The document discusses classical encryption techniques, including symmetric encryption which uses the same key for encryption and decryption. It describes ciphers like the Caesar cipher which substitutes letters by shifting the alphabet, the monoalphabetic cipher with one substitution table, and the polyalphabetic Vigenère cipher which uses multiple substitution alphabets. The document also covers the Playfair cipher which encrypts letters in pairs using a 5x5 keyword matrix, and discusses cryptanalysis techniques for breaking classical ciphers.
The document discusses the OSI security architecture and common network security threats and defenses. It begins with an introduction to the OSI security architecture proposed by ITU-T as a standard for defining and providing security across network layers. It then discusses (1) specific security mechanisms like encryption and digital signatures and pervasive mechanisms like security audits; (2) common passive and active security threats like eavesdropping and denial of service attacks; and (3) that passive attacks focus on prevention while active attacks require detection and recovery. It concludes with exercises asking about these topics.
RSA is an asymmetric cryptographic algorithm used for encrypting and decrypting messages. It uses a public key for encryption and a private key for decryption such that a message encrypted with the public key can only be decrypted with the corresponding private key. The RSA algorithm involves three steps: key generation, encryption, and decryption. It addresses issues of key distribution and digital signatures.
Symmetric Key Encryption Algorithms can be categorized as stream ciphers or block ciphers. Block ciphers like the Data Encryption Standard (DES) operate on fixed-length blocks of bits, while stream ciphers process messages bit-by-bit. DES is an example of a block cipher that encrypts 64-bit blocks using a 56-bit key. International Data Encryption Algorithm (IDEA) is another block cipher that uses a 128-bit key and 64-bit blocks, employing addition and multiplication instead of XOR like DES. IDEA consists of 8 encryption rounds followed by an output transformation to generate the ciphertext from the plaintext and key.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
- DES (Data Encryption Standard) is a symmetric block cipher algorithm that encrypts data in 64-bit blocks using a 56-bit key. It was the first encryption standard adopted by the U.S. government for protecting sensitive unclassified federal government information.
- DES works by performing 16 rounds of complex substitutions and permutations on each data block, encrypting it using the key. It has various modes of operation like ECB, CBC, CFB, OFB, and CTR that specify how it operates on data.
- In 1998, DES was broken using a brute force attack by the Electronic Frontier Foundation in just 3 days, showing the need for stronger algorithms like AES which replaced DES as the encryption standard
The document discusses the MD5 algorithm, which takes an input message of arbitrary length and produces a 128-bit fingerprint or message digest. It describes the technical process, including padding the message, appending the length, initializing buffers, processing the message in 16-word blocks using four auxiliary functions, and outputting the final message digest consisting of the values A, B, C, and D. The MD5 algorithm provides a secure way to compress a large file before encryption.
The document discusses the OSI security architecture and common network security threats and defenses. It begins with an introduction to the OSI security architecture proposed by ITU-T as a standard for defining and providing security across network layers. It then discusses (1) specific security mechanisms like encryption and digital signatures and pervasive mechanisms like security audits; (2) common passive and active security threats like eavesdropping and denial of service attacks; and (3) that passive attacks focus on prevention while active attacks require detection and recovery. It concludes with exercises asking about these topics.
RSA is an asymmetric cryptographic algorithm used for encrypting and decrypting messages. It uses a public key for encryption and a private key for decryption such that a message encrypted with the public key can only be decrypted with the corresponding private key. The RSA algorithm involves three steps: key generation, encryption, and decryption. It addresses issues of key distribution and digital signatures.
Symmetric Key Encryption Algorithms can be categorized as stream ciphers or block ciphers. Block ciphers like the Data Encryption Standard (DES) operate on fixed-length blocks of bits, while stream ciphers process messages bit-by-bit. DES is an example of a block cipher that encrypts 64-bit blocks using a 56-bit key. International Data Encryption Algorithm (IDEA) is another block cipher that uses a 128-bit key and 64-bit blocks, employing addition and multiplication instead of XOR like DES. IDEA consists of 8 encryption rounds followed by an output transformation to generate the ciphertext from the plaintext and key.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
- DES (Data Encryption Standard) is a symmetric block cipher algorithm that encrypts data in 64-bit blocks using a 56-bit key. It was the first encryption standard adopted by the U.S. government for protecting sensitive unclassified federal government information.
- DES works by performing 16 rounds of complex substitutions and permutations on each data block, encrypting it using the key. It has various modes of operation like ECB, CBC, CFB, OFB, and CTR that specify how it operates on data.
- In 1998, DES was broken using a brute force attack by the Electronic Frontier Foundation in just 3 days, showing the need for stronger algorithms like AES which replaced DES as the encryption standard
The document discusses the MD5 algorithm, which takes an input message of arbitrary length and produces a 128-bit fingerprint or message digest. It describes the technical process, including padding the message, appending the length, initializing buffers, processing the message in 16-word blocks using four auxiliary functions, and outputting the final message digest consisting of the values A, B, C, and D. The MD5 algorithm provides a secure way to compress a large file before encryption.
Cryptography is the practice and study of securing communication through techniques like encryption. It has evolved through manual, mechanical, and modern eras using computers. Cryptography aims to achieve goals like authentication, confidentiality, integrity, and non-repudiation. Common attacks include brute force, chosen plaintext, and differential power analysis. Symmetric cryptography uses a shared key while asymmetric uses public/private key pairs. Digital signatures and watermarks can authenticate documents. DRM and watermarks control digital content distribution.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
This document discusses message authentication codes (MACs). It explains that MACs use a shared symmetric key to authenticate messages, ensuring integrity and validating the sender. The document outlines the MAC generation and verification process, and notes that MACs provide authentication but not encryption. It then describes HMAC specifically, which applies a cryptographic hash function to the message and key to generate the MAC. The key steps of the HMAC process are detailed.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of encryption keys. While simple and fast, RC4 is no longer considered secure for many applications.
This document provides an overview of cryptography. It begins with basic definitions related to cryptography and a brief history of its use from ancient times to modern ciphers. It then describes different types of ciphers like stream ciphers, block ciphers, and public key cryptosystems. It also covers cryptography methods like symmetric and asymmetric algorithms. Common types of attacks on cryptosystems like brute force, chosen ciphertext, and frequency analysis are also discussed.
Block ciphers like DES encrypt data in blocks and are based on the Feistel cipher structure. DES encrypts 64-bit blocks using a 56-bit key and 16 rounds of encryption. Modern cryptanalysis techniques like differential and linear cryptanalysis use statistical analysis to reveal weaknesses in block ciphers, though DES remains relatively secure against these attacks. Careful design of block ciphers, including aspects like non-linear substitution boxes and complex key scheduling, aims to provide security against cryptanalysis.
This document discusses transposition ciphers, which is a method of encryption where the positions of plaintext units are shifted according to a regular system to produce the ciphertext. The order of units is changed by using a bijective function on the characters' positions to encrypt and an inverse function to decrypt. Some common transposition ciphers mentioned include the rail fence cipher, route cipher, columnar transposition, double transposition, and Myszkowski transposition. Cryptanalysis techniques for transposition ciphers involve analyzing letter frequencies and determining the number of columns. One-time pads are also briefly discussed, which use random bit strings for encryption but have limitations such as requiring the key to be securely transported.
MD5 is a cryptographic hash function that produces a 128-bit hash value for a message of any length. It was originally designed to provide authentication of digital signatures but is no longer considered reliable for cryptography due to techniques that can generate collisions. MD5 operates by padding the input, appending the length, dividing into blocks, initializing variables, processing blocks through 4 rounds of operations with different constants each round, and outputting the hash value. While it was intended to be difficult to find collisions or recover the input, MD5 is no longer considered cryptographically secure due to attacks demonstrating collisions.
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Cryptography is the art and science of securing communication and information by encoding messages so that they are unintelligible to unauthorized parties. It involves techniques for encrypting and decrypting messages to ensure confidentiality, authentication, and integrity. The document defines key terminology related to cryptography such as encryption, decryption, plaintext, ciphertext, and cryptanalysis. It also discusses different types of cryptographic techniques including symmetric and asymmetric encryption as well as cryptographic applications and characteristics.
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
The presentation describes basics of cryptography and information security. It covers goals of cryptography, history of cipher symmetric and public key cryptography
Principles of public key cryptography and its UsesMohsin Ali
This document discusses the principles of public key cryptography. It begins by defining asymmetric encryption and how it uses a public key and private key instead of a single shared key. It then discusses key concepts like digital certificates and public key infrastructure. The document also provides examples of how public key cryptography can be used, including the RSA algorithm and key distribution methods like public key directories and certificates. It explains how public key cryptography solves the key distribution problem present in symmetric encryption.
1) The document discusses various transposition ciphers including the rail fence cipher, route cipher, simple columnar transposition, and double transposition cipher. It explains how each cipher works through encrypting and decrypting sample messages.
2) Detection methods for transposition ciphers are also covered, such as frequency analysis and finding anagrams in the ciphertext. Simpler transposition ciphers can be vulnerable to these kinds of cryptanalysis techniques.
3) Genetic algorithms are mentioned as a way for cryptanalysts to find the most likely decryption key through probability calculations.
The document provides an overview of cipher techniques including:
- Classical techniques like transposition ciphers, substitution ciphers including the Caesar and Playfair ciphers, and polyalphabetic ciphers like the Vigenere cipher.
- Modern techniques like stream ciphers which encrypt bits one at a time using a pseudorandom keystream, and block ciphers which encrypt blocks of text.
- It also discusses cryptanalysis techniques for analyzing ciphers and discusses how to build more secure systems using techniques like the one-time pad or combining multiple ciphers.
This document discusses block ciphers, including their definition, structure, design principles, and avalanche effect. A block cipher operates on fixed-length blocks of bits and uses a symmetric key. It encrypts bits in blocks rather than one by one. Block ciphers have advantages like high diffusion but are slower than stream ciphers. They are built using the Feistel cipher structure with a number of rounds and keys. Important design principles for block ciphers include the number of rounds, design of the round function, and key schedule algorithm. The avalanche effect causes a small input change to result in a significant output change.
Information and network security 13 playfair cipherVaibhav Khanna
The Playfair cipher was the first practical digraph substitution cipher. The scheme was invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the cipher. In playfair cipher unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a single alphabet
RSA is a public-key cryptosystem that uses both public and private keys for encryption and decryption. It was the first practical implementation of such a cryptosystem. The algorithm involves four main steps: 1) generation of the public and private keys, 2) encryption of messages using the public key, 3) decryption of encrypted messages using the private key, and 4) potential cracking of the encrypted message. It works by using two large prime numbers to generate the keys and performs exponentiation and modulo operations on messages to encrypt and decrypt them. There were some drawbacks to the original RSA algorithm related to redundant calculations and representing letters numerically that opened it up to easier hacking. Enhancements to RSA improved it by choosing
The document describes the one-time pad cipher, which is considered theoretically unbreakable. It works by combining a plaintext message with a randomly generated key that is at least as long as the message. Each character of the key is combined with the corresponding character of the message using modular arithmetic. The key is then destroyed after use, and both the sender and receiver must have identical copies of the key to encrypt and decrypt messages. It provides perfect secrecy because an attacker with infinite computing power could not determine the original plaintext without the key.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
The document discusses the Data Encryption Standard (DES) cipher. It was the most widely used symmetric cipher but has been replaced by the Advanced Encryption Standard (AES). DES encrypts data in 64-bit blocks using a 56-bit key. It operates by applying an initial permutation to the plaintext block, dividing it into halves, and performing 16 rounds of substitution and permutation using 48-bit subkeys generated from the main key. Each round includes expanding, XORing with the subkey, and applying S-boxes and permutations to provide diffusion and confusion.
Cryptography is the practice and study of securing communication through techniques like encryption. It has evolved through manual, mechanical, and modern eras using computers. Cryptography aims to achieve goals like authentication, confidentiality, integrity, and non-repudiation. Common attacks include brute force, chosen plaintext, and differential power analysis. Symmetric cryptography uses a shared key while asymmetric uses public/private key pairs. Digital signatures and watermarks can authenticate documents. DRM and watermarks control digital content distribution.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
This document discusses message authentication codes (MACs). It explains that MACs use a shared symmetric key to authenticate messages, ensuring integrity and validating the sender. The document outlines the MAC generation and verification process, and notes that MACs provide authentication but not encryption. It then describes HMAC specifically, which applies a cryptographic hash function to the message and key to generate the MAC. The key steps of the HMAC process are detailed.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of encryption keys. While simple and fast, RC4 is no longer considered secure for many applications.
This document provides an overview of cryptography. It begins with basic definitions related to cryptography and a brief history of its use from ancient times to modern ciphers. It then describes different types of ciphers like stream ciphers, block ciphers, and public key cryptosystems. It also covers cryptography methods like symmetric and asymmetric algorithms. Common types of attacks on cryptosystems like brute force, chosen ciphertext, and frequency analysis are also discussed.
Block ciphers like DES encrypt data in blocks and are based on the Feistel cipher structure. DES encrypts 64-bit blocks using a 56-bit key and 16 rounds of encryption. Modern cryptanalysis techniques like differential and linear cryptanalysis use statistical analysis to reveal weaknesses in block ciphers, though DES remains relatively secure against these attacks. Careful design of block ciphers, including aspects like non-linear substitution boxes and complex key scheduling, aims to provide security against cryptanalysis.
This document discusses transposition ciphers, which is a method of encryption where the positions of plaintext units are shifted according to a regular system to produce the ciphertext. The order of units is changed by using a bijective function on the characters' positions to encrypt and an inverse function to decrypt. Some common transposition ciphers mentioned include the rail fence cipher, route cipher, columnar transposition, double transposition, and Myszkowski transposition. Cryptanalysis techniques for transposition ciphers involve analyzing letter frequencies and determining the number of columns. One-time pads are also briefly discussed, which use random bit strings for encryption but have limitations such as requiring the key to be securely transported.
MD5 is a cryptographic hash function that produces a 128-bit hash value for a message of any length. It was originally designed to provide authentication of digital signatures but is no longer considered reliable for cryptography due to techniques that can generate collisions. MD5 operates by padding the input, appending the length, dividing into blocks, initializing variables, processing blocks through 4 rounds of operations with different constants each round, and outputting the hash value. While it was intended to be difficult to find collisions or recover the input, MD5 is no longer considered cryptographically secure due to attacks demonstrating collisions.
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Cryptography is the art and science of securing communication and information by encoding messages so that they are unintelligible to unauthorized parties. It involves techniques for encrypting and decrypting messages to ensure confidentiality, authentication, and integrity. The document defines key terminology related to cryptography such as encryption, decryption, plaintext, ciphertext, and cryptanalysis. It also discusses different types of cryptographic techniques including symmetric and asymmetric encryption as well as cryptographic applications and characteristics.
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
The presentation describes basics of cryptography and information security. It covers goals of cryptography, history of cipher symmetric and public key cryptography
Principles of public key cryptography and its UsesMohsin Ali
This document discusses the principles of public key cryptography. It begins by defining asymmetric encryption and how it uses a public key and private key instead of a single shared key. It then discusses key concepts like digital certificates and public key infrastructure. The document also provides examples of how public key cryptography can be used, including the RSA algorithm and key distribution methods like public key directories and certificates. It explains how public key cryptography solves the key distribution problem present in symmetric encryption.
1) The document discusses various transposition ciphers including the rail fence cipher, route cipher, simple columnar transposition, and double transposition cipher. It explains how each cipher works through encrypting and decrypting sample messages.
2) Detection methods for transposition ciphers are also covered, such as frequency analysis and finding anagrams in the ciphertext. Simpler transposition ciphers can be vulnerable to these kinds of cryptanalysis techniques.
3) Genetic algorithms are mentioned as a way for cryptanalysts to find the most likely decryption key through probability calculations.
The document provides an overview of cipher techniques including:
- Classical techniques like transposition ciphers, substitution ciphers including the Caesar and Playfair ciphers, and polyalphabetic ciphers like the Vigenere cipher.
- Modern techniques like stream ciphers which encrypt bits one at a time using a pseudorandom keystream, and block ciphers which encrypt blocks of text.
- It also discusses cryptanalysis techniques for analyzing ciphers and discusses how to build more secure systems using techniques like the one-time pad or combining multiple ciphers.
This document discusses block ciphers, including their definition, structure, design principles, and avalanche effect. A block cipher operates on fixed-length blocks of bits and uses a symmetric key. It encrypts bits in blocks rather than one by one. Block ciphers have advantages like high diffusion but are slower than stream ciphers. They are built using the Feistel cipher structure with a number of rounds and keys. Important design principles for block ciphers include the number of rounds, design of the round function, and key schedule algorithm. The avalanche effect causes a small input change to result in a significant output change.
Information and network security 13 playfair cipherVaibhav Khanna
The Playfair cipher was the first practical digraph substitution cipher. The scheme was invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the cipher. In playfair cipher unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a single alphabet
RSA is a public-key cryptosystem that uses both public and private keys for encryption and decryption. It was the first practical implementation of such a cryptosystem. The algorithm involves four main steps: 1) generation of the public and private keys, 2) encryption of messages using the public key, 3) decryption of encrypted messages using the private key, and 4) potential cracking of the encrypted message. It works by using two large prime numbers to generate the keys and performs exponentiation and modulo operations on messages to encrypt and decrypt them. There were some drawbacks to the original RSA algorithm related to redundant calculations and representing letters numerically that opened it up to easier hacking. Enhancements to RSA improved it by choosing
The document describes the one-time pad cipher, which is considered theoretically unbreakable. It works by combining a plaintext message with a randomly generated key that is at least as long as the message. Each character of the key is combined with the corresponding character of the message using modular arithmetic. The key is then destroyed after use, and both the sender and receiver must have identical copies of the key to encrypt and decrypt messages. It provides perfect secrecy because an attacker with infinite computing power could not determine the original plaintext without the key.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
The document discusses the Data Encryption Standard (DES) cipher. It was the most widely used symmetric cipher but has been replaced by the Advanced Encryption Standard (AES). DES encrypts data in 64-bit blocks using a 56-bit key. It operates by applying an initial permutation to the plaintext block, dividing it into halves, and performing 16 rounds of substitution and permutation using 48-bit subkeys generated from the main key. Each round includes expanding, XORing with the subkey, and applying S-boxes and permutations to provide diffusion and confusion.
This document provides information about a network security course, including the instructor's contact details, course schedule, grading policy, reference materials, expectations, and course contents. The course will cover topics such as cryptography, network security applications, system security, and intrusion detection. Students will learn about network security principles, cryptography, authentication and encryption techniques, and security practices and applications.
This document summarizes the key topics covered in a class on network security. It introduces common security concepts like authentication, access control, data confidentiality and integrity. It also discusses common security threats like passive attacks, active attacks, and security services defined by the ITU-T standard X.800. The document provides examples of security mechanisms and an outline of the topics to be covered, including a whirlwind tour of computer networks and an anatomy of an attack in five phases.
Classical Encryption Techniques in Network Securitybabak danyal
The document provides an overview of classical encryption techniques, including: symmetric ciphers that use the same key for encryption and decryption (such as the Caesar cipher, monoalphabetic ciphers like the Playfair cipher, and polyalphabetic ciphers like the Vigenère cipher) as well as transposition techniques that rearrange plaintext; rotor machines like the Enigma that implemented complex polyalphabetic substitution; and steganography that hides messages within other files or messages. The goal is to introduce basic concepts and terminology of encryption to prepare for studying modern cryptography.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
The document discusses various types of computer attacks and malware including viruses, worms, Trojans, spyware and adware. It describes how viruses can replicate and infect other systems, and the importance of anti-virus software. Network attacks like denial of service attacks and distributed denial of service attacks are covered. Methods of protecting systems through firewalls, user education, and physical security measures are also summarized.
Network Security consists of the provisions and policies adopted by a network
administrator to prevent and monitor unauthorized access, misuse, modification,
or denial of a computer network and network-accessible resources. Network
security involves the authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are assigned an ID and
password or other authenticating information that allows them access to
information and programs within their authority.
Being aware of online and malware threats is the first step to computer security. In this presentation, we help you understand:
a. Importance of computer security
b. Consequences of ignoring computer security
c. Types of threats that can harm your computer
d. Measures to take to keep your computer safe
e. How can Quick Heal help
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
AES (Advanced Encryption Standard) is a symmetric block cipher algorithm that was adopted as a replacement for the DES (Data Encryption Standard) algorithm. AES is considered more secure than DES due to using a larger key size and being more computationally difficult to break. While AES is fast and reliable for encrypting files and documents, it is not suitable for encrypting communications due to the key exchange problem - for that, an asymmetric algorithm like RSA is typically used to securely exchange the AES key.
1. Formulate a testing plan with the client to identify systems to evaluate and the scope of testing allowed.
2. Remotely or locally access the target systems to find vulnerabilities by simulating common attacks.
3. Report any found vulnerabilities to the client along with recommendations on how to remedy security issues.
This document summarizes key concepts from Chapter 2 of the textbook "Cryptography and Network Security" on classical encryption techniques. It discusses symmetric encryption and the basic terminology used. It then covers various classical ciphers such as the Caesar cipher, monoalphabetic ciphers, the Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, and the one-time pad cipher. It also discusses methods of cryptanalysis for breaking these classical ciphers by analyzing letter frequencies and repetitions in the ciphertext.
This document summarizes classical encryption techniques discussed in the chapter, including monoalphabetic and polyalphabetic substitution ciphers, transposition ciphers, and product ciphers. It describes how cryptanalysis of monoalphabetic ciphers can be done by analyzing letter frequencies in the ciphertext. The Playfair cipher and Vigenère cipher are presented as examples of improving on the security of simple substitution ciphers. The document also introduces the concepts of stenography and the use of rotor machines to further strengthen encryption.
This document provides an overview of symmetric encryption techniques, including:
- Symmetric encryption uses a shared secret key for both encryption and decryption.
- Classical encryption algorithms like the Caesar cipher and monoalphabetic substitution ciphers can be broken through frequency analysis.
- The Playfair cipher improved security over monoalphabetic ciphers by encrypting digrams, but it can still be broken with enough ciphertext.
- Polyalphabetic ciphers like the Vigenère cipher further increase security by using multiple cipher alphabets selected by a keyword.
This document provides an overview of the Data Encryption Standard (DES). It begins with a review of classical cryptography techniques like monoalphabetic and polyalphabetic ciphers. It then discusses the history and design of the DES algorithm, including its Feistel cipher structure using substitution boxes and permutation functions. The document also notes controversies around the DES key size and the algorithm's adoption as a standard. While DES was widely used, concerns were raised about its 56-bit key being vulnerable to brute force attacks with increasing computational power.
This document discusses classical encryption techniques including monoalphabetic substitution ciphers like the Caesar cipher and cryptanalysis using letter frequencies. It also covers the Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, transposition ciphers, product ciphers combining multiple techniques, and steganography for hiding messages. Rotor machines like the Enigma machine are presented as early examples of complex ciphers before the development of modern cryptography.
The Roman number system was very cumbersome because there was no concept ... Historical pen and paper ciphers used in the past are sometimes known as ...
The document discusses various cryptographic techniques for encrypting messages. It begins by defining key terminology used in cryptography. It then explains the basic principles of conventional encryption, which uses a secret key shared between the sender and receiver. The document outlines different types of cryptanalytic attacks and describes brute force search attacks. It classifies cryptographic techniques based on the type of operations used, number of keys, and how plaintext is processed. Finally, it provides examples of specific symmetric encryption techniques like the Caesar cipher, Playfair cipher, Vigenère cipher, one-time pad cipher, and transposition ciphers like the rail fence cipher and row transposition cipher.
The document provides an overview of elementary cryptography concepts including:
- Substitution and transposition ciphers such as Caesar cipher, Playfair cipher and Vigenère cipher. Frequency analysis and other cryptanalysis techniques are also discussed.
- The Data Encryption Standard (DES) which encrypts data in 64-bit blocks using a 56-bit key and 16 rounds of processing.
- Triple DES and issues with DES key length that led to it being broken. Linear cryptanalysis is also introduced.
- Public key encryption techniques that use asymmetric keys allowing encryption and decryption with different keys.
Information security powerpoint presentationMuneebZahid10
The document defines several basic cryptographic concepts and classical encryption techniques. It discusses cryptography, cryptanalysis, cryptology, cryptographic systems, and classes of cryptographic systems including unkeyed, secret key, and public key systems. It then covers classical techniques like the Caesar cipher, Playfair cipher, Vigenere cipher, transposition ciphers, the One-Time Pad, and rotor machines. Frequency analysis is also introduced as a cryptanalysis technique to break simple substitution ciphers.
The document provides an overview of classical encryption techniques, including: symmetric ciphers that use the same key for encryption and decryption (such as the Caesar cipher, monoalphabetic ciphers like the Playfair cipher, and polyalphabetic ciphers like the Vigenère cipher) as well as transposition techniques that rearrange plaintext; rotor machines like the Enigma that implemented complex polyalphabetic substitution; and steganography that hides messages within other files like images. The goal is to introduce basic concepts of encryption to prepare for studying modern cryptography.
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography and computer security.
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography and computer security.
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography.
detailed presentation on cryptography analysisBARATH800940
The document discusses computer security and cryptography. It covers the basic needs and requirements of secure communication, including secrecy, authentication, and message integrity. It then describes the basics of cryptography, including encryption algorithms, symmetric and asymmetric encryption methods, and some common algorithms like DES, Triple DES, RSA, and El Gamal. It also discusses cryptanalysis techniques for breaking encryption codes. Overall, the document provides a high-level overview of the key concepts and methods in computer security and cryptography.
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography and computer security.
The document discusses computer security and cryptography. It provides an overview of the basic needs for secure communication including secrecy, authentication, and message integrity. It then describes the basics of cryptography including encryption, decryption, symmetric and asymmetric algorithms. Specific algorithms discussed include DES, Triple DES, RSA and El Gamal. It also covers cryptanalysis techniques for breaking encryption codes.
Computer security involves cryptography to provide secure communication. Cryptography has two main components: encryption to hide messages and authentication/integrity to verify user identity and message integrity. There are requirements for secure communication including secrecy, authentication, and message integrity. Cryptographic algorithms like DES and AES are used along with keys to encrypt/decrypt data. Public key cryptography uses different keys for encryption and decryption allowing secure key exchange.
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography.
the art of the fking dum crypto_basic.pptjamkhan10
This document discusses computer security and cryptography. It covers the basics of cryptography including the needs for secure communication, encryption algorithms, symmetric and asymmetric encryption, encryption standards like DES and AES, cryptanalysis techniques, and authentication methods. It provides an overview of the key concepts and techniques in cryptography and computer security.
This document discusses activities and time planning for software project management. It covers topics like motivation for studying project management due to poor track records of IT projects, the definition of a project, attributes of projects, examples of IT projects, and the nine knowledge areas of project management. It also discusses a hierarchy of activities including work breakdown structure, advantages and disadvantages of project management, and the growing project management profession.
This document provides an introduction to steganography. It defines steganography as concealing a file within another file by hiding information in images, audio, or video. The document outlines the history of steganography and its applications. It also discusses basic terminology, fields related to information hiding, steganalysis, and some common steganography tools. The document concludes with describing steganographic techniques such as least significant bit substitution and exercises for readers.
This document discusses activities and time planning for software project management. It defines key project management terms like project, work breakdown structure, and knowledge areas. It also discusses the importance of project management given the poor track record of many IT projects. Effective project management can help deliver projects on time, on budget and meeting requirements through techniques like developing a work breakdown structure, defining roles and responsibilities, and managing scope, schedule, costs, quality and risks.
The document discusses network security terminology such as threats, attacks, risk analysis, and cryptography. It defines common threats like spoofing, tampering, repudiation, and denial-of-service attacks. The document also outlines the steps for performing risk analysis and includes an exercise asking questions about finding, removing, and preventing vulnerabilities.
This document summarizes key points from Chapter 4 of Ian Sommerville's Software Engineering textbook. It discusses project management, including planning, scheduling, risk management, and the distinctive challenges of managing software projects. Specifically, it notes that good project management is essential for success, planning and estimating are iterative processes, and risk management involves identifying and mitigating potential threats to the project.
This document provides an overview of software testing fundamentals. It discusses that software testing is a critical part of quality assurance and aims to identify errors by exercising a program with sample inputs and comparing actual outcomes to expected outcomes. There are different types of testing such as white box testing, which tests internal program structure, and black box testing, which tests external functionality without knowledge of internal structure. The document also outlines testing strategies, techniques for different types of tests, and the importance of testing in the software development process.
This document discusses various electronic payment methods. It describes e-payment systems and their importance for e-commerce. Then it outlines different types of e-payment systems including PayPal, Mondex, eBay, Bitcoin, digital wallets, digital cash, online stored value systems, digital accumulating balance payment systems, digital credit accounts, and digital checking. For each type, it provides details on how the system works and examples.
This document provides an overview of search engine optimization (SEO) including:
- Definitions of key SEO terms like search engines, crawling, indexing, and ranking algorithms.
- The basic SEO process including on-page and off-page optimization techniques.
- On-page optimization elements like titles, meta descriptions, internal links.
- Off-page optimization techniques like link building and social sharing.
- The difference between white hat and black hat SEO strategies.
- An introduction to Google algorithms like Panda, Penguin and Hummingbird.
- Recommended SEO tools to use.
The document discusses the A* search algorithm, which is an informed search or heuristic search algorithm. A* combines the best aspects of uniform cost search and greedy best-first search. It is guaranteed to find the shortest path to the goal, if such a path exists. A* evaluates nodes by using both the path cost from the start node to the current node, plus an estimate of the cost to get from the current node to the goal node. It prioritizes expanding the most promising nodes first, those with the lowest combined cost. A* is optimal and admissible if the heuristic function never overestimates the actual cost to the goal.
This document discusses enterprise application integration (EAI). It defines EAI as the unrestricted sharing of data and business processes among any connected applications and data sources in an enterprise. The document outlines EAI architectures including multi-tier architectures with presentation, application, and data tiers. It also discusses middleware, which allows communication across different platforms and between legacy and modern applications. The benefits of EAI include lower development and maintenance costs through looser coupling of systems and quicker integration.
The document discusses the different types of UML diagrams used for modeling software systems. There are two main categories of UML diagrams - structural diagrams, which depict the static elements of a system, and behavioral diagrams, which depict the dynamic behavior and interactions of system components. Some key UML diagram types discussed include class diagrams, component diagrams, deployment diagrams, activity diagrams, sequence diagrams, use case diagrams, and state machine diagrams. The document provides examples and brief explanations of when each diagram type is used.
Edraw Max is a comprehensive diagramming software that allows users to easily create a wide range of professional-looking diagrams, including flowcharts, org charts, network diagrams, and more. It has a large library of vector shapes and templates. The software has an intuitive Office-style interface and is easy to use, even for those with no training. Edraw Max allows users to quickly design diagrams using built-in templates and examples and arrange and style elements for professional results.
This document discusses methods for rapid software development. It covers topics like agile methods, extreme programming, rapid application development, and software prototyping. Some key points made are:
- Rapid development is needed to quickly respond to changing business needs, even if it means lower initial quality.
- Agile methods focus on iterative development and early delivery of working software that can evolve rapidly based on changing requirements.
- Rapid application development uses tools that facilitate rapid creation of interfaces and reports linked to a database.
- Visual programming allows rapid prototyping through a graphical interface but can cause coordination and maintenance issues for large projects.
Microsoft Project is a project management software that helps plan, assign resources, track progress, manage budgets, and analyze workloads for projects. It was first released in 1984 and acquired by Microsoft in 1985. The latest version is Microsoft Project 2013. It allows users to create project schedules and budgets, assign resources to tasks, track progress, and keep project teams aligned to complete projects on time and on budget. Microsoft Project provides robust management tools to help users efficiently and effectively manage all aspects of a project throughout its life cycle from planning to closing.
Iterative development breaks down software development into smaller chunks called iterations. In each iteration, features are designed, developed, and tested, with additional features added in subsequent iterations until a fully functional application is ready. The iterative process follows the ADCOT principles of analysis, design, coding, and testing. It progresses through phases of inception to identify high-level requirements, elaboration to deliver a working architecture, construction to incrementally develop features, and transition to deploy the application. Iterative development allows for backtracking and modifications between iterations, in contrast to the waterfall method which completes each development step in full before moving to the next.
The document discusses Computer Aided Software Engineering (CASE) tools. It defines CASE as the use of software tools to assist in software development and maintenance. It outlines that CASE tools can help improve quality, maintenance and project management. The document then describes different types of CASE tools, including diagramming, process modeling, project management, documentation, analysis, design, configuration management, programming, prototyping and quality assurance tools. It concludes that CASE tools can increase productivity, decrease costs and enhance product quality when used appropriately.
The document discusses various technologies that are shaping the enterprise integration landscape, including legacy systems, data warehousing, enterprise application integration, electronic commerce, web-enabled applications, XML, workflow management, distributed objects, components, UML, digital signatures, wireless devices, knowledge management, agent technology, interactive voice, and model driven architecture. It provides brief descriptions of each technology and some key challenges related to enterprise integration.
The document discusses the importance of requirements gathering for project success. It notes that 70-80% of project failures can be attributed to poor requirements gathering, analysis, and management. While requirements gathering is critical, it is often overlooked or not allocated enough time. The document provides five key components of effective requirements gathering: clearly defining requirements before scope, identifying project and product requirements, adequately documenting requirements, selecting the right methodology, and engaging diverse users. It emphasizes that requirements gathering lays the foundation for a successful project.
JavaScript (JS) is a scripting language that is dynamic, weakly typed and has first-class functions, supporting object-oriented, imperative and functional programming. It is commonly used in web browsers to provide dynamic and interactive user interfaces and websites.
This document discusses latches and their design process. It begins by defining a latch as a circuit that has two stable states and can store state information. It then describes the different types of latches including asynchronous and synchronous latches. The RS latch is examined in more detail with diagrams of its logic structure and a truth table. Key properties of the RS latch are that it uses two inputs called Set and Reset to store a 1 or 0 without a clock, and it can immediately change its output when the inputs change.
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024yarusun
Are you worried about your preparation for the UiPath Power Platform Functional Consultant Certification Exam? You can come to DumpsBase to download the latest UiPath UIPATH-ADPV1 exam dumps (V11.02) to evaluate your preparation for the UIPATH-ADPV1 exam with the PDF format and testing engine software. The latest UiPath UIPATH-ADPV1 exam questions and answers go over every subject on the exam so you can easily understand them. You won't need to worry about passing the UIPATH-ADPV1 exam if you master all of these UiPath UIPATH-ADPV1 dumps (V11.02) of DumpsBase. #UIPATH-ADPV1 Dumps #UIPATH-ADPV1 #UIPATH-ADPV1 Exam Dumps
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapitolTechU
Slides from a Capitol Technology University webinar held June 20, 2024. The webinar featured Dr. Donovan Wright, presenting on the Department of Defense Digital Transformation.
8+8+8 Rule Of Time Management For Better ProductivityRuchiRathor2
This is a great way to be more productive but a few things to
Keep in mind:
- The 8+8+8 rule offers a general guideline. You may need to adjust the schedule depending on your individual needs and commitments.
- Some days may require more work or less sleep, demanding flexibility in your approach.
- The key is to be mindful of your time allocation and strive for a healthy balance across the three categories.
Brand Guideline of Bashundhara A4 Paper - 2024khabri85
It outlines the basic identity elements such as symbol, logotype, colors, and typefaces. It provides examples of applying the identity to materials like letterhead, business cards, reports, folders, and websites.
bryophytes.pptx bsc botany honours second semester
Classical Encryption Techniques
1. Classical Encryption Techniques 1
BSIT-7th
Delivered by Inam ul Haq
Chapter 2 Cryptography and Network Security by William Stallings
2. Table of Contents
• 2 Main Types of Encryption
• Symmetric Encryption
• Basic Terminologies
• Symmetric Cipher Model
• Cryptography & Cryptanalysis
• Brute Force Search
• Ciphers [Caesar, Monoalphabetic, ]
3. 2 Main Encryption Types
• Two main encryption types are
• Symmetric: the same key is used for
both encryption and decryption
• Asymmetric: different keys for
encryption and decryption, e.g. public-key
encryption such as RSA.
4. Symmetric Encryption
• Encryption and decryption keys are same
• Conventional / private-key / single-key
• Sender and recipient share a common key
• All classical encryption algorithms are private-
key
• First prior to invention of public-key in 1970’s
• Most widely used
5. Some Basic Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
7. Requirements
• Two requirements for secure use of
symmetric encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
• mathematically:
Y = E(K, X)
X = D(K, Y)
• Assume encryption algorithm is known
• Implies a secure channel to distribute key
8. Cryptography
• Can characterize cryptographic system by:
– type of encryption operations used
• substitution
• transposition
• product
– number of keys used
• single-key or private
• two-key or public
– way in which plaintext is processed
• block
• stream
9. Cryptanalysis
• Objective to recover key not just message
• General approaches:
– cryptanalytic attack
– brute-force attack
• if either succeed all keys are compromised
10. Types of Attacks on Encrypted Messages
ciphertext only
only know algorithm & ciphertext, is statistical, know or
can identify plaintext
known plaintext
know/suspect plaintext & ciphertext
chosen plaintext
select plaintext and obtain ciphertext
chosen ciphertext
select ciphertext and obtain plaintext
chosen text
select plaintext or ciphertext to en/decrypt
11. More Definitions
Unconditional security
no matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
Computational security
given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
12. Brute Force Search
• Try every possible character (from dictionary)
• most basic attack, proportional to key size
• assume either know / recognise plaintext
4-Digits PIN < 1s
Upper+Lower+Number+Symbol <25s
6 characters 11hrs
7 characters 6 weeks
8 characters 5 months
9 characters 10 years
13. 1-Caesar Cipher
• Earliest known substitution cipher
• By Julius Caesar
• First attested use in military affairs
• Replaces each letter by 3rd letter on
• example:
14. 1-Caesar Cipher
1-Monoalphabetic substitution
– One table describes all substitutions
– Jump x step in the alphabet where 0 ≥ x ≥ 26
– If x = 3 then the table below could be used for
encryption and decryption
– ROT 13 another Caesar cipher
15. Cryptanalysis of Caesar Cipher
only have 26 possible ciphers
A maps to A,B,..Z
could simply try each in turn
a brute force search
given ciphertext, just try all shifts of letters
do need to recognize when have plaintext
eg. break ciphertext "GCUA VQ DTGCM"
16. 1-Caesar Cipher
• 1-Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026
keys
• with so many keys, might think is secure
• but would be !!!WRONG!!!
• problem is language characteristics
17. Language Redundancy and
Cryptanalysis
human languages are redundant
eg "th lrd s m shphrd shll nt wnt"
letters are not equally commonly used
in English E is by far the most common letter
followed by T, A, O, I
other letters like Z,J,Q,X are fairly rare
have tables of single, double & triple letter
frequencies for various languages
19. 2-Polyalphabetic Cipher
• Also substitution cipher
• Vigenère cipher is probably the best-known example
• Polyalphabetic cipher that uses a tableau of 26 alphabets
! Invented by Blaise de Vigenère in the 16th century
• Encrypting a plaintext character:
! Lookup the column that corresponds to the current character in
the key
! Use the row that begins with the current plaintext character
! Replace the plaintext character with the one highlighted by the
current column and row
! To decrypt, just reverse the procedure
21. 2-Polyalphabetic Cipher (Vigenère cipher)
• ! Key phrase = ”Boldtbol dtb oldtboldt”
! Plaintext = ”Overhead the albatross”
! Ciphertext = ”Pjpuafoo waf owetufzvl”
! So, which keyword was used?
22. 3-Playfair Cipher
not even the large number of keys in a
monoalphabetic cipher provides security
one approach to improving security was to
encrypt multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
23. Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (filter duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
24. Encrypting and Decrypting
• plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X’
2. if both letters fall in the same row, replace each
with letter to right (wrapping back to start from
end)
3. if both letters fall in the same column, replace
each with the letter below it (wrapping to top
from bottom)
4. otherwise each letter is replaced by the letter in
the same row and in the column of the other letter
of the pair
25. Security of Playfair Cipher
Security much improved over monoalphabetic
Better than Vigenere cipher
Widely used for many years
eg. by US & British military in WW1
How to decipher?
Since still has much of plaintext structure
26. Exercise
– Can you make your cipher?
– How to decipher Playfair?
– How many times Caesar Cipher has been broken?
Editor's Notes
Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 2 – “Classical Encryption Techniques”.
Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type of encryption in use prior to the development of public-key encryption in the 1970s. It remains by far the most widely used of the two types of encryption. All traditional schemes are symmetric / single key / private-key encryption algorithms, with a single key, used for both encryption and decryption. Since both sender and receiver are equivalent, either can encrypt or decrypt messages using that common key.
Briefly review some terminology used throughout the course.
Detail the five ingredients of the symmetric cipher model, shown in Stallings Figure 2.1:
plaintext - original message
encryption algorithm – performs substitutions/transformations on plaintext
secret key – control exact substitutions/transformations used in encryption algorithm
ciphertext - scrambled message
decryption algorithm – inverse of encryption algorithm
There are two requirements for secure use of conventional encryption that mean we assume that it is impractical to decrypt a message on the basis of the cipher- text plus knowledge of the encryption/decryption algorithm, and hence do not need to keep the algorithm secret; rather we only need to keep the key secret. This feature of symmetric encryption is what makes it feasible for widespread use. It allows easy distribution of s/w and h/w implementations.
Can take a closer look at the essential elements of a symmetric encryption scheme: mathematically it can be considered a pair of functions with: plaintext X, ciphertext Y, key K, encryption algorithm E, decryption algorithm D. The intended receiver, in possession of the key, is able to invert the transformation. An opponent, observing Y but not having access to K or X, may attempt to recover X or K.
Cryptographic systems can be characterized along these three independent dimensions.
The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.
The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
Typically objective is to recover the key in use rather then simply to recover the plaintext of a single ciphertext. There are two general approaches:
Cryptanalysis: relies on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext- ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
Brute-force attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average,half of all possible keys must be tried to achieve success.
If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.
Stallings Table 2.1 summarizes the various types of cryptanalytic attacks, based on the amount of information known to the cryptanalyst, from least to most. The most difficult problem is presented when all that is available is the ciphertext only. In some cases, not even the encryption algorithm is known, but in general we can assume that the opponent does know the algorithm used for encryption. Then with increasing information have the other attacks. Generally, an encryption algorithm is designed to withstand a known-plaintext attack.
Two more definitions are worthy of note. An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if either the cost of breaking the cipher exceeds the value of the encrypted information, or the time required to break the cipher exceeds the useful lifetime of the information. Unconditional security would be nice, but the only known such cipher is the one-time pad (later).
For all reasonable encryption algorithms, we have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.
A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Stallings Table 2.2 shows how much time is required to conduct a brute-force attack, for various common key sizes (DES is 56, AES is 128, Triple-DES is 168, plus general mono-alphabetic cipher), where either a single system or a million parallel systems, are used.
Substitution ciphers form the first of the fundamental building blocks. The core idea is to replace one basic unit (letter/byte) with another. Whilst the early Greeks described several substitution ciphers, the first attested use in military affairs of one was by Julius Caesar, described by him in Gallic Wars (cf. Kahn pp83-84). Still call any cipher using a simple letter shift a caesar cipher, not just those with shift 3.
This mathematical description uses modulo (clock) arithmetic. Here, when you reach Z you go back to A and start again. Mod 26 implies that when you reach 26, you use 0 instead (ie the letter after Z, or 25 + 1 goes to A or 0).
Example: howdy (7,14,22,3,24) encrypted using key f (ie a shift of 5) is MTBID
With a caesar cipher, there are only 26 possible keys, of which only 25 are of any use, since mapping A to A etc doesn&apos;t really obscure the message! Note this basic rule of cryptanalysis &quot;check to ensure the cipher operator hasn&apos;t goofed and sent a plaintext message by mistake&quot;!
Can try each of the keys (shifts) in turn, until can recognise the original message. See Stallings Fig 2.3 for example of search.
Note: as mentioned before, do need to be able to recognise when have an original message (ie is it English or whatever). Usually easy for humans, hard for computers. Though if using say compressed data could be much harder.
Example &quot;GCUA VQ DTGCM&quot; when broken gives &quot;easy to break&quot;, with a shift of 2 (key C).
Note that even given the very large number of keys, being 10 orders of magnitude greater than the key space for DES, the monoalphabetic substitution cipher is not secure, because it does not sufficiently obscure the underlying language characteristics.
As the example shows, we don&apos;t actually need all the letters in order to understand written English text. Here vowels were removed, but they&apos;re not the only redundancy. cf written Hebrew has no vowels for same reason. Are usually familiar with &quot;party conversations&quot;, can hear one person speaking out of hubbub of many, again because of redundancy in aural language also. This redundancy is also the reason we can compress text files, the computer can derive a more compact encoding without losing any information. Basic idea is to count the relative frequencies of letters, and note the resulting pattern.
Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies. Stallings Figure 2.5 shows English letter frequencies. Seberry & Pieprzyk, &quot;Cryptography - An Introduction to Computer Security&quot;, Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European & Japanese & Malay). Also useful are tables of common two-letter combinations, known as digrams, and three-letter combinations, known as trigrams.
Consider ways to reduce the &quot;spikyness&quot; of natural language text, since if just map one letter always to another, the frequency distribution is just shuffled. One approach is to encrypt more than one letter at once. The Playfair cipher is an example of doing this, treats digrams in the plaintext as single units and translates these units into ciphertext digrams.
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use of a 5x5 matrix of letters constructed using a keyword. The rules for filling in this 5x5 matrix are: L to R, top to bottom, first with keyword after duplicate letters have been removed, and then with the remain letters, with I/J used as a single letter. This example comes from Dorothy Sayer&apos;s book &quot;Have His Carcase&quot;, in which Lord Peter Wimsey solves it, and describes the use of a probably word attack.
Plaintext is encrypted two letters at a time,according to the rules as shown. Note how you wrap from right side back to left, or from bottom back to top.
if a pair is a repeated letter, insert a filler like &apos;X&apos;, eg. &quot;balloon&quot; encrypts as &quot;ba lx lo on&quot;
if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar&quot; encrypts as &quot;RM&quot;
if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu&quot; encrypts to &quot;CM&quot;
otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs&quot; encrypts to &quot;BP&quot;, and “ea&quot; to &quot;IM&quot; or &quot;JM&quot; (as desired)
Decrypting of course works exactly in reverse. Can see this by working the example pairs shown, backwards.
The Playfair cipher is a great advance over simple monoalphabetic ciphers, since there are 26*26=676 digrams (vs 26 letters), so that identification of individual digrams is more difficult. Also,the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. The Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S.Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient.