CRYPTOGRAPHY AND NETWORK SECURITY
UNIT-1
Basic Principles
Security Goals, Cryptographic Attacks, Services and Mechanisms, Mathematics
of Cryptography
I . Introduction
Cryptography is the science of using mathematics to hide data behind encryption. It involves storing
secret information with a key that people must have in order to access the raw data. Without
cracking the cipher, it’s impossible to know what the original is.
While cryptography is also used in the science of securing data, cryptanalysis is also important to
understanding the mathematics side of encrypting and decrypting data.
With cryptanalysis, the combination of mathematical tools, pattern finding, analytical reasoning,
determination, and a bit of change. Cryptanalysts typically is a term used refer to those who attack
systems, looking for weaknesses.
There are a few ways to apply cryptography to your files, and it mainly comes down to a difference
of preventing your kid brother from reading your diary to blocking the government dead in its tracks
from seeing your data.
The strength of cryptography depends on the resources and time it would take to recover the raw
plaintext. However, the main result of cryptography should always be the same:
Cipher text is very hard to figure out without knowing the proper decoding tool or key. With today’s
advancement of computer technology, then it is a billion times more complicated than it used to be.
Even against a hacker who is extremely skilled, strong ciphertext would prevent the cryptanalyst
from ever getting to the data.
This guide explores every part of the mathematics behind cryptography and different methods used
to encrypt data with the latest algorithms.
Computer Security-generic name for the collection of tools designed to protect data and to
thwart hackers
Network Security-measures to protect data during their transmission. This area covers the use of
cryptographic algorithms in network protocols and network applications.
Cryptographic algorithms: This is the study of techniques for ensuring the secrecy and/or
authenticity of information
II. SECURITY GOALS:
SECURITY GOALS
CONFIDENTIALITYDATA INTEGRITYAVAILABILITY
CONFEDENTIALITY:
hiding information from an authorized access
� information while exchange should remain secret
DATA INTEGRITY:
preventing information from un authorized modification
need techniques to ensure the integrity of the data
preventing the modification
detect any modification made
AVAILABILITY:
should be easily available to authorized users
data must be available to authorized users
cryptographic algorithms are used to achieve the above goals
THE OSI SECURITY ARCHITECTURE
The OSI security architecture focuses on security attacks, mechanisms, and services. These can
be defined briefly as
• Security attack: Any action that compromises the security of information owned by
an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to
provide the service.
III. SECURITY ATTACKS
Generic types of attacks
Passive attacks
Active attacks
. A passive attack attempts to learn or make use of information from the system but does not
affect system resources. An active attack attempts to alter system resources or affect their
operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are the release of message contents and traffic analysis.
1) Release of message contents:
�The release of message contents is easily understood .A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information.We would like to
prevent an opponent from learning the contents of these transmissions.
Traffic analysis:
A second type of passive attack, traffic analysis, is subtler .Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common technique
for masking contents is encryption. If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The opponent could determine the location
and identity of communicating hosts and could observe the frequency and length of messages
being exchanged. This information might be useful in guessing the nature of the communication
that was taking place.
Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
�Active attack: An active attack attempts to alter system resources or affect their operation.
Active attacks involve some modification of the data stream or the creation of a false stream.
Active attacks can be subdivided into four categories:
masquerade,
replay,
modification of messages, and
Denial of service.
Masquerade:
A masquerade takes place when one entity pretends to be a different entity (Figure:). A
masquerade attack usually includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a valid authentication sequence has
taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
Replay :
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
�unauthorized effect.
Modification of messages:
Modification of messages simply means that some portion of a legitimate message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect (Figure: c).
For example, a message meaning “Allow John Smith to read confidential file accounts” is
modified to mean “Allow Fred Brown to read confidential file accounts
Denial of service:
The denial of service prevents or inhibits the normal use or management of communications
facilities (Figure d). This attack may have a specific target;
For example, an entity may suppress all messages directed to a particular destination (e.g., the
security audit service).
Another form of service denial is the disruption of an entire network—either by disabling the
network or by overloading it with messages so as to degrade performance
�V. SECURITY SERVICES & MECHANISMS
The classification of security services are as follows:
CONFIDENTIALITY: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. Confidentiality is the protection
of transmitted data from passive attacks. For example, when a TCP connection is set up between
two systems, this broad protection prevents the release of any user data transmitted over the TCP
connection.
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality
The confidentiality of selected fields within the user data on a connection or in a single data block.
Traffic-Flow Confidentiality
The protection of the information that might be derived from observation of traffic flows.
AUTHENTICATION: The authentication service is concerned with assuring that a communication
is Authentic. The assurance that the communicating entity is the one that it claims to be.
Ensures that the origin of a message or electronic document is correctly identified, with an
assurance that the identity is not false.
Peer Entity Authentication
Used in association with a logical connection to provide confidence in the identity of the entities
connected.
Data-Origin Authentication
�In a connectionless transfer, provides assurance that the source of received data is as claimed.
INTEGRITY: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating
and delaying or replaying of transmitted messages.
NON REPUDIATION: Requires that neither the sender nor the receiver of a message be able to
deny the transmission. when a message is sent, the receiver can prove that the alleged sender in
fact sent the message. Similarly, when a message is received, the sender can prove that the
alleged receiver in fact received the message.
ACCESS CONTROL: Requires that access to information resources may be controlled by the
target system access control is the ability to limit and control the access to host systems and
applications via communications links. To achieve this, each entity trying to gain access must
first be identified, or authenticated
AVAILABILITY: Requires that computer system assets be available to authorized parties when
needed
SECURITY MECHANISMS
One of the most specific security mechanisms in use is cryptographic techniques.
Encryption or encryption-like transformations of information are the most common means of
providing security. Some of the mechanisms are
1 ENCIPHERMENT
2 DIGITAL SIGNATURE
3 ACCESS CONTROL
ENCIPHERMENT: It refers to the process of applying mathematical algorithms for converting data
into a form that is not intelligible. This depends on algorithm used and encryption keys. DIGITAL
SIGNATURE: The appended data or a cryptographic transformation applied to any data unit
allowing to prove the source and integrity of the data unit and protect against forgery.
ACCESS CONTROL: A variety of techniques used for enforcing access permissions to the system
resources.
DATA INTEGRITY: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
AUTHENTICATION EXCHANGE: A mechanism intended to ensure the identity of an entity by means
of information exchange.
TRAFFIC PADDING: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
ROUTING CONTROL: Enables selection of particular physically secure routes for certain data and
�allows routing changes once a breach of security is suspected.
NOTARIZATION: The use of a trusted third party to assure certain properties of a data exchange
GENERAL TERMS:
An original message is known as the plaintext, while the coded message is called the cipher text.
The process of converting from plaintext to cipher text is known as enciphering or encryption;
restoring the plaintext from the cipher text is deciphering or decryption. The many Schemes used
for encryption constitute the area of study known as cryptography. Such a scheme is known as a
cryptographic system or a cipher. Techniques used for deciphering a message without any knowledge of
the enciphering details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls “breaking
the code.”The areas of cryptography and cryptanalysis together are called cryptology.
v. MATHEMATICS IN CRYPTOGRAPHY
Cryptography Mathematics – This refers to the use of mathematical techniques to encode plain
text with hash functions and perform crypto-analysis to identify the original text from encrypted
keys. There are some important terms that are necessary to understanding how cryptography
mathematics work and what role algorithms play in modern cryptography.
Why Guidance is Needed for Cryptographic Algorithms
Cryptographic methods make it possible to set up security services as applications and protocols.
These are necessary for protecting data security. In today’s digital world, there are a ton of open-
source and proprietary data security algorithms available on GitHub. The community has made
significant strides in data security algorithms, which is mostly thanks to the complex mathematics
involved with each algorithm.
The Importance of Keys in Crypto Algorithms
In cryptography, keys are the same as a pin, password, or pattern. It works just like a physical key
would with any security locker or door. If an attacker can find out this key, then you likely did not
have the latest algorithms protecting your system, or they were able to quickly crack the key,
indicating an inferior cipher.
It’s also important that system managers take note of keys and how they are saved. Even with state-
of-the-art technology, attackers often get into security lockers simply by understanding how the
keys are used and saved after spending time inside of your system. As you can see, the management
of keys is just as important as they were created.
Learn Classes of Cryptographic Algorithms
The mathematics of an algorithm change depending on the category of the algorithm. With digital
cryptography, it’s easier than ever to create an algorithm, however not all are as strong as others.
�Within these algorithm categories, there are even further detailed methods with their own unique
mathematical inputs.
The classes include:
Asymmetric Encryption
Symmetric Encryption
Hash Functions
1) Symmetric Encryption
The primary functions of a symmetric encryption algorithm include:
Achieve confidentiality through encryption and decryption, which is performed using just
a single key
Authenticates integrity and sources by using Message Authentication Codes (MAC),
which is automatically generated and validated by the same key
Generates pseudo random numbers
2) Asymmetric Encryption
What happens if you need to send data securely into an unknown environment, such as the internet?
The same key that you use to encrypt and decrypt a message with would be necessary to send to
open up a secure connection. This is an essential point of cryptography used in cryptocurrency.
This means that I must send the key over an insecure connection to get started, which means that the
key may be intercepted along the way and used by a third party. To get around this, you would use
asymmetric encryption.
Asymmetric encryption is also called a public key encryption. These algorithms use two keys that
are mathematically similar, but they are used for different purposes. These are known as public or
private keys. One is used for data encryption, and the other key decrypts the data. In this
relationship, the private key is never revealed by the owner.
However, the public key can be spread to the public so that everyone has access. In addition, the
private key is set up in a way that it can never be deduced simply from knowing the public key.
Asymmetric key algorithms are mostly used with mathematical problems such as integer
factorization and discrete logarithmic problems. These can create digital signatures and establish
session keys for cases like TLS protocol.
3) Hash Function
Everything in modern cryptography is built from hash functions. They are the building blocks of all
algorithms, and they can be used to transform random size data into a small fixed-size string. This
data output is called the hash value or digest. The basic operation of hash functions works without
�needing any key to operate. It works simply in a one-way matter. This also makes it impossible to
figure out the input from the output.
Hash functions are used for the following actions:
Generate and verify digital signatures
Checksum/message integrity assurance
Source integrity services (via MAC)
Derives sub-keys into key-establishment algorithms and protocols
Generates pseudorandom numbers
Specific Algorithms in Cryptography Mathematics
Big-O-Notation
Big-O-Notation – Indicated with the O(n) notation, which refers to O to the order of n, this notation
is a way of indicating how many calculations are required to execute it.
Prime Factorization
Prime Factorization – This is a commonly used mathematical technique which uses the
multiplication of two large prime numbers to secure encryption system that uses public keys.
Pseudo Random Number Generation
Pseudo-Random Number Generation – These are the algorithms used to generate random number
sequences. However, unlike their hardware counterparts, they do not generate truly random
numbers. They are used due to their speed.
The Birthday Problem
The Birthday Problem – This is a conceptualization of how probable it is that multiple people in a
group have the same birthday. This concept is adopted to explain the probability of other
phenomena.
RSA Algorithm
Of all the asymmetric algorithms, the RSA algorithm is the most widely known and used. It also
serves as the foundational tools for Bio Cryptography. This takes the Biometric Template even
further within the principles of cryptography. The RSA Algorithm started from the RSA Data
Corporation, and its name was derived from Ron Rivest, Leonard Adelman, and Ali Shamir.
To understand the RSA Algorithm, you must first consider the power of prime numbers as these are
central to this algorithm’s function. The RSA Algorithm uses prime numbers to generate public and
private keys. However, the keys must be larger to accommodate copious amounts of data and
information.
�Instead, in this algorithm, the encryption is handled by symmetric algorithms for the private key,
then goes through more encryption to generate a public key, which can then be used by the sending
entity.
Once the public key is received, the private key, which has been created through the symmetric
algorithm, is then decrypted. Now, the public key that was created originally by the RSA algorithm
can be used to decrypt the rest of the message.
The Diffie-Hellman Algorithm
This algorithm is also known as the DH Algorithm. While DH is important for data security, it
actually not used for encryption of the actual ciphertext. Instead, the main purpose for this algorithm
is to seek out a solution for sending the public key and private key package through a secured
channel.
Here is a step-by-step look at Diffie-Hellman algorithms:
1. The receiving entity takes possession of the public key and private key, which was generated,
but they have been automatically created by the DH algorithm
2. The sending entity receives the public key generated by the receiving entity, thus using the
Diffie-Hellman algorithm to create another section of public keys. However, these are only
generated on a temporary basis
3. The sending entity takes ownership of the new temporary private and public keys, which were
sent by the receiving entity
4. When the receiving entity finally gets the ciphertext message from the sending entity, the
session key can reveal itself mathematically
5. The receiving party can now decrypt the rest of the ciphertext message
