Cryptography and

Network Security
Module 1: Introduction to Cryptography and Types
of Ciphers
Introduction to Cryptography
• What is Cryptography?
• Importance in securing data
• Historical examples of cryptography
What is Cryptography?
• Secure Communication
• Encryption and Decryption
• Integrity Checks
• Non-repudiation
• Types and Algorithms

3
Importance in securing data
• Confidentiality
• Authentication
• Secure Transactions
• Regulatory Compliance
• Data Integrity

4
Historical examples of cryptography
• Caesar Cipher
• Scytale
• Zimmermann Telegram
• Navajo Code Talkers
• Public Key Cryptography

5
Model of Network Security
• Overview of Network Security Models
• Explaining the layered approach
Overview of Network Security Models
• Confidentiality, Integrity, and Availability (CIA)
Model
• Parkerian Hexad
• Layered Security Model
• The OSI Security Architecture
• ISO/IEC 27001 Standard

7
Explaining the layered approach
• Preventive Layer
• Detective Layer
• Corrective Layer
• Deterrent Layer
• Recovery Layer

8
OSI Model Layers

9
Security Attacks
• What are active and passive attacks?
• Real-world examples of each type
Active Attacks
• Active attacks involve the alteration of data or
systems.
• In these attacks, the attacker intervenes or alters
the communication by inserting, deleting, or
modifying the data.
• The primary objective is to disrupt the normal
functionality of network services or to gain
unauthorized access to perform malicious
actions.

11
• Examples of Active Attacks:
• Denial-of-Service (DoS) Attacks
• Man-in-the-Middle (MitM) Attacks
• Session Hijacking
• SQL Injection
• DNS Spoofing

12
Passive Attacks
• Passive attacks involve monitoring or
eavesdropping on communications.
• The attacker does not modify the content of the
communication;
• Instead, they clandestinely gather information
from the system without the user's knowledge,
which is often undetectable.

13
• Examples of Passive Attacks
• Traffic Analysis
• Eavesdropping
• Wiretapping
• Packet Sniffing
• Shoulder Surfing

14
Authentication Services
• Overview of authentication mechanisms
• Example of a typical authentication process flow
Overview of Authentication
Mechanisms
• Knowledge-Based Authentication (KBA)
• Token-Based Authentication
• Biometric Authentication
• Multi-Factor Authentication (MFA)
• Certificate-Based Authentication
• Behavioral Biometrics

16
Example of a Typical Authentication
Process Flow

17
18
19
20
Access Control
• Explaining access control
• Example of Role-Based Access Control System
Explanation
Access control is a fundamental security concept
that restricts and regulates who or what can view
or use resources in a computing environment.
Here’s an overview of the mechanisms involved:
1. Identification
2. Authentication
3. Authorization
4. Accountability
5. Audit

22
Example of RBAC
• RBAC is an approach where access decisions are
based on the roles that individual users have
within the organization. Here’s how a typical
RBAC system might work:
1. Role Definition
2. Assign Roles
3. Permissions Assignment
4. Access Decision
5. Enforcement

23
Real-World Example:
• In a hospital, the RBAC system might assign
different access rights to different roles:
• Doctors: Access to all medical records and the
ability to prescribe medications.
• Nurses: Access to medical records but cannot
prescribe medications.
• Administrative Staff: Access only to
administrative files and not to detailed medical
records

24
Data Confidentiality
• Data confidentiality refers to measures
implemented to ensure that sensitive
information is accessible only to those
authorized to view it.
• Protecting the confidentiality of data is crucial
for maintaining privacy, securing business
information, ensuring customer trust, and
complying with regulatory requirements.
• Here are several methods widely used to ensure
data confidentiality:
• Encryption
• Access Control
• Data Masking
• Secure Socket Layer (SSL)/Transport Layer Security
(TLS)
• Data Minimization
• Digital Rights Management (DRM)
• Steganography
• End-to-End Encryption (E2EE)

26
Data Integrity and
Nonrepudiation
• Data integrity is a crucial aspect of information
security that ensures information is accurate,
reliable, and unaltered during storage,
transmission, or processing.
• Maintaining the integrity of data is fundamental
for the operational effectiveness of organizations,
ensuring the trustworthiness of their
information systems and databases, and for
regulatory compliance.
• Here are several key points that highlight the
importance of data integrity:
• Trust and Reliability
• Regulatory Compliance
• Security
• Operational Performance
• Audit and Traceability

28
Example: Digital Signature Workflow

29
• A digital signature is an electronic form of a
signature that can be used to verify the
authenticity of the signer, as well as to ensure the
integrity of the document signed.
• Here’s how the digital signature workflow
operates:
• Document Creation
• Hashing
• Signing the Hash
• Appending the Signature
• Verification by the Recipient
• Integrity Check
• Authentication

30
Introduction to Ciphers
• Ciphers are methods of encrypting information,
and they are primarily categorized into two
types:
• substitution ciphers
• transposition ciphers.
• Both types alter the original text in different
ways to secure the information and prevent
unauthorized access.
Substitution Ciphers
• In substitution ciphers, the letters of the
plaintext are replaced by other letters or
symbols, but the order of the original letters
remains unchanged.
• Each letter or group of letters is replaced
consistently throughout the message.

32
• Key Features:
• Single-letter substitution ciphers: Each letter in the
plaintext is replaced with another letter. The Caesar
Cipher is a well-known example.
• Polyalphabetic substitution ciphers: These use
multiple cipher alphabets to encrypt the text. The
Vigenère Cipher is a classic example, where the
substitution alphabet shifts with each letter based on
a repeating keyword.

33
Transposition Ciphers
• Transposition ciphers, retain the original letters
but scramble their order according to a defined
systematic method.
• The actual plaintext letters are not disguised, but
their sequence is changed, which hides the
original message's meaning.

34
• Key Features:
• Columnar transposition: The text is written out in
rows of a fixed length, and then it is read out again
column by column as per a defined sequence.
• Rail Fence Cipher: The text is written down in a
zigzag pattern on multiple levels, and then read off
level by level.

35
Example: How the Caesar Cipher
Works
The Caesar Cipher is one of the simplest and most
widely known encryption techniques.
It is a type of substitution cipher in which each
letter in the plaintext is shifted a certain number of
places down or up the alphabet.

36
Here’s how it works:
1.Choose a Shift Number: This number will be used to
shift each letter in the plaintext. For example, a shift
of 3.
2.Encrypt the Plaintext: For each letter in the
plaintext, shift it by the chosen number in the
alphabet. If the shift is 3, then A becomes D, B
becomes E, C becomes F, and so on.
3.Handling the Alphabet Wrap-around: If the letter
shift moves past Z, it wraps around to the beginning
of the alphabet. For instance, with a shift of 3, Z would
become C.

37
4. Example:
1. Plaintext: HELLO
2. Shift: 3
3. Ciphertext: KHOOR
5.Here, H is shifted to K, E to H, L to O, L to O, and O
to R.
6.Decryption: To decrypt, the receiver of the
message would shift the ciphertext letters in the
opposite direction by the same shift number.

38
Advanced Substitution Ciphers
• The field of classical cryptography includes
several types of ciphers that encrypt data in
different ways.
• Each type offers unique methods and
complexities that increase the security of the
encrypted message.
• Different types are
• monoalphabetic,
• polyalphabetic,
• Playfair,
• Hill ciphers
Monoalphabetic Cipher
• A monoalphabetic cipher uses a fixed
substitution over the entire message, meaning
each letter of the plaintext is always replaced by
the same letter of the ciphertext.
• Characteristics:
• Simple Substitution Cipher: One of the oldest
methods, where each letter in the plaintext is
replaced by a letter with a fixed shift in the alphabet.
• Vulnerability: Susceptible to frequency analysis
because each letter is replaced in the same way
throughout the message.

40
Polyalphabetic Cipher
• A polyalphabetic cipher uses multiple
substitution alphabets to encrypt the data. The
use of more than one alphabet reduces the
effectiveness of frequency analysis by an attacker.
• Characteristics:
• Vigenère Cipher: A well-known polyalphabetic
cipher. It uses a keyword to determine which of
several substitution alphabets to use. The keyword is
repeated or truncated to match the length of the
plaintext, and each letter in the plaintext is encrypted
by the corresponding letter in the keyword.
• Security: More secure than monoalphabetic ciphers
due to the use of multiple alphabets which makes
frequency analysis more difficult.

41
Playfair Cipher
• The Playfair cipher was the first practical digraph
substitution cipher. Instead of replacing letters
individually, it encrypts pairs of letters
(digraphs), making it more secure against
frequency analysis.

42
• Characteristics:
• Encryption Rule: If a pair is in the same row, replace
it with letters to their immediate right respectively
(wrap around to the beginning of the row if needed).
If the pair is in the same column, replace it with
letters directly below (wrap to the top if necessary). If
the pair forms a rectangle, replace them with letters
on the same row respectively but at the opposite
corners of the rectangle.
• Handling Repeats and Odd Number of Letters:
Commonly, a dummy letter 'X' is added to break
repeated letters or to complete an odd-length
message.

43
Hill Cipher
• The Hill cipher uses linear algebra to transform
characters from the plaintext into different
characters in the ciphertext. It encrypts multiple
letters at once using a matrix multiplier.
• Characteristics:
• Matrix Multiplication: It involves encoding a
message by multiplying a matrix (key) by a vector
(plaintext digits) to produce a vector (ciphertext
digits). The matrix used as the key must have an
inverse to ensure decryption is possible.
• Complexity: Provides substantial security because it
can mix several plaintext letters together, making it
resistant to all the traditional cryptanalytic attacks.

44
Practical Applications
• Monoalphabetic and Polyalphabetic Ciphers:
Often used in educational tools and basic
security applications where high security is not a
concern.
• Playfair Cipher: Historically significant in
military contexts, though no longer used due to
the advent of more secure encryption methods.
• Hill Cipher: Not typically used in modern
cryptographic applications but serves as an
excellent educational tool for understanding
concepts of matrix mathematics in encryption.

45
Block and Stream Ciphers
• Block ciphers and stream ciphers are two
fundamental types of symmetric encryption,
each with unique characteristics and
applications.
• Understanding their differences is crucial for
choosing the right encryption method based on
specific security needs.
• Additionally, the Feistel cipher structure is a
significant design used in many block ciphers,
providing a strong framework for creating secure
cryptographic systems.
Block Ciphers
• Functionality: Block ciphers encrypt data in
fixed-size blocks (typically 64 or 128 bits) using
a deterministic algorithm and a symmetric key. If
the plaintext does not exactly fit into a block,
padding is added to make it fit.
• Examples: AES (Advanced Encryption Standard),
DES (Data Encryption Standard), and Blowfish.

47
• Advantages:
• Error Propagation: An error in one block does not
propagate; each block is encrypted independently.
• Suitable for Storage: Ideal for encrypting large
amounts of data at rest, such as database encryption
or file encryption, where data size is predictable and
alterations are infrequent.
• Disadvantages:
• Processing Overhead: Encrypting block by block
may introduce latency, making block ciphers less
suitable for streaming data or real-time
communications.

48
Stream Ciphers
• Functionality: Stream ciphers encrypt plaintext
one byte or bit at a time, often combining the
plaintext with a pseudorandom cipher digit
stream (keystream). They are designed to be
exceptionally fast and operate in real time.
• Examples: RC4 (though it's now considered
insecure), Salsa20, and ChaCha20.

49
 Feature Block Ciphers Stream Ciphers
Encrypts data in fixed-size blocks (e.g., Encrypts data one byte or bit at a
Basic Function 64 or 128 bits). time.
Uses symmetric key to apply a Combines plaintext with a
Key Characteristics deterministic algorithm. pseudorandom keystream.
RC4 (now considered insecure),
Common Algorithms AES, DES, Blowfish Salsa20, ChaCha20
Limited to one block; errors do not An error affects only the specific bit
Error Propagation propagate to other blocks. or byte; minimal spread.
Best for data at rest (e.g., files, Ideal for streaming or real-time data
Data Suitability databases). (e.g., video, audio).
Generally slower due to complexity; Faster and more efficient, especially
Operational Efficiency higher processing overhead. in constrained environments.
Encryption Output Output is typically larger due to Output size is generally equal to the
padding requirements. input size.
Independent block encryption provides Highly efficient, suitable for real-time
Advantages strong security. encryption.
Disadvantages Slower; may introduce latency in data Key reuse can lead to significant
processing. security vulnerabilities.
Encrypted communication like VoIP
Use Cases File encryption, secure data storage. and live broadcasts.

50
• Advantages:
• Efficiency: Stream ciphers are generally faster and
use less memory, making them suitable for
environments with limited resources.
• Flexibility in Data Handling: Ideal for encrypting
streaming or real-time data, such as VoIP calls or live
video streams, where data is transmitted
continuously and sequentially.
• Disadvantages:
• Vulnerability to Synchronization Errors: Losing
synchronization between the sender and receiver's
keystream can lead to data compromise.
• Sensitive to Repeated Use of Key: Using the same
key more than once can lead to security
vulnerabilities, especially if part of the keystream is
known or can be predicted.

51
Feistel Cipher Structure
• The Feistel Cipher structure is a common design
model used in many block cipher algorithms.
• Named after Horst Feistel, it is notable for its
method of splitting the block into two halves,
which are then processed through several rounds
where functions including substitution,
permutation, and mixing with keys are applied.

52
• How It Works:
1. Splitting: The plaintext block is split into two equal
halves, L0​and R0R​.
2.Processing Rounds:
1. For each round i, the right half Ri−1is passed through a
function F that operates on Ri−1​and a subkey Ki​. The output
of this function is then XORed with the left half Li−1.
2. The result of the XOR operation becomes the right half Ri ​
for the next round, and Ri−1​becomes Li ​.
3.Swapping: After the final round, the halves are
swapped to produce the final ciphertext.
4.Key Scheduling: The cipher uses a series of different
keys for different rounds, derived from the main key.

53
• Features:
• Reversibility: A crucial property of the Feistel
structure is that the decryption process is very
similar to the encryption process, using the subkeys
in reverse order, which simplifies the design
significantly.
• Flexibility: The function FFF can be very complex,
providing robust security, but the overall structure of
the cipher remains manageable and efficient.
The Feistel Cipher structure is used in many well-
known encryption algorithms, including DES and
Blowfish. Its design balances complexity and
efficiency, making it a cornerstone in the field of
cryptography.

54
• Solved Examples