INFORMATION SECURITY

UNIT I

Introduction
Computer Security

Computer security basically is the protection of computer systems and information from harm, theft, and
unauthorized use. It is the process of preventing and detecting unauthorized use of your computer
system.

Information Security

Information security is securing information from unauthorized access, modification & deletion.

Security Attacks
An attack is an information security that involves an attempt to obtain, alter, destroy, remove, implant or reveal
information without authorized access or permission.

i) Vulnerabilities
A vulnerability is a weakness in the security system, for example, in procedures,
design, or implementation, that might be exploited to cause loss or harm. For
instance, a particular system may be vulnerable to unauthorized data manipulation
because the system does not verify a user's identity before allowing data access.
ii) Threats

Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter,
erase, harm object or objects of interest.

There are many threats to a computer system, including human-initiated and

computer-initiated ones.
iii) Attacks

A human who exploits a vulnerability perpetrates an attack on the system. An attack can also be
launched by another system, as when one system sends an overwhelming set of messages to
another, virtually shutting down the second system's ability to function.

iv) Control

A control is an action, device, procedure, or technique that removes or reduces a vulnerability.

To describe the relationship among threats, controls, and vulnerabilities in this way:

A threat is blocked by control of a vulnerability.

• An interception means that some unauthorized party has gained access to an

asset. The outside party can be a person, a program, or a computing system.
Examples of this type of failure are illicit copying of program or data files, or
wiretapping to obtain data in a network. Although a loss may be discovered
fairly quickly, a silent interceptor may leave no traces by which the
interception can be readily detected.

• In an interruption, an asset of the system becomes lost, unavailable, or

unusable. An example is malicious destruction of a hardware device, erasure of
a program or data file, or malfunction of an operating system file manager so
that it cannot find a particular disk file.

• If an unauthorized party not only accesses but tampers with an asset, the
threat is a modification. For example, someone might change the values in a
database, alter a program so that it performs an additional computation, or
 modify data being transmitted electronically. It is even possible to modify
hardware. Some cases of modification can be detected with simple measures,
but other, more subtle, changes may be almost impossible to detect.

• Finally, an unauthorized party might create a fabrication of counterfeit

objects on a computing system. The intruder may insert spurious transactions
to a network communication system or add records to an existing database.
Sometimes these additions can be detected as forgeries, but if skillfully done,
they are virtually indistinguishable from the real thing.

Method, Opportunity, and Motive (MOM)

A malicious attacker must have three things:

• method: the skills, knowledge, tools, and other things with which to be able to
pull off the attack

• opportunity: the time and access to accomplish the attack

• motive: a reason to want to perform this attack against this system

 Knowledge of systems is widely available. Mass-market systems (such as the

Microsoft or Apple or Unix operating systems) are readily available, as are
common products, such as word processors or database management systems.

 Sometimes the manufacturers release detailed specifications on how the system

was designed or operates, as guides for users and integrators who want to
implement other complementary products. But even without documentation,
attackers can purchase and experiment with many systems. Often, only time and
inclination limit an attacker.
 It is difficult to determine motive for an attack. Some places are what are called
"attractive targets," meaning they are very appealing to attackers. Popular targets
include law enforcement and defense department computers, perhaps because
they are presumed to be well protected against attack.
 Other systems are attacked because they are easy. And other systems are attacked
simply because they are there: random, unassuming victims.

Computer Criminals
 For the purposes of studying computer security, we say computer crime is any
crime involving a computer or aided by the use of one. Although this definition
 is admittedly broad, it allows us to consider ways to protect ourselves, our
businesses, and our communities against those who use computers maliciously.
 One approach to prevention or moderation is to understand who commits these
crimes and why. Many studies have attempted to determine the characteristics
of computer criminals. By studying those who have already used computers to
commit crimes, we may be able in the future to spot likely criminals and
prevent the crimes from occurring. In this section, we examine some of these
characteristics.

Amateurs

Amateurs have committed most of the computer crimes reported to date. In the same
sense, most computer criminals are ordinary computer professionals or users who,
while doing their jobs, discover they have access to something valuable.

When no one objects, the amateur may start using the computer at work to write
letters, maintain soccer league team standings, or do accounting. This apparently
innocent time-stealing may expand until the employee is pursuing a business in
accounting, stock portfolio management, or desktop publishing on the side, using
the employer's computing facilities.

Crackers or Malicious Hackers

 System crackers often high school or university students, attempt to access

computing facilities for which they have not been authorized. Cracking a
computer's defenses is seen as the ultimate victimless crime.
 Most crackers can do their harm without confronting anybody, not even making a
sound. In the absence of explicit warnings not to trespass in a system, crackers infer
that access is permitted

 Others attack for curiosity, personal gain, or self-satisfaction. And still others enjoy
causing chaos, loss, or harm.

 There is no common profile or motivation for these attackers.

Career Criminals

 The career computer criminal understands the targets of computer crime.

 Criminals begin as computer professionals who engage in computer crime,

finding the prospects and payoff good.
  Recently, electronic spies and information brokers have begun to recognize
that trading in companies' or individuals' secrets can be lucrative.

Terrorists

The link between computers and terrorism is quite evident. We see terrorists using
computers in three ways:

• targets of attack: denial-of-service attacks and web site defacements are

popular for any political organization because they attract attention to the
cause and bring undesired negative attention to the target of the attack.

• propaganda vehicles: web sites, web logs, and e-mail lists are effective, fast,
and inexpensive ways to get a message to many people.

• methods of attack: to launch offensive attacks requires use of computers.

Methods of Defense
Harm occurs when a threat is realized against a vulnerability. To protect against
harm, then, we can neutralize the threat, close the vulnerability, or both. The
possibility for harm to occur is called risk. To deal with harm in several ways.

• prevent it, by blocking the attack or closing the vulnerability

• deter it, by making the attack harder but not impossible

• deflect it, by making another target more attractive (or this one less so)

• detect it, either as it happens or sometime after the fact

• recover from its effects

Controls

To consider the controls or countermeasures that attempt to prevent exploiting a

computing system's vulnerabilities, we begin by thinking about traditional ways to
enhance physical security. In the Middle Ages, castles and fortresses were built to
protect the people and valuable property inside. The fortress might have had one or
more security characteristics, including

• A strong gate or door, to repel invaders

• Heavy walls to withstand objects thrown or projected against them

 • A surrounding moat, to control access

• Arrow slits, to let archers shoot at approaching enemies

• Crenellations to allow inhabitants to lean out from the roof and pour hot or
vile liquids on attackers

• A drawbridge to limit access to authorized people

• Gatekeepers to verify that only authorized people and goods could enter

Encryption

 Encryption is the formal name for the scrambling process. We take data in
their normal, unscrambled state, called cleartext, and transform them so that
they are unintelligible to the outside observer; the transformed data are
called enciphered text or ciphertext. Using encryption, security
professionals can virtually nullify the value of an interception and the
possibility of effective modification or fabrication.

 Encryption clearly addresses the need for confidentiality of data. Additionally,

it can be used to ensure integrity; data that cannot be read generally cannot
easily be changed in a meaningful manner.

 Encryption is the basis of protocols that enable us to provide security while

accomplishing an important system or network task.

 A protocol is an agreed-on sequence of actions that leads to a desired result.

For example, some operating system protocols ensure availability of resources
as different tasks and users request them.

 Thus, encryption can also be thought of as supporting availability. That is,

encryption is at the heart of methods for ensuring all aspects of computer
security.

 Although encryption is an important tool in any computer security tool kit,

we should not overrate its importance.

 Encryption does not solve all computer security problems, and other tools
must complement its use. Furthermore, if encryption is not used properly, it
may have no effect on security or could even degrade the performance of
the entire system. Weak encryption can actually be worse than no
encryption at all, because it gives users an unwarranted sense of protection.
Software Controls

If encryption is the primary way of protecting valuables, programs themselves are the
second facet of computer security. Programs must be secure enough to prevent
outside attack.

Program controls include the following:

• internal program controls: parts of the program that enforce security

restrictions, such as access limitations in a database management program

• operating system and network system controls: limitations enforced by the

operating system or network to protect each user from all other users

• independent control programs: application programs, such as password

checkers, intrusion detection utilities, or virus scanners, that protect against
certain types of vulnerabilities

• development controls: quality standards under which a program is designed,

coded, tested, and maintained to prevent software faults from becoming
exploitable vulnerabilities

Hardware Controls
Numerous hardware devices have been created to assist in providing computer
security. These devices include a variety of means, such as

• hardware or smart card implementations of encryption

• locks or cables limiting access or deterring theft

• devices to verify users' identities

• firewalls

• intrusion detection systems

• circuit boards that control access to storage media

Policies and Procedures

 Sometimes, we can rely on agreed-on procedures or policies among users
rather than enforcing security through hardware or software means.
 In fact, some of the simplest controls, such as frequent changes of passwords,
can be achieved at essentially no cost but with tremendous effect.
 Training and administration follow immediately after establishment of policies,
 to reinforce the importance of security policy and to ensure their proper use.

 We must not forget the value of community standards and expectations when
we consider how to enforce security.

 There are many acts that most thoughtful people would consider harmful, and
we can leverage this commonality of belief in our policies.

 For this reason, legal and ethical controls are an important part of computer
security. However, the law is slow to evolve, and the technology involving
computers has emerged relatively suddenly.

 Although legal protection is necessary and desirable, it may not be as

dependable in this area as it would be when applied to more well-understood
and long-standing crimes.

Physical Controls
Some of the easiest, most effective, and least expensive controls are physical
controls. Physical controls include locks on doors, guards at entry points, backup
copies of important software and data, and physical site planning that reduces the risk
of natural disasters. Often the simple physical controls are overlooked while we seek
more sophisticated approaches.

Elementary Cryptography
Terminology and Background

Cryptography

Cryptography is associated with the process of converting ordinary plain text into
unintelligible text and vice-versa.

It is a method of storing and transmitting data in a particular form so that only those for whom
it is intended can read and process it.

Cryptography not only protects data from theft or alteration, but can also be used for user
authentication.

Consider the steps involved in sending messages from a sender, S, to a recipient, R. If

S entrusts the message to T, who then delivers it to R, T then becomes the transmission
medium.

If an outsider, O, wants to access the message (to read, change, or even destroy it), we
call O an interceptor or intruder.
Any time after S transmits it via T, the message is vulnerable to exploitation, and O
might try to access the message in any of the following ways:

• Block it, by preventing its reaching R, thereby affecting the availability of the
message.

• Intercept it, by reading or listening to the message, thereby

affecting the confidentiality of the message.

• Modify it, by seizing the message and changing it in some way, affecting the
message's integrity.

• Fabricate an authentic-looking message, arranging for it to be delivered as if

it came from S, thereby also affecting the integrity of the message.

A message's vulnerabilities reflect the four possible security failures we identified .

Fortunately, encryption is a technique that can address all these problems.
Encryption, probably the most fundamental building block of secure computing, is a
means of maintaining secure data in an insecure environment.

Terminology

Encryption is the process of encoding a message so that its meaning is not

obvious. Decryption is the reverse process, transforming an encrypted message
back into its normal, original form.

 Alternatively, the terms encode and decode or encipher and decipher are used
instead of encrypt and decrypt.

 That is, we say that we encode, encrypt, or encipher the original message to
hide its meaning. Then, we decode, decrypt, or decipher it to reveal the
original message.

 A system for encryption and decryption is called a cryptosystem.

The original form of a message is known as plaintext, and the encrypted form is
called ciphertext.
In the figure, we denote a plaintext message P as a sequence of individual characters
P = <p1, p2, …, pn>. Similarly, ciphertext is written as C = <c1, c2, …, cm>. For
instance, the plaintext message "I want cookies" can be denoted as the message
string <I, ,w,a,n,t, , c,o,o,k,i,e,s>. It can be transformed into ciphertext <c1, c2, …,
c14>, and the encryption algorithm tells us how the transformation is done.
Plaintext vs. Ciphertext

 P(plaintext): the original form of a message

 C(ciphertext): the encrypted form

Basic operations

 plaintext to ciphertext encryption: C = E(P)

 ciphertext to plaintext  decryption: P = D(C)
 requirement: P = D(E(P))

Encryption Algorithms
The cryptosystem involves a set of rules for how to encrypt the plaintext and how to
decrypt the ciphertext.
The encryption and decryption rules, called algorithms, often use a device called a
key, denoted by K, so that the resulting ciphertext depends on the original plaintext
message, the algorithm, and the key value. We write this dependence as C = E(K,
P). Essentially, E is a set of encryption algorithms, and the key K selects one specific
algorithm from the set. We see later in this chapter that a cryptosystem, such as the
Caesar cipher, is keyless but that keyed encryptions are more difficult to break.

Sometimes the encryption and decryption keys are the same, so P = D(K, E(K,P)). This
form is called symmetric encryption because D and E are mirror-image processes. At
other times, encryption and decryption keys come in pairs.

Then, a decryption key, KD, inverts the encryption of key KE so that P = D(KD,
E(KE,P)). Encryption algorithms of this form are called asymmetric because
converting C back to P involves a series of steps and a key that are different from the
steps and key of E. The difference between symmetric and asymmetric encryption is
shown in Figure.
 A key gives us flexibility in using an encryption scheme. We can create different
encryptions of one plaintext message just by changing the key. Moreover, using a key
provides additional security. If the encryption algorithm should fall into the
interceptor's hands, future messages can still be kept secret because the interceptor
will not know the key value. An encryption scheme that does not require the use of a
key is called a keyless cipher.

Encryption has been used for centuries to protect diplomatic and military
communications, sometimes without full success. The word cryptography means
hidden writing, and it refers to the practice of using encryption to conceal text. A
cryptanalyst studies encryption and encrypted messages, hoping to find the hidden
meanings.

Both a cryptographer and a cryptanalyst attempt to translate coded material back to

its original form. Normally, a cryptographer works on behalf of a legitimate sender or
receiver, whereas a cryptanalyst works on behalf of an unauthorized interceptor.

Cryptanalysis
A cryptanalyst's chore is to break an encryption. That is, the cryptanalyst
attempts to deduce the original meaning of a ciphertext message. Better yet, he or
she hopes to determine which decrypting algorithm matches the encrypting
algorithm so that other messages encoded in the same way can be broken. For
instance, suppose two countries are at war and the first country has intercepted
encrypted messages of the second.
Cryptanalysts of the first country want to decipher a particular message so
 that the first country can anticipate the movements and resources of the second. But
it is even better to discover the actual decryption algorithm; then the first country
can easily break the encryption of all messages sent by the second country.

Thus, a cryptanalyst can attempt to do any or all of six different things:

• Break a single message

• Recognize patterns in encrypted messages, to be able to break subsequent

ones by applying a straightforward decryption algorithm

• Infer some meaning without even breaking the encryption, such as noticing an
unusual

Breakable Encryption

An encryption algorithm is called breakable when, given enough time and data,
an analyst can determine the algorithm. However, an algorithm that is theoretically
breakable may in fact be impractical to try to break. To see why, consider a 25-
character message that is expressed in just uppercase letters. A given cipher scheme
may have 26 25 (approximately 1035) possible decipherments, so the task is to select the
right one out of the 2625.
If your computer could perform on the order of 10 10 operations per second,
finding this decipherment would require on the order of 10 16 seconds, or roughly 10 11
years. In this case, although we know that theoretically we could generate the
solution, determining the deciphering algorithm by examining all possibilities can be
ignored as infeasible with current technology.

Two other important issues must be addressed when considering the breakability
of encryption algorithms. First, the cryptanalyst cannot be expected to try only the
hard, long way. In the example just presented, the obvious decryption might require
2625 machine operations, but a more ingenious approach might require only 10 15
operations.

At the speed of 10 10 operations per second, 10 15 operations take slightly more

than one day. The ingenious approach is certainly feasible. As we see later in this
chapter, some of the algorithms we study in this book are based on known "hard"
problems that take an unreasonably long time to solve. But the cryptanalyst does not
necessarily have to solve the underlying problem to break the encryption of a single
message.
 Second, estimates of breakability are based on current technology. An enormous
advance in computing technology has occurred since 1950. Things that were
infeasible in 1940 became possible by the 1950s, and every succeeding decade has
brought greater improvements. A conjecture known as "Moore's Law" asserts that the
speed of processors doubles every 1.5 years, and this conjecture has been true for
over two decades. It is risky to pronounce an algorithm secure just because it cannot
be broken with current technology, or worse, that it has not been broken yet.

Representing Characters

To study ways of encrypting any computer material, whether it is written as

ASCII characters, binary data, object code, or a control stream. However, to simplify
the explanations, we begin with the encryption of messages written in the standard
26-letter English alphabet, A through Z.
Throughout the book, we use the convention that plaintext is written in
UPPERCASE letters, and ciphertext is in lowercase letters. Because most encryption
algorithms are based on mathematical transformations, they can be explained or
studied more easily in mathematical form. To switch back and forth between letters
and the numeric encoding of each letter as shown here.

 modular arithmetic=Y + 3 = B(24 + 3 = 27≡1mod 26)

Two forms of encryption

 Substitution : one letter is exchanged for another
 Transposition: the order of the letters is rearranged

Substitution Ciphers

To substitute a character or symbol for each character of the original message. This
technique is called a monoalphabetic cipher or simple substitution.
 Monoalphabetic cipher Substitute one letter for another
 Creates “confusion”
 There are two type of substitution ciphers
 Caesar Cipher
 i) The Caesar Cipher

The Caesar cipher has an important place in history. Julius Caesar is said to have
been the first to use this scheme, in which each letter is translated to the letter a
fixed number of places after it in the alphabet. Caesar used a shift of 3, so plaintext
letter pi was enciphered as ciphertext letter ci by the rule

ci = E(pi) = pi + 3

A full translation chart of the Caesar cipher is shown here.

Plaintext :A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Ciphertext :d e f g h i j k l m no p q r s t u v wx y z a b c

Using this encryption, the message

TREATY IMPOSSIBLE

would be encoded as

T R E A T Y I M P O S S I B LE
w uhd w b l p s r v v l e o h

Advantages and Disadvantages of the Caesar Cipher

 The increased security possible with variant multilateral systems is the major advantage.
 The major disadvantage is that by substituting more than one character of ciphertext for each
plaintext value, the length of messages and resulting transmission times are increased.

Cryptanalysis of the Caesar Cipher

Let us take a closer look at the result of applying Caesar's encryption technique to
"TREATY IMPOSSIBLE." If we did not know the plaintext and were trying to
guess it, we would have many clues from the ciphertext. For example, the break
between the two words is preserved in the ciphertext, and double letters are
preserved: The SS is translated to vv. We might also notice that when a letter is
repeated, it maps again to the same ciphertext as it did previously. So the letters T,
I, and E always translate to w, l, and h. These clues make this cipher easy to break.

Suppose you are given the following ciphertext message, and you want to try to
determine the original plaintext.

wklv phvvdjh lv qrw wrr kdug wr euhdn

The message has actually been enciphered with a 27-symbol alphabet: A through Z
plus the "blank" character or separator between words. As a start, assume that the
coder was lazy and has allowed the blank to be translated to itself. If your assumption
is true, it is an exceptional piece of information; knowing where the spaces are allows
us to see which are the small words. English has relatively few small words, such as
am, is, to, be, he, we, and, are, you, she, and so on. Therefore, one way to attack this
problem and break the encryption is to substitute known short words at appropriate
places in the ciphertext until you have something that seems to be meaningful. Once
the small words fall into place, you can try substituting for matching characters at
other places in the ciphertext.

Look again at the ciphertext you are decrypting. There is a strong clue in the
repeated r of the word wrr. You might use this text to guess at three-letter words that
you know. For instance, two very common three-letter words having the pattern xyy
are see and too; other less common possibilities are add, odd, and off. (Of course, there
are also obscure possibilities like woo or gee, but it makes more sense to try the
common cases first.) Moreover, the combination wr appears in the ciphertext, too, so
you can determine whether the first two letters of the three-letter word also form a
two-letter word.

For instance, if wrr is SEE, wr would have to be SE, which is unlikely. However, if wrr is
TOO, wr would be TO, which is quite reasonable. Substituting T for w and O for r, the
message becomes

wklv phvvdjh lv qrw wrr kdug

wr euhdn T--- ------- -- -OT
TOO ---- TO -----

The OT could be cot, dot, got, hot, lot, not, pot, rot, or tot; a likely choice is not.
Unfortunately, q = N does not give any more clues because q appears only once in
this sample.

One-Time Pads
 A one-time pad is sometimes considered the perfect cipher. The name comes
from an encryption method in which a large, nonrepeating set of keys is written
on sheets of paper, glued together into a pad. For example, if the keys are 20
characters long and a sender must transmit a message 300 characters in length,
 the sender would tear off the next 15 pages of keys.

 The sender would write the keys one at a time above the letters of the plaintext
and encipher the plaintext with a prearranged chart (called a Vigenère tableau)
that has all 26 letters in each column, in some scrambled order. The sender would
then destroy the used keys.

 For the encryption to work, the receiver needs a pad identical to that of the
sender. Upon receiving a message, the receiver takes the appropriate number of
keys and deciphers the message as if it were a plain substitution with a long
key. Essentially, this algorithm gives the effect of a key as long as the number
of characters in the pad.

 The one-time pad method has two problems: the need for absolute
synchronization between sender and receiver, and the need for an unlimited
number of keys. Although generating a large number of random keys is no
problem, printing, distributing, storing, and accounting for such keys are
problems.

Long Random Number Sequences

 A close approximation of a one-time pad for use on computers is a random
number generator. In fact, computer random numbers are not random; they
really form a sequence with a very long period (that is, they go for a long time
before repeating the sequence).
 In practice, a generator with a long period can be acceptable for a limited
amount of time or plaintext.

 To use a random number generator, the sender with a 300-character message

would interrogate the computer for the next 300 random numbers, scale them
to lie between 0 and 25, and use one number to encipher each character of the
plaintext message.

Vernam cipher

 The Vernam cipher is a type of one-time pad devised by Gilbert Vernam for AT&T.

 Vernam Cipher is a method of encrypting alphabetic text. It is simply a type of substitution

cipher. In this mechanism we assign a number to each character of the Plain-Text, like (a = 0, b =
1, c = 2, … z = 25).
  Method to take key:
In Vernam cipher algorithm, we take a key to encrypt the plain text which length should be equal
to the length of the plain text.

Encryption Algorithm:

1. Assign a number to each character of the plain-text and the key according to alphabetical order.
2. Add both the number (Corresponding plain-text character number and Key character number).
3. Subtract the number from 26 if the added number is grater than 26. otherwise left it.

Example
VERNAM CIPHER

the letters would first be converted to their numeric equivalents, as shown here.

V E R N A M C I P H E R

21 4 17 13 0 12 2 8 15 7 4 17

Next, we generate random numbers to combine with the letter codes. Suppose the
following series of random two-digit numbers is generated.

76 48 16 82 44 03 58 11 60 05 48 88

The encoded form of the message is the sum mod 26 of each coded letter with the
corresponding random number. The result is then encoded in the usual base-26 alphabet
representation.
 PALINTEXT: V E R N A M C I P H E R

Numeric

Eqivalent 21 4 17 13 0 12 2 8 15 7 4 17

+ Random 76 48 16 82 44 3 58 1 60 5 48 88

Number

Sum 97 52 33 95 44 15 60 19 75 12 52 105

Mod 26 19 0 7 17 18 15 8 19 23 12 0 1

Cipher text t a h r s p I t x m a b

Thus, the message

VERNAM CIPHER

is encoded as
tahrsp itxmab

Book Cipher
 Basically, the Book cipher algorithm uses letters of subsequent words in some text or book as a
key to encode a message. Figure 1 is the simplest form, usually called the "running key cipher."

 In this case, text (usually from a book) is used to provide a very long key stream.

 The book used is agreed upon in advance, while the passage used is chosen randomly for each
message and secretly indicated somewhere in a previous message.

 Few ways in which the encryption is done using a book cipher are as follows:

each word in plaintext, replaced by a word-number from the book.

each letter in plaintext, replaced by a letter/word-number.
each word in plaintext, replaced by a page number!
  An alternative approach that gets around this problem is to replace individual letters rather than
words, in which case the Book cipher is properly a cipher. Figure 2 illustrates the concept.

 We are encoding a message "DRDOBBS" using the same passage from Harry Potter and the
Order of the Phoenix.

 To code the letter "D," we look for the first word in the passage starting with "D" (it's the 6th
word, "did"). Then we look for the first word starting with "R" (the 11th word, "rang"), then for
the next word starting with "D" (the 16th word, "down"), and so on. The final ciphertext is 6, 11,
16, 17, 2, 10, 15.

Transpositions (Permutations)
 an encryption in which the letters of the message are rearranged
 A transposition is a cryptography that rearrangement of the symbols of a message
 With transposition, the cryptography aims for diffusion, widely spreading the
information from the message or the key across the ciphertext.

Substitution vs. Transposition

The goal of a substitution: confusion
The goal of a transposition: diffusion
Columnar Transpositions

 The columnar transposition is a rearrangement of the characters of the

plaintext into columns.

 The following set of characters is a five-column transposition. The plaintext

characters are written in rows of five and arranged one row after another, as
shown here.

For instance, suppose you want to write the plaintext message THIS IS A MESSAGE TO
SHOW HOW A COLUMNAR TRANSPOSITION WORKS. We arrange the letters in five
columns as T H I S I
S A M E S
S A G E T
O S H O W
H O W A C
O L U M N
A R T R A
 N S P O S
I T I O N
W O R K S

The resulting ciphertext would then be read down the columns as

tssoh oaniw haaso lrsto

imghw utpir seeoa mrook
istwc nasns

In this example, the length of this message happens to be a multiple of five, so all
columns are the same length. However, if the message length is not a multiple of the
length of a row, the last columns will be one or more letters short. When this happens,
we sometimes use an infrequent letter, such as X, to fill in any short columns.

Encipherment/Decipherment Complexity

Digrams, Trigrams, and Other Patterns

Cryptanalysis by Digram Analysis
 Positions of adjacent letters in Ciphertext
 Moving comparision

 Suppose we want to decrypt a message that has used a columnar transposition for its encryption
algorithm. The basic attack on columnar transpositions is not as precise as the attack on
substitution ciphers. Even though transpositions look less secure than substitutions, they can in
fact be more secure. Transpositions leave the plaintext letters intact, so the work for the
cryptanalyst is more exhausting; more relies on a human's judgment of what "looks right."
 The first step in analyzing the transposition is computing the letter frequencies. If we find that in
fact all letters appear with their normal frequencies, we can infer that a transposition has been
performed. Given a string of text, the trick then is to break it into columns.
 Two different strings of letters from a transposition ciphertext can represent pairs of adjacent
letters from the plaintext. The problem is to find where in the ciphertext a pair of adjacent
columns lies and where the ends of the columns are.
 We must do an exhaustive comparison of strings of ciphertext. The process compares a block of
ciphertext characters against characters successively farther away in the ciphertext. To see how
this works, imagine a moving window that locates a block of characters for checking.
 Assume the block being compared is seven characters. The first comparison is c1 to c8, c2 to c 9,
…, c7 to c14. Then, we try a distance of eight characters, and so the window of comparison shifts
and c1 is compared to c9, c2 to c10, and continuing. For a block of nine characters, the
 window shifts again to c1 against c10, and so forth.
frequency of communication or determining something by whether the
communication was short or long deduce the key, to break subsequent messages
easily find weaknesses in the implementation or environment of use of
encryption find general weaknesses in an encryption algorithm, without
necessarily having intercepted any messages

Moving Comparisons(Diagram)