Q.1 Explain security goals and their significance. Q.

Q.3 Encrypt the message “Life is full of surprises” using Q.5 Explain transposition cipher with the help of suitable example.
Security goals refer to the objectives or targets that organizations aim to achieve in order to protect their assets, a. Vigenere Cipher with key : “HEALTH”. In transposition cipher technique plaintext message is hidden by rearranging the orderof plain text letters without
data, systems, and users from various threats and vulnerabilities. These goals are fundamental to establishing a b. Palyfair cipher with the key: “domestic” altering the original letter. In transposition cipher, the letters are written in a row under the key and then arrange
robust and effective security posture within an organization. a. Vigenère Cipher with key: "HEALTH" the column as per alphabetical order. There are two types of transposition ciphers: single columnar and double
Here are some common security goals and their significance: The Vigenère cipher is a polyalphabetic substitution cipher where the encryption of each letter in the plaintext columnar transposition ciphers. In transposition technique, there is no replacement of alphabets or numbers occurs
1. Confidentiality: - Significance: Confidentiality ensures that sensitive information is only accessible to depends on a key. The key is repeated to match the length of the plaintext. instead their positions are changed or reordering of position of plaintext is done to produce ciphertext.
authorized individuals or entities. This helps prevent unauthorized access, disclosure, or leakage of sensitive data, Key: HEALTH Plaintext: Life is full of surprises Transposition cipher is a kind of mapping achieved by performing some sort of permutation on the plaintext
which could lead to financial loss, reputational damage, or legal consequences. To encrypt using the Vigenère cipher, we'll use the following table: message. Transposition cipher also called diffusion which performs permutations on plaintext. Diffusion means
2. Integrity: - Significance: Integrity ensures that data remains accurate, complete, and unaltered during Plaintext: L i f e i s f u l l o f s u r p r i s e s permutation of bit or byte positions.There are two types oftransposition techniques 1. Columnartransposition
transmission, processing, and storage. Maintaining data integrity is crucial for preserving the trustworthiness and Key: H E A L T H E A L T H E A L T H E A L T H E A L T techniques 2. Keyless transposition techniques
reliability of information, as any unauthorized modification or tampering could lead to data corruption, Ciphertext: M K G I T z q w w b r n a z u g q y z a x Columnar Transposition Technique
misinformation, or unauthorized actions. So, the encrypted message using the Vigenère cipher with the key "HEALTH" is: "MKGIT zqwwbrnazugqyzax". Columnar transposition technique is very simple to
3. Availability: - Significance: Availability ensures that systems, services, and resources are accessible and b. Playfair Cipher with key: "domestic" understand having following steps : (1) Write
operational when needed by authorized users. Ensuring high availability helps prevent disruptions to business The Playfair cipher is a polygram substitution cipher where pairs of letters are encrypted using a key table. plaintext message into a rectangle ofsome
operations, minimizes downtime, and maintains productivity. It is essential for maintaining customer satisfaction Key: domestic Plaintext: Life is full of surprises predefined size (rows and columns). (2) Select the
and avoiding financial losses associated with downtime or service outages. To encrypt using the Playfair cipher, we first construct the key table and then apply the encryption rules: random key according to the size of rectangle also
4. Authentication: - Significance: Authentication verifies the identity of users, systems, or entities attempting to omes called columns. (In this technique order ofthe
access resources or services. By confirming the legitimacy of users, authentication helps prevent unauthorized ticab columns is the key). (3) Read the text present in
access and protects against identity theft, fraud, and impersonation attacks. It forms the foundation for enforcing fghkl cach selected random key columns. (4) Combine
access controls and implementing other security measures. npqru all text present in each column as per selected
5. Authorization: - Significance: Authorization determines the actions and resources that authenticated users vwxyz random key order. (5) The resultant text called ciphertext. Example
are permitted to access based on their roles, privileges, and permissions. Effective authorization mechanisms help Plaintext: Life is full of surprises 1. Select any Plaintext :are you missing somebody, 2. Selectrandomkey (according to column size) 5 4 23 16 3.
enforce least privilege principles, ensuring that users only have access to the resources necessary for their tasks. First, we prepare the plaintext by removing any non-alphabetic characters and grouping the letters into pairs Read text present in each column according to key. 4. Oieysmrisdesoyamgounb 5. Final ciphertext is
This reduces the risk of unauthorized access, data breaches, and insider threats. (digraphs): LI FE IS FU LL OF SU RP RI SE S. oieysmrisdesoyamgounb
Next, we apply the encryption rules: Keyless transposition techniques
Q.2 Explain monoalphabetic and polyalphabetic substitution. Encrypt “She is Listening” using Caesar - For each digraph: - If the letters are in the same row, replace each letter with the letter to its right (wrapping Keyless transposition technique also
cipher with key value 15. around if necessary). - If the letters are in the same column, replace each letter with the letter below it (wrapping called Rail fence technique. Algorithm
Monoalphabetic substitution and polyalphabetic substitution are two different techniques used in cryptography to around if necessary). - If the letters form a rectangle, replace each letter with the letter that is in the same row but for keyless transposition technique is given below : (1) Write plaintext message into Zigzag order. 2) Read
encrypt plaintext into ciphertext. on the opposite corner of the rectangle. plaintext message of step 1 in order of row by row. Write plaintext obtained in row 1 and row 2. The resultant
1. Monoalphabetic Substitution: After applying the encryption rules, we get the following ciphertext: "GM SQ HF OV TK RN ZA YZ WF DV ciphertext is Ciphertext :eaeulhlcatnberflwiehtig This technique doesn't want any key. Rows are also fixed (2) so
- In monoalphabetic substitution, each letter in the plaintext is replaced consistently with another letter or symbol ZY". So, the encrypted message using the Playfair cipher with the key "domestic" is: that attacker may get clu: to break the ciphertext obtained using rail fence technique.
according to a fixed substitution table or cipher alphabet. - This means that each occurrence of a particular letter "GMSQHFOVTKRNZAYZWFDVZY".
in the plaintext is substituted with the same replacement letter in the ciphertext. - Examples of monoalphabetic What goals are served using message digest? Explain using MD5.
substitution ciphers include Caesar cipher, Atbash cipher, and simple substitution cipher. Q.4 Write a short note on Digital Certificate X.509 Message Digest functions, such as MD5 (Message Digest Algorithm 5), serve several important goals in
2. Polyalphabetic Substitution: X.509 is a standard format for digital certificates used in various internet protocols to ensure the authenticity, information security. These goals include data integrity verification, message authentication, and digital signatures.
- In polyalphabetic substitution, the substitution of letters depends on the position of the letter within the integrity, and confidentiality of data exchanges. These certificates are issued by trusted entities known as 1. Data Integrity Verification: - One of the primary goals served by message digests is to ensure the integrity of
plaintext and can vary throughout the encryption process. - This involves the use of multiple cipher alphabets or Certificate Authorities (CAs) and are used in applications such as Secure Sockets Layer/Transport Layer Security data. This means detecting whether the data has been altered or tampered with during transmission or storage. -
shifting mechanisms, often based on a keyword or passphrase, to encrypt the plaintext. - Examples of (SSL/TLS), Secure Email (S/MIME), and code signing. Message digests generate fixed-size hash values (digests) from variable-length input data. Even a small change in
polyalphabetic substitution ciphers include the Vigenère cipher and the Autokey cipher. X.509 Digital Certificate: - X.509 is a widely adopted standard for digital certificates that define the format and the input data should result in a significantly different digest. - MD5, for instance, generates a 128-bit hash value
Now, let's encrypt the plaintext "She is Listening" using the Caesar cipher with a key value of 15. attributes of these certificates. - These certificates are used to establish the identity of entities such as individuals, (32 hexadecimal characters) for any input data2. Message Authentication: - Message authentication involves
Caesar Cipher: - In the Caesar cipher, each letter in the plaintext is shifted a certain number of positions down or organizations, or devices in electronic transactions. - X.509 certificates are based on a public-key infrastructure verifying the origin and authenticity of a message. - Message digests can be used to create a digital fingerprint of
up the alphabet. For example, with a key value of 15, each letter is shifted 15 positions to the right. (PKI), where each certificate contains a public key along with information about the entity it identifies, such as a message. This fingerprint can be encrypted with a sender's private key to create a digital signature - Recipients
Plaintext: S h e i s L i s t e n i n g their name, organization, and the CA that issued the certificate. - The certificate is digitally signed by the CA to can then use the sender's public key to decrypt the digital signature and compare it with the computed message
Ciphertext: H s t x h W x h y t s x t r attest to its authenticity and validity. - X.509 certificates are typically used in conjunction with asymmetric digest of the received message. - If the decrypted signature matches the computed digest, it verifies that the
Explanation: encryption algorithms like RSA or ECC to securely transmit sensitive information over untrusted networks. - They message was indeed sent by the claimed sender and that it has not been altered in transit.
- Letter S is shifted 15 positions to the right, becoming letter H. play a crucial role in enabling secure communication and transactions over the internet by providing mechanisms 3. Digital Signatures: - Digital signatures provide a mechanism for non-repudiation, ensuring that a sender
- Letter h is shifted 15 positions to the right, becoming letter s. for authentication, encryption, and data integrity verification. - X.509 certificates adhere to a hierarchical trust cannot deny sending a message. - Message digests are an integral part of digital signature schemes. They serve as
- Letter e is shifted 15 positions to the right, becoming letter t. model, where trust is established through a chain of trust anchored by root CAs. These root CAs are trusted by the basis for generating and verifying digital signatures. - In MD5-based digital signatures, the message digest is
- Similarly, the rest of the letters are shifted accordingly. default and sign the certificates of intermediate CAs, which in turn sign end-entity certificates. Overall, X.509 first computed for the message. Then, the digest is encrypted with the sender's private key to create the digital
So, the encrypted ciphertext for the plaintext "She is Listening" using the Caesar cipher with a key value of 15 is digital certificates form the backbone of internet security by enabling the secure exchange of information between signature. - Recipients can decrypt the digital signature using the sender's public key and compare it with the
"HstxhWxhytsxtr". parties while ensuring trust, confidentiality, and data integrity. computed digest of the received message to verify the sender's identity and the integrity of the message.

Q.6 Discuss in detail ECB, CBC, CFB, OFB and CTR modes of block cipher with the help of block Q.9 In the Diffie-Hellman protocol, α= 7, q=23, XA = 3 and XB = 5
diagram. a. What is the value of the symmetric key? B. What is the value of YA , YB.
Q.7 Elaborate the steps of key generation using the RSA algorithm. In RSA system the public key (E, In the Diffie-Hellman key exchange protocol, two parties establish a shared secret key over an insecure channel
N) of user A is defined as (7, 187). Calculate φ(N) and private key “D”. What is the cipher text for without exchanging the key explicitly.
M=10 using public key . - α (generator) = 7 - q (prime modulus) = 23 - XA (Alice's private key) = 3 - XB (Bob's private key) = 5
The RSA algorithm is a widely used asymmetric encryption algorithm for securing communications over insecure a. To find the value of the symmetric key:
channels. Key generation in RSA involves several steps, including generating large prime numbers, calculating the 1. Alice calculates YA (Alice's public key):
public and private keys, and ensuring certain mathematical properties are met. YA = α^XA mod q = 7^3 mod 23 = 343 mod 23 = 18
Here are the steps for key generation in RSA: 2. Bob calculates YB (Bob's public key):
1. Choose two distinct prime numbers: p and q. 2. Calculate the modulus: N = p * q. 3. Calculate Euler's totient YB = α^XB mod q = 7^5 mod 23 = 16807 mod 23 = 16
function (φ(N)): φ(N) = (p - 1) * (q - 1). 4. Choose a public exponent (e) that is relatively prime to φ(N) and less 3. Now, Alice and Bob exchange their public keys (YA and YB, respectively).
than φ(N). 5. Calculate the private exponent (d) as the modular multiplicative inverse of e modulo φ(N). 6. The 4. Alice computes the symmetric key:
public key is (e, N) and the private key is (d, N). KA = YB^XA mod q = 16^3 mod 23 = 4096 mod 23 = 9
Let's calculate φ(N) and the private key (D) using the given public key (E, N) = (7, 187) 5. Bob computes the symmetric key:
Given: Public key (E, N) = (7, 187) KB = YA^XB mod q = 18^5 mod 23 = 1889568 mod 23 =9
1. Calculate N: b. To find the values of YA and YB:
N = p * q = 187 - YA is the public key generated by Alice, and YB is the public key generated by Bob. - We already calculated
2. Calculate φ(N): YA and YB in part (a). - YA = 1 - YB = 16
Since N is the product of two distinct prime numbers, φ(N) = (p - 1) * (q - 1) = (p - 1) * (q - 1) = (13 - 1) * (17 -
So, the value of the symmetric key is 9, and the values of YA and YB are 18 and 16, respectively. These values
1) = 12 * 16 = 192 allow both Alice and Bob to establish a shared secret key without directly exchanging it over the insecure channel.
3. Find the private exponent (D): To find the private exponent (D), we need to compute the modular multiplicative Points Hmac Cmac
inverse of E (7) modulo φ(N) (192). HMAC is a mechanism for generating a keyed- CMAC is a type of block cipher-based
Using the Extended Euclidean Algorithm or modular inverse calculation methods, we find that D = 55. hash message authentication code. It involves message authentication code. It operates by
Now, let's calculate the ciphertext for plaintext M = 10 using the given public key (E, N) = (7, 187): Definition: hashing a message with a secret key using a encrypting the message with a symmetric
Given: Public key (E, N) = (7, 187), Plaintext M = 10 cryptographic hash to produce a hash-based block cipher under a specific operation
Ciphertext (C) = M^E mod N = 10^7 mod 187 ≈ 57 message authentication code. producing a message authentication code.
So, the ciphertext for plaintext M = 10 using the given public key (E, N) = (7, 187) is approximately 57. HMAC is widely regarded as a secure method CMAC is also considered secure when
for providing message authentication. It offers implemented properly. Its security relies on the
Q.8 Discuss DES with reference to following points: Block size and key size Need of expansion strong security guarantees against various strength of the underlying block cipher and the
permutation Role of S box Weak keys and semi weak keys Possible attacks on DES Security: cryptographic attacks, provided that the mode of operation used. AES-CMAC is
DES (Data Encryption Standard) is a symmetric key block cipher that was developed in the 1970s by IBM and underlying hash function is secure. commonly used with the AES block cipher,
later adopted as a federal standard by the United States government. DES remains significant historically and which is widely regarded as secure.
conceptually in the field of cryptography. Let's discuss DES with reference to the following points: HMAC uses a secret key for generating the CMAC also requires a secret key for
a. Block size and key size: - Block size: DES operates on 64-bit blocks of plaintext. - Key size: The key message authentication code. The same key is generating the message authentication code.
size for DES is 56 bits, with 8 parity bits added to make a total of 64 bits. However, the effective key size is 56 Key Usage:
used for both generating and verifying the Similarly to HMAC, the same key is used for
bits, as the parity bits are ignored during encryption and decryption. authenticity of the message. both generation and verification.
b. Need for expansion permutation: - Expansion permutation is a step in the DES algorithm where the 32- The output size of HMAC depends on the The output size of CMAC typically matches
bit half-block is expanded to 48 bits before being XORed with the round key. - This expansion increases the underlying hash function used. For example, the block size of the underlying block cipher.
mixing of the bits and provides more diffusion, making DES more resistant to cryptanalysis techniques such as Output Size: HMAC-SHA256 produces a 256-bit (32-byte) For AES-CMAC, which uses the AES block
linear and differential cryptanalysis. authentication code. cipher with a 128-bit block size, the output
c. Role of S-box: - S-boxes, or substitution boxes, are a crucial component of the DES algorithm. - In DES, size is 128 bits (16 bytes).
there are 8 S-boxes, each taking 6 bits of input and producing 4 bits of output. - The S-boxes perform HMAC is commonly used for message CMAC is often used in scenarios where block
nonlinear substitutions, which add confusion to the encryption process and enhance the cryptographic strength authentication in various protocols and ciphers are readily available and efficient, such
of DES. Use Cases: applications, including network security digital as in disk encryption, authentication protocols,
d. Weak keys and semi-weak keys: - Weak keys: DES has certain key values known as weak keys, which signatures, authentication in cryptographic APIs. and secure messaging protocols
result in a symmetric encryption algorithm that behaves as if it's the identity function. This means encrypting
with the key results in the same ciphertext as the plaintext. - Semi-weak keys: Semi-weak keys are pairs of HMAC operations typically involve only hash CMAC operations involve both block cipher
keys such that encrypting with one key, followed by decrypting with the other, results in a permutation of the function computations, which can be efficient, encryption and block cipher decryption, which
plaintext rather than its original form. Performance:
especially for smaller message sizes. may introduce additional computational
e. Possible attacks on DES: - Brute-force attack: Due to the small key size of DES, a brute-force attack is overhead, especially for larger message sizes.
feasible, although computationally intensive. Advances in technology have made brute-force attacks on DES
feasible within reasonable time frames