CS8792 - CRYPTOGRAPHY AND

NETWORK SECURITY
UNIT I

Prepared by
Dr. R. Arthy, AP/IT
Kamaraj College of Engineering and
Technology (Autonomous), Madurai.
Agenda
⚫ Security trends
⚫ Legal, Ethical and Professional Aspects of Security
⚫ Need for Security at Multiple levels, Security Policies
⚫ Security attacks, services and mechanism
⚫ OSI security architecture
⚫ Model of network security
Security Trends
Introduction
⚫ In 1994, the Internet Architecture Board (IAB) issued
a report entitled "Security in the Internet Architecture"
(RFC 1636).
⚫ Observations - Internet needs more and better security,
and it identified key areas for security mechanisms
⚫ Requirements
⚫ Need to secure the network infrastructure from
unauthorized monitoring and control of network traffic
⚫ Need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms
⚫ Reported by the
Computer
Emergency
Response Team
(CERT)
Coordination Center
(CERT/CC).
⚫ Internet-related
vulnerabilities
Legal, Ethical, and Professional
Issues in Information Security
Law and Ethics in Information Security
⚫ Laws
⚫ Rules that mandate or prohibit certain behavior
⚫ Drawn from ethics
⚫ Ethics
⚫ Define socially acceptable behaviors
⚫ Key difference
⚫ Laws carry the authority of a governing body
⚫ Ethics do not carry the authority of a governing body
⚫ Based on cultural mores
⚫ Fixed moral attitudes or customs
⚫ Some ethics standards are universal
Organizational Liability and the Need for
Counsel
⚫ Liability
⚫ Legal obligation of organization

⚫ Extends beyond criminal or contract law

⚫ Include legal obligation to restitution

⚫ Employee acting with or without the authorization performs and illegal or

unethical act that causes some degree of harm

⚫ Employer can be held financially liable

⚫ Due care
⚫ Organization makes sure that every employee knows what is acceptable or

unacceptable
⚫ Knows the consequences of illegal or unethical actions
Organizational Liability and the Need
for Counsel
⚫ Due diligence
⚫ Requires
⚫ Make a valid effort to protect others
⚫ Maintains the effort

⚫ Jurisdiction
⚫ Court’s right to hear a case if a wrong is committed
⚫ Term – long arm
⚫ Extends across the country or around the world
Policy Versus law
⚫ Policies
⚫ Guidelines that describe acceptable and unacceptable
employee behaviors
⚫ Functions as organizational laws
⚫ Has penalties, judicial practices, and sanctions
⚫ Difference between policy and law
⚫ Ignorance of policy is acceptable
⚫ Ignorance of law is unacceptable
⚫ Keys for a policy to be enforceable
⚫ Dissemination
⚫ Review
⚫ Comprehension
⚫ Compliance
⚫ Uniform enforcement
Types of Law
⚫ Civil – govern a nation or state

⚫ Criminal – addresses activities and conduct harmful to

public
⚫ Private – encompasses family, commercial, labor, and

regulates the relationship between individuals and

organizations
⚫ Public – regulates the structure and administration of

government agencies and their relationships with citizens,

employees, and other governments
International Laws and Legal Bodies
⚫ Organizations do business on the Internet – they do

business globally

⚫ Professionals must be sensitive to the laws and ethical

values of many different cultures, societies, and countries

⚫ Few international laws relating to privacy and

informational security

⚫ International laws are limited in their enforceablity

Council of Europe Convention on
Cybercrime
⚫ International task force
⚫ Designed to oversee range of security functions
⚫ Designed to standardized technology laws across
international borders
⚫ Attempts to improve the effectiveness of international
investigations into breaches of technology law
⚫ Concern raised by those concerned with freedom of
speech and civil liberties
⚫ Overall goal
⚫ Simplify the acquisition of information for law enforcement
agencies in certain types of international crimes
Agreement on Trade-Related Aspects of
Intellectual Property Rights
⚫ Created by the World Trade Organization
⚫ Introduced intellectual property rules into the
multilateral trade system
⚫ First significant international effort to protect
intellectual property rights
Agreement on Trade-Related Aspects of
Intellectual Property Rights
⚫ Covers five issues
⚫ How basic principles of the trading system and other international
intellectual property agreements should be applied
⚫ How to give adequate protection to intellectual property rights

⚫ How countries should enforce those rights adequately in their own

territories
⚫ How to settle disputes on intellectual property between members
of the WTO
⚫ Special transitional arrangements during the period when the new
system is being introduced
Digital Millennium Copyright Act
⚫ American contribution to WTO
⚫ Plan to reduce the impact of copyright, trademark, and
privacy infringement
⚫ United Kingdom has implemented a version
⚫ Database Right
 Major IT Professional Organizations
⚫ Association of Computing Machinery
⚫ “World’s first educational and scientific computing society”

⚫ Strongly promotes education

⚫ Provides discounts for student members

⚫ International Information Systems Security Certification Consortium, Inc.

(ISC)2
⚫ Nonprofit organization

⚫ Focuses on the development and implementation of information security

certifications and credentials
⚫ Manages a body of knowledge on information security

⚫ Administers and evaluated examinations for information security certifications

 Major IT Professional Organizations
⚫ Information Systems Audit and Control Association

⚫ Focuses on auditing, control, and security

⚫ Membership includes technical and managerial professionals

⚫ Does not focus exclusively on information security

⚫ Has many information security components

⚫ Information Systems Security Associations (ISSA)

⚫ Nonprofit society of information security professionals

⚫ Mission – bring together qualified information security practioners

⚫ Information exchange

⚫ Education development

⚫ Focus – “promoting management practices that will ensure the confidentiality, integrity, and

availability of organizational information resources”

Major IT Professional Organizations
⚫ Systems Administration, Networking, and Security
Institute (SANS)
⚫ Professional research and education cooperative
⚫ Current membership > 156,000
⚫ Security professionals
⚫ Auditors
⚫ System administrators
⚫ Network administrators
⚫ Offers set of certifications
 Federal Agencies
⚫ Department of Homeland Security
⚫ Five directorates or divisions

⚫ Mission – protecting the people as well as the physical and

informational assets of the United States
⚫ Directorate of Information and Infrastructure
⚫ Creates and enhances resources used to discover and responds to attacks on
national information systems and critical infrastructure

⚫ Directorate of Science and Technology

⚫ Research and development activities in support of homeland defense

⚫ Examination of vulnerabilities

⚫ Sponsors emerging best practices

 Federal Agencies
⚫ National InfraGard Program

⚫ Each FBI office establishes a chapter

⚫ Collaborates with public and private organizations and academia

⚫ Serves members in 4 ways

⚫ Maintains an intrusion alert network using encrypted e-mail

⚫ Maintains a secure Web site for communication about suspicious activity or intrusions

⚫ Sponsors local chapter activities

⚫ Operates a help desk for questions

⚫ Contribution – free exchange of information to and from the private sector in

the areas of threats and attacks on information resources
 Federal Agencies
⚫ National Security Agency (NSA)

“the nation’s cryptologic organization. It coordinates, directs, and

performs highly specialized activities to protect U.S. information systems
and produce foreign intelligence information… It is also one of the most
important centers of foreign language analysis and research within the
Government.”

⚫ U. S. Secret Service

⚫ Located in Department of the Treasury

⚫ Charged with the detection and arrest of any person committing a

United States federal offense relating to computer fraud and false

identification crimes.
OSI Security Architecture
Services, Mechanisms, Attacks
⚫ need systematic way to define requirements
⚫ consider three aspects of information security:
⚫ security attack
⚫ security mechanism
⚫ security service
⚫ consider in reverse order
Security Service
⚫ is something that enhances the security of the data processing
systems and the information transfers of an organization
⚫ intended to counter security attacks

⚫ make use of one or more security mechanisms to provide the

service
⚫ replicate functions normally associated with physical
documents
⚫ eg. have signatures, dates; need protection from disclosure, tampering,
or destruction; be notarized or witnessed; be recorded or licensed
Security Mechanism
⚫ a mechanism that is designed to detect, prevent, or recover

from a security attack

⚫ no single mechanism that will support all functions

required

⚫ however one particular element underlies many of the

security mechanisms in use: cryptographic techniques

⚫ hence our focus on this area

Security Attack
⚫ any action that compromises the security of information

owned by an organization

⚫ information security is about how to prevent attacks, or

failing that, to detect attacks on information-based systems

⚫ have a wide range of attacks

⚫ can focus of generic types of attacks

⚫ note: often threat & attack mean same

OSI Security Architecture
⚫ ITU-T X.800 Security Architecture for OSI

⚫ defines a systematic way of defining and providing

security requirements

⚫ for us it provides a useful, if abstract, overview of

concepts we will study

Security Services
⚫ X.800 defines it as: a service provided by a protocol

layer of communicating open systems, which ensures

adequate security of the systems or of data transfers

⚫ RFC 2828 defines it as: a processing or

communication service provided by a system to give a
specific kind of protection to system resources

⚫ X.800 defines it in 5 major categories

 Security Services (X.800)
⚫ Authentication - assurance that the communicating entity is the one claimed

⚫ Peer entity and Data origin authentication

⚫ Access Control - prevention of the unauthorized use of a resource

⚫ Data Confidentiality –protection of data from unauthorized disclosure

⚫ Connection, Connectionless, Selective Field and Traffic flow

⚫ Data Integrity - assurance that data received is as sent by an authorized entity

⚫ Connection integrity with recovery, Connection integrity without recovery,

Connectionless integrity, Selective field connection integrity, Selective field
connectionless integrity

⚫ Non-Repudiation - protection against denial by one of the parties in a

communication

⚫ Origin and destination

Security Mechanisms (X.800)
⚫ specific security mechanisms:

⚫ encipherment, digital signatures, access controls, data

integrity, authentication exchange, traffic padding,

routing control, notarization

⚫ pervasive security mechanisms:

⚫ trusted functionality, security labels, event detection,

security audit trails, security recovery

Relation between Security Services
and Mechanisms
[contd…]
Classify Security Attacks as
⚫ passive attacks - eavesdropping on, or monitoring of,
transmissions to:
⚫ obtain message contents, or

⚫ monitor traffic flows

⚫ active attacks – modification of data stream to:

⚫ masquerade of one entity as some other

⚫ replay previous messages

⚫ modify messages in transit

⚫ denial of service
Model for Network Security
Model for Network Security
⚫ using this model requires us to:

⚫ design a suitable algorithm for the security transformation

⚫ generate the secret information (keys) used by the algorithm

⚫ develop methods to distribute and share the secret

information
⚫ specify a protocol enabling the principals to use the

transformation and secret information for a security service

Model for Network Access Security
CRYPTOGRAPHY AND
NETWORK SECURITY
Classical Encryption Algorithms
10.08.2020
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Brute Force Attack in Shift Cipher
Step 1: Hacking
 1 UNQC FQFUHI BUQAUT QJ QXQ.SEC
2 TMPB EPETGH ATPZTS PI PWP.RDB
[contd…] 3
4
SLOA DODSFG ZSOYSR OH OVO.QCA
RKNZ CNCREF YRNXRQ NG NUN.PBZ
5 QJMY BMBQDE XQMWQP MF MTM.OAY
 Step 2: Try with possible 6 PILX ALAPCD WPLVPO LE LSL.NZX
7 OHKW ZKZOBC VOKUON KD KRK.MYW
keys 8 NGJV YJYNAB UNJTNM JC JQJ.LXV
9 MFIU XIXMZA TMISML IB IPI.KWU
 Example 10 LEHT WHWLYZ SLHRLK HA HOH.JVT
UNQC FQFUHI BUQAUT QJ 11 KDGS VGVKXY RKGQKJ GZ GNG.IUS
12 JCFR UFUJWX QJFPJI FY FMF.HTR
QXQ.SEC 13 IBEQ TETIVW PIEOIH EX ELE.GSQ
14 HADP SDSHUV OHDNHG DW DKD.FRP
15 GZCO RCRGTU NGCMGF CV CJC.EQO
16 FYBN QBQFST MFBLFE BU BIB.DPN
17 EXAM PAPERS LEAKED AT AHA.COM
18 DWZL OZODQR KDZJDC ZS ZGZ.BNL
19 CVYK NYNCPQ JCYICB YR YFY.AMK
20 BUXJ MXMBOP IBXHBA XQ XEX.ZLJ
21 ATWI LWLANO HAWGAZ WP WDW.YKI
22 ZSVH KVKZMN GZVFZY VO VCV.XJH
23 YRUG JUJYLM FYUEYX UN UBU.WIG
24 XQTF ITIXKL EXTDXW TM TAT.VHF
25 WPSE HSHWJK DWSCWV SL SZS.UGE
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Advantage
 It is significantly harder to break since the frequency
analysis technique used to break simple substitution
ciphers is difficult but still can be used on (25*25) =
625 digraphs rather than 25 monographs which is
difficult.
 Frequency analysis thus requires more cipher text to
crack the encryption.
Disadvantage
 An interesting weakness is the fact that a digraph in the
ciphertext (AB) and it’s reverse (BA) will have
corresponding plaintexts like UR and RU. That can
easily be exploited with the aid of frequency analysis,
if the language of the plaintext is known.
 Another disadvantage is that playfair cipher is
a symmetric cipher thus same key is used for both
encryption and decryption.
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Introduction
 The encryption of the original text is done using
the Vigenère square or Vigenère table.
 The Vigenère table uses a 26×26 matrix with A to Z as
the row heading and column heading
 The Vigenère cipher is an example of a polyalphabetic
substitution cipher.
 A polyalphabetic substitution cipher is similar to a
monoalphabetic substitution except that the cipher
alphabet is changed periodically while enciphering the
message.
Vigenère Cipher
 Encryption
 The plaintext(P) and key(K) are added modulo 26.
 Ci = (Pi + Ki) mod 26
 Decryption
 Pi = (Ci - Ki + 26) mod 26
Vigenère table
 Example - Encryption
 Plain Text – a simple example
 Key – crypto

Plain Text (P) a s i m p l e e x a m p l e

Key (K) c r y p t o c r y p t o c r
Cipher Text (C) C J G B I Z G V V P F D N V
 [contd…]
 Plain Text – a simple example
 Key – crypto

Plain Text (P) a s i m p l e e x a m p l e

Key (K) c r y p t o c r y p t o c r

Plain Text (Pi) 0 18 8 12 15 11 4 4 23 0 12 15 11 4

Key (Ki) 2 17 24 15 19 14 2 17 24 15 19 14 2 17
Cipher Text (Ci) 2 9 6 1 8 25 6 21 21 15 5 3 13 21

Cipher Text (C) C J G B I Z G V V P F D N V

Decryption
 Reverse of encryption
 Example
 Cipher Text – CJGBIZGVVPFDNV
 Key – crypto

Cipher Text (C) C J G B I Z G V V P F D N V

Key (K) c r y p t o c r y p t o c r
Plain Text (P) a s i m p l e e x a m p l e
 [contd…]

 Cipher Text – CJGBIZGVVPFDNV

 Key – crypto

Cipher Text (C) C J G B I Z G V V P F D N V

Key (K) c r y p t o c r y p t o c r

Cipher Text (Ci) 2 9 6 1 8 25 6 21 21 15 5 3 13 21

Key (Ki) 2 17 24 15 19 14 2 17 24 15 19 14 2 17
Plain Text (Pi) 0 18 8 12 15 11 4 4 23 0 12 15 11 4

Plain Text (P) a s i m p l e e x a m p l e

Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Introduction
 Autokey Cipher is a polyalphabetic substitution
cipher.
 It is closely related to the Vigenere cipher but uses a
different method of generating the key.
Auto Key Cipher
 Encryption
 The plaintext(P) and key(K) are added modulo 26.
 Ci = (Pi + Ki) mod 26
 Decryption
 Pi = (Ci - Ki + 26) mod 26
 Example - Encryption
 Plain Text – a simple example
 Key – crypto

Plain Text (P) a s i m p l e e x a m p l e

Key (K) c r y p t o a s i m p l e e
Cipher Text (C) C J G B I Z E W F M B A P I
 [contd…]
 Plain Text – a simple example
 Key – crypto

Plain Text (P) a s i m p l e e x a m p l e

Key (K) c r y p t o a s i m p l e e

Plain Text (Pi) 0 18 8 12 15 11 4 4 23 0 12 15 11 4

Key (Ki) 2 17 24 15 19 14 0 18 8 12 15 11 4 4
Cipher Text (Ci) 2 9 6 1 8 25 4 22 5 12 1 0 15 8

Cipher Text (C) C J G B I Z E W F M B A P I

Decryption
 Reverse of encryption
 Example
 Cipher Text – CJGBIZEWFMBAPI
 Key – crypto

Cipher Text (C) C J G B I Z E W F M B A P I

Key (K) c r y p t o a s i m p l e e
Plain Text (P) a s i m p l e e x a m p l e
 [contd…]

 Cipher Text – CJGBIZEWFMBAPI

 Key – crypto

Cipher Text (C) C J G B I Z E W F M B A P I

Key (K) c r y p t o a s i m p l e e

Cipher Text (Ci) 2 9 6 1 8 25 4 22 5 12 1 0 15 8

Key (Ki) 2 17 24 15 19 14 0 18 8 12 15 11 4 4
Plain Text (Pi) 0 18 8 12 15 11 4 4 23 0 12 15 11 4

Plain Text (P) a s i m p l e e x a m p l e

Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Introduction
 One-time pad cipher is a type of Vignere cipher which
includes the following features −
 It is an unbreakable cipher.
 The key is exactly same as the length of message which
is encrypted.
 The key is made up of random symbols.
 As the name suggests, key is used one time only and
never used again for any other message to be encrypted.
Why is it Unbreakable?
 The key is unbreakable owing to the following features
 The key is as long as the given message.
 The key is truly random and specially auto-generated.
 Each key should be used once and destroyed by both
sender and receiver.
 There should be two copies of key: one with the sender
and other with the receiver.
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Introduction
 In a transposition cipher, the order of the alphabets is
re-arranged to obtain the cipher-text.
 A simple form of Rail Fence
 Plain Text – defend the east wall
 Key - 2
Encryption
 In the rail fence cipher, the plain-text is written
downwards and diagonally on successive rails of an
imaginary fence.
 When we reach the bottom rail, we traverse upwards
moving diagonally, after reaching the top rail, the
direction is changed again. Thus the alphabets of the
message are written in a zig-zag manner.
 After each alphabet has been written, the individual
rows are combined to obtain the cipher-text.
Example
 Plain Text – defend the east wall
 Key – 3

 Cipher Text - DNETLEEDHESWLXFTAAX

Decryption
 Size of the Matrix = key * length(cipher text)
 Once we’ve got the matrix we can figure-out the spots
where texts should be placed (using the same way of
moving diagonally up and down alternatively ).
 Then, we fill the cipher-text row wise. After filling it,
we traverse the matrix in zig-zag manner to obtain the
original text.
Example
 Cipher Text – DNETLEEDHESWLXFTAAX
 Key – 3
 Size of the matrix = key * length(cipher text)
= 3 * 19
* * * * *
* * * * * * * * *
* * * * *

D N E T L
* * * * * * * * *
* * * * *
[contd…]

D N E T L
E E D H E S W L X
* * * * *

D N E T L
E E D H E S W L X
F T A A X

Plain Text – defend the east wall

Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
 Introduction
 The Columnar Transposition Cipher is a form of
transposition cipher just like Rail Fence Cipher.
 Columnar Transposition involves writing the plaintext
out in rows, and then reading the ciphertext off in
columns one by one.

Plain Text - "a simple transposition"

Cipher Text
"ALNISESTITPIMROOPASN"
Encryption
 The message is written out in rows of a fixed length, and
then read out again column by column, and the columns
are chosen in some scrambled order.
 Width of the rows and the permutation of the columns are
usually defined by a keyword.
 For example, the word HACK is of length 4 (so the rows
are of length 4), and the permutation is defined by the
alphabetical order of the letters in the keyword. In this case,
the order would be “3 1 2 4”.
 Any spare spaces are filled with nulls or left blank or
placed by a character (Example: _).
 Finally, the message is read off in columns, in the order
specified by the keyword.
Example
 Plain Text - "The tomato
is a plant in the nightshade
family“
 Keyword - tomato
 Cipher Text -
"TINESAXEOAHTFXHT
LTHEYMAIIAIXTA
PNGDLOSTNHMX".
Decryption
 To decipher it, the recipient has to work out the
column lengths by dividing the message length by the
key length.
 Then, write the message out in columns again, then re-
order the columns by reforming the key word.
Example
 Cipher Text -
"TINESAXEOAHTFXHTLTHEYMAIIAIXTA
PNGDLOSTNHMX".
 Keyword - tomato
 Number of rows = length(cipher text)/length(keyword)
= 42 / 6
=7
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

X
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

E T H E T

O I T O I

A N L A N

H E T H E

T S H T S

F A E F A

X X Y X X
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

H E T M T H E T M

T O I A A T O I A

L A N I P L A N I

T H E I N T H E I

H T S A G H T S A

E F A I D E F A I

Y X X X L Y X X X
[contd…]
 Plain Text - "The tomato T O M A T O
is a plant in the nightshade 5 3 2 1 6 4
family“
T H E T O M

A T O I S A

P L A N T I

N T H E N I

G H T S H A

D E F A M I

L Y X X X X
CRYPTOGRAPHY AND
NETWORK SECURITY
Classical Encryption Algorithms
17.08.2020
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Introduction
 In a transposition cipher, the order of the alphabets is
re-arranged to obtain the cipher-text.
 A simple form of Rail Fence
 Plain Text – defend the east wall
 Key - 2
Encryption
 In the rail fence cipher, the plain-text is written
downwards and diagonally on successive rails of an
imaginary fence.
 When we reach the bottom rail, we traverse upwards
moving diagonally, after reaching the top rail, the
direction is changed again. Thus the alphabets of the
message are written in a zig-zag manner.
 After each alphabet has been written, the individual
rows are combined to obtain the cipher-text.
Example
 Plain Text – defend the east wall
 Key – 3

 Cipher Text - DNETLEEDHESWLXFTAAX

Decryption
 Size of the Matrix = key * length(cipher text)
 Once we’ve got the matrix we can figure-out the spots
where texts should be placed (using the same way of
moving diagonally up and down alternatively ).
 Then, we fill the cipher-text row wise. After filling it,
we traverse the matrix in zig-zag manner to obtain the
original text.
Example
 Cipher Text – DNETLEEDHESWLXFTAAX
 Key – 3
 Size of the matrix = key * length(cipher text)
= 3 * 19
* * * * *
* * * * * * * * *
* * * * *

D N E T L
* * * * * * * * *
* * * * *
[contd…]

D N E T L
E E D H E S W L X
* * * * *

D N E T L
E E D H E S W L X
F T A A X

Plain Text – defend the east wall

Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
 Introduction
 The Columnar Transposition Cipher is a form of
transposition cipher just like Rail Fence Cipher.
 Columnar Transposition involves writing the plaintext
out in rows, and then reading the ciphertext off in
columns one by one.

Plain Text - "a simple transposition"

Cipher Text
"ALNISESTITPIMROOPASN"
Encryption
 The message is written out in rows of a fixed length, and
then read out again column by column, and the columns
are chosen in some scrambled order.
 Width of the rows and the permutation of the columns are
usually defined by a keyword.
 For example, the word HACK is of length 4 (so the rows
are of length 4), and the permutation is defined by the
alphabetical order of the letters in the keyword. In this case,
the order would be “3 1 2 4”.
 Any spare spaces are filled with nulls or left blank or
placed by a character (Example: _).
 Finally, the message is read off in columns, in the order
specified by the keyword.
Example
 Plain Text - "The tomato
is a plant in the nightshade
family“
 Keyword - tomato
 Cipher Text -
"TINESAXEOAHTFXHT
LTHEYMAIIAIXTA
PNGDLOSTNHMX".
Decryption
 To decipher it, the recipient has to work out the
column lengths by dividing the message length by the
key length.
 Then, write the message out in columns again, then re-
order the columns by reforming the key word.
Example
 Cipher Text -
"TINESAXEOAHTFXHTLTHEYMAIIAIXTA
PNGDLOSTNHMX".
 Keyword - tomato
 Number of rows = length(cipher text)/length(keyword)
= 42 / 6
=7
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

X
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

E T H E T

O I T O I

A N L A N

H E T H E

T S H T S

F A E F A

X X Y X X
 [contd…]
T O M A T O T O M A T O

5 3 2 1 6 4 5 3 2 1 6 4

H E T M T H E T M

T O I A A T O I A

L A N I P L A N I

T H E I N T H E I

H T S A G H T S A

E F A I D E F A I

Y X X X L Y X X X
[contd…]
 Plain Text - "The tomato T O M A T O
is a plant in the nightshade 5 3 2 1 6 4
family“
T H E T O M

A T O I S A

P L A N T I

N T H E N I

G H T S H A

D E F A M I

L Y X X X X
Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition
Affine Cipher
 The Affine Cipher is another example of a
Monoalphabetic Substitution cipher.
 Encryption
C = (aP + b) mod 26
where a and b are the key for the cipher.
 Decryption
P = a-1(C - b) mod 26
a x a-1 = 1 mod 26
Example - Encryption

Plain Text – cool

a=5
b=8

Plain text c o o l
2 14 14 11
5P + 8 18 78 78 63
(5P + 8)mod 26 18 0 0 11
Cipher text S A A L
 Example - Decryption

Cipher Text – SAAL

a=5
b=8
Cipher text S A A L
To find a-1 18 0 0 11
a x a-1 = 1 mod 26
5 x a-1 = 1 mod 26 C–8 10 -8 -8 3
21(C – 8) 210 -168 -168 63
21(C – 8) mod 26 2 14 14 11
5 x 21 = 1 mod 26
Plain text c o o l
Tryout
 Encipher “affine” if the encipherment function is E(x)
= (5x + 8) MOD 26.
 Decipher HPCCXAQ if the encipherment function is
E(x) = (5x + 8) MOD 26.
CRYPTOGRAPHY AND
NETWORK SECURITY
PLAYFAIR CIPHER
06.08.2020
INTRODUCTION
 Playfair cipher was the first practical digraph
substitution cipher.
 The scheme was invented in 1854 by Charles
Wheatstone but was named after Lord Playfair who
promoted the use of the cipher.
 It was used in World War I and II.

 Encryption Steps:
Step 1: Key Generation
Step 2: Encryption Process
STEP 1: KEY GENERATION
 Key Size: 5 X 5
 Key representation: matrix

 I and J occupies same place.

 Example: Key – “MONARCHY”

STEP 2: ENCRYPTION PROCESS
 Pair the given plain text. If the pair contains same letter
then insert least frequently occurring letter and repair it.

Rule 1: If both the letters are in the same column: Take

the letter below each one (going back to the top if at the
bottom).
Example
Diagraph: "me"
Encrypted Text: cl
Encryption: m  c
el
[CONTD…
Rule 2: If both the letters are in the same row: Take the
letter to the right of each one (going back to the leftmost
if at the rightmost position).
Example:
Diagraph: "st"
Encrypted Text: tl
Encryption: s  t
tl
[CONTD…]
Step 3: If neither of the above rules is true: Form a
rectangle with the two letters and take the letters on the
horizontal opposite corner of the rectangle.
Example:
Diagraph: "nt"
Encrypted Text: rq
Encryption: n  r
tq
DECRYPTION PROCESS
 Reverse of Encryption process
ADVANTAGE
 It is significantly harder to break since the frequency
analysis technique used to break simple substitution
ciphers is difficult but still can be used on (25*25) = 625
digraphs rather than 25 monographs which is difficult.
 Frequency analysis thus requires more cipher text to
crack the encryption.
DISADVANTAGE
 An interesting weakness is the fact that a digraph in the
ciphertext (AB) and it’s reverse (BA) will have
corresponding plaintexts like UR and RU. That can
easily be exploited with the aid of frequency analysis, if
the language of the plaintext is known.
 Another disadvantage is that playfair cipher is
a symmetric cipher thus same key is used for both
encryption and decryption.
TRY OUT
 Use Playfair cipher to encrypt the Plain Text –
“cryptography” using Key – “secret”.
 Find the plain text give cipher text as
“GQRMCGTKXEWVPNLX” with the key as “world”.
CRYPTOGRAPHY AND NETWORK
SECURITY
HILL CIPHER
INTRODUCTION
 The Hill Cipher was invented by Lester S. Hill in 1929.
 It is a polygraphic substitution cipher.
 The Hill Cipher uses an area of mathematics called Linear Algebra.
 in particular requires the user to have an elementary understanding
of matrices.
 It also make use of Modulo Arithmetic

 Inputs : String of English letters, A,B,…,Z.

 An nn matrix K, with entries drawn from 0,1,…,25.
(The matrix K serves as the secret key. )
 Divide the input string into blocks of size n.
FORMULA
 Encryption
 C = PK mod 26
 Decryption
 P = K-1C mod 26
ENCRYPTION – 2 X 2
Let us consider the plaintext as – xyzsdfgh

Let us consider the key as –

Encryption Steps:

1. Grouping – Size of the group is 2 since the key matrix size is

2
{xy, zs, df, gh}

2. Perform encryption using the encryption formula. Hence,

ENCRYPTION – 3 X 3
Let us consider the plaintext as – xyzsdfghs

Let us consider the key as –

Encryption Steps:

1. Grouping – Size of the group is 3 since the key matrix size is

3
{xyz, sdf, ghs}

2. Perform encryption using the encryption formula. Hence,

DECRYPTION – 2 X 2
Let us consider the key as –

Steps to find K-1:

1. Find the Multiplicative Inverse of the Determinant

2. Find the Adjugate Matrix

3. Multiply the Multiplicative Inverse of the Determinant by the Adjugate Matrix

DECRYPTION – 3 X 3
Let us consider the key as –

Steps to find K-1:

1. Find the Multiplicative Inverse of the Determinant

DECRYPTION – 3 X 3
2. Find the Adjugate Matrix

3. Multiply the Multiplicative Inverse of the Determinant by the Adjugate Matrix

CRYPTOGRAPHY AND NETWORK
SECURITY
Foundations of Modern Cryptography
11.09.2020
INTRODUCTION
 Modern cryptography is the cornerstone of computer and
communications security.
 Its foundation is based on various concepts of
mathematics such as number theory, computational-
complexity theory, and probability theory.
CHARACTERISTICS OF MODERN
CRYPTOGRAPHY
Classic Cryptography Modern Cryptography
It manipulates traditional It operates on binary bit sequences.
characters, i.e., letters and digits
directly.
It is mainly based on ‗security It relies on publicly known mathematical
through obscurity‘. The techniques algorithms for coding the information.
employed for coding were kept Secrecy is obtained through a secrete key
secret and only the parties involved which is used as the seed for the
in communication knew about them. algorithms. The computational difficulty
of algorithms, absence of secret key, etc.,
make it impossible for an attacker to
obtain the original information even if he
knows the algorithm used for coding.

It requires the entire cryptosystem Modern cryptography requires parties

for communicating confidentially. interested in secure communication to
possess the secret key only.
CRYPTOGRAPHY AND NETWORK
SECURITY
Perfect Security
PRIVACY
 Alice wants to send a message to Bob without an
adversary Eve figuring out the message.
INTEGRITY AND AUTHENTICITY
 Bob wants to make sure that the message that he
received from Alice is indeed sent by her and not
modified during transit.
PERFECT WORLD
 There is a super-strong pipe between Alice and Bob.
 Both privacy and authenticity goals are met.
REAL WORLD
 The channel between Alice and Bob is public.
 Assume that Alice and Bob share some secret K.
 Alice encodes her message M using a public encryption algorithm E
and K. We write C = EK(M).
 Bob decrypts Alice‘s message using a public decryption algorithm D
and K. We write M = DK(C).
SHANNON‘S ONE TIME PAD
 EK(M) = K (XOR) M and
DK(C) = K (XOR) C
 Example:
 101 (XOR) 111 = 010
 101 (XOR) 010 = 111

 Is this protocol secure?

 Yes. The adversary can only guess each bit with probability
½.
 Problem: The key is as long as the message.
PSEUDORANDOMNESS
 Suppose there was a generator that stretches random bits.

 Idea:
 Choose a short key K randomly.
 Obtain K’=G(K).
 Use K’ as key for the one time pad.
 Issue:
 Such a generator is not possible!
 Any such generator produces a longer string but the string is not random.
[CONTD…]
 What if there is a generator that produces strings that ―appear
to be random‖. The bits are pseudorandom.

 General idea: The bits are not really random but they are as
good as random so we‘ll just use them for our purpose.

 Approach for proving security:

 Carefully define pseudorandomness (―appears to be random‖).

 Argue that if there is an adversary that breaks the protocol (our one
time pad), then the bit string produced by G is not really
pseudorandom.
ATTACKS
 Ciphertext only
 Known plaintext

 Chosen plaintext

 Chosen ciphertext
PERFECT SECRECY - BASIC CONCEPTS
Let P, K and C be sets of plaintexts, keys and cryptotexts.
Let pK(k) be the probability that the key k is chosen from K and let a priory
probability that plaintext w is chosen is pp(w).
k  K, C k   ek w | w  P
If for a key , then for the probability PC(y) that c is
the cryptotext that is transmitted it holds
pC c    p k  p d c.
K P k
k |cC k

For the conditional probability pc(c|w) that c is the cryptotext if w is the plaintext it
holds
pC c | w   p k . K
k |w d k c

Using Bayes' conditional probability formula p(y)p(x|y) = p(x)p(y|x) we get for

probability pP(w|c) that w is the plaintext if c is the cryptotext the expression
PP  w  p k 
pP  k|wdk  c  K
.
k|cC  K  pK k  pP d K c 
PERFECT SECRECY - BASIC RESULTS
Definition A cryptosystem has perfect secrecy if
pP w | c   pP w for all w  P and c  C.

(That is, the a posteriori probability that the plaintext is w,given that the cryptotext is c
is obtained, is the same as a priori probability that the plaintext is w.)

Example CAESAR cryptosystem has perfect secrecy if any of the26 keys is used with
the same probability to encode any symbol of the plaintext.
PERFECT SECRECY - BASIC RESULTS
An analysis of perfect secrecy: The condition pP(w|c) = pP(w) is for all wP and cC
equivalent to the condition pC(c|w) = pC(c).

Let us now assume that pC(c) > 0 for all cC.

Fix wP. For each cC we have pC(c|w) = pC(c) > 0. Hence, for each c€C there must
exists at least one key k such that ek(w) = c. Consequently, |K| >= |C| >= |P|.

In a special case |K| = |C| = |P|. the following nice characterization of the perfect secrecy
can be obtained:

Theorem A cryptosystem in which |P| = |K| = |C| provides perfect secrecy if and only if
every key is used with the same probability and for every wP and every c€C there is a
unique key k such that ek(w) = c.
CRYPTOGRAPHY AND NETWORK
SECURITY
Product Cryptosystem
11.09.2020
PRODUCT CRYPTOSYSTEMS
A cryptosystem S = (P, K, C, e, d) with the sets of plaintexts P, keys K and cryptotexts C
and encryption (decryption) algorithms e (d) is called endomorphic if P = C.
If S1 = (P, K1, P, e(1), d (1)) and S2 = (P, K2, P, e (2), d (2)) are endomorphic cryptosystems,
then the product cryptosystem is

S1  S2 = (P, K1  K2, P, e, d),

where encryption is performed by the procedure
e( k1, k2 )(w) = ek2(ek1(w))
and decryption by the procedure
d( k1, k2 )(c) = dk1(dk2(c)).
Example (Multiplicative cryptosystem):
Encryption: ea(w) = aw mod p; decryption: da(c) = a-1c mod 26.
If M denote the multiplicative cryptosystem, then clearly CAESAR × M is actually the
AFFINE cryptosystem.
Exercise Show that also M  CAESAR is actually the AFFINE cryptosystem.
Two cryptosystems S1 and S2 are called commutative if S1  S2 = S2  S1.
A cryptosystem S is called idempotent if S  S = S.
EXERCISES IVpairs plaintext-cryptotext determine which cryptosystem was used:
 For the following
- COMPUTER - HOWEWVER THE REST UNDERESTIMATES ZANINESS YOUR JUDICIOUS
WISDOM
- SAUNA AND LIFE – RMEMHCZZTCEZTZKKDA

 A spy group received info about the arrival of a new member. Thesecret police succeeded in
learning the message and knew that it wasencrypted using the HILL cryptosystem with a
matrix of degree 2. It also learned that the code ``10 3 11 21 19 5'' stands for the name ofthe
spy and ``24 19 16 19 5 21'', for the city, TANGER, the spy should come from. What is the
name of the spy?
 Decrypt the following cryptotexts. (Not all plaintexts are in English.)
- WFLEUKZFEKZFEJFWTFDGLKZEX
- DANVHEYD SEHHGKIIAJ VQN GNULPKCNWLDEA
- DHAJAHDGAJDI AIAJ AIAJDJEH DHAJAHDGAJDI AIDJ AIBIAJDJ\DHAJAHDGAJDI AIAJ
DIDGCIBIDH DHAJAHDGAJDI AIAJ DICIDJDH
- KLJPMYHUKV LZAL ALEAV LZ TBF MHJPS
 Find the largest possible word in Czech language such that its nontrivial encoding by CAESAR
is again a meaningful Czech word.
 Find the longest possible meaningful word in a European language such that some of its non-
trivial encoding by CAESAR is again ameaningful word in a European language (For example:
e3(COLD) = FROG).
EXERCISES IV
 Decrypt the following cryptotext obtained by encryption with an AFFINE
cryptosystem:
KQEREJEBCPPCJCRKIEACUZBKRVPKRBCIBQCARBJCVFCUPKRIOFKPACUZQEPBKR
XPEIIEABDKPBCPFCDCCAFIEABDKPBCPFEQPKAZBKRHAIBKAPCCIBURCCDKDCCJ
CIDFUIXPAFFERBICZDFKABICBBENEFCUPJCVKABPCYDCCDPKBCOCPERKIVKSCPI
CBRKIJPKAI
 Suppose we are told that the plaintext ―FRIDAY'' yields the cryptotext ―PQCFKU''
with a HALL cryptosystem. Determine the encryption matrix.
 Suppose we are told that the plaintext ―BREATHTAKING‖' yieldsthe cryptotext
―RUPOTENTOSUP'' with a HILL cryptosystem. Determine the encryption matrix.
 Decrypt the following cryptotext, obtained using the AUTOKLAVE cryptotext (using
exhaustive search ?)
MALVVMAFBHBUQPTSOXALTGVWWRG
 Design interesting cryptograms in (at least) one of the languages: Czech, French,
Spanish, Chines?
 Show that each permutation cryptosystem is a special case of the HILL cryptosystem.
 How many 2 × 2 matrices are there that are invertible over Zp, where p is a prime.
 Invent your own interesting and quite secure cryptosystem.
CRYPTOGRAPHY AND NETWORK
SECURITY
Cryptanalysis
11.09.2020
 CIA
 Confidentiality,Integrity and Availability
 Confidentiality: prevent unauthorized reading of

29
Intro
information
 Integrity: prevent unauthorized writing of
information
 Availability: data is available in a timely manner
when needed
 Availability is a ―new‖ security concern
 Due to denial of service (DoS) threats
CRYPTO
 Cryptology  The art and science of making and breaking
―secret codes‖

30
Intro
 Cryptography  making ―secret codes‖

 Cryptanalysis  breaking ―secret codes‖

 Crypto  all of the above (and more)

HOW TO SPEAK CRYPTO
A cipher or cryptosystem is used to encrypt the
plaintext
 The result of encryption is ciphertext

31
Intro
 We decrypt ciphertext to recover plaintext
 A key is used to configure a cryptosystem
 A symmetric key cryptosystem uses the same key
to encrypt as to decrypt
 A public key cryptosystem uses a public key to
encrypt and a private key to decrypt
 Private key can be used to sign and public key used to
verify signature (more on this later…)
 CRYPTO
 Underlying assumption
 The system is completely known to Trudy

32
Intro
 Only the key is secret
 Also known as Kerckhoffs Principle
 Crypto algorithms are not secret
 Why do we make this assumption?
 Experience has shown that secret algorithms are often
weak when exposed
 Secret algorithms never remain secret
 Better to find weaknesses beforehand
 CRYPTO AS A BLACK BOX
key key

33
Intro
Pi Ci Pi
plaintext encrypt decrypt plaintext
ciphertext

 Note Pi is ith ―unit‖ of plaintext

 And Ci is corresponding ciphertext

 ―Unit‖ may be bit, letter, block of bits, etc.

 WHO KNOWS WHAT?
Alice key Trudy key Bob

34
Intro
Pi Ci Pi
plaintext encrypt decrypt plaintext
ciphertext

 Trudy knows the ciphertext

 Trudy knows the cipher and how it works

 Trudy might know a little more

 Trudy does not know the key

 TAXONOMY OF CRYPTOGRAPHY
 Symmetric Key
 Same key for encryption as for decryption

35
Intro
 Stream ciphers and block ciphers
 Public Key
 Two keys, one for encryption (public), and one for
decryption (private)
 Digital signatures  nothing comparable in symmetric
key crypto
 Hash algorithms
CRYPTANALYSIS

 This course focused on cryptanalysis

 Trudy wants to recover key or plaintext

36
Intro
 Trudy is not bound by any rules
 For example, Trudy might attack the implementation, not the
algorithm itself
 She might use ―side channel‖ info, etc.
EXHAUSTIVE KEY SEARCH
 How can Trudy attack a cipher?
 She can simply try all possible keys and test

37
Intro
each to see if it is correct
 Exhaustive key search
 Toprevent an exhaustive key search, a
cryptosystem must have a large keyspace
 Must be too many keys for Trudy to try them all in
any reasonable amount of time
BEYOND EXHAUSTIVE SEARCH

 A large keyspace is necessary for security

38
Intro
 But a large keyspace is not sufficient

 Shortcut attacks might exist

 We‘ll see many examples of shortcut attacks

 In cryptography we can (almost) never prove that

no shortcut attack exists
 This makes cryptography interesting…
 TAXONOMY OF CRYPTANALYSIS
 Ciphertextonly — always an option
 Known plaintext — possible in many cases

39
Intro
 Chosen plaintext
 ―Lunchtime attack‖
 Protocols might encrypt chosen text

 Adaptively chosen plaintext

 Related key

 Forward search (public key crypto only)

 ―Rubber hose‖, bribery, etc., etc., etc.

DEFINITION OF SECURE

 A cryptosystem is secure if the best know attack is to try

40
Intro
all possible keys
 Cryptosystem is insecure if any shortcut attack is known

 By this definition, an insecure system might be harder to

break than a secure system!
DEFINITION OF SECURE

 Why do we define secure this way?

41
Intro
 The size of the keyspace is the ―advertised‖
level of security
 If an attack requires less work, then false
advertising
 A cipher must be secure (by our definition) and
have a ―large‖ keyspace
 Too big for an exhaustive key search
THEORETICAL CRYPTANALYSIS
 Suppose that a cipher has a 100 bit key
 Then keyspace is of size 2100

42
Intro
 On average, for exhaustive search Trudy tests 2100/2 = 299
keys
 Suppose Trudy can test 230 keys/second
 Then she can find the key in about 37.4 trillion years
THEORETICAL CRYPTANALYSIS
 Suppose that a cipher has a 100 bit key
 Then keyspace is of size 2100

43
Intro
 Suppose there is a shortcut attack with ―work‖ equal to
testing about 280 keys
 If Trudy can test 230 per second
 Then she finds key in 36 million years
 Better than 37 trillion, but not practical
APPLIED CRYPTANALYSIS
 In this class, we focus on attacks that produce plaintext
 Not interested in attacks that just show a theoretical weakness

44
Intro
in a cipher
 We call this applied cryptanalysis
 Why applied cryptanalysis?
 Because it‘s a lot more fun…
 And it‘s a good place to start
APPLIED CRYPTANALYSIS: OVERVIEW
 Classic (pen and paper) ciphers
 Transposition, substitution, etc.

45
Intro
 Same principles appear in later sections

 World War II ciphers

 Enigma, Purple, Sigaba
 Stream ciphers
 Shift registers, correlation attack, ORYX, RC4, PKZIP
APPLIED CRYPTANALYSIS: OVERVIEW
 Block ciphers
 Hellman‘s TMTO, CMEA, Akelarre, FEAL

46
Intro
 Hash functions
 Nostradamus attack, MD4, MD5
 Public key crypto
 Knapsack, Diffie-Hellman, Arithmetica, RSA, Rabin, NTRU,
ElGamal
 Factoring, discrete log, timing, glitching
WHY STUDY CRYPTOGRAPHY?
 Information security is a big topic
 Crypto, Access control, Protocols, Software

47
Intro
 Real world info security problems abound
 Cryptography is the part of information security
that works best
 Using crypto correctly is important

 The more we make other parts of security

behave like crypto, the better
WHY STUDY CRYPTANALYSIS?

 Study of cryptanalysis gives insight into all

aspects of crypto

48
Intro
 Gain insight into attacker‘s mindset
 ―black hat‖ vs ―white hat‖ mentality
 Cryptanalysis is more fun than cryptography
 Cryptographers are boring
 Cryptanalysts are cool
 But cryptanalysis is hard
QUESTION 1
 Caesar wants to arrange a secret meeting with Antony,
either at the Tiber (the river) or at the Coliseum (the
arena). He sends the cipher text EVIRE. However,
Antony does not know the key, so he tries all
possibilities. Where will he meet Caesar?
QUESTION 2
 Using this Playfair matrix
Encrypt the message:
―Must see you over Cadogan West, Coming
at once‖

M F H I/J K
U N O P Q
Z V W X Y
E L A R G
D S T B C
QUESTION 3
 Decipher the message, YIFZMA using the Hill cipher
with the inverse key.

 9 13 
 
2 3 
QUESTION 4
 Encrypt the message ―PAY‖ using hill cipher with the
following key matrix and show the decryption to get
original plain text.

17 17 5
21 18 21
2 2 19