Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.

23PCSCC33: NETWORKSECURITYAND CRYPTOGRAPHY

Unit:1 INTRODUCTION: Introduction to Cryptography – Security Attacks – Security

Services –Security Algorithm- Stream cipher and Block cipher - Symmetric and
Asymmetric-key Cryptosystem Symmetric Key Algorithms: Introduction – DES – Triple
DES – AES – IDEA – Blowfish – RC5.
Introduction to Cryptography
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure
networks (like the Internet) so that it cannot be read by anyone except the intended recipient
While cryptography is the science of securing data, cryptanalysis is the science of
analyzing and breaking secure communication. Classical cryptanalysis involves an interesting
combination of analytical reasoning, application of mathematical tools, pattern finding,
patience, determination, and luck. Cryptanalysts are also called attackers. Cryptology
embraces both cryptography and cryptanalysis.
How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption
and decryption process. A cryptographic algorithm works in combination with a key—a word,
number, or phrase—to encrypt the plaintext. The same plaintext encrypts to different
ciphertext with different keys. The security of encrypted data is entirely dependent on two
things: the strength of the cryptographic algorithm and the secrecy of the key.
A cryptographic algorithm, plus all possible keys and all the protocols that make it
work, comprise a cryptosystem. PGP is a cryptosystem.
Encryption and decryption
Data that can be read and understood without any special measures is called plaintext
or cleartext. The method of disguising plaintext in such a way as to hide its substance is called
encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use
encryption to make sure that information is hidden from anyone for whom it is not intended,
even those who can see the encrypted data. The process of reverting ciphertext to its original
plaintext is called decryption.

1|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

Features Of Cryptography
 Confidentiality: Information can only be accessed by the person for whom it is intended
and no other person except him can access it.
 Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
 Non-repudiation: The creator/sender of information cannot deny his intention to send
information at a later stage.
 Authentication: The identities of the sender and receiver are confirmed. As well
destination/origin of the information is confirmed.
 Interoperability: Cryptography allows for secure communication between different
systems and platforms.
 Adaptability: Cryptography continuously evolves to stay ahead of security threats and
technological advancements.
Types Of Cryptography
1. Symmetric Key Cryptography
It is an encryption system where the sender and receiver of a message use a single
common key to encrypt and decrypt messages. Symmetric Key cryptography is faster and
simpler but the problem is that the sender and receiver have to somehow exchange keys
securely. The most popular symmetric key cryptography systems are Data Encryption
Systems (DES) and Advanced Encryption Systems (AES) .

Symmetric Key Cryptography

2. Hash Functions
There is no usage of any key in this algorithm. A hash value with a fixed length is
calculated as per the plain text which makes it impossible for the contents of plain text to
be recovered. Many operating systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography
In Asymmetric Key Cryptography, a pair of keys is used to encrypt and decrypt
information. A receiver’s public key is used for encryption and a receiver’s private key is
used for decryption. Public keys and Private keys are different. Even if the public key is
known by everyone the intended receiver can only decode it because he alone knows his
private key. The most popular asymmetric key cryptography algorithm is the RSA
algorithm.
Applications of Cryptography
 Computer passwords: Cryptography is widely utilized in computer security, particularly
when creating and maintaining passwords. When a user logs in, their password is
hashed and compared to the hash that was previously stored. Passwords are hashed
2|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

and encrypted before being stored. In this technique, the passwords are encrypted so
that even if a hacker gains access to the password database, they cannot read the
passwords.
 Digital Currencies: To protect transactions and prevent fraud, digital currencies like
Bitcoin also use cryptography. Complex algorithms and cryptographic keys are used to
safeguard transactions, making it nearly hard to tamper with or forge the
transactions.
 Secure web browsing: Online browsing security is provided by the use of cryptography,
which shields users from eavesdropping and man-in-the-middle assaults. Public key
cryptography is used by the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols to encrypt data sent between the web server and the client,
establishing a secure channel for communication.
 Electronic signatures: Electronic signatures serve as the digital equivalent of a
handwritten signature and are used to sign documents. Digital signatures are created
using cryptography and can be validated using public key cryptography. In many
nations, electronic signatures are enforceable by law, and their use is expanding
quickly.
 Authentication: Cryptography is used for authentication in many different situations,
such as when accessing a bank account, logging into a computer, or using a secure
network. Cryptographic methods are employed by authentication protocols to confirm
the user’s identity and confirm that they have the required access rights to the
resource.
 Cryptocurrencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and
Ethereum to protect transactions, thwart fraud, and maintain the network’s integrity.
Complex algorithms and cryptographic keys are used to safeguard transactions,
making it nearly hard to tamper with or forge the transactions.
 End-to-end Internet Encryption: End-to-end encryption is used to protect two-way
communications like video conversations, instant messages, and email. Even if the
message is encrypted, it assures that only the intended receivers can read the
message. End-to-end encryption is widely used in communication apps like
WhatsApp and Signal, and it provides a high level of security and privacy for users.
Types of Cryptography Algorithm
 Advanced Encryption Standard (AES): AES (Advanced Encryption Standard) is a popular
encryption algorithm which uses the same key for encryption and decryption It is a
symmetric block cipher algorithm with block size of 128 bits, 192 bits or 256 bits. AES
algorithm is widely regarded as the replacement of DES (Data encryption standard)
algorithm
 Data Encryption Standard (DES): DES (Data encryption standard) is an older encryption
algorithm that is used to convert 64-bit plaintext data into 48-bit encrypted
ciphertext. It uses symmetric keys (which means same key for encryption and
decryption). It is kind of old by today’s standard but can be used as a basic building
block for learning newer encryption algorithms.
 RSA: RSA is an basic asymmetric cryptographic algorithm which uses two different
keys for encryption. The RSA algorithm works on a block cipher concept that converts
plain text into cipher text and vice versa.
 Secure Hash Algorithm (SHA): SHA is used to generate unique fixed-length digital fingerprints of
input data known as hashes. SHA variations such as SHA-2 and SHA-3 are commonly used
to ensure data integrity and authenticity. The tiniest change in input data drastically
3|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

modifies the hash output, indicating a loss of integrity. Hashing is the process of
storing key value pairs with the help of a hash function into a hash table.

SECURITY ATTACKS
There are four general categories of attack which are listed below.
Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on
availability e.g., destruction of piece of hardware, cutting of a communication line or Disabling
of file management system.
Interception
An unauthorized party gains access to an asset. This is an attack on confidentiality.
Unauthorized party could be a person, a program or a computer.e.g., wire tapping to capture
data in the network, illicit copying of files

Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack on
integrity. e.g., changing values in data file, altering a program, modifying the contents of
messages being transmitted in a network.

Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on
authenticity. e.g., insertion of spurious message in a network or addition of records to a file.

4|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

Security Services
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer system a n d transmitted
information are accessible only for reading by authorized parties.
E.g. Printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to
deny the transmission.
Access control: Requires that access to information resources may be controlled by or the
target system.
Availability: Requires that computer system assets be available to authorized parties when
needed.
Security Algorithm
A cryptographic algorithm is a set of steps that can be used to convert plain text into cipher text.
A cryptographic algorithm is also known as an encryption algorithm.
A cryptographic algorithm uses an encryption key to hide the information and convert it into
an unreadable format. Similarly, a decryption key can be used to convert it back into plain-
readable text.

Process of Cryptography

Types of Cryptographic Algorithms

To protect sensitive data and conversations, cryptography uses complex algorithms.
These mathematical formulas enable the encryption, decryption, signature, and verification
processes that protect secret data during transmission and storage.
There are various types of cryptographic algorithms but in this article we will be
discussing the 4 major types of cryptographic algorithms.

5|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

1. Advanced Encryption Standard (AES)

AES (Advanced Encryption Standard) is a popular encryption algorithm which uses the
same key for encryption and decryption It is a symmetric block cipher algorithm with block size
of 128 bits, 192 bits or 256 bits. AES algorithm is widely regarded as the replacement of DES
(Data encryption standard) algorithm, which we will learn more about later in this article.
There are many types of AES depending on the rounds:
 AES-128 uses 10 rounds
 AES-192 uses 12 rounds
 AES-256 uses 14 rounds
The more rounds there are, the safer the encryption. This is why AES-256 is considered the
safest encryption.

Characteristics of AES Algorithm

 Many key sizes: Three key sizes available: 128, 192, and 256 bits
 Security: Strong security measures to protect against threats
 Versatile: It is versatile because it can be used for both hardware and software
 Wide applications: Widely adopted in various applications, including:Google Cloud,
Facebook and Password managers.
2. Data Encryption Standard (DES)
DES is an older encryption algorithm that is used to convert 64-bit plaintext data into 48-
bit encrypted ciphertext. It uses symmetric keys (which means same key for encryption and
decryption). It is kind of old by today’s standard but can be used as a basic building block for
learning newer encryption algorithms.
Characteristics of DES
 Same symmetric key: DES uses symmetric-key algorithm and therefore, encryption and
decryption can be done by single key using same algorithm.
 Easier Implementation: DES was designed for hardwares rather than software and
shows efficiency and fast implementation in hardwares.
 Cipher technique: Transposition and substitution cipher is used: This algorithm uses
both transposition cipher and substitution cipher technique.
 Building block: DES technique acts as a building block for other cryptographic
algorithms.
3. RSA Algorithm (Rivest, Shamir, Adleman Algorithm)
So, RSA is an basic asymmetric cryptographic algorithm which uses two different keys for
encryption. The RSA algorithm works on a block cipher concept that converts plain text into
cipher text and vice versa.

6|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that

it works on two different keys i.e. Public Key and Private Key . As the name describes that the
Public Key is given to everyone and the Private key is kept private.
Characteristics of RSA Algorithm
 Security: Many consider the RSA method to be highly secure and widely used for
transmitting data
 Fast Speed: The RSA approach is known for its speed. Can be implemented swiftly when
cryptography needs arise.
 Different keys: In the RSA technique two separate keys are utilized for encrypting and
decrypting data. The public key is used to encrypt the information while the private key is
employed for decryption.
 Key exchange: With the RSA method secure exchange can be achieved, enabling two
parties to swap a key without transmitting it over the network.

4. Secure Hash Algorithm (SHA)

SHA is used to generate unique fixed-length digital fingerprints of input data
known as hashes. SHA variations such as SHA-2 and SHA-3 are commonly used to ensure data
integrity and authenticity. The tiniest change in input data drastically modifies the hash output,
indicating a loss of integrity. Hashing is the process of storing key value pairs with the help of a
hash function into a hash table.
Characteristics of Secure Hash Algorithm (SHA)
 Security: The SHA 256 is highly recognized for its robust security features, among
hashing algorithms. It effectively prevents collision attacks ensuring that different inputs do
not produce the hash value. Websites prioritize user privacy by storing passwords in a
format.
 One-way hashing: Using SHA algorithms for one way hashing enables the storage of
information like passwords. Data hashing into a fixed length output simplifies indexing and
comparisons. Even a minor change in the message results, in a hash when using SHA
algorithms facilitating the identification of corrupted data.
 Avalanche effect: A small change in the input value, even a single bit, completely changes
the resultant hash value. This is called the
 Variable input length and fixed output length: SHA algorithm consits of a variable
input length (meaning the length of input is dynamic) and a fixed output length.

Stream cipher and Block cipher

Block cipher and stream cipher are members of the family of symmetric key ciphers,
essentially encryption techniques used for directly transforming the plaintext into ciphertext.
Block Cipher:
A block cipher is a symmetric cryptographic technique which we used to encrypt a fixed-
size data block using a shared, secret key. During encryption, we used plaintext and ciphertext is
the resultant encrypted text. It uses the same key to encrypt both the plaintext, and the ciphertext

7|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

A block cipher processes the data blocks of fixed size. Typically, a message's size exceeds a
block's size. As a result, the lengthy message is broken up into a number of sequential message blocks,
and the cipher operates on these blocks one at a time.

With the help of the shared secret key, a block cipher encrypts and decrypts its input one block
rather than one bit at a time. Since the block's size is fixed, padding is not necessary. It is a symmetric
algorithm. During encryption, it converts text input into cyphertext using the shared key. It uses the
same key during decryption to change the cyphertext back to the original plaintext. The length of the
output and input are identical

o Popular variations of the block cipher algorithm include the Data Encryption Standard (DES),
TripleDES, and the Advanced Encryption Standard (AES).
o The stream cipher uses a shared key and operates on its input one bit at a time, which is the
block cipher's counterpart.
o Alternative to the block cipher algorithm includes public-key cryptography and asymmetric
cryptography. This algorithm uses the public key to encrypt plaintext and a private key to
decrypt the ciphertext.

There are various modes of operation of a block cipher:

o Electronic Code Book (ECB) Mode

o Cipher Block Chaining (CBC) Mode
o Cipher Feedback (CFB) Mode
o Output Feedback (OCB) Mode
o Counter (CTR) Mode

These modes serve as a block cipher's general procedures principles.

1. Electronic Codebook Mode

Electronically code message in plaintext form is dine in ECB mode. It is the most
straightforward block cipher operating mode. It does not introduce any randomness to the key
stream, and it is the only mode we can use to encrypt a single-bit stream. Using the cipher's key and
8|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

substitution alphabet, each plaintext symbol, such as a character from the plaintext alphabet, is
transformed into a ciphertext symbol. Each block of plaintext is encrypted separately from every
other block. Only 8 bytes of the key are used when the plaintext block is only 8 bytes long, and all 100
bytes of the key are utilised when the plaintext block is 100 bytes long.

2. Cipher Block Chaining Mode (CBC)

When using CBC mode to encrypt data, each block of plaintext is combined with the ciphertext
that came before it. A ciphertext generated by the symmetric algorithm depends on all plaintext block
processed in the data stream before it. This is done to ensure that every block of the ciphertext
depends on every other block that came before it. Before using the cipher algorithm to encrypt the
data, each block of plaintext is XORed (exclusive OR) with the block of ciphertext that came before it.
Numerous security applications used CBC mode. For example, Secure Sockets Layer/Transport Layer
Security uses CBC mode in order to encrypt data which is transferred over the internet.

3. Ciphertext Feedback Mode (CFB)

It is occasionally important to quickly encrypt and send plaintext values, one at a time, as
opposed to CBC mode, which encrypts a predetermined number of bits of plaintext at a time. CFB also
uses an IV, similar to CBC. A block cipher is a part of the random number generator used
by CFB. In CFB mode, the previous ciphertext block is encrypted, and the output is XORed with the
current plaintext block to create the current ciphertext block.

4. Output Feedback Mode (OFB)

In certain ways, CBC and OFB modes are comparable and can be used with any block cipher. It
uses a feedback mechanism; however, in OFB mode, the preceding block of ciphertext is XORed with
the plaintext after encryption rather than prior to encryption.

5. Counter Mode (CTR)

CTR mode uses a block chaining mode of encryption as a building block. The process of
encrypting data is performed by XORing the plaintext with a series of pseudorandom values that are
each created from the ciphertext using a feedback function; data is encrypted. A series
of XORs between blocks of plaintext and corresponding blocks of ciphertext can be used to represent
the CTR encryption process.

Stream Cipher
A stream cipher uses time-varying changes on plaintext data to encrypt a continuous string of
binary numbers. As a result, this method of encryption works bit-by-bit, utilising keystreams to
generate ciphertext for arbitrary lengths of plain text messages. The cipher combines a key (128/256
bits) and a nonce digit (64-128 bits) in order to generate the keystream - a pseudorandom
number XORed with the plaintext to generate the ciphertext. The keystream must be different for each
encryption iteration even though the key and nonce can be reused to maintain security. In order to
build the keystream, stream encryption ciphers generate a unique nonce (a number used only once
utilising feedback shift registers.

Since a mistake in the translation of one bit often does not affect the entire plaintext block,
stream cipher encryption algorithms are less likely to cause system-wide errors to spread.
Additionally, stream encryption is linear and continuous, making it easier and quicker to deploy.
However, stream ciphers do not have diffusion because each digit of the plaintext is mapped to one

9|Page
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

ciphertext output. Furthermore, they don't check for validity, which leaves them open to insertions. If
hackers defeat the encryption algorithm, they are able to add to or change the encrypted message
without being noticed. Stream ciphers are typically used to encrypt data in an application where the
volume of plain text cannot be predicted and in low latency use-cases

In other words, a stream cipher is a type of encryption that uses plain text numbers and a stream of
pseudorandom cipher digits. Each binary digit receives one bit at a time of this pseudorandom
encryption digit stream. This encryption technique uses an infinite number of pseudorandom cipher
digits for each key.

State cipher is another name for a stream cipher. The term "state cipher" refers to a system where the
encryption of each number is dependent on the cipher's current state.

Types of Stream Ciphers

There are two types of Stream Ciphers:

1. Synchronous Stream Ciphers

In a synchronous stream cipher, the keystream block is created independently of the previous
ciphertext and plaintext messages. The most popular stream cipher modes produce a string of bits
using pseudorandom number generators and combine it with the key to create the keystream, which
is then XORed with the plaintext to produce the ciphertext.

2. Self-Synchronizing/Asynchronous stream Ciphers

The previous ciphertext block's fixed size (N-bits) and symmetric key are used to generate the
keystream block via a self-synchronizing stream cipher, also known as ciphertext autokey.
Asynchronous stream cipher can recognize active attacks by altering the ciphertext, which changes
the information in the subsequent keystream. Due to the fact that a single-digit error can only affect a
maximum of N bits, these ciphers also have restricted error propagation.

Parameters Block Cipher Stream Cipher

Definition Block Cipher is the kind of encryption Stream cipher is the kind of
that converts plaintext by taking each encryption that converts

10 | P a g e
Network Security & Cryptography II M.Sc-CS C.ChandrapriyaM.Sc.,M.Phil.,

block individually. plaintext by taking one byte of

the plaintext at a time.

Principle It uses both diffusion and confusion Only the confusion principle is
principles for the conversion (used later used by Stream Cipher for the
in encryption). conversion.

Decryption In Block cipher, reverse encryption or In a stream cipher, XOR is

decryption is more difficult than stream used for encryption that can
cipher since more bits are combined to be quickly converted back to plain
encrypted in this scenario. text.

Implementation Feistel Cipher is the most popular block Vernam Cipher is the main
cipher implementation. implementation of Stream
Cipher.

Implementation Feistel Cipher is the most popular block Vernam Cipher is the main
cipher implementation. implementation of Stream
Cipher.

Conversion of Since a block cipher converts blocks at However, in stream cipher, only
Bits once, it converts more significant bits 8 bits can be transformed
than a stream cipher, which can convert simultaneously.
64 bits or more.

Reversibility It is difficult to reverse encrypted text. It uses XOR encryption, which is

easily reversed to the plain text.

Confusion and Block Cipher uses both confusion and Stream cipher relies on
Diffusion diffusion. confusion only.

Algorithm modes ECB (Electronic Code Book) CBC (Cipher CFB (Cipher Feedback)
used Block Chaining) OFB (Output Feedback)

Complexity Simple design Complex comparatively

No of bits used 64 Bits or more 8 Bits

11 | P a g e