Summary of "Cryptography & Network Security | Unit-1 | One Shot | KCS-074 | Aktu Exams | PYQ Solutions | CN"

Overview

Coverage: Unit 1 of CNS (Cryptography & Network Security), course code KCS-074.
Focus areas: basic security concepts, attacks, cryptographic primitives, classical ciphers, block & stream ciphers, cryptanalysis, steganography, DES, Playfair and Hill ciphers, and practical requirements (e.g., encrypted tunnels).
Includes solved past-year questions (PYQs) and exam-oriented points.

Key definitions and fundamentals

Security: protecting something valuable (data, systems) from harm or unauthorized access.

Security attack: attempt to harm, read, modify, destroy or disrupt systems/data.
- Passive attack: attacker only observes or reads data (e.g., eavesdropping, reading messages on a stolen phone). Does not alter system resources.
- Active attack: attacker modifies, injects, destroys, or disturbs communications (e.g., inserting error bits, modifying messages).
CIA triad (security services):
- Confidentiality — only authorized users can read data.
- Integrity — information remains correct and unmodified.
- Availability — data and services are available when needed.

Security mechanisms / primitives

Encryption: convert readable plaintext into unreadable ciphertext so unauthorized parties cannot understand it.
Decryption: reverse process using a key to recover plaintext.
Keys: control encryption/decryption (analogy: lock & key).
Digital signature: verify origin/authenticity and provide non-repudiation.
Hash function: maps data to a fixed-size string (analogy: fingerprint); used for integrity checks.

Cryptography basics

Plaintext — readable original message.
Ciphertext — unreadable transformed message (after encryption).
Cryptography: methods to convert between plaintext and ciphertext to protect information.

Types of cryptography:

Symmetric-key cryptography
- Same key used for encryption and decryption.
- Pros: fast, efficient (example: AES).
- Cons: secure key distribution and compromise risk.
Asymmetric-key cryptography
- Different keys: public key for encryption, private key for decryption.
- Pros: solves key distribution problem.
- Cons: slower than symmetric methods (example: RSA).

Other concepts:

Hashes, digital signatures, and steganography can be combined for hiding and protecting content.
Application examples: online banking, secure email, secure communications.

Requirements for an encrypted tunnel

Encryption: ensure only authorized users can read/update data.
Authentication: both ends must verify each other (confirming identities/credentials).

Classical ciphers

Substitution ciphers

Concept: replace each plaintext symbol with a different symbol/letter.
Caesar cipher: shift alphabet by a fixed number (commonly shift = 3).
- Example: “HELLO” shifted by +3 → “KHOOR”. Decryption shifts back by the same amount.
Types: monoalphabetic (single fixed substitution) and polyalphabetic (multiple substitutions/alphabets, e.g., Vigenère).

Transposition ciphers

Concept: rearrange letters of plaintext without substituting them (reordering).
Example method: write plaintext in rows in a grid, then read column-wise to form ciphertext.
Decryption reverses the reordering (e.g., read column-wise back to rows).

Steganography

Definition: hiding secret data inside another medium (images, audio, video, or text) so the presence of hidden data is not obvious.
Methods: text steganography, image steganography (embed into pixel least-significant bits), audio, and video steganography.
Uses: covert communication, watermarking. Can be combined with cryptography (hide + encrypt for confidentiality).

Cryptanalysis — goal and methodology

Goal: recover plaintext or keys from ciphertext without knowledge of the key.
General methodology:
- Find weaknesses in the encryption algorithm or its implementation.
- Guess or infer the encryption key.
- Decrypt ciphertexts or obtain useful information without the key.

Common attack models:

Ciphertext-only attack: attacker has only ciphertext (most challenging).
Known-plaintext attack: attacker knows some plaintext–ciphertext pairs.
Chosen-plaintext attack: attacker can choose plaintexts and obtain corresponding ciphertexts.
Chosen-ciphertext attack: attacker can generate ciphertexts and see decrypted output (where applicable).

Block ciphers and modes of operation

Block cipher: encrypts fixed-length blocks of data (e.g., 64-bit blocks in classical ciphers).
Modes covered: ECB, CBC, CFB, CTR.

ECB (Electronic Codebook)

How: divide plaintext into blocks and encrypt each block independently.
Pros: simplest, parallelizable.
Cons: identical plaintext blocks produce identical ciphertext blocks → pattern leakage.

CBC (Cipher Block Chaining)

How: each plaintext block is XORed with previous ciphertext block before encryption; uses an Initialization Vector (IV) for the first block.
Pros: hides repeated-block patterns; more secure than ECB.
Cons: sequential (less parallel), IV management required.

CFB (Cipher Feedback)

How: turns a block cipher into a stream cipher by encrypting an IV (or previous ciphertext) and XORing with plaintext; works on smaller bit units (s bits).
Operation: encrypt IV, take s most-significant bits of output, XOR with plaintext → ciphertext; shift register updates with new bits.
Uses: useful for streaming and smaller-unit encryption.

CTR (Counter mode)

How: encrypt successive counter values (nonce + counter), XOR with plaintext blocks; counters increment per block.
Pros: very fast, parallelizable.
Cons: nonce/counter reuse is catastrophic (must be unique).

Stream ciphers

Encrypt data one bit (or byte) at a time using a keystream generator; encryption is typically bitwise XOR between plaintext and keystream.
Pros: low latency, no padding.
Cons: synchronization issues (keystream alignment), keystream reuse vulnerability.

Shannon’s principles: confusion and diffusion

Confusion: make the relationship between the ciphertext and the key complex; small changes in the key should unpredictably affect ciphertext.
Diffusion: spread plaintext statistics across ciphertext so small plaintext changes affect many ciphertext bits.
Both principles are required for strong encryption.

Worked example: Caesar cipher decryption

Encryption: shift letters forward by a fixed amount (e.g., +3).
- Example: “HELLO” → “KHOOR” with shift +3.
Decryption: shift letters back by the same amount.
- Example from the video: given ciphertext and shift = 3, decryption produced “MEET ME”.

Playfair cipher — algorithm and detailed steps

Create a 5×5 matrix:
- Fill with key letters left to right, top to bottom.
- Fill remaining cells with the rest of the alphabet (I and J combined).
Prepare plaintext:
- Split plaintext into pairs of letters.
- If a pair has the same letter twice, insert an ‘X’ between them.
- If an odd letter remains at the end, pad with ‘Z’ (or specified padding).
Encryption rules:
- Same row: replace each letter with the letter immediately to its right (wrap to row start if at end).
- Same column: replace each letter with the letter immediately below it (wrap to top if at bottom).
- Rectangle: if letters form corners of a rectangle, replace each letter with the letter in the same row but at the other corner.
Decryption: apply the reverse rules (right → left, below → above, rectangle rule symmetric).

Data Encryption Standard (DES) — overview & workings

Basic facts:
- Block size: 64-bit plaintext → 64-bit ciphertext.
- Key: 64-bit input with 8 parity bits (effective key length 56 bits).
High-level steps:
1. Initial Permutation (IP) reorders plaintext bits.
2. Split into left (L) and right (R) 32-bit halves.
3. 16 rounds of Feistel-like processing; each round uses a 48-bit subkey.
  - Key schedule:
    - PC-1: permute & drop parity bits → 56 bits.
    - Split into C and D (28 bits each).
    - Perform left circular shifts per round.
    - PC-2: select/compress to 48-bit subkey for that round.
  - Round function: expansion, key mixing, substitution (S-boxes), permutation.
4. Combine halves after 16 rounds and apply Final Permutation (inverse of IP).
Key points: 16 rounds, PC-1 & PC-2, left circular shifts, uses substitution & permutation for confusion and diffusion.

Hill cipher — method (matrix-based)

Steps:
1. Map letters to numbers, e.g., A = 0, B = 1, …, Z = 25 (arithmetic mod 26).
2. Choose an invertible n×n key matrix (mod 26).
3. Group plaintext into blocks of size n and convert each block to a column vector.
4. Compute ciphertext vector = (Key matrix × plaintext vector) mod 26.
5. Convert resulting numbers back to letters.
Requirement: key matrix must be invertible modulo 26 (determinant coprime with 26).

Advantages / disadvantages (recap)

Symmetric:
- Pros: fast, efficient.
- Cons: secure key distribution, single-key compromise exposes all communications.
Asymmetric:
- Pros: solves key distribution via public keys; private keys keep secrecy.
- Cons: slower performance, higher computational cost.
Block vs stream:
- Block ciphers: operate on fixed-size blocks; may require padding.
- Stream ciphers: operate bit-by-bit; suitable for streaming data.
- Each approach has distinct performance and security tradeoffs.

Practical tips & exam-oriented points

Be able to explain CIA, encryption/decryption, and key concepts.
Know examples and comparisons of symmetric vs asymmetric systems.
Be able to describe/diagram DES flow (IP, 16 rounds, key schedule, final permutation).
Know steps for Playfair and Hill cipher problems (matrix creation, pairing/padding, encryption rules, matrix multiplication mod 26).
Understand block cipher modes (ECB, CBC, CFB, CTR), IV use, security implications, and pros/cons.
For cryptanalysis, know differences between ciphertext-only, known-plaintext, chosen-plaintext, and chosen-ciphertext attacks and the typical attacker methodology.

Speakers / sources referenced

Video speaker: channel host / instructor (unnamed).
Algorithms and references mentioned:
- Caesar cipher
- Claude Shannon (confusion & diffusion)
- AES (example of symmetric algorithm)
- RSA (example of asymmetric algorithm)
- DES (detailed presentation)
- Playfair cipher (algorithm & example)
- Hill cipher (linear algebra method)
Course/context: CNS (Cryptography & Network Security), subject code KCS-074; AKTU exams / PYQs referenced.

Further help (optional)

If needed, the following can be prepared:

A concise one-page cheat-sheet for Unit 1 (definitions, formulas, key diagrams for DES, Playfair steps).
Worked examples for Playfair, Hill, or DES key schedule with step-by-step calculations.