CNS

Information Technology⇒ Tyqzcxletzy Epnsyzwzrj

key 11
Plaintext alphabet: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext alphabet: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

● N → D
● A → Q
● N → D
● D → R
● E → T
● D → R

So, "NANDED" becomes "DQDRTR".

Permutation Pattern : (3, 1, 4, 6, 2, 5)
PLain Text: A C T I V E
Cipher Text: T A I E C V

Permutation Pattern: (3, 1, 4, 6, 2, 5)

Inverse Permutation Pattern: (2, 5, 1, 3, 6, 4)
Rules of Playfair Cipher
• If the letters are in the same row, replace each with the letter
immediately to its right (wrapping around to the beginning of
the row if necessary).
• If the letters are in the same column, replace each with the
letter immediately below it (wrapping around to the top of the
column if necessary).
• If the letters form a rectangle, replace each with the letter on
the same row but in the column of the other letter of the
pair.
Playfair Cipher
“Why, don’t you?”

WH YD ON TY OU
YI EA ES VK EZ
Cryptographic algorithms and protocols
• Symmetric encryption: Uses the same key for both encryption
and decryption. The key must be kept secret, and both parties
must have access to the same key.
• Asymmetric encryption: Uses a pair of keys: a public key for
encryption and a private key for decryption. The public key can
be shared openly, while the private key is kept secret.
• Data integrity algorithms: Used to protect blocks of data, such
as messages, from alteration.
• Authentication protocols: These are schemes based on the
use of cryptographic algorithms designed to authenticate the
identity of entities.
Network and Internet security
• The field of network and Internet security consists of measures
to deter, prevent, detect, and correct security violations that
involve the transmission of information.
1. Unauthorized Monitoring
User A transmits a file with sensitive information to User B. User C intercepts the transmission.
2. Message Interception and Alteration
• Network Manager D sends an update message to Computer E.
User F intercepts and alters the message before forwarding it.
3. Message Fabrication
• User F fabricates a message pretending to be from Network
Manager D and sends it to Computer E.
4. Message Delay
• A personnel manager sends an account invalidation(proving
wrong) message to a server. The fired employee intercepts and
delays the message to make a final access.
5. Message Denial
• A customer sends instructions to a stockbroker. Later, the
customer denies sending the message after the investments
lose value.
The Security Requirements Triad
• Confidentiality: Ensures that information is accessible only
to those authorized to have access. A loss of confidentiality
means unauthorized disclosure of information.
• Integrity: Protects information from being altered in an
unauthorized way, ensuring non repudiation and authenticity. A
loss of integrity refers to unauthorized modification or
destruction of information.
• Availability: Ensures that information and resources are
accessible when needed. A loss of availability means
disruption of access to or use of information or an information
system.
• Authenticity ensures that users and information sources are
genuine and verified
• Accountability requires actions to be traceable to their origin
to support security measures like nonrepudiation, deterrence,
and forensic analysis.
Confidentiality:
• Example: Data is encrypted with passwords to protect customers' personal and financial information (for example, account numbers,
transaction details) while it is transmitted on the internet.
• Importance: It is used to keep impostor away from any data that they cannot reach unless they have the Authority to entitle them to see or
change it.

Integrity:
• Example: Checks on the validity of the data are established so that the transactions are accurate and free from fraud. Additionally,
audit logs keep a record of all the transactions.
• Importance: It is supposed to verify the extent to which the information is accurate and unaltered, so the integrity of the data is authentic.

Availability:
• Example: The banking system uses replicated servers and backup systems to allow users to access their accounts and carry out the
transactions every time in case of failure of a server.
• Importance: The reason why users can use the system is because of its constant reliability and availability during demand periods. It is
also kind of responsible as it does not make finer decisions for transporting data.
Find the solution in terms of CIA Triad
• Once the student submitted their assignment online, a
classmate intercepted and altered it after it had been sent to the
teacher. As a result, the student received a lower grade
because the assignment did not accurately reflect their original
work.
• How to address this issue?
Solution
• Tool: Adobe Acrobat or another program where digital
signatures are supported.

• How It Helps: Digital signatures can prove the originality and

indestructibility of the document; thus, we are guaranteed that
the document was not altered since the signature.
Find the solution in terms of CIA Triad
• Sensitive student data such as the grades and personal details
is looked at by unwanted people, exposing details that should
remain private.
Solution
• In a scenario like this, a student's private data, for example,
these scores or details related to one's person, were accessible
to those who did not have a right to do so through a breach in
information.
• Solution: Apply role-based access controls (RBAC) to the
school information systems.
• Set strong passwords, regularly change access permissions,
and introduce multi factor authentication (MFA) for better safety.
Find the solution in terms of CIA Triad
• An academic institution is having online tests wherein the
students answer by using computers. On the other hand, issues
are concerned about such things as cheating and unauthorized
access to exam materials.
Solution
• Solution: Ensure secure delivery of examination questions and
materials against unauthorized access or tampering.
• Implement: Both in-transit and at-rest encryption of
examination content, transfer through secure protocols like
HTTPS. This functionality, however, remains with access limited
only to those authorized.
The Challenges of Computer Security
• Complexity in Security Requirements: Some security services, like confidentiality, authentication,
and integrity, are easy to conceive but require complex mechanisms for their implementation,
often subtle reasoning.

• Designing Under Attack: The security mechanisms will be designed under scrutiny of possible
attacks exploiting unexpected weaknesses and hence require a different way of problem-solving.

• Counterintuitive Security Procedures: Effective security measures often turn out to be

counterintuitive (does not happen in the way you would expect it to) at first glance because
they must deal with elaborate threats that are not immediately obvious from basic security
requirements.

• Complexity Beyond Algorithms: Security mechanisms not only depend on algorithms, but also
require secret information, typically connected with keys, besides communication protocols, which
can give complexity to their design and deployment.
• Battle of attacker and Defender: Security is an ongoing battle
between attackers who are continuously on the lookout for loopholes
and defenders trying to shut them all
• Perception about Security Investment: Unless a security breach
takes place, users and managers may not realize the benefits of a
security investment and hence underestimate its importance.
• Challenges of Monitoring: Security needs to be monitored, and
monitoring in today's fast and overloaded environments is
challenging.
• Security vs. Usability: Effective security measures are often
perceived as impediments to efficient and easy utilization of systems
or information.
• Security attack: Any action that compromises the security of
information owned by an organization.
• Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or recover
from a security attack.
• Security service: A processing or communication service
that enhances the security of the data processing systems and
the information transfers of an organization.
Security Attacks
Passive Attacks:
The objective of passive attacks is to intercept information from
the system without modification or effect on systems resources.
Active Attacks:
Active attacks involve modification or manipulation of system
resources to disturb their normal operation or to gain
unauthorized access.
Release of message contents
Traffic Analysis
Masquerade
Replay
Modification of messages
Denial of service
Security Services
• Authentication
Peer entity authentication identifies the entities involved in a
communication relationship.
It ensures that communicating peer entities are those with whom
the connection was established or to whom data are presently
being sent.
It must be resistant to masquerade attacks and unauthorized
replays to provide secure interaction between entity instances of
the same protocol at different systems.
• Data origin authentication verifies the source of a data unit,
such as an email, ensuring its authenticity without protecting
against data duplication or modification.
• This service is essential for applications like electronic mail,
where verifying the sender's identity is crucial despite the
absence of prior interactions between the communicating
parties.
Access Control
• The ability to limit and control the access to host systems and
applications.
• Each entity trying to gain access must first be identified, or
authenticated, so that access rights can be tailored to the
individual.
Data Confidentiality
• It gives protection to the transmitted data from passive attacks.
• Protection from eavesdropping includes everything from full
protection of all user data carried over a TCP connection to
narrower protection of single messages or even protection of
specific fields of messages.
• Protection of traffic flow from analysis means that no
attacker would be able to observe source, destination,
frequency, length, or any other characteristic of communication
traffic.
• This type of protection provides confidentiality over the
communications facility.
Data Integrity
• Integrity refers to the validity and reliability of data in a stream
or individual messages.
• Connection-oriented integrity provides protection against
duplication, modifications aimed at message streams.
• Connectionless integrity focuses on source identification at
the level of single messages.
• Recovery mechanisms can provide sound detection and
response to integrity violations through enabling automated
responses that complement the practice of tighter security for
associated data.
Nonrepudiation
• Nonrepudiation prevents either sender or receiver from
denying a transmitted message.
• Thus, when a message is sent, the receiver can prove that the
alleged sender in fact sent the message. Similarly, when a
message is received, the sender can prove that the alleged
receiver in fact received the message.
Availability Service
• Availability, ensures systems and resources are accessible
and usable as intended, responding to authorized requests.
• It addresses threats such as denial-of-service attacks, requiring
effective resource management and security controls, including
access control mechanisms, to maintain uninterrupted service
delivery.
Security Mechanisms
Encipherment
The use of mathematical algorithms to transform data into a form
that is not readily intelligible. The transformation and subsequent
recovery of the data depend on an algorithm and zero or more
encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source
and integrity of the data unit and protect against forgery (e.g., by
the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of
data units. Authentication Exchange A mechanism intended to ensure the identity
of an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data exchange.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system
records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions.
A model for Network Security
Network Access Security Model
Find the solution in terms of Security
Mechanisms
• Consider an automated teller machine (ATM) in which users
provide a personal identification number (PIN) and a card for
account access. Give examples of confidentiality, integrity, and
availability requirements associated with the system and, in
each case, indicate the degree of importance of the
requirement.
Confidentiality

• Requirement: The PIN and account information have to be

kept secret to prevent a crime, like identity theft, from being
committed when there is unauthorized access to them.
• Importance: Very high. A certain risk of financial loss or user
privacy exposure if the PIN or account details are disclosed to
unauthorized people
Integrity

• Requirement: Integrity of data in transactions ensures accuracy

and reliability. It also involves checking that no modifications
are done on the transaction itself during its processing.
• Importance: Any compromise to transaction integrity may
include cash being withdrawn or deposited incorrectly, resulting
in financial disparities and a loss of confidence in the system.
Availability
• Requirement: The ATM system shall be available to
customers for use every time they need to perform some
transactions with not too much downtime.
• Importance: High. Customers rely on ATMs for quick access to
their money. Downtime may inconvenience users, which can
cause dissatisfaction; alternatively, it may force them to rely on
less safe methods.
Problem
• Repeat above problem for a telephone switching system that
routes calls through a switching network based on the
telephone number requested by the caller
Confidentiality

• Requirement: Details of the calls, such as caller numbers and

call destination, are entitled to confidentiality against
unauthorized access and eavesdropping.
• Importance: The unauthorized access to call details may reveal
the user's privacy and can result in probable misapplication of
the information.
Integrity
• Requirement: Call routing should ensure that calls are
accurately routed to the dialed telephone number without
alteration or manipulation.
• Importance: For even the slightest weakness in call integrity
could create opportunities for misrouting or interception that
would reduce communication reliability, leading to potential
legal or security implications.
Availability
• The requirement is that the switching system is to be available
to handle calls reliably and efficiently, with minimum time
wasted on non-availability, to guarantee that connectivity
remains uninterrupted.
• Importance: Continuity within telecommunications services is of
central importance. Downtime could mean interference in
communication services that impact businesses, emergency
services, or simply personal communication requirements.
Symmetric Cipher Model
• Plaintext: This is the original intelligible message or data that is
fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs
various substitutions and transformations on the plaintext.
• Secret key: The secret key is also input to the encryption
algorithm. The key is a value independent of the plaintext and of
the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm
depend on the key.
• Ciphertext: This is the scrambled message produced as
output. It depends on the plaintext and the secret key. For a
given message, two different keys will produce two different
ciphertexts. The ciphertext is an apparently random stream of
data and, as it stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption
algorithm run in reverse. It takes the ciphertext and the secret
key and produces the original plaintext.
Simplified Model of Symmetric
Encryption
Model of Symmetric Cryptosystem
Cryptography
1. Types of Operations in Encryption
Substitution and Columnar Transposition Cipher.

2. Number of Keys
Symmetric and Asymmetric Encryption.

3. The way in which the plaintext is processed

Block and Stream Ciphers.
Cryptanalysis and Brute-Force Attack
Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the
plaintext or even some sample plaintext–ciphertext pairs.
Brute-force attack
The attacker tries every possible key on a piece of ciphertext until
an intelligible translation into plaintext is obtained.
Average Time Required for Exhaustive
Key Search
Vernam Cipher
• Thus, the ciphertext is generated by performing the bitwise XOR of the plaintext and the key. Because of the
properties of the XOR, decryption simply involves the same bitwise operation
Steganography
• Steganography is the practice of concealing information
within another message or physical object to avoid detection.
• For example, the sequence of first letters of each word of
the overall message spells out the hidden message.
• Character marking: Selected letters of printed or typewritten
text are overwritten in pencil. The marks are ordinarily not
visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing
but leave no visible trace until heat or some chemical is applied
to the paper.
Example Digital watermarking
Block Cipher Principles
Stream Ciphers and Block Ciphers
• A stream cipher encrypts data one bit or byte at a time.
• A block cipher encrypts fixed-size blocks of plaintext to produce
ciphertext blocks of equal length, typically 64 or 128 bits.
Feistal
Cipher
Structure
Encryption and Decryption Tables for
Substitution Cipher
• If is sufficiently large and an arbitrary reversible substitution
between plaintext and ciphertext is allowed, then the statistical
characteristics of the source plaintext are masked to such an
extent that this type of cryptanalysis is infeasible.

• A product cipher, which is the execution of two or more

simple ciphers in sequence in such a way that the result or
product is cryptographically stronger than any of the component
ciphers.
• Substitution: Each plaintext element or group of elements is
uniquely replaced by a corresponding ciphertext element or
group of elements.
• Permutation: A sequence of plaintext elements is replaced by
a permutation of that sequence.
• In diffusion, the statistical structure of the plaintext is
dissipated into long-range statistics of the ciphertext.
• This is achieved by having each plaintext digit affect the value
of many ciphertext digits.
• Block Size: Larger block sizes enhance security through greater
diffusion but may slow down encryption/decryption. Traditionally, 64-bit
blocks were common, but AES uses 128-bit blocks.
• Key Size: Larger key sizes improve security by resisting brute-force
attacks and increasing confusion but may slow down processing. Key
sizes of 128 bits or more are now standard, as 64-bit keys are considered
inadequate.
• Number of Rounds: Multiple rounds of encryption enhance security. A
typical block cipher uses around 16 rounds to ensure strong encryption.
• Subkey Generation Algorithm: More complex algorithms for generating
subkeys increase the difficulty of cryptanalysis.
• Round Function F: Greater complexity in the round function improves
resistance to cryptanalysis, enhancing overall security.
• The Data Encryption Standard (DES) is a symmetric-key
algorithm for the encryption of digital data.
• It operates on blocks of data, using a series of transformations
to encrypt and decrypt information.
• The initial permutation (IP) is one of the key steps in the DES
process, which rearranges the bits of the input data block
before the main rounds of encryption begin.
Initial Permutation
Initial Permutation
Position 58 in original (value 1) becomes position 1 in permuted block.
Position 50 in original (value 0) becomes position 2 in permuted block.
Position 42 in original (value 1) becomes position 3 in permuted block.
Position 34 in original (value 0) becomes position 4 in permuted block.
Position 26 in original (value 1) becomes position 5 in permuted block.
Position 18 in original (value 0) becomes position 6 in permuted block.
Inverse Initial Permutation
• Bit 1 in permuted block (position 40 in original)
• Bit 2 in permuted block (position 8 in original)
• Bit 3 in permuted block (position 48 in original)
• Bit 4 in permuted block (position 16 in original)
• Bit 5 in permuted block (position 56 in original)
• Bit 6 in permuted block (position 24 in original)
Data Encryption
Standard
DES
Triple DES Encryption
Double DES Encryption:

Double DES encrypts plaintext P using two keys, K1​ and K2​:

1. First Encryption:
○ Encrypt plaintext P with key K1​ to get interme

-diate ciphertext A:

1. Second Encryption:
○ Encrypt A with key K2 ​ to get final ciphertext C:
Modes of Operation
A mode of operation is a technique for enhancing the effect of a
cryptographic algorithm

Block ciphers encrypt data in fixed-size chunks. Modes of

operation allow us to encrypt data that’s larger than a single
block by splitting it into multiple blocks.
Electronic codebook Mode
Disadvantage
Identical blocks produce identical results, which can expose patterns in the
data.

The ECB method is ideal for a short amount of data, such as an encryption
key.
Cipher Block Chaining
Disadvantages:
Sequential processing
Error Propagation

It is possible to convert block cipher into steam cipher using

cipher feedback mode, output feedback mode and counter mode

In stream cipher ciphertext is of same length as plaintext

CFM
Cipher
Feedback
Mode
it is assumed that the unit of transmission is bits; a common
value is 8 bits .
b -bit shift register that is initially set to some initialization vector
(IV)
The contents of the shift register are shifted left by s bits,
and C1 is placed in the rightmost (least significant)s bits of the
shift register.
OFM
Output
Feedback
Mode
Difference is that the OFB mode operates on full blocks of
plaintext and ciphertext, not on an -bit subset.
Output Feedback (OFB) mode has the key advantage of not
propagating errors beyond the bit or block where they occur,
ensuring that a single bit error affects only the corresponding bit
in the plaintext.
Counter
Mode
In CTR mode, a counter is used in conjunction with the IV. The
counter is a value that starts at a specific number (usually 0) and
is incremented for each subsequent block.
Blowfish
Blowfish symmetric block cipher algorithm encrypts block data of
64-bits at a time.
The algorithm follows feistal network and is divided into 2 main
parts

1 Key Expansion
2 Encryption
Key expansion converts a key of at most 448 bits into several
subkey arrays totaling 4168 bytes.
Data encryption occurs via a 16-round Feistel network.
Each round consists of permutation, and substitution.
All operations are XORs and additions on 32-bit words.
Subkeys:
Blowfish uses a large number of subkeys. These keys must be
precomputed before any data encryption or decryption.
1 The P-array consists of 18 32-bit subkeys:
P1,P2,P3…,P18
2 There are four 32-bit S-boxes with 256 entries each:
S1,0,.......S1,255
S4,0,........S4,255
F function
IDEA
The IDEA cipher was designed by Xuejia Lai and James Massey
in 1990 and initially named PES (Improved Proposed Encryption
Standard).
Despite some progress made in cryptanalysis against reduced-
round versions, IDEA remains one of the strong encryption
algorithms.
It still has limited general acceptance as a DES successor
because of patent license fees and cryptanalysis underway.
IDEA is a block cipher, working on 64-bit plaintext blocks, under
a 128-bit key.
The scheme uses both confusion and diffusion and mixes
operations from the different algebraic groups:
XOR,
addition modulo 216,
multiplication modulo 216+1 (which is IDEA's S-box).
The operations work on 16-bit sub-blocks and are efficiently
implemented both in hardware and software.
Thus even 16-bit processors can use this algorithm.
IDEA Block
diagram
(1) Multiply M1 and the first subkey.
(2) Add M2 and the second subkey.
(3) Add M3 and the third subkey.
(4) Multiply M4 and the fourth subkey.
(5) XOR the results of steps (1) and (3).
(6) XOR the results of steps (2) and (4).
(7) Multiply the results of step (5) with the fifth subkey.
(8) Add the results of steps (6) and (7).
(9) Multiply the results of step (8) with the sixth subkey.
(10) Add the results of steps (7) and (9)
(11) XOR the results of steps (1) and (9).
(12) XOR the results of steps (3) and (9).
(13) XOR the results of steps (2) and (10).
(14) XOR the results of steps (4) and (10).
After the eighth round, there is a final output transformation:
(1) Multiply M1 and the first subkey.
(2) Add M2 and the second subkey.
(3) Add M3 and the third subkey.
(4) Multiply M4 and the fourth subkey.
Finally, the four sub-blocks are reattached to produce the
ciphertext.
First, the 128-bit key is divided into eight 16-bit subkeys.
These are the first eight subkeys for the algorithm (the six for the
first round, and the first two for the second round).
Then, the key is rotated 25 bits to the left and again divided
into eight subkeys.
The first four are used in round 2; the last four are used in
round 3.
The key is rotated another 25 bits to the left for the next eight
subkeys, and so on until the end of the algorithm
RC5