Cryptography and Network Security

ECE 4013

Dr. R.K.Mugelan,
Assistant Professor (Sr),
SENSE, VIT
Course Objectives

 To acquaint students with the basic concepts in security

mechanism, classical and traditional Encryption techniques.

 To teach students the significance of message authentication

and digital signature in cryptography.

 To acquaint the students to the different types of network

security and its significance.

2 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Course Outcomes

 CO 1: Comprehend and analyze OSI Security Architecture and Symmetric

Key Encryption.
 CO 2: Comprehend the various mathematic techniques in cryptography
including number theory, Finite Field, Modulo operator and
Discrete Logarithm.
 CO 3: Ability to analyse block ciphers, Data Encryption Standard (DES),
Advanced Encryption Standard (AES) and public key cryptography.
 CO 4: Ability to analyse Diffie-Hellman key exchange, ElGamal
Cryptosystem in asymmetric key cryptosystem.
 CO 5: Comprehend the various types of data integrity and authentication
schemes.
 CO 6: Comprehend the various network security mechanism

3 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Modules
 Module 1: Classical Encryption Techniques

 Module 2: Mathematical Foundations

 Module 3: Symmetric Ciphers

 Module 4: Asymmetric Ciphers

 Module 5: Data Integrity

 Module 6: Mutual Trust

 Module 7: Network Security

 Module 8: Contemporary Issues

4 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Text Books and Reference Books

 William Stallings, "Cryptography and Network security:

Principles and Practice", 5th Edition, 2014, Pearson Education,
India.

 Behrouz A.Forouzan : Cryptography & Network Security – The

McGraw Hill Company, 2010.

 Christof Paar and Jan Pelzl, “Understanding Cryptography – A

Textbook for Students and Practitioners”, Springer, 2014.

5 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Classical Encryption Techniques

MODULE-1
Topics

 Introduction

 Security Services and Mechanisms

 Classical Encryption Techniques

7 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Introduction
Human being from ages had two inherent needs:
 To communicate and share information
 To communicate selectively
These two needs gave rise to the art of coding the
messages
 The art and science of concealing the messages to introduce secrecy
in information security is recognized as cryptography.

 The word ‘cryptography’ was coined by combining two Greek

words,‘Krypto’ meaning hidden and ‘graphene’ meaning writing.

8 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

History of Cryptography

 The art of cryptography is considered to be born along with

the art of writing.
 As civilizations evolved, human thought process fueled the
natural need of people to communicate secretly.
 Which lead to the continuous evolution of cryptography.

 The roots of cryptography are found in Roman and Egyptian

civilizations.

9 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

History of Cryptography
Hieroglyph – The Oldest Cryptographic Technique:
 The first known evidence of cryptography can be traced to the use
of ‘hieroglyph’.
 Egyptians used to communicate by messages written in hieroglyph
4000 years ago.
 This code was the secret known only to the scribes who used to
transmit messages on behalf of the kings.

10 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

History of Cryptography

 Later, the scholars moved on to using simple mono-alphabetic

substitution ciphers during 500 to 600 BC.
 This involved replacing alphabets of message with other
alphabets with some secret rule.

 This rule became a key to retrieve the message back from the
garbled message.

11 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

History of Cryptography
 The earlier Roman method of cryptography, popularly known
as the Caesar Shift Cipher,
 relies on shifting the letters of a message by an agreed number (three was
a common choice),
 The recipient of this message would then shift the letters back
by the same number and obtain the original message.

12 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

History of Cryptography
Steganography:
 In this method, people not only want to protect the secrecy of
an information by concealing it,
 But they also want to make sure any unauthorized person gets
no evidence that the information even exists.

13 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Evolution of Cryptography
It is during and after the European Renaissance, various Italian and
Papal states led the rapid proliferation of cryptographic techniques.
 Improved coding techniques such as Vigenere Coding came into
existence in the 15th century
 Only after the 19th century, cryptography evolved from the ad hoc
approaches to encryption to the more sophisticated art and science of
information security.
 In the early 20th century, the invention of mechanical and electromechanical
machines, such as the Enigma rotor machine, provided more advanced
and efficient means of coding the information.
 During the period of World War II, both cryptography and cryptanalysis
became excessively mathematical.

14 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Modern Cryptography

 Modern cryptography is the cornerstone of computer and

communications security.

 Its foundation is based on various concepts of mathematics

such as number theory, computational-complexity theory, and
probability theory.

15 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

 Characteristics of Modern Cryptography
Classic Cryptography
manipulates traditional characters, i.e., letters
and digits directly.
It is mainly based on ‘security through
obscurity’. The techniques employed for
coding were kept secret and only the parties
involved in communication knew about them.
It requires the entire cryptosystem for
communicating confidentially.
16 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT
Modern Cryptography
It operates on binary bit sequences.
It relies on publicly known mathematical
algorithms for coding the information. Secrecy
is obtained through a secrete key which is
used as the seed for the algorithms. The
computational difficulty of algorithms, absence
of secret key, etc., make it impossible for an
attacker to obtain the original information
even if he knows the algorithm used for
coding.
Modern cryptography requires parties
interested in secure communication to
possess the secret key only.
Context of Cryptography
Cryptology, the study of cryptosystems, can be subdivided into
two branches:

 Cryptography

 Cryptanalysis

Cryptology

Cryptography Cryptanalysis

17 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Context of Cryptography
What is Cryptography?
Cryptography is the art and science of making a cryptosystem that is
capable of providing information security.

 Cryptography deals with the actual securing of digital data.

 It refers to the design of mechanisms based on mathematical
algorithms that provide fundamental information security services.
 You can think of cryptography as the establishment of a large toolkit
containing different techniques in security applications.

18 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Context of Cryptography
What is Cryptanalysis?
The art and science of breaking the cipher text is known as
cryptanalysis.
 Cryptanalysis is the sister branch of cryptography and they both co-
exist.
 Cryptanalysis is also used during the design of the new cryptographic
techniques to test their security strengths.

Note:
Cryptography concerns with the design of cryptosystems, while cryptanalysis
studies the breaking of cryptosystems.

19 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Goals
 Information is an asset that has a value like any other asset.
 As an asset, information needs to be secured from attacks.

 To be secured,
 Information needs to be hidden from unauthorized access. Confidentiality

 Protected from unauthorized change. Integrity

 Available to an authorized entity when it is needed. Availability

20 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Goals

Security Goals

Confidentiality Integrity Availability

21 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Goals: Confidentiality

 Confidentiality is probably the most common aspect of

information security. We need to protect our confidential
information.

 An organization needs to guard against those malicious actions

that endanger the confidentiality of its information.

22 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Goals: Integrity

 Information needs to be changed constantly.

 Integrity means that changes need to be done only by

authorized entities and through authorized mechanisms.

23 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Goals: Availability

 The information created and stored by an organization needs

to be available to authorized entities.

 Information needs to be constantly changed, which means it

must be accessible to authorized entities.

24 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Cryptosystems
 A cryptosystem is an implementation of cryptographic techniques
and their accompanying infrastructure to provide information
security services.
 A cryptosystem is also referred to as a cipher system.

25 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Components of Cryptosystems

Plaintext
 It is the data to be protected during transmission.
Ciphertext
 It is the scrambled version of the plaintext produced by the encryption
algorithm using a specific the encryption key.
 The ciphertext is not guarded. It flows on public channel.
 It can be intercepted or compromised by anyone who has access to the
communication channel.
Encryption Key
 It is a value that is known to the sender.
 The sender inputs the encryption key into the encryption algorithm along
with the plaintext in order to compute the ciphertext.

26 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Components of Cryptosystems
Encryption Algorithm
 It is a mathematical process that produces a ciphertext for any given
plaintext and encryption key.
 It is a cryptographic algorithm that takes plaintext and an encryption key as
input and produces a ciphertext.
Decryption Key
 It is a value that is known to the receiver.
 The decryption key is related to the encryption key, but is not always
identical to it.
 The receiver inputs the decryption key into the decryption algorithm along
with the ciphertext in order to compute the plaintext.

27 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Components of Cryptosystems
Decryption Algorithm
 It is a mathematical process, that produces a unique plaintext for any given
ciphertext and decryption key.
 It is a cryptographic algorithm that takes a ciphertext and a decryption key
as input, and outputs a plaintext.
 The decryption algorithm essentially reverses the encryption algorithm and
is thus closely related to it.

28 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Components of Cryptosystems

29 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Cryptographic Attacks
Cryptographic attacks can be broadly categorized into two distinct
types
 Cryptanalytic attacks
 These attacks are combinations of statistical and algebraic techniques
aiming at ascertain the secret key of cipher.
 They inspect the mathematical properties of cryptographic algorithms
 Non-Cryptanalytic attacks
 They do not exploit the mathematical weakness of the cryptographic
algorithms.
 However the three security goals can be very much threatened by this
class of attacks.

30 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Taxonomy of attacks on Security Goals

31 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Confidentiality
Snooping
 refers to unauthorized access to or interception of data.
 To prevent snooping, the data can be made non-intelligible.

Traffic analysis
 refers to obtaining some other type of information (other than
data) by monitoring online traffic.
 Can guess the type of data based on the nature of transactions.

32 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Confidentiality

Snooping

33 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Confidentiality

Traffic analysis

34 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Integrity

Modification
 means that the attacker intercepts the message and changes it.

Masquerading or spoofing
 happens when the attacker impersonates somebody else.

Replaying
 means the attacker obtains a copy of a message sent by a user and
later tries to replay it.

35 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Integrity
Repudiation
 It is different from others, as it is performed by one of the two
parties (sender or receiver) in the communication.
 Sender of the message might later deny that she has sent the
message;
 Receiver of the message might later deny that he has received the
message.

36 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Integrity

Modification

37 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Integrity

Masquerading or spoofing

38 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Integrity

Replaying

39 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Attacks Threatening Availability
Denial of service (DoS)
 It is a very common attack.
 It may slow down or totally interrupt the service of a system.

40 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Passive and Active Attacks
Passive Attack
 Attacker’s goal is just to obtain information.
 This means that attack does not modify data or harm the
system.
Active Attack
 It may change the data or harm the system.
 Attacks that threaten the integrity and availability.
 Active attacks are normally easier to detect that to prevent
because an attacker can launch them in a variety of ways.

41 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Passive and Active Attacks: Categorization

Attacks Passive/Active Threatening

Snooping
Passive Confidentiality
Traffic Analysis

Modification
Masquerading
Active Integrity
Replaying
Repudiation

Denial of Service Active Availability

42 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Services and Mechanism

 ITU-T provides some security services and some mechanisms

to implement those services.

 Security services and mechanisms are closely related because a

mechanism or combination of mechanisms are used to provide a
service.
 A mechanism can be used in one or more services

43 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Services
 ITU-T (X.800) has defined five services related to the security goals
and attacks

 It is easy to relate one or more services to one or more security goals.

 These services are designed to prevent the security attacks mentioned
above.

44 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Services
Data Confidentiality
 means to protect data from disclosure attack.
 It is designed to prevent snooping and traffic analysis attack
Data Integrity
 mean to protect data from modification, insertion, deletion.
 It may protect the whole message or part of the message
Authentication
 It provides authentication of the party at the other end of the line.
 It provides the authentication of the sender or receiver during
connection establishment (Peer entity authentication).
 Authenticates the source of the data (data origin authentication)

45 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Services
Nonrepudiation
 Protects against repudiation by either the sender or the receiver of
the data.
 With proof of origin: the receiver of the data can prove the identity
of the sender if denied.
 With proof of delivery: the sender of the data can later prove that
the data were delivered to the intended recipient.
Access Control
 Protection against unauthorized access to data.

46 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Mechanisms
 ITU-T (X.800) also recommends security mechanisms to provide the
above mentioned security services.

47 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Mechanisms
Encipherment
 Hiding or covering data, can provide confidentiality.
 Can make use of other mechanisms too.
 Cryptography and Steganography are used for enciphering.
Data Integrity
 This mechanism appends a short check value to the data.
 The receiver receives the data and the check value.
 The receiver creates a new check value from the received data
and check with the received check value to check the integrity.

48 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Mechanisms

Digital Signature
 The sender electronically sign the data and the receiver
electronically verify the signature.
Authentication exchange
 The two entities exchange some messages to prove identity of each
other.
Traffic padding
 It inserts some bogus data into the data traffic to thwart the
adversary’s attempt to use traffic analysis

49 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Security Mechanisms
Routing control
 It means selecting and continuously changing the route between the
sender and receiver.
 It prevents the opponent from evesdropping on a particular route
Notarization
 It means selecting a third trusted party to control the
communication between two entities.
 This prevents repudiation.
Access Control
 It uses methods to prove that a user has access right to the data or
resources owned by a system.
50 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT
Relation b/w Services and Mechanisms

Security Service Security Mechanism

Data Confidentiality Encipherment and Routing control

Encipherment, Digital signature and Data

Data Integrity
integrity
Encipherment, Digital signature and
Authentication
authentication exchanges
Digital signature, Data integrity and
Nonrepudiation
notarization

Access Control Access Control Mechanism

51 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Model for Network Security

52 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT