Download - BT0088 Cryptography and Network Security1

Page 1: BT0088 Cryptography and Network Security1

Cryptography and Network


1. Explain the need for network security.

Computer security is required because many organizations will be

damaged by hostile software or intruders. There may be several forms of

damage which are obviously interrelated.

These include:

Damage or destruction of computer systems.

Damage or destruction of internal data.

Loss of sensitive information to hostile parties.

Use of sensitive information to steal elements of monitary value.

Use of sensitive information against the customers which may result in legal

action by customers against the organization and loss of customers.

Damage to the reputation of an organization.

Monitory damage, due to loss of sensitive information, destruction of data,

hostile use of sensitive data, or damage to the reputation of the

organization. The methods used to accomplish these unscrupulous

objectives are many and varied depending on the circumstances.

2. What is security attack? Explain with examples.

Any action that compromises the security of information owned by an

organization is called security attack. Those who execute such actions, or

cause them to be executed, are called attackers or opponents. Computer-

based system has three interrelated and valuable components namely,

hardware, software, and data. Each of these assets offers value to

Page 2: BT0088 Cryptography and Network Security1

different members of the community affected by the system. To analyze

security, we can brainstorm about the ways in which the system or its

information can experience some kind of loss or harm

Vulnerability is a weakness in the security system, For

example, you can

see certain system does not verify a user's identity or password before

allowing them to access the data.

A threat to a computing system is a set of

circumstances that has the

potential to cause loss or harm. The threats to computing system would be

either human-initiated or computer-initiated. A human who exploits the

vulnerability perpetrates an attack on the system. An attack can also be

launched by another system, as when one system sends an overwhelming

set of messages to another, virtually shutting down the second system's

ability to function. we have seen this type of attack frequently, as

denial-of-service attacks flood servers with more messages than they can


3. What is the difference between substitution and transposition


Substitutions are the simple form of encryption in which one letter is

exchanged for another. A substitution is an acceptable way of encrypting

text. Here is few examples.The Caesar cipher has an important place in

history. Julius Caesar is said to have been the first to use this scheme, in

Page 3: BT0088 Cryptography and Network Security1

which each letter is translated to a letter a fixed number of places after it in

the alphabet. Caesar used a shift of 3, so that plaintext letter pi was

enciphered as ciphertext letter ci by the rule .A one-time pad is sometimes

considered the perfect cipher. The name comes from an encryption method

in which a large, nonrepeating set of keys is written on sheets of paper,

glued together into a pad. The Vernam Cipher is a type of one-time pad

devised by Gilbert Vernam for AT&T. The Vernam cipher is immune to most

cryptanalytic attacks. The basic encryption involves an arbitrarily long

nonrepeating sequence of

numbers that are combined with the plaintext. Vernam's invention used an

arbitrarily long punched paper tape that fed into a teletype machine. The

tape contained random numbers that were combined with characters typed

into the teletype. The sequence of random numbers had no repeats, and

each tape was used only once. As long as the key tape does not repeat or is

not reused, this type of cipher is immune to cryptanalytic attack because

the available ciphertext does not display the pattern of the key


Page 4: BT0088 Cryptography and Network Security1

transposition techniques

The goal of substitution is confusion; the encryption method is

an attempt to

make it difficult for a cryptanalyst or intruder to determine how a message

and key were transformed into cipher-text. A transposition is an

encryption in which the letters of the message are rearranged. With

transposition, the cryptography aims for diffusion, widely spreading the

information from the message or the key across the ciphertext.

Transpositions try to break established patterns. Because a transposition is

a rearrangement of the symbols of a message, it is also known as a


A simplest transposition technique is Columnar Transpositions. The columnar

transposition is a rearrangement of the characters of the plaintext into


The following set of characters is a five-column transposition. The plaintext

characters are written in rows of five and arranged one row after another, as

Page 5: BT0088 Cryptography and Network Security1

shown here.

c1 c2 C3 c4 c5

c6 c7 C8 c9 c10

c11 c12 etc.

You form the resulting ciphertext by reading down the columns

Encipherment / Decipherment Complexity

This type is again arranging the letters and reading them off again.

Therefore, the algorithm requires a constant amount of work per character,

and the time needed to apply the algorithm is proportional to the length of

the message.

Page 6: BT0088 Cryptography and Network Security1

Digrams, Trigrams, and Other Patterns

Just as there are characteristic letter frequencies, there are also characteristic

patterns of pairs of adjacent letters, called digrams. Letter pairs such as -

re-, -th-, -en-, and -ed- appear very frequently

4. Using Caesar Cipher encrypt the plaintext “Sikkim Manipal

University” using key value


Ciphertext d e f g h i j k l m n o p q r s t u v w x y z a b c


would be encoded as


vl nnl p pd qls do x q ly huv lwb

5. Explain different characteristics that identify a good encryption


1. The implementation of the process should be as simple as possible.

Principle 3 was formulated with hand implementation in mind: A

complicated algorithm is prone to error or likely to be forgotten. With the

Page 7: BT0088 Cryptography and Network Security1

development and popularity of digital computers, algorithms far too

complex for hand implementation became feasible. Still, the issue of

complexity is important. People will avoid an encryption algorithm whose

implementation process severely hinders message transmission, thereby

undermining security. And a complex algorithm is more likely to be

programmed incorrectly

2. The enciphering algorithm and set of keys used should be less complex.

This principle implies that we should restrict neither the choice of keys

nor the types of plaintext on which the algorithm can work. For instance,

an algorithm that works only on plaintext having an equal number of As

and Es is useless. Similarly, it would be difficult to select keys such that

the sum of the values of the letters of the key is a prime number.

Restrictions such as these make the use of the encipherment prohibitively

complex. If the process is too complex, it will not be used. Furthermore,

the key must be transmitted, stored, and remembered, so

it must be short.

3. The amount of secrecy needed should determine the amount of labor

appropriate for the encryption and decryption. Principle 1 is a reiteration

of the principle of timeliness and of the earlier observation that even a

Page 8: BT0088 Cryptography and Network Security1

simple cipher may be strong enough to deter the casual interceptor or to

hold off any interceptor for a short time.

4. Errors in ciphering should not propagate and cause corruption of further

information in the message. Principle 4 acknowledges that humans make

errors in their use of enciphering algorithms. One error early in the

process should not throw off the entire remaining ciphertext.

5. The size of the original message and that of enciphered text should be at

most same.

6. Compare Symmetric and Asymmetric Encryption Systems.

The two basic kinds of encryption systems are key based and

block based.

Key based encryption is based on either single key or multiple keys. Block

based encryption is based on either stream or block of characters We have

two types of encryptions based on keys they are symmetric (also called

"secret key") and asymmetric (also called "public key"). Symmetric

algorithms use one key, which works for both encryption and decryption.

Usually, the decryption algorithm is closely related to the encryption one The

symmetric system means both encryption and the decryption are performed

using the same key. They provide a two-way channel to their users: A and B

share a secret key, and they can both encrypt information to send to the

other as well as decrypt information from the other. As long as

the key remains secret, the system also provides authentication, proof that a

Page 9: BT0088 Cryptography and Network Security1

message received was not fabricated by someone other than the declared

sender. Authenticity is ensured because only the legitimate sender can

produce a message that will decrypt properly with the shared key.

Public key systems, on the other hand, excel at key

management. By the nature of the public key approach, you can send a

public key in an e-mai message or post it in a public directory. Only the

corresponding private key, which presumably is kept private, can decrypt

what has been encrypted with the public key.

For both kinds of encryption, a key must be kept well secured.

Once the

symmetric or private key is known by an outsider, all messages written

previously or in the future can be decrypted (and hence read or modified)

by the outsider. So, for all encryption algorithms, key management is a

major issue. It involves storing, safeguarding, and activating keys

7. Give the Overview of DES Algorithm.

The most widely used encryption scheme is based on Data


standard. Data Encryption Standard (DES), a system developed for the U.S.

government, was intended for use by the general public The Data

Encryption Standard (DES) specifies an

algorithm to be implemented in electronic hardware devices and used for the

cryptographic protection of computer data ... Encrypting data converts it to

Page 10: BT0088 Cryptography and Network Security1

an unintelligible form called

cipher. Decrypting cipher converts the data back to its original form. The

algorithm... specifies both enciphering and deciphering operations which

are based on a binary number called a key … Data can be recovered from

cipher only by using exactly the same key used

to encipher it.

The Data Encryption algorithm is a combination of both substitution as


as transposition technique. The strength of DES technique is improved when

it uses both the techniques together. It uses both the technique repeatedly

i.e., one on the top of other for a total of 16 cycles. The sheer complexity of

tracing a single bit through 16 iterations of substitutions and transpositions

has so far stopped researchers in the public from identifying

more than a handful of general properties of the algorithm. The algorithm

begins by encrypting the plaintext as blocks of 64 bits. The key is 64 bits

long, but in fact it can be any 56-bit number. (The extra 8 bits are often

used as check digits and do not affect encryption in normal

implementations.) The user can change the key at will any time there is

uncertainty about the security of the old key.

Page 11: BT0088 Cryptography and Network Security1

The iterative substitutions and permutations are performed as outlined in


DES uses only standard arithmetic and logical operations on numbers up to

64 bits long, so it is suitable for implementation in software on most current

computers. Although complex, the algorithm is repetitive, making it suitable

for implementation on a single-purpose chip.

Page 12: BT0088 Cryptography and Network Security1

8. Explain RSA technique with an example.

RSA stands for Rivest, Shamir, and Adleman, the people who invented the

algorithm at MIT in 1978 which uses two keys: a private key and a public

key. Typically, private key algorithms such as DES can't protect against

fraud by the sender or the receiver of a message

RSA is an exponentiation cipher. You have to follow the following two steps.

1. Choose two large prime numbers p and q, and let n = pq. The totient Ø(n)

of n is the number of numbers less than n with no factors in common with n.

Example: Let n = 10. The numbers that are less than 10 and are relatively

prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, Ø

(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are

1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So Ø(21) = 12.

2. Choose an integer e < n that is relatively prime to Ø(n). Find a second

integer d such that ed mod Ø(n) = 1. The public key is (e, n), and the

private key is d.

Page 13: BT0088 Cryptography and Network Security1

Let m be a message. Then:

c = me mod n


m = cd mod n.

Example: Let p = 7 and q = 11. Then n = 77 and Ø(n) = 60. Alice chooses e =

17, so her private key is d = 53. In this cryptosystem, each plaintext

character is represented by a number between 00 (A) and 25 (Z); 26

represents a blank. Bob wants to send Alice the message "HELLO WORLD."

Using the representation above, the plaintext is 07 04 11 11 14

26 22 14 17 11 03. Using Alice's public key, the ciphertext is

0717 mod 77 = 28

0417 mod 77 = 16

1117 mod 77 = 44


0317 mod 77 = 75

or 28 16 44 44 42 38 22 42 19 44 75.

RSA can provide data and origin authentication. If Alice

enciphers her message using her private key, anyone can read it, but if

anyone alters it, the (altered) ciphertext cannot be deciphered correctly.

Example: Suppose Alice wishes to send Bob the message "HELLO WORLD"

in such a way that Bob will be sure that Alice sent it. She enciphers the

message with her private key and sends it to Bob. As indicated above, the

Page 14: BT0088 Cryptography and Network Security1

plaintext is represented as 07 04 11 11 14 26 22 14 17

11 03.

Using Alice's private key, the ciphertext is

0753 mod 77 = 35

0453 mod 77 = 09

1153 mod 77 = 44


0353 mod 77 = 05

or 35 09 44 44 93 12 24 94 04 05. In addition to origin authenticity, Bob can

be sure that no letters were altered.

9. Explain different approaches used in judging the quality of security.

"secure”, it means that security implies

some degree of trust that the program enforces expected confidentiality,

integrity, and availability

Fixing Faults

One approach to judge quality in security is fixing faults. You might argue that

Page 15: BT0088 Cryptography and Network Security1

a module in which 100 faults were discovered and fixed is better than

another in which only 20 faults were discovered and fixed, suggesting that

more rigorous analysis and testing had led to the finding of the larger

number of faults. Early work in computer security was based on the

paradigm of "penetrate and patch," in which analysts searched for and

repaired faults. Often, a top-quality "tiger team" would be convened to test

a system's security by attempting to cause it to fail. The test was

considered to be a "proof" of security; if the system withstood the attacks, it

was considered secure. Unfortunately, far too often the proof became a

counterexample, in which not just one but several serious security problems

were uncovered. The problem discovery in turn led to a rapid effort to

"patch" the system to repair or restore the security. However, the patch

efforts were largely useless, making the system less secure rather than

more secure because they frequently introduced new faults. There are three

reasons why.

The fault often had non-obvious side effects in places other than the

immediate area of the fault.

The system functionality or performance would be affected if faults needs

to be detected properly.

The pressure to repair a specific problem encouraged a narrow focus on

the fault itself and not on its context. In particular, the analysts paid

attention to the immediate cause of the failure and not to the underlying

design or requirements faults.

Unexpected Behavior

Page 16: BT0088 Cryptography and Network Security1

The inadequacies of penetrate-and-patch led researchers to seek a better way

to be confident that code meets its security requirements. One way to do

that is to compare the requirements with the behavior. That is, to

understand program security, we can examine programs to see whether

they behave as their designers intended or users expected. We call such

unexpected behavior a program security flaw; it is inappropriate program

behavior caused by a program vulnerability. There is no direct mapping of

the terms "vulnerability" and "flaw" into the characterization of faults and

failures. A flaw can be either a fault or failure, and a vulnerability usually

describes a class of flaws, such as a buffer overflow. In spite of the

inconsistency, it is important for us to remember that we must view

vulnerabilities and flaws from two perspectives, cause and effect, so that we

see what fault caused the problem and what failure (if any) is visible to the


10. What are the different ways in which an operating system can

assist or offer protection?

Separating one user’s object from the other is the basic way of protection.

Separation in an operating system can occur in several ways.

Logical separation:

In which users operate under the illusion that no other processes exist, as

when an operating system constrains a program's accesses so that the

program cannot access objects outside its permitted domain

Physical separation:

Page 17: BT0088 Cryptography and Network Security1

Each and every process has its own physical objects, such as separate

printers for output requiring different levels of security.

Cryptographic separation:

Each process will protect their data and computations in such a way that

they are unintelligible to outside processes

Temporal separation:

In which processes having different security requirements are executed at

different times

There are several ways an operating system can assist,

offering protection at any of several levels.

Do not protect. Operating systems with no protection are appropriate when

sensitive procedures are being run at separate times.

Isolate. An operating system providing Isolation feature allow different

processes to run concurrently and are unaware of the presence of the each

other. Each process has its own address space, files, and other objects. The

operating system must confine each process somehow, so that the objects

of the other processes are completely concealed.

Share all or nothing. Each user declare its objects either to be public or

private. There by it will be either available to all users or only to the

owners respectively.

Share via access limitation. With protection by access limitation, the

operating system checks the allowability of each user's potential access to

an object. That is, access control is implemented for a specific user and a

Page 18: BT0088 Cryptography and Network Security1

specific object. Lists of acceptable actions guide the operating system in

determining whether a particular user should have access to a

particular object. In some sense, the operating system acts as a guard

between users and objects, ensuring that only authorized accesses occur.

Share by capabilities. An extension of limited access sharing, this form of

protection allows dynamic creation of sharing rights for objects. The

degree of sharing can depend on the owner or the subject, on the context

of the computation, or on the object itself.

Limit use of an object. This form of protection limits not just the access to

an object but the use made of that object after it has been accessed. For

example, a user may be allowed to view a sensitive document, but not to

print a copy of it. More powerfully, a user may be allowed access to data in

a database to derive statistical summaries (such as average salary at

a particular grade level), but not to determine specific data values (salaries

of individuals).