CS8792 Course File Format

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 93

DEPARTMENT OF COMPUTER SCIENCE AND

ENGINEERING
COURSE FILE

CS8792 CRYPTOGRAPHY AND NETWORK SECURITY

(2017 REGULATION)

Prepared By

COURSE FACULTY: Mrs.S.POORNAM


YEAR/SEM: IV/VII

HOD IQAC Chief Principal


TABLE OF CONTENTS
S.No Title Page.No
1. Cover Page
2. Course Objectives
3. Syllabus
4. Course outcomes
5. 20 years anna university Topic wise
previous year questions
6. Topic wise Priority
7. Detailed Syllabus with Subtopics

8. Time Table
9. Course Plan
10. Unit-1 Each topic based on that
Session Plan highlighted title present
Session Objectives
Session Prerequisite
Terms and Terminologies used
Lecture Notes
Session Outcomes
Session Appraisal
11. Unit-2
Session Plan
Session Objectives
Session Prerequisite
Terms and Terminologies used
Lecture Notes
Session Outcomes
Session Appraisal
12. Unit-3
Session Plan
Session Objectives
Session Prerequisite
Terms and Terminologies used
Lecture Notes
Session Outcomes
Session Appraisal
12. Unit-4
Session Plan
Session Objectives
Session Prerequisite
Terms and Terminologies used
Lecture Notes
Session Outcomes
Session Appraisal
13. Unit-5
Session Plan
Session Objectives
Session Prerequisite
Terms and Terminologies used
Lecture Notes
Session Outcomes
Session Appraisal
14. References
15. Course Outcomes
16. 20 years anna university Topic wise
previous year questions with answers
COURSE OBJECTIVES:
The student should be made to:

 To Understand OSI security architecture and classical encryption techniques.


 To Acquire fundamental knowledge on the concepts of finite fields
and number theory.
 To Understand the cryptographic Theory, algorithms and systems.
 To Understand various block cipher and stream cipher models.
 To Describe the principles of public key cryptosystems, hash functions and
digital signature.
CS8792 CRYPTOGRAPHY AND NETWORK SECURITY

(2017 REGULATION)
SYLLABUS

CS8792 CRYPTOGRAPHY AND NETWORK SECURITY LTPC

3003

OBJECTIVES:

To understand Cryptography Theories, Algorithms and Systems.

 To understand necessary Approaches and Techniques to build protection mechanisms in


order to secure computer networks.

UNIT I INTRODUCTION 9

Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at
Multiple levels, Security Policies - Model of network security – Security attacks, services and
mechanisms – OSI security architecture – Classical encryption techniques: substitution
techniques, transposition techniques, steganography- Foundations of modern cryptography:
perfect security – information theory – product cryptosystem – cryptanalysis.

UNIT II SYMMETRIC KEY CRYPTOGRAPHY 9 MATHEMATICS OF


SYMMETRIC KEY CRYPTOGRAPHY: Algebraic structures - Modular arithmetic-Euclid’s
algorithm- Congruence and matrices - Groups, Rings, Fields- Finite fields- SYMMETRIC KEY
CIPHERS: SDES – Block cipher Principles of DES – Strength of DES – Differential and linear
cryptanalysis - Block cipher design principles – Block cipher mode of operation – Evaluation
criteria for AES – Advanced Encryption Standard - RC4 – Key distribution.

UNIT III PUBLIC KEY CRYPTOGRAPHY 9 MATHEMATICS OF ASYMMETRIC


KEY CRYPTOGRAPHY: Primes – Primarily Testing – Factorization – Euler‘s totient function,
Fermat‘s and Euler‘s Theorem - Chinese Remainder Theorem – Exponentiation and logarithm -
ASYMMETRIC KEY CIPHERS: RSA cryptosystem – Key distribution – Key management –
Diffie Hellman key exchange - ElGamal cryptosystem – Elliptic curve arithmetic-Elliptic curve
cryptography.

UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY 9 Authentication


requirement – Authentication function – MAC – Hash function – Security of hash function and
MAC – SHA –Digital signature and authentication protocols – DSS- Entity Authentication:
Biometrics, Passwords, Challenge Response protocols- Authentication applications - Kerberos,
X.509
UNIT V SECURITY PRACTICE AND SYSTEM SECURITY 9
Electronic Mail security – PGP, S/MIME – IP security – Web Security - SYSTEM SECURITY:
Intruders – Malicious software – viruses – Firewalls.

TOTAL : 45 PERIODS

OUTCOMES:

At the end of the course, the student should be able to:

 Understand the fundamentals of networks security, security architecture, threats


and vulnerabilities.

 Apply the different cryptographic operations of symmetric cryptographic algorithms.

 Apply the different cryptographic operations of public key cryptography.

 Apply the various Authentication schemes to simulate different applications.

 Understand various Security practices and System security standards.

TEXT BOOK:

1.William Stallings, Cryptography and Network Security: Principles and Practice, PHI 3rd
Edition, 2006.

REFERENCES:

1. C K Shyamala, N Harini and Dr. T R Padmanabhan: Cryptography and Network


Security, Wiley India Pvt.Ltd

2. BehrouzA.Foruzan, Cryptography and Network Security, Tata McGraw Hill 2007.

3. Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security:


PRIVATE Communication in a PUBLIC World, Prentice Hall, ISBN 0-13-046019-2

UNIT I INTRODUCTION
(I) SYLLABUS

UNIT I INTRODUCTION(9 Periods)


Security trends - Legal, Ethical and Professional Aspects of Security, Need for Security at
Multiple levels, Security Policies - Model of network security – Security attacks, services and
mechanisms – OSI security architecture – Classical encryption techniques: substitution
techniques, transposition techniques, steganography- Foundations of modern cryptography:
perfect security – information theory – product cryptosystem – cryptanalysis.
(II) 20 YEARS ANNA UNIVERSITY QUESTION PAPERS SPLIT UP
& GROUPING

TOPIC 1 : SECURITY TRENDS


(i) Legal, Ethical and Professional Aspects of Security
(ii) Need for Security at Multiple levels,
(iii) Security Policies
(iv) Model of network security

PART-A
POSSIBLE QUESTIONS
1.Differentiate unconditionally secured and computationally secured?
2.Define Encryption?
3.Specify the components of encryption algorithm?
4.What are the different types of security needed?
5.What are the laws forced in cryptography?
6.What are the three main types of intellectual property for legal protection?
7.State the need for security at multiple levels.
8.Differentiate discretionary and non-discretionary access control?
9.Define covert channel.
10.Define three types of security policies.

PART-B
1.Explain the network security model and its parameter with a neat block diagram.(13) (R-13,
Apr/May 2019) (R-08 ,Nov/Dec 2013)
2.Discuss about the different types of security
polices? 3.Explain in detail about multiple levels of
security?
4.Discuss in detail about legal,ethical and professional aspects of security?

TOPIC 2 :OSI SECURITY ARCHITECTURE


SECURITY ATTACKS, SERVICES AND
MECHANISM PART-A

1.Differentiate Active and Passive Attack.(R-13, Apr/May 2019) (R-13,Nov/Dec 2016)


(R-13, Nov/Dec 2017) (R-13, Nov/Dec 2018) (R-08,Apr/May 2011) (R-08, Nov/Dec 2014)
2.Give the types of Attack.(R-08, Nov/Dec 2011) (R-08, Apr/May 2015)
3.What are active and passive attack that compromise information security.(R-08,
May/June 2014)
4.Find 117 mod 13. (R-08, Apr/May 2015)
5. Define threat and attack. (R-04, Nov/Dec 2009)
6. What are the key principles of security? (R – 04,May/June 2004)
7. What are the types of attacks on encrypted message?
8. What are the key principles of security?
9. Define threat and attack.
10. Specify the four categories of security threads.
11. Define integrity and nonrepudiation?
12. Define security mechanism?
13. Why network need security?
14. Define confidentiality and authentication?

PART-B
1.Describe the various security Mechanism.(8) (R-13,Nov/Dec 2016)
2.Write short notes on different types of security attack and services in detail.(13) (R-13,
Nov/Dec 2019)
3.What are the different types of attack and explain.(8)(R-08, Nov/Dec 2013)(R-
08,Nov/Dec 2015)
4.Explain the OSI Architecture Model with neat diagram.(8) (R-13,Nov/Dec 2016)
5. Write short notes on
(i). Security attacks (8)
(ii). Security services. (8)
6.Explain OSI Security architecture along with the service available?(R-04, Nov/Dec 2009)

TOPIC 3: CLASSICAL ENCRYPTION TECHNIQUES


(i) Substitution Techniques
(ii) Transposition Techniques
PART-A
1. Specify the components of encryption algorithm.(R-13, Apr/May 2019)
2.Calculate the cipher text for the following text using one time pad cipher
Plain text: ROCK & KEYWORD : BOTS (R-13 , Nov/Dec 2018)
3.List the entities that are kept to be secret in conventional encryption techniques.
(R- 13,Nov/Dec 2019)
4.Convert the given text “anna university” into cipher text using rail fence technique.
(R-08,May/June 2013)
5.What is the difference between monoalphabetic and polyalphabetic cipher.
(R-08, Nov/Dec 2012)
6.Give an example each for substitution and transportation cipher. (R-08, Nov/Dec 2013)
7.List out the problems of one-Time pad.(R-08, Nov/Dec 2011)
8.What would be the transformation of the message “A successful team is a group
of manyhandsbut of one mind” using Railfence attack.(R-08, Nov/Dec 2014)
9. How does simple columnar transposition work?
10. Give any four names of substitution techniques.
11.Compare Substitution and Transposition techniques.
12.Compare stream cipher and block cipher with
example.
13. How many keys are required for two people to communicate via a cipher?
14. What are the two approaches to attacking a cipher?
15.Differentiate symmetric and asymmetric encryption?
16.How will you perform attack on Hill cipher? (R-04,Nov/Dec 2010)
17.Howdoes simple columnar transposition works?(R–04,May/
June2009)

PART-B
1. What is monoalphabeticchiper? How it is differ from Ceaserchipher?(R-13, Apr/May2019)
2.Describe: (R-13, Apr/May
2017) a)playfair cipher
b)RailFence cipher
c)vignere cipher
3.Explain classical encryption technique using symmetric cipher and hill ciphermodel?(16)
(R-13, Apr/May 2018)
4.Encrypt the following cipher using play fair cipher using the keyword
MONARCHY.“SWARAJ IS MY BIRTH RIGHT”. Use X for blank space.
(16) (R-13,Nov/Dec 2017) (R-08, Nov/Dec 2011)
5.Perform the Encryption and Decryption using Hill cipher for the following message
PEN and Key: ACTIVATED.
6.Explain in detail about the entities in the symmetric cipher model with their
requirements for secure usage of the model. (6) (R-13, Nov/Dec 2019)
7.Explain any two types of cipher Technique in detail. (16) (May/June 2012)
8.Discuss classical cryptosystem and its types.(16) (R-08,Apr/May 2011)
9.Discuss about any two classical crypto system( Substitution and Transportation) with
its types (R-08,May/June 2013) (R-08,Nov/Dec 2015)
10.Explain any two classical ciphers and describe their security limitations.
(R-08 May/June 2014)
11.Expalin the cipher Feedback and Output Feedback Block Cipher mode of operation.(8)
(R-08 Nov/Dec 2014)
12.Encrpt a message “Behavior is a mirror in which everyone displays his own image”
with a keyword MONARCHY using playfair cipher.(8) (R-08,Nov/Dec 2014)
13.Explain substitution encryption technique in detail.(16) (R-08, Apr/May 2015)
14.(i)Discuss any four Substitution Technique and list their merits and demerits.
(10) (ii)Explain in detail Transposition Technique? (6)
15.(i)Convert “MEET ME” using Hill cipher with the key matrix
(ii)Convert the cipher text back to plaintext (8)

16.a) Explain Playfair cipher &Vernam cipher in detail?


b) Convert “MEET ME” using Hill cipher with the key matrix Convert the cipher
text back to plaintext.
17.Explain the concepts of monoalphabetic cipher and polyalphabetic cipher?(16)
(R-04,Nov/Dec 2010)

TOPIC 4: STEGANOGRAPHY
PART-A
POSSIBLE QUESTIONS
1.Define steganography?
2.How the message can be encrypted and hidden using
steganography? 3.What is character Marking?
4.What is pin puncture?
5.What are the advantages of steganography?
6.What is Type writer correction ribbon?
7.List the drawbacks of steganography?
8.What is Invisible ink?
PART-B
1.What is steganography? Describe the various techniques used in steganography? (7)(R-13,
Apr/May 2019) (R-08,May/June 2013)
2.Write short notes
on a)Steganography
(8)
b) Block cipher modes of operation(8)

TOPIC 5: FOUNDATIONS OF MODERN CRYPTOGRAPHY


(i) perfect security
(ii) information theory
(iii)product cryptosystem
(iv)cryptanalysis
PART-A
POSSIBLE QUESTIONS
1.What is cryptanalysis and cryptography?(R-04,Nov ?Dec 2009)
2. Define cryptanalysis?
3.Define cryptography?
4.What is meant by product cipher?
5.Differentiate public key and conventional encryption?
6. What are the principle elements of a public key cryptosystem?
7. What are roles of public and private key?
8. Specify the applications of the public key cryptosystem?
9. What requirements must a public key cryptosystem to fulfill to a secured
algorithm? 10.List four general characteristics of schema for the distribution of the
public key. 11.What is the role of session key in public key schemes?
12.What are the three characteristics of modern cryptography?
PART-B

1.State and explain the principles of public key cryptography?

2.Explain the key management of public key encryption in detail?

3.Explain about Shannon’s Secrecy and Perfect Secrecyin detail?

4.Briefly explain about single key cryptosystem and two key cryptosystem?

(III) SYLLABUS PRIORITY


PRIORITY TITLE TOPICS PERIOD
Priority 1 Classical encryption 1.Ceaser cipher 3 Periods
techniques 2.Monoalphabetic cipher
(i)Substitution techniques 3.Play fair cipher
(ii)transposition 4.Hill cipher
techniques 5.Poly alphabetic
cipher 6.One-Time pad

Priority 2 OSI security architecture 1.Security attacks 2 Periods


2.Security services
3.Security mechanisms

Priority 3 Foundations of modern 1.Characteristic for 2 Periods


cryptography modern cryptography
2.Context of cryptography

Priority 4 Steganography 1.Character Marking 1 period


2.Invisible ink
3.Pin puncture
4.Type writer correction
ribbon

Priority 4 INTRODUCTION Security trends 1 period


1.Legal, Ethical and
Professional Aspects of
Security
2.Need for Security at
Multiple levels,
3.Security Policies
4.Model of
network security

IV) DETAILED SYLLABUS OF THE SESSION

NO OF TOPICS TITLE OF TOPICS SUBTOPICS


TOPIC 1 SESSION-1 1.Computersecurity2.InternetSecurity
1.Security trends 3.Network Security

2.Legal, Ethical and 1.Copyrights


Professional Aspects of Security 2.Patents
3.Trademark
3.Need for Security at Multiple 1.Discretionary access controls
levels 2.Nondiscretionary access controls

SESSION-2 1.Organizational(or Master) Policy


4.Security Policies 2.System-specific Policy
3.Issue-specific Policy.

5.Model of network security 1.Sender


2.Information channel
3.Receiptant
TOPIC 2 SESSION -3 1.Active Attack
OSI security architecture a)Masquerade
1.Security attacks b)Modification of messages
c)Denial of Service
2.Passive attack
Release of message contents

2.Security mechanisms 1.Specific security mechanism


2.Pervasive security mechanism

3.Securityservices 1.Authentication
2.Accesscontrol
3.Dataconfidentiality
4.Dataintegrity
5.Nonrepudiation
6.Availabilityservice

TOPIC 3 SESSION-4,5 1.Ceaser cipher


Classical encryption techniques 2.Monoalphabeticcipher
(i)Substitution techniques 3.Play fair cipher
4.Hill cipher
5.Poly alphabetic cipher
6.One-Time pad
SESSION -6 1.First Transposition
(ii)Transposition techniques 2.Second Transposition
3.Permutation

TOPIC 4 SESSION -7 1.Character Marking


steganography 2.Invisible ink
3.Pin puncture
4.Type writer correction ribbon
TOPIC 5 SESSION -8 1.Context of cryptography
Foundations of modern 2.Cryptology
cryptography (a)Cryptography
1.Characteristics of modern (b)Cryptanalysis
cryptography
2.Perfect Security 1.Shannon’s Secrecy
2.Perfect Secrecy

SESSION – 9 1.Secrecy
3.Information Theory 2.Authentication
3.Secret sharing

4.Product cryptosystems 1.Single key cryptography


2.Two key cryptography

5.Cryptanalysis 1.Cipher Text


2.Known cipher Text
3.Plain Text
COURSE PLAN

Academic Year: 2020- 21(Odd Semester)

Year/ Sem : IV/VII Course Code/Course Name: CS 8792/Cryptography and network


security

CREDITS: 3 No. of Theory /Tutorial Periods: 45 /0

TENT
TEXT/ HOUR
ATIV ACT
SL.No LECTURE REFER PAGE S
L/T E UAL
. TOPICS ENCE NO. REQUI
DAT DATE
BOOKS RED
E

UNIT I ITRODUCTION
Prerequisite work: Introduction, Basics of Cryptography
18
Security trends,Legal and ethical aspects of security,Need L 18 May 1
1 May
for security at multiple levels

T1

L 22-24 20 May 20 May 1


2 Security policy,Network security model
T2

OSI security Architecture- Security service ,security T1


L 14-20 23 May 23 May 1
3 mechanism and security attacks T2

Conventional encryption system- substitution T1


ciphers:Caeser cipher,monoalphabetic cipher and L 28-32 29 May 29 May 1
4
playfair cipher. T2

T1
Hill cipher, Polyalphabetic cipher, one Time pad L 32-34 1
5
T2

Transposition Cipher L T1 35-49 1


6

Stegnography L T1 52-54 1
7
Foundation of modern cryptography- Shanons secrecy, T1
L 1
8
perfect secrecy T2

Information Theory, product cryptosystems


1
9
Cryptanalysis

Total 09
UNIT II SYMMETRIC KEY CRYPTOGRAPHY

MATHEMATICS OF SYMMETRIC KEY


CRYPTOGRAPHY: Algebraic structures - Modular
arithmetic L T1 91-98 1
1

Euclid’s algorithm- Congruence and matrices - L T1 88-91 1


2

Groups, Rings, Fields- Finite fields T1 99-102 1


3

27-33
SYMMETRIC KEY CIPHERS: SDES L T1 1
4
61-74

Block cipher Principles of DES, L 77-80 1


5 T1
Strength of DES

Differential and linear cryptanalysis - L T1 1


6

Block cipher design principles – Block cipher mode of L 78,79 1


7 operation T1

Evaluation criteria for AES – Advanced Encryption L 129-155 1


8 Standard T1

RC4 – Key distribution.


221,222
9
Total 09
UNIT III PUBLIC KEY CRYPTOGRAPHY

MATHEMATICS OF ASYMMETRIC KEY


T1
CRYPTOGRAPHY: Primes – Primarily Testing L 231-239 1
1
Factorization

Euler‘s totient function, Fermat‘s and T1


L 236-238 1
2
Euler‘s Theorem

Chinese Remainder Theorem L T1 242-244 1


3

T1
Exponentiation and logarithm L 244-248 1
4
T2

ASYMMETRIC KEY CIPHERS: RSA cryptosystem – Key L 253-264 1


5 T1
distribution – Key management

– Diffie Hellman key exchange - L T1 286-291 1


6

ElGamal cryptosystem – L T1 292-294 1


7

Elliptic curve arithmetic 295-300


8

-Elliptic curve cryptography 300-305


9

Total
9
UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY

Authentication requirement

Authentication function L T1 355-357 27 Feb 1


1

MAC, Hash function L T1 365-368 29 Feb 1


2

Security of hash function and MAC L T1 365-367 4 Mar 1


3
SHA L T1 329-350 5 Mar 1
4

Digital signature and authentication protocols L T1 393-395 7 Mar 1


5

DSS, Entity L T1 385-397 11 Mar 1


6

Authentication: Biometrics, Passwords, Challenge T1


L 355-365 12 Mar 1
7 Response protocols- Authentication applications T2

T2
Kerberos L 18 Mar 1
8
T1 458-475

T2 435-442
X.509 L 19 Mar 1
9
T1

Total 9

UNIT V SECURITY PRACTICE AND SYSTEM SECURITY

L T1 590 1
1 Electronic Mail security

PGP L T1 591-598 1
2

S/MIME L T2 599-614 r 1
3

IP security L T2 626-632 1
4

Web Security L T2 523-525 1


5

L T1 Chp.22 1
6 SYSTEM SECURITY: Intruders

Malicious software L T1 Chp.21 1


7

8 viruses Chp.23

Firewalls.
9 Chp.23

Total 9
CUMULATIVE 45
TOTAL

SESSION -1: SYLLABUS


Security trends – Computersecurity,InternetSecurity,Network Security.Legal, Ethical and
Professional Aspects of Security- Copyrights,Patents,Trademark.Need for Security at Multiple
levels- Discretionary access controls,Nondiscretionary access controls.Security Policies -
Organizational(or Master) Policy,System-specific Policy,Issue-specific Policy.Model of network
security-Sender,Information channel,Receiptant.

(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies used PPT PPT
Minutes
10 Security trends PPT PPT
Minutes
10 Legal, Ethical and Professional PPT PPT
Minutes Aspects of Security
5 Minutes Security Policies, Model of network PPT PPT
security
5 Minutes Session Outcome Rapid round Question Card

(VI) SESSION OBJECTIVES


 To know about the recent security trends
 To understand the legal, ethical aspects.
 To differentiate the various types of security polices.
 To learn about the model of network security
(VI) SESSION PREREQUISITE
 Students are able to understand the recent security trends
 Students are able to understand the legal, ethical aspects.
 Students are able to differentiate the various types of security polices.
 Students ca able to understand the model of network security
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 CERT(Computer Emergency Response Time)
 RFC(Request For Comments)
 TCP/IP(Transmission Control Protocol/Internet Protocol)
XI) LECTURE NOTES
SECURITY TRENDS

The requirements of information security within an organization have undergone two


major changes in the last several decades. Before the widespread use of data processing
equipment, the security of information felt to be valuable to an organization was provided
primarily by physical and administrative means. An example of the former is the use of rugged
filing cabinets with a combination lock for storing sensitive documents. An example of the latter
is personnel screening procedures used during the hiring process.

With the introduction of the computer, the need for automated tools for protecting files
and other information stored on the computer became evident. This is especially the case for a
shared system, such as a time-sharing system, and the need is even more acute for systems that
can be accessed over a public telephone network, data network, or the Internet. The generic name
for the collection of tools designed to protect data and to thwart hackers is computer security.

The second major change that affected security is the introduction of distributed systems and the
use of networks and communications facilities for carrying data between terminal user and
computer and between computer and computer.

Network security measures are needed to protect data during their transmission. In fact,
the term network security is somewhat misleading, because virtually all business, government,
and academic organizations interconnect their data processing equipment with a collection of
interconnected networks. Such a collection is often referred to as an internet,and the term internet
security is used.We use the term internet, with a lowercase "i," to refer to any interconnected
collection of networks. A corporate intranet is an example of an internet. The Internet with a
capital "I" may be one of the facilities used by an organization to construct its internet

Internet security, which consists of measures to deter, prevent, detect, and correct
security violations that involve the transmission of information. That is a broad statement that
covers a host of possibilities. examples of security violations:

1. User A transmits a file to user B. The file contains sensitive information (e.g., payroll
records) that is to be protected from disclosure. User C, who is not authorized to read the file, is
able to monitor the transmission and capture a copy of the file during its transmission.

2. A network manager, D, transmits a message to a computer, E, under its management. The


message instructs computer E to update an authorization file to include the identities of a number
of new users who are to be given access to that computer. User F intercepts the message, alters
its contents to add or delete entries, and then forwards the message to E, which accepts the
message as coming from manager D and updates its authorization file accordingly.
3. Rather than intercept a message, user F constructs its own message with the desired
entries and transmits that message to E as if it had come from manager D. Computer E
accepts the message as coming from manager D and updates its authorization file
accordingly.

4. An employee is fired without warning. The personnel manager sends a message to a server
system to invalidate the employee's account. When the invalidation is accomplished, the server is
to post a notice to the employee's file as confirmation of the action. The employee is able to
intercept the message and delay it long enough to make a final access to the server to retrieve
sensitive information. The message is then forwarded, the action taken, and the confirmation
posted. The employee's action may go unnoticed for some considerable time.

5. A message is sent from a customer to a stockbroker with instructions for various


transactions. Subsequently, the investments lose value and the customer denies sending the
message.

Although this list by no means exhausts the possible types of security violations, it illustrates the
range of concerns of network security.

Internetwork security is both fascinating and complex.

1.Security involving communications and networks is not as simple as it might first appear to
the novice. The requirements seem to be straightforward; indeed, most of the major
requirements for security services can be given self-explanatory one-word labels:
confidentiality, authentication, nonrepudiation, integrity. But the mechanisms used to meet those
requirements can be quite complex, and understanding them may involve rather subtle
reasoning.

2. In developing a particular security mechanism or algorithm, one must always consider


potential attacks on those security features. In many cases, successful attacks are designed by
looking at the problem in a completely different way, therefore exploiting an unexpected
weakness in the mechanism.

3. Because of point 2, the procedures used to provide particular services are often
counterintuitive: It is not obvious from the statement of a particular requirement that such
elaborate measures are needed. It is only when the various countermeasures are considered that
the measures used make sense.

4. Having designed various security mechanisms, it is necessary to decide where to use


them. This is true both in terms of physical placement (e.g., at what points in a network are
certain security mechanisms needed) and in a logical sense [e.g., at what layer or layers of an
architecture such as TCP/IP (Transmission Control Protocol/Internet Protocol) should
mechanisms be placed].

5. Security mechanisms usually involve more than a particular algorithm or protocol. They
usually also require that participants be in possession of some secret information (e.g., an
encryption key), which raises questions about the creation, distribution, and protection of
that
secret information. There is also a reliance on communications protocols whose behavior may
complicate the task of developing the security mechanism. For example, if the proper
functioning of the security mechanism requires setting time limits on the transit time of a
message from sender to receiver, then any protocol or network that introduces variable,
unpredictable delays may render such time limits meaningless.

Thus, there is much to consider. This chapter provides a general overview of the subject matter
that structures the material in the remainder of the book. We begin with a general discussion of
network security services and mechanisms and of the types of attacks they are designed for. Then
we develop a general overall model within which the security services and mechanisms can be
viewed.

SECURITY TRENDS

In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the
Internet Architecture" (RFC 1636). The report stated the general consensus that the Internet
needs more and better security, and it identified key areas for security mechanisms. Among these
were the need to secure the network infrastructure from unauthorized monitoring and control of
network traffic and the need to secure end-user-to-end-user traffic using authentication and
encryption mechanism.

These concerns are fully justified. As confirmation, consider the trends reported by the
Computer Emergency Response Team (CERT) Coordination Center (CERT/CC). Figure 1.1a
shows the trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These
include security weaknesses in the operating systems of attached computers (e.g., Windows,
Linux) as well as vulnerabilities in Internet routers and other network devices. Figure 1.1b shows
the number of securityrelated incidents reported to CERT. These include denial of service
attacks; IP spoofing, in which intruders create packets with false IP addresses and exploit
applications that use authentication based on IP; and various forms of eavesdropping and packet
sniffing, in which attackers read transmitted information, including logon information and
database contents.

Figure 1.1. CERT Statistics


Over time, the attacks on the Internet and Internet-attached systems have grown more
sophisticated while the amount of skill and knowledge required to mount an attack has declined
(Figure 1.2). Attacks have become more automated and can cause greater amounts of damage.

Figure 1.2. Trends in Attack Sophistication and Intruder Knowledge


This increase in attacks coincides with an increased use of the Internet and with increases in
the complexity of protocols, applications, and the Internet itself. Critical infrastructures
increasingly rely on the Internet for operations. Individual users rely on the security of the
Internet, email, the Web, and Web-based applications to a greater extent than ever. Thus, a wide
range of technologies and tools are needed to counter the growing threat. At a basic level,
cryptographic algorithms for confidentiality and authentication assume greater importance. As
well, designers need to focus on Internet-based protocols and the vulnerabilities of attached
operating systems and applications. This book surveys all of these technical areas.

LEGAL, ETHICAL AND PROFESSIONAL ASPECTS OF SECURITY


The Security problem in Data Transfer:-
Fifty years ago few people had access to a computer system or network, thus securing them was
a relatively easy matter. Fifty years ago, companies did not conduct business across the Internet.
Online booking and shopping were only dreams in science fictions stories. Today however,
millions of people perform online transactions everyday. There many ways to attack computer
and networks to take advantage of what has made shopping, banking , transformation of
messages, investments and leisure pursuits a simple matter of dragging and clicking for many
people. Thus, the laws and ethics are important aspects in data and network security.
The legal system has adapted quite well to computer technology by reusing some old forms of
legal protection (copyrights and patents) and creating laws where no adequate one existed
(malicious access). Still the courts are not a perfect form of protection for computer, for two
reasons, first court tends to be reactive instead of proactive. That is, we have to wait for
regression to occur and then adjudicative it, rather than try to prevent it in first place. Second
fixing a problem through the courts can be time consuming and more expensive. The latter
characteristic prevents all but the wealthy from addressing most wealthy.
On other hand,ethics has not had to change , because ethic is more situational and personal than
the law, for example the privacy of personal information becoming important part of computer
network security and although technically this issue is just an aspect of confidentiality
,practically it has a long history in both law and ethics. Law and security are related in several
ways. First international, national, state, city laws affect privacy, secrecy. These statutes often
apply to the rights of individuals to keep personal matters private. Second law regulates the use
of development, and ownership of data and programs. Patents, copy rights, and trade secrets are
legal devices to protect the right of developers and owners of the information and data.
However he law does not always provide an adequate control, when computer systems are
concerned the law slowly evolving because the issues are similar to but to the same as those are
property rights.
Cryptography and Law
Cyber-Crime :- Criminal activities or attacks in which computer and computer networks are
tool , target, or place of criminal activity. Cybercrime categorize based on computer roles such
as target, storage device and communication tool.
Computers as targets: To get the information from the computer system or control the
computer system without the authorization or payment or alter the interfaces or data in the
particular system with use of server.
Computers as storage devices: Computers can be used to further unlawful activity by using a
computer or a computer device as a passive storage medium. For example, the computer can be
used to store stolen password lists, credit card details and proprietary corporate information.
Computers as communications tools: Many of the crimes falling within this category are simply
traditional crimes that are committed online. Examples include the illegal sale of prescription
drugs, controlled substances, alcohol, and guns; fraud; gambling; and child pornography.
Other than these crimes there are more specific crimes in computer networks.
Illegal access: The access to the whole or any part of a computer system without right.
Illegal interception: The interception without right, made by technical means, of non-public
transmissions of computer data to, from or within a computer system, including electromagnetic
emissions from a computer system carrying such computer data.
Data interference: The damaging, deletion, deterioration, alteration or suppression of computer
data without right.
System interference: The serious hindering without right of the functioning of a computer
system by inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data.
Computer-related forgery: The input, alteration, deletion, or suppression of computer data,
resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes
as if it were authentic, regardless whether or not the data is directly readable and intelligible.
Crime related to child pornography: Producing child pornography or distribution through a
computer system and making available or distributing or transmitting child pornography through
a computer system
The relative lack of success in bringing cyber-criminals to justice has led to an increase in their
numbers, boldness, and the global scale of their operations. It is difficult to profile
cybercriminals in the way that is often done with other types of repeat offenders.
The success of cybercriminals and the relative lack of success of law enforcement, influence the
behavior of cybercrime victims. As with law enforcement, many organizations that may be the
target of attack have not invested sufficiently in technical, physical, and human-factor resources
to prevent attacks.
The law is used regulate people for their own good and for the greater good of society.
Cryptography also regulated activity, but the issues are little less clear-out in part because there
is little open discussion of the object.
Some Example laws which are forced on cryptography
1) Control use of cryptography: Closely related to restrictions on content are restrictions on the
use of cryptography imposed on users in certain countries. For examples, 2 In China, state
council order 273 requires foreign organizations or individuals to apply permission to use
encryption in China. Pakistan requires that all encryption hardware and software be inspected
and approved by the Pakistan telecommunication authority.
2) Cryptography and Free speech: 2 Cryptography involve not just products, it involves ideas
too, Although governments effectively control the flow of products across borders, controlling
the floe ideas either head or on the internet, is also impossible.
3) Cryptography and Escrow: Although laws enable governments to read encrypted
communications. 2 In 1996, US government offered to relax the export restriction for so called
escrowed encryption, in which the government would able to obtain the encryption key for
any encrypted communication.
The victory in use of law enforcement depends much more on technical skills of the people.
Management needs to understand the criminal investigation process, the inputs that investigators
need, and the ways in which the victim can contribute positively to the investigation.
Intellectual properties
There are three main types of intellectual property for which legal protection is available.
1) Copy rights: Copyright law protects the tangible or fixed expression of an idea, not the idea
itself. Copy right properties exists when proposed work is original and creator has put original
idea in concrete form and the copyright owner has these exclusive rights, protected against
infringement such as reproduction right ,modification right ,distribution right , public?
performance right ,public?display right.
2) Patents: A patent for an invention is the grant of a property right to the inventor. There are
3 types in patents:- utility (any new and useful process, machine, article of manufacture, or
composition of matter), design (new, original, and ornamental design for an article of
manufacture),plant( discovers and asexually reproduces any distinct and new variety of plant).
3) Trade-Marks: A trademark is a word, name, symbol or expression which used to identify
the products or services in trade uniquely from others.. Trade mark rights used to prevent others
from using a confusingly similar mark, but not to prevent others from making the same goods or
from selling the same goods or services under a clearly different mark.
Intellectual Property Relevant to Network and Computer Security
A number of forms of intellectual property are relevant in the context of network and computer
security.
Software programs: software programs are protected by using copyright, perhaps patent .
Digital content: audio / video / media / web protected by copy right
Algorithms: algorithms may be able to protect by patenting
Privacy Law and Regulation
An issue with considerable overlap with computer security is that of privacy. Concerns about the
extent to which personal privacy has been and may be compromised have led to a variety of
legal and technical approaches to reinforcing privacy rights.
A number of international organizations and national governments have introduced laws and
regulations intended to protect individual privacy.
European Union Data Protection Directive was adopted in 1998 to ensure member states
protect fundamental privacy rights when processing personal info and prevent member states
from restricting the free flow of personal info within EU organized around principles of notice,
consent, consistency, access, security, onward transfer and enforcement.
US Privacy Law have Privacy Act of 1974 which permits individuals to determine records kept,
forbid records being used for other purposes ,obtain access to records ,ensures agencies properly
collect, maintain, and use personal info and creates a private right of action for individuals.
Cryptography and Ethics
There are many potential misuses and abuses of information and electronic communication that
create privacy and security problems. Ethics refers to a system of moral principles that relates to
the benefits and harms of particular actions
An ethic an objectively defined standard of right and wrong. Ethical standards are often idealistic
principles because they focus on one objective. Even though religious group and professional
organization promote certain standards of ethical behavior, ultimately each person is responsible
for deciding what do in a specific situation.

Ethical issues related to computer and info systems


Computers have become the primary repository of both personal information and negotiable
assets, such as bank records, securities records, and other financial information.
• Repositories and processors of information: Unauthorized use of otherwise unused computer
services or of information stored in computers raises questions of appropriateness or fairness.
• Producers of new forms and types of assets: For example, computer programs are
entirely new types of assets, possibly not subject to the same concepts of ownership as other
assets.
• Instruments of acts: To what degree must computer services and users of computers, data,
and programs be responsible for the integrity and appropriateness of computer output?
• Symbols of intimidation and deception: The images of computers as thinking machines,
absolute truth producers, infallible, subject to blame, and as anthropomorphic replacements
of humans who err should be carefully considered.
Examining a case for Ethical issues in cryptography.
How can issue of ethical choice in computer security can be approached
1) Understand the situation:- Learn the facts of the situation. Ask Questions of
interpretation and clarification. Attempt to find out whether any relevant forces have not been
considered.
2) Know several theories of ethical reasoning:- To make an ethical choice , you have to
know how those choices can be justified.
3) List the ethical principles involved:- What different philosophies could be applied in
this case? Do any of these include others.
4) Determine which principles outweigh others:- This subjective evaluation. It often
involves extending a principle to logical conclusion or determining cases in which are principle
clearly supersedes another.
Too often people judge a situation on in complete information, a practice that leads to judgments
based on prejudice, suspicion or misinformation.

SECURITY POLICIES

Role of the Security Policy in Setting up Protocols

Following are some pointers which help in setting u protocols for the security policy of an
organization.

 Who should have access to the system?


 How it should be configured?
 How to communicate with third parties or systems?
Policies are divided in two categories −

 User policies
 IT policies.
User policies generally define the limit of the users towards the computer resources in a
workplace. For example, what are they allowed to install in their computer, if they can use
removable storages.
Whereas, IT policies are designed for IT department, to secure the procedures and functions of
IT fields.
 General Policies − This is the policy which defines the rights of the staff and access
level to the systems. Generally, it is included even in the communication protocol as a
preventive measure in case there are any disasters.
 Server Policies − This defines who should have access to the specific server and with
what rights. Which software’s should be installed, level of access to internet, how they
should be updated.
 Firewall Access and Configuration Policies − It defines who should have access to the
firewall and what type of access, like monitoring, rules change. Which ports and
services should be allowed and if it should be inbound or outbound.
 Backup Policies − It defines who is the responsible person for backup, what should be
the backup, where it should be backed up, how long it should be kept and the frequency
of the backup.
 VPN Policies − These policies generally go with the firewall policy, it defines those
users who should have a VPN access and with what rights. For site-to-site connections
with partners, it defines the access level of the partner to your network, type of
encryption to be set.

Structure of a Security Policy

When you compile a security policy you should have in mind a basic structure in order to make
something practical. Some of the main points which have to be taken into consideration are −

 Description of the Policy and what is the usage for?


 Where this policy should be applied?
 Functions and responsibilities of the employees that are affected by this policy.
 Procedures that are involved in this policy.
 Consequences if the policy is not compatible with company standards.

Types of Policies

 Permissive Policy − It is a medium restriction policy where we as an administrator block


just some well-known ports of malware regarding internet access and just some exploits
are taken in consideration.
 Prudent Policy − This is a high restriction policy where everything is blocked regarding
the internet access, just a small list of websites are allowed, and now extra services are
allowed in computers to be installed and logs are maintained for every user.
 Acceptance User Policy − This policy regulates the behavior of the users towards a
system or network or even a webpage, so it is explicitly said what a user can do and
cannot in a system. Like are they allowed to share access codes, can they share
resources, etc.
 User Account Policy − This policy defines what a user should do in order to have or
maintain another user in a specific system. For example, accessing an e-commerce
webpage. To create this policy, you should answer some questions such as −
o Should the password be complex or not?
o What age should the users have?
o Maximum allowed tries or fails to log in?
o When the user should be deleted, activated, blocked?
 Information Protection Policy − This policy is to regulate access to information, hot to
process information, how to store and how it should be transferred.
 Remote Access Policy − This policy is mainly for big companies where the user and
their branches are outside their headquarters. It tells what should the users access, when
they can work and on which software like SSH, VPN, RDP.
 Firewall Management Policy − This policy has explicitly to do with its management,
which ports should be blocked, what updates should be taken, how to make changes in
the firewall, how long should be the logs be kept.
 Special Access Policy − This policy is intended to keep people under control and
monitor the special privileges in their systems and the purpose as to why they have it.
These employees can be team leaders, managers, senior managers, system
administrators, and such high designation based people.
 Network Policy − This policy is to restrict the access of anyone towards the network
resource and make clear who all will access the network. It will also ensure whether that
person should be authenticated or not. This policy also includes other aspects like, who
will authorize the new devices that will be connected with network? The documentation
of network changes. Web filters and the levels of access. Who should have wireless
connection and the type of authentication, validity of connection session?
 Email Usage Policy − This is one of the most important policies that should be done
because many users use the work email for personal purposes as well. As a result
information can leak outside. Some of the key points of this policy are the employees
should know the importance of this system that they have the privilege to use. They
should not open any attachments that look suspicious. Private and confidential data
should not be sent via any encrypted email.
 Software Security Policy − This policy has to do with the software’s installed in the
user computer and what they should have. Some of the key points of this policy are
Software of the company should not be given to third parties. Only the white list of
software’s should be allowed, no other software’s should be installed in the computer.
Warez and pirated software’s should not be allowed.
NEED FOR SECURITY AT MULTIPLE LEVELS

The Multi-level Model of Security


Computer security has become sufficiently important that it was inevitable that governments
would decide they needed to "do something about it". And when governments want to know
something about security, they turn to the experts: the military. And they develop standards and
measurement tools by which security can be measured that are unbiased so as not to favor any
one organization. And they mandate that anyone they can influence buy products meeting those
standards.
Mandatory (Nondiscretionary) Access Controls
Discretionary means that someone who owns a resource can make a decision as to who is
allowed to use (access) it. Nondiscretionary access controls enforce a policy where users might
be allowed to use information themselves but might not be allowed to make a copy of it available
to someone else. Strict rules are automatically enforced about who is allowed access to certain
resources based on the attributes of the resource, and even the owners of the resources cannot
change those attributes. The analogy in the paper world is that you might be given a book full of
confidential information, but you are not allowed to take the book out of the building. In the
military, information often has a security classification, and just because you have access to
secret information does not mean you can forward it as you see fit

The basic philosophy behind discretionary controls is that the users and the programs
they run are good guys, and it is up to the operating system to trust them and protect each user
from outsiders and other users. The basic philosophy behind nondiscretionary controls is that
users are careless and the programs they run can't be presumed to be carrying out their wishes.
The system must be ever vigilant to prevent the users from accidentally or intentionally giving
information to someone who shouldn't have it. Careless users might accidentally type the wrong
file name when including a file in a mail message, or might leave a message world-readable. The
concept is to confine information within a security perimeter, and thus not allow any
information to move from a more secure environment to a less secure environment. A secure
system would have both discretionary and nondiscretionary access controls, with the latter
serving as a backup mechanism with less granularity.

There really is no way for a computer system to prevent that. But the designers wanted to ensure
that no Trojan horse in software could transmit any information out of the perimeter, that nothing
a user did inadvertently could leak information, and that users couldn't spirit out larger amounts
of information than they could memorize.

Levels of Security.
The security label of something consists of two components:

 A security level (also known as classification), which might be an integer in some range,
but in the U.S. DoD consists of one of the four ratings unclassified, confidential, secret,
and top secret, where _unclassified < confidential < secret < top secret.

 A set of zero or more categories (also known as compartments), which describe kinds of
information. For instance, the name CRYPTO might mean information about cryptographic
algorithms, INTEL might mean information about military intelligence, COMSEC might
mean information about communications security, or NUCLEAR might mean information
about types of families.

Documents (or computer files) are marked with a security label saying how sensitive the
information is, and people are issued security clearances according to how trustworthy they are
perceived to be and what information they have demonstrated a "need to know."

A clearance might therefore be (SECRET;{COMSEC,CRYPTO}), which would indicate


someone who was allowed to know information classified unclassified, confidential, or secret
(but not top secret) dealing with cryptographic algorithms or communications security.

Given two security labels, (X, S1) and (Y, S2 ), (X, S1) is defined as being "at least as sensitive as"
(Y, S2 ) iff X σ Y and S2 Õ S1. For example,

(TOP SECRET, {CRYPTO, COMSEC}) > (SECRET, {CRYPTO})

where ">" means "more sensitive than".

It is possible for two labels to be incomparable in the sense that neither is more sensitive than the
other. For example, neither of the following are comparable to each other:

(TOP SECRET, {CRYPTO, COMSEC})

(SECRET, {NUCLEAR, CRYPTO})

Mandatory Access Control Rules


Every person, process, and piece of information has a security label. A person cannot run a
process with a label higher than the person's label, but may run one with a lower label.
Information is only allowed to be read by a process that has at least as high a rating as the
information. The terminology used for having a process read something with a higher rating than
the process is read-up. Read-up is illegal and must be prevented. A process cannot write a piece
of information with a rating lower than the process's rating. The terminology used for a process
writing something with a lower rating than the process is write-down. Write-down is illegal and
must be prevented.

The rules are:

 A human can only run a process that has a security label below or equal to that of
the human's label.

 A process can only read information marked with a security label below or equal to that
of the process.

 A process can only write information marked with a security label above or equal to that
of the process. Note that if a process writes information marked with a security label above
that of the process, the process can't subsequently read that information.

The prevention of read-up and write-down is the central idea behind mandatory access controls.
The concepts of confinement within a security perimeter and a generalized hierarchy of security
classes were given a mathematical basis by Bell and La Padula in 1973 [BELL74]. There is
significant complexity associated with the details of actually making them work. There has been
significant subsequent research on more complex models that capture both the trustworthiness
and the confidentiality of data and programs.

MODEL OF NETWORK SECURITY

A model for much of what we will be discussing is captured, in very general terms, in
Figure 1.2. A message is to be transferred from one party to another across some sort of Internet
service. The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is established by defining a route through
the Internet from source to destination and by the cooperative use of communication protocols
(e.g., TCP/IP) by the two principals. Security aspects come into play when it is necessary or
desirable to protect the information transmission from an opponent who may present a threat to
confidentiality, authenticity, and so on. All the techniques for providing security have two
components:

• A security-related transformation on the information to be sent. Examples include


the encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be used to
verify the identity of the sender.
• Some secret information shared by the two principals and, it is hoped, unknown
to the opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission. This general model shows that
there are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret information.

4. Specify a protocol to be used by the two principals that makes use of the security algorithm
and the secret information to achieve a particular security service. the types of security
mechanisms and services that fit into the model shown in Figure 1.2. However, there are other
security-related situations of interest that do not neatly fit this model but are considered in this
book. A general model of these other situations is illustrated in Figure 1.3, which reflects a
concern for protecting an information system from unwanted access. Most readers are familiar
with the concerns caused by the existence of hackers, who attempt to penetrate systems that can
be accessed over a network. The hacker can be someone who, with no malign intent, simply gets
satisfaction from breaking and entering a computer system. The intruder can be a disgruntled
employee who wishes to do damage or a criminal who seeks to exploit computer assets for
financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).
Another type of unwanted access is the placement in a computer system of logic that exploits
vulnerabilities in the system and that can affect application programs as well as utility programs,
such as editors and compilers. Programs can present two kinds of threats:

• Information access threats: Intercept or modify data on behalf of users who should
not have access to that data.

• Service threats: Exploit service flaws in computers to inhibit use by legitimate users.
Viruses and worms are two examples of software attacks. Such attacks can be introduced
into a system by means of a disk that contains the unwanted logic concealed in otherwise useful
software. They can also be inserted into a system across a network; this latter mechanism is of
more concern in network security. The security mechanisms needed to cope with unwanted
access fall into two broad categories (see Figure 1.3). The first category might be termed a
gatekeeper function. It includes password-based login procedures that are designed to deny
access to all but authorized users and screening logic that is designed to detect and reject worms,
viruses, and other similar attacks. Once either an unwanted user or unwanted software gains
access, the second line of defense consists of a variety of internal controls that monitor activity
and analyze stored information in an attempt to detect the presence of unwanted intruders.

(X) SESSION OUTCOMES


 The different types of security polices are learned by the students.
 Students can able to answer:
 What is the need for security policy?
 How to model the network security for secure data transmission?
 What is the use of gate keeper function?

(XI) SELF APPRAISAL


(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies PPT PPT
Minutes used
10 OSI Security Architecture PPT PPT
Minutes
10 Security Attack, Security PPT PPT
Minutes Service
5 Minutes Security Mechanism PPT PPT
5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To learn about the OSI Security architecture
 To understand the different types of security attacks.
 To differentiate the various types of security services.
 To know about the security mechanism
(VI) SESSION PREREQUISITE
 Students are know about the OSI Security architecture
 Students can able differentiate the types of security attacks.
 Students can differentiate the various types of security services.
 Students can know about the security mechanism
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 OSI(Open System Interconnection)
 X.800
 TCP/IP(Transmission Control Protocol/Internet Protocol)
XI) LECTURE NOTES

OSI SECURITY ARCHITECTURE


To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the approaches to
satisfying those requirements. This is difficult enough in a centralized data processing
environment; with the use of local and wide area networks, the problems are compounded. ITU-
T3 Recommendation X.800, Security Architecture for OSI, defines such a systematic approach.4
The OSI security architecture is useful to managers as a way of organizing the task of providing
security. Furthermore, because this architecture was developed as an international standard,
computer and communications vendors have developed security features for their products and
services that relate to this structured definition of services and mechanisms. For our purposes,
the OSI security architecture provides a useful, if abstract, overview of many of the concepts
that this book deals with. The OSI security architecture focuses on security attacks, mechanisms,
and services. These can be defined briefly as

• Security attack: Any action that compromises the security of information owned by
an organization.

• Security mechanism: A process (or a device incorporating such a process) that


is designed to detect, prevent, or recover from a security attack.

• Security service: A processing or communication service that enhances the security of


the data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to
provide the service.

Threat

A potential for violation of security, which exists when there is a circumstance,


capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit a vulnerability.

Attack

An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

SECURITY ATTACKS

A useful means of classifying security attacks, used both in X.800 and RFC 4949, is in
terms of passive attacks and active attacks (Figure 1.1). A passive attack attempts to learn or
make use of information from the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation. Passive Attacks Passive attacks
(Figure 1.1) are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of
the opponent is to obtain information that is being transmitted. Two types of passive attacks are
the release of message contents and traffic analysis.

The release of message contents is easily understood. A telephone conversation, an electronic


mail message, and a transferred file may contain sensitive or confidential information. We would
like to prevent an opponent from learning the contents of these transmissions. A second type of
passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents, even if they captured the message, could
not extract the information from the message. The common technique for masking contents is
encryption. If we had encryption protection in place, an opponent might still be able to observe
the pattern of these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being exchanged.
This information might be useful in guessing the nature of the communication that was taking
place. Passive attacks are very difficult to detect, because they do not involve any alteration of
the data. Typically, the message traffic is sent and received in an apparently normal fashion, and
neither the sender nor receiver is aware that a third party has read the messages or observed the
traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.

tem resources or effect their operations. Active attack involve some modification of the data stream or creation of fal
odification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade
e a different entity (path 2 of Figure 1.1b is active).

nds to be different entity. A Masquerade attack involves one of the other form of active attacks.

1. Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorised effect. For example, a message meaning “Allow
JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”.
2. Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny later
that he/she has send or receive a message. For example, customer ask his Bank “To
transfer an amount to someone” and later on the sender(customer) deny that he had
made such a request. This is repudiation.
3. Replay –
It involves the passive capture of a message and its subsequent the transmission to
produce an authorized effect.
4. Denial of Service –
It prevents normal use of communication facilities. This attack may have a specific
target. For example, an entity may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network wither
by disabling the network or by overloading it by messages so as to degrade
performance.

Passive attacks: A Passive attack attempts to learn or make use of information from the
system but does not affect system resources. Passive Attacks are in the nature of
eavesdropping on or monitoring of transmission. The goal of the opponent is to obtain
information is being transmitted. Types of Passive attacks are as following:
1. The release of message content –
Telephonic conversation, an electronic mail message or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.
hat the attacker even if captured the message could not extract any information from the message.
ng host and could observe the frequency and length of messages being exchanged. This information might be usefu
A masquerade attack usually includes one of the other forms of active attack. For
example, authentication sequences can be captured and replayed after a valid authentication
sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those privileges. Replay involves the passive
capture of a data unit and its subsequent retransmission to produce an unauthorized effect (paths
1, 2, and 3 active). Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
(paths 1 and 2 active). For example, a message meaning “Allow John Smith to read confidential
file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.” The
denial of service prevents or inhibits the normal use or management of communications facilities
(path 3 active). This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service). Another form of
service denial is the disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance. Active attacks present the opposite
characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are
available to prevent their success. On the other hand, it is quite difficult to prevent active attacks
absolutely.because of the wide variety of potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or
delays caused by them. If the detection has a deterrent effect, it may also contribute to
prevention.

The difference between threat and attack are:


S.NO THREAT ATTACK

Can be intentional

1 or unintentional Is intentional

May or may not be

2 malicious Is malicious

Circumstance that

has ability to cause Objective is to

3 damage cause damage

4 Information may Chance for


S.NO THREAT ATTACK

or may not be information

altered or damaged alteration and

damage is very high

Comparatively Comparatively easy

5 hard to detect to detect

Can be blocked by Cannot be blocked

control of by just controlling

6 vulnerabilities the vulnerabilities

Can be initiated by Is always initiated

system itself as by outsider (system

7 well as outsider or user)

SECURITY SERVICES

X.800 defines a security service as a service that is provided by a protocol layer of


communicating open systems and that ensures adequate security of the systems or of data
transfers. Perhaps a clearer definition is found in RFC 4949, which provides the following
definition: a processing or communication service that is provided by a system to give a specific
kind of protection to system resources; security services implement security policies and are
implemented by security mechanisms. X.800 divides these services into five categories and
fourteen specific services (Table 1.2). We look at each category in turn.5

Authentication The authentication service is concerned with assuring that a


communication is authentic. In the case of a single message, such as a warning or alarm signal,
the function of the authentication service is to assure the recipient that the message is from the
source that it claims to be from. In the case of an ongoing interaction, such as the connection of a
terminal to a host, two aspects are involved. First, at the time of connection initiation, the service
assures that the two entities are authentic, that is, that each is the entity that it claims to be.
Second, the service must assure that the connection is not interfered with in such a way that a
third party can masquerade as one of the two legitimate parties for the purposes of unauthorized
transmission or reception. Two specific authentication services are defined in X.800:

• Peer entity authentication: Provides for the corroboration of the identity of a peer
entity in an association. Two entities are considered peers if they implement to same protocol in
different systems; for example two TCP modules in two communicating systems. Peer entity
authentication is provided for use at the establishment of, or at times during the data transfer
phase of, a connection. It attempts to provide confidence that an entity is not performing either a
masquerade or an unauthorized replay of a previous connection.

• Data origin authentication: Provides for the corroboration of the source of a data
unit. It does not provide protection against the duplication or modification of data units. This
type of service supports applications like electronic mail, where there are no prior interactions
between the communicating entities.

Access Control

In the context of network security, access control is the ability to limit and control the
access to host systems and applications via communications links. To achieve this, each
entity trying to gain access must first be identified, or authenticated, so that access rights can
be tailored to the individual.

Data Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. With respect
to the content of a data transmission, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time. For example,
when a TCP connection is set up between two systems, this broad protection prevents the release
of any user data transmitted over the TCP connection. Narrower forms of this service can also
be defined, including the protection of a single message or even specific fields within a message.
These refinements are less useful than the broad approach and may even be more complex and
expensive to implement. The other aspect of confidentiality is the protection of traffic flow from
analysis. This requires that an attacker not be able to observe the source and destination,
frequency, length, or other characteristics of the traffic on a communications facility.

Data Integrity

As with confidentiality, integrity can apply to a stream of messages, a single message, or


selected fields within a message. Again, the most useful and straightforward approach is total
stream protection. A connection-oriented integrity service, one that deals with a stream of
messages, assures that messages are received as sent with no duplication, insertion, modification,
reordering, or replays. The destruction of data is also covered under this service. Thus, the
connection-oriented integrity service addresses both message stream modification and denial of
service. On the other hand, a connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally provides protection against message
modification only. We can make a distinction between service with and without recovery.
Because the integrity service relates to active attacks, we are concerned with detection rather
than prevention. If a violation of integrity is detected, then the service may simply report this
violation, and some other portion of software or human intervention is required to recover from
the violation. Alternatively, there are mechanisms available to recover from the loss of integrity
of data, as we will review subsequently. The incorporation of automated recovery mechanisms
is, in general, the more attractive alternative.

Nonrepudiation

Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact
received the message.

Availability Service Both X.800 and RFC 4949 define availability to be the property of a
system or a system resource being accessible and usable upon demand by an authorized system
entity, according to performance specifications for the system (i.e., a system is available if it
provides services according to the system design whenever users request them). A variety of
attacks can result in the loss of or reduction in availability. Some of these attacks are amenable to
automated countermeasures, such as authentication and encryption, whereas others require some
sort of physical action to prevent or recover from loss of availability of elements of a distributed
system. X.800 treats availability as a property to be associated with various security services.
However, it makes sense to call out specifically an availability service. An availability service
is one that protects a system to ensure its availability. This service addresses the security
concerns raised by denial-of-service attacks. It depends on proper management and control of
system resources and thus depends on access control service and other security services.

SERVICES AND MECHANISMS

Table 1.3 lists the security mechanisms defined in X.800. The mechanisms are

divided into those that are implemented in a specific protocol layer, such as TCP or an
application-layer protocol, and those that are not specific to any particular protocol layer or
security service. These mechanisms will be covered in the appropriate places in the book. So we
do not elaborate now, except to comment on the definition of encipherment. X.800 distinguishes
between reversible encipherment mechanisms and irreversible encipherment mechanisms. A
reversible encipherment mechanism is simply an encryption algorithm that allows data to be
encrypted and subsequently decrypted. Irreversible encipherment mechanisms
include hash algorithms and message authentication codes, which are used in digital signature
and message authentication applications.

Table 1.4, based on one in X.800, indicates the relationship between security services and
security mechanisms.
(X) SESSION OUTCOMES
 Students can understand the OSI security architecture.
 Students can able to answer the following questions:
 What is the difference between active attack and passive attack?
 How the security service are used to enhance the security of data processing?
 Differentiate specific security mechanism to pervasive security mechanism?

(XI) SELF APPRAISAL


(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies used PPT PPT
Minutes
10 Classical Encryption PPT PPT
Minutes Techniques
10 1.Ceaser cipher PPT PPT
Minutes 2.Monoalphabeticcipher

5 Minutes 3.Play fair cipher PPT PPT

5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To study about the classical encryption system
 To learn about the various substitution ciphers
 To learn about the generating ciphertext using ceaser cipher,monoalphabetic cipher
and play fair cipher.
(VI) SESSION PREREQUISITE
 Students can know about the substitution cipher.
 Students can able to generate the cipher text from plain text using ceaser cipher,
monoalphabetic cipher and play fair cipher.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 Cipher Text
 Plain Text
 TCP/IP(Transmission Control Protocol/Internet Protocol)
XI) LECTURE NOTES
CLASSICAL ENCRYPTION TECHNIQUES:

A symmetric encryption scheme has five ingredients (Figure 2.1):

• Plaintext: This is the original intelligible message or data that is fed into
the algorithm as input

• Encryption algorithm: The encryption algorithm performs various substitutions


and transformations on the plaintext.

• Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact substitutions
and transformations performed by the algorithm depend on the key.

• Ciphertext: This is the scrambled message produced as output. It depends on


the plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is
unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It


takes the ciphertext and the secret key and produces the original plaintext. There are two
requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be


such that an opponent who knows the algorithm and has access to one or more ciphertexts would
be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a
stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if
he or she is in possession of a number of ciphertexts together with the plaintext that produced
each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure. If someone can discover the key and knows the algorithm, all
communication using this key is readable. We assume that it is impractical to decrypt a message
on the basis of the ciphertext plus knowledge of the encryption/decryption algorithm. In other
words, we do not need to keep the algorithm secret; we need to keep only the key secret. This
feature of symmetric encryption is what makes it feasible for widespread use. The fact that the
algorithm need not be kept secret means that manufacturers can and have developed low-cost
chip implementations of data encryption algorithms. These chips are widely available and
incorporated into a number of products. With the use of symmetric encryption, the principal
security problem is maintaining the secrecy of the key. Let us take a closer look at the essential
elements of a symmetric encryption scheme, using Figure 2.2. A source produces a message in
plaintext, X = [X1, X2, c, XM]. The M elements of X are letters in some finite alphabet.
Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the binary
alphabet {0, 1} is typically used. For encryption, a key of the form K = [K1, K2, c, KJ] is
generated. If the key is generated at the message source, then it must also be provided to the
destination by means of some secure channel. Alternatively, a third party could generate the key
and securely deliver it to both source and destination. With the message X and the encryption
key K as input, the encryption algorithm forms the ciphertext Y = [Y1, Y2, c, Y N]. We can
write this as Y = E(K, X) This notation indicates that Y is produced by using encryption
algorithm E as a function of the plaintext X, with the specific function determined by the value
of the key K. The intended receiver, in possession of the key, is able to invert the transformation:
X = D(K, Y) An opponent, observing Y but not having access to K or X, may attempt to recover
X or K or both X and K. It is assumed that the opponent knows the encryption (E) and
decryption (D) algorithms. If the opponent is interested in only this particular message, then the
focus of the effort is to recover X by generating a plaintext estimate X n. Often, however, the
opponent is interested in being able to read future messages as well, in which case an attempt is
made to recover K by generating an estimate K n. Cryptography Cryptographic systems are
characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms
are based on two general principles: substitution, in which each element in the plaintext (bit,
letter, group of bits or letters) is mapped into another element, and transposition, in which
elements in the plaintext are rearranged. The fundamental requirement is that no information be
lost (i.e., that all operations are reversible). Most systems, referred to as product systems, involve
multiple stages of substitutions and transpositions.

2. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and
receiver use different keys, the system is referred to as asymmetric, two-key, or public-key
encryption.

3. The way in which the plaintext is processed. A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher processes
the input elements continuously, producing output one element at a time, as it goes
along.Cryptanalysis and Brute-Force Attack Typically, the objective of attacking an encryption
system is to recover the key in use rather than simply to recover the plaintext of a single
ciphertext. There are two general approaches to attacking a conventional encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the plaintext or even some
sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

• Brute-force attack: The attacker tries every possible key on a piece of ciphertext until
an intelligible translation into plaintext is obtained. On average, half of all possible keys must
be tried to achieve success. If either type of attack succeeds in deducing the key, the effect is
catastrophic: All future and past messages encrypted with that key are compromised. We first
consider cryptanalysis and then discuss brute-force attacks. Table 2.1 summarizes the various
types of cryptanalytic attacks based on the amount of information known to the cryptanalyst.

The most difficult problem is presented when all that is available is the ciphertext only. In some
cases, not even the encryption algorithm is known, but in general, we can assume that the
opponent does know the algorithm used for encryption. One possible attack under these
circumstances is the brute-force approach of trying all possible keys. If the key space is very
large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext
itself, generally applying various statistical tests to it. To use this approach, the opponent must
have some general idea of the type of plaintext that is concealed, such as English or French text,
an EXE file, a Java source listing, an accounting file, and so on. The ciphertext-only attack is the
easiest to defend against because the opponent has the least amount of information to work with.
In many cases, however, the analyst has more information. The analyst may be able to capture
one or more plaintext messages as well as their encryptions. Or the analyst may know that
certain plaintext patterns will appear in a message. For example, a file that is encoded in the
Postscript format always begins with the same pattern, or there may be a standardized header or
banner to an electronic funds transfer message, and so on.

If the analyst is able somehow to get the source system to insert into the system a message
chosen by the analyst, then a chosen-plaintext attack is possible. An example of this strategy is
differential cryptanalysis. In general, if the analyst is able to choose the messages to encrypt, the
analyst may deliberately pick patterns that can be expected to reveal the structure of the key.

Table 2.1 lists two other types of attack: chosen ciphertext and chosen text. These are less
commonly employed as cryptanalytic techniques but are nevertheless possible avenues of attack.
Only relatively weak algorithms fail to withstand a ciphertext-only attack. Generally, an
encryption algorithm is designed to withstand a known-plaintext attack. Two more definitions
are worthy of note.
An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does
not contain enough information to determine uniquely the corresponding plaintext, no matter
how much ciphertext is available. That is, no matter how much time an opponent has, it is
impossible for him or her to decrypt the ciphertext simply because the required information is
not there. With the exception of a scheme known as the one-time pad, there is no encryption
algorithm that is unconditionally secure. Therefore, all that the users of an encryption algorithm
can strive for is an algorithm that meets one or both of the following criteria:

• The cost of breaking the cipher exceeds the value of the encrypted information.

• The time required to break the cipher exceeds the useful lifetime of the information. An
encryption scheme is said to be computationally secure if either of the foregoing two criteria
are met. Unfortunately, it is very difficult to estimate the amount of effort required to
cryptanalyze ciphertext successfully. All forms of cryptanalysis for symmetric encryption
schemes are designed to exploit the fact that traces of structure or pattern in the plaintext may
survive

encryption and be discernible in the ciphertext. This will become clear as we examine various
symmetric encryption schemes in this chapter. We will see in Part Two that cryptanalysis for
public-key schemes proceeds from a fundamentally different premise, namely, that the
mathematical properties of the pair of keys may make it possible for one of the two keys to be
deduced from the other. A brute-force attack involves trying every possible key until an
intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible
keys must be tried to achieve success. That is, if there are X different keys, on average an
attacker would discover the actual key after X>2 tries. It is important to note that there is more
to a brute-force attack than simply running through all possible keys. Unless known plaintext is
provided, the analyst must be able to recognize plaintext as plaintext. If the message is just plain
text in English, then the result pops out easily, although the task of recognizing English would
have to be automated. If the text message has been compressed before encryption, then
recognition is more difficult. And if the message is some more general type of data, such as a
numerical file, and this has been compressed, the problem becomes even more difficult to
automate. Thus, to supplement the brute-force approach, some degree of knowledge about the
expected plaintext is needed, and some means of automatically distinguishing plaintext from
garble is also needed.

SUBSTITUTION TECHNIQUES

In this section and the next, we examine a sampling of what might be called classical encryption
techniques. A study of these techniques enables us to illustrate the basic approaches to
symmetric encryption used today and the types of cryptanalytic attacks that must be anticipated.
The two basic building blocks of all encryption techniques are substitution and transposition. We
examine these in the next two sections. Finally, we discuss a system that combines both
substitution and transposition. A substitution technique is one in which the letters of plaintext
are
replaced by other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of
bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns.

Caesar Cipher

The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example,

plain: meet me after the toga party

cipher: PHHW PH DIWHU WKH WRJD SDUWB

Note that the alphabet is wrapped around, so that the letter following Z is A.

We can define the transformation by listing all possibilities, as follows:

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

cipher: D e f g H I J K l m n o P q R S T U v W x y z a B c

Let us assign a numerical equivalent to each letter:

a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z 13 14 15 16 17 18 19 20 21 22 23 24 25

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the
ciphertext letter C:2 C = E(3, p) = (p + 3) mod 26

A shift may be of any amount, so that the general Caesar algorithm is C = E(k, p) = (p + k)
mod 26 (2.1) where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26 (2.2) If it is known that a given ciphertext is a Caesar cipher, then
a brute-force cryptanalysis is easily performed: simply try all the 25 possible keys. Figure 2.3
shows the results of applying this strategy to the example ciphertext. In this case, the plaintext
leaps out as occupying the third line. Three important characteristics of this problem enabled us
to use a bruteforce cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easily recognizable.


Fig. brute force crypt analysis for ceaser cipher

In most networking situations, we can assume that the algorithms are known. What generally
makes brute-force cryptanalysis impractical is the use of an algorithm that employs a large
number of keys. For example, the triple DES algorithm, examined in Chapter 6, makes use of a
168-bit key, giving a key space of 2168 or greater than 3.7 * 1050 possible keys. The third
characteristic is also significant. If the language of the plaintext is unknown, then plaintext
output may not be recognizable. Furthermore, the input may be abbreviated or compressed in
some fashion, again making recognition difficult. For example, Figure 2.4 shows a portion of a
text file compressed using an algorithm called ZIP.

If this file is then encrypted with a simple substitution cipher (expanded to include more than just
26 alphabetic characters), then the plaintext may not be recognized when it is uncovered in the
brute-force cryptanalysis.
Monoalphabetic Ciphers

With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key
space can be achieved by allowing an arbitrary substitution. Before proceeding, we define the
term permutation. A permutation of a finite set of elements S is an ordered sequence of all the
elements of S, with each element appearing exactly once. For example, if S = {a, b, c}, there are
six permutations of S: abc, acb, bac, bca, cab, cba In general, there are n! permutations of a set of
n elements, because the first element can be chosen in one of n ways, the second in n - 1 ways,
the third in n - 2 ways, and so on. Recall the assignment for the Caesar cipher:

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z cipher: D e f g H I J K l m n o P q R S T U
vWxyzaBc

If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there
are 26! or greater than 4 * 1026 possible keys. This is 10 orders of magnitude greater than the
key space for DES and would seem to eliminate brute-force techniques for cryptanalysis. Such
an approach is referred to as a monoalphabetic substitution cipher, because a single cipher
alphabet (mapping from plain alphabet to cipher alphabet) is used per message.

There is, however, another line of attack. If the cryptanalyst knows the nature of the plaintext
(e.g., noncompressed English text), then the analyst can exploit the regularities of the language.
The ciphertext to be solved is

UzqSovUoHxmoPvgPozPevSgzWSzoPfPeSxUDBmeTSxaIz
vUePHzHmDzSHzoWSfPaPPDTSvPqUzWymxUzUHSx
ePyePoPDzSzUfPomBzWPfUPzHmDJUDTmoHmq

As a first step, the relative frequency of the letters can be determined and compared to a standard
frequency distribution for English, such as is shown in Figure 2.5. If the message were long
enough, this technique alone might be sufficient, but because this is a relatively short message,
we cannot expect an exact match. In any case, the relative frequencies of the letters in the
ciphertext (in percentages) are as follows:
Comparing this breakdown with Figure 2.5, it seems likely that cipher letters P and Z are the
equivalents of plain letters e and t, but it is not certain which is which. The letters S, U, O, M,
and H are all of relatively high frequency and probably correspond to plain letters from the set
{a, h, i, n, o, r, s}. The letters with the lowest frequencies (namely, A, B, G, Y, I, J) are likely
included in the set {b, j, k, q, v, x, z}. There are a number of ways to proceed at this point. We
could make some tentative assignments and start to fill in the plaintext to see if it looks like a
reasonable “skeleton” of a message. A more systematic approach is to look for other regularities.
For example, certain words may be known to be in the text. Or we could look for repeating
sequences of cipher letters /and try to deduce their plaintext equivalents. A powerful tool is to
look at the frequency of two-letter combinations, known as digrams. A table similar to Figure
2.5 could be drawn up showing the relative frequency of digrams. The most common such
digram is th. In our ciphertext, the most common digram is ZW, which appears three times. So
we make the correspondence of Z with t and W with h. Then, by our earlier hypothesis, we can
equate P with e. Now notice that the sequence ZWP appears in the ciphertext, and we can
translate that sequence as “the.” This is the most frequent trigram (three-letter combination) in
English, which seems to indicate that we are on the right track. Next, notice the sequence ZWSZ
in the first line. We do not know that these four letters form a complete word, but if they do, it is
of the form th_t. If so, S equates with a.So far, then, we have

UzqSovUoHxmoPvgPozPevSgzWSzoPfPeSxUDBmeTSxaIz

t a e e te a that e e a av

UePHzHmDzSHzoWSfPaPPDTSvPqUzWymxUzUHSx

e t ta t ha e ee a e th t a e

PyePoPDzSzUfPomBzWPfUPzHmDJUDTmoHmq

e e e tat e the t

Only four letters have been identified, but already we have quite a bit of the message. Continued
analysis of frequencies plus trial and error should easily yield a solution from this point. The
complete plaintext, with spaces added between words, follows:

it was disclosed yesterday that several informal but direct contacts have been made with
political representatives of the viet cong in moscow
Monoalphabetic ciphers are easy to break because they reflect the frequency data of the
original alphabet. A countermeasure is to provide multiple substitutes, known as
homophones, for a single letter. For example, the letter e could be assigned a number of
different cipher symbols, such as 16, 74, 35, and 21, with each homophone assigned to a
letter in rotation or randomly. If the number of symbols assigned to each letter is
proportional to the relative frequency of that letter, then single-letter frequency
information is completely obliterated. The great mathematician Carl Friedrich Gauss
believed that he had devised an unbreakable cipher using homophones. However, even
with homophones, each element of plaintext affects only one element of ciphertext, and
multiple-letter patterns (e.g., digram frequencies) still survive in the ciphertext, making
cryptanalysis relatively straightforward. Two principal methods are used in substitution
ciphers to lessen the extent to which the structure of the plaintext survives in the
ciphertext: One approach is to encrypt multiple letters of plaintext, and the other is to use
multiple cipher alphabets. We briefly examine each.
Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in
the plaintext as single units and translates these units into ciphertext digrams.3 The
Playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed using a
keyword. Here is an example, solved by Lord Peter Wimsey in Dorothy Sayers’s Have
His Carcase:

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters
of the keyword (minus duplicates) from left to right and from top to bottom, and then
filling in the remainder of the matrix with the remaining letters in alphabetic order. The
letters I and J count as one letter. Plaintext is encrypted two letters at a time, according to
the following rules: 1. Repeating plaintext letters that are in the same pair are separated
with a filler letter, such as x, so that balloon would be treated as ba lx lo on. 2. Two
plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last. For
example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter. Thus, has becomes BP and ea
becomes IM (or JM, as the encipherer wishes). The Playfair cipher is a great advance
over simple monoalphabetic ciphers. For one thing, whereas there are only 26 letters,
there are 26 * 26 = 676 diagrams, so that identification of individual diagrams is more
difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater
range than that of digrams, making frequency analysis much more difficult. For these
reasons, the Playfair cipher was for a long time considered unbreakable. It was used as
the standard field system by the British Army in World War I and still enjoyed
considerable use by the U.S. Army and other Allied forces during World War II. Despite
this level of confidence in its security, the Playfair cipher is relatively easy to break,
because it still leaves much of the structure of the plaintext language intact. A few
hundred letters of ciphertext are generally sufficient. One way of revealing the
effectiveness of the Playfair and other ciphers is shown in Figure 2.6. The line labeled
plaintext plots a typical frequency distribution of the 26 alphabetic characters (no
distinction between upper and lower case) in ordinary text. This is also the frequency
distribution of any monoalphabetic substitution cipher, because the frequency values for
individual letters are the same, just with different letters substituted for the original
letters. The plot is developed in the following way: The number of occurrences of each
letter in the text is counted and divided by the number of occurrences of the most
frequently used letter. Using the results of Figure 2.5, we see that
e is the most frequently used letter. As a result, e has a relative frequency of 1, t of
9.056/12.702 ≈ 0.72, and so on. The points on the horizontal axis correspond
to the letters in order of decreasing frequency. Figure 2.6 also shows the frequency
distribution that results when the text is encrypted using the Playfair cipher. To normalize
the plot, the number of occurrences of each letter in the ciphertext was again divided by
the number of occurrences of e in the plaintext. The resulting plot therefore shows the
extent to which the frequency distribution of letters, which makes it trivial to solve
substitution ciphers, is masked by encryption. If the frequency distribution
information were totally concealed in the encryption process, the ciphertext plot of
frequencies would be flat, and cryptanalysis using ciphertext only would be effectively
impossible. As the figure shows, the Playfair cipher has a flatter distribution than does
plaintext, but nevertheless, it reveals plenty of structure for a cryptanalyst to work with.
The plot also shows the Vigenère cipher, discussed subsequently.

(X) SESSION OUTCOMES


 Students can know about the classical encryption techniques.
 Students can able to answer the following questions:
 What are different types of substitution ciphers?
 How to convert the plain text into cipher text using ceaser cipher,monoalphabetic cipher
and play fair cipher?

(XI) SELF APPRAISAL


(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies PPT PPT
Minutes used
10 Hill cipher PPT PPT
Minutes
10 Poly alphabetic cipher PPT PPT
Minutes
5 Minutes One-Time pad PPT PPT

5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To learn about the various substitution ciphers Hill cipher,polyalphabetic cipher and
one-Time pad.
 To learn about the generating ciphertext using Hill cipher,polyalphabetic cipher and
one-Time pad.
(VI) SESSION PREREQUISITE
 Students can able to generate the cipher text from plain text using Hill cipher,
polyalphabetic cipher and one-Time pad.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 Cipher Text
 Plain Text
 XOR
XI) LECTURE NOTES
Hill Cipher

Another interesting multiletter cipher is the Hill cipher, developed by the mathematician Lester
Hill in 1929.ConCepts from Linear aLgebra Before describing the Hill cipher, let us briefly
review some terminology from linear algebra. In this discussion, we are concerned with matrix
arithmetic modulo 26. For the reader who needs a refresher on matrix multiplication and
inversion.
We define the inverse M-1 of a square matrix M by the equation M(M -1) = M -1 M= I, where I is
the identity matrix. I is a square matrix that is all zeros except for ones along the main diagonal
from upper left to lower right. The inverse of a matrix does not always exist, but when it does, it
satisfies the preceding equation. For example,

To explain how the inverse of a matrix is computed, we begin with the concept of determinant.
For any square matrix (m * m), the determinant equals the sum of all the products that can be
formed by taking exactly one element from each row and exactly one element from each column,
with certain of the product terms preceded by a minus sign. For a 2 * 2 matrix,

the determinant is k11k22 - k12k21. For a 3 * 3 matrix, the value of the determinant is k11k22k33
+ k21k32k13 + k31k12k23 - k31k22k13 - k21k12k33 - k11k32k23. If a square matrix A has a nonzero
determinant, then the inverse of the matrix is computed as [A-1]ij = (det A)-1(-1)i+j(Dji), where
(Dji) is the subdeterminant formed by deleting the jth row and the ith column of A, det(A) is the
determinant of A, and (det A)-1 is the multiplicative inverse of (det A) mod 26.

We can show that 9-1 mod 26 = 3, because 9 * 3 = 27 mod 26 = 1.Therefore, we compute the
inverse of A as

the hiLL aLgorithm This encryption algorithm takes m successive plaintext letters and
substitutes for them m ciphertext letters. The substitution is determined by m linear equations in
which each character is assigned a numerical value (a = 0, b = 1, c, z = 25). For m = 3, the
system can be described as
where C and P are row vectors of length 3 representing the plaintext and ciphertext, and K is a 3
* 3 matrix representing the encryption key. Operations are performed mod 26. For example,
consider the plaintext “paymoremoney” and use the encryption key

The first three letters of the plaintext are represented by the vector (15 0 24). Then(15 0 24)K =
(303 303 531) mod 26 = (17 17 11) = RRL. Continuing in this fashion, the ciphertext for the
entire plaintext is RRLMWBKASPDH. Decryption requires using the inverse of the matrix K.
We can compute det K = 23, and therefore, (det K)-1 mod 26 = 17. We can then compute the
inverse as

It is easily seen that if the matrix K-1 is applied to the ciphertext, then the plaintext is recovered.
In general terms, the Hill system can be expressed as

C = E(K, P) = PK mod 26

P = D(K, C) = CK-1 mod 26 = PKK-1 = P


As with Playfair, the strength of the Hill cipher is that it completely hides single-letter
frequencies. Indeed, with Hill, the use of a larger matrix hides more frequency information.
Thus, a 3 * 3 Hill cipher hides not only single-letter but also two-letter frequency information.
Although the Hill cipher is strong against a ciphertext-only attack, it is easily broken with a
known plaintext attack. For an m * m Hill cipher, suppose we have m plaintext–ciphertext pairs,
each of length m. We label the pairs Pj = (p1j p1j P pmj) and Cj = (c1j c1j P cmj) such that Cj = PjK
for 1 … j … m and for some unknown key matrix K. Now define two m * m matrices X = (pij)
and Y = (cij). Then we can form the matrix equation Y = XK. If X has an inverse, then we can
determine K = X-1Y. If X is not invertible, then a new version of X can be formed with
additional plaintext–ciphertext pairs until an invertible X is obtained.

Consider this example. Suppose that the plaintext “hillcipher” is encrypted using a 2 * 2
Hill cipher to yield the ciphertext HCRZSSXNSP. Thus, we know that (7 8)K mod 26 = (7 2);
(11 11)K mod 26 = (17 25); and so on. Using the first two plaintext–ciphertext pairs, we have

Polyalphabetic Ciphers

Another way to improve on the simple monoalphabetic technique is to use different


monoalphabetic substitutions as one proceeds through the plaintext message. The general name
for this approach is polyalphabetic substitution cipher. All these techniques have the following
features in common:

1. A set of related monoalphabetic substitution rules is used.

2. A key determines which particular rule is chosen for a given transformation.


The strength of this cipher is that there are multiple ciphertext letters for each plaintext letter, one
for each unique letter of the keyword. Thus, the letter frequency information is obscured.
However, not all knowledge of the plaintext structure is lost. For example, Figure 2.6 shows the
frequency distribution for a Vigenère cipher with a keyword of length 9. An improvement is
achieved over the Playfair cipher, but considerable frequency information remains. It is
instructive to sketch a method of breaking this cipher, because the method reveals some of the
mathematical principles that apply in cryptanalysis. First, suppose that the opponent believes that
the ciphertext was encrypted using either monoalphabetic substitution or a Vigenère cipher. A
simple test can be made to make a determination. If a monoalphabetic substitution is used, then
the statistical properties of the ciphertext should be the same as that of the language of the
plaintext. Thus, referring to Figure 2.5, there should be one cipher letter with a relative frequency
of occurrence of about 12.7%, one with about 9.06%, and so on. If only a single message is
available for analysis, we would not expect an exact match of this small sample with the
statistical profile of the plaintext language. Nevertheless, if the correspondence is close, we can
assume a monoalphabetic substitution

If, on the other hand, a Vigenère cipher is suspected, then progress depends on determining the
length of the keyword, as will be seen in a moment. For now, let us concentrate on how the
keyword length can be determined. The important insight that leads to a solution is the
following: If two identical sequences of plaintext letters occur at a distance that is an integer
multiple of the keyword length, they will generate identical ciphertext sequences. In the
foregoing example, two instances of the sequence “red” are separated by nine character
positions. Consequently, in both cases, r is encrypted using key letter e, e is encrypted using key
letter p, and d is encrypted using key letter t. Thus, in both cases, the ciphertext sequence is
VTW. We indicate this above by underlining the relevant ciphertext letters and shading the
relevant ciphertext numbers. An analyst looking at only the ciphertext would detect the repeated
sequences VTW at a displacement of 9 and make the assumption that the keyword is either three
or nine letters in length. The appearance of VTW twice could be by chance and may not reflect
identical plaintext letters encrypted with identical key letters. However, if the message is long
enough, there will be a number of such repeated ciphertext sequences. By looking for common
factors in the displacements of the various sequences, the analyst should be able to make a good
guess of the keyword length. Solution of the cipher now depends on an important insight. If the
keyword length is m, then the cipher, in effect, consists of m monoalphabetic substitution
ciphers. For example, with the keyword DECEPTIVE, the letters in positions 1, 10, 19, and so
on are all encrypted with the same monoalphabetic cipher. Thus, we can use the known
frequency characteristics of the plaintext language to attack each of the monoalphabetic ciphers
separately. The periodic nature of the keyword can be eliminated by using a nonrepeating
keyword that is as long as the message itself. Vigenère proposed what is referred to as an
autokey system, in which a keyword is concatenated with the plaintext itself to provide a running
key. For our example,
key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself
ciphertext: zIcvTWqngKzeIIgaSxSTSlvvWla

Even this scheme is vulnerable to cryptanalysis. Because the key and the plaintext share the same
frequency distribution of letters, a statistical technique can be applied. For example, e enciphered
by e, by Figure 2.5, can be expected to occur with a frequency of (0.127)2 ≈ 0.016, whereas t
enciphered by t would occur only about half as often. These regularities can be exploited to
achieve successful cryptanalysis.

Vernam Cipher The ultimate defense against such a cryptanalysis is to choose a keyword that is
as long as the plaintext and has no statistical relationship to it. Such a system was introduced by
an AT&T engineer named Gilbert Vernam in 1918

His system works on binary data (bits) rather than letters. The system can be expressed
succinctly as follows (Figure 2.7): ci = pi ⊕ ki where pi = ith binary digit of plaintext ki = ith
binary digit of key ci = ith binary digit of ciphertext ⊕ = exclusive-or (XOR) operation
Compare this with Equation (2.3) for the Vigenère cipher. Thus, the ciphertext is generated by
performing the bitwise XOR of the plaintext and the key. Because of the properties of the XOR,
decryption simply involves the same bitwise operation: pi= ci ⊕ ki which compares with
Equation (2.4).
The essence of this technique is the means of construction of the key. Vernam proposed the use
of a running loop of tape that eventually repeated the key, so that in fact the system worked with
a very long but repeating keyword. Although such a scheme, with a long key, presents
formidable cryptanalytic difficulties, it can be broken with sufficient ciphertext, the use of
known or probable plaintext sequences, or both.

One-Time Pad

An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the Vernam
cipher that yields the ultimate in security. Mauborgne suggested using a random key that is as
long as the message, so that the key need not be repeated. In addition, the key is to be used to
encrypt and decrypt a single message, and then is discarded. Each new message requires a new
key of the same length as the new message. Such a scheme, known as a one-time pad, is
unbreakable. It produces random output that bears no statistical relationship to the plaintext.
Because the ciphertext contains no information whatsoever about the plaintext, there is simply no
way to break the code

An example should illustrate our point. Suppose that we are using a Vigenère scheme with 27
characters in which the twenty-seventh character is the space character, but with a one-time key
that is as long as the message. Consider the ciphertext

anKyoDKyURePfJByoJDSPlReyIUnofDoIUeRfPlUyTS

We now show two different decryptions using two different keys:

ciphertext: anKyoDKyURePfJByoJDSPlReyIUnofDoIUeRfPlUyTS key:


pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: mr mustard with the candlestick in
the hall

ciphertext: anKyoDKyURePfJByoJDSPlReyIUnofDoIUeRfPlUyTS key:


pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt

plaintext: miss scarlet with the knife in the library

Suppose that a cryptanalyst had managed to find these two keys. Two plausible plaintexts are
produced. How is the cryptanalyst to decide which is the correct decryption (i.e., which is the
correct key)? If the actual key were produced in a truly random fashion, then the cryptanalyst
cannot say that one of these two keys is more likely than the other. Thus, there is no way to
decide which key is correct and therefore which plaintext is correct. In fact, given any plaintext
of equal length to the ciphertext, there is a key that produces that plaintext. Therefore, if you did
an exhaustive search of all possible keys, you would end up with many legible plaintexts, with
no way of knowing which was the intended plaintext. Therefore, the code is unbreakable. The
security of the one-time pad is entirely due to the randomness of the key. If the stream of
characters that constitute the key is truly random, then the stream of characters that constitute
the ciphertext will be truly random. Thus, there are no patterns or regularities that a cryptanalyst
can use to attack the ciphertext. In theory, we need look no further for a cipher. The one-time
pad offers complete security but, in practice, has two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys. Any heavily used
system might require millions of random characters on a regular basis. Supplying truly random
characters in this volume is a significant task. 2. Even more daunting is the problem of key
distribution and protection. For every message to be sent, a key of equal length is needed by both
sender and receiver. Thus, a mammoth key distribution problem exists. Because of these
difficulties, the one-time pad is of limited utility and is useful primarily for low-bandwidth
channels requiring very high security. The one-time pad is the only cryptosystem that exhibits
what is referred to as perfect secrecy. This concept is explored in Appendix F.

(X) SESSION OUTCOMES


 Students can know about the classical encryption techniques.
 Students can able to answer the following questions:
 What are different types of substitution ciphers?
 How to convert the plain text into cipher text using Hill cipher ,polyalphabetic cipher and
one time pad?

(XI) SELF APPRAISAL


(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies PPT PPT
Minutes used
10 Transposition Techniques PPT PPT
Minutes
10 PPT PPT
Minutes Permutation
5 Minutes Railfence Technique PPT PPT

5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To study about the Transposition Cipher.
 To learn about the reilfence Technique to convert the plain text into cipher text.
(VI) SESSION PREREQUISITE
 Students can able to know about the Transposition cipher..
 Able to generate the cipher text from plain text using Railfence Technique.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 Railfence
 Permutation.
XI) LECTURE NOTES
TRANSPOSITION TECHNIQUES
All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext
symbol. A very different kind of mapping is achieved by performing some sort of permutation on
the plaintext letters. This technique is referred to as a transposition cipher. The simplest such
cipher is the rail fence technique, in which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows. For example, to encipher the message “meet
me after the toga party” with a rail fence of depth 2, we write the following:

mematrhtgpryetefeteoaat

The encrypted message is

MEMATRHTGPRYETEFETEOAAT

This sort of thing would be trivial to cryptanalyze. A more complex scheme is to write the
message in a rectangle, row by row, and read the message off, column by column, but permute
the order of the columns. The order of the columns then becomes the key to the algorithm. For
example,

Key: 4312567
Plaintext: attackp
ostpone
duntilt
woamxyz
ciphertext: TTnaaPTmTSUoaoDWcoIxKnlyPeTz

Thus, in this example, the key is 4312567. To encrypt, start with the column that is labeled 1, in
this case column 3. Write down all the letters in that column. Proceed to column 4, which is
labeled 2, then column 2, then column 1, then columns 5, 6, and 7. A pure transposition cipher is
easily recognized because it has the same letter frequencies as the original plaintext. For the type
of columnar transposition just shown, cryptanalysis is fairly straightforward and involves laying
out the ciphertext in a matrix and playing around with column positions. Diagram and trigram
frequency tables can be useful. The transposition cipher can be made significantly more secure
by performing more than one stage of transposition. The result is a more complex permutation
that is not easily reconstructed. Thus, if the foregoing message is reencrypted using the same
algorithm,

Key: 4 3 1 2 5 6 7
Input: t t n a a p t
mtsuoao
dwcoixk
nlypetz
output: nScyaUoPTTWlTmDnaoIePaxTToKz
To visualize the result of this double transposition, designate the letters in the original plaintext
message by the numbers designating their position. Thus, with 28 letters in the message, the
original sequence of letters is

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

After the first transposition, we have


03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28

which has a somewhat regular structure. But after the second transposition, we have

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28

This is a much less structured permutation and is much more difficult to cryptanalyze.

(X) SESSION OUTCOMES


 Students can understand the transposition cipher.
 Students can able to answer the following questions:
 How to encrypt the message using transposition cipher?

(XI) SELF APPRAISAL

(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies PPT PPT
Minutes used
10 Steagnography PPT PPT
Minutes
10 Character marking PPT PPT
Minutes Invisible ink

5 Minutes Pin puncture PPT PPT


Type writer correction ribbon

5 Minutes Session Outcomes Rapid round Question Card


(VI) SESSION OBJECTIVES
 To study about the steagnography.
(VI) SESSION PREREQUISITE
 Students can know about the steagnography and its methods.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 RGB
 CD
XI) LECTURE NOTES
STEGANOGRAPHY

We conclude with a discussion of a technique that (strictly speaking), is not encryption, namely,
steganography. A plaintext message may be hidden in one of two ways. The methods of
steganography conceal the existence of the message, whereas the methods of cryptography
render the message unintelligible to outsiders by various transformations of the text
A simple form of steganography,but one that is time-consuming to construct, is one in which an
arrangement of words or letters within an apparently innocuous text spells out the real message.
For example, the sequence of first letters of each word of the overall message spells out the
hidden message. Figure 2.9 shows an example in which a subset of the words of the overall
message is used to convey the hidden message.See if you can decipher this;it’s not too hard.
Various other techniques have been used historically; some examples are the following
• Character marking: Selected letters of printed or typewritten text are overwritten in pencil.The
marks are ordinarily not visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing but leave no visible trace until
heat or some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper
is held up in front of a light.
• Typewriter correction ribbon:Used between lines typed with a black ribbon,the results of typing
with the correction tape are visible only under a strong light.
Although these techniques may seem archaic,they have contemporary equivalents. proposes
hiding a message by using the least significant bits of frames on a CD.For example,the Kodak
Photo CD format’s maximum resolution is 2048 3072 pixels,with each pixel containing 24 bits
of RGB color information.The least significant bit of each 24-bit pixel can be changed without
greatly affecting the quality of the image.The result is that you can hide a 2.3-megabyte message
in a single digital snapshot.There are now a number of software packages available that take this
type of approach to steganography. Steganography has a number of drawbacks when compared
to encryption. It requires a lot of overhead to hide a relatively few bits of information,although
using a scheme like that proposed in the preceding paragraph may make it more effective.Also,
once the system is discovered,it becomes virtually worthless.This problem,too,can be overcome
if the insertion method depends on some sort of key. Alternatively,a message can be first
encrypted and then hidden using steganography. The advantage of steganography is that it can be
employed by parties who have something to lose should the fact of their secret communication
(not necessarily the content) be discovered.Encryption flags traffic as important or secret or may
identify the sender or receiver as someone with something to hide.

(X) SESSION OUTCOMES


 Students can understand the differentiate between encryption and steagnography.
 Students can able to answer the following questions:
 What are the techniques used in steagnography?
 What is the difference between steagnography and encryption?
(XI) SELF APPRAISAL

(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies used PPT PPT
Minutes
10 Foundations of modern PPT PPT
Minutes cryptography

10 Characteristics of modern PPT PPT


Minutes cryptography

5 Minutes Shanons secrecy PPT PPT


perfect secrecy

5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To study about the modern cryptography.
 To learn about the Shanons secrecy and perfect secrecy
(VI) SESSION PREREQUISITE
 Students can know about the modern cryptography.
 Students can able to differentiate trhe modern cryptography and classical cryptography.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 Nonprobabilistic encryption scheme
 Channel coding
 Vernam Cipher
XI) LECTURE NOTES
THE BASIC PRINCIPLES OF MODERN CRYPTOGRAPHY
cryptography was more of an art than any sort of science: schemes were designed in an
ad-hoc manner and then evaluated based on their perceived complexity or cleverness.
Unfortunately, as we have seen, all such schemes (no matter how clever) were eventually
broken. Modern cryptography, now resting on firmer and more scientific foundations, gives hope
of breaking out of the endless cycle of constructing schemes and watching them get broken. In
this section we outline the main principles and paradigms that distinguish modern cryptography
from classical cryptography. We identify three main principles:
1. Principle 1 — the first step in solving any cryptographic problem is the formulation of a
rigorous and precise definition of security.
2. Principle 2 — when the security of a cryptographic construction relies on an unproven
assumption, this assumption must be precisely stated. Furthermore, the assumption should be as
minimal as possible.
3. Principle 3 — cryptographic constructions should be accompanied by a rigorous proof of
security with respect to a definition formulated according to principle 1, and relative to an
assumption stated as in principle 2 (if an assumption is needed at all).

We now discuss each of these principles in greater depth.


Principle 1 – Formulation of Exact Definitions
One of the key intellectual contributions of modern cryptography has been the realization that
formal definitions of security are essential prerequisites for the design, usage, or study of any
cryptographic primitive or protocol. Let us explain each of these in turn:
1. Importance for design: Say we are interested in constructing a secure encryption scheme. If we
do not have a firm understanding of what it is we want to achieve, how can we possibly know
whether (or when) we have achieved it? Having an exact definition in mind enables us to better
direct our design efforts, as well as to evaluate the quality of what we build, thereby improving
the end construction. In particular, it is much better to define what is needed first and then begin
the design phase, rather than to come up with a post facto definition of what has been achieved
once the design is complete. The latter approach risks having the design phase end when the
designers’ patience is tried (rather than when the goal has been met), or may result in a
construction that achieves more than is needed and is thus less efficient than a better solution.
2. Importance for usage: Say we want to use an encryption scheme within some largersystem.
How do we know which encryption scheme to use? If presented with a candidate encryption
scheme, how can we tell whether it suffices for our application? Having a precise definition of
the security achieved by a given scheme (coupled with a security proof relative to a formally-
stated assumption as discussed in principles 2 and 3) allows us to answer these questions.
Specifically, we can define the security that we desire in our system (see point 1, above), and
then verify whether the definition satisfied by a given encryption scheme suffices for our
purposes. Alternatively, we can specify the definition that we need the encryption scheme to
satisfy, and look for an encryption scheme satisfying this definition. Note that it may not be wise
to choose the “most secure” scheme, since a weaker notion of security may suffice for our
application and we may then be able to use a more efficient scheme.
3. Importance for study: Given two encryption schemes, how can we compare them? Without
any definition of security, the only point of comparison is efficiency, but efficiency alone is
a poor criterion since a highly efficient scheme that is completely insecure is of no use. Precise
specification of the level of security achieved by a scheme offers another point of comparison. If
two schemes are equally efficient but the first one satisfies a stronger definition of security than
the second, then the first is preferable.
5 There may also be a trade-off between security and efficiency (see the previous two points),
but at least with precise definitions we can understand what this trade-off entails.things are rarely
this simple.
Of course, precise definitions also enable rigorous proofs (as we will discuss when we come to
principle 3), but the above reasons stand irrespective of this. It is a mistake to think that formal
definitions are not needed since “we have an intuitive idea of what security means”. For starters,
different people have different intuition regarding what is considered secure. Even one person
might have multiple intuitive ideas of what security means, depending on the context.In any
case, a formal definition is necessary for communicating your “intuitive idea” to someone else.
An example: secure encryption. It is also a mistake to think that formalizing definitions is trivial.
For example, how would you formalize the desired notion of security for private-key encryption?
(The reader may want to pause to think about this before reading on.) We have asked students
many times how secure encryption should be defined, and have received the following answers
(often in the following order):
1. Answer 1 — an encryption scheme is secure if no adversary can find the secret key when
given a ciphertext. Such a definition of encryption completely misses the point. The aim of
encryption is to protect the message being encrypted and the secret key is just the means of
achieving this. To take this to an absurd level, consider an encryption scheme that ignores the
secret key and just outputs the plaintext. Clearly, no adversary can find the secret key. However,
it is also clear that no secrecy whatsoever is provided.6
2. Answer 2 — an encryption scheme is secure if no adversary can find the plaintext that
corresponds to the ciphertext. This definition already looks better and can even be found in some
texts on cryptography. However, after some more thought, it is also far from satisfactory. For
example, an encryption scheme that reveals 90% of the plaintext would still be considered secure
under this definition, as long as it is hard to find the remaining 10%. But this is clearly
unacceptable in most common applications of encryption. For example, employment contracts
are mostly standard text, and only the salary might need to be kept secret; if the salary is in the
90% of the plaintext that is revealed then nothing is gained by encrypting. If you find the above
counterexample silly, refer again to footnote 6. The point once again is that if the definition as
stated isn’t what was meant, then a scheme could be proven secure without actually providing
the necessary level of protection. (This is a good example of why exact definitions are
important.)
And lest you respond: “But that’s not what I meant!”, well, that’s exactly the point: it is often not
so trivial to formalize what one means.
3. Answer 3 — an encryption scheme is secure if no adversary can determine any character of
the plaintext that corresponds to the ciphertext. This already looks like an excellent definition.
However, other subtleties can arise. Going back to the example of the employment contract, it
may be impossible to determine the actual salary or even any digit thereof. However, should the
encryption scheme be considered secure if it leaks whether the encrypted salary is greater than or
less than $100,000 per year? Clearly not. This leads us to the next suggestion.
4. Answer 4 — an encryption scheme is secure if no adversary can derive any meaningful
information about the plaintext from the ciphertext. This is already close to the actual definition.
However, it is lacking in one respect: it does not define what it means for information to be
“meaningful”. Different information may be meaningful in different applications. This leads to a
very important principle regarding definitions of security for cryptographic primitives:
definitions of security should suffice for all potential applications. This is essential because one
can never know what applications may arise in the future. Furthermore, implementations
typically become part of general cryptographic libraries which are then used in may different
contexts and for many different applications. Security should ideally be guaranteed for all
possible uses.
5. The final answer — an encryption scheme is secure if no adversary can compute any function
of the plaintext from the ciphertext. This provides a very strong guarantee and, when formulated
properly, is considered today to be the “right” definition of security for encryption. Even here,
there are questions regarding the attack model that should be considered, and how this aspect of
security should be defined.
Even though we have now hit upon the correct requirement for secure encryption, conceptually
speaking, it remains to state this requirement mathematically and formally, and this is in itself a
non-trivial task. As noted in the “final answer”, above, our formal definition must also specify
the attack model: i.e., whether we assume a ciphertext-only attack or a chosen-plaintext attack.
This illustrates a general principle used when formulating cryptographic definitions. Specifically,
in order to fully define security of some cryptographic task, there are two distinct issues that
must be explicitly addressed. The first is what is considered to be a break, and the second is what
is assumed regarding the power of the adversary. The break is exactly what we have discussed
above; i.e., an encryption scheme is considered broken if an adversary learns some function of
the plaintext from a ciphertext. The power of the adversary relates to assumptions regarding the
actions the adversary is assumed to be able to take, as well as the adversary’s computational
power. The former refers to considerations such as whether the adversary is assumed only to be
able to eavesdrop on encrypted messages
(i.e., a ciphertext-only attack), or whether we assume that the adversary can also actively request
encryptions of any plaintext that it likes (i.e., carry out a chosen-plaintext attack). A second issue
that must be considered is the computational power of the adversary.we will want to ensure
security against any efficient adversary, by which we mean any adversary running in polynomial
time.For now, it suffices to say that an “efficient” strategy is one that can be carried out in a
lifetime. Thus “feasible” is arguably a more accurate term.) When translating this into concrete
terms, we might require security against any adversary utilizing decades of computing time on a
supercomputer. In summary, any definition of security will take the following general form:
A cryptographic scheme for a given task is secure if no adversary of a specified power can
achieve a specified break.
We stress that the definition never assumes anything about the adversary’s strategy. This is an
important distinction: we are willing to assume something about the adversary’s capabilities
(e.g., that it is able to mount a chosenplaintext attack but not a chosen-ciphertext attack), but we
are not willing to assume anything about how it uses its abilities. We call this the “arbitrary
adversary principle”: security must be guaranteed for any adversary within the class of
adversaries having the specified power. This principle is important because it is impossible to
foresee what strategies might be used in an adversarial attack (and history has proven that
attempts to do so are doomed to failure).
Mathematics and the real world. A definition of security essentially provides a mathematical
formulation of a real-world problem. If the mathematical definition does not appropriately model
the real world, then the definition may be useless. For example, if the adversarial power under
consideration is too weak (and, in practice, adversaries have more power), or the break is such
that it allows real attacks that were not foreseen (like one of the early answers regarding
encryption), then “real security” is not obtained, even if a “mathematically-secure” construction
is used. In short, a definition of security must accurately model the real world in order for it to
deliver on its mathematical promise of security. It is quite common, in fact, for a widely-
accepted definition to be ill-suited for some new application. As one notable example, there are
encryption schemes that were proven secure (relative to some definition like the ones we have
discussed above) and then implemented on smart-cards. Due to physical properties of the smart-
cards, it was possible for an adversary to monitor the power usage of the smart-card (e.g., how
this power usage fluctuated over time) as the encryption scheme was being run, and it turned out
that this information could be used to determine the key. There was nothing wrong with the
security definition or the proof that the scheme satisfied this
definition; the problem was simply that there was a mismatch between the definition and the real-
world implementation of the scheme on a smart-card. This should not be taken to mean that
definitions (or proofs, for that matter) are useless! The definition — and the scheme that satisfies
it — may still be appropriate for other settings, such as when encryption is performed on an end-
host whose power usage cannot be monitored by an adversary. Furthermore, one way to achieve
secure encryption on a smart-card would be to further refine the definition so that it takes power
analysis into account. Or, perhaps hardware countermeasures for power analysis can be
developed, with the effect of making the original definition (and hence the original scheme)
appropriate for smart-cards. The point is that with a definition you at least know where you
stand, even if the definition turns out not to accurately model the particular setting in which a
scheme is used. In contrast, with no definition it is not even clear what went wrong. This
possibility of a disconnect between a mathematical model and the reality it is supposed to be
modeling is not unique to cryptography but is something that occurs throughout science. To take
an example from the field of computer science, consider the meaning of a mathematical proof
that there exist well-defined problems that computers cannot solve.7 The immediate question that
arises is what does it mean for “a computer to solve a problem”? Specifically, a mathematical
proof can be provided only when there is some mathematical definition of what a computer is (or
to be more exact, what the process of computation is). The problem is that computation is a real-
world process, and there are many different ways of computing. In order for us to be really
convinced that the “unsolvable problem” is really unsolvable, we must be convinced that our
mathematical definition of computation captures the real-world process of computation. How do
we know when it does? This inherent difficulty was noted by Alan Turing who studied questions
of what can and cannot be solved by a computer.
No attempt has yet been made to show [that the problems we have defined to be solvable by a
computer] include [exactly those problems] which would naturally be regarded as computable.
All arguments which can be given are bound to be, fundamentally, appeals to intuition, and for
this reason rather unsatisfactory mathematically. The real question at issue is “What are the
possible processes which can be carried out in [computation]?” The arguments which I shall use
are of three kinds.
(a) A direct appeal to intuition.
Those who have taken a course in computability theory will be familiar with the fact that such
problems do indeed exist (e.g., the Halting Problem).
(b) A proof of the equivalence of two definitions (in case the new definition has a greater
intuitive appeal). (c) Giving examples of large classes of [problems that can be solved using a
given definition of computation].
In some sense, Turing faced the exact same problem as cryptographers. He developed a
mathematical model of computation but needed to somehow be convinced that the model was a
good one. Likewise, cryptographers define notions of security and need to be convinced that
their
definitions imply meaningful security guarantees in the real world. As with Turing, they may
employ the following tools to become convinced:
1. Appeals to intuition: the first tool when contemplating a new definition of security is to see
whether it implies security properties that we intuitively expect to hold. This is a minimum
requirement, since (as we have seen in our discussion of encryption) our initial intuition usually
results in a notion of security that is too weak.
2. Proofs of equivalence: it is often the case that a new definition of security is justified by
showing that it is equivalent to (or stronger than) a definition that is older, more familiar, or more
intuitively-appealing.
3. Examples: a useful way of being convinced that a definition of security suffices is to show that
the different real-world attacks we are familiar with are ruled out by the definition.
In addition to all of the above, and perhaps most importantly, we rely on the test of time and the
fact that with time, the scrutiny and investigation of both researchers and practitioners testifies to
the soundness of a definition.
Principle 2 – Reliance on Precise Assumptions
Most modern cryptographic constructions cannot be proven secure unconditionally. Indeed,
proofs of this sort would require resolving questions in the theory of computational complexity
that seem far from being answered today. The result of this unfortunate state of affairs is that
security typically relies upon some assumption. The second principle of modern cryptography
states that assumptions must be precisely stated. This is for three main reasons:
1. Validation of the assumption: By their very nature, assumptions are statements that are not
proven but are rather conjectured to be true. In order to strengthen our belief in some assumption,
it is necessary for the assumption to be studied. The more the assumption is examined and tested
without being successfully refuted, the more confident we are that the assumption is true.
Furthermore, study of an assumption can provide positive evidence of its validity by showing
that it is implied by some other assumption that is also widely believed.
If the assumption being relied upon is not precisely stated and presented, it cannot be studied and
(potentially) refuted. Thus, a pre-condition to raising our confidence in an assumption is having a
precise statement of what exactly is assumed.
2. Comparison of schemes: Often in cryptography, we may be presented with two schemes that
can both be proven to satisfy some definition but each with respect to a different assumption.
Assuming both schemes are equally efficient, which scheme should be preferred? If the
assumption on which one scheme is based is weaker than the assumption on which the second
scheme is based (i.e., the second assumption implies the first), then the first scheme is to be
preferred since it may turn out that the second assumption is false while the first assumption is
true. If the assumptions used by the two schemes are incomparable, then the general rule is to
prefer the scheme that is based on the betterstudied assumption, or the assumption that is simpler
(for the reasons highlighted in the previous paragraphs).
3. Facilitation of proofs of security: As we have stated, and will discuss in more depth in
principle 3, modern cryptographic constructions are presented together with proofs of security. If
the security of the scheme cannot be proven unconditionally and must rely on some assumption,
then a mathematical proof that “the construction is secure if the assumption is true” can only be
provided if there is a precise statement of what the assumption is.
One observation is that it is always possible to just assume that a construction itself is secure. If
security is well defined, this is also a precise assumption (and the proof of security for the
construction is trivial)! Of course, this is not accepted practice in cryptography for a number of
reasons. First of all, as noted above, an assumption that has been tested over the years is
preferable to a new assumption that is introduced just to prove a given construction secure.
Second, there is a general preference for assumptions that are simpler to state, since such
assumptions are easier to study and to refute. So, for example, an assumption of the type that
some mathematical problem is hard to solve is simpler to study and work with than an
assumption that an encryption schemes satisfies a complex (and possibly unnatural) security
definition. When a simple assumption is studied at length and still no refutation is found, we
have greater confidence in its being correct. Another advantage of relying on “lower-level”
assumptions (rather than just assuming a construction is secure) is that these low-level
assumptions can typically be shared amongst a number of constructions. If a specific
instantiation of the assumption turns out to be false, it can simply be replaced (within any higher-
level construction based on that assumption) by a different instantiation of that assumption. The
above methodology is used throughout this book. For example, Chapters 3 and 4 show how to
achieve secure communication (in a number of ways),assuming that a primitive called a
“pseudorandom function” exists. In these chapters nothing is said at all about how such a
primitive can be constructed..
Principle 3 – Rigorous Proofs of Security
The first two principles discussed above lead naturally to the current one. Modern cryptography
stresses the importance of rigorous proofs of security for proposed schemes. The fact that exact
definitions and precise assumptions are used means that such a proof of security is possible.
However, why is a proof necessary? The main reason is that the security of a construction or
protocol cannot be checked in the same way that software is typically checked. For example, the
fact that encryption and decryption “work” and that the ciphertext looks garbled, does not mean
that a sophisticated adversary is unable to break the scheme. Without a proof that no adversaryof
the specified power can break the scheme, we are left only with our intuition that this is the case.
Experience has shown that intuition in cryptography and computer security is disastrous. There
are countless examples of unproven schemes that were broken, sometimes immediately and
sometimes years after being presented or deployed. Another reason why proofs of security are so
important is related to the potential damage that can result if an insecure system is used.
Although software bugs can sometimes be very costly, the potential damage that may result from
someone breaking the encryption scheme or authentication mechanism of a bank is huge.
Finally, we note that although many bugs exist in software, things basically work due to the fact
that typical users do not try to make their software fail. In contrast, attackers use amazingly
complex and intricate means (utilizing specific properties of the construction) to attack security
mechanisms with the clear aim of breaking them. Thus, although proofs of correctness are
always desirable in computer science, they are absolutely essential in the realm of cryptography
and computer security. We stress that the above observations are not just hypothetical, but are
conclusions that have been reached after years of empirical evidence and experience.
The reductionist approach. We conclude by noting that most proofs in modern cryptography use
what may be called the reductionist approach. Given a theorem of the form
“Given that Assumption X is true, Construction Y is secure according to the given definition”,
a proof typically shows how to reduce the problem given by Assumption X to the problem of
breaking Construction Y. More to the point, the proof will typically show (via a constructive
argument) how any adversary breaking
Shannons theory of secrecy
We consider a given set of encryption functions, one for each key k, mapping a sequence of
plaintext letters m = m1, m2,..., mi ∈ M to a sequence of ciphertext letters c = c1, c2,..., ci ∈ C. If
not otherwise stated, we assume that the plaintext and ciphertext letters are from the same
alphabet. Eve has access to the ciphertext c and her task is to obtain some information about
either the transmitted message (plaintext) or the key k used by Alice and Bob. For a length N
sequence, let M = (M1, M2,...,MN ) be the random variable corresponding to the plaintext Alice
is sending, and let C = (c1, c2,...,cN ) be the the random variable corresponding to the ciphertext
Bob is receiving. Also, K ∈ K is a random variable representing the chosen key.
Shannon’s Theory of Secrecy
We introduce the key entropy H(K) = − k∈K P(k) log P(k), and the message entropy H(M) = −
m∈MN P(m) log P(m). Clearly, we have H(K) ≤ log |K|, and H(M) ≤ log |M|N . The key entropy
describes the uncertainty Eve faces regarding the unknown key a priori (i.e. without having
observed the transmitted ciphertext).
Similarly, the message entropy describes the uncertainty regarding the transmitted message.
Now, Eve observes the transmissed ciphertext. The remaining uncertainty is described by the key
equivocation H(K|C) = − k∈K,c∈CN P(k, c) log P(k|c), and the message equivocation H(M|C) = −
m∈MN ,c∈CN P(m, c) log P(m|c).
From Theorem 3.4
we have H(K|C) ≤ H(K), and H(M|C) ≤ H(M). Our uncertainty about the key and the message
can never increase by observing the ciphertext. A nonprobabilistic encryption scheme is an
encryption function for which every plaintext message is mapped to a unique ciphertext under a
fixed key. Most encryption functions are nonprobabilistic.
Theorem 3.7. For a nonprobabilistic encryption scheme we have H(M|C) ≤ H(K|C). Proof. The
expression H(K,M|C) can written H(K,M|C) = H(K|C) + H(M|C, K). When key and ciphertext
are given, the plaintext is uniquely determined, since we consider only nonprobabilistic
encryption schemes.
So H(M|C, K)=0. Since H(M|C) ≤ H(K,M|C) we get H(M|C) ≤ H(K|C). Let |M| = |C| = L. The
maximum entropy of the considered alphabet H0 = log L is sometimes called the rate of the
alphabet. The actual entropy of the message source per alphabet symbol is denoted by H(M) and
given by H(M) = H(M) N , for a length N message M = (M1, M2,...,MN ). There are two cases to
consider. The first one is for memoryless source.
Then H(M) = H(M1) + H(M2|M1) + ··· + H(MN |M1,...,MN−1), and due to the memoryless
property H(M) = H(M1) + H(M2) + ··· + H(MN ) = NH(M1). Finally H(M) = H(M1), i.e., it is
enough to find the uncertainty of a single message symbol. The second case is when the source is
not memoryless. Then we use the expression H(M) = H∞, where H∞ is the entropy per letter
defined by H∞ = lim N→∞ H(M1, M2,...,MN ) N . For English, the entropy per letter can be
determined experimentally to be around H∞ = 1.5.
Definition 3.5. We define the redundancy of a source, denoted D, to be D = H0 − H(M). The
redundancy is an important characterization of a source, since it describes how much a source
can be compressed. For English, the redundancy is D = log 26 − 1.5=3.2 bits. This means that
out of the 4.7 bits needed to represent a letter only 1.5 bits is necessary for unique representation.
The remaining 3.2 bits can be removed. In more practical terms, a file of 1000 letters English
text would require 4700 bits if represented in a basic form (or 5000 bits if each possible letter
corresponds to a 5 bit pattern). The above arguments shows that 1500 bits is theoretically enough
to represent the text (by clever and complex encoding). The remaining 3200 bits is the
redundancy that “can be removed”. One of the main results of Shannon was that he showed that
due to the redundancy in a source, cryptosystems can be broken.
Theorem 3.8. H(K|C) ≥ H(K) − ND.
Shannon’s Theory of Secrecy
Proof. Since H(K,M, C) = H(K,M) = H(K, C) (unique encryption/decryption) and H(K,M) =
H(K) + H(M) we get on one hand H(K,M) = H(K) + NH(M), and on the other hand H(K, C) =
H(C) + H(K|C) ≤ NH0 + H(K|C). Combining these expressions gives H(K|C) ≥ NH(M) + H(K) −
NH0 = H(K) − ND. From the theorem we see that when the length of the encrypted message is
more than H(K)/D the right hand side becomes 0, i.e., the uncertainty about the key might be
close to zero. This leads to the following definition.
Definition 3.6. The unicity distance denoted N0 is defined as N0 = H(K)/D. Let us comment
shortly on this definition. If the message length is longer than N0 the inequality in Theorem 3.8
becomes H(K|C) ≥ 0, i.e., the uncertainty about the key for Eve could be very small, but it does
not necessarily have to be so. If, on the other hand, the message length is shorter than N0, this
means that Eve faces some uncertainty about the key, i.e, there are many key values that could
have generated the observed ciphertext. But this does not mean that there is an uncertainty about
the message. It could be that all possible keys would decrypt to the same message. Even though
it is hard to fully describe the meaning of unicity distance, from a practical point of view it gives
a rough borderline between the case when there are several possible solutions and the case when
there is only one possible solution for the key or the message.
Example 3.2. Consider a simple substitution cipher encrypting an English source. We have H(K)
= log 26! = 88.4 bit. Using D = 3.2 we get N0 = 88.4/3.2 ≈ 28 letters. The interpretation is that if
we know more than 28 letters there is probably a unique value for the key giving a meaningful
message. All other key values give messages that are not meaningful.
Example 3.3. A Vernam cipher has key size H(K) = NH0. Since D N, i.e., the unicity distance is
larger than the message length. Having demonstrated the fact that redundancy helps Eve in her
cryptanalytic attempts, we come to two conclusions regarding services provided by a
communication system.
• Compression should be done before encryption and it improves the security of a cryptosystem.
• Channel coding (adding parity bits for correction/detection of errors) should be done after
encryption. So the correct order of services is first to compress the source, then to encrypt the
resulting data, and finally to perform channel coding. We can strengthen the notion of an
unbreakable system as follows.
Definition 3.7. A cryptosystem is said to have perfect secrecy if I(M, C)=0. In a system with
perfect secrecy, the plaintext and the ciphertext are independent. When Eve observes the
ciphertext, she obtains no information at all about the plaintext (H(M|C) = H(M)). This is in
some sense the strongest notion of security we can hope for. Unfortunately, a cryptosystem with
perfect secrecy has a severe drawback, making it useless for practical purposes.
Theorem 3.9. For a cryptosystem with perfect secrecy we have H(M) ≤ H(K). Proof. We know
that H(M|C) ≤ H(K|C) ≤ H(K). But the definition of perfect secrecy implies H(M|C) = H(M), so
the theorem follows. In a system with perfect secrecy we need the key size to be at least as large
the size of the plaintext (after compression). As most applications consider plaintexts of large
sizes (like encrypting a file), this would lead to huge key sizes which is practically impossible to
handle. We end this chapter with the following result.
Theorem 3.10. The Vernam cipher has perfect secrecy. Proof. We prove the result for the binary
alphabet. For the Vernam cipher we have C = M + K, where M = (M1, M2,...,MN ) and K = (K1,
K2,...,KN ), Mi, Ki ∈ F2, i = 1, 2,...,N. Whereas M may have any distribution, K is uniformly
distributed. Thus I(M; C) = m c P(m, c) log P(c|m) P(c) = = m c P(m, c) log 1/2N 1/2N = 0.
Recall our discussion in the introduction of the chapter. The Vernam cipher is proved secure in
the strongest possible sense, but this is only valid for the cipertext-only assumption.

(X) SESSION OUTCOMES


 Students can understand the modern cryptography.
 Students can able to answer the following questions:
 What is the difference between modern cryptography and classical cryptography?
 How will you define the shanons secrecy and perfect secrecy?
 What are the principles of modern cryptography?

(XI) SELF APPRAISEL


(V) SESSION PLAN

TIME CONTENT TEACHING TEACHING


METHOD AID
05 Attendance - -
Minutes
05 Prerequisite Quiz Quiz Card
Minutes
05 Terms and Terminologies PPT PPT
Minutes used
10 Information Theory PPT PPT
Minutes
10 PPT PPT
Minutes Product crypto system
5 Minutes Cryptanalysis PPT PPT

5 Minutes Session Outcomes Rapid round Question Card

(VI) SESSION OBJECTIVES


 To study about the information theory.
 To learn about Product crypto system.
 To learn about the cryptanalysis.
(VI) SESSION PREREQUISITE
 Students can know about the information theory.
 Students can able to know about the product crypto system.
(VII) TERMS AND TERMINOLOGIES USED IN THIS SESSION
 Multiplicative Cipher
 DES
 Affine Cipher
XI) LECTURE NOTES
Information theory
First a few basics from probability theory. Consider an experiment or trial of some kind,
resulting in some outcome. The set of all possible outcomes is called the sample space of the
experiment, denoted Ω. 39 Let Ω be finite, Ω = {ω1, ω2,...,ωn}. The elements ωi in Ω are called
elementary events. An event E is simply any subset of Ω. We assume that the elementary events
have an associated probability measure P(ωi) such that 0 ≤ P(ωi) ≤ 1, n i=1 P(ωi)=1. The
probability of an event E is given by P(E) = ω∈E P(ω).
A discrete random variable X takes values from a finite set X . It is a mapping from
X(ω):Ω −→ X . It has a probability distribution P(X) where the notation P(X = x) means the
probability that the random variable X takes the value x ∈ X . The probability P(X = x) is given as
P(X = x) = ω:X(ω)=x P(ω). We use the notation P(x) rather than P(X = x) for convenience.
Obviously P(x) ≥ 0 for all x ∈ X and x∈X P(x)=1. Let E ⊂ X . Then X ∈ E is an event and its
probability is calculated as P(X ∈ E) = x∈E P(x).
Example 3.1. Let X denote the outcome when throwing a die. Then Ω = X = {1, 2, 3, 4, 5, 6} and
P(X = x)=1/6 for all x ∈ X . Consider the event of throwing an even number, i.e., E = {2, 4, 6}.
Its probability is P(X ∈ E) = x∈E P(x)=1/2. Note that a random variable does not need to take on
numerical values. Considering the example above, we can define a new random variable Y
taking values from Y = {odd, even}. Still, Ω = {1, 2, 3, 4, 5, 6} and Y (1) = odd, Y (2) = even,
..., Y (6) = even giving P(Y = odd) = ω:Y (ω)=odd P(ω)=1/2, etc. A pair of random variables X,
Y defined on the same sample space can be considered as a single random variable, say Z = (X,
Y ). The random variable Z takes values in X ×Y, with Z(ω)=(X(ω), Y (ω)). Usually, we want to
keep the X and Y variables visible, so we write P(X, Y ), etc., without introducing a new random
variable. A similar reasoning can be made for events E and F. We can consider the joint event G
that both E and F occur. Then G corresponds to the event G = E ∩ F. The notation P(E,F) is
defined as P(E ∩ F). Two events E and F are said to be independent if P(E,F) = P(E)P(F) .
Shannon’s Theory of Secrecy Correspondingly, two random variables X, Y are said to be
independent random variables if P(X = x, Y = y) = P(X = x)P(Y = y), ∀x ∈ X , y ∈ Y. Next we
introduce conditional probabilities.
Definition 3.1. The conditional probability P(E|F) is defined as P(E|F) = P(E,F) P(F) ,
assuming P(F) = 0. For random variables we have a similar definition of P(X|Y ) as P(X = x|Y =
y) = P(X = x, Y = y) P(Y = y) . We will now introduce the concept of entropy, which is a
measure of uncertainty of a random variable.
Definition 3.2. The entropy H(X) of a discrete random variable X is defined as H(X) = −
x∈X P(x) log P(x). The log is to the base 2 and entropy is expressed in bits. Also, we use the
convention that 0 log 0 = 0, which is easily justified since x log x → 0 as x → 0. Recall that the
expectation E(F(X)) of a function F(X) is defined as E(F(X)) = x∈X P(x)F(x). Clearly, an
alternative way of expressing the entropy is H(X) = E(− log P(X)). We can see that the actual
values of X are not used in the calculation of the entropy, only its probability distribution. This
means that the entropy of X can be calculated even if X does not take on numerical values. The
interpretation of entropy can be viewed as some kind of uncertainty about the outcome of the
random variable. If X takes one value with probability 1 and other values with probability 0, then
the entropy is 0 bits. There is no uncertainty since we know what value X will take. If X takes on
two possible values, both with probability 1/2, then the entropy is 1 bit. If X takes on four
possible values, all with probability 1/4, then the entropy is 2 bit, and so on. If we consider (X, Y
) as one random variable we get H(X, Y ) = − x∈X,y∈Y P(x, y) log P(x, y). We need to define
conditional entropy.
Definition 3.3. The conditional entropy H(X|Y ) of a discrete random variable X,
conditioned on another discrete random variable Y is defined as H(X|Y ) = − x∈X,y∈Y P(x, y) log
P(x|y). Note that this is equivalently expressed as H(X|Y ) = E(− log P(X|Y )). If P(y) = 0 we can
introduce the notation H(X|Y = y) = − x∈X P(x|y) log P(x|y). It is then straightforward to derive
the expression H(X|Y ) = y∈Y P(y)H(X|Y = y). This may be a convenient way to calculate H(X|Y
). The entropy function has several important properties.
Theorem 3.1. If X is a random variable taking values in the set X = {x1, x2,...,x|X|} then
0 ≤ H(X) ≤ log |X |. Furthermore, H(X)=0 if and only if P(x)=1 for some x ∈ X ; and H(X) = log
|X | if and only if P(x)=1/|X | for all x ∈ X . A similar property holds for the conditional entropy.
Theorem 3.2. If X is a random variable taking values in the set X = {x1, x2,...,x|X|} then 0 ≤
H(X|Y ) ≤ log |X |. Furthermore, H(X|Y )=0 if and only if for every y P(x|y)=1 for some x ∈ X ;
and H(X|Y ) = log |X | if and only if for every y P(x|y)=1/|X | for all x ∈ X . Also for H(X|Y = y)
similar inequalities hold. Consider a number of random variables X1, X2,...Xn. The following
chain rule is often very useful.
Theorem 3.3. H(X1X2 ...Xn) = H(X1) + H(X2|X1) + H(X3|X1X2) + ··· H(Xn|X1X2
...Xn−1). In particular, H(XY ) = H(X) + H(Y |X) = H(Y ) + H(X|Y ). Finally, the following
inequality shows that the uncertainty of a random variable X can never increase by knowledge of
the outcome of another random variable.
Theorem 3.4. H(X|Y ) ≤ H(X) with equality if and only if X and Y are independent.
Shannon’s Theory of Secrecy The inequality leads to the fact that H(XY ) ≤ H(X) + H(Y ), again
with equality if and only if X and Y are independent. Consider H(X) in the case |X | = 2. There
are two possible values, one with probability p and the other with probability 1 − p. This case is
so common that the entropy function has received a notation of its own, h(p) = −p log p − (1 − p)
log(1 − p). We will now introduce the concept of mutual information. To start with, we define
the relative entropy D(P(X)||Q(X)) between two probability distributions P(X) and Q(X) as
D(P(X)||Q(X)) = x∈X P(x) log P(x) Q(x) . This can equivalently be written as D(P(X)||Q(X)) =
EP (log P(x) Q(x) ). Note that the expectation is taken over P(X) and in general D(P(X)||Q(X)) =
D(Q(X)||P(X)). The relative entropy is a measure of the distance between two distributions. It
can be thought of as the inefficiency of assuming distribution Q(X) when the correct distribution
is P(X).
Definition 3.4. The mutual information I(X; Y ) between random variables X and Y is
defined as I(X; Y ) = D(P(X, Y )||P(X)P(Y )), or equivalently I(X; Y ) = x∈X,y∈Y P(x, y) log P(x,
y) P(x)P(y) . The mutual information I(X; Y ) measures the information (in bits) we receive
about the random variable X when observing the outcome of the random variable Y . But it also
describes the information we receive about the random variable Y when observing the outcome
of the random variable X. Hence the name mutual information and the property I(X; Y ) = I(Y ;
X). Some very important properties for the mutual information are summarized in the following
theorem.
Theorem 3.5. I(X; Y ) = H(X) − H(X|Y ), (3.1) I(X; Y ) = H(Y ) − H(Y |X), (3.2) I(X; Y )
= H(X) + H(Y ) − H(X, Y ), (3.3) I(X; Y ) = I(Y ; X), (3.4) I(X; X) = H(X). (3.5) 43 Alice
encryption Eve key source decryption secure channel Bob mc m K
Figure 3.1: Shannons model of a secrecy system Finally we define the conditional mutual
information I(X; Y |Z) in an analogue way, I(X; Y |Z) = D(P(X, Y |Z)||P(X|Z)P(Y |Z)), where
D(P(X|Z)||Q(X|Z)) = z∈Z P(z) x∈X P(x|z) log P(x|z) Q(x|z) is the conditional relative entropy.
Clearly, I(X; Y |Z) = H(X|Z) − H(X|Y,Z) = H(Y |Z) − H(Y |X, Z), etc. We end by giving the
inequality
Theorem 3.6. I(X; Y ) ≥ 0, with equality if and only if X and Y are independent.

PRODUCT CRYPTOSYSTEMS
Another innovation introduced by Shannon in his 1949 paper was the idea of combining
cryptosystems by forming their “product.” This idea has been of fundamental importance in the
design of present-day cryptosystems such as the Data Encryption Standard.

For simplicity, we will confine our attention in this section to cryptosystems in which :
cryptosystems of this type are called endomorphic. Suppose
and are two endomorphic cryptosystems which have the same plaintext
(and ciphertext) spaces. Then the product of S1 and S2, denoted by S1 × S2, is defined to be the
cryptosystem

A key of the product cryptosystem has the form K = (K1, K2), where and .
The encryption and decryption rules of the product cryptosystem are defined as follows: For
each K = (K1, K2), we have an encryption rule eK defined by the formula

and a decryption rule defined by the formula

That is, we first encrypt x with , and then “re-encrypt” the resulting ciphertext with .
Decrypting is similar, but it must be done in the reverse order:

Recall also that cryptosystems have probability distributions associated with their keyspaces.
Thus we need to define the probability distribution for the keyspace of the product
cryptosystem. We do this in a very natural way:
Figure 2.2 Multiplicative Cipher

In other words, choose K1 using the distribution , and then independently choose K2 using
the distribution .

Here is a simple example to illustrate the definition of a product cryptosystem. Suppose we


define the Multiplicative Cipher as in Figure 2.2.

Suppose M is the Multiplicative Cipher (with keys chosen equiprobably) and S is the Shift
Cipher (with keys chosen equiprobably). Then it is very easy to see that M × S is nothing more
than the Affine Cipher (again, with keys chosen equiprobably). It is slightly more difficult to
show that S × M is also the Affine Cipher with equiprobable keys.

Let’s prove these assertions. A key in the Shift Cipher is an element , and the
corresponding encryption rule is eK(x) = x + K mod 26. A key in the Multiplicative Cipher is an
element such that gcd(a, 26) = 1; the corresponding encryption rule is ea(x) = ax mod
26. Hence, a key in the product cipher M × S has the form (a, K), where

But this is precisely the definition of a key in the Affine Cipher. Further, the probability of a
key in the Affine Cipher is 1/312 = 1/12 × 1/26, which is the product of the probabilities of the
keys a and K, respectively. Thus M × S is the Affine Cipher.

Now let’s consider S × M. A key in this cipher has the form (K, a), where
Thus the key (K, a) of the product cipher S × M is identical to the key (a, aK) of the Affine
Cipher. It remains to show that each key of the Affine Cipher arises with the same probability
1/312 in the product cipher S × M. Observe that aK = K1 if and only if K = a-1K1 (recall that
gcd(a, 26) = 1, so a has a multiplicative inverse). In other words, the key (a, K1) of the Affine
Cipher is equivalent to the key (a-1K1, a) of the product cipher S × M. We thus have a
bijection between the two key spaces. Since each key is equiprobable, we conclude that S × M
is indeed the Affine Cipher.

We have shown that M × S = S × M. Thus we would say that the two cryptosystems commute.
But not all pairs of cryptosystems commute; it is easy to find counterexamples. On the other
hand, the product operation is always associative: (S1 × S2) × S3 = S1 × (S2 × S3).

If we take the product of an (endomorphic) cryptosystem S with itself, we obtain the


cryptosystem S × S, which we denote by S2. If we take the n-fold product, the resulting
cryptosystem is denoted by Sn. We call Sn an iterated cryptosystem.

A cryptosystem S is defined to be idempotent if S2 = S. Many of the cryptosystems we studied in


Chapter 1 are idempotent. For example, the Shift, Substitution, Affine, Hill,
Vigenere and Permutation Ciphers are all idempotent. Of course, if a cryptosystem S is
idempotent, then there is no point in using the product system S2, as it requires an extra key but
provides no more security.

If a cryptosystem is not idempotent, then there is a potential increase in security by iterating


several times. This idea is used in the Data Encryption Standard, which consists of 16
iterations. But, of course, this approach requires a non-idempotent cryptosystem to start with.
One way in which simple non-idempotent cryptosystems can sometimes be constructed is to take
the product of two different (simple) cryptosystems.

REMARK It is not hard to show that if S1 and S2 are both idempotent and they commute,
then S1 × S2 will also be idempotent. This follows from the following algebraic manipulations:

(Note the use of the associative property in this proof.)

So, if S1 and S2 are both idempotent, and we want S1 × S2 to be non-idempotent, then it is


necessary that S1 and S2 not commute.
Fortunately, many simple cryptosystems are suitable building blocks in this type of approach.
Taking the product of substitution-type ciphers with permutation-type ciphers is a commonly
used technique. We will see a realization of this in the next chapter.

CRYPTANALYSIS

Modern cryptography is the cornerstone of computer and communications security. Its


foundation is based on various concepts of mathematics such as number theory, computational-
complexity theory, and probability theory.

Characteristics of Modern Cryptography

There are three major characteristics that separate modern cryptography from the classical
approach.

Context of Cryptography

Cryptology, the study of cryptosystems, can be subdivided into two branches −

 Cryptography
 Cryptanalysis
What is Cryptography?
Cryptography is the art and science of making a cryptosystem that is capable of providing
information security.
Cryptography deals with the actual securing of digital data. It refers to the design of
mechanisms based on mathematical algorithms that provide fundamental information security
services. You can think of cryptography as the establishment of a large toolkit containing
different techniques in security applications.
What is Cryptanalysis?
The art and science of breaking the cipher text is known as cryptanalysis.
Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic
process results in the cipher text for transmission or storage. It involves the study of
cryptographic mechanism with the intention to break them. Cryptanalysis is also used during
the design of the new cryptographic techniques to test their security strengths.
Note − Cryptography concerns with the design of cryptosystems, while cryptanalysis studies the
breaking of cryptosystems.

Cryptanalysts throughout history have used a number of different methods to break encryption
algorithms, including the following:
Known plain-text analysis If the analyst has a sample of decrypted text that was encrypted
using a particular cipher, he or she can sometimes deduce the key by studying the cipher text.

Differential cryptanalysis If the analyst can obtain cipher text from plain text but is unable to
analyze the key, it can be deduced by comparing the cipher text and the plain text.

Ciphertext-only analysis This is used when only the cipher text is available and the analyst has
no sample of plain text.
Timing/differential power analysis This is a means of measuring the differences in power
consumption over a period during which a computer chip is encrypting information to analyze
key computations.

Key interception (man in the middle) The analyst tricks two parties to an encrypted exchange
into sending their keys by making them think they're exchanging keys with each other.

(X) SESSION OUTCOMES


 Students can understand the Information Theory.
 Students can able to answer the following questions:
 What is the difference between cryptography and cryptanalysis?
 How will you find the cipher text using multiplicative cipher scheme?
 Define the principles of information theory.

(XI) SELF APPRAISAL


COURSE OUTCOMES:

After successful completion of the course, the learners would be able to

CO1 Provide security of the data over the network.

CO2 An ability to apply various message authentication functions and secure algorithms.

CO3 An ability to analyze and compare different security mechanisms and services

CO4 Implement various networking protocols.

CO5 An ability to explain the basics of number theory and to compare various encryption
techniques.

CO6 An ability to summarize the functionality of public key cryptography.

CO7 . Do research in the emerging areas of cryptography and network security

CO8 An ability to demonstrate different types of security systems and applications.

CO9 Protect any network from the threats in the world

REFERENCES
Books Referred

1. William Stalling ,Cryptography and Network Security (5th Edition)


online: Available: https://wanguolin.github.io/assets/cryptography_and_network_security
2. Cryptography: Theory and Practiceby Douglas Stinson CRC Press, CRC Press LLC
ISBN: 0849385210 Pub Date: 03/17/95
3. Charlie Kaufman, Radia Perlman and Mike Speciner, “Network Security”, Prentice
Hall of India, 2002. (UNIT V).

Websites Referred

1. https://medium.com/cantors-paradise/shannon-ciphers-and-perfect-security-
d70c10379ac2
2. Information-theoretic Cryptography Hermann Gruber, papro.softGbR June 6, 2005
Abstract In 1949, Shannon published the paper ”Communication theory of secrecy
systems
3. https://link.springer.com/referenceworkentry/10.1007%2F0-387-23483-7_320
4. https://link.springer.com/chapter/10.1007/10718964_39
4. https://uomustansiriyah.edu.iq/media/lectures/6/6_2017_03_17!10_56_57_PM.pdf
5. http://www.engppt.com/2012/10/cryptography-and-network-security.htm l
6. https://flylib.com/books/en/3.230.1.29/1/
7. https://www.tutorialspoint.com/cryptography/modern_cryptography.htm
8. https://www.studocu.com/in/document/anna-university/cryptography-and-network-
security/other/1-cs6701-cryptography-and-network-security-question-bank-
2019/6410872/view
9. http://csunplugged.mines.edu/Activities/Cryptography/Cryptography.pdf
Video Lectures
1. http://nptel.ac.in/courses/106105031/lecture by Dr. Debdeep MukhopadhyayIIT Kharagpur
2. https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-033- computer-
system-engineering-spring-2009/video-lectures/ lecture by Prof. Robert Morris and Prof. Samuel
Madden MIT.

UNIVERSITY QUESTION PAPERS DETAILS:

REGULATION AVAILABLE NOT AVAILABLE


2017(CS 8792) - -
2013(CS 6701) April/May 2019 April/May 2016
Nov/Dec 2019
April/May 2018
Nov/Dec 2018
April/May 2017
Nov/Dec 2017
Nov/Dec 2016

2008(IT 2352) April/May 2015 -


Nov/Dec 2015
May/June 2014
Nov/Dec 2014
May/June 2013
Nov/Dec 2013
May/June 2012
Nov/Dec 2012
April/May 2011
Nov/Dec 2011

2004 (IT 1352) April/May 2010 -


Nov/Dec 2010
Nov/Dec 2009
May/June 2009

You might also like