Madhav Institute of Technology & Science,

Gwalior
Department of Information Technology

OC-2: NETWORK SECURITY (900209)

Course I/C: Neha Bhardwaj (Assistant Professor)

UNIT:1
 Network Security: Network Security protects your network and data from
breaches, intrusions and other threats.

 Network security is any activity designed to protect the usability and integrity of
your network and data.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Principles of Security

 Confidentiality:
The degree of confidentiality determines the secrecy of the information. The
principle specifies that only the sender and receiver will be able to access the
information shared between them. Confidentiality compromises if an unauthorized
person is able to access a message.

 Authentication:
Authentication is the mechanism to identify the user or system or the entity. It
ensures the identity of the person trying to access the information. The
authentication is mostly secured by using username and password.

 Integrity:
Integrity gives the assurance that the information received is exact and accurate. If
the content of the message is changed after the sender sends it but before reaching
the intended receiver, then it is said that the integrity of the message is lost.
Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)
 Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content
sent through a network. In some cases the sender sends the message and later
denies it. But the non-repudiation does not allow the sender to refuse the receiver.


 Access control:
The principle of access control is determined by role management and rule
management. Role management determines who should access the data while rule
management determines up to what extent one can access the data. The information
displayed is dependent on the person who is accessing it.

 Availability:
The principle of availability states that the resources will be available to authorize
party at all times. Information will not be useful if it is not available to be accessed.
Systems should have sufficient availability of information to satisfy the user
request.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

 Kinds of threats:
 Interception
◼ an unauthorized party (human or not) gains access to an asset:
Authentication
 Interruption
◼ an asset becomes lost, unavailable, or unusable: Availability

 Modification
◼ an unauthorized party changes the state of an asset: Integrity

 Fabrication
◼ an unauthorized party counterfeits an asset

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Attacks : Active & Passive

 Active attacks: An Active attack attempts to alter system resources or effect their
operations. Active attack involve some modification of the data stream or creation
of false statement. Types of active attacks are as following:

 Masquerade –
Masquerade attack takes place when one entity pretends to be different entity. A
Masquerade attack involves one of the other form of active attacks.

 Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorised effect. For example, a message meaning
“Allow JOHN to read confidential file X” is modified as “Allow Smith to read
confidential file X”.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Continue…
 Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny
later that he/she has send or receive a message. For example, customer ask his
Bank “To transfer an amount to someone” and later on the sender(customer) deny
that he had made such a request. This is repudiation.

 Replay –
It involves the passive capture of a message and its subsequent the transmission to
produce an authorized effect.

 Denial of Service –
It prevents normal use of communication facilities. This attack may have a specific
target. For example, an entity may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network
wither by disabling the network or by overloading it by messages so as to degrade
performance.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

 Passive attacks: A Passive attack attempts to learn or make use of information
from the system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring of transmission. The goal of the
opponent is to obtain information is being transmitted. Types of Passive attacks are
as following:
 The release of message content –
Telephonic conversation, an electronic mail message or a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

 Traffic analysis –
Suppose that we had a way of masking (encryption) of information, so that the
attacker even if captured the message could not extract any information from the
message.
The opponent could determine the location and identity of communicating host and
could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was
taking place.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Number Theory

 Prime & Co-Prime No.

 A prime number is defined as a number that has no factor other than 1 and itself.
On the contrary, co-primes are considered in pairs and two numbers are co-prime if
they have no common factors other than 1. (Eg. 8 & 15)

 Modular Arithmetic
 Modular arithmetic is a system of arithmetic for integers, where values reset
to zero and begin to increase again, after reaching a certain predefined value, called
the modulus (modulo)
 Let ZN be a set of all non-negative integers that are smaller than N:
ZN = {0,1,2,...,N-1} where: N is a positive integer,
 if N is a prime, it will be denoted p (and the whole set as Zp).
 To determine the value of an integer for a modulus N, one should divide this
number by N. Its value in ZN is equal to the remainder of the division

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

 Congruence No.
 It defines the relationship between two no.s
a congruent b (mod n), iff n divides (a-b)
Second Method: Remainder Lemma
a congruent b (mod n), iff rem (a,n) = rem (b,n)
Ex: 30 congruent 12(mod 9)
 GCD
 Basic Euclidean Algorithm for GCD
The algorithm is based on the below facts.
 If we subtract a smaller number from a larger (we reduce a larger number), GCD
doesn’t change. So if we keep subtracting repeatedly the larger of two, we end up
with GCD.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Fundamentals of Cryptography

 Cryptography is a method of protecting information and communications through

the use of codes, so that only those for whom the information is intended can read
and process it. The prefix "crypt-" means "hidden" and the suffix "-graphy" stands
for "writing.“
Three Components: Plain text, Cipher Text & Secret Key
Encryption , Decryption

 Steganography: Steganography is the practice of hiding a secret message inside of

(or even on top of) something that is not secret. It is a form of covert
communication and can involve the use of any medium to hide messages

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Examples

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)


Cryptanalysis
 Cryptanalysis is the study of ciphertext, ciphers and cryptosystems with the aim of
understanding how they work and finding and improving techniques for defeating
or weakening them.
 Cryptanalysis uses mathematical formulas to search for algorithm vulnerabilities
and break into cryptography or information security systems.
 Cryptanalysis is used to breach cryptographic security systems and gain access to
the contents of encrypted messages, even if the cryptographic key is unknown.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Substitution Techniques

 Caeser Cipher.
 Modified version of Ceaser cipher.
 Monoalphabetic cipher.
 Homophonic cipher.
 Polygram substitution cipher.
 Polyalphabatic substitution cipher.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Substitution Techniques

Caesar cipher: Caesar cipher using a left rotation of three places (the shift parameter,
here 3, is used as the key)
Plain Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text: DEFGHIJKLMNOPQRSTUVWXYZABC

Encryption: E_n(x) = (x + n) \mod {26} //x is plain text, n is key always =3.
Decryption: D_n(x) = (x - n) \mod {26}

Modified version of Caesar cipher: Here the value of “n” is not fixed . Hence A can
be replaced by 26 characters and similarly others. So the probability is
26*25*…*1.
E_n(x) = (x + n) \mod {26}// n=1 to 26
D_n(x) = (x - n) \mod {26}

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Substitution Techniques

Monoalphabetic cipher: Instead of using a shifted alphabet, allow the use of any
shuffle of the alphabet.

For encryption, look up letter in top line, write down equivalent from bottom line.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
UFKCOQRGMYTHZEJBILDVPSWANX

For decryption, look up letter in bottom line, write down equivalent from top line.
XPDSNBHLQOCRIYEUFGVKATWZJM
ABCDEFGHIJKLMNOPQRSTUVWXYZ
The only difference is that the encryption key has the columns sorted in order of their
plaintext letter, but the decryption key has them in order of their cryptotext letter.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Substitution Techniques

Homophonic substitution: Plaintext letters map to more than one ciphertext symbol.
Frequency distribution is flattened, making analysis more difficult.
A = DBHK
B = KLPS etc

Polygram substitution cipher: Here blocks of plain text alphabets are replaced by
block of cipher text alphabets.
HELLO = YUQQW
HELL = TEUI etc

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Substitution Techniques

Polyalphabetic substitution: Multiple one character keys.

Each key encrypt one plain text character.
1st key encrypts 1st plain text 2nd key encrypts 2nd plain text and so on…..
After all the keys are used they are recycled.
Hence number of keys used are called the period of cipher.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Transposition Techniques

 Rail Fence Technique.

 Simple Columnar Transposition Technique.
 Simple Columnar Transposition Technique with multiple rounds.
 Vernam Cipher (one – Time Pad).
 Book Cipher/Running Key Cipher.
 Playfair Cipher.
 Hill Cipher.

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Transposition Techniques

Rail Fence Technique: Writing plain text as a sequence of diagonals and then reading
it row by row to produce cipher text.
For example, using three "rails" and a message of 'WE ARE DISCOVERED. FLEE
AT ONCE', the cipherer writes out:

W . . . E . . . .C . . . . R . . . .L . . . . T . . . . . E .
.E . R . D . S . O . E . E . F . E . A . O . C . .
. A . . . I . . . . .V . . . . D . . . E . . . . N . .

Cipher text:
WECRL TEERD SOEEF EAOCA IVDEN

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Transposition Techniques

Simple Columnar Transposition Technique: The message is written out in rows of a

fixed length, and then read out again column by column. Columns are chosen in
some scrambled order.
Message: WE ARE DISCOVERED. FLEE AT ONCE. we write this into the grid as:
6 3 24 1 5
WE AR E D
I S COV E
RE D F L E
EA TO N C
EQ KJ E U
 For example, the word ZEBRAS is of length 6 (so the rows are of length 6), and
the permutation is defined by the alphabetical order of the letters in the keyword.
In this case, the order would be "6 3 2 4 1 5".
 Providing five nulls (QKJEU) at the end. The cipher text is then read off as:
EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE .

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Transposition Techniques

Simple Columnar Transposition Technique with multiple rounds: Basic procedure

is to use simple columnar transposition technique , but do it more than once.
Simple columnar transposition technique with multiple rounds is much more complex.
Vernam Cipher (one – Time Pad): It is implemented using a random set of non
repeating characters as the input cipher text. Length of input cipher text is equal to
the length of the original plain text and it is used only one time. It is used short
messages.
Message: HOW ARE YOU (Cipher text message is: UQXTUYFR)

Plain Text H O W A R E Y O U
7 14 22 0 17 4 24 14 20
One Time pad N C B T Z Q A R X
13 2 1 19 25 16 0 17 23
Total 20 16 23 19 42 20 24 31 43 (Subtract 26, if >25)
20 16 23 19 16 20 24 5 17
Cipher text U Q X T Q U Y F R
Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)
Transposition Techniques

PlayFair Cipher: The Playfair cipher uses a 5x5 table containing a key word or
phrase.
To generate the key table, one would first fill in the spaces in the table with the letters
of the keyword (dropping duplicate letters), then fill the remaining spaces with the
rest of the letters of the alphabet in order (put both "I" and "J" in the same space).
The key can be written in the top rows of the table, from left to right.
To encrypt a message, one would break the message (plain text) into digraphs (groups
of 2 letters). Then apply the following 4 rules:
1. If both letters are the same (or only one letter is left), add an "X" after the first
letter. Encrypt the new pair and continue. Some variants of Playfair use "Q" instead
of "X", but any uncommon monograph will do.
2. If the letters appear on the same row of your table, replace them with the letters to
their immediate right respectively (wrapping around to the left side of the row if a
letter in the original pair was on the right side of the row).

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Continue Playfair

3. If the letters appear on the same column of your table, replace them with the letters
immediately below respectively (wrapping around to the top side of the column if a
letter in the original pair was on the bottom side of the column).
4. If the letters are not on the same row or column, replace them with the letters on the
same row respectively but at the other pair of corners of the rectangle defined by
the original pair. The order is important – the first encrypted letter of the pair is the
one that lies on the same row as the first plaintext letter.
Key: playfair example P L AY F
Message: Hide the gold in the tree stump I R E X M
BC DG H
J K NO S
HI DE TH EG OL DI NT HE TR EX ES TU MP T U V WZ
Cipher Text: BMNDZBXDKYBEJVDMUIXMMNUVIF

Advantages: Identification of individual diagrams is difficult.

Frequency analysis difficult.
Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)
Transposition Techniques
Hill Cipher: Hill cipher is a polygraphic substitution cipher based on linear
alzebra.
Often the simplest scheme is used: A = 0, B =1, ..., Z=25,
A block of n letters is then considered as a vector of n dimensions, and multiplied
by a n × n matrix, modulo 26.
The whole matrix is considered the cipher key, and should be random.
p (p1,p2,p3) = Plain text , c(c1,c2,c3) = Cipher text
C1 = 9*p1 + 18*p2 + 10*p3 (mod 26)
C2 = 16*p1 + 21*p2 + 1*p3 (mod 26)
C3 = 5*p1 + 12*p2 + 23*p3 (mod 26)

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Hill cipher continue

C1 9 18 10 p1
C2 = 16 21 1 p2 (mod 26)
C3 5 12 23 p3

I can’t do it
8 2 0 13 19 3 14 8 19

4 9 18 10 8
14 = 16 21 1 2 (mod 26)
12 5 12 23 0

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

Hill cipher continue

C = Ek(P) = KP mod 26
P = Dk(C) = K-1C mod 26 = K-1KP = P

 Hill Cipher –Bad Matrix

bcd → XJR, hfa → XJR
 Matrix must be invertible
 The receiver knows the key, and can solve the system of equations for unknowns
Pi :
– C1 = K1,1 P1 + K1,2 P2 + K1,3 P3 mod 26
– C2 = K2,1 P1 + K2,2 P2 + K2,3 P3 mod 26
– C3 = K3,1 P1 + K3,2 P2 + K3,3 P3 mod 26
 This system has solutions iff the matrix K is invertible.

Let M be its inverse. Then:

– P1 = M1,1 C1 + M1,2 C2 + M1,3 C3 mod 26
– P2 = M2,1 C1 + M2,2 C2 + M2,3 C3 mod 26
– P3 = M3,1 C1 + M3,2 C2 + M3,3 C3 mod 26

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)

References

 https://www.youtube.com/watch?v=KvtLWgCTwn4
 http://www.crypto-it.net/eng/theory/modular-arithmetic.html
 Cisco
 Checkpoint
 Geeksforgeeks
 Cryptography and Network security by Atul kahate
 Cryptography and Network security by William Stallings

Course I/C: Neha Bhardwaj (Deptt. of IT, MITS)