Unit - I: Attacks On Computers and Computer Security: Introduction, The Need of Security
Unit - I: Attacks On Computers and Computer Security: Introduction, The Need of Security
Unit - I: Attacks On Computers and Computer Security: Introduction, The Need of Security
Definitions
Computer Security - generic name for the collection of tools designed to
protect data and to thwart hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a
collection of interconnected networks
our focus is on Internet Security
which consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission & storage of information
ASPECTS OF SECURITY
consider 3 aspects of information security:
⚫ Security Attack
⚫ Security Mechanism
⚫ Security Service
SECURITY ATTACK
any action that compromises the security of information owned by an
organization
information security is about how to prevent attacks, or failing that, to detect
attacks on information-based systems
often threat & attack used to mean same thing
have a wide range of attacks
30
Active Attack
INTERRUPTION
An asset of the system is destroyed or becomes unavailable or unusable. It is
an attack on availability.
Examples:
SECURITY SERVICES
It is a processing or communication service that is provided by a system to give
a specific kind of production to system resources. Security services implement
security policies and are implemented by security mechanisms.
Confidentiality
Authentication
This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from intended
source. For an ongoing interaction two aspects are involved. First, during connection
initiation the service assures the authenticity of both parties. Second, the connection
between the two hosts is not interfered allowing a third party to masquerade as one
of the two parties. Two specific authentication services defines in X.800 are
Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of connection establishment and during data
transmission. Provides confidence against a masquerade or a replay attack
Data origin authentication: Assumes the authenticity of source of data unit, but does
not provide protection against duplication or modification of data units. Supports
Availability
It is defined to be the property of a system or a system resource being
accessible and usable upon demand by an authorized system entity. The availability can
significantly be affected by a variety of attacks, some amenable to automated counter
measures i.e authentication and encryption and others need some sort of physical
action to prevent or recover from loss of availability of elements of a distributed
system.
SECURITY MECHANISMS
According to X.800, the security mechanisms are divided into those
implemented in a specific protocol layer and those that are not specific to any
particular protocol layer or security service. X.800 also differentiates reversible &
irreversible encipherment mechanisms. A reversible encipherment mechanism is
simply an encryption algorithm that allows data to be encrypted and subsequently
decrypted, whereas irreversible encipherment include hash algorithms and message
authentication codes used in digital signature and message authentication
applications
Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.
Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine.
They cannot open it to find the key, however; they can encrypt a large number of suitably
chosen plaintexts and try to use the resulting cipher texts to deduce the key.
Chosen cipher text – The cryptanalyst obtains temporary access to the decryption
machine, uses it to decrypt several string of symbols, and tries to use the results to
deduce the key.
SH IS HE RR YL OV ES HE AT HL ED GE R
• Double letters which occur in a pair must be divided by an X or a Z.
• E.g. LI TE RA LL Y LI TE RA LX LY
SHERYABCDFGIKLMNOPQTUVWXZ
For the generation of cipher text, there are three rules to be followed by each pair of
letters.
letters appear on the same row: replace them with the letters to their immediate
right respectively
letters appear on the same column: replace them with the letters immediately below
respectively
not on the same row or column: replace them with the letters on the same row
respectively but at the other pair of corners of the rectangle defined by the original
pair. Based on the above three rules, the cipher text obtained for the given plain text
is
HE GH ER DR YS IQ WH HE SC OY KR AL RY
Another example which is simpler than the above one can be given as:
Here, key word is playfair. Plaintext is Hellothere hellothere becomes ---- he lx lo th er
ex . Applying the rules again, for each pair, If they are in the same row, replace each
with the letter to its right (mod 5)
he KG
If they are in the same column, replace each with the letter below it (mod 5)
lo RV
Otherwise, replace each with letter we’d get if we swapped their column indices
lx YV
So the cipher text for the given plain text is KG YV RV QM GI KU
Encryption is simple: Given a key letter x and a plaintext letter y, the ciphertext letter
is at the intersection of the row labeled x and the column labeled y; so for L, the
ciphertext letter would be N. So, the ciphertext for the given plaintext would be given
as:
Decryption is equally simple: The key letter again identifies the row and
position of ciphertext letter in that row decides the column and the plaintext letter is
at the top of that column. The strength of this cipher is that there are multiple
ciphetext letters for each plaintext letter, one for each unique letter of the keyword
and thereby making the letter frequency information is obscured. Still, breaking this
cipher has been made possible because this reveals some mathematical principles
that apply in cryptanalysis. To overcome the drawback of the periodic nature of the
keyword, a new technique is proposed which is referred as an autokey system, in
which a key word is concatenated with the plaintext itself to provide a running key.
For ex In the above example, the key would be luckycomputinggivesin Still, this
scheme is vulnerable to cryptanalysis as both the key and plaintext share the same
frequency distribution of letters allowing a statistical technique to be applied. Thus,
the ultimate defense against such a cryptanalysis is to choose a keyword that is as long
as plaintext and has no statistical relationship to it. A new system which works on
binary data rather than letters is given as
Ci = pi ki where, pi = ith binary digit of plaintext ki = ith binary digit of key Ci= ith
binary digit of ciphertext = = exclusive-or operation. Because of the properties of XOR,
decryption is done by performing the same bitwise operation.
pi = Ci ki A very long but, repeation key word is used making cryptanalysis difficult.
1. Plain Text: This is the original message or data which is fed into the algorithm as input.
The important point is that the security of conventional encryption depends on the
secrecy of the key, not the secrecy of the algorithm i.e. it is not necessary to keep the
algorithm secret, but only the key is to be kept secret. This feature that algorithm need
The input to the encryption algorithm are a plaintext block of length 2w bits
and a key K. the plaintext block is divided into two halves L 0 and R0. The two halves of
the data pass through „n‟ rounds of processing and then combine to produce the
ciphertext block. Each round „i‟ has inputs Li-1 and Ri-1, derived from the previous
round, as well as the subkey Ki, derived from the overall key K. in general, the subkeys
Ki are different from K and from each other.
All rounds have the same structure. A substitution is performed on the left half
of
the data (as similar to S-DES). This is done by applying a round function F to the right
half
of the data and then taking the XOR of the output of that function and the left half of
the data. The round function has the same general structure for each round but is
parameterized by the round subkey ki. Following this substitution, a permutation is
performed that consists of the interchange of the two halves of the data. This structure
is a particular form of the substitution-permutation network. The exact realization of
a Feistel network depends on the choice of the following parameters and design
features:
• Block size - Increasing size improves security, but slows cipher
• Key size - Increasing size improves security, makes exhaustive key searching
harder, but may slow cipher
• Number of rounds - Increasing number improves security, but slows cipher
• Subkey generation - Greater complexity can make analysis harder, but slows
cipher
• Round function - Greater complexity can make analysis harder, but slows
cipher
• Fast software en/decryption & ease of analysis - are more recent concerns
for practical use and testing
After the last iteration of the encryption process, the two halves of the output are
swapped, so that the cipher text is RE 16 || LE16. The output of that round is the cipher
text. Now take the cipher text and use it as input to the same algorithm. The input to
the first round is RE16 || LE16, which is equal to the 32-bit swap of the output of the
sixteenth round of the encryption process. Now we will see how the output of the first
round of the decryption process is equal to a 32-bit swap of the input to the sixteenth
round of the encryption process.
First consider the encryption process, LE 16 = RE15
RE16 = LE15(+) F (RE15, K16)
On the decryption side, LD1 =RD0 = LE16 =RE15 RD1 = LD0 (+) F (RD0, K16)
= RE16 F (RE15, K16)
= [LE15 F (RE15, K16)] F (RE15, K16)
= LE15
Therefore, LD1 = RE15 RD1 = LE15 In general, for the ith iteration of the encryption
algorithm, LEi = REi-1 REi = LEi-1 F (REi-1, Ki)
Finally, the output of the last round of the decryption process is RE 0 || LE0. A 32-bit
swap recovers the original plaintext.
DEFINITIONS
Encryption: Converting a text into code or cipher.
Converting computer data and messages into something, incomprehensible use a key,
so that only a holder of the matching key can reconvert them.
Conventional or Symmetric or Secret Key or Single Key encryption:
Uses the same key for encryption & decryption.
Public Key encryption: Uses different keys for encryption & decryption
Conventional Encryption Principles
• An encryption scheme has five ingredients:
1. Plaintext – Original message or data.
2. Encryption algorithm – performs substitutions & transformations on plaintext.
3. Secret Key – exact substitutions & transformations depend on this
4. Ciphertext - output ie scrambled input.
5. Decryption algorithm - converts ciphertext back to plaintext.
The figure above illustrates the overall structure of the simplified DES. The S-
DES encryption algorithm takes an 8-bit block of plaintext (example: 10111101) and
a 10-bit key as input and produces an 8-bit block of ciphertext as output. The S-DES
decryption algorithm takes an 8-bit block of ciphertext and the same 10-bit key used
to produce that ciphertext as input and produces the original 8-bit block of plaintext.
The function fk takes as input not only the data passing through the encryption
algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit
subkeys are generated. The key is first subjected to a permutation (P10). Then a shift
operation is performed. The output of the shift operation then passes through a
permutation function that produces an 8-bit output (P8) for the first subkey (K1). The
output of the shift operation also feeds into another shift and another instance of P8
to produce the second subkey (K2).
The encryption algorithm can be expressed as a composition composition1 of
functions: IP-1 ο fK2 ο SW ο fk1 ο IP
Which can also be written as
Ciphertext = IP-1 (fK2 (SW (fk1 (IP (plaintext)))))
Where
S-DES depends on the use of a 10-bit key shared between sender and receiver.
From this key, two 8-bit subkeys are produced for use in particular stages of the
encryption and decryption algorithm. First, permute the key in the following fashion.
Let the 10-bit key be designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10). Then the
permutation P10 is defined as:
P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6)
P10
can be concisely defined by the display:
P10
3 5 2 7 4 10 1 9 8 6
This table is read from left to right; each position in the table gives the identity of the
input bit that produces the output bit in that position. So the first output bit is bit 3 of
the input; the second output bit is bit 5 of the input, and so on. For example, the key
(1010000010) is permuted to (10000 01100). Next, perform a circular left shift (LS-
1), or rotation, separately on the first five bits and the second five bits. In our
example, the result is (00001 11000). Next we apply P8, which picks out and
permutes 8 of the 10 bits according to the following rule:
P8
6 3 7 4 8 5 10 9
The result is subkey 1 (K1). In our example, this yields (10100100). We then go back
to the pair of 5-bit strings produced by the two LS-1 functions and performs a circular
left shift of 2 bit positions on each string. In our example, the value (00001 11000)
becomes (00100 00011). Finally, P8 is applied again to produce K2. In our example,
the result is (01000011).
IP –1
4 1 3 5 7 2 8 6
The Function fk
The most complex component of S-DES is the function fk, which consists of a
combination of permutation and substitution functions. The functions can be
expressed as follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-
bit input to f K, and let F be a mapping (not necessarily one to one) from 4-bit strings
to 4-bit strings.
Then we let fk(L, R) = ( L (+) F( R, SK), R)
Where SK is a subkey and (+) is the bit-by-bit exclusive-OR function.
e.g., permuted output = 1011 1101 and suppose F (1101, SK) = (1110) for some key
SK. Then f K(10111101) = 10111110, 1101 = 01011101
We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first
operation is an expansion/permutation operation:
E/P
4 1 2 3 2 3 4 1
R= 1101 E/P output = 11101011 It is clearer to depict the result in this fashion:
The 8-bit subkey K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17
17, k18) is added to this value using exclusive-OR:
The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2-
bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-
bit output.
These two boxes are defined as follows:
DES (and most of the other major symmetric ciphers) is based on a cipher known as the
Feistel block cipher. It consists of a number of rounds where each round contains bit-
shuffling, non- linear substitutions (S-boxes) and exclusive OR operations. As with most
encryption schemes, DES expects two inputs - the plaintext to be encrypted and the secret
key. The manner in which the plaintext is accepted, and the key arrangement used for
encryption and decryption, both determine the type of cipher it is. DES is therefore a
symmetric, 64 bit block cipher as it uses the same key for both encryption and decryption and
only operates on 64 bit blocks of data at a time5 (be they plaintext or ciphertext). The key size
used is 56 bits, however a 64 bit (or eight-byte) key is actually input. The least significant bit of
each byte is either used for parity (odd for DES) or set arbitrarily and does not increase the
security in any way. All blocks are numbered from left to right which makes the eight bit of
each byte the parity bit.
Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks
required for input. If the number of bits in the message is not evenly divisible by 64, then the
last block will be padded. Multiple permutations and substitutions are incorporated
throughout in order to increase the difficulty of performing a cryptanalysis on the cipher
OVERALL STRUCTURE
Figure below shows the sequence of events that occur during an encryption
operation. DES performs an initial permutation on the entire 64 bit block of data. It is
then split into 2, 32 bit sub-blocks, Li and Ri which are then passed into what is
So in total the processing of the plaintext proceeds in three phases as can be seen
from the left hand side of figure
1. Initial permutation (IP - defined in table 2.1) rearranging the bits to form the
“permuted input”.
2. Followed by 16 iterations of the same function (substitution and permutation). The
output of the last iteration consists of 64 bits which is a function of the plaintext and
key. The left and right halves are swapped to produce the preoutput.
3. Finally, the preoutput is passed through a permutation (IP−1 - defined in table 2.1)
which is simply the inverse of the initial permutation (IP). The output of IP−1 is the
64- bit ciphertext
Ci =
Lcsi(Ci−1),
Di =
Lcsi(Di−1)
Ki = P C2(Ci ,
Di)
where Lcsi is the left cyclic shift for round i, Ci and Di are the outputs after the shifts, P C2(.) is
a function which permutes and compresses a 56 bit number into a 48 bit number and Ki is
the actual key used in round i. The number of shifts is either one or two and is determined by
the round number i. For i = {1, 2, 9, 16} the number of shifts is one and for every other round it
is two
OX Details
ADVANCED ENCRYPTION ALGORITHM (AES)
AE
Mo
bits
Enc
12
Exc cal.
cha
E d
ssut e
an n
wh n
an
• To
bes
byt
Therefore, the first four bytes of a 128-bit input block occupy the first column in the 4 ×
4 matrix of bytes. The next four bytes occupy the second column, and so on.
The 4×4 matrix of bytes shown above is referred to as the state array in AES.
• where
F[a,b,c,d] = ((S1,a + S2,b) XOR S3,c) + S4,d
Public-Key algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important characteristics:
• it is computationally infeasible to find decryption key knowing only algorithm
& encryption key
• it is computationally easy to en/decrypt messages when the relevant
(en/decrypt) key is known
• either of the two related keys can be used for encryption, with the other used for
decryption (for some algorithms like RSA)
The following figure illustrates public-key encryption process and shows that a public-
key encryption scheme has six ingredients: plaintext, encryption algorithm, public &
private keys, ciphertext & decryption algorithm.
The essential steps involved in a public-key encryption scheme are given below: 1.)
Each user generates a pair of keys to be used for encryption and decryption.
2.) Each user places one of the two keys in a public register and the other key is kept
private.
3.) If B wants to send a confidential message to A, B encrypts the message using A’s
public key.
4.) When A receives the message, she decrypts it using her private key. Nobody else
can decrypt the message because that can only be done using A’s private key
(Deducing a private key should be infeasible).
5.) If a user wishes to change his keys –generate another pair of keys and publish the
public one: no interaction with other users is needed.
Notations used in Public-key cryptography:
• The public key of user A will be denoted KUA.
• The private key of user A will be denoted KRA.
• Encryption method will be a function E.
• Decryption method will be a function D.
• If B wishes to send a plain message X to A, then he sends the cryptotext
But, a drawback still exists. Anybody can decrypt the message using B’s public key. So,
secrecy or confidentiality is being compromised. One can provide both authentication and
confidentiality using the public-key scheme twice:
B encrypts X with his private key: Y=E(KRB,X) B encrypts Y with A’s public key:
Z=E(KUA,Y)
A will decrypt Z (and she is the only one capable of doing it): Y=D(KRA,Z)
A can now get the plaintext and ensure that it comes from B (he is the only one who
knows his private key): decrypt Y using B’s public key: X=E(KUB,Y).
RSA ALGORITHM
RSA is the best known, and by far the most widely used general public key
encryption algorithm, and was first published by Rivest, Shamir & Adleman of MIT in
1978 [RIVE78]. Since that time RSA has reigned supreme as the most widely accepted
and implemented general-purpose approach to public-key encryption. The RSA
scheme is a block cipher in which the plaintext and the ciphertext are integers
between 0 and n- 1 for some fixed n and typical size for n is 1024 bits (or 309 decimal
digits). It is based on exponentiation in a finite (Galois) field over integers modulo a
prime, using large integers (eg. 1024 bits). Its security is due to the cost of factoring
Both the sender and receiver must know the values of n and e, and only the receiver
knows the value of d. Encryption and Decryption are done using the following
equations. To encrypt a message M the sender:
– obtains public key of recipient KU={e,n}
– computes: C=Me mod n, where 0≤M<n To decrypt the ciphertext C the owner:
– uses their private key KR={d,n}
– computes: M=Cd mod n = (Me) d mod n = Med mod n
For this algorithm to be satisfactory, the following requirements are to be met.
a) Its possible to find values of e, d, n such that Med = M mod n for all M<n
b) It is relatively easy to calculate Me and C for all values of M < n.
c) It is impossible to determine d given e and n
The way RSA works is based on Number theory: Fermat’s little theorem: if p
is prime and a is positive integer not divisible by p, then ap-1 ≡ 1 mod p. Corollary:
For any positive integer a and prime p, ap ≡ a mod p.
Fermat’s theorem, as useful as will turn out to be does not provide us with
integers d,e we are looking for –Euler’s theorem (a refinement of Fermat’s) does.
Euler’s function associates to any positive integer n, a number φ(n): the number of
positive integers smaller than n and relatively prime to n. For example, φ(37) = 36
i.e. φ(p) = p-1 for any prime p. For any two primes p,q, φ(pq)=(p-1)(q-1). Euler’s
theorem: for any relatively prime integers a,n we have aφ(n)≡1 mod n. Corollary:
For any integers a,n we have aφ(n)+1≡a mod n Corollary: Let p,q be two odd primes
and n=pq. Then: φ(n)=(p-1)(q-
1) For any integer m with 0<m<n, m(p-1)(q-1)+1 ≡ m mod n For any integers k,m
with 0<m<n, mk(p-1)(q-1)+1 ≡ m mod n Euler’s theorem provides us the numbers d,
e such that Med=M mod n. We have to choose d,e such that ed=kφ(n)+1, or
equivalently, d≡e- 1mod φ(n)
An example of RSA can be given as, Select primes: p=17 & q=11 Compute n = pq
=17×11=187
Compute ø(n)=(p–1)(q-1)=16×10=160 Select e : gcd(e,160)=1; choose e=7
Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
Security of RSA
There are three main approaches of attacking RSA algorithm.
Brute force key search (infeasible given size of numbers) As explained before,
involves trying all possible private keys. Best defence is using large keys.
Mathematical attacks (based on difficulty of computing ø(N), by factoring modulus
N) There are several approaches, all equivalent in effect to factoring the product of
two primes. Some of them are given as:
– factor N=p.q, hence find ø(N) and then d
– determine ø(N) directly and find d
– find d directly
The possible defense would be using large keys and also choosing large numbers for p
and q, which should differ only by a few bits and are also on the order of magnitude
1075 to 10100. And gcd (p-1, q-1) should be small.
For this scheme, there are two publicly known numbers: a prime number q and an
integer α that is a primitive root of q. Suppose the users A and B wish to exchange a
key. User A selects a random integer X A < q and computes YA = αXA mod q. Similarly,
user B independently selects a random integer XA < q and computes YB = αXB mod q.
Let Alice pick a = 10. Alice calculates 1310 (mod 37) which is 4 and sends that to Bob.
Let Bob pick b = 7. Bob calculates 137 (mod 37) which is 32 and sends that to Alice.
(Note: 6 and 7 are secret to Alice and Bob, respectively, but both 4 and 32 are known
by all.)
10 (mod 37) which is 30, the secret key.
7 (mod 37) which is 30, the same secret key.
2) Let p = 47 and g = 5. Let Alice pick a = 18. Alice calculates 5 18 (mod 47) which is 2
and sends that to Bob. Let Bob pick b = 22. Bob calculates 522 (mod 47) which is 28 and
sends that to Alice.
18 (mod 47) which is 24, the secret key.
22 (mod 47) which is 24, the same secret key