CTEC5801: Exploring Vigenere Cipher & Data Security Best Practices

Verified

Added on 2023/04/21

AI Summary

This assignment solution covers the implementation of the Vigenere cipher in C, discussing its encryption and decryption processes, robustness, and vulnerabilities. It also delves into data security, emphasizing the importance of complete data erasure and detailing methods for recovering and securely deleting data. The report examines the limitations of standard deletion functions, the potential for data recovery, and the effectiveness of data erasure software. Furthermore, it highlights the significance of good data erasure methods in preventing data breaches, complying with data privacy laws, and addressing environmental concerns associated with physical destruction of storage devices, while also acknowledging the limitations of software-based methods. Desklib provides access to this assignment and many other resources for students.

FOUNDATIONS OF CYBER SECURITY
Combined Coursework
Module: CTEC5801

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 1: Implementing the Vigenere cipher in a C program.
Below is the implementation of the cipher in C.
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <process.h>
//functions to be used in the program
void cipher(char *,char *);
void encrypt();
void decrypt();
main()
{
int choose;
//User’s choice taken and the necessary function called.
while(1)
{
printf("Enter 1 to encrypt the Text\n");

printf("Enter 2 to decrypt the Text\n");
printf("Enter 3 to exit\n");
printf("Choose one of the above :\n ");
scanf("%d",&choose); //stores the choice
fflush(stdin);//clears the screen
if(choose == 3) //selection statement
exit(0);
else if(choose == 1)
encrypt(); //calls the encryption function when the conditions
are met.
else if(choice == 2)
decrypt(); //calls the decrypt function
else
printf("Invalid choice\n");
}
return 0;
}

void encrypt() //contents of the encrypt function
{
int a;
int b; //variable declaration
char EnteredText[100];
char keyword[27];
printf("Please input the text you want to encrypt :\n ");
gets(input);
printf("Please Enter the Encryption keyword:\n ");
gets(keyword);
for(a=0,b=0;a<strlen(EnteredText);a++,b++)
{
//The key is repeated when the end is reached.
if(b>=strlen(keyword))
{
b=0;

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

}
//Encryption happens by adding character from the text to the
character from the key%26
printf("%c",65+(((toupper(EnteredText[a])-65)+(toupper(keyword[b])-
65))%26));
}
}//
void decrypt()// decryption function
{
int a,b;
char EnteredText[100];
char keyword[26];
int output;//stores the value.
printf("Which text do you want to decrypt? :\n ");
gets(EnteredText);
printf("Enter Decryption Key :\n ");
gets(keyword);

for(a=0,b=0;a<strlen(EnteredText);a++,b++)
{
//This loop is for repeating the keyword when the end is reached.
if(b>=strlen(keyworld))//selection statement
{
j=0;
}
//This is the same as decrypting, only that this time it is
subtraction
output = (toupper(EnteredText[a])-64)-(toupper(key[b])-64);
//Rotate the value backwards if negative and add it to 26
if( output < 0)//selection statement
{
output = 26 + value;
}

printf("%c",65 + (output % 26));
}
}
Introduction
The program presents the user with a choice of decrypting or encrypting a message using the
Vigenere Cipher. If the user chooses to encrypt a message, the program prompts them to enter
the phrase or text they wish to encrypt. The program then asks for the keyword that users can use
to decrypt or encrypt the phrase. The program, finally, encrypts or decrypts the text and displays
the result. According to Aumasson1, it is a type of polyalphabetic cipher that works with
substitution.
Robustness of the cipher
According to Krawczyk2, the Cipher was hard to break when it first came to existence. This is
because it used all the 26 letters of the alphabet. Frequency analysis of letters is not common in
the cipher hence it offers resistance to easy deciphering. The user chooses the key used to
encrypt a message. This makes it even harder to break into the cipher since the key can be any
word.
Although the cipher is hard to break, it has some vulnerabilities:
1) Repeating the key
2) One can guess the length of the key by finding repeated words in a plain text.
3) If one finds the key, cracking the cipher becomes easy.
1 Aumasson, Serious cryptography : a practical introduction to modern encryption (No Starch
press 2018)
2 Krawczyk, Hugo, Public-key cryptography (Springer 2014)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

For example, if we have a plaintext like “This computer is like that computer”, and the keyword
is “key”, then that means that the text has the word “computer” twice. The cipher text will also
contain the same encrypted words, only that this time, the words are 15 letters apart.
Recommendation
The cipher is recommendable because:
1) It is hard to break. This is because it uses all 26 letters of the alphabet.
2) People who are not technical savvy would not understand the encryption or break it.
3) One has to find the key in order to break the cipher. Without the key, the cipher is
unbreakable, as suggested by Eisenbarth3.
3 Eisenbarth, Thomas and Erdinç Ö ztürk, Lightweight cryptography for security and privacy
(Springer 2015)

Question 2: Data security
Introduction
Data security is an important aspect in any organization. Securing data in an organization
involves preventing unauthorized people from accessing the organization’s computers, databases
or any other source of data. One must take certain steps to protect digital data. Complete data
erasure is the most important step. If the organization does not delete its data completely, hackers
may access the data by using certain data recovery methods. By simply deleting the data using
the delete functionality of the operating system, the computer does not delete the data
completely. This report details on how one should delete data. It also explains how malicious
people can recover data if not deleted effectively.
Normal delete function
When a user deletes a file on a computer, the computer does not delete the file completely and
securely. The file continues to exists, even after the user has removed it from the recycle bin. The
file is still stored in the hard drive. This means that anyone can recover the file that the user has
deleted.
Mauri4 suggests that, most operating systems know where a file is stored on the hard drive by the
use of pointers. Pointers are functions that tell the operating system where each file is stored in
the hard drive, that is, where the data begins and ends. Deleting functionality in most operating
systems, according to Kale5, involve removing the pointer from the data, marking the sectors that
4 Mauri, Jaime and others, Security in computing and communications (Springer 2014)
5 K Kale, S. C. Mehrotra, and R. R. Manza, Advances in computer vision and information
technology (I.K. International Pub. House 2008)

the pointer has previously pointed to as available. The file managers of the operating systems
show the space as free and assumes that the data is not present. This means that the computer can
overwrite existing data.
Before new data overwrites the old data, one can use a recovery program to recover the data.
Recovering from the recycle bin:
The first step in restoring data is checking the deleted data in the recycle bin. One can do this in
many operating systems. In this report however, demonstration is in windows operating system.
If the files are there, then right click on the file and choose restore. The computer will restore the
data to the initial location. If the recycle bin icon does not exist on the desktop, click the start
menu and search for ‘show or hide’ and a shortcut will appear in which you can tick the recycle
bin.
However, the recycle bin is not reliable. It has a limit in size of storage. When it reaches the
limit, the computer automatically deletes the older data. If the data does not exist in the recycle
bin, then it’s time to use data recovery software to restore the data.
Using data recovery software

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

According to Foley6, Data recovery is the process of retrieving data that had been previously
deleted, damaged or formatted. Data recovery is not always possible as the data new data may
have overwritten previous data. If not, then one can delete the data. Since data technically still
exists on a hard drive, one can restore it. The data however, is stored as several disconnected
fragments. Data recovery on solid state drives however is not possible. This is because the SSD
deleted the data completely making it unrecoverable.
Effective data erasure
This is the action of removing data from a storage device. Data clearing, wiping or cleaning
means the same thing as deletion or erasure. The process is software based. This means that it
relies on computer software. Data in an organization should be disposed-off safely so as to avoid
future conflicts and to comply with the law.
Safe data deletion is possible by using a dedicated software or by overwriting the data manually.
However, one should make sure that the data intended for deletion does not contain personal or
sensitive information. Always consider if you will need that data again if deleted completely
with safe procedures. The data deleted should be such that no one can use it against you.
Data erasure using a software is an effective process. It aims at overwriting the data on the
device that holds the data. It completely destroys all the data available by overwriting using zeros
and ones. This makes the data unrecoverable and sanitizes it.
6 Foley, Simon N., Dieter Gollmann, and Einar Snekkenes. Computer security -- ESORICS 2017
(Springer 2017)

Unlike physical destruction of the storage device (known as degaussing) the software removes
the data completely while leaving the disk in a good condition. To comply with the law, most
software overwrites twice. According to Qing7, this makes the data fully unrecoverable.
However, one should only use the software that offer complete data erasure.
The deletion software should have the following characteristics:
1) Comply with data deletion standards
2) Verify the success of the data erasure process after finishing.
Encryption is a dated method that aids in data erasure. When one uses encrypted drives and
storage devices, the chances of recovering data after deletion are minimal. This is because
encryption empowers data erasure in crypto-shredding. This is where the software deleted the
encryption keys in place of the data itself. Nowadays, computer hardware can delete data faster
than a hard drive can write data. These are drives that can encrypt themselves. Changing the
cryptographic keys becomes a very efficient method of complete data erasure as the keys cannot
be guesses easily.
Importance of good data erasure methods
Breach of data – Technology changes rapidly. There is need for newer models of computers and
electronics daily. This has led to refurbished asset sale. This is the sale of previously owned
computers or mobile phones. Since they are not new, it means that they contain the user’s data
that may be sensitive. This means that complete data erasure of the owner’s data is important, so
that the new owner will not access the previous sensitive data. An organization may be willing to
sell their computers for upgrade purposes. This means that they must erase the data completely
before sale. If they do not take into consideration the complete erasure process, their data may
7 Qing and Sihan. Information and communications security (Springer 2005)