The need for Information security:

Information security is essential for protecting sensitive and valuable data

from unauthorized access, use, disclosure, disruption, modification, or
destruction. Here are some of the key reasons why information security is
important:
Protecting Confidential Information: Confidential information, such as
personal data, financial records, trade secrets, and intellectual property,
must be kept secure to prevent it from falling into the wrong hands. This type
of information is valuable and can be used for identity theft, fraud, or other
malicious purposes.
Complying with Regulations: Many industries, such as healthcare, finance,
and government, are subject to strict regulations and laws that require them
to protect sensitive data. Failure to comply with these regulations can result
in legal and financial penalties, as well as damage to the organization’s
reputation.
Maintaining Business Continuity: Information security helps ensure that
critical business operations can continue in the event of a disaster, such as a
cyber-attack or natural disaster. Without proper security measures in place,
an organization’s data and systems could be compromised, leading to
significant downtime and lost revenue.
Protecting Customer Trust: Customers expect organizations to keep their
data safe and secure. Breaches or data leaks can erode customer trust,
leading to a loss of business and damage to the organization’s reputation.
Preventing Cyber-attacks: Cyber-attacks, such as viruses, malware,
phishing, and ransomware, are becoming increasingly sophisticated and
frequent. Information security helps prevent these attacks and minimizes
their impact if they do occur.
Protecting Employee Information: Organizations also have a responsibility
to protect employee data, such as payroll records, health information, and
personal details. This information is often targeted by cybercriminals, and its
theft can lead to identity theft and financial fraud.

Basic principles of security

Information security is the practice of protecting information by mitigating

information risks. It involves the protection of information systems and the
information processed, stored and transmitted by these systems from
unauthorized access, use, disclosure, disruption, modification or destruction.
This includes the protection of personal information, financial information,
and sensitive or confidential information stored in both digital and physical
forms. Effective information security requires a comprehensive and multi-
disciplinary approach, involving people, processes, and technology.
Information Security programs are build around 3 objectives, commonly
known as CIA – Confidentiality, Integrity, Availability.

1. Confidentiality – means information is not disclosed to unauthorized

individuals, entities and process. For example if we say I have a
password for my Gmail account but someone saw while I was doing a
login into Gmail account. In that case my password has been
compromised and Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This
means data cannot be edited in an unauthorized way. For example if an
employee leaves an organisation then in that case data for that employee
in all departments like accounts, should be updated to reflect status to
JOB LEFT so that data is complete and accurate and in addition to this
only authorized person should be allowed to edit employee data.
3. Availability – means information must be available when needed. For
example if one needs to access information of a particular employee to
check whether employee has outstanded the number of leaves, in that
case it requires collaboration from different organizational teams like
network operations, development operations, incident response and
policy/change management.
Denial of service attack is one of the factor that can hamper the
availability of information.

Apart from this there is one more principle that governs information security
programs. This is Non repudiation.

 Non repudiation – means one party cannot deny receiving a message or

a transaction nor can the other party deny sending a message or a
transaction. For example in cryptography it is sufficient to show that
message matches the digital signature signed with sender’s private key
and that sender could have a sent a message and nobody else could
have altered it in transit. Data Integrity and Authenticity are pre-requisites
for Non repudiation.

 Authenticity – means verifying that users are who they say they are and
that each input arriving at destination is from a trusted source.This
principle if followed guarantees the valid and genuine message received
from a trusted source through a valid transmission. For example if take
above example sender sends the message along with digital signature
which was generated using the hash value of message and private key.
Now at the receiver side this digital signature is decrypted using the public
key generating a hash value and message is again hashed to generate
the hash value. If the 2 value matches then it is known as valid
transmission with the authentic or we say genuine message received at
the recipient side
 Accountability – means that it should be possible to trace actions of an
entity uniquely to that entity. For example as we discussed in Integrity
section Not every employee should be allowed to do changes in other
employees data. For this there is a separate department in an
organization that is responsible for making such changes and when they
receive request for a change then that letter must be signed by higher
authority for example Director of college and person that is allotted that
change will be able to do change after verifying his bio metrics, thus
timestamp with the user(doing changes) details get recorded. Thus we
can say if a change goes like this then it will be possible to trace the
actions uniquely to an entity.
advantages to implementing an information classification system in an
organization’s information security program:
1. Improved security: By identifying and classifying sensitive information,
organizations can better protect their most critical assets from
unauthorized access or disclosure.
2. Compliance: Many regulatory and industry standards, such as HIPAA
and PCI-DSS, require organizations to implement information
classification and data protection measures.
3. Improved efficiency: By clearly identifying and labeling information,
employees can quickly and easily determine the appropriate handling and
access requirements for different types of data.
4. Better risk management: By understanding the potential impact of a
data breach or unauthorized disclosure, organizations can prioritize
resources and develop more effective incident response plans.
5. Cost savings: By implementing appropriate security controls for different
types of information, organizations can avoid unnecessary spending on
security measures that may not be needed for less sensitive data.
6. Improved incident response: By having a clear understanding of the
criticality of specific data, organizations can respond to security incidents
in a more effective and efficient manner.
There are some potential disadvantages to implementing an
information classification system in an organization’s information
security program:
1. Complexity: Developing and maintaining an information classification
system can be complex and time-consuming, especially for large
organizations with a diverse range of data types.
2. Cost: Implementing and maintaining an information classification system
can be costly, especially if it requires new hardware or software.
3. Resistance to change: Some employees may resist the implementation
of an information classification system, especially if it requires them to
change their usual work habits.
4. Inaccurate classification: Information classification is often done by
human, so it is possible that some information may be misclassified,
which can lead to inadequate protection or unnecessary restrictions on
access.
5. Lack of flexibility: Information classification systems can be rigid and
inflexible, making it difficult to adapt to changing business needs or new
types of data.
6. False sense of security: Implementing an information classification
system may give organizations a false sense of security, leading them to
overlook other important security controls and best practices.
7. Maintenance: Information classification should be reviewed and updated
frequently, if not it can become outdated and ineffective.
Types of attcks
Security attacks: Any action that compromises the security of information owned by an
organization. These attacks are classified as:
1. Passive Attacks
2. Active Attacks

1. Passive attack (emphasis on prevention rather than detection): Passive

attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are
o Release of message content / snooping : It is very simple to
understand. Eg: An electronic mail message and a transferred file may
contain sensitive or confidential information. We should prevent others,
from learning the contents of these transmissions by encoding the
message with code language.
o Traffic analysis: Suppose that we had a way of masking the contents
of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the
message. The common technique for masking contents is encryption. If
we had encryption protection in place, an opponent might still be
able to observe the pattern of these messages. The opponent could
 determine the location and identity of communicating hosts and could
observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the
communication that was taking place.
2. Active attacks (involves some modification): Active attacks involve some
modification of the data stream or the creation of a false stream and can be
subdivided into four categories:
o Masquerade: takes place when one entity pretends to be different
o Replay: passive capture of the data unit and its subsequent
retransmission to produce an unauthorized effect.
o Modification of msgs: Some portion of a legitimate message is
altered or the messages are delayed or reordered to produce an
unauthorized effect.
o Denial of Service: It prevents or inhibits the normal use or
management of communications facilities. This attack may have a
specific target; for eg, an entity may suppress all messages directed to
a particular destination. Another form of service denial is the disruption
of an entire network, either by disabling the network or by overloading it
with messages so as to degrade performance.

Security service:-
Many businesses need security services in cryptography to safeguard any
data processing systems and information transfers by countering any cyber
attacks. Depending on your businesses’ security needs, you may only need
a few or more if they happen to overlap with one another. There are five
security services with cryptography that promote cybersecurity in various
ways.
What Types of Security Services?
Authentication: To ensure you don’t have any unauthorized people seeing
your business’s information, having authentication is a great way to ensure
security by having someone prove they are who they claim to be.
Additionally, it can have the source of received data verified as legitimate
during any transfer of information.
Data Confidentiality: Remember how cryptography can make encrypted
messages into unintelligible characters? This security service does that! It
helps keep data confidential by having select people know the real
information while third-party sources would view it completely differently.
Access Control: It’s easy to assume access control is the same as
authorization. However, the key difference lies in the level of access. All
information in a business needs to be known by everyone working there. In
this case, access control gives more tier-based access to select people
within your business. It does this while also being able to deter
unauthorized users.
Data Integrity: You can ensure whatever data received hasn’t been
tampered with through data integrity. It does this by ensuring the data sent
from another authorized person wasn’t modified after it was created,
transmitted or stored. This security service is great for businesses that
prefer a digital paper trail to uphold ethical operations.
Non-Repudiation: Digital signatures are a good example of what non-
repudiation does. For example, during online transactions, it ensures that a
person cannot later deny sending information or the authenticity of its
signature. To sum it up, it’s all about protection against any form of denial
when communicating with another party.

Security Mechanism
A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. The mechanisms are divided into those
that are implemented in a specific protocol layer, such as TCP or an application-layer
protocol.
1. Encipherment: Encipherment is hiding or covering data and can provide
confidentiality. It makes use of mathematical algorithms to transform data into
a form that is not readily intelligible. The transformation and subsequent
recovery of the data depend on an algorithm and zero or more encryption
keys. Cryptography and Steganography techniques are used for enciphering.
2. Data integrity: The data integrity mechanism appends a short check value to
the data which is created by a specific process from the data itself. The
receiver receives the data and the check value. The receiver then creates a
new check value from the received data and compares the newly created
check value with the one received. If the two check values match, the integrity
of data is being preserved.
3. Digital Signature: A digital signature is a way by which the sender can
electronically sign the data and the receiver can electronically verify it. The
sender uses a process in which the sender owns a private key related to the
public key that he or she has announced publicly. The receiver uses the
sender's public key to prove the message is indeed signed by the sender who
claims to have sent the message.
4. Authentication exchange: A mechanism intended to ensure the identity of
an entity by means of information exchange. The two entities exchange some
messages to prove their identity to each other. For example the three-way
handshake in TCP.
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.
6. Routing control: Enables selection of particular physically secure routes for
certain data and allows routing changes which means selecting and
continuously changing different available routes between the sender and the
receiver to prevent the attacker from traffic analysis on a particular route.
7. Notarization: The use of a trusted third party to control the communication
between the two parties. It prevents repudiation. The receiver involves a
 trusted third party to store the request to prevent the sender from later
denying that he or she has made such a request.
8. Access Control: A variety of mechanisms are used to enforce access rights
to resources/data owned by a system, for example, PINS, and passwords.

Model of network security

A model for much of what we will be discussing is captured, in very general
terms, in Figure below. A message is to be transferred from one party to another
across some sort of internet. The two parties, who are the principals in this
transaction, must cooperate for the exchange to take place.
A logical information channel is established by defining a route through the
internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals.

Reference :William Stallings, Cryptography and Network Security: Principles and Practice, PHI 3rd Edition,
2006

Security aspects come into play when it is necessary or desirable to protect

the information transmission from an opponent who may present a threat to
confidentiality, authenticity, and so on. All the techniques for providing security
have two components:
● A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so that it is
unreadable by the opponent, and the addition of a code based on the contents of the
message, which can be used to verify the identity of the sender
● Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in conjunction with
the transformation to scramble the message before transmission and unscramble it on
reception.
A trusted third party may be needed to achieve secure transmission. For
example, a third party may be responsible for distributing the secret information to
the two principals while keeping it from any opponent.
Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a
particular security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the
security algorithm and the secret information to achieve a particular security service.

Reference :William Stallings, Cryptography and Network Security: Principles and Practice, PHI 3rd Edition,
2006

A general model of these other situations is illustrated by Figure ,

which reflects a concern for protecting an information system from unwanted
access.
The hacker can be someone who, with no malign intent, simply gets
satisfaction from breaking and entering a computer system. Or, the intruder can be a
 disgruntled employee who wishes to do damage, or a criminal who seeks to exploit
computer assets for financial gain (e.g., obtaining credit card numbers or performing
illegal money transfers).
Programs can present two kinds of threats:

▫ Information access threats: Intercept or modify data on behalf of users

who should not have access to that data.
▫ Service threats: Exploit service flaws in computers to
inhibit use by legitimate users.
Viruses and worms are two examples of software attacks.
• Such attacks can be introduced into a system by means of a disk that contains
the unwanted logic concealed in otherwise useful software.
• They can also be inserted into a system across a network; this latter
mechanism is of more concern in network security.

Introduction to Crypto-terminologies




Cryptography is an important aspect when we deal with network

security. ‘Crypto’ means secret or hidden. Cryptography is the
science of secret writing with the intention of keeping the data
secret. Cryptanalysis, on the other hand, is the science or
sometimes the art of breaking cryptosystems. Both terms are a
subset of what is called Cryptology.
Classification: The flowchart depicts that cryptology is only one of
the factors involved in securing networks. Cryptology refers to the
study of codes, which involves both writing (cryptography) and
solving (cryptanalysis) them. Below is a classification of the crypto
terminologies and their various types.
Cryptography:

Cryptography is classified into symmetric cryptography and

asymmetric cryptography. Below are the description of these types.
1. Symmetric key cryptography – It involves the usage of one secret key
along with encryption and decryption algorithms which help in securing
the contents of the message. The strength of symmetric key cryptography
depends upon the number of key bits. It is relatively faster than
asymmetric key cryptography. There arises a key distribution problem as
the key has to be transferred from the sender to the receiver through a
secure channel.
 2. Asymmetric key cryptography: It is also known as public-key
cryptography because it involves the usage of a public key along with the
secret key. It solves the problem of key distribution as both parties use
different keys for encryption/decryption. It is not feasible to use for
decrypting bulk messages as it is very slow compared to symmetric key
cryptography.

3. Hashing: It involves taking the plain text and converting it to a hash value
of fixed size by a hash function. This process ensures the integrity of the
message as the hash value on both, the sender’s and receiver’s sides
should match if the message is unaltered.

Difference between Hash functions, Symmetric, and Asymmetric

algorithms:

Symmetric Asymmetric
Feature Hash functions algorithms algorithms

Number of Keys 0 1 2

Length of keys 256 bits 128 bits 2048 bits

 Symmetric Asymmetric
Feature Hash functions algorithms algorithms

recommended by
NIST

SHA-256, SHA3-
AES or 3DES RSA, DSA, ECC
Example 256, SHA-512

Cryptanalysis:

1. Classical attacks: It can be divided into:

a) Mathematical analysis: It’s a type of attack that takes advantage of
structural flaws in a specific algorithm.
b) Brute-force attacks: The attacker uses a Brute Force Attack (BFA) to
try all potential keys in order to figure out the key. If the key is long, the
attack will take a long time to execute. Brute-force attacks run the
encryption algorithm for all possible cases of the keys until a match is
found. The encryption algorithm is treated as a black box. Analytical
attacks are those attacks that focus on breaking the cryptosystem by
analyzing the internal structure of the encryption algorithm.
2. Social Engineering attack: It is something that is dependent on the
human factor. Tricking someone to reveal their passwords to the attacker
or allowing access to the restricted area comes under this attack. People
should be cautious when revealing their passwords to any third party
which is not trusted.
3. Implementation attacks: Implementation attacks such as side-channel
analysis can be used to obtain a secret key. They are relevant in cases
where the attacker can obtain physical access to the cryptosystem.

Advantages:

1. Precision: Crypto-terminologies provide precise and well-defined terms

and concepts that help to ensure a clear understanding of the underlying
principles of cryptography.
2. Standardization: Crypto-terminologies help to standardize the language
used in cryptography, which can help to reduce confusion and promote
interoperability between different cryptographic systems.
3. Clarity: Crypto-terminologies help to promote clarity and accuracy in
communication about cryptography, which can help to improve the
effectiveness of security measures.
4. Consistency: Crypto-terminologies help to ensure consistency in the use
of cryptographic concepts and techniques, which can help to reduce the
risk of errors or misunderstandings.

Disadvantages:

1. Complexity: Crypto-terminologies can be complex and difficult to

understand, which can be a barrier to effective communication about
cryptography.
2. Jargon: Crypto-terminologies can be viewed as jargon by those who are
not familiar with the terminology, which can lead to confusion and
miscommunication.
3. Obfuscation: Crypto-terminologies can be used to obfuscate the true
nature of cryptographic techniques, which can be a concern in situations
where transparency and openness are important.
4. Accessibility: Crypto-terminologies may be inaccessible to those who
are not experts in the field, which can limit the ability of non-experts to
understand and contribute to discussions about cryptography.

Defining Plain Text

Encrypted communication transforms plain text using ciphers or encryption
methods. Plain text refers to any readable information presented in a format that
is accessible and usable without the need for a decryption key or specific
decryption tools, encompassing even binary files.

Every communication, document, or file intended to be encrypted or previously

encrypted would be categorized as plain text. A cryptographic system takes plain
text as input and generates ciphertext as output. Within cryptography, algorithms
facilitate the conversion of ciphertext back into plain text and vice versa. The
terms “encryption” and “decryption” denote these respective processes. This
mechanism ensures that data can only be comprehended by its intended
recipient.

Safeguarding plain text stored within computer files is of utmost importance, as

unauthorized theft, disclosure, or transmission can expose its contents entirely,
potentially leading to actions based on that information. To this end, the storage
medium, the device itself, its components, andany associated backups must all
be secured if preservation is necessary.

Defining Ciphertext
The result of employing encryption methods, often referred to as cyphers, is
called ciphertext. When data cannot be understood by individuals or devices
lacking the appropriate cypher, it is considered encrypted. To interpret the data,
the cypher is necessary. Algorithms transform plaintext into ciphertext, and vice
versa, to convert ciphertext back into plaintext. These processes are known as
encryption and decryption.

Ciphertext, represents a cryptographic approach in which an algorithm utilizes

substitutions instead of original plaintext elements. Substitution ciphers replace
individual letters, letter pairs, letter triplets, or various combinations of these while
preserving the initial sequence. Single-letter substitutions are utilized in simple
substitution cyphers, while polygraphed cyphers involve larger letter groupings.

In simpler terms, letters are substituted for other letters. In the past, recording
corresponding characters to decipher a message was feasible.
 Difference Between Plain Text And Cipher Text
Category Plain Text Cipher Text

Definition Original readable data in its natural form. Encrypted form of data, not easily readable.

Accessibility It can be understood and used without decryption. Requires decryption to be understood.

Representation Represents the actual content of the message. Represents an encrypted version of the message

Security Prone to unauthorized access and disclosure. Offers greater security against breaches.

Conversion Input to encryption; output from decryption. Output of encryption; input for decryption.

Purpose Easily read and understood by humans. Secure transmission and storage of data.

Substitution Techniques
In which each element in the plaintext is mapped into another element.
1. Caesar Cipher
2. Monoalphabetic cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Cipher
6. One Time Pad

Caesar Cipher

It is a mono-alphabetic cipher wherein each letter of the plaintext is

substituted by another letter to form the cipher text. It is a simplest
form of substitution cipher scheme.
Encryption and Decryption

The process of turning plain text into an encrypted form (cipher text) is
known as encryption. Sensitive data is transmitted in an encrypted form so
that it can be protected and a strong encryption mechanism ensures that the
data is not misused even if a hacker gets hold of it. Decryption is the reverse
mechanism where the encrypted cipher text is converted back into its
original form.

Read through this article to find out more about encryption and decryption
and how they are different from each other.

Encryption

Encryption is the procedure of encoding data in cryptography. This procedure

turns plaintext, or the original representation of the data, into cipher text or
an alternate representation of the data. Only authorized parties should be
able to decrypt a cipher text back to plaintext and access the original data.
Encryption does not prevent interference in and of itself, but it does hinder a
would-be interceptor from understanding the information.

An encryption system generally employs a pseudo-random encryption key

produced by an algorithm for technical reasons. Although it is possible to
decode a message without knowing the key, a well-designed encryption
system requires significant computational resources and skills are required.
An authorized recipient can easily decrypt the message with the key provided
by the originator to recipients but not to unauthorized users.

 Encrypted data typically appears as a long string of random letters and

numbers.
 Once the information has been encrypted, the only way to decrypt it
and make it readable again is to use the correct encryption key.
Encryption is necessary for the secure transmission and storage of
sensitive data.
  Stream ciphers encrypt data one bit or byte at a time, making them
ideal for real-time communications. Before encrypting data, block
ciphers divide it into larger chunks, usually 64 bits.

Decryption

Decryption is the procedure of restoring encrypted data to its original state.

In most cases, it's the reverse mechanism of the encryption process. Because
decryption needs a secret key or password, it decodes the encrypted
information so that only an authorized user may decrypt the data.

As information flows across the Internet, it becomes vulnerable to

unauthorized persons or groups scrutinizing and accessing it. As a
consequence, data is encrypted in order to prevent data theft and loss. Email
communications, text files, pictures, user data, and directories are just a few
of the objects that are commonly encrypted. The person in charge of
decryption receives a popup or window asking for a password to access the
encrypted data.

Difference between Encryption and Decryption

The following table highlights the major differences between encryption and
decryption −

Key Encryption Decryption

Definition Encryption is a process of Decryption is a process of
converting a plain text into converting the encrypted or
an encrypted or cipher text. cipher text into plain text.
Place of Encryption takes place at Decryption is done at the
 Occurrence the sender's end. receiver's end.
Process A secret key or a public key Any communication that
must be used to encrypt requires the use of a secret
every message. key or private key to decode.
Actor After encrypting the data The receiver gets the
with a secret key or a public encrypted data and uses the
key, the sender delivers it secret key or private key to
to the recipient. decode it.

Difference Between Symmetric and Asymmetric Key

Encryption




Symmetric Key Encryption: Encryption is a process to change the

form of any message in order to protect it from reading by anyone.
In Symmetric-key encryption the message is encrypted by using a
key and the same key is used to decrypt the message which makes
it easy to use but less secure. It also requires a safe method to
transfer the key from one party to another.
Asymmetric Key Encryption: Asymmetric Key Encryption is based
on public and private key encryption techniques. It uses two
different key to encrypt and decrypt the message. It is more secure
than the symmetric key encryption technique but is much slower.
Symmetric Key Encryption Asymmetric Key Encryption

It requires two keys, a public key and a

It only requires a single key for both
private key, one to encrypt and the other
encryption and decryption.
one to decrypt.

The size of cipher text is the same or The size of cipher text is the same or
smaller than the original plain text. larger than the original plain text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is It is used to transfer small amounts of

 Symmetric Key Encryption Asymmetric Key Encryption

required to transfer. data.

It provides confidentiality, authenticity,

It only provides confidentiality.
and non-repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource

In asymmetric key encryption, resource
utilization is low as compared to
utilization is high.
asymmetric key encryption.

It is efficient as it is used for handling large It is comparatively less efficient as it can

amount of data. handle a small amount of data.

It is more secure as two keys are used

Security is less as only one key is used for
here- one for encryption and the other
both encryption and decryption purpose.
for decryption.

The Mathematical Representation is as The Mathematical Representation is as

follows- follows-
P = D (K, E(K, P)) P = D(Kd, E (Ke,P))
where Ke –> encryption key
where K –> encryption and decryption key
P –> plain text Kd –> decryption key
D –> Decryption D –> Decryption
E(K, P) –> Encryption of plain text using E(Ke, P) –> Encryption of plain text using
K encryption key Ke. P –> plain text

Examples: Diffie-Hellman, ECC, El Gamal,

Examples: 3DES, AES, DES and RC4
DSA and RSA
Transposition Techniques
Transposition Techniques are based on the permutation of the
plain-text instead of substitution.

1) Rail-Fence Technique
This technique is a type of Transposition technique and does is write
the plain text as a sequence of diagonals and changing the order
according to each row.

It uses a simple algorithm,

1. Writing down the plaintext message into a sequence of

diagonals.
2. Row-wise writing the plain-text written from above step.

Example,

Let's say, we take an example of “INCLUDEHELP IS AWESOME”.

So the Cipher-text are, ICUEEPSWSMNLDHLIAEOW.

First, we write the message in a zigzag manner then read it out

direct row-wise to change it to cipher-text.

2) Columnar Transition Technique

A. Basic Technique

It is a slight variation to the Rail-fence technique, let's see its

algorithm:

1. In a rectangle of pre-defined size, write the plain-text message

row by row.
 2. Read the plain message in random order in a column-wise
fashion. It can be any order such as 2, 1, 3 etc.
3. Thus Cipher-text is obtained.

Let's see an example:

Original message: "INCLUDEHELP IS AWESOME".

Now we apply the above algorithm and create the rectangle of 4

columns (we decide to make a rectangle with four column it can be
any number.)

Now let's decide on an order for the column as 4, 1, 3 and 2 and now
we will read the text in column-wise.

Cipher-text: LHIEEIUESSCEPWMNDLAO

B. Columnar Technique with multiple rounds

In this method, we again change the chipper text we received from

a Basic technique that is in round 1 and again follows the same
procedure for the cipher-text from round 1.

Algorithm:

1. In a rectangle of pre-defined size, write the plain-text message

row by row.
2. Read the plain message in random order in a column-wise
fashion. It can be any order such as 2, 1, 3 etc.
3. Thus, Cipher-text of round 1 is obtained.
4. Repeat from step 1 to 3.

Example:

Original message: "INCLUDEHELP IS AWESOME".

Now we apply the above algorithm and create the rectangle of 4
column (we decide to make a rectangle with four column it can be
any number.)

Now let's decide on an order for the column as 4, 1, 3 and 2 and now
we will read the text in column-wise.

Cipher-text of round 1: LHIEEIUESSCEPWMNDLAO

Round 2:

Now, we decide to go with a previous order that is 4,1,3,2.

Cipher-text: EEENLESPICUMHISW

These multi-round columnar techniques are harder to crack as

compared to methods seen earlier.

3) Vernam Cipher (One-Time Pad)

The Vernam Cipher has a specific subset one-time pad, which
uses input ciphertext as a random set of non-repeating character.
The thing to notice here is that, once an input cipher text gets used
it will never be used again hence one-time pad and length of cipher-
text is the size that of message text.

Algorithm:

1. Plain text character will be represented by the numbers

as A=0, B=1, C=2,... Z=25.
2. Add each corresponding number of a plain text message to the
input cipher text alphabet numbers.
3. If the sum is greater than or equal to 26, subtract 26 from it.
4. Translate each number back to corresponding letters and we
got our cipher text.

Example:

Our message is "INCLUDEHELP" and input cipher text

is "ATQXRZWOBYV"

One time pad should be discarded after every single use and this
technique is proved highly secure and suitable for small messages
but illogical if used for long messages.

4) Book/Running-Key Cipher
This technique also (incorrectly) known as running key cipher. This
technique very simple and similar to our previous Vernam Cipher.
For getting a cipher, some portion of text from a book is used as a
one-time pad, rest it works in same way as Vernam cipher does.
Steganography
Steganography approach can be used to images, a video file or an audio file.
Generally, however, steganography is written in characters such as hash
marking, but its usage inside images is also common. At any rate,
steganography secure from pirating possess materials as well as aiding in
unauthorized viewing.

One use of steganography such as watermarking which hides copyright data

within a watermark by overlaying documents not simply detected by the
naked eye. This avoids fraudulent actions and provides copyright protected
media more protection.

The main goal of steganography is to communicate securely in a completely

indistinguishable manner and to prevent drawing suspicion to the
transmission of a hidden information.

It is not to maintain others from understanding the hidden information, but it

can maintain others from thinking that the information even exists. If a
steganography method generate someone to suspect the carrier channel,
thus the method has failed.
The basic model of steganography includes Carrier, Message and Password.
Carrier is also called a cover-object, which the message is installed and
serves to hide the existence of the message.

Message is the information that the sender wants to remain it confidential. It

can be plain text, ciphertext, other image, or anything that can be installed in
a bit stream including a copyright mark, a covert communication, or a serial
number.

Password is called a stego-key. It can provide that only recipient who

understand the correlating decoding key will be capable to extract the
address from a coverobject. The cover-object with the secretly installed
message is then known as the stego-object.

Recovering address from a stego-object needed the coverobject itself and a

correlating decoding key if a stego-key was utilized during the encoding
phase. The initial image may or may not be needed in most applications to
extract the message.

Feistel cipher structure

The input to the encryption algorithm are a plaintext block of length 2w bits
and a key K. the plaintext block is divided into two halves L0 and R0. The two
halves of the data pass through „n‟ rounds of processing and then combine to
produce the ciphertext block. Each round „i‟ has inputs Li-1 and Ri-1, derived
from the previous round, as well as the subkey Ki, derived from the overall key
K. in general, the subkeys Ki are different from K and from each other.

All rounds have the same structure. A substitution is performed on the left half
of the data (as similar to S-DES). This is done by applying a round function F to
the right half of the data and then taking the XOR of the output of that
function and the left half of the data. The round function has the same general
structure for each round but is parameterized by the round sub key ki.
Following this substitution, a permutation is performed that consists of the
interchange of the two halves of the data. This structure is a particular form of
the substitution-permutation network. The exact realization of a Feistel
network depends on the choice of the following parameters and design
features:

Block size - Increasing size improves security, but slows cipher

Key size - Increasing size improves security, makes exhaustive key searching
harder, but may slow cipher

Number of rounds - Increasing number improves security, but slows cipher

Subkey generation - Greater complexity can make analysis harder, but slows cipher

Round function - Greater complexity can make analysis harder, but slows
cipher

Fast software en/decryption & ease of analysis

Fast software en/decryption & ease of analysis- are more recent concerns for
practical use and testing.