Cryptography and Network Security

cryptographic techniques. Thus the focus on it.

Abstract As the usage of computers and data networks go on

increasing, the security of data in the network is becoming more
and more critical. As information has almost become one of the
most valuable resources in all walks of life, error tolerance is
much lesser and thus it becomes necessary to give the network
proper security and protect the data. This paper first analyzed
network security and its various components, and then extends
the same concepts to the OSI model. Next is the basic principles
of cryptography and its classification along with basic
terminology, followed by some of the widely used algorithms for
block ciphers along with their working principles and logical
algorithms. The advantages of the currently existing methods
have been analyzed and various techniques described.

Index Terms cryptography, security attacks, security

mechanism, security services, block ciphers, permutations
ciphers, Feistal Cipher Structure, data encryption standard,
public key, substitution and transposition.

I. INTRODUCTION
I
nformation Security has continuously been changing and tends
to become more demanding. Information is a strategic
resource, and a significant part of the organizational budgets is
dedicated towards managing it. The growing usage of
computers implies more protection of files and information.
Computers need tools to protect the stored files while
communication links need to protect the information while
being transferred. Network security is thus needed to protect
the information rather data, during transmission.
Security of information may have different objectives such as
confidentiality, integrity and availability. Confidentiality
implies secrecy and in synonymous to the protection of
information value. Integrity is basically ensuring the accuracy
of data and availability is its proper delivery.
Three aspects of such security include attacks, mechanisms
and services. A security service is something that enhances the
security of the data processing systems and the information
transfers of an organization. They are intended to counter
security attacks. In general, they make use of one or more
security mechanisms to provide the service or replicate
functions normally associated with physical documents.
A mechanism that is designed to detect, prevent, or recover
from a security attack. No single mechanism that will support
all functions required however one particular element
underlies many of the security mechanisms in use which is

Any action that compromises the security of information

owned by an organization is called a security attack.
Information security is about how to prevent attacks, or failing
that, to detect attacks on information-based systems.

II. OSI SECURITY ARCHITECTURE

ITU-T X.800 Security Architecture for OSI defines a
systematic way of defining and providing security
requirements.
A. Security Services
The OSI architecture categorizes services under five major
categories:
Authentication - assurance that the communicating entity
is the one claimed
Access Control - prevention of the unauthorized use of a
resource
Data Confidentiality protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is as sent by
an authorized entity
Non-Repudiation - protection against denial by one of
the parties in a communication
B. Security Mechanisms
Classified broadly into two types:
specific security mechanisms:
(encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding, routing
control, notarization)
pervasive security mechanisms:
(trusted functionality, security labels, event detection, security
audit trails, security recovery)
C. Security Attacks
According to the effect of attack on the data, they can be either
passive or active.
passive attacks - eavesdropping on, or monitoring of,
transmissions to:
obtain message contents, or
monitor traffic flows
active attacks modification of data stream to:
masquerade of one entity as some other
replay previous messages
modify messages in transit
denial of service

III. CRYPROGRAPHY
Cryptography literally translates to the study of secret writing.
It can be defined as the art or science encompassing the
principles and methods of transforming an intelligible message
into one that is unintelligible, and then retransforming that
message back to its original form.
The original intelligible message is known as plaintext while
the transformed message is called ciphertext. The algorithm
used for such conversion is called cipher and is associated
with a key which provides critical information only to the
sender and receiver for the same. Conversion from plaintext to
ciphertext is known as enciphering and the reverse process is
known as deciphering.
Two basic methodologies of classic cryptography include
substitution and transposition. Substitution is replacing of say
letters, with other letters while transposition is arranging them
in a different way (if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext bit patterns with
ciphertext bit patterns) Combination of both can be used.
Ciphers can further be either monoalphabetic or
polyalphabetic, implying only one substitution/transposition or
more than one substitution/transposition respectively. The
resultant cipher of many ciphers joined together is called the
product cipher.
Considering security of the cipher key from being discovered
(not considering methods such as brute force technique) there
is unconditional security and computational security.
Unconditional security is when no matter how much computer
power is available, the cipher cannot be broken since the
ciphertext provides insufficient information to uniquely
determine the corresponding plaintext. Computational security
is given limited computing resources (time, tools, processing
etc), the cipher cannot be broken.
IV. BLOCK CIPHERS
Block ciphers process messages in into blocks, each of which
is then encrypted or decrypted. It is like a substitution on very
big characters (64-bits or more) It is different from stream
ciphers process messages a bit or byte at a time when
encrypting or decrypting. Majority of the current ciphers are
block ciphers.
A. Claude Shannon and Substitution-Permutation Ciphers
In 1949, Claude Shannon introduced the idea of substitutionpermutation (S-P) networks which form the basis of modern
block ciphers. The substitution and permutation are introduced
in such a way as to provide confusion and diffusion of
message. Diffusion dissipates the statistical structure of
plaintext over bulk of ciphertext while confusion makes
relationship between ciphertext and key as complex as
possible. These together make the original text obscure and
thus provide computational security.

B. Feistel Cipher Structure

It is based on concept of invertible product cipher
It first partitions the input block into two halves and then:
process through multiple rounds which
perform a substitution on left data half based on round
function of right half & subkey
then have permutation swapping halves
Design Principles:
block size
increasing size improves security, but slows cipher
key size
increasing size improves security, makes exhaustive key
searching harder, but may slow cipher
number of rounds
increasing number improves security, but slows cipher
subkey generation
greater complexity can make analysis harder, but slows
cipher
round function
greater complexity can make analysis harder, but slows
cipher
C. Data Encryption Standard
DES is the most widely accepted and used block code in the
world. It encrypts 64 bit data using a 56 bit key. The first step
is initial permutation. It reorders the input data bits by
assigning the even bits to left half and odd bits to right half. It
then applies Feistal Cipher on the two 32 bit halves. The ith bit
of left is assigned the (i-1)th bit of right. And the ith bit of
right is the (i-1)th bit of left XORed with the ith bit of key.
Then eight substitution boxes are used which map the 6 bits to
4. The outer two bit select a row and the inner four are
substituted. This results in 8 lots of 4 bits and row selection
depending on data and key. The keys used in the above
procedure are basically subkeys formed from the initial key.
These are formed by first dividing the key into 28 bit halves
and then in sixteen stages rotate each half separately by one or
two places based on key rotation schedule. (The decryption
involves the reversal of these sixteen stages)
DES supports avalanche effect which is a desirable property
for encryption keys. A change in one input or key bit results in
the change of approximately half the output keys which makes
it extremely difficult to guess keys by some technique.
Further, as it is a 56 bit key there are 2^56 different possible
permutations which makes brute force search hard. Even if it
does succeed, due to initial permutation making sense of
plaintext would not be obvious. Yet for critical applications
the keysize is considered small and thus insecure. A variation
to the method is TDES where the algorithms is used three
times, each with a different key. This increases the security.
Cipher Block chaining is another method used. The message is
broken in blocks which are linked to each other in the
encryption process. It uses an initial value to start the process.
This is an advantageous method as change in a block affects

the rest plus security it increased by the fact that along with
key, knowledge of the initial value is necessary to decrypt.
Electronic Code Book uses an opposite process where each
block is encrypted independently. Security is less and thus it is
used only when few blocks are to be transmitted.
V. PUBLIC KEY CRYPTOGRAPHY
Two keys are used for the encryption and decryption of the
data or message. One is public and the other is private.
Though both of them are related to each other mathematically,
the private key cannot be derived from the public key.
Message encrypted by the public key can only be decrypted by
a private key. Usually concepts of number theory and
relatively prime numbers are used. Eulers Function is used to
compute the relatively prime numbers lesser than a given
number. Ron Rivet gave an algorithm to compute the keys as
natural numbers. Two prime numbers p and q are chosen and
their product is N. Eulers function say E(N) is then computed.
A random integer e is selected such that gcd of E and e is 1.
Then d is calculated as mod(E)/e. Where mod() is the modulus
function. The public key is a function of N and e while the
private of N and d. (Something of the sort M^e*mod(N).
where M is the message data).
VI. CONCLUSIONS
Network Security is of critical importance and to provide the
same cryptology with the study of various encryption and
decryption methods is necessary. Various algorithms are
available for this purpose, and selection should be based on
factors and parameters such as fault tolerance, type of data,
amount of data and other system constraints or requirements.
Block ciphers are more favorable for the purpose of
computational ease. Within block ciphers there are various
conceptually diverse methods. Each method has its own
limitations and thus the one should be chosen in which its
advantages weigh out the disadvantages. Public key
cryptology is one method which doesnt have most of the
disadvantages of other methods and thus has been popular
since long.

REFERENCES
[1] Dr. Bill Figg. Data Networks and Cryptography,Dakota
State University, 2000.
[2] William Stallings Cryptography and Internet Security,"
Upper Saddle River,NJ,Prentice Hall, 1999
[3] William Stallings, Network Security Essentials:
Applications and Standards,3e