0% found this document useful (0 votes)
74 viewsModule 20 Cryptography
Uploaded by
Nghia Tran VanCopyright
© © All Rights Reserved
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
74 viewsModule 20 Cryptography
Uploaded by
Nghia Tran VanCopyright
© © All Rights Reserved
Available Formats
Download as PDF or read online on Scribd
/ 124
UY Tete [8 (ete
Cryptography
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Module Objectives
a1 Understanding Cryptography Concepts
= Overview of Encryption Algorithms
Ca Cryptography Tels
Understanding Pubic Infact (PK
Understanding Email Encryption
Understanding Dis Eneryation
Understanding Cryptography Attacks
Cryptanalyss Tools
Module Objectives
With the increasing adoption of the Internet (World Wide Web) for business and personal
communication, securing sensitive information such as credit card details, PINs, bank account
numbers, and private messages is becoming increasingly important, albeit more difficult to
achieve. Today's information-based organizations extensively use the Internet for e-commerce,
market research, customer support, and a variety of other activities. Data security is critical to
‘online business and communication privacy.
Cryptography and cryptographic (“crypto”) systems help in securing data against interception
and compromise during online transmissions. This module provides a comprehensive
understanding of different cryptosystems and algorithms, one-way hash functions, public-key
infrastructures (PKIs), and the different ways in which cryptography can ensure the privacy and
security of online communication. It also covers various tools used to encrypt sensitive data.
At the end of this module, you will be able to
"Describe cryptography concepts
* Understand different encryption algorithms
Use different cryptography tools
"Describe public key infrastructure (PKI)
= Apply email encryption
"Apply disk encryption
"Describe various cryptography attacks
= Use different cryptanalysis tools
‘Module 20 Page 3000 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Module Flow
oe cs ABS matt zneryptin
Encryption Algorithms: eS Disk Encryption
ED corpograpry roots ODS caressa
ADS resuerertasasrvensein 08) countermensnrs
Cryptography Concepts
Cryptography enables one to secure transactions, communications, and other processes
performed in the electronic world. This section deals with cryptography and its associated
concepts, which will enable you to understand the advanced topics covered later in this module.
‘Module 20 Page 3001 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Cryptography
‘Types of Cryptography
Symmetric Encryption
‘Symmetric encryption (secrete, shared-ey, an private-key)
ses the same kay for encryption 2 it does for decryption
(© Cryptography isthe conversion of data into
a scrambied code thats encrypted and sent
across private or public network
(© Cryptography is used to protect confidential Toe
data, such as emall messages, chat sessions, a
‘web transactions, personal data, corporate ES
data, and e-commerce applications —
Asymmetric Encryption
Objectives of Cryptography
‘Asymmetric encryption (public-key) uses different encryption keys,
wich are called public an private keys for encryption and
“8 Confidentiality | Authentication decryption, respectively
| E
( tegity (© Nonrepudiation cas a. -: >
Cryptography
“Cryptography” comes from the Greek words kryptos, meaning “concealed, hidden, veiled,
secret, or mysterious,” and graphia, meaning “writing”; thus, cryptography is "the art of secret
writing.”
Cryptography is the practice of concealing information by converting plaintext (readable format)
into ciphertext (unreadable format) using 2 key or encryption scheme. It is the process of
converting data into a scrambled code that is encrypted and sent across a private or public
network. Cryptography protects confidential data such as email messages, chat sessions, web
transactions, personal data, corporate data, e-commerce applications, and many other types of
communication. Encrypted messages can, at times, be decrypted by cryptanalysis (code
breaking), even though modern encryption techniques are virtually unbreakable.
Objectives of Cryptography
Confidentiality: Assurance that the informati
access it,
accessible only to those authorized to
‘Integrity: Trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
* Authentication: Assurance that the communi
yn, document, or data is genuine.
* Nonrepudiation: Guarantee that the sender of a message cannot later deny having sent
the message and that the recipient cannot deny having received the message.
‘Module 20 Page 3002 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Cryptography Process
Plaintext (readable format) is encrypted by means of encryption algorithms such as RSA, DES, and
AES, resulting in a ciphertext (unreadable format) that, on reaching the destination, is decrypted
into readable plaintext.
Encryption i i
E mE ly
. c= ce
iphertext Ciphertext Plaintext
Figure 20.1: Example of Cryptography
‘Types of Cryptography
Cryptography is categorized into two types according to the number of keys employed for
encryption and decryption
* Symmetric Encryption
‘Symmetric encryption requires that both the sender and the receiver of the message
possess the same encryption key. The sender uses a key to encrypt the plaintext and sends
the resultant ciphertext to the recipient, who uses the same key (used for encryption) to
decrypt the ciphertext into plaintext. Symmetric encryption is also known as secret-key
cryptography, as it uses only one secret key to encrypt and decrypt the data. This type of
cryptography works well when you are communicating with only a few people.
Because the sender and receiver must share the key before sending any messages, this
technique is of limited use for the Internet, where individuals who have not had prior
contact frequently require 2 secure means of communication. The solution to this
problem is asymmetric encryption (public-key cryptography).
Encryption Decryption
Dastob, pp - Dawah,
The ew NE The er NC
umber tii umber
70 men erase
secretkey SE | seeretkey
Plain Text Gipher Text Plain Text
Figure 202: Symmetric Encryption
= Asymmetric Encryption
The concept of asymmetric encryption (also known as public-key cryptography) was
introduced to solve key-management problems. Asymmetric encryption involves both a
public key and a private key. The public key is publicly available, whereas the sender keeps
the private key secret
‘An asymmetric-key system is an encryption method that uses a key pair comprising a
public key available to anyone and a private key held only by the key owner, which helps
to provide confidentiality, integrity, authentication, and nonrepudiation in data
management.
‘Module 20 Page 3003 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethie Hacking and Countermeasures fam 312.50 Cee Ethical Hocker
rptoeraphy
‘Asymmetric encryption uses the following sequence to send a message’
1. An individual finds the public key of the person he or she wants to contact in a
directory.
2.7
public key is used to encrypt a message that is then sent to the intended reci
3. The receiver uses the private key to decrypt the message and reads it.
No one but the holder of the private key can decrypt a message encrypted with the
corresponding public key. This increases the security of the information because all
‘communications involve only public keys; the message sender never transmits or shares
the private keys. The sender must link public keys with usernames in a secure manner to
ensure that individuals claiming to be the intended recipient do not intercept the
information. To meet the need for authentication, one can use digital signatures.
enntion oeeypen
Beg Dan SE |
= cme
a Si
Plain Text Cipher Text Plain Text
Figure 20.3: Asymmetric Encryption
Strengths and Weaknesses of Crypto Methods
Symmetric Encryption ‘Asymmetric Encryption
Faster and easier to implement, as the
same key is used to encrypt and decrypt
tata Convenient to use, as the
distribution of keys to encrypt
Requires less processing power
messages is not required
Can be implemented in application-specific
strengths | intesrated chip (AIC).
Prevents widespread message security _| Enhanced security, as one need not
compromise as different secret keys are _| share or transmit private keys to
used to communicate with diferent parties | anyone
The key is not bound to the data being
transferred on the link; therefore, even if | Provides digital signatures that,
the data are intercepted, its not possible | cannot be repudiated
to decrypt it
Symmetric Encryption ‘Asymmetric Encryption
Weaknesses | | ack of secure channel to exchange the Slow in processing and requires high
secret key processing power
Module 20 Page 2008 Ethical aching aed Counteme ssc Copyright ©by EE Coamel
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures
Cryptography
‘eam 31250 Cerfied thea ker
Difficult to manage and secure too many | compromise is possible (ie., an
shared keys that are generated to attacker can read complete
communicate with different parties messages ifthe private key is
Widespread message security
compromised)
Provides no assurance about the origin and
authenticity of a message, as the same key
is used by both the sender and the receiver
Messages received cannot be
decrypted if the private key is lost
Vulnerable to dictionary attacks and brute- | Vulnerable to man-in-the-middle
force attacks and brute-force attacks
‘Module 20 Page 3005
‘Table 20.1: Strengths and weaknesses of erypto methods
Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Government Access to Keys (GAK) €
© GAK means that software companies wil give copies ofall keys (or at leasta sufficient proportion of each
key thatthe remainder could be cracked) tothe government
|B. The government promises that they will hold on tothe keys in a secure manner and will only use them when
2 court issues a warrant to do so
|@ Tothe government, this s similar to the ability to wiretapping phones
cryptographic Key |
» » *
ceconeeneemaeeataae | Tmrteshetncane ano raat wee
Government Access to Keys (GAK)
Government Access to Keys (GAK) refers to the statutory obligation of individuals and
organizations to disclose their cryptographic keys to government agencies. It means that
software companies will give copies of all keys (or at least enough of the key such that the
remainder can be cracked) to the government. Law enforcement agencies around the world
acquire and use these cryptographic keys to monitor suspicious communication and collect
evidence of cybercrimes in the interests of national security. The government promises that it
will hold on to the keys in a secure manner and only use them when a court issues a warrant to
do so. To the government, this issue is similar to the ability to wiretap phones.
Government agencies often use key escrow for uninterrupted access to keys. Key escrow is a key
‘exchange arrangement in which essential cryptographic keys are stored with a third party in
escrow. The third party can use or allow others to use the encryption keys under certain
predefined circumstances. The third party, with regard to GAK, is generally a government agency
that may use the encryption keys to decipher digital evidence under authorization or a warrant
from a court of law. However, there is growing concern about the privacy and security of
cryptographic keys and information. Government agencies are responsible for protecting these
keys. Such agencies generally use a single key to protect other keys, which is not a good idea, as,
revealing a single key could expose the other keys.
These agencies are not aware of how confidential the information protected by the keys is, which
makes it difficult to judge how much protection is required. In cases where seized keys also
protect other information that these agencies have no right to access, the consequences of key
revelation cannot be determined, because government agencies are not aware of the
information that the keys protect. In such cases, the key owner is liable for the consequences of
key revelation. Before owners hand over their keys to government agencies, they need to be
‘Module 20 Page 3008 Ethical Making and Countermeasures Copyight © by E-Caunedl
‘Al Rights Reserved. Reproduction Sel Prohiated
thea Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Ccyptoeraphy
assured that the government agencies will protect these keys according to a sufficiently strong
standard to protect their interests.
Cryptographic Key
Figure 20.4: lustration of GAK.
‘Module 20 Page 3007 Ethical Making and Countermeasures Copyight © by E-Caunedl
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Module Flow
Cy een OD) smattzncypion
Encryption Algorithms: oe Disk Encryption
exypogeaphy Too ODS cermanaiyse
Prntiexeyintntrctsemcy (1B Comntermearses
Encryption Algorithms
Encryption is the process of converting readable plaintext into an unreadable ciphertext using a
set of complex algorithms that transform the data into blocks or streams of random
alphanumeric characters. This section deals with ciphers and various encryption algorithms such
as DES, AES, RC4, RCS, RC6, DSA, RSA, MDS, SHA, etc.
‘Module 20 Page 3008 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Ciphers €
Cighersare algorithms usedto ©) Typesof ciphers )
Emerg or deerypt the data
CH trcsem aprons
( Gsncatconen 0) (ertonicime D)
(seston coer acy F aor )
Saciens ht aS. ( wacen ¥)
(A) rearsposton eer ancrey ‘estan
sac Sees, ( sreamasner B )
Ciphers
In cryptography, a cipher is an algorithm (a series of well-defined steps) for performing
encryption and decryption. Encipherment is the process of converting plaintext into a cipher or
code; the reverse process is called decipherment. A message encrypted using a cipher is rendered
unreadable unless its recipient knows the secret key required to decrypt it. Communication
technologies (e.g,, Internet, cell phones) rely on ciphers to maintain both security and privacy.
Cipher algorithms may be open-source (the algorithmic process is in the public domain while the
key is selected by a user and is private) or closed-source (the process is developed for use in
specific domains, such as the military, and the algorithm itself is not in the public domain).
Furthermore, ciphers may be free for public use or licensed.
‘Types of ciphers
Types of ciphers }
(Modern Ciphers
ested aphers tavd ont oe
( Casscal ciphers) ene
Ssbaaton cier — eesti
— oe ainer
( ecrey Serna ae
seeom cone
Figure 20.5: Classification of elhers
‘Module 20 Page 3008 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Ciphers are of two main types: classical and modern.
Classical Ciphers
Classical ciphers are the most basic type of ciphers, which operate on letters of the
alphabet (A~Z). These ciphers are generally implemented either by hand or with simple
mechanical devices. Because these ciphers are easily deciphered, they are generally
unreliable.
‘Types of classical ciphers
‘© Substitution cipher: The user replaces units of plaintext with ciphertext according to
a regular system. The units may be single letters, pairs of letters, or combinations of
them, and so on. The recipient performs inverse substitution to decipher the text.
Examples include the Beale cipher, autokey cipher, Gronsfeld cipher, and Hill cipher.
For example, “HELLO WORLD” can be encrypted as “PSTER HGFST” (i.e., H=P,
etc).
© Transposition cipher: Here, letters in the plaintext are rearranged according to a
regular system to produce the ciphertext. For example, “CRYPTOGRAPHY” when
encrypted becomes “AOYCRGPTYRHP.” Examples include the rail fence cipher, route
cipher, and Myszkowski transposition,
Modern Ciphers
Modern ciphers are designed to withstand a wide range of attacks. They provide message
secrecy, integrity, and authentication of the sender. A user can calculate a modern cipher
using a one-way mathematical function that is capable of factoring large prime numbers.
Types of Modern ciphers
© Based on the type of key used
© Symmetric-key algorithms (Private-key cryptography): Use the same key for
encryption and decryption.
‘© Asymmetric-key algorithms (Public-key cryptography): Use two different keys for
encryption and decryption.
© Based on the type of input data
* Block cipher: Deterministic algorithms operating on a block (a group of bits) of
fixed size with an unvarying transformation specified by a symmetric key. Most
modern ciphers are block ciphers. They are widely used to encrypt bulk data.
Examples include DES, AES, IDEA, etc. When the block size is less than that used
by the cipher, padding is employed to achieve a fixed block size.
‘© Stream cipher: Symmetric-key ciphers are plaintext digits combined with a key
stream (pseudorandom cipher digit stream). Here, the user applies the key to each
bit, one at a time. Examples include RC4, SEAL, etc.
Module 0 Page 2010 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Data Encryption Standard (DES) and Advanced Encryption CEH
Standard (AES)
‘Data Encryption Standard (DES) ‘Ravanced Encryption Standard (RES)
1 DeSisdesgned to enipher and decipher blocks of | | AESisasymmetrctey lgrthm used bythe US
data conatng of 6 bits under control of aS6-Ut fovernment agencies to secure senstive but
tey tincassited material
(@ DESis the archetypal block cipher —
‘an sgorthm that takes 3 fied Length string | AES san erated block cipher that works by
fof plaintext bits and transforms it into a phertext bit repeating the same operation multiple times
String of the same length
©. Due tothe inherent weakness of DES with today’s
‘technologies, some organizations triple repeat the
process (3085) for added strength until they can
afford to update their equipment to AES capabittes
1G tehas 2 128-bit block size with key sizes of 228,
192, and 256 bits for AES-128,
‘AES 192, and AES.256,respectvaly
Data Encryption Standard (DES)
DES is a standard for data encryption that uses a secret key for both encryption and decryption
(symmetric cryptosystem). DES uses a 64-bit secret key, of which 56 bits are generated randomly
and the other 8 bits are used for error detection. It uses a data encryption algorithm (DEA), a
secret key block cipher employing 2 56-bit key operating on 64-bit blocks. DES is the
archetypal block cipher—an algorithm that takes a fixed-length string of plaintext bits and
transforms it into a ciphertext bit string of the same length. The design of DES allows users to
implement it in hardware and use it for single-user encryption, such as to store files on a hard
disk in encrypted form.
DES provides 72 quadrillion or more possible encryption keys and chooses a random key for the
encryption of each message. Because of the inherent weakness of DES vis-a-vis today's
technologies, some organizations use triple DES (3DES), in which they repeat the process three
times for added strength until they can afford to update their equipment to AES capabilities.
Triple Data Encryption Standard (3DES)
Eventually, it became obvious that DES would no longer be secure. The U.S. Federal Government
began a contest seeking a replacement cryptography algorithm. However, in the meantime, 3DES.
was created as an interim solution. Essentially, it performs DES three times with three different
keys. 3DES uses a “key bundle” that comprises three DES keys, K1, K2, and K3. Each key is a
standard 56-bit DES key. It then performs the following process
DES encrypt with K1, DES decrypt with K2, DES encrypt with K3
There are three options for the keys. In the first option, all three keys are independent and
different. In the second option, K1 and k3 are identical. In the third option, all three keys are the
same; therefore, you are literally applying the same DES algorithm three times with the same
key. The first option is the most secure, while the third is the least secure.
Module 20 Page 3011 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology
(NIST) specification for the encryption of electronic data. It also helps to encrypt digital
information such as telecommunications, financial, and government data. US government
agencies have been using it to secure sensitive but unclassified material.
AES consists of a symmetric-key algorithm: both encryption and decryption are performed using
the same key. It is an iterated block cipher that works by repeating the defined steps multiple
times. It has a 128-bit block size, with key sizes of 128, 192, and 256 bits for AES-128, AES-192,
and AES-256, respectively. The design of AES makes its use efficient in both software and
hardware. It works simultaneously at multiple network layers.
AES Pseudocode
Initially, the system copies the cipher input into the internal state and then adds an initial round
key. The system transforms the state by iterating a round function in a number of cycles. The
number of cycles may vary with the block size and key length. After completing rounding, the
system copies the final state into the cipher output.
Cipher (byte in [4*Nb], byte out [44Nb], word wINb# (r+) ])
begin
byte state[4, Nb]
state
AddRoundKey (state, w)
for round = 1 atep 1 to Ne-1
Subpytes (state)
ShiftRows (state)
MixColumns (state)
AddRoundKey (state, w+round*Nb)
end for
SubBytes (state)
ShiftRows (state)
AddRoundKey (state, w#ltr+Nb)
out = state
end
Module 20 Page 2012 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
RC4, RCS, and RC6 Algorithms
| Avariable key size symmetric key stream cipher with
RC4 byte-oriented operations and is based on the use of
‘random permutation
(© Risa porametaind slot wth 9 varisble lock
RCS ste, torable fey sr, ond variable numberof rounds e=
Thetey sve 128s £
| ACE sa symmetric key block cipher derived from RCS
with two addtional features
+
© integer mutipicstion
1 four bit working registers (RCS uses two 2bitegsters|
RC4, RCS, and RC6 Algorithms
‘Symmetric encryption algorithms developed by RSA Security are discussed below.
= RCO
RCAis a variable key-size symmetric-key stream cipher with byte-oriented operations, and
it
based on the use of a random permutation. According to some analyses, the period
of the cipher is likely to be greater than 10,100. Each output byte uses 8 to 16 system.
operations; thus, the cipher can run fast when used in software. RC4 enables safe
‘communications such as for traffic encryption (which secures websites) and for websites
that use the SSL protocol.
= RES
RCS is a fast symmetric-key block cipher designed by Ronald Rivest for RSA Data Security
(now RSA Security). The algorithm is a parameterized algorithm with a variable block size,
a variable key size, and a variable number of rounds. The block sizes can be 32, 64, or 128
bits. The range of the rounds can vary from 0 to 255, and the size of the key can vary from
0 to 2,040 bits. This built-in variability can offer flexibility at all levels of security. The
routines used in RCS are key expansion, encryption, and decryption.
In the key expansion routine, the secret key that a user provides is expanded to fill the
key table (the size of which depends on the number of rounds). RCS uses a key table for
both encryption and decryption. The encryption routine has three fundamental
operations: integer addition, bitwise XOR, and variable rotation. The intensive use of
data-dependent rotation and the combination of different operations make RCS a secure
encryption algorithm.
Module 20 Page 3013 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Figure 20: Block diagram ofthe RCS algorithm
= RCE
RC is a symmetric-key block cipher derived from RCS. it is a parameterized algorithm
with a variable block size, key size, and number of rounds. Two features that differentiate
RC6 from RCS are integer multiplication (which is used to increase the diffusion, achieved
in fewer rounds with increased speed of the cipher) and the use of four 4-bit working
registers rather than two 2-bit registers. RC6 uses four 4-bit registers instead of two 2-bit
registers because the block size of the AES is 128 bits.
Blowfish
Blowfish is a type of symmetric block cipher algorithm designed to replace DES or IDEA
algorithms. it uses the same secret key to encrypt and decrypt data. This algorithm splits the data
into a block length of 64 bits and produces a key ranging from 32 bits to 448 bits. Due to its high
speed and overall efficiency, blowfish is used in software ranging from password protection tools
to e-commerce websites for securing payments.
It isa 16-round Feistel cipher working on 64-bit blocks. However, unlike DES, its key size ranges
from 32 bits to 448 bits.
This algorithm has two parts. The first part handles the expansion of the key. The second part
actually encrypts the data.
The key expansion is handled in several steps. The first step is to break the original key into a set
of subkeys. Specifically, a key of no more than 448 bits is separated into 4,168 bytes. There is a
P-array and four 32-bit S-boxes. The P-array contains 18 32-bit subkeys, while each S-box contains
256 entries.
Module 20 Page 3016 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethie Hacking and Countermeasures fam 312.50 Cee Ethical Hocker
ryptoerphy
Key expansion is performed as follows:
1. The first step is to initialize the P-array and S-boxes.
2. Then, XOR the P-array with the key bits. For example, P1 XOR (first 32 bits of the key),
P2 XOR (next 32 bits of the key).
Use the above method to encrypt the all-zero string.
This new output is now P21 and P2.
Encrypt the new Pi and P2 with the modified subkeys.
This new output is now P3 and P4.
Noveyw
Repeat the process 521 times to calculate new subkeys for the P-array and the four S-
boxes,
‘The round function splits the 32-bit input into four 8-bit quarters and uses the quarters as input
to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.
Module 20 Page 3015 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures
Cryptography
‘eam 31250 Cerfied thea ker
Twofish and Threefish
‘Twofish
|G Twolch uses a block sue of 128 bits and hey
sizes up to 256 bits 158 Feistel cipher
(© reworks fst for CPU or hardware andis ako
flee with network based applications
|G Iheven enables various levels of performance
wade off with parameters of encryption speed,
‘Threefish
(a Threetish i large tweakable symmetrictey
block cipher In which the block and Key sizes are
equal ie, 256, 512, and 1024
‘© ItiavoWves just three operations: Addition
Rotation-XOR (AX)
(a Threetsh blocks of sizes 256, 512, nd 1024
Involve 72,72, and 80 rounds of computations,
hardware gate count, memory usage, etc. respectively
‘Twofish
‘The Twofish algorithm was one of the U.S. Government's five finalists to replace DES, but it was
not chosen. It was designed by Bruce Schneier, John Kelsey, Doug Whiting, Da
Hall, and Niels Ferguson.
‘Wagner, Chris
‘TwoFish is a 128-bit block cipher. It is one of the most conceptually simple algorithms that uses
a single key for both encryption and decryption for any length up to 256 bits. itis 2 Feistel cipher.
It not only works fast for CPU or hardware but is also flexible for network-based applications.
Furthermore, it allows various levels of performance trade-off on parameters such as encryption
speed, hardware gate count, memory usage, etc. This technique of enabling different
implementations improves the relative performance of the algorithm. Any user can optimize the
performance based on the key scheduling.
‘Threefish
Threefish was developed in 2008 and it is a part of the Skein algorithm. It was enrolle,
‘SHA-3 (hash function) contest. It is a large tweakable symmetric-key block cipher in which the
block and key sizes are equal, i.e., 256, 512, and 1024. Threefish involves only three operations,
i.e., ARX (addition-rotation-XOR), which makes the coding simple, and all these operations work
‘on 64-bit words, Threefish blocks 256, 512, and 1024 involve 72, 72, and 80 rounds of
‘computations, respectively, to achieve the final security goal. This algorithm does not use S-boxes
to prevent cache timing attacks.
Module 20 Page 2016 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Serpent and TEA
Serpent TER
© Serpent uses a 128-bit symmetric block cipher [© Tiny Encryption algorithm (TEA) sa Felstel cipher
with 128-, 192, or 256-bit key sizes ‘that uses 64 rounds
(© involves 32 operating rounds on four 32-bit word
blocks using 8 variable boxes with «‘bitentry and | || Si ruses 9 128-bi key operating on 68-bit blocks
‘hit ext each S-box parallely works 32 times
(@ The 32 rounds of computational operations include | | It also uses constant that defined as 232/the
‘ors substitutions and permutations ‘olden ratio
Serpent
Like Blowfish, Serpent is a symmetric-key block cipher that was a finalist in the AES contest. This
algorithm was designed by Ross Anderson, Eli Bihar, and Lars Knudsen. It uses a 128-bit
symmetric block cipher with key sizes of 128, 192, or 256 bits. It can be integrated into software
‘or hardware programs without any restrictions.
Serpent involves 32 rounds of computational operations that include substitution and
permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and
4-bit exit. All S-boxes work parallelly 32 times. Although, Serpent is one of the most secure
encryption mechanisms in AES contests, researchers have chosen Rijndael over Serpent due to
its moderate encryption speed (owing to the number of rounds it uses) and complexity. Serpent
minimizes the correlation between encoded images or plaintexts to a greater extent compared
to Twofish and Rijndael. Therefore, Rijndael is the stand-out AES competitor and is now being
used as AES.
TEA
The tiny encryption algorithm (TEA) was created by David Wheeler and Roger Needham, and it
‘was publicly presented for the first time in 1994. itis a simple algorithm, easy to implement in
code. It is a Feistel cipher that uses 64 rounds (note that this is a suggestion; it can be
implemented with fewer or more rounds). The number of rounds should be even since they are
implemented in pairs called cycles.
TEA uses a 128-bit key operating on a 64-bit block. It also uses a constant that is defined as
232/the golden ratio. This constant is referred to as delta, and in each round, a multiple of delta
is used. The 128-bit key is split into four different 32-bit subkeys labeled K(0], K[1], K[2], and K[3].
Module 20 Page 2017 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
Instead of using the XOR operation, TEA uses addition and subtraction, but with mod 232. The
block is divided into two halves, R and L. R is processed through the round function
The round function takes the R half and performs a left shift of 4. Then, the result of this operation
is added to K{0]. Next, the result of this operation is added to delta (recall that delta is the current
multiple of 232/the golden ratio). The result of this operation is then shifted right by 5 and added
to K[1]. This is the round function. As with all Feistel ciphers, the result of the round function is
XORed with L, and L and R are then swapped for the next round.
Module 20 Page 2018 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
thea Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
CAST-128
(@ CAST.128 or CASTS is a symmetrickey block cipher
(@ thas a 12.0r16 round Feistel network with 64-bit
block size
{© Mtuses a key sze varying from 40 to 328 bts in 8-bit
(© CAST. 128 consists of arg 8x32 bit boxes and uses
the masking key (Kes and rotation Key (Ka)
| The oun function eansists of tree alternating
types fr performing adeition, subtraction, or KOR
operations at diferent stages
\@ CAST-28 cused asa default cipher in GPG and PGP
CAST-128
CAST-128, also called CASTS, is a symmetric-key block cipher having a classical 12- or 16-round
Feistel network with a block size of 64 bits. CAST-128 uses a key size varying from 40 bits to 128
bits in 8-bit increments. The CAST-128 components include large 8x32-bit $-boxes (S1, $2, $3, $4)
based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR
operations, CAST-128 uses a masking key (Km1) and a rotation key (Ke) for performing its
functions. The round function consists of three altemating types to perform addition,
subtraction, or XOR operations in different stages. It used as a default cipher in GPG (GNU Privacy
Guard) and PGP (Pretty Good Privacy)
CAST-256 is an extension of CAST-128 that uses the same design procedure. CAST-256 has a 128-
bit block size, and it uses key sizes varying from 128 to 256 bits. Furthermore, it uses zero-
correlation cryptanalysis, which can break 28 rounds with time = 2246.9 and data = 298.8.
Figure 20.7: Block diagram of CAST-128
‘Module 20 Page 2019 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
GOST Block Cipher and Camellia €
GOST Block Cipher Camellia
|G. Camelia symmetric key block cipher with
‘ther 18 rounds (for 128 bit keys) or 24 rounds
(Gor 256-it key)
"© GosTbIock phe, also called as Magma, isa
symmetric key black cipher
(© itis a 32-round Faistel network working on 64- “© his aFestel cipher working with 128-bit blocks
bitblocks with 256-bt key length ‘and has key ies of 128, 192, and 256-bits
|G Ireonssts ofan S-box that canbe kept secret,
and it contains approximately 354 bts of secret
information
|G this used as part ofthe Transport Layer Security
{T5) protocol
GOST Block Cipher
The GOST (Government Standard) block cipher, also called Magma, is a symmetric-key block
cipher having a 32-round Feistel network working on 64-bit blocks with a 256-bit key length. It
consists of an S-box that can be kept secret and it contains around 354 bits of secret information.
GOST is a simple encryption algorithm, where the round function 32-bit subkey modulo 232 is
‘added and put in the layer of S-boxes and the rotate left shift operation is used for shifting 11
bits, thereby providing the output of the round function.
The key scheduling of the GOST block cipher is performed by breaking the 256-bit key into eight
32-bit subkeys, where each subkey is used four times. In this algorithm, the key words are used
in order for the first 24 rounds and they are used in reverse order for the last 8 rounds.
Kuznyechik is the latest extension of GOST, which uses 128-bit blocks.
Camellia
Camellia is a symmetric-key block cipher having either 18 rounds (for 128-bit keys) or 24 rounds
(for 256-bit keys). It is a Feistel cipher with a block size of 128 bits and a key size of 128, 192, and
256 bits. Camellia uses four 8x8-bit S-boxes that perform affine transformations and logical
‘operations. A logical transformation layer FL-function or its inverse is applied every six rounds.
Camellia uses the key whitening technique for increased security.
Camellia is a part of the Transport Layer Security (TLS) protocol, which is used to deliver secure
communication. Camellia cannot be brute-forced even with the latest technology although it
uses a smaller key size of 128 bits, thus making it a safe cipher. In addition, Camellia offers high
security and its processing skills are equivalent to those of AES or Rijndael.
‘Module 20 Page 3020 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
Cryptography
DSA and Related Signature Schemes
Digital Signature Algorithm Digital Signature
FIPS 186-2 spectios the Digital Signature Algorithm Adigital signature is computed using 2 set of rules
(04) that may be used in the generation and (Ge, the DSA) and a set of parameters such thatthe
verification of eigital signatures fr sensitive, ‘entity of the signatory and integrity ofthe data can
Lundassied applications be verifies
Each ontity creates a public key and corresponding private key
ee
Tocompute a suet snlemen 992", and amoute ges
compaeyemody (eae yl bte pul bey andthe orate ey
DSA and Related Signature Schemes
‘The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital
signatures. The NIST proposed the DSA for use in the Digital Signature Standard (DSS), adopted
as FIPS 186. The DSA helps in the generation and verification of digital signatures for sensitive
and unclassified applications. It creates a 320-bit digital signature with $12-1024-bit security.
A digital signature is a mathematical scheme used for the authentication of digital messages.
‘Computation of the digital signature uses a set of rules (ie., the DSA) and a set of parameters in
that the user can verify the identity of the signatory and the integrity of the data.
Processes involved in DSA:
Signature Generation Process: The private key is used to know who has signed it.
"Signature Verification Process: The public key is used to verify whether the given digital
signature is genuine.
DSA is a public-key cryptosystem, as it involves the use of both private and public keys.
Benefits of DSA:
Less chances of forgery compared with a written signature
Quick and easy method of business transactions
Fake currency problem can be mitigated considerably
DSA Alg
Each entity A does the following:
m:
1. Select a prime number q such that 2159 < q < 21
‘Module 20 Page 3021 Ethical Making and Countermeasures Copyright © by E-Cauncil
‘Al Rights Reserved. Reproduction Sel Prohiated
Ethical Hacking and Countermeasures ‘eam 31250 Cerfied thea ker
ryptoerphy
2. Choose t such thato $ ¢ S 8, andselectaprime number p where 256t
