UNIT – 1

INTRODUCTION
Security trends - Legal, Ethical and Professional Aspects of Security,
Need for Security at Multiple levels, Security Policies - Model of
network security – Security attacks, services and mechanisms – OSI
security architecture – Classical encryption techniques:
substitution techniques, transposition techniques, steganography-
Foundations of modern cryptography: perfect security – information
theory – product cryptosystem – cryptanalysis.

INTRODUCTION

Computer data often travels from one computer to another, leaving the
safet y of its protected physical surroundings. Once the data is out of hand, people
with bad intention could modify or forge your data, either for amusement or for their
own benefit.
Cryptograph y can reformat and transform our data, making it safer on its trip
between computers. The technology is based on the essentials of secret codes,
augmented b y modern mathematics that protects our data in powerful ways
Data Security is the science and study of methods of protecting data from
unauthorized disclosure and modification.
Data and information security is about enabling collaboration while managing risk
with an approach that balances availability versus the confidentiality of data.
Computer Security: Generic name for the collection of tools designed to protect data
and to thwart hackers.
Network security: Measures to protect data during their transmission.
Internet Security: Measures to protect data during their transmissions over a
collection of interconnected networks.
Basic Concepts
Cryptography The art or science encompassing the principles and methods of
transforming an intelligible message into one that is unintelligible, and then
retransforming that message back to its original form
Plaintext The original message

1
 Cipher text The transformed message produced as output ,it depends on the
plaintext and key
Cipher An algorithm for transforming an intelligible message into one that is
unintelligible by transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender&
receiver
Encipher (encode) The process of converting plaintext to cipher text using a cipher
and a key
Decipher (decode) the process of converting cipher text back into plaintext using a
cipher and a key
Cryptanalysis The study of principles and methods of transforming an
unintelligible message back into an intelligible message without knowledge of the
key. Also called code breaking
Cryptology Both cryptography and cryptanalysis
Code An algorithm for transforming an intelligible message into an
unintelligible one using code-book.

1.1 SECURITY ATTACKS, SERVICES AND MECHANISMS

To assess the security needs of an organization effectivel, the manager responsible

for security needs some s ystematic wa y of defining the requirements for security and
characterization of approaches to satisfy those requirements. One approach is to consider
three aspects of information security:
Security attack – Any action that compromises the securit y of information
owned b y an organization.
Security mechanism – A mechanism that is designed to detect, prevent or recover
from a security attack.
Security service – A service that enhances the security of the data processing systems
and the information transfers of an organization. The services are intended to counter
security attacks and they make use of one or more securit y mechanisms to provide the
service.
1.1.1 Security
The protection afforded to an automated information system in order to attain the applicable
2
objectives of preserving the integrity, availability, and confidentiality of information system
resources.
This definition introduces three key objectives that are at the heart of computer
security:
Confidentiality: This term covers two related concepts:
• Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
Integrity: This term covers two related concepts:
• Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
• System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
Availability: Assures that systems work promptly and service is not denied to
authorize users.

1.1.2 Security Services in X.800

• X.800 defines a security service as a service that is provided by a protocol layer of
communicating open systems, which ensures adequate security of the systems or of data
transfers.

X.800 divid es these services into five categories and fourteen specific services
They are:
a. Authentication
b. Access control
c. Data confidentiality
d. Data Integrity
e. Non- Repudiation

3
Authentication:
The assurance that the communicating entity is the one that it claims to be so.
There are two types of authentication:
• Peer entity Authentication
• Data origin Authentication
Peer Entity Authentication is used in association with logical connection to provide
confidence in the identity of the entities connected

Data Origin Authentication: In a connectionless transfer, provides assurance that the

source of received data is as claimed

Access Control:
The prevention of unauthorized use of a resource i.e., this server controls who can have
access to a resource, under what conditions access can occur, and what those accessing the
resources are allowed to do.

Data Confidentiality
It is a protection of data from unauthorized disclosure. It is the protection of
transmitted data from passive attacks.
It can be categorized into four different types
• Connection Confidentiality
• Connectionless Confidentiality
• Selective- Field confidentiality
• Traffic- Flow Confidentiality
Connection Confidentiality – Protection of all user data on a connection Connectionless
Confidentiality- The protection of all user data in a single data block Selective – Field
Confidentiality- The confidentiality of selected fields within the user data on a connection
or in a single data block
Traffic – Flow Confidentiality- the Protection of the information that might be derived
from observation of traffic flows

Data Integrity
It is an assurance that data received are exactly as sent by an authorize entity.
4
 There are five categories in Data Integrity
• Connection Integrity with Recovery
• Connection Integrity without Recovery
• Selective – Field Connection Integrity
• Connectionless Integrity
• Selective Field Connectionless Integrity
Connection Integrity with Recovery: provides for integrity of all user data on a
connection and detects any modification, insertion, deletion or replay of any data within an
entire data sequence, with recovery attempted.
Connection Integrity without Recovery: It provides the complete integrity but the
detection takes place without recovery.
Selective Field Connection Integrity: provides for the integrity of selected fields within
the user data of a block transferred over a connection and takes the form of determination of
whether the selected fields have been modified, inserted, deleted or replayed.
Connectionless Integrity: provides for the integrity of a single connectionless data block
and may take the form of detection of data modification.
Selective – Field Connectionless Integrity: provides for the integrity of selected fields
within a single connectionless data block. It takes the form of determination of whether the
selected fields have been modified.

Non – Repudiation
It provides protection against denial by one of the entities involved in communication of
having participated in all or part of the communication
Non – Repudiation, Origin: Proof that the message was sent by the specified party
Non – Repudiation, Destination: Proof that the message was received by the specified
party.

1.1.3 Security Mechanism

• feature designed to detect, prevent, or recover from a security attack

• no single mechanism that will support all services required
• however one particular element underlies many of the security mechanisms in use:
– cryptographic techniques
5
Security mechanism Categorized as
Specific Security Mechanisms - May be incorporated into the appropriate protocol
layer in order to provide some of the OSI security services.
Pervasive Security Mechanisms - Mechanisms that are not specific to any
particular OSI security service or protocol layer.

Specific Security mechanism Categorized as

Encipherment - The use of mathematical algorithms to transform data into a form
that is not readily intelligible. The transformation and subsequent recovery of the
data depend on an algorithm and zero or more encryption keys.
Digital Signature - Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery (e.g., by the recipient).
Access Control - A variety of mechanisms that enforce access rights to resources.
Data Integrity - A variety of mechanisms used to assure the integrity of a data unit
or stream of data units.
Authentication Exchange - A mechanism intended to ensure the identity of an
entity by means of information exchange.
Traffic Padding - The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
Routing Control - Enables selection of particular physically secure routes for
certain data and allows routing changes, especially when a breach of security is
suspected.
Notarization - The use of a trusted third party to assure certain properties of a data
exchange.

Pervasive Security mechanism Categorized as

Trusted Functionality - That which is perceived to be correct with respect to some
criteria (e.g., as established by a security policy).
Security Label - The marking bound to a resource (which may be a data unit) that
names or designates the security attributes of that resource.
Event Detection - Detection of security-relevant events.
6
 Security Audit Trail - Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of system records and
activities.
Security Recovery - Deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions.

1.1.4 Security Attacks

• An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.
Security attack
Any action that compromises the security of information owned by an organization
There are two types of Attacks:
1. Passive attacks
2. Active attacks
Passive attacks
• The Nature of eavesdropping on, or monitoring of, message during transmission.
The goal of the opponent is to obtain information that is being transmitted
• Two types of passive attacks are and
1. Release of message contents
2. Traffic analysis
The release of message contents is one type of passive attack. A telephone
Conversation, an electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents
of these transmissions. But these messages were known by the intruder

7
 Intruder

Read contents of messages

from sender to receiver

Sender Receiver

Internet or other
communication facility

a) Release of message contents

Traffic Analysis is a second type of passive attack in which the intruder observes the
pattern of messages in between the sender and the receiver.

Intruder

Observe pattern of
messages from sender to

Sender Receiver

Internet or other
communication facility

b)Traffic Analysis
Active attacks
• It involves some modification of data stream or the creation of false data stream.
• Active attack can be subdivided into four categories:
1. Masquerade
2. Replay
3. Modification of message
4. Denial of service.
Masquerade
• A masquerade takes place when one entity makes believe to be a different entity.
• A masquerade attack usually includes one of the other forms of active attack. For
example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
privileges.
Intruder

Message from Intruder

that appears to be from
sender

Sender Internet or other Receiver

communication
facility

a) Masquerade

Replay
• Replay attack involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
 Intruder

Capture messages from

sender to receiver and later

Receiver
Sender

Internet or other communication facility

b) Replay

Modification of messages
• It simply means that some portion of a legitimate message is altered, or that message
are delayed or reordered, to produce an unauthorized effect.

Intruder

Intruder modifies message

from sender to Receiver

Sender Receiver
Internet or other
communication facility

c) Modification of Messages
Denial of Service
• The denial of service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for example, an
entity may suppress all messages directed to a particular destination (e.g., the
security audit service).
• Another form of service denial is the disruption of an entire network, either by
disabling the network or by overloading it with messages so as to degrade
performance.
d) Denial of Service

Intruder

Intruder disrupts service

provided by server

Sender Internet or other

communication facility Receiver

S.NO Passive attack Active attack

1. The Nature of eavesdropping on, It involves some modification of data
or monitoring of, message during stream or the creation of false data
transmission. The goal of the stream.
opponent is to obtain information
that is being transmitted.
2. Passive attack is very difficult to Active attack is easy to detect.
detect.
3. Two types of passive attacks are Active attack can be subdivided into
release of message contents and four categories: masquerade, replay,
traffic analysis. modification of message, and denial
of service.
4. Eg: Interception E.g.: Fabrication, Modification, and
Interruption
1.2 OSI SECURITY ARCHITECTURE.
• The Open Systems Interconnection (OSI) security architecture provides a systematic
framework for defining security attacks, mechanisms, and services.
Threat
• A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a
threat is a possible danger that might exploit vulnerability.
Attack
• An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system
The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as
• Security attack: Any action that compromises the security of information owned by
an organization.
• Security mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security
of the data processing systems and the information transfers of an organization. The
services are intended to counter security attacks, and they make use of one or more
security mechanisms to provide the service.

1.3 NETWORK SECURITY MODEL

A message is to be transferred from one party to another across some sort of Internet
service.
The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place.
A logical information channel is established by defining a route through the Internet
from source to destination and by the cooperative use of communication protocols
(e.g., TCP/IP) by the two principals.
All the techniques for providing security have two components:
• A security-related transformation on the information to be sent. Examples include
the encryption of the message, which scrambles the message so that it is unreadable
 by the opponent, and the addition of a code based on the contents of the message,
which can be used to verify the identity of the sender.
• Some secret information shared by the two principals and, it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the
transformation to scramble the message before transmission and unscramble it on
reception.
A trusted third party may be needed to achieve secure transmission. For example, a
third party may be responsible for distributing the secret information to the two
principals while keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the authenticity of a
message transmission.

This general model shows that there are four basic tasks in designing a
particular security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.
Programs can present two kinds of threats:
• Information access threats: Intercept or modify data on behalf of users who should
not have access to that data.
• Service threats: Exploit service flaws in computers to inhibit use by legitimate
users.

1.4 CLASSICAL ENCRYPTION TECHNIQUES

1.4.1 Symmetric Cipher Model
• Symmetric encryption also referred to as conventional encryption or single key
encryption.
Five ingredients

o Plain text
o Encryption algorithm
o Secret key
o Cipher text
o Decryption algorithm
Plain text
• An original message is known as the plaintext (Readable format)
• Plaintext is information a sender wishes to transmit to a receiver
Cipher text
• Coded message is called the Cipher Text.(Unreadable format)
 • Cipher text (or cypher text) is the result of encryption performed on plaintext using
an algorithm, called a cipher.
Secret key
• The secret key is also input to the encryption algorithm . the key is the value
independent of the plaintext and of the algorithm. The algorithm produces a different
output depending on the specific key used. The substitutions and transformation
performed by the algorithm depend on the key.
• A private or secret key is an encryption/decryption key known only to the party or
parties that exchange secret messages
Encryption algorithm
• The encryption algorithm performs various substitutions and transformations on the
plain text.
Decryption algorithm
• This is essentially the encryption algorithm run in reverse. It takes the cipher text
and the secret key and produces the original plain text.
Basic Terminology
• Cryptography - study of encryption principles/methods.
• Cryptanalysis (code breaking) - the study of principles/ methods of deciphering
ciphertext without knowing key.
• Cryptology - the field of both cryptography and cryptanalysis.

Two requirements for secure use of conventional encryption:

• A Strong encryption algorithm. At a minimum, we would like the algorithm to be

such that an opponent who knows the algorithm and has access to one or more
cipher texts would be unable to decipher the cipher text.
• Sender and receiver must have obtained copies of the secret key in a secure fashion
and must keep the key secure.
Y = EK(X)
X = DK(Y)
Or
Y=E(K,X)
X=D(K,Y)
• Let us assume encryption algorithm is known implies a secure channel to distribute
key

Symmetric Cipher Model

Cryptography
• Cryptographic systems are characterized by:
– Types of encryption operations used substitution / transposition / product
– Numbers of keys used single-key or private / two-key or public
– Ways in which plaintext is processed block / stream
Cryptanalysis
• Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some
knowledge of the characteristics of the plain text or even some sample plain text
–cipher text pairs.
• To deduce a specific plain text or to deduce the key being used.

Types of Cryptanalytic Attacks

• Cipher text only
– Only know algorithm / cipher text, statistical, can identify plaintext
• known plaintext
– know/suspect plaintext & cipher text to attack cipher
 • Chosen plaintext
– select plaintext and obtain cipher text to attack cipher
• Chosen cipher text
– select cipher text and obtain plaintext to attack cipher
• Chosen text
– select either plaintext or cipher text to en/decrypt to attack cipher

Brute Force attack

• The attacker tries every possible key on a piece of cipher text until an intelligible
translation into plaintext is obtained. On average, half of all possible keys must
be tried to achieve success.
• Brute-force attacks are an application of brute-force search, the general problem-
solving technique of enumerating all candidates and checking each one.

Brute Force Search

• always possible to simply try every key
• most basic attack, proportional to key size assume either know / recognize
plaintext
Advantages of Symmetric –key Cryptography
1. High rates of data throughput.
2. Keys for symmetric-key ciphers are relatively short.
3. Symmetric –key ciphers can be used as primitives to construct various cryptographic
various cryptographic mechanisms.
4. It can be composed to produce stronger ciphers.
5. It is perceived to have an extensive history.
Disadvantages of Symmetric –key Cryptography
1. Key must remain secret at both ends.
2. In large networks, there are many keys pairs to be managed.
3. Sound Cryptographic practices dictates that the key be changed frequently.
4. Digital signature mechanisms arising from Symmetric –key encryption typically
require either keys or the use of third trusted parties.
1.4.2 Substitution Technique
The letters of plaintext are replaced by other letters or by numbers or symbols Or if
plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with cipher text bit patterns
Different Types of Substitution Techniques
• Caesar Cipher
• Mono alphabetic Cipher
• Play Fair Cipher
• Hill Cipher
• Polyalphabetic Cipher
• One Time Pad
Caesar Cipher
The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.
Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
• It can define transformation as:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
• It mathematically give each letter a number
a b c d e f g h i j k l mn o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 1213 14 15 16 17 18 19 20 21 22 23 24 25
• Caesar cipher as: K=Values from 1 to 25
Encryption Algorithm
C = E(3,p) = (p + k) mod (26) (i.e) C=E(k,p)=(p+k) mod 26

Decryption Algorithm
p = D(K,C) = (C – k) mod (26)
Mono alphabetic Cipher
• Each letter in the plaintext is encoded by only one letter from the
cipher alphabet, and each letter in the cipher alphabet represents only one letter
in the plaintext.
• Each letter is replaced by a different letter or symbol.
• Key = permutation (still need to decide on a key and exchange this
information in a secure way)
• Permutation: A permutation of a finite set elements S is an ordered sequence
of all the elements of S.
• 26! Possibilities
Plain: abcdefghijklmnopqrstuvwxyz
Cipher:
DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Example Cryptanalysis
• Given ciphertext:

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPH
Z
HMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMB
Z
WPFUPZHMDJUDTMOHMQ

• count relative letter frequencies

• guess P & Z are e and t
• guess ZW is th and hence ZWP is the , By proceeding with trial and error
finally get.

it was disclosed yesterday that several informal but

direct contacts have been made with political
representatives of the Vietcong in Moscow
Playfair Cipher

• The best-known multiple-letter encryption cipher is the Playfair, which treats

 diagrams in the plaintext as single units and translates these units into ciphertext
diagrams.
• The Playfair algorithm is based on the use of a 5 × 5 matrix of letters constructed
using a keyword.
• Example for Play fair cipher, when the keyword is monarchy.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

Hill Cipher

• Hill cipher is a polygraphic substitution cipher based on linear algebra. Each

letter is represented by a number modulo 26.
• The encryption algorithm takes m successive plaintext letters and
substitutes for them m ciphertext letters.
• The Substitution is determined by m linear equations in which each character
a numerical value (a =0, b=1, ….z=25). For m=3, the system can be
described as follows.
o C1 = (k11p1+k12p2+k13p3) mod 26
o C2 = (k21p1+k22p2+k23p3) mod 26
o C3= (k31p1+k32p2+k33p3) mod 26

mod 26

Or

C=KP mod 26
where C and P are column vectors of length 3 representing the plaintext and ciphertext,
and K is a 3x3 matrix representing the encryption key.
• Operations are performed mod 26.
• In general terms, the Hill system can be expressed as

Polyalphabetic Ciphers
• Another way to improve on the simple monoalphabetic technique is to use different
monoalphabetic substitutions as one proceeds through the plaintext message. This
approach is known as polyalphabetic substitution cipher.
• Each letter in the plaintext can be encoded by any letter in the cipher alphabet, and
each letter in the cipher alphabet may represent different letters from the plaintext
each time it appears.
• A general equation of the encryption process is
Ci = (pi + ki mod m)mod 26
• Decryption is a generalization of
pi = (Ci - kimod m)mod 26
Vigenère Cipher
• Simplest polyalphabetic substitution cipher is the Vigenère Cipher.
Effectively multiple Caesar ciphers.
• Key is multiple letters long K = k1k2 ... kd. the ith letter specifies ith alphabet
to use.
• Use each alphabet in turn repeat from start after d letters in message
decryption simply works in reverse.

Example
• Using keyword deceptive
Key : deceptivedeceptivedeceptive
Plaintext : wearediscoveredsaveyourself
 Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of Vigenère Ciphers

• Have multiple cipher text letters for each plaintext letter. Hence letter
frequencies are obscured but not totally lost.
• Start with letter frequencies, monoalphabetic or not. If not, then need to
determine number of alphabets, since then can attach each.

One-Time Pad

• The key string is chosen at random and at least as long as the message, so it
does not repeat.
• Each new message requires a new key of the same length as the new
message. It produces random output that bears no statistical relationship to
the plaintext.
• If a truly random key as long as the message is used, the cipher will be secure
called a One-Time pad
• It is unbreakable since cipher text bears no statistical relationship to the plain
text since for any plaintext &any cipher text there exists a key mapping one
to other. It can only use the key once though have problem of safe
distribution of key.

c o m e t o d a y
Plaintext :
2 14 12 4 19 14 3 0 24
N C B T Z Q A R X
key
13 2 1 19 25 16 0 17 23
Total 15 16 13 23 44 30 3 17 47
Subtract
26 15 16 13 23 18 04 3 17 21
If> 25
Cipher
P Q N X S E D R V
text
 1.4.3 Transposition cipher

• A very different kind of mapping is achieved by performing some sort of

permutation on the plaintext letters. This technique is referred to as a
transposition cipher.
• The simplest such cipher is the rail fence technique, in which the plaintext is
written down as a sequence of diagonals and then read off as a sequence of rows.
• For example, to encipher the message “meet me after the toga party” with a rail
fence of depth 2, we write the following:
m emat r h t g p ry
e t e f et e o a a t
• The encrypted message is
MEMATRHTGPRYETEFETEOAAT

1.4.4 Steganography

Hiding the message into some cover media. It conceals the existence of a
message.
Steganography is the art or practice of concealing a message, image, or file
within another message, image, or file.
Techniques of Steganography

Character Marking:
Selected letters are overwritten in pencil.The marks are not visible unless
the paper is held at an angle to bright light.
Invisible Ink:
No.of substances can be used for writing but leave no visible trace until
heat or some chemical is applied to the paper
Pin Punctures:
Small pin punctures on selected letters are ordinarily not visible unless the
paper is held up in front of sunlight.
Drawbacks
High overhead to hide relatively few info bits
Advantages
Secret communication
1.6 Modern Cryptography
Modern cryptography is the cornerstone of computer and communications security. Its
foundation is based on various concepts of mathematics such as number theory,
computational-complexity theory, and probability theory.

Characteristics of Modern Cryptography

There are three major characteristics that separate modern cryptography from the classical
approach.

Classic Cryptography Modern Cryptography

It manipulates traditional characters, i.e., letters It operates on binary bit sequences.

and digits directly.

It is mainly based on ‘security through It relies on publicly known mathematical

obscurity’. The techniques employed for coding algorithms for coding the information.
were kept secret and only the parties involved in Secrecy is obtained through a secrete key
communication knew about them. which is used as the seed for the
algorithms. The computational difficulty
of algorithms, absence of secret key, etc.,
make it impossible for an attacker to
obtain the original information even if he
knows the algorithm used for coding.

It requires the entire cryptosystem for Modern cryptography requires parties

communicating confidentially. interested in secure communication to
possess the secret key only.

Context of Cryptography

Cryptology, the study of cryptosystems, can be subdivided into two branches −

• Cryptography
• Cryptanalysis
What is Cryptography?

Cryptography is the art and science of making a cryptosystem that is capable of providing
information security.

Cryptography deals with the actual securing of digital data. It refers to the design of
mechanisms based on mathematical algorithms that provide fundamental information security
services. You can think of cryptography as the establishment of a large toolkit containing
different techniques in security applications.

What is Cryptanalysis?

The art and science of breaking the cipher text is known as cryptanalysis.

Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic
process results in the cipher text for transmission or storage. It involves the study of
cryptographic mechanism with the intention to break them. Cryptanalysis is also used during
the design of the new cryptographic techniques to test their security strengths.

Note − Cryptography concerns with the design of cryptosystems, while cryptanalysis studies
the breaking of cryptosystems.

Security Services of Cryptography

The primary objective of using cryptography is to provide the following four fundamental
information security services. Let us now see the possible goals intended to be fulfilled by
cryptography.

Confidentiality

Confidentiality is the fundamental security service provided by cryptography. It is a security

service that keeps the information from an unauthorized person. It is sometimes referred to
as privacy or secrecy.

Confidentiality can be achieved through numerous means starting from physical securing to
the use of mathematical algorithms for data encryption.
Data Integrity

It is security service that deals with identifying any alteration to the data. The data may get
modified by an unauthorized entity intentionally or accidently. Integrity service confirms that
whether data is intact or not since it was last created, transmitted, or stored by an authorized
user.

Data integrity cannot prevent the alteration of data, but provides a means for detecting whether
data has been manipulated in an unauthorized manner.

Authentication

Authentication provides the identification of the originator. It confirms to the receiver that the
data received has been sent only by an identified and verified sender.

Authentication service has two variants −

• Message authentication identifies the originator of the message without any regard
router or system that has sent the message.

• Entity authentication is assurance that data has been received from a specific entity, say
a particular website.

Apart from the originator, authentication may also provide assurance about other parameters
related to data such as the date and time of creation/transmission.

Non-repudiation

It is a security service that ensures that an entity cannot refuse the ownership of a previous
commitment or an action. It is an assurance that the original creator of the data cannot deny the
creation or transmission of the said data to a recipient or third party.

Non-repudiation is a property that is most desirable in situations where there are chances of a
dispute over the exchange of data. For example, once an order is placed electronically, a
purchaser cannot deny the purchase order, if non-repudiation service was enabled in this
transaction.

Cryptography Primitives

Cryptography primitives are nothing but the tools and techniques in Cryptography that can be
selectively used to provide a set of desired security services −

• Encryption
 • Hash functions
• Message Authentication codes (MAC)
• Digital Signatures
The following table shows the primitives that can achieve a particular security service on their
own.

Note − Cryptographic primitives are intricately related and they are often combined to achieve
a set of desired security services from a cryptosystem.