By: Nihal Kumar

UNIT - 5

DOMAIN NAME SYSTEM

Generic Domain: The generic domain is also called the organization domain, divides registered
hosts according to their generic behaviour. Generic domain names, read left to the right , start
with the most specific information about the host(e.g. the name of the workstation) and become
more and more general with each label until they reach the rightmost label, which describes the
broadcast affiliation of the normal host i.e., the nature of the organization.
By: Nihal Kumar

The first level of the generic domain convention allows seven possible three character labels
describing organization type.

1. Com. commercial organization.

2. edu.: educational institution .
3. gov.: government institution.
4. int.: international organization.
5. mil.: military group.
6. net.: Network support center.
7. org. organizations other than listed above.

Each domain name corresponds to a particular IP address. To find the address, the resolution
application begins searching with the first level. As a much is found, a pointer leads to the next
level and finally to the associated IP address.

Country Domain: The country domain convention follows the same format as generic domain,
but uses two character country abbreviation in place of three character organizational
abbreviations at the first level shown in table. Second level labels can be organizational or they
can be more specific national designations.

Table: SOME DOMAIN NAME SYSTEM COUNTRY CODE

Country Code Country Name Country Code Country Name

AE Arubeme rates IN India

AU Australia IT Italy
BE Belgium JP Japan
CA Canada KW Kuwait
CH Switzerland NL Netherlands
DE Germany NO Norway
DK Denmark NZ Newzeland
ES Spain SE Sweden
FI Finland US United States of
America
GR Greece

Reverse Domain: If we have the IP address and need the domain name, you can reverse
domain the functions of DNS.
The domain can be inserted onto the tree in two ways. For example ugc.control.edu could equally
be listed under the country domain as cs.yale.ct.us.
By: Nihal Kumar

5. CNAME record specifies allows the aliases to be created.

6. PTR is a regular DNS data type whose interpretation depends on the context on which it is
found.
7. The TXT record allows domains to identify themselves in arbitrary way i.e., it is for user
convenience.

 The fourth field in the general structure of resource record is the class. It may be
Internet information, used IN and for non-internet information, other codes are
used.
 The value field can be number, domain name or an ASCII string.

NAME SERVERS
The Inter network Information center (Inter NIC) manages the top level domain names. The Inter
NIC delegates responsibility for assigning names to different organizations. Each organization is
responsible for a specific portion of the DNS tree structure. Internet professionals refer to these
areas of responsibilities as zones.

Alternatively, the Inter NIC delegates responsibility for assigning names with in a specific zone to
specific organizations. Each zone contains some part of the tree and also contains name servers
holding the authoritative information about the zone. Each zone contains one primary name
server and one or more secondary name servers. Primary name server and one or more
secondary name servers. Primary name server gets its information from a file on its disk, the
secondary name server and get their information from the primary name server. One or more
servers are located outside the zone, for each zone, for reliability. The number of name servers
needed in a zone depends on the zone boundaries.

Let us consider an example shown in fig connected with another domain. here a resolver on
“ece.rgm.jntu.in” wants to know the IP address of the host “rgm.aicte.control.edu” can be
explained in 8 steps.

Step 1: It sends a query to the local name server rgm.jntu.in.This query asks a record of type A
and the class IN.
Step 2: If the local name server had no such domain and knows nothing about it, it may ask a few
other near by name servers if none of them know, it sends a UDP packet to the server for “edu”
given in its database (see fig) edu.server.net.
Step 3: It forwards the request to the name server control.edu.
By: Nihal Kumar

Step 4: And in turn this forwards the request aicte.control.edu, which has authoritative resource
records.
This is the request from client to a server, the resource record requested will work its way
back in step 5 to step 8.Once these records get back to rgm.jntu.in name server, they will be
entered into a cache/memory. However this information is not authoritative, since changes made
at aicte.control.edu will not be propagated to all the memories in the world. For this reason cache
should not live too long, so time-to-live field is used in each resource record. It tells the name
server how long to cache records.

jntu.rgm edu name control name aicte name

Source domain name server server server server

ece.rgm. edu.server. Control. edu aicte.control.

rgm.jntu. in net
jntu.in edu

Resource record

WORKING OF A RESOLVER FOR A DOMAIN IN 8 STEPS

ELECTRONIC MAIL
Electronic mail or E-mail as it is popularly called, is a system that allows a person or a group to
electronically communicate with each other through a netork. Presently people can now receive
and send e-mail to:
 nearly any country in the world.
 one of millions of computer users.
 many users at once.
 computer programs.
The first e-map systems consisted of file transfer protocols, with the convention that the first line
of each message contained the recipient address. Some of the complaints at that time were

1. Sending a message to a group of people was inconvenient.

2. Messages had no internal structure, making computer processing difficult.
3. The sender never knew if a message arrived or not.
By: Nihal Kumar

4. It is difficult to forward the mails.

5. It is not possible to create and send messages containing a mixer of text, drawing
facsimile and voice.

After a decade of competition, email systems based on RFC822 are widely used, where all the
above problems are solved.

BASIC FUNCTIONS

Email systems support five basic functions, which are: Composition, Transfer, Reporting,
Displaying and Disposition.
1. Composition is a process for creating the messages and answers. This can be done by
text editor, outside the mailer, the system will provide assistance in addressing and
numerous header fields attached to each message. For eample:when answering a
message, the e mail system can extract the originator’s address from the incoming e-mail
and automatically insert it into the address space in reply.
2. Transfer refers to moving of messages from the source to the recipent. In some cases,
connection establishment is needed with the destination, outputting the message and
releasing the connection. The e-mail system should do automatically this.
3. Reporting is used to indicate the originator what happened to the message i.e.,
confirmation of the message delivery. Was it delivers successfully? Was it rejected? Was
it lost? Did errors occur?
4. Displaying It refers to read the incoming e-mail by the person. Sometimes conversion is
required or a special viewer must be invoked.
5. Disposition It concerns what the recipient does with the message after receiving it. The
possibilities are
(a) Throwing it away before reading
(b) Throwing it away after reading.
(c) Saving it and so on. It is also possible to forward them or process them in other
ways.
In addition to these basic services, most of e-mail systems provide a large variety of advanced
features such as
(a) It allows to create a mailbox to store incoming e-mail.
(b) It allows to have a mailing list, to which the e-mail messages have to send.
(c) Carbon copies, high priority email, secret email, registered email etc.
By: Nihal Kumar

THE USER AGENT

The user agent is a program that allows users to read reply to, forward, save and compose
messages. User agents for electronic mail are sometimes called mail readers. Some user agents
have menu or icon driven interface that requires a mouse, some other requires only 1 character
command from keyboard.

Sending e-mail: To send an email message the user must provide

(a) message
(b) destination address and
(c) priority or security levels (options).

 Message can be produced with a free standing text editor, a word processing
program or by using a text editor built into the user agents. The format of an e-mail
message is similar to that of a conventional letter.
There are two main parts: Header and body.
The header contains out name and address, the name and address of the person it’s
being sent to, the name and address of the person who is being sent a copy, the date of the
message and the subject when we receive an e-mail from someone, the header tells us where it
came from, what it is about, how it was sent and when.

The body is the place where we write the contents of what we want to communicate. The
message sent should be simple and direct. Body is entirely for human recipient.

 The designation address must be in a format that the user agent can deal with. The basic
form of e-mail address is
User name @host name.subdomain.domain.

The text before the sign @(pronounced “at”) specifies the user name of the individual, the text
after the @ sign indicates how the computer system can locate that individual’s mailboxes.
For example
mvs@cs.colorado.edu
Here cs is a sub domain of Colorado is a sub domain of edu.the edu specifies the top-level
domain name.
The number of periods (pronounced as dots) varies from e-mail address.
Reading e-mail: On connecting to the net, the first thing a user usually does is check his mail, it’s
like checking the mailbox when we go home. The display like fig 5.28 appears on the screen.
By: Nihal Kumar

Each line refers to one message. In the fig, the mailbox contains 4 (four) messages. The display
line contains several fields, which provides user profile.

S.No Flag Bytes Sender Subject

1. K 1000 n/p Got the job

2. KA 2000 Smer Request for MP

3. KF 4000 Vimicro Repair of controller

4. 1536 hiq Enquiry of the book

AN EXAMPLE OF THE CONTENTS OF THE MAIL BOX

 The first field is the message number.

 The second field is flags, can contain,
K-means that, message was read previously and kept in mail box.
A-means the message has already answered and
F-message has been forwarded to someone else.
 The third field indicates the length of the message in bytes.
 Fourth field tells who sent the message, this field is simple extracted from the message, so
this field contains initials, log in name, first name etc.
 The last field is a ‘subject field’ gives brief summary of the message.
MESSAGE FORMATS
The e-mail message format was defined in RFC 822.There are two types: ASCII
e-mail and multimedia extensions.
ASCII e-mails using RFC 822: The e-mail message consists of a primitive envelope, some
number of header fields, a blank like and then message body.
Each header field consists of a single line of ASCII text containing the field name, a colon, and
a value of RFC.
The list of header fields related to message transport are
 A recipient’s address or “To”
 A sender’s address or “From”
 A subject.

The email header may additionally contain.

 A List of “Cd”: This is a list of e-mail or ‘carbon copies’ addresses to whom a copy of the
message is to be delivered. Multiple e-mail addresses in the “Cc” field are separated by a
comma.
By: Nihal Kumar

 A List of “Bc”: This is same as “Cc” except that this is a carbon copy. The list of recipients
is not visible to the person who receives this message.
 Attached: This is a convenient method to share both data and programs. These files may
be attached or enclosed with an e-mail message.
 Signature: It contains sender’s full name and address or whatever information the sender
wishes to send.
Instead of creating a message from the scratch, we may choose to reply or forward the
messages.
 Replying: When we reply a message, the sender’s address is automatically put in the
“To” header and subject of the original message is reduced proceeded by Re, for the
reply.
 Forwarding: When we forward a message, the subject of the original message is reused,
with prefix “FW”.We must specify the e-mail address of the recipient of the forward
message.
 Redirecting: Some e-mail programs allow to redirect messages. It is similar to forwarding
a message, except that the message retains the original sender in the form header and
adds a notation that the message comes through you.

Introduction to World Wide Web

1) The World Wide Web (WWW) is a collection of documents and other web resources
which are identified by URLs, interlinked by hypertext links, and can be accessed and searched
by browsers via the Internet.
2) World Wide Web is also called the Web and it was invented by Tim Berners-Lee in
1989.
3) Website is a collection of web pages belonging to a particular organization.
4) The pages can be retrieved and viewed by using browser.
By: Nihal Kumar

Let us go through the scenario shown in above fig.

1) The client wants to see some information that belongs to site 1.

2) It sends a request through its browser to the server at site 2.
3) The server at site 1 finds the document and sends it to the client.

Client (Browser):

1) Web browser is a program, which is used to communicate with web server on the Internet.
2) Each browser consists of three parts: a controller, client protocol and interpreter.
3) The controller receives input from input device and use the programs to access the
documents.
4) After accessing the document, the controller uses one of the interpreters to display the
document on the screen.

Server:

1) A computer which is available for the network resources and provides

service to the other computer
on request is known as server.
2) The web pages are stored at the server.
3) Server accepts a TCP connection from a client browser.
4) It gets the name of the file required.
5) Server gets the stored file. Returns the file to the client and releases the
top connection.
By: Nihal Kumar

Uniform Resource Locater (URL)

1) The URL is a standard for specifying any kind of information on the Internet.
2) The URL consists of four parts: protocol, host computer, port and path.
3) The protocol is the client or server program which is used to retrieve the document or
file. The protocol can be ftp or http.
4) The host is the name of computer on which the information is located.
5) The URL can optionally contain the port number and it is separated from the host
name by a colon. Path is the pathname of the file where the file is stored.

Hyper Text Transfer Protocol-

HTTP is short for Hyper Text Transfer Protocol.

It is an application layer protocol.

Purpose-

It is mainly used for the retrieval of data from websites throughout the internet.
It works on the top of TCP/IP suite of protocols.

Working-

HTTP uses a client-server model where-

Web browser is the client.

Client communicates with the web server hosting the website.
By: Nihal Kumar

Whenever a client requests some information (say clicks on a hyperlink) to the website server.

The browser sends a request message to the HTTP server for the requested objects.

Then-

HTTP opens a connection between the client and server through TCP.
HTTP sends a request to the server which collects the requested data.
HTTP sends the response with the objects back to the client.
HTTP closes the connection.

HTTP Connections-

HTTP connections can be of two types-

Non-persistent HTTP connection

Persistent HTTP connection
By: Nihal Kumar
By: Nihal Kumar

File Transfer Protocol (FTP)

File Transfer Protocol(FTP) is an application layer protocol which moves files between local and
remote file systems. It runs on the top of TCP, like HTTP. To transfer a file, 2 TCP connections are
used by FTP in parallel: control connection and data connection.

What is control connection?

For sending control information like user identification, password, commands to change the
remote directory, commands to retrieve and store files, etc., FTP makes use of control
connection. The control connection is initiated on port number 21.

What is data connection?

For sending the actual file, FTP makes use of data connection. A data connection is initiated on
port number 20.
FTP sends the control information out-of-band as it uses a separate control connection. Some
protocols send their request and response header lines and the data in the same TCP
connection. For this reason, they are said to send their control information in-band. HTTP and
SMTP are such examples.

FTP Session :
When a FTP session is started between a client and a server, the client initiates a control TCP
connection with the server side. The client sends control information over this. When the
server receives this, it initiates a data connection to the client side. Only one file can be sent
over one data connection. But the control connection remains active throughout the user
session. As we know HTTP is stateless i.e. it does not have to keep track of any user state. But
FTP needs to maintain a state about its user throughout the session.
By: Nihal Kumar

Data Structures : FTP allows three types of data structures :

1) File Structure – In file-structure there is no internal structure and the file is considered to
be a
continuous sequence of data bytes.
2) Record Structure – In record-structure the file is made up of sequential records.
3) Page Structure – In page-structure the file is made up of independent indexed pages.

FTP Commands – Some of the FTP commands are :

USER – This command sends the user identification to the server.

PASS – This command sends the user password to the server.
CWD – This command allows the user to work with a different directory or dataset for file storage
or
retrieval without altering his login or accounting information.
RMD – This command causes the directory specified in the path-name to be removed as a
directory.
MKD – This command causes the directory specified in the pathname to be created as a
directory.
PWD – This command causes the name of the current working directory to be returned in the
reply.
RETR – This command causes the remote host to initiate a data connection and to send the
requested file
over the data connection.
STOR – This command causes to store a file into the current directory of the remote host.
LIST – Sends a request to display the list of all the files present in the directory.
ABOR – This command tells the server to abort the previous FTP service command and any
associated
transfer of data.
QUIT – This command terminates a USER and if file transfer is not in progress, the server closes
the control
connection.

FTP Replies – Some of the FTP replies are :

200 Command okay.

530 Not logged in.
331 User name okay, need a password.
225 Data connection open; no transfer in progress.
221 Service closing control connection.
551 Requested action aborted: page type unknown.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
By: Nihal Kumar

Trivial File Transfer Protocol (TFTP):

It is also file transfer protocol without sophisticated features of FTP.

It is good for simple file transfers, such as during boot time.
It uses UDP as transport layer protocols. Errors in the transmission (lost packets, checksum
errors) must be handled by the TFTP server.
It uses only one connection through well known port 69.
TFTP uses a simple lock-step protocol (each data packet needs to be acknowledged). Thus
the throughput is limited

Anonymous FTP :

Anonymous FTP is enabled on some sites whose files are available for public access. A user
can access these files without having any username or password. Instead, the username is
set to anonymous and password to the guest by default. Here, user access is very limited.
For example, the user can be allowed to copy the files but not to navigate through
directories.
REMOTE LOGIN PROTOCOLS

A client/server model can create a mechanism that allows a user to establish a session
on the remote machine and then run its applications. This application is known as
remote login. This can be done by a client/server application program for the desired
service. Two remote login protocols are TELNET and SSH.
TELNET Protocol
TELNET (terminal network) is a TCP/IP standard for establishing a connection to a
remote system. TELNET allows a user to log in to a remote machine across the
Internet by first making a TCP connection and then pass the detail of the application

from the user to the remote machine..

Logging to Remote Servers
With TELNET, an application program on the user's machine becomes the client. The
user's keyboard and its monitor also attach directly to the remote server. The remote-
logging operation is based on timesharing, whereby an authorized user has a login
name and a password. TELNET has the following properties.
By: Nihal Kumar

• Client programs are built to use the standard client/server interfaces without knowing
the details of server programs.
• A client and a server can negotiate data format options.
• Once a connection is established through TELNET, both ends of the connection are
treated symmetrically.

When a user logs in to a remote server, the client's terminal driver accepts the
keystrokes and interprets them as characters by its operating system. Characters are
typically transformed to a universal character set called network virtual terminal
(NVT), which uses 7-bit USASCII representation for data. The client then establishes
a TCP connection to the server. Texts in the NVT format are transmitted using a TCP
session and are delivered to the operating system of the remote server. The server
converts the characters back from NVT to the local client machine's format.
Secure Shell (SSH) Protocol
Secure Shell (SSH), another remote login protocol, is based on UNIX programs. SSH
uses TCP for communications but is more powerful and flexible than TELNET and
allows the user to more easily execute a single command on a remote client. SSH has
the following advantages over TELNET.
• SSH provides a secure communication by encrypting and authenticating messages.

• SSH provides several additional data transfers over the same connection by
multiplexing multiple channels that are used for remote login.
SSH security is implemented by using public-key encryption between the client and
remote servers. When a user establishes a connection to a remote server, the data being
transmitted remains confidential even if an intruder obtains a copy of the packets sent
over an SSH connection. SSH also implements an authentication process on messages
so that a server can find out and verify the host attempting to form a connection.
Normally, SSH requires users to enter a private password.
The advantage of port forwarding is that application data can be passed between two
sites the client and the second server without requiring a second client and server the
first server as a client and the second server.Figure 5.7 shows the format of an SSH
packet.
By: Nihal Kumar

• Padding causes an intrusion to be more difficult.

• Type identifies the type of message.
• CRC, or cyclic redundancy check, is an error-detection field.

• Length indicates the size of the packet, not including the length field or the variable-
length random padding field that follows it.

Figure 5.7. SSH packet format

By: Nihal Kumar

Network Security
Security Attacks

Attacks on the security of a computer system or network are best characterized by viewing the
function of the computer system as providing information.

There are four general categories of attack:

 Interruption: An asset of the system is destroyed or becomes unavailable or unusable.

This is an attack on availability. Examples include destruction of a piece of hardware, such
as a hard disk, the cutting of a communication line, or the disabling of the file management
system.
 Interception: An unauthorized party gains access to an asset. This is an attack on
confidentiality. The unauthorized party could be a person, a program, or a computer.
Examples include wiretapping to capture data in a network, and the illicit copying of files or
programs.
 Modification: An unauthorized party not only gains access to but tampers with an asset.
This is an attack or integrity. Examples include changing values in a data file, altering a
program so that it performs differently, and modifying the content of messages being
transmitted in a network.
 Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an
attack on authenticity. Examples include the insertion of spurious messages in a network
or the addition of records to a file.
By: Nihal Kumar

Information Information
Source destination

(a) Normal flow

(b) Interruption (C) Interception

(d) Modification (e) Fabrication

CONVENTIONAL ENCRYPTION MODEL

The original intelligible message, referred to as plaintext, is converted into apparently
random nonsense, referred to as ciphertext. The encryption process consists of an algorithm and
a key. The key is a value independent of the plaintext. The algorithm will produce a different
output depending on the specific key being used at he time. Changing the key changes the output
of the algorithm.
Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can
be transformed back to the original plaintext by using a decryption algorithm and the same
key that was used for encryption.
The security of conventional encryption depends on the secrecy of the key, not the
secrecy of the algorithm. We do not need to keep the algorithm secret; we need to keep only the
key secret. A source produces a message in plaintext, X = [X1, X2, …….,XM ]. For encryption, a
key of the form K = [K1, K2,……..,KJ] is generated. If the key is generated at the message source,
then it must also be provided to the destination by means of some secure channel. Alternatively, a
third party could generate the key and securely deliver it to both source and destination.
By: Nihal Kumar

With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y = [ Y1, Y2,……., YN]. We can write this as
Y = EK(X)
This notation indicates that Y is produced by using encryption algorithm E as a function of the
plaintext X, with the specific function determined by the value of the key K.
The intended receiver, in possession of the key, is able to invert the transformation:
X = DK(Y)
Substitution Techniques
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns.
Caesar Cipher
The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar. The Caesar
cipher involves replacing each letter of the alphabet with the letter standing three places further
down the alphabet. For example,
plain : meet me after the toga party
cipher : PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:
plain: a b c d e f g I j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
If we assign a numerical equivalent to each letter (a =1, b = 2, etc.), then the algorithm can be
expressed as follows. For each plaintext letter p, substitute the ciphertext letter C:
C = E(p) = (p + 3) mod (26)
A shift may be of any amount, so that the general Caesar algorithm is
C = E(p) = (p + k) mod (26)
Where k takes on a value in the range 1 to 25. The decryption algorithm is simply
P = D(c) = (C - k) mod (26)
Playfair Cipher
The bet-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertext digrams.
The Playfair algorithm is based on the use of a 5 X 5 matrix of letters constructed using a
keyword. Here is an example, solved by Lord Peter Wimsey in Dorothy Sayers’s Have His
carcase.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword from left to right and from top to bottom, and then filling in the remainder of the matrix
By: Nihal Kumar

with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that would fall in the same pair are separated with a filler letter,
such as x, so that balloon would be enciphered as ba lx lo on.
2. Plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the row circularly following the last. For example, mu is encrypted as
CM.
3. Otherwise, each plaintext letter is replaced by the letter that lies in its own row and the
column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM
(or JM, as the encipherer wishes).

Simplified DES
The S-DES decryption algorithm takes an 8-bit block of plaintext (example: 10111101) and a 10-
bit key as input and produces an 8-bit block of ciphertext as output. The S-DES decryption
algorithm takes an 8-bit block of ciphertext and the same 10-bit key used to produce that
ciphertext as input and produces the original 8-bit block of plaintext.
The encryption algorithm involves five functions: an initial permutation (IP); a complex
function labeled f k, which involves both permutation substitution operations and depends on a key
input; a simple permutation function that switches (SW) the two halves of the data; the function fk
again, and finally a permutation function that is the inverse of the initial permutation (IP-1).
The function fk takes as input not only the data passing through the encryption algorithm,
but also an 8-bit key. The algorithm could have been designed work with a 16-bit key, consisting
of two 8-bit subkeys, one used for each occurrence of fk. Alternatively, a single 8-bit key could
have been used, with the same key used twice in the algorithm. A compromise is to use a 10-bit
key from which two 8-bit subkeys are generated, as depicted in fig. In this case, the key is first
subjected to a permutation (P10). Then a shift operation is performed. The output of the shift
operation then passes through a permutation function that produces an 8-bit output (P8) for the
first subkey (K1). The output of the shift operation also feeds into another shift and another
instance of P8 to produce the second subkey (K2).
By: Nihal Kumar

10 - bit key

ENCRYPTION DECRYPTION

P10

8-bit plaintext
8-bit plaintext

Shift

IP

IP-1
P8

K1 K1
fk fk

Shift

SW SW

P8
K2 K2
fk fk

IP-1 IP

Simplified DES Scheme

8-bit ciphertext 8-bit ciphertext
By: Nihal Kumar

We can concisely express the encryption algorithm as a composition of functions:

IP-1 0 fk2 )
SW )
fk1 0 IP

Which can also be written as

ciphertext = IP-1(fk ( SW ( fk ( IP ( plaintext ) ) ) ) )
Where
K1 = P8 (Shift (P10 (key) ) )
K2 = P8 (Shift (Shift (P10 (key) ) ) )

10 –bit key
10

P10

5 5

LS-1 LS-1

5 5

P8
8
K1

LS-1 LS-1

5 5

P8
K2 8

Key Generation for Simplified DES

By: Nihal Kumar

Decryption is also shown in fig. and is essentially the reverse encryption:

plaintext = IP-1 ( fk1 (SW (fk2 ( IP (ciphertext ) ) ) ) )
We now examine the elements of S-DES in more detail.

S-DES Key Generation

S-DES depends on the use of a 10-bit key shared between sender and receiver. From this
key, two 8-bit subkeys are produced for use in particular stages of the encryption and decryption
algorithm. Figure depicts the stages followed to produce the subkeys.
First, permute the key in the following fashion. Let the 10-bit key be designated as ( k1, k2,
k3, k4, k5, k6, k7, k8, k9, k10 ). Then the permutation P10 is defined as P10 (k1, k2, k3, k4, k5, k6, k7,
k8, k9, k10 ) = ( k3, k5, k2, k7, k4, k10, k1, k9, k8, k6 )
P10 can be concisely defined by the display:
P10
3 5 2 7 4 10 1 9 8 6

This table is read from left to right; each position in the table gives the identity of the input bit that
produces the output bit in that position. So the first output bit is bit 3 of the input; the second
output bit is bit 5 of the input, and so on. For example, the key (1010000010) is permuted to
(1000001100). Next, perform a circular left shift (LS-1), or rotation, separately on the first five bits
and the second five bits. In our example, the result is (00001 11000).
Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following
rule:
P8
6 3 7 4 8 5 10 9

The result is subkey 1 (K1). In our example, this yields (10100100).

We then go back to the pair of 5-bit strings produced by the two LS-1 functions and
perform a circular left shift of 2 bit positions on each string. In our example, the value (00001
11000) becomes (00100 00011). Finally, P8 is applied again to produce K2. In our example, the
result is (01000011).

The RSA Algorithm

Description of the Algorithm
The scheme developed by Rivest, Shamir, and Adleman makes use of an expression with
exponentials. Plaintext is encrypted in blocks, with each block having a binary value less than
some number n. That is, the block size must be less than or equal to log2(n); in practice, the block
size is 2k bits, where 2k < n  2k+1. Encryption and decryption are of the following form, for some
plaintext block M and ciphertext block C:
C = Me mod n
M =Cd mod n = (Me)d mod n = Med mod n
Both sender and receiver must know the value of n. The sender knows the value of e, and only
the receiver knows the value of d. Thus, this is a public-key encryption algorithm with a public key
of KU = {e, n} and a private key of KR = {d, n}. For this algorithm to be satisfactory for public – key
encryption, the following requirements must be met:
1. It is possible to find values of e, d, n such that Med = M mod n for all M < n.
2. It is relatively easy to calculate Me and Cd for all values of M< n.
3. It is infeasible to determine d given e and n.
4.
By: Nihal Kumar

Key Generation

Select p,q p and q both prime

Calculate n = p x q
Calculate (n) = (p-1)(q-1)
Select integer e gcd((n), e) =1; 1< e < (n)
Calculate d d = e-1 mod (n)
Public key KU = {e,n}
Private key KR = {d,n}

Encryption

Plaintext: M<n
Ciphertext: C = Me(mod n)

Decryption

Plaintext: C
Ciphertext: M = Cd( mod n)

The RSA Algorithm (a)

Fig (a) summarizes the RSA algorithm.

Example 1:
Select two prime numbers, p=7 and q = 17.
1. Calculate n = pq = 7 X 17 = 119
2. Calculate (n) = (p-1) (q-1) = 96
3. Select e such that e is relatively prime to (n) = 96 and less than (n); in this case, e = 5.
4. Determine d such that de = 1 mod 96 and d < 96. The correct value is d = 77, because 77
X 5 = 385 = 4 X 96 +1.
The resulting keys are public key KU = {5,119} and private key KR = { 77,119}. The example
shows the use of these keys for a plaintext input of M = 19. For

5 ciphertext 77 Plaintext
Plaintext 19 = 2476099 = 20807 with a 66 = 1.27….x 10140 1.06 …..x10138 with 19
66
119 remainder of 119 = a remainder of
66 19

KU = 5, 119 KR = 77,119

Example of RSA algorithm (b)

By: Nihal Kumar

Encryption, 19 is raised to the fifth power, yielding 2476099. Upon division by 119, the remainder
is determined to be 66. Hence 195  66 mod 119, and the ciphertext is 66. For decryption, it is
determined that 6677  19 mod 119.
Example 2 :
p = 3, q = 11, d = 17
assume plaintext symbol M = 5
n = p*q = 33, z = = (3-1) (11 – 1) = 20
Find e such that e * d = 1 mod z (z+1)
[ d = e-1 mod z ] k * z+1 (k =1 here)
e=3 3 X 7 = 1 mod 20
public key = { e,n} = { 3, 33}
private key = { d, n} = { 7, 33}
Encryption M =5
C = Me mod n
= 5e mod 33 = 125 /33 = 3
with reminder 26
ciphertext = 26
decryption c = 26
p =M = Cd mod n = 267 mod 33
= 8031810176/33 = 243388187
with reminder 5
plain text = 5

Example 3:

P = 17, q = 31, e = 7, m = 2
N = 17 X 31 = 527
z = (17-1) (31 – 1) = 16 x 30 = 480
e =7
Finding d such that e * d = 1 mod 480
and d < 480 =k*z+i
e=7
the value obtained is 343 1/7 x (480 x k +1)
publickey = { 7, 527} private key = { 343, 527 }
ciphertext = 27 mod 527
= 128 mod 527 = 0
By: Nihal Kumar

 with reminder = 128

ciphertext = 128
Decryption
128343 mod 527
2 is reminder
 plaintext =2

(a) Encryption

(b) Authentication
By: Nihal Kumar

Public – Key Encryption

Conventional Encryption Public-Key Encryption

Needed to work: Needed to work:
1. The same algorithm with the same key 1. One algorithm is used for encryption
is used for encryption and decryption. and decryption with a pair of keys, one
for encryption and one for decryption.
2. The sender and receiver must share 2. The sender and receiver must each
the algorithm and the key. have one of the matched pair of keys
(not the same one).
Need for Security: Need for Security:
1.The key must be kept secret. 1. One of the two keys must be kept
secret.
2.It must be impossible or at least 2. It must be impossible or at least
impractical to decipher a message if no impractical to decipher a message if no
other information is available. other information is available.
3. Knowledge of the algorithm plus 3. Knowledge of the algorithm plus one
samples of ciphertext must be insufficient of the keys plus samples of ciphertext
to determine the key. must be insufficient to determine the
other key.

X
Cryptanalyst
KRb

Source A Destination B

Message X Y X
Encryption Decryption
source Destination
algorithm algorithm

KUb KRb

Key pair
Source