UNIT - 1 - CNS

1. Explain all key objectives of cryptography.

Introduction to Cryptography

Cryptography is a technique used to secure information and communication by converting messages into a
coded format. This ensures that only authorized people can access and understand the information while
preventing unauthorized access.

The word "Cryptography" comes from:

• "Crypt" → Hidden
• "Graphy" → Writing

Cryptographic techniques rely on mathematical concepts and algorithms to transform data into an
unreadable form. These algorithms are used for:
Secure data storage and transmission

Digital signatures and authentication

Safe online transactions (e.g., credit/debit card payments)

• Confidentiality: Information can only be accessed by the person for whom it is intended and no other
person except him can access it.

• Integrity: Information cannot be modified in storage or transition between sender and intended receiver
without any addition to information being detected.

• Non-repudiation: The creator/sender of information cannot deny his intention to send information at a
later stage.

• Authentication: The identities of the sender and receiver are confirmed. As well destination/origin of the
information is confirmed.

• Interoperability: Cryptography allows for secure communication between different systems and platforms.

• Adaptability: Cryptography continuously evolves to stay ahead of security threats and technological
advancements.
 Key Features of Cryptography with Examples

Confidentiality

• Ensures that only the intended recipient can access the information.
• Example: When you send a message on WhatsApp, it is end-to-end encrypted, meaning only the sender
and receiver can read the message. Even WhatsApp itself cannot access it.

Integrity

• Ensures that the data is not altered during transmission or storage without detection.
• Example: When downloading software from a trusted website, a checksum (hash value) is provided. If the
downloaded file is altered, its hash value will not match, indicating tampering.

Non-repudiation

• Prevents the sender from denying that they sent the information.
• Example: In online banking, when a user makes a transaction, a digital signature is attached. This ensures
that the sender cannot deny authorizing the transaction later.

Authentication

• Confirms the identity of the sender, receiver, or data source.

• Example: When logging into an account, two-factor authentication (2FA), such as OTP verification, ensures
that the user is genuine.

Interoperability

• Allows secure communication between different systems and platforms.

• Example: Secure email communication between Gmail and Outlook is possible because both use TLS
encryption to maintain security.

Adaptability

• Continuously evolves to counter new security threats.

• Example: Traditional passwords are being replaced by biometric authentication (fingerprint, facial
recognition) to improve security as hackers develop new attack methods.
2. Draw and Explain OSI Architecture.

OSI Security Classification

OSI Security focuses on three main aspects:

1 Security Attacks (Threats to Networks)

Attacks that try to steal, modify, or disrupt data.

• Passive Attacks (Eavesdropping) – Spy on Data

o Eavesdropping: Attacker listens to private communication (e.g., Wi-Fi sniffing).
o Traffic Analysis: Monitors network traffic patterns to gain information.
• Active Attacks (Data Modification) – Tampering Data
o Masquerade: Attacker pretends to be someone else.
o Replay Attack: Attacker captures a message and sends it later.
o Message Modification: Changes the data being transmitted.
o Denial of Service (DoS): Overloads the system to make it unavailable.

2 Security Mechanisms (Protection Methods)

These are techniques used to prevent attacks.

Encipherment (Encryption): Converts data into a secure format (e.g., AES, RSA).

✍ Digital Signature: Ensures message authenticity and prevents tampering.

Traffic Padding: Adds extra data to hide actual messages.

🛣 Routing Control: Selects secure data routes to prevent attacks.

 3️ Security Services (How We Secure Data)

These services protect the organization’s information.

✔ Authentication: Confirms user identity (e.g., passwords, OTP).

✔ Access Control: Limits who can access certain data.

✔ Data Confidentiality: Prevents unauthorized access (e.g., encryption).

✔ Data Integrity: Ensures data is not changed during transmission.

✔ Non-Repudiation: Prevents denial of actions (e.g., digital receipts for transactions).

Benefits of OSI Security Architecture

✔ Provides Security → Protects networks from cyber threats.

✔ Follows International Standards → Ensures global security compliance.

✔ Interoperability → Makes different systems work together securely.

✔ Scalability → Can be easily upgraded with new technologies.

✔ Flexibility → Allows improvements at any layer without affecting others.

Conclusion:
OSI Security Architecture ensures safe communication over networks by preventing attacks, applying
security mechanisms, and using security services. It is widely adopted for building secure, reliable, and
scalable networks.

3. Differentiate symmetric and asymmetric encryption?

 Symmetric Key Encryption:

A type of encryption where the same key is used for both encryption and decryption. It is fast and efficient
but requires a secure way to share the key.

Asymmetric Key Encryption:

A type of encryption that uses two keys – a public key for encryption and a private key for decryption. It is
more secure but slower than symmetric encryption, as the private key remains confidential.

4. Define Active and Passive attacks with Example.

Active and Passive Attacks

1. Passive Attack:

• The attacker only monitors or intercepts data without altering it.

• Aim: To gather sensitive information without detection.
• Example:
o Eavesdropping: Intercepting unencrypted network traffic.
o Traffic Analysis: Observing communication patterns to infer information.

2. Active Attack:

• The attacker modifies, disrupts, or injects malicious data into a system.

• Aim: To alter or damage the system or data.
• Example:
o Man-in-the-Middle (MITM) Attack: Intercepting and altering communication between two parties.
o Denial of Service (DoS): Flooding a server with traffic to make it unavailable.

Passive attacks are harder to detect, while active attacks are more destructive but can often be identified.
5. Write a short note on Security Services.

Security Services

Security services are essential mechanisms that ensure the protection of data, communication, and systems
from unauthorized access, tampering, and attacks. These services help in maintaining the confidentiality,
integrity, and availability of information in a secure environment.

Key Security Services:

1. Confidentiality:
o Ensures that sensitive information is accessible only to authorized users and remains hidden from
unauthorized parties.
o Example: Encryption techniques like AES and RSA protect data from being read by unauthorized users.
2. Integrity:
o Guarantees that data remains unchanged during transmission or storage unless modified by authorized
users.
o Example: Hash functions like SHA-256 verify data integrity by generating unique hashes that change if the
data is altered.
3. Authentication:
o Confirms the identity of users, devices, or systems before allowing access.
o Example: Username-password authentication, biometric verification, and digital certificates (e.g., SSL/TLS
certificates for secure websites).
4. Non-Repudiation:
o Prevents an entity (user or system) from denying their actions or transactions after they have taken place.
o Example: Digital signatures ensure that the sender of a message cannot deny sending it.
5. Access Control:
o Restricts access to resources based on user roles and permissions.
o Example: Role-Based Access Control (RBAC) allows only authorized users to access specific files or systems.
6. Availability:
o Ensures that data, systems, and services are accessible to authorized users whenever needed, even during
attacks or failures.
o Example: Protection against Denial of Service (DoS) attacks ensures continuous system operation.

Importance of Security Services:

• Protects sensitive data from cyber threats.
• Maintains trust in online transactions and communications.
• Ensures compliance with security policies and regulations.
• Helps prevent financial loss due to cyberattacks

6. Explain Playfair cipher substitution technique in detail. Find out cipher text for the given key and
plaintext:
o Key: ENGINEERING
o Plaintext: COMPUTER SCIENCE AND ENGINEERING

Playfair Cipher – Step-by-Step

1. Create the Key Matrix (5×5 Grid)

• Choose a keyword (e.g., "SECRET").

• Remove duplicate letters and fill the grid with remaining alphabet letters (merge I & J).

2. Prepare the Plaintext

• Remove spaces, punctuation, and replace J with I.

• Break into letter pairs (insert X if needed for repeating letters or odd length).

3️. Encryption Rules

• Same Row → Replace each letter with the next right letter.
• Same Column → Replace each letter with the next below letter.
• Rectangle Rule → Swap letters in opposite corners.

4. Decryption Process

• Reverse the encryption steps (left for rows, up for columns).

7. Encrypt using HILL CIPHER the plaintext “ATTACK CHINAA” using the key GYDNSKURT.
8. Differentiate between Monoalphabetic and Polyalphabetic cipher.
9. Explain the Vigenère Cipher with an example.
10. Explain the Vernam Cipher with an example.

11. Explain Block cipher mode of operation.

Block Cipher Modes of Operation – Easy Explanation

Block cipher modes define how large amounts of data are securely encrypted using a block cipher. Since a
block cipher processes fixed-size blocks (e.g., 128 bits), these modes help handle larger data securely.

Types of Block Cipher Modes:

1. Electronic Code Book (ECB) – Simple but Insecure

• Each block is encrypted independently using the same key.

• Issue: Identical plaintext blocks produce identical ciphertext blocks, revealing patterns.
• Usage: Not recommended due to weak security.
Advantage: Fast and supports parallel encryption.

Disadvantage: Easily broken due to pattern leaks.

2. Cipher Block Chaining (CBC) – More Secure than ECB

• Each block is XORed with the previous ciphertext block before encryption.
• Uses an Initialization Vector (IV) for randomness.
• Usage: Secure file encryption, authentication.
Advantage: More secure than ECB, hides patterns.

Disadvantage: Encryption is not parallelizable.

3️. Cipher Feedback Mode (CFB) – Works Like a Stream Cipher

• Uses previous ciphertext as feedback for the next encryption.

• Uses an IV and can encrypt smaller data units (not just full blocks).
 • Usage: Streaming encryption, real-time applications.
Advantage: Can encrypt data of any size.

Disadvantage: Errors in transmission can propagate.

4. Output Feedback Mode (OFB) – Avoids Error Propagation

• Similar to CFB, but sends encrypted output as feedback instead of actual ciphertext.
• Prevents error propagation across blocks.
• Usage: Secure transmission over noisy channels.
Advantage: Bit errors don’t spread across blocks.

Disadvantage: If the same keystream is reused, security is compromised.

5. Counter Mode (CTR) – Best for Parallel Processing

• Uses a counter that increments for each block.

• Allows parallel encryption as blocks are processed independently.
• Usage: VPNs, SSL/TLS, cloud storage encryption.
Advantage: Very fast, supports parallel execution.

Disadvantage: If counters get out of sync, decryption fails.

Applications of Block Ciphers

Data Encryption – Protects sensitive data like passwords, credit card details.

File & Disk Encryption – Used in tools like BitLocker, TrueCrypt.

VPN Security – Encrypts data to prevent interception.

SSL/TLS Security – Secures web communication (e.g., HTTPS).

Digital Signatures – Ensures document authenticity and integrity.

Conclusion:

Each block cipher mode has different security properties. CTR and CBC are commonly used today, while
ECB is insecure and should be avoided.
12. Why is it important to study Feistel cipher?

Why is it Important to Study Feistel Cipher? (Easy Explanation)

The Feistel Cipher is a widely used symmetric key encryption technique that forms the basis for many
encryption algorithms like DES. Studying it is important for several reasons:

1. Understanding Symmetric Encryption

• Feistel Cipher is a core concept of symmetric key cryptography.

• Learning it helps understand how encryption protects sensitive data.

Example: Online banking transactions use symmetric encryption for security.

2. Security Analysis

• Helps analyze vulnerabilities in Feistel-based encryption algorithms.

• Assists in developing stronger encryption techniques.

Example: Cybersecurity experts study Feistel ciphers to detect weaknesses in old encryption methods.

3️. Real-World Applications

• Feistel Cipher is used in many encryption algorithms, such as DES.

• Understanding it helps in learning how modern encryption (like AES) evolved.
 Example: Secure file storage and data transmission use Feistel-based encryption.

4. Research & Innovation

• Studying Feistel Cipher helps in developing more secure encryption methods.

• New Feistel-based variants are still being researched today.

Example: Blowfish and Twofish are improved versions of Feistel-based encryption.

Key Factors Affecting Feistel Cipher Security

Factor Impact on Security

Block Size Larger blocks = More security

Number of Rounds More rounds = Harder to break

Round Function (f) Complex function = Stronger encryption

Subkey Generation Advanced algorithms = Harder for attackers to steal data

Conclusion

Studying Feistel Cipher is essential for understanding encryption, improving security, and developing
future cryptographic methods.

13. Explain a single round function in DES.

DES (Data Encryption Standard) – Overview

DES operates on a 64-bit block of plaintext. After an initial permutation, the block is divided into two
halves:

• Left Half (3️2 bits)

• Right Half (3️2 bits)
It undergoes 16 rounds of identical operations (Function f) where data is combined with the key. After the
sixteenth round, the halves are joined, and a final permutation (inverse of the initial permutation)
completes the encryption.

Single Round Function Operations

1. Key Transformation:
o A 48-bit subkey is derived using the PC-2 (Permuted Choice-2) table.
2. Expansion Permutation (E-Table):
o The 3️2-bit right half is expanded to 48 bits using a predefined E-table.
o Each 4-bit group is expanded to 6-bit groups.
3. S-Box Substitution:
o The 48-bit expanded data is divided into 8 groups of 6 bits.
o Each group is passed through an S-box (Substitution box) which reduces it to 4 bits.
o There are 8 different S-boxes, each with a unique lookup table.
4. P-Box Permutation:
o The 3️2-bit output from the S-boxes is rearranged using the P-box permutation table.
o This step ensures better diffusion by mixing the bits.
5. XOR and Swap:
o The P-box output is XORed with the left half of the plaintext.
o The left and right halves are swapped, completing the round.

Final Step:

After 16 rounds, the left and right halves are joined and a Final Permutation (IP⁻¹) is applied, producing the
64-bit ciphertext.
14. Explain Byte substitution and Shift row operation of AES in detail.

15. Elaborate AES encryption with neat sketches.

https://www.geeksforgeeks.org/advanced-encryption-standard-aes/
16. Explain the avalanche effect in DES and discuss the strength of DES in brief.

1. What is the Avalanche Effect?

The Avalanche Effect in cryptography means that a small change in the plaintext or key results in a
significant change in the ciphertext.

Avalanche Effect in DES

• DES (Data Encryption Standard) follows a Feistel structure with 16 rounds of encryption.
• A slight change in the input (even 1 bit) causes at least 50% of the output bits to flip, making it
highly unpredictable.

Example of Avalanche Effect in DES:

Input (Plaintext/Key) Output (Ciphertext)

"HELLO123" → Encrypted XKJZ78F3️

"HELLO124" → Encrypted (1-bit change) 9ABG56L2 (Completely different)

Why is it Important?

• Prevents attackers from guessing patterns in ciphertext.

• Ensures high security by making it difficult to reverse-engineer encryption.

2. Strength of DES

Advantages of DES:

1. Simple & Efficient – Easy to implement in hardware and software.

2. Strong Confusion & Diffusion – Uses S-boxes and permutations to mix data well.
3. Avalanche Effect – Small changes in input cause big changes in output.

Weaknesses of DES:

1. Short Key Length (56-bit) – Vulnerable to brute-force attacks today.

2. Easily Broken by Modern Computers – Attackers can break DES in a few hours using powerful
machines.
 3. Replaced by AES (Advanced Encryption Standard) – AES uses 128-bit, 192-bit, or 256-bit keys,
making it much more secure.

Conclusion

• Avalanche Effect makes DES strong against attacks.

• However, its 56-bit key is too short, so modern systems use AES instead of DES for better security.

17. Explain the function of S-BOX in DES and also explain the avalanche effect.

S-Box in DES & Avalanche Effect – Easy Explanation

1. What is S-Box in DES?

The S-Box (Substitution Box) is used in DES to make encryption more secure by changing some bits
unpredictably.

How S-Box Works?

1. The right half (3️2 bits) of the data is expanded to 48 bits.

2. It is XORed with a 48-bit subkey.
3. The 48-bit result is divided into 8 groups of 6 bits each.
4. Each 6-bit group is replaced with a 4-bit output using 8 different S-Boxes.
5. This reduces 48 bits back to 3️2 bits, adding confusion.

Why is S-Box Important?

It makes encryption stronger by making output unpredictable.

It helps prevent attackers from guessing patterns in the ciphertext.

2. What is the Avalanche Effect in DES?

The Avalanche Effect means that a small change in input (plaintext or key) causes a big change in the
output (ciphertext).

Example of Avalanche Effect:

 • Plaintext: "HELLO123️" → Ciphertext: "XKJZ78F3️"
• Plaintext: "HELLO124" (1-bit change) → Ciphertext: "9ABG56L2" (Completely different)

Why is Avalanche Effect Important?

Makes it impossible for hackers to predict changes in encryption.

Ensures high security by mixing bits thoroughly in 16 rounds of DES.

Conclusion

• S-Box helps confuse attackers by substituting bits unpredictably.

• Avalanche Effect ensures small changes lead to completely different outputs, making DES secure
against attacks.

18. What are the different Types of Attacks on Encrypted Messages?

Types of Attacks on Encrypted Messages

Depending on the cryptographic system and the attacker's available information, encryption attacks can be
classified into six main types:

1. Brute Force Attack

• The attacker tries all possible keys until the correct one is found.
• Effective Against: Weak encryption methods or short keys.
• Example: Guessing a 4-digit ATM PIN (0000-9999) by trying all combinations.
Defense: Use longer keys (e.g., 256-bit encryption in AES).

2. Ciphertext-Only Attack

• The attacker only has the encrypted message (ciphertext) but not the plaintext or key.
• Goal: Analyze the ciphertext to guess the plaintext or encryption key.
 • Example: Observing repeated ciphertext patterns in ECB mode encryption.
Defense: Use strong encryption with randomness (e.g., AES in CBC or GCM mode).

3️. Chosen Plaintext Attack (CPA)

• The attacker can choose plaintext and get its encrypted version (ciphertext).
• Goal: Use this knowledge to determine the encryption key.
• Example: Submitting known inputs to an encryption API and analyzing outputs.
Defense: Use randomized encryption schemes (e.g., AES-GCM with unique IVs).

4. Chosen Ciphertext Attack (CCA)

• The attacker can choose a ciphertext and get its decrypted plaintext.
• Goal: Use the decrypted output to deduce the encryption key.
• Example: An attacker modifying an encrypted bank transfer request and observing the response.
Defense: Use secure padding schemes (e.g., RSA-OAEP) to prevent decryption attacks.

5. Known Plaintext Attack (KPA)

• The attacker has access to both plaintext and ciphertext and tries to infer the key.
• Example: If "HELLO" encrypts to "XGJ9K", patterns can be analyzed to break the cipher.
Defense: Use strong encryption algorithms with randomization (e.g., AES with a unique IV).

6. Key and Algorithm Attack

• The attacker has access to both the encryption key and the algorithm.
• Goal: Use this information to decrypt messages or find vulnerabilities.
• Example: Using weak keys in outdated encryption (e.g., DES, MD5).
Defense: Use secure key management and modern encryption standards (AES, SHA-256).
 Conclusion

Encryption is critical for security, but attackers use various techniques to break it. Using strong encryption
methods, key management, and secure padding schemes can help defend against these attacks.

19. Write a short note on Blowfish with a diagram.

Blowfish Algorithm – Easy Explanation

Blowfish is a symmetric key encryption algorithm designed by Bruce Schneier in 1993️. It is fast, secure,
and flexible, making it widely used in applications like password storage, VPNs, and secure file transfers.

Features of Blowfish

✔ Block Size: 64-bit (Encrypts data in 64-bit chunks).

✔ Key Size: 32 to 448 bits (Flexible key length).

✔ Number of Rounds: 16 rounds of encryption.

✔ Structure: Feistel Cipher (Similar to DES).

✔ Security: Resistant to brute-force and cryptanalysis.

How Blowfish Works? (Step-by-Step)

1. Key Expansion:
o The key is used to generate 18 subkeys (P-array) and 4 S-boxes (Each with 256 entries).
2. Feistel Network (16 Rounds):
o The 64-bit plaintext is divided into two 3️2-bit halves (Left & Right).
o Each round applies substitution, permutation, and XOR operations.
o The right half is modified using a complex F-function.
o The halves are swapped after each round (except the last round).
3. Final XOR & Combination:
o After 16 rounds, the halves are XORed with P-Array keys and combined to form the
ciphertext.

Blowfish Encryption Diagram

Why is Blowfish Important?

Fast & Efficient – Works well in both hardware and software.

Highly Secure – Large key sizes make brute-force attacks difficult.

No Known Weaknesses – If the key is strong, it is very secure.

Free & Open-Source – Can be used without restrictions.

 Used in: VPNs, password hashing (bcrypt), secure file encryption, etc.

Conclusion

Blowfish is a fast and secure encryption algorithm that is widely used for protecting sensitive data. It is
flexible, efficient, and still relevant today despite newer algorithms like AES.

20. Specify the difference between diffusion and confusion.

21. Differentiate between a block cipher and a stream cipher.

22. Define meet-in-the-middle attack.

Meet-in-the-Middle Attack (MITM) – Simple Explanation

A Meet-in-the-Middle Attack (MITM) is a method used to break double encryption (e.g., Double DES)
faster than brute force. Instead of trying all key combinations, it splits the attack into two steps and finds a
match in the middle.

How It Works? (Simple Steps)

1. Encryption Process in Double DES:

o Step 1: Encrypt Plaintext (P) using Key 1 (K₁) → Produces Intermediate Cipher (I).
o Step 2: Encrypt Intermediate Cipher (I) using Key 2 (K₂) → Produces Final Ciphertext (C).

Formula:

C=E(K2,E(K1,P))

2. MITM Attack Steps:

o The attacker encrypts the plaintext with all possible K₁ values and stores results.
o The attacker decrypts the ciphertext with all possible K₂ values and checks for a match.
o When a match is found, the attacker gets both keys (K₁, K₂), breaking the encryption.

Example: Breaking Double DES

• Suppose P = "HELLO", and we encrypt it twice:

o E(K₁, "HELLO") → "XM29F"
o E(K₂, "XM29F") → "7Y6KP" (Ciphertext)
• Attacker’s Approach:
o Try all keys K₁ and store possible intermediate values (like "XM29F").
o Try all keys K₂ on the ciphertext "7Y6KP" and check if any match an intermediate value.
o When a match is found, the attacker learns both K₁ and K₂ and can decrypt future messages.

Why is MITM Faster?

 • Instead of trying all key pairs (K₁, K₂), it only needs to store intermediate values.
• This reduces the attack time from 2ⁿ⁺²ⁿ (brute force) to 2 × 2ⁿ operations, making encryption
weaker.

How to Defend Against MITM?

Use Triple DES (3️DES) instead of Double DES.

Use AES-256, which is resistant to MITM attacks.

Implement randomized keys to avoid predictable intermediate values.

Conclusion

MITM attacks make double encryption weak by finding a match in the middle. This is why Double DES is
insecure, and modern encryption methods like AES are preferred.

23. Explain the Transposition Technique.

Transposition Technique and Brute Force Attack – Explanation

A) Transposition Technique

• A Transposition Technique is an encryption method that rearranges (permutes) the positions of

characters in plaintext to form ciphertext, while keeping the original characters unchanged.
• It is often combined with Substitution Ciphers to enhance security.

Common Types of Transposition Ciphers:

1. Rail Fence Cipher – Writes text in a zigzag pattern and reads it row-wise.
 2. Columnar Transposition – Writes text in a table and reads it in a scrambled column order.

3. Route Cipher – Arranges text in a grid and reads it in a specific pattern (e.g., spirals).

Advantage: Makes frequency analysis harder.

Disadvantage: Still vulnerable to pattern recognition and brute-force attacks.

Brute Force Attack – Better Explanation

A Brute Force Attack, also called exhaustive search, is a method used by attackers to break encryption by
systematically trying every possible key or password until the correct one is found.

How Brute Force Works:

1. The attacker starts with commonly used passwords or short keys.

2. If unsuccessful, they try all possible combinations systematically.
3. Once the correct key is found, they decrypt the message or access the system

ii) Cryptography

Cryptography is the science of secure communication, ensuring that only the intended recipient can access
the message. It provides:

• Confidentiality – Keeps data secret.

• Integrity – Ensures data is not altered.
• Authentication – Verifies the sender’s identity.
 • Non-repudiation – Prevents denial of sending a message.

Types of Cryptography:

1. Symmetric Cryptography (Private Key Cryptography)

o Uses one key for both encryption and decryption.
o Example: AES, DES, Blowfish.
o Fast and efficient but requires secure key sharing.
2. Asymmetric Cryptography (Public Key Cryptography)
o Uses two keys:
▪ Public Key (used for encryption).
▪ Private Key (used for decryption).
o Example: RSA, ECC, Diffie-Hellman.
o More secure, no need to share private keys.

Conclusion

• Transposition techniques help shuffle characters to make plaintext unreadable.

• Brute force attacks try all possible keys to break encryption, so strong security measures are
needed.

24. Write a short note on Triple DES.

Triple DES (3️DES) – Easy Explanation

Triple DES (3️DES) is an improved version of the DES (Data Encryption Standard), designed to provide
stronger security. Since DES uses only a 56-bit key, it became vulnerable to brute-force attacks. 3️DES
enhances security by applying DES encryption three times in succession.

How Triple DES Works?

3DES encrypts data using three rounds of DES with either two or three keys:

1. Encrypt the plaintext using DES with Key 1 (K₁).

2. Decrypt the result using DES with Key 2 (K₂).
3. Encrypt again using DES with Key 3️ (K₃) (or K₁ if only two keys are used).

Formula:

Where:

• E = Encryption using DES

• D = Decryption using DES
• K₁, K₂, K₃ = Different keys

Key Variants of 3️DES

1. 3️-Key 3️DES: Uses three different keys (K₁, K₂, K₃) → 168-bit key (Most secure).
2. 2-Key 3️DES: Uses only two keys (K₁ = K₃, K₂ is different) → 112-bit key (Moderate security).

Advantages of Triple DES

 More Secure than DES – Extends key size from 56-bit (DES) to 112/168-bit.

Used in Financial Systems – Used in banking and payment card encryption.

Stronger against Brute Force Attacks – Harder to crack than single DES.

Disadvantages of Triple DES

Slow Performance – Encrypting three times makes it slower than AES.

Not Future-Proof – Considered outdated and replaced by AES (Advanced Encryption Standard).

Conclusion

Triple DES was a stronger alternative to DES, but due to its slow speed and increasing vulnerabilities, it is
now being replaced by AES for modern encryption needs.

4o

25. Discuss the following terms in brief:

• i) Brute force attack

• ii) Cryptography

i) Brute Force Attack

A Brute Force Attack is a trial-and-error method used by attackers to guess passwords or encryption keys.

How It Works?

• The attacker tries every possible combination until they find the correct one.
• If the password is short or simple, it can be cracked quickly.
• Longer and more complex passwords take much longer to break.

Example:
If a password is "123️4", the attacker will try:
"0000" → "0001" → "0002" → ... → "1234" (until they find a match).

How to Prevent Brute Force Attacks?

Use strong passwords (mix of letters, numbers, symbols).

Enable multi-factor authentication (MFA).

Limit login attempts and use CAPTCHA.

Use modern encryption with large key sizes (AES-256).

ii) Cryptography

Cryptography is the science of securing information so that only authorized people can access it.

Why is Cryptography Important?

• Keeps data private (Confidentiality).

• Ensures data is not altered (Integrity).
• Verifies sender identity (Authentication).
• Prevents denial of transactions (Non-repudiation).

Types of Cryptography:

1 Symmetric Cryptography (Private Key Cryptography)

• Uses one key for both encryption and decryption.

• Example: AES, DES.
• Fast but requires a secure way to share keys.

2 Asymmetric Cryptography (Public Key Cryptography)

• Uses two keys:

o Public Key (for encryption).
o Private Key (for decryption).
• Example: RSA, ECC.
• More secure, no need to share private keys.
Conclusion

• Brute force attacks try all possible passwords to break security, but strong passwords and
encryption help prevent them.
• Cryptography protects data by ensuring security, privacy, and authentication in digital
communication.
Here’s a quick and easy-to-revise summary of all the topics covered in Unit 1 - CNS (Cryptography and
Network Security). Each topic is explained in simple terms with examples for better understanding.

1. Key Objectives of Cryptography

Cryptography ensures secure communication by converting messages into a coded format. Its key
objectives are:

1. Confidentiality: Only authorized users can access the information.

o Example: WhatsApp’s end-to-end encryption.
2. Integrity: Data cannot be altered without detection.
o Example: Checksum verification for downloaded files.
3️. Non-repudiation: Sender cannot deny sending the message.
o Example: Digital signatures in online banking.
4. Authentication: Verifies the identity of users or systems.
o Example: Two-factor authentication (OTP).
5. Interoperability: Secure communication between different systems.
o Example: TLS encryption between Gmail and Outlook.
6. Adaptability: Evolves to counter new threats.
o Example: Biometric authentication replacing passwords.

2. OSI Security Architecture

The OSI model ensures secure communication over networks. It focuses on:

1. Security Attacks:
o Passive (eavesdropping, traffic analysis).
o Active (masquerade, replay, DoS).
2. Security Mechanisms:
o Encryption, digital signatures, traffic padding.
3️. Security Services:
o Authentication, access control, data confidentiality, integrity, non-repudiation.
3️. Symmetric vs Asymmetric Encryption

Symmetric Encryption Asymmetric Encryption

Uses one key for encryption and Uses a public key for encryption and a private key for
decryption. decryption.
Fast and efficient. Slower but more secure.
Example: AES, DES. Example: RSA, ECC.

4. Active and Passive Attacks

• Passive Attack: Attacker only monitors data (e.g., eavesdropping).

• Active Attack: Attacker modifies or disrupts data (e.g., DoS, MITM).

5. Security Services

Security services protect data and systems:

1. Confidentiality: Keeps data private (e.g., AES encryption).

2. Integrity: Ensures data is not altered (e.g., SHA-256 hashes).
3️. Authentication: Verifies identity (e.g., passwords, biometrics).
4. Non-repudiation: Prevents denial of actions (e.g., digital signatures).
5. Access Control: Restricts access based on roles (e.g., RBAC).

6. Playfair Cipher

• A substitution cipher that encrypts pairs of letters using a 5x5 key matrix.
• Example:
o Key: ENGINEERING
o Plaintext: COMPUTER SCIENCE AND ENGINEERING
o Ciphertext: Encrypted using Playfair rules.
7. Hill Cipher

• A polygraphic cipher that uses matrix multiplication for encryption.

• Example:
o Plaintext: ATTACK CHINAA
o Key: GYDNSKURT
o Ciphertext: Encrypted using Hill Cipher.

8. Monoalphabetic vs Polyalphabetic Cipher

Monoalphabetic Polyalphabetic
Uses one substitution alphabet. Uses multiple substitution alphabets.
Vulnerable to frequency analysis. More secure (e.g., Vigenère Cipher).

9. Vigenère Cipher

• A polyalphabetic cipher that uses a keyword for encryption.

• Example:
o Plaintext: HELLO
o Key: KEY
o Ciphertext: RIJVS.

10. Vernam Cipher

• A stream cipher that uses a one-time pad for encryption.

• Example:
o Plaintext: HELLO
o Key: RANDOM
o Ciphertext: Encrypted using XOR operation.
11. Block Cipher Modes

1. ECB: Encrypts each block independently (insecure).

2. CBC: XORs each block with the previous ciphertext (secure).
3️. CFB: Converts block cipher into a stream cipher.
4. OFB: Prevents error propagation.
5. CTR: Allows parallel encryption (fast and secure).

12. Feistel Cipher

• A symmetric structure used in DES.

• Splits data into two halves, processes one half, and swaps them.
• Example: DES uses 16 rounds of Feistel structure.

13️. Single Round Function in DES

1. Expand: 3️2-bit right half → 48 bits.

2. XOR: Expanded data ⊕ subkey.
3️. Substitute: 48 bits → 3️2 bits using S-boxes.
4. Permute: Rearrange bits using P-box.
5. XOR: Permuted data ⊕ left half.
6. Swap: Left and right halves for the next round.

14. AES (Advanced Encryption Standard)

• A block cipher with 128-bit blocks and 128/192/256-bit keys.

• Byte Substitution: Replaces bytes using S-boxes.
• Shift Rows: Shifts rows in the state matrix.
• Mix Columns: Mixes columns for diffusion.
• Add Round Key: XORs state with round key.
15. Avalanche Effect

• Small changes in plaintext or key cause significant changes in ciphertext.

• Example: Changing one bit in plaintext flips 50% of ciphertext bits.

16. S-Box in DES

• Substitutes 6 bits → 4 bits using lookup tables.

• Adds confusion to make encryption secure.

17. Types of Attacks on Encrypted Messages

1. Brute Force: Trying all possible keys.

2. Ciphertext-Only: Analyzing ciphertext without plaintext.
3️. Chosen Plaintext: Encrypting chosen plaintexts.
4. Chosen Ciphertext: Decrypting chosen ciphertexts.
5. Known Plaintext: Analyzing known plaintext-ciphertext pairs.
6. Meet-in-the-Middle: Breaking double encryption.

18. Blowfish

• A symmetric key encryption algorithm with 64-bit blocks and 448-bit keys.
• Uses 16 rounds of Feistel structure.
• Example: Used in VPNs and password hashing.

19. Diffusion vs Confusion

Diffusion Confusion
Spreads plaintext influence over ciphertext. Makes ciphertext-key relationship complex.
Example: AES MixColumns. Example: AES SubBytes.
20. Block Cipher vs Stream Cipher

Block Cipher Stream Cipher

Encrypts fixed-size blocks (e.g., 128 bits). Encrypts data bit-by-bit or byte-by-byte.
Example: AES, DES. Example: RC4, Vernam Cipher.

21. Meet-in-the-Middle Attack

• Breaks double encryption by finding a match in intermediate values.

• Example: Breaking Double DES.

22. Transposition Technique

• Rearranges plaintext characters to form ciphertext.

• Example: Rail Fence Cipher, Columnar Transposition.

23️. Triple DES (3️DES)

• Applies DES encryption three times for stronger security.

• Example: Used in banking systems.

24. Brute Force Attack

• Tries all possible keys or passwords to break encryption.

• Example: Guessing a 4-digit PIN.

25. Cryptography

• The science of securing information.

• Types:
 1. Symmetric: One key (e.g., AES).
2. Asymmetric: Two keys (e.g., RSA).

This quick revision guide covers all the topics in a concise and easy-to-understand format. Use it to revise
key concepts and examples efficiently!