CS 3202: INFORMATION SYSTEMS

SECURITY

INTRODUCTION
 VISION-MISSION DEPARTMENT

VISION
❖TO ACHIEVE EXCELLENCE IN COMPUTER SCIENCE &
ENGINEERING EDUCATION FOR GLOBAL COMPETENCY WITH
HUMAN VALUES

MISSION
❖PROVIDE INNOVATIVE ACADEMIC & RESEARCH ENVIRONMENT
TO DEVELOP COMPETITIVE ENGINEERS IN THE FIELD OF
COMPUTER SCIENCE AND ENGINEERING.
❖DEVELOP PROBLEM-SOLVING & PROJECT MANAGEMENT SKILLS
BY STUDENT CENTRIC ACTIVITIES & INDUSTRY
COLLABORATION.
❖NURTURE THE STUDENTS WITH SOCIAL & ETHICAL VALUES
 INTRODUCTION

❖THIS COURSE IS OFFERED BY DEPT. OF COMPUTER SCIENCE, THE

AIM OF THE COURSE TO PROVIDE THE STUDENTS BASIC
BACKGROUND ON INFORMATION SYSTEMS.
❖THIS IS TARGETING STUDENTS WHO WISH TO PURSUE CAREER IN
THE FIELD OF INFORMATION SECURITY. THE COURSE INCLUDES
UNDERSTANDING THE PRINCIPLES FOR MULTI-LAYER SECURITY
AND MANAGEMENT SYSTEMS FOR THE NETWORK. THE FOCUS IS
ON TECHNIQUES AND PROTOCOL USED FOR DIFFERENT TYPES OF
SECURITY POLICIES.
 COURSE OUTCOME
• [CS 3101.1] ILLUSTRATE THE CONCEPT OF INFORMATION SYSTEM AND
CLASSICAL CRYPTOGRAPHY.

• [CS 3101.2] APPLY THE CONCEPTS OF CIPHER ALGORITHMS WITH

MATHEMATICAL STANDARDS.

• [CS 3101.3] MAKE USE OF PUBLIC KEY ENCRYPTION WITH KEY EXCHANGE
FUNDAMENTALS.

• [CS 3101.4] DEMONSTRATE AUTHENTICATION MANAGEMENT AND ITS

RELEVANT ISSUES.

• [CS 3101.5] INFER THE APPLICATIONS OF CRYPTOGRAPHY FOR INFORMATION

SYSTEMS.
 PROGRAM OUTCOME
• [PO.1]. ENGINEERING KNOWLEDGE: APPLY THE KNOWLEDGE OF MATHEMATICS,
COMPUTER SCIENCE, AND COMMUNICATION ENGINEERING FUNDAMENTALS TO THE
SOLUTION OF COMPLEX ENGINEERING PROBLEMS.

• [PO.2]. PROBLEM ANALYSIS: THE SOPHISTICATED CURRICULUM WOULD ENABLE A

GRADUATE TO IDENTIFY, FORMULATE, REVIEW RESEARCH LITERATURE, AND ANALYSES
COMPLEX ENGINEERING PROBLEMS REACHING SUBSTANTIATED CONCLUSIONS USING
BASIC PRINCIPLES OF MATHEMATICS, COMPUTING TECHNIQUES AND COMMUNICATION
ENGINEERING PRINCIPLES.

• [PO.3]. DESIGN/DEVELOPMENT OF SOLUTIONS: UPON ANALYZING, THE B. TECH CCE

GRADUATE SHOULD BE ABLE TO DEVISE SOLUTIONS FOR COMPLEX ENGINEERING
PROBLEMS AND DESIGN SYSTEM COMPONENTS OR PROCESSES THAT MEET THE SPECIFIED
REQUIREMENTS WITH APPROPRIATE CONSIDERATION FOR LAW, SAFETY, CULTURAL &
SOCIETAL OBLIGATIONS WITH ENVIRONMENTAL CONSIDERATIONS
 PROGRAM OUTCOME
• [PO.4]. CONDUCT INVESTIGATIONS OF COMPLEX PROBLEMS: TO IMBIBE THE INQUISITIVE
PRACTICES TO HAVE THRUST FOR INNOVATION AND EXCELLENCE THAT LEADS TO USE
RESEARCH-BASED KNOWLEDGE AND RESEARCH METHODS INCLUDING DESIGN OF
EXPERIMENTS, ANALYSIS AND INTERPRETATION OF DATA, AND SYNTHESIS OF THE
INFORMATION TO PROVIDE VALID CONCLUSIONS.

• [PO.5]. MODERN TOOL USAGE: CREATE, SELECT, AND APPLY APPROPRIATE TECHNIQUES,
RESOURCES, AND MODERN ENGINEERING AND IT TOOLS INCLUDING PREDICTION AND
MODELLING TO COMPLEX ENGINEERING ACTIVITIES WITH AN UNDERSTANDING OF THE
LIMITATIONS.

• [PO.6]. THE ENGINEER AND SOCIETY: THE ENGINEERS ARE CALLED SOCIETY BUILDERS AND
TRANSFORMERS. B. TECH CCE GRADUATE SHOULD BE ABLE TO APPLY REASONING
INFORMED BY THE CONTEXTUAL KNOWLEDGE TO ASSESS SOCIETAL, HEALTH, SAFETY,
LEGAL AND CULTURAL ISSUES AND THE CONSEQUENT RESPONSIBILITIES RELEVANT TO THE
PROFESSIONAL ENGINEERING PRACTICE.
 PROGRAM OUTCOME
• [[PO.7]. ENVIRONMENT AND SUSTAINABILITY: THE ZERO EFFECT AND ZERO DEFECT IS NOT
JUST A SLOGAN, IT IS TO BE PRACTICED IN EACH ACTION. THUS, A B. TECH. CCE SHOULD
UNDERSTAND THE IMPACT OF THE PROFESSIONAL ENGINEERING SOLUTIONS IN SOCIETAL
AND ENVIRONMENTAL CONTEXTS, AND DEMONSTRATE THE KNOWLEDGE OF, AND NEED
FOR SUSTAINABLE DEVELOPMENT.
• [PO.8]. ETHICS: PROTECTION OF IPR, STAYING AWAY FROM PLAGIARISM ARE IMPORTANT.
STUDENT SHOULD BE ABLE TO APPLY ETHICAL PRINCIPLES AND COMMIT TO PROFESSIONAL
ETHICS, RESPONSIBILITIES AND NORMS OF THE ENGINEERING PRACTICE.
• [PO.9]. INDIVIDUAL AND TEAMWORK: UNITED WE GROW, DIVIDED WE FALL IS A CULTURE
AT MUJ. THUS, AN OUTGOING STUDENT SHOULD BE ABLE TO FUNCTION EFFECTIVELY AS
AN INDIVIDUAL, AND AS A MEMBER OR LEADER IN DIVERSE TEAMS, AND IN
MULTIDISCIPLINARY SETTINGS.
• [PO.10]. COMMUNICATION: COMMUNICATE EFFECTIVELY FOR ALL ENGINEERING
PROCESSES & ACTIVITIES WITH THE PEER ENGINEERING TEAM, COMMUNITY AND WITH
SOCIETY AT LARGE. CLARITY OF THOUGHTS, BEING ABLE TO COMPREHEND AND
FORMULATE EFFECTIVE REPORTS AND DESIGN DOCUMENTATION, MAKE EFFECTIVE
PRESENTATIONS, AND GIVE AND RECEIVE CLEAR INSTRUCTIONS
 PROGRAM OUTCOME
• [PO.11]. PROJECT MANAGEMENT AND FINANCE: DEMONSTRATE KNOWLEDGE AND
UNDERSTANDING OF THE ENGINEERING AND MANAGEMENT PRINCIPLES AND APPLY THESE
TO ONE’S OWN WORK, AS A MEMBER AND LEADER IN A TEAM, TO MANAGE PROJECTS
AND IN VARIED ENVIRONMENTS.

• [PO.12]. LIFE-LONG LEARNING: RECOGNIZE THE NEED FOR AND HAVE THE PREPARATION
AND ABILITY TO ENGAGE IN INDEPENDENT AND LIFE-LONG LEARNING IN THE BROADEST
CONTEXT OF TECHNOLOGICAL CHANGE.
 SECURITY GOALS

Confidentiality is probably the most common aspect of information

security. We need to protect our confidential information. An
organization needs to guard against those malicious actions that
endanger the confidentiality of its information.
Information needs to be changed constantly. Integrity means that
changes need to be done only by authorized entities and through
authorized mechanisms.
The information created and stored by an organization needs to be
available to authorized entities. Information needs to be constantly
changed, which means it must be accessible to authorized entities.
• CONFIDENTIALITY: THIS TERM COVERS TWO RELATED CONCEPTS:
• DATA CONFIDENTIALITY: ASSURES THAT PRIVATE OR CONFIDENTIAL INFORMATION IS NOT
MADE AVAILABLE OR DISCLOSED TO UN AUTHORIZED INDIVIDUALS.
• PRIVACY: ASSURES THAT INDIVIDUALS CONTROL OR INFLUENCE WHAT INFORMATION
RELATED TO THEM MAY BE COLLECTED AND STORED AND BY WHOM AND TO WHOM THAT
INFORMATION MAY BE DISCLOSED.

• INTEGRITY: THIS TERM COVERS TWO RELATED CONCEPTS:

• DATA INTEGRITY: ASSURES THAT INFORMATION (BOTH STORED AND IN TRANSMITTED
PACKETS) AND PROGRAMS ARE CHANGED ONLY IN A SPECIFIED AND AUTHORIZED
MANNER.
• SYSTEM INTEGRITY: ASSURES THAT A SYSTEM PERFORMS ITS INTENDED FUNCTION IN AN
UNIMPAIRED MANNER, FREE FROM DELIBERATE OR INADVERTENT UNAUTHORIZED
MANIPULATION OF THE SYSTEM.

• AVAILABILITY: ASSURES THAT SYSTEMS WORK PROMPTLY AND SERVICE IS NOT

DENIED TO AUTHORIZED USER.
 ATTACKS
• The three goals of security⎯confidentiality, integrity, and
availability⎯can be threatened by security attacks.
• Attacks Threatening Confidentiality
• Attacks Threatening Integrity
• Attacks Threatening Availability
• Passive versus Active Attacks
 ATTACKS THREATENING CONFIDENTIALITY
• Snooping refers to unauthorized access to or interception of data.
• Traffic analysis refers to obtaining some other type of
information by monitoring online traffic.

ATTACKS THREATENING INTEGRITY

• Modification means that the attacker intercepts the message and
changes it.
• Masquerading or spoofing happens when the attacker
impersonates somebody else.
• Replaying means the attacker obtains a copy
of a message sent by a user and later tries to replay it.
• Repudiation means that sender of the message might later deny
that she has sent the message; the receiver of the message might
later deny that he has received the message.
 ATTACKS THREATENING AVAILABILITY

• Denial of service (DoS) is a very common attack. It may slow

down or totally interrupt the service of a system. DoS attacks
accomplish this by flooding the target with traffic or sending it
information that triggers a crash.
 ATTACK MODELS

• PASSIVE ATTACKS: A PASSIVE ATTACK ATTEMPTS TO LEARN OR MAKE USE OF

INFORMATION FROM THE SYSTEM BUT DOES NOT AFFECT SYSTEM RESOURCES.
PASSIVE ATTACKS ARE IN THE NATURE OF EAVESDROPPING ON OR MONITORING
TRANSMISSION. THE GOAL OF THE OPPONENT IS TO OBTAIN INFORMATION THAT
IS BEING TRANSMITTED.
(A) RELEASE OF MESSAGE CONTENTS
• A TELEPHONE CONVERSATION, AN E-MAIL MESSAGE AND A TRANSFERRED FILE
MAY CONTAIN SENSITIVE OR CONFIDENTIAL INFORMATION.
• WE WOULD LIKE TO PREVENT THE OPPONENT FROM LEARNING THE CONTENT OF
THESE TRANSMISSIONS.
(B) TRAFFIC ANALYSIS
• IT IS A KIND OF ATTACK DONE ON ENCRYPTED MESSAGES.
• THE OPPONENT MIGHT BE ABLE TO OBSERVE THE PATTERN OF SUCH ENCRYPTED
MESSAGE.
• THE OPPONENT COULD DETERMINE THE LOCATION AND IDENTITY OF
COMMUNICATING HOSTS AND COULD OBSERVE THE FREQUENCY AND LENGTH OF
MESSAGES BEING EXCHANGED .
• ACTIVE ATTACKS: AN ACTIVE ATTACK ATTEMPTS TO ALTER SYSTEM RESOURCES OR
AFFECT THEIR OPERATIONS. ACTIVE ATTACKS INVOLVE SOME MODIFICATION OF THE
DATA STREAM OR THE CREATION OF FALSE STATEMENTS.
• (A) MASQUERADE: IT TAKES PLACE WHEN ONE ENTITY PRETENDS TO BE A
DIFFERENT ENTITY.
• FOR E.G. AUTHENTICATION SEQUENCES CAN BE CAPTURED AND REPLAYED AFTER A
VALID AUTHENTICATION SEQUENCE HAS TAKEN PLACE, THUS ENABLING AN
AUTHORIZED ENTITY WITH FEW PRIVILEGES TO OBTAIN EXTRA PRIVILEGES BY
IMPERSONATING AN ENTITY THAT HAS THOSE PRIVILEGES.
(B) REPLAY: IT INVOLVES THE PASSIVE CAPTURE OF A DATA UNIT AND ITS SUBSEQUENT
RETRANSMISSION TO PRODUCE AN UNAUTHORIZED EFFECT. IN THIS ATTACK, THE
BASIC AIM OF THE ATTACKER IS TO SAVE A COPY OF THE DATA ORIGINALLY PRESENT
ON THAT PARTICULAR NETWORK AND LATER ON USE THIS DATA FOR PERSONAL USES.

(C) MODIFICATION OF MESSAGE: IT MEANS THAT SOME POSITION OF A MESSAGE IS

ALTERED, OR THAT MESSAGES ARE DELAYED OR RENDERED, TO PRODUCE AN
UNAUTHORIZED EFFECT.
• SUPPOSE A MESSAGE MEANING “ALLOW FRED SMITH TO READ CONFIDENTIAL FILE
ACCOUNTS DETAILS” IS MODIFIED TO MEAN “ALLOW JOHN SMITH TO READ THE
CONFIDENTIAL FILE ACCOUNTS”.
(D) DENIAL OF SERVICE (DOS)
• A DENIAL OF SERVICE ATTACK TAKES PLACE WHEN THE AVAILABILITY TO A
RESOURCE IS INTENTIONALLY BLOCKED OR DEGRADED BY AN ATTACKER.
• IN THIS WAY THE NORMAL USE OR MANAGEMENT OF COMMUNICATION
FACILITIES IS INHIBITED.
• THIS ATTACK MAY HAVE A SPECIFIC TARGET. FOR E.G. AN ENTITY MAY SUPPRESS
ALL MESSAGES DIRECTED TO A PARTICULAR DESTINATION.
• ANOTHER FORM OF SERVICE DENIAL IS THE DISRUPTION OF AN ENTIRE NETWORK,
EITHER BY DISABLING THE NETWORK OR BY OVERLOADING IT WITH MESSAGES SO
AS TO DEGRADE PERFORMANCE.
 CRYPTOGRAPHY
• Cryptology refers to the study of codes, which involves both writing
(cryptography) and solving (cryptanalysis) them.

• Cryptography, a word with Greek origins, means “secret

writing.” However, we use the term to refer to the science and art
of transforming messages to make them secure and immune to
attacks.
• CRYPTANALYSIS THE STUDY OF PRINCIPLES AND METHODS OF
TRANSFORMING AN UNINTELLIGIBLE MESSAGE BACK INTO AN INTELLIGIBLE
MESSAGE WITHOUT KNOWLEDGE OF THE KEY. ALSO CALLED CODE
BREAKING.
• PLAINTEXT: THE ORIGINAL INTELLIGIBLE MESSAGE
• CIPHER TEXT: THE TRANSFORMED MESSAGE
• CIPHER: AN ALGORITHM FOR TRANSFORMING AN INTELLIGIBLE MESSAGE
INTO ONE THAT IS UNINTELLIGIBLE BY TRANSPOSITION AND/OR
SUBSTITUTION METHODS
• KEY: SOME CRITICAL INFORMATION USED BY THE CIPHER, KNOWN ONLY TO
THE SENDER& RECEIVER
• ENCIPHER (ENCODE): THE PROCESS OF CONVERTING PLAINTEXT TO CIPHER
TEXT USING A CIPHER AND A KEY
• DECIPHER (DECODE): THE PROCESS OF CONVERTING CIPHER TEXT BACK
INTO PLAINTEXT USING A CIPHER AND A KEY
 SYMMETRIC KEY CRYPTOGRAPHY
• SYMMETRIC KEY CRYPTOGRAPHY IS A TYPE OF ENCRYPTION SCHEME IN WHICH
THE SIMILAR KEY IS USED BOTH TO ENCRYPT AND DECRYPT MESSAGES.
• SUCH AN APPROACH OF ENCODING DATA HAS BEEN LARGELY USED IN THE
PREVIOUS DECADES TO FACILITATE SECRET COMMUNICATION BETWEEN
GOVERNMENTS AND MILITARIES.
• SYMMETRIC-KEY CRYPTOGRAPHY IS CALLED A SHARED-KEY, SECRET-KEY, SINGLE-
KEY, ONE-KEY AND EVENTUALLY PRIVATE-KEY CRYPTOGRAPHY.
• WITH THIS FORM OF CRYPTOGRAPHY, IT IS CLEAR THAT THE KEY SHOULD BE
KNOWN TO BOTH THE SENDER AND THE RECEIVER THAT THE SHARED.
• THE COMPLEXITY WITH THIS APPROACH IS THE DISTRIBUTION OF THE KEY.
 ASYMMETRIC KEY CRYPTOGRAPHY
• ASYMMETRIC IS A FORM OF CRYPTOSYSTEM IN WHICH ENCRYPTION AND
DECRYPTION ARE PERFORMED USING DIFFERENT KEYS-PUBLIC KEY (KNOWN TO
EVERYONE) AND PRIVATE KEY (SECRET KEY). THIS IS KNOWN AS PUBLIC KEY
ENCRYPTION.
• PUBLIC KEY ENCRYPTION IS IMPORTANT BECAUSE IT IS INFEASIBLE TO DETERMINE
THE DECRYPTION KEY GIVEN ONLY THE KNOWLEDGE OF THE CRYPTOGRAPHIC
ALGORITHM AND ENCRYPTION KEY.
• EITHER OF THE TWO KEYS (PUBLIC AND PRIVATE KEY) CAN BE USED FOR
ENCRYPTION WITH OTHER KEY USED FOR DECRYPTION.
• THE MOST WIDELY USED PUBLIC-KEY CRYPTOSYSTEM IS RSA (RIVEST–SHAMIR–
ADLEMAN). THE DIFFICULTY OF FINDING THE PRIME FACTORS OF A COMPOSITE
NUMBER IS THE BACKBONE OF RSA.
Symmetric Key Encryption Asymmetric Key Encryption

It only requires a single key for both encryption and It requires two keys, a public key and a private key, one to
decryption. encrypt and the other one to decrypt.

The size of cipher text is the same or smaller than the The size of cipher text is the same or larger than the original
original plain text. plain text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is required to

It is used to transfer small amounts of data.
transfer.

It only provides confidentiality. It provides confidentiality, authenticity, and non-repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource utilization is low as

In asymmetric key encryption, resource utilization is high.
compared to asymmetric key encryption.

It is comparatively less efficient as it can handle a small

It is efficient as it is used for handling large amount of data.
amount of data.

Security is less as only one key is used for both encryption It is more secure as two keys are used here- one for
and decryption purpose. encryption and the other for decryption.

The Mathematical Representation is as follows-

The Mathematical Representation is as follows-
P = D(Kd, E (Ke,P))
P = D (K, E(P))
where Ke –> encryption key
where K –> encryption and decryption key
Kd –> decryption key
P –> plain text
D –> Decryption
D –> Decryption
E(Ke, P) –> Encryption of plain text using encryption key Ke .
E(P) –> Encryption of plain text
P –> plain text
 STEGANOGRAPHY
• The word steganography, with origin in Greek, means “covered
writing,” in contrast with cryptography, which means “secret
writing.”
• Cryptography means concealing the contents of a message by
enciphering; steganography means concealing the message itself
by covering it with something else.
 KERCKOFF’S PRINCIPLE
• KERCKHOFFS'S PRINCIPLE IS ONE OF THE BASIC PRINCIPLES OF MODERN
CRYPTOGRAPHY.
• IT WAS FORMULATED IN THE END OF THE NINETEENTH CENTURY BY DUTCH
CRYPTOGRAPHER AUGUSTE KERCKHOFFS.
• THE PRINCIPLE GOES AS FOLLOWS: A CRYPTOGRAPHIC SYSTEM SHOULD BE
SECURE EVEN IF EVERYTHING ABOUT THE SYSTEM, EXCEPT THE KEY, IS PUBLIC
KNOWLEDGE.
 CRYPTANALYSIS
• As cryptography is the science and art of creating secret codes,
cryptanalysis is the science and art of breaking those codes.
 CIPHERTEXT ONLY ATTACK (COA)
• IN THIS SORT OF ATTACK, THE ATTACKER ONLY HAS SOME CIPHERTEXT AND
ATTEMPTS TO DECRYPT THE ENCRYPTION KEY AND PLAINTEXT USING ONLY THE
CIPHERTEXT.
• IT IS THE MOST COMPLEX TO IMPLEMENT, BUT IT IS ALSO THE MOST VULNERABLE
TO ATTACK DUE TO THE FACT THAT IT MERELY REQUIRES CIPHERTEXT.
 KNOWN PLAINTEXT ATTACK (KPA)
• SOME PLAINTEXT-CIPHERTEXT COMBINATIONS ARE PREVIOUSLY KNOWN IN THIS
TYPE OF ATTACK. IN ORDER TO FIND THE ENCRYPTION KEY, THE ATTACKER MAPS
THEM. THIS ASSAULT IS EASY TO CARRY OUT BECAUSE A LARGE AMOUNT OF
INFORMATION IS ALREADY AVAILABLE.
 CHOSEN PLAINTEXT ATTACK (CPA)
• THE ATTACKER SELECTS RANDOM PLAINTEXTS, OBTAINS THE CIPHERTEXTS, AND
ATTEMPTS TO DECRYPT THE MESSAGE.
• IT IS AS STRAIGHTFORWARD TO IMPLEMENT AS KPA, BUT ITS SUCCESS RATE IS
MUCH LOWER. THE ATTACKER HAS ACCESS TO SENDERS COMPUTER.
• ATTACKER NEED NOT TO KNOW THE KEY BECAUSE KEY IS NORMALLY EMBEDDED IN
THE SOFTWARE USED BY THE SENDER. THIS ATTACK IS EASY TO IMPLEMENT, BUT IT
IS MUCH LESS LIKELY TO HAPPEN.
 CHOSEN CIPHERTEXT ATTACK (CCA)
• THIS IS SIMILAR TO CHOSEN PLAINTEXT ATTACK EXCEPT ATTACKER CHOSES SOME
CIPHERTEXT AND DECRYPTS IT TO FORM A CIPHERTEXT/PLAINTEXT PAIR.
• THIS CAN HAPPEN IF ATTACKER HAS ACCESS TO RECEIVERS COMPUTER.
 BRUTE FORCE ATTACK
• A BRUTE FORCE ATTACK, ALSO KNOWN AS AN EXHAUSTIVE SEARCH, IS A
CRYPTOGRAPHIC HACK THAT RELIES ON GUESSING POSSIBLE COMBINATIONS OF
A TARGETED PASSWORD UNTIL THE CORRECT PASSWORD IS DISCOVERED.
• THE LONGER THE PASSWORD, THE MORE COMBINATIONS THAT WILL NEED TO BE
TESTED.
CLASSIFICATION OF CRYPTOGRAPHY
 CLASSICAL CRYPTOGRAPHY

• IN CRYPTOGRAPHY, A CLASSICAL CRYPTOGRAPHY IS A TYPE OF CIPHER THAT WAS

USED HISTORICALLY BUT FOR THE MOST PART, HAS FALLEN INTO DISUSE.
• IN CONTRAST TO MODERN CRYPTOGRAPHIC ALGORITHMS, MOST CLASSICAL
CIPHERS CAN BE PRACTICALLY COMPUTED AND SOLVED BY HAND. HOWEVER, THEY
ARE ALSO USUALLY VERY SIMPLE TO BREAK WITH MODERN TECHNOLOGY.
• HAVE TWO BASIC COMPONENTS OF CLASSICAL CIPHERS: SUBSTITUTION AND
TRANSPOSITION
 SUBSTITUTION CRYPTOGRAPHY
• IN A SUBSTITUTION CIPHER, LETTERS (OR GROUPS OF LETTERS) ARE
SYSTEMATICALLY REPLACED THROUGHOUT THE MESSAGE FOR OTHER LETTERS (OR
GROUPS OF LETTERS).
• A WELL-KNOWN EXAMPLE OF A SUBSTITUTION CIPHER IS THE CAESAR CIPHER. TO
ENCRYPT A MESSAGE WITH THE CAESAR CIPHER, EACH LETTER OF MESSAGE IS
REPLACED BY THE LETTER THREE POSITIONS LATER IN THE ALPHABET.
• A IS REPLACED BY D, B BY E, C BY F, ETC IF KEY IS 3.
 TRANSPOSITION CRYPTOGRAPHY
• IN A TRANSPOSITION CIPHER, THE LETTERS THEMSELVES ARE KEPT UNCHANGED,
BUT THEIR ORDER WITHIN THE MESSAGE IS SCRAMBLED ACCORDING TO SOME
WELL-DEFINED SCHEME.
 STREAM CIPHER
• IN STREAM CIPHER, ONE BYTE IS ENCRYPTED AT A TIME WHILE IN BLOCK CIPHER
~128 BITS ARE ENCRYPTED AT A TIME.
• INITIALLY, A KEY(K) WILL BE SUPPLIED AS INPUT TO PSEUDORANDOM BIT
GENERATOR AND THEN IT PRODUCES A RANDOM 8-BIT OUTPUT WHICH IS TREATED
AS KEYSTREAM.
• THE RESULTED KEYSTREAM WILL BE OF SIZE 1 BYTE, I.E., 8 BITS.
• STREAM CIPHER FOLLOWS THE SEQUENCE OF PSEUDORANDOM NUMBER STREAM.
• ONE OF THE BENEFITS OF FOLLOWING STREAM CIPHER IS TO MAKE
CRYPTANALYSIS MORE DIFFICULT, SO THE NUMBER OF BITS CHOSEN IN THE
KEYSTREAM MUST BE LONG IN ORDER TO MAKE CRYPTANALYSIS MORE DIFFICULT.
• BY MAKING THE KEY MORE LONGER IT IS ALSO SAFE AGAINST BRUTE FORCE
ATTACKS.
• KEYSTREAM CAN BE DESIGNED MORE EFFICIENTLY BY INCLUDING MORE NUMBER
OF 1S AND 0S, FOR MAKING CRYPTANALYSIS MORE DIFFICULT.
• CONSIDERABLE BENEFIT OF A STREAM CIPHER IS, IT REQUIRES FEW LINES OF CODE
COMPARED TO BLOCK CIPHER.
• ENCRYPTION : FOR ENCRYPTION,
• PLAIN TEXT AND KEYSTREAM PRODUCES CIPHER TEXT (SAME KEYSTREAM WILL BE
USED FOR DECRYPTION.).
• THE PLAINTEXT WILL UNDERGO XOR OPERATION WITH KEYSTREAM BIT-BY-BIT AND
PRODUCES THE CIPHER TEXT.
• EXAMPLE –
• PLAIN TEXT : 10011001
• KEYSTREAM : 11000011
• `````````````````````
• CIPHER TEXT : 01011010
• DECRYPTION : FOR DECRYPTION,
• CIPHER TEXT AND KEYSTREAM GIVES THE ORIGINAL PLAIN TEXT (SAME KEYSTREAM
WILL BE USED FOR ENCRYPTION.).
• THE CIPHERTEXT WILL UNDERGO XOR OPERATION WITH KEYSTREAM BIT-BY-BIT
AND PRODUCES THE ACTUAL PLAIN TEXT.
• EXAMPLE –
• CIPHER TEXT : 01011010
• KEYSTREAM : 11000011
• ``````````````````````
• PLAIN TEXT : 10011001
• DECRYPTION IS JUST THE REVERSE PROCESS OF ENCRYPTION I.E. PERFORMING XOR
WITH CIPHER TEXT.
 BLOCK CIPHER
• A BLOCK CIPHER IS A SYMMETRIC CRYPTOGRAPHIC TECHNIQUE WHICH WE USED
TO ENCRYPT A FIXED-SIZE DATA BLOCK USING A SHARED, SECRET KEY.
• DURING ENCRYPTION, WE USED PLAINTEXT AND CIPHERTEXT IS THE RESULTANT
ENCRYPTED TEXT.
• IT USES THE SAME KEY TO ENCRYPT BOTH THE PLAINTEXT, AND THE CIPHERTEXT.
• A BLOCK CIPHER PROCESSES THE DATA BLOCKS OF FIXED SIZE. TYPICALLY, A
MESSAGE'S SIZE EXCEEDS A BLOCK'S SIZE.
• AS A RESULT, THE LENGTHY MESSAGE IS BROKEN UP INTO A NUMBER OF
SEQUENTIAL MESSAGE BLOCKS, AND THE CIPHER OPERATES ON THESE BLOCKS
ONE AT A TIME.
• POPULAR VARIATIONS OF THE BLOCK CIPHER ALGORITHM INCLUDE THE DATA
ENCRYPTION STANDARD (DES), TRIPLEDES, AND THE ADVANCED ENCRYPTION
STANDARD (AES).
 TYPES OF SUBSTITUTION TECHNIQUE
• 1. MONOALPHABETIC CIPHER : A MONOALPHABETIC CIPHER IS ANY CIPHER IN
WHICH THE LETTERS OF THE PLAIN TEXT ARE MAPPED TO CIPHER TEXT LETTERS
BASED ON A SINGLE ALPHABETIC KEY. EXAMPLES OF MONOALPHABETIC CIPHERS
WOULD INCLUDE THE CAESAR-SHIFT CIPHER, WHERE EACH LETTER IS SHIFTED BASED
ON A NUMERIC KEY, AND THE ATBASH CIPHER, WHERE EACH LETTER IS MAPPED TO
THE LETTER SYMMETRIC TO IT ABOUT THE CENTER OF THE ALPHABET.

• 2. POLYALPHABETIC CIPHER : A POLYALPHABETIC CIPHER IS ANY CIPHER BASED ON

SUBSTITUTION, USING MULTIPLE SUBSTITUTION ALPHABETS. THE VIGENÈRE CIPHER
IS PROBABLY THE BEST-KNOWN EXAMPLE OF A POLYALPHABETIC CIPHER, THOUGH
IT IS A SIMPLIFIED SPECIAL CASE.
SR. Monoalphabetic Cipher Polyalphabetic Cipher

Polyalphabetic cipher is any cipher based on

Monoalphabetic cipher is one where each symbol in plain
1 substitution, using multiple substitution alphabets.
text is mapped to a fixed symbol in cipher text.

The relationship between a character in the plain

The relationship between a character in the plain text and
2 text and the characters in the cipher text is one-to-
the characters in the cipher text is one-to-one.
many.
Each alphabetic character of plain text can be
Each alphabetic character of plain text is mapped onto a
3 mapped onto ‘m’ alphabetic characters of a cipher
unique alphabetic character of a cipher text.
text.

A stream cipher is a monoalphabetic cipher if the value of A stream cipher is a polyalphabetic cipher if the
4 key does not depend on the position of the plain text value of key does depend on the position of the
character in the plain text stream. plain text character in the plain text stream.

It includes autokey, Playfair, Vigenere, Hill, one-

It includes additive, multiplicative, affine and
5 time pad, rotor, and Enigma cipher.
monoalphabetic substitution cipher.

6 It is a simple substitution cipher. It is multiple substitutions cipher.

Polyalphabetic Cipher is described as substitution

Monoalphabetic Cipher is described as a substitution
cipher in which plain text letters in different
7 cipher in which the same fixed mappings from plain text
positions are enciphered using different
to cipher letters across the entire text are used.
cryptoalphabets.

Monoalphabetic ciphers are not that strong as compared

8 Polyalphabetic ciphers are much stronger.
to polyalphabetic cipher.
 CEASER CIPHER
• THE CAESAR CIPHER METHOD IS BASED ON A MONO-ALPHABETIC CIPHER AND IS
ALSO CALLED A SHIFT CIPHER OR ADDITIVE CIPHER.
• JULIUS CAESAR USED THE SHIFT CIPHER (ADDITIVE CIPHER) TECHNIQUE TO
COMMUNICATE WITH HIS OFFICERS. FOR THIS REASON, THE SHIFT CIPHER
TECHNIQUE IS CALLED THE CAESAR CIPHER.
• THE CAESAR CIPHER IS A KIND OF REPLACEMENT (SUBSTITUTION) CIPHER, WHERE
ALL LETTER OF PLAIN TEXT IS REPLACED BY ANOTHER LETTER.
• THE FORMULA OF ENCRYPTION IS:
• EN (X) = (X + N) MOD 26
• THE FORMULA OF DECRYPTION IS:
• DN (X) = (XI - N) MOD 26
• IF ANY CASE (DN) VALUE BECOMES NEGATIVE (-VE), IN THIS CASE, WE WILL
ADD 26 IN THE NEGATIVE VALUE.
• WHERE,
• E DENOTES THE ENCRYPTION
• D DENOTES THE DECRYPTION
• X DENOTES THE LETTERS VALUE
• N DENOTES THE KEY VALUE (SHIFT VALUE)
 PLAYFAIR CIPHER
• PLAYFAIR CIPHER IS PROPOSED BY CHARLES WHETSTONE IN 1889. BUT IT WAS
NAMED FOR ONE OF HIS FRIENDS LORD LYON PLAYFAIR BECAUSE HE POPULARIZED
ITS USES.
• IT IS THE MOST POPULAR SYMMETRIC ENCRYPTION TECHNIQUE THAT FALLS UNDER
THE SUBSTITUTION CIPHER.
• IT IS AN ENCODING PROCEDURE THAT ENCIPHERS MORE THAN ONE LETTER AT A
TIME.
• PLAYFAIR CIPHER IS AN ENCRYPTION ALGORITHM TO ENCRYPT OR ENCODE A
MESSAGE.
• IT IS THE SAME AS A TRADITIONAL CIPHER. THE ONLY DIFFERENCE IS THAT IT
ENCRYPTS A DIGRAPH (A PAIR OF TWO LETTERS) INSTEAD OF A SINGLE LETTER.
• IT INITIALLY CREATES A KEY-TABLE OF 5*5 MATRIX. THE MATRIX CONTAINS
ALPHABETS THAT ACT AS THE KEY FOR ENCRYPTION OF THE PLAINTEXT. NOTE THAT
ANY ALPHABET SHOULD NOT BE REPEATED. ANOTHER POINT TO NOTE THAT THERE
ARE 26 ALPHABETS AND WE HAVE ONLY 25 BLOCKS TO PUT A LETTER INSIDE IT.
• THEREFORE, ONE LETTER IS EXCESS SO, A LETTER WILL BE OMITTED (USUALLY J)
FROM THE MATRIX. NEVERTHELESS, THE PLAINTEXT CONTAINS J, THEN J IS REPLACED
BY I. IT MEANS TREAT I AND J AS THE SAME LETTER, ACCORDINGLY.
• PLAYFAIR CIPHER ENCRYPTION RULES
• 1. FIRST, SPLIT THE PLAINTEXT INTO DIGRAPHS (PAIR OF TWO LETTERS). IF THE
PLAINTEXT HAS THE ODD NUMBER OF LETTERS, APPEND THE LETTER Z AT THE END
OF THE PLAINTEXT. IT MAKES THE PLAINTEXT OF EVEN FOR EXAMPLE, THE
PLAINTEXT MANGO HAS FIVE LETTERS. SO, IT IS NOT POSSIBLE TO MAKE A DIGRAPH.
SINCE, WE WILL APPEND A LETTER Z AT THE END OF THE PLAINTEXT, I.E. MANGOZ.
• 2. AFTER THAT, BREAK THE PLAINTEXT INTO DIGRAPHS (PAIR OF TWO LETTERS). IF
ANY LETTER APPEARS TWICE (SIDE BY SIDE), PUT X AT THE PLACE OF THE SECOND
OCCURRENCE. SUPPOSE, THE PLAINTEXT IS COMMUNICATE THEN ITS DIGRAPH
BECOMES CO MX MU NI CA TE. SIMILARLY, THE DIGRAPH FOR THE
PLAINTEXT JAZZ WILL BE JA ZX ZX, AND FOR PLAINTEXT GREET, THE DIGRAPH WILL
BE GR EX ET.
• TO DETERMINE THE CIPHER (ENCRYPTION) TEXT, FIRST, BUILD A 5*5 KEY-MATRIX OR
KEY-TABLE AND FILLED IT WITH THE LETTERS OF ALPHABETS, AS DIRECTED BELOW:
• FILL THE FIRST ROW (LEFT TO RIGHT) WITH THE LETTERS OF THE GIVEN KEYWORD
(ATHENS). IF THE KEYWORD HAS DUPLICATE LETTERS (IF ANY) AVOID THEM. IT
MEANS A LETTER WILL BE CONSIDERED ONLY ONCE. AFTER THAT, FILL THE
REMAINING LETTERS IN ALPHABETICAL ORDER. LET'S CREATE A 5*5 KEY-MATRIX FOR
THE KEYWORD ATHENS.
• THERE MAY BE THE FOLLOWING THREE CONDITIONS:
• I) IF A PAIR OF LETTERS (DIGRAPH) APPEARS IN THE SAME ROW
• IN THIS CASE, REPLACE EACH LETTER OF THE DIGRAPH WITH THE LETTERS
IMMEDIATELY TO THEIR RIGHT. IF THERE IS NO LETTER TO THE RIGHT, CONSIDER THE
FIRST LETTER OF THE SAME ROW AS THE RIGHT LETTER. SUPPOSE, Z IS A LETTER
WHOSE RIGHT LETTER IS REQUIRED, IN SUCH CASE, T WILL BE RIGHT TO Z.
• II) IF A PAIR OF LETTERS (DIGRAPH) APPEARS IN THE SAME COLUMN
• IN THIS CASE, REPLACE EACH LETTER OF THE DIGRAPH WITH THE LETTERS
IMMEDIATELY BELOW THEM. IF THERE IS NO LETTER BELOW, WRAP AROUND TO THE
TOP OF THE SAME COLUMN. SUPPOSE, W IS A LETTER WHOSE BELOW LETTER IS
REQUIRED, IN SUCH CASE, V WILL BE BELOW W.
• III) IF A PAIR OF LETTERS (DIGRAPH) APPEARS IN A DIFFERENT ROW AND
DIFFERENT COLUMN: IN THIS CASE, SELECT A 3*3 MATRIX FROM A 5*5 MATRIX
SUCH THAT PAIR OF LETTERS APPEAR IN THE 3*3 MATRIX. SINCE THEY OCCUPY TWO
OPPOSITE CORNERS OF A SQUARE WITHIN THE MATRIX. THE OTHER CORNER WILL
BE A CIPHER FOR THE GIVEN DIGRAPH.
• SUPPOSE, A DIGRAPH IS HY AND WE HAVE TO FIND A CIPHER FOR IT. WE OBSERVE
THAT BOTH H AND Y ARE PLACED IN DIFFERENT ROWS AND DIFFERENT COLUMNS.
IN SUCH CASES, WE HAVE TO SELECT A 3*3 MATRIX IN SUCH A WAY THAT BOTH H
AND Y APPEAR IN THE 3*3 MATRIX (HIGHLIGHTED WITH YELLOW COLOR). NOW, WE
WILL CONSIDER ONLY THE SELECTED MATRIX TO FIND THE CIPHER.
• NOW TO FIND THE CIPHER FOR HY, WE WILL CONSIDER THE DIAGONAL OPPOSITE
TO HY, I.E. LU. THEREFORE, THE CIPHER FOR H WILL BE L, AND THE CIPHER FOR Y
WILL BE U.

• PLAYFAIR CIPHER DECRYPTION

• THE DECRYPTION PROCEDURE IS THE SAME AS ENCRYPTION BUT THE STEPS ARE
APPLIED IN REVERSE ORDER. FOR DECRYPTION CIPHER IS SYMMETRIC (MOVE LEFT
ALONG ROWS AND UP ALONG COLUMNS). THE RECEIVER OF THE PLAIN TEXT HAS
THE SAME KEY AND CAN CREATE THE SAME KEY-TABLE THAT IS USED TO DECRYPT
THE MESSAGE.
• EXAMPLE OF PLAYFAIR CIPHES: SUPPOSE, THE PLAINTEXT IS COMMUNICATION AND
THE KEY THAT WE WILL USE TO ENCIPHER THE PLAINTEXT IS COMPUTER. THE KEY
CAN BE ANY WORD OR PHRASE. LET'S ENCIPHER THE MESSAGE COMMUNICATION.
• 1. FIRST, SPLIT THE PLAINTEXT INTO DIGRAPH (BY RULE 2) I.E. CO MX MU NI CA TE.
• 2. CONSTRUCT A 5*5 KEY-MATRIX (BY RULE 3). IN OUR CASE, THE KEY IS
COMPUTER.
• NOW, WE WILL TRAVERSE IN KEY-MATRIX PAIR BY PAIR AND FIND THE
CORRESPONDING ENCIPHER FOR THE PAIR.
• THE FIRST DIGRAPH IS CO. THE PAIR APPEARS IN THE SAME ROW. BY USING RULE
4(I) CO GETS ENCIPHER INTO OM.
• THE SECOND DIGRAPH IS MX. THE PAIR APPEARS IN THE SAME COLUMN. BY USING
RULE 4(II) MX GETS ENCIPHER INTO RM.
• THE THIRD DIGRAPH IS MU. THE PAIR APPEARS IN THE SAME ROW. BY USING RULE
4(I) MU GETS ENCIPHER INTO PC.
• THE FOURTH DIGRAPH IS NI. THE PAIR APPEARS IN DIFFERENT ROWS AND
DIFFERENT COLUMNS. BY USING RULE 4(III) NI GETS ENCIPHER INTO SG.
• THE FIFTH DIGRAPH IS CA. THE PAIR APPEARS IN DIFFERENT ROWS AND DIFFERENT
COLUMNS. BY USING RULE 4(III) CA GETS ENCIPHER INTO PT.
• THE SIXTH DIGRAPH IS TE. THE PAIR APPEARS IN THE SAME ROW. BY USING RULE
4(I) TE GETS ENCIPHER INTO ER.
• THEREFORE, THE PLAINTEXT COMMUNICATE GETS ENCIPHER (ENCRYPTED) INTO
OMRMPCSGPTER.
 VIGENERE CIPHER
• THE VIGENERE CIPHER IS AN ALGORITHM THAT IS USED TO ENCRYPTING AND
DECRYPTING THE TEXT.
• THE VIGENERE CIPHER IS AN ALGORITHM OF ENCRYPTING AN ALPHABETIC TEXT
THAT USES A SERIES OF INTERWOVEN CAESAR CIPHERS. IT IS BASED ON A
KEYWORD'S LETTERS.
• IT IS AN EXAMPLE OF A POLYALPHABETIC SUBSTITUTION CIPHER. THIS ALGORITHM
IS EASY TO UNDERSTAND AND IMPLEMENT.
• THIS ALGORITHM WAS FIRST DESCRIBED IN 1553 BY GIOVAN BATTISTA BELLASO.
• IT USES A VIGENERE TABLE OR VIGENERE SQUARE FOR ENCRYPTION AND
DECRYPTION OF THE TEXT. THE VIGENERE TABLE IS ALSO CALLED THE TABULA
RECTA.
• WHEN THE VIGENERE TABLE IS NOT GIVEN, THE ENCRYPTION AND DECRYPTION
ARE DONE BY VIGENAR ALGEBRAICALLY FORMULA IN THIS METHOD (CONVERT THE
LETTERS (A-Z) INTO THE NUMBERS (0-25)).
• FORMULA OF ENCRYPTION IS,
• EI = (PI + KI) MOD 26
• FORMULA OF DECRYPTION IS,
• DI = (EI - KI) MOD 26
• IF ANY CASE (DI) VALUE BECOMES NEGATIVE (-VE), IN THIS CASE, WE WILL ADD 26 IN
THE NEGATIVE VALUE.
• EXAMPLE: THE PLAINTEXT IS "JAVATPOINT", AND THE KEY IS "BEST".
• ENCRYPTION: EI = (PI + KI) MOD 26
•
Plaintex J A V A T P O I N T
t
Plaintex 09 00 21 00 19 15 14 08 13 19
t value
(P)
Key B E S T B E S T B E
Key 01 04 18 19 01 04 18 19 01 04
value
(K)
Ciphert 10 04 13 19 20 19 06 01 14 23
ext
value
(E)
Ciphert K E N T U T G B O X
ext
• DECRYPTION: DI = (EI - KI) MOD 26
• IF ANY CASE (DI) VALUE BECOMES NEGATIVE (-VE), IN THIS CASE, WE WILL ADD 26 IN
THE NEGATIVE VALUE. LIKE, THE THIRD LETTER OF THE CIPHERTEXT;
• N = 13 AND S = 18
• DI = (EI - KI) MOD 26
• DI = (13 - 18) MOD 26
• DI = -5 MOD 26
• DI = (-5 + 26) MOD 26
• DI = 21
Ciphert K E N T U T G B O X
ext

Ciphert 10 04 13 19 20 19 06 01 14 23
ext
value
(E)

Key B E S T B E S T B E

Key 01 04 18 19 01 04 18 19 01 04
value
(K)

Plaintex 09 00 21 00 19 15 14 08 13 19
t value
(P)

Plaintex J A V A T P O I N T
t