E07410073 MMM.

Riyad ITE2301

ITE2301

Basic of information and network security.

Assignment 02

M.M.M Riyad
E07410073
E07410073 MMM.Riyad ITE2301

You are going to start an Internet company that sell video films over the
Internet to customers who purchase a subscription to your service. To
ensure that only those with a valid subscription can view the video files
distributed by you, it is planned to use encryption when transmitting a
video film from your server to a client program running on the customers
Internet-connected.

(a) Give your company a name.

Riyad ENTERTAINMENT SOLUTIONS PVT LTD.

You plan to use the Data Encryption Standard (DES) cipher for encryption
of your transmitted video films. The DES cipher has elements called S-
boxes and P-boxes in its algorithm.

(b) Explain the role of S-boxes.

An S-box stands for Substitution box since it a basic component of

symmetric key algorithm and performs substitution. It has a table which
can be used to find the substitution bit pattern for a given bit pattern in the
input (provides a mapping for substitution). Substitution process provides
the confusion to the resulting cipher text, decreasing the statistical
relationships between plaintext and cipher text. In other words it takes
some number of input bits and translates them to output bit and it uses
fixed and dynamic table. It uses the fixed table when the data is
transmitted through DES data encryption standard.

Further S box are easy to implement in software as well as hardware and

portioning the plain block into groups using each group as a pointer and
combining the individual outputs of the s boxes are all easier and faster to
implement in hardware.
E07410073 MMM.Riyad ITE2301

(c) Explain the role of P-boxes.

P-box stands for permutation box .this provides a permutation of the input
to the box as the output. It works based on a mapping system where it
specifies how to do the permutation. For example it will be mapped like bit
no 02 should go to bit no 11.Permutations provide the diffusion of
information in the input throughout the whole input. Hence the statistical
relationships between input and output are reduced. Further a
permutation is easy to implement in hardware be simply running a wire
from each input to one of the outputs. In software, a permutation can be
implemented with a series of logical operations that isolate the individual
bits and move each to a new position, a slow process.

(d) If you plan to stream the video films in real-time from the server to
the client player program, what is the DES mode of operation you would
select? You must explain in detail the reasons for your choice.

For streaming the video film on real rime from the server there are several
DES modes is being used. This includes Electronic codebook (ECB), the
cipher block chaining mode (CBC), the Cipher feedback mode (CFB) and the
output Feedback mode (OFB).

Out of these modes I would select the ECB electronic codebook mode due
the following reasons.

ECB is the fastest and easiest to implement, making it the most common
mode of DES seen in commercial applications. This has the capability to
divide long data stream into parts and to do the encryption in parallel. Data
is divided into 64 bits blocks and these blocks are encrypted one at a time.
These encryptions are totally independent to each other. This character
helps to transmit the data independently. Further this helps to affect the
errors on the data transmission to the relevant block only and will not
affect other blocks. Further an error in a single mode will not affect the
other blocks and it will remain UN recognized. In other words a single bit
E07410073 MMM.Riyad ITE2301

error in cipher text will remain as a single bit error in the decrypted
plaintext and this will not affect the quality of the video as I mentioned
earlier since this doesn’t have much difference and it will remain
unrecognized by human.

On this context if we compare the other DES mode operation the error on
block will not be independent and it will cause the error in the other blocks
as well and it is very difficult to correct this error and the overhead is also
very high. This can lead to slow data transmission which is not good sign
when it comes to video streaming.

Further ECB doesn’t have the additional security modes other than the
basic DES algorithms. But this will not effect in my company since my
concern is all about speed and quality.

(e) If you plan to first download the complete video films from the server
to the client player program and then play it, what is the DES mode of
operation you would select? You must explain in detail the reasons for
your choice.

On the above scenario I would select the OFB output feedback mode. As I
mentioned earlier a major drawback in the ECB is security measures but
since the video need to be streaming this will not affect our requirements
(speed). But if we are going to transfer the data to client file we need to
consider the security very crucially and we don’t need to consider about
speed .Yes of course there should be standard speed but comparatively this
can be lower than the streaming video.

Further in OFB method output can be computed in advance and it uses the
stream encryption over noisy channels which is great plus point when it
comes to file download. Further the massages are treated as a stream of
bits where we can download the files accordingly.

Further this method gives feedback on the massage error and encryption
before the massage is made available. This is plus point when it comes to
file download.
E07410073 MMM.Riyad ITE2301

Hence I believe this method is the appropriate one.

Your plan is to give each customer, who purchase a subscription to your

service, a customized client program. This client program has three main
modules: (1) a control module that connects with the video film server
and download encrypted movies, (2) a decryption module that decrypts
download video streams, and (3) a video player module to show the
movie. Each of the customized client programs will have a decryption key
embedded in the program. Each decryption key will be unique to a
particular customer.

(f) What are the possible weaknesses in the above security scheme to
prevent people without a valid subscription from viewing video films
provided by your company?

• The subscribers are given a user name and password which is

encrypted but this doesn’t mean that the product of our company is
safe. The simple reason is that anyone can use the same password to
obtain videos and the real subscriber can sell the video with a
nominal value by downloading it through the video player module.

• In a given time any number of users can use the same password and
use his password for long duration which can lead decrease the
commercial popularity of the video since there is no time frame.

• Hackers can steal the decrypted key which is embedded in the video
and miss use it.Inother words they can dissameble, debug and find
the embedded key which is used for decryption and find the protocol
of communication and the server and he can write his own program
to access our server and use it.

• Downloaded videos can be sold in the market since it doesn’t have

any copyright.
E07410073 MMM.Riyad ITE2301

(g) Propose possible solutions to the security weaknesses identified

by you in the above security scheme. If you think a particular
security weakness cannot be corrected, clearly state it in your
answer.

• To avoid the password problem we can use algorithms where the

password keep on changing based on the algorithem.We can see
these kinds of systems in banks. Each and every time when the user
logs in the password keep on changing for that user should have the
algorithm meter with them. Further we can use a public asymmetric
encryption scheme which high secured method with different
method of encrypting and decrypting. This works with two keys
public and private public key helps to encrypt and private key decrypt
what is being encrypted.

• There should be a time limit per user to view the video as well as to
download it and it should expire and in given time it should allow
only one PC or the IP address to access with the same user name and
password.

• Further all the videos should be copy right protected to avoid copy
rights and to prevent from sales. Further to avoid copying videos we
can use watermarking on the videos and based on that we can apply
copy right protections.

• To avoid stealing each video should scramble with a control word.

Further we can use transition cipher scheme where the secrete key in
transposition cipher is represented by a set of sequence number to
represent the new block sequence.

• Partial encryption also another method to prevent hacker from

viewing the streaming video. Here the intra frames or frame headers
are encrypted through a secret key. Each intra frame of the video
streaming preserves the whole image.