### Transcription

Cryptography And Network SecuritySEMESTER VIISUB CODE : CS6701YEAR IVCS6701 Cryptography and Network SecuritySyllabusCNS SyllabusUNIT IINTRODUCTION & NUMBER THEORYServices, Mechanisms and attacks-the OSI security architecture - Network security modelClassical Encryption techniques (Symmetric cipher model, substitution techniques, transpositiontechniques, steganography). Finite Fields and Numbe theory: Groups, Rings,Fields-Modular arithmetic-Euclid‟s algorithm-Finite fields- Polynomial Arithmetic – Primenumbers- Fermat‟s and Euler‟s theorem-Testing for primality -The Chinese remainder theoremDiscrete logarithms.1 Differentiate between Active attacks and Passive AttacksActive AttacksPassive AttacksActive attacks involve some modification of thedata stream or the creation ofa false stream. It can be subdivided into fourcategories.(i) Masquerade (ii) Replay(iii) Modification of messages (iv) Denial ofService(DoS)Passive attacks are in the nature of eavesdroppingon, or monitoring oftransmissions. The goal of the opponent is to obtaininformation that is beingtransmitted. Two types of passive attacks are(i) Release of message contents(ii) Traffic Analysis2. Define OSI Security Architecture.The OSI Security ArchitectureITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematicapproach The OSI security architecture focuses on security attacks, mechanisms, and services.Security attack Any action that compromises the security of information owned by an organization.Security Mechanism A process (or a device) that is designed to detect, prevent, or recover from a security attack.1

Security ServiceA processing or communication service that enhances the security of the data processing systemsand the information transfers of an organizationThe services are intended to counter security attacks, and they make use of one or moresecurity mechanisms to provide the service3. What is Traffic Analysis?3. What are the essential ingredients of Symmetric Cipher?A symmetric encryption scheme has five ingredients.(i) Plain Text(ii) Encryption algorithm(iii) Secret Key(iv) Cipher text(v) Decryption algorithm2

4. What is meant by Denial of Service (DoS)?The denial of service(DoS) is an active attack that prevents or inhibits the normal use ormanagement of communications facilities. This attack may have a specific target, for example,an entity may suppress all messages directed to a particular destination. Another form of servicedenial is the disruption of an entire network either by disabling the network or by overloading itwith messages so as to degrade performance.5. What is Brute-force attack?The attacker tries every possible key on a piece of cipher text until an intelligible translation intoplain text is obtained. On average, half of possible keys must be tried to achieve success. It is atrial and error method used by application programs to decode encrypted data or keys throughexhaustive effort rather than employing intellectual strategies.3

6. What is Transposition Cipher?In cryptography, a transposition cipher is a method of encryption by which thepositions held by units of plain text are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plain text. The simplest such cipher is the rail fencetechnique7. Define Steganography.It is the hiding of a secret message within an ordinary message and the extraction of it at itsdestination. It means that concealing the existence of the message with something else. Thevarious other techniques have been used historically are(i) Character marking (ii) Invisible Ink(ii) Typewriter correction ribbon iv) Pin puncture8. Quote Euler’s theorem.Euler’s theorem states that for every a and n that are relatively prime.9. State Fermat's theorem.Fermat’s theorem states the following. If p is prime and a is a positive integernot divisible by p, thena p-1 1 (mod p)10. Write down the difference between Stream Cipher and Block Cipher.Stream cipher is one that encrypts a digital data stream one bit or one byte at a time. The streamcipher techniques are Caesar cipher, Playfair cipher, etc. Block cipher is one in which a block ofplain text is treated as a whole and to produce a cipher text block of equal length. Typically, ablock size of 64 or 128 bits is used. The block cipher techniques are DES, AES and Triple DES.4

18. Write short notes on Blowfish.Blowfish is a symmetric block cipher that can be used as a drop in replacement for DES orIDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domesticand exportable use. Blowfish is unpatented and license-free, and is available free for all uses.11. Define cryptanalysis.An encryption scheme is computationally secure if the ciphertext generated by the scheme meetsone or both of the following criteria: The cost of breaking the cipher exceeds the value ofthe encrypted information The time required to break the cipher exceeds the useful lifetime ofthe information12. Compare Substitution and Transposition techniques.Substitution ciphersSubstitution ciphers encrypt plaintext by changing the plaintext one piece at a time.The Caesar Cipher was an early substitution cipher. In the Caesar Cipher, each character isshifted three places up. Therefore, A becomes D and B becomes E, etc This table shows “VOYAGER” being encrypted with the Caesar substitution cipher:Transposition ciphersTransposition ciphers encrypt plaintext by moving small pieces of the message around.Anagrams are a primitive transposition cipher.This table shows “VOYAGER” being encrypted with a primitive transposition cipher whereevery two letters are switched with each other:VOYAGEROVAYEGR5

13. Analyse why Random numbers are used in Network Security.Random Number GenerationRandom numbers play an important role in the use of encryption for various networksecurity applications.The Use of Random Numbers A number of network security algorithms based on cryptography make use of randomnumbers. For example,Reciprocal authentication schemes. In both of these key distribution scenarios,nonces are used for handshaking to prevent replay attacks. The use of random numbersfor the nonces frustrates opponents' efforts to determine or guess the nonce.Session key generation, whether done by a key distribution center or by one of theprincipals.Generation of keys for the RSA public-key encryption algorithm.RandomnessTraditionally, the concern in the generation of a sequence of allegedly random numbershas been that the sequence of numbers be random in some well-defined statistical sense.The following two criteria are used to validate that a sequence of numbers is random: Uniform distribution: The distribution of numbers in the sequence should beuniform; that is, the frequency of occurrence of each of the numbers should beapproximately the same. Independence: No one value in the sequence can be inferred from the others.Pseudorandom Number Generators (PRNGs)Cryptographic applications typically make use of algorithmic techniques for random numbergeneration. These algorithms are deterministic and therefore produce sequences of numbersthat are not statistically random. However, if the algorithm is good, the resulting sequenceswill pass many reasonable tests of randomness. Such numbers are referred toas pseudorandom numbers.14. List the four categories of security threats. RFC 2828, describes four kinds of threat consequences– Unauthorised Disclosure– Deception– Disruption– Usurption6

15. Solve 117 mod 13.We have 117/13 9 and remainder 0.So 117 mod 13 0.16. Define primitive root.17. Compare Block and Stream cipher. Block vs Stream Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process messages a bit or byte at a time when en/decrypting7

many current ciphers are block ciphers better analysed broader range of applications Block vs Stream Ciphers Block Cipher Principles most symmetric block ciphers are based on a Feistel Cipher Structure needed since must be able to decrypt cipher text to recover messages efficiently block ciphers look like an extremely large substitution would need table of 264 entries for a 64-bit block instead create from smaller building blocks using idea of a product cipher18. What are rings?19. Define fields.20. List the three classes of Polynomial Arithmetic.8

21. Write Euclid’s algorithm for computing GCD.PART-B1. State and Describe(i) Fermat’s theorem(8)Fermat's Little TheoremIfis a prime number and is a natural number, then(1)Furthermore, if( does not divide ), then there exists some smallestexponent such that(2)and divides. Hence,(3)The theorem is sometimes also simply known as "Fermat's theorem"(ii) Euler’s theorem(8)9

Euler's Theorem a generalisation of Fermat's Theorem aø(n) 1 (mod n) for any a,n where gcd(a,n) 1 eg.a 3;n 10; ø(10) 4;hence 34 81 1 mod 10a 2;n 11; ø(11) 10;hence 210 1024 1 mod 112 (i) Tabulate the substitution Techniques in detail10(8)

(ii) Discribe the Transposition Techniques in detail11(8)

3 (i) List the different types of attacks and explain in detail.(8)PassiveAttackeavesdrop(ii) Describe Chinese remainder theorem with example.12she nature of(8)

4.Summarize the following in detail(i) Modular Exponentiation(8)13

Modular ExponentiationSuppose we are asked to compute 3535 modulo 77. We could calculate 35 24335 243 and thenreduce 243243 mod 77, but a better way is to observe 34 (32)234 (32)2.Since 32 9 232 9 2 we have 34 22 434 22 4, and lastly35 34 3 4 3 5(mod7).35 34 3 4 3 5(mod7).The second way is better because the numbers involved are smaller.This trick, known as repeated squaring, allows us to compute akak mod nn usingonly O(logk)O(log k) modular multiplications. (We can use the same trick when exponentiatingintegers, but then the multiplications are not modular multiplications, and each multiplicationtakes at least twice as long as the previous one.)Modular Exponentiation(Raising to a Power with a modulus)E.g. To find 1113 mod 5313 8 4 1 so 1113 118 4 1 118 * 114 * 111We can compute successive squares of 11 to obtain 11, 112, 114, 118 and then multiply together111 * 114 * 118 to get the answer 1113 .Because we are working mod 53, we will “take mods” at every stage of the calculation.Thus we have:11 mod 53 11112 121, 121 mod 53 121 – 2*53 15114 (112)2 152 mod 53 225 mod 53 225 – 4*53 1314

118 (114)2 132 mod 53 169 mod 53 169 – 3*53 10Therefore 1113 mod 53 11 * 13 * 10 1430 mod 53 1430 – 26*53 52The answer is 1113 mod 53 52This method of computing modular exponentiations can be formalised into an algorithm asfollows:To compute xn mod pInitialise y 1; u x mod p;RepeatIf n is odd then y: (y*u) mod p;n: n div 2;u: (u*u) mod p;Until n 0;Output y;Here the u value is the successive squaring of x, and the y value is the multiplication together ofthe required squared values of x.To compute 1113 mod 53 using this algorithm:yun15

1111311 (1*11 mod 53)15(112 mod 53)6(13 div 2)11 ( n even, y doesn’t alter)13(152 mod 53)3(6 div 2)37 (11*13 mod 53)10(132 mod 53)1(1 div 2)0(1 div 2)52 (37 * 10 mod 53)(ii) Finite fields(8)16

5. Discuss about the Groups, Rings and Field17

18

6. Differentiate between transposition cipher and substitution cipher. Apply twostage transpositionsCipher on the “treat diagrams as single units” using the keyword “sequence”.Substitution and Transposition CiphersSubstitution and transposition ciphers are two categories of ciphers used in classicalcryptography. Substitution and transposition differ in how chunks of the message arehandled by the encryption process.Substitution ciphersSubstitution ciphers encrypt plain text by changing the plaintext one piece at a time.The Caesar Cipher was an early substitution cipher. In the Caesar Cipher, each characteris shifted three places up. Therefore, A becomes D and B becomes E, etc This table shows “VOYAGER” being encrypted with the Caesar substitution cipher:PlaintextVOYAGERKey 3 3 3 3 3 3 3CiphertextYRBDJHUA more complex substitution cipher would be created if, instead of incrementing eachcharacter by three, we used a more complex key. This table shows a simple substitutioncipher with a key of “123”.19

PlaintextVOYAGERKey 1 2 3 1 2 3 1CiphertextWQBBIHSAn even more complex substitution cipher can be made by having each character of thealphabet correspond to a different letter of the alphabet, without a set pattern.PlaintextAB C D E F G H I J K L M N O P Q R S T U V W X Y ZKeyTO E U N Z I A G X P Q Y R H V S M D F C J W B K LUsing this substitution cipher to encrypt VOYAGER would give us these results:PlaintextVOYAGERCiphertextJHKTXNMThe Vernam Cipher, or one time pad, is a simple substitution cipher where the key lengthequals the message length.ROT-1 is a simple substitution cipher used to encode messages on Usenet.Transposition ciphersTransposition ciphers encrypt plaintext by moving small pieces of the message around.Anagrams are a primitive transposition cipher.This table shows “VOYAGER” being encrypted with a primitive transposition cipherwhere every two letters are switched with each other:VOYAGEROVAYEGRSubstitution and transposition ciphers in modern timesModern cryptanalysis makes simple substitution and transposition ciphers obsolete.However, these techniques remain useful for understanding cryptography and theworkings of more complex modern ciphers.20

6. What is Transposition Cipher? In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plain text are shifted according to a regular system, so that the cipher text constitutes a permutation of the plain text. The simplest such cipher is the rail fence technique 7. Define Steganography.