Module 01

Krishna Sowjanya K
Assistant Professor
Dept. of CSE
Introduction to Network Security

• Measures to deter, detect, correct, and prevent security violations.

• Involving transmission of information.
Introduction to Network Security

• NIST defines Computer Security as:

The protection afforded to an automated information system in

order to attain the applicable objectives of preserving integrity,
availability, and confidentiality of information system resources.
Introduction to Network Security

Three key objectives:

• Confidentiality
• Integrity
• Availability
Confidentiality

Confidentiality: Covers two related concepts

• Data Confidentiality: Assures that private or confidential information

is not made available or disclosed to unauthorized individuals.

• Privacy: Ensures that people have control over the personal

information.
Integrity & Availability

Integrity: Covers two related concepts

• Data Integrity: Assures the information are changed only in a specific
and authorized manner.
• System Integrity: Makes sure that a system works as it should,
without being changed or damaged by accident or on purpose.

• Availability: Assures that systems work promptly and service is not

denied to authorized users.
CIA Triad
• Confidentiality, Integrity and
Availability often referred as
CIA triad.
• Three concepts embody the
fundamental security
objectives for both data and
for information and computing
services
CIA Triad
• Although CIA triad is well established, few additional concepts are
added. Those are:

• Authenticity: The Property of being genuine and being able to be

verified and trusted.
• Accountability: Making sure that every action taken by a user or
system can be traced back to who did it.
CIA Triad
Security Attacks

According to X.800 and RFC2828 standard the security attacks are

categorized into two:
• Passive attacks: Attempts to learn or make use of information but
does not affect system resources.
• Active attacks: Attempts to alter the system resources or affect their
operation
Passive Attacks
Passive Attacks
Active Attacks
Active Attacks
Active Attacks
Active Attacks
Model for Network Security
Model for Network Security
• Design an algorithm for performing the security-related
transformation.
• Generate the secret information to be used with the algorithm.
• Develop methods for the distribution and sharing of the secret
information.
• Specify a protocol to be used by the two principals that makes use of
the security algorithm and the secret information to achieve a
particular security service.
Four basic tasks
• Design an algorithm for performing the security-related
transformation.
• Generate the secret information to be used with the algorithm.
• Develop methods for the distribution and sharing of the secret
information.
• Specify a protocol to be used by the two principals that makes use of
the security algorithm and the secret information to achieve a
particular security service.
Classical Encryption Terminology
• Plaintext: The original message sent.

• Ciphertext: The coded message.

• Encryption or Enciphering: The process of converting a plaintext to

cipher text.

• Decryption or deciphering: The process of restoring plaintext from

the ciphertext.
Classical Encryption Techniques
• Schemes used for encryption constitute of the area cryptography.

• Such scheme is known as cryptographic system or a cipher.

• Cryptanalysis: The process of deciphering a message without any

knowledge of enciphering details.

• Areas of cryptology and cryptanalysis together are called cryptology.

Symmetric Cipher Model
Symmetric Cipher Model

Symmetric Encryption has five ingredients:

• Plaintext
• Encryption Algorithm
• Secret Key
• Ciphertext
• Decryption Algorithm
Symmetric Cipher Model
Symmetric Cipher Model
Cryptography

Cryptographic systems are characterized based on the following:

• Type of operations used for transforming plaintext to cipher text
• Number of Keys used
• The way in which plain text is processed.
Cryptography : Types of operations

• Substitution: Each element in the plaintext (like a letter or a bit) is

replaced with another element.
• Transposition: Elements of the plaintext are rearranged without
changing the actual values.
Cryptography : Types of operations
• Substitution: Each element in the plaintext (like a letter or a bit) is
replaced with another element.
• Plain text : HELLO
• Shift : +3
• Cipher text : KHOOR
Cryptography : Types of operations
• Transposition: Elements of the plaintext are rearranged without
changing the actual values.
• Plain text : HELLO WORLD
• (Write in 4 Columns)
HELL
OWOR
LDXX
• Cipher text : HOL EWD LOX LRX
Cryptography : Number of Keys

• Same Key: If both sender and receiver uses same key then it is
referred to symmetric, single key, secret key or conventional
encryption.

• Different Keys: If sender and receiver uses different keys the system
is referred to asymmetric, two-key, or public key encryption.
Cryptography : Processing of plain text

• Block cipher: Processes the input one block of elements at a time;

produces output for each block.

• Stream cipher: Processes the input elements continuously. Producing

output one element at a time.
Cryptanalysis
• Attacking an encryption is to recover the key rather than plaintext
from ciphertext.

Two approaches:
• Cryptanalysis
• Brute force attack
Cryptanalysis
• Relies on the nature of the algorithm, plain text and some plain
text-cipher text pairs. Depends on the information know to
cryptanalyst.
There are 5 types of cryptanalytic attacks:
• Cipher text only
• Known plain text
• Chosen plain text
• Chosen cipher text
• Chosen text attacks
Cryptanalysis: Ciphertext only
• The opponent/attacker knows the encryption algorithm and
ciphertext.
• A message is intercepted:

• Attacker knows its Ceaser Cipher. Tries all the shifts

Cryptanalysis: Known plain text
• The opponent/attacker knows encryption algorithm, cipher text, one
or more plain text cipher text pairs.
• The attacker knows this:

• Attacker knows its Ceaser Cipher. Tries the shift + 3

Cryptanalysis: Chosen Plain text
• The opponent/attacker knows encryption algorithm, cipher text, plain
text chosen by the attacker.
Cryptanalysis: Chosen cipher text
• The opponent/attacker knows encryption algorithm, cipher text,
cipher text chosen by the attacker and its decrypted plain text.
Cryptanalysis: Chosen Text attack
• It is the combination of chosen plain text and chosen cipher text uses
dynamic plain text and cipher text to learn about the encryption and
decryption.
Brute force attack
• Attacker tries every possible key on cipher text to obtain the plain
text.

• On an average, half of the keys must be tried to achieve success.

• The task of recognizing English should be automated.

Secured System
• An encryption scheme is unconditionally secure if cipher text
generated does not contain enough information to decrypt it.
• Encryption algorithm must have one of the following criteria:
• Cost of breaking the cipher exceeds the value of encrypted
information.
• Time required to break the cipher exceeds the useful lifetime of the
information.
• An encryption scheme is said to be computationally secure if either of
the criteria is met.
Substitution Techniques
• Substitution technique replaces the letters in the plain text by other
letters or numbers or symbols.

Ceaser cipher
• Simplest and oldest encryption technique.
• Named after Julia Ceaser, who used to protect his messages in
military.
Ceaser Cipher

• Involves replacing each letter with letter standing three places up or

down.
Ceaser Cipher
• Alphabet is wrapped around.
Ceaser Cipher
• If each letter is assigned a numerical value:
Ceaser Cipher
• The encryption algorithm is mathematically represented as :
• P is the plain text and C is the cipher text.

• The general Ceaser cipher algorithm is given as

Ceaser Cipher
• The decryption algorithm is mathematically represented as :
• P is the plain text and C is the cipher text.

• Key values ranges from 1 to 25.

• Brute force attack can be performed by trying 25 possibilities.
Ceaser Cipher
Brute force attack : Ceaser Cipher

• Encryption and decryption algorithms are known.

• There are only 25 keys to try.

• Language of the plain text is known and easily recognizable.

Brute force attack : Ceaser Cipher
• In most networking situations the algorithms are known.

• Large keys make brute force method impractical.

• Ex: 3-DES uses 168 bit key, having 2168

• If the language of the plain text is not known , plain output text may
not be recognizable.
Monoalphabetic Ciphers
• Key space can be increased by arbitrary substitution.
• Simplest form of encryption.
• It works by replacing each letter of the plain text with different letter
from alphabet with help of permutation.
• The cipher can be permutation of 26 characters. 26! = 4 x 1026
• Brute force attack is difficult.
• It is vulnerable to frequency analysis.
Monoalphabetic Ciphers

If the message is in English:

• If a cipher shows a letter more, then it is predicted as E.
• Can be used to guess the substitution.
• Cryptanalysis can be done by analyzing the language patterns in
cipher text.
• Relative frequency of letters can be determined and compared to
standard frequency distribution of English.
Monoalphabetic Ciphers
Monoalphabetic Ciphers
Monoalphabetic Ciphers
Monoalphabetic Ciphers

If the message is in English:

• High frequency letters {a, h, I, n, o, r, s}
• Low frequency letters {b, j, k, q, v, x, z}
• Repeated letters can be guessed. {AA, LL, EE,}
• Di-grams can guessed easily.
Monoalphabetic Ciphers

• The frequency of two-letter combinations, known as digrams.

• The most common such digram is th.
• Cipher text has the most common digram ZW, which appears three
times.
• So, we make the correspondence of Z with t and W with h.
Monoalphabetic Ciphers
Monoalphabetic Ciphers
• Earlier hypothesis, we can equate P with e
• Now notice that the sequence ZWP appears in the ciphertext, and we
can translate that sequence as “the.”
• This is the most frequent trigram (three-letter combination) in
English.
• Next, notice the sequence ZWSZ in the first line. We do not know that
these four letters form a complete word, but if they do, it is of the
form th_t. If so, S equates with a.
Monoalphabetic Ciphers
Monoalphabetic Ciphers
Monoalphabetic Ciphers
Monoalphabetic Ciphers

• Easy to break due to frequency analysis.

• Counter measure is to provide multiple substitutions for same
alphabet called homophones.
• Ex: Letter ‘e’ can be assigned a number of different cipher symbol.
• Multiple patterns can reveal the data.
Play Fair Ciphers

• Best known multiple letter encryption.

• Treats di-gram in the plain text as single unit and translates them into
cipher text alphabet.

• It is based on 5 x 5 matrix of letters constructed using a keyword.

Play Fair Ciphers
Play Fair Ciphers

• The matrix is constructed by filling in the letters of keyword (No

duplicates).
• From left to right and from top to bottom.
• Then fill the remainder of the matrix with remaining letters in
alphabetical order.
• Letter I/J are counted as one letter.
Play Fair Ciphers
Plain text is encrypted two letters at a time with the following rules:
• Repeating letters in the plain text are separated with filler such as X.
• If both letters of plain text are in same row, then it is replaced by
letter to right.
• If both letters of plain text are in same column, then it is replaced by
letter beneath it.
• Otherwise, each plain text letter in a pair is replaced by the letter’s
row and the column of other letter.
Play Fair Ciphers

1. TOO – TO XO
2. AR -
3. MU –
4. BP –
Play Fair Ciphers

1. TOO – TO XO
2. AR - RM
3. MU – CM
4. BP – IM/JM
Play Fair Ciphers

1. Encrypt BALLOON
Play Fair Ciphers

1. Encrypt BA LX LO ON – IB SU PM NA
Play Fair Ciphers

• Ceaser cipher changes on letter a time. It’s easy to do frequency

analysis.
• Play fair replaces two letters at a time.
• 26 letters has 26 x 26 = 676 possibilities.
• Used as standard field system by British Army in World war I.
• Used by US Army during World War II.
Polyalphabetic Ciphers : Vigenère Cipher
• Best known and one of the simplest polyalphabetic cipher.
• Vigenère Cipher is expressed as follows:
• A plain text is represented as:

• A key containing sequence of letters is represented as:

Polyalphabetic Ciphers : Vigenère Cipher
• A sequence of cipher text is represented as:

• The Cipher text is calculated as follows:

Polyalphabetic Ciphers : Vigenère Cipher

• First letter of plain text is added to first letter of key.

• The second letter of plain text to second letter of key and so on.
• Once the key is finished, it is repeated again for the remaining letters
of the plain text.
• This process is continued until the plain text sequence is encrypted.
Polyalphabetic Ciphers : Vigenère Cipher
• The general form of encryption is given as:

• The general form of decryption is given as:

• Once the key is finished, it is repeated again for the remaining letters
of the plain text.
Polyalphabetic Ciphers : Vigenère Cipher
Polyalphabetic Ciphers : Vigenère Cipher
Polyalphabetic Ciphers : Vigenère Cipher
Vigenère Cipher : Advantages
• In monoalphabetic cipher, each letter in plain text always become
same cipher text.
• Easy to perform frequency analysis.

• In Vigenère cipher, same plain text can be turned into different

ciphertext.
• Scrambles the frequency patterns.
Vigenère Cipher : How to break it??
• Attacker observes if it is monoalphabetic or Vigenère cipher:
• Monoalphabetic: Letter frequency looks normal.
• Vigenère cipher: Letter frequency is more flat or scrambled.

• After identifying the Vigenère cipher, the attacker finds the keyword
length.
• If two identical sequences of letters appear exactly N characters
apart, key length can be found.
Vigenère Cipher : How to break it??
• Once the key length m is found, then the cipher can be broken down
as m separate ciphers.

Possible Solution:
• Repeated nature of the key can be eliminated by using non repeating
keyword that is as long as the plain text. Autokey system
Polyalphabetic Ciphers : Vernam Cipher
• Cipher introduced by AT & T engineer named Gilbert Vernam in 1918.

• Main objective is to choose keyword that is as long as the plain text.

• The key and plain text should not have any statistical relationship to
it.

• This technique works on binary data (0’s and 1’s).

Polyalphabetic Ciphers : Vernam Cipher
• Encryption is mathematically expressed as:
Polyalphabetic Ciphers : Vernam Cipher
• Decryption is mathematically expressed as:

• Important factor is the construction of the key.

• Long key with repetition.
• Difficult to predict but not breakable.
Polyalphabetic Ciphers : Vernam Cipher
Polyalphabetic Ciphers : One-Time Pad
• Improvement of Verman cipher, proposed by Army Signal Corp
Officer Joseph Mauborgne.

• Suggested to use a key that is as long as the plain text.

• Key is not repeated.

• Key is used to encrypt and decrypt the message for one time and
then it is discarded.
Polyalphabetic Ciphers : One-Time Pad
• Each message requires a new key of the same length as the new
message.

• Works same as the Vigenère cipher with long key [modulo 26].

• If cryptanalyst finds two keys, the two possible plain text can be
produced.
Polyalphabetic Ciphers : One-Time Pad
One-Time Pad : Advantages
• If key length is same as plain text, then the exhaustive search can end
up with many legible plain text.

• The security is due to the randomness of the key

One-Time Pad : Challenges
• Producing large quantities of random keys can be difficult.

• Key distribution and protecting is also difficult.

Steganography
• Cryptography: Representing the message in unintelligible way to
outsiders by various transformations.

• Steganography: Hiding the existence of the message.

Steganography is a way of hiding the secret message inside a normal

text by arranging the words or letters in special way.
Steganography
Steganography Techniques
Character Making:
• Selected letters of printed or type written text are overwritten in
pencil.
• Marks are visible if the paper is held at an angle to bright light.

Invisible Ink:
• Secret message is written with the invisible ink.
• It will be visible only when some heat or some chemical is applied to
the paper.
Steganography Techniques
Pin Punctures:
• Small pin punctures on selected letters that are not visible unless the
paper is held in front of the light.

Type writer correction ribbon:

• Used between lines typed with a black ribbon, which is visible only
under a strong light.
Steganography Techniques
• Used to hid the message in Least Significant Bits (LSB) of an image.
• The change of LSB does not affect the picture quality.

• Advantage: Hides the fact that you’re even communicating secretly at

all.

• Find1the2secret3message.
Steganography Disadvantages
• Requires a lot of overhead to hide a few bits of information.

• Once the system is discovered, all the information is out.

• Often steganography is combined with encryption such that, the data

is first encrypted and then hidden using steganography.
Traditional Block Cipher Structure
• Many symmetric algorithms are based on a structure refers to Feistel
Block Cipher.

Ciphers can be of two types:

• Stream Cipher: Encrypts the data one bit or one byte at a time. If key
stream is random, then this cipher is unbreakable.
• Block Cipher: Encrypts the plaintext as a whole and used to produce a
cipher block of same length.
Stream Cipher
• Stream Cipher: Encrypts the data one bit or one byte at a time. If key
stream is random, then this cipher is unbreakable.

• Key stream must be provided to both the users.

• Uses a small key to generate the key stream.

• Ex: Vigenère Cipher, Vernam Cipher

Stream Cipher
Block Cipher
• Block Cipher: Encrypts the plaintext as a whole and used to produce a
cipher block of same length.

• Typically block size is 64 bits or 128 bits.

• Mostly widely used and are applicable for a range of applications.

Block Cipher
Feistel Cipher Structure
• A block cipher operates on a plaintext block of n-bits to produce
cipher text block of n-bits.

• There are 2n possible plain text combinations.

• Each combination must produce unique cipher text.

• Such transformation is called reversible or non-singular.

• The number of different transformation can be (2n)!
Feistel Cipher Structure
Ideal Block
Cipher
Ideal Block Cipher
• A 4-bit input produces one of the possible 16 possible output states.

• Mapped by the substitution cipher.

• Each input is represented with 4-bit cipher text.

• The cipher text and its corresponding plain text is obtained by the
wiring of the encoder.
Ideal Block Cipher
• Plain text 0000 goes through the wiring and becomes cipher text
1110.
• Mapping the input to the output is the “key”.
• Key determines the specific mappings.
• Key length
• Generic length of the block cipher of n-bit is
 Ideal Block Cipher

• xi -> Input bits

• yi - > Cipher text bits
• kij -> Binary co-efficient and arithmetic mod 2
Ideal Block Cipher
Ideal Block Cipher
The Fiestel Cipher
• Fiestel proposed an “ideal block cipher” known as “product cipher”.

• It is the combination of several simple ciphers in a sequence, one

after the other.

• Results in cryptographically stronger cipher.

• Develop a block cipher with key length k, and block length of n bits
allowing 2k possible transformations.
The Fiestel Cipher

Fiestel proposed the cipher having two properties:

• Substitution: Each plaintext element or group of elements is uniquely
replaced by a corresponding ciphertext element or group of
elements.
• Permutation: A sequence of plaintext elements is replaced by a
permutation of that sequence. That is, no elements are added or
deleted or replaced in the sequence
The Fiestel Cipher

Practical application of a proposal by Claude Shannon:

• Confusion: Making the relationship between the key and the cipher
very complicated. A small change in the key should result a big and
unpredictable change in cipher text.
• Diffusion: Spread the influence of each input bit across many output
bits. A small change in plain text should cause big change in cipher
text. Diffuses the information such that the patterns disappear.
The Fiestel Cipher
The Fiestel Cipher
• The inputs to the encryption algorithm are a plaintext block of length
2w bits and a key K.
• The plaintext block is divided into two halves, LE0 and RE0.
• The two halves of the data pass through n rounds of processing.
• Then combine to produce the ciphertext block.
• Each round i has as inputs LEi-1 and REi-1 derived from the previous
round, as well as a subkey Ki derived from the over all K.
• In general, the subkeys Ki are different from K and from each other.
The Fiestel Cipher
• All rounds have the same structure.
• A substitution is performed on the left half of the data.
• This is done by applying a round function F to the right half of the
data and then taking the exclusive-OR of the output of that function
and the left half of the data.

• Substitution is followed by a permutation that interchanges the two

halves of the data.
The Fiestel Cipher Parameters
• Block Size: Larger block sizes mean greater security. Reduced
encryption/decryption speed for a given algorithm.
• Traditional block size is 64-bit. AES uses 128-bit block size.

• Key Size: Larger key size means greater security but may decrease
encryption/ decryption speed.
• Usual size is 64 bits or less are now widely considered to be
inadequate, and 128 bits has become a common size.
The Fiestel Cipher Parameters
• Number of Rounds: A typical size is 16 rounds.

• Subkey generation Algorithm: Greater complexity leads to greater

difficulty in cryptanalysis.

• Round Function F: Greater complexity leads to greater difficulty in

cryptanalysis.
Fiestel Decryption Algorithm
• Process of decryption is same as the encryption algorithm.
• Use the ciphertext as input to the algorithm.
• The subkeys Ki in reverse order.
The Data Encryption Standard
• Data Encryption Standard (DES) was the most widely used encryption
scheme.
• DES was issued in 1977 by the National Bureau of Standards, now the
National Institute of Standards and Technology (NIST), as Federal
Information Processing Standard 46 (FIPS PUB 46).
• The algorithm itself is referred to as the Data Encryption Algorithm
(DEA).
• For DEA, data are encrypted in 64-bit blocks using a 56-bit key.
The Data Encryption Standard
• The algorithm transforms 64-bit input in a series of steps into a 64-bit
output.
• The same steps, with the same key, are used to reverse the
encryption.
• Over the years, DES became the dominant symmetric encryption
algorithm, especially in financial applications.
• In 1994, NIST reaffirmed DES for federal use for another five years.
• NIST recommended the use of DES for applications other than the
protection of classified information.
The Data Encryption Standard
• In 1999, NIST issued a new version of its standard (FIPS PUB 46-3)
that indicated that DES should be used only for legacy systems.
DES Encryption

There are two inputs to the encryption function:

• The plaintext to be encrypted .
• The key.

• The plaintext must be 64 bits in length and the key is 56 bits in length.
DES Example
The Avalanche Effect

• A desirable property of any encryption algorithm is that a small

change in either plain text or key should produce a significant change
in the ciphertext.
• This is Avalanche Effect.
The Strength of DES

Use of 56-Bit Keys:

• With a key length of 56 bits, there are 256 possible keys which is
approximately 7.2 X 1016.
• Super computer technology has a rate of 1013 encryptions per
second.
The Strength of DES

Nature of the Algorithm:

• Works by repeatedly mixing up the data using Substitution tables
called S-boxes.
• These S-boxes are like small lookup tables that take some input bits
and replace them with other bits in a complex way.
Block Cipher Design Principles
• Modern block ciphers are stronger, but their core principles haven’t
changed much since the work of Feistel and DES design.

The three critical aspects of block cipher design:

• The Number of rounds
• Design of Function F
• Key Scheduling
Block Cipher Design Principles
• The Number of rounds: Greater the number of rounds, more difficult
it is to perform cryptanalysis even with weak F.
• Rounds should be chosen such that the attack will be difficult.

• Design of Function F: Heart of a Feistel block cipher is the function F.

• Provides confusion such that it scrambles the data in a way that’s
hard to undo.
Block Cipher Design Principles

Design of Function F:
• Should have a good avalanche properties.
• Change in one bit should change many bits in cipher text.
• Strict Avalanche Criterion (SAC) : Any change in one bit then each
output bit should have a 50% chance of flipping.
• Bit Independence criteria (BIC) : Any change in one input bit, the
output bit change should be independent of each other.
Block Cipher Design Principles

Key Schedule Algorithm:

• With any Feistel block cipher, the key is used to generate one subkey
for each round.
• Subkeys are selected to maximize the difficulty of deducing individual
subkeys.
• Adams suggests that the key schedule should guarantee Strict
Avalanche Criterion and Bit Independence Criterion.