Cyber Security Specialization

Professional Elective-III
8th Semester
Chandigarh University, Gharuan

Securing Windows & Linux L T P C

Subject Code Total Contact Hours: 45 Hours
CSB-471/ITB- 3 0 0 3
Common to Cyber Security
Specialization of CSE 4thYear
471

Marks-100
Internal-40 External-60
Course Objectives
• To use security risk assessments to identify security requirements and to
select controls for systems.
• To use cryptographic controls to protect your information
• To identify various security threat

Unit Course Outcomes

• Understanding of basic security threat and attack
I.
II. • The basic understanding of security model in Windows and Linux

III. • Implementation of cryptographic algorithm

UNIT-I [15 hrs]

Introduction to General Security Concepts: Principles of Information Security,
Information Security Standards, Regulations, and Compliance, Authentication,
Authorization, and
Accounting (AAA).
Cryptography: Basic Cryptography Concepts, PKI Concepts, Implementing PKI
and Certificate Management.

UNIT-II [15 hrs]

Network Security: General Network Concepts and Vulnerabilities, Network Services and
Network Devices, Internet Security and Vulnerabilities, Network Security Tools and
Devices
Application Security: HTTP Security, Electronic Mail, Samba Security.
System Security: General System Security Threats, Hardware and Peripheral Devices,
OS and Application Security, Virtualization, System-Based Security Applications,
Understanding Linux
Security, System Monitoring and Auditing.
UNIT-III[15 hrs.]
Organizational and Operational Security: Physical Security Concepts and
Vulnerabilities, Policies and Procedures, Risk Analysis, Business Continuity and Disaster
Recovery, Network
layer firewalls, transport layer firewalls, application layer firewalls.
Security Assessments and Audits: Vulnerability Assessments and Testing,
Monitoring,
Logging and Auditing.

Remote Access and Authentication: Virtual Private Networking, Strong User

authentication
Text Books:
1. Derrick Rountree ,”Security for Microsoft Windows System Administrators,
Introduction to key Information Security concepts”, Elsevier.
2. Ramón J. Hontanon, Sybex, ”Linux Security”, ISBN: 0-7821-2741-X.
3. Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes,” Linux Security
Cookbook,” O'Reilly, ISBN: 0-596-00391-9.

Securing Windows and Linux Lab L T P C

Total Contact Hours: 45 Hours
Subject Code Common to Cyber Security Specialization 0 0 2 1
th
CSB-472/ITB- 472 of CSE 4 Year
Prerequisite: Basic Knowledge of Security concepts of
Windows/Linux
Marks-100
Internal-60 External-40
Course Objectives
• To use the security risk assessments to identify security requirements and to select
controls for systems.
• To use cryptographic controls to protect your information.
• To identify various security threat

Unit Course Outcome

Knowledge about security threats, vulnerabilities and attacks and Familiarization
with VI editor and security of windows/website.
Knowledge about vulnerabilities.
Understand Linux and windows configurations.
List of Experiments
UNIT I
1. Installation Process of Windows and Linux.
2. Knowledge about the CA server Using Certificates and SSL in windows.
3. Familiarization with the VI editor.
4. Familiarization with the Windows Client Configuration.

UNIT-II
5. To research the Various System Vulnerabilities for the target machine (Internet -
access CVE database of vulnerabilities)
6. Various GUI-Based Vulnerability Scanners to check for Vulnerabilities
a-- NeWT - Using a Vulnerability Scanner in Windows.
7. How to Install Samba Server in Linux.

UNIT III
8. Familiarization with the Name Resolution in Windows.
9. Understanding the Linux Client Configuration.
10. Write a shell script that displays a list of all the files in the current directory to which
the user has read, write and execute permissions.
 NOTES
UNIT-I
Introduction to General Security Concepts: Principles of Information Security,
Information Security Standards, Regulations, and Compliance, Authentication,
Authorization, and Accounting (AAA).
Cryptography: Basic Cryptography Concepts, PKI Concepts, Implementing PKI and
Certificate Management.

Principles of Information Security:

The basic tenets of information security are confidentiality, integrity and availability. Every
element of the information security program must be designed to implement one or more of
these principles. Together they are called the CIA Triad.

Confidentiality
Confidentiality safeguards are in place to avoid unauthorized information dissemination. The
confidentiality principle's goal is to keep personal information confidential and only make it
public and available to those who possess it or need it to accomplish their organizational tasks.
Integrity
Protection against unwanted data modifications (additions, deletions, revisions, and so on) is
included in consistency. The integrity principle assures that data is correct and dependable,
and that it is not tampered with in any way, whether mistakenly or deliberately.
Availability
The capacity of a system to create software systems and data completely accessible when a
customer requires it is known as availability. The goal of availability is to develop
technological infrastructure, applications, and data accessible when they're required for a
business process or by a company's customers.

Information Security Standards

ISO stands for International Organization for Standardization. International Standards

make things to work. These standards provide a world-class specification for products,
services and computers, to ensure quality, safety and efficiency. They are instrumental in
facilitating international trade.
ISO standard is officially established On 23 February 1947. It is an independent, non-
governmental international organization. Today, it has a membership of 162 national
standards bodies and 784 technical committees and subcommittees to take care of
standards development. ISO has published over 22336 International Standards and its related
documents which covers almost every industry, from information technology, to food safety,
to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International

Organization for Standardization and the International Electrotechnical Commission to
provide a globally recognized framework for best information security management. It helps
the organization to keep their information assets secure such as employee details, financial
information, and intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the organization
face. The cyber-attacks are growing day by day making hackers a constant threat to any
industry that uses technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any organization
to managing the best security of their confidential data and information. This standard involves
a process-based approach for establishing, implementing, operating, monitoring, maintaining,
and improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ISO 27002- This standard provides guidelines for organizational information security
standards and information security management practices. It includes the selection,
implementation, operating and management of controls taking into consideration the
organization's information security risk environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is designed to
provide the guidelines for implementation of information security based on a risk management
approach. To completely understand the ISO/IEC 27005, the knowledge of the concepts,
models, processes, and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is
required. This standard is capable for all kind of organizations such as non-government
organization, government agencies, and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This
Standard includes guidelines for protecting the information beyond the borders of an
organization such as in collaborations, partnerships or other information sharing arrangements
with clients and suppliers.

2. IT Act

The Information Technology Act also known as ITA-2000, or the IT Act main aims is to
provide the legal infrastructure in India which deal with cybercrime and e-commerce. The IT
Act is based on the United Nations Model Law on E-Commerce 1996 recommended by the
General Assembly of United Nations. This act is also used to check misuse of cyber network
and computer in India. It was officially passed in 2000 and amended in 2008. It has been
designed to give the boost to Electronic commerce, e-transactions and related activities
associated with commerce and trade. It also facilitate electronic governance by means of
reliable electronic records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning
digital signatures and other sections deal with the certifying authorities who are licenced to
issue digital signature certificates, sections 43 to 47 provides penalties and compensation,
section 48 to 64 deal with appeal to high court, sections 65 to 79 deal with offences, and the
remaining section 80 to 94 deal with miscellaneous of the act.

3. Copyright Act

The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject
of copyright law in India. This Act is applicable from 21 January 1958. Copyright is a legal
term which describes the ownership of control of the rights to the authors of "original works
of authorship" that are fixed in a tangible form of expression. An original work of authorship
is a distribution of certain works of creative expression including books, video, movies, music,
and computer programs. The copyright law has been enacted to balance the use and reuse of
creative works against the desire of the creators of art, literature, music and monetize their
work by controlling who can make and sell copies of the work.

The copyright act covers the following-

o Rights of copyright owners

o Works eligible for protection
o Duration of copyright
o Who can claim copyright

The copyright act does not covers the following-

o Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

o Works that are not fixed in a tangible form (such as a choreographic work that has not
been notated or recorded or an improvisational speech that has not been written down)
o Familiar symbols or designs
o Titles, names, short phrases, and slogans
o Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law

Patent law is a law that deals with new inventions. Traditional patent law protect tangible
scientific inventions, such as circuit boards, heating coils, car engines, or zippers. As time
increases patent law have been used to protect a broader variety of inventions such as business
practices, coding algorithms, or genetically modified organisms. It is the right to exclude
others from making, using, selling, importing, inducing others to infringe, and offering a
product specially adapted for practice of the patent.

In general, a patent is a right that can be granted if an invention is:

o Not a natural object or process

o New
o Useful
o Not obvious.

5. IPR

Intellectual property rights is a right that allow creators, or owners of patents, trademarks or
copyrighted works to benefit from their own plans, ideas, or other intangible assets or
investment in a creation. These IPR rights are outlined in the Article 27 of the Universal
Declaration of Human Rights. It provides for the right to benefit from the protection of moral
and material interests resulting from authorship of scientific, literary, or artistic productions.
These property rights allow the holder to exercise a monopoly on the use of the item for a
specified period.

Regulations

Information security requirements are a collection of legislation, guidelines, frameworks,

and industry-specific regulations to which organizations are either required or recommended
to comply with in order to improve cybersecurity, mitigate risk, and avoid legal consequences.

Information security laws and regulations control how data is stored and used. Learn about
information security and breach notification law, information and privacy laws, and business
compliance.

Laws & Regulations

A law is a rule that is enacted by the judicial system of the country. These rules are created by
the lawmakers. A law is enforceable by the country's judicial system, and the lawbreaker can
be prosecuted in court.
A regulation is the process, or body, responsible for ensuring that the law is put into effect. A
regulation explains the details necessary, whether technical, operational, or legal, to put the
law into effect.
Here's a simple example that you're probably familiar with, at least somewhat. The law says
drivers should produce a valid license at all times. To enforce this law, traffic police do random
checking.
Authentication, Authorization, and Accounting (AAA)
Authentication, Authorization, and Accounting (AAA) is an architectural framework to
gain access to computer resources, enforcing policies, auditing usage, to provide essential
information required for billing of services and other processes essential for network
management and security. This process is mainly used so that network and software
application resources are accessible to some specific and legitimate users. The AAA concept
is widely used in reference to the network protocol RADIUS.

The first step: Authentication

Authentication is the method of identifying the user. With the help of the user’s
authentication credentials, it checks if the user is legitimate or not or if the user has access
to the network, by checking if the user’s credentials match with credentials stored in the
network database. After the authentication is approved the user gains access to the internal
resources of the network.
Authorization
For the user to perform certain tasks or to issue commands to the network, he must
gain authorization. It determines the extent of access to the network and what type of
services and resources are accessible by the authenticated user. Authorization is the method
of enforcing policies.

Accounting
In this stage, the usage of system resources by the user is measured: Login time, Data Sent,
Data Received, and Logout Time. Accounting Process is carried out by logging out the
session statistics and usage information and is used for authorization control, billing,
resource utilization.

The Pros
1. AAA framework increases the scalability of a network: Scalability is the property
of a system to handle a growing amount of work by adding resources to the system.
2. It causes increased flexibility and better control of the network.
3. It helps maintain standard protocols in the network.
4. RADIUS allows for unique credentials for each user.
5. IT Admins will have a central point for the user and system authentication.
The Cons
1. On RADIUS Servers, Configuration and Initial setup can be complicated and time-
consuming.
2. It is a very hard choice to determine which is the best RADIUS server software and
implementation model for your organization.
3. Maintenance can be difficult and time-consuming for on-prem hardware.
Cryptography: Basic Cryptography Concepts, PKI Concepts, Implementing PKI and
Certificate Management.

Cryptography is the study of secure communications techniques that allow only the sender
and intended recipient of a message to view its contents. The term is derived from the Greek
word kryptos, which means hidden.

Cryptography is technique of securing information and communications through use of

codes so that only those person for whom the information is intended can understand it and
process it. Thus preventing unauthorized access to information. The prefix “crypt” means
“hidden” and suffix graphy means “writing”. In Cryptography the techniques which are use
to protect information are obtained from mathematical concepts and a set of rule based
calculations known as algorithms to convert messages in ways that make it hard to decode
it.

Techniques used For Cryptography: In today’s age of computers cryptography is often

associated with the process where an ordinary plain text is converted to cipher text which is
the text made such that intended receiver of the text can only decode it and hence this process
is known as encryption. The process of conversion of cipher text to plain text this is known
as decryption.

Features Of Cryptography are as follows:

1. Confidentiality: Information can only be accessed by the person for whom it is
intended and no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between sender
and intended receiver without any addition to information being detected.
3. Non-repudiation: The creator/sender of information cannot deny his intention to
send information at later stage.
4. Authentication: The identities of sender and receiver are confirmed. As well as
destination/origin of information is confirmed.

Types Of Cryptography: In general there are three types Of cryptography:

 1. Symmetric Key Cryptography: It is an encryption system where the sender and
receiver of message use a single common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler but the problem is that sender and
receiver have to somehow exchange key in a secure manner. The most popular
symmetric key cryptography system is Data Encryption System(DES).

2. Hash Functions: There is no usage of any key in this algorithm. A hash value
with fixed length is calculated as per the plain text which makes it impossible for
contents of plain text to be recovered. Many operating systems use hash functions
to encrypt passwords.

3. Asymmetric Key Cryptography: Under this system a pair of keys is used to

encrypt and decrypt information. A public key is used for encryption and a private
key is used for decryption. Public key and Private Key are different. Even if the
public key is known by everyone the intended receiver can only decode it because
he alone knows the private key.

Applications Of Cryptography:
1. Computer passwords
 2. Digital Currencies
3. Secure web browsing
4. Electronic Signatures
5. Authentication
6. Cryptocurrencies
7. End-to-end encryption

Difference between Hash function

ns, Symmetric, and Asymmetric algorithms:

Symmetric Asymmetric
Feature Hash functions algorithms algorithms

Number of Keys 0 1 2

Length of keys
recommended by NIST 256 bits 128 bits 2048 bits

SHA-256, SHA3-
Example 256, SHA-512 AES or 3DES RSA, DSA, ECC

Cryptanalysis:
1.Classical attacks: It can be divided into:

a) Mathematical analysis: It’s a type of attack that takes advantage of structural flaws in a
specific algorithm.

b) Brute-force attacks: The attacker uses a Brute Force Attack (BFA) to try all potential
keys in order to figure out the key. If the key is long, the attack will take a long time to
execute. Brute-force attacks run the encryption algorithm for all possible cases of the keys
until a match is found. The encryption algorithm is treated as a black box. Analytical attacks
are those attacks that focus on breaking the cryptosystem by analyzing the internal structure
of the encryption algorithm.

2.Social Engineering attack: It is something that is dependent on the human factor. Tricking
someone to reveal their passwords to the attacker or allowing access to the restricted area
comes under this attack. People should be cautious when revealing their passwords to any
third party which is not trusted.

3.Implementation attacks: Implementation attacks such as side-channel analysis can be

used to obtain a secret key. They are relevant in cases where the attacker can obtain physical
access to the cryptosystem.

Classical Encryption Techniques

1. Substitution technique
2. Transposition Technique

Substitution technique Transposition Technique

Caesar Cipher Rail fence

Monoalphabetic Substitution Row Column Transposition

Playfair Cipher

Hill Cipher

One Time Pad

1. Caesar Cipher

The Caesar Cipher technique is one of the earliest and simplest methods of encryption
technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter with a fixed number of positions down the alphabet. For example with a shift of
1, A would be replaced by B, B would become C, and so on. The method is apparently named
after Julius Caesar, who apparently used it to communicate with his officials.

Thus to cipher a given text we need an integer value, known as a shift which indicates the
number of positions each letter of the text has been moved down.
The encryption can be represented using modular arithmetic by first transforming the letters
into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a letter by a
shift n can be described mathematically as.

(Encryption Phase with shift n)

(Decryption Phase with shift n )

Examples :

Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW

Text: ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
Advantages:
• Easy to implement and use thus, making suitable for beginners to learn about
encryption.
• Can be physically implemented, such as with a set of rotating disks or a set of cards,
known as a scytale, which can be useful in certain situations.
• Requires only a small set of pre-shared information.
• Can be modified easily to create a more secure variant, such as by using a multiple
shift values or keywords.
Disadvantages:
• It is not secure against modern decryption methods.
 • Vulnerable to known-plaintext attacks, where an attacker has access to both the
encrypted and unencrypted versions of the same messages.
• The small number of possible keys means that an attacker can easily try all possible
keys until the correct one is found, making it vulnerable to a brute force attack.
• It is not suitable for long text encryption as it would be easy to crack.
• It is not suitable for secure communication as it is easily broken.
• Does not provide confidentiality, integrity, and authenticity in a message.

Example:
Monoalphabetic Substitution:

Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher
alphabet for each plain alphabet is fixed throughout the encryption process. For example,
if 'A' is encrypted as 'D', for any number of occurrence in that plaintext, 'A' will always get
encrypted to 'D'.

All of the substitution ciphers we have discussed earlier in this chapter are monoalphabetic;
these ciphers are highly susceptible to cryptanalysis.
Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain
alphabet may be different at different places during the encryption process. The next two
examples, playfair and Vigenere Cipher are polyalphabetic ciphers

A monoalphabetic substitution is a cipher in which each occurrence of a plaintext symbol

is re

placed by a corresponding ciphertext symbol to generate ciphertext. The key for such a
cipher is a table of the correspondence or a function from which the correspondence is
computed.
Playfair Cipher
In this scheme, pairs of letters are encrypted, instead of single letters as in the case of simple
substitution cipher.
In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that
acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one
letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead
of 26. If the plaintext contains J, then it is replaced by I.
The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the
first characters (going left to right) in the table is the phrase, excluding the duplicate letters.
The rest of the table will be filled with the remaining letters of the alphabet, in natural
order. The key table works out to be –
Process of Playfair Cipher
• First, a plaintext message is split into pairs of two letters (digraphs). If there is an
odd number of letters, a Z is added to the last letter. Let us say we want to encrypt
the message “hide money”. It will be written as −
HI DE MO NE YZ
• The rules of encryption are −
o If both the letters are in the same column, take the letter below each
one (going back to the top if at the bottom)
T U O R I

A L S B C

D E F G H ‘H’ and ‘I’ are in same column, hence take letter below them to replace.
HI → QC
K M N P Q

V W X Y Z

• If both letters are in the same row, take the letter to the right of each one (going
back to the left if at the farthest right)
T U O R I

A L S B C
‘D’ and ‘E’ are in same row, hence take letter to the right of
D E F G H
them to replace. DE → EF
K M N P Q

V W X Y Z
• If neither of the preceding two rules are true, form a rectangle with the two letters
and take the letters on the horizontal opposite corner of the rectangle.
Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would
be −
QC EF NU MF ZV
Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver
has the same key and can create the same key table, and then decrypt any messages made
using that key.

Security Value
It is also a substitution cipher and is difficult to break compared to the simple substitution
cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as
well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26
different possible alphabets.
The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick
to use and requires no special equipment
Vigenere Cipher
This scheme of cipher uses a text string (say, a word) as a key, which is then used for doing a
number of shifts on the plaintext.
For example, let’s assume the key is ‘point’. Each alphabet of the key is converted to its
respective numeric value: In this case,
p → 16, o → 15, i → 9, n → 14, and t → 20.
Thus, the key is: 16 15 9 14 20.

• He now shifts each plaintext alphabet by the number written below it to create
ciphertext as shown below −
 • Here, each plaintext character has been shifted by a different amount – and that
amount is determined by the key. The key must be less than or equal to the size
of the message.
• For decryption, the receiver uses the same key and shifts received ciphertext in
reverse order to obtain the plaintext.

Security Value
Vigenere Cipher was designed by tweaking the standard Caesar cipher to reduce the
effectiveness of cryptanalysis on the ciphertext and make a cryptosystem more robust. It is
significantly more secure than a regular Caesar Cipher.
In the history, it was regularly used for protecting sensitive political and military information.
It was referred to as the unbreakable cipher due to the difficulty it posed to the cryptanalysis.

Hill Cipher
Hill cipher is a polygraphic substitution cipher based on linear algebra.Each letter is
represented by a number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is
used, but this is not an essential feature of the cipher. To encrypt a message, each block of n
letters (considered as an n-component vector) is multiplied by an invertible n × n matrix,
against modulus 26. To decrypt the message, each block is multiplied by the inverse of the
matrix used for encryption.
The matrix used for encryption is the cipher key, and it should be chosen randomly from the
set of invertible n × n matrices (modulo 26).
Examples:
Input : Plaintext: ACT
Key: GYBNQKURP
Output : Ciphertext: POH
Input : Plaintext: GFG
Key: HILLMAGIC
Output : Ciphertext: SWK
Encryption
We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which can be
written as the nxn matrix:
The message ‘ACT’ is written as vector:

The enciphered vector is given as:

which corresponds to ciphertext of ‘POH’

Decryption
To decrypt the message, we turn the ciphertext back into a vector, then simply multiply by
the inverse matrix of the key matrix (IFKVIVVMI in letters).The inverse of the matrix used
in the previous example is:
For the previous Ciphertext ‘POH’:

which gives us back ‘ACT’.

Assume that all the alphabets are in upper case.
Below is the implementation of the above idea for n=3.

Vigenere Cipher
Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form
of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on substitution,
using multiple substitution alphabets. The encryption of the original text is done using
the Vigenère square or Vigenère table.
• The table consists of the alphabets written out 26 times in different rows, each
alphabet shifted cyclically to the left compared to the previous alphabet,
corresponding to the 26 possible Caesar Ciphers.
• At different points in the encryption process, the cipher uses a different alphabet
from one of the rows.
• The alphabet used at each point depends on a repeating keyword.

Example:
Input : Plaintext : GEEKSFORGEEKS
Keyword : AYUSH
Output : Ciphertext : GCYCZFMLYLEIM
For generating key, the given keyword is repeated
in a circular manner until it matches the length of
the plain text.
The keyword "AYUSH" generates the key "AYUSHAYUSHAYU"
The plain text is then encrypted using the process
explained below.
Encryption:
The first letter of the plaintext, G is paired with A, the first letter of the key. So use row
G and column A of the Vigenère square, namely G. Similarly, for the second letter of the
plaintext, the second letter of the key is used, the letter at row E, and column Y is C. The
rest of the plaintext is enciphered in a similar fashion.
Decryption:
Decryption is performed by going to the row in the table corresponding to the key, finding
the position of the ciphertext letter in this row, and then using the column’s label as the
plaintext. For example, in row A (from AYUSH), the ciphertext G appears in column G,
which is the first plaintext letter. Next, we go to row Y (from AYUSH), locate the
ciphertext C which is found in column E, thus E is the second plaintext letter.
A more easy implementation could be to visualize Vigenère algebraically by converting
[A-Z] into numbers [0–25].

Encryption
The plaintext(P) and key(K) are added modulo 26.
Ei = (Pi + Ki) mod 26

Decryption
Di = (Ei - Ki + 26) mod 26

Note: Di denotes the offset of the i-th character of the plaintext. Like offset of A is 0 and
of B is 1 and so on.

Transposition Technique

1.Rail fence ciphers: Rail fence ciphers are examples of transposition ciphers: The
characters in the plaintext message are permuted to create the ciphertext. In the rail fence
cipher, the permutation is obtained from a very simple pattern. Other transposition ciphers use
other manipulations to permute the characters.

Encryption
In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.

• In the rail fence cipher, the plain-text is written downwards and diagonally on
successive rails of an imaginary fence.
• When we reach the bottom rail, we traverse upwards moving diagonally, after
reaching the top rail, the direction is changed again. Thus, the alphabets of the
message are written in a zig-zag manner.
• After each alphabet has been written, the individual rows are combined to obtain
the cipher-text.
For example, if the message is “GeeksforGeeks” and the number of rails = 3 then cipher is
prepared as:

Decryption
As we’ve seen earlier, the number of columns in rail fence cipher remains equal to the length
of plain-text message. And the key corresponds to the number of rails.
Hence, rail matrix can be constructed accordingly. Once we’ve got the matrix we can figure-
out the spots where texts should be placed (using the same way of moving diagonally up and
down alternatively).
• Then, we fill the cipher-text row wise. After filling it, we traverse the matrix in zig-
zag manner to obtain the original text.
Implementation:
Let cipher-text = “GsGsekfrekeoe” , and Key = 3
Number of columns in matrix = len(cipher-text) = 13
• Number of rows = key = 3
Hence original matrix will be of 3*13, now marking places with text as ‘*’ we get
* _ _ _ *_ _ _ * _ _ _ *
_*_*_*_*_*_*
_ _ * _ _ _ *_ _ _ * _

* G_ _ _ *s _ _ _ *G _ _ _ *s

_ * e_ * k_ * f_ *r _ * e_ *k
 _ _ *e _ _ _ *o _ _ _ *e _

Columnar Transposition Cipher

Given a plain-text message and a numeric key, cipher/de-cipher the given text using
Columnar Transposition Cipher
The Columnar Transposition Cipher is a form of transposition cipher just like Rail Fence
Cipher. Columnar Transposition involves writing the plaintext out in rows, and then reading
the ciphertext off in columns one by one.

Examples:

Encryption
Input : Geeks for Geeks
Key = HACK
Output : e kefGsGsrekoe_
Decryption
Input : e kefGsGsrekoe_
Key = HACK
Output : Geeks for Geeks

Encryption
Input : Geeks on work
Key = HACK
Output : e w_eoo_Gs kknr_
Decryption
Input : e w_eoo_Gs kknr_
Key = HACK
Output : Geeks on work

Encryption
In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
1. The message is written out in rows of a fixed length, and then read out again column
by column, and the columns are chosen in some scrambled order.
2. Width of the rows and the permutation of the columns are usually defined by a
keyword.
3. For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword. In
this case, the order would be “3 1 2 4”.
4. Any spare spaces are filled with nulls or left blank or placed by a character
(Example: _).
5. Finally, the message is read off in columns, in the order specified by the keyword.
Decryption
1.
2. To decipher it, the recipient has to work out the column lengths by dividing the
message length by the key length.
3. Then, write the message out in columns again, then re-order the columns by
reforming the key word.

PKI Concepts

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software, or digital document.
The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and

then message digest is encrypted using private key of sender to form the digital
signature. (digital signature = encryption (private key of sender, message
digest) and message digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital
signature is transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This
assures authenticity, as only sender has his private key so only sender can
encrypt using his private key which can thus be decrypted by sender’s public
key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual
message is sent with the digital signature).
6. The message digest computed by receiver and the message digest (got by
decryption on digital signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from
hash value of the message is very difficult.
Benefits of Digital Signatures
• Legal documents and contracts: Digital signatures are legally binding. This
makes them ideal for any legal document that requires a signature
authenticated by one or more parties and guarantees that the record has not
been altered.
• Sales contracts: Digital signing of contracts and sales contracts authenticates
the identity of the seller and the buyer, and both parties can be sure that the
signatures are legally binding and that the terms of the agreement have not
been changed.
• Financial Documents: Finance departments digitally sign invoices so
customers can trust that the payment request is from the right seller, not from a
bad actor trying to trick the buyer into sending payments to a fraudulent
account.
• Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential
information was not modified when it was transmitted between the consenting
parties.
• Federal, state, and local government agencies have stricter policies and
regulations than many private sector companies. From approving permits to
stamping them on a timesheet, digital signatures can optimize productivity by
ensuring the right person is involved with the proper approvals.
• Shipping Documents: Helps manufacturers avoid costly shipping errors by
ensuring cargo manifests or bills of lading are always correct. However, physical
papers are cumbersome, not always easily accessible during transport, and can
be lost. By digitally signing shipping documents, the sender and recipient can
quickly access a file, check that the signature is up to date, and ensure that no
tampering has occurred.
Digital Certificate
Digital certificate is issued by a trusted third party which proves sender’s identity to the
receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the
identity of the certificate holder. The CA issues an encrypted digital certificate containing
the applicant’s public key and a variety of other identification information. Digital
certificate is used to attach public key with a particular individual or an entity.

Digital certificate vs digital signature :

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring
that the message is sent by the known user and not modified, while digital certificate is
used to verify the identity of the user, maybe sender or receiver. Thus, digital signature
and certificate are different kind of things but both are used for security. Most websites
use digital certificate to enhance trust of their users.

Feature Digital Signature Digital Certificate

Basics / Definition Digital signature is like a fingerprint or
an attachment to a digital document that
ensures its authenticity and integrity.
Process / Steps Hashed value of original message is
encrypted with sender’s secret key to
generate the digital signature.
Security Services Authenticity of Sender, integrity of the
document and non-repudiation.
Standard It follows Digital Signature Standard
(DSS).
Digital certificate is a file that
ensures holder’s identity and
provides security.
It is generated by CA (Certifying
Authority) that involves four
steps: Key Generation,
Registration, Verification,
Creation.
It provides security
and authenticity of certificate
holder.
It follows X.509 Standard
Format

A PKI consists of people, hardware, software, policies, documents, and procedures. A public PKI is is
used to secure communication in the world at large (for example, over the internet) and derives its authority
from one or more public certificate authorities (CAs).
PKI (public key infrastructure) is the underlying framework that enables entities -- users and
servers -- to securely exchange information using digital certificates. The entities that facilitate
and use PKI typically involve general internet users, web clients or browsers, and company
servers -- though this can extend to other virtual machines (VMs) as well.

The word infrastructure describes PKIs since it does not refer to one single physical entity.
Instead, it refers to the components used to encrypt data and authenticate digital certificates.
These components include the hardware, software, policies, procedures and entities needed to
safely distribute, verify and revoke certificates.

In technical terms, PKI is a two-key asymmetric cryptosystem that supports various information
technology (IT) systems in their pursuit of high-level information
confidentiality, encryption and confidence. The two keys, in this case, are also the two main
pieces that facilitate this secure data management: a public key and a private key.

Digital keys are like regular keys, except they are used to lock and unlock digital materials. In
this case, lock describes encryption. Encryption is the process by which digital information is
scrambled to protect it from unauthorized viewers. By using a key, users can lock and unlock
data as they please. The unique part about keys is that they can also be shared with others. If
someone accessed another person's digital key, they would be able to decrypt their encrypted
data and messages. PKI involves the use of two digital keys to ensure the safety of the entities
and data involved.

How PKI works

Imagine that person A wants to send person B an encrypted message over the internet. One way
to secure this exchange is by using PKI. If person A chooses to use PKI, they will first need
person B's public key before they can send a message. A public key enables any user to encrypt
information for a specified entity. The only way to decrypt a public key is by using its respective
private key.

Public key features Private key features

Used to encrypt data Used to decrypt data

Can be distributed and used by anyone Should not be distributed or shared

Can only be decrypted with the associated Can only decrypt information encrypted by
private key associated public key
Not a secret is a secret

Elements of PKI
A typical PKI includes the following key elements:

• Certificate authority. A trusted party provides the root of trust for all PKI
certificates and provides services that can be used to authenticate the identity of
individuals, computers and other entities. Usually known as certificate
authorities (CAs), these entities provide assurance about the parties identified in a
PKI certificate. Each CA maintains its own root CA, for use only by the CA.
• Registration authority. This is often called a subordinate CA and issues PKI
certificates. The registration authority (RA) is certified by a root CA and is
authorized to issue certificates for specific uses permitted by the root.
• Certificate store. This is usually permanently stored on a computer but can also be
maintained in memory for applications that do not require that certificates be stored
permanently. The certificate store enables programs running on the system to
access stored certificates, certificate revocation lists (CRLs) and certificate trust
lists (CTLs).
• Certificate database. This database stores information about issued certificates. In
addition to the certificate itself, the database includes the validity period and status
of each PKI certificate. Certificate revocation is done by updating this database,
which must be queried to authenticate any data digitally signed or encrypted with
the secret key of the certificate holder.
When is PKI required?
One of the most common applications of the PKI framework is Secure Sockets Layer (SSL)
protocols. SSL -- and its successor, Transport Layer Security (TLS) -- help establish the
authenticated and encrypted links between different networked computers used in PKI. The
applications of these protocols can extend to a number of activities, most of which are
browser-related. Below are a few of the modern uses of PKI:

• digital signature software/applications

• email encryption
• internet of things (IoT) security
• network security
• server-hosted communication protection
• password recovery
• file description
• smart card authentication
• web communications security

Problems with PKI

PKI provides a chain of trust so that identities on a network can be verified. However, like
any chain, PKI is only as strong as its weakest link. There are various standards that cover
aspects of PKI -- such as the Internet X.509 PKI Certificate Policy and Certification
Practices Framework, or Request for Comments (RFC) 2527.

The CA/Browser Forum is an industry consortium founded in 2005 whose members include
CAs, browser software publishers and other system providers that use X.509 digital
certificates for encryption and authentication. The CA/Browser Forum publishes guidelines
and best practices for CAs, browser and other parties involved in PKI as it relates to the use
of digital certificates.

Although a CA is often referred to as a trusted third party, shortcomings in the security

procedures of various CAs in recent years have jeopardized trust in the entire PKI on which
the internet depends. If one CA is compromised, the security of the entire PKI is at risk. For
example, in 2011, web browser vendors were forced to place all certificates issued by Dutch
CA DigiNotar on a blocklist after discovering more than 500 fake certificates.
In 2017, Google engineers identified problems with certificates issued through Symantec's
CA business, which led to subsequent distrust of certificates issued by Symantec prior to
the sale of its CA business to DigiCert.