Department of Computer science and Engineering

Cryptography and Network Security Notes

Module 01:
Computer and Network Security Concepts
Cryptography: Cryptography is a technique of securing information and
communications using codes to ensure confidentiality, integrity and authentication. Thus,
preventing unauthorized access to information. The prefix "crypt" means "hidden" and the
suffix "graphy" means "writing". In Cryptography, the techniques that are used to protect
information are obtained from mathematical concepts and a set of rule-based calculations
known as algorithms to convert messages in ways that make it hard to decode them.

Features Of Cryptography:
 Department of Computer science and Engineering

1. Confidentiality: Information can only be accessed by the person for whom it is

intended and no other person except him can access it.
2. Non-repudiation: The creator/sender of information cannot deny his intention to send
information at a later stage.
3. Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
4. Adaptability: Cryptography continuously evolves to stay ahead of security threats and
technological advancements.
5. Interoperability: Cryptography allows for secure communication between different
systems and platforms.
6. Authentication: The identities of the sender and receiver are confirmed. As well
destination/origin of the information is confirmed.

Network Security:
A Model for Network Security
A model for network security helps us understand the essential components of a secure
communication system. It addresses how to deter, prevent, detect, and correct security
violations involving the transmission and storage of information.
The model involves two parties, a
sender and a recipient, who communicate over an information channel. An
opponent may try to compromise this communication. To protect the message, two main
components are used:
1. Security-Related Transformation: The message is transformed before it's sent,
making it unreadable to the opponent. This is typically achieved through an
encryption algorithm.
2. Secret Information: The two parties share secret information, like an encryption key,
which is used in the transformation. This key is hopefully unknown to the opponent.
A trusted third party may also be involved to securely distribute the secret information (like
keys) to the sender and recipient.
A diagram showing a sender and recipient, a secure channel, an opponent, and a trusted third
party distributing secret information.
 Department of Computer science and Engineering

Network access security model:

A network access security model works by using a combination of technologies and policies
to control who can access network resources, ensuring data confidentiality, integrity, and
availability. Key components include authentication (verifying user/device
identity), authorization (defining access rights), encryption (securing data in transit and at
rest), firewalls (filtering network traffic), intrusion detection/prevention systems (monitoring
for malicious activity), and network access control (NAC) (enforcing security policies on
devices). Modern models, like Zero Trust, operate on the principle that no user or device is
trusted by default, requiring continuous verification before granting limited access.
Key Components
1. Authentication: Verifies the identity of users and devices using methods like
usernames/passwords, multi-factor authentication (MFA), biometrics, or digital
certificates.
 Department of Computer science and Engineering
2. Authorization: Determines what authenticated users and devices are permitted to do
on the network, often using roles or attribute-based access control.
3. Encryption: Converts data into an unreadable format during transmission (e.g., using
SSL/TLS) and storage (e.g., using AES).
4. Firewalls: Act as gatekeepers, regulating network traffic by applying specific security
rules to block unauthorized access and threats.
5. Intrusion Detection and Prevention Systems (IDPS): Monitor network activity for
unusual behaviour and automatically block or flag potential threats.
6. Network Access Control (NAC): Enforces organizational security policies, assessing
the security posture of devices (e.g., up-to-date antivirus software) before granting
network access.
7. Network Segmentation: Divides a network into smaller, isolated segments, limiting
the potential impact of a security breach.

Symmetric Cipher Model:

A symmetric cipher model encrypts and decrypts messages using the same secret key,
transforming plaintext into an unreadable ciphertext using an encryption algorithm, and
then reversing the process with a decryption algorithm to recover the original plaintext. A
shared secret key, which must be kept confidential and securely distributed between the
sender and receiver, is central to this "single-key" or "conventional" encryption process.
 Department of Computer science and Engineering

Components of the Symmetric Cipher Model

1. Plaintext: The original, understandable message that needs to be secured.
2. Encryption Algorithm: The mathematical process that transforms the plaintext into
ciphertext, using the secret key.
3. Secret Key: A unique piece of data, shared by the sender and receiver, that is essential
for both encryption and decryption.
4. Ciphertext: The scrambled, unintelligible form of the plaintext, produced by the
encryption algorithm.
5. Decryption Algorithm: The process that reverses the encryption, using the same secret
key to convert the ciphertext back into the original plaintext.
How it Works
1. Encryption: The sender inputs the plaintext and the shared secret key into the
encryption algorithm to produce ciphertext.
2. Transmission: The ciphertext is then transmitted to the receiver through a channel.
3. Decryption: The receiver uses the same shared secret key and the decryption
algorithm to convert the ciphertext back into the original plaintext.
Key Requirements
 Strong Encryption Algorithm: The algorithm must be robust enough to prevent an
opponent from breaking the ciphertext and recovering the plaintext or key.
 Secure Key Distribution: A secure method is required to transmit the secret key to the
receiver without it being intercepted.
 Confidentiality of the Key: Keeping the secret key secure is the most critical aspect of
symmetric encryption, as an attacker gaining access to the key can compromise the
entire communication

Cryptanalysis
Definition: The art and science of breaking encrypted messages or systems to retrieve
the original plaintext without the secret key.
Goal: To find weaknesses or vulnerabilities in the encryption scheme.
 Methods:
Frequency Analysis: Studying patterns in the ciphertext to infer plaintext by
analysing the frequency of letters or symbols.
Differential and Linear Cryptanalysis: Advanced mathematical techniques that
analyse relationships within the cryptosystem to discover patterns and weaknesses.
 Department of Computer science and Engineering
Applications:
Used by hackers to carry out cybercrimes, by governments to intercept other nations'
communications, and by cybersecurity firms to test their own security features.

Brute Force Attack

Definition: A type of cryptanalytic attack where an attacker tries every possible key or
password until the correct one is found.
Mechanism: An automated system systematically submitting all potential keys to decrypt a
message.
When it's used:It's a fallback method, sometimes used when cryptanalysis fails to reveal a
weakness, but it can be impractical for strong, long keys.

Substitution Techniques:
1. Caesar Cipher: The Caesar Cipher is one of the simplest substitution ciphers. Each
letter of the plaintext is substituted by another letter that is a fixed number of positions
down the alphabet. This fixed number is the secret key.
Process: To encrypt, you "shift" each letter of the plaintext by the agreed-upon key.
For example, with a key (shift) of 3, the letter 'A' becomes 'D', 'B' becomes 'E', and so
on.
2. Monoalphabetic Cipher: In this type of cipher, the relationship between a plaintext
letter and its corresponding ciphertext letter is fixed throughout the entire message.
The Caesar Cipher is a classic example. While an improvement over a simple shift,
these ciphers are vulnerable to frequency analysis, where attackers analyze the
frequency of letters in the ciphertext to deduce the key.
3. Playfair Cipher is a more complex substitution technique that encrypts pairs of
letters (digraphs) instead of single letters. This makes it more difficult to break than a
simple monoalphabetic cipher. Mechanism: The cipher uses a 5x5 grid generated
from a secret keyword. The grid is filled with the unique letters of the keyword,
followed by the remaining letters of the alphabet (with I and J typically combined).
Plaintext is broken into pairs of letters, and these pairs are encrypted based on their
positions within the key grid.
 Encryption Rules:
 If two letters are in the same row, they are replaced by the letters to their
immediate right (wrapping around if necessary).
 If two letters are in the same column, they are replaced by the letters
immediately below them (wrapping around if necessary).
 If the letters form a rectangle, they are replaced by the letters on the same row
but at the opposite corner of the rectangle.
4. Hill Cipher : Hill Cipher is a polygraphic substitution cipher from classical
cryptography that uses linear algebra to encrypt blocks of multiple letters at once.
Developed by Lester S. Hill in 1929, its main advantage is that it can obscure single-
letter frequencies, making it more resistant to simple frequency analysis than ciphers
that encrypt one letter at a time.
 Department of Computer science and Engineering

How It Works
The core of the Hill Cipher is a key matrix, which is a square matrix of integers. The size
of this matrix (e.g., 2x2 or 3x3) determines the block size of the plaintext letters to be
encrypted.
Encryption Process
Convert Letters to Numbers: Plaintext letters are converted to their numerical equivalents
(A=0, B=1, C=2, ..., Z=25).
Group into Vectors: The sequence of numbers is grouped into vectors (or column
matrices) with a size matching the key matrix. For a 2x2 key, the plaintext is grouped into
pairs.
Matrix Multiplication: Each plaintext vector is multiplied by the key matrix. The result is
taken modulo 26 to ensure the output remains within the range of the alphabet.
The formula is: C = (K * P) mod 26
C is the ciphertext vector.
K is the key matrix.
P is the plaintext vector.
Convert Numbers to Letters: The numbers in the resulting ciphertext vector are converted
back to letters to form the final ciphertext.
Example: Encryption
Let's encrypt the plaintext "HELP" using a 2x2 key matrix: K= (3235)
Convert: H=7, E=4, L=11, P=15.
Group: The plaintext is grouped into two vectors: (74) (for HE) and (1115) (for LP).
Encrypt the first block ("HE"): (3235) (74) = ((3∗7+3∗4) (2∗7+5∗4)) = (3334)
Now, take the result modulo 26: (33mod2634mod26) = (78)
Convert: 7 → H, 8 → I. The first part of the ciphertext is HI.
Encrypt the second block ("LP"): (3235) (1115) = ((3∗11+3∗15) (2∗11+5∗15)) = (7897
)
Now, take the result modulo 26: (78mod2697mod26) = (019)
Convert: 0 → A, 19 → T. The second part of the ciphertext is AT.
The final ciphertext for "HELP" is HIAT.
 Ciphertext: HIAT
 Department of Computer science and Engineering
 Key Matrix (K): (3235)
 Decryption Formula: P = (K⁻¹ * C) mod 26

Step 1: Find the Inverse of the Key Matrix (K⁻¹)

To decrypt, we first need to find the inverse of the key matrix, K−1.
1a. Calculate the Determinant
The determinant of a 2x2 matrix (acbd) is (ad−bc).
det(K) = (3×5) −(3×2) =15−6=9
1b. Find the Multiplicative Inverse of the Determinant (mod 26)
We need to find a number that, when multiplied by the determinant (9), equals 1 modulo
26. We are looking for x in the equation: (9×x) mod26=1.
By testing values, we find that 9×3=27. And 27mod26=1. So, the multiplicative inverse of
9 (mod 26) is 3.
1c. Find the Inverse Matrix
The formula for the inverse matrix is: K−1 = (determinant inverse) ×(d−c−ba) mod26
Applying this to our key: K−1=3 × (5−2−33) mod26
Multiply each element by 3: K−1 = (15−6−99) mod26
Convert the negative numbers to their positive equivalents in modulo 26 (by adding 26):
 -9 mod 26 = 17
 -6 mod 26 = 20
So, the final inverse key matrix is: K−1 = (1520179)
Step 2: Decrypt the Ciphertext
Now we use the inverse matrix K−1 to decrypt the ciphertext HIAT.
1. Convert: H=7, I=8, A=0, T=19.
2. Group: The ciphertext is grouped into two vectors: (78) (for HI) and (019) (for AT).
2a. Decrypt the first block ("HI")
P = (1520179) (78) = ((15∗7+17∗8) (20∗7+9∗8)) = ((105+136) (140+72)) = (241212)
Now, take the result modulo 26: (241mod26212mod26) = (74)
Convert: 7 → H, 4 → E. The first part of the plaintext is HE.
2b. Decrypt the second block ("AT")
 Department of Computer science and Engineering
P =(1520179)(019) = ((15∗0+17∗19) (20∗0+9∗19)) = (323171)
Now, take the result modulo 26: (323mod26171mod26) = (1115)
Convert: 11 → L, 15 → P. The second part of the plaintext is LP.

Polyalphabetic Cipher: To counter frequency analysis, polyalphabetic ciphers use

multiple substitution alphabets. The cipher alphabet used for substitution changes at
different points in the encryption process, often determined by a keyword. This means a
single plaintext letter can be encrypted to different ciphertext letters depending on its
position in the message. The Vigenere cipher is a well-known example of this technique.

The One-Time Pad: Unbreakable Encryption and Its Practical ...A one-time pad
(OTP) is a theoretically unbreakable symmetric encryption technique that uses a truly
random, single-use key of the same length as the message to encrypt it, typically via
XOR or modular arithmetic.

Steganography:
Steganography is the practice of concealing information. It involves hiding data
within an ordinary, non-secret file or message to prevent detection. The hidden
information is being extracted at the receiving end. Often, steganography is combined
with encryption to add an extra layer of security for the hidden data. With the help of
Steganography, we can hide any digital content virtually like text, image, videotape,
etc.
The term "steganography" is derived from the Greek word "steganos" which means
"hidden or covered" and "graph" means "to write." It has been in use for centuries.
For example, in ancient Greece, people carved messages onto wood and covered them
with wax to hide it. Similarly, Romans used different types of invisible inks which
could be revealed when exposed to heat or light.
 Department of Computer science and Engineering
Techniques Historically, various physical techniques have been used to
implement steganography:
 Character Marking: This method involves overwriting selected letters of a printed or
typewritten text with a pencil. The marks are typically not visible unless the paper is
held at an angle to a bright light.
 Invisible Ink: A message is written using substances that leave no visible trace. The
writing only becomes visible when heat or a specific chemical is applied to the paper.
 Pin Punctures: Small pin punctures are made on selected letters. These punctures are
usually not noticeable unless the paper is held up in front of a light source.

Typewritten Correction Ribbon: A correction ribbon is used between the lines of text
typed with a standard black ribbon. The hidden message typed with the correction
tape can only be seen under a strong light.

Traditional Block Cipher

Strem Cipher and Block cipher:
 Department of Computer science and Engineering

Block Cipher (e.g., in ECB mode): A block cipher processes data in fixed-size
chunks called blocks. The algorithm takes a block of plaintext (e.g., 64 or 128 bits) as input
and produces a corresponding block of ciphertext as output. The Data Encryption Standard
(DES) is a well-known example of a block cipher.

Plaintext: [Block 1] [Block 2] [Block 3]

Key -----> [Encrypt] [Encrypt] [Encrypt]

Ciphertext: [Block 1] [Block 2] [Block 3]

Stream Cipher:
A stream cipher, in contrast, processes the input data continuously, one element at a time
(often bit by bit or byte by byte). It generates a keystream, which is then combined with the
plaintext, typically using an XOR operation, to produce the ciphertext. RC4 is a common
example of a stream cipher.

Plaintext: P1 P2 P3 P4 P5 P6 ...

Keystream: K1 K2 K3 K4 K5 K6 ... (Generated from Key)

XOR Operation: ⊕ ⊕ ⊕ ⊕ ⊕ ⊕

Ciphertext: C1 C2 C3 C4 C5 C6 ...
 Department of Computer science and Engineering
Feistel Cipher
Feistel Cipher model is a structure or a design used to develop many block ciphers such as
DES. Feistel cipher may have invertible, non-invertible and self invertible components in its
design. Same encryption as well as decryption algorithm is used. A separate key is used for
each round. However same round keys are used for encryption as well as decryption.
Feistel cipher algorithm
 Create a list of all the Plain Text characters.
 Convert the Plain Text to Ascii and then 8-bit binary format.
 Divide the binary Plain Text string into two halves: left half (L1)and right half (R1)

 Generate a random binary keys (K1 and K2) of length equal to the half the length of
the Plain Text for the two rounds.
 Department of Computer science and Engineering

First Round of Encryption

 a. Generate function f1 using R1 and K1 as follows:f1= xor(R1, K1)
 b. Now the new left half(L2) and right half(R2) after round 1 are as follows:
R2= xor(f1, L1)
L2=R1

Second Round of Encryption

 Department of Computer science and Engineering
 a. Generate function f2 using R2 and K2 as follows:
f2= xor(R2, K2)
 b. Now the new left half(L3) and right half(R3) after round 2 are as follows:
R3= xor(f2, L2)
L3=R2
 Concatenation of R3 to L3 is the Cipher Text
 Same algorithm is used for decryption to retrieve the Plain Text from the Cipher Text.
The exact realization of a Feistel network depends on the choice of the following:
 Block Size: Larger block sizes mean greater security but reduced
encryption/decryption speed for a given algorithm. Block sizes of 64 bits and 128 bits
are commonly used.
 Key Size: Larger key size means greater security because of higher resistance against
brute-force attack and also greater confusion. But, this may decrease
encryption/decryption speed. Key sizes of 64 bits or less are widely considered
inadequate now.
 Number of rounds: The essence of the Feistel Cipher is that a single round offers
inadequate security and that multiple rounds can offer higher security. So, appropriate
number of rounds have to be decided while designing an encryption scheme so as to
strike a balance between security offered and performance speed of the scheme.
 Subkey generation algorithm: Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis.
 Round Function: Greater complexity of round function generally means greater
resistance against cryptanalysis.

The Data Encryption Standards

 Department of Computer science and Engineering

Data Encryption Standard (DES) is a symmetric block cipher. By 'symmetric', we mean that
the size of input text and output text (ciphertext) is same (64-bits). The 'block' here means
that it takes group of bits together as input instead of encrypting the text bit by bit. Data
encryption standard (DES) has been found vulnerable to very powerful attacks and therefore,
it was replaced by Advanced Encryption Standard (AES).
 It is a block cipher that encrypts data in 64 bit blocks.
 It takes a 64-bit plaintext input and generates a corresponding 64-bit ciphertext
output.
 The main key length is 64-bit which is transformed into 56-bits by skipping every 8th
bit in the key.
 It encrypts the text in 16 rounds where each round uses 48-bit subkey.
 This 48-bit subkey is generated from the 56-bit effective key.
 The same algorithm and key are used for both encryption and decryption with minor
changes.
The encryption starts with a 64-bit plaintext that needs to be encrypted using a 64-bit key.
Plaintext is passed to Initial Permutation function and key is permuted using Permuted
Choice 1 (PC-1).

The Strength of DES

Nature of the DES Algorithm
DES is a symmetric block cipher that operates on 64-bit blocks of plaintext. Its architecture
is based on a
Feistel network. The encryption process involves the following stages:
 An initial permutation (IP) is performed on the 64-bit data block.
 The data then undergoes
16 identical rounds of complex operations, including substitutions (using S-boxes) and
permutations (bit-shuffling). Each round uses a unique 48-bit subkey derived from the main
key.
 After the 16th round, the two 32-bit halves of the data are swapped.
 A final permutation, which is the inverse of the initial one, is performed to produce
the 64-bit ciphertext.
The decryption process is identical, except the round subkeys are applied in the reverse order.
Timing Attacks
 Department of Computer science and Engineering
A timing attack is a side-channel attack where an adversary analyzes the time taken to
execute cryptographic operations to uncover the secret key. The operations in DES—
permutations,

substitutions via S-boxes, and XORs—are designed to take a constant amount of time
regardless of the key or data being processed. As a result, DES is
not generally considered vulnerable to timing attacks, as there are no significant timing
variations for an attacker to exploit. The primary attacks against DES are mathematical, such
as differential cryptanalysis, and brute-force attacks.
Use of 56-bit Keys
The
56-bit key size is the most significant and defining weakness of DES.
 Vulnerability to Brute-Force Attacks: With a 56-bit key, there are 256
(approximately 72 quadrillion) possible keys. While this number is large, modern
computing power makes it feasible to try every possible key until the correct one is
found. This is known as a
brute-force attack and is the primary reason single DES is now considered insecure.

Block cipher design principles

 Design Controversy: The key size was a point of controversy from the beginning.
The predecessor to DES, an IBM cipher called LUCIFER, used a 128-bit key. This
was reduced to 56 bits during the final design of DES, leading to speculation that the
key was deliberately weakened.
The design of a secure and efficient block cipher involves a careful balance between
security, performance, and complexity. The core principles guiding this design are based
on the concepts of confusion and diffusion, which aim to obscure the relationship
between the key and the ciphertext.
Key design principles include:
 Block Size: This determines the fixed-size chunk of plaintext that the cipher operates
on. Larger block sizes, such as 128 bits, can offer greater security against certain
attacks. However, they may also reduce the cipher's speed.
 Key Size: This is the length of the secret key used for encryption. A larger key size
provides stronger security by making brute-force attacks (trying every possible key)
computationally infeasible. The trade-off is that a larger key may slow down the
cipher.
 Number of Rounds: Block ciphers operate through multiple rounds of substitution
and permutation. Increasing the number of rounds significantly enhances security
 Department of Computer science and Engineering
against analytical attacks like differential and linear cryptanalysis. However, more
rounds lead to a slower encryption process.
 Subkey Generation Algorithm: The algorithm that generates the unique subkeys for
each round from the main key should be complex. A complex generation process
makes it harder for cryptanalysts to deduce the main key, but it can also slow down
the cipher.

 Round Function (F): The round function is the heart of the cipher, providing non-
linearity through operations like substitutions (S-boxes). A more complex and well-
designed round function makes the cipher more resistant to analysis, though it may
reduce performance.