Cryptography and Network Security

Chapter 1
Introduction
 Background
Information Security requirements have changed in
recent times

traditionally provided by physical and administrative

mechanisms

computer use requires automated tools to protect files

and other stored information

use of networks and communications links requires

measures to protect data during transmission
Nidhi Gautam, Assistant Professor UIAMS,
2 Panjab University Chandigarh
 Definitions
Computer Security - generic name for the collection
of tools designed to protect data and to thwart hackers

Network Security - measures to protect data during

their transmission

Internet Security - measures to protect data during

their transmission over a collection of interconnected
networks

Nidhi Gautam, Assistant Professor UIAMS,

3 Panjab University Chandigarh
 Aim of Course
our focus is on Internet Security

which consists of measures to deter, prevent, detect, and

correct security violations that involve the transmission &
storage of information

Nidhi Gautam, Assistant Professor UIAMS,

4 Panjab University Chandigarh
 Security Trends

CERT:
Computer
Emergency
Response Team

Nidhi Gautam, Assistant Professor UIAMS,

5 Panjab University Chandigarh
 OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”

defines a systematic way of defining and providing security

requirements

for us it provides a useful, if abstract, overview of concepts

we will study

Nidhi Gautam, Assistant Professor UIAMS,

6 Panjab University Chandigarh
 Aspects of Security
security attack: Any action that compromises the security
of information owned by an organization.

security mechanism: A process that is designed to detect,

prevent, or recover from a security attack.

security service: A processing or communication service

that enhances the security of the data processing systems and
the information transfers of an organization. The services are
intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service.

Nidhi Gautam, Assistant Professor UIAMS,

7 Panjab University Chandigarh
 Security Attack
any action that compromises the security of
information owned by an organization
information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks
passive
active
Nidhi Gautam, Assistant Professor UIAMS,
8 Panjab University Chandigarh
 Passive Attacks

Nidhi Gautam, Assistant Professor UIAMS,

9 Panjab University Chandigarh
 Active Attacks

Nidhi Gautam, Assistant Professor UIAMS,

10 Panjab University Chandigarh
 Active Attacks
Masquerade: when one entity pretends to be a
different entity.
Replay: involves passive capture of the data unit
and its subsequent retransmission to produce an
unauthorized effect.
Modification of messages: capture message and
modify the content and then send.
Denial of service:

Nidhi Gautam, Assistant Professor UIAMS,

11 Panjab University Chandigarh
 Active attacks present the opposite characteristics of
passive attacks. Whereas passive attacks are difficult to
detect, measures are available to prevent their success.
On the other hand, it is quite difficult to prevent active
attacks absolutely, because of the wide variety of
potential physical, software and network
vulnerabilities. Instead, the goal is to detect active
attacks and to recover from any disruption or delays
caused by them.

Nidhi Gautam, Assistant Professor UIAMS,

12 Panjab University Chandigarh
 Security Service
enhance security of data processing systems and information
transfers of an organization

intended to counter security attacks

using one or more security mechanisms

often replicates functions normally associated with physical

documents
 which, for example, have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized or witnessed; be
recorded or licensed
Nidhi Gautam, Assistant Professor UIAMS,
13 Panjab University Chandigarh
 Security Services
X.800:
“a service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or
of data transfers”

RFC 2828:
“a processing or communication service provided by a system
to give a specific kind of protection to system resources”

Nidhi Gautam, Assistant Professor UIAMS,

14 Panjab University Chandigarh
 Security Services (X.800)
Authentication - assurance that the communicating
entity is the one claimed
1. Peer Entity Authentication
2. Data Origin Authentication

Nidhi Gautam, Assistant Professor UIAMS,

15 Panjab University Chandigarh
 Security Services (X.800)
 Access Control – The prevention of unauthorized use of a
resource (i.e., this service controls who can have access to a
resource, under what conditions access can occur, and what
those accessing the resource are allowed to do).

Nidhi Gautam, Assistant Professor UIAMS,

16 Panjab University Chandigarh
 Security Services (X.800)
Data Confidentiality – protection of data from
unauthorized disclosure
1. Connection Confidentiality
2. Connectionless Confidentiality
3. Selective-Field Confidentiality
4. Traffic Flow Confidentiality

Nidhi Gautam, Assistant Professor UIAMS,

17 Panjab University Chandigarh
 Security Services
 Data Integrity (X.800)
- assurance that data received is as sent by
an authorized entity
Connection integrity with recovery
Connection integrity without recovery
Selective-field connection integrity
Connectionless integrity
Selective – field connectionless integrity

Nidhi Gautam, Assistant Professor UIAMS,

18 Panjab University Chandigarh
 Security Services (X.800)
Non-Repudiation - protection against denial by
one of the parties in a communication
Nonrepudiation, Origin
Nonrepudiation, Destination

Nidhi Gautam, Assistant Professor UIAMS,

19 Panjab University Chandigarh
 Security Mechanism
feature designed to detect, prevent, or recover from a
security attack

no single mechanism that will support all services

required

however one particular element underlies many of the

security mechanisms in use:
cryptographic techniques

Nidhi Gautam, Assistant Professor UIAMS,

20 Panjab University Chandigarh
 Security Mechanisms (X.800)
specific security mechanisms:
encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization

pervasive security mechanisms:

trusted functionality, security labels, event
detection, security audit trails, security recovery

Nidhi Gautam, Assistant Professor UIAMS,

21 Panjab University Chandigarh
 Model for Network Security

Nidhi Gautam, Assistant Professor UIAMS,

22 Panjab University Chandigarh
 Model for Network Security
 using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service

Nidhi Gautam, Assistant Professor UIAMS,

23 Panjab University Chandigarh
 Model for Network Access Security

Nidhi Gautam, Assistant Professor UIAMS,

24 Panjab University Chandigarh
 Model for Network Access Security
 using this model requires us to:
1. select appropriate gatekeeper functions to identify
users
2. implement security controls to ensure only authorised
users access designated information or resources
 trusted computer systems may be useful to help
implement this model

Nidhi Gautam, Assistant Professor UIAMS,

25 Panjab University Chandigarh
 Summary
have considered:
definitions for:
 computer, network, internet security

X.800 standard
security attacks, services, mechanisms
models for network (access) security

Nidhi Gautam, Assistant Professor UIAMS,

26 Panjab University Chandigarh
Cryptography and Network Security
Chapter 2
Classical Encryption Techniques
 Symmetric Encryption
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are private-key
was only type prior to invention of public-key in
1970’s
and by far most widely used

Nidhi Gautam, Assistant Professor UIAMS,

28 Panjab University Chandigarh
 Some Basic Terminology
 plaintext - original message

 ciphertext - coded message

 cipher - algorithm for transforming plaintext to ciphertext

 key - info used in cipher known only to sender/receiver

 encipher (encrypt) - converting plaintext to ciphertext

 decipher (decrypt) - recovering ciphertext from plaintext

 cryptography - study of encryption principles/methods

 cryptanalysis (codebreaking) - study of principles/ methods of

deciphering ciphertext without knowing key
Nidhi Gautam, Assistant Professor UIAMS,
 cryptology
29 - field of both cryptography and cryptanalysis
Panjab University Chandigarh
 Symmetric Cipher Model

Nidhi Gautam, Assistant Professor UIAMS,

30 Panjab University Chandigarh
 Requirements
two requirements for secure use of symmetric
encryption:
a strong encryption algorithm
a secret key known only to sender / receiver
mathematically have:
Y = EK(X)
X = DK(Y)
assume encryption algorithm is known
implies a secure channel to distribute key

Nidhi Gautam, Assistant Professor UIAMS,

31 Panjab University Chandigarh
 Cryptography
characterize cryptographic system by:
type of encryption operations used
substitution / transposition / product
number of keys used
single-key or private / two-key or public
way in which plaintext is processed
block / stream

Nidhi Gautam, Assistant Professor UIAMS,

32 Panjab University Chandigarh
 Cryptanalysis
objective to recover key not just message
general approaches:

cryptanalytic attack: rely on the nature of the algorithm plus

perhaps some knowledge of the general characteristics of the
plaintext or even some sample plaintext-ciphertext pairs.

brute-force attack: try every possible key on a piece of

ciphertext until an intelligible translation into plaintext is
obtained. On average, half of all possible keys must be tried
to achieve success.

Nidhi Gautam, Assistant Professor UIAMS,

33 Panjab University Chandigarh
 Cryptanalytic Attacks
 ciphertext only
only know algorithm & ciphertext
 known plaintext
Know algorithm, ciphertext & plaintext-ciphertext pair.
 chosen plaintext
Know algorithm, ciphertext and select plaintext and obtain
ciphertext.
 chosen ciphertext
Know algorithm, ciphertext and select ciphertext and obtain
plaintext.
 chosen text
Know algorithm, ciphertext and select plaintext or ciphertext to
en/decrypt.

Nidhi Gautam, Assistant Professor UIAMS,

34 Panjab University Chandigarh
 An algorithm should have
unconditional security
no matter how much computer power or time is available,
the cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
computational security
The cost of breaking the cipher exceeds the value of the
encrypted information.
The time required to break the cipher exceeds the useful
lifetime of the information.

Nidhi Gautam, Assistant Professor UIAMS,

35 Panjab University Chandigarh
 Substitution Techniques
where letters of plaintext are replaced by other letters
or by numbers or symbols

or if plaintext is viewed as a sequence of bits, then

substitution involves replacing plaintext bit patterns
with ciphertext bit patterns

Nidhi Gautam, Assistant Professor UIAMS,

36 Panjab University Chandigarh
 Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

Nidhi Gautam, Assistant Professor UIAMS,

37 Panjab University Chandigarh
 Caesar Cipher
can define transformation as:
abcdefghijklmnopqrstuvwxyz
DEFGHIJKLMNOPQRSTUVWXYZABC
mathematically give each letter a number
abcdefghij k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar cipher as:

c = E(p) = (p + k) mod (26) i.e. K = 3
p = D(c) = (c – k) mod (26)

Nidhi Gautam, Assistant Professor UIAMS,

38 Panjab University Chandigarh
 Cryptanalysis of Caesar Cipher
only have 26 possible ciphers
A maps to A,B,..Z
could simply try each in turn
a brute force search
given ciphertext, just try all shifts of letters
do need to recognize when have plaintext
eg. break ciphertext "GCUA VQ DTGCM"

Nidhi Gautam, Assistant Professor UIAMS,

39 Panjab University Chandigarh
 Monoalphabetic Cipher
rather than just shifting the alphabet
could shuffle (jumble) the letters arbitrarily
each plaintext letter maps to a different random
ciphertext letter
hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Nidhi Gautam, Assistant Professor UIAMS,

40 Panjab University Chandigarh
 Monoalphabetic Cipher Security
now have a total of 26! keys
with so many keys, might think is secure
but would be !!!WRONG!!!
problem is language characteristics

Nidhi Gautam, Assistant Professor UIAMS,

41 Panjab University Chandigarh
 Language Redundancy and
Cryptanalysis
human languages are redundant
letters are not equally commonly used
in English E is by far the most common letter
followed by T,R,N,I,O,A,S
other letters like Z,J,K,Q,X are fairly rare
have tables of single, double & triple letter
frequencies for various languages

Nidhi Gautam, Assistant Professor UIAMS,

42 Panjab University Chandigarh
 English Letter Frequencies

Nidhi Gautam, Assistant Professor UIAMS,

43 Panjab University Chandigarh
 Playfair Cipher
not even the large number of keys in a
monoalphabetic cipher provides security
one approach to improving security was to encrypt
multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair

Nidhi Gautam, Assistant Professor UIAMS,

44 Panjab University Chandigarh
 Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

Nidhi Gautam, Assistant Professor UIAMS,

45 Panjab University Chandigarh
 Encrypting and Decrypting
 plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X’

2. if both letters fall in the same row, replace each with letter
to right(wrapping back to start from end)

3. if both letters fall in the same column, replace each with the
letter below it (again wrapping to top from bottom)

4. otherwise each letter is replaced by the letter in the same

row and in the column of the other letter of the pair

Nidhi Gautam, Assistant Professor UIAMS,

46 Panjab University Chandigarh
 Polyalphabetic Ciphers
polyalphabetic substitution ciphers
improve security using multiple cipher alphabets
make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution
use a key to select which alphabet is used for each
letter of the message
use each alphabet in turn
repeat from start after end of key is reached

Nidhi Gautam, Assistant Professor UIAMS,

47 Panjab University Chandigarh
 Polyalphabetic Ciphers
A set of related monoalphabetic substitution rules is
used.

A key determines which particular rule is chosen for a

given transformation

Nidhi Gautam, Assistant Professor UIAMS,

48 Panjab University Chandigarh
 Vigenère Cipher
simplest polyalphabetic substitution cipher
effectively multiple caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith letter specifies ith alphabet to use
use each alphabet in turn
repeat from start after d letters in message
decryption simply works in reverse

Nidhi Gautam, Assistant Professor UIAMS,

49 Panjab University Chandigarh
 Example of Vigenère Cipher
write the plaintext out
write the keyword repeated above it
use each key letter as a caesar cipher key
encrypt the corresponding plaintext letter
eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Nidhi Gautam, Assistant Professor UIAMS,

50 Panjab University Chandigarh
 One-Time Pad
if a truly random key as long as the message is used,
the cipher will be secure
called a One-Time pad
is unbreakable since ciphertext bears no statistical
relationship to the plaintext
since for any plaintext & any ciphertext there exists
a key mapping one to other
can only use the key once though problems in
generation & safe distribution of key
Nidhi Gautam, Assistant Professor UIAMS,
51 Panjab University Chandigarh
 Transposition Techniques
now consider classical transposition or permutation
ciphers
these hide the message by rearranging the letter order
without altering the actual letters used
can recognise these since have the same frequency
distribution as the original text

Nidhi Gautam, Assistant Professor UIAMS,

52 Panjab University Chandigarh
 Rail Fence cipher
write message letters out diagonally over a number
of rows
then read off cipher row by row
eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
giving ciphertext
MEMATRHTGPRYETEFETEOAAT

Nidhi Gautam, Assistant Professor UIAMS,

53 Panjab University Chandigarh
 Row Transposition Ciphers
a more complex transposition
write letters of message out in rows over a specified
number of columns
then reorder the columns according to some key before
reading off the rows
Key: 4312567
Plaintext: a t tackp
os tpone
du nt i l t
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Nidhi Gautam, Assistant Professor UIAMS,

54 Panjab University Chandigarh
 Product Ciphers
ciphers using substitutions or transpositions are
not secure because of language characteristics
hence consider using several ciphers in succession
to make harder, but:
two substitutions make a more complex substitution
two transpositions make more complex transposition
but a substitution followed by a transposition makes a
new much harder cipher
this is bridge from classical to modern ciphers

Nidhi Gautam, Assistant Professor UIAMS,

55 Panjab University Chandigarh
 Summary
have considered:
classical cipher techniques and terminology
monoalphabetic substitution ciphers
cryptanalysis using letter frequencies
Playfair cipher
polyalphabetic ciphers
transposition ciphers
product

Nidhi Gautam, Assistant Professor UIAMS,

56 Panjab University Chandigarh