CHAPTER

3
Cryptography and
Network Security
Objectives…
To understand Concept of Network Security
To learn Concept of Cryptography
To study Security Services

3.0 INTRODUCTION
• Today, the use of computer with Internet is increasing rapidly. At the same time
security challenges are also increasing.
• A number of software tools are available which help the attackers/interceptors to
attack computers easily.
• Therefore, security becomes an important issue in computer field, when
data/information is transmitted on a computer network. No one can deny the
importance of security in computer networks.
• Network security is an emerging field which helps to protect the computer from
various attacks.
• Computer security means to protect information. Network security means protection
of data on the network during data transmission.
• Computer security deals with prevention and detection of unauthorized actions by
users of a computer.
• Network security issues include protecting data from unauthorized access, protecting
data from damage and development and implementing policies and procedures for
recovery from breaches and data losses.
• Security in networking is based on cryptography. Cryptography is the science and art
of achieving security by encoding messages to make them non-readable.
• The art and science of concealing the messages to introduce secrecy in information
security is recognized as cryptography.
• Network security consists of the policies and practices adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of a computer network and
network-accessible resources.

3.1
Computer Networks - II Cryptography and Network Security

3.1 CRYPTOGRAPHY (April 16, 18, Oct. 17)

• Today, we are living in the information age. We need to keep information about every
aspect of our lives.
• In other words, information is an asset that has a value like any other asset. As an
asset, information needs to be secured from attacks.
• An attack is any kind of malicious activity that attempts to collect, disrupt, deny,
degrade, or destroy information system resources or the information itself.
• An attacker is a person or process that attempts to access data, functions or other
restricted areas of the system without authorization, potentially with malicious intent.
• To be secured, information needs to be hidden from unauthorized access
(confidentiality), protected from unauthorized change (integrity), and available to an
authorized entity when it is needed (avaliability).
• Cryptography is technique of securing information through use of codes so that only
those users for whom the information is intended can understand it and process it.
Thus preventing unauthorized access to information.
• The word ‘cryptography’ was coined by combining two Greek words, ‘krypto’ meaning
hidden or secret and ‘graphene’ meaning writing. So, Cryptography, a word with
Greek origins, means “secret writing.”
• Cryptography is an art and science of transforming messages so as to make them
secure and immune to attacks.
• Cryptography involves the process of encryption and decryption of messages using
secret keys. The process of cryptography is shown in Fig. 3.1.
• Encryption is a process which transforms the original message into an unrecognizable
or unreadable form.
• The sender requires an encryption algorithm and a key to transform the plaintext
(original message) into a ciphertext (encrypted message),
• Decryption is a process of converting encoded/encrypted message to its original form.
The receiver uses a decryption algorithm and a key to transform the ciphertext back to
original plaintext.

Fig. 3.1: Cryptography

• The word steganography, with origin in Greek, means “covered writing,” in contrast
with cryptography, which means “secret writing.” (April 16, 17)

3.2
Computer Networks - II Cryptography and Network Security

• Cryptography means concealing the contents of a message by enciphering;

steganography means concealing the message itself by covering it with something else.
• The terminology used in cryptography is given below:
1. Plaintext and Ciphertext: The original message, before being transformed is
called plaintext. After the message is transformed, it is called ciphertext. It is the
scrambled message produced as output. It depends upon the plaintext and the key.
2. Encryption Algorithm: The encryption algorithm is the algorithm that performs
various substitutions and transformations on the plaintext. Encryption is the
process of changing plaintext into cipher text. We refer to encryption and
decryption algorithms as ciphers. A cipher (or cypher) is an algorithm for
performing encryption or decryption, a series of well-defined steps that can be
followed as a procedure. (April 16, 17)
3. Decryption Algorithm: The process of changing Ciphertext into plain text is
known as decryption. Decryption algorithm is essentially the encryption algorithm
run in reverse. It takes the Ciphertext and the key and produces the original
plaintext.
4. Key: A key is a number (or a set of numbers) that the cipher, as an algorithm,
operates on. It also acts as input to the encryption algorithm. The exact
substitutions and transformations performed by the algorithm depend on the key.
Thus, a key is a number or a set of number that the algorithm uses to perform
encryption and decryption.
3.1.1 Encryption Model (April 16)

• Cryptography is the art and science of achieving security by encoding messages to

make them non-readable.
• Cryptanalysis is the technique of decoding messages from a non-readable format back
to readable format without knowing how they were initially converted from readable
format to non-readable format.
• Cryptology is a combination of cryptography and cryptanalysis. In the early days,
cryptography is used to be performed by using manual techniques.
• Today, computers perform these cryptographic functions making the process faster
and secure.
• Cleartext or plaintext signifies a message that can be understood by the sender, the
recipient and also by anyone else who gets an access to that message.
• When a plaintext message is codified using any suitable scheme, the resulting message
is called as ciphertext.
• Encryption model involves transforming plaintext messages into ciphertext messages
that are to be decrypted only by the intended receiver.

3.3
Computer Networks - II Cryptography and Network Security

• Both sender and receiver agree upon a secrete key to be used in encrypting and
decrypting. Usually the secrete key is transmitted via public key encryption methods.
• In the traditional encryption model, there should be at least two parties to perform
secure communication.
• Let us take the sender name as Yogita and the receiver name as Amar. Yogita wants to
communicate a message with Amar in a secure way.
• In order to do that, the original intelligible message called plaintext is converted into
an unintelligible message by Yogita and is sent to Amar.
• To convert the plain-text into ciphertext, the encryption operation takes two
parameters as input. They are the original intelligible message (P) and a key (K).
• The key is some bits of information which is generated from a source called key
generator.
• The key is generated independently of the plaintext and is used to convert intelligible
message from the original unintelligible message (vice versa).
• The encryption algorithm uses an encryption function which will produce different
ciphertext values for the same plaintext value using different key values.
• Fig. 3.2 shows a conventional encryption model that consists of three components,
namely the sender (Yogita), the receiver (Amar) and the attacker (Eavesdropper).
• The main objective of this model is to enable Yogita and Amar to communicate over an
insecure channel in such a way that the attacker (Eavesdropper) should not
understand the original plaintext.
• Initially, Yogita is generating the plaintext P and sends it to the encryption algorithm.
The encryption algorithm uses an encryption function to convert the plaintext P into
the ciphertext C using a key value K.
• After computing the ciphertext, Yogita transmits it through insecure channel. At the
receiver side (Amar), the ciphertext is converted back into the original plaintext using
the same key with the help of a decryption algorithm.
• According to Kerckhoffs principle, the encryption method is assumed to be known to
the attacker (Eavesdropper). However, both the sender and receiver keeps the key as
secret.
• As shown in Fig. 3.2, the plaintext P and the key K are given as input to the encryption
algorithm to produce the ciphertext C and it can be represented as given below:
C = EK(P)
where, P = plaintext, K = encryption and decryption key, E = encryption algorithm,
C = ciphertext.
• At the receiver side, the ciphertext C and the key K are given as input to the decryption
algorithm to produce the plaintext P and it can be represented as given below:
P = DK (C) = (DK (EK(P))) = P
where, D = decryption algorithm

3.4
Computer Networks - II Cryptography and Network Security

• During the transmission of the ciphertext, an attacker can capture the ciphertext and
tries to perform the following actions:
1. The attacker can find the original plaintext.
2. The attacker can find the key from which he/she can read all messages that are
encrypted with the same key in the future.
3. Once the key is found, the attacker can modify the original plaintext into another
message in such a way that Amar will believe that the message is coming from
Yogita.
4. The attacker makes Amar to believe that Amar is communicating with Yogita.
Eavesdropper K

P Encryption C Decryption P
Yogita Amar
algorithm algorithm

Secure channel
Key
generator

Fig. 3.2: Encryption Model

3.1.2 Basic Terms in Cryptography

• Cryptography also called as secret writing which is used to hide the original message.
Cryptography is simply the mathematical "scrambling" of data.
• In this section we will study basic terms used in cryptography like plaintext,
ciphertext, cryptograph, cryptology and so on.
1. Plaintext: (April 19)
• A message in its original form is called as plaintext. It is the data to be protected
during transmission.
• Plaintext is the message to be encrypted (secret text). Data in readable format called as
cleartext.

Hi Amar

Rohan

Fig. 3.3: Example of a Plaintext Message

3.5
Computer Networks - II Cryptography and Network Security

2. Ciphertext: (April 19)

• A message in the disguise form is called as ciphertext. It is the encrypted text (Refer
Fig. 3.4).
• Ciphertext is the scrambled version of the plaintext produced by the encryption
algorithm using a specific the encryption key.

Fig. 3.4: Example of Ciphertext (Encrypted Data)

3. Cryptograph:
• Cryptography is art of codifying messages, so that they become unreadable. It is the
science of using mathematics to encrypt and decrypt data.
• Cryptography is the art of secret writing. The user can secure his/her message using
different techniques of cryptography. He/she can securely store or transmit the
message using these techniques.
• Cryptography is the art and science of achieving security by encoding messages to
make them non-readable/unreadable.
• Cryptography is a method of storing and transmitting data in a particular form so
that only those for whom it is intended can read and process it.

Welcome to sspp Cryptography RHs %$ s89

(plain text) system (Cipher text)

Fig. 3.5: Cryptography System

• Cryptographic systems or cryptosystems convert a plaintext message to a ciphertext
message using a cryptographic key.
• The mechanism that applies the key to the message is called a cryptographic algorithm
or a cipher. An algorithm for transforming plaintext to ciphertext is called as cipher.
• An algorithm is a step-by-step problem-solving procedure, for solving a problem in a
finite number of steps.
• In the context of encryption, an algorithm is the mathematical formula or set of
mathematical rules used to scramble and unscramble data.
• A key is specific string of data used to encrypt the plaintext or decrypt the ciphertext.
Key is the secret information in a cryptographic operation.

3.6
Computer Networks - II Cryptography and Network Security

• Some critical information used in the cipher, known only to sender and receiver is
called as key.
• The process of converting plaintext to ciphertext using a cipher and a key is called as
encryption. The process of converting ciphertext back into plaintext using a cipher
and a key is called as description.
• Fig. 3.6 shows a sender who wants to transfer some sensitive data to a receiver in such
a way that any party intercepting or eavesdropping on the communication channel
cannot extract the data.
• The objective of this simple crypto-system is that at the end of the process, only the
sender and the receiver will know the plaintext.
• Encryption algorithm is a crypto-graphic algorithm that takes plaintext and an
encryption key as input and produces a ciphertext.
• Decryption algorithm is a crypto-graphic algorithm that takes a ciphertext and a
decryption key as input, and outputs a plaintext.
• The decryption algorithm essentially reverses the encryption algorithm and is thus
closely related to it.

Encryption
Message in Message in
key
plaintext plaintext

Encrypt Decrypt

Decryption
Message key Message
in ciphertext in ciphertext

Insecure
network

Fig. 3.6
• Encryption key is a value that is known to the sender. The sender inputs the
encryption key into the encryption algorithm along with the plaintext in order to
compute the ciphertext.
• Decryption key is a value that is known to the receiver. The decryption key is related
to the encryption key, but is not always identical to it.
• The receiver inputs the decryption key into the decryption algorithm along with the
ciphertext in order to compute the plaintext.
• Fundamentally, there are two types of cryptosystems based on the manner in which
encryption-decryption is carried out in the system Symmetric Key Encryption and
Asymmetric Key Encryption.
3.7
Computer Networks - II Cryptography and Network Security

Symmetric Key Encryption:

• The encryption process where same keys are used for encrypting and decrypting the
information is known as symmetric key encryption.
• The study of symmetric cryptosystems is referred to as symmetric cryptography.
Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems.
• A few well-known examples of symmetric key encryption methods are Digital
Encryption Standard (DES), Triple-DES (3DES), IDEA, and BLOWFISH.

Sender Secure distribution Receiver

method
Shared secret (key) Shared secret (key)

ciphertext
Plain Encrypt Decrypt Plain
text Insecure text
communication
channel

Fig. 3.7: Symmetric Key Encryption

Asymmetric Key Encryption:
• The encryption process where different keys are used for encrypting and decrypting
the information is known as Asymmetric Key Encryption.
• Though the keys are different, they are mathematically related and hence, retrieving
the plaintext by decrypting ciphertext is feasible.
Repository

Public key Public key

(Host 1) (Host 2)

Reliable
Host 1 (Sender) distribution Host 2 (Receiver)
Private key Public key channel Private key
(Host 1) (Host 2) (Host 2)

Plain Encrypt Decrypt Plain

text text

Fig. 3.8: Asymmetric Key Encryption

4. Cryptanalysis:
• The study of principles and methods of transforming ciphertext back into plaintext
without knowledge of the key is called as cryptanalysis.
• Cryptanalysis is the process of studying cryptographic systems to look for weaknesses
or leaks of information.
3.8
Computer Networks - II Cryptography and Network Security

• Cryptanalysis is the technique of decoding message from non-readable format back to

readable format by trial and error method.
• Cryptanalysis is the art of deciphering the encrypted message/data without knowing
the key used for encryption.
5. Cryptology:
• It is the combination of cryptography and cryptanalysis.
• The union/combination of cryptography and cryptanalysis is called as cryptology.
6. Encryption: (April 16, 19)
• It is the process of converting plaintext into ciphertext using key.
• Encryption is a technique of translation of data (plaintext) into a secret code
(ciphertext).
Encryption
Plaintext Ciphertext

Fig. 3.9
7. Decryption: (April 19)
• It is the process of converting cipher text into plain text using key.
• Decryption is a technique of translation of decoded data (ciphertext) into original data
(plaintext). A secret key is used for decryption.
Decryption
Ciphertext Plaintext

Fig. 3.10
• Fig. 3.11 shows the process of encryption and decryption.
• Encryption is a process of converting normal data or message into an
unreadable/encrypted form whereas Decryption is a method of converting the
unreadable/encrypted data into its original form.

Network

Plaintext Plaintext
Encryption Decryption
Ciphertext

Sender Receiver
Fig. 3.11
8. Keys:
• A key in cryptography is a piece of information, usually a string of numbers or letters
that are stored in a file, which, when processed through a cryptographic algorithm,
can encode or decode cryptographic data.

3.9
Computer Networks - II Cryptography and Network Security

• A cryptographic key is a string of bits used by a cryptographic algorithm to transform

plaintext into ciphertext or vice versa. This key remains private and ensures secure
communication.
• A key is the core part of cryptography which is a set of values (numbers) that the
cipher, as an algorithm, operates on.
• A cryptographic key is categorized according to how it will be used and what
properties it has.
• For example, a key might have one of the properties like Symmetric, Public or Private.
A key is a set of values (numbers) that the cipher, as an algorithm, operates on.
• Symmetric-key encryption uses the same cryptographic keys for both encryption of
plaintext and decryption of ciphertext.
• Asymmetric encryption uses two keys for encryption. Public key is available to anyone
while the secret key is only made available to the receiver of the message.
• The key which is known to everyone is known as the public key. The key which is not
known to everyone, which is kept as a secret, is known as a private key.
• A public key is usually used for the encryption process at the sender’s side. The private
key is used for the decryption process at the receiver side.
• In cryptography, a Pre-Shared Key (PSK) is a shared secret which was earlier shared
between the two parties using a secure channel before it is used.

3.2 SYMMETRIC KEY CRYPTOGRAPHY

• Symmetric key cryptography (or symmetric encryption) is a type of encryption
technique in which the same key is used both to encrypt and decrypt messages.

Fig. 3.12: Symmetric Cryptography

3.10
Computer Networks - II Cryptography and Network Security

• Hence, symmetric key cryptography also called as single key/secret key/shared key
cryptography.
• This key is shared between sender and receiver and known to only sender and
receiver and no one else.
• In symmetric encryption the plaintext gets encrypted and then converted to the
ciphertext using an encryption algorithm and a key.
• On reaching the intended receiver, the ciphertext gets converted back to plain text
utilizing the same key that was applied for encryption and a decryption algorithm.
The key used can be as easy as a secret number or just a string of letters.
Advantages:
1. Simple: This type of encryption is easy to carry out. All users have to do is specify
and share the secret key and then begin to encrypt and decrypt messages.
2. Fast: Symmetric key encryption is much faster than asymmetric key encryption.
3. Uses Less Computer Resources: Single-key encryption does not require a lot of
computer resources when compared to public key encryption.
4. Prevents Widespread Message Security Compromise: A different secret key is
used for communication with every different party. If a key is compromised, only
the messages between a particular pair of sender and receiver are affected.
Communications with other people are still secure.
Disadvantages:
1. Need for Secure Communication Channel for Secret Key Exchange: Sharing the
secret key in the beginning is a problem in symmetric key encryption. It has to be
exchanged in a way that ensures it remains secret.
2. Too Many Keys: A new shared key has to be generated for communication with
every different party. This creates a problem with managing and ensuring the
security of all these keys.
3. Origin and Authenticity of Message Cannot be Guaranteed: Since, both sender
and receiver use the same key, messages cannot be verified to have come from a
particular user. This may be a problem if there is a dispute.

3.2.1 Traditional Ciphers

• Traditional ciphers are called symmetric key ciphers or secret key ciphers because the
same key is used for encryption and decryption and the key can be used for
bidirectional communication.
• Fig. 3.13 shows the general idea behind a symmetric key cipher. In Fig. 3.13, an entity,
Yogita can send a message to another entity, Amar, over an insecure channel with the
assumption that an adversary, Sagar, cannot understand the contents of the message
by simply eavesdropping over the channel.
3.11
Computer Networks - II Cryptography and Network Security

• The original message from Yogita to Amar is called plaintext; the message that is sent
through the channel is called the ciphertext.
• To create the ciphertext from the plaintext, Yogita uses an encryption algorithm and a
shared secret key.
• To create the plaintext from ciphertext, Amar uses a decryption algorithm and the
same secret key.
• We refer to encryption and decryption algorithms as ciphers. A key is a set of values
(numbers) that the cipher, as an algorithm, operates on.

Fig. 3.13: General Idea behind Symmetric Key Cipher

• We can divide traditional symmetric key ciphers into two broad categories namely,
substitution ciphers and transposition ciphers.
1. Substitution Cipher: (April 16. Oct. 17)
• In a substitution cipher, each letter or group of letters are replaced by another letter or
group of letters to disguise it.
• A substitution cipher replaces one symbol with another. If the symbols in the plaintext
are alphabetic characters, we replace one character with another.
• For example, we can replace letter X with letter Y, and letter A with letter Z. If the
symbols are digits (0 to 9), we can replace 3 with 6, and 2 with 7.
• Substitution ciphers can be categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.
Monoalphabetic Cipher:
• Monoalphabetic cipher is a substitution cipher. In a monoalphabetic cipher, a
character (or a symbol) in the plaintext is always changed to the same character (or
symbol) in the ciphertext regardless of its position in the text.
• For example, if the algorithm says that letter A in the plaintext is changed to letter D,
every letter A is changed to letter D.
3.12
Computer Networks - II Cryptography and Network Security

• In monoalphabetic cipher, the relationship between letters in the plaintext and the
ciphertext is one-to-one.
• The simplest monoalphabetic cipher is the additive cipher (or shift cipher). In
cryptography, a shift cipher, also known as Caesar cipher (proposed by Julius Caesar).
The name ‘Caesar Cipher’ is occasionally used to describe the Shift Cipher when the
‘shift of three’ is used.
• In additive cipher, the plaintext, ciphertext, and key are integers in modulo 26.
Assume that the plaintext consists of lowercase letters (a to z), and that the ciphertext
consists of uppercase letters (A to Z). To be able to apply mathematical operations on
the plaintext and ciphertext, we assign numerical values to each letter (lower or
uppercase), as shown in Fig. 3.14.
• In Fig. each character (lowercase or uppercase) is assigned an integer in modulo 26.
The secret key between Yogita and Amar is also an integer in modulo 26.
• The encryption algorithm adds the key to the plaintext character; the decryption
algorithm subtracts the key from the ciphertext character. All operations are done in
modulo 26.
• The concept of shift cipher is to replace each alphabet by another alphabet which is
‘shifted’ by some fixed number between 0 and 25.

Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z

Ciphertext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Value 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Fig. 3.14
Process of Shift Cipher:
• In order to encrypt a plaintext letter, the sender positions the sliding ruler underneath
the first set of plaintext letters and slides it to LEFT by the number of positions of the
secret shift.
• The plaintext letter is then encrypted to the ciphertext letter on the sliding ruler
underneath.
• The result of this process is depicted in the following illustration for an agreed shift of
three positions. In this case, the plaintext ‘tutorial’ is encrypted to the ciphertext
‘WXWRULDO’.
• Here, is the ciphertext alphabet for a Shift of 3.

Plaintext
a b c d e f g h i j k l m n o p q r s t u v w x y z
Alphabet

Ciphertext
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Alphabet

Fig. 3.15

3.13
Computer Networks - II Cryptography and Network Security

• On receiving the ciphertext, the receiver who also knows the secret shift, positions his
sliding ruler underneath the ciphertext alphabet and slides it to RIGHT by the agreed
shift number, 3 in this case.
• He then replaces the ciphertext letter by the plaintext letter on the sliding ruler
underneath. Hence, the ciphertext ‘WXWRULDO’ is decrypted to ‘tutorial’.
• To decrypt a message encoded with a Shift of 3, generate the plaintext alphabet using a
shift of ‘-3’ as shown in Fig. 3.16.

Ciphertext
a b c d e f g h i j k l m n o p q r s t u v w x y z
Alphabet

Plaintext
x y z a b c d e f g h i j k l m n o p q r s t u v w
Alphabet

Fig. 3.16

• Caesar Cipher is not a secure cryptosystem because there are only 26 possible keys to
try out. An attacker can carry out an exhaustive key search with available limited
computing resources.
Example: By using Caesar cipher, transform the message ‘Happy birthday to you’.
Solution:
Plaintext: Happy birthday to you
Key: Character + 3
Caesar cipher: kdssb eluwkgdb wr brx
Polyalphabetic Cipher:
• Polyalphabetic cipher is a substitution cipher in which the cipher alphabet for the
plain alphabet may be different at different places during the encryption process.
• In polyalphabetic substitution, each occurrence of a character may have a different
substitute. The relationship between a character in the plaintext to a character in the
ciphertext is one-to-many.
• For example, “a” could be enciphered as “D” in the beginning of the text, but as “N” at
the middle. Polyalphabetic ciphers have the advantage of hiding the letter frequency
of the underlying language.
• To create a polyalphabetic cipher, we need to make each ciphertext character
dependent on both the corresponding plaintext character and the position of the
plaintext character in the message.
• This implies that our key should be a stream of subkeys, in which each subkey
depends somehow on the position of the plaintext character that uses that subkey for
encipherment.

3.14
Computer Networks - II Cryptography and Network Security

2. Transposition Cipher: (April 16, 17, 18, Oct. 17, 18)

• Transposition ciphers differ from substitution ciphers. Transposition ciphers do not
simply replace one alphabet with another. They also perform some permutation over
to the plaintext alphabet.
• A transposition cipher does not substitute one symbol for another, instead it changes
the location of the symbols.
• A symbol in the first position of the plaintext may appear in the tenth position of the
ciphertext.
• A symbol in the eighth position in the plaintext may appear in the first position of the
ciphertext. In other words, a transposition cipher reorders (transposes) the symbols.
• The next example is of common transposition method, the columnar transposition. In
this method, one key is used which does not contain any repeated letters.
• Columnar transposition is a transposition technique where the plaintext is first
written out in n-length rows. The key often represents a keyword of length n that
defines the plaintext ordering of columns.
• The ordering could be done by sorting the keyword letters in alphabetical order or in
any predefined order.
• Column transposition is a technique in which the message is written in the form of a
matrix, row-by-row procedure from top to bottom and left to right.
• After that, the message is read out again column by column depending on the given
key value during the encryption process. The row and column size are fixed based on
the number of letters available in the plaintext.
Example: Plaintext : Please transfer one million dollar to my swiss bank account six
two two.
Key: MEGABUCK.
Solution: Steps:
1. Write the key and give numbers to the alphabets.
2. Write the plaintext horizontally, in rows, padded to fill the matrix if the need be.
3. Write the ciphertext by columns, starting with the column whose key letter is
lowest.
M E G A B U C K
7 4 5 1 2 8 3 6
P l e a s e t r
A n s f e r o n
E m i l l i o n
D o l l a r s t
O m y s w i s s
B a n k a c c o
U n t s i x t w
O t w o a b c d
Ciphertext: AFLLSKSOSELAWAIATODSSCTCLNMOMANTESILYNTWRNNTS
OWDPAEDOBUOERIRICXB
3.15
Computer Networks - II Cryptography and Network Security

Example: Consider a plaintext : “How are you when you arrived ?” By using a key
NCBTZQARX, use transposition cipher on the plaintext.
Solution: Use transposition cipher on the plaintext.
N C B T Z Q A R X
4 3 2 7 9 5 1 6 8
H o w a R e y o u
w h e n Y o u a r
r i v e D a b c d

Ciphertext: YUBWEVOHIHWREOAOACAHEURD
• The literature divides the symmetric ciphers into two broad categories namely, stream
ciphers and block ciphers.
• In a stream cipher, encryption and decryption are done one symbol (such as a
character or a bit) at a time.
• In stream cipher, the plaintext is processed one bit at a time i.e. one bit of plaintext is
taken, and a series of operations is performed on it to generate one bit of ciphertext.
• In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted
together, creating a group of ciphertext of the same size.
• Based on the definition, in a block cipher, a single key is used to encrypt the whole
block even if the key is made of multiple values. In a block cipher, a ciphertext block
depends on the whole plaintext block.

3.2.2 Modern Ciphers

• The traditional symmetric key ciphers are character oriented ciphers. With the advent
of the computer, we need bit-oriented ciphers.
• Because the information to be encrypted is not just text; it can also consist of numbers,
graphics, audio, and video data.
• It is convenient to convert these types of data into a stream of bits, to encrypt the
stream, and then to send the encrypted stream.
• In addition, when text is treated at the bit level, each character is replaced by 8 (or 16)
bits, which means that the number of symbols becomes 8 (or 16) times larger.
• Mixing a larger number of symbols increases security. A modern block cipher can be
either a block cipher or a stream cipher.
1. Modern Block Ciphers:
• In this cipher, the plaintext is processed in blocks (groups) of bits at a time; i.e. a block
of plaintext bits is selected, a series of operations is performed on this block to
generate a block of ciphertext bits.

3.16
Computer Networks - II Cryptography and Network Security

• A symmetric key modern block cipher encrypts an n-bit block of plaintext or decrypts
an n-bit block of ciphertext. The encryption or decryption algorithm uses a k-bit key.
• The decryption algorithm must be the inverse of the encryption algorithm, and both
operations must use the same secret key so that Amar can retrieve the message sent by
Yogita.
• Fig. 3.17 (a) shows the general idea of encryption and decryption in a modern block
cipher.
• If the message has fewer than n bits, padding must be added to make it an n-bit block;
if the message has more than n bits, it should be divided into n-bit blocks and the
appropriate padding must be added to the last block if necessary. The common values
for n are 64, 128, 256, and 512 bits.

Fig. 3.17 (a): Modern Block Cipher

• Modern block ciphers normally are keyed substitution ciphers in which the key allows
only partial mappings from the possible inputs to the possible outputs.
• Modern block ciphers are substitution ciphers when seen as a whole block. However,
modern block ciphers are not designed as a single unit.
• To provide an attack-resistant cipher, a modern block cipher is made of a combination
of transposition units (sometimes called P-boxes), substitution units (sometimes called
S-boxes) and exclusive-or (XOR) operations, shifting elements, swapping elements,
splitting elements and combining elements.
• Fig. 3.17 (b) shows the components of a modern block cipher.
• A P-box (permutation box) parallels the traditional transposition cipher for
characters, but it transposes bits.
• We can find three types of P-boxes in modern block cipher namely, straight P-boxes,
expansion P-boxes, and compression P-boxes.
• An S-box (substitution box) can be thought of as a miniature substitution cipher, but
it substitutes bits.
• Unlike the traditional substitution cipher, an S-box can have a different number of
inputs and outputs.
3.17
Computer Networks - II Cryptography and Network Security

Fig. 3.17 (b): Components of a Modern Block Cipher

• An important component in most modern block ciphers is the exclusive-or (XOR)
operation, in which the output is 0 if the two inputs are the same, and the output is 1
if the two inputs are different.
• In modern block ciphers, we use n exclusive-or operations to combine an n-bit data
piece with an n-bit key. An exclusive-or operation is normally the only unit where the
key is applied.
• Another component found in some modern block ciphers is the circular shift
operation. Shifting can be to the left or to the right.
• The circular left-shift operation shifts each bit in an n-bit word k positions to the left;
the leftmost k bits are removed from the left and become the rightmost bits.
• The swap operation in modern block cipher is a special case of the circular shift
operation where the number of shifted bits k = n/2.
• Two other operations found in some modern block ciphers are split and combine. The
split operation splits an n-bit word in the middle, creating two equal-length words.
• The combine operation normally concatenates two equal-length words to create an n-
bit word.

3.18
Computer Networks - II Cryptography and Network Security

2. Modern Stream Ciphers:

• we can also use modern stream ciphers like modern block ciphers. Stream ciphers are
faster than block ciphers. Modern stream ciphers uses a block size of one bit.
• In a modern stream cipher, encryption and decryption are done r bits at a time. We
have a plaintext bit stream P = pn p2p1, a ciphertext bit stream C = cn c2c1, and a key bit
stream K = kn k2k1, in which pi , ci , and ki are r-bit words. Encryption is ci = E (ki, pi),
and decryption is pi = D (ki, ci).
• The hardware implementation of a stream cipher is also easier. When we need to
encrypt binary streams and transmit them at a constant rate, a stream cipher is the
better choice to use. Stream ciphers are also more immune to the corruption of bits
during transmission.
• The simplest and the most secure type of stream cipher is called the one-time pad,
which was invented and patented by Gilbert Vernam in 1918.
• A one-time pad cipher uses a key stream that is randomly chosen for each
encipherment. The encryption and decryption algorithms each use a single exclusive-
or operation.
• Based on properties of the exclusive-or operation, the encryption and decryption
algorithms are inverses of each other. It is important to note that in this cipher the
exclusive-or operation is used one bit at a time.
• Note also that there must be a secure channel so that Yogita can send the key stream
sequence to Amar as shown in Fig. 3.18.

Fig. 3.18: One-time Pad Cipher

3.2.3 Modern Round Ciphers

• In this section we will study modern cipher such as AES.
Data Encryption Standard (DES):
• The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
• DES is a symmetric key algorithm, which means that the same key is used for
encrypting and decrypting data.
3.19
Computer Networks - II Cryptography and Network Security

• The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption
of electronic data.
• General structure of DES is shown in Fig. 3.19. DES uses 16 rounds. The block size is
64-bit. DES is also called as Data Encryption Algorithm (DEA).
• At the encryption site, DES takes a 64-bit plaintext and creates a 64-bit ciphertext; at
the decryption site, DES takes a 64-bit ciphertext and creates a 64-bit block of plaintext.
The same 56-bit cipher key is used for both encryption and decryption.

64-bit plaintext

DES
Initial permutation

K1
Round 1
48-bit

Round-key generator
K2
Round 2
48-bit 56-bit cipher key

K16
Round 16
48-bit

Final permutation

64-bit ciphertext

Fig. 3.19: Structure of DES

• DES contains Round function, Key schedule and any additional processing − initial and
final permutation.
Initial and Final Permutation:
• The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES.
• The initial permutations takes a 64-bit input and permutes them according to a
predefined rule. The final permutation is the inverse of the initial permutation.
• The initial and final permutations are shown in Fig. 3.20.
3.20
Computer Networks - II Cryptography and Network Security

1 2 8 25 40 58 64

Initial
Permutation

1 2 8 25 40 58 64

16 Round

1 2 8 25 40 58 64

Final
Permutation

1 2 8 25 40 58 64

Fig. 3.20

DES Rounds:
• DES uses 16 rounds and each round of
DES is an invertible transformation, as
shown in Fig. 3.21.
• The round takes LI−1 and RI−1 from the
previous round (or the initial
permutation box) and creates LI and RI,
which go to the next round (or final
permutation box).
• Each round can have up to two cipher
elements (mixer and swapper). Each of
these elements is invertible. The
swapper is obviously invertible. It
swaps the left half of the text with the
right half. Fig. 3.21

3.21
Computer Networks - II Cryptography and Network Security

• The mixer is invertible because of the In

f (RI –1, KI)
XOR operation. All noninvertible
elements are collected inside the 32 bits
function f (RI−1, KI).
Expansion P-box
DES Function:
• The heart of this cipher is the DES 48 bits
function. The DES function applies a 48-
bit key to the rightmost 32 bits to XOR + KI (48 bits)
produce a 32-bit output. 48 bits
• DES function is made up of four S-Boxes
sections: an expansion P-box, an S S S S S S S S
exclusive-OR component (that adds
key), a group of S-boxes, and a straight 32 bits
P-box, as shown in Fig. 3.22.
• Expansion Permutation Box: Since Straight P-box
right input is 32-bit and round key is a
32 bits
48-bit, we first need to expand right
input to 48 bits. Permutation logic is
graphically shown in the Fig. 3.23. Out

Fig. 3.22

From bit 32 From bit 1

32-bit input

Fig. 3.23
• The graphically depicted permutation logic is generally described as table in DES
specification illustrated as shown in Fig. 3.24.

32 01 02 03 04 05
04 05 06 07 08 09
08 09 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 31 31 32 01
Fig. 3.24
3.22
Computer Networks - II Cryptography and Network Security

• XOR (Whitener): After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this
operation.
• Substitution Boxes: The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output, (See Fig. 3.25).
48-bit input

Array of S-Boxes

S-Box S-Box S-Box S-Box S-Box S-Box S-Box S-Box

32-bit output

Fig. 3.25

• The S-box rule is illustrated in Fig. 3.26.

bit 1 bit 2 bit 3 bit 4 bit 5 bit 6

01 2 3 15
0
1
2
3
Table
entry

S-box

bit 1 bit 2 bit 3 bit 4

Fig. 3.26

• There are a total of eight S-box tables. The output of all eight s-boxes is then combined
in to 32 bit section.
• Straight Permutation: The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in Fig. 3.27.

3.23
Computer Networks - II Cryptography and Network Security

16 07 20 21 29 12 28 17
01 15 23 26 05 18 31 10
02 08 24 14 32 27 03 09
19 13 30 06 22 11 04 25
Fig. 3.27
Key Generation:
• The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
• The process of key generation is depicted in the Fig. 3.28.

Fig. 3.28
• Consequently two main variations of DES have emerged, which are Double DES and
Triple DES.
1. In double DES, two symmetric keys were used for encryption and decryption,
however double DES also had some limitations. With regard to this context, triple
DES was introduced in the year 1999 by a team led by Walter Tuchman who was
working at IBM.
2. Triple DES resolved all the limitations of double DES by using three symmetric
keys as well as two symmetric keys. Moreover, triple DES is extensively used in
many of the Internet protocols in today's environment.

3.2.4 Block Cipher Modes of Operation

• In this section, we will discuss the different modes of operation of a block cipher.
These are procedural rules for a generic block cipher.
• Interestingly, the different modes result in different properties being achieved which
add to the security of the underlying block cipher. A block cipher processes the data
blocks of fixed size.
• Usually, the size of a message is larger than the block size. Hence, the long message is
divided into a series of sequential message blocks, and the cipher operates on these
blocks one at a time.
Electronic Code Book (ECB) Mode:
• This mode is a most straightforward way of processing a series of sequentially listed
message blocks.

3.24
Computer Networks - II Cryptography and Network Security

Operation:
o The user takes the first block of plaintext and encrypts it with the key to produce
the first block of ciphertext.
o He then takes the second block of plaintext and follows the same process with
same key and so on so forth.
• The ECB mode is deterministic, that is, if plaintext block P1, P2, …, Pm are encrypted
twice under the same key, the output ciphertext blocks will be the same.
• In fact, for a given key technically we can create a codebook of ciphertexts for all
possible plaintext blocks. Encryption would then entail only looking up for required
plaintext and select the corresponding ciphertext.
• Thus, the operation is analogous to the assignment of code words in a codebook, and
hence gets an official name − Electronic Codebook mode of operation (ECB). It is
illustrated in Fig. 3.29.
Plaintext (P1) Plaintext (P2) Ciphrtext (C1) Ciphrtext (C2)

C1,C2
Block cipher Key Block cipher Key Block cipher Block cipher
Key Key
encryption encryption decryption decryption

Ciphertext (C1) Ciphertext (C2) Plaintext (P1) Plaintext (P2)

Fig. 3.29
Analysis of ECB Mode:
• In reality, any application data usually have partial information which can be
guessed. For example, the range of salary can be guessed. A ciphertext from ECB can
allow an attacker to guess the plaintext by trial-and-error if the plaintext message is
within predictable.
• For example, if a ciphertext from the ECB mode is known to encrypt a salary figure,
then a small number of trials will allow an attacker to recover the figure.
• In general, we do not wish to use a deterministic cipher, and hence the ECB mode
should not be used in most applications.
Cipher Block Chaining (CBC) Mode:
• CBC mode of operation provides message dependence for generating ciphertext and
makes the system non-deterministic.
Operation:
• The operation of CBC mode is depicted in the following illustration. The steps are as
follows:
o Load the n-bit Initialization Vector (IV) in the top register.

3.25
Computer Networks - II Cryptography and Network Security

o XOR the n-bit plaintext block with data value in top register.
o Encrypt the result of XOR operation with under-lying block cipher with key K.
o Feed ciphertext block into top register and continue the operation till all plain-text
blocks are processed.
o For decryption, IV data is XORed with first ciphertext block decrypted. The first
ciphertext block is also fed into to register replacing IV for decrypting next
ciphertext block.

Fig. 3.30
Analysis of CBC Mode:
• In CBC mode, the current plaintext block is added to the previous ciphertext block,
and then the result is encrypted with the key.
• Decryption is thus the reverse process, which involves decrypting the current
ciphertext and then adding the previous ciphertext block to the result.
• Advantage of CBC over ECB is that changing IV results in different ciphertext for
identical message. On the drawback side, the error in transmission gets propagated to
few further block during decryption due to chaining effect.
• It is worth mentioning that CBC mode forms the basis for a well-known data origin
authentication mechanism. Thus, it has an advantage for those applications that
require both symmetric encryption and data origin authentication.
Cipher Feedback (CFB) Mode:
• In this mode, each ciphertext block gets ‘fed back’ into the encryption process in order
to encrypt the next plaintext block.
Operation:
• The operation of CFB mode is depicted in the following illustration. For example, in
the present system, a message block has a size ‘s’ bits where 1 < s < n.
• The CFB mode requires an initialization vector (IV) as the initial random n-bit input
block. The IV need not be secret.
• Steps of operation are given below:
o Load the IV in the top register.
o Encrypt the data value in top register with underlying block cipher with key K.
3.26
Computer Networks - II Cryptography and Network Security

o Take only ‘s’ number of most significant bits (left bits) of output of encryption
process and XOR them with ‘s’ bit plaintext message block to generate ciphertext
block.
o Feed ciphertext block into top register by shifting already present data to the left
and continue the operation till all plaintext blocks are processed.
o Essentially, the previous ciphertext block is encrypted with the key, and then the
result is XORed to the current plaintext block.
o Similar steps are followed for decryption. Pre-decided IV is initially loaded at the
start of decryption.

Fig. 3.31

Analysis of CFB Mode:

• CFB mode differs significantly from ECB mode, the ciphertext corresponding to a
given plaintext block depends not just on that plaintext block and the key, but also on
the previous ciphertext block. In other words, the ciphertext block is dependent of
message.
• CFB has a very strange feature. In this mode, user decrypts the ciphertext using only
the encryption process of the block cipher. The decryption algorithm of the
underlying block cipher is never used.
• Apparently, CFB mode is converting a block cipher into a type of stream cipher. The
encryption algorithm is used as a key-stream generator to produce key-stream that is
placed in the bottom register. This key stream is then XORed with the plaintext as in
case of stream cipher.
• By converting a block cipher into a stream cipher, CFB mode provides some of the
advantageous properties of a stream cipher while retaining the advantageous
properties of a block cipher.
• On the flip side, the error of transmission gets propagated due to changing of blocks.

3.27
Computer Networks - II Cryptography and Network Security

Output Feedback (OFB) Mode:

• It involves feeding the successive output blocks from the underlying block cipher back
to it. These feedback blocks provide string of bits to feed the encryption algorithm
which act as the key-stream generator as in case of CFB mode.
• The key stream generated is XORed with the plaintext blocks. The OFB mode requires
an IV as the initial random n-bit input block. The IV need not be secret.
• The operation is depicted in the Fig. 3.32.

Fig. 3.32

Counter (CTR) Mode:

• It can be considered as a counter-based version of CFB mode without the feedback.
• In this mode, both the sender and receiver need to access to a reliable counter, which
computes a new shared value each time a ciphertext block is exchanged. This shared
counter is not necessarily a secret value, but challenge is that both sides must keep the
counter synchronized.
Operation:
• Both encryption and decryption in CTR mode are depicted in the following
illustration. Steps in operation are:
o Load the initial counter value in the top register is the same for both the sender
and the receiver. It plays the same role as the IV in CFB (and CBC) mode.
o Encrypt the contents of the counter with the key and place the result in the bottom
register.
o Take the first plaintext block P1 and XOR this to the contents of the bottom
register. The result of this is C1. Send C1 to the receiver and update the counter.
The counter update replaces the ciphertext feedback in CFB mode.
o Continue in this manner until the last plaintext block has been encrypted.

3.28
Computer Networks - II Cryptography and Network Security

o The decryption is the reverse process. The ciphertext block is XORed with the
output of encrypted contents of counter value. After decryption of each ciphertext
block counter is updated as in case of encryption.

Fig. 3.33

Analysis of Counter Mode:

• It does not have message dependency and hence a ciphertext block does not depend
on the previous plaintext blocks.
• Like CFB mode, CTR mode does not involve the decryption process of the block cipher.
This is because the CTR mode is really using the block cipher to generate a key-stream,
which is encrypted using the XOR function. In other words, CTR mode also converts a
block cipher to a stream cipher.
• The serious disadvantage of CTR mode is that it requires a synchronous counter at
sender and receiver. Loss of synchronization leads to incorrect recovery of plaintext.
• However, CTR mode has almost all advantages of CFB mode. In addition, it does not
propagate error of transmission at all.

3.3 ASYMMETRIC KEY CRYPTOGRAPHY

• Asymmetric Encryption also called as Public Key Cryptography and it uses two
different keys - a public key used for encryption and a private key used for decryption.
• This encryption technique utilizes a pair of keys (a public key and a private key) for
the encryption and decryption processes. The public key is normally used for
encryption while the private key is applied for decryption of the message.
• Whereas, the public key can be made freely available to any person who might be
interested in sending a message, the private key remains a secret well kept by the
receiver of the message.
• A message encrypted using a public key and an algorithm will be decrypted using the
same algorithm plus a matching private key that corresponds to the public key used.
3.29
Computer Networks - II Cryptography and Network Security

Fig. 3.34: Asymmetric Key Cryptography

Advantages:
1. Convenience: It solves the problem of distributing the key for encryption.
Everyone publishes their public keys and private keys are kept secret.
2. Provides for Message Authentication: Public key encryption allows the use of
digital signatures which enables the recipient of a message to verify that the
message is truly from a particular sender.
3. Detection of Tampering: The use of digital signatures in public key encryption
allows the receiver to detect if the message was altered in transit. A digitally signed
message cannot be modified without invalidating the signature.
4. Provide for Non-Repudiation: Digitally signing a message is similar to physically
signing a document. It is an acknowledgement of the message and thus the sender
cannot deny it.
Disadvantages:
1. Public Keys should/must be Authenticated: No one can be absolutely sure that a
public key belongs to the person it specifies and so everyone must verify that their
public keys belong to them.
2. Slow: Public key encryption is slow compared to symmetric encryption. Not
feasible for use in decrypting bulk messages.
3. Uses more Computer Resources: It requires a lot more computer supplies
compared to single­ key encryption.
4. Loss of Private key may be Irreparable: The loss of a private key means that all
received messages cannot be decrypted.

3.30
Computer Networks - II Cryptography and Network Security

Comparison between Symmetric Key Cryptography and Asymmetric Key

Cryptography:

Sr.
Symmetric Key Cryptography Asymmetric Key Cryptography
No.
1. It uses a single key (secret key) for both It uses two different keys public key for
encryption and decryption of data. encryption and private key for
decryption.
2. Both the communicating parties share Both the communicating parties should
the same algorithm and the key. have at least one of the matched pair of
keys.
3. The processes of encryption and The encryption and decryption processes
decryption are very fast. are slower.
4. Key distribution is a big problem. Key distribution is not a problem.
5. The size of encrypted text is usually The size of encrypted text is usually more
same or less than the original text. than the size of the original text.
6. Based on substitution and permutation Based on applying mathematical
of symbols (characters or bits). functions to numbers.
7. It can only be used for confidentiality, It can be used for confidentiality of data
i.e., only for encryption and decryption as well as for integrity and non-
of data. repudiation checks (i.e., far digital
signatures).
8. DES and AES are the commonly used The most commonly used asymmetric-
symmetric-encryption algorithms. encryption algorithm is RSA.

3.3.1 RSA Encryption Algorithm

• RSA is an encryption algorithm, used to securely transmit messages over the internet.
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is
widely used for secure data transmission.
• In such a cryptosystem, the encryption key is public and it is different from the
decryption key which is kept secret (private).
• In RSA, this asymmetry is based on the practical difficulty of the factorization of the
product of two large prime numbers, the "factoring problem".
• RSA cryptography (the RSA algorithm to be exact) is the most ubiquitous asymmetric
encryption algorithm in the world.
• The RSA algorithm is the basis of a cryptosystem - a suite of cryptographic algorithms
that are used for specific security services or purposes - which enables public key

3.31
Computer Networks - II Cryptography and Network Security

encryption and is widely used to secure sensitive data, particularly when it is being
sent over an insecure network such as the internet.
• We will see two aspects of the RSA cryptosystem, firstly generation of key pair and
secondly encryption-decryption algorithms.
1. Generation of RSA Key Pair:
• Each person or a party who desires to participate in communication using encryption
needs to generate a pair of keys, namely public key and private key.
• The process followed in the generation of keys is described below:
o Generate the RSA Modulus (n):
Select two large primes, p and q.
Calculate n=p*q. For strong unbreakable encryption, let n be a large number,
typically a minimum of 512 bits.
o Find Derived Number (e):
Number e must be greater than 1 and less than (p − 1) (q − 1).
There must be no common factor for e and (p − 1) (q − 1) except for 1. In other
words two numbers e and (p – 1) (q – 1) are coprime.
o Form the Public Key:
The pair of numbers (n, e) form the RSA public key and is made public.
Interestingly, though n is part of the public key, difficulty in factorizing a large
prime number ensures that attacker cannot find in finite time the two primes
(p and q) used to obtain n. This is strength of RSA.
o Generate the Private Key:
Private Key d is calculated from p, q, and e. For given n and e, there is unique
number d.
Number d is the inverse of e modulo (p − 1) (q – 1). This means that d is the
number less than (p − 1) (q − 1) such that when multiplied by e, it is equal to 1
modulo (p − 1) (q − 1).
This relationship is written mathematically as follows:
d
e = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as
output.
Example:
• An example of generating RSA Key pair is given below. (For ease of understanding,
the primes p and q taken here are small values. Practically, these values are very
high).

3.32
Computer Networks - II Cryptography and Network Security

o Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 × 13 = 91.

o Select e = 5, which is a valid choice since there is no number that is common factor
of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
o The pair of numbers (n, e) = (91, 5) forms the public key and can be made
available to anyone whom we wish to be able to send us encrypted messages.
o Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will
be d = 29.
o Check that the d calculated is correct by computing:
e
d = 29 × 5 = 145 = 1 mod 72
Hence, public key is (91, 5) and private keys is (91, 29).
2. Encryption and Decryption:
• Once the key pair has been generated, the process of encryption and decryption are
relatively straightforward and computationally easy.
• Interestingly, RSA does not directly operate on strings of bits as in case of symmetric
key encryption. It operates on numbers modulo n. Hence, it is necessary to represent
the plaintext as a series of numbers less than n.
RSA Encryption:
• Suppose the sender wish to send some text message to someone whose public key is
(n, e). The sender then represents the plaintext as a series of numbers less than n.
• To encrypt the first plaintext P, which is a number modulo n. The encryption process
is simple mathematical step as:
e
C = P mod n
• In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times
and then reduced modulo n. This means that C is also a number less than n.
• Returning to our Key Generation example with plaintext P = 10, we get ciphertext C:
5
C = 10 mod 91
RSA Decryption:
• The decryption process for RSA is also very straightforward. Suppose that the receiver
of public-key pair (n, e) has received a ciphertext C.
• Receiver raises C to the power of his private key d. The result modulo n will be the
plaintext P.
d
Plaintext = C mod n
• Returning again to our numerical example, the ciphertext C = 82 would get decrypted
to number 10 using private key 29.
29
Plaintext = 82 mod 91 = 10

3.33
Computer Networks - II Cryptography and Network Security

• Fig. 3.35 shows the general idea behind the procedure used in RSA.

Fig. 3.35: Encryption, Decryption, and Key Generation in RSA

RSA Analysis:
• The security of RSA depends on the strengths of two separate functions. The RSA
cryptosystem is most popular public-key cryptosystem strength of which is based on
the practical difficulty of factoring the very large numbers.
o Encryption Function: It is considered as a one-way function of converting
plaintext into ciphertext and it can be reversed only with the knowledge of private
key d.
o Key Generation: The difficulty of determining a private key from an RSA public
key is equivalent to factoring the modulus n. An attacker thus cannot use
knowledge of an RSA public key to determine an RSA private key unless he can
factor n. It is also a one way function, going from p and q values to modulus n is
easy but reverse is not possible.
• If either of these two functions are proved non one-way, then RSA will be broken. In
fact, if a technique for factoring efficiently is developed then RSA will no longer be
safe.
• The strength of RSA encryption drastically goes down against attacks if the number p
and q are not large primes and/ or chosen public key e is a small number.

3.4 SECURITY SERVICES

• Security is a fundamental component of every network design. When planning,
building, and operating a network, you should understand the importance of a strong
security policy.
• Network security consists of the policies adopted to prevent and monitor authorized
access, misuse, modification, or denial of a computer network and network-accessible
resources.
3.34
Computer Networks - II Cryptography and Network Security

• Network security involves the authorization of access to data in a network, which is

controlled by the network administrator.
• Network security can provide one of the five services as illustrated in Fig. 3.36.
• Four of these network security services are related to the message exchanged i.e.,
message confidentiality, integrity, authentication, and non-repudiation. The fifth
service of network security provides entity authentication or identification.

Fig. 3.36: Network Security Services

• Fig. 3.36 Shows following types of services:

1. Confidentiality: The principle of confidentiality specifies that only the sender and
the intended recipient(s) should be able to access the content of a message.
Example of compromising the confidentiality is shown in Fig 3.37. In this example
a confidential email message sent by A to B which is accessed by C, without the
permission or knowledge of A and B. This type of attack is called as interception.

A Server B

Fig. 3.37: Loss of Confidentiality

2. Integrity: When the contents of a message are changed after the sender sends it,
but before it reaches the intended recipient, the integrity of a message is lost. This
type of attack is called as modification.

3.35
Computer Networks - II Cryptography and Network Security

Ideal route of
the message
A B

Transfer Transfer
Actual route of
$ 100 $ 1000
the message
to D to C
C

Fig. 3.38: Loss of Integrity

3. Authentication: Authentication mechanism help establish proof of identities. The
authentication process ensures that the origin of an electronic message or
document is correctly identified. For example, consider user C, posing as user A,
sending a funds transfer request( from A’s account to C’s account) to bank B. The
bank may transfer the funds from A’s account to C’s account, thinking that user A
has requested for the fund transfer. This type of attack is called as fabrication.

A I am B
User A

Fig. 3.39: Absence of Authentication

4. Non-repudiation: There are situations where a user sends a message, and later on
refuses that he/she sent that message. Consider user A send a funds transfer
request to bank B. After the bank performs the funds transfer as per A’s
instructions, A could claim that he never sent funds transfer instructions to bank.
Thus A denies funds transfer instruction. The principle of non-repudiation defeats
such possibilities of denying something, having done it.
5. Entity (User) Authentication: In entity authentication or user authentication the
entity or user is verified prior to access the system resources. Consider user A
want to access his bank account needs to be authenticated during the logging
process.
3.4.1 Message Confidentiality
• To achieve the message confidentiality or privacy one technique is used from
thousands of years, i.e. encryption.

3.36
Computer Networks - II Cryptography and Network Security

• In technical terms, the process of encoding plain text message into cipher text message
is called encryption.
Hello Amar Ifmmp Prachi

Plain text Encrypt Cipher text

Fig. 3.40: Encryption
• The reverse process of transforming cipher text message back to plain text messages is
called decryption.
Ifmmp Prachi Hello Amar

Cipher text Decrypt Plain text

Fig. 3.41: Decryption
• In communication a plain text signifies a message that can be understood by the
sender, the recipient, and also by anyone else who gets an access to that message.
Sender Receiver

Hello Amar Hello Amar

Plain text Plain text

Encrypt Decrypt

Cipher text Cipher text

Ifmmp Prachi Internet Ifmmp Prachi

Fig. 3.42: Encryption and decryption in the real world

• When a plain text message is codified using any suitable scheme, the resulting
message is called as cipher text.
• The message must be encrypted at the sender site and decrypted at the receiver site.
This can be done using either symmetric-key cryptography or asymmetric-key
cryptography.
Confidentiality with Symmetric Key Cryptography:
• As we know, to achieve encryption we can use symmetric key or asymmetric key
cryptography.
• In symmetric key cryptography, same key is used by sender for encryption and by
receiver for decryption respectively. Here sender and receiver needs to share a secrete
symmetric key.
• In the past when data exchange was between two specific persons, it was possible to
personally exchange the secret keys.
3.37
Computer Networks - II Cryptography and Network Security

• But now a days, communication by using computers and users seating at two different
locations in the world, exchanging a key personally becomes highly impossible.
• A solution is required for key sharing. This can done using a session key. A session key
is one that is used only for the duration of one session. This session key is exchanged
using asymmetric key cryptography.
• Fig. 3.43 shows the use of session symmetric key for sending confidential message
from Amar to Bhushan and vice versa.
• In the Fig. 3.43 one shared key is used in both directions. But using two different keys
for each direction is more secured.
• For long message, symmetric key cryptography is very fast and more efficient than
asymmetric key cryptography.
• Fig. 3.43 shows the use of a session symmetric key for sending confidential messages
from Amar to Bhushan and vice versa.

Shared keys
Amar Bhushan

Plaintext Ciphertext Plaintext

Encryption Decryption
Data flow

(a) A Shared Secret Key can be used in Amar-Bhushan Communication

Shared keys
Amar Bhushan

Plaintext Ciphertext Plaintext

Decryption Encryption
Data flow

(b) A different Shared Secret key is recommended in Bhushan-Amar communication

Fig. 3.43
Confidentiality with Asymmetric Key Cryptography:
• Symmetric key cryptography is fast and efficient. However it suffers from a big
disadvantage of the problem of key exchange.
• Asymmetric key cryptography solve this problem. Here, each communicating party
uses two keys to form a key pair. One key (the private key) remains with the party,
and the other key (the public key) is shared with everybody by announcing it
publically.
3.38
Computer Networks - II Cryptography and Network Security

• One key is used for encryption and only the other corresponding key must be used for
decryption. No other key can decrypt the message, not even the original key used for
encryption.
• Consider, Amar and Bhushan wants to do secure communication by using asymmetric
key cryptography. Both of them needs a pair of key. Public key, known to all and
private key known to themselves only.
• Asymmetric key cryptography works as follows:
1. When Amar wants to send a message to Bhushan, he encrypts the message using
Bhushan’s public key. This is possible because Amar knows Bhushan’s public key.
2. Amar sends encrypted message to Bhushan.
3. Bhushan decrypts Amar’s message by using his own private key, which is known
to him only.
4. Similarly Bhushan can send a message to Amar, exactly reverse step take place.
• Fig. 3.44 message confidentiality using asymmetric keys.

Bhushan's
key

Amar Bhushan

Plaintext Ciphertext Plaintext

Encryption Decryption
Data flow

(a) Bhushan's Keys are used in Amar-Bhushan Communication

Amar's
key

Amar Bhushan

Plaintext Ciphertext Plaintext

Decryption Encryption
Data flow

(b) Amar's Keys are used in Bhushan-Amar Communication

Fig. 3.44

3.39
Computer Networks - II Cryptography and Network Security

3.4.2 Message Integrity

• Message integrity means that the data must arrive at the receiver exactly as it was
sent. There must be no changes of modifications in the data content during
transmission, either maliciously or accident, in a transit.
Message and Message Digest:
• Message integrity describes the concept of ensuring that data has not been modified or
altered in transit.
• One way to preserve the integrity of a document is through the use of a fingerprint. If
Yogita needs to be sure that the contents of her document will not be changed, she can
put her fingerprint at the bottom of the document.
• Sagar cannot modify the contents of this document or create a false document because
she cannot forge Yogita’s fingerprint.
• To ensure that the document has not been changed, Yogita’s fingerprint on the
document can be compared to Yogita’s fingerprint on file.
• If they are not the same, the document is not from Yogita. The electronic equivalent of
the document and fingerprint pair is the message and digest pair.
• To preserve the integrity of a message, the message is passed through an algorithm
called a cryptographic hash function.
• The hash function creates a compressed image of the message, called a digest, which
can be used like a fingerprint. Message digest ensures the integrity of the document.
• To check the integrity of a message, or document, Amar runs the cryptographic hash
function again and compares the new digest with the previous one.
• If both are the same, Amar is sure that the original message has not been changed.
Fig. 3.45 shows the idea of message and digest.
• Message digest is used to ensure the integrity of a message transmitted over an
insecure channel (where the content of the message can be changed).

Fig. 3.45
3.40
Computer Networks - II Cryptography and Network Security

• The two pairs (document/fingerprint) and (message/message digest) are similar, with
some differences. The document and fingerprint are physically linked together.
• The message and message digest can be unlinked (or sent separately), and, most
importantly, the message digest needs to be safe from change.
Hash Functions:
• A cryptographic hash function takes a message of arbitrary length and creates a
message digest of fixed length.
• All cryptographic hash functions need to create a fixed-size digest out of a variable-
size message. Creating such a function is best accomplished using iteration.
• Instead of using a hash function with variable-size input, a function with fixed-size
input is created and is used a necessary number of times.
• The fixed-size input function is referred to as a compression function. It compresses
an n-bit string to create an m-bit string where n is normally greater than m. The
scheme is referred to as an iterated cryptographic hash function.
• Values returned by a hash function are called message digest or simply hash values.
The Fig. 3.46 shows hash function.

Fig. 3.46
• Several hash algorithms were designed by Ron Rivest and referred to as MD2, MD4,
and MD5, where MD stands for Message Digest.
• The last version, MD5, is a strengthened version of MD4 that divides the message into
blocks of 512 bits and creates a 128-bit digest. It turns out that a message digest of size
128 bits is too small to resist attack.
• MD5 digests have been widely used in the software world to provide assurance about
integrity of transferred file.
• For example, file servers often provide a pre-computed MD5 checksum for the files, so
that a user can compare the checksum of the downloaded file to it.
• The Secure Hash Algorithm (SHA) is a standard that was developed by the National
Institute of Standards and Technology (NIST). SHA has gone through several versions
like SHA-0, SHA-1, SHA-2, and SHA-3.
3.41
Computer Networks - II Cryptography and Network Security

3.4.3 Message Authentication

• A digest can be used to check the integrity of a message means the message has not
been changed/altered/modified.
• To ensure the integrity of the message and the data origin authentication - that Yogita
is the originator of the message, not somebody else - we need to include a secret held
by Yogita (that Sagar does not possess) in the process; we need to create a Message
Authentication Code (MAC).
• MAC provides message integrity and message authentication using a combination of a
hash function and a secret key.
Message Authentication Code (MAC):
• A MAC is a cryptographic checksum on data that uses a session key to detect both
accidental and intentional modifications of the data.
• MAC algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a
symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the underlying message
that is sent along with a message to ensure message authentication.
• In MAC, sender and receiver share same key where sender generates a fixed size
output called cryptographic checksum or MAC and appends it to the original message.
• On receiver’s side, receiver also generates the code and compares it with what he/she
received thus ensuring the originality of the message.
• MAC is a short piece of information used to authenticate a message in other words, to
confirm that the message came from the stated sender (its authenticity) and has not
been changed.
• The MAC value protects a message's data integrity, as well as its authenticity, by
allowing verifiers (who also possess the secret key) to detect any changes to the
message content.
• The process of using MAC for authentication is shown in Fig. 3.47.
• Yogita uses a hash function to create a MAC from the concatenation of the key and the
message, h(K + M). She sends the message and the MAC to Bob over the insecure
channel.
• Amar separates the message from the MAC. He then makes a new MAC from the
concatenation of the message and the secret key.
• Amar then compares the newly created MAC with the one received. If the two MACs
match, the message is authentic and has not been modified by an adversary.

3.42
Computer Networks - II Cryptography and Network Security

Fig. 3.47: Concept of MAC

Hashed Message Authentication Code (HMAC):
• NIST has issued a standard for a nested MAC that is often referred to as HMAC (hashed
MAC). The implementation of HMAC is much more complex than the simplified MAC.
• As with any MAC, it may be used to simultaneously verify both the data integrity and
the authenticity of a message.
• HMAC can provide message authentication using a shared secret instead of
using digital signatures with asymmetric cryptography.
• HMAC is a hash function created using a Shared Secret key. Since, HMAC is created
using shared secret, a hacker cannot alter the data and create new HMAC hash in-
between the transmission.
• The HMAC can be used to verify the integrity and authenticity of data transmissions.

3.4.4 Digital Signature

• The digital signature is a technique which is used to validate the authentication and
integrity of the message.
• Digital signatures are used to identify the originator of network transactions and to
ensure the integrity of the signed data against tampering or corruption.
• Digital signatures allow us to verify the author, date and time of signatures,
authenticate the message contents.
• A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software or digital document.
• A digital signature is an electronic version of a paper signature. Once, a document or
transaction is digitally signed it means that it has legal stand.
• A digital signature uses a pair of private-public keys. Fig. 3.48 shows the digital
signature process.
• The sender uses a signing algorithm to sign the message. The message and the
signature are sent to the receiver.
3.43
Computer Networks - II Cryptography and Network Security

• The receiver receives the message and the signature and applies the verifying
algorithm to the combination. If the result is true, the message is accepted; otherwise,
it is rejected.
• A conventional signature is like a private “key” belonging to the signer of the
document. The signer uses it to sign documents; no one else has this signature.
• The copy of the signature on file is like a public key; anyone can use it to verify a
document, to compare it to the original signature.
• In a digital signature, the signer uses her private key, applied to a signing algorithm, to
sign the document. The verifier, on the other hand, uses the public key of the signer,
applied to the verifying algorithm, to verify the document.

Fig. 3.48: Process of Digital Signature

• A digital signature needs a public-key system. The signer signs with her private key;
the verifier verifies with the signer’s public key.
• A cryptosystem uses the private and public keys of the receiver while a digital
signature uses the private and public keys of the sender.
• The sender can sign the message digest and the receiver can verify the message digest.
The effect is the same. Fig. 3.49 shows signing a digest in a digital signature system.
• A digest is made out of the message at Yogita’s site. The digest then goes through the
signing process using Yogita’s private key. Yogita then sends the message and the
signature to Amar.
• At Amar’s site, using the same public hash function, a digest is first created out of the
received message. The verifying process is applied. If authentic, the message is
accepted; otherwise, it is rejected.

Fig. 3.49
3.44
Computer Networks - II Cryptography and Network Security

Services of Digital Signature (DS):

• Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.
• A digital signature can directly provide services like message authentication, message
integrity, and nonrepudiation, for message confidentiality we still need
encryption/decryption.
1. Message Authentication: A secure digital signature scheme, like a secure
conventional signature (one that cannot be easily copied) can provide message
authentication (also referred to as data-origin authentication). Amar can verify
that the message is sent by Yogita because Yogita’s public key is used in
verification. Yogita’s public key cannot verify the signature signed by Sagar’s
private key.
2. Message Integrity: The integrity of the message is preserved even if we sign the
whole message because we cannot get the same signature if the message is
changed. The digital signature schemes today use a hash function in the signing
and verifying algorithms that preserves the integrity of the message.
3. Nonrepudiation: In this service DS uses trusted third party can prevent Yogita
from denying that she sent the message.
4. Confidentiality: A digital signature does not provide confidential communication.
If confidentiality is required, the message and the signature must be encrypted
using either a secret-key or public-key cryptosystem.
Working of Digital Signature (DS):
• It consist of following two processes:
1. Digital signature creation, (performed by sender).
2. Digital signature verification, (performed by receiver).
• Digital certificate is a data with digital signature from one trusted Certification
Authority, (CA). This data contain:
1. Who owns the certificate?
2. Who signs this certificate?
3. The expiry data.
4. User name and e-mail address.
• CA (Certification Authority) is trusted agent who certifies public keys for general use.
User has to decide which CAs can be trusted.
1. Creation of Digital Signature: Signature is created by sender. Message Digest
(MD) is extracted from message using hash function. MD is encrypted using private
key of sender and we get the digital signature.
2. Digital Signature Verification: It is the process of checking the digital signature
by reference to the original message and a given public key. Hence, determining
whether the digital signature was created for the same message using private key
that corresponds to the referenced public key.
3.45
Computer Networks - II Cryptography and Network Security

Fig. 3.50
RSA Digital Signature Scheme:
• The RSA idea can also be used for signing and verifying a message. In this case, it is
called the RSA digital signature scheme.
• In the RSA scheme in which the signing and verifying is done on the digest of the
message instead of the message itself.
Digital Signature Standards (DSS):
• DSS was developed for performing digital signature. DSS uses digital signature
algorithm. DSS make use of SHA-1 algorithm for Calculating message digest. Hash
function is used to generate MD.
• MD is given input to DSA to generate digital signature. Digital signature sent to the
verifier along with the massage.
• Verifier then verifies signature by using sender’s public key. Same hash function is
used in the verification process.

Fig. 3.51: DSS Approach

3.46
Computer Networks - II Cryptography and Network Security

Where,
M : Message. s : Signature.
k
H : Hash function. r : (g mod p)mod q (key pair).
Sig : Signature. PUa : Public key of sender.
PRa : Private key of sender. Ver : Verification function.
PUG : Set of global public key. Compare : Compare function.
• DSS is a standard and DSA is actual algorithm. DSA provide capability to generate and
verify signature.
• Signature generation makes use of private key to generate digital signature. Signature
verification makes use of public key which corresponds to, but is not the same as the
private key.
• Each user possesses a private and public key pair. Anyone can verify the signature of
user by employing that user’s public key.
Advantages of DS:
1. Speed: In business no longer have to wait for paper document to be sent by
couriers using DS contracts are easily written completed and signed by all
concerned parties in less time.
2. Cost: Postal or courier service for paper document is much more expensive as
compared using DS.
3. Security: Use of DS and electronic document reduces risk of document being
intercepted read, destroyed.
4. Authenticity: An electronic document signed with DS can stand up in court just as
well as any other signed paper document
5. Non-Republication: DS identifies us as the signatory and later that cannot be
denied.
6. Tracking: Digitally signed document can be easily tracked and located in short
amount of time.
Disadvantages of DS:
1. The private key must be kept in secure manner.
2. The process of generation and verification of digital signature requires
considerable amount of time.
3. Although digital signature provides the authenticity, it does not ensure secrecy of
the data.
4. For using the digital signature the user has to obtain private & public key, the
receiver has to obtain the digital signature certificate also.

3.47
Computer Networks - II Cryptography and Network Security

3.4.5 Entity Authentication

• Entity authentication is a technique designed to let one party prove the identity of
another party. An entity can be a process, a client, or a server.
• The entity whose identity needs to be proved is called the claimant; the party that tries
to prove the identity of the claimant is called the verifier.
• Entity authentication is the process by which one entity (the verifier) is assured of the
identity of a second entity (the claimant).
Entity Authentication versus Message Authentication:
• Message authentication might not happen in real time; entity authentication does.
• Message authentication simply authenticates one message; the process needs to be
repeated for each new message. Entity authentication authenticates the claimant for
the entire duration of a session.
• Message authentication (or data origin authentication) is the assurance that a given
entity was the original source of the received data.
• Entity authentication (or user authentication) is the assurance that a given entity is
involved and currently active in a session.
Verification Categories:
• In entity authentication, the claimant must identify herself to the verifier. This can be
done with one of the following three kinds of witnesses:
1. Something known is a secret known only by the claimant that can be checked by
the verifier. Examples are a password, a PIN, a secret key, and a private key.
2. Something possessed is something that can prove the claimant’s identity.
Examples are a passport, a driver’s license, an identification card, a credit card,
and a smart card.
3. Something inherent is an inherent characteristic of the claimant. Examples are
conventional signatures, fingerprints, voice, facial characteristics, retinal pattern,
and handwriting.
Passwords:
• Passwords are the most common method of authentication. Password consists of a
string of characters to gain access to resources.
• The simplest and oldest method of entity authentication is the use of a password,
which is something that the claimant knows.
• A password is used when a user needs to access a system for using the system’s
resources (login). Each user has a user identification that is public, and a password
that is private.

3.48
Computer Networks - II Cryptography and Network Security

• Passwords, however, are very prone to attack. A password can be stolen, intercepted,
guessed, and so on.
Challenge-Response:
• In password authentication, the claimant proves her identity by demonstrating that
he/she knows a secret, the password. However, because the claimant sends this secret,
it is susceptible to interception by the adversary.
• In challenge-response authentication, the claimant proves that she knows a secret
without sending it.
• In other words, the claimant does not send the secret to the verifier; the verifier either
has it or finds it.
• The challenge is a time-varying value such as a random number or a timestamp that is
sent by the verifier.
• The claimant applies a function to the challenge and sends the result, called a
response, to the verifier. The response shows that the claimant knows the secret.

Using a Symmetric-Key Cipher:

• Number of approaches to challenge-response authentication use symmetric-key

encryption.
• The secret here is the shared secret key, known by both the claimant and the verifier.
The function is the encrypting algorithm applied on the challenge.
• Although there are several approaches to this method, we just show the simplest one
to give an idea.
• Fig. 3.58 shows this first approach of challenge-response. The first message is not part
of challenge-response, it only informs the verifier that the claimant wants to be
challenged.
• The second message is the challenge. RB is the nonce (abbreviation for number once)
randomly chosen by the verifier (Amar) to challenge the claimant.
• The claimant encrypts the nonce using the shared secret key known only to the
claimant and the verifier and sends the result to the verifier.
• The verifier decrypts the message. If the nonce obtained from decryption is the same
as the one sent by the verifier, Yogita is authenticated.
• Note that in this process, the claimant and the verifier need to keep the symmetric key
used in the process secret.
• The verifier must also keep the value of the nonce for claimant identification until the
response is returned.

3.49
Computer Networks - II Cryptography and Network Security

Fig. 3.52: Unidirectional, Symmetric-Key Authentication in Challenge-Response

Using an Asymmetric-Key Cipher:
• We can use an asymmetric-key cipher for entity authentication. Fig. 3.53 shows
asymmetric-key authentication approach of challenge-response.
• In this approach, the secret must be the private key of the claimant. The claimant must
show that she owns the private key related to the public key that is available to
everyone.
• This means that the verifier must encrypt the challenge using the public key of the
claimant; the claimant then decrypts the message using her private key.
• The response to the challenge is the decrypted challenge. If the RB received in the third
message is the same sent in the second message, Alice is authenticated.

Fig. 3.53: Unidirectional, Asymmetric-Key Authentication in Challenge-Response

Using Digital Signature:

• Entity authentication can also be achieved using a digital signature. When a digital
signature is used for entity authentication, the claimant uses her private key for
signing.
• In Fig. 3.54, Amar uses a plaintext challenge and Yogita signs the response. If the RB
received in the third message is the same sent in the second message, Yogita is
authenticated.

3.50
Computer Networks - II Cryptography and Network Security

Fig. 3.54: Digital Signature, Unidirectional Authentication in Challenge-Response

PRACTICE QUESTIONS
Q.I Multiple Choice Questions:
1. An asymmetric-key (or public-key) cipher uses,
(a) 1 key (b) 2 key
(c) 3 key (d) 4 key
2. A straight permutation cipher or a straight P-box has the same number of inputs
as,
(a) cipher (b) frames
(c) outputs (d) bits
3. We use Cryptography term to transforming messages to make them,
(a) secure and immune to change
(b) secure and immune to idle
(c) secure and immune to attacks
(d) secure and immune to defend
4. Which is the art and science of making a cryptosystem that is capable of providing
information security?
(a) Cryptography (b) Cryptanalysis
(c) Cryptology (d) None of the mentioned
5. The shift cipher is sometimes referred to as the,
(a) Caesar cipher (b) shift cipher
(c) cipher (d) cipher text
6. The substitutional ciphers are,
(a) monoalphabatic (b) semi alphabetic
(c) polyalphabetic (d) bialphabetic

3.51