Professional Documents
Culture Documents
1.Explain the various components of an email system and the protocols used.
E-mail is one of the most popular internet services than it was when it was envisaged.
Common Architecture
The following shows components of e-mail system involved in Alice sending a message to Bob
Components
1. User Agent
2. Message
3. Message Transfer Agent
4. Message Access Agent
User Agent
A user agent (UA) is software that is either command (eg. pine, elm) or GUI based (eg.
Microsoft Outlook, Netscape). It facilitates:
o Composing messagesUA helps to compose messages by providing a template that comes
with a built-in editor.
o Reading messagesUA checks mail in the incoming box and apart from message provides
information such as sender, size, subject and flag (read, new).
o Replying to messagesUA allows user to reply (send message) back to sender
o Forwarding messagesUA facilitates forwarding message to a third party.
o Handling mailboxesUA creates two mailboxes for each user, namely inbox (to store
received emails) and outbox (to keep all sent mails).
Message Format
RFC822 defines message to have two parts namely header and a body.
The message header is a series of <CRLF> terminated lines. Each header line contains an
type and value separated by a colon (:). It is filled by the user/system. Some of them are:
o Fromuser who sent the message
o Toidentifies the message recipient(s).
o Subjectsays something about the purpose of the message
o Datewhen the message was transmitted
o E-mail address consists of user_name@domain_name where domain_name is
hostname of the mail server.
The body of the message contains the actual information
o The header is separated from the message body by a blank line.
Initially email system was designed to send messages only in NVT 7-bit ASCII format.
o Languages such as French, German, Chinese, Japanese were not supported.
o Image, audio and video files cannot be sent.
SMTP uses TCP connection on port 25 to forward the entire message and store at
intermediate mail servers/mail gateways until it reaches the recipient mail server.
The following example shows commands and responses using SMTP protocol
HELO cs.princeton.edu
250 Hello daemon@mail.cs.princeton.edu [128.12.169.24]
MAIL FROM:<Bob@cs.princeton.edu>
250 OK
RCPT TO:<Alice@cisco.com>
250 OK
RCPT TO:<Tom@cisco.com>
550 No such user here
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Blah blah blah...
...etc. etc. etc.
<CRLF>.<CRLF>
250 OK
QUIT
221 Closing connection
In each exchange, the client posts a command and the server responds with a code. The server
also returns a human-readable explanation for the code. After the commands and responses,
client sends the message which is ended by a period (.) and terminates the connection.
POP3
POP3 is simple and limited in functionality
POP3 client is installed on the recipient computer and POP3 server on the mail server.
The client opens a connection to the server on TCP port 110.
The client sends username and password to access the mailbox and retrieve the messages.
POP3 works in two modes namely, delete and keep mode.
o In delete mode, mail is deleted from the mailbox after retrieval
o In keep mode, mail after reading is kept in mailbox for later retrieval.
Downloading message using POP3 is shown below:
IMAP4
IMAP is a client/server protocol running over TCP. The client issues commands and the
mail server responds.
o The client can issue commands such as LOGIN, AUTHENTICATE, SELECT, EXAMINE, CLOSE,
LOGOUT, etc.
o Server responses include OK, FETCH, STORE, DELETE, EXPUNGE, NO, BAD, etc.
The exchange begins with the client authenticating itself to access the mailbox. This is
represented as a state transition diagram as shown below.
When the user asks to FETCH a message, server returns it in MIME format and the mail
reader decodes it.
IMAP also defines message attributes such as size and flags such as Seen, Answered,
Deleted and Recent.
Request Message
Request line
The request line specifies three elements:
HTTP version specifies current version of the protocol i.e., 1.1
URL specifies path (absolute/relative) along with document name.
The Request type specifies methods that operate on the URL are:
For example, the request line to retrieve file index.html on host cs.princeton.edu is GET
http://www.cs.princeton.edu/index.html HTTP/1.1
Request Header
Request Header specifies client's configuration and preferred document format:
Request Header Description
Response Messages
Status line
The status code field consists of three digits (1xx–Informational, 2xx–Success, 3xx–
Redirection, 4xx–Client Error, 5xx–Server Error)
The status phrase explains the status code in text form. Some of them are:
For example, the server reports as follows, if the requested file is not found
HTTP/1.1 404 Not Found
Response Header
6.What is WWW? Explain the architecture of WWW. Also explain the terms Browser,
Server, URL, Cookies with clear figures.
The World Wide Web (WWW) is a repository of all resources and users on the Internet that are
using the Hypertext Transfer Protocol (HTTP).
Architecture: The WWW today is a distributed client-server service, in which a client using a
browser can access a service using a server. However, the service provided is distributed over
many locations called sites.
Each site holds one or more documents called web pages. Each web page, however, can contain
some links to other web pages in the same or other sites. In other words, a web page can be simple
or composite. A simple web page has no links to other web pages; a composite web page has one
or more links to other web pages. Each web page is a file with a name and address.
Assume we need to retrieve a scientific document that contains one reference to another text file
and one reference to a large image. The main document and the image are stored in two separate
files (file A and file B) in the same site; the referenced text file (file C) is stored in another site.
Since we are dealing with three different files, we need three transactions if we want to see the
whole document. The first transaction (request/response) retrieves a copy of the main document
(file A), which has references (pointers) to the second and third files. When a copy of the main
document is retrieved and browsed, the user can click on the reference to the image to invoke the
second transaction and retrieve a copy of the image (file B). If the user needs to see the contents of
the referenced text file, she can click on its reference (pointer) invoking the third transaction and
retrieving a copy of file C. Note that although files A and B both are stored in site I, they are
independent files with different names and addresses. Two transactions are needed to retrieve
them. A very important point we need to remember is that file A, file B, and file C are independent
web pages, each with independent names and addresses. Although references to file B or C are
included in file A, it does not mean that each of these files cannot be retrieved independently. A
second user can retrieve file B with one transaction. A third user can retrieve file C with one
transaction.
A variety of vendors offer commercial browsers that interpret and display a web page, and all of
them use nearly the same architecture. Each browser usually consists of three parts: a controller,
client protocols, and interpreters.
Web Server: The web page is stored at the server. Each time a request arrives, the corresponding
document is sent to the client. To improve efficiency, servers normally store requested files in a
cache in memory; memory is faster to access than a disk. A server can also become more efficient
through multithreading or multiprocessing. In this case, a server can answer more than one request
at a time. Some popular web servers include Apache and Microsoft Internet Information Server.
Uniform Resource Locator (URL): A web page, as a file, needs to have a unique identifier to
distinguish it from other web pages. To define a web page, we need three identifiers: host, port,
and path. However, before defining the web page, we need to tell the browser what client server
application we want to use, which is called the protocol. This means we need four identifiers to
define the web page. The first is the type of vehicle to be used to fetch the web page; the last three
make up the combination that defines the destination object (web page). To combine these four
pieces together, the uniform resource locator (URL) has been designed; it uses three different
separators between the four pieces as shown below:
Example:
Cookies: The original purpose of the Web, retrieving publicly available documents, exactly fits
this design. Today the Web has other functions that need to remember some information about the
clients. For these purposes, the cookie mechanism was devised. When a client sends a request to a
server, the browser looks in the cookie directory to see if it can find a cookie sent by that server. If
found, the cookie is included in the request. When the server receives the request, it knows that
this is an old client, not a new one. Note that the contents of the cookie are never read by the
browser or disclosed to the user. It is a cookie made by the server and eaten by the server.
7.Categorize the documents used in WWW. Explain static, dynamic and active documents with
details and clear figures.
Dynamic
Advantages: ability to report current information (current stocks prices, current weather conditions,
current availability of tickets or a concert%. Because, both static and dynamic documents use
HTML, a browser does not know whether the server extracted the page from a disk file or obtained
the page dynamically from a computer program.
Disadvantages: increased cost and, like a static document, a dynamic document does not change
after a browser retrieves a copy.
Thus, information in a dynamic document begins to age as soon as it has been sent to the browser
(stock prices).
Server push. The server runs the programs periodically and sends the new document to the browser
Active
Advantages: ability to update information continuously. for example, only an active document can
change the display quickly enough to show an animated image. More important, an active document
can access sources of information directly and update the display continuously. For example, an
active document that displays stock prices can continue to retrieve stock information and change the
display without requiring any action from the user.
8.Distinguish between persistent and non-persistent connection.
Non-persistent connection
A TCP connection is required for each request/response
Imposes high overhead on the server because the server needs N buffers for N URL pointers
and TCP overhead for each connection
Persistent connection
Client and server can exchange multiple request/response messages over the same TCP
connection
Eliminates the connection setup overhead and load on the server
TCP’s congestion window mechanism is able to operate more efficiently.
The problem is that how long the connection should be kept open.
o The server times out, if there is no request from the client for a specified period
Name Servers
The domain hierarchy is partitioned into zones.
Each zone acts as central authority for that part of the sub-tree.
The topmost domains are managed by NIC.
In the .edu hierarchy, princeton is a zone.
Each zone can be further sub-divided that manage using their own name servers such as CS
department under princeton university. The hierarchy of name servers is shown below.
Each zone information is implemented on at least two name servers.
Clients send queries to name servers, and name servers respond to it.
The response contains either the host IP address or address of another name server
Each name server contains a collection of resource records.
A resource record is a name-to-value binding and is a 5-tuple with the following fields
Name tells the domain to which this record applies. It is the primary search key, used to
satisfy queries
The Type field tells what kind of record it is. Some commonly used types are:
o NSValue field contains a name server
o CNAMEValue field contains canonical name for the host. Used to define aliases.
o MXValue field contains a mail server that accepts messages for the domain.
o AValue field contains an IP address
The Value field can be a number, a domain name, or an ASCII string. The semantics depend
on the record type
For internet information, the Class field is always IN.
The TTL field gives an indication of how long the resource record is valid.
Name Resolution
For example, the step involved in the lookup for name cicada.cs.princeton.edu is as follows:
The client first sends a query containing cicada.cs.princeton.edu to the root server.
The root server, does not finds an exact match, but locates the NS record for princeton.edu
The root returns the A record for princeton.edu back to the client.
The client sends the same query to 128.196.128.233 and receives the A record for
cs.princeton.edu
Finally the client sends the query to 192.12.69.5 and gets the A record for
cicada.cs.princeton.edu
The drawback with this lookup is:
All hosts should know the root name server, which is not feasible.
Instead, the client can send query to the local name server that it knows
The local name server can query the root name server on behalf of the client.
Once the local NS gets the required response, it caches the A record based on TTL and sends
the record to the client.
11.What is DNS Protocol? How does it work for Internet? Explain Generic, country and
inverse domains with examples.
A Domain Name System is a hierarchical decentralized naming system for computers and other
resources connected to the internet or private networks. In use since 1985, it associates information
with domain names assigned to participating entities and translates domain names to their
numerical IP addresses. It's considered an essential component of the functionality of the internet.
Working of DNS for the Internet
A frequently used analogy is that DNS functions as the phonebook for the internet; it stores the
long numerical IP addresses by an easier to remember website address. The hierarchy of domain is
read from right to left; a domain name is divided into separate parts, or labels, separated by dots
(ex: Google.com) with the farthest right demarking the dominant domain. (In this case, .com)
When a user types a domain name into a URL or web address, the computer uses a DNS server
to look up the domain name and redirect the page to the correct IP address.
Types of domains:
DNS is a protocol that can be used in different platforms. In the Internet, the domain name space
(tree) was originally divided into three different sections: generic domains, country domains, and
the inverse domains. However, due to the rapid growth of the Internet, it became extremely
difficult to keep track of the inverse domains, which could be used to find the name of a host when
given the IP address. The inverse domains are now deprecated (see RFC 3425).
Generic Domains
The generic domains define registered hosts according to their generic behaviour. Each node in the
tree defines a domain, which is an index to the domain name space database.
Looking at the tree, we see that the first level in the generic domains section allows 14 possible
labels. These labels describe the organization types as listed in Table.
Country Domains
The country domains section uses two-character country abbreviations (e.g., us for United States).
Second labels can be organizational, or they can be more specific national designations. The
United States, for example, uses state abbreviations as a sub-division of us (e.g., ca.us.). Figure
shows the country domains section. The address uci.ca.us. can be translated to University of
California, Irvine, in the state of California in the United States.
Inverse Domains
Name space
A Name space is a context within which the names of all objects must be unambiguously
resolvable. Name spaces can be flat or hierarchical.
To have a hierarchical name space, a domain name space was designed. In this design the names
are defined in an inverted-tree structure with the root at the top.
Domain
A domain is a subtree of the domain name space. The name of the domain is the name of the node
at the top of the subtree.
Zone
Since the complete domain name hierarchy cannot be stored on a single server, it is divided among
many servers. What a server is responsible for or has authority over is called a zone. We can define
a zone as a contiguous part of the entire tree.
Asymmetric cryptography, also known as public key cryptography, uses public and private keys to
encrypt and decrypt data. The keys are simply large numbers that have been paired together but are
not identical (asymmetric). One key in the pair can be shared with everyone; it is called the public
key. The other key in the pair is kept secret; it is called the private key. Either of the keys can be used
to encrypt a message; the opposite key from the one used to encrypt the message is used for
decryption.
Many protocols like SSH, Open PGP, S/MIME, and SSL/TLS rely on asymmetric cryptography for
encryption and digital signature functions. It is also used in software programs, such as browsers,
which need to establish a secure connection over an insecure network like the internet or need to
validate a digital signature. Encryption strength is directly tied to key size and doubling key length
delivers an exponential increase in strength, although it does impair performance. As computing
power increases and more efficient factoring algorithms are discovered, the ability to factor larger
and larger numbers also increases.
For asymmetric encryption to deliver confidentiality, integrity, authenticity and non-repudiation,
users and systems need to be certain that a public key is authentic, that it belongs to the person or
entity claimed and that it has not been tampered with or replaced by a malicious third party. There is
no perfect solution to this public key authentication problem. A public key infrastructure (PKI),
where trusted certificate authorities certify ownership of key pairs and certificates, is the most
common approach, but encryption products based on the Pretty Good Privacy (PGP) model
(including Open PGP), rely on a decentralized authentication model called a web of trust, which
relies on individual endorsements of the link between user and public key.
14.Classify modes of operation for block ciphers. Explain each with valid figures and
examples.
Encryption algorithms are divided into two categories based on input type, as block cipher and
stream cipher. Block cipher is an encryption algorithm which takes fixed size of input say b bits
and produces a ciphertext of b bits again. If input is larger than b bits it can be divided further. For
different applications and uses, there are several modes of operations for a block cipher.
Advantages of CBC –
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
• Parallel encryption is not possible since every encryption requires previous cipher.
Advantages of CFB –
• Since, there is some data loss due to use of shift register, thus it is difficult for applying
cryptanalysis.
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a
counter initiated value is encrypted and given as input to XOR with plaintext which results in
ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in
parallel.Its simple implementation is shown below:
15. Explain the internal and external network security issues you can visualize in a
network.
Few internal network security issues are:
a) Malicious cyber-attacks:
The most likely perpetrators of cyber-attacks are system administrators or the other IT staff with
privileged system access. Technically proficient employees can use their system access to open
back doors into computer systems, or leave programs on the network to steal information or wreak
havoc.
The best protection against this sort of attack is to monitor employees closely and be alert for
disgruntled employees who might abuse their positions. In addition, experts advise immediately
cancelling network access and passwords when employees leave the company, to avoid those
using passwords to remotely access the network in future.
b) Social engineering:
Perhaps one of the most common ways for attackers to gain access to a network is by exploiting
the trusting nature of your employees.
d) Information leakage:
There are now a staggering number of ways that information can be taken from your computer
networks and released outside the organisation. Whether it's an MP3 player, a CD-ROM, a digital
camera or USB data stick, today's employees could easily take a significant chunk of your
customer database out of the door in their back pocket.
e) Illegal activities:
It's important to remember that, as an employer, you are responsible for pretty much anything your
employees do using your computer network — unless you can show you have taken reasonable
steps to prevent this.
To protect yourself, experts advise a two-pronged approach. First, use monitoring software to
check email and internet traffic for certain keywords or file types. You might also choose to block
certain websites and applications completely.
Few internal network security issues are:
a) Economic threats:
The economy can be considered an external threat to businesses because, no matter how hard a
company works or how good its products are, economic conditions dictate a business's profit and
success. Economic downturns can decrease the demand for goods or services on the consumer
market. On the other hand, a robust economy will inspire more consumer spending and business
growth. According to the Economic Development Research and Training Centre, studying
economic trends, such as household spending or consumer demand reports, can help companies
track economic patterns in their external environments.
b) Competitors:
Competition is a significant external threat to businesses and is a product of the marketplace. A
competitive market requires knowing who your competitors are. Competition serves as an external
threat because businesses compete with other organizations for the same customers. In turn, this
challenge can cause one company to flourish and the other to flop.
c) Global Environment:
The global environment can be risky for companies that rely on horticulture, agriculture or other
types of natural resources. Weather patterns are examples of global environmental threats that can
impact a company’s resources, projects and profitability. Businesses track and trend weather
patterns and global changes to monitor what types of environmental risks are out there.
d) Political factors:
Political decisions or changes can threaten businesses. Foreign investments, for instance, can be
threatened by political decisions to go to war with other countries. Or government-funded agencies
can have their businesses impacted by budget cuts or budget deficits.
e) New technology:
The technological field, with all of its advancements, can serve as a potential external threat to
businesses. Technological changes can give companies a competitive advantage, leaving others
behind. For instance, travel agencies were exposed to a technological threat when the Internet gave
customers the ability to do their own research and make their own travel plans from their
computers, thereby eliminating the need for travel agencies. Technological changes should be
monitored to determine if there are any direct threats to a business.
16.Explain RSA Public key algorithm with suitable example.
There are several asymmetric-key cryptosystems, one of the common public key algorithms is the
RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman). RSA uses two
exponents, e and d, where e is public and d is private. Suppose P is the plaintext and C is the
ciphertext. Alice uses C = Pe mod n to create ciphertext C from plaintext P; Bob uses P = Cd mod
n to retrieve the plaintext sent by Alice. The modulus n, a very large number, is created during the
key generation process.
Procedure
Bob chooses two large numbers, p and q, and calculates n = p × q and φ = (p − 1) × (q − 1). Bob
then selects e and d such that (e × d) mod φ = 1. Bob advertises e and n to the community as the
public key; Bob keeps d as the private key. Anyone, including Alice, can encrypt a message and
send the ciphertext to Bob, using C = (Pe) mod n; only Bob can decrypt the message, using P =
(Cd) mod n. An intruder such as Eve cannot decrypt the message if p and q are very large numbers
(she does not know d).
Applications
Although RSA can be used to encrypt and decrypt actual messages, it is very slow if the message
is long. RSA, therefore, is useful for short messages. In particular, we will see that RSA is used in
digital signatures and other cryptosystems that often need to encrypt a small message without
having access to a symmetric key. RSA is also used for authentication.
17. Write a short note on DES with clear figures. Also list its limitations.
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is
64- bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64
bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration.
Since DES is based on the Feistel Cipher, all that is required to specify DES is: -
1. Round function
2. Key schedule
3. Any additional processing − Initial and final permutation
Initial and Final Permutation
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations are
shown as follows: -
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first need
to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration: - The graphically depicted permutation logic is generally described as table in DES
specification illustrated as shown: -
XOR (Whitener). − After the expansion permutation, DES does XOR operation on the expanded
right section and the round key. The round key is used only in this operation. Substitution Boxes.
− The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes, each with a 6-bit input
and a 4-bit output. Refer the following illustration: -
There
are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32 bit
section.
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation
with rule shown in the following illustration:
Key Generation The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
The process of key generation is depicted in the following illustration: -
The logic for Parity drop, shifting, and Compression P-box is given in the DES description.
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.
• Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
• Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key selected
are weak keys. These keys shall be avoided.
DES has proved to be a very well-designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
Disadvantages:
1. Experts have found a weakness in the design of the cipher.
2. S box creates same output with two chosen input.
3. The initial and final permutation is not exactly clear and seems confusing.
The two types of traditional symmetric ciphers are Substitution Cipher and Transposition
Cipher. The following flowchart categories the traditional ciphers:
1.SubstitutionCipher:
Substitution Ciphers are further divided into Mono-alphabetic Cipher and Poly-alphabetic
Cipher.
First, let’s study about mono-alphabetic cipher.
1. Mono-alphabetic Cipher–
In mono-alphabetic ciphers, each symbol in plain-text (eg; ‘o’ in ‘follow’) is mapped to one
cipher-text symbol. No matter how many times a symbol occurs in the plain-text, it will
correspond to the same cipher-text symbol. For example, if the plain-text is ‘follow’ and the
mapping is :
o f -> g o -> p l -> m w -> x
The cipher-text is ‘gpmmpx’. Types of mono-alphabetic ciphers are:
(a) Additive Cipher (Shift Cipher / Caesar Cipher) –
The simplest mono-alphabetic cipher is additive cipher. It is also referred to as ‘Shift
Cipher’ or ‘Caesar Cipher’. As the name suggests, ‘addition modulus 2’ operation is
performed on the plain-text to obtain a cipher-text.
C = (M + k) mod n
M = (C – k) mod n
where,
C -> cipher-text
M -> message/plain-text
k -> key
The key space is 26. Thus, it is not very secure. It can be broken by brute-force attack.
For more information and implementation see Caesar Cipher
(b) Multiplicative Cipher –
The multiplicative cipher is similar to additive cipher except the fact that the key bit is
multiplied to the plain-text symbol during encryption. Likewise, the cipher-text is
multiplied by the multiplicative inverse of key for decryption to obtain back the plain-text.
C=(M*k)mod n
M = (C * k-1) mod n
where,
k-1 -> multiplicative inverse of k (key)
The key space of multiplicative cipher is 12. Thus, it is also not very secure.
(c) Affine Cipher –
The affine cipher is a combination of additive cipher and multiplicative cipher. The key
space is 26 * 12 (key space of additive * key space of multiplicative) i.e. 312. It is
relatively secure than the above two as the key space is larger.
Here two keys k1 and k2 are used.
C=[(M*k1)+k2]modn
M = [(C – k2) * k1-1 ] mod n
For more information and implementation, see Affine Cipher
Now, let’s study about poly-alphabetic cipher.
2. Poly-alphabetic Cipher –
In poly-alphabetic ciphers, every symbol in plain-text is mapped to a different cipher-text
symbol regardless of its occurrence. Every different occurrence of a symbol has different
mapping to a cipher-text. For example, in the plain-text ‘follow’, the mapping is :
f -> q o -> w l -> e l -> r o -> t w -> y
Thus, the cipher text is ‘qwerty’.
Types of poly-alphabetic ciphers are:
2.TranspositionCipher:
The transposition cipher does not deal with substitution of one symbol with another. It
focuses on changing the position of the symbol in the plain-text. A symbol in the first
position in plain-text may occur in fifth position in cipher-text.
Two of the transposition ciphers are:
Transposition Cipher with example:
• It is another type of cipher where the order of the alphabets in the plaintext is rearranged to
create the ciphertext. The actual plaintext alphabets are not replaced.
• An example is a ‘simple columnar transposition’ cipher where the plaintext is written
horizontally with a certain alphabet width. Then the ciphertext is read vertically as shown.
• For example, the plaintext is “golden statue is in eleventh cave” and the secret random key
chosen is “five”. We arrange this text horizontally in table with number of column equal to key
value. The resulting text is shown below.
• The ciphertext is obtained by reading column vertically downward from first to last
column. The ciphertext is ‘gnuneaoseenvltiltedasehetivc’.
• To decrypt, the receiver prepares similar table. The number of columns is equal to key
number. The number of rows is obtained by dividing number of total ciphertext
alphabets by key value and rounding of the quotient to next integer value.
• The receiver then writes the received ciphertext vertically down and from left to right
column. To obtain the text, he reads horizontally left to right and from top to bottom
row.
The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than triple
DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was
designed to overcome this drawback but it was found slow.
The features of AES are as follows −
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It
comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four
rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each
of these rounds uses a different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −
Symmetric-Key Ciphers
A symmetric-key cipher uses the same key for both encryption and decryption, and the key can be
used for bidirectional communication, which is why it is called symmetric.
general idea behind a symmetric-key cipher is mentioned in the figure given below.
the symmetric-key encipherment uses a single key (the key itself may be a set of values) for both
encryption and decryption. In addition, the encryption and decryption algorithms are inverses of
each other. If P is the plaintext, C is the ciphertext, and K is the key, the encryption algorithm
Ek(x) creates the ciphertext from the plaintext; the decryption algorithm Dk(x) creates the
plaintext from the ciphertext. We assume that Ek(x) and Dk(x) are inverses of each other: they
cancel the effect of each other if they are applied one after the other on the same input. We have
This means that Alice and Bob need another channel, a secured one, to exchange the secret key.
Alice and Bob can meet once and exchange the key personally. The secured channel here is the
face-to-face exchange of the key. They can also trust a third party to give them the same key. They
can create a temporary secret key using another kind of cipher⎯asymmetric-key ciphers⎯which
will be described later. Encryption can be thought of as locking the message in a box; decryption
can be thought of as unlocking the box. In symmetric-key encipherment, the same key locks and
unlocks, as shown in Figure 31.3. Later sections show that the asymmetric-key encipherment
needs two keys, one for locking and one for unlocking.
The symmetric-key ciphers can be divided into traditional ciphers and modern ciphers. Traditional
ciphers are simple, character-oriented ciphers that are not secure based on today’s standard.
Modern ciphers, on the other hand, are complex, bit oriented ciphers that are more secure. We
briefly discuss the traditional ciphers to pave the way for discussing more complex modern
ciphers.
Traditional Symmetric-Key Ciphers Traditional ciphers belong to the past. However, we briefly
discuss them here because they can be thought of as the components of the modern ciphers. To be
more exact, we can divide traditional ciphers into substitution ciphers and transposition ciphers.
In a polyalphabetic cipher, each occurrence of a character may have a different substitute. The
relationship of a character in the plaintext to a character in the ciphertext is one-to-many. For
example, “a” could be enciphered as “D” at the beginning of the text, but as “N” in the middle.
Polyalphabetic ciphers have the advantage of hiding the letter frequency of the underlying
language. Even single-letter frequency statistics cannot be used to break the ciphertext. To create a
polyalphabetic cipher, we need to make each ciphertext character dependent on both the
corresponding plaintext character and the position of the plaintext character in the message. This
implies that our key should be a stream of subkeys, in which each subkey depends somehow on
the position of the plaintext character that uses that subkey for encipherment. In other words, we
need to have a key stream k = (k1, k2, k3, …) in which ki is used to encipher the ith character in
the plaintext to create the ith character in the ciphertext. To see the position dependency of the key,
let us discuss a simple polyalphabetic cipher called the autokey cipher. In this cipher, the key is a
stream of subkeys, in which each subkey is used to encrypt the corresponding character in the
plaintext. The first subkey is a predetermined value secretly agreed upon by Alice and Bob. The
second subkey is the value of the first plaintext character (between 0 and 25). The third subkey is
the value of the second plaintext character, and so on. The name of the cipher, autokey, implies
that the subkeys are automatically created from the plaintext cipher characters during the
encryption process.
Example: Assume that Alice and Bob agreed to use an autokey cipher with initial key value k1 =
12. Now Alice wants to send Bob the message “Attack is today”. Enciphering is done character
by character. Each character in the plaintext is first replaced by its integer value. The first subkey
is added to create the first ciphertext character. The rest of the key is created as the plaintext
characters are read. Note that the cipher is polyalphabetic because the three occurrences of “a” in
the plaintext are encrypted differently. The three occurrences of “t” are also encrypted differently
39 Write a note on network security.
22. Explain monoalphabetic substitution with suitable examples
A substitution cipher replaces one symbol with another. If the symbols in the plaintext are
alphabetic characters, we replace one character with another. For example, we can replace letter A
with letter D and letter T with letter Z. If the symbols are digits (0 to 9), we can replace 3 with 7
and 2 with 6. Substitution ciphers can be categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.
Hashing Peer Identifier: The first step in creating the DHT system is to place all peers on
the address space ring. This is normally done by using a hash function that hashes the
peer identifier, normally its IP address, to an m-bit integer, called a node ID. A hash
function is a mathematical function that creates an output from an input. However, DHT
uses some of the cryptographic hash functions such as Secure Hash Algorithm (SHA)
that are collision resistant, which means that the probability of two inputs being mapped
to the same output is very low.
Hashing Object Identifier: The name of the object (for example, a file) to be shared is
also hashed to an m-bit integer in the same address space. The result in DHT parlance is
called a key. In the DHT an object is normally related to the pair (key, value) in which
the key is the hash of the object name and the value is the object or a reference to the
object. Storing the Object There are two strategies for storing the object: the direct
method and the indirect method. In the direct method, the object is stored in the node
whose ID is somehow closest to the key in the ring. The term closest is defined
differently in each protocol. This involves the object’s most likely being transported from
the computer that originally owned it. However, most DHT systems use the indirect
method due to efficiency. The peer that owns the object keeps the object, but a reference
to the object is created and stored in the node whose ID is closest to the key point. In
other words, the physical object and the reference to the object are stored in two different
locations. In the direct strategy, we create a relationship between the node ID that stores
the object and the key of the object; in the indirect strategy, we create a relationship
between the reference (pointer) to the object and the node that stores that reference. In
either case, the relationship is needed to find the object if the name of the object is given.
Example: Although the normal value of m is 160, for the purpose of demonstration, we
use m = 5 to make our examples tractable. In Figure 29.3, we assume that several peers
have already joined the group. The node N5 with IP address 110.34.56.20 has a file
named Liberty that it wants to share with its peers. The node makes a hash of the file
name, “Liberty,” to get the key = 14. Since the closest node to key 14 is node N17, N5
creates a reference to the file name (key), its IP address, and the port number (and
possibly some other information about the file) and sends this reference to be stored in
node N17. In other words, the file is stored in N5, the key of the file is k14 (a point in the
DHT ring), but the reference to the file is stored in node N17. We will see later how other
nodes can first find N17, extract the reference, and then use the reference to access the
file Liberty. Our example shows only one key on the ring, but in an actual situation there
are millions of keys and nodes in the ring. Routing DHT’s main function is to route a
query to the node responsible for storing the reference to an object. Each DHT
implementation uses a different strategy for routing, but all follow the idea that each node
needs to have a partial knowledge about the ring to route a query to a node that is closest
to the responsible node. Arrival and Departure of Nodes In a P2P network, each peer can
be a desktop or a laptop computer, which can be turned on or off. When a computer peer
launches the DHT software, it joins the network; when the computer is turned off or the
peer closes the software, it leaves the network. A DHT implementation needs to have a
clear and efficient strategy to handle arrival or Figure 29.3 Example 29.1 N2 0 N5 N10
N17 N29 ID space of size 25 (m = 5) 5 = hash (110.34.56.20) 14 = hash (“Liberty”) 5200
Liberty 110.34.56.20 Legend N25 N20 : key = hash (object name) : node = hash (IP
address) : point (potential key or node) k14 14 (110.34.56.20, 5200) 80.201.52.40 Key
Reference departure of the nodes and the effect of this on the rest of the peers. Most DHT
implementations treat the failure of a node as a departure.