MASTERJI DEGREE & PG COLLEGE

B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

UNIT- 1
INTRODUCTION

Computer data often travels from one computer to another, leaving the safety of its protected
physical surroundings. Once the data is out of hand, people with bad intention could modify or
forge your data, either for amusement or for their own benefit.

Cryptography can reformat and transform our data, making it safer on its trip between
computers. The technology is based on the essentials of secret codes, augmented by modern
mathematics that protects our data in powerful ways.

• Computer Security - generic name for the collection of tools designed to protect data and to
thwart hackers

• Network Security - measures to protect data during their transmission

• Internet Security - measures to protect data during their transmission over a collection of

Interconnected networks

Basic Concepts

Cryptography The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that message back to
its
Original form
Plaintext The original intelligible message

Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods
Key Some critical information used by the cipher, known only to the sender& receiver

Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a
Key
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Cryptanalysis The study of principles and methods of transforming an unintelligible message

back into an intelligible message without knowledge of the key. Also called code breaking
Cryptology Both cryptography and cryptanalysis
Code An algorithm for transforming an intelligible message into an unintelligible one using a
code-book
SECURITY TRENDS

In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the
Internet Architecture" (RFC 1636). The report stated the general consensus that the
Internet needs more and better security, and it identified key areas for security mechanisms.
Among these were the need to secure the network infrastructure from unauthorized
monitoring and control of network traffic and the need to secure end-user-to-end-user traffic
using authentication and encryption mechanisms
These concerns are fully justified. As confirmation, consider the trends reported by
the Computer Emergency Response Team (CERT) Coordination Center (CERT/CC). The
trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These
include security weaknesses in the operating systems of attached computers (e.g., Windows,
Linux) as well as vulnerabilities in Internet routers and other network devices. The number of
security related incidents reported to CERT. These include denial of service attacks; IP
spoofing, in which intruders create packets with false IP addresses and exploit applications
that use authentication based on IP; and various forms of eavesdropping and packet sniffing,
in which attackers read transmitted information, including logon information and database
contents.

SECURITY ATTACKS
Types:

Active attacks: An Active attack attempts to alter system resources or effect their
operations. Active attacks involve some modification of the data stream or creation of false
statement.
An active attack involves changing the information in some way by conducting some process
on the information. Types of active attacks are as following:
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

1. Masquerade –
Masquerade attack takes place when one entity pretends to be a different entity. A
Masquerade attack involves one of the other forms of active attacks.

2. Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect. For example, a message meaning “Allow
JOHN to read confidential file X” is modified as “Allow Smith to read confidential file
X”.

3. Repudiation
This attack is done by either sender or receiver. The sender or receiver can deny later
that he/she has send or receive a message. For example, customer asks his Bank “To
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

transfer an amount to someone” and later on the senders (customer) deny that he had
made such a request. This is repudiation.
4. Replay –
It involves the passive capture of a message and its subsequent transmission to produce
an authorized effect.

5. Denial of Service
It prevents normal use of communication facilities. This attack may have a specific
target. For example, an entity may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network either
by disabling the network or by overloading it by messages so as to degrade
performance.

Passive attacks: A Passive attack attempts to learn or make use of information from
the system but does not affect system resources. Passive Attacks are in the nature of
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

eavesdropping on or monitoring of transmission. The goal of the opponent is to obtain

information that is being transmitted. Types of Passive attacks are as following:

1. The release of message content –

Telephonic conversation, an electronic mail message, or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.

2. Traffic analysis

Suppose that we had a way of masking (encryption) information, so that the attacker
even if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and
could observe the frequency and length of messages being exchanged. This information
might be useful in guessing the nature of the communication that was taking place.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

SECURITY SERVICES:
A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. These services are intended to counter
security attacks, and they make use of one or more security mechanisms to provide the service.

Following are the five categories of these services:

 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Authentication: The assurance that the communicating entity is the one that it claims to be.

 Peer Entity Authentication: Used in association with a logical connection to provide

confidence in the identity of the entities connected.
 Data-Origin Authentication: In a connectionless transfer, provides assurance that the
source of received data is as claimed.

Data Confidentiality:
Protects data from unauthorized disclosure.

Access Control:
The prevention of unauthorized use of a resource (i.e., this service controls who can have access
to a resource, under what conditions access can occur, and what those accessing the resource
are allowed to do).

Data Integrity:
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no
modification, insertion, deletion, or replay).

Non-repudiation:
Protects against denial by one of the entities involved in a communication of having
participated in all or part of the communication.

 Proof of Origin: Proof that the message was sent by the specified party.
 Proof of Delivery: Proof that the message was received by the specified party.
SECURITY MECHANISMS

Encipherment

The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm
and zero or more encryption keys.

Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and protect against
forgery (e.g., by the recipient).
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data
units

A MODEL FOR NETWORK SECURITY

When we send our data from source side to destination side we have to use some transfer
method like the internet or any other communication channel by which we are able to send
our message. The two parties, who are the principals in this transaction, must cooperate for
the exchange to take place. When the transfer of data happened from one source to another
source some logical information channel is established between them by defining a route
through the internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals.

When we use the protocol for this logical information channel the main aspect
security has come. Who may present a threat to confidentiality, authenticity, and so on. All
the technique for providing security has to components:

1. A security-related transformation on the information to be sent.

2. Some secret information shared by the two principals and, it is hoped, unknown to the
opponent.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

A trusted third party may be needed to achieve secure transmission. For example, a third
party may be responsible for distributing the secret information to the two principals while
keeping it from any opponent. Or a third party may be needed to arbitrate disputes between
the two principals concerning the authenticity of a message transmission.

This model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the security
algorithm and the secret information to achieve a particular security service.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

SYMMETRIC CIPHERS
CLASSICAL ENCRYPTION TECHNIQUES

There are two basic building blocks of all encryption techniques: substitution and
transposition.

SUBSTITUTION TECHNIQUES
A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols.
If the plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with cipher text bit patterns.

CAESAR CIPHER
The Caesar Cipher technique is one of the earliest and simplest method of encryption
technique. The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.
For example
Plain: meet me after the toga party
Cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can
define the transformation by listing all possibilities, as follows:
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

PLAYFAIR CIPHER:
In this scheme, pairs of letters are encrypted, instead of single letters

Initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the
key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the
alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the
plaintext contains J, then it is replaced by I.

The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table,
the first characters (going left to right) in the table is the phrase, excluding the duplicate letters.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

The rest of the table will be filled with the remaining letters of the alphabet, in natural order.
The key table works out to be –

Process of Playfair Cipher

 First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd
number of letters, a Z is added to the last letter. Let us say we want to encrypt the
message “hide money”. It will be written as −

HI DE MO NE YZ
 The rules of encryption are −
o If both the letters are in the same column, take the letter below each one (going

back to the top if at the bottom)

T U O R I ‘H’ and ‘I’ are

in same
column, hence
A L S B C
take letter
below them to
D E F G H replace. HI →
QC
K M N P Q

V W X Y Z

 If both letters are in the same row, take the letter to the right of each one (going back to
the left if at the farthest right)

T U O R I ‘D’ and ‘E’

are in same
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

A L S B C row, hence
take letter to
the right of
D E F G H
them to
replace. DE
K M N P Q → EF

V W X Y Z

If neither of the preceding two rules are true, form a rectangle with the two letters and take the
letters on the horizontal opposite corner of the rectangle.

Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would
be −

QC EF NU MF ZV

Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has
the same key and can create the same key table, and then decrypt any messages made using
that key.

HILL CIPHER
Hill cipher is a polygraphic substitution cipher based on linear algebra.Each letter is
represented by a number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is
used, but this is not an essential feature of the cipher. To encrypt a message, each block of n
letters (considered as an n-component vector) is multiplied by an invertible n × n matrix,
against modulus 26.
To decrypt the message, each block is multiplied by the inverse of the matrix used for
encryption.
The matrix used for encryption is the cipher key, and it should be chosen randomly from the
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

set of invertible n×n matrices (modulo26).

TRANSPOSITION TECHNIQUE

Transposition technique (No replacement of character) is an encryption method

which is achieved by performing permutation over the plain text. Mapping plain text into
cipher text using transposition technique is called transposition cipher.
On the one hand, the substitution technique substitutes a plain text symbol with a cipher
text symbol. On the other hand, the transposition technique executes permutation on the plain
text to obtain the cipher text.

1. Rail Fence Transposition

2. Columnar Transposition

RAIL FENCE CIPHER

The rail fence cipher is the simplest transposition cipher. The steps to obtain cipher text using
this technique are as follow:

Step 1: The plain text is written as a sequence of diagonals.

Step 2: Then, to obtain the cipher text the text is read as a sequence of rows.
To understand this in a better way, let us take an example:

Plain Text: meet me tomorrow

Now, we will write this plain text sequence wise in a diagonal form as you can see below:

Looking at the image, you would get it why it got named rail fence because it appears like the
rail fence.

Once you have written the message as a sequence of diagonals, to obtain the cipher text out of it
you have to read it as a sequence of rows. So, reading the first row the first half of cipher text
will be:
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

memtmro
reading the second row of the rail fence, we will get the second half of the cipher text:

eteoorw
Now, to obtain the complete cipher text combine both the halves of cipher text and the complete
cipher text will be:

Cipher Text: M E M T M R O E T E O O R W
Rail fence cipher is easy to implement and even easy for a cryptanalyst to break this technique.
So, there was a need for a more complex technique.

Columnar Transposition Technique

The columnar transposition cipher is more complex as compared to the rail fence.

Columnar transposition involves writing the plain text out in rows, and then reading the
cipher text off in columns. It is the route cipher where the route is to read down each column in
order.

For example the plain text “a simple transposition “with 5 columns look like the grid
below

If we now read down each column we get the cipher text

“ALNISESTITPIMROOPASN”

ROTOR MACHINE

A rotor machine is an electro-mechanical stream cipher device used for encrypting and
decrypting messages. Rotor machines were the cryptographic state-of-the-art for a prominent
period of history; they were in widespread use in the 1920s–1970s.

The most famous example is the German Enigma machine, the output of which was
deciphered by the Allies during World War II, producing intelligence code-named Ultra.

The primary component is a set of rotors, also termed wheels or drums, which are
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

rotating disks with an array of electrical contacts on either side. The wiring between the
contacts implements a fixed substitution of letters, replacing them in some complex fashion. On
its own, this would offer little security; however, after encrypting each letter, the rotors advance
positions, changing the substitution. By this means, a rotor machine produces a
complex polyalphabetic substitution cipher, which changes with every keypress.

STEGANOGRAPHY

Steganography is data hidden within data. Steganography is an encryption technique

that can be used along with cryptography as an extra-secure method in which to protect data.
Steganography techniques can be applied to images, a video file or an audio file. Typically,
however, steganography is written in characters including hash marking, but its usage within
images is also common. At any rate, steganography protects from pirating copyrighted
materials as well as aiding in unauthorized viewing.

One use of steganography includes watermarking which hides copyright information

within a watermark by overlaying files not easily detected by the naked eye. This prevents
fraudulent actions and gives copyright protected media extra protection.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Steganography has been used for centuries, but these days, hackers and IT pros have
digitized. The word “steganography” seems fancy, but it actually comes from a fairly normal
place. The root “steganos” is Greek for “hidden” or “covered,” and the root “graph” is Greek
for “to write.” Put these words together, and you’ve got something close to “hidden writing,” or
“secret writing.” it to do some pretty creative things. There are a number of apps that can be
used for steganography, including Steghide, Xiao, Stegais and Concealment.

STEGANOGRAPHY TECHNIQUES

 Intranets.

 Digital Watermarking.

 Voice over Internet Protocol.

 Detection Algorithm.

 Detection Method.

 Watermarking Technique.

 Trojans.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

UNIT- 2

DATA ENCRYPTION STANDARD

BLOCK CIPHER PRINCIPLES
Stream Ciphers and Block Ciphers
Encryption algorithms are divided into two categories based on the input type, as a
block cipher and stream cipher.
Block cipher is an encryption algorithm that takes a fixed size of input say b bits and
produces a cipher text of b bits again. If the input is larger than b bits it can be divided
further.
There are several modes of operations for a block cipher.
 Electronic Code Book (ECB)
 Cipher Block Chaining (CBC)
 Cipher Feedback Mode (CFB)
 Output Feedback Mode (OFB)
 Counter Mode(CTR)
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
Examples of classical stream ciphers are the auto keyed Vigenère cipher and the Vernam
cipher.

Feistel Cipher
Feistel Cipher model is a structure or a design used to develop many block ciphers
such as DES. Same encryption as well as decryption algorithm is used. A separate key is used
for each round. However same round keys are used for encryption as well as decryption.

Encryption Process
The encryption process uses the Feistel structure consisting multiple rounds of
processing of the plaintext, each round consisting of a “substitution” step followed by a
permutation step.

 The input block to each round is divided into two halves that can be denoted as L and R
for the left half and the right half.

 In each round, the right half of the block, R, goes through unchanged. But the left half,
L, goes through an operation that depends on R and the encryption key. First, we apply
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

an encrypting function ‘f’ that takes two input − the key K and R. The function
produces the output f(R,K). Then, we XOR the output of the mathematical function
with L.

 The permutation step at the end of each round swaps the modified L and unmodified R.
Therefore, the L for the next round would be R of the current round. And R for the next
round be the output L of the current round.

 Above substitution and permutation steps form a ‘round’. The number of rounds are
specified by the algorithm design.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

 Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated
in this order to form the cipher text block.

Decryption Process
The process of decryption in Feistel cipher is almost similar. Instead of starting with a
block of plaintext, the cipher text block is fed into the start of the Feistel structure and then the
process thereafter is exactly the same as described in the given illustration.

The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If these are not
swapped then the resulting cipher text could not be decrypted using the same algorithm.

Number of Rounds
The number of rounds used in a Feistel Cipher depends on desired security from the
system. More number of rounds provides more secure system. But at the same time, more
rounds mean the inefficient slow encryption and decryption processes. Number of rounds in
the systems thus depend upon efficiency–security tradeoff.

Data Encryption Standard (DES)

DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means
64 bits of plain text, goes as the input to DES, which produces 64 bits of cipher text. The same
algorithm and key are used for encryption and decryption, with minor differences. The key
length is 56 bits. The basic idea is shown in the figure.
We have mentioned that DES uses a 56-bit key. Actually, the initial key consists of 64
bits. However, before the DES process even starts, every 8th bit of the key is discarded to
produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit
key.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which is
called a round. Each round performs the steps of substitution and transposition. Let us now
discuss the broad-level steps in DES.
In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP)
function.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

The initial permutation is performed on plain text.

Next, the initial permutation (IP) produces two halves of the permuted block; says Left Plain
Text (LPT) and Right Plain Text (RPT).
Now each LPT and RPT go through 16 rounds of the encryption process.
In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block
The result of this process produces 64-bit ciphertext.

Initial Permutation (IP) –

As we have noted, the initial permutation (IP) happens only once and it happens before
the first round. It suggests how the transposition in IP should proceed, as shown in the figure.
For example, it says that the IP replaces the first bit of the original plain text block with the
58th bit of the original plain text, the second bit with the 50th bit of the original plain text
block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the same
rule applies to all the other bit positions shown in the figure.

As we have noted after IP is done, the resulting 64-bit permuted text block is divided into two
half blocks. Each half-block consists of 32 bits, and each of the 16 rounds, in turn, consists of
the broad level steps outlined in the figure.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Step-1: Key transformation –

We have noted initial 64-bit key is transformed into a 56-bit key by discarding every
8th bit of the initial key. Thus, for each a 56-bit key is available. From this 56-bit key, a
different 48-bit Sub Key is generated during each round using a process called key
transformation. For this, the 56-bit key is divided into two halves, each of 28 bits. These
halves are circularly shifted left by one or two positions, depending on the round.
For example, if the round numbers 1, 2, 9, or 16 the shift is done by only position for other
rounds, the circular shift is done by two positions. The number of key bits shifted per round is
shown in the figure.

After an appropriate shift, 48 of the 56 bits are selected. for selecting 48 of the 56 bits
the table is shown in the figure given below. For instance, after the shift, bit number 14 moves
on the first position, bit number 17 moves on the second position, and so on. If we observe
the table carefully, we will realize that it contains only 48-bit positions. Bit number 18 is
discarded (we will not find it in the table), like 7 others, to reduce a 56-bit key to a 48-bit key.
Since the key transformation process involves permutation as well as a selection of a 48-bit
subset of the original 56-bit key it is called Compression Permutation.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Because of this compression permutation technique, a different subset of key bits is used in
each round. That makes DES not easy to crack.

Step-2: Expansion Permutation–

Recall that after initial permutation, we had two 32-bit plain text areas called Left
Plain Text (LPT) and Right Plain Text (RPT).
During the expansion permutation, the RPT is expanded from 32 bits to 48 bits. Bits
are permuted as well hence called expansion permutation. This happens as the 32-bit RPT is
divided into 8 blocks, with each block consisting of 4 bits. Then, each 4-bit block of the
previous step is then expanded to a corresponding 6-bit block, i.e., per 4-bit block, 2 more bits
are added.

This process results in expansion as well as a permutation of the input bit while
creating output. The key transformation process compresses the 56-bit key to 48 bits. Then
the expansion permutation process expands the 32-bit RPT to 48-bits. Now the 48-bit key is
XOR with 48-bit RPT and the resulting output is given to the next step, which is the S-Box
substitution.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

ADVANCED ENCRYPTION STANDARD (AES)

The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six times faster than
triple DES.

The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys

 Stronger and faster than Triple-DES

 Provide full specification and design details

 Software implementable in C and Java

Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation
network’. It comprises of a series of linked operations, some of which involve replacing inputs
by specific outputs (substitutions) and others involve shuffling bits around (permutations).

Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES
treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns
and four rows for processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the
key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-
bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.

The schematic of AES structure is given in the following illustration −

Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of
four sub-processes. The first round process is depicted below −
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Byte Substitution (Sub Bytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.

Shift rows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −

 First row is not shifted.

 Second row is shifted one (byte) position to the left.

 Third row is shifted two positions to the left.

 Fourth row is shifted three positions to the left.

 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.

Mix Columns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the cipher text. Otherwise, the resulting
128 bits are interpreted as 16 bytes and we begin another similar round.

Decryption Process
The process of decryption of an AES cipher text is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms need to be separately implemented, although they are
very closely related.

LINEAR CRYPTANALYSIS

The paradigm of linear cryptanalysis was originally designed in 1993 as a theoretical

attack on DES. It is now used widely on block ciphers across the field of cryptanalysis and is an
effective starting point for developing more complex attacks.

Linear cryptanalysis posits a linear relationship between the elements (characters or

individual bits) of plaintext, the ciphertext, and the key. It therefore tries to find a linear
approximation to the action of a cipher, i.e. if "ciphertext = f(plaintext, key)", then we are trying
to find a linear approximation of f.

Any linear relation between the plaintext bits and ciphertext bits can be written as a
chain of exclusive-or operations of the following form:
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Where ⊕ denotes the binary operation XOR (exclusive-OR), Xi denotes the ith bit of
the input X = [X1, X2, …], Yj denotes the jth bit of the output Y = [Y1, Y2, …] and Kk
denotes the kth bit of the key K = [K1, K2, …]. The sum therefore denotes the XOR ‘sum’ of u
input and v output bits vs w private key bits.

DIFFERENTIAL CRYPTANALYSIS
Differential cryptanalysis preceded linear cryptanalysis having initially been designed in
1990 as an attack on DES. Differential cryptanalysis is similar to linear cryptanalysis;
differential cryptanalysis aims to map bitwise differences in inputs to differences in the output
in order to reverse engineer the action of the encryption algorithm. It is again aiming to
approximate the encryption algorithm looking to find a maximum likelihood estimator of the
true encryption action by altering plaintexts or (looking at different plaintexts) and analysing
the impact of changes to the plaintext to the resulting ciphertext. Differential cryptanalysis is
therefore a chosen plaintext attack.
The description of differential cryptanalysis is analogous to that of linear cryptanalysis
and is essentially the same as would be the case of applying linear cryptanalysis to input
differences rather than to input and output bits directly.

In cryptography, Linear cryptanalysis is a general form of cryptanalysis based on

finding affine approximations to the action of a cipher. Attacks have been developed for block
ciphers and stream ciphers. Linear cryptanalysis is one of the two most widely used attacks on
block ciphers; the other being differential cryptanalysis.

Whereas Differential cryptanalysis is a general form of cryptanalysis applicable

primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the
broadest sense, it is the study of how differences in information input can affect the resultant
difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing
differences through the network of transformation, discovering where the cipher exhibits non-
random behavior and exploiting such properties to recover the secret key (cryptography key)
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

LINEAR CRYPTANALYSIS DIFFERENTIAL CRYPTANALYSIS

Linear cryptanalysis Differential cryptanalysis is a method for

first defined by Matsui and Yamagishi breaking certain classes of cryptosystems is
in 1992. invented in 1990 by Israeli researchers Eli
Biham and Adi Shamir.
In linear cryptanalysis, the role of the
cryptanalyst is to identify the linear relation Differential cryptanalysis is available to obtain
between some bits of the plaintext, some bits clues about some bits of the key, thereby
of the ciphertext, and some bits of the shortening an exhaustive search
unknown key.
The cryptanalyst decrypts each ciphertext
Cryptanalyst studies changes to the intermediate
using all possible sub keys for one round of
ciphertext obtained between multiple rounds of
encryption and studies the resulting
encryption. The attacks can be combined, which
intermediate ciphertext to analyze the random
is called differential linear cryptanalysis.
result.
In linear cryptanalysis, the role of the
By analyzing the changes in some chosen
cryptanalyst is to identify the linear relation
plaintexts, and the difference in the outputs
between some bits of the plaintext, some bits
resulting from encrypting each one, it is
of the ciphertext, and some bits of the
possible to recover some of the keys.
unknown key
Linear cryptanalysis focus on statistical Differential analysis focuses on the statistical
analysis against one round of decrypted analysis of two inputs and two outputs of a
ciphertext cryptographic algorithm.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

UNIT- 3

PUBLIC-KEY CRYPTOGRAPHY AND RSA

The concept of public-key cryptography evolved from an attempt to attack two of the
most difficult problems associated with symmetric encryption. The first problem is that of key
distribution key distribution under symmetric encryption requires either (1) that two
communicants already share a key, which somehow has been distributed to them or (2) the use
of a key distribution center

The second problem that Diffie pondered, and one that was apparently unrelated to the
first was that of” digital signatures." If the use of cryptography was to become widespread, not
just in military situations but for commercial and private purposes, then electronic messages
and documents would need the equivalent of signatures used in paper documents. That is, could
a method be devised that would stipulate, to the satisfaction of all parties, that a digital message
had been sent by a particular person?
The process of encryption and decryption is depicted in the following illustration –
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

The most important properties of public key encryption scheme are −

 Different keys are used for encryption and decryption. This is a property which set this
scheme different than symmetric encryption scheme.

 Each receiver possesses a unique decryption key, generally referred to as his private
key.

 Receiver needs to publish an encryption key, referred to as his public key.

 Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public key belongs to a specific
person or entity only.

 Encryption algorithm is complex enough to prohibit attacker from deducing the

plaintext from the cipher text and the encryption (public) key.

 Though private and public keys are related mathematically, it is not be feasible to
calculate the private key from the public key. In fact, intelligent part of any public-key
cryptosystem is in designing a relationship between two keys.

Components of Public Key Encryption:

 Plain Text:
This is the message which is readable or understandable. This message is given to the
Encryption algorithm as an input.
 Cipher Text:
The cipher text is produced as an output of Encryption algorithm. We cannot simply
understand this message.
 Encryption Algorithm:
The encryption algorithm is used to convert plain text into cipher text.
 Decryption Algorithm:
It accepts the cipher text as input and the matching key (Private Key or Public key) and
produces the original plain text
 Public and Private Key:
One key either Private key (Secret key) or Public Key (known to everyone) is used for
encryption and other is used for decryption
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

CONVENTIONAL AND PUBLIC-KEY ENCRYPTION

Conventional Encryption
1. The same algorithm with the same key is used for encryption and decryption.
2. The sender and receiver must share the algorithm and the key.

Public-Key Encryption

1. One algorithm is used for encryption and decryption with a pair of keys, one for
encryption and one for decryption.
2. The sender and receiver must each have one of the matched pair of keys (not the same
one).

Applications for Public-Key Cryptosystems

Before proceeding, we need to clarify one aspect of public-key cryptosystems that is

otherwise likely to lead to confusion. Public-key systems are characterized by the use of a
cryptographic algorithm with two keys, one held private and one available publicly. Depending
on the application, the sender uses either the sender's private key or the receiver's public key, or
both, to perform some type of cryptographic function. In broad terms, we can classify the use of
public-key cryptosystems into three categories:

● Encryption/decryption: The sender encrypts a message with the recipient's public key.

● Digital signature: The sender "signs" a message with its private key. Signing is achieved by
a
cryptographic algorithm applied to the message or to a small block of data that is a function of
the message.

● Key exchange: Two sides cooperate to exchange a session key. Several different approaches
are possible, involving the private key(s) of one or both parties.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Public-Key Cryptanalysis
As with symmetric encryption, a public-key encryption scheme is vulnerable to a brute-
force attack. The countermeasure is the same: Use large keys. However, there is a tradeoff to be
considered. Public-key systems depend on the use of some sort of invertible mathematical
function. The complexity of calculating these functions may not scale linearly with the number
of bits in the key but grow more rapidly than that. Thus, the key size must be large enough to
make brute-force attack impractical but small enough for practical encryption and decryption.
In practice, the key sizes that have been proposed do make brute-force attack impractical but
result in encryption/decryption speeds that are too slow for general-purpose use. Instead, as was
mentioned earlier, public-key encryption is currently confined to key management and
signature applications.

RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed cryptosystem
even today. The system was invented by three scholars Ron Rivest, Adi Shamir, and Len
Adleman and hence, it is termed as RSA cryptosystem.

We will see two aspects of the RSA cryptosystem, firstly generation of key pair and
secondly encryption-decryption algorithms.

Generation of RSA Key Pair

Each person or a party who desires to participate in communication using encryption needs
to generate a pair of keys, namely public key and private key. The process followed in the
generation of keys is described below −

 Generate the RSA modulus (n)

o Select two large primes, p and q.

o Calculate n=p*q. For strong unbreakable encryption, let n be a large number,

typically a minimum of 512 bits.

 Find Derived Number (e)

o Number e must be greater than 1 and less than (p − 1) (q − 1).

o There must be no common factor for e and (p − 1) (q − 1) except for 1. In other

words two numbers e and (p – 1) (q – 1) are coprime.

 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

 Form the public key

o The pair of numbers (n, e) form the RSA public key and is made public.

o Interestingly, though n is part of the public key, difficulty in factorizing a large

prime number ensures that attacker cannot find in finite time the two primes (p
& q) used to obtain n. This is strength of RSA.

 Generate the private key

o Private Key d is calculated from p, q, and e. For given n and e, there is unique

number d.

o Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the

number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1

modulo (p - 1)(q - 1).

o This relationship is written mathematically as follows −

ed = 1 mod (p − 1)(q − 1)

ALGORITHM

Step 1:- Choose 2 different Prime Numbers (p,q)

Step 2: Calculate Modulus of n

|n| = p*q

Step 3: Calculate Totient Function f (n) = (p-1) (q-1)

Step 4: Select a random number ‘e’

* 1 < e < f (n)
* GCD (e, f (n)) = 1

e - Public key

Step 5: Calculate Private Key’d’

d = 1 + k.f (n)
e
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Encryption and Decryption

Once the key pair has been generated, the process of encryption and decryption are relatively
straight forward and computationally easy.

Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key
encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext
as a series of numbers less than n.

RSA Encryption
 Suppose the sender wish to send some text message to someone whose public key is (n,
e).
 The sender then represents the plaintext as a series of numbers less than n.
 To encrypt the first plaintext P, which is a number modulo n. The encryption process is
simple mathematical step as −

C = Pe mod n
 In other words, the cipher text C is equal to the plaintext P multiplied by itself e times
and then reduced modulo n. This means that C is also a number less than n.

RSA Decryption
 The decryption process for RSA is also very straightforward. Suppose that the receiver
of public-key pair (n, e) has received a cipher text C.

 Receiver raises C to the power of his private key d. The result modulo n will be the
plaintext P.

Plaintext = Cd mod n

Encryption: Message that I want to send

Cipher Text C = Me mod n

Decryption: - Plain Text M = Cd mod n

Example:
Step 1: p = 3 q = 5

Step 2: n = p*q -
3 * 5 = 15
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Step 3: f (n) = (p-1) (q-1)

(2)(4) = 8

Step 4: e = 7
1<7<8
GCD (e, f(n) ) = 1
(7, 8) = 1
Public Key = 7

Step 5: d = 1 + k.f (n)

e
1 + 6.8/7
1 + 48/7 = 49/7 = 7
K= 6

Private Key = 7

Encryption: M = 2

C = Me mod n

C = 27 mod 15

C = 128 mod 15

C=8

Decryption:

M = Cd mod n
87 mod 15
2097152 mod 15
M=2
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Security of RSA: -
1. Plain text attacks:
It is classified into 3 subcategories:-
 Short message attack:
In this we assume that attacker knows some blocks of plain text and tries to decode
cipher text with the help of that. So, to prevent this pad the plain text before encrypting.
 Cycling attack:
In this attacker will think that plain text is converted into cipher text using permutation
and he will apply right for conversion. But attacker does not right plain text. Hence will
keep doing it.
 Unconcealed Message attack:
Sometimes happened that plain text is same as cipher text after encryption. So it must be
checked it cannot be attacked.

2. Chosen cipher attack:

In this attacker is able to find out plain text based on cipher text using the Extended
Euclidean Algorithm.

3. Factorisation attack:
If attacker will able to know P and Q using N, then he could find out value of private key.
This can be failed when N contains atleast 300 longer digits in decimal terms, attacker will
not able to find. Hence it fails.

4. Attacks on Encryption key:

If we take smaller value of E in RSA this may occur so to avoid this take value of E =
2^16+1 (atleast).

5. Attacks on Decryption key:

 Revealed decryption exponent attack:
If attacker somehow guess decryption key D, not only the cipher text generated by
encryption the plain text with corresponding encryption key is in danger, but even future
messages are also in danger. So, it is advised to take fresh values of two prime numbers
(i.e; P and Q), N and E.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

 Low decryption exponent attack:

If we take smaller value of D in RSA this may occur so to avoid this take value of D =
2^16+1(atleast).

Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and
Neil Koblitz (University of Washington) as an alternative mechanism for implementing public-
key cryptography.
Assume that those who are going through this article will have a basic understanding
of cryptography ( terms like encryption and decryption ) .
The equation of an elliptic curve is given as,

Few terms that will be used,

E -> Elliptic Curve

P -> Point on the curve
n -> Maximum limit ( This should be a prime number )

Simple Elliptic Curve.

Key Generation
Key generation is an important part where we have to generate both public key and
private key. The sender will be encrypting the message with receiver’s public key and the
receiver will decrypt its private key.

Now, we have to select a number‘d’ within the range of ‘n’.

Using the following equation we can generate the public key
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Q=d*P
d = The random number that we have selected within the range of ( 1 to n-1 ). P is the point on
the curve.
‘Q’ is the public key and‘d’ is the private key.
Encryption
Let ‘m’ be the message that we are sending. We have to represent this message on the
curve. This have in-depth implementation details. All the advance research on ECC is done by a
company called certicom
Consider ‘m’ has the point ‘M’ on the curve ‘E’. Randomly select ‘k’ from [1 – (n-1)].
Two cipher texts will be generated let it be C1 and C2.
C1 = k*P
C2 = M + k*Q
C1 and C2 will be send.

Decryption

We have to get back the message ‘m’ that was send to us,

M = C2 – d * C1
M is the original message that we have send.

Proof
How does we get back the message?

M = C2 – d * C1

‘M’ can be represented as ‘C2 – d * C1’

C2 – d * C1 = (M + k * Q) – d * ( k * P ) ( C2 = M + k * Q and C1 = k * P )

= M + k * d * P – d * k *P ( canceling out k * d * P )

= M (Original Message)

Diffie Hellman Key Exchange-

 This algorithm is used to exchange the secret key between the sender and the receiver.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

 This algorithm facilitates the exchange of secret key without actually transmitting it.

1. Global Public Elements

q: q is a prime number
a: a < q and α is the primitive root of q

2. Key generation for user A

Select a Private Key X A Here, XA <q
Now, Calculation of Public key Y A YA = aXA mod q

3. Key generation for user B

Select a Private Key X B Here, XB <q
Now, Calculation of Public key Y B YB = aXb mod q

4. Calculation of Secret Key by A

Key = (YB) XA mod q

5. Calculation of Secret Key by B

Key = (YA) XB mod q

Example:
q = 11 , a=2 , XA =11 , XB =8

YA = aXA mod q YB = aXb mod q

26 mod 11 28 mod 11
64 mod 11 256 mod 11

= 9 = 3
YA YB

Key = (YB) XA mod q Key = (YA) XB mod q

 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

(3)6 mod 11 (9) 8 mod 11

729 mod 11 256 mod 11

3 3

Advantages of the Diffie Hellman Algorithm

 The sender and receiver don’t need any prior knowledge of each other.
 Once the keys are exchanged, the communication of data can be done through an
insecure channel.
 The sharing of the secret key is safe.
Disadvantages of the Diffie Hellman Algorithm
 The algorithm cannot be sued for any asymmetric key exchange.
 Similarly, it cannot be used for signing digital signatures.
 Since it doesn’t authenticate any party in the transmission, the Diffie Hellman key
exchange is susceptible to a man-in-the-middle attack.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

UNIT- 4

MESSAGE AUTHENTICATION AND HASH FUNCTIONS

AUTHENTICATION REQUIREMENTS

In the context of communications across a network, the following attacks can be identified:

1. Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.

2. Traffic analysis: Discovery of the pattern of traffic between parties. In a connection oriented
application, the frequency and duration of connections could be determined. In either a
connection-oriented or connectionless environment, the number and length of messages
between parties could be determined.

3. Masquerade: Insertion of messages into the network from a fraudulent source. This includes
the creation of messages by an opponent that are purported to come from an authorized entity.
Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone
other than the message recipient.

4. Content Modification: Changes to the contents of a message, including insertion, deletion,

transposition, or modification.

5. Sequence modification: Any modification to a sequence of messages between parties,

including insertion, deletion, and reordering.

6. Timing modification: Delay or replay of messages. In a connection-orientated application,

an entire session or sequence of messages could be a replay of some previous valid session, or
individual messages in the sequence could be delayed or replayed.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

7. Repudiation: Denial of receipt of message by destination or denial of transmission of

message by source.

AUTHENTICATION FUNCTIONS

Any message authentication or digital signature mechanism has two levels of

functionality. At the lower level, there must be some sort of function that produces an
authenticator: a value to be used to authenticate a message. This lower-level function is then
used as a primitive in a higher-level authentication protocol that enables a receiver to verify the
authenticity of a message.

Following functions can be used to produce an authenticator:-

Message encryption: The cipher text of the entire message serves as its authenticator.

Message authentication code (MAC): A function of the message and a secret key that
produces a fixed-length value that serves as the authenticator.

Hash function: A function that maps a message of any length into a fixed-length hash value,
which serves as the authenticator.

MESSAGE AUTHENTICATION CODE (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide message authentication.

For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent
along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Let us now try to understand the entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the
secret key K and produces a MAC value.

 Similar to hash, MAC function also compresses an arbitrary long input into a fixed
length output. The major difference between hash and MAC is that MAC uses secret
key during the compression.

 The sender forwards the message along with the MAC. Here, we assume that the
message is sent in the clear, as we are concerned of providing message origin
authentication, not confidentiality. If confidentiality is required then the message needs
encryption.

 On receipt of the message and the MAC, the receiver feeds the received message and
the shared secret key K into the MAC algorithm and re-computes the MAC value.

 The receiver now checks equality of freshly computed MAC with the MAC received
from the sender. If they match, then the receiver accepts the message and assures
himself that the message has been sent by the intended sender.

 If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the
genuine.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

HASH FUNCTIONS

Hash functions are extremely useful and appear in almost all information security applications.

A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.

Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −

Features of Hash Functions

The typical features of hash functions are −

 Fixed Length Output (Hash Value)

o Hash function coverts data of arbitrary length to a fixed length. This process is
often referred to as hashing the data.

o In general, the hash is much smaller than the input data, hence hash functions are
sometimes called compression functions.

o Since a hash is a smaller representation of a larger data, it is also referred to as

a digest.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

o Hash function with n bit output is referred to as an n-bit hash function. Popular
hash functions generate values between 160 and 512 bits.

 Efficiency of Operation

o Generally for any hash function h with input x, computation of h(x) is a fast
operation.

o Computationally hash functions are much faster than a symmetric encryption.

Properties of Hash Functions

In order to be an effective cryptographic tool, the hash function is desired to possess following
properties −

 Pre-Image Resistance

o This property means that it should be computationally hard to reverse a hash

function.

o In other words, if a hash function h produced a hash value z, then it should be a

difficult process to find any input value x that hashes to z.

o This property protects against an attacker who only has a hash value and is
trying to find the input.

 Second Pre-Image Resistance

o This property means given an input and its hash, it should be hard to find a
different input with the same hash.

o In other words, if a hash function h for an input x produces hash value h(x), then
it should be difficult to find any other input value y such that h(y) = h(x).

o This property of hash function protects against an attacker who has an input
value and its hash, and wants to substitute different value as legitimate value in
place of original input value.

 Collision Resistance

o This property means it should be hard to find two different inputs of any length
that result in the same hash. This property is also referred to as collision free
hash function.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

o In other words, for a hash function h, it is hard to find any two different inputs x
and y such that h(x) = h(y).

o Since, hash function is compressing function with fixed hash length, it is

impossible for a hash function not to have collisions. This property of collision
free only confirms that these collisions should be hard to find.

o This property makes it very difficult for an attacker to find two input values with
the same hash.

o Also, if a hash function is collision-resistant then it is second pre-image

resistant.

Design of Hashing Algorithms

At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of
data to create a hash code. This hash function forms the part of the hashing algorithm.

The size of each data block varies depending on the algorithm. Typically the block sizes are
from 128 bits to 512 bits. The following illustration demonstrates hash function −

Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes
an input of a fixed size, typically a combination of the most recent message block and the
output of the last round.

This process is repeated for as many rounds as are required to hash the entire message.
Schematic of hashing algorithm is depicted in the following illustration −
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Since, the hash value of first message block becomes an input to the second hash operation,
output of which alters the result of the third operation, and so on. This effect, known as
an avalanche effect of hashing.

Avalanche effect results in substantially different hash values for two messages that differ by
even a single bit of data.

Understand the difference between hash function and algorithm correctly. The hash function
generates a hash code by operating on two blocks of fixed-length binary data.

Hashing algorithm is a process for using the hash function, specifying how the message will be
broken up and how the results from previous message blocks are chained together.

SECURITY OF HASH FUNCTIONS AND MACS

Security of Hash Functions and Macs Just as with symmetric and public-key encryption, we can
group attacks on hash functions and MACs into two categories: brute-force attacks and
cryptanalysis.

Brute-Force Attacks The nature of brute-force attacks differs somewhat for hash functions and
MACs. Hash Functions the strength of a hash function against brute-force attacks depends
solely on the length of the hash code produced by the algorithm. Recall from our discussion of
hash functions that there are three desirable properties:

● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h.

● Weak collision resistance: For any given block x, it is computationally infeasible to find y x
with H(y) = H(x).
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H
(x) = H(y). For a hash code of length n, the level of effort required, as we have seen is
proportional to the following

If strong collision resistance is required (and this is desirable for a general-purpose

secure hash code), then the value 2n/2 determines the strength of the hash code against brute-
force attacks. Oorschot and Wiener [VANO94] presented a design for a $10 million collision
search machine for MD5, which has a 128-bit hash length, that could find a collision in 24 days.
Thus a 128-bit code may be viewed as inadequate. The next step up, if a hash code is treated as
a sequence of 32 bits, is a 160-bit hash length. With a hash length of 160 bits, the same search
machine would require over four thousand years to find a collision. However, even 160 bits is
now considered weak.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

DIGITAL SIGNATURES

A digital signature is an authentication mechanism that enables the creator of a message to

attach a code that acts as a signature.

The signature is formed by taking the hash of the message and encrypting the message with the
creator's private key. The signature guarantees the source and integrity of the message.

Mutual authentication protocols enable communicating parties to satisfy themselves mutually

about each other's identity and to exchange session keys.

In one-way authentication, the recipient wants some assurance that a message is from the
alleged sender.

The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm
(SHA).

A variety of approaches has been proposed for the digital signature function. These approaches
fall into two categories: direct and arbitrated.

Direct Digital Signature

The direct digital signature involves only the communicating parties (source, destination). It is
assumed that the destination knows the public key of the source. A digital signature may be
formed by encrypting the entire message with the sender's private key or by encrypting a hash
code of the message with the sender's private key.

Confidentiality can be provided by further encrypting the entire message plus signature with
either the receiver's public key (public-key encryption) or a shared secret key (symmetric
encryption); for example, see Fig d and note that it is important to perform the signature
function first and then an outer confidentiality function. In case of dispute, some third party
must view the message and its signature. If the signature is calculated on an encrypted message,
then the third party also needs access to the decryption key to read the original message.
However, if the signature is the inner operation, then the recipient can store the plaintext
message and its signature for later use in dispute resolution.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

The validity of the scheme depends on the security of the sender's private key. If a sender later
wishes to deny sending a particular message, the sender can claim that the private key was lost
or stolen and that someone else forged his or her signature.

Administrative controls relating to the security of private keys can be employed to thwart or at
least weaken this ploy, but the threat is still there, at least to some degree. One example is to
require every signed message to include a timestamp (date and time) and to require prompt
reporting of compromised keys to a central authority.

Another threat is that some private key might actually be stolen from X at time T. The opponent
can then send a message signed with X's signature and stamped with a time before or equal to
T.

Arbitrated Digital Signature

The problems associated with direct digital signatures can be addressed by using an arbiter. As
with direct signature schemes; there is a variety of arbitrated signature schemes. In general
terms, they all operate as follows.

Every signed message from a sender X to a receiver Y goes first to an arbiter A, who subjects
the message and its signature to a number of tests to check its origin and content. The message
is then dated and sent to Y with an indication that it has been verified to the satisfaction of the
arbiter. The presence of A solves the problem faced by direct signature schemes: that X might
disown the message.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

The arbiter plays a sensitive and crucial role in this sort of scheme, and all parties must
have a great deal of trust that the arbitration mechanism is working properly. In the first,
symmetric encryption is used.

It is assumed that the sender X and the arbiter A share a secret key K xaand that A and Y
share secret key Kay. X constructs a message M and computes its hash value H(M). Then X
transmits the message plus a signature to A. The signature consists of an identifier IDX of X
plus the hash value, all encrypted using Kxa. A decrypts the signature and checks the hash value
to validate the message. Then A transmits a message to Y, encrypted with Kay. The message
includes IDX, the original message from X, the signature, and a timestamp. Y can decrypt this
to recover the message and the signature. The timestamp informs Y that this message is timely
and not a replay. Y can store M and the signature. In case of dispute, Y, who claims to have
received M from X, sends the following message to A:

E (Kay, [IDX||M||E (Kxa, [IDX||H (M)])])

KERBEROS

Kerberos is an authentication service developed as part of Project Athena at MIT. The

problem that Kerberos addresses is this: Assume an open distributed environment in which
users at workstations wish to access services on servers distributed throughout the network. We
would like for servers to be able to restrict access to authorized users and to be able to
authenticate requests for service. In this environment, a workstation cannot be trusted to
identify its users correctly to network services. In particular, the following three threats exist:

 A user may gain access to a particular workstation and pretend to be another user
operating from that workstation.

 A user may alter the network address of a workstation so that the requests sent from the
altered workstation appear to come from the impersonated workstation.

 A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server
or to disrupt operations.

In any of these cases, an unauthorized user may be able to gain access to services and data that
he or she is not authorized to access. Rather than building in elaborate authentication protocols
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

at each server, Kerberos provides a centralized authentication server whose function is to

authenticate users to servers and servers to users.

Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption.

Two versions of Kerberos are in common use.

Version 4 [MILL88, STEI88] implementations still exist. Version 5 [KOHL94] corrects some
of the security deficiencies of version 4 and has been issued as a proposed Internet Standard
(RFC 1510).

The main components of Kerberos are:

 Authentication Server (AS):

The Authentication Server performs the initial authentication and ticket for Ticket
Granting Service.

 Database:
The Authentication Server verifies access rights of users in database.

 Ticket Granting Server (TGS):

The Ticket Granting Server issues the ticket for the Server
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Kerberos Overview:

 Step-1:
User logon and request services on host. Thus user request for ticket-granting-service.

 Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using Password of user.

 Step-3:
Decryption of message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contain authenticators like user name and network address.

 Step-4:
Ticket Granting Server decrypts the ticket send by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.

 Step-5:
User send the Ticket and Authenticator to the Server.

 Step-6:
Server verifies the Ticket and authenticators then generate the access to the service.
After this User can access the services.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

X.509 AUTHENTICATION SERVICE

X.509 uses the public-key cryptography and digital signatures. It does not dictate the use
of a specific algorithm but recommends RSA. The digital signature scheme is assumed to
require the use of a hash function. Again, the standard does not dictate a specific hash
algorithm.

Certificates

The key of X.509 scheme is the public-key certificate associated with each user. These
user certificates are assumed to be created by some trusted certification authority (CA) and
placed in the directory by the CA or by the user. The directory server itself is not responsible
for the creation of public keys or for the certification function.

The general format of a certificate, which includes the following elements:

 Version: Differentiates among successive versions of the certificate format; the default
is version 1. If the Issuer Unique Identifier or Subject Unique Identifier are present, the
value must be version 2. If one or more extensions are present, the version must be
version 3.

 Serial number: An integer value, unique within the issuing CA that is unambiguously
associated with this certificate.

 Signature algorithm identifier: The algorithm used to sign the certificate, together
with any associated parameters. Because this information is repeated in the Signature
field at the end of the certificate, this field has little, if any, utility.

 Issuer name: X.500 name of the CA that created and signed this certificate.

 Period of validity: Consists of two dates: the first and last on which the certificate is
valid.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

 Subject name: The name of the user to whom this certificate refers. That is, this
certificate certifies the public key of the subject who holds the corresponding private
key.

 Subject's public-key information: The public key of the subject, plus an identifier of
the algorithm for which this key is to be used, together with any associated parameters.

 Issuer unique identifier: An optional bit string field used to identify uniquely the
issuing CA in the event the X.500 name has been reused for different entities.

 Subject unique identifier: An optional bit string field used to identify uniquely the
subject in the event the X.500 name has been reused for different entities.

 Extensions: A set of one or more extension fields. Extensions were added in version 3
and are discussed later in this section.

 Signature: Covers all of the other fields of the certificate; it contains the hash code of
the other fields, encrypted with the CA's private key. This field includes the signature
algorithm identifier.

The unique identifier fields were added in version 2 to handle the possible reuse of subject
and/or issuer names over time. These fields are rarely used.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

PUBLIC-KEY INFRASTRUCTURE (PKI)

RFC 2822 (Internet Security Glossary) defines public-key infrastructure (PKI) as the set
of hardware, software, people, policies, and procedures needed to create, manage, store,
distribute, and revoke digital certificates based on asymmetric cryptography. The principal
objective for developing a PKI is to enable secure, convenient, and efficient acquisition of
public keys. The Internet Engineering Task Force (IETF) Public Key Infrastructure X.509
(PKIX) working group has been the driving force behind setting up a formal (and generic)
model based on X.509 that is suitable for deploying a certificate-based architecture on the
Internet.

PKIX model contains these elements

End entity: A generic term used to denote end users, devices (e.g., servers, routers), or any
other entity that can be identified in the subject field of a public key certificate. End entities
typically consume and/or support PKI-related services.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Certification authority (CA): The issuer of certificates and (usually) certificate revocation
lists (CRLs). It may also support a variety of administrative functions, although these are often
delegated to one or more Registration Authorities.

Registration authority (RA): An optional component that can assume a number of

administrative functions from the CA. The RA is often associated with the End Entity
registration process, but can assist in a number of other areas as well.

CRL issuer: An optional component that a CA can delegate to publish CRLs.

Repository: A generic term used to denote any method for storing certificates and CRLs so that
they can be retrieved by End Entities.

PKIX Architectural Model

PKIX Management Functions PKIX identifies a number of management functions that

potentially need to be supported by management protocols
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

Registration: This is the process whereby a user first makes itself known to a CA (directly, or
through an RA), prior to that CA issuing a certificate or certificates for that user. Registration
begins the process of enrolling in a PKI. Registration usually involves some offline or online
procedure for mutual authentication. Typically, the end entity is issued one or more shared
secret keys used for subsequent authentication.

Initialization: Before a client system can operate securely, it is necessary to install key
materials that have the appropriate relationship with keys stored elsewhere in the infrastructure.
For example, the client needs to be securely initialized with the public key and other assured
information of the trusted CA(s), to be used in validating certificate paths.

Certification: This is the process in which a CA issues a certificate for a user's public key, and
returns that certificate to the user's client system and/or posts that certificate in a repository.

Key pair recovery: Key pairs can be used to support digital signature creation and
verification, encryption and decryption, or both. When a key pair is used for
encryption/decryption, it is file:///D|/1/0131873164/ch14lev1sec3.html (2 von 3) [14.10.2007
09:41:37] Section 14.3. Public-Key Infrastructure important to provide a mechanism to recover
the necessary decryption keys when normal access to the keying material is no longer possible,
otherwise it will not be possible to recover the encrypted data. Loss of access to the decryption
key can result from forgotten passwords/PINs, corrupted disk drives, damage to hardware
tokens, and so on. Key pair recovery allows end entities to restore their encryption/decryption
key pair from an authorized key backup facility (typically, the CA that issued the End Entity's
certificate).

Key pair update: All key pairs need to be updated regularly (i.e., replaced with a new key pair)
and new certificates issued. Update is required when the certificate lifetime expires and as a
result of certificate revocation.

Revocation request: An authorized person advises a CA of an abnormal situation requiring

certificate revocation. Reasons for revocation include private key compromise, change in
affiliation, and name change.

Cross certification: Two CAs exchange information used in establishing a cross-certificate. A

cross-certificate is a certificate issued by one CA to another CA that contains a CA signature
key used for issuing certificates.
 MASTERJI DEGREE & PG COLLEGE
B.C.A V SEM - CRYPTOGRAPHY & NETWORK SECURITY

PKIX MANAGEMENT PROTOCOLS

The PKIX working group has defines two alternative management protocols between
PKIX entities that support the management functions listed in the preceding subsection. RFC
2510 defines the certificate management protocols (CMP). Within CMP, each of the
management functions is explicitly identified by specific protocol exchanges. CMP is designed
to be a flexible protocol able to accommodate a variety of technical, operational, and business
models.

RFC 2797 defines certificate management messages over CMS (CMC), where CMS
refers to RFC 2630, and cryptographic message syntax. CMC is built on earlier work and is
intended to leverage existing implementations. Although all of the PKIX functions are
supported, the functions do not all map into specific protocol exchanges.