Module 1.

Number Theory and Basic Cryptography

Cryptography is the practice and study of techniques for secure

communication in the presence of third parties or adversaries. It involves
creating and analyzing protocols that prevent unauthorized access to
information, as well as ensuring the integrity and con dentiality of data.
Cryptography employs mathematical algorithms to encode information in
such a way that only authorized parties can access it or understand its
content

Computer Security : The security that is provided to (AIS) automated

information systems in order to achieve objectives like preserving the
con dentiality , integrity and availability of the system’s resources like
hardware , software , rmware , communication systems etc

1.Security Goals (CIA)

The three security goals that embody the fundamental security objectives for
both data and for information and computing services are

1.Con dentiality (authorised access) : is preserving authorized restrictions

(PAR) on information access and disclosure, including means for protecting
personal privacy and proprietary information. A breach of con dentiality
occurs when information is disclosed without authorization.
Data con dentiality: Assures that private or con dential information is not
made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or in uence what information related
to them may be collected and stored and by whom and to whom that
information may be disclosed.

2.Integrity (modi cation) : is guarding against unauthorised information

modi cation or destruction, including ensuring information nonrepudiation and
authenticity. A breach of integrity is the unauthorized modi cation or
destruction of information.
Data integrity: Assures that information (both stored and in transmitted
packets) and programs are modi ed only in a speci ed and authorized
manner.
System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from unauthorized manipulation of the system.

3.Availability (service): is ensuring that systems, resources, and data are

consistently accessible and usable when needed. It encompasses the idea
that users can reliably and timely access information, services, and
fi
fi
fi
fi
fi
fi
fi
fl
fi
fi
fi
fi
fi
 functionalities without disruptions or downtime.It is ensuring timely and
reliable access to and use of information. A loss of availability is the disruption
of access to or use of information .Assures that systems work promptly and
service is not denied to authorized users.

2.Attacks
Security attack: Any action that compromises the security of information
owned by an organisation/system/entity

Security attacks are of 2 types

i. A passive attack attempts to learn , access or make use of information from
the system while the information is being transmitted but does not modify the
information itself and doesn’t affect system resources
Ii. An active attack attempts to alter/modify information being transmitted and
system resources or affect their operation.

Passive attacks :Passive attacks involve unauthorized access to information

without altering the data. These attacks aim to gather information covertly.
Passive attacks are in the form of eavesdropping on, or monitoring of,
transmissions. The goal of the attacker is to obtain information that is being
transmitted without altering it. Two types of passive attacks are the release of
message contents and traf c analysis.
i.Monitoring or Eavesdropping: Unauthorized individuals intercept and monitor
communication (data/sensitive information being transmitted) between two
parties.
eg: A telephone conversation, an electronic mail message, and a transferred
le may contain sensitive or con dential information that attackers might learn

ii.Traf c Analysis is monitoring and analysing the nature of the data being
transmitted between communicating devices . The attacker analyses the
pattern , frequency and length of the messages , the location and identity of
hosts to deduce vital information related to the nature of data being
transferred.This attack is subtle because the attacker cannot learn the data/
messages as the data is encrypted. Passive attacks are very dif cult to
detect, because they do not involve any alteration of the data. Neither the
sender nor receiver is aware that a third party has read the messages or
observed the traf c pattern. However, it is feasible to prevent the success of
these attacks, usually by means of data encryption.

Active attacks : Active attacks are malicious actions/interventions involving

deliberate and unauthorized manipulation, disruption, or destruction of data
being transmitted between two hosts , systems, or network functionality.
fi
fi
fi
fi
fi
fi
 active attacks actively alter or disturb the normal operation of computer
systems. It involves some modi cation of the data stream or the creation of a
false stream
Types
i.Masquerade : The attack in which , one entity/person/system having no or
fewer authorities pretends to be different legitimate user/entity/person/system
with more authorities in order to gain access to sensitive data or privileges is
masquerading
Example:An attacker captures authentication credentials during a legitimate
login and later replays them to impersonate a user with higher privilege to
gain access to data

ii.Replay : The attacker captures a legitimate piece of information/credentials,

often during a normal and authorized communication session, and then
replays it back at a later time to gain unauthorized access to a system , This
is replay

iii. Modi cation of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce
an unauthorized effect

iv.Denial of Service : A Denial of Service attack aims to disrupt or disable a

system, service, or network to make it inaccessible to its intended users.
Denial of service attacks aim to prevent or disrupt the normal use or
management of communication facilities
Examples:
Targeted Suppression: An entity selectively suppresses messages directed
to a speci c destination, like disabling security audit service noti cations.
Network Disruption: Overloading a network with a high volume of messages
to degrade its performance or completely disable it.

3.Security services
A service that is provided by a protocol layer of communicating open systems
that ensures adequate security of the systems or of data transfers. Security
service is a processing or communication service that is provided by a system
to give a speci c kind of protection to system resources; security services
implement security policies and are implemented by security mechanisms.
fi
fi
fi
fi
fi
 Services are of 5 categories , each category having some services , together
forming 14 services

1.Authentication : Authentication is a fundamental security service that

veri es the identity of an entity, such as a user, device, or system, to ensure
that it is who or what it claims to be. The goal of authentication is to establish
trust and control access to resources or services based on the veri ed
identity . The service must assure that the connection is not interfered with in
such a way that a third party can masquerade as one of the two legitimate
parties for the purposes of unauthorized transmission or reception

i.Peer-entity authentication : is a security mechanism that ensures the

veri cation of the identity of entities participating in a communication or
transaction . It attempts to provide con dence that an entity is not performing
either a masquerade or an unauthorized replay of a previous connection by
verifying the identity of the each entity in the connection

ii.Data-Origin authentication :In a connectionless transfer, provides assurance

that the source of received data is as claimed. Veri es the sender sending the
data

2.Access Control
The service for prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access
can occur, and what those accessing the resource are allowed to do).

3. Data Con dentiality : Con dentiality is the protection of transmitted data

from passive attacks.

i.Connection Con dentiality:

Connection con dentiality refers to the protection of all user data on a
connection. In other words, it ensures that all information transmitted over a
speci c communication link or channel is secured and cannot be accessed or
understood by unauthorized entities. This is typically achieved through
encryption mechanisms that render the data unreadable to anyone without
the proper decryption keys.

ii.Connectionless Con dentiality:

Connectionless con dentiality involves the protection of all user data in a
single data block. Unlike connection-oriented communication, where a
continuous link is established between sender and receiver, connectionless
communication treats each data block independently. In this context,
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 connectionless con dentiality ensures the secure transmission of individual
data packets or messages.

iii.Selective-Field Con dentiality:

Selective- eld con dentiality focuses on the con dentiality of speci c elds
within the user data on a connection or in a single data block. Instead of
encrypting the entire message, only certain elds are protected. This allows
for a more targeted approach, enabling con dentiality for sensitive parts of
the data while leaving other parts unencrypted.

iv.Traf c-Flow Con dentiality:

Traf c- ow con dentiality is concerned with safeguarding information that
could be derived from observing patterns or characteristics of data traf c
ows. It aims to protect against potential threats that could exploit the
knowledge gained from analyzing the frequency, size, or timing of data
transmissions. This form of con dentiality helps prevent unauthorized entities
from deducing sensitive information through traf c analysis.

4.Data Integrity:
Data integrity is the assurance that data received is exactly as sent by an
authorized entity. It ensures that the data has not been modi ed, inserted,
deleted, or replayed during transmission.

i.Connection Integrity with Recovery:

This mechanism ensures the integrity of all user data on a connection and
detects any unauthorized modi cations, insertions, deletions, or replay of
data within an entire data sequence. It goes a step further by attempting to
recover from any detected issues, restoring the data to its original state.

ii.Connection Integrity without Recovery:

Similar to the connection integrity with recovery, this approach also ensures
the integrity of all user data on a connection but provides only detection of
unauthorized modi cations, insertions, deletions, or replay. However, it does
not include a recovery mechanism.

iii.Selective-Field Connection Integrity:

This method focuses on the integrity of selected elds within the user data
transferred over a connection. It determines whether these speci c elds
have been modi ed, inserted, deleted, or replayed, offering a more targeted
approach to ensuring data integrity.

iv.Connectionless Integrity:
fl
fi
fi
fl
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 Connectionless integrity provides for the integrity of a single connectionless
data block. It aims to detect any data modi cation and, to a limited extent,
may include replay detection, which involves identifying whether the data
block has been retransmitted or replayed.

v.Selective-Field Connectionless Integrity:

This approach is similar to connectionless integrity but speci cally focuses on
the integrity of selected elds within a single connectionless data block. It
determines whether these chosen elds have been modi ed, providing a
more granular assessment of data integrity for speci c components of the
transmitted information.

5.Non-repudiation is a security service that provides protection against

denial by any party involved in a communication. It aims to prevent entities
from later denying their participation in the communication or their
involvement in certain actions. There are two main aspects of non-
repudiation:

i.Non-repudiation, Origin:
De nition: This aspect provides proof that a message was indeed sent by
the speci ed party. It ensures that the sender cannot later deny having
originated the message.
Example: When a user digitally signs an email, the recipient has proof that
the sender is indeed the party who claimed to send the message. This
prevents the sender from later denying their involvement in the
communication.

ii.Non-repudiation, Destination:
De nition: This aspect provides proof that a message was received by the
speci ed party. It ensures that the recipient cannot later deny having received
the message.
Example: When a sender receives a delivery receipt for an email, it serves
as proof that the intended recipient received the message. This prevents the
recipient from later denying that they received the communication.

4.Security Mechanisms
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
Modular Exponentiation
6.2 Euclidean Algorithm

6.3 Fermat’s Theorem

6 Modular Arithmetic
 5.Security Techniques

1.Cryptography 2.Steganography

1.Cryptography has 3 main techniques

i.Symmetric-Key Encipherment:
In symmetric-key encryption, a single key is used for both encryption and
decryption. This means that the same key is applied to both the plaintext
(original data) and the ciphertext (encrypted data). It's called "symmetric"
because the encryption and decryption keys are identical or can be easily
derived from each other.

ii.Asymmetric-Key Encipherment:
Asymmetric-key encryption involves the use of a pair of keys – a public key
and a private key. The public key is used for encryption, while the private key
is used for decryption. The keys are mathematically related, but it is
computationally infeasible to derive one key from the other.

iii.Hashing:
Hashing is a one-way process that transforms input data (or message) into a
xed-size string of characters, which is typically a hash value or hash code.
Hash functions are designed to be fast and deterministic, meaning the same
input will always produce the same hash output, but it is computationally
infeasible to reverse the process.

2.Steganography : Steganography is the practice of concealing one piece of

information within another in such a way that it is dif cult to detect or extract.
fi
fi
 Unlike cryptography, which focuses on making the content of a message
unreadable to unauthorized users, steganography aims to hide the existence
of the message itself.

i.Null ciphers : involve hiding information within a larger body of text by using
speci c patterns or arrangements of characters.Common examples include
creating a mundane text, where every nth word, or even letter, is part of the
secret message.

ii.Character Marking : Selected letters of printed or typewritten text are

overwritten in pencil.The marks are ordinarily not visible unless the paper is
held to an angle to bright light.

iii.Invisible ink:
A number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.

iv.Pin punctures:
Small pin punctures on selected letters are ordinarily not visible unless the
paper is held in front of the light.

7.Classical Encryption Techniques

Classical encryption techniques refer to historical methods of encrypting

messages that were used before the advent of modern computer-based
cryptographic algorithms.

An original message is known as the plaintext, while the coded message is

called the ciphertext. The process of convert- ing from plaintext to ciphertext
is known as enciphering or encryption; restoring the plaintext from the
ciphertext is deciphering or decryption. The many schemes used for
encryption constitute the area of study known as cryptography. Such a
scheme is known as a cryptographic system or a cipher. Techniques used
for deciphering a message without any knowledge of the enciphering details
fall into the area of crypt- analysis.
Some Classical Encryption Techniques are

7.1 Symmetric Cipher Model

7.2 Mono-alphabetic and polyalphabetic substitution techniques: Vigenere
cipher, playfair cipher, Hill cipher
7.3 Transposition techniques: keyed and keyless transposition ciphers
fi
 7.1 Symmetric Cipher Model
A symmetric cipher, also known as a symmetric-key algorithm is a
cryptographic algorithm that uses the same key for both the encryption of
plaintext (original data) and the decryption of ciphertext (encrypted data). In
other words, the same secret key is used for both the sender and the
recipient to encode and decode the message.

According to the Symmetric Cipher Model any symmetric encryption scheme

has ve ingredients
Plaintext: This is the original intelligible message or data that is input to the
algorithm
Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The key
is a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the speci c key being used at the
time. The exact substitutions and transformations performed by the algorithm
depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends
on the plaintext and the secret key. The ciphertext is an apparently random
stream of data and, as it stands, is unintelligible.
Decryption algorithm: This is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the secret key and produces the original
plaintext.

There are 2 requirements for secure use of any symmetric encryption:

1.Encrption algorithm must be strong .

At a minimum, we would like the algorithm to be such that an opponent who
knows the algorithm and has access to one or more ciphertexts would be
unable to decipher the ciphertext or gure out the key. This requirement is
usually stated in a stronger form: The opponent should be unable to decrypt
ciphertext or discover the key even if he or she is in possession of a number
of ciphertexts together with the plaintext that produced each ciphertext.

2.Sender and receiver must have obtained copies of the secret key in a
secure fashion and must keep the key secure. If someone can discover the
key and knows the algorithm, all communication using this key is readable.

In a typical symmetric encryption-decryption system/model

A source produces a message in plaintext, X = [X1, X2, c , XM].

fi
fi
fi
The M elements of X are letters in some nite alphabet.
For encryption, a key of the form K = [K1, K2, c , KJ] is generated.

If the key is generated at the message source, then it must also be provided
to the destination by means of some secure channel. Alternatively, a third
party could generate the key and securely deliver it to both source and
destination.

With the message X and the encryption key K as input, the encryption
algorithm forms the ciphertext Y = [Y1, Y2, c , YN].
We can write this as
Y = E(K, X).
This notation indicates that Y is produced by using encryption algorithm E as
a function of the plaintext X, with the speci c function determined by the value
of the key K.
The intended receiver, in possession of the key, is able to invert the
transformation:
X = D(K, Y)
Using the secret key and the encryption algorithm all encrypted data is
readable to the attacker , Therefore , the secret key must be kept and
transmitted to the recipient securely
fi
fi
7.2 Mono-alphabatic and polyalphabatic Substitution Techniques

A substitution technique is one in which the letters of plaintext are replaced by

other letters or by numbers or symbols.1 If the plaintext is viewed as a
sequence of bits, then substitution involves replacing plaintext bit patterns
with ciphertext bit patterns.

Monoalphabetic Substitution:
In a monoalphabetic substitution cipher, each letter in the plaintext is replaced
with a single, xed corresponding letter in the ciphertext. The substitution
remains constant throughout the entire message.

Polyalphabetic Substitution:
polyalphabetic substitution ciphers use multiple substitution alphabets to
encode the message. The choice of which alphabet to use for each letter is
typically determined by a key.

7.4 PlayFair cipher (Monoalphabetic Substitution Technique)

It is a good multiple letter encryption Technique , meaning each letter is

replaced by other one letter , if the same plain text letter repeats , it is
replaced by another different letter
Eg: dad …. Maybe encrypted as mvp …d repeats twice yet its replaced by
different letters each time

In the Playfair Encryption Technique , the plaintext is divided into digrams.

A diagram is a unit such that each unit contains 2 sequential letters in the
plaintext without repetition , if any letter repeats in the diagram a ller-x is
added between both , if a diagram has only one letter , the letter
alphabetically next to given letter is added

Eg: plaintext - attack

diagrams are- at ta ck
Eg: balloon
digram - ba ll oo n ….adding x between ll to get
ba lx lo on
Eg:map diagram - ma pq

Once diagrams are generated , they can be encrypted into cipher texts
The Playfair algorithm is based on the use of a 5 * 5 matrix of letters
constructed using a keyword (any word acting as a key here , based on which
the 5 * 5 matrix will be constructed)
fi
fi
Rules of Constructing a 5 * 5 matrix
Eg: If keyword(key) is MONARCHY

1.Initial rows from left to right are lled using the keyword
If any letter repeats in the keyword , it is lled only once

2.Once keyword is lled , ll remaining letters alphabetically(letters already in

the keyword are ignored) , I/J are always lled together.

Rules for Encrypting plaintext into cipher text

Once diagrams and matrix is made , encryption can start , using following
rules
For each letter in each diagram
1.if both belong to same row in matrix
Each letter is replaced by the letter next to it (in its right direction) or wrap
around

2.1.if both belong to same column in matrix

Each letter is replaced by the letter just below it (in downward direction) or
wrap around

3.if both are in different rows and columns , select that rectangle
Replace that letter by the letter at the end of the row in that rectangle
Eg: diagrams sz and tu will be replaced by tx and lz

7.3 Vigenere Cipher (polyalphabetic cipher)

The Vigenere cipher is a method of encrypting alphabetic text where each

letter of the plaintext is encoded with a different Caesar cipher, whose
increment (shift) is determined by the corresponding letter of another text, the
key.
fi
fi
fi
fi
fi
In a Caesar cipher, each letter of the alphabet is shifted along some number
of places. For example, in a Caesar cipher of shift 3, a would become D, b
would become E, y would become B and so on. The Vigenère cipher has
several Caesar ciphers in sequence with different shift values.

In the Vigenère cipher, the key is a keyword or phrase, and each letter of the
key corresponds to a shift value. The shifts are applied to the plaintext letters,
creating a series of Caesar ciphers.

Mathematically , a keyword is chosen to encrypt the plaintext into ciphertext ,

The key is repeated to match the length of the plaintext. Now in a table , the
letters of both keyword and plaintext are replaced by their respective Caesar
values , each ith letter/value in both keyword and plaintext are added and
mod 26 of the sum is taken , since mod 26 is taken it will always yield a value
between 0-25 i.e between A-Z and thus each time any letter in the plaintext is
replaced by a different letter in the cipher text due to different key letter

Eg: d has caesar value 3 because starting from a(0) , b(1) , c(2) , d is at the
3rd index , 3+22 = 25 , 25mod26 = 25 = Z
We can express the Vigenère cipher in the following manner. Assume a
sequence of plaintext letters P = p0, p1, p2, c , pn - 1 and a key consisting of
the sequence of letters K = k0, k1, k2, c , km - 1, where typically m 6 n. The
sequence of ciphertext letters C = C0, C1, C2, c , Cn - 1 is calculated as
follows:

C = C0,C1,C2, c,Cn-1 = E(K,P) = E[(k0,k1,k2, c,km-1),(p0,p1,p2, c,pn-1)] =

(p0 + k0)mod26,(p1 + k1)mod26, c,(pm-1 + km-1)mod26,

(pm + k0) mod 26, (pm + 1 + k1) mod 26, c , (p2m - 1 + km - 1) mod 26, c

Thus, the rst letter of the key is added to the rst letter of the plaintext, mod
26, the second letters are added, and so on through the rst m letters of the
plaintext. For the next m letters of the plaintext, the key letters are repeated.
This process continues until all of the plaintext sequence is encrypted. A
general equation of the

encryption process is

Ci = (pi + kimodm)mod26 (3.3)

Compare this with Equation (3.1) for the Caesar cipher. In essence, each
plain- text character is encrypted with a different Caesar cipher, depending on
the corresponding key character. Similarly, decryption is a generalization of
Equation (3.2):

pi = (Ci - kimodm)mod26 (3.4)

To encrypt a message, a key is needed that is as long as the message.

Usually, the key is a repeating keyword. For example, if the keyword is
deceptive, the mes- sage “we are discovered save yourself” is encrypted as

key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself

ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

7.5 Hill Cipher (Monoalphabetic)

fi
fi
fi
To recover the plaintext at the receiver’s end , K-1 must be calculated and sent
to the receiver as

Therefore , at the sender , for Encryption using Hill cipher , a square matrix
acting as key is taken , a nxn sq matrix can encrypt n plaintext letters , and

the C obtained is sent to the receiver

Now , to decrypt and obtain P at the receiver , K-1 is calculated as

Det K and Adj K is needed to calculate K-1 , once K-1 , is calculated the P is
obtained easily as

(Sum in NoteBk)

8. Transposition Ciphers
A very different kind of mapping is achiattackerd by performing some sort of
permutation on the plaintext letters. This technique is referred to as a
transposition cipher. Transposition ciphers are a type of cryptographic
algorithm that involves rearranging the positions of characters in the plaintext
without changing the actual characters themselves. Unlike substitution
ciphers, where each character is replaced by another, transposition ciphers
focus on the reordering or permutation of the characters.

8.1Keyed Transposition Ciphers

1.Rail Fence Technique : The plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.
Here the depth is the key .

2.Row column ciphering Transposition technique : Write the message in a

rectangle (no. of rows and columns is decided by sender-receiver), row by
row, and read the message off, column by column, but permute the order of
the columns. The order of the columns then becomes the key to the algorithm

8.2KeylessTransposition Ciphers
Chapter 3. Cryptographic Hash Functions

1.Cryptographic hash functions - A cryptographic hash function, denoted as

H, takes an input message M of variable length and produces a xed-size
hash value h = H(M).

The input message M can be of any length, from a few bits to several
gigabytes.
The hash value h is typically of xed length, such as 128 bits, 256 bits, or 512
bits, depending on the speci c hash function being used.It plays a crucial role
in ensuring data integrity, verifying data authenticity, and providing non-
repudiation.
Hash functions used for security applications are called cryptographic hash
functions.
These hash functions must satisfy additional security properties beyond those
of regular hash functions.

Hash Function Operation:

1.The input message is typically padded to a xed length, often an integer

multiple of a prede ned block size (e.g., 128 bits).
2.Padding includes the length of the original message in bits, which serves as
a security measure to prevent certain types of attacks.
3.The padding ensures that small changes in the input message result in
large changes in the hash value, thereby enhancing the security of the hash
function.

Security Applications

—> Cryptographic hash functions are widely used in various security

applications, including digital signatures, message authentication codes
(MACs), password hashing, and data integrity veri cation.

1.Message Authentication - When a hash function is used to provide

message authentication, the hash function value is often referred to as a
message digest. Message authentication assures that data received are
exactly as sent (i.e., there is no modi cation, insertion, deletion, or
replay) .message authentication is achieved using a message
authentication code (MAC),

2. Digital Signature -Another important application, which is similar to the

message authentication application, is the digital signature. The operation of
fi
fi
fi
fi
fi
fi
fi
 the digital signature is similar to that of the MAC. In the case of the digital
signature, the hash value of a message is encrypted with a user’s private key.
Anyone who knows the user’s public key can verify the integrity of the
message that is associated with the digital signature. In this case, an attacker
who wishes to alter the message would need to know the user’s private key

—> They are essential for ensuring the integrity and authenticity of digital
information in a wide range of scenarios, including communication protocols,
le systems, and databases.

2.Properties of secure hash function -

1.even Distribution: The hash values should be evenly distributed across the
output space.

2.Deterministic: For the same input message, the hash function should
always produce the same hash value.

3.Collision Resistance: It should be computationally infeasible to nd two

different input messages that produce the same hash value.

4.Pre-image Resistance: Given a hash value, it should be computationally

infeasible to nd the original input message that produced that hash value.

5.Second Pre-image Resistance: For any given input message M₁, it should
be computationally infeasible to nd another input message M₂ ≠ M₁ such that
H(M₁) = H(M₂). This property ensures that nding a different input message
with the same hash value as a given message is dif cult.

6.Fixed Output Size: A secure hash function generates hash values of a

xed size, regardless of the size of the input message.

7.Avalanche Effect: A small change in the input message should result in a

signi cant change in the hash value. This property ensures that even minor
alterations to the input message lead to completely different hash values

The primary security properties of cryptographic hash functions are:

1.One-Way Property: Given a hash value, it should be computationally

infeasible to determine the original input message.

2.Collision-Free Property: It should be computationally infeasible to nd two

distinct input messages that produce the same hash value.
fi
fi
fi
fi
fi
fi
fi
fi
fi
3.MD5 - The MD5 algorithm is a cryptographic hash function that takes an
arbitrary message of any length and produces a xed-size (128-bit) hash
value.
https://www.comparitech.com/blog/information-security/md5-algorithm-with-
examples/
1. Append Padding Bits (Optional):
MD5 operates on 512-bit message blocks.
If the original message length isn't a multiple of 512 bits, padding is added.
Padding involves:
Appending a single '1' bit.
Adding zeros to bring the message length to 64 bits less than a
multiple of 512.
Appending the original message length (in 64 bits) modulo 64.
Example:
Message length (m) = 1000 bits.
We need a multiple of 512 bits that can accommodate 1000 bits + 64 bits
(for message length).
512 x 2 (1024 bits) is not enough.
512 x 3 (1536 bits) satis es the requirement.
Padding:
First 1000 bits are the original message.
Last 64 bits: message length modulo 64 (1000 modulo 64) = 40
(represented in 64 bits).
Remaining 472 bits (1536 - 1000 - 64) are padding bits (1 followed by
zeros).
fi
fi
2. Append Length Bits:
The original message length is converted to 64 bits.
This 64-bit value is appended to the end of the padded message block.

3. Initialize MD Bu er:
After padding, the message is divided into 512-bit blocks.
MD5 uses four internal bu ers (A, B, C, D), each 32 bits (total 128 bits).
These bu ers are initialized with prede ned constant values.
ff
ff
ff
fi
 4. Process Each Block:
Each 512-bit block is further broken down into 16 sub-blocks of 32 bits each
(M[0] to M[15]).
There are four rounds of operations, each using all sub-blocks, the bu ers,
and constant values (T[1] to T[64]).
Within a Round:
Non-linear Functions: Each round uses a di erent non-linear function (F, G,
H, I) on a combination of the bu ers and a sub-block.
Intermediate Hash Updates: The result of the non-linear function is added
with the current value of a speci c bu er, another sub-block value, and a
constant value.
Left Shift: A left circular shift is applied to the resulting value.
Bu er Update: The nal value is added to another bu er, and the result is
stored in the original bu er (e ectively updating it).
Iteration:
These steps are repeated for all 16 sub-blocks within a round, updating each
of the four bu ers.
The four rounds are then applied sequentially to the same 512-bit block with
di erent non-linear functions.
Final Hash:
After processing all message blocks, the nal values of the four bu ers (A, B,
C, D) are combined to create the 128-bit MD5 hash digest.

While each sub-block participates in all four rounds, the speci c operations
change based on the round function.
The calculations within a round ensure that all sub-blocks contribute
indirectly to updates in all four bu ers, leading to a total of 64 operations (16
sub-blocks * 4 rounds).
ff
ff
ff
fi
ff
ff
ff
fi
ff
ff
fi
ff
ff
fi
ff
ff
MD5 is no longer considered cryptographically secure due to known
weaknesses. It should not be used for new security applications
 4.SHA-1
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that takes
an input message and produces a xed-size (160-bit) hash value, typically
represented as a 40-character hexadecimal number.

1. Append Padding Bits (Optional):

MD5 operates on 512-bit message blocks.
If the original message length isn't a multiple of 512 bits, padding is added.
Padding involves:
Appending a single '1' bit.
Adding zeros to bring the message length to 64 bits less than a
multiple of 512.
Appending the original message length (in 64 bits) modulo 2^64.
Example:
Message length (m) = 1000 bits.
We need a multiple of 512 bits that can accommodate 1000 bits + 64 bits
(for message length).
512 x 2 (1024 bits) is not enough.
512 x 3 (1536 bits) satis es the requirement.
Padding:
First 1000 bits are the original message.
Last 64 bits: message length modulo 2^64 (1000 modulo 2^64) = 40
(represented in 64 bits).
Remaining 472 bits (1536 - 1000 - 64) are padding bits (1 followed by
zeros).

2. Append Length Bits:

The original message length is converted to 64 bits.
This 64-bit value is appended to the end of the padded message block.

3. Message Digest Initialisation: SHA-1 uses ve 32-bit words (A, B, C, D,

E) as initial hash values. Initialisation values of these 5 32 bit words are pre-
de ned which get updated after the end every operation out of the 80
operations

4.Message Chunking: The padded message is divided into blocks of 512

bits (64 bytes), each called a message chunk.
Processing Each Chunk: For each message chunk:
Break the chunk into 16 words of 32 bits each.
Extend the 16 words into 80 words using a bitwise logical operation. This
means for 0 to 15th operation , W[0] to W[15] blocks are used then from
operation 16 to 79 New words are created using following formula
W[i] = (W[i-3] XOR W[i-8] XOR W[i-14] XOR W[i-16]) <<< 1
fi
fi
fi
fi
Initialize variables A, B, C, D, E with the hash values from the previous chunk.

Perform 80 operations , each round containing 20 operations, thus a total of 4

rounds and 80 operations:
Each operation consists of , following operations

Each operation operates on one W[I] that is chosen using above formula and
at the end go each operation values of the buffers get updated as shown
above , after every 20 operations values of the constant K used and the non-
linear process followed is changed

5.MAC - Message authentication code (MAC): It is A function of the

message and a secret key that produces a xed-length value that serves as
the authenticator. An alternative authentication technique involves the use of
a secret key to generate a small xed-size block of data, known as a
cryptographic checksum or MAC, that is appended to the message.

This technique assumes that two communicating parties, say A and B, share
a common secret key K. When A has a message to send to B, it calculates
the MAC as a function of the message and the key:
MAC = C(K, M)
where
M = input message
C = MAC function
fi
fi
K = shared secret key
MAC = message authentication code

The message plus MAC are transmitted to the intended recipient. The
recipient performs the same calculation on the received message, using the
same secret key, to generate a new MAC. The received MAC is compared to
the calculated MAC (Figure 12.4a). If we assume that only the receiver and
the sender know the identity of the secret key, and if the received MAC
matches the calculated MAC, then

1.The receiver is assured that the message has not been altered. If an
attacker alters the message but does not alter the MAC, then the receiver’s
calculation of the MAC will differ from the received MAC. Because the
attacker is assumed not to know the secret key, the attacker cannot alter the
MAC to correspond to the alterations in the message.

2.The receiver is assured that the message is from the alleged sender.
Because no one else knows the secret key, no one else could prepare a
message with a proper MAC.

3.If the message includes a sequence number (such as is used with HDLC,
X.25, and TCP), then the receiver can be assured of the proper sequence
because an attacker cannot successfully alter the sequence number.

A MAC function is similar to encryption. One difference is that the MAC

algorithm need not be reversible, as it must be for decryption. In general, the
MAC function is a many-to-one function. The domain of the function consists
of messages of some arbitrary length, whereas the range consists of all
possible MACs and all possible keys. If an n-bit MAC is used, then there are
2n possible MACs, whereas there are N possible messages with N W 2n.
Furthermore, with a k-bit key, there are 2k possible keys.
 For example, suppose that we are using 100-bit messages and a 10-bit MAC.
Then, there are a total of 2100 different messages but only 210 different MACs.
So, on average, each MAC value is generated by a total of 2100/210 = 290
different mes- sages. If a 5-bit key is used, then there are 25 = 32 different
mappings from the set of messages to the set of MAC values.
It turns out that, because of the mathematical properties of the authentication
function, it is less vulnerable to being broken than encryption.

The process depicted in Figure 12.4a provides authentication but not

con dentiality, because the message as a whole is transmitted in the clear.
Con dentiality can be provided by performing message encryption either after
(Figure 12.4b) or before (Figure 12.4c) the MAC algorithm. In both these
cases, two separate keys are needed, each of which is shared by the sender
and the receiver. In the rst case, the MAC is calculated with the message as
input and is then concatenated to the mes- sage. The entire block is then
encrypted. In the second case, the message is encrypted rst. Then the MAC
is calculated using the resulting ciphertext and is concatenated to the
ciphertext to form the transmitted block. Typically, it is preferable to tie the
authentication directly to the plaintext

MAC’s Crypanalysis : In the case of a MAC, the considerations are entirely

different. In general, the MAC function is a many-to-one function, due to the
many-to-one nature of the function. Using brute-force methods, how would an
opponent attempt to dis- cover a key? If con dentiality is not employed, the
opponent has access to plain- text messages and their associated MACs.
Suppose k 7 n; that is, suppose that the key size is greater than the MAC
size. Then, given a known M1 and T1, with T1 = MAC(K, M1), the cryptanalyst
can perform Ti = MAC(Ki, M1) for all possible key values ki. At least one key is
guaranteed to produce a match of Ti = T1. Note that a total of 2k tags will be
produced, but there are only 2n 6 2k different tag values. Thus, a number of
keys will produce the correct tag and the opponent has no way of knowing
which is the correct key. On average, a total of 2k/2n = 2(k - n) keys will
produce a match. Thus, the opponent must iterate the attack.

Requirements of MAC - in assessing the security of a MAC function, we

need to consider the types of attacks that may be mounted against it. With
that in mind, let us state the requirements for the function. Assume that an
opponent knows the MAC function but does not know K. Then the MAC
function should satisfy the following requirements.
fi
fi
fi
fi
fi
1.If an opponent observes M and MAC(K, M), it should be computationally
infeasible for the opponent to construct a message M′ such that
MAC(K, M′) = MAC(K, M)

2.MAC(K, M) should be uniformly distributed in the sense that for randomly

chosen messages, M and M′, the probability that MAC(K, M) = MAC(K, M′) is
2-n, where n is the number of bits in the tag.

3.Let M′ be equal to some known transformation on M. That is, M′ = f(M). For

example, f may involve inverting one or more speci c bits. In that case,
Pr [MAC(K, M) = MAC(K, M′)] = 2-n

5.1 HMAC - HMAC is the Keyed-Hash Message Authentication Code. It's a

type of cryptographic hash function that uses a secret key to authenticate the
message and ensure its integrity and authenticity.
The motivations for using Hash functions in MAC are

1. Cryptographic hash functions such as MD5 and SHA generally execute

faster in software than symmetric block ciphers such as DES.
2. Library code for cryptographic hash functions is widely available.

HMAC has been chosen as the mandatory-to-implement MAC for IP security,

and is used in other Internet protocols, such as SSL. HMAC has also been
issued as a NIST standard (FIPS 198).

HMAC Design Objectives

▪ To use, without modi cations, available hash functions. In particular, to
use hash functions that perform well in software and for which code is
freely and widely available.
▪ To allow for easy replaceability of the embedded hash function in case
faster or more secure hash functions are found or required.
▪ To preserve the original performance of the hash function without
incurring a signi cant degradation.
▪ To use and handle keys in a simple way.

HMAC Algorithm
H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)
IV = initial value input to hash function
M = message input to HMAC (including the padding speci ed in the
embedded hash function)
Yi = i th block of M, 0 ... i ... (L - 1)
fi
fi
fi
fi
 L = number of blocks in M
b = number of bits in a block (eg 512 in SHA-1 )
n = length of hash code produced by embedded hash function eg 160 bits in
SHA-1
K = secret key; recommended length is >= n; if key length is greater than b,
the key is input to the hash function to produce an n-bit key , if key length is
smaller than b use padding to form K+ of b bits
K+ = K padded with zeros on the left so that the result is b bits in length
ipad = 00110110 (36 in hexadecimal) repeated b/8 times
opad = 01011100 (5C in hexadecimal) repeated b/8 times

HMAC(K, M)
Then HMAC can be expressed as
HMAC(K, M) = H ( (K+ ⊕ opad) } H[(K+ ⊕ ipad) } M] )
We can describe the algorithm as follows.

1.Append zeros to the left end of K to create a b-bit string K+ (e.g., if K is of

length 160 bits and b = 512, then K will be appended with 352 0s to its left).

2.XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si.
3.Append M to Si.
4.Apply H to the stream generated in step 3. Here IV is the pre-de ned
initialisation value for Hash functions’s buffers (A,B,C,D,E) for SHA-1
5.XOR K+ with opad to produce the b-bit block So.
6.Append the hash result from step 4 to So.
7.Apply H to the stream generated in step 6 and output the result.

Note that the XOR with ipad results in ipping one-half of the bits of K.
Similarly, the XOR with opad results in ipping one-half of the bits of K, using
a different set of bits. In effect, by passing Si and So through the compression
function of the hash algorithm, we have pseudorandomly generated two keys
from K.

HMAC should execute in approximately the same time as the embedded

hash function for long messages. HMAC adds three executions of the hash
compression function (for Si, So, and the block produced from the inner hash).
fl
fl
fi
Role of IPAD and OPAD - Start with the original key.
• If the original key is shorter than the block size of the hash function, it's
padded with zeros on its left side.
• If the original key is longer than the block size, it's hashed rst and then
padded with zeros to match the block size.
• Once the key is appropriately sized, it's XORed (bitwise exclusive OR) with
the iPad and opad values.
fi
 • To perform XOR with OG Key the IPAD-OPAD are also brought to the block
size by repeatedly appending the same IPAD-OPAD value to the OG IPAD-
OPAD value b/8 times

5.2 СМАС - Cipher-based Message Authentication Code (CMAC) is cipher

blocks are used for generating the message authentication code used with
AES and triple DES.
Operation of CMAC when the message is an integer multiple n of the
cipher block length b
For AES, b = 128, and for triple DES, b = 64. The message is divided into n
blocks (M1, M2, c , Mn). The algorithm makes use of a k-bit encryption key K
and a b-bit constant, K1. For AES, the key size k is 128, 192, or 256 bits; for
triple DES, the key size is 112 or 168 bits. CMAC is calculated as

Where, T = message authentication code, also referred to as the tag

Tlen = bit length of T
MSBs(X) = the s leftmost bits of the bit string X

If the message is not an integer multiple of the cipher block length, then
the nal block is padded to the right (least signi cant bits) with a 1 and as
many 0s as necessary so that the nal block is also of length b. The CMAC
operation then proceeds as before, except that a different b-bit key K2 is used
instead of K1 , see 12.8 Fig
fi
fi
fi
 Derivation of L:
The rst step is to encrypt a block of all-zero bits (0b) using the encryption
key K. This produces a ciphertext L.
Derivation of K1 and K2:
K1 is derived by multiplying L by the rst-order polynomial x in the nite eld
GF(2^b).
K2 is derived by multiplying L by the second-order polynomial x^2 in the same
nite eld.
Block Cipher Application:
To generate K1 and K2, the block cipher (e.g., AES) is applied to a block
consisting entirely of zeros.
The resulting ciphertext is used to derive K1 and K2 as described above.
Subkey Generation:
The rst subkey is derived by performing a left shift of one bit on the resulting
ciphertext from the block cipher. Additionally, depending on the block size, a
constant is XORed to the left-shifted ciphertext.
The second subkey is derived in the same manner from the rst subkey.
fi
fi
fi
fi
fi
fi
fi
fi
Ch. 2 Symmetric and Asymmetric key Cryptography and Key
Management

1.Block cipher principles -

Block cipher Vs Stream cipher - https://www.geeksforgeeks.org/difference-
between-block-cipher-and-stream-cipher/

The cryptographic strength of a block cipher derives from three aspects of the
design: the number of rounds, the function F, and the key schedule algorithm.

1.Number of Rounds - The greater the number of rounds, the more dif cult it
is to perform crypt- analysis, even for a relatively weak F. In general, the
criterion should be that the number of rounds is chosen so that known
cryptanalytic efforts require greater effort than a simple brute-force key
search attack. If DES has 16 or more rounds, differential cryptanalysis would
require more effort than a brute-force key search.

2.Design of Function F - The heart of a block cipher is the function F, which

provides the element of confusion in a block cipher. Thus, it must be dif cult
to “unscramble” the substitution performed by F. One obvious criterion is that
F be nonlinear. The more nonlinear F, the more dif cult any type of
fi
fi
fi
 cryptanalysis will be. In rough terms, the more dif cult it is to approximate F
by a set of linear equations, the more nonlinear F is.

Several other criteria should be considered in designing F. We would like the

algorithm to have good avalanche properties. in general, this means that a
change in one bit of the input should produce a change in many bits of the
output.

Another criterion proposed in [WEBS86] is the bit independence criterion

(BIC), which states that output bits j and k should change independently
when any single input bit i is inverted for all i, j, and k. The SAC and BIC
criteria appear to strengthen the effectiveness of the confusion function.

3.Key Schedule Algorithm - With any block cipher, the main key is used to
generate one subkey for each round. In general, we would like to select
subkeys to maximize the dif culty of deducing individual subkeys and the
dif culty of working back to the main key.

2.block cipher modes of operation - https://www.geeksforgeeks.org/block-

cipher-modes-of-operation/
1.Electronic Code Book - The simplest mode is the electronic codebook
(ECB) mode, In ECB mode, the plaintext message is divided into blocks of
xed size, typically equal to the block size of the underlying cipher algorithm,
such as (b bits) 64 bits for Triple DES (3DES) or 128 bits for AES. Each block
is then encrypted independently.
The same encryption key is used to encrypt each block of plaintext. This
means that identical plaintext blocks will always produce identical ciphertext
blocks when encrypted with the same key.
For messages longer than one block, the procedure is simply to break the
message into blocks, padding the last block if necessary. Decryption is
performed one block at a time using the same key.

2.Cipher block chaining (CBC) mode

To overcome the security de ciencies of ECB, we would like a technique in
which the same plaintext block, if repeated, produces different ciphertext
blocks. A simple way to satisfy this requirement is the cipher block chaining
(CBC) mode .
In this scheme, the input to the encryption algorithm is the XOR of the current
plaintext block and the preceding ciphertext block; the same key is used for
each block. In effect, we have chained together the processing of the
sequence of plaintext blocks. The input to the encryption function for each
plaintext block bears no xed relationship to the plaintext block. Therefore,
fi
fi
fi
fi
fi
fi
repeating patterns of b bits are not exposed. As with the ECB mode, the CBC
mode requires that the last block be padded to a full b bits if it is a partial
block.

3. CIPHER FEEDBACK MODE

For AES, DES, or any block cipher, encryption is performed on a block of b
bits. In the case of DES,b = 64 and in the case of AES , b = 128.However, it is
possible to convert a block cipher into a stream cipher, using one of the three
modes to be discussed in this and the next two sections: cipher feedback
(CFB) mode, output feedback (OFB) mode, and counter (CTR) mode. A
stream cipher eliminates the need to pad a message to be an integral number
of blocks. It also can operate in real time. Thus, if a character stream is being
transmitted, each character can be encrypted and transmitted immediately
using a character-oriented stream cipher.
4. Output Feedback Block -
encryption output blocks, Oi, depends only on the key and the IV and does
not de- pend on the plaintext. Therefore, for a given key and IV, the stream of
output bits used to XOR with the stream of plaintext bits is xed. If two
different messages had an identical block of plaintext in the identical position,
then an attacker would be able to determine that portion of the Oi stream.

5.Counter Mode

fi
3.DES - Until the introduction of the Advanced Encryption Standard (AES) in
2001, the Data Encryption Standard (DES) was the most widely used
encryption scheme. The algorithm itself is referred to as the Data Encryption
Algorithm (DEA). For DEA, data are encrypted in 64-bit blocks using a 56-bit
key. The algorithm transforms 64-bit input in a series of steps into a 64-bit
output. The same steps, with the same key, are used to reverse the
encryption.

Data Encryption Algorithm -

In the DEA , Plaintext divided into blocks , each of 64 bits , are encrypted into
64 bit ciphertext by using a 64 bits (56 bits) key.
The Algorithm takes 2 main input blocks - the 64 bits plaintext block and 64
bits key.
The plaintext undergoes a series of permutations and transformations in the
following series of operations performed on it.

Step 1: Initial Permutation , it is the 1st transformation applied to the

plaintext. Here the bits of the plaintext are rearranged/permutated/transposed
using a pre-de ned pattern . IP - rearranges the bits of the input block
according to a prede ned table to form a permuted / rearranged 64 bit output.

After
the IP is completed , the 64 bits Plaintext is divided into 2 equal parts Left(L)
and Right Plaintext (R) , which is input given to the rounds
Step 2: 16 Rounds of Encryption , The 64 bit output from IP , is encrypted
with the 48 bit unique sub-key K1 generated by the Round Key Generator , to
output a 64 bit round-1 encrypted cipher text , this output from Round 1 is
given as input to round 2 (consisting of the same operations as performed in
round-1) and a new unique sub-key K2 , so on there are a total of 16 rounds ,
each round having output of preceding round , as the current input and a new
sub-key ,

Step 3: Swap - Once all rounds have been completed , the nal outputted L ,
R are swaped with each other and then passed on to FP step

Step 4: Final Permutation - This is the nal transformation applied to the 64

bit output generated after the 16 rounds ,
It is the inverse of the initial permutation, rearranging the bits of the 64-bit
ciphertext block to their original order.
The purpose of the nal permutation is to ensure that the ciphertext produced
by DES can be easily decrypted.
fi
fi
fi
fi
fi
The permutation table used for the nal permutation is the inverse of the table
used for the initial permutation.
The output of this step is the nal 64 bit ciphertext.

Round Key Generator - The input to the round key generator is a 64 bit key
K. This key is used to generate 16 unique 48 bits each sub-keys that are
used in the 16 rounds of encryption on plaintext.
This Key K 1st undergoes Key Permutation Choice-1 in which the K is
compressed from 64bits to 56 bits by discarding 8 bits , these 8 bits to be
discarded are prede ned.Generally every 8th indexed bit is discarded.
This 56 bit key thus generated which is K56 is then divided into 2 equal parts
C and D each of 28 bits , Each of C , D undergoes a Left circular Shift(LCS) ,
the number of bits by which left shift is to performed is pre-de ned for each
round . After the LCS , C,D are combined to form 56 bits , and to generate the
unique 48 bit sub-key , it again undergoes Key Permutation Choice-2 wherein
the 56 bit key is compressed to 48 bit key by discarding 8 bits , these 8 bits to
be discarded are prede ned.
Finally the 48 bit sub-key , unique for each round is used for encryption at
each Round.
The Values of C , D are then given as input to next round of sub-key
generation.
This also repeats 16 times to generate 16 Sub-keys.

One Round Of DES

fi
fi
fi
fi
fi
 Each round of DES , takes as input L , R (output of the previous rounds as
input for current round) each of 32 bits ,
In each round of DES , the R block plays a major role ,and undergoes
following series of Transformations/encryption process

1.Expansion Permutation
The 32 bits from R block ,1st undergo Expansion Permutation , in which the
32 bits of R are expanded to 48 bits so that I could be XORed with the 48 bit
sub-key K48

2.XOR of R48 and K48

After XORing R48 with K48 , the 48 bit output is passed to the S-Box
substitution

3.S-Box Substitution
This box compresses the 48 bits output to 32 bits ,

4.P-Box Permutation
Then it undergoes P-box Permutation which adds more confusion , as it re-
arranges the 32 bit output in a pre-de ned format.

5.XOR 32 bit permuted output with 32bit Left Plaintext block(L) , This
nally forms the encrypted output of a round ,
This is further passed as input to the next round as R

Expansion Permutation - The EP , converts the 32 bit R into 48 bits so that

it could be XORed with The sub-key. In EP the 32 bits are arranged into 8
rows and 4 columns as shown , the bits from row 2 to row 8 of 1st column
and bits at position [lastrow][lastcolumn] are placed to form a new last
column.
Similarly , the bits from row 2 to row 8 of last column and bit at position [0][0]
are placed to form a new 1st column.
In this way , the 32 bits are expanded to 48 bits an passed for XOR to be
performed

S-Box Substitution -
The S-Box substitution , takes as input the XORed 48 bits from the previous
step and converts it back to 32 bits. To do so , S-Box consists of 8 S-Boxes ,
each s-box can take 6 bits as input and outputs 4 bits each , so 8 S-boxes
take 6x8 = 48 bits as input and outputs 4x8 = 32 bits.
fi
fi
Inside Each S-box taking 6 bits as input , is a pre-de ned Table consisting of
4 rows and 16 columns , together forming 16x4 = 64 bits of values ,
fi
 The 6 bit value fed to each S-box , is used as an index into the Table to
determine which 4 bit value placed at each index in the table must be given
as output , as shown above , the 0th and 5th bit of the 6bits input is used to
determine the row numbers , and the 1st to 4th bits are used to determine the
column number , the value at the cell thus found is the 4 bit output

Straight P box Permutation - It takes the 32 bit output from the S-Box
substitution as input , It basically rearranges/reorders/jumbles the input 32 bit
data using a pre-de ned pattern which adds more confusion.

4.Double DES -https://www.geeksforgeeks.org/double-des-and-triple-des/

5.Triple DES - https://www.geeksforgeeks.org/double-des-and-triple-des/
https://www.linkedin.com/pulse/double-triple-des-deepika-gs-y8hoe/

6.Advanced Encryption Standard (AES) -

General Structure of AES - AES , encrypts a plaintext block of 128 bits by

using a 128 bits key into 128 bits ciphertext using a number of Transformation
functions. This block is depicted as a 4 * 4 square matrix of bytes.
Each cell in this block contains 1 byte i.e 8 bits together 8x16 = 128 bits.
4 bytes make one word.
The ordering of bytes within a matrix is by column. So, for example, the rst
four bytes (32 bits) of a 128-bit plaintext input to the encryption cipher occupy
the rst column of the in matrix, the second four bytes occupy the second
column, and so on.
This block is copied into the State array, which is modi ed at each stage of
encryption or decryption. After the nal stage, State is copied to an output
matrix .Similarly, the key is depicted as a square matrix of bytes.

The AES Encryption Process

Once the plaintext(PT) is stored in form of a 4x4 square matrix ,

Following transformations are performed ,
fi
fi
fi
fi
fi
1.Initial single transformation (AddRoundKey)Round-0 - 1st
Transformation performed ,here a simple bitwise XOR of the current PT block
with a portion of the expanded key is performed (4 words matrix of key).
The 128 bit key that is provided as input to AES is expanded into an array of
forty-four 32-bit words, w[i]. Four distinct words (128 bits) serve as a round
key for each round;

2.Round1-9 : The output from Round-0 is given to Round-1 , which is the 1st
round in the 9 Rounds that follow , In Each round of these 9 rounds following
operations are performed,
i.Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of
the block.
ii. ShiftRows: A simple permutation that performs left circular shift.
iii.MixColumns: A matrix multiplication that makes use of arithmetic over
GF(28) (Galois Field).
iv.AddRoundKey: A simple bitwise XOR of the current block with a portion of
the expanded key.

3.Round-10 : This round consists of only 3 transformations , SubBytes,

ShiftRows, and AddRoundKey and outputs the 4x4 encrypted matrix.

Key Expansion Schedule - The 128bit key is expanded into an array of key
schedule words . Each word is four bytes, and this key is expanded into 44
words ,
Unique 4 words (128 bits) , will be used for the encryption of PT in each
round , Together there are 10 rounds + one initial round = 11x4 words(128
bits) = 44 key words are used. The key expansion function generates 10+1
round keys, each of which is a distinct 4 * 4 matrix. Each round key serves as
one of the inputs to the AddRoundKey transformation in each round.
 Each w consists of 1 word (32 bits) , and 4 such words are used as a key

Substitute Bytes Transformation : SubBytes, is a simple table lookup. AES

de nes a 16 * 16 matrix of byte values, called an S-box , that contains a
permutation of all possible 256 8-bit values. Each individual byte of State
(each cell of PT Matrix) is mapped into a new byte in the following way:
The leftmost 4 bits of the byte are used as a row value and the rightmost 4
bits are used as a column value. These row and column values serve as
indexes into the S-box to select a unique 8-bit output value. For example, the
hexadecimal value {95} references row 9, column 5 of the S-box, which
contains the value {2A}. Accordingly, the value {95} is mapped into the value
{2A}.
fi
 ShiftRows Transformation - In forward shift row transformation, called
ShiftRows, Left shift is performed row-wise ,the rst row of State is not altered
that is 0-byte circular left shift is performed . For the second row, a 1-byte
circular left shift is performed. For the third row, a 2-byte circular left shift is
performed. For the fourth row, a 3-byte circular left shift is performed. The
following is an example of ShiftRows.

MixColumns Transformation - In the MixColumns transformation of AES,

each column of the State matrix undergoes a speci c multiplication with a
xed matrix to create a new column. This process involves a nite eld
multiplication in the Galois Field (GF(2^8)).
The forward mix column transformation, called MixColumns, operates on
each column of the State(PT matrix) matrix individually. Each byte of a
column is mapped into a new value that is a function of all four bytes in that
column. The transformation can be de ned by the following matrix
multiplication on State
The MixColumns transformation on a single column of State
can be expressed as
fi
fi
fi
fi
fi
fi
AddRoundKey Transformation - In the forward add round key
transformation, called AddRoundKey, the 128 bits of State are bitwise XORed
with the 128 bits of the round key, the operation is viewed as a column-wise
operation between the 4 bytes (32bits or 4 cells of a column) of a State
column and one word (32bits) of the round key; it can also be viewed as a
byte-level operation. The following is an example of AddRoundKey:

7.Stream Ciphers: RC4 algorithm - RC4 (Rivest Cipher 4) , is a symmetric

stream cipher algorithm with byte-oriented operations designed by Ronald
Rivest .
The RC4 algorithm is used for Encryption and Decryption of plaintext byte by
byte. It consists of following process
Components of RC4

S-state array S[] - The S-box or S-state array, is an array of 256 bytes from 0
to 255 , storing random byte values ,with elements S[0],S[1], . . . ,S[255]
which are repeatedly permutated. At all times, S contains a permutation of all
8-bit numbers from byte 0 to 255.
For encryption and decryption, a byte k is generated from S by selecting one
of the 256 entries in a systematic fashion , which is then XORed with the
plaintext to generate the ciphertext . As each value of k is generated, the
entries in S are once again permuted.

Key K[] : It is a variable-length key .It can be from 1 to 256 bytes (8 to 2048
bits) and is used to initialize a 256-byte state vector S,
Temporary vector T[] - A temporary vector, T, is used for the initialisation of
S[] .If the length of the key K is 256 bytes, then K is copied to T. Otherwise,
for a key of length of ‘len’ bytes , where ‘len’ < 256 bytes , the rst len
elements of T are copied from K, and then K is repeated as many times as
necessary to ll out T.

Algorithm
1.Key Scheduling Algorithm - In KSA ,initial permutation is performed on
the S[] array . Before initialisation ,the entries of S are set equal to the values
from 0 to 255 in ascending order; that is, S[0] = 0, S[1] = 1, … , S[255] = 255.

Next we use T to produce the initial permutation of S. This involves starting

with S[0] and going through to S[255], and for each S[i], swapping S[i] with
another
byte in S

according to a scheme dictated by T[i]:

fi
fi
2.Pseudo-Random Generation Algorithm (PRGA)/Stream Generation :

Once the S vector is initialized, the input key is no longer used. Stream
generation involves cycling through all the elements of S[i], and for each S[i],
swapping S[i] with another byte in S according to a scheme dictated by the
current con guration of S. After S[255] is reached, the process continues,
starting over again at S[0]
fi
 3.Encryption : To encrypt, XOR the value k generated with the next byte of
plaintext. To decrypt, XOR the value k with the next byte of ciphertext.

8. Symmetric Key Distribution: Symmetric key distribution refers to the process of

securely sharing symmetric encryption keys between two or more parties so they
can communicate securely. In symmetric encryption, the same key is used for both
encryption and decryption. Therefore, ensuring that both parties possess the same
key is crucial for the system to work.

8.1 KDC - A KDC(Key Distribution Center) is a trusted third party that

facilitates the distribution of session-keys between communicating parties.
The KDC securely distributes keys to authorised parties upon request.
To communicate securely between parties , Each person/party establishes a
shared secret key with the KDC,
Following is the process of Secure Key distribution and data
transmission using KDC : If sender S wants to send con dential data to
receiver R ,
S needs to have a secret key with the KDC, which we refer to as KSender; R
needs to have a secret key with the KDC , KReceiver,
1.S sends a request to the KDC stating that she needs a session (temporary)
secret key between herself and R.

2.The KDC informs R about S's request.

3 If R agrees, a session key is created between the two.

Session Keys - A KDC creates a secret key for each registered member.
This secret key can be used only between the member and the KDC, not
between two members. If sender needs to communicate secretly with
receiver, she needs a secret key between herself and Receiver. A KDC can
create a session key between Sender and Receiver, using their keys with the
center. The keys of Sender and Receiver are used to authenticate Sender
and Receiver to the center and to each other before the session key is
established. After communication is terminated, the session key is no longer
useful.
A session symmetric key between two parties is used only once.

Process of Secret Key generation and Distribution in KDC -

.
fi
Sender - Sender , Receiver - receiver
The KDC , creates a session key Kab , between S and R as follows,
1.Sender sends a plaintext message to the KDC to obtain a symmetric
session key between Receiver and herself. The message contains her
registered identity (the word Sender in the gure) and the identity of Receiver
(the word Receiver in the gure). This message is not encrypted, it is public.
The KDC does not care.

2.The KDC receives the message and creates what is called a ticket. The
ticket is encrypted using Receiver's key (K). The ticket contains the identities
of Sender and Receiver and the session key (Kab). The ticket with a copy of
the session key is encrypted using S’s secret key and is sent to Sender.
Sender receives the message, decrypts it, and extracts the session key. She
cannot decrypt Receiver's ticket; the ticket is for Receiver, not for Sender.
Note that this message contains a double encryption; the ticket is encrypted,
and the entire message is also encrypted. In the second message, Sender is
actually authenticated to the KDC, because only Sender can open the whole
message using her secret key with KDC.

3.Sender sends the ticket to Receiver. Receiver opens the ticket and knows
that Sender needs to send messages to him using KaB as the session key.
Note that in this mes-sage, Receiver is authenticated to the KDC because
only Receiver can open the ticket.
Because Receiver is authenticated to the KDC, he is also authenticated to
fi
fi
Sender, who trusts the KDC. In the same way, Sender is also authenticated to
Receiver, because Receiver trusts the KDC and the KDC has sent Receiver
the ticket that includes the identity of Sender.

8.2 Needham-schroeder protocol pg 468 forouzan-

Needham-Schroeder Protocol
This protocol uses multiple challenge-response interactions between sender
and receiver to achieve a awless protocol. Needham and Schroeder uses
two nonces: Ra and Rb for challenge-response interactions. A nonce is a
random or pseudo-random number that is generated, typically for a single use
in a cryptographic communication.
Process of Key distribution and Data transmission in Needham-
Schroeder Protocol

1.Sender sends a message to the KDC that includes her nonce, Ra, her
identity, and Receiver's identity.
2. The KDC sends an encrypted message to Sender that includes Sender's
nonce, Receiver's identity, the session key, and an encrypted ticket for
Receiver. The whole message is encrypted with Sender's key.
3. Sender sends Receiver's ticket to him after it decrypts the message it
received from KDC.
4. Receiver sends his challenge to Sender (Rb), encrypted with the session
key.
5. Sender responds to Receiver's challenge. Note that the response carries
Rb - 1 instead of Rb. If Rb send by Sender matches the Rb with Receiver ,
then both parties have authenticated to be themselves and data transfer can
begin.

9.Kerberos : Kerberos is an authentication protocol, and at the same time a

KDC . Kerberos protocol provides authentication and authorised access to
resources stored on Servers , It is for data transfer between a single sender
and a server and not person-person communication.

Three servers are involved in the Kerberos protocol: an authentication server

(AS), a ticket-granting server (TGS), and a real (data) server that provides
services to others. In our examples and gures, receiver is the real server
and Sender is the user requesting service.

Kerberos Authentication protocol -

Servers Involved in Kerberos
fl
fi
1.Authentication Server (AS) - The authentication server (AS) is the KDC in
the Kerberos protocol. Each user registers with the AS and is granted a user
identity and a password. The AS has a database with these identities and the
corresponding passwords. The AS veri es the user, issues a session key to
be used between Sender and the TGS, and sends a ticket for the TGS.

2.Ticket-Granting Server (TGS) - The ticket-granting server (TGS) issues a

ticket for the real server (Receiver). It also provides the session key (KaB)
between Sender and Receiver. Kerberos has separated user veri cation from
the issuing of tickets. In this way, though sender veri es her ID just once with
the AS, she can contact the TGS multiple times to obtain tickets for different
real servers.
fi
fi
fi
 3.Real Server - The real server (Receiver) provides services for the user
(Sender). Kerberos is designed for a client-server architecture, such as FTP,
in which a user uses the client process to access the server process.
Kerberos is not used for person-to-person authentication.

Process / Operation

A client process (Sender) can access a process running on the real server
(Receiver) in six steps ,

1.Sender sends request to the AS in plain text using her registered identity.

2.The AS sends a message encrypted with key, Ka-as. Ka-as is not the
sender's password itself; rather, it is derived using an algorithm and the
sender's password during the authentication process with the Authentication
Server (AS).
The message contains two items: a session key, KA-TGS, that is used by
Sender to contact the TGS, and a ticket for the TGS that is encrypted with the
TGS symmetric key, Kas-tgs. Sender does not know Ka-as, but when the
message arrives, sender types her symmetric password. The password and
the appropriate algorithm together create Ka-as if the password is correct.
The password is then immediately removed from the memory; it is not sent to
the network and it does not stay in the terminal. It is used only for a moment
to create Ka-as. The process now uses Ka-as to decrypt the message sent.
Ka-tgs and the ticket are extracted.

3 Sender now sends three items to the TGS. The rst is the ticket received
from the AS. The second is the name of the real server (Receiver), the third is
a timestamp that is encrypted by Ka-tgs. The timestamp prevents a replay by
Attacker.

4 Now, the TGS sends two tickets, each containing the session key between
Sender and Receiver, Ka-b. The ticket for Sender is encrypted with Ka-tgs;
the ticket for Receiver is encrypted with Receiver's key, Ktgs-b. Note that
Attacker cannot extract Ka-b because Attacker does not know Ka-tgs or Ktgs-
b , She cannot replay step 3 because she cannot replace the timestamp with
a new one (she does not know Ka-tgs). even if she is very quick and sends
the step 3 message before the timestamp has expired, she still receives the
same two tickets that she cannot decipher.
https://www.linkedin.com/advice/0/how-do-you-secure-kerberos-tickets-from-
replay#:~:text=Kerberos%20prevents%20replay%20attacks%20using,a%20c
ertain%20margin%20of%20error.
.
.
fi
 5.Sender sends Receiver's ticket with the timestamp encrypted by Ka-b.
6 Receiver con rms the receipt by adding 1 to the timestamp. The message
is encrypted with Ka-B and sent to Sender.
.
fi
 10.Symmetric key agreement : Symmetric key agreement refers to the
process of two or more parties agreeing on a shared secret key over a public
channel securely. This shared key is then used for encrypting and decrypting
messages between the parties without the need of a KDC.
Sender and Receiver can create a session key between themselves without
using a KDC. This method of session-key creation is referred to as the
symmetric-key agreement and Dif e Hellman is a good method to do so.

Dif e Hellman -
Dif e-Hellman Key Agreement
In the Dif e-Hellman protocol two parties create a symmetric session key
without the need of a KDC. Before establishing a symmetric key, the two
parties need to choose two numbers p and g. The rst number, p, is a large
prime number on the order of 300 decimal digits (1024 bits). The second
number, g, is a generator of order
p - 1 in the group <Zp*, X>. These two (group and generator) do not need to
be con dential. They can be sent through the Internet; they can be public.
The steps are as follows:
1.Sender chooses a large random number x such that 0 < x < p - 1 and
calculates
R1 = gx mod p.
2 Receiver chooses another large random number y such that 0 ≤ y < p - 1
and calculates
R2 = g^y mod p.
3.Sender sends R1, to Receiver. Note that Sender does not send the value of
x; she sends only R1.
4.Receiver sends R2, to Sender. Again, note that Receiver does not send the
value of y, he sends only R2.
5.Sender calculates K = (R2)^x mod p.
6.Receiver also calculates K = (R1)^y mod p.
.
fi
fi
fi
fi
fi
fi
 11.Public key Distribution : In asymmetric-key cryptography, people do not
need to know a symmetric shared key.
If Sender wants to send a message to Receiver, she only needs to know
Receiver's public key, which is open to the public and available to everyone. If
Receiver needs to send a message to Sender, he only needs to know
Sender's public key, which is also known to everyone. In public-key
cryptography, each person has two keys , a private key which is con dential
and limited to the person and a public key known to the public. Messages
send by sender to receiver are encrypted using the public key of the receiver
and decrypted by the receiver using her private key.
In public-key cryptography, everyone has access to everyones public key;
public keys are available to the public.

Digital Certi cate : A digital certi cate, also known as an SSL certi cate or
public key certi cate, is a digital document issued by a trusted third party,
known as a Certi cate Authority (CA), that veri es the identity of an entity,
such as a website, server, or individual. Digital certi cates play a crucial role
in ensuring the security and authenticity of online communication and
transactions .
One of the primary purposes of a digital certi cate is to provide the entity's
public key. This key is used for encrypting data that only the corresponding
private key can decrypt, enabling secure communication and data exchange.

11.1 X.509 - X.509 is a standard format for digital certi cates that addresses
the issue of varying certi cate formats introduced by different Certi cate
Authorities (CAs). It provides a structured way to describe certi cates,
ensuring uniformity and compatibility across different systems and
applications
A certi cate has the following elds:
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 1 Version number. This eld de nes the version of X.509 of the certi cate.
The version number started at 0; the current version (third version) is 2.

2.Serial number. This eld de nes a number assigned to each certi cate. The
value is unique for each certi cate issuer.

3.Signature algorithm ID. This eld identi es the algorithm used to sign the
certi cate. Any parameter that is needed for the signature is also de ned in
this eld.

4.Issuer name. This eld identi es the certi cation authority that issued the
certi cate. The name is normally a hierarchy of strings that de nes a country,
a state, organization, department, and so on.

5.Validity Period. This eld de nes the earliest time (not before and the latest
time (not after) the certi cate is valid.

6 Subject name. This eld de nes the entity to which the public key belongs.
It is also a hierarchy of strings. Part of the eld de nes what is called the
common name, which is the actual name of the beholder of the key.
" Subject public kev. This eld de nes the owner's public key, the heart of the
certi cate. The eld also de nes the corresponding public-key algorithm
(RSA, for example) and its parameters.

7.Issuer unique identi er. This optional eld allows two issuers to have the
same issuer eld value, if the issuer unique identi ers are different.

8.Subject unique identi er. This optional eld allows two different subjects to
have the same subject eld value, if the subject unique identi ers are
different.

9.Extensions. This optional eld allows issuers to add more private

information to the certi cate.

10.Signature. This eld is made of three sections. The rst section contains
all other elds in the certi cate. The second section contains the digest of the
rst section encrypted with the CA's public key. The third section contains the
algorithm identi er used to create the second section.
fi
.
.
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 Digitally signing a certi cate with a private key is basically encrypting the
certi cate data using a Hash function (like SHA-1) and private key which can
be accessed only if the key is known

11.2 PKI - https://www.geeksforgeeks.org/public-key-infrastructure/

Public-Key Infrastructures (PKI)
Public-Key Infrastructure (PKI) is a model for creating, distributing, and
revoking certi cates based on the X.509. The Internet Engineering Task
Force (see Appendix B) has created the Public-Key Infrastructure X.509
(PKIX). Public Key Infrastructure, is a comprehensive system of policies,
processes, technologies, and procedures used to manage digital certi cates
and public-private key pairs. It plays a crucial role in establishing secure and
trusted communication channels over unsecured networks like the internet

Duties
Several duties have been de ned for a PKI.
1 Certi cates issuing, renewal, and revocation. These are duties de ned in
the X.509. Because the PKIX is based on X.509, it needs to handle all duties
related to certi cates.

2 Keys storage and update. A PKI should be a storage place for private keys
of those members that need to hold their private keys somewhere safe. In
addition, a PKI is responsible for updating these keys on members' demands.
.
.
fi
fi
fi
fi
fi
fi
fi
fi
 3.Providing services to other protocols. As we see will in the next few
chapters, some Internet security protocols, such as IPSec and TLS, are
relying on the services by a PKI.

4 Providing access control. A PKI can provide different levels of access to the
information stored in its database. For example, an organisation PKI may
provide access to the whole database for the top management, but limited
access for employees.

12.Public key cryptography : Public key cryptography, also known as

asymmetric cryptography, is a cryptographic approach that uses a pair of
keys for secure communication and data exchange. Unlike symmetric
cryptography, where the same key is used for both encryption and decryption,
public key cryptography uses two distinct keys: a public key and a private key.

Public Key: This key is freely distributed and made available to anyone who
wants to communicate securely with the key owner. It is used for encryption
by anyone who wishes to send an encrypted message to the key owner.

Private Key: This key is kept secret and known only to the key owner. It is
used for decryption to unlock messages that have been encrypted using the
corresponding public key.

12.1 Principles of public key cryptosystems -

1.It is computationally easy for a party B to generate a key pair (public key
PUb, private key PRb).
2. It is computationally easy for a sender A, knowing the public key and the
message to be encrypted, M, to generate the corresponding
ciphertext: C = E(PUb, M)

3. It is computationally easy for the receiver B to decrypt the resulting

ciphertext using the private key to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]

4.It is computationally infeasible for an adversary, knowing the public key,

PUb, to determine the private key, PRb.

5. It is computationally infeasible for an adversary, knowing the public key,

PUb, and a ciphertext, C, to recover the original message, M.
We can add a sixth requirement that, although useful, is not necessary for all
public-key applications:
6. The two keys can be applied in either order:
.
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]

7.Use of One-Way Functions: Encryption: Public key cryptosystems use

one-way functions for encryption, meaning that it is computationally easy to
perform the encryption operation but computationally hard to reverse the
process without the private key.

A one-way function3 is one that maps a domain into a range such that every
function value has a unique inverse, with the condition that the calculation of
the function is easy, whereas the calculation of the inverse is infeasible:
Y = f(X) easy
X = f-1(Y) infeasible

12.2 The RSA Cryptosystem - RSA Crypto-system is a method used for

generation of asymmetric public-private keys used for secure encryption and
decryption of message , based on modular exponentiation and the dif culty of
factoring large composite numbers , which makes it infeasible for
eavesdroppers to break.

RSA uses two exponents, e and d, where e is public key and d is private key.
Suppose P is the plaintext and C is the ciphertext.
Sender uses C = P^e mod n
to create ciphertext C from plaintext P;
Receiver uses P = C^d mod n
to retrieve the plaintext sent by Sender.
n (called - modulus), is a very large number, is created during the key
generation process.

Security of RSA
Modular exponentiation is computationally feasible in polynomial time using
the fast exponentiation algorithm.
However, modular logarithm (inverse of modular exponentiation used for
decryption/ determination of - d) is as hard as factoring the modulus, for
which there is no polynomial algorithm yet. This means that Sender can
encrypt in polynomial time (e is public), Receiver also can decrypt in
polynomial time (because he knows d), but adversary cannot decrypt
because she would have to calculate the eth root of C using modular
arithmetic , which is computationally infeasible .

In other words, Sender uses a one-way function (modular exponentiation)

with a trapdoor known only to receiver . Adversary , who does not know the
trapdoor, cannot decrypt the message.
fi
Key Generation process in
RSA -

Receiver (key-pair owner) uses

the steps shown in following
Algorithm to create his public
and private key. After key
generation, Receiver (key-pair
owner) announces the tuple (e,
n) as his public key; and keeps the integer d as his private key. Receiver
(key-pair owner) can discard p, q, and (n); they will not be needed unless
Receiver (key-pair owner) needs to change his private key without changing
the modulus (which is not recommended).
To be secure, the recommended size for each prime, p or q, is 512 bits
(almost 154 decimal digits). This makes the size of n, the modulus, 1024 bits
(309 digits).
Encryption using Public key - Anyone can send a message to the key
owner using his public key. Encryption in RSA can be done using an
algorithm with polynomial time complexity.
The size of the plaintext must be less than n, which means that if the size of
the plaintext is larger than n, it should be divided into blocks.

Decryption using Private key - receiver can use following to decrypt the
ciphertext message he received. Decryption in RSA can be done using an
algorithm with polynomial time complexity. The size of the ciphertext is less
than n.

12.3 The knapsack cryptosystem -

Man-in-the-Middle Attack On Dif e Hellman -

A man-in-the-middle (MITM) attack on the Dif e-Hellman key exchange
protocol involves an attacker intercepting and potentially modifying the key
exchange process between two parties. The goal of the attacker is to
eavesdrop on the communication or attackern impersonate one of the parties
to gain unauthorized access to sensitive information. Here's a detailed
explanation of how a MITM attack can occur on Dif e-Hellman and how to
mitigate it:
fi
fi
fi
Man-in-the-Middle Attack on Dif e-Hellman:
Interception: The attacker intercepts the initial key exchange messages
between Sender and Receiver. These messages include public values
exchanged by Sender and Receiver to compute a shared secret key.
Impersonation: The attacker may choose to impersonate either Sender
or Receiver to the other party. For example, the attacker could intercept
Sender's public value, send their own public value to Receiver, and vice
versa, making Sender and Receiver beliattacker they are communicating
directly with each other.
Modi cation: In some cases, the attacker may modify the exchanged
values or messages to weaken the security of the shared secret key. For
instance, the attacker could replace Sender's public value with their own,
leading to the generation of a different shared key that the attacker knows.
Decrypt and Monitor: With successful interception and manipulation of
the key exchange, the attacker can decrypt and monitor the entire
communication between Sender and Receiver without their knowledge.
Overcoming MITM Attacks on Dif e-Hellman:
To mitigate man-in-the-middle attacks on Dif e-Hellman, sattackerral
countermeasures can be implemented:
Authentication: Incorporate authentication mechanisms into the key
exchange process to ensure that both parties can verify each other's
identities. This can be achiattackerd through digital signatures or certi cates
issued by trusted Certi cate Authorities (CAs).
Key Con rmation: After the key exchange, have both parties con rm
the received public keys or shared secret keys through an out-of-band
channel (e.g., verbally verifying a ngerprint or key checksum).
Key Continuity: Use key continuity checks to detect changes in keys
during communication. For example, periodically re-authenticate or recon rm
keys during long sessions or data transfers.
Perfect Forward Secrecy (PFS): Implement Perfect Forward Secrecy to
ensure that compromising a long-term secret (such as a private key) does not
compromise past or future session keys. This is achiattackerd by generating
temporary session keys for each communication session.
Secure Communication Channels: Use secure communication channels
such as TLS (Transport Layer Security) or VPNs (Virtual Private Networks) to
encrypt data in transit and protect against MITM attacks.
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 Ch. 4 Authentication Protocols & Digital Signature Schemes

1.User Authentication - User authentication is the basis for most types of

access control and for user accountability . User authentication is the process
of verifying an identity claimed by or for a system entity. This process consists
of two steps:
Identi cation Step: In this initial phase, the user presents an identi er to the
security system. The identi er could be a username, email address,
employee ID, or any unique label assigned to the user. It's crucial to assign
these identi ers thoughtfully, as they form the basis for various security
services, including access control.

Veri cation Step: Once the system receives the identi er, the next step
involves verifying the authenticity of the identity claimed. This veri cation can
be achieved through various means, such as passwords, biometric data (like
ngerprints or facial recognition), hardware tokens, or other authentication
factors. The user presents or generates this authentication information to
corroborate the binding between the entity and the identi er.

Means of Authentication - There are four general means of authenticating a

user’s identity, which can be used alone or in combination:

1.Something the individual knows: Examples include a password, a personal

identi cation number (PIN), or answers to a prearranged set of questions.

2.Something the individual possesses: Examples include cryptographic keys,

electronic keycards, smart cards, and physical keys. This type of
authenticator is referred to as a token.

3.Something the individual is (static biometrics): Examples include recognition

by ngerprint, retina, and face.

4.Something the individual does (dynamic biometrics): Examples include

recognition by voice pattern, handwriting characteristics, and typing rhythm.

(Refer previous Authentication Techniques and protocols from Ch.2)

fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 2. Entity Authentication - Entity authentication is a technique designed to let
one party prove the identity of another party. An entity can be a person, a
process, a client, or a server. The entity whose identity needs to be proved is
called the claimant; the party that tries to prove the identity of the claimant is
called the veri er. When A tries to prove the identity of B, B is the claimant,
and A is the veri er.
Message Authentication Vs Entity Authentication

Veri cation Categories - Veri cation categories in entity authentication refer

to the methods by which a claimant proves their identity to a veri er. There
are three main categories or types of witnesses used in entity authentication:

1.Something known. This is a secret known only by the claimant that can be
checked by the veri er. Examples are a password, a PIN, a secret key, and a
private key.

2.Something possessed. This is something that can prove the claimant's

identity.Examples are a passport, a driver's license, an identi cation card, a
credit card, and a smart card.

3.Something inherent. This is an inherent characteristic of the claimant

Examples are conventional signatures, ngerprints, voice, facial
characteristics, retinal pattern, and handwriting.
fi
fi
fi
fi
fi
fi
fi
fi
 2.1 Password Based - The simplest and oldest method of entity
authentication is the password-based authentication, where the password is
something that the claimant knows. A password is used when a user needs to
access a system to use the system's resources (login). Each user has a user
identi cation that is public, and a password that is private. We can divide
these authentication schemes into two groups: the xed password and the
one-time password.
Fixed Password based Authentication - A xed password is a password
that is used over and over again for every access.The same xed password
is used at all times for authentication , unless it is updated.
Various Methods used here are

1.First Approach - In the 1st approach, the system keeps a table (a le that
is sorted by user identi cation. To access the system resources, the user
sends her user identi cation and password, in plaintext, to the system. The
system uses the identi cation to nd the password in the table. If the
password sent by the user matches the password in the table, access is
granted; otherwise, it is denied.
Possible attacks

2. 2nd Approach - A more secure approach is to store the hash of the

password (instead of the plaintext password) in the password le. Any user
can read the contents of the le, but, because the hash function is a one-way
function, it is almost impossible to guess the value of the password.Here
When the password is created, the system hashes it and stores the hash in
the password le.
When the user sends the ID and the password, the system creates a hash of
the password and then compares the hash value with the one stored in the
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 le. If there is a match, the user is granted access; otherwise, access is
denied. In this case, the le does not need to be read protected.

3. Salting the Password - Third Approach

The third approach is called salting the password.
When the password string is created, a random string, called the salt, is
concatenated to the password.
The salted password is then hashed.
The ID, the salt, and the hash are then stored in the le.
Now, when a user asks for access, the system extracts the salt, concatenates
it with the received password, makes a hash out of the result, and compares
it with the hash stored in the le.
If there is a match, access is granted; otherwise, it is denied.

Salting makes the dictionary attack more dif cult. If the original password is 6
digits and the salt is 4 digits, then hashing is done over a 10-digit value. This
means that attacker now needs to make a list of 10 million items and create a
hash for each of them.
The list of hashes has 10 million entries, and the comparison takes much
longer. Salting is very effective if the salt is a very long random number. The
UNIX operating system uses a variation of this method.

4.Fourth Approach - In the fourth approach, two identi cation techniques are
combined. A good example of this type of authentication is the use of an ATM
card with a PIN (personal identi cation number). The card belongs to the
category "something possessed" and the PIN belongs to the category
"something known". The PIN is a password that enhances the security of the
card. If the card is stolen, it cannot be used unless the PIN is known. The PIN
number, however, is traditionally very short so it is easily remembered by the
owner. This makes it vulnerable to the guessing type of attack
One-time password - One-time passwords (OTPs) are temporary
passwords that are valid for a single login session or transaction, typically for
a short duration. OTPs are widely used to enhance security by adding an
extra layer of authentication beyond traditional passwords.

1.First Approach
In the rst approach, the user and the system agree upon a list of passwords.
Each password on the list can be used only once. There are some drawbacks
to this approach.
First, the system and the user must keep a long list of passwords. Second, if
the user does not use the passwords in sequence, the system needs to
perform a long search to nd the match. This scheme makes eavesdropping
fi
fi
fi
fi
fi
fi
fi
fi
fi
 and
reuse of the password useless.
The password is valid only once and cannot be used again.

2.Second Approach
In the second approach, the user and the system agree to sequentially
update the pass-word. The user and the system agree on an original
password, Pi, which is valid only for the rst access. During the rst access,
the user generates a new password, P2, and encrypts this password with P
as the key. P2, is the password for the second access.
During the second access, the user generates a new password, P3, and
encrypts it with P2; P3s is used for the third access. In other words, Pi; is
used to create Pi+1. Of course, if Attacker can guess the rst password (P),
she can nd all of the subsequent ones

3.The third approach to password management, as devised by Leslie

Lamport, involves the use of sequentially updated passwords created using a
hash function.
Initial Setup: The user and the system agree upon an original password,
denoted as Po, and a counter value, denoted as n.
fi
fi
fi
fi
The system calculates h^n(Po), where h^n represents applying a hash
function n times. In mathematical terms, h^n(x) = h(h^(n-1)(x)) = h(h(h...(x)))
for n times.
The system stores the identity of the user (e.g., Sender), the value of n, and
the value of h°(Po).

User Accesses System for the First Time:

When the user accesses the system for the rst time, they provide their
identity and receive the value of n.
The user calculates h^n(Po) and sends the result to the system.
Upon receiving the response from the user, the system applies the hash
function to the received value to check if it matches the stored value of
h^n(Po).
If there is a match, access is granted, and the system decrements the value
of n in the entry. The system also updates the stored password value to
h^(n-1)(Po).

Subsequent Accesses:
When the user tries to access the system again, they receive the updated
value of n (e.g., n - 1).
The user calculates h^(n-1)(Po) and sends the result to the system.
The system applies the hash function to the received value to get h^(n-2)(Po),
which is then compared with the updated entry.
This process continues with each access, decrementing the value of n and
updating the stored password value accordingly.

Limitations and Reset:

The value of n is decremented with each access, and when it reaches 0, the
user can no longer access the system using the current setup.
To reset the system, everything must be set up again, including choosing a
new original password Po and counter value n. Typically, n is chosen as a
large number (e.g., 1000) to allow for multiple accesses before resetting.

2.2 Challenge Response Based -

In password authentication, the claimant proves her identity by demonstrating
that she knows a secret, the password. However, because the claimant
reveals this secret, it is susceptible to interception by the adversary.

In challenge-response authentication, the claimant proves that she knows a

secret without sending it. In other words, the claimant does not send the
secret to the veri er; the veri er either has it or nds it.
fi
fi
fi
fi
 In challenge-response authentication, the claimant proves that she knows a
secret without sending it to the veri er (or sends it in an encrypted form).
The challenge is a time-varying value such as a random number or a
timestamp that is sent by the veri er. The claimant applies a function to the
challenge and sends the result, called a response, to the veri er. The
response shows that the claimant knows the secret.
The challenge is a time-varying value sent by the veri er; the response is the
result of a function applied on the challenge.

Using a Symmetric-Key Cipher -

Several approaches to challenge-response authentication use symmetric-key
encryption.
The secret here is the shared secret key, known by both the claimant and the
veri er. The function is the encrypting algorithm applied on the challenge.

First Approach
In the rst approach, the veri er sends a nonce, a random number used only
once, to challenge the claimant. A nonce must be time-varying; every time it is
created, it is different. The claimant responds to the challenge using the
secret key shared between the claimant and the veri er.
The rst message is not part of challenge-response, it only informs the veri er
that the claimant wants to be challenged. The second message is the
challenge. Rb is the nonce randomly chosen by the veri er (Receiver) to
challenge the claimant. The claimant encrypts the nonce using the shared
secret key known only to the claimant and the veri er and sends the result to
the veri er. The veri er decrypts the message. If the nonce obtained from
decryption is the same as the one sent by the veri er, Sender is granted
access.

Note that in this process, the claimant and the veri er need to keep the
symmetric key used in the process secret. The veri er must also keep the
value of the nonce for claimant identi cation until the response is returned.
The reader may have noticed that use of a nonce prevents a replay of the
third message by Attacker. Attacker cannot replay the third message and
pretend that it is a new request for authentication by claimant, because once
veri er receives the response, the value of Rb is not valid any more. The next
time a new value is used.
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
2nd

Approach
 Using an Asymmetric-Key Cipher
Instead of a symmetric-key cipher, we can use an asymmetric-key cipher for
entity authentication. Here the secret must be the private key of the claimant.
The claimant must show that she owns the private key related to the public
key that is available to everyone. This means that the veri er must encrypt
the challenge using the public key of the claimant; the claimant then decrypts
the message using her private key. The response to the challenge is the
decrypted challenge. Following are two approaches: one for unidirectional
authentication and one for bidirectional authentication.

First Approach
In the rst approach, veri er encrypts the challenge using Al's public key.
Claimant decrypts the message with her private key and sends the nonce to
veri er.
fi
fi
fi
fi
 Second Approach
In the second approach, two public keys are used, one in each direction.
Claimant sends her identity and nonce encrypted with veri er's public key.
veri er responds with his nonce
encrypted with Claimant's public key. Finally, Claimant, responds with
veri er's decrypted nonce.

3. Digital Signature - When a person digitally signs a document it shows that

it originated from that person or was approved by her. The signature is a
proof to the recipient that the document comes from the correct entity.
In other words, a signature on a document, when veri ed, is a sign of
authentication that the document is authentic.
When sender sends a message to receiver, receiver needs to check the
authenticity of the sender; he needs to be sure that the message comes from
sender and not attacker. receiver can ask sender to sign the message
electronically.
In other words, an electronic signature can prove the authenticity of sender as
the sender of the message. We refer to this type of signature as a digital
signature.

When we sign a document digitally, we send the signature as a separate

document. The sender sends two documents: the message and the
signature. The recipient receives both documents and veri es that the
fi
fi
fi
fi
fi
 signature belongs to the supposed sender. If this is proven, the message is
kept; otherwise, it is rejected.
Veri cation
The recipient receives the message and the signature.
A copy of the signature is not stored anywhere. The recipient needs to apply
a veri cation technique to the combination of the message and the signature
to verify the authenticity.

Digital signature process - The sender uses a signing algorithm to sign the
message.The message and the signature are sent to the receiver. The
receiver receives the message and the signature and applies the verifying
algorithm to the combination. If the result is true, the message is accepted;
otherwise, it is rejected.
A conventional signature is like a private "key" belonging to the signer of the
document. The signer uses it to sign documents; no one else has this
signature. The copy of the signature is on le like a public key; anyone can
use it to verify a document, to compare it to the original signature.
In a digital signature, the signer uses her private key, applied to a signing
algorithm, to sign the document. The veri er, on the other hand, uses the
public key of the signer, applied to the verifying algorithm, to verify the
document.
Note that when a document is signed, anyone, including receiver, can verify it
because everyone has access to sender's public key. Sender must not use
her public key to sign the document because then anyone could forge her
signature.

NOTE - A digital signature needs a public-key system.

The signer signs with her private key; the veri er veri es with the signer's
public key.
fi
fi
fi
fi
fi
fi
 Distinction between private and public keys as used in digital
signatures and public and private keys as used in a cryptosystem for
con dentiality.
In the latter, the private and public keys of the receiver are used in the
process. The sender uses the public key of the receiver to encrypt; the
receiver uses his own private key to decrypt. In a digital signature, opposite
happens , the private and public keys of the sender are used. The sender
uses her private key to encrypt the document; the receiver uses the sender's
public key to decrypt it.
A crypto-system uses the private and public keys of the receiver: a digital
signature uses the private and public keys of the sender.

Signing of the Message digest - The asymmetric-key cryptosystems are

very inef cient when dealing with long messages. In a digital signature
system, the messages are normally long, but we have to use asymmetric-key
schemes. The solution is to sign a digest of the message, which is much
shorter than the message. a carefully selected message digest has a one-to-
one relationship with the message. The sender can sign the message digest
and the receiver can verify the message digest. The effect is the same.

A digest is made out of the message at sender's site. The digest then goes
through the signing process using Sender's private key. Sender then sends
the message and the signature to Receiver.
At Receiver's site, using the same public hash function, a digest is rst
created out of the received message. Calculations are done on the signature
and the digest. The verifying process also applies criteria on the result of the
calculation to determine the authenticity of the signature. If authentic, the
message is accepted; otherwise, it is rejected.

4.Attacks on Digital Signature - There are mainly 3 types of possible attacks

on Digital Signatures
fi
fi
fi
1.Key-only Attack - In a key-only attack, the attacker has access only to the
public information (public key) released by the signer, such as Signer's
public key. Attacker does not have access to any signed messages or
signatures generated by Signer.
The goal of Attacker in a key-only attack is to forge (to create a replica or
imitation of) a valid signature on a message of her choosing, making it appear
as if Signer signed that message. This is accomplished without access to any
signed documents or knowledge of Signer's private key.
To execute a key-only attack, Attacker typically attempts to nd weaknesses
or vulnerabilities in the signature algorithm or implementation. This could
involve searching for patterns in public keys, exploiting weaknesses in key
generation, or attempting to reverse-engineer the signing process.

2. Known-Message Attack:
In a known-message attack, the attacker has access to one or more pairs of
known messages and their corresponding valid signatures.
These message-signature pairs are obtained from documents previously
signed by the signer.
Attacker's objective in a known-message attack is to create a new message
and forge/replicate a valid signature for that message, mimicking the
signature style of Signer. The goal is to make the forged signature appear
genuine to a veri er , even though Signer did not sign the new message.
To conduct a known-message attack, Attacker analyzes the known message-
signature pairs to identify patterns, relationships, or weaknesses that can be
exploited to generate a forged signature for a different message.

3.Chosen-Message Attack: (Signer signs attacker’s mesages)

In a chosen-message attack, the attacker has the ability to trick or persuade
the signer into signing speci c messages chosen by Attacker. As a result,
Attacker obtains pairs of chosen messages and their corresponding valid
signatures from Signer.
Attacker's goal in a chosen-message attack is to use the obtained chosen-
message-signature pairs to create a forged signature for a message that
Signer did not authorize or intend to sign. The forged signature should appear
legitimate to a veri er, leading them to believe that Signer signed the
unauthorized message.
To execute a chosen-message attack, Attacker manipulates Signer into
signing chosen messages, possibly through social engineering, deception, or
exploiting vulnerabilities in the signing process. Attacker then uses these
signatures to create a forged signature for a different message.
https://www.geeksforgeeks.org/types-of-digital-signature-attacks/
fi
fi
fi
fi
Forgery - If the above attacks are successful, the result is a forgery.
There are 2 Types of Forgeries

1.Existential Forgery occurs when an attacker successfully creates a

fraudulent signature without knowing the private key, such that the forgery is
valid under the veri cation process. However, in existential forgery, the
attacker cannot control the content or message being signed.

To achieve existential forgery, an attacker typically exploits weaknesses in the

digital signature scheme itself rather than attempting to break the underlying
cryptographic algorithms. If the digital signature scheme relies on a weak
hash function that has collisions (different inputs producing the same hash),
an attacker might nd two different messages with the same hash value and
create a valid signature for one message that also applies to the other due to
the collision , thus the message being generated here is unintelligible and this
type of attack is less harmful.

2.Selective Forgery - Selective forgery occurs when an attacker successfully

creates a fraudulent signature for a speci c message of their choice, giving
the attacker control over the content being signed. The forged signature must
also pass the veri cation process as authentic .If the attacker manages to
compromise the private key of the legitimate signer, they can directly
generate valid signatures for any message they want, enabling selective
forgery.

5. Digital Signature Scheme - These are the various methods using which
digital signatures are created.

5.1 RSA - RSA Digital Signature Scheme

The digital signature scheme changes the roles of the private and public
keys. First, the private and public keys of the sender, are used.
Second, the sender uses her own private key to sign the document;
the receiver uses the sender's public key to verify it.

The signing and verifying sites use the same function, but with different
parameters. The veri er compares the message and the output of the
function for congruence.
If the result is true, the message is accepted.

RSA Key Generation

Key generation in the RSA digital signature scheme is exactly the same as
key generation in the RSA crypto-system . Sender chooses two primes p and
fi
fi
fi
fi
fi
q and calculates n = p X q. Sender calculates totient(n) = (p - 1) (q - 1). She
then chooses e, the public exponent, and calculates d, the private exponent
such that eX d = 1 mod (tot(n)). sender keeps d; she publicly announces n
and e.
in the RSA digital signature scheme, d is private; e and n are public.
 Ch. 5 Network Security and Applications

1. Network security basics : https://www.geeksforgeeks.org/network-security/

Network Access Control (NAC) is important for securing networks by
managing and controlling access for devices and users.
Elements of a Network Access Control System are

1.Access Requestor (AR): This component represents any device seeking

access to the network. These devices can range from typical workstations
and servers to printers, IP-enabled cameras, and various other network-
connected devices.

2.Policy server: Based on the AR’s posture and an organisations’s pre-

de ned policy, the policy server determines what access should be granted.
The policy server often relies on backend systems, including antivirus, patch
management, or a user directory, to help determine the host’s condition.

3.Network access server (NAS): The NAS functions as an access control

point for users in remote locations connecting to an organisations’s internal
network. Also called a media gateway, a remote access server (RAS), or a
policy server, an NAS may include its own authentication services or rely on
a separate authentication service from the policy server.

1.1 TCP/IP vulnerabilities (Layer wise) - https://www.techtarget.com/

searchsecurity/answer/Security-risks-of-TCP-IP

1.TCP/IP prioritises ef cient data transfer. By default, it doesn't inherently

encrypt data within packets. This allows any device on the network to see the
content if they can access the data stream ,and makes it easy for attackers
to capture and read the data packets with tools like Wireshark and intercept
data packets if required
Traditional wired networks like Ethernet use a shared medium (cable) to
transmit data. All devices connected to the same cable can potentially see all
the traf c owing through it.
These weaknesses can lead to Packet Snif ng attacks

2.Weak Authentication: TCP/IP protocols like IP do not inherently include

strong mechanisms for authenticating the source of packets. This allows
fi
fi
fl
fi
fi
 attackers to forge or "spoof" the source IP address in packets without being
detected by the receiving system.
Absence of Packet Integrity Veri cation: TCP/IP does not provide built-in
mechanisms to verify the integrity of packets during transmission. As a result,
attackers can modify packet headers, including the source IP address,
without detection. This can lead to IP Spoo ng Attacks

3.Broadcast Nature of ARP: ARP messages are broadcasted to all devices

on the local network segment. This makes it easy for attackers to intercept
and modify ARP requests and responses, injecting their own falsi ed
information into the network.
ARP is a stateless protocol, meaning it doesn't maintain information about
past interactions. Each ARP request or reply is treated as a new event. This
makes it vulnerable because a malicious actor can send fake ARP replies
without being caught by previous requests.
Lack of Authentication: ARP doesn't have any built-in mechanism to verify
the authenticity of ARP replies. Any device on the network can respond to an
ARP request, even if it's not the legitimate owner of the IP address being
queried.tricking devices on the network into updating their ARP caches with
falsi ed information.
This leads to ARP Spoo ng attacks
—————————————————————————————————-
Physical Layer (Layer 1)
Weakness: Lack of physical security measures exposes network
infrastructure components to unauthorised access. Physical layer
vulnerabilities often revolve around the physical security of network
components such as cables, routers, switches, and servers. Without
adequate physical security measures like locked server rooms access control
systems, and tamper-evident seals, attackers can gain unauthorised physical
access. This can lead to various attacks such as cable tapping, device
tampering, or theft of network equipment

Data Link Layer (Layer 2)

Weakness: Lack of MAC address authentication or weak ltering on switches
enables ARP spoo ng attacks.The data link layer vulnerabilities center
around the Address Resolution Protocol (ARP) and Media Access Control
(MAC) addresses. When switches do not implement strong MAC address
authentication or fail to lter ARP traf c properly, attackers can execute ARP
spoo ng attacks . This can lead to various malicious activities such as
intercepting network traf c, performing man-in-the-middle attacks, or
launching denial-of-service attacks by ooding the network with bogus ARP
replies.
fi
fi
fi
fi
fi
fi
fi
fi
fl
fi
fi
fi
 Network Layer (Layer 3)
Weakness: Absence of IP address authentication mechanisms facilitates IP
spoo ng attacks.The network layer's weakness primarily involves the lack of
robust IP address authentication mechanisms. Without proper authentication
controls in place, attackers can easily spoof IP addresses . IP does not
provide built-in mechanisms to verify the integrity of packets during
transmission. As a result, attackers can modify packet headers, including the
source IP address, without detection. This can lead to IP Spoo ng Attacks

Transport Layer (Layer 4)

Weakness: Insuf cient transport layer encryption allows for packet snif ng
attacks.
Weaknesses at the transport layer often relate to inadequate encryption
protocols and implementations. When transport layer encryption is either
weak or absent, attackers can conduct packet snif ng attacks to eavesdrop
on network traf c and capture sensitive information.

Internet Layer (Layer 5)

Weakness: Lack of robust routing security and authentication can lead to IP
spoo ng attacks.The internet layer's weaknesses often revolve around
routing protocols and their security mechanisms. When routing protocols lack
robust authentication mechanisms or are improperly con gured, attackers
can manipulate routing information and conduct IP spoo ng attacks.

Session Layer (Layer 6)

Weakness: Limited session management security and vulnerabilities may
result in session hijacking.
Session layer weaknesses typically involve insuf cient session management
controls and vulnerabilities in session establishment, maintenance, and
termination processes. Attackers can exploit these weaknesses to hijack
sessions, impersonate users, gain unauthorised access to sensitive
resources, and perform unauthorised transactions.

Presentation Layer (Layer 7)

Weakness: Inadequate data encryption and integrity veri cation expose
protocols to packet snif ng.
Presentation layer weaknesses often stem from inadequate data encryption
and integrity veri cation mechanisms. When data is transmitted without
proper encryption or integrity checks, attackers can employ packet snif ng
techniques to intercept and manipulate network traf c. This can lead to
unauthorised access to sensitive information, modi cation of data payloads,
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
injection of malicious content, and exploitation of protocol vulnerabilities.
Robust encryption and integrity veri cation at the presentation layer are
essential for protecting data con dentiality, integrity, and authenticity
throughout its transmission across the network.

1.2 Network Attacks :

fi
fi
1.2.1 Packet Snif ng - https://www.geeksforgeeks.org/what-is-packet-snif ng/
Packet snif ng, also known as network snif ng or protocol analysis, is a
technique used to capture and analyse data packets as they traverse a
network.Packet snif ng is commonly used for network monitoring and
analysis. Attackers use packet sniffers to examine traf c patterns, detect
anomalies in the network packets , attackers use packet snif ng to intercept
and capture sensitive information such as usernames, passwords, credit card
numbers, and other con dential data transmitted over the network. This
information can be used for identity theft, nancial fraud, or gaining
unauthorised access to systems. Packet sniffers work by putting the network
interface card (NIC) into promiscuous mode , Once in promiscuous mode, the
packet sniffer captures data packets from the network. These packets contain
information such as source and destination IP addresses, MAC addresses,
port numbers, protocol types, and payload data. Using cryptanalysis ,
attackers can decode passwords , keys etc.

1.2.2 ARP spoo ng -

ARP spoo ng, also known as ARP poisoning or ARP cache poisoning, is a
type of attack that involves manipulating the Address Resolution Protocol
(ARP) to associate a different MAC address with an IP address on a local
area network (LAN). This attack can lead to various security threats, including
man-in-the-middle attacks, network disruption, and interception of sensitive
information. Here's a detailed explanation of ARP spoo ng:

1.Address Resolution Protocol (ARP):

• Purpose: ARP is a protocol used to map IP addresses to MAC
addresses on a network. When a device needs to communicate
with another device on the same subnet, it uses ARP to determine
the MAC address associated with the target IP address.
• ARP Request-Reply Process: When a device wants to send a
packet to a speci c IP address, it sends out an ARP request
broadcast to the entire network, asking, "Who has this IP
address? Please tell me your MAC address." The device with the
matching IP address responds with its MAC address, and the
requesting device updates its ARP cache with this information for
future communications.

2. ARP Spoo ng Attack:

• Objective: In an ARP spoo ng attack, the attacker aims to
deceive devices on the network by sending falsi ed ARP
messages. The goal is to associate the attacker's MAC address
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 with the IP address of another legitimate device, redirecting traf c
intended for that device to the attacker's machine.
• Execution: The attack typically involves the following steps:
• 1.ARP Poisoning: The attacker sends out ARP packets with
spoofed information, claiming to be the legitimate owner of a
particular IP address. For example, the attacker may send ARP
replies saying, "I am the router (default gateway) with IP address
X.X.X.X, and my MAC address is YYY.”

• 2. Updating ARP Caches: Devices on the network receive these

falsi ed ARP packets and update their ARP caches accordingly.
Now, when they need to communicate with the legitimate device
corresponding to the spoofed IP address, they send traf c to the
attacker's MAC address instead.
•
Man-in-the-Middle Attack in ARP Spoo ng:
• Objective: In a MitM attack using ARP spoo ng, the attacker positions
themselves between two communicating devices, intercepting and
possibly altering the traf c between them without their knowledge.
• Execution:
1. ARP Poisoning: The attacker begins by sending falsi ed ARP
packets to the target devices, claiming to be the legitimate owner
of a speci c IP address, such as the network gateway or another
host.
2. ARP Cache Update: When the target devices receive these
spoofed ARP packets, they update their ARP caches with the
attacker's MAC address associated with the spoofed IP address.
3. Traf c Diversion: With the ARP cache poisoned, the target
devices now send their traf c to the attacker's MAC address,
believing it to be the legitimate destination. This allows the
attacker to intercept, monitor, and manipulate the traf c as it
passes through.
4. Data Manipulation: In addition to intercepting traf c, the attacker
may modify the content of messages, inject malicious payloads,
or redirect users to fake websites to steal sensitive information
such as credentials or nancial data.
5. Session Hijacking: MitM attacks in ARP spoo ng can lead to
session hijacking, where the attacker takes control of an ongoing
session between two devices, allowing them to impersonate one
of the parties and perform unauthorized actions.
6. Denial of Service (DoS): In some cases, ARP spoo ng can lead
to network disruptions or denial of service conditions by
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 redirecting or dropping legitimate traf c, causing communication
failures between devices.

1.2.3 port scanning - https://www.fortinet.com/resources/cyberglossary/what-

is-port-
scan#:~:text=A%20port%20scan%20is%20a,being%20used%20by%20an%2
0organization.

1.2.4 IP spoo ng - https://www.techtarget.com/searchsecurity/de nition/IP-

spoo ng
IP spoo ng is a technique where an attacker modi es the source address in
an IP packet to make it appear as if it originates from a different source. This
can be done for various malicious purposes, such as bypassing security
measures, launching denial-of-service attacks, or impersonating legitimate
users. In the context of cryptography, IP spoo ng can impact the security of
communication protocols and cryptographic systems in several ways.

2. Denial of Service : Denial of Service (DoS) is a type of cyber attack aimed

at making a computer system or network resource unavailable to its intended
users by overwhelming it with a ood of illegitimate requests or traf c. The
goal of a DoS attack is to disrupt the normal functioning of a target system or
network, rendering it inaccessible or unusable for legitimate users.

The simplest DoS attack relies primarily on brute force, ooding the target
with an overwhelming ux of packets, oversaturating its connection bandwidth
or depleting the target's system resources. Bandwidth-saturating oods rely
on the attacker's ability to generate the overwhelming ux of packets. A
common way of achieving this today is via distributed denial-of-service,
employing a botnet.
fi
fi
fi
fl
fl
fi
fi
fi
fl
fl
fi
fl
fi
 Impact of DoS Attacks:
• Service Disruption: The primary impact of a DoS attack is the
disruption of services. Targeted systems may become slow,
unresponsive, or completely unavailable, causing inconvenience to
users and potential nancial losses for businesses.
• Loss of Revenue: For businesses that rely on online services, a
prolonged DoS attack can lead to loss of revenue due to downtime and
reduced customer engagement.
• Reputation Damage: Publicly visible DoS attacks can harm the
reputation of organizations, eroding trust among customers and
stakeholders.
• Data Loss: In some cases, DoS attacks may lead to data loss or
corruption if systems are overwhelmed and fail to handle requests
properly.

2.1 DOS attacks :

2.2 ICMP ood : ICMP Flood based DoS Attack https://www.cloud are.com/
en-gb/learning/ddos/ping-icmp- ood-ddos-attack/
The ICMP Flood attack takes place in the Network Layer.

2.3 SYN ood : https://www.cloud are.com/en-gb/learning/ddos/syn- ood-

ddos-attack/ (Transport Layer)

2.4 UDP ood : (Network Layer) https://www.cloud are.com/en-gb/learning/

ddos/udp- ood-ddos-attack/

2.5 Distributed Denial of Service : https://www.cloud are.com/en-gb/learning/

ddos/what-is-a-ddos-attack/

3. Internet Security Protocols :

2.1 PGP - https://www.javatpoint.com/computer-network-pgp

(See NoteBk)

2.2 SSL - https://www.cloud are.com/en-gb/learning/ssl/what-is-ssl/

https://www.geeksforgeeks.org/secure-socket-layer-ssl/

2.3 IPSEC - https://www.techtarget.com/searchsecurity/de nition/IPsec-

Internet-Protocol-Security
fl
fl
fl
fl
fi
fl
fl
fl
fl
fl
fi
fl
fl
https://aws.amazon.com/what-is/ipsec/
https://www.cloud are.com/en-gb/learning/network-layer/what-is-ipsec/
https://en.wikipedia.org/wiki/IPsec

4. Network security:

4.1 IDS -

4.2 Firewalls -
fl