CST433 SECURITY IN COMPUTING

MODULE I

1
 Module 1
(Basics of Security and Traditional Cryptosystems)
OSI security architecture – Security attacks, Services,
Mechanisms. Cryptography vs Cryptanalysis. Classical
encryption techniques – Symmetric cipher model.
Substitution ciphers – Monoalphabetic vs
Polyalphabetic ciphers, Caesar cipher, Affine cipher,
Playfair cipher, Vigenere cipher, Hill cipher.
Transposition ciphers – Keyless, Keyed, Double
transposition
2
 Module 2
(Modern Symmetric Key Cryptosystems)
Symmetric key ciphers – Block vs Stream ciphers, Block
cipher components, Product ciphers, Feistel and
Non-Feistel ciphers. Data Encryption Standard (DES)
– Structure, Key generation, Design criteria,
Weaknesses, Double DES, Triple DES. Advanced
Encryption Standard (AES) – Structure, Key
expansion. Block cipher modes of operation –
Electronic Codebook Mode (ECB), Cipher Block
Chaining Mode (CBC), Cipher Feedback Mode (CFB),
Output Feedback Mode (OFB), Counter Mode (CTR).
Stream ciphers – Structure, RC4.
3
 Module 3
(Public Key Cryptosystems)
Introduction to public key cryptosystems –
Principles, Applications, Requirements,
Conventional vs Public key cryptosystems. RSA
cryptosystem – Algorithm, Security, Attacks.
ElGamal cryptosystem – Algorithm. Diffie-
Hellman key exchange – Algorithm, Man-in-
the-middle attack. Elliptic Curve Cryptography
(ECC) – ElGamal ECC, Key exchange using ECC .
4
 Module 4
Message Integrity and Authentication)
(

Hash functions – Security requirements, Secure

Hash Algorithm (SHA-512). Message
Authentication Code (MAC) – Requirements,
Uses, Hash-based MAC (HMAC), Cipher-based
MAC (CMAC). Digital signatures – Attacks,
Forgeries, Requirements, Direct vs Arbitrated
digital signatures, RSA digital signature,
ElGamal digital signature, Digital Signature
Standard (DSS).
5
 Module 5
(Key Distribution and System Security)
Key management – Distribution of secret keys
using symmetric and asymmetric encryption,
Distribution of public keys. System security –
Intruders, Intrusion detection techniques,
Password management. Malicious software –
Viruses, Related threats, Countermeasures.
Distributed Denial of Service (DDoS) attacks –
Types, Countermeasures.

6
7
MODULE I

8
 Definitions
• Computer Security
– Generic name for the collection of tools
designed to protect data and to defeat hackers
• Network Security
– Measures to protect data during their
transmission
• Internet Security
– Measures to protect data during their
transmission over a collection of interconnected
networks

9
 OSI Security Architecture
• “Security Architecture for OSI”
– A systematic way of defining and providing
security requirements

10
 Aspects of Security
• 3 aspects of information security:
– security attack
– security mechanism
– security service
• terms
– threat – a potential for violation of security
– attack –a deliberate attempt to evade
security services

11
Security Attack: Any action that compromises the
security of information.
Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
Security Service: A service that enhances the
security of data processing systems and
information transfers.
A security service makes use of one or more
security mechanisms.

12
Security Attacks

Kavitha N 13 13
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than
detection
• By means of encryption
14
 Passive Attacks (1)
Release of Message Contents

15
Passive Attacks (2)
Traffic Analysis

16
• Active attacks try to alter system resources or affect
their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade
– Replay
– Modification of messages
– Denial of service: preventing normal use
• Difficult to prevent
– The goal is to detect and recover

17
Active Attacks (1)
Masquerade

18
Active Attacks (2)
Replay

19
 Active Attacks (3)
Modification of Messages

20
Active Attacks (4)
Denial of Service

21
 Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modfication: This is an attack on
integtrity
• Fabrication: This is an attack on
authenticity

N
22
Security Attack
Classification

23
 Security Service
– enhance security of data processing
systems and information transfers of an
organization
– intended to counter security attacks
– using one or more security mechanisms

24
3 Primary Security
Goals

Fundamental security objectives for both data and

information/computing services
25
 Security Services (X.800)
• Authentication - assurance that communicating
entity is the one claimed
• Access Control - prevention of the unauthorized use
of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as
sent by an authorized entity
• Non-Repudiation - protection against denial by one
of the parties in a communication
• Availability – resource accessible/usable
26
 Security Mechanism
• feature designed to detect, prevent, or recover
from a security attack
• no single mechanism that will support all
services required
• One mechanism
– cryptographic techniques
• our focus on this topic

27
 Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment,
– digital signatures,
– access controls,
– authentication exchange

28
 Model for Network Security
• communication across internet
• Techniques for providing security have 2
components
–Transformation of infmn
–Some secret infmn shared by sender and
receiver, unknown to opponent
Trusted third party is needed to achieve secure
transmission
Kavitha N 29 29
Kavitha N 30 30
 Model for Network Security…

• 4 basic tasks in designing a particular security service.

1. Design an algm for performing transformation

2. Generate the secret infmn to be used with algm

3. Develop methods for the distribution and sharing of the

secret infmn.

4. Specify a protocol to be used by the two principals.

Kavitha N 31 31
 SECURITY MECHANISM
Definition

• A mechanism that is designed to detect, prevent or

recover from a security attack.

• Aim is to make it difficult to access the information

for unauthorized users.
• Most common mechanism is cryptographic
techniques.
Kavitha N 32 32
 Cryptographic Techniques

• Secret-Key cryptography
• Public-Key
• One-way functions
• Digital Signatures

Kavitha N 33 33
 Secret-Key cryptography

• Letters are replaced by a different letters.

• Uses Encryption key and Decryption key .
• Decryption key is provided to receiver.

Kavitha N 34 34
 Public-Key Cryptography
• Everyone picks a public key and a private key.
• Public key: Encryption key
Private key: Decryption key
• Public key is published.
• Sender encrypts with receiver’s public key.
• Receiver decrypts with his private key.

Kavitha N 35 35
 One-Way Functions

• A unique function f is decided.

• Given the function f and its parameter,
computing y=f(x) is easy, but not the other
way round.

Kavitha N 36 36
 Digital Signatures

• They make it possible to sign messages and other

documents such that they cannot be repudiated by the
sender later.
• Documents are run through hash functions.

Kavitha N 37 37
CRYPTOGRAPHY

38
 Introduction
Greek: “krypto” = hide
 Cryptology – science of hiding

 Cryptography– hide meaning of a message.

 Steganography– hide existence of a message

 Cryptography – secret writing

 Cryptanalysis – analyzing (breaking) secrets .

Cryptanalysis is what attacker does
39
 Introduction…

Decipher or Decryption is what actual receiver

does
Cryptography is a branch of mathematics.

40
 Cryptographic goals
 Confidentiality:
 ensuring that information is accessible only to
those authorized to have access
 Data integrity:
 ensuring that the data is correct and complete
 Authentication:
 ensuring that the user who attempts to access
information or perform functions in a system is
the user who is authorized to do so.
41
 Cryptographic goals…

Non-repudiation:
 the sender and the recipient were, in fact,
the parties who claimed to send or receive the
message
non-repudiation of origin proves that data has
been sent
non-repudiation of delivery proves it has been
received.
42
 Classification of Cryptography

Number of keys used

 Hash functions: no key
 Secret (symmetric) key cryptography: one key
 Public key cryptography: two keys - public, private
Type of encryption operations used
 substitution / transposition / product
Way in which plaintext is processed
 block / stream
43
 Symmetric Encryption

or conventional / private-key / single-key

“ciphers”
sender and recipient share a common key
all classical encryption algorithms are private-
key encn
was only type prior to invention of public-key in
1970’s
44
 Encryption & Decryption -Basic
Terminology
plaintext - the original message
ciphertext - the coded message
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from
plaintext
45
 Encryption & Decryption -Basic
Terminology…

cryptography - study of encryption

principles/methods
cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext
without knowing key
cryptology - the field of both cryptography and
cryptanalysis
46
Symmetric Cipher Model
48
 Requirements-symmetric key
encryption:
Two requirements:
 a strong encryption algorithm
 a secret key known only to sender and
receiver
 Y = EK(X)
 X = DK(Y)

49
 cryptanalysis
2 general approaches
1. Cyptanalysis: rely on
- the nature of the algorithm
-Some knowledge of the plain text characteristics
-some known plain text –cypher text pairs
2. Brute-force attack
-tries every possible key on a piece of cipher text ,
- on average half of all possible keys must be tried

50
 Cryptanalysis…
• various types of cryptanalytic attacks based on
the amount of information known to the
cryptanalyst
• brute-force approach is trying all possible keys.
• If the key space is very large, this becomes
impractical.
• the opponent must rely on an analysis of
the ciphertext itself, generally applying various
statistical tests to it.
51
 Cryptanalysis…
• the opponent must have some general idea of
the type of plaintext that is concealed.
• such as English or French text, an EXE file, a Java
source listing, an accounting file, and so on.

52
53
54
 More Definitions
• unconditionally secure
– no matter how much computer power is available,
the cipher cannot be broken since the ciphertext
provides insufficient information to uniquely
determinehe corresponding plaintext
• computationally secure
• The cost of breaking the cipher exceeds the value of
the encrypted information.
• The time required to break the cipher exceeds the
useful lifetime of the information.
 Symmetric-key ciphers
 Stream cipher
takes the plaintext string and produces a
ciphertext string using key stream
 Block cipher
breaks up the plaintext into blocks of a fixed
length, and then
encrypts one block at a time.
Stream cipher is specific case of block cipher
with the size of 1

56
Symmetric Cipher Model

57
 Substitution Ciphers
Letters of plaintext are replaced by other
letters or by numbers or symbols

Plaintext is viewed as a sequence of bits,

then substitution replaces plaintext bit
patterns with ciphertext bit patterns

58
 Caesar Cipher

Earliest known substitution cipher

Replaces each letter by 3rd letter on
Example:
meet me after the party
PHHW PH DIWHU WKH SDUWB

59
 Caesar Cipher
Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Mathematically give each letter a number

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

Then have Caesar cipher as:

C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)

60
 Cryptanalysis of Caesar Cipher
Only have 25 possible ciphers
A maps to B,..Z

Given ciphertext, just try all shifts of letters

Do need to recognize when have plaintext

E.g., break ciphertext "GCUA VQ DTGCM"

61
 Affine Cipher
 broaden to include multiplication
 can define affine transformation as:
c = E(k, p) = (ap + b) mod (26)
p = D(k, c) = (a-1(c – b)) mod (26)
 key k=(a,b)
 a must be relatively prime to 26
so there exists unique inverse a-1
Caesar cipher is Affine cipher with a=1
k=(17,3):
 Affine Cipher - Example

example k=(17,3): a-1=23

example:
meet me after the party
Now how many keys are there?
12 x 26 = 312
Still can be brute force attacked!
Note: Example of product cipher
a b c d e f g h i j k l m n o p q r s t u v w x y z = IN
D U L C T K B S J A R I Z Q H Y P G X O F W N E V M = OUT

ZTTO ZT DKOTG OST YDGOV

64
65
 Tutorial I

1, Use Brute Force to crack the following Caesar cipher text

DOOVZHOOWKDWHQGVZHOO
2. Find the modular multiplicative inverse of 7 under modulo 29
2. Use an Affine cipher to encrypt the message ‘attack is
postponed‘ with the key (5,8)
3. Decrypt the affine cipher text CVVWPM.. The encryption key is
(9,2)
66
 Monoalphabetic Cipher
Rather than just shifting the alphabet
Could shuffle the letters arbitrarily
Each plaintext letter maps to a different random ciphertext
letter
Key is 26 letters long

Plaintext: ifwewishtoreplaceletters
67
• Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

68
 Monoalphabetic Cipher
Security
Now have a total of 26! = 4 x 1026 keys
Is that secure?
Problem is language characteristics
Human languages are redundant
Letters are not equally commonly used

69
standard frequency distribution for English

70
 Example Cryptanalysis
Given ciphertext:

71
 Example Cryptanalysis
• it seems likely that cipher letters P and Z are the
equivalents of plain letters e and t, but it is not certain
which is which.
• The letters S,U,O, M, and H are all of relatively high
frequency and probably correspond to plain letters from
the set {a, h, i, n, o, r, s}.
• The letters with the lowest frequencies (namely,A, B,G,Y,
I, J) are likely included in the set {b, j, k, q, v, x, z}.
72
 Example Cryptanalysis
Guess P & Z are e and t

Guess ZW is th and hence ZWP is the

Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow

73
 Playfair Cipher
-not even the large number of keys in a monoalphabetic
cipher provides security
-one approach to improving security was to encrypt
multiple letters
-the Playfair Cipher is an example
-invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair

74
 Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword
fill rest of matrix with other letters
eg. using the keyword MONARCHY

75
 Playfair Key Matrix -Encrypting and
Decrypting

plaintext encrypted two letters at a time:

1. each letter is replaced by the one in its row in the
column of the other letter of the pair, eg. “hs"
encrypts to "BP", and “ea" to "IM" or "JM" (as
desired).
2. if a pair is a repeated letter, insert a filler like 'X', eg.
"balloon" transformed to "ba lx lo on"
3. if both letters fall in the same row, replace each with
letter to right (wrapping back to start from end), eg.
“ar" encrypts as "RM"
76
 Playfair Key Matrix..

4. if both letters fall in the same column,

replace each with the letter below it
(again wrapping to top from bottom), eg.
“mu" encrypts to "CM"

77
 Playfair Key Matrix..
Eg:
Encrypt : security
decrypt “FHXNMKHNVZ”

78
 Security of the Playfair Cipher

• security much improved over monoalphabetic

• Frequency analysis not possible
• was widely used for many years (eg. US &
British military in WW1)
• it can be broken, given a few hundred letters
• since still has much of plaintext structure
79
 Vigenere Cipher
simplest polyalphabetic substitution cipher is the
Vigenère Cipher
effectively multiple caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith letter specifies ith alphabet to use
use each alphabet in turn
repeat from start after d letters in message
decryption simply works in reverse 80
 Vigenere Cipher -Example
write the plaintext out write the keyword repeated above it
use each key letter as a caesar cipher key
encrypt the corresponding plaintext letter
eg using keyword deceptive

81
 Vigenere Cipher…
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w
13 14 15 16 17 18 19 20 21 22

x y Z
23 24 25

82
 Security of Vigenere
Ciphers

have multiple ciphertext letters for each plaintext

letter
hence letter frequencies are not usable

83
 Autokey Cipher

Vigenère proposed the autokey cipher with

keyword is prefixed to message as key
ideally want a key as long as the message
knowing keyword can recover the first few letters
use these in turn on the rest of the message
but still have frequency characteristics to attack
84
 Autokey Cipher…
eg. given key deceptive
key:
deceptivewearediscoveredsav
plaintext:
wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXST
SLVVWLA
Cipher text-MYXHYIEMFINTF
Key-auto
85
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w
13 14 15 16 17 18 19 20 21 22

x y Z
23 24 25

86
 Hill Cipher
• Polyalphebetic Cipher developed by the
mathematician Lester Hill in 1929.
• Use Linear algebra- matrix arithmetic modulo
26.
• Use a square matrix M for encryption and M-1
for decryption
• M(M-1) = M-1M = I
• I – Identity matrix .

87
Hill Cipher…

88
 Hill Cipher…
• Determinant

k11k22 - k12k21

• Dji is the subdeterminant formed by deleting

the j th row and the i th column of A,
89
Hill Cipher…

90
 THE HILL ALGORITHM

• algorithm takes successive m plaintext letters

and substitutes for them ciphertext letters.
• The substitution is determined by linear
equations in which each character is assigned
a numerical value 0 to 25

91
 THE HILL ALGORITHM…

• algorithm takes successive m plaintext letters

and substitutes for them ciphertext letters.
• The substitution is determined by linear
equations in which each character is assigned
a numerical value 0 to 25

92
THE HILL ALGORITHM…

93
 Transposition Ciphers
transposition or permutation ciphers
These hide the message by rearranging the
letter order, without altering the actual
letters used
Can recognise these since have the same
frequency distribution as the original text

94
 Rail Fence cipher
Write message letters out diagonally over a
number of rows
Then read off cipher row by row
E.g., write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t

Giving ciphertext
MEMATRHTGPRYETEFETEOAAT

95
 Row Transposition Ciphers
a more complex scheme
write letters of message out in rows over a specified
number of columns
then reorder the columns according to some key before
reading off the rows
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ
96
 Keyless transposition
• Two methods for permutations
– Text is written into a table column by column and
then transmitted row by row.
– Text is written into a table row by row and then
transmitted column by column.
– Rail fence cipher is keyless transposition.

97
 Keyless transposition
– Sender and receiver agree on the number of
columns and use the second method

98