Unit 1 Introduction To Security

CB3491– Cryptography and cyber security (Regulation2021)
III Year / V Semester - CSE
UNIT I
INTRODUCTION TO SECURITY
Computer Security Concepts – The OSI Security Architecture – Security Attacks –
Security Services and Mechanisms – A Model for Network Security – Classical
encryption techniques: Substitution techniques, Transposition techniques,
Steganography – Foundations of modern cryptography: Perfect security –
Information Theory – Product Cryptosystem – Cryptanalysis.
COMPUTER SECURITY CONCEPTS
Definition of Computer Security

The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
This definition introduces three key objectives that are at the heart of computer security:
Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made available or
disclosed to unauthorized individuals.
Privacy: Assures that individual’s control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts: Data integrity: Assures that information and
programs are changed only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly and service is not denied to authorized users.
Although the use of the CIA triad to define security objectives is well established, some in the
security field feel that additional concepts are needed to present a complete picture. Two of the most
commonly mentioned are as follows:
1
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in
the validity of a transmission, a message, or message originator. This means verifying that users are
who they say they are and that each input arriving at the system came from a trusted source.
Accountability: The security goal that generates the requirement for actions of an entity to be traced
uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action.
The Challenges of Computer Security
Computer and network security is both fascinating and complex. Some of the reasons follow:
THE OSI SECURITY ARCHITECTURE:

To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs, some systematic way of
defining the requirements for security and characterizing the approaches to satisfying those
requirements. The OSI security architecture was developed in the context of the OSI protocol
architecture by ITU-T
ITU-T: The International Telecommunication Union (ITU) Telecommunication Standardization Sector

(ITU-T) is a United Nations sponsored agency that develops standards, called Recommendations,
relating to telecommunications and to open systems interconnection (OSI).
Recommendation X.800, Security Architecture for OSI, defines a systematic approach. The OSI
security architecture is useful to managers as a way of organizing the task of providing security. The
OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined
briefly as
1. Security attack
2. Security mechanism
3. Security service
❖ Security attack
Any action that compromises the security of information owned by an organization.
2
❖ Security mechanism.
A process (or a device incorporating such a process) that is designed to detect, prevent, or
recover from a security attack.
❖ Security service
A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. The services are intended to counter
security attacks, and they make use of one or more security mechanisms to provide the service.threat
and attack are commonly used to mean more or less the same thing. The definitions taken from RFC
4949, Internet Security Glossary.
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action,
or event that could breach security and cause harm. That is, a threat is a possible danger that might
exploit a vulnerability.
Attack
An attack on system security that derives from an intelligent threat; that is, an intelligent act that is
a deliberate attempt (especially in the sense of a method or technique) to evade security services and
violate the security policy of a system.
1. What are the different types of security attacks? Explain.(Nov/Dec2013)[Nov/Dec

2022]
SECURITY ATTACK:
Any action that compromises the security of information owned by an organization. There are four
general categories of attack which are listed below. Interruption An asset of the system is destroyed
or becomes unavailable or unusable. This is an attack on availability. e.g., destruction of piece of
hardware, cutting of a communication line or disabling of file management system.
3
Interception
An unauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized

party could be a person, a program or a computer. e.g., wiretapping to capture data in the network,
illicit copying of files.
Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack on
integrity. e.g., changing values in data file, altering a program, modifying the contents of messages
being transmitted in a network.
Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.
e.g., insertion of spurious message in a network or addition of records to a file.
4
The attack is majorly classified into two types:
1. Active attack
2. Passive Attack
PASSIVE ATTACK:
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of
the opponent is to obtain information that is being transmitted.
Passive attacks
Passive attacks are of two types:
1. Release of message contents

2. Traffic analysis
Release of message contents: A telephone conversation, an e-mail message and a transferred file
may contain sensitive or confidential information. We would like to prevent the opponent from
learning the contents of these transmissions.
Traffic analysis: If we had encryption protection in place, an opponent might still be able to
observe the pattern of the message. The opponent could determine the location and identity of
5
communication hosts and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of communication that was taking place. Passive
attacks are very difficult to detect because they do not involve any alteration of data. However, it is
feasible to prevent the success of these attacks.
ACTIVE ATTACKS: These attacks involve some modification of the data stream or the creation of a
false stream
active attacks
These attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity.
Replay – involves passive capture of a data unit and its subsequent transmission to produce an
unauthorized effect.
Modification of messages – Some portion of message is altered or the messages are delayed or
recorded, to produce an unauthorized effect.
Denial of service – Prevents or inhibits the normal use or management of communication facilities.
Another form of service denial is the disruption of an entire network, either by disabling the network
or overloading it with messages so as to degrade performance. It is quite difficult to prevent active
attacks absolutely, because to do so would require physical protection of all communication facilities
and paths at all times. Instead, the goal is to detect them and to recover from any disruption or delays
caused by them.
Security mechanism: A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. Cryptanalysis: Cryptanalysis is the study of methods for
obtaining the meaning of encrypted information, without access to the secret information that is
6
typically required to do so. Typically, this involves knowing how the system works and finding a
secret key.
Cryptanalysis is also referred to as codebreaking or cracking the code.
Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve
success.
SECURITY SERVICES AND MECHANISMS
2. Explain the different types of security services?
SECURITY SERVICE:
A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. The services are intended to counter
security attacks, and they make use of one or more security mechanisms to provide the service.
X.800 defines a security service as a service that is provided by a protocol layer of communicating
open systems and that ensures adequate security of the systems or of data transfers. X.800 divides
these services into five categories
Confidentiality: Ensures that the information in a computer system and transmitted information are
accessible only for reading by authorized parties. Eg., printing, displaying and other forms of
disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly identified,
with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the
transmission.
7
Access control: Requires that access to information resources may be controlled by or the target
system. Availability: Requires that computer system assets be available to authorized parties when
needed.
AUTHENTICATION: The authentication service is concerned with assuring that a communication

is Authentic, the function of the authentication service is to assure the recipient that the message is
from the source that it claims to be from. In the case of an ongoing interaction, such as the connection
of a terminal to a host, two aspects are involved.
Two specific authentication services are defined in X.800:
Peer Entity Authentication Used in association with a logical connection to provide confidence in the
identity of the entities connected.
Data Origin Authentication

In a connectionlesstransfer, provides assurance that thesourceof received dataisasclaimed.
ACCESS CONTROL
Thepreventionofunauthorizeduseofa resource (i.e., this servicecontrolswhocanhaveaccess
toaresource, under whatconditionsaccesscanoccur,andwhatthoseaccessingtheresource isallowed to
do).
DATA CONFIDENTIALITY
Theprotectionofdata fromunauthorized disclosure. Confidentiality is the protection of
transmitteddatafrompassiveattacks.Withrespecttothecontentofadatatransmission,severallevelsof
protection can beidentified.
Connection Confidentiality: Theprotection of alluser dataona connection.

ConnectionlessConfidentiality: Theprotection ofall user dataina singledatablock
AUTHENTICATION
Theconfidentialityofselectedfields within theuserdataonaconnectionorinasingledata block.
TrafficFlowConfidentiality: Theprotection of theinformation thatmightbederivedfrom observation

of trafficflows.
8
DATAINTEGRITY
Theassurancethat data received areexactlyas sentbyanauthorizedentity (i.e., containno
modification, insertion, deletion, or replay).
Connection Integrity with Recovery:

It Providesfortheintegrity of alluserdataonaconnectionanddetectsanymodification, insertion,
deletion, orreplay of any datawithinan entiredata sequence, with recoveryattempted.
Connection IntegritywithoutRecovery: Asabove, butprovides onlydetectionwithout recovery.
SelectiveField Connection Integrity:Itprovidesfortheintegrityofselectedfieldswithintheuserdataof

adatablocktransferredoveraconnectionandtakestheformofdeterminationofwhether
theselectedfieldshavebeenmodified, inserted, deleted, or replayed.
Connectionless Integrity: Providesfor the integrityof asingleconnectionlessdatablock and maytake

theformof detection of data modification. Additionally, a limited formofreplay detection may
beprovided.
Selective-FieldConnectionlessIntegrity: Itprovidesforthe integrityofselectedfieldswithin

asingleconnectionlessdata block; takestheformofdeterminationofwhethertheselected
fieldshavebeenmodified.
NONREPUDIATION
It providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhaving
participated inallor partof the communication.
Nonrepudiation, Origin: Proof that themessagewas sentby thespecified party.
Nonrepudiation, Destination: Proof that the messagewasreceived by thespecifiedparty.
3.ExplainbrieflyaboutSecurityMechanisms.
SECURITYMECHANISMS
Oneofthemostspecificsecuritymechanisms inuseis cryptographic techniques.Encryption

orencryption-like transformationsofinformation arethemostcommonmeansof providing security.
SPECIFIC SECURITYMECHANISMS
9
MaybeincorporateintotheappropriateprotocollayerinordertoprovidesomeoftheOSI security services.

Encipherment:The useofmathematical algorithms totransformdataintoaformthatisnot readily
intelligible. The transformation andsubsequentrecovery of thedatadepend on an algorithm and zero or
more encryption keys.
DigitalSignature:Dataappended to,or acryptographic transformation of,adataunitthat

allowsarecipientof thedataunit to provethesource and integrity of thedataunitand protect againstforgery
(e.g., by therecipient).
Access Control: Avariety ofmechanismsthat enforceaccessrightsto resources

DataIntegrity: Avarietyofmechanismsusedtoassuretheintegrityofadataunitorstream of dataunits
AuthenticationExchange: A mechanismintendedtoensuretheidentityofanentitybymeans of information
exchange.
TrafficPadding:The insertionofbitsintogapsinadatastreamtofrustratetrafficanalysis attempts.
Routing Control: Enables selection of particular physically secureroutesfor certain data and
allowsrouting changes, especially when abreach of securityis suspected.
Notarization: Theuseof a trusted third party to assurecertain propertiesof adata exchange.
PERVASIVE SECURITYMECHANISMS
Mechanismsthat isnotspecificto any particular OSI security serviceor protocollayer.
TrustedFunctionality:That whichisperceivedtobecorrectwithrespecttosomecriteria (e.g., asestablished

by asecurity policy).
SecurityLabel:Themarkingboundtoaresource(whichmaybeadataunit)thatnamesor designatesthesecurity
attributesof thatresource.
Event Detection: Detection of security-relevantevents.

Security AuditTrail:Datacollectedand potentiallyused to facilitate securityaudit,whichisan
independentreviewandexaminationof systemrecordsandactivities.
10
Security Recovery: Dealswith requestsfrom mechanisms, such asevent handling

andmanagementfunctions, and takesrecovery actions.
A MODEL FOR NETWORK SECURITY
4. ExplainBrieflyaboutNetworkSecurityModel. [Nov/Dec 2022].

Amodelfor anetwork security is shown in thebelowfigure.5
FigureNetwork Security Model

AmessageistobetransferredfromonepartytoanotheracrosssomesortofInternetservice. The two parties,
who are theprincipals inthistransaction, must cooperatefor the exchange to takeplace.
AlogicalinformationchannelisestablishedbydefiningaroutethroughtheInternet fromsourcetodestination
andbythecooperativeuseofcommunicationprotocols (e.g., TCP/IP) by the two principals.
Securityaspects comeintoplaywhenitis necessaryordesirabletoprotecttheinformation

transmissionfromanopponentwhomay presentathreat toconfidentiality,authenticity, and so on. All the
techniquesfor providing security havetwo components:
 Asecurity-relatedtransformationon theinformationtobesent. Examplesincludethe

encryptionofthemessage, which scrambles themessagesothatitis unreadablebythe opponent, andthe
additionof a codebasedonthe contentsofthe message, which canbeused to verify the identity ofthesender.
 Somesecretinformationsharedbythe twoprincipalsand, it ishoped,unknowntothe
opponent.Anexampleisanencryption keyusedinconjunctionwiththetransformationto
scramblethemessagebefore transmission and unscrambleiton reception.
11
Atrustedthirdpartymaybeneededtoachievesecuretransmission.Forexample, a thirdparty
mayberesponsiblefordistributing thesecretinformationtothetwoprincipalswhilekeeping itfrom
anyopponent.Or athirdpartymaybeneededto arbitratedisputesbetweenthetwo principalsconcerning
theauthenticityofamessagetransmission.
Thisgeneralmodelshowsthat there arefourbasictasksindesigning aparticularsecurity service:
1. Design an algorithmfor performing thesecurity-related transformation. Thealgorithm should besuch

thatan opponentcannotdefeatitspurpose.
2. Generatethesecretinformation to beusedwith thealgorithm.
3. Develop methodsfor thedistributionandsharing of thesecretinformation.
4. Specifyaprotocoltobeusedbythetwoprincipalsthatmakesuseofthesecurity algorithm and thesecret

information to achieveaparticular security service.
However, there areother security-relatedsituationsof interest thatdo notneatly fitthismodel

butareconsidered. Ageneralmodeloftheseothersituations isillustratedinFigure.6which reflectsa concern
for protecting an information systemfromunwantedaccess.
Figure.6Network AccessSecurityModel
Anothertypeofunwantedaccessistheplacementinacomputersystemoflogicthatexploits vulnerabilitiesin
thesystem andthatcan affect application programsaswellasutility programs, such
aseditorsandcompilers.Programscanpresenttwo kindsof threats:
Informationaccessthreats:Interceptormodify dataon behalf of users whoshould nothave accessto that

data.
Servicethreats:Exploitserviceflawsin computerstoinhibituseby legitimateusers.

12
ClassicalEncryptionTechniques
Symmetricencryption, alsoreferredtoasconventionalencryptionorsingle-keyencryption, was
theonlytypeofencryptionin useprior tothedevelopmentof publickeyencryptioninthe 1970s.
Somebasicterminologies used:
1. ciphertext- the coded message
2. cipher- - algorithm for transforming plaintext to ciphertext
3. key- info usedin cipher known only to sender/receiver
4. encipher (encrypt) - converting plaintext to ciphertext
5. decipher (decrypt) - recovering ciphertext from plaintext
6. cryptography - study of encryption principles/methods
7. cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without
knowing key
8. cryptology - the field of both cryptography and cryptanalysis
Fig.7 Simplified Modelof Symmetric Encryption

A symmetric encryptionscheme hasfive ingredients
A symmetric encryption scheme has five ingredients (Fig.7).
 Plain text
 Encryption algorithm
 Secret key
 Cipher text
 Decryption algorithm
Here the original message, referred to as plaintext, is converted into apparently random nonsense,
referred to as cipher text. The encryption process consists of an algorithm and a key.
13
The key is a value independent of the plaintext. Changing the key changes, the output of the algorithm.
Once the cipher text is produced, it may be transmitted. Upon reception, the cipher text can be
transformed back to the original plaintext by using a decryption algorithm and the same key that was
used for encryption.
The security depends on several factors. First, the encryption algorithm must be powerful enough that it
is impractical to decrypt a message on the basis of cipher text alone. Beyond that, the security depends
on the secrecy of the key, not the secrecy of the algorithm.
Two requirementsforsecureuseof symmetricencryption:

• A strong encryption algorithm
• A secretkey known only to sender /receiver
• Y= EK(X)
• X= DK(Y)
assume encryption algorithm isknown impliesa secure channelto distributekey
Fig.8. conventional cryptosystem

A source produces a message in plaintext, X = [X1, X2, …, XM] where M are the number of letters in
the message. A key of the form K = [K1, K2, …, KJ] is generated. If the key is generated at the source,
then it must be provided to the destination by means of some secure channel. With the message X and
the encryption key K as input, the encryption algorithm forms the cipher text Y = [Y1, Y2, …, YN].
This can be expressed as Y = EK(X).
14
The intended receiver, in possession of the key, is able to invert the transformation:X = DK(Y) An
opponent, observing Y but not having access to K or X, may attempt to recover X or K or both. It is
assumed that the opponent knows the encryption and decryption algorithms. If the opponent is
interested in only this particular message, then the focus of effort is to recover X by generating a
plaintext estimate. Often if the opponent is interested in being able to read future messages as well, in
which case an attempt is made to recover K by generating an estimate K.
Cryptography
Cryptographic systems are characterized along three independent dimensions:
 The type of operations used for transforming plaintext to ciphertext.

All encryption algorithms are based on two general principles: substitution, in which each element in
the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in
which elements in the plaintext are rearranged. The fundamental requirement is that no information be
lost (i.e., that all operations are reversible). Most systems, referred to as product systems, involve
multiple stages of substitutions and transpositions.
 The number of keys used.
If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-
key, or conventional encryption. If the sender and receiver use different keys, the system is referred to
as asymmetric, two-key, or public-key encryption
 The way in which the plaintext is processed.A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher processes the input
elements continuously, producing output one element at a time, as it goes along.
Cryptanalysis and Brute-Force Attack

Typically, the objective of attacking an encryption system is to recover the key in use rather than
simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a
conventional encryption scheme:
15
 Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general
characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of attack
exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the
key being used.
 Brute-force attack
The attacker tries every possible key on a piece of ciphertext until an intelligible translation into
plaintext is obtained. On average, half of all possible keys must be tried to achieve success.
Types of Attacks on Encrypted Messages

Table summarize the various types of cryptanalytic attacks based on the amount of information
known to the cryptanalyst. The most difficult problem is presented when all that is available is the
ciphertext only. In some cases, not even the encryption algorithm is known, but in general, we can
assume that the opponent does know the algorithm used for encryption. One possible attack under these
16
circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this
becomes impractical.
SubstitutionTechniques:
5. DiscusstheClassicalcryptosystemsanditstypes. (May/June 2012)(Nov/Dec 2012)
(Nov/Dec 2011)(April/May 2011).
Definition
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit patterns.
DifferentTypesofSubstitutionTechniques
 CaesarCipher
 MonoalphabeticCipher
 PlayFairCipher
 HillCipher
 PolyalphabeticCipher
 OneTimePad
1.Caesar cipher (or) shift cipher
The earliest known use of a substitution cipher and the simplest was by Julius Caesar.
 The Caesar Cipher is a type of shift cipher. Shift Ciphers work by using the modulo operator to
encrypt and decrypt messages. The Shift Cipher has a key K, which is an integer from 0 to 25. We will
only share this key with people that we want to see our message
 The Caesar cipher involves replacing each letter of the alphabet with the letter standing 3 places
further down the alphabet.
Example
plain: meet me after the toga party

cipher: PHHW PH DIWHU WKH WRJD SDUWB
17
 It candefine transformationas:
Let us assign a numerical equivalent to each letter:
Then the algorithm can be expressed as follows. For each plaintext letter, substitutethe ciphertext letter C:
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
Where takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-forcecryptanalysis is easily
performed: simply try all the 25 possible keys. shows the results of applying this strategy to the example
ciphertext. In this caseplaintext leaps out as occupying the third line.
Three important characteristics of this problem enabled us to use a bruteforcecryptanalysis:
 The encryption and decryption algorithms are known.
 There are only 25 keys to try.
 The language of the plaintext is known and easily recognizable.
2.MonoalphabeticCipher
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increasein the key space
can be achieved by allowing an arbitrary substitution. Before proceeding,we define the term
permutation.A permutation of a finite set of elementsis an ordered sequence of all the elements of ,
with each element appearing exactlyonce.
For example, if S = {a, b, c} , there are six permutations of : S
18
abc, acb, bac, bca, cab, cba

In general, there are n! permutations of a set of elements, because the firstelement can be chosen in one
of n ways, the second in n – 1ways, the third inn - 2ways, and so on.
Recall the assignment for the Caesar cipher:
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters,then there are 26! or
greater than 4 * 10^26possible keys. This is 10 orders of magnitudegreater than the key space for DES
and would seem to eliminate brute-forcetechniquesfor cryptanalysis.
Such an approach is referred to as a monoalphabeticsubstitution cipher, because a single cipher
alphabet (mapping from plain alphabetto cipher alphabet) is used per message.
Monoalphabetic ciphers are easy to break because they reflect the frequencydata of the original
alphabet. A countermeasure is to provide multiple substitutes,known as homophones, for a single letter.
For example, the letter e could be assigneda number of different cipher symbols, such as 16, 74, 35, and
21, with each homophoneassigned to a letter in rotation or randomly.
If the number of symbols assignedto each letter is proportional to the relative frequency of that letter,
then single-letterfrequency information is completely obliterated.
3. PlayfairCipher
The best-known multiple-letter encryption cipher is the Playfair, which treats diagramsin the plaintext
as single units and translates these units into ciphertext diagrams.
The Playfair algorithm is based on the use of a 5 × 5 matrix of letters constructedusing a keyword.
Here is an example, solved by Lord Peter Wimsey inDorothy Sayers’s Have His Carcase:flutters
M O N A R
C H Y B D
E F G I K
/
J
L P Q T
U V W X Z
19
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one
letter. Plaintext is encrypted two letters at a time, according to the following rules:
 Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x,
so that balloon would be treated as ba lx lo on.
 Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
 Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as
CM.
 Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM
(or JM, as the encipher wishes).
The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing, whereas
there are only 26 letters, there are 26 * 26 = 676 diagrams, so that identification of individual
diagrams is more difficult. Furthermore, the relative frequencies of individual letters exhibit a much
greater range than that of diagrams, making frequency analysis much more difficult.
For these reasons, the Playfair cipher was for a long time considered unbreakable. It was used as the
standard field system by the British Army in World War I and still enjoyed considerable use by the
U.S. Armyand other Allied forces during World War II.
4. HillCipher
Hillcipherisa polygraphic substitution cipherbasedonlinearalgebra.Each letteris
representedbyanumbermodulo26.The Substitution is determined by m linear in which each character a
numerical value (a=0,b=1,….z=25). Another interesting multiletter cipher is the Hill cipher, developed
by the mathematicianLester Hill in 1929.
20
This encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext
letters. The substitution is determined by m linear equations in which each character is assigned a
numerical value (a = 0, b = 1,….., z = 25).
For m = 3, the system can be described as
This can be expressed in terms of row vectors and matrices:
or
C = PK mod 26
Where C and P are row vectors of length 3 representing the plaintext and cipher text, and K is
a 3 x 3 matrix representing the encryption key. Operations are performed mod 26.
21
22
5. Polyalphabetic Ciphers
Another way to improve on the simple mono alphabetic technique is to use different mono
alphabetic substitutions as one proceeds through the plaintext message. The general name for this
approach is polyalphabetic substitution cipher.
All these techniques have the following features in common:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.
Ageneralequationoftheencryptionprocessis
Ci=(pi+kimodm)mod26
Decryptionisageneralizationof
pi=(Ci–kimodm)mod26
6. VigenèreCipher
Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form of

polyalphabetic substitution. A polyalphabetic cipher is any cipher based on substitution, using
multiple substitution alphabets .The encryption of the original text is done using the Vigenère square
or Vigenère table.
• The table consists of the alphabets written out 26 times in different rows, each alphabet shifted
cyclically to the left compared to the previous alphabet, corresponding to the 26 possible Caesar
Ciphers.
• At different points in the encryption process, the cipher uses a different alphabet from one of the
rows.
• The alphabet used at each point depends on a repeating keyword
23
Example
 Usingkeyworddeceptive
Key : deceptivedeceptivedeceptive
Plaintext :wearediscoveredsaveyourself
Ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Vernam CipherThe ultimate defense against such a cryptanalysis is to choose a keyword that is as
long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&T
engineer named Gilbert Vernam in 1918.
The system can be expressed as,
24
• Thus, the ciphertext is generated by performing the bitwise XOR of the plaintext andthe key.
Because of the properties of the XOR, decryption simply involves the samebitwise operation
SecurityofVigenèreCiphers
 Havemultipleciphertextlettersforeachplaintextletter.Henceletterfrequenciesare obscuredbut
nottotallylost.
 Startwithletterfrequencies,monoalphabeticornot.Ifnot,thenneedtodeterminenumberofalphabets
,sincethencanattacheach.
7. One-TimePad
It is an unbreakable cryptosystem. It represents the message as a sequence of 0s and 1s. this

can be accomplished by writing all numbers in binary, for example, or by using ASCII. The key is a
random sequence of 0‟s and 1‟s of same length as the message. Once a key is used, it is discarded and
never used again. The system can be expressed as follows:
Ci = Pi Ki
 Ci - ith binary digit of cipher text
 Pi - ith binary digit of plaintext
 Ki - ith binary digit of key – exclusive OR opearaiton
Thus, the cipher text is generated by performing the bitwise XOR of the plaintext and the key.
Decryption uses the same key. Because of the properties of XOR, decryption simply involves
the same bitwise operation:
Pi = Ci Ki
25
e.g., plaintext = 0 0 1 0 1 0 0 1
Key = 1 0 1 0 1 1 0 0
-------------------
ciphertext = 1 0 0 0 0 1 0 1
Advantage:
Encryption method is completely unbreakable for a ciphertext only attack.
Disadvantages
 It requires a very long key which is expensive to produce and expensive to transmit.
 Once a key is used, it is dangerous to reuse it for a second message; any knowledge on the first
message would give knowledge of the second.
Transpositioncipher Techniques
 All the techniques examined so far involve the substitution of a ciphertext symbol for a
plaintext symbol. A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher.
 The simplest such cipher is the rail fence technique, in which the plaintext iswritten down as a
sequence of diagonals and then read off as a sequence of rows.
For example, to encipher the message “meet me after the toga party” with a railfence of depth 2, we
write the following:
mematrhtgpry
etefeteoaat
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
This sort of thing would be trivial to cryptanalyze. A more complex scheme isto write the message in
a rectangle, row by row, and read the message off, columnby column, but permute the order of the
columns. The order of the columns thenbecomes the key to the algorithm. For example,
26
Thus, in this example, the key is 4312567. To encrypt, start with the columnthat is labeled 1, in
this case column 3. Write down all the letters in that column.Proceed to column 4, which is labeled 2,
then column 2, then column 1, thencolumns 5, 6, and 7.
A pure transposition cipher is easily recognized because it has the same letterfrequencies as the
original plaintext. For the type of columnar transposition justshown, cryptanalysis is fairly
straightforward and involves laying out the ciphertextin a matrix and playing around with column
positions. Diagram and trigram frequencytables can be useful.
The transposition cipher can be made significantly more secure by performing more than one
stage of transposition. The result is a more complex permutation that is not easily reconstructed.
6. ExplainbrieflyaboutSteganography.
Steganography
Steganography is the technique of hiding secret data within an ordinary, non-secret, file or
message in order to avoid detection; the secret data is then extracted at its destination. The use of
steganography can be combined with encryption as an extra step for hiding or protecting data. It stems
from two Greek words, which are steganos, means covered and graphia, means writing.
Steganography Techniques
1. CharacterMarking:
Selectedlettersareoverwritteninpencil.Them
arksarenotvisibleunlessthepaperisheldatanangletobright light.
2. InvisibleInk:
No. ofsubstancescanbeusedforwritingbutleavenovisibletraceuntilheatorsome chemicalis
appliedto thepaper
3. PinPunctures:
Smallpinpuncturesonselectedlettersareordinarilynotvisibleunlessthepaperisheldupinfrontof
27
sunlight.
4. TypewriterCorrectionRibbon:
The results of typing with the correction tape are visible only undersunlight.
Advantages
The advantage of steganography is that it can be employed by parties whoare something to

lose should the fact of their secret communication (not necessarilythe content) be discovered.
Encryption flags traffic as important or secret or mayidentifythe sender or receiver as someone with
something to hide.
Drawbacks
1. Requires a lot of overhead to hide a relatively few bits of information.

2. Once the system is discovered, it becomes virtually worthless.
7. ExplaininFoundationsofmoderncryptography.
Moderncryptographyisthecornerstoneofcomputerandcommunicationssecurity.Itsfoundationisb
asedonvariousconceptsofmathematicssuchascomputational-complexitytheory,andprobabilitytheory.
CharacteristicsofModernCryptography
Therearethreemajorcharacteristicsthatseparatemoderncryptographyfromtheclassical
ClassicCryptography ModernCryptography
It manipulates traditional characters, Itoperatesonbinarybitsequences.

i.e.,lettersanddigitsdirectly.
It is mainly based on ‘security Itreliesonpubliclyknownmathematicalalgor
throughobscurity’. The techniques ithmsforcodingtheinformation.Secrecyisob
employed forcoding were kept secret and tained throughasecretekeywhich is used
only astheseedforthe algorithms. The
thepartiesinvolvedincommunicationknew computational difficulty of algorithms,
about them. absence of secret key, etc., make it
impossible for an attacker to obtain the
original information even if he knows the
28
algorithm used for coding.
It requires the entire cryptosystem for Modern cryptography requires parties
communicating confidentially. interested in secure communication to
possess the secret key only.
ContextofCryptography
Cryptology,thestudyofcryptosystems,canbesubdividedintotwobranches−
 Cryptography
 Cryptanalysis
WhatisCryptography?
Cryptographyistheartandscienceofmakingacryptosystemthatiscapableofprovidinginformations
ecurity. Cryptography deals with the actual securing of digital data. It refers to the design
ofmechanisms based on mathematical algorithms that provide fundamental informationsecurity
services. You can think of cryptography as the establishment of a large toolkitcontainingdifferent
techniquesin securityapplications.
WhatisCryptanalysis?
Theartandscienceofbreakingtheciphertextisknownascryptanalysis.
Cryptanalysisisthesisterbranchofcryptographyandtheybothco-exist.Thecryptographic process results

in the cipher text for transmission or storage. It
involvesthestudyofcryptographicmechanismwiththeintentiontobreakthem.Cryptanalysisis also used
during the design of the new cryptographic techniques to test their securitystrengths.
29
Note−Cryptographyconcernswiththedesignofcryptosystems,whilecryptanalysisstudiesthebreakingofcr
yptosystems.
8. ExplainSecurityServicesofCryptographyindetail.
Theprimaryobjectiveofusingcryptographyistoprovidethefollowingfourfundamentalinformatio
nsecurityservices.Letusnowseethepossiblegoalsintendedtobe fulfilledbycryptography.
1. Confidentiality
 Confidentialityisthefundamental securityserviceprovided bycryptography.
 It isa securityservicethat keepstheinformationfromanunauthorizedperson.
 Itissometimesreferredtoasprivacy orsecrecy.
 Confidentialitycanbeachievedthroughnumerousmeansstartingfromphysicalsecuring
totheuseofmathematical algorithms fordata encryption.
2. DataIntegrity
 It issecurityservicethatdeals withidentifyinganyalterationtothedata.
 The data may get modified by an unauthorized entity intentionally or accidently.Integrity

service confirms that whether data is intact or not since it was
lastcreated,transmitted,orstoredbyanauthorizeduser.
 Dataintegrity cannotpreventthealterationofdata,butprovidesameansfordetectingwhetherdatahas
been manipulated inanunauthorizedmanner.
3. Authentication
Authenticationprovidestheidentificationoftheoriginator.Itconfirmstothereceiverthatthedatareceivedha
sbeensentonlybyanidentifiedandverifiedsender.
Authenticationservicehastwovariants−
30
 Message authentication identifies the originator of the message without

anyregardrouterorsystemthathassentthemessage.
 Entityauthentication
isassurancethatdatahasbeenreceivedfromaspecificentity,sayaparticularwebsite.
Apartfromtheoriginator,authenticationmayalsoprovideassuranceaboutotherparametersrelatedtodatasuch
asthedateandtimeofcreation/transmission.
4. Non-repudiation
 It is a security service that ensures that an entity cannot refuse the ownership of aprevious
commitment or an action. It is an assurance that the original creator of the
datacannotdenythecreation ortransmissionofthesaiddatatoarecipient orthirdparty.
 Non-repudiation is a property that is most desirable in situations where there arechances
ofadisputeoverthe exchangeofdata.
 For example, once an order is placed electronically, a purchaser cannot deny
thepurchaseorder,ifnon-repudiationservicewas enabledinthis transaction.
CryptographyPrimitives
CryptographyprimitivesarenothingbutthetoolsandtechniquesinCryptographythatcanbe
selectivelyusedto provideasetofdesiredsecurityservices
1. Encryption
2. Hashfunctions
3. MessageAuthenticationcodes(MAC)
4. DigitalSignatures
Thefollowingtableshowstheprimitivesthatcanachieveaparticularsecurityserviceontheirown.
31
Note−Cryptographicprimitivesareintricatelyrelatedandtheyareoftencombinedto
achieveasetofdesired securityservices fromacryptosystem.
 Cryptosystemisanimplementationofcryptographictechniquesandtheiraccompanying
infrastructure toprovideinformationsecurityservices.
 Acryptosystemis also referredto asaciphersystem.
 Letusdiscussasimplemodelofacryptosystemthatprovidesconfidentialitytothe information being
transmitted. This basic model is depicted in the illustrationbelow−
 The illustration shows a sender who wants to transfer some sensitive data to
areceiverinsuchawaythatanypartyinterceptingoreavesdroppingonthecommunication
channelcannot extract thedata.
 The objective of this simplecryptosystem isthatat the end of the process, onlythesenderandthe
receiverwillknowtheplaintext.
ComponentsofaCryptosystem
Thevariouscomponentsofabasiccryptosystemareasfollows−
 Plaintext.Itisthedatatobeprotectedduringtransmission.
32
 EncryptionAlgorithm. It is a mathematical process that produces a ciphertextfor any given

plaintext and encryption key. It is a cryptographic algorithm thattakesplaintext and
anencryptionkeyas inputandproducesacipher text.
 Cipher text.Itisthescrambledversionoftheplaintextproducedbytheencryption algorithm using a
specific the encryption key. The cipher text is notguarded. It flows on public channel. It can be
intercepted or compromised byanyonewho has accesstothecommunicationchannel.
 DecryptionAlgorithm,It is a mathematical process, that produces a
uniqueplaintextforanygivencipher textanddecryptionkey.Itisacryptographicalgorithm that takes a
cipher text and a decryption key as input, and outputs aplaintext. The decryption algorithm
essentially reverses the encryption algorithmandis thuscloselyrelatedtoit.
 Encryption Key. It is a value that is known to the sender. The sender inputs theencryption key
into the encryption algorithm along with the plaintext in order tocomputethecipher text.
 Decryption Key. It is a value that is known to the receiver. The decryption key isrelated to the
encryption key, but is not always identical to it. The receiver inputsthe decryption key into the
decryption algorithm along with the cipher text inordertocompute theplaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a keyspace.
An interceptor (an attacker) is an unauthorized entity who attempts to determine

theplaintext.Hecanseethecipher
textandmayknowthedecryptionalgorithm.He,however,mustneverknowthedecryptionkey.
TypesofCryptosystems
Fundamentally,therearetwotypesofcryptosystemsbasedonthemannerinwhichencryption-
decryption is carriedoutinthesystem
1. SymmetricKeyEncryption
2. AsymmetricKeyEncryption
Themaindifferencebetweenthesecryptosystemsistherelationshipbetweentheencryption and the

decryption key. Logically, in any cryptosystem, both the keys areclosely associated. It is practically
impossible to decrypt the cipher text with the key thatisunrelatedtothe encryptionkey.
Cryptanalysis
33
Typically, the objective of attacking an encryption system is to recover the key in use rather than
simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a
conventional encryption scheme:
 Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the
general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of
attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to
deduce the key being used.
 Brute-force attack
The attacker tries every possible key on a piece of ciphertext until an intelligible translation into
plaintext is obtained. On average, half of all possible keys must be tried to achieve success.
Types of Attacks on Encrypted Messages

Table summarize the various types of cryptanalytic attacks based on the amount of information
known to the cryptanalyst. The most difficult problem is presented when all that is available is the
ciphertext only. In some cases, not even the encryption algorithm is known, but in general, we can
assume that the opponent does know the algorithm used for encryption. One possible attack under these
circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this
becomes impractical.
34
9. Encryptthemessage“thisisanexercise”usingadditivecipherwith
key=20.Ignore the space between words. Decrypt the message to get the
originalplaintext.(JUN/JUL2021)
Givenkey=20,andthemessagetobeencryptedis“THISISANEXERCISE”
Encodethe R–18+20-characterA toZas1to26
To wraparound
Firstencodeeachletterinorder
T–20+20=40 –26=14N
H–8+20=28–26=2B
I–9+20= 29 –26=3C
S–19+ 20=39–26=13M
I–9+20= 29 –26=3C
S–19+ 20=39–26=13M
A–1 +20=21 W
N–14 +20 =34 – 26=8H
E–5+20=25Y
X–24 +20 =44–26=18 R
E–5+20=25Y
R–18 +20=38–26=12L
C–3+20=23W
I–9+20= 29 –26=3C
S–19+ 20=39–26=13M
E–5+20=25Y
Therefore, the encoded message is
NBCMCM WHYRLWCMY
The revise process will return the decrypted message
THISISANEXERCISE
35
Part-A
1. DefineSecurity
 The protection afforded to an automated information system in order to attain theapplicable
objectives of preserving the integrity, availability, and
confidentialityofinformationsystemresources(includeshardware,software,firmware,information
/data,andtelecommunications).
2. Listoutthegroupsincryptographicalgorithmsandprotocols
 Symmetric encryption: Used to conceal the contents of blocks or streams
ofdataofanysize,including messages,files,encryptionkeys,andpasswords.
 Asymmetricencryption:Usedtoconcealsmallblocksofdata,suchasencryptionkeysandhashfunctio
nvalues,which areusedindigitalsignatures.
 Dataintegrityalgorithms:Usedtoprotectblocksofdata,suchasmessages,fromalteration.
 Authenticationprotocols:Theseare schemesbased on
theuseofcryptographicalgorithmsdesignedtoauthenticatetheidentityofentities.
3. Whatarethekeyprinciplesofsecurity?(May/June2009)[NOV/DEC 2022]
 Confidentiality-theprotectionofdatafromunauthorizeddisclosure.
 Authentication - the act of confirming the truth of an attribute of a single piece
ofdata(datum)orentity.
 Integrity-assurethedatareceived areexactlyassentbyanauthorizedentity.
 Non-repudiation-theprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunication
 Availability-Assuresthatsystemsworkpromptlyandserviceisnotdeniedtoauthorized users.
4. Whatisthe OSIsecurityarchitecture?
Toassesseffectivelythesecurityneedsofanorganizationand toevaluateandchoose various
security products and policies, the manager responsible forsecurity needs some systematic way
of defining the requirements for securityand characterizingtheapproachestosatisfying
thoserequirements.
36
5. Definethreat.(April/May2010)
A potential for violation of security, which exists when there is a circumstance,capability,
action, or event that could breach security and cause harm. That is, athreatis apossibledangerthat
mightexploitvulnerability.
Thereare twotypesofThreat:
1. Informationaccessthreats:Interceptormodifydataon behalfofusers whoshould not have
accesstothatdata.
2. Servicethreats:Exploitserviceflaws in computerstoinhibitusebylegitimateusers.
6. Defineattack.(April/May2010)
An assault on system security that derives from an intelligent threat; that is, anintelligent
act that is a deliberate attempt (especially in the sense of a methodor technique) to evade security
services and violate the security policy of asystem.
Securityattack:Any action that compromises the security of information owned by anorganization.
7. Givethetypesofattack. (Nov/Dec2011)(Nov/Dec2009)
Passive attacks - The Nature of eavesdropping on, or monitoring of,
messageduringtransmission.Thegoaloftheopponentistoobtaininformationthatisbeing transmitted.
Twotypesofpassiveattacksarereleaseofmessagecontentsandtrafficanalysis.
Activeattacks-Itinvolvessomemodificationofdatastreamorthecreationoffalsedatastream.
Activeattackcanbesubdividedintofourcategories:masquerade,replay,modification
ofmessage,anddenialofservice.
8. DifferentiatePassiveattackandActiveattackwithexample.(or)Compare
PassiveandActiveattack.(April/May2011)(Jun/Jul2021)(April/May2023)
S.NO Passiveattack Activeattack

1. TheNatureofeavesdroppingon,or Itinvolvessomemodificationofdata
monitoring of, message stream or the creation of
37
duringtransmission.Thegoaloftheopp falsedatastream.
onent is to obtain
informationthatisbeingtransmitted.
2. Passiveattackisverydifficulttodetect. Activeattackiseasytodetect.
3. Two types of passive attacks Active attack can be subdivided

arereleaseofmessagecontentsandtraff intofour categories: masquerade,
icanalysis. replay,modification of message, and
denialofservice.
4. Eg:Interception E.g.:Fabrication,Modification,andInterr
uption
9. Show that3is primitive rootof7.(May/June2009)

Ifp=7,then 3isa primitiverootfor pbecause thepowersof3are1,3,2,6,4,5--
-thatis,everynumbermod7occursexcept0.
But2isn'taprimitiverootbecausethepowersof2are1,2,4,1,2,4,1,2,4...missingseveralvalues.
Thus,3istheprimitiveroot of7
10. Writeaboutreplayattack.
 Activeattacksinvolvesome
modificationofthedatastreamorthecreationofafalseStream.One categoryofthe
activeattackis replayattack.
 Replayattackinvolvesthepassivecaptureofadataunit
anditssubsequentretransmissiontoproduce anunauthorizedeffect.
11. Writeaboutdataoriginauthentication.
a. The authentication service is assuring that a communication is Authentic.
OneofthespecificauthenticationservicesdefinedinX.800isDataoriginauthentication.Itprovide
s forthecorroborationofthesourceofadataunit.
b. It does not provide protection against the duplication or modification of dataunits. This type
of service supports applications like electronic mail, wheretherearenopriorinteractions
38
betweenthecommunicating entities.
12. Find the GCD of 2740 and 1760 using Euclidean Algorithm. (May/June2009)
a b r
2740 1760
1760 980 980
980 780 780
780 200 200
200 180 180
180 20 20
20 0 0
a. Thevalueof"a"inthe lastrowistheGCD ofthenumbers "a"and"b"So this means

thatGCD(2740,1760)=20.
b. In otherwords,theGCD(orGCF)of2740and 1760is20
13. Listthevariouscategoriesofsecurityservices.
 Authentication -Theassurancethatthecommunicating entityistheonethat itclaimstobe.
 AccessControl-Thepreventionofunauthorizeduseofaresource(i.e.,thisservice controls
who can have access to a resource, under what
conditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo)
 DataConfidentiality-Theprotectionofdatafromunauthorizeddisclosure.
 DataIntegrity-Theassurancethatdatareceivedareexactlyassurancethatdata received are
exactly assent by an authorized entity (i.e., contain
nomodification,insertion,deletion,orreplay).
 Nonrepudiation-Providesprotectionagainstdenialbyone ofthe entitiesinvolved in a
communication of having participated in all or part of thecommunication.
14. Drawthediagramfor networksecuritymodel.
39
15. Listthevariouscategoriesofsecuritymechanisms.
SpecificSecurityMechanisms-Maybeincorporatedintotheappropriateprotocol layer in order to

provide some of the OSI security
services.SpecificSecuritymechanismCategorizedasEncipherment, Digital Signature, Access
Control, Data Integrity,Authentication Exchange, Traffic Padding, Routing Control,Notarization.
Pervasive SecurityMechanisms- Mechanisms thatarenotspecific

toanyparticularOSIsecurityserviceorprotocollayer.
PervasiveSecuritymechanismCategorizedas
TrustedFunctionality,SecurityLabel,EventDetection,SecurityAuditTrail,SecurityRecovery.
16. WhatareCryptology,CryptographyandCryptanalysis?
 Cryptology-Thestudyoftechniquesforensuringthesecrecyand/
orauthenticityofinformation.
40
 Cryptography-Thestudyofthedesigntechniques
 Cryptanalysis- It deals with the defeating Cryptographic techniques, to
recoverinformation,orforginginformation that willbeaccepted as authentic.
17.Calculate the value using Fast Modular Exponentiation algorithm

1123mod187.(April/May2010)
112=121 121mod187
114=(112)2 (121)2 55(mod187)
118=(114)2 (55)2mod187 33(mod187)
41
1116=(118)2 154(mod 187)

1123=1116*114*113 (154*55*22)(mod187)
1123 186340(mod187) 88
1123mod187=88
18. Writenotesonspecificsecuritymechanisms.
 Encipherment - The use of mathematical algorithms to transform data into aform that is not
readily intelligible. The transformation and subsequentrecoveryofthedatadependon
analgorithmand zeroormoreencryptionkeys.
 Digital Signature- Dataappendedto, oracryptographictransformationof, adata unit that allows
a recipient of the data unit to prove the source andintegrityofthedataunitandprotectagainst
forgery(e.g.,bytherecipient).
 AccessControl-Avarietyofmechanismsthatenforceaccess rights toresources.
 DataIntegrity- A varietyofmechanismsusedtoassuretheintegrityof
adataunitorstreamofdataunits.
 Authentication Exchange-Amechanismintendedtoensuretheidentityof
anentitybymeansofinformationexchange.
 Traffic Padding- Theinsertionofbitsintogapsinadatastreamtofrustratetrafficanalysisattempts.

 Routing Control - Enables selection of particular physically secure routes
forcertaindataandallows routingchanges,especiallywhenabreachofsecurityissuspected.
 Notarization- Theuseof atrustedthirdpartytoassurecertainpropertiesof adataexchange.
19. WritenotesonPervasivesecuritymechanisms.
 Trusted Functionality-That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy).
 SecurityLabel-Themarkingboundtoaresource(whichmaybeadataunit)thatnames
ordesignatesthe securityattributesofthat resource.
 EventDetection-Detectionofsecurity-relevantevents.
Security Audit Trail - Data collected and potentially used to facilitate a securityaudit,
42
which is an independent review and examination of system records andactivities.

 SecurityRecovery-
Dealswithrequestsfrommechanisms,suchaseventhandlingandmanagementfunctions,andta
kes recoveryactions.
20. DrawthestructureofNetworkaccess Security model.
21. Whataretheessentialingredientsofasymmetriccipher?
 Plaintext-the originalintelligible messageordatathatis fedintothe algorithmasinput.
 Encryptionalgorithm-Theencryptionalgorithmperformsvarioussubstitutionsand
transformationson the plaintext.
 Secretkey-Thesecretkeyisalsoinputtotheencryptionalgorithm.The keyis avalue independent
of the plaintext and of the algorithm. The algorithm willproduceadifferentoutputdepending
onthespecifickeybeingusedatthetime.
 Cipher text - This is the scrambled message produced as output. It depends on theplaintext
and the secret key. The ciphertext is an apparently random stream of
dataand,asitstands,isunintelligible.
 Decryptionalgorithm-
Thisisessentiallytheencryptionalgorithmruninreverse.Ittakestheciphertextandthesecretkeyan
dproducestheoriginal plaintext.
43
22. List and briefly define types of cryptanalytic attacks based on what is knownto
theattacker.
TypeofAttack KnowntoCryptanalyst
CiphertextOnly
 Encryptionalgorithm
 Ciphertext
KnownPlaintext  Encryptionalgorithm
 Ciphertext
 Oneormoreplaintext–
ciphertextpairsformedwiththesecretkey
 Ciphertext
ChosenPlaintext
 Plaintext message chosen by cryptanalyst, togetherwith its
corresponding ciphertext generated with thesecretkey
 Ciphertext
ChosenCiphertext  Ciphertext chosen by cryptanalyst,togetherwithits
correspondingdecryptedplaintextgeneratedwith
thesecretkey
 Ciphertext
 Plaintext message chosen by cryptanalyst, togetherwith its
ChosenText corresponding ciphertext generated with thesecretkey
 Ciphertextchosenbycryptanalyst,togetherwithitscorrespon
ding decrypted plaintext generated withthesecretkey
44
23. DrawtheSimplifiedModelofSymmetric Encryption.
24. Whatare thekeyprinciples ofsecurity?(May/June2009)
 Confidentiality-theprotectionofdatafromunauthorizeddisclosure.
 Authentication - the act of confirming the truth of an attribute of a single piece
ofdata(datum)orentity.
 Integrity-assurethedatareceivedareexactlyassentbyanauthorizedentity.
 Non-repudiation-theprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunication
 Availability-Assuresthatsystemsworkpromptlyandserviceisnotdeniedtoauthorized users.
25. Howdoessimplecolumnartranspositionworks?(May/June2009)
Inacolumnartransposition,themessageiswrittenoutinrowsofafixedlength,and then read out
again column by column, and the columns are chosen insome scrambled order. Both the width of the
rows and the permutation of thecolumns areusuallydefinedbyakeyword.
Exampleforcolumnartransposition
PlaintextmessageWEAREDISCOVERED.FLEEATONCE.
Keywordzebras
6 3 2 4 1 5
W E A R E D
I S C O V E
R E D F L E
45
E A T O N C
E Q K J E U
Providingfivenulls(QKJEU)attheend.Thenciphertext willbe
EVLNEACDTKESEAQROFOJDEECUWIREE
26. Give an example each for substitution and transposition technique.(Nov/Dec2013)

Substitutiontechniqueexample:
Plaintextalphabet:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet: ZEBRASCDFGHIJKLMNOPQTUVWXY
wearediscovered!
encipherstoSIAAZQLKBA.VA ZOARFPBLUAOAR!
eexample:
Plaintext alphabet: we are discovered. flee at once Byusingthree rails
R ..…… L..…….T E
…F...E…A...O….C.
……E..............................................................................................................................................N.
RLTEERDSOEEFEAOCAIVDEN
46
27. Giventhecipher text“ybpqlcirzh”.Findthe

plaintextwhenthekeyis“monoalphabeticcipher”withx=x+3. (Nov/Dec 2008)
Key:x=x+3
Alphabets: a b c d e f g h i j k l m n o p q r s t u v w x y z
Substitutionletters:de fgh ijkl mnopqrs tuvwxyz abc
Ciphertext: ybpqlcirzh
28. Whymodulararithmetichas beenusedincryptography? (Nov/Dec2013)
Tosimplifythearithmeticcalculationstogeneratekeys inCryptography.
 Modulararithmeticguaranteesaboutthelargestvalueandcanallocatethecorrectamountofspace
tohold values.
 Modulararithmeticallowsustoeasilycreategroups,ringsandfieldswhicharefundamentalbuilding
blocksofmostmodernpublic-keycryptosystems.
29. Whatis meantbyplaintextandciphertext?
a. Anoriginalmessageisknownastheplaintext,whilethecodedmessageiscalledthe ciphertext.
b. Theprocessofconvertingfromplaintexttociphertextisknownasencipheringorencryption.
c. Restoringtheplaintextfromtheciphertextisdecipheringordecryption.
d. Themanyschemesusedforencryptionconstitutetheareaofstudyknownascryptography.
e. Suchaschemeis known asacryptographicsystemoracipher.
30. Giveanexample forCaesarCipher. (NOV/DEC 2021)
Plain : meet meafterthe togaparty
Cipher: PHHWPHDIWHUWKH WRJDSDUWB
Notethatthealphabet iswrapped around,sothattheletterfollowingZis A.
Wecandefinethetransformationbylistingallpossibilities,asfollows:
Plain:a bcde fghijk lmnopqrstuvwxyz
Cipher:DEFGHI J KLM NOPQRSTUVWXYZABC
Letusassignanumericalequivalenttoeach letter:
47
Thenthealgorithmcanbeexpressedasfollows.Foreachplaintextletterp,substitutethe cipher
textletter C:2
C=E(k,p)=(p+k)mod26
Ashift maybe ofanyamount,sothat the generalCaesaralgorithmis

C=E(3,p)= (p+3)mod
Wherektakeson avalueintherange1to25.Thedecryption algorithmis simply
p=D(k,C)= (C -k)mod 26(2.2)
31. Whatarethetwobasicfunctionsused inencryptionalgorithm?

 It needs a strong encryption algorithm. At a minimum, the algorithm to be
suchthatanopponentwhoknowsthealgorithm
andhasaccesstooneormoreciphertextswouldbeunabletodeciphertheciphertextorfigureoutthekey
.
 This requirement is usually stated in a stronger form: The opponent should beunable to
decrypt ciphertext or discover the key even if he or she is in
possessionofanumberofciphertextstogetherwiththeplaintextthatproducedeachciphertext.
 Sender and receiver must have obtained copies of the secret key in a securefashion and must
keep the key secure. If someone can discover the key andknowsthealgorithm, all
communicationusing thiskeyisreadable.
32. Howmanykeysarerequiredfortwopeopletocommunicateviaa cipher?
 Ifbothsenderandreceiverusethesamekey,thesystemisreferredtoassymmetric,single-
key,secret-key,orconventional encryption.
 Ifthesenderandreceiverusedifferentkeys,thesystemisreferredtoasasymmetric,two-
key,orpublic-keyencryption.
33. Whatarethetwogeneralapproaches toattackinga cipher?
a) Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plusperhaps some
knowledge of the general characteristics of the plaintext or evensomesampleplaintext–
ciphertextpairs.Thistypeofattackexploitsthecharacteristics of the algorithm to attempt to
48
deduce a specific plaintext or todeduce thekeybeingused.

b) Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained. On average, halfofallpossiblekeysmust
betriedto achieve success.
34.DefinetheCaesarcipher.
TheCaesarcipherinvolvesreplacingeachletterofthealphabetwiththeletterstanding
threeplacesfurtherdownthealphabet.Forexample,
Plaintext: meetmeafterthetogaparty
Ciphertext: P H H W PHDIWHUWKHWRJDSDUWB
 ThealgorithmforCaesarciphercanbeexpressed asfollows.
 Ashiftmaybeofanyamount,sothatthegeneralCaesar algorithmis
C= E(k,p)=(p +k)mod26
Wheretakesonavalueintherange1to25.Thedecryptionalgorithmissimply
p =D(k,C)= (C-k)mod 26
35. List thedifferenttypesofcipher.

 Transposition cipher-A verydifferent
kindofmappingisachievedbyperformingsomesortofpermutationontheplaintextletters.Thistechn
iqueisreferred toasatranspositioncipher.
 Caesarcipher-TheCaesarcipherinvolvesreplacingeachletterofthealphabetwith
theletterstandingthreeplacesfurtherdownthealphabet.
 Playfair cipher - The best-known multiple-letter encryption cipher is the Playfair,which treats
diagrams in the plaintext as single units and translates these unitsintociphertextdiagrams.
 Hillcipher– multilettercipheristheHillcipher
 Polyalphabetic ciphers - Each letter in the plaintext can be encoded by any letterin the
cipher alphabet, and each letter in the cipher alphabet may representdifferentletters
fromtheplaintexteachtime it appears.
 Stream cipher - A stream ciphers one that encrypts a digital data stream onebitoronebyte
atatime.
49
 Block cipher - A block cipher is one in which a block of plaintext is treated as

awholeandusedtoproduceaciphertextblockofequallength.
33. Brieflydefine theMonoalphabeticcipher.(Nov/Dec2012)
 Each letter in the plaintext is encoded by only one letter from the
cipheralphabet,andeachletterinthecipheralphabetrepresentsonlyoneletterintheplaintext.
 Eachletteris replaced byadifferent letterorsymbol.
 Key=permutation (stillneedtodecideonakeyandexchangethisinformationin asecureway).
 26!Possibilities
34. DefinethePolyalphabeticcipher?(Nov/Dec2012)
 Each letter in the plaintext can be encoded by any letter in the cipher alphabet,and each
letter in the cipher alphabet may represent different letters from
theplaintexteachtimeitappears.
 Ageneral equationoftheencryptionprocessis
Ci=(pi+kimodm)mod26
 Decryptionisageneralizationof
pi=(Ci-kimodm)mod 26
50
35. Brieflydefinetheplayfaircipher.
 Thebest-knownmultiple-letterencryptioncipheristhePlayfair,whichtreatsdiagrams in the
plaintext as single units and translates these units intociphertextdiagrams.
 The Playfair algorithm is based on the use of a 5 × 5 matrix of
lettersconstructedusingakeyword.
 ExampleforPlayfaircipher,whenthekeywordismonarchy.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
36. Whatisatranspositioncipher?
Averydifferentkindofmappingisachieved byperformingsomesortofpermutation on the
plaintext letters. This technique is referred to as atranspositioncipher.The simplest such cipher is
the rail fence technique, in which the plaintext iswritten down as a sequence of diagonals and
then read off as a sequence ofrows.
For example, to encipher the message “meet me after the toga party” with a
railfenceofdepth2,wewritethe following:
m e m a t r h t g p r yet e
fe t eoa at
Theencryptedmessageis
MEMATRHTGPRYETEFETEOAAT
37. Whatissteganography?
 Themethodsofsteganographyconcealtheexistenceof themessage,whereasthe methods of
cryptography render the message unintelligible to outsiders byvarioustransformationsofthetext.
 A simpleformofsteganography,butonethat istime-consumingtoconstruct,isone in which an
arrangement of words or letters within an apparently innocuoustextspellsouttherealmessage.
38. DifferentiatesymmetricandAsymmetricCryptography.
51
SymmetricCryptography AsymmetricCryptography
Symmetriccryptographyusesasingle Asymmetriccryptographyorpublic-
secretkeytobothencryptanddecryptdata. keycryptographyiscryptographyinwhichapair
ofkeysisusedtoencrypt
anddecryptamessage.Thekeysusedispublican
dprivatekey.
SymmetricCryptographyislesssecure. Asymmetric Cryptography is
moresecurethanSymmetricCryptography.
Eg,DES,AES Eg RSA
39. Whatis the differencebetweenastreamcipherandablockcipher?
StreamCipher BlockCipher
A stream cipher is one that encrypts adigital A block cipher is one in which ablock of
data stream one bit or one byteat a time. plaintext is treated as a wholeand
Usedtoproduceaciphertextblockofequalleng
th.
The key stream (ki) is as long as Ablocksizeof64or128bitsisused.
theplaintext bitstream(pi)
stream cipher, the two users share Blockciphercanbeusedtoachievethesame
asymmetricencryptionkey effect as astreamcipher.
Examples of classical stream ciphersare the ExampleofblockcipherisDES
auto keyed Vigenère cipher andthe
Vernamcipher
40. Whatarethetwoproblemswiththeonetime pad?(Nov/Dec2011)

There is the practical problem of making large quantities of random keys. Anyheavily used
system might require millions of random characters on a
regularbasis.Supplyingtrulyrandomcharactersinthisvolumeisasignificanttask.Evenmoredaunting
istheproblemofkey distributionand protection. Foreverymessage to be sent, a key of equal
length is needed by both sender andreceiver.Thus,a
52
mammothkeydistributionproblemexists.Becauseof thesedifficulties,the one-timepadis

oflimitedutility and isusefulprimarilyforlow-bandwidth channels requiring veryhigh security.
41. What is the advantage of one time pad encryption algorithm? (April/May2008)
 The keyis tobe usedtoencryptanddecrypta singlemessage, andthenisdiscarded.Eachnewmessage
requiresanewkeyofthesamelengthasthenewmessage.Suchascheme,knownasaone-
timepad,isunbreakable.
 Itproducesrandomoutput thatbearsnostatisticalrelationship
totheplaintext.Becausetheciphertextcontainsnoinformationwhatsoeverabouttheplaintext,thereis
simplynowaytobreakthe code.
42. Whatisthe differencebetweenanunconditionallysecurecipherandacomputationallysecure

cipher?
unconditionallysecurecipher Computationallysecurecipher
1.An Encryption algorithm Encryption is computationally
isunconditionally secured means, securedmeans,
theconditionisifthecipher text generated 1. The cost of breaking the
by the encryptionscheme doesn’t contain cipherexceeds the value of
enoughinformationtodeterminecorrespon enoughinformation.
dingplaintext. 2. Timerequiredtobreakthecipherexceed
the useful lifetime ofinformation.
2.No matter howmuchtimeanopponent has, it 2.It is very difficult to estimate theamount
is impossible for him of effort required
orhertodecrypttheciphertextsimplyBecausether tocryptanalyzeciphertextsuccessfully.
equiredinformationisnotthere.
43. Listthetechniqueswhichare usedinSteganography.

CharacterMarking:
 Selectedlettersareoverwritteninpencil.Themarksarenotvisibleunlessthepaperisheldatanang
letobright light.
53
InvisibleInk:
 No.ofsubstancescanbeusedforwritingbutleavenovisibletraceuntilheatorsome chemicalis
appliedto thepaper
PinPunctures:
 Smallpinpuncturesonselectedlettersareordinarilynotvisibleunlessthepaperisheldup
infrontofsunlight.
TypewriterCorrectionRibbon:
 The results of typing with the correction tape are visible only undersunlight.
44. UsingthisPlayfairmatrix.
M F H I/J K
U N O P Q
Z V W X Y
E L A R G
D S T B C
Encryptthis message:Goodmorning
Removespacesanddividethetextintogroupsoftwoletters.
If there is a doubled letter appearing as a group, insert an x and
regroupGOODMORNINGX
Ifthetwolettersarenotinthesameroworcolumn,replaceeachletterbytheletterthatis inits rowandis inthe
columnoftheotherletter.
Ifthetwolettersareinthesamerow,replaceeachletterwiththeletterimmediatelytoits
right,withthematrixwrappingaroundfromthe lastcolumntothefirst.
Ifthetwolettersareinthesamecolumn,replaceeachletterwiththeletterimmediatelybelowit,withthe
matrixwrappingaroundfromthelast rowtothe first.
AQUTHULPFPRY
45. UsingtheVigenèrecipher,encrypttheworld“explanation”usingthekeyleg.
54
Plaintext: explanation
Key:l eglegl egl e
Ciphertext:PBVWET LXOZR
46. Encryptthemessage“cometothewindow” using playfairmatrix.(notethegivenkeyis
Keyword)
k e y w o
r d a b c
f g h i/j l
mn p q s
t u v x z
Plaintext : come tothe windowSplitting
: cometothewindowx
Ciphertext: LCNKZKVFYOGQCEBW
47. UsingtheCaesarcipher,encryptthemessage“meetmeafterthetoga party”using thekey x=x+3.
Plaintext: meetmeafterthetogaparty
Key:x=x+3
Ciphertext:PHHWPHDIWHU WKHWRJDSDUWB
48. Writeshort notes onHillCipher.
 The Hill cipher is an example of a block cipher. A block cipher is a cipher
inwhichgroupsofletters areencipheredtogetherin equallengthblock.
 In order to encrypt a message using the Hill cipher, the sender and receiver mustfirst agree
upon a key matrix A of size n x n. A must be invertible mod 26. Theplaintextwill
thenbeencipheredinblocks ofsizen.
Advantagesofhillcipher
 Itmasqueradeletterfrequencyofplaintext.
 Itisfast andeasytoapply
55
49. DrawthestructureofNetworkaccessSecuritymodel.
50. Defineideal blockcipher.

 A 4-bit input produces one of 16 possible input states, which is mapped by thesubstitution
cipher into a unique one of 16 possible output states, each
ofwhichisrepresentedby4ciphertextbits.
 The encryption and decryption mappings can be defined by a tabulation. This isthe most
general form of block cipher and can be used to define any reversiblemapping between plaintext
and cipher text. Feistel refers to this as the
idealblockcipher,becauseitallowsforthemaximumnumberofpossibleencryption
mappingsfromtheplaintextblock.
51. Encrypttheplaintexttobeornottobeusingthevigenerecipherforthekeyvaluenow.(Jun/Jul2021)
The Vigenère cipher uses a 26×26 table with A to Z as the row heading andcolumn
heading This table is usually referred to as the Vigenère Tableau, VigenèreTable or Vigenère
Square. We shall use Vigenère Table. The first row of this table hasthe 26 English letters.
Starting with the second row, each row has the letters shifted tothe left one position in a cyclic
way. For example, when B is shifted to the first positiononthesecondrow,the letterAmovestothe
end.
In addition to the plaintext, the Vigenère cipher also requires a keyword, which isrepeated so
that the total length is equal to that of the plaintext. For example, suppose theplaintext is
MICHIGAN TECHNOLOGICAL UNIVERSITY and the keywordis
HOUGHTON.Then,the keyword must be repeatedasfollows:
MICHIGAN TECHNOLOGICAL
UNIVERSITYHOUGHTONHOUGHTONHOUGHTONHOUGNTO
52. If a bit error occurs in plain text block b1, how far does the error propagate in CBC mode
of DES? [Nov/Dec 2022]
CBC is designed for chaining, therefore while encryption, if there is one block error at
position ii, it will affect the rest of cipher text. This also can be seen from below if write the
equation of encryption of jj-th block.
Cj=Enck(Pj⊕Enck(Pj−1⊕⋯Enck(P1⊕IV)⋯)).
Cj=Enck(Pj⊕Enck(Pj−1⊕⋯Enck(P1⊕IV)⋯)).
If i<ji<j then the jj-th plaintext block will be affected.

However, while decryption of the cipher text, that is encryption of the plaintext that contains
the errored block, you will get only one block with error, the errored plaintext block. Or
simply, you will get what you encrypted if there is no error/corruption on the cipher text
blocks.

Unit 1 Introduction To Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 1 Introduction To Security

Uploaded by

Copyright:

Available Formats

CB3491– Cryptography and cyber security (Regulation2021)

III Year / V Semester - CSE

COMPUTER SECURITY CONCEPTS

Definition of Computer Security

The Challenges of Computer Security

THE OSI SECURITY ARCHITECTURE:

ITU-T: The International Telecommunication Union (ITU) Telecommunication Standardization Sector

Any action that compromises the security of information owned by an organization.

1. What are the different types of security attacks? Explain.(Nov/Dec2013)[Nov/Dec

An unauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized

The attack is majorly classified into two types:

Passive attacks are of two types:

1. Release of message contents

These attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity.

Cryptanalysis is also referred to as codebreaking or cracking the code.

SECURITY SERVICES AND MECHANISMS

2. Explain the different types of security services?

AUTHENTICATION: The authentication service is concerned with assuring that a communication

Two specific authentication services are defined in X.800:

Data Origin Authentication

Connection Confidentiality: Theprotection of alluser dataona connection.

TrafficFlowConfidentiality: Theprotection of theinformation thatmightbederivedfrom observation

Connection Integrity with Recovery:

Connection IntegritywithoutRecovery: Asabove, butprovides onlydetectionwithout recovery.

SelectiveField Connection Integrity:Itprovidesfortheintegrityofselectedfieldswithintheuserdataof

Connectionless Integrity: Providesfor the integrityof asingleconnectionlessdatablock and maytake

Selective-FieldConnectionlessIntegrity: Itprovidesforthe integrityofselectedfieldswithin

Nonrepudiation, Origin: Proof that themessagewas sentby thespecified party.

Nonrepudiation, Destination: Proof that the messagewasreceived by thespecifiedparty.

Oneofthemostspecificsecuritymechanisms inuseis cryptographic techniques.Encryption

MaybeincorporateintotheappropriateprotocollayerinordertoprovidesomeoftheOSI security services.

DigitalSignature:Dataappended to,or acryptographic transformation of,adataunitthat

Access Control: Avariety ofmechanismsthat enforceaccessrightsto resources

TrafficPadding:The insertionofbitsintogapsinadatastreamtofrustratetrafficanalysis attempts.

allowsrouting changes, especially when abreach of securityis suspected.

Notarization: Theuseof a trusted third party to assurecertain propertiesof adata exchange.

TrustedFunctionality:That whichisperceivedtobecorrectwithrespecttosomecriteria (e.g., asestablished

Event Detection: Detection of security-relevantevents.

Security Recovery: Dealswith requestsfrom mechanisms, such asevent handling

A MODEL FOR NETWORK SECURITY

4. ExplainBrieflyaboutNetworkSecurityModel. [Nov/Dec 2022].

FigureNetwork Security Model

Securityaspects comeintoplaywhenitis necessaryordesirabletoprotecttheinformation

 Asecurity-relatedtransformationon theinformationtobesent. Examplesincludethe

Thisgeneralmodelshowsthat there arefourbasictasksindesigning aparticularsecurity service:

1. Design an algorithmfor performing thesecurity-related transformation. Thealgorithm should besuch

2. Generatethesecretinformation to beusedwith thealgorithm.

3. Develop methodsfor thedistributionandsharing of thesecretinformation.

4. Specifyaprotocoltobeusedbythetwoprincipalsthatmakesuseofthesecurity algorithm and thesecret

However, there areother security-relatedsituationsof interest thatdo notneatly fitthismodel

Informationaccessthreats:Interceptormodify dataon behalf of users whoshould nothave accessto that

Servicethreats:Exploitserviceflawsin computerstoinhibituseby legitimateusers.

Fig.7 Simplified Modelof Symmetric Encryption

Two requirementsforsecureuseof symmetricencryption:

Fig.8. conventional cryptosystem

Cryptographic systems are characterized along three independent dimensions:

 The type of operations used for transforming plaintext to ciphertext.

Cryptanalysis and Brute-Force Attack

Types of Attacks on Encrypted Messages

plain: meet me after the toga party

Let us assign a numerical equivalent to each letter:

abc, acb, bac, bca, cab, cba