Cryptography and Network

Security

Department of
Computer Science and Engineering
GIET, University Gunupur
 UNIT-1
INTRODUCTION & NUMBER THEORY

Introduction to Cryptography and Network Security

Computer data often travels from one computer to another,

leaving the safety of its protected physical surroundings. Once
the data is out of hand, people with bad intention could modify
or forge your data, either for amusement or for their own benefit.
Cryptography can reformat and transform our data, making it
safer on its trip between computers. The technology is based on
the essentials of secret codes, augmented by modern
mathematics that protects our data in powerful ways.
 BACKGROUND

• Computer Security - generic name for the collection

of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during
their transmission
• Internet Security - measures to protect data during
their transmission over a collection of interconnected
networks
 AIM OF COURSE

• our focus is on Internet Security

• which consists of measures to deter, prevent, detect, and
correct security violations that involve the transmission
& storage of information
 SECURITY GOALS

 Security Goals: The security goals include different measures

to secure the data, like confidentiality, integrity,
authentication, etc. However, the main goal of keeping the
data secure is to prevent the data from various types of
security attacks.
 SECURITY GOALS

 Confidentiality: Ensures that the information in a computer system and

transmitted information are accessible only for reading by authorized
parties.
 Eg., printing, displaying and other forms of disclosure.
 Integrity: Ensures that only authorized parties are able to modify
computer system assets and transmitted information. Modification
includes writing, changing status, deleting, creating and delaying or
replaying of transmitted messages.
 Availability: Requires that computer system assets be available to
authorized parties when needed.
 ASPECTS OF SECURITY

• consider 3 aspects of information security:

– security attack
– security service
– security Mechanisms
 Security attack – Any action that compromises the security of information
owned by an organization.
 Security service – A service that enhances the security of the data
processing systems and the information transfers of an organization. The
services are intended to counter security attacks and they make use of one
or more security mechanisms to provide the service.
 Security mechanism – A mechanism that is designed to detect, prevent or
recover from a security attack
 SECURITY ATTACKS

• any action that compromises the security of

information owned by an organization
• information security is about how to prevent attacks, or
failing that, to detect attacks on information- based systems
• often threat & attack used to mean same thing
• have a wide range of attacks
• can focus of generic types of attacks
– passive
– active
CONTD.
ACTIVE ATTACKS
PASSIVE ATTACKS
 SECURITY SERVICES

 Security services:
 CONTD.

• Data Confidentiality - protection of data from

unauthorized disclosure
• Data Integrity - assurance that data received is as sent by
an authorized entity
• Authentication - assurance that the communicating entity is
the one claimed and assures recipient that the message is
from the source that it claims to be from.
• Non-Repudiation - protection against denial by one of the
parties in a communication
• Access Control - prevention of the unauthorized use of a
resource
 SECURITY MECHANISMS

• specific security mechanisms:

– Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery
SPECIFIC SECURITY MECHANISMS
 SPECIFIC SECURITY MECHANISMS

 Encipherment: It refers to the process of applying

mathematical algorithms for converting data into a form that
is not intelligible. This depends on algorithm used and
 encryption keys.
 Digital Signature: The appended data or a cryptographic
transformation applied to any data unit allowing to prove the
source and integrity of the data unit and protect against
forgery.
 Access Control: A variety of techniques used for enforcing
access permissions to the system resources.
 SPECIFIC SECURITY MECHANISMS

 Data Integrity: A variety of mechanisms used to assure the

integrity of a data unit or stream of data units.
 Authentication Exchange: A mechanism intended to ensure
the identity of an entity by means of information exchange.
 Traffic Padding: The insertion of bits into gaps in a data
stream to frustrate traffic analysis attempts.
 Routing Control: Enables selection of particular physically
secure routes for certain data and allows routing changes once
a breach of security is suspected.
 Notarization: The use of a trusted third party to assure certain
properties of a data exchange
 PERVASIVE SECURITY MECHANISMS

 Trusted Functionality: That which is perceived to b correct

with respect to some criteria Security Level: The marking
bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
 Event Detection: It is the process of detecting all the events
related to network security.
 Security Audit Trail: Data collected and potentially used to
facilitate a security audit, which is an independent review and
examination of system records and activities.
 Security Recovery: It deals with requests from mechanisms,
such as event handling and management functions, and takes
recovery actions.
 MODEL FOR NETWORK SECURITY

• Using this model requires us to:

1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service
MODEL FOR NETWORK SECURITY
 MODEL FOR NETWORK ACCESS
SECURITY

• using this model requires us to:

1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorized users access designated information or
resources
• trusted computer systems may be useful to help
implement this model
MODEL FOR NETWORK ACCESS
SECURITY
 BASIC TERMINOLOGY OF
CRYPTOGRAPHY

• Cryptography is the study of secret (crypto-)

writing (-graphy)
• Concerned with developing algorithms which may be used
to:
– Conceal the context of some message from all except
the sender and recipient (privacy or secrecy), and/or
– Verify the correctness of a message to the recipient
(authentication or integrity)
• Basis of many technological solutions to computer and
communications security problems
 BASIC TERMINOLOGY

• Cryptography - The art or science encompassing the

principles and methods of transforming message an
intelligible into one that is unintelligible, and then
retransforming that message back to its original form
• Plaintext - The original intelligible message
• Cipher text - The transformed message
• Cipher - An algorithm for transforming an intelligible
message into one that is unintelligible by transposition
and/or substitution methods
• Key - Some critical information used by the cipher,
known only to the sender & receiver
 BASIC TERMINOLOGY

• Encipher (encode)- Process of converting plaintext to

ciphertext using a cipher and a key
• Decipher (decode)- The process of converting ciphertext
back into plaintext using a cipher and a key
• Cryptanalysis (codebreaking)- The study of principles and
methods of transforming an unintelligible message back
into an intelligible message without knowledge of the key.
• Cryptology- The field encompassing both
cryptography and cryptanalysis
 CLASSSICAL ENCRYPTION TECHNIQUE

classical encryption techniques:

Symmetric Cryptography: In the symmetric cryptography a

single key is used for encrypting and decryption the data.
Asymmetric Cryptography: In the asymmetric cryptography a
pair of key, i.e., public key and private key is used
for encryption and decryption.
CLASSSICAL ENCRYPTION TECHNIQUE

It includes following methods:

 Symmetric Cipher Model
 Substitution Technique
 Transposition Technique
 Steganography
 SYMMETRIC CIPHER MODEL

 A symmetric encryption scheme has five ingredients:

 Plaintext: original message to be encrypted.
 Cipher text: the encrypted message.
 Encryption algorithm: The encryption algorithm performs
various substitutions and transformations on the plaintext.
 Decryption algorithm: This is essentially the encryption
algorithm run in reverse. It takes the cipher text and the
secret key and produces the original plaintext.
 Secret key: A secret key is the piece of information or
parameter that is used to encrypt and decrypt messages in a
symmetric, or secret-key, encryption.
 ALGORITHM KEYS

• Encryption
– The mathematical function mapping plaintext to
ciphertext using the specified key:
 Y = EK(X) or E(K, X)

• Decryption
– The mathematical function mapping cipher text to
plaintext using the specified key:
 X = DK(Y) or D(K, X) = E
SYMMETRIC CIPHER MODEL
 CONVENTIONAL CRYPTOSYSTEM
MODEL

• Cryptographic system (Cryptosystem)

 A cryptosystem is a five-tuple (P, C, K, E, D), where
following conditions are satisfied :
1. P is a finite set of possible plaintexts
2. C is a finite set of possible cipher texts
3. K, the key space, is a finite set of possible keys
4. For each K  K, there is an encryption algorithm EK  E
and a corresponding decryption algorithm DK  D.
Each EK : P  C and DK : C  P are functions such that
DK(EK(X)) = X for every plaintext X  P.
CONVENTIONAL CRYPTOSYSTEM MODEL
 SUBSTITUTION ENCRYPTION TECHNIQUES

 A substitution technique is one in which the letters of

plaintext are replaced by other letters or by numbers or
symbols. If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with cipher
text bit patterns.
Different types of Substitution techniques are:
1. Caesar Cipher
2. Monoalphabetic Ciphers
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
 CAESAR CIPHER

The Caesar Cipher technique is one of the earliest and simplest

method of encryption technique. It’s simply a type of
substitution cipher, i.e., each letter of a given text is replaced by a
letter some fixed number of positions down the alphabet. The
method is apparently named after Julius Caesar, who apparently
used it to communicate with his officials.

Formula: Ciphertext(C):E(k,p)=(p+k)mod26
Plaintext(p):D(k,C)=(C-k)mod26
 For Example, key=3
 plaintext: hello how are you
 cipher text: KHOOR KRZ DUH BRX
 MONOALPHEBATIC CIPHER

• Monoalphabetic ciphers are easy to break because they reflect the

frequency data of the original alphabet.
• A countermeasure is to provide multiple substitutes, known as
homophones, for a single lett
• Further generalization of the Caesar cipher,
• Plain: abcdefghijklmnopqrstuvwxyz
• Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
• Obtained by allowing any permutation of 26 characters for the
cipher
• Key size = 26
• Key space = 26! or 4x1026
 PLAYFAIR CIPHER

• The best-known multiple-letter encryption cipher is the

Playfair, which treats diagrams in the plaintext as
single units and translates these units into ciphertext
diagrams.

• The Playfair algorithm is based on the use of a 5 * 5

matrix of letters constructed using a keyword.
 RULES FOR PLAYFAIR CIPHER

• For example, Keyword: Security & Plain Text: Pattern

• In this case, the keyword is security. The matrix is

constructed by filling in the letters of the keyword (minus
duplicates) from left to right and from top to bottom, and
then filling in the remainder of the matrix with the
remaining letters in alphabetic order.
 Note: The letters I and J count as one letter.
 RULES FOR PLAYFAIR CIPHER

Plaintext is encrypted two letters at a time, according

to the following rules:
S E C U R
I/J T Y A B
D F G H K
L M N O P
Q V W X Z
 EXPLANATION

1) Repeating plaintext letters that are in the same pair are

separated with a filler letter, such as x, so that pattern would
be treated as pa tx te rn.
2) Two plaintext letters that fall in the same row of the matrix are
each replaced by the letter to the right, with the first element
of the row circularly following the last. For example, op is
encrypted as PL.
3) Two plaintext letters that fall in the same column are each
replaced by the letter beneath, with the top element of the
column circularly following the last. For example, mv is
encrypted as VE.
 EXPLANATION

4) Otherwise, each plaintext letter in a pair is replaced by the

letter that lies in its own row and the column occupied by
the other plaintext letter. Thus, pa becomes OB.
 Plaintext: pa tx te rn & Ciphertext: OB VA FT CP
 The Playfair cipher is a great advance over simple
monoalphabetic ciphers.
 For one thing, whereas there are only 26 letters, there are 26
* 26 = 676 diagrams, so that identification of individual
diagrams is more difficult.
 ONE -TIME PAD CIPHER

• Perfect substitution cipher

• Use a random key (pad) which is as long as
the message, with no repetitions.
– Key distribution is a problem
– Or, random key stream generation is a problem

•It is an unbreakable cryptosystem. It represents the message

as a sequence of 0s and 1s. this can be accomplished by writing
all numbers in binary, for example, or by using ASCII.
•The key is a random sequence of 0‟s and 1‟s of same length
as the message.
Once a key is used, it is discarded and never used again.
 TRANSPOSITION TECHNIQUES

 A very different kind of mapping is achieved by performing

some sort of permutation on the plaintext letters. This
technique is referred to as a transposition cipher.
 Rail fence is simplest of such cipher, in which the plaintext is
written down as a sequence of diagonals and then read off as a
sequence of rows.
 Plaintext = meet at the school house
 To encipher this message with a rail fence of depth 2,
 We write the message as follows:
 meatecolosetthshohue
 The encrypted message is MEATECOLOSETTHSHOHUE
 TRANSPOSITION TECHNIQUES

 Row Transposition Ciphers- A more complex scheme is to

write the message in a rectangle, row by row, and read the
message off, column by column, but permute the order of
the columns. The order of columns then becomes the key of
the algorithm.
 plaintext = meet at the school house, Key = 4 3 1 2 5 6 7
 PT = m e e t a t t h e s c h o o l h o u s e
 CT = ESOTCUEEHMHLAHSTOETO
 STEGANOGRAPHY

 A plaintext message may be hidden in one of two ways. The

methods of steganography conceal the existence of the message,
whereas the methods of cryptography render the message
unintelligible to outsiders by various transformations of the text.
Character marking: Selected letters of printed or typewritten text
are overwritten in pencil. The marks are ordinarily not visible
unless the paper is held at an angle to bright light.
Invisible ink: A number of substances can be used for writing but
leave no visible trace until heat or some chemical is applied to the
paper.
Pin punctures: Small pin punctures on selected letters are ordinarily
not visible unless the paper is held up in front of a light.
 STEGANOGRAPHY

Typewriter correction ribbon: Used between lines typed with

a black ribbon, the results of typing with the correction tape
are visible only under a strong light.

• Steganography has a number of drawbacks when compared to

encryption. It requires a lot of overhead to hide a relatively few
bits of information, although using a scheme like that proposed
in the preceding paragraph may make it more effective.
• Also, once the system is discovered, it becomes virtually
worthless. This problem, too, can be overcome if the insertion
method depends on some sort of key.
 STEGANOGRAPHY

 Alternatively, a message can be first encrypted and then hidden

using steganography.
• The advantage of steganography is that it can be employed
by parties who have something to lose should the fact of
their secret communication (not necessarily the content) be
discovered.
• Encryption flags traffic as important or secret or may identify
the sender or receiver as someone with something to hide.
FINITE FIELDS AND NUMBER THEORY

Groups, Rings, Fields :

•Groups, rings, and fields are the fundamental elements of
a branch of mathematics known as abstract algebra, or
modern algebra.
•In abstract algebra, we are concerned with sets on whose
elements we can operate algebraically; that is, we can
combine two elements of the set, perhaps in several ways,
to obtain a third element of the set. These operations are
subject to specific rules, which define the nature of the set.
 GROUPS, RINGS AND FIELDS:

 Group: A set of elements that is closed with respect to some

operation.
 Closed-> The result of the operation is also in the set
 The operation obeys:
Obeys associative law: (a.b).c = a.(b.c)
Has identity e: e.a = a.e = a
Has inverses a-1: a.a-1 = e
 Abelian Group: The operation is commutative Ex- a.b = b.a
 Example: Z8, + modular addition, identity =0
 CONTD.

•Cyclic Group:
•Exponentiation: Repeated application of operator
 example: a3 = a.a.a
 Cyclic Group: Every element is a power of some fixed element,
i.e., b = ak for some a and every b in group a is said to be a
generator of the group
 Example: {1, 2, 4, 8} with mod 12 multiplication, the
generator is 2.
 20=1, 21=2, 22=4, 23=8, 24=4, 25=8
 CONTD.

Ring:
 A group with two operations: addition and multiplication
 The group is abelian with respect to addition: a+b=b+a
 Multiplication and additions are both associative:
 a+(b+c)=(a+b)+c a.
(b.c)=(a.b).c
 Multiplication distributes over
addition, a.(b+c)=a.b+a.c
 Commutative Ring:
Multiplication is commutative,
i.e., a.b = b.a
 CONTD.

Field: An integral domain in which each element has an

multiplicative inverse.
 MODULAR ARITHMATIC

Modular arithmetic: is a system of arithmetic for

integers, where values reset to zero and begin to increase
again, after reaching a certain predefined value, called the
modulus.
It is widely used in computer science and cryptography.
One major reason is that modular arithmetic allows us to
easily create groups, rings and fields which are
fundamental building blocks of most modern public-key
cryptosystems.
PROPERTY OF MODULAR ARITHMATIC

 Congruence: a = b mod n says when divided by n that a

and b have the same remainder
o 100 = 34 mod 11
o usually have 0<=b<=n-1
o -12mod7 = -5mod7 = 2mod7 = 9mod7
o b is called the residue of a mod n
 can do arithmetic with integers modulo n with all results
between 0 and n
•Addition: EX- a+b mod n
 CONTD.

•Subtraction:
 a-b mod n = a+(-b) mod n

•Multiplication:
 a.b mod n
 derived from repeated addition
 can get a.b=0 where neither a,b=0
 eg 2.5 mod 10
 CONTD.

•Division:
 a/b mod n
 is multiplication by inverse of b: a/b = a.b-1 mod n
 if n is prime b-1 mod n exists s.t b.b-1 = 1 mod n
• eg 2.3=1 mod 5 hence 4/2=4.3=2 mod 5
 integers modulo n with addition and multiplication form a
commutative ring with the laws of
 CONTD.

 Associativity : (a+b)+c = a+(b+c) mod n

 Commutativity : a+b = b+a mod n

 Distributivity : (a+b).c = (a.c)+(b.c) mod n

 EUCLID’S ALGORITHM

Greatest Common Divisor: The greatest common divisor

(a,b) of a and b is the largest number that divides evenly into
both a and b

The Euclidean algorithm is an efficient method to compute

the greatest common divisor (gcd) of two integers.

 If gcd(a, b) = 1 then we say that a and b are coprime or

relatively prime . The gcd is sometimes called the highest
common factor (hcf).
 CONTD.

 Euclid's Algorithm: It is used to find the Greatest Common

Divisor (GCD) of two numbers a and n, a<n use fact if a and
b have divisor d
 so does a-b, a-2b GCD (a,n) is given by:
let g0=n g1=a
gi+1 = gi-1 mod gi
when gi=0 then (a,n) =
gi-1
eg find (56,98)
g0=98
g1=56
g2 = 98 mod 56 = 42
g3 = 56 mod 42 = 14
 FINITE FIELDS

•The theory of finite fields is a key part of number theory,

abstract algebra, arithmetic algebraic geometry, and
cryptography, among others.
• Many questions about the integers or the rational numbers
can be translated into questions about the arithmetic in
finite fields, which tends to be more tractable.
•As finite fields are well-suited to computer calculations,
they are used in many modern cryptographic applications.
 POLYNOMIAL ARITHMATIC

We are concerned with polynomials in a single variable x, and

we can distinguish three classes of polynomial arithmetic:
 Ordinary polynomial arithmetic, using the basic rules of
algebra
 Polynomial arithmetic in which the arithmetic on the
coefficients is performed modulo p; that is, the coefficients
are in GF(p)
 Polynomial arithmetic in which the coefficients are in GF(p),
and the polynomials are defined modulo a polynomial m(x)
whose highest power is some integer n
 PRIME NUMBER

•The RSA encryption system uses prime numbers to encrypt

data. The reason for this is because of how difficult or hard it is
to find the prime factorization.
•This system, which was developed by Ron Rivest, Leonard
Adelman, and Adi Shamir, allows for secure transmission of
data like credit card numbers online.
•To prove whether a number is a prime number, first try
dividing it by 2, and see if you get a whole number.
 EULER’S THEOREM

•Euler's theorem: generalizes Fermat's theorem to the

case where the modulus is not prime. It says that: if n is a
positive integer and a, n are coprime, then aφ(n) ≡ 1 mod n
where φ(n) is the Euler's totient function.

•It arises in applications of elementary number theory,

including the theoretical underpinning for the RSA
cryptosystem.
 TESTING FOR PRIMILITY

primality test: is an algorithm for determining whether an

input number is prime. Among other fields of
mathematics, it is used for cryptography.

• Unlike integer factorization, primality tests do not

generally give prime factors, only stating whether the
input number is prime or not.
THE CHINESE REMAINDER THEOREM

•In number theory, the Chinese remainder theorem states

that if one knows the remainders of the Euclidean division
of an integer n by several integers, then one can determine
uniquely the remainder of the division of n by the product
of these integers, under the condition that the divisors are
pairwise coprime.
•The earliest known statement of the theorem is by the
Chinese mathematician Sun-tzu in the Sun-tzu Suan-ching
in the 3rd century AD.
 DISCRETE LOGARITHMS

•Discrete logarithms are quickly computable in a few special

cases. However, no efficient method is known for computing
them in general.

•Several important algorithms in public-key cryptography

base their security on the assumption that the discrete
logarithm problem over carefully chosen groups has no
efficient solution.