Ac$is Lecture Notes

Applied Cryptography and Information Security
Subject Code: MR23-1CS0402

UNIT–I:
Information Security - Confidentiality, Integrity & Availability – Authentication,

Authorization & Non-Repudiation – Introduction to Plain Text, Cipher Text, Encryption and
Decryption Techniques, Secure Key, Hashing, Digital signature, Identity- Based Public-Key
Cryptography.
Introduction
“Crypt” means “hidden” and “graphy” means “writing”. Cryptography is technique of

securing information and communications through use of codes so that only those person for
whom the information is intended can understand it and process it. Thus preventing
unauthorized access to information. Consider the following examples of security violations:
1. User A transmits a file to user B. The file contains sensitive information (e.g., payroll
records) that is to be protected from disclosure. User C, who is not authorized to read the file,
is able to monitor the transmission and capture a copy of the file during its transmission.
2. A network manager, D, transmits a message to a computer, E, under its management. The

message instructs computer E to update an authorization file to include the identities of a
number of new users who are to be given access to that computer. User F captures the
message, alters its contents to delete entries, and then forwards the message to computer E,
which accepts the message as coming from manager D and updates its authorization file
accordingly.
3. Rather than intercept a message, user F constructs its own message with the desired entries
and transmits that message to computer E as if it had come from manager D. Computer E
accepts the message as coming from manager D and updates its authorization file
accordingly.
4. An employee is fired without warning. The personnel manager sends a message to a server
system to invalidate the employee’s account. When the invalidation is accomplished, the
server is to post a notice to the employee’s file as confirmation of the action. The employee is
able to intercept the message and delay it long enough to make a final access to the server to
retrieve sensitive information. The message is then forwarded, the action taken, and the
confirmation posted. The employee’s action may go unnoticed for some considerable time.
5. A message is sent from a customer to a stockbroker with instructions for various

transactions. Subsequently, the investments lose value and the customer denies sending the
message
Computer Security Concept
The NIST Computer Security Handbook [NIST95] defines the term computer security as
follows:
“The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information
system resources (includes hardware, software, firmware, information/data, and
telecommunications).”
Security principles:
This definition introduces three key objectives/principles that are at the heart of computer security:
1. Confidentiality
2. Integrity
3. Availability
1. Confidentiality: Confidentiality means that data, objects and resources are protected from
unauthorized viewing and other access.
A) Data confidentiality: Assures that private or confidential information is not made

available or disclosed to unauthorized individuals.
B) Privacy: Assures that individuals control or influence what information related to

them may be collected and stored and by whom and to whom that information may be
disclosed.
2. Integrity: Integrity means that data is protected from unauthorized changes to ensure that
it is reliable and correct.
This term covers two related concepts:
A) Data integrity: Assures that information and programs are changed only in a specified
and authorized manner.
B) System integrity: Assures that a system performs its intended function in an

unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the
system.
3. Availability: Assures that systems work promptly and service is not denied to
authorized users. These three concepts form what is often referred to as the CIA triad.
CIA TRIAD
The well-known CIA Triad of confidentiality, integrity and availability is considered the
core underpinning of information security.
Every security control and every security vulnerability can be viewed in light of one or
more of these key concepts
Security Services:
Authentication
✔ Authentication is used by a server when the server needs to know exactly who is
accessing their information or site.
✔ Authentication is used by a client when the client needs to know that the server is
system it claims to be.
✔ In authentication, the user or computer has to prove its identity to the server or client.
✔ Usually, authentication by a server entails the use of a user name and password. Other
ways to authenticate can be through cards, retina scans, voice recognition, and
fingerprints.
Types of Authentication
There are several authentication types as follows:
1. Single-Factor Authentication (SFA)
2. Two-factor authentication (2FA)
3. Multi-Factor Authentication (MFA)
1. Single-Factor Authentication (SFA)
For purposes of user identity, users are typically identified with a user ID, and
authentication occurs when the user provides credentials such as a password that
matches their user ID.
2. Two-factor authentication (2FA)
Strengthened authentication by asking for additional authentication factors, such as a

unique code that is provided to a user over a mobile device when a sign-on is
attempted or a biometric signature, like a facial scan or thumbprint.
3. Multi-Factor Authentication (MFA)
When three or more identity verification factors are used for authentication .
Example, a user ID and password, biometric signature and perhaps a personal

question the user must answer.
Multi-Factor Authentication(MFA)
Two- Factor V/S Multi-Factor Authentication (MFA)
Biometric Authentication for 2FA and MFA
Authorization
⮚ Authorization is a process by which a server determines if the client has permission to

use a resource or access a file.
⮚ Authorization is usually coupled with authentication so that the server has some
concept of who the client is that is requesting access.
⮚ The type of authentication required for authorization may vary; passwords may be
required in some cases but not in others.
⮚ In some cases, there is no authorization; any user may be use a resource or access a
file simply by asking for it. Most of the web pages on the Internet require no
authentication or authorization.
Non-repudiation
⮚ Non-repudiation is the assurance that someone cannot deny the validity of something.
⮚ Non-repudiation is a legal concept that is widely used in information security and

refers to a service, which provides proof of the origin of data and the integrity of the
data.
⮚ In other words, non-repudiation makes it very difficult to successfully deny

who/where a message came from as well as the authenticity and integrity of that
message.
There are situations where a user sends a message, and later on refuses that she had sent
that message. For instance, user A could send a funds transfer request to bank B over the
Internet. After the bank performs the funds transfer as per A's instructions, A could claim
that she never sent the funds transfer instruction to the bank! Thus, A repudiates, or
denies, her funds transfer instruction. The principle of non-repudiation defeats such
possibilities of denying something, having done it. Non-repudiation does not allow the
sender of a message to refute the claim of not sending that message.
Attacks: A General View
Criminal Attacks Criminal attacks are the simplest to understand. Here, the sole aim of
the attackersis to maximize financial gain by attacking computer systems.
Publicity Attacks
Publicity attacks occur because the attackers want to see their names appear on television
news channels and newspapers. History suggests that these types of attackers are usually
not hardcore criminals. They are people such as students in universities or employees in
large organizations, who seek publicity by adopting a novel approach of attacking
computer systems. One form of publicity attacks is to damage (or deface) the Web pages
of a site by attacking it.
Legal Attacks
This form of attack is quite novel and unique. Here, the attacker tries to make the judge or
the jury doubtful about the security of a computer system. This works as follows. The
attacker attacks the computer system and the attacked party (say a bank or an
organization) manages to take the attacker to the court. While the case is being fought, the
attacker tries to convince the judge and the jury that there is inherent weakness in the
computer system and that he has done nothing wrongful. The aim of the attacker is to
exploit the weakness of the judge and the jury in technology matters. For example, an
attacker may sue a bank for a performing an online transaction, which he never wanted to
perform. In court, he could innocently say something like, “The bank’s Web site asked
me to enter a password and that is all that I provided; I do not know what happened there
after”. A judge is likely to sympathize with the attacker!
Attacks: A Technical View
From the technical point of view, we can classify the types of attacks on computers and
network systems into two categories for better understanding:
(a) Theoretical concepts behind these attacks
(b) Practical approaches used by the attackers.
(a)Theoretical Concepts
i. Interception – (confidentiality)It means that an unauthorized party has gained access to

a resource. The party can be a person, program or computer-based system. Examples of
interception are copying of data or programs and listening to network traffic.
ii. Fabrication – (authentication)This involves creation of illegal objects on a computer
system. For example, the attacker may add fake records to a database.
iii. Modification – (integrity)For example the attacker may modify the values in a
database.
iv. Interruption – (availability) Here, the resource becomes unavailable, lost or unusable.
Examples of interruption are causing problems to a hardware device, erasing program,
data or operating system components.
These attacks are further grouped into two types: passive attacks and active attacks
Passive attacks
In passive attacks, the attacker observes the messages, then copy and save them and can
use it for malicious purposes. The attacker does not try to change the information or
content he/she gathered. Although passive attacks do not harm the system, they can be a
danger for the confidentiality of the message. In the below image, we can see the process
of passive attacks.
How to avoid passive attack
 We should avoid posting sensitive information or personal information online.

Attackers can use this information to hack your network.
 We should use the encryption method for the messages and make the messages
unreadable for any unintended intruder
Active attacks
Unlike passive attacks, the active attacks are based on modification of the original
message in some manner or the creation of a false message. These attacks cannot be
prevented easily.
Masquerade: - is caused when an unauthorized entity pretends to be another entity. As

we have seen, user C might pose as user A and send a message to user B. User B might be
led to believe that the message indeed came from user A. In masquerade attacks, an entity
poses as another entity. As an instance, the attack may involve capturing the user’s
authentication sequence (e.g. user ID and password
Replay attack: - a user captures a sequence of events or some data units and re-sends
them. For instance.
Alteration of messages: - involves some change to the original message. For instance,
suppose user A sends an electronic message Transfer $1000 to D’s account. User C might
capture this and change it to Transfer $10000 to C’s account. Note that both the
beneficiary and the amount have been changed – instead, only one of these could have
also caused alteration of the message.
Denial Of Service (DOS):- attacks make an attempt to prevent legitimate users from
accessing some services, which they are eligible for. For instance, an unauthorized user
might send too many login requests to a server using random user ids one after the other
in quick succession, so as to flood the network and deny other legitimate users from using
the network facilities
Digital signatures (combined with other measures) can offer non-repudiation when it
comes to online transactions, where it is crucial to ensure that a party to a contract or a
communication can't deny the authenticity of their signature on a document or sending the
communication in the first place.
⮚ In this context, non-repudiation refers to the ability to ensure that a party to a contract
or a communication must accept the authenticity of their signature on a document or
the sending of a message.
Security Mechanisms in IS:
A security mechanism is a method or technology that protects data and systems from
unauthorized access, attacks, and other threats. Security measures provide data integrity,
confidentiality, and availability, thereby protecting sensitive information and maintaining
trust in digital transactions.
Various mechanisms are designed to recover from these specific attacks.
1.Encipherment : This security mechanism deals with hiding and covering of data which
helps data to become confidential. It is achieved by applying mathematical calculations or
algorithms which reconstruct information into not readable form. It is achieved by two
famous techniques named Cryptography and Encipherment. Level of data encryption is
dependent on the algorithm used for encipherment.
2.Access Control : Access control in information security refers to the methods and
processes used to manage and restrict who or what can view or use resources in a
computing environment. It involves implementing policies and mechanisms to ensure that
only authorized users and entities can access specific data and systems, thereby protecting
sensitive information from unauthorized access, modification, or misuse.
Key Concepts of Access Control:
Identification: Determining the identity of a user or system attempting to access

resources. This is often done through usernames or IDs.
Authentication: Verifying the identity of the user or system. Common methods include
passwords, biometric scans, and security tokens.
Authorization: Granting or denying access to resources based on the authenticated identity

and the access policies in place. This determines what resources the user can access and what
actions they can perform.
Accounting (or Auditing): Tracking and recording user activities. This helps in monitoring
compliance with access policies and investigating any suspicious activities.
3.Notarization:This security mechanism involves use of trusted third party in

communication. It acts as mediator between sender and receiver so that if any chance of
conflict is reduced. This mediator keeps record of requests made by sender to receiver for
later denied.
4. Data Integrity : this mechanism appends to the data ,a short check value that has been
created by a specific process from data itself.
The receiver creates a new check value from the received data and compares the newly
created check value with the one he/she received. if both the values are same the integrity of
the data is preserved.
5. Authentication Exchange :in this mechanism two entities exchange some messages to
prove their identity to each other.
Ex: Wifi , Bluetooth.
6.Traffic padding or bit stuffing: in this mechanism we are adding some extra bits with the
data while encrypting.
7. Digital Signature : it means the sender can electronically sign the data and the receiver
can electronically verify the message.
Basic Terms in Information Security
PlainText : An original message is known as the plaintext
Ciphertext. while the plain text become coded message is called the ciphertext.
Enciphering or Encryption The process of converting from plaintext to ciphertext is known as
enciphering or encryption;
Deciphering or Decryption restoring the plaintext from the ciphertext is deciphering or
decryption.
cryptography The many schemes used for encryption constitute the area of study known
as cryptography. cryptographic system or a cipher Such a scheme is known as a
cryptographic system or a cipher. Techniques used for deciphering a message without any
knowledge of the enciphering details fall into the area of cryptanalysis. Cryptanalysis is
what the layperson calls “breaking the code.” The areas of cryptography and
cryptanalysis together are called cryptology.
Encryption is the process of converting normal message (plaintext) into meaningless

message (Ciphertext).Whereas Decryption is the process of converting meaningless
message (Ciphertext) into its original form (Plaintext).
Secure Key/Cryptographic Key
In cryptography, a key is a string of characters used within an encryption algorithm for

altering data so that it appears random. Like a physical key, it locks (encrypts) data so that
only someone with the right key can unlock (decrypt) it.
The original data is known as the plaintext, and the data after the key encrypts it is known as
the ciphertext.
The formula: plaintext + key = ciphertext
Before the advent of computers, ciphertext was often created by simply replacing one letter
with another letter in the plaintext, a method known as a "substitution cipher."
For instance, suppose that someone sends a message reading "Hello" to another person, and
each letter is replaced with the one after it in the alphabet: "Hello" becomes "Ifmmp."
"Ifmmp" looks like a nonsensical string of letters, but if someone knows the key, they can
substitute the proper letters and decrypt the message as "Hello." For this example, the key is
(letter) - 1, moving each letter down one spot in the alphabet to arrive at the real letter.
Such ciphers are relatively easy to break with simple statistical analysis, since certain letters
will appear more often than others in any given text (for instance E is the most common letter
in the English language). To combat this, cryptographers developed a system called the one-
time pad.
One-time pad
A one-time pad is a single-use-only key that has at least as many values as the plaintext has
characters. In other words, each letter will be replaced by a letter that's a unique number of
letters removed from it in the alphabet.
For example, suppose someone has to encrypt the message "Hello," and they use a one-time
pad with the values 7, 17, 24, 9, 11
Whereas before we simply moved up one position for each letter (letter + 1), now we move a
different number of places in the alphabet for each letter. We add 7 to the first letter, H; we
add 17 to the second letter; and so on. For any calculations that take us past Z, we simply go
back to the beginning of the alphabet and keep adding.
Starting from the plaintext "Hello," we now have the ciphertext "Ovjuz," using the key "7,
17, 24, 9, 11."
For communication via a one-time pad to work, both sides of the conversation have to use the
same key for each individual message (symmetric encryption), although a different key is
used every time there's a new message. Although to any third parties "Ovjuz" looks like
random nonsense, the person who receives the ciphertext "Ovjuz" will know to use the key
"7, 17, 24, 9, 11" to decrypt it (subtracting instead of adding):
Thus, a simple message can be altered by a string of random data, a key, in order to be
encrypted or decrypted.
Types of Encryption
1. Symmetric Encryption– Data is encrypted using a key and the decryption is also
done using the same key.
2. Asymmetric Encryption-Asymmetric Cryptography is also known as public-key

cryptography. It uses public and private keys to encrypt and decrypt data. One key in
the pair which can be shared with everyone is called the public key. The other key in
the pair which is kept secret and is only known by the owner is called the private key.
Either of the keys can be used to encrypt a message; the opposite key from the one
used to encrypt the message is used for decryption.
Types of Keys
1. Public key– Key which is known to everyone. Ex-public key of A is 7, this
information is known to everyone.
2. Private key– Key which is only known to the person who’s private key it is.
Symmetric Key Encryption Asymmetric Key Encryption
1. It is also called as Private key cryptography 1. It is also called as Private key cryptography or secret
or secret key Cryptography. key Cryptography.
2. It only requires a single key for both 2. It requires two keys, a public key and a private key,
encryption and decryption. one to encrypt and the other to decrypt.
3. The symmetric encryption process

3. The encryption process is slow.
is very fast.
4. It is used when a large amount of data

4. It is used to transfer small amount of data.
needs to be transferred.
5.It provides confidentiality, authenticity, and non-

5. It only provides confidentiality.
repudiation.
6.The length of key used is 128 or 256 bits 6.The length of key used is 2048 or higher
7.In symmetric key encryption, resource

7.In asymmetric key encryption, resource utilization is
utilization is low compared to asymmetric key
high.
encryption.
8. It is efficient as it is used for handling large 8.It is comparatively less efficient as it can handle a small
amount of data. amount of data.
9. Security is lower as only one key is used 9.Security is higher as two keys are used, one for
for both encryption and decryption purposes. encryption and decryption purposes
Symmetric encryption is also called as conventional encryption . This Symmetric encryption further
divided into two types.
1.Substitutional techniques.
2.Transposition techniques.
These two are the basic building blocks of all the encryption techniques.
1.Substitutional techniques: A substitution technique is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext bit patterns with cipher text bit patterns.
For ex: NAME-----IWPX
2.Transposition techniques : in this techniques no preplacement /substitution is done . It performs

some sort of permutations on the plain text letters.(it rearranges letters of the plaintext).
For ex: NAME ----ANME OR AENM ETC
Ie 4!=4*3*2*1= 24 combinations u can change.
S.NO Substitutional Techniques Transposition
techniques
1 Ceaser cipher Rail fence cipher
2 Monoalphabetic cipher Row column

transposition
3 Playfair cipher
4 Hill cipher
5 Polyalphabetic cipher
6 One time pad
1. Caesar Cipher:
• This is one of the simplest and oldest methods of encrypting messages, that was used by Julius
Caesar to send secret messages to his officials.
• This technique involves shifting the letters of the alphabet by a fixed number of places. For
example, with a shift of three, the letter ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, and so on.(It works
by shifting the letters in the plaintext message by a certain number of positions, known as the
“shift” or “key”. The Caesar Cipher technique is one of the earliest and simplest methods of
encryption techniques.)
• Thus to cipher a given text we need an integer value, known as a shift which indicates the
number of positions each letter of the text has been moved down.
The encryption can be represented using modular arithmetic by first transforming the letters
into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a letter by a
shift n can be described mathematically as.
• For example, if the shift is 3, then the letter A would be replaced by the letter D, B would
become E, C would become F, and so on. The alphabet is wrapped around so that after Z, it
starts back at A.
• Here is an example of how to use the Caesar cipher to encrypt the message “MEET ME” with
a shift of 3:
• PT=MEET ME CT=?
Write down the plaintext message: MEET ME
• Choose a shift value. In this case, we will use a shift of 2.
• Replace each letter in the plaintext message with the letter that is three positions to the right in
the alphabet.
• M becomes O (shift 2 from M)
• E becomes G (shift 2 from E)
• T becomes V (shift 2 from T)
• M becomes O (shift 2 from M)
• 4.The encrypted message is now “OGGV OG”.
• To decrypt the message, you simply need to shift each letter back by the same number of
positions. In this case, you would shift each letter in “OGGVOG” back by 3 positions to get
the original message, “MEET ME”.
• Encryption: conversion of plain text to cipher text.
• En(x)=(x+n)mod 26
• For Decryption: conversion of cipher text to plain text.
• Dn(x)=(x−n)mod 26
• Note: if x-n is negative add 26 to it
• it is a part of symmetric key encryption hence same key is used for encryption and decryption.
Message = PT= GOOD DAY. LET KEY=2
C(G)=(P+K)MOD26
(6+2)MOD26=8=I
C(0)= (P+K)MOD26
(14+2)MOD26=16=Q CT=IQQF FCA
C(0)= (P+K)MOD26
(14+2)MOD26=16=Q
C(D)= (P+K)MOD26
(3+2)MOD26=5=F
C(D)= (P+K)MOD26
(3+2)MOD26=5=F
C(A)=(0+2)MOD26=2=C
C(Y)=(24+2)MOD26=0=A
Cipher Text=IQQF FCA
P(I)=(C-K)MOD26
(8-2)MOD26=6=G
P(Q)= (C-K)MOD26
(16-2)MOD26=14=O PT=GOOD DAY
P(Q)= (C-K)MOD26
(16-2)MOD26=14=O
P(F)= (C-K)MOD26
(5-2)MOD26=3=D
P(F)= (C-K)MOD26
(5-2)MOD26=3=D
P(C)=(2-2)MOD26=0=A
P(A)=(0-2)MOD26=-2+26=24=Y
Advantages of Caesar cipher
1. t is very easy to implement.
2. This method is the simplest method of cryptography.
3. Only one short key is used in its entire process.
4. If a system does not use complex coding techniques, it is the best method for it.
5. It requires only a few computing resources.
Disadvantages of Caesar cipher
1. It can be easily hacked. It means the message encrypted by this method can be easily
decrypted.
2. It provides very little security.
3. By looking at the pattern of letters in it, the entire message can be decrypted.
2. A monoalphabetic cipher is a type of substitution cipher where each letter in the plaintext is
replaced with a unique corresponding letter from the cipher alphabet. This means that each letter of the
alphabet in the plaintext maps to a different letter in the ciphertext, and this mapping remains
consistent throughout the entire message.
For example, if we use a simple shift of the alphabet, we might map 'A' to 'D', 'B' to 'E', and so on.
The Caesar cipher is a well-known example of a monoalphabetic cipher where each letter is shifted a
fixed number of places down the alphabet.However, in a general monoalphabetic cipher, the mapping
can be any permutation of the alphabet.
For instance: Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet: QWERTYUIOPASDFGHJKLZXCVBNM
For instance:
Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet: QWERTYUIOPASDFGHJKLZXCVBNM
in this example, 'A' in the plaintext would be encrypted as 'Q', 'B' as 'W', 'C' as 'E', and so on.
Now PT= NICE
CT=FOEY
Characteristics of Monoalphabetic Ciphers
Simplicity: They are easy to understand and implement.
Low Security: They are vulnerable to frequency analysis because each letter in the plaintext
corresponds to a single letter in the ciphertext.
Deterministic: Given the same key, the same plaintext will always result in the same ciphertext.
3. A polyalphabetic cipher is a type of encryption that uses multiple substitution alphabets to encode
a message.
• Unlike a monoalphabetic cipher, which uses only one substitution alphabet, a polyalphabetic
cipher changes the alphabet during the encryption process, making it more secure and harder to
break.
Example: Vigenère Cipher

One of the most famous polyalphabetic ciphers is the Vigenère cipher. In this cipher, a keyword is
repeated or truncated to match the length of the plaintext.
Each letter of the plaintext is then shifted by a number of positions determined by the corresponding
letter in the keyword.
For instance, if the plaintext is "HELLO" and the keyword is "KEY," the keyword is repeated to
"KEYKE." Each letter of the plaintext is shifted according to the corresponding letter in the
keyword:
H shifted by K becomes R
E shifted by E becomes I
L shifted by Y becomes J
L shifted by K becomes V
O shifted by E becomes S
Thus, "HELLO" is encrypted as "RIJVS.".
H (plain) and K (key):
H is at position 7.
K is at position 10.
Shift H by 10 positions: (7 + 10) % 26 = 17,
which corresponds to R. So, H becomes R.
E (plain) and E (key):
E is at position 4.
E is at position 4.
Shift E by 4 positions: (4 + 4) % 26 = 8,
which corresponds to I.So, E becomes I.
Decryption Process:
Let's use the encrypted message "RIJVS" and the keyword "KEY" as examples.
Encrypted Message: RIJVS
Keyword: KEYKE
R(cipher) and K (key):
R is at position 17.K is at position 10.
Subtract K from R: (17 - 10 + 26) % 26 = 7, which corresponds to H. So, R becomes H
I (shift back by E)
I=8
E=4
(8 - 4 + 26) % 26 = 4
4 corresponds to 'E'
Polyalphabetic ciphers have historically been more secure than simple monoalphabetic ciphers, but
they can still be broken with enough effort and computational power, especially with modern
cryptanalysis techniques.
XOR encryption is a simple encryption technique that uses the XOR (exclusive OR) operation to
encrypt and decrypt data.
XOR is a bitwise operation that compares two bits and returns 1 if the bits are different and 0 if they
are the same.
This property makes XOR useful for encryption because applying the same operation twice with the
same key returns the original data.
How XOR Encryption Works:
Encryption: To encrypt a message, each bit of the plaintext (original message) is XORed with a
corresponding bit of the key. The key must be as long as the plaintext.
Decryption: The ciphertext (encrypted message) can be decrypted by XORing it with the same key
used for encryption. This returns the original plaintext.
Let's go through an example to illustrate XOR encryption:
Convert the plaintext to binary (using ASCII values):
H: 01001000
E: 01000101
L: 01001100
L: 01001100
O: 01001111
Key: "XMCKL“
Convert the key to binary (using ASCII values):
X: 01011000
M: 01001101
C: 01000011
K: 01001011
L: 01001100
Encryption: XOR each bit of the plaintext with the corresponding bit of the key.
For "H" (01001000) and "X" (01011000):
01001000 (H)
01011000 (X)
--------
00010000 (P)
Repeating this for the other characters:
E (01000101) XOR M (01001101) = 00001000 (I)
L (01001100) XOR C (01000011) = 00001111 (O)
L (01001100) XOR K (01001011) = 00000111 (G)
O (01001111) XOR L (01001100) = 00000011 (C)
The ciphertext is represented as:
The ciphertext is represented as:
P: 00010000
I: 00001000
O: 00001111
G: 00000111
C: 00000011
In binary, the ciphertext corresponds to the characters "PIOGC“
Decryption: XOR the ciphertext with the same key to retrieve the original plaintext.
For "P" (00010000) and "X" (01011000):
00010000 (P)
01011000 (X)
--------
01001000 (H)
Repeating this for the other characters:
I (00001000) XOR M (01001101) = 01000101 (E)
O (00001111) XOR C (01000011) = 01001100 (L)
G (00000111) XOR K (01001011) = 01001100 (L)
C (00000011) XOR L (01001100) = 01001111 (O)
The decrypted message is "HELLO".
For example, if ciphertext = "HELLO", the ASCII values are
H IS 72
E IS 62
L IS 76
L IS 76
O IS 79
The hexadecimal equivalents are:
format(72, '02x') → ’48
format(69, '02x') → '45'
4. The Playfair cipher:
• The Playfair cipher was the first practical digraph substitution cipher. The scheme was
invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the
use of the cipher.
• In playfair cipher unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of
a single alphabet.
For example:
Key : monarchy
Plaintext: instruments
1.Generate the key Square(5×5):
• The key square is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each
of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the
table (as the table can hold only 25 alphabets). If the plaintext contains J, then it is replaced by
I.
The initial alphabets in the key square are the unique alphabets of the key in the order in which they
appear followed by the remaining letters of the alphabet in order.
2. Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters (digraphs). If
there is an odd number of letters, a Z is added to the last letter.
For example:
Plain Text: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' ‘sz’
1. Pair cannot be made with same letter. Break the letter in single and add a filler letter to the
previous letter.
Plain Text: “hello”
After Split: ‘he’ ‘lx’ ‘lo’
Here ‘x’ is the filler letter.
2. If the letter is standing alone in the process of pairing, then add an extra filler letter with the alone
letter
Plain Text: “helloe”
AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’
Here ‘z’ is the filler letter.
Diagrams: in st ru me nt sx
ga tl mz cl rq xa
Cipher text=gatlmzclrqxa
Cipher text=gatlmzclrqxa
ga tl mz cl rq xa
In st ru me nt sx
If both the letters are in the same column: Take the letter above each one (going back to the bottom
if at the top).
For example:
Diagraph: "cl"
Decrypted Text: me
Decryption:
c -> m
l -> e
c -> m
If both the letters are in the same row: Take the letter to the left of each one (going back to the
rightmost if at the leftmost position).
For example:
Diagraph: "tl"
Decrypted Text: st
Decryption:
t -> s l -> t
• If neither of the above rules is true: Form a rectangle with the two letters and take the letters
on the horizontal opposite corner of the rectangle.
For example:
Diagraph: "rq"
Decrypted Text: nt
Decryption:
r -> n
q -> t
Transposition techniques
The Transposition Cipher Technique is an encryption method used to encrypt a message or
information. This encryption method is done by playing with the position of letters of the plain text.
The positions of the characters present in the plaintext are rearranged or shifted to form the ciphertext.
It makes use of some kind of permutation function to achieve the encryption purpose. It is very easy to
use and so simple to implement.
Types of Transposition Cipher Techniques
• Rail Fence Transposition Cipher
• Block (Single Columnar) Transposition Cipher
• Rail Fence Transposition Cipher:
Rail Fence Transposition cipher technique is the simplest transposition cipher technique its. It is also
termed as a zigzag cipher. It gets its name from the way through which it performs encryption of plain
text.
Technique of Rail Fence Transposition Cipher
Example: The plain text is “Hello Krishna” & CT=“hlorsnelkiha”
Now, we will write this plain text in the diagonal form:
2. Row Transposition techniques

The Row Transposition Cipher is a classical encryption method that involves rearranging the letters of
the plaintext into a grid and then reading them off in a specific order to produce the ciphertext.
How it Works:
Choose a Keyword: The keyword determines the order of the columns. For example, let's use the
keyword "CIPHER".
Create the Grid: Write down the plaintext into rows, with each row containing as many letters as the
keyword length. Fill in extra spaces with padding (usually "X" or "Z") if necessary.
Example plaintext: "HELLO WORLD“Using "CIPHER" (length 6), you write it as: 1 45
32 6
C IPHER
HEL LOW
ORLDXX
3.Number the Columns: Number the columns based on the alphabetical order of the keyword. For
"CIPHER": 145326
4. Rearrange the Columns: Read the columns in the order of the numbers assigned.
Cipher Text: HOOXLDERLLWX
Double transposition: 1 4 5 3 26
HOOXLD
ERLLWX
Cipher text: helwxloroldx
Secure Key:
In information security, a secure key refers to a piece of information, or a sequence of bits, that is
used in cryptographic algorithms to encrypt and decrypt data.
The security of the encrypted data largely depends on the strength and secrecy of this key.
Here are some key aspects of a secure key:
1.Confidentiality:
The key must be kept secret from unauthorized parties. If an attacker gains access to the key, they can
decrypt the data or forge encrypted communications.
2. Randomness:
A secure key should be generated in a way that is unpredictable and random. If the key generation
process is predictable, an attacker might be able to guess the key.
3. Length: The length of the key contributes to its security. Longer keys are generally more secure
because they increase the number of possible combinations that an attacker would have to try in a
brute-force attack. However, the appropriate key length depends on the specific cryptographic
algorithm being used.
4.Key Management: Secure storage, distribution, and management of keys are crucial. This includes
practices like using secure channels to transmit keys, regularly rotating keys, and securely storing
them in hardware security modules (HSMs) or other secure environments.
5.Integrity: It’s important to ensure that the key has not been tampered with. If an attacker can modify
the key, they can potentially compromise the security of the data.
Digital Signatures
A digital signature is a mathematical technique used to validate the authenticity and

integrity of a message, software, or digital document.
STEP-1: Key Generation Algorithms

STEP-2: Signing Algorithms
STEP-3: Signature Verification Algorithms
STEP-1: Key Generation Algorithms
Digital signature is electronic signatures, which assure that the message was sent by a
particular sender. While performing digital transactions authenticity and integrity should be
assured, otherwise, the data can be altered or someone can also act as if he was the sender and
expect a reply.
STEP-2: Signing Algorithms
 To create a digital signature, signing algorithms like email programs create a one-way
hash of the electronic data which is to be signed.
 The signing algorithm then encrypts the hash value using the private key (signature
key).
 This encrypted hash along with other information like the hashing algorithm is the
digital signature.
 This digital signature is appended with the data and sent to the verifier.
 The reason for encrypting the hash instead of the entire message or document is that a
hash function converts any arbitrary input into a much shorter fixed-length value.
 This saves time as now instead of signing a long message a shorter hash value has to
be signed and moreover hashing is much faster than signing.
STEP-3: Signature Verification Algorithms :

 Verifier receives Digital Signature along with the data.
 It then uses Verification algorithm to process on the digital signature and the
public key (verification key) and generates some value.
 It also applies the same hash function on the received data and generates a hash
value.
 Then the hash value and the output of the verification algorithm are compared.
 If they both are equal, then the digital signature is valid else it is invalid.
1. The sender selects the file to be digitally signed in the document platform or
application.
2. The sender’s computer calculates the unique hash value of the file content.
3. This hash value is encrypted with the sender’s private key to create the digital
signature.
4. The original file along with its digital signature is sent to the receiver.
5. The receiver uses the associated document application, which identifies that the file
has been digitally signed.
6. The receiver’s computer then decrypts the digital signature using the sender’s public
key.
Application Areas of Digital Signatures in Real-World
Today, digital signatures are commonly used for a variety of different online documents in
order to improve the efficiency and security of critical business transactions that are now
paperless, including:
1. Contracts and legal documents: Digital signatures are legally binding. Thus, they
are ideal for any legal document requiring an authenticated signature by one or more
parties and assurance that the document has not been modified.
2. Sales agreements: By digitally signing contracts and sales agreements, both the seller
and the buyer identities are authenticated, and both parties have peace of mind that the
signatures are legally binding and that the terms and conditions of the agreement have
not been altered.
3. Financial documents: Financial departments digitally sign invoices so that customers

trust the payment request is coming from the proper seller, not a bad actor trying to
scam the buyer into sending payment to a fraudulent account.
4. Healthcare data: In the healthcare industry, data privacy is paramount for both
patient records and research data. Digital signatures ensure that this sensitive
information has not been altered when shared between consenting parties.
5. Government forms: Government agencies at the federal, state, and local level have
stricter guidelines and regulations compared to many private sector businesses. From
approving permits to clocking in on a timesheet, the signatures can streamline
productivity by ensuring that the right employee is involved for the appropriate
approvals.
6. Shipping documents: For manufacturers, ensuring cargo manifests or bills of lading

are always accurate helps reduce costly shipping errors. Yet, physical paperwork is
cumbersome, isn’t always easily accessed in transit, and can be lost. By digitally
signing shipping documents, shippers and receivers can access a file quickly, verify
that the signature is up to date, and confirm that no tampering has occurred
HASHING
Hashing functions are an essential part of cybersecurity and some cryptocurrency protocols
such as Bitcoin
What is hashing?
Hashing is a method of cryptography that converts any form of data into a unique string of
text. Any piece of data can be hashed, no matter its size or type.
In traditional hashing, regardless of the data’s size, type, or length, the hash that any data
produces is always the same length.
A hash is designed to act as a one-way function— you can put data into a hashing algorithm
and get a unique string, but if you come upon a new hash, you cannot decipher the input data
it represents. A unique piece of data will always produce the same hash.
How does it work?
Hashing is a mathematical operation that is easy to perform, but extremely difficult to

reverse. (The difference between hashing and encryption is that encryption can be reversed,
or decrypted, using a specific key.) The most widely used hashing functions are MD5, SHA1
and SHA-256. Some hashing processes are significantly harder to crack than others. For
example, SHA1 is easier to crack than bcrypt.
Who uses hashing?
The average user encounters hashing daily in the context of passwords. For example, when
you create an email address and password, your email provider likely does not save your
password. Rather, the provider runs the password through a hashing algorithm and saves the
hash of your password.
Every time you attempt to sign in to your email, the email provider hashes the password you
enter and compares this hash to the hash it has saved. Only when the two hashes match are
you authorized to access your email.
Hashing in Cryptocurrencies
In the Bitcoin blockchain, ‘mining’ is essentially conducted by running a series of SHA-256

hashing functions. In cryptocurrency blockchains today, hashing is used to write new
transactions, timestamp them, and ultimately to add a reference to them in the previous block.
When a block of transactions is added to the blockchain, and consensus is reached among
operators of different nodes (validating that all of them have the right and true version of the
entire ledger), it is nearly impossible to reverse a transaction due to the enormous computing
power that would be required by anyone attempting to tamper with the blockchain, and the
one-way nature of the hashing. Hashing is therefore crucial to maintain the cryptographic
integrity of the blockchain.
Identity- Based Public-Key Cryptography(IBC)
Definition
Identity-based cryptography is a type of public-key cryptography in which a publicly

known string representing an individual or organization is used as a public key.
The public string could include an email address(arunsingh@mallareddyuniversity.ac.in,

domain name(www.mallareddyuniversity.ac.in), or a physical IP address(192.168.5.155).
History of identity-based cryptography
In 1984, Adi Shamir, of RSA notoriety, introduced the concept of identity-based

cryptography.
Its primary innovation was its use of user identity attributes, such as email addresses or
phone numbers, instead of digital certificates, for encryption and signature verification. This
feature significantly reduces the complexity of a cryptography system by eliminating the need
for generating and managing users' certificates.
Pros and Cons of identity-based cryptography(IBC)
Pros
● No certificates needed. A recipient's public key is derived from his identity.
● No pre-enrollment required.
● Keys expire, so they don't need to be revoked. In a traditional public-key system, keys
must be revoked if compromised.
● Less vulnerable to spam.
● Enables postdating of messages for future decryption.
● No Public Key Infrastructure(PKI)
● Enables automatic expiration, rendering messages unreadable after a certain date.
Cons
● Requires a centralized server. IBE's centralized approach implies that some keys must
be created and held in escrow -- and are therefore at greater risk of disclosure.
● Requires a secure channel between a sender or recipient and the IBE server for
transmitting the private key.
Symmetric Vs Asymmetric Encryption
Symmetric key Cryptography: With the encryption technique, the sender and the
recipient use the same shared key to encrypt and decrypt messages
Although symmetric key systems are quicker and easier to use, they have the drawback of
requiring a secure key exchange between the sender and the receiver. Data Encryption
System (DES) is the most widely used symmetric key encryption method.
Hash Functions: In this algorithm, no key is used. The plain text is used to produce a
hash value that has a fixed length, making it challenging to retrieve the plain text's
information. Hash functions are widely used by operating systems to encrypt passwords.
Asymmetric Key Cryptography: This approach uses a set of keys to encrypt and
decrypt data. Public keys are used for encryption, whereas private keys are used for
decryption.
The Public Key and Private Key are different from one another. Even if everyone knows
the public key, only the intended recipient may decode the message since only he can
access the private key.
Prepared by N.Shalini, Assistant Professor, CS

UNIT–II:
Symmetric Encryption: Block cipher, Stream cipher - Data Encryption Standard (DES) -
Cipher Block Chaining (CBC) – Multiple Encryption DES - International Data Encryption
Algorithm (IDEA) - Advanced Encryption Standard (AES)
Asymmetric Encryption: Asymmetric key generation techniques – Applications of

asymmetric encryption methods – RSA, Esoteric Protocol Elliptic Curve Cryptography –
Homomorphic encryption, Diffi-Helimen key exchange algorithm.
Symmetric Encryption
We live so much of our lives today on the internet. Whether it’s for storing our personal
information, finding entertainment, making purchases, or doing our daily work, our society
relies increasingly on an online presence. This increased dependence on the internet means
that information security is more important than ever. The stakes are too high now. Users
need to know that their sensitive data is kept confidential, unmodified, and readily available
to authorized readers. Data encryption is just one weapon in the cyber security arsenal, but
it’s one of the oldest and most used.
Block Cipher
A block cipher is a symmetric cryptographic algorithm that operates on a fixed-size block of

data using a shared, secret key. Plaintext is used during the encryption, and the resulting
encrypted text is called a cipher text.
The same key is used for both the encryption of the plaintext and the decryption of the cipher
text. Block cipher encrypts/decrypts its input one block at a time instead of one bit at a time
using a shared, secret key. The block is fixed in size; otherwise, padding is necessary.
This algorithm is symmetric.
 During encryption, it uses the shared key to transform its plaintext input into a cypher
text (encrypted text).
 During decryption, it uses the same key to transform the cyphertext back to the
original plaintext. The length of the output is the same as the input.
Block Cipher Examples
Well-known implementations of the block cipher algorithm are the
 Data Encryption Standard (DES)

 Triple DES
 Advanced Encryption standard (AES).
1. Stream Cipher
A stream cipher is a method of encryption where a pseudorandom cipher digit stream is

combined with plain text digits. This pseudorandom cipher digit stream is applied to each
binary digit, one bit at a time. This method of encryption uses an infinite number of
pseudorandom cipher digits per key.Stream cipher is also known as state cipher.
Data encryption standard (DES)

Data encryption standard (DES) has been found vulnerable against very powerful attacks
and therefore, the popularity of DES has been found slightly on the decline.
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits
of plain text goes as the input to DES, which produces 64 bits of ciphertext. The same
algorithm and key are used for encryption and decryption, with minor differences. The key
length is 56 bits. The basic idea is shown in the figure.
We have mentioned that DES uses a 56-bit key. Actually, the initial key consists of 64 bits.
However, before the DES process even starts, every 8th bit of the key is discarded to produce
a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit
key.
DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which
is called a round. Each round performs the steps of substitution and transposit ion. Let us now
discuss the broad-level steps in DES.
1. In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP)
function.
2. The initial permutation is performed on plain text.
3. Next, the initial permutation (IP) produces two halves of the permuted block; says Left
Plain Text (LPT) and Right Plain Text (RPT).
4. Now each LPT and RPT go through 16 rounds of the encryption process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block
6. The result of this process produces 64-bit ciphertext.
Initial permutation (IP)

As we have noted, the initial permutation (IP) happens only once and it happens before the
first round. It suggests how the transposition in IP should proceed, as shown in the figure.
For example, it says that the IP replaces the first bit of the original plain text block with the
58th bit of the original plain text, the second bit with the 50th bit of the original plain text
block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the same rule
applies to all the other bit positions shown in the figure.
As we have noted after IP is done, the resulting 64-bit permuted text block is divided into two
half blocks. Each half-block consists of 32 bits, and each of the 16 rounds, in turn, consists of
the broad level steps outlined in the figure.
Step-1:Keytransformation –
We have noted initial 64-bit key is transformed into a 56-bit key by discarding every 8th bit
of the initial key. Thus, for each a 56-bit key is available. From this 56-bit key, a different 48-
bit Sub Key is generated during each round using a process called key transformation. For
this, the 56-bit key is divided into two halves, each of 28 bits. These halves are circularly
shifted left by one or two positions, depending on the round.
For example, if the round numbers 1, 2, 9, or 16 the shift is done by only position for other
rounds, the circular shift is done by two positions. The number of key bits shifted per round is
shown in the figure.
After an appropriate shift, 48 of the 56 bits are selected. for selecting 48 of the 56 bits the
table is shown in the figure given below. For instance, after the shift, bit number 14 moves on
the first position, bit number 17 moves on the second position, and so on. If we observe the
table carefully, we will realize that it contains only 48-bit positions. Bit number 18 is
discarded (we will not find it in the table), like 7 others, to reduce a 56-bit key to a 48-bit key.
Since the key transformation process involves permutation as well as a selection of a 48 -bit
subset of the original 56-bit key it is called Compression Permutation.
Because of this compression permutation technique, a different subset of key bits is used in
each round. That makes DES not easy to crack.
Step-2:ExpansionPermutation –
Recall that after initial permutation, we had two 32-bit plain text areas called Left Plain
Text(LPT) and Right Plain Text(RPT). During the expansion permutation, the RPT is
expanded from 32 bits to 48 bits. Bits are permuted as well hence called expansion
permutation. This happens as the 32-bit RPT is divided into 8 blocks, with each block
consisting of 4 bits. Then, each 4-bit block of the previous step is then expanded to a
corresponding 6-bit block, i.e., per 4-bit block, 2 more bits are added.
This process results in expansion as well as a permutation of the input bit while creating
output. The key transformation process compresses the 56 -bit key to 48 bits. Then the
expansion permutation process expands the 32-bit RPT to 48-bits. Now the 48-bit key is
XOR with 48-bit RPT and the resulting output is given to the next step, which is the S-Box
substitution.
Triple DES
The speed of exhaustive key searches against DES after 1990 began to cause discomfort
amongst users of DES.
However, users did not want to replace DES as it takes an enormous amount of time and
money to change encryption algorithms that are widely adopted and embedded in large
security architectures.
The pragmatic approach was not to abandon the DES completely, but to change the manner
in which DES is used. This led to the modified schemes of Triple DES (sometimes known as
3DES).
Incidentally, there are two variants of Triple DES known as 3-key Triple DES (3TDES) and
2-key Triple DES (2TDES).
3-KEY Triple DES
Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of
three different DES keys K1, K2 and K3. This means that the actual 3TDES key has length
3×56 = 168 bits. The encryption scheme is illustrated as follows
3- KEY Triple DES: Encryption & Decryption
STEP-1: Encrypt the plaintext blocks using single DES with key K1.
STEP-2:Now decrypt the output of step 1 using single DES with key K2.
STEP-3:Finally, encrypt the output of step 2 using single DES with key K3.
STEP-4:The output of step 3 is the ciphertext.
STEP-5:Decryption of a ciphertext is a reverse process. User first decrypt using K3, then
encrypt with K2, and finally decrypt with K1.
Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to use

a 3TDES (hardware) implementation for single DES by setting K1, K2, and K3 to be the
same value. This provides backwards compatibility with DES.
Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced by
K1. In other words, user encrypt plaintext blocks with key K1, then decrypt with key K2, and
finally encrypt with K1 again. Therefore, 2TDES has a key length of 112 bits.
Triple DES systems are significantly more secure than single DES, but these are clearly a
much slower process than encryption using single DES.
International Data Encryption Algorithm (IDEA)
 DES algorithm has been a popular secret key encryption algorithm and is used in
many commercial and financial applications. However, its key size is too small by
current standards and its entire 56 bit key space can be searched in approximately 22
hours
 IDEA is a block cipher designed by Xuejia Lai and James L. Massey in 1991
 It is a minor revision of an earlier cipher, PES (Proposed Encryption Standard)
 IDEA was originally called IPES (Improved PES) and was developed to replace DES
 It entirely avoids the use of any lookup tables or S-boxes
 IDEA was used as the symmetric cipher in early versions of the Pretty Good
Privacy(PGP) cryptosystem
 IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a
128-bit key
 Completely avoid substitution boxes and table lookups used in the block ciphers
 The algorithm structure has been chosen such that when different key sub-blocks are
used, the encryption process is identical to the decryption process
Key generation
 The 64-bit plaintext block is partitioned into four 16-bit sub-blocks
 six 16-bit key are generated from the 128-bit key. Since a further four 16-bit key-sub-
blocks are required for the subsequent output transformation, a total of 52 (= 8 x 6 +
4) different 16-bit sub-blocks have to be generated from the 128-bit key.
Key generation process
 First, the 128-bit key is partitioned into eight 16-bit sub-blocks which are then directly
used as the first eight key sub-blocks
 The 128-bit key is then cyclically shifted to the left by 25 positions, after which the
resulting 128-bit block is again partitioned into eight 16-bit sub-blocks to be directly
used as the next eight key sub-blocks
 The cyclic shift procedure described above is repeated until all of the required 52 16-
bit key sub-blocks have been generated .
Encryption of the key sub-blocks
⦿ The key sub-blocks used for the encryption and the decryption in the individual
rounds are shown in Table 1
Encryption
 The first four 16-bit key sub-blocks are combined with two of the 16-bit plaintext
blocks using addition modulo 2 16, and with the other two plaintext blocks using
multiplication modulo 216 + 1
 At the end of the first encryption round four 16-bit values are produced which are
used as input to the second encryption round
 The process is repeated in each of the subsequent 7 encryption rounds
 The four 16-bit values produced at the end of the 8th encryption round are combined
with the last four of the 52 key sub-blocks using addition modulo 216 and
multiplication modulo 216 + 1 to form the resulting four 16-bit cipher text blocks
Decryption
 The computational process used for decryption of the ciphertext is essentially the
same as that used for encryption
 The only difference is that each of the 52 16-bit key sub-blocks used for decryption is
the inverse of the key sub-block used during encryption
 In addition, the key sub-blocks must be used in the reverse order during decryption in
order to reverse the encryption process
Modes of operation
 IDEA supports all modes of operation such as:

 Electronic Code Book (ECB) mode
 Cipher Block Chaining (CBC)
 Cipher Feedback (CFB)
 Output Feedback (OFB) modes
 For plaintext exceeding this fixed size, the simplest approach is to partition the
plaintext into blocks of equal length and encrypt each separately. This method is
named Electronic Code Book (ECB) mode. However, Electronic Code Book is not a
good system to use with small block sizes (for example, smaller than 40 bits)
Applications of IDEA
 The IDEA algorithm can easily be embedded in any encryption software. Data
encryption can be used to protect data transmission and storage. Typical fields are:
 Audio and video data for cable TV, pay TV(Netflix.
 Disney+Hotstar, Amazon Prime Videos, YouTube Premium. Etc.), video

conferencing, distance learning(Online platform for Leaning)
 Sensitive financial and commercial data
 Email via public networks
 Smart cards
As electronic communications grow in importance, there is also an increasing need for

data protection When PGP was designed, the developers were looking for maximum
security. IDEA was their first choice for data encryption The fundamental criteria for the
development of IDEA were military strength for all security requirements and easy
hardware and software implementation.
Advanced Encryption Standard (AES)
The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six
times faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was
designed to overcome this drawback but it was found slow.
The features of AES are as follows −
● Symmetric key symmetric block cipher
● 128-bit data, 128/192/256-bit keys
● Stronger and faster than Triple-DES
● Provide full specification and design details
● Software implementable in C and Java
Operation of AES
● AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation

network’.
● It comprises of a series of linked operations, some of which involve replacing inputs

by specific outputs (substitutions) and others involve shuffling bits around
(permutations).
● Interestingly, AES performs all its computations on bytes rather than bits. Hence,
AES treats the 128 bits of a plaintext block as 16 bytes.
● These 16 bytes are arranged in four columns and four rows for processing as a matrix
● Unlike DES, the number of rounds in AES is variable and depends on the length of
the key.
● AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys.
● Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.
Encryption Process
we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −
● First row is not shifted.
● Second row is shifted one (byte) position to the left.
● Third row is shifted two positions to the left.
● Fourth row is shifted three positions to the left.
● The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.
MixColumns
● Each column of four bytes is now transformed using a special mathematical function.
This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column. The result is another new matrix
consisting of 16 new bytes. It should be noted that this step is not performed in the
last round.
Addroundkey
● The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128
bits of the round key. If this is the last round then the output is the ciphertext.
Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another
similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −
● Add round key
● Mix columns
● Shift rows
● Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms need to be separately implemented, although they
are very closely related.
AES Analysis
● In present day cryptography, AES is widely adopted and supported in both hardware
and software.
● Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of
‘future-proofing’ against progress in the ability to perform exhaustive key searches.
● However, just as for DES, the AES security is assured only if it is correctly
implemented and good key management is employed.
Asymmetric Encryption
Asymmetric cryptography is a branch of cryptography where a secret key can be divided into
two parts, a public key and a private key. The public key can be given to anyone, trusted or
not, while the private key must be kept secret (just like the key in symmetric
cryptography).Asymmetric cryptography, which can also be called public-key cryptography,
uses private and public keys to encrypt and decrypt the data.
Asymmetric cryptography has two primary use cases: authentication and confidentiality.
Using asymmetric cryptography, messages can be signed with a private key, and then anyone
with the public key is able to verify that the message was created by someone possessing the
corresponding private key.
This can be combined with a proof of identity system to know what entity (person or group)
actually owns that private key, providing authentication.
Asymmetric algorithms: Examples
Scenarios: Case Study-1
Sales agents from various regions will have to send sales data to head office(HO) during
month-end in a secure way to keep the information out of competitors’ reach.
The head office will generate private/public keys for each agent and communicate the
agents’ public key.
An agent will use the public key in encrypting the sales data and send it to HO.
HO will decipher it using the agent’s private key and get the data in the original form.
The entire information exchange had taken place in a secured manner, and even if a public
key is leaked, the secrecy is not lost because the only private key is used to decipher, and it
is safely lying in HO.
Scenarios: Case Study-2
Another scenario is in the https site of a bank where payment is involved.
A client gets the public key from the bank web site and sends passwords and other
confidential details to Bank after encrypting it with a public key, and the Bank deciphers the
details with a private key of the client.
Applications of Asymmetric Encryption
1. Confidentiality
The most common application of Asymmetric Encryption is confidentiality. This is achieved

by sending critical information by encrypting it with the receiver’s public key and decrypting
it with its own private key.
2. Authenticity using Digital Signatures
A sender attaches his private key to the message as a digital signature and exchanges it with
the receiver. The receiver uses the sender’s public key and verifies whether the private key
sent belongs to the sender, hence ascertaining the sender’s authenticity.
3. Integrity of Information Exchange
One way the hash of the data to be exchanged is created and encrypted using the sender’s
private key. Encrypted hash and data are exchanged with the receiver. Using the sender’s
public key, the receiver decrypts the hash and recreates the hash. Any difference between the
two hashes indicates the content is altered after signature and integrity are lost. This kind of
integrity check is followed in digital cash and bitcoin transactions.
4. Non-repudiation
With the digital signature encryption tool in place, the owner of a document or information
who exchanged it with others cannot disown the content, and a transaction done online
cannot be disowned by its originator.
Asymmetric Encryption work
A public key and Private keys are generated randomly using an algorithm, and the keys have
a mathematical relationship with each other.
The key should be longer in length (128 bits, 256 bits) to make it stronger and make it
impossible to break the key even if the other paired key is known.
The number of possible keys increases proportionally with the key length, and hence cracking
it also becomes tougher.
Public Key Encryption Algorithms
Almost all public-key encryption algorithms use either number theory and modular
arithmetic, or elliptic curves
RSA
based on the hardness of factoring large numbers
El Gamal
Based on the hardness of solving discrete logarithm
Basic idea: public key g x, private key x, to encrypt:
[gy, gxy M].
RSA Algorithm
 Invented in 1978 by Ron Rivest, Adi Shamir and Leonard Adleman
 Published as R L Rivest, A Shamir, L Adleman, "On Digital Signatures and Public

Key Cryptosystems", Communications of the ACM, vol 21 no 2, pp120-126, Feb
1978
 Security relies on the difficulty of factoring large composite numbers
 Essentially the same algorithm was discovered in 1973 by Clifford Cocks, who works
for the British intelligence
RSA Public Key Crypto System
Key generation:
1. Select 2 large prime numbers of about the same size, p and q Typically each p, q has
between 512 and 2048 bits
2. Compute n = pq, and Φ(n) = (q-1)(p-1)
3. Select e, 1<e< Φ(n), s.t. gcd(e, Φ(n)) = 1 Typically e=3 or e=65537
4. Compute d, 1< d< Φ(n) s.t. ed ≡ 1 mod Φ(n) Knowing Φ(n), d easy to compute.
Public key: (e, n) Private Key: d

Encryption
Given a message M, 0 < M < n M ∈ Zn− {0}
use public key (e, n)
compute C = Me mod n C ∈ Zn− {0}
Decryption
Given a ciphertext C, use private key (d)
Compute Cd mod n = (Me mod n)d mod n = Med mod n = M
C = Me mod (n=pq)
Plaintext: M Ciphertext: C
Cd mod n
From n, difficult to figure out p,q
From (n,e), difficult to figure d.
From (n,e) and C, difficult to figure out M s.t. C = Me
RSA Example
p = 11, q = 7, n = 77, Φ(n) = 60
d = 13, e = 37 (ed = 481; ed mod 60 = 1)
Let M = 15. Then C ≡ Me mod n
C ≡ 1537 (mod 77) = 71
M ≡ Cd mod n
M ≡ 7113 (mod 77) = 15
Parameters:
p = 3, q = 5, q= pq = 15
Φ(n) = ?
Let e = 3, what is d?
Given M=2, what is C?

How to decrypt?
Characteristics of RSA
• It is a public key encryption technique.
• It is safe for exchange of data over internet.
• It maintains confidentiality of the data.
• RSA has high toughness as breaking into the keys by interceptors is very difficult.
Esoteric Protocols
Secure Elections Ideal voting protocol has at least following six properties:
1. Only authorized voters can vote
2. No one can vote more than once
3. No one can determine who voted for whom
4. No one can duplicate anyone else’s vote
5. No one can change anyone else’s vote without being discovered
6. Every voter can make sure that his vote has been taken into account in the final tabulation
Additionally
7. Everyone knows who voted and who did not
Simplistic Voting Protocol #1
1. Each voter encrypts his vote with the public key of a Central Tabulating Facility (CTF)
2. Each voter sends his vote in to the CTF
3. The CTF decrypts the votes, tabulates, and makes the results public
Simplistic Voting Protocol #2
1. Each voter signs his vote with his private key
2. Each voter encrypts his signed vote with the CTF’s public key
3. Each voter sends his vote to a CTF

4. CTF decrypts the votes, checks the signatures, tabulates the votes, and makes the results
public
Esoteric Protocols
Problems with Electronic Voting
• No physical audit trail

• Who provides the system?
• How are they audited?
• High Tech: More dependencies
• More ways to subvert the system
Requirements for Electronic Voting
1. Only authorized voters can vote.
2. No one can vote more than once.
3. No one can duplicate anyone else’s vote.
4. No one can change anyone else’s vote without being discovered.
5. Every voter can make sure that his vote has been taken into account in the final
tabulation.
6. No one can determine for whom anyone else voted.
7. Everyone knows who voted and who didn’t.
Unsatisfied Requirements
1. Only authorized voters can vote.
2. No one can vote more than once.

3. No one can duplicate anyone else’s vote.
4. No one can change anyone else’s vote without being discovered. (By intercept attack)
5. Every voter can make sure that his vote has been taken into account in the final
tabulation.
6. No one can determine for whom anyone else voted.
7. Everyone knows who voted and who didn’t.

Additional Some Problems
1. CTF can generate a large number of signed, valid votes and cheat by submitting those
itself.
2. If voter discovers that the CTF changed his or her vote, he or she has no way to prove
it.
Homomorphic Encryption
• Homomorphic encryption is a method of encryption that allows any data to remain

encrypted while it’s being processed and manipulated.
• It enables us or a third party (such as a cloud provider) to apply functions on

encrypted data without needing to reveal the values of the data.
A homomorphic cryptosystem is like other forms of public encryption in that it uses a public
key to encrypt data and allows only the individual with the matching private key to access its
unencrypted data (though there are also examples of symmetric key homomorphic encryption
as well).
Different types of homomorphic encryption
There are three main types of homomorphic encryption:
1. Partially Homomorphic Encryption (PHE): PHE only allows selected

mathematical functions to be performed on encrypted data.
2. Somewhat Homomorphic Encryption (SHE): SHE allows a limited number of

mathematical operations up to a certain complexity to be performed, for a limited
number of times.
3. Fully Homomorphic Encryption (FHE): FHE allows any kind of mathematical

operation to be performed for an unlimited number of times.
Benefits of Homomorphic Encryption(HE)
1. Allows secure and efficient cloud use: Homomorphic encryption can allow businesses to
leverage cloud computing and storage services securely. It eliminates the tradeoff between
data security and usability.
Businesses don’t have to rely on cloud services regarding the security of their private data
while retaining the ability to perform computations on it.
2. Enables collaboration: HE enables organizations to share sensitive business data with

third parties without revealing the data or the results of the computation to them. This can
accelerate collaboration and innovation without the risk of sensitive information getting
compromised.
3. Ensures regulatory compliance: HE can allow businesses operating in heavily regulated
industries, such as healthcare and finance, to get outsourcing services for research and
analytical purposes without the risk of non-compliance.
How does it work?
▪ The demonstrates how homomorphic encryption works:
▪ The process starts with data in its decrypted form (i.e., plain text). The owner of the
data wants some other party to perform a mathematical operation on it without
revealing its content.
▪ The owner encrypts the data and sends it to the other party.
▪ The other party receives encrypted data, performs operations on it, and sends the
encrypted result to the owner.
▪ The owner of the data decrypts it with a private key and reveals the result of the
intended mathematical operation on the data.
Diffi - Hellmen key Exchange algorithm.

• It is not an encryption and decryption algoritm.
• This algorithm is used to exchange keys between sender and receiver.
• It follows asymetric encryption.
The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic curve to
generate points and get the secret key using the parameters.
Procedure:
step1.Consider a prime number q.
Let q=7
step2.Select α<q where α is primitive root of q.
what is primitive root
α^ 1 mod q for example: let α =5
α^ 2 mod q 5^ 1 mod 7=5
α^ 3 mod q 5^ 2 mod 7=4
α^ 4 mod q 5^ 3 mod 7=6
α^ q-1mod q 5^ 4 mod 7=2
5^ 5 mod 7=3
5^ 6 mod 7=1
Should have values (1,2,3,……q-1)
Hence 5 is a primitive root 7.
Step3:
Assume XA(private key of A) and XA<q
Using this XA you need to caliculate YA
YA= α^XA mod q
α=5 and assume XA=2
YA=5^2 mod 7
YA=25 mod 7 = 4
Hence 5 is a primitive root 7.
Step 4:
Assume XB(private key of B) and XB<q
Using this XB you need to caliculate YB
YB= α^XB mod q
α=5 and assume XB=3
YB=5^3 mod 7
YB=125 mod 7 = 6
Now (XA,XB)=(2,3) and (YA,YB)=(4,6)
Step 5 : calculate secrete keys k1 and k2 for exchanging.
K1 is a person A and K2 is a person B
K1=(YB)^XA mod q
K1=6^2 mod 7
k1=36 mod 7
k1=1
K2=(YA)^XB mod q
K2=4^3 mod 7
k2=64 mod 7
k2=1
Hence k1=k2 the key exchange is done successful.
The Diffie-Hellman Key Exchange algorithm is a method used to securely exchange cryptographic
keys over a public channel.
UNIT–III:
Hashing and Message Digests: Cryptographic Hash Functions- Applications- Simple hash
functions and features for ensuring security – Hash functions based on Cipher Block
Chaining- Secure Hash Algorithm (SHA) - Message Digest - MD5
Message Authentication: Authentication Systems – Password and Address – Security
Handshake Drawbacks - Authentication Standards – Kerberos- PKI Trust Models -Message
Authentication Codes (MAC) – Security features- MAC based on Hash Functions - MAC
based on Block Ciphers.
Cryptographic Hash Functions

Hash functions are extremely useful and appear in almost all information security
applications. A hash function is a mathematical function that converts a numerical input value
into another compressed numerical value. The input to the hash function is of arbitrary length
but output is always of fixed length. Values returned by a hash function are called message
digest or simply hash values. The following picture illustrated hash function
Features of Hash Functions
The typical features of hash functions are –
Fixed Length Output (Hash Value)
 Hash function coverts data of arbitrary length to a fixed length. This process is
often referred to as hashing the data.
 In general, the hash is much smaller than the input data, hence hash functions
are sometimes called compression functions.
 Since a hash is a smaller representation of a larger data, it is also referred to as
a digest.
 Hash function with n bit output is referred to as an n-bit hash function.
Popular hash functions generate values between 160 and 512 bits.
Efficiency of Operation
 Generally for any hash function h with input x, computation of h(x) is a fast
operation.
 Computationally hash functions are much faster than a symmetric encryption.
Properties of Hash Functions

In order to be an effective cryptographic tool, the hash function is desired to
possess following properties −
Pre-Image Resistance
 This property means that it should be computationally hard to reverse a hash
function.
 In other words, if a hash function h produced a hash value z, then it should be
a difficult process to find any input value x that hashes to z.
 This property protects against an attacker who only has a hash value and is
trying to find the input.
Second Pre-Image Resistance
 This property means given an input and its hash, it should be hard to find a
different input with the same hash.
 In other words, if a hash function h for an input x produces hash value h(x),
then it should be difficult to find any other input value y such that h(y) = h(x).
 This property of hash function protects against an attacker who has an input
value and its hash, and wants to substitute different value as legitimate value
in place of original input value.
Collision Resistance
 This property means it should be hard to find two different inputs of any
length that result in the same hash. This property is also referred to as
collision free hash function.
 In other words, for a hash function h, it is hard to find any two different
inputs x and y such that h(x) = h(y).
 Since, hash function is compressing function with fixed hash length, it is
impossible for a hash function not to have collisions. This property of
collision free only confirms that these collisions should be hard to find.
 This property makes it very difficult for an attacker to find two input values
with the same hash.
 Also, if a hash function is collision-resistant then it is second pre image
resistant.
Design of Hashing Algorithms
At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of
data to create a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes are
from 128 bits to 512 bits. The following illustration demonstrates hash function –
Hashing algorithm involves rounds of above hash function like a block cipher. Each round
takes an input of a fixed size, typically a combination of the most recent message block and
the output of the last round. This process is repeated for as many rounds as are required to
hash the entire message. Schematic of hashing algorithm is depicted in the following
illustration –
Since, the hash value of first message block becomes an input to the second hash operation,
output of which alters the result of the third operation, and so on. This effect, known as an
avalanche effect of hashing. Avalanche effect results in substantially different hash values for
two messages that differ by even a single bit of data. Understand the difference between hash
function and algorithm correctly. The hash function generates a hash code by operating on
two blocks of fixed-length binary data. Hashing algorithm is a process for using the hash
function, specifying how the message will be broken up and how the results from previous
message blocks are chained together.
Popular Hash Functions
Let us briefly see some popular hash functions − Message Digest (MD) MD5 was most
popular and widely used hash function for quite some years.
 The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted
as Internet Standard RFC 1321. It is a 128-bit hash function.
 MD5 digests have been widely used in the software world to provide assurance about
integrity of transferred file. For example, file servers often provide a pre-computed MD5
checksum for the files, so that a user can compare the checksum of the downloaded file to it.
 In 2004, collisions were found in MD5. An analytical attack was reported to be successful
only in an hour by using computer cluster. This collision attack resulted in compromised
MD5 and hence it is no longer recommended for use. Secure Hash Function (SHA) Family of
SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA3. Though from
same family, there are structurally different.
 The original version is SHA-0, a 160-bit hash function, was published by the National
Institute of Standards and Technology (NIST) in 1993. It had few weaknesses and did not
become very popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of
SHA-0.
 SHA-1 is the most widely used of the existing SHA hash functions. It is employed in
several widely used applications and protocols including Secure Socket Layer (SSL) security.
 In 2005, a method was found for uncovering collisions for SHA-1 within practical time
frame making long-term employability of SHA-1 doubtful.
 SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512
depending up on number of bits in their hash value. No successful attacks have yet been
reported on SHA-2 hash function.
 Though SHA-2 is a strong hash function. Though significantly different, its basic design is
still follows design of SHA-1. Hence, NIST called for new competitive hash function
designs.  In October 2012, the NIST chose the Keccak algorithm as the new SHA-3
standard. Keccak offers many benefits, such as efficient performance and good resistance for
attacks.
RIPEMD
The RIPEMD is an acronym for RACE Integrity Primitives Evaluation Message Digest. This
set of hash functions was designed by open research community and generally known as a
family of European hash functions.
 The set includes RIPEMD, RIPEMD-128, and RIPEMD-160. There also exist 256, and
320-bit versions of this algorithm.
 Original RIPEMD (128 bit) is based upon the design principles used in MD4 and found to
provide questionable security. RIPEMD 128-bit version came as a quick fix replacement to
overcome vulnerabilities on the original RIPEMD.
 RIPEMD-160 is an improved version and the most widely used version in the family. The
256 and 320-bit versions reduce the chance of accidental collision, but do not have higher
levels of security as compared to RIPEMD-128 and RIPEMD-160 respectively.
Whirlpool
This is a 512-bit hash function.
 It is derived from the modified version of Advanced Encryption Standard (AES). One of
the designer was Vincent Rijmen, a co-creator of the AES.
 Three versions of Whirlpool have been released; namely WHIRLPOOL-0, WHIRLPOOL-
T, and WHIRLPOOL.
Applications of Hash Functions
There are two direct applications of hash function based on its cryptographic properties.
Password Storage Hash functions provide protection to password storage.
 Instead of storing password in clear, mostly all logon processes store the hash values of
passwords in the file.
 The Password file consists of a table of pairs which are in the form (user id, h(P)).
 An intruder can only see the hashes of passwords, even if he accessed the password. He can
neither logon using hash nor can he derive the password from hash value since hash function
possesses the property of pre-image resistance
 The process of logon is depicted in the following illustration
Data Integrity
Check Data integrity check is a most common application of the hash
functions. It is used to generate the checksums on data files. This application
provides assurance to the user about correctness of the data.
The process is depicted in the following illustration –
The integrity check helps the user to detect any changes made to original file. It however,
does not provide any assurance about originality. The attacker, instead of modifying file data,
can change the entire file and compute all together new hash and send to the receiver. This
integrity check application is useful only if the user is sure about the originality of file.
Secure Hash Algorithm (SHA)
SHA algorithm is Secure Hash Algorithm developed by the National Institute of Standards
and Technology (NIST) along with National Security Agency, previously released as a
Federal Information Processing Standard, later in 1995, it was named as SHA algorithm,
design to modify the MD4, in other words, we can say that the SHA algorithm is the
modified version of MD4. SHA is designed to obtain the original message, given its message
digest, and find the message producing the same message.
What is SHA Algorithm?
In the field of cryptography and crypt analytics, the SHA-1 algorithm is a cryptformatted
hash function that is used to take a smaller input and produces a string that is 160 bits, also
known as 20-byte hash value long. The hash value therefore generated, is known as a
message digest which is typically rendered and produced as a hexadecimal number which is
specifically 40 digits long.
Characteristics
The cryptographic hash functions are utilized and used to keep and store the secured form of
data by providing three different kinds of characteristics such as pre-image resistance, which
is also known as the first level of image resistance, the second level of pre-image resistance
and collision resistance.
 The cornerstone lies in the fact that the pre-image crypt resistance technique makes it hard
and more time consuming for the hacker or the attacker to find the original intended message
by providing the respective hash value.
 The security, therefore, is provided by the nature of a one way that has a function that is
mostly the key component of the SHA algorithm. The pre-image resistance is important to
clear off brute force attacks from a set of huge and powerful machines.
 Similarly, the second resistance technique is applied where the attacker has to go through a
hard time decoding the next error message even when the first level of the message has been
decrypted. The last and most difficult to crack is the collision resistance, making it extremely
hard for the attacker to find two completely different messages which hash to the same hash
value.
 Therefore, the ratio to the number of inputs and the outputs should be similar in fashion to
comply with the pigeonhole principle. The collision resistance implies that finding two
different sets of inputs that hash to the same hash is extremely difficult and therefore marks
its safety.
Types of SHA Algorithm
The Different Types of SHA algorithm include the ones:
1. SHA-0
It is a retronym that is applied to the basic version of the year-old 160 bit or 20-byte
long hash function, which was published back in 1993 with the name of the SHA
algorithm. It was withdrawn very shortly after it was published due to a major flaw,
and therefore SHA-1 came into the picture.
2. SHA-1
It is a 160 bit or a 20-byte long hash-based function-based encryption mechanism that
is used to resemble the year-old MD5 algorithm. The particular algorithm was
designed and developed by the NSA, i.e. the National Security Agency and was
supposed to be part of the critical component- Digital Signature Algorithm (DSA).
The weaknesses related to the cryptographic techniques were found in SHA-1; the
encryption standard was later on discarded and was not much put to use.
3. SHA-2
This forms a family of 2 identical hash functions, which consist of differently sized
block sizes which are known to be SHA-512 and SHA-256, which differ mainly in the
word size. The former consists of the word value range of 32 words, whereas the
latter consists of the 64-bit word value. The truncated versions of these values include
SHA-224, SHA-384 and SHA-512 and SHA-224 or SHA-256.
4. SHA-3
This is the encryption technique being used mainly today, which makes use of the
hash function named Keccak. The length supported is the same as that of SHA-2.
Still, the majority of the difference lies in the fact that this one is structurally different
as it is based on a wide range of random function generation, which typically supports
all random permutations and thereby allowing inputting or absorbing, as it is called,
any amount of data presented and outputting or squeezing the presented data. While
doing all this, this acts as a pseudorandom function for all the inputs provided, which
therefore leads to greater flexibility.
Uses of SHA Algorithm
 These SHA algorithms are widely used in security protocols and applications,
including the ones such as TLS, PGP, SSL, IPsec, and S/MiME.
 These also find their place in all the majority of cryptanalytic techniques and coding
standards which is mainly aimed to see the functioning and working of majorly all
governmental as well as private organizations and institutions.
 Major giants today such as Google, Microsoft, or Mozilla have started to recommend
the use of SHA-3 and stop the usage of the SHA-1 algorithm.
Message Authentication Codes
Message Authentication Codes are the codes which plays their role in two important
functions: Authentication Detection and Falsification Detection
Where do we need these codes?
Suppose User A send message to user B with message – ‘abc’. A encrypts the
message using Shared – Key Cryptosystem for encrypting the message. A sends the
key to B using a source key. Key exchange is based on different protocols such as
Public – Key Cryptosystem. B uses the key to decrypt the Cipher text and obtains the
message.
If a malicious user X has falsified the ciphertext during the transmission. Then, in that
case, B has no way to realize that it has been falsified. When B decrypts the message,
it will get the wrong message. Unknown to the fact B will think wrong information to
be the right. Although you can decrypt or encrypt the data later on but these
operations, you are applying the wrong data.
Here we need to detect the falsification in the message B has got. Here A will
create a key (used to create Message Authentication Code) and sends the key to B. A
will create a value using Ciphertext and key and the value is obtained. This value
Created by Ciphertext + Key = Message Authentication Code. B has to check
whether the ciphertext is falsified or not using Message Authentication Code. Now B
can clearly know that whether the ciphertext is falsified or not.
Apart from intruders, the transfer of message between two people also faces other
external problems like noise, which may alter the original message constructed by the
sender. To ensure that the message is not altered there’s this cool method MAC.
MAC stands for Message Authentication Code. Here in MAC, sender and receiver
share same key where sender generates a fixed size output called Cryptographic
checksum or Message Authentication code and appends it to the original message. On
receiver’s side, receiver also generates the code and compares it with what he/she
received thus ensuring the originality of the message.
These are components:
 Message
 Key
 MAC algorithm
 MAC value
There are different types of models Of Message Authentication Code (MAC) as
following below:
1. MAC without encryption – This model can provide authentication but not
confidentiality as anyone can see the message.
2. Internal Error Code - In this model of MAC, sender encrypts the content before
sending it through network for confidentiality. Thus this model provides
confidentiality as well as authentication
M' = MAC(M, k)
3. External Error Code – For cases when there is an alteration in message, we

decrypt it for waste, to overcome that problem, we opt for external error code.
Here we first apply MAC on the encrypted message ‘c’ and compare it with
received MAC value on the receiver’s side and then decrypt ‘c’ if they both are
same, else we simply discard the content received. Thus it saves time.
c = E(M, k')
M' = MAC(c, k)
Problems in MAC –
If we do reverse engineering we can reach plain text or even the key. Here we have mapped
input to output, to overcome this we move on to hash functions which are “One way”.
Note – symbol “E” denotes symmetric key encryption.
MAC-based on Hash Function (HMAC)
This Hashed or Hash-based Message Authentication Code in cryptography. Thus, developing
a MAC derived from cryptographic hash functions in this. Mainly, HMAC is a great
resistance towards cryptanalysis attacks as it uses the hashing concept twice in cryptography.
Thus, HMAC consists of twin benefits of Hashing and MAC and thus is more secure than
any other authentication code in cryptography. Thus, RFC 2104 has issued HMAC, and
HMAC has been made compulsory to implement in IP security in MAC. Then, the FIPS 198
NIST standard has also issued HMAC in cryptography.
HMAC Algorithm
Hence, the working of HMAC starts with taking a message M containing blocks of length b
bits of the message. Thus, an input signature is padded to the left of the message and the
whole is given as input to a hash function which gives us a temporary message-digest MD' of
the message of plaintext or original text. Thus, MD' again is appended to an output signature,
and the whole is applied a hash function again, the result is our final message digest MD in
cryptography.
Here, H stands for hashing function,
M is the original message
Si and So are input and output signatures respectively,
Yi is the I th block in original message M, where I ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing IV is an initial vector (some constant)
The generation of input signature and output
Signature Si and So respectively.

Kerberos
Kerberos provides a centralized authentication server whose function is to authenticate users
to servers and servers to users. In Kerberos Authentication server and database is used for
client authentication. Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:

Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket Granting
Service.
Database:
The Authentication Server verifies the access rights of users in the database.
Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
Step-1:
User login and request services on the host. Thus user requests for ticket-granting service.
Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using the Password of the user.
Step-3:
The decryption of the message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contains authenticators like user names and network addresses.
Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request
then creates the ticket for requesting services from the Server.
Step-5:
The user sends the Ticket and Authenticator to the Server.
Step-6:
The server verifies the Ticket and authenticators then generate access to the service. After
this User can access the services.
Kerberos Limitations
● Each network service must be modified individually for use with Kerberos
● It doesn’t work well in a timeshare environment
● Secured Kerberos Server
● Requires an always-on Kerberos server
● Stores all passwords are encrypted with a single key
● Assumes workstations are secure
● May result in cascading loss of trust.
● Scalability
Is Kerberos Infallible?
No security measure is 100% impregnable, and Kerberos is no exception. Because it’s been
around for so long, hackers have had the ability over the years to find ways around it, typically
through forging tickets, repeated attempts at password guessing (brute force/credential stuffing),
and the use of malware, to downgrade the encryption.
Despite this, Kerberos remains the best access security protocol available today. The protocol is
flexible enough to employ stronger encryption algorithms to combat new threats, and if users
employ good password-choice guidelines, you shouldn’t have a problem!
What is Kerberos Used For?
● Although Kerberos can be found everywhere in the digital world, it is commonly used in
secure systems that rely on robust authentication and auditing capabilities. Kerberos is used
for Posix, Active Directory, NFS, and Samba authentication. It is also an alternative
authentication system to SSH, POP, and SMTP.
Authentication Systems
Authentication Systems Authentication is a process in which a principal proves that he/she/it

is the entity it claims to be.
➢ The principal is referred to as the proverb, while the party to whom proof is submitted
identity verification is called the verifier.
➢ Authentication may be based on what the principal knows (e.g., a password or a

passphrase) or has (an identity card or passport, for example).
➢ A principal is often a human, a computer, an application, or a robot.
➢ In the case of a human principal, authentication may use physical characteristics such as
voice, a fingerprint, a retinal scan, or even a DNA sample — this form of authentication is
referred to as biometric authentication.
➢ with password-based authentication, an individual is often expected to communicate

his/her password to a verifying entity. However, in many cases it may not be advisable for
the individual to reveal his/her password.
➢ Instead, he/she may be required to perform some "one-way" cryptographic operation

using his/her secret, which cannot be performed without knowledge of it.
➢ Finally, many authentication systems today use a combination of techniques. This is
referred to as multi-factor authentication.
Password and Address:
1. Password based authentication
Passwords to the systems are something like the keys to the front doors. A front door is
likely to be the first that is attacked by an intruder. Making use of login-name & password is
an easy & cheap method of authentication, and is the most widely used. The passwords and
the corresponding usernames are stored with the server database. Whenever the user enters
into the system, the password entered by the user will be forwarded to the server and the
verification with the database will be performed and the authentication will be completed.
The storage of password with the server and the transmission password from the client to the
server may create security breach. The various types of attacks possible with the password
are discussed below.
1.1 On-line vs. off-line guessing: Certain techniques are cracking the password directly by
creating some hackers programme or by creating the fake login screen. This will attack the
password directly either by using certain permutation combination or by the support of the
dictionary. The passwords can also be attacked offline by using social engineering
techniques or by casual discussions with the user. The following are some methods which
will attack the password either offline or online.
i. Direct Approach: This method apparently seems to be very easy but yet is very
ineffective, since nobody is going to disclose the password easily to anyone. Still, intruders
use this as the first method & try their luck & then go for more difficult ones. This attack is
performed in such a way that the intruders will try with the various keywords, which are
directly related with the user like name, relatives name, organization, city, designation etc.
Normally user will select the passwords which can be easily remembered by them and
which are directly related with them. The intruders will use this loophole and directly attack
the password.
ii. Dictionary based attacks: Hackers may use ready-made dictionaries for checking the
passwords of systems, using special software. This method is somewhat difficult and time
consuming, but not very sure. The main problem with this method is that the dictionary will
be containing only the meaningful combination of characters, whereas the password can be
of any combination of characters. The average of success will be very less with this method.
iii. Brute force attacks: This involves using several combinations of keys such as
alphabets, numbers, special characters etc. for a specific no. Of digits & comparing or
applying them to guess passwords. Normally the possibility of getting the password is very
easy with this method. Because of the possibility of the password is the only combination of
the keys available within the keypad. By combining the same keys with various
combinations the passwords can be easily cracked. This refers to the process of trial and
error method with lots of permutations and combinations. Of course this is most tedious and
time consuming, but surer method of getting passwords.
iv. Using fake / login: Sometimes, if the attacker is an insider, or is someone who can get a
direct access, then the attacker may keep a fake login program running on a terminal, which
feels legitimate to unknown users. When someone logins, he gets an invalid login message,
and the password is meanwhile collected somewhere, which is available for the attacker.
Windows prevents from this attack, by requiring Ctrl-Alt Del keys before login. Another
way to protect is to always lock the terminal while going away from it.
v. Packet sniffing: As another attempt, attackers may intercept the packets flowing through
the network. Some protocols let out the passwords in clear text while transmitting, which
may be grabbed by attackers sniffing the packets. Although this is also tedious, it may work
out sometimes. Packet sniffing is a form of wiretap applied to computer networks instead of
phone networks. It came into vogue with Ethernet, which is known as a "shared medium"
network.
1.2 Storing password:
i. User’s authentication information is individually configured into every server the user
will use.
ii. Another location called authentication storage node, stores user information and servers
retrieve that information when they want to authenticate the user.
iii. Another location is called as authentication facilitator node. This location stores the user
information and a server that wants to authenticate user will send the information received
from the user to the AF node.
iv. Encrypted password: Normally with any networking system the password from the node
to the server will always travel in a plain text format. In the same way within the server
database also the password will be stored in a plain text format. It will be easy for any
hacker to crack the password. To avoid this kind of attack one should keep the password in
an encrypted format. Any encryption method can be used to encrypt the password.
Various methods to prevent from password stealing:
1. One time password: This is the basic method, which will use different password with
every access. As the passwords are easily cracked by the systems, this method will help the
user to protect the password from the hackers. Every time the password will change. Before
the hackers use any method to crack the password, the user will change the password.
2. Encrypted password: Normally with any networking system the password from the node
to the server will always travel in a plain text format. In the same way within the server
database also the password will be stored in a plain text format. It will be easy for any
hacker to crack the password. To avoid this kind of attack one should keep the password in
an encrypted format. Any encryption method can be used to encrypt the password.
2. Address based authentication
i. KDCs (Key Distribution Center)
One way to make things manageable is to use a trusted node known as Key Distribution
Center (KDC).The KDC knows keys for all nodes. If a new node is installed in the network,
only that, new node and the KDC need to be configured with a key for that node. If node α
wants to talk to node β, α talks to the KDC (securely,since α and the KDC share a key),and
asks for a key with which to talk to β .The KDC authenticates α ,chooses a random number
Rαβ to be used as a key to be shared by α and β for their conversation ,encrypts Rαβ with
the key the KDC shares with α and gives that to α. The KDC also encrypts Rαβ with the key
the KDC shares with β and gives that to β. With the instruction that it is to be used for
conversing with α.(Usually ,the KDC will not bother to actually transmit the encrypted Rαβ
to β but rather will give it to α to forward to β.)the encrypted message to β that the KDC
gives to α to forward is often referred to as a ticket. Besides containing Rαβ, the ticket
generally contains other information such as an expiration time and α’s name. KDCs make
key distribution much more convenient .when a new user is being installed into the network,
or when a user’s key is suspected of having been compromised, there’s a single location (the
KDC) that needs to be configured .
ii. Certificate Revocation

The PKI method distributes the certificates using third parties. These certificated are
providing the additional security mechanism to the existing message exchange. For
certificate status to be determined, public key infrastructure (PKI) certificate revocation
information must be made available to individuals, computers, network devices, and
applications attempting to verify the validity of certificates. Traditionally, a PKI uses a
distributed method of verification so that the clients do not have to contact the Certification
Authority (CA) directly to validate the credentials presented. Instead, clients connect to
alternate resources, such as Web servers or Lightweight Directory Access Protocol (LDAP)
directories, where the CA has published its revocation information. Without checking
certificates for revocation, the possibility exists that an application or user will accept
credentials that have been revoked by a CA administrator.
3.3 BIOMETRICS
Biometrics are the another way to ensure the security mechanism. This authenticates the
user by verifying either the one 101 which the user possesses or the one which user has as a
physical features. The one which the user possesses may be a smart card or SID chip. The
one which the user has may be his fingerprints or the facial expressions.
There are variety of Biometrics devices available.
o Retinal Scanner.
o Fingerprint readers.
o Face recognition
o IRIS scanner
o Handprint readers.
o Voiceprints.
Security Handshake Pitfalls
Authentication Systems
Authentication is a process in which a principal proves that he/she/it is the entity it claims to
be.
➢ The principal is referred to as the proverb, while the party to whom proof is submitted
identity verification is called the verifier.
➢ Authentication may be based on what the principal knows (e.g., a password or a

passphrase) or has (an identity card or passport, for example).
➢ A principal is often a human, a computer, an application, or a robot.
➢ In the case of a human principal, authentication may use physical characteristics such as
voice, a fingerprint, a retinal scan, or even a DNA sample — this form of authentication is
referred to as biometric authentication.
➢ with password-based authentication, an individual is often expected to communicate

his/her password to a verifying entity. However, in many cases it may not be advisable for the
individual to reveal his/her password.
➢ Instead, he/she may be required to perform some "one-way" cryptographic operation using
his/her secret, which cannot be performed without knowledge of it.
➢ Finally, many authentication systems today use a combination of techniques. This is

referred to as multi-factor authentication.
Password and Address
1. Password based authentication

Passwords to the systems are something like the keys to the front doors. A front door
is likely to be the first that is attacked by an intruder. Making use of login-name &
password is an easy & cheap method of authentication, and is the most widely used.
The passwords and the corresponding usernames are stored with the server database.
Whenever the user enters into the system, the password entered by the user will be
forwarded to the server and the verification with the database will be performed and
the authentication will be completed. The storage of password with the server and the
transmission password from the client to the server may create security breach. The
various types of attacks possible with the password are discussed below.
1.1 On-line vs. off-line guessing: Certain techniques are cracking the password directly by
creating some hackers programme or by creating the fake login screen. This will attack the
password directly either by using certain permutation combination or by the support of the
dictionary. The passwords can also be attacked offline by using social engineering techniques
or by casual discussions with the user. The following are some methods which will attack the
password either offline or online.
i. Direct Approach: This method apparently seems to be very easy but yet is very
ineffective, since nobody is going to disclose the password easily to anyone. Still,
intruders use this as the first method & try their luck & then go for more difficult
ones. This attack is performed in such a way that the intruders will try with the
various keywords, which are directly related with the user like name, relatives name,
organization, city, designation etc. Normally user will select the passwords which can
be easily remembered by them and which are directly related with them. The intruders
will use this loophole and directly attack the password.
ii. Dictionary based attacks: Hackers may use ready-made dictionaries for checking the
passwords of systems, using special software. This method is somewhat difficult and
time consuming, but not very sure. The main problem with this method is that the
dictionary will be containing only the meaningful combination of characters, whereas
the password can be of any combination of characters. The average of success will be
very less with this method.
iii. Brute force attacks: This involves using several combinations of keys such as
alphabets, numbers, special characters etc. for a specific no. Of digits & comparing or
applying them to guess passwords. Normally the possibility of getting the password is
very easy with this method. Because of the possibility of the password is the only
combination of the keys available within the keypad. By combining the same keys
with various combinations the passwords can be easily cracked. This refers to the
process of trial and error method with lots of permutations and combinations. Of
course this is most tedious and time consuming, but surer method of getting
passwords.
iv. Using fake / login: Sometimes, if the attacker is an insider, or is someone who can get
a direct access, then the attacker may keep a fake login program running on a
terminal, which feels legitimate to unknown users. When someone logins, he gets an
invalid login message, and the password is meanwhile collected somewhere, which is
available for the attacker. Windows prevents from this attack, by requiring Ctrl-Alt-
Del keys before login. Another way to protect is to always lock the terminal while
going away from it.
v. Packet sniffing: As another attempt, attackers may intercept the packets flowing
through the network. Some protocols let out the passwords in clear text while
transmitting, which may be grabbed by attackers sniffing the packets. Although this is
also tedious, it may work out sometimes. Packet sniffing is a form of wiretap applied
to computer networks instead of phone networks. It came into vogue with Ethernet,
which is known as a "shared medium" network.
1.2 Storing password:
i. User’s authentication information is individually configured into every server the user
will use.
ii. Another location called authentication storage node, stores user information and
servers retrieve that information when they want to authenticate the user.
iii. Another location is called as authentication facilitator node. This location stores the
user information and a server that wants to authenticate user will send the information
received from the user to the AF node.
iv. Encrypted password: Normally with any networking system the password from the
node to the server will always travel in a plain text format. In the same way within the
server database also the password will be stored in a plain text format. It will be easy
for any hacker to crack the password. To avoid this kind of attack one should keep the
password in an encrypted format. Any encryption method can be used to encrypt the
password.
Various methods to prevent from password stealing:
1. One time password: This is the basic method, which will use different password with
every access. As the passwords are easily cracked by the systems, this method will help
the user to protect the password from the hackers. Every time the password will change.
Before the hackers use any method to crack the password, the user will change the
password.
2. Encrypted password: Normally with any networking system the password from the
node to the server will always travel in a plain text format. In the same way within the
server database also the password will be stored in a plain text format. It will be easy for
any hacker to crack the password. To avoid this kind of attack one should keep the
password in an encrypted format. Any encryption method can be used to encrypt the
password.
2. Address based authentication

i. KDCs (Key Distribution Center)
One way to make things manageable is to use a trusted node known as Key
Distribution Center (KDC).The KDC knows keys for all nodes. If a new node is
installed in the network, only that, new node and the KDC need to be configured with
a key for that node. If node α wants to talk to node β, α talks to the KDC
(securely,since α and the KDC share a key),and asks for a key with which to talk to β
.The KDC authenticates α ,chooses a random number Rαβ to be used as a key to be
shared by α and β for their conversation ,encrypts Rαβ with the key the KDC shares
with α and gives that to α. The KDC also encrypts Rαβ with the key the KDC shares
with β and gives that to β. With the instruction that it is to be used for conversing with
α.(Usually ,the KDC will not bother to actually transmit the encrypted Rαβ to β but
rather will give it to α to forward to β.)the encrypted message to β that the KDC gives
to α to forward is often referred to as a ticket. Besides containing Rαβ, the ticket
generally contains other information such as an expiration time and α’s name. KDCs
make key distribution much more convenient .when a new user is being installed into
the network, or when a user’s key is suspected of having been compromised, there’s a
single location (the KDC) that needs to be configured .
ii. Certificate Revocation
The PKI method distributes the certificates using third parties. These certificated are
providing the additional security mechanism to the existing message exchange. For
certificate status to be determined, public key infrastructure (PKI) certificate
revocation information must be made available to individuals, computers, network
devices, and applications attempting to verify the validity of certificates.
Traditionally, a PKI uses a distributed method of verification so that the clients do not
have to contact the Certification Authority (CA) directly to validate the credentials
presented. Instead, clients connect to alternate resources, such as Web servers or
Lightweight Directory Access Protocol (LDAP) directories, where the CA has
published its revocation information. Without checking certificates for revocation, the
possibility exists that an application or user will accept credentials that have been
revoked by a CA administrator
3.3 BIOMETRICS
Biometrics are the another way to ensure the security mechanism. This authenticates
the user by verifying either the one 101 which the user possesses or the one which
user has as a physical features. The one which the user possesses may be a smart card
or SID chip. The one which the user has may be his fingerprints or the facial
expressions. There are variety of Biometrics devices available.
 Retinal Scanner.
 Fingerprint readers.
 Face recognition
 IRIS scanner
 Handprint readers.
 Voiceprints.
Security Handshake Pitfalls

A bad idea
 Alice sends name and password in clear (across network) to Bob
 Bob verifies name and password and communication proceeds
Better idea using shared secret
Implications
 Authentication is not mutual
 How to encrypt subsequent conversation?
 If key derived from a password, offline password guessing is possible
 Bob knows KAlice-Bob so if Bob's database is compromised, attacker can
impersonate Alice
Implications
 Requires reversible cryptography (hash will not work)

 If R is known and key derived from password, dictionary attack is possible by simply
claiming to be Alice
 If R has a limited lifetime, Alice can authenticate Bob (mutual authentication)
Implications
 Easy to modify "bad idea" to this form, since no additional messages

 More efficient
 Bob does not need to maintain state
 Eavesdropper can impersonate Alice (within acceptable clock skew); might also be
possible to impersonate Alice to another server
 If Bob sets his clock back, intercepted authentication messages can be replayed
 Setting time (and agreeing on time) is a security issue
Implications
 Same as above, but using a hash

 Why transmit timestamp in the clear?
Better idea using public key crypto

(Notation: [R]Alice means sign with private key and {R}Alice means encrypt with public key.)
Implications
 Compromise of Bob's database will not allow attacker to impersonate Alice
 Attacker may be able to trick Alice into signing anything
Implications
 Compromise of Bob's database will not allow attacker to impersonate Alice
 Attacker may be able to trick Alice into decrypting anything
Mutual authentication
o Reflection attack
Implications
 Authenticated exchange in each direction

 Inefficient?
Implications
 More efficient
 Easy to get chosen plaintext
 Subject to a reflection attack
Attack
 Trudy opens 1st session to Bob

 Trudy opens 2nd session to Bob in order to get information needed to complete 1st
session
Solution?
 Alice and Bob should not do exactly the same thing

 Have Bob encrypt with KAlice-Bob and Alice encrypt with KAlice-Bob+1 or
 Initiator sends odd R, responder sends even R, etc.
o Password guessing (chosen plaintext)
Implications
 One "extra" message and Alice cannot obtain chosen plaintext
o Public keys
Implications
 How to obtain public keys?
 How can workstation obtain private key from password? (Easy with symmetric key
crypto, not so easy with public key crypto.)
 Identity-based encryption is an active research area
Timestamps
Implications
 Only 2 messages
 Alice and Bob must encrypt different things
 Everyone must agree on the time
 Time is now security-critical
Kerberos
A user could use the same password for all servers but distributing and maintaining a
password file across multiple servers poses a securit risk.
➢ A password-based system should ensure the following:y
1. The password should not be transmitted in the clear.
2. It should not be possible to launch dictionary attacks
3. The password itself should not be stored on the authentication server, rather it should be
cryptographically transformed before being stored.
4. It should not be possible to launchdictionary attacks by obtaining a file containing

cryptographically transformed versions of the password.
5. A user enters her password only ONCE during login. Thereafter, she should not have to re-
enter her password to access other servers for the duration of the session. This feature is
called single sign-on.
6. The password should reside on a machine for only a few milliseconds after being entered
bythe user. The Kerberos protocol elegantly addresses many of these issues.
➢ Developed at MIT, Kerberos has been through many revisions.
➢ The latest is Kerberos Version 5.
➢ The KDC used in the Needham—Schroeder protocol is logically split into two entities here
— the Authentication Sewer (AS) and the Ticket Granting Server (TGS).
➢ The sequence of messages exchanged between the client (C), the Kerberos servers (AS and
TGS) and the requested server(S) is shown in Fig.3.14 .
➢ There are three steps — each involving two messages

Step 1: Receipt of Ticket-Granting Ticket
Message 1 C →AS
➢ In Message 1, the client informs the AS that it wishes to communicate with the TGS.
➢ "Times" field specifies the start time and expected duration of the login session.
➢ "C," is the ID of the user/client who has logged in.
➢ R1 is a nonce generated by C
Message2 AS → C
➢ The response from the AS (Message 2) contains a session key, Kc,TGS, to be used for
communication between C and the TGS.
➢ This key is encrypted with the long-term key, KC known to C and theAS.
➢ This key is a function of the user's password.
➢ AS encrypts the nonce, that it received in Message 1.

➢ The nonce is used to prevent replay attacks.
➢ The AS also includes a TGT (Ticket TGS)in connection with C's request.
Step 2: Receipt of Service-Granting Ticket

Message3 C→TGS
➢ In Message 3, C forwards the TGT (Ticket TGS), Authenticator Cto the TGS
➢ Using this Ticket TGS ,TGS server extracts the session key, KC,TGS,known only to C and
the TGS. ➢As shown above, the Authenticator Cencrypts the current time (timestamp) and
ID usingKC,TGS Message4 TGS→C
➢ The TGS generates a fresh session key, Kc,s, to be shared between C and S.
➢ This key is encrypted using the session key KC,TGS, so only C can decrypt it.
➢ The fresh nonce, R2, from C is also encrypted by the TGS using K C,TGS
➢ This convinces C that the received message is from the TGS
➢ Finally, the fresh session key Kc,s is enclosed in a service-granting ticket to be forwarded
by C to S.
➢ The service-granting ticket is encrypted with the long-term secret shared between the TGS
and S
Step 3: Client-Server Authentication
Message5 C→S
➢ C forwards to S the ticket containing the session key, Kc,s.
➢ C also creates and sends to S an authenticator by encrypting a timestamp with the session
key Kc,s Message6 S→C
➢ S retrieves Kc,s from the service-granting ticket.
➢ S verifies the authenticator from C.
➢ S then increments the timestamp and encrypts it with the fresh session key.
➢ The encrypted timestamp serves to authenticate S to C.
PKI Trust Models
implement a trust model that can cover all or some of these principles, one of the best ways is
Public Key Infrastructure (PKI) and there are four types that are used to implement the trust
model with PKI.
A. Hierarchical Trust Model: The hierarchical model or tree model is the most common
model to implement the PKI. A root CA at the top provides all the information and the
intermediate CAs are next in the hierarchy, and they only trust the information provided by the
root. The root CA also trusts intermediate CAs that are in their level in the hierarchy.
This arrangement allows a high level of control at all levels of the hierarchical tree this might
be the most common implementation in a large organization that wants to extend its
certificate-processing capabilities. Hierarchical models allow tight control over certificate-
based activities.
B. Bridge Trust Model: In Bridge Trust Model we have many P2P relations between Root C
As that the Root CAs can communicate with each other and allow cross-certificates. This
implementation model allows a certification process to be established between Organizations
(or departments).In this model, each intermediate CA trusts only the CAs above and below it
but the CA structure can be expanded without creating additional layers of CAs. Additional
flexibility and interoperability between organizations are the primary advantages of a bridge
model.
C. Hybrid Trust Model: Sometimes you need to link two or more organizations or
departments in some part and separate other segments. When you need to make trust in some
parts of two organization but you don`t want to be this trust in other segments of your
organization. In these times the Hybrid Trust Model can be the best model for you. You can be
extremely flexible when you build a hybrid trust structure and the flexibility of this model also
allows you to create hybrid environments.

D. Mesh Trust Model: When you want to implement a Hierarchical Trust Model with cross-
certification checking or a web of Root CAs, the mesh trust model is your best choice. In the
other sights, the mesh model migrates the concepts of bridge structure with multi-paths and
multi Root CAs.
Certifications in each one of Root CAs are authorized in all of Root, Intermediate, and leaf
CAs and all end-users that connected to each one of CA chains.
Message Authentication Codes

Message Authentication Codes are the codes which plays their role in two important
functions: Authentication Detection and Falsification Detection
Where do we need these codes?
Suppose User A send message to user B with message – ‘abc’. A encrypts the
message using Shared – Key Cryptosystem for encrypting the message. A sends the
key to B using a source key. Key exchange is based on different protocols such as
Public – Key Cryptosystem. B uses the key to decrypt the Cipher text and obtains the
message.
If a malicious user X has falsified the ciphertext during the transmission. Then, in that
case, B has no way to realize that it has been falsified. When B decrypts the message,
it will get the wrong message. Unknown to the fact B will think wrong information to
be the right. Although you can decrypt or encrypt the data later on but these
operations, you are applying the wrong data.
Here we need to detect the falsification in the message B has got. Here A will
create a key (used to create Message Authentication Code) and sends the key to B. A
will create a value using Ciphertext and key and the value is obtained. This value
Created by Ciphertext + Key = Message Authentication Code. B has to check
whether the ciphertext is falsified or not using Message Authentication Code. Now B
can clearly know that whether the ciphertext is falsified or not.
Apart from intruders, the transfer of message between two people also faces other
external problems like noise, which may alter the original message constructed by the
sender. To ensure that the message is not altered there’s this cool method MAC.
MAC stands for Message Authentication Code. Here in MAC, sender and receiver
share same key where sender generates a fixed size output called Cryptographic
checksum or Message Authentication code and appends it to the original message. On
receiver’s side, receiver also generates the code and compares it with what he/she
received thus ensuring the originality of the message.
These are components:
 Message
 Key
 MAC algorithm
 MAC value
There are different types of models Of Message Authentication Code (MAC) as
following below:
1. MAC without encryption – This model can provide authentication but not
confidentiality as anyone can see the message.
2. Internal Error Code - In this model of MAC, sender encrypts the content before
sending it through network for confidentiality. Thus this model provides
confidentiality as well as authentication
M' = MAC(M, k)
3. External Error Code – For cases when there is an alteration in message, we

decrypt it for waste, to overcome that problem, we opt for external error code.
Here we first apply MAC on the encrypted message ‘c’ and compare it with
received MAC value on the receiver’s side and then decrypt ‘c’ if they both are
same, else we simply discard the content received. Thus it saves time.
c = E(M, k')
M' = MAC(c, k)
Problems in MAC –
If we do reverse engineering we can reach plain text or even the key. Here we have mapped
input to output, to overcome this we move on to hash functions which are “One way”.
Note – symbol “E” denotes symmetric key encryption.
MAC-based on Hash Function (HMAC)
This Hashed or Hash-based Message Authentication Code in cryptography. Thus, developing
a MAC derived from cryptographic hash functions in this. Mainly, HMAC is a great
resistance towards cryptanalysis attacks as it uses the hashing concept twice in cryptography.
Thus, HMAC consists of twin benefits of Hashing and MAC and thus is more secure than
any other authentication code in cryptography. Thus, RFC 2104 has issued HMAC, and
HMAC has been made compulsory to implement in IP security in MAC. Then, the FIPS 198
NIST standard has also issued HMAC in cryptography.
HMAC Algorithm
Hence, the working of HMAC starts with taking a message M containing blocks of length b
bits of the message. Thus, an input signature is padded to the left of the message and the
whole is given as input to a hash function which gives us a temporary message-digest MD' of
the message of plaintext or original text. Thus, MD' again is appended to an output signature,
and the whole is applied a hash function again, the result is our final message digest MD in
cryptography.
Here, H stands for hashing function,
M is the original message
Si and So are input and output signatures respectively,
Yi is the I th block in original message M, where I ranges from [1, L)

L = the count of blocks in M
K is the secret key used for hashing IV is an initial vector (some constant)
The generation of input signature and output
Signature Si and So respectively.
MAC based on Block Ciphers
Data Authentication Algorithm (DAA)

One of the most widely used MACs is referred to as the Data Authentication Algorithm. The
algorithm is designed using the Cipher Block Chaining mode of operation of DES, as shown
in figure. The data (e.g., message, record, file, or program) to be authenticated are grouped
into fixed size 64-bit blocks: D1, D2,….., DN. If necessary, the final block is padded on the
right with zeroes to make a 64-bit blocks. Using the DES encryption algorithm and a secret
key, a data authentication code (DAC) is calculated as follows:
The DAC consists of either the entire block ON or the leftmost M bits of the block, with
16 ≤ M ≤ 64.
Cipher based message authentication code (CMAC)
Data Authentication Algorithm (DAA), which is now obsolete. Then CMAC, which is designed to overcome the
deficiencies of DAA. Cipher-based Message Authentication Code (CMAC) mode of operation for use with AES and
triple DES. First, let us define the operation of CMAC when the message is an integer multiple n of the cipher block
length b. For AES, b=128, and for triple DES, b=64. The message is divided into n blocks (M1, M2,…, Mn ).
For AES, the key size is 128, 192, or 256 bits; for triple DES, the key size is 112 or 168 bits. CMAC is calculated
as follows:
C1 = E(K, M1)
C2 = E(K, [M2 ⊕C1])
C3 = E(K, [M3 ⊕C2])
.
.
.
Cn = E(K, [Mn ⊕Cn-1 ⊕K1])
T = MSBTlen(Cn)
UNIT–IV:
Information Theory - Data Encryption Standard (DES) – Lucifer –Madryga – New DES -
GOST – 3 Way – Crab – RC5 - Double Encryption - Triple Encryption - CDMF Key
Shortening – Whitening.
Data Encryption Standard (DES)
It is previously predominant algorithm for the encryption of a electronic data.It was highly
influential in the advacement of modern cryptography in the academic world.Developed in
the early 1970s at IBM and based on an earlier design by Horst Feistel.
Data Encryption Standard
 -DES is a feistel cipher
 -Block Length is 64 bit
 -Key Length is 56 bit
 -No of rounds are 16
 -Each round is applied on one Block Cipher
 -Security depends primarly on "s-boxes"
 -Each S-boxes maps 6 bits to 4-bits
Objectives
 Block cipher
 Full Size cipher and Partial key cipher
 Components of a Modern Block Cipher
o P Box (Permutation Box)
o S Box (Substitution Box)
o Swap
o Exclusive OR operation
 Diffusion and Confusion
 Feistel cipher
Two classes of product ciphers

 Feistel ciphers, Example DES(data encryption standard)
 Non-feistel Ciphers, Example AES(Advanced Encryptin system)
Feistel Cipher
 A Feistel cipher is a symmentric structure used in the construction of block
ciphers,named after the German-born physicist and cryptographyer Horst Feistel who
did pioneering research while working for IBM (USA);it is also commonly known as
a Feistel network.
 A large portion of block ciphers use the sheme,including the Data Encryption
Standard
 Feistel structure has the advantage that encryption and decryption operations are very
similar,even identical in some cases
 A Feistel network is an iterated cipher with an internal function called round function
Encryption
 Feistel cipher refers to a type of block cipher design,not a specific cipher 
 split plaintext block into left and right halves:Plaintext = (L0,R0)
 For each round i=1,2, ..... ,n compute
Li = Ri-1
Ri = Li-1 ⊕ f(Ri-1,Ki)
where f is round function and Ki is a subkey
 Ciphertext = (Ln,Rn)
Decryption in fiestal cipher
 Decryption:cipher text = (Ln,Rn)
 For each round i=n,n-1, ....... ,1 compute
o Ri-1 = Li
o Li-1 = Ri ⊕ f(Ri-1,Ki)
o where f is round function and Ki is subkey
 Plain text = (L0,R0)
Block cipher
 As the name suggests here the block of data is encrypted
 Typically block of data which is encrypted is 64-bit
 If the data has fewer no of bits than 'n'?
 If the data is not in the multiples of 'n' ?
Padding
 If the data has fewer than 'n' bits,padding must be done to make it 'n' bits
 If the message Size is not a multiple of 'n' bits,then it should be divided with into 'n'
bit blocks and the last block should be padded
Full Size Cipher
 Transposition Cipher 
 Substitution Cipher
Transposition cipher
 -It involves rearrangement of bits,without changing value
 -Consider an n-bit cipher 
 -How many key bits are necessary? n!
 -How many key bits are necessary ?
 ceil[log2(n!)]
Substitution cipher
 -It does not transpose bits,but substitutes values
 -can we model this as as permutation?
 -Yes.The n bits inputs and outputs can be represented as 2n bit sequences,with one 1
and rest 0's.this can be thus modeled as a transposition.
 -Thus it is a permutation of 2n values,thus needs
 ceil[log2(2n!)]bits
 No of possible r-arrangements = 8!
 -SIze of the key = [log2 8!]
 -In the case of a 3-bit transposition cipher,size of the key = log2 3!
Examples
 Cnsider a 3-bit block ciphers.How many bits are needed for the full-size Key?
 -Transposition cipher:ceil(log26)=3 bits
 -Substitution cipher:
 There are 8!=40,320 possible substitutions
 Thus there are ceil(log2(40,320))=16 bits
 Thus it is a permutation of 2n values,thus needs
 ceil[log2(216)]=65,536 bits
 -We can observe there is a lot unused keys.
Partial-Size key ciphers
 Actual ciphers cannot use full size keys,as the size is large
 Block ciphers are substitution ciphers(and not transpositions).why?
 -if we use transposition cipher then it will very easy for Attacker to break the code by
usng Hamming weight
 -Hamming weight is nothing but no of 1's in a given code
Example=(101011) Hamming weight is 4
 Consider DES,with 64 bit block cipher. 
 -Size of full key=ceil(log2(64!))≈ 270
 -Much large compared to 56 bits which is actually used
 -so we are using partial key cipher 
 -here we are considering the 56 bit key for DES
Components of Modern Block cipher
 Most important components are
-PBOX:It is a key-less fixed transposition cipher
-SBOX: It is a key-less fixed substitution cipher
 They are used to provide:
-DIFFUSION:It hides the relationship between the ciphertext and the plaintext
-CONFUSION:It hides the relationship between the ciphertext and the key
Principle of Confusion and Diffusion
 The design principles of Block Cipher depends on these properties
 The S-BOX is used to provide Confusion,as iti is dependent on the unkonwn Key
 The P-BOX is fixed,and there is no confusion due to it
 But it provides diffusion
 Properly combining these is necessary. 
 Diffusion boxes are generally of three types
S-B OX
 An S-Box(SUbstitution box) is an M*N susbtitution box where m and n are not
necessarily same. 
 Each output bit is a boolean function function of the inputs.
y1=f1(x1,x2, ........ ,xn) 
y2=f2(x1,x2, ....... ,xn)
 y3=f3(x1,x2, ........ ,xn)
 .........................
 ym=fm(x1,x2, ......... ,xn)
 All the S-boxes should be non-linear

 Suppose if you consider a bad S-box like Linear.what will happen?
Si(X1,X2, ....... ,X6)=(X2⊕X3, X1⊕X4⊕X5, X1⊕X6, X2⊕X3⊕X6)
y1=a11x1 ⊕a12x2 ⊕ ............ a1nxn
y2=a21x1 ⊕a22x2 ⊕ ............ a2nxn
ym=am1x1 ⊕am2x2 ⊕ ........... amnxn
 written equivalently: Si=AiX (mod 2)
 -That means we can represent them as form of matrix
 if you do in the same as above the S-BOX just perform XOR operation between
various things, permutes and shuffle bits around so it is just XOR's and bit
permutations
 As a result all the DES operations would be linear which does not provide security
 From this we can observe only S-BOX operations are non-linear to provide security
 Eg: y1=X1X3 ⊕X2,Y2=X1X2 ⊕X3
Permutation Box(P-BOX)
 permutation box (or P-box) is a method of bit-shuffling used to permute or transpose
bits across S-boxes inputs
Other Components
 Circular shift 
 -It shifts each bit in an n-bit word K positions to the left.the leftmost k bits become the
original rightmost bits.
 -Invertile Transformation
 -For example,repeatedly applying circular shifts to the four-tuple(a,b,c,d) successively
gives
 (d,a,b,c),(c,d,a,b),(b,c,d,a),(a,b,c,d)
Swap
 -A specail type of shift operation where k=n/2
 Other operations involve split and combine
 An important component is exclusive - or operation
Properties of EX-OR
 EX-or is a binary operator,which results in 1 when both the inputs have a different
logic.Otherwise,it computes 0
 -Symbol ⊕
 Closure:Result of exoring two n bit numbers is also n bits
 Associativity:Allows to use more than one's ⊕in any order
 - X ⊕(Y ⊕Z) = (X ⊕Y) ⊕Z
 Comutatavity:X ⊕Y=Y ⊕X
 Identity:The identity element is the n bit 0,represented by
 (0,0,0, ..... 0) = 0n
 Thus X ⊕0n = X
 Inverse:Each word is the additive inverse of itself
 X ⊕X = 0n
Application of EX-OR
 The key is known to both the encryptor and decryptor and helps to recoer the
plaintext.
 C=P ⊕ K
C ⊕ K = (P ⊕ K) ⊕ K
= P ⊕ (K ⊕ K)
= P ⊕ 0n(identity)
=P
A product cipher made of 2 rounds
 -Here 8th bit of the plain text is XOR ed with the 8 th bit of the Key
 -From Xor we got 2 bits of output and passed to different positions in the middle text
 -And from there it is XOR ed with the 2nd and 4th bit of the Key and produces four
output bits
 -An this four bit are passsed to 1,3,6,7 positions of the cipher text
 -Now you can see if you change or disturb one bit in the plain text then 4 bits are
affected in the cipher text
 -Here we can feel Diffusion(the single bit is converted into 4 bits )so hiding from the
plain text is provided
 -Here we can feel Confusion(the 1,3,6,7 bit are depend upon the 8th of k1,2nd and 4th
bit of the k2)so hiding of cipher text from the Key is obtained
Practical ciphers
 Large data blocks
 More S-boxes
 More rounds
 These help to improve the diffusion and confusion in the cipher
Lucifer –Madryga in Cryptography
 In the late 1960s, led by Horst Feistel and later by Walt Tuchman, IBM initiated a
research program in computer cryptography called Lucifer.
 function f is XORed with the input of the previous round S-boxes have 4-bit inputs
and 4-bit outputs A key bit is used to choose the actual S-box from two possible S-
boxes. (Lucifer represents this as a single T-box with 9 bits in and 8 bits out.) no
swapping between rounds and no block halves are used.
 Lucifer has 16 rounds, 128-bit blocks. the longer key length and lack of published
results.
 This is clearly not the case. Lucifer is the subject of several U.S. patents
Madryga
 W. E. Madryga proposed this block algorithm in 1984.
 No irritating permutations His design objectives
1. The plaintext without using the key. ( secure )

2. # operations required to determine the key from a sample of P and C = the product of the
operations in an encryption times the number of possible keys. ( no plaintext attack should be
better than brute force.)
3. Knowledge of the algorithm should not defeat the strength of the cipher. (All the security
should rest in the key.)
4. A 1-bit change of the key : a radical change in the ciphertext using the same plaintext a 1-
bit change of the plaintext : a radical change in the ciphertext using the same key. (the
avalanche effect)
5. Non-commutative combination of substitution and permutation.
6. Include substitutions and permutations under the control of both the input data and the key.
7. Redundant bit groups in the plaintext should be obscured in the ciphertext.
8. The length of the ciphertext = the length of the plaintext.
9. There should be no simple relationships between any possible keys and ciphertext effects.
10. no weak keys
11. The length of the key and the text should be adjustable to meet varying security
requirements.
12. The algorithm should be efficiently implementable in software on large mainframes. (In
fact, the functions used in the algorithm are limited to XOR and bit-shifting.)
Description of Madryga
Madryga consists of two nested cycles. The outer cycle repeats eight times and consists of an
application of the inner cycle to the plaintext. The point of the random constant is to turn the
key into a pseudo-random sequence.
The length of this constant = the length of the key and for everyone who wishes to
communicate with one another.
Cryptanalysis of Madryga The algorithm consists only of linear operations (rotations and
XOR), which are slightly modified depending on the data. There is nothing like the strength
of DES ’ s S-boxes. The parity of all the bits of the plaintext and the ciphertext is a constant,
depending only on the key. it doesn ’ t look terribly secure.
NewDES
 NewDES was designed in 1985 by Robert Scott as a possible DES replacement.
 The algorithm is not a DES variant, as its name might imply.

 It operates on 64-bit blocks of plaintext, but it has a 120-bit key.
 NewDES is simpler than DES, with no initial or final permutations.
 All operations are on entire bytes. (Actually, NewDES isn’t anything like a new
version of DES; the name is unfortunate.)
The plaintext block is divided into eight 1-byte sub-blocks: B0, B1,..., B6, B7. Then the sub-
blocks go through 17 rounds. Each round has eight steps. In each step, one of the sub-blocks
is XOR ed with some key material (there is one exception), substituted with another byte via
an f function, and then XORed with another sub-block to become that sub-block. The 120-bit
key is divided into 15 key sub-blocks: K0, K1,..., K13, K14. The process is easier to
understand visually than to describe. Figure shows the New DES encryption algorithm. The f-
function is derived from the Declaration of Independence. Scott showed that every bit of the
plaintext block affects every bit of the ciphertext block after only 7rounds.
analyzed the f function and found no obvious problems. NewDES has the same
complementation property that DES has
If EK(P) = C, then EK´(P´) = C´.

This reduces the work required for a brute-force attack from 2120 steps to 2119 steps. Biham
noticed that any change of a full byte, applied to all the key and data bytes, leads to another
complementation property.This reduces a brute-force attack further to 2112 steps.
GOST
GOST is a block algorithm from the former Soviet Union. “GOST” is an acronym for
“GOsudarstvennyi STandard,” or GOvernment STandard, sort of similar to a FIPS, except
that it can (and does) refer to just about any kind of standard. This standard is number 28147-
89. The Government Committee for Standards of the USSR authorized the standard, whoever
they were.
Description of GOST
GOST is a 64-bit block algorithm with a 256-bit key. GOST also has some additional key
material that will be discussed later. The algorithm iterates a simple encryption algorithm for
32 rounds. To encrypt, first break the text up into a left half, L. and a right half, R.
The subkey for round i is Ki .
A round, i, of GOST is:
L i = Ri – 1
Ri = Li -1 ⊕ f(Ri - 1, Ki )
Function f is straightforward. First, the right half and the ith subkey are added modulo 232.
The result is broken into eight 4-bit chunks, and each chunk becomes the input to a different
S-box. There are eight different S-boxes in GOST; the first 4 bits go into the first S-box, the
second 4 bits go into the second S-box, and so on. Each S-box is a permutation of the
numbers 0 through 15. For example, an S-box might be:
Figure 1 is a single round of GOST. Function f is straightforward. First, the right half and the
ith subkey are added modulo 232.
7, 10, 2, 4, 15, 9, 0, 3, 6, 12, 5, 13, 1, 8, 11
In this case, if the input to the S-box is 0, the output is 7. If the input is 1, the output is 10,
and so on.
All eight S-boxes are different; these are considered additional key material. The S-boxes are
to be kept secret. The outputs of the eight S-boxes are recombined into a 32-bit word, then
the entire word undergoes an 11-bit left circular shift. Finally, the result XORed to the left
half to become the new right half, and the right half becomes the new left half. Do this 32
times and you’re done.
The subkeys are generated simply. The 256-bit key is divided into eight 32-bit blocks: k1,
k2,..., k8.
Each round uses a different subkey, as shown in Table 1. Decryption is the same as
encryption with the order of the ki s reversed. The GOST standard does not discuss how to
generate the S-boxes, only that they are somehow supplied .
This has led to speculation that some Soviet organization would supply good S-boxes to those
organizations it liked and bad S-boxes to those organizations it wished to eavesdrop on. This
may very well be true, but further conversations with a GOST chip manufacturer within
Russia offered another alternative. He generated the S-box permutations himself, using a
random-number generator.
Table 1
Use of GOST Subkeys in Different Rounds

Round: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Subkey: 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
Round: 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Subkey: 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1
More recently, a set of S-boxes used in an application for the Central Bank of the Russian
Federation surfaced. These S-boxes are also used in the GOSTone-way hash function.
3-Way
 3-Way is a block cipher designed by Joan Daemen. It has a 96-bit block length and
key length, and is designed to be very efficient in hardware.
 3-Way is not a Feistel network, but it is an iterated block cipher.
 3-Way can have n rounds; Daemen recommends 11.
Description of 3-Way
The algorithm is simple to describe. To encrypt a plaintext block, x:
For i = 0 to n – 1
x = x XOR Ki
x = theta (x)
x = pi – 1 (x)
x = gamma (x)
x = pi – 2 (x)
x = x ⊕Kn
x = theta (x)
The functions are:
— theta(x) is a linear substitution function—basically a bunch of circular shifts and XORs.
— pi–1(x) and pi–2(x) are simple permutations.
— gamma(x) is a nonlinear substitution function. This is the step that gives 3-Way its name;
it is the parallel execution of the substitution step on 3-bit blocks of the input.
Decryption is similar to encryption, except that the bits of the input have to be reversed and
the bits of the output have to be reversed. So far, there has been no successful cryptanalysis
of 3-Way.
Crab
This algorithm was developed by Burt Kaliski and Matt Robshaw of RSA Laboratories.
The idea behind Crab is to use techniques from one-way hash functions to make a fast
encryption algorithm. Hence, Crab is very similar to MD5.Crab has a very large block: 1024
bytes. Since Crab is presented more as a research contribution than a real algorithm, no
definitive key-generation routines are presented.
The authors suggest a method that could turn an 80-bit key into three requisite subkeys,
although the algorithm could easily accept variable-length keys.
Crab uses two sets of large subkeys:
 A permutation of the numbers 0 through 255: P0, P1, P2,..., P255.

 A 2048-entry array of 32-bit numbers: S0, S1, S2,..., S2047.
 These subkeys must all be calculated before encryption or decryption.
Decryption is the reverse process.
 The S-array of 2048 32-bit words could be generated in a similar manner, either from
the same 80- bit key or from another key.
 Crab was proposed as a testbed of new ideas and not as a working algorithm.
 It uses many of the same techniques as MD5. Biham has argued that a very large
block size makes an algorithm easier to cryptanalyze.
 On the other hand, Crab may make efficient use of a very large key. In such a case,
“easier to cryptanalyze” might not mean much.
Rivest Cipher5 (RC5)
 RC5 is a block cipher with a variety of parameters:
 block size, key size, and number of rounds.
 It was invented by Ron Rivest and analyzed by RSA Laboratories.
There are three operations: XOR, addition, and rotations

Rotations are constant-time operations on most processors and variable rotations are a
nonlinear function. These rotations, which depend on both the key and the data, are the
interesting operation.
RC5 has a variable-length block, but this example will focus on a 64-bit data block.
Encryption uses 2r + 2 key-dependent 32-bit words—S0, S1, S2,..., S2r + 1—where r is the
number of rounds.
To encrypt, first divide the plaintext block into two 32-bit words: A and B. (RC5 assumes a
little-endian convention for packing bytes into words: The first byte goes into the low-order
bit positions of register A, etc.) Then:
RC5 is actually a family of algorithms. We just defined RC5 with a 32-bit word size and 64-
bit block; there’s no reason why the same algorithm can’t have a 64-bit word size and 128-bit
block size. For w = 64, P and Q are 0xb7e151628aed2a6b and 0x9e3779b97f4a7c15,
respectively.
Rivest designates particular implementations of RC5 as RC5-w/r/b, where w is the word size,
r is the number of rounds, and b is the length of the key in bytes.
RC5 is new, but RSA Laboratories has spent considerable time analyzing it with a 64-bit
block. After 5 rounds, the statistics look very good. After 8 rounds, every plaintext bit affects
at least one rotation. There is a differential attack that requires 224 chosen plaintexts for 5
rounds, 245 for 10 rounds, 253 for 12 rounds, and 268 for 15 rounds. Of course, there are
only 264 possible chosen plaintexts, so this attack won’t work for 15 or more rounds. Linear
cryptanalysis estimates indicate that it is secure after 6 rounds. Rivest recommends at least 12
rounds, and possibly 16 .This number may change.
Triple Encryption
Triple Encryption with Two Keys
A better idea, proposed by Tuchman in [1551], operates on a block three times with two keys:
with the first key, then with the second key, and finally with the first key again. He suggested
that the sender first encrypt with the first key, then decrypt with the second key, and finally
encrypt with the first key. The receiver decrypts with the first key, then encrypts with the
second key, and finally decrypts with the first key.
C = EK1(DK2(EK1(P))) P = DK1(EK2(DK1(C))
Triple Encryption with Three Keys
If you are going to use triple encryption, I recommend three different keys. The key length is
longer, but key storage is usually not a problem. Bits are cheap.
C = EK3(DK2(EK1(P))) P = DK1(EK2(DK3(C)))
The best time-memory trade-off attack takes 22n steps and requires 2n blocks of memory; it’s
a meet-in-the-middle attack [1075]. Triple encryption, with three independent keys, is as
secure as one might naïvely expect double encryption to be.
Triple Encryption with Minimum Key (TEMK)
There is a secure way of using triple encryption with two keys that prevents the previous
attack, called Triple Encryption with Minimum Key (TEMK) [858]. The trick is to derive
three keys from two: X1 and X2:
K1 = EX1(DX2(EX1(T1)))
K2 = EX1(DX2(EX1(T2)))
K3 = EX1(DX2(EX1(T3))) T1, T2, and T3 are constants, which do not have to be secret.
This is a special construction that guarantees that for any particular pair of keys, the best
attack is a known-plaintext attack. Triple-Encryption Modes It’s not enough to just specify
triple encryption; there are several ways to do it. The decision of which to use affects both
security and efficiency
CDMF Key Shortening
This method was designed by IBM for their Commercial Data Masking Facility or CDMF to
shrink a 56-bit DES key to a 40-bit key suitable for export.
It assumes that the original DES key includes the parity bits.
(1) Zero the parity bits: bits 8, 16, 24, 32, 40, 48, 56, 64.
(2) Encrypt the output of step (1) with DES and the key 0xc408b0540ba1e0ae,
and XOR the result with the output of step (1).
(3) Take the output of step (2) and zero the following bits: 1, 2, 3, 4, 8, 16, 17, 18, 19, 20, 24,
32, 33, 34, 35, 36, 40, 48, 49, 50, 51, 52, 56, 64.
(4) Encrypt the output of step (3) with DES and the following key: 0xef2c041ce6382fe6.
This key is then used for message encryption.
Remember that this method shortens the key length, and thereby weakens the algorithm.
Whitening
Whitening is the name given to the technique of XORing some key material with the input to
a block algorithm, and XORing some other key material with the output.
This was first done in the DESX variant developed by RSA Data Security, Inc., and then
(presumably independently) in Khufu and Khafre. (Rivest named this technique; it’s a
nonstandard usage of the word.)
The idea is to prevent a cryptanalyst from obtaining a plaintext/ciphertext pair for the
underlying algorithm.
The technique forces a cryptanalyst to guess not only the algorithm key, but also one of the
whitening values.
Since there is an XOR both before and after the block algorithm, this technique is not
susceptible to a meet-in-the-middle attack.
C = K3 ⊕ EK2(P ⊕ K1)
P = K1 ⊕ DK2(C ⊕ K3)
If K1 = K3, then a brute-force attack requires 2n + m/p operations, where n is the key size, m
is the block size, and p is the number of known plaintexts.
If K1 and K3 are different, then a brute-force attack requires 2n + m + 1 operations with

three known plaintexts. Against differential and linear cryptanalysis, these measures only
provide a few key bits of protection. But computationally this is a very cheap way to increase
the security of a block algorithm.
UNIT–V:
What is a smart card?

A smart card is a physical plastic card containing an embedded integrated
chip acting as a security token.
The chip can be an embedded microcontroller or a memory chip.
Smart cards with an embedded microcontroller have the distinct ability to
store data, carry out on-card functions, like encryption and mutual
authentication, and interact with a smart card reader.
In addition, they are tamper-resistant and protect in-memory information

using encryption.
So, they are robust and secure, ideal for everyday use.
The most common applications of smart cards include contactless payment

cards, employee ID badges, medical records cards, transit cards, health ID cards, etc.
This article will discuss what smart cards are, the different types of smart cards, how
they work, and their uses.
How Do Smart Cards Work?
A smart card needs a card reader to work correctly; it cannot function in isolation.
Smart cards contain a chip consisting of a contact pad, which makes electronic
interaction between itself and the card reader possible.
The working process of a smart card is comprised of the following steps:
1. First, the smart card makes contact with the card reader, either directly or
indirectly.
2. The smart card reader receives the information stored on the chip.
3. This information is sent to the controlling terminal for immediate processing.
The chip exchanges data with card readers through a serial interface either through
direct physical contact or via short-range wireless connectivity standards like RFID
or NFC.AdvantagesofSmartCards
The main advantages of smart cards are:

1. High levels of security
2. Larger memory
3. Prevents fraud
4. Reliability
5. Information Security
6. Privacy
7. Ease of use
8. Reduced cost for operators and users
How Can A Smart Card BeUsed.

Smart cards are used to deliver quick and secure transactions as well as protect
personal information. The common uses of smart cards in various industries are as
follows:
Banking
One of the most common uses of smart cards is payment cards like credit cards
and debit cards. Most of these cards are "chip and PIN" cards that require a PIN,
while others are "chip and signature" cards that require customer signature for
verification. In addition, these cards can be used as "electronic wallets" where you
can fill the chip with funds for small purchases like taxi rides, groceries, etc. Smart
cards provide the ideal solution for e-commerce transactions as they offer better
protection and confidentiality than other financial systems.
Healthcare
Rapidly increasing healthcare data poses a challenge to maintain the efficiency of
patient care - with some healthcare systems still relying heavily on paper-based
data collection and transference. Smart cards address these challenges by
providing secure storage and instant access to a patient's medical history.
Embedded smart cards provide safe and secure delivery of medical equipment like
dialysis machines, blood analyzers, and laser eye surgery equipment. They also
help reduce healthcare fraud, facilitate compliance with government initiatives like
organ donation, and decrease record maintenance costs.
Telecommunication
Subscriber Identity Molecules (SIM) cards used in mobile phones are reduced-size
smart cards. The SIM card utilizes a unique identifier to manage the privileges of
each subscriber to identify and bill them correctly. The security provided by SIM
cards also prevents wireless providers from fraud.
ID Verification & Access Control

Various business offices and universities use smart cards to verify identity. They can
offer a tamper-proof solution for companies requiring security demands to store
information, like fingerprints. Many U.S. government facilities use contactless
readers for access.
Information Technology
Smart cards can be used as a security token and store certificates for secure web
browsing. They enable secure login, authentication of users, storage of digital
certificates, credentials, passwords, and sensitive data encryption. These cards
make information readily available while maintaining the privacy of individuals and
keeping their information secure from unwanted intrusions.
Educational Institutes
Many schools and colleges also use smart cards for student attendance, tracking
books at the library, access to restricted facilities, and transportation services.

Students can also use them for payment at canteens, vending machines, etc.
This technology also helps reduce the admin burden on staff, free up teaching time,
and provide real-time data on student location and behavior.
Disadvantages of Smart Card
1. It is prone to damage easily.

2. Smart cards are expensive to manufacture.
3. Availability of Smart-Card reader is necessary.
What is Mobile DeviceSecurity?
Mobile Device Security is a combination of strategies and tools that secure mobile
devices against security threats. Although mobile security components vary based
on each company’s needs, mobile security always involves authenticating users and
restricting network access.
Why is mobile device security important?
Every day, businesses are targeted by cyber criminals looking for sensitive data
they can use to steal identities and commit fraud.
Sometimes cyber criminals use ransomware attacks to extort money from
corporations and small businesses.
Cyber criminals target mobile devices because users don’t always secure their
devices or practice safe habits.
Components of mobile devicesecurity

Here are some solutions that can help keep your mobile devices more secure.
Endpoint security:
As organizations embrace flexible and mobile workforces, they must deploy
networks that allow remote access. Endpoint security solutions protect corporations
by monitoring the files and processes on every mobile device that accesses a
network. By constantly scanning for malicious behavior, endpoint security can
identify threats early on. When they find malicious behavior, endpoint solutions
quickly alert security teams, so threats are removed before they can do any
damage.
VPN:
A virtual private network, or VPN, is an encrypted connection over the Internet from
a device to a network. The encrypted connection helps ensure that sensitive data is
safely transmitted. It prevents unauthorized people from eavesdropping on the
traffic and allows the user to conduct remote work safely.
Secure web gateway:

Secure web gateways provide powerful, overarching cloud security. Because 70
percent of attacks are distinct to the organization, businesses need cloud security
that identifies previously used attacks before they are launched. Cloud security can
operate at the DNS and IP layers to defend against phishing, malware, and
ransomware earlier. By integrating security with the cloud, you can identify an attack
on one location and immediately prevent it at other branches.
Email security:
Email is both the most important business communication tool and the leading
attack vector for security breaches. In fact, according to the latest Cisco Midyear
Cybersecurity Report, email is the primary tool for attackers spreading ransomware
and other malware. Proper email security includes advanced threat protection
capabilities that detect, block, and remediate threats faster; prevent data loss; and
secure important information in transit with end-to-end encryption.
Cloud access security broker:

Your network must secure where and how your employees work, including in the
cloud. You will need a cloud access security broker (CASB), a tool that functions as
a gateway between on-premises infrastructure and cloud applications (Salesforce,
Dropbox, etc.). A CASB identifies malicious cloud-based applications and protects
against breaches with a cloud data loss prevention (DLP) engine.
What are SDA, DDA, and CDA?

SDA (Static Data Authentication), DDA (Dynamic Data Authentication), and CDA
(Combined Dynamic Data Authentication) are Oﬄine data verification methods.
SDA (Static Data Authentication)

When used in ATM and POS terminal, RSA signatures that verify the credit card
itself are the first and most basic crypto layer. For SDA, the smart card contains
application data signed by the private key of the issuer RSA key pair. When a card
with an SDA application is inserted into a terminal, the card sends these signed
static application data, the CA index, and the issuer certificate to the terminal (POS /
ATM).
The terminal verifies the issuer certificate and digital signature by comparing it with
the actual application data on the card. In short, an RSA signature assures that the
data is original and created by the authorized issuer.
DDA – Dynamic Data Authentication

It cannot prevent repetitive attacks because of using the same static data in every
transaction. This can be improved with a DDA card with variable and transaction-
specific data and has its own unique RSA key that sends it to the terminal.
When a card with DA application is inserted into a terminal, the card carries the
signed dynamic application data, CA index, issuer certificate, and card certificate to
the terminal (POS / ATM). The terminal then verifies the issuer certificate, smart card
certificate, and signed dynamic application data.
CDA(Combined Dynamic Data Authentication)

When verifying with DDA, the terminal can verify the card but cannot verify that the
next operation is performed by this card.
CDA closes the gap invalidation with DDA. With CDA, the card digitally signsall-
important transaction data to verify the card and the transaction.
What is a Secure PaymentSystem?

A secure payment system, or SPS, refers to payment processing and information
services that provide users’ security online. An SPS is a type of payment processing
that ensures a user’s financial and personal information is protected from fraud and
unauthorized access. These systems must provide reliable services as billions of
dollars are transferred through them every year.
Digital payments are changing the way we do business across the world. E-
commerce technology is furthering the ability of businesses to receive and accept
various types of payment methods. The use of an SPS as a payment processor is

required to do this securely and safely.
More people pay with a credit card, debit card, or online and mobile apps, over
cash these days, making secure payment systems a must for all businesses.
What Is Bitcoin and How DoesIt Work?

Bitcoin is a decentralized digital currency that is exchanged between two parties
without involving intermediaries like banks or other financial institutions.
As defined in a whitepaper released by the hidden inventor of Bitcoin, Satoshi
Nakamoto,(https://coinsutra.com/satoshi-nakamoto-facts/#:~:text=His%20full%20
name%2C%20as%20reported,laid%20off%20by%20the%20government.)
Bitcoin is “a purely peer-to-peer version of electronic cash that would allow online
payments to be sent directly from one party to another without going through a
financial institution”.
To understand Bitcoin, one needs to understand the underlying structure, the
manner of operation of the Bitcoin ecosystem and the extent of usage of the same
in India.
How Does Bitcoin Work?
Bitcoin achieves elimination of intermediaries with the help of its underlying
technology, blockchain. Currently if you have to transfer funds to someone, one of
the possible ways is by giving cash or alternatively use a trusted intermediary
(example, a bank). Both the mechanisms, whether it be physical cash (with the
central bank of the country as the guarantor) or electronic transfer, involve an
intermediary (in the later case, a bank or another financial institution). When
intermediaries are involved, there are transaction costs. How the blockchain
technology helps achieve elimination of intermediaries is by replacing trust that
intermediaries bring to the table with cryptographic proof by the use of CPU
computing power.This cryptographic trust is built into Bitcoin through a wallet, a
public key and a

private key in the program.
Anyone can create a Bitcoin wallet for free by downloading the Bitcoin program.
Each wallet contains a public key and a private key.
The public key is like an address or an account number via which any person can
receive Bitcoins.
A private key is like a digital signature via which a person can send Bitcoins. The
name suggests that private keys should be only held and known by the owner and
public keys can be shared with anyone for receiving Bitcoins. That is where you
would have heard in the news about Bitcoins being lost either due to a private key
not being accessible or stolen by hackers.
Owners of Bitcoin addresses are not explicitly identified, but all transactions on the
blockchain are public.
Taxation of Bitcoin in India

Even though India has not specified its stand on the legality of investment in Bitcoin,
the recently announced Budget 2022 vide Finance Bill 2022 proposes to introduce a
framework for taxation of virtual digital assets. Once, the Finance Bill is ratified into
an Act, the said framework would be made effective for Financial Year 2022-2023
onwards.
The taxation as per the Budget 2022 proposal would be taxation of gains at the rate
30% on transfer of Bitcoin.
The Government has proposed to introduce a new section 115BBH in the Income
Tax Act, 1961 (‘the IT Act’) for taxation of income from transfer of virtual digital
assets. In accordance with the said section, where the total income includes any
income from transfer of any virtual digital assets, the said income would be
subjected to a tax rate of 30% and such rate would be enhanced by an applicable
surcharge rate, if any, and a health and education cess.
Financial Cryptography (https://iang.org/papers/fc7.html )
Pohlig–Hellman Algorithm
The Pohlig–Hellman algorithm, sometimes credited as the Silver–Pohlig–Hellman algorithm
The algorithm was introduced by Roland Silver, but first published by Stephen
Pohlig and Martin Hellman . (https://risencrypto.github.io/PohligHellman/ )
The Pohlig-Hellman Algorithm helps solve the for

Finite Fields whose order can be factored into prime powers of smaller primes.
The algorithm reduces the computation of the discrete log in the Finite Field G to
the computation of the discrete log in prime order subgroups of ⟨G⟩.
For e.g. Order of GF(p)=p−1=pn11.pn22.pn33…
The PH algorithm allows your solve the DLP in the smaller subgroups of order
pn11.pn22.pn33etc and then combine the solutions using the Chinese
Remainder Theorem(CRT) to get the solution for the original DLP.
The Algorithm
Let g be a generator in GF(p)
y ≡ gx mod p
y,p & g are known. The discrete log problem here is to find x
Order of GF(p)=p−1= pn11.pn22.pn33…
Let’s take the prime power factors one by one.
First consider pn11
Let x be the solution for the subgroup of order pn11

First we expand x as a base p1 number.
Note: For e.g. if p1=2, then we have to expand x in base 2 (i.e. do a binary
expansion). If x is 13, then in binary (base 2), we can write it as 1101.
So the binary expansion of x=13 will be
x=13=1101=1.2 0+0.21+1.22+1.23
If we are solving for mod2n, then the max value of x can only be 2n−1.
The number 2n in binary representation needs n+1 bits. So the number 2n−1 will need
n bits. Hence when we expand x in base 2, we will have n co-efficients from 0 to
n−1.
Elliptic-curve
cryptography/cryptosystem
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography
based on the algebraic structure of elliptic curves over finite fields.
ECC allows smaller keys compared to non-EC cryptography to provide equivalent
security.The use of elliptic curves in cryptography was suggested independently by
NealKoblitz and Victor S. Miller in 1985.
Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.
ECC is an alternative to the Rivest-Shamir-Adleman (RSA) cryptographic algorithm

and is most often used for digital signatures in cryptocurrencies, such as Bitcoin
and Ethereum, as well as one-way encryption of emails, data and software.
An elliptic curve is not an ellipse, or oval shape, but it is represented as a looping

line intersecting two axes, which are lines on a graph used to indicate the position of
a point. The curve is completely symmetric, or mirrored, along the x-axis of the
graph.
In general, an elliptic curve looks like as shown above. Elliptic curves can intersect
almost 3 points when a straight line is drawn intersecting the curve. As we can see,
the elliptic curve is symmetric about the x-axis. This property plays a key role in the
algorithm.
Public key cryptography systems, like ECC, use a mathematical process to merge
two distinct keys and then use the output to encrypt and decrypt data. One is a
public key that is known to anyone, and the other is a private key that is only known
by the sender and receiver of the data.
ECC generates keys through the properties of an elliptic curve equation instead of
the traditional method of generation as the product of large prime numbers. From a
cryptographic perspective, the points along the graph can be formulated using the
following equation:
Where ‘a’ is the co-efficient of x and ‘b’ is the constant of the equation.
ECC is like most other public key encryption methods, such as the RSA algorithm
and Diffie-Hellman.
Each of these cryptography mechanisms uses the concept of a one-way function.
This means that a mathematical equation with a public and private key can be
used to easily get from point A to point B.
But, without knowing the private key and depending on the key size used, getting
from B to A is difficult, if not impossible, to achieve.
ECC was first developed by Certicom, a mobile e-business security provider, and
was then licensed by Hifn, a manufacturer of integrated circuitry and network
security products. Vendors, including 3Com, Cylink Corp., Motorola, Pitney Bowes,
Siemens, TRW Inc. (acquired by Northrop Grumman) and Verifone, supported ECC
in their products.
McEliece cryptosystem
https://en.wikipedia.org/wiki/McEliece_cryptosystem
McEliece cryptosystem is based on a similar

design principle as the Knapsack cryptosystem.
McEliece cryptosystem is formed by transforming
an easy to break cryptosystem into a cryptosystem
that is hard to break because it seems to be based
on a problem that is, in general, NP-hard.
The underlying fact is that the decision version of

the decryption problem for linear codes is in
general NP-complete. However, for special types
of linear codes polynomial-time decryption
algorithms exist. One such a class of linear codes,
the so-called Goppa codes, are used to design
McEliece cryptosystem.
m
Goppa codes are [2 , n - mt, 2t + 1]-codes, where
m
n=2 .
(McEliece suggested to use m = 10, t = 50.)
McEliece Cryptosystem DESIGN
Goppa codes are [2m, n - mt, 2t + 1]-codes, where n = 2m.
Design of McEliece cryptosystems. Let
• G be a generating matrix for an [n, k, d] Goppa code C;
• S be a k × k binary matrix invertible over Z2;
• P be an n × n permutation matrix;
• G‘ = SGP.
•
Let P = (Z2)k, C = (Z2)n, K = (G, S, P, G‘).
G' is made public, G, S, P are kept secret.
Encryption: eK(w, e) = wG‘ + e, where e is a binary vector of length n and weight t.
Decryption of a cryptotext c = wG’+e Î (Z2)n.
1. Compute c1 = cP –1 =wSGPP –1 + eP –1 = wSG+eP-1
2. Decode c1 to get w1 = wS,
Compute w = w1S -1

Ac$is Lecture Notes

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

Ac$is Lecture Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ac$is Lecture Notes

Uploaded by

Copyright:

Available Formats

Applied Cryptography and Information Security

Subject Code: MR23-1CS0402

Information Security - Confidentiality, Integrity & Availability – Authentication,

“Crypt” means “hidden” and “graphy” means “writing”. Cryptography is technique of

2. A network manager, D, transmits a message to a computer, E, under its management. The

5. A message is sent from a customer to a stockbroker with instructions for various

Computer Security Concept

A) Data confidentiality: Assures that private or confidential information is not made

B) Privacy: Assures that individuals control or influence what information related to

This term covers two related concepts:

B) System integrity: Assures that a system performs its intended function in an

There are several authentication types as follows:

1. Single-Factor Authentication (SFA)

2. Two-factor authentication (2FA)

3. Multi-Factor Authentication (MFA)

1. Single-Factor Authentication (SFA)

Strengthened authentication by asking for additional authentication factors, such as a

3. Multi-Factor Authentication (MFA)

Example, a user ID and password, biometric signature and perhaps a personal

Biometric Authentication for 2FA and MFA

⮚ Authorization is a process by which a server determines if the client has permission to

⮚ Non-repudiation is a legal concept that is widely used in information security and

⮚ In other words, non-repudiation makes it very difficult to successfully deny

Attacks: A General View

Attacks: A Technical View

(a) Theoretical concepts behind these attacks

(b) Practical approaches used by the attackers.

i. Interception – (confidentiality)It means that an unauthorized party has gained access to

How to avoid passive attack

 We should avoid posting sensitive information or personal information online.

Masquerade: - is caused when an unauthorized entity pretends to be another entity. As

Security Mechanisms in IS:

Various mechanisms are designed to recover from these specific attacks.

Identification: Determining the identity of a user or system attempting to access

Authorization: Granting or denying access to resources based on the authenticated identity

3.Notarization:This security mechanism involves use of trusted third party in

Ex: Wifi , Bluetooth.

Basic Terms in Information Security

PlainText : An original message is known as the plaintext

Encryption is the process of converting normal message (plaintext) into meaningless

Secure Key/Cryptographic Key

In cryptography, a key is a string of characters used within an encryption algorithm for

The formula: plaintext + key = ciphertext

2. Asymmetric Encryption-Asymmetric Cryptography is also known as public-key

Symmetric Key Encryption Asymmetric Key Encryption

3. The symmetric encryption process

4. It is used when a large amount of data

5.It provides confidentiality, authenticity, and non-

7.In symmetric key encryption, resource

2.Transposition techniques : in this techniques no preplacement /substitution is done . It performs

1 Ceaser cipher Rail fence cipher

2 Monoalphabetic cipher Row column

6 One time pad

Example: Vigenère Cipher

2. Row Transposition techniques

A digital signature is a mathematical technique used to validate the authenticity and

STEP-1: Key Generation Algorithms

STEP-3: Signature Verification Algorithms