Cryptography

CSC-316
BSc CSIT 5th Semester
Unit-1

Prepared By: Laxman Bhandari Prepared By: Laxman Bhandari Prepared By: Laxman Bhandari
 Unit-1 Introduction & Classical Cipher (7 Hrs. )

Contents:

1.1 Security:
1.1.1 Computer Security, Information Security, Network Security ,
1.1.2 CIA Traid ,
1.1.3 Cryptography , Cryptosystem , Cryptanalysis ,
1.1.4 Security Threats & Attacks ,
1.1.5 Security Services, Security Mechanisms

1.2 Classical Cryptosystem:

1. Substitution Techniques :
1.1. Ceasar , Monoalphabetic , Playfair, Hill, Polyalphabetic Cipher , One
–time pad
2. Transposition echniques :
2.1. Rail Fence Cipher

1.3 Modern Cipher:

1.3.1 Block vs Stream Ciphers ,
1.3.2 Symmetric vs Asymmetric Ciphers

PREPARED BY : LAXMAN BHANDARI

 Computer Security

• The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information
system resources.

Computer security is a complex field that involves various methods and technologies to protect computer systems and data from potential threats. It focuses on ensuring the confidentiality,
integrity, and availability of information stored and processed within these systems.

 Confidentiality ensures that only authorized individuals can access sensitive information, often achieved through encryption and access control measures.
 Integrity involves maintaining data accuracy and reliability, often verified using techniques like hash functions and digital signatures.
 Availability ensures that computer systems and resources remain accessible to authorized users, often through redundancy and disaster recovery planning.
 Authentication verifies the identity of users or entities accessing a system, using methods such as passwords or biometrics.
 Access control governs the permissions and privileges granted to users within a system, determining what actions they can perform and what resources they can access.
 Intrusion detection and prevention systems monitor system activities to detect and respond to potential security breaches.
 Security policies and procedures establish guidelines for maintaining system security, often enforced through regular audits.
 Risk management identifies, assesses, and mitigates potential security risks, aiming to reduce them to an acceptable level.
 Security awareness and training programs educate users about security risks and best practices.

Computer security requires a comprehensive approach involving technology, policies, risk management, and user education to protect against a range

of threats and vulnerabilities.

Prepared By: Laxman Bhandari

Information Security:

• Information security means protecting information and information systems from unauthorized access, use, modification, or destruction.

• The terms information security, computer security and information assurance are frequently

used interchangeably.

• These fields are interrelated and share the common goals of protecting the confidentiality ,

integrity and availability of information.

With the introduction of the computer, the need for automated tools for protecting the files and other information stored on the computer became evident.

This is especially the case for a shared system as like internet.

• Thus, computer security is the generic name for the collection of tools designed to

protect data and to prevent hackers

PREPARED BY : LAXMAN BHANDARI

Network security :

• consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer
network and network-accessible resources.
• involves the authorization of access to data in a network, which is controlled by the network administrator.
• covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses,
government agencies and individuals.

•Users choose or are assigned an ID and password or other authenticating information that
allows them access to information and programs within their authority.

• Network security is involved in organizations, enterprises, and other types of institutions, it secures the network, as well as protecting and overseeing operations being
done.

• The most common and simple way of protecting a network resource is by

assigning it a unique name and a corresponding password.

• Network security starts with authentication, commonly with a username and a password. Since this requires just one detail authenticating the user name—i.e., the
password—this is sometimes termed one-factor authentication.

• With two-factor authentication, something the user 'has' is also used (e.g., a security

token or 'dongle', an ATM card, or a mobile phone); and

• With three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan).

Prepared By: Laxman Bhandari

 • Once authenticated, a firewall enforces access policies such as what services are allowed to be

accessed by the network users.

• component may fail to check potentially harmful content such as computer worms
or Trojans being transmitted over the network.
• Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of

such malware.

 An anomaly-based intrusion detection system may also monitor the network like wires hark(packet analyzer) traffic and may be logged for audit purposes and for
later high-level analysis.

• Newer systems combining unsupervised machine learning with full network traffic analysis can detect active network attackers from malicious insiders or targeted external
attackers that have compromised a user machine or account.

PREPARED BY : LAXMAN BHANDARI

 Model for Network Security:

• Measures to protect data during their transmission

• Using this model requires us to:

1. design a suitable algorithm for the security transformation

2. generate the secret information (keys) used by the algorithm

3. develop methods to distribute and share the secret information

4. specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Security:

Prepared By: Laxman Bhandari

Model for Network Access Security:

Model for Network Access Security

• Using this model requires us to:

1. select appropriate gatekeeper functions to identify users

2. implement security controls to ensure only authorised users access designated information or resources

• Trusted computer systems may be useful to help implement this model

PREPARED BY : LAXMAN BHANDARI

 Key Security concept:

Fig 1 :CIA Triad

CIA Triad:

• These three concepts(Confidentiality , Integrity, &Availability ) form what is often referred to as the CIA triad.
• The three concepts embody the fundamental security objectives for both data and for information and computing services.
• FIPS PUB 199(Fedral Information Processing Standard) provides a useful characterization of these three objectives in terms of requirements and the definition of a loss of
security in each category:

• Computer Security rests on confidentiality, integrity and availability

Prepared By: Laxman Bhandari

 Confidentiality (Covers Both Data Confidentiality And Privacy i.e. No Unauthorized Access):

• Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
• A loss of confidentiality is the unauthorized disclosure of information.

Confidentiality is the concealment(hiding) of information or resources.

• Cryptography can be the better choice for maintaining the privacy of information, which

traditionally is used to protect the secret messages.

• Similarly, privacy of resources, i.e. resource hiding can be maintained by using proper firewalls.

• Confidentiality is sometimes called secrecy or privacy.

PREPARED BY : LAXMAN BHANDARI

Few method to breach confidentiality:
Tools available to achieve confidentiality:

 Social engineering  VeraCrypt

 Password cracking  TrueCrypt

 Phishing scam
 GnuPG

 Malware attack
 xCRYPT

 Unsecured network and system

 CipherShed

 Insider threat
 BitLocker

Prepared By: Laxman Bhandari

 Integrity :(Covers Both Data And System Integrity i.e. No Modification Of Data):

• Guarding against improper information modification or destruction, and includes

ensuring information:
• non-repudiation (provides proof of the origin, authenticity and integrity of data.

• And also provides assurance to the sender that its message was delivered, as well as proof of the sender's identity to the recipient.
• This way, neither party can deny that a message was sent, received and processed)

• and authenticity.

A loss of integrity is the unauthorized modification or destruction of information.

• Integrity ensures the correctness as well as trust worthiness of data or resources.

• For example, if we say that we have preserved the integrity of an item, we may mean that the item is:
• precise, accurate, unmodified, modified only in acceptable ways, modified only by authorized people, modified only by authorized processes, consistent,
meaningful and usable.

PREPARED BY : LAXMAN BHANDARI

• Integrity mechanisms fall into two classes;

• prevention mechanisms and detection mechanisms.

• Prevention mechanisms are responsible to maintain the integrity of data by blocking any unauthorized attempts to change the data or any attempts to change data in unauthorized ways.

• While detection mechanisms; rather than preventing the violations of integrity; they simply analyze the data’s integrity is no longer trustworthy.

• Such mechanisms may analyze the system events or the data itself to see if required constraints still hold.

Prepared By: Laxman Bhandari

Few methods to breach integrity:

 SQL injection

 Malware attacks

 Man-in the-middle attacks Data tampering

Tools available to achieve integrity

 HashCheck

 astSum

 Md5sum

 Sha1sum

 SFVChecker

 QuickSFV

PREPARED BY : LAXMAN BHANDARI

 Availability (Ensuring Timely And Reliable Access To And Use Of Information I.E. Data Should Be Available )

• A loss of availability is the disruption of access to or use of information or an information system.

• Availability refers to the ability to use the information or resource desired.

• An unavailable system is as bad as no system at all.

• An object or service is thought to be available if;

 It is present in a usable form.

 It has capacity enough to meet the service's needs.

 It is making clear progress, and, if in wait mode, it has a bounded waiting time.
 The service is completed in an acceptable period of time.

Availability is defined in terms of “quality of service,” in which authorized users are expected to receive a specific level of service.

• The aspect of availability that is relevant to security is that someone may intentionally arrange to deny access to data or to service by making it unavailable .
o Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture.

Prepared By: Laxman Bhandari

 2.2. Few methods to breach availability: Tools
available to achieve
availability:
1. DDoS attacks

1. Firewalls
2. Malware attacks

3. Power outages or failure

2. IDS/IPS

4. Natural Disasters 3. Regular backup

5. Human error or system failure

4. Cloud-based solution

Authenticity:
Fig : Relationship between Confidentiality, Integrity and Availability
• The property of being genuine and being able to be verified and
trusted; confidence in

the validity of a transmission, a message, or message originator.

Accountability:

• The security goal that generates the requirement for actions of

an entity to be traced uniquely to that entity.

PREPARED BY : LAXMAN BHANDARI

 Cryptography:

• Cryptography is the art & science of making cryptosystem that is capable of providing information security.

• It is art of protecting information by encrypting it into an unreadable format, called cipher

text.

• Only those who possess a secret key can decipher (or decrypt) the message into plaintext.

• Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking,

although modern cryptography techniques are virtually unbreakable.

• Cryptography enables one to store sensitive information or transmit it across insecure

networks so that it cannot be read by anyone except the intended recipient.

• Cryptography is the science of securing digital data, Cryptanalysis is the science of analyzing and breaking cipher text.
• Cryptanalysis involves the study of cryptographic techniques to test their security strengths.
• Until 1970’s cryptography was considered the domain of military & government only .

• However the worldwide use of computers & the rise of internet have made it an integral part of our daily lives .
• Today cryptography is at the heart of many secure applications such as online banking, online shopping, online government services such as filling personal income taxes, cellular
phones, & wireless LANs etc.

Prepared By: Laxman Bhandari

 Cryptosystem:

• A cryptosystem is an implementation of cryptographic techniques & their accompanying infrastructure to provide information security services.

• It is also known cipher system.

• The given figure is simple model of cryptosystem that provides the confidentiality to the information being transmitted.

• The basic model of cryptosystem is given below:

• The above figure shows a sender (Bob) who wants to transfer some sensitive data to receive (Alice) in such a way that any party intercepting or eves dropping on the
communication channel cannot extract the data.

• An interceptor (or attacker) is an unauthorized entity who attempts to determine the plaintext.

• The objective of this simple cryptosystem is that at the end of the process, only the sender & receiver will know the plaintext.

PREPARED BY : LAXMAN BHANDARI

 Component of Cryptosystem
Encryption: It is the data to be protected during transmission.

Encryption Algorithm: It is cryptographic algorithm that takes plain text & encryption key as input and produces cipher text.

Cipher text: It is the scrambled version of the plaintext produced by encryption algorithm using a specific the encryption key.

• It flows in public channel, which is not guarded.it can be intercepted compromised by anyone who has access to the communication channel.

• Decryption Algorithm:

• It is a cryptographic algorithm that takes cipher text & a decryption key as input & output a plaintext.
• The decryption algorithm essentially reverses of the encryption algorithm.

• Encryption Key:

• It is a value that is known to the sender.

• The sender inputs encryption key into the encryption algorithm along with the plaintext in order to compute the cipher text.
• Decryption Key:

• It is a value that is known to be receiver.

• The decryption key is related to the encryption key, but is not always identical to it.

Prepared By: Laxman Bhandari

 Cryptosystem:

• Cryptosystem is a 5-tuple/quintuple (E, D, M, K, C)

• For Example

Where, (For Caesar Cipher)

M = {sequences of letters}

K = {i | i is an integer and 0 ≤ i ≤ 25}

E = {E | k ∈ K and for all letters m, E (m) = (m + k) mod 26 }

k k

D = {D | k ∈ K and for all letters c, D (c) = (26 + c – k) mod 26} C = M

k k

PREPARED BY : LAXMAN BHANDARI

 Cryptanalysis:

• Cryptanalysis is the study of methods for obtaining the meaning ofencrypted information,

• Typically, this involves finding a secret key.

• Cryptanalysis can be performed under a number of assumptions about how much can be observed or found out about the system under attack.

• It is normally assumed that the general algorithm is known; this is Kerckhoffs' principle of "the enemy knows the system".

• There can be many types of attacks and broadly we categorize them as attack models:

Cryptanalysis:

 objective is to recover the key in use rather then simply to recover the plaintext of a single ciphertext.
There are two general approaches:

• Cryptanalytic attack:

• relies on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext- ciphertext pairs.

• This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Prepared By: Laxman Bhandari

 • Brute-force attacks:

• try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

• On average, half of all possible keys must be tried to achieve success.

 If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.

Cryptanalysis:

• Methods of deciphering Ciphertext without knowing key.

• Depends on the nature of encryption scheme and the information available to Cryptanalyst.

Alan Mathison Turing was a English Mathematician, logician, cryptanalyst, and computer scientist.
During the Second World War, Turing worked for the Government Code and Cypher School at Bletchley Park, Britain's Codebreaking centre.

PREPARED BY : LAXMAN BHANDARI

 Cryptanalytic Attacks:

 Types of cryptanalytic attacks, based on the amount of information known to the cryptanalyst
 ciphertext only
 only know algorithm & ciphertext, is statistical, know or can identify plaintext.

 known plaintext
 know/suspect plaintext & ciphertext

 chosen plaintext
 select plaintext and obtain ciphertext

 chosen ciphertext
 select ciphertext and obtain plaintext

 chosen text
 select plaintext or ciphertext to encrypt/decrypt

Prepared By: Laxman Bhandari

 Cryptanalytic Attacks

Brute force attack:

• The attacker tries every possible key on a piece of cipher text until an intelligible translation into plain text is obtained.

• On average, half of all possible keys must be tried to achieve success.

• The Stallings Table2.2 (next slide) shows how much time is required to conduct a brute- force attack, for various common key sizes (DES is 56, AES is 128, Triple-DES is 168, plus
general mono-alphabetic cipher), where either a single system or a million parallel systems, are used.

PREPARED BY : LAXMAN BHANDARI

 Time is required to conduct a brute-force attack:

Key Size (bits) Number of Alternative Time required at 1 6

Time required at 10
Keys decryption/µs
decryptions/µs
32 32 9 31 2.15 milliseconds
2 = 4.3  10 2 µs = 35.8 minutes
56 56 16 55 10.01 hours
2 = 7.2  10 2 µs = 1142 years
128 128 38 127 24 18
2 = 3.4  10 2 µs = 5.4  10 years 5.4  10 years
168 168 50 167 36 30
2 = 3.7  10 2 µs = 5.9  10 years 5.9  10 years

26 characters 26! = 4  1026 2  10

26
µs = 6.4  10
12
years
6
6.4  10 years
(permutation)

Source: Stallings Table 2.2

Aspect of Security:

 Consider 3 aspects of information security:

 Security attack

 Security mechanism (Control)

 Security service

Prepared By: Laxman Bhandari

  Note terms:
 threat – a potential for violation of security

 vulnerability – a way by which loss can happen

 attack – an assault on system security, a deliberate attempt to evade security services

PREPARED BY : LAXMAN BHANDARI

 The OSI security architecture focuses on security attacks, mechanisms, and services.

These can be defined briefly as follows:

• Security attack: Any action that compromises the security of information owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

In the literature, the terms threat and attack are commonly used to mean more or less the

same thing. Given definitions taken from RFC 2828, Internet Security Glossary.

Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit a vulnerability.
Attack - An assault(physical harm) on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.

Prepared By: Laxman Bhandari

 Types of Attacks:
Attacks are classified as : Passive Attacks:
• A passive attack is an attempt to learn or make use of information from the system without affecting system resources; whereas an active attack is an attempt to alter system
resources or affect their operation.
• The goal of the opponent is to obtain information that is being transmitted.

• Two types of passive attacks are release of message contents and traffic analysis.

• The release of message contents is easily understood (Figure 1.3 a).

• A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information.
• We would like to prevent an opponent from learning the contents of these transmissions.

• Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not
extract the
information from the message.

• The common technique for masking contents is encryption.

• If we had encryption protection in place, an opponent might pattern of these messages. still be able to observe the

• The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged.

• This information might be useful in guessing the nature of the communication that was taking place.

PREPARED BY : LAXMAN BHANDARI

• Passive attacks are:

• very difficult to detect because they do not involve any alteration of the data.

• Typically, the messages are sent and received in seemingly normal fashion.

• Neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern.
• However, it is feasible to prevent the success of these attacks.

• Message encryption is a simple solution to thwart passive attacks.

• Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.

Prepared By: Laxman Bhandari

 Passive attack:

Active Attacks:

• Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:

• Replay

• Masquerade

• Modification of messages, &

• Denial of service.

PREPARED BY : LAXMAN BHANDARI

 • Replay

• involves the passive capture of a data unit and its subsequent retransmission to produce

an unauthorized effect (Figure 1.4 a).

• A masquerade

• takes place when one entity pretends to be a different entity (Figure 1.4 b).

• A masquerade attack usually includes one of the other forms of active attack.

• For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those privileges.

Modification of messages simply means:

• that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect (Figure 1.4 c).
• For example, a message meaning "Allow John Smith to read confidential file accounts" is modified to mean "Allow Fred Brown to read confidential file accounts."

Prepared By: Laxman Bhandari

 • The denial of service

• prevents or inhibits the normal use or management of communications facilities (Figure 1.4 d).
• This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service).
• Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.

PREPARED BY : LAXMAN BHANDARI

 C(Attacker) disturbs services to A

 Active attacks present the opposite characteristics of passive attacks.

• Whereas passive attacks are difficult to detect, measures are available to prevent their success.

• On the other hand , it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities.

• Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.

• If the detection has a deterrent effect, it may also contribute to prevention.

Prepared By: Laxman Bhandari

 3. Passive Versus Active Attacks:

Table : Categorization of passive and active attacks

Security service:

 Enhance security of data processing systems and information transfers of an organization.

 Intended to counter security attacks using one or more security mechanisms

 Often replicates functions normally associated with physical documents

• For example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed

PREPARED BY : LAXMAN BHANDARI

 4. Security service

 X.800:

“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”

 RFC 2828:
“a processing or communication service provided by a system to give a specific kind of protection to system resources”

• X.800 divides these services into five categories and fourteen specific services (Table 2.1).

• Figure here shows all specific services and the category they belong to.

6/10/2024 Prepared By: Laxman Bhandari 35

 Security Mechanism:

• We discuss here the list of the security

• The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are not specific to any particular
protocol layer or security service.

• These mechanisms are called “specific security mechanisms‟ and “pervasive security

mechanism‟.

PREPARED BY : LAXMAN BHANDARI

 Specific Security Mechanisms

• These may be incorporated into the appropriate protocol layer in order to provide some of the

• OSI security services. Some techniques for realizing security are listed here.

1. Encipherment

• This is the process of using mathematical algorithms to transform data into a form that is not readily intelligible.

• The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.

2. Digital Signature

• Data or cryptographic transformation of a data unit is appended to the data, so that the recipient of the data unit is convinced of the source and integrity of the data unit and this
can also serve to protect the data against forgery (e.g., by the recipient).

3. Access Control

• A variety of mechanisms are available that enforce access rights to resources

4. Data Integrity:

6/10/2024 Prepared By: Laxman Bhandari 37

 • A variety of mechanisms may be used to assure the integrity of a data unit or stream of data Units.

PREPARED BY : LAXMAN BHANDARI

5. Authentication Exchange:

•This is a mechanism intended to ensure the identity of an entity by means of information exchange.

6. Traffic Padding:

• The insertion of bits into gaps in a data stream is called traffic padding. This helps to thwart traffic analysis attempts.

7. Routing Control:

•Routing control enables selection of particular physically secure routes for certain data transmission and allows routing changes, especially when a breach of security is
suspected.

8. Notarization:
Pervasive Security Mechanisms:

• These are the mechanisms that are not specific to any particular OSI security service or protocol layer.

6/10/2024 Prepared By: Laxman Bhandari 71

 1. Trusted Functionality
• The process that which is perceived to be correct with respect to some criteria (e.g., as established by a security policy).

2. Security Label
• This is the technique of marking of a bound to a resource (which may be a data unit) that names or designates the security attributes of that resource.

3. Event Detection
• Detection of security-relevant events such as forgery, denial of sending or receiving of data, alteration of data etc. is another important essential mechanism.

4. Security Audit Trail

• Data can be collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.

5. Security Recovery
• This deals with requests from mechanisms, such as event handling and management

functions, and takes recovery actions.

PREPARED BY : LAXMAN BHANDARI

 Techniques

• Mechanisms discussed in the previous section are only theoretical recipes to implement security.
• The actual implementation of security goals needs some techniques.

• Two techniques are prevalent today:

• One (cryptography) is very general

• and the other one (steganography) is specific

A. Cryptography:

• Some security mechanisms listed in the previous section can be implemented using cryptography.

• Cryptography, a word with Greek origin, means “secret writing”.

• However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks.

• Although in the past cryptography reffered only to the encrytion and decryption of messages using secert keys, today it is defined as involving three distinct mechanisms:
symmetric-key encripherment, asymmetric-key encipherment, and hashing.

• We will briefly discuss these three mechanisms here.

6/10/2024 Prepared By: Laxman Bhandari 73

 1. Symmetric-key Encipherment:

• In symmetric encipherment, an entity, say Alice, can send a message to other entity, say Bob,over an insecure channel with the assumption that an adversary, say Eve, cannot
understand the contents of the message by simply eavesdropping over the channel.

• Alice encrypts the message using an encryption algorithm.

• Bob decrypts the message using a decryption algorithm.

• Symmetric-key encipherment uses a single secret key for both encryption and
decryption. Encryption/decryption can be thought of as electronic locking system.

• In symmetric-key enciphering, Alice puts the message in a box and locks the box using
the shared secret key; Bob unlocks the box with the same key and takes out the messages.

2. Asymmetric Encipherment

• In asymmetric encipherment, we have the same situation as the symmetric-key encipherment, with a few exceptions.

• First, there are two keys instead of one; one public key and one private key.

• To send a secure message to Bob, Alice firsts encrypts the message using Bob‟s public key.

• To decrypts the message, Bob uses his own private key.

PREPARED BY : LAXMAN BHANDARI

 3. Hashing

• In hashing, a fixed-length message digest is created out of a variable-length message.

• The digest is normally much smaller than the message. To be useful, both the message and the digest must be sent to Bob.

• Hashing is used to provide checkvalues, which were discussed earlier in relation to providing data integrity.

B. Steganography

• This is the art of hiding messages in another form. Message is not altered as in encryption.

• A text can hide a message. For exmple “red umbrella needed” may mean the message “run”.

• The first letter of each word in the text becomes the message.

• An image can also be used for hiding messages.

6/10/2024 Prepared By: Laxman Bhandari 75

 Cryptography: Categories

Monoalphabetic e.g. Caesar

Substitution
Classical Polyalphabetic e.g. Vigener
(Traditional)
Transposition

Ciphers c.
e.g.
AES Block
c (Public
Key)
e.g.
FISH Stream
e.g. RSA, DSA,
Diffie-
H
e
l
l
m
a
n

e
t

PREPARED BY : LAXMAN BHANDARI

 1.2 Classical Cryptosystem: Substitution Techniques:
 Caesar cipher,

 Monoalphabetic (Substitution cipher),

 Play fair cipher,

 Hill ciphers,

 Polyalphabetic ciphers,

 One-time pad ciphers.

Transposition Techniques:

 Rail Fence Cipher

 Row column traposition

6/10/2024 Prepared By: Laxman Bhandari 1

Classical Ciphers / Historical Ciphers:

 It used processes like substitution and transposition or combination of both called product ciphers.
 These historic ciphers use the single key for both encryption and decryption (symmetric cipher).
 To reduce the cipher attacks, in substitution instead of monoalphabetic (a letter for letter), polyalphabetic (one or more letters for single letter) substitution can be used.
 Substitution Technique: where letters of plaintext are replaced by other letters or by
numbers or symbols

PREPARED BY : LAXMAN BHANDARI

 Classical Cryptosystem

1. Caesar Cipher

• Simplest and earliest known substitution cipher by Julius Caesar.

• The Caesar cipher involves replacing each letter of the alphabet with the letter standing three(3) places further down the alphabet.

• The first attested use in military affairs of one was by Julius Caesar For eg: With a left shift of 3, D would be replaced by A.

6/10/2024 Prepared By: Laxman Bhandari 3

 • mathematically give each letter a number

abcdefghij k l m n o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

• Encryption is Performed by,

E (m) = (m + k) mod 26, where k=3

k

• Similarly, Decryption is performed by

D (c) = (C+26-k) mod 26 For Example: Plaintext: CAB

k
CSIT Ciphertext: FDE FVLW

PREPARED BY : LAXMAN BHANDARI

Encryption Process:

Steps Process Result

1 Plain text(M) “K H A N”

2 i.e. m =10 7 0 13 Let Key(k)=19

3 E (m) = (m + k) mod 26, =(10+19 7+19 0+19 13+19) mod

k
26
4 E (m) = (m + k) mod 26, =(29 26 19 32) mod 26
k
5 E (m) =(3 0 19 6)
k
6 Cipher text(C) =(D A T G)
Decryption process:

Steps Process Result

1 Cipher text(C) =(D A T G)

2 E (m) =(3 0 19 6)
k
3 D (c) = (C+26-k) mod 26 = (C+26-k) mod 26 //similar
k
key(k)=19
4 D (c) = (C+26-k) mod 26 =(3+26-19 0+26-19 19+26-19 6+26-
k
19)
mod 26
5 D (c) = =(10 7 0 13)
k
6 Plain text(M) “K H A N”

6
Prepared By: Laxman Bhandari
 Substitution/Shift Cipher:

• The Caesar cipher is a specific type of substitution cipher, but not all substitution ciphers are Caesar ciphers.

• A substitution cipher is a method of encrypting by which units of plaintext are replaced other letters or by numbers or symbols.

• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

• A monoalphabetic cipher uses fixed substitution over the entire message, whereas a
polyalphabetic cipher uses a number of substitutions at different positions in the message.

Monoalphabetic Cipher:

PREPARED BY : LAXMAN BHANDARI

 Monoalphabetic Cipher Security:

2) Playfair Cipher:

 The scheme was invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the cipher.

 The Playfair cipher was the first practical digraph substitution cipher.
 In playfair cipher, we encrypt a pair of alphabets(digraphs) instead of a single alphabet.
 The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in
the plaintext as single units and translates these units into ciphertext diagrams

 The Playfair cipher is great advance over simple monoalphabetic ciphers.

6/10/2024 Prepared By: Laxman Bhandari 7

 The Algorithm consists of 2 steps:

1) Generate the key Square(5×5):

 The key square is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted
from the table (as the table can hold only 25 alphabets).

 If the plaintext contains J, then it is replaced by I.

 The initial alphabets in the key square are the unique alphabets of the key in the order in
which they appear followed by the remaining letters of the alphabet in order.

• For Example: The key is "monarchy"

2) Algorithm to encrypt the plain text:

The plaintext is split into pairs of two letters (digraphs For example: PlainText: "instrument"

PREPARED BY : LAXMAN BHANDARI

Rules for Encryption:

1) If a pair is a repeated letter, insert a filler like 'X', Eg: "balloon" encrypts as "ba lx loon"

2) If both the letters are in the same column: Take the letter below each one

(going back to the top if at the bottom).

For example: Diagraph: "me" Encrypted Text: cl
Encryption: m -> c
e -> l

3) If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).

For example:

Diagraph: "st" Encrypted Text: tl

Encryption: s -> t
t -> l

6/10/2024 Prepared By: Laxman Bhandari 9

 4) If neither of the above rules is true: Form a rectangle with the two letters and take the
letters on the horizontal opposite corner of the rectangle.

For example: Diagraph: "nt" Encrypted

Text: rq Encryption: n -> r
t -> q

Output: Plain Text: "instrument"

Encrypted Text: gatlmzclrq

PREPARED BY : LAXMAN BHANDARI

 3) Hill Cipher:

• Works on multiple letters at same time, and is first polygraphic substitution cipher.

• Developed by the mathematician Lester Hill in 1929.

• The encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters.

• The substitution is determined by m linear equations in which each character is assigned a

𝑘1 𝑘1 𝑘1
numerical value (a = 0, b = 1 ... z = 25).

1 2 3
•
𝑘2 𝑘2 𝑘2
The concept of inverse matrix is used.

1 2 3
• Let m=3 and Plain text (m)= (x1 , x2, x3) then

Cipher text (C) =(y1, y2, y3) = (x1, x2, x3)

• In general the hill cipher can be expressed as C= E(K, P) = KP mod 26

-1 1
P = D(K, P) = K C mod 26 = K KP = P

6/10/2024 Prepared By: Laxman Bhandari 11

 Hill Cipher (Encryption):

6 2 1
Step 1: Let Plain Text (m)= DOG, i.e (M)= (3 14 6)

1 4 1
Choose any random key(3X3) = (While choosing random key the Determinant of key should not be 0.)

3 1 0
Step 2: Calculate C= E(K, P) = KP mod 26

21 6 1 6∗3 24 ∗ 14 1∗6
13 ∗ 3 16 ∗ 14 10 ∗ 6
6 24 3
or, KP mod 26 = 13 16 10 14 or, KP mod 26 =

20 17 15 6 20 ∗ 3 17 ∗ 14 15 ∗ 6

360
323
388
or, KP mod 26 =

mod 26

22
11
or, KP mod 26 =

24
𝑊
i.e.Ciphertext(E =

PREPARED BY : LAXMAN BHANDARI

 6 24 1
Hill Cipher (Decryption): Step 1: Now inverse matrix of random matrix =

13 16 10
820517 10
15
is

22 21 8 21
=

11
�
21 12 8
𝐿 24
and Cipher text(C) = �

8 5 10 22
21 8 21
Step 2: Now K-1 C mod 26 = 11 mod 26
21 12 8 24

471
1054
-1
or, Now K C mod 26 = mod 26

3 786
14
-1
Or, K C mod 26 = Thus is Plain text= “DOG”

6/10/2024 Prepared By: Laxman Bhandari 13

 Two complications exist in picking the encrypting matrix:

1. Not all matrices have an inverse (see invertible matrix). The matrix will have an inverse if and only if its determinant is not zero.

2. The determinant of the encrypting matrix must not have any common factors with the modular base

PREPARED BY : LAXMAN BHANDARI

 Vigenere Cipher(Polyalphateic)

• It is the method of encrypting alphabetic text.

• It uses simple form of polyalphabetic substitution and encryption is done using vigenere table.

• A polyalphabetic cipher is any cipher based on substitution, using multiple substitution

alphabets.
Plaintext…...........................................>(column)

Keys(
rows)

Prepared By: Laxman Bhandari 27

The corresponding intersection of PT & K=CT:
Plain Text S H E I S L

Vigenere Cipher(When Vigenere Table Not Given): PT value 18 7 4 8 18

11
Key P A S C AL
Step-1: Let Plain text = “SHE IS LISTENING” and Key = “PASCAL”

Key Value 15 0 18 2 0
here Key length= 6, So we have to make 6 length table
11
Step-2:
C=(P+K)mod 26 7 7 22 10 18
22
Cipher Text H H W K SW

PREPARED BY : LAXMAN BHANDARI

 Decryption

Cipher Text H H W K S W X S L G N T C G

Cipher Value 7 7 22 10 18 22 23 18 11 6 13 19 2 6

Key Value 15 0 18 2 0 11 15 0 18 2 0 11 15 0

P=(C-K)mod 26 -8 7 4 8 18 11 8 18 -7 4 13 8 -13 6

P mod 26 18 7 4 8 18 11 8 18 19 4 13 8 13 6

Plain Text S H E I S L I S T E N I N G

Hence, Plain Text= “She is Listening”

6/10/2024 Prepared By: Laxman Bhandari 29

 One-time Pad

 The One-Time Pad is an evolution of the Vernham cipher, which was invented by Gilbert Vernham in 1918, and used a long tape of random letters to encrypt the message.
 An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement using a random key that was truly as long as the message, with no repetitions, which thus totally
obscures the original message.
 It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply
no way to break the code, since any plaintext can be mapped to any ciphertext given some key.

 The one-time pad offers complete security but, in practice, has two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys.

2. And the problem of key distribution and protection, where for every message to be sent,
a key of equal length is needed by both sender and receiver.

•Because of these difficulties, the one-time pad is of limited utility, and is useful primarily for low-bandwidth channels requiring very high security.
•problems in generation & safe distribution of key

PREPARED BY : LAXMAN BHANDARI

 Encryption Example

Take random same length of PT =Key

Transposition Ciphers

• Now consider classical transposition or permutation ciphers these hide the message by rearranging the letter order without altering the actual letters used

• Can recognise these since have the same frequency distribution as the original text.
• A very different kind of mapping is achieved by performing some sort of permutation on the
plaintext letters.

• This technique is referred to as a transposition cipher, and form the second basic building block of ciphers.

6/10/2024 Prepared By: Laxman Bhandari 31

 Rail fence Cipher

 The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.
 The example message is: "meet me after the toga party" with a rail fence of depth 2.
 Eg. write message out as: m e m a t r h t g p r y

4.1.1. e t e f e t e o a a t

 Now giving ciphertext : MEMATRHTGPRYETEFETEOAAT

PREPARED BY : LAXMAN BHANDARI

 When depth=3

• Numbers of character in PT=Draw numbers of columns

• Depth=Nos. of rows(Rail fence)=3

• PT=HELLO WORLD

• For Encrypt:

H O L

E L W R D

L O

st nd rd
• CT= HOLELWRDLO(sequentially from 1 2 & 3 rows)

6/10/2024 Prepared By: Laxman Bhandari 33

 • For Decrypt:
• CT:HOLELWRDLO
• At first fill as given(in first row, leaving blanks in rails)

H O L

- - - - -

- -

• Then after filling second & third row in blanks sequentially CT

H O L

• PT=HELLOWORLD E L W R D
6/10/2024 37
L O

PREPARED BY : LAXMAN BHANDARI

 Row Transposition Ciphers

 A more complex transposition cipher is to write the message in a rectangle, row by row, and read the message off shuffling the order of the columns in
each row.

 A pure transposition cipher is easily recognized because it has the same letter frequencies as the original plaintext.
 For the type of columnar transposition just shown, cryptanalysis is fairly straightforward and involves laying out the ciphertext in a matrix and playing around with column
positions.

Encryption

1) The message is written out in rows of a fixed length, and then read out again column by column, and the columns are chosen in some scrambled order.
2) Width of the rows and the permutation of the columns are usually defined by a

keyword.

3) For example: Key: 4 3 1 2 5 6 7

4) The spare spaces are filled with nulls or left blank or placed by a character (Example: _ or X, Y etc.
5) Finally, the message is read off in columns, in the order specified by the keyword.

PREPARED BY : LAXMAN BHANDARI

 For example: Key: 4 3 1 2 5 6 7

Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m

4 3 1 2 5 6 7

A T T A C K P

O S T P O N E

D U N T I L T

W O A M X Y Z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Decryption

1) To decipher it, the recipient has to work out the column lengths by dividing the message length by the key length.

2) Then, write the message out in columns again, then re-order the columns by reforming the key word

6/10/2024 Prepared By: Laxman Bhandari 39

1.3 Modern Cipher:

• Block vs Stream Ciphers

• Symmetric vs Asymmetric Ciphers

6/10/2024 Prepared By: Laxman Bhandari 1

 • Modern encryption methods can be divided by two criteria:
• by type of input data,

• and by type of key used.

Based upon Input Data:

a) Stream Ciphers:
• In this kind of ciphers the plaintext is converted into ciphertext stream by stream.

• So it encrypts continuous streams of data.

• Like, character by character conversion.

• Stream ciphers process messages a bit or byte at a time when en/decrypting

• Eg: classical stream cipher are: autokeyed vigenere cipher and vernam cipher

PREPARED BY : LAXMAN BHANDARI

b) Block Ciphers:
• Encrypt one block at a time.

• Typical block size 64-128 bits, 128 bits

• Block ciphers work a on block / word at a time, which is some number of bits.

• All of these bits have to be available before the block can be processed.

• Here the plaintext is converted into ciphertext block by block.So it encrypts of data of fixed size.

• Block ciphers process messages in blocks, each of which is then en/decrypted

• like a substitution on very big characters (64-bits or more)

• many current ciphers are block ciphers

 better analyzed

6/10/2024 Prepared By: Laxman Bhandari 3

  broader range of applications

PREPARED BY : LAXMAN BHANDARI

Block cipher principles :

• most symmetric block ciphers are based on a Feistel Cipher Structure

• needed since must be able to decrypt ciphertext to recover messages efficiently.

• block ciphers look like an extremely large substitution

• would need table of 264 entries for a 64-bit block.

• instead create from smaller building blocks

• using idea of a product cipher=>

6/10/2024 Prepared By: Laxman Bhandari 5

 permutation
Eg : Ideal Block Cipher
PREPARED BY : LAXMAN BHANDARI
Based upon Type of Key:

 Symmetric Key Algorithms (Private Key Cryptography)/Symmetric Ciphers:

 If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption.
 These techniques use single key for encryption as well as decryption.

 Eg. DES(Data Encryption Standard) , Caesar Ciphers etc.

Asymmetric Key Algorithms (Public Key Cryptography)/Asymmetric Ciphers:

 If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
 These techniques use two keys, namely private and public keys. One key is used for

encryption and the other is used for decryption.

 Eg. RSA, Elliptic Ciphers etc.

6/10/2024 Prepared By: Laxman Bhandari 7

Symmetric Cipher:

A symmetric encryption scheme has five ingredients as shown in figure:

1. Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.

2. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.

3. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.

PREPARED BY : LAXMAN BHANDARI

4. Ciphertext:

• This is the scrambled message produced as output. It depends on the plaintext and the

secret key.

• For a given message, two different keys will produce two different ciphertexts.

• The ciphertext is an apparently random stream of data and, as it stands, is

unintelligible.

5. Decryption algorithm:

• This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.

6/10/2024 Prepared By: Laxman Bhandari 9

 Symmetric Cipher Model:
A symmetric encryption scheme has five ingredients as shown in figure:

Asymmetric ciphers:

 Asymmetric Key Algorithms (Public Key Cryptography):

 If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
 These techniques use two keys, namely private and public keys. One key is used for encryption and the other is used for decryption.
 A public key known to all is used to encrypt the input message & a private key which is secret is used to decrypt the original message from the ciphertext.
 All of the communication parties in network should have their pair of public key
and private key

PREPARED BY : LAXMAN BHANDARI

 Asymmetric Cipher Mo

6/10/2024 Prepared By: Laxman Bhandari 11

PREPARED BY : LAXMAN BHANDARI