UNIT 4 CYRPTOGRAPHY 9 Hrs.

Cryptology Terminology - Cipher methods – Cryptographic Algorithms – Cryptographic tools –Attacks

on cryptosystems - Physical Security.

Cryptology Terminology:- Cryptology is the science of securing communication

and data through the use of codes, ciphers, and other techniques. It encompasses both
cryptography and cryptanalysis. Here are some key terms in cryptology:

Cryptography

 Plaintext: The original, readable message or data that is to be encrypted.

 Ciphertext: The encrypted message or data, which is not readable without
decryption.
 Encryption: The process of converting plaintext into ciphertext using an algorithm
and a key.
 Decryption: The process of converting ciphertext back into plaintext using an
algorithm and a key.
 Algorithm: A set of mathematical rules or procedures used in encryption and
decryption.
 Key: A piece of information that determines the output of the cryptographic
algorithm. It can be symmetric (same key for encryption and decryption) or
asymmetric (different keys for encryption and decryption).
 Symmetric Key Cryptography: A type of cryptography where the same key is used
for both encryption and decryption. Also known as secret-key or private-key
cryptography.

 Asymmetric Key Cryptography: A type of cryptography that uses a pair of keys (a

public key and a private key). The public key encrypts data, and the private key
decrypts it. Also known as public-key cryptography.
  Public Key: The key in asymmetric cryptography that can be shared publicly. It is
used for encrypting messages or verifying digital signatures.

 Private Key: The key in asymmetric cryptography that is kept secret. It is used for
decrypting messages or creating digital signatures.
 Hash Function: A function that converts an input (or 'message') into a fixed-length
string of bytes. Hash functions are designed to be one-way functions, meaning it's
computationally infeasible to reverse the process.
 Digital Signature: A cryptographic value that is calculated from the data and a secret
key, used to verify the authenticity and integrity of a message, software, or digital
document.
 Certificate Authority (CA): An entity that issues digital certificates, which are used
to verify the ownership of public keys.
 Digital Certificate: An electronic document used to prove the ownership of a public
key. It includes information about the key, the owner's identity, and the digital
signature of an entity that has verified the certificate's contents (usually a CA).

Cryptanalysis
  Cryptanalysis: The study of analyzing information systems to understand the hidden
aspects of the systems. It is used to breach cryptographic security systems and gain
access to the contents of encrypted messages.

 Cipher: The algorithm used for performing encryption or decryption. Common

ciphers include AES, DES, and RSA.
 Block Cipher: A type of cipher that encrypts data in fixed-size blocks (e.g., AES).
 Stream Cipher: A type of cipher that encrypts data one bit or byte at a time.
 Brute Force Attack: A method of breaking a cipher by trying every possible key
until the correct one is found.
 Side-Channel Attack: An attack that gains information from the physical
implementation of a cryptosystem, rather than weaknesses in the algorithms
themselves. Examples include timing attacks and power analysis attacks.
 Man-in-the-Middle Attack: An attack where the attacker intercepts communication
between two parties without them knowing, potentially altering the communication.
 Replay Attack: An attack where a valid data transmission is maliciously or
fraudulently repeated or delayed.
 Cryptographic Protocol: A sequence of operations that ensure secure
communication between two or more parties. Examples include SSL/TLS and SSH.
 Initialization Vector (IV): A non-secret value used along with a secret key to
encrypt data. It ensures that identical plaintexts encrypt to different ciphertexts.

Cryptographic Standards

 AES (Advanced Encryption Standard): A symmetric encryption standard widely

used across the globe.
 DES (Data Encryption Standard): An older symmetric encryption standard, now
considered insecure due to its short key length.

 RSA: A widely used asymmetric encryption algorithm named after its inventors
Rivest, Shamir, and Adleman.
  Elliptic Curve Cryptography (ECC): An approach to public-key cryptography
based on the algebraic structure of elliptic curves over finite fields.

 SHA (Secure Hash Algorithm): A family of cryptographic hash functions designed

by the National Security Agency (NSA). SHA-256 and SHA-3 are common versions.

Applications

 VPN (Virtual Private Network): A secure network connection over the internet that
uses encryption to protect data.
 SSL/TLS (Secure Sockets Layer / Transport Layer Security): Protocols for
establishing encrypted links between web servers and browsers.
 PGP (Pretty Good Privacy): An encryption program that provides cryptographic
privacy and authentication for data communication.

Understanding these terms is fundamental to grasping the principles and practices of cryptology,
whether for securing data or analyzing cryptographic systems.

Cipher Methods
Ciphers are methods used to perform encryption and decryption. Here’s a breakdown of various
cipher methods:

Classical Ciphers
 1. Caesar Cipher
o Method: Each letter in the plaintext is shifted a certain number of places down or up
the alphabet.
o Example: With a shift of 3, 'A' becomes 'D', 'B' becomes 'E', etc.
2. Substitution Cipher
o Method: Each letter of the plaintext is replaced with another letter.
o Example: The plaintext "HELLO" could be encrypted as "XMBBQ" by substituting each
letter with another fixed letter.
3. Vigenère Cipher
o Method: Uses a keyword where each letter of the keyword is used to shift the
corresponding letter of the plaintext.
o Example: With the keyword "KEY", the plaintext "HELLO" would be encrypted by shifting
'H' by 'K', 'E' by 'E', etc.
4. Transposition Cipher
o Method: The positions of the characters in the plaintext are shifted according to a
regular system.
o Example: The plaintext "HELLO" could be written in a grid and read column by column
to get the ciphertext.

Modern Ciphers

Symmetric Key Ciphers

1. Block Ciphers
o AES (Advanced Encryption Standard):
 Method: Encrypts data in fixed-size blocks (128 bits) using keys of 128, 192, or
256 bits.
o DES (Data Encryption Standard):
 Method: Encrypts data in 64-bit blocks using a 56-bit key (now considered
insecure).
2. Stream Ciphers
o RC4:
 Method: Generates a pseudorandom stream of bits (keystream) that is XORed
with the plaintext bits.
o ChaCha20:
 Method: A modern stream cipher that is more secure and faster than RC4.

Asymmetric Key Ciphers

1. RSA (Rivest-Shamir-Adleman)
o Method: Uses two keys (public and private) based on the difficulty of factoring large
integers.
o Use: Commonly used for secure data transmission.
2. Elliptic Curve Cryptography (ECC)
o Method: Uses elliptic curves over finite fields for encryption, key exchange, and digital
signatures.
o Advantage: Offers the same security with smaller key sizes compared to RSA.
Advanced Techniques

1. Homomorphic Encryption
o Method: Allows computation on ciphertexts, generating an encrypted result that, when
decrypted, matches the result of operations performed on the plaintext.
o Use: Useful in scenarios where data privacy is crucial, such as cloud computing.
2. Quantum Cryptography
o Method: Uses principles of quantum mechanics to secure data.
o Example: Quantum Key Distribution (QKD) ensures secure communication by detecting
any eavesdropping.

Hash Functions

Though not strictly ciphers, hash functions are crucial in cryptography.

1. SHA (Secure Hash Algorithm)

o Variants: SHA-1, SHA-256, SHA-3.
o Use: Produces a fixed-size hash value from data, ensuring data integrity.
2. MD5 (Message Digest Algorithm 5)
o Method: Produces a 128-bit hash value.
o Note: Now considered insecure due to vulnerabilities to collision attacks.

Modes of Operation for Block Ciphers

1. ECB (Electronic Codebook)

o Method: Each block of plaintext is encrypted independently.
o Weakness: Identical plaintext blocks result in identical ciphertext blocks, revealing
patterns.
2. CBC (Cipher Block Chaining)
o Method: Each plaintext block is XORed with the previous ciphertext block before
encryption.
o Advantage: Patterns are concealed better than in ECB.
3. CFB (Cipher Feedback)
o Method: Converts a block cipher into a self-synchronizing stream cipher.
o Advantage: Can process smaller increments of plaintext.
4. OFB (Output Feedback)
o Method: Converts a block cipher into a synchronous stream cipher.
o Advantage: Errors in one ciphertext block do not propagate.
5. CTR (Counter)
o Method: Turns a block cipher into a stream cipher by encrypting successive values of a
counter.
o Advantage: Parallelizable and does not propagate errors.

Understanding different cipher methods is crucial for selecting the appropriate cryptographic
technique for securing information. Each method has its strengths and weaknesses, making it
suitable for different scenarios and security requirements.
Cryptographic Algorithms
This table provides an overview of the different types of cryptographic algorithms, their key sizes,
descriptions, and strengths.

Cryptographic tools are software or hardware solutions used to implement cryptographic

algorithms and manage cryptographic operations.

Here’s a table summarizing various cryptographic tools, including their types, functionalities, and
examples:
These cryptographic tools help implement and manage various cryptographic functions, including
encryption, decryption, hashing, key management, and digital signatures. They are essential for ensuring
data security, privacy, and integrity across different platforms and applications.

Attacks on Cryptosystems
Attacks on cryptosystems aim to undermine the security of cryptographic algorithms and protocols.

Brute Force Attack

A brute force attack involves trying all possible keys until the correct one is found. This method
is straightforward but can be time-consuming and computationally expensive, especially if the
key length is long. It is commonly used to crack passwords or encryption keys.

Dictionary Attack

In a dictionary attack, an attacker uses a precomputed list of possible passwords or keys, often
based on common words and phrases. This method is effective against weak passwords and hash
functions if the dictionary is comprehensive. It’s typically used to attack hashed passwords.

Rainbow Table Attack

A rainbow table attack involves using precomputed tables of hash values to reverse-engineer
passwords. By looking up hashes in these tables, attackers can find the original password more
quickly than computing hashes on the fly. This is effective against hashed password storage but
can be mitigated with salting.

Cryptanalysis

Cryptanalysis is a broad term for methods used to break cryptographic systems by exploiting
weaknesses in algorithms. Techniques such as differential and linear cryptanalysis are used to
analyze and potentially break block ciphers and other cryptographic methods.

Ciphertext-Only Attack

In a ciphertext-only attack, the attacker has access only to ciphertext and attempts to deduce the
plaintext or key. This type of attack is more challenging but can be effective against simpler or
poorly implemented encryption schemes, like classical ciphers.

Known-Plaintext Attack
Here, the attacker has access to both plaintext and its corresponding ciphertext. By analyzing
these pairs, they attempt to find the encryption key or algorithm. This type of attack can be
particularly effective against weak encryption schemes.

Chosen-Plaintext Attack

In a chosen-plaintext attack, the attacker can choose specific plaintexts and obtain their
corresponding ciphertexts. This allows the attacker to deduce information about the encryption
key or algorithm. It’s used against encryption schemes to uncover vulnerabilities.

Chosen-Ciphertext Attack

This attack allows the attacker to choose ciphertexts and obtain their corresponding plaintexts.
By analyzing these pairs, they can attempt to discover the decryption key or exploit weaknesses
in the decryption process.

Side-Channel Attack

Side-channel attacks exploit physical implementations of cryptographic algorithms to gather

information, such as timing information or power consumption. This type of attack targets
hardware implementations of cryptosystems, revealing secret keys or other sensitive data.

Man-in-the-Middle Attack

In a man-in-the-middle attack, the attacker intercepts and possibly alters communication between
two parties. This can occur in network communications or encrypted messages, potentially
allowing the attacker to eavesdrop or manipulate the data.

Replay Attack

A replay attack involves capturing and retransmitting valid data to deceive the recipient or
system. For example, an attacker might replay authentication tokens or transaction data to gain
unauthorized access or duplicate transactions.

Padding Oracle Attack

This attack exploits error messages from padding validation in encryption schemes. By analyzing
these error messages, attackers can decrypt data or infer information about the plaintext. This is
particularly relevant for block cipher modes of operation that use padding.

Birthday Attack

The birthday attack exploits the probability of two different inputs producing the same hash
value (collisions). This is used to find collisions in hash functions, such as MD5 or SHA-1, and
is based on the birthday paradox in probability theory.
Key Recovery Attack

A key recovery attack aims to determine the secret key used in encryption. By analyzing
ciphertexts or using various cryptographic techniques, attackers attempt to uncover the
encryption key and gain access to encrypted data.

Reverse Engineering

Reverse engineering involves analyzing software or hardware implementations to discover the

cryptographic key or algorithm. This can include decompiling software or examining hardware
to extract sensitive information.

Social Engineering Attack

Social engineering attacks manipulate individuals into divulging confidential information or

performing actions that compromise security. Techniques such as phishing are used to trick
people into revealing login credentials or other sensitive data.

These attacks highlight various ways cryptosystems can be compromised and underscore the
importance of implementing robust cryptographic measures and security practices.

Physical security refers to the measures and strategies implemented to protect physical
assets, including hardware, facilities, and personnel, from unauthorized access, damage, or theft.
It is a critical component of overall security strategies, ensuring that physical resources are
safeguarded against various threats. Here’s an overview of key aspects of physical security:

Key Aspects of Physical Security

1. Access Control
o Identification Systems: Utilize badges, biometric systems (fingerprints, retina
scans), and keycards to control and monitor access to facilities.
o Physical Barriers: Implement fences, gates, and security doors to restrict access
to secure areas.
o Security Guards: Employ personnel to monitor and control access at entry points
and perform routine checks.
2. Surveillance
o CCTV Cameras: Install cameras in and around facilities to monitor activities and
deter potential intruders.
o Monitoring Systems: Use centralized systems to manage video feeds and alert
security personnel to suspicious activities.
3. Environmental Controls
o Fire Protection: Install fire alarms, sprinklers, and fire extinguishers to prevent
and respond to fires.
 o Flood Protection: Implement measures such as flood barriers and drainage
systems to protect against water damage.
o Climate Control: Use air conditioning and humidity control systems to protect
sensitive equipment and data.
4. Secure Areas
o Server Rooms/Data Centers: Restrict access to critical infrastructure and ensure
that these areas are physically secure from unauthorized access.
o Storage Areas: Secure storage areas containing sensitive or valuable materials
with robust locks and access controls.
5. Incident Response
o Emergency Plans: Develop and maintain emergency response plans for various
scenarios, including fires, natural disasters, and security breaches.
o Drills and Training: Conduct regular drills and training sessions to ensure
personnel are prepared to respond to incidents effectively.
6. Asset Protection
o Tamper-Evident Seals: Use seals and locks that indicate if tampering has
occurred.
o Safes and Lockers: Store valuable items and sensitive information in secure safes
or lockers.
7. Facility Design
o Building Layout: Design facilities with security in mind, including strategic
placement of entry and exit points and secure areas.
o Lighting: Implement adequate lighting around buildings and access points to
deter unauthorized access and improve surveillance.
8. Security Policies and Procedures
o Access Control Policies: Define and enforce policies for granting and revoking
access to facilities and sensitive areas.
o Maintenance Procedures: Regularly maintain and inspect security systems and
physical barriers to ensure they are functioning correctly.

Examples of Physical Security Measures

 Card Access Systems: Systems like those used in corporate offices where employees use
ID cards to gain access to specific areas.
 Biometric Systems: Fingerprint scanners or retina scanners used for high-security areas.
 CCTV Surveillance: Cameras installed in various locations to monitor and record
activities.
 Fire Suppression Systems: Automated sprinklers and fire extinguishers in data centers
and server rooms.
 Physical Barriers: Secure fences, gates, and reinforced doors to prevent unauthorized
entry.

Physical security is essential for protecting facilities, equipment, and personnel from a variety of
threats. By implementing comprehensive measures such as access control, surveillance,
environmental controls, and secure facility design, organizations can effectively safeguard their
physical assets and ensure the integrity of their overall security posture.