21CSE358T - Network Security and Cryptography

PROFESSIONAL ELECTIVE
(L-2 T-1 C-3)
Unit -1

Prepared by
Dr. B. Umamageswari, AP/CTECH
Unit - 1
The need for security - Security approaches - Principles of security -
Types of Security attacks - Security services- Security Mechanisms - A
model for Network Security - Substitution techniques -Transposition
techniques - Steganography.
Possible Attacks on Computers
• Computer security
• Network security CIN

• Internet security

Why do we need security?

Terminologies
• Security attacks – any action that compromises information owned
by an organization.
• Security measures – Mechanisms designed to detect, protect, and
recover from security attacks.
• Security services – A service that enhances the security of the data
processing systems and the information transfers of an organization.
The services are intended to counter security attacks, and one or
more security mechanisms are used to provide the service.

AMS
Security
Services
AADDN
Security Mechanisms
ITU-T X800 standards – security architecture for ISO/OSI model
Security
Mechanisms

EDDAATRN

TESSS
Security
Mechanisms
Relationship between Security Services and
Mechanisms
Model for Network Security
Principles of Security or Security Services
• Confidentiality
What attack results in loss of confidentiality?

• Authentication
Which attack is possible in case of loss of proper authentication
mechanism?

• Integrity
Which attack leads to loss of integrity?
Principles of Security or Security Services
(Contd..)
• Non-repudiation

• Access Control

• Availability
Which attack makes the system unavailable?
Identify the attacks and security principle
violated due to the attack
Types of attacks
• Passive attacks – prevent
• Active attacks – detect and recover
Passive Attacks
- attacker overhears the communication without modifying it.
- Will be in the form of interception.
- difficult to detect
- prevention is better
Active Attacks
Modification of message or creation of the false message.
- will be in the form of interruption/modification/fabrication.
Guess the type of attack
Practical side of attack
Programs that attack
• Virus – piece of code that attaches itself to legitimate code and runs
when the legitimate code is executed.
• It can lead to application-level or even network-level attack
Phases of virus
(a) Dormant Phase - The virus is idle. It gets activated based on a certain action or
event (e.g. the user typing a certain key or a certain date or time is reached, etc).
This is an optional phase.
(b) Propagation Phase - In this phase, a virus copies itself, and each copy starts
creating more copies of itself, thus propagating the virus.
(c) Triggering Phase - A dormant virus moves into this phase when the action/event
for which it was waiting is initiated.
(d) Execution Phase -This is the actual work of the virus, which could be harmless
(display some message on the screen) or destructive (delete a file on the disk).
Types of virus
• Parasitic virus – attaches to exe files and infects other exe files when
executed.
• Memory resident virus – virus that resides in memory and infects all exe
files that are executed.
• Boot sector virus – virus infects the master boot record of the disk and
spreads when OS starts booting the machine.
• Stealth virus – built-in intelligence so that anti-virus program can’t detect.
• Polymorphic – changes its signature on every execution.
• Metamorphic – changes its signature and rewrites itself every time on its
execution.
• Macro virus
Worm and Trojan Horse
Specific Attacks
Sniffing and Spoofing
• Sniffing – passive attack
- encryption of data / transmission link
- attacker captures thr’ router or less – protected system on
the path.
• Spoofing – forges the source address – intercept/DoS/confuse host
• Phishing –
Phishing use case
DNS Spoofing use case
Cryptography (Krypto – hidden or secret and
graphene – writing)
Cryptanalysis / Code breaking

Cryptology = Cryptography + Cryptanalysis

Terminologies
• Plain text – original msg in readable format
• Cipher text – encrypted message in an unintelligible format
• Encryption – Process of transforming plain text to cipher text
• Decryption – Reverse process of transforming cipher text back to
plain text
• Cipher – Encryption and decryption algorithms used
• Key – a number or set of numbers on which ciphers operate
Simple technique
Techniques to convert plain text to cipher text
Substitution Cipher Technique
In the substitution-cipher technique, each character of the plain-text message
is replaced by other characters, numbers, or symbols. There are several
techniques.
Caesar Cipher - replacing an alphabet with the one three places down the order
Easy to break
How to break?

Modified Version
Caesar Cipher

• Proposed by Julius Caesar.

• Mechanism to make a plaintext message into ciphertext message.
• It replaces each letter of the alphabet with the letter standing ‘n’
places further down the alphabet.
Example: Replace each A with D, B with E, etc
How to break the Caesar cipher?
All that is required to break the Caesar cipher is to do the reverse of the
Caesar cipher process. i.e. replace each alphabet in a cipher-text
message produced by Caesar cipher with the alphabet that is three
places up the line.
Thus, to work backward, take a cipher text produced by Caesar cipher,
and replace each A with X, B with Y, C with Z, D with A, E with B, and so
on.
Modified Caesar Cipher
Modified Caesar Cipher
Mono-alphabetic cipher
• Difficult to predict due to the huge no. of permutations and
combinations.
• Random substitution.
• Every occurrence of A replaced by ‘F’, every occurrence of B replaced
by ‘I’ and so on. (one on one mapping).

Homophonic cipher
Replace each character by another character from the chosen set.
Polygram substitution cipher
Polygram substitution cipher technique replaces one block of
plain text with another block of cipher text—it does not work
on a character-by-character basis.
Problem
Alice meets Bob and says Rjjy rj ts ymj xfggfym. bj bnqq inxhzxx ymj
uqfs. If she is using Caesar cipher, what does she want to convey?

Solution:
Meet me on the sabbath. We will discuss the plan
Polyalphabetic substitution cipher
Playfair Cipher
Playfair Cipher
PLAYFAIR EXAMPLE
Encryption
• MY NA ME IS AT UL
Try it out
Hill Cipher
Hill Cipher
Transposition Technique
Transposition techniques differ from substitution techniques in
the way that they do not simply replace one alphabet with
another, but they also perform some permutation over the plain
text.
Rail Fence technique
Working of Rail Fence Technique
Simple Columnar Transposition Technique
Simple Columnar Transposition Technique
Simple columnar transposition technique with
multiple rounds
Vernam Cipher (one time pad)
Vernam Cipher (one time pad) Problem
Try it out

Encrypt the plaintext “safe messages”, using Hill cipher for the given key:
“ciphering”.
Encrypt NOTHING IS AS IT SEEMS using rail fence cipher.
Encrypt NOTHING IN THE WORLD IS MORE DANGEROUS THAN SINCERE
IGNORANCE AND CONSCIENTIOUS STUPIDITY with a key of k = 9 columns.
Suppose the ciphertext is: GPSDO AILTI VRVAA WETEC NITHM EDLHE TALEA
ONME. If it is known that the key is k = 7, find the plaintext.
Steganography
• Steganography is the practice of concealing information within
another message or physical object to avoid detection.
• It can be used to hide virtually any type of digital content, including
text, image, video, or audio content. That hidden data is then
extracted at its destination.
• Content concealed through steganography is
sometimes encrypted before being hidden within another file format.
If it isn’t encrypted, then it may be processed in some way to make it
harder to detect.
Types
• Text steganography
• Image steganography
• Audio steganography
• Video steganography
• Network steganography
 Examples
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a painting they’ve
done)
• Backward masking a message in an audio file (remember those stories of evil
messages recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a particular
frame rate
• Embedding a secret message in either the green, blue, or red channels of an RRB
image
Difference between Cryptography and
Steganography
Factors Steganography Cryptography

It's a method to conceal the fact that It's a method for making
Explanation
communication is taking place information unintelligible

Aim Maintain communication security Enable data protection

Optional, but increases security when

Key Necessary prerequisite
utilized

Data Visibility No Yes

You can recover the original

Once hidden information is decoded, the message from the ciphertext if
Failure
data can be used by anyone you can access the decryption
key

Does not modify the data's general Modifies the overall data
Data Structure
structure structure