Cryptography

•Cryptography is the science of using mathematics to encrypt and decrypt

data.

•Cryptography enables you to store sensitive information or transmit it across

insecure networks (like the Internet) so that it cannot be read by anyone
except the intended recipient.

•A cryptographic algorithm works in combination with a key-a word, number,

or phrase-to encrypt the plaintext.

•The same plaintext encrypts to different ciphertext with different keys. The
security of encrypted data is entirely dependent on two things: the strength of
the cryptographic algorithm and the secrecy of the key.
 Need for Security
•Protect data during their transmission.
•Guarantee that data transmission are authentic.
•Consider following examples:
•User A transmits a sensitive information file to user B. The unauthorized user
C is able to monitor the transmission and capture a copy of the file during its
transmission.
•While transmitting the message between two users, the unauthorized user
intercepts the message, alters its contents to add or delete entries, and then
forwards the message to destination user.

Interception means to prevent someone or something from continuing to a destination

 An interceptor (an
attacker) is an
unauthorized entity who
attempts to determine
the plaintext. He can see
the ciphertext and may
know the decryption
algorithm. He, however,
must never know the
decryption key.
Caesar Shift Cipher
FIGURE FIGURE
 Message Confidentiality
•Confidentiality is the best security policy.
•It assures that data is accessed by authorized entities only. No unauthorized
party can have access to the data.
•Accessing the data means to read, to print or just to know the existence of
data.
•If an unauthorized party succeeds in accessing the message, confidentiality
is no more maintained.
•To achieve confidentiality the message must be encrypted at the sender and
decrypted at the receiver.
 Message Confidentiality

Interception means to prevent someone or something from continuing to a destination

FIGURE
Security comes with the sense of preventing
For example, once an order is placed electronically, a purchaser
cannot deny the purchase order, if non-repudiation service was
enabled in this transaction.
Message Nonrepudiation

FIGURE
 Message Availability
•The principle of availability states that resources should be available to
authorized parties at all times.

•The information created and stored by an organization needs to be available

to authorized entities.

•Information is useless if it is not available. The unavailability of information is

just as harmful for an organization.

•Example: The situation can be difficult for a bank if the customer could not
access their accounts for transactions.
Goals of Secure System
 Encryption Techniques
•Symmetric Key encryption
One key is used for both encryption and decryption.
For a sender and receiver to communicate securely using Symmetric Key
encryption, they must agree upon a key and keep it secret between
themselves.
 Encryption Techniques
•Asymmetric Key encryption
It uses a pair of keys for encryption and decryption.
A public key, which encrypts data, and a corresponding private key (secret key) for decryption.
You publish your public key to the world while keeping your private key secret.
Private key has mathematical relationship with public key and it is computationally infeasible to deduce the
private key from the public key.
Anyone who has a public key can encrypt information but cannot decrypt it.
Only the person who has the corresponding private key can decrypt the information. No other key can be
used for decryption.
Digital Certificates
Digital Signatures
 Active and Passive attacks in
Information Security
• Active attacks involve some modification of the data stream or the creation of false
statements.
• Types of active attacks are as follows:
 Masquerade
 Modification of messages
 Replay
 Denial of Service
 Active and Passive attacks in
Information Security
 Masquerade

A masquerade attack takes place when

one entity pretends to be a different
entity.

Masquerade assaults may be performed

using the stolen passwords and logins,
with the aid of using finding gaps in
programs, or with the aid of using
locating a manner across the
authentication process.
 Active and Passive attacks in
Information Security
 Modification of messages

It means that some portion of a message

is altered or that message is delayed or
reordered to produce an unauthorized
effect. Modification is an attack on the
integrity of the original data.

For example, a message meaning

“Transfer 1 Lac from A to B” is modified
as “Transfer 1 Lac from A to C”.
 Active and Passive attacks in
Information Security
 Replay

In this attack, the basic aim of the

attacker is to save a copy of the data
originally present on that particular
network and later on use this data for
personal uses.

Once the data is corrupted or leaked it is

insecure and unsafe for the users.
 Active and Passive attacks in
Information Security
 Denial of Service

It prevents the normal use of

communication facilities. For example, an
entity may suppress all messages
directed to a particular destination.

Another form of service denial is the

disruption of an entire network either by
disabling the network or by overloading it
with messages so as to degrade
performance.
 Active and Passive attacks in
Information Security
• Passive attacks: A Passive attack attempts to learn or make use of information from the
system but does not affect system resources.
• The goal of the opponent is to obtain information that is being transmitted. Types of Passive
attacks are as follows:
 The release of message content
Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive
or confidential information. We would like to prevent an opponent from learning the contents
of these transmissions.
Traffic analysis –

The opponent could determine the location and identity of communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the nature
of the communication that was taking place.

The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an attacker would
have to access the SIP proxy (or its call log) to determine who made the call.
 Transposition Cipher
• A transposition cipher does not substitute one symbol for another (as in substitution
cipher), but changes the location of these symbols.

• It reorders (jumbles) the given plain-text to give the cipher-text.

• They are of two types: Keyed and Keyless Transposition Cipher.

 Keyless Transposition Cipher
• In this cipher technique, the message is converted to ciphertext by either of two
permutation techniques:
• a. Text is written into a table column-by-column and is then transmitted row-by-row.
• b. Text is written into a table row-by-row and is then transmitted column-by-column
• The first method (a) is also popularly known as Rail-fence cipher
• E.g. We need to send the message “DEFENDTHEEASTWALL”. Arranging into tables we get :

Now, the message is sent row-by-row. So Ciphertext is “DFNTEATALEEDHESWL”

(Note: the no. of rows is 2 by default, unless specified)
 Keyless Transposition Cipher
• Similarly for the (b) method, we can arrange the same above message into tables with four
columns.

The Data is then transmitted column-

by-column as “DNETLEDEWFTAAEHSL”
 Steganography
•Steganography is a method of hiding secret data, by embedding it into an audio, video,
image, or text file.

•It is one of the methods employed to protect secret or sensitive data from malicious
attacks.

•Cryptography and steganography are both methods used to hide or protect secret data.

• However, they differ in the respect that cryptography makes the data unreadable, or hides
the meaning of the data, while steganography hides the existence of the data.
 Steganography
•In layman’s terms, cryptography is similar to writing a letter in a secret language: people
can read it, but won’t understand what it means. However, the existence of a (probably
secret) message would be obvious to anyone who sees the letter, and if someone either
knows or figures out your secret language, then your message can easily be read.

•If you were to use steganography in the same situation, you would hide the letter inside a
pair of socks that you would be gifting the intended recipient of the letter. To those who
don’t know about the message, it would look like there was nothing more to your gift than
the socks. But the intended recipient knows what to look for, and finds the message hidden
in them.

•Cryptography is often used to supplement the security offered by steganography.

Cryptography algorithms are used to encrypt secret data before embedding it into cover
files.
 Steganography
•As the image depicts, both cover file(X) and secret message(M) are fed into steganographic
encoder as input. Steganographic Encoder function, f(X,M,K) embeds the secret message
into a cover file. Resulting Stego Object looks very similar to your cover file, with no visible
changes. This completes encoding. To retrieve the secret message, Stego Object is fed into
Steganographic Decoder.
 Steganography
•Secret key Steganography where the secret (stego) key is exchanged prior to
communication. This is most susceptible to interception. Secret Key Steganography
takes a cover message and embeds the secret message inside of it by using a secret
key (stego-key). Only the parties who know the secret key can reverse the process
and read the secret message.

•Public key Steganography where a public key and a private key is used for secure
Communication. The sender will use the public key during the encoding process and
only the private key, which has a direct mathematical relationship with the public
key, can decipher the secret message.
 Types of Steganography
•Image Steganography
•As the name suggests, Image Steganography refers to the process of hiding
data within an image file. The image selected for this purpose is called
the cover image and the image obtained after steganography is called
the stego image.

•An image is represented as a matrix in memory, with each entry representing

the intensity value of a pixel. In image steganography, a message is embedded
into an image by altering the values of some pixels, which are chosen by an
encryption algorithm. The recipient of the image must be aware of the same
algorithm in order to know which pixels he or she must select to extract the
message.
 Types of Steganography
•Image Steganography
 Types of Steganography
•Text Steganography:
• Text Steganography is hiding information inside the text files. It involves things like
changing the format of existing text, changing words within a text, generating random
character sequences or using context-free grammars to generate readable texts. Various
techniques used to hide the data in the text are:
Format Based Method
Random and Statistical Generation
Linguistic Method
 Types of Steganography
•Audio Steganography
•In audio steganography, the secret message is embedded into an audio signal which alters
the binary sequence of the corresponding audio file.

•It can be achieved easily as a typical 16-bit file has 216 sound levels, and a few levels
difference could not be detectable by the human ear.

•The sender embeds secret data of any type using a key in a digital cover file to produce a
stego file, in such a way that an observer cannot detect the existence of the hidden
message.

•Hiding secret messages in digital sound is a much more difficult process when compared to
others, such as Image Steganography. This method hides the data in WAV, AU, and even
MP3 sound files.
 Types of Steganography
•Video Steganography
•Video files are generally a collection of images and sounds, so most of the
presented techniques on images and - audio can be applied to video files too.

•The great advantage of video are the large amount of data that can be hidden
inside and the fact that it is a moving stream of images and sounds.

•The Video Steganography is nothing but a combination of Image Steganography

and Audio Steganography.

•Two main classes of Video Steganography include:

Embedding data in uncompressed raw video and compressing it later
Embedding data directly into the compressed data stream