UNIT-4

DATA COMPRESSION AND NETWORK SECURITY

 In application layer the data presentation is used by program
that represent the message. This transformation is called
Presentation Formatting.

 In sending encoder the data are marshalling and transmitted

 In receiving decoder the data are un marshalling is done
Data Compression
 The Application program need to send more data in
timely fashion than the bandwidth of the network. For
this reason at sender the data are compressed and
decompressed at the receiver side.
Types of compression:
1-Lossless Compression: It ensure that the data recovered
from the Compression/Decompression is exactly same as
the original data.
2-Lossy Compression: In lossy compression the data
received is not exactly as the same data sent.
 LOSSLESS COMPRESSION
 In lossless compression the integrity of the data is preserved
because the compression and decompression algorithm are
exactly inverse to each other.
Some lossless compression techniques are;
1) Run-Length Coding: it is also called as Run Length
Encoding(RLE). “ In this method the repeated sequence of
same symbol with 2 or more entities is replaced by count and
symbol”
Eg- AAABBBBCCDEEEEE- 3A4B2C1D5E.
2) Dictionary Coding: This method is based on creation of a
dictionary(array) of strings in the text. The Dictionary is
created as the message was scanned. This was invented by
Lempel-Ziv and redefined by Welch. Hence called as Lempek-
Ziv-Welch (LZW algorithm).
3) Differential Pulse Code Modulation(DPCM): in this
technique first the reference symbol is set for each data and
then for each symbol in the data, the output is difference
between the symbol and symbol.
Eg- AAABBCDDDD – A0001123333
Here A is set as reference symbol. B has 1 from reference A
and so on.
LOSSY COMPRESSION
 Lossy compression has limit on amount of compression. This
kind of compression is used when the compression rate is
increased but accuracy is reduced. Eg- video, Audio.
Types of Lossy compression:
1)Predictive Coding: In predictive coding is used when we
digitize an analog signal. Compression can be achieved in
quantization step by using predictive encoding.
2)Transform Coding: In transform coding a mathematical
transformation is applied to the input signal to produce output
signal.
Since the transformation changes one domain into another
domain, which result in reducing number of bits in encoding.
Eg- DCT(Discrete Cosine Transform)
MULTIMEDIA:
 Multimedia is combination of two or more continuous
media, i.e. media that played during some well defined
time interval. Eg- audio and video.
Multimedia Compressions;
1. Image Compression(JPEG)
2. Video Compression(MPEG)
3.Audio Compression(MP3)
Image Compression(JPEG)
 In multimedia Images are represented as photograph or a
frame of moving picture.
 In Image compression Digitization is used, which means
to represent an image as a two- dimensional array of dots
called Pixels. In color image the image are divided into
3channel of primary color RGB.
 Image compression is LOSSY COMPRESSION. Eg-
JPEG
 JPEG(Joint Photographic Experts Group) a gray scale
picture is divided into 8x8 pixels.
 Gray scale picture :
 Gray scale picture is divided into blocks of 8x8 pixels as
given below. (it is to reduce the number of calculations).
 Basic idea in JPEG is to change the picture into a
linear set of numbers (vector) that reveals the
redundancies. The redundancies (lack of changes) can
then be removed by using one of the text compression
methods.
JPEG Standards:
 Simplified version of JPEG image compression is given
below.

 JPEG Compression consists of 3 phases:

1)DCT Transformation
2)quantization
3)Encoding(Data Compression)
1)DCT Transformation: JPEG uses DCT in the first step
in the compression and last step in Decompression. i.e
both transformation and inverse transformation is
applied on 8x8 blocks. This transformation changes 64
values of relative relationship between pixels and keep
redundancies.
2) Quantization: The output of DCT transformation is a
matrix of real number. The precise encoding of these
real number require lot of bits.
JPEG uses a quantization step that not only rounds real
values in matrix but also changes some values to zero.
3) Encoding: After quantization, the values are re-
ordered in a ZIG-ZAG sequence before being input to
the encoder.
 Video Compression (MPEG)
 Video consist of multiple frames, each one frame is one
image. This means video file require high transmission rate.
 A moving picture (i.e., video) is simply a succession of still
images—also called frames or pictures, displayed at some
video rate.
 If the frames are displayed on the screen fast enough, we get
an impression on motion. The reason is that our eye cannot
distinguish the rapid flashing images as individual ones.
 MPEG(Moving Picture Experts Group) is the method to
compress video.
 In other words, frames is a SPATIAL (continuous)
combination of Pixels and Video is TEMPORAL(opposite)
combination of frames.
 SPATIAL COMPRESSION: A spatial compression of
each frames is done with JPEG since each frame is picture.
 TEMPORAL COMPRESSION: In this compression
redundant frames are removed.

Eg- when we watch television. We receive 50 frames per

second. Most of the consecutive frames are same. When 2
person are talking the segments near lip only vary.
TYPES OF FRAMES:
 In MPEG takes a video frame as input and compress them
into 3 types of frames,
 1. I-Frame( Intracoded Frames)
 2.P-Frame (Predicted Frames)
 3.B-Frame(Bi-Directional Frame)

1)I-FRAME: It is an independent frame that is not related to

any other frame. It is consider as reference frame.
They must present at a regular interval. I- frame must appear
periodically to handle some sudden changes in frame.
2) P-Frame: the P- frame is block-by-block difference with last
frame. It contain only the changes from the preceding frames.
It carry only less information than other frames
3)B-Frame: It relate to preceding and following I frame
or P-Frame. It is relative difference between past and
future.
 Audio Compression (MP3)
 MPEG standard not only defines how to compress video but is
also defines standards for audio also.
 Most popular compression technique id MP3(MPEG audio layer
3) also MP3 belongs to audio portion of MPEG video
compression standard.
Compression techniques used for music must produce high quality
sound with lower number of bits. The two categories of
techniques are used in audio compression are
1)Predictive coding(Speech)
2)Perceptual Coding(music)
Here differences between the
Predictive samples are encoded instead of
Encoding encoding all the sampled values.
Audio
compression It uses the science of psychoacoustics,
Perceptual which is the study of how people
Encoding perceive sound.
1.PREDICTIVE CODING: This type of compression have
low latency(delay) and therefore used for speech. In
predictive encoding the difference between the samples
are encoded instead of encoding all sampled values.
2.PERCEPTUAL CODING: This is based on
PSYCHOACOUSTIC
It first transform the data from time domain to frequency
domain, the operation are performed in frequency
domain. This technique is also called as frequency
domain method.
Psychoacoustic is study of subject human perception of
sound. Some sound can mask other sound.
Eg- A loud sound can paralyses our ear for short time even
after the sound has stop
NETWORK SECURITY:
 Information is an asset that has more value. Since it is
secured from attack. To be secures information has to be
hidden from,
1. Unauthorized access(confidentiality).
2. Protected from un authorized change (integrity)
3. Available to an authorized entity, when
needed(Availability). These are the SECURITY GOAL
SECURITY ATTACK:
The 3 goals of security can be threatened by security attacks
CRYPTOGRAPHY
 Cryptography a Greek word which means” SECRET
WRITING”. However the term refers to science and art of
transforming message to make them secure and immune to
attack using encryption and decryption.
“Cryptography refers to concealing the content of message by
enciphering”
“Steganography refers to concealing message itself by covering
it with something else”
The original Message to be encrypted is called PLAIN TEXT
KEY: It is a number or set of number that a ciper or an algorithm
operates on.
Ciper: The Encryption & decryption algorithm is termed as Ciper.
CRYPTOGRAPHY component( PRINCIPLES
OF CIPHERS)
 The sender applies an encryption function to the original
plaintext message, resulting in a ciphertext message that is
sent over the network.
 The Receiver applies a secret decryption function to
recover the original plain text.
Types of cryptography algorithm:
 The ciphers is divided into two groups,
1.Symmetric key(secret or shared key)
2.Unsymmetric key(Public key)
1.Symmetric Key: In symmetric Key Cryptography the same
key is used by both sender and receiver. The sender uses
this key and an encryption algorithm to encrypt. The
receiver uses the decryption algorithm and the same key to
decrypt the data.
2.Asymmetric key: In asymmetric key cryptography there
are two key i) Private Key ii) public key.
The private key is kept by receiver
The public is announced to public and used by the sender.
 Symmetric KE = KD
Key

Plaintext Original
Ciphertext
Plaintext
Encryption Decryption

Asymmetric KE  KD

Encryption Key KE Decryption Key KD

(PUBLIC KEY) (PRIVATE KEY)

Plaintext Original
Ciphertext
Plaintext
Encryption Decryption
Types of Symmetric key Cryptography:
 Symmetric key cryptography is the traditional algorithm
which is character oriented, then the later modern symmetric
is bit oriented.
Types of Symmetric key cryptography;
1)Substitution Cipher: A Substitution cipher uses one symbol
replaces with another.
If the plain text is alphabetic we use characters. Eg- A with D.
If the plain text is numeric we use another digit. Eg- 3 with 7.
2)Monoalphabetic ciphers: In monoalphabetic cipher a
character in plain text is always changed to same character in
cipher text.
Eg- A is changed with D , also every place of A is replaced with D
3) Polyalphabetic Ciphers: In Polyalphabetic Ciphers each
occurrence of a character may have a different substitute.
Eg- A is changed to D at first. N at middle, E at last.
4)Transposition Ciphers: In Transposition Ciphers, there is
no substitution of character, instead their location is
changed.
Eg- A character in first position of plain text may appear in
tenth position of cipher text.
5) Modern Symmetric Key Ciphers: the Tradition ciphers
we seen so-far is character oriented cipher. With advent of
modern computer algorithms the bit oriented approaches is
used. Since information contain not only text, it has
symbols, audio, videos etc.
Modern symmetric Key ciphers
Mixing a large number of symbols increase security A
modern cipher is block cipher or stream cipher.
BLOCK CIPHER:
Here n-bit of block of plain text is encrypted to n-bit of cipher
text. CBC(Cipher Block Chaining)
ABCDEFGHIJKLMNOPQRSTUVWXY
Z
BCDEFGHIJKLMNOPQRSTUVWXYZ
A
CDEFGHIJKLMNOPQRSTUVWXYZA
B
DEFGHIJKLMNOPQRSTUVWXYZAB
C
EFGHIJKLMNOPQRSTUVWXYZABC
D
FGHIJKLMNOPQRSTUVWXYZABCD
E
GHIJKLMNOPQRSTUVWXYZABCDE
F
HIJKLMNOPQRSTUVWXYZABCDEF
G
IJKLMNOPQRSTUVWXYZABCDEFG
H
JKLMNOPQRSTUVWXYZABCDEFG
ASYMMETRIC KEY CIPHER:(Public Key)
 In Asymmetric key user uses two keys 1)one private 2)one
public. Asymmetric key cryptography is based on personal
secrecy.
 Asymmetric key cipher uses 2 algorithm namely;

1-RSA algorithm( Rivest, Shamir and Adleman)

2-Diffie-Hellman algorithm.
RSA ALGORITHM:
 The most common public key algorithm is RSA, named after
inventors Rivest, Shamir and Adleman. RSA uses two
exponent numbers namely e and d.
Where, e- is a public
d- is a private
Suppose P is plain text and C is cipher text.

Sender Alice uses C=Pemod n to create cipher text C from plain
text P.

Receiver Bob uses P=Cdmod n to retrieve the plain text sent by
Alice.
Here Modulus n is very large number which created during key
generation process.
RSA key selection procedure:
 Bob uses the following step select private and public key.
1) Bob choose two large prime number P, Q.
2) Bob multiplies above two number to find n, the modulus of
encryption and decryption i.e., n=PxQ
3) Bob then select e and d, such that ( exd) modulus Ø =1.
4) Bob announce e and n as public key and keep d as private(secret
key).
Encryption: The sender Alice uses Bob’s public Key to Encrypt to
find cipher text. C=Pemod n
Where c is the cipher text send to Bob by Alice.
Decryption: Bob uses d his private key. He receive the cipher text and
decrypt using private key P=Cdmod n.
Application: RSA is very slow if the message is long. Hence used for
short message like digital signature.
2) Diffie- Hellman:
 Alice and Bob can create a session key between themselves without using
KDC(Key Distribution Centers). This method is referred as symmetric
key agreement .
 In Diffie Hellman Cryptosystem both sender and receiver creates a
symmetric key session to exchange data.
 Key agreement procedure:

1)Alice choose large random number x to calculate R1= g x mod

p.
2)Bob choose another large number y calculate R2= g y mod
p.
3) Alice send R1 to Bob (not the value of x).
4) Bob send R2 to Alice .( not the value of y).
5) Alice calculate K =R2x mod p.
6) Bob calculate K =R1y mod p.
Therefore the symmetric key is shared(public) in Diffie Hellman Agreement.
Cryptanalysis
 The Analysis of cryptography is in 4 development,
1. The First development is differential cryptanalysis. This
technique is used to find any attack in Block cipher.
2. The Second development is linear cryptanalysis. It work by
XORing certain bits in plain text and cipher text together
and examining the result pattern.
3. The Third development is analysis of electrical power
consumption to find secret key. Computer uses 3volt to
represent 1 bit and 0 volts to represent 0 bit.
4. The Fourth development is based on timing analysis.
Cryptographic algorithm are full of if statement that take
different time, i.e., by slow down the clock and seeing how
long various steps takes place.
Key Management:
 The Secret key in symmetric key cryptography and public key
in Asymmetric cryptography is managed by proper key
management and key maintenances.
 In Key Distribution the shared key is of short lived session key
or long lived distributed key.
 Symmetric key cryptography is more efficient than asymmetric
key cryptography for enciphering large messages.
For maintain and distribute key a key distribution center is
maintained.
Key distribution center(KDC):
 To reduce number of key, key distribution centre is used
 To reduce number of key a secret key is established between
KDC and each member.
 Consider, how Alice send a confidential message to Bob using
KDC. The process is as follows;
1)Alice send a request to KDC stating that she needs a
session(temporary) secret key between herself and Bob.
2)KDC inform Bob about Alice’s request.
3)If Bob agrees, a session key is created between the two.
Multiple KDC:
When number of people using KDC increase, the system
becomes unmanageable. To solve the problem we need to
have multiple KDC.
i.e. we can divide the communication process into domain,
each domain can have one or more KDCs.
Network Security:
 Network security is to protect data during their transmission
and to guarantee that data transmissions are authentic.
 Network security can provide 5 services such as;

1)Message Confidentiality: (Privacy)

It means that only to sender and receiver the message is
confidential. The transmitted message is received only by
receiver.
2)Message Integrity:
Message integrity means that the data must arrive at the
receiver as they were sent. There must be no change during
transmission.
3)Message Authentication: It is a service beyond message
integrity. In authentication the receiver needs to be sure
sender’s identity and receiver has to authenticate for message.
4)Message Non-repudiation: Message non-repudiation means
that a sender must not able to deny sending a message that he
want to send.
5)Message Availability: message is available to an authorized
entity, when needed.
Encryption and Decryption provide secure but not integrity.
Consider Eg; If Alice needs to be sure that the content of her
document will not be illegally changed, she can put her finger
print at the bottom of the document through
HASH-FUNCTION.
Eve cannot modify the document since she cannot forge Alice’s
Finger print by hash function.
Message and Message Digest(MD):
 The Electronic Equivalent of Document and finger print
pair is message and digest pair.
 To preserve the integrity of a message, the message is
passed through algorithm called Cryptographic HASH
function.
Digital Signature:
 Signature is a proof to the recipient that the document
comes from the correct entity.
 When sender Alice sends a message to receiver Bob, bob
need to check authenticity of the sender, he needs to be sure
that message comes from Alice. Hence Bob can ask Alice to
Sign the message electronically.
“ An electronic Signature can prove that authenticity of
Alice as sender of message” this is referred as DIGITAL
Signature.
 Digital signature can provide authentication, integrity, and
nonrepudiation for a message.
 Authentication : receiver needs to be sure of the sender’s identity
and an imposter has not sent the message.
 Integrity : the data must arrive at the receiver exactly as they
were sent.
 Nonrepudiation : the receiver must be able to prove that a
received message came from a specific sender.
Digital Signing and Verification:
PGP(Pretty Good Privacy):
 One of the protocol to provide application layer security is
PGP.
 PGP is invented by Phil Zimmermann to provide email,
privacy, integrity and authentication. PGP is used to create
secure email message.
 Application layer security(Email Security)- PGP is designed
to provide security at application layer.
PGP offers 5 services : (PGP Scenario)
1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation
PGP Operation Summary
Plain text
Message Received
Message

Yes
Signature Generate
Required? Signature Yes
Confidentiality Decrypt the
required? Message
No
No

Compress the
Message Decompress the
Message

Yes Encrypt the

Confidentiality Yes
required? Message Signature Verify
Required? Signature

No
No

Message Message
Ready to send Ready to use
PGP Authentication
At Sender Alice Side:
 Alice create a session key and concatenate it with the
identity of the algorithm.
 Alice encrypt the message(email) using public key.
 Attaches the signature to message
At Receiver Bob Side: The following steps used by bob’s
side after receive PGP header,
 Bob uses his private key to decrypt the combination of
session key and message.
 Bob uses Alice public key to Decrypt the Digest.
 If both are identical he accept the message otherwise
discarded.
SSH(Secure Shell)
 Secure Shell(SSH) is a secure application program that can
be used for remote logging and file transfer.
TELNET(Terminal Network) was replaced by SSH.
Components of SSH:
SSH is an application layer protocol with 3 components
1. SSH Transport Layer(SSH-TRANS)
2. SSH Authentication protocol( SSH-AUTH)
3. SSH Connection Protocol(SSH-CONN)
 1) SSH Transport Layer(SSH TRANS): Since TCP is not
a secure. SSH first create a secured channel on top of TCP.
When SSH is implemented on TCP protocol, the
implemented TCP is called as SSH-Trans.
Some services provided are;
a)Privacy
b)Data Integrity
c)Server Authentication.
d)Compression of message.
 2)SSH Authentication (SSH-AUTH): After the secure
channel is established between client and server, the server
is authenticate for client. SSH can call another procedure for
Authenticate client for the server.
 3)SSH-Connection protocol (SSH-CONN): After the secured
channel is established between both server and client. SSH can
call a Multiplexing procedure which can create multiple
connection for remote logging, file transfer etc.

APPLICATION OF SSH: SSH is used to replace TELNET, hence SSH is used

to provide Secure connection.
1. SSH for remote logging
2. SSH file transfer (Secured file transferring).
3. SSH port forwarding .
Transport Layer Security:
 Security at transport layer provided for Security for application
layer.
 Before the messages encapsulated in TCP protocol it is
encapsulated in security protocol. Since it is a End-to-End
security service.
Eg- When a customer Shop online the following security service
are desired.
1)The customer needs to sure that the server belongs to actual
vendor.(Entity Authentication)
2)The customer and vendor need to be sure that the content of
message are not modified during transition(Integrity)
3) The Customer and vendor need to sure that an imposter does
not intercept sensitive information(Confidentiality)
 Location of SSL(Secure Socket layer)
and TLS(Transport Layer Security)
 SSL is designed to provide security and compression
services to data generated from application layer. SSL can
receive data from application layer protocol usually HTTP.
 Service provided by SSL: Fragmentation, Compression,
Confidentiality, Framing.
IP SECURITY(IPSec): (Network Layer Security)
 IP Security is a collection of protocols designed by the internet
engineering Task force(IETE) to provide security for packet at
network level.
 IPSec operate at two modes;

1)Transport Mode: IPSec protect what is delivered from the

transport layer to network layer.
I.e., It protect only Payload(data) coming from Transport layer.
It is normally used when host-to-host protection of data is used.
 2)Tunnel Mode: In tunnel mode IPSec protect entire IP
packet. It take IP packet and include new header. Using the
new IP header the New Network layer is formed.

Comparison of Two mode operation:

In Transport mode, IPSec comes between Transport layer and
Network layer, In tunnel mode the flow is between network layer
and IPSec and then back to network layer again.
FIREWALLS:
 To control access to a system we need firewalls.
“A firewalls is a device(Usually a router or computer) installed
between internal network of an organization and rest of the
internet”.
 It is designed to forward some packets and filter some packet.

Firewalls are classified into 2 types;

1)Packet filter firewalls.
2)Proxy based firewalls.
Packet Filter Firewalls:
 A firewall can be used as a packet filter. It can forward or stop packets
based on information in network and transport layer. The packet filter
firewall uses filtering table to decide which packet must be discarded.
 A packet filter firewall filters at network or transport layers.

 According to figure;
1)Incoming packet from network 131.34.0.0 are blocked.
2)Incoming packet destined from (PORT 23) are blocked.
3)Incoming packet Destined for host 194.78.20.8 are blocked.
4) Outgoing packet destined for server (PORT 80) are blocked.
PROXY FIREWALL
 The Packet header firewall is based on information available
in network and transport layer. Sometimes we need to filter
message based on information available in message itself.
It is called as application GATEWAY, which stand between
customer and organization.