CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.

2021-22

UNIT-I
What is computer security?

Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of
your computer system.

THE NEED FOR SECURITY

Most initial com puter applications had no,or at best,very liltle secu rity.This
continued for a n u m ber of yea1·s until the importance of data was truly
realized.U ntil then,computer data was con sidered to be useful,but not something
to beprotected.when computer applications were developed to handle financial and
personal data,the real need for security was felt like never before.People realized
that data on computers is an extremely important aspect of modern life.
Therefore,various areas insecurity began to.gain prominence.Two ty pical
examples of such security mechanisms were as follows:
• Provide a user id and password r.oevery user,and use that information to a
u thenticate a user.
• Encode i nformation stored in the data bases in some fushion,so that it is not
visible to users whodo not have the right permissions
Organizations employed their own mechanisms inorder to provide for
these kinds of basic security mechanisms.A technology improved,the
communication i nfrastru cture became extremel y mature,and newer
applications began to be developed for various user demands and
needs.Soon,people realized that the basic security measures were not quite
enough .

SECURITY ATTACKS
From technologist’s view security attacks are classified as categories:
 passive attacks
 release message content.
 Traffic analysis
 active attacks
 Masquerading
 Modification
 Replay
 alteration
 Denial of service

PASSIVE ATTACKS:
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmis-sions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is easily understood from the following figure: 1.1. A
telephone conversation, an electronic mail message, and a transferred file may contain sensitive
or confidential information. We would like to prevent an opponent from learning the contents of
these transmissions.

Figure:1.1 : release of message content

A second type of passive attack, traffic analysis. Suppose that we had a way of masking
the contents of messages or other information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The common technique for
masking contents is encryption. If we had encryption protection in place, an opponent might still
be able to observe the pattern of these messages. The opponent could determine the location and
identity of communicating hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the communication that
was taking place.

Figure:1.2: traffic analysis

CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Typically, the message traffic is sent and received in an appar-ently normal fashion, and neither
the sender nor receiver is aware that a third party has read the messages or observed the traffic
pattern. However, it is feasible to pre-vent the success of these attacks, usually by means of
encryption. Thus, the empha-sis in dealing with passive attacks is on prevention rather than
detection.

ACTIVE ATTACKS

Active attacks involve some modification of the data stream or the creation of a false stream and
can be subdivided into four categories: masquerade, replay, modification of messages, and
denial of service.

A masquerade takes place when one entity pretends to be a different entity (Figure 1.3).
A masquerade attack usually includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a valid authentication sequence has
taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.

FIGURE: 1.3: MASQUERADING

Replay involves the passive capture of a data unit and its subsequent retrans-mission to
produce an unauthorized effect (Figure 1.4).

FIGURE:1.4. REPLAY
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

Alteration, simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unau-thorized effect (Figure 1.5). For example,
a message meaning “Allow John Smith to read confidential file accounts” is modified to mean
“Allow Fred Brown to read confidential file accounts.”

Figure: 1.5: alteration

The denial of service prevents or inhibits the normal use or management of

communications facilities (Figure 1.6). This attack may have a specific target; for example, an
entity may suppress all messages directed to a particular destination (e.g., the security audit
service). Another form of service denial is the disruption of an entire network, either by
disabling the network or by overloading it with messages so as to degrade performance.

Figure 1.6: denial of service

It is quite difficult to prevent active attacks absolutely because of the wide variety of
potential physical, software, and network vulnerabilities. Instead, the goal is to detect active
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

attacks and to recover from any disruption or delays caused by them. If the detection has a
deterrent effect, it may also contribute to prevention.

SECURITYAPPROACHES
SecurityModels:
An organization can take several approaches to i m plement its security
model.Let us su m m.arize these approaches.
• No security:In this simplest case,the approach could be a decision to
implement no security at all.
• Security through obscurity: In this model,a system is secure simply
because nobod y knows about its existence and conten ts.This approach
cannot work for too long,as there are many ways an attacker can come to
k now about it.
• Hostsecurity:In this scheme,the security for each host is enforced
individually.This is a very safe approach,but the trouble is that it cannot scale
well. The complexity and diversity of modern sites/organizations makes the
task even harder.

PRINCIPLES OF SECURITY

Confidentiality

The principle of ccmfidentiality specifies that only the sender and the intended
recipient(s) should be able to access the contents of a message.Confidentiality gets
compromised if an unauthorized person is able to access a message.Example of
compromising the confidentiality of a message is shown in below Figure.Here,the
user of com puter A sends a message to the user of computer B.(A ctually,from here
onwards,we shall use the term A to mean the user A,B to mean user B etc.,although
we shall just show the computers of user A,B,etc.).Another user C gets access to this
message,which is not desired,and therefore,defeats the purpose of
confidentiality.Example of this could be a confidential email message sent by A to
B,which is accessed by C without the permission or knowledge of A and B.This type
of attack is called as interception.

Fig: loss confidentiality

CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

Types of Security Mechanism

Network Security is field in computer technology that deals with ensuring security of computer
network infrastructure. As the network is very necessary for sharing of information whether it
is at hardware level such as printer, scanner, or at software level. Therefore security
mechanism can also be termed as is set of processes that deal with recovery from security
attack. Various mechanisms are designed to recover from these specific attacks at various
protocol layers.

 Encipherment :
This security mechanism deals with hiding and covering of data which helps data to
become confidential. It is achieved by applying mathematical calculations or algorithms
which reconstruct information into not readable form. It is achieved by two famous
techniques named Cryptography and Encipherment. Level of data encryption is dependent
on the algorithm used for encipherment.
 Access Control :
This mechanism is used to stop unattended access to data which you are sending. It can be
achieved by various techniques such as applying passwords, using firewall, or just by
adding PIN to data.
 Notarization :
This security mechanism involves use of trusted third party in communication. It acts as
mediator between sender and receiver so that if any chance of conflict is reduced. This
mediator keeps record of requests made by sender to receiver for later denied.
 Data Integrity :
This security mechanism is used by appending value to data to which is created by data
itself. It is similar to sending packet of information known to both sending and
receiving parties and checked before and after data is received. When this packet or
data which is appended is checked and is the same while sending and receiving data
integrity is maintained.
 Authentication exchange :
This security mechanism deals with identity to be known in communication. This is
achieved at the TCP/IP layer where two-way handshaking mechanism is used to ensure
data is sent or not
 Bit stuffing :
This security mechanism is used to add some extra bits into data which is being
transmitted. It helps data to be checked at the receiving end and is achieved by Even
parity or Odd Parity.
 Digital Signature :
This security mechanism is achieved by adding digital data that is not visible to eyes. It
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

is form of electronic signature which is added by sender which is checked by receiver

electronically. This mechanism is used to preserve data which is not more confidential
but sender’s identity is to be notified.

SECURITY SERVICES

X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or of data
transfers. X.800 divides these services into five categories and fourteen specific services . We
look at each category in turn.
1. Authentication
 Peer entity authentication
 Data origin authentication
2. Access Control
3. Data confidentiality
 Connection Confidentiality
 Connectionless Confidentiality
 Selective-Field Confidentiality
 Traffic Flow Confidentiality
4. Data Integrity
 Connection Integrity with Recovery
 Connection Integrity without Recovery
 Selective-Field Connection Integrity
 Connectionless Integrity
 Selective-Field Connectionless Integrity
5. NONREPUDIATION:
 Nonrepudiation, Origin
 Nonrepudiation, Destination

1. AUTHENTICATION: The assurance that the communicating entity is the one that it laims
to be.
 Peer Entity Authentication: Used in association with a logical connection to provide
confidence in the identity of the entities connected.
 Data Origin Authentication: In a connectionless transfer, provides assurance that the
source of received data is as claimed.
2. ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and
what those accessing the resource are allowed to do).
3. DATA CONFIDENTIALITY: The protection of data from unauthorized disclosure.
 Connection Confidentiality:The protection of all user data on a connection.
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

 Connectionless Confidentiality: The protection of all user data in a single data

block
 Selective-Field Confidentiality: The confidentiality of selected fields within the
user Data on a connection or in a single data block.
 Traffic Flow Confidentiality: The protection of the information that might be
Derived from observation of traffic flows.
4. DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay).
 Connection Integrity with Recovery: Provides for the integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any data within
an entire data sequence, with recovery attempted.
 Connection Integrity without Recovery: As above, but provides only detection without
recovery.
 Selective-Field Connection Integrity: Provides for the integrity of selected fields within the
user data of a data block transferred over a connection and takes the form of
determination of whether the selected fields have been modified, inserted, deleted, or
replayed.
 Connectionless Integrity: Provides for the integrity of a single connectionless data block
and may take the form of detection of data modification. Additionally, a limited form of
replay detection may be provided.
 Selective-Field Connectionless Integrity: Provides for the integrity of selected fields within
a single connectionless data block; takes the form of determination of whether the selected
fields have been modified.
5. NONREPUDIATION: Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
 Nonrepudiation, Origin: Proof that the message was sent by the specified party.
 Nonrepudiation, Destination: Proof that the message was received by the specified party.

A Model For Network Security

CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

A security-related transformation on the information to be sent. Examples include the encryption

of the message, which scrambles the message so that it is unreadable by the opponent, and the
addition of a code based on the contents of the message, which can be used to verify the identity
of the sender.

Some secret information shared by the two principals and, it is hoped, unknown to the opponent.
An example is an encryption key used in conjunc-tion with the transformation to scramble the
message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a particular security
service:

 Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose.
 Generate the secret information to be used with the algorithm.
 Develop methods for the distribution and sharing of the secret information.
 Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

CRYPTOGRAPHY CONCEPTS AND TECHNIQUES:

INTRODUCTION
 An original message is known as the plaintext.
 The coded message is called the ciphertext.
 The process of converting from plaintext to ciphertext is known
as enciphering or encryption.
 Restoring the plain-text from the ciphertext is deciphering or decryption.
 The many schemes used for encryption constitute the area of study known as cryptography.
Such a scheme is known as a cryptographic system or a cipher.
 Techniques used for deciphering a message without any knowledge of the enciphering details
fall into the area of cryptanalysis.
 The areas of cryptography and cryptanalysis together are called cryptology.
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

The two basic building blocks of all encryption techniques are substitution and
transposition.

SUBSTITUTION TECHNIQUES

1. CAESAR CIPHER:
IT was first proposed by JuliusCaesar, and istermed as CaesarCipher.It was the first
example of substitution cipher.In the su bstitution cipher technique ,the characters of a
plaintext message are replaced by other characters, num bers or symbols.CaesarCipher
is aspecial case of substitution techniques where in each alphabet in a message is
replaced by an alphabet three places down the line.For i nstance,using the Caesar
Cipher, the plaintext ATUL will become cipher text DWXO.
Clearly, the Caesar Cipher is a very weak scheme of hiding plain text messages .
All that is required to break the Caesar Cipher is to do the reverse of the Caesar
Cipher process-i.e.replace each alphabet in a cipher text message produced by Caesar
Cipher wi th the alphabet that is three places up the line.Thus,to work backwards ,take
a cipher text produced .by Caesar Cipher,and replace each A with X, B with Y, C
with Z,D with A,E with B and soon.The simple algorithm required to break Caesar
Cipher can be summarized below:
1. Read each alphabet in cipher text and search for its matched alphabet( three
places up).
2. When a match is found, replace that letter in cipher text letter.
3. Repeat this for all alphabets in the cipher text message.

2. Modified caesar cipher:

Caesar Cipher is good in theory,but not so good in practice.Let us now try and
com plicate the Caesar Cipher to make an attacker's life difficult. How can we generalize
Caesar Cipher a bit more? Letu sassume t hat the cipher text alphabets corresponding to
the original, plain text alphabets may not necessarily be th ree places down the order,but
instead,canbe any places dow n the order.This can com plicate matters a bit.
Thus,we are now saying that an alphabet A in plain text would not necessarily
be replaced by D.lt canbe replaced by any valid alphabet,i .e.by E or by F or by G,and
so on.Once the replacement scheme is decided,it would be constant and will be used
for all other alphabetics in that message.As we know the English language contains 26
alphabets.Thus,an alphabet A canbe replaced by any other alphabet in the English
alphabet set,(i.e.BthroughZ).Ofcourse,it does not ma ke sense to replace an alphabet
by itself(i.e.replacing A with A).Thus,for each al phabet,we have 25 possibilities of
replacement.Hence,to break a message in the modified version of Caesar Cipher,our
earlier algorithm would not work.Letus write a new algorithm to brea k this version of
Caesar Cipher,as shown b e l o w :
1. Let k be a number equal to 1
2. Read the complete cipher text
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

3. Replace each letter in the cipher text with an alphabet that is k positions down
the order.
4. Increment k by 1.
5. If k<26. Then goto step 2.otherwise stop the process.
6. The original message corresponding to the cipher text is one of the 25
possibilities produced by above steps.

Let us take a cipher text message produced by the modified Caesar Cipher,and
try'breaking it to obtain the original plain text message by applying the algorithm
show above.Since each alphabet in the plain text canbe potentiall y replaced by any
of the other 25 alphabets, we have 25 possible plain text messages to choose
from.Thus,the output produced by the above algorithm to break a ciphertext
message KWUMPMZN is shown below

Mono-alphabeticCipher

The major weakness of the Caesar Cipher is its predictability.Once we

decide to replace an alphabet in a plaintex t message with an alphabet that is k
positions up or down the order,we replace all other alph abets in the plain text
message with the same technique.Thus,the cryptanalyst has to try out a
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

maximumof 25 possible attacks,and she is assured of a success.

Now imagine that rather than using a uniform scheme for all the alphabets in a
given plain text message,we decide to use random substitution.This means that in
a given plain text m essage,each A can be replaced by any other alphabet(B
through Z),each B can also be replaced by any other ra ndom alphabet(A or C
through Z),and soon.The crucial difference being,there is no relation between the
replacement of B and replacement of A.That is,if we have decided to replace each
A with D,we need not n ecessarily replace each B wi th E we can replace each B
with any other character!
To put it mathematically,we can now have any permutation or combination of
26
the 26 alphabets ,which means (26x25x24x23x...2) or 4x10 possibilities!
This is extremely hard to crack.ltmight actually take years to try out these
many combinations even with the most modern com puters.
HomophonicSubstitutionCipher
The Homophonic Substitution Cipher is very similar to Mono-alphabetic Cipher.Like a
plain substitution ci pher technique,were place one alphabet with another i n this
scheme.However,the difference between the two techniques is that the replacement
alphabet set in case of the simple substitu tion techniques is
fixed(e.g.replaceAwithD,BwithE,etc.),w here as in the case of Homophonic Substitution
Cipher,one plaintext alphabet can map to more than one cipher text alphabet.For
instance,A can be replaced byD,H,P,R;B canbe replaced byE,1,Q,S,etc.
PolygramSubstitutionCipher
In Polygram Substitution Cipher tech nique,ra ther tha n replacing one plaintext
alphabet wi th one ciphertex t alphabet at a time,a block of alphabets is replaced
wi th another block.For instance,HELLO could be replaced by YUQQW.but
HELL could be re placed by a totally different cipher text block TEUI,This is
true inspi te the first fou r characters of the two blocks of text(HELL)being the
same.This shows that in Pol ygram Substitu tion Cipher,the replacement of
plaintext happen s block-by-block ,rather than character-by-character.

Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertext digrams.

The Playfair algorithm is based on the use of a 5 x 5 matrix of letters con-structed using a
keyword.
Eg:
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

In this case, the keyword is monarchy. The matrix is constructed by filling in the
letters of the keyword (minus duplicates) from left to right and from top to bot-tom,
and then filling in the remainder of the matrix with the remaining letters in alphabetic
order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time,
according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler
letter, such as x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced
by the letter to the right, with the first element of the row circularly following
the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last. For
example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its
own row and the column occupied by the other plaintext letter. Thus, hs
becomes BP and ea becomes IM (or JM, as the encipherer wishes).

The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing,
whereas there are only 26 letters, there are 26 x 26 = 676 digrams,
that identification of individual digrams is more difficult.

Hill Cipher

Another interesting multiletter cipher is the Hill cipher, developed by the mathe-matician Lester
Hill in 1929.

ENCRYPTION:
In this cipher plain text can be converted into cipher text using the following formula.

C=PK mod 26

where C and P are row vectors of length 3 representing the plaintext and ciphertext, and K is a
3 * 3 matrix representing the encryption key. Operations are performed mod 26.
For example, consider the plaintext “paymoremoney” and use the encrypttion key
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22

The first three letters of the plaintext are represented by the vector (15 0 24).
Then (15 0 24) K = (303 303 531) mod 26 = (17 17 11) = RRL. Continuing in this
fash-ion, the ciphertext for the entire plaintext is RRLMWBKASPDH.

DECRYPTION:

Decryption requires using the inverse of the matrix K. We can compute det K =
23, and therefore, (det K)-1 mod 26 = 17. We can then compute the inverse as

It is easily seen that if the matrix K-1 is applied to the ciphertext, then the
plaintext is recovered.

In general terms, the Hill system can be expressed as

C = E(K, P) = PK mod 26

P = D(K, C) = CK-1 mod 26 = PKK-1 = P

As with Playfair, the strength of the Hill cipher is that it completely hides single-
letter frequencies. Indeed, with Hill, the use of a larger matrix hides more fre-quency
information. Thus, a 3 * 3 Hill cipher hides not only single-letter but also two-letter
frequency information.
Consider this example. Suppose that the plaintext “hillcipher” is encrypted using a 2 * 2 Hill
cipher to yield the ciphertext HCRZSSXNSP. Thus, we know that
(7 8)K mod 26 = (7 2); (11 11)K mod 26 = (17 25); and so on. Using the first two plaintext–
ciphertext pairs, we have
CRYPTOGRAPHY & NETWORK SECURITY UNIT-I IV-I CSE A.Y.2021-22