Department of CSE

III Year B.Tech. II-Sem

Regulation: R18
Subject: Information Security (18PE0CS2C)

Prepared By:
Arun Singh Kaurav
Assistant Professor
Dept. of CSE ,GNITC
1
 Information Security
UNIT-I
• Attacks on Computers • Cryptography: Concepts
and Computer Security: and Techniques:
• Introduction, • Introduction,
• The need for security, • plain text and cipher text,
• Security approaches, • substitution techniques,
• Principles of Security • encryption and
(basic security services) decryption,
• Types of Security attacks, • symmetric and asymmetric
key cryptography,
• Security services,
• steganography,
• Security Mechanisms,
• key range and key size,
• A model for Network
• possible types of attacks.
Security.
Arun Singh, Asst. Professor, GNITC
• Computer Security: The generic name for the collection of tools designed to
protect data and to thwart hackers is computer security.

• Network security (Information Security) : Protecting data / file / information

during transmission

• Internet Security: all business, government, and academic organizations

interconnect their data processing equipment with a collection of interconnected
networks called internet, protection of data during transmission in this network
is called Internet Security
UNIT-I Attacks on Computers and Computer Security
 Introduction:
 The protection of information and information systems from unauthorized access, use, or
disruption.
 It is important for users to understand information security policies and guidelines.
 It is also necessary to have good work practices that comply with security policies so that
the effects of possible breaches can be minimized.
 Necessity of Secure the Network:
 Data theft: Hackers accessing student or employee personal or confidential details;
 Data loss: Unauthorized entities manipulating or deleting important data;
 Loss of Reputation; and
 Financial loss including recovery expenses.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Precautions to Ensure Security
1. Update your software.
2. Use anti-virus software.
3. Be suspicious of unsolicited phone calls or emails.
4. Back up your data.
5. Use legitimate software.
6. Set strong passwords and use different passwords for different accounts.
7. Do not lose your device.
 Information security:
a “well-informed sense of assurance that the information risks and controls are in balance.” —Jim
Anderson, Inovant (2002)

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 The need for security:
 Basic Concepts
 Now a days data on computers is an extremely
important aspect.
 Therefore, various areas in security started to gain
important
 Two typical examples of such security mechanism
were as follows:
 Provide a user identification and password to every user, and
use that information to authenticate a user.
 Encode information stored in the databases in some fashion,
so that it is not visible to users who do not have the right
permission.
 Best example in this regard is credit card payment

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 The need for security:
 Modern Nature Attacks
 It is not easy to find the complexity of usage in computer services if we make demystify
 The reason is the computation speed and accuracy
 We can highlight a few salient features of the modern nature of attacks, as follows
 Automating attacks
 Privacy concerns
 Distance does not matter

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 The need for security:
 Modern Nature Attacks
 Automating attacks
 The speed of computers make several attacks worthwhile for miscreants.
 Example if an attacker may steal Rs.5/-(five rupees) from each account in a bank.
 This is not major complaint.
 But if it has done from millions of accounts and attacker become millionaire. Without hard work.
 Here, the moral is humans discipline mundane and repetitive tasks.
 Automating them can cause financial distraction or a security nuisance quite rapidly.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 The need for security:
 Modern Nature Attacks
 Privacy concerns
 Collecting information about people and later misusing it is turning out to be a huge problem these
days.
 After collecting the information, process it, and tabulate all sorts of details about individually.
 Sometimes people may sell information illegally.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 The need for security:
 Modern Nature Attacks
 Distance does not matter
 There are no physical attack on banks and accounts.
 Now a day every one of us are having logical money instead of physical money.
 The attacker is having very advanced thinking to attack on bank servers.
 Hacker may break into the bank’s server or steal credit card/ATM information from comforts of
his/her home or place of work.
 Although the attacker was traced, it was very difficult to get extradited him for the court case.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security approaches:
 Trusted Systems:-
 A trusted system is a computer system that can be trusted to a specified extent to enforce a
specified security policy.
 Trusted systems often use the term reference monitor.
 This is an entity that is at the logical heart of the computer system.
 It is mainly responsible for all the decisions related to access controls.
 The following expectations from the reference monitor.
 It should be tamper-proof
 It should always be invoked.
 It should be small enough so that it can be tested independently.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security approaches:
 Security Models:-
 An organization can take several approaches to implement its security model.
 Approaches are:-
 No Security:-This model does not have any security.
 Security through obscurity :- Short term workout model with less security means attacker may take lesser
time to attack on the system.
 Host Security :- The security for each host is enforced individually.
 It is a safe approach, but the trouble is that it cannot scale well.
 The complexity and diversity of modern sites/organizations makes the task even harder
 Network Security:-In this model, the focus is to control network access to various hosts and their services,
rather than individual host security.
 This is a very efficient and scalable model.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security approaches:
 Security management practices:-
 Good security-management practices implementation is very tough.
 It goes a long way in ensuring adequate security-management practices.
 A good security policy generally takes care of four key aspects, as follows:
 Affordability :-How much money and effort does this security implementation cost?
 Functionality:-what is the mechanism of providing security?
 Cultural Issues: -Does the policy complement the people’s expectations, working style and beliefs.
 Legality: -Does the policy meet legal requirement?

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Principles of Security: (Basic Security Services)
 The fundamentals of security in information security are
a) Confidentiality
b) Integrity CIA Triad
c) Availability

d) Authentication
e) Access Control
f) Non-repudiation

Dr J Rajeshwar, Professor, GNITC

CIA Triad Objectives
• Confidentiality: This term covers two related concepts:
• Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.

• Privacy: Assures that individuals control what information related to them may be
collected and stored
• Also assures that by whom and to whom that information may be disclosed.

• Integrity: This term covers two related concepts:

• Data integrity: Assures that data are changed only in a specified and authorized
manner.

• System integrity: Assures that a system performs its intended function in an

unimpaired manner, free from unauthorized manipulation of the system.

• Availability: Assures that systems work promptly and service is not denied to authorized
users.
• Access Control :The prevention of unauthorized use of a resource (i.e., this service controls
who can have access to a resource, under what conditions access can occur,and what those
accessing the resource are allowed to do).
• Nonrepudiation: Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
• Nonrepudiation, Origin Proof that the message was sent by the specifiedparty.
• Nonrepudiation, Destination Proof that the message was received by the specifiedparty.
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Confidentiality
 The principle of confidentiality specifies that only the sender and the intended recipients
should be able to access the contents of a message.
 Confidentiality gets compromised if an unauthorized person is able to access a message.
 Confidentiality: Preserves authorized restrictions on information access and disclosure,
including means for protecting personal privacy.
 A loss of confidentiality is the unauthorized disclosure of information.

 In the above, the user C gets access to this message, which is not desired, and therefore
defeats the purpose of confidentiality.
 Interception causes loss of message confidentiality. Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Authentication
 Authentication mechanism help to establish proof of Identities.
 The Authentication process ensures that the origin of an electronic message or document is
correctly identified.
 Authentication: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator.
 This means verifying that users are who they say they are and that each input arriving at
the system came from a trusted source.

 User B gets a document from user c had posed user A. This attack is called fabrication.
 Fabrication is possible is absence of proper authentication mechanisms.
Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Integrity
 The principle of integrity ensures that data can be trusted to be accurate and it has not
been inappropriately modified
 Principle of security specifies that the contents of a message must not be altered during its
transmission between sender and receiver.
 Guards against improper information modification or destruction, including ensuring
information non-repudiation and authenticity.
 A loss of integrity is the unauthorized modification or destruction of information.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Integrity
 -When the contents of a messages are changed after the sender it, but before it reaches
the intended recipient, we say that the integrity of the message is lost
 Here, user C tampers with a message originally sent by user A, which is actually destined
for user B.
 User C somehow manages to access it, change its contents, and send the changed manage
to user B.
 User B has no way to knowing that the contents of message were changed after user A had
sent it.
 User A also does not know about this change.
 This type of attack is called modification
 Modification causes loss of Message Integrity.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Non-repudiation

 It is a provision where sender of a message cannot refuse later on after sending it, in the
case of a dispute.
 It is the Assurance that someone cannot deny the validity of something.
 It is a legal concept that is widely used in information security.
 Non repudiation is a service, which provides proof of the origin of data and the integrity of
the data.
 Principle of non-repudiation defeats possibilities of denying something after having done.
 Non repudiation does not allow the sender of a message to refuse the claim of not
sending that message.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Availability
 The principle of availability states that resources (i.e. information) should be available to
authorized parties at all times.
 For example, due to the intentional actions of another Unauthorized user C, an authorized
user A may not be able to contact server computer B.
 This should defeat the principle of availability.
 Such an attack is called interruption.
 Interruption puts the availability of resources in danger.
 Ensures timely and reliable access to the use of information.
 Loss of availability is the disruption of access to the information or information system.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Access Control
 The principle of access control determines who can access what.
 For example, we specify that user A can view records in database, but cannot update them.
 However, user B might be allowed to make updates as well.
 Access control is broadly related to two areas:
 Role management
 Rule management
 Role management concentrates on the user side, where as rule management focuses on
resources side.
 Based on the decisions, an access-control matrix prepared, which lists the users against a
list of items that they can access.
 An Access control list(ACL) is a subset of an access-control Matrix

 Access control specifies and control who can access what.

Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 The OSI layers are along with security in the form:
 Application layer –Ex: SNMP, HTTP, FTP
 Presentation layer- Ex: encryption, ASCII, PNG ,MIOI
 Transport layer –Ex: TCP,UDP, port number.
 Network layer- Ex: IP, routers
 Data link layer- Ex: MAC, Switcher.
 Physical layer- Ex: cable, RJ45
 -The server layers of security in the form of
 Authentication
 Access control
 Non repudiation
 Data integrity
 Confidentiality
 Assurance or availability
 Notarization or signature
Arun Singh,Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Ethical and legal issues
 Many ethical issues and legal issues in computer security systems seem to be in the area of
the individual’s right to privacy versus the greater good of a larger Entity(Ex: Company,
society, etc)
 Some examples tracking how employees use computers for crowd surveillance, maintains.
Customer profiles, tracking a person's travel with a passport, so as to spam their cell phone
with text -message advertisements, and so on
 A Key concept in resolving this issue is to find out a person's Expectations of privacy.
 The ethical issues in security systems are classified into the following four categories:
 (a) privacy- this deals with the right of an individual to control personal information
 (b) Accuracy- it is about the responsibility for the authenticity, fidelity, and accuracy of
information.
 (c) property -In this, we find out the owner of the information. it also controls access.
 (d)Accessibility- This deals about rights of organization, safeguards against unforeseen
eventualities.
Arun Singh,Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Principles of Security:
 Ethical and legal issues
 Privacy is the protection of personal or sensitive information.
 Individual privacy is the desired to be left alone as an extension of our personal space and
may or may not be supported by local regulations or laws.
 when dealing with legal issues, we need to remember that there is a hierarchy of regulatory
bodies that govern the legality of information security.
 The classification is
 International:- Ex: International cybercrime Treaty
 Federal:- Ex: FERPA, GLB,HIPPA,DMCA, Teach act, patriot act , Sarbanes -Oxley act, etc.
 State:- Ex: UCITA,SB 1386, Etc.
 Organization:- Ex: computer use policy

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 we have to views in the classification of attacks.
 Common persons view  Technical view
Criminal attacks  Theoretical concepts behind these
attacks
Publicity attacks
 1. Passive attacks
Legal attacks  release of message contents
 traffic analysis
 2. Active attacks
• Interruption,
• Modification
• Replay attacks
• Alterations
• fabrication
 Practical approaches used by attackers
 Application level attacks
 Network level attacks

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Attacks: Common persons view (A general view)
 In this category, the attacks are classified into 3 types
 Criminal attacks
 Publicity attacks
 Legal attacks

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Criminal attacks
 Criminal attacks are simplest to understand.
 The main aim of attackers are to maximize financial gain by attacking computer systems.
 Various types of attacks are Fraud, Scam, Destruction, Identify Theft, Brand Theft, Intellectual
property theft.

 Publicity attacks
 These attacks occur because the attackers want to see their names on television news channels and
newspapers.
 These attackers are not hardcore attackers.
 These are like students and other people who are looking for name publicity through attacking
computer system.
 In these attacks, the attackers may damage or deface the websites.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Legal attacks
 This form of attack is quite novel and unique
 Here, the attacker tries to make the judge or the Jury doubtful about the security of a computer
system.
 The attacker attacks the computer system, and the attacked party (bank or organization) manages to
take the attacker to the court.
 While the case is fought, the attacker tries to convince the judge and jury that there is inherent
weakness in the computer system and he has done nothing wrong.
 The aim of the attacker is to exploit the weakness of the judge and the Jury in technological matters
attacks.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Attacks: A Technical view-
 In the technical point of view, we can classify the types of attacks on computers and
network systems into two categories
a) Theoretical concepts behind these attacks.
b) Practical approaches used by attackers.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Theoretical concepts.
 These are of four categories
 Interception:-
 In this unauthorized party will gain access to a resource.
 The party can be a person, program, or Computer Based system
 Ex:- copying of data or programs, and listening to network traffic .
 Fabrication:-
 It involves the creation of illegal objects on a computer system.
 Ex:-creation of fake records to a database.
 Modification:- Attacker may modify the values in a database.
 Interruption:-
 In this resources may be unavailable lost or unusable
 Ex:-Interruption causing problems to hardware device, erasing program ,data, or operating system components
.

Dr J Rajeshwar, Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Theoretical concepts.
 These attacks are grouped into two types
 1. Passive attacks, 2. Active attacks

• Passive Attacks • Active Attacks:

• Passive attacks do not involve any • Activate attacks are based on the
modifications to the contents of an modification of the original message in
original message. some manner or in the creation of a
• In this, the attacker indulges in false message
eavesdropping or monitoring of data • This attacks cannot be prevented easily
transmission. • However, they can be detected with
• The main aim of attacker is to obtain some effort and attempts can be made
information that is in transit. to recover from them.
• It does not perform any modification to
the data. • Types of active attacks
• It is very hard to detect these kind of • Interruption,
attacks. • Modification
• Types of Passive attacks • Replay attacks
• release of message contents • Alterations
• fabrication
• traffic analysis
UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Theoretical concepts.
 Passive Attacks

 In the release of the message contents or file

or mail may be reveal to third people, we
have to prevent an opponent from learning
the contents of these transmission.

 In the Traffic analysis ,The marked or

encrypted information using between source
and destination while transmitting, the
attacker may find the location identity
communicating host and could observe the
frequency and length of messages being
exchanged.

This information might be useful in GUESSING

the nature of the communication that was
taking place

Dr J Rajeshwar, Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Types of Security attacks:
 Theoretical concepts.

• Active Attacks:
• Activate attacks are based on the
modification of the original message in some
manner or in the creation of a false message

• This attacks cannot be prevented easily

•
• However, they can be detected with some
effort and attempts can be made to recover
from them.
 Active Attacks:
 Types of active attacks
 Interruption,
 Modification
 Replay attacks
 Alterations

 fabrication
Arun Singh,Asst. Professor, GNITC
UNIT-I
• Active Attacks:
• 1.Interruption (Masquerade) : Takes place when one entity pretends to be a different entity.
• A masquerade attack usually includes one of the other forms of active attack.
• 2.Replay Attacks: Involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.

• 3.(Modification) Alteration of the message : Simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an unauthorized
effect .

• For example, a message meaning “Allow John Smith to read confidential file accounts” is
modified to mean “Allow Fred Brown to read confidential file accounts.”

• 4.The denial of service: Prevents from the abnormal use or management of communications
facilities.
• This attack may have a specific target.
• For example, an entity may suppress all messages directed to a particular destination
(e.g., the security audit service).

• Another form of service denial is the disruption of an entire network, either by disabling
the network or by overloading it withmessages so as to degrade performance.
UNIT-I Attacks on Computers and Computer Security

 Types of Security attacks:

 The Practical Side of Attacks
 Application level attacks
 These attacks happen at an application level in the sense that the attacker attempts to access, modify or
prevent access to information of a particular application.
 Ex:- stealing credit card information over the internet or changing the content of a message to change the
amount in a transaction etc.

 Network level attacks

 These attacks generally aim at reducing the capabilities of a network by a number of possible ways.
 These attacks generally make an attempt to either slow down. or completely bring To half, a computer
network .
 Security attacks can happen at the application level or the network level

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security services:
 The classification of security services are as follows:
 Confidentiality: Ensures that the information in a computer system a n d transmitted
information are accessible only for reading by authorized parties. E.g. Printing, displaying
and other forms of disclosure.
 Integrity: Ensures that only authorized parties are able to modify computer system assets
and transmitted information. Modification includes writing, changing status, deleting,
creating and delaying or replaying of transmitted messages.
 Availability: Requires that computer system assets be available to authorized parties when
needed.
 Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
 Access control: Requires that access to information resources may be controlled by or the
target system.
 Non repudiation: Requires that neither the sender nor the receiver of a message be able to
deny the transmission.
Arun Singh,Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Security Mechanisms:
 Network Security is field in computer technology that deals with ensuring security of
computer network infrastructure.
 As the network is very necessary for sharing of information whether it is at hardware level
such as printer, scanner, or at software level.
 Therefore security mechanism can also be termed as set of processes that deal with
recovery from security attack.
 Various mechanisms are designed to recover from these specific attacks at various protocol
layers.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security Mechanisms:
 SPECIFIC SECURITY MECHANISMS
 Executed at the appropriate protocol layer to provide some OSI security services.
 1. Encipherment(Encryption)
 The use of mathematical algorithms to transform data into a form that is not readable.
 The transformation and recovery of the data depend on an algorithm and encryption keys.
 2. Digital Signature
 Data appended to, or a cryptographic transformation of a data unit that allows a recipient of the
data unit to prove the source and integrity of the data unit and protect against forgery.
 3. Access Control
 A variety of mechanisms that enforce access rights to resources.
 4. Data Integrity
 A variety of mechanisms used to assure the integrity of a data unit or stream of data units.

Arun Singh, Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security Mechanisms:
 SPECIFIC SECURITY MECHANISMS
 5. Authentication Exchange
 A mechanism to ensure the identity of an entity by means of information exchange.
 6. Traffic Padding
 The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
 7. Routing Control
 Enables selection of particular physically secure routes for certain data and allows routing
changes, especially when a breach of security is suspected.
 8. Notarization
 The use of a trusted third party to assure certain properties of a data exchange.

Arun Singh,Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 Security Mechanisms:
 PERVASIVE SECURITY MECHANISMS
 Mechanisms that are not specific to any particular OSI security service or protocol layer.
 1.Trusted Functionality
 That which is perceived to be correct with respect to some criteria.
 2.Security Label
 The marking bound to a resource (which may be a data) that names or designates the security
attributes of that resource.
 3.Event Detection
 Detection of security-relevant events.
 4.Security Audit Trail
 Data collected and used to facilitate a security audit, which is an independent review and
examination of system records and activities.
 5.Security Recovery
 Deals with requests from mechanisms, such as event handling and management functions, and
takes recovery actions Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 Security Mechanisms:

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 A model for Network Security:
 A message is to be transferred from
one party to another across some sort
of Internet service.
 The two parties, who are the
principals in this transaction, must
cooperate for the exchange to take
place.
 A logical information channel is
established by defining a route
through the Internet from source to
destination and by the cooperative
use of communication protocols (e.g.,
TCP/IP) by the two principals.
 Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity,
and so on.
Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 A model for Network Security:
 All the techniques for providing security have two components:
 1. A security-related transformation on the information to be sent.
 Examples include the encryption of the message, which scrambles the message so
that it is unreadable by the opponent.
 Addition of a code based on the contents of the message, which can be used to verify
the identity of the sender.
 2. Some secret information shared by the two principals and, it is hoped, unknown to
the opponent.
 An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 A model for Network Security:
 A trusted third party may be needed to achieve secure transmission.
 For example, a third party may be responsible for distributing the secret information
to the two principals while keeping it away from any opponent.
 Or a third party may be needed to arbitrate disputes between the two principals
concerning the authenticity of a message transmission.

 This general model shows that there are four basic tasks in designing a particular
security service:
 1. Design an algorithm for performing the security-related transformation. The algorithm
should be such that an opponent cannot defeat its purpose.
 2. Generate the secret information to be used with the algorithm.
 3. Develop methods for the distribution and sharing of the secret information.
 4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.
Arun Singh, Asst. Professor, GNITC
UNIT-I Attacks on Computers and Computer Security
 A model for Network Security:
 Several concerns caused by the existence of hackers, who attempt to penetrate systems
that can be accessed over a network.
 The hacker can be someone who, with no malign intent, simply gets satisfaction from
breaking and entering a computer system.
 The intruder can be a disgruntled employee who wishes to do damage or a criminal
who seeks to exploit computer assets for financial gain (e.g., obtaining credit card
numbers or performing illegal money transfers).
 Another type of unwanted access is the placement in a computer system of logic that
exploits vulnerabilities in the system and that can affect application programs as well as
utility programs, such as editors and compilers.
 Programs can present two kinds of threats:
 Information access threats: Intercept or modify data on behalf of users who should not
have access to that data.
 Service threats: Exploit service flaws in computers to inhibit use by legitimate users.

Arun Singh, Asst. Professor, GNITC

UNIT-I Attacks on Computers and Computer Security
 A model for Network Security:

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Introduction:
 Cryptography is the art of achieving security by encoding messages to make them non-
readable

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Introduction:
 Cryptanalysis is the technique of decoding messages from non- readable format back to a
readable format without knowing how they were initially converted from readable format to
non readable format.

 Cryptography is a combination of cryptography and cryptanalysis.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Plain Text and Cipher Text:
 Clear text or plain text signifies a message that can be understood by the sender, the
recipient, and also by anyone else who gets an access to that message.
 when a plain text message is codified using any suitable scheme, the resulting message
called ciphertext.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Plain Text and Cipher Text:

Transforming a plain text into

cipher text ( Readable message
into unreadable message) are two
types
1. Substitutions techniques
(substitution ciphers)
2. Transposition technique
(Transposition ciphers)

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Plain Text and Cipher Text:
 SUBSTITUTION TECHNIQUES (substitution cipher)
 In the substitution cipher technique, the characters of a plain text message are replaced by other characters,
numbers or symbols.
 Caesar Cipher
 Modified Version of Caesar Cipher
 Mono-alphabetic Cipher
 Homophonic Substitution Cipher
 Polygram Substitution Cipher
 Polyalphabetic Substitution Cipher
 Playfair Cipher
 Hill Cipher

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Caesar Cipher
 Caesar Cipher is a special case of substitution techniques wherein each alphabet in a
message is replaced by an alphabet three places down the line.
 For an instance, using the Caesar cipher, the plain text GURU will be become Cipher-text
JXUX.
 Clearly, the Caesar Cipher is a very weak.
 All that is required to break the Caesar cipher is to do the reverse of the Caesar cipher
process.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Modified Version of Caesar Cipher
 Let us assume that the cipher text alphabets corresponding to the original plain text
alphabets may not necessarily be three places down the order ,but instead, can be any
places down the order.
 This can complicate the matters a bit when comparative previous one.
 There is we have 25 possibilities of replacement

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Modified Version of Caesar Cipher
 A mechanism of encoding messages so that they can be sent securely is called as
cryptography.
 Let us take this opportunity to introduce a few terms used in cryptography.
 An attack on a cipher text message, wherein the attacker attempts to use all possible
permutations and combinations, is called as a Brute-force attack.
 The process of trying to break any cipher text message to obtain the original plain text
message itself is called as Cryptanalysis, and the person attempting a cryptanalysis is
called as a cryptanalyst.
 Cryptanalyst is a person who attempts to break a cipher text message to obtain the
original plain text message. The process itself is called as cryptanalysis.
 As we have noticed, even the modified version of the Caesar Cipher is not very secure.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Modified Version of Caesar Cipher

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Modified Version of Caesar Cipher
 After all, the cryptanalyst needs to be aware of only the following points to break a cipher
text message using the Brute-force attack, in this scheme:
1. Substitution technique was used to derive the cipher text from the original plain text.
2. There are only 25 possibilities to try out.
3. The language of the plain text was English.
 A cryptanalyst attempting a Brute-force attack tries all possibilities to derive the
original plain text message from a given cipher text message.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Mono-alphabetic Cipher
 In mono-alphabetic cipher, random substitution concept will be applicable.
 This means that in a given plain text message, each A can be replaced by any other
alphabet (B through Z), each B can also be replaced by any other random alphabet (A or C
through Z), and so on.
 The crucial difference being, there is no relation between the replacement of B and
replacement of A.
 That is, if we have decided to replace each A with D, we need not necessarily replace each B
with E—we can replace each B with any other character!
 To put it mathematically, we can now have any permutation or combination of the 26
alphabets, which means (26 x 25 x 24 x 23 x … 2) or 4 x 1026 possibilities to crack.
 Mono-alphabetic ciphers pose a difficult problem for a cryptanalyst because it can
be very difficult to crack, thanks to the high number of possible permutations and
combinations.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Homophonic Substitution Cipher
 The Homophonic Substitution Cipher is very similar to Mono-alphabetic Cipher.
 In the mono-alphabetic, the replacement or substitution are fixed. (e.g. replace A with D,
B with E, etc.),
 But in homophonic Substitution Cipher, one plain text alphabet can map to more than one
cipher text alphabet.
 For instance, A can be replaced by D, H, P, R; B can be replaced by E, I, Q, S, etc.
 Homophonic Substitution Cipher also involves substitution of one plain text
character with a cipher text character at a time, however the cipher text character
can be any one of the chosen set.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Polygram Substitution Cipher
 In Polygram Substitution Cipher technique, rather than replacing one plain text alphabet
with one cipher text alphabet at a time, a block of alphabets is replaced with another block.
 Polygram Substitution Cipher technique replaces one block of plain text with a block of
cipher text—it does not work on a character-by-character basis

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Polyalphabetic Substitution Cipher
 This cipher has been broken into many times, and yet it has been used extensively.
 Types of Polyalphabetic Substitution Cipher 1. Vigenere Cipher 2. Beaufort cipher
 The “vigenere cipher”
 This cipher uses multiple one-character keys.
 Each of the keys encrypts one plain- text character.
 The first key encrypts the first plain-text character the second key encrypts the second plain-text character,
and so on.
 After all keys are used, they are recycled.
 The main features of polyalphabetic substitution cipher are the following:
 It uses a set of related monoalphabetic substitution rules
 It uses a key that determines which rule is used for which transformation.
 The vigenere cipher uses 26*26 table with A to Z as the heading and column heading

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Polyalphabetic Substitution Cipher
 Another approach to improving security is to use multiple cipher alphabets
Called polyalphabetic substitution ciphers
 Makes cryptanalysis harder with more alphabets to guess and flatter
frequency distribution
 Use a key to select which alphabet is used for each letter of the message
 Use each alphabet in turn
 Repeat from start after end of key is reached

Arun Singh,Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Polyalphabetic Substitution Cipher
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 write the plaintext out
 write the keyword repeated above it
 eg using keyword deceptive
 use each key letter as a caesar cipher key
 encrypt the corresponding plaintext letter

Vigenere Table

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Playfair Cipher
 Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
 A 5X5 matrix of letters based on a keyword
 fill in letters of keyword (drop duplicates)
 fill rest of matrix with other letters of alphabets,
 I,J letters used interchangeably
 eg. using the keyword MONARCHY

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Playfair Cipher Algorithm P L A Y F
I R E X M
B C D G H
K N O Q S
T U V W Z
Keyword: PLAYFAIR EXAPMLE

 Step1: The playfair cipher makes use of a 5*5 matrix, (table) which is used to store a
keyword or phrase that becomes the key for encryption and decryption
 The rules to form the 5*5 matrix.
1. Enter the Keyword in the matrix row-wise left-to- right and then top-to-bottom.
2. Drop duplicate letters.
3. Fill the remaining spaces in the matrix with the rest of English alphabets (A-Z) that were
not a part of our keyword. While doing so, combine I and J in the same cell of the same
cell of the table. In other words, if I or J is a part of the keyword, disregard both I and J
while filling the remaining slots.
Arun Singh, Asst. Professor, GNITC
UNIT-I Cryptography Concepts and Techniques
Keyword: PLAYFAIR EXAPMLE
 Substitution Techniques:
P L A Y F
 Playfair Cipher I R E X M
 Step2: Encryption Process:- B C D G H
K N O Q S
T U V W Z

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Playfair Cipher
 EXAMPLE
 Keywords: Harsh
 Plain text to be encrypted: my name is JUI Kahate. I am Harshu’s sister.
 5x5 matrix for a given key word : Harsh H A R S B
C D E F G
I K L M N
O P Q T U
V W X Y Z

 Our plain text message broken down into pairs of alphabets is

MY NA ME IS IU IK AH AT EI AM HA RS HU ‘S XS IS TE RX.
 Using plaiyfair cipher based on the above matrix, the resulting cipher text would be:
TS KB LF MH NO KL RA SP CL SK AR SB BO AB YR MH QF ER.

Arun Singh, Asst. Professor, GNITC

Example 2
Keyword: “playfair example”
Plain Text “Hide the gold in the tree stump”
Matrix using the keywod “playfair example”
Break plaintext into letter pairs : “Hide the gold in the tree stump
“
HI DE TH EG OL DI NT HE TR EX ES TU MP
• Substitution Techniques:
• Playfair cipher example 2.
• Key word: “Playfair”
• Plain text: “hellothere” p l a f
y
i r b c d 
• Matrix using a keyword “playfair” 
e g h k m
1. Break plaintext into letter pairs  
• If a pair would contain double letters, split with x n o q s t
• Pad end with x  u v w x z 
• hellothere becomes…
• HE LX LO TH ER EX

2. For each pair,

• If they are in the same row,
• HE  KG
• If they are in the same column,
• LO  RV
• Otherwise, replace each with letter we’d get if we swapped their column indices
• LX YV
He lx lo th er ex
KG YV RV QM GI KU
UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques:
 Hill Cipher
 Hill cipher works on multiple letters at the same time.
 The hill cipher has its roots in the matrix theory of mathematics.
 Hill cipher is a polygraphic substitution cipher based on linear algebra.
 Each letter is represented by a number modulo 26.
 Treat every letter in the plain text message as number, so that A = 0, B = 1, …, Z = 25.
 To encrypt a message, each block of n letters (considered as an n-component vector) is
multiplied by an invertible n × n matrix, against modulus 26.
 To decrypt the message, each block is multiplied by the inverse of the matrix used for
encryption.
 The matrix used for encryption is the cipher key, and it should be chosen randomly from
the set of invertible n × n matrices (modulo 26).

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques: Input : Plaintext: ACT
Key: GYBNQKURP
 Hill Cipher Output : Ciphertext: POH
 Example:
 Encryption
 We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which can be written
as the nxn matrix:
 The message ‘ACT’ is written as vector:
The enciphered vector is given as:

 which corresponds to ciphertext of ‘POH’

Arun Singh , Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Substitution Techniques: Input : Plaintext: ACT
Key: GYBNQKURP
 Hill Cipher Output : Ciphertext: POH
 Example: Decryption
 To decrypt the message, we turn the ciphertext back into a vector, then simply multiply by
the inverse matrix of the key matrix (IFKVIVVMI in letters).The inverse of the matrix used in
the previous example is:

 For the previous Ciphertext ‘POH’:

 which gives us back ‘ACT’.

Assume that all the alphabets are in upper case.
Arun Singh, Asst. Professor, GNITC
UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 The transposition technique is a cryptographic technique that converts the plain text to
cipher text by performing permutations on the plain text, i.e., changing each character of
plain text for each round.
 It includes various techniques like the
 Rail Fence technique,
 Simple columnar transposition technique,
 Simple columnar transposition technique with multiple rounds,
 Vernam cipher,
 Book Cipher

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 Transposition Techniques
 1. Rail-Fence Technique
 Rail-Fence is the simple Transposition technique that involves writing plain text as a sequence of diagonals and
then reading it row by row to produce the cipher text.
Algorithm
 Step 1: Write down all the characters of plain text message in a sequence of diagnosis.
 Step 2: Read the plain text written in step 1 as a sequence of rows.
 To understand it in a better manner, let’s take an example.
 Example: Suppose plain text corporate bridge, and we want to create the ciphertext of the given.
First, we arrange the plain text in a sequence of diagnosis, as shown below.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 Transposition Techniques
 1. Rail-Fence Technique

 Now read the plain text by row-wise, i.e. corporate bridge.

 So, here the plain text is a corporate bridge, and cipher text is croaerdeoprtbig.
 The Rail-Fence technique is quite easy to break.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 Transposition Techniques
 2. Simple columnar transposition techniques
 The simple columnar transposition technique can be categorized into two parts –
 Basic technique and
 multiple rounds.
 Simples columnar transposition technique – basic technique.
 The simple columnar transposition technique simply arranges the plain text in a sequence
of rows of a rectangle and reads it in a columnar manner.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 Transposition Techniques
 2. Simple columnar transposition techniques
 Working of Algorithm:
 Step 1: Write all the characters of plain text message row by row in a rectangle of
predefined size.
 Step 2: Read the message in a columnar manner, i.e. column by column.
 Note: For reading the message, it needs not to be in the order of columns. It can happen in
any random sequence.
 Step 3: The resultant message is ciphertext.
 Example: Let’s assume that Plain text is a corporate bridge, and we need to calculate the
cipher text using a simple columnar transposition technique.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques :::
 Transposition Techniques
 2. Simple columnar transposition techniques
 Let’s take 6 columns and arrange the plain text in a row-wise manner.

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6

c o r p o r
a t e b r i
d g e
 Decide the column order for reading the message – let’s assume 1,3,5,2,4,6 is an order.
 Now read the message in a columnar manner using the decided order. – cadreeorotgpbri
cadreeorotgpbri is a ciphertext.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques ::::
 Transposition Techniques
 3. Simple columnar transposition technique – Multiple rounds
 Simple columnar transposition technique with multiple rounds is the same as basic; only
the difference is that we iterate the process multiple times in multiple rounds.
 Working of an algorithm
 Step 1: Write all the characters of plain text message row by row in a rectangle of
predefined size.
 Step 2: Read the message in a columnar manner, i.e. column by column.
 Note: For reading the message, it need not to be in the order of columns. It can happen in any random
sequence.
 Step 3: The resultant message is ciphertext.
 Step 4: Repeat the procedure from step 1 to step 3 many times as desired.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques::::
 Transposition Techniques
 3. Simple columnar transposition technique – Multiple rounds
 Example: Let’s assume that Plain text is a corporate bridge, and we need to calculate the cipher text using a
simple columnar transposition technique.
 Let’s take 6 columns and arrange the plain text in a row-wise manner

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6

c o r p o r
a t e b r i
d g e

 Decide the column order for reading the message – let’s assume 1,3,5,2,4,6 is an order.
 Now read the message in a columnar manner using the decided order. – cadreeorotgpbri
 cadreeorotgpbri is a ciphertext.
Arun Singh, Asst. Professor, GNITC
UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques::::
 Transposition Techniques
 3. Simple columnar transposition technique – Multiple rounds
 Let’s perform step 1 to step 3 one more time.

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6

c a d r e e
o r o t g p
b r i

 In the second iteration, the order of the columns will be the same.
 Ciphertext – cobdoiegarrrtep
 Continue the same procedure if more iteration is required.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques::::
 Transposition Techniques
 4. Vernam Cipher
 A subset of Vernam cipher is called a one-time pad because it is implemented using a random set of
nonrepeating characters as an input ciphertext.
 Working of Algorithm
 Step 1: Arrange all characters in the plain text as a number i.e. A = 0, B = 1, ….. Z = 25.
Step 2: Repeat the same procedure for all characters of the input ciphertext.
Step 3: Add each number corresponding to the plain text characters to the corresponding input ciphertext
character number.
Step 4: If the sum of the number is greater than 25, subtract 26 from it.
Step 5: Translate each number of the sum into the corresponding characters.
Step 6: The output of step 5 will be a ciphertext.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Transposition Techniques::::
 Transposition Techniques
 4. Vernam Cipher
 In Vernam cipher, once the input ciphertext is used, it will never be used for any other
message; hence it is suitable only for short messages.
 Example: The plain text is “educba” and ciphertext is “ntcbar”

Plain text e d u c b a
4 3 20 2 1 0
Input
n t c b a r
ciphertext
13 19 2 1 0 17
Addition of
plain text and
17 22 22 3 1 17
input
ciphertext

Ciphertext r w w d b r

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Encryption and Decryption:
 The process of encoding plain text messages into cipher
text messages is called as encryption.
 The reverse process of transforming cipher text
messages back to plain text messages is called as
decryption.
 Decryption is exactly opposite of encryption.
 Encryption transforms a plain text message into
cipher text, whereas decryption transforms a cipher
text message back into plain text.
 Every encryption and decryption process has two
aspects: the algorithm and the key used for encryption
and decryption.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Encryption and Decryption:

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Encryption and Decryption:
 In general, the algorithm used for encryption and decryption processes is usually known
to everybody.
 However, it is the key used for encryption and decryption that makes the process of
cryptography secure.
 If the same key is used for encryption and decryption, we call the mechanism as
Symmetric Key Cryptography.
 However, if two different keys are used in a cryptographic mechanism, wherein one key is
used for encryption, and another, different key is used for decryption, we call the
mechanism as Asymmetric Key Cryptography.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Encryption is a mechanism to change the form of any text in order to prevent it from being
read by others.
 In Symmetric-key encryption, the message is then encrypted using a key and with the
same key, the messages can be decrypt, making it simple to use but less safe.
 It also needs a secure way of moving the key from one party to another.

 Asymmetric Key Encryption is for both for public and private key encryption strategy.
 It uses separate keys to encrypt and decrypt a message or document.
 It is more reliable than the symmetric key encryption method, but it is very slower.
 Cryptography can be based on a single key (Symmetric) or two keys (Asymmetric).

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 There are terms of cryptography and those are :
 Encryption: the method of locking cryptographic information. This way locked
information is encrypted.
 Decryption: An unlocking process of the cryptographically encrypted details.
 Key: A secret like a password used to encrypt information and decode it. In
cryptography, there are a variety of different kinds of keys used for Encryption and
Decryption.
 Steganography: It is the science of concealing information from people who are snooping
at you. The distinction between steganography and coding is that the desired snoopers
will maybe not state first of all that there are secret details.
 Data Encryption Standard (DES): The most common symmetric key algorithm and the
DES as it contains a service that provides the logic behind DES algorithm.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
SYMMETRIC KEY CRYPTOGRAPHY ASYMMETRIC KEY CRYPTOGRAPHY
It is also known as secret-key cryptography or
It is also known as public-key cryptography or
private key cryptography or one key
Two keys cryptography. It works in the opposite
cryptography as the encryption and decryption
way of symmetric cryptography.
process uses the same key.
Two key are required in which one key will
A single key for both decryption and encryption.
encrypt and the other one used to decrypt.

The size of the cipher text is smaller or same. The size of the cipher text is larger or same.

The encryption process is very extremely fast. The encryption process is too slow.

It can transfer a huge amount of data. It transfers only a small amount of data.
Symmetric key cryptography provides
It provides both authenticity and confidentiality.
confidentiality.
Examples are ECC, El Gamal, Diffie-Hellman,
Examples: AES, DES, 3DES and RC4
DSA and RSA
In comparison, resource utilization is low than
Resource utilization is higher.
asymmetric key encryption.
UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:

COMPARISON SYMMETRIC KEY CRYPTOGRAPHY ASYMMETRIC KEY CRYPTOGRAPHY

Symmetric encryption uses a single Asymmetric encryption uses a different

Basic
key. key for encryption and decryption.

Symmetric encryption is faster in Asymmetric Encryption is slow in

Performance
execution. execution.
Algorithms DES, 3DES, AES, and RC4. Diffie-Hellman, RSA.

Symmetric encryption is used for bulk Asymmetric encryption is often used for
Purpose
data transmission. securely exchanging secret keys.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Advantages and Disadvantages of Symmetric or Secret Key Cryptography
 A) Advantages
 Very fast encryption and message decryption
 The broader the key code, the better the protection
 B) Disadvantages
 Key exchange: This ensures that the encryption key is shared through a protected
channel.
 The number of keys needed: A new key is required for each pair of participants
wishing to exchange encrypted messages.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Advantages and Disadvantages of Asymmetric or Public Key Cryptography
 A) Advantages
 Security is simple because only the private key must be kept hidden.
 Maintenance of the keys makes it possible to keep the keys (public key/private key)
constant by contact based on the relation.
 Less is the number of keys to be kept hidden.
 B) Disadvantages
 This is not sufficient for the encryption of large messages as the encryption/decryption
throughput is inversely proportional to the duration of the key.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Symmetric Key Cryptography and the Problem of Key Distribution
 Person A wants to send a highly confidential letter to another person B. A and B both reside
in the same city, but are separated by a few miles, and for some reason, cannot meet each
other.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Symmetric Key Cryptography and the Problem of Key Distribution
 When A wanted to communicate only with B, we needed one lock-and-key pair (A-B).

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Symmetric Key Cryptography and the Problem of Key Distribution
 When A wants to communicate with B and C, we need two lock-and-key pairs (A-B and
A-C). Thus, we need one lock-and-key pair per person with whom A wants to communicate.
If B also wants to communicate with C, we have B-C as the third communicating pair,
requiring its own lock-and-key pair. Thus, we would need three lock-and-key pairs to serve
the needs of three communicating pairs.
 Let us consider the participation of a fourth person D. Let us also imagine that all of the
four persons (A, B, C and D) want to be able to communicate with each other securely.
Thus, we have six communicating pairs, namely A-B, A-C, A-D, B-C, B-D and C-D. Thus,
we need six lock-and-key pairs, one per communicating pair, to serve the needs of four
communicating pairs.
 If E is the fifth person joining this group, we have ten communicating pairs, namely A-B,
A-C, A-D, A-E, B-C, B-D, B-E, C-D, C-E and D-E. Thus, we would need ten lock-and-key
pairs to make secure communication between all these pairs possible.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Symmetric Key Cryptography and the Problem of Key Distribution

 We can see that:

 If the number of parties is 2, we need 2 * (2 – 1)/2 = 2 * (1)/2 = 1 lock-and-key pair.
 If the number of parties is 3, we need 3 * (3 – 1)/2 = 3 * (2)/2 = 3 lock-and-key pairs.
 If the number of parties is 4, we need 4 * (4 – 1)/2 = 4 * (3)/2 = 6 lock-and-key pairs.
 If the number of parties is 5, we need 5 * (5 – 1)/2 = 5 * (4)/2 = 10 lock-and-key pairs.
 Therefore, can we see that, in general, for n persons, the number of lock-and-key pairs is
n * (n – 1)/2.
 If n=1000
=1000 * (1000 – 1)/2
= 1000 * (999)/2
= 99,9000/2
= 499,500 lock-and-key pairs! Arun Singh, Asst. Professor, GNITC
UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Introduction
 Whitefield Diffie and Martin Hellman devised an amazing solution to the problem of key agreement, or key
exchange in 1976.
 This solution is called as the Diffie-Hellman Key Exchange/Agreement Algorithm.
 The beauty of this scheme is that the two parties are using symmetric key technique.
 This key can then be used for encryption/decryption.
 However, we must note that Diffie-Hellman key exchange algorithm can be used only for key agreement, but
not for encryption or decryption of messages.
 Once both the parties agree on the key to be used, they need to use other symmetric
key encryption algorithms for actual encryption or decryption of messages.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Description of Algorithm
 Let us assume that Alice and Bob want to agree upon a key to be used for encrypting/ decrypting messages
that would be exchanged between them.

Arun Singh , Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key
Cryptography:
 Diffie-Hellman Key Exchange /
Agreement Algorithm
 Example of the Algorithm
 Let us take a small example to
prove that the Diffie-Hellman
works in practical situations.
 Of course, we shall use very small
values for ease of understanding.
 In real life, these values are very
large.

Arun Singh , Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Mathematical theory behind the algorithm
 Diffie-Hellman key exchange algorithm gets it security from the difficulty of calculating
discrete logarithms in a finite field, as compared with the ease of calculating exponentiation
in the same field.
 Let us try to understand what this actually means, in simple terms.
 (a) Firstly, take a look at what Alice does in step 6. Here, Alice computes:
K1 = Bx mod n.
From step 4, we have: B = gy mod n.
Therefore, if we substitute this value of B in step 6, we will have the following equation:
K1= (gy)x mod n = gyx mod n.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Mathematical theory behind the algorithm
 (b) Now, take a look at what Bob does in step 7. Here, Bob computes:
K2 = Ay mod n.
From step 2, we have: A = gx mod n.
Therefore, if we substitute this value of A in step 7, we will have the following equation:
K2 = (gx)y mod n = gxy mod n.
 Now, basic mathematics says that: Kyx = Kxy
 Therefore, in this case, we have: K1 = K2 = K. Hence the proof.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Problems with the algorithm
 Diffie-Hellman key exchange algorithm can fall pray to the man-in-the-middle attack (or to
be politically correct, woman-in-the-middle attack), also called as bucket brigade attack.
The way this happens is as follows.
 1. Alice wants to communicate with Bob securely, and therefore, she first wants to do a
Diffie-Hellman key exchange with him. For this purpose, she sends the values of n and g to
Bob, as usual. Let n = 11 and g = 7. (As usual, these values will form the basis of Alice’s A
and Bob’s B, which will be used to calculate the symmetric key K1 = K2 = K.)
 2.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Problems with the algorithm

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Diffie-Hellman Key Exchange/Agreement Algorithm
 Problems with the algorithm

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Symmetric and Asymmetric Key Cryptography:
 Asymmetric Key Operation:
 In this scheme, A and B do not have to jointly
approach T for a lock-and-key pair.
 Instead, B alone approaches T, obtains a lock
and a key (K1) that can seal the lock, and sends
the lock and key K1 to A.
 Since one key (K1) is used for locking, and
another, different key (K2) is used for unlocking;
we will call this scheme as asymmetric key
operation.
 Also, T is clearly defined here as a trusted third
party. T is certified as a highly trustworthy and
efficient agency by the government.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Steganography:
 Steganography is a technique that facilitates hiding of a message that is to be kept secret
inside other messages.
 It is the science of concealing information from people who are snooping at you.
 The distinction between steganography and coding is that the desired snoopers will may be
not state first of all that there are secret details.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Key Range and Key Size:
 The encrypted messages can be attacked, too! Here, the cryptanalyst is armed with the
following information:
 The encryption/decryption algorithm
 The encrypted message
 Knowledge about the key size (e.g. the value of the key is a number between 0 and 100 billion)
 The concept of key range leads us to the principle of keysize.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Possible Types of Attacks:
A. Cipher-text only attack
B. Known plain-text attack
C. Chosen plain-text attack
D. Chosen cipher-text attack
E. Chosen-text attack

 Cipher-text only attack

 In this type of attack, the attacker does not have any clue about the plain text.
 Attacker has some or all of the cipher text.
 The attacker analyzer the original text to try and figure out the original text
 Based on the frequency of letters the attackers makes an attempts to guess the plain-text.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Possible Types of Attacks:
 Known plain-text attack
 The attacker knows about some pairs of plain text and corresponding cipher text for those pairs
 Using this information, the attackers tries to find other pairs, and therefore, know more and more of the plain
text.
 Examples of such known plain text are company banners, file headers, etc, which are found commonly in all
the documents of a particular company.
 Chosen plain-text attack
 The attacker selects a plain-text block, and tries to look for the encryption of the same in the cipher-text.
 Here, the attackers is able to choose the messages to encryption.
 Based on this, the attacker’s intentionally picks patterns of cipher-text that result in obtaining more
information about the key.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Possible Types of Attacks:
 Chosen cipher-text attack
 The attackers known the cipher text to be decrypted, the encryption algorithm that was used to produce this
cipher text, and corresponding plain-text block.
 The attacker’s job is to discover the key user for encryption.
 However, this type of attack is not very commonly used.

 Chosen-text attack
 The chosen- text attack is essentially a combination of chosen plain-text attack and chosen cipher-text attack.

Arun Singh, Asst. Professor, GNITC

UNIT-I Cryptography Concepts and Techniques
 Possible Types of Attacks: Summary of Types of Attacks
Attack Things known to the Attacker Things the Attacker wants to find out.
Cipher text only • Cipher text of several messages, all of • plain text message corresponding to these
which are encrypted with their same cipher text message
encryption key • key used for encryption
• Algorithm used
Know cipher text • Cipher text of several message, all of which • Key used for encryption
are encrypted with the same encryption • Algorithm to decrypt cipher text with the
key. same key.
• Plain text message corresponding to the
above cipher text message
• Algorithm used
Chosen plain text • Cipher text and associated plain-text • Key used for encryption
message • Algorithm to decrypt cipher text with the
• Chooses the plain text to be encrypted same key

Chosen cipher • Cipher text of several message to be Key used for encryption
text decrypted
• Corresponding plain-text messages
Chosen text • Cipher text of several message to be Key used for encryption
decrypted
• Corresponding plain-text messages

Arun Singh, Asst. Professor, GNITC