Cryptography and

Network Security
UNIT-1
Dr.Janardhana D R
UNIT-
•-Overview of Security Concepts
• Computer Security Concept
• The OSI Security Architecture
1 • Security Attacks
• Security Services

Sylla • A Model for Network Security

•-Classical Encryption Techniques

bus • Substitution Techniques

• Transposition Techniques
 • Information Security requirements have
changed in recent times.

• Traditionally provided by physical and

administrative mechanisms.
Background
• Computer use requires automated tools to
protect files and other stored information.

• Use of networks and communications links

requires measures to protect data during
transmission.
 • Computer Security - Collection of tools
designed to protect data and to thwart
hackers.

• Network Security - Measures to protect

Definitions data during their transmission.

• Internet Security - measures to protect data

during their transmission over a collection of
interconnected networks.
 •Information needs to be hidden from
Security • Unauthorized access (Confidentiality)
Goals • Protected from unauthorized change
(integrity)
• Available to an authorized entity
when it is needed (availability)
Security Attacks
 Snooping
•-Unauthorized access to or interception of data.
Traffic analysis
Attacks •-Can find some other type information by
Threatening monitoring online traffic.
Confidentiality •-Can find the electronic address (such as e- mail
address) of the sender or the receiver.
 • Modification
-After intercepting or accessing information, the
Attacks attacker modifies the
-Information to make it beneficial to himself.
Threateni • Masquerading

ng -Masquerading or spoofing (trick) happens when the

attacker impersonates somebody else.
Integrity • Replaying
-The attacker obtains a copy of a message sent by a
user and later tries to replay it .
• Repudiation
-Performed by one of the two parties communication:
the sender or the receiver.
Attacks • Slow down or totally interrupt the service of a
Threateni system.

ng • Send so many bogus requests to a server ,that

Availabili the server crashes because of the heavy load.

ty • The attacker might intercept and delete a

server’s response to a client, making the
client to believe that the server is not
responding.
 Computer
Security
Concepts
Computer Security: The protection of an
information system to ensure the integrity,
availability, and confidentiality of its
resources, including hardware, software,
data, and telecommunications.
 Confidentiality covers two terms:

Data confidentiality: Ensures that private

information is not shared with unauthorized
The Three Key people.
Objectives of the Privacy: Ensures that individuals control what
Definition information about them is collected, stored, and
shared.
 Integrity:
Data integrity: Ensures information and
The Three programs are only changed in authorized
ways.
Key System integrity: Ensures a system works as
intended, free from unauthorized
Objectives of manipulation.

the
Availability: Ensures systems function
Definition promptly and services are available to
authorized users.
 CIA Triad

Confidentiality: Keeping information private and ensuring it's only accessed by authorized
individuals. Loss of confidentiality is unauthorized disclosure of information.

Integrity: Protecting information from unauthorized changes or destruction. Loss of

integrity is unauthorized modification or destruction of information.

Availability: Ensuring information is accessible when needed. Loss of availability is the

disruption of access to information or systems.
 •Authenticity: Ensuring something is genuine and
can be trusted, verifying the identity of users and
the source of information.

Additional •Accountability: Ensuring actions can be traced

concepts back to the responsible entity, supporting
nonrepudiation, deterrence, detection, and legal
actions.
 The OSI security architecture focuses on security
attacks, mechanisms, and services.

•Security attack: Any action that compromises

The OSI the security of information owned by an
Security organization.
•Security mechanism: A process (or a device
Architectur incorporating such a process) that is designed to
e detect, prevent, or recover from a security attack.
•Security service: A processing or
communication service that enhances the security
of the data processing systems and the
information transfers of an organization.
 Threats and Attacks (RFC 4949)

Attack: An intentional action

Threat: A potential cause of
taken to exploit a vulnerability
harm or damage to a system,
in a system to gain
such as vulnerabilities that
unauthorized access, cause
could be exploited by
damage, or disrupt its
malicious actors.
operations.
 • Any action that compromises the security of
information owned by an organization
• Information security is about how to prevent
Secur attacks, or failing that, to detect attacks on
information-based systems

ity The terms "threat" and "attack" are often used

interchangeably, but they have distinct meanings.
Attacks can vary widely and can be classified into
Attac two main types:
•Passive attacks: These involve monitoring or

ks intercepting information without altering it.

•Active attacks: These involve attempts to
modify, disrupt, or damage a system or data.
Passive Attacks
Active Attacks
Active and Passive Security Threats
 •Passive attacks are eavesdropping or
monitoring transmissions without
altering them.
•The goal of the opponent is to obtain
information that is being transmitted.
Passive Attacks Two types of passive attacks are:
• The release of message contents
• Traffic analysis.
 The Release of
Message Contents
The release of message contents is easily understood.
• A telephone conversation, an electronic mail message,
and a transferred file may contain sensitive or
confidential information.
• We would like to prevent an opponent from learning the
contents of these transmissions.
Traffic Analysis

•A second type of passive attack, traffic analysis, is subtler.

• If we could hide the contents of messages so that opponents couldn’t
understand them, even if they intercepted them, this would protect the
information.
• Encryption is a common way to hide message contents.
• However, the opponent could still see where the communication is happening,
who is involved, and the frequency and length of the messages.
• This information could help them guess the nature of the communication.
 Passive Attacks

• Passive attacks are very difficult to detect,

because they do not involve any alteration of
the data.
• Typically, the message traffic is sent and
received in an apparently normal fashion, and
neither the sender nor receiver is aware that a
third party has read the messages or observed
the traffic pattern.
• However, it is feasible to prevent the success
of these attacks, usually by means of
encryption.
• Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection.
 Active Attacks

•Active attacks involve some modification

of the data stream or the creation of a false
stream and can be subdivided into four
categories:
• Masquerade
• Replay
• Modification of messages
• Denial of service
 Masquerade

A masquerade takes place when one entity

pretends to be a different entity.
A masquerade attack often involves another type
of active attack.
For example, someone might capture and replay
a valid authentication sequence to impersonate
an authorized user and gain extra privileges.
Replay and Modification of Messages

Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of messages simply means that some portion of a
legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect.
• For example, a message meaning “Allow John Smith to read
confidential file accounts” is modified to mean “Allow Fred
Brown to read confidential file accounts.”
 Denial of Service – DoS
The denial of service prevents or inhibits the normal use or management
of communications facilities.
• This attack may have a specific target; for example, an entity
may suppress all messages directed to a particular destination
(e.g., the security audit service).
• Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it
with messages so as to degrade performance.
 • Active attacks present the opposite characteristics
of passive attacks.
• Whereas passive attacks are difficult to detect,
measures are available to prevent their success.
• On the other hand, it is quite difficult to prevent
active attacks absolutely because of the wide
variety of potential physical, software, and network
Active Attacks vulnerabilities.
• Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by
them.
• If the detection has a deterrent effect, it may also
contribute to prevention.
 Security Services
• X.800 defines a security service as a service
that is provided by a protocol layer of
communicating open systems and that
ensures adequate security of the systems or
of data transfers.
• X.800 divides these services into five
categories and fourteen specific services.
 Security Services (X.800)

•Authentication: Ensures that the entity you're communicating with is who they
claim to be.
•Access Control: Prevents unauthorized users from accessing resources.
•Data Confidentiality: Protects data from being accessed or disclosed without
permission.
•Data Integrity: Guarantees that data received is exactly as sent by an authorized
source.
•Non-Repudiation: Ensures that neither party in a communication can deny their
actions.
 Authentication

• The assurance that the communicating entity is the one that it claims to be.
• Peer Entity Authentication
• Used in association with a logical connection to provide confidence in the
identity of the entities connected.
• Data-Origin Authentication
• In a connectionless transfer, provides assurance that the source of received
data is as claimed.
 Access Control

• The prevention of unauthorized use of a resource

 Data Confidentiality

Connection Confidentiality
• The protection of all user data on a connection.
Connectionless Confidentiality
• The protection of all user data in a single data block.
Selective-Field Confidentiality
• The confidentiality of selected fields within the user data on a connection or in a
single data block.
Traffic-Flow Confidentiality
• The protection of the information that might be derived from observation of traffic
flows.
 Data Integrity

The assurance that data received are exactly as sent by an authorized

entity.
• Connection Integrity with Recovery
• Connection Integrity without Recovery
• Selective-Field Connection Integrity
• Connectionless Integrity
• Selective-Field Connectionless Integrity
 Non-Repudiation

Provides protection against denial by one of the entities involved in a

communication of having participated in all or part of the
communication.
Nonrepudiation, Origin
• Proof that the message was sent by the specified party.
Nonrepudiation, Destination
• Proof that the message was received by the specified party.
 Security Mechanisms
• The mechanisms are divided into those
that are implemented in a specific
protocol layer, such as TCP or an
application-layer protocol, and those
that are not specific to any protocol
layer or security service.
• X.800 distinguishes between reversible
encipherment mechanisms and
irreversible encipherment mechanisms.
Continued..
 Encipherment

• A reversible encipherment mechanism is

simply an encryption algorithm that allows
data to be encrypted and subsequently
decrypted.
• Irreversible encipherment mechanisms include
hash algorithms and message authentication
codes, which are used in digital signature and
message authentication applications.
Relationship between security services and security mechanisms
 A Model for Network Security
• A message is to be transferred from one party to another across some sort
of Internet service.
• The two parties, who are the principals in this transaction, must cooperate
for the exchange to take place.
• A logical information channel is established by defining a route through
the Internet from source to destination and by the cooperative use of
communication protocols (e.g., TCP/IP) by the two principals.
 All the techniques for providing security have two
components:
• A security-related change is applied to the information
before sending.
•Examples include:
A Model for • Encrypting the message to make it unreadable to
unauthorized users.
Network • Adding a code based on the message content to verify the
Security sender’s identity.
• Additionally, some secret information is shared between
the two parties and kept hidden from attackers.
•For example, an encryption key is used to scramble the
message before sending and decode it upon receiving.
 A Model for Network Security
• A trusted third party may be needed to achieve secure
transmission.
• For example, a third party may be responsible for
distributing the secret information to the two
principals while keeping it from any opponent.
• Or a third party may be needed to arbitrate disputes
between the two principals concerning the
authenticity of a message transmission.
A Model for Network Security
 •This general model shows that there are four basic
tasks in designing a particular security service:
• Design an algorithm for performing the security-
related transformation. The algorithm should be
such that an opponent cannot defeat its purpose.
A Model for • Generate the secret information to be used with
Network the algorithm.
Security • Develop methods for the distribution and sharing
of the secret information.
• Specify a protocol to be used by the two
principals that makes use of the security
algorithm and the secret information to achieve a
particular security service.
Network Access Security Model
 The Network Access Security Model focuses on
protecting information systems from unauthorized access.
Network Access •A hacker may break into a system just for the challenge,
without harmful intent.
Security Model •An intruder could be an unhappy employee wanting to
cause damage or a criminal looking to steal information,
like credit card details or money.
 Another type of unauthorized access involves inserting
harmful logic into a system to exploit its weaknesses,
affecting both applications and utility programs like editors
Network and compilers.
Access Programs can pose two types of threats:
•Information access threats: Unauthorized users intercept
Security Model or change data.
•Service threats: Attackers exploit system flaws to disrupt
services for legitimate users.
 Viruses and worms are examples of software attacks.
Network These attacks can enter a system through:
Access •A disk with hidden malicious code in useful software.
Security Model •A network, which is a bigger concern in network
security.
 Unwanted access falls into two main categories:
•Gatekeeper Function:

Network • Uses password-based logins to allow only

authorized users.
Access • Detects and blocks threats like worms and
viruses.
Security •Internal Controls:
Model • Monitors system activity and analyzes stored
data.
• Identifies and detects intruders who bypass the
first defense.
 • What is the OSI security architecture?
• What is the difference between passive and active
security threats?
Review • List and briefly define categories of passive and
Question active security attacks.

s • List and briefly define categories of security

services.
• List and briefly define categories of security
mechanisms.
Classical Encryption Techniques
Symmetric Cipher Model
Symmetric encryption scheme
Plaintext: The original readable message or data given as input to
the algorithm.

Encryption algorithm: This algorithm changes the plaintext using

different substitutions and transformations.

Secret key: A separate value used as input to the encryption

algorithm. It is not related to the plaintext or the algorithm.

Ciphertext: The scrambled output message that depends on the

plaintext and the secret key. It cannot be understood.

Decryption algorithm: The reverse of the encryption algorithm. It

uses the ciphertext and the secret key to get back the original plaintext.
 Conventional Encryption
There are two requirements for secure use of conventional
encryption:
• We need a strong encryption algorithm.
• Sender and receiver must have obtained copies of the
secret key in a secure fashion and must keep the key
secure
 Symmetric Encryption
• The feature of symmetric encryption is what makes it
feasible for widespread use.
• The fact that the algorithm need not be kept secret
means that manufacturers can and have developed low-
cost chip implementations of data encryption
algorithms.
• With the use of symmetric encryption, the principal
security problem is maintaining the secrecy of the key.
Model of Symmetric Cryptosystem
 Cryptography
Cryptographic systems are characterized along three independent dimensions:
• The type of operations used for transforming plaintext to cipher-text.
• All encryption algorithms are based on two general principles: substitution, in which each
element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and
transposition, in which elements in the plaintext are rearranged.
• The fundamental requirement is that no information be lost (i.e., that all operations are
reversible). Most systems, referred to as product systems, involve multiple stages of substitutions
and transpositions.
• The number of keys used. If both sender and receiver use the same key, the system is referred to
as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use
different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
• The way in which the plaintext is processed. A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher processes the
input elements continuously, producing output one element at a time, as it goes along.
Cryptanalysis and Brute-Force Attack
There are two general approaches to attacking a conventional
encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the
algorithm plus perhaps some knowledge of the general
characteristics of the plaintext or even some sample plaintext–
ciphertext pairs.
• Brute-force attack: The attacker tries every possible key on a
piece of cipher-text until an intelligible translation into plaintext is
obtained. On average, half of all possible keys must be tried to
achieve success.
Types of Cryptanalytic Attacks
 Unconditionally Secure
Two more definitions are worthy of note.
• An encryption scheme is unconditionally secure if the
cipher-text generated by the scheme does not contain
enough information to determine uniquely the
corresponding plaintext, no matter how much cipher-
text is available.
 Computationally Secure
• An encryption scheme is said to be computationally
secure if either of the following two criteria are met.
• The cost of breaking the cipher exceeds the value of the
encrypted information.
• The time required to break the cipher exceeds the useful
lifetime of the information
 Brute-Force Attack
• A brute-force attack involves trying every possible key until an
intelligible translation of the cipher-text into plaintext is
obtained.
• On average, half of all possible keys must be tried to achieve
success.
• That is, if there are X different keys, on average an attacker
would discover the actual key after X/2 tries.
 Classical Encryption Techniques
• A study of the classical encryption techniques enables us
to illustrate the basic approaches to symmetric
encryption used today.
• The two basic building blocks of all encryption
techniques are
• Substitution
• Transposition
 Substitution Techniques
• A substitution technique is one in which the letters of
plaintext are replaced by other letters or by numbers or
symbols.
• If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with
cipher-text bit patterns.
Substitution Techniques-Caesar Cipher
 Caesar Cipher Cryptanalysis
• If it is known that a given cipher-text is a Caesar cipher, then a
brute-force cryptanalysis is easily performed: simply try all
the 25 possible keys.
• In this case, the plaintext leaps out as occupying the third line.
• Three important characteristics of this problem enabled us to
use a brute-force cryptanalysis:
• The encryption and decryption algorithms are known.
• There are only 25 keys to try.
• The language of the plaintext is known and easily recognizable.
Caesar Cipher Cryptanalysis
Mono-alphabetic Ciphers
 Play-fair Cipher
The best-known multiple-letter encryption cipher is the
Play-fair, which treats di-grams in the plaintext as single
units and translates these units into cipher-text di-grams.
The Play-fair algorithm is based on the use of a 5 * 5 matrix
of letters constructed using a keyword.
Here is an example, solved by Lord Peter Wimsey in
Dorothy Sayers’s Have His Carcase
 Play-fair Cipher

• In this case, the keyword is monarchy.

• The matrix is constructed by filling in the letters of the keyword (minus
duplicates) from left to right and from top to bottom, and then filling
in the remainder of the matrix with the remaining letters in alphabetic
order.
• The letters I and J count as one letter.
 Play-fair Cipher
• Plaintext is encrypted two letters at a time, according to the following rules:
• Repeating plaintext letters that are in the same pair are separated with a filler letter, such
as x, so that balloon would be treated as ba lx lo on.
• Two plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row circularly following the last. For example, ar
is encrypted as RM.
• Two plaintext letters that fall in the same column are each replaced by the letter beneath,
with the top element of the column circularly following the last. For example, mu is
encrypted as CM.
• Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its
own row and the column occupied by the other plaintext letter. Thus, hs
becomes BP and ea becomes IM (or JM, as the encipherer wishes).
 Play-fair Cipher
• The Play-fair cipher is a great advance over simple mono-alphabetic
ciphers.
• For one thing, whereas there are only 26 letters, there are 26 * 26 =
676 di-grams, so that identification of individual di-grams is more
difficult.
• For these reasons, the Play-fair cipher was for a long time
considered unbreakable.
• It was used as the standard field system by the British Army in World
War I and still enjoyed considerable use by the U.S. Army and other
Allied forces during World War II
 Hill Cipher
• Another interesting multi-letter cipher is the Hill cipher,
developed by the mathematician Lester Hill in 1929
• Concepts from Linear Algebra:
• Before describing the Hill cipher, let us briefly review
some terminology from linear algebra. In this discussion,
we are concerned with matrix arithmetic modulo 26.
Hill Cipher
 Hill Cipher
• To explain how the inverse of a matrix is computed, we
begin with the concept of determinant.
• For any square matrix (m * m), the determinant equals
the sum of all the products that can be formed by taking
exactly one element from each row and exactly one
element from each column, with certain of the product
terms preceded by a minus sign.
• For a 2 * 2 matrix:
Hill Cipher
The Hill Algorithm
The Hill Algorithm
The Hill Algorithm
Breaking Hill Cipher
 Polyalphabetic Ciphers
• Another way to improve on the simple mono-alphabetic
technique is to use different mono-alphabetic substitutions
as one proceeds through the plaintext message.
• The general name for this approach is polyalphabetic
substitution cipher.
• All these techniques have the following features in common:
• A set of related mono-alphabetic substitution rules is used.
• A key determines which particular rule is chosen for a given
transformation.
Vigenere Cipher
Vigenere Cipher
Vigenere Cipher
 Vernam Cipher
• The ultimate defense against such a cryptanalysis is to
choose a keyword that is as long as the plaintext and has
no statistical relationship to it. Such a system was
introduced by an AT&T engineer named Gilbert Vernam
in 1918.
Vernam Cipher
 One-Time Pad
• An Army Signal Corp officer, Joseph Mauborgne, proposed an
improvement to the Vernam cipher that yields the ultimate in security. He
suggested using a random key that is as long as the message, so that the
key need not be repeated.
• In addition, the key is to be used to encrypt and decrypt a single message,
and then is discarded.
• Each new message requires a new key of the same length as the new
message.
• Such a scheme, known as a one-time pad, is unbreakable. It produces
random output that bears no statistical relationship to the plaintext.
• Because the cipher-text contains no information whatsoever about the
plaintext, there is simply no way to break the code.
One-Time Pad
 One-Time Pad
• In fact, given any plaintext of equal length to the cipher-
text, there is a key that produces that plaintext.
• Therefore, if you did an exhaustive search of all possible
keys, you would end up with many legible plaintexts,
with no way of knowing which was the intended
plaintext.
• Therefore, the code is unbreakable.
 Transposition Techniques
• All the techniques examined so far involve the substitution of a
cipher-text symbol for a plaintext symbol.
• A very different kind of mapping is achieved by performing some
sort of permutation on the plaintext letters.
• This technique is referred to as a transposition cipher.
• The simplest of such cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then read off
as a sequence of rows.
• For example, to encipher the message “meet me after the toga party”
with a rail fence of depth 2, we write the following:
Rail-Fence Technique
Transposition Technique- Rectangle
• This sort of thing would be trivial to cryptanalyze( Rail-
Fence).
• A more complex scheme is to write the message in a
rectangle, row by row, and read the message off, column
by column, but permute the order of the columns.
• The order of the columns then becomes the key to the
algorithm.
Transposition Technique- Rectangle

• Thus, in this example, the key is 4312567.

• To encrypt, start with the column that is labeled 1, in this case column
3.
• Write down all the letters in that column.
• Proceed to column 4, which is labeled 2, then column 2, then column
1, then columns 5, 6, and 7.
Transposition Technique- Rectangle
• A pure transposition cipher is easily recognized because
it has the same letter frequencies as the original
plaintext.
• For the type of columnar transposition just shown,
cryptanalysis is fairly straightforward and involves laying
out the cipher-text in a matrix and playing around with
column positions.
• Digram and trigram frequency tables can be useful.
Transposition Technique- Rectangle
• The transposition cipher can be made significantly more
secure by performing more than one stage of
transposition.
• The result is a more complex permutation that is not
easily reconstructed.
• Thus, if the foregoing message is reencrypted using the
same algorithm
Double Transposition
 Review Questions
• What are the essential ingredients of a symmetric cipher?
• What are the two basic functions used in encryption algorithms?
• How many keys are required for two people to communicate via a cipher?
• What is the difference between a block cipher and a stream cipher?
• What are the two general approaches to attacking a cipher?
• List and briefly define types of cryptanalytic attacks based on what is known to the attacker.
• What is the difference between an unconditionally secure cipher and a computationally secure cipher?
• Briefly define the Caesar cipher.
• Briefly define the mono-alphabetic cipher.
• Briefly define the Play-fair cipher.
• What is the difference between a mono-alphabetic cipher and a polyalphabetic cipher?
• What are two problems with the one-time pad?
• What is a transposition cipher?
 THANK YOU
COMPLETION OF UNIT-1