SRI KAILASH

WOMEN’S COLLEGE
(Affiliated to Periyar University)
Periyeri (village),Thalaivasal (Tk),
Salem (Dt) -636112.

DEPARTMENT OF
COMPUTER SCIENCE

CRYPTOGRAPHY

2025-2026 - ODD SEM

III CS
23UCSDE03
 CRYPTOGRAPHY - SYLLABUS

UNIT Contents No. Of.

Hours
I Introduction: The OSI security Architecture – Security Attacks –
Security Mechanisms – Security Services – A model for network 12
Security.
II Classical Encryption Techniques: Symmetric cipher model –
Substitution Techniques: Caesar Cipher – Monoalphabetic cipher – 12
Play fair cipher – Poly Alphabetic Cipher – Transposition techniques –
Stenography
III Block Cipher and DES: Block Cipher Principles – DES – The
Strength of DES – 12
RSA: The RSA algorithm.
IV Network Security Practices: IP Security overview - IP Security
architecture – Authentication Header. Web Security: 12
SecureSocketLayer and Transport Layer
Security – Secure Electronic Transaction.
V Intruders – Malicious software – Firewalls.
12
TOTAL HOURS 60

Textbooks
1 William Stallings, ―Cryptography and Network Security Principles andPractices‖.
Reference Books
1. Behrouz A. Foruzan, ―Cryptography and Network Security‖, Tata McGraw-Hill,
2007.
2 AtulKahate, ―Cryptography and Network Security‖, Second Edition,
2003,TMH.
3 M.V. Arun Kumar, ―Network Security‖, 2011, First Edition,USP.

Web Resources
1 https://www.tutorialspoint.com/cryptography/
2 https://gpgtools.tenderapp.com/kb/how-to/introduction-to-
cryptography
 UNIT- I INTRODUCTION

Cryptography is the study and practice of techniques for secure communication

in the presence of third parties called adversaries. It deals with developing and
analysing protocols that prevents malicious third parties from retrieving information
being shared between two entities thereby following the various aspects of information
security.
Secure Communication refers to the scenario where the message or data shared
between two parties can’t be accessed by an adversary. In Cryptography, an Adversary
is a malicious entity, which aims to retrieve precious information or data thereby
undermining the principles of information security. Data Confidentiality, Data
Integrity, Authentication and Non-repudiation are core principles of modern-day
cryptography.

1. Confidentiality refers to certain rules and guidelines usually executed under

confidentiality agreements which ensure that the information is restricted to
certain people or places.
2. Data integrity refers to maintaining and making sure that the data stays accurate
and consistent over its entire life cycle.
3. Authentication is the process of making sure that the piece of data being claimed
by the user belongs to it.
4. Non-repudiation refers to the ability to make sure that a person or a party
associated with a contract or a communication cannot deny the authenticity of
their signature over their document or the sending of a message.

Consider two parties Alice and Bob. Now, Alice wants to send a message m to Bob
over a secure channel. So, what happens is as follows. The sender’s message or
sometimes called the Plaintext, is converted into an unreadable form using a Key k.
The resultant text obtained is called the Ciphertext. This process is known as
Encryption. At the time of received, the Ciphertext is converted back into the plaintext
using the same Key k, so that it can be read by the receiver. This process is known as
Decryption.
Alice (Sender) Bob (Receiver)
C = E (m, k) ----> m = D (C, k)
Here, C refers to the Ciphertext while E and D are the Encryption and
Decryption algorithms respectively. Let’s consider the case of Caesar Cipher or Shift
Cipher as an example. As the name suggests, in Caesar's Cipher each character in a
word is replaced by another character under some defined rules. Thus, if A is replaced
by D, B by E and so on. Then, each character in the word would be shifted by a
position of 3.
For example:
Plaintext : Geeksforgeeks
Ciphertext : Jhhnvirujhhnv

Types of Cryptography:

There are several types of cryptography, each with its own unique features and
applications. Some of the most common types of cryptography include:
1. Symmetric-key cryptography: This type of cryptography involves the use of a
single key to encrypt and decrypt data. Both the sender and receiver use the same key,
which must be kept secret to maintain the security of the communication.
2. Asymmetric-key cryptography: Asymmetric-key cryptography, also known as
public-key cryptography, uses a pair of keys - a public key and a private key - to
encrypt and decrypt data. The public key is available to anyone, while the private key
is kept secret by the owner.
Hash functions: A hash function is a mathematical algorithm that converts data of
any size into a fixed-size output. Hash functions are often used to verify the integrity
of data and ensure that it has not been tampered with.

Applications of Cryptography:

Cryptography has a wide range of applications in modern-day communication,

including:
 Secure online transactions: Cryptography is used to secure online
transactions, such as online banking and e-commerce, by encrypting sensitive data
and protecting it from unauthorized access.
 Digital signatures: Digital signatures are used to verify the authenticity and
integrity of digital documents and ensure that they have not been tampered with.
 Password protection: Passwords are often encrypted using cryptographic
algorithms to protect them from being stolen or intercepted.
Military and intelligence applications: Cryptography is widely used in military and
intelligence applications to protect classified information and communications.
Challenges of Cryptography:
While cryptography is a powerful tool for securing information, it also presents
several challenges, including:
 Key management: Cryptography relies on the use of keys, which must be
managed carefully to maintain the security of the communication.
 Quantum computing: The development of quantum computing poses a
potential threat to current cryptographic algorithms, which may become
vulnerable to attacks.
 Human error: Cryptography is only as strong as its weakest link, and human
error can easily compromise the security of a communication.

OSI Security Architecture

The OSI Security Architecture is internationally recognized and provides a
standardized technique for deploying security measures within an organization. It
focuses on three major concepts: security attacks, security mechanisms, and security
services, which are critical in protecting data and communication processes. In this
article, we will discuss OSI Security Architecture.
The OSI model can be considered a universal language for computer networking. It is
based on the concept of divide and conquer, it splits up the communication system into
7 abstract layers, and the layer is stacked upon the previous layer. OSI model has seven
layers which are as follows:
 The Physical Layer
 The Data Link Layer
 The Network Layer
 The Transport Layer
 The Session Layer
 The Presentation Layer
 The Application Layer

OSI Security
OSI (Open Systems Interconnection) security refers to a set of protocols, standards, and
techniques used to ensure the security of data and communications in a network
environment based on the OSI model. The International Organisation for
Standardisation (ISO) established this model to provide a conceptual framework for
understanding how different networking protocols interact within a layered
architecture.
Classification of OSI Security Architecture
The OSI (Open Systems Interconnection) Security Architecture defines a systematic
approach to providing security at each layer. It defines security services and security
mechanisms that can be used at each of the seven layers of the OSI model to provide
security for data transmitted over a network. These security services and mechanisms
help to ensure the confidentiality, integrity, and availability of the data. OSI
architecture is internationally acceptable as it lays the flow of providing safety in an
organization. OSI Security Architecture focuses on these concepts:
 Security Attack
 Security mechanism
 Security Service

Classification of OSI Security Architecture

OSI Security Architecture is categorized into three broad categories

namely Security Attacks, Security mechanisms, and Security Services. We will
discuss each in detail:

1. Security Attacks
A security attack is an attempt by a person or entity to gain unauthorized access to
disrupt or compromise the security of a system, network, or device. These are defined as
the actions that put at risk an organization's safety.
They are further classified into 2 sub-categories:
i)Passive Attack: Attacks in which a third-party intruder tries to access the
message/ content/ data being shared by the sender and receiver by keeping a close
watch on the transmission or eave-dropping the transmission is called Passive
Attacks. These types of attacks involve the attacker observing or monitoring system,
network, or device activity without actively disrupting or altering it. Passive attacks
are typically focused on gathering information or intelligence, rather than causing
 damage or disruption. Here, both the sender and receiver have no clue that their
message/ data is accessible to some third-party intruder. The message/ data
transmitted remains in its usual form without any deviation from its usual behavior.
This makes passive attacks very risky as there is no information provided about the
attack happening in the communication process. Passive attacks are further divided
into two parts based on their behavior:
 Eavesdropping: Eavesdropping involves the attacker intercepting and listening
to communications between two or more parties without their knowledge or
consent. Eavesdropping can be performed using a variety of techniques, such
as packet sniffing, or man-in-the-middle attacks.
 Traffic analysis: This involves the attacker analyzing network traffic patterns
and metadata to gather information about the system, network, or device. Here
the intruder can't read the message but only understand the pattern and length
of encryption. Traffic analysis can be performed using a variety of techniques,
such as network flow analysis, or protocol analysis.

ii)Active Attacks: Active attacks refer to types of attacks that involve the attacker
actively disrupting or altering system, network or device activity. Active attacks are
typically focused on causing damage or disruption rather than gathering information
or intelligence. Here, both the sender and receiver have no clue that their message/
data is modified by some third-party intruder. The message/ data transmitted
doesn't remain in its usual form and shows deviation from its usual behavior. This
makes active attacks dangerous as there is no information provided of the attack
happening in the communication process and the receiver is not aware that the
data/ message received is not from the sender. Active attacks are further divided
into four parts based on their behavior:
 Masquerade: Masquerade is a type of attack in which the attacker pretends to
be an authentic sender in order to gain unauthorized access to a system. This
type of attack can involve the attacker using stolen or forged credentials, or
manipulating authentication or authorization controls in some other way.
 Replay: Replay is a type of active attack in which the attacker intercepts a
transmitted message through a passive channel and then maliciously or
fraudulently replays or delays it at a later time.
 Modification of Message: Modification of Message involves the attacker
modifying the transmitted message and making the final message received by the
receiver look like it's not safe or non-meaningful. This type of attack can be used
to manipulate the content of the message or to disrupt the communication
process.
 Denial of service (DoS): Denial of Service attacks involve the attacker
sending a large volume of traffic to a system, network, or device in an attempt to
overwhelm it and make it unavailable to users.

2. Security Mechanism
The mechanism that is built to identify any breach of security or attack on the
organization, is called a security mechanism. Security Mechanisms are also responsible
for protecting a system, network, or device against unauthorized access, tampering, or
other security threats.
 Encipherment (Encryption): Encryption involves the use of algorithms to
transform data into a form that can only be read by someone with the appropriate
decryption key. Encryption can be used to protect data it is transmitted over a
network, or to protect data when it is stored on a device.
 Digital signature: Digital Signature is a security mechanism that involves the
use of cryptographic techniques to create a unique, verifiable identifier for a digital
document or message, which can be used to ensure the authenticity and integrity of
the document or message.
 Traffic padding: Traffic Padding is a technique used to add extra data to
a network traffic stream in an attempt to obscure the true content of the traffic and
make it more difficult to analyze.
 Routing control: Routing Control allows the selection of specific physically secure
routes for specific data transmission and enables routing changes particularly when
a gap in security is suspected.

3. Security Services
Security services refer to the different services available for maintaining the security
and safety of an organization. They help in preventing any potential risks to security.
Security services are divided into 5 types:
 Authentication: Authentication is the process of verifying the identity of a user
or device in order to grant or deny access to a system or device.
 Access control: Access Control involves the use of policies and procedures to
determine who is allowed to access specific resources within a system.
 Data Confidentiality: Data Confidentiality is responsible for the protection of
information from being accessed or disclosed to unauthorized parties.
 Data integrity: Data Integrity is a security mechanism that involves the use of
techniques to ensure that data has not been tampered with or altered in any way
during transmission or storage.
 Non- repudiation: Non-repudiation involves the use of techniques to create a
verifiable record of the origin and transmission of a message which can be used to
prevent the sender from denying that they sent the message.
Benefits of OSI Security Architecture
 Providing Security: OSI Architecture in an organization provides the needed
security and safety preventing potential threats and risks.
 Organising Task: The OSI architecture makes it easy for managers to build a
security model for the organization based on strong security principles.
 Meets International Standards: Security services are defined and recognized
internationally meeting international standards.
 Interoperability: The OSI model divides network functions into multiple levels
makes it easier for different hardware and software components to work together.
 Scalability: The layered method makes networks scalable. New technologies and
protocols can be seamlessly added without interrupting the overall system.
 Flexibility: Each layer can evolve separately and provide flexibility for technology
and application changes.

Security Attacks:
Overview

o What are Security Attacks?

o Different Types of Security Attacks
o Understanding Active Attacks
o Masquerade Attacks
o Modification of Messages Attacks
o Repudiation Attacks
o Replay Attacks
o Denial of Service Attacks
 o Understanding Passive Attacks
o Releasing Message Content Attacks
o Traffic Analysis Attacks

What are Security Attacks?

A security attack is a malicious activity that takes advantage of vulnerabilities in
an application to cause harm. These attacks can be executed by exploiting security flaws
or weaknesses in the system. In this article, we will explore the different types of
attacks, helping you to identify potential threats and protect your application.

Different Types of Security Attacks

When we talk about cyber security attacks, they can generally be categorized into
two types:
o Active attacks
o Passive attacks

Understanding Active Attacks

Active attacks involve an attacker attempting to alter system resources or affect
their operation. This can include data modification or creation of false statements. Let's
take a closer look at some of the forms active attacks can take:

Masquerade Attacks
A masquerade attack occurs when an entity pretends to be another. This can
involve the use of stolen login credentials, exploiting vulnerabilities in software, or
bypassing authentication processes. It's important to note that a masquerade attack can
often involve other types of active attacks.

There are several types of masquerading attacks, including:

 Username and Password Masquerade: In this masquerade attack, a person
uses either stolen or even forged credentials to authenticate themselves as a valid
user while gaining access to the system or application.
 IP address masquerade: This is an attack where the IP address of a malicious
user is spoofed or forged such that the source from which the system or the
application is accessed appears to be trusted.
 Website masquerade: A hacker creates a fake website that resembles as a
legitimate one in order to gain user information or even download malware.
 Email masquerade: This is an e-mail masquerade attack through which an
attacker sends an apparently trusted source email so that the recipient can
mistakely share sensitive information or download malware.
Modification of Messages Attacks

This is when someone changes parts of a message without permission, or mixes

up the order of messages, to cause trouble. Imagine someone secretly changing a letter
you sent, making it say something different. This kind of attack breaks the trust in the
information being sent. For example, a message meaning “Allow JOHN to read
confidential file X” is modified as “Allow Smith to read confidential file X”.

Repudiation Attacks

In a repudiation attack, an attacker tampers with the login controls or network to

alter the author's information. This can range from saving false data in log files to
widespread data alteration on behalf of others, similar to spoofing email messages.

There are several types of repudiation attacks, including:

 Message repudiation attacks: In this attack, a message has been sent by an
attacker, but the attacker later denies the sending of the message. This can be
achieved either through spoofed or modified headers or even by exploiting
vulnerabilities in the messaging system.
 Transaction repudiation attacks: Here, in this type of attack, a transaction-for
example, monetary transaction-is made, and at after some time when the evidence
regarding the same is being asked to be give then the attacker denies ever
performing that particular transaction. This can be executed either by taking
advantage of the vulnerability in the transaction processing system or by the use of
stolen and forged credentials.
 Data repudiation attacks: In a data repudiation attack, data is changed or
deleted. Then an attacker will later pretend he has never done this. This can be
done by exploiting vulnerabilities in the data storage system or by using stolen or
falsified credentials.

Replay Attacks

A replay attack involves the capture and subsequent retransmission of a valid

data transmission. This can be done to masquerade as a legitimate user or to gain
unauthorized access to a system.
Denial of Service Attacks

A Denial of Service (DoS) attack aims to disrupt the normal functioning of a

network, service, or website. This can be done by overwhelming the target with traffic,
or by exploiting vulnerabilities to cause the service to crash.

There are several types of DoS attacks, including:

 Flood attacks: Here, an attacker sends such a large number of packets or
requests to a system or network that it cannot handle them all and the system gets
crashed.
 Amplification attacks: In this category, the attacker increases the power of an
attack by utilizing another system or network to increase traffic then directs it all
into the target to boost the strength of the attack.
To Prevent DoS attacks, organizations can implement several measures,
such as:
1. Using firewalls and intrusion detection systems to monitor network traffic and
block suspicious activity.
2. Limiting the number of requests or connections that can be made to a system or
network.
3. Using load balancers and distributed systems to distribute traffic across multiple
servers or networks.
4. Implementing network segmentation and access controls to limit the impact of a
DoS attack.
Understanding Passive Attacks

Unlike active attacks, passive attacks do not alter any system resources. Instead,
they aim to gather information from the system or track its operations. Let's examine
the two main types of passive attacks:

Releasing Message Content Attacks

This type of passive attack involves an attacker gaining access to confidential or

sensitive information being transmitted between users. This can jeopardise the
confidentiality of the data and violate user privacy.

Traffic Analysis Attacks

In a traffic analysis attack, an attacker tracks the frequency and size of messages
between users to gather information. Even if the data is encrypted, the attacker can still
learn valuable information from the patterns in the communication.
Security Mechanisms:
Cryptography is a technique used to secure communication by converting plain
text into ciphertext, ensuring data confidentiality, integrity, authentication, and non-
repudiation3. Various security mechanisms are employed in cryptography to protect
data and systems from unauthorized access, attacks, and other threats 1.

Types of Security Mechanism

A security mechanism is a method or technology that protects data and systems
from unauthorized access, attacks, and other threats. Security measures provide data
integrity, confidentiality, and availability, thereby protecting sensitive information and
maintaining trust in digital transactions. In this article, we will see types of security
mechanisms.

What is Network Security?

Network Security is a field in computer technology that deals with ensuring the
security of computer network infrastructure. The network is very necessary for sharing
information whether it is at the hardware level such as printer, scanner, or at the
software level. Therefore security mechanisms can also be termed as is set of processes
that deal with recovery from security attacks. Various mechanisms are designed to
recover from these specific attacks at various protocol layers.

Types of Security Mechanism:

 Encipherment : This security mechanism deals with hiding and covering of data
which helps data to become confidential. It is achieved by applying mathematical
calculations or algorithms which reconstruct information into not readable form. It
is achieved by two famous techniques named Cryptography and Encipherment.
Level of data encryption is dependent on the algorithm used for encipherment.
 Access Control : This mechanism is used to stop unattended access to data which
you are sending. It can be achieved by various techniques such as applying
passwords, using firewall, or just by adding PIN to data.
 Notarization : This security mechanism involves use of trusted third party in
communication. It acts as mediator between sender and receiver so that if any
 chance of conflict is reduced. This mediator keeps record of requests made by sender
to receiver for later denied.
 Data Integrity : This security mechanism is used by appending value to data to
which is created by data itself. It is similar to sending packet of information known
to both sending and receiving parties and checked before and after data is received.
When this packet or data which is appended is checked and is the same while
sending and receiving data integrity is maintained.
 Authentication Exchange : This security mechanism deals with identity to be
known in communication. This is achieved at the TCP/IP layer where two-way
handshaking mechanism is used to ensure data is sent or not
 Bit Stuffing : This security mechanism is used to add some extra bits into data
which is being transmitted. It helps data to be checked at the receiving end and is
achieved by Even parity or Odd Parity.
 Digital Signature : This security mechanism is achieved by adding digital data
that is not visible to eyes. It is form of electronic signature which is added by sender
which is checked by receiver electronically. This mechanism is used to preserve data
which is not more confidential but sender's identity is to be notified.

Conclusion
Security methods are critical for protecting data and network infrastructure from
unauthorized access, attacks, and other threats. They protect data integrity, secrecy, and
availability, hence preserving trust in digital transactions. Organizations can protect
sensitive information and maintain secure network communication by using techniques
such as encipherment, access control, notarization, and digital signatures.

Security Services:
Security services in cryptography are essential measures designed to protect
information, systems, and networks from unauthorized access, misuse, or damage.
These services ensure the confidentiality, integrity, and availability of sensitive data and
resources.

Key Security Services

Confidentiality
Confidentiality ensures that information is accessible only to those authorized to access
it. This is achieved through encryption, which converts plain text into an unreadable
format using cryptographic algorithms. Only the intended recipient with the correct
decryption key can access the original information.
Integrity
Integrity guarantees that data remains unchanged and unaltered during storage,
transmission, or processing. This is often achieved using hash functions and digital
signatures, which create a unique fingerprint of the data. Any modification to the data
will result in a different fingerprint, indicating a breach of integrity.
Authentication
Authentication verifies the identity of users or entities attempting to access a system or
resource. This can be done using passwords, biometric scanners, or digital certificates.
Authentication ensures that only legitimate users can access sensitive information.
Non-Repudiation
Non-repudiation prevents the denial of sending or receiving a message. It ensures that
the sender cannot deny having sent a message, and the receiver cannot deny having
received it. Digital signatures are commonly used to provide non-repudiation.
Access Control
Access control restricts access to resources, allowing only authorized users to
perform specific actions. This is implemented through role-based access control (RBAC)
or access control lists (ACLs), which define the permissions for each user or role 12.
Availability
Availability ensures that resources are accessible to authorized users whenever
needed. This is achieved through regular maintenance, upgrades, and protection against
cyber-attacks like Distributed Denial of Service (DDoS) attacks 12.
Security Mechanisms

Security mechanisms are the specific tools, protocols, or procedures employed to

enforce security services. Examples include encryption algorithms (AES, RSA), hash
functions, digital signatures, and secure communication protocols 23.

Conclusion
Security services in cryptography are vital for protecting digital information and
ensuring secure communication. By implementing these services, organizations can
safeguard their data from unauthorized access, maintain data integrity, and ensure the
availability of resources12

Cryptography and Network Security Principles

In the present-day scenario security of the system is the sole priority of any
organization. The main aim of any organization is to protect their data from attackers.
In cryptography, attacks are of two types: Passive attacks and Active attacks.

Passive attacks are those that retrieve information from the system without affecting
the system resources while active attacks are those that retrieve system information
and make changes to the system resources and their operations.

Cryptography
Cryptography is a way to protect information by turning it into secret codes.
When you send a coded message, only someone with the right key can unlock its
meaning. This helps keep your data, like passwords and credit card numbers, safe
from thieves. Many online services use cryptography to ensure your messages and
transactions remain private. By securing data, cryptography supports trust, privacy,
and secure communication in the digital world.
 Cryptography

In above figure, it made the text secure by forming it into cipher text using
an encryption algorithm and further decryption to use it.

Fundamental Network Security Principles

Confidentiality
The degree of confidentiality determines the secrecy of the information. The
principle specifies that only the sender and receiver will be able to access the
information shared between them. Confidentiality compromises if an unauthorized
person is able to access a message.

For Example, let us consider sender A wants to share some confidential

information with receiver B and the information gets intercepted by the attacker C.
Now the confidential information is in the hands of an intruder C.

Authentication
Authentication is the mechanism to identify the user or system or the entity. It
ensures the identity of the person trying to access the information. The authentication
is mostly secured by using username and password. The authorized person whose
identity is preregistered can prove his/her identity and can access the sensitive
information.

Integrity
Integrity gives the assurance that the information received is exact and accurate. If
the content of the message is changed after the sender sends it but before reaching the
intended receiver, then it is said that the integrity of the message is lost.
 System Integrity: System Integrity assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
 Data Integrity: Data Integrity assures that information (both stored and in
transmitted packets) and programs are changed only in a specified and authorized
manner.

Non-Repudiation
Non-repudiation is a mechanism that prevents the denial of the message
content sent through a network. In some cases the sender sends the message and later
denies it. But the non-repudiation does not allow the sender to refuse the receiver.

Access Control
The principle of access control is determined by role management and rule
management. Role management determines who should access the data while rule
management determines up to what extent one can access the data. The information
displayed is dependent on the person who is accessing it.
Availability
The principle of availability states that the resources will be available to
authorize party at all times. Information will not be useful if it is not available to be
accessed. Systems should have sufficient availability of information to satisfy the user
request.

Adapting to Emerging Threats and Technologies:

Adapting to emerging threats and technologies is all about staying ahead of new
risks and taking advantage of new tools to protect your network and systems. As
technology evolves, so do the methods that cybercriminals use to attack. To keep
things safe, businesses and individuals need to stay updated and adapt their security
strategies.

Here's how you can do it:

1. Staying Informed

 Constant Learning: Security threats change all the time.

New viruses, hacking techniques, or data breaches pop up regularly. Keeping up
with the latest news and trends in cybersecurity helps you stay prepared.
 Security Alerts and Updates: Follow industry leaders, blogs, and government
agencies for warnings about new risks and how to prevent them.

2. Using New Technologies

 AI and Automation: Artificial Intelligence (AI) can help detect patterns in data
that could indicate a cyber attack, sometimes even before it happens. Using AI to
monitor your network can improve your defense system.
 Cloud Security: As more businesses move their data and services to the cloud,
it’s essential to understand how to secure cloud-based systems. This includes using
strong encryption, secure authentication, and monitoring tools.
3.Implementing Advanced Security Measures
 Zero Trust Model: The "Zero Trust" approach means never automatically
trusting anyone, even inside the network. It requires users and devices to
constantly prove their identity and security, minimizing risks from inside threats.
 Next-Generation Firewalls (NGFW): These are more advanced than
traditional firewalls. NGFWs include features like intrusion prevention, application
awareness, and cloud-delivered threat intelligence to protect against new threats.

4. Training and Awareness

 Employee Training: Cybersecurity isn't just about tools; it’s also about people.
Teaching employees about phishing, password management, and safe browsing
helps reduce human error, which is one of the biggest risks in cybersecurity.
 Regular Drills: Running mock attack scenarios (like
simulated phishing campaigns) helps employees recognize and respond quickly to
threats.

5. Collaboration and Sharing Information

 Work with Experts: Cybersecurity is a shared responsibility. Joining forces with
cybersecurity groups, experts, or government organizations can help stay ahead of
global cyber threats.
 Threat Intelligence Sharing: This involves sharing information about known
vulnerabilities and attack patterns with others, which can help everyone defend
against common threats.

Developing Security Policies and Procedures:

Creating strong security policies and procedures is essential for protecting an
organization from various cyber threats and ensuring that all employees follow
consistent practices to maintain data safety.
 Access Control: Who has permission to access systems, data, and physical areas,
Create rules for granting and revoking access.
 Data Protection: Outline how to handle sensitive data, including encryption and
storage practices.
 Incident Response: Define what to do if a security breach occurs. This might
include alerting the IT team, investigating the incident, and notifying stakeholders.
 User Training: Ensure that employees understand their role in protecting
company data. This could involve regular security training sessions.
 Password Management: Require strong passwords, set expiration dates, and
provide guidelines for creating them.
 Software Updates: Establish a procedure for regularly updating software to
fix vulnerabilities.
 Backup and Recovery: Outline how often data should be backed up and the
steps to recover it in case of a disaster.
 Make Policies Easy to Understand: Policies should be written in clear, simple
language, so everyone can follow them. Avoid complexity and provide examples
where needed.
 Monitor and Review Regularly: Policies and procedures should be regularly
reviewed to ensure they are up-to-date with emerging threats and changing
technologies. Regular audits and employee feedback can help identify areas for
improvement.

Applying Network Security Principles in the Enterprise:

By applying sound network security principles, businesses can protect
themselves from a variety of threats such as cyberattacks, data breaches, and
unauthorized access. Below are key principles to follow for strong network
security in an enterprise environment:

1. Defense in Depth: Application: Implement firewalls, intrusion detection

systems (IDS), intrusion prevention systems (IPS), encryption, and access controls at
various points in the network.
2. Least Privilege Principle: Application: Limit administrative access, restrict
access to sensitive information, and apply role-based access controls (RBAC) to reduce
the risk of unauthorized access.
3. Network Segmentation: Create subnets based on function or sensitivity (e.g.,
separating internal systems from guest networks or finance systems from other
business operations). Use VLANs and firewalls to enforce segmentation.
4. Encryption: Use protocols like HTTPS, VPNs, and IPsec to encrypt traffic over
public networks. Ensure that sensitive data is encrypted at rest, especially on servers
and endpoints.
5. Strong Authentication and Authorization: Implement multi-factor
authentication (MFA) to strengthen user login security. Use Single Sign-On (SSO)
solutions for better management and efficiency.
6. Regular Monitoring and Logging: Set up Security Information and Event
Management (SIEM) systems to monitor network traffic for abnormal activities.
Maintain detailed logs of network access, changes to critical systems, and user
behavior.
7. Patch Management: Implement an automated patch management system to
ensure timely updates for operating systems, applications, and security tools. Perform
regular vulnerability assessments to identify unpatched systems.
8. Incident Response Planning: Develop a comprehensive incident response plan
(IRP) that includes procedures for containment, investigation, eradication, recovery,
and communication. Ensure staff are regularly trained and conduct mock drills.
9. Security Awareness Training: Conduct regular training sessions on topics like
phishing, password security, and how to handle confidential data. Implement policies
that enforce security behaviors, such as regular password changes and reporting
suspicious activity.
10. Disaster Recovery and Business Continuity: Implement a disaster recovery
plan (DRP) and business continuity plan (BCP) that includes strategies for data
backup, restoring network services, and recovering from attacks such as ransomware.
Issues of Ethics and Law:
The following categories are used to categorize ethical dilemmas in the
security system.
1. Individuals' right to access personal information is referred to as privacy.
2. Property: It is concerned with the information's owner.
3. Accessibility is concerned with an organization's right to collect information.
4. Accuracy: It is concerned with the obligation of information authenticity, fidelity,
and accuracy.
Conclusion
Cryptography and the basics of network security principles helps to keep our digital
world safe. As online networks grow these tools let us verify who we’re talking to, keep
our data private, and ensure messages aren’t changed along the way.
By using strong encryption, careful checks of who can access what, and regular
security checks, we can lower the risk of online attacks. In the end, understanding
cryptography and network security helps people trust the internet more and supports
a safer digital environment for everyone.

A Model for Network Security:

What is Network Security?

It defines the procedure of providing security on network and network resources.
It contains handling the security services on a resource by using access control,
authentication, confidentiality, integrity, and non-repudiation. Computer network
security includes measures taken by a business or various systems to monitor and avoid
unauthorized access from external attackers.
Network security is the security designed to preserve the integrity of the network from
unauthorized connection and threats. The network administrators are responsible for
adopting various defensive measures to guard their networks from possible security
risks.
Computer networks are connected in daily transactions and connections inside the
government, private, or corporate that require security. The simple and straightforward
method of securing network support is allocating it with a unique name and a matching
password.

The network security consists of the following −

 Protection − The user should be able to configure their devices and networks
accurately.
 Detection − The user must detect whether the configuration has changed or get
a notification if there is any problem in the network traffic.
 Reaction − After detecting the problems, the user must respond to them and
must return to a protected position as quickly as possible.

Network Security Services

There are various services of network security which are as follows −
Message Confidentiality
Message confidentiality or privacy defines that the sender and the receiver expect
confidentiality. The transmitted message should create sense to only the predetermined
receiver.
Message Integrity
Message integrity defines that the data should appear at the receiver exactly as
they were transmitted. There should be no changes during the transmission, neither
unintentionally nor sarcastically. As increasingly monetary exchanges appear over the
web, integrity is essential.
Message Authentication
Message authentication is a service beyond message integrity. In message
authentication, the receiver wants to be sure of the sender's existence and that an
imposter has not transmitted the message.

Message Nonrepudiation
Message nonrepudiation defines that a sender should not be capable of denying
sending a message that he or she did send. For example, when a customer sends a
message to transfer money from one account to another, the bank must have proof that
the customer requested this transaction.

Entity Authentication
In entity authentication (or user identification), the entity or user is verified
before access to the system resources (files, for example). For example, a candidate who
requires accessing the university resources is required to be authenticated during the
logging procedure. This is to protect the interests of the university and the student.
Introduction
With rapid advancement of technology and growth of internet, network security
has become an increasingly important issue. Organizations and individuals alike are
constantly at risk of cyber-attacks, and consequences of a successful attack can be
devastating. In this article, we will discuss a model for network security that can be used
by organizations to protect their networks.
Before implementing a network security model, it is important to understand
threat landscape. Cyber attackers can use a variety of techniques to compromise a
network, including

Malware

Malware is malicious software that is designed to damage, disrupt or steal data from a
computer system. Examples of malware include viruses, worms, and Trojan horses.

Phishing

Phishing is a technique used by attackers to steal sensitive information such as

passwords and credit card numbers. Phishing attacks often involve use of fake emails or
websites that appear to be legitimate.

Denial of Service (DoS)

DoS attacks are designed to overwhelm a network or server with traffic, making it
impossible for legitimate users to access network.

Man-in-the-Middle (MitM)

MitM attacks involve an attacker intercepting communications between two parties in

order to steal data or inject malicious code into communication.

SQL Injection

SQL injection is a technique used by attackers to exploit vulnerabilities in a web

application to gain access to sensitive information stored in a database.
Designing a Network Security Model
Now that we understand threat landscape, we can design a model for network security
that will help protect against these types of attacks. There are four key components to a
network security model

Perimeter Security

Perimeter security is first line of defense against cyber-attacks. It involves implementing

firewalls, intrusion detection systems, and other security measures to protect network
from external threats.
Access Control

Access control is used to manage who has access to network and what they can do once
they are connected. This includes implementing password policies, role-based access
control, and other security measures to prevent unauthorized access.

Data Protection

Data protection involves implementing measures to ensure confidentiality, integrity,

and availability of data. This includes encryption, backup and recovery, and other
security measures to protect data from unauthorized access, modification, or
destruction.

Monitoring and Response

Monitoring and response involves use of security tools to detect and respond to security
incidents in real-time. This includes implementing security information and event
management (SIEM) systems, intrusion detection systems, and other security tools to
monitor network activity and identify potential threats.

Examples of Network Security Model Implementation

Let's take a look at some examples of organizations that have successfully implemented
a network security model.

Google

Google is known for its robust security measures. company uses a layered
approach to network security, with perimeter security, access control, data protection,
and monitoring and response all playing a role. Google also has a dedicated security
team that is responsible for identifying and responding to potential threats.

IBM

IBM has implemented a network security model that includes perimeter security,
access control, and data protection measures. company also uses advanced threat
detection and response tools to monitor network activity and identify potential threats
in real-time.

Amazon

Amazon uses a variety of security measures to protect its network, including

firewalls, intrusion detection systems, and encryption. company also has a dedicated
security team that is responsible for monitoring network activity and responding to
potential threats.
In addition to four key components of a network security model, there are other
important considerations that organizations should keep in mind when designing and
implementing their network security strategy.
These include

Employee Education and Training

Employees are often weakest link in network security. It is important for

organizations to provide regular education and Incident Response Plan training to
employees to ensure that they understand risks and best practices for network security.
This includes training on password policies, phishing scams, and how to identify and
respond to potential security incidents.

Regular Updates and Patches

Software vulnerabilities can be exploited by attackers to gain unauthorized access

to a network. It is important for organizations to regularly update and patch software to
ensure that any vulnerabilities are addressed and to stay up-to-date with latest security
best practices.

Third-Party Vendors and Contractors

Many organizations work with third-party vendors and contractors who may
have access to their network. It is important to implement strict access control
measures and vet these vendors and contractors to ensure that they meet same security
standards as organization.

Incident Response Plan

Even with a robust network security model in place, it is still possible for a
security incident to occur. It is important for organizations to have an incident response
plan in place that outlines how to respond to a security incident, who is responsible for
what, and what steps should be taken to contain and remediate incident.
By taking these additional considerations into account, organizations can further
strengthen their network security model and better protect against potential cyber-
attacks.

Conclusion
Network security is a critical issue for organizations of all sizes. By understanding
threat landscape and implementing a network security model that includes perimeter
security, access control, data protection, and monitoring and response, organizations
can protect themselves against potential cyber-attacks. Examples of organizations such
as Google, IBM, and Amazon have shown that implementing a comprehensive network
security model can help protect against potential threats and ensure confidentiality,
integrity, and availability of data.
It is important for organizations to prioritize network security and invest in necessary
tools and resources to protect their networks from cyber-attacks. With right model in
place, organizations can minimize risk of data breaches, protect their reputation, and
ensure safety of their users and customers.

MCQ :

1. Which of the following is NOT a security goal in the OSI security

architecture?
o A. Confidentiality
o B. Integrity
o C. Accessibility
o D. Availability
Answer: C. Accessibility
2. Which layer of the OSI model is concerned with encryption and
decryption to ensure data confidentiality?
o A. Application
o B. Presentation
o C. Transport
o D. Network
Answer: B. Presentation
3. The term "security mechanism" in the OSI security architecture
refers to:
o A. Tools to attack a system
o B. Functions to implement security services
o C. Protocols for networking
o D. Network devices for monitoring
Answer: B. Functions to implement security services
4. Which of the following OSI layers is most directly responsible for
ensuring authentication and authorization?
o A. Application
o B. Network
o C. Data Link
o D. Session
Answer: A. Application

5. Which of the following is NOT a typical security service in the OSI

security architecture?
o A. Authentication
o B. Encryption
o C. Monitoring
o D. Non-repudiation
Answer: C. Monitoring
6. Which of the following is an example of an active security attack?
o A. Eavesdropping
o B. Data modification
o C. Traffic analysis
o D. Denial of Service (DoS)
Answer: B. Data modification
7. Which of the following attacks involves impersonating a user to gain
unauthorized access?
o A. Phishing
o B. Man-in-the-middle
o C. Spoofing
o D. DoS
Answer: C. Spoofing

8. A denial-of-service (DoS) attack typically aims to:

o A. Steal data
o B. Make a service unavailable
o C. Alter network traffic
o D. Gain unauthorized access
Answer: B. Make a service unavailable
9. Which type of attack focuses on intercepting and altering
communications between two parties without their knowledge?
o A. Man-in-the-middle
o B. Replay attack
o C. Trojan horse
o D. DDoS attack
Answer: A. Man-in-the-middle
10. Which of the following is a passive attack?
o A. Eavesdropping
o B. Packet injection
o C. Data alteration
o D. DoS
Answer: A. Eavesdropping
11. Which security mechanism is used to ensure that information is not
altered during transmission?
o A. Authentication
o B. Encryption
o C. Integrity check
o D. Non-repudiation
Answer: C. Integrity check
12. Which of the following security mechanisms ensures that messages
can only be read by the intended recipient?
o A. Authentication
o B. Confidentiality
o C. Integrity
o D. Authorization
Answer: B. Confidentiality
13. Which of the following mechanisms is primarily used to verify the
identity of a user?
o A. Public key infrastructure (PKI)
o B. Firewall
o C. Authentication
o D. Encryption
Answer: C. Authentication
14. In the context of security mechanisms, what does hashing provide?
o A. Encryption for confidentiality
o B. Integrity by producing a unique identifier for data
o C. Authentication through password matching
o D. Decryption for security
Answer: B. Integrity by producing a unique identifier for data

15. Which security mechanism ensures that the origin of a message can
be verified?
o A. Authentication
o B. Non-repudiation
o C. Confidentiality
o D. Authorization
Answer: B. Non-repudiation
16. Which security service guarantees that data is delivered without
modification?
o A. Confidentiality
o B. Integrity
o C. Authentication
o D. Availability
Answer: B. Integrity

17. Which security service prevents unauthorized access to data?

o A. Authentication
o B. Confidentiality
o C. Integrity
o D. Availability
Answer: B. Confidentiality
18. Which security service provides proof that a transaction took place,
ensuring that neither party can deny it later?
o A. Authentication
o B. Integrity
o C. Non-repudiation
o D. Confidentiality
Answer: C. Non-repudiation
19. What is the primary goal of the availability security service?
o A. Ensuring confidentiality of data
o B. Protecting against denial of service attacks
o C. Authenticating user identity
o D. Encrypting data in transit
Answer: B. Protecting against denial of service attacks

20. Which of the following security services provides mechanisms to

verify that the sender of a message is the one it claims to be?
o A. Non-repudiation
o B. Authentication
o C. Confidentiality
o D. Integrity
Answer: B. Authentication
21. The model for network security is based on the principle of:
o A. Defense in depth
o B. Single-layer protection
o C. Avoiding encryption
o D. Public accessibility
Answer: A. Defense in depth

22. In the OSI security architecture, the concept of "layered defense" is

known as:
o A. Security domains
o B. Layered security
o C. Defense in depth
o D. Security zones
Answer: C. Defense in depth
23. In a typical model for network security, which of the following is the
first line of defense?
o A. Intrusion detection systems (IDS)
o B. Firewalls
o C. Encryption
o D. Authentication
Answer: B. Firewalls
24. Which of the following is a common approach used to detect and
prevent attacks in a network security model?
o A. Authentication
o B. Encryption
o C. Intrusion detection system (IDS)
o D. Hashing
Answer: C. Intrusion detection system (IDS)

25. Which of the following is NOT a part of a network security

architecture?
o A. Access control
o B. Intrusion detection
o C. Network segmentation
o D. Backup restoration
Answer: D. Backup restoration
26. Which cryptographic algorithm is widely used for securing
communication over the Internet?
o A. DES
o B. AES
o C. RSA
o D. SHA
Answer: B. AES

27. Which of the following is the main difference between symmetric and
asymmetric encryption?
o A. Symmetric encryption uses two keys, asymmetric uses one
o B. Symmetric encryption uses one key, asymmetric uses two
o C. Asymmetric encryption is faster
o D. Symmetric encryption is unbreakable
Answer: B. Symmetric encryption uses one key, asymmetric uses two
28. In asymmetric encryption, what is the role of the public key?
o A. To decrypt the data
o B. To encrypt the data
o C. To sign the data
o D. To verify the signature
Answer: B. To encrypt the data

29. What does SSL/TLS primarily provide in network security?

o A. Confidentiality through encryption
o B. Authentication and integrity
o C. Availability of data
o D. Non-repudiation
Answer: A. Confidentiality through encryption
30. Which of the following is a type of cryptographic hash function?
o A. RSA
o B. AES
o C. MD5
o D. DES
Answer: C. MD5

31. A security policy defines:

o A. The encryption algorithm to be used
o B. The operational procedures for security breaches
o C. The rules and guidelines for securing information systems
o D. The hardware components used in a secure system
Answer: C. The rules and guidelines for securing information systems
32. Which of the following is NOT a key component of security
management?
o A. Risk assessment
o B. Incident response
o C. Encryption algorithm selection
o D. Asset classification
Answer: C. Encryption algorithm selection
33. Which of the following layers of the OSI model primarily deals with
encryption and decryption to ensure data confidentiality?

o A. Application
o B. Presentation
o C. Transport
o D. Network
Answer: B. Presentation

34. The OSI security architecture defines security services that can be
provided at which of the following?
o A. Application layer
o B. Transport layer
o C. Network layer
o D. All of the above
Answer: D. All of the above
35. Which of the following is NOT a security service defined in the OSI
security architecture?
o A. Authentication
o B. Integrity
o C. Availability
o D. Security monitoring
Answer: D. Security monitoring
36. The OSI Security Architecture categorizes security mechanisms into
which two types?
o A. Active and passive mechanisms
o B. Open and closed mechanisms
o C. Hardware and software mechanisms
o D. Encrypted and unencrypted mechanisms
Answer: A. Active and passive mechanisms
37. Which of the following OSI layers is responsible for providing
communication security services such as access control and security
labeling?
o A. Application layer
o B. Transport layer
o C. Network layer
o D. Data link layer
Answer: A. Application layer
38. Which of the following attacks intercepts communication between
two parties without them knowing?
o A. Man-in-the-middle
o B. Eavesdropping
o C. Phishing
o D. Denial of Service (DoS)
Answer: A. Man-in-the-middle
39. A DoS (Denial of Service) attack typically aims to:
o A. Steal confidential information
o B. Make a system or service unavailable
o C. Alter network traffic
o D. Monitor network activity
Answer: B. Make a system or service unavailable
40. Which of the following is an example of a passive attack?
o A. Data modification
o B. Eavesdropping
o C. DoS attack
o D. Man-in-the-middle
Answer: B. Eavesdropping
41. Which attack involves a malicious user gaining access to a network
and pretending to be someone else by falsifying their identity?
o A. Phishing
o B. Spoofing
o C. DoS
o D. SQL Injection
Answer: B. Spoofing
42. A Distributed Denial of Service (DDoS) attack is characterized by:
o A. A single source of attack
o B. Multiple sources launching an attack
o C. Altering network data
o D. Using social engineering techniques
Answer: B. Multiple sources launching an attack
43. Which cryptographic mechanism ensures data confidentiality during
transmission?
o A. Hashing
o B. Encryption
o C. Digital signatures
o D. Access control
Answer: B. Encryption
44. What is the primary purpose of a hash function in security
mechanisms?
o A. To encrypt data
o B. To verify the integrity of data
o C. To manage access control
o D. To authenticate users
Answer: B. To verify the integrity of data
45. Which of the following is NOT a typical security mechanism used to
ensure data integrity?
o A. Hash functions
o B. Digital signatures
o C. Public-key encryption
o D. Symmetric encryption
Answer: D. Symmetric encryption
46. In the context of security mechanisms, what is the role of
authentication?
o A. To ensure the sender is the true sender of a message
o B. To provide data confidentiality
o C. To verify the identity of a user or system
o D. To ensure the data is not altered
Answer: C. To verify the identity of a user or system
47. Which security mechanism ensures that a message has not been
altered in transit?
o A. Authentication
o B. Encryption
o C. Hashing
o D. Non-repudiation
Answer: C. Hashing
48. Which of the following security services ensures that the sender of a
message cannot deny sending it?
o A. Non-repudiation
o B. Authentication
o C. Integrity
o D. Confidentiality
Answer: A. Non-repudiation
49. What does the confidentiality service in the OSI security architecture
guarantee?
o A. That data is delivered to the correct recipient
o B. That the data remains unchanged during transmission
o C. That the data is kept secret and is not disclosed to unauthorized users
o D. That the sender cannot deny the message was sent
Answer: C. That the data is kept secret and is not disclosed to
unauthorized users
50. Which of the following services ensures that data is not altered
during transmission?
o A. Integrity
o B. Confidentiality
o C. Authentication
o D. Availability
Answer: A. Integrity

5 MARK QUESTIONS:

1.Explain the OSI Security Architecture and its key components. How does it
relate to network security?
2.Differentiate between active and passive security attacks, providing examples
of each.
3.Explain the role of cryptography in ensuring confidentiality, integrity, and
authentication within the OSI security architecture.
4.Discuss the various security services provided by the OSI security architecture.
How do they contribute to securing communication?
5.Explain the concept of "defense in depth" in network security. How does this
model enhance security?

10 MARK QUESTIONS:

1.Explain the OSI security architecture in detail.

2.Describe in detail the different types of security attacks in the OSI security
architecture, distinguishing between active and passive attacks.
3.Discuss the role of cryptographic mechanisms in the OSI security architecture.
4.Define and explain the various security services provided in the OSI security
architecture.
5.Explain the concept of defense in depth as a model for network security.
6.Discuss the role and importance of security policies and their management in
an organization’s overall security strategy.
7.Discuss in detail the role of firewalls in network security.
8.Explain the concepts of authentication and authorization in the context of
network security.
9.Explain the role of Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS) in the security of a network.
10.Discuss the role of cryptography in ensuring network security.
 UNIT-II – CLASSICAL ENCRYPTION TECHNIQUES

Classical cryptography is a method of securing communication by transforming

plain text into an encoded format known as cipher text. This transformation is
controlled by a key, which is a data string used to encrypt and decrypt the information.
The primary goal of classical cryptography is to ensure that only authorized parties can
access the original data1.
Types of Classical Cryptography
 Symmetric Cryptography: In symmetric cryptography, a single key is used to
encrypt and decrypt data. This encryption key is the private key. This is the
limitation of this encryption technique that this private key must be distributed
only among the authorized sender and receiver.

 Asymmetric Cryptography: In the asymmetric cryptography a pair of key, i.e.,

public key and private key is used for encryption and decryption. A sender can use
its public key to encrypt the data and on receiver end receiver can decrypt the data
by using its private key. This technique overcomes the problem of key distribution.

Advantages of Classical Cryptography

 Unbreakable with One-Time Pad: When using a one-time pad, classical
cryptography is theoretically unbreakable1.
 Manual Implementation: It can be implemented manually without the need for
computers1.
 Protection from Casual Snooping: It protects plain text from casual snooping1.
Disadvantages of Classical Cryptography
 Limited Security: Vulnerable to frequency analysis and brute-force attacks, making
it inadequate for modern threats.
 Key Management Challenges: Requires secure distribution and management of
keys, increasing the risk of interception and misuse.
 Scalability Issues: Inefficient for large-scale use, as the number of unique keys
needed grows exponentially with more users.
 Unsuitable for Modern Data: Not suitable for encrypting modern data formats
and large datasets1.
 Lack of Data Integrity and Authentication: Does not provide built-in
mechanisms for data integrity, authentication, or non-repudiation.
Classical cryptography, based on mathematical principles, has been a fundamental
method for securing communication. However, it faces challenges in terms of security,
key management, and scalability, making it less suitable for modern data protection
needs. Despite its limitations, it remains an important foundation in the field of
cryptography.
Symmetric Cipher Model
Symmetric Encryption is the most basic and old method of encryption. It uses
only one key for the process of both the encryption and decryption of data. Thus, it is
also known as Single-Key Encryption.
A few basic terms in Cryptography are as follows:
Plain Text: original message to be communicated between sender and receiver
Cipher Text: encoded format of the original message that cannot be understood by
humans
Encryption (or Enciphering): the conversion of plain text to cipher text
Decryption (or Deciphering): the conversion of cipher text to plain text, i.e.,
reverse of encryption.
The Symmetric Cipher Model:
A symmetric cipher model is composed of five essential parts:
1. Plain Text (x): This is the original data/message that is to be communicated to
the receiver by the sender. It is one of the inputs to the encryption algorithm.
2. Secret Key (k): It is a value/string/textfile used by the encryption and decryption
algorithm to encode and decode the plain text to cipher text and vice-versa
respectively. It is independent of the encryption algorithm. It governs all the
conversions in plain text. All the substitutions and transformations done depend on
the secret key.
3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs
and produces Cipher Text as output. It implies several techniques such as
substitutions and transformations on the plain text using the secret key.
E(x, k) = y
4. Cipher Text (y): It is the formatted form of the plain text (x) which is unreadable
for humans, hence providing encryption during the transmission. It is completely
dependent upon the secret key provided to the encryption algorithm. Each unique
secret key produces a unique cipher text.
5. Decryption Algorithm (D): It performs reversal of the encryption algorithm at
the recipient's side. It also takes the secret key as input and decodes the cipher text
received from the sender based on the secret key. It produces plain text as output.
D(y, k) = x

Requirements for Encryption:

There are only two requirements that need to be met to perform encryption. They are,
1. Encryption Algorithm: There is a need for a very strong encryption algorithm
that produces cipher texts in such a way that the attacker should be unable to crack
the secret key even if they have access to one or more cipher texts.
2. Secure way to share Secret Key: There must be a secure and robust way to
share the secret key between the sender and the receiver. It should be leakproof so
that the attacker cannot access the secret key.

Key Principles

In symmetric key cryptography, the encryption algorithm converts plaintext into

ciphertext using a secret key, and the decryption algorithm converts the ciphertext back
into plaintext using the same key. The process can be represented as:
encrypt(plaintext, key) = ciphertext
decrypt(ciphertext, key) = plaintext
This method is efficient and fast, making it suitable for bulk encryption 12.
Types of Symmetric Ciphers
Symmetric ciphers can be broadly classified into two types: block ciphers and stream
ciphers.
Block Ciphers
Block ciphers encrypt data in fixed-size blocks. A common example is the Advanced
Encryption Standard (AES), which uses 128-bit blocks. Other examples include DES,
3DES, and Blowfish.
 Stream Ciphers
Stream ciphers encrypt data one bit or byte at a time. They are similar to the one-time
pad but use a pseudo-random sequence instead of a truly random key. Examples
include RC4 and ChaCha2013.
Advantages
 Speed: Symmetric ciphers are generally faster than asymmetric ciphers.
 Efficiency: They require less computational power, making them suitable for
encrypting large amounts of data.
Disadvantages
 Key Management: The need to securely share and manage keys can be challenging,
especially in large systems.
 Security: If the key is compromised, the entire communication is at ris
Common Symmetric Cipher Systems
Data Encryption Standard (DES)
DES is an older symmetric cipher that uses a 56-bit key. It has been largely replaced by
more secure algorithms like AES due to its vulnerability to brute-force attacks1.
Advanced Encryption Standard (AES)
AES is a widely used symmetric cipher that is more secure than DES. It supports key
sizes of 128, 192, and 256 bits and is used in various applications, including SSL/TLS for
secure web communications1.
Blowfish
Blowfish is another symmetric block cipher that uses variable key lengths from
32 to 448 bits. It is known for its speed and effectiveness 1.
Twofish
Twofish is a successor to Blowfish and supports key sizes up to 256 bits. It was a
finalist for the AES standard and is known for its high security 1.
Symmetric ciphers are essential in modern cryptography, offering a balance between
speed and security. However, their effectiveness depends on proper key management
and the use of strong encryption algorithms.
Substitution Technique in Cryptography
Substitution technique is a classical encryption technique where the
characters present in the original message are replaced by the other characters
or numbers or by symbols. If the plain text (original message) is considered as the
string of bits, then the substitution technique would replace bit pattern of plain text
with the bit pattern of cipher text.
We will discuss some of the substitution techniques which will help us to
understand the procedure of converting plain text o cipher text. In this section, we will
study the following substitution techniques:
 Substitution Technique:

1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Cipher
6. One-Time Pad

Mathematical representation
The encryption can be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a
letter by a shift n can be described mathematically as.

(Encryption Phase with shift n)

(Decryption Phase with shift n)

Examples:
Plain Text: I am studying Data Encryption
Key: 4
Output: M eq wxyhCmrk Hexe IrgvCtxmsr

Plain Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Key: 4
Output: EFGHIJKLMNOPQRSTUVWXYZabcd

Algorithm for Substitution Cipher:

Input:
 A String of both lower and upper case letters, called PlainText.
 An Integer denoting the required key.
Procedure:
 Create a list of all the characters.
 Create a dictionary to store the substitution for all characters.
 For each character, transform the given character as per the rule, depending on
whether we’re encrypting or decrypting the text.
 Print the new string generated.
 Time Complexity: O(n)
Auxiliary Space: O(n)
Caesar Cipher

This the simplest substitution cipher by Julius Caesar. In this substitution technique, to
encrypt the plain text, each alphabet of the plain text is replaced by the alphabet three
places further it. And to decrypt the cipher text each alphabet of cipher text is replaced
by the alphabet three places before it.

Let us take a simple example:

Plain Text: meet me tomorrow

Cipher Text: phhw ph wrpruurz

Look at the example above, we have replaced, ‘m’ with ‘p’ which occur three
places after, ‘m’. Similarly, ‘e’ is replaced with ‘h’ which occurs in three places after ‘e’.

Note: If we have to replace the letter ‘z’ then the next three alphabets counted after ‘z’
will be ‘a’ ‘b’ ‘c’. So, while counting further three alphabets if ‘z’ occurs it circularly
follows ‘a’.

There are also some drawbacks of this simple substitution technique. If the
hacker knows that the Caesar cipher is used then to perform brute force cryptanalysis,
he has only to try 25 possible keys to decrypt the plain text.The hacker is also aware of
the encryption and decryption algorithm.

Caesar Cipher in Cryptography

The Caesar Cipher is one of the simplest and oldest methods of encrypting
messages, named after Julius Caesar, who reportedly used it to protect his military
communications. This technique involves shifting the letters of the alphabet by a fixed
number of places. For example, with a shift of three, the letter 'A' becomes 'D', 'B'
becomes 'E', and so on. Despite its simplicity, the Caesar Cipher formed the groundwork
for modern cryptographic techniques. In this article, we'll explore how the Caesar
Cipher works, its significance, and its impact on the development of cryptography with
its advantages and disadvantages.
What is Caesar Cipher Technique?
The Caesar cipher is a simple encryption technique that was used by Julius
Caesar to send secret messages to his allies. It works by shifting the letters in the
plaintext message by a certain number of positions, known as the "shift" or "key". The
Caesar Cipher technique is one of the earliest and simplest methods of encryption
techniques.
It's simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter with a fixed number of positions down the alphabet. For example with a shift
of 1, A would be replaced by B, B would become C, and so on. The method is apparently
named after Julius Caesar, who apparently used it to communicate with his officials.

Cryptography Algorithm For the Caesar Cipher

 Thus to cipher a given text we need an integer value, known as a shift which
indicates the number of positions each letter of the text has been moved down.
The encryption can be represented using modular arithmetic by first transforming
the letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25. Encryption
of a letter by a shift n can be described mathematically as.
 For example, if the shift is 3, then the letter A would be replaced by the letter D, B
would become E, C would become F, and so on. The alphabet is wrapped around so
that after Z, it starts back at A.
 Here is an example of how to use the Caesar cipher to encrypt the message "HELLO"
with a shift of 3:
1. Write down the plaintext message: HELLO
2. Choose a shift value. In this case, we will use a shift of 3.
3. Replace each letter in the plaintext message with the letter that is three positions to
the right in the alphabet.
H becomes K (shift 3 from H)
E becomes H (shift 3 from E)
L becomes O (shift 3 from L)
L becomes O (shift 3 from L)
O becomes R (shift 3 from O)
4.The encrypted message is now "KHOOR".
 To decrypt the message, you simply need to shift each letter back by the same
number of positions. In this case, you would shift each letter in "KHOOR" back by 3
positions to get the original message, "HELLO".

En(x)=(x+n)mod 26 En(x)=(x+n)mod 26
(Encryption Phase with shift n)
Dn(x)=(x−n)mod 26 Dn(x)=(x−n)mod 26
(Decryption Phase with shift n)

Examples :
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW

Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI

Advantages
 Easy to implement and use thus, making suitable for beginners to learn about
encryption.
 Can be physically implemented, such as with a set of rotating disks or a set of cards,
known as a scytale, which can be useful in certain situations.
 Requires only a small set of pre-shared information.
 Can be modified easily to create a more secure variant, such as by using a multiple
shift values or keywords.
Disadvantages
 It is not secure against modern decryption methods.
 Vulnerable to known-plaintext attacks, where an attacker has access to both the
encrypted and unencrypted versions of the same messages.
 The small number of possible keys means that an attacker can easily try all possible
keys until the correct one is found, making it vulnerable to a brute force attack.
 It is not suitable for long text encryption as it would be easy to crack.
 It is not suitable for secure communication as it is easily broken.
 Does not provide confidentiality, integrity, and authenticity in a message.

Features of Caesar Cipher

1. Substitution cipher: The Caesar cipher is a type of substitution cipher, where
each letter in the plaintext is replaced by a letter some fixed number of positions
down the alphabet.
2. Fixed key: The Caesar cipher uses a fixed key, which is the number of positions by
which the letters are shifted. This key is known to both the sender and the receiver.
3. Symmetric encryption: The Caesar cipher is a symmetric encryption technique,
meaning that the same key is used for both encryption and decryption.
4. Limited keyspace: The Caesar cipher has a very limited keyspace of only 26
possible keys, as there are only 26 letters in the English alphabet.
5. Vulnerable to brute force attacks: The Caesar cipher is vulnerable to brute
force attacks, as there are only 26 possible keys to try.
6. Easy to implement: The Caesar cipher is very easy to implement and requires
only simple arithmetic operations, making it a popular choice for simple encryption
tasks.

Rules for the Caesar Cipher

1. Choose a number between 1 and 25. This will be your "shift" value.
2. Write down the letters of the alphabet in order, from A to Z.
3. Shift each letter of the alphabet by the "shift" value. For example, if the shift value is
3, A would become D, B would become E, C would become F, and so on.
4. Encrypt your message by replacing each letter with the corresponding shifted letter.
For example, if the shift value is 3, the word "hello" would become "khoor".
5. To decrypt the message, simply reverse the process by shifting each letter back by
the same amount. For example, if the shift value is 3, the encrypted message "khoor"
would become "hello".

Algorithm for Caesar Cipher

Input:
1. Choose a shift value between 1 and 25.
2. Write down the alphabet in order from A to Z.
3. Create a new alphabet by shifting each letter of the original alphabet by the shift
value. For example, if the shift value is 3, the new alphabet would be:
4. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DEFGHIJKLMNOPQRSTUVWXYZABC
5. Replace each letter of the message with the corresponding letter from the new
alphabet. For example, if the shift value is 3, the word "hello" would become
"khoor".
6. To decrypt the message, shift each letter back by the same amount. For example, if
the shift value is 3, the encrypted message "khoor" would become "hello".
Procedure:
 Traverse the given text one character at a time .
 For each character, transform the given character as per the rule, depending on
whether we're encrypting or decrypting the text.
 Return the new string generated.
A program that receives a Text (string) and Shift value( integer) and returns the
encrypted text.
// A C++ program to illustrate Caesar Cipher Technique
#include <iostream>
using namespace std;
// This function receives text and shift and
// returns the encrypted text
string encrypt(string text, int s)
{
string result = "";
// traverse text
for (int i = 0; i < text.length(); i++) {
// apply transformation to each character
// Encrypt Uppercase letters
if (isupper(text[i]))
result += char(int(text[i] + s - 65) % 26 + 65);
// Encrypt Lowercase letters
else
result += char(int(text[i] + s - 97) % 26 + 97);
}
// Return the resulting string
return result;
}
// Driver program to test the above function
int main()
{
string text = "ATTACKATONCE";
int s = 4;
cout << "Text : " << text;
cout << "\nShift: " << s;
cout << "\nCipher: " << encrypt(text, s);
return 0;
}
Output

Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
Time complexity: O(N) where N is length of the given text
Auxiliary space: O(N)
How to decrypt?
We can either write another function decrypt similar to encrypt, that'll apply the given
shift in the opposite direction to decrypt the original text. However we can use the
cyclic property of the cipher under modulo, hence we can simply observe
Cipher(n) = De-cipher(26-n)
Conclusion
The Caesar Cipher, with its straightforward approach of shifting letters, serves as an
excellent introduction to the world of cryptography. While it is easy to understand and
implement, its simplicity also makes it vulnerable to basic attacks. Despite these
limitations, the Caesar Cipher’s historical role is significant, it represents the early
efforts to secure communication and has made the way for the more advanced
encryption methods used today. Understanding the Caesar Cipher helps us appreciate
the evolution of cryptographic techniques and the ongoing quest to protect
information in our digital age.

Monoalphabetic Cipher

Monoalphabetic cipher is a substitution cipher, where the cipher alphabet for

each plain text alphabet is fixed, for the entire encryption.

In simple words, if the alphabet ‘p’ in the plain text is replaced by the cipher
alphabet ‘d’. Then in the entire plain text wherever alphabet ‘p’ is used, it will be
replaced by the alphabet ‘d’ to form the ciphertext.

Monoalphabetic Cipher is a part of the substitution technique in which a

single cipher alphabet is used per message (mapping is done from plain alphabet to
cipher alphabet). Monoalphabetic cipher converts plain text into cipher text and re-
convert a cipher text to plain text. Monoalphabetic Cipher eliminates the brute-force
techniques for cryptanalysis. Moreover, the cipher line can be a permutation of the 26
alphabetic characters.

Types of Monoalphabetic Substitution Ciphers

1.Additive Cipher
It is also Known as Shift Cipher which shifts plain text to form Cipher-text.
 Mathematical Expression:
o For Encryption: C=( P + K ) mod 26 where 'P' is the character in plain
text, 'K' is the key, and 'C' is the Cipher.
o For Decryption: P=( C-K ) mod 26.
 Example : Input : P= GEEKS ,Key= 4 . Output : C=KIIOW
2.Caesar Cipher
A type of Addictive Cipher but the value of key is always '3' here.
 Mathematical Expression:
o For Encryption: C=( P + K ) mod 26 where 'P' is the character in plain
text, 'K' is the key, and 'C' is the Cipher.
o For Decryption: P=( C-K ) mod 26
 Example: Input: P=GEEKS , Output : C=JHHNV
3.Multiplicative Cipher
Letters are changed here using a multiplication key.
 Mathematical Expression:
o For Encryption: C=( P * K ) mod 26 where, 'P' is the character in plain
text, 'K' is the key, and 'C' is the Cipher.
 Example: Input : P=VMH , Key= 3 . Output : C=HEL
4.Affine Cipher
A mathematical function is used to convert plain text into cipher text.
 Mathematical Expression:
o For Encryption : C=( P * K1+K2 ) mod 26 where, 'P' is the character in
plain text, 'K1' is the multiplicative key, 'K2' is the additive key and 'C' is
Cipher.
o For Decryption : P=(( C-K2 )/ K1) mod 26.
 Example : Input : P=ARM , Key1=3,Key2=5 . Output : C=HEL

How Does Monoalphabetic Cipher Work?

Let us understand how this cipher technique works with an example, let us
suppose the mapping of plaintext using the table below.

0 1 2 3 4 5 6 7 8 9 10 11 12

A B C D E F G H I J K L M

13 14 15 16 17 18 19 20 21 22 23 24 25

N O P Q R S T U V W X Y Z

Example Input 1(Plain-text)- GFG

 Explanation: In Monoalphabetic cipher, the mapping is done randomly and the
difference between the letters is not uniform. Here, the word is mapped to S (G-
>S), F is mapped to R(F->R) and G was already mapped to S so we cannot change
it (G->S).
 Example Output 1(Cipher-text)- SRS
Example Input 2 (Cipher-text) - GZGEWVGRNCP
 Explanation:

Look at this table for Occurrences of the alphabet

 Using the table, use the alphabet which has occurred most times. So we see, G is
used most so we replace G with E (G->E) and then V->T, R->P, N->L, C->A, Z->X,
E->C, and W->U. Thus, we found the plain text.
Advantages of Monoalphabetic Cipher

 Better Security than Caesar Cipher.

 Provides Encryption and Decryption to data.
 Monoalphabetic Cipher maintains a frequency of letters.

Disadvantages of Monoalphabetic Cipher

 Monoalphabetic ciphers are easy to break because they reflect the frequency data
of the original alphabet.
 Prone to guessing attack using the English letters frequency of occurrence of
letters.
 The English Language is used so the nature of plain text is known.
 Less secure than a polyalphabetic cipher.

Playfair Cipher with Examples

The Playfair cipher was the first practical digraph substitution cipher. The
scheme was invented in 1854 by Charles Wheatstone but was named after Lord
Playfair who promoted the use of the cipher. In playfair cipher unlike traditional
cipher we encrypt a pair of alphabets(digraphs) instead of a single alphabet.
It was used for tactical purposes by British forces in the Second Boer War and in World
War I and for the same purpose by the Australians during World War II. This was
because Playfair is reasonably fast to use and requires no special equipment.
Encryption Technique
The algorithm consists of 2 steps:
1. Generate the key Square (5x5):

 The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet
(usually J) is omitted from the table (as the table can hold only 25 alphabets). If
the plaintext contains J, then it is replaced by I.
 The initial alphabets in the key square are the unique alphabets of the key in the
order in which they appear followed by the remaining letters of the alphabet in
order.
2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two
letters (digraphs). If there is an odd number of letters, a Z is added to the last
letter.
Example:

PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz'
Explanation: Pair cannot be made with same letter. Break the letter in single and
add a bogus letter to the previous letter. Here 'z' is the bogus letter.

Plain Text: "hello"

After Split: 'he' 'lx' 'lo'
Explanation: Here 'x' is the bogus letter.

Plain Text: "helloe"

After Split: 'he' 'lx' 'lo' 'ez'
Explanation: If the letter is standing alone in the process of pairing, then add an
extra bogus letter with the alone letter. Here 'x' and 'z' are the bogus letters.

Rules for Encryption

If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom).
For example:
Diagraph: "me"
Encrypted Text: cl
Encryption: m -> c e -> l

If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).
For example:
Diagraph: "st"
Encrypted Text: tl
Encryption: s -> t t -> l

If neither of the above rules is true: Form a rectangle with the two letters and
take the letters on the horizontal opposite corner of the rectangle.
For example:
Diagraph: "nt"
Encrypted Text: rq
Encryption: n -> r t -> q
For example:
Plain Text: "instrumentsz"
Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l
n -> r
t -> q
s -> t
z -> x

Below is given the implementation in C++ :

#include <bits/stdc++.h>
using namespace std
// Function to convert the string to lowercase
void toLowerCase(string &plain) {
int n = plain.size();
for (int i = 0; i < n; i++) {
 if (plain[i] > 64 && plain[i] < 91)
plain[i] += 32;
}
}
// Function to remove all spaces in a string
void removeSpaces(string &plain) {
int n = plain.size();
string temp;
for (int i = 0; i < n; i++) {
if (plain[i] != ' ') {
temp += plain[i];
}
}
plain = temp;
}
// Function to generate the 5x5 key square
void generateKeyTable(string &key,
vector<vector<char>> &keyT) {
int n = key.size();
// 5x5 key table
keyT.resize(5, vector<char>(5, 0));
// a 26 character hashmap
// to store count of the alphabet
vector<int> hash(26, 0);
int i, j, k, flag = 0;
for (i = 0; i < n; i++) {
if (key[i] != 'j')
hash[key[i] - 97] = 2;
}
hash['j' - 97] = 1;
i = 0;
j = 0;
for (k = 0; k < n; k++) {
if (hash[key[k] - 97] == 2) {
hash[key[k] - 97] -= 1;1
keyT[i][j] = key[k];
j++;
if (j == 5) {
i++;
j = 0;

}
}
}
for (k = 0; k < 26; k++) {
if (hash[k] == 0) {
keyT[i][j] = (char)(k + 97);
j++;
if (j == 5)
i++;
j = 0;
}
}
}
// Function to search for the characters of a digraph
// in the key square and return their position
void search(vector<vector<char>> &keyT,
char a, char b, vector<int> &arr) {
int i, j;

if (a == 'j')
a = 'i';
else if (b == 'j')
b = 'i';
for (i = 0; i < 5; i++) {
for (j = 0; j < 5; j++)
if (keyT[i][j] == a) {
arr[0] = i
arr[1] = j;
}
else if (keyT[i][j] == b) {
arr[3] = j;
}
}
}
}
// Function to make the plain text length to be even
int prepare(string &str) {
if (str.size() % 2 != 0) {
str += 'z';
}
int n = str.size();
return n;
}
// Function for performing the encryption
void encrypt(string &str, vector<vector<char>> &keyT) {
int n = str.size();
vector<int> arr(4);
for (int i = 0; i < n; i += 2) {
search(keyT, str[i], str[i + 1], arr)
if (arr[0] == arr[2]) {
str[i] = keyT[arr[0]][(arr[1] + 1) % 5];
str[i + 1] = keyT[arr[0]][(arr[3] + 1) % 5];
}
else if (arr[1] == arr[3]) {
str[i] = keyT[(arr[0] + 1) % 5][arr[1]];
str[i + 1] = keyT[(arr[2] + 1) % 5][arr[1]];
}
else {
str[i] = keyT[arr[0]][arr[3]];
str[i + 1] = keyT[arr[2]][arr[1]];
}
}
}
// Function to encrypt using Playfair Cipher
void encryptByPlayfairCipher(string &str, string &key) {
vector<vector<char>> keyT;
removeSpaces(key);
 toLowerCase(key);
toLowerCase(str);
removeSpaces(str);
prepare(str);
generateKeyTable(key, keyT);
encrypt(str, keyT);
}
int main() {
string key = "Monarchy";
string str = "instruments";
cout << "Key text: " << key << endl;
cout << "Plain text: " << str << endl;
encryptByPlayfairCipher(str, key);
cout << "Cipher text: " << str << endl;
return 0;
}

Output
Key text: Monarchy
Plain text: instruments
Cipher text: gatlmzclrqtx
Decryption Technique
Decrypting the Playfair cipher is as simple as doing the same process in reverse. The
receiver has the same key and can create the same key table, and then decrypt any
messages made using that key.
The Algorithm consists of 2 steps:
1. Generate the key Square(5x5) at the receiver's end:

 The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet
(usually J) is omitted from the table (as the table can hold only 25 alphabets). If
the plaintext contains J, then it is replaced by I.
 The initial alphabets in the key square are the unique alphabets of the key in the
order in which they appear followed by the remaining letters of the alphabet in
order.
2. Algorithm to decrypt the ciphertext: The ciphertext is split into pairs of two
letters (digraphs).
Note: The ciphertext always have even number of characters.
Rules for Decryption
If both the letters are in the same column: Take the letter above each one (going
back to the bottom if at the top).
For example:
Diagraph: "cl"
Decrypted Text: me
Decryption: c -> m l -> e
If both the letters are in the same row: Take the letter to the left of each one
(going back to the rightmost if at the leftmost position).

For example:
Diagraph: "tl"
Decrypted Text: st
Decryption: t -> s l -> t

If neither of the above rules is true: Form a rectangle with the two letters and
take the letters on the horizontal opposite corner of the rectangle.

For example:
Diagraph: "rq"
Decrypted Text: nt
Decryption: r -> n q -> t
For example:
Plain Text: "gatlmzclrqtx"
Decrypted Text: instrumentsz
Decryption:
(red)-> (green)
ga -> in
tl -> st
mz -> ru
cl -> me
rq -> nt
tx -> sz

Below is given the implementation in C++:

#include <bits/stdc++.h>
using namespace std;
// Function to convert the string to lowercase
void toLowerCase(string &plain) {
int n = plain.size();
for (int i = 0; i < n; i++) {
if (plain[i] > 64 && plain[i] < 91)
plain[i] += 32;
}
}
// Function to remove all spaces in a string
void removeSpaces(string &plain) {
int n = plain.size();
string temp;
for (int i = 0; i < n; i++) {
if (plain[i] != ' ')
temp += plain[i];
}
}
plain = temp;
}
// Function to generate the 5x5 key squar
void generateKeyTable(string &key,
vector<vector<char>> &keyT) {
 int n = key.size();
// 5x5 key table
keyT.resize(5, vector<char>(5, 0));
// a 26 character hashmap
// to store count of the alphabet
vector<int> hash(26, 0);
int i, j, k, flag = 0;
for (i = 0; i < n; i++) {
if (key[i] != 'j')
hash[key[i] - 97] = 2;
}
hash['j' - 97] = 1;
i = 0;
j = 0;
for (k = 0; k < n; k++) {
if (hash[key[k] - 97] == 2) {
hash[key[k] - 97] -= 1;
keyT[i][j] = key[k];
j++;
if (j == 5) {
i++;
j = 0;
}
}
}
for (k = 0; k < 26; k++) {
if (hash[k] == 0) {
keyT[i][j] = (char)(k + 97);
j++;
if (j == 5) {
i++;
j = 0;
}
}
}
}
// Function to search for the characters of a digraph
// in the key square and return their position
void search(vector<vector<char>> &keyT,
char a, char b, vector<int> &arr) {
int i, j;
if (a == 'j')
a = 'i'
else if (b == 'j')
b = 'i';
for (i = 0; i < 5; i++) {
for (j = 0; j < 5; j++) {

if (keyT[i][j] == a) {
arr[0] = i;
arr[1] = j;
}
else if (keyT[i][j] == b) {
arr[2] = i;
 arr[3] = j;
}
}
}
}
// Function to decrypt
void decrypt(string &str, vector<vector<char>> &keyT) {
int n = str.size();
vector<int> arr(4);
for (int i = 0; i < n; i += 2) {
search(keyT, str[i], str[i + 1], arr);
if (arr[0] == arr[2]) {
str[i] = keyT[arr[0]][(arr[1] - 1 + 5) % 5];
str[i + 1] = keyT[arr[0]][(arr[3] - 1 + 5) % 5];
}
else if (arr[1] == arr[3]) {
str[i] = keyT[(arr[0] - 1 + 5) % 5][arr[1]]
str[i + 1] = keyT[(arr[2] - 1 + 5) % 5][arr[1]];
}
else {
str[i] = keyT[arr[0]][arr[3]];
str[i + 1] = keyT[arr[2]][arr[1]];
}
}
}
// Function to call decrypt
void decryptByPlayfairCipher(string &str, string &key) {
vector<vector<char>> keyT;
removeSpaces(key);
toLowerCase(key);
toLowerCase(str);
removeSpaces(str);
generateKeyTable(key, keyT);
decrypt(str, keyT);
}
int main() {
string key = "Monarchy";
string str = "gatlmzclrqtx";
cout << "Key text: " << key << endl;
cout << "Plain text: " << str << endl;
decryptByPlayfairCipher(str, key);
cout << "Decipherred text: " << str << endl;
return 0;
}

Output

Key text: Monarchy

Plain text: gatlmzclrqtx
Decipherred text: instrumentsz
Advantages and Disadvantages

Advantages:
 It is significantly harder to break since the frequency analysis technique used to
break simple substitution ciphers is difficult but still can be used on (25*25) = 625
digraphs rather than 25 monographs which is difficult.
 Frequency analysis thus requires more cipher text to crack the encryption.

Disadvantages:
 An interesting weakness is the fact that a digraph in the ciphertext (AB) and it's
reverse (BA) will have corresponding plaintexts like UR and RU (and also
ciphertext UR and RU will correspond to plaintext AB and BA, i.e. the substitution
is self-inverse). That can easily be exploited with the aid of frequency analysis, if
the language of the plaintext is known.
 Another disadvantage is that playfair cipher is a symmetric cipher thus same key
is used for both encryption and decryption.

POLYALPHABETIC CIPHER
A polyalphabetic cipher is a type of substitution cipher that uses multiple
substitution alphabets to encrypt the plaintext. Unlike monoalphabetic ciphers, where
each letter in the plaintext is always mapped to the same letter in the ciphertext,
polyalphabetic ciphers can map each letter to multiple possible letters depending on its
position and a more complex algorithm.

Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form

of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on
substitution, using multiple substitution alphabets. The encryption of the original text
is done using the Vigenère square or Vigenère table.
 The table consists of the alphabets written out 26 times in different rows, each
alphabet shifted cyclically to the left compared to the previous alphabet,
corresponding to the 26 possible Caesar Ciphers.
 At different points in the encryption process, the cipher uses a different alphabet
from one of the rows.
 The alphabet used at each point depends on a repeating keyword.

Example:
Input : Plaintext : GEEKSFORGEEKS
Keyword : AYUSH
Output : Ciphertext : GCYCZFMLYLEIM
For generating key, the given keyword is repeated
in a circular manner until it matches the length of
the plain text.
The keyword "AYUSH" generates the key "AYUSHAYUSHAYU"
The plain text is then encrypted using the process
explained below.

Encryption:
The first letter of the plaintext, G is paired with A, the first letter of the key. So use row
G and column A of the Vigenère square, namely G. Similarly, for the second letter of
the plaintext, the second letter of the key is used, the letter at row E, and column Y is
C. The rest of the plaintext is enciphered in a similar fashion.
 Table to encrypt - Geeks

Decryption:
Decryption is performed by going to the row in the table corresponding to the key,
finding the position of the ciphertext letter in this row, and then using the column's
label as the plaintext. For example, in row A (from AYUSH), the ciphertext G appears
in column G, which is the first plaintext letter. Next, we go to row Y (from AYUSH),
locate the ciphertext C which is found in column E, thus E is the second plaintext
letter.
A more easy implementation could be to visualize Vigenère algebraically by
converting [A-Z] into numbers [0–25].

Encryption
The plaintext(P) and key(K) are added modulo 26.
Ei = (Pi + Ki) mod 26

Decryption
Di = (Ei - Ki) mod 26

Note: Di denotes the offset of the i-th character of the plaintext. Like offset of A is 0
and of B is 1 and so on.

Below is the implementation of the idea in C++:

def generate_key(msg, key):

key = list(key)
if len(msg) == len(key):
return key
else:
for i in range(len(msg) - len(key)):
 key.append(key[i % len(key)])
return "".join(key)

def encrypt_vigenere(msg, key):

encrypted_text = []
key = generate_key(msg, key)
for i in range(len(msg)):
char = msg[i]
if char.isupper():
encrypted_char = chr((ord(char) + ord(key[i]) - 2 * ord('A')) % 26
+ord('A'))
elif char.islower():
encrypted_char = chr((ord(char) + ord(key[i]) - 2 * ord('a')) % 26 +
ord('a'))
else:
encrypted_char = char
encrypted_text.append(encrypted_char)
return "".join(encrypted_text)

def decrypt_vigenere(msg, key):

decrypted_text = []
key = generate_key(msg, key)
for i in range(len(msg)):
char = msg[i]
if char.isupper():
decrypted_char = chr((ord(char) - ord(key[i]) + 26) % 26 + ord('A'))
elif char.islower():
decrypted_char = chr((ord(char) - ord(key[i]) + 26) % 26 + ord('a'))
else:
decrypted_char = char
decrypted_text.append(decrypted_char)
return "".join(decrypted_text)

# Example usage
text_to_encrypt = "Hello, World!"
key = "KEY"

encrypted_text = encrypt_vigenere(text_to_encrypt, key)

print(f"Encrypted Text: {encrypted_text}")

decrypted_text = decrypt_vigenere(encrypted_text, key)

print(f"Decrypted Text: {decrypted_text}")

#previous code was only support the upper case letters

#this code can be apply on both

Output
Ciphertext : GCYCZFMLYLEIM
Original/Decrypted Text : GEEKSFORGEEKS

Time Complexity : O(n), where n is the length of the string(here str).

Space Complexity :O(n), here n is the length of the string(here str).
 Decryption Process
Decryption is performed by reversing the encryption process. For each letter in the
ciphertext, the corresponding letter from the keyword is used to find the original
plaintext letter using the Vigenère table 1.
Applications

Polyalphabetic ciphers have various applications, including:

 Military and Diplomatic Use: Historically used for secure communication.
 Modern Cryptography: Forms the basis for more complex encryption algorithms.
 Algorithm Development: Used in research and development of new cryptographic
techniques.
 Steganography and Digital Watermarking: Enhances security in hiding
information2.
Conclusion

Polyalphabetic ciphers, such as the Vigenère cipher, provide a more secure method of
encryption compared to monoalphabetic ciphers by using multiple substitution
alphabets. This complexity makes them more resistant to cryptographic attacks 2.

Transposition Cipher Techniques in Cryptography

Transposition Ciphers are an essential part of cryptography that uses
systematic shuffling of plain text characters or bits to secure data by
altering their positions based on some defined way or algorithm.
Moreover, unlike substitutive codes where different letters substitute
others, in these, you just shift about original letters hence it does not at all
look like any message.
The utilization of these strategies in relatively primitive encryption
methodologies, which in their simplicity formed the basis for more sophisticated
forms of encoding is shown by other historical ciphers like Rail Fence and Columnar
Transposition. Columnar transpositions are still being explored and employed today
within complex systems. For instance, such as those involving hierarchical structures
that are meant to increase message secrecy through extra levels of obscurity.
In this article, we will learn about techniques used to encrypt the message earlier. This
article will provide details about the Transposition Cipher Technique. Then we are
going to explore various types of Transposition Cipher Technique.

Transposition Cipher Technique

The Transposition Cipher Technique is an encryption method used to encrypt a
message or information. This encryption method is done by playing with the position
of letters of the plain text. The positions of the characters present in the plaintext are
rearranged or shifted to form the ciphertext. It makes use of some kind of permutation
function to achieve the encryption purpose. It is very easy to use and so simple to
implement.

Types of Transposition Cipher Techniques

There are three types of transposition cipher techniques
 Rail Fence Transposition Cipher
 Block (Single Columnar) Transposition Cipher
 Double Columnar Transposition Cipher
Rail Fence Transposition Cipher
Rail Fence Transposition cipher technique is the simplest transposition cipher
techniqueits. It is also termed as a zigzag cipher. It gets its name from the way
through which it performs encryption of plain text. The steps to get cipher text with
the help of the Rail Fence Transposition cipher technique are as follow-
Technique of Rail Fence Transposition Cipher
Example: The plain text is "Hello Krishna"
Now, we will write this plain text in the diagonal form:

Rail Fence Transposition Cipher

Now, following the second step we get our cipher text.

Cipher Text = "rsnelkiha"

Block (Single Columnar) Transposition Cipher

Block Transposition Cipher is another form of Transposition Cipher which was
used to encrypt the message or information. In this technique, first, we write the
message or plaintext in rows. After that, we read the message column by column. In
this technique, we use a keyword to determine the no of rows.
 Step 1: First we write the message in the form of rows and columns, and read the
message column by column.
 Step 2: Given a keyword, which we will use to fix the number of rows.
 Step 3: If any space is spared, it is filled with null or left blank or in by (_).
 Step 4: The message is read in the order as specified by the keyword.

Block Columnar Transposition Cipher

For example: The plaintext is "KRISHNA RANJAN"

Now we will write the plaintext in the form of row and column.
Cipher Text = IAN_RNANS_J_KHRA
Double Columnar Transposition Cipher
Double Columnar Transposition Cipher is another form of Transposition Cipher
Technique. It is just similar to the columnar transposition technique. The main
objective of using a Double Columnar Transposition Cipher is to encrypt the message
twice. It makes use of the Single Columnar Transposition technique but uses two
times. It can use the same or different secret keys. The output obtained from the first
encryption will be the input to the second encryption.
 Step 1: First we write the message in the form of rows and columns, and read the
message column by column.
 Step 2: Given a keyword, which we will use to fix the number of rows.

Double Columnar Transposition Cipher Step 1:

 Step 3: If any space is spared, it is filled with null or left blank or in by (_).
Now applying keyword 2:

Double Columnar Transposition Cipher: Step 2

 Step 4: The message is read in the order in by the keyword.

Now apply step 3:
 Double Columnar Transposition Cipher: Step 3

 Step 5: Then the output from the first encryption is input to the second.
 Step 6: Now the message is read in Technique in the order specified by the second
keyword.

Double Columnar Transposition Cipher: Step 4

The Cipher Text is: "S_J_IAN_RNANKHRA"

Conclusion
In conclusion, Transposition Cipher Techniques are the techniques which are
used for encryption of plaintext or messages. There are several types of Transposition
Cipher Techniques which include Rail Fence Transposition Cipher, Block (Single
Columnar) Transposition Cipher, and Double Columnar Transposition Cipher. Each
technique has its way of encrypting the plaintext.
What is Steganography?
Steganography is the practice of concealing information. It involves
hiding data within an ordinary, non-secret file or message to prevent
detection. The hidden information is being extracted at the receiving end.
Often, steganography is combined with encryption to add an extra layer of
security for the hidden data. With the help of Steganography, we can hide
any digital content virtually like text, image, videotape, etc.

The term "steganography" is derived from the Greek word "steganos" which
means "hidden or covered" and "graph" means "to write." It has been in use for
centuries. For example, in ancient Greece, people carved messages onto wood and
covered them with wax to hide it. Similarly, Romans used different types of invisible
inks which could be revealed when exposed to heat or light.

How Steganography Works

Step 1: The first step in steganography is selecting a cover medium which is the file or
message that will carry the hidden data. Common cover media include:
 Images (JPEG, PNG, BMP, etc.)
 Audio files (MP3, WAV, etc.)
 Video files (MP4, AVI, etc.)
 Text files or documents
Step 2: Sometimes, before embedding, the secret message is encrypted to add an
additional layer of security. This ensures that even if someone detects the hidden data,
they cannot read it without the decryption key.
Step 3: The secret message is then hidden using one of several techniques:
 Least Significant Bit (LSB): The least significant bit of a byte is changed to hide
the secret message. This method is often used in image and audio files.
 Frequency Domain: Instead of modifying the raw data (like pixels or audio
samples), the secret message can be embedded in the frequency components of an
image or audio file.
 Bit Planes: In this method, data is hidden in the higher-order bit planes of an
image. This can be more secure because it uses bits that are less likely to be
noticed.
The most common is Least Significant Bit (LSB) encoding.
Step 4: The modified data is then embedded into the cover medium. The resulting file
which now contains both the cover data and the hidden message is referred to as
the stego-object which can be safely transmitted or stored without raising suspicion.
Step 5: The receiver of the stego-object needs to know the method used for
embedding the secret message. In some cases, a secret key is required to extract the
data if encryption is used in combination with steganography.
Different Types of Steganography

Text Steganography
Text Steganography is defined as a type of steganography which involves
caching dispatches or secret information within a textbook document or other textual
data. In this system, we try to hide secret data with the help of each letter of the word.
It is challenging to describe especially when the variations or changes made are subtle.

Image Steganography
Image Steganography is defined as a type of steganography which involves
caching dispatches or secret information within digital images. It is achieved by
making changes in the pixels of the image to render the information. It is generally
used for watermarking, covert communication, brand protection, etc.

Audio Steganography
Audio Steganography is defined as a type of steganography which involves
caching dispatches or secret information within audio lines. The ideal behind using
this fashion is to hide information in such a way that people cannot notice it when
they hear the audio. It's generally used for digital rights operation in audio lines.

Video Steganography
Video Steganography is defined as a type of steganography which involves
caching dispatches or secret information within digital videotape lines. The ideal way
to use Video Steganography is to detect secret information in a videotape in such a
way that normal people won't notice it.

Network or Protocol Steganography

Network or Protocol Steganography is defined as a type of steganography which
involves caching dispatches or secret information within network protocols or
dispatches. It tries to hide secret information in the usual inflow of internet or
network exertion so that nothing can describe it.

Advantages of Steganography
 It offers better security for data sharing and communication.
 It's veritably important delicate to descry. It can only be detected by the receiver
party.
 It can apply through colorful means like images, audio, videotape, textbook,etc.
 It plays a vital part in securing the content of the communication.
 It offers double subcaste of protection, first being the train itself and second the
data decoded.
 With the help of Steganography advanced functional agency can communicate
intimately.

Difference between Steganography and Cryptography

Steganography Cryptography

Cryptography is a technique of securing

Steganography is defined as a system
information through the use of codes so that
of concealing data or information
only the person a message was intended for
underknown-secret data or training.
can read it.

Its main purpose is to maintain

Its main idea is to give data protection.
communication security.

The structure of data is not modified The structure of data is modified in the case
in the case of Steganography. of Cryptography.

The use of key is not obligatory, but if The use of key is obligatory in the case of
it is used it enhances security. Cryptography.

The use of fine metamorphoses is not There is use of fine metamorphoses to play
involved importantly. with the data and increase protection.

Example of Image Steganography in Python

Here is an example of how to implement image steganography using Python and

the PIL (Python Imaging Library) library:
1. Install the required library: pip install pillow
2. Define the functions for hiding and extracting the secret data: from PIL
import Image def hide_text(image_path, secret_text, output_path): image =
Image.open(image_path) binary_secret_text = ''.join(format(ord(char), '08b') for
char in secret_text) image_capacity = image.width * image.height * 3 if
len(binary_secret_text) > image_capacity: raise ValueError("Image does not have
sufficient capacity to hide the secret text.") pixels = image.load() index = 0 for i in
range(image.width): for j in range(image.height): r, g, b = pixels[i, j] if index <
len(binary_secret_text): r = (r & 0xFE) | int(binary_secret_text[index]) index += 1
if index < len(binary_secret_text): g = (g & 0xFE) | int(binary_secret_text[index])
index += 1 if index < len(binary_secret_text): b = (b & 0xFE) |
int(binary_secret_text[index]) index += 1 pixels[i, j] = (r, g, b)
image.save(output_path) def extract_text(image_path): image =
Image.open(image_path) pixels = image.load() binary_secret_text = "" for i in
range(image.width): for j in range(image.height): r, g, b = pixels[i, j]
 binary_secret_text += str(r & 1) binary_secret_text += str(g & 1) binary_secret_text
+= str(b & 1) secret_text = "" for i in range(0, len(binary_secret_text), 8): char =
chr(int(binary_secret_text[i:i+8], 2)) secret_text += char return secret_text
3. Hide secret text in an image: image_path = 'image.jpg' secret_text = 'This is a
secret message.' output_path = 'output_image.jpg' hide_text(image_path,
secret_text, output_path)
4. Extract the secret text from the image: extracted_text =
extract_text(output_path) print("Extracted text:", extracted_text)

In this example, the secret text is converted into binary form and embedded into the
least significant bits of the image pixels. To extract the secret text, the least significant
bits are retrieved and converted back to ASCII characters.
Conclusion

Steganography provides an additional layer of security by hiding the existence of

secret information within ordinary files. When combined with cryptography, it offers a
robust method for secure communication and data protection

MCQ :

1. Which of the following is a feature of symmetric key cryptography?

a) Single key for encryption only
b) Single key for both encryption and decryption
c) Multiple keys for encryption
d) Asymmetric key use only
Answer: b
2. In the symmetric cipher model, what must be shared securely
between sender and receiver?
a) Algorithm
b) Key
c) Message
d) Hash function
Answer: b
3. Which of the following is NOT an example of a symmetric cipher?
a) DES
b) AES
c) RSA
d) Blowfish
Answer: c
4. What is the main disadvantage of symmetric key cryptography?
a) Complex algorithms
b) Key distribution problem
c) Weak encryption
d) Expensive computation
Answer: b
5. Which type of cipher is typically faster, symmetric or asymmetric?
a) Symmetric
b) Asymmetric
c) Both are same
 d) Depends on implementation
Answer: a
6. In symmetric cryptography, if Alice wants to send a message to Bob,
what must they both possess?
a) Bob's public key
b) Alice's private key
c) A shared secret key
d) A hash function
Answer: c
7. Which block cipher is widely used and standardized by NIST?
a) Blowfish
b) AES
c) RSA
d) IDEA
Answer: b
8. Which of these is a stream cipher?
a) AES
b) DES
c) RC4
d) RSA
Answer: c

9. The Caesar cipher involves shifting letters by how many positions in

its original form?
a) 1
b) 3
c) 5
d) 7
Answer: b
10. What type of cipher is Caesar cipher?
a) Block cipher
b) Transposition cipher
c) Substitution cipher
d) Public-key cipher
Answer: c
11. If the Caesar cipher uses a key of 4, what does ‘A’ become?
a) D
b) E
c) F
d) B
Answer: b
12. Which of the following is a weakness of the Caesar cipher?
a) Complex key structure
b) Too many possible keys
c) Easy to brute-force
d) No mathematical basis
Answer: c
13. The number of distinct keys possible in Caesar cipher is:
a) 25
b) 26
c) 256
d) Infinite
Answer: a
14. The Caesar cipher can be broken using:
a) Private key
b) Brute-force or frequency analysis
c) Hashing
d) Diffie-Hellman key exchange
Answer: b

15. Which statement is true about monoalphabetic cipher?

a) One character maps to multiple characters
b) A single cipher alphabet is used
c) It changes with each message
d) It is a type of transposition
Answer: b
16. Compared to Caesar cipher, monoalphabetic cipher offers:
a) Less security
b) More keys and more security
c) No encryption
d) Reversible encoding
Answer: b
17. How many possible keys exist in a monoalphabetic cipher (based on
English alphabet)?
a) 25
b) 26
c) 26!
d) Infinite
Answer: c
18. Which technique is commonly used to break monoalphabetic
ciphers?
a) Hashing
b) Brute-force only
c) Frequency analysis
d) RSA
Answer: c
19. Monoalphabetic cipher is a type of:
a) Block cipher
b) Stream cipher
c) Substitution cipher
d) Hybrid cipher
Answer: c
20. Why is monoalphabetic cipher vulnerable?
a) It uses large keys
b) The encryption is irreversible
c) The letter frequency is preserved
d) It needs asymmetric keys
Answer: c
21. A monoalphabetic cipher uses a:
a) Fixed substitution over the alphabet
b) Randomized key for each message
c) Numeric matrix
d) Block structure
Answer: a
22. Which of the following is an improvement over monoalphabetic
cipher?
a) Transposition cipher
b) Caesar cipher
c) Polyalphabetic cipher
d) Subnet cipher
Answer: c

23. Playfair cipher was invented by:

a) Julius Caesar
b) Charles Wheatstone
c) Auguste Kerckhoffs
d) William Friedman
Answer: b
24. What is the basic encryption unit in Playfair cipher?
a) Single letter
b) Block of 4 letters
c) Digraph (pair of letters)
d) Paragraph
Answer: c
25. Playfair cipher encrypts text using:
a) 3x3 grid
b) 5x5 grid
c) 6x6 grid
d) 4x4 matrix
Answer: b
26. What happens if a pair contains two identical letters in Playfair
cipher?
a) They are ignored
b) Insert 'X' between them
c) Shift both right
d) Replace with random letters
Answer: b
27. In Playfair cipher, how is the key matrix formed?
a) Randomly
b) Using a keyword with repeated letters removed
c) From ASCII values
d) By frequency analysis
Answer: b
28. In Playfair cipher, if both letters of a pair appear in the same column:
a) Letters are replaced by the one to the left
b) Letters are replaced by the one below
c) Letters are swapped
d) Letters are encrypted individually
Answer: b
29. Which statement is false about Playfair cipher?
a) It encrypts digraphs
b) It is stronger than monoalphabetic ciphers
c) It keeps letter frequencies unchanged
d) It uses a 5x5 matrix
Answer: c
30. Which letter is usually omitted or merged in the Playfair cipher
alphabet?
a) A
b) J
c) Z
d) K
Answer: b
31. Which cipher is the best-known example of a polyalphabetic cipher?
a) Caesar cipher
b) Vigenère cipher
c) Playfair cipher
d) Hill cipher
Answer: b
32. What is a key characteristic of polyalphabetic ciphers?
a) One-to-one substitution
b) Uses multiple substitution alphabets
c) Uses digraphs
d) Only transposes letters
Answer: b
33. Which weakness of monoalphabetic ciphers is addressed by
polyalphabetic ciphers?
a) Low encryption speed
b) Pattern repetition
c) Frequency analysis
d) Large key size
Answer: c
34. In Vigenère cipher, the encryption key is:
a) A number
b) A matrix
c) A keyword
d) A hash value
Answer: c
35. The Vigenère cipher is more secure than Caesar cipher because:
a) It uses complex math
b) It uses a key matrix
c) It uses multiple cipher alphabets
d) It replaces vowels only
Answer: c
36. What happens when the Vigenère cipher keyword is shorter than the
plaintext?
a) It stops encryption
b) It pads with zeros
c) The keyword is repeated
d) The message is truncated
Answer: c
37. Which technique is effective in attacking Vigenère cipher?
a) Hill climbing
b) Kasiski examination
c) RSA cracking
d) Diffie-Hellman attack
Answer: b
38. What is the main idea of transposition cipher techniques?
a) Replace letters with symbols
b) Rearrange the order of letters
c) Replace letters with numbers
d) Use ASCII values
Answer: b
39. Which of the following is a transposition cipher?
a) Vigenère cipher
b) Caesar cipher
c) Rail Fence cipher
d) Substitution cipher
Answer: c
40. In transposition cipher, the key usually determines:
a) Substitution rules
b) Letter shifts
c) Rearrangement pattern
d) Frequency of letters
Answer: c
41. The Rail Fence cipher is classified as a:
a) Substitution cipher
b) Polyalphabetic cipher
c) Transposition cipher
d) Symmetric cipher
Answer: c
42. Which cipher uses a matrix and a columnar pattern for rearranging
plaintext?
a) Hill cipher
b) Columnar transposition cipher
c) Vigenère cipher
d) Caesar cipher
Answer: b
43. Which of the following is true about transposition ciphers?
a) They change the letters
b) They are easy to break
c) They retain letter frequency
d) They require no key
Answer: c
44. To decrypt a transposition cipher, one must know:
a) The shift value
b) The original matrix
c) The keyword or permutation
d) The frequency of vowels
Answer: c
45. What is the primary goal of steganography?
a) Encrypt data
b) Compress data
c) Hide the existence of data
d) Hash the message
Answer: c
 46. Which of the following is a steganography technique?
a) RSA encryption
b) Frequency analysis
c) LSB (Least Significant Bit) embedding
d) Vigenère cipher
Answer: c
47. Steganography is different from cryptography because it:
a) Makes the message unreadable
b) Hides the message in plain sight
c) Requires public key exchange
d) Uses brute-force techniques
Answer: b
48. Which medium is NOT commonly used in steganography?
a) Text
b) Audio
c) Video
d) SQL query
Answer: d
49. In image-based steganography, the hidden message is usually stored
in:
a) Pixel metadata
b) Least significant bits
c) File header
d) Watermarks
Answer: b
50. What is a limitation of steganography?
a) It requires passwords
b) The message must be encrypted first
c) It has limited capacity per carrier file
d) It can’t be detected
Answer: c

5 MARK QUESTIONS:
1.Explain the symmetric key encryption model with the help of a diagram.
2.Describe the Caesar cipher with an example. Encrypt the message “SECURE” using a
Caesar cipher with a key of 3. Explain why this cipher is vulnerable to attacks.
3.Explain the working of the Playfair cipher. Construct the 5x5 matrix using the
keyword “MONARCHY”, and encrypt the plaintext “BALLOON”.
4.Define polyalphabetic cipher. How does it differ from monoalphabetic substitution?
5.What is steganography? How is it different from cryptography? Describe how Least
Significant Bit (LSB) technique is used to hide data in an image file.

10 MARK QUESTIONS:
1.Explain the symmetric key encryption model in detail.
2.Describe the Caesar cipher algorithm and analyze its security.
3.What is a monoalphabetic cipher? Describe the encryption and decryption
process with an example using a substitution key.
4.Explain the Playfair cipher encryption process using a suitable keyword. Construct the
5x5 key matrix for the keyword “CRYPTOGRAPHY” and encrypt the message
“INFORMATION SECURITY”. Explain how digraphs and rules are applied during
encryption.
5.What is a polyalphabetic cipher? How does it overcome the weaknesses of
monoalphabetic ciphers?
6.Explain transposition cipher techniques in detail.
7.Define steganography. Compare it with cryptography.
8.Compare and contrast monoalphabetic and polyalphabetic ciphers.
9.Differentiate between substitution and transposition techniques.
10.Design a secure communication scenario using both cryptography and
steganography.
 UNIT-III BLOCK CIPHER AND DES
Block Cipher Design Principles
Block ciphers are built in the Feistel cipher structure. Block cipher has a specific
number of rounds and keys for generating ciphertext.Block cipher is a type of
encryption algorithm that processes fixed-size blocks of data, usually 64 or 128 bits, to
produce ciphertext. The design of a block cipher involves several important principles to
ensure the security and efficiency of the algorithm. Some of these principles are:

1. Number of Rounds - The number of Rounds is regularly considered in design

criteria, it just reflects the number of rounds to be suitable for an algorithm to make
it more complex, in DES we have 16 rounds ensuring it to be more secure while in
AES we have 10 rounds which makes it more secure.

2. Design of function F - The core part of the Feistel Block cipher structure is the
Round Function. The complexity of cryptanalysis can be derived from the Round
function i.e. the increasing level of complexity for the round function would be
greatly contributing to an increase in complexity. To increase the complexity of the
round function, the avalanche effect is also included in the round function, as the
change of a single bit in plain text would produce a mischievous output due to the
presence of avalanche effect.

3. Confusion and Diffusion: The cipher should provide confusion and diffusion to
make it difficult for an attacker to determine the relationship between the plaintext
and ciphertext. Confusion means that the ciphertext should be a complex function of
the key and plaintext, making it difficult to guess the key. Diffusion means that a
small change in the plaintext should cause a significant change in the ciphertext,
which makes it difficult to analyze the encryption pattern.

4. Key Size: The key size should be large enough to prevent brute-force attacks. A
larger key size means that there are more possible keys, making it harder for an
attacker to guess the correct one. A key size of 128 bits is considered to be secure for
most applications.

5. Key Schedule: The key schedule should be designed carefully to ensure that the
keys used for encryption are independent and unpredictable. The key schedule
should also resist attacks that exploit weak keys or key-dependent properties of the
cipher.

6. Block Size: The block size should be large enough to prevent attacks that exploit
statistical patterns in the plaintext. A block size of 128 bits is generally considered to
be secure for most applications.

7. Non-linearity: The S-box used in the cipher should be non-linear to provide

confusion. A linear S-box is vulnerable to attacks that exploit the linear properties of
the cipher.

8. Avalanche Effect: The cipher should exhibit the avalanche effect, which means
that a small change in the plaintext or key should cause a significant change in the
ciphertext. This ensures that any change in the input results in a complete change in
the output.
9. Security Analysis: The cipher should be analyzed for its security against various
attacks such as differential cryptanalysis, linear cryptanalysis, and brute-force
attacks. The cipher should also be tested for its resistance to implementation attacks,
such as side-channel attacks.
Overall, a good block cipher design should be resistant to various attacks, efficient, and
easy to implement.
Data Encryption Standard (DES)

Data Encryption Standard (DES) is a symmetric block cipher. By 'symmetric', we

mean that the size of input text and output text (ciphertext) is same (64-bits). The
'block' here means that it takes group of bits together as input instead of encrypting the
text bit by bit. Data encryption standard (DES) has been found vulnerable to very
powerful attacks and therefore, it was replaced by Advanced Encryption Standard
(AES).
 It is a block cipher that encrypts data in 64 bit blocks.
 It takes a 64-bit plaintext input and generates a corresponding 64-bit ciphertext
output.
 The main key length is 64-bit which is transformed into 56-bits by skipping every
8th bit in the key.
 It encrypts the text in 16 rounds where each round uses 48-bit subkey.
 This 48-bit subkey is generated from the 56-bit effective key.
 The same algorithm and key are used for both encryption and decryption with minor
changes.
Working of Data Encryption Standard (DES)
DES is based on the two attributes of Feistel cipher i.e. Substitution (also called
confusion) and Transposition (also called diffusion). DES consists of 16 steps, each of
which is called a round. Each round performs the steps of substitution and
transposition along with other operations.

Data Encryption Standard

 The encryption starts with a 64-bit plaintext that needs to be encrypted using a
64-bit key. Plaintext is passed to Initial Permutation function and key is permuted using
Permuted Choice 1 (PC-1).
Initial Permutation
The 64-bit plaintext block is input into an Initial Permutation (IP) function that
rearranges the order of bits. The order of bits is changed using predefined table. The IP
table is a 8×8 matrix (64 entries) where each entry specifies the new position of a bit
from the original plaintext.

Working of IP Table:
 The first bit of the permuted block is taken from the 58th bit of the original
plaintext.
 The second bit comes from the 50th bit and so on.
 The last (64th) bit comes from the 7th bit of the original plaintext.
The initial permutation (IP) happens only once and it happens before the first
round. The permutation this function do is fixed and does not depend on the plaintext.
This rearranged 64-bit plaintext then go through 16 rounds. Each of this round uses a
different 48-bit subkey from the previous round subkey. These subkeys are generated
from 64-bit key.

Initial Permutation Table

58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6

64 56 48 40 32 24 16 8

57 49 41 33 25 17 9 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5

63 55 47 39 31 23 15 7

Key Transformation
The 64-bit initial key is converted into 56-bit effective key. This 56-bit key further
generates 48-bit subkeys for each of the 16 Feistel rounds.
Conversion of 64-bit Key into 56-bit Key
Initial key first go through Permuted Choice 1 (PC-1) which reduces the key to 56
bits. In PC-1 every eighth bit in key is discarded. That is bit positions 8, 16, 24, 32, 40,
48, 56, and 64 are discarded.

Bits at the positions in Green are Discarded

These discarded bits are called parity bits which are used for error checking. Remaining
56 bits are split into two 28-bit halves:
 Left Half (Ci): First 28 bits.
 Right Half (Di): Last 28 bits
Here i represent the number of the Feistel round.
Generating 48-bit Round Subkeys
For each of the 16 rounds, right half (Ci) and left half (Di) undergo circular left shift
operation.

Key Transformation in DES

For Feistel round 1, 2, 9, and 16 both halves (left and right) undergo 1-bit left
shift operation. For others rounds (3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15) the halves
undergo 2-bit left shift operation.

Circular Left Shift Operation on Feistel Rounds

After circular shift operation is performed, Ci and Di are again combined into 56-
bit block. This block then go through Permutation Choice 2 (PC-2). The PC-2 selects
and arrange 48 bits out of the 56 to form the round subkey (Ki). These 48 bits are
selected on the basis of a predefined table as shown below:
 According to this table 14th bit is placed to first position, 17th bit to second
position, 11th bit to 3rd position and so on. The output 48-bit subkey of this table is
used to cipher the plaintext in the Feistel round.
For next round we use already left shifted Ci and Di as left and right half. We again
perform the circular left shift operation on both halves. We again combine the result
into 56-bit block and use permutation choice 2 to contract this block into 48-bit subkey
for next round.
The process of Circular Left Shift and Permutation Choice 2 is followed for 16
rounds and different round subkey (Ki) is generated for each Feistel Round. Each 48-bit
subkey (Ki) is XORed with the expanded right half in the Feistel Round. Below is the
explanation of what happens in every single Feistel round.

Permutation Choice 2 Table

14 17 11 24 1 5 3 28

15 6 21 10 23 19 12 4

26 8 16 7 27 20 13 2

41 52 31 37 47 55 30 40

51 45 33 48 44 49 39 56

34 53 46 42 50 36 29 32

Feistel Rounds (1 - 16)

Every round receives 64-bits permuted plaintext from the Initial Permutation
function and 48-bit transformed subkey (Ki). The permuted 64-bit plaintext is divided
into two halves called as Left Plaintext (LPT) and Right Plaintext (RPT). Both of these
halves are 32 bit in size. The right half or Right Plaintext (RPT) is processed using
Mangler (F) function. Mangler (F) function involves expansion, key mixing, substitution
(S-boxes), and permutation (P-box) of RPT.

Single Feistel Round in DES

The RPT first go through Expansion Permutation. In this permutation 32-bit Right
Plaintext (RPT) is expanded into 48 bits using expansion box or E-box table.
E-Box Expansion Table

32 1 2 3 4 5

4 5 6 7 8 9

8 9 10 11 12 13

12 13 14 15 16 17

16 17 18 19 20 21

20 21 22 23 24 25

24 25 26 27 28 29

28 29 30 31 32 1

The 48-bit expanded block is generated by arranging the bits as in E-Box table.
This expanded block is XORed (⊕) with the 48-bit round subkey that we generated
during key transformation process. The XOR or Exclusive OR operation returns '0' as
output if both inputs are same, else the out will be '1'. After XOR is performed, the
resulting 48-bit block is split into eight chunks of 6-bit size each. Each of the chunk is
then fed into a different S-box (S1 to S8).
For example, the output of XOR operation is converted into 6 bit chunks as
follows:
101010 010001 011110 111010 100001 100110 010100 100111

These 6 bits chunks will be converted into 4 bits using S-Boxes.

S-Box

S-Boxes are predefined lookup tables which reduces 6 bits chunk into 4 bits.
Below is the list of these S-Boxes.
 Suppose the first 6-bit chunk is 101010. We divide this chunk into two parts of 2
bit and 4 bit size. First and last bits are combined together for 2-bit part and rest bits
make up the 4-bit part.
101010 -> (1)(0101)(0) -> divided into 10 and 0101
 We look for these parts in the rows and columns of S1 table. The number in the
cell where row is '10' and column is '0101' is '6' in the S1 table. The binary value of six is
'0110'. This is the 4 bit value that S-Box 1 generated from the 6 bit input '101010'.
6-bit chunk: '101010' converted into 4-bit chunk: '0110'
Similarly we convert every 6-bit chunk into 4-bit value using S-Boxes. This
process is called substitution. After that we combine all of these 4-bit chunks to get 32-
bit block as output. This 32 bit again get permuted using following table.
P-box Permutation

16 7 20 21 29 12 28 17

1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9

19 13 30 6 22 11 4 25

This permutation is called Transposition. The mangler function finishes here. 32-
bit block after permutation is the output of mangler function. This block is XORed with
32-bit Left half or Left Plaintext (LPT) that was generated in the beginning of the Feistel
round after Initial Permutation (IP). The output of this XOR operation serves as Right
Half or Right Plaintext for next round and the initial Right Half (RPT) will serve as Left
Half for the next round.
Li = Ri-1
Ri = Li-1 ⊕ F(Ri-1, Ki)
Where
 Li-1 = The Left Half or Left Plaintext (LPT) of current round.
 Li = The Left Half or Left Plaintext (LPT) for next round.
 Ri-1 = The Right Half or Right Plaintext (LPT) of current round.
 Ri = The Right Half or Right Plaintext (LPT) for next round.
We do the same operations as mentioned for 16 rounds using subkeys generated by key
transformation. The whole process is shown below in the diagram.

Mangler Function and Key Transformation in DES

32-bit Swap and Inverse Initial Permutation
After these 16 rounds we get two blocks (Left and Right) of 32-bit each. The two
32-bit halves are again swapped back, resulting in a 64-bit block. This step is called 32-
bit Swap in DES encryption algorithm.
Finally, the block undergoes an Inverse Initial Permutation (IP-1). This is essentially the
inverse of the initial permutation applied at the beginning.

Inverse Initial Permutation

Output Input
Positio Positio Output Input Output Input Output Input
n n Positio Positio Positio Positio Positio Positio
n n n n n n

58 1 62 17 57 33 61 49

50 2 54 18 49 34 53 50

42 3 46 19 41 35 45 51

34 4 38 20 33 36 37 52

26 5 30 21 25 37 29 53

18 6 22 22 17 38 21 54

10 7 14 23 9 39 13 55

2 8 6 24 1 40 5 56

60 9 64 25 59 41 63 57

52 10 56 26 51 42 55 58

44 11 48 27 43 43 47 59
 Inverse Initial Permutation

Output Input
Positio Positio Output Input Output Input Output Input
n n Positio Positio Positio Positio Positio Positio
n n n n n n

36 12 40 28 35 44 39 60

28 13 32 29 27 45 31 61

20 14 24 30 19 46 23 62

12 15 16 31 11 47 15 63

4 16 8 32 3 48 7 64

The result of the inverse initial permutation is the final 64-bit ciphertext which is
the encrypted version of the original plaintext.
Decryption in DES (Data Encryption Standard)
Decryption in DES follows the same process as encryption but in reverse order. Since
DES is a symmetric-key algorithm, the same key is used for both encryption and
decryption, but the subkeys (round keys) are applied in reverse order.
 Reverse Subkey Application: The 16 round keys generated during key
scheduling are used in reverse order (from K16 to K1) during decryption.
 Inverse Feistel Function: The Feistel network structure ensures that decryption
mirrors encryption. Each round performs the same operations (expansion, S-box
substitution, permutation), but with reversed subkeys.
 Final Permutation (FP): After 16 rounds, the output undergoes the Inverse
Initial Permutation (IP), reversing the initial shuffling.

Program for the Data Encryption Standard (DES)

Below is the Python program for Data Encryption Standard (DES). The Plaintext and
Key used are:
Plaintext = "123456ABCD132536"
Key = "AABB09182736CCDD"

# Python3 code for the above approach

# Hexadecimal to binary conversion
def hex2bin(s):
mp = {'0': "0000",
'1': "0001",
'2': "0010",
'3': "0011",
 '4': "0100",
'5': "0101",
'6': "0110",
'7': "0111",
'8': "1000",
'9': "1001",
'A': "1010",
'B': "1011",
'C': "1100",
'D': "1101",
'E': "1110",
'F': "1111"}
bin = ""
for i in range(len(s)):
bin = bin + mp[s[i]]
return bin
# Binary to hexadecimal conversion
def bin2hex(s):
mp = {"0000": '0',
"0001": '1',
"0010": '2',
"0011": '3',
"0100": '4',
"0101": '5',
"0110": '6',
"0111": '7',
"1000": '8',
"1001": '9',
"1010": 'A',
"1011": 'B',
"1100": 'C',
"1101": 'D',
"1110": 'E',
"1111": 'F'}
hex = ""
for i in range(0, len(s), 4):
ch = ""
ch = ch + s[i]
ch = ch + s[i + 1]
ch = ch + s[i + 2]
ch = ch + s[i + 3]
hex = hex + mp[ch]

return hex

# Binary to decimal conversion

def bin2dec(binary):

binary1 = binary
decimal, i, n = 0, 0, 0
while(binary != 0):
dec = binary % 10
decimal = decimal + dec * pow(2, i)
 binary = binary//10
i += 1
return decimal

# Decimal to binary conversion

def dec2bin(num):
res = bin(num).replace("0b", "")
if(len(res) % 4 != 0):
div = len(res) / 4
div = int(div)
counter = (4 * (div + 1)) - len(res)
for i in range(0, counter):
res = '0' + res
return res

# Permute function to rearrange the bits

def permute(k, arr, n):
permutation = ""
for i in range(0, n):
permutation = permutation + k[arr[i] - 1]
return permutation

# shifting the bits towards left by nth shifts

def shift_left(k, nth_shifts):
s = ""
for i in range(nth_shifts):
for j in range(1, len(k)):
s = s + k[j]
s = s + k[0]
k=s
s = ""
return k
# calculating xow of two strings of binary number a and b
def xor(a, b):
ans = ""
for i in range(len(a)):
if a[i] == b[i]:
ans = ans + "0"
else:
ans = ans + "1"
return ans

# Table of Position of 64 bits at initial level: Initial Permutation Table

initial_perm = [58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
 57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7]
# Expansion D-box Table
exp_d = [32, 1, 2, 3, 4, 5, 4, 5,
6, 7, 8, 9, 8, 9, 10, 11,
12, 13, 12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21, 20, 21,
22, 23, 24, 25, 24, 25, 26, 27,
28, 29, 28, 29, 30, 31, 32, 1]
# Straight Permutation Table
per = [16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25]
# S-box Table
sbox = [[[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7],
[0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8],
[4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0],
[15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]],

[[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10],

[3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5],
[0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15],
[13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]],

[[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8],

[13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1],
[13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7],
[1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]],
 [[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15],
[13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9],
[10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4],
[3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]],

[[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9],

[14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6],
[4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14],
[11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]],

[[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11],

[10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8],
[9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6],
[4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]],

[[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1],

[13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6],
[1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2],
[6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]],

[[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7],

[1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2],
[7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8],
[2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]]]
# Final Permutation Table
final_perm = [40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25]
def encrypt(pt, rkb, rk):
pt = hex2bin(pt)

# Initial Permutation
pt = permute(pt, initial_perm, 64)
print("After initial permutation", bin2hex(pt))
# Splitting
left = pt[0:32]
right = pt[32:64]
for i in range(0, 16):
# Expansion D-box: Expanding the 32 bits data into 48 bits
right_expanded = permute(right, exp_d, 48)
# XOR RoundKey[i] and right_expanded
xor_x = xor(right_expanded, rkb[i])
# S-boxex: substituting the value from s-box table by calculating
row and column
sbox_str = ""
for j in range(0, 8):
row = bin2dec(int(xor_x[j * 6] + xor_x[j * 6 + 5]))
col = bin2dec(
int(xor_x[j * 6 + 1] + xor_x[j * 6 + 2] + xor_x[j * 6 + 3] + xor_x[j
* 6 + 4]))
val = sbox[j][row][col]
sbox_str = sbox_str + dec2bin(val)

# Straight D-box: After substituting rearranging the bits

sbox_str = permute(sbox_str, per, 32)
# XOR left and sbox_str
result = xor(left, sbox_str)
left = result
# Swapper
if(i != 15):
left, right = right, left
print("Round ", i + 1, " ", bin2hex(left),
" ", bin2hex(right), " ", rk[i])
 # Combination
combine = left + right
# Final permutation: final rearranging of bits to get cipher text
cipher_text = permute(combine, final_perm, 64)
return cipher_text
pt = "123456ABCD132536"
key = "AABB09182736CCDD"
# Key generation
# --hex to binary
key = hex2bin(key)
# --parity bit drop table
keyp = [57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4]
# getting 56 bit key from 64 bit using the parity bits
key = permute(key, keyp, 56)
# Number of bit shifts
shift_table = [1, 1, 2, 2,
2, 2, 2, 2,
1, 2, 2, 2,
2, 2, 2, 1]
# Key- Compression Table : Compression of key from 56 bits to 48 bits
key_comp = [14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32]
# Splitting
left = key[0:28] # rkb for RoundKeys in binary
right = key[28:56] # rk for RoundKeys in hexadecimal
rkb = []
rk = []
for i in range(0, 16):
# Shifting the bits by nth shifts by checking from shift table
left = shift_left(left, shift_table[i])
right = shift_left(right, shift_table[i])
# Combination of left and right string
combine_str = left + right
# Compression of key from 56 to 48 bits
round_key = permute(combine_str, key_comp, 48)
rkb.append(round_key)
rk.append(bin2hex(round_key))

print("Encryption")
cipher_text = bin2hex(encrypt(pt, rkb, rk))
print("Cipher Text : ", cipher_text)

print("Decryption")
rkb_rev = rkb[::-1]
rk_rev = rk[::-1]
text = bin2hex(encrypt(cipher_text, rkb_rev, rk_rev))
print("Plain Text : ", text)
# This code is contributed by Aditya Jain
Output:
Encryption
After initial permutation 14A7D67818CA18AD
Round 1 18CA18AD 5A78E394 194CD072DE8C
Round 2 5A78E394 4A1210F6 4568581ABCCE
Round 3 4A1210F6 B8089591 06EDA4ACF5B5
Round 4 B8089591 236779C2 DA2D032B6EE3
Round 5 236779C2 A15A4B87 69A629FEC913
Round 6 A15A4B87 2E8F9C65 C1948E87475E
Round 7 2E8F9C65 A9FC20A3 708AD2DDB3C0
Round 8 A9FC20A3 308BEE97 34F822F0C66D
Round 9 308BEE97 10AF9D37 84BB4473DCCC
Round 10 10AF9D37 6CA6CB20 02765708B5BF
Round 11 6CA6CB20 FF3C485F 6D5560AF7CA5
Round 12 FF3C485F 22A5963B C2C1E96A4BF3
Round 13 22A5963B 387CCDAA 99C31397C91F
Round 14 387CCDAA BD2DD2AB 251B8BC717D0
Round 15 BD2DD2AB CF26B472 3330C5D9A36D
Round 16 19BA9212 CF26B472 181C5D75C66D
Cipher Text : C0B7A8D05F3A829C
Decryption
After initial permutation 19BA9212CF26B472
Round 1 CF26B472 BD2DD2AB 181C5D75C66D
Round 2 BD2DD2AB 387CCDAA 3330C5D9A36D
Round 3 387CCDAA 22A5963B 251B8BC717D0
Round 4 22A5963B FF3C485F 99C31397C91F
Round 5 FF3C485F 6CA6CB20 C2C1E96A4BF3
Round 6 6CA6CB20 10AF9D37 6D5560AF7CA5
Round 7 10AF9D37 308BEE97 02765708B5BF
Round 8 308BEE97 A9FC20A3 84BB4473DCCC
Round 9 A9FC20A3 2E8F9C65 34F822F0C66D
Round 10 2E8F9C65 A15A4B87 708AD2DDB3C0
Round 11 A15A4B87 236779C2 C1948E87475E
Round 12 236779C2 B8089591 69A629FEC913
Round 13 B8089591 4A1210F6 DA2D032B6EE3
Round 14 4A1210F6 5A78E394 06EDA4ACF5B5
Round 15 5A78E394 18CA18AD 4568581ABCCE
Round 16 14A7D678 18CA18AD 194CD072DE8C
Plain Text : 123456ABCD132536

Strength of Data encryption standard (DES)

Data Encryption Standard (DES) is a symmetric block cipher. By ‘symmetric’, we
mean that the size of input text and output text (ciphertext) is same (64-bits). The
block here means that it takes group of bits together as input instead of encrypting the
text bit by bit. Data encryption standard (DES) has been found vulnerable to very
powerful attacks and therefore, it was replaced by Advanced Encryption Standard
(AES).
 It is a block cipher that encrypts data in 64 bit blocks.
 It takes a 64-bit plaintext input and generates a corresponding 64-bit ciphertext
output.
 The main key length is 64-bit which is transformed into 56-bits by skipping every
8th bit in the key.
 It encrypts the text in 16 rounds where each round uses 48-bit subkey.
 This 48-bit subkey is generated from the 56-bit effective key.
 The same algorithm and key are used for both encryption and decryption with
minor changes.
Working of Data Encryption Standard (DES)
DES is based on the two attributes of Feistel cipher i.e. Substitution (also called
confusion) and Transposition (also called diffusion). DES consists of 16 steps, each of
which is called a round. Each round performs the steps of substitution and
transposition along with other operations.
 DES WORKING

To know the detail working of the Data Encryption Standard you can refer to the
article : Working of Data Encryption Standard
The encryption starts with a 64-bit plaintext that needs to be encrypted using a
64-bit key. Plaintext is passed to Initial Permutation function and key is permuted
using Permuted Choice 1 (PC-1).

Data encryption standard (DES) Strength

The Data Encryption Standard (DES), introduced in the 1970s, was once a
widely used encryption algorithm for securing sensitive data. However, its strength
has been considered insufficient by modern standards due to its vulnerability to brute-
force attacks.

Here's an overview of the strengths :

Simplicity and Efficiency

 Easy to Implement: DES was designed to be simple to implement, both in
hardware and software. The encryption and decryption processes are
straightforward and involve well-defined operations like permutations and
substitutions.
 Low Computational Overhead: Because of its simplicity, DES can be
implemented with minimal computational resources. This made it especially useful
in environments where processing power was limited (such as older computers and
hardware devices).
 Fast Encryption/Decryption: DES is relatively fast compared to other
encryption algorithms of its time. It has a relatively simple structure, and its block
cipher approach makes it easy to encrypt large amounts of data efficiently.

Widespread Adoption
 Global Standard: When DES was introduced in the 1970s, it became the de facto
standard for data encryption. It was adopted by numerous industries and
government organizations around the world for securing communications and
data.
 Used in Financial Systems: For many years, DES was used in financial systems,
such as ATMs and credit card transactions. Banks and other financial institutions
trusted it for protecting transaction data.

Thorough Cryptographic Analysis

 Well Studied: DES was subjected to extensive cryptographic analysis over the
years. As the algorithm became more widely adopted, experts carefully reviewed its
security. This rigorous study helped to identify both strengths and weaknesses in
the system.
 Public Scrutiny: DES was one of the first publicly available encryption
algorithms that received intense academic and practical scrutiny. Cryptographers
and researchers were able to analyze the algorithm in depth, which eventually
helped improve the overall field of cryptography.
 Trust in the Algorithm: When it was first developed, DES was considered
secure. Its security was based on the idea of complexity derived from its design,
and it remained trustworthy for many years due to its widespread use and deep
cryptographic validation.

Block Cipher Structure

 64-bit Block Size: DES works by encrypting data in blocks of 64 bits (8 bytes) at
a time. This means that it processes chunks of data, making it suitable for many
types of data storage and transmission. A 64-bit block is large enough to provide
efficient encryption while still being manageable for processing at the time.
 Fixed Block Size: Having a fixed block size allows DES to be consistent in how it
handles data, and this standardization made it easier to integrate into systems and
protocols.
 Versatile for Different Applications: Since it operates on fixed-size blocks,
DES could be adapted for use in various systems, such as secure file storage, secure
communications, and even low-bandwidth devices (like older telecommunication
systems).

Resistance to Certain Types of Attacks

 Good for Its Time: At the time of its creation, DES was resistant to many of the
attacks that were known then. It provided strong security compared to other
encryption algorithms available in the 1970s.
 Feistel Network Structure: DES uses a Feistel network, which is a structure for
designing symmetric encryption algorithms. This design allows for a high degree of
confusion and diffusion, which are cryptographic principles aimed at making it
harder for an attacker to find relationships between the plaintext and ciphertext.
 Key Schedule: DES uses a key schedule to derive 16 subkeys from the main 56-
bit key, making it more resistant to certain attacks (like brute force) compared to
simpler ciphers that don’t use such a schedule.

Standardization and Interoperability

 International Standard: DES was one of the first cryptographic algorithms to
be standardized by national bodies like the American National Standards Institute
(ANSI) and the International Organization for Standardization (ISO). This made it
easier to integrate into international systems and protocols.
 Interoperable Across Systems: Its standardization also meant that DES could
be used across different hardware platforms and software applications. It became a
universal standard that could be trusted by businesses, governments, and
individuals alike.
Weaknesses of DES:
 Short Key Length (56 bits): The key used in DES is only 56 bits long. This is too
short, meaning there aren’t enough possible combinations to keep it safe. Today’s
computers can easily guess the correct key through brute-force attacks.
 Easy to Break with Brute Force: Because of its short key, DES can be cracked
quickly by modern computers trying all possible keys.
 Old and Weak: As technology improved, DES became outdated and less secure.
It can no longer be relied upon to protect sensitive information.

RSA Algorithm in Cryptography

RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key

cryptography algorithm which means it works on two different keys: Public
Key and Private Key. The Public Key is used for encryption and is known to
everyone, while the Private Key is used for decryption and must be kept secret by the
receiver. RSA Algorithm is named after Ron Rivest, Adi Shamir and Leonard Adleman,
who published the algorithm in 1977.

Example of Asymmetric Cryptography:

If Person A wants to send a message securely to Person B:
 Person A encrypts the message using Person B's Public Key.
 Person B decrypts the message using their Private Key.

RSA Algorithm
RSA Algorithm is based on factorization of large number and modular
arithmetic for encrypting and decrypting data. It consists of three main stages:
1. Key Generation: Creating Public and Private Keys
2. Encryption: Sender encrypts the data using Public Key to get cipher text.
3. Decryption: Decrypting the cipher text using Private Key to get the original
data.
1. Key Generation
 Choose two large prime numbers, say p and q. These prime numbers should be kept
secret.
 Calculate the product of primes, n = p * q. This product is part of the public as well
as the private key.
 Calculate Euler Totient FunctionΦ(n) as Φ(n) = Φ(p * q) = Φ(p) * Φ(q) = (p - 1)
* (q - 1).
 Choose encryption exponent e, such that
o 1 < e < Φ(n), and
o gcd(e, Φ(n)) = 1, that is e should be co-prime with Φ(n).
 Calculate decryption exponent d, such that
o (d * e) ≡ 1 mod Φ(n), that is d is modular multiplicative
inverse of e mod Φ(n). Some common methods to calculate multiplicative
inverse are: Extended Euclidean Algorithm, Fermat's Little Theorem, etc.
o We can have multiple values of d satisfying (d * e) ≡ 1 mod Φ(n) but it
does not matter which value we choose as all of them are valid keys and
will result into same message on decryption.
Finally, the Public Key = (n, e) and the Private Key = (n, d).

2. Encryption
To encrypt a message M, it is first converted to numerical representation using ASCII
and other encoding schemes. Now, use the public key (n, e) to encrypt the message and
get the cipher text using the formula:
C = Me mod n, where C is the Cipher text and e and n are parts of public key.

3. Decryption
To decrypt the cipher text C, use the private key (n, d) and get the original data using
the formula:
M = Cd mod n, where M is the message and d and n are parts of private key.

Example of RSA Algorithm

Idea behind RSA Algorithm
The idea of RSA is based on the fact that it is difficult to factorize a large integer.
The Public Key is (n, e), where n and e are publicly known, while the Private Key is (n,
d). Since only the receiver knows the value of d, only they can decrypt the message. But
is it possible to find the value of d using n and e?
We know that (d * e) ≡ 1 mod Φ(n), so if we can calculate the value
of Φ(n), we can find the value of d. But Φ(n) = (p - 1) * (q - 1). So, we need the value
of p and q. Now, one might think that it's quite easy to find the value of p and q as n = p
* q and n is already publicly known but RSA Algorithm takes the value of p and q to be
very large which in turn makes the value of n extremely large and factorizing such a
large value is computationally impossible.
Therefore encryption strength lies in the values of p and q. RSA keys can be
typically 1024 or 2048 bits long, but experts believe that 1024-bit keys could be broken
shortly. But till now it seems to be an infeasible task.
Note: If someone gets to know the value of p and q, then he can calculate the value
of d and decrypt the message.

Implementation of RSA Algorithm

# Python Program for implementation of RSA Algorithm

def power(base, expo, m):

res = 1
base = base % m
while expo > 0:
if expo & 1:
res = (res * base) % m
base = (base * base) % m
expo = expo // 2
return res

# Function to find modular inverse of e modulo phi(n)

# Here we are calculating phi(n) using Hit and Trial Method
# but we can optimize it using Extended Euclidean Algorithm
def modInverse(e, phi):
for d in range(2, phi):
if (e * d) % phi == 1:
return d
return -1
# RSA Key Generation
def generateKeys():
p = 7919
q = 1009

n=p*q
phi = (p - 1) * (q - 1)

# Choose e, where 1 < e < phi(n) and gcd(e, phi(n)) == 1

e=0
for e in range(2, phi):
if gcd(e, phi) == 1:
break

# Compute d such that e * d ≡ 1 (mod phi(n))

d = modInverse(e, phi)

return e, d, n

# Function to calculate gcd

def gcd(a, b):
while b != 0:
a, b = b, a % b
return a

# Encrypt message using public key (e, n)

def encrypt(m, e, n):
return power(m, e, n)

# Decrypt message using private key (d, n)

def decrypt(c, d, n):
return power(c, d, n)

# Main execution
if __name__ == "__main__":

# Key Generation
e, d, n = generateKeys()

print(f"Public Key (e, n): ({e}, {n})")

print(f"Private Key (d, n): ({d}, {n})")

# Message
M = 123
print(f"Original Message: {M}")

# Encrypt the message

C = encrypt(M, e, n)
print(f"Encrypted Message: {C}")

# Decrypt the message

decrypted = decrypt(C, d, n)
print(f"Decrypted Message: {decrypted}")
Output
Public Key (e, n): (5, 7990271)
Private Key (d, n): (1596269, 7990271)
Original Message: 123
Encrypted Message: 3332110
Decrypted Message: 123
Advantages
 Security: RSA algorithm is considered to be very secure and is widely used for
secure data transmission.
 Public-key cryptography: RSA algorithm is a public-key cryptography algorithm,
which means that it uses two different keys for encryption and decryption. The
public key is used to encrypt the data, while the private key is used to decrypt the
data.
 Key exchange: RSA algorithm can be used for secure key exchange, which means
that two parties can exchange a secret key without actually sending the key over the
network.
 Digital signatures: RSA algorithm can be used for digital signatures, which means
that a sender can sign a message using their private key, and the receiver can verify
the signature using the sender's public key.
 Widely used: Online banking, e-commerce, and secure communications are just a
few fields and applications where the RSA algorithm is extensively developed.

Disadvantages

 Slow processing speed: RSA algorithm is slower than other encryption

algorithms, especially when dealing with large amounts of data.
 Large key size: RSA algorithm requires large key sizes to be secure, which means
that it requires more computational resources and storage space.
 Vulnerability to side-channel attacks: RSA algorithm is vulnerable to side-
channel attacks, which means an attacker can use information leaked through side
channels such as power consumption, electromagnetic radiation, and timing
analysis to extract the private key.
 Limited use in some applications: RSA algorithm is not suitable for some
applications, such as those that require constant encryption and decryption of large
amounts of data, due to its slow processing speed.
 Complexity: The RSA algorithm is a sophisticated mathematical technique that
some individuals may find challenging to comprehend and use.
 Key Management: The secure administration of the private key is necessary for
the RSA algorithm, although in some cases this can be difficult.
 Vulnerability to Quantum Computing: Quantum computers have the ability to
attack the RSA algorithm, potentially decrypting the data.

MCQ:
1. What is a block cipher?
a) Encrypts data one bit at a time
b) Encrypts data in fixed-size blocks
c) Encrypts data using public keys
d) Encrypts data using hash functions
Answer: b) Encrypts data in fixed-size blocks
2. Which structure is commonly used in block cipher design?
a) Caesar cipher
b) Feistel network
c) Vigenère cipher
d) One-time pad
Answer: b) Feistel network
3. In a Feistel cipher, the encryption and decryption processes are:
a) Identical
b) Completely different
c) Only the key schedule differs
d) Not related
Answer: a) Identical
4. What are the two main operations in a block cipher as per Shannon?
a) Substitution and permutation
b) Confusion and diffusion
c) Encryption and decryption
d) Compression and decompression
Answer: b) Confusion and diffusion
5. Which mode of operation turns a block cipher into a stream cipher?
a) ECB
b) CBC
c) OFB
d) CFB
Answer: c) OFB
6. Which mode of operation is suitable for parallel processing?
a) ECB
b) CBC
c) CTR
d) CFB
Answer: c) CTR
7. In CBC mode, each plaintext block is XORed with:
a) The previous plaintext block
b) The previous ciphertext block
c) The next plaintext block
d) The next ciphertext block
Answer: b) The previous ciphertext block
8. What is the main purpose of an Initialization Vector (IV) in block
cipher modes?
a) To increase encryption speed
b) To ensure unique ciphertexts for identical plaintexts
c) To reduce key size
d) To simplify key management
Answer: b) To ensure unique ciphertexts for identical plaintexts
9. Which block cipher mode does not require padding?
a) ECB
b) CBC
c) CFB
d) OFB
Answer: c) CFB
10. In which mode is error propagation limited to two blocks?
a) ECB
b) CBC
c) CFB
d) OFB Answer: b) CBC
11. DES operates on blocks of size:
a) 32 bits
b) 48 bits
c) 56 bits
d) 64 bits
Answer: d) 64 bits
12. The effective key length of DES is:
a) 56 bits
b) 64 bits
c) 128 bits
d) 192 bits
Answer: a) 56 bits
13. DES uses how many rounds of processing?
a) 8
b) 12
c) 16
d) 20
Answer: c) 16
14. DES follows which cipher structure?
a) Substitution-permutation
b) Feistel
c) Transposition
d) Stream
Answer: b) Feistel
15. In DES, the key schedule generates how many subkeys?
a) 8
b) 12
c) 16
d) 20
Answer: c) 16
16. The initial permutation (IP) in DES is:
a) Applied after the final round
b) Applied before the first round
c) Not used
d) Applied only during decryption
Answer: b) Applied before the first round
17. DES was developed by:
a) NSA
b) IBM
c) Microsoft
d) Intel
Answer: b) IBM
18. Which algorithm is a variant of DES with increased security?
a) AES
b) Triple DES (3DES)
c) RSA
d) Blowfish
Answer: b) Triple DES (3DES)
19. DES encryption and decryption processes are:
a) Completely different
b) Identical except for key schedule
c) Identical
d) Not related
Answer: b) Identical except for key schedule
20. The expansion permutation in DES expands 32 bits to:
a) 32 bits
b) 48 bits
c) 56 bits
d) 64 bits
Answer: b) 48 bits

21. One of the main weaknesses of DES is:

a) Complex algorithm
b) Short key length
c) Slow processing
d) Lack of documentation
Answer: b) Short key length
22. DES is vulnerable to which type of attack due to its key size?
a) Differential cryptanalysis
b) Linear cryptanalysis
c) Brute-force attack
d) Side-channel attack
Answer: c) Brute-force attack
23. The number of possible keys in DES is:
a) 2^56
b) 2^64
c) 2^128
d) 2^192
Answer: a) 2^56
24. Which property of DES allows for a reduction in brute-force attack
effort?
a) Complementation property
b) Avalanche effect
c) Key schedule
d) S-box design
Answer: a) Complementation property
25. DES has how many weak keys?
a) 2
b) 4
c) 6
d) 8
Answer: b) 4
26. Triple DES (3DES) was introduced to:
a) Simplify DES
b) Increase key length and security
c) Reduce processing time
d) Replace AES
Answer: b) Increase key length and security
27. Which of the following is a reason for the decline in DES usage?
a) Patent issues
b) Emergence of quantum computers
c) Short key length making it insecure
d) Complexity in implementation
Answer: c) Short key length making it insecure
28. Linear cryptanalysis of DES requires approximately how many
known plaintexts?
a) 2^32
b) 2^43
c) 2^56
d) 2^64
Answer: b) 2^43
29. DES is considered a:
a) Stream cipher
b) Asymmetric cipher
c) Symmetric block cipher
d) Hash function
Answer: c) Symmetric block cipher
30. Which organization standardized DES in the United States?
a) NSA
b) NIST
c) IEEE
d) ISO
Answer: b) NIST
31. What does RSA stand for in cryptography?
a) Randomized Security Algorithm
b) Rivest–Shamir–Adleman
c) Reliable Secure Architecture
d) Recursive Security Approach
Answer: b) Rivest–Shamir–Adleman
32. RSA is an example of which type of cryptographic algorithm?
a) Symmetric key algorithm
b) Asymmetric key algorithm
c) Hashing algorithm
d) Stream cipher
Answer: b) Asymmetric key algorithm
33. In RSA, the public key consists of:
a) (n, d)
b) (e, d)
c) (n, e)
d) (p, q)
Answer: c) (n, e)
34. In RSA, the private key is represented by:
a) (n, e)
b) (n, d)
c) (e, d)
d) (p, q)
Answer: b) (n, d)
35. What is the primary mathematical problem that RSA's security relies
upon?
a) Discrete logarithm problem
b) Integer factorization problem
c) Elliptic curve problem
d) Knapsack problem
Answer: b) Integer factorization problem
36. In RSA, the modulus n is calculated as:
a) n = p + q
b) n = p × q
c) n = p − q
d) n = p ÷ q
Answer: b) n = p × q
37. Euler's totient function φ(n) for RSA is computed as:
a) φ(n) = (p + 1)(q + 1)
b) φ(n) = (p − 1)(q − 1)
c) φ(n) = p × q
d) φ(n) = p − q
Answer: b) φ(n) = (p − 1)(q − 1)
38. The public exponent e in RSA must satisfy which condition?
a) e divides φ(n)
b) e is a multiple of φ(n)
c) e and φ(n) are co-prime
d) e equals φ(n)
Answer: c) e and φ(n) are co-prime
39. The private exponent d in RSA is calculated as:
a) d = e × φ(n)
b) d = e − φ(n)
c) d = e mod φ(n)
d) d = e⁻¹ mod φ(n)
Answer: d) d = e⁻¹ mod φ(n)
40. Which of the following is a commonly used value for the public
exponent e in RSA?
a) 1
b) 3
c) 17
d) 65537
Answer: d) 65537
41. In RSA, encryption of a message M is performed as:
a) C = M × e mod n
b) C = M^e mod n
c) C = M + e mod n
d) C = M − e mod n
Answer: b) C = M^e mod n
42. Decryption of a ciphertext C in RSA is performed as:
a) M = C × d mod n
b) M = C^d mod n
c) M = C + d mod n
d) M = C − d mod n
Answer: b) M = C^d mod n
43. Which of the following is a potential vulnerability in RSA if small
public exponents are used without proper padding?
a) Timing attacks
b) Chosen-plaintext attacks
c) Coppersmith's attack
d) Man-in-the-middle attacks
Answer: c) Coppersmith's attack
44. What is the primary reason for using padding schemes like OAEP in
RSA?
a) To increase encryption speed
b) To reduce key size
c) To prevent deterministic encryption
d) To simplify key generation
Answer: c) To prevent deterministic encryption
45. Which of the following is NOT a correct statement about RSA?
a) RSA can be used for both encryption and digital signatures
b) RSA's security is based on the difficulty of factoring large primes
c) RSA is faster than symmetric key algorithms for bulk data encryption
d) RSA requires key sizes of at least 2048 bits for strong security
Answer: c) RSA is faster than symmetric key algorithms for bulk data
encryption
46. In RSA, if the same message is encrypted with the same public key,
the ciphertext will be:
a) Always the same
b) Always different
c) Different only if padding is used
d) Unpredictable
Answer: c) Different only if padding is used
47. Which of the following algorithms is commonly used to factor large
integers and potentially break RSA?
a) Shor's algorithm
b) Diffie-Hellman
c) ElGamal
d) AES
Answer: a) Shor's algorithm
48. What is the main advantage of RSA over symmetric key algorithms?
a) Faster encryption and decryption
b) Smaller key sizes
c) No need to share secret keys
d) Simpler implementation
Answer: c) No need to share secret keys
49. In the context of RSA, what is the purpose of the modulus n?
a) It defines the size of the key
b) It ensures the message space is finite
c) It is used to compute the totient function
d) All of the above
Answer: d) All of the above
50. Which of the following is a correct statement about the relationship
between the public and private keys in RSA?
a) They are identical
b) They are multiplicative inverses modulo n
c) They are additive inverses modulo φ(n)
d) They are multiplicative inverses modulo φ(n)
Answer: d) They are multiplicative inverses modulo φ(n)
5 MARKS:

1. Explain the design principles of block ciphers.

2. Describe the working of the Data Encryption Standard (DES) algorithm.
3. Discuss the strengths and weaknesses of the DES algorithm.
4. Explain the RSA algorithm and its key generation process.
5. Compare and contrast DES and RSA algorithms.

10 MARKS:

1. Explain the Feistel structure used in block cipher design. How does it facilitate
both encryption and decryption processes?
2. Describe the key schedule algorithm in DES and its role in the encryption
process.
3. Analyze the strengths and weaknesses of DES in the context of modern
cryptographic requirements.
4. Explain the concept of weak and semi-weak keys in DES. How do they affect the
cipher's security?
5. Describe the RSA algorithm, including key generation, encryption, and
decryption processes.
6. Discuss the mathematical foundations of RSA and how they contribute to its
security.
7. Compare and contrast DES and RSA in terms of algorithm type, key
management, and typical use cases.
8. Explain the role of padding schemes in RSA encryption and their importance in
securing the algorithm.
9. Describe the various modes of operation for block ciphers and their impact on
data encryption.
10. Analyze the impact of key length on the security of DES and RSA algorithms.
 UNIT-IV NETWORK SECURITY PRACTICES
Top 10 Network Security Best Practices in 2025
Are your network defenses strong enough to withstand today's advanced
cyber threats? What measures have you implemented to protect your
organization's data? As cyberattacks become more frequent, sophisticated, and
devastating, these questions are more critical than ever. Organizations face a constant
barrage of threats—from ransomware and data breaches to phishing
scams and advanced persistent threats (APTs). With each passing day, the
stakes grow higher. A single vulnerability could compromise your entire network,
exposing sensitive data and threatening the continuity of your business operations.

How can you ensure your network security strategies keep pace with the ever-
evolving landscape of cyber risks? This guide delves into the top 10 network
security best practices that can help you build a robust and resilient defense
system.

Table of Content
 What is Network Security?
 Top 10 Network Security Best Practices in 2025
o 1. Data Loss Prevention
o 2. Prevent Social Engineering Attacks
o 3. Educate the Employees
o 4. Use Regular Data Backups
o 5. Audit the network and check the security
o 6. Set appropriate access controls
o 7. Update Anti-malware Software
o 8. Aggregate your data in a SIEM
o 9. Secure your routers
o 10. Access to the PCAP
o
What is Network Security?
Network Security refers to the practice of protecting the network and
data from breaches and other threats. Therefore in simple terms, it is a process
of keeping the data safe from the attackers and making sure that the users have
access to the resources that are needed. The four important components of network
security are- Firewalls, network access control and security
information, Intrusion Prevention System, and event management.

Top 10 Network Security Best Practices in 2025

There are various network security practices are there to protect the data
and information from the attacks. Some of the best network security practices are
mentioned below.
1. Data Loss Prevention
Execution or implementation of data loss prevention software is mainly
important and the major data breaches involve internal factors which include
employee breaches. Therefore this is the reason why implementation of data loss
prevention software is needed.
Advantages
 The main purpose of data loss prevention software is to monitor the network.
 It helps to spot whether an individual is violating sensitive data security policies
by transferring it to an unsafe system or not.
 By implementing the software the individuals can prevent both accidental and
malicious leaks.
2. Prevent Social Engineering Attacks
Looking out for Social Engineering attacks is another important network
practice that is used to obtain access credentials and passwords by
manipulating individuals. They are mostly depended on the exploits rather than
the technical vulnerabilities in the system. Therefore it is known that mostly the
majority of cyber attacks depend on social engineering.
Advantages
 By using email filtering tools and implementing strong password policies social
engineering attacks can be prevented.
 Reassessing access credentials regularly helps to protect from social engineering
attacks.
 Also monitoring the network traffic and making multi-factor authentication helps
prevent social engineering attacks.

3. Educate the Employees

Educating the employees is one of the best network security practices that
can be taken by the organization to prevent social engineering attacks to educate
the employees. By providing the relevant knowledge and understanding about the
dangerous applications, and phishing techniques individuals can be aware of the
potential threats.
Advantages
 Training should be organized where individuals should be taught about how to
create strong passwords.
 The training sessions should include about information and knowledge of
phishing and what phishing email looks like.
 The individuals should know about the rules and regulations, data protection
policies, and procedures.
4. Use Regular Data Backups
The organizations mainly store, collect, and produce a large amount of data,
and losing control over these data causes a loss to the organizations.
Therefore backing up the data regularly is one of the good practices of network
security as it protects from data loss. Thus regular backups allow the individuals to
protect the sensitive data from several threats.
Advantages
 It is one of the best practices to protect the data from being lost as it consists of
various important data of the companies.
 It is a good practice to create at least three copies of the files so that it cannot be
lost.
 With regular data backups, you will be assured that you won’t lose all of your
data to accidental deletions, ransomware attacks, and so on.
5. Audit the network and check the security
Having an understanding and knowledge is important in maintaining a secure
environment. Therefore to have an accurate perspective on the security posture it is
important that the Information technology organization needs to run an audit of the
network. Auditing is used to confirm the overall efficiency of the security
infrastructure.
Advantages
 By using the IT individuals can identify the potential threats which need further
correction.
 It helps in determining the strength of the firewall and the currency of its
setting.
 It also helps to measure the state of the networked servers, software,
applications, and gear.
6. Set appropriate access controls
By effectively managing the access management and setting appropriate access
control helps to manage the network security and it is a well-known best practice.
Therefore by having correct policies in place to dictate which devices and users have
the correct of entry to the resources.
Advantages
 Employing access management systems and privileged access to control who
can retrieve information is important.
 Effective password management is a part of network security as it helps to
manage security by making strong passwords.
 Multifactor authentication is another important tool that validates that the
only user has access to the proper resource.

7. Update Anti-malware Software

Updating the antimalware software is another best practice as it is one of the
easiest to address. Security professionals should be able to do periodic checks on
their antimalware software by making sure that all the devices are running mostly
up-to-date security software. Therefore the information technology also automates its
patch management whenever possible.
Advantages
 Updating the antimalware software helps ensure that the device is being
protected from various threats.
 The antimalware software needs to be updated regularly so that it protects the
devices.
 By enabling real time scanning or active protection feature it helps to protect the
device from threats.
8. Aggregate your data in a SIEM
The security information and event management technologies aggregate
activity from the network. Therefore SIEMs and the other security analytics solutions
are only as good as the data being fed into the systems. Without good data these
systems are unable to conduct the correlation to provide the insights enterprises are
seeking.
Advantages
 The SIEM platforms aggregate the historical data and real-time alerts from the
security solutions and IT systems.
 They help in analyzing the data and establishing the relationships which helps in
identifying the vulnerabilities.
 It is a centralized platform which enables security analysts to review and make
sense of the data.
9. Secure your routers
A security event or a security breach can take place simply by hitting the
reset button on the network router therefore it is considered moving routers to a more
secure location such as a locked room or closet. Therefore securing the routers helps
to maintain safety and is known as a best practice in network security.
Advantages
 Video surveillance equipment and CCTV can also be installed in the server or
network room for safety purposes.
 The routers should be configured to change the default password and network
names which the attackers can be found online.
 One of the good way to secure the routers from being stolen is to change the
default login credentials.
10. Access to the PCAP
PCAP refers to Package capture mainly involves intercepting the data packet
as it moves through the network by storing it temporarily so that it can further be
analyzed for security purposes. Therefore one of the packets is captured and it is
stored temporarily so that it can be analyzed.
Advantages
 The packet is mainly used to inspect to help diagnose and solve the network
security policies that are being followed.
 There are also chances that the hackers can use this packet to capture the
techniques to steal the data therefore it needs to be secured so that no data can be
stolen.
 It helps in detecting the instruction, security incident and sudden spikes in the
network traffic.

Conclusion
Network security is known to protect the network and it is an important
security as it helps in preventing cybercriminals from gaining access to
valuable data and sensitive information. It is important in businesses and
organizations as it helps to focus on instituting and sharing the strategies on how
individuals and network security can focus on adapting the security
measures and get an understanding of different threats. Therefore in this
article, detailed knowledge has been provided about the network.

What is IP Security (IPSec)

IP Security (IPSec) refers to a collection of communication rules or protocols
used to establish secure network connections. Internet Protocol (IP) is the common
standard that controls how data is transmitted across the internet. IPSec enhances the
protocol security by introducing encryption and authentication. IPSec encrypts
data at the source and then decrypts it at the destination. It also verifies the source of
the data.

Importance of IPSec
IPSec (Internet Protocol Security) is important because it helps keep your
data safe and secure when you send it over the Internet or any network. Here are some
of the important aspects why IPSec is Important:
 IPSec protects the data through Data Encryption.
 IPSec provides Data Integrity.
 IPSec is often used in Virtual Private Networks (VPNs) to create secure, private
connections.
 IPSec protects from Cyber Attacks.
Features of IPSec
 Authentication: IPSec provides authentication of IP packets using digital
signatures or shared secrets. This helps ensure that the packets are not tampered
with or forged.
 Confidentiality: IPSec provides confidentiality by encrypting IP packets,
preventing eavesdropping on the network traffic.
 Integrity: IPSec provides integrity by ensuring that IP packets have not been
modified or corrupted during transmission.
 Key management: IPSec provides key management services, including key
exchange and key revocation, to ensure that cryptographic keys are securely
managed.
 Tunneling: IPSec supports tunneling, allowing IP packets to be encapsulated
within another protocol, such as GRE (Generic Routing Encapsulation) or L2TP
(Layer 2 Tunneling Protocol).
 Flexibility: IPSec can be configured to provide security for a wide range of
network topologies, including point-to-point, site-to-site, and remote access
connections.
 Interoperability: IPSec is an open standard protocol, which means that it is
supported by a wide range of vendors and can be used in heterogeneous
environments.

How Does IPSec Work
IPSec (Internet Protocol Security) is used to secure data when it travels over the
Internet. IPSec works by creating secure connections between devices, making sure
that the information exchanged is kept safe from unauthorized access. IPSec majorly
operates in two ways i.e. Transport Mode and Tunnel Mode.
To provide security, IPSec uses two main protocols: AH (Authentication
Header) and ESP (Encapsulating Security Payload). Both protocols are very
useful as Authentication Header verifies the data that whether it comes from a
trusted source and hasn’t been changed, and ESP has the work of performing
authentication and also encrypts the data so that it becomes difficult to read.
For Encryption, IPSec uses cryptographic keys. It can be created and shared
using a process called IKE (Internet Key Exchange), that ensures that both
devices have the correct keys to establish a secure connection.
When two devices communicate using IPSec, the devices first initiate the connection
by sending a request to each other. After that, they mutually decide on protection of
data using passwords or digital certificates. Now, they establish the secure tunnel
for communication. Once the tunnel is set up, data can be transmitted safely, as IPSec
is encrypting the data and also checking the integrity of the data to ensure that data
has not been altered. After the communication is finished, the devices can close the
secure connection. In this way, the IPSec works.

IPsec Working
IPSec Connection Establishment Process
IPSec is a protocol suite used in securing communication using the Internet
Protocol such that each packet communicated in the course of a particular session is
authenticated and encrypted. The process of establishing an IPSec connection involves
two main phases:

Phase 1: Establishing the IKE (Internet Key Exchange) Tunnel

In phase 1, the main aim is to establish the secure channel the IKE tunnel, which is
used to further negotiations. Phase 1 can operate in one of two modes:
 Main Mode: Main Mode is a six-message exchange procedure that is more secure
than Basic Mode, although at the cost of a longer session, since identity
information is transmitted during negotiations.
 Aggressive Mode: Aggressive Mode takes lesser time with the exchange of three
messages and is less secure since more information like identity is disclosed during
the course of negotiation.

Phase 2: Establishing the IPSec Tunnel

Phase 2 is called Quick Mode and its aim is to negotiate the IPSec Security
Associations after the construction of a secure IKE tunnel has been made. There are
two modes in Phase 2.
 Tunnel Mode: This mode encapsulates the whole of the original IP packet
including the header and data. It is mostly deployed in the site to site VPNs.
 Transport Mode: By this mode, only the actual data to be transmitted is
encrypted and the header part of the IP packets remain unaltered. It is mainly
employed in end to end communication between hosts.

Difference Between IPSec Tunnel Mode and IPSec Transport Mode

 The IPSec tunnel mode is appropriate for sending data over public networks
because it improves data security against unauthorised parties. The computer
encrypts all data, including the payload and header, and adds a new header to it.
 IPSec transport mode encrypts only the data packet's payload while leaving the IP
header unchanged. The unencrypted packet header enables routers to determine
the destination address of each data packet. As a result, IPSec transport is utilized
in a closed and trusted network, such as to secure a direct link between two
computers.
Protocols Used in IPSec
It has the following components:
 Encapsulating Security Payload (ESP)
 Authentication Header (AH)
 Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data integrity, encryption,
authentication, and anti-replay. It also provides authentication for payload.
2. Authentication Header (AH): It also provides data integrity, authentication,
and anti-replay and it does not provide encryption. The anti-replay protection protects
against the unauthorized transmission of packets. It does not protect data
confidentiality.

IP Header
3. Internet Key Exchange (IKE): It is a network security protocol designed to
dynamically exchange encryption keys and find a way over Security Association (SA)
between 2 devices. The Security Association (SA) establishes shared security attributes
between 2 network entities to support secure communication. The Key Management
Protocol (ISAKMP) and Internet Security Association provides a framework for
authentication and key exchange. ISAKMP tells how the setup of the Security
Associations (SAs) and how direct connections between two hosts are using
IPsec. Internet Key Exchange (IKE) provides message content protection and also an
open frame for implementing standard algorithms such as SHA and MD5. The
algorithm's IP sec users produce a unique identifier for each packet. This identifier
then allows a device to determine whether a packet has been correct or not. Packets
that are not authorized are discarded and not given to the receiver.

Packets in Internet Protocol

IP Security Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are
 ESP (Encapsulation Security Payload)
 AH (Authentication Header)
IPSec Architecture includes protocols, algorithms, DOI, and Key Management. All
these components are very important in order to provide the three main services such
as Confidentiality, Authenticity and Integrity.

IPSec (IP Security) architecture uses two protocols to secure the traffic or
data flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header). IPSec Architecture includes protocols, algorithms, DOI, and
Key Management. All these components are very important in order to provide the
three main services:
 Confidentiality
 Authentication
 Integrity
IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general

concepts, definitions, protocols, algorithms, and security requirements of IP Security
technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality
service. Encapsulation Security Payload is implemented in either two ways:
 ESP with optional Authentication.
 ESP with Authentication.
Packet Format:

 Security Parameter Index(SPI): This parameter is used by Security

Association. It is used to give a unique number to the connection built between the
Client and Server.
 Sequence Number: Unique Sequence numbers are allotted to every packet so
that on the receiver side packets can be arranged properly.
 Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
 Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
 Next Header: Next header means the next payload or next actual data.
 Authentication Data This field is optional in ESP protocol packet format.

3. Encryption algorithm: The encryption algorithm is the document that

describes various encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication
and Integrity service. Authentication Header is implemented in one way only:
Authentication along with Integrity.

Authentication Header covers the packet format and general issues related to the use
of AH for packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of
documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH
and ESP protocols. It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how
the keys are exchanged between sender and receiver.

IPSec Encryption
IPSec encryption is a software function that encrypts data to protect it from
unauthorized access. An encryption key encrypts data, which must be decrypted.
IPSec supports a variety of encryption algorithms, including AES, Triple DES etc.
IPSec combines asymmetric and symmetric encryption to provide both speed and
security during data transmission. In asymmetric encryption, the encryption key is
made public, while the decryption key remains private. Symmetric encryption employs
the same public key to encrypt and decrypts data. IPSec builds a secure connection
using asymmetric encryption and then switches to symmetric encryption to speed up
data transmission.
IPSec VPN
VPN(Virtual Private Network) is a networking software that enables users to
browse the internet anonymously and securely. An IPSec VPN is a type of VPN
software that uses the IPSec protocol to establish encrypted tunnels over the internet.
It offers end-to-end encryption, which means that data is broken down at the
computer and then collected at the receiving server.

Uses of IP Security
IPsec can be used to do the following things:
 To encrypt application layer data.
 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
 To protect network data by setting up circuits using IPsec tunneling in which all
data being sent between the two endpoints is encrypted, as with a Virtual Private
Network(VPN) connection.

Advantages of IPSec
 Strong security: IPSec provides strong cryptographic security services that help
protect sensitive data and ensure network privacy and integrity.
 Wide compatibility: IPSec is an open standard protocol that is widely supported
by vendors and can be used in heterogeneous environments.
 Flexibility: IPSec can be configured to provide security for a wide range of
network topologies, including point-to-point, site-to-site, and remote access
connections.
 Scalability: IPSec can be used to secure large-scale networks and can be scaled up
or down as needed.
 Improved network performance: IPSec can help improve network
performance by reducing network congestion and improving network efficiency.

Disadvantages of IPSec
 Configuration Complexity: IPSec can be complex to configure and requires
specialized knowledge and skills.
 Compatibility Issues: IPSec can have compatibility issues with some network
devices and applications, which can lead to interoperability problems.
 Performance Impact: IPSec can impact network performance due to the
overhead of encryption and decryption of IP packets.
 Key Management: IPSec requires effective key management to ensure the
security of the cryptographic keys used for encryption and authentication.
 Limited Protection: IPSec only provides protection for IP traffic, and other
protocols such as ICMP, DNS, and routing protocols may still be vulnerable to
attacks.

Internet Protocol Authentication Header
The Internet Protocol Authentication Header (AH) is a component of the IPsec
(Internet Protocol Security) suite that provides data integrity, data origin
authentication, and optional anti-replay protection for IP packets. Authentication
Header ensures that the data was not modified during transmission and verifies the
identity of the sender. In this article, we will discuss Authentication Header.

What is an Authentication Header?

The Authentication Header (AH) is a security protocol used within the IPsec suite.
Its primary function is to ensure that the message remains unmodified during
transmission from the source and it confirms that the data originates from the
expected source. Authentication Header achieves this by adding a header to IP
packets, containing a checksum and a digital signature. Its main functions are:
 Message Integrity - It means, the message is not modified while coming from
the source.
 Source Authentication - It means, the source is exactly the source from whom
we were expecting data.

When a packet is sent from source A to Destination B, it consists of data that we

need to send and a header that consists of packet information. The Authentication
Header verifies the origin of data and also the payload to confirm if there has been
modification done in between, during transmission between source and destination.
However, in transit, values of some IP header fields might change (like- Hop count,
options, extension headers). So, the values of such fields cannot be protected from
Authentication header. Authentication header cannot protect every field of IP header.
It provides protection to fields which are essential to be protected.
Authentication Header Format

 Next Header - Next Header is 8-bit field that identifies type of header present
after Authentication Header. In case of TCP, UDP or destination header or some
other extension header it will store correspondence IP protocol number . Like,
number 4 in this field will indicate IPv4, number 41 will indicate IPv6 and number
6 will indicate TCP.
 Payload Length - Payload length is length of Authentication header and here we
use scaling factor of 4. Whatever be size of header, divide it by 4 and then subtract
by 2. We are subtracting by 2 because we’re not counting first 8 bytes of
Authentication header, which is first two row of picture given above. It means we
are not including Next Header, Payload length, Reserved and Security Parameter
index in calculating payload length. Like, say if payload length is given to be X.
Then (X+2)*4 will be original Authentication header length.
 Reserved - This is 16-bit field which is set to “zero” by sender as this field is
reserved for future use.

 Security Parameter Index (SPI) - It is arbitrary 32-bit field. It is very

important field which identifies all packets which belongs to present connection. If
we’re sending data from Source A to Destination B. Both A and B will already know
algorithm and key they are going to use. So for Authentication, hashing
function and key will be required which only source and destination will know
about. Secret key between A and B is exchanged by method of Diffie Hellman
algorithm. So Hashing algorithm and secret key for Security parameter index of
connection will be fixed. Before data transfer starts security association needs to be
established. In Security Association, both parties needs to communicate prior
to data exchange. Security association tells what is security parameter index,
hashing algorithm and secret key that are being used.
 Sequence Number - This unsigned 32-bit field contains counter value that
increases by one for each packet sent. Every packet will need sequence number. It
will start from 0 and will go till 232 232 – 1 and there will be no wrap around.
Say, if all sequence numbers are over and none of it is left but we cannot wrap
around as it is not allowed. So, we will end connection and re-establish connection
again to resume transfer of remaining data from sequence number 0. Basically
sequence numbers are used to stop replay attack. In Replay attack, if same message
is sent twice or more, receiver won’t be able to know if both messages are sent from
a single source or not. Say, I am requesting 100$ from receiver and Intruder in
between asked for another 100$. Receiver won’t be able to know that there is
intruder in between.
 Authentication Data (Integrity Check Value) - Authentication data is
variable length field that contains Integrity Check Value (ICV) for packet. Using
hashing algorithm and secret key, sender will create message digest which will be
sent to receiver. Receiver on other hand will use same hashing algorithm and
secret key. If both message digest matches then receiver will accept data.
Otherwise, receiver will discard it by saying that message has been modified in
between. So basically, authentication data is used to verify integrity of
transmission. Also length of Authentication data depends upon hashing algorithm
you choose.

How Does Authentication Header Work?

When a packet is sent from source A to destination B, it includes both data and
a header. The Authentication Header verifies the origin of the data and checks if any
modifications occurred during transmission. Note that some IP header fields (such as
hop count, options, and extension headers) may change in transit and are not
protected by Authentication Header. Authentication Header focuses on protecting
essential fields within the IP header.

Modes of Operations in Authentication Header

 Authentication Header Transport Mode: In the authentication header
transport mode, it is lies between the original IP Header and IP Packets
original TCP header.
 Authentication Header Tunnel Mode: In this authentication header tunnel
mode, the original IP packet is authenticated entire and the authentication header
is inserted between the original IP header and new outer IP header. Here,
the inner IP header contains the ultimate source IP address and destination IP
 address. whereas the outer IP header contains different IP address that is IP
address of the firewalls or other security gateways.

How does the Header Deals with Replay Attack?

 In a replay attack, the attacker a copy of an authenticated packet and then send to
the intended destination. As the same packet received twice, the destination user
can face some problems. To reduce this problem, the authentication header use a
sequence number field.
 At this initial stage, the value of this field is set to 0. whenever the sender sends
the packets to the same receiver over the same SA, it increments the fields value by
1. If the number of packets over the same increase this number, then
communication with the receiver sender must establishing a new SA with the
receiver.
 At the receiver side, the receiver maintains a sliding window size to W. The default
value of W is 64. This window right edge represents the highest sequence number
N received so far for a valid packet. When the receiver gets a packet from the
sender, it perform some action. The appropriate action depends on the sequence
number of the packet.

Conclusion
The Internet Protocol Authentication Header (AH) is an important security
protocol in the IPsec suite that ensures data integrity, source authentication, and anti-
replay protection for IP packets. AH improves IP communication security by assuring
data integrity and confirming the sender's identity. It runs in two modes, transit and
tunnel, and employs sequence numbers to avoid replay attacks. While AH does not
provide encryption, it is critical for ensuring the integrity and validity of data in
transmission.

Web Security Considerations

Web Security deals with the security of data over the internet/network or web or
while it is being transferred over the internet. Web security is crucial for protecting web
applications, websites, and the underlying servers from malicious attacks and
unauthorized access. In this article, we will discuss about web security.
What is Web Security?
Web Security is an online security solution that will restrict access to harmful
websites, stop web-based risks, and manage staff internet usage. Web Security is very
important nowadays. Websites are always prone to security threats/risks. For example-
when you are transferring data between client and server and you have to protect that
data that security of data is your web security.
What is a Security Threat?
A threat is nothing but a possible event that can damage and harm an
information system. A security Threat is defined as a risk that, can potentially harm
Computer systems & organizations. Whenever an individual or an organization creates a
website, they are vulnerable to security attacks. Security attacks are mainly aimed at
stealing altering or destroying a piece of personal and confidential information, stealing
the hard drive space, and illegally accessing passwords. So whenever the website you
created is vulnerable to security attacks then the attacks are going to steal your data
alter your data destroy your personal information see your confidential information and
also it accessing your password.

Top Web Security Threats

 Cross-site scripting (XSS)
 SQL Injection
 Phishing
 Ransomware
 Code Injection
 Viruses and worms
 Spyware
 Denial of Service

Security Consideration
 Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs and
can be used to damage your computer system and steal personal data. Older versions
of software can become a gateway for hackers to enter your network. Software
makers soon become aware of these vulnerabilities and will fix vulnerable or
exposed areas. That's why It is mandatory to keep your software updated, It plays an
important role in keeping your personal data secure.
 Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can send
a query to your website and this query can be a rough code while it gets executed it
can be used to manipulate your database such as change tables, modify or delete
data or it can retrieve important information also so, one should be aware of the SQL
injection attack.
 Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script
into web pages. E.g. Submission of forms. It is a term used to describe a class of
attacks that allow an attacker to inject client-side scripts into other users' browsers
through a website. As the injected code enters the browser from the site, the code is
reliable and can do things like sending the user's site authorization cookie to the
attacker.
 Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you should be
very careful while providing the information to the users. For e.g. login attempt - If
the user fails to login the error message should not let the user know which field is
incorrect: Username or Password.
 Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side and
client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an outside
party, especially if the data is from untrusted sources.
 Password: Password provides the first line of defense against unauthorized access
to your device and personal information. It is necessary to use a strong password.
Hackers in many cases use complex software that uses brute force to crack
passwords. Passwords must be complex to protect against brute force. It is good to
enforce password requirements such as a minimum of eight characters long must
including uppercase letters, lowercase letters, special characters, and numerals.

Conclusion
Web security is critical for protecting web applications and data from malicious
attacks and unauthorized access. It is critical to implement precautions such as updated
software, understanding of SQL injection and cross-site scripting, proper error
handling, extensive data validation, and strong password restrictions. These methods
assure the integrity, confidentiality, and availability of information, protecting both
users and organizations from security risks.
Secure Socket Layer (SSL)
SSL or Secure Sockets Layer, is an Internet security protocol that encrypts data
to keep it safe. It was created by Netscape in 1995 to ensure privacy, authentication,
and data integrity in online communications. SSL is the older version of what we now
call TLS (Transport Layer Security).
Websites using SSL/TLS have "HTTPS" in their URL instead of "HTTP."

Working of SSL
 Encryption: SSL encrypts data transmitted over the web, ensuring privacy. If
someone intercepts the data, they will see only a jumble of characters that is nearly
impossible to decode.
 Authentication: SSL starts an authentication process called a handshake
between two devices to confirm their identities, making sure both parties are who
they claim to be.
 Data Integrity: SSL digitally signs data to ensure it hasn't been tampered with,
verifying that the data received is exactly what was sent by the sender.

Importance of SSL
Originally, data on the web was transmitted in plaintext, making it easy for
anyone who intercepted the message to read it. For example, if someone logged into
their email account, their username and password would travel across the Internet
unprotected.
SSL was created to solve this problem and protect user privacy. By encrypting data
between a user and a web server, SSL ensures that anyone who intercepts the data
sees only a scrambled mess of characters. This keeps the user's login credentials safe,
visible only to the email service.
Additionally, SSL helps prevent cyber attacks by:
 Authenticating Web Servers: Ensuring that users are connecting to the
legitimate website, not a fake one set up by attackers.
 Preventing Data Tampering: Acting like a tamper-proof seal, SSL ensures that
the data sent and received hasn't been altered during transit.

Secure Socket Layer Protocols

1. SSL Record Protocol
2. Handshake Protocol
3. Change-Cipher Spec Protocol
4. Alert Protocol
SSL Record Protocol
SSL Record provides two services to SSL connection.
 Confidentiality
 Message Integrity

In the SSL Record Protocol application data is divided into fragments. The
fragment is compressed and then encrypted MAC (Message Authentication Code)
generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest)
is appended. After that encryption of the data is done and in last SSL header is
appended to the data.

Handshake Protocol
Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purposes.
 Phase-2: Server sends it certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending it certificate and
Client-exchange-key.
 Phase-4: In Phase-4 Change Cipher Spec occurs and after this the Handshake
Protocol ends.
 SSL Handshake Protocol Phases diagrammatic representation

Change-Cipher Protocol
This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. After the handshake
protocol, the Pending state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and can
have only one value. This protocol's purpose is to cause the pending state to be copied
into the current state.

Alert Protocol
This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.
The level is further classified into two parts:

Warning (level = 1)
This Alert has no impact on the connection between sender and receiver. Some of
them are:
 Bad Certificate: When the received certificate is corrupt.
 No Certificate: When an appropriate certificate is not available.
 Certificate Expired: When a certificate has expired.
 Certificate Unknown: When some other unspecified issue arose in processing
the certificate, rendering it unacceptable.
 Close Notify: It notifies that the sender will no longer send any messages in the
connection.
 Unsupported Certificate: The type of certificate received is not supported.
 Certificate Revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection will
be stopped, cannot be resumed but can be restarted. Some of them are :
 Handshake Failure: When the sender is unable to negotiate an acceptable set of
security parameters given the options available.
 Decompression Failure: When the decompression function receives improper
input.
 Illegal Parameters: When a field is out of range or inconsistent with other
fields.
 Bad Record MAC: When an incorrect MAC was received.
 Unexpected Message: When an inappropriate message is received.
The second byte in the Alert protocol describes the error.

Salient Features of Secure Socket Layer

 The advantage of this approach is that the service can be tailored to the specific
needs of the given application.
 Secure Socket Layer was originated by Netscape.
 SSL is designed to make use of TCP to provide reliable end-to-end secure service.
 This is a two-layered protocol.

Versions of SSL
SSL 1 - Never released due to high insecurity
SSL 2 - Released in 1995
SSL 3 - Released in 1996
TLS 1.0 - Released in 1999
TLS 1.1 - Released in 2006
TLS 1.2 - Released in 2008
TLS 1.3 - Released in 2018

SSL Certificate
SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and verify
the identity of a website or an online service. The certificate is issued by a trusted
third-party called a Certificate Authority (CA), who verifies the identity of the website
or service before issuing the certificate.
The SSL certificate has several important characteristics that make it a reliable
solution for securing online transactions :
 Encryption: The SSL certificate uses encryption algorithms to secure the
communication between the website or service and its users. This ensures that the
 sensitive information, such as login credentials and credit card information, is
protected from being intercepted and read by unauthorized parties.
 Authentication: The SSL certificate verifies the identity of the website or service,
ensuring that users are communicating with the intended party and not with an
impostor. This provides assurance to users that their information is being
transmitted to a trusted entity.
 Integrity: The SSL certificate uses message authentication codes (MACs) to detect
any tampering with the data during transmission. This ensures that the data being
transmitted is not modified in any way, preserving its integrity.
 Non-repudiation: SSL certificates provide non-repudiation of data, meaning
that the recipient of the data cannot deny having received it. This is important in
situations where the authenticity of the information needs to be established, such
as in e-commerce transactions.
 Public-key cryptography: SSL certificates use public-key cryptography for
secure key exchange between the client and server. This allows the client and
server to securely exchange encryption keys, ensuring that the encrypted
information can only be decrypted by the intended recipient.
 Session management: SSL certificates allow for the management of secure
sessions, allowing for the resumption of secure sessions after interruption. This
helps to reduce the overhead of establishing a new secure connection each time a
user accesses a website or service.
 Certificates issued by trusted CAs: SSL certificates are issued by trusted CAs,
who are responsible for verifying the identity of the website or service before
issuing the certificate. This provides a high level of trust and assurance to users
that the website or service they are communicating with is authentic and
trustworthy.

In addition to these key characteristics, SSL certificates also come in various levels
of validation, including Domain Validation (DV), Organization Validation (OV), and
Extended Validation (EV). The level of validation determines the amount of
information that is verified by the CA before issuing the certificate, with EV
certificates providing the highest level of assurance and trust to users. For more
information about SSL certificates for each Validation level type, please refer
to Namecheap.
Overall, the SSL certificate is an important component of online security, providing
encryption, authentication, integrity, non-repudiation, and other key features that
ensure the secure and reliable transmission of sensitive information over the internet.

Types of SSL Certificates

There are different types of SSL certificates, each suited for different needs:
 Single-Domain SSL Certificate: This type covers only one specific domain. A
domain is the name of a website, like www.geeksforgeeks.org. For instance, if you
have a single-domain SSL certificate for www.geeksforgeeks.org, it won't cover any
other domains or subdomains.
 Wildcard SSL Certificate: Similar to a single-domain certificate, but it also
covers all subdomains of a single domain. For example, if you have a wildcard
certificate for *.geeksforgeeks.org, it would cover www.geeksforgeeks.org,
blog.www.geeksforgeeks.org, and any other subdomain under example.com.
 Multi-Domain SSL Certificate: This type can secure multiple unrelated
domains within a single certificate.
These certificates vary in scope and flexibility, allowing website owners to
choose the appropriate level of security coverage based on their needs.
SSL certificates have different validation levels, which determine how thoroughly a
business or organization is vetted:
 Domain Validation (DV): This is the simplest and least expensive level. To get a
DV certificate, a business just needs to prove it owns the domain (like
www.geeksforgeeks.org).
 Organization Validation (OV): This involves a more hands-on verification
process. The Certificate Authority (CA) directly contacts the organization to
confirm its identity before issuing the certificate. OV certificates provide more
assurance to users about the legitimacy of the organization.
 Extended Validation (EV): This is the most rigorous level of validation. It
requires a comprehensive background check of the organization to ensure it's
legitimate and trustworthy. EV certificates are recognized by the green address bar
in web browsers, indicating the highest level of security and trustworthiness.
These validation levels help users understand the level of security and trust they
can expect when visiting websites secured with SSL certificates.

Are SSL and TLS the Same thing?

SSL is the direct predecessor of TLS (Transport Layer Security). In 1999,
the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this
update was developed by the IETF without Netscape's involvement, the name was
changed to TLS. The changes between the last version of SSL (3.0) and the first
version of TLS were not significant; the name change mainly signified new ownership.
Because SSL and TLS are so similar, people often use the terms
interchangeably. Some still call it SSL, while others use "SSL/TLS encryption" since
SSL is still widely recognized.

Check SSL Version

SSL (Secure Sockets Layer) hasn't been updated since SSL 3.0 back in 1996 and
is now considered outdated. It has known vulnerabilities, so security experts advise
against using it. Most modern web browsers no longer support SSL.
TLS (Transport Layer Security) is the current encryption protocol used online.
Despite this, many still refer to it as "SSL encryption," causing confusion when people
look for security solutions. Nowadays, any vendor offering "SSL" is likely providing
TLS protection, which has been the standard for over 20 years. The term "SSL
protection" is still used widely on product pages because many users still search for it.

Transport Layer Security (TLS)

Transport Layer Securities (TLS) are designed to provide security at the transport
layer. TLS was derived from a security protocol called Secure Socket Layer (SSL). TLS
ensures that no third party may eavesdrop or tampers with any message.

There are several benefits of TLS:

 Encryption:
TLS/SSL can help to secure transmitted data using encryption.
 Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer
and on most operating systems and web servers.
 Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption
algorithms and hashing algorithm that are used during the secure session.
 Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating
systems.
 Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its
operations are completely invisible to client.

Working of TLS:
The client connect to server (using TCP), the client will be something. The client
sends number of specification:
1. Version of SSL/TLS.
2. which cipher suites, compression method it wants to use.

The server checks what the highest SSL/TLS version is that is supported by them
both, picks a cipher suite from one of the clients option (if it supports one) and
optionally picks a compression method. After this the basic setup is done, the server
provides its certificate. This certificate must be trusted either by the client itself or a
party that the client trusts. Having verified the certificate and being certain this server
really is who he claims to be (and not a man in the middle), a key is exchanged. This
can be a public key, "PreMasterSecret" or simply nothing depending upon cipher
suite.

Both the server and client can now compute the key for symmetric encryption.
The handshake is finished and the two hosts can communicate securely. To close a
connection by finishing. TCP connection both sides will know the connection was
improperly terminated. The connection cannot be compromised by this through,
merely interrupted.
Transport Layer Security (TLS) continues to play a critical role in securing data
transmission over networks, especially on the internet. Let's delve deeper into its
workings and significance:

Enhanced Security Features:

TLS employs a variety of cryptographic algorithms to provide a secure communication
channel. This includes symmetric encryption algorithms like AES (Advanced
Encryption Standard) and asymmetric algorithms like RSA and Diffie-Hellman key
exchange. Additionally, TLS supports various hash functions for message integrity,
such as SHA-256, ensuring that data remains confidential and unaltered during
transit.

Certificate-Based Authentication:
One of the key components of TLS is its certificate-based authentication mechanism.
When a client connects to a server, the server presents its digital certificate, which
includes its public key and other identifying information. The client verifies the
authenticity of the certificate using trusted root certificates stored locally or provided
by a trusted authority, thereby establishing the server's identity.

Forward Secrecy:
TLS supports forward secrecy, a crucial security feature that ensures that even if an
attacker compromises the server's private key in the future, they cannot decrypt past
communications. This is achieved by generating ephemeral session keys for each
session, which are not stored and thus cannot be compromised retroactively.

TLS Handshake Protocol:

The TLS handshake protocol is a crucial phase in establishing a secure connection
between the client and the server. It involves multiple steps, including negotiating the
TLS version, cipher suite, and exchanging cryptographic parameters. The handshake
concludes with the exchange of key material used to derive session keys for encrypting
and decrypting data.

Perfect Forward Secrecy (PFS):

Perfect Forward Secrecy is an advanced feature supported by TLS that ensures the
confidentiality of past sessions even if the long-term secret keys are compromised.
With PFS, each session key is derived independently, providing an additional layer of
security against potential key compromise.

TLS Deployment Best Practices:

To ensure the effectiveness of TLS, it's essential to follow best practices in its
deployment. This includes regularly updating TLS configurations to support the latest
cryptographic standards and protocols, disabling deprecated algorithms and cipher
suites, and keeping certificates up-to-date with strong key lengths.

Continual Evolution:
TLS standards continue to evolve to address emerging security threats and
vulnerabilities. Ongoing efforts by standards bodies, such as the Internet Engineering
Task Force (IETF), ensure that TLS remains robust and resilient against evolving
attack vectors.

Conclusion:
In an increasingly interconnected world where data privacy and security are
paramount, Transport Layer Security (TLS) serves as a foundational technology for
securing communication over networks. By providing encryption, authentication, and
integrity protection, TLS enables secure data transmission, safeguarding sensitive
information from unauthorized access and tampering. As cyber threats evolve, TLS
will continue to evolve, adapting to new challenges and reinforcing the security
posture of digital communications.

Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction or SET is a security protocol designed to
ensure the security and integrity of electronic transactions conducted using credit
cards. Unlike a payment system, SET operates as a security protocol applied to those
payments. It uses different encryption and hashing techniques to secure payments
over the internet done through credit cards. The SET protocol was supported in
development by major organizations like Visa, Mastercard, and Microsoft which
provided its Secure Transaction Technology (STT), and Netscape which provided the
technology of Secure Socket Layer (SSL).

SET protocol restricts the revealing of credit card details to merchants thus keeping
hackers and thieves at bay. The SET protocol includes Certification Authorities for
making use of standard Digital Certificates like X.509 Certificate.
Before discussing SET further, let's see a general scenario of electronic transactions,
which includes client, payment gateway, client financial institution, merchant, and
merchant financial institution.
Requirements in SET: The SET protocol has some requirements to meet, some of
the important requirements are:
 It has to provide mutual authentication i.e., customer (or cardholder)
authentication by confirming if the customer is an intended user or not, and
merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information)
confidential by appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes should be
allowed in the content being transmitted.
 SET also needs to provide interoperability and make use of the best security
mechanisms.

Participants in SET: In the general scenario of online transactions, SET includes

similar participants:
1. Cardholder - customer
2. Issuer - customer financial institution
3. Merchant
4. Acquirer - Merchant financial
5. Certificate authority - Authority that follows certain standards and issues
certificates(like X.509V3) to all other participants.

SET functionalities:
 Provide Authentication
o Merchant Authentication - To prevent theft, SET allows customers to
check previous relationships between merchants and financial
institutions. Standard X.509V3 certificates are used for this verification.
o Customer / Cardholder Authentication - SET checks if the use of a
credit card is done by an authorized user or not using X.509V3
certificates.
 Provide Message Confidentiality: Confidentiality refers to preventing
unintended people from reading the message being transferred. SET implements
confidentiality by using encryption techniques. Traditionally DES is used for
encryption purposes.
 Provide Message Integrity: SET doesn't allow message modification with the
help of signatures. Messages are protected against unauthorized modification
using RSA digital signatures with SHA-1 and some using HMAC with SHA-1,

Dual Signature: The dual signature is a concept introduced with SET, which aims at
connecting two information pieces meant for two different receivers :

Order Information (OI) for merchant

Payment Information (PI) for bank

You might think sending them separately is an easy and more secure way, but
sending them in a connected form resolves any future dispute possible. Here is the
generation of dual signature:

Where,

PI stands for payment information

OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
|| stands for append operation
Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])

Purchase Request Generation: The process of purchase request generation

requires three inputs:
 Payment Information (PI)
 Dual Signature
 Order Information Message Digest (OIMD)
The purchase request is generated as follows:
Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)

Purchase Request Validation on Merchant Side: The Merchant verifies by

comparing POMD generated through PIMD hashing with POMD generated through
decryption of Dual Signature as follows:

Since we used Customer's private key in encryption here we use KUC which is the
public key of the customer or cardholder for decryption 'D'.
Payment Authorization and Payment Capture: Payment authorization as the
name suggests is the authorization of payment information by the merchant which
ensures payment will be received by the merchant. Payment capture is the process by
 which a merchant receives payment which includes again generating some request
blocks to gateway and payment gateway in turn issues payment to the merchant.

The disadvantages of Secure Electronic Exchange: At the point when SET was
first presented in 1996 by the SET consortium (Visa, Mastercard, Microsoft, Verisign,
and so forth), being generally taken on inside the following couple of years was
normal. Industry specialists additionally anticipated that it would immediately turn
into the key empowering influence of worldwide internet business. Notwithstanding,
this didn't exactly occur because of a few serious weaknesses in the convention.
The security properties of SET are better than SSL and the more current TLS,
especially in their capacity to forestall web based business extortion. Be that as it may,
the greatest downside of SET is its intricacy. SET requires the two clients and traders
to introduce extraordinary programming - - card perusers and advanced wallets - -
implying that exchange members needed to finish more jobs to carry out SET. This
intricacy likewise dialed back the speed of web based business exchanges. SSL and
TLS don't have such issues.
The above associated with PKI and the instatement and enlistment processes
additionally slowed down the far reaching reception of SET. Interoperability among
SET items - - e.g., declaration interpretations and translations among entrusted
outsiders with various endorsement strategies - - was likewise a huge issue with SET,
which likewise was tested by unfortunate convenience and the weakness of PKI.

Key Principles of SET Protocol

Authentication
SET provides mutual authentication, ensuring both customer (or cardholder) and
merchant authentication. This is achieved using standard X.509V3 certificates 1.
Confidentiality
Confidentiality in SET refers to preventing unintended people from reading the message
being transferred. SET implements confidentiality by using encryption techniques,
traditionally DES for encryption purposes1.
Integrity
SET ensures message integrity by preventing unauthorized modifications. This is
achieved using RSA digital signatures with SHA-1 and HMAC with SHA-11.
Dual Signature
The dual signature is a unique concept introduced with SET, connecting two pieces of
information meant for two different receivers: Order Information (OI) for the merchant
and Payment Information (PI) for the bank. This ensures that both pieces of
information are securely linked, preventing any future disputes 1.

Participants in SET

The general scenario of online transactions in SET includes the following participants:
 Cardholder: The customer.
 Issuer: The customer's financial institution.
 Merchant: The entity selling goods or services.
 Acquirer: The merchant's financial institution.
 Certificate Authority: The authority that issues certificates to all other
participants.
 SET Functionalities

 Merchant Authentication: Allows customers to verify the merchant's relationship

with financial institutions using X.509V3 certificates1.
 Customer/Cardholder Authentication: Ensures that the credit card is used by
an authorized user using X.509V3 certificates 1.
 Message Confidentiality: Achieved through encryption techniques 1.
 Message Integrity: Ensured using digital signatures1.

Disadvantages of SET

Despite its robust security features, SET faced several challenges that hindered its
widespread adoption:
 Complexity: SET requires both users and merchants to install special software, such
as card readers and digital wallets, which increased the complexity and slowed down
the speed of transactions1.
 Interoperability Issues: Differences in certificate policies among trusted third
parties led to interoperability issues1.
 Poor Usability: The complexity of Public Key Infrastructure (PKI) and the
initialization and registration processes also contributed to its poor usability 1.

MCQ:
1. Which of the following is a primary goal of network security?
A. Increasing bandwidth
B. Reducing internet usage
C. Ensuring data confidentiality, integrity, and availability
D. Improving graphic performance
Answer: C
2. A firewall primarily works at which layer of the OSI model?
A. Application Layer
B. Transport Layer
C. Data Link Layer
D. Network Layer
Answer: D

3. Which of the following best describes a Demilitarized Zone (DMZ) in a

network?
A. A network zone that is completely secure
B. A subnet that separates an internal network from external networks
C. A VPN tunnel for private communication
D. A firewall rule for wireless devices
Answer: B
4. What type of attack attempts to exhaust resources to make a service
unavailable?
A. Phishing
B. Man-in-the-Middle
C. Denial of Service (DoS)
D. SQL Injection
Answer: C
5. Which protocol is used to securely connect remote users to a private
network?
A. FTP
B. VPN
C. SMTP
D. DHCP
Answer: B
IP Security (IPSec) Overview
6. What does IPsec stand for?
A. Internet Protection Security
B. Internet Protocol Security
C. Internal Packet Security
D. International Protocol Secure
Answer: B
7. Which two main protocols are used in IPsec?
A. TCP and UDP
B. ESP and AH
C. HTTP and HTTPS
D. SSL and TLS
Answer: B
8. What does the Authentication Header (AH) in IPsec provide?
A. Confidentiality only
B. Integrity, authentication, and anti-replay protection
C. Encryption
D. File compression
Answer: B
9. What is the function of Encapsulating Security Payload (ESP) in IPsec?
A. Only authenticates data
B. Provides data compression
C. Provides confidentiality, authentication, and integrity
D. Encrypts routing tables only
Answer: C
10. Which of the following is NOT a mode of IPsec operation?
A. Tunnel Mode
B. Transport Mode
C. Stealth Mode
D. All of the above are valid modes
Answer: C

11. What is the primary objective of the IPsec architecture?

A. To provide faster internet access
B. To ensure the confidentiality, integrity, and authenticity of IP packets
C. To reduce the size of IP headers
D. To manage domain name resolution
Answer: B
12. Which document defines the architecture of IPsec?
A. RFC 2401
B. RFC 791
C. RFC 1035
D. RFC 2616
Answer: A
13. Which components are defined in the IPsec architecture?
A. SSL, TLS, SSH
B. Authentication Header (AH), Encapsulating Security Payload (ESP), Security
Associations (SAs)
C. TCP, UDP, IP
D. HTTP, DNS, FTP
Answer: B
14. In IPsec, what is a Security Association (SA)?
A. A digital certificate
B. A VPN configuration
C. A one-way logical connection providing security services to traffic
D. A type of firewall
Answer: C
15. What protocol number is used for the Authentication Header (AH) in
the IP header?
A. 50
B. 51
C. 47
D. 115
Answer: B
16. Which of the following services does the Authentication Header (AH)
provide?
A. Encryption and decryption
B. Authentication and integrity
C. Compression
D. Routing
Answer: B

17. What does AH not provide that ESP does?

A. Packet origin authentication
B. Replay protection
C. Data integrity
D. Data confidentiality
Answer: D
18. Where is the Authentication Header inserted in an IP packet?
A. After the IP header and before the payload
B. At the end of the packet
C. Before the IP header
D. It replaces the IP header
Answer: A

19. What type of cryptographic function is commonly used in AH for

authentication?
A. Symmetric encryption
B. Public-key encryption
C. Hash-based Message Authentication Code (HMAC)
D. Block cipher chaining
Answer: C
20. In which modes can AH operate?
A. Only tunnel mode
B. Only transport mode
C. Both transport and tunnel mode
D. Only in secure mode
Answer: C
21. What does AH authenticate in a packet?
A. Only the IP payload
B. The IP header and payload (except mutable fields in the IP header)
C. Only the destination address
D. Only the transport layer segment
Answer: B
22. Which of the following fields in the IP header is NOT authenticated by
AH?
A. Source IP address
B. Destination IP address
C. TTL (Time to Live)
D. Protocol
Answer: C
23. What does the Security Parameter Index (SPI) in AH identify?
A. The session key used
B. The encryption algorithm
C. The specific Security Association (SA)
D. The type of hashing function used
Answer: C
24. What is the purpose of the Sequence Number field in AH?
A. To track the order of TCP segments
B. To prevent replay attacks
C. To encrypt the payload
D. To identify different protocols
Answer: B

25. Which of the following best describes the limitation of AH compared to

ESP?
A. AH is faster than ESP
B. AH encrypts the payload
C. AH does not provide confidentiality
D. AH supports SSL-based authentication
Answer: C
26.What is the primary purpose of SSL/TLS protocols?
A. Increase download speed
B. Secure communication over a computer network
C. Translate IP addresses
D. Monitor web traffic
Answer: B

27. Which layer of the OSI model do SSL and TLS primarily operate at?
A. Network Layer
B. Transport Layer
C. Application Layer
D. Presentation Layer
Answer: D
28. What does TLS stand for?
A. Transport Level System
B. Trusted Layer Security
C. Transport Layer Security
D. Terminal Layer Security
Answer: C
29. Which protocol is the successor of SSL?
A. SSH
B. HTTPS
C. TLS
D. IPsec
Answer: C
30. What is the typical port number used by HTTPS (which uses SSL/TLS)?
A. 21
B. 80
C. 443
D. 25
Answer: C
31. Which cryptographic techniques are used by SSL/TLS?
A. Only symmetric encryption
B. Only hashing
C. Symmetric encryption, asymmetric encryption, and hashing
D. Compression only
Answer: C
32. During the SSL/TLS handshake, which of the following is not
exchanged?
A. Cipher suite
B. Public keys
C. Digital certificates
D. File contents
Answer: D

33. Which version of SSL is considered secure for use today?

A. SSL 1.0
B. SSL 2.0
C. SSL 3.0
D. None – only TLS is considered secure
Answer: D
34. What role does the digital certificate play in SSL/TLS?
A. Speeds up data transmission
B. Authenticates the server’s identity
C. Compresses the HTTP headers
D. Encrypts DNS records
Answer: B

35. What is a “cipher suite” in SSL/TLS context?

A. A room used to store encryption keys
B. A set of cryptographic algorithms used during secure communication
C. A configuration file for HTTP servers
D. A firewall rule
Answer: B
36. Which protocol is used to obtain SSL/TLS certificates automatically and
securely?
A. DNS
B. FTP
C. ACME (Automatic Certificate Management Environment)
D. SMTP
Answer: C
37. Which of the following is a commonly used hashing algorithm in TLS?
A. DES
B. MD5
C. SHA-256
D. ROT13
Answer: C
38. What is the main difference between TLS and SSL?
A. TLS does not support symmetric encryption
B. TLS is faster but less secure than SSL
C. TLS is more secure and has improved message authentication
D. SSL uses newer algorithms
Answer: C
39. In the SSL/TLS handshake, what does the client use the server’s public
key for?
A. To generate a session key securely
B. To validate the client’s identity
C. To encrypt the whole website
D. To bypass firewall restrictions
Answer: A
40. Which protocol ensures data is encrypted after the SSL/TLS handshake
is completed?
A. TCP
B. UDP
C. SSL/TLS Record Protocol
D. HTTP
Answer: C

41.What is the main purpose of the Secure Electronic Transaction (SET)

protocol?
A. To enable email encryption
B. To provide secure online credit card transactions
C. To transfer files securely
D. To secure wireless communications
Answer: B
42. Which organizations developed the SET protocol?
A. Microsoft and IBM
B. Visa and Mastercard
C. PayPal and Amazon
D. IEEE and ISO
Answer: B

43. What type of encryption is used in SET for securing messages?

A. Only symmetric encryption
B. Only hashing
C. Both symmetric and asymmetric encryption
D. Steganography
Answer: C
44. Which cryptographic technique is used to ensure confidentiality in
SET?
A. Digital signatures
B. Symmetric encryption (e.g., DES)
C. Public-key hashing
D. Certificate revocation
Answer: B
45. What role does a payment gateway play in the SET architecture?
A. Issues credit cards
B. Verifies the merchant's physical location
C. Processes transaction requests between the merchant and the bank
D. Stores customer purchase history
Answer: C
46. In SET, what is a digital certificate used for?
A. To compress transaction data
B. To guarantee the delivery of goods
C. To authenticate parties involved in the transaction
D. To calculate exchange rates
Answer: C
47. Which party in the SET protocol holds both the order and payment
information?
A. Merchant
B. Cardholder
C. Payment gateway
D. No single party
Answer: D
(Explanation: SET separates order and payment information for security; neither
merchant nor payment gateway sees the full data.)
48. What is dual signature in the context of SET?
A. One signature by the customer and one by the merchant
B. A single digital signature sent twice
C. A technique to link order and payment while keeping them separate
D. A biometric authentication mechanism
Answer: C

49. What does the cardholder use to verify the merchant’s identity in SET?
A. OTP
B. Digital certificate issued by a CA
C. Email verification
D. Browser security warning
Answer: B
50. Why did SET fail to gain widespread adoption?
A. It was not secure
B. It required complex infrastructure and was difficult to implement
C. It was not developed by financial institutions
D. It was limited to U.S. transactions only
Answer: B

5 MARKS:
1.Explain the components and working of IP Security (IPsec) architecture.
2.Describe the structure and functions of the Authentication Header (AH) in IPsec.
3.Compare and contrast Secure Socket Layer (SSL) and Transport Layer Security (TLS).
4.Outline the SSL/TLS handshake process and explain how it ensures secure
communication.
5.Explain the concept of Secure Electronic Transaction (SET) and the role of dual
signatures.
10 MARKS:

1.Discuss the various types of network security threats and the best practices used to
mitigate them.
2.Explain the working of IPsec and describe its components: Authentication Header
(AH), Encapsulating Security Payload (ESP), and Security Associations (SAs).
3.Describe in detail the IP Security architecture as defined in RFC 2401.
4.Explain the structure, fields, and functionality of the Authentication Header (AH) in
IPsec.
5.Discuss the differences between AH and ESP in IPsec. When would you use each?
6.Explain the concept of web security. What are the common vulnerabilities in web
applications and how can they be mitigated?
7.Describe the SSL/TLS protocol architecture and explain how it secures
communication over the internet.
8.With the help of a diagram, explain the SSL/TLS handshake process in detail.
9.Discuss the architecture and workflow of Secure Electronic Transaction (SET).
10.Compare SSL/TLS and SET in terms of architecture, purpose, encryption
mechanisms, and real-world use cases.
 UNIT-V

Intruders in Network Security

In network security, "intruders" are unauthorized individuals or entities who
want to obtain access to a network or system to breach its security. Intruders can range
from inexperienced hackers to professional and organized cyber criminals. In this
article, we will discuss everything about intruders.

What are Intruders in Network Security?

Intruders are often referred to as hackers and are the most harmful factors
contributing to security vulnerability. They have immense knowledge and an in-depth
understanding of technology and security. Intruders breach the privacy of users and aim
to steal the confidential information of the users. The stolen information is then sold to
third parties, aiming to misuse it for personal or professional gains.

Types of Intruders
 Masquerader: The category of individuals that are not authorized to use the system
but still exploit users' privacy and confidential information by possessing techniques
that give them control over the system, such category of intruders is referred to as
Masquerader. Masqueraders are outsiders and hence they don't have direct access to
the system, they aim to attack unethically to steal data.
 Misfeasor: The category of individuals that are authorized to use the system, but
misuse the granted access and privilege. These are individuals that take undue
advantage of the permissions and access given to them, such category of intruders is
referred to as Misfeasor. Misfeasors are insiders and they have direct access to the
system, which they aim to attack unethically for stealing data/ information.
 Clandestine User: The category of individuals who have
supervision/administrative control over the system and misuse the authoritative
power given to them. The misconduct of power is often done by superlative
authorities for financial gains, such a category of intruders is referred to as
Clandestine Users. A Clandestine User can be any of the two, insiders or outsiders,
and accordingly, they can have direct/ indirect access to the system, which they aim
to attack unethically by stealing data/ information.

Keeping Intruders Away

 Access Control: Implement strong authentication mechanisms, such as two-factor
authentication (2FA) or multi-factor authentication (MFA). Regularly review and
update user access permissions to ensure they align with job roles and
responsibilities.
 Network Segmentation: Divide your network into segments to limit lateral
movement for intruders. For example, separate guest Wi-Fi from internal networks.
Use firewalls and access control lists (ACLs) to restrict communication between
segments.
 Regular Patching: Keep software, operating systems, and applications up to date.
Patch known vulnerabilities promptly. Monitor security advisories and apply patches
as soon as they are released.
 Intrusion Detection and Prevention Systems (IDPS): Deploy Intrusion
Detection and Prevention Systems (IDPS) solutions to detect and prevent
suspicious activities. Set up alerts for any unauthorized access attempts.
 Security Awareness Training: Educate employees about phishing, social
engineering, and safe online practices. Regularly conduct security awareness
sessions.
 Encryption: Encrypt sensitive data in transit (using protocols like HTTPS) and at
rest (using encryption algorithms). Use strong encryption keys and rotate them
periodically.

Different Ways Adopted by Intruders

 Regressively try all short passwords that may open the system for them.
 Try unlocking the system with default passwords, which will open the system if the
user has not made any change to the default password.
 Try unlocking the system by personal information of the user such as their name,
family member names, address, and phone number in different combinations.
 Making use of a Trojan horse for getting access to the system of the user.
 Attacking the connection of the host and remote user and getting entry through their
connection gateway.
 Trying all the applicable information, relevant to the user such as plate numbers,
room numbers, and locality info.

How to Protect From Intruders?

 By being aware of all the security measures that help us to protect ourselves from
Intruders.
 By increasing the security and strengthening the security of the system.
 In case of any attack, first, reach out to cyber security experts for a solution to this
type of attack.
 Try to avoid becoming a survivor of cybercrime.

Conclusion
In Conclusion Intruder is a unauthorized person or entity that tries to access the
system without the permission. Understanding the different types of invaders and
applying strong security measures like access controls, network segmentation, frequent
patching, IDPS, security awareness training, and encryption may successfully protect
systems and data from unauthorised access and cyber threats.

Malwares - Malicious Software

Malware is malicious software and refers to any software that is designed to
cause harm to computer systems, networks, or users. Malware can take many forms.
Individuals and organizations need to be aware of the different types of malware and
take steps to protect their systems, such as using antivirus software, keeping software
and systems up-to-date, and being cautious when opening email attachments or
downloading software from the internet.

What is Malware?
Malware is software that gets into the system without user consent to steal the user's
private and confidential data, including bank details and passwords. They also generate
annoying pop-up ads and make changes in system settings They get into the system
through various means:
 Along with free downloads.
 Clicking on a suspicious link.
 Opening emails from malicious sources.
 Visiting malicious websites.
 Not installing an updated version of antivirus in the system.
Types of Malware
1. Virus
Computer virus refers to a program which damages computer systems and/or
destroys or erases data files. A computer virus is a malicious program that self-replicates
by copying itself to another program. In other words, the computer virus spreads by
itself into other executable code or documents. The purpose of creating a computer virus
is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers
design computer viruses with malicious intent and prey on online users by tricking
them.

Symptoms of Virus
 Letter looks like they are falling to the bottom of the screen.
 The computer system becomes slow.
 The size of available free memory reduces.
 The hard disk runs out of space.
 The computer does not boot.

Types of Computer Virus

 Parasitic - These are the executable (.COM or .EXE execution starts at first
instruction). Propagated by attaching itself to particular file or program. Generally
resides at the start or at the end of a file, e.g. Jerusalem.
 Boot Sector - Spread with infected floppy or pen drives used to boot the computers.
During system boot, boot sector virus is loaded into main memory and destroys data
stored in hard disk, e.g. Polyboot, Disk killer, Stone, AntiEXE.
 Polymorphic - Changes itself with each infection and creates multiple copies.
Multipartite: use more than one propagation method. >Difficult for antivirus to
detect, e.g. Involutionary, Cascade, Evil, Virus 101., Stimulate. Three major parts:
Encrypted virus body, Decryption routine varies from infection to infection, and
Mutation engine.
 Memory Resident - Installs code in the computer memory. Gets activated
for Operating System run and damages all files opened at that time, e.g. Randex,
CMJ, Meve.
 Stealth - Hides its path after infection. It modifies itself hence difficult to detect and
masks the size of infected file, e.g. Frodo, Joshi, Whale.
 Macro - Associated with application software like word and excel. When opening the
infected document, macro virus is loaded into main memory and destroys the data
stored in hard disk. As attached with documents; spreads with those infected
documents only, e.g. DMV, Melissa, A, Relax, Nuclear, Word Concept.
 Hybrids - Features of various viruses are combined, e.g. Happy99 (Email virus).

2. Worm
A worm is a destructive program that fills a computer system with self-replicating
information, clogging the system so that its operations are slowed down or stopped.
Types of Worm
 Email worm - Attaching to fake email messages.
 Instant messaging worm - Via instant messaging applications using loopholes in
network.
 Internet worm - Scans systems using OS services.
 Internet Relay Chat (IRC) worm - Transfers infected files to web sites.
 Payloads - Delete or encrypt file, install backdoor, creating zombie etc.
 Worms with good intent - Downloads application patches.
3. Logical Bomb
A logical bomb is a destructive program that performs an activity when a certain
action has occurred. These are hidden in programming code. Executes only when a
specific condition is met, e.g. Jerusalem.

4. Trojan / Backdoor
Trojan Horse is a destructive program. It usually pretends as computer games or
application software. If executed, the computer system will be damaged. Trojan Horse
usually comes with monitoring tools and key loggers. These are active only when specific
events are alive. These are hidden with packers, crypters and wrappers.< Hence, difficult
to detect through antivirus. These can use manual removal or firewall precaution.

5. RootKits
 Rootkit is a collection of tools that allow an attacker to take control of a system.
 Can be used to hide evidence of an attacker’s presence and give them backdoor
access.
 Can contain log cleaners to remove traces of attacker.
 Can be divided as: - Application or file rootkits: replaces binaries in Linux system -
Kernel: targets kernel of OS and is known as a loadable kernel module (LKM)
 Gains control of infected m/c by: - DLL injection: by injecting malicious DLL
(dynamic link library) - Direct kernel object manipulation: modify kernel structures
and directly target trusted part of OS - Hooking: changing applicant's execution flow

6. Advanced Persistent Threat

Created by well funded, organized groups, nation-state actors, etc. Desire to
compromise government and commercial entities, e.g. Flame: used for reconnaissance
and information gathering of system.

7. Spyware and Adware

Normally gets installed along with free software downloads. Spies on the end-user,
attempts to redirect the user to specific sites. Main tasks: Behavioral surveillance and
advertising with pop up ads Slows down the system.

How To Know if a Device is Infected With Malware?

 Performing poorly on the computer by execution.
 When your web browser directs you to a website you didn't intend to visit, this is
known as a browser redirect.
 Warnings about infections are frequently accompanied by offers to buy a product to
treat them.
 Having trouble starting or shutting down your computer.
 Persistent pop-up ads.

How To Protect From Malware?

 Update your operating system and software. Install updates as soon as they
become available because cybercriminals search for vulnerabilities in out-of-date or
outdated software.
 Never click on a popup's link. Simply click the "X" in the message's upper corner to
close it and leave the page that generated it.
 Do not click on unidentified links. If a link seems suspicious, avoid clicking it
whether it comes from an email, social networking site, or text message.
 Choose the websites you visit wisely. Use a safe search plug-in and try to stick to
well-known and reputable websites to avoid any that might be malicious without
your knowledge.
 Emails requesting personal information should be avoided. Do not click a link in
an email that appears to be from your bank and asks you to do so in order to access
your account or reset your password. Log in immediately at your online banking
website.

How To Remove Malware?

A large number of security software programs are made to both find and stop malware
as well as to eliminate it from infected systems. An antimalware tool that handles
malware detection and removal is Malwarebytes. Malware can be eliminated from
Windows, macOS, Android, and iOS operating systems. A user's registry files, currently
running programs, hard drives, and individual files can all be scanned by Malwarebytes.
Malware can then be quarantined and removed if it is found. Users cannot, however, set
automatic scanning schedules like they can with some other tools.

Tools Used to Remove Malware

 Malwarebytes
 SUPERAntiSpyware
 Malicious Software Removal Tool (MSRT)
 Bitdefender Antivirus Free Edition
 Adaware Antivirus Free
 Avast Free Mac Security

Advantages of Detecting and Removing Malware

 Improved Security: By detecting and removing malware, individuals, and
organizations can improve the security of their systems and reduce the risk of future
infections.
 Prevent Data Loss: Malware can cause data loss, and by removing it, individuals
and organizations can protect their important files and information.
 Protect Reputation: Malware can cause harm to a company's reputation, and by
detecting and removing it, individuals and organizations can protect their image and
brand.
 Increased Productivity: Malware can slow down systems and make them less
efficient, and by removing it, individuals and organizations can increase the
productivity of their systems and employees.

Disadvantages of Detecting and Removing Malware

 Time-Consuming: The process of detecting and removing malware can be time-
consuming and require specialized tools and expertise.
 Cost: Antivirus software and other tools required to detect and remove malware can
be expensive for individuals and organizations.
 False Positives: Malware detection and removal tools can sometimes result in false
positives, causing unnecessary alarm and inconvenience.
 Difficulty: Malware is constantly evolving, and the process of detecting and
removing it can be challenging and require specialized knowledge and expertise.
 Risk of Data Loss: Some malware removal tools can cause unintended harm,
resulting in data loss or system instability.

Conclusion
In conclusion, malware include significant risks to both individuals and organizations,
requiring proactive measures for protection and removal. Utilizing a combination of
antivirus and anti-malware tools with software updates can effectively protect systems.
While detecting and removing malware can be time-consuming and costly, the benefits
of enhanced security, data protection, and increased productivity.
Introduction of Firewall in Computer Network
A firewall is a network security device either hardware or software-based which
monitors all incoming and outgoing traffic and based on a defined set of security rules it
accepts, rejects, or drops that specific traffic. It acts like a security guard that helps keep
your digital world safe from unwanted visitors and potential threats.
 Accept: allow the traffic
 Reject: block the traffic but reply with an “unreachable error”
 Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing network
traffic with security policies that have previously been set up inside an organization. A
firewall is essentially the wall that separates a private internal network from the open
Internet at its very basic level.

Need For Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers. ACLs are rules that determine whether network access should be
granted or denied to specific IP address. But ACLs cannot determine the nature of the
packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the
network. Hence, the Firewall was introduced. Connectivity to the Internet is no longer
optional for organizations. However, accessing the Internet provides benefits to the
organization; it also enables the outside world to interact with the internal network of the
organization. This creates a threat to the organization. In order to secure the internal
network from unauthorized traffic, we need a Firewall.

History of Firewalls
 Late 1980s: Jeff Mogul, Brian Reid, and Paul Vixie at Digital Equipment Corp (DEC)
developed packet-filtering technology, laying the groundwork for firewalls by checking
external connections before they reached internal networks.
 Late 1980s - Early 1990s: AT&T Bell Labs researchers, including Presotto, Sharma,
and Nigam, developed the circuit-level gateway, a firewall that vetted ongoing
 connections without reauthorizing each data packet, paving the way for more efficient
security.
 1991-1992: Marcus Ranum introduced security proxies at DEC, leading to the
creation of the Secure External Access Link (SEAL), the first commercially
available application-layer firewall, based on earlier DEC work.
 1993-1994: At Check Point, Gil Shwed pioneered stateful inspection
technology, filing a patent in 1993. Nir Zuk developed a graphical interface
for Firewall-1, making firewalls accessible and widely adopted by businesses and
homes

Working of Firewall
 Firewall match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. For example, Rules
are defined as any employee from Human Resources department cannot access the
data from code server and at the same time another rule is defined like system
administrator can access the data from both Human Resource and technical
department.
 Rules can be defined on the firewall based on the necessity and security policies of the
organization.
 From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic
is always better in order to achieve more security and prevent unwanted
communication. Incoming traffic is treated differently.
 Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall.
For this reason, the firewall must always have a default policy. Default policy only consists
of action (accept, reject or drop). Suppose no rule is defined about SSH connection to the
server on the firewall. So, it will follow the default policy. If default policy on the firewall is
set to accept, then any computer outside of your office can establish an SSH connection to
the server. Therefore, setting default policy as drop (or reject) is always a good practice.
Types of Firewall
Firewalls can be categorized based on their generation.
1. Packet Filtering Firewall
Packet filtering firewall is used to control network access by monitoring outgoing
and incoming packets and allowing them to pass or stop based on source and destination
IP address, protocols, and ports. It analyses traffic at the transport protocol layer (but
mainly uses first 3 layers). Packet firewalls treat each packet in isolation. They have no
ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or
deny the packets based on unique packet headers. Packet filtering firewall maintains a
filtering table that decides whether the packet will be forwarded or discarded. From the
given filtering table, the packets will be filtered according to the following rules:

 Incoming packets from network 192.168.21.0 are blocked.

 Incoming packets destined for the internal TELNET server (port 23) are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine the
connection state of packet, unlike Packet filtering firewall, which makes it more efficient.
It keeps track of the state of networks connection travelling across it, such as TCP streams.
So the filtering decisions would not only be based on defined rules, but also on packet’s
history in the state table.
3. Application Layer Firewall
Application layer firewall can inspect and filter the packets on any OSI layer, up to
the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused. In other words,
Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the
direct connection between either side of the firewall, each packet has to pass through the
proxy.

4. Next Generation Firewalls (NGFW)

NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network from
these modern threats.

5. Circuit Level Gateway Firewall

This works as the Sessions layer of the OSI Model's . This allows for the
simultaneous setup of two Transmission Control Protocol (TCP) connections. It can
effortlessly allow data packets to flow without using quite a lot of computing power. These
firewalls are ineffective because they do not inspect data packets; if malware is found in a
data packet, they will permit it to pass provided that TCP connections are established
properly.

6. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud server. When it
comes to controlling the inflow and outflow of data packets and limiting the number of
networks that can be linked to a single device, they may be the most advantageous. But
the problem with software firewall is they are time-consuming.
7. Hardware Firewall
They also go by the name "firewalls based on physical appliances." It guarantees that the
malicious data is halted before it reaches the network endpoint that is in danger.

8. Cloud Firewall
These are software-based, cloud-deployed network devices. This cloud-based firewall
protects a private network from any unwanted access. Unlike traditional firewalls, a cloud
firewall filters data at the cloud level.
Importance of Firewalls
So, what does a firewall do and why is it important? Without protection, networks
are vulnerable to any traffic trying to access your systems, whether it's harmful or not.
That's why it's crucial to check all network traffic.
When you connect personal computers to other IT systems or the internet, it opens up
many benefits like collaboration, resource sharing, and creativity. But it also exposes your
network and devices to risks like hacking, identity theft, malware, and online fraud.
Once a malicious person finds your network, they can easily access and threaten it,
especially with constant internet connections.
Using a firewall is essential for proactive protection against these risks. It helps users
shield their networks from the worst dangers.

What Does Firewall Security Do?

A firewall serves as a security barrier for a network, narrowing the attack surface to
a single point of contact. Instead of every device on a network being exposed to the
internet, all traffic must first go through the firewall. This way, the firewall can filter and
block non-permitted traffic, whether it's coming in or going out. Additionally, firewalls
help create a record of attempted connections, improving security awareness.

What Can Firewalls Protect Against?

 Infiltration by Malicious Actors: Firewalls can block suspicious connections,
preventing eavesdropping and advanced persistent threats (APTs).
 Parental Controls: Parents can use firewalls to block their children from accessing
explicit web content.
 Workplace Web Browsing Restrictions: Employers can restrict employees from
using the company network to access certain services and websites, like social media.
 Nationally Controlled Intranet: Governments can block access to certain web
content and services that conflict with national policies or values.
By allowing network owners to set specific rules, firewalls offer customizable
protection for various scenarios, enhancing overall network security.

Advantages of Using Firewall

 Protection From Unauthorized Access: Firewalls can be set up to restrict
incoming traffic from particular IP addresses or networks, preventing hackers or other
malicious actors from easily accessing a network or system. Protection from unwanted
access.
 Prevention of Malware and Other Threats: Malware and other threat
prevention: Firewalls can be set up to block traffic linked to known malware or other
security concerns, assisting in the defense against these kinds of attacks.
 Control of Network Access: By limiting access to specified individuals or groups
for particular servers or applications, firewalls can be used to restrict access to
particular network resources or services.
 Monitoring of Network Activity: Firewalls can be set up to record and keep track
of all network activity.
 Regulation Compliance: Many industries are bound by rules that demand the
usage of firewalls or other security measures.
 Network Segmentation: By using firewalls to split up a bigger network into smaller
subnets, the attack surface is reduced and the security level is raised.
Disadvantages of Using Firewall
 Complexity: Setting up and keeping up a firewall can be time-consuming and
difficult, especially for bigger networks or companies with a wide variety of users and
devices.
 Limited Visibility: Firewalls may not be able to identify or stop security risks that
operate at other levels, such as the application or endpoint level, because they can only
observe and manage traffic at the network level.
 False Sense of Security: Some businesses may place an excessive amount of
reliance on their firewall and disregard other crucial security measures like endpoint
security or intrusion detection systems.
 Limited adaptability: Because firewalls are frequently rule-based, they might not be
able to respond to fresh security threats.
 Performance Impact: Network performance can be significantly impacted by
firewalls, particularly if they are set up to analyze or manage a lot of traffic.
 Limited Scalability: Because firewalls are only able to secure one network,
businesses that have several networks must deploy many firewalls, which can be
expensive.
 Limited VPN support: Some firewalls might not allow complex VPN features like
split tunneling, which could restrict the experience of a remote worker.
 Cost: Purchasing many devices or add-on features for a firewall system can be
expensive, especially for businesses.

Question: A packet filtering firewall can [ISRO CS 2013]

(A) Deny certain users from accessing a service
(B) Block worms and viruses from entering the network
(C) Disallow some files from being accessed through FTP
(D) Block some hosts from accessing the network
Answer: Option (D)
For more details you can refer ISRO | ISRO CS 2013 | Question 44 published quiz.

MCQ:

1. Who is an intruder in cryptography?

A) A network user with admin access
B) A legitimate sender
C) An unauthorized user attempting to access or alter data
D) A software update tool
Answer: C) An unauthorized user attempting to access or alter data
2. What is a passive attack?
A) Attacking with malware
B) Eavesdropping without altering the message
C) Changing the contents of data
D) Crashing the system
Answer: B) Eavesdropping without altering the message
3. Which of the following is an example of a passive attack?
A) Masquerade
B) Traffic analysis
C) Replay attack
D) Denial of Service
Answer: B) Traffic analysis
4. What is an active attack?
A) Monitoring data silently
B) Modifying or destroying data
C) Creating backups
D) Compressing messages
Answer: B) Modifying or destroying data
5. Which of the following is NOT an active attack?
A) Replay
B) Modification
C) Masquerade
D) Eavesdropping
Answer: D) Eavesdropping
6. In cryptography, which type of intruder pretends to be someone else?
A) Listener
B) Masquerader
C) Interceptor
D) Monitor
Answer: B) Masquerader
7. What is the goal of a masquerade attack?
A) To encrypt data
B) To improve performance
C) To gain unauthorized access by pretending to be an authorized user
D) To reduce bandwidth
Answer: C) To gain unauthorized access by pretending to be an authorized
user
8. A replay attack involves:
A) Encrypting data with multiple keys
B) Re-sending a previously captured message
C) Recording voice calls
D) Destroying the original message
Answer: B) Re-sending a previously captured message
9. Which attack attempts to gather information from encrypted data without
altering it?
A) Passive attack
B) Denial of Service
C) Trojan horse
D) Injection attack
Answer: A) Passive attack
10. Which is a common method to detect intruders in a system?
A) Firewall
B) Encryption
C) Intrusion Detection System (IDS)
D) Router
Answer: C) Intrusion Detection System (IDS)
11. Which cryptographic method helps prevent masquerading?
A) Symmetric encryption
B) Hashing
C) Digital signatures
D) Compression
Answer: C) Digital signatures
12. What kind of attacker attempts to break encryption algorithms?
A) Cryptanalyst
B) Moderator
C) Packager
D) Host
Answer: A) Cryptanalyst
13. Which of the following is a goal of cryptography that defends against
intruders?
A) Transparency
B) Confidentiality
C) Usability
D) Availability
Answer: B) Confidentiality
14. An internal intruder is usually:
A) A hacker from outside
B) A legitimate user misusing access
C) A system administrator
D) A firewall
Answer: B) A legitimate user misusing access
15. Which of these ensures message integrity?
A) VPN
B) Digital watermark
C) Message Authentication Code (MAC)
D) DNS
Answer: C) Message Authentication Code (MAC)
16. What is malicious software (malware)?
A) Software that boosts system performance
B) Authorized software
C) Software designed to damage or gain unauthorized access to a system
D) A software used for backups
Answer: C) Software designed to damage or gain unauthorized access to a
system

17.Which of the following is NOT a type of malware?

A) Virus
B) Trojan horse
C) Firewall
D) Worm
Answer: C) Firewall
18. What does a computer virus do?
A) Cleans the system
B) Replicates and spreads by attaching to files
C) Monitors system performance
D) Updates drivers
Answer: B) Replicates and spreads by attaching to files
19. A Trojan horse:
A) Replicates automatically
B) Masquerades as a legitimate program
C) Destroys only files
D) Needs a USB to spread
Answer: B) Masquerades as a legitimate program
20. What differentiates a worm from a virus?
A) Worms need user action to spread
B) Worms can spread without user interaction
C) Viruses don’t harm data
D) Worms are always visible
Answer: B) Worms can spread without user interaction
21. What is ransomware?
A) Malware that encrypts files and demands payment
B) Malware that copies data to USB
C) Malware that crashes the system
D) A firewall replacement
Answer: A) Malware that encrypts files and demands payment
22. Which malware records keystrokes to steal passwords or data?
A) Adware
B) Worm
C) Keylogger
D) Rootkit
Answer: C) Keylogger
23. Spyware is designed to:
A) Clean the system
B) Encrypt files
C) Secretly gather user information
D) Speed up processing
Answer: C) Secretly gather user information
24. Which malware gives attackers remote control over a system?
A) Worm
B) Rootkit
C) Adware
D) Antivirus
Answer: B) Rootkit

25. What is the main objective of cryptography against malware?

A) Boost gaming performance
B) Allow malware detection
C) Ensure confidentiality, integrity, and authenticity of data
D) Speed up the internet
Answer: C) Ensure confidentiality, integrity, and authenticity of data
26. Which malware is commonly used in phishing attacks?
A) Spyware
B) Trojan horse
C) Rootkit
D) Botnet
Answer: B) Trojan horse
27. A botnet is:
A) A secure web server
B) A group of infected systems controlled remotely
C) A hardware firewall
D) A type of adware
Answer: B) A group of infected systems controlled remotely
28. Adware typically:
A) Encrypts all data
B) Deletes system files
C) Displays unwanted ads
D) Works as an antivirus
Answer: C) Displays unwanted ads
29. Which tool helps prevent malware infection?
A) Keylogger
B) Antivirus software
C) Trojan horse
D) Spyware
Answer: B) Antivirus software
30. What is the most common method of spreading malware?
A) Manual USB sharing
B) Legitimate websites
C) Software downloads and email attachments
D) Operating system updates
Answer: C) Software downloads and email attachments
31.What is the primary purpose of a firewall?
A) Encrypt data
B) Block spam emails
C) Monitor and control network traffic
D) Compress files
Answer: C) Monitor and control network traffic
32. A firewall is typically placed between:
A) User and operating system
B) Internal network and external network
C) Printer and computer
D) Mouse and keyboard
Answer: B) Internal network and external network

33. Which of the following is NOT a type of firewall?

A) Packet-filtering firewall
B) Circuit-level gateway
C) Proxy firewall
D) Email firewall
Answer: D) Email firewall
34. A packet-filtering firewall operates at which layer of the OSI model?
A) Physical
B) Data Link
C) Network
D) Application
Answer: C) Network
35. Which firewall filters traffic based on application data?
A) Packet-filtering firewall
B) Circuit-level gateway
C) Stateful inspection firewall
D) Application-layer firewall
Answer: D) Application-layer firewall
36. Which type of firewall maintains the state of active connections?
A) Packet-filtering firewall
B) Proxy firewall
C) Stateless firewall
D) Stateful firewall
Answer: D) Stateful firewall
37. What does a proxy firewall do?
A) Encrypts all data
B) Acts as an intermediary between users and the internet
C) Compresses network traffic
D) Logs all system activities
Answer: B) Acts as an intermediary between users and the internet
38. What is the main benefit of a proxy firewall?
A) Lower latency
B) Faster DNS resolution
C) Enhanced anonymity and deep traffic inspection
D) Automatic software updates
Answer: C) Enhanced anonymity and deep traffic inspection
39. Firewalls cannot protect against:
A) External attacks
B) Internal threats
C) Unauthorized access
D) Port scanning
Answer: B) Internal threats
40. Which protocol is most likely to be blocked by firewalls due to security
risks?
A) HTTP
B) HTTPS
C) FTP
D) TCP/IP
Answer: C) FTP

41. A firewall rule that blocks all incoming traffic is an example of:
A) Denial-of-Service
B) Blacklisting
C) Whitelisting
D) Default deny policy
Answer: D) Default deny policy
42. What is the function of NAT in firewalls?
A) Encrypt data
B) Translate private IP addresses to public addresses
C) Scan for viruses
D) Log user activity
Answer: B) Translate private IP addresses to public addresses
43. A stateless firewall:
A) Tracks the state of connections
B) Is more secure than stateful
C) Filters traffic without storing connection context
D) Works only on wireless networks
Answer: C) Filters traffic without storing connection context
44. Which is a limitation of traditional packet-filtering firewalls?
A) Can inspect encrypted traffic
B) Cannot block IP addresses
C) Cannot inspect traffic beyond Layer 3
D) Can’t be configured
Answer: C) Cannot inspect traffic beyond Layer 3
45. What is a DMZ in network security?
A) Decrypted Message Zone
B) Digital Memory Zone
C) Demilitarized Zone
D) Data Monitoring Zone
Answer: C) Demilitarized Zone
46. In a network, DMZ is used to:
A) Store logs only
B) Isolate external-facing services from internal network
C) Encrypt sensitive data
D) Increase packet size
Answer: B) Isolate external-facing services from internal network
47. Firewalls help ensure which of the following in cryptography?
A) Message integrity
B) Key distribution
C) Controlled access to networks (confidentiality)
D) Key generation
Answer: C) Controlled access to networks (confidentiality)
48. Which of these devices often include built-in firewall functionality?
A) Printers
B) Routers
C) Hard disks
D) Monitors
Answer: B) Routers

49. What is the use of firewall logs?

A) To back up data
B) To track and analyze suspicious activity
C) To format drives
D) To update applications
Answer: B) To track and analyze suspicious activity
50. Which firewall type provides the most comprehensive protection?
A) Packet-filtering firewall
B) Application-layer gateway
C) Circuit-level gateway
D) Transparent firewall
Answer: B) Application-layer gateway
5 MARKS:

1. Explain the different types of intruders in cryptographic systems and their objectives.
2. Describe the differences between passive and active attacks carried out by intruders in
network security.
3. What is malware? List and explain at least three common types of malicious software
and their impact on computer systems.
4. How do firewalls help in protecting networks from unauthorized access? Explain the
working principle of packet-filtering firewalls.
5. Discuss the role of firewalls in maintaining confidentiality and integrity in
cryptographic communication.

10 MARKS:

1. Define intruders in the context of cryptography. Explain the classification of intruders

and describe the various techniques they use to breach security.
2. Discuss the different types of attacks launched by intruders, including passive and
active attacks, with suitable examples.
3. Explain the concept of masquerading attack. How can cryptographic mechanisms like
digital signatures help prevent such attacks?
4. Describe various types of malicious software (malware) and their typical behaviors.
How do malware threats impact the confidentiality and integrity of data?
5. What is ransomware? Discuss its working mechanism and the typical preventive
measures used to protect against ransomware attacks.
6. Explain how keyloggers and spyware work as malicious software. What cryptographic
or security techniques can help detect and mitigate these threats?
7. What is a firewall in the context of network security? Discuss the different types of
firewalls and explain how they contribute to securing cryptographic communications.
8. Compare and contrast packet-filtering firewalls, stateful inspection firewalls, and
application-layer firewalls in terms of their working and security features.
9. Describe the concept of a Demilitarized Zone (DMZ) in network security. How does the
DMZ improve network security and aid firewall implementation?
10. Discuss the limitations of firewalls. Why is it important to combine firewalls with other
security measures in cryptographic systems?