Cryptography and Network Security
Cryptography and Network Security
Cryptography and Network Security
Traditionally
information security provided by physical 2. A message is sent from a customer to a stockbroker with instructions for
mechanisms 1e. personnel screening procedures various transactions. Subsequently, the investments lose value and the
administrative
with locks and
customer denies sending the message.
during hiring process.
to recover high
stolen cash and value assets, 3. While transmitting the message between two users, the unauthorised user
are designed
Asset protection systems The system has the capacity to track, protect
intercepts the message, alters its contents to add or delete entries, and then
and deter crime.
apprehend criminals forwards the message to destination user.
in real-time.
and manage critical assets
have become s o effective that a person
The techniques of criminal investigation 1.1.2 Terminology
material, voice, retinal pattern, fingerprints
etc.
can be iderntified by genetic
to protect data Basic terminology used for security purposes are as follows:
and communications links requires
measures
.Use of networks a.Cryptography: The art or science the principles and methods of
encompassing
during transmission.
transforming an plaintext message into one that is unintelligible and then
of methods of protecting data from
Data security is the science and study retransforming that message back to its original form.
unauthorized disclosure and modification. b. Plaintext: The original message.
collaboration while managing risk
Data and information security is about enabling c.Ciphertext: The transformed message produced as output, It depends on the
with an approach that balances availability versus the confidentiality of data.
plaintext and key.
Computer security : Generic name for the collection of tools designed to protect
d. Cipher : An algorithm for transforming plaintext message into one that is
data and to thwart hackers.
unintelligible by transposition and/or substitution methods.
Network security: Measures to protect data during their transmission. e. Key Some critical information used by the cipher, known only to the sender and
a
over
Internet security: Measures to protect data during their transmission receiver.
collection of interconnected networks. f. Encipher (encode) : The process of converting plaintext to ciphertext using a cipher
and a key
Protecting valuables
Following are certain aspects for the need of security: 8. Decipher (decode) : The process of converting ciphertext back into plaintext using
1. Increasing threat of attacks. a cipher and a key.
2. Fast growth of computer networking for information h. Cryptanalysis The study of principles and methods of transforming an
sharing. unintelligible message back into an intelligible message without knowledge of the
3. Availability of number of tools
and resources on Internet.
4. Lack of specialized resources that
may be allotted for securing system.
TECHNICAL PUBLICATIONS -
An up thrust for knowledge
introduction
key. Also called code-breaking. Cryptanalysis is to break
Cryptography and Network Secunty 1-5 introductian,
an
Cryptanalyst can do any or all of the three different things
2. Integrity
1. Attempt to break a single message. Integrity refers to the trustworthiness of information resources.
2. Attempt torecognize patterns encrypted messages, in order to be
in Integrity should not be altered without detection.
able to
break subsequent ones by applying strainghtforward decryption
a It includes the
concept of "data integrity" namely, that data have not
algorithm. been changed
inappropriately, whether by accident or
deliberately malign activity.
3. Attempt to find general weakness in an encryption algorithm, witho It also includes "origin" or"source integrity" that is, that the data
actually came
necessarily having intercepted any messages. from the person or
entity you think it did, rather than an imposter.
i. Cryptology: Both cryptography and cryptanalysis. Integrity ensures that information is
not changed or altered in transit. Under
certain attack models, an
i. Code : An algorithm for transforming an
plaintext message into
adversary may not have to power to impersonate an
an authenticated party or understand a confidential communication, but
unintelligible one using a code-book. may have the
ability to change the information being transmitted.
1.1.3 Security Goals .On a more restrictive view, however, of information system includes
integrity an
connection and
detects any
with recovery
attempted. particular OSIsecurity service or protocol layer.
entire data sequence without recovery Trusted
withinan
provides only
detection a.
functionality That which is perceived to be correct with respect to
:
without recovery some criteria.
integrity of selected field.
for the integrity
Connection
urit or stream of data units. Example: In design, implementation or procedure, that might be exploited to
e. Authenticafion exchange : A mechanúsm intended to ensure the identity of a cause loss or harmn.
of threat.
securing8 a
o r class 1.5.1 Passive Attack
system against
a particular threat,
which exists when there is a circum. in eavesdropping on, or
violation of security, mstance Passive attacks those, wherein the attacker indulges
are
A potential for could breach security and cause harm. That learn or make use of
event that is, a A passive attack attempts to
capability. action, or monitoring of data transmission.
might exploit vulnerability. affect system resources.
that information from the system but does not
threat is a possible danger
the potential and tendenc: that is in transit. The term passive
focus more on analyzing of The attacker aims to obtain information
Where risk assessments threat assessments focus mor modifications to the
fall prey to various attacks, on indicates that the attacker does not attempt to perform any
one's resources to
resources
attacker's data.
analyzing the
one develop specific security
policies to implement n Passive attacks are of two types:
.Analyzing threats can help 1. Release of message contents 2. Traffic analysis
and understand the specitic implementation needs fn o
line with policy priorities 1.5.1. A telephone conversation, an
Release of message content is shown in Fig.
securing one's resources.
contain sensitive or confidential
electronic mail message and a transferred file may
depending on their mode of attack. From viruses .
from learning the content of
Threats come in many forms, information we would like to prevent an opponent
threats have evolved into sophisticated programs
trojans, spyware and bots, these transmissions.
intended to harm computers.
R A + T+ V Sender Receiver
of encryption
means
Sender
1. Masquerade Receiver
takes place when one
entity pretends to be a different Fig. 1.5.4 Replay
entity. Fig. 1.5.3 shows
masquerade. 3. Modification of message
.It involves some change to the
original It
effect. Fig. 1.5.5 shows the modification of message. produces an unauthorized
message.
Sender
Receiver
Internet
Fig. 1.5.3 Masquerade
For Sender
exampie Authentication sequences can be
: Receiver
authentication sequence has taken captured and replayed after a valid Fig. 1.5.5 Modification of message
tew
privileges to obtain extra place, thus enabling an
authorized
privileges by impersonating an entity thatentity
with For example, a
message meaning "Allow Rupali Dhotre
privileges. has those accounts "
is modified to mean "Allow
to read confidential file
Mahesh Awati to read confidential file
Interruption attacks are called as accounts".
Replay masquerade attacks. 4. Denial of service
involves he passive capture of a data unit and its
Fabrication use Denial Of Service (DOS) attacks.
produce an unauthorized effect. subsequent retransmission .DOS prevents the
Fig 1.54
o
normal use or management of communications facilities.
shows replay
attack. Another form of service denial is the
disruption of an erntire network, either by
disabling the network or by overloading it with messages so as to
performance. degrade
Fig. 1.5.6 shows denial of service attack.
TECHNICAL PUBLICATIONS An up thrust for
knowledge TECHNICAL PUBLICATIONS
Securty
introduction
ACR rapy and Nework Cryptography and Wetwork Secuity -15 introduction
When the target receives a SYN packet, it replies with TCP SYN ACK packet,
which acknowledges the SYN packet and sends connection setup information back
to the source of the SYN
provcad by sever
The target also places the new connection information into a pending connection
buffer.
F o r a real TCP connection, the source would send a final TCP ACK packet when
it receives the SYN ACK.
However, for this attack, the source ignores the SYN ACK and continues to send
SYN packets. Eventually, the target's pending connection buffer fills up and it can
service
1.5.6 Denial of no longer respond to new connection
Fig. requests.
of the wide variety of potential
al
dicult to prerent active attack because 1.5.3 Difference between Passive and Active Attack
t s
vuinerabilities.
pysicei software and network
attacks were single source attacks, mneaning
that a sinee SI. Passive attacks Active attacks
The s type of DOS No.
another system and cause something on that system to
STstem was used to attack
S Y N Sood is the most widely used DOS attack. Passive attacks are in the nature of Active attacks involve some modification of
eavesdropping or, or moitoring ot, the data stream or the creation of a faise
SYN Hood DOS attack.
Fig 15.7 shows the transmíssions. stream.
Source Server Types: Release of message contents and Types: Masquerade, repiay, modification
traffic analysis of message and deniai of service.
16
Introduction and Network Security 1- 17
Cryptography
Security
and Network whose
Cryptography
does with Certificate Authority,
be verified by
a
message
.
the receiver a
on w h a t
secrecy requirement.
Public keys can
attack, depending s e c u r e channel.
2. Chosen ciphertext
public key is distributed through a
that it decrypts.
3. Substitution attack
University Questions
4 Replay attacks instance jam all
communicatin
ons security attacks.
GTU: Summer-17, Marks 4
may for Briefly explain any two active
GTU: Winter-18, Marks 4
attacker 1.
The parties to
service attack. The defense is
for both
5. Denial of in middle attack.
the parties. treat Discuss man
one of
GTU: Winter-18, Marks 4
2.
before attacking status messages
and to their crypto system.
Explain diferent type of
authenticated attacks on
send 3.
periodically
disappearance with paranoia. rat ner Explain cryptanalytic
attacks with example of any encryption algorithm.
to active manipulation of
the meassages, 4.
GTU: Winter-19, Marks 7
used to refer
MITM is typically
than passively eavesdropping
encryption 1 . 6 Finite Fields
attack against public-key
successful MITM such that the
Example of a
communicate with
Bob and that Mallory wishes to
is a nonempty set together with a binary operation (*)
wishes to
Alice message to Bob. To get
A group
Suppose or possibly
deliver a false
following three properties are satisfied:
the conversation,
eavesdrop on
If Bob sends his public key to (a*b)*c a*(b*c). For all a, b, ce G.
ask Bob for his public key.
=
:
1. Associativity
started. Alice must m a n - i n - t h e - m i d d l e attack c a n begin. ea. For all a e G.
able to intercept it, a element ee G such that a*e =
arithmetic o n
the integers,
concerned with = [(a mod n) + (b mod n)] mod n
are That is,
multiple of N.
we
denote these by their "simplest" define a mod n to be the remainda. (11 1 5 ) mod 8 = 26 mod 8 = 2
is positive integer,
integer and n a
is
x n+(a mod n);
If a an
I(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
when a is divided by n. Then, a =[a/n]
(11 15) mod 8 = - 4 mod 8 = 4
Example: 11 mod 7 =4; - 11 and 7 =3.
relation on the integers. An equivalence class
: = n is an equivalence I(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5
Theorem
remainder on division by n. The
which have the same
consists of those integers classes modulo n. Rather than say the (11 x 15) mod 8 = 165 mod 8 55
also knoWn as congruence
equivalence classes are
modulo n.
Properties of modular arithmetic
say that they are congruent
integers a and b are equivalent
we
Let, Zn = {0, 1, 2 , . , (n - 1)} be the set of residues modulo n.
2
5 raised to the e-th power (e is called the exponent).
U U -******* *************"
*s ********* *******************
0 I n other words, problems take the form where given base b, exponent e, and
Z
*******************"***"
modulus m, one wishes to calculate c.
~****
0
*********:***
1 *****
Here r2 =0 and so the last non-zero remainder is r 10. Thus gcd (50, 60)= 1
Example 1.8.5 Find gcd (120 70).
Solution: 120 = 70 +50
Example 1.83 Using Euctidean algorithm calculate GCD (48, 30) and GCD (105, 80.
70 = 50 +20
Solution: Using Euclidean algorithm calculate GCD: 50 20x 2+10
CCD(48, 30)
20= 10x 2 +0
48 1x30 +18 gcd(30, 18)
30 1x18 12 gcd (18, 12) Therefore gcd (120,70) = 10.
18 1x12 +6
gcd( 12, 6) It is always possible to write gcd(a, b) as a linear combinations of a and b. That is,
12 there exist integers x and such that
2x6+0 gcd(6, 0 y gcd(a, b) ax+by (x or y may =
be negative).
to write gcd(a, b)
in the form ax+by. 1.10 Symmetric Cipher Model
can then retrace our steps
A symmetric encryption model has five ingredients Plaintext, Encryption
1.9 Conventional Cryptosystem algorithm, Secret key, Ciphertext and Decryption algorithm.
destination across some
from source to .Fig. 1.10.1 shows the conventional encryption model.
A message is to be transferred for the exchange of
the data.
must cooperate Secret keyy
intermet. Both the sides
is established by defining a route throueh shared by
sender and recipients
A logical information channel
to destination.
internet from source
8-
2. Some secret information shared by
Fig.
to the opponent.
1.9.1 shows the network security model.
8
Trusted third Plaintext Encryption Decryption Plaintext
parny nput algorithm
algorithmn Output
Fig. 1.10.1 Conventional encryption model
Plaintext is the original message or data that is fed into the
algorithm input.
as
Sender Receiver Encryption algorithm performs various substitutions and transformations on the
plaintext.
Transformation Transformation Secret key is a value
independent of the plaintext and of the algorithm. The exact
Wessage Secret t Information Secret VieSsage
substitutions and transformations
performed by the algorithm depend on the key.
message Channel message Ciphertext is the scrambled message produced as output. It depends on the
plaintext and the secret key.
Secret Decryption algorithm takes the ciphertext and the secret key and
information Opponent
Secret original plaintext. produces the
information
The original
Fig. 1.9.1 Network
security model intelligible message, referred to as plaintext is converted into random
A
nonsense, referred to as ciphertext. The science and art of
trusted third party is needed to to make them secure is manipulating messages
achieve called
Basic tasks in
secure transmission. cryptography
designing An
Design an algorithm forparticular security
a
1. service. original message to be
transformed is called the
plaintext and the resulting
2. Generate the
performing the security related
transformation.
message after the transformation is called the
ciphertext.
secret information to The process of
be used with the converting the plaintext into ciphertext is called
3.
Develop methods for the distribution and algorithm. reverse process is called encryption. The
decryption. The encryption process consists of an
Specify a protocol to be used by the twosharing the secret informa of the
of tion.
4. algorithm and a key. The key controls the
algorithm
security algorithm and the secret principles that makes u The objective is to
design an encryption technique so that it would be
service. information to achieve ecurity
difficult or
impossible for an unauthorized party to understand the contents ofvery
a
particula" the
ciphertext.
TECHNICAL PUBLICATIONS An up thrust
for knowledge TECHNICAL PUBLICATIONS An up thrust for
knowledge
and Network
Security
1-28 Introduclion
Cyptography
decrypting the
cipher Cryptography and Network Securlty 1-29 Introduction
message only by ertext usin
the original used, the algorithm
will
A user can
recover
upon the
secret key
the algorihc
prod University Question
the secret key. Depending
different output.
If the secret key
changes,
the output of
zorithm also 1. What are the essential ingredients of a symmetric cipher ?
GTU: Winter-17, Marks 4
changes. depends on
factors.
on several fant.
the several
conventional encryption
m u s t be diffi.
Th 1.11 Cryptography
The security of the Decryption message
must be powerful. he
encryption algorithm The algorithm is upon Cryptography is the study of secure communications
on the secrecy
of the key only. all bu .
techniques that allow only
algorithm depend the diagram, the message source is the the sender and intended recipient of message to view its contents. The term is
a
in
secret. As shown
only key is to keep key K input and cin derived from the Greek word kryptos, which means hidden.
plaintext ie. X
with the message
X and encryption
as
ciphertex Cryptography is the science of secret writing that brings numerous techniques to
Y, we can write this as,
safeguard information that is present in an unreadable format.
Y = EK, X) 1.10.1)
algorithm E as a function of the nlaintet By using cryptographic systems, the sender can first encrypt a message and then
Y is to be produced by using encryption able to invert pass on it through the network. The receiver on the other hand can decrypt the
X. The intended receiver in possession of the key, is the message and restore its original content.
transformation.
Characteristics of cryptography:
X = D[K, Y) (1.10.2)
1. The types of operations used for transforming plaintext
An opponent, observing Y but not having access to K or X, must attempt th to ciphertext.
recover X and K or both X and K. It is assumed that the opponent does have 2. The number of keys used.
knowledge of the encryption (E) and decryption (D) algorithms. 3. The way in which the plaintext is processed.
Cryptography is an art or science encompassing the principles and methods of
1.10.1 Advantages of Symmetric Key Cryptography transforming a plaintext message into one that is unintelligible, and then that
1. message back to its original form.
High rates of data throughput.
2. Keys for symmetric-key ciphers are
relatively short. Cryptanalysis: The study of methods for obtaining the meaning of encrypted
information without accessing the secret information.
3. Symmetric-key ciphers can be used as
primitives to construct various cryptograpic
mechanisms (i.e. pseudorandom nunmber generators). Cryptography is where security engineering meets mathematics
4. Cryptology = Cryptography + ryptanalysis
Symmetric-key ciphers can be composed to produce stronger ciphers.
5.
Symmetric-key encryption is peroeived to have an extensive Some Major Applications:
history. 1. To protect
privacy, confidentiality
1.10.2 Disadvantages of Symmetric Key 2. Insuring data
integrity for detecting and preventing
1.
Cryptography manipulation
unauthorized data
Key must remain secret at both ends.
3. Authentication, the means by which two parties can
2. In large
networks, there are many positively identify each
keys pairs to be
managed other.
3. Sound cryptographic practices dictates that the
4. Digital signature mechanisms key changed frequenty be 4 Non-repudiation t o hold people responsible for their actions.
require either large keys or the arising from symmetric-key on
encryptio
typical There are a number of
block ciphers, stream
cryptographic primitive's basic building blocks, such as
use of third trusted ciphers, and hash functions. Block ciphers may either have
parties. one key for both encryption and decryption, in which case they're called shared
Key or have
separate keys for encryption and decryption, in which case they're
A digital
signature
scheme is a
pecial type of
special -
a problem
arises in sharing
the
ntended
However, others. Chosen ciphertext 1. Encryption algorithm
integervalue. discovered by
without letting it be
recipient 2.Cipher text
3.Purported ciphertext chosen by cryptanalyst,
University Questions together with its corresponding decrypted
plaintext generated with the secret key.
terms in brief
1. Discuss the following
Chosen text 1.Encryption algorithimn
Brute force attack
GTU: Summer-17, Marks 3
Cryptography 2.Cipher text
Passive attack, Cryptanalysis.
the following terms in brief : 3.Plaintext message chosen by
2. Discuss
GTU Winter-17, Marks 3 cryptanalyst
together with its corresponding iphertext
generated with the secret key.
1.12 Cryptanalysis 4Purported ciphertext chosen by cryptanalyst
together with its corresponding decrypted
any cipher
to break text message to obtain the original plain
The process of trying plaintext generated with the secret key.
text message itself is called as cryptanalysis.
is the art of deciphering encrypted communications without
Cryptanlysis 1.12.1 Cryptanalysis Attacks
knowing the proper keys
There are four general types of
Cryptanalysis is the breaking of codes. The person attempting a cryptanalysis cryptanalytic attacks. Each of them assumes that the
cryptanalyst has complete knowledge of the encryption algorithm used.
called as a cryptanalyst.
1. Ciphertext-only attack
Brute force attack: The attacker tries every possible key on a piece of cipher text
2. Known-plaintext attack
until an intelligible translation into plaintext is obtained. 3. Chosen-plaintext attack
Types of Attacks on Encrypted Messages
4. Adaptive chosen plaintext attack.
ST.No. Types of attack 1.
Known to cryptanalyst Ciphertext only attack:
-
messages
2. Known-plaintext attack
not only to the ciphertext
of several
es, but also If either type of attack succeeds in deducing the key, the effect is
T h e cryptanalyst has
access
catastrophic All future and past messages encrypted with that key are
those messages.
to the plaintext of messages.
compromised.
to encrypt the
J o b is to
deduce the key used with the same ko
to decrypt any new messages
encrypted key. 1.13 Vulnerability and Threat
OR an algorithm attack. Computer based systems have three valuable components Hardware, software and
I t is also referred
to as probable word
a
Pi, Ci =
Ex(P)
=E,(P), P2.C2 =E,(P2).
data.
Given P, C Securities of these components are evaluated in terms of vuinerability, threats,
algorithm to infer P+1 from Ci+1 =E^(P+1)
Deduce: Either K or an
attacks and control.
3. Chosen-plaintext attack An assault on system security that derives from an intelligent threat; that is, an
than a known plaintext attack because the cryptanalvst caan intelligent act that is a deliberate attempt to avade security services and violate the
This is more powerful
to encrypt. security policy of a system.
choose specific plaintext biocks
The cryptanalyst not only has access to the ciphertext and associated plaintext fn
Asset
several messages, but he also chooses
the plaintext that gets encrypted. Asset neans people, property and information.
Given P, C =E,(P), Pz,C2 E,Pa)...P, Ci =Ek(P)
=
People may include employees and customers with invited persons such
along as
where the cryptanalyst gets to choose P, P2, contractors or guests.
Deduce Either Kor an algorithm to infer Pi+1 from Ci+1 =Ex(P+1) Vulnerability
4. Adaptive chosen plaintext attack
Vulnerability refers to the security flaws in a system that allows an attack to be
successful.
Not orniy can the cryptanalyst cho0se the plaintext that is encrypted, but he can
also Weakrnesses or gaps in a security program that can be exploited by threats to gain
modify his choice based on the result of previous
encryption. unauthorized access to an asset. Vulnerability is a weakness or gap in our
A cryptanalyst might just be able to choose one large block of plaintext to be protection efforts.
encrypted- in chosen plaintext attack.
Example In design, implementation or procedure, that might be exploited to
Exampie 1.121 What is the objective af attacking an encryption system ? Write the tuo cause loss or harm.
ayproaches to attack a comoentional encryption scheme
GTU: Summer-12, Marks 7 Threat
Anything that can exploit vulnerability, intentionally or accidentally and obtain,
Solution : The objective of attacking an
encryption system is to recover the key n 15e damage or destroy an asset. A threat is what we're trying to protect against.
rather then simply to recover the plaintext of a single ciphertext. There are two Ben eral
approaches to attacking a conventional encryption scheme: Threat refers to the source and means of a particular type of attack.
1. Cryptanalysis A threat assessment is performed to determine the best approaches to securing a
Cryptanalytic attacks rely on the nature of the Jus
perhaps some knowiedge of the general algorithm system against a particular threat or class of threat.
some sample characteristics of the plaintext or even
being used a
specific plainte threat is a possible danger that might exploit vuinerability.
2. Brute-force attack The attacker tries Where risk assessments focus more on analyzing the potential and tendency of
until every possible key hertext
inteligible
an on a
piece of one's resources to fall prey to various attacks, threat assessments focus more on
possible keys must betranslation into plaintext
tried to achieve
is obtained. On average, ha" analyzing the attacker's resources.
success
TECHNICAL PUBLICATIONS An up thrust for knowledge
TECHNICAL PUBLICATIONS An ua t
1- 34
introductio Cryptography and Network Security 1- 35 introduction
aC ewok Sec
ypograPY to implen
security policies in 1.14.1 Caesar Cipher
deveiop speciic
threats can help one
and specific needs
implementation n e
o
Analyzing and
understand
Caesar cipher is a special case of substitution techniques wherein
policy priorities each alphabet in
ine with a message is replaced by an alphabet three places down the line.
securing one's resources.
and bots,
threats
have
evolved
grams
trojans, spyware For example,
intended to harm computers
Plaintext hellow world
a result of
Risk or
destruction of an asset as a
threat Ciphertext KHOOR ZRUOG
damage
.The potential for loss, Risk is the intersection of assets, threats and
exploiting vulnerability. List of all possible combination of letters.
vuinerabilities.
Plain a b cd e fg hi
determine risk is ik m n
.The formula used
to
Threat + vulnerability D E F G H I J KL MN O P
Risk = Asset + Cipher
ww.wiiwww.wwwwwiowwewwwwwwwwwwwwweevaiavrivne
Q R S TU V
eynemme erenn
R A+ T+ V t
vulnerabilities to obtain damage or destrou
W
Risk is a
vulnerabilities then there is little
if there are no
assets. Thus, threats may exist, but Cipher W X Y Z A B CC
no risk.
have threat, then you have Numerical equivalent to each letter is given below.
Similarly, you can have vunerability, but if you no
little / no risk. b c d e f g h i j k 1 mn o 9r
P
xY 2
Control 4 5 6 7 89 10 11 12 13 14 15 16 17 18 19
wwwwwww.wwwwwwwwwwwww.wwwowwwwwwwwwwvwwwwwwwwwwwwwiwwsvooww.wwwetwnae
20 21 22 23 24 25
Control is used as proactive measure. Control is a action, device, procedure or eiwiie
Owadnwwnwenvwww.wwvoiwwwwwwiwrdinrwwwe Noeidiu oiwivvwtivieieiwn
The algorithm be
technique that removes or reduces a vulnerability. can
expressed as follows. For each plaintext letter P, substitute
the ciphertext letter C
A threat is blocked by comtrol of vulnerability. C E(3, P) = (P + 3) mod 26
Interception, interruption, modification and fabrication are the system security
A shift may be of any amount, so that the
threats. general Caesar algorithm is
C E(K, P) = (P + K) mod 26
Brute force attack
The attacker tries every possible where K = Values from 1 to 25
key on a
piece of cipher text until an
intelligio
translation into plaintext is obtained. The decryption algorithm is simply
Brute force attack is P DK, C) = (C - K) mod 26
automated process of trial and
an
used to
person's user name, password, credit-card number
error gue I f it is known that a given
of cryptographic keys. ciphertext is a Caesar cipher, then a brute force
114 Substitution Techniques cryptanalysis easily performed : Simply try all the 25
is
possible keys.
Demerits
A substitution .The encryption and
cipher changes characters in the decryption algorithms are known.
A substitution plaintext to produce to cip ed
hertext
Ciphertext message: acggk akr moc wky Where C and P are column vectors of length 3, representing the plaintext and
Monoalphabetic ciphers are easy to break because they reflect the ciphertext.
of the original alphabet. frequency data Kis a 3x3 matrix, representing the encrypting key.
Homophonic Substitution Cipher .For example:
Plaintext = Paymoremoney
It provides multiple substitutes letter. Forfor a
single example, A be
by D, H, P, R; B can be replaced by E, Q, S, T etc.
can
replaced (17 17 5
Key (K) =
21 18 21
1.14.3 Playfair Cipher 2 2 19
The playfair algorithm is based The first three letters of the plaintext are represented by the vector.
on the use of a 5 x 5 matrix of letters
using a keyword. constructed (17 17 5(15
For
(375 11
example : Monarchy is the
keyword.
C KP mod 26 =| 21 18 21 0mod 26 =| 819 mod 26 =| 13=LNS
2 2 19 24 486 18
M
AR For plaintext pay, ciphertext is LNS.
B D
*anddpso*ssuenensassa***:*********ssa* The entire ciphertext is LNSHDLEWMTRW
G I/J
Decryption requires using the inverse of the matrix K.
O S
*************esor
V
amwmuiwwm
W
A
Z
Thegeneral terms in Hill cipher is
Cipher C= E(K, P) = KP mod 26
The matrix is
constructed by filling in the Plaintext P = D(K, P) = K'c mod 26 K KP =P
and from top to letters of the
bottom and then keyword from left to g
remaining letters in alphabetic order.filling in the
remainder of the matrix witn the Advantage0s
1. It
.The letters I and J count completely hides single letter frequency.
as one
letter. 2. Hill
cipher is
strong against a ciphertext only attack.
. 5y using larger matrix, more frequency information hiding is possible.
TECHNICAL PUBLICATIONS An up thrust for TECHNICAL PUBLICATIONS An up thrust for knowledge
knowledge
oryptography arnd Network Seciunity
- 38 Introductio Cryptography end
Network Securty
39
Introduction
Disadvantage
known plaintext attack. In polyalphabetic substitution, each occurrence of a
character can have differernt
1. Easily broken with a
The a
atibstitute. relationship between a character in the
the ciphertext is one to many. plaintext to a character in
1.14.5 Polyalphabetic Substitution
Plaintext
.An example of polyaiphabetic substitution is the
Vigenere cipher.
.The Vigenere cipher chooses a
sequence of keys, represented by a string. The
S t u v wx letters are applied to successive plaintext characters, and when the key
ik 1mn P end of the
bcd g is reached, the key start over. key
P QR S T U V w x y
ABC DE FGH J K iM NO
MNO P a R S T U V, W X
Y z Fig. 1.14.1 shows a tableall or table to
8CDE FG H K implement this cipher efficiently,
R S T UV XY Z AB (See Fig. 1.14.1 on previous page)
C EFGH KL M O P
DEFG4 K MNO P 0 R S
TU
VW X Y Z A B C .For example : Let the message be THE BOY HAS THE
BAG and let the key be
VIG.
EFGH K i MN0 PO R S
T U V W X Y Z A BC n
Key = VIG VIG VIG VIG VIG
J L OPQR S T U VW X Y Z A BC DE
F G H. K
K LMN 0 PQR V W X Y Z A B C DE F
ST U Plaintext = THE BOY HAS THE BAG
K NO P R S TUV WXY Z A B C D E Fi G
Ciphertext = OPKWWECTYOPKWIM
KLM NOPG V W X Y Z A BC D E F G HRS T
quantities of randon
tidatheny Solution: key FNGINEERING plaintext COMPUTER
intrduciGr
Piaintext = PLAYFAIR PL AY FA IB
Example 1.14A Ezplain Playfair Cigher in detail. Find out cipher sext for the folioneing
ghen plain text and key.
Key COVERNMENT
Plaintext PLAYFAIR GTU Winter-18, Marks 4
Solution : Key =
GUJAR
Plain text =
Surgical Strike
Sokved Eamples
U
Exaple 1142 pai oto api substiution technique in detail, Find out cp C D
Key=ENGANEERING N
Z Corresponding C i p h e
pher:
E
3 A
Plain text = Su rg ic al St ri ke 3
20 10 24
12 4
5
OP GU MC 10 Y
Cipher text = PA UJ UD JM
me at the usual place using the Hl
Example 1.14.5 Encryp the message "meet E
20 13 1 11 3
9 L
the key
***
C KP mod 26
Example
1.14.6 Given key
12
1 pair from plain text "me" > 17 17 5
K=21 18 21
(9x12+4x4 4> mod 26 =>1 2 2 19
5x12+7x4 88 andplaintext ney Find outthe ciphertext applying Hl Cipher 1s Hl cipher strog
2 pair from plain text "et"
against ciphertext only attack or known plaintext attack ? Justify the answer.
GTU: Summer-19, Marks 7
9x4+ 4x19 (112)
5x4+7x19 153 mod 2623 Solution Key K =
17 17
21 18
5
21 and ney
2 2 19
Cipher text for "meet" is "ukix
To get plain text from cipher text, we need to find the inverse of K 17 17 51131 17x13+17x4 +17 x24 697 21
21 18 21||. =21x13+18x4+21x24 = 849 mod 26 =|17=
A =
9x7-5 x4) => 43 2 2 192 2x13+2x4 +19x24 490 22
=17)
Adj (A) => | 43 % 26 Plaintext= ney
Ciphertext = vIw
Find the multiplier for 17, using 17xX = 1 mod 26 =>X = 23
161-92 5-14 Erample 1.14.7 How cryptanalyst can exploit the reguiaritiesof thelanguageHo
-115 207 Mod 26251525Add Add 26 for -ve values) diagrams cam soloe this problem 7 se the key hiddern GTU
nd encrypt the mege
Message using playfair cipher. Summer-l19, Marks 7
P CK => For the cipher text of "uk" Solution:
12 20 5x20 +12x10 220 Yptanalyst knows the nature of the plaintext (e.g., noncompressed Engisn
15 25 10 15x20+25x10550 ,then the analyst can exploit the regularities of the language to be solved is
To see
Hence the plain text is "me". how such aa cryptanalysis might proceed. The ciphertext
UZQSOVTt AMOPVGPOZPEVSGZWSzOPFPESXUDBMETSXAIZ
EPHZHMDZSHZOwSFPAPPDTSVPQUZwYMXUZUHSX
TEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
TECHNICAL PUBLICATIONS An up thrust for knowledge TECHNICAL PUBLICATIONSAn up thrust for knowledge
1 44 Introduction Notwork Socury 1-45 Introduction
Cryptography and
Notwork Secuty Ciyptography and
letters can be determino.
d
the and
relative frequency of Examplo 1.14.8 Perform encryption in playfair cipher algorithm wíth plain text as
the English.
A s a first step, distribution for
INFORMATION AND NETrWORK SECURITY", keyuord is "MONARCH
standard frequency be sufficient
compared to a alone might
t
this technique but (Note: 1. Put j and both
i combine as a
single field in 5
*
5 matrix).
w e r e long enough, an exact match.
expect
If the
cannot
message
relatively short
we
message, GTU Winter-19, Marks 7
this is a (in percen
because
relative frequencies of the letters
in the ciphertext
entages Solution
I n any case, the
areas follows: M N A
Z 11.67 D 5.00 W 3.33 G1.67
C0.00
F 3.33 B11.67 Y B
P 13.33 H 5.83 V 4.17 T 2.50
L 0.00 U 8.33
Y 1.67
S 8.33 E 5.00 Q 2.50 I K
K 0.00 R 0.00 M 6.67
A 1.67 JO.83 S
0 7.50 X 4.17
10.83 N 0.00
P and Z are the equivalents of plain letters e and
Ciphertext = od xd qe fn
Cyptography and
Network Secunty Introduction
"meet
me
arter this party" th
wih
a
rail fen SolvedE x a m p l e s
example, to
enciphere
the message
tence Encryp the message "GTU E
ror
the following
Example 1.15.1 E n c r
amination" using the
your calculations and the result.Hil cipher algorithm
we write
ofdepth 2, t
h
matrir
e m a
i P with thekey
15
e f GTU: Winter-19, Marks 7
e
The ciphertext is
Solution:
5x6+17x19 3531
MEMATRHSATETEFETIPRY
reartangement
of the
the letto.
letters
a transposition cipher
requires o 5 171 6 4x6+15x19309 mod 26 | = P
Attacking
ciphertext. has the
the same
A pure transposition
ipher is easily
recognized
because it
\ete 20+17x4= mod 2626 =12 M
mod
frequencies as
the original plaintext.
is suitable for self study.
L4x20+15x4140
10K
Plaintext: The book 5x23+17x01 115 L]
L4x23+15x0 9 mod 26 =
Key:564132
6 4 1 3 2 15o
Key 5x12+17x8 196] mod 14 o
Plaintext: t
k
e b 15|8|4x12+15xs168
26 124
b e 5x13+17x01 651
5 17 l4x13+15x052 mod26
S e f 4 15]0
t 5 17 19 5x19+17x8 231 mod 26
Ciphertext : BSLEDOIFFOUELYESBSUTKTOSHIART.
415]8 4x19+15x8 196 14 o
014
1.15.1 Difference Between Substitution Cipher and Transposition Cipher 5 1714 (5x14+17x13-|28mod 26 =
wwwww.x
415|13 +15x13251
Substitution Cipher Transportation Cipher Plain text:GTU Examination
Deimition A substitution technique is one in
wiich the ietters of plain text are
Transposition cipher does not
substitute one symbol for another
Ciphertext: PX MK LO OM NA XO AR
the
replaced by other ietters or number instead it changes the location of
symbois. University Questions
pe MMoncalphabetic and Pokyalphabetic Keyiess and keyed transportation transportatiom techniques.
and
sstitaon cpter. Write diferences between substitution techniques
epher. GTU Summer-17, Marks 3
Each lefter refains s positior but
GTU: Winter-17, Marks7
anges IS Kientt
Each letter retains its identíty 4Explain transposition techniques with appropriate example.
A * changes its position GTU Summer-18, Marks 4
S Explain columnar transposition cipher technigue:
The last leters of tte aiphabet which Kegs very ciose to the
correct Ke?
areosty low zequency tend to wil reveal long sections of ieg
piaintext.
Raii tence cipher
TECHCAL PUBLICATIONS An up thrust for knowledge ECHNICAL PUBLICATIONS An up thrust for knowedge
cK pners Nework Securitv 2-3
2-2 cyptographyand
and Network Secunty
Stream Ciphers nd Block Ciphers
Ciyptography
decrypting
d the data, copy a block of
ciphertext, decrypt it and
2.1 Stream Cipherss with the preceding block of ciphertext. XOR the result
on blocks of data. Ex to be the
A block cipher operates and operates on each Taking encipherment algorithm with key
breaks the plaintext
into blocks
block initialization vector, the cipher block
K and I to be the
Algorithm
Co = Ex (m, D)
chaining technique is
independently.
blocks are 8 or
16 bytes long
Usually of the encryption function. Ci Ex(17; ®Ci-1) for i> 0
depends on the design
Security of block ciphers faster than
Software implementations
of block ciphers run
softwate 21.1 Advantages and Disadvantage of Block Cipher
implementation of
the stream ciphers.
Advantages:
not affect other blocks.
Errors in transmitting
one block generally do 1. High diffusion
using the same key, identical plaintas
Each block is enciphered independently,
ext
2. Immunity to insertation of symbols
blocks.
blocks produce identical ciphertext
and the cipher you are using operates
.Suppose that plaintext is 227 bytes long on Disadvantages
16-byte blocks. 1. Slowness of encryption
them using the key table.
Algorithm grabs the first 16-bytes data, encrypts
of 2. Error propagation.
Algorithm produces 16-bytes of ciphertext. 2.2 Block Ciphers
After first block, algorithm takes next block. GTU: Winter-14, 17, 18, 19
The key table does not change from block to block. .Stream cipher algorithms are designed to accept a crypto key and a stream of
plaintext to produce a stream of ciphertext.
Plaintext= 227 bytes
227 .Fig. 2.2.1 shows the stream cipher.
Block size 16 bytes =
plaint
treated as a whole and used to produce a ciphertext block of equal length. Decryption Algorlthm the subkeys Ki n reverse
but use
block ciphertext as input to the algorithm,
tmber
.
Many ciphers have
Feistel structure. Such a
a
structure consists of a n
e
LE16 RE5
RE46 LE15 x F(RE15 K1s)
RONund1 L bs wDits RK Subkey
generation
algorithm On the decryption side
D RDo - LEj6 = RE15
RD =
LD xF(RD0, K16) RE16 F(RE15 K16)
= x
=
[(LE15 *
F(RE15, K16}) F(RE15, K
x
Finally, the output of the last round of the decryption process is RE| LE9- A 32 bit
swap recovers the original plaintext, demonstrating the vaiidity of the Feistel decryption
process.
encryption
IP. Then, it is
An input block to beencrypted is subjected to an initial permutation
mereaeeetepieeeeoe applied to two rounds of key-dependent computation. Finally, it is applied to a
permutation which is the inverse of the initial permutation.
plaintext = b^bzbgb4bsbgbybg
key = k1k2kgkak_ksk7kgk gk 10
Fig. 2.3.A Clasal teietel networ
The put of the first
1and sA te derryption Subkey generation
32 bit swap
16 19nd f he ercryptiom process equal to a
he input so the is
First, produce two subkeys Kj and K2:
prseos.
Ki = P8LS,(P10(key))
P100k1k2kkgkskskykgkgk10)
=
wwwwwwww****** ***owsseweewenoymmmemumnwww.
operators in this notation: ***********wwweeitvwenwwwnewwwmrewnmneeaun
to write such bit substitution
2 2
It's convenient www
******
www.
*****
**
*"********""*****"****w **************www 4
w**ww*********************************** *
P10: (10 bits to 10 bits) P4 (4 bits to 4 bits)
awww.
5 2 74 10
****
1 9 8 6
wwww.w************
*****"********NNWwwwrwwwmmwwmwwwwwwwww.wwr
********************Z
**ww aww*www
wwwwwnsavmwwwww.
*********
*********************1N*P*DeNWwmNmONmwwmmmwmiwmmwwww.Mmwwwv
P8: (10 bits to 8 bits) Ihs (8 bits to 4 bits )
wwwwswwwwwwwwiwwwww
******
ww.w
** ****w
***
10 9
7 4
waiwswwwwwwwwwwwaawwwwww.w.wwww.wwwww.wwwwwww
wwww.www..*********************www. 3 4
***** ******************
2 3
weuwx
4
auaxnaun
1 7 8
wwwww.axww wwwww.wwww*ww***
10
***wwAww.a
6
wwawwswi
wwwwwwwwwww.wwwwwwwwwawwwww.ww
* ********wwwwwwwwwww. ww.w.wwwwwww.t
LS, (left shift bit" 2 on 5 bit words): 10 bits to 10 bits SO(b b2 bab4) = The [bjb4,b2b3 ] cell from the "S-box" S0 below, and similarly for
www.wauwwwwwwwwwwwws
S1.
3 4 5 1 2 8 9 6 7
wwww. wiwawwwwwiwwwwwww. *****wwwwwww.wmwwww.wmwwww..3
S0
Encryption
The plain text is split into 8-bit blocks; each block is encrypted separately iven a
plaintext block, the cipher text is defined using the two subkeys Kj and K2, ä
follows: 3
Ciphertext IP(fk,( SWlK,(IP( plaintext ))))
where:
S1
Initial Permutation (IP) : 8 bits to 8 bits
ywwwrarsomarm*e wv u
***""*""N ****** www
www.wwe wwwwvwwww.wwwwwwww
2
3 7
knnararwowm i mwww.
R o consists of the last 6 bits. The ith round of the algorithm transforms an input
w**
*****
6
unnun 8 1 2 wwen i-1 Ri-1 to the output L;R, using an 8-bit Ki derived from
and fk () is computed as follows. ig. 2.4.1 shows one round of a Feistel system.
We write exclusive-or
(XOR) as +.
for hat reason is phase consisting of 16 rounds of the same function, which involves
Then there is
a
and
substitution
arnd
Sorneti
DES uses
both transposition
its input, cutput
and key are
each 64
each
64-bits lorg both permutation
and substitution functions.
referred to as a product cipher. the sixteenth round consists of 64-bits that are a function of the
are referred to as blocks. The output of
The sets of 64-bits ions rounds uses aa separa and the key.
consists of 16 rounds or iterations.
Each
Each rounds uses
separate kev.
ey t input plaintext
The aipher The left and right
halves of the output are swapped to produce the pre-output. At
48-bits.
Fig 25.1 shows DES encryption algorithm First, the 64-bit plainte+
xtuce last, the pre-output
is passed through a permutation (P) that is the inverse of
the bits to prodic
passe the initial permutation function, to produce the 64-bit ciphertext.
that reartanges
Ehrough an nitial
Permutation (P) the
Initial permutation
permuted nput
Key (64 bit) . Table shows the initial permutation and its inverse. The input to a table consist of
Plain test (4 t )
64-bits numbered from 1 to 64.
. The 64 entries in the permutation table contain a permutation of the numbers from
Permutedd 1 to 64. Each entry in the permutation table indicates the positon of a numbered
Ir germutator Choice
input bit in the output, which also consists of 64-bits.
56
Permutation (IP) table
Initial
56 ,
20 2
56 46 2
56
Pemuted1 b6
Round 2 Let circular
choice 2 shh 33 9
49
59 51 43 35 19
45 29 2.1 L3
6
33 55 39 3I 23
16 shift 39 47 25
8 14 62 30
32 bit swap 13 b
********
2 20 60
4
9 2
Inverss initial 42 10
penmutation **** ********
4 9 A9
wwwww.wvwwwwww.w ************
****
w.aw wwowwwwww.wwww.wwwewwwwwwww.wwwwwwwwwwww
formulae ctaore, the substitution and permutation both functions are used.
28 bits 28 bits
Fig. 2.5.3 shows role of S-boxes in the function F. It consists of set
of eight
32 bits
32bits S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.
R(32 bits)
48
48
4 8 bits
Dits
KY48 bits)
48
Pemutation
cOnttacGio
-0
SUDsitutionchoice
32
Permutation
32 bits
Fig. 2.5.3 S-boxes in the function (F)
XOR
The 48 bit input block is divided into 8 subblocks and each subblock is given to a
S-box. The S-box transforms the 6 bit input into a 4 bit output.
First and last bits of the input to box S; form a 2-bit binary number to select one
of four substitutions defined by the four rows in the table for S. Two bits can
store any decimal number between 0 and 3. This specifies the row number. The
middle four bits select one of the sixteen columns.
Fig. 2.5.2 Single round of DES
algorithm
TECHNICAL PUBLICATIONS An up thrust
TECHNICAL PUBLICATIONS An up thrust for knowledge
for knowledge
Stream Ciphers and Block
Oryptbgraphy
and Network Secunty
2-16
Cipherg CVplography
and Network Security 2-17
Stream Ciphers and Block
vi ****
wwemweru
Ciphers
value for DES
gives the S-box 15 0 8
** wwww
tabBe 11 2 14 13 3
Folowing 12 9
12 5 10 6 1
8 3 10
14413 1 2 15 11 13
0 11 7 4 9 1 10 4 3 5 2 15
106 12 11 ************ ******
*******
8 6
2 13 4 13 12 3 14 10
015 74 ************** 15 6
2
15 12 9 7 3 10 5
***** ******* 9
8 13 6 2 ********
0
***- 11 1 10 7 9
4 1 14 **
6
**
5 U 15 14 3 12
14 10 0
www.wwwwwwwwwwwwwwwwww
* *****ontwwn meviemmwe
5 11 3 6 13 ** ******* ****
2 4 www.wwiww *w w w *wwdn
15 1 2 8 www *
4 15 111 10
wawwmmw
2 8
13 9
******: ******* **
14 012 7
* **wwww 1 15 13 810 7 412 5 6 11 14
**
9 7 2 I3 12 0 5
****** 9 2
3 10
151 8 6 en*-*********************** ************** ****** : *******¢ 7 114 19 12 14 2 06 10 13 15
. s*****"?** ** *****************--
3 5 8
14 12 0 1 10 6 9
**************************"*****************************earens*
2 5
313 4 7 15 ************************* ***************
2 1 147 4 10 8 13 1512 9 5 6 111
. hiwwwwww.wwwwwwwwwwwww.iwwwwwwwwwwwwwwwwww.wwwwwwwwwweww.
413 15 8 12 6 99 3 2 wwww.w wwwww.w.w w
10 15 ***
wwwwwwwwwwAwwwwwwvwime
014 7 11 *****
****
**********************************o*
. Fig, 2.5.4 shows the selection of an entry in a S-box based n the 6-bit
3 154 2 11 7 12 05 14 9 input. For
138 101 www wwww.wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwiww.
example, in S2, for input 101101, the row is 11 and the column is 0110. The value
** * *****www.wwwwwweuooowos
7
in row 3, column 6 which select row 3 and column 6 of S2 box. The output is 4.
10 9 14 6 3 15 5 13 12 11 2
*** :****** *
13 7 9 346
******
10 2 8 5 1412 11
***
15
1
13 6 4 9 15 3 1 2 I2 10 14 7
***** ******* es***************************** **********
10 6 15 14 3 II 2 12
******* ************* " ***************************** * * ************* ***************wwwwwww.
4 bit columnn
7 13 14 3 6 9 10 1 2 5 11 12 4 15 numoer
10 6 9 11 7 13
number
12
151 3 14 5 2 84
Fig. 2.5.4 Selecting entry in S-box
10. 1 13 8 94 5 11 12 7 2 14
vywwANENIewaaavwwiav0* w***r ***w ww m *****"*********w****w
ww.
n** ew
iwn 2.5.2 Key Generation
*r"""***"****
1 4
10 11 6 3
***********************"?********in***
15 13 14 64-bit key is used as input to the algorithm. The initial 64-bit key is transformed
**********************************i**************:
14
into a 56-bit
P5 ***************************w
7 13
**opo
1 0 15 10 33 9
********
key by discarding every 8h bit of the initial key.
*******"********************************************
10 13 7 9 14 rom 56-bit key, a different 48-bit subkey is generated during each round using a
12 5 6 3 0
12 ***************"ve*g*ve**********"******** process calledkey transformation. as
14 21 3 6 15 3
0 9 10 5
he
******NPewe uew130****************
*******aaN*NIAtwwwuenw*"* resulting 56-bit key is then treated as two 28-bit quantities, labeled Co and Do
12 1 10 15 9 2
13 3 4 14 7 5 11 At each round,
C_ and D are separately subjected to a circular left shift, or
10 15 2 7
**** rotation, of 1 or 2-bits.
12 9 5 6
6 1 13 14 0 11 3
1415 5 2 8 nese shifted values serve as input to the next round. They also serve as input to
7 6
****** a***ge*e**jas. 4 10 13 11 emuted choice Two, which produces a 48-bit output that serves as input to the
************maxsasri
function F(Ri-1 K).
urrsssonganm
TECHNICAL PUBLICATIONS An up
thrust for knowledge TECHNICAL PUBLICATIONS An up thrust for knowledge
Stream Ciphers and Block r
2-1 a n a Network Security 19
and Network
Secunty Cryptography Stream Ciphers and Block Ciphers
Cryptography
Kn = KS(n, KEY)
Then Ln Rp-1
R Ln-1 (+) {Ra-1, KT with
K determined by the bits in 48 distinct bit positions of KEY. KS is called the
The
key schedule.
pre-output block is then R16L16
3. Key schedule :
Key generation techniques is shown in the Fig. 2.5.5 2.5.4 DES Decryption
(See Fig. 2.5.5 on next page).
The input of the
first iteration of the calculation is the permuted input block ne
permutation IP
applied to the pre-output block is the inverse of the initial
P applied to the
is the output of the 16" iteration
then RL' is the At each iteration tation input. Consequently, to decipher it is only necessary to
different block K of key bits is chosen from the pre-output block. K the very same algorithm to an enciphered message block, taking care that at each
64-bit key KEY. Let
designated by Aen o f the computation the same block of key bits K is used during decipherment
a function which takes a
integer n in the range from 1 KEY# as
2 As the
length of the key is increased the security
increases. provided by the algorithm also
3. The of the DES
security algorithm resides in the
key.
2.5.7 Disadvantages of DES
1. As it is
is
a
symmetric algorithm both sender and receiver must have
a
possibility that the key is intercepted. same key, there
2. The design of S boxes makes it
3 . It is susceptible to differential
susceptible to linear
cryptanalysis attack.
advantage of which DES cryptanalysis attack and brute force
attack taking
crackers have been
4. It has certain weak designed.
keys
which generate the
algorithm like when all key bits are either 0s or ls or if key for all cycles of t
same
Os or 1s. They are 0000000 one half of the
0000000, 0000000 fft, ffffff key bitS a
5. Some initial
keys produce only two subkeys while 0000000, fffff fffff.
are called
possible weak keys. some
produce only four. Tne
Possible techniques for improving DESs
Multiple enciphering with DES
Extending DES to 128-bit data paths and 112-bit keys
Extending the key expansion calculation.
Design Principles
Block Cipher
2.5
are as follows:
for the S-boxes
criteria bits.
The
S-box should be too close a linear function of the input
No output bit of any
of an S-box should include all
16 possible output bit combinations.
Each row
2 must differ in at
to an S-box differ in exactly one bit, the outputs
3 Tf two inputs
least two bits.
must
to an S-box difter in the two middle bits exactly, the outputs
4 If two inputs
least two bits.
differ in at
first two bits and are identical in their last
inputs to an S-box differ in their
5. If two must not be the same.
two bits, the two outputs
difference betwen inputs, no more than 8 of the 32 pairs of
non zero 6-bit
6. For any output difference.
may result in the
difference same
that
inputs exhibiting
P are as follows.
Criteria for permutation
distributed so that two of them
bits from each S-box at round i are
1. The four output end bits.
round (i + 1) and the other two affect
affect middle bits of
on the next round,
from each S-box affect six different S-boxes
2. The four output bits
S-box.
and no two affect the same
if an output bit from S
affects a middlle bits of Stock on the
3. For two S-boxes j, k,
next round, then an output bit
from Sy cannot affect a middle bit of S.
University Questions
1. Write a short note on DES. GTU: Summer-18, Marks 7
2. Discuss in detail encryption and decryption process of DES. GTU: Winter-18, Marks 77
in DES and also give steps of one round in DES
3. Draw block diagram to show broad level steps
with another diagram. GTU: Winter-19, Marlks 7
2.6 Confusion and Diffusion GTU: Winter-18, Summer-19
Difusion
Diffusion is making output dependent on previous input (plain/cipher-text).
ldeally, each output bit is influenced by every previous input Dit.
statistical analysis. In
e are measures to thwart cryptanalysis based on
diffusion, the statistical structure of the plaintext is dissipated into long range
statistics of the cipher-text.
plain text 1s dissipated into longrange statistics of the cipher text and the valueof consisting
as of a 4 x 4 array of bytes, arranged as follows:
statistics of the cipher text. This is achievedthe encryption key is made complex. It byteo byte4 byteg byte 12 |
y permitation achieved by substitution wwnomnmuwiwe
wwnnn9iD Ý I * * w *"
1" * * * byte bytes byte9 byte13
byte2 byte6 byte10 byte14
University Questions byte3 byte byte1 byte15]
1. Explain the diference between diffusion and confusion. GTU Winter-18, Marks4
Notice that the first four bytes of 128-bit input block occupy the first column in
a
4 array of bytes. The next four bytes occupy the second column, and
2. Which two methods are used to the 4 x so
frustrate statistical cryptanalysis ? on. The 4 x 4 array of bytes shown above is referred to as the state array in AES.
GTU: Summer-19, Marks 3 n Advanced Encryption Standard, the process goes through several rounds:
2.7 AES with Structure 9 Key Adding: The encryption key is added to the data, fusing them together.
GTU: Summer-17,19, Winter-17,18 4Substitution : Each byte of the cipher block is substituted for a new one,
Advanced Encryption Standard (AES) is a block cipher with a block lengtn 128
according to the cipher schedule.
bits. AES allows for three different
key lengths: 128, 192, or 256 bits. o w Shifting: The rows ofbytes shift around to different positions.
AES is a non-Feistel cipher that 4
encrypts and decrypts a data block of l 8-bits. C Mixing : The columns of bytes are further complicated through
mathematical equations
TECHNICAL PUBLICATIONS An up thrust TECHNICAL PUBLICATIONS An up thrust for knowledge
for knowledge
Stream Ciphers and Block Cinh Security
Cryplograpnya n d Network. 2- 25
2-24 Stream
and Network Secunty Ciphers and Block Ciphers
CrYptography Plaintext
EP 2 : It is
ed ShiftRows
called for
Plaintext 2. shifting the
rows of the state
array during the
Key forward process. The
corresponding transformation during
Add round key
ShiftRows for Inverse Shif-Kow decryption is denot
noted
-w[0, 3 Transformation. Fig. 2.7.2 shows one round of
Add round key encryption and one round of decryption process.
Inverse shiftrows
KOund key
Substitute bytes
Add round key Inverse shift rows
Shift rows
T. E a stae a asiy easbie c Memory requirements: The memory requirement for implementing the algorithm
in hardware and software will be considered.
& The deyptiom algarithm makes use of the expanded key in reverse order.
9 Once its estaished hat al four 3. Algorithm and implementation Characteristics
stages are reversible, it is easy to verify that
eypir does recover the plaintext. This includes a variety of considerations,
category including flexibility, suitability for
12 The mnal round of both
encryption and decryptian consists of only three stages
a hardware and software implementations; and
variety of simplicity, which will mke an
analysis of security more straight forward.
27.1 Advantages of AES
The following criteria were used in the final evaBuation
npie to e a
very robIst protocoB since this 1. General security: NIST relied on the public securiy analysis conducted by the
can be applied to both hardware
soetware.
2 I
yptographic community.
is
aiso very robust for hackers
because of its large Software implementations: It includes execution speed, performs across a variety
here are very higher as ike key sizes. The key sizes used
128, 192 and 256 bits for of platforms and variation of
3 A encryption. speed with key size.
large set of
applications such as
e-business, data storage in an 3. Restricted
and wireless communication encrypted forma space environments.
make use of these AES
4 protocols in a extent. large 4.Hardware implementations.
CommercialBy this cipher protocol is among the most 5. Attacks
the world widely used ones all arou on
implementations
6.
Encryption versus decryptions.
2.7.2 Evaiuation Criteria for AES 7. Key agility.
University Questions
1 laboate AlS eneryption with neat sketche. GTU: Summer-17, Marks 7
2plain atvalanache effoet in DS and discuss strength of DES in brief.
GTU: Summer-17, Marks
3. Explain AES encryption detail
in
GTU: Winter-17, Marks 7
4. Describe mrious step8 of AES.
GTU: Summer-18, Marks 7
5. Discuss in detail encryption and decryption process of AES.
6.
GTU: Winter-18, Marks 7
Explain four different stages of AES (advance
encryption standard) structure.
7. Briefly describe mix
GTU: Summer-19, Marks 7
columns and add round
key in AES algorithm. GTU: Winter-19, Marks
2.8 Short Questlons and Answers
Q.1 Explain the avalanche offect.
Ans. A desirable property of any
the plaintext or the
key should produce
encryption algorithm is that a small change me er
particular, a
change one of the
I
a
significant change in the
In
Ans. DES is
Standard Number symmetric
a
cipher defined in
46 in 1977 as the Federal Information F I S
intornation.
vulnerable to a brute force attack usirng DES utilizes encryption je" key size
a 56-bit
current key. This key
technologv
Multiple E
3-2 Encryption and Security 3-3
Triple DES
Network
112-bit key
Double DES has a
p E(K1,P)> E(K2,E(K1,p)) = C
K2 in this algorithm. Jt.
Double DES uses two keys to say Ki and kirst perfoms 1sing all
using 236
all 2
possible keys and store the results. The stored
to get the encrypted text in cru Encrypt p results will
DES on the original plain text using Ki nclude all possib encryptions p> E(K1,p).
Phy
the encrypted text but this time with th
Here, it again performs
DES on
other ke Then decrypt
C using all possible keys.
K in this algorithm. pK2,C) DK2,E({K2,EK1,p)) ECK1,p) ->
1. What is meant by meet in - the middle attack in double DES ? Explain the same in brief.
K2
K1
GTU Winter-17, Marks 4
Fig. 3.1.1
double DES?
2. How meet in the
middle attnck is performed on
GTU: Summer-19, Marks 4
Using two encryption stages
and two keys. 3. What is a meet-in-the-middle attack in double DES? GTU: Winter-19, Marks 4
is follows,
A) The plain text to iphertext
as
used properly.
DES Encryption
Key 2
encty
ina blocks of text
authentication, CFB is used formanner, CBC is used for
data
authentication, OFB is used for transmitting encrypted
4ata. CTR is used for transmitting block-oriented transmitting encrypted stream of
DES Encryption
- Key 3
o s of operation enable the
applications.
repeated and secure use of block a
single A block cipher by itselt allows cipher under a
Ciphertext of the cipher's block length. encryption only of a single data block
method
Fig. 3.2.1 3DES with three key
When targeting a variable-1ength message, the data must
is the same as the cenarate cipher blocks. Typically, the last block must also
first be partitioned into
.The procedure for decrypting something procedure for be extended to match
encryption, except it is
executed in reverse. cipher's block length using suitable padding scheme.
the a
procedure is essentially the same as standard DES. This sihuation is to be avoided principle.
because it is the same as using a really slow version of regular DES.
3.3.1 Electronic Code Book (ECB)
The input key for DES is 64-bits long; the actual key used by DES is only 56-bis
A block of plaintext encrypts into block of Block size is 64-bits. Each
in length. The least significant (right-most) bit in each byte is a parity
bit, and a
Ciphertext.
should be set so that there are always an odd number of 1s in every byte. These block is encrypted independently.
bits are ignored, so only the seven most
parity bits of each byte ar
significant Plaintext patterns are not concealed since identical blocks of plaintext give
used, resulting in a key length of 56-bits. This means that the effective key identical blocks of ciphertext. It is not necessary to encrypt the file linearly.
strength for Triple DES is actually 168-bits because each of the three keys contais
8 parity bits that are not used
during the encryption process.
User
naly
can
encrypt the 10 blocks in the middle first, then the blocks
the blocks in the beginning. Because of this, encrypted files are accessed
at the end, and
Time1 PN block
of using the same key and the result of the
decryption will urill be XOR with the first block of
ciphertext and form the
second
K
Encrypt block of
plain text. same
procedure is used for all the
blocks.
Enct En The plaintext
is XORed with the
previous ciphertext block before it is
mode is iterative mode.
encrypted.
Encryption . The CBC
CN block is
After a plaintext encrypted, the
resulting ciphertext is also stored in a
feedback register.
CN next plaintext block is encrypted, it is XORed
ho
Before with feedback
the next input to the encrypting routine. register to
become
K
Decrypt Decrypt Decrypt ,Theencryption of each block depends on all the previous blocks.
I t is also easy to modify a ciphertext message by adding, removing or switching Fig. 3.3.2 shows cipher block chaining mode.
encrypted blocks. P1 P2 Co - C2
Synchronization error is unrecoverable.
result will be XOR with the IV and form used for encryption. n The CEworking messages,
the first block of
second
Deginning of the
message in plaintext.
plain text ** blain text.
1.
Simplicity
random
and has a
Decryption is parallelizable Disadvantages
University Q u e s t i o n s
3.3.5 Counter Mode
the inn.
in counter mode use sequence
numbers as
nput to the Discuss selectronic code book and cipher feedback mode with neat
Block ciphers diagrams.
algorithm.
be encrypted
with the same key, provided
that
GTU Summer-17, Marks 7
More than one message can a
2 Dis the following block Cipher modes of operation in detail with neat
sketches:
is used. nmode
different initialise vector -Cipher block chaining
manipulate, any change
in ciphertext directly aff - Counter mode
Plaintext is very easy
to the GTU: Winter-17, Marks 7
3.3.5 shows counter mode. mode of DES operation.
plaintext. Fig. Counter 1 3 Explain cipher feedback
Counter GTU: Summer-18, Marks 4
4. Explain counter mode of DES operation. GTUSummer-18, Marks 4
Encrypt EExplain working of ECB. Why ECB (electronic code book) is
rarely used to encrypt message i
Key Encypt Key
GTU: Summer-19, Marks 4
&Whu CFB (cipher feedback nmode) encrypted messages are less subject to tampering than OFB
2 (output feedback mode) ? GTU Summer-19, Marks 3
7. Explain CFB algorithm mode with diagram.
GTU: Winter-19, Marks 3
8. Explain Counter (CTR) algorithm mode with diugram.
GTU: Winter-19, Marks 3
(a) Encryption
3.4 Short Questions and Answers
Counter Counter 1
Q.1 What is triple encryption ?
Ans. The function follows an encrypt decrypt encrypt (EDE) sequence. There is
Key Encrypt Key- Encrypt to the use of
no
cryptographic significance decryption for the second stage.
Q.2 How many keys are used in triple encryption ?
C2 Ans,:
Tuchman proposed a triple encryption method that uses only two keys.
Q.3 Why is the middle portion of 3DES a decryption rather than an encryption ?
P2 AnS. Decryption requires that the keys be applied in reverse order: P=Dkl|[Ekl[P]|.
(b) Decryption This results in a dramatic
increase in cryptographic strengtn.
Fig. 3.3.5 Counter mode
34 Why ECB mode is not secure for lengthy message
Synchronization error is unrecoverable. Ans.
A
ciphertext error affects only the corresponding bit of For lengthy messages, the ECB mode may not be secure because the messageis
plaintext. Striuctured, it may be possible for a cryptanalyst to exploit these regularities.
Encryption: The counter is encrypted and then XORed with the
produce the ciphertext block. plaintext D k to
3.5 Multiple Choice Questions
Q.1
Advantages which is the largest disadvantage of the symmetric encryption
1. Simple to
implement. More complex and therefore more time-consuming calculatonis
2. It Problem of the secure transmission of the Secret Key.
provides confidentiality.
3. Random CLess secure encryption function.
access of block is possible. dIsn't used
Efficiency is same as block any more.
cipher.
TECHNICAL PUBLICATIONS An up thrust for ECHNICAL PUBLICATIONS-An up thrust for knowledge
knowledge