Explain the OSI Security Architecture with neat diagram.

OSI security architecture

 To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the approaches
to satisfying those requirements.
 This is difficult enough in a centralized data processing environment; with the use of local
and wide area networks, the problems are compounded.
 The OSI security architecture is useful to managers as a way of organizing the task of
providing security.
 Furthermore, because this architecture was developed as an international standard,
computer and communications vendors have developed security features for their products
and services that relate to this structured definition of services and mechanisms.
 For our purposes, the OSI security architecture provides a useful, if abstract, overview of
many of the concepts that this book deals with. The OSI security architecture focuses on
security attacks, mechanisms, and services.
 Security attack: Any action that compromises the security of information owned by an
organization. A passive attack attempts to learn or make use of information from the system
but does not affect system resources. An active attack attempts to alter system resources or
affect their operation.
 Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
 Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms
to provide the service.
 These services are also divided in five categories.
 Authentication
 Access Control
 Data Confidentiality
 Data Integrity
 Nonrepudiation
Describe the various security mechanisms

Illustrate monoalphabetic cipher. Explain how it differs from Caeser Cipher.

Monoalphabetic cipher in which all the letters of the plain text get mapped into the cipher text
letters, on the basis of one alphabetic key.
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key
space can be achieved by allowing an arbitrary substitution. If the cryptanalyst knows the nature
of the plaintext (e.g., non compressed English text), then the analyst can exploit the regularities of
the language. As a first step, the relative frequency of the letters can be determined and compared
to a standard frequency distribution for English.
The ciphertext to be solved is
UzqSovUoHxmoPvgPozPevSgzWSzoPfPeSxUDBmeTSxaIz
vUePHzHmDzSHzoWSfPaPPDTSvPqUzWymxUzUHSx
ePyePoPDzSzUfPomBzWPfUPzHmDJUDTmoHmq
Comparing this above breakdown it seems likely that cipher letters P and Z are the equivalents of
plain letters e and t, but it is not certain which is which. The letters S, U, O, M, and H are all of
relatively high frequency and probably correspond to plain letters from the set {a, h, i, n, o, r, s}.
The letters with the lowest frequencies (namely, A, B, G, Y, I, J) are likely included in the set {b,
j, k, q, v, x, z}.

Only four letters have been identified, but already we have quite a bit of the message. Continued
analysis of frequencies plus trial and error should easily yield a solution from this point. The
complete plaintext, with spaces added between words, follows:

Illustrate in detail about Block Cipher modes of operations with suitable diagrams.
BLOCK CIPHER MODES OF OPERATION
 Block Cipher is the basic building block to provide data security.
 To apply the block cipher to various applications, NIST has proposed 4 modes of operation.
The block cipher is used to enhance the security of the encryption algorithm.
MODE 1: Electronic Code Book
 The simplest mode is the electronic codebook (ECB) mode shown in figure5.6.Here
plaintext is handled one block at a time and each block of plaintext is encrypted using the
same key.
 The term codebook is used because, for a given key, there is a unique cipher text for every
b-bit block of plaintext.
 When the message longer than b bits, to break the message into b-bit blocks .For the last
block when the no of bits is less than b, padding the last block if necessary.
 Decryption is performed one block at a time, always using the same key.

Uses: The ECB method is ideal for a short amount of data, such as an encryption key.
 Disadvantage:

 When ‘b’ -bit block of plaintext appears more than once in the message, it always produces
the same cipher text output.
 For lengthy messages, the ECB mode may not be secure. If the message is highly
structured, it may be possible for a cryptanalyst to exploit these regularities.
 If the message has repetitive elements with a period of repetition a multiple of b bits, then
these elements can be identified by the analyst.
 This may help in the analysis or may provide an opportunity for substituting or rearranging
blocks.

MODE 2: Cipher Block Chaining Mode

This method is to overcome the disadvantage of ECB (i.e) when the PT block is repeated
CBC produces different cipher text blocks
The input to the encryption function for each plaintext block bears no fixed relationship to
the plaintext block. Therefore, repeating patterns of b bits are not exposed.
For decryption, each cipher block is passed through the decryption algorithm. The result is
XORed with the preceding cipher text block to produce the plain text block are shown in figure
2.8.
Then

To produce the first block of cipher text, an initialization vector (IV) is XORed with the
first block of plaintext.
On decryption, the IV is XORed with the output of the decryption algorithm to recover the
first block of plaintext.
Size of IV = Size of data Blocks
We can define CBC mode as

For maximum security, the IV should be protected against unauthorized changes. This
could be done by sending the IV using ECB encryption.
MODE 3: Cipher Feedback Mode:
We know that the DES is a block cipher.it is possible to convert block cipher into stream Cipher
using CFB mode
The advantages of CFB is that
 Eliminates the need to pad a message
 It also can operate in real time
 The length of the CT =Length of PT
 Figure 2.9 depicts the CFB scheme. In the figure, it is assumed that the unit oftransmission
is s bits; a common value is s = 8.
The units of plaintextare chained together; to get the cipher text is a function of all
preceding plaintext. Here the plaintext isdivided into segments of s bits.
Encryption:
The input to the encryption function is a b-bit shiftregister that is initially set to some
initialization vector (IV).
The leftmost (mostsignificant) s bits of the output of the encryption function are XORed
with thefirst segment of plaintext P1 to produce the first unit of cipher text C1.
The contents of the shift register are shifted left by s bits,and C1 is placed in the rightmost
(least significant) s bits of the shift register.
Thisprocess continues until all plaintext units have been encrypted.
Decryption:
The same scheme is used, except that the received cipher textunit is XORed with the output
of the encryption function to produce the plaintextunit.
Let MSBs(X) be defined as the most significant s bitsof X. Then

Therefore, by rearranging terms:

The same reasoning holds for subsequent steps in the process.

 Fig 2.8 S-bit Cipher Feedback (CFB)mode
We can define CFB mode as follows

Output Feedback Mode

The output feedback (OFB) mode is similar in structure to that of CFB.
The output of the encryption function is fed back to become the input for encrypting the
next block of plaintext as shown in figure 5.10.
Comparison between OFB and CFB
In CFB, the output of the XOR unit is fed back to become input for encrypting the next
block.
The other difference is that the OFB mode operates on full blocks of plaintext and cipher
text, whereas CFB operates on an s-bit subset.
OFB encryption can be expressed as

Where

we can rewrite the encryption expression as:

By rearranging terms, we can demonstrate that decryption works.

We can define OFB mode as follows.

Let the size of a block be b. If the last block of plaintext contains u bits (indicated by *), with
u<b, the most significant u bits of the last output block ON are used for the XOR operation
The remaining b - u bits of the last output block are discarded.

Fig 2.9 Output Feedback Mode

Advantage:
Bit errors in transmission do not propagate (i.e.) when bit errors occurs in Ci, Pi is alone
affected
Disadvantage:
Vulnerable to message stream modification attack
Counter Mode
The counter (CTR) mode has increased recently with applications to ATM (asynchronous
transfer mode) network security and IP sec (IP security).
A counter equal to the plaintext block size is used. The counter value must be different for
each plaintext block as shown in figure 2.10.
The counter is initialized to some value and then incremented by 1 for each subsequent
block (modulo 2b, where b is the block size). For encryption, the counter is encrypted and then
XORed with the plaintext block to produce the cipher text block.
For decryption, the same sequence of counter values is used, with each encrypted counter
XORed with a cipher text block to recover the corresponding plain text block.
Advantage:
1. Hardware efficiency
 CTR can be done in parallel
2. Software efficiency
 CTR supports parallel feature pipelining
3. Preprocessing
4. Simplicity

Fig 2.10 Counter Mode

Illustrate with sample data set the four transformations in AES.
AES Transformation Functions
Four transformations used in AES. For each stage, we describe the forward (encryption) algorithm,
the inverse (decryption)algorithm, and the rationale for the stage.

Substitute Bytes Transformation

Forward and Inverse Transformations:

The forward substitute byte transformation, called Sub Bytes, is a simple table lookup.
AES defines a 16 * 16 matrix of byte values, called an S-box , that contains a permutation of all
possible 256 8-bit values.
Each individual byte of State is mapped into a new byte in the following way: The leftmost
4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These
row and column values serve as indexes into the S-box to select a unique8-bit output value as
shown in figure 2.17.
For example, the hexadecimal value {95} references row 9,column 5 of the S-box, which
contains the value {2A}. Accordingly, the value {95}is mapped into the value {2A}.

Here is an example of the SubBytes transformation:

The S-box is constructed in the following fashion.

1. Initialize the S-box with the byte values in ascending sequence row by row. The first row
contains {00}, {01}, {02}, c, {0F}; the second row contains {10}, {11}, etc.; and so on. Thus, the
value of the byte at row y, column x is {yx}.
2. Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the value
{00} is mapped to itself.
3. Consider that each byte in the S-box consists of 8 bits labeled (b7, b6, b5, b4, b3, b2, b1, b0).
Apply the following transformation to each bit of each byte in the S-box:

Where ci is the ith bit of byte c with the value {63}; that is, (c7c6c5c4c3c2c1c0) = (01100011). The
prime ( ‘) indicates that the variable is to be updated by the value on the right.

The AES standard depicts this transformation in matrix form as follows.

 In ordinary matrix multiplication, each element in the product matrix is the sum of products
of the elements of one row and one column. Each element in the product matrix is the
bitwise XOR of products of elements of one row and one column.
 As an example, consider the input value {95}. The multiplicative inverse in GF(28) is {95}-
1
= {8A}, which is 10001010 in binary. Using above Equation
The result is {2A}, which should appear in row {09} column {05} of the S-box.

Shift Rows Transformation

Forward and Inverse Shift Rows Transformations:

The forward shift row transformation, called Shift Rows, is depicted in Figure 2.18a.
The first row of State is not altered. For the second row, a 1-byte circular left shift is performed.
For the third row, a 2-bytecircular left shift is performed. For the fourth row, a 3-byte circular left
shift is performed. The following is an example of Shift Rows

Fig 2.18 Forward Shift Row Transformation

The inverse shift row transformation, called InvShiftRows, performs the circular shifts
in the opposite direction for each of the last three rows, with a 1-bytecircular right shift for the
second row, and as shown in figure 2.19.

Mix Columns Transformation

Forward and Inverse Transformations: The forward mix column transformation,

called MixColumns, operates on each column individually. Each byte of a column is mapped into
a new value that is a function of all four bytes in that column. The transformation can be defined
by the following matrix multiplication on State
 Each element in the product matrix is the sum of products of elements of one row and one
column. In this case, the individual additions and multiplications are performed in GF(28). The
MixColumns transformation on a single column of State can be expressed as

The following is an example of MixColumns:

AddRoundKey Transformation

Forward and Inverse Transformations

In the forward add round key transformation, called AddRoundKey, the 128 bits of State are
bitwise XORed with the 128bits of the round key.
The operation is viewed as a column wise operation between the 4 bytes of a State column and
one word of the round key; it can also be viewed as a byte-level operation.
The following is an example of AddRoundKey:

The first matrix is State, and the second matrix is the round key.

Illustrate DES algorithm with sample data set.

DES Encryption
The overall scheme for DES encryption is illustrated in the Figure 2.1. There are two inputs
to the encryption function: the plaintext to be encrypted and the key. The plaintext must be 64
bits in length and the key is 56 bits in length.
General Depiction of DES Encryption Algorithm

Phase 1

Looking at the left-hand side of the figure, we can see that the processing of the plaintext
proceeds in three phases.
 First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits
to produce the permuted input.

Phase 2:
This is followed by a phase consisting of 16 rounds of the same function, which involves
both permutation and substitution functions.
The output of the last (sixteenth) round consists of 64 bits that are a function of the input
plaintext and the key. The left and right halves of the output are swapped to produce the pre output.

Phase 3:
Finally, the pre output is passed through a permutation (IP-1) that is the inverse of the
initial permutation function, to produce the 64-bit ciphertext.
The right-hand portion of Figure shows the way in which the 56-bit key is used.

Operation on key:
Initially, the key is passed through a permutation function. Then, for each of the 16 rounds,
a subkey (Ki) is produced by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but a different subkey is produced because of the
repeated shifts of the key bits.

Initial Permutation

The input to a table consists of 64 bits numbered from 1 to 64. The 64 entries in the
permutation table contain a permutation of the numbers from 1 to 64. Each entry in the permutation
table indicates the position of a numbered input bit in the output, which also consists of 64 bits.

Permutation Tables for DES

(a) Initial Permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
Inverse Initial Permutation (IP-1)
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
Expansion Permutation (E)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

Permutation Function (P)

16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25

Consider the following 64-bit input M:

M1 M2 M3 M4 M5 M6 M7 M8
M9 M10 M11 M12 M13 M14 M15 M16
M17 M18 M19 M20 M21 M22 M23 M24
M25 M26 M27 M28 M29 M30 M31 M32
M33 M34 M35 M36 M37 M38 M39 M40
M41 M42 M43 M44 M45 M46 M47 M48
M49 M50 M51 M52 M53 M54 M55 M56
M57 M58 M59 M60 M61 M62 M63 M64

whereMi is a binary digit. Then the permutation X = IP(M) is as follows:

M58 M50 M42 M34 M26 M18 M10 M2
M60 M52 M44 M36 M28 M20 M12 M4
M62 M54 M46 M38 M30 M22 M14 M6
 M64 M56 M48 M40 M32 M24 M16 M8
M57 M49 M41 M33 M25 M17 M9 M1
M59 M51 M43 M35 M27 M19 M11 M3
M61 M53 M45 M37 M29 M21 M13 M5
M63 M55 M47 M39 M31 M23 M15 M7

Inverse permutation Y = IP-1 (X) = IP-1(IP (M)), Therefore we can see that the original ordering of
the bits is restored.
Details of Single Round

The below figure 2.2 shows the internal structure of a single round. The left and right halves of
each 64-bit intermediate value are treated as separate 32-bit quantities, labeled L (left) and R
(right). The overall processing at each round can be summarized in the following formulas:
Li= Ri-1
Ri= Li-1 x F(Ri-1, Ki)

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by
using a table that defines a permutation plus an expansion that involves duplication of 16 of the R
bits. The resulting 48 bits are XORed with Ki. This 48-bit result passes through a substitution
function that produces a 32-bit output, which is then permuted.

Definition of S-Boxes

The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input
and produces 4 bits as output. The first and last bits of the input to box Si form a 2-bit binary
number to select one of four substitutions defined by the four rows in the table for Si. The middle
four bits select one of the sixteen columns as shown in figure 5.3.
The decimal value in the cell selected by the row and column is then converted to its 4-bit
representation to produce the output.
For example, in S1 for input 011001, the row is 01 (row 1) and the column is 1100 (column
12). The value in row 1, column 12 is 9, so the output is 1001.

Key Generation
The 64-bit key is used as input to the algorithm. The bits of the key are numbered from 1
through 64; every eighth bit is ignored. The key is first subjected to a permutation governed by a
table labeled Permuted Choice One. The resulting 56-bit key is then treated as two 28-bit
quantities, labeled C0 and D0.
At each round, Ci-1 and Di-1 are separately subjected to a circular left shift, or rotation, of
1 or 2 bits. These shifted values serve as input to the next round. They also serve as input to
Permuted Choice 2, which produces a 48-bit output that serves as input to the function F(Ri-1, Ki).
DES Key Schedule Calculation
1 2 3 4 5 6 7 8
9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24
25 26 27 28 29 30 31 32
33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48
49 50 51 52 53 54 55 56
57 58 59 60 61 62 63 64
(b) Permuted Choice One (PC-1)
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
(c) Permuted Choice Two (PC-2)
14 17 11 24 1 5 3 28
15 6 21 10 23 19 12 4
26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40
 51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32
(d) Schedule of Left Shifts
Roundnumber:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Bits rotated : 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

Explain the properties that are satisfied by Group, Rings and Fields.

Groups, Rings, Fields

Groups, rings, and fields are the fundamental elements of a branch of mathematics known
as abstract algebra, or modern algebra.
Groups
A group G, sometimes denoted by {G,*}, is a set of elements with a binary operation
denoted by * that associates to each ordered pair (a,b) of elements G in an element(a*b) in , such
that the following axioms are obeyed:

(A1) Closure: If a and b belong to G, then a*b is also in G.

(A2) Associative: a*(b*c)=(a*b)*c for all a,b, , in G .
(A3) Identity element: There is an element e in G such that a*e=e*a=a for all in G.
(A4) Inverse element: For each a in G, there is an element a’ in G such that
a*a’=a’*a=e .
If a group has a finite number of elements, it is referred to as a finite group, and the order
of the group is equal to the number of elements in the group. Otherwise, the group is an infinite
group.
A group is said to be abelian if it satisfies the following additional condition:
(A5) Commutative: a*b=b*a for all a b, in G.
CYCLIC GROUP: A group is cyclic if every element of G is a power ak ( k is an integer)
of a fixed element a£ G .The element is a said to generate the group G or to be a generator of G.A
cyclic group is always abelian and may be finite or infinite.
Rings
A ring R, sometimes denoted by{R, +, X}, is a set of elements with two binary operations,
called addition and multiplication, such that for all a,b,c ,in R the following axioms are obeyed

A ring is said to be commutative if it satisfies the following additional condition:

Next, we define an integral domain, which is a commutative ring that obeys the following axioms

Fields
 A field F , sometimes denoted by {F,+,X}, is a set of elements with two binary operations,
called addition and subtraction , such that for all a,b,c , in F the following axioms are obeyed

Illustrate the substitution Techniques in detail.

Substitution Techniques
 The two basic building blocks of all encryption techniques are substitution and transposition.
We examine these in the next two sections.
 Finally, we discuss a system that combines both substitution and transposition. A substitution
technique is one in which the letters of plaintext are replaced by other letters or by numbers or
symbols.1
 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext
bit patterns with cipher text bit patterns.

Caesar Cipher
 The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The Caesar
cipher involves replacing each letter of the alphabet with the letter standing three places further
down the alphabet. For example,
Playfair Cipher
 The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in the
plaintext as single units and translates these units into cipher text diagrams.
 The Playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed using a keyword.
 In this case, the keyword is monarchy.
 The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to
right and from top to bottom, and then filling in the remainder of the matrix with the remaining
letters in alphabetic order. The letters I and J count as one letter.

 Plaintext is encrypted two letters at a time, according to the following rules:

 Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so
that balloon would be treated as ba lx lo on.
 Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example, ar is encrypted as
RM.
 Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the
top element of the column circularly following the last. For example, mu is encrypted as CM.
 Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the
column occupied by the other plaintext letter. Thus, hs become BP and ea becomes IM (or JM, as
the encipherer wishes).
 For one thing, whereas there are only 26 letters, there are 26 * 26 = 676 diagrams, so that
identification of individual diagrams is more difficult.
 Furthermore, the relative frequencies of individual letters exhibit a much greater range than that of
diagrams, making frequency analysis much more difficult.
 For these reasons, the Playfair cipher was for a long time considered unbreakable.

Hill Cipher
 Before describing the Hill cipher, let us briefly review some terminology from linear algebra. In
this discussion, we are concerned with matrix arithmetic modulo 26.
 For the reader who needs a refresher on matrix multiplication and inversion.
 We define the inverse M-1 of a square matrix M by the equation M(M-1) = M-1M = I, where I is
the identity matrix.
 I is a square matrix that is all zeros except for ones along the main diagonal from upper left to
lower right. The inverse of a matrix does not always exist, but when it does, it satisfies the preceding
equation. For example,
  To explain how the inverse of a matrix is computed, we begin with the concept of determinant.
 For any square matrix (m * m), the determinant equals the sum of all the products that can be
formed by taking exactly one element from each row and exactly one element from each column,
with certain of the product terms preceded by a minus sign. For a 2 * 2 matrix,

Continuing our example,

We can show that 9-1 mod 26 = 3, because 9 * 3 = 27 mod 26 = 1. Therefore, we compute the
inverse of A as

Explain the Transposition Techniques in detail.

Transposition Techniques
 All the techniques examined so far involve the substitution of a cipher text symbol for a plaintext
symbol. A very different kind of mapping is achieved by performing some sort of permutation on
the plaintext letters. This technique is referred to as a transposition cipher.
 The simplest such cipher is the rail fence technique, in which the plaintext is written down as a
sequence of diagonals and then read off as a sequence of rows.
 For example, to encipher the message “meet me after the toga party” with a rail fence of depth 2,
we write the following:

The encrypted message is

MEMATRHTGPRYETEFETEOAAT
 This sort of thing would be trivial to cryptanalyze. A more complex scheme is to write the message
in a rectangle, row by row, and read the message off, column by column, but permute the order of
the columns. The order of the columns then becomes the key to the algorithm. For example,

 Thus, in this example, the key is 4312567. To encrypt, start with the column that is labeled 1, in
this case column 3. Write down all the letters in that column. Proceed to column 4, which is labeled
2, then column 2, then column 1, then columns 5, 6, and 7.