NETWORK SECURITY (10EC832)
8th
SEM
E&C
JAYANTHDWIJESH H P M.tech (DECS)
Assistant Professor Dept Dept of E&CE –
B.G.S INSTITUTE OF TECHNOLOGY (B.G.S.I.T) B.G Nagara, Nagamangala Tq, Mandya District- 571448
NETWORK SECURITY
10EC832
NETWORK SECURITY
PART-A UNIT-2
UNIT - 2 SYMMETRIC
CIPHERS:
Symmetric
Cipher
Model,
Substitution
Techniques,
Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 1
NETWORK SECURITY
10EC832
UNIT - 2 SYMMETRIC
CIPHERS:
Symmetric
Cipher
Model,
Substitution
Techniques,
Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher. 1. SYMMETRIC CIPHERS
An original message is known as the plaintext.
The coded message is called the cipher text.
The process of converting from plaintext to cipher text is known as enciphering or encryption .
Restoring the plaintext from the cipher text is deciphering or decryption .
The many schemes used for encryption constitute the area of study known as cryptography . Such a scheme is known as a cryptographic system or a cipher.
Techniques used for deciphering a message without any knowledge of the enciphering details fall into the area of cryptanalysis.
The areas of cryptography and cryptanalysis together are called cryptology .
2. SYMMETRIC CIPHER MODEL
Figure 1: Simplified Model of Symmetric Encryption
A symmetric encryption scheme has five ingredients (Figure .1):
Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 2
NETWORK SECURITY
10EC832
Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.
Cipher text: This is the scrambled message produced as output. It depends on the
plaintext and the secret key. ke y. For a given message, messa ge, two different differen t keys will produce p roduce two different cipher texts. The cipher text is an apparently random stream of data and, as it stands, is unintelligible.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes the cipher text and the secret key and produces the original plaintext.
Encryption Requirements:
There are two requirements for secure use of
conventional encryption 1. The encryption algorithm must be strong.
At a minimum, an opponent who knows the algorithm and has access to one or more cipher texts would be unable to decipher the cipher text or figure out the key.
In a stronger form, the opponent should be unable to decrypt cipher text or discover the key even if he or she has a number of cipher texts together with the plaintext for each cipher text.
2. Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable. We assume that it is impractical to decrypt a message on the basis of the Cipher text plus knowledge of the encryption/decryption algorithm. In other words, we do not need to keep the algorithm secret; we need to keep only the key secret.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 3
NETWORK SECURITY
10EC832
3. MODEL OF SYMMETRIC CRYPTOSYSTEM
The essential elements of a symmetric encryption scheme is described in the following figure:
Figure 2: model of symmetric cryptosystem
A source produces a message in plaintext,
X= [
1, 2, 3, .............
, ].
A key of the form is K= [
1,
2,
3,.............
,]
generated.
If the key is generated at the message source, then it must also be provided to the destination by means of some secure channel.
Alternatively, a third party could generate the key and securely deliver it to both source and destination. destin ation.
The cipher text is produced by the encryption algorithm with the message X and and the encryption key K as input.
The encryption process is: Y=E (K, X) This notation indicates that Y is produced by using encryption algorithm E as a function of the plaintext X , with the specific function determined by the value of the key K .
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 4
NETWORK SECURITY
10EC832
The intended receiver with the key is able to invert the transformation: X=D (K, Y) An opponent, observing Y but but not having access to K or or X , may attempt to recover X or or K or or both. It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms. The opponent may do one of the following:
Recover X by by generating a plaintext estimate 0, if the opponent is interested in only
this particular message.
Recover K by by generating an estimate 0, if the opponent is interested in being able to
read future messages.
4. CRYPTOGRAPHY. [DEC-2013 / JAN-2014 (4M)]
Cryptographic systems are characterized along three independent dimensions: 1. The Type of operations used for transforming plaintext to cipher text . All
encryption algorithms are based on two general principles:
Substitution: each element in the plaintext (bit, letter, group of bits or letters)
is mapped into another element,
Transposition: elements in the plaintext are rearranged.
The fundamental requirement is that no information be lost (all operations are reversible). Product
systems involve
multiple
stages
of
substitutions
and
transpositions. 2. The Number of keys used .
If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption.
If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 5
NETWORK SECURITY
10EC832
3. The way in which the plaintext is processed.
A block cipher processes the input one block of elements at a time, producing an output block for each input block.
A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along. Or
CRYPTOGRAPHY [DEC-2013 / JAN-2014 (4M)]
The word cryptography was derives from combining 2 Greek words. “Krypto” it means “hidden” and “graphene” meaning “writing”. Cryptography is the art of secret
information writing or secret data writing.
The main goal of cryptography is a data secure from unauthorized persons or attackers or hackers.
Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.
Figure 3: Cryptographic Flow
Encryption is a technique for transforming plain-text into an unreadable cipher-text or unintelligible format.
Decryption is a technique for transforming cipher text (unreadable data) into plain text or original data (secret or confidential data).
The key is also a group of bits which as a major role in the process of encryption and decryption.
Types of Cryptography Cryptography
1. Symmetric Key Cryptography (Secret Key Cryptography) 2. Asymmetric Key Cryptography (Public Key Cryptography) 3. HASH FUNCTION
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 6
NETWORK SECURITY
10EC832
1. Symmetric Key Cryptography: Symmetric key cryptography is called secret key cryptography or shared key or private key cryptography and it uses a same key or single-key for both of encryption & decryption method. The Symmetric key system is the DEC (data encryption standard).Symmetric key cryptography systems are simpler and faster. 2. Asymmetric Key Cryptography (Public Key Cryptography): where a different keys used for encryption and decryption. The different keys are a private key & a public key. 3. Hash functions: uses a mathematical transformation to irreversibility “encrypt” information. It is a one-way encryption. Uses no key for encryption and decryption. Advantages
Enter (key) length will be generally short.
Symmetric key cipher can be joined together to prepare stronger ciphers.
It hides those secret or confidential messages and your protection or privacy may be sheltered or protected or safe.
application
On line banking.
On line transaction.
Media data base system.
Medical application. Etc
5 CRYPTANALYSIS AND BRUTE-FORCE ATTACK
The objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single cipher text. There are two general approaches to attacking a conventional encryption scheme:
atta cks): This attack atta ck relies on the t he nature of o f the Cryptanalysis (cryptanalytic attacks): algorithm plus some knowledge of the general characteristics of the plaintext or some sample plaintext – cipher text pairs. It exploits the characteristics of the – cipher algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 7
NETWORK SECURITY
10EC832
Brute-force attack : The attacker tries every possible key on a piece of cipher text
until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried tri ed to achieve success. If either type of attack succeeds in deducing the key, then future and past messages encrypted with that key are compromised. The following table summarizes the various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst. Type of Attack
Known to Cryptanalyst
Cipher text Only
Known Plaintext
Chosen Plaintext
Chosen Cipher text
Chosen Text
Encryption algorithm Cipher text Encryption algorithm Cipher text One or more plaintext – cipher text pairs formed with the secret key – cipher Encryption algorithm Cipher text Plaintext message chosen by cryptanalyst, together corresponding cipher text generated with the secret key
with
its
Encryption algorithm Cipher text Cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Combination of "Chosen Plaintext" and "Chosen Cipher text"
Table1: Types of Attacks on Encrypted Messages
6 SUBSTITUTION TECHNIQUES The two basic building blocks of all encryption techniques are substitution and transposition. A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 8
NETWORK SECURITY
10EC832
6.1 CAESAR CIPHER [JUNE-2012 -6M], [JUNE/JULY
−
2017 (6M)]
The encryption rule is simple; replace each letter of the alphabet with the letter standing 3 places further down the alphabet.
The alphabet is wrapped around so that Z follows A.
Example: Plaintext: meet
me after
the
party
Cipher text: PHHW PH DIWHU WKH SDUWB
Note that the alphabet is wrapped around, so that the letter let ter following Z is A. We can define the transformation by listing all possibilities, as follows: Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c
Let us assign a numerical equivalent to each letter:
a
b
c
d
e
f
g
H
i
j
k
l
m
0
1
2
3
4
5
6
7
8
9
10
11
12
n
o
13
14
p 15
q
r
s
t
u
v
w
x
y
z
16
17
18
19
20
21
22
23
24
25
Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the cipher text letter. C = E (3, p) = ( p p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is C = E (k , p) = (p + k) mod 26
Where k takes on a value in the range 1 to 25. The decryption algorithm is simply p = D (k, C) = (C - k) mod 26
If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is easily performed: simply try all the 25 possible keys.
Three important characteristics of this problem enabled us to use a brute force cryptanalysis: 1. The encryption and decryption algorithms are known. 2. There are only 25 keys to try. 3. The language of the plaintext is known and easily recognizable.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 9
NETWORK SECURITY
10EC832
6.2 MONOALPHABETIC CIPHER (SUBSTITUTION TECHNIQUES)
Instead of shifting alphabets by the fixed amount as in Caesar cipher, any random permutation is assigned to the alphabets. This type of encryption called Monoalphabetic substitution cipher.
For example, a replaced by Q, B by D, C by T etc. then it will be comparatively stronger than Caesar.
6.3 PLAYFAIR CIPHER [JUNE/JULY-2013(10M)], [JUNE/JULY-2013(10M)], [DEC-2015/JAN [ DEC-2015/JAN-2016 -2016 (10M)]
In this technique, multiple (2) letters encrypted at a time.
This technique uses a 5 X 5 matrix which also called the key matrix.
M
O
N
A
R
C
H
Y
B
D
E
F
G
I/J
K
L
P
Q
S
T
U
V
W
X
Z
The plaintext encrypted two letters at a time, according to the following rules:
Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that balloon would be treated as ba lx lo on.
Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last.
For example, ar is encrypted as RM.
Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of o f the column circularly following foll owing the last.
For example, mu is encrypted as CM.
Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs become BP and ea becomes IM (or JM, as the enciphered wishes).
Security much improved over Monoalphabetic as here two letters are encrypted at a time and hence there are 26 X 26 =676 diagrams and hence it needs a 676 entry frequency table.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 10
NETWORK SECURITY
10EC832
However, it can break even if a few hundred letters known as much of plaintext structure retained in the cipher text.
6.4 HILL CIPHER [DEC-2012(10M)] , [DEC-2013 / JAN-2014 (10M)]
This cipher is based on linear algebra.
Each letter is represented by numbers from 0 to 25 and calculations are done modulo 26.
This encryption algorithm takes m successive plaintext letters and substitutes them with m cipher text
The substitution determined by m linear equations. For m = 3, the system can describe as: 11 p1 + k 21 21 p2 + k 31 31 p3) mod 26 c1 = (k 11 12 p1 + k 22 22 p2 + k 32 32 p3) mod 26 c2 = (k 12 13 p1 + k 23 23 p2 + k 33 33 p3) mod 26 c3 = (k 13
This can also expressed in terms of row vectors and matrices.
C = PK mod 26
Where C and P are row vectors of length 3 representing the plaintext and cipher text, and K is a 3 X 3 matrix representing the encryption key
Key is an invertible matrix K modulo 26, of size m. For example:
Encryption and decryption can give by the following formulae: Hill Cipher Encryption: C =E (K, P) = PK mod 26 Decryption: P = D (K, C) = CK -1 mod 26 = PKK -1 = P
The strength of the Hill cipher is that it completely hides single-letter frequencies.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 11
NETWORK SECURITY
10EC832
Although the Hill ciphers strong against a cipher text-only attack, it easily broke with a known plaintext attack.
Collect m pair of plaintext-cipher text, where m is the size of the key.
Write the m plaintexts as the rows of a square matrix P of size m.
Write the m cipher texts as the rows of a square matrix C of size m.
We have that C=PK mod 26.
If P is invertible, then K=13-1C mod 26,
If P is not invertible, then collect more plaintext-cipher text pairs until an invertible P obtained.
6.5 POLYALPHABETIC CIPHERS
Another way to improve on the simple Monoalphabetic technique is to use different Monoalphabetic substitutions as one proceeds through the plaintext message. The general name for this approach is polyalphabetic substitution cipher. All these techniques have the following features in common: 1. A set of related Monoalphabetic substitution rules is used. 2. A key determines which particular rule is chosen for a given transformation. 6.5.1 Vigenere cipher:
This is a type of polyalphabetic substitution cipher (includes multiple substitutions depending on the key). In this type of cipher, the key determines which particular substitution to use.
To encrypt a message, a key needed that is as long as the message. Usually, the key a repeating
We can express the Vigenere cipher in the following manner. Assume a sequence of 0,
K =
1,
1,
2
… − … … − … … − − 0,
0 , 1 ,
1,
C = 2
(
−
plaintext letters P =
1 is
2
0,
...... +
2
1,
1 )]
0 ,)
2
=(
1 and
a key consisting of the sequence of letters
where typically m 6 n. The sequence of cipher text letters C =
calculated as follows:
0 + 0 , )
… − − − − −
= E ( K K , P ) = E [(
1
mod 26, (
......
mod 26, (
+1 +
1)
1 +
1)
mod 26, c, (
2
0 , 1 ,
mod 26 .......... ( 1 +
1)
1 ,),
2
1
+
( P P = 1)
0,
1,
mod 26,
mod 26,........
Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the second letters are added, and so on through the first m letters of the plaintext.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 12
NETWORK SECURITY
10EC832
For the next m letters of the plaintext, the key letters are repeated. This process continues until all of the plaintext sequence is encrypted.
A general equation of the encryption process is
A general equation of the decryption process is
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a repeating keyword. For example, if the keyword is deceptive, the message “we are discovered save yourself” is encr ypted as
Key: d e c e p t i v e d e c e p t i v e d e c e p t i v e Plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f Cipher text: Z I C V T W Q N G R Z G V T W A V Z H C Q Y G L M G J Expressed numerically, we have the following result.
The strength of this cipher is that there are multiple cipher text letters for each plaintext letter, one for each unique letter of the keyword.
Thus, the letter frequency information obscured, however, not all knowledge of the plaintext structure structur e lost.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 13
NETWORK SECURITY
10EC832
6.5.2 Vernam Cipher
The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&T engineer named Gilbert Vernam in 1918.
Figure 4: Vernam Cipher
His system works on binary data (bits) rather than letters. The system can be expressed succinctly as follows (Above figure 3)
The cipher text is generated by performing the bitwise XOR of the plaintext and the key. Because of the properties of the XOR, decryption simply involves the same bitwise operation.
7 TRANSPOSITION TECHNIQUES
A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher.
The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. For example, to encipher the message “meet me after the toga party” with a rail fence of depth 2, we write the following: mematrhtgpry
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 14
NETWORK SECURITY
10EC832 e t e fe t eo a at
The encrypted message is MEMATRHTGPRYETEFETEOAAT
This sort of thing would be trivial to crypt analyze.
A more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key to the algorithm. For example,
Thus, in this example, the key is 4312567. To encrypt, start with the column that is labelled 1, in this case column 3. Write down all the letters in that column. Proceed to column 4, which is labelled 2, then column 2, then column 1, then columns 5, 6, and 7.
A pure transposition cipher is easily recognized because it has the same letter frequencies as the original plaintext. For the type of columnar transposition just shown, cryptanalysis is fairly straightforward and involves laying out the cipher text in a matrix and playing around with column positions. Diagram and trigram frequency tables can be useful.
The transposition cipher can be made significantly more secure by performing more than one stage of transposition. The result is a more complex permutation that is not easily reconstructed. Thus, if the foregoing message is re-encrypted using the same algorithm,
To visualize the result of this double transposition, designate the letters in the original plaintext message by the numbers designating their position. Thus, with 28 letters in the message, the original sequence of letters is
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 15
NETWORK SECURITY
10EC832
After the first transposition, we have
Which has a somewhat regular structure. But after the second transposition, we have
8 DATA ENCRYPTION STANDARD
DES encrypts 64-bit blocks using a 56-bit key and produces a 64-bit cipher text.
Same steps, with the same key, used to reverse the encryption with the order of the keys reversed. The DES widely used.
8.1 DES Encryption [JUNE-2012 -10M]
The DES encryption is shown in the figure below
Encryption function has two inputs: the plaintext to be encrypted and the key.
The processing of the plaintext proceeds in three phases.
The permuted output then passed through sixteen rounds of the same function, which involves both permutation and substitution functions. The left and right halves from the last round swapped to produce pre output.
The pre-output passed through a permutation that is the inverse of the initial permutation function, to produce the 64-bit cipher text.
Moreover, The 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input.
The right-hand portion of the figure shows the way in which the 56-bit key used.
Initially, the key passed through a permutation function.
Then, a sub key (k i) produced for each of the sixteen rounds by the combination of a left circular shift and a permutation.
The permutation functions the same for each round, but a different sub key produced because of the repeated shifts s hifts of the key bits.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 16
NETWORK SECURITY
10EC832
Figure 5: General Depiction of DES Encryption Algorithm 8.2 DES Decryption
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of the sub keys is reversed. Additionally, the initial and final permutations are reversed.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 17
NETWORK SECURITY
10EC832
9 BLOCK CIPHER DESIGN PRINCIPLES [DEC-2011(8M)], [JUNE/JULY-2013(8M)]
The followed criteria need to be taken into account when designing a block cipher: Number of Rounds: The greater the number of rounds. The more difficult it is to perform
cryptanalysis, even for a weak function. The number of rounds chosen so that efforts required to crypt analyze it becomes greater than a simple brute-force attack. Design of Function F: F should be nonlinear and should satisfy strict avalanche criterion
(SAC) and bit independence criterion (BIC). S-Box Design: S-Box obviously should non-linear and should satisfy SAC, BIC, and
Guaranteed Avalanche criteria. One more obvious characteristic of the S-box is its size. Larger S-Boxes provide good diffusion but also result in greater look-up tables. Hence, general size is 8 to 10. Key schedule Algorithm: With any Feistel block cipher, the key used to generate one sub
key for each round. In general, sub keys should be selected such that it should be deduced sub keys from one another or main key from the sub key.
10 BLOCK CIPHER MODES OF OERATIONS
A block cipher algorithm is a basic building block for providing data security. to apply a block cipher in variety of applications.” Modes of operation have been define d by
NIST. A mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application. Such as applying a block cipher to a sequence of data blocks or a data stream. Block cipher modes of operation are 1. Electronic Codebook mode (ECB)
1. This is the simplest mode in which plaintext is handled one block at a time and each block of plaintext is encrypted e ncrypted using the same key. ke y. 2. The term codebook is used because, for a given key, there is a unique cipher text for every -bit block of plaintext.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 18
NETWORK SECURITY
10EC832
3. Therefore, we can imagine a huge codebook in which there is an entry for every possible b-bit plaintext showing sho wing its corresponding cipher ciph er text. 4. For a message longer than b bits, the procedure is simply to break the message into b-bit blocks, padding the last block b lock if necessary.
Figure 6: Electronic Codebook mode (ECB)
Decryption is performed one block at a time, always using the same key.
For lengthy messages, ECB mode may be not secure. If the message has repetitive elements, then these elements can be identified by the analyst.
Thus, the ECB method is ideal for a short amount of data, such as an encryption key.
Lists the following criteria and properties for evaluating and constructing block cipher modes of operation that are superior to ECB: Overhead: The additional operations for the encryption and decryption operation when
compared to encrypting and decrypting in the ECB mode. Error recovery: The property that an error in the ith cipher text block is inherited by
only a few plaintext blocks after which the mode resynchronizes.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 19
NETWORK SECURITY
10EC832
Error propagation: The property that an error in the ith cipher text block is inherited by
the ith and all subsequent plaintext blocks. What is meant here is a bit error that occurs in the transmission of a cipher text block, not a computational error in the encryption of a plaintext block. Diffusion: How the plaintext statistics are reflected in the cipher text. Low entropy
plaintext blocks should not be reflected in the cipher text blocks. Roughly, low entropy equates to predictability or lack of randomness Security: Whether or not the cipher text blocks leak information about the plaintext
blocks. 2. Cipher Block Chaining Mode (CBC)
Figure 7: Cipher Block Chaining (CBC) Mode
To overcome the security deficiencies of ECB, a technique is needed in which the same plaintext block, if repeated, repeate d, produces different cipher text blocks. blocks .
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 20
NETWORK SECURITY
10EC832
A simple way to satisfy this requirement is the cipher block chaining (CBC) which is shown in the figure.
In this mode, the input to the encryption algorithm is the X-OR of the current plaintext block and the preceding precedin g cipher text block; the t he same key is used for each block. blo ck.
The input to the encryption function for each plaintext block has no fixed relationship to the plaintext block.
Therefore, repeating patterns will not produce the same cipher text.
The last block is padded to a full b bits if it is a partial block.
For decryption, each cipher block is passed through the decryption algorithm. The result is X-OR ed with the preceding cipher text block to produce the plaintext block.
The expressions for CBC are: Modes: Operations
Encryption:
Cj = E ( K K , [Cj-1 Pj])
Decryption:
D ( K ( K K , Cj) = D ( K , E ( K , [Cj-1 Pj])) D ( K K , Cj) = Cj-1 Pj Cj-1 D ( K K , Cj) = Cj-1 Cj-1 Pj = Pj 3. Cipher Feedback Mode (CFB)
DES is a block cipher, but it may be used as a stream cipher if the Cipher Feedback Mode (CFM) or the Output Feedback Mode (OFB) is used. CFB scheme is depicted below.
A stream cipher eliminates the need to pad a message to be an integral number of blocks.
It also can operate in real time.
usuall y selected by the user, most of the time it 8 bits. bi ts. ‘s’ bits the size usually
In this case, rather than the block of 64 bits, the plaintext is divided into segments of s bits.
Encryption: The input to the encryption function a 64-bit shift register that is initially
set to some initialization vector (IV).
The leftmost (most significant) s bits of the output of the encryption function X-ORed with the first segment of plaintext P1 to produce the first unit of cipher text C1, which is then transmitted.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 21
NETWORK SECURITY
10EC832
In addition, the contents of the shift register are shifted left by s bits and an d C1 is placed in the rightmost s bits of the shift register. regist er.
This process continues until all plaintext units have been encrypted.
Figure 8: s-bit Cipher Feedback (CFB) Mode
Decryption: The same scheme used except that the received cipher text unit is X-
ORed with the output of the encryption function to produce the plaintext unit. The main disadvantage of this scheme is that bit error in one cipher text propagates to next stage also.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 22
NETWORK SECURITY
10EC832
4. Output Feedback Mode (OFM)
The output feedback mode is similar in structure to that of CFB.
The difference between CFB and OFB is that in OFB the output of the encryption function is fed back to the shift register in OFB, whereas in CFB the cipher text is fed to the shift register.
The other difference is that the OFB mode operates on full blocks of plaintext and cipher text, not on „s‟ bit subset.
One advantage of the OFB method is that bit errors in transmission do not propagate. The main disadvantage of OFB is that it is more vulnerable to a message stream modification attack than CFB
Figure 9: Output Feedback (OFB) Mode
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 23
NETWORK SECURITY
10EC832
5. Counter Mode (CTR) [DEC-2010(10M)]
In this mode, a counter equal to the plaintext block size used.
The only requirement that the counter value must different for each plaintext block that encrypted.
Typically, the counter initialized to some value and then incremented by 1 for each subsequent block (modulo 2 b, where b the block size)
Counter Mode works as follows:
Encryption: The counter encrypted and then XORed with the plaintext block to produce the cipher text block; there is no chaining.
Decryption: The same sequence of counter values used. Each encrypted counter X-ORed with a cipher text block to recover the corresponding plaintext block.
Figure 10: Counter (CTR) Mode
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 24
NETWORK SECURITY
10EC832
CTR has following advantages: Modes: Operations
Hardware efficiency: In this mode, encryption (or decryption) can do in parallel on
multiple blocks of plaintext or cipher text. For the chaining modes, the algorithm must complete the computation on one block before beginning on the next block.
Software efficiency: Similarly, because of the opportunities for parallel execution in
CTR mode, processors that support parallel features, such as aggressive pipelining, multiple instruction dispatches per clock cycle, the large number of registers can effectively utilize.
Preprocessing : The execution of the encryption algorithm does not depend on the
input of the plaintext or cipher text. Therefore preprocessing can used to prepare the output of the encryption boxes which can feed into the X-OR functions when the plaintext or cipher tex t input presented.
th
Random access: The i block of plaintext or cipher text can process in the random-
access fashion. With the chaining modes, a block cannot compute until – i 1 prior block computed.
Provable security: It can show that CTR is as secure as the other modes.
Simplicity: CTR mode requires only the implementation of the encryption algorithm
and not the decryption algorithm and has a very simple implementation. This mode used in ATM (asynchronous transfer mode) and IP Sec (IP security) nowadays.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 25
NETWORK SECURITY
10EC832
11 THE AES CIPHER
AES is a non – Feistel Feistel cipher, which means that each transformation or group of transformation must be invertible. In addition, the cipher and the inverse cipher must use these operations in such a way that cancel each other. The round keys must also be used in the reverse order. Two different designs are given to be used for different implementation. 11.1 Original design or Detailed Structure
In the original design, the order of transformations in each round is not the same in the cipher and reverse cipher. Shown in below figure 5.
1st, the order of sub bytes and shift rows is changed in the reverse cipher.
2nd, the order of mix columns and Add round key is changed in the reverse cipher. This difference in ordering is needed to make each transformation in the cipher aligned with its inverse in the reverse cipher.
Consequently, the decryption algorithm as a whole is the inverse of the encryption algorithm.
We have shown only three rounds, but the rest is the same.
Note that the round keys are used us ed in the reverse order. ord er.
Note that the encryption and an d decryption algorithms algorith ms in the original are not similar. si milar.
OR
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 26
NETWORK SECURITY
10EC832
Figure 11: cipher and inverse cipher of the original design or AES Encryption and Decryption 11.2 Alternative design 1. Sub Bytes / shift rows pairs
Sub bytes change the contents of each bytes without changing the order of the bytes in the state; shift rows change the order of the bytes in the state without changing the content of the bytes. This implies that we can change the order of these two transformations in the inverse cipher without affecting the invertibility of the whole algorithm. Below fig 6 shows the idea.
Note that the combination of two transformations in the cipher and an d inverse inv erse cipher ciphe r are the inverse of each other.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 27
NETWORK SECURITY
10EC832
Figure 12: invertibility of sub bytes and shift rows combinations 2. Mix columns/Add round key pair
Here the two involved transformations are of different nature.
However, the pairs can become inverse of each if we multiply the key matrix by the inverse of the constant matrix – used in mix columns transformation. We call the new transformation InvAddRoundKey. Below fig 7 shows the new configuration.
Figure 13: invertibility of mix columns and Addroundkey Addroundkey combinations
It can be proved that the two combinations are now inverses of each other.
In the cipher we call the input state to the combination S and the output state T.
In the inverse cipher the input state to the combination is T.
The following show that the output state is also S.
Not the matrix columns transformation transfo rmation is actually actuall y multiplication of the C matrix.
Now we can show the cipher and inverse inver se cipher for the alternate design.
Note that we still need to use two add round key transformations in the decryption.
In other words, we have nine InvAddRoundKey and two Addroundkey transformation as shown in below fig8
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 28
NETWORK SECURITY
10EC832
Figure 14: cipher and reverse cipher in alternate design or AES Encryption and Decryption in alternate design
12. EVALUTION CRITERIA FOR ADVANCED ENCRYPTION STANDARD [MAY/JUNE -2010 (06M)], [DEC-2014 / JAN-2015 J AN-2015 (8M)]
Figure 9 shows the overall structure of the AES encryption process. The cipher takes a plaintext block size of 128 12 8 bits, bit s, or 16 bytes. b ytes. The key length le ngth can be b e 16, 24, or 32 bytes b ytes (128, (12 8, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length.
The input to the encryption and decryption algorithms is a single 128-bit block.
In FIPS PUB 197, this block is depicted as a 4 * 4 square matrix of bytes. This block is copied into the State array, which is modified at each stage of encryption or decryption.
After the final stage, State is copied to an output matrix. These operations are depicted in 10 (a). Similarly, the key is depicted as a square matrix of bytes. This key is then expanded into an array of key schedule words.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 29
NETWORK SECURITY
10EC832
Figure 10 (b). Shows the expansion for the 128-bit key. Each word is four bytes, and the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes
Within a matrix is by column.
So, for example, the first four bytes of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix, the second four bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of the w matrix.
Figure 15: AES Encryption Process
The cipher consists of N rounds, where the number of rounds depends on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key and 14 rounds for a 32-byte key (Table 5.1). The first N - 1 round consist of four distinct transformation
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 30
NETWORK SECURITY
10EC832
functions: Sub Bytes, Shift Rows, Mix Columns, and Addroundkey, which are described subsequently.
The final round contains only three transformations, and there is a initial single transformation (Addroundkey) before the first round, which can be considered Round 0. Each transformation takes one or more 4 X 4 matrices as input and produces a 4 X 4 matrix as output.
Figure 9 shows that the output of each round is a 4 X 4 matrix, with the output of the final round being the cipher text. Also, the key expansion function generates N + 1 round key, each of which is a distinct 4 X 4 matrix. Each round key serves as one of the inputs to the Addroundkey transformation in each round.
(a) Input, state array, and output
(b) Key and expanded key
Figure 2: AES Data Structures
Table1 3: AES Parameters Parameters
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 31
NETWORK SECURITY
10EC832
13 DETAILS OF SINGLE ROUND DES [MAY/JUNE -2010 (08M)], [DEC-2010(10M)], [DEC-2014 / JAN-2015 (8M)], [JUNE/JULY
−
2017 (6M)],[DEC-2013 / JAN-2014 (10M)]
Figure 11 shows the internal structure of a single round.
Figure 16: single round of DES algorithm
The left and right halves are treted as separate 32-bit quantities, labelled L (left) and R (right).
The overall processing at each round can be summarized as:
⊕ =
=
-1
-1
{F ( -1, )}
Expansion (E)
The 32-bit input first expanded to 48 bits. o Bits of input split into groups of 4 bits.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 32
NETWORK SECURITY
10EC832
Each group wrote as groups of 6 bits by taking the outer bits from the two adjacent groups.
For example:
… efgh ijkl mnop … is expanded to … defghi defghi hijklm lmnopq …
Table1 4: Expansion permutation (E) Substitution (S-Box)
This 48-bit result input to S-Boxes that perform a substitution on input and produces a 32-bit output. It is easy to understand S-Box by the following figure:
Figure 17: calculation of F( R,K) Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 33
NETWORK SECURITY
10EC832
DES consists of a set of eight S-Boxes.
Each S-Box takes 6 bits as input and produces 4 bits as output.
The first and last bits of the input to box form a 2-bit binary number which gives the binary value of row number.
The middle four bits select one of the sixteen columns.
The decimal value in the cell selected by the row and column then converted to its 4-bit binary number to produce the th e output.
For example, in S1, for input 101110, the row is 10 (row 2) and the column is 0111 (column 7).The value in row 2, column 7 is 11, so the output is 1011.
Permutation Permutation (P)
The result permuted using a permutation table.
Table1 5: Permutation function (p) Key Generation
A 64-bit key used as input to the algorithm while only 56 bits actually used. Every eighth bit ignored. Sub-keys at each round roun d generated as given below: b elow:
The key first permuted using a table named Permuted Choice One table (6).
The resulting 56-bit key divided into two 28-bit quantities, C0 and D0. At each round, C i1 and
Di-1 separately subjected to a circular left shift of 1 or 2 bits, as governed by a table.
Moreover, these shifted values forwarded to the next round. They are also inputting to a permutation table Permuted Choice Choic e Two table (7).
The table produces a 48-bit output that serves as the round key k i.
Table1 6: Input key Dept. of ECE, BGSIT, BG Nagara, Mandya
Table 7: Permuted choice one (PC-1) Page 34
NETWORK SECURITY
10EC832
Table 8: Permuted choice two (PC- 2)
Table 9: Schedule of left shifts 14 STREAM CIPHERS AND BLOCK CIPHERS A. Stream ciphers
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
Examples: one time pad
In which the key stream (ki) is as long as the plaintext bit stream (pi).
If the cryptographic key stream is random, then this cipher is unbreakable by any means other than acquiring the key stream.
However, the key stream must be provided to both users in advance via some independent and secure channel.
(Figure 13)
Figure 18: Stream cipher using algorithmic bit-stream generator
Accordingly, for practical reasons, the bit-stream generator must be implemented as an algorithmic procedure, so that the cryptographic bit stream can be produced by both users. In this approach (Figure 13), the bit-stream generator is a key-controlled algorithm and must produce a bit stream that is cryptographically strong. That is, it must be computationally impractical to predict future portions of the bit stream based on previous Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 35
NETWORK SECURITY
10EC832
portions of the bit stream. The two users need only share the th e generating key, and an d each can produce the key stream. B. Block ciphers
A block cipher is cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text tex t block of equal length.
Typically, a block size of 64 or 128 bits is used.
As with a stream cipher, the two users share a symmetric encryption key (Figure 14).
Figure 19: Block Cipher
Plaintext:227 bytes Block size: 16bytes =227/16=14 blocks & 3 bytes
Total block 15 in which last block contain 3 bytes and padding bytes
15 DIFFERENCES BETWEEN BLOCK CIPHER AND STREAM CIPHER.
[JUNE/JULY-2013(8M)]
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 36
NETWORK SECURITY
10EC832 0r
16 FEISTEL CIPHER STRUCTURE [JUNE-2012 -10M]
Feistel cipher is based on the idea that instead of using Ideal block cipher which degrades performance, a “substitution- permutation permutation network” can be used. Feistel Cipher Encryption (shown in below fig 15)
The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K.
The plaintext block is divided into two halves
The two halves of the data pass through rounds of processing and then combine to
and
produce the cipher text block. b lock.
Each round has as inputs key
− − 1 and
1 derived
from the previous round, as well as a sub
derived from the overall K.
Any number of rounds could implement and all rounds have the same structure.
A substitution is performed on the left half of the data. This done by applying around function F.
The Round Function F: F takes the right-half block of the previous round and a sub key as input.
The output of the function XORed with the left half of the data.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 37
NETWORK SECURITY
10EC832
Left and right halves then swapped.
Figure 20: Feistel Encryption and Decryptio Decryption n (16 rounds) Feistel Cipher Decryption
The process of decryption with a Feistel cipher is same as the encryption process.
The cipher text input to the algorithm and the sub keys used in reverse order. That is, sub key of the last round in encryption used in the first round in decryption, second last in the second round, and so.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 38
NETWORK SECURITY
10EC832
The exact realization of a Feistel network depends on the choice of the following parameters:
Block size: Larger block sizes mean greater security but reduced encryption/decryption
speed for a given Traditionally, a block size of 64 bits used which gives enough security without greatly affecting the speed.
Key size: Larger key size means greater security but may decrease encryption/ decryption
speed. The greater security achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less now widely considered to inadequate, and 128 bits has become a common size.
cip her that a single sin gle round offers of fers The number of rounds: The essence of the Feistel cipher inadequate security but that multiple rounds offer increased security. A typical size 16 rounds.
Sub key generation algorithm : Greater complexity in this algorithm leads to greater
difficulty of cryptanalysis
Round function F: Again, greater complexity generally means greater resistance to
cryptanalysis. There are two other considerations in the design of a Feistel cipher:
Fast software encryption/decryption: In many cases, encryption embedded in
applications implementation (as software). Accordingly, the speed of execution of the algorithm becomes a concern.
Ease of analysis: Although we would like to make our algorithm as difficult as possible
to crypt analyze, there is a great benefit in making the algorithm easy to analyze. That is if The algorithm can concisely and clearly explain, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a high level of assurance as to its strength.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 39
NETWORK SECURITY
10EC832
17 THE STRENGHTH OF DES [DEC-2011(4M)]
A. The Use of 56-Bit Keys
With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 X 1016 keys. Thus, on the face of it, a brute-force attack appears impractical.
Assuming that, on average, half the key space has to be searched, a single machine performing one DES encryption per microsecond would take more than a thousand years to break the cipher.
The assumption of one encryption per microsecond is overly conservative. As far back as 1977, Diffie and Hellman postulated that the technology existed to build a parallel machine ma chine with 1 million mill ion encryption encr yption devices, devic es, each of which whi ch could perform one o ne encryption per microsecond [DIFF77]. This would bring the average search time down to about 10 hours. The authors estimated that the cost would be about $20 million in 1977 dollars.
Table 9 shows how much time is required for a brute-force attack for various key sizes. As can be seen, a single PC can break DES in about a year; if multiple PCs work in parallel, the time is drastically shortened.
Table 10 : Average Time Required for Exhaustive Key Search
Today‟s supercomputers should be able to find a key in about an hour. Key sizes of
128 bits or greater are effectively unbreakable using simply a brute force approach. Even if we managed to speed up the attacking system by a factor of 1 trillion (1012), it would still take over 100,000 years to break a code using a 128-bit key.
B. The Nature of the DES Algorithm
Another concern is the possibility that cryptanalysis is possible by exploiting the characteristics of the DES algorithm.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 40
NETWORK SECURITY
10EC832
The focus of concern has been on the eight substitution tables, or S-boxes, that are used in each iteration. Because the design criteria for these boxes, and indeed for the entire algorithm, were not made public, there is a suspicion that the boxes were constructed in such a way that cryptanalysis is possible for an opponent who knows the weaknesses in the S-boxes. This assertion is tantalizing, and over the years a number of regularities and unexpected behaviors of the S-boxes have been discovered. Despite this, no one has so far succeeded in discovering the supposed fatal weaknesses in the S-boxes.
18 DIFFERENTIAL AND LINEAR CRYPTANALYSIS
For most of its life, the prime concern with DES has been its vulnerability to bruteforce attack because of its relatively short (56 bits) key length. However, there has also been interest in finding cryptanalytic attacks on DES. With the increasing popularity of block ciphers with longer key lengths, including triple DES, brute-force attacks have become increasingly impractical. Thus, there has been increased emphasis on cryptanalytic attacks on DES and other symmetric block ciphers. In this section, we provide a brief overview of the two most powerful and promising approaches: differential cryptanalysis and linear cryptanalysis. Differential Cryptanalysis Cryptanalysis
One of the most significant advances in cryptanalysis in recent years is differential cryptanalysis. In this section, we discuss the technique and its applicability to DES. Differential Cryptanalysis Attack
The differential cryptanalysis attack is complex; [BIHA93] provides a complete description.
The rationale behind differential cryptanalysis is to observe the behavior of pairs of text blocks evolving along each round of the cipher, instead of observing the evolution of a single text block. Here, we provide a brief overview so that you can get the flavor of the attack.
We begin with a change in notation for DES. Consider the original plaintext block m to consist of two halves halve s m0, m1.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 41
NETWORK SECURITY
10EC832
Each round of DES maps the right-hand input into the left-hand output and sets the right-hand output to be a function of the left-hand input and the sub key for this round. So, at each round, only one new 32-bit block is created.
If we label each new block m1(2 I 17), then the intermediate message halves are related as follows:
In differential cryptanalysis, we start with two messages, m and m', with a known XOR difference m = m halves:
m'
′ =
+1 .
and consider the difference b/w the intermediate message then we have
Now, suppose su ppose that many pairs of inputs to f with the th e same difference yield the same output difference if the same sub key is used. To put this more precisely, let us say that X may cause Y with probability p, if for a fraction p of the pairs in which the input XOR is X, the output XOR equals Y.
We want to suppose that there are a number of values of X that have high probability of causing a particular output difference. Therefore, if we know Dmi-1 and Dmi with high probability, then we know Dmi+1 with high probability.
Furthermore, if a number of such differences are determined, it is feasible to determine the sub key used in the function f.
The overall strategy of differential cryptanalysis is based on these considerations for a single round.
The procedure p rocedure is to begin with two plaintext messages m and m' with a given difference and trace through a probable pattern of differences after each round to yield a probable difference for the cipher text.
there are two probable patterns of differences for the two 32-bit halves: (m17||m16). Next, we submit m and m' for fo r encryption encr yption to determine the actual actua l difference differen ce under unde r the unknown key and compare the result to the probable difference. If there is a match, E (K, m) E (m') = ( m17|| m16)
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 42
NETWORK SECURITY
10EC832
Then we suspect that all the probable patterns at all the intermediate rounds are correct. With that assumption, we can make some deductions about the key bits. This procedure must be repeated repeat ed many times to determine all the key ke y bits.
Figure 21: Differential Propagation through Three Round of DES (numbers in hexadecimal)
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 43
NETWORK SECURITY
10EC832
Figure (16) based on a figure in [BIHA93], illustrates the propagation of differences through three rounds of DES. The probabilities shown on the right refer to the probability that a given set of intermediate differences will appear as a function of the input differences. Overall, after three rounds the probability that the output difference is as shown is equal to 0.25 x 1 x 0.25 = 0.0625. Linear Cryptanalysis
A more recent development is linear cryptanalysis, described in [MATS93]. This attack is based on finding linear approximations to describe the transformations performed in DES. This method can find a DES key given 243 known plaintexts, as compared to 247 chosen plaintexts for differential cryptanalysis. Although this is a minor improvement, because it may be easier to acquire known plaintext rather than chosen plaintext, it still leaves linear cryptanalysis infeasible as an attack on DES. So far, little work has been done by other groups to validate the linear cryptanalytic approach. We now give a brief summary of the principle on which linear cryptanalysis is based. For a cipher with n-bit plaintext and cipher text blocks and an m-bit key, let the plaintext block be labelled P[1], ... P[n], the cipher text block C[1], ... C[n], and the key K[1], ... K[m]. Then define
The objective of linear cryptanalysis is to find an effective linear equation of the form:
That holds with probability p 0. If it is 1 most of the time, assume
= 1.
This gives us a linear equation on the key bits. Try to get more such relations so that we can solve for the key bits. Because we are dealing with linear equations, the problem can be approached one round of the cipher at a time, with the results combined.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 44
NETWORK SECURITY
10EC832
19 ONE-TIME PAD [JUNE-2012 -4M]
In this scheme, a random key that is as long as the message used.
The key used to encrypt and decrypt a single message and then discarded. Each new message requires a new key of the same length as the new message.
This scheme is unbreakable.
It produces random output that bears no statistical relationship to the plaintext.
Because the cipher text contains no information whatsoever about the plaintext, there is simply no way to break the code.
For any plaintext of equal length to the cipher text, there is a key that produces that plaintext.
Therefore, if you did an exhaustive search of all possible keys, you would end up with many legible plaintexts, with no way of knowing which the intended plaintext was.
Therefore, the code is unbreakable.
The security of the one-time pad is entirely due to the randomness of the key.
The one-time pad offers complete security but, in practice, has two fundamental difficulties: 1. There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task. 2. Another problem is that of key distribution and protection. For every message to sent, a key of equal length needed by both sender and receiver.
Because of these difficulties, the one-time pad used where very high security required. The one-time pad is the only cryptosystem that exhibits perfect secrecy. 20 STEGANOGRAPHY [JUNE/JULY-2013(4M)]. [DEC-2013 / JAN-2014 (4M)]
The steganography comes from Greek words, steganos in Greek meaning “hidden” or “covered” and graphic in Greek meaning “writing”. Steganography is the invisible
communication.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 45
NETWORK SECURITY
10EC832
The main idea of steganography is to hide secret messages in the other cover digital Medias such as a text, video, and audio, image etc. show that someone or hacker or other person cannot know the presence of the secret information. There are three basic types of steganography
a. Pure or Stegano-graphy. b. secret key Stegano-graphy. Stegano-gra phy. c. Public key Stegano-graphy. a. Pure-steganography: is embedding the secret information or message into the thing (item) without using any private keys. Pure Stegano-graphy is entirely depends upon secrecy. In this steganography uses a cover image in which information is to be embedded.
Figure 22: pure steganogr steganography aphy
Pure Stego cannot give the better security because of it will be not difficult for Extracting the information, if the hacker know the embedding technique. Advantage - It decreases the difficulty in key sharing. Secret key steganography: in this technique uses the individual key for combine the
Information into The thing (item), so this will be similar to symmetric key. For a Decryption it will be uses the same-key, which will be utilized to encryption.
Figure 23: secret key Steganography Steganography
Advantage - Mystery-key Stego gives high security compare to pure-Stego.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 46
NETWORK SECURITY
10EC832
Public-key Stego: this type of Stego uses 2 types of keys like,
1) Encryption 2) Decryption
Figure 24: Public key Steganography
Encryption used for private - key and Decryption used for public- key & it is saved in a public database. Applications
Confidential communication and secret data storing.
Protect of data alteration.
Access control system for digital content distribution.
Usage in modern printers
Alleged use by terrorists.
Alleged use by intelligence services etc.
Advantages
It is used in the way of hiding not the information but the password to reach that information.
Difficult to detect. Only receiver can detect.
Can be applied differently in digital image, sound, audio and video file.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 47
NETWORK SECURITY
10EC832
21 SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES)
The overall structure of the simplified DES. The S-DES encryption algorithm takes an 8-bit block of plaintext (example: 10111101) and a 10-bit key as input and produces an 8-bit block of cipher ci pher text as output. The S-DES decryption decr yption algorithm takes ta kes an 8-bit 8-b it block of o f cipher text and the same 10-bit key used to produce that cipher text as input and produces the original 8-bit block of plaintext.
Figure 25: Simplified DES scheme
The encryption algorithm involves five functions: an initial permutation (IP); a complex function labelled f k k, which involves both permutation and substitution operations and depends on a key input ;a simple permutation function that switches (SW) the two halves
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 48
NETWORK SECURITY
10EC832
of the data; the function f k and finally a permutation function that is the inverse of the k again;
−
initial permutation( I
1
) .
The function f k in put not only onl y the data passing passi ng through the th e encryption k takes as input algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit sub keys are generated. The key is first subjected to a permutation (P10). Then a shift operation is performed. The output of the shift operation then passes through a permutation p ermutation function that produces an 8-bit output outp ut (P8) for the first sub key (K1). The output of the shift s hift operation also feeds into another shift and another instance of P8 to produce the second sub key (K2). The encryption algorithm can be expressed as a composition composition1 of functions: IP-1 ο f K2 K2 ο SW ο f k1 k1 ο IP Which can also be written as Cipher text = IP-1 (f K2 K2 (SW (f k1 k1 (IP (plaintext))))) Where K1 = P8 (Shift (P10 (Key))) K2 = P8 (Shift (shift (P10 (Key)))) Decryption is also shown in above fig25 and is essentially the reverse of encryption: Plaintext = IP-1 (f K1 K1 (SW (f k2 k2 (IP (cipher text))))). 22 S-DES KEY GENERATIONS
S-DES depends on the use of a 10-bit key shared between sender and receiver. From this key, two 8-bit sub keys are produced for use in particular stages of the encryption and decryption algorithm. First, permute the key in the following fashion. Let the 10-bit key be designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10). Then the permutation P10 is defined as: P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6) P10 can be concisely defined by the display:
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 49
NETWORK SECURITY
10EC832
Figure 26: Key generation for simplified DES
This table is read from left to right; each position in the table gives the identity of the input bit that produces the output bit in that position. So the first output bit is bit 3 of the input; the second output bit is bit 5 of the input, and so on. For example, the key (1010000010) is permuted to (10000 01100). Next, perform a circular left shift (LS-1), or rotation, separately on the first five bits and the second five bits. In our example, the result is (00001 11000). Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following rule:
The result is sub key 1 (K1). In our example, this yields (10100100). We then go back to the pair of 5-bit 5-bi t strings produced pro duced by the two LS-1 functions funct ions and performs p erforms a circular left shift of 2 bit positions on each string. In our example, the value (00001 11000) becomes (00100 00011). Finally, P8 is applied again to produce K2. In our example, the result is (01000011).
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 50
NETWORK SECURITY
10EC832
23 S-DES ENCRYPTION
Encryption involves the sequential application of five functions.
Figure 27: simplified DES scheme Encryption Encryption Detail Initial and Final Permutations Permutations
The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP function:
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 51
NETWORK SECURITY
10EC832
This retains all 8 bits of the plaintext but mixes them up. Consider the plaintext to be 11110011. Permuted output = 10111101 At the end of the algorithm, the inverse permutation is used:
The Function f k k
The most complex component of S-DES is the function f k k, which consists of a combination of permutation and substitution functions. The functions can be expressed as follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to f k k, and let F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first operation is an expansion/permutation operation:
e.g., R= 1101 E/P output = 11101011 It is clearer to depict the result in this fashion
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 52
NETWORK SECURITY
10EC832
The 8-bit sub key K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added to this value using exclusive-OR:
The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2- bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output. These two boxes are defined as follows:
The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number that specify a row of the S-box, and the second and third input bits specify a column of the S box. The entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0, which is 3, or (11) in ) binary. Similarly, (p1,0 p1,3) and ( p1,1p1,2) are used to index into a row and column of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1 undergo a further permutation as follows:
The output of P4 is the output of the function F.
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 53
NETWORK SECURITY
10EC832
QUESTION BANK –NETWORK SECURITY UNIT-2 MAY/JUNE 2010
1. In S-DES, 10- bit key is “1010000010”.find “1010000010”.find the sub keys K1 and K2. If
10 =
8 =
3 5 2 7 4 10 1 9 8 6
6 3 7 4 8 5 10 9. [MAY/JUNE -2010 (06M)]
2. With a neat diagram, explain the single round of DEC encryption. [MAY/JUNE -2010 (08M)] 3. Discuss the evaluation criteria of AES. [MAY/JUNE -2010 (06M)]
4. Encrypt the plain text “ SECURITY” using Hill cipher with the key
7 8 . [MAY/JUNE 19 3
2010 (08M)] DEC – DEC – 2010 2010
1. Encrypt the message “we will meet tomorrow” using Playfair cipher with a key “STORY”.
Give the rules for encryption. [DEC-2010(10M)] 2. With a schematic diagram, explain the S-DES encryption and decryption process, highlighting the key generation phase. [DEC-2010(10M)] 3. Explain the counter mode of block cipher. What are its advantages? [DEC-2010(10M)]
− /
1. Encry pt the plain text “MONDAY” using Hill cipher with the key calculation and cipher text. [Hint: a=0, b=1 …… z = 25] [JUNE/JULY
−
9 5
4 . Show your 7
2011(8M)] 2011(8M)]
2. Draw the single round of DES algorithm and explain the process. process. [JUNE/JULY [JUNE/JULY 2011(10M)] 2011(10M)] 3. Describe the block cipher modes of operation in details. [JUNE/JULY details. [JUNE/JULY DEC-2011
−
−
2011(10M)] 2011(10M)]
1. Explain block cipher design principles. [DEC-2011(8M)] 2. In S-DES, the plain text is 11110010 and key is 1011100110. Find cipher text. [DEC2011(8M)] 3. Explain the strength of DES. [DEC-2011(4M)] JUNE-2012
1. Explain the operation of Caesar cipher with an algorithm. Derive the cipher with an algorithm. Derive the cipher text using caser cipher for the following plain text message “WORK IS WORSHIP”. [JUNE -2012 -6M]
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 54
NETWORK SECURITY
10EC832
2. with a block diagram. Explain Feistel encryption and decryption algorithm. [JUNE-2012 10M] 3. Write a note on one-time pad. [JUNE-2012 -4M] 4. With a block diagram, explain DES encryption and key generation technique. [[JUNE2012 -10M] DEC-2012
1. With a neat diagram, explain the single round DES encryption. [DEC-2012(10M)] 2. Encrypt the plaintext “CRYPTOGRAPHY” using Hill cipher technique. Key K=
94 . 57
[DEC-2012(10M)] JUNE/JULY-2013
1. Explain the working of the Playfair cipher with an example. [JUNE/JULY-2013(10M)] 2. Distinguish block cipher and stream cipher with examples. [JUNE/JULY-2013(8M)] 3. Explain block cipher design principles. [JUNE/JULY-2013(8M)] 4. Briefly describe about steganography. [JUNE/JULY-2013(4M)] DEC-2013 / JAN-2014
1. Define the terms cryptography and steganography.[ DEC-2013 / JAN-2014 (4M)] 6 24 1 2. Encrypt the message “ACT” using the Hill Cipher key K= 13 16 10 . And also the 20 17 15
calculations for the corresponding decryption of the cipher text to recover original plain text 8 5 10 − = 21 8 21 . [DEC-2013 / JAN-2014 (10M)] 1
21 12 8
3. With the help of a block diagram, explain the overall structure of the S-DES. Explain the role of sub key generation with suitable analysis. [DEC-2013 / JAN-2014 (10M)]
DEC-2014/JAN-2015
1. Encrypt the plain text “Hard work” using hill cipher with the key
7 8 . [DEC 19 3
2014/JAN-2015 (8M)] 2. With a neat diagram, explain the single round of DEC encryption. [DEC-2014 / JAN-2015 (8M)] 3. In S-DES 10 bit key is 1000100010. Find the sub key K1 and K2 if
10 =
8 =
3 5 2 7 4 10 1 9 8 6
6 3 7 4 8 5 10 9. [DEC-2014/JAN-2015 (8M)]
Dept. of ECE, BGSIT, BG Nagara, Mandya
Page 55
NETWORK SECURITY
10EC832
4. Explain in brief the evaluation criteria of AES. [DEC-2014 / JAN-2015 (8M)] DEC-2015/JAN-2016
1. Encrypt the message “ELECTRONICS” using Playfair cipher with a key “INDIA”, also
give the rules for encryption. [DEC-2015/JAN-2016 (10M)] 2. Encrypt the plain text “HAND” using hill cipher with the key =
5 8 . Also decrypt it and 17 3
verify the encryption and decryption text. [DEC-2015/JAN-2016 (10M)] 3. In S-DES, 10- bit key is “1010000010”.find “1010000010”.find the sub keys K1 and K2. If
10 =
8 =
3 5 2 7 4 10 1 9 8 6
6 3 7 4 8 5 10 9. [DEC-2015/JAN-2016 (10M)]
− /
1. Encrypt the plain text “HELLO” Using the play fair cipher with the key “EXAM”. [JUNE/
JULY
−
2017 (8M)]
2. Explain the operation of caser cipher with an algorithm. Derive the cipher text using caser cipher for the following plain text message with key length K=3, “logic”. [JUNE/JULY
2017 (6M)] 3. Explain the single round of DES – encryption encryption model. [JUNE/JULY
Dept. of ECE, BGSIT, BG Nagara, Mandya
−
−
2017 (6M)]
Page 56