The document outlines the importance of security in network systems, covering trends, legal and ethical aspects, types of security attacks, and organizational liability. It also discusses various security mechanisms and services as defined by the OSI security architecture, alongside a detailed examination of encryption algorithms like the Vigenère cipher. Additionally, it addresses the role of federal agencies in cybersecurity and the necessity for professionals to navigate international laws and ethical considerations around information security.

1. UNIT I
Prepared by
Dr. R. Arthy, AP/IT
Kamaraj College of Engineering and
Technology (Autonomous), Madurai.
CS8792 - CRYPTOGRAPHY AND
NETWORK SECURITY

2. Agenda
⚫ Security trends
⚫ Legal, Ethical and Professional Aspects of Security
⚫ Need for Security at Multiple levels, Security Policies
⚫ Security attacks, services and mechanism
⚫ OSI security architecture
⚫ Model of network security

3. Security Trends

4. Introduction
⚫ In 1994, the Internet Architecture Board (IAB) issued
a report entitled "Security in the Internet Architecture"
(RFC 1636).
⚫ Observations - Internet needs more and better security,
and it identified key areas for security mechanisms
⚫ Requirements
⚫ Need to secure the network infrastructure from
unauthorized monitoring and control of network traffic
⚫ Need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms

5. ⚫ Reported by the
Computer
Emergency
Response Team
(CERT)
Coordination Center
(CERT/CC).
⚫ Internet-related
vulnerabilities

7. Legal, Ethical, and Professional
Issues in Information Security

8. Law and Ethics in Information Security
⚫ Laws
⚫ Rules that mandate or prohibit certain behavior
⚫ Drawn from ethics
⚫ Ethics
⚫ Define socially acceptable behaviors
⚫ Key difference
⚫ Laws carry the authority of a governing body
⚫ Ethics do not carry the authority of a governing body
⚫ Based on cultural mores
⚫ Fixed moral attitudes or customs
⚫ Some ethics standards are universal

9. Organizational Liability and the Need for
Counsel
⚫ Liability
⚫ Legal obligation of organization
⚫ Extends beyond criminal or contract law
⚫ Include legal obligation to restitution
⚫ Employee acting with or without the authorization performs and illegal or
unethical act that causes some degree of harm
⚫ Employer can be held financially liable
⚫ Due care
⚫ Organization makes sure that every employee knows what is acceptable or
unacceptable
⚫ Knows the consequences of illegal or unethical actions

10. Organizational Liability and the Need
for Counsel
⚫ Due diligence
⚫ Requires
⚫ Make a valid effort to protect others
⚫ Maintains the effort
⚫ Jurisdiction
⚫ Court’s right to hear a case if a wrong is committed
⚫ Term – long arm
⚫ Extends across the country or around the world

11. Policy Versus law
⚫ Policies
⚫ Guidelines that describe acceptable and unacceptable
employee behaviors
⚫ Functions as organizational laws
⚫ Has penalties, judicial practices, and sanctions
⚫ Difference between policy and law
⚫ Ignorance of policy is acceptable
⚫ Ignorance of law is unacceptable
⚫ Keys for a policy to be enforceable
⚫ Dissemination
⚫ Review
⚫ Comprehension
⚫ Compliance
⚫ Uniform enforcement

12. Types of Law
⚫ Civil – govern a nation or state
⚫ Criminal – addresses activities and conduct harmful to
public
⚫ Private – encompasses family, commercial, labor, and
regulates the relationship between individuals and
organizations
⚫ Public – regulates the structure and administration of
government agencies and their relationships with citizens,
employees, and other governments

13. International Laws and Legal Bodies
⚫ Organizations do business on the Internet – they do
business globally
⚫ Professionals must be sensitive to the laws and ethical
values of many different cultures, societies, and countries
⚫ Few international laws relating to privacy and
informational security
⚫ International laws are limited in their enforceablity

14. Council of Europe Convention on
Cybercrime
⚫ International task force
⚫ Designed to oversee range of security functions
⚫ Designed to standardized technology laws across
international borders
⚫ Attempts to improve the effectiveness of international
investigations into breaches of technology law
⚫ Concern raised by those concerned with freedom of
speech and civil liberties
⚫ Overall goal
⚫ Simplify the acquisition of information for law enforcement
agencies in certain types of international crimes

15. Agreement on Trade-Related Aspects of
Intellectual Property Rights
⚫ Created by the World Trade Organization
⚫ Introduced intellectual property rules into the
multilateral trade system
⚫ First significant international effort to protect
intellectual property rights

16. Agreement on Trade-Related Aspects of
Intellectual Property Rights
⚫ Covers five issues
⚫ How basic principles of the trading system and other international
intellectual property agreements should be applied
⚫ How to give adequate protection to intellectual property rights
⚫ How countries should enforce those rights adequately in their own
territories
⚫ How to settle disputes on intellectual property between members
of the WTO
⚫ Special transitional arrangements during the period when the new
system is being introduced

17. Digital Millennium Copyright Act
⚫ American contribution to WTO
⚫ Plan to reduce the impact of copyright, trademark, and
privacy infringement
⚫ United Kingdom has implemented a version
⚫ Database Right

18. Major IT Professional Organizations
⚫ Association of Computing Machinery
⚫ “World’s first educational and scientific computing society”
⚫ Strongly promotes education
⚫ Provides discounts for student members
⚫ International Information Systems Security Certification Consortium, Inc.
(ISC)2
⚫ Nonprofit organization
⚫ Focuses on the development and implementation of information security
certifications and credentials
⚫ Manages a body of knowledge on information security
⚫ Administers and evaluated examinations for information security certifications

19. Major IT Professional Organizations
⚫ Information Systems Audit and Control Association
⚫ Focuses on auditing, control, and security
⚫ Membership includes technical and managerial professionals
⚫ Does not focus exclusively on information security
⚫ Has many information security components
⚫ Information Systems Security Associations (ISSA)
⚫ Nonprofit society of information security professionals
⚫ Mission – bring together qualified information security practioners
⚫ Information exchange
⚫ Education development
⚫ Focus – “promoting management practices that will ensure the confidentiality, integrity, and
availability of organizational information resources”

20. Major IT Professional Organizations
⚫ Systems Administration, Networking, and Security
Institute (SANS)
⚫ Professional research and education cooperative
⚫ Current membership > 156,000
⚫ Security professionals
⚫ Auditors
⚫ System administrators
⚫ Network administrators
⚫ Offers set of certifications

21. Federal Agencies
⚫ Department of Homeland Security
⚫ Five directorates or divisions
⚫ Mission – protecting the people as well as the physical and
informational assets of the United States
⚫ Directorate of Information and Infrastructure
⚫ Creates and enhances resources used to discover and responds to attacks on
national information systems and critical infrastructure
⚫ Directorate of Science and Technology
⚫ Research and development activities in support of homeland defense
⚫ Examination of vulnerabilities
⚫ Sponsors emerging best practices

22. Federal Agencies
⚫ National InfraGard Program
⚫ Each FBI office establishes a chapter
⚫ Collaborates with public and private organizations and academia
⚫ Serves members in 4 ways
⚫ Maintains an intrusion alert network using encrypted e-mail
⚫ Maintains a secure Web site for communication about suspicious activity or intrusions
⚫ Sponsors local chapter activities
⚫ Operates a help desk for questions
⚫ Contribution – free exchange of information to and from the private sector in
the areas of threats and attacks on information resources

23. Federal Agencies
⚫ National Security Agency (NSA)
“the nation’s cryptologic organization. It coordinates, directs, and
performs highly specialized activities to protect U.S. information systems
and produce foreign intelligence information… It is also one of the most
important centers of foreign language analysis and research within the
Government.”
⚫ U. S. Secret Service
⚫ Located in Department of the Treasury
⚫ Charged with the detection and arrest of any person committing a
United States federal offense relating to computer fraud and false
identification crimes.

24. OSI Security Architecture

25. Services, Mechanisms, Attacks
⚫ need systematic way to define requirements
⚫ consider three aspects of information security:
⚫ security attack
⚫ security mechanism
⚫ security service
⚫ consider in reverse order

26. Security Service
⚫ is something that enhances the security of the data processing
systems and the information transfers of an organization
⚫ intended to counter security attacks
⚫ make use of one or more security mechanisms to provide the
service
⚫ replicate functions normally associated with physical
documents
⚫ eg. have signatures, dates; need protection from disclosure, tampering,
or destruction; be notarized or witnessed; be recorded or licensed

27. Security Mechanism
⚫ a mechanism that is designed to detect, prevent, or recover
from a security attack
⚫ no single mechanism that will support all functions
required
⚫ however one particular element underlies many of the
security mechanisms in use: cryptographic techniques
⚫ hence our focus on this area

28. Security Attack
⚫ any action that compromises the security of information
owned by an organization
⚫ information security is about how to prevent attacks, or
failing that, to detect attacks on information-based systems
⚫ have a wide range of attacks
⚫ can focus of generic types of attacks
⚫ note: often threat & attack mean same

29. OSI Security Architecture
⚫ ITU-T X.800 Security Architecture for OSI
⚫ defines a systematic way of defining and providing
security requirements
⚫ for us it provides a useful, if abstract, overview of
concepts we will study

30. Security Services
⚫ X.800 defines it as: a service provided by a protocol
layer of communicating open systems, which ensures
adequate security of the systems or of data transfers
⚫ RFC 2828 defines it as: a processing or
communication service provided by a system to give a
specific kind of protection to system resources
⚫ X.800 defines it in 5 major categories

31. Security Services (X.800)
⚫ Authentication - assurance that the communicating entity is the one claimed
⚫ Peer entity and Data origin authentication
⚫ Access Control - prevention of the unauthorized use of a resource
⚫ Data Confidentiality –protection of data from unauthorized disclosure
⚫ Connection, Connectionless, Selective Field and Traffic flow
⚫ Data Integrity - assurance that data received is as sent by an authorized entity
⚫ Connection integrity with recovery, Connection integrity without recovery,
Connectionless integrity, Selective field connection integrity, Selective field
connectionless integrity
⚫ Non-Repudiation - protection against denial by one of the parties in a
communication
⚫ Origin and destination

32. Security Mechanisms (X.800)
⚫ specific security mechanisms:
⚫ encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding,
routing control, notarization
⚫ pervasive security mechanisms:
⚫ trusted functionality, security labels, event detection,
security audit trails, security recovery

33. Relation between Security Services
and Mechanisms

34. [contd…]

36. Classify Security Attacks as
⚫ passive attacks - eavesdropping on, or monitoring of,
transmissions to:
⚫ obtain message contents, or
⚫ monitor traffic flows
⚫ active attacks – modification of data stream to:
⚫ masquerade of one entity as some other
⚫ replay previous messages
⚫ modify messages in transit
⚫ denial of service

37. Model for Network Security

38. Model for Network Security
⚫ using this model requires us to:
⚫ design a suitable algorithm for the security transformation
⚫ generate the secret information (keys) used by the algorithm
⚫ develop methods to distribute and share the secret
information
⚫ specify a protocol enabling the principals to use the
transformation and secret information for a security service

39. Model for Network Access Security

40. Classical Encryption Algorithms
10.08.2020
CRYPTOGRAPHYAND
NETWORK SECURITY

41. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

42. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

43. Brute Force Attack in Shift Cipher
Step 1: Hacking

44. [contd…]
 Step 2: Try with possible
keys
 Example
UNQC FQFUHI BUQAUT QJ
QXQ.SEC
1 UNQC FQFUHI BUQAUT QJ QXQ.SEC
2 TMPB EPETGH ATPZTS PI PWP.RDB
3 SLOA DODSFG ZSOYSR OH OVO.QCA
4 RKNZ CNCREF YRNXRQ NG NUN.PBZ
5 QJMY BMBQDE XQMWQP MF MTM.OAY
6 PILX ALAPCD WPLVPO LE LSL.NZX
7 OHKW ZKZOBC VOKUON KD KRK.MYW
8 NGJV YJYNAB UNJTNM JC JQJ.LXV
9 MFIU XIXMZA TMISML IB IPI.KWU
10 LEHT WHWLYZ SLHRLK HA HOH.JVT
11 KDGS VGVKXY RKGQKJ GZ GNG.IUS
12 JCFR UFUJWX QJFPJI FY FMF.HTR
13 IBEQ TETIVW PIEOIH EX ELE.GSQ
14 HADP SDSHUV OHDNHG DW DKD.FRP
15 GZCO RCRGTU NGCMGF CV CJC.EQO
16 FYBN QBQFST MFBLFE BU BIB.DPN
17 EXAM PAPERS LEAKED AT AHA.COM
18 DWZL OZODQR KDZJDC ZS ZGZ.BNL
19 CVYK NYNCPQ JCYICB YR YFY.AMK
20 BUXJ MXMBOP IBXHBA XQ XEX.ZLJ
21 ATWI LWLANO HAWGAZ WP WDW.YKI
22 ZSVH KVKZMN GZVFZY VO VCV.XJH
23 YRUG JUJYLM FYUEYX UN UBU.WIG
24 XQTF ITIXKL EXTDXW TM TAT.VHF
25 WPSE HSHWJK DWSCWV SL SZS.UGE

45. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

46. Advantage
 It is significantly harder to break since the frequency
analysis technique used to break simple substitution
ciphers is difficult but still can be used on (25*25) =
625 digraphs rather than 25 monographs which is
difficult.
 Frequency analysis thus requires more cipher text to
crack the encryption.

47. Disadvantage
 An interesting weakness is the fact that a digraph in the
ciphertext (AB) and it’s reverse (BA) will have
corresponding plaintexts like UR and RU. That can
easily be exploited with the aid of frequency analysis,
if the language of the plaintext is known.
 Another disadvantage is that playfair cipher is
a symmetric cipher thus same key is used for both
encryption and decryption.

48. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

49. Introduction
 The encryption of the original text is done using
the Vigenère square or Vigenère table.
 The Vigenère table uses a 26×26 matrix with A to Z as
the row heading and column heading
 The Vigenère cipher is an example of a polyalphabetic
substitution cipher.
 A polyalphabetic substitution cipher is similar to a
monoalphabetic substitution except that the cipher
alphabet is changed periodically while enciphering the
message.

50. Vigenère Cipher
 Encryption
 The plaintext(P) and key(K) are added modulo 26.
 Ci = (Pi + Ki) mod 26
 Decryption
 Pi = (Ci - Ki + 26) mod 26

51. Vigenère table

52. Example - Encryption
 Plain Text – a simple example
 Key – crypto
a s i m p l e e x a m p l e
c r y p t o c r y p t o c r
C J G B I Z G V V P F D N V
Plain Text (P)
Key (K)
Cipher Text (C)

53. [contd…]
 Plain Text – a simple example
 Key – crypto
a s i m p l e e x a m p l e
c r y p t o c r y p t o c r
0 18 8 12 15 11 4 4 23 0 12 15 11 4
2 17 24 15 19 14 2 17 24 15 19 14 2 17
2 9 6 1 8 25 6 21 21 15 5 3 13 21
C J G B I Z G V V P F D N V
Plain Text (P)
Cipher Text (C)
Plain Text (Pi)
Key (Ki)
Cipher Text (Ci)
Key (K)

54. Decryption
 Reverse of encryption

55. Example
 Cipher Text – CJGBIZGVVPFDNV
 Key – crypto
C J G B I Z G V V P F D N V
c r y p t o c r y p t o c r
a s i m p l e e x a m p l e
Plain Text (P)
Key (K)
Cipher Text (C)

56. [contd…]
 Cipher Text – CJGBIZGVVPFDNV
 Key – crypto
C J G B I Z G V V P F D N V
c r y p t o c r y p t o c r
2 9 6 1 8 25 6 21 21 15 5 3 13 21
2 17 24 15 19 14 2 17 24 15 19 14 2 17
0 18 8 12 15 11 4 4 23 0 12 15 11 4
a s i m p l e e x a m p l e
Plain Text (P)
Cipher Text (C)
Plain Text (Pi)
Key (Ki)
Cipher Text (Ci)
Key (K)

57. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

58. Introduction
 Autokey Cipher is a polyalphabetic substitution
cipher.
 It is closely related to the Vigenere cipher but uses a
different method of generating the key.

59. Auto Key Cipher
 Encryption
 The plaintext(P) and key(K) are added modulo 26.
 Ci = (Pi + Ki) mod 26
 Decryption
 Pi = (Ci - Ki + 26) mod 26

60. Example - Encryption
 Plain Text – a simple example
 Key – crypto
a s i m p l e e x a m p l e
c r y p t o a s i m p l e e
C J G B I Z E W F M B A P I
Plain Text (P)
Key (K)
Cipher Text (C)

61. [contd…]
 Plain Text – a simple example
 Key – crypto
a s i m p l e e x a m p l e
c r y p t o a s i m p l e e
0 18 8 12 15 11 4 4 23 0 12 15 11 4
2 17 24 15 19 14 0 18 8 12 15 11 4 4
2 9 6 1 8 25 4 22 5 12 1 0 15 8
C J G B I Z E W F M B A P I
Plain Text (P)
Cipher Text (C)
Plain Text (Pi)
Key (Ki)
Cipher Text (Ci)
Key (K)

62. Decryption
 Reverse of encryption

63. Example
 Cipher Text – CJGBIZEWFMBAPI
 Key – crypto
C J G B I Z E W F M B A P I
c r y p t o a s i m p l e e
a s i m p l e e x a m p l e
Plain Text (P)
Key (K)
Cipher Text (C)

64. [contd…]
 Cipher Text – CJGBIZEWFMBAPI
 Key – crypto
C J G B I Z E W F M B A P I
c r y p t o a s i m p l e e
2 9 6 1 8 25 4 22 5 12 1 0 15 8
2 17 24 15 19 14 0 18 8 12 15 11 4 4
0 18 8 12 15 11 4 4 23 0 12 15 11 4
a s i m p l e e x a m p l e
Plain Text (P)
Cipher Text (C)
Plain Text (Pi)
Key (Ki)
Cipher Text (Ci)
Key (K)

65. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

66. Introduction
 One-time pad cipher is a type of Vignere cipher which
includes the following features −
 It is an unbreakable cipher.
 The key is exactly same as the length of message which
is encrypted.
 The key is made up of random symbols.
 As the name suggests, key is used one time only and
never used again for any other message to be encrypted.

67. Why is it Unbreakable?
 The key is unbreakable owing to the following features
 The key is as long as the given message.
 The key is truly random and specially auto-generated.
 Each key should be used once and destroyed by both
sender and receiver.
 There should be two copies of key: one with the sender
and other with the receiver.

68. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

69. Introduction
 In a transposition cipher, the order of the alphabets is
re-arranged to obtain the cipher-text.
 A simple form of Rail Fence
 Plain Text – defend the east wall
 Key - 2

70. Encryption
 In the rail fence cipher, the plain-text is written
downwards and diagonally on successive rails of an
imaginary fence.
 When we reach the bottom rail, we traverse upwards
moving diagonally, after reaching the top rail, the
direction is changed again. Thus the alphabets of the
message are written in a zig-zag manner.
 After each alphabet has been written, the individual
rows are combined to obtain the cipher-text.

71. Example
 Plain Text – defend the east wall
 Key – 3
 Cipher Text - DNETLEEDHESWLXFTAAX

72. Decryption
 Size of the Matrix = key * length(cipher text)
 Once we’ve got the matrix we can figure-out the spots
where texts should be placed (using the same way of
moving diagonally up and down alternatively ).
 Then, we fill the cipher-text row wise. After filling it,
we traverse the matrix in zig-zag manner to obtain the
original text.

73. Example
 Cipher Text – DNETLEEDHESWLXFTAAX
 Key – 3
 Size of the matrix = key * length(cipher text)
= 3 * 19
* * * * *
* * * * * * * * *
* * * * *
D N E T L
* * * * * * * * *
* * * * *

74. [contd…]
D N E T L
E E D H E S W L X
* * * * *
D N E T L
E E D H E S W L X
F T A A X
Plain Text – defend the east wall

75. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

76. Introduction
 The Columnar Transposition Cipher is a form of
transposition cipher just like Rail Fence Cipher.
 Columnar Transposition involves writing the plaintext
out in rows, and then reading the ciphertext off in
columns one by one.
Plain Text - "a simple transposition"
Cipher Text
"ALNISESTITPIMROOPASN"

77. Encryption
 The message is written out in rows of a fixed length, and
then read out again column by column, and the columns
are chosen in some scrambled order.
 Width of the rows and the permutation of the columns are
usually defined by a keyword.
 For example, the word HACK is of length 4 (so the rows
are of length 4), and the permutation is defined by the
alphabetical order of the letters in the keyword. In this case,
the order would be “3 1 2 4”.
 Any spare spaces are filled with nulls or left blank or
placed by a character (Example: _).
 Finally, the message is read off in columns, in the order
specified by the keyword.

78. Example
 Plain Text - "The tomato
is a plant in the nightshade
family“
 Keyword - tomato
 Cipher Text -
"TINESAXEOAHTFXHT
LTHEYMAIIAIXTA
PNGDLOSTNHMX".

79. Decryption
 To decipher it, the recipient has to work out the
column lengths by dividing the message length by the
key length.
 Then, write the message out in columns again, then re-
order the columns by reforming the key word.

80. Example
 Cipher Text -
"TINESAXEOAHTFXHTLTHEYMAIIAIXTA
PNGDLOSTNHMX".
 Keyword - tomato
 Number of rows = length(cipher text)/length(keyword)
= 42 / 6
= 7

81. [contd…]
T O M A T O
5 3 2 1 6 4
T O M A T O
5 3 2 1 6 4
T
I
N
E
S
A
X

82. [contd…]
T O M A T O
5 3 2 1 6 4
E T
O I
A N
H E
T S
F A
X X
T O M A T O
5 3 2 1 6 4
H E T
T O I
L A N
T H E
H T S
E F A
Y X X

83. [contd…]
T O M A T O
5 3 2 1 6 4
H E T M
T O I A
L A N I
T H E I
H T S A
E F A I
Y X X X
T O M A T O
5 3 2 1 6 4
T H E T M
A T O I A
P L A N I
N T H E I
G H T S A
D E F A I
L Y X X X

84. [contd…]
T O M A T O
5 3 2 1 6 4
T H E T O M
A T O I S A
P L A N T I
N T H E N I
G H T S H A
D E F A M I
L Y X X X X
 Plain Text - "The tomato
is a plant in the nightshade
family“

85. Classical Encryption Algorithms
17.08.2020
CRYPTOGRAPHYAND
NETWORK SECURITY

86. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

87. Introduction
 In a transposition cipher, the order of the alphabets is
re-arranged to obtain the cipher-text.
 A simple form of Rail Fence
 Plain Text – defend the east wall
 Key - 2

88. Encryption
 In the rail fence cipher, the plain-text is written
downwards and diagonally on successive rails of an
imaginary fence.
 When we reach the bottom rail, we traverse upwards
moving diagonally, after reaching the top rail, the
direction is changed again. Thus the alphabets of the
message are written in a zig-zag manner.
 After each alphabet has been written, the individual
rows are combined to obtain the cipher-text.

89. Example
 Plain Text – defend the east wall
 Key – 3
 Cipher Text - DNETLEEDHESWLXFTAAX

90. Decryption
 Size of the Matrix = key * length(cipher text)
 Once we’ve got the matrix we can figure-out the spots
where texts should be placed (using the same way of
moving diagonally up and down alternatively ).
 Then, we fill the cipher-text row wise. After filling it,
we traverse the matrix in zig-zag manner to obtain the
original text.

91. Example
 Cipher Text – DNETLEEDHESWLXFTAAX
 Key – 3
 Size of the matrix = key * length(cipher text)
= 3 * 19
* * * * *
* * * * * * * * *
* * * * *
D N E T L
* * * * * * * * *
* * * * *

92. [contd…]
D N E T L
E E D H E S W L X
* * * * *
D N E T L
E E D H E S W L X
F T A A X
Plain Text – defend the east wall

93. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

94. Introduction
 The Columnar Transposition Cipher is a form of
transposition cipher just like Rail Fence Cipher.
 Columnar Transposition involves writing the plaintext
out in rows, and then reading the ciphertext off in
columns one by one.
Plain Text - "a simple transposition"
Cipher Text
"ALNISESTITPIMROOPASN"

95. Encryption
 The message is written out in rows of a fixed length, and
then read out again column by column, and the columns
are chosen in some scrambled order.
 Width of the rows and the permutation of the columns are
usually defined by a keyword.
 For example, the word HACK is of length 4 (so the rows
are of length 4), and the permutation is defined by the
alphabetical order of the letters in the keyword. In this case,
the order would be “3 1 2 4”.
 Any spare spaces are filled with nulls or left blank or
placed by a character (Example: _).
 Finally, the message is read off in columns, in the order
specified by the keyword.

96. Example
 Plain Text - "The tomato
is a plant in the nightshade
family“
 Keyword - tomato
 Cipher Text -
"TINESAXEOAHTFXHT
LTHEYMAIIAIXTA
PNGDLOSTNHMX".

97. Decryption
 To decipher it, the recipient has to work out the
column lengths by dividing the message length by the
key length.
 Then, write the message out in columns again, then re-
order the columns by reforming the key word.

98. Example
 Cipher Text -
"TINESAXEOAHTFXHTLTHEYMAIIAIXTA
PNGDLOSTNHMX".
 Keyword - tomato
 Number of rows = length(cipher text)/length(keyword)
= 42 / 6
= 7

99. [contd…]
T O M A T O
5 3 2 1 6 4
T O M A T O
5 3 2 1 6 4
T
I
N
E
S
A
X

100. [contd…]
T O M A T O
5 3 2 1 6 4
E T
O I
A N
H E
T S
F A
X X
T O M A T O
5 3 2 1 6 4
H E T
T O I
L A N
T H E
H T S
E F A
Y X X

101. [contd…]
T O M A T O
5 3 2 1 6 4
H E T M
T O I A
L A N I
T H E I
H T S A
E F A I
Y X X X
T O M A T O
5 3 2 1 6 4
T H E T M
A T O I A
P L A N I
N T H E I
G H T S A
D E F A I
L Y X X X

102. [contd…]
T O M A T O
5 3 2 1 6 4
T H E T O M
A T O I S A
P L A N T I
N T H E N I
G H T S H A
D E F A M I
L Y X X X X
 Plain Text - "The tomato
is a plant in the nightshade
family“

103. Algorithms
 Substitution
 Caesar Cipher
 Shift Cipher
 Playfair Cipher
 Vigenere Cipher
 Auto Key Cipher
 One Time Pad
 Hill Cipher
 Affine Cipher
 Transposition
 Rail Fence
 Row Columnar Transposition

104. Affine Cipher
 The Affine Cipher is another example of a
Monoalphabetic Substitution cipher.
 Encryption
C = (aP + b) mod 26
where a and b are the key for the cipher.
 Decryption
P = a-1(C - b) mod 26
a x a-1 = 1 mod 26

105. Example - Encryption
Plain text c o o l
2 14 14 11
5P + 8 18 78 78 63
(5P + 8)mod 26 18 0 0 11
Cipher text S A A L
Plain Text – cool
a = 5
b = 8

106. Example - Decryption
Cipher text S A A L
18 0 0 11
C – 8 10 -8 -8 3
21(C – 8) 210 -168 -168 63
21(C – 8) mod 26 2 14 14 11
Plain text c o o l
Cipher Text – SAAL
a = 5
b = 8
To find a-1
a x a-1 = 1 mod 26
5 x a-1 = 1 mod 26
5 x 21 = 1 mod 26

107. Tryout
 Encipher “affine” if the encipherment function is E(x)
= (5x + 8) MOD 26.
 Decipher HPCCXAQ if the encipherment function is
E(x) = (5x + 8) MOD 26.

108. CRYPTOGRAPHY AND
NETWORK SECURITY
PLAYFAIR CIPHER
06.08.2020

109. INTRODUCTION
 Playfair cipher was the first practical digraph
substitution cipher.
 The scheme was invented in 1854 by Charles
Wheatstone but was named after Lord Playfair who
promoted the use of the cipher.
 It was used in World War I and II.
 Encryption Steps:
Step 1: Key Generation
Step 2: Encryption Process

110. STEP 1: KEY GENERATION
 Key Size: 5 X 5
 Key representation: matrix
 I and J occupies same place.
 Example: Key – “MONARCHY”

111. STEP 2: ENCRYPTION PROCESS
 Pair the given plain text. If the pair contains same letter
then insert least frequently occurring letter and repair it.
Rule 1: If both the letters are in the same column: Take
the letter below each one (going back to the top if at the
bottom).
Example
Diagraph: "me"
Encrypted Text: cl
Encryption: m  c
e  l

112. [CONTD…
Rule 2: If both the letters are in the same row: Take the
letter to the right of each one (going back to the leftmost
if at the rightmost position).
Example:
Diagraph: "st"
Encrypted Text: tl
Encryption: s  t
t  l

113. [CONTD…]
Step 3: If neither of the above rules is true: Form a
rectangle with the two letters and take the letters on the
horizontal opposite corner of the rectangle.
Example:
Diagraph: "nt"
Encrypted Text: rq
Encryption: n  r
t  q

114. DECRYPTION PROCESS
 Reverse of Encryption process

115. ADVANTAGE
 It is significantly harder to break since the frequency
analysis technique used to break simple substitution
ciphers is difficult but still can be used on (25*25) = 625
digraphs rather than 25 monographs which is difficult.
 Frequency analysis thus requires more cipher text to
crack the encryption.

116. DISADVANTAGE
 An interesting weakness is the fact that a digraph in the
ciphertext (AB) and it’s reverse (BA) will have
corresponding plaintexts like UR and RU. That can
easily be exploited with the aid of frequency analysis, if
the language of the plaintext is known.
 Another disadvantage is that playfair cipher is
a symmetric cipher thus same key is used for both
encryption and decryption.

117. TRY OUT
 Use Playfair cipher to encrypt the Plain Text –
“cryptography” using Key – “secret”.
 Find the plain text give cipher text as
“GQRMCGTKXEWVPNLX” with the key as “world”.

118. CRYPTOGRAPHY AND NETWORK
SECURITY
HILL CIPHER

119. INTRODUCTION
 The Hill Cipher was invented by Lester S. Hill in 1929.
 It is a polygraphic substitution cipher.
 The Hill Cipher uses an area of mathematics called Linear Algebra.
 in particular requires the user to have an elementary understanding
of matrices.
 It also make use of Modulo Arithmetic
 Inputs : String of English letters, A,B,…,Z.
 An nn matrix K, with entries drawn from 0,1,…,25.
(The matrix K serves as the secret key. )
 Divide the input string into blocks of size n.

120. FORMULA
Encryption
 C = PK mod 26
Decryption
 P = K-1C mod 26

121. ENCRYPTION – 2 X 2
Let us consider the plaintext as – xyzsdfgh
Let us consider the key as –
Encryption Steps:
1. Grouping – Size of the group is 2 since the key matrix size is
2
{xy, zs, df, gh}
2. Perform encryption using the encryption formula. Hence,

122. ENCRYPTION – 3 X 3
Let us consider the plaintext as – xyzsdfghs
Let us consider the key as –
Encryption Steps:
1. Grouping – Size of the group is 3 since the key matrix size is
3
{xyz, sdf, ghs}
2. Perform encryption using the encryption formula. Hence,

123. DECRYPTION – 2 X 2
Let us consider the key as –
Steps to find K-1:
1. Find the Multiplicative Inverse of the Determinant
2. Find the Adjugate Matrix
3. Multiply the Multiplicative Inverse of the Determinant by the Adjugate Matrix

124. DECRYPTION – 3 X 3
Let us consider the key as –
Steps to find K-1:
1. Find the Multiplicative Inverse of the Determinant

125. DECRYPTION – 3 X 3
2. Find the Adjugate Matrix
3. Multiply the Multiplicative Inverse of the Determinant by the Adjugate Matrix

126. CRYPTOGRAPHYAND NETWORK
SECURITY
Foundations of Modern Cryptography
11.09.2020

127. INTRODUCTION
 Modern cryptography is the cornerstone of computer and
communications security.
 Its foundation is based on various concepts of
mathematics such as number theory, computational-
complexity theory, and probability theory.

128. CHARACTERISTICS OF MODERN
CRYPTOGRAPHY
Classic Cryptography Modern Cryptography
It manipulates traditional
characters, i.e., letters and digits
directly.
It operates on binary bit sequences.
It is mainly based on ‗security
through obscurity‘. The techniques
employed for coding were kept
secret and only the parties involved
in communication knew about them.
It relies on publicly known mathematical
algorithms for coding the information.
Secrecy is obtained through a secrete key
which is used as the seed for the
algorithms. The computational difficulty
of algorithms, absence of secret key, etc.,
make it impossible for an attacker to
obtain the original information even if he
knows the algorithm used for coding.
It requires the entire cryptosystem
for communicating confidentially.
Modern cryptography requires parties
interested in secure communication to
possess the secret key only.

129. CRYPTOGRAPHYAND NETWORK
SECURITY
Perfect Security

130. PRIVACY
 Alice wants to send a message to Bob without an
adversary Eve figuring out the message.

131. INTEGRITY AND AUTHENTICITY
 Bob wants to make sure that the message that he
received from Alice is indeed sent by her and not
modified during transit.

132. PERFECT WORLD
 There is a super-strong pipe between Alice and Bob.
 Both privacy and authenticity goals are met.

133. REAL WORLD
 The channel between Alice and Bob is public.
 Assume that Alice and Bob share some secret K.
 Alice encodes her message M using a public encryption algorithm E
and K. We write C = EK(M).
 Bob decrypts Alice‘s message using a public decryption algorithm D
and K. We write M = DK(C).

134. SHANNON‘S ONE TIME PAD
 EK(M) = K (XOR) M and
DK(C) = K (XOR) C
 Example:
 101 (XOR) 111 = 010
 101 (XOR) 010 = 111
 Is this protocol secure?
 Yes. The adversary can only guess each bit with probability
½.
 Problem: The key is as long as the message.

135. PSEUDORANDOMNESS
 Suppose there was a generator that stretches random bits.
 Idea:
 Choose a short key K randomly.
 Obtain K’=G(K).
 Use K’ as key for the one time pad.
 Issue:
 Such a generator is not possible!
 Any such generator produces a longer string but the string is not random.

136. [CONTD…]
 What if there is a generator that produces strings that ―appear
to be random‖. The bits are pseudorandom.
 General idea: The bits are not really random but they are as
good as random so we‘ll just use them for our purpose.
 Approach for proving security:
 Carefully define pseudorandomness (―appears to be random‖).
 Argue that if there is an adversary that breaks the protocol (our one
time pad), then the bit string produced by G is not really
pseudorandom.

137. ATTACKS
 Ciphertext only
 Known plaintext
 Chosen plaintext
 Chosen ciphertext

138. PERFECT SECRECY - BASIC CONCEPTS
Let P, K and C be sets of plaintexts, keys and cryptotexts.
Let pK(k) be the probability that the key k is chosen from K and let a priory
probability that plaintext w is chosen is pp(w).
If for a key , then for the probability PC(y) that c is
the cryptotext that is transmitted it holds
For the conditional probability pc(c|w) that c is the cryptotext if w is the plaintext it
holds
Using Bayes' conditional probability formula p(y)p(x|y) = p(x)p(y|x) we get for
probability pP(w|c) that w is the plaintext if c is the cryptotext the expression
   
 
P
|
K, 

 w
w
e
k
C
k k
     
 
 
 
.
|



k
C
c
k
k
P
K
C c
d
p
k
p
c
p
   
 
 
.
|
|



c
d
w
k
K
C
k
k
p
w
c
p
   
 
 
   
 
 
 
.
|
|





K
C
c
k K
P
K
c
k
d
w
k K
P
c
d
p
k
p
k
p
w
P
P
p

139. PERFECT SECRECY - BASIC RESULTS
Definition A cryptosystem has perfect secrecy if
(That is, the a posteriori probability that the plaintext is w,given that the cryptotext is c
is obtained, is the same as a priori probability that the plaintext is w.)
Example CAESAR cryptosystem has perfect secrecy if any of the26 keys is used with
the same probability to encode any symbol of the plaintext.
    C.
and
P
all
for
| 

 c
w
w
p
c
w
p P
P

140. PERFECT SECRECY - BASIC RESULTS
An analysis of perfect secrecy: The condition pP(w|c) = pP(w) is for all wP and cC
equivalent to the condition pC(c|w) = pC(c).
Let us now assume that pC(c) > 0 for all cC.
Fix wP. For each cC we have pC(c|w) = pC(c) > 0. Hence, for each c€C there must
exists at least one key k such that ek(w) = c. Consequently, |K| >= |C| >= |P|.
In a special case |K| = |C| = |P|. the following nice characterization of the perfect secrecy
can be obtained:
Theorem A cryptosystem in which |P| = |K| = |C| provides perfect secrecy if and only if
every key is used with the same probability and for every wP and every c€C there is a
unique key k such that ek(w) = c.

141. CRYPTOGRAPHYAND NETWORK
SECURITY
Product Cryptosystem
11.09.2020

142. PRODUCT CRYPTOSYSTEMS
A cryptosystem S = (P, K, C, e, d) with the sets of plaintexts P, keys K and cryptotexts C
and encryption (decryption) algorithms e (d) is called endomorphic if P = C.
If S1 = (P, K1, P, e(1), d (1)) and S2 = (P, K2, P, e (2), d (2)) are endomorphic cryptosystems,
then the product cryptosystem is
S1  S2 = (P, K1  K2, P, e, d),
where encryption is performed by the procedure
e( k1, k2 )(w) = ek2(ek1(w))
and decryption by the procedure
d( k1, k2 )(c) = dk1(dk2(c)).
Example (Multiplicative cryptosystem):
Encryption: ea(w) = aw mod p; decryption: da(c) = a-1c mod 26.
If M denote the multiplicative cryptosystem, then clearly CAESAR × M is actually the
AFFINE cryptosystem.
Exercise Show that also M  CAESAR is actually the AFFINE cryptosystem.
Two cryptosystems S1 and S2 are called commutative if S1  S2 = S2  S1.
A cryptosystem S is called idempotent if S  S = S.

143. EXERCISES IV
 For the following pairs plaintext-cryptotext determine which cryptosystem was used:
- COMPUTER - HOWEWVER THE REST UNDERESTIMATES ZANINESS YOUR JUDICIOUS
WISDOM
- SAUNAAND LIFE – RMEMHCZZTCEZTZKKDA
 A spy group received info about the arrival of a new member. Thesecret police succeeded in
learning the message and knew that it wasencrypted using the HILL cryptosystem with a
matrix of degree 2. It also learned that the code ``10 3 11 21 19 5'' stands for the name ofthe
spy and ``24 19 16 19 5 21'', for the city, TANGER, the spy should come from. What is the
name of the spy?
 Decrypt the following cryptotexts. (Not all plaintexts are in English.)
- WFLEUKZFEKZFEJFWTFDGLKZEX
- DANVHEYD SEHHGKIIAJ VQN GNULPKCNWLDEA
- DHAJAHDGAJDI AIAJ AIAJDJEH DHAJAHDGAJDI AIDJ AIBIAJDJDHAJAHDGAJDI AIAJ
DIDGCIBIDH DHAJAHDGAJDI AIAJ DICIDJDH
- KLJPMYHUKV LZALALEAV LZ TBF MHJPS
 Find the largest possible word in Czech language such that its nontrivial encoding by CAESAR
is again a meaningful Czech word.
 Find the longest possible meaningful word in a European language such that some of its non-
trivial encoding by CAESAR is again ameaningful word in a European language (For example:
e3(COLD) = FROG).

144. EXERCISES IV
 Decrypt the following cryptotext obtained by encryption with an AFFINE
cryptosystem:
KQEREJEBCPPCJCRKIEACUZBKRVPKRBCIBQCARBJCVFCUPKRIOFKPACUZQEPBKR
XPEIIEABDKPBCPFCDCCAFIEABDKPBCPFEQPKAZBKRHAIBKAPCCIBURCCDKDCCJ
CIDFUIXPAFFERBICZDFKABICBBENEFCUPJCVKABPCYDCCDPKBCOCPERKIVKSCPI
CBRKIJPKAI
 Suppose we are told that the plaintext ―FRIDAY'' yields the cryptotext ―PQCFKU''
with a HALL cryptosystem. Determine the encryption matrix.
 Suppose we are told that the plaintext ―BREATHTAKING‖' yieldsthe cryptotext
―RUPOTENTOSUP'' with a HILL cryptosystem. Determine the encryption matrix.
 Decrypt the following cryptotext, obtained using the AUTOKLAVE cryptotext (using
exhaustive search ?)
MALVVMAFBHBUQPTSOXALTGVWWRG
 Design interesting cryptograms in (at least) one of the languages: Czech, French,
Spanish, Chines?
 Show that each permutation cryptosystem is a special case of the HILL cryptosystem.
 How many 2 × 2 matrices are there that are invertible over Zp, where p is a prime.
 Invent your own interesting and quite secure cryptosystem.

145. CRYPTOGRAPHYAND NETWORK
SECURITY
Cryptanalysis
11.09.2020

146. CIA
 Confidentiality, Integrity and Availability
 Confidentiality: prevent unauthorized reading of
information
 Integrity: prevent unauthorized writing of
information
 Availability: data is available in a timely manner
when needed
 Availability is a ―new‖ security concern
 Due to denial of service (DoS) threats
Intro
29

147. CRYPTO
 Cryptology  The art and science of making and breaking
―secret codes‖
 Cryptography  making ―secret codes‖
 Cryptanalysis  breaking ―secret codes‖
 Crypto  all of the above (and more)
Intro
30

148. HOW TO SPEAK CRYPTO
 A cipher or cryptosystem is used to encrypt the
plaintext
 The result of encryption is ciphertext
 We decrypt ciphertext to recover plaintext
 A key is used to configure a cryptosystem
 A symmetric key cryptosystem uses the same key
to encrypt as to decrypt
 A public key cryptosystem uses a public key to
encrypt and a private key to decrypt
 Private key can be used to sign and public key used to
verify signature (more on this later…)
Intro
31

149. CRYPTO
 Underlying assumption
 The system is completely known to Trudy
 Only the key is secret
 Also known as Kerckhoffs Principle
 Crypto algorithms are not secret
 Why do we make this assumption?
 Experience has shown that secret algorithms are often
weak when exposed
 Secret algorithms never remain secret
 Better to find weaknesses beforehand
Intro
32

150. CRYPTO AS A BLACK BOX
 Note Pi is ith ―unit‖ of plaintext
 And Ci is corresponding ciphertext
 ―Unit‖ may be bit, letter, block of bits, etc.
Intro
33
plaintext
key
key
ciphertext
encrypt decrypt
Pi Pi
Ci
plaintext

151. WHO KNOWS WHAT?
 Trudy knows the ciphertext
 Trudy knows the cipher and how it works
 Trudy might know a little more
 Trudy does not know the key
Intro
34
plaintext
key
key
ciphertext
encrypt decrypt
Pi Pi
Ci
plaintext
Alice Bob
Trudy

152. TAXONOMY OF CRYPTOGRAPHY
 Symmetric Key
 Same key for encryption as for decryption
 Stream ciphers and block ciphers
 Public Key
 Two keys, one for encryption (public), and one for
decryption (private)
 Digital signatures  nothing comparable in symmetric
key crypto
 Hash algorithms
Intro
35

153. CRYPTANALYSIS
 This course focused on cryptanalysis
 Trudy wants to recover key or plaintext
 Trudy is not bound by any rules
 For example, Trudy might attack the implementation, not the
algorithm itself
 She might use ―side channel‖ info, etc.
Intro
36

154. EXHAUSTIVE KEY SEARCH
 How can Trudy attack a cipher?
 She can simply try all possible keys and test
each to see if it is correct
 Exhaustive key search
 To prevent an exhaustive key search, a
cryptosystem must have a large keyspace
 Must be too many keys for Trudy to try them all in
any reasonable amount of time
Intro
37

155. BEYOND EXHAUSTIVE SEARCH
 A large keyspace is necessary for security
 But a large keyspace is not sufficient
 Shortcut attacks might exist
 We‘ll see many examples of shortcut attacks
 In cryptography we can (almost) never prove that
no shortcut attack exists
 This makes cryptography interesting…
Intro
38

156. TAXONOMY OF CRYPTANALYSIS
 Ciphertext only — always an option
 Known plaintext — possible in many cases
 Chosen plaintext
 ―Lunchtime attack‖
 Protocols might encrypt chosen text
 Adaptively chosen plaintext
 Related key
 Forward search (public key crypto only)
 ―Rubber hose‖, bribery, etc., etc., etc.
Intro
39

157. DEFINITION OF SECURE
 A cryptosystem is secure if the best know attack is to try
all possible keys
 Cryptosystem is insecure if any shortcut attack is known
 By this definition, an insecure system might be harder to
break than a secure system!
Intro
40

158. DEFINITION OF SECURE
 Why do we define secure this way?
 The size of the keyspace is the ―advertised‖
level of security
 If an attack requires less work, then false
advertising
 A cipher must be secure (by our definition) and
have a ―large‖ keyspace
 Too big for an exhaustive key search
Intro
41

159. THEORETICAL CRYPTANALYSIS
 Suppose that a cipher has a 100 bit key
 Then keyspace is of size 2100
 On average, for exhaustive search Trudy tests 2100/2 = 299
keys
 Suppose Trudy can test 230 keys/second
 Then she can find the key in about 37.4 trillion years
Intro
42

160. THEORETICAL CRYPTANALYSIS
 Suppose that a cipher has a 100 bit key
 Then keyspace is of size 2100
 Suppose there is a shortcut attack with ―work‖ equal to
testing about 280 keys
 If Trudy can test 230 per second
 Then she finds key in 36 million years
 Better than 37 trillion, but not practical
Intro
43

161. APPLIED CRYPTANALYSIS
 In this class, we focus on attacks that produce plaintext
 Not interested in attacks that just show a theoretical weakness
in a cipher
 We call this applied cryptanalysis
 Why applied cryptanalysis?
 Because it‘s a lot more fun…
 And it‘s a good place to start
Intro
44

162. APPLIED CRYPTANALYSIS: OVERVIEW
 Classic (pen and paper) ciphers
 Transposition, substitution, etc.
 Same principles appear in later sections
 World War II ciphers
 Enigma, Purple, Sigaba
 Stream ciphers
 Shift registers, correlation attack, ORYX, RC4, PKZIP
Intro
45

163. APPLIED CRYPTANALYSIS: OVERVIEW
 Block ciphers
 Hellman‘s TMTO, CMEA, Akelarre, FEAL
 Hash functions
 Nostradamus attack, MD4, MD5
 Public key crypto
 Knapsack, Diffie-Hellman, Arithmetica, RSA, Rabin, NTRU,
ElGamal
 Factoring, discrete log, timing, glitching
Intro
46

164. WHY STUDY CRYPTOGRAPHY?
 Information security is a big topic
 Crypto, Access control, Protocols, Software
 Real world info security problems abound
 Cryptography is the part of information security
that works best
 Using crypto correctly is important
 The more we make other parts of security
behave like crypto, the better
Intro
47

165. WHY STUDY CRYPTANALYSIS?
 Study of cryptanalysis gives insight into all
aspects of crypto
 Gain insight into attacker‘s mindset
 ―black hat‖ vs ―white hat‖ mentality
 Cryptanalysis is more fun than cryptography
 Cryptographers are boring
 Cryptanalysts are cool
 But cryptanalysis is hard
Intro
48

166. QUESTION 1
 Caesar wants to arrange a secret meeting with Antony,
either at the Tiber (the river) or at the Coliseum (the
arena). He sends the cipher text EVIRE. However,
Antony does not know the key, so he tries all
possibilities. Where will he meet Caesar?

167. QUESTION 2
M F H I/J K
U N O P Q
Z V W X Y
E L A R G
D S T B C
 Using this Playfair matrix
Encrypt the message:
―Must see you over Cadogan West, Coming
at once‖

168. QUESTION 3
 Decipher the message, YIFZMA using the Hill cipher
with the inverse key.








3
2
13
9

169. QUESTION 4
 Encrypt the message ―PAY‖ using hill cipher with the
following key matrix and show the decryption to get
original plain text.
17 17 5
21 18 21
2 2 19