Chapter Three

Information Security Techniques

Part – I
Classical Encryption Principles & Algorithms

Information Security
(SE3052)
1 Compiled by Alemu w., (awcourseapp@gmail.com) , Tuesday,
March 22, 2021
 Introduction
 Institutions of all sizes collect and store huge volumes of confidential
information and most of this information is collected, processed and stored on
computers and transmitted across networks to other computers.
 The rapid growth and widespread use of electronic data processing and
electronic business conducted through the Internet, along with numerous
occurrences of international terrorism, fueled the need for better methods of
protecting the computers and the information.
 Information security means protecting information and information systems
from unauthorized access, use, disruption, or destruction.
 So that, the OSI security architecture provides a systematic frame work for
defining security attacks

2
 Terminologies
 Cryptography:
 The art of protecting transmitted information from unauthorized interception or
tampering
 The art and science of encompassing the principle and methods of transforming an
intelligible (plain text) message into one that is unintelligible(cipher text), and then
retransforming that message back to its original form.
 The sender enciphers a message into unintelligible form, and the receiver deciphers it
into intelligible form
 The enciphering and deciphering of messages into secret codes by means of various
transformations of the plaintext
 Cryptography is closely related to communication theory, namely coding theory
 Coding Theory involves translating information of any kind (text, scientific data,
pictures, sound, and so on) into a standard form for transmission, and protecting this
information against distortion by random noise.
3
 Terminologies
 Plain text:
 The original intelligible message or data that is fed into the algorithm as input
 The plaintext is not quite the same as the message being sent
 The message probably has to be translated into some standard form to be encrypted; for
example, this might be leaving out the punctuation, turning it into ASCII code or a sequence of
numbers, etc.
 But there is nothing secret about this stage; knowing the plaintext is equivalent to knowing
the message
 Cipher text:-
 The scramble message produced as an output of the encryption algorithm

 Key(Secret Key):
 Is some critical information used by the encryption algorithm as input to encrypt the plaintext
 It is independent of the plaintext and encryption algorithm
 It is only known to the sender and receiver
4
 Terminologies
 Enciphering or Encryption:

 The process of converting the plaintext to cipher text

 Considered as a component of the cryptographic framework

 It’s role is to offer the confidentiality axis of the CIA triad

 Needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be

decrypted (converted to the clear form ) we shall need a key and the same algorithm

 Deciphering/Decryption:- is the process of restoring back the plaintext from the cipher

text.
 Cryptanalysis(code breaking):-The process of deriving the plaintext from the cipher text

(breaking a code) without being in possession of the key or the system

 Cryptology:-The scientific study of cryptography and cryptanalysis

5
 approaches to Information Security
 Link Encryption:

 Each vulnerable communication link is equipped on both ends with an encryption device.

 User information, header, trailers, source/destination addresses and routing data will be

encrypted
 The only data/information that will not be encrypted is data link control message infn

 The main disadvantage is that it is effective only if all potential weak links from source to

destination are secured.

 It is designed to protect packet sniffers and eavesdroppers

 End-to-End Encryption:

 Data is encrypted only at the source node and decrypted at the destination node.

 Nobody in between the sender and the receiver

 The cryptographic keys used to encrypt and decrypt the messages are stored exclusively on the

endpoints
6
 Characteristics of Cryptographic Systems
 All encryption algorithms are based on two general principles:

 Substitution: Element in the plain text(bit, letter or groups) is mapped into another element

 Transposition: Elements in the plain text are rearranged

 The number of keys used:-

 Symmetric: If both sender and receiver use similar or single key for both encryption and

decryption, then its called conventional encryption

 Asymmetric: If the sender and receiver use different keys or two keys, then its called Public-key

encryption.

 Processing plain text

 Block cipher: Processes the input one block of elements(typically 64 or 128 bits) at a time,

producing an output block for each input block

 Stream cipher: Processes the input elements (one bit/byte) continuously, producing output one

element at a time, as it goes along

7
 Symmetric (Conventional) Encryption
 The algorithm should be strong enough so that an opponent who knows the

algorithm and has access to one or more cipher text would be unable to
decipher the cipher text or figure out the key.
 Sender & receiver must have to obtain the secret key in secure fashion and

keep it secure
 If someone can found the key and knows the algorithm, all communication

using the key is readable

 If the key is generated at the message source, then it must be provided to the

destination by means of some secure channel

 Alternatively, a third party could generate the key and securely deliver it to

both source and destination

8
 Attacking Symmetric Encryption
 Cryptanalysis:

 To recover the plaintext of a cipher text or, more typically, to recover the secret key

 A method for circumventing the security of a cryptographic system by finding a weakness in a

code, cipher, cryptographic protocol or key management scheme

 Rely on nature of the algorithm and some knowledge of plaintext characteristics and even some

sample plain text - cipher text pairs

 Exploits characteristics of algorithm to deduce specific plaintext or key

 Kerkhoff’s principle: The adversary knows all details about a cryptosystem except the secret

key

 Brute-force Attack:

 Try all possible keys on cipher text until get an intelligible translation into plaintext

 On average, half of all possible keys must be tried to achieve success

 Cryptanalytic Attack: Different forms of cryptanalysis

9
 Cryptanalytic Attack
 Classified by how much information needed by the attacker:

 Cipher text-only attack, Known-plaintext attack, Chosen-plaintext attack, Chosen-

cipher text attack and Chosen-text attack

 Cipher text-only attack

 Attacker knows cipher text of several messages encrypted with same key

 Possible to recover plaintext (also possible to deduce key) by looking at frequency of

cipher text letters

 That is given a cipher text c and the question is, what is the plaintext m?

 An encryption scheme is completely insecure if it cannot resist cipher text-only

attacks
 The easiest to defend against because the opponent has the least amount information to

work with
10
 Cryptanalytic Attack
 Known-plaintext attack

 The attacker knows the Algorithm, cipher text and plaintext-cipher text pair

 Attackers observe pairs of plaintext-cipher text encrypted with the same secret key.

 Possible to deduce key and/or devise algorithm to decrypt cipher text.

 That is given (m1,c1), (m2,c2), …, (mk, ck) and a new cipher text c

 Q: what is the plaintext m and what is the secret key in use?

 Chosen-plaintext attack

 Attacker can choose the plaintext and look at the paired cipher text

 Attacker has more control than known-plaintext attack and may be able to gain more information

about key
 That is given: (m1,c1), (m2,c2), …,(mk,ck), where m1, m2, …, mk are chosen by the adversary; and

a new cipher text c

 Q: what is the plaintext c, or what is the secret key?

 The attacker knows the Algorithm, cipher text and chosen plaintext and its cipher text
11
 Cryptanalytic Attack
 Chosen-cipher text attack

 Attacker chooses a series of plaintexts, basing the next plaintext on the result of

previous encryption
 The Encryption algorithm, cipher text and purported cipher text chosen by

cryptanalyst, together with its corresponding decrypted plaintext generated with the
secret key are known to cryptanalyst.
 That is given: (m1,c1), (m2,c2), …,(mk, ck), where c1, c2, …, ck are chosen by the

adversary; and a new cipher text c.

 Q: what is the plaintext of c, or what is the secret key?

 The attacker knows the Algorithm, cipher text & chosen plaintext and its cipher text

12
 Cryptanalytic Attack
 Chosen-text attack

 The attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the

corresponding cipher texts

 The attacker knows the Algorithm, cipher text, chosen plaintext and chosen cipher text

 The goal of the attack is to gain some further information which reduces the security of the

encryption scheme.
 In the worst case, a chosen-plaintext attack could reveal the scheme's secret key.

 Two forms of Chosen-text attack

 Batch chosen-plaintext attack - The attacker chooses all plaintexts before any of them are

encrypted
 Adaptive chosen-plaintext attack: The attacker has the ability to make his choice of the

inputs to the encryption algorithm based on the previous chosen plaintext queries and
their corresponding ciphertexts
13
 Transposition Cipher
 Rearrange letters in plaintext to produce cipher text

 Rail-Fence Cipher, Route Cipher, Columnar transposition, Double

transposition, Disrupted Transposition and Myszkowski Transposition

 Rail-Fence Transposition:

 The plaintext is written downwards and diagonally on successive "rails" of an

imaginary fence
 Move up when we reach the bottom rail and move down when we reach the top rail

 The message is then read off in rows.

 Example: If we have 3 "rails" and a message of ‘KILL THE QUEEN', the cipher

writes out
K T U
 Encryption/Transposition Result: KTU ILHQEN LEE
I L H Q E N
L E E
14
 Transposition Cipher
 Route Cipher:

 In a route cipher, the plaintext is first written out in a grid of given dimensions, then

read off in a pattern given in the key.

 Route ciphers have many more keys than a rail fence.

 In fact, for messages of reasonable length, the number of possible keys is potentially

too great to be enumerated even by modern machinery.

 Example, if we have 3 "rails" and a message, “KILL THE QUEEN”, the cipher

writes out:
 The key might specify “spiral inwards, clockwise, starting from the top right”

 Encryption/Transposition Result: EENUHLIK LEQT

K L E E
I T Q E
L H U N
15
 Transposition Cipher
 Columnar transposition

 The message is written out in rows of a fixed length, and then read out again column

by column, and the columns are chosen in some scrambled order.

 Both the width and the permutation of the columns are usually defined by a keyword.

 Example, the word ZEBRAS is of length 6 (so the columns are of length 6), and the

permutation is defined by the alphabetical order of the letters in the keyword.

 In this case, the order would be "6 3 2 4 1 5".

 In a regular columnar transposition cipher, any spare spaces are filled with nulls; in
6 3 2 4 1 5
an irregular columnar transposition cipher, the spaces are left blank
W E A R E D
 Example: WE ARE DISCOVERED FLEE AT ONCE
I S C O V E
 Encryption/Transposition Result:
R E D F L E
EVLNFACDTSESEAAROFODDEECQWIREE E A T O N C
16 E A S D F Q
 Transposition Cipher
 Double transposition:

 A single columnar transposition could be attacked by guessing possible column

lengths, writing the message out in its columns and then looking for possible anagrams.
 Thus to make it stronger, a double transposition was often used, this is simply a

columnar transposition applied twice.

 The same key can be used for both transpositions, or two different keys can be used.

 Example: Take the result of the irregular columnar transposition in the previous

section, and perform a second encryption with a keyword, STRIPE, which gives the
permutation "564231” 5 6 4 2 3 1
E
 Message: EVLNFACDTSESEAAROFODDEECQWIREE V L N F A

 Encryption/Transposition Result:
C D T S E S
E A A R O F
ASFCE NSRER FEOEE LTADI ECEOQ VDADW
O D D E E C
17 Q W I R E E
 Example
 We are software Engineers at WKU.
4 1 3 2
 1. Soft
A O A N
 2. Ware E A U E
S W E N
 1. Construct columns
S K W E
 2. orders to read columns
T E I R
W R F R
G E T

 K1=> C1 = AOANEAU ESWENSK WETEIRW RFRGET

 K2=> C2 = OAWKERE NENERR AUEWIFT AESSTWG

18
 Transposition Cipher
 Myszkowski Transposition

 A variant form of columnar transposition THAT requires a keyword with recurrent

letters.
 In usual practice, subsequent occurrences of a keyword letter are treated as if the next

letter in alphabetical order, e.g., the keyword TOMATO yields a numeric key string
of "532164."
 In Myszkowski transposition, recurrent keyword letters are numbered identically,

TOMATO yielding a key string of “432143”.

4 3
 Example: Message – WE ARE DISCOVERED FLEE AT ONCE. 2 1 4 3
W E A R E D
 Encryption/Transposition Result:
I S C O V E
ROFOD ACDTS EDSEEEACAQ WEIVRLENEF R E D F L E
E A T O N C
19 E A S D F Q
 Chapter Three
Security Techniques

Part – II
Substitution Cipher

Information Security
(SE3052)

20 Compiled by Alemu w., (awcourseapp@gmail.com) , Tuesday,

March 22, 2021
 Substitution Cipher
 A substitution technique is one in which the letters of plaintext are replaced by

other letters, numbers or symbols.

 If the plaintext is viewed as a sequence of bits, then substitution involves

replacing plaintext bit patterns with cipher text bit patterns.

 Mono alphabetic or Simple cipher:

 Caesar (Additive) cipher

 Multiplicative Cipher

 Affine Cipher

 Polyalphabetic cipher

 Vigenère cipher

 Play fair cipher - Multiple letter cipher

21
 Substitution Cipher - Mono Alphabetic
 In mono alphabetic substitution, the relationship between a symbol in the

plaintext to a symbol in the cipher text is always one-to-one.

 Plaintext characters are substituted by a different alphabet stream of characters

shifted to the right or left by n positions

 E.g. ABCDEFGHIJKLMNOPQRSTUVWXYZ =

DEFGHIJKLMNOPQRSTUVWXYZABC

 Additive Cipher:
 The simplest mono alphabetic cipher and sometimes called Shift or Caesar cipher, but
Additive cipher reveals its mathematical nature
 Caesar cipher corresponds to n = 3
Num. Val 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Key = 3 D E F G H I J KLM N O P Q R S T U V W X Y Z A B C

 Example: Move the Software Engineers “UP”. (Use Caesar Cipher)

22  Encryption/Transposition Result: PRYH WKH VRIWZDU HQJLQHHUV XS

 Substitution Cipher – Mono Alphabetic
 Additive Cipher

 When the cipher is additive, the plaintext, cipher text, and key are integers in Z26

 General architecture:

 Example: Use the additive cipher with key = 15 to encrypt the message “hello”

 Encryption/Transposition Result: WTAAD

23
 Substitution Cipher – Mono Alphabetic
 Additive Cipher Brute-force Cryptanalysis Attack

 If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is

easily performed: simply try all the 25 possible keys.

 Three important characteristics of this problem enabled us to use a brute-force

cryptanalysis:
 The encryption and decryption algorithms are known.

 There are only 25 keys to try

 The language of the plaintext is known and easily recognizable

 Brute-force cryptanalysis impractical in an algorithm that employs a large number of

keys and if the language of the plain text is unknown

 Example: Eve has intercepted the cipher text “PHHW PH DIWHU WKH WRJD

SDUWB”.
24
 Encryption/Transposition Result:: Meet Me After Toga Party
 Substitution Cipher – Mono Alphabetic
 Multiplicative Cipher

 Caesar ciphers are encrypted by adding modulo 26 (C = p + key mod 26, where C is

ciphertext and p is plaintext) and are decrypted by adding the inverse of the key.
 It seems reasonable to consider what would happen if we encrypted by multiplying modulo

26; i.e., C = mp mod 26 where is m is called the multiplicative key.

 But, things do not go as well as they did for Caesar ciphers.

 The plaintext and cipher text are integers in Z26, and the key is also an integer in Z26*

 The key domain for any multiplicative cipher: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25

 Example: Use a multiplicative cipher to encrypt the message “hello” with a key of 7

 Encryption/Transposition Result: XCZZU

 Why even numbers in Z26* are not in the key set of multiplicative cipher?

 The only multipliers that are possible are those that result in one-to-one mappings.

25
 Substitution Cipher – Mono Alphabetic
 Multiplicative Cipher

26
 Substitution Cipher – Mono Alphabetic
 Affine Cipher

 If encrypting once is good, twice must be better. Correct? Well, not always.

 Consider encrypting a message twice with Caesar ciphers. Let’s say the message was

first encrypted using a Caesar cipher with key 7 and then with 11, the result of the re-
encryption is equivalent to having encrypted the message once with key 18.
 Consider encrypting a message twice with multiplicative ciphers. If a message is first

encrypted with a key 3 and then with key 7, the re-encryption is equivalent to having
encrypted the message once with key 21
 In neither of these cases is the security enhanced by re-encryption.

 Well, how about encrypting first with a Caesar cipher and then re-encrypting with a

multiplicative cipher? This composition does increase security. Such ciphers are
called affine ciphers.
27
 Substitution Cipher – Mono Alphabetic
 Affine Cipher:

 We could first encrypt using a multiplicative cipher with multiplicative key m and

then re-encrypt with a Caesar cipher with additive key b. This results in C = mp+b
where p is plaintext and C is ciphertext.
 Alternatively, we could first encrypt using a Caesar cipher with additive key b and

then re-encrypt with a multiplicative cipher with multiplicative key m. This results in
C = m(p+b).

28
 Substitution Cipher – Mono Alphabetic
 Affine Cipher

 We will agree to always do the multiplicative cipher first

 Example: Use affine cipher to encrypt the message “hello” with the key (7, 2)

 Encryption Result: ZEBBW

 Example: Use affine cipher to decrypt the message “ZEBBW” with the key pair

(7, 2) in modulus 26.

 Conclusion – Mono Alphabetic Cipher

 Each character was substituted by a single character

 They are not secure enough – operates on the key range of Z26 and increasing the

key space is required to achieve better security

 Cryptanalysts are helped by the fact that they have to see what character would

correspond in plaintext for a given cipher text character

29
 Substitution Cipher - Polyalphabetic
 Polyalphabetic cipher’s goal is to make the process of finding a pattern difficult

 Each plaintext character may be replaced by more than one character and each

occurrence of a character may have a different substitute.

 Alphabets ‘A’ through ‘Z’ are represented by 00, 01, 02, … , 25

 The relationship between a character in the plaintext to a character in the cipher

text is one-to-many.

 The most common examples include: Vigenère cipher, Play fair cipher and
Hill Cipher

30
 Substitution Cipher - Polyalphabetic
 Vigenère cipher

 Is the most commonly used polyalphabetic cipher method

 Starts with a 26 x 26 matrix of alphabets in sequence

 First row starts with ‘A’, second row starts with ‘B’, etc.

 It requires a keyword that the sender and receiver know ahead of time

 Each character of the message is combined with the characters of the keyword to find

the cipher text character

 Example: Encrypt a message “SEE ME IN MALL.” with a keyword INFOSEC

 Refer the Vigenère table at the end of the slides or [click here]

 Encryption Result: ARJAWMPUNQZ

S E E M E I N M A L L
I N F O S E C I N F O
31
 Substitution Cipher - Polyalphabetic
 Vigenère cipher

 Easiest way to handle Vigenère cipher is to use arithmetic modulo 26

 The keyword and message characters are converted to corresponding numbers in the

alphabet and added to modulo 26

 Best feature is that same plaintext character is substituted by different cipher text

characters
 Uses the fact that the keyword character helps to get different cipher text

characters from the table

 Vigenère cipher can be seen as combinations of m additive ciphers

 To decrypt, use the table, choose the row corresponding to the keyword character and

look for the cipher text character in that row

 Plaintext character is then at the top of that column
32
 Substitution Cipher - Polyalphabetic
 Vigenère cipher
 Example: Given P = SHE IS LISTENING and K = PASCAL

 Process:
SHEI SLI S TENING
PAS CAL PAS CAL PA
 Result: HHWKSWXSLGNPCG

Can you do it
with Additive
Method?

33
 Substitution Cipher - Polyalphabetic
 Multiple Letter (Play fair) Cipher:

 Play fair cipher is a multiple letter cipher

 Each plaintext letter is replaced by a diagram in this cipher

 Number of possible diagrams is 26 x 26 = 676

 User chooses a keyword and puts it in the cells of a 5 x 5 matrix.

 I and J stay in one cell, Duplicate letters appear only once.

 Alphabets that are not in the keyword are arranged in the remaining cells from left to

right in successive rows in ascending order

 To decrypt, the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the

same rules as for encryption

 Example: Example:- Plaintext: “CRYPTO IS TOO EASY” and Keyword is “INFOSEC”

34
 Substitution Cipher
 Multiple Letter (Play fair) Cipher:

 Grouped text: CR YP TO IS TO XO EA SY
I/J N F O S
E C A B D
G H K L M
P Q R T U
V W X Y Z
 Result: AQ VT YB NI YB YF CB OZ

 Reading Assignment:

 Read about Vernam Cipher: About History, Application, Algorithm and related

issues.
 Note: You are supposed to include this encryption algorithm in your project.
35
 Substitution Cipher - Polyalphabetic
  Hill Cipher

 A polyalphabetic cipher invented by Lester S. Hill & plaintext is divided into equal

size blocks
 The blocks are encrypted one at a time and makes it a block cipher

 Each character in the block contains to the encryption of other characters in the block

 In Hill cipher, the key is a square matrix of size mxm in which m is the size of the

block
 Let the key be K, each element of the matrix is K ij as shown below
C1 = P1K11 + P2K21 + … + PmKm1
C2 = P1K12 + P2K22 + … + PmKm2
….
Cm = P1K1m + P2K2m + … + PmKmm

36
 Substitution Cipher - Polyalphabetic
  Hill Cipher

 The substitution is determined by m linear equations in which each character is

assigned a numerical value (a = 0, b = 1 ... z = 25)

 For m = 3, the system can be described as follows:

= C1 = (k11P1 + k12P2 + k13P3) mod

26
 Example: Given a plaintext = PAY MORE MONEY and the encryption key as follow.
C2 = (k21P1 + k22P2 + k23P3) mod
K = Find the encryption text. 26
C3 = (k31P1 + k32P2 + k33P3) mod
Solution: LNS HDL EWM TRW
26

37
 Substitution Cipher - Polyalphabetic
 Hill Cipher

 Decryption requires using inverse of the matrix K.

 The Inverse K-1 of a matrix K is defined by the equation KK-1= K-1K=I where I is the

identity matrix
 The Hill system can be expressed as:

C = E(K,P) = KP mod 26

P = D(C,K) = K-1C mod 26 = K-1KP

 Hill cipher completely hides single-letter frequencies

 Hill cipher is strong against a cipher text-only attack, it is easily broken with a known

plaintext attack

38
 Chapter Three
Security Techniques

Part – III
Substitution Cipher
DES and AES

Information Security
(SE3052)
39 Compiled by Alemu w., (awcourseapp@gmail.com) , Tuesday,
March 22, 2021
 Data Encryption Standard (DES)
 The Data Encryption Standard (DES) was developed in the 1970s by the National Bureau

of Standards with the help of the National Security Agency.

 Its purpose is to provide a standard method for protecting sensitive commercial &

unclassified data
 IBM created the first draft of the algorithm, calling it LUCIFER and DES officially became

a federal standard in November of 1976.

 In May 1973, and Aug 1974 the NBS (now NIST) called for possible encryption algorithms

for use in unclassified government applications.

 Response was mostly disappointing, however, IBM submitted their Lucifer design

 Following a period of redesign and comment it became the Data Encryption Standard

 The DES algorithm is a careful and complex combination of two fundamental building

blocks of encryption: substitution and transposition.

40
 DES begins by encrypting the plain text as block of 64 bits.
 Substitution Cipher

41
 Substitution Cipher

42
 Substitution Cipher

43
 Substitution Cipher

44
 Substitution Cipher

45
 Substitution Cipher

46
 Substitution Cipher

47
 Substitution Cipher

48
 Substitution Cipher

49
 Substitution Cipher

50
 Substitution Cipher

51
 Substitution Cipher

52
 Substitution Cipher

53
 Substitution Cipher

54
 Substitution Cipher

55
 Substitution Cipher

56
 Substitution Cipher

57
 Substitution Cipher

58
 Substitution Cipher

59
 Substitution Cipher

60
 Substitution Cipher

61
 Substitution Cipher

62
 Substitution Cipher

63
 Substitution Cipher

64
 Substitution Cipher

65
 Substitution Cipher

66
 Substitution Cipher

67
 Substitution Cipher

68
 Substitution Cipher

69
 Substitution Cipher

70
 Substitution Cipher

71
 Substitution Cipher

72