attacks are as follows:

• The release of message content

• Traffic analysis
1.6.1. Types of Active Attacks:
1. Masquerade /Interruption
• A masquerade attack takes place when one entity pretends to be a different entity.

• A Masquerade attack involves one of the other forms of active attacks.

Masquerade attack may be performed using the stolen passwords and logins, with
the aid of using finding gaps in programs, or with the aid of using locating a
manner across the authentication process. Fig. Masquerade Attack
2 Modification of messages –
• It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect.

• Modification is an attack on the integrity of the original data.

• It basically means that unauthorized parties not only gain access to data but also
spoof the data by triggering denial-of-service attacks, such as altering transmitted
data packets or flooding the network with fake data.

• Manufacturing is an attack on authentication.

• For example, a message meaning “Allow JOHN to read confidential file X” is

modified as “Allow Smith to read confidential file X”.
Figure: Modification of messages
3. Repudiation:
• This attack occurs when the network is not completely secured or the login control
has been tampered with.

• With this attack, the author’s information can be changed by actions of a malicious
user in order to save false data in log files, up to the general manipulation of data
on behalf of others, similar to the spoofing of e-mail messages.

4. Replay :
• It involves the passive capture of a message and its subsequent transmission to
produce an authorized effect.

• In this attack, the basic aim of the attacker is to save a copy of the data originally
present on that particular network and later on use this data for personal uses.
Once the data is corrupted or leaked it is insecure and unsafe for the users.
5. Denial of Service Attack:
• Denial of Service (DoS) is a cyber-attack on an individual Computer or Website
with the intent to deny services to intended users.

• Their purpose is to disrupt an organization’s network operations by denying access

to its users.

• Denial of service is typically accomplished by flooding the targeted machine or

resource with surplus requests in an attempt to overload systems and prevent
some or all legitimate requests from being fulfilled.
For example, if a bank website can handle 10 people a second clicking the Login
button, an attacker only has to send 10 fake requests per second to make it so no
legitimate users can login.

• DoS attacks exploit various weaknesses in computer network technologies. They

may target servers, network routers, or network communication links.

• They can cause computers and routers to crash and links to slow down.
5. Denial of Service Attack: Continue……

Figure: Denial of Service.

5. Denial of Service Attack: Continue…..
• Changing permissions or breaking authorization logic to prevent users from logging
into a system.

• One common example involves triggering a rapid series of false login attempts that
lockout accounts from being able to log in.

• Deleting or interfering with specific critical applications or services to prevent their

normal operation (even if the system and network overall are functional).

• DoS attacks can cause the following problems:

1. Ineffective services

2. Inaccessible services

3. Interruption of network traffic

4. Connection interference
5. Denial of Service Attack: Continue…..
• The most famous DoS technique is 1) Ping of Death.

2) Flooding.

1) Ping of Death:
• The Ping of Death attack works by generating and sending special network
messages (specifically, ICMP packets of non-standard sizes) that cause problems
for systems that receive them.

• In the early days of the Web, this attack could cause unprotected Internet servers
to crash quickly.

2) Flooding:
• Flooding a network with useless activity so that genuine traffic cannot get
through. The TCP/IP SYN and smurf attacks are two common examples.

• Remotely overloading a system’s CPU so that valid requests cannot be processed.

1.4.2. Types of Passive Attacks:
1. The release of message content –
• Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information.

• We would like to prevent an opponent from learning the contents of these

transmissions.

• Figure : Passive Attack.

2. Traffic analysis:
• Suppose that we had a way of masking (encryption) information, so that the
attacker even if captured the message could not extract any information from the
message.

• The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged.

• This information might be useful in guessing the nature of the communication that
was taking place.

• Figure: Traffic Analysis

1.7 Security Services:
• A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization.

• These services are intended to counter security attacks, and they make use of one
or more security mechanisms to provide the service.

• Following are the five categories of these services:

•
1.7 Security Services: Continue…….
1. Authentication: The assurance that the communicating entity is the one that it
claims to be.

a) Peer Entity Authentication: Used in association with a logical connection to

provide confidence in the identity of the entities connected.

b) Data-Origin Authentication: In a connectionless transfer, provides assurance

that the source of received data is as claimed.

2. Data Confidentiality: Protects data from unauthorized disclosure.

3. Access Control: The prevention of unauthorized use of a resource (i.e., this

service controls who can have access to a resource, under what conditions access
can occur, and what those accessing the resource are allowed to do).

4. Data Integrity: The assurance that data received are exactly as sent by an
authorized entity (i.e., contain no modification, insertion, deletion, or replay).
1.7 Security Services: Continue…….
5. Non-repudiation: Protects against denial by one of the entities involved in a
communication of having participated in all or part of the communication.

a) Proof of Origin: Proof that the message was sent by the specified party.

b) Proof of Delivery: Proof that the message was received by the specified party.
1.8 Security Mechanisms:
• A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack.

• The mechanisms are divided into those that are implemented in a specific protocol
layer, such as TCP or an application-layer protocol.
1.8 Security Mechanisms: Continue……
1. Encipherment: Encipherment is hiding or covering data and can provide
confidentiality.

• It makes use of mathematical algorithms to transform data into a form that is not

readily intelligible.

• The transformation and subsequent recovery of the data depend on an algorithm

and zero or more encryption keys. Cryptography and Steganography techniques

are used for enciphering.

2. Data integrity: The data integrity mechanism appends a short check value to
the data which is created by a specific process from the data itself.

• The receiver receives the data and the check value. The receiver then creates a

new check value from the received data and compares the newly created check

value with the one received.

1.8 Security Mechanisms: Continue……
• If the two check values match, the integrity of data is being preserved.

3. Digital Signature: A digital signature is a way by which the sender can

electronically sign the data and the receiver can electronically verify it.

• The sender uses a process in which the sender owns a private key related to the

public key that he or she has announced publicly.

• The receiver uses the sender's public key to prove the message is indeed signed by

the sender who claims to have sent the message.

4. Authentication exchange: A mechanism intended to ensure the identity of an

entity by means of information exchange.

• The two entities exchange some messages to prove their identity to each other.

• For example the three-way handshake in TCP.

1.8 Security Mechanisms: Continue……
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.

6. Routing control: Enables selection of particular physically secure routes for

certain data and allows routing changes which means selecting and continuously
changing different available routes between the sender and the receiver to
prevent the attacker from traffic analysis on a particular route.

7. Notarization: The use of a trusted third party to control the communication

between the two parties. It prevents repudiation. The receiver involves a trusted
third party to store the request to prevent the sender from later denying that he or
she has made such a request.

8. Access Control: A variety of mechanisms are used to enforce access rights to

resources/data owned by a system, for example, PINS, and passwords.
1.8 Security Mechanisms: Continue……
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.

6. Routing control: Enables selection of particular physically secure routes for

certain data and allows routing changes which means selecting and continuously
changing different available routes between the sender and the receiver to
prevent the attacker from traffic analysis on a particular route.

7. Notarization: The use of a trusted third party to control the communication

between the two parties. It prevents repudiation. The receiver involves a trusted
third party to store the request to prevent the sender from later denying that he or
she has made such a request.

8. Access Control: A variety of mechanisms are used to enforce access rights to

resources/data owned by a system, for example, PINS, and passwords.
1.9 Cryptography Concepts:
1.9.1 Plain text:
• Plain text can refer to anything which humans can understand and/or relate to.
• This may be as simple as English sentences, a script, or Java code. If you can make
sense of what is written, then it is in plaintext.

1.9.2 Cipher text:

• Cipher text or encrypted text, is a series of randomized letters and numbers which
humans cannot make any sense of.
• An encryption algorithm takes a plaintext message, runs the algorithm on the
plaintext, and produces a cipher text. The cipher text can be reversed through the
process of decryption, to produce the original plaintext.
• Example: We will encrypt a sentence using Caesar Cipher. The key is 7, which
means the letter a becomes h.
• Plaintext: This is a plaintext.
• Ciphertext: Aopz pz h wshpualea.
1.9.3 Cryptography and Cryptology:
• Cryptography is the study of conversion of plain text(readable format) to cipher
text(non-readable format) i.e. encryption. It is also called the study of encryption.

• Cryptology, on the other hand, is the study of the conversion of plain text to
cipher text and vice versa. It is also called the study of encryption and
decryption.

• Cryptology is the parent of Cryptography.

1.9.4 Difference between Cryptography and Cryptology:

Sr
No. Cryptography Cryptology

Cryptography is the process of Cryptology Is the process of

1. conversion of plain text to cipher conversion of plain text to cipher
text. text and vice versa.

It is also called the study of It is also called the study of

2.
encryption encryption and decryption.

It takes place on the sender and

3. It takes place on the sender side
receiver side

In Cryptology, both sender and

In Cryptography, sender sends the
4. receiver send messages to each
message to receiver.
other.

Cryptography can be seen as the Cryptology can be seen as the

5.
child of Cryptology parent of Cryptography
1.9.5 Cryptoanalysis:

• Cryptanalysis is the study of methods for obtaining the meaning of encrypted

information, without access to the secret information that is typically required to
do so.
• Typically, this involves knowing how the system works and finding a secret key.
• Cryptanalysis is also referred to as code breaking or cracking the code. The cipher
text is generally the easiest part of a cryptosystem to obtain and, therefore, is an
important part of cryptanalysis.
• Depending on what information is available and what type of cipher is being
analyzed, cryptanalysts can follow one or more attack models to crack a cipher.
• Substitution cipher
• Transposition cipher
• Polyalphabetic Substitution cipher
• Permutation Cipher
1.9.6 Encryption and Decryption:
• Encryption is the process of converting normal message (plaintext) into
meaningless message (Cipher text).

• Decryption is the process of converting meaningless message (Cipher text) into its
original form (Plain text).
1.9.7 Difference between Encryption and Decryption:
Sr.NO Encryption Decryption

Encryption is the process of converting

Decryption is the process of converting
1. normal message into meaningless
meaningless message into its original form.
message.

Encryption is the process which take place Decryption is the process which take place
2.
at sender’s end. at receiver’s end.

Its major task is to convert the plain text Its main task is to convert the cipher text
3.
into cipher text. into plain text.

Any message can be encrypted with either The encrypted message can be decrypted
4.
secret key or public key. with either secret key or private key.

In decryption process, receiver receives the

In encryption process, sender sends the
5. information(Cipher text) and convert into
data to receiver after encrypted it.
plain text.
1.10 Substitution Techniques in Cryptography:
• Substitution technique is a classical encryption technique where the characters
present in the original message are replaced by the other characters or numbers
or by symbols.
• If the plain text (original message) is considered as the string of bits, then the
substitution technique would replace bit pattern of plain text with the bit pattern
of cipher text.

• Substitution Technique:

• Caesar Cipher
• Monoalphabetic Cipher
• Playfair Cipher
• Hill Cipher
• Polyalphabetic Cipher
• One-Time Pad
•
1.10.1 Caesar Cipher:
• This the simplest substitution cipher by Julius Caesar. In this substitution
technique, to encrypt the plain text, each alphabet of the plain text is replaced by
the alphabet three places further it. And to decrypt the cipher text each alphabet
of cipher text is replaced by the alphabet three places before it.

• Let us take a simple example:

• Plain Text: meet me tomorrow

• Cipher Text: phhw ph wrpruurz

• Look at the example above, we have replaced, ‘m’ with ‘p’ which occur three
places after, ‘m’. Similarly, ‘e’ is replaced with ‘h’ which occurs in three places after
‘e’.

• If we have to replace the letter ‘z’ then the next three alphabets counted after ‘z’
will be ‘a’ ‘b’ ‘c’. So, while counting further three alphabets if ‘z’ occurs it circularly
follows ‘a’.
1.10.1 Caesar Cipher: Continue…..
• On receiving the cipher text, the receiver who also knows the secret shift,
positions his sliding ruler underneath the cipher text alphabet and slides it to
RIGHT by the agreed shift number, 3 in this case.

• He then replaces the cipher text letter by the plaintext letter on the sliding ruler
underneath. Hence the cipher text “phhw ph wrpruurz” is decrypted to “meet me
tomorrow”.

To decrypt
•Ciphe A B C aD message
E F G H encoded
I J with
K L aMShift
N of
O 3,P generate
Q R S the
T plain
U Vtext
W alphabet
X Y Z
r text
by using a shift of ‘-3’ as shown below:
Plain X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
text
1.10.1 Caesar Cipher: Continue…..
• The encryption can also be represented using modular arithmetic by first
transforming the letters into numbers, according to scheme, A=0, B=1, C=2,..,Z=25.

• Encryption of a letter x by a shift n can be described mathematically as,

En(x) = (x + n) mod 26

• Decryption is performed similarly,

Dn(x) = (x - n) mod 26

• Drawback of Caesar Cipher:

• If the hacker knows that the Caesar cipher is used then to perform brute force
cryptanalysis, he has only to try 26 possible keys to decrypt the plain text.
The hacker is also aware of the encryption and decryption algorithm.

•
1.10.2 Modified Caesar Cipher:
• In Modified Caesar Cipher the original plain text alphabets may not necessarily be
three places down the line, but instead can be any places down the line.

Example : Alphabet A in the plain text would not necessarily be replaced by D.

• It can be replaced by any valid alphabet i.e by E or F or by G and so on. Once the
replacement scheme is decided, it would be constant and will be used for all the
other alphabets in that message.

• So for each alphabet in string we have 25 possibilities of replacement.

• An attack on cipher text message, wherein the attacker attempts to use all possible
permutations and combinations is known as a Brute-force attack.
1.10.3 Monoalphabetic Cipher:
• Monoalphabetic cipher is a type of encryption technique in cryptography where
each character of the plain text is mapped to another fixed character of the cipher
text.

• Monoalphabetic cipher is a type of simple substitution cipher.

• The relationship between the plain text character and the cipher text character is
one-to-one.

1. Additive Cipher: Additive cipher is a type of monoalphabetic cipher where every

character of plain text is mapped to some other character in the cipher text depending
on the value of the key being used.

• For example: If the plain text has a character 'a' and the value of the key is 5, then
'a' will be substituted with 'f' because 'f' is 5 characters from 'a' as per the key used
for the additive monoalphabetic cipher process.

• The mathematical representation of the additive cipher is:

1.10.3 Monoalphabetic Cipher: Continue…….

• Encryption process: The formula for encryption of plain text to cipher text in
additive monoalphabetic cipher is: C=(P+k) mod 26,

• Here, P is the character in plain text, k is the key being used for defining the
encryption process, and C is the required cipher text.

• Decryption process: The formula for the decryption process of cipher text to
plain text in additive cipher is: P=(C−k) mod 26

• Here, P is the plain text, C is the cipher text from which we need to convert to
plain text and k is the key.

• For example, if the plain text is: 'this is encryption.' with the key being 4, then
the cipher text becomes: 'xlmw mw irgvctxmsr'.
1.10.3 Monoalphabetic Cipher: Continue……..

2. Multiplicative cipher:
• Multiplicative cipher is a type of monoalphabetic cipher where a character in the
plain text is multiplied by the key after which the modulus function is applied.

• For example, if the plain text has a character 'h' and if the key is set to 4, then the
value of the cipher text is ‘c'.

• The mathematical representation of multiplicative cipher is:

• Encryption process:
• The formula for encryption of plain text to cipher text in multiplicative cipher
is C=(P k) mod 26.

• Here, P is plain text, C is cipher text and,k is the key.

1.10.3 Monoalphabetic Cipher: Continue……..

• Decryption process:
• The formula for decryption of cipher text to plain text in multiplicative cipher
is P=(C multiplicative inverse of k) mod 26.

• For example, if the plain text has 'hello world' as the plain text with the key
being 5, then the cipher text becomes: 'judds gshdp'.
1.10.4 Playfair Cipher:
• What is Playfair Cipher?

• The Playfair Cipher encryption technique can be used to encrypt or encode a

message. It operates exactly like typical encryption. The only difference is that it
encrypts a digraph, or a pair of two letters, instead of a single letter.

• An initial 5×5 matrix key table is created. The plaintext encryption key is made out
of the matrix’s alphabetic characters.

• Be mindful that you shouldn’t repeat the letters. There are 26 alphabets however,
there are only 25 spaces in which we can place a letter.

• The matrix will delete the extra letter because there is an excess of one letter
(typically J). Despite this, J is there in the plaintext before being changed to I.
1.10.4 Playfair Cipher: Continue…….
• Encryption rules: Playfair Cipher
• Split the plaintext first into digraphs (pairs of two letters). If the plaintext has an odd
number of letters, append the letter Z at the end.
• Even the text in the basic form of The MANGO plaintext, for instance, consists of five
letters. Consequently, it is not possible to make a digraph. As a result, we will change
the plaintext to MANGOZ by adding the letter Z at the end.
• Divide the plaintext into digraphs after that (pair of two letters). For any letter that
appears twice, place an X there (side by side). Think about the scenario where the
digraph is CO MX MU NI CA TE and the plaintext is COMMUNICATE.
• For plaintext GREET, the digraph will be GR EX ET, but for plaintext JAZZ, the digraph will
be JA ZX ZX.
• To identify the cipher (encryption) text, create a 5*5 key-matrix or key-table and fill it
with alphabetic letters as follows:
1.10.4 Playfair Cipher: Continue…….
• The first row, from left to right, should include the letters for the supplied keyword
(ATHENS). If there are any duplicate letters in a keyword, avoid using them. This
means a letter will only be taken into account once. Fill in the remaining letters
alphabetically after that. Let’s create a 5*5 key-matrix for the keyword ATHENS.
•
1.10.4 Playfair Cipher: Continue…….
• The following three scenarios :

i) If two letters occur together in a row as a digraph, Each letter in the digraph,
in this case, should be replaced with the letter that is immediate to its right. If there is
no letter to the right, the first letter in the same row is considered to be the right
letter. Assuming Z is a letter for which the appropriate letter is required, T will be the
appropriate letter in this situation.
1.10.4 Playfair Cipher: Continue…….
ii) If a pair of letters (digraph) appears in the same column:
• In this case, replace each letter of the digraph with the letters immediately below
them. If there is no letter below, wrap around to the top of the same column.
Suppose, W is a letter whose below letter is required, in such case, V will be below
W.
1.10.4 Playfair Cipher: Continue…….
iii) In the event that a digraph (a pair of letters) is present in both its
corresponding row and column:
• To generate a cipher for a pair of letters within a 3X3 matrix, a 3X3 subset is
selected from a larger 5*5 matrix. Specifically, two square corners within the
matrix are chosen, which are positioned on opposite sides of a square. The
remaining corner serves as the substitution for the given digraph.
1.10.4 Playfair Cipher: Continue…….
• In simpler terms, the cipher for the first letter will be the intersection of the letters
H and Y.

• Let’s consider the scenario where we need to create a cipher for the digraph HY. As
observed, both H and Y are situated in different rows and columns.
1.10.4 Playfair Cipher: Continue…….
• In simpler terms, the cipher for the first letter will be the intersection of the letters
H and Y.

• Let’s consider the scenario where we need to create a cipher for the digraph HY. As
observed, both H and Y are situated in different rows and columns.
1.10.4 Playfair Cipher: Continue…….
• Decryption rules: Playfair Cipher
• Decryption procedures are used in reverse order as encryption procedures.

• When decrypting, the cipher is symmetric (move left along rows and up along
columns).

• The same key and key table that are used to decode the message are accessible to
the recipient of plain text.

Q. Encrypt the word “communication” Key is “computer” with Playfair technique.

1. First, create a digraph from the plaintext by applying rule 2, which is CO MX MU NI

CA TE.

2. Make a key matrix that is 5 by 5. (by rule 3). The significant element in our
circumstances is the computer.3. We will now look through each key-matrix pair
individually to find the corresponding encipher.

•
1.10.4 Playfair Cipher: Continue…….

3. find the corresponding encipher.

• The first digraph is CO. The two are displayed together in a row. The CO and OM
are encrypted using Rule 4(i).
• The second digraph is MX. Both of them are visible in the same column. The MX
and RM are encrypted using Rule 4(ii).
1.10.4 Playfair Cipher: Continue…….
• The third digraph is MU. The two are displayed together in a row. MU is encrypted
into the PC using Rule 4(i).

• The fourth digraph is NI. The pair is visible in several rows and columns. NI is
encrypted into SG using Rule 4(iii).

• The sixth digraph is CA. The pair is visible in several rows and columns. Rule 4(iii)
states are used by CA to encrypt data.

• Therefore, the plaintext COMMUNICATE is encrypted using OMRMPCSGPTER.

1.10.5 Hill Cipher:
• Hill cipher is a polygraphic substitution cipher based on linear algebra. Each letter
is represented by a number modulo 26.

• Often the simple scheme A = 0, B = 1, …, Z = 25 is used, To encrypt a message, each

block of n letters (considered as an n-component vector) is multiplied by an
invertible n × n matrix, against modulus 26.

• To decrypt the message, each block is multiplied by the inverse of the matrix used
for encryption.

• The matrix used for encryption is the cipher key, and it should be chosen randomly
from the set of invertible n × n matrices (modulo 26).
• Decryption
• To decrypt the message, we turn the cipher text back into a vector, then simply
multiply by the inverse matrix of the key matrix.
1.10.5 Hill Cipher: Continue…….
• Encryption:
• We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which can be
written as the nxn matrix:

• The message ‘ACT’ is written as vector:

1.10.5 Hill Cipher: Continue…….

• The enciphered vector is given as:

• which corresponds to ciphertext of ‘POH’

2) Input : Plaintext: GFG

• Key: HILLMAGIC
• Output : Ciphertext: SWK
1.10.5 Hill Cipher: Continue…….
• Decryption
• To decrypt the message, we turn the ciphertext back into a vector, then simply
multiply by the inverse matrix of the key matrix (IFKVIVVMI in letters).The inverse
of the matrix used in the previous example is:

• For the previous Ciphertext ‘POH’:

• which gives us back ‘ACT’.

1.10.6 Polyalphabetic Cipher:
• A method to improve monoalphabetic technique is to use different
monoalphabetic substitutions as proceeding through the plaintext message. This
method is known as polyalphabetic substitution cipher. In this method
✓ A set of related monoalphabetic substitution rules is used.
✓ A key determines which particular rule is chosen for a given transformation.
• Examples for polyalphabetic cipher are Playfair cipher, Hill cipher, Vigenere cipher
etc.
• Vigenère cipher :

➢ The best known and one of the simplest, polyalphabetic ciphers.

➢ The set of related monoalphabetic substitution rules consists of the 26 Caesar

ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter which is
the cipher text letter that substitutes for the plaintext letter a.

➢ For performing the encryption and decryption, a matrix known as the Vigenère
tableau is constructed
1.10.6 Polyalphabetic Cipher: Continue…….
• Vigenere Table:
1.10.6 Polyalphabetic Cipher: Continue…….
• How this Cipher Works

• Pick a keyword (for our example, the keyword will be "MEC").

• Write your keyword across the top of the text you want to encipher, repeating it as
many times as necessary.

• For each letter, look at the letter of the keyword above it (if it was 'M', then you
would go to the row that starts with an 'M'), and find that row in the Vigenere
table.

• Then find the column of your plaintext letter (for example, 'w', so the twenty-third
column).

• Finally, trace down that column until you reach the row you found before and
write down the letter in the cell where they intersect (in this case, you find an 'I'
there).
1.10.6 Polyalphabetic Cipher: Continue…….
• Example:Given Key – MEC
• Key:M E C M E C M E C M E C M E C M E C M E C M
• Plaintext:w e n e e d m o r e s u p p l i e s f a s t
• Ciphertext:I I P Q I F Y S T Q W W B T N U I U R E U F
1.10.7 Vernam Cipher in Cryptography
• Vernam Cipher is a method of encrypting alphabetic text. It is one of the
Substitution techniques for converting plain text into cipher text.

• In this mechanism, we assign a number to each character of the Plain-Text, like (a =

0, b = 1, c = 2, … z = 25).

• Method to take key: In the Vernam cipher algorithm, we take a key to encrypt the
plain text whose length should be equal to the length of the plain text.

• Encryption Algorithm

Step1: Assign a number to each character of the plain text and the key according to

alphabetical order.

Step2: Bitwise XOR both the number (Corresponding plain-text character number and

Key character number).

Step3: Subtract the number from 26 if the resulting number is greater than or equal to

26, if it isn’t then leave it.

1.10.7 Vernam Cipher Continue…….
Example 1:
• Plain-Text: O A K
• Key: S O N O ==> 14 = 0 1 1 1 0 S ==> 18 = 1 0 0 1 0
Bitwise XOR Result: 1 1 1 0 0 = 28
• Since the resulting number is greater than 26, subtract 26 from it. Then convert
the Cipher-Text character number to the Cipher-Text character.
• 28 - 26 = 2 ==> C CIPHER-TEXT: C
1.10.8 One Time Pad Cipher:
• One Time Pad algorithm is the improvement of the Vernam Cipher.

• It is the only available algorithm that is unbreakable(completely secure). It is a

method of encrypting alphabetic plain text. It is one of the Substitution techniques
which converts plain text into ciphertext.

• In this mechanism, we assign a number to each character of the Plain-Text.

• The two requirements for the One-Time pad are:

 The key should be randomly generated as long as the size of the message.

 The key is to be used to encrypt and decrypt a single message, and then it is
discarded.

• So encrypting every new message requires a new key of the same length as the
new message in one-time pad.

• The cipher text generated by the One-Time pad is random, so it does not have any
statistical relation with the plain text.
•
1.10.8 One Time Pad Cipher: Continue………..
• Examples:
• Input: Message = HELLO, Key = MONEY
• Output: Cipher – TSYPM,
Explanation: Plain text — H E L L O Key — M O N E Y
7 4 11 11 14 12 14 13 4 24
• Calculate Plain text + key = 19 18 24 15 38
19 18 24 15 12 (= 38 – 26)
• Cipher Text = T S Y P M
1.11 Transposition Techniques:
• The transposition technique is a cryptographic technique that converts the plain
text to cipher text by performing permutations on the plain text, i.e., changing
each character of plain text for each round.

• Mapping plain text into cipher text using transposition technique is

called transposition cipher.

• On the one hand, the substitution technique substitutes a plain text symbol with a
cipher text symbol. On the other hand, the transposition technique executes
permutation on the plain text to obtain the cipher text.
• Various Transposition techniques are:
1. The Rail Fence technique.
2. Simple columnar transposition technique.
3. Simple columnar transposition technique with multiple rounds.
4. Vernam cipher.
5. Book Cipher.
1.11.1 The Rail Fence technique:
• Rail-Fence is the simple Transposition technique that involves writing plain text as
a sequence of diagonals and then reading it row by row to produce the cipher text.

• Algorithm:

Step 1: Write down all the characters of plain text message in a sequence of
diagnosis.

Step 2: Read the plain text written in step 1 as a sequence of rows.

Example: Suppose plain text corporate bridge, and we want to create the cipher text
of the given.
First, we arrange the plain text in a sequence of diagnosis, as shown below.
• Now read the plain text by row-wise, i.e. croaerdeoprtbig.

• So, here the plain text is a “corporate bridge” and cipher text is “croaerdeoprtbig”.

• The Rail-Fence technique is quite easy to break.

1.11.2 Simple columnar transposition techniques:

• The simple columnar transposition technique can be categorized into two parts –
Basic technique and multiple rounds.

1. Simples columnar transposition technique – basic technique:

• The simple columnar transposition technique simply arranges the plain text in a
sequence of rows of a rectangle and reads it in a columnar manner.

• Algorithm:
Step 1: Write all the characters of plain text message row by row in a rectangle of
predefined size.
Step 2: Read the message in a columnar manner, i.e. column by column.
Note: For reading the message, it needs not to be in the order of columns. It can
happen in any random sequence.
Step 3: The resultant message is cipher text.
1. Simples columnar transposition technique – basic technique:

Example: Let’s assume that Plain text is a corporate bridge, and we need to calculate
the cipher text using a simple columnar transposition technique.

• Let’s take 6 columns and arrange the plain text in a row-wise manner.

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6

c o r p o r

a t e b r i

d g e

• Decide the column order for reading the message – let’s assume 1,3,5,2,4,6 is an
order.

• Now read the message in a columnar manner using the decided order. –
cadreeorotgpbri, this is a cipher text.
1.12 Steganography:

• Steganography is the art and science of writing hidden message in such a way that

no one, apart from the sender and intended recipient, suspects the existence of

the message.

• Steganography works by replacing bits of useless or unused data in regular

computer files (such as graphics, sound, text, html or even floppy disks) with bits

of different, invisible information.

• This hidden information can be plain text, cipher text or even images.

• In modern steganography, data is first encrypted by the usual means and then

inserted, using a special algorithm, into redundant data that is part of a particular

file format such as a JPEG image.

1.12.1 Steganography Process:
• Cover-media + Hidden data + Stego-key = Stego-medium

• Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key. Cover-media can be image or audio file.

• The resultant file is stego-medium.

• Stenography takes cryptography a step further by hiding an encrypted message so

that no one suspects it exists. Ideally, anyone scanning your data will fail to know it
contains encrypted data.

• Steganography has a number of drawbacks when compared to encryption. It

requires a lot of overhead to hide a relatively few bits of information. I.e. One can
hide text, data, image, sound, and video, behind image.
1.12.2 Different Types of Steganography

1. Text Steganography − There is steganography in text files, which entails secretly

storing information. In this method, the hidden data is encoded into the letter of
each word.

2. Image Steganography − The second type of steganography is image

steganography, which entails concealing data by using an image of a different object
as a cover.

• Pixel intensities are the key to data concealment in image steganography.

• Since the computer description of an image contains multiple bits, images are
frequently used as a cover source in digital steganography.

• The various terms used to describe image steganography include:

a. Cover-Image - Unique picture that can conceal data.

b. Message - Real data that you can mask within pictures. The message may be in
the form of standard text or an image.
1.12.2 Different Types of Steganography Continue……..
c. Stego-Image − A stego image is an image with a hidden message.

d. Stego-Key - Messages can be embedded in cover images and stego-images with

the help of a key, or the messages can be derived from the photos themselves.

3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it

protects against unauthorized reproduction. Watermarking is a technique that
encrypts one piece of data (the message) within another (the "carrier"). Its typical
uses involve media playback, primarily audio clips.

4. Video Steganography − Video steganography is a method of secretly embedding

data or other files within a video file on a computer. Video (a collection of still
images) can function as the "carrier" in this scheme. Discrete cosine transform (DCT)
is commonly used to insert values that can be used to hide the data in each image in
the video, which is undetectable to the naked eye. Video steganography typically
employs the following file formats: H.264, MP4, MPEG, and AVI.
1.12.2 Different Types of Steganography Continue……..

5. Network or Protocol Steganography − It involves concealing data by using a

network protocol like TCP, UDP, ICMP, IP, etc., as a cover object.

• Steganography can be used in the case of secret channels, which occur in the OSI
layer network model.
1.13 A Model For Network Security:
• For a message to be sent or receive there must be a sender and a receiver. Both
the sender and receiver must also be mutually agreeing to the sharing of the
message.

• The transmission of a message from sender to receiver needs a medium

i.e. Information channel which is an Internet service.

• A logical route is defined through the network (Internet), from sender to the
receiver and using the communication protocols both the sender and the receiver
established communication.

• We are concerned about the security of the message over the network when the
message has some confidential or authentic information which has a threat from
an opponent present at the information channel.

• Any security service would have the three components discussed below:
1.13 A Model For Network Security: Continue……..
1. Transformation of the information which has to be sent to the receiver. So, that any
opponent present at the information channel is unable to read the message. This
indicates the encryption of the message.

• It also includes the addition of code during the transformation of the information
which will be used in verifying the identity of the authentic receiver.

2. Sharing of the secret information between sender and receiver of which the
opponent must not have any clue. i.e. encryption key which is used during the
encryption of the message at the sender’s end and also during the decryption of
message at receiver’s end.

3. There must be a trusted third party which should take the responsibility
of distributing the secret information (key) to both the communicating parties and
also prevent it from any opponent.
1.13 A Model For Network Security: Continue……..
• Following figure shows General Network Security Model:

• considering this general model of network security, one must consider the
following four tasks while designing the security model.
1.13 A Model For Network Security: Continue……..

1. Design an algorithm for performing the security-related transformation.

• To transform a readable message at the sender side into an unreadable format, an
appropriate algorithm should be designed such that it should be difficult for an
opponent to crack that security algorithm.

2. Generate the secret information to be used with the algorithm.

• Next, the network security model designer is concerned about the generation of
the secret information which is known as a key. This secret information is used in
conjunction with the security algorithm in order to transform the message.

3. Develop methods for the distribution and sharing of secret information.

• Now, the secret information is required at both the ends, sender’s end and
receiver’s end. At sender’s end, it is used to encrypt or transform the message into
unreadable form and at the receiver’s end, it is used to decrypt or retransform the
message into readable form.
1.13 A Model For Network Security: Continue……..
1. Design an algorithm for performing the security-related transformation.
• To transform a readable message at the sender side into an unreadable format, an
appropriate algorithm should be designed such that it should be difficult for an
opponent to crack that security algorithm.
2. Generate the secret information to be used with the algorithm.
• Next, the network security model designer is concerned about the generation of the
secret information which is known as a key. This secret information is used in
conjunction with the security algorithm in order to transform the message.
3. Develop methods for the distribution and sharing of secret information.
Now, the secret information is required at both the ends, sender’s end and
receiver’s end. At sender’s end, it is used to encrypt or transform the message
into unreadable form and at the receiver’s end, it is used to decrypt or
retransform the message into readable form.
• Specify a protocol to be used by the two principals that make use of the security
algorithm and the secret information to achieve a particular security service.
1.13 A Model For Network Security: Continue……..
• So, there must be a trusted third party which will distribute the secret information
to both sender and receiver. While designing the network security model designer
must also concentrate on developing the methods to distribute the key to the
sender and receiver.

• An appropriate methodology must be used to deliver the secret information to the

communicating parties without the interference of the opponent.

4. Specify a protocol to be used by the two parties that make use of the
security algorithm and the secret information to achieve a particular
security service.
• It is also taken care that the communication protocols that are used by the
communicating parties should be supporting the security algorithm and the secret
key in order to achieve the security service.
1.14 Key Size and Key Range:
• In cryptography, "key size" refers to the length of a cryptographic key, usually
expressed in bits. The larger the key size, the more secure the encryption and
decryption process is. The most commonly used key sizes are 128-bit, 192-bit, and
256-bit.

• "Key range" refers to the set of all possible keys that can be used in cryptography.
The range is determined by the key size and the underlying algorithm, and it
affects the security of the encryption. A larger key range allows for a greater
number of possible keys, increasing the difficulty for an attacker to guess the
correct key and decrypt the message.
•