CRYPTOGRAPHY AND NETWORK SECURITY NOTES

UNIT 1
 Cryptography is a study of different techniques used for encryption and decryption of the text to
convert the plain text into ciphertext and vice-versa.
 There are many different cryptographic techniques and algorithm which have been developed so
far.These are broadly classified into two types,
1. Symmetric key cryptography
2. Asymmetric key cryptography

OSI Security Architrcture

1.Security Services
2.Security Attacks
3.Security Mechanisms

Security Attacks Security Mechanisms

Security Services Specific Pervasive Security
Passive Attacks Active Attacks Security Mechanisms
Mechanisms

1. Authentication 1.Release of 1. Masquerade 1. Encipherment 1.Trusted

2. Access Control Message 2. Replay 2. Digital Functionality
3. Data Confidentiality contents 3. Modification Signature 2. Security Label
4. Data Integrity 2.Traffic of Messages 3. Access control 3. Event Detection
5. NonRepudiation Analysis 4. Denial of 4. Data Integrity 4. Security Audit
Service 5. Authentication Trail
Exchange 5. Security
6. Traffic Padding Recovery
7. Routing
Control
8. Notarization

1
2
3
Security Attack

Passive Attacks:
The release of message contents is easily understood A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information.We would like to prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption protection in place, an
opponent might still be able to observe the pattern of these messages. The opponent could
determine the location and identity of communicating hosts and could observe the frequency and
length of messages being exchanged. This information might be useful in guessing the nature of
the communication .
Active Attacks:
A masquerade takes place when one entity pretends to be a different entity .A
masquerade attack usually includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a valid authentication sequence has
taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect .
Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect . For
example, a message meaning “Allow John Smith to read confidential file accounts” is modified to
mean “Allow Fred Brown to read confidential file accounts.”

4
 A Model For Network Security

This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should be such
that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the
secret information to achieve a particular security service.

 The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking
and entering a computer system. The intruder can be a disgruntled employee who wishes to do
damage or a criminal who seeks to exploit computer assets for financial gain
 Viruses and worms are two examples of software attacks. Such attacks can be introduced into a
system by means of a disk that contains the unwanted logic con-cealed in otherwise useful
software.

5
 Symmetric Key Encryption Asymmetric Key Encryption

It only requires a single key for both encryption It requires two keys, a public key and a private
and decryption. key, one to encrypt and the other one to decrypt.

The size of cipher text is the same or smaller than The size of cipher text is the same or larger than
the original plain text. the original plain text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is required

It is used to transfer small amounts of data.
to transfer.

It provides confidentiality, authenticity, and

It only provides confidentiality.
non-repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource utilization In asymmetric key encryption, resource

is low as compared to asymmetric key encryption. utilization is high.

It is efficient as it is used for handling large It is comparatively less efficient as it can handle
amount of data. a small amount of data.

Security is less as only one key is used for both It is more secure as two keys are used here- one
encryption and decryption purpose. for encryption and the other for decryption.

Examples: Diffie-Hellman, ECC, El Gamal,

Examples: 3DES, AES, DES and RC4
DSA and RSA

6
 Classical Encryption Techniques
1.Substitution Technique
2.Transposition Technique
Substitution Techniques Transposition Techniques

 Caesar Cipher  Rail Fence

 Monoalphabetic Cipher  Row Column Transposition
 Playfair Cipher
 Hill Cipher
 Polyalphabetic Cipher
 One-Time Pad

Substitution Technique
 A substitution technique is one in which the letters of plaintext are replaced by other letters
Caesar Cipher
 The Caesar cipher involves replacing each letter of the alphabet with the letter standing three
places further down the alphabet.
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Monoalphabetic Cipher
 Monoalphabetic cipher is a substitution cipher, where the cipher alphabet for each plain text
alphabet is fixed, for the entire encryption.
 In simple words, if the alphabet ‘p’ in the plain text is replaced by the cipher alphabet ‘d’,then in
the entire plain text wherever alphabet ‘p’ is used, it will be replaced by the alphabet ‘d’ to form
the ciphertext.
Polyalphabetic Cipher
 In polyalphabetic substitution, each appearance of a character in the plaintext can have a different
substitution character in the ciphertext.
 The relationship among a character in plaintext and a character in ciphertext is one to many.
 For instance, letter ‘A’ can be restored by the letter ‘C’ and the similar letter ‘A’ can be restored
by ‘N’ later in the ciphertext.
The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.

7
 Playfair cipher
Playfair cipher is a substitution cipher which involves a 5X5 matrix. Let us discuss the technique of this
Playfair cipher with the help of an example:
Plain Text : meet me tomorrow
Key : KEYWORD
Now, we have to convert this plain text to ciphertext using the given key. We will discuss the further
process in steps.
Step 1: Create a 5X5 matrix and place the key in that matrix row-wise from left to right. Then put the
remaining alphabet in the blank space.

Note: If a key has duplicate alphabets, then fill those alphabets only once in the matrix, and I & J should
be kept together in the matrix even though they occur in the given key.
Step 2: Now, you have to break the plain text into a pair of alphabets.
Plain Text: meet me tomorrow
Pair: me et me to mo rx ro wz
Note
 Pair of alphabets must not contain the same letter. In case, pair has the same letter then break it and add
‘x’ to the previous letter. Like in our example letter ‘rr’ occurs in pair so, we have broken that pair and
added ‘x’ to the first ‘r’.
 In case while making pair, the last pair has only one alphabet left then we add ‘z’ to that alphabet to form
a pair as in our above example, we have added ‘z’ to ‘w’ because ‘w’ was left alone at last.
 If a pair has ‘xx’ then we break it and add ‘z’ to the first ‘x’, i.e. ‘xz’ and ‘x_’.
Step 3: In this step, we will convert plain text into ciphertext. For that, take the first pair of plain text and
check for cipher alphabets for the corresponding in the matrix. To find cipher alphabets follow the rules
below.
Note
 If both the alphabets of the pair occur in the same row replace them with the alphabet to their immediate
right. If an alphabet of the pair occurs at extreme right then replace it with the first element of that row,
i.e. the last element of the row in the matrix circularly follows the first element of the same row.

8
 If the alphabets in the pair occur in the same column, then replace them with the alphabet immediate
below them. Here also, the last element of the column circularly follows the first element of the same
column.
 If the alphabets in the pair are neither in the same column and nor in the same row, form a rectangle
with the two letters and take the letters on the horizontal opposite corner of the rectangle.
Pair: me et me to mo rx ro wz
Cipher Text: kn ku kn kz ks ta kc yo

Vigenere Cipher
This scheme of cipher uses a text string (say, a word) as a key, which is then used for doing a number of
shifts on the plaintext.
Process of Vigenere Cipher
 Plain Text : ‘attack from south east’
 Key : point
Numeric representation of key is ‘16 15 9 14 20’.[ p → 16, o → 15, i → 9, n → 14, and t → 20]
 Arrange plaintext and numeric key as follows −

 Now shifts each plaintext alphabet by the number written below it to create ciphertext as shown
below −

 Here, each plaintext character has been shifted by a different amount – and that amount is
determined by the key. The key must be less than or equal to the size of the message.
 For decryption, the receiver uses the same key and shifts received ciphertext in reverse order to
obtain the plaintext.

9
Hill Cipher

10
Repeat First 2 Columns . Next Repeat First 2
Rows . Next Remove First Row and First
Column

11
 One-Time Pad
 The length of the keyword is same as the length of the plaintext.
 The keyword is a randomly generated string of alphabets.
 The keyword is used only once to encrypt and decrypt the individual message after that the key
must be discarded.

Transposition Techniques
1. Rail Fence Transposition
2. Columnar Transposition

Rail Fence Cipher

The rail fence cipher is the simplest transposition cipher. The steps to obtain cipher text using this
technique are as follow:
Step 1: The plain text is written as a sequence of diagonals.
Step 2: Then, to obtain the cipher text the text is read as a sequence of rows.
Plain Text : meet me Tomorrow
Cipher Text :memtmroeteoorw

Columnar Transposition Technique

The columnar transposition cipher is more complex as compared to the rail fence.
Step 1: The plain text is written in the rectangular matrix of the initially defined size in a row by row
pattern.
Step 2: To obtain the cipher text read the text written in a rectangular matrix column by column. But you
have to permute the order of column before reading it column by column. The obtained message is the
cipher text message.
Plain text : meet Tomorrow
Cipher Text : EORTOWMTREMO

Now, put the plain text in the rectangle of a predefined size.

Predefined size of the rectangle would be 3×4.
Plain text is placed in the rectangle of 3×4 and also permuted the order of the column.

12
UNIT 2 SYMMETRIC KEY CRYPTOGRAPHY
Groups , Rings and Fields

13
 Parameter AES DES
Meaning AES stands for advanced encryption DES stands for data encryption standard.
standard.
Key Length The key length can be 128 bits, 192 bits, The key length is 56 bits.
or 256 bits.
Rounds of The rounds of operations per key length There are 16 identical rounds of operations.
Operations 128 bits: 10
192 bits: 12
256 bits: 14
Network AES is based on a substitution and DES is based on the Feistel network.
permutation network.
Security AES is considered the standard encryption DES is considered to be a weak encryption
algorithm in the world and is more secure algorithm; triple DES is a more secure
than DES. encryption algorithm.
Rounds Key Addition, Mix Column, Byte Substitution, XOR Operation, Permutation,
Substitution, and Shift Row. and Expansion.
Size AES can encrypt plaintext of 128 bits. DES can encrypt plaintext of 64 bits.
Known There are no known attacks for AES. Brute force attacks, differential cryptanalysis,
Attacks and linear cryptanalysis.

Data Encryption Standard (DES )

 DES is a symmetric block cipher which takes the input of 64-bit plain text along with 64-bit key
and process it, to generate the 64-bit ciphertext
 DES stands for Data Encryption Standard..
 DES algorithm uses a effective key of 56-bit size.
Encryption Steps:
1. The process begins with the 64-bit plain text block getting handed over to an initial permutation (IP)
function.
2. The initial permutation (IP) is then performed on the plain text.
3. Next, the initial permutation (IP) creates two halves of the permuted block, referred to as Left Plain
Text (LPT) and Right Plain Text (RPT).
4. Each LPT and RPT goes through 16 rounds of the encryption process.
5. Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the newly
combined block.
6. The result of this process produces the desired 64-bit ciphertext.

14
The encryption process step (step 4, above) is further broken down into five stages:
1. Key transformation
2. Expansion permutation
3. S-Box permutation
4. P-Box permutation
5. XOR and swap

15
16
 Advanced Encryption Standard ( AES )

AES performs all its computations on bytes

AES treats the 128 bits of a plaintext block as 16 bytes.
These 16 bytes are arranged in four columns and four rows for processing as a matrix
AES has
10 rounds -> 128-bit key
12 rounds -> 192-bit key
14 rounds -> 256-bit key
Encryption Steps :
Step 1: Initially the 16-byte key or a 4-word key is expanded to an array of 44 words where each word is
of 4 bytes.
Step 2: At the very first of encryption process the 16-byte plain text block or 4-word plain text
block is XORed with the 4-word key i.e. W0, W1, W2, W3. The resultant of this XOR is provided to the
1st round.
Step 3: In the first round, the result of XOR is processed in following sequence
Substitute Bytes,
Shift Rows,
Mix Column
Add Round Key functions
To the Add Round Key function, the next 4 words from the expanded key are provided that are
W4, W5, W6, W7.
The corresponding result of first-round is provided to the second round.
Step 4: All round till round nine, performs the same functions and in each round, a distinct key is
provided from the expanded key.
In round ten only three functions are performed on the input provided by round 9.( Except Mix
Column)
The result of round 10 is the cipher text block of the corresponding pain text block.

17
18
19
Round Functions
Each round function has four stages or four functions those are as follows:

Substitute Bytes
The input to Substitute Byte is a 4X4 state matrix of 16 bytes where each element of the matrix is of 1
byte. Now AES has defined a 16X16 matrix namely S-box which contains a permutation of 256 8-bit
values.
The Substitute Bytes function maps each byte element of state matrix to the new value using the
following procedure.

Step 1: A byte element in the state matrix would have 8-bits. The leftmost 4-bit is used to retrieve
the row value of S-box and the rightmost 4-bit are used to retrieve the column value of S-box.
Step 2: This row value and column value act as an index to get the new value from the S Box.
Let’s suppose a byte element S2,2 has a value 25 whose binary representation is 00011001. So, the leftmost
4-bit 0001 represents ‘1’ and the rightmost 1001 represents ‘9’. So, intersection value at row 1 and
column 9 in S-box is ‘D4’. In this way, the value 25 is mapped to the new value D4.
The Substitute Byte function maps each element of 4X4 state matrix to the new value and forwards this
newly formed 4X4 State matrix to Shift Rows function.
Shift Rows
The input to Shift Row function is a 4X4 state matrix forwarded from the Substitute Bytes function. The
Shift row performs the circular left shift on the rows of the matrix. On the first row, the circular left
shift is performed by 0 bytes.

20
On the second row, a circular left shift is performed by 1 byte. On the third row, the circular left shift is
performed by 2 bytes. On the fourth row of the input state matrix, the circular let shift is performed by 3
bytes. The resultant 4X4 state matrix of Shift Rows function is forwarded to the Mix Column function.

Mix Columns
The input 4X4 state matrix is multiplied with a constant predefined matrix
Each byte element of the resultant matrix of Mix Column function is the sum of the product of one row of
the defined matrix and one column of state matrix.
The product matrix of the Mix Column is forwarded to the last function of a round i.e. Add Round Key.

Add Round Key

In the Add Round Key function, the input state matrix is XORed with the 4-words unique key.
In each round the key used to XOR with state matrix is distinct.
Add Round Key function is a column-wise function, a 4-byte state matrix column is XORed with a 4-
byte word of a key. It can also be taken as byte-level function.

21
 AES Decryption
 The 16-byte cipher text in the form of 4X4 state matrix is XORed with the unique 4-word key.
 The key sequence in encryption is reversed during the decryption.
 And all the other round functions are also inversed in the decryption process to retrieve the
original 16-byte plain text block.
Advantages
1. AES can be implemented on both hardware and software.
2. AES has three key length 128-bits,192-bits and 256-bits.
3. AES is implemented in a wide range of application as it is defined as the standard by NIST.
Disadvantage
The key used in AES if not employed properly it can cause a cryptanalytic attack. Therefore, key
scheduling should be done carefully.

22
23
24
25
26
 RC4 Algorithm
Initialization of S
/* Initialization */
for i = 0 to 255 do Stream Generation
S[i] = i; /* Stream Generation */
T[i] = K[i mod keylen]; i, j = 0;
while (true)
/* Initial Permutation of S */ i = (i + 1) mod 256;
j = 0; j = (j + S[i]) mod 256;
for i = 0 to 255 do Swap (S[i], S[j]);
j = (j + S[i] + T[i]) mod 256; t = (S[i] + S[j]) mod 256;
Swap (S[i], S[j]); k = S[t];
To encrypt, XOR the value with the next byte of plaintext. To decrypt, XOR the value with the
next byte of ciphertext.

27
 UNIT 3 - RSA Algorithm

RSA Algorithm Example

 Choose p = 3 and q = 11
 Compute n = p * q = 3 * 11 = 33
 Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
 Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
 Compute a value for d such that (d * e) % φ(n) = 1.
 One solution is d = 3 [(3 * 7) % 20 = 1]
 Public key is (e, n) => (7, 33)
 Private key is (d, n) => (3, 33)
 The encryption of m = 2 is c = 27 % 33 = 29
 The decryption of c = 29 is m = 293 % 33 = 2

28
 DIFFIE-HELLMAN KEY EXCHANGE
This method is for securely or secretly exchanging cryptographic keys or a key use in encryption
or decryption over a public communications channel or away.
It is named after their inventors who invent this is Whitfield Diffie and Martin Hellman.

Example.
Select prime number q=353 and a primitive root of 353, in this case α=3.
A and B select secret keys
XA = 97
XB = 233
Each computes its public key:
A computes YA = 391 mod 353 = 40.
B computes YB = 3233 mod 353 = 248.
After they exchange public keys, each can compute the common secret key:
A computes K = (YB)XA mod 353 = 24897 mod 353 = 160.
B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.

Key Exchange Protocols:

29
ELGAMAL CRYPTOGRAPHIC SYSTEM

30
 ELIPTIC CURVE CRYPTOGRAPHY
It is a public key encryption technique in cryptography which depends on the elliptic curve theory which
helps us to create faster, smaller, and most efficient or valuable cryptographic keys.
It is certificated to allow key size to remain small while providing a higher level of security to the system.

31
SECURE HASH ALGORITHM ( SHA )

32
33
Message Authentication Function

• Hash function: A function that maps a message of any length into a fixedlength hash value,
which serves as the authenticator
• Message encryption: The ciphertext of the entire message serves as its authenticator
• Message authentication code (MAC): A function of the message and a secret key that
produces a fixed-length value that serves as the authenticator
Message Encryption:

34
MESSAGE AUTHENTICATION CODE ( MAC )

35
DIGITAL SIGNATURE

36