INTERNAL ASSIGNMENT

SESSION NOVEMBER 2024

PROGRAM MASTER OF COMPUTER APPLICATION (MCA)
SEMESTER III
COURSE CODE & NAME DCA8143 – CRYPTOGRAPHY AND NETWORK SECU-
RITY
NAME DARSHAN SHEKARA POOJARY
ROLL NO 2314515632

SET – 1

1) Substitution and transposition ciphers are two fundamental techniques in classical

cryptography used to encrypt plaintext into ciphertext. Both methods aim to obscure the
original message, but they do so in different ways.

a) Substitution Cipher
In a substitution cipher, each letter or group of letters in the plaintext is replaced by
another letter or group of letters. The key defines the substitution pattern. There are
several types of substitution ciphers:

i) Caesar Cipher: It is one of the simplest substitution ciphers, where each letter in the
plaintext is shifted a fixed number of positions down or up the alphabet. For in-
stance, with a shift of 3, 'A' would become 'D', 'B' would become 'E', and so on. The
word "HELLO" would be encrypted as "KHOOR".

ii) Atbash Cipher: This cipher maps each letter of the alphabet to its reverse, so 'A'
becomes 'Z', 'B' becomes 'Y', and so on. For example, "HELLO" would be encrypted
as "SVOOL".

iii) Simple Substitution Cipher: Each letter in the plaintext is replaced by a specific
different letter. For example, if the key is "QWERTYUIOPASDFJKLZXCVBM",
'A' becomes 'Q', 'B' becomes 'W', and so on. The word "HELLO" might be en-
crypted as "ITSSG".

iv) Vigenère Cipher: This is an advanced substitution cipher that uses a keyword to
shift letters. Each letter in the keyword determines a different Caesar shift. In this
case, using the keyword "KEY", the first letter of the plaintext has been shifted by
10 (K), the second by 4 (E), the third by 24 (Y), and so on, repeating the pattern.
The word "HELLO" with the keyword "KEY" would be encrypted as "RIJVS".
 b) Transposition Cipher
In a transposition cipher, the letters in the plaintext are rearranged without changing the
actual letters. The key defines the rearrangement pattern. There are several types of
transposition ciphers:

i) Rail Fence Cipher: The plaintext is written in a zigzag pattern along a set number
of rails and then read off row by row. For example, with 2 rails, the word "HELLO"
would be written as:
H...O
.E.L.
..L..
Reading row by row gives “HOELL”.

ii) Columnar Transposition Cipher. The plaintext is written in rows of a fixed length
and then read off in columns according to a key. Let us illustrate with the key "3124"
and the plaintext "HELLOWORLD". It could appear as:
3124
HELL
0W0R
LD
Reading columns in the order of the key gives “ELWRHOLODL”.

iii) Route Cipher Write the plaintext in a grid, then read it off in some route, for
example spiralling inwards, or following some path. So with a 3x3 grid and the
plaintext "HELLOWORLD" it might be written as:
HEL
LOW
ORL
D
Reading in a spiral pattern gives “HELLOWORLD”.

Both substitution and transposition ciphers can be combined to yield more complex
methods of encryption for greater security, but modern techniques have largely
superseded these in practice because classical methods are readily broken by
frequency analysis and other cryptanalytic attacks.

2) The Advanced Encryption Standard (AES) is a cornerstone of modern cryptography,

widely used to secure sensitive data in diverse applications. Adopted as a U.S. federal en-
cryption standard in 2001 by the National Institute of Standards and Technology (NIST),
AES is celebrated for its robust security, speed, and efficiency, making it the de facto choice
for data encryption worldwide.

a) Design Principles
AES was designed to overcome the vulnerabilities of older encryption methods like
DES (Data Encryption Standard). The Rijndael algorithm, developed by Vincent
Rijmen and Joan Daemen, was selected for AES due to its simplicity, resistance to
cryptanalysis, and efficiency in both hardware and software. AES is a symmetric key
encryption algorithm, meaning the same key is used for both encryption and decryption.
Its design focuses on three key principles:
 i) Substitution-Permutation Network (SPN): AES utilizes substitution (confusion)
and permutation (diffusion) to mask the correlation between the plaintext,
ciphertext, and encryption key.
ii) Key Expansion: A secure key schedule produces several round keys from the
initial encryption key to provide good security.
iii) Modular Arithmetic and Linear Algebra: Operations such as Galois Field multipli-
cation confer resistance to attack.

b) Operation
AES works on blocks of 128 bits, and the keys are 128, 192, or 256 bits long, which is
equivalent to 10, 12, or 14 rounds of encryption, respectively. Its operation can be
divided into four stages in every round:

i) SubBytes: In this step, every byte in the block is replaced with a substitution box
(S-Box) to make the encryption non-linear and not predictable.
ii) ShiftRows : The rows of the state matrix are shifted cyclically to provide diffusion
within the block.
iii) MixColumns: Matrix columns are mixed together by matrix multiplication within
a finite field so that each byte’s data affects others.
iv) AddRoundKey: Round key, which is the product of the original key, is XORed with
the state matrix for introducing randomness.

The initial round begins with an AddRoundKey step, and the final round omits the
MixColumns step for simplicity.

c) Applications
AES is widely used across industries due to its balance of security and performance.
Key applications include:

i) Data Protection: Employed in secure file storage solutions and full-disk encryption
(such as BitLocker, VeraCrypt).
ii) Network Security: Secures communications within VPNs, TLS/SSL protocols, and
wireless security standards such as WPA3.
iii) Cloud Computing: Secures data in transit and at rest within cloud infrastructures.
iv) Government and Military: Provides safe handling and communication of classified
data.

3) The RSA algorithm is founded upon the mathematical behavior of prime numbers and
modular arithmetic. It has two main parts: Key Generation and Encryption/Decryption.

a) Key Generation
i) Step 1: Select two large prime numbers, 𝑝 and 𝑞.
ii) Step 2: Compute 𝑛 = 𝑝 × 𝑞. The modulus 𝑛 is used as part of both the public and
private keys.
iii) Step 3: Calculate 𝜙(𝑛) = (𝑝 − 1) (𝑞 − 1), where 𝜙(𝑛) is the totient of 𝑛.
iv) Step 4: Choose a public exponent eee, such that 1 < 𝑒 < 𝜙(𝑛) and 𝑒 is coprime
with 𝜙(𝑛).
v) Step 5: Compute the private exponent d, which satisfies (𝑒 𝑥 𝑑) 𝑚𝑜𝑑 𝜙(𝑛) = 1.
 b) Encryption and Decryption
i) Encryption: A sender encrypts a message 𝑚 using the recipient's public key as
𝑐 = 𝑚𝑒 𝑚𝑜𝑑 𝑛, where 𝑐 is the ciphertext.
ii) Decryption: The recipient decrypts 𝑐 using their private key as
𝑚 = 𝑐 𝑑 𝑚𝑜𝑑 𝑛.

Significance in Public Key Cryptography

a) Asymmetric Encryption: RSA uses two keys, one public and one private, enabling se-
cure communication without pre-shared secrets. This solves the key exchange problem
inherent in symmetric cryptography.
b) Digital Signatures: RSA supports digital signatures, where a message can be signed
with a private key and verified with the corresponding public key. This provides au-
thentication, integrity, and non-repudiation.
c) Secure Data Transmission: RSA is widely employed in the secure transmission
of online communications, such as SSL/TLS protocols for HTTPS, encryption
of email, and VPNs.
d) Foundation of Cryptographic Infrastructure: RSA is the building block of Public Key
Infrastructure (PKI), which supports secure web surfing, digital certificates, and trusted
third-party validation.

The RSA algorithm transformed cryptography with its introduction of a viable implemen-
tation of public key systems. In spite of the advent of newer algorithms, RSA is still a sta-
ple of contemporary cryptographic practices because of its simplicity, strength, and ubiq-
uity.

SET – 2

4) Public key distribution is the backbone of public key cryptography, providing secure data
exchange and communication across insecure networks. Public keys are a part of a crypto-
graphic key pair in which the public key is openly shared, and the private key remains
secret. The basic problem in public key distribution is ensuring the authenticity and integ-
rity of the key to avoid impersonation by malicious parties. If a public key is altered or
substituted while in transit, attackers might be able to intercept or modify encrypted mes-
sages, resulting in security and confidentiality breaches. For this reason, good public key
distribution methods, along with authenticating mechanisms for them, are a prerequisite for
the success of cryptographic systems.

A very popular way of distributing public keys is through the Public Key Infrastructure
(PKI). PKI depends on trusted parties called Certificate Authorities (CAs) to authenticate
the identity of a person or group prior to issuing digital certificates. The certificates have
the public key, as well as identification details and a digital signature from the CA, which
certifies that the key is authentic. After issuance, such certificates can be distributed indis-
criminately since their integrity can be verified by anyone utilizing the CA's public key.
PKI is the foundation of most secure communication protocols, including HTTPS, which
encrypts sensitive information passed over the internet, and Secure/Multipurpose Internet
Mail Extensions (S/MIME), which encrypts email communications. Apart from PKI, de-
centralized approaches to distributing public keys have also been developed, especially in
frameworks like blockchain.
 Blockchain technology offers a tamper-evident, open ledger where public keys can be kept
and retrieved without depending on central authorities. This decentralized method is espe-
cially beneficial in systems where centralized institutions are not trusted. Secondly, peer-
to-peer distribution techniques, e.g., the "web of trust" scheme, enable users to endorse
other users' public keys. In this arrangement, it depends on people signing one another's
public keys to build a web of trust, lessening reliance on centralized bodies but still offering
some form of guarantee. For one-to-one communication, public keys can also be sent over
secure media, for example, during meetings or secure messaging. This process, though on
a smaller scale, works for small groups or person-to-person exchanges. Large-scale uses,
though, use automated tools like PKI or decentralized platforms because of their ease of
scalability and convenience.Public key authenticity is essential, as it establishes the credi-
bility of the entire cryptographic framework.

If an attacker is able to effectively distribute a forged public key, they might be able to
intercept encrypted messages, sabotage digital signatures, or impersonate a genuine party.
Protocols such as Transport Layer Security (TLS) employ certificate chains to authenticate
that public keys disseminated via websites are valid. Moreover, end users are usually
prompted to manually check digital certificates when in doubt about the origin of a key. In
conclusion, public key distribution is the cornerstone of contemporary cryptographic sys-
tems, facilitating secure data exchange, authentication, and confidentiality. Whether via
centralized PKI, decentralized blockchain networks, or peer-to-peer networks, authenti-
cated and effective public key distribution guarantees that sensitive communications and
transactions are secure in an increasingly interconnected digital world.

5) A Virtual Private Network (VPN) is a secure tunnel that enables users to connect to the in-
ternet or a private network via an encrypted channel. VPNs protect online privacy, pro-
vide security, and enable access to blocked content by hiding the user's IP address and di-
recting their internet traffic via a remote server. This forms a virtual tunnel between the
user and the internet, protecting data from hackers, advertisers, or surveillance.

Types of VPNs:
a) Remote Access VPN:
Remote Access VPNs enable individual users to securely access a private network, e.g.,
an organization's internal systems, from a remote site. They are typically used by em-
ployees who require access to corporate resources while at home or on the road. This
VPN encrypts the user-to-private network connection, maintaining data confidentiality.

b) Site-to-Site VPN:
Site-to-Site VPNs, or Router-to-Router VPNs, are utilized to connect multiple networks
in geographically dispersed locations. For instance, a corporation with offices across
various cities can utilize a Site-to-Site VPN to establish a single network. Site-to-Site
VPN is widely applied in businesses and depends on VPN gateways at each site to
create and support secure communication.

c) Client-Based VPN:
A Client-Based VPN consists of software that has been installed on a single device, like
a computer, tablet, or phone. The software creates a protected connection to the VPN
server that encrypts internet data. This is ideal for single users seeking privacy and safe
browsing.
 d) Internet Protocol Security (IPSec) VPN:
IPSec VPNs apply the IPSec protocol suite in order to make communications over the
internet secure. IPSec VPN is a suitable VPN for encryption of data at the network layer
and can thus be used with both remote-access and site-to-site VPNs. IPSec provides
confidentiality, integrity, and authentication of the data.

e) SSL/TLS VPN:
Secure Socket Layer (SSL) or Transport Layer Security (TLS) VPNs are accessed via
a web browser without the need for special software installation. They are usually em-
ployed to offer secure connections for particular applications instead of the whole net-
work.

f) MPLS VPN:
Multi-Protocol Label Switching (MPLS) VPNs are widely utilized by companies for
high-performance connectivity. They provide private, secure communication between
sites over an internet service provider-managed dedicated network infrastructure.

In summary, VPNs are essential for secure online communication, offering various types
tailored to individual or business needs. They protect data privacy, bypass geo-restrictions,
and ensure secure access to remote networks.

6) Intrusion methods are the ways that attackers intrude into computer systems or networks
for unauthorized access to steal, alter, or delete data. They use vulnerabilities in software,
hardware, or human behavior. Common methods of intrusion are phishing, where attackers
trick users into revealing sensitive information; malware, viruses or ransomware, intended
to sabotage or take control of systems; brute force attacks, where attackers attempt pass-
words systematically to breach; and SQL injection, where database queries are manipulated
to access or modify sensitive information. Familiarity with these methods is necessary for
applying effective security controls to safeguard systems from possible intrusions.

Firewalls are key security tools that secure networks by inspecting and controlling traffic
coming in and out of a network according to preconfigured security rules. They provide a
blockade between an intended internal network and external, untrusted networks like the
internet, blocking unwanted access. Firewalls are of various kinds, each supporting varying
degrees of protection:

a) Packet-Filtering Firewalls: work at the network layer and check specific packets of data
according to factors like source and destination IP addresses, ports, and protocols.
Packet-filtering firewalls are easy and effective but might not check the data content
and therefore are susceptible to more complex attacks.
b) Stateful Inspection Firewalls: inspect not just packet headers but also active connection
state. They have a state table that keeps track of the context of current communication
sessions and can thus identify whether packets belong to a valid connection. They are
more secure than packet-filtering firewalls because of this.
c) Proxy Firewalls: or application-level firewalls, are intermediaries between users and
the internet. They examine the entire packet content, including application-layer data,
to prevent malicious activity. Proxy firewalls provide high security but can cause la-
tency because of their in-depth inspection.
d) Next-Generation Firewalls (NGFWs): integrate standard firewall features with en-
hanced features like deep packet inspection, intrusion prevention systems (IPS), and
 application awareness. These firewalls have the ability to detect and block advanced
threats like zero-day attacks and encrypted malware.
e) Network Address Translation (NAT) Firewalls: conceal internal IP addresses by trans-
lating them into one public IP address. This keeps external parties from accessing de-
vices in the internal network directly, providing an extra layer of anonymity and secu-
rity.

Finally, intrusion methods demonstrate the changing way attackers breach systems, and
firewalls are fundamental defenses against them. Choosing the right type of firewall ac-
cording to particular security needs is crucial to protecting sensitive information and ensur-
ing network integrity.