A Model of Network

Security
what is network security model?
• A network security model is a conceptual framework that outlines
how to protect a network's data and resources from unauthorized
access, misuse, or malicious activities.
Why security matters
Whenever you transmit information, there might be opponents
(attackers) who want to:
• Read it when they shouldn’t (confidentiality)
• Alter it or impersonate someone (authenticity and integrity)
Two core components of security
techniques
a. Security-related transformation
This is how we modify the message to protect it.
Examples:
• Encryption → turns the original message into an unreadable form for outsiders.
• Message Authentication Code (MAC) → adds a special code based on message content
to verify sender identity and detect tampering.

b. Secret information shared between parties

This is the special key or shared secret used to perform the transformations.
• Must be known only to the sender and receiver.
• Example: an encryption key that scrambles data before sending and unscrambles it on
receipt.
Network security Model
General Model – Four Basic Tasks in
Designing a Security Service
1. Algorithm Design
Goal: Create a security transformation (e.g., encryption, hashing,
signing) that is strong enough that an attacker cannot break it with
reasonable effort.

2. Secret Information Generation

Goal: Produce the secret key(s) or other confidential data needed by
the algorithm.
3. Secret Information Distribution & Sharing
Goal: Establish a secure method for the sender and receiver to share
the secret without letting attackers intercept it.

4. Protocol Specification
• Goal: Define the exact sequence of steps for both sides to follow
when:
• Applying the algorithm
• Using the key
• Sending and receiving messages
Symmetric Cipher Model
A symmetric encryption scheme has five ingredients:
■ Plaintext: This is the original intelligible message or data that is fed
into the algorithm as input.
■ Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
■ Secret key: The secret key is also input to the encryption algorithm.
The key is a value independent of the plaintext and of the algorithm.
The algorithm will produce a different output depending on the specific
key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
■ Ciphertext: This is the scrambled message produced as output. It
depends on the plaintext and the secret key. For a given message, two
different keys will produce two different ciphertexts. The ciphertext is
an apparently random stream of data and, as it stands, is unintelligible.
■ Decryption algorithm: This is essentially the encryption algorithm
run in reverse. It takes the ciphertext and the secret key and produces
the original plaintext.
Simplified Model of Symmetric
Encryption
Two Requirements for Secure Use of
Conventional Encryption
1. Strong Encryption Algorithm
• Expectation:
Even if an attacker:
• Knows the encryption algorithm
• Has access to multiple ciphertexts
• Even has pairs of plaintext and their corresponding ciphertexts
… they should still be unable to:
• Decrypt new ciphertexts
• Determine the secret key
• Implication:
don’t rely on secrecy of the algorithm; rely on secrecy of the key.
2. Secure Key Distribution & Protection
• Sender and receiver must:
• Obtain copies of the secret key securely
• Keep the key safe from attackers
• If the key is compromised and the algorithm is public, all
communication is readable.
Three Dimensions of Cryptographic
System Classification
1. Type of Operations (Transformation Method)
All encryption methods rely on two basic principles:
• Substitution
• Replace each element of the plaintext (bit, letter, group of bits/letters) with another element.
• Example: Caesar Cipher shifts letters by a fixed amount.
• Transposition
• Rearrange elements of the plaintext without changing them.
• Example: Columnar Transposition Cipher.
• Product Systems
• Combine multiple stages of substitution and transposition for stronger encryption.
• Example: DES uses both.
• Requirement: All operations must be reversible so decryption is possible.
2. Number of Keys Used
• Symmetric Encryption (Single-Key / Secret-Key / Conventional
Encryption)
• Same key for both encryption and decryption.
• Example: AES, DES.
• Asymmetric Encryption (Two-Key / Public-Key Encryption)
• Different keys for encryption and decryption.
• One is public, one is private.
• Example: RSA, ECC.
3. Way Plaintext is Processed
• Block Cipher
• Processes fixed-size blocks of plaintext.
• Produces ciphertext blocks of the same size.
• Example: AES (128-bit blocks), DES (64-bit blocks).
• Stream Cipher
• Processes plaintext element-by-element in a continuous stream.
• Example: RC4, Salsa20.
Encryption Attacks
Goal of an Encryption Attack
• Primary objective: Recover the encryption key in use.
• Reason: If the key is obtained:
• All past messages using that key can be decrypted.
• All future messages using that key are also compromised.
Two General Attack Approaches
1. Cryptanalysis (Analytical Attack)
• Method: Use:
• Properties of the encryption algorithm
• Knowledge of the language or patterns in plaintext
• Known plaintext–ciphertext pairs
• Goal: Deduce either:
• The plaintext of a given ciphertext
• The key being used
• Tools: Statistical analysis, frequency analysis, known-plaintext attacks,
etc.
2. Brute-Force Attack
• Method: Try every possible key until a readable plaintext is produced.
• Effort: On average → half of the total key space must be tested for
success.
• Limitation: Impractical if the key space (number of possible keys) is
very large.
Types of Attacks on Encryption
Systems
Attack Type Information Available to Attacker Difficulty Example

Trying to decrypt an intercepted

Only the ciphertext(s). Algorithm is
Ciphertext-only attack Hardest encrypted email without knowing any
known.
matching plaintext.

One or more pairs of plaintext and WWII Enigma — Allies knew common
Known-plaintext attack Easier than ciphertext-only.
ciphertext. phrases like “Heil Hitler” in messages.

Attacker can choose plaintexts and Testing an online encryption tool by

Chosen-plaintext attack Easier than known-plaintext.
obtain corresponding ciphertexts. submitting custom text.

Attacker can choose ciphertexts and Malicious API query that returns
Chosen-ciphertext attack Similar difficulty to chosen-plaintext.
obtain their decrypted plaintexts. decrypted values.

Ciphertext(s) + knowledge of Depends on key space size — Trying all 21282^{128} AES keys
Brute-force attack
algorithm; tries every possible key. impractical if very large. (currently infeasible).
 Encryption Techniques
Substitution Techniques
A substitution technique replaces each element of the plaintext (letter,
bit, or group of them) with another element according to a fixed rule or
key.
• Goal: Hide the original meaning by altering the symbols but not their
positions.
• Key Property: The mapping must be reversible so decryption can
recover the plaintext.
Basic Types of Substitution Techniques
1) Caesar Cipher (Shift Cipher)
• Each letter is shifted by a fixed number of positions in the alphabet.
2) Monoalphabetic Cipher
• Each letter of the plaintext maps to a unique letter of the ciphertext alphabet.
3) Playfair Cipher
• Encrypts pairs of letters (diagrams) using a 5×5 key matrix.
4) Hill Cipher
• Uses linear algebra over mod 26.
5) Polyalphabetic Cipher
• Uses multiple cipher alphabets to encrypt different letters of the message.
6) One-Time Pad (Perfect Secrecy)
• Uses a random key as long as the message, applied only once.
Strengths
• Simple to understand and implement.
• Historically significant — foundation for modern encryption.

Weaknesses
• Most classical substitution ciphers are breakable using:
• Frequency analysis
• Known-plaintext attacks
• Pattern recognition
 Ceaser Cipher
The earliest known, and the simplest, use of a substitution cipher was
by Julius Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the letter standing three places further down the
alphabet. For example
Plain text: MEET ME AFTER THE TOGA PARTY
Cipher text: PHHW PH DIWHU WKH WRJD SDUWB

Plain text: HELLO WORLD

Cipher text: MJQQT BTWQI
Cesar algorithm:
Encryption: C = E(k, p) = (p + k) mod 26
Decryption: p = D(k, C) = (C - k) mod 26
 MonoAlphabetic Cipher
A monoalphabetic cipher is a type of substitution cipher where each
letter of the plaintext is always replaced by the same corresponding
letter (or symbol) in the ciphertext, according to a fixed substitution rule.
• The substitution mapping is one-to-one and fixed throughout the
message.
• For example, if A → Q in the key, then every A in the plaintext will
always become Q in the ciphertext.
• Unlike the Caesar cipher (which just shifts letters by a fixed number), a
monoalphabetic cipher can use any permutation of the alphabet,
giving a much larger key space.
Permutation
A permutation of a finite set of elements S is an ordered sequence of all
the elements of S, with each element appearing exactly once. For
example, if S = {a, b, c}, there are six permutations of
S: abc, acb, bac, bca, cab
Example
• Cypher text :

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Breaking down the cipher text
1. Identify frequent patterns in English
• In English, the most common diagram (pair of letters) is "th".
• The most common trigram (three letters) is "the".

2. Apply this knowledge to the ciphertext

• In the ciphertext, the most common diagram was ZW (appearing three
times).
• This suggests Z → t and W → h.
• Hypothesis: If Z = t and W = h, then maybe P → e (based on other observed
patterns and common words).
3. Spot “the” in the ciphertext
• The sequence ZWP appears in the ciphertext.
• Substituting: Z → t, W → h, P → e → "the".
• This matches the most frequent English trigram.
4. Use partial matches to guess new letters
• Found ZWSZ in the ciphertext → translates to th_t.
• The missing letter is likely a (making “that”).
• So, S → a.
5. Partial substitution progress
Z→t
W→h
P→e
S→a
Applying to ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
t a e e te a that e e a a
6. Continue with frequency analysis + trial and error
• You look for other common patterns:
• Single-letter words: likely “a” or “I”.
• Common endings like “-ed”, “-ing”.
• High-frequency letters: e, t, a, o, i, n, s, h, r, etc.
• Gradually fill in the substitution table.
7. Final decrypted message
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
Sample cipher text

Tctkz tktocu zit tqtkc lzgtzt zgq zit

tczotc wggo zi cktqtl vgi zit tksf qfr
tkgfr tgwttlt.
Answer

Every evening the eager student read the

entire book to prepare for the exam and
ensure success.
• Plain E → Cipher T (why T appears most often in ciphertext)
• Plain T → Cipher Z
• Plain H → Cipher I
• Plain O → Cipher G
 Play fair Cipher
The Playfair algorithm is based on the use of a 5 * 5 matrix of letters
constructed using a keyword.
steps
1. Repeating plaintext letters that are in the same pair are separated with
a filler letter, such as x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each
replaced by the letter to the right, with the first element of the row
circularly following the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by
the letter beneath, with the top element of the column circularly
following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that
lies in its own row and the column occupied by the other plaintext
letter. Thus, hs becomes BP and ea becomes IM (or JM, as the
encipherer wishes).
Rules
• For each pair of letters:
• Same Row: Replace each with the letter to the right (wrap around to
start if needed).
• Same Column: Replace each with the letter below (wrap around to
top if needed).
• Rectangle Rule: If letters are in different rows/columns, replace each
with the letter in the same row but in the column of the other letter.
Example
• 1. Choose a Keyword
• Keyword: CRYPTOGRAPHY
• Remove duplicate letters → CRYPTOGAH
• Fill the 5×5 matrix (merge I and J):
C R Y P T

O G A H B

D E F I/J K

L M N Q S

U V W X Z
2. Prepare the Plaintext
• Plaintext: MEET ME AT PARK
• Remove spaces → MEETMEATPARK
• Split into pairs: ME ET ME AT PA RK
• If any pair has same letter, insert X (not needed here).
• If odd length, add X at end (not needed here).
Encrypt Using Playfair Rules
Pair 1: ME
• M: (row 4, col 2)
• E: (row 3, col 2) → Same Column → move down
• M → N (row 4, col 3)
• E → F (row 3, col 3)
→ NF
Pair 2: ET
• E: (row 3, col 2)
• T: (row 1, col 5) → Rectangle Rule
• E → B (row 3, col 5)
• T → R (row 1, col 2)
→ KR
Pair 3: ME (same as first) → NF
Pair 4: AT
• A: (row 2, col 3)
• T: (row 1, col 5) → Rectangle Rule
• A → B (row 2, col 5)
• T → Y (row 1, col 3)
→ BY
Pair 5: PA
• P: (row 1, col 4)
• A: (row 2, col 3) → Rectangle Rule
• P → A (row 1, col 3)
• A → H (row 2, col 4)
→ AH
Pair 6: RK
• R: (row 1, col 2)
• K: (row 3, col 5) → Rectangle Rule
• R → T (row 1, col 5)
• K → E (row 3, col 2)
→ TE
Ciphertext
• NF BR NF BY AH TE
→ NFKRNFBYYHTE
 Hill cipher
The Hill cipher is a polygraphic substitution cipher based on linear
algebra. It encrypts plaintext by substituting blocks of letters with other
blocks, using matrix operations. It was invented by Lester S. Hill in 1929
and is known for its use of matrix multiplication and modulo arithmetic
.
• Plaintext letters are converted to numbers:
• a = 0, b = 1, ..., z = 25
• Encryption uses a key matrix K, usually m×m.
• Encryption formula:
• C=P⋅K (mod 26)
where P is a row vector of length m (plaintext block), and C is the
resulting ciphertext vector.

• Decryption formula:
• P=C⋅K-1 (mod 26)
K-1 is the modular inverse of K.
Example — 2×2 Hill Cipher
We’ll encrypt the plaintext: "help“

Step 1: Assign numbers

h = 7, e = 4, l = 11, p = 15

Step 2: Choose a key matrix K

Step 3: Group plaintext into blocks of size 2
• "help" →
(7, 4), (11, 15)

Step 4: Encrypt each block

3. Decryption
• We need K-1 (mod 26)
• For a 2×2 matrix:
"hello world" → "helloworld"
hello w o r l d
7 4 11 11 14 22 14 17 11 3
(7,4), (11,11), (14,22), (14,17), (11,3)
pw | qb | cq | zn | gr →
"pwqbcqzngr"
• the determinant is
• k11*k22 - k12*k21.
• For a 3 * 3 matrix, the value of the determinant is
• K11*k22*k33 + k21*k32*k13 + k31*k12*k23 - k31*k22*k13 - k21*k12*k33 -
k11*k32*k23
• (0,19,19), (0,2,10), (0,19,3), (0,22,13)
 polyalphabetic substitution
cipher
A polyalphabetic substitution cipher is an encryption method where
multiple substitution alphabets are used to encrypt a message instead
of just one.
• In a monoalphabetic cipher, one plaintext letter is always replaced by
the same ciphertext letter.
• In a polyalphabetic cipher, the same plaintext letter can be encrypted
to different ciphertext letters depending on its position in the
message and the key.
• Goal: Make it harder for attackers to break the cipher by flattening
frequency patterns.
How It Works
• You prepare multiple monoalphabetic substitution rules (think of
them as Caesar ciphers with different shifts).
• A key tells you which rule to use for each letter of the plaintext.
• The key is usually a word or phrase that repeats.
The Vigenère Cipher
Setup
• Create 26 Caesar ciphers (shift 0 to 25).
• Arrange them in a Vigenère tableau (a 26×26 grid of shifted
alphabets).
• Choose a keyword.
• Repeat the keyword so it matches the length of your message.
Plain text : WE ARE DISCOVERED SAVE
YOURSELF
Keyword: deceptive
DECEPTIVEDECEPTIVEDECEPTIVEDE
Plaintext P Key K Sum Cipher
W 22 D 3 25 Z
E 4 E 4 8 I
A 0 C 2 2 C
R 17 E 4 21 V
E 4 P 15 19 T
...
... ... ... ... ...

• ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Advantages
• Frequency distribution of ciphertext letters is much flatter.
• A single plaintext letter may map to multiple ciphertext letters,
depending on position.
Weakness:
• If the key is short and repeats often, patterns still emerge.
• Repeated plaintext segments encrypted with the same key segment
produce repeated ciphertext segments.
• HELLOWORLD
• KEYKEYKEYK
Letter Value
H 7
E 4
L 11
L 11
O 14
W 22
O 14
R 17
L 11
D 3
P (Plain) Value K (Key) Value Sum C (Cipher)
H 7 K 10 17 R
E 4 E 4 8 I
J (35 mod 26 =
L 11 Y 24 35
9)
L 11 K 10 21 V
O 14 E 4 18 S
U (46 mod 26 =
W 22 Y 24 46
20)
O 14 K 10 24 Y
R 17 E 4 21 V
L 11 Y 24 35 J
D 3 K 10 13 N
Cipher text - RIJVS UYVJN
 One-Time Pad
• Basic idea: Use a random key that’s exactly the same length as your
message.
• The key is never reused — it’s used once, then destroyed.
• Encryption and decryption are done just like the Vernam or Vigenère
cipher, except with a truly random key.
• Works for letters, numbers, or binary bits.
Adavantages
• Perfect secrecy:
• The ciphertext has no statistical relationship to the plaintext.
• Given a ciphertext, every possible plaintext of the same length is
equally likely if the key is random.
Example: Ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFP
LUYTS

• Key #1: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih

• Plaintext: mr mustard with the candlestick in the hall

• Key #2: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt

• Plaintext: miss scarlet with the knife in the library

Both plaintexts are equally plausible if the keys are random.

A cryptanalyst cannot tell which is correct, even with unlimited computing
power.
Hello world
XMCKL QWERTY
• Plaintext numbers: 7 4 11 11 14 26 22 14 17 11 3
• Key numbers: 23 12 2 10 11 26 16 22 4 17 19
(7+23)=30 → 30 mod 27 = 3 → D
(4+12)=16 → 16 →Q
(11+2)=13 → 13 →N
(11+10)=21 → 21 →V
(14+11)=25 → 25 →Z
(26+26)=52 → 52 mod 27=25 → Z
(22+16)=38 → 38 mod 27=11 → L
(14+22)=36 → 36 mod 27=9 → J
(17+4)=21 → 21 →V
(11+17)=28 → 28 mod 27=1 → B
(3+19)=22 → 22 →W
stream cipher And Block cipher
• A stream cipher is one that encrypts a digital data stream one bit or one
byte at a time.
• Examples of classical stream ciphers are the autokeyed Vigenère cipher
and the Vernam cipher.
• In the ideal case, a one-time pad version of the Vernam cipher would be
used in which the keystream (k ) is as long as the plaintext bit stream (p ).
• If the cryptographic keystream is random, then this cipher is
unbreakable by any means other than acquiring the keystream.
• However, the keystream must be provided to both users in advance via
some independent and secure channel.
 Block cipher
• A block cipher is one in which a block of plaintext is treated as a whole
and used to produce a ciphertext block of equal length. Typically, a block
size of 64 or 128 bits is used.
• As with a stream cipher, the two users share a symmetric encryption key.
• A block cipher can be used to achieve the same effect as a stream cipher.
Far more effort has gone into analyzing block ciphers. In general, they
seem applicable to a broader range of applications than stream ciphers.
• The vast majority of network-based symmetric cryptographic
applications make use of block ciphers.
 Feistel cipher structure
• The Feistel cipher structure is a symmetric encryption design used by
many block ciphers, including DES.
• It’s not a specific cipher itself, but a blueprint for building ciphers.
• Basic Idea
• Instead of encrypting the whole block at once, you:
• Split the plaintext block into two halves.
• Process them through multiple rounds, where only one half is transformed
each time (using a round function and a key).
• Swap halves after each round.
Key Points
• Block size: Usually 64, 128, or more bits.
• Number of rounds: More rounds = better security (DES uses 16
rounds).
• Round function (F): Can be complex (substitution, permutation,
modular addition, etc.).
• Security: Even if F is not irreversible, the overall Feistel structure is
irreversible.
Example : 1101 0110
• Block size: 8 bits (split into two halves of 4 bits each)
• Number of rounds: 2
• Round keys:
• K1=1010 (binary)
• K2=0101 (binary)
• Round function FFF:
F(R,K)=(R XOR K)
Ascii example
Feistel network depends on
• Block size: Larger block sizes mean greater security (all other things
being equal) but reduced encryption/decryption speed for a given
algorithm. The greater security is achieved by greater diffusion.
Traditionally, a block size of 64 bits has been considered a reasonable
tradeoff and was nearly universal in block cipher design. However, the
new AES uses a 128-bit block size.
• Key size: Larger key size means greater security but may decrease
encryption/ decryption speed. The greater security is achieved by
greater resistance to brute-force attacks and greater confusion. Key
sizes of 64 bits or less are now widely considered to be inadequate,
and 128 bits has become a common size.
• Number of rounds: The essence of the Feistel cipher is that a single
round offers inadequate security but that multiple rounds offer
increasing security. A typical size is 16 rounds.
• Subkey generation algorithm: Greater complexity in this algorithm
should lead to greater difficulty of cryptanalysis.
• Round function F: Again, greater complexity generally means greater
resistance to cryptanalysis.
 DES (Data Encryption Standard)
Historical Context
• Before AES (pre-2001) → DES was the most popular encryption
scheme.
• Introduced in 1977 by the U.S. National Bureau of Standards (now
NIST) as FIPS PUB 46.
• The actual encryption process is called DEA (Data Encryption
Algorithm).
How DES Works
• Block size: Works on 64-bit chunks of data at a time.
• Key size: Uses a 56-bit key
• Process: Takes a 64-bit input → applies a series of transformations →
produces a 64-bit output.
• Symmetric: Same key and steps for both encryption and decryption.
DES Encryption Overview
Inputs
• Plaintext: Exactly 64 bits long.
• Key: 64 bits entered, but only 56 bits are used (8 bits are parity or
unused).
Processing Stages
1. Initial Permutation (IP)
• Rearranges the bits of the plaintext according to a fixed table.
• This is just a bit shuffle, no encryption yet.
2. Sixteen Feistel Rounds
• Each round does the same type of processing:
a. Data split
• 64-bit input is split into Left (L) and Right (R) halves (32 bits each).
b. Feistel function (F) applied to R:
• Expansion: R (32 bits) is expanded to 48 bits.
• XOR with subkey (Kᵢ): 48-bit R ⊕ 48-bit Kᵢ.
• Substitution: Output is split into 8 groups of 6 bits → each goes through an S-box → produces 4 bits each →
total 32 bits.
• Permutation: Rearranges the 32 bits.
c. Feistel swap:
• New L = old R
• New R = old L ⊕ F(R, Kᵢ)
• This process repeats 16 times, with a different subkey each time.
3. Final Swap
After round 16, swap the left and right halves.

4. Inverse Initial Permutation (IP⁻¹)

Apply the reverse of the initial permutation to produce the final
64-bit ciphertext.
• Key Schedule (Subkey Generation)
• Start with the 64-bit key → Permuted Choice 1 (PC-1) removes 8
parity bits → 56 bits remain.
• Split into two 28-bit halves (C₀ and D₀).
• For each round:
• Left circular shift both halves (1 or 2 bits depending on the round).
• Permuted Choice 2 (PC-2) selects 48 bits from the 56 → this becomes Kᵢ.
• Repeat for all 16 rounds → produce K₁ through K₁₆.
• Decryption
• Same process as encryption (Feistel structure property).
• Just use subkeys in reverse order (K₁₆ first, then K₁).
General DES diagram