COURSE OBJECTIVES

SUBJECT DETAILS

COURSE CODE : CS6701

COURSE NAME : CRYPTOGRAPHY AND NETWORK SECURITY

BRANCH : CSE

SEM/YEAR : VII SEM / IV YEAR

ACADEMIC YEAR : 2017-2018

OBJECTIVES:

The student should be made to:

 Understand OSI security architecture and classical encryption techniques.

 Acquire fundamental knowledge on the concepts of finite fields and number theory.
 Understand various block cipher and stream cipher models.
 Describe the principles of public key cryptosystems, hash functions and digital signature.
SYLLABUS
 CS6701 CRYPTOGRAPHY AND NETWORK SECURITY

UNIT I INTRODUCTION & NUMBER THEORY 10

Services, Mechanisms and attacks-the OSI security architecture-Network security
model-Classical Encryption techniques (Symmetric cipher model, substitution
techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER
THEORY: Groups, Rings, Fields-Modular arithmetic- Euclid’s algorithm-Finite fields-
Polynomial Arithmetic –Prime numbers-Fermat’s and Euler’s theorem- Testing for
primality -The Chinese remainder theorem- Discrete logarithms.

UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY 10

Data Encryption Standard-Block cipher principles-block cipher modes of operation-
Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key
cryptography: Principles of public key cryptosystems-The RSA algorithm-Key
management – Diffie Hellman Key exchange- Elliptic curve arithmetic-Elliptic curve
cryptography.

UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES 8

Authentication requirement – Authentication function – MAC – Hash function – Security
of hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and
authentication protocols – DSS – EI Gamal – Schnorr.

UNIT IV SECURITY PRACTICE & SYSTEM SECURITY 8

Authentication applications – Kerberos – X.509 Authentication services – Internet
Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of
Firewalls – Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion
detection system – Virus and related threats – Countermeasures – Firewalls design
principles – Trusted systems – Practical implementation of cryptography and security.

UNIT V E-MAIL, IP & WEB SECURITY 9

E-mail Security: Security Services for E-mail-attacks possible through E-mail –
establishing keys privacy-authentication of the source-Message Integrity-Non-
repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview of IPSec – IP and IPv6-
Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange
(Phases of IKE, ISAKMP/IKE Encoding). Web Security: SSL/TLS Basic Protocol-
computing the keys- client authentication-PKI as deployed by SSLAttacks fixed in v3-
Exportability-Encoding-Secure Electronic Transaction (SET).
TOTAL: 45 PERIODS

TEXT BOOKS:
1. William Stallings, Cryptography and Network Security, 6th Edition,
Pearson
Education, March 2013. (UNIT I,II,III,IV).
2. Charlie Kaufman, Radia Perlman and Mike Speciner, “Network Security”, Prentice
Hall of India, 2002. (UNIT V).
TIME TABLE
COURSE DELIVERY PLAN
 SMK FOMRA INSTITUTE OF TECHNOLOGY
LESSON PLAN
Sub. Code : CS6701
Sub. Name : CRYPTOGRAPHY AND Start
NETWORK SECURITY Date:
Academic Year :
Branch : CSE
Semester : VII End
Theory Hours : 45 Date:
Tutorial Hours :-
Total Hours : 45

UNIT I INTRODUCTION & NUMBER THEORY 10

Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical
Encryption techniques (Symmetric cipher model, substitution techniques, transposition
techniques, steganography).FINITE FIELDS AND NUMBER THEORY: Groups, Rings, Fields-Modular
arithmetic- Euclid’s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers-Fermat’s and
Euler’s theorem- Testing for primality -The Chinese remainder theorem- Discrete logarithms.
UNIT TEACHING
S.NO DATE HOURS TOPICS TO BE COVERED REFERENCE REMARKS
NO METHOD
Services, Mechanisms and
1 I T1 BB
attacks
OSI security architecture-
Network security model –
2 classical encryption I T1 BB
techniques, substitution –
Caesar, play fair,Vigenere
substitution techniques-
Hill ,one time pad ,
3 transposition techniques, I T1 BB
rotor machines
-steganography
Finite Fields And Number
4 Theory Groups, Rings, I T1 BB
Fields
5 Modular arithmetic I T1 BB
6 Euclid’s algorithm I T1 BB
Finite fields, Polynomial
7 I T1 BB
Arithmetic
Prime numbers, Fermat's
8 and Euler's theorem, Testing I T1 BB
for primality
9 The Chinese remainder I T1 BB
 theorem
10 Discrete logarithm I T1 BB

UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY 10

Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced
Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography:
Principles of public key cryptosystems-The RSA algorithm-Key management - Diffie Hellman Key
exchange-Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT TEACHING
S.NO DATE HOURS TOPICS TO BE COVERED REFERENCE REMARKS
NO METHOD

11 II T1 BB
Data Encryption Standard

12 Block cipher principles, II T1 BB

block cipher modes of
operation

13 Triple DES , Advanced II T1 BB

Encryption Standard (AES)

14 II T1 BB
Blowfish
15 RC5 algorithm II T1 BB
Public key cryptography:
16 Principles of public key II T1 BB
cryptosystems,

The RSA algorithm-Key

17 management II T1 BB

18 II T1 BB
Diffie Hellman Key exchange
19 II T1 BB
Elliptic curve arithmetic

20 II T1 BB
Elliptic curve cryptography.

UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES 8

Authentication requirement – Authentication function – MAC – Hash function – Security of hash function
and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication protocols – DSS –
EI Gamal – Schnorr.
UNIT TEACHING
S.NO DATE HOURS TOPICS TO BE COVERED REFERENCE REMARKS
NO METHOD
Authentication requirement
21 III T1 BB
– Authentication function
 22 MAC – Hash function III T1 BB
Security of hash function
23 III T1 BB
and MAC
24 MD5 – SHA III T1 BB
25 HMAC – CMAC III T1 BB
Digital signature and
26 III T1 BB
authentication protocols
27 DSS III T1 BB
28 El Gamal – Schnorr.

UNIT IV SECURITY PRACTICE & SYSTEM SECURITY 8

Authentication applications – Kerberos – X.509 Authentication services – Internet Firewalls for Trusted
System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for
E-Commerce Transactions. Intruder – Intrusion detection system – Virus and related threats –
Countermeasures – Firewalls design principles – Trusted systems – Practical implementation of cryptography
and security
UNIT TEACHING
S.NO DATE HOURS TOPICS TO BE COVERED REFERENCE REMARKS
NO METHOD

29 IV T1 BB
Authentication applications –
Kerberos

30 IV T1 BB
X.509 Authentication
services
Internet Firewalls for
Trusted System: Roles
of Firewalls – Firewall
related terminology-
31 Types of Firewalls - IV T1 BB
Firewall designs
-Firewalls design
principles

32 IV T1 BB
SET for E-Commerce
Transactions

33 IV T1 BB
Intruder – Intrusion detection
system

34 IV T1 BB
Virus and related threats –
Countermeasures
 35 IV T1 BB
Trusted system
Practical implementation of
36 cryptography and security. IV T1 BB

UNIT V EMAIL, IP & WEB SECURITY 9

E-mail Security: Security Services for E-mail-attacks possible through E-mail – establishing keys privacy-
authentication of the source-Message Integrity-Non- repudiation-Pretty Good Privacy-S/MIME.
IPSecurity: Overview of IPSec – IP and IPv6- Authentication Header-Encapsulation Security Payload
(ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding). Web Security: SSL/TLS
Basic Protocol- computing the keys- client authentication-PKI as deployed by SSLAttacks fixed in v3-
Exportability-Encoding-Secure Electronic Transaction (SET)

.
UNIT TEACHING
S.NO DATE HOURS TOPICS TO BE COVERED REFERENCE REMARKS
NO METHOD
E-mail Security: Security
Services for E-mail-attacks
possible
through E-mail -
37 establishing keys privacy- V T1 BB
authentication of the
source-Message Integrity-
Non-repudiation

38 V T1 BB
Pretty Good Privacy
39 V T1 BB
S/MIME

40 IPSecurity: Overview V T1 BB
of IPSec - IP and IPv6-
Web Security: SSL/TLS
Basic Protocol-computing
41 the keys- client V T1 BB
authentication-

Authentication Header-
42 Encapsulation Security V T1 BB
Payload (ESP)

PKI as deployed by
43 SSLAttacks fixed in v3- V T1 BB
Exportability-Encoding
 Internet Key Exchange
44 (Phases of IKE, V T1 BB
ISAKMP/IKE Encoding).

45 V T1 BB
SET

PREPARED BY REVIEWED BY APPROVED BY

COURSE CODE : CS6701

COURSE NAME : CRYPTOGRAPHY AND NETWORK SECURITY

BRANCH : CSE

YEAR / SEM : IV / VII

ACADEMIC YEAR :

ASSIGNMENT PLAN
S.No TOPICS SUBMIT DATE
1. Explain about finite fields and number theory.
(CO1)
1
2. Explain about Chinese remainder theorem.
(CO1)
1. Explain about DES and AES. (CO2)
2 2. Explain about Diffie Hellman key exchange.
(CO2)
3 1. Explain about MD5 and SHA.(CO3)
 2. Explain about digital signature and
authentication protocols. (CO3)
1. Explain about Kerberos. (CO4)
4 2. Explain about SET and firewall design
principles. (CO4)
1. Explain about ISAKMP/IKE Encoding (CO5)
5
2. Explain S/MIME in detail. (CO5)

COURSE CODE : CS6701

COURSE NAME : CRYPTOGRAPHY AND NETWORK SECURITY

BRANCH : CSE

YEAR / SEM : III / V

ACADEMIC YEAR :

INTERNAL ASSESSMENT PLAN

S.NO ASSESSMENT NAME DATE

1 INTERNAL ASSESSMENT -1
2 INTERNAL ASSESSMENT -2
3 INTERNAL ASSESSMENT -3
4 MODEL EXAMINATION
TUTORIAL PLAN
&
TUTORIAL QUESTION
PAPERS AND KEY
(NOT APPLICABLE)

INTERNAL QUESTION
PAPER WITH ANSWER
KEY & MARK SHEETS
(I, II & MODEL – I & II)
 Reg No:

S.M.K FOMRA INSTITUTE OF TECHNOLOGY, CHENNAI

Internal Assessment Test – I
Seventh Semester
Information Technology
CS6701 CRYTOGRAPHY AND NETWORK SECURITY
Time: 2 hours Maximum :50 marks
Answer ALL questions
PART A – (8*2=16 marks)

1. What is the OSI security architecture?

2. What is the difference between passive and active attacks?
3. List the categories of passive attacks
4. List the categories of active attacks
 5. List the category of security services.
6. What is the purpose of state array?
7. How is the S-box constructed?
8. Describe subbytes in detail.
PART B (2*13 = 26 marks)

6.(a). List and briefly define categories of security services. (13)

(OR)
(b). List and briefly define categories of security mechanisms. (13)

7.(a). List and briefly define categories of passive and active security attacks.
What are the different types of attacks? (13)
(OR)
(b) Explain in detail about The OSI Security Architecture Contents. (13)

PART C (1*8 = 8 marks)

8. (a) Explain in detail about data encryption standard. (8)

(OR)
(b) Explain in detail about block cipher design principles. (8)

Part A

1. What is the OSI security architecture? [C01 - L1]

The OSI (open system interconnection) security architecture provides a systematic
framework for defining security attacks, mechanisms and services.

2. What is the difference between passive and active attacks? [C01 - L1]
A passive attack attempt to learn or eavesdropping on transmission and it does not affect system
resources or affect their operations.
A active attacks involve some modification of the data stream or information.

3. List the categories of passive attacks. [C01 - L1]

Traffic analysis
Release of message

4. List the categories of active attacks. [C01 - L1]

Masquerade, Replay, Modification of massage, Denial of service

5. List the categories of security services. [C01 - L1]

Authentication, Access control, Data confidentiality, Data integrity, Non repudiation

6. What is the purpose of the State array? [C02 - L1]

A single 128-bit block is depicted as a square matrix of bytes. This block is copied into the State
array, which is modified at each stage of encryption or decryption. After the final stage, State is
copied to an output matrix.

7. How is the S-box constructed? [C02- L1]

The S-box is constructed in the following fashion:
Initialize the S-box with the byte values in ascending sequence row by row. The first row
contains {00}, {01}, {02}... {0F}; the second row contains {10},{11},etc and so on. Thus,
the value of the byte at row x, column y is {x y}.
Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the value
{00} is mapped to itself. Consider that each byte in the S-box consists of 8 bits labeled (b7,
b6, b5, b4, b3, b2, b1,b0 ).Apply the following transformation to each bit of each byte in the S-
box.

8. Briefly describe Sub Bytes. [C02 – L3]

Sub byte uses an S-box to perform a byte-by-byte substitution of the block. The leftmost 4 bits
of the byte are used as row value and the rightmost 4 bits are used as a column value.
These row and column values serve as indexes into the S-box to select a unique 8- bit value.

PART B (2*13 = 26 marks)

6 (a). List and briefly define categories of security services. [C01 – L1]

Introduction

X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or of data
transfers.

Perhaps a clearer definition is found in RFC 2828, which provides the following definition: a
processing or communication service that is provided by a system to give a specific kind of
protection to system resources; security services implement security policies and are
implemented by security mechanisms.

X.800 divides these services into five categories and fourteen specific services .We look at each
category in turn.
 1. Authentication

The authentication service is concerned with assuring that a communication is authentic.

In the case of a single message, such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message is from the source that it claims
to be from.

In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects
are involved. First, at the time of connection initiation, the service assures that the two entities
are authentic, that is, that each is the entity that it claims to be.

Second, the service must assure that the connection is not interfered with in such a way that a
third party can masquerade as one of the two legitimate parties for the purposes of unauthorized
transmission or reception.

Two specific authentication services are defined in X.800: Peer

Entity Authentication

Used in association with a logical connection to provide confidence in the identity of the entities
connected.

Data Origin Authentication

In a connectionless transfer, provides assurance that the source of received data is as claimed.
2. Access Control

The prevention of unauthorized use of a resource (i.e., this service controls who can have access
to a resource, under what conditions access can occur, and what those accessing the resource are
allowed to do).

3. Data Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time

The protection of data from unauthorized disclosure.

Connection Confidentiality
The protection of all user data on a connection
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality

4. Data Integrity

As with confidentiality, integrity can apply to a stream of messages, a single message, or

selected fields within a message. Again, the most useful and straightforward approach is
total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages, assures that
messages are received as sent with no duplication, insertion, modification, reordering, or
replays. The destruction of data is also covered under this service. Thus, the connection-oriented
integrity service addresses both message stream modification and denial of service.

On the other hand, a connectionless integrity service, one that deals with individual messages
without regard to any larger context, generally provides protection against message modification
only.
We can make a distinction between service with and without recovery. Because the integrity
service relates to active attacks, we are concerned with detection rather than prevention. If a
violation of integrity is detected, then the service may simply report this violation, and some
other portion of software or human intervention is required to recover from the violation.

Alternatively, there are mechanisms available to recover from the loss of integrity of data,
as we will review subsequently. The incorporation of automated recovery mechanisms is, in
general, the more attractive alternative.
Connection Integrity with Recovery

Provides for the integrity of all user data on a connection and detects any modification,
insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted.

Connection Integrity without Recovery

As above, but provides only detection without recovery.

Selective-Field Connection Integrity

Provides for the integrity of selected fields within the user data of a data block
transferred over a connection and takes the form of determination of whether the selected
fields have been modified, inserted, deleted, or replayed.

Connectionless Integrity

Provides for the integrity of a single connectionless data block and may take the form of
detection of data modification. Additionally, a limited form of replay detection may be provided.

Selective-Field Connectionless Integrity

Provides for the integrity of selected fields within a single connectionless data block takes the
form of determination of whether the selected fields have been modified.

5. Nonrepudiation

Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact
received the message.

6. Availability Service

Both X.800 and RFC 2828 define availability to be the property of a system or a system
resource being accessible and usable upon demand by an authorized system entity, according to
performance specifications for the system (i.e., a system is available if it provides services
according to the system design whenever users request them).

A variety of attacks can result in the loss of or reduction in availability. Some of these attacks
are amenable to automated countermeasures, such as authentication and encryption, whereas
others require some sort of physical action to prevent or recover from loss of availability of
elements of a distributed system.

X.800 treats availability as a property to be associated with various security services. However,
it makes sense to call out specifically an availability service.
An availability service is one that protects a system to ensure its availability. This
service addresses the security concerns raised by denial-of-service attacks. It depends on proper
management and control of system resources and thus depends on access control service and
other security services.

6 b. List and briefly define categories of security mechanisms. [C01 – L1]

Introduction

The mechanisms are divided into those that are implemented in a specific protocol layer, such
as TCP or an application-layer protocol, and those that are not specific to any particular
protocol layer or security service.

Encipherment

The use of mathematical algorithms to transform data into a form that is not readily intelligible.
The transformation and subsequent recovery of the data depend on an algorithm and zero or
more encryption keys.

Digital Signature

Data appended to, or a cryptographic transformation of, a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and protect against
forgery (e.g., by the recipient).

Access Control

A variety of mechanisms that enforce access rights to resources.

Data Integrity

A variety of mechanisms used to assure the integrity of a data unit or stream of data units.

Authentication Exchange

A mechanism intended to ensure the identity of an entity by means of information

exchange.

Traffic Padding

The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Routing Control

Enables selection of particular physically secure routes for certain data and allows routing
changes, especially when a breach of security is suspected.

Notarization

The use of a trusted third party to assure certain properties of a data exchange.

Pervasive Security Mechanisms

Mechanisms those are not specific to any particular OSI security service or protocol layer.

Trusted Functionality

That which is perceived to be correct with respect to some criteria (e.g., as established by a
security policy).

Security Label

The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource.

Event Detection

Detection of security-relevant events.

Security Audit Trail

Data collected and potentially used to facilitate a security audit, which is an independent review
and examination of system records and activities.

A reversible encipherment mechanism is simply an encryption algorithm that allows data

to be encrypted and subsequently decrypted.

Irreversible encipherment mechanisms include hash algorithms and message authentication

codes, which are used in digital signature and message authentication applications.

It based on one in X.800, indicates the relationship between security services and security
mechanisms.

7 b. Explain in detail about The OSI Security Architecture Contents. [C01 – L2]

Introduction

ITU-T3 Recommendation X.800, Security Architecture for OSI, defines such a systematic
approach.4 The OSI security architecture is useful to managers as a way of organizing the task
of providing security.
For our purposes, the OSI security architecture provides a useful, if abstract, overview of many
of the concepts that this book deals with. The OSI security architecture focuses on
security attacks, mechanisms, and services.

These can be defined briefly as

Security attack: Any action that compromises the security of information owned by an
organization.

Security mechanism: A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.

Security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service.

Threat

A potential for violation of security, which exists when there is a circumstance, Capability,
action, or event that could breach security and cause harm. That is, a threat is a possible danger
that might exploit vulnerability.

Attack

An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.

Security Attacks

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms
passive attacks and active attacks.

A passive attack attempts to learn or make use of information from the system but does not
affect system resources.

An active attack attempts to alter system resources or affect their operation.

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are release of message contents and traffic analysis.
The release of message contents is easily understood .A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information.

7 a. List and briefly define categories of passive and active security attacks. or What
are the different types of attacks? [C01 – L2-Nov/Dec 2013]
Introduction

Security attacks, uses both in X.800 and RFC 2828, is in terms of passive attacks and active
attacks. A passive attack attempts to learn or make use of information from the system but does
not affect system resources.

An active attack attempts to alter system resources or affect their operation. Passive attacks are
in the nature of eavesdropping on, or monitoring of, transmissions.

The goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.

The release of message contents is easily understood .A telephone conversation, an electronic

mail message, and a transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of these transmissions. A second
type of passive attack, traffic analysis, is subtler

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are

The release of message contents and

Traffic analysis
The release of message contents is easily understood. A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information.

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if
they captured the message, could not extract the information from the message.

Active Attacks

Active attacks involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories:

Masquerade,
Replay,
Modification of messages, and
Denial of service.

A masquerade - A masquerade attack usually includes one of the other forms of

active attack.

Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.

Modification of messages simply means that some portion of a legitimate message is

altered, or that messages are delayed or reordered, to produce an unauthorized effect.

The denial of service prevents or inhibits the normal use or management of

communications facilities.
Part- C (1*8=8 Marks)

8 a. Explain in details Data Encryption Standard. Or Draw the block diagram of single
round of DES algorithm and explain the Processing carried out in each block. [C02 - L1-
APR/MAY-2011-NOV/DEC 2012-MAY/JUN 2013-MAY/JUN 2014]

Introduction:

The most widely used encryption scheme is based on the Data Encryption Standard (DES)
adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards
and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46) .The
algorithms itself is referred to as the Data Encryption Algorithm (DEA).

DES Encryption:

The overall scheme for DES encryption is illustrated in fig. As with any encryption scheme,
there are two inputs to the encryption function: the plaintext to be encrypted and the key. In
this case, the plaintext must be 64 bits in length and key is 56 in length.

Looking at the left-hand side of the figure, we can see that the processing of the
plaintext proceeds in three phases. First, the 64-bit plaintext passes through an initial permutation
(IP) that rearranges the bits to produce the permuted input.

This is followed by a phase consisting of sixteen rounds of the same function, which involves
both permutation and substitution functions.

The output of the last (sixteenth) round consists of 64 bits that are a function of the input
plaintext and the key. The left and right halves of the output are swapped to produce the pre
output

Finally, the preoutput is passed through a permutation [IP -1] that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext. With the exception of the initial and
final permutations, DES has the exact structure of a Feistel Cipher
The right-hand portion of Figure shows the way in which the 56-bit key is used. Initially, the key
is passed through a permutation function. Then, for each of the sixteen rounds, a subkey (Ki) is
produced by the combination of a left circular shift and a permutation.
The permutation function is the same for each round, but a different subkey is produced because
of the repeated shifts of the key bits.

DES Decryption

As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the
application of the subkeys is reversed. Additionally, the initial and final permutations are
reversed.
 Fig .General Depiction of DES Encryption Algorithm

DES Example

For this example, the plaintext is a hexadecimal palindrome. The plaintext, key, and
resulting ciphertext are as follows:

Results
Table 3.2 shows the progression of the algorithm. The first row shows the 32-bit values of the
left and right halves of data after the initial permutation. The next 16 rows show the results
after each round. Also shown is the value of the 48-bit subkey
The Avalanche Effect

A desirable property of any encryption algorithm is that a small change in either the
plaintext or the key should produce a significant change in the cipher text.

In particular, a change in one bit of the plaintext or one bit of the key should produce a change
in many bits of the cipher text.

This is referred to as the avalanche effect. If the change were small, this might provide a way to
reduce the size of the plaintext or key space to be searched.

Using the example from Table 3.2, Table 3.3 shows the result when the fourth bit of the
plaintext is changed,

So that the plaintext is 12468aceeca86420.

The second column of the table shows the intermediate 64-bit values at the end of each round for
the two plaintexts. The third column shows the number of bits that differ between the two
intermediate values. The table shows that, after just three rounds, 18 bits differ between the two
blocks. On completion, the two ciphertexts differ in 32 bit positions.

Table 3.4 shows a similar test using the original plaintext of with two keys that differ in only
the fourth bit position: the original key, 0f1571c947d9e859, and the altered key,
1f1571c947d9e859. Again, the results show that about half of the bits in the ciphertext differ
and that the avalanche effect is pronounced after just a few rounds.

The strength of DES

The Use of 56-Bit Keys

The Nature of the DES Algorithm
Timing Attacks
The Use of 56-Bit Keys
With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 *
1016 keys. Thus, on the face of it, a brute-force attack appears impractical.
Assuming that, on average, half the key space has to be searched, a single machine performing
one DES encryption per microsecond would take more than a thousand years to break the
cipher.
The Nature of the DES Algorithm

The focus of concern has been on the eight substitution tables, or S-boxes, that are used in
each iteration . Because the design criteria for these boxes, and indeed for the entire algorithm,
were not made public, there is a suspicion that the boxes were constructed in such a way that
cryptanalysis is possible for an opponent who knows the weaknesses in the S-boxes.
This assertion is tantalizing, and over the years a number of regularities and unexpected
behaviors of the S-boxes have been discovered. Despite this, no one has so far succeeded in
discovering the supposed fatal weaknesses in the S-boxes.9
Timing Attacks
Timing attacks in more detail in Part Two, as they relate to public-key algorithms.
However, the issue may also be relevant for symmetric ciphers.In essence, a timing attack is one
in which information about the key or the plaintext is obtained by observing how long it takes a
given implementation to perform decryptions on various cipher texts.
8b. Explain the Block cipher Design principles. [C02 – L2]
Introduction
Although much progress has been made in designing block ciphers that are
cryptographically strong, the basic principles have not changed all that much since the work of
Feistel and the DES design team in the early 1970s.

In this section we look at three critical aspects of block cipher design: the number of rounds,
design of the function F, and key scheduling
Number of Rounds

The cryptographic strength of a Feistel cipher derives from three aspects of the design: The
number of rounds, the function F, and the key schedule algorithm. Let us look first
at the choice of the number of rounds.
The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a
relatively weak F.
In general, the criterion should be that the number of rounds is chosen so that known
cryptanalytic efforts require greater effort than a simple brute-force key search attack.
This criterion was certainly used in the design of DES. Schneier observes that for 16- round
DES, a differential cryptanalysis attack is slightly less efficient than brute force:
The differential cryptanalysis attack requires 255.1 operations,10 whereas brute force requires
255.
If DES had 15 or fewer rounds, differential cryptanalysis would require less effort than a brute-
force key search.
This criterion is attractive, because it makes it easy to judge the strength of an algorithm and to
compare different algorithms. In the absence of a cryptanalytic breakthrough, the strength of any
algorithm that satisfies the criterion can be judged solely on key length.

Design of Function F
The heart of a Feistel block cipher is the function F, which provides the element of confusion in
a Feistel cipher. Thus, it must be difficult to ―unscramble‖ the substitution performed by F.
One obvious criterion is that F be nonlinear, as we discussed previously. The more nonlinear F,
the more difficult any type of cryptanalysis will be.

There are several measures of nonlinearity, which are beyond the scope of this book. In rough
terms, the more difficult it is to approximate F by a set of linear equations, the more nonlinear F
is. Several other criteria should be considered in designing

We would like the algorithm to have good avalanche properties. Recall that, in general, this
means that a change in one bit of the input should produce a change in many bits of the output.
A more stringent version of this is the strict avalanche criterion (SAC) [WEBS86], which states
that any output bit j of an S-box (see Appendix S for a discussion of S-boxes) should change
with probability 1/2 when any single input bit i is inverted for all i, j.
Although SAC is expressed in terms of S-boxes, a similar criterion could be applied to F
as a whole. This is important when considering designs that do not include S-boxes.
Another criterion proposed in [WEBS86] is the bit independence criterion (BIC), which states
that output bits j and k should change independently when any single input bit i is inverted for
all i, j, and k. The SAC and BIC criteria appear to strengthen the effectiveness of the confusion
function.

Key Schedule Algorithm

With any Feistel block cipher, the key is used to generate one subkey for each round. In general,
we would like to select subkeys to maximize the difficulty of deducing individual subkeys and
the difficulty of working back to the main key.
No general principles for this have yet been promulgated. Adams suggests [ADAM94] that, at
minimum, the key schedule should guarantee key/ciphertext Strict Avalanche Criterion and Bit
Independence Criterion.
 Reg No:

S.M.K FOMRA INSTITUTE OF TECHNOLOGY, CHENNAI

Internal Assessment Test – 2
Seventh Semester
Information Technology
CS6701 CRYTOGRAPHY AND NETWORK SECURITY
Time: 2 hours Maximum :50 marks
Answer ALL questions
PART A – (7*2=14 marks)

1. What is hash in cryptography?

2. How is the security of a MAC function expressed?
3. Mention the significance of signature function in Digital signature standard approach.
4. How digital signature differs from authentication protocols?
5. What is an elliptic curve?
6. State any three requirements for authentication.
7. Differentiate MAC and Hash function.

PART B (3*12 = 36 marks)

6.(a). With the neat diagram explain MD5 processing of a single 512 bit block. (12)
(OR)
(b). Explain digital signature standard with necessary diagrams in detail. (12)

7.(a). Write down the steps involved in Elgamal and Schnorr digital signature standard
Scheme. (12)
(OR)
(b) With a neat diagram explain the steps involved in SHA algorithm for encrypting a
Message with maximum length of less than 2128 bits and produces as output a 512-bit
message digest. (12)

8.(a). Compare the performance of RIPEMD-160 algorithm and SHA-1 algorithm. (12)
(OR)
(b). How hash function algorithm is designed? Explain their features and properties. (12)
Part A
1. What is hash in cryptography?

A cryptographic hash function is a hash function which takes an input (or 'message') and
returns a fixed-size alphanumeric string. The string is called the 'hash value', 'message digest',

'digital fingerprint', 'digest' or 'checksum'.

2. How is the security of a MAC function expressed?

3. Mention the significance of signature function in Digital signature standard approach.

Out of all cryptographic primitives, the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security. Apart from ability to
provide non-repudiation of message, the digital signature also provides message authentication
and data integrity.

4. How digital signature differs from authentication protocols?

A digital signature is an authentication mechanism that enables the creator of a message to

attach a code that acts as a signature. The signature is formed by taking the hash of the
message and encrypting the message with the creator's private key. The signature guarantees
the source and integrity of the message. Mutual authentication protocols enable
communicating parties to satisfy themselves mutually about each other's identity and to
exchange session keys. In one-way authentication, the recipient wants some assurance that a
message is from the alleged sender.
5. What is an elliptic curve?

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the

algebraic structure of elliptic curves over finite fields.

6. State any three requirements for authentication.

Disclosure, Masquerade, Traffic analysis, Content modification, Sequence modification,

Timing modification, Source and destination repudiation.

7. Differentiate MAC and Hash function.

 PA
RT B (3*12 = 36 marks)

6.(a). With the neat diagram explain MD5 processing of a single 512 bit block. (12)
7.(a). Write down the steps involved in Elgamal and Schnorr digital signature standard

Scheme. (12)
8 (b). Compare and contrast RIPEMD 160 and SHA-1. (12)
 Reg No:
S.M.K FOMRA INSTITUTE OF TECHNOLOGY, CHENNAI
Model Exam
Seventh Semester
Information Technology
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Time: 3 hours Maximum: 100 marks
Answer ALL questions
PART A – (10*2=20 marks)
1. Why is asymmetric cryptography bad for huge data? Specify the reason.
2. State Eulers theorem.
3. List the parameters (block size, key size and no of rounds) for the three AES versions.
4. Perform encryption and decryption using RSA algorithm for the following
p=7,q=11,e=17,M=8.
5. What is hash in cryptography?
6. How digital signature differs from authentication protocols?
7. What is the main function of a firewall?
8. What is threat? List their types.
9. List out the services provided by PGP.
10. What is the difference between TLS and SSL security?
PART B (5*13 = 65 marks)
11.(a) Encrypt the following using play fair cipher using the keyword MONARCHY.
“WE ARE DISCOVERED SAVE YOURSELF”. Use X for blank spaces. (13)
(OR)
(b). Explain classical encryption techniques with symmetric cipher &Hill cipher model. (13)
12.(a). What do you mean by AES? Diagrammatically illustrate the structure of AES and
describe the steps in AES encryption process with example. (13)
(OR)
(b) With a neat sketch explain Elliptic curve cryptography. (13)
13.(a). How hash function algorithm is designed? Explain their features and properties. (13)
(OR)
(b) With a neat diagram explain MD5 processing of a single 512 bit block. (13)
14.(a).Explain briefly about the architecture and certification mechanisms in Kerberos and
X.509. (13)
(OR)
(b) Discuss how firewalls helps in establishing a security framework for an organization.(13)
15.(a).Illustrate how PGP encryption is implemented through suitable diagram. (13)
(OR)
(b) (i) Write steps involved in simplified form of SSL/TLS protocol. (7)
(ii) Write the methodology involved in computing the keys in SSL/TLS protocol. (6)

PART C (1*15 = 15 marks)

16. (a) State and prove the Chinese remainder theorem. What are the last two digits of 4919? (15)
(OR)
(b) How is SHA algorithm designed? Explain their features and properties. (15)
PART A – (10*2=20 marks)

1. Why is asymmetric cryptography bad for huge data? Specify the reason.

1) Size of cryptogram: symmetric encryption does not increase the size of the cryptogram
(asymptotically), but asymmetric encryption does.
2) Performance: on a modern CPU with hardware AES support, encryption or decryption
speed is over 2000 megabyte/second (per core); while decryption of a 1024-bit
cryptogram in the above scheme can perhaps run at 4000 per second.

2. State Eulers theorem.

Euler's Theorem. The generalization of Fermat's theorem is known as Euler's theorem.

In general, Euler's theorem states that, “if p and q are relatively prime, then ”, where φ
is Euler's totient function for integers. That is, is the number of non-negative numbers that
are less than q and relatively prime to q.

3. List the parameters (block size, key size and no of rounds) for the three AES versions.

 AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-
bit keys. 
 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES

4. Perform encryption and decryption using RSA algorithm for the following
p=7,q=11,e=17,M=8.
5. What is hash in cryptography?

A cryptographic hash function is a hash function which takes an input (or 'message') and
returns a fixed-size alphanumeric string. The string is called the 'hash value', 'message
digest', 'digital fingerprint', 'digest' or 'checksum'.

6. How digital signature differs from authentication protocols?

A digital signature is an authentication mechanism that enables the creator of a message to

attach a code that acts as a signature. The signature is formed by taking the hash of the
message and encrypting the message with the creator's private key. The signature
guarantees the source and integrity of the message. Mutual authentication protocols enable
communicating parties to satisfy themselves mutually about each other's identity and to
exchange session keys. In one-way authentication, the recipient wants some assurance that
a message is from the alleged sender.

7. What is the main function of a firewall?

Firewall a firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. A firewall typically
establishes a barrier between a trusted internal network and untrusted outside network, such
as the Internet.

8. What is threat? List their types.

Image Spam. Image-based spam has increased in the past year, and a higher percentage is
making it past spam filters. ...
 Phishing. You receive an email that is made to look as though it comes from a legitimate
company you normally do business with.
Email Spoofing.
Email-Borne Viruses.
Chat Clients.

9. List out the services provided by PGP.

10. What is the difference between TLS and SSL security?

TLS uses stronger encryption algorithms and has the ability to work on  different ports.
Additionally, TLS version 1.0 does not interoperate with SSL version 3.0. ... It is
commonly used on web browsers, but SSL can also be used with email servers or any kind
of client-server transaction

PART B (5*13 = 65 marks)

11.(a) Encrypt the following using play fair cipher using the keyword MONARCHY.
“WE ARE DISCOVERED SAVE YOURSELF”. Use X for blank spaces. (13)
 (OR
)
(b). Explain classical encryption techniques with symmetric cipher &Hill cipher model. (13)

12.(a). What do you mean by AES? Diagrammatically illustrate the structure of AES and
describe the steps in AES encryption process with example. (13)
 (OR)
(b) With a neat sketch explain Elliptic curve cryptography. (13)
13.(a). How hash function algorithm is designed? Explain their features and properties. (13)
(OR)
(b) With a neat diagram explain MD5 processing of a single 512 bit block. (13)
14.(a).Explain briefly about the architecture and certification mechanisms in Kerberos and
X.509. (13)
Kerberos Terminology: Kerberos has its own terminology to define to define various
aspects of the services.
Authentication Server(SA): A server that issues tickets for a desired service which are in
turn given to users for acess to the services.
 Client : an entity on the network that can receive a ticket from Kerberos.
 Credentials : A temporary set of electronic credentials that verify the identity of a
client for a particular services. It is also called a ticket.
 Credentials cache or ticket file : A file which contains the keys for encrypting
communications between a user and various network services.
 Crypt hash: A one way hash used to authenticate users.
 Key: Data user when encrypting or decrypting other data.
 Ket Distribution Center(KDC): A service that issue Kerberos tickets and which
usually run on the same host as the Ticket-Granting Server(TGS).
 Realm: A network that uses Kerberos composed of one or more servers called KDCs
and potentially large number of clients.
 Ticket Granting Server(TGS): A server that issues tickets for desired service which
are in turn given to users for access to the service. The TGS usually runs on the same
host as the KDC.
 Ticket Granting Ticket(TGT): A special ticket that allows the client to obtain
additional tickets without applying for them from the KDC.
 (OR)
(b) Discuss how firewalls helps in establishing a security framework for an organization.
(13)
15.(a).Illustrate how PGP encryption is implemented through suitable diagram. (13)
Pretty Good Privacy

 PGP stands for pretty good privacy. It was developed originally by Phil
Zimmerman. However, in its incarnation as OpenPGP, it has now became an
open Standard .PGP is open -source . Although PGP can be used for protecting
data in long-term storage, it is used primarily for email security.
 PGP is a complete email security package that provides privacy,
authentication, Digital signatures, and compression all in an easy to use form
 The complete package, including all the source code, is distributed free of
charge via the internet. Due to its quality, Zero price, and easy availability on
UNIX, Linux, Windows and Mac OS platforms, it is widely used today.
 PGP encrypts data by using a block cipher called IDEA, which uses 128-bit keys.
IDEA is similar to DES and AES. Key management uses RSA and data integrity
Uses MD
Characteristics of PGP

1. PGP is available free world wide1

2. PGP can run on various platforms windows, UNIX and machintosh.

3. The algorithms used are extremely secure.

4. World wide acceptability.

5. PGP is not developed and controlled by government or standard organization.

6. PGP is on an internet standards track.

 PGP works as follows

Suppose user a wants to send a message (p) to user B in a secure way. Both the user have
private and public RSA keys. Each user knows the other‟s user public key. User A uses PGP
program for security purpose. At sender side i.e. at user A, PGP apply the hash function to
the plain text message using MD5 and that Message is encrypted. After encrypting again
apply hash function using own

 When message is received by user B decrypts the hash with user A public key
and verifies that the hash is correct. MD5 is the difficult to break. The
encrypted hash and original message are concatenated into a single message P1
and compressed using the ZIP program(P 1.Z).
 Using 128-bit IDEA message key (K m), the ZIP program is encrypts with
IDEA.
Also Km is encrypted with user B‟s public key (Bp).these two components are
Then concatenates and converted to base64.
 When this received by user B, he reverses the base64 encoding and decrypts the
IDEA key using his private RSA key. Using this key , user B decrypts the
message To get P1.Z. After decompressing P1.Z, user B gets the plaintext
message.
 For getting correct Message, user B separates the plaintext from hash and
decrypts
the hash using user A public key. If the plaintext hash agress with his own
MD5 computation, user B knows that P is the correct message and that
message came from user A.

Notation used in PGP

Ks = Session key used in conventional encryption scheme

PRa = Private key of user A ,used in public key encryption scheme

PUa= public key

encryption EP = public key
encryption DP = public key
decryption
 EC = conventional encryption
DC= conventional decryption
H = Hash function
I I =concatenation

Z = Compression using ZIP

algorithm

R64= Conversion to radix 64 ASCII format

PGP operation

 PGP operation Involves five different services.

1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation

1 . Authentication

 Signatures are attached to the message or file are detached signatures are also
Supported and are stored and transmitted separately from it
signs.
 The digital signature is generated by either
I) SHA-1 and RSA
ii) DSS/SHA-1
 Sender authentication consists of the sender attaching his/ her digital signature to the email
and the receiver verifying the signature using public-key cryptography.
Here is an example of authentication operations carried out by the sender and
the
Receiver:
1. At the sender‟s end, the SHA-1 hash function is used to create a 160-bit
message
Digest of the outgoing email message.
2. The message digest is encrypted with RSA using the sender‟s private key and
the
Result prepended to the message . The composite message is transmitted to the recipient.
3. The receiver uses RSA with the senders‟s public key to decrypt the message
digest.
4. The receiver compares the locally computed message digest with the
received
Message digest
 The description was based on using a RSA / SHA based digital signature. PGP
also Support DSS /SHA based signature. DSS stands for Digital Signature
standard. PGP also supports detached signature that can ba sent separately to the
receiver.
Detached signatures are also useful when a document must be signed by multiple
individuals.
 Fig. shows an authentication only.
2. Confidentiality

 Confidentiality is provided by encrypting messages to be transmitted. The

Algorithms used for encrypties are CAST-128, IDEA, 3DES with multiple keys.
 Only a portion of plaintext is encrypties with key and there is no relationship
With keys. Hence, the public key algorithm is secure.
 This service can be used for encrypting disk files. As you‟d expect, PGP
uses Symmetric –key encrypting disk files. The users has the choice of three
CAST -128 being the default choice.
1. Sender generates message and random 128-bit number to be used
Key for this message only
2. Message is encrypted, using CAST-128 / IDEA/ 3DES with session key.
3. Session key is encrypted using RSA with recipient‟s public key, then attached to
4. Session key is used to decrypt message.
5. Session key used to decrypt message.
 Fig. shows a confidentiality operation

Confidentiality and Authentication

 May be both services used same message

a. Create signature for plain text and attach to message
 b. Encrypt both message and signature using CAST – 128 or IDEA or TDEA
c. Attach RSA encrypted session key
 Fig. shows confidentiality and authentication

 When both services are used, the sender first signs the message with its own
Private key, then encrypts the message with a session key and then encrypts the
Session key with the recipients public key.

3. Compression

 Before encryption, the message along with signature compressed. Compression of

Message saves space and ease of transmission. PGP makes use of a compression
Package called ZIP. Another algorithm lampd –ZIV LZ77 is also used in ZIP
Compression scheme.
 By Default PGP compresses the email message after applying the signature but
Before encryption. This is to allow for long-term storage of uncompressed Message
along with their signatures. This also decouples the encryption algorithm From the
message verification procedures.
 Compression is achieved with the ZIP algorithm.

4. E-mail compatibility

 PGP encrypts the block of transmitted message. Some system uses ASCII text PGP
Converts it into raw 8-bit binary Stream of printable ASCII characters.
The scheme is called radix-64 conversion
 After receiving ,the incoming data is converted into binary by radix-64. Then the
Encrypted message is recovered by using session key and then decompressed.
 PGP uses radix-64 encoding for this purpose
 Radix -64 encoding , also known as Base -64 encoding has emerged as probably
the most common way to transmit binary data over a network. It first segments the
binary stream of bytes (the same thing as bytes) into 6-bit words.
 6
 Then 2 =64 different possible 6-bit words are represented by printable characters
As follow: The first 26 are mapped to the uppercase letters A through Z, the next
26 to the characters / and +. This causes each triple of adjoining bytes to be
Mapped into four ASCII characters
5.Segmentation and reassembly
 The length of E-mail is usually restricted to 50,000 octecks . Longer messages are
Broken-up into smaller segments and mailed separately.
 PGP provides subdivision of message and reassembly at the receiving end.
 Fig. shows transmission of PGP messages

(OR)
(b) (i) Write steps involved in simplified form of SSL/TLS protocol. (7)
(ii) Write the methodology involved in computing the keys in SSL/TLS protocol. (6)

PART C (1*15 = 15 marks)

16. (a) State and prove the Chinese remainder theorem. What are the last two digits of 4919?
(15)
UNIVERSITY QUESTION
PAPERS FOR LAST FOUR
YEARS (QUESTION BANK)