SCHOOL OF INFORMATICS

Department of Information Technology

Course: Cryptography and N/w Security

By Desta Dana(Assistant Prof.)

Email: [email protected]
Cryptogrphy and Network security By Desta D(2022GC)-WSU 1
Chapters Contents
Chapter one INTRODUCTION: Definition Attacks, Services and Mechanisms,
Security attacks, Security services, A Model for Internet work Security.
Chapter two CLASSICAL TECHNIQUES: Conventional Encryption model,
Steganography, Classical Encryption Techniques.
Chapter 3 MODERN TECHNIQUES: Simplified DES, Block Cipher Principles,
Data Encryption standard, Strength of DES, Differential and Linear
Cryptanalysis, Block Cipher Design Principles and Modes of
operations.
Chapter 4 CONVENTIONAL ENCRYPTION: Placement of Encryption function,
Traffic confidentiality, Key
Distribution, Random Number Generation.
Chapter 5 PUBLIC KEY CRYPTOGRAPHY: Principles, RSA Algorithm, Key
Management, Diffie-Hellman Key exchange, Elliptic Curve
Cryptography.
NUMBER THEORY: Prime and Relatively prime numbers, Modular
arithmetic, Fermat’s and Euler’s
theorems, Testing for primality, Euclid’s Algorithm, the Chinese
remainder theorem, Discrete logarithms.
Chapter 6 Network security framework and current issues
Chapter- 1 Introduction
• Definition of terms
• Cryptography
• Security attacks
• Security Mechanisms
• Symmetric and Asymmetric security mechanisms
• Security models
 Cryptography
• Cryptography is the study of secure communications techniques that
allow only the sender and intended recipient of a message to view
its contents.
• The term is derived from the Greek word kryptos, which means
hidden.
• It is closely associated to encryption, which is the act of scrambling
ordinary text into what's known as ciphertext and then back again
upon arrival.
Definition Contd…
• Computer data often travels from one computer to another, leaving the safety of its protected physical
surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either
for amusement or for their own benefit.
• Cryptography can reformat and transform our data, making it safer on its trip between computers. The
technology is based on the essentials of secret codes, augmented by modern mathematics that protects our
data in powerful ways.

• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
 Security Attacks, Services and Mechanisms
• To assess the security needs of an organization effectively, the manager responsible for security
needs some systematic way of defining the requirements for security and characterization of
approaches to satisfy those requirements.
• One approach is to consider three aspects of information security:
• Security attack – Any action that compromises the security of information owned by an organization.
• Security mechanism – A mechanism that is designed to detect, prevent or recover from a security
attack.
• Security service – A service that enhances the security of the data processing systems and the
information transfers of an organization.
• The services are intended to counter security attacks and they make use of one or more security
mechanisms to provide the service.
 Basic Concepts
•Cryptography The art or science encompassing the principles and methods of transforming an intelligible message
into one that is unintelligible, and then retransforming that message back to its original form
•Plaintext The original intelligible message
•Cipher text The transformed message
•Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or
substitution methods
•Key Some critical information used by the cipher, known only to the sender& receiver
•Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
•Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key
•Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an intelligible
message without knowledge of the key. Also called code breaking
•Cryptology Both cryptography and cryptanalysis
•Code An algorithm for transforming an intelligible message into an unintelligible one using a code-book
Cryptanalysis
• The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the
cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst.
• There are various types of cryptanalytic attacks based on the amount of information known to the
cryptanalyst.
• Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
•Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
•Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They cannot open it to
find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the resulting
cipher texts to deduce the key.

•Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt
several string of symbols, and tries to use the results to deduce the key.
 STEGANOGRAPHY
• A plaintext message may be hidden in any one of the two ways. The
methods of steganography conceal the existence of the message, whereas the
methods of cryptography render the message unintelligible to outsiders by
various transformations of the text.
• A simple form of steganography, but one that is time consuming to
construct is one in which an arrangement of words or letters within an
apparently innocuous text spells out the real message.
Eg: - the sequence of first letters of each word of the overall message spells
out the real (Hidden) message.
- Subset of the words of the overall message is used to convey the
hidden message.
SECURITY SERVICES(C-I-A)

The classification of security services are as follows:

•Confidentiality: Ensures that the information in a computer system and transmitted information are accessible
only for reading by authorized parties.
•E.g. Printing, displaying and other forms of disclosure.

•Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted
information. Modification includes writing, changing status, deleting, creating and delaying or replaying of
transmitted messages.
•Availability: Requires that computer system assets be available to authorized parties when needed.
Others Services are:-
•Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an
assurance that the identity is not false.
•Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the transmission.
•Access control: Requires that access to information resources may be controlled by or the target system.
SECURITY MECHANISMS
• One of the most specific security mechanisms in use is cryptographic
techniques.
• Encryption or encryption-like transformations of information are the most
common means of providing security.
• Some of the mechanisms are:-
1. Encipherment
2. Digital Signature
3. Access Control
SECURITY ATTACKS(Passive Vs Active)
•Interruption:- An asset of the system is destroyed or becomes
unavailable or unusable.
•Interception:- An unauthorized party gains access to an asset.
•Modification:- An unauthorized party not only gains access to but
tampers with an asset.
•Fabrication:- An unauthorized party inserts counterfeit objects into
the system.
Cryptographic Attacks

•Passive Attacks
•Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is
being transmitted. Passive attacks are of two types:
•Release of message contents: A telephone conversation, an e-mail
message and a transferred file may contain sensitive or confidential
information. We would like to prevent the opponent from learning the
contents of these transmissions.
•Traffic analysis: If we had encryption protection in place, an opponent
might still be able to observe the pattern of the message.
Active attacks
•These attacks involve some modification of the data stream or the creation of a false
stream.
•These attacks can be classified in to four categories:

•Masquerade – One entity pretends to be a different entity.

•Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.
•Modification of messages – Some portion of message is altered or the messages are
delayed or recorded, to produce an unauthorized effect.
•Denial of service – Prevents or inhibits the normal use or management of
communication facilities.
Symmetric and public key algorithms
•Encryption/Decryption methods fall into two categories.

• Symmetric key Public key

• In symmetric key algorithms, the encryption and decryption keys are known both
to sender and receiver.

• The encryption key is shared and the decryption key is easily calculated from it.
In many cases, the encryption and decryption keys are the same.
• In public key cryptography, encryption key is made public, but it is computationally
infeasible to find the decryption key without the information known to the receiver.
Symmetric Key
In symmetric-key cryptography, the same key is used by the sender(for
encryption) and the receiver (for decryption).
The key is shared.
• Advantages:
• Simple
• Faster
• Disadvantages:
• Key must exchanges in secure way
• Easy for hacker to get a key as it is passed in unsecure way.
Example of Symmetric Key Encryption
1. Data Encryption Standard (DES)
2. Triple Data Encryption Standard (Triple DES)
3. Advanced Encryption Standard (AES)
4. International Data Encryption Algorithm (IDEA)
5. TLS/SSL protocol.
Asymmetric Key
• An asymmetric-key (or public-key) cipher uses two keys: one private
(To encrypt data) and one public(To decrypt data).

• Asymmetric Key Cryptography (Public Key Cryptography)

• 2 different keys are used(Public keys and private keys)
• Users get the Key from an Certificate Authority

Advantages
1. More Secured
2. Authentication
Disadvantages
3. Relatively Complex
Examples of Asymmetric Key

RSA:
Digital Signature Algorithm:
Diffie-Helman:.
Compare Both?
Model for Network Security
• ..
MODEL FOR NETWORK ACCESS
SECURITY
•-
End of Chapter-1
Q&A
Classical Encryption
Techniques
Chapter 2
Classical encryption techniques
• Encryption :-
• Encryption is something like making a secret letter by changing, swapping or
replacing characters in previously defend order. The format of the message is
not changed.
• Encoding :-
• In coding the format of data is changed. For example we record a voice
sample, the recorder will encode the analog voice signals into digital signals &
store.

25
Basic terminology
• Plaintext: original message to be encrypted

• Ciphertext: the encrypted message

• Enciphering or encryption: the process of converting plaintext into

ciphertext

• Encryption algorithm: performs encryption

• Two inputs: a plaintext and a secret key

26
Symmetric Cipher Model

27
• Deciphering or decryption: recovering plaintext from
ciphertext

• Decryption algorithm: performs decryption

• Two inputs: ciphertext and secret key

• Secret key: same key used for encryption and

decryption
• Also referred to as a symmetric key

28
• Cipher or cryptographic system : a scheme for
encryption and decryption

• Cryptography: science of studying ciphers

• Cryptanalysis: science of studying attacks against

cryptographic systems

• Cryptology: cryptography + cryptanalysis

29
Ciphers
• Symmetric cipher: same key used for encryption
and decryption
• Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
• Stream cipher: encrypts data one bit or one byte at a
time

• Asymmetric cipher: different keys used for

encryption and decryption
30
 Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are symmetric

31
Symmetric Encryption
• Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
• X = plaintext
• Y = ciphertext
• K = secret key
• E = encryption algorithm
• D = decryption algorithm
• Both E and D are known to public

32
Cryptanalysis
• Objective: to recover the plaintext of a ciphertext or, more
typically, to recover the secret key.

• Kerkhoff’s principle: the opponent knows all details about a

cryptosystem except the secret key.

• Two general approaches:

• brute-force attack
• non-brute-force attack (cryptanalytic attack)

33
 Language Redundancy and
Cryptanalysis
• Human languages are redundant
• e.g. "th lrd s m shphrd shll nt wnt"
• Letters are not equally commonly used
• In English
• E is by far the most common letter
• Followed by T, R, N, I, O, A, S
• Other letters like Z, J, K, Q, X are fairly rare
• Which set of characters are most commonly used in Chinese?
• Have tables of single, double & triple letter frequencies for various
languages

34
English Letter Frequencies

35
 Use in Cryptanalysis
• Key concept
• Monoalphabetic substitution ciphers do not change relative letter
frequencies
• Discovered by Arabian scientists in 9th century
• Calculate letter frequencies for ciphertext
• Compare counts/plots against known values
• Caesar cipher looks for common peaks/troughs
• Peaks at: A-E-I triple, NO pair, RST triple
• Troughs at: JK, X-Z
• Monoalphabetic must identify each letter
• Tables of common double/triple letters help

36
 Example Cryptanalysis
• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• Count relative letter frequencies (see text)

• Guess which two individual letters are for e & t (with the highest
frequencies)?
• P&Z
• Guess what “ZW” is for?
• “th” and hence “ZWP” is “the”
• Proceed with trial and error finally get:
it was disclosed yesterday that several informal but direct
contacts have been made with political
representatives of the viet cong in moscow

37
Cryptanalytic Attacks
• May be classified by how much information needed by the attacker:
• Ciphertext-only attack
• Known-plaintext attack
• Chosen-plaintext attack
• Chosen-ciphertext attack

38
Classical Ciphers
• Plaintext is viewed as a sequence of elements (e.g., bits
or characters)
• Substitution cipher: replacing each element of the
plaintext with another element.
• Transposition (or permutation) cipher: rearranging the
order of the elements of the plaintext.

39
Caesar Cipher
• Earliest known substitution cipher
• Invented by Julius Caesar
• Ciphertext is derived from the plaintext alphabet by
shifting each letter a certain number of spaces.
• Each letter is replaced by the letter three positions further
down the alphabet.(+3)
• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Example: Meet me after the tea party  phhw ph diwhu
wkh sduwb
40
Caesar Cipher
• Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
• Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
• Can be generalized with any alphabet.

41
Monoalphabetic Substitution Cipher
• Shuffle the letters and map each plaintext letter to a
different random ciphertext letter:

Plain letters: abcdefghijklmnopqrstuvwxyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

• What does a key look like?

42
Playfair Cipher
•

• One approach to improving security is to encrypt multiple letters at a time.

• The Playfair Cipher is the best known such cipher.

• Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
• Simplest substitution cipher with two letters combination.
• Encryption algo takes 5x5 matrix of letters.
• Generate the key table. (drop any duplicate letter).
• Key alphabets are filled in matrix from left to right & top to bottom.
• Rest of the letters are filled in matrix in remaining spaces.
• Letters I & j takes the same place.

43
Playfair Cipher
• Rules:
• If pair letters are same, add an X (uncommon letter) after the first letter.
• Balloon will be (ba lx lo on).
• If the letter appear in same row / column of the table, replace them with the
letter to immediate right respectively.
• If the letters are not on same row or column , replace with letter in the
corners of rectangle.
Playfair Key Matrix
• Use a 5 x 5 matrix.
• Fill in letters of the key (w/o duplicates).
• Fill the rest of matrix with other letters.
• E.g., key = MONARCHY.

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
45
Encrypting and Decrypting
Plaintext is encrypted two letters at a time.
1. If a pair is a repeated letter, insert filler like 'X’.
2. If both letters fall in the same row, replace each with the
letter to its right (circularly).
3. If both letters fall in the same column, replace each with
the the letter below it (circularly).
4. Otherwise, each letter is replaced by the letter in the same
row but in the column of the other letter of the pair.

46
Vigenere cipher
•In this scheme, the set of related monoalphabetic substitution rules
consisting of 26 caesar ciphers with shifts of 0 through 25.
•Each cipher is denoted by a key letter. e.g., Caesar cipher with a shift of 3 is
denoted by the key value 'd‟ (since a=0, b=1, c=2 and so on).
•To aid in understanding the scheme, a matrix known as vigenere table is
Constructed
•Each of the 26 ciphers is laid out horizontally, with the key letter for each
cipher to its left. A normal alphabet for the plaintext runs across the top.
Vigenere …
…
•Given a key letter X and a plaintext letter y, the cipher text is at the intersection of the row
labeled x and the column labeled y; in this case, the ciphertext is V.
• To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e PT = w e a r e d i
s c o v e r e d s a v e y o u r s e l f CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ
• Decryption is equally simple. The key letter again identifies the row. The position of the
cipher text letter in that row determines the column, and the plaintext letter is at the top of that
column.

•Strength of Vigenere cipher

o There are multiple cipher text letters for each plaintext letter.
o Letter frequency information is obscured.
Hill Cipher
• The algo takes n x n matrix.
• The cipher C of P derived by multiplying P by K.
• When decrypt the message the inverse of K is used.
• C=(KP) mod (26)
• P= K-1 C mod (26)
Hill Cipher
• Example :-
• Plaintext is “paymoremoney” and key is
• K= |17 17 5 |
|21 18 21|
|2 2 19|
• 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
• ABCDEFGHIJ K L M N O P Q R S T
• 20 21 22 23 24 25
• U VW X Y Z
• KEY PAY MOR EMO NEY
Hill Cipher
• PAY = |15 0 24|, P = 15
• C = (KP) mod 26 0
24
C = 17 17 5 15
21 18 21 X 0 mod 26
2 2 19 24
C= 255+0+120
315+0+504 mod 26
30+0+456
Hill Cipher
• C= 375
819 mod 26
486
C= 11 L
13 N
18 S
PAY = LNS
Polyalphabetic Substitution Ciphers
• A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in
turn to encrypt letters.
• A key determines which sequence of ciphers to use.
• Each plaintext letter has multiple corresponding ciphertext letters.
• This makes cryptanalysis harder since the letter frequency distribution
will be flatter.

54
Vigenère Cipher
• Simplest polyalphabetic substitution cipher
• Consider the set of all Caesar ciphers:
{ Ca, Cb, Cc, ..., Cz }
• Key: e.g. security
• Encrypt each letter using Cs, Ce, Cc, Cu, Cr, Ci, Ct, Cy in turn.
• Repeat from start after Cy.
• Decryption simply works in reverse.

55
Example of Vigenère Cipher

• Keyword: deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

56
Security of Vigenère Ciphers
• There are multiple (how many?) ciphertext letters corresponding
to each plaintext letter.
• So, letter frequencies are obscured but not totally lost.

• To break Vigenere cipher:

1. Try to guess the key length. How?

2. If key length is N, the cipher consists of N Caesar ciphers.
Plaintext letters at positions k, N+k, 2N+k, 3N+k, etc., are encoded
by the same cipher.
3. Attack each individual cipher as before.
57
Transposition Ciphers
• Also called permutation ciphers.

• Shuffle the plaintext, without altering the actual letters used.

• Example: Row Transposition Ciphers
• Example 2: Rail fence(2,3..)

58
Row Transposition Ciphers
• Plaintext is written row by row in a rectangle.

• Ciphertext: write out the columns in an order specified by a key.

a t t a c k p
Key: 3 4 2 1 5 6 7 o s t p o n e
d u n t i l t
Plaintext:
wo a mx y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

59
Product Ciphers
• Uses a sequence of substitutions and transpositions
• Harder to break than just substitutions or transpositions
• This is a bridge from classical to modern ciphers.

60
Unconditional & Computational Security
• A cipher is unconditionally secure if it is secure no
matter how much resources (time, space) the attacker
has.
• A cipher is computationally secure if the best
algorithm for breaking it will require so much
resources (e.g., 1000 years) that practically the
cryptosystem is secure.
• All the ciphers we have examined are not
unconditionally secure.

61
An unconditionally Secure Cipher

Vernam’s one-time pad cipher

 Key = k1k2k3k4  (random, used one-time only)

 Plaintext = m1m2m3m4 

 Ciphertext = c1c2c3c4 
where ci  mi  ki

 Can be proved to be unconditionally sec ure.

62
Class Quiz(Class Exercise) 15%
1 By using Viegner ciphering (26X26 matrix)
Plaintext: ETHIOPIALIVESINTHEHORNOFAFRICA
KEY: WSU
2. By using the following Caeser ciphering (b) Railfence ciphering
Plaintext: MASTERINGINITREQUIRESSOFTSKILL
Key: 2
3. By using Hill cipher(nXn matrix)
Plaintext: WSU
Key: CONGRATUL
Steganography
• Hide a message in another message.

• E.g., hide your plaintext in a graphic image

• Each pixel has 3 bytes specifying the RGB color
• The least significant bits of pixels can be changed w/o greatly
affecting the image quality
• So can hide messages in these LSBs

• Advantage: hiding existence of messages

• Drawback: high overhead

64
 Different Types of Steganography
1. Text Steganography − There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter of each word.
2. Image Steganography − The second type of steganography is image steganography, which
entails concealing data by using an image of a different object as a cover. Pixel intensities are the
key to data concealment in image steganography.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it protects
against unauthorized reproduction. Watermarking is a technique that encrypts one piece of data
(the message) within another (the "carrier"). Its typical uses involve media playback, primarily
audio clips.
4. Video Steganography − Video steganography is a method of secretly embedding data or other
files within a video file on a computer. Video (a collection of still images) can function as the
"carrier" in this scheme. Discrete cosine transform (DCT) is commonly used to insert values that
can be used to hide the data in each image in the video, which is undetectable to the naked eye.
Video steganography typically employs the following file formats: H.264, MP4, MPEG, and
AVI.
5. Network or Protocol Steganography − It involves concealing data by using a network protocol
like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be used in the case of covert
channels, which occur in the OSI layer network model.
Steganography Examples Include
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a painting
they’ve done)
• Backward masking a message in an audio file (remember those stories of evil
messages recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a particular
frame rate
• Embedding a secret message in either the green, blue, or red channels of an
RGB image
• Watermarking
• Take a 640x480 (=30,7200) pixel image.
• Using only 1 LSB, can hide 115,200 characters
• Using 4 LSBs, can hide 460,800 characters.

67
Steganography vs Cryptography