UNIT-1

Symmetric
Cipher
Model
Outline
Introduction
Security Objectives
OSI Security Architecture
Security Attacks
Security Services
Security Mechanism
Symmetric Cipher Model
Cryptography
Cryptanalysis and Attacks
Substitution and Transposition Techniques
Introduction to Information & N/W Security
Information & Network Security
What is Information ?
The processed form of data or meaningful data is
called information. Basically, information is the
message that is being conveyed.

Data Process Informatio

n
What is Security ?
1. Computer Security : Generic name for the
collection of tools designed to protect data.
2. Network and Internet Security : Measures to
protect data during their transmission over a
collection of interconnected networks.
Key Security Objectives
Goal/Objectives of Security :
1. Confidentiality
2. Integrity
3. Availability
4. Authenticity
5. Accountability
Confidentiality
1. Confidentiality:
Data confidentiality: Assure confidential
information not made available to unauthorized
individuals.
Example : Individual files are locked and secured

Bob
Alice
Packet sniffing, illegal
copying

Attacker
Confidentiality
Privacy: Assure individuals can control what
information related to them is collected, stored,
distributed.
Privacy is the right of an individual to protect
personal or sensitive information.
Integrity
2. Integrity :
Data integrity: Assure information and programs
are changed only in a authorized manner.

Messa
ge

Bob
Alice Modifies the Messa
message, or ge
Inserts a new one.
How can Bob be sure
that message really
comes from Alice?

Attacker
Integrity
 System integrity: Assure system performs intended
function.
Availability
3. Availability :
Assure that systems work promptly and service is
not denied to authorized users.

www.amazon.com

User
Browser working Server down
Authenticity
4. Authenticity:
 The property of being genuine and being able to be
verified and trusted; confidence in the validity of a
transmission, a message, or message originator.
 This means verifying that each input arriving at the
system came from a trusted source.

Password + Verification = Access

Authenticity

Transfer Rs. 1,00,000

I am User From A to C.
A
User A
Bank

User C
Accountability
5. Accountability:
The security goal that generates the requirement
for actions of an entity to be traced uniquely to that
entity.
This supports nonrepudiation(assurance that
someone cannot deny something).

Transfer Rs.
1,00,000
User A to Bank

Bank
Impact of Security Breaches
Effectiveness of primary operations are
reduced
Example: Hackers compromised exam question
paper.
Financial loss
Example: The cost of repairing a company database
once it’s been compromised.
Damage to assets
Example: Hackers compromised Amazon Web
Services account and demanded a ransom. When
the company declined, the hacker started
destroying their resources.
Harm to individuals
Example: Hackers compromised patience database
 OSI Security Architecture
Systematic approach to define requirements for
security and approaches to satisfying those
requirements
The OSI (Open Systems Interconnection) security
architecture focuses on Security Attacks,
Mechanisms, and Services.
Security Attack: Any action that compromises the
security of information owned by an organization.
Security Mechanism: A process that is designed to
detect, prevent, or recover from a security attack.
Security Service: A communication service that
enhances the security of the data processing systems
and the information transfers of an organization.
Security Attacks
Security Attacks
A passive attack attempts to learn or make use
of information from the system but does not
affect system resources.
1. Release of message contents
2. Traffic analysis
Relatively hard to detect, but easier to prevent
An active attack attempts to alter system
resources or affect their operation.
1. Masquerade
2. Replay
3. Modification of messages
4. Denial of service.
 Relatively hard to prevent, but easier to detect
 1. Release of message contents (Passive Attack)

A telephone conversation, an electronic mail message,

and a transferred file may contain sensitive or
confidential information.
We would like to prevent an opponent from learning
the contents of these transmissions.
Attack on Confidentiality.
2. Traffic Analysis (Passive
Attack)

In such attacks, an attacker analyses the traffic and

observes the frequency and length of exchanged
messages. He uses all this information to predict the
nature of communication.
Studying the flow of "traffic" to find patterns of behaviour.
1. Masquerade Attack (Active Attack)

A masquerade takes place when one entity pretends to

be a different entity.
 A masquerade attack is an attack that uses a fake identity
to gain unauthorized access to personal information.
 Attack on Authentication.
2. Replay Attack (Active Attack)

Replay attack involves the passive capture of a

data unit and its subsequent retransmission to
produce an unauthorized effect.
Replay attack is to replay the message sent to a
network by an attacker, which was earlier sent by
3. Modification of messages Attack
(Active Attack)

Modification of messages simply means that some

portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect.
Attack on Integrity.
4. Denial of Service Attack (Active Attack)

The denial of service attack prevents the normal use

or management of communications facilities.
Sending large number of packets to block the server.
Attack on Availability.
Security Services
Security Services (X.800)
X.800 standard defines a security service as a
service that is provided by a protocol layer of
communicating open systems and that ensures
security of the systems or of data transfers.
 Security
Services

Data
Authenticatio Access Non
Confidentialit Data Integrity
n Control Repudiation
y

Peer Entity Connection Connection Non

Authenticatio Confidentialit Integrity with Repudiation
n y recovery Origin

Connection
Data Origin Connection Non
less
Authenticatio Integrity with Repudiation
Confidentialit
n out recovery Destination
y
Selective Selective
Repeat Field
Confidentialit Connection
y Integrity

Traffic Flow
Connection
Confidentialit
less Integrity
y

Selective
Field
Connection
Authentication
Authentication is the assurance that the
communicating entity is the one that it claims to
be.
1. Peer Entity Who you
Authentication: Used in are ?
association with a logical (biometrics)
connection (TCP) to provide
confidence in the identity Physical
of the entities connected. authenticatio
n
2. Data-Origin where you
Authentication: In aWhat
areyou
? know ?
connectionless (UDP)Password
transfer, providesOne-time Password(OT
assurance that the source
of received data is as
 Security
Services

Data
Authenticatio Access
Confidentialit Data Integrity Non Repudiation
n Control
y

Peer Entity Connection Connection Non

Authenticatio Confidentialit Integrity with Repudiation
n y recovery Origin

Connection
Data Origin Connection Non
less
Authenticatio Integrity with Repudiation
Confidentialit
n out recovery Destination
y
Selective Selective
Repeat Field
Confidentialit Connection
y Integrity

Traffic Flow
Connection
Confidentialit
less Integrity
y

Selective
Field
Connection
Access Control
Access control is the prevention of
unauthorized use of a resource
This service controls who can have access to a
resource, under what conditions access can
occur, and what those accessing the resource are
allowed to do.

User A

User B
Human resources Development
network network
 Security
Services

Data
Authenticatio Access Non
Confidentialit Data Integrity
n Control Repudiation
y

Peer Entity Connection Connection Non

Authenticatio Confidentialit Integrity with Repudiation
n y recovery Origin

Connection
Data Origin Connection Non
less
Authenticatio Integrity with Repudiation
Confidentialit
n out recovery Destination
y
Selective Selective
Repeat Field
Confidentialit Connection
y Integrity

Traffic Flow
Connection
Confidentialit
less Integrity
y

Selective
Field
Connection
Data Confidentiality
Data confidentiality is the protection of data
from unauthorized disclosure.
1. Connection
Confidentiality: The
protection of all user data on
a connection.
2. Connectionless
Confidentiality: The
protection of all user data in a
single data block.
3. Selective-Field
Confidentiality: The
confidentiality of selected
fields within the user data on
a connection or in a single
data block.
4. Traffic-Flow
 Security
Services

Data
Authenticatio Access Non
Confidentialit Data Integrity
n Control Repudiation
y

Peer Entity Connection Connection Non

Authenticatio Confidentialit Integrity with Repudiation
n y recovery Origin

Connection
Data Origin Connection Non
less
Authenticatio Integrity with Repudiation
Confidentialit
n out recovery Destination
y
Selective Selective
Repeat Field
Confidentialit Connection
y Integrity

Traffic Flow
Connection
Confidentialit
less Integrity
y

Selective
Field
Connection
Data Integrity
 Data integrity is the assurance that data
received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion,
deletion, or replay).
Channel

Alice Bob

Both are
same
Data Integrity (Cont…)
Connection Integrity with Recovery: Provides
integrity of all user data on a connection and
detects any modification, insertion, deletion, or
replay of any data with recovery attempted.
Connection Integrity without Recovery: As
above, but provides only detection without
recovery.
Selective-Field Connection Integrity: Provides
integrity of selected fields within the user data and
takes the form of determination of whether the
selected fields have been modified, inserted,
deleted, or replayed.
Data Integrity (Cont…)
Connectionless Integrity: Provides integrity of a
single connectionless data block and may take the
form of detection of data modification.
Additionally, a limited form of replay detection
may be provided.
Selective-Field Connectionless Integrity:
Provides integrity of selected fields within a single
connectionless data block; takes the form of
determination of whether the selected fields have
been modified.
 Security
Services

Data
Authenticatio Access Non
Confidentialit Data Integrity
n Control Repudiation
y

Peer Entity Connection Connection Non

Authenticatio Confidentialit Integrity with Repudiation
n y recovery Origin

Connection
Data Origin Connection Non
less
Authenticatio Integrity with Repudiation
Confidentialit
n out recovery Destination
y
Selective Selective
Repeat Field
Confidentialit Connection
y Integrity

Traffic Flow
Connection
Confidentialit
less Integrity
y

Selective
Field
Connection
Non Repudiation
Nonrepudiation is the assurance that someone
cannot deny something.
Typically, nonrepudiation refers to the ability to
ensure that a communication cannot deny the
authenticity of their signature on a document or
the sending of a message that they originated.
Transfer Rs. 1,00,000
to Bank
After few
User days I have never
A requested to transfer
Rs. 1,00,000
to Bank Bank
Non Repudiation (Cont…)
Nonrepudiation-Origin: Proof that the message
was sent by the specified party.
Nonrepudiation-Destination: Proof that the
message was received by the specified party.
Security Mechanisms
Security Mechanisms (X.800)
Techniques designed to prevent, detect or
recover from attacks
No single mechanism can provide all services
Common in most mechanisms: cryptographic
techniques
Specific security mechanisms: Integrated into
the appropriate protocol layer in order to provide
some of the OSI security services.
Pervasive security mechanisms: Not
integrated to any particular OSI security service
or protocol layer
Security Mechanism (Specific security)
Encipherment: Hiding or covering data using
mathematical algorithms.
Digital Signature: The sender can electronically
sign the data and the receiver can electronically
verify the signature.
Access Control: A variety of mechanisms that
enforce access rights to resources.
Data Integrity: A variety of mechanisms used
to assure the integrity of a data unit or stream of
data units.
Security Mechanism (Specific security)
Authentication Exchange: Two entities
exchange some messages to prove their identity
to each other.
Traffic Padding: The insertion of bits into gaps
in a data stream to frustrate traffic analysis
attempts.
Routing Control: Selecting and continuously
changing routes between sender and receiver to
prevent opponent(attacker) from eavesdropping.
Notarization: The use of a trusted third party to
assure and control the communication.
Model for Network Security
Trusted third party
(e.g., arbiter,
distributer
of secret
information)
Send Recipie
er Security - Info. Security - nt

Messag

Messag
Messag

Messag Chann

Secure
related
Secure
related
Transformation el Transformation

e
e

Secret Secret
Informati Oppone Informati
on nt on
(Attacke
r)
Encryption and Decryption

Send Hell Encrypti f7# Decrypti Hell Receiv

er o on er on o er
Symmetric Cipher Model (Conventional
Encryption)
Secret key Secret key
shared by sender shared by sender
and recipient and recipient
K K
Transmitte
d
cipher
text
X X
Plainte Encryption Y = E(K, X) Decryption Plainte
xt Algorithm Algorithm xt
input (e.g. AES) (reverse of output
 Decryption
Plaintext
The secret
Ciphertext
An original is the
keyoriginal
isis also
algorithm
is the
message scrambled
known input toencryption
isintelligible
essentially
message
as the message
the
the or while
data
encryption
produced
plaintext, as
algorithm)
that is fed run
algorithm.
algorithm
output.
the coded intointhe
message algorithm
reverse. as input.
is called the ciphertext.
 It
Encryption
The key
takes
depends isthe
process aon
value algorithm
independent
ciphertext
ofthe plaintext
converting and ofperforms
thethe
and plaintext
from the plaintext
secret
secret key
tokey. various
and of
and
ciphertext
 produces
substitutions
the
Theknown
is as and
algorithm.
the
ciphertext istransformations
originalanplaintext.
enciphering apparently on the plaintext.
random
or encryption; stream
restoringof
 The
the algorithm
dataplaintext
and, as itfrom will
stands,theisproduce a is different
unintelligible.
ciphertext deciphering output
or
depending
decryption. on the specific key being used at the time.
Terminology
Plaintext: original message
Ciphertext: encrypted or coded message
Encryption: convert from plaintext to ciphertext
(enciphering)
Decryption: restore the plaintext from ciphertext
(deciphering)
Key: information used in cipher known only to
sender/receiver
Cipher: a particular algorithm (cryptographic system)
Cryptography: study of algorithms used for encryption
Cryptanalysis: study of techniques used for decryption
without knowledge of plaintext
Cryptology: areas of cryptography and cryptanalysis
Cryptography and Cryptanalysis
Cryptography(Secret Writing) is the process
of protecting information by transforming it into a
secure (unreadable) format.
Hello Cryptograp $!dzx
hy

Cryptanalysis is the decryption and analysis of

encrypted text. Cryptanalysis uses mathematical
formulas to search algorithm vulnerabilities and
break$!dzx
into cryptography.
Cryptanaly Hello
sis
Requirements and Assumptions
Requirements for secure use of symmetric
encryption:
1. Strong encryption algorithm: Given the
algorithm and cipher text, an attacker cannot
obtain key or plaintext.
2. Shared secret keys: sender and receiver both
have shared a secret key; no-one else knows the
key(keep it secret).
Assumptions:
 Cipher is known
 Secure channel to distribute keys
Cryptanalysis and Brute-Force Attack
Objective of attacker: recover key (not just
message)
Approaches of attacker:
Cryptanalysis: This type of attack exploits the
characteristics of the algorithm to attempt to
derive a specific plaintext or to derive the key
being used.
Brute-force attack: The attacker tries every
possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained.
On average, half of all possible keys must be
tried to achieve success.
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Ciphertext Encryption algorithm, Ciphertext
Only
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Known Encryption algorithm, Ciphertext, One or more
Plaintext plaintext-cipher text pairs formed with the secret
key
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Chosen Encryption algorithm, Ciphertext, Plaintext
Plaintext message chosen by cryptanalyst
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Chosen Encryption algorithm, Ciphertext, Ciphertext
Ciphertext chosen by cryptanalyst, with its corresponding
decrypted plaintext generated with the secret key
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attacktext
Chosen Encryption algorithm, Ciphertext, Plaintext chosen
by cryptanalyst, with its corresponding ciphertext
generated with the secret key , Ciphertext chosen
by cryptanalyst, with its corresponding decrypted
plaintext generated with the secret key
Substitution Techniques
A substitution technique is one in which the letters of
plaintext are replaced by other letters or by numbers or
symbols.
If plaintext viewed as sequence of bits, replace
plaintext bit patterns with ciphertext bit patterns.
1. Caesar Cipher
2. Monoalphabetic
Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
1. Caesar Cipher
The Caesar Cipher involves replacing each
letter of the alphabet with the letter standing
three places further down the alphabet.
For encryption algorithm is:
C = E(3, P) = (P + 3)
mod 26
For decryption algorithm is:
P = D(3, C) = (C - 3)
mod 26
Caesar Cipher (Cont…)
 Let us assign a numerical equivalent to each letter
a b c d e f g h
k i
l m j
0 1 2 3 4 5 6 7 8
10 11 12 9
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

C = E(3, P) = (P + 3) mod 26
Plain: a b c d e f g h i j k l m n o p q r s t u v w
x y z
Cipher: d e f g h i j k l m n o p q r s t u v w x y z
Example:
a b c
Plaintext: THE QUICK BROWN FOX
Ciphertext: WKH TXLFN EURZQ IRA
Caesar Cipher (Cont…)
 Generalised Caesar Cipher
 Allow shift by k positions.
 Encryption : C = E(K, P) = (P + K)
mod 26

 Decryption : P = D(K, C) = (C - K)
mod 26

Modulo for negative number is = N- (B%N)

Example :
-11 mod 26 = 15
26-(11%26) = 15
Caesar Cipher Examples
1. Plaintext: 2. Cipher: exxegoexsrgi
networksecurity
Key: uladvyrzljbypaf
7 Key: attackatonce
4
3. Cipher:
Cipher: kyzj dvjjrxv zj vetipgkvu
Key: 17 Plaintext :

Plain: this message is

4. Plain: encrypted
information security
Key: l
Cipher:tyqzcxletzy dpnfctej
Brute force attack on Caesar
Cipher
The encryption and decryption algorithms are
known.
There are only 25 keys to try, e.g. k=1, k=2, …
The language of the plaintext is known and easily
recognizable.
Brute force attack on Caesar
Cipher
Ciphertext: ZNK WAOIQ HXUCT LUD
Key Transformed text Key Transformed text
1 YMJ VZNHP GWTBS KTC 14 LZW IMAUC TJGOF XGP
2 XLI UYMGO FVSAR JSB 15 KYV HLZTB SIFNE WFO
3 WKH TXLFN EURZQ IRA 16 JXU GKYSA RHEMD VEN
4 VJG SWKEM DTQYP HQZ 17 IWT FJXRZ QGDLC UDM
5 UIF RVJDL CSPXOGPY
18 HVS EIWQY PFCKB TCL
6 THE QUICK BROWN FOX
19 GUR DHVPX OEBJA SBK
7 SGD PTHBJ AQNVM ENW
8 RFC OSGAI ZPMUL DMV 20 FTQ CGUOW NDAIZ RAJ
9 QEB NRFZH YOLTK CLU 21 ESP BFTNV MCZHY QZI
10 PDA MQEYG XNKSJ BKT 22 DRO AESMU LBYGX PYH
11 OCZ LPDXF WMJRI AJS 23 CQN ZDRLT KAXFW OXG
12 NBY KOCWE VLIQH ZIR 24 BPM YCQKS JZWEV NWF
13 MAX JNBVD UKHPG YHQ 25 AOL XBPJR IYVDU MVE
Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
2. Monoalphabetic Cipher (Simple substitution)
It is an improvement to the Caesar Cipher.
Instead of shifting the alphabets by some
number, this scheme uses some permutation of
the letters in alphabet.
Use a single
Plain: alphabet
a b c d e f g hfor
i both
j k l plaintext
m n o p q and
r s t u v w
x y z text.
cipher
Cipher: y n l k x b s h m i w d p j r o q v f e a u g
t z c
Example:
decrypstion
Cipher: kxlvzofemrj
Plaintext:
Try Brute force attack :
With 26 letters in alphabet, the possible
permutations are 26! Keys (>4x1026)
Attack on Monoalphabetic Cipher
The relative frequencies of the letters in the
ciphertext (in %) are

Ciphertext:
uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvuephzh
mdzshzowsfpappdtsvpquzwymxuzuhsxepyepopdzszufpombzwp
fupzhmdjudtmohmq
 In our ciphertext, the most common digram is ZW,
which appears three times. So equate Z with t, W
with h and P with e.
 Now notice that the sequence ZWP appears in the
ciphertext, and we can translate that sequence as
Attack on Monoalphabetic Cipher (Cont…)
If the cryptanalyst knows the nature of the
plaintext, then the analyst can exploit the
regularities of the language.
The relative frequency of the letters can be
determined and compared to a standard
frequency distribution for English.
If the message were long enough, this technique
alone might be sufficient, but because this is a
relatively short message, we cannot expect an
exact match.
Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
3. Playfair Cipher
The Playfair algorithm is based on a 5 × 5 matrix
(key) of letters.
The matrix is constructed by filling in the letters
of the keyword (minus duplicates) from left to
right and from top to bottom, and then filling in
the remainder of the matrix with the remaining
O letters
letters in alphabetic order. The C U IRandE J
Example:
count as one letter. N A B D F
Keyword=
OCCURRENCE G H I/J K L
Plaintext= TALL M P Q S T
TREES
V W X Y Z
Playfair Cipher - Encrypt Plaintext
Operate on pair of letters (digram) at a time.
Special: if digram with same letters appears,
separate by special letter (e.g. x)
Plaintext= TALL
TREES
Plaintext= TA LX LT RE ES
If there is an odd number of letters, then add
uncommon letter to complete digram, a X/Z may
be added to the last letter.
Plaintext= NETWORK
Plaintext= NE TW OR KX
Playfair Cipher - Encrypt Plaintext
Map each pair in key matrix
O C U R E
Plaintext: TA LX LT RE
ES
Ciphertext: PF IZ TZ EO N A B D F
RT G H I/J K L
M P Q S T
V W X Y Z
 If the
the letters
the lettersappear
letters are onon
appear ondifferent
the
thesame rows
same row, and
column, columns,
replacereplace
them
replace
with
themthe withthem thewith
letters the immediately
letters
to their letters on other
immediate right corner
below, of the
respectively,
wrapping
same
aroundrow.
wrapping to the
around
top if to
necessary.
the left side of the row if
 The order is using
necessary.
For example, important - theabove,
the table first letter of the
the letter pairpair
LT
 should
For
would beencoded
example,
be replaced
usingasfirst.
the
TZ.table above, the letter pair
 For example,
RE would using the
be encoded as table
EO. above, the letter pair
TA would be encoded as PF.
Playfair Cipher - Is it Breakable?
Better than monoalphabetic: relative frequency
of digrams much less than of individual letters.
But relatively easy (digrams, trigrams, expected
words)
Playfair Cipher Examples
1. Key= “engineering ” Plaintext= “test this
process ”
2. Key= “keyword ” Plaintext= “come to
the window”
E N G I R Encrypted K E Y W Encrypted
3. Key=
A B C “moonmission
D F Message:” Plaintext=
O “greet ”
Message:
H K L M O pi tu pm gt ue R D A B Lc nk zk vf yo
P Q S T U lf gp xg C gq ce bw
V W X Y Z F G H I
M O N I S Encrypted L
A B C D E Message: M N P Q
F G H K L hq cz du S
P Q R T U T U V X
V W X Y Z Z
Playfair Cipher Examples
4. Key: EXAMPLE
Ciphertext: UA ARBED EXAPO PR QNX AXANR
E X A M P
L B C D F
G H I/J K N
O Q R S T
U V W Y Z

Pair: UA AR BE DE XA PO PR QN XA XA NR
Plaintext: we wi lx lm ex et at th ex ex it
Plaintext: we wilxl mexet at thex exit
Plaintext: we will meet at the exit
Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
4. Hill Cipher
Hill cipher is based on linear algebra
Each letter is represented by numbers from 0 to
25 and calculations are done using modulo 26.
Encryption and decryption can be given by the
following formula:
C=PK mod
Encryption: 26

P=CK-1 mod
Decryption: 26
Hill Cipher Encryption
To encrypt a message using the Hill Cipher we
must first turn our keyword and plaintext into a
matrix (a 2 x 2 matrix or a 3 x 3 matrix, etc).
Example: Key = “HILL”,
Plaintext
a b c= “EXAM”
d e f g
h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
Hill Cipher Encryption (Cont…)

C=PK mod
26

Ciphertext =
“ELSC”
Hill Cipher Decryption
P=CK-1 mod
26
Step 1: Find Inverse of key matrix
Step 2: Multiply the Multiplicative Inverse of the
Determinant by the Adjoin Matrix
Step 3: Multiply inverse key matrix with ciphertext
matrix to obtain plaintext matrix
Step 1: Inverse of key matrix
2 X 2 inverse of
matrix

3 X 3 inverse of
matrix
Step 1: Inverse of key matrix

 -11 mod 26 = 15
 Because, modulo for
negative number is = N-
(B%N)
= 26 – (11%26)
Step 2: Modular (Multiplicative)
inverse
The inverse of a number A is 1/A since A * 1/A = 1
e.g. the inverse of 5 is 1/5
In modular arithmetic we do not have a division
operation.
The modular inverse of A (mod C) is A -1
(A * A-1) ≡ 1 (mod C)
Example:
The modular inverse of A mod C is the B value that
makes
A * A-1 mod C = 1
A = 3, C = 11
Since (3*4) mod 11 1= 1, 4 is modulo inverse of 3
A = 10, C = 17 , A-12
=?
Step 2: Modular (Multiplicative) inverse

Determinants’ multiplicative inverse Modulo 26

1 1 1 1 2 2 2
Determinant 1 3 5 7 9
1 5 7 9 1 3 5

Inverse Modulo 2 1 1 2 1 1 2
1 9 3 7 5
26 1 5 9 3 1 7 5
Step 2: Multiply with adjoin of
matrix

X%Y = X-(X/Y)*Y
77%26 = 77-
(77/26)*26
= 77-(2)*26
= 77-52
= 25
Hill Cipher Encryption (Cont…)

P=CK-1 mod
26

Plaintext =
“EXAM”
Hill Cipher Examples
1. Key: Hill Plaintext: short example
Ciphertext: APADJ TFTWLFJ
2. Key: ACBA Plaintext: DR GREER ROCKS
(A=1, B=2, … )
Ciphertext: FZIFTOTBXGPO
3. Key:DACB Ciphertext: SAKNOXAOJ
(A=1,B=2,…)
Plaintext: WELOVEMATH
Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
5. Polyalphabetic Cipher
Monoalphabetic cipher encoded using only one
fixed alphabet
Polyalphabetic cipher is a substitution cipher
in which the cipher alphabet for the plain
alphabet may be different at different places
during the encryption process.
1. Vigenere cipher
2. Vernam cipher
Plaintext

K
e
y

PT =
HELLO
KEY =
GMGMG
CT =
NQRXU
Vigenere Cipher
Keyword : DECEPTIVE Key must be
Key : DECEPTIVEDECEPTIVEDECEPTIVE as long as
plaintext else
Plaintext : WEAREDISCOVEREDSAVEYOURSELF repeat a
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ keyword

An analyst looking at only the ciphertext would detect the

repeated sequences VTW at a displacement of 9 and make the
assumption that the keyword is either three or nine letters in
length.
This system
Keyword : DECEPTIVE is referred
Key : DECEPTIVEWEAREDISCOVEREDSAV as an auto
Plaintext : WEAREDISCOVEREDSAVEYOURSELF key system
Vigenere Cipher
Multiple ciphertext letters for each plaintext
letter.
Weakness is repeating, structured keyword.
Example:
Plaintext: internet technologies
Key: cryptography
kertkbkk ttjfpfjdzm
Cipher using standard algorithm:
kertkbkk ttjfvbesxl
Cipher using auto key system:
Vernam Cipher
The ciphertext is generated by applying the
logical XOR operation to the individual bits of
plaintext and the key stream.
Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
6. One time pad
Similar to Vigenere, but use random key as long
as plaintext.
Only known scheme that is unbreakable
(unconditional security)
Ciphertext has no statistical relationship with
plaintext.
Given two potential plaintext messages, attacker
cannot identify the correct message.
Two practical limitations:
1. Difficult to provide large number of random keys
2. Distributing unique long random keys is difficult
One time pad
Attacker knows the ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPL
UYTS
Attacker tries all possible keys.
Two examples:
key1:
pxlmvmsydofuyrvzwctnlebnecvgdupahfzzlmnyih
Plaintext1: mr mustard with the candlestick in
the hall
key2:
mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhw
t
Plaintext2: miss scarlet with the knife in the
Transposition Techniques
A transposition cipher does not substitute one
symbol for another, instead it changes the
location of the symbols.
The simplest such cipher is the rail fence
technique, in which the plaintext is written down
as a sequence of diagonals and then read off as a
sequence of rows.
For example, to send the message “Meet me at
M E M A T E A K
the park”
E
to
T Bob, Alice
E
writes
T H P R

 She then creates the ciphertext:

MEMATEAK
ETETHPR
Rail Fence Transposition
Easy to break: letter frequency analysis to
determine depth.
Example:
Plaintext: internettechnology
Depth: 3
IRTNGNENTEHOOYTECL
Cipher:
I R T N G
N E N T E H O O Y
T E C L
Rows/Columns Transposition
Plaintext letters written in rows.
Ciphertext obtained by reading column-by-
column, but re-arranged.
Key determines order of columns to read.

Key: 4 3 1 2 5 6 7
Plaintext: A T T A C K P
O S T P O N E
D U N T I L T
W O A M X Y Z
Ciphertext:TTNAAPTMTSUOAODWCOIXKNLYPETZ
Easy to break using letter frequency (try different
column orders)
Rows/Columns Transposition
Transposition ciphers can be made stronger by
using multiple stages of transposition
Plaintext: securityandcryptography
Key: 315624
Ciphertext:
EYYARDOYSTRRICGCAPPUNTH
Transpose again using same key:
Ciphertext:
YYCURRAHEOIPDRPYSGNATCT
Cryptographic Algorithms
 Cryptographic algorithms and protocols can be
grouped into four main areas
Cryptographi
c algorithms
and protocols

Symmetric Asymmetric Data integrity Authenticatio

encryption encryption algorithms n protocols

 Data integrity
Authentication
Symmetric
Asymmetric algorithms
Protocols
encryption
encryption used used
are
used to conceal
to secure
to protect
schemes blocks
thebased on
contents
small
of
thedata,
blocks
blockssuch
useof of
or as
data, messages,
cryptographic
streams
such of from
as data ofalteration.
algorithms
encryptionany keysdesigned
size, and to
including
hash
authenticate
messages,
function thewhich
values,
files, identity
areofused
encryption entities.
keys,inand
digital
passwords
signatures.
Threat and Attack
Threat: A potential for violation of security,
which exists when there is a circumstance,
capability, action, or event that could crack
security and cause harm. That is, a threat is a
possible danger that might exploit a vulnerability.
Attack: An violation on system security that
derives from an intelligent threat; that is, an
intelligent act that is a calculated attempt to
avoid security services and violate the security
policy of a system.