Professional Documents
Culture Documents
CNS Notes CS8792 CNS Notes CS8792
CNS Notes CS8792 CNS Notes CS8792
UNIT I INTRODUCTION
Syllabus
Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at Multiple levels,
Security Policies - Model of network security – Security attacks, services and mechanisms – OSI security
architecture – Classical encryption techniques: substitution techniques, transposition techniques, steganography-
Foundations of modern cryptography: perfect security – information theory – product cryptosystem –
cryptanalysis.
Introduction to Cryptography
The term cryptography is derived from Greek words namely CRYPTO and GRAPHY. In Greek language,
crypto means SECRET and graphy means WRITING.
Cryptography is the science of secret writing that provides various techniques to protect information that is
present in an unreadable format.
Cryptographic techniques and protocols are used in a wide range of applications such as secure electronic
transactions, secure audio/video broadcasting and secure video conferences.
These secure applications are heavily dependent on various cryptographic services, namely confidentiality,
authentication and data integrity. Based on these cryptographic services, the cryptographic techniques and
protocols are classified in four main regions:
Symmetric Encryption: Symmetric encryption in which identical cryptographic key is used for both
encrypting and decrypting the information. This key in practice must be secret between sender and the receiver
to maintain the secrecy of the information.
Asymmetric Encryption: Asymmetric encryption where two keys are used as a pair. Among these two keys,
one key is used for encryption and the other key is used for decryption of information. In the pair of keys if the
sender uses any one key to encrypt a message the receiver should use another key to decrypt the message.
Data Integrity technique: These technique are used to protect information from alteration during
transmission. Data integrity techniques assure to maintain the accuracy and consistency of information over its
entire life cycle.
Authentication Protocols: These are designed based on the use of cryptographic techniques to authenticate
the identity of the sender. These protocols allow only the valid users to access the resources located on a
server.
Security Trends
Security Trends help to measure the security issues that are relevant to compare and networks. Similarly,
network security is the process of protecting the network resources and transmitted information from
unauthorized users.
The protection afforded to an automated information system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality of information system resources.
This definition introduces three key objectives that are at the heart of computer security:
Privacy: Assures that individuals control or influence what information related to them may be collected
and stored and by whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a specified and authorized
manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly and service is not denied to authorize users.
These three concepts form what is often referred to as the CIA triad. The three embody the fundamental security
objectives for both data and for information and computing services.
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for
protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of
information.
Integrity: Guarding against improper information modification or destruction, including ensuring information
nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption
of access to or use of information or an information system.
Ethical Hierarchy
At the top of the hierarchy are the ethical values professionals share with all human beings, such as
integrity, fairness, and justice.
Being a professional with special training imposes additional ethical obligations with respect to those
affected by his or her work.
General principles applicable to all professionals arise at this level.
Finally, each profession has associated with it specific ethical values and obligations related to the specific
knowledge of those in the profession and the powers that they have to affect others.
Most professions embody all of these levels in a professional code of conduct, a subject discussed
subsequently.
A security-related transformation on the information to be sent. Examples include the encryption of the
message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code
based on the contents of the message, which can be used to verify the identity of the sender.
Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An
example is an encryption key used in conjunction with the transformation to scramble the message before
transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure transmission. For example, a third party may be
responsible for distributing the secret information to the two principals while keeping it from any opponent.
Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity
of a message transmission.
This general model shows that there are four basic tasks in designing a particular security service:
Design an algorithm for performing the security-related transformation. The algorithm should be such that
an opponent cannot defeat its purpose.
Generate the secret information to be used with the algorithm.
Develop methods for the distribution and sharing of the secret information.
Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret
information to achieve a particular security service.
Security Attacks
A useful means of classifying security attacks, used both in X.800 and RFC 4949, is in terms of passive
attacks and active attacks
A passive attack attempts to learn or make use of information from the system but does not affect system
resources. An active attack attempts to alter system resources or affect their operation.
Passive Attack
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to prevent
an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the
contents of messages or other information traffic so that opponents, even if they captured the message,
could not extract the information from the message.
Active attack
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually
includes one of the other forms of active attack.
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect.
Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning
“Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read
confidential file accounts.”
The denial of service prevents or inhibits the normal use or management of communications facilities.
This attack may have a specific target; for example, an entity may suppress all messages directed to a
particular destination.
Security Services
X.800 defines a security service as a service that is provided by a protocol layer of communicating open
systems and that ensures adequate security of the systems or of data transfers.
These services are also divided in five categories.
Authentication
The authentication service is concerned with assuring that a communication is authentic.
In the case of a single message, such as a warning or alarm signal, the function of the authentication service
is to assure the recipient that the message is from the source that it claims to be from.
In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are
involved.
First, at the time of connection initiation, the service assures that the two entities are authentic, that is, that
each is the entity that it claims to be.
Second, the service must assure that the connection is not interfered with in such a way that a third party
can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or
reception.
Two specific authentication services are defined in X.800:
Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association.
Two entities are considered peers if they implement to same protocol in different systems; for example two
TCP modules in two communicating systems. Peer entity authentication is provided for use at the
establishment of, or at times during the data transfer phase of, a connection. It attempts to provide
confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous
connection.
Data origin authentication: Provides for the corroboration of the source of a data unit. It does not provide
protection against the duplication or modification of data units. This type of service supports applications
like electronic mail, where there are no prior interactions between the communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the access to host
systems and applications via communications links.
To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access
rights can be tailored to the individual.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to the content of a
data transmission, several levels of protection can be identified.
The broadest service protects all user data transmitted between two users over a period of time. For
example, when a TCP connection is set up between two systems, this broad protection prevents the release
of any user data transmitted over the TCP connection.
Narrower forms of this service can also be defined, including the protection of a single message or even
specific fields within a message.
These refinements are less useful than the broad approach and may even be more complex and expensive to
implement.
The other aspect of confidentiality is the protection of traffic flow from analysis.
This requires that an attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.
Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or selected fields
within a message. Again, the most useful and straightforward approach is total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages, assures that messages
are received as sent with no duplication, insertion, modification, reordering, or replays.
The destruction of data is also covered under this service. Thus, the connection-oriented integrity service
addresses both message stream modification and denial of service.
On the other hand, a connectionless integrity service, one that deals with individual messages without
regard to any larger context, generally provides protection against message modification only.
Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the
message.
Security Mechanism
The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an
application-layer protocol, and those that are not specific to any particular protocol layer or security
service.
These mechanisms will be covered in the appropriate places in the book. So we do not elaborate now,
except to comment on the definition of encipherment.
X.800 distinguishes between reversible encipherment mechanisms and irreversible encipherment
mechanisms.
Irreversible encipherment mechanisms include hash algorithms and message authentication codes, which
are used in digital signature and message authentication applications.
key being used at the time. The exact substitutions and transformations performed by the algorithm
depend on the key.
Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the secret
key. For a given message, two different keys will produce two different cipher texts. The cipher text is an
apparently random stream of data and, as it stands, is unintelligible.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the cipher text
and the secret key and produces the original plaintext.
This notation indicates that Y is produced by using encryption algorithm E as a function of the plaintext X,
with the specific function determined by the value of the key K. The intended receiver, in possession of the
key, is able to invert the transformation:
X = D (K, Y)
Substitution Techniques
The two basic building blocks of all encryption techniques are substitution and transposition. We
examine these in the next two sections.
Finally, we discuss a system that combines both substitution and transposition. A substitution
technique is one in which the letters of plaintext are replaced by other letters or by numbers or
symbols.1
If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit
patterns with cipher text bit patterns.
Caesar Cipher
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The Caesar cipher
involves replacing each letter of the alphabet with the letter standing three places further down the
alphabet. For example,
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the cipher text letter
C:
C = E (3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E (k, p) = (p + k) mod 26
where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D (k, C) = (C - k) mod 26
If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: simply try all the 25 possible keys. The results of applying this strategy to the example cipher
text. In this case, the plaintext leaps out as occupying the third line.
Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in the plaintext as
single units and translates these units into cipher text diagrams.
The Playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed using a keyword.
In this case, the keyword is monarchy.
The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and
from top to bottom, and then filling in the remainder of the matrix with the remaining letters in alphabetic
order. The letters I and J count as one letter.
Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with
the first element of the row circularly following the last. For example, ar is encrypted as RM.
Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top
element of the column circularly following the last. For example, mu is encrypted as CM.
Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column
occupied by the other plaintext letter. Thus, hs become BP and ea becomes IM (or JM, as the encipherer
wishes).
For one thing, whereas there are only 26 letters, there are 26 * 26 = 676 diagrams, so that identification of
individual diagrams is more difficult.
Furthermore, the relative frequencies of individual letters exhibit a much greater range than that of
diagrams, making frequency analysis much more difficult.
For these reasons, the Playfair cipher was for a long time considered unbreakable.
Hill Cipher
Before describing the Hill cipher, let us briefly review some terminology from linear algebra. In this
discussion, we are concerned with matrix arithmetic modulo 26.
For the reader who needs a refresher on matrix multiplication and inversion.
We define the inverse M-1 of a square matrix M by the equation M(M-1) = M-1M = I, where I is the identity
matrix.
I is a square matrix that is all zeros except for ones along the main diagonal from upper left to lower right.
The inverse of a matrix does not always exist, but when it does, it satisfies the preceding equation. For
example,
To explain how the inverse of a matrix is computed, we begin with the concept of determinant.
For any square matrix (m * m), the determinant equals the sum of all the products that can be formed by
taking exactly one element from each row and exactly one element from each column, with certain of the
product terms preceded by a minus sign. For a 2 * 2 matrix,
We can show that 9-1 mod 26 = 3, because 9 * 3 = 27 mod 26 = 1. Therefore, we compute the inverse of A
as
where C and P are row vectors of length 3 representing the plaintext and cipher text, and K is a 3 * 3
matrix representing the encryption key. Operations are performed mod 26.
For example, consider the plaintext “paymoremoney” and use the encryption key
The first three letters of the plaintext are represented by the vector (15 0 24). Then (15 0 24) K = (303 303
531) mod 26 = (17 17 11) = RRL. Continuing in this fashion, the cipher text for the entire plaintext is
RRLMWBKASPDH.
Decryption requires using the inverse of the matrix K. We can compute det K = 23, and therefore, (det K)-
1 mod 26 = 17. We can then compute the inverse as
This is demonstrated as
It is easily seen that if the matrix K-1 is applied to the cipher text, then the plaintext is recovered.
In general terms, the Hill system can be expressed as
C = E (K, P) = PK mod 26
P = D (K, C) = CK-1 mod 26 = PKK-1 = P
As with Playfair, the strength of the Hill cipher is that it completely hides single-letter frequencies. Indeed,
with Hill, the use of a larger matrix hides more frequency information.
Thus, a 3 * 3 Hill cipher hides not only single-letter but also two-letter frequency information.
Vigenère Cipher
The best known and one of the simplest, polyalphabetic ciphers is the Vigenère cipher. In this scheme, the
set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts of 0 through
25.
Each cipher is denoted by a key letter, which is the cipher text letter that substitutes for the plaintext letter
a. Thus, a Caesar cipher with a shift of 3 is denoted by the key value 3.
We can express the Vigenère cipher in the following manner. Assume a sequence of plaintext letters P = p0,
p1, p2,….., pn-1 and a key consisting of the sequence of letters K = k0, k1, k2,….., km-1, where typically m < n.
The sequence of cipher text letters C = C0, C1, C2,……, Cn-1 is calculated as follows:
Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the second letters are
added, and so on through the first m letters of the plaintext. For the next m letters of the plaintext, the key
letters are repeated.
The process continues until all of the plaintext sequence is encrypted. A general equation of the encryption
process is
In essence, each plaintext character is encrypted with a different Caesar cipher, depending on the
corresponding key character.
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a repeating
keyword. For example, if the keyword is deceptive, the message “we are discovered save yourself” is
encrypted as
The strength of this cipher is that there are multiple cipher text letters for each plaintext letter, one for each
unique letter of the keyword. Thus, the letter frequency information is obscured. However, not all
knowledge of the plaintext structure is lost.
First, suppose that the opponent believes that the cipher text was encrypted using either monoalphabetic
substitution or a Vigenère cipher. A simple test can be made to make a determination.
If a monoalphabetic substitution is used, then the statistical properties of the cipher text should be the same
as that of the language of the plaintext.
Vernam Cipher
The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and
has no statistical relationship to it.
His system works on binary data (bits) rather than letters. The system can be expressed succinctly as
follows
Where
Thus, the cipher text is generated by performing the bitwise XOR of the plaintext and the key. Because of
the properties of the XOR, decryption simply involves the same bitwise operation:
The essence of this technique is the means of construction of the key. Vernam proposed the use of a
running loop of tape that eventually repeated the key, so that in fact the system worked with a very long but
repeating keyword.
Although such a scheme, with a long key, presents formidable cryptanalytic difficulties, it can be broken
with sufficient cipher text, the use of known or probable plaintext sequences, or both.
Transposition Techniques
All the techniques examined so far involve the substitution of a cipher text symbol for a plaintext symbol.
A very different kind of mapping is achieved by performing some sort of permutation on the plaintext
letters. This technique is referred to as a transposition cipher.
The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of rows.
For example, to encipher the message “meet me after the toga party” with a rail fence of depth 2, we write
the following:
MEMATRHTGPRYETEFETEOAAT
This sort of thing would be trivial to cryptanalyze. A more complex scheme is to write the message in a
rectangle, row by row, and read the message off, column by column, but permute the order of the columns.
The order of the columns then becomes the key to the algorithm. For example,
Thus, in this example, the key is 4312567. To encrypt, start with the column that is labeled 1, in this case
column 3. Write down all the letters in that column. Proceed to column 4, which is labeled 2, then column
2, then column 1, then columns 5, 6, and 7.
Steganography
A plaintext message may be hidden in one of two ways. The methods of steganography conceal the
existence of the message, whereas the methods of cryptography render the message unintelligible to
outsiders by various transformations of the text.
A simple form of steganography, but one that is time-consuming to construct, is one in which an
arrangement of words or letters within an apparently innocuous text spells out the real message.
Various other techniques have been used historically; some examples are the following:
Character marking: Selected letters of printed or typewritten text are overwritten in pencil. The marks are
ordinarily not visible unless the paper is held at an angle to bright light.
Invisible ink: A number of substances can be used for writing but leave no visible trace until heat or some
chemical is applied to the paper.
Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is held up
in front of a light.
Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of typing with
the correction tape are visible only under a strong light.
The advantage of steganography is that it can be employed by parties who have something to lose should
the fact of their secret communication (not necessarily the content) be discovered. Encryption flags traffic
as important or secret or may identify the sender or receiver as someone with something to hide.