(CYB250) Introduction to Threat Modeling

Description

Overview

Don't use plagiarized sources. Get Your Custom Assignment on
(CYB250) Introduction to Threat Modeling
From as Little as $13/Page

Threat modeling is an important process to help identify deficiencies in systems that are meant to keep assets secure. Using a threat model while summarizing the attack provides an industry-vetted model that allows for easy identification of incidents versus threats. Every cyber incident can be depicted in threat modeling scenarios, which provides an industry standard to communicate the characteristics of any threat. Threat modeling is an important practice for cybersecurity analysts because they must compare different forms of threats to identify common characteristics and build the most secure defense against threats. This activity will draw on important fundamentals we have explored previously, like the confidentiality, integrity, and availability (CIA) triad and adversarial mindset.

This activity relates directly to the final project, where you will be required to complete a threat model for your project scenario. Take advantage of feedback on this assignment to prepare you for your final project submission in Module Seven.

Prompt

Analyze the three breach case studies found in the three articles that are linked in the Reading and Resources section of Module Three of your course. Use this information to fill out the template and address the critical elements listed below.

Threat Modeling
To complete this assignment, first download the Module Three Stepping Stone One Template provided in the What to Submit section. Identify the elements of the threat model by filling in the template for the case studies below.
Complete column for Target Breachthoroughly and accurately.
Complete column for Sony Breachthoroughly and accurately.
Complete column for OPM Breachthoroughly and accurately.
Incident Analysis
Select one of the incidents from the table and analyze the following information:
Which of the CIA triad is most applicable to the “Action” category of the selected incident? Explain your answer.
How can you use an adversarial mindset in analyzing the “Attackers” and “Objective” to inform the response to the attack?
Imagine you worked for the organization in the chosen incident and had used a threat model proactively. What changes could you have made to the organization to avoid the incident?
Threat Modeling Extension
Defend the need for performing threat modeling. How would you convince your supervisor that threat modeling is worth the time and resources needed to complete it?
Why is threat modeling an important tool for a security practitioner?
What organizational advantages beyond security controls might arise from this threat modeling exercise?
How does threat modeling differ between roles in IT (for example, testers—data mutations; designers—analyzing threats; developers—tracking data flow)?
What to Submit

Use the Module Three Stepping Stone One Template to prepare your submission. Your submission should be 2 to 3 pages in length including the table. Use double spacing, 12-point Times New Roman font, and one-inch margins. All sources must be cited using APA format.


Unformatted Attachment Preview

CYB 250 Module Three Stepping Stone One Template
Complete this template by replacing the bracketed text with the relevant information.
Threat Model
Incident
Target Breach
Sony Breach
OPM Breach
Attackers
[Insert text.]
[Insert text.]
[Insert text.]
Tools
[Insert text.]
[Insert text.]
[Insert text.]
Vulnerability
[Insert text.]
[Insert text.]
[Insert text.]
Action
[Insert text.]
[Insert text.]
[Insert text.]
Target
[Insert text.]
[Insert text.]
[Insert text.]
Unauthorized Result
[Insert text.]
[Insert text.]
[Insert text.]
Objective
[Insert text.]
[Insert text.]
[Insert text.]
Copyright 2020. NEW AGE International Publishers.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
CHAPTER
3
3.1
Symmetric Key Encryption
INTRODUCTION
The concept of securing messages through cryptography has a long history. Indeed, Julius
Caesar is credited with creating one of the earliest cryptographic systems to send military
messages to his generals.
Historically, encryption systems used what is known as symmetric key cryptography.
It is also referred to as conventional encryption or single key encryption. Using symmetric
cryptography, it is safe to send encrypted messages without any fear of interception, however,
there always remains the difficulty of how to securely transfer the key to the recipients of a
message so that they can decrypt the message. This chapter explains the different techniques
of symmetric key cryptography or symmetric key encryption. These concepts can be used to
understand better the modern ciphers.
3.2
GENERAL IDEA OF SYMMETRIC KEY ENCRYPTION
A cryptographic algorithm, or cipher, is the mathematical function used for encryption or
decryption of message. Cryptography is the process of dealing with the design of algorithms
for encryption and decryption, intended to ensure the secrecy and/or authenticity of message.
The basic component of cryptography is a cryptosystem. It has five tuple, (E, D, P, K,
and C),
Where;
P – is the set of plaintext
K – is the set of keys
C – is the set of ciphetext
Where,
E : P × K → C is the set of encryption functions
D : C × K → P is the set of decryption functions
For example Caesar cipher is a widely known algorithm of symmetric key encryption. In
which letters are shifted using Caesar cipher with a key of 3. With this key the character ‘a’
becomes D, ‘b’ becomes E and so forth ending with ‘z’ becoming C.
26
EBSCO Publishing : eBook Collection (EBSCOhost) – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY
AN: 2706870 ; Acharya, Rathnakar.; Cryptography and Network Security
Account: shapiro.main.eds
Symmetric Key Encryption
27
Example 3.1: Encrypt the plaintext “secure” using Caesar cipher.
This cipher is a cryptosystem with;
K = {i|i an integer such that 0 ≤ i ≤ 25}
E = {EK| k ∈ K and for all p ∈ P} Ek (p) = (p + k) mod 26
Plain text  (Encryption) Cipher text
i.e.,
The table 3.1represents each letter by its position in the alphabet (with A in position 0 and
so on)
Table 3.1: Alphabets and their positional values
0
1
2
3
4
5
6
7
8
9
10
11
12
A
B
C
D
E
F
G
H
I
J
K
L
M
13
14
15
16
17
18
19
20
21
22
23
24
25
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
For example the plaintext “secure” is encrypted as;
Encryption: Key K = 3
Plaintext
Position value (P)
Encryption C= (P+K)
Ciphertext (C)
S
18
21
V
E
04
07
H
C
02
05
F
U
20
23
X
R
17
20
U
E
07
07
H
Plaintex is “secure” → Ciphertext is “VHFXUH”
Decryption: For decryption;
D = {Dk | k ∈ K and for all c ∈ C
Dk(c) = (26 + c – K) mod 26}
Each Dk simply invert the corresponding Ek
i.e, Cipher text → (Decryption) → Plain text
Cipher
Position value (C)
Decryption P = (C-K)
Plaintext (P)
V
21
21 – 3 = 18
s
H
07
7–3=4
e
F
05
5–3=2
c
X
23
23 – 3 = 20
u
U
20
20 – 3 = 17
r
H
07
7–3=4
e
Ciphertext is “VHFXUH”  Plaintext is “secure”
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
28
3.3
CRYPTOGRAPHY AND NETWORK SECURITY
SYMMETRIC KEY ENCRYPTION
Fig. 3.1: General idea of symmetric key encryption
In a symmetric key encryption a single key is used for both encryption and decryption
process. If P is the plaintext, C is the ciphertext, and K is the key as in figure 3.1.
The encryption algorithm is;
C = Ek (P)
This creates the ciphertext C from the plaintext P. The decryption algorithm P = Dk(C)
creates the plaintext P from the ciphertext C.
In the late 1940s Claude Shannon laid out some good design criteria for symmetric
ciphers. First he considered Kirckhoff’s principle. It states that the security of a cryptosystem
should depend solely on the secrecy of the key. Another way of putting it is that a method of
secretly coding and transmitting information should be secure even if everyone knows how it
works. Based on Kirchoff’s law one should assume that the adversary knows the cryptographic
algorithm. The resistance of the cipher to attack must be based only on the secrecy of the key.
In other words if the algorithm is available for an attacker, should be so difficult to break the
security by guessing the key. Second, Shannon emphasized that a good cipher should incorporate
both confusion and diffusion. By confusion we mean that a cipher should hide local patterns in
language from an attacker. By diffusion we mean that the cipher should mix around different
parts of the plaintext, so that nothing is left in its original position.
3.4
CLASSIFICATIONS OF TRADITIONAL CIPHERS
Symmetric key ciphers are classified as substitution ciphers and transposition ciphers. The
encryption techniques under both substitution cipher and transposition cipher are shown in the
figure 3.2 below:
Fig. 3.2: Classifications of traditional ciphers
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
3.4.1
29
Substitution Ciphers
A substitution cipher replaces a character in the plaintext with another. Caesar cipher is a general
example for substitution cipher. In Caesar cipher if the key is 3, then the letter‘s’ is replaced
with V, and ‘e’ with H. If the character is a numerical digit 0 to 9, then 3 is replaced with 6 and 2
with 5. To perform mathematical operations on the plaintext and ciphetext, we assign numerical
values to each alphabetic character (upper or lowercase) as shown in figure 3.3.
Fig. 3.3: Representation of the numerical values of plaintext and ciphertext
Substitution ciphers can be categorized as:
1. Mono-alphabetic cipher
2. Poly-alphabetic cipher
3.4.1.1
Mono-alphabetic Cipher
A mono-alphabetic cipher is a substitution cipher. It takes a letter of an alphabet and substitute it
with another letter, this way a ciphertext is generated. The way of conversion is fixed. Always a
character of a plaintext will be replaced by the same ciphertext character in the entire ciphertext.
Example 3.2: Encrypt the plaintext message “secure” by mono-alphabetic cipher using
key K = 3.
A plaintext and its corresponding ciphertext is shown below.
Plaintext
Encryption → (P + K)mod26
Ciphertext
s → 18
(18+3)mod26
21 → V
e→4
(4+3)mod26
7→H
c→2
(2+3)mod26
5→F
u → 20
(20+3)mod26
23 → X
r → 17
(17+3)mod26
20 → U
e→4
(4+3)mod26
7→H
Plaintext: secure → Ciphertext: VHFXUH
In the example above the ciphertext obtained is a mono-alphabetic, because the both
plaintext e’s are encrypted as H.
The different types of mono-alphabetic ciphers are:
1. Additive cipher
2. Shift cipher
3. Multiplicative cipher
4. Affine cipher
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
30
CRYPTOGRAPHY AND NETWORK SECURITY
Additive Cipher
Additive cipher takes letters in a plaintext message and shift the letter through the alphabets by
some integer amount (key). An additive cipher is also known as Caesar cipher or shift cipher.
The additive cipher operation is depicted as in figure (3.4).
Fig. 3.4: Additive cipher
In additive cipher the encryption algorithm adds the key to the plaintext character
C = (P + K) mod 26
Where the plaintext character is assigned an integer in Z26. Any number greater than
the index Z26 loops back around, otherwise known as mod 26 secret key used to message
communication between the sender A and the receiver B is also an integer Z26 as in figure 3.3.
In the above process we can easily prove that the encryption and decryption are inverse of
each other. i.e, the plaintext received by B(PB) after the decryption of ciphertext is the same and
the one sent by A.
PB = (C – K) mod 26 = (P + K – K) mod 26 = P
Example 3.3: Using additive cipher with key 12 encrypt the message “secure” and decrypt
the encrypted message using the same key.
Encryption
Plaintext
Encryption
Ciphertext
s → 18
(18+12) mod 26
04 → E
e → 04
(04+12) mod 26
16 → Q
c → 02
(02+12) mod 26
14 → O
u → 20
(20+12) mod 26
06 → G
r → 17
(17+12) mod 26
03 → D
e → 04
(04+12) mod 26
16 → Q
After encryption the result is “EQOGDQ”. As one of the characteristics of mono-alphabetic
cipher the plaintext character ‘e’ is encrypted with the same character ‘Q’ in both the places.
Plaintext: secure → Ciphertext: EQOGDQ
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
31
Decryption
Ciphertext
Decryption
Plaintext
E → 04
(04 – 12) mod 26
18 → s
Q → 16
(16 – 12) mod 26
04 → e
O → 14
(14 – 12) mod 26
02 → c
G → 06
(06 – 12) mod 26
20 → u
D → 03
(03 – 12) mod 26
17 → r
Q → 16
(16 – 12) mod 26
04 → e
Ciphetext: EQOGDQ → Plaintext: secure
Shift Cipher
Shift cipher works by using the model operative to encrypt and decrypt the messages. The shift
cipher has a key K, which is an integer from 0 to 25. If the key is K, each letter in the plaintext
is replaced with the Kth letter following corresponding number (shift right). Decryption for the
given K, performs shift left operation.
Example 3.4: Using shift cipher with key 11 encrypt the plaintext message
“CRYPTOGRAPHY” and decrypt the ciphertext using the same key.
Key: K = 11
Plaintext: CRYPTOGRAPHY
Ciphertext: NCJAVZRCLASJ
Multiplicative Cipher
Multiplicative cipher uses the arithmetic operations such as multiplication and division for the
encryption and decryption process as shown in figure 3.5. For encryption operation multiply the
key (K) by plaintext and for decryption the division of the ciphertext by the same key.
Fig. 3.5: Multiplicative cipher
Encryption steps
1. Translate the message (plaintext) into corresponding number (ex: c = 2).
2. Multiply the number by key (K), (let K = 11, c = 2; c*K = 2*11= 22).
3. Reduce result to mod 26 and translate back into letter (ciphertext) 22 W.
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
32
CRYPTOGRAPHY AND NETWORK SECURITY
Decryption steps
1. Translate ciphertext into its corresponding number (ex: Q = 16).
2. Multiply number by the multiplicative inverse of K, K-1 (K-1= 19; 16*19=304).
3. Reduce mod26 and translate back to plaintext (304 =18 mod 26; 18 s).
Example 3.5: Encrypt the message “secure” using multiplicative cipher with a key = 11.
Also decrypt the ciphertext.
Encryption
Plaintext
Encryption
Ciphertext
s → 18
(18 x 11) mod 26
198
16 → Q
e → 04
(04 x 11) mod 26
44
18 → S
c → 02
(02 x 11) mod 26
22
22 → W
u → 20
(20 x 11) mod 26
220
12 → M
r → 17
(17 x 11) mod 26
187
05 → F
e → 04
(04 x 11) mod 26
44
18 → S
Plaintext:
secure
Ciphertext:
QSWMFS
Decryption: The possible multiplicative inverse of mod 26 are;
1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, and 25.
Table 3.2: Multipliers and their inverse
Number
1
3
5
7
9
11
15
17
19
21
23
25
Multiplicative 1
Inverse
9
21
15
3
19
7
23
11
5
17
25
Here are the possible multipliers and their inverse:
1 × 1 = 1;
1 mod 26
11 × 19 = 209;
1 mod 26
3 × 9 = 27;
1 mod 26
17 × 23 = 391;
1 mod 26
5 × 21 = 105;
1 mod2 6
25 × 25 = 625;
1 mod 26
7 × 15 = 105;
1 mod 26
For 2, there is no number mod 26 that 2 can be multiplied by that number will result 1
(or 1 mod 26). Hence 2 does not have an inverse.
Ciphertext
Decryption
Plaintext
Q → 16
16 × 11–1 mod 26 = 16 × 19 mod 26
304
18 → s
S → 18
18 × 11–1 mod 26 = 18 × 19 mod 26
342
04 → e
W → 22
22 × 11–1 mod 26 = 22 × 19 mod 26
418
02 → c
M → 12
12 × 11–1 mod 26 = 12 × 19 mod 26
228
20 → u
F → 05
05 × 11–1 mod 26 = 05 × 19 mod 26
95
17 → r
S → 18
18 × 11–1 mod 26 = 18 × 19 mod 26
342
04 →s
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
33
Affine Cipher
Affine cipher is obtained by combining both additive and multiplicative ciphers. It uses a
combination of both ciphers with a pair of keys K1 and K2. The key K1 is used for multiplicative
and key K2 is used for additive as shown in figure 3.6.
as;
Using pair of keys K1 and K2, the Affine cipher performs encryption or decryption operation
Encryption operation – C = (P × K1 + K2) mod 26
Decryption operation – P = (C – K2 + K1–1) mod 26
This also shows the relationship between the plaintext P and the ciphertext C.
Encryption steps
1. Convert the plaintext to number.
2. Multiply by multiplicative encryption key (K1) and reduce mod 26.
3. Add additive encryption key (K2) and reduce mod 26.
4. Convert number to equivalent ciphertext.
Decryption steps:
1. Convert ciphertext to number.
2. Subtract the additive inverse using key (K2), and reduce mod 26.
3. Multiply by the multiplicative inverse using the key (K1–1), and reduce mod 26.
{(K1) × (K1–1) = 1 (mod 26)}
4. Convert number to palintext.
Fig. 3.6: Affine cipher
Example 3.6: Use Affine cipher to show the encryption and description of the plaintext
“secure” with the key (5, 3).
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
34
CRYPTOGRAPHY AND NETWORK SECURITY
Encryption
Plaintext
Encryption
Ciphertext
s → 18
(18 × 5 + 3) mod 26
93
15 → P
e → 04
(04 × 5 + 3) mod 26
23
23 → X
c → 02
(02 × 5 + 3) mod 26
13
13 → N
u → 20
(20 × 5 + 3) mod 26
103
25 → Z
r → 17
(17 × 5 + 3) mod 26
88
10 → K
e → 04
(04 × 5 + 3) mod 26
23
23 → X
Plaintext: “secure” → Ciphertext: “PXNZKX”
Decryption
Ciphertext
Decryption
Plaintext
P → 15
(15 – 3) × 5–1 mod 26
12 × 21 mod 26
252
18 → s
X → 23
(23 – 3) × 5–1 mod 26
20 × 21 mod 26
420
4→e
N → 13
(13 – 3) × 5–1 mod 26
10 × 21 mod 26
210
2→c
Z → 25
(25 – 3) × 5–1 mod 26
22 × 21 mod 26
462
20 → u
K → 10
(10 – 3) × 5–1 mod 26
7 × 21 mod 26
147
17 → r
X → 23
(23 – 3) × 5–1 mod 26
20 × 21 mod 26
420
4→e
Ciphertext: “PXNZKX”  Plaintext: “secure”
3.4.1.2
Poly-alphabetic Cipher
In poly-alphabetic cipher each existence of a character in plaintext use different substitution
mapping (called multiple alphabets) on various portion of the plaintext. In the simplest case,
the different alphabets are used sequentially and then repeated, so the position of each plaintext
character in the source string determines which mapping is applied to it. Under different
alphabets the same plaintext character is thus encrypted to different ciphertext characters
precluding simple frequency analysis as per mono-alphabetic substitution.
For example ‘r’ is encrypted with ‘A’ in the beginning of the text and ‘Y’ at the middle.
Poly-alphabetic cipher is obtained by using a stream of sub-keys. Each sub-key depends
somehow on the position of the plaintext character, which uses that sub-key for encryption.
i.e, we requires more number of keys or a key stream as; ki = (k1, k2 …), where (i = 1, 2, 3 … ).
The key ki is used to encipher the ith character in the plaintext to create the ith character in the
ciphertext.
The different types of poly-alphabetic ciphers are:
1. Autokey cipher
2. Playfair cipher,
3. Vigenere cipher
4. Hill cipher.
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
35
Autokey Cipher
The autokey cipher is a polyalphabetic substitution cipher; that uses the plaintext itself as a key,
along with a keyword placed at the beginning of the plaintext. For the autokey cipher, the key
is a value K ∈ Z26, and the key stream generator sets l1 = k and generates subsequent key stream
elements by shifting the plaintext character by one position, that is li = xi–1, where the plaintext
is x1, x2, …. The ciphertext obtained by adding plaintext and key stream element mod26.
Since the sub-keys are automatically generated from the plaintext, the ciphertext character
changes for the same plaintext character.
Let the plaintext by; P = P1P2P3………
Sub-keys by; K = K1, P1, P2 ………
Ciphertext; C = C1C2C3………
The encryption and decryption process is represented as;
Encryption → Ci = (Pi + Ki) mod 26
Decryption → Pi = (Ci – Ki) mod 26
Example 3.7: Consider that A and B agreed to exchange a message ‘send password’ using
an auto-key cipher encryption method with K1 = 5.
The complete encryption process is explained in the following steps:
1. Replace each character in the plaintext by its integer value.
2. The first sub-key is added to generate the first ciphertext character.
3. Rest of the keys are generated as the plaintext characters are used.
Plaintext (P)
S
E
N
D
P
A
S
S
W
O
R
D
P’s value
18
04
13
03
15
00
18
18
22
14
17
03
Key streams
05
18
04
13
03
15
00
18
18
22
14
12
C’s value
23
22
17
16
18
15
18
10
14
10
05
20
Ciphertext
X
W
R
Q
S
P
S
K
O
K
F
U
Plaintext (P): “send password”  Ciphertext (C): “XWRQSPSKOKFU”
Playfair cipher
The Playfair Cipher is a manual symmetric encryption cipher invented in 1854 by Charles
Wheatstone, however its name and popularity came from the endorsement of Lord Playfair.
The Playfair cipher encrypts pairs of letters, instead of single letters as is the case with simpler
substitution ciphers such as the Caesar Cipher. To generate secret key a matrix of the order
of 5 × 5 using 25 alphabetic characters is constructed. The matrix is constructed by selecting
a keyword that does not contain any letter more than once. For example consider the word
‘keyword’, which does not contain any letter more than once. Now write the letter of that word
(keyword) in the first squares of the 5 × 5 matrix.
K E Y W O
R
D
Fig. 3.7: Five by five matrix for the generation of secret key
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
36
CRYPTOGRAPHY AND NETWORK SECURITY
Then fill the remaining space with the rest of the letters of the alphabet in order to reduce
the alphabet to fit, you can either omit ‘Q’ or replace I with J. The encryption and decryption
rules are as follows:
For Encryption:
K
E
Y
W
O
R
D
A
B
C
F
G
H
I
J
L
M
N
P
S
T
U
V
X
Z
Fig. 3.8: Secret key matrix
1. Group the message into a pair of letters. In the plaintext if both letters are same, add
‘x’ between them. Re-group the remaining letters. If there is only one letter in the
remaining in the last append ‘x’ to the last letter.
2. If the letter appears on the same row of the table, replace them with the letters to their
immediate right respectively, wrapping around to the left side of the row if necessary.
3. If the letter appears on the same column of the table, replace them with the letters
immediately below wrapping around to the top if necessary.
4. If the letters are on different rows and columns, replace them with the letters on the
same row respectively but at the other pair of corners of the rectangle defined by the
original pair. The order is important. The first letter of the pair should be replaced first.
For Decryption:
1. Ignore rule1.
2. In rule 2 and 3 shift up and left/right instead of down and right.
3. Rule 4 remains the same.
4. Drop any extra x’s that don’t make sense in the final message and locate any missing
Q’s or any I’s that should be J’s.
In each case the encryption algorithm takes a pair of characters from the plaintext and
creates pair of sub-keys by considering the above rules. The key stream depends on the position
of the character in the plaintext. This key stream is considered as the ciphertext.
Plaintext : Pi = P1P2 P3P4 ………
Two character pair = P1P2, P3P4, ……….
K = {(K1, K2), (K3, K4), ……}
Encryption → Ci = Ki
Ciphertext → C1 C2, C3 C4 , ……… = C1 C2 C3 C4 , ………
Decryption
Pi = Ki
Example 3.8: Encrypt the message “password” using Playfair cipher.
Use the secret key as in figure 3.8.
Grouping the message in to two characters; “pa, ss, wo, rd”
We need to insert an x between the two s’s, and x at the end. It gives; “pa, sx, sw, or, dx”
The ciphertext is obtained by following the rules 2, 3 and 4.
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
Plaintext
Ciphertext
Pa
NB
Sx
PZ
Sw
PO
Or
KC
Dx
BU
37
Fig. 3.9: Ciphertext in playfair cipher
Plaintext: “password” → Ciphertext: “NBPZPOKCBU”
Example 3.9: Encrypt the plaintext ‘send password’ using Playfair cipher use the secret
key in figure 3.8.
Plaintext: “send password”
Group the characters: “se, nd, pa, ss, wo, rd”
Add x: “se, nd, pa, sx, sw, or, dx”
Secret key matrix
for plaintext “se” the ciphertext is “MO”
for plaintext “nd” the ciphertext is “MA” for plaintext “pa” the ciphertext is “NB”
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
38
CRYPTOGRAPHY AND NETWORK SECURITY
For plaintext “sx” the ciphertext is “PZ”
For plaintext “sw” the ciphertext is “PO”
For plaintext “or” the ciphertext is “KC”
For plaintext “dx” the ciphertext is “BU”
Finally the ciphertext for the complete plaintext message is: “MO MA NB PZ PO KC BU”
Plaintext: “send password” Ciphertext: MOMANBPZPOKCBU
Vigenere cipher
The vigenere cipher, was proposed by Blaise de Vigenere, a French mathematician in the
sixteenth century. It is a polyalphabetic substitution based encryption technique. It uses a key
stream of length m, where we have 1 ≤ m ≤ 26. The following points are to be considered during
the selection of key stream.
In Vigenere cipher, to make brute force decryption impractical, the key should have at least
15 or 16 characters. Also it may be best if all letters of the key are distinct.
Duplicate the keys as many times as necessary so that the length of the (duplicated) key
matches the length of the plaintext. The key stream does not depend on the plaintext characters;
it depends only on the position of the characters in the plaintext.
The cipher can be described as follows;
The plaintext is – P = P1, P2, P3, ………
If K1, K2, ………. Km the initial secret key agreed to by both sender and the receiver, the
generated key stream using this initial secret key is K = [(K1, K2 ……… Km)(K1, K2 ……… Km) …..]
The ciphertext obtained out of this is C = C1, C2 , C3 ,…….
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
39
Symmetric Key Encryption
Encryption Ci = (Pi + Ki) mod 26
Decryption Pi = (Ci – Ki) mod 26
Example 3.10: Encrypt the message ‘send password’ using the five character keyword
“HELLO”. The initial key stream is:
Plaintext: “send password”
Key duplicated: “hello”
Plaintext (P)
s
e
n
d
p
a
s
s
w
o
r
d
P’s value
18
04
13
03
15
00
18
18
22
14
17
03
Key (duplicated) K
h
e
l
l
o
h
e
l
l
o
h
e
K’s value
07
04
11
11
14
07
04
11
11
14
07
04
Ci = (Pi + Ki) mod 26
25
08
24
14
03
07
22
03
07
08
24
07
Ciphertext(C)
Z
I
Y
O
D
H
W
D
H
I
Y
H
Plaintext: “send password”
Ciphertext: ZIYODHWDHIYH
Decryption:
To decrypt the message encrypted with vigenere keyword method, first write the key repeatedly.
Write the ciphertext beneath it. The decryption is performed by Pi = (Ci – Ki) mod 26.
Key (deplicated) K
h
e
l
l
o
h
e
l
l
o
h
e
K’s value
07
04
11
11
14
07
04
11
11
14
07
04
Ciphertext (C)
Z
I
Y
O
D
H
W
D
H
I
Y
H
C’s value
25
08
24
14
03
07
22
03
07
08
24
07
Pi = (Ci – Ki) mod 26
18
04
13
03
15
00
18
18
22
14
17
03
Ciphertext(C)
s
e
n
d
p
a
s
s
w
o
r
d
Ciphertext: ZIYODHWDHIYH
Plaintext: “send password”
Example 3.11: Encrypt the message “top secret message” using the key “wonderland”.
Plaintext: topsecretmessage
o
Palintext (P)
t
s
e
c
r
e
t
m
e
s
s
a
g
e
P’s value
19 14 15 18
4
2
17
4
19 12
4
18 18
0
6
4
Key (duplicated)K
w
n
d
e
r
l
a
n
d
w
o
n
d
e
r
K’s value
22 14 13
3
4
17 11
0
13
3
22 14 13
3
4
17
Ci = (Pi + Ki) mod 26
15 02 02 21
8
19 02 04 06 15
0
06 05 03 10 21
Ciphertext(C)
P
V
I
T
A
G
o
C
p
Key (duplicated): wonderland
C
Plaintext: “top secret message”
C
E
G
P
F
D
K
V
Ciphertext: PCCVITCEGPAGFDKV
Hill Cipher
Hill cipher is a polyalphabetic cipher based on liner algebra. It uses more advanced mathematics
as well as encryption and decryption scheme. Hill cipher solves the frequency distribution
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
40
CRYPTOGRAPHY AND NETWORK SECURITY
problem as in Caesar cipher. In both encryption and decryption process, a numerical value is
assigned to each letter of plaintext characters.
For the encryption process the given plaintext message is divided into blocks of size ‘n’
(where n is an integer). Therefore Hill cipher is also considered as block cipher. These blocks
are written as a column vector, and it is multiplied by any invertible matrix of size (n x n). The
encryption matrix must be invertible because its inverse will be used to decrypt the ciphertexts
created by Hill cipher. The invertibility of the encryption matrix shows that its determinant
value must not be zero.
During encryption the plaintext blocks are encrypted one at a time in such a way that each
character in the block contributes to the encryption of other characters in the block. This is
performed by using a square matrix of size n x n as a key. Where n is the size of the plaintext
block and the elements of a key matrix K is represented as Kij in the figure 3.9(a).
 K11K12 …. K1n 
 K 21K 22 …. K 2 n 


K = . . …. . 
. . …. . 
 K n1K n 2 …. K nn 
Fig. 3.9(a). The key used in hill cipher
For the encryption of one block of plaintext;
The n-characters in the plaintext block is P1P2….Pn
The resulting ciphertext are; C1C2….Cn, which is obtained as;
Where,
C1   P1   K11 K12 … . K1n 
C   P   K K …. K 
2n 
 2   2   21 22
.  = .  × . . …. . 
    

.  .  . . …. . 
Cn   Pn   K n1K n 2 …. K nn 
C1 = P1K11 + P2K21 + … PnKn1
C2 = P1K12 + P2K22 + … PnKn2
.
.
.
.
.
.
.
.
Cn = P1K1n + P2K2n + … PnKnn
The resulting ciphertext character Ci = C1C2 …. Cn depends on all plaintext character
Pi = P1P2 …. Pn in the block. To obtain the cipher the message sender and receiver have to
carefully select the key, because not all square matrices have multiplicative inverse in Z26. If
matrix does not have a multiplicative inverse the receiver cannot decrypt the message.
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
41
Hill cipher encryption algorithm steps:
The steps used to encrypt the message are as follows;
 K11 K12 …. K1n 
 K K …. K 
2n 
 21 22


.
.
….
.
Step 1: Choose a n x n encryption matrix, say K =


. . …. . 
 K n1K n 2 …. K nn 
The conditions for the selection of this n × n matrix is;
(i) The determinant of the matrix K should not be zero; | K | ≠ 0
(ii) The determinant of the matrix K, (| K | ) is also to be relatively prime to 26.
Step 2: Split the plaintext message into block of size ‘n’ (ignoring spaces). Convert them
into numerical values and align them as column vectors. If the length of the
plaintext is not evenly divisible by ‘n’ add a previously decided character to the
end of the string, until the plaintext is evenly divisible by ‘n’.
Step 3: Multiply each of these column vectors by the encryption matrix and take modulo
26 of the result.
Step 4: Convert each of the matrices obtained in step 3 to their alphabetical vectors and
combine them to produce the ciphertext.
Hill cipher decryption algorithm steps
Now the receiver has the ciphertext message and the encryption key. Using this he can decrypt
the ciphertext to produce plaintext. The decryption algorithm is essentially the same as the
encryption algorithm, except that we use K–1 in place of K.
Since C = KP and K is invertible we can calculate P = K–1C
We will call D = K–1
The decryption matrix so is DC = P. This inverse is the inverse modulo 26.
Step 1: Find D = K–1 (mod 26). This is the decryption key.
Step 2: Convert the ciphertext into the matrix C.
Step 3: Calculate DC = P.
Step 4: Convert the matrix P to its equivalent plaintext message. Insert the appropriate
spaces and punctuation symbols.
Hill cipher invertible matrix selection
The procedure for the selection of a 3 × 3 invertible matrix K to encrypt data and another 3 × 3
invertible matrix A to decrypt data is as follows;
2 3
1

Matrix K might be selected as K = −3 2 1 


 2 −1 3
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
42
CRYPTOGRAPHY AND NETWORK SECURITY
Calculate the determinant of K
1. det
2 1
= + 1 × (2 × 3 – (–1 × 1)) = 7
−1 3
2. det
−3 1
= – 2 × ((–3 × 3) – (2 × 1)) = 22
2 3
3. det
−3 2
= + 3 × ((–3 × –1) – (2 × 2)) = –3
2 −1
det K = 7 + 22 – 3 = 26
26 mod 26 = 0
In the inverse table (Table 3.2) there is no entry for 0, so there is no modular inverse. Due
to this reason matrix K cannot be selected, the message can be encrypted by using matrix K,
there would no way to decrypt them.
2 −2
1

If the matrix K is modified as K =  −2 3 1 
3
−1 2 
Its determinant is found as;
1. det
3 1
= + 1 × ((3 × 2) – (–1 × 1)) = 7
−1 2
2. det
−2 1
= – 2 × ((–2 × 2) – (3 × 1)) = 14
3
2
3. det
−2 3
= –2 × ((–2×1) – (3 × 3)) = 14
3 −1
det K = 7 + 14 + 14 = 35
35 mod 26 = 9
In the inverse table (Table 3.2) the modular inverse of 9 is 3.
To calculate A (where A = 3 adj k) we have to multiply the adj. K by modular inverse of det
|K| for mod (m) and then calculate mod (m) for the entries in the resulting matrix.
adj. K is calculated as;
C11 = + det
3 1
= ((3 × 2) – (– 1 × 1)) = 7
−1 2
C12 = − det
−2 1
= ((–2 × 2) – (3 × 1)) = 7
3 2
C13 = + det
−2 3
= ((–2 × –1) – (3 × 3)) = –7
3 −1
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
Symmetric Key Encryption
C21 = − det
2 −2
= –((2 × 2) – (– 1 × –2)) = –2
−1 2
C22 = + det
1 −2
= ((1 × 2) – (– 2 × 3)) = 8
3 2
C23 = − det
1 2
= –((1 × 1) – (3 × 2)) = 7
3 −1
C31 = + det
2 −2
= ((2 × 1) – (3 × –2)) = 8
3
1
C32 = − det
1 −2
= – ((1 × 1) – (– 2 × – 2)) = 3
1
−2
C33 = + det
1 2
= ((1 × 3) – (– 2 × 2)) = 7
−2 3
43
 7 7 −7 
The resulting new matrix is C =  −2 8 7 


 8 3 7 
 7 −2 8

8 3
The adj.K is the transpose of matrix C = CT =  7
 −7 7 7 
The modular inverse of K is: A = 3 × adj K
The modular inverse of matrix K; A = 3 × adj K
 7 −2 8  21 −6 24

8 3 =  21 24 9
A =3×  7
 −7 7 7   −21 21 21
 21 −6 24

A =  21 24 9 mod 26
 −21 21 21
 21 20 24


=  21 24 9
 5 21 21
 21 20 24


The modular inverse of matrix K; K –1 =  21 24 9
 5 21 21
EBSCOhost – printed on 3/21/2024 11:37 AM via SOUTHERN NEW HAMPSHIRE UNIVERSITY. All use subject to https://www.ebsco.com/terms-of-use
44
CRYPTOGRAPHY AND NETWORK SECURITY
Also this is the key matrix to be used to decrypt a message encrypted by Hill cipher using
the matrix;
 1 2 −2
 −2 3
1

 3 −1 2
 1 2 −2
 21 20 24



1
To check that 21 24 9 is a modular inverse of  −2 3


 3 −1 2
 5 21 21
 21 20 24  1 2 −2

 
1
=  21 24 9 ×  −2 3
 5 21 21  3 −1 2
24 + 18 − 42
 21 + 42 − 10 20 + 48 − 42

=  −42 + 63 + 5 −40 + 72 + 21 −48 + 27 + 21
 63 − 21 + 10 60 − 24 + 42
72 − 9 + 42
0  1 0 0
 53 26
 26 53
0  = 0 1 0  = I
= 
 52 78 105 0 0 1
0
 53 26
 26 53
0  mod 26 = I

 52 78 105
Example 3.12: Encrypt the message “send password” using Hill Cipher. The encryption
 1 2 −2

1 .
matrix is K =  −2 3
 3 −1 2
Encryption
To encrypt divide the plaintext into a block of size three characters and assign their values.
The plaintext is “send password”
S
18
E = 4 ,
N
13
D
3
P = 15 ,
A
0
S
18
S = 18 ,
W
22
O
14
R = 17
D
3
0
0
A
 1 2 −2 18  18 +