Bikash Sadhukhan, Asst. Professor.

Techno India College of Technology.

2
Cryptography components
 The messages to be encrypted, known as the plaintext. After the message is
transformed, it is called cipher text.
 An encryption algorithm transforms the plain text to cipher text. A decryption
algorithm transforms the cipher text back to plaintext.
 The sender uses the encryption algorithm and the receiver uses the decryption
algorithm. These algorithms are also known as cipher.
 A key is a number(value) that the cipher, as an algorithm operates on. To encrypt
a message we need the encryption algorithm, encryption key and plain text.
These creates the cipher text.
 To decrypt the message we need the decryption algorithm, decryption key and
the cipher text. These reveals the original message.

3
Encryption and decryption
 In cryptography, the encryption/decryption algorithms are public; the
keys are secret.
 The art of breaking ciphers, called cryptanalysis, and the art devising
them (cryptography) is collectively known as cryptology.

4
Cryptography Algorithms
 Cryptography algorithms can be divided into two groups.
 Symmetric key cryptography or secret key cryptography
algorithms.
 Asymmetric cryptography or public key cryptography
algorithms.

5
Symmetric-Key Cryptography
 In symmetric-key cryptography, the same key is used by the sender
(for encryption) and the receiver (for decryption). The key is shared.
 In symmetric-key cryptography, the same key is used in both
directions.
 Typically the symmetric encryption algorithms are efficient and fast
 Symmetric-key cryptography is often used for long messages.
 The main weakness in symmetric encryption is the need for the shared
secret

6
 Caesar cipher
 One of the oldest known ciphers is the Caesar cipher, attributed to
Julius Caesar.
 The cipher shifts each character down by three.

7
Example of mono-alphabetic substitution
 In mono-alphabetic substitution, the relationship between a character
in the plaintext to the character in the ciphertext is always one-to-one.

8
Example of poly-alphabetic substitution:
Vigenere cipher
 In poly-alphabetic substitution, the relationship between a
character in the plaintext and a character in the ciphertext is one-
to-many.
 A ciphertext created by poly-alphabetic substitution are more
harder to crack than the ciphertext created by mono-alphabetic
substitution.

9
Transpositional Cipher
 In transpositional cipher the characters retain their plaintext form but
changes their position to create the ciphertext.
 The text is organized into two dimensional table, and the columns
are interchanged according to a key.

10
Block cipher
 Traditional cipher uses a character or symbol as the unit of
encryption and decryption.
 The Block cipher uses a block of bits as the unit of encryption
decryption

11
P-box
 P- box or permutation box performs a transposition at the bit level; it
trans poses the bits.
 It can be implemented in software or hardware, but hardware is faster.
The key and the encryption and decryption algorithm are normally
embedded in the hardware

12
DES (Data Encryption Standard)
 The DES cipher uses the same concept as the Caesar cipher, but the
encryption/decryption algorithm is much more complex due to the
sixteen 48-bit keys derived from a 56-bit key.
 Plaintext is encrypted in blocks of 64 bits, yielding 64 bits of
ciphertext. The algorithm, which is parameterized by a 56-bit key, has
16 distinct stages. The first stage is a key-independent transposition on
the 64-bit plaintext. The last stage is the exact inverse of this
transposition. The stage prior to the last one exchanges the leftmost 32
bits with the rightmost 32 bits.

13
General scheme of DES
 The remaining 16 stages are functionally identical but are parameterized by
different functions of the key. The algorithm has been designed to allow
decryption to be done with the same key as encryption, a property needed in
any symmetric-key algorithm. The steps are just run in the reverse order.

14
Iteration block
Each intermediate stage takes two 32-bit inputs and produces two 32-bit
outputs. The left output is simply a copy of the right input. The right output is
the bitwise XOR of the left input and a function of the right input and the key
for this stage, Ki. All the complexity lies in this function.

15
Public-Key Cryptography
 Public-key algorithms are more efficient for short messages.
 The RSA method is based on some principles from number theory. We will
now summarize how to use the method.
 Choose two large primes, p and q (typically 1024 bits).
 Compute n = p x q and z = (p - 1) x (q - 1).
 Choose a number relatively prime to z and call it d.
 Find e such that e x d = 1 mod z.

16
 RSA (Rivest, Shamir, Adleman)
 With these parameters computed in advance, we are ready to begin encryption.
Divide the plaintext (regarded as a bit string) into blocks, so that each plaintext
message, P, falls in the interval 0 P < n. Do that by grouping the plaintext into
blocks of k bits, where k is the largest integer for which 2k < n is true.
 To encrypt a message, P, compute C = Pe (mod n). To decrypt C, compute P = Cd
(mod n). It can be proven that for all P in the specified range, the encryption and
decryption functions are inverses. To perform the encryption, you need e and n.
To perform the decryption, you need d and n. Therefore, the public key consists
of the pair (e, n), and the private key consists of (d, n).

17
Firewall
 A firewall is a secure and trusted machine that sits between a private
network and a public network. The firewall machine is configured with a set
of rules that determine which network traffic will be allowed to pass and
which will be blocked or refused.
 In some large organizations, you may even find a firewall located inside
their corporate network to segregate sensitive areas of the organization from
other employees. Many cases of computer crime occur from within an
organization, not just from outside.
 All messages entering or leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the
specified security criteria. There are several types of firewall techniques:

18
Firewall
 Packet filter: Looks at each packet entering or leaving the network and accepts
or rejects it based on user-defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible
to IP spoofing.
 Application gateway: Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very effective, but can impose a
performance degradation.
 Circuit-level gateway: Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can flow
between the hosts without further checking.
 Proxy server: Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses. In practice, many
firewalls use two or more of these techniques in concert.
 A firewall is considered a first line of defense in protecting private
information. For greater security, data can be encrypted.

19
Proxy firewall
 A proxy firewall filters at the application layer.

20
DNS spoofing
 Tricking a DNS server into installing a false IP address is
called DNS spoofing. A cache that holds an intentionally false
IP address like this is called a poisoned cache.

21
Intranet and Extranet
 Intranet: an intranet is a private network (LAN) that uses the
Internet model. However, access to the network is limited to the
users inside the organization. The network uses application programs
defined for the global Internet, such as HTTP, and may have web
servers, print servers, file servers, and so on.
 Extranet: An Extranet is the same as an intranet with one major
difference: some resources may be accessed by specific group of
users outside the organization under the control of the network
Administrator. For example A university can allow distance learning
students access to the computer after passwords have been checked.
An organization may allow authorized customers access to product
specification, availability and online ordering.

22
 VPN (Virtual Private Networks)
 VPN creates a network that is private but virtual. It is private because it
guarantees privacy inside the organization. It is virtual because it does
not use real private WANs; the network is physically public but virtually
private.

23