Computer Networks

Computer networks were primarily used by university researchers for sending email and
by corporate employees for sharing printers. Under these conditions, security did not get a lot of
attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and
filing their tax returns, and weakness after weakness has been found, network security has
become a problem of massive proportions.
Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned
with making sure that curious people cannot read, or worse yet, secretly modify messages
intended for other recipients. It is concerned with people trying to access remote services that
they are not authorized to use.
Security also deals with the problems of legitimate messages being captured and replayed,
and with people later trying to deny that they sent certain messages. Most security problems are
intentionally caused by malicious people trying to gain some benefit, get attention, or harm
someone.
Network security problems can be divided roughly into four closely intertwined areas: secrecy,
authentication, nonrepudiation, and integrity control.
A Model for Network Security
A model for much of what we will be discussing is captured, in very general terms. A
message is to be transferred from one party to another across some sort of internet. The two
parties, who are the principals in this transaction, must cooperate for the exchange to take place. A
logical information channel is established by defining a route through the internet from source to
destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two
principals.
Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and so
on. All the techniques for providing security have two components:
● A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the opponent,
and the addition of a code based on the contents of the message, which can be used to verify the
identity of the sender.
● Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm
and the secret information to achieve a particular security service.
The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking
and entering a computer system. Or, the intruder can be a disgruntled employee who wishes to do
damage, or a criminal who seeks to exploit computer assets for financial gain (e.g., obtaining credit
card numbers or performing illegal money transfers). Another type of unwanted access is the
placement in a computer system of logic that exploits vulnerabilities in the system and that can
affect application programs as well as utility programs, such as editors and compilers. Programs
can present two kinds of threats:
● Information access threats intercept or modify data on behalf of users who should not have
access to that data.
● Service threats exploit service flaws in computers to inhibit use by legitimate users.

Viruses and worms are two examples of software attacks. Such attacks can be introduced into a
system by means of a disk that contains the unwanted logic concealed in otherwise useful
software. They can also be inserted into a system across a network; this latter mechanism is of
more concern in network security.
The security mechanisms needed to cope with unwanted access fall into two broad categories.
The first category might be termed a gatekeeper function. It includes password-based login
procedures that are designed to deny access to all but authorized users and screening logic that is
designed to detect and reject worms, viruses, and other similar attacks. Once either an unwanted
user or unwanted software gains access, the second line of defense consists of a variety of
internal controls that monitor activity and analyze stored information in an attempt to detect the
presence of unwanted intruders.

CRYPTOGRAPHY
Cryptography comes from the Greek words for ‘‘secret writing.’’ Cryptography is the study
of techniques for secure communication in the presence of third parties. It involves the use of
mathematical algorithms and protocols to secure the confidentiality, integrity, and authenticity of
communication. Cryptography is used in a wide range of applications, including securing
communication over the internet, protecting sensitive data, and authenticating the identity of
users.
There are two main types of cryptography − symmetric cryptography and asymmetric
cryptography. In symmetric cryptography, the same key is used for both encryption and
decryption. This is suitable for situations where the sender and receiver of a message have a
shared secret key. In asymmetric cryptography, also known as public-key cryptography, different
keys are used for encryption and decryption. This is suitable for situations where the sender and
receiver of a message do not have a shared secret key, as it allows them to exchange messages
securely without needing to share a secret key.
Cryptography generally deals with the study and practice of techniques for ensuring secure
communication between two parties in the presence of a third party called adversaries.
 The messages to be encrypted, known as the plaintext, are transformed by a function that
is parameterized by a key. The output of the encryption process, known as the ciphertext, is then
transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and
accurately copies down the complete ciphertext. However, unlike the intended recipient, he does
not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the
intruder can not only listen to the communication channel (passive intruder) but can also record
messages and play them back later, inject his own messages, or modify legitimate messages before
they get to the receiver (active intruder).
It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will
use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C.
Similarly, P = DK(C) represents the decryption of C to get the plaintext again. It then follows that
DK(EK(P)) = P

Cryptographic Principles
Cryptographic principles are the fundamental concepts and techniques that are used in the
field of cryptography to secure communication and protect data. These principles include
confidentiality, integrity, authentication, non-repudiation, and key management.
There are several fundamental principles that are important in the field of cryptography,
including −
 Confidentiality − Confidentiality refers to the ability to keep information private and
secure. Cryptographic techniques, such as encryption, can be used to protect the
confidentiality of information by making it unreadable to anyone who does not have the
proper decryption key.
 Integrity − Integrity refers to the ability to ensure that information has not been altered or
tampered with. Cryptographic techniques, such as hash functions, can be used to ensure the
integrity of information by providing a way to detect any changes to the data.
 Authentication − Authentication refers to the process of verifying the identity of a user or
device. Cryptographic techniques, such as digital signatures, can be used to authenticate the
identity of a user or device in a secure manner.
 Non-repudiation − Non-repudiation refers to the ability to prevent someone from denying
that they performed a particular action. Cryptographic techniques, such as digital
signatures, can be used to provide non-repudiation by allowing the sender of a message to
prove that they sent the message and the receiver to prove that they received the message.

Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in
which elements in the plaintext are rearranged. The fundamental requirement is that no
information be lost (that is, that all operations are reversible).
2. The number of keys used. If both sender and receiver use the same key, the system is referred
to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use
different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
3. The way in which the plaintext is processed. A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher processes the
input elements continuously, producing output one element at a time, as it goes along.

Security Attack, Services and Mechanism

To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the approaches to
satisfying those requirements.
The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as follows:
● Security attack: Any action that compromises the security of information owned by an
organization.
 ● Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
● Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms
to provide the service.
Security Attacks
A useful means of classifying security attacks, is in terms of passive attacks and active
attacks. A passive attack attempts to learn or make use of information from the system but does
not affect system resources. An active attack attempts to alter system resources or affect their
operation.

Passive Attacks:
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are release of message contents and traffic analysis.
 The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of these
transmissions.
 A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if
they captured the message, could not extract the information from the message. The
common technique for masking contents is encryption. If we had encryption protection in
place, an opponent might still be able to observe the pattern of these messages. The
opponent could determine the location and identity of communicating hosts and could
observe the frequency and length of messages being exchanged. This information might be
useful in guessing the nature of the communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any alteration of
the data. Typically, the message traffic is sent and received in an apparently normal fashion and
neither the sender nor receiver is aware that a third party has read the messages or observed the
traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
Active Attacks:
Active attacks involve some modification of the data stream or the creation of a false
stream andcan be subdivided into four categories:
1. masquerade,
2. replay,
3. modification of messages, and
4. denial of service.

A masquerade takes place when one entity pretends to be a different entity. A masquerade attack
usually includes one of the other forms of active attack. For example, authentication sequences
can be captured and replayed after a valid authentication sequence has taken place, thus enabling
an authorized entity with few privileges to obtain extra privileges by impersonating an entity that
has those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to produce
an unauthorized effect.
Modification of messages simply means that some portion of a legitimate message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect.
denial of service prevents or inhibits the normal use or management of communications
facilities. This attack may have a specific target; for example, an entity may suppress all messages
directed to a particular destination (e.g., the security audit service). Another form of service denial
is the disruption of an entire network, either by disabling the network or by overloading it with
messages so as to degrade performance.
Active attacks present the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent their success. On the other hand, it
is quite difficult to prevent active attacks absolutely, because of the wide variety of potential
physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them. If the detection has a deterrent effect, it
may also contribute to prevention.

Security Services
X.800 defines a security service as a service provided by a protocol layer of communicating
open systems, which ensures adequate security of the systems or of data transfers. Perhaps a
clearer definition is: a processing or communication service that is provided by a system to give a
specific kind of protection to system resources; security services implement security policies and are
implemented by security mechanisms.
Authentication
The authentication service is concerned with assuring that a communication is authentic.
In the case of a single message, such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message is from the source that it claims
to be from. In the case of an ongoing interaction, such as the connection of a terminal to a host,
two aspects are involved. First, at the time of connection initiation, the service assures that the two
entities are authentic, that is, that each is the entity that it claims to be. Second, the service must
assure that the connection is not interfered with in such a way that a third party can masquerade as
one of the two legitimate parties for the purposes of unauthorized transmission or reception. Two
specific authentication services are defined in X.800:
● Peer entity authentication: Provides for the corroboration of the identity of a peer entity in
an association. It is provided for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.
● Data origin authentication: Provides for the corroboration of the source of a data unit. It
does not provide protection against the duplication or modification of data units. This type of
service supports applications like electronic mail where there are no prior interactions
between the communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the access
to host systems and applications via communications links. To achieve this, each entity trying to
gain access must first be identified, or authenticated, so that access rights can be tailored to the
individual.

Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest service
protects all user data transmitted between two users over a period of time. For example, when a TCP
connection is set up between two systems, this broad protection prevents the release of any user
data transmitted over the TCP connection. Narrower forms of this service can also be defined,
including the protection of a single message or even specific fields within a message. These
refinements are less useful than the broad approach and may even be more complex and
expensive to implement.
The other aspect of confidentiality is the protection of traffic flow from analysis. This
requires that an attacker not be able to observe the source and destination, frequency, length, or
other characteristics of the traffic on a communications facility.

Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or
selected fields within a message. Again, the most useful and straightforward approach is total
stream protection. A connection-oriented integrity service, one that deals with a stream of messages,
assures that messages are received as sent, with no duplication, insertion, modification, reordering,
or replays. The destruction of data is also covered under this service. Thus, the connection-
oriented integrity service addresses both message stream modification and denial of service. On
the other hand, a connectionless integrity service, one that deals with individual messages without
regard to any larger context, generally provides protection against message modification only.
We can make a distinction between the service with and without recovery. Because the
integrity service relates to active attacks, we are concerned with detection rather than
prevention. If a violation of integrity is detected, then the service may simply report this violation,
and some other portion of software or human intervention is required to recover from the
violation. Alternatively, there are mechanisms available to recover from the loss of integrity of
data, as we will review subsequently. The incorporation of automated recovery mechanisms is, in
general, the more attractive alternative.

Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the
message. Similarly, when a message is received, the sender can prove that the alleged receiver in
fact received the message.
Security Mechanisms
Following is the list of the security mechanisms defined in X.800. As can be seen the
mechanisms are divided into those that are implemented in a specific protocol layer and those that
are not specific to any particular protocol layer or security service.
X.800 distinguishes between reversible encipherment mechanisms and irreversible
encipherment mechanisms. A reversible encipherment mechanism is simply an encryption
algorithm that allows data to be encrypted and subsequently decrypted. Irreversible encipherment
mechanisms include hash algorithms and message authentication codes, which are used in digital
signature and message authentication applications.
Specific Security Mechanisms
May be incorporated into the appropriate protocol layer in order to provide some of the
OSIsecurity services.
1. Encipherment: The use of mathematical algorithms to transform data into a form that is not
readily intelligible. The transformation and subsequent recovery of the data depend on an
algorithmand zero or more encryption keys.
2. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery (e.g., by the recipient).
3. Access Control: A variety of mechanisms that enforce access rights to resources.
4. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream
of data units.
5. Authentication Exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
6. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
7. Routing Control: Enables selection of particular physically secure routes for certain data
andallows routing changes, especially when a breach of security is suspected.
8. Notarization: The use of a trusted third party to assure certain properties of a data exchange.

Pervasive Security Mechanisms

Mechanisms that are not specific to any particular OSI security service or protocol layer.
1. Trusted Functionality: That which is perceived to be correct with respect to some criteria
(e.g., asestablished by a security policy).
2. Security Label: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
3. Event Detection: Detection of security-relevant events.
4. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which
is an independent review and examination of system records and activities.
5. Security Recovery: Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
Classical Encryption Techniques
The various classical encryption techniques are classified as
1. Symmetric encryption: It is a form of cryptosystem in which encryption and decryption are
performed using the same key. It is also known as conventional encryption. ● Symmetric
encryption transforms plaintext into ciphertext using a secret key and an encryption algorithm.
Using the same key and a decryption algorithm, the plaintext is recovered from the ciphertext. The
two types of attack on an encryption algorithm are cryptanalysis, based on properties of the
encryption algorithm, and brute-force, which involves trying all possible keys.
2. Substitution techniques: Substitution techniques map plaintext elements (characters, bits)
into ciphertext elements.
3. Transposition techniques systematically transpose the positions of plaintext elements.
4. Rotor machines are sophisticated precomputer hardware devices that use substitution
techniques.
5. Steganography is a technique for hiding a secret message within a larger one in such a way
that others cannot discern the presence or contents of the hidden message.
Conventional Encryption Model
Symmetric encryption is also referred to as conventional encryption or single-key
encryption. It was the only type of encryption in use prior to the development of public-key
encryption. It remains by far the most widely used of the two types of encryption.
A symmetric encryption scheme has five ingredients:
1. Plain text: This is the Original intelligible message or data that is fed in to the algorithm
as input.
2. Encryption Algorithm: The encryption algorithm performs various substitutions and
transformation on the plain text to convert it into ciphertext.
3. Secret Key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plain text. The algorithm will produce a different output depending
 on the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plain
text and the secret key. For a given message, two different keys will produce different
ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is
unintelligible.
5. Decryption Algorithm: This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key as the input and produces the original plain text.

Simplified Model of Conventional Encryption

There are two requirements for secure use of conventional encryption-
 We need a strong encryption algorithm. At a minimum, we would like the algorithm to
be such that an opponent who known the algorithm and has access to one or more
ciphertext would be unable to decipher the ciphertext or figure out the key. Usually, this
requirement is stated in a stronger form. The opponent should be unable to decrypt
ciphertext or discover the key even if he or she is in possession of a number of
ciphertext together with the plain text that produce each ciphertext
 Sender and Receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure. If someone can discover the key and knows the algorithm, all
information using this key is readable.

Substitution Technique
Substitution technique is a classical encryption technique where the characters present
in the original message are replaced by the other characters or numbers or by symbols. If the
plain text (original message) is considered as the string of bits, then the substitution technique
would replace bit pattern of plain text with the bit pattern of cipher text.
Some of the substitution techniques are as follows:
 Caesar Cipher
 Monoalphabetic Cipher
 Playfair Cipher
 Hill Cipher
 Polyalphabetic Cipher
 One-Time Pad

Caesar Cipher
This the simplest substitution cipher by Julius Caesar. In this substitution technique, to
encrypt the plain text, each alphabet of the plain text is replaced by the alphabet three places
further it. And to decrypt the cipher text each alphabet of cipher text is replaced by the alphabet
three places before it.
Let us take a simple example:
Plain Text: meet me tomorrow
Cipher Text: phhw ph wrpruurz
Look at the example above, we have replaced, ‘m’ with ‘p’ which occur three places after,
‘m’. Similarly, ‘e’ is replaced with ‘h’ which occurs in three places after ‘e’.
Note: If we have to replace the letter ‘z’ then the next three alphabets counted after ‘z’ will be ‘a’
‘b’ ‘c’. So, while counting further three alphabets if ‘z’ occurs it circularly follows ‘a’.
 There are also some drawbacks of this simple substitution technique. If the hacker knows
that the Caesar cipher is used then to perform brute force cryptanalysis, he has only to try 25
possible keys to decrypt the plain text. The hacker is also aware of the encryption and decryption
algorithm.

Monoalphabetic Cipher
Monoalphabetic cipher is a substitution cipher, where the cipher alphabet for each plain
text alphabet is fixed, for the entire encryption.
In simple words, if the alphabet ‘p’ in the plain text is replaced by the cipher alphabet ‘d’.
Then in the entire plain text wherever alphabet ‘p’ is used, it will be replaced by the alphabet ‘d’ to
form the ciphertext.

Polyalphabetic Cipher
Polyalphabetic cipher is far more secure than a monoalphabetic cipher. As monoalphabetic
cipher maps a plain text symbol or alphabet to a ciphertext symbol and uses the same ciphertext
symbol wherever that plain text occurs in the message. But polyalphabetic cipher, each time
replaces the plain text with the different ciphertext.

Playfair Cipher
This technique involves creating a 5×5 matrix from keyword. Rules for generating
ciphertext in Playfair Cipher:
 Firstly, create a 5×5 matrix from given keyword.
 Secondly, create pairs of alphabets, if same letters are there in pair, add ‘x’ in between.
 Thirdly, if pair appears in same row, shift the letter with immediate right letter.
 If pair appears in same column, replace it with the letter below it.
 In case pairs are in different rows and columns, replace it with the letters on corner of
same row.
For instance, Keyword: OCCURENCE, Plaintext: TALL TREES. Here, resultant pair will be: TA LX LT
RE ES. Keyword matrix is as follows:
O C U R E

N A B D F

G H I/J K L

M P Q S T

V W X Y Z
5×5 matrix in Playfair Cipher
Hence, here ‘TA’ are in different rows and columns, so replace it by ‘PF’. Thus, ciphertext =
PF IZ TZ EO RT
Hill Cipher
Firstly, in hill cipher, we create a square matrix of key and we also form a matrix of
plaintext. Secondly, the general equation is as follows:
Hence, for encryption, Cipher = PKmod26, here P = plaintext and K = Key.
Moreover, for decryption, Plaintext = CK-1 mod 26. For instance, keyword = HILL and
Plaintext = EXAM, we create a 2×2 matrix of HILL and 2×1 matrix of (EX) and (AM) respectively.
Similarly, for decryption we need to find inverse of K and then multiply it by cipher value.
Lastly, we need to calculate mod 26.
Transposition Technique
Transposition technique is an encryption method which is achieved by
performing permutation over the plain text. Mapping plain text into cipher text using
transposition technique is called transposition cipher.
Transposition technique(No replacement of character) is an encryption method which is
achieved by performing permutation over the plain text. Mapping plain text into cipher text using
transposition technique is called transposition cipher.
On the one hand, the substitution technique substitutes a plain text symbol with a cipher
text symbol. On the other hand, the transposition technique executes permutation on the plain
text to obtain the cipher text. Some of the transposition techniques are:
1. Rail Fence Transposition
2. Columnar Transposition
3. Improved Columnar Transposition
4. Book Cipher/Running Key Cipher

Rail Fence Cipher

This technique is a type of Transposition technique and does is write the plain text as a
sequence of diagonals and changing the order according to each row.
It uses a simple algorithm,
1. Writing down the plaintext message into a sequence of diagonals.
2. Row-wise writing the plain-text written from above step.
Example,
Let's say, we take an example of “INCLUDEHELP IS AWESOME”.

So the Cipher-text are, ICUEEPSWSMNLDHLIAEOW.

First, we write the message in a zigzag manner then read it out direct row-wise to change it to
cipher-text.
Now as we can see, Rail-Fence Technique is very to break by any cryptanalyst.
Columnar Transition Technique
It is a slight variation to the Rail-fence technique, let's see its algorithm:
1. In a rectangle of pre-defined size, write the plain-text message row by row.
2. Read the plain message in random order in a column-wise fashion. It can be any order such
as 2, 1, 3 etc.
3. Thus Cipher-text is obtained.
Let's see an example:
Original message: "INCLUDEHELP IS AWESOME".
Now we apply the above algorithm and create the rectangle of 4 columns (we decide to
make a rectangle with four column it can be any number.)

Now let's decide on an order for the column as 4, 1, 3 and 2 and now we will read the text
in column-wise.
Cipher-text: LHIEEIUESSCEPWMNDLAO
Improved Columnar Transposition ( Columnar Technique with multiple rounds)
In this method, we again change the chipper text we received from a Basic technique that is
in round 1 and again follows the same procedure for the cipher-text from round 1.
Algorithm:
1. In a rectangle of pre-defined size, write the plain-text message row by row.
 2. Read the plain message in random order in a column-wise fashion. It can be any order such
as 2, 1, 3 etc.
3. Thus, Cipher-text of round 1 is obtained.
4. Repeat from step 1 to 3.
Example:
Original message: "INCLUDEHELP IS AWESOME".
Now we apply the above algorithm and create the rectangle of 4 column (we decide to make a
rectangle with four column it can be any number.)

Now let's decide on an order for the column as 4, 1, 3 and 2 and now we will read the text in
column-wise.
Cipher-text of round 1: LHIEEIUESSCEPWMNDLAO
Round 2:

Now, we decide to go with a previous order that is 4,1,3,2.

Cipher-text: EEENLESPICUMHISW
These multi-round columnar techniques are harder to crack as compared to methods seen
earlier.
Book Cipher or Running Key Cipher
The book cipher or the running key cipher works on the basic principle of one-time pad
cipher. In onetime pad cipher the key is taken as long as the plain text and is discarded after the
use. Every time a new key is taken for a new message.
The improvement to the onetime pad in Book cipher is that the key or the onetime pad is taken
from the book. Let us discuss the steps:
Step 1: Convert the plain text in numeric form consider A=0, B=1, C=3 …, Z=25.
Step 2: Take an onetime pad or key from any of the books and convert it in the numeric form also.
But the key must be as long as the length of plain text.
Step 3: Now add the numeric form of both plain text and key, each plain text letter with
corresponding key text letter. If the addition of any plain text letter with corresponding key text
letter is >26, then subtract it with 26.
Let us understand with the example:
Plain text: Meet Tomorrow
Key taken from the book: ANENCRYPTION.
Now we have to convert this plain text and key text in numeric form and add them to get cipher
text as shown in the image below:
The cipher text obtained is MRIGVFKDKZDJ.
So, this is all about the Transposition technique, which involves the permutation over the
plain text for converting plain text into the cipher text.

What Is Cryptanalysis?
Cryptanalysis is the study and process of analyzing and decrypting ciphers, codes, and
encrypted text without using the real key. Alternately, we can say it’s the technique of accessing a
communication’s plain text content when you don’t have access to the decryption key.
Put simply, cryptanalysis is the practice, science, or art of decrypting encrypted messages.
Cryptanalysis experts study ciphers, cryptosystems, and ciphertext to understand their functions.
Then, they use that knowledge to find or improve techniques to weaken or defeat them. However,
as we're about to see, it can be used for good or nefarious purposes.
So, a cryptographer is someone who writes encryption code used in cybersecurity, while a
cryptoanalyst is someone who tries to crack those encryption codes. Two opposing sides of the
cybersecurity coin, locked in conflict, trying to one-up the other, constantly inventing new
measures and countermeasures. This rivalry drives the innovation found in the cybersecurity
field.
Who Uses Cryptanalysis?
Unsurprisingly, hackers use cryptanalysis. Would-be hackers use cryptanalysis to root out
cryptosystem vulnerabilities rather than a brute force attack. Governments use cryptanalysis to
decipher the encrypted messages of other nations. Companies specializing in cybersecurity
products and services use cryptanalysis to test their security features. Even the world of academia
gets in on the action, with researchers and academicians looking for weaknesses in cryptographic
algorithms and protocols.
Speaking of hackers, we should point out that both black and white-hat hackers use cryptanalysis.
Black-hat hackers use it to commit cybercrimes, and white-hat hackers use it to
conduct penetration testing as directed by organizations that hire them to test their security.
Cryptanalysis Attacks and Techniques
There are many different forms of cryptanalysis attacks. However, the two most common
techniques are:
Ciphertext-Only Attack
The would-be attacker only has access to at least one encrypted message but does not know the
plaintext data, any cryptographic key data used, or the encryption algorithm being employed.
Intelligence agencies often face this challenge when they've intercepted encrypted
communications from a target. However, this is a formidable attack to pull off, thanks to the lack of
target data.
Known Plaintext Attack
This attack is easier to implement, compared to the ciphertext-only attack. With a known plaintext
attack, the analyst most likely has access to some or all the ciphertext’s plaintext. The
cryptanalyst's goal is to discover the key the target uses to encrypt the message and use the key to
decrypt the message. Once the key is discovered, the attacker can decrypt every message
encrypted with that specific key. Known plaintext attacks rely on the attacker finding or guessing
all or part of an encrypted message, or alternately, even the original plaintext's format.
And here are some other attack types and techniques cybersecurity experts potentially must
guard against:
Differential Cryptanalysis Attack
This plaintext attack variant targets block ciphers that analyze plaintext in pairs rather than
individually. This approach lets the analyst determine how the algorithm in question works when
it runs into different data types.
Man-in-the-Middle Attack
This attack occurs when the intruder finds a way to insert themselves into an otherwise secure
channel between two parties that want to exchange keys. The cryptanalyst conducts the key
exchange with each end-user, with the latter believing that they’re conducting the exchange with
each other. Thus, the involved parties are none the wiser and are now using a key that the attacker
knows.
Integral Cryptanalysis Attack
The integral cryptanalysis attack is like the differential cryptanalysis attack, but rather than using
pairs of plaintexts, the attack relies on plaintext sets where part of the plaintext remains constant,
and the remainder is modified.
Chosen Plaintext Attack
Analysts using a chosen plaintext attack either already knows the encryption or can use the device
used for encryption. The cryptanalyst can then encrypt the chosen plaintext using the targeted
algorithm to gather information regarding the key.
Side-Channel Attack
Side-channel attacks rely on information obtained from the physical system employed in the
encryption/decryption process. This attack uses data related to the target system's response time
to queries or power usage rather than the plaintext that's slated to be encrypted or the ciphertext
that comes from the encryption process.
Dictionary Attack
Many people typically use passwords consisting either of easily guessed alphanumeric sequences
or actual words. Analysts exploit this habit by encrypting all the words in a dictionary and
checking if a resulting hash matches the encrypted password residing in a SAM file format or
another password file.
Cryptanalysis Tools
Here are just a couple of the many tools used for cryptanalysis:
 Cryptol: This tool is an open-source license initially designed to be used by the Nation Security
Agency (NSA), the United States intelligence agency, targeting cryptographic algorithms.
Cryptol allows users to monitor how algorithms operate in programs that specify the ciphers or
algorithms.
 CrypTool: CrypTool is another open-source offering that creates elearning programs, plus a
web portal designed to help users learn about cryptographic algorithms and cryptanalysis.
 Ganzua: Ganzua is the Spanish term for a skeleton key or lockpick. It’s an open-source, multi-
platform Java-based tool that allows analysts to define almost totally arbitrary cipher and plain
alphabets. In addition, this function will enable users to crack non-English cryptograms.
Forms of Cryptanalysis
Analysts typically boil cryptanalysis down to two primary forms:
 Linear cryptanalysis: Linear cryptanalysis is a known plaintext attack that involves discovering
affine approximations to the target cipher’s action. The attacker studies the probabilistic linear
relations, referred to as linear approximations, between plaintext parity bits, the ciphertext,
and the target’s secret key. This attack is one of the most common attacks employed against
block ciphers.
 Differential cryptanalysis: This attack is effective against both stream and block ciphers. The
latter case describes a collection of strategies used to track differences across a network of
transformations, spotting instances where the cipher exhibits non-random behavior and
employing these attributes to find the secret cipher key. In a broader sense, differential
cryptanalysis studies how alterations in information intake could impact the resulting
differences in the output.

Block cipher and stream cipher

Block cipher and stream cipher are members of the family of symmetric key
ciphers, essentially encryption techniques used for directly transforming
the plaintext into ciphertext.

What is Block Cipher?

 A block cipher is a symmetric cryptographic technique which we used to encrypt a
fixed-size data block using a shared, secret key. During encryption, we
used plaintext and ciphertext is the resultant encrypted text. It uses the same key to encrypt both
the plaintext, and the ciphertext.
A block cipher processes the data blocks of
fixed size. Typically, a message's size exceeds
a block's size. As a result, the lengthy
message is broken up into a number of
sequential message blocks, and the cipher
operates on these blocks one at a time.
With the help of the shared secret key, a
block cipher encrypts and decrypts its input
one block rather than one bit at a time. Since
the block's size is fixed, padding is not
necessary. It is a symmetric algorithm.
During encryption, it converts text input into
cyphertext using the shared key. It uses the same key during decryption to change the cyphertext
back to the original plaintext. The length of the output and input are identical.
o Popular variations of the block cipher algorithm include the Data Encryption Standard
(DES), TripleDES, and the Advanced Encryption Standard (AES).
o The stream cipher uses a shared key and operates on its input one bit at a time, which is
the block cipher's counterpart.
o Alternative to the block cipher algorithm includes public-key
cryptography and asymmetric cryptography. This algorithm uses the public key to
encrypt plaintext and a private key to decrypt the ciphertext.
There are various modes of operation of a block cipher:
o Electronic Code Book (ECB) Mode
o Cipher Block Chaining (CBC) Mode
o Cipher Feedback (CFB) Mode
o Output Feedback (OCB) Mode
o Counter (CTR) Mode
These modes serve as a block cipher's general procedures principles.
1. Electronic Codebook Mode
Electronically code message in plaintext form is dine in ECB mode. It is the most
straightforward block cipher operating mode. It does not introduce any randomness to the key
stream, and it is the only mode we can use to encrypt a single-bit stream. Using the cipher's key
and substitution alphabet, each plaintext symbol, such as a character from the plaintext alphabet,
is transformed into a ciphertext symbol. Each block of plaintext is encrypted separately from
every other block. Only 8 bytes of the key are used when the plaintext block is only 8 bytes long,
and all 100 bytes of the key are utilised when the plaintext block is 100 bytes long.
2. Cipher Block Chaining Mode (CBC)
When using CBC mode to encrypt data, each block of plaintext is combined with the
ciphertext that came before it. A ciphertext generated by the symmetric algorithm depends on all
plaintext block processed in the data stream before it. This is done to ensure that every block of
the ciphertext depends on every other block that came before it. Before using the cipher algorithm
to encrypt the data, each block of plaintext is XORed (exclusive OR) with the block of ciphertext
that came before it. Numerous security applications used CBC mode. For example, Secure Sockets
Layer/Transport Layer Security uses CBC mode in order to encrypt data which is transferred over
the internet.
3. Ciphertext Feedback Mode (CFB)
It is occasionally important to quickly encrypt and send plaintext values, one at a time, as
opposed to CBC mode, which encrypts a predetermined number of bits of plaintext at a
time. CFB also uses an IV, similar to CBC. A block cipher is a part of the random number generator
used by CFB. In CFB mode, the previous ciphertext block is encrypted, and the output
is XORed with the current plaintext block to create the current ciphertext block.
4. Output Feedback Mode (OFB)
In certain ways, CBC and OFB modes are comparable and can be used with any block
cipher. It uses a feedback mechanism; however, in OFB mode, the preceding block of ciphertext is
XORed with the plaintext after encryption rather than prior to encryption.
5. Counter Mode (CTR)
CTR mode uses a block chaining mode of encryption as a building block. The process of
encrypting data is performed by XORing the plaintext with a series of pseudorandom values that
are each created from the ciphertext using a feedback function; data is encrypted. A series
of XORs between blocks of plaintext and corresponding blocks of ciphertext can be used to
represent the CTR encryption process.

Examples of Block Ciphers

The majority of contemporary cipher suites are based on block ciphers. Several encryption
standard protocols that utilise block ciphers are:
1. Data Encryption Standard (DES)
Initially, sensitive, private information was protected using a 56-bit symmetric key
algorithm. DES was later discontinued because of its short length and other security issues,
although it is still regarded as a pioneer encryption standard.
2. Advanced Encryption Standard (AES)
It is a popular block cipher which encrypts data in blocks of 128 bits using 128,
192, and 256-bit symmetric keys. The underlying block cipher uses substitution-permutation and
transportation techniques to produce ciphertext by shuffling and replacing input data in a
sequence of linked calculations. AES is a widely encryption standard since cryptanalysis efforts
against its algorithms have been ineffective.
3. Twofish
Twofish is an encryption standard that uses a Feistel network, a complex key schedule,
and substitution techniques to separate the key and ciphertext. Using keys that can range in size
from 128 to 256 bits, the standard encrypts plaintext data in blocks of 128 bits.
Block ciphers are also used by other encryption schemes such as 3DES, Serpent, and Blowfish.

What is Stream Cipher?

A stream cipher uses time-varying changes on plaintext data to encrypt a continuous
string of binary numbers. As a result, this method of encryption works bit-by-bit, utilising
keystreams to generate ciphertext for
arbitrary lengths of plain text
messages. The cipher combines a
key (128/256 bits) and a nonce
digit (64-128 bits) in order to
generate the keystream - a
pseudorandom number XORed with
the plaintext to generate the
ciphertext.
The keystream must be
different for each encryption iteration
even though the key and nonce can be reused to maintain security. In order to build the
keystream, stream encryption ciphers generate a unique nonce (a number used only once utilising
feedback shift registers.
Since a mistake in the translation of one bit often does not affect the entire plaintext block,
stream cipher encryption algorithms are less likely to cause system-wide errors to spread.
Additionally, stream encryption is linear and continuous, making it easier and quicker to deploy.
However, stream ciphers do not have diffusion because each digit of the plaintext is mapped to
one ciphertext output. Furthermore, they don't check for validity, which leaves them open to
insertions. If hackers defeat the encryption algorithm, they are able to add to or change the
encrypted message without being noticed. Stream ciphers are typically used to encrypt data in an
application where the volume of plain text cannot be predicted and in low latency use-cases.
In other words, a stream cipher is a type of encryption that uses plain text numbers and a
stream of pseudorandom cipher digits. Each binary digit receives one bit at a time of this
pseudorandom encryption digit stream. This encryption technique uses an infinite number of
pseudorandom cipher digits for each key.
State cipher is another name for a stream cipher. The term "state cipher" refers to a system where
the encryption of each number is dependent on the cipher's current state.

Types of Stream Ciphers

There are two types of Stream Ciphers:
1. Synchronous Stream Ciphers
In a synchronous stream cipher, the keystream block is created independently of the previous
ciphertext and plaintext messages. The most popular stream cipher modes produce a string of bits
using pseudorandom number generators and combine it with the key to create the keystream,
which is then XORed with the plaintext to produce the ciphertext.
2. Self-Synchronizing/Asynchronous stream Ciphers
The previous ciphertext block's fixed size (N-bits) and symmetric key are used to generate the
keystream block via a self-synchronizing stream cipher, also known as ciphertext autokey.
Asynchronous stream cipher can recognize active attacks by altering the ciphertext, which
changes the information in the subsequent keystream. Due to the fact that a single-digit error can
only affect a maximum of N bits, these ciphers also have restricted error propagation.
Example of Stream Ciphers
The following are examples of stream ciphers:
1. River Cipher (RC4)
A quick and easy encryption algorithm called RC4/ARC4/ARCFOUR was created in 1987 to
accomplish byte-by-byte encryption utilising 64- or 128-bit length keys. Transport Layer
Security, secure Sockets Layer, and the IEEE 802.11 WLAN standard all use
extensively RC4. The widely used encryption method is available in a number of variations,
including SPRITZ, RC4A, and RC4A+.
2. Salsa20
Salsa20 is a powerful, up-to-date encryption cipher that creates the encryption keystream using
an expansion function. Salsa20 also relies on a core function which uses add-rotate-
XOR (ARX) operations to map the key, a nonce digit, and constant vectors retrieved from the
expansion function to the keystream.
3. Software-Optimized Encryption Algorithm (SEAL)
An additive binary stream cipher called SEAL is designed for systems with 32-bit CPUs and
enough RAM. The encryption standard depends on a pseudorandom family that maps a 32-
bit string to any length string using a length-increasing function and a 160-bit key.
PANAMA, Scream, Rabbit, HC-256, and Grain are a few other examples of stream ciphers.