UNIT-1 Symmetric Cipher Model Prof. R. K. Karangiya [email protected] Information Information & & Network Network Security Security (2170709) (2170709) Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology Outline Introduction Security Objectives OSI Security Architecture Security Attacks Security Services Security Mechanism Symmetric Cipher Model Cryptography Cryptanalysis and Attacks Substitution and Transposition Techniques Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute
Institute of of Engineering Engineering & & Technology Technology 22 Introduction to Information & N/W Security Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 33 Information & Network Security What is Information ? The processed form of data or meaningful data is called information. Basically, information is the message that is being conveyed. Data Process Information What is Security ?
1. Computer Security : Generic name for the collection of tools designed to protect data. 2. Network and Internet Security : Measures to protect data during their transmission over a collection of interconnected networks. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 44 Key Security Objectives Goal/Objectives of Security : 1. Confidentiality 2. Integrity 3. Availability 4. Authenticity 5. Accountability Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of
of Engineering Engineering & & Technology Technology 55 Confidentiality 1. Confidentiality: Data confidentiality: Assure confidential information not made available to unauthorized individuals. Example : Individual files are locked and secured Bob Alice Packet sniffing, illegal copying Attacker Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 66 Confidentiality Privacy: Assure individuals can control what information related to them is collected, stored, distributed.
Privacy is the right of an individual to protect personal or sensitive information. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 77 Integrity 2. Integrity : Data integrity: Assure information and programs are changed only in a authorized manner. Message Alice Bob Modifies the message, or Inserts a new one. Message How can Bob be sure that message really comes from Alice? Attacker Unit-1:
Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 88 Integrity System integrity: Assure system performs intended function. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 99 Availability 3. Availability : Assure that systems work promptly and service is not denied to authorized users.
www.amazon.com User Browser working Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Server down Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 10 10 Authenticity 4. Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that each input arriving at the system came from a trusted source. Password Unit-1: Unit-1: Symmetric Symmetric Cipher
Cipher Model Model + Verification = Access Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 11 11 Authenticity I am User A Transfer Rs. 1,00,000 From A to C. User A Bank User C Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model
Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 12 12 Accountability 5. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation(assurance that someone cannot deny something). User A Transfer Rs. 1,00,000 to Bank Bank Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology
Technology 13 13 Impact of Security Breaches Effectiveness of primary operations are reduced Example: Hackers compromised exam question paper. Financial loss Example: The cost of repairing a company database once its been compromised. Damage to assets Example: Hackers compromised Amazon Web Services account and demanded a ransom. When the company declined, the hacker started destroying their resources. Harm to individuals Example: Hackers compromised patience database and change it. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 14 14 OSI Security Architecture Systematic approach to define requirements for security and approaches to satisfying those requirements
The OSI (Open Systems Interconnection) security architecture focuses on Security Attacks, Mechanisms, and Services. Security Attack: Any action that compromises the security of information owned by an organization. Security Mechanism: A process that is designed to detect, prevent, or recover from a security attack. Security Service: A communication service that enhances the security of the data processing systems and the information transfers of an organization. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 15 15 Security Attacks Security Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources. 1. Release of message contents 2. Traffic analysis Relatively hard to detect, but easier to prevent An active attack attempts to alter system resources or affect their operation. 1. Masquerade 2. Replay
3. Modification of messages 4. Denial of service. Relatively hard to prevent, but easier to detect Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 17 17 1. Release of message contents (Passive Attack) A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. Attack on Confidentiality. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering &
& Technology Technology 18 18 2. Traffic Analysis (Passive Attack) In such attacks, an attacker analyses the traffic and observes the frequency and length of exchanged messages. He uses all this information to predict the nature of communication. Studying the flow of "traffic" to find patterns of behaviour. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 19 19 1. Masquerade Attack (Active Attack) A masquerade takes place when one entity pretends to be a different entity. A masquerade attack is an attack that uses a fake identity to gain unauthorized access to personal information. Attack on Authentication. Unit-1: Unit-1: Symmetric
Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 20 20 2. Replay Attack (Active Attack) Replay attack involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Replay attack is to replay the message sent to a network by an attacker, which was earlier sent by an authorized user. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 21 21
3. Modification of messages Attack (Active Attack) Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. Attack on Integrity. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 22 22 4. Denial of Service Attack (Active Attack) The denial of service attack prevents the normal use or management of communications facilities. Sending large number of packets to block the server. Attack on Availability. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of
of Engineering Engineering & & Technology Technology 23 23 Security Services Security Services (X.800) X.800 standard defines a security service as a service that is provided by a protocol layer of communicating open systems and that ensures security of the systems or of data transfers. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 25 25 Security Services Authentication Access Control
Data Confidentiality Data Integrity Non Repudiation Peer Entity Authentication Connection Confidentiality Connection Integrity with recovery Non Repudiation Origin Data Origin Authentication Connection less Confidentiality Connection Integrity with out recovery Non Repudiation Destination Selective Repeat Confidentiality Selective Field Connection
Integrity Traffic Flow Confidentiality Connection less Integrity Selective Field Connection less Integrity Authentication Authentication is the assurance that the communicating entity is the one that it claims to be. 1. Peer Entity Authentication: Used Who you are ? in association with a logical (biometrics) connection (TCP) to provide confidence in the identity of the Physical entities connected. authentication 2. Data-Origin Authentication: In a where you are ? connectionless (UDP) transfer, provides assurance that the What you know ? source of received data is as Password One-time Password(OTP) claimed. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering &
& Technology Technology 27 27 Security Services Authentication Access Control Data Confidentiality Data Integrity Non Repudiation Peer Entity Authentication Connection Confidentiality Connection Integrity with recovery Non Repudiation Origin Data Origin Authentication Connection less Confidentiality
Connection Integrity with out recovery Non Repudiation Destination Selective Repeat Confidentiality Selective Field Connection Integrity Traffic Flow Confidentiality Connection less Integrity Selective Field Connection less Integrity Access Control Access control is the prevention of unauthorized use of a resource This service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do. User A User B Human resources network Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model
Model Development network Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 29 29 Security Services Authentication Access Control Data Confidentiality Data Integrity Non Repudiation Peer Entity Authentication Connection Confidentiality Connection Integrity with recovery
Non Repudiation Origin Data Origin Authentication Connection less Confidentiality Connection Integrity with out recovery Non Repudiation Destination Selective Repeat Confidentiality Selective Field Connection Integrity Traffic Flow Confidentiality Connection less Integrity Selective Field Connection less Integrity Data Confidentiality Data confidentiality is the protection of data from unauthorized disclosure. 1. Connection Confidentiality: The protection of all user data on a connection.
2. Connectionless Confidentiality: The protection of all user data in a single data block. 3. Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a connection or in a single data block. 4. Traffic-Flow Confidentiality: The protection of the information that might be derived from observation of traffic flows. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 31 31 Security Services Authentication Access Control Data Confidentiality Data Integrity
Non Repudiation Peer Entity Authentication Connection Confidentiality Connection Integrity with recovery Non Repudiation Origin Data Origin Authentication Connection less Confidentiality Connection Integrity with out recovery Non Repudiation Destination Selective Repeat Confidentiality Selective Field Connection Integrity Traffic Flow Confidentiality
Connection less Integrity Selective Field Connection less Integrity Data Integrity Data integrity is the assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Channel Bob Alice Both are same Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 33 33
Data Integrity (Cont) Connection Integrity with Recovery: Provides integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data with recovery attempted. Connection Integrity without Recovery: As above, but provides only detection without recovery. Selective-Field Connection Integrity: Provides integrity of selected fields within the user data and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 34 34 Data Integrity (Cont) Connectionless Integrity: Provides integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity: Provides integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified.
Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 35 35 Security Services Authentication Access Control Data Confidentiality Data Integrity Non Repudiation Peer Entity Authentication Connection Confidentiality Connection Integrity with
recovery Non Repudiation Origin Data Origin Authentication Connection less Confidentiality Connection Integrity with out recovery Non Repudiation Destination Selective Repeat Confidentiality Selective Field Connection Integrity Traffic Flow Confidentiality Connection less Integrity Selective Field Connection less Integrity Non Repudiation Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a
communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. Transfer Rs. 1,00,000 to Bank After few days User A I have never requested to transfer Rs. 1,00,000 to Bank Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Bank Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 37 37 Non Repudiation (Cont) Nonrepudiation-Origin: Proof that the message was sent by the specified party. Nonrepudiation-Destination: Proof that the message was received by the specified party. Unit-1: Unit-1: Symmetric
Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 38 38 Security Mechanisms Security Mechanisms (X.800) Techniques designed to prevent, detect or recover from attacks No single mechanism can provide all services Common in most mechanisms: cryptographic techniques Specific security mechanisms: Integrated into the appropriate protocol layer in order to provide some of the OSI security services. Pervasive security mechanisms: Not integrated to any particular OSI security service or protocol layer Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering &
& Technology Technology 40 40 Security Mechanism (Specific security) Encipherment: Hiding or covering data using mathematical algorithms. Digital Signature: The sender can electronically sign the data and the receiver can electronically verify the signature. Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 41 41 Security Mechanism (Specific security) Authentication Exchange: Two entities exchange some messages to prove their identity to each other. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control: Selecting and continuously changing routes between sender and receiver to prevent opponent(attacker) from eavesdropping. Notarization: The use of a trusted third party to assure and control the communication. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 42 42 Model for Network Security Trusted third party (e.g., arbiter, distributer of secret information) Secret Information Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Opponent
(Attacker) Recipient Security -related Transformation Message Info. Channel Secure Message Security -related Transformation Secure Message Message Sender Secret Information Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 43 43
Encryption and Decryption Sender Hello Encryption Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model f7#er Decryption Hello Receiver Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 44 44 Symmetric Cipher Model (Conventional Encryption) Secret key shared by sender and recipient Secret key shared by
sender and recipient K K Transmitted cipher text Y = E(K, X) X Plaintext input Encryption Algorithm (e.g. AES) X Decryption Algorithm Plaintext (reverse of encryption output algorithm) Plaintext the message oralgorithm. data that the is fed into The secretiskey isoriginal also input
to the Decryption essentially the encryption algorithm run in Ciphertext isalgorithm the scrambled message produced as output. An original message isis intelligible known asencryption the plaintext, while coded the algorithm input. The key isison aas value independent of thekey. plaintext and of the reverse. It depends
the plaintext and the secret message called the ciphertext. Encryption various substitutions and algorithm. It takes the ciphertext andperforms the secret key and produces original ciphertext is an apparently random stream of data and, as it The process ofalgorithm converting from plaintext to ciphertext isthe known
as transformations on the plaintext. The algorithm produce a restoring different output depending on the plaintext. stands, is unintelligible. enciphering orwill encryption; the plaintext from specific keyisbeing used at or thedecryption. time. ciphertext deciphering Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering
Engineering & & Technology Technology 45 45 Terminology Plaintext: original message Ciphertext: encrypted or coded message Encryption: convert from plaintext to ciphertext (enciphering) Decryption: restore the plaintext from ciphertext (deciphering) Key: information used in cipher known only to sender/receiver Cipher: a particular algorithm (cryptographic system) Cryptography: study of algorithms used for encryption Cryptanalysis: study of techniques used for decryption without knowledge of plaintext Cryptology: areas of cryptography and cryptanalysis Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 46 46 Cryptography and Cryptanalysis Cryptography(Secret Writing) is the process of protecting
information by transforming it into a secure (unreadable) format. Hello Cryptography $!dzx Cryptanalysis is the decryption and analysis of encrypted text. Cryptanalysis uses mathematical formulas to search algorithm vulnerabilities and break into cryptography. $!dzx Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Cryptanalysis Hello Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 47 47 An opponent, observing Y but not having access to K or X, may attempt to recover X or K or both X and K. If the opponent is interested in only this particular message, then he will focus to recover X by generating a plaintext estimate . Often, however, the opponent is interested in being able to read
future messages as well, in which case an attempt is made to recover K by generating an estimate . Requirements and Assumptions Requirements for secure use of symmetric encryption: 1. Strong encryption algorithm: Given the algorithm and cipher text, an attacker cannot obtain key or plaintext. 2. Shared secret keys: sender and receiver both have shared a secret key; no-one else knows the key(keep it secret). Assumptions: Cipher is known Secure channel to distribute keys Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 49 49 Cryptanalysis and Brute-Force Attack Objective of attacker: recover key (not just message) Approaches of attacker: Cryptanalysis: This type of attack exploits the characteristics of the algorithm to attempt to derive a specific plaintext or to derive the key being used. Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is
obtained. On average, half of all possible keys must be tried to achieve success. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 50 50 Attacks on Encrypted Messages Type of Attack Known to cryptanalyst Ciphertext Only Encryption algorithm, Ciphertext Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute
Institute of of Engineering Engineering & & Technology Technology 51 51 Attacks on Encrypted Messages Type of Attack Known to cryptanalyst Known Plaintext Encryption algorithm, Ciphertext, One or more plaintextcipher text pairs formed with the secret key Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 52 52 Attacks on Encrypted Messages Type of Attack Known to cryptanalyst
Chosen Plaintext Encryption algorithm, Ciphertext, Plaintext message chosen by cryptanalyst Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 53 53 Attacks on Encrypted Messages Type of Attack Known to cryptanalyst Chosen Ciphertext Encryption algorithm, Ciphertext, Ciphertext chosen by cryptanalyst, with its corresponding decrypted plaintext generated with the secret key Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model
Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 54 54 Attacks on Encrypted Messages Type of Attack Known to cryptanalyst Chosen text Encryption algorithm, Ciphertext, Plaintext chosen by cryptanalyst, with its corresponding ciphertext generated with the secret key , Ciphertext chosen by cryptanalyst, with its corresponding decrypted plaintext generated with the secret key Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology
55 55 Substitution Techniques A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. If plaintext viewed as sequence of bits, replace plaintext bit patterns with ciphertext bit patterns. 1. 2. 3. 4. 5. 6. Caesar Cipher Monoalphabetic Cipher Playfair Cipher Hill Cipher Polyalphabetic Ciphers One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 56 56
1. Caesar Cipher The Caesar Cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. For encryption algorithm is: C = E(3, P) = (P + 3) mod 26 For decryption algorithm is: P = D(3, C) = (C - 3) mod 26 Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 57 57 Caesar Cipher (Cont) Let us assign a numerical equivalent to each letter a b c d e f g h
i j 0 1 2 3 4 5 6 7 8 9 n o p q r s t u v w 13 14 15 16 17 18 19 20 21 22 k 10 x 23 l 11 y 24 m 12 z 25
C = E(3, P) = (P + 3) mod 26 Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: d e f g h i j k l m n o p q r s t u v w x y z a b c Example: Plaintext: THE QUICK BROWN FOX Ciphertext: WKH TXLFN EURZQ IRA Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 58 58 Caesar Cipher (Cont) Generalised Caesar Cipher Allow shift by k positions. Encryption : C = E(K, P) = (P + K) mod 26 Decryption : P = D(K, C) = (C - K) mod 26 Modulo for negative number is = N- (B%N)
Example : -11 mod 26 = 15 26-(11%26) = 15 Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 59 59 Caesar Cipher Examples 1. Plaintext: networksecurity 2. Cipher: exxegoexsrgi Key: 4 Plaintext : attackatonce Key: 7 uladvyrzljbypaf 3. Cipher: kyzj dvjjrxv zj vetipgkvu Key: 17 Plain: this message is 4. Plain: encrypted information security Key: l Cipher: tyqzcxletzy dpnfctej
Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 60 60 Brute force attack on Caesar Cipher The encryption and decryption algorithms are known. There are only 25 keys to try, e.g. k=1, k=2, The language of the plaintext is known and easily recognizable. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 61 61
Brute force attack on Caesar Cipher Ciphertext: ZNK WAOIQ HXUCT LUD Key 1 2 3 4 5 6 7 8 9 10 11 12 13 Transformed text YMJ VZNHP GWTBS KTC XLI UYMGO FVSAR JSB WKH TXLFN EURZQ IRA VJG SWKEM DTQYP HQZ UIF RVJDL CSPXOGPY THE QUICK BROWN FOX SGD PTHBJ AQNVM ENW RFC OSGAI ZPMUL DMV QEB NRFZH YOLTK CLU PDA MQEYG XNKSJ BKT OCZ LPDXF WMJRI AJS NBY KOCWE VLIQH ZIR MAX JNBVD UKHPG YHQ Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model
Key 14 15 16 17 18 19 20 21 22 23 24 25 Transformed text LZW IMAUC TJGOF XGP KYV HLZTB SIFNE WFO JXU GKYSA RHEMD VEN IWT FJXRZ QGDLC UDM HVS EIWQY PFCKB TCL GUR DHVPX OEBJA SBK FTQ CGUOW NDAIZ RAJ ESP BFTNV MCZHY QZI DRO AESMU LBYGX PYH CQN ZDRLT KAXFW OXG BPM YCQKS JZWEV NWF AOL XBPJR IYVDU MVE Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 62
62 Substitution Techniques 1. Caesar Cipher 2. Monoalphabetic Cipher 3. Playfair Cipher 4. Hill Cipher 5. Polyalphabetic Ciphers 6. One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 63 63 2. Monoalphabetic Cipher (Simple substitution) It is an improvement to the Caesar Cipher. Instead of shifting the alphabets by some number, this scheme uses some permutation of the letters in alphabet. Use a single alphabet for both plaintext and cipher text. Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: y n l k x b s h m i w d p j r o q v f e a u g Example: t z c
Cipher: kxlvzofemrj Plaintext:decrypstion Try Brute force attack : With 26 letters in alphabet, the possible permutations are 26! Keys (>4x1026) Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 64 64 Attack on Monoalphabetic Cipher The relative frequencies of the letters in the ciphertext (in %) are Ciphertext: uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvuephzh mdzshzowsfpappdtsvpquzwymxuzuhsxepyepopdzszufpombzwp fupzhmdjudtmohmq In our ciphertext, the most common digram is ZW, which appears three times. So equate Z with t, W with h and P with e. Now notice that the sequence ZWP appears in the ciphertext, and we can translate that sequence as the. Unit-1: Unit-1: Symmetric Symmetric Cipher
Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 65 65 Attack on Monoalphabetic Cipher (Cont) If the cryptanalyst knows the nature of the plaintext, then the analyst can exploit the regularities of the language. The relative frequency of the letters can be determined and compared to a standard frequency distribution for English. If the message were long enough, this technique alone might be sufficient, but because this is a relatively short message, we cannot expect an exact match. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 66
66 Substitution Techniques 1. Caesar Cipher 2. Monoalphabetic Cipher 3. Playfair Cipher 4. Hill Cipher 5. Polyalphabetic Ciphers 6. One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 67 67 3. Playfair Cipher The Playfair algorithm is based on a 5 5 matrix (key) of letters. The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Example: Keyword= OCCURRENCE Plaintext= TALL TREES Unit-1:
Unit-1: Symmetric Symmetric Cipher Cipher Model Model O C U R E N A B D F G H I/J K L M P
Q S T V W X Y Z Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 68 68 Playfair Cipher - Encrypt Plaintext Operate on pair of letters (digram) at a time. Special: if digram with same letters appears, separate by special letter (e.g. x) Plaintext= TALL TREES Plaintext= TA LX LT RE ES If there is an odd number of letters, then add uncommon letter to complete digram, a X/Z may be added to the last letter. Plaintext= NETWORK Plaintext= NE TW OR KX
Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 69 69 Playfair Cipher - Encrypt Plaintext Map each pair in key matrix Plaintext: TA LX LT RE ES Ciphertext: PF IZ TZ EO RT O C U R E N A
B D F G H I/J K L M P Q S T V W X Y Z If the
on different rows and columns, replace the theletters letters lettersare appear appear on onthe thesame same column, row, replace replace them themthem with withwith the the letters on other corner of the same row. letters toimmediately their immediate below, right wrapping
respectively, around wrapping to the around top to if The order - the first letter of the pair should be the necessary. left sideisofimportant the row if necessary. replaced first. using the table above, For example, above, the the letter letter pair pair RE LT would be For example, encoded as EO. TZ.using the table above, the letter pair TA would be encoded as PF. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of
of Engineering Engineering & & Technology Technology 70 70 Playfair Cipher - Is it Breakable? Better than monoalphabetic: relative frequency of digrams much less than of individual letters. But relatively easy (digrams, trigrams, expected words) Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 71 71 Playfair Cipher Examples 1. Key= engineering Plaintext= test this process Plaintext= come to the 2. Key= keyword window 3. EKey=
Plaintext=Kgreet N Gmoonmission I R Encrypted Message: E Y W Encrypted Message: A H P V B K Q W C L S X D M T Y F O U Z pi tu pm gt ue lf gp xg M A F P V
O B G Q W N C H R X I D K T Y S E L U Z Encrypted Message: hq cz du Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model O R C F L
M S T Z D A B Lc nk zk vf yo gq ce bw G H I N P Q U V X Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 72 72 Playfair Cipher Examples 4. Key: EXAMPLE Ciphertext: UA ARBED EXAPO PR QNX AXANR E X A M P
L B C D F G H I/J K N O Q R S T U V W Y
Z Pair: UA AR BE DE XA PO PR QN XA XA NR Plaintext: we wi lx lm ex et at th ex ex it Plaintext: we wilxl mexet at thex exit Plaintext: we will meet at the exit Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 73 73 Substitution Techniques 1. Caesar Cipher 2. Monoalphabetic Cipher 3. Playfair Cipher 4. Hill Cipher 5. Polyalphabetic Ciphers 6. One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan
Darshan Institute Institute of of Engineering Engineering & & Technology Technology 74 74 4. Hill Cipher Hill cipher is based on linear algebra Each letter is represented by numbers from 0 to 25 and calculations are done using modulo 26. Encryption and decryption can be given by the following formula: Encryption: C=PK mod 26 Decryption: P=CK-1 mod 26 mod 26 Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 75
75 Hill Cipher Encryption To encrypt a message using the Hill Cipher we must first turn our keyword and plaintext into a matrix (a 2 x 2 matrix or a 3 x 3 matrix, etc). Example: Key = HILL, Plaintext = EXAM a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x
y z 13 14 15 16 17 18 19 20 21 22 23 24 25 = = Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 76 76 Hill Cipher Encryption (Cont) E A 4 0 == Plaintext = ( X )( M ) ( 23 )(12 ) C=PK mod 26 ( 7 11 8
11 4 23 )( ) ( 7 11 8 11 0 12 )( ) x 4 + 8 x 23 = 212 x 0 + 8 x 12 = 96 x 4 + 11 x 23 = 297 x 0 + 11 x 12 = 132 ( 7 11 8 11 4 2 12
= 23 297 )( ) ( = mod 26 = ) ( 7 11 8 11 0 96 = 12 132 )( ) ( ) = mod 26 = Ciphertext = ELSC Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan
Darshan Institute Institute of of Engineering Engineering & & Technology Technology 77 77 Hill Cipher Decryption -1 P=CK mod 26 Step 1: Find Inverse of key matrix Step 2: Multiply the Multiplicative Inverse of the Determinant by the Adjoin Matrix Step 3: Multiply inverse key matrix with ciphertext matrix to obtain plaintext matrix Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 78 78 Step 1: Inverse of key matrix
2 X 2 inverse of matrix [ a c b d ] 1 = 1 d ad cb c [ b a ] 3 X 3 inverse of matrix 1 A = adjoin( A) determinant ( A ) 1 Unit-1: Unit-1: Symmetric Symmetric Cipher
Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 79 79 Step 1: Inverse of key matrix 7 I nverse Key 11 ( 1 11 11 1 1 ( 1 11 15 15 ( 8 11
8 7 18 mod 26 7 ) Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model ) 1 = 1 11 77 88 11 ( 8 7 ) ) -11 mod 26 = 15 Because, modulo for negative number is = N- (B%N) = 26 (11%26)
Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 80 80 Step 2: Modular (Multiplicative) inverse The inverse of a number A is 1/A since A * 1/A = 1 e.g. the inverse of 5 is 1/5 In modular arithmetic we do not have a division operation. The modular inverse of A (mod C) is A-1 (A * A-1) 1 (mod C) Example: The modular inverse of A mod C is the B value that makes A * A-1 mod C = 1 A = 3, C = 11 Since (3*4) mod 11 = 1, 4 is modulo inverse of 3 12 A = 10, C = 17 , A-1 = ? Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology
81 81 Step 2: Modular (Multiplicative) inverse Determinants multiplicative inverse Modulo 26 Determinant 1 3 Inverse Modulo 26 1 9 21 15 3 19 7 23 11 5 17 25 1 15 ( 11 15 5 7 9 11 15 17 19 21 23 25 18 7 ) mod 26 Multiplicative inverse of is 7
Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 82 82 Step 2: Multiply with adjoin of matrix ( 11 15 18 77 = 7 10 5 ) ( 7 thus , if K = ( 11 X%Y 7
1 26 25 = 49 1 ) ( 22 mod 26 23 ) 8 1 25 then K = 11 1 = X-(X/Y)*Y ) ( 22 23 ) 77%26 = 77-(77/26)*26 = 77-(2)*26 = 77-52 = 25 Unit-1:
Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 83 83 Hill Cipher Encryption (Cont) E S 4 18 = Ciphertext = ( L )( C ) (11)( 2 ) P=CK-1 mod 26 ( 25 1 22 23 4 11 )( )
( 25 1 22 23 18 2 )( ) x 4 + 22 x 11 = 342 x 18 + 22 x 2 = 494 x 4 + 23 x 11 = 257 x 18 + 23 x 2 = 64 ( 25 1 22 23 4 342 = 11 257 )( ) ( ) = mod 26 =
( 7 11 8 11 0 494 = 12 64 )( ) ( ) = mod 26 = Plaintext = EXAM Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 84 84 Hill Cipher Examples
1. Key: Hill Plaintext: short example Ciphertext: APADJ TFTWLFJ 2. Key: ACBA Plaintext: DR GREER ROCKS (A=1, B=2, ) Ciphertext: FZIFTOTBXGPO 3. Key:DACB Ciphertext: SAKNOXAOJ (A=1,B=2,) Plaintext: WELOVEMATH Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 85 85 Substitution Techniques 1. Caesar Cipher 2. Monoalphabetic Cipher 3. Playfair Cipher 4. Hill Cipher 5. Polyalphabetic Ciphers
6. One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 86 86 5. Polyalphabetic Cipher Monoalphabetic cipher encoded using only one fixed alphabet Polyalphabetic cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. 1. Vigenere cipher 2. Vernam cipher Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering &
& Technology Technology 87 87 Plaintext K e y PT = HELLO KEY = GMGMG CT = NQRXU Vigenere Cipher Keyword : DECEPTIVE Key : DECEPTIVEDECEPTIVEDECEPTIVE Plaintext : WEAREDISCOVEREDSAVEYOURSELF Key must be as long as plaintext else repeat a keyword Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ C = ( P 1+ K 1 , P 2+ K 2 , P m + K m ) mod 26 P= ( C 1 K 1 , C 2 K 2 , C m K m ) mod 26 An analyst looking at only the ciphertext would detect the repeated sequences VTW at a displacement of 9 and make the assumption that the keyword is either three or nine letters in length. Keyword : DECEPTIVE Key
: DECEPTIVEWEAREDISCOVEREDSAV Plaintext : WEAREDISCOVEREDSAVEYOURSELF Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model This system is referred as an auto key system Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 89 89 Vigenere Cipher Multiple ciphertext letters for each plaintext letter. Weakness is repeating, structured keyword. Example: Plaintext: internet technologies Key: cryptography Cipher using standard algorithm: kertkbkk ttjfpfjdzm Cipher using auto key system:kertkbkk ttjfvbesxl Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model
Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 90 90 Vernam Cipher The ciphertext is generated by applying the logical XOR operation to the individual bits of plaintext and the key stream. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 91 91 Substitution Techniques 1. Caesar Cipher 2. Monoalphabetic Cipher 3. Playfair Cipher 4. Hill Cipher
5. Polyalphabetic Ciphers 6. One-Time Pad Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 92 92 6. One time pad Similar to Vigenere, but use random key as long as plaintext. Only known scheme that is unbreakable (unconditional security) Ciphertext has no statistical relationship with plaintext. Given two potential plaintext messages, attacker cannot identify the correct message. Two practical limitations: 1. Difficult to provide large number of random keys 2. Distributing unique long random keys is difficult Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute
Institute of of Engineering Engineering & & Technology Technology 93 93 One time pad Attacker knows the ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS Attacker tries all possible keys. Two examples: key1: pxlmvmsydofuyrvzwctnlebnecvgdupahfzzlmnyih Plaintext1: mr mustard with the candlestick in the hall key2: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt Plaintext2: miss scarlet with the knife in the library There are many other legible plaintexts obtained with other keys. No way for attacker to know the correct plaintext Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 94 94
Transposition Techniques A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols. The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. For example, to send the message Meet me at the park to Bob, Alice writes E M E A M T T E She then creates the ciphertext: Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model A E T H P
K R MEMATEAKETETHPR Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 96 96 Rail Fence Transposition Easy to break: letter frequency analysis to determine depth. Example: Plaintext: internettechnology Depth: 3 Cipher: IRTNGNENTEHOOYTECL I R N E T N T Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model
Model T E N E H C G O O Y L Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 97 97 Rows/Columns Transposition Plaintext letters written in rows. Ciphertext obtained by reading column-by-column, but rearranged. Key determines order of columns to read. Key: Plaintext:
Ciphertext: 4 A O D W 3 T S U O 1 T T N A 2 A P T M 5 C O I X 6 K N L Y
7 P E T Z TTNA APTMTSUO AODW COIX KNLY PETZ Easy to break using letter frequency (try different column orders) Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 98 98 Rows/Columns Transposition Transposition ciphers can be made stronger by using multiple stages of transposition Plaintext: securityandcryptography Key: 315624 Ciphertext:EYYARDOYSTRRICGCAPPUNTH Transpose again using same key: Ciphertext:YYCURRAHEOIPDRPYSGNATCT Unit-1: Unit-1: Symmetric
Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 99 99 Cryptographic Algorithms Cryptographic algorithms and protocols can be grouped into four main areas Cryptographic algorithms and protocols Symmetric encryption Asymmetric encryption Data integrity algorithms Authentication protocols Data Authentication integrity algorithms Protocols
used are schemes protect based blocks of ondata, the such usesuch as of Symmetric Asymmetric encryption encryption used used to to to conceal secure the small contents blocks of of data, blocks or messages, alteration. cryptographic algorithms designed to authenticate
theare identity streams as encryption offrom data keys of any and size, hash including function messages, values, which files, encryption used of in entities. keys, digital and signatures. passwords Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology
100 100 Threat and Attack Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could crack security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An violation on system security that derives from an intelligent threat; that is, an intelligent act that is a calculated attempt to avoid security services and violate the security policy of a system. Unit-1: Unit-1: Symmetric Symmetric Cipher Cipher Model Model Darshan Darshan Institute Institute of of Engineering Engineering & & Technology Technology 101 101
Proposed NSLS X13B Microdiffraction Instrument Source & Optics
Proposed NSLS X13B Microdiffraction Instrument Source & Optics James M. Ablett National Synchrotron Light Source NSLS 2.8 GeV X-ray Storage Ring MGU EPW X13 Straight-Section NSLS 'Hard' X-Ray Sources Photon Energy [keV] MGU IVUN NSLS Bending Magnet X21 / X25...