Network and Information Security(NIS)

Unit.3 Cryptography
C22620.c: Apply cryptographic algorithms and protocols to maintain Computer Security.

DEPARTMENT OF COMPUTER ENGINEERING

1.Introduction:Plain Text, Cipher Text, Cryptography,
Cryptanalysis, Cryptology, Encryption, Decryption.

2.Substitution Techniques: Caesar’s cipher, Modified Caesar’s

Cipher,
3.Transposition Techniques: Simple Columnar Transposition.

4.Steganography : Procedure

5. Symmetric and Asymmetric cryptography: Introduction to

Symmetric encryption, DES(Data encryption Standard)
algorithm,

6.Asymmetric key cryptography: Digital Signature.

DEPARTMENT OF COMPUTER ENGINEERING

 Plain Text, Cipher Text
1) Plain Text:- In cryptography, plain text refers to any
message that is not encrypted. Contrast with cipher
text. Plain text is also called clear text.
eg: My name is ram.(Readable message)

2)Cipher Text:- Ciphertext is encrypted text. Plaintext is

what you have before encryption, and ciphertext is the
encrypted result. The term cipher is sometimes used as a
synonym for ciphertext, but it more properly means the
method of encryption rather than the result.
eg:-23jhg568hjkhs(unreadable message)

DEPARTMENT OF COMPUTER ENGINEERING

 Cryptography

Cryptography:-
Cryptography is the science of
using mathematics to encrypt
and decrypt data.
Cryptography enables you to
store sensitive information or
transmit it across insecure
networks (like the Internet) so
that it cannot be read by anyone
except the intended recipient.

DEPARTMENT OF COMPUTER ENGINEERING

 Cryptanalysis
Cryptanalysis is the art of trying to decrypt the encrypted messages without
the use of the key that was used to encrypt the messages.
Cryptanalysis uses mathematical analysis & algorithms to decipher the
ciphers.
The success of cryptanalysis
attacks depends
• Amount of time available
• Computing power available
• Storage capacity available

The following is a list of the commonly

used Cryptanalysis attacks:-
1. Brute force attack
2. Dictionary attack
3. Rainbow table attack

DEPARTMENT OF COMPUTER ENGINEERING

Brute force attack– Brute force attack is one in which hackers try a large
number of possible keyword or password combinations to gain unauthorized
access to a system or file
• Brute force attacks are often used to defeat a cryptographic scheme, such as
those secured by passwords. Hackers use computer programs to try a very large
number of passwords to decrypt the message or access the system

DEPARTMENT OF COMPUTER ENGINEERING

Dictionary attack– this type of attack uses a wordlist in order to find a
match of either the plaintext or key. It is mostly used when trying to crack
encrypted passwords.

DEPARTMENT OF COMPUTER ENGINEERING

Rainbow table attack– this type of attack compares the cipher text against
pre-computed hashes to find matches.

DEPARTMENT OF COMPUTER ENGINEERING

 Cryptology
Cryptology combines the techniques of cryptography and cryptanalysis.

DEPARTMENT OF COMPUTER ENGINEERING

Encryption and decryption

DEPARTMENT OF COMPUTER ENGINEERING

 Encryption
Technique

Substitution Transposition
Techniques Techniques

Modified Simple Rail fence

Caesar’s cipher Caesar’s Cipher Vernam Cipher Columnar technique
Transposition

DEPARTMENT OF COMPUTER ENGINEERING

 Substitution Techniques
• A substitution cipher replaces one symbol with another. Substitution ciphers can be
categorized as either monoalphabetic ciphers or polyalphabetic ciphers.
• In monoalphabetic substitution, the relationship between a symbol in the plaintext
to a symbol in the cipher text is always one-to-one

Caesar Cipher: This cryptosystem is generally referred to as the Shift Cipher. The
concept is to replace each alphabet by another alphabet which is ‘shifted’ by some
fixed number between 0 and 25.
For this type of scheme, both sender and receiver agree on a ‘secret shift number’
for shifting the alphabet. This number which is between 0 and 25 becomes the key
of encryption.
The name ‘Caesar Cipher’ is occasionally used to describe the Shift Cipher when
the ‘shift of three’ is used.

DEPARTMENT OF COMPUTER ENGINEERING

 Algorithm

Encryption Method:
-Read Plaintext (pt)
For( int i=0; i < pt.length; i++)
-Enter key {
0<Key≤ 25 Int emp=
-Encrypt (pt) convert_to_number(pt,i);
-Show the cipher text (cp) Int c= (temp + k ) mod 26;
ct+= convert_to_letter(c);
-Decrypt cp }
-Show the original plain text

DEPARTMENT OF COMPUTER ENGINEERING

Solve:
• Consider plain text “Network Information Security”, encrypt it with help of Caesar
cipher technique.
• Consider plain text “Polytechnic” and convert given plain text into cipher text with
help of Caesar cipher technique.

DEPARTMENT OF COMPUTER ENGINEERING

 Modified Caesar cipher Algorithm

• It cab be k place down the line this can increase

complexity.
• Once replacement scheme is decided, it would be
constant for whole PT.
• 25 possibilities of replacement.

DEPARTMENT OF COMPUTER ENGINEERING

 Vernam Cipher
is a method of encrypting alphabetic text. It is simply a type of substitution cipher. In this
mechanism we assign a number to each character of the Plain-Text, like (a = 0, b = 1, c = 2,
… z = 25).
Method to take key:
In Vernam cipher algorithm, we take a key to encrypt the plain text which length should be
equal to the length of the plain text.
Encryption Algorithm:
1. Assign a number to each character of the plain-text and the key according to
alphabetical order.
2. Add both the number (Corresponding plain-text character number and Key character
number).
3. Subtract the number from 26 if the added number is greater than 26, if it isn’t then
leave it.

DEPARTMENT OF COMPUTER ENGINEERING

Example:
Plain-Text: RAMSWARUPK
Key: RANCHOBABA
Now according to our encryption algorithm we assign a number to each character of our plain-text and
key.

PT: R A M S W A R U P K
NO: 17 0 12 18 22 0 17 20 15 10
KEY: R A N C H O B A B A
NO: 17 0 13 2 7 14 1 0 1 0

Now add the number of Plain-Text and Key and after doing the addition and subtraction operation (if
required), we will get the corresponding Cipher-Text character number.

CT-NO: 34 0 25 20 29 14 18 20 16 10

In this case, there are two numbers which are greater than the 26
so we have to subtract 26 from them and after applying the subtraction operation the new Cipher text
character numbers are as follow:

CT-NO: 8 0 25 20 3 14 18 20 16 10

New Cipher-Text is after getting the corresponding character from the number.

CIPHER-TEXT: I A Z U D O S U Q K
DEPARTMENT OF COMPUTER ENGINEERING
Transposition Techniques: Simple Columnar Transposition.

Transposition – an encryption in which the letters of the message are

rearranged
Columnar Transposition – a rearrangement of the characters of the plaintext
into columns

Example:

DEPARTMENT OF COMPUTER ENGINEERING

 Rail Fence Cipher

•In this method plain text is written downwards on “rails of fence “ , starting a new
column when bottom is reached.
•Algorithm:
1. First write down plain text message as a sequence of diagonals.
2. Read the plain text written in first step as a sequence of rows.

Example:
Plain text: come home tomorrow

Cipher text: cmhmtmrooeoeoorw

DEPARTMENT OF COMPUTER ENGINEERING

 Steganography
Origin of the term: steganos: secret – graphy: writing

Steganography is the process of hiding of

a secret message within an ordinary
message and extracting it at its destination
Steganography is the art and science of
embedding secret messages in a cover
message in such a way that no one, apart from
the sender and intended recipient, suspects
the existence of the message.

Types of Steganography
1. Text Steganography
2. Image Steganography
3. Audio Steganography

DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
5. Symmetric and Asymmetric cryptography:

Symmetric-key cryptography
is based on sharing secrecy;
Asymmetric-key cryptography
is based on personal secrecy.

DEPARTMENT OF COMPUTER ENGINEERING

DES (Data Encryption Standard) Algorithm

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).

At the encryption site, DES takes a 64-bit plaintext and creates a 64-bit ciphertext;

At the decryption site, DES takes a 64-bit ciphertext and creates a 64-bit block of
plaintext.

The same 56-bit cipher key is used for both encryption and decryption.

DEPARTMENT OF COMPUTER ENGINEERING

Data encryption standard (DES):
We have mention that DES uses a 56 bit key. Actually, the
initial key consists of 64 bits. However, before the DES
process even starts, every 8th bit of the key is discarded to
produce a 56 bit key. That is bit position 8, 16, 24, 32, 40,
48, 56 and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a
56-bit key from the original 64-bit key.

DEPARTMENT OF COMPUTER ENGINEERING

 Initial Permutation (IP):
It happens only once.
It replaces the first bit of the
original plain text block with
the 58th bit of the original plain
text block, the second bit with
the 50th bit of original plain text
block and so on.
The resulting 64-bits permuted
text block is divided into two
half blocks.
Each half block consists of 32
bits. The left block called as
LPT and right block called as
RPT.
16 rounds are performed on
these two blocks.

DEPARTMENT OF COMPUTER ENGINEERING

Initial Permutation (IP) –IP replaces the first bit of the
original plain text block with the 58th bit of the original plain
text, the second bit with the 50th bit of the original plain text
block and so on.

As we have noted after IP done, the resulting 64-bit permuted

text block is divided into two half blocks. Each half block
consists of 32 bits, and each of the 16 rounds,

DEPARTMENT OF COMPUTER ENGINEERING

Details of one round in DES

DEPARTMENT OF COMPUTER ENGINEERING

Step 1 : key transformation: the initial key is transformed into a
56-bit key by discarding every 8th bit of initial key.
Thus ,for each round , a 56 bit key is available, from this 56-bit key, a different
48-bit sub key is generated during each round using a process called as key
transformation
We have noted initial 64-bit key is transformed into a 56-bit key by discarding
every 8th bit of the initial key. Thus, for each a 56-bit key is available. From
this 56-bit key, a different 48-bit Sub Key is generated during each round using
a process called as key transformation. For this the 56 bit key is divided into
two halves, each of 28 bits. These halves are circularly shifted left by one or
two positions, depending on the round.
For example, if the round number 1, 2, 9 or 16 the shift is done by only
position for other rounds, the circular shift is done by two positions. The
number of key bits shifted per round is show in figure.

DEPARTMENT OF COMPUTER ENGINEERING

After an appropriate shift, 48 of the 56 bit are selected. for
selecting 48 of the 56 bits the table show in figure given below.
For instance, after the shift, bit number 14 moves on the first
position, bit number 17 moves on the second position and so on.
If we observe the table carefully, we will realize that it contains
only 48 bit positions. Bit number 18 is discarded (we will not
find it in the table), like 7 others, to reduce a 56-bit key to a
48-bit key. Since the key transformation process involves
permutation as well as selection of a 48-bit sub set of the
original 56-bit key it is called Compression Permutation.

DEPARTMENT OF COMPUTER ENGINEERING

Step 2: Expansion permutation: During Expansion permutation the
RPT is expanded from 32 bits to 48 bits.
The 32-bit RPT is divided into 8 blocks, with each block consisting of
4-bits.
Each 4-bits block of the previous step is then expanded to a
corresponding 6-bit block, per 4-bit block, 2 more bits are added.
They are the repeated 1st and 4th bits of the 4-bit block. The 2nd and 3rd
bits are written as they were in the input.
The 48 bit key is XOR with the 48-bit RPT and the resulting output is
given to the next step.

DEPARTMENT OF COMPUTER ENGINEERING

Step 3: S-box substitution: It accepts the 48-bits input from
the XOR operation involving the compressed key and
expanded RPT and produces 32-bit output using the
substitution techniques.
Each of the 8 S-boxes has a 6-bit input and a 4-bit output.
The output of each S-box then combined to form a 32-bit
block, which is given to the last stage of a round.
Step 4: P- box permutation: the output of S-box consists of
32-bits. These 32-bits are permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain
text block is XOR with the output produced by P
box-permutation. It produces new RPT. The old RPT becomes
new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final

permutation is performed. This is simple transposition.
For e.g., the 40th input bit takes the position of 1st output bit and
so on.
Digital Signature – is a type of asymmetric cryptography used
to simulate the security properties of a signature in digital,
rather than written, form. Digital signature schemes normally
give two algorithms, one for signing which involves the user's
secret or private key, and one for verifying signatures which
involves the user's public key. The output of the signature
process is called the "digital signature”.

DEPARTMENT OF COMPUTER ENGINEERING

Digital Signature

Digital Signature is a type of electronic signature that encrypts

documents with digital codes that are particularly difficult to
duplicate.
• A digital signature (standard electronic signature) takes the
concept of traditional paper-based signing and turns it into an
electronic “fingerprint.” This “fingerprint,” or coded
message, is unique to both the document and the signer and
binds them together.
• It is used to validate the authenticity and integrity of a
message, software or digital document. Digital signatures
cryptographically bind an electronic identity to an electronic
document and the signature cannot be copied to another
document.
DEPARTMENT OF COMPUTER ENGINEERING
MD5/
SHA

DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
Attributes of Digital Signature
• Authentication: Authentication means the act of proving
who you say you are. Authentication means that you know
who created and sent the message. Digital signature is used
to authenticate the source of messages. It ensures the user of
the sender.
• Integrity: Integrity ensures that when a message is sent over
a network, the data that arrives is the same as the data that
was originally sent. Integrity is the assurance that the
information is trustworthy and accurate. Digital signature
ensures the integrity of message.
• Non-repudiation: this is an important criteria of digital
signature. As digital signature ensures the authentication of
the message, so the sender can’t repudiate it later. At the
same time it also ensures the identity of the receiver, so the
receiver can’t repudiate it later.
DEPARTMENT OF COMPUTER ENGINEERING