Cryptographic Algorithms CST 393 KTU Honours Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi

 CST 393 CRYPTOGRAPHIC ALGORITHMS  Category L      T      P      Credit      Year of Introduction VAC           3      1      0      4                     2019 Preamble: The course on Cryptographic Algorithms aims at exploring various algorithms deployed in offering confidentiality, integrity, authentication and non-repudiation services. This course covers classical encryption techniques, symmetric and public key crypto-system, key exchange and management, and authentication functions. The concepts covered in this course enable the learners in effective use of cryptographic algorithms for real life applications. Prerequisite: A sound background in Number Theory. Course Outcomes: After the completion of the course the student will be able to CO1 Identify the security services provided for different types of security attacks. (Cognitive Knowledge Level : Understand) CO2 Summarize the classical encryption techniques for information hiding.  (Cognitive Knowledge Level: Apply) CO3 Illustrat

 

APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY FIFTH SEMESTER B.TECH DEGREE EXAMINATION(HONORS), MONTH & YEAR Course Code: CST 393 Course Name: Cryptographic Algorithms Max.Marks:100 Duration: 3 Hours PART A Answer all Questions. Each question carries 3 Marks 1. State the two approaches in attacking a cipher. 2. Define Substitution Cipher. Encrypt using one time pad M = HONORS and K = CIPHER. 3. Specify the purpose of S-Boxes in Data Encryption Standard (DES). 4. Differentiate between diffusion and confusion. 5. Perform encryption using RSA Algorithm for the following p=7; q=11; e=13;M=5 6. Is Diffie-Hellman key exchange protocol vulnerable? Justify. 7. List the techniques for distribution of public keys. 8. Define a certificate authority and its relation to public key cryptography. 9. Distinguish between integrity and message authentication. 10. What types of attacks are addressed by message authentication? Part B (Answer any one question from each module. Each question carries 14 Marks

To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralized data processing environment; with the use of local and wide area networks, the problems are compounded. ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic approach.The OSI security architecture is useful to managers as a way of organizing the task of providing security. Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms. The OSI security architecture focuses on security attacks, mechanisms, and services. These can be d

Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information

Computer and network security are essential for several reasons, driven by the increasing reliance on digital systems and the growing sophistication of cyber threats. Here are some key needs for computer and network security: Protection of Data : To safeguard sensitive information such as personal data, financial records, intellectual property, and confidential business information from unauthorized access and breaches. Prevention of Cyber Attacks : To defend against various forms of cyber attacks including malware, ransomware, phishing, and denial-of-service attacks that can disrupt operations and cause significant damage. Integrity of Information : To ensure that data remains accurate and unaltered during transmission or storage, protecting it from tampering or corruption. Confidentiality : To ensure that information is accessible only to those authorized to have access, protecting it from unauthorized disclosure. Availability of Services : To ensure that computer systems and network

A processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms.  X.800 divides these services into five categories and fourteen specific services 1.Authentication The assurance that the communicating entity is the one that it claims to be. The authentication service is concerned with assuring that a communication is authentic. In the case of a single message, such as a warning or alarm signal, the function of the authentication service is to assure the recipient that the message is from the source that it claims to be from.  In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are involved. First, at the time of connection initiation, the service assures that the two entities are authentic, that is, that each is the entity that it claims to be. Second, the service must assure that the conne

A useful means of classifying security attacks is in terms of passive attacks and active attacks.   A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive Attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis.   The release of message contents is easily understood.A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. A second type of passive attack, traffic analysis.Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even i

 The following figure shows the Model for Network Security A message is to be transferred from one party to another across some sort of Internet service. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the Internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals. Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components: A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify t

Table  lists the security mechanisms defined in X.800. The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are not specific to any particular protocol layer or security service. X.800 distinguishes between reversible encipherment mechanisms and irreversible encipherment mechanisms.A reversible encipherment mechanism is simply an encryption algorithm that allows data to be encrypted and subsequently decrypted. Irreversible encipherment mechanisms include hash algorithms and message authentication codes, which are used in digital signature and message authentication applications. Table below, indicates the relationship between security services and security mechanisms.

A symmetric encryption scheme has five ingredients (Figure below): Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.   Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the

Before beginning, we define some terms. An original message is known as the  plaintext , while the coded message is called the ciphertext .The process of converting from plaintext to ciphertext is known as enciphering or encryption ; restoring the plaintext from the ciphertext is deciphering or decryption . The many schemes used for encryption constitute the area of study known as cryptography . Such a scheme is known as a cryptographic system or a cipher. Techniques used for deciphering a  message without any knowledge of the enciphering details fall into the area of cryptanalysis . Cryptanalysis is what the layperson calls “breaking the code.”The areas of cryptography and cryptanalysis together are called cryptology. Cryptographic systems are characterized along three independent dimensions: 1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit

With only 25 possible keys, the Caesar cipher is far from secure.A dramatic increase in the key space can be achieved by allowing an arbitrary substitution. Before proceeding we define the term permutation .A permutation of a finite set of elements $S$ is an ordered sequence of all the elements of $S$, with each element appearing exactly once. For example, if $S=\{a,b,c\}$, there are six permutations of  $S$: $$\{abc, acb, bac, bca, cab, cba\}$$ In general, there are $n!$ permutations of a set of elements, because the first element can be chosen in one of $n$ ways, the second in $n-1$ ways, the third in $n-2$ ways, and so on. Recall the assignment for the Caesar cipher: plain:    a b c d e f g h i j k l m n o p q r s t u v w x y z cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there are 26! or greater than $4 \times 10^{26}$ possible keys.This is 10 orders of magnitude greater tha