DATA SECURITY AND

CRYPTOGRAPHY
WEEK 02
By: Dr. Danish Shehzad
SECURITY TRENDS

2
 THE OSI SECURITY ARCHITECTURE
OSI Protocol
architecture

3
OSI MODEL
OSI SECURITY ARCHITECTURE
 ITU-T X.800 “Security Architecture for OSI”
 A systematic way of defining and providing security

5
requirements
 Provides a useful, if abstract, overview of concepts we will
study

ITU-T: International Telecommunication Union

Telecommunication Standardization Sector
OSI: Open Systems Interconnection
3 ASPECTS OF INFO SECURITY

 Security Attack
 A security attack means any action that puts the

6
data or overall security of the system at risk.
 An attack might be successful or unsuccessful.
 Security Service
 A service that enhances the security of data
processing systems and information transfers.
 These security services can be implemented in
various layers of the OSI model.
 Makes use of one or more security mechanisms.
 Security Mechanism
 A mechanism that is designed to detect, prevent, or
recover from a security attack.
 SECURITY ATTACKS
 Threat & attack
 Often used equivalently
 There are a wide range of attacks
Two generic types of attacks

7

 Passive

 Active
8
SECURITY SERVICES
X.800
 A service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or of
data transfers

9
 Confidentiality (privacy)
 Authentication (who created or sent the data)
 Integrity (has not been altered)
 Non-repudiation (prove the communication parties)
 Access control (prevent misuse of resources)
 Availability (permanence, non-erasure)
 Denial of Service Attacks
 Virus that deletes files
SECURITY MECHANISM
 Features designed to detect, prevent, or recover
from a security attack
 No single mechanism that will support all

10
services required
 One particular element underlies many of the
security mechanisms in use:
 Cryptographic techniques
 Hence we will focus on this topic first
SECURITY MECHANISMS (X.800)
Specific security mechanisms:

11
Pervasive security mechanisms:
 Trusted functionality, security labels, event detection,
security audit trails, security recovery
OSI SECURITY STRUCTURE – SECURITY
MECHANISM
MODEL FOR NETWORK SECURITY

13
MODEL FOR NETWORK ACCESS SECURITY

14
CRYPTOGRAPHY
 Is
the practice and study of techniques for
secure communication in the presence of
third parties

15
 Symmetric cipher: same key used for
encryption and decryption
 Asymmetric cipher: different keys used for
encryption and decryption
CRYPTOGRAPHIC SYSTEMS CLASSIFICATION
1. The operation used in transferring plaintext to ciphertext: •

• Substitution: each element in the plaintext is mapped into

another element
• Transposition: the elements in the plaintext are re-arranged.

2. The number of keys used:

• Symmetric (private- key) : both the sender and receiver use the
same key
• Asymmetric (public-key) : sender and receiver use different key

3. The way the plaintext is processed :

• Block cipher : inputs are processed one block at a time, producing

a corresponding output block.
• Stream cipher: inputs are processed continuously, producing one
element at a time (bit, byte)
© 2017 Pearson Education, Ltd., All rights reserved.
SYMMETRIC CIPHER MODEL INGREDIENTS
 Plaintext: original message to be encrypted

 Ciphertext: the encrypted message

18
 Enciphering or encryption algorithm: the process
of converting plaintext into ciphertext

 Secret key: used for encryption and Decryption

 Deciphering or Decryption algorithm: recovering

plaintext from ciphertext
SYMMETRIC CIPHER MODEL

19
 Secret key: same key used for encryption and
decryption
 Also referred to as a symmetric key

20
 Cipher or cryptographic system : a scheme for
encryption and decryption

 Cryptography: science of studying ciphers

 Cryptanalysis: science of studying attacks against

cryptographic systems

 Cryptology: cryptography + cryptanalysis

SYMMETRIC ENCRYPTION
 Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)

22
 X = plaintext
 Y = ciphertext
 K = secret key
 E = encryption algorithm
 D = decryption algorithm
 Both E and D are known to public
CRYPTANALYSIS
 Objective:to recover the plaintext of a
ciphertext or, more typically, to recover

23
the secret key.
 Kerkhoff’sprinciple: the opponent
knows all details about a cryptosystem
except the secret key.
 Two general approaches:
 brute-force attack
 non-brute-force attack (cryptanalytic
attack)
BRUTE-FORCE ATTACK
 Try every key to decipher the ciphertext.
 On average, need to try half of all possible

24
keys
 Time needed proportional to size of key space
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
CRYPTANALYTIC ATTACKS
 May be classified by how much information
needed by the attacker:

25
 Cipher text-only attack

 Known-plaintext attack

 Chosen-plaintext attack

 Chosen-ciphertext attack
CLASSICAL ENCRYPTION TECHNIQUES

 Classical Ciphers can be divided into two main

categories:

1. Substitution Ciphers

2. Transposition Cipher
1. SUBSTITUTION CIPHERS
 Monoalphabetic
 Additive Cipher
 Shift Cipher

 Affine Cipher

 Caesar Cipher

 Polyalphabetic Cipher
 Autokey Cipher
 Playfair Cipher

 Hill Cipher

 Vigenere Cipher

 Vernam Cipher
2. TRANSPOSITION CIPHERS

 Rail Fence

 Simple Columnar

 Simple Columnar with mutliple rounds

 Rotormachine
 MONOALPHABETIC SUBSTITUTION CIPHER

 Shuffle the letters and map each plaintext letter to a different random
ciphertext letter:

31
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

 What does a key look like?

CAESAR CIPHER ALGORITHM
 Can define transformation as:
abcdefghijklmnopqrstuvwxyz
DEFGHIJK LMNOPQRSTUVWXYZABC

 Mathematically give each letter a number

a b c d e f g h I j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

 Algorithm can be expressed as:

c = E(3, p) = (p + 3) mod (26)

 A shift may be of any amount, so that the general

Caesar algorithm is:
C = E(k , p ) = (p + k ) mod 26
 Where k takes on a value in the range 1 to 25; the
decryption algorithm is simply:
p = D(k , C ) = (C - k ) mod 26
© 2017 Pearson Education, Ltd., All rights reserved.
Relative frequencies of letters in the English language
 Substitution Ciphers

POLYALPHABETIC CIPHERS
 In a polyalphabetic cipher, multiple “alphabets”
are used to encipher.
 If two letters are the same in the ciphertext it
does not mean they must decipher to the same
plaintext letter.

 Playfair Cipher
 Autokey Cipher

 Hill Cipher

 Vigenere Cipher

 Vernam Cipher
HILL CIPHER
 The algo takes n x n matrix.
 The cipher C of P derived by multiplying P by K.

 When decrypt the message the inverse of K is used.

 C=(KP) mod (26)

 P= K-1 C mod (26)

 Hill Cipher
• Historical cipher subject to know-plaintext attacks.

• Based on matrix multiplication. Take K, an MxM key representing a system of

linear equations.

• Ciphertext,C, and plaintext, p, are 1xM and Mx1 matricies

• C=Kp (mod 26)

 C1   k11 k12 k13  p1 
    
 C2    k21 k22 k23  p2  mod26
C  k  p 
 3   31 k 32 k 33  3 
 HILL CIPHER
 Example :-
 Plaintext is “paymoremoney” and key is
 K= |17 17 5 |
|21 18 21|
|2 2 19|

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A BCDEFGHI J K L M N O P Q R S T U V W X Y Z
HILL CIPHER
 PAY = |15 0 24|, P = 15
 C = (KP) mod 26 0
24

C = 17 17 5 15
21 18 21 X 0 mod 26
2 2 19 24

C= 255+0+120
315+0+504 mod 26
30+0+456
HILL CIPHER
 C= 375
819 mod 26
486

C= 11 L
13 N
18 S

PAY = LNS