Cryptography & Network Security
UNIT: 01
Network Security Model:
A Network Security Model exhibits how the
security service has been designed over the
network to prevent the opponent from causing a
threat to the confidentiality or authenticity of the
information that is being transmitted through the
network.
For a message to be sent or receive there must be
a sender and a receiver. Both the sender and
receiver must also be mutually agreeing to the
sharing of the message. Now, the transmission of a
message from sender to receiver needs a medium
i.e. Information channel which is
an Internet service.
A logical route is defined through the network
(Internet), from sender to the receiver and using
the communication protocols both the sender
and the receiver established communication.
Well, we are concerned about the security of the
message over the network when the message has
some confidential or authentic information which
has a threat from an opponent present at the
information channel. Any security service would
have the three components discussed below:
1. Transformation of the information which has to
be sent to the receiver. So, that any opponent
present at the information channel is unable to read
the message. This indicates the encryption of the
message.
It also includes the addition of code during the
transformation of the information which will be used
in verifying the identity of the authentic receiver.
2. Sharing of the secret information between
sender and receiver of which the opponent must
not any clue. Yes, we are talking of the encryption
key which is used during the encryption of the
message at the sender’s end and also during the
decryption of message at receiver’s end.
3. There must be a trusted third party which
should take the responsibility of distributing the
secret information (key) to both the
communicating parties and also prevent it from any
opponent.
The network security model presents the two
communicating parties sender and receiver who
mutually agrees to exchange the information. The
sender has information to share with the receiver.
But sender cannot send the message on the
information cannel in the readable form as it will
have a threat of being attacked by the opponent.
So, before sending the message through the
information channel, it should be transformed into
an unreadable format.
Secret information is used while transforming the
message which will also be required when the
message will be retransformed at the recipient side.
That’s why a trusted third party is required which
would take the responsibility of distributing this
secret information to both the parties involved in
communication.
So, considering this general model of network
security, one must consider the following four tasks
while designing the security model.
1. To transform a readable message at the sender
side into an unreadable format, an appropriate
algorithm should be designed such that it should be
difficult for an opponent to crack that security
algorithm.
2. Next, the network security model designer is
concerned about the generation of the secret
information which is known as a key.
This secret information is used in conjunction with
the security algorithm in order to transform the
message.
3. Now, the secret information is required at both
the ends, sender’s end and receiver’s end. At
sender’s end, it is used to encrypt or transform the
message into unreadable form and at the receiver’s
end, it is used to decrypt or retransform the
message into readable form.So, there must be
a trusted third party which will distribute the secret
information to both sender and receiver.
4. While designing the network security model designer
must also concentrate on developing the methods to
distribute the key to the sender and receiver.
An appropriate methodology must be used to deliver the
secret information to the communicating parties without the
interference of the opponent.
Security attacks:
Security attacks: Any action that compromises the security
of information owned by an organization. These attacks are
classified as:
1. Passive Attacks
2. Active Attacks
captured the message, could not extract the
information from the message. The common
technique for masking contents is encryption. If we
had encryption protection in place, an opponent
might still be able to observe the pattern of these
messages. The opponent could determine the
location and identity of communicating hosts and
could observe the frequency and length of
messages being exchanged. This information
might be useful in guessing the nature of the
communication that was taking place.

1.Active attacks (involves some modification): Active

attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four
categories:

Masquerade: takes place when one entity pretends to be

different. A Masquerade attack involves one of the other
form of active attacks.

Types of Security Attacks

1. Passive attack (emphasis on prevention rather
than detection): Passive attacks are in the nature
of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to
obtain information that is being transmitted.
Replay: passive capture of the data unit and its subsequent
Two types of passive attacks are: retransmission to produce an unauthorized effect.
 Release of message content / snooping : It is
very simple to understand. Eg: An electronic mail
message and a transferred file may contain
sensitive or confidential information. We should
prevent others, from learning the contents of these
transmissions by encoding the message with code
language.

Modification of msgs: Some portion of a legitimate

message is altered or the messages are delayed or
reordered to produce an unauthorized effect.

 Traffic analysis: Suppose that we had a way of

masking the contents of messages or other
information traffic so that opponents, even if they
  Do not click on links or attachments from unknown senders

 Educate employees about how cryptojacking works and its

related risks

 Implement a strong password policy

 Install software updates and patches

 Only download extensions and software programs from

trusted providers

Denial of Service: It prevents or inhibits the normal use or  Use technology to your advantage, including:
management of communications facilities. This attack may
have a specific target; for eg, an entity may suppress all  Ad blockers
messages directed to a particular destination. Another form
of service denial is the disruption of an entire network,  Anti-malware tools
either by disabling the network or by overloading it with
messages so as to degrade performance.  Anti-virus tools

 Application controls on servers

 Endpoint protection

 Intrusion detection systems (IDS)

 Mobile device management (MDM) tools

 Next-gen firewalls

 Virtual private networks (VPN)

 Web filtering tools

Goals of security- prevention,
detection and recovery: Detection: Detection of a system compromise is
extremely critical. With the everincreasing threat
Prevention: There is an age-old advisory that says, environment, no matter what level of protection a
system may have, it will get compromised given a
“It’s too late to sharpen your sword when the drum
greater level of motivation and skill. There is no full
beats for battle”. Make no mistake, we are in a war and
proof “silver bullet” security solution. A defense in
we must prepare for the cyber battles by sharpening
layers strategy should be deployed so when each layer
our skills.
fails, it fails safely to a known state and sounds an alarm.
The most important element of this strategy is timely
Security measures must be taken to protect information
detection and notification of a compromise. Intrusion
from unauthorized modification, destruction, or
detection systems (IDS) are utilized for this purpose
disclosure whether accidental or intentional. During the
prevention phase, security policies, controls and It is often difficult to detect cryptojacking, because
processes should be designed and implemented. coinmining tools operate almost invisibly in the
background of legitimate processes. Indications that a
Following are several techniques used for cryptojacking system has been compromised and is being used for
protection. Used in combination, these techniques help cryptojacking include:
prevent cryptojacking attackers from successfully
setting up a cryptomining operation.
 Battery draining more quickly than normal

A few basic steps to defend against cryptojacking are:  Computer’s fan running faster or more frequently than
usual

 Avoid unsecured websites (i.e., those with no SSL  Device overheating or feeling much hotter than usual
certificate)
 Increased processor usage and higher electrical bills
 Create website whitelists and blacklists
 More frequent computer crashes or unusually poor
performance
 Spikes in CPU usage
Response: For the detection process to have any
value there must be a timely response. The response to
an incident should be planned well in advance. Making
important decisions or developing policy while under
attack is a recipe for disaster.
In the event that a device or network is compromised
by a web-based cryptojacking attack, a number of steps
can be taken to stop the cryptomining.
 Kill the browser tab that’s running the crypto mining script.
 Update browser extensions.
 Disable all website-delivered scripts.
 Delete and remove all extensions.
 Run an antivirus scan to detect and eradicate malware.
Preventative measures noted in the section above
should also be implemented once the cryptojacking
attack has been stopped and remediated.
Security Services and Attacks:
A security service is something that enhances the
security of data processing systems and information
transfers of an organization. The services are intended
to counter security attacks, and they make use of one or
more security mechanisms to provide the services.
1. Confidentiality: It is a security service that keeps
the information secure from an unauthorized
person. Encryption is a process to ensure the
confidentiality.
2. Data integrity: The assurance that data received
are exactly as sent by an authorized entity (i.e.
contains no modification, insertion, deletion, or
replay).
3. Authentication: The assurance that an entity of
concern or the origin of communication is
authentic. Two specific authentication services:
-Peer entity authentication: When establishing a
logical connection, assure that the other party is
as claimed.
- Data origin authentication: In a connectionless
transfer, assure that the source of received data
is as claimed.
4. Non-repudiation: Prevents either sender or
receiver from denying message transmission or receipt
of message.
-Origin non-repudiation: preventing sender
from denying that he has sent a message.
- Destination non-repudiation: preventing
receiver from denying that he has received a
message.
5. Access control: The prevention of the unauthorized
use of a resource (i.e. this service controls who can have
access to a resource, under what conditions access can
occur, and what those accessing the resource are
allowed to do).
6. Availability: Making system or resources available
upon demand by legitimate users.
The attacks rely on nature of the algorithm and also
knowledge of the general characteristics of the plaintext,
i.e., plaintext can be a regular document written in
English or it can be a code written in Java. Therefore,
nature of the plaintext should be known before trying
to use the attacks.
Types of Cryptanalytic attacks :
 Known-Plaintext Analysis (KPA) :In this type of
attack, some plaintext-ciphertext pairs are
already known. Attacker maps them in order to
find the encryption key. This attack is easier to
use as a lot of information is already available.
 Chosen-Plaintext Analysis (CPA) :In this type of
attack, the attacker chooses random plaintexts
and obtains the corresponding ciphertexts and
tries to find the encryption key. Its very simple
to implement like KPA but the success rate is
quite low.
 Ciphertext-Only Analysis (COA) :In this type of
attack, only some cipher-text is known and the
attacker tries to find the corresponding
encryption key and plaintext. Its the hardest to
implement but is the most probable attack as
only ciphertext is required.
 Man-In-The-Middle (MITM) attack :In this type
of attack, attacker intercepts the message/key
between two communicating parties through a
secured channel.
 Adaptive Chosen-Plaintext Analysis
(ACPA) :This attack is similar CPA. Here, the
attacker requests the cipher texts of additional
plaintexts after they have ciphertexts for some
texts.
Classical Cryptography:
Classical cryptography is based on the mathematics and
it relies on the computational difficulty of factorizing
large number. The security of classical cryptography is
based on the high complexity of the mathematical
problem for the instance factorization of large number.
Classical Cryptography has two types of techniques:
1.Symmetric Cryptography: In the symmetric
cryptography a single key is used for encrypting and
decryption the data. This encryption key is private key.
This is the limitation of this encryption technique that
this private key must be distributed only among the
authorized sender and receiver.
2.Asymmetric Cryptography: In the asymmetric
cryptography a pair of key, i.e., public key and private
key is used for encryption and decryption. A sender can
use its public key to encrypt the data and on receiver
end receiver can decrypt the data by using its private
key. This technique overcomes the problem of key
distribution.
Advantages of Classical Cryptography:
 While employing the one-time pad, it is
unbreakable.
 It is easy to do manually, no computer required.
 It protects the plain text from casual snooping.
Disadvantages of Classical Cryptography:
 While employing the one-time pad, it is
cumbersome and requires a personal meetup to
exchange the pads.
 If not employing the OTP, anyone who is even
remotely interested in knowing what you wrote
and knows about cryptography will be able to
break the encryption.
Simplified Data Encryption Standard:
Simplified Data Encryption Standard (S-DES) is equivalent
to the DES algorithm. The SDES encryption algorithm
produces an 8-bit block of plaintext (example: 10111101)
and a 10-bit key as input and makes an 8-bit block of
ciphertext as output. The S-DES decryption algorithm takes
an 8-bit block of ciphertext and the same 10-bit key can
develop that ciphertext as input and makes the initial 8-bit
block of plaintext.
These algorithms generate a key and thus encapsulate the
message with this key. There are two types of encryptions:
asymmetric and symmetric, which are in vogue.
Presentation Layer
The presentation layer in S-DES manages the translation,
encryption/decryption, authentication and compression.
These are explained below −
Translation: It can transform the complex data structures
used by an application string, integers, structures, etc., into
a byte flow that can be shared across the network. The
message is defined so that communicating devices agree to
the structure of the data being transformed. For instance,
ASCII or EBCDIC character sets.
Encryption/Decryption: It can handle security and
privacy issues. Encryption can scramble the information so
that only authorized persons can unscramble the
conversation information. Decryption shifts the encryption
procedure to interpret the message back into its original
form.
There are two types of Encryption which are as follows –
Asymmetric Encryption , Symmetric Encryption
Authentication:It can test the antecedents of the
remote party being the real party instead of an impostor. It
represents that the message is received from an authentic
person, not from an impostor. A digital signature is one of
the multiple authentication methods that use the public key
encryption method.
Data Compression: It compresses data to reduce
the amount of transmitted data, thus storing in bandwidth
and money. There are three general techniques of data
compression. Each method treated that the data stream
can be changed into a more compact definition. This
compact data stream is regenerated back into the original
information at the destination device.
Block Cipher Design Principles:
Block ciphers are built in the Feistel cipher structure.
Block cipher has a specific number of rounds and keys
for generating ciphertext. For defining the complexity
level of an algorithm few design principles are to be
considered.
Block Cipher Principles
A block cipher is designed by considering its three
critical aspects which are listed as below:
1.Number of Rounds: The number of rounds judges
the strength of the block cipher algorithm. It is
considered that more is the number of rounds, difficult
is for cryptanalysis to break the algorithm.
It is considered that even if the function F is relatively
weak, the number of rounds would make the algorithm
tough to break.
2.Design of Function F: The function F of the block
cipher must be designed such that it must be impossible
for any cryptanalysis to unscramble the substitution.
The criterion that strengthens the function F is it non-
linearity.
More the function F is nonlinear, more it would be
difficult to crack it. Well, while designing the function F
it should be confirmed that it has a good avalanche
property which states that a change in one-bit of input
must reflect the change in many bits of output.
The Function F should be designed such that it
possesses a bit independence criterion which states that
the output bits must change independently if there is
any change in the input bit.
3.Key Schedule Algorithm: It is suggested that the
key schedule should confirm the strict avalanche effect
and bit independence criterion.
DES & Strength of Data encryption
standard (DES):
Data encryption standard (DES) is a symmetric key block
cipher algorithm. The algorithm is based on Feistel
network. The algorithm uses a 56-bit key to encrypt
data in 64-bit blocks.
There are mainly two categories of concerns about the
strength of Data encryption standard. They are:
 Concerns about the particular algorithm used.
 Concerns about the usage of key of size 56-bit.
Assuming that on an average one has to search half the
key space, to break the cipher text, a system performing
one DES encryption per microsecond might require
more than thousand years. But, the assumption of one
DES encryption per microsecond is too conservative. In
July 1998, DES was finally proved to be insecure when
the Electronic Frontier Foundation (EFF) had broken a
DES encryption. The encryption was broken with the
help of a special-purpose “DES cracker” machine. It was
reported that the attack took less than 3 days.
Simply running through all possible keys won’t result in
cracking the DES encryption. Unless known plain text is
given, the attacker must be able to differentiate the
plain text from other data. Some degree of knowledge
about the target plain text and some techniques for
automatically distinguishing plain text from garble are
required to supplement the brute-force approach. If
brute force attack is the only means to crack the DES
encryption algorithm, then using longer keys will
obviously help us to counter such attacks. An algorithm
is guaranteed unbreakable by brute force if a 128- bit
key is used.
The differential cryptanalysis, linear cryptanalysis, are
examples for statistical attacks on DES algorithm. Few of
the important alternatives for DES are AES (Advanced
Encryption Standard) and triple DES.
Block Cipher modes of Operation:
Encryption algorithms are divided into two categories
based on the input type, as a block cipher and stream
cipher. Block cipher is an encryption algorithm that
takes a fixed size of input say b bits and produces a
ciphertext of b bits again. If the input is larger than b
bits it can be divided further. For different applications
and uses, there are several modes of operations for a
block cipher.
1.Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of
functioning. It is easier because of direct encryption of
each block of input plaintext and output is in form of
blocks of encrypted ciphertext. Generally, if a message
is larger than b bits in size, it can be broken down into a
bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:
Advantages of using ECB –
 Parallel encryption of blocks of bits is possible,
thus it is a faster way of encryption.
 Simple way of the block cipher.
Disadvantages of using ECB –
 Prone to cryptanalysis since there is a direct
relationship between plaintext and ciphertext.
2.Cipher Block Chaining – Cipher block chaining or CBC
is an advancement made on ECB since ECB
compromises some security requirements. In CBC, the
previous cipher block is given as input to the next
encryption algorithm after XOR with the original
plaintext block. In a nutshell here, a cipher block is
produced by encrypting an XOR output of the previous
cipher block and present plaintext block.
The process is illustrated here:
Advantages of CBC –
 CBC works well for input greater than b bits.
 CBC is a good authentication mechanism.
 Better resistive nature towards cryptanalysis
than ECB.
Disadvantages of CBC –
 Parallel encryption is not possible since every
encryption requires a previous cipher.
3.Cipher Feedback Mode (CFB) – In this mode the
cipher is given as feedback to the next block of
encryption with some new specifications: first, an initial
vector IV is used for first encryption and output bits are
divided as a set of s and b-s bits.The left-hand side s bits
are selected along with plaintext bits to which an XOR
operation is applied. The result is given as input to a
shift register having b-s bits to lhs,s bits to rhs and the
process continues. The encryption and decryption
process for the same is shown below, both of them use
encryption algorithms.
Advantages of CFB –
 Since, there is some data loss due to the use of
shift register, thus it is difficult for applying
cryptanalysis.
3. Output Feedback Mode – The output feedback
mode follows nearly the same process as the
Cipher Feedback mode except that it sends the
encrypted output as feedback instead of the
actual cipher which is XOR output. In this output
feedback mode, all bits of the block are sent
instead of sending selected s bits. The Output
Feedback mode of block cipher holds great
resistance towards bit transmission errors. It
 also decreases the dependency or relationship
of the cipher on the plaintext.
 Security: This refers to the effort required to
 Cost: NIST intends AES to be practical in a wide range
Advantages of OFB –
 In the case of CFB, a single bit error in a block is
propagated to all subsequent blocks. This
problem is solved by OFB as it is free from bit
errors in the plaintext block.
5.Counter Mode – The Counter Mode or CTR is a simple
counter-based block cipher implementation. Every time
a counter-initiated value is encrypted and given as input
to XOR with plaintext which results in ciphertext block.
The CTR mode is independent of feedback use and thus
can be implemented in parallel.
Its simple implementation is shown below:
Advantages of Counter –
 Since there is a different counter value for each
block, the direct plaintext and ciphertext
relationship is avoided. This means that the
same plain text can map to different ciphertext.
 Parallel execution of encryption is possible as
outputs from previous stages are not chained as
in the case of CBC.
Evaluation Criteria For AES:
It is worth examining the criteria used by NIST to evaluate
potential candidates. These criteria span the range of
concerns for the practical application of modern symmetric
block ciphers. In fact, two set of criteria evolved. When
NIST issued its original request for candidate algorithm
nominations in 1997. The three categories of criteria were
as follows:
cryptanalyze an algorithm. The emphasis in the
evaluation was on the practicality of the attack. Because
the minimum key size for AES is 128 bits, brute-force
attacks with current and projected technology were
considered impractical. Therefore, the emphasis, with
respect to this point, is cryptanalysis other than a brute-
force attack.
of applications. Accordingly, AES must have high
computational efficiency, so as to be usable in high-
speed applications, such as broadband links.
· Algorithm and implementation
characteristics:This category includes a variety of
considerations, including flexibility; suitability for a
variety of hardware and software implementations;
and simplicity, which will make an analysis of
security more straightforward.
Differential and Linear Cryptanalysis
Cryptanalysis basically has two forms:
1. Linear Cryptanalysis:
Linear cryptanalysis is a general type of cryptanalysis
based on discovering affine approximations to a cipher’s
action in cryptography. Block and stream ciphers have both
been subjected to attacks. Linear cryptanalysis is one of the
two most common attacks against block ciphers, with
differential cryptanalysis being the other.
2. Differential Cryptanalysis:
Differential cryptanalysis is a sort of cryptanalysis that may
be used to decrypt both block and stream ciphers, as well
as cryptographic hash functions. In the widest sense, it is
the study of how alterations in information intake might
impact the following difference at the output. In the context
of a block cipher, it refers to a collection of strategies for
tracking differences across a network of transformations,
finding where the cipher displays non-random behavior, and
using such attributes to recover the secret key
(cryptography key).
S. Differential
No. Linear Cryptanalysis Cryptanalysis
 S. Differential
No. Linear Cryptanalysis Cryptanalysis

Differential
Linear cryptanalysis cryptanalysis was
was basically first defined in the
invented by Matsui year 1990 by Eli
and Yamagishi in Biham and Adi
1. the year 1992. Shamir.

Linear cryptanalysis Differential

always works on a cryptanalysis can
single bit (one bit at work on multiple bits
2. a time). at a time.

In the case of Linear In the case of

cryptanalysis, differential
ciphertext attack is a cryptanalysis plain
very big text attack is a very
3. disadvantage. big disadvantage.

The use of linear

cryptanalysis is to The use of
figure out what is the differential
linear relationship cryptanalysis is to
present between get clues about
some plaintext bits, some critical bits,
ciphertext bits, and reducing the need
unknown key bits for an extensive
4. very easily. search.

The underlying
structure of each
individual input is
Subsets of input unimportant in this
attributes refer to the case since the input
internal structures of attributes are
5. a single input. differential.

The cryptanalyst After several

decrypts each encryption rounds,
ciphertext using all Cryptanalyst
available subkeys analyses the
and analyses the changes in the
resultant intermediate
intermediate ciphertext obtained.
ciphertext to The practice of
determine the combining assaults
random outcome for is known as
one encryption differential linear
6. cycle. cryptanalysis.