DELHI TECHNOLOGICAL UNIVERSITY

CO405
INFORMATION AND NETWORK SECURITY

Submitted to: Submitted by:

Dr. Aruna Bhat Shubham Dhiman
(2K16/CO/310)
Utsav Prabhakar
(2K16/CO/344)
Vaibhav Kumar
(2K16/CO/345)
Vaibhav Kumar
(2K16/CO/346)
Vikas Tomar
(2K16/CO/352)
Q 1. Give different kinds of threats. Bug, Virus, Worm, Trojan Horse, Phishing,
Spamming, Key Logger etc.

Ans. Different kinds of threats

1. Virus
• A virus is a malware that makes a particular file in your device junk and
corrupt. It can enter in any form like audio, video, pictures or any other
form. Once attacked by a virus, it becomes difficult to access the same file.
(File junk maker).
• Examples: Blaster,Slammer,Nimda,Code Red,LOVEYOU,The Morris Worm.
2. Worms
• Worm is a malware which multiplies itself rapidly and makes your device to
run slower and slower. If a file is attacked by a worm, it will make similar
other files and multiply itself. If your device is lagging, there are high
chances that your device is having worms. (Device laggards).
• Examples: ILOVEYOU, Michelangelo, and MSBlast
3. Bugs
• bug refers to an error, fault or flaw in any computer program or a hardware
system. A bug produces unexpected results or causes a system to behave
unexpectedly. In short, it is any behaviour or result that a program or
system gets but it was not designed to do.
• Example: issues, errors, defects
4. Trojan
• Trojan is a type of software that appears very genuine but once the
software is installed, it starts showing its original colors. It makes your
device run slower and chances are there to corrupt your files. Many speed
boosters, memory cleaners and other software which actually claim to
improve your device but actually end up in engulfing your memory. It will
make the way easier for other virus and worms to attack your device.
(Memory consumers).
• Examples:Trojan-Banker,Trojan-DDoS,Trojan-Downloader,Trojan-Dropper.
5. Phishing
• Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers. It occurs when an
attacker, masquerading as a trusted entity, dupes a victim into opening an
email, instant message, or text message.
• Examples: Forged link, Requests personal information., Sense of urgency.
6. Spamming
• It involves sending unwanted messages, often unsolicited advertising, to a
large number of recipients. Spam is a serious security concern, as it can be
used to deliver email that could contain Trojan horses, viruses, worms,
spyware and targeted attacks aimed at obtaining sensitive, personal
identification information.
• Examples: Email messages you did not ask for that are from senders you
don't know, Unsolicited commercial email messages sent in bulk, often to a
purchased (or stolen) mailing list that contains your address.
7. Key Logger
• At its most basic definition, a keylogger is a function which records or
keystrokes on a computer. Taken at this basic level, a keylogger looks
absolutely harmless. In the hands of a hacker or a cybercriminal, a keylogger
 is a potent tool to steal away your information. We'll talk about how a
keylogger works, how cybercriminals install it on your computer, and what
you can do to avoid being a victim. You'll know what is a keylogger when
we're done.
• Examples: Spyrix, BlackBox, kidLogger

Q 2. Key Size = 32, How many keys are possible under Brute Force ?

Ans. Key size=32. How many keys are possible under brute force?
Brute force attack is a computationally expensive attack under which every single
possible key tried in hope to find the correct key. The computational complexity of the
brute force attack increases exponentially with the key size. Thus, for a key size of 32
bits the number of possible keys are 2^32. This is because each bit can either be 0 or 1.
With a combination of 32 bits, this possibilities increases 2x2x2….. 32 = 2^32 times.

Q 3. What is Hill cipher.

Ans. Hill Cipher is a polygraphic substitution cipher based on linear algebra.

It was developed by Lester Hill in 1929, and was the first polygraphic cipher in which it
was practical to operate more than three symbols at once.
Each letter/symbol is represented by a number modulo 26. Often the simple scheme A =
0, B = 1, …, Z = 25 is used, but this is not an essential feature of the cipher. To encrypt a
message, each block of n letters (considered as an n-component vector) is multiplied by
an invertible n × n matrix, against modulus 26. To decrypt the message, each block is
multiplied by the inverse of the matrix used for encryption.
The matrix used for encryption is the cipher key, and it should be chosen randomly from
the set of invertible n × n matrices (modulo 26).
The substitution of ciphertext letters in the place of plaintext letters leads to m linear
equations.
For m=3, the system can be described as follows:
C1= (K11P1 + K12P2 + K13P3) mod 26
C2= (K21P1 + K22P2 + K23P3) mod 26
C3= (K31P1 + K32P2 + K33P3) mod 26
This case can be expressed in terms of column vectors and matrices:

or simply we can write as C = KP , where C and P are column vectors of

length 3, representing the plaintext and ciphertext respectively, and K is 3×3
martix, which is the encryption key. All operation are done on mod 26 here.
Decryption requires the inverse of the matrix K. The inverse matrix
KK-1 = K-1K = I, where I is the Identity matrix. But the inverse of the matrix
does not always exist, and when it does it satisfy the preceding equation. In general we
can write as follows:

For encryption: C = Ek(P) = Kp

For decryption: P = Dk(C) = K-1C = K-1Kp = P

Q 4. Explain Fiestal Decryption.

Ans. The process of decryption with a Feistel cipher is essentially the same as the
encryption process. The rule is as follows: Use the ciphertext as input to the algorithm,
but the subkeys K i in the reverse order. That is, use K n in the 1st round, and so on, K1 in
the last round. This is a nice feature, because we can use just one algorithm both for
encryption and decryption.’

Consider encryption/decryption processes:

Let, REi – data travelling through encryption, LDi, RDi – data travelling through
decryption. Output of ith encryption round is LE i||REi (concatenation). To simplify the
diagram, it is untwisted, not showing the swap that occurs at the end of each
interaction. But intermediate result at the end of ith stage of the encryption process
is the 2w-bit LEi||REi, and the intermediate result at the end of the ith stage of
decryption is LDi||RDi. Then the corresponding input to (16-i)th decryption round is
LEi||REi, or, equivalently, RD16-i ||LD16-i. Let’s prove that.
After the last iteration, the two halves are swapped, so that the ciphertext is RE 16||
LE16. Now take the ciphertext and use it as input to the same algorithm. The input to
the 1st round is RE16||LE16, which is equal to the 32-bit swap of the output of the 16 th
round of the encryption process. Now we show that the output of the 1 st round of
the decryption process is equal to a 32-bit swap of the output of the 15 th round of the
encryption process. First, consider encryption process,

LE16=RE15
RE16=LE15+F(RE15,K16)

On the decryption side,

LD1=RD0=LE16=RE15
RD1=LD0+F(RD0,K16)=RE16+F(RE15,K16)=
[LE15+F(RE15,K16)]+F(RE15,K16)=LE15

Thus, we have
LD1=RE15
RD1=LE15,

So, we got that output of the 1st stage of decryption process is equal to 32-bit swap
of the 15th round of the encryption process: LD 1||RD1=RE15||LE15, and continuing these
considerations, we come to

Ldi||RDi=RE(16-i)||LE(16-i).

Also, we can write

LEi=RE(i-1)
Rei=LE(i-1)+F(RE(i-1),Ki)

or
RE(i-1)=LEi

LE(i-1)=REi+F(RE(i-1),Ki)= REi+F(LEi,Ki)

and these equations confirm the assignments shown in the right-hand side

Output of the last round of the decryption process is

LD16||RD16=RE0||LE0

A 32-bit swap recovers the original plaintext. Note that the derivation does not
require that F be a reversible function (for example, it may be a constant value 1).
Q5. Perform Cryptanalysis for:

a. All Cipher algos

Ans. Cryptanalysis is defined as the art of obtaining the key.

The various models for cryptanalysis are:
o Cipher-text only: opponent possesses a string of ciphertext
o Known plaintext: opponent possesses a plaintext, x and the
corresponding ciphertext, y.
o Chosen plaintext: Attacker can choose plaintext, and obtain the
corresponding ciphertexts
o Chosen Ciphertext: The opponent has temporary access to the
decryption function. He can choose ciphertexts and decrypt to obtain
the corresponding plaintexts.
In each case, the objective is to obtain the key. The order of strength in each case is:
Ciphertext only < Known plaintext < Chosen Plaintext < Chosen Ciphertext

1. Caesar Cipher:
If it is known that a given ciphertext is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys. Three
important characteristics of this problem enabled us to use a bruteforce
cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable

2. Vigenere cipher:
• In some sense, the cryptanalysis of Vigenere cipher is a systematic method and
can be totally programmed.
Step 1: determine the length m of the keyword – Kasiski test and index of
coincidence.
Step 2: determine K=(k1,k2,…,km) – Determine each ki separately.
Kasiski test—determine keyword length m
Observation: two identical plaintext segments will be encrypted to the same
ciphertext whenever they appear  positions apart in plaintext, where 0 mod m.
Vice Versa.
So search ciphertext for pairs of identical segments, record the distance between
their starting positions, such as 1, 2,…, then m should divide all of i ’s. i.e., m
divides gcd of all i ’s.
Index of coincidence
Can be used to determine m as well as to confirm m, determined by Kasiski test.
Definition: suppose x=x1x2,…,xn is a string of length n.
The index of coincidence of x, denoted by Ic(x), is defined to be the probability
that two random elements of x are identical. – Denoted the frequencies of A,B,
…,Z in x by f0,f1,…,f25
 3. Hill Cipher:
Cipher-text only attack is difficult because of the following reasons:
– Large key space
– Hill ciphers do not preserve the statistics of the plaintext.
– Frequency analysis does not work.
– For a key matrix of size m x m, a frequency analysis of size m may work, but it is
very rare for the plaintext to have strings of same characters of size m.
However known-plaintext attack is possible. Consider the following steps:
• Eve can create two m x m matrices, P (plaintexts) and C (ciphertext).
• If the key matrix is K, we have:
C = P K,
Here every row of C and P are corresponding ciphertext/plaintext pairs. Thus, K =
P-1 C (if P is invertible)

4. VERNAM CIPHER:
The essence of this technique is the means of construction of the key. Vernam
proposed the use of a running loop of tape that eventually repeated the key, so
that in fact the system worked with a very long but repeating keyword. Although
such a scheme, with a long key, presents formidable cryptanalytic difficulties, it
can be broken with sufficient ciphertext, the use of known or probable plaintext
sequences, or both.
5. PLAYFAIR CIPHER:
Despite this level of confidence in its security, the Playfair cipher is relatively easy
to break, because it still leaves much of the structure of the plaintext language
intact. A few hundred letters of ciphertext are generally sufficient.

b. DES

• Brute force
• A brute force attack, also known as an exhaustive search is an attack against a
cryptosystem in which all possible values for the key are attempted - the
bigger the key, the more difficult the attack.
• The main idea of a brute-force attack is systematically checking all possible
keys until the correct key is found. In the worst case, this would involve
traversing the entire search space. It will always find a solution.
• Linear
• Overview
Linear cryptanalysis tries to take advantage of high probability occurrences of
linear expressions involving plaintext bits, "ciphertext" bits (actually we shall
use bits from the 2nd last round output), and subkey bits.
• It is a known-plaintext attack: that is, it is premised on the attacker having
information on a set of plaintexts and the corresponding ciphertexts.
 • The attacker has no way to select which plaintexts (and corresponding
ciphertexts) are available.
• The basic idea is to approximate the operation of a portion of the cipher
with an expression that is linear where the linearity refers to a mod-2 bit-
wise operation (i.e., exclusive-OR denoted by "").").

• We investigate the construction of a linear approximation involving

plaintext bits as represented by X in (1) and the input to the last 7 round of
the cipher (or equivalently the output of the 2nd last round of the cipher)
as represented by Y in (1). The plaintext bits are random and consequently,
so are the input bits to the last round.
• Equation (1) could be equivalently reformulated to have the right side
being the sum of a number of subkey bits. However, in (1) as written with
the right side of "0", the equation implicitly has subkey bits involved: these
bits are fixed but unknown (as they are determined by the key under
attack) and implicitly absorbed into the "0" on the right side of equation (1)
and the probability pL that the linear expression holds. If the sum of the
involved subkey bits is "0", the bias of (1) will have the same sign (+ or <) as
the bias of the expression involving the subkey sum and, if the sum of the
involved subkey bits is "1", the bias of (1) will have the opposite sign.
• How do we construct expressions which are highly linear and, hence, can
be exploited? This is done by considering the properties of the cipher’s
only nonlinear component: the S-box.
• When the nonlinearity properties of the S-box are enumerated, it is
possible to develop linear approximations between sets of input and
output bits in the S-box. Consequently, it is possible to concatenate linear
approximations of the S-boxes together so that intermediate bits (i.e., data
bits from within the cipher) can be cancelled out and we are left with a
linear expression which has a large bias and involves only plaintext and the
last round input bits.

• Piling-Up Principle
• The piling-up lemma is a principle used in linear cryptanalysis to
construct linear approximation to the action of block ciphers. The piling-up
lemma allows the cryptanalyst to determine the probability that equality:

holds, where the X 's are binary variables (that is, bits: either 0 or 1).

• Working
• The objective of linear cryptanalysis is to find an effective linear equation
of the form:
• P[a1, a2, Á , a a] { C[b1, b2, Á , bb] = K[g1, g2, Á , gc]
 The further is from 0.5, the more effective the equation. Once a proposed
•
relation is determined, the procedure is to compute the results of the left-
hand side of the preceding equation for a large number of plaintext–
ciphertext pairs. If the result is 0 more than half the time, assume . If it is 1
most of the time, assume. This gives us a linear equation on the key bits.
Try to get more such relations so that we can solve for the key bits.
Because we are dealing with linear equations, the problem can be
approached one round of the cipher at a time, with the results combined.
• Differential
• Overview
• Differential cryptanalysis is a general form of cryptanalysis applicable
primarily to block ciphers, but also to stream ciphers and cryptographic
hash functions. In the broadest sense, it is the study of how differences in
information input can affect the resultant difference at the output. In the
case of a block cipher, it refers to a set of techniques for tracing differences
through the network of transformation, discovering where the cipher
exhibits non-random behaviour and exploiting such properties to recover
the secret key
• Mechanics of attack
• Differential cryptanalysis is usually a chosen-plaintext attack, meaning that
the attacker must be able to obtain ciphertexts for some set of plaintexts
of their choosing. There are, however, extensions that would allow a known
plaintext or even a ciphertext-only attack. The basic method uses pairs of
plaintext related by a constant difference; the difference can be defined in
several ways, but the eXclusive OR (XOR) operation is usual.
• The attacker then computes the differences of the corresponding
ciphertexts, hoping to detect statistical patterns in their distribution. The
resulting pair of differences is called a differential.
• Their statistical properties depend upon the nature of the S-boxes used for
encryption, so the attacker analyses differentials (ΔX, ΔY), where ΔY = S(X X, ΔX, ΔY), where ΔY = S(X Y), where ΔX, ΔY), where ΔY = S(X Y = S(X
ΔX, ΔY), where ΔY = S(X X) S(X) (and denotes exclusive or) for each such S-box S.
• In the basic attack, one particular ciphertext difference is expected to be
especially frequent; in this way, the cipher can be distinguished from
random. More sophisticated variations allow the key to be recovered faster
than exhaustive search.
• Attack
The rationale behind differential cryptanalysis is to observe the
behavior of pairs of text blocks evolving along each round of the
cipher, instead of observing the evolution of a single text block.
Here, we provide a brief overview so that you can get the flavour of
the attack. We begin with a change in the notation for DES. Consider
the original plaintext block to consist of two halves. Each round of
DES maps the right-hand input into the left-hand output and sets the
right-hand output to be a function of the left-hand input and the
subkey for this round. So, at each round, only one new 32-bit block is
created. If we label each new block, then the intermediate message
halves are related as follows:

• In differential cryptanalysis, we start with two messages, and,

with a known XOR difference, and consider the difference between
the intermediate message halves. Then we have:
 • Now, suppose that many pairs of inputs to f with the same
difference yield the same output difference if the same subkey is
used. To put this more precisely, let us say that may cause Y with
probability if, for a fraction of the pairs in which the input XOR is, the
output XOR equals. We want to suppose that there are a number of
values that have a high probability of causing a particular output
difference. Therefore, if we know and with high probability, then we
know with high probability. Furthermore, if a number of such
differences are determined, it is feasible to determine the subkey
used in function f.

• The overall strategy of differential cryptanalysis is based on

these considerations for a single round. The procedure is to begin
with two plaintext messages m and m’. with a given difference and
trace through a probable pattern of differences after each round to
yield a probable difference for the ciphertext. Actually, there are
two probable patterns of differences for the two 32-bit halves:
(∆m17|| ∆m16). Next, we submit and for encryption to determine
the actual difference under the unknown key and compare the result
to the probable difference. If there is a match,

• then we suspect that all the probable patterns at all the

intermediate rounds are correct. With that assumption, we can make
some deductions about the key bits. This procedure must be
repeated many times to determine all the key bits.

c. IDEA
IDEA stands for International Data Encyption Algorithm. It was originally called Improved
Proposed Encryption Standard (IPES). It is a symmetric-key block cipher first described in
1991. The algorithm was intended to be a replacement for the Data Encryption Standard
(DES). IDEA is a minor revision of an earlier cipher which was called Proposed Encryption
Standard (PES). It is freely available for non-commercial use.

IDEA works on 64-bit blocks using a 128-bit key and does a series of 8 identical
transformations (which is called a round) and an output transformation (called the half-
round). The processes for performing encryption and decryption are similar in nature.
The operators, which all deal with 16-bit quantities, used in IDEA are:

Bitwise XOR (exclusive OR).

Addition modulo 216.
 Multiplication modulo 216 + 1, (the all-zero word (0x0000) is interpreted as 216 in
inputs, and 216 is interpreted as the all-zero word (0x0000)in output). After the 8 rounds
comes a final “half-round” which is the output transformation.

These days, there are many security solutions which use IDEA based encryption. These
include applications which range from Finance to those in Government. Due to its
flexible nature, it can be easily combined in any encryption software.

d. Triple DES
Triple DES is a symmetric-key block cipher which performs DES algorithm three times to
each data block. Due to several weaknesses in the original DES, it is no longer considered
adequate. Triple DES uses the same algorithm to provide a more secure encryption
technique. Thus it is very easy to implement once we have the implementation of DES at
our disposal.
A naive way would to secure DES would be to encrypt the data twice using two keys. If
the original key size is 56 bytes, we hope that this will give us 112 bit security. However,
this scheme is vulnerable to meet-in-the-middle-attack. So it only provides 56 bit security
even after two bits.

The solution to this is to perform three operations. We can use three keys but most 3DES
implementations use only two keys - let us call them K1 and K2. Let E1 be the encryption
function for K1, and E2 be the encryption function using K2. Similarly, let D1 and D2 be
decryption operations. So, 3DES ciphertext is E1(D2(E1(plaintext))). To decrypt, we have,
Plaintext = D1(E2(D1(ciphertext))).

It is also backwards compatible with DES when K1 = K2.

6. Explain the decryption process of IDEA

Ans. The International Data Encryption Algorithm (IDEA) is perceived as one of the
strongest cryptographic algorithms. IDEA is a block cipher. Like DES, it also works on 64-
bit plain text blocks. The key is longer, and consists of 128 bits. IDEA is reversible like
DES, that is, the same algorithm is used for encryption and decryption. Also, IDEA uses
both diffusion and confusion for encryption.

Decryption is exactly the same, except that the subkeys are reversed and slightly
different. The decryption subkeys are either the additive or multiplicative inverses of the
encryption subkeys. (For the purposes of IDEA, the all-zero sub-block is considered to
represent 2 16 = −1 for multiplication modulo 2 16 + 1; thus the multiplicative inverse of
0 is 0). Calculating these takes some doing, but you only have to do it once for each
decryption key.
IDEA encrypts a 64-bit block of plaintext to 64-bit block of ciphertext. It uses a 128-bit
key. The algorithm consists of eight identical rounds and a “half” round final
transformation. Today, because of 128-bit cryptosystems like AES, IDEA is obsolete, but
its algorithm can be a useful teaching tool to help students bridge the gap between DES,
which uses XOR but no algebraic operations, and AES, which requires understanding of
algebraic operations on finite fields. IDEA uses algebraic operations, but it is only
necessary to understand modular addition and modular multiplication to understand the
IDEA algorithm. The algebraic idea behind IDEA is the mixing of three incompatible
algebraic operations on 16-bit blocks: bitwise XOR, addition modulo 216, and
multiplication modulo 216 + 1. There are 216 possible 16-bit blocks: 0000000000000000,
..., 1111111111111111, which represent the integers 0, ..., 216 − 1. Each operation with
the set of possible 16-bit blocks is an algebraic group. Bitwise XOR is bitwise addition
modulo 2, and addition modulo 216 is the usual group operation. Some spin must be put
on the elements – the 16-bit blocks – to make sense of multiplication modulo 216 + 1,
however. 0 (i.e., 0000000000000000) is not an element of the multiplicative group
because it has no inverse, but by thinking of the elements of the group instead as
0000000000000001, ..., 1111111111111111, 0000000000000000, which now represent
the integers 1, ..., 216 − 1, 216, everything works for multiplication. 216 ≡ −1 mod 216 + −1 mod 216 +
1, and 0000000000000000 is its own inverse under multiplication modulo 2 16 + 1.

Table 1: Decryption of the key sub-blocks

The computational process used for decryption of the ciphertext is essentially the same
as that used for encryption of the plaintext. The only difference compared with
encryption is that during decryption, different 16-bit key sub-blocks are generated.
More precisely, each of the 52 16-bit key sub-blocks used for decryption is the inverse of
the key sub-block used during encryption in respect of the applied algebraic group
operation. Additionally, the key sub-blocks must be used in the reverse order during
decryption in order to reverse the encryption process.

Q7. What is key distribution?

Ans. Key distribution is a significant task for the symmetric key cryptography algorithms.
In these algorithms only a single key exists which needs to be shared between the two
communicating parties. This key needs to be exchanged between the two parties in a
secure manner. If a secure manner was possible, there would’ve been no need for
implementing a cryptographic communication. This makes key distribution a hard
problem tackle. Keys needs to be exchanged either in person, through a courier or
through an existing secure encrypted channel. Meeting in person and sending though a
courier is an impractical solution. However, there exists another method. A method
much better in terms of practicality and security – The public key cryptography.
Algorithms like Diffie-Hellman or RSA can be employed to exchange/distribute keys
between parties.
For example, let P be a key that needs to be transferred securely from Bob to Alice. It
can be done as follows:
Bob’s side: C = E(Kapu, P) – Bob encrypts P using Alice’s public key
Alice’s side: P = D(Kapr, C) – Alice decrypts Bob’s message using her private key to get P