SCHOOL OF COMPUTING

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Academic Year 2023-24 : Summer Semester

10212CS119 – Cryptography & Network Security

Pre-requisite

Sl. No Course Code Course Name

1 10211CS105 Computer Networks

Dr.T.Venketbabu,
Assistant Professor, Slot : S2 & S10
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 1
Department of CSE.
 Course Outcomes
Level of learning
CO
Course Outcomes domain (Based on
Nos.
revised Bloom’s)
Understand the encryption and decryption techniques using
CO1 K2
block ciphers.

Apply key exchange and management schemes using public

CO2 K3
key cryptography.

Demonstrate techniques to sign and verify messages using

CO3 K3
signature generation and verification algorithms.
Implement cryptographic algorithm for various network
CO4 K3
security applications.

Illustrate the technologies to protect cyberspace against

CO5 K3
security threats.

Knowledge Level (Based on Revised Bloom’s Taxonomy)

K1-Remember K2-Understand K3-Apply K4-Analyze K5-Evaluate K6-Create
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 2
 Correlation of COs with POs and PSOs

PO PO PO PO PO PO PO PO
COs PO9 PO10 PO11 PO12 PSO 1 PSO 2 PSO 3
1 2 3 4 5 6 7 8

CO1 3 3 2

CO2 3 2 3 2 3

CO3 3 2 3 2 2

CO4 2 1 2 3

CO5 2 3 2 2

High-3; Medium-2; Low-1

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 3

 Syllabus Contents
Unit – I Introduction to Cryptography 9L+3T Hours
OSI Security Architecture - Classical Encryption techniques – Cipher
Principles – Data Encryption Standard – Block Cipher Design Principles and
Modes of Operation - Evaluation criteria for AES –AES Cipher – Triple DES –
Placement of Encryption Function – Traffic Confidentiality-Case study on
Barclay’s Bank
Unit – II Public Key Cryptography 9L+3T Hours
Number Theory concepts: Primes and Prime Factorization – Congruent
modulo n, equivalent class modulo n, Integer modulo n, Multiplicative inverse,
Relatively prime, Euler's theorem, Fermat's little theorem, Extended Euclidean
Algorithm, Chinese Remainder Theorem. Confidentiality using Asymmetric
Encryption – Public Key Cryptography and RSA- Key Management - Diffie-
Hellman key Exchange – Elliptic Curve Architecture and Cryptography – Case
study on Elan Financial Services

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 4

 Syllabus Contents
Unit – III Authentication and Hash Function 9L+3T Hours
Authentication requirements – Authentication functions – Message
Authentication Codes – Hash Functions – Security of Hash Functions and
MACs – MD5 message Digest algorithm – Secure Hash Algorithm – RIPEMD
– HMAC Digital Signatures – Authentication Protocols – Digital Signature
Standard- Case study on Swedbank
Unit – IV Network Security Applications 9L+3T Hours
Authentication Applications: Kerberos – X.509 Authentication Service –
Electronic Mail Security –PGP – S/MIME - IP Security- Policy, Encapsulating
Security Payload, Combining Security Associations, Internet Key Exchange,
Authentication Header.
Unit – V Security Management 9L+3T Hours
Intrusion Detection - Password Management - Viruses and related Threats -
Virus Countermeasures- Worms Security Risks – Firewall Design Principles -
Trusted Systems -Systems- Log Management. Case study on Biometric
deployment for secure password management.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 5
 Learning Resources
i) Text Books
1. William Stallings, ― Cryptography And Network Security – Principles and
Practices, Prentice Hall of India, Eighth Edition, 2020 [Unit 1-5].
2. David Kim and Michael G.Solomon, “Fundamentals of Information
Systems Security”, Jones and Bartlett Publishers, Third Edition, 2018 [Unit
1-5].
ii) References Books:
1. Atul Kahate, ―Cryptography and Network Security, Tata McGraw-Hill,
2011.
2. Bruce Schneier, ―Applied Cryptography, John Wiley & Sons Inc, 2011.
3. Charles B. Pfleeger, Shari Lawrence Pfleeger, ―Security in Computing,
Third Edition, Pearson Education, 2010.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 6

 Learning Resources
iii) Online Resources
1. “Cryptography techniques”, Accessed on: July 2022, [online]. Available:
http://Cryptographywilliamstallings.com/Extras/Security-Notes/
2. “Authentication algorithms”, Accessed on: July 2022 [online]. Available:
http://www.cs.bilk.ent.edu.tr/~selcuk/teaching/cs519/
3. “Network security concepts”, Accessed on: July 2022[online]. Available:
http://freevideolectures.com/Course/3027/Cryptography–andNetwork-Security

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 7

 Unit – I
Introduction to Cryptography

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 8

 1.Introduction
 Computer Security - generic name for the collection of tools
designed to protect data.
 Network Security - measures to protect data during their
transmission.
 Internet Security - measures to protect data during their
transmission over a collection of interconnected networks.
Cryptography - secure communication techniques that allow only the
sender and intended recipient of a message to view its contents.
 Prevents unauthorized access to information.
 The prefix “crypt” means “hidden” and suffix graphy means
“writing”.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 9
 Computer Security Concepts
 The NIST Computer Security Handbook [NIST95] defines the term
computer security as follows:
 The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources.
 Includes hardware, software, firmware, information / data and
telecommunications.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 10

 Computer Security Concepts
 Confidentiality: This term covers two related concepts:
1.Data Confidentiality: Assures that private or confidential
information is not disclosed to unauthorized individuals.
2.Privacy: Assures that individuals control or influence on
informations related to them.
 Integrity: This term covers two related concepts:
1.Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
2.System integrity: Assures that a system performs its intended
function in an unimpaired manner.
 Availability: Assures that systems work promptly and service is not
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 11
denied to authorized users.
 2.OSI Security Architecture
 ITU-T X.800 “Security Architecture for OSI(Open Systems
Interconnection)” defines a systematic way of defining and
providing security requirements.
 3 aspects of security in OSI includes:
A.Security Attack - any action that compromises the security of
information owned by an organization.
Types: i.Active Attack and ii.Passive Attack.
B.Security Mechanism - mechanism to detect, prevent and recover
from a security attack.
C.Security Services – a service that enhances the security of data
processing systems and information transfers of an organization.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 12
 A.Security Attacks
i.Active Attacks - a network exploit in which a hacker attempts to
make changes to data on the target or data en route to the target.
 Examples: Masquerade, Modification of messages, Repudiation,
Replay and Denial of Service attacks.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 13

 Active Security Attacks

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 14

 A.Security Attacks
ii.Passive Attacks - A Passive attack attempts to learn or make use of
information from the system but does not affect system resources.
 In the nature of eavesdropping on or monitoring of transmission.
 Examples: Release of message content, Traffic Analysis.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 15

 B.Security Mechanisms
 To detect, prevent, or recover from a security attack.
 No single mechanism will support all required services.
 Most important element that underlies many of the security
mechanisms is cryptographic techniques that includes:
 Specific security mechanisms
Encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control,
notarization.
 Pervasive security mechanisms
Trusted functionality, security labels, event detection, security
audit trails, security recovery.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 16
 C.Security Services
 To enhance security of data processing systems and information
transfers of an organization.
 Intended to counter security attacks with one or more security
mechanisms.
X.800
 A service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or of data
transfers.
RFC 2828
 A processing or communication service provided by a system to give
a specific kind of protection to system resources.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 17
 C.Security Services
 Authentication - assurance that the communicating entity is the one
claimed.
 Access Control - prevention of the unauthorized use of a resource.
 Data Confidentiality – protection of data from unauthorized
disclosure.
 Data Integrity - assurance that data received is as sent by an
authorized entity.
 Non-Repudiation - protection against denial by one of the parties in
a communication.
 Availability – resource accessible / Usable.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 18

 Model for Network Security
 Design a suitable algorithm for the security transformation.
 Generate the secret information (keys) used by the algorithm.
 Develop methods to distribute and share the secret information.
 Specify a protocol enabling the principals to use the transformation
and secret information for a security service.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 19

 Model for Network Access Security
 Select appropriate gatekeeper functions to identify users.
 Implement security controls to ensure only authorized users access
designated information or resources.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 20

 Basic Terminologies in Cryptography
 Plain text – Original message in human understandable / readable
form.
 Cipher text – Coded message i.e., meaningless / in unknown form.
 Key – Secret value known to only communicating parties that is
used to convert Plain Text to Cipher Text and vice-versa.
 Cipher – algorithm for transforming plaintext to ciphertext.
 Decipher - recovering plaintext from ciphertext.
 Cryptography - study of encryption principles / methods.
 Cryptanalysis (code breaking) - study of principles / methods of
deciphering ciphertext without knowing key.
 Cryptology - field of both cryptography and cryptanalysis.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 21
 3.Mathematical tool for Cryptography
Symmetric Cipher Model

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 22

 Requirements of Mathematical Model
Two requirements for secure use of symmetric encryption:
1) A strong encryption algorithm.
2) A secret key known only to sender / receiver.
Mathematically we can denote:
Y = EK(X) - Encryption(Sender)
X = DK(Y) - Decryption(Receiver)
Y – Cipher Text; X – Plain Text; EK- Encryption Algorithm;
DK- Decryption Algorithm; K-Secret Key.
 Assuming encryption algorithm is known.
 We must now ensure a secure channel to distribute key.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 23

 Characterizing any Cryptographic System
1.Type of encryption operations used: substitution & transposition &
product.
2.Number of keys used: single-key & private / two-key or public.
3.Way in which plaintext is processed: block & stream.
Cryptanalysis
 Objective to recover key not just message.
General approaches
 Cryptanalytic attack.
 Brute-force attack.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 24

 Cryptanalytic & Brute-force Attack
Cryptanalytic Attack
 ciphertext only - only know algorithm & ciphertext, is statistical,
know or can identify plaintext.
 known plaintext - know/suspect plaintext & ciphertext.
 chosen plaintext - select plaintext and obtain ciphertext.
 chosen ciphertext - select ciphertext and obtain plaintext.
 chosen text - select plaintext or ciphertext to en/decrypt.
Brute-force Attack

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 25

 4.a.Classical Substitution Ciphers
 Letters of plaintext are replaced by other letters or by numbers or
symbols.
 If plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit patterns.
Types of substitution techniques:
I. Caesar Cipher.
II. Monoalphabetic Cipher.
III. Polyalphabetic Cipher.
IV. Playfair Cipher.
V. Hill Cipher.
VI. One-Time Pad.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 26
 I.Caesar Cipher
 Each letter of the plaintext is substituted by another letter to form
the ciphertext. It is a simplest form of substitution cipher scheme.
 Each alphabet replaced by another alphabet which is ‘shifted’ by
some fixed number between 0 and 25.
 Both sender and receiver agree on a ‘secret shift number for shifting
the alphabet.
 The text we will encrypt is 'defend the east wall of the castle', with a
shift (key) of 1.
 It is easy to see how each character in the plaintext has shifted up
the alphabet. Decryption is just as easy, by using an offset of -1.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 27

 Mathematical Description & Cryptanalysis
First we translate all of our characters to numbers, 'a'=0, 'b'=1, 'c'=2,
... , 'z'=25.
 We can now represent the caesar cipher encryption function, e(x),
where x is the character we are encrypting, as:
c=E(p) = (p + k) (mod 26)
 k is the key (the shift) applied to each letter.
 After applying this function the result is a number which must then
be translated back into a letter. The decryption function is :
p=D(c) = (c - k) (mod 26)
Only have 26 possible ciphers i.e., A maps to A,B,..Z
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 28
 Brute Force Attack on Caesar Cipher

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 29

 II.Monoalphabetic Cipher
 Rather than just shifting the alphabet
 Could shuffle (jumble) the letters arbitrarily
 Each plaintext letter maps to a different random ciphertext letter
 Key is 26 letters long
 Total of 26! = 4 x 1026 keys
 With so many keys, might think is secure.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 30

 Language Redundancy and Cryptanalysis
 Problem is language characteristics, human languages are redundant.
eg "th lrd s m shphrd shll nt wnt"
 Letters are not equally commonly used.
 In English E is by far the most common letter followed by
T,R,N,I,O,A,S.
 Other letters like Z,J,K,Q,X are fairly rare.
 Have tables of single, double & triple letter frequencies for various
languages.
 Compare counts / plots against known values.
 Tables of common double / triple letters help to identify relations
among letters.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 31
 English Letter Frequencies

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 32

 III.Polyalphbetic Cipher
 Improve security using multiple cipher alphabets
 Makes cryptanalysis harder with more alphabets to guess and flatter
frequency distribution.
 Uses a key to select which alphabet is used for each letter of the
message.
 Uses each alphabet and repeats from start after end of key is reached.
Vigenere Cipher
 Simplest and effectively multiple caesar ciphers. Keys are many
letters long K = k1 k2...kd .
 ith letter specifies ith alphabet to use
Use each alphabet in turn, repeats from start after d letters in
message. Decryption simply
6/25/2024 works in
Dr.T.VenketBabu, reverse.
AP/CSE, Vel Tech 33
 Example & Security of Vigenere Cipher
 Write the plaintext out.
 Write the keyword repeated above it.
 Use each key letter as a caesar cipher key.
 Encrypt the corresponding plaintext letter eg. using keyword
deceptive.
 For decryption check for key against its cipher value’s Plaintext.

 Have multiple cipher text letters for each plaintext letter

 Letter frequencies are obscured but not totally lost.
 Start with letter frequencies and determine number of alphabets.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 34
 Example & Security of Vigenere Cipher
• method of encrypting alphabetic text where each letter of the plaintext is
encoded with a different Caesar cipher, whose increment is determined by
the corresponding letter of another text, the key.
• For example, if the plaintext is Attacking tonight and the key
is OCULORHINOLARINGOLOGY, then
• the first letter a of the plaintext is shifted by 14 positions in the alphabet
(because the first letter O of the key is the 14th letter of the alphabet,
counting from zero), yielding o;
• the second letter t is shifted by 2 (because the second letter C of the key
means 2) yielding v;
• the third letter t is shifted by 20 (U) yielding n, with wrap-around;
• and so on; yielding the message ovnlqbpvt hznzouz. If the recipient of the
message knows the key, they can recover the plaintext by reversing this
process. Vigenère cipher is therefore a special case of a polyalphabetic
substitution.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 35

 Vigenere Tabulae
Plain Text

K
E
Y

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 36

 IV.Playfair Cipher
 Not even the large number of keys in a monoalphabetic cipher
provides security.
 One approach to improving security was to encrypt multiple letters.
 The Playfair Cipher is an example.
 Invented by Charles Wheatstone in 1854, but named after his friend
Baron Playfair.
 A 5X5 matrix of letters based on a keyword.
 Fill in letters of keyword in the matrix.
 Fill rest of matrix with other letters.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 37

 V.Hill Cipher
 Hill cipher is a polygraphic substitution cipher based on linear
algebra.
 Each letter is represented by a number modulo 26. Often the simple
scheme A = 0, B = 1, …, Z = 25 is used, but this is not an essential
feature of the cipher.
 To encrypt a message, each block of n letters is multiplied by an
invertible n × n matrix, against modulus 26.
 To decrypt the message, each block is multiplied by the inverse of
the matrix used for encryption.
The matrix used for encryption is the cipher key, and it should be
chosen randomly from the set of invertible n × n matrices (modulo 26).
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 38
 VI.One-Time Pad / Vernam Cipher
 If a truly random key as long as the message is used, the cipher will
be secure.
 Is unbreakable since ciphertext bears no statistical relationship to the
plaintext.
 For any plaintext & any ciphertext there exists a key mapping one to
other.
 Can only use the key once.
 Problems will be in generation & safe distribution of key.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 39

 4.b.Transposition Cipher
 These hide the message by rearranging the letter order.
 Without altering the actual letters used.
 Can recognize these, since have the same frequency distribution as
the original text.
 2 approaches: i.Railfence and ii.Columnar Transposition Cipher.
i.Railfence
 Write message letters out diagonally over a number of rows then
read off cipher row by row. Plain Text: meet me after the toga party.
Depth(Key): 2
Eg. m e m a t r h t g p r y - First-half of Ciphertext
e t e f e t e o a a t - Second-half of Ciphertext
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 40
Ciphertext : MEMATRHTGPRY ETEFETEOAAT
 ii.Columnar Transposition Ciphers
 A more complex transposition write letters of message out in rows
over a specified number of columns.
 Reorder the columns according to some key before reading off the
rows.
Plaintext : attack postponed until two am.
Key : 4 3 1 2 5 6 7
Plaintext : a t t a c k p
o s t p o n e
d un t i l t
w oa m x y z
Ciphertext1: TTNA APTM TSUO AODW COIX KNLY PETZ
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 41
 Double Columnar Transposition Ciphers
 A pure transposition cipher is easily recognized because it has the
same letter frequencies as the original plaintext.
 Perform more than one stage of transposition.
Key: 4 3 1 2 5 6 7
Input:
4 3 1 2 5 6 7
t t n a a p t
m t s u o a o
d w c o i x k
n l y p e t z
Cipher Text2: NSCY AUOP TTWL TMDN AOIE PAXT TOKZ

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 42

 4.c.Product Cipher
 Ciphers using substitutions or transpositions are not secure because
of language characteristics.
 Considers using several ciphers in succession to make harder.
 Two substitutions make a more complex substitution.
 Two transpositions make more complex transposition.
 A substitution followed by a transposition makes a new much harder
cipher.
 Acts as a bridge from classical to modern ciphers.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 43

 Rotor Machines
 Before modern ciphers, rotor machines were most common complex
ciphers in use .
 Widely used in World War 2
- German Enigma, Allied Hagelin, Japanese Purple.
 Implemented a very complex, varying substitution cipher.
 Used a series of cylinders, each giving one substitution, which
rotated and changed after each letter was encrypted.
 With 3 cylinders have 263=17576 alphabets.
 Hagelin Rotor Machine 

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 44

 Steganography
 An alternative to encryption.
 Hides existence of message.
 Use of a subset of letters/words in a longer message marked in some
way.
 Use of character marking, invisible ink, pin punctures and type
written correction ribbon.
 Hiding in LSB in graphic image or sound file.
Drawbacks
 High overhead to hide relatively few info bits of information.
 Once the system is discovered, it becomes virtually worthless.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 45

 5.Design principles of block ciphers
Modern Block Ciphers
 Most widely used types of cryptographic algorithms.
 Provides secrecy /authentication services.
 Focuses on DES (Data Encryption Standard).
Block vs Stream Ciphers
 Block ciphers - messages in blocks, each of which is then
en/decrypted like a substitution on very big characters 64-bits or more.
Stream ciphers - messages processed in bit or byte at a time when
en/decrypting.
 Many current ciphers are block ciphers.
 Broader range of applications.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 46
 Ideal Block Cipher
 Most symmetric block ciphers are based on a Feistel Cipher
Structure.
 Must be able to decrypt ciphertext to recover messages efficiently.
 Block ciphers look like an extremely large substitution.
 Would need table of 264 entries for a 64-bit block.
 Instead create from smaller building blocks using idea of a product
cipher.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 47

 Claude Shannon’s Substitution-Permutation
Ciphers
 Introduced idea of substitution-permutation (S-P) networks in 1949
paper.
 Forms basis of modern block ciphers.
 S-P nets are based on the two primitive cryptographic operations
seen before: substitution (S-box) and permutation (P-box).
 Provides both confusion & diffusion of message & key.
 Diffusion – dissipates statistical structure of plaintext over bulk of
ciphertext.
 Confusion – makes relationship between ciphertext and key as
complex as possible.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 48
 Feistel Cipher
 Horst Feistel devised the feistel cipher based on concept of invertible
product cipher.
 Partitions input block into two halves and process through multiple
rounds.
 Performs substitution on left data half.
 Uses round function on right half data with a subkey.
 Then have permutation swapping halves.
Design Elements of Feistel Cipher
 Block size, key size, number of rounds.
 Subkey generation algorithm.
 Round function.
 Fast software en/decryption
6/25/2024 & ease
Dr.T.VenketBabu, of analysis.
AP/CSE, Vel Tech 49
 Feistel Encryption & Decryption
Encryption Decryption

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 50

 Decryption in Feistel Cipher

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 51

 6.Data Encryption Standard(DES)
 Most widely used block cipher in world, adopted in 1977 by NBS
(National Bureaue of Standards) now National Institute of Standards &
Technology as FIPS PUB 46.
 Encrypts 64-bit blocks of data using 56-bit key.
 Has widespread use, has been considerable, besides controversy over
its security.
DES History
 IBM developed Lucifer cipher by team led by Feistel in late 60’s.
 Used 64-bit data blocks with 128-bit key.
 IBM submitted their revised Lucifer which was eventually accepted
as the DES.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 52
 DES Design Controversy
 Although DES standard is public, it had considerable controversy
over design.
 In choice of 56-bit key (vs Lucifer 128-bit).
 Because design criteria were classified.
 Subsequent events and public analysis show in fact design was
appropriate.
 Use of DES has flourished, especially in financial applications.
 Still standardized for legacy application use.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 53

 DES Encryption Overview

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 54

 Permutations in DES
 Two permutation functions are indeed the inverse of each other,
consider the following 64-bit input M:
 where Mi is a binary digit. Then the permutation X = IP(M) is as
follows:

 If we then take the inverse permutation Y = IP-1(X) = IP-1(IP(M)), it

can be seen that the original ordering of the bits is restored.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 55
 Permutations in DES
 First step of the data computation.
 IP reorders the input data bits.
 Even bits to LH half, odd bits to RH half.
 Quite regular in structure (easy in h/w).

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 56

 DES Round Structure
 Uses two 32-bit L & R halves as for any Feistel cipher can describe
as: Li = Ri–1 and Ri = Li–1 XOR F(Ri–1 , Ki)
 F takes 32-bit R half and 48-bit subkey:
- expands R to 48-bits using permutation E.
- adds to subkey using XOR
- passes through 8 S-boxes to get 32-bit result
- finally permutes using 32-bit perm P

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 57

 Single Round of DES

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 58

 S-Boxes in DES
 Have eight S-boxes which map 6 to 4 bits each S-box is actually 4
little, 4 bit boxes.
 Outer bits 1 & 6 (row bits) select one row of 4.
 Inner bits 2-5 (col bits) are substituted.
 Result is 8 lots of 4 bits, or 32 bits.
 Row selection depends on both data & key. Feature known as
autoclaving (autokeying).

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 59

 Decoding of the Input by S-Box 1

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 60

 Substitution Boxes S

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 61

 DES Key Schedule
 Forms sub-keys used in each round.
 Initial permutation of the key (PC1) which selects 56-bits in two 28-
bit halves.
 16 stages consisting of rotating each half separately either 1 or 2
places.
 Depending on the key rotation schedule K.
 Selecting 24-bits from each half & permuting them by PC2 for use in
round function F.
 Note: Practical use issues in h/w vs s/w

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 62

 DES Decryption
 Decrypt must unwind steps of data computation.
 Similar with Feistel design, do encryption steps again using sub-keys
in reverse order (SK16 … SK1).
- IP undoes final FP step of encryption.
- 1st round with SK16 undoes 16th encrypt round.
….
- 16th round with SK1 undoes 1st encrypt round.
- Final FP undoes initial encryption IP.
- Thus recovering original data value.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 63

 Avalanche Effect
 Key desirable property of encryption algorithm.
 A change of one input or key bit results in changing approx half
output bits.
 Making attempts to “home-in” by guessing keys impossible.
 DES exhibits strong avalanche.
Strength of DES – Key Size
 56-bit keys have 256 = 7.2 x 1016 values
 Brute force search looks hard. However recent advances have shown
that it is possible to break key:
- in 1997 on Internet in a few months, in 1998 on dedicated h/w
(EFF) in a few days and in 1999 above combined in 22hrs!.
 Still must be able to recognize
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech
plaintext. 64
 DES against Analytic Attacks
 Now have several analytic attacks on DES
 These utilize some deep structure of the cipher by gathering
information about encryptions
 Can eventually recover some/all of the sub-key bits
 If necessary then exhaustively search for the rest
 Generally these are statistical attacks which includes:
- differential cryptanalysis
- linear cryptanalysis
- related key attacks

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 65

 DES against Timing & Cryptanalysis Attacks
 Attacks actual implementation of cipher.
 Use knowledge of consequences of implementation to derive
information about: Some / all sub-key bits.
 Specifically use fact that calculations can take varying times
depending on the value of the inputs to it.
 Particularly problematic on smartcards.
Differential Cryptanalysis
 A statistical attack against Feistel ciphers uses cipher structure not
previously used.
 Design of S-P networks has output of function f influenced by both
input & key.
 Cannot trace values back through cipher without knowing value of
the key.
 Differential cryptanalysis
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech
compares two related pairs of encryptions.66
 DES Design Criteria
 as reported by Coppersmith in [COPP94]
 7 criteria for S-boxes provide for
- non-linearity
- resistance to differential cryptanalysis
- good confusion
 3 criteria for permutation P provide for
- increased diffusion

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 67

 7.Modes of Operations in Block Cipher
 A block cipher algorithm is a basic building block for providing data
security.
 To apply a block cipher in a variety of applications, four "modes of
operation" have been defined by NIST.
 Covers virtually all the possible applications of encryption for which
a block cipher could be used.
 As new applications and requirements have appeared, NIST has
expanded the list of recommended modes to five in Special
Publication 800-38A.
 These modes are intended for use with any symmetric block cipher,
including triple DES and AES.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 68

 Modes of Operations in Block Cipher

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 69

 A.Electronic Code Book Mode
 Plaintext is handled one block at a time and each block of plaintext
is encrypted using the same key.
 Codebook-for a given key, there is a unique ciphertext for every b-
bit block of plaintext.
 For a sequence of b-bit blocks, P1, P2,...,PN; the corresponding
sequence of ciphertext blocks is C1, C2,..., CN.
 For a message longer than b bits, the procedure is simply to break
the message into b-bit blocks, padding the last block if necessary.
 Decryption is performed one block at a time, always using the same
key.
 Ideal for a short amount of data, such as an encryption key.
 If you want to transmit a DES key securely, ECB is the appropriate
mode to use.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 70
 A.Electronic Code Book Mode

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 71

 B.Cipher Block Chaining Mode
 A technique in which the same plaintext block, if repeated, produces
different ciphertext blocks.
 The input to the encryption algorithm is the XOR of the current
plaintext block and the preceding ciphertext block; the same key is
used for each block.
 In effect, we have chained together the processing of the sequence
of plaintext blocks.
 The input to the encryption function for each plaintext block bears
no fixed relationship to the plaintext block.
 For decryption, each cipher block is passed through the decryption
algorithm.
 The result is XORed with the preceding ciphertext block to produce
the plaintext block.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 72
 B.Cipher Block Chaining Mode

 An initialization vector (IV) is XORed with the first block of

plaintext.
 On decryption, the IV is XORed with the output of the decryption
algorithm to recover the first block of plaintext.
 The IV is a data block that is that same size as the cipher block.
 The IV must be known to both the sender and receiver but be
unpredictable by a third party.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 73

 B.Cipher Block Chaining Mode

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 74

 C.Cipher Feed Back Mode
 The DES scheme is essentially a block cipher technique that uses b-
bit blocks. However, it is possible to
 Converts DES into a stream cipher, using either the cipher feedback
(CFB) or the output feedback mode.
 A stream cipher eliminates the need to pad a message to be an
integral number of blocks. It also can operate in real time.
 One desirable property of a stream cipher is that the ciphertext be of
the same length as the plaintext.
 The unit of transmission is s bits; a common value is s = 8. As with
CBC.
 The units of plaintext are chained together, so that the ciphertext of
any plaintext unit is a function of all the preceding plaintext.
 In this case, rather than units of b bits, the plaintext is divided into
segments of s bits. Dr.T.VenketBabu, AP/CSE, Vel Tech
6/25/2024 75
 C.Cipher Feed Back Mode
 The input to the encryption function is a b-bit shift register that is
initially set to some initialization vector (IV).
 The leftmost (most significant) s bits of the output of the encryption
function are XORed with the first segment of plaintext P1 to
produce the first unit of ciphertext C1, which is then transmitted.
 In addition, the contents of the shift register are shifted left by s bits
and C1 is placed in the rightmost (least significant) s bits of the shift
register.
 This process continues until all plaintext units have been encrypted.
 For decryption, the same scheme is used, except that the received
ciphertext unit is XORed with the output of the encryption function
to produce the plaintext unit.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 76

 C.Cipher Feed Back Mode

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 77

 D.Output Feed Back Mode
 Similar in structure to that of CFB the output of the encryption
function that is fed back to the shift register in OFB, whereas in
CFB the ciphertext unit is fed back to the shift register.
 Bit errors in transmission do not propagate.
 More vulnerable to a message stream modification attack.
 Complementing a bit in the ciphertext complements the
corresponding bit in the recovered plaintext.
 Controlled changes to the recovered plaintext can be made.
 This may make it possible for an opponent, by making the necessary
changes to the checksum portion of the message as well as to the
data portion.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 78

 D.Output Feed Back Mode

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 79

 E.Counter Mode
 Interest in the counter mode (CTR) has increased recently, with
applications to ATM (asynchronous transfer mode) network security
and IPSec (IP security), this mode was proposed early on.
 A counter, equal to the plaintext block size is used.
 The only requirement stated in SP 800-38A is that the counter value
must be different for each plaintext block that is encrypted.
 The counter is initialized to some value and then incremented by 1
for each subsequent block (modulo 2b where b is the block size).
 For encryption, the counter is encrypted and then XORed with the
plaintext block to produce the ciphertext block; there is no chaining.
 For decryption, the same sequence of counter values is used, with
each encrypted counter XORed with a ciphertext block to recover
the corresponding plaintext block.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 80
 E.Counter Mode
 Hardware efficiency: Encryption (or decryption) in CTR mode can
be done in parallel on multiple blocks of plaintext or ciphertext.
 For the chaining modes, the algorithm must complete the
computation on one block before beginning on the next block.
 In CTR mode, the throughput is only limited by the amount of
parallelism that is achieved.
 Software efficiency: Processors that support parallel features, such
as aggressive pipelining, multiple instruction dispatch per clock
cycle, a large number of registers, and SIMD instructions, can be
effectively utilized.
 Preprocessing: The execution of the underlying encryption
algorithm does not depend on input of the plaintext or ciphertext.
 If sufficient memory is available and security is maintained,
preprocessing can be used to prepare the output of the encryption
boxes that feed into the XOR functions
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 81
 E.Counter Mode

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 82

 8.Origin of AES
 Clear a replacement for DES was needed have theoretical attacks
that can break it.
 Demonstrated exhaustive key search attacks.
 Can use Triple-DES – but slow with small blocks.
 US NIST issued call for ciphers in 1997.
 15 candidates accepted in Jun 98 and 5 were shortlisted in Aug-99.
 Rijndael was selected as the AES in Oct-2000.
 Issued as FIPS PUB 197 standard in Nov-2001.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 83

 AES Requirements
 Private key symmetric block cipher 128-bit data, 128/192/256-bit
keys
 Stronger & faster than Triple-DES.
 Active life of 20-30 years (+ archival use).
 Provides full specification & design details.
 Supports both C & Java implementations.
 NIST have released all submissions & unclassified analyses.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 84

 AES Evaluation Criteria

Initial Criteria
 security – effort to practically cryptanalyse
 cost – computational
 algorithm & implementation characteristics
Final criteria
 general security
 software & hardware implementation ease
 implementation attacks
 flexibility (in en/decrypt, keying, other factors)

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 85

 AES Shorlist
 After testing and evaluation, shortlist in Aug-99:
- MARS (IBM) - complex, fast, high security margin.
- RC6 (USA) - v. simple, v. fast, low security margin.
- Rijndael (Belgium) - clean, fast, good security margin.
- Serpent (Euro) - slow, clean, v. high security margin.
- Twofish (USA) - complex, v. fast, high security margin.
 Then subject to further analysis & comment saw contrast between
algorithms.
 Few complex rounds verses many simple rounds which refined
existing ciphers verses new proposals.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 86

 The AES Cipher - Rijndael
 Designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys,
128 bit data.
 An iterative rather than feistel cipher treats data in 4 groups of 4
bytes.
 Operates an entire block in every round.
 Designed to be resistant against known attacks.
 Speed and code compactness on many CPUs & design simplicity
 Has 9/11/13 rounds in which state undergoes:
– byte substitution (1 S-box used on every byte)
– shift rows (permute bytes between groups/columns)
– mix columns (subs using matrix multipy of groups)
– add round key (XOR state with key material)
 Initial XOR key material & incomplete last round
 All operations can be combined into XOR and table lookups - hence
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 87
very fast & efficient
 The AES Cipher - Rijndael

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 88

 AES Data Structures

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 89

 Byte Substitution
 A simple substitution of each byte.
 Uses one table of 16x16 bytes containing a permutation of all 256 8-
bit values.
 Each byte of state is replaced by byte in row (left 4-bits) & column
(right 4-bits)
eg. byte {95} is replaced by row 9 col 5 byte which is the value
{2A}.
 S-box is constructed using a defined transformation of the values in
Galois Field(28)
 Designed to be resistant to all known attacks.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 90

 AES S-Box

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 91

 S-Box & Inverse S-Box

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 92

 AES Transformations
 The hexadecimal value {95} references row 9, column 5 of the S-
box, which contains the value {2A}.
 Accordingly, the value {95} is mapped into the value {2A} in
inverse S-box.
 The S-box is not self inverse.
 That it is not true that S-box(a) = IS-box(a). For example, [S-
box({95}) = {2A}, but IS-box({95}) = {AD}.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 93

 Shift Rows
 A circular byte shift in each each
 1st row is unchanged.
 2nd row does 1 byte circular shift to left.
 3rd row does 2 byte circular shift to left.
 4th row does 3 byte circular shift to left.
 Decryption does shifts to right.
 State is processed by columns, this step permutes bytes between the
columns.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 94

 Shift Rows & Mix Columns
 Each column is processed separately.
 Each byte is replaced by a value dependent on all 4 bytes in the
column.
 Effectively a matrix multiplication in GF(28).

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 95

 Mix Columns

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 96

 Mix Columns

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 97

 Add Round Key
 XOR state with 128-bits of the round key.
 Processed by column (though effectively a series of byte operations)
 inverse for decryption is identical since XOR is own inverse, just
with correct round key.
 Designed to be as simple as possible.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 98

 AES Round

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 99

 AES Key Expansion
 Takes 128-bit (16-byte) key and expands into array of 44/52/60 32-
bit words
 Start by copying key into first 4 words.
 Then loop creating words that depend on values in previous & 4
places back .
- In 3 of 4 cases just XOR these together.
- Every 4th has S-box + rotate + XOR constant of previous before
XOR together.
 Designed to resist known attacks.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 100

 AES Decryption
 AES decryption is not identical to encryption since steps done in
reverse
 Define an equivalent inverse cipher with steps as for encryption
– but using inverses of each step
– with a different key schedule
 Works since result is unchanged when
– swap byte substitution & shift rows
– swap mix columns & add (tweaked) round key

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 101

XOR Cipher Trace Table

Plaintext Key Ciphertext

0 0 0
0 1 1
1 0 1
1 1 0
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 102
 Operation A⊕B

To find out the XOR value of two numbers we can convert it into binary
representation
and then do the logical XOR operation on each bit and then convert it into a
decimal value .
XOR examples:
Input : A = 7 , B = 9
Output: 14
Explanation : A = 7 ( 0111 )2 , B = 9 ( 1001 )2
•1st bit of A = 1 and B = 1 so XOR value will be 0
•2nd bit of A = 1 and B = 0 so XOR Value will be 1
•3rd bit of A = 1 and B = 0 so XOR Value will be 1
•4th bit of A = 0 and B = 1 so XOR Value will be 1
XOR value has binary representation : (1110)2
Decimal value of XOR = 14

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 103

 Implementation Aspects of AES
 can efficiently implement on 8-bit CPU.
– byte substitution works on bytes using a table of 256 entries.
– shift rows is simple byte shifting.
– add round key works on byte XORs.
– mix columns requires matrix multiply in GF(28) which works on
byte values, can be simplified to use a table lookup. (Galois Fields)
 can efficiently implement on 32-bit CPU.
– redefine steps to use 32-bit words.
– can precompute 4 tables of 256-words.
– then each column in each round can be computed using 4 table
lookups + 4 XORs.
– at a cost of 16Kb to store tables.
 Designers believe this very efficient implementation was a key
factor in its selection as
6/25/2024
the AES cipher.
Dr.T.VenketBabu, AP/CSE, Vel Tech 104
 9.Triple DES
 An alternative to AES or the AES finalist algorithms is triple DES,
often denoted as 3DES.
 3DES consists of three subsequent DES encryptions with different
keys. Given by, y = DESk3 (DESk2 (DESk1 (x)))
 3DES seems resistant to both brute-force attacks and any analytical
attack imaginable at the moment.
 Another version of 3DES is:
 The advantage here is that 3DES performs single DES encryption if
k3 = k2 = k1, which is sometimes desired in implementations that
should also support single DES.
 3DES is very efficient in hardware but not particularly in software.
 It is popular in financial applications as well as for protecting
biometric information in electronic passports.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 105
 3-DES
 A different approach for strengthening DES is to use key whitening.
 For this, two additional 64-bit keys k1 and k2 are XORed to the
plaintext and ciphertext, respectively, prior to and after the DES
algorithm.
 This yields the following encryption scheme.

 This surprisingly simple modification makes DES much more

resistant against exhaustive key searches.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 106

 10.Placement of Encryption Function
 Where should cryptographic functionality be located?

 How can we make communications confidential?

 How do we distribute keys?

 What is the role of random numbers?

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 107

 Points of Vulnerability
 Networks are vulnerable to active and passive attacks
 Many potential locations for confidentiality attacks
 By network tapping or other means
 Passive inductive attacks on electrical signaling.
 Phone and wiring closets may be accessible to outsiders
 Satellite links are easy to monitor etc

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 108

 Link vs. End-to-End Encryption
 The most powerful and most common approach to securing the
points of vulnerability is encryption.
 If encryption is to be used to counter these attacks, need to decide
what to encrypt and where the encryption should be located
 Two fundamental alternatives:
i. Link encryption
ii. End-to-end encryption

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 109

 Link vs. End-to-End Encryption

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 110

 Logical Placement of E2E Encryption Function
 Link encryption occurs at either the physical or link layers.
 For end-to-end encryption, several choices are possible.
 At the lowest practical layer, the encryption function could be
performed at network layer
 All the user processes and applications within each end system
would employ the same encryption scheme with the same key.
 With this arrangement, front-end processor may be used to off-load
the encryption function

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 111

 Logical Placement of E2E Encryption Function
 X.25 or TCP provide end-to-end security for traffic within a fully
integrated internetwork.
 However, such a scheme cannot deliver the necessary service for
traffic that crosses internetwork boundaries, such as E-Mail, EDI,
and file transfer
 In this case, the only place to achieve end-to-end encryption is at the
application layer.
 A drawback of application-layer encryption is that the number of
entities to consider increases dramatically
 Many more secret keys need to be generated and distributed.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 112

 Logical Placement of E2E Encryption Function

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 113

 11.Traffic Confidentiality
 Security from traffic analysis attack
Knowledge about the number and length of messages between nodes
may enable an opponent to determine who is talking to whom
 Types of information derivable from traffic analysis
- Identities of communicating partners
- Frequency of communication
- Message patterns, e.g., length, quantity, (encrypted) content
- Correlation between messages and real world events Can
(sometimes) be defeated through traffic padding

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 114

 Countermeasures to Traffic Analysis
 Link encryption approach
- Network-layer headers (e.g., frame or cell header) are encrypted.
- Hides address information
- Traffic padding is very effective
 End-to-End encryption approach
- Leaves addresses in the clear
- Measures available to the defender are more limited
- Pad out data units to a uniform length at either the transport or
application level
- Null message can be inserted randomly into the stream

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 115

 Countermeasures to Traffic Analysis

 Covert Channel:
- Essentially, the dual of traffic analysis
- A means of communication in a fashion unintended by the
designers of the communication facility
- Usually intended to violate or defeat a security policy
 Examples: Message length, Message content, Message presence

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 116

 12.Barclay’s Bank – Case Study
 Cryptomathic has developed Crypto Service Gateway (CSG), a
solution to revolutionize the management of cryptography for
businesses.
 Barclays is an international financial services provider engaged in
personal banking, credit cards, corporate and investment banking,
and wealth management with an extensive presence in Europe, the
Americas, Africa and Asia.
 With over 300 years of history and expertise in banking, Barclays
operates in over 50 countries and employs approximately 135,000
people.
 Barclays has a history of innovation including:
- 1966, Barclays launched the UK's first credit card
- 1967, Barclays installed the world’s first ATM
- 2012, Barclays launched “Barclays Pingit”, Europe's first P2P
payments tool.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 117
 Barclay’s Bank – Case Study
 Use of mainframe-based cryptography has declined in favour of
network-based Hardware Security Modules (HSMs).
 This shift in technology triggered several problems.
 The most pressing concern was an explosion in the number of HSMs
being purchased by the company.
 Networked HSMs were often separated into particular projects and
it was difficult or impossible to share these resources with other
projects.
 A typical project would require at least four HSMs to provide the
necessary production resilience and testing capabilities, and before
long Barclays had hundreds of devices across its data centers.

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 118

 Barclay’s Bank – Service

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 119

 Barclay’s Bank – CSG

6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 120

 Barclay’s Bank – CSG
 The Crypto Key Management System (CKMS) is the leading key
life-cycle management product from Cryptomathic, and a perfect
choice for managing the entire lifespan of the keys used by CSG.
 CKMS ensures the right keys are in the right place at the right time,
while CSG ensures they can be efficiently used by only the correct
authorized parties and only in the correct way.
 CKMS maintains a trust relationship between its own HSM and
each HSM managed by the CSG server, so CSG only handles
encrypted keys, and never sees them in the clear. Use of key caching
inside the HSM ensures that high-performance is maintained while
retaining flexibility of distribution and update.
 The security features of CKMS are designed to address the
requirements of common key management regulations, meaning
users will benefit from lower audit costs and an easier compliance
process.
6/25/2024 Dr.T.VenketBabu, AP/CSE, Vel Tech 121