PART A

1. Determine the gcd (24140,16762) using Euclid’s algorithm. [A/M-2017]

Soln: We know, gcd(a, b) = gcd(b, a mod b)

gcd(24140,16762) =gcd(16762,7378)

gcd(7378,2006) =gcd(2006,1360)

gcd(1360,646) =gcd(646,68) gcd(68,34) = 34

gcd(24140,16762) = 34.

2. State Fermat's theorem. [A/M-2017]

 It States If p is prime and a is an integer not divisible by p, then . . .

ap-1  1 (mod p).

 And for every integer a

ap  a (mod p).

3. Compare passive and active attack [A/M-2015] [N/D-2016]

Sl.No PASSIVE ATTACK ACTIVE ATTACK
1 The attacker’s goal is just to An active attack may change the
obtain information. This means that the data or harm the system. Attacks that
attack does not modify data or harm the threaten the integrity and availability are
system. The system continues with its active attacks. Active attacks are
normal operation. Attacks that threaten normally easier to detect tan to prevent,
confidentiality-snooping and traffic because an attacker can launch them in
analysis-are passive attacks. a variety of ways.

2 Passive attacks are in the nature of Active attacks involve some modification
eavesdropping on, or monitoring of, of the data stream or the creation of a
transmissions. The goal of the opponent false stream.
is to obtain information that is being
transmitted.

1
4.Find gcd (1970,1066) using Euclid’s algorithm [N/D-2016]

Euclidean Algorithm to compute GCD(a,b) is:

Euclid(a,b)
if (b = 0) then return a;
else return Euclid(b, a mod b);

GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)

1066 = 1 x 904 + 162 gcd(904, 162)

904 = 5 x 162 + 94 gcd(162, 94)

162 = 1 x 94 + 68 gcd(94, 68)

94 = 1 x 68 + 26 gcd(68, 26)

68 = 2 x 26 + 16 gcd(26, 16)

26 = 1 x 16 + 10 gcd(16, 10)

16 = 1 x 10 + 6 gcd(10, 6)

10 = 1 x 6 + 4 gcd(6, 4)

6 = 1 x 4 + 2 gcd(4, 2)

4 = 2 x 2 + 0 gcd(2, 0)

GCD(1970,1066)=2

5.The ciphertext CRWWZ was encrypted by an affine cipher mod 26: The plaintext
starts with ha. Decrypt the message. [M/J-2016]
Sol.
The ciphertext CRWWZ was encrypted by an affine cipher mod 26:
The plaintext starts with ha. Decrypt the message.
Sol.
Since the ciphertext corresponding to the plaintext ”ha” (7, 0) is ”CR” (2, 17) and the cipher
is an affine cipher, we immediately have the following two equations:

2 ≡ α ・ 7 + β (mod 26)
17 ≡ α ・ 0 + β (mod 26)

2
The second equation says that β = 17. Substitute back to the first equation, we have 2 ≡ α ・
7 + 17 (mod 26), i.e. 7 ・ α ≡ 11 (mod 26).
Since gcd(7, 16) = 1, 7 has inverse in Z∗ 26, i.e. 7 ・ 15 ≡ 1 (mod 26).
Thus, α ≡ 15 ・ 11 ≡ 9 (mod 26).

The encryption formula is Y ≡ 9 ・ x + 17 (mod 26).

The decryption formula is x ≡ 3 ・ (Y − 17) ≡ 3Y + 1 (mod 26).
ciphertext W −→ 22, x ≡ 3 ・ 22 + 1 ≡ 15 (mod 26) −→ plaintext p
ciphertext Z −→ 25, x ≡ 3 ・ 25 + 1 ≡ 24 (mod 26) −→ plaintext y
Plaintext: happy

6.Define Eulers Φ function and find the values of

(i) Φ(35)
(ii) Φ(27) [M/J-2016]
The totient function , also called Euler's totient function, is defined as the number of
positive integers that are relatively prime to (i.e., do not contain any factor in common
with) , where 1 is counted as being relatively prime to all numbers. Since a number less
than or equal to and relatively prime to a given number is called a totative, the totient
function can be simply defined as the number of totatives of . For example, there are
eight totatives of 24 (1, 5, 7, 11, 13, 17, 19, and 23), so .

(i) Φ(35)= 24
(ii) Φ(27)= 18
7.Find 117 Mod 13. [A/M-2015]

step1:
11^2 = 121 ≡ {4(mod 13)}

step2:
11^4 = (11^2)^2 ≡ 4^2 ≡ {3 (mod 13)}

step3:
11^7 ≡ 11 x 4 x 3 ≡ 132 ≡ 2 (mod 13)

11^7 = 11^(1+2+4)
= {11^1} x {11^2} x {11^4}

3
= [{11} x {4} x {3}] (mod 13)
= 132 (mod 13)
= 2 (mod 13)

8. What are active and passive attacks that compromise information security?
[M/J2014] (or) Give the types of attack. [N/D 2011]

An active attack may change the data or harm the system. Attacks that threaten the
integrity and availability are active attacks. Active attacks are normally easier to detect
tan to prevent, because an attacker can launch them in a variety of ways.
The attacker’s goal is just to obtain information. This means that the attack does not
modify data or harm the system. The system continues with its normal operation. Attacks
that threaten confidentiality-snooping and traffic analysis-are passive attacks.
Types of Attacks are,

 Denial of service
 Passive attacks
 Active attacks
 Modification
 Masquerading
 Replaying
 Repudiation
 Brute Force attack

9. What is the difference between a mono alphabetic and a poly alphabetic cipher?
[N/D 2012]

A monoalphabetic cipher uses the same substitution across the entire message. For
example, if you know that the letter A is enciphered as the letter K, this will hold true for
the entire message. These types of messages can be cracked by using frequency
analysis, educated guesses and trial and error.

4
 In a Polyalphabetic cipher, the substitution may change throughout the message. In
other words, the letter A may be encoded as the letter K for part of the message, but latter
on it might be encoded as the letter W.

5
10. Define Steganography. [M/J 2013]

A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various transformations of
the text. A simple form of steganography, but one that is time consuming to construct is one
in which an arrangement of words or letters within an apparently innocuous text spells out
the real message.

e.g., the sequence of first letters of each word of the overall message spells out the
real (hidden) message.

11. What is an avalanche effect? [N/D 2012]

The avalanche effect refers to a desirable property of cryptographic algorithms,

typically block ciphers and cryptographic hash functions. The avalanche effect is evident if,
when an input is changed slightly (for example, flipping a single bit) the output changes
significantly (e.g., half the output bits flip). In the case of high-quality block ciphers, such a
small change in either the key or the plaintext should cause a drastic change in the cipher
text.

12. Why random numbers are used in network security? [M/J 2014]

The distribution of letters in the plaintext closely matches that of English, as

expressed by the vector A0 above. Look at a random letter in the top strip of ciphertext. It
corresponds to a random letter of English shifted by some amount i (corresponding to an
element of the key). The letter below it corresponds to a random letter of English shifted by
some amount j.

13. Give an example each for substitution and transposition ciphers. [N/D 2013]

A substitution technique is one in which the letters of plain text are replaced by other
letters or by number or symbols. If the plain text is viewed as a sequence of bits, then
substitution involves replacing plaintext patterns with ciphertext bit patterns.

6
14. List out the problems of one time pad? [N/D 2011]

 There is a practical problem in making large qualities of random keys. Any heavily
used system might require millions of random character on a regular basis.
 Another problem in one time pad encryption is key distribution and protection. For
every message to be sent, a key of equal length is needed by both sender and
receiver.

15. Why modular arithmetic has been used in cryptography? [N/D 2013]

Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an
integer quotient q and an integer remainder r that obey the following relationship

a = q n +r 0<=r<n; q = [a/n]

where [x] is the largest integer less than or equal to x

16. Define Chinese remainder theorem.

Suppose gcd (m, n ) =1. Given integer a and b, there exists exactly one solution x (mod
mn) to the simultaneous Congruences

x≡ a (mod m) x≡ b (mod n)

17. Define Euler’s theorem.

Euler’s theorem states that for every a and n that is relatively prime:

aφ(n) ≡ 1(mod n)

7
 Part-B
1(a).Explain network security model in detail1
Model for Network Security
A message is to be transferred from one party to another across some sort of Internet
service. The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is established by defining a route
through the Internet from source to destination and by the cooperative
use of communication protocols (e.g., TCP/IP) by the two principals.

Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and
so on. All the techniques for providing security have two components:

• A security-related transformation on the information to be sent. Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.

• Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

8
A trusted third party may be needed to achieve secure transmission. For example, a third
party may be responsible for distributing the secret information to the two principals while
keeping it from any opponent. Or a third party may be needed to arbitrate disputes between
the two principals concerning the authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a particular security
service:

1. Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

9
1(b)Explain OSI Security Architecture model with neat diagram and describe the
various security mechanisms [M/J-2016] [N/D-2016]
OSI Security Architecture
To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the approaches
to satisfying those requirements. This is difficult enough in a centralized data processing
environment; with the use of local and wide area networks, the problems are compounded.

ITU-T3 Recommendation X.800, Security Architecture for OSI, defines such a systematic
approach.4 The OSI security architecture is useful to managers as a way of organizing the
task of providing security. Furthermore, because this architecture was developed as an
international standard, computer and communications vendors have developed security
features for their products and services that relate to this structured definition of services
and mechanisms.

Security attack: Any action that compromises the security of information owned by an
organization.

• Security mechanism: A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security attack.

• Security service: A processing or communication service that enhances the security of

the data processing systems and the information transfers of an organization. The services
are intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service

Security Attack
A passive attack attempts to learn or make use of information from the system but does not
affect system resources.
An active attack attempts to alter system resources or affect their operation.
Passive Attacks
10
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.

Categorization of Attacks
 Passive attacks
 Active attacks
A useful means of classifying security attacks, used both in X.800 and RFC 2828, is
in terms of passive attacks and active attacks. A passive attack attempts to learn or make
use of information from the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.

PASSIVE ATTACKS
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted. Passive attacks are of
two types:
Release of message contents: A telephone conversation, an e-mail message and a
transferred file may contain sensitive or confidential information. We would like to prevent
the opponent from learning the contents of these transmissions.

11
Traffic analysis: If we had encryption protection in place, an opponent might still be able to
observe the pattern of the message. The opponent could determine the location and identity
of communication hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of communication that
was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration of
data. However, it is feasible to prevent the success of these attacks.

ACTIVE ATTACKS
These attacks involve some modification of the data stream or the creation of a false
stream. These attacks can be classified in to four categories:
Masquerade – One entity pretends to be a different entity.

12
Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.

Modification of messages – Some portion of message is altered or the messages are

delayed or recorded, to produce an unauthorized effect.

Denial of service – Prevents or inhibits the normal use or management of communication

facilities. Another form of service denial is the disruption of an entire network, either by
disabling the network or overloading it with messages so as to degrade performance.

13
It is quite difficult to prevent active attacks absolutely, because to do so would require
physical protection of all communication facilities and paths at all times. Instead, the goal is
to detect them and to recover from any disruption or delays caused by them.

SECURITY SERVICES
Authentication
The authentication service is concerned with assuring that a communication is authentic. In
the case of a single message, such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message is from the source that it
claims to be from. In the case of an ongoing interaction, such as the connection of a terminal
to a host, two aspects are involved. First, at the time of connection initiation, the service
assures that the two entities are authentic, that is, that each is the entity that it claims to be.
Second, the service must assure that the connection is not interfered with in such a way that
a third party can masquerade as one of the two legitimate parties for the purposes of
unauthorized transmission or reception.
Two specific authentication services are defined in X.800:
• Peer entity authentication
• Data origin authentication

Access Control
In the context of network security, access control is the ability to limit and control the access
to host systems and applications via communications links. To achieve this, each entity
trying to gain access must first be identified, or authenticated, so that access rights can be
tailored to the individual.

Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time.
The other aspect of confidentiality is the protection of traffic flow from analysis. This requires
that an attacker not be able to observe the source and destination, frequency, length, or
other characteristics of the traffic on a communications facility.
14
Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or
selected fields within a message. Again, the most useful and straightforward approach is
total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages, assures
that messages are received as sent with no duplication, insertion, modification, reordering,
or replays. The destruction of data is also covered under this service. Thus, the connection-
oriented integrity service addresses both message stream modification and denial of
service.
On the other hand, a connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally provides protection against
message modification only.

Non-repudiation
Non-repudiation prevents either sender or receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent
the message. Similarly, when a message is received, the sender can prove that the alleged
receiver in fact received the message.

SECURITY MECHANISM
The mechanisms are divided into those that are implemented in a specific protocol layer,
such as TCP or an application-layer protocol, and those that are not specific to any
particular protocol layer or security service.

(i) Specific security mechanisms

May be incorporated into the appropriate protocol layer in order to provide some of the OSI
security services.

Encipherment
The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm
and zero or more encryption keys.

15
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of
the data unit to prove the source and integrity of the data unit and protect against forgery
(e.g., by the recipient).

Access Control
A variety of mechanisms that enforce access rights to resources.

Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units

(ii) Pervasive security mechanisms

Mechanisms that are not specific to any particular OSI security service or protocol layer.

Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as established by a
security policy).

Security Label
The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource.

Event Detection
Detection of security-relevant events.

Security Audit Trail

Data collected and potentially used to facilitate a security audit, which is an independent
review and examination of system records and activities.

Security Recovery
Deals with requests from mechanisms, such as event handling and management functions,
and takes recovery actions..

16
2.Explain any two classical ciphers and also describe their security limitations. [M/J
2014] (or)

Write about any two classical crypto systems (substitution and transposition) with
suitable example. [M/J 2013] [A/M-2015] (or)

Explain any two types of cipher techniques in detail. [M/J 2012] (or)

Explain the ceaser cipher and mono alphabetic cipher. [N/D 2011] (or) Using play fair
cipher algorithm encrypt the message using the key “MONARCHY” and explain. [N/D
2011]

Describe

(i) Playfair cipher

(ii) Railfence cipher
(iii) Vignere cipher [A/M-2017]

CLASSICAL ENCRYPTION TECHNIQUES

The many schemes used for encryption constitute the area of study known as cryptography.
Such a scheme is known as a cryptographic system or a cipher. Techniques used for
deciphering a message without any knowledge of the enciphering details fall into the area of
cryptanalysis. Cryptanalysis is what the layperson calls “breaking the code.”The areas of
cryptography and cryptanalysis together are called cryptology.

SYMMETRIC CIPHER MODEL

Symmetric encryption scheme has five ingredients:

• Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.

• Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.

17
 • Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the key.

• Cipher text: This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The cipher text is an apparently random stream of data and, as it
stands, is unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It

takes the cipher text and the secret key and produces the original plaintext.

Simplified Model of Symmetric Encryption

Cryptography

Cryptographic systems are characterized along three independent dimensions:

 The type of operations used for transforming plaintext to cipher text.

 The number of keys used.
 The way in which the plaintext is processed.

18
CLASSICAL ENCRYPTION TECHNIQUES There are two basic building blocks of all
encryption techniques: substitution and transposition.

SUBSTITUTION TECHNIQUES

A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols. If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with cipher text bit patterns.

Caesar Cipher

(i) Monoalphabetic Ciphers

(ii) Playfair Cipher
(iii) Hill Cipher
(iv) Polyalphabetic Ciphers
(v) One-Time Pad

(i) Caesar cipher (or) shift cipher The earliest known use of a substitution
cipher and the simplest was by Julius Caesar. The Caesar cipher involves
replacing each letter of the alphabet with the letter standing 3 places further
down the alphabet.
Example

19
Then the algorithm can be expressed as follows. For each plaintext letter p, substitute

the ciphertext letter C such that

C = E(p) = (p+3) mod 26

A shift may be any amount, so that general Caesar algorithm is

C = E (p) = (p+k) mod 26

Where k takes on a value in the range 1 to 25. The decryption algorithm is simply

P = D(C) = (C-k) mod 26

(ii) Monoalphabetic Ciphers

It replaces each letter of a plaintext by another letter or symbol, depending only on the letter.
The same plaintext letter is always replaced by the same ciphertext letter.\

With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the
key space can be achieved by allowing an arbitrary substitution. Before proceeding, we
define the term permutation. A permutation of a finite set of elements S is an ordered
sequence of all the elements of S, with each element appearing exactly once.

For example, if S = {a, b, c}, there are six permutations of S:

abc, acb, bac, bca, cab, cba

20
In general, there are n! permutations of a set of n elements, because the first element can
be chosen in one of n ways, the second in n - 1 ways, the third in n – 2 ways, and so on.

 rather than just shifting the alphabet

 could shuffle (permute) the letters arbitrarily
 each plaintext letter maps to a different random ciphertext letter
 hence key is 26 letters long
Example

(ii) Playfair Cipher:

The best known multiple letter encryption cipher is the playfair, which treats digrams
in the plaintext as single units and translates these units into cipher text digrams.

The playfair algorithm is based on the use of 5x5 matrix of letters constructed using a
keyword. Let the keyword be „monarchy‟. The matrix is constructed by filling in the letters of
the keyword (minus duplicates) from left to right and from top to bottom, and then filling in
the remainder of the matrix with the remaining letters in alphabetical order.

The letter i and j count as one letter. Plaintext is encrypted two letters at a time according to
the following rules:

21
  Repeating plaintext letters that would fall in the same pair are separated with a filler
letter such as “x”.

 Plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row following the last.

 Plaintext letters that fall in the same column are replaced by the letter beneath, with
the top element of the column following the last.

 Otherwise, each plaintext letter is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter.
Plaintext = meet me at the school house

Splitting two letters as a unit => me et me at th es ch ox ol ho us ex

Corresponding cipher text => CL KL CL RS PD IL HY AV MP HF XL IU

Strength of playfair cipher

 Playfair cipher is a great advance over simple mono alphabetic ciphers.

 Since there are 26 letters, 26x26 = 676 diagrams are possible, so identification of
individual digram is more difficult.
 Frequency analysis is much more difficult.

22
(iii) Polyalphabetic ciphers:

Another way to improve on the simple monoalphabetic technique is to use different

monoalphabetic substitutions as one proceeds through the plaintext message. The general
name for this approach is polyalphabetic cipher. All the techniques have the following
features in common.

 A set of related monoalphabetic substitution rules are used

 A key determines which particular rule is chosen for a given transformation.
Example:

Vigenere cipher

In this scheme, the set of related monoalphabetic substitution rules consisting of 26

caesar ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter. e.g.,
Caesar cipher with a shift of 3 is denoted by the key value 'd‟ (since a=0, b=1, c=2 and so
on). To aid in understanding the scheme, a matrix known as vigenere tableau is
constructed.

Each of the 26 ciphers is laid out horizontally, with the key letter for each cipher to its
left. A normal alphabet for the plaintext runs across the top. The process of encryption is
simple: Given a key letter X and a plaintext letter y, the cipher text is at the intersection of
the row labeled x and the column labeled y; in this case, the ciphertext is V.
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword.
A general equation of the encryption process is

Ci = (pi + ki mod m) mod 26

A general equation of the decryption process is

Pi = (Ci - ki mod m) mod 26

e.g., key =deceptivedeceptivedeceptive

PlainText =wearediscoveredsaveyourself
Cipher Text = Z I C VTWQNGRZGVT WAV ZHC QYG LMGJ

23
Expressed numerically, we have the following result.

Decryption is equally simple. The key letter again identifies the row. The position of the
cipher text letter in that row determines the column, and the plaintext letter is at the top of
that column.

Strength of Vigenere cipher

 There are multiple ciphertext letters for each plaintext letter.
 Letter frequency information is obscured.

Hill cipher

24
One Time Pad Cipher:

It is an unbreakable cryptosystem. It represents the message as a sequence of 0s

and 1s. this can be accomplished by writing all numbers in binary, for example, or by using
ASCII. The key is a random sequence of 0‟s and 1‟s of same length as the message. Once
a key is used, it is discarded and never used again. The system can be expressed as
follows:

Ci = Pi Ki

Ci - ith binary digit of cipher text

Pi - ith binary digit of plaintext

Ki - ith binary digit of key

– exclusive OR opearaiton

Thus the cipher text is generated by performing the bitwise XOR of the plaintext and the
key. Decryption uses the same key. Because of the properties of XOR, decryption simply
involves the same bitwise operation:

25
 Pi = Ci Ki

e.g., plaintext = 0 0 1 0 1 0 0 1

Key = 1 0 1 0 1 1 0 0

-------------------

ciphertext = 1 0 0 0 0 1 0 1

Advantage:

Encryption method is completely unbreakable for a ciphertext only attack.

Disadvantages:

 It requires a very long key which is expensive to produce and expensive to transmit.
 Once a key is used, it is dangerous to reuse it for a second message; any knowledge
on the first message would give knowledge of the second.

26
TRANSPOSITION TECHNIQUES

A very different kind of mapping is achieved by performing some sort of permutation on the
plaintext letters. This technique is referred to as a transposition cipher. The simplest such
cipher is the rail fence technique, in which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows. For example, to encipher the message
“meet me after the toga party” with a rail fence of depth 2, we write the following:

A pure transposition cipher is easily recognized because it has the same letter
frequencies as the original plaintext. The transposition cipher can be made significantly
more secure by performing more than one stage of transposition. The result is more
complex permutation that is not easily reconstructed.

27
3. What are the different types of attacks? Explain. [N/D 2013]

Security attack – Any action that compromises the security of information owned by
an organization.

There are four general categories of attack which are listed below.

Interruption:

An asset of the system is destroyed or becomes unavailable or unusable. This is an

attack on availability. e.g., destruction of piece of hardware, cutting of a communication line
or disabling of file management system.

Interception:

An unauthorized party gains access to an asset. This is an attack on confidentiality.

Unauthorized party could be a person, a program or a computer.e.g., wire tapping to capture
data in the network, illicit copying of files.

28
Modification:

An unauthorized party not only gains access to but tampers with an asset. This is an
attack on integrity. e.g., changing values in data file, altering a program, modifying the
contents of messages being transmitted in a network.

Fabrication:

An unauthorized party inserts counterfeit objects into the system. This is an attack on
authenticity. e.g., insertion of spurious message in a network or addition of records to a file.

A useful categorization of these attacks is in terms of

 Passive attacks
 Active attacks
A useful means of classifying security attacks, used both in X.800 and RFC 2828, is
in terms of passive attacks and active attacks. A passive attack attempts to learn or make

29
use of information from the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.

PASSIVE ATTACKS

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The
goal of the opponent is to obtain information that is being transmitted. Passive attacks are of
two types:

Release of message contents: A telephone conversation, an e-mail message and a

transferred file may contain sensitive or confidential information. We would like to prevent
the opponent from learning the contents of these transmissions.

Traffic analysis: If we had encryption protection in place, an opponent might still be able to
observe the pattern of the message. The opponent could determine the location and identity
of communication hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of communication that
was taking place.

Passive attacks are very difficult to detect because they do not involve any alteration of
data. However, it is feasible to prevent the success of these attacks.

30
ACTIVE ATTACKS

These attacks involve some modification of the data stream or the creation of a false
stream. These attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity.

Replay – involves passive capture of a data unit and its subsequent transmission to

produce an unauthorized effect.

31
Modification of messages – Some portion of message is altered or the messages are
delayed or recorded, to produce an unauthorized effect.
Denial of service – Prevents or inhibits the normal use or management of communication
facilities. Another form of service denial is the disruption of an entire network, either by
disabling the network or overloading it with messages so as to degrade performance.

It is quite difficult to prevent active attacks absolutely, because to do so would require

physical protection of all communication facilities and paths at all times. Instead, the goal is

to detect them and to recover from any disruption or delays caused by them.

32
4. i. State and prove Fermat’s theorem. Find 321mod 11 using Fermat’s theorem. [A/M-
2015][N/D-2013,2016]

ii. State Euler’s theorem to find gcd with example. [N/D 2013] [A/M-2015]

(OR)

Write about Fermat and Euler’s theorem in detail. [M/J 2013] (or) Explain briefly about
Fermats and Eulers theorem. [N/D 2012]

(i) Fermat’s Theorem

 It States If p is prime and a is an integer not divisible by p, then . . .

ap-1  1 (mod p).

 And for every integer a

ap  a (mod p).

 This theorem is useful in public key (RSA) and primality testing.

Proof: Consider the set of positive integers less than p: {1, 2, c, p - 1} and multiply
each element by a, modulo p, to get the set X = {a mod p, 2a mod p, c, (p - 1)a mod
p}. None of the elements of X is equal to zero because p does not divide a.
Furthermore, no two of the integers in X are equal. To see this, assume that ja K ka
(mod p)), where 1 … j 6 k … p - 1. Because a is relatively prime5 to p, we can
eliminate a from both sides of the equation [see Equation resulting in j K k (mod p).
This last equality is impossible, because j and k are both positive integers less than p.
Therefore, we know that the (p - 1) elements of X
B are all positive integers with no two elements equal. We can conclude the X
consists of the set of integers {1, 2, c, p - 1} in some order. Multiplying the numbers in
both sets (p and X) and taking the result mod p yields

a * 2a * c* (p - 1)a  K [(1 * 2 * c* (p - 1)] (mod p)

ap-1(p - 1)!  K (p - 1)! (mod p)

We can cancel the (p - 1)! term because it is relatively prime to p

Example

33
Find 321mod 11 using Fermat’s theorem

(ii)Euler’s theorem

If GCD(a, p) = 1, and a < p, then

 This theorem generalizes Fermat’s theorem and is an important key to the RSA
algorithm.

 In other words, If a and p are relatively prime, with a being the smaller integer, then
when we multiply a with itself (p) times and divide the result by p, the remainder will
be 1.

34
Euler Totient Function:  (n)

  (n) = how many numbers there are between 1 and n-1 are relatively prime to n.

  (4) = 2 (1, 3 are relatively prime to 4)

  (5) = 4 (1, 2, 3, 4 are relatively prime to 5)

  (6) = 2 (1, 5 are relatively prime to 6)

  (7) = 6 (1, 2, 3, 4, 5, 6 are relatively prime to 7)

35
Example

 If a = 5 and p = 6

 Then  (6) = (2-1) * (3-1) = 2

 So, 5  (6) = 25 and 25 = 24+1 = 6*4+1

 => 25 = 1(mod 6) OR 25 % 6 = 1

 It also follows that a  (p)+1  a(mod p) so that p does not necessarily need to be
relatively prime to a.

 Euler’s theorem uses modulus arithmetic which helps to lay the foundation for RSA
encryption. To construct a personal cipher key we need an appropriate value we will
call variable R. So, we select two very large prime numbers U and V and multiply
them.

=> (R) = (U-1)*(V-1). This makes R difficult to factor, since the fewer factors a number has,
the longer it takes to find them.

36