Unit 1

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 83

CRYPTOGRAPHY AND

NETWORK SECURITY
CSEN2071
Course Objectives:
Understand basics of security concepts and comprehend Classical
Encryption Techniques
● Impart various symmetric cryptographic techniques

● Learn number theory related to RSA and Diffie-Hellman algorithms

● Study different hash functions and message authentication


techniques

● Impart knowledge of application and transport layers security


concepts
Course Outcomes:
After successful completion of the course the student will be able to:
1. illustrate working of classical encryption techniques

2. describe the working of symmetric encryption techniques

3. experiment the working of public key cryptography algorithms such


as RSA, Diffie-Hellman

4. Apply Hash functions and message authentication techniques

5. Demonstration of firewall configuration.


Syllabus & Textbook

Syllabus

https://drive.google.com/drive/u/0/folders/1IGmhEqrEAGJkBUDhDktap_s
xe-sgeXot

Textbook
https://drive.google.com/drive/u/0/folders/1WPV5bVa8hcILwMIA5U8-
4brpUgLFbEwK
Unit 1-Basics of Computer Networks
Introduction: Computer Security Concepts, The OSI Security Architecture,
Cryptography, cryptanalysis, attacks, services, security mechanisms.

Classical Encryption Techniques: Substitution Techniques, Caesar Cipher,


Monoalphabetic Ciphers, Play fair Cipher, Hill Cipher Polyalphabetic Ciphers.
Transposition Techniques.
Computer Security

Computer security refers to protecting and securing computers and


their related data, networks, software, hardware from unauthorized
access-misuse,information loss, and other security issues.
Computer Security

The NIST-National Institute of Standards and Technology


Computer Security Handbook [NIST95] defines the term
computer security as follows:

The protection afforded to an automated information system in


order to attain the applicable objectives of preserving the
integrity, availability, and confidentiality of information
system resources.
Objectives of Computer Security
1. Confidentiality
2. Integrity
3. Availability

Additional objectives:
4. Authenticity
5. Accountability

8
Objectives of Computer Security

Confidentiality means that only authorized individuals/systems


can view sensitive or classified information.
Integrity
Availability
A&A
Authenticity- The property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission,
a message, or message originator.

Accountability: The security goal that generates the requirement


for actions of an entity to be traced uniquely to that entity.
The Challenges of Computer Security
OSI Security Architecture
Threat : A potential for violation of security, which exists when there is
a circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might exploit
a vulnerability.

Attack: An assault on system security that derives from an intelligent


threat; that is, an intelligent act that is a deliberate attempt to evade
security services and violate the security policy of a system.
OSI Security Architecture

The OSI security architecture is useful to managers as a way of


organizing the task of providing security.
The OSI security architecture focuses on
● Security attacks
● Mechanisms
● Services
Cryptography
It is technique of securing information and communications through use of codes so that only those
person for whom the information is intended can understand it and process it.
Cryptography
Symmetric Encryption
Asymmetric Encryption
Key terms Cryptography
Plaintext : It is the original message that is being protected.
Ciphertext: It is the encoded message which is the result of
transforming a plaintext using encryption.
Cipher: A cipher is an algorithm for performing encryption. It is a
mathematical formula used to scramble the plain text to yield ciphertext.
Encrypt: To transform a plaintext into ciphertext
Decrypt: To transform a ciphertext into plaintext.
Key:information used in cipher known only to sender/receiver
Cryptography: study of algorithms used for encryption
Cryptanalysis:study of techniques for decryption without knowledge of plaintext
Cryptology: areas of cryptography and cryptanalysis
OSI Security Architecture
● Security attack: Any action that compromises the security of
information owned by an organization.

● Security mechanism: A process that is designed to detect, prevent,


or recover from a security attack.

● Security service: A processing or communication service that


enhances the security of the data processing systems and the
information transfers of an organization.
SECURITY ATTACKS
• Passive attacks: It attempts to make use of information from the
system .
• Not affect system resources.
• Eavesdropping or monitoring transmission
• Goal: to obtain information that is being transmitted
• Types:
• Release of Message contents
• Traffic Analysis
• Active attacks: It attempts to alter system resources or affect their
operation.
• Masquerade
• Replay
• Modification
• Denial of Service
Passive Attack: Release of Message
contents

A telephone conversation, an e-mail message and a transferred


file may contain sensitive or confidential information.
Passive Attack: Traffic Analysis

Encryption technique can be used to mask the content of


messages so that opponents, even if they captured the message,
could not extract the information from message.
Active Attack: Masquerade

One entity pretends to be a different entity


Active Attack: Replay

It involves the passive capture of the data unit and its


subsequent retransmission to produce an unauthorised effect
Active Attack: Modification of Messages

Some portion of a legitimate message is altered, or that


messages are delayed or reordered
Active Attack: Denial of Service

It prevents the normal use or management of


communications
SECURITY SERVICES
A processing or communication service that
enhances the security of the data processing Confidentiality
systems and the information transfers of an
organization. Integrity

. Authentication
Messages
Non repudiation

Security Services Access control

Availability

Entity Authentication
Data Confidentiality:
• Protects data from unauthorized disclosure.
• Ensures that the information in a computer system and
transmitted information are accessible only for reading by
authorized parties.
Integrity:
• The assurance that data received are exactly as sent by an
authorized entity. (i.e., contain no modification, insertion,
deletion, or replay).
• Modification includes writing, changing status, deleting,
creating and delaying or replaying of transmitted messages.
-> Authentication:

Cryptography can provide two types of authentication services:


• Integrity authentication can be used to verify that non-modification
has occurred to the data.
• Source authentication can be used to verify the identity of who
created the information, such as the user or system.
• Ensures that the origin of a message or electronic document is
correctly identified, with an assurance that the identity is not false.
Peer Entity Authentication:
Data-Origin Authentication:
Non repudiation:
• Requires that neither the sender nor the receiver of a message be
able to deny the transmission.
• Proof of Origin: Proof that the message was sent by the
specified party.
• Proof of Delivery: Proof that the message was received by the
specified party.

Access control:
• Requires that access to information resources may be controlled
by or the target system.
• controls who can have access to resource under what condition.
Availability:
• Requires that computer system assets be available to authorized
parties when needed.
• Available to authorized entities for 24/7.

Authorization:
• Authorization provides permission to perform a security
function or activity.
• Authorization is generally granted after the successful execution of
a source authentication service.
7. Security Mechanisms
Feature designed to detect, prevent or recover from a security attack.

Security Mechanisms

Specific Security Pervasive Security


Mechanisms Mechanisms
(8 Types) (5 Types)
Encipherment
Digital Signature
Specific Security
Mechanisms
Access Control
Data Integrity
Authentication Exchange
Traffic Padding
Routing Control
Notarization
Encipherment
The use of mathematical algorithms to transform data into a
form that is not readily intelligible.
Digital Signature
Data appended to, or a cryptographic transformation of a
data unit that allows a recipient of the data unit to prove the source
and integrity of the data unit and protect against forgery (e.g., by
the recipient).
Access Control
A variety of mechanisms that enforce access rights to
resources.

Data Integrity
A variety of mechanisms used to assure the integrity of a data
unit or stream of data units.
Truthful

Verifiable Accurate
Data
Integrity

Retrievable Complete
Authentication Exchange

A mechanism intended to ensure the identity of an entity


by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.
Routing Control
Enables selection of particular physically secure
routes for certain data and allows routing changes,
especially when a breach of security is suspected.

Notarization
The use of a trusted third party to assure certain
properties of a data exchange.
Pervasive Security Mechanisms

• Trusted Functionality
That which is perceived to be correct with respect to some
criteria (e.g., as established by a security policy).
• Security Label
The marking bound to a resource (which may be a data unit)
that names or designates the security attributes of that
resource.
• Event Detection
Detection of security-relevant events.
• Security Audit Trail
Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system
records and activities.
• Security Recovery
Deals with requests from mechanisms, such as event handling
Classification of Cryptography

Cryptography

Symmetric Key Asymmetric Key


Cryptography Cryptography

Classical Modern
Cryptography Cryptography

Transposition Substitution Stream Block


Cipher Cipher Cipher Cipher
Classical Encryption Techniques
Substitution Techniques
Replaces the plaintext characters with other characters,
numbers and symbols.

Transposition Techniques
Rearranges the position of the characters of the plaintext.
Substitution Techniques
Substitution Techniques

1. Caesar Cipher
2. Monoalphabetic Ciphers
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
1. Caesar Cipher
• Earliest and simplest method of encryption technique
• Replaces each letter of alphabet with the letter standing
three places further down the alphabet
Caesar Cipher Algorithm
• Encryption: C = E(k, p ) = (p + k )mod 26
• Decryption: P = D (k, C) = (C – k) mod 26

Example 1: key=3
plaintext: hello how are you
ciphertext: KHOOR KRZ DUH BRX
Example
Example 3: Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI

Example 2: Plain text: pay more money


Key =3
Cipher text: SDB PRUH PRQHB
2. Playfair Cipher
• The best-known multiple letter encryption
cipher is the Playfair.
• The Playfair treats digrams in the plaintext
as single units and translates these units
into cipher text digrams.
• The Playfair algorithm is based on the use of
5x5 matrix of letters constructed using a
keyword.
• The matrix is constructed by filling in the
unique letters of the keyword, and then
filling in the remaining letters in alphabetical
order.
Rules of Playfair Cipher
✔ Pair cannot be made with same letter. Break the letter and fill with filler letter ‘x’.

✔ If the letter is standing alone in the process of pairing, then add an extra filler letter ‘x’
with the alone letter.
✔ Rules for encryption
Rules of Playfair Cipher
✔ Two plaintext letters that fall in same
row of the matrix are each replaced
by the letter to the right.

✔ Two plaintext letters that fall in the


same column are each replaced by
the letter to down.
Rules Playfair Cipher
✔ Otherwise, each plaintext letter in a pair is replaced
by the letter that lies in own row and the column
occupied by the other plaintext letter.
Playfair Cipher :Example 1
✔ Key: MONARCHY
✔ Plaintext: INSTRUMENTS
✔ Plaintext: IN ST RU ME NT SZ
✔ Ciphertext: GA TL MZ CL RQ TX
Playfair Cipher : Example 2
✔ Key: PLAYFAIR EXAMPLE
✔ Plaintext: HIDE THE GOLD IN THE TREE STUMP
✔ Plaintext: HI DE TH EG OL DI NT HE TR EX ES TU MP
✔ Ciphertext: BM OD ZB XD NA BE KU DM UI XM MO UV IF
3. Monoalphabetic Substitution Cipher
• A monoalphabetic substitution cipher, also known as a simple
substitution cipher
• It has a fixed replacement structure.
• Could shuffle (jumble) the letters arbitrarily
• Each plaintext letter maps to a different random ciphertext
letter
• The substitution is fixed for each letter of the alphabet.

Eg: Thus, if "a" is encrypted to "R", then every time we see the letter
"a" in the plaintext, we replace it with the letter "R" in the ciphertext.
Plain :
abcdefghijklmnopqrstuvwxyz
Cipher:
DKVQFIBJWPESCXHTMYAUOLRGZ
The ciphertext alphabet for the cipher where you replace each letter by the random letter in the alphabet .

N
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
4. Hill Cipher
• Hill cipher is a polygraphic substitution cipher based on linear
algebra.
• Each letter is represented by a number modulo 26.
• To encrypt a message, each block of n letters is multiplied by an
invertible n × n matrix, against modulus 26.
Encryption: PK mod 26
• To decrypt the message, each block is multiplied by the inverse of
the matrix used for encryption.
Decryption: CK-1 mod 26
Hill Cipher: Example 1
• Input : Plaintext: ACT
– Key: GYBNQKURP
– Output : Ciphertext: POH
• Encryption
– We have to encrypt the message ‘ACT’ (n=3).The key is
‘GYBNQKURP’ which can be written as the n X n matrix:
Hill Cipher: Example 1

• The message ‘ACT’ is written as vector:


• The enciphered vector is given as:

• which corresponds to ciphertext of ‘POH’


Hill Cipher: Example 1
Decryption:
• To decrypt the message, we turn the ciphertext back
into a vector, and then simply multiply by the inverse
matrix of the key matrix.
Hill Cipher: Example 1
Decryption:
• For the previous Ciphertext ‘POH’:

Which gives us back ‘ACT’.


Hill Cipher: Example 2
• Input : Plaintext: SHORT EXAMPLE
– Key: HILL
– Output : Ciphertext: APADJTFTWLFJ
Polyalphabetic Cipher
• A set of related monoalphabetic substitution rules are used.
• A key determines which particular rule is chosen for a given
transformation.
Polyalphabetic Cipher: Vigenere Cipher
• Best and simplest Polyalphabetic cipher.

• Encryption:
Ei = (Pi + Ki) mod 26

• Decryption:
Di = (Ei - Ki) mod 26

• To encrypt a message, a key is needed that is as long as the message


Vigenere Cipher Example
Ei = (Pi + Ki) mod 26

• Plaintext: WE ARE DISCOVERED SAVE YOURSELF


• Key: DECEPTIVE
• Ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
Vigenere Cipher Example
Ei = (Pi + Ki) mod 26

• Solution: Autokey System


• Keyword is concatenated with the plaintext itself to provide a
running key.
Polyalphabetic Cipher: Vernam Cipher
• The keyword is chosen as long as the plaintext and has no relationship
between them.
• Works on binary data(bits) rather than letters.
• Encryption:
Ci = Pi XOR Ki
Ci – i th binary digit of cipher text
Pi – i th binary digit of plaintext
Ki – i th binary digit of key

XOR operation
• Decryption:
Pi = Ci XOR Ki
Vernam Cipher Example
Transposition Technique
• Performed by permutation on the plain text letters.

Rail Fence

• The plaintext is written down as a sequence of diagonals and then read off as a
sequence of rows.

• The Rail Fence cipher works by writing your message on alternate lines across the
page, and then reading off each line in turn.
Encryption

To write your message in zigzag lines across the page, and


then read off each row.
• Firstly, you need to have a key
• You then start writing the letters of the plaintext
diagonally down to the right until you reach the number
of rows specified by the key.
• You then bounce back up diagonally until you hit the first
row again.
• This continues until the end of the plaintext.
Decryption

• The decryption process for the Rail Fence Cipher involves


reconstructing the diagonal grid used to encrypt the
message.
• We start writing the message, but leaving a dash in place
of the spaces yet to be occupied.
• Gradually, you can replace all the dashes with the
corresponding letters, and read off the plaintext from the
table.
• We start by making a grid with as many rows as the key
is, and as many columns as the length of the ciphertext.
• We then place the first letter in the top Left Square, and
dashes diagonally downwards where the letters will be.
• When we get back to the top row, we place the next
letter in the ciphertext. Continue like this across the row,
and start the next row when you reach the end.
Transposition Technique: Example 1
Plaintext "defend the east wall" is written as shown
below, with all spaces removed.

• The simplest Rail Fence Cipher, where each letter is written in


a zigzag pattern across the page.
• The ciphertext is then read off by writing the top row first,
followed by the bottom row, to get
"DFNTEATALEEDHESWL".
Transposition Technique: Example 2
• Ciphertext : “TEKOOHRACIRMNREATANFTETYTGHH”
Encrypted key : 4, you start by placing the "T" in the first
square
Columnar Transposition Cipher

• The columnar transposition cipher is a fairly simple, easy


to implement cipher. It is a transposition cipher that
follows a simple rule for mixing up the characters in the
plaintext to form the ciphertext.
• The key for the columnar transposition cipher is a
keyword e.g. GERMAN. The row length that is used is the
same as the length of the keyword. To encrypt a piece of
text, e.g. defend the east wall of the castle
Key GERMAN.

Plain Text defend the east wall of the castle


Encrypted a piece of cipher text, e.g.
nalcxehwttdttfseeleedsoaxfeahl

You might also like