Dr.

Uma Godase
Computer Science and Engineering
MIT School of Engineering
 Introduction

Background
▪ traditionally provided by physical and administrative
mechanisms
▪ computer use requires automated tools to protect
files and other stored information
▪ use of networks and communication links requires
measures to protect data during transmission
 Definitions

▪ Computer Security - generic name for the

collection of tools designed to protect data and to
thwart hackers
▪ Network Security - measures to protect data during
their transmission
▪ Internet Security - measures to protect data during
their transmission over a collection of
interconnected networks
 Internet Security
Internet security is complex b’coz
▪ Achieving requirements (confidentiality, integrity,
authentication) – Complex mechanisms
▪ All possible attacks consideration
▪ Problem of creation, distribution & protection of
secret information needed.
▪ Decision of where to use mechanism
• Physical placement – at which point in network
• Logical placement – at what layer of network
 Basic Components
▪ Confidentiality : information should be
concealed
▪ Integrity : trustworthiness of data.
Classes : Prevention mechanisms
Detection mechanisms
▪ Availability : resources should be available
to authorized parties at all
times
 Security Architecture
Aspects of information security:
▪ security attack - any action that compromises the
security of information owned by an organization
▪ security mechanism - feature designed to detect,
prevent, or recover from a security attack
▪ security service - enhance security of data
processing systems and information transfers of an
organization
 Security Threat
Threat :
A potential for violation of security
Types of threat:
▪ Disclosure : unauthorized access to information
▪ Deception : acceptance of false data
▪ Disruption : interruption / prevention of correct
operation
▪ Usurpation : unauthorized control of some part of
system
 Security Threats
Covered Threat
Threat Description
Categories
Snooping listening communication Disclosure
deception,
disruption &
Modification Change in message contents
usurpation

Masquerading/ unauthorized entity pretends to be deception ,

Spoofing another entity usurpation
false denial that an entity sent
Repudiation of Origin deception
something
false denial that an entity received deception
Denial of receipt
something
usurpation
Delay temporary inhibition of service

usurpation
Denial of Service Denial of service to authorized user
Security Threats
 Security Attack
Types of Attack
▪ Passive
▪ Active
Passive Attack
▪ Release of message Contents
▪ Traffic Analysis
 Security Attack
Active Attack
▪ Masquerade
▪ Replay
▪ Modification of message
▪ Denial of Service
 Security Policy & Mechanism

▪ Security Policy : statement of what is allowed and

what is not allowed.

▪ Security mechanism : method , tool or procedure

for enforcing a security policy.
 Security Services
1. Authentication - assurance that the communicating entity
is the one claimed
▪ Peer entity authentication
▪ Data Origin authentication
2. Access Control - prevention of the unauthorized use of a
resource
3. Data Confidentiality –protection of data from
unauthorized disclosure
▪ Connection confidentiality : Protection of all data on connection
▪ Connectionless confidentiality : all data in a single data block
▪ Selective Field confidentiality : selected fields within data on
connection
▪ Traffic Flow confidentiality : protection of information that might
be derived from traffic analysis
 Security Services
4. Data Integrity - assurance that data received is as sent by an
authorized entity i.e. no modification
▪ Connection integrity with data recovery : integrity of all data
on connection with recovery
▪ Connection integrity without data recovery : integrity of all data
on connection without recovery
▪ Connectionless integrity :integrity of a single data block
▪ Selective Field connection integrity: integrity of selected fields
within data on connection
▪ Selective Field connectionless integrity : integrity of
selected fields within data in single block
▪ 5. Non-Repudiation - protection against denial by one of the
parties in a communication
▪ Origin
▪ Destination
Model for Network Security
 Model for Network Security
Basic tasks in designing a security service using
above model :
▪ design a suitable algorithm for the security
transformation
▪ generate the secret information (keys) used by the
algorithm
▪ develop methods to distribute and share the secret
information
▪ specify a protocol enabling the principals to use the
transformation and secret information for a security
service
 Some Basic Terminology
▪ Cryptography - art of achieving security by encoding
messages to make them non readable
▪ Cryptanalysis (code breaking) - study of principles/
methods of deciphering ciphertext without knowing key
▪ Cryptology - field of both cryptography and cryptanalysis
▪ Cryptosystem – 5 tuple ( E, D, M, K, C)
M – set of plaintexts
C – set of cipher texts
K – set of keys
E – M × K → C set of enciphering functions
D – C × K → M set of deciphering functions
 Some Basic Terminology
▪ Plaintext - original message
▪ ciphertext - coded message
▪ cipher - algorithm for transforming plaintext to
cipher text
▪ key - info used in cipher known only to
sender/receiver
▪ encipher (encrypt) - converting plaintext to ciphertext
▪ decipher (decrypt) - recovering ciphertext from plaintext
 Cryptography
Characterize cryptographic system by:
▪ type of encryption operations used
▪ substitution - replacement
▪ transposition - rearrangement
▪ Product – both substitution and transposition
▪ number of keys used
▪ single-key or private or symmetric or conventional
▪ two-key or public or asymmetric
▪ way in which plaintext is processed
▪ block –processes one block at a time
▪ Stream – processes input element continuously
 Cryptanalysis

Objective is to recover key not just message

general approaches:
▪ cryptanalytic attack – exploits characteristics of algorithm
▪ brute-force attack – tries every possible key on a piece
of cipher text. On average half the
possible keys are tried
 Types of Cryptanalytic Attacks
Type of attack Cryptanalyst knows

Cipher text only encryption algorithm

cipher text
known plaintext encryption algorithm
cipher text
One/more plaintext cipher text pairs
chosen plaintext encryption algorithm
cipher text
Plaintext chosen by cryptanalyst together with its
corresponding cipher text
chosen cipher text encryption algorithm
cipher text
Cipher text chosen by cryptanalyst together with its
corresponding plain text
chosen text encryption algorithm
cipher text
Plaintext chosen by cryptanalyst with its cipher text
cipher text chosen by cryptanalyst with its plaintext
 Some Definitions
Generally, an encryption algorithm is designed to withstand
a known plaintext attack
▪ unconditional security
no matter how much computer power or time is available,
the cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
▪ computational security
An encryption scheme is computationally secure if either of
the following criteria are met
▪ Cost of breaking the cipher exceeds the value of encrypted
information.
▪ The time to break the cipher exceeds the useful lifetime of the
information
Symmetric Cipher Model
 Requirements
Two requirements for secure use of symmetric encryption:
▪ a strong encryption algorithm
▪ a secret key known only to sender / receiver
Mathematically have:
Y = EK(X)
X = DK(Y)
▪ assume encryption algorithm is known
▪ implies a secure channel to distribute key
 Classical Substitution Ciphers

▪ letters of plaintext are replaced by other letters or by

numbers or symbols
▪ if plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit
patterns
 Ceasar Cipher

▪ earliest known substitution cipher

▪ by Julius Caesar
▪ first attested use in military affairs
▪ replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Ceasar Cipher

▪ can define transformation as:

abcdefghijklmnopqrstuvwxyz
DEFG HIJ KLMN OPQRSTUVWXYZABC
▪ mathematically give each letter a number
abcdefghij k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
23 24 25
▪ then modified Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)
 Cryptanalysis of Ceasar Cipher

▪ only have 26 possible ciphers

A maps to A,B,..Z
▪ a brute force search - given ciphertext, just try all shifts of
letters
▪ The language of plaintext is known and easily recognizable.
 Monoalphabetic Cipher

▪ each plaintext letter maps to a different random ciphertext

letter
▪ hence key is 26 letters long
Plain : abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
 Monoalphabetic Cipher Security

▪ now have a total of 26! = 4 x 1026 keys

▪ with so many keys, might think is secure
▪ But the problem is language characteristics i.e. regularity of
language can be used to break the cipher.
 Homophonic Substitution Cipher

▪ Provides multiple substitutions called homophones for a

single letter
▪ E.g. e is assigned { d, b, f } in rotation.
▪ But it affects only one element of ciphertext so cryptanalysis
is straight forward.
 Polygram Substitution Cipher

▪ Replaces a block of plain text with another block

▪ E.g.
HELLO is replaced by YUQEW
But HELL is replaced by TEVI
 Playfair Cipher

▪ not even the large number of keys in a monoalphabetic

cipher provide security
▪ one approach to improving security was to encrypt multiple
letters
▪ The Playfair Cipher is an example
▪ invented by Charles Wheatstone in 1854, but named after his
friend Baron Playfair
 Playfair Key Matrix

▪ a 5X5 matrix of letters based on a keyword

▪ fill in letters of keyword
▪ fill rest of matrix with other letters
▪ eg. using the keyword MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Playfair Cipher – Encryption/ Decryption

Plaintext is encrypted two letters at a time

▪ if a pair is a repeated letter, insert filler like 'X’
▪ if both letters in a pair fall in the same row of key matrix,
replace each with letter to right
▪ if both letters fall in the same column, replace each with the
letter below it
▪ otherwise each letter is replaced by the letter in the same
row and in the column of the other letter of the pair
 Security of Playfair Cipher

▪ security much improved over monoalphabetic

since have 26 x 26 = 676 digrams
▪ was widely used for many years
▪ it can be broken, given a few hundred letters since it
leaves much of plaintext structure intact
 Hill Cipher
▪ C = KP mod 26
P – column vector representing plaintext
C – column vector representing ciphertext
K – matrix of encryption key
▪ Pay is represented as 15
0
24
▪ Completely hides single letter frequencies , larger the matrix
more frequency information is hidden
▪ Strong against ciphertext only attack
▪ But easily broken with known plaintext attack
 Polyalphabetic Cipher
▪ Uses multiple 1 character keys.
▪ a set of related monoalphabetic rules is used
▪ A key determines which rule is chosen for given
transformation.
▪ repeat from start after end of key is reached
▪ improve security using multiple cipher alphabets
▪ make cryptanalysis harder with more alphabets to guess and
flatter frequency distribution
 Vigenère Cipher
▪ simplest polyalphabetic substitution cipher
▪ A set of monoalphabetic substitution rules consist of 26
ceasar ciphers with shifts of 0 thr’ 25
▪ Vigenere table – by laying 26 ciphers horizontally
▪ Encryption : key letter : x
plaintext letter : y
cipher text letter is at the intersection of row
labeled x and column labeled y
▪ Key and message length should be same
e.g. key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 Security of Vigenère Cipher
▪ have multiple ciphertext letters for each plaintext letter
▪ hence letter frequencies are obscured but not totally lost
▪ repetitions in ciphertext give clues to period
▪ find same plaintext an exact period apart which results in
the same ciphertext
e.g. repeated “VTW” in previous example
suggests size of 3 or 9
▪ then attack each monoalphabetic cipher individually using
same techniques as before
 Autokey Cipher
ideally want a key as long as the message
Vigenère proposed the autokey cipher
▪ keyword is concatenated with plaintext to form key
eg. given key deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
▪ vulenerable to cryptanalysis since key & plaintext share
same frequency distribution.
 Vernam Cipher

▪ Choose the keyword with length equal to plaintext

▪ Works on binary data rather than letters
Ci = Pi + Ki
Pi – ith binary digit of plaintext
Ki - ith binary digit of key
Ci - ith binary digit of ciphertext
 One time Pad

▪ Uses a truly random key as long as the message

▪ unbreakable since ciphertext bears no statistical
relationship to the plaintext
▪ Given any plaintext & ciphertext of equal length there
exists a key mapping one to other. So if all possible keys
are used we will get many legible plaintext & cant decide
the intended plaintext.
Problems :
▪ Practically making large quantities of random keys is
difficult.
▪ problems in distribution & protection of key
 Transposition Ciphers

▪ hide the message by rearranging the letter order

▪ Don’t alter the actual letters used
▪ can recognize these since have the same frequency
distribution as the original text
 Rail Fence Ciphers

▪ write message letters out diagonally over a number of rows

▪ then read off cipher row by row
eg. Plaintext : meetmeafterthetogaparty
write message out as:
mematrhtgpry
etefeteoaat
▪ giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Row Transposition Ciphers
▪ more complex transposition
▪ write letters of message out in rows over a specified number
of columns
▪ then reorder the columns according to some key before
reading off the rows
Key: 3421567
1 2 3 4 5 6 7
a t t a c k p
o s t p o n e
d u n t I l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
 Row Transposition Ciphers
Number of rows = No. of letters / length of key
No. of rows = 28 / 7 = 4
Form the groups of four letters each
TTNA APTM TSUO AODW COIX KNLY PETZ
3 4 2 1 5 6 7

1 2 3 4 5 6 7
a t t a c k p
o s t p o n e
d u n t I l t
w o a m x y z
 Product Ciphers

▪ ciphers using substitutions or transpositions are not secure

because of language characteristics
▪ Hence product cipher uses several ciphers in succession to
make harder
• two substitutions make a more complex substitution
• two transpositions make more complex transposition
• but a substitution followed by a transposition makes a
new much harder cipher
▪ this is bridge from classical to modern ciphers
 Modular Arithmetic

a/b then quotient q & remainder r

a = qn + r
R - residue
a mod n – n is modulus
For any int a
a = a/n * n + (a mod n )
Congruent modulo n - 2 int a & b are Congruent modulo n if
a mod n = b mod n
i.e. a ≡ b mod n
e.g. 73 ≡ 4 mod 23
 Modular Arithmetic
Divisors –
▪ b divides a if a = mb and represented as b | a
▪ If a | 1 then a = ± 1
▪ If a | b & b | a then a = ± b
▪ Any b ≠ 0 divides 0
▪ If b | g & b | h then b | ( mg + nh)
Properties of congruence –
▪ a ≡ b mod n if n | (a – b)
▪ a ≡ b mod n implies b ≡ a mod n
▪ a ≡ b mod n & b ≡ c mod n implies a ≡ c mod n
 Modular Arithmetic Operations
Modular Arithmetic Properties –
▪ [( a mod n ) + ( b mod n) ] mod n = ( a + b ) mod n
▪ [( a mod n ) - ( b mod n) ] mod n = ( a - b ) mod n
▪ [( a mod n ) × ( b mod n) ] mod n = ( a × b ) mod n
set of residues or residue classes modulo n
▪ Set Zn – set of nonnegative integers less than n
▪ Zn = { 0, 1, ……(n – 1) }
▪ Zn is called set of residues or residue classes modulo n
▪ Each integer in Zn represents a residue class & represented
as [0], [1] , [2], ……….[n-1]
▪ [r] = { a : a is integer , a ≡ r mod n}
Mod. Arithmetic Properties for integers in Zn
Commutative Laws :
▪ ( w + x ) mod n = ( x + w ) mod n
▪ ( w × x ) mod n = ( x × w ) mod n
Associative Laws :
▪ [( w + x ) + y ] mod n = [ w + ( x + y )] mod n
▪ [( w × x ) × y ] mod n = [ w × ( x × y )] mod n
Distributive Laws:
▪ [ w × ( x + y ) ] mod n = [ (w × x) + ( w × y )] mod n
▪ [ w + ( x × y ) ] mod n = [ ( w + x ) × ( w + y )] mod n
Identities : ( 0 + w ) mod n = w mod n
▪ ( 1 × w ) mod n = w mod n
Additive Inverse : for each w є Zn there exists z such that
w + z ≡ 0 mod n
 Prime Numbers

• prime numbers only have divisors 1 and self

• they cannot be written as a product of other numbers
• note: 1 is prime, but is generally not of interest
• eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
• prime numbers are central to number theory
 Prime Factorization

▪ To factor a number n is to write it as a product of other

numbers:
n=a x b x c
▪ Factoring a number is relatively hard compared to
multiplying the factors together to generate the number
▪ The prime factorization of a number n is when it is
written as a product of primes
▪ a = p1a1 * p2a2*…ptat
▪ eg. 91=7x13 ; 3600=24x32x52
 Relatively Prime Numbers & GCD
Relatively Prime :
1. Int a & b are relatively prime if GCD (a, b) = 1
2. Two numbers a, b are relatively prime if have no common
divisors apart from 1
3. eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8
and of 15 are 1,3,5,15 and 1 is the only common factor
Greatest Common Divisor (GCD) : positive integer c is GCD of
a & b if 1. c is divisor of a & b
2. Any divisor of a & b is divisor of c
GCD ( a, b) = GCD (a, -b) = GCD (-a, b) = GCD (-a, -b)
GCD of two numbers expressed as the product of primes
 Euclidean Algorithm
Finding GCD using Euclidean Algorithm:
For any nonnegative integer a and any positive integer b
GCD (a, b) = GCD (b, a mod b)
Algorithm : 1. A ← a , B ← b
2. If B = 0 return A= GCD (a, b)
3. R = A mod B
4. A←B
5. B←R
6. goto 2
 Euler’s Totient Function
Euler’s Totient Function ( φ(n)) :
It is the number of positive integers less than n and
relatively prime to n.
for p (p prime) ø(p)=p-1
φ(1) = 1
φ(37) = 36
 Fermat's Theorem

▪ ap-1 ≡ 1 (mod p)
▪ where p is prime and gcd(a,p)=1
▪ also known as Fermat’s Little Theorem
▪ also have: ap ≡ a (mod p)
▪ useful in public key and primality testing
 Euler's Theorem

▪ a generalization of Fermat's Theorem

▪ aø(n) ≡ 1 (mod n)
▪ for any a, n where gcd (a, n)=1
▪ eg.
▪ a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
▪ a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11
▪ also have: aø(n)+1 = a (mod n)
 Primality Testing

▪ often need to find large prime numbers

▪ traditionally sieve using trial division
▪ ie. divide by all numbers (primes) in turn less than the square
root of the number
▪ only works for small numbers
▪ Alternatively, can use statistical primality tests based on
properties of primes
▪ for which all prime numbers satisfy property
▪ but some composite numbers, called pseudo-primes, also satisfy
the property
▪ can use a slower deterministic primality test
 Miller Rabin Algorithm

▪ a test based on prime properties that result from Fermat’s

Theorem
▪ algorithm is:
TEST (n) is:
1. Find n-1=2k * m
2. Choose a such that 1 < a < n-1
3. Compute b0= am (mod m)
1. If b0=+1 then composite number
2. If b0=-1 then probably prime number
3. If b0 ≠ +1 or -1 then compute b1
b1= b02 (mod m)
4. Repeat this until you get bi=+1 or -1
bi= b(i-1)2 (mod m)
 Chinese Remainder Theorem

▪ used to speed up modulo computations

▪ if working modulo a product of numbers
▪ e.g., mod M, where M = m1m2..mk
▪ Chinese Remainder theorem lets us work in each
modulus mi separately
▪ since computational cost is proportional to size, this is
faster than working in the full modulus M
 Chinese Remainder Theorem (CRT)
CRT : Integers can be represented by their residues modulo a
set of pair wise relatively prime moduli.
OR
Let m1,m2…..mk be pair wise relatively prime integers.
i.e. GCD( mi, mj) = 1 for 1 ≤ i < j ≤ k
Let ai є Zmi
And M = m1m2…..mk
Then there exists a unique integer A є Zm such that
ai = A mod mi for i = 1……k
 Chinese Remainder Theorem

▪ can implement CRT in several ways

▪ to compute A(mod M)
▪ first compute all ai = A mod mi separately
▪ determine constants ci below, where Mi = M/mi
▪ then combine results to get answer using:
 Discrete Logarithms

▪ the inverse problem to exponentiation is to find the

discrete logarithm of a number modulo p
▪ that is to find i such that b = ai (mod p)
▪ this is written as i = dloga b (mod p)
▪ if a is a primitive root then it always exists, otherwise it
may not, e.g.,
x = log3 4 mod 13 has no answer
x = log2 3 mod 13 = 4 by trying successive powers
▪ whilst exponentiation is relatively easy, finding discrete
logarithms is generally a hard problem