Information and Network Security

Ms. Hansa Vaghela , Assistant Professor

Computer Science & Engineering
 CHAPTER-2
Classical Encryption Techniques
Outline

• Symmetric Cipher Model

• Cryptanalysis
• Cryptanalysis Attacks
• Substitution Techniques
• Transposition Techniques
• Steganography
Encryption and Decryption

Encryption and Decryption[2]

Terminologies
• Plaintext: original message
• Cipher text: encrypted or coded message
• Encryption: convert from plaintext to cipher text (enciphering)
• Decryption: restore the plaintext from cipher text (deciphering)
• Key: information used in cipher known only to sender/receiver
• Cipher: a particular algorithm (cryptographic system)
• Cryptography: study of algorithms used for encryption
• Cryptanalysis: study of techniques used for decryption without
knowledge of plaintext
• Cryptology: areas of cryptography and cryptanalysis
Symmetric Cipher Model (Conventional Encryption)
• An original message is known as the plaintext, while the coded
message is called the cipher text.

Symmetric Cipher Model [4]

Symmetric Cipher Model (Conventional Encryption)
• The process of converting from plaintext to cipher text is known as
enciphering or encryption; restoring the plaintext from the cipher
text is deciphering or decryption.
• Plaintext is the original intelligible message or data that is fed into
the algorithm as input.
• Encryption algorithm performs various substitutions and
transformations on the plaintext.
• Decryption algorithm is essentially the encryption algorithm run in
reverse.
• It takes the cipher text and the secret key and produces the
original plaintext.
Symmetric Cipher Model (Conventional Encryption)
• Two requirements for secure use of conventional encryption.

1. we need a strong encryption algorithm. At a minimum, we would

like the algorithm to be such that an opponent who knows the
algorithm and has access to one or more cipher texts would be
unable to decipher the cipher text or figure out the key.

– This requirement is usually stated in a strong form: The

opponent should be unable to decrypt cipher text or discover
the key even if he or she is in possession of a number of cipher
texts together with the plaintext that produced each cipher
text.
Symmetric Cipher Model (Conventional Encryption)

2. Sender and receiver must have obtained copies of the secret key
in a secure fashion and must keep the key secure. If someone can
discover the key and knows the algorithm, all communication
using this key is readable.
Symmetric Cipher Model (Conventional Encryption)
• Plain text X=[x1,x2,x3...]
•
• Key K=[k1,k2,...]

• Cipher text Y=[y1,y2,...]

• Encryption
Y=E(K,X)
• Decryption
X=D(K,Y)
Symmetric Cipher Model (Conventional Encryption)

Symmetric Cipher Model[3]

Cryptography and Cryptanalysis
• Cryptography(Secret Writing) is the process of protecting
information by transforming it into a secure (unreadable) format.

Cryptography[2}

• Cryptanalysis is the decryption and analysis of encrypted text.

Cryptanalysis uses mathematical formulas to search algorithm
vulnerabilities and break into cryptography.

Cryptanalysis[2]
 Cryptography
• Cryptography is the study of mathematical techniques related to
aspects of information security such as confidentiality, data integrity,
and entity/data origin authentication.
• Characterized in three dimensions:
– Type of operation used
1) Substitution : Elements of plaintext are mapped into another
element
2) Transposition : Elements of plaintext are rearranged
 Cryptography
– The Number of keys used
1) Symmetric, Single-key, Secret-key, Conventional Encryption:
Same Key is Used
2) Asymmetric, two-key, Public-key : different keys are used
• Way in which the plaintext is processed
1) Stream Cipher : processes the input elements continuously,
producing output one element at a time.

2) Block Cipher : processes the input one block of elements at a time,

producing an output block for each input block.
Cryptanalysis

• Cryptanalysis is the study of mathematical techniques for

attempting to defeat cryptographic techniques that provide
information security services.
• Cryptanalysis means “breaking the code”.
• Techniques used for deciphering a message without any
knowledge of enciphering details fall into the area of
cryptanalysis.
Cryptanalysis

• Typically, the objective of attacking an encryption system is to

recover the key in use rather then simply to recover the plain
text.
• Two approaches:
⮚ cryptanalytic attack
⮚ brute-force attack
 Cryptanalysis
• Brute-force attack
• A brute-force attack involve trying every possible key until an
intelligible translation of the cipher text into plaintext is obtained.

Brute force attack[2]

 Cryptanalysis

• Cryptanalysis attacks
• Cryptanalysis attacks rely on
– the nature of the algorithm plus
– some knowledge of the general characteristics of the plain
text or even some sample plaintext-cipher text pairs.
• This type of attack exploits the characteristics of the algorithm to
attempt to deduce a specific plaintext or to deduce the key
being used.
Types of Cryptanalysis Attacks

Types of Attacks[3]
Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Cipher text Encryption algorithm, Cipher text
Only

Cipher text only attack[2}

Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Known Encryption algorithm, Cipher text, One or more plaintext-
Plaintext cipher text pairs formed with the secret key

Attacks on Encrypted Messages [3]

Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack
Chosen Encryption algorithm, Cipher text, Plaintext message chosen
Plaintext by cryptanalyst

Attacks on Encrypted Messages [3}

Attacks on Encrypted Messages
Type of Known to cryptanalyst
Chosen Cipher Encryption algorithm, Cipher text, Cipher text chosen by
Attack
text cryptanalyst, with its corresponding decrypted plaintext
generated with the secret key

Attacks on Encrypted Messages [3}

 Attacks on Encrypted Messages
Type of Known to cryptanalyst
Attack text
Chosen Encryption algorithm, Cipher text, Plaintext chosen by
cryptanalyst, with its corresponding cipher text generated
with the secret key , Cipher text chosen by cryptanalyst, with
its corresponding decrypted plaintext generated with the
secret key
Unconditional Security

• An encryption scheme is unconditionally secure if the cipher text

generated by the scheme does not contain enough information
to determine uniquely the corresponding plaintext, no matter
how much cipher text is available.

• That is, no matter how much computer power or time is

available, the cipher cannot be broken since required
information is not there.
Unconditional Security

• There is no encryption algorithm that is unconditionally secure

except one-time pad. So,
– The cost of breaking cipher exceeds the value of encrypted
information
– The time required to break cipher exceeds the useful lifetime
of the information
Computational Security
• An encryption scheme is said to be computationally secure if
either of the following two criteria are met.

– The cost of breaking the cipher exceeds the values of the

encrypted information.

– The time required to break the cipher exceeds the useful

lifetime of the information.
Symmetric key cryptography
• An original message is known as the plaintext, while the coded
message is called the cipher text.

• The process of converting from plaintext to cipher text is known as

encryption or enciphering.

• Restoring the plaintext from the cipher text is known as decryption

or deciphering.

• Techniques used for deciphering a message without any knowledge

of the enciphering details fall into the area of cryptanalysis.
Symmetric key cryptography

• Symmetric encryption is a form of cryptosystem in which

encryption and decryption are performed using the same key. It is
also known as conventional encryption.

• Symmetric encryption transform plaintext into cipher text using a

secret key and an encryption algorithm.

• Using the same key and a decryption algorithm, the plaintext is

recovered from the cipher text.
Classical Encryption Techniques
• The two basic building blocks of all encryption techniques are

– Substitution Techniques
• In this the letters of plaintext are replaced by other letters
or by numbers or symbols
– Transposition Techniques
• Performs some sort of permutation on the plaintext letters

• Rearrangement of plaintext to produce cipher text

Substitution Techniques

• A substitution technique is one in which the letters of plaintext are

replaced by other letters or by numbers or symbols.
1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
1) Caesar Cipher
•The Caesar cipher involves replacing each letter of the alphabet with
the letter standing three places further down the alphabet.
•In encryption each plaintext letter P, substitute the cipher text letter C:
C = E(k, P) = (P + k) mod 26
C = E(3, P) = (P + 3) mod 26
•For decryption algorithm is:

P = D(k, C) = (C - k) mod 26
Caesar Cipher
• Let us assign a numerical equivalent to each letter

C = E(3, P) = (P + 3) mod 26
•plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
•cipher: d e f g h i j k l m n o p q r s t u v w x y z a b c
Caesar Cipher

Example:

Plain text: THE QUICK BROWN FOX

Cipher text: W K H T X L F N E U R Z Q IR A
Brute force attack on Caesar Cipher
• The encryption and decryption algorithms are known.

• There are only 25 keys to try.

• The language of the plaintext is known and easily recognizable.

Brute force attack on Caesar Cipher
• Cipher text: ZNK WAOIQ HXUCT LUD

Brute force attack on Caesar cipher [3] Brute force attack on Caesar cipher [3]
Substitution Techniques

1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
2) Monoalphabetic Cipher (Simple substitution)
• It is an improvement to the Caesar Cipher.

• Instead of shifting the alphabets by some number, this scheme uses

some permutation of the letters in alphabet.

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: y n l k x b s h m i w d p j r o q v f e a u g t z c
2) Monoalphabetic Cipher (Simple substitution)

• The sender and the receiver decide on a randomly selected

permutation of the letters of the alphabet.

• With 26 letters in alphabet, the possible permutations are 26! which

is equal to 4x1026.
Attack on Monoalphabetic Cipher
• The relative frequencies of the letters in the cipher text (in
percentages) are

Attack on Mono alphabetic cipher [3]

Attack on Monoalphabetic Cipher
• Cipher text:
– Uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvuephz
hmdzshzowsfpappdtsvpquzwymxuzuhsxepyepopdzszufpomb
zwpfupzhmdjudtmohmq
• In our cipher text, the most common digraph is ZW, which appears
three times. So equate Z with t, W with h and P with e.
• Now notice that the sequence ZWP appears in the ciphertext, and
we can translate that sequence as “the.”
Attack on Monoalphabetic Cipher
• If the cryptanalyst knows the nature of the plaintext, then the
analyst can exploit the regularities of the language.

• The relative frequency of the letters can be determined and

compared to a standard frequency distribution for English.

• If the message were long enough, this technique alone might be

sufficient, but because this is a relatively short message, we cannot
expect an exact match.
Substitution Techniques

1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
3) Playfair Cipher
• The Playfair algorithm is based on a 5 × 5 matrix (key) of letters.
• The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and
then filling in the remainder of the matrix with the remaining letters
in alphabetic order. The letters I and J count as one letter.

•Example:
•Keyword= OCCURRENCE
•Plaintext= TALL TREES

Play fair cipher [3]

Playfair Cipher - Encrypt Plaintext
• Playfair, treats digraph (two letters) in the plaintext as single units
and translates these units into cipher text digraph.
• Make Pairs of letters add filler letter “X” if same letter appears in a
pair.
Plaintext= TALL TREES
Plaintext= TA LX LT RE ES
• If there is an odd number of letters, then add uncommon letter to
complete digraph, a X/Z may be added to the last letter.
Playfair Cipher - Encrypt Plaintext
• Map each pair in key matrix
Cipher text= PF IZ TZ EO RT

• If the letters appear on the same row, replace them with the
letters to their immediate right respectively, wrapping around
to the left side of the row if necessary.
• If the letters are on different rows and columns, replace them
with the letters on other corner of the same row.
• The order is important - the first letter of the pair should be
replaced first.
Playfair Cipher - Encrypt Plaintext
• For example, using the table above,
the letter pair TA would be encoded as
PF.
• Plaintext= TA LX LT RE ESthe
letters appear on the same column,
replace them with the letters
immediately below, wrapping around
to the top if necessary.
• For example, using the table above, the Play fair cipher[3}

letter pair LT would be encoded as TZ.

Play fair Cipher Examples
1. Key= “ engineering ” Plaintext=” test this process ”
2. Key= “ keyword ” Plaintext=” come to the window ”
3. Key= “ moonmission ” Plaintext=” greet ”

Play fair cipher[3}

Play fair cipher[3}

Play fair cipher[3}

Substitution Techniques

1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
4) Hill Cipher
• Hill cipher is based on linear algebra
• Each letter is represented by numbers from 0 to 25 and
calculations are done modulo 26.
• Encryption and decryption can be given by the following formula:
Encryption:

Decryption:
4) Hill Cipher
Hill Cipher Encryption
• To encrypt a message using the Hill Cipher we must first turn our
keyword and plaintext into a matrix (a 2 x 2 matrix or a 3 x 3
matrix, etc. ).
• Example: Key = “HILL”, Plaintext = “EXAM”
Hill Cipher Encryption
Hill Cipher Decryption

Step:1 Find Inverse of key matrix

Step:2 Multiply the Multiplicative Inverse of the Determinant by the
Adjoin Matrix
Step:3 Multiply inverse key matrix with cipher text matrix to obtain
plaintext matrix
Step: 1 Inverse of key matrix
Step: 1 Inverse of key matrix
Step: 2 Modular (Multiplicative) Inverse

• The inverse of a number A is 1/A since A * 1/A = 1

e.g. the inverse of 5 is 1/5
• In modular arithmetic we do not have a division operation.
• The modular inverse of A (mod C) is A-1
• (A * A-1) ≡ 1 (mod C)
Step: 2 Modular (Multiplicative) Inverse
Example:
▪ The modular inverse of A mod C is the A-1 value that makes
A * A-1 mod C = 1
A = 3, C = 11
Since (3*4) mod 11 = 1, 4 is modulo inverse of 3
A = 10, C = 17 , A-1 = ?
Step: 2 Modular (Multiplicative) Inverse
Determinants’ multiplicative inverse Modulo 26

Determinant 1 3 5 7 9 11 15 17 19 21 23 25

Inverse Modulo 26 1 9 21 15 3 19 7 23 11 5 17 25
Step: 3 Multiply with adjoin of matrix
Hill Cipher Encryption
Substitution Techniques

1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
5) Polyalphabetic Cipher

• Mono alphabetic cipher encoded using only one fixed alphabet.

• Polyalphabetic cipher is a substitution cipher in which the cipher

alphabet for the plain alphabet may be different at different
places during the encryption process.
1. Vigenere cipher
2. Vernam cipher
5) Polyalphabetic Cipher

Polyalphabetic cipher[3]
Vigenere Cipher

Keyword : DECEPTIVE
Key : DECEPTIVEDECEPTIVEDECEPTIVE
Plaintext : WEAREDISCOVEREDSAVEYOURSELF
Cipher text : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Vigenere Cipher

Keyword : DECEPTIVE
Key : DECEPTIVEWEAREDISCOVEREDSAV
Plaintext : WEAREDISCOVEREDSAVEYOURSELF
Vernam Cipher
• The cipher text is generated by applying the logical XOR
operation to the individual bits of plaintext and the key stream.

Vernam cipher[3]
Substitution Techniques

1) Caesar Cipher
2) Monoalphabetic Cipher
3) Playfair Cipher
4) Hill Cipher
5) Polyalphabetic Ciphers
6) One-Time Pad
One time pad
• The one-time pad, which is a provably secure cryptosystem,
was developed by Gilbert Vernam in 1918.
• The message is represented as a binary string (a sequence of 0’s
and 1’s using a coding mechanism such as ASCII coding.
• The key is a truly random sequence of 0’s and 1’s of the same
length as the message.
One time pad

One time pad[3]

Transposition Techniques
• A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.
• The simplest such cipher is the rail fence technique, in which
the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows.
• For example, to send the message “Meet me at the park” to
Bob, Alice writes

Transposition Techniques[3]

• She then creates the cipher text “MEMATEAKETETHPR”.

Rail fence technique
• A more complex scheme is to write the message in a rectangle,
row by row, and read the message off, column by column, but
permute the order of the columns.
• The order of the columns then becomes the key to the
algorithm.
Key: 4312567
1234567
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
wo a m x y z
Cipher text: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Cryptography and Cryptanalysis
• Cryptography and Cryptanalysis

• Cryptography is the study of the design of techniques for

ensuring the secrecy and/or authenticity of information

• Cryptanalysis deals with the defeating such techniques to

recover information, or forging information that will be
accepted as authentic
Cryptographic Algorithms
• Cryptographic algorithms and protocols can be grouped into
four main areas

Cryptographic Algorithms[3]
Cryptographic Algorithms
• Symmetric encryption used to secure the contents of blocks or
streams of data of any size, including messages, files, encryption
keys, and passwords
• Asymmetric encryption used to conceal small blocks of data,
such as encryption keys and hash function values, which are
used in digital signatures.
• Data integrity algorithms used to protect blocks of data, such as
messages, from alteration
• Authentication Protocols are schemes based on the use of
cryptographic algorithms designed to authenticate the identity
of entities.
Security Objectives
• Security objectives for information and computing services are
Confidentiality, Integrity, Availability, Authenticity,
Accountability.

1) Confidentiality:
• Data confidentiality: Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
• Privacy: Assures that individuals control what information
related to them may be collected and stored and by whom
and to whom that information may be disclosed.
Security Objectives
2) Integrity:
• Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.

• System integrity: Assures that a system performs its

intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the
system.

3) Availability: Assures that systems work promptly and service is

not denied to authorized users.
Security Objectives
4) Authenticity:
• The property of being genuine and being able to be verified
and trusted; confidence in the validity of a transmission, a
message, or message originator.
• This means verifying that each input arriving at the system
came from a trusted source.
5) Accountability:
• The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity.
• This supports nonrepudiation, deterrence, fault isolation,
intrusion detection and prevention, and after-action
recovery and legal action.
Threat and Attack
• Threat: A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could
crack security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.

• Attack: An violation on system security that derives from an

intelligent threat; that is, an intelligent act that is a calculated
attempt to avoid security services and violate the security policy
of a system.
Steganography
• Steganography is the art and science of writing hidden messages
in such a way that no one apart from the sender & intended
recipient knows of the existence of the message.

• The word steganography is of Greek origin

words steganos (στεγανός), meaning "covered or protected",
and graphei (γραφή) meaning "writing".

• Cryptography relies on transformation algorithms using key to

scramble a message.
Steganography

• Steganography takes one piece of information and hides it

within another.

• Both are used to protect information but steganography is

concerned with hiding information thereby making it unseen
while cryptography is concerned with encrypting information
thereby making it unreadable.
Steganography
• Some Examples:

• Character marking: where selected letters of text are

overwritten with a special pencil. The marks are ordinarily not
visible unless the paper is held at an angle to bright light.

• Use of invisible ink. Visible when some heat or chemical

applied

• Pin punctures. On selected letters visible in front of light

Steganography

• Typewriter correction ribbon visible under strong light

Types of Steganography:

Audio steganography
Video steganography
Textual steganography
Image steganography
Steganography
Steganography
 References
[1] Information Security Articles, References, & Blogs, UC SANTA BARBARA
https://www.it.ucsb.edu/general-security-resources/information-security-articles-
references-blogs
[2] What is Information Security? cisco
https://www.cisco.com/c/en_in/products/security/what-is-information-security-
infosec.html
[3] CRYPTOGRAPHY AND NETWORK SECURITY. Harlow: Tata McGraw-Hill.
[4] Nutt, G. J. (2004). Operating systems: A modern perspective. Boston:
Pearson/Addison Wesley.
[5] Cyber Security Strategies. Tutorials point.
https://www.tutorialspoint.com/information_security_cyber_law/
cyber_security_strategies.htm
www.paruluniversity.ac.in