Cryptography and Network Security Fundamentals

Posted on Nov 29, 2025 in Information Consulting and Management

Cryptanalysis: Principles and Attacks

Definition

Cryptanalysis is the process of studying and breaking encryption to recover plaintext or the secret key without knowing the key.

Purpose

The purpose of cryptanalysis is to find weaknesses in a cryptographic algorithm, recover hidden plaintext or keys, check how strong the encryption is, and determine how easily an attacker can exploit the system.

Working Process

  1. Attacker collects ciphertext.
  2. Makes guesses or analyzes patterns in the encryption.
  3. Tries decrypting ciphertext using possible keys or techniques.
  4. When meaningful plaintext appears, the key is discovered.
  5. The recovered message is verified for correctness.

Example: Caesar Cipher

In Caesar Cipher, ciphertext “KHOOR” is attacked by trying all 26 shifts.
Shift 3 gives “HELLO,” so the ciphertext is cracked and the key is recovered.

Differential Cryptanalysis

Differential cryptanalysis is an advanced attack where the attacker studies how differences in plaintext input produce differences in ciphertext output.
By analyzing these input–output differences, the attacker identifies patterns that expose information about the secret key.
This method is mainly used to attack block ciphers like DES.

Differential Cryptanalysis Example

If two plaintexts differ slightly, and the attacker observes predictable differences in their ciphertexts, these patterns help deduce key bits.

Secure Hash Algorithm (SHA)

Definition

SHA converts any input to a fixed-size, irreversible hash ensuring data integrity.

Working Process

  1. Pad message.
  2. Split into blocks.
  3. Perform bitwise operations and compression rounds.
  4. Output a fixed hash (160/256/512-bit).

Note: A 1-bit change in input results in a full hash change (Avalanche Effect).

Features

  • One-way function
  • Fixed output size
  • Avalanche effect
  • Collision-resistant
  • Fast computation
  • Used in TLS/blockchain

Merits

  • Strong integrity assurance
  • Hard to brute-force
  • Fast processing
  • Secure for digital signatures
  • Reliable

Demerits

  • SHA-1 is considered weak
  • SHA-512 is computationally heavy on low-power devices
  • Not suitable alone for password storage (needs salting)
  • Requires more computation compared to lightweight hashes

Example

“hello” produces a unique SHA-256 hash.
“Hello” produces a totally different hash due to the avalanche effect.

Document Structure Summary

This document provides a highly compressed summary of key concepts, designed for quick reference:

  • No extra line gaps
  • Concise headings
  • No empty margins
  • Sections summarized in 1–2 lines
  • Perfect for a small pocket cheat-sheet.

Message Authentication and MAC Protocols

Message Authentication (MA)

MA ensures that a message is from the real sender and not modified during transmission.
It provides:

  • Integrity (data unchanged)
  • Origin Authentication (correct sender verification)
  • Non-repudiation (sender cannot deny sending the message)

Working Process (Short)

  1. Sender generates an authentication code.
  2. Code is attached to the message.
  3. Receiver recomputes the code.
  4. If both codes match, the message is authentic.

Attacks on Message Authentication

  1. Modification Attack: Attacker changes message contents.
  2. Replay Attack: Attacker resends a valid old message.
  3. Masquerade Attack: Attacker pretends to be a legitimate sender.
  4. Man-in-the-Middle Attack: Attacker intercepts and alters messages between sender and receiver.
  5. Sequence Attack: Reordering, deleting, or adding extra packets.

Message Authentication Code (MAC)

A MAC is a short, fixed-length code generated using the function:
MAC = F(secret key, message)
It is used for integrity and authentication.

How MAC Works

Sender: MAC = H(K, M)

Receiver: Recomputes H(K, M)

If the recomputed MAC matches the received MAC, the message is authentic.

ASCII Diagram (Compact)

Sender:  Message + Key → MAC → Send {Message, MAC}
Receiver: Message + Key → MAC' → Compare MAC' with MAC

Features of MAC

  • Uses a shared secret key
  • Provides integrity and authentication
  • Short, fixed-size code
  • Prevents tampering and impersonation
  • Faster than digital signatures

Merits

  • Simple and fast implementation
  • Strong integrity protection
  • Hard to forge without the key
  • Efficient for large data transmission
  • Good for real-time systems (e.g., SSL/TLS)

Demerits

  • Requires a shared secret key
  • No non-repudiation (sender can deny)
  • Key distribution problem
  • One key used by both parties, increasing risk if leaked

Example

Message = “Pay Rs. 1000”
Key = “K9”
MAC = H(“K9”, “Pay Rs. 1000”) = AF23BCD1 (example)
Any tiny change in the message produces a totally different MAC.

Digital Signature Standard (DSS)

DSS is a government standard for creating digital signatures using public-key cryptography to provide authentication, integrity, and non-repudiation. It uses SHA to create a hash of the message, and DSA (Digital Signature Algorithm) to sign that hash using the sender’s private key. The receiver verifies the signature using the sender’s public key.

Working Process

Message → SHA hash → Sign with private key → Signature sent → Receiver verifies using public key; if the hash matches, the message is authentic and unchanged.

Features

  • Uses SHA + DSA
  • One-way hashing
  • Public-key verification
  • Ensures integrity and authentication
  • Unique signature per message
  • NIST standard

Merits

  • High security
  • Detects tampering
  • Provides non-repudiation
  • Small signature size
  • Widely used in government and banking

Demerits

  • Slower than MAC
  • Complex key management
  • SHA-1 version is weak
  • Heavy for very small devices

Example

Message “Pay 5000” → SHA-256 hash → signed with private key → receiver verifies via public key → confirms sender identity and integrity.

Pretty Good Privacy (PGP) Key Management

PGP (Pretty Good Privacy) is an encryption system that secures email and files by using both symmetric and asymmetric keys together. PGP creates a session key (a random symmetric key) to encrypt the message because symmetric encryption is fast. The session key is then encrypted using the receiver’s public key and sent along with the message. The receiver uses their private key to decrypt the session key, and then uses that session key to decrypt the actual message.

Key Roles

  • Session Key: A one-time, randomly generated symmetric key used to encrypt the message content quickly.
  • Public Key: The receiver’s public key encrypts the session key; anyone can use it to send secure messages.
  • Private Key: The receiver’s secret key used to decrypt the session key and then the message; must be kept confidential.

Process Summary

Message → encrypted with session key → session key encrypted with receiver’s public key → receiver decrypts session key with private key → decrypts message.

Why PGP Uses Both

Symmetric (session key) is used for speed; Asymmetric (public/private) is used for secure key exchange.

Firewalls and Network Security Types

A firewall is a network security device or software that monitors and controls incoming and outgoing traffic based on predefined security rules. It acts as a barrier between a trusted network and an untrusted network (like the Internet) to prevent unauthorized access.

Types of Firewalls

  1. Packet-Filtering Firewall: Checks source/destination IP, port, and protocol; fast but limited; no deep inspection.
  2. Stateful Inspection Firewall: Tracks connection states; more secure than packet filtering; monitors the full session.
  3. Proxy Firewall (Application-Level): Works at the application layer; inspects content; provides high security but is slower.
  4. Circuit-Level Gateway: Verifies TCP handshakes; ensures session legitimacy; performs no deep content checking.
  5. Next-Generation Firewall (NGFW): Includes deep packet inspection, intrusion prevention, and application control; most advanced.
  6. Software Firewall: Installed on individual devices; protects single systems.
  7. Hardware Firewall: Dedicated physical device for network-level protection.

SSL/TLS Handshake Protocol

The SSL Handshake Protocol is the process used to establish a secure encrypted connection between a client and a server. It authenticates the server (and optionally the client), agrees on encryption algorithms, and securely exchanges the session key used for encryption.

Steps (Compact)

  1. ClientHello: Client sends SSL/TLS version, supported cipher suites, and a random number.
  2. ServerHello: Server selects the SSL/TLS version and cipher suite, and sends its random number.
  3. Server Certificate: Server sends its public-key certificate for authentication.
  4. ServerHelloDone: Server ends its initial messages.
  5. ClientKeyExchange: Client generates a pre-master secret and encrypts it using the server’s public key.
  6. Master Secret: Both parties compute the master secret and derive the session key.
  7. ChangeCipherSpec: Both switch to encrypted mode.
  8. Finished Messages: Encrypted confirmation messages are exchanged, and the secure session is established.

ASCII Diagram (Compact)

Client → ClientHello ------------------------------→ Server
Client ← ServerHello + Certificate + HelloDone ←--- Server
Client → ClientKeyExchange (Pre-Master Secret) ----→ Server
Client → ChangeCipherSpec + Finished --------------→ Server
Client ← ChangeCipherSpec + Finished -------------- Server
>>> Secure Encrypted Session Established <<<

Denial of Service (DoS) Attack Tools

DoS (Denial of Service) attack tools are software utilities used to flood a target system or network with excessive traffic, exhausting its resources and making it unavailable to legitimate users. These tools generate huge volumes of packets, fake requests, or malformed data to crash or slow down the victim system.

Common DoS Tools

  • LOIC (Low Orbit Ion Cannon): Sends massive TCP/UDP/HTTP floods; easy to use.
  • HOIC (High Orbit Ion Cannon): Stronger than LOIC; supports multiple booster scripts; powerful HTTP flooding.
  • Hping / Hping3: Command-line tool; sends crafted TCP, UDP, and ICMP packets for DoS testing.
  • Slowloris: Sends partial HTTP requests slowly to exhaust web server threads; very effective on Apache.
  • Tor’s Hammer: Python-based slow HTTP POST attack tool; hides identity using TOR.
  • Xoic: Performs UDP, TCP, and HTTP DoS attacks with a simple GUI.
  • R-U-Dead-Yet (RUDY): Slow-rate POST attack targeting web application form fields.
  • UDP Flood Tools: Specialized utilities for high-volume UDP packet floods.
  • Ping of Death Tools: Send oversized ICMP packets to crash older systems.
  • Smurf Attack Tools: Use spoofed ICMP broadcast packets to overwhelm the victim.