ASSIGNMENT - 1

1) Explain Different Types of Attacks in Detail

Cryptographic attacks aim to break security mechanisms and gain unauthorized access to data. They
can be classified as follows:

1. Passive Attacks

These attacks do not alter the data but involve monitoring and eavesdropping on communication.

 Eavesdropping Attack: Attacker listens to confidential data being transmitted.

 Traffic Analysis: Observing patterns in encrypted communication to infer useful information.

2. Active Attacks

In these attacks, the attacker modifies the data to gain control or alter information.

 Masquerade Attack: Attacker impersonates an authorized user.

 Replay Attack: Re-sending captured messages to gain unauthorized access.

 Modification Attack: Altering transmitted messages or files.

 Denial-of-Service (DoS) Attack: Overloading a system to disrupt service availability.

3. Cryptographic Attacks

These focus on breaking encryption algorithms or security mechanisms.

 Brute Force Attack: Trying all possible keys until the correct one is found.

 Dictionary Attack: Using a precomputed list of passwords or keys.

 Man-in-the-Middle (MITM) Attack: Intercepting communication between two parties and

altering the messages.

 Side-Channel Attack: Exploiting physical characteristics (timing, power consumption) of a

cryptosystem.

4. Software-Based Attacks

These involve using malware or exploits to compromise security.

 Trojan Horse: A malicious program disguised as a legitimate application.

 Spyware: Collects user data without permission.

 Ransomware: Encrypts files and demands payment for decryption.

Conclusion: Understanding these attack types is crucial for designing secure systems and
implementing effective countermeasures.

2) Encrypt the message "SECURITY" using Hill Cipher with key (9 4 5 7)

3) Construct a Playfair Matrix with Key "CONSTITUTION" and Encrypt the Message

Step 1: Create the Playfair Matrix

1. Write "CONSTITUTION" (without duplicates).

2. Fill the rest of the 5×5 grid with unused letters.

CONST

IUABD

EFGHJ

KLMPQ

RVWXY

(Note: 'J' is usually merged with 'I' in Playfair)

Step 2: Encrypt "The document contains the fundamental rights of the people"

1. Split into digraphs (pair up letters, insert 'X' if needed):

o TH ED OC UM EN TC ON TA IN ST HE FU ND AM EN TA LR IG HT SO FT HE PE OP LE

2. Apply Playfair encryption rules:

o If letters in the same row → Replace with next letter in the row.

o If in the same column → Replace with next letter in column.

o Else, form a rectangle and swap opposite corners.

Example:

 "TH" → ("T" and "H" form a rectangle) → "JS"

 "ED" → ("E" and "D" form a rectangle) → "TA"

Final ciphertext: "JS TA XX..." (Continue for all digraphs)

4) Find the Greatest Common Divisor (GCD) of 96256 and 432 using Euclidean Algorithm

Step 1: Apply Euclidean Algorithm

1. Divide 96256 by 432:

o 96256÷432=22296256 / 432 = 22296256÷432=222 remainder 272

2. Divide 432 by 272:

o 432÷272=1432 / 272 = 1432÷272=1 remainder 160

3. Divide 272 by 160:

o 272÷160=1272 / 160 = 1272÷160=1 remainder 112

4. Divide 160 by 112:

o 160÷112=1160 / 112 = 1160÷112=1 remainder 48

5. Divide 112 by 48:

o 112÷48=2112 / 48 = 2112÷48=2 remainder 16

6. Divide 48 by 16:

o 48÷16=348 / 16 = 348÷16=3 remainder 0

Since the remainder is 0, GCD = 16.

Assignment – 2
1) Explain Single Round of DES in Detail

The Data Encryption Standard (DES) is a symmetric key encryption algorithm that operates on 64-bit
blocks of plaintext using a 56-bit key. It consists of 16 rounds, with each round performing a series of
substitutions and permutations.

Steps in a Single Round of DES

1. Expansion (E-Box Permutation)

o The 32-bit right half of the plaintext is expanded into a 48-bit block using the
expansion permutation table.

o This introduces diffusion and increases security.

2. Key Mixing (XOR with Subkey)

o The expanded 48-bit data is XORed with a 48-bit subkey derived from the main 56-
bit key using the key schedule.
 o Each round uses a different subkey.

3. Substitution (S-Box Transformation)

o The 48-bit XOR result is divided into eight 6-bit blocks.

o Each block is passed through a Substitution Box (S-Box), which reduces it to a 4-bit
output.

o S-Boxes provide non-linearity and make DES resistant to linear and differential
attacks.

4. Permutation (P-Box Transformation)

o The 32-bit output from the S-Boxes is shuffled using a fixed P-Box permutation.

o This increases diffusion by spreading out bits across different locations.

5. XOR with Left Half

o The transformed 32-bit result is XORed with the left half of the plaintext.

o The left and right halves are then swapped.

Final Round and Ciphertext Generation

 After 16 rounds, the left and right halves are combined and passed through a final
permutation (FP) to produce the ciphertext.

🔹 Conclusion: A single DES round involves expansion, key mixing, substitution, permutation, and
XOR operations to ensure security.

2) Explain S-Box Generation in AES

3) Explain Double DES. How It Is Vulnerable to Meet-in-the-Middle Attack?

4) Need of Block Cipher Modes and Explanation of Different Modes

Why Do We Need Block Cipher Modes?

 DES and AES encrypt fixed-size blocks (e.g., 64-bit, 128-bit).

 Messages longer than the block size require modes of operation to encrypt them securely.

Block Cipher Modes of Operation

1. Electronic Code Book (ECB)

o Each block is encrypted independently.

o Weakness: Identical plaintext blocks produce identical ciphertext blocks.

o Not secure for large data (image encryption is vulnerable).

2. Cipher Block Chaining (CBC)

o Each plaintext block is XORed with the previous ciphertext block before encryption.

o IV (Initialization Vector) is used for the first block.

o More secure than ECB but susceptible to bit-flipping attacks.

3. Cipher Feedback Mode (CFB)

o Converts block cipher into a stream cipher.

o IV is encrypted, and the output is XORed with plaintext to produce ciphertext.

 4. Output Feedback Mode (OFB)

o Like CFB, but instead of using the ciphertext, the output of encryption is fed back.

o Prevents error propagation but is vulnerable to replay attacks.

5. Counter Mode (CTR)

o Uses a counter value that is incremented for each block.

o Highly parallelizable and commonly used in modern cryptography.

🔹 Conclusion: Different modes offer different levels of security, and the choice depends on the
application.

5) Calculate RSA Private Key and Encrypt Message

Assignment –3
1) Write Down Steps and Draw Figure for SHA-512

Overview of SHA-512

SHA-512 is a cryptographic hash function that produces a 512-bit hash value from an input message.
It follows the Merkle-Damgård construction and operates on 1024-bit blocks.

Steps of SHA-512

1. Message Padding

o The message is padded so its length is 896 mod 1024.

 o A 1-bit is added, followed by zero bits until the length is 896.

o A 128-bit length field is appended.

2. Message Parsing

o The padded message is divided into 1024-bit blocks.

3. Initialize Hash Values (H₀ to H₇)

o Eight 64-bit constants are used as initial hash values.

4. Message Expansion (W₀ to W₈₀)

o Each 1024-bit block is expanded into 80 words (64-bit each).

5. Compression Function (Rounds 1-80)

o Each round uses:

 64-bit Ch, Maj functions

 σ (sigma) bitwise rotation functions

 Round constants (K₀ to K₇₉)

 Working registers (A to H)

6. Final Hash Computation

o After 80 rounds, the hash values are updated and concatenated to form a 512-bit
hash.

🔹 Figure for SHA-512:

(You should draw a diagram showing the 8 working variables (A to H), message expansion (W), and
compression rounds).

2) Explain MAC Based on Cipher Blocks (DAA and CMAC)

Message Authentication Code (MAC)

A MAC ensures message integrity and authenticity by generating a unique tag for each message.

DAA (Data Authentication Algorithm)

 Based on DES-CBC.

 Last ciphertext block is used as the MAC value.

 Weakness: Not secure against certain attacks.

CMAC (Cipher-based MAC)

 Uses AES or DES with two keys: K₁ and K₂.

 Steps:

1. Encrypt message in CBC mode.

2. Apply final transformation using K₁ or K₂.

3. The last encrypted block is the MAC value.

🔹 CMAC is stronger than DAA and widely used in security protocols.

3) Draw the Figure for DSA Signing and Verification

Digital Signature Algorithm (DSA)

DSA is used for signing messages and verifying authenticity.

🔹 Steps for Signing

1. Choose a random number k.

2. Compute r = (g^k mod p) mod q.

3. Compute s = (H(M) + x * r) * k⁻¹ mod q.

4. Signature = (r, s).

🔹 Steps for Verification

1. Compute w = s⁻¹ mod q.

2. Compute u₁ = H(M) * w mod q.

3. Compute u₂ = r * w mod q.

4. Compute v = (g^u1 * y^u2 mod p) mod q.

5. If v = r, the signature is valid.

🔹 Figure for DSA:

(A diagram should show signing and verification processes with mathematical operations).

4) Explain Different Approaches for Distribution of Public Keys

1. Public Announcement

 Users broadcast their public keys.

 Weakness: Susceptible to MITM (Man-in-the-Middle) attacks.

2. Public Directory

 Maintains a centralized database of public keys.

 Weakness: If the directory is compromised, security is lost.

3. Public Key Authority

 Uses a trusted third party (TTP) to distribute public keys.

 Process:

o User requests the public key from the authority.

o Authority provides a digitally signed key.

 More secure than public directories.

4. Public Key Certificates (X.509)

 Uses certificate authorities (CAs) to issue public key certificates.

  Digital signatures ensure authenticity.

 Widely used in SSL/TLS, email encryption.

5) Explain Various Fields in X.509 Certificate Format

🔹 X.509 is a widely used standard for digital certificates in SSL, TLS, and PKI.

Fields in X.509 Certificate

1. Version: Identifies X.509 version (V1, V2, V3).

2. Serial Number: Unique ID assigned by the certificate authority (CA).

3. Signature Algorithm: Algorithm used for signing (e.g., RSA, SHA-256).

4. Issuer Name: Name of the CA issuing the certificate.

5. Validity Period:

o Not Before: Start date.

o Not After: Expiry date.

6. Subject Name: Owner's name (organization, domain, etc.).

7. Public Key Information: Public key and its algorithm.

8. Extensions (V3 only): Additional fields (e.g., key usage, alternative names).

9. Issuer Signature: Digital signature from CA to verify authenticity.

🔹 X.509 is essential for SSL/TLS and secure communication.

6) Give Overview of Kerberos

🔹 Kerberos is a network authentication protocol that uses tickets to securely authenticate users
over an untrusted network.

Key Components of Kerberos

1. Authentication Server (AS): Verifies user identity and issues Ticket-Granting Ticket (TGT).

2. Ticket Granting Server (TGS): Issues service tickets.

3. Client: Requests authentication and access to services.

4. Service Server (SS): Provides access to resources after verifying the ticket.

Working of Kerberos

1. User Authentication:

o Client sends login request to AS.

o AS verifies credentials and issues TGT.

2. Service Ticket Request:

o Client sends TGT to TGS to get a Service Ticket (ST).

3. Accessing Services:
 o Client presents ST to the Service Server (SS).

o SS grants access.

🔹 Kerberos prevents password transmission and is used in Windows Active Directory.

7) Explain SSL Protocol Stack

🔹 Secure Sockets Layer (SSL) is a cryptographic protocol used for secure communication over the
Internet.

SSL Protocol Stack

Layer Function

Application Layer User applications (e.g., browsers, email clients)

SSL Record Layer Provides encryption, integrity, and fragmentation

SSL Handshake Protocol Establishes secure session between client and server

SSL Change Cipher Spec Signals changes in encryption settings

SSL Alert Protocol Handles error messages and alerts

SSL Record Protocol Encrypts and transmits application data

Working of SSL

1. Handshake Phase

o Client and server exchange hello messages.

o Server sends X.509 certificate.

o Session keys are generated using RSA/Diffie-Hellman.

2. Session Key Exchange

o Symmetric keys are established.

3. Secure Communication

o Encrypted messages are exchanged using AES, DES, or ChaCha20.

🔹 SSL/TLS ensures confidentiality, integrity, and authentication in web security.