INFORMATION AND NETWORK SECURITY

ASSIGNMENT - I

Group Member –
Unit 2 - Introduction to Cryptography: Definitions and
Goals
Cryptography is the practice and study of techniques for secure
communication in the presence of adversaries. The word originates
from the Greek words kryptos ("hidden") and graphein ("to write").
Its primary goal is to protect information and ensure secure data
transmission and storage.
The main goals of cryptography, often referred to as the pillars of
information security, are:
 Confidentiality: Ensures that information is accessible only to
authorized parties. It prevents the unauthorized disclosure of
sensitive data. This is typically achieved through encryption.
o Example: When you enter your password on a website,
encryption ensures that an eavesdropper on the network
cannot read it.
 Integrity: Guarantees that the data has not been altered,
tampered with, or corrupted in transit.
o Example: When you download a software file, a hash
value is often provided. You can compute the hash of the
downloaded file and compare it to the provided one to
ensure the file wasn't modified.
 Authentication: Verifies the identity of a user, system, or entity.
It confirms that the parties involved in a communication are
who they claim to be.
o Example: Logging into your email account with a
username and password authenticates your identity to
the server.
  Non-repudiation: Provides proof that a specific party sent a
message or performed an action, preventing them from later
denying it.
o Example: A digital signature on a contract provides non-
repudiation, as only the person with the private key could
have created it.

Symmetric Key Cryptography

Also known as secret-key cryptography, this method uses a single,
shared key to both encrypt and decrypt data. Both the sender and
the receiver must have the same key, which must be kept secret. This
method is generally very fast.
Algorithms
 DES (Data Encryption Standard):
o Developed by IBM in the 1970s and adopted as a U.S.
government standard.
o It is a block cipher, meaning it encrypts data in fixed-size
blocks.
o Block Size: 64 bits.
o Key Size: 56 bits (originally 64 bits, but 8 are parity bits).
o Status: DES is now considered insecure due to its small
key size. A 56-bit key can be cracked relatively quickly with
modern computing power using brute-force attacks. Its
successor, 3DES (Triple DES), applies the DES algorithm
three times but is much slower.
 AES (Advanced Encryption Standard):
o The current global standard for symmetric encryption,
adopted by the U.S. government in 2001.
 o It is based on the Rijndael algorithm.
o Block Size: 128 bits.
o Key Sizes: Can be 128, 192, or 256 bits, making it much
more secure than DES.
o How it works: AES operates in a series of rounds. The
number of rounds depends on the key size (10 rounds for
128-bit, 12 for 192-bit, and 14 for 256-bit). Each round
consists of several steps: SubBytes (substitution),
ShiftRows (transposition), MixColumns (mixing), and
AddRoundKey (key addition).
Modes of Operation
When encrypting messages longer than a single block, a mode of
operation is required. These modes define how to repeatedly apply a
cipher's single-block operation to securely transform amounts of data
larger than a block.
 Electronic Codebook (ECB): The simplest mode. Each block is
encrypted independently with the same key. This mode is not
recommended because identical plaintext blocks result in
identical ciphertext blocks, revealing patterns in the data.
o Example: Encrypting an image in ECB mode might still
show the outline of the original image.
 Cipher Block Chaining (CBC): Each plaintext block is XORed with
the previous ciphertext block before being encrypted. An
Initialization Vector (IV) is used for the first block. This ensures
that even if two plaintext blocks are identical, their
corresponding ciphertext blocks will be different.
 Counter (CTR): Turns a block cipher into a stream cipher. It
encrypts a "counter" value for each block and then XORs the
 result with the plaintext block. This allows for parallel
encryption and decryption.
Key Management
The biggest challenge in symmetric cryptography is key distribution.
How do you securely share the secret key with the intended recipient
without an adversary intercepting it? If the key is compromised, all
communication is compromised. This problem is a primary
motivation for the development of asymmetric cryptography.

Asymmetric Key Cryptography

Also known as public-key cryptography, this system uses a pair of
keys for each user: a public key and a private key.
 The public key can be shared with anyone.
 The private key must be kept secret by the owner.
Data encrypted with the public key can only be decrypted with the
corresponding private key. This solves the key distribution problem of
symmetric cryptography.
Licensed by Google
RSA (Rivest-Shamir-Adleman)
RSA is the most widely used asymmetric algorithm. Its security relies
on the computational difficulty of factoring large prime numbers.
 Key Generation:
1. Choose two large prime numbers, p and q.
2. Calculate n=p×q.
3. Calculate Euler's totient function: ϕ(n)=(p−1)×(q−1).
4. Choose an integer e (the public key exponent) such that
1<e<ϕ(n) and e is coprime to ϕ(n).
5. Calculate d (the private key exponent) such that
d×e≡1(modϕ(n)).
o Public Key: (e,n)
o Private Key: (d,n)
 Encryption: To encrypt a message P, the sender uses the
recipient's public key (e,n): C=Pe(modn).
 Decryption: The recipient uses their private key (d,n) to decrypt
the ciphertext C: P=Cd(modn).
  Example:
1. p=3, q=11⟹n=33, ϕ(n)=(3−1)(11−1)=20.
2. Choose e=7 (coprime to 20).
3. Find d such that 7d≡1(mod20). Here, d=3 because
7×3=21≡1(mod20).
4. Public key is (7,33), Private key is (3,33).
5. To encrypt plaintext P=2: C=27(mod33)=128(mod33)=29.
6. To decrypt ciphertext C=29:
P=293(mod33)=24389(mod33)=2.
ECC (Elliptic Curve Cryptography)
ECC is an alternative to RSA that provides the same level of security
with much smaller key sizes. This makes it ideal for devices with
limited processing power, like smartphones and IoT devices. Its
security is based on the difficulty of solving the elliptic curve discrete
logarithm problem.
Digital Signatures
Digital signatures use asymmetric cryptography to provide
authentication, integrity, and non-repudiation.
 Signing Process:
1. The sender creates a hash of the message.
2. The sender encrypts this hash value with their own
private key. The result is the digital signature.
3. The signature is attached to the original message and
sent.
 Verification Process:
1. The receiver decrypts the signature using the sender's
public key. This reveals the original hash.
 2. The receiver computes a new hash of the received
message.
3. If the two hashes match, the signature is valid. This proves
the message came from the sender (authentication) and
was not altered (integrity).

Hash Functions
A cryptographic hash function is a mathematical algorithm that maps
data of arbitrary size to a bit string of a fixed size (the hash value). It's
a one-way function, meaning it's computationally infeasible to
reverse.
Key properties include:
 Pre-image resistance: Given a hash h, it should be hard to find a
message m such that hash(m)=h.
 Second pre-image resistance: Given a message m1, it should be
hard to find a different message m2 such that hash(m1
)=hash(m2).
 Collision resistance: It should be hard to find two different
messages, m1 and m2, such that hash(m1)=hash(m2).

SHA (Secure Hash Algorithm)

 A family of hash functions developed by the U.S. National
Security Agency (NSA).
 SHA-1: Produces a 160-bit hash. It is no longer considered
secure against well-funded adversaries due to discovered
collision attacks.
  SHA-2: Includes variants like SHA-256 and SHA-512, producing
256-bit and 512-bit hashes, respectively. They are widely used
and currently considered secure.
 SHA-3: A newer standard selected in 2012, based on a different
structure called a "sponge construction."
MD5 (Message Digest 5)
 Produces a 128-bit hash value.
 MD5 is now considered broken and insecure for cryptographic
purposes because practical collision attacks have been
demonstrated. It should not be used for applications like digital
signatures or password storage. It is sometimes still used for file
integrity checks where security is not a primary concern.
Applications of Hashing
 Password Storage: Systems store the hash of a user's password
instead of the password itself. When a user logs in, the system
hashes the entered password and compares it to the stored
hash.
 Data Integrity: To verify that a file has not been altered during
download or transfer.
 Digital Signatures: Hashing is the first step in creating a digital
signature.
 Blockchains: Hashing is fundamental to cryptocurrencies like
Bitcoin for linking blocks together in a chain.

Cryptographic Protocols
Protocols are sets of rules that dictate how cryptographic algorithms
should be used to achieve secure communication.
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
  TLS is the successor to SSL. It is the standard protocol for
providing a secure communication channel over a computer
network. It is the "S" in HTTPS.
 Goal: To provide confidentiality and integrity between two
communicating applications.
 The TLS Handshake: When you connect to a secure website, a
handshake process occurs:
1. The client sends a "ClientHello" message, listing its
supported cipher suites (combinations of encryption, key
exchange, and hash algorithms).
2. The server responds with a "ServerHello," choosing a
cipher suite from the client's list.
3. The server sends its digital certificate, which contains its
public key and is signed by a trusted Certificate Authority
(CA).
4. The client verifies the server's certificate.
5. The client and server use a key exchange protocol (like
Diffie-Hellman) to securely generate a shared session key.
6. All further communication is encrypted and decrypted
using this symmetric session key.
PGP (Pretty Good Privacy)
 A popular program used for encrypting and signing emails and
files.
 It uses a combination of symmetric and asymmetric
cryptography. For example, to send an encrypted email, PGP
generates a random symmetric key, encrypts the email with it,
and then encrypts that symmetric key with the recipient's
public key.
  Web of Trust: Unlike the centralized CA model of TLS, PGP uses
a decentralized trust model. Users can sign each other's public
keys, vouching for the identity of the key's owner.
Key Exchange Protocols
These protocols allow two parties who have no prior knowledge of
each other to jointly establish a shared secret key over an insecure
channel.
 Diffie-Hellman Key Exchange: This protocol allows two parties
to create a shared secret without ever transmitting it directly.
o Analogy (Mixing Paint):
1. Alice and Bob publicly agree on a common paint
color (e.g., yellow). This is a public value.
2. Alice secretly chooses her own private color (e.g.,
red) and Bob secretly chooses his (e.g., blue).
3. Alice mixes the common yellow with her secret red
to get orange. Bob mixes the common yellow with
his secret blue to get light blue.
4. They exchange their mixed colors over the public
channel. Alice sends her orange paint to Bob, and
Bob sends his light blue paint to Alice.
5. Alice mixes her secret red with the light blue paint
she received from Bob. Bob mixes his secret blue
with the orange paint he received from Alice.
6. Both now have the same final color (a brownish
mix), which is their shared secret. An eavesdropper
who only saw the common yellow, orange, and light
blue paints cannot easily determine the final secret
color.
o Mathematical Process: This is done with modular
arithmetic, but the principle is the same. The public values
are a prime modulus p and a generator g. The secret
"colors" are secret integers chosen by Alice and Bob.