CCS354 - NETWORK SECURITY / YEAR-III / SEM-06

UNIT I- INTRODUCTION

Basics of cryptography, conventional and public-key cryptography, hash functions, authentication

and digital signatures.

1. SECURITY TRENDS

The protection afforded to an automated information system in order to attain the

applicable objectives of preserving the integrity, availability, and confidentiality of information
system resources (includes hardware, software, firmware, information / data, and
telecommunications)

This definition introduces three key objectives that are at the heart of computer security:
• Confidentiality: This term covers two related concepts:
• Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be
disclosed.
• Integrity: This term covers two related concepts:
• Data integrity: Assures that information and programs are changed only in a specified
and authorized manner.
• System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the
system.
• Availability: Assures that systems work promptly and service is not denied
to authorized
users
These three concepts form what is often referred to as the CIA triad (Figure 1.1). The three
concepts embody the fundamental security objectives for both data and for information and
computing services

Figure 1.1 CIA triad

Although the use of the CIA triad to define security objectives is well established, some in the
security field feel that additional concepts are needed to present a complete picture. Two of the
most commonly mentioned are as follows:
• Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator. This means
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-06

verifying that users are who they say they are and that each input arriving at the system came
from a trusted source.

• Accountability: The security goal that generates the requirement for actions of an entity to
be traced uniquely to that entity. This supports non repudiation, deterrence, fault isolation,
intrusion detection and prevention, and after-action recovery and legal action.
• Computer Security - Generic name for the collection of tools designed to protect data and
to thwart hackers.
• Network Security - Measures to protect data during their transmission.
• Internet Security - Measures to protect data during their transmission over a collection of
interconnected networks Our Focus is on Internet Security which consists of measures to deter,
prevent, detect and correct security violations that involve the transmission and storage of
information

Figure 1.2 Security Trends

1.1.1 THE CHALLENGES OF COMPUTER SECURITY

Computer and network security is both fascinating and complex. Some of the reasons follow:

1. Security is not as simple as it might first appear to the novice. The requirements seem to be
straightforward; indeed, most of the major requirements for security services can be given self-
explanatory, one-word labels: confidentiality, authentication, non repudiation, or integrity

2. In developing a particular security mechanism or algorithm, one must always consider

potential attacks on those security features.

3. Typically, a security mechanism is complex, and it is not obvious from the statement of a
particular requirement that such elaborate measures are needed.
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-06

4. Having designed various security mechanisms, it is necessary to decide where to use them.
This is true both in terms of physical placement and in a logical sense
.
5. Security mechanisms typically involve more than a particular algorithm or protocol.

Computer and network security is essentially a battle of wits between a perpetrator who tries to find
holes and the designer or administrator who tries to close them. The great advantage that the attacker
has is that he or she need only find a single weakness, while the designer must find and eliminate all
weaknesses to achieve perfect security.

6. There is a natural tendency on the part of users and system managers to perceive little
benefit from security investment until a security failure occurs.

7. Security requires regular, even constant, monitoring, and this is difficult in today‟s short-
term, overloaded environment.

8. Security is still too often an afterthought to be incorporated into a system after the design is
complete rather than being an integral part of the design process.

9. Many users and even security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system or use of information.

2. A MODEL FOR NETWORK SECURITY

A model for much of what we will be discussing is captured, in very general terms, in
Figure 1.3. A message is to be transferred from one party to another across some sort of
Internet service.
A security-related transformation on the information to be sent, Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the opponent,
and the addition of a code based on the contents of the message, which can be used to verify the
identity of the sender
Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.
Figure 1.3 Model for Network Security
 All the techniques for providing security have two components:
This general model shows that there are four basic tasks in designing a particular security
service:
1. Design an algorithm for performing the security-related transformation.
The algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm
and the secret information to achieve a particular security service

A general model of these other situations is illustrated by Figure 1.4, which reflects a
concern for protecting an information system from unwanted access. Most readers are familiar
with the concerns caused by the existence of hackers, who attempt to penetrate systems that can
be accessed over a network. The hacker can be someone who, with no malign intent, simply
gets satisfaction from breaking and entering a computer system. The intruder can be a disgruntled
employee who wishes to do damage or a criminal who seeks to exploit computer assets for
financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).

3. THE OSI SECURITY ARCHITECTURE

ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic
approach. The OSI security architecture is useful to managers as a way of organizing the task of
providing security. This architecture was developed as an international standard, computer and
communications vendors have developed security features for their products and services that
relate to this structured definition of services and mechanisms.

The OSI security architecture focuses on security attacks, mechanisms, and services.

• Security attack: Any action that compromises the security of information owned by an
organization.

• Security mechanism: A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security attack.
•Security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service. In the literature, the terms threat and attack are commonly used to mean more or less the
same thing.
 Table 1.1 provides definitions taken from RFC 2828, Internet Security Glossary.
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action,
or event that could breach security and cause harm. That is, a threat is a possible danger that
might exploit vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique) to evade security
services and violate the security policy of a system.

ATTACKS

The security attacks can be classified into two types’ passive attacks and active attacks. A passive attack
attempts to learn or make use of information from the system but does not affect system resources. An
active attack attempts to alter system resources or affect their operation.

Passive Attacks:

Two types of passive attacks are the release of message contents and traffic analysis.

The release of message contents is easily understood (Figure 1.5a).A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler (Figure 1.5b). Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The common technique for masking
contents is encryption. If we had encryption protection in place, an opponent might still be able to observe
the pattern of these messages.

Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Typically, the message traffic is not sent and received in an apparently normal fashion and the sender nor
receiver is aware that a third party has read the messages or observed the traffic pattern.
 Figure 1.5 Passive Attacks

Active Attacks:

Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity (Figure 1.6a). A masquerade
attack usually includes one of the other forms of active attack. For example, authentication sequences can
be captured and replayed after a valid authentication sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those
privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect (Figure 1.6b).

Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect (Figure 1.6c). For example, a
message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow
Fred Brown to read confidential file account.

The denial of service prevents or inhibits the normal use or management of communications facilities
(Figure 1.6d). This attack may have a specific target.
Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are
difficult to detect, measures are available to prevent their success.
Figure 1.6 Active Attacks
SECURITY SERVICES:

X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or of data
transfers. Perhaps a clearer definition is found in RFC 2828, which provides the following
definition: a processing or communication service that is provided by a system to give a specific
kind of protection to system resources; security services implement security policies and are
implemented by security mechanisms.
X. 0 divides these services into five categories and fourteen specific services (Table 1.2)

Table 1.2 Security Services (X.800)

SECURITY MECHANISMS:

Table 1.3 lists the security mechanisms defined in X.800. The mechanisms are divided into
those that are implemented in a specific protocol layer, such as TCP or an application-layer
protocol, and those that are not specific to any particular protocol layer or security service

Table 1.3 Security Mechanisms (X.800)

4. CLASSICAL ENCRYPTION TECHNIQUES

Symmetric encryption is a form of cryptosystem in which encryption and decryption are

performed using the same key. It is also known as conventional encryption.
• Symmetric encryption transforms plaintext into ciphertext using a secret key and an
encryption algorithm. Using the same key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
• The two types of attack on an encryption algorithm are cryptanalysis, based on
properties of the encryption algorithm, and brute-force, which involves trying all possible
keys.
• Traditional (precomputer) symmetric ciphers use substitution and/or transposition
techniques. Substitution techniques map plaintext elements (characters, bits) into
 ciphertext elements. Transposition techniques systematically transpose the positions of
plaintext elements.

Steganography is a technique for hiding a secret message within a larger one in such a
way that others cannot discern the presence or contents of the hidden message.

An original message is known as the plaintext, while the coded message is called the ciphertext. The
process of converting from plaintext to ciphertext is known as enciphering or encryption; restoring the
plaintext from the ciphertext is deciphering or decryption. The many schemes used for encryption
constitute the area of study known as cryptography.

Such a scheme is known as a cryptographic system or a cipher. Techniques used for deciphering a
message without any knowledge of the enciphering details fall into the area of cryptanalysis.
Cryptanalysis is what the layperson calls “breaking the code” The areas of cryptography and cryptanalysis
together are called cryptology.
SYMMETRIC CIPHER MODEL:
A symmetric encryption scheme has five ingredients (Figure 1.7):
• Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key
•Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different ciphertexts.
The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes
the cipher text and the secret key and produces the original plaintext.

Figure 1.7 Simplified Model of Symmetric Encryption

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such
that an opponent who knows the algorithm and has access to one or more ciphertexts would be
unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a
stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if
he or she is in possession of a number of ciphertexts together with the plaintext that produced
each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure. If someone can discover the key and knows the algorithm, all
communication using this key is readable.

Figure 1.8 Model of Symmetric Cryptosystem

With the message X and the encryption key K as input, the encryption algorithm forms
the ciphertext Y=[Y1,Y2,…….YN] .We can write this as Y=E(K,X)This notation indicates that is
produced by using encryption algorithm E as a function of the plaintext X , with the specific
function determined by the value of the key K .
The intended receiver, in possession of the key, is able to invert the transformation:
X=D(K,Y)
An opponent, observing Y but not having access K to X or, may attempt to recover X or K or
both X and K. It is assumed that the opponent knows the encryption (E) and decryption (D)
algorithms. If the opponent is interested in only this particular message, then the focus of the
effort is to recover X by generating a plaintext estimate X. Often, however, the opponent is
interested in being able to read future messages as well, in which case an attempt is made to
recover K by generating an estimate K.
Cryptography:

Cryptographic systems are characterized along three independent dimensions:

The type of operations used for transforming plaintext to ciphertext:

All encryption algorithms are based on two general principles: substitution, in which each element in
the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in
which elements in the plaintext are rearranged. The fundamental requirement is that no information be
lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve
multiple stages of substitutions and transpositions.

1. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver
use different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
2. The way in which the plaintext is processed. A block cipher processes the input one block
of elements at a time, producing an output block for each input block. A stream cipher processes the
input elements continuously, producing output one element at a time, as it goes along.
3. Cryptanalysis and Brute-Force Attack
Typically, the objective of attacking an encryption system is to recover the key in use rather than simply
to recover the plaintexts of a single ciphertext. There are two general approaches to attacking a
conventional encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plusperhaps some
knowledge of the general characteristics of the plaintext oreven some sample plaintext– ciphertext
pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific
plaintext or to deduce the key being used.
• Brute-force attack: The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried
to achieve success.

Table 1.4 summarizes the various types of cryptanalytic attacks based on the amount of information
known to the cryptanalyst. The most difficult problem is presented when all that is available is the
ciphertext only.
 Table 1.4 Types of Attacks on Encrypted Messages

A brute-force attack involves trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained.

SUBSTITUTION TECHNIQUES:

The two basic building blocks of all encryption techniques are substitution and transposition. A
substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers
or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns.

1. Caesar Cipher
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar.
The Caesar cipher involves replacing each letter of the alphabet with the letter standing three
places further down the alphabet. For example,
plain: meet me after the toga party
cipher: PHHW PH DIWH WRJ SDUW
WK D B
U H

Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Let us assign a numerical equivalent to each letter:

When letters are involved, the following conventions are used in this book. Plaintext is always in
lowercase; ciphertext is in uppercase; key values are in italicized lowercase.

Let us assign a numerical equivalent to each letter:

Then the algorithm can be expressed as follows. For each plaintext letter, substitute the cipher
text letter:
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
where takes on a value in the range 1 to 25.The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: simply try all the 25 possible keys. Three important characteristics of this problem
enabled us to use a bruteforce cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
Figure 1.9 Brute-Force Cryptanalysis of Caesar Cipher

2. Monoalphabetic Ciphers
With only 25 possible keys, the Caesar cipher is far from secure.A dramatic increasein
the key space can be achieved by allowing an arbitrary substitution. A permutation of a finite
set of elements is an ordered sequence of all the elements of, with each element appearing
exactlyonce. For example, if S ={a,b,c} , there are six permutations of :
abc, acb, bac, bca, cab, cba
In general, there are n! permutations of a set of elements, because the first element can
be chosen in one of n ways, the second in n-1 ways, the third in n-2 ways, and so on.
Recall the assignment for the Caesar cipher: plain:
a b c d e f g h I j kl m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then
there are 26! or greater than 4*1026 possible keys. This is 10 orders of magnitude greater than
the key space for DES and would seem to eliminate brute-force techniques for cryptanalysis.
Such an approach is referred to as a monoalphabetic substitution cipher, because a single
cipher alphabet (mapping from plain alphabetto cipher alphabet) is used per message.

The ciphertext to be solved is

 UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Playfair Cipher:

The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as
single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use
of a 5 × 5 matrix of letters constructed using a keyword. Here is an example, solved by Lord Peter
Wimsey inDorothy Sayers‟s Have His Carcase

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the
matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time, according to the following rules:

1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x,
so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or
JM, as the encipherer wishes).

The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing, whereas there
are only 26 letters, there are 26 × 26 = 676 digrams, so that identification of individual digrams is more
difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater range than that
of digrams, making frequency analysis much more difficult. For these reasons, the Playfair cipher was
for a long time considered unbreakable. It was used as the standard field system by the British Army in
World War I and still enjoyed considerable use by the U.S. Army and other Allied forces during World
War II.

3. Hill Cipher
 Another interesting multiletter cipher is the Hill cipher, developed by the mathematician
Lester Hill in 1929. Define the inverse M-1of a square matrix M by the equation M(M-1)= M-
1
M=I, where I is the identity matrix. I is a square matrix that is all zeros except for ones along
the main diagonal from upper left to lower right. The inverse of a matrix does not always exist,
but when

it does, it satisfies the preceding equation. For example,

To explain how the inverse of a matrix is computed, we begin by with the concept of
determinant. For any square matrix (m × m), the determinant equals the sum of all the products
that can be formed by taking exactly one element from each row and exactly one element from
each column, with certain of the product terms preceded by a minus sign. For a 2 × 2 matrix,

The determinant is k11k22 -k12k21. For a 3×3 matrix, the value of the determinant is
.k11k22k33 + k21k32k13 + k31k12k23 - k31k22k13 - k21k12k33 - k11k32k23. If a square matrix
A has a nonzero determinant, then the inverse of the matrix is computed as [A-1] ij=(det A)-1 (-
1)i+j (Dij)where (Dij ) is the subdeterminant formed by deleting the jth row and the ith
column of A, det(A) is the determinant of A, and (det A)-1 is the multiplicative inverse of (det A)
mod 26. Continuing our example,

We can show that 9-1mod26=3, because9×3=27mod26=1.Therefore, we compute the

inverse of A as

THE HILLALGORITHM This encryption algorithm takes m successive plaintext letters and
substitutes for them m ciphertext letters. The substitution is determined by m linear equations in
 which each character is assigned a numerical value (a=0,b=1,…z=25). For m=3, the system can
be described as
This can be expressed in terms of row vectors and matrices:

OR
C = PK mod 26
where C and P are row vectors of length 3 representing the plaintext and ciphertext, and K is a 3
×3 matrix representing the encryption key. Operations are performed mod 26.For example,
consider the plaintext “paymoremoney” and use the encryption Key

As with Playfair, the strength of the Hill cipher is that it completely hides single-letter frequencies.
Indeed, with Hill, the use of a larger matrix hides more frequency information. Thus, a 3 ×3 Hill
cipher hides not only single-letter but also two-letter frequency information.
Consider this example. Suppose that the plaintext “hillcipher” is encrypted using a Hill cipher to yield the
ciphertext HCRZSSXNSP. Thus, we know that (78) Kmod26=(72)11 11)Kmod26=(17 25); and so on.
Using the first two plaintext–ciphertext pairs, we have

The inverse of X can be computed

TRANSPOSITION TECHNIQUES:

All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol.
A very different kind of mapping is achieved by performing some sort of permutation on the plaintext
letters. This technique is referred to as a transposition cipher. The simplest such cipher is the rail fence
technique, in which the plaintext is written down as a sequence of diagonals and then read off as a
sequence of rows. For example, to encipher the message “meet me after the toga party” with a rail fence
of depth 2, we write the following:

The encrypted message is

CT: MEMATRHTGPRYETEFETEOAAT

STEGANOGRAPHY:

A plaintext message may be hidden in one of two ways. The methods of steganography
conceal the existence of the message, whereas the methods of cryptography render the message
unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time-consuming to construct, is one in
which an arrangement of words or letters within an apparently innocuous text spells out the real
message. For example, the sequence of first letters of each word of the overall message spells out
the hidden message. Figure shows an example in which a subset of the words of the overall
message is used to convey the hidden message.
Various other techniques have been used historically; some examples are the following:
Character marking: Selected letters of printed or typewritten text are overwritten in pencil.
The marks are ordinarily not visible unless the paper is held at an angle to bright light.
Invisible ink: A number of substances can be used for writing but leave no visible trace until
heat or some chemical is applied to the paper.
Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper
is held up in front of a light.
Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of
typing with the correction tape are visible only under a strong light
Steganography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information, although using a scheme like that proposed
in the preceding paragraph may make it more effective. Also, once the system is discovered, it
becomes virtually worthless. This problem, too, can be overcome if the insertion method
depends on some sort of key.
The advantage of steganography is that it can be employed by parties who have something
to lose should the fact of their secret communication (not necessarily the content) be discovered.
Encryption flags traffic as important or secret or may identify the sender or receiver as someone
with something to hide.

Traditional Encryption Modern Encryption

For making ciphertext, manipulation is done For making ciphertext, operations are
in the characters of the plaintext performed on binary bit sequence
The whole of the ecosystem is required to Here, only the parties who want to execute
communicate confidentiality secure communication possess the secret key

These are weaker as compared to modern The encryption algorithm formed by this
encryption encryption technique is stronger as compared
to traditional encryption algorithms
It believes in the concept of security through Its security depends on the publicly known
obscurity mathematical algorithm
Context of Cryptography:

Cryptology, the study of cryptosystems, can be subdivided into two branches −

• Cryptography
• Cryptanalysis
Cryptography
Cryptography is the art and science of making a cryptosystem that is capable of
providing information security. Cryptography deals with the actual securing of digital data. It
refers to the design of mechanisms based on mathematical algorithms that provide fundamental
information security services.
Cryptanalysis
The art and science of breaking the cipher text is known as cryptanalysis. Cryptanalysis
is the sister branch of cryptography and they both co-exist. The cryptographic process results in
the cipher text for transmission or storage. It involves the study of cryptographic mechanism
 with the intention to break them. Cryptanalysis is also used during the design of the new
cryptographic techniques to test their security strengths.

Types of Modern Cryptography:

Different algorithms have come up with powerful encryption mechanisms incorporated in
them. It gave rise to two new ways of encryption mechanism for data security. These are:
o Symmetric key encryption
o Asymmetric key encryption
Key
It can be a number, word, phrase, or any code that will be used for encrypting as well as
decrypting any ciphertext information to plain text and vice versa.
Symmetric and asymmetric key cryptography is based on the number of keys and the
way these keys work. Let us know about both of them in details:

Symmetric key encryption:

Symmetric key encryption technique uses a straight forward method of encryption.
Hence, this is the simpler among these two practices. In the case of symmetric key encryption,
the encryption is done through only one secret key, which is known as "Symmetric Key", and this
key remains to both the parties.
The same key is implemented for both encodings as well as decoding the information.
So, the key is used first by the sender prior to sending the message, and on the receiver side,
that key is used to decipher the encoded message.
One of the good old examples of this encryption technique is Caesar's Cipher. Modern
examples and algorithms that use the concept of symmetric key encryption are RC4, QUAD,
AES, DES, Blowfish, 3DES, etc.

Asymmetric Key Encryption:

Asymmetric Encryption is another encryption method that uses two keys, which is a new and
sophisticated encryption technique. This is because it integrates two cryptographic keys for implementing
data security. These keys are termed as Public Key and Private Key.
The "public key", as the name implies, is accessible to all who want to send an encrypted message. The
other is the "private key" that is kept secure by the owner of that public key or the one who is encrypting.
Encryption of information is done through public key first, with the help of a particular algorithm. Then
the private key, which the receiver possesses, will use to decrypt that encrypted information. The same
algorithm will be used in both encodings as well as decoding.
PUBLIC KEY CRYPTOGRAPHY:

Principles of public key cryptosystems

The concept of public key cryptography evolved from an attempt to attack two of the
mostdifficult problems associated with symmetric encryption. Key distribution under
symmetric key encryption requires either
(1) Two communicantsalready share a key, which someone has been distributed to them
(2) The use of a key distribution center.
• Digital signatures.

Characteristics of Public key cryptosystems

Public key algorithms rely on one key for encryption and a different but related key for decryption.These
algorithms have the following important characteristics:

• It is computationally infeasible to determine the decryption key given only the

knowledgeof the cryptographic algorithm and the encryption key.

addition, some algorithms, such as RSA, also exhibit the following characteristic:
• Either of the two related keys can be used for encryption, with the other used for
decryption.
INGREDIANTS OF PUBLIC KEY CRYPTOGRAPHY
1. Plaintext: This is the readable message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
3. Public and private keys: This is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the algorithm
depend on the public or private key that is provided as input.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the
key. For a given message, two different keys will produce two different cipher texts.
5. Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

Encryption:

The essential steps are the following:

1. Each user generates a pair of keys to be used for encryption and decryption of
messages.
2. Each user places one of the two keys in a public register or other accessible file. This is
the public key. The companion key is kept private.
3. If A wishes to send a confidential message to B, A encrypts the message using B"s
public key.
4. When B receives the message, it decrypts using its private key.
 With this approach(Fig), all participants have access to public keys and private keys are generated locally by
each participant and therefore, need not be distributed.

Fig . Public Key Cryptography For Authentication

Let the plaintext be X=[X1, X2. X3, . .,X ] where m is the number of letters in some finite alphabets.
Suppose A wishes to send a message to B.

B generates a pair of keys: a public key KUb and a private key KRb KRb is known only to B, whereas
KUb is publicly available and therefore accessible by A.
With the message X and encryption key KUb as input, A forms the cipher text Y=[Y1, Y2, Y3› Y n] i.e.,
Y=EKUb(X)

The receiver can decrypt it using the private key KRb i.e., X=D KRb(Y)

The other approach (using sender―s private key for encryption and sender―s public key for decryption)
will provide authentication which is illustrated in the following diagram(Fig 2.26).

Fig .Private Key Cryptography For Authentication

P"**z'te“ nFrn p1J‹fin gâ›rfthnfl

"“'

The encrypted message serves as a digital signature. It is important to emphasize that the encryption process
just described does not provide confidentiality.
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

Applications for Public-Key Cryptosystems;

We can classify the use of public-key cryptosystems into three categories

1. Encryption /decryption: The sender encrypts a message with the recipient‘s public key.

2. Digital signature: The sender ―signs" a message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message or to a small block of data that is a function of the
message.
3. Key exchange: Two sides cooperate to exchange a session key. Several different approaches
are possible, involving the private key(s) of one or both parties.

Requirements for public key cryptography

• It is computationally easy for a party B to generate a pair [KUb ,KRb]

• It is computationally easy for a sender A, knowing the public key and the message to be encrypted
M, to generate the corresponding ciphertext: C=EKUb(M).
• It is computationally easy for the receiver B to decrypt the resulting ciphertext using
the private key to recover the original message:

M = DKRb (C) = DKRb [E KUb (M)]

• It is computationally infeasible for an opponent, knowing the public key KUb,

to determine the private key KRb
• It is computationally infeasible for an opponent, knowing the public key KUb, and
a ciphertext C, to recover the original message M.
• The encryption and decryption functions can be applied in either order:
M = EKUb [D KRb (M) = DKUb [E KRb (M)]
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

4. HASH FUNCTION:

A variation on the message authentication code is the one way hash function. As with MAC, a hash
function accepts a variable size message M as input and produces a fixed-size output, referred to as hash
code H(M).

Unlike a MAC, a hash code does not use a key but is a function only of the input message. The
hash code is also referred to as a message digest or hash value. There are varieties of ways in which a hash
code can be used to provide message authentication, as follows:

In Fig (a) The message plus the hash code is encrypted using symmetric encryption. This is identical to
that of internal error control strategy. Because encryption is applied to the entire message plus the hash
code, confidentiality is also provided.

Figure (a) Hash Function

In Fig (b) Only the hash code is encrypted, using symmetric encryption. This reduces the processing
burden for those applications that do not require confidentiality.

In Fig (c) Only the hash code is encrypted, using the public key encryption and using the sender‟s private
key. It provides authentication plus the digital signature.

Figure (b & c) Basic use of Hash Function

 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

In Fig (d) If confidentiality as well as digital signature is desired, then the message plus the public key
encrypted hash code can be encrypted using a symmetric secret key.

In Fig (e) This technique uses a hash function, but no encryption for message authentication. This
technique assumes that the two communicating parties share a common secret value „S‟. The source
computes the hash value over the concatenation of M and S and appends the resulting hash value to M.

In Fig(f) Confidentiality can be added to the previous approach by encrypting the entire message plus
the hash code.

Figure (d,e & f) Basic use of Hash Function

A hash value h is generated by a function H of the form

h = H(M)
where M is a variable-length message and H(M) is the fixed-length hash value.

The hash value is appended to the message at the source at a time when the message is assumed or known
to be correct. The receiver authenticates that message by recomputing the hash value.
Requirements for a Hash Function

H can be applied to a block of data of any size.

H produces a fixed-length output.
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.

For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to
in the literature as the one-way property.

For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes
referred to as weak collision resistance.

It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as
strong collision resistance.
The first three properties are requirements for the practical application of a hash function to message
authentication.

The fourth property, the one-way property, states that it is easy to generate a code given a message but virtually
impossible to generate a message given a code.

The fifth property guarantees that an alternative message hashing to the same value as a given message
cannot be found. This prevents forgery when an encrypted hash code is used.

The sixth property refers to how resistant the hash function is to a type of attack known as the birthday
attack.

HMAC

HMAC Design Objectives:

➢ To use hash functions that perform well in software and for which code is freely and
widely available.
➢ To allow for easy replacement of the embedded hash function in case faster or more secure
hash functions are found or required.
➢ To preserve the original performance of the hash function without incurring a
significant degradation.
➢ To use and handle keys in a simple way.
➢ To have a well understood cryptographic analysis of the strength of the
authentication mechanism based on reasonable assumptions about the embedded
hash function.
The first two objectives are important to the acceptability of HMAC. HMAC treats

the hash function as a “black box.” This has two benefits.

First, an existing implementation of a hash function can be used as a module in implementing

HMAC. In this way, the bulk of the HMAC code is prepackaged and ready to use without modification.

Second, if it is ever desired to replace a given hash function in an HMAC implementation,

remove the existing hash function module and drop in the new module.
CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

HMAC Algorithm:
Definition of terms used in algorithm.
H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)

= initial value input to hash function

M = message input to HMAC

Yi =i th block of M, 0 ≤ i ≤ (L – 1)

L =number of blocks in M

b = number of bits in a block

Figure: HMAC Structure

5. DIGITAL SIGNATURE AND AUTHENTICATION PROTOCOLS:

Digital Signature Requirements

Message authentication protects two parties who exchange messages from any third party. However, it does not
protect the two parties against each other.
Disputes created by message authentication are:
➢ Creation of fraud message.
➢ Deny the sending of message

For example, suppose that John sends an authenticated message to Mary, the following disputes that could
arise:
 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

1 Mary may forge a different message and claim that it came from John. Mary would simply have to
create a message and append an authentication code using the key that John and Mary share.
2. John can deny sending the message. Because it is possible for Mary to forge a message, there is
no way to prove that John did in fact send the message.
Properties of digital signature :
➢ It must verify the author and the date and time of the signature.
➢ It must to authenticate the contents at the time of the signature.
➢ It must be verifiable by third parties, to resolve disputes.

Requirements for a digital signature:

➢ The signature must be a bit pattern that depends on the message being signed.
➢ The signature must use some information unique to the sender, to prevent both forgery and denial.
➢ It must be relatively easy to produce the digital signature.
➢ It must be relatively easy to recognize and verify the digital signature.
➢ It must be computationally infeasible to forge a digital signature, either by constructing a new
message for an existing digital signature or by constructing a fraudulent digital signature for a
given message.
➢ It must be practical to retain a copy of the digital signature in storage.
Direct Digital Signature
The term direct digital signature refers to a digital signature scheme that involves only the communicating
parties (source, destination). It is assumed that the destination knows the public key of the source.

Confidentiality can be provided by encrypting the entire message plus signature with a shared secret key
(symmetric encryption). Note that it is important to perform the signature function first and then an outer
confidentiality function. In case of dispute, some third party must view the message and its signature.

If the signature is calculated on an encrypted message, then the third party also needs access to the decryption
key to read the original message. However, if the signature is the inner operation, then the recipient can store
the plaintext message and its signature for later use in dispute resolution.

The validity of the scheme just described depends on the security of the sender‟s private key.

Weakness of Direct Digital Signature:

 CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS

➢ If a sender later wishes to deny sending a particular message, the sender can claim that the private
key was lost or stolen and that someone else forged his or her signature.

➢ Another threat is that some private key might actually be stolen from X at time T. The opponent
can then send a message signed with X‟s signature and stamped with a time before or equal to T.

Arbitrated Digital Signatures

The problem associated with the Direct digital signature can be overcome by using arbitrated schemes.
In the arbitrated scheme, the entire signed message from the sender goes to the arbiter A. The arbiter subjects the
message and signature to a number of tests to check the origin and control. The date and time is attached to the
message. This indicates that the digital signature has been verified and is satisfied. The message is then
transmitted to the receiver.
The RSA Algorithm:
• It was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman.
• The RSA scheme is a cipher in which the plaintext and ciphertext are integers between 0 and n - 1
for some n. A typical size for n is 1024 bits.
• Encryption and decryption are of the following form, for some plaintext block M and ciphertext block
C. C = Me mod n
M = Cd mod n = (Me)d mod n = Med mod n
• Both sender and receiver must know the value of n. The sender knows the value of e, and only the
receiver knows the value of d. Thus, this is a public-key encryption algorithm with a public key of PU =
{e, n} and a private key of PR = {d, n}.
For this example, the keys were generated as follows.
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 * 11 = 187.
3. Calculate f(n) = (p - 1)(q - 1) = 16 * 10 = 160.
4. Select e such that e is relatively prime to f(n) = 160 and less than f(n);
we choose e = 7.
5. Determine d such that de K 1 (mod 160) and d 6 160. The correct value is d = 23, because 23 * 7
= 161 = (1 * 160) + 1; d can be calculated using the extended Euclid’s algorithm
The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.
The example shows the use of these keys for a plaintext input of M = 88. For encryption, we need to calculate

C = 887 mod 187. We can do this as follows.

CCS354 - NETWORK SECURITY / YEAR-III / SEM-05 / NIET / AI & DS