This document provides an overview of cryptography and network security topics including:
- An introduction to cryptography and how it can protect data in transit.
- Different types of security attacks and reasons they may be launched.
- Security services like confidentiality, integrity, and authentication that counter security threats.
- Classical encryption techniques including substitution ciphers like Caesar and monoalphabetic ciphers, and transposition ciphers like Playfair and Vigenere.
4. 4
Introduction to Cryptography
Computer data travels from one computer to another, leaving the safety of its
protected physical surroundings. Once the data is out of hand, people with bad
intention could modify or forge your data, either for amusement or for their
own benefit.
Cryptography can reformat and transform our data, making it safer on its
trip between computers.
cryptography is about constructing and analyzing protocols that prevent third
parties or the public from reading private messages; various aspects in
information security such as data confidentiality, data integrity, authentication,
and non-repudiation are central to modern cryptography.
6. 6
Cont..
Any computer connected to a computing network is potentially
vulnerable to an attack.
– An "attack" is the exploitation of a flaw in a computing system
(operating system, software program or user system) for purposes
that are not known by the system operator and that are generally
harmful.
– Attacks are always taking place on the Internet , at a rate of several
attacks per minute on each connected machine. These attacks are
mostly launched automatically from infected machines (by viruses,
Trojan horses, worms, etc.) without their owner's knowledge. In
rarer cases, they are launched by computer hackers.
8. 8
Cont..
Attacks may be launched for various reasons:
1. to obtain access to the system;
2. to steal information, such as industrial secrets or intellectual property;
3. to gather personal information about a user;
4. to retrieve bank account information;
5. to get information about the organization (the user's company, etc.);
6. to disrupt the proper functioning of a service;
7. to use the user's system as a "bounce" for an attack;
8. to use the resources of the user's system, particularly when the network on
which it is located has a high bandwidth.
9. 9
Ransomware
An application that takes partial or extensive control of a device or data
on a device and demands payment to release control.
Some ransomware apps encrypt data on the device and demand payment
to decrypt data and/or leverage the device administrator features so that
the app cant be removed by the typical user. Examples include:
•Ransomware that locks a user out of their device and demands money to
restore user control.
•Ransomware that encrypts data on the phone and demands payment,
ostensibly to decrypt data again.
•Ransomware that leverages device policy manager features and can-not
be removed by the user.
10. 10
Security services and mechanism
A service that enhances the security of the data processing systems and
the information transfers of an organization. The services are intended to
counter security attacks and they make use of one or more security mechanisms
to provide the service.
Security service is a service, provided by a layer of communicating open
systems, which ensures adequate security of the systems or of data transfers as
defined by ITU-T X.800 Recommendation.
A more general definition is in CNSS Instruction No. 4009 dated 26 April 2010
by Committee on National Security Systems of United States of America:
“A capability that supports one, or more, of the security requirements
(Confidentiality, Integrity, Availability). Examples of security services are key
management, access control, and authentication”
11. 11
Classification of Security Services
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties.
E.g. Printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to
deny the transmission.
Access control: Requires that access to information resources may be controlled by or the
target system.
Availability: Requires that computer system assets be available to authorized parties when
needed.
12. 12
Cont..
Security mechanism
“A mechanism that is designed to detect, prevent or recover from a security
attack.”
“The process to implement the security properties is known as security
mechanism.”
various type of mechanism :
1. Attack Prevention
2. Attack Avoidance
3. Attack Detection
13. 13
Classical Encryption Technique
Goals:
1. to introduce basic concepts & terminology of encryption
2. to prepare us for studying modern cryptography.
A. Building Blocks
i. Two building blocks of all classical encryption techniques are
substitution and transposition.
ii. Substitution means replacing an element of the plaintext with an
element of ciphertext.
iii. Transposition means rearranging the order of appearance of the
elements of the plain text.
iv. Transposition is also referred to as permutation.
14. 14
Cont..
B. Symmetric Cipher Mode
A symmetric encryption scheme has five ingredients:
1. Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
2.Encryption Algorithm: The encryption algorithm performs various substitutions
and transformations on the plain text
3.Secret Key: The secret key is also input to encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the time.
4.Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and secret key.
5.Decryption Algorithm: This is essentially the encryption algorithm run in reverse. It
takes the cipher text and the secret key and produces the original plaintext
15. 15
Cont..
c. Cryptography
Cryptographic systems are characterized along three independent dimensions:
- type of encryption operations used
1. substitution
2. Transposition
3. product
- number of keys used
1. single-key or private
2. two-key or public
- way in which plaintext is processed
1. block
2. stream
16. 16
Cont..
D. Cryptanalysis
Objective: to recover the plaintext of a ciphertext or, more typically, to recover
the secret key.
Kerkhoff’s principle: the adversary knows all details about a cryptosystem except
the secret key.
Two general approaches:
brute-force attack
non-brute-force attack (cryptanalytic attack)
17. 17
Substitution Cipher
Substitution cipher: replacing each element of the
plaintext with another element.
Their are some techniques in Substitution Cipher:
1. Caeser Cipher
2. Monoalphabetic Ciphers
3. Polyalphabetic Ciphers
- Playfair Cipher
- Vigenere Cipher
18. 18
Caesar cipher
The Caesar cipher, also known as a shift cipher, is one of the simplest forms of
encryption. It is a substitution cipher where each letter in the original message
(called the plaintext) is replaced with a letter corresponding to a certain number
of letters up or down in the alphabet.
For example, here's the Caesar Cipher encryption of a message, using a right
shift of 3
Plaintext:
THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Ciphertext:
QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
19. 19
Cont..
The Caesar Cipher can be expressed in a more mathematical form as follows:
In plain terms, this means that the encryption of a letter *x* is equal to a shift of *x + n*, where
n is the number of letters shifted. The result of the process is then taken under modulo division,
essentially meaning that if a letter is shifted past the end of the alphabet, it wraps around to the
beginning.
Decryption of the encrypted text (*ciphertext*) would be defined similarly, with instead a
subtraction of the shift amount.
First used by Julius Caesar, the Caesar Cipher is one of the more well known older historical
encryption methods.
20. 20
Monoalphabetic Ciphers
A monoalphabetic substitution cipher, also known as a simple substitution
cipher, relies on a fixed replacement structure. That is, the substitution is fixed
for each letter of the alphabet. Thus, if "a" is encrypted to "R", then every time
we see the letter "a" in the plaintext, we replace it with the letter "R" in the
ciphertext.
A simple example is where each letter is encrypted as the next letter in the
alphabet: "a simple message" becomes "B TJNQMF NFTTBHF". In general, when
performing a simple substitution manually, it is easiest to generate the
ciphertext alphabet first, and encrypt by comparing this to the plaintext
alphabet. The table below shows how one might choose to, and we will, lay them
out for this example.
21. 21
Polyalphabetic Substitution Ciphers
Polyalphabetic Cipher is a substitution cipher in which the
cipher alphabet for the plain alphabet may be different at
different places during the encryption process. Best example
of polyalphabetic ciphers are as follows:
1. Playfair
2. Vigenere Cipher
22. 22
Playfair Cipher
1. Not even the large number of keys in a monoalphabetic cipher
provides security.
2. One approach to improving security is to encrypt multiple letters
at a time.
3. The Playfair Cipher is the best known such cipher.
4. Invented by Charles Wheatstone in 1854, but named after his
friend Baron Playfair.
23. 23
Playfair Key Matrix
1. Use a 5 x 5 matrix.
2. Fill in letters of the key (w/o duplicates).
3. Fill the rest of matrix with other letters.
E.g., Plaintext = MONARCHY.
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
24. 24
Encrypting and Decrypting
1. Plaintext is encrypted two letters at a time.
2. If a pair is a repeated letter, insert filler like 'X’.
3. If both letters fall in the same row, replace each with the
letter to its right (circularly).
4. If both letters fall in the same column, replace each with the
the 5. letter below it (circularly).
6. Otherwise, each letter is replaced by the letter in the same
row but in the column of the other letter of the pair.
25. 25
Security of Playfair Cipher
1. Equivalent to a monoalphabetic cipher with an
alphabet of 26 x 26 = 676 characters.
2. Security is much improved over the simple
monoalphabetic cipher.
3. Was widely used for many decades
eg. by US & British military in WW1 and early WW2
4. Once thought to be unbreakable.
5. Actually, it can be broken, because it still leaves
some structure of plaintext intact.
26. 26
Vigenere Cipher
This scheme of cipher uses a text string (say, a word) as a key, which is
then used for doing a number of shifts on the plaintext.
For example, let’s assume the key is ‘point’. Each alphabet of the key is
converted to its respective numeric value: In this case,
p 16, o 15, i 9, n 14, and t 20.→ → → → →
Thus, the key is: 16 15 9 14 20.
27. 27
Process of Vigenere Cipher
1. The sender and the receiver decide on a key. Say ‘point’ is the key. Numeric
representation of this key is ‘16 15 9 14 20’.
2. The sender wants to encrypt the message, say ‘attack from south east’. He
will arrange plaintext and numeric key as follows −
3. He now shifts each plaintext alphabet by the number written below it to
create ciphertext as shown below −
28. 28
Cont..
1. Here, each plaintext character has been shifted by a different amount – and
that amount is determined by the key. The key must be less than or equal to the
size of the message.
2. For decryption, the receiver uses the same key and shifts received ciphertext
in reverse order to obtain the plaintext.
29. 29
Variants of Vigenere Cipher
There are two special cases of Vigenere cipher −
1. The keyword length is same as plaintext message. This case is called
Vernam Cipher. It is more secure than typical Vigenere cipher.
2. Vigenere cipher becomes a cryptosystem with perfect secrecy, which is
called One-time pad