Scribd
Upload
77 views

Module 20 Cryptography

Uploaded by

Nghia Tran Van
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
77 views

Module 20 Cryptography

Uploaded by

Nghia Tran Van
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 124
UY Tete [8 (ete Cryptography Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Module Objectives a1 Understanding Cryptography Concepts = Overview of Encryption Algorithms Ca Cryptography Tels Understanding Pubic Infact (PK Understanding Email Encryption Understanding Dis Eneryation Understanding Cryptography Attacks Cryptanalyss Tools Module Objectives With the increasing adoption of the Internet (World Wide Web) for business and personal communication, securing sensitive information such as credit card details, PINs, bank account numbers, and private messages is becoming increasingly important, albeit more difficult to achieve. Today's information-based organizations extensively use the Internet for e-commerce, market research, customer support, and a variety of other activities. Data security is critical to ‘online business and communication privacy. Cryptography and cryptographic (“crypto”) systems help in securing data against interception and compromise during online transmissions. This module provides a comprehensive understanding of different cryptosystems and algorithms, one-way hash functions, public-key infrastructures (PKIs), and the different ways in which cryptography can ensure the privacy and security of online communication. It also covers various tools used to encrypt sensitive data. At the end of this module, you will be able to "Describe cryptography concepts * Understand different encryption algorithms Use different cryptography tools "Describe public key infrastructure (PKI) = Apply email encryption "Apply disk encryption "Describe various cryptography attacks = Use different cryptanalysis tools ‘Module 20 Page 3000 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Module Flow oe cs ABS matt zneryptin Encryption Algorithms: eS Disk Encryption ED corpograpry roots ODS caressa ADS resuerertasasrvensein 08) countermensnrs Cryptography Concepts Cryptography enables one to secure transactions, communications, and other processes performed in the electronic world. This section deals with cryptography and its associated concepts, which will enable you to understand the advanced topics covered later in this module. ‘Module 20 Page 3001 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Cryptography ‘Types of Cryptography Symmetric Encryption ‘Symmetric encryption (secrete, shared-ey, an private-key) ses the same kay for encryption 2 it does for decryption (© Cryptography isthe conversion of data into a scrambied code thats encrypted and sent across private or public network (© Cryptography is used to protect confidential Toe data, such as emall messages, chat sessions, a ‘web transactions, personal data, corporate ES data, and e-commerce applications — Asymmetric Encryption Objectives of Cryptography ‘Asymmetric encryption (public-key) uses different encryption keys, wich are called public an private keys for encryption and “8 Confidentiality | Authentication decryption, respectively | E ( tegity (© Nonrepudiation cas a. -: > Cryptography “Cryptography” comes from the Greek words kryptos, meaning “concealed, hidden, veiled, secret, or mysterious,” and graphia, meaning “writing”; thus, cryptography is "the art of secret writing.” Cryptography is the practice of concealing information by converting plaintext (readable format) into ciphertext (unreadable format) using 2 key or encryption scheme. It is the process of converting data into a scrambled code that is encrypted and sent across a private or public network. Cryptography protects confidential data such as email messages, chat sessions, web transactions, personal data, corporate data, e-commerce applications, and many other types of communication. Encrypted messages can, at times, be decrypted by cryptanalysis (code breaking), even though modern encryption techniques are virtually unbreakable. Objectives of Cryptography Confidentiality: Assurance that the informati access it, accessible only to those authorized to ‘Integrity: Trustworthiness of data or resources in terms of preventing improper and unauthorized changes. * Authentication: Assurance that the communi yn, document, or data is genuine. * Nonrepudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. ‘Module 20 Page 3002 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Cryptography Process Plaintext (readable format) is encrypted by means of encryption algorithms such as RSA, DES, and AES, resulting in a ciphertext (unreadable format) that, on reaching the destination, is decrypted into readable plaintext. Encryption i i E mE ly . c= ce iphertext Ciphertext Plaintext Figure 20.1: Example of Cryptography ‘Types of Cryptography Cryptography is categorized into two types according to the number of keys employed for encryption and decryption * Symmetric Encryption ‘Symmetric encryption requires that both the sender and the receiver of the message possess the same encryption key. The sender uses a key to encrypt the plaintext and sends the resultant ciphertext to the recipient, who uses the same key (used for encryption) to decrypt the ciphertext into plaintext. Symmetric encryption is also known as secret-key cryptography, as it uses only one secret key to encrypt and decrypt the data. This type of cryptography works well when you are communicating with only a few people. Because the sender and receiver must share the key before sending any messages, this technique is of limited use for the Internet, where individuals who have not had prior contact frequently require 2 secure means of communication. The solution to this problem is asymmetric encryption (public-key cryptography). Encryption Decryption Dastob, pp - Dawah, The ew NE The er NC umber tii umber 70 men erase secretkey SE | seeretkey Plain Text Gipher Text Plain Text Figure 202: Symmetric Encryption = Asymmetric Encryption The concept of asymmetric encryption (also known as public-key cryptography) was introduced to solve key-management problems. Asymmetric encryption involves both a public key and a private key. The public key is publicly available, whereas the sender keeps the private key secret ‘An asymmetric-key system is an encryption method that uses a key pair comprising a public key available to anyone and a private key held only by the key owner, which helps to provide confidentiality, integrity, authentication, and nonrepudiation in data management. ‘Module 20 Page 3003 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethie Hacking and Countermeasures fam 312.50 Cee Ethical Hocker rptoeraphy ‘Asymmetric encryption uses the following sequence to send a message’ 1. An individual finds the public key of the person he or she wants to contact in a directory. 2.7 public key is used to encrypt a message that is then sent to the intended reci 3. The receiver uses the private key to decrypt the message and reads it. No one but the holder of the private key can decrypt a message encrypted with the corresponding public key. This increases the security of the information because all ‘communications involve only public keys; the message sender never transmits or shares the private keys. The sender must link public keys with usernames in a secure manner to ensure that individuals claiming to be the intended recipient do not intercept the information. To meet the need for authentication, one can use digital signatures. enntion oeeypen Beg Dan SE | = cme a Si Plain Text Cipher Text Plain Text Figure 20.3: Asymmetric Encryption Strengths and Weaknesses of Crypto Methods Symmetric Encryption ‘Asymmetric Encryption Faster and easier to implement, as the same key is used to encrypt and decrypt tata Convenient to use, as the distribution of keys to encrypt Requires less processing power messages is not required Can be implemented in application-specific strengths | intesrated chip (AIC). Prevents widespread message security _| Enhanced security, as one need not compromise as different secret keys are _| share or transmit private keys to used to communicate with diferent parties | anyone The key is not bound to the data being transferred on the link; therefore, even if | Provides digital signatures that, the data are intercepted, its not possible | cannot be repudiated to decrypt it Symmetric Encryption ‘Asymmetric Encryption Weaknesses | | ack of secure channel to exchange the Slow in processing and requires high secret key processing power Module 20 Page 2008 Ethical aching aed Counteme ssc Copyright ©by EE Coamel ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures Cryptography ‘eam 31250 Cerfied thea ker Difficult to manage and secure too many | compromise is possible (ie., an shared keys that are generated to attacker can read complete communicate with different parties messages ifthe private key is Widespread message security compromised) Provides no assurance about the origin and authenticity of a message, as the same key is used by both the sender and the receiver Messages received cannot be decrypted if the private key is lost Vulnerable to dictionary attacks and brute- | Vulnerable to man-in-the-middle force attacks and brute-force attacks ‘Module 20 Page 3005 ‘Table 20.1: Strengths and weaknesses of erypto methods Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Government Access to Keys (GAK) € © GAK means that software companies wil give copies ofall keys (or at leasta sufficient proportion of each key thatthe remainder could be cracked) tothe government |B. The government promises that they will hold on tothe keys in a secure manner and will only use them when 2 court issues a warrant to do so |@ Tothe government, this s similar to the ability to wiretapping phones cryptographic Key | » » * ceconeeneemaeeataae | Tmrteshetncane ano raat wee Government Access to Keys (GAK) Government Access to Keys (GAK) refers to the statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies. It means that software companies will give copies of all keys (or at least enough of the key such that the remainder can be cracked) to the government. Law enforcement agencies around the world acquire and use these cryptographic keys to monitor suspicious communication and collect evidence of cybercrimes in the interests of national security. The government promises that it will hold on to the keys in a secure manner and only use them when a court issues a warrant to do so. To the government, this issue is similar to the ability to wiretap phones. Government agencies often use key escrow for uninterrupted access to keys. Key escrow is a key ‘exchange arrangement in which essential cryptographic keys are stored with a third party in escrow. The third party can use or allow others to use the encryption keys under certain predefined circumstances. The third party, with regard to GAK, is generally a government agency that may use the encryption keys to decipher digital evidence under authorization or a warrant from a court of law. However, there is growing concern about the privacy and security of cryptographic keys and information. Government agencies are responsible for protecting these keys. Such agencies generally use a single key to protect other keys, which is not a good idea, as, revealing a single key could expose the other keys. These agencies are not aware of how confidential the information protected by the keys is, which makes it difficult to judge how much protection is required. In cases where seized keys also protect other information that these agencies have no right to access, the consequences of key revelation cannot be determined, because government agencies are not aware of the information that the keys protect. In such cases, the key owner is liable for the consequences of key revelation. Before owners hand over their keys to government agencies, they need to be ‘Module 20 Page 3008 Ethical Making and Countermeasures Copyight © by E-Caunedl ‘Al Rights Reserved. Reproduction Sel Prohiated thea Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Ccyptoeraphy assured that the government agencies will protect these keys according to a sufficiently strong standard to protect their interests. Cryptographic Key Figure 20.4: lustration of GAK. ‘Module 20 Page 3007 Ethical Making and Countermeasures Copyight © by E-Caunedl ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Module Flow Cy een OD) smattzncypion Encryption Algorithms: oe Disk Encryption exypogeaphy Too ODS cermanaiyse Prntiexeyintntrctsemcy (1B Comntermearses Encryption Algorithms Encryption is the process of converting readable plaintext into an unreadable ciphertext using a set of complex algorithms that transform the data into blocks or streams of random alphanumeric characters. This section deals with ciphers and various encryption algorithms such as DES, AES, RC4, RCS, RC6, DSA, RSA, MDS, SHA, etc. ‘Module 20 Page 3008 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Ciphers € Cighersare algorithms usedto ©) Typesof ciphers ) Emerg or deerypt the data CH trcsem aprons ( Gsncatconen 0) (ertonicime D) (seston coer acy F aor ) Saciens ht aS. ( wacen ¥) (A) rearsposton eer ancrey ‘estan sac Sees, ( sreamasner B ) Ciphers In cryptography, a cipher is an algorithm (a series of well-defined steps) for performing encryption and decryption. Encipherment is the process of converting plaintext into a cipher or code; the reverse process is called decipherment. A message encrypted using a cipher is rendered unreadable unless its recipient knows the secret key required to decrypt it. Communication technologies (e.g,, Internet, cell phones) rely on ciphers to maintain both security and privacy. Cipher algorithms may be open-source (the algorithmic process is in the public domain while the key is selected by a user and is private) or closed-source (the process is developed for use in specific domains, such as the military, and the algorithm itself is not in the public domain). Furthermore, ciphers may be free for public use or licensed. ‘Types of ciphers Types of ciphers } (Modern Ciphers ested aphers tavd ont oe ( Casscal ciphers) ene Ssbaaton cier — eesti — oe ainer ( ecrey Serna ae seeom cone Figure 20.5: Classification of elhers ‘Module 20 Page 3008 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Ciphers are of two main types: classical and modern. Classical Ciphers Classical ciphers are the most basic type of ciphers, which operate on letters of the alphabet (A~Z). These ciphers are generally implemented either by hand or with simple mechanical devices. Because these ciphers are easily deciphered, they are generally unreliable. ‘Types of classical ciphers ‘© Substitution cipher: The user replaces units of plaintext with ciphertext according to a regular system. The units may be single letters, pairs of letters, or combinations of them, and so on. The recipient performs inverse substitution to decipher the text. Examples include the Beale cipher, autokey cipher, Gronsfeld cipher, and Hill cipher. For example, “HELLO WORLD” can be encrypted as “PSTER HGFST” (i.e., H=P, etc). © Transposition cipher: Here, letters in the plaintext are rearranged according to a regular system to produce the ciphertext. For example, “CRYPTOGRAPHY” when encrypted becomes “AOYCRGPTYRHP.” Examples include the rail fence cipher, route cipher, and Myszkowski transposition, Modern Ciphers Modern ciphers are designed to withstand a wide range of attacks. They provide message secrecy, integrity, and authentication of the sender. A user can calculate a modern cipher using a one-way mathematical function that is capable of factoring large prime numbers. Types of Modern ciphers © Based on the type of key used © Symmetric-key algorithms (Private-key cryptography): Use the same key for encryption and decryption. ‘© Asymmetric-key algorithms (Public-key cryptography): Use two different keys for encryption and decryption. © Based on the type of input data * Block cipher: Deterministic algorithms operating on a block (a group of bits) of fixed size with an unvarying transformation specified by a symmetric key. Most modern ciphers are block ciphers. They are widely used to encrypt bulk data. Examples include DES, AES, IDEA, etc. When the block size is less than that used by the cipher, padding is employed to achieve a fixed block size. ‘© Stream cipher: Symmetric-key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time. Examples include RC4, SEAL, etc. Module 0 Page 2010 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Data Encryption Standard (DES) and Advanced Encryption CEH Standard (AES) ‘Data Encryption Standard (DES) ‘Ravanced Encryption Standard (RES) 1 DeSisdesgned to enipher and decipher blocks of | | AESisasymmetrctey lgrthm used bythe US data conatng of 6 bits under control of aS6-Ut fovernment agencies to secure senstive but tey tincassited material (@ DESis the archetypal block cipher — ‘an sgorthm that takes 3 fied Length string | AES san erated block cipher that works by fof plaintext bits and transforms it into a phertext bit repeating the same operation multiple times String of the same length ©. Due tothe inherent weakness of DES with today’s ‘technologies, some organizations triple repeat the process (3085) for added strength until they can afford to update their equipment to AES capabittes 1G tehas 2 128-bit block size with key sizes of 228, 192, and 256 bits for AES-128, ‘AES 192, and AES.256,respectvaly Data Encryption Standard (DES) DES is a standard for data encryption that uses a secret key for both encryption and decryption (symmetric cryptosystem). DES uses a 64-bit secret key, of which 56 bits are generated randomly and the other 8 bits are used for error detection. It uses a data encryption algorithm (DEA), a secret key block cipher employing 2 56-bit key operating on 64-bit blocks. DES is the archetypal block cipher—an algorithm that takes a fixed-length string of plaintext bits and transforms it into a ciphertext bit string of the same length. The design of DES allows users to implement it in hardware and use it for single-user encryption, such as to store files on a hard disk in encrypted form. DES provides 72 quadrillion or more possible encryption keys and chooses a random key for the encryption of each message. Because of the inherent weakness of DES vis-a-vis today's technologies, some organizations use triple DES (3DES), in which they repeat the process three times for added strength until they can afford to update their equipment to AES capabilities. Triple Data Encryption Standard (3DES) Eventually, it became obvious that DES would no longer be secure. The U.S. Federal Government began a contest seeking a replacement cryptography algorithm. However, in the meantime, 3DES. was created as an interim solution. Essentially, it performs DES three times with three different keys. 3DES uses a “key bundle” that comprises three DES keys, K1, K2, and K3. Each key is a standard 56-bit DES key. It then performs the following process DES encrypt with K1, DES decrypt with K2, DES encrypt with K3 There are three options for the keys. In the first option, all three keys are independent and different. In the second option, K1 and k3 are identical. In the third option, all three keys are the same; therefore, you are literally applying the same DES algorithm three times with the same key. The first option is the most secure, while the third is the least secure. Module 20 Page 3011 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data. It also helps to encrypt digital information such as telecommunications, financial, and government data. US government agencies have been using it to secure sensitive but unclassified material. AES consists of a symmetric-key algorithm: both encryption and decryption are performed using the same key. It is an iterated block cipher that works by repeating the defined steps multiple times. It has a 128-bit block size, with key sizes of 128, 192, and 256 bits for AES-128, AES-192, and AES-256, respectively. The design of AES makes its use efficient in both software and hardware. It works simultaneously at multiple network layers. AES Pseudocode Initially, the system copies the cipher input into the internal state and then adds an initial round key. The system transforms the state by iterating a round function in a number of cycles. The number of cycles may vary with the block size and key length. After completing rounding, the system copies the final state into the cipher output. Cipher (byte in [4*Nb], byte out [44Nb], word wINb# (r+) ]) begin byte state[4, Nb] state AddRoundKey (state, w) for round = 1 atep 1 to Ne-1 Subpytes (state) ShiftRows (state) MixColumns (state) AddRoundKey (state, w+round*Nb) end for SubBytes (state) ShiftRows (state) AddRoundKey (state, w#ltr+Nb) out = state end Module 20 Page 2012 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography RC4, RCS, and RC6 Algorithms | Avariable key size symmetric key stream cipher with RC4 byte-oriented operations and is based on the use of ‘random permutation (© Risa porametaind slot wth 9 varisble lock RCS ste, torable fey sr, ond variable numberof rounds e= Thetey sve 128s £ | ACE sa symmetric key block cipher derived from RCS with two addtional features + © integer mutipicstion 1 four bit working registers (RCS uses two 2bitegsters| RC4, RCS, and RC6 Algorithms ‘Symmetric encryption algorithms developed by RSA Security are discussed below. = RCO RCAis a variable key-size symmetric-key stream cipher with byte-oriented operations, and it based on the use of a random permutation. According to some analyses, the period of the cipher is likely to be greater than 10,100. Each output byte uses 8 to 16 system. operations; thus, the cipher can run fast when used in software. RC4 enables safe ‘communications such as for traffic encryption (which secures websites) and for websites that use the SSL protocol. = RES RCS is a fast symmetric-key block cipher designed by Ronald Rivest for RSA Data Security (now RSA Security). The algorithm is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. The block sizes can be 32, 64, or 128 bits. The range of the rounds can vary from 0 to 255, and the size of the key can vary from 0 to 2,040 bits. This built-in variability can offer flexibility at all levels of security. The routines used in RCS are key expansion, encryption, and decryption. In the key expansion routine, the secret key that a user provides is expanded to fill the key table (the size of which depends on the number of rounds). RCS uses a key table for both encryption and decryption. The encryption routine has three fundamental operations: integer addition, bitwise XOR, and variable rotation. The intensive use of data-dependent rotation and the combination of different operations make RCS a secure encryption algorithm. Module 20 Page 3013 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Figure 20: Block diagram ofthe RCS algorithm = RCE RC is a symmetric-key block cipher derived from RCS. it is a parameterized algorithm with a variable block size, key size, and number of rounds. Two features that differentiate RC6 from RCS are integer multiplication (which is used to increase the diffusion, achieved in fewer rounds with increased speed of the cipher) and the use of four 4-bit working registers rather than two 2-bit registers. RC6 uses four 4-bit registers instead of two 2-bit registers because the block size of the AES is 128 bits. Blowfish Blowfish is a type of symmetric block cipher algorithm designed to replace DES or IDEA algorithms. it uses the same secret key to encrypt and decrypt data. This algorithm splits the data into a block length of 64 bits and produces a key ranging from 32 bits to 448 bits. Due to its high speed and overall efficiency, blowfish is used in software ranging from password protection tools to e-commerce websites for securing payments. It isa 16-round Feistel cipher working on 64-bit blocks. However, unlike DES, its key size ranges from 32 bits to 448 bits. This algorithm has two parts. The first part handles the expansion of the key. The second part actually encrypts the data. The key expansion is handled in several steps. The first step is to break the original key into a set of subkeys. Specifically, a key of no more than 448 bits is separated into 4,168 bytes. There is a P-array and four 32-bit S-boxes. The P-array contains 18 32-bit subkeys, while each S-box contains 256 entries. Module 20 Page 3016 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethie Hacking and Countermeasures fam 312.50 Cee Ethical Hocker ryptoerphy Key expansion is performed as follows: 1. The first step is to initialize the P-array and S-boxes. 2. Then, XOR the P-array with the key bits. For example, P1 XOR (first 32 bits of the key), P2 XOR (next 32 bits of the key). Use the above method to encrypt the all-zero string. This new output is now P21 and P2. Encrypt the new Pi and P2 with the modified subkeys. This new output is now P3 and P4. Noveyw Repeat the process 521 times to calculate new subkeys for the P-array and the four S- boxes, ‘The round function splits the 32-bit input into four 8-bit quarters and uses the quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output. Module 20 Page 3015 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures Cryptography ‘eam 31250 Cerfied thea ker Twofish and Threefish ‘Twofish |G Twolch uses a block sue of 128 bits and hey sizes up to 256 bits 158 Feistel cipher (© reworks fst for CPU or hardware andis ako flee with network based applications |G Iheven enables various levels of performance wade off with parameters of encryption speed, ‘Threefish (a Threetish i large tweakable symmetrictey block cipher In which the block and Key sizes are equal ie, 256, 512, and 1024 ‘© ItiavoWves just three operations: Addition Rotation-XOR (AX) (a Threetsh blocks of sizes 256, 512, nd 1024 Involve 72,72, and 80 rounds of computations, hardware gate count, memory usage, etc. respectively ‘Twofish ‘The Twofish algorithm was one of the U.S. Government's five finalists to replace DES, but it was not chosen. It was designed by Bruce Schneier, John Kelsey, Doug Whiting, Da Hall, and Niels Ferguson. ‘Wagner, Chris ‘TwoFish is a 128-bit block cipher. It is one of the most conceptually simple algorithms that uses a single key for both encryption and decryption for any length up to 256 bits. itis 2 Feistel cipher. It not only works fast for CPU or hardware but is also flexible for network-based applications. Furthermore, it allows various levels of performance trade-off on parameters such as encryption speed, hardware gate count, memory usage, etc. This technique of enabling different implementations improves the relative performance of the algorithm. Any user can optimize the performance based on the key scheduling. ‘Threefish Threefish was developed in 2008 and it is a part of the Skein algorithm. It was enrolle, ‘SHA-3 (hash function) contest. It is a large tweakable symmetric-key block cipher in which the block and key sizes are equal, i.e., 256, 512, and 1024. Threefish involves only three operations, i.e., ARX (addition-rotation-XOR), which makes the coding simple, and all these operations work ‘on 64-bit words, Threefish blocks 256, 512, and 1024 involve 72, 72, and 80 rounds of ‘computations, respectively, to achieve the final security goal. This algorithm does not use S-boxes to prevent cache timing attacks. Module 20 Page 2016 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Serpent and TEA Serpent TER © Serpent uses a 128-bit symmetric block cipher [© Tiny Encryption algorithm (TEA) sa Felstel cipher with 128-, 192, or 256-bit key sizes ‘that uses 64 rounds (© involves 32 operating rounds on four 32-bit word blocks using 8 variable boxes with «‘bitentry and | || Si ruses 9 128-bi key operating on 68-bit blocks ‘hit ext each S-box parallely works 32 times (@ The 32 rounds of computational operations include | | It also uses constant that defined as 232/the ‘ors substitutions and permutations ‘olden ratio Serpent Like Blowfish, Serpent is a symmetric-key block cipher that was a finalist in the AES contest. This algorithm was designed by Ross Anderson, Eli Bihar, and Lars Knudsen. It uses a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits. It can be integrated into software ‘or hardware programs without any restrictions. Serpent involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. All S-boxes work parallelly 32 times. Although, Serpent is one of the most secure encryption mechanisms in AES contests, researchers have chosen Rijndael over Serpent due to its moderate encryption speed (owing to the number of rounds it uses) and complexity. Serpent minimizes the correlation between encoded images or plaintexts to a greater extent compared to Twofish and Rijndael. Therefore, Rijndael is the stand-out AES competitor and is now being used as AES. TEA The tiny encryption algorithm (TEA) was created by David Wheeler and Roger Needham, and it ‘was publicly presented for the first time in 1994. itis a simple algorithm, easy to implement in code. It is a Feistel cipher that uses 64 rounds (note that this is a suggestion; it can be implemented with fewer or more rounds). The number of rounds should be even since they are implemented in pairs called cycles. TEA uses a 128-bit key operating on a 64-bit block. It also uses a constant that is defined as 232/the golden ratio. This constant is referred to as delta, and in each round, a multiple of delta is used. The 128-bit key is split into four different 32-bit subkeys labeled K(0], K[1], K[2], and K[3]. Module 20 Page 2017 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography Instead of using the XOR operation, TEA uses addition and subtraction, but with mod 232. The block is divided into two halves, R and L. R is processed through the round function The round function takes the R half and performs a left shift of 4. Then, the result of this operation is added to K{0]. Next, the result of this operation is added to delta (recall that delta is the current multiple of 232/the golden ratio). The result of this operation is then shifted right by 5 and added to K[1]. This is the round function. As with all Feistel ciphers, the result of the round function is XORed with L, and L and R are then swapped for the next round. Module 20 Page 2018 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated thea Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography CAST-128 (@ CAST.128 or CASTS is a symmetrickey block cipher (@ thas a 12.0r16 round Feistel network with 64-bit block size {© Mtuses a key sze varying from 40 to 328 bts in 8-bit (© CAST. 128 consists of arg 8x32 bit boxes and uses the masking key (Kes and rotation Key (Ka) | The oun function eansists of tree alternating types fr performing adeition, subtraction, or KOR operations at diferent stages \@ CAST-28 cused asa default cipher in GPG and PGP CAST-128 CAST-128, also called CASTS, is a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits. CAST-128 uses a key size varying from 40 bits to 128 bits in 8-bit increments. The CAST-128 components include large 8x32-bit $-boxes (S1, $2, $3, $4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations, CAST-128 uses a masking key (Km1) and a rotation key (Ke) for performing its functions. The round function consists of three altemating types to perform addition, subtraction, or XOR operations in different stages. It used as a default cipher in GPG (GNU Privacy Guard) and PGP (Pretty Good Privacy) CAST-256 is an extension of CAST-128 that uses the same design procedure. CAST-256 has a 128- bit block size, and it uses key sizes varying from 128 to 256 bits. Furthermore, it uses zero- correlation cryptanalysis, which can break 28 rounds with time = 2246.9 and data = 298.8. Figure 20.7: Block diagram of CAST-128 ‘Module 20 Page 2019 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography GOST Block Cipher and Camellia € GOST Block Cipher Camellia |G. Camelia symmetric key block cipher with ‘ther 18 rounds (for 128 bit keys) or 24 rounds (Gor 256-it key) "© GosTbIock phe, also called as Magma, isa symmetric key black cipher (© itis a 32-round Faistel network working on 64- “© his aFestel cipher working with 128-bit blocks bitblocks with 256-bt key length ‘and has key ies of 128, 192, and 256-bits |G Ireonssts ofan S-box that canbe kept secret, and it contains approximately 354 bts of secret information |G this used as part ofthe Transport Layer Security {T5) protocol GOST Block Cipher The GOST (Government Standard) block cipher, also called Magma, is a symmetric-key block cipher having a 32-round Feistel network working on 64-bit blocks with a 256-bit key length. It consists of an S-box that can be kept secret and it contains around 354 bits of secret information. GOST is a simple encryption algorithm, where the round function 32-bit subkey modulo 232 is ‘added and put in the layer of S-boxes and the rotate left shift operation is used for shifting 11 bits, thereby providing the output of the round function. The key scheduling of the GOST block cipher is performed by breaking the 256-bit key into eight 32-bit subkeys, where each subkey is used four times. In this algorithm, the key words are used in order for the first 24 rounds and they are used in reverse order for the last 8 rounds. Kuznyechik is the latest extension of GOST, which uses 128-bit blocks. Camellia Camellia is a symmetric-key block cipher having either 18 rounds (for 128-bit keys) or 24 rounds (for 256-bit keys). It is a Feistel cipher with a block size of 128 bits and a key size of 128, 192, and 256 bits. Camellia uses four 8x8-bit S-boxes that perform affine transformations and logical ‘operations. A logical transformation layer FL-function or its inverse is applied every six rounds. Camellia uses the key whitening technique for increased security. Camellia is a part of the Transport Layer Security (TLS) protocol, which is used to deliver secure communication. Camellia cannot be brute-forced even with the latest technology although it uses a smaller key size of 128 bits, thus making it a safe cipher. In addition, Camellia offers high security and its processing skills are equivalent to those of AES or Rijndael. ‘Module 20 Page 3020 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker Cryptography DSA and Related Signature Schemes Digital Signature Algorithm Digital Signature FIPS 186-2 spectios the Digital Signature Algorithm Adigital signature is computed using 2 set of rules (04) that may be used in the generation and (Ge, the DSA) and a set of parameters such thatthe verification of eigital signatures fr sensitive, ‘entity of the signatory and integrity ofthe data can Lundassied applications be verifies Each ontity creates a public key and corresponding private key ee Tocompute a suet snlemen 992", and amoute ges compaeyemody (eae yl bte pul bey andthe orate ey DSA and Related Signature Schemes ‘The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures. The NIST proposed the DSA for use in the Digital Signature Standard (DSS), adopted as FIPS 186. The DSA helps in the generation and verification of digital signatures for sensitive and unclassified applications. It creates a 320-bit digital signature with $12-1024-bit security. A digital signature is a mathematical scheme used for the authentication of digital messages. ‘Computation of the digital signature uses a set of rules (ie., the DSA) and a set of parameters in that the user can verify the identity of the signatory and the integrity of the data. Processes involved in DSA: Signature Generation Process: The private key is used to know who has signed it. "Signature Verification Process: The public key is used to verify whether the given digital signature is genuine. DSA is a public-key cryptosystem, as it involves the use of both private and public keys. Benefits of DSA: Less chances of forgery compared with a written signature Quick and easy method of business transactions Fake currency problem can be mitigated considerably DSA Alg Each entity A does the following: m: 1. Select a prime number q such that 2159 < q < 21 ‘Module 20 Page 3021 Ethical Making and Countermeasures Copyright © by E-Cauncil ‘Al Rights Reserved. Reproduction Sel Prohiated Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker ryptoerphy 2. Choose t such thato $ ¢ S 8, andselectaprime number p where 256t

You might also like