Vishesh Shrivastava

Chapter 1

Computer Security and Cryptography

1.1

Introduction

Network security has become very much important to

personal computer users, organizations, and the military.
With the advent of the internet, security became a major
concern and the history of security allows a better
understanding of the emergence of security technology.
Network securitybasicallyconsists of the provisions and
policies adopted by a network administrator to prevent and
monitor unauthorized access, misuse, modification, or
denial of a computer network and network-accessible
resources. Network security includes the authorization of
access to data in a network, which is controlled by the
network administrator. Users choose or are assigned an ID
and password or other authenticating information that
allows them access to information and programs within
their authority. The internet structure itself allowed for
many security threats to occur. The architecture of the
internet, when modified can reduce the possible attacks that
can be sent across the network. Knowing the attack methods,
allows for the appropriate security to emerge. Many
businesses secure themselves from the internet by means of

firewalls and encryption mechanisms. The businesses create

an intranet to remain connected to the internet but secured
from possible threats.

1.2

Need for Security

Security is the degree of protection against danger, damage, loss,

and crime. Securities as a form of protection are structures and
processes that provide or improve security as a condition. In the
field of information technology; security is characterized into the
following categories:
a.
b.
c.
d.
e.

Application Security
Computer security
Data Security
Information Security
Network Security

In this chapter we will study about the various methods that we

can adopt for the purpose of security, But before that lets define
network Security.
Network Security is a set of policies adopted by the network
administrator to protect the network and the networkaccessible resources from unauthorized access. A typical
network consists of client terminals, and one or more servers and
or host computers. These are linked by communication systems
which may be within the company or open to public access, like
the internet.
Network Security is about protecting all the valuable assets that
belong to the company to maintain the intellectual property of the

Vishesh Shrivastava

company and ensure smooth operation. Therefore there is the

need for a sound network security strategy which will uncover
threats and then find ways to combat them.

1.3

Principle of Security

Security architecture for OSI, define such a systematic approach.

The OSI security architecture is useful to managers, as a way of
organizing the task of providing security. It was developed as an
international standard.The OSI security architecture focuses on
security attack, mechanism, and services. These can be defined
briefly as follows:
Security Attack: Security attack is an action that
compromises the security of information owned by an
organization.
2. Security Mechanism: The Security mechanism is a process
that is designed to detect, prevent or recover from a
security attack. And security mechanism is a method
which is used to protect your message from unauthorized
entity.
3. Security Services: Security Services are the services to
implement security policies and implemented by security
mechanism.
1.

The basics Principle of security is as follows:Authentication

Authentication identifies who is requesting network services. The
term authentication usually refers to authenticating users but can
also refer to authenticating devices or software processes. Most of
the security policies state that to access a network and its services,
a user must enter a login ID and password that are authenticated
by a security server. To maximize security, one-time passwords
can be used. With one-time password systems, a user's password
always changes. This is often accomplished with a security card,
also called a Smartcard. A security card is a physical device about
the size of a credit card. The user types a personal identification
number (PIN) into the card. The PIN is an initial level of security
that simply gives the user permission to use the card. The card
provides a one-time password that is used to access the corporate
network for a limited time. The password is synchronized with a
central security card server that resides on the network. Security

Vishesh Shrivastava

cards are commonly used by telecommuters and mobile users.

They are not usually used for LAN access.

privileges to processes and users. Authorization lets a security

administrator control parts of a network

Authentication is traditionally based on one of three proofs:

Authorization varies from user to user, partly depending on a

user's department or job function. For example, a policy might
state that only Human Resources employees should see salary
records for people they don't manage. Security experts
recommend use of the principle of least privilege in the
implementation of authorization. This principle is based on the
idea that each user should be given only the minimal necessary
rights to perform a certain task. Therefore, an authorization
mechanism should give a user only the minimum access
permissions that are necessary.

Something the user knows: This usually involves

knowledge of a unique secret that is shared by the
authenticating parties. To a user, this secret appears as a
classic password, a PIN, or a private cryptographic key.
Something the user has: This usually involves physical
possession of an item that is unique to the user. Examples
include password token cards, security cards, and
hardware keys.
Something the user is: This involves verification of a
unique physical characteristic of the user, such as a
fingerprint, retina pattern, voice, or face.

Many systems use two-factor authentication, which requires a

user to have two proofs of identity. An example is an access
control system that requires a security card and a password. With
two-factor authentication, a compromise of one factor does not
lead to a compromise of the system. An attacker could learn a
password, but the password is useless without the security card.
Conversely, if the security card is stolen, it cannot be used without
the password.

Access Control
Access control mechanism is used to prevent unauthorized access
of resources. This helps the operating system to allow the access to
particular data or resource. Whereas authentication controls who
can access network resources, authorization says what they can do
after they have accessed the resources. Authorization grants

Data Confidentiality
It is used to protect the content of data from unauthorized
disclosure. Basically Confidentiality is the protection of
transmitted data from passive attacks. Confidentiality refers to
limiting information access and disclosure to authorized users -"the right people" -- and preventing access by or disclosure to
unauthorized ones -- "the wrong people."
Data Integrity
The concept of data integrity is used to protect data from
unauthorized modifications. Integrity, in terms of data and
network security, is the assurance that information can only be
accessed or modified by those authorized to do so. Measures
taken to ensure integrity include controlling the physical
environment of networked terminals and servers, restricting
access to data, and maintaining authentication practices. Practices
followed to protect data integrity in the physical environment
include: making servers accessible only to network

Vishesh Shrivastava

administrators, keeping transmission media

covered and
protected to ensure that they cannot be tapped, and protecting
hardware and storage media from power surges, electrostatic
discharges, and magnetism.
Network administration measures to ensure data integrity
include: maintaining current authorization levels for all users,
documenting system administration procedures, parameters, and
maintenance activities, and creating disaster recovery plans for
occurrences such as power outages, server failure, and virus
attacks.

Non-repudiation
Non- repudiation is the assurance that someone cannot deny
something. Typically, no repudiation refers to the ability to ensure
that a party to a contract or a communication cannot deny the
authenticity of their signature on a document or the sending of a
message that they originated. To repudiate means to deny. For
many years, authorities have sought to make repudiation
impossible in some situations. You might send registered mail, for
example, so the recipient cannot deny that a letter was delivered.
Similarly, a legal document typically requires witnesses to signing
so that the person who signs cannot deny having done so.
On the Internet, a digital signature is used not only to ensure that
a message or document has been electronically signed by the
person that purported to sign the document, but also, since a
digital signature can only be created by one person, to ensure that
a person cannot later deny that they furnished the signature.
Since no security technology is absolutely fool-proof, some
experts warn that a digital signature alone may not always

guarantee non-repudiation. It is suggested that multiple

approaches be used, such as capturing unique biometric
information and other data about the sender or signer that
collectively would be difficult to repudiate.

Availability (Usability)
It assures that a system or a resource is accessible and useable
upon demand of authorized users. Data availability is a term used
by some computer storage manufacturers and storage service
providers to describe products and services that ensure that data
continues to be available at a required level of performance in
situations ranging from normal through "disastrous." In general,
data availability is achieved through redundancy involving where
the data is stored and how it can be reached. Some vendors
describe the need to have a data center and a storage-centric
rather than a server-centric philosophy and environment.
Relationship between Security Service and mechanism
Security Service
Peer entity Authentication
Data origin authentication
Access control
Confidentiality
Traffic flow confidentiality
Data integrity
Non-Repudation

Supporting Security Mechanism

Encipherment, digital signature,
authentication exchange.
Encipherment, digital signature
Access control
Encipherment, routing control
Encipherment, routing control,
traffic padding
Encipherment, digital signature,
data integrity
digital signature, data integrity,
Notarization

Availability

Data
integrity
exchange.

Vishesh Shrivastava

authentication

1.4 Types of Attack

The security attack is an action that compromises the security of
information owned by an organization. Classes of attack might
include passive monitoring of communications, active network
attacks, close-in attacks, exploitation by insiders, and attacks
through the service provider. Information systems and networks
offer attractive targets and should be resistant to attack from the
full range of threat agents, from hackers to nation-states. A system
must be able to limit damage and recover rapidly when attacks
occur. Various types of attacks are as follows:

Passive Attack

A passive attack is one where the attacker merely eavesdrops on

packets that others are sending, without injecting any new packets
and without modifying any of the packets others have sent. It
means in this type of attack the attacker monitors unencrypted
traffic and looks for clear-text passwords and sensitive
information that can be used in other types of attacks. Passive
attacks include traffic analysis, monitoring of unprotected
communications, decrypting weakly encrypted traffic, and
capturing authentication information such as passwords. Passive
interception of network operations enables adversaries to see
upcoming actions. Passive attacks result in the disclosure of
information or data files to an attacker without the consent or
knowledge of the user.
Active Attack
An active attack is one in which an unauthorized change of the
system is attempted. This could include, for example, the
modification of transmitted or stored data, or the creation of new
data streams. In an active attack, the attacker tries to bypass or
break into secured systems. This can be done through stealth,
viruses, worms, or Trojan horses. Active attacks include attempts
to circumvent or break protection features, to introduce malicious
code, and to steal or modify information.
Distributed Attack
A distributed attack requires that the adversary introduce code,
such as a Trojan horse or back-door program, to a trusted
component or software that will later be distributed to many other
companies and users Distribution attacks focus on the malicious
modification of hardware or software at the factory or during

Vishesh Shrivastava

distribution. These attacks introduce malicious code such as a

back door to a product to gain unauthorized access to information
or to a system function at a later date.
Insider Attack
An insider attack involves someone from the inside, such as a
disgruntled employee, attacking the network Insider attacks can
be malicious or no malicious. Malicious insiders intentionally
eavesdrop, steal, or damage information; use information in a
fraudulent manner; or deny access to other authorized users. No
malicious attacks typically result from carelessness, lack of
knowledge, or intentional circumvention of security for such
reasons as performing a task
Close-in Attack
A close-in attack involves someone attempting to get physically
close to network components, data, and systems in order to learn
more about a network Close-in attacks consist of regular
individuals attaining close physical proximity to networks,
systems, or facilities for the purpose of modifying, gathering, or
denying access to information. Close physical proximity is
achieved through surreptitious entry into the network, open
access, or both.

One popular form of close in attack is social engineering in a

social engineering attack; the attacker compromises the network
or system through social interaction with a person, through an email message or phone. Various tricks can be used by the
individual to revealing information about the security of
company. The information that the victim reveals to the hacker
would most likely be used in a subsequent attack to gain
unauthorized access to a system or network.

Phishing Attack

In phishing attack the hacker creates a fake web site that looks
exactly like a popular site such as the SBI bank or paypal. The
phishing part of the attack is that the hacker then sends an e-mail
message trying to trick the user into clicking a link that leads to
the fake site. When the user attempts to log on with their account
information, the hacker records the username and password and
then tries that information on the real site.
Hijack attack
In a hijack attack, a hacker takes over a session between you and
another individual and disconnects the other individual from the
communication. You still believe that you are talking to the
original party and may send private information to the hacker by
accident.
Spoof attack
In a spoof attack, the hacker modifies the source address of the
packets he or she is sending so that they appear to be coming from
someone else. This may be an attempt to bypass your firewall
rules.
Buffer overflow
A buffer overflow attack is when the attacker sends more data to
an application than is expected. A buffer overflow attack usually
results in the attacker gaining administrative access to the system
in a command prompt or shell.

Exploit attack

Vishesh Shrivastava

In this type of attack, the attacker knows of a security problem

within an operating system or a piece of software and leverages
that knowledge by exploiting the vulnerability.

cryptography is most often associated with scrambling plaintext

into ciphertext, then back again.

Password attack
An attacker tries to crack the passwords stored in a network
account database or a password-protected file. There are three
major types of password attacks: a dictionary attack, a brute-force
attack, and a hybrid attack. A dictionary attack uses a word list
file, which is a list of potential passwords. A brute-force attack is
when the attacker tries every possible combination of characters.

To protect the valuable data and information various techniques

are used one of them is Cryptography.

1.5 Cryptography
Cryptographyis the science of using mathematics to encrypt and
decrypt data. The word is Cryptography derived from the Greek
kryptos, the meaning of kryptos is Hidden. Cryptography is
closely related to the disciplines of cryptology and cryptanalysis.
Cryptography includes techniques such as microdots, merging
words with images, and other ways to hide information in storage
or transit. However, in today's computer-centric world,

Plain Text:- Plaintext is the text which is to be encrypted. This is

ordinary text, sometimes referred to as cleartext.
Cipher Text:- Ciphertext is encoded text, after it has been passed
through an Encryption algorithm. It is the product of Plaintext
after Encryption.
Encryption:- Encryption is the conversion of data into a form,
called a ciphertext, that cannot be easily understood by
unauthorized people.
Decryption:-Decryption is the process of converting encrypted
data back into its original form, so it can be understood.
Modern cryptography concerns itself with the following four
objectives:
1) Confidentiality: - The information cannot be understood by
anyone for whom it was unintended.
2) Integrity: - The information cannot be altered in storage or
transit between sender and intended receiver without the
alteration being detected.
3) Non-repudiation: - The creator/sender of the information
cannot deny at a later stage his or her intentions in the creation or
transmission of the information.

Vishesh Shrivastava

4) Authentication: -The sender and receiver can confirm each

others identity and the origin/destination of the information.

Now you will think how does cryptography work? The answer is
A cryptographic algorithm, orcipher, is a mathematical function
used in the encryption and decryption process. A cryptographic
algorithm works in combination with a key a word, number, or
phrase; to encrypt the plaintext. The same plaintext encrypts to
different ciphertext with different keys. The security of encrypted
data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key.

by other users. Incoming messages would have been encrypted

with the recipient's public key and can only be decrypted with his
corresponding private key. The keys are related mathematically,
but the user private key cannot be derived from the widely used
public key.

Conventional cryptography or symmetric-key Cryptography

The conventional cryptography is also called secret-key or
symmetric-key cryptography, only one key is used both for
encryption and decryption. Figure shows the conventional
encryption process.
1.6

The Shift Cipher

The shift cipher is very simple for encryption of any plain text in
which each letter of the message is shifted a fixed distance down
the alphabet. Our "alphabet," including punctuation and both
upper and lowercase letters, is numbered from 0 to 94.

Public key cryptography or Asymmetric Key Cryptography

Public-key cryptography is also known as asymmetric
cryptography, is a form of cryptography in which the key used to
encrypt a message differs from the key used to decrypt it. In
public key cryptography, each user has a pair of cryptographic
keys a public key and a private key. The private key is kept
secret, while the public key may be widely distributed and used

A shift cipher is a cryptosystem that shifts each character in the

message by k positions. For example, if k = 3, then a is converted
into d, b into e, ,x into a, y into b, and z into c. The number k is
called the key of the cryptosystem.
To make the cipher more difficult to understand, spaces and all
punctuations are removed from the message before encryption.
A B C D E F G H I
J
K L M N
0
1
2
3
4
5 6
7
8
9
10 11 12 13

O
14

P
15

Q
16

R
17

S
18

T
19

U
20

V
21

W
22

X
23

Y
24

Z
25

Vishesh Shrivastava

Consider the following example where

Plaintext :- MY NAME IS KHAN
Key :- 3
M
P

Y
B

N
Q

A
D

M
P

E
H

I
L

S
V

K
L

H
K

A
D

N
Q

So the cipher text will be

Ciphertext:- PBQDPHLVNKDQ
Here the key for encryption is 3 now every alphabet in the
plaintext will be replaced by the third alphabet down the order.
As M P, YB, NQ and so and to make it more complex the
spaces between the words are removed.

For decryption of the message we will change every alphabet by

its third alphabet up the order.
We have our first cipher, and already, we see that it is a bit
tedious to encrypt and decrypt the message. One way to help ease
this process is to think of each letter as a number, with A

corresponding A to 1, B to 2, and so on up to Z corresponding to

26.
Then, we can represent a shift of n to the right as simply adding n
to each number. For example, in the same example MY NAME IS
KHAN with a shift of 7:
MY NAME IS KHAN
First, we write the message in number form:
M

13

25

14

13

19

11

14

13-25 14-1-13-5 9-19 11-8-1-14

Now all she does is adds 7 to each of the numbers:
Plaintext M
Shift No 13
Add +7
20

Y
25
32

N
14
21

A
1
8

M
13
20

E
5
12

I
9
16

S
19
26

K
11
17

H
8
15

A
1
8

N
14
21

20-32 21-8-20-12 16-26 18-15-8-21

Does anyone see a problem with the encrypted message above? If
you spotted that we don't have a letters corresponding to
numbers bigger than 26, good for you. There is an easy fix to this
problem, however. Remember originally that we 'wrapped
around' once we got to Z. The number equivalent to wrapping
around is subtracting 26 if the number is too big. Thus, MY
NAME IS KHAN becomes
20-32-21-8-20-12 -16-26-18-15-8-21
To decrypt this, Dave simply subtracts 7 from each of these
numbers and adds 26 to anything he gets that is negative. As you
will try, this is much faster than our first method which used only
letters.

Vishesh Shrivastava

13-25-14-1-13-5-9-19-11-8-1-14
Now we can put the alphabets in place of the numbers and
retrieve the plain text MY NAME IS KHAN.
1.7

The Substitution Cipher

The substitution cipher is a method of encryption by which units

of plaintext are replaced with ciphertext, according to a regular
system; the "units" may be single letters, pairs of letters, triplets of
letters, mixtures of the above, and so forth. The receiver deciphers
the text by performing an inverse substitution.
Actually, in the case of the Substitution Cipher, we might as well
take P and C both to be the 26 letter English alphabet. We used Z26
in the Shift Cipher because encryption and decryption were
algebraic operations. But in the Substitution Cipher, it is more
convenient to think of encryption and decryption as permutations
of alphabetic characters. There are a number of different types of
substitution cipher. If the cipher operates on single letters, it is
termed a simple substitution cipher; a cipher that operates on
larger groups of letters is termed polygraphic. A monoalphabetic
cipher uses fixed substitution over the entire message, whereas a
polyalphabetic cipher uses a number of substitutions at different
positions in the message, where a unit from the plaintext is
mapped to one of several possibilities in the ciphertext and vice
versa.
A key for the Substitution Cipher just consists of a permutation of
the 26 alphabetic characters. The number of these permutations is
26!, which is more than 4.0 10 26a very large number. Thus, an
exhaustive key search is infeasible, even for a computer.

Specified methods used in Substitution Cipher:

a. Caesar Cipher

b.
c.
d.
e.
f.

Modified Caesar Cipher

Monoalphabetic Cipher
Homophonic substitution Cipher
Polygram substitution Cipher
Polyalphabetic Substitution Cipher

a. Caesar Cipher:One of the simplest examples of a substitution cipher is the

Caesar cipher, which is said to have been used by Julius
Caesar to communicate with his army. Caesar is considered to
be one of the first persons to have ever employed encryption
for the sake of securing messages. Caesar decided that shifting
each letter in the message would be his standard algorithm,
and so he informed all of his generals of his decision, and was
then able to send them secured messages. Using the Caesar
Shift (3 to the right), the message MY NAME IS KHAN will be
encrypted as:
M
P

Y
B

N
Q

A
D

M
P

E
H

I
L

S
V

K
L

H
K

A
D

N
Q

The cipher text will be: PBQDPHLVNKDQ. Here the key for
encryption is 3 now every alphabet in the plaintext will be
replaced by the third alphabet down the order. As M P,
YB, NQ and so and to make it more complex the spaces
between the words are removed.
b. Modified Caesar Cipher
In the Caesar Cipher, the key is single key, say for e.g. 3, so when
we encrypt the message AA we will get DD. We observe that

Vishesh Shrivastava

the first character A became D and the second one as well.

we subtract 26 from this number to get our result. The keyspace

But in the Modified Caesar Cipher the key length is variable, say

(defined as the set of possible choices for K) has 25 elements, since

for e.g. key = {1,2}. So when we encrypt the message AA we get

the identity K = 0 leaves the message unchanged, as does K = 26.

BC. The first and the second characters were the same As but

Only

after encryption we get different characters, and that trigger a

encipherments. For those of you who have had a semester of

problem!!! Back to the people who suggested a solution for the

abstract algebra, we are now working with elements from the

Caesar Cipher. They suggested to count the character frequency of

group Z26. Just as Brutus helped kill Casear, a brute force attack

the encrypted message and then sort them in descending order

(trying all possible keys) quickly destroys his cipher. One

and then replace each character with corresponding character in

requirement for a strong cryptosystem is a big keyspace. A

the relative frequency table. So if the character G is the most

monoalphabetic substitution cipher is one in which a given letter

frequent character in the encrypted message, then it will be

is consistently replaced by the same ciphertext letter, although the

replaced with the character E in the relative frequency table and

substitutions neednt be obtained by a shift.

so on.
c. Mono-alphabetic cipher
This system was described by Suetonius in his biography of
Caesar and by Caesar himself. Each letter is replaced by the
third letter to follow it alphabetically. Upon reaching the end
of our ciphertext alphabet, we jot down the A, B, C that
werent yet used.

values

strictly

between

and

26

offer

distinct

In other words we can say that in mono alphabetic suppose A is

replaced by B similarly B can be replaced by any other alphabet.
d. Homophonic Substitution Cipher
Homophonic substitution cipher is a much more complicated
variant of substitution cipher where, instead of using one to one
mapping of simple substitution, one to many mapping is used. In
one to many mapping, each plaintext letter can be substituted
with multiple ciphertext symbols. However, each ciphertext
symbol can represent one and only one plaintext letter. Such

According to modified Caesar cipher We dont have to shift by

mapping tends to flatten the frequency statistics in the resulting

three. We could shift by some other value K. If we think in terms

ciphertext and consequently makes the attacks based on statistical

of the numbers 0 through 25 representing the letters A through Z,

frequency based analysis more and more difficult. An example of

the enciphering process may be viewed mathematically as C = M +

homophonic cipher is given in Figure bellow .

K (mod 26), where C is the ciphertext letter, M is the plaintext

letter, and K is the key. The mod 26 part (short for modulo 26)
simply means that if the sum M + K is greater than or equal to 26,

Vishesh Shrivastava

at a given time is usually guided by a key of some kind, or the

agreement can be to switch alphabet after each word encrypted.
This cipher uses multiple one character key which is used to
encrypt a single plain text character. In this scheme the very first
key encrypts the first plain text character the second key encrypts
second plain text character and so on. As the key length ends the

keys are recycled for encryption.

As seen in Figure, each letter can be substituted with multiple

cipher symbols. For instance, letter 'L' can be substituted with 'A',
'U', or 'C'. In the ciphertext of word
HELLO, it is seen that the two occurrences of 'L' are substituted
with two different ciphertext symbols. Thus, the resultant
ciphertext does not give any idea that the ciphersymbols 'A' and
'C' actually represent the same plaintext letter 'L'
e. Polygram Substitution Cipher
A Polygram substitution cipher is one which blocks of characters
are encrypted in groups. For Example, ABA could correspond to
RTQ. Or in other words we can say rather than replacing one
plain text alphabet with one cipher text alphabet, block of plain
text alphabets are replaced by block of alphabets.

f. Polyalphabetic Substitution cipher

In polyalphabetic substitution ciphers the plaintext letters are
enciphered differently depending upon their placement in the
text. As the name polyalphabetic suggests this is achieved by
using several crypto alphabets instead of just one, as is the case in
most of the simpler crypto systems. Which crypto alphabet to use

Cryptanalysis:-Cryptanalysis is the art of defeating cryptographic

security systems, and gaining access to the contents of encrypted
messages, without being given the cryptographic key.
Cryptanalyst: - People who are involved in cryptanalysis.
Cipher:-The method of encryption and decryption.
Cryptographers:-Cryptographers are the people who do
cryptography
Symmetric Cryptosystem:- A cryptosystem that uses the same
key for encryption and decryption.
Asymmetric Cryptosystem:- A cryptosystem in which different
keys are used for encryption and decryption.
1.8

Other Substitution Ciphers

a. Affine Cipher
The Affine cipher is an example of substitution cipher, and very
much similar to shift cipher. Since a shift cipher can produce only
25 different distinct transformations for the text, it is not a very
secure encryption method. The affine cipher is a generalization of
the shift cipher that provides a little bit more security. The affine
cipher applies multiplication and addition to each character using
the function:
y =(ax+b)MODm
where
x= Numerical value of the letter in the plaintext,

m = Number of letters in the plaintext alphabet,

a,b = Secret numbers,
y = Result of transformation.
y can be decrypted back to x by using the formula

Vishesh Shrivastava

x = inverse (a) (y b) MOD m,

Inverse (a) is a value such that if it is multiplied with a MOD m
the result will be 1, i.e. (a * inverse (a)) MOD m = 1.
Consider the following example for affine cipher where assume
the message is encrypted by the function
Here suppose a = 11 and b = 4.
y = (11x + 4) MOD 26
To encrypt the plaintext MONEY, we first convert each letter in
plaintext into a numerical value between 0 and 25 according to
following list
A
0
B
1
C
2
.
.
.
.
Z
25
Thus, the numerical values corresponding to the plaintext
MONEY
are
12,
14,
13,
4,
and
24.
Applying the given function for each numerical value, we have
M: y = (11*12 + 4) MOD 26 = 6
O: y = (11*14 + 4) MOD 26 = 2
N: y = (11*13 + 4) MOD 26 = 17
E: y = (11*4 + 4) MOD 26 = 22
Y: y = (11*24 + 4) MOD 26 = 22

The corresponding letters are GCRWI, which is the ciphertext.

To Decipherthe encoded text GCRWL we can use the above said
method as:
To decipher, we transform the function y as:
x= inverse(a)(yb)MODm
Then we have,
x = inverse (11) (y 4) MOD 26
Inverse (11) MOD 26 = 19, and the decryption function will be
x = 19 (y 4) MOD 26
We now decipher the ciphertext GCRWI by applying the
decryption function. We have:
G: x = 19*(6-4) MOD 26 = 12
C: x = 19*(2-4) MOD 26 = 14
R: x = 19*(17-4) MOD 26 = 13
W: x = 19*(22-4) MOD 26 = 4
I: x = 19*(8-4) MOD 26 = 24

The corresponding plaintext letters are MONEY.

b. The Vigenere Cipher
The vigenere cipher is an example of polyalphabetic substitution
cipher. A polyalphabetic substitution cipher is similar to a
monoalphabetic substitution except that the cipher alphabet is
changed periodically while enciphering the message. It means the
Shift Cipher and the Substitution Cipher, once a key is chosen,
each alphabetic character is mapped to a unique alphabetic
character. For this reason, these cryptosystems are called
monoalphabetic. The cryptosystem which is not monoalphabetic,
is Vigenere cipher. Blaise de Vigenre developed what is now
called the Vigenre cipher in 1585. He used a table known as the

Vishesh Shrivastava

Vigenre square, to encipher messages. This page discusses two

different versions of the Vigenre cipher, the autokey method and
the keyword method. The Vigenere table is as follows.

T U V WX
U V WX Y
V WX Y Z
WX Y Z A
X Y Z A B
Y Z A B C
Z A B C D

Y
Z
A
B
C
D
E

Z
A
B
C
D
E
F

A
B
C
D
E
F
G

B
C
D
E
F
G
H

C
D
E
F
G
H
I

D
E
F
G
H
I
J

E
F
G
H
I
J
K

F
G
H
I
J
K
L

G H I J K L MN
H I J K L MN O
I J K L MN O P
J K L MN O P Q
K L MN O P Q R
L MN O P Q R S
MN O P Q R S T

O
P
Q
R
S
T
U

P
Q
R
S
T
U
V

QR S
R S T
S T U
T U V
U V W
V WX
WX Y

Encipher:-Consider the following

A B C D E F G H I J K L MN O P Q R S T U V WX Y Z
B C D E F G H I J K L MN O P Q R S T U V WX Y Z A
C D E F G H I J K L MN O P Q R S T U V WX Y Z A B
D E F G H I J K L MN O P Q R S T U V WX Y Z A B C
E F G H I J K L MN O P Q R S T U V WX Y Z A B C D
F G H I J K L MN O P Q R S T U V WX Y Z A B C D E
G H I J K L MN O P Q R S T U V WX Y Z A B C D E F
H I J K L MN O P Q R S T U V WX Y Z A B C D E F G
I J K L MN O P Q R S T U V WX Y Z A B C D E F G H
J K L MN O P Q R S T U V WX Y Z A B C D E F G H I
K L MN O P Q R S T U V WX Y Z A B C D E F G H I J
L MN O P Q R S T U V WX Y Z A B C D E F G H I J K
MN O P Q R S T U V WX Y Z A B C D E F G H I J K L
N O P Q R S T U V WX Y Z A B C D E F G H I J K L M
O P Q R S T U V WX Y Z A B C D E F G H I J K L MN
P Q R S T U V WX Y Z A B C D E F G H I J K L MN O
Q R S T U V WX Y Z A B C D E F G H I J K L MN O P
R S T U V WX Y Z A B C D E F G H I J K L MN O P Q
S T U V WX Y Z A B C D E F G H I J K L MN O P Q R

Primary key = L
Plaintext = MY NAME IS KHAN
Plain Text
M Y N A M

K H

A N

Key

Y N

M E

H A

Cipher Text

Q M

A C R

A N

In order to encipher a message using the Vigenreautokey

method, the sender and receiver must first agree on a priming key.
The priming key is a single letter that will be added to the
beginning of the message to form the key. The sender will encrypt
the message by writing the plaintext on one line and writing the
key on the line beneath it. The sender will use the plaintext and
key letters to select a row and a column in the Vigenre square.
The selected row is the row in which the plaintext letter is in the
first column and the selected column is the column in which the
key letter is in the first row. A ciphertext letter will be the letter
that appears in the Vigenresquare at the position corresponds to
the selected row and column. In the following example, to find the
ciphertext letter, first locate the row in the Vigenre square that
corresponds to plaintext letter M. Next locate the column that
corresponds to the key letter L. The letter at which they intersect is

Vishesh Shrivastava

the ciphertext letter, in this case X. Continue to do this for each

pair of letters to form the compete ciphertext.
Now the vigenere cipher will be XKLNMQMACRAN
Decipher

To decrypt a message, the row is selected using the priming key.

Next, the receiver locates the first letter of the ciphertext in the
selected row. The letter at the top of the column that contains the
ciphertext letter is the first letter of the plaintext. Add the first
letter of the plaintext to the key and use it with next ciphertext
letter to continue decipherment.

Hill used matrices and matrix multiplication to mix up the

plaintext. The Hill cipher is an example of a block cipher. A block
cipher is a cipher in which groups of letters are encrypted together
in equal length blocks. The method for encryption and decryption
is explained using the following way.
Encipher
In order to encrypt a message using the Hill cipher, the sender
and receiver must first agree upon a key matrix A of size n x n. A
must be invertible mod 26. The plaintext will then be enciphered
in blocks of size n. In the following example A is a 2 x 2 matrix
and the message will be enciphered in blocks of 2 characters.
5 6
4 8
Message: KESCOLLEGE
Key Matrix: A =

Key

Q M

A C R

A N

Cipher Text

Y N

M E

H A

Plain Text

N A

K H

A N

Now we the actual plain text will be decrypted as MY NAME IS

KHAN.
This vigenere cipher is auto key method where the user selected
only a character for key and the remaining will be automatically
generated using plain text or in other method the user needs to
enter the entire key with same length as the plaintext has.
c. The Hill Cipher
In cryptography, the Hill cipher is a polygraphic substitution
cipher based on linear algebra. This technique was invented by
Lester S. Hill in 1929; it was the first polygraphic cipher in which
it was practical to operate on more than three symbols at once.

The first block KE corresponds to the matrix

10
. The sender will
4

then calculate:
10 5 6 10
(mod 26)
A =
4
4 8 4
74
= Mod26
72
22
=
20
The first two letters of the ciphertext correspond to 22,20 and are
therefore WU. This step is repeated for the entire plaintext. If
there are not enough letters to form blocks of 2, pad the message
with some letter, say Z.
The message: KESCOLLEGE will be enciphered as:
WU YK GO BY CE
Decipher
To decipher a message, first calculate the inverse of the key A.
d bmod26
A-1 = det(A)-1
c a
5 6mod26
A-1 = (40-24)-1
4
8
5 6
-1
-1
mod26
A = 16
4
8

Vishesh Shrivastava

Then multiply the inverse of the key by each pair of ciphertext

letters (mod 26) to recover the original text.
5 6 22mod26
M=16-1
4
8 20
10

M=
4
To decrypt the message,the first two letters are 10, 4 which
correspond to K and E. The receiver will repeat this step for every
pair of letters in the ciphertext to recover the original message
KESCOLLERGE.
To use a Hill cipher with different block size the number of rows
and columns in matrix A should be equal to the block size. For
example if the block size is 4 the A should be a matrix of size 4 x
4Rather than working with such large numbers, the Hill cipher
works on groups of letters in a somewhat different manner. The
Hill cipher works by viewing a group of letters as a vector, and
encryption is done by matrix multiplication.
To encrypt the same message consider the following method.
First, our key consists of four numbers which we call a, b, c, and d.
These numbers must be chosen so that the quantity ad-by is
relatively prime to the length of the alphabet, 26 in our case, so
ad-bc cannot be even or a multiple of 13.
To encrypt a pair of letters, we look up their numeric equivalents
as usual. Suppose these numbers are x and y. Then the
corresponding letters in the ciphertext are given by
(ax + by)mod 26 and (cx+dy)mod 26
Forexample, let's encipher the phrase MY NAME IS KHAN
with the key a=2, b=3, c=5, and d=6.
Before using the key lets verify whether it is a valid key or not.
Since,
(ad-bc) = (2*6 2*5) = -3 = 23(mod 26)
this is a valid key. To encode, we break our text up into pairs, and
since there are an odd number of letters, we add x to the end.
PlainText
MY
NA
ME
IS
KH
AN

(13,25)

(14,1)

(13,5) (9,19)

(11,8)

(1,14)

(ax + by)mod26

23

15

23

20

18

(cx + dy)mod26

24

17

25

11

Ciphertext

XH

DY

OQ

XD

UZ

SL

To decipher, we apply a different Hill cipher to the ciphertext. If

the pairs of letters have numeric equivalencies X and Y, then the
plaintext is given by
(AX + BY)mod 26 and (CX + DY) mod 26
To find A, B, C, and D, we first find the multiplicative inverse of
ad-bc and denote it by J. Then
A= (d X J) mod 26
,
B= (-b X J)mod 26
C= (-c X J) mod 26
,
D= (a X J)mod 26
For example, if we encipher with a=2, b=3, c=5, and d=6 as above,
then J=17, and the deciphering transformation has A=24, B=1,
C=19, and D=8.
The real strength of the Hill cipher is that it can be adapted to
work on large blocks of text without having to use huge numbers
as we did in the previous section.

d. The Permutation Cipher

The Permutation Cipher is not monoalphabetic.The Permutation
Cipher is also called the Transposition Cipher.A permutation
cipher is a very old form of cryptography. It works by moving
letters around in a pre-defined pattern, so can be applied easily by
hand. This also means the letter frequencies of the plaintext are
preserved. To encrypt any message the first we need to generate
key. This is a block cipher, so first decide the size of the block you
want (n), in this example we will here use 5 letters. Using a block

Vishesh Shrivastava

size equal to the length of the message is equivalent to just

shuffling all the letters; there will be no distinguishable pattern.
The longer the block length, the more secure the message. Of
course, you don't have to use letters, you can use bits. The key
itself consists of an ordered set of integers between 1 and n.
randomlyswop pairs of numbers until you're satisfied.
A. 1 2 3 4 5
B. 5 2 3 4 1
C. 2 5 3 4 1
D. 2 5 1 4 3
E. 2 4 1 5 3
For enciphering we are going to use STEPE as key.
Enciphering
Lets consider the message to be encrypted:
RAJNIKANT IS A GOOD ACTOR.Group entire sentence in group
of five alphabets as:
RAJNI KANTI SAGOO DACTO RXXXX
Now in each block, I re-arrange it in the order shown in the key,
so the first element in the ciphertext is the 2nd element from the
plaintext. This means the ciphertext corresponding to my message
and key is:
ANRIN ATKIN AOSOG ATDOC XXRXX
Deciphering
To reverse the process you need to find the inverse key; that is the
key that reverts the permutation the normal key creates. The value
of an element is the position of that element in the key. In this
case, the key is:
[2, 4, 1, 5, 3]and the inverse is [3, 1, 5, 2, 4]
Using this sequencewe can decipher the message as
RAJNIKANT IS A GOOD ACTOR.

e.The Stream Cipher

A stream cipher is a method of encrypting text in which a

cryptographic key and algorithm are applied to each binary digit
in a data stream, one bit at a time. This method is not much used
in modern cryptography. The main alternative method is the
block cipher in which a key and algorithm are applied to blocks of
data rather than individual bits in a stream.
A stream cipher is a type of symmetric encryption algorithm.
Stream ciphers can be designed to be exceptionally fast, much
faster than any block cipher. While block ciphers operate on large
blocks of data, stream ciphers typically operate on smaller units of
plaintext, usually bits. The encryption of any particular plaintext
with a block cipher will result in the same ciphertext when the
same key is used. With a stream cipher, the transformation of
these smaller plaintext units will vary, depending on when they
are encountered during the encryption process.
A stream cipher generates what is called a keystream. Encryption
is accomplished by combining the keystream with the plaintext,
usually with the bitwise XOR operation.
Stream ciphers are best explained using examples. Here is our
plaintext that we would like to encrypt. We have already
converted our plaintext string to binary:
Plaintext: 100110111101000011100101000110111101
Now, let's look at a simple stream cipher. All stream ciphers have
something called a keystream generator. A keystream generator
simply spits out a stream of 1s and 0s. If we use an exclusive or
(XOR) with the keystream and plaintext, we get ciphertext. An
exclusive or compares two bits. If exactly one of the bits is a 1,
then the exclusive or returns a 1. If both bits are 1s or both bits are
0s, then the exclusive or returns a 0. The exclusive or can be used
with corresponding bits of the plaintext and the keystream. We
will use a simple and insecure keystream that alternates 0s and 1s
in the example below. This keystream is called periodic, since the
sequence '10' repeats over and over.

Plaintext
Keystream
Ciphertext XOR

100110111101000011100101000110111101
101010101010101010101010101010101010
001100010111101001001111101100010111

Vishesh Shrivastava

To decrypt this ciphertext, all we need to do is again XOR the

ciphertext with the keystream:
Ciphertext
Keystream
Plaintext XOR

001100010111101001001111101100010111
101010101010101010101010101010101010
100110111101000011100101000110111101

1. Write the alphabets of plain text diagonally.

2. Read the alphabets row-wise.

For example let us consider our plaintext as:MY NAME IS ARNAV

1.9 Transposition Cipher

The concept of transposition is very simple in this technique of
encipherment the position of alphabets of the plain text is changed
by using some system. In cryptography, a transposition cipher is
a method of encryption by which the positions held by units
of plaintext are shifted according to a regular system, so that
the ciphertext constitutes a permutation of the plaintext.
Following are some Transposition techniques

a.
b.
c.
d.
e.

Rail-fence transposition technique

Simple columnar transposition technique
Simple columnar technique with multiple rounds
Vernam Cipher
Book Cipher

a. Rail Fence Transposition Technique:

The Rail Fence transposition is very simple technique of
transposition cipher it uses very simple algorithm in which the
alphabets of plaintext is written diagonally first and then read the
alphabets row wise.
Algorithm:-

b. Simple columnar transposition technique:

It is a transposition cipher that follows a simple rule for
mixing up the characters in the plaintext to form the
ciphertext. In simple columnar transposition technique the

plain text is arranged as a sequence of rectangles and these

rectangles are read column wise randomly.
Algorithm:
1. Define the number of columns and start writing
the plain text row by row. If any cell remains
blank add X.
2. Define the key sequence of columns to read.
3. Read the message column by column.
4. The message obtained is the cipher text.

Vishesh Shrivastava

Example:

Consider the plain text as I AM A STUDENT OF KES COLLEGE.

Now decide the number columns say 5. And the key sequence for
encryption as 53241. Start writing the plain text in the rectangles
row by as given:
COLUMN 1
COLUMN 2 COLUMN 3 COLUMN 4 COLUMN 5
I
A
M
A
S
T
U
D
E
N

5. Repeat the step 1 to step 4 for other rounds

Example:

Consider the plain text as I AM A STUDENT OF KES COLLEGE.

Now decide the number columns say 5 consider that we have two
rounds. And the key sequence for encryption as 53241. Start
writing the plain text in the rectangles row by as given:
COLUMN 1
COLUMN 2 COLUMN 3 COLUMN 4 COLUMN 5
I
A
M
A
S
T
U
D
E
N

Now read the columns as the key sequence 53241.

SNELXMDFOEAUOCGAEKLXITTSE
This will be the cipher text for the given plain text.

c. Simple columnar
rounds:

transposition

with

multiple

In simple columnar transposition technique with multiple rounds

Now read the columns as the key sequence 53241.

SNELXMDFOEAUOCGAEKLXITTSE
This will be the first cipher text for the given plain text. Now
consider the cipher text as plaintext for second round.

repeated for multiple rounds

COLUMN 1
S
M

COLUMN 2 COLUMN 3 COLUMN 4 COLUMN 5

N
E
L
X
D
F
O
E

Algorithm:

the plain text is arranged as a sequence of rectangles and these

rectangles are read column wise randomly. The same process is

1. Define the number of columns and start writing

the plain text row by row. If any cell remains
blank add X.
2. Define the key sequence of columns to read.
3. Read the message column by column.
4. The message obtained is the cipher text for first
round.

Now rewrite column wise using the same key sequence the
ciphertext will be:
XEGXEEFOKTNDUETLOCLSSMAAI

Vishesh Shrivastava

d. Vernam Cipher(one Time Pad)

Vernam cipher is also known as One Time Pad which is

implemented using the non repeating characters as input cipher
text. In cryptography it is an encryption technique which cannot
be cracked if it is properly used. As the name suggest once an
input cipher text is used it is never used again. In Vernam Cipher
the length of input cipher text is equal to the length plain text.
Algorithm:

e. Book Cipher

The Book Cipher is also known as Running Key Cipher. Basically

the Book cipher uses the subsequent words in some text or books
as a key to encode a message. The Book cipher or Running code
Cipher is same as vernam cipher the only difference is that the
one time pad is replaced by a book.

1. Consider each plain text alphabet and input cipher

text one time pad as a number where A=0, B=1,
C=2,Z=25
2. Add each number corresponding to plain text
alphabet to the corresponding ciphertext alphabet.
3. If sum is greater than 26 subtract 26 from it.
4. Now represent the number to its corresponding
alphabet as of step 1.

1.10 Encryption and Decryption

We have studied so far the concepts of cryptographic algorithms,
we know that the transformation of plain text to cipher text is
called as encryption. Encryption is defined as it is a process of
encoding plain text message to cipher text message.

Let us consider a plain text KESCOLLEGE and one time pad

PLAINTEXTM the encryption technique will be as:

After encryption the sender sends the message to the receiver the
reciever now decodes the encoded message to get the actual data
this process is called as decryption. Decryption is defined as it is
a process to retrive the original plain text from the ciphertext. For
the purpose of encryption we use some methodology considered
as cryptography and that rerquires some encryption key.
Similarly to decrypt the message the decryption key is required.
And the entire process of encryption of plain text using the key at
sender side and decryption of data using the key ar receiver side
is called as Cryptography. We can conclude from the above that
every encryption and decryption process requires two aspects:
Algorithm and Key.
Accordingly the cryptographic mehods depending upon the key
used are divided into two categories:

Plain Text

K
10

E
4

S
18

C
2

O
14

L
11

L
11

E
4

G
6

E
4

OTP

P
15

L
11

A
0

I
8

N
13

T
19

E
4

X
23

T
19

M
12

Initial Total

25

15

18

10

27

30

15

27

25

16

Subtract 26 25
if >26
Cipher text Z

15

18

10

15

25

16

Now the cipher text for the given plain text is ZPSKBEPBZQ.

Vishesh Shrivastava

but the user private key cannot be derived from the widely used
public key.
The problem with symmetric key is the communication of the key
to the receiver this particular problem is overcome by the Diffie
Hellman Key Exchange Algorithm.

Symmetric Key Cryptography

The conventional cryptography is also called secret-key or
symmetric-key cryptography, only one key is used both for
encryption and decryption. Figure shows the conventional
encryption process.
1.11 Diffie-Hellman Key Exchange Algorithm

b. Asymmetric Key Cryptography

Public-key cryptography is also known as asymmetric
cryptography, is a form of cryptography in which the key used to
encrypt a message differs from the key used to decrypt it. In
public key cryptography, each user has a pair of cryptographic
keys a public key and a private key. The private key is kept
secret, while the public key may be widely distributed and used
by other users. Incoming messages would have been encrypted
with the recipient's public key and can only be decrypted with his
corresponding private key. The keys are related mathematically,

The Diffie-Hellman algorithm was developed by Whitfield Diffie

and Martin Hellman in 1976. The Diffie-Hellman algorithm is
used for exchange of key securely between sender and receiver.
Though this algorithm is a bit slow but it is the sheer power of this
algorithm that makes it so popular in encryption key generation.
The DiffieHellman key exchange method allows two parties that
have no prior knowledge of each other to jointly establish a
shared secret key over an insecure communications channel. This
key can then be used to encrypt subsequent communications
using a symmetric key cipher. It is a type of key exchange.
The simplest and the original implementation of the protocol uses
the following algorithm:
Algorithm:

Vishesh Shrivastava

1. Sender and receiver agree upon two large prime numbers

n and g respectively. They share these numbers.
2. Now sender selects another large random number x and
its kept secret by the sender.
3. Similarly selects another large random number y and its
kept secret by the receiver.
4. Now sender and receiver calculates A and B respectively
where
A= gx mod n

3. Receiver chooses a secret integer y = 15, then sends

Sender B = gy mod n
B = 515 mod 23 = 19
4. Sender computes K1 = Bx mod n
K1 = 196 mod 23 = 2
5. Receiver computes K2 = Ay mod n
K2 = 815 mod 23 = 2

Here we can see K1=K2 and hence we can say the key can be
exchanged securely.
1.12 Steganography

B= gy mod n
A and B need not to be kept secret.
5. Sender now calculates the secret key K1 as
K1 = Bx mod n
6. Receiver now calculates the secret key K2 as
K2= Ay mod n
Example:1. Sender and Receiver agree to use a prime
number n = 23 and base g = 5(which is a primitive root
modulo 23).
2. Sender chooses a secret integer x = 6, then sends
Receiver A = gx mod n
A = 56 mod 23 = 8

The art of hiding information by embedding messages within

other, is called as steganography. According to the concept of
steganography it is "the art of writing in cipher, or in characters,
which are not intelligible except to persons who have the key,
cryptography". In computer terms, steganography has evolved
into the practice of hiding a message within a larger one in such a
way that others cannot discern the presence or contents of the
hidden message. In contemporary terms, steganography has
evolved into a digital strategy of hiding a file in some form of
multimedia, such as an image, an audio file (like a .wav or mp3) or
even a video file.
1.13 Key Range and Key Size
As we have already discussed in cryptography that the key is
required for encryption and decryption process. The process of

Vishesh Shrivastava

decryption requires the key if the message is attacked by the

attacker and key size is small it will be easy for the attacker to
guess the key thats why key size should be long so that it would
be difficult for attacker to guess the key.
The encrypted message can be attacked if the following
information is available

2.

Known-plaintext attack (KPA): - In this type of attack it is

assumed that pairs of plaintext and the corresponding
enciphered text are available to the analyst.

3.

Chosen-plaintext attack (CPA) :-In chosen plain text attack the

cryptanalyst is able to choose a number of plaintexts to be

1. The Encryption and Decryption Process

2. The Encrypted message
3. Key

enciphered and have access to the resulting ciphertext. This

allows him to explore whatever areas of the plaintext state

We have seen previously the Encryption and decryption and

space he wishes and may allow him to exploit vulnerabilities

decryption process is not secret and similarly the ciphertext

and nonrandom behavior which appear only with certain

message which is transmitted through insecure channel is also not

secret. So the only way to secure the message is to increase the
size of the key so that it would be difficult for the attacker to

plaintexts.
4.

Chosen-ciphertext attack (CCA):- in this attack the analyst can

choose arbitrary ciphertext and have access to plaintext

guess.

decrypted from it. In an actual real life case this would require
the analyst to have access to the communication channel and
the recipient end.

1.13 Possible Types of Attack

We know that the message is encrypted by the sender before
sending it to the receiver that is called as cipher text in this data
the possible attacks are as follows.
1.

5.

Side channel attack - This is not strictly speaking a

cryptanalytic attack, and does not depend on the strength of
the cipher. It refers to using other data about the encryption or
decryption process to gain information about the message,
such as electronic noise produced by encryption machines,

Ciphertext-only attack (COA):- In this type of attack it is

sound produced by keystrokes as the plaintext is typed, or

assumed that only the ciphertext is available to the

measuring how much time various computations take to

cryptanalyst. This is the most likely case encountered in real

perform.

life cryptanalysis, but is the weakest attack because of the

cryptanalyst's lack of information. Modern ciphers are
required to be very resistant to this type of attack.