Cryptography&NetworkSecurity Unit 1
Cryptography&NetworkSecurity Unit 1
Cryptography&NetworkSecurity Unit 1
The term is derived from the Greek word kryptos, which means hidden.
Cryptography is the study of secure communications techniques that allow only the sender and
intended recipient of a message to view its contents.
• Cryptography is the science of writing in secret code so that no other person except the
intended recipient could read
NETWORK SECURITY
Network Security consists of the provisions and policies adapted by network Administrator to
prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and
network-accessible-resources
Cryptography is the practice and study of techniques for secure communication in the presence of
third parties. More generally, it is about constructing and analyzing protocols that overcome the
influence of attackers or outside people and which are related to various aspects in information
security such as data confidentiality, data integrity, authentication, and non-repudiation. Applications
of cryptography include ATM cards, computer passwords.
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables
you to store sensitive information or transmit it across insecure networks (like the Internet) so that it
cannot be read by anyone except the intended recipient.
Cryptography is the study and practice of techniques for secure communication in the presence of
third parties called adversaries. It deals with developing and analyzing protocols that prevents
malicious third parties from retrieving information being shared between two entities thereby
following the various aspects of information security. Secure Communication refers to the scenario
where the message or data shared between two parties can’t be accessed by an adversary. In
Cryptography, an Adversary is a malicious entity, which aims to retrieve precious information or
data thereby undermining the principles of information security. PAIN principles are Privacy,
Integrity, Authentication and Non-repudiation are core principles of modern-day cryptography.
Privacy refers to certain rules and guidelines usually executed under confidentiality agreements
which ensure that the information is restricted to certain people or places.
Integrity refers to maintaining and making sure that the data stays accurate and consistent over its
entire life cycle.
Authentication is the process of making sure that the piece of data being claimed by the user belongs
to it.
Non-repudiation refers to the ability to make sure that a person or a party associated with a contract
or a communication cannot deny the authenticity of their signature over their document or the
sending of a message.
For example:
Plaintext : hellongitkmec
Ciphertext : ifmmpohjulnfd
Types of Cryptography:
There are several types of cryptography, each with its own unique features and applications. Some of
the most common types of cryptography include:
1. Symmetric-key cryptography: This type of cryptography involves the use of a single key to
encrypt and decrypt data. Both the sender and receiver use the same key, which must be kept secret
to maintain the security of the communication.
Hash functions: A hash function is a mathematical algorithm that converts data of any size into a
fixed-size output. Hash functions are often used to verify the integrity of data and ensure that it has
not been tampered with.
Applications of Cryptography:
Secure online transactions: Cryptography is used to secure online transactions, such as online
banking and e-commerce, by encrypting sensitive data and protecting it from unauthorized access.
Digital signatures: Digital signatures are used to verify the authenticity and integrity of digital
documents and ensure that they have not been tampered with.
Password protection: Passwords are often encrypted using cryptographic algorithms to protect them
from being stolen or intercepted.
Military and intelligence applications: Cryptography is widely used in military and intelligence
applications to protect classified information and communications.
Challenges of Cryptography:
While cryptography is a powerful tool for securing information, it also presents several challenges,
including:
Key management: Cryptography relies on the use of keys, which must be managed carefully to
maintain the security of the communication.
1. Privacy/Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle
specifies that only the sender and receiver will be able to access the information shared
between them. Confidentiality compromises if an unauthorized person is able to access a
message.
For example, let us consider sender A wants to share some confidential information with
receiver B and the information gets intercepted by the attacker C. Now the confident ial
information is in the hands of an intruder C.
2. Authentication / Availability
The principle of availability states that the resources will be available to authorize party at
all times. Information will not be useful if it is not available to be accessed.
Systems should have sufficient availability of information to satisfy the user request.
Authentication is the mechanism to identify the user or system or the entity. It ensures the
identity of the person trying to access the information. The authentication is mostly secured
by using username and password. The authorized person whose identity is preregistered can
prove his/her identity and can access the sensitive information.
3. Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the
content of the message is changed after the sender sends it but before reaching the intended
receiver, then it is said that the integrity of the message is lost.
System Integrity: System Integrity assures that a system performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of
the system.
Data Integrity: Data Integrity assures that information (both stored and in transmitted
packets) and programs are changed only in a specified and authorized manner.
4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent
through a network. In some cases the sender sends the message and later denies it.
But the non-repudiation does not allow the sender to refuse the receiver.
The following categories are used to categorize ethical dilemmas in the security system.
Security Goals
The security goals in cryptography and network security revolve around preserving data's
confidentiality, integrity, and availability. These goals are achieved through encryption, access
control, and IP security architecture in cryptography and network security to ensure data safety
while it is in motion and stored.
Confidentiality
Data Integrity
Integrity Ensures that the message received is the same as the message that was sent
Uses hashing to create a unique message digest from the message that is sent along with
the message
Recipient uses the same technique to create a second digest from the message to compare
to the original one
This technique only protects against unintentional alteration of the message
A variation is used to create digital signatures to protect against malicious alteration
Data Availabilty
Availability states that the resources will be available to authorize party at all times.
Information will not be useful if it is not available to be accessed. Systems should have
sufficient availability of information to satisfy the user request.
What are Security Attacks?
A vulnerable application could subject people and systems to several kinds of harm. An attack occurs
when a malevolent actor takes advantage of security flaws or vulnerabilities to harm others. In this
article, we’ll examine various attack methods, so that you’ll know what to watch out for when
safeguarding your application.
PassiveAttacks:
Inapassiveattack,theattacker’sgoalisjusttoobtaininformation.Thismeansthattheattackdoesnot
modify data or harm the system. Active Attacks:
Anactiveattackmaychangethedataorharmthesystem.Attacksthatthreatentheintegrityandavailability
are active attacks.
PassiveAttacks
(a) Releaseofmessagecontent–
Captureandreadthecontenttransmissions.
(b) TrafficAnalysis–
can’treadtheinformation,butobservethepattern
determinethelocationandidentityofcommunicatingparties
observefrequencyandlengthofcommunication
ActiveAttacks
(a) Masquerading:Masqueradingorsnoopinghappenswhentheattackerimpersonatessomebodyels
e.
(b) Replay–
Theattackerobtainsacopyofamessagesentbyauserandlatertriestoreplayit.
(c) Modification:Afterinterceptingor accessing information, the attackermodifies the
informationthen send to receiver.
Cryptographicattackscanbebroadlycategorizedintotwodistincttypes:
Cryptanalytic
Non-Cryptanalytic Cryptanalytic Attacks:
These attacks arecombinationsofstatistical and algebraic techniquesaimedat discover
thesecret key of a cipher.
The attacker thus guesses the key and looksforthedistinguishingproperty.if the property
is detected,theguessiscorrectotherwisethenextguessistried.
Non-CryptanalyticAttacks:
The other types of attacks arenon-cryptanalytic attacks,whichdonotexplain
themathematical weakness of the cryptographic algorithm.
Summary:
Active attacks
Passive attacks
1. Active Attacks
An active assault tries to change system resources or interfere with their functionality. Active attacks
entail some form of data stream manipulation or false statement generation. Active attacks can take the
following forms:
1.1. Masquerade
When one entity impersonates another, it commits a masquerade attack. One of the other active attack
types is included in a masquerade attack. An authorisation process can become extremely vulnerable to
a disguised attack if it isn’t always completely safeguarded. Masquerade attacks can be carried out via
stolen logins and passwords, by spotting holes in programmes, or by figuring out a way to get around the
authentication procedure.
1.2. Modification of Messages
Modification denotes that a communication has been delayed, reordered, or had a piece of it changed to
achieve an unlawful effect. Modification compromises the accuracy of the source data. In essence, it
indicates that unauthorised individuals not only access data but also spoof it by initiating denial-of-service
attacks, such as modifying sent data packets or flooding the network with false data. An assault on
authentication is manufacturing. A notification that originally said, “Allow JOHN to view confidential file X,”
for instance, is changed to say, “Allow Smith to read confidential file X.”
1.3. Repudiation
This attack happens when the login control gets tampered with or the network is not totally secure. With
this attack, the author’s information can be altered by malicious user actions in order to save fake data in
log files, up to the broad alteration of data on behalf of others, comparable to the spoofing of email
messages.
1.4. Replay
When the network is not completely secure or the login control is tampered with, an attack occurs. With
this attack, the information of the author can be changed by malicious user actions to save suspicious
data in log files, up to the widespread alteration of data on behalf of others, similar to the spoofing of
email messages.
1.5. Denial of Service
Denial of service hinders the regular use of communication infrastructure. There may be a specified target
for this attack. An entity might, for instance, suppress all messages sent to a specific location. Another
example of service denial is when an entire network is disrupted, either by network disablement or
message overload that lowers performance.
2. Passive Attacks
A passive attack does not eat up system resources and instead makes an effort to gather or use
information from the system. Attacks that are passive in nature spy on or keep track of transmission. The
adversary wants to intercept the transmission of information in order to collect it. The following are
examples of passive attacks:
2.1. Releasing Message Content
Sensitive or confidential information may be present in a telephone conversation, an email, or a
transmitted file. We want to keep an adversary from finding out what is being transmitted. In this type of
passive attack, the information transmitted from one person to another gets into the hands of a third
person/hacker. It jeopardises the confidentiality factor in a conversation.
SECURITY SERVICES
It is a processing or communication service that is provided by a system to give a
specific kind of production to system resources. Security services implement security
policies and are implemented by security mechanisms.
Confidentiality
Authentication
This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from intended
source. For an ongoing interaction two aspects are involved. First, during connection
initiation the service assures the authenticity of both parties. Second, the connection
between the two hosts is not interfered allowing a third party to masquerade as one of
the two parties. Two specific authentication services defines in X.800 are
Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of Mediaconnectionestblishment and during data
transmission. Provides confidence against a masquera or replay attack
Data origin authentication: Assumes the authenticity of source of data unit, but does
not provide protection against duplication or modification of data units. Supports
applications like electronic mail, where no prior interactions take place between
communicating entities.
Integrity
Integrity means that data cannot be modified without authorization. Like
confidentiality, it can be applied to a stream of messages, a single message or selected
fields within a message. Two t pes of integrity services are available. They are
Connection-Oriented Integrity Service: This service deals with a stream of
messages, assures that messages are received as sent, with no duplication, insertion,
modification, reordering or replays. Destruction of data is also covered here. Hence, it
attends to both message stream modification and denial of service.
Connectionless-Oriented Integrity Service: It deals with individual messages
regardless of larger context, providing protection against message modification only.
SECURITY MECHANISMS
According to X.800, the sec rity mechanisms are divided into those implemented
in a specific protocol layer and those that are not specific to any particular protocol
layer or security service. X.800 also differentiates reversible & irreversible
encipherment mechanisms. A reversible encipherment mechanism is simply an
encryption algorithm that allows data to be encrypted and subsequently decrypted,
whereas irreversible encipherment include hash algorithms and message
authentication codes used in digital signature and message authentication applications
Specific Security Mechanisms
MATHEMATICSOFCRYPTOGRAPHY
Integer Arithmetic: In Integer arithmetic,we are use a set and a few operations.
Set of Integers: The set of Integers, denoted by z, contains all integral numbers (with no
fraction) from negative infinity to positive infinity.
Binary Operations: A Binary operation takes two inputs and creates one output. Three
common binary operations defined for integers are addition, subtraction and multiplication.
Examples:
Add: 5+9=14 (-5)+9=4 5+(-9)=-4
Subtract: 5-9=-4 (-5)-9=14 5-(-9)=14
Multiply: 5x9=45 (-5)x9=-45 5x(-9)=45
Integer Division: if we divide a by n, we can get q and r. The relationship between these four
integers can be shown as
a=q x n + r
a is dividend, n is the divisor, q is quotient, r is remainder
Examples:Assume that a= 255 and n = 11.We can find q = 23 and r = 2 using the
division algorithm. We have shown in following
Two Restrictions:
• First, we require that the divisor be a positive integer(n>0).
• Second, we require that the remainder be a non-negative integer(r>0).
Divisibility:
If a is not zero and we let r=0 in the division relation, we get a = q x n
We then say that n divides a ( or n is a divisor of a ). We can also say that a is divisible by n. The
above is n | a .
If the remainder is not zero, then n does not divide a and we can write the relationship as a + n.
Ex: The integer 4 divides the integer 32 because 32 = 8 x 4. We show this is as 4 |32
The number 8 does not divide the number 42 because 42=5x8+2. There is a remainder,
the number 2, in the equation. We show this as 8+42.
Examples:
1) Since3|15and15|45,accordingtothirdproperty,3|45
2) Since3| 15and3| 9,accordingtothefourthproperty,3|(15x2+9x4),whichmeans3|66.
Example:gcd(36,10)=?
Example:gcd(2740,1760)=?
Solution:we initialize r1 to 2740 and r2 to1760 Answer:
gcd(2740,1760)=20
.
ModularArithmetic
The division relationship (a=qxn+r) has two inputs (a and n) and two outputs(q and r).
Modulo Operator:
Modulo operator is shown as mod.
The modulo operator (mod) takes an integer (a) from these t Z and a positive modulus(n). The
operator creates a non-negative residue (r).
A mod n=r
CONGRUENCE(≡)
If two numbers A and B have the property that their difference A-B is integrally divisible by a
number-C
(i.e.,(A-B)/C is an integer), then A and B are said to be "congruent modulo C. "The number C is
called the modulus, and the statement "A is congruent to B(moduloC)" is written mathematically as
A≡B(modC)
This says that “A is congruent to B modulo C”.
Example2:
Assume,-8≡12(mod10) 2≡12(mod10) 12≡22(mod10) 22≡32(mod10)
RESIDUE CLASSES
A residue class[a] is the set of integers congruent modulo n. In other words it is the set of all
integers such that x=a(mod n).
For example, if n=5,we have five sets[0],[1],[2],[3],[4] as shown below
[0]= {..... , -15 -10 ,-5,0, 5,10,15,...}
[1]= {..... , -16 -11 ,-6,1, 6,11,16,...}
[2]= {..... , -17 -12 ,-7,2, 7,12,17,...}
[3]= {..... , -18 -13 ,-8,3, 8,13,18,...}
[4]= {..... , -19 -14 ,-9,4, 9,14,19,...}
0 in [0], 1 in [1], 2 in [2], 3 in[3] and 4 in [4].. The set of these residues are shown as
Z5={0,1,2,3,4}
Applications:
We use a clock to measure time. Our clock system uses modulo 12 arithmetic. However instead of
SUTHOJU GIRIJA RANI, Assistant Professor. 4
Cryptography and Network Security NGIT-CSE
a 0 we the 12
.
MATRICES
A matrix is a rectangular array of lxm elements; in which
L is the number of rows and
M is the number of columns.
A matrix is normally denoted with an Uppercase Letter such as A. The element aij is located in the
ith row and jth column.
OPERATIONSANDRELATIONS
Relation operation: Equality:
If two matrices are equal sized and content is same then they have equality Four operations:
1. Addition
2. Subtraction
3. Multiplication
4. Scalar multiplication
Examples:
Addition:CIJ=AIJ+BIJ
Subtraction::CIJ=AIJ-BIJ
Multiplication
Multiplicationunitmatrixwithnormalmatrixgivesthesame matrix
AXI=IXA=A
DETERMINANT
IfAissquarematrixofmxmthendeterminantofAisdet(A)
WhereAijis amatrix obtained fromAby deleting the ith rowand jth column. Determinant is
obtainedfor onlysquarematrices
Det(2x2) matrix
Example:det(3x3)matrix
MATRICES-Inverses
AdditiveInverse
Theadditive inverseof thematrixAisanothermatrixBsuch thatA+B=0. In other words bij=-aij
Generally additive inverse is of A=-A Multiplicative Inverse:
Themultiplicative Inverse of asquare matrix A is a B such thatAX B= I.
NormallyMultiplicativeinverseofAisdefinedbyA-1
Multiplicativeinverseisdefinedforonlysquarematrices
Linear Congruence
SinglevariableLinearEquations:
Equationsoftheformax≡b(modn)mighthavenosolutionoralimitednumberofsolutions
Assumethatthegcd(a,n)=d.
If d + b (d not divides b), there is no solution.If d | b (d divides b), there are d solutions.
Ifd|b,weusethefollowingstrategytofindthesolutions:
Reducetheequationbydividingbothsidesoftheequation(includingthemodulus)byd.
Multiplybothsides of the reducedequationbythemultiplicativeinverseof ‘a’ tofind
theparticular solution x0.
The General solutions are x = x0+ k ( n / d ) for k = 0, 1, 2,, (d-1). Congruence-Example
Example1:Solvethe equation
10x=2(mod15).
Solution:-
Given Linear equation 10x≡ 2(mod15) In basic form ax ≡ b(mod n)
a=10;b=2;n=15
Now,findd=?
d=gcd(a,n)=gcd(10,15)
=gcd(15,10)=gcd(10,5)
PreparedbyChSamsonu,Assoc.Professor, 9
CryptographyandNetworkSecurity B.Tech(CSE)IVYearISem
=gcd(5,0)
=5
check if d+b (d not divides b), then no solution 5+2 means ‘5’ not divides ‘2’, so, The given equation
has No solution.
Example2:Solvethe equation
14 x= 12 (mod 18) Solution :- Given Linear equation
14x ≡ 12(mod 18) In basic form ax ≡ b(mod n)
a=14;b=12;n=18
d=gcd(a,n)=gcd(14,18)=gcd(18,14)
= gcd (14,4) = gcd (4,2)=gcd(2,0)=2 check, d b or d+ b
d| b→ 2|12means“2divides12”,sothegivenequationhave“2solutions”.
Givenequation 14x12(mod18)
divides‘d’onbothsidesofequation
7x6(mod9)
multiply7-1onbothsidesofabovetogetparticularsolution‘x0’.
7-1 x 7*x0 ≡6* 7-1 (mod9)
x0 ≡6x7 -1(mod9) i.e7 -1 mod9≡4
x0≡6x4(mod9)
x0≡ 24mod 9
x0≡ 6
solutionsarex=x0+k(n/d)wherek=0,1
(d=2)
if k = 0 x = x0+ 0 (n/d) x = 6+ 0 ( 18/2) = 6
x=6
ifk=1 x=x0+1((n/d)=6+1(18/2)
x=15
‘6’and‘15’aresolutionto14x12(mod18)
PreparedbyChSamsonu,Assoc.Professor, 10
TERMINOLOGY
When we send our data from the source side to the destination side we have to use some
transfer method like the internet or any other communication channel by which we are able to
send our message. The two parties, who are the principals in this transaction, must cooperate
for the exchange to take place. When the transfer of data happened from one source to another
source some logical information channel is established between them by defining a route
through the internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals. When we use the protocol for this logical
information channel the main aspect of security has come. who may present a threat to
confidentiality, authenticity, and so on. All the techniques for providing security have two
components:
1. A security-related transformation on the information to be sent.
2. Some secret information is shared by the two principals and, it is hoped, unknown to the
opponent.
A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission. This model shows that there
are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the security algorithm
and the secret information to achieve a particular security service.