CYBER SECURITY HONOURS’ DEGREE Ansh Kasaudhan 2024-2025 Cyber SecurityThis cybersecurity explores key concepts and techniques for protecting digital assets from cyber threats. Through practical exercises, we examine network security, encryption, intrusion detection, and ethical hacking. The report aims to enhance understanding of vulnerabilities, threat mitigation, and security protocols essential for safeguarding information systems. By applying theoretical knowledge to real-world scenarios, this lab underscores the critical importance of robust cybersecurity measures in maintaining the integrity and confidentiality of digital dataSyllabus Data Encryption and Compression ‘Course Outcome (CO) ‘At the end of course, the student will be able to understand ‘Atthe end of this course the student will have the knowledge of Encryption Techniques. To introduce the principles and applications of Cryptography ‘To understand the concept of the Data Compression. To introduce the principles and applications of Entropy encoding DETAILED SYLLABUS Topic Introduction to Security: Need for security, Security approaches, Principles of security, Types of attacks. Encryption Techniques: Plaintext, Cipher text, Substitution & Transposition techniques, Encryption & Decryption, Types of attacks, Key range & Size. ‘Symmetric & Asymmetric Key Cryptography: Algorithm types & Modes, DES, IDEA, Differential & Linear Cryptanalysis, RSA, Symmetric & Asymmetric key together, Digital signature, Knapsack algorithm. Case Studies of Cryptography: Denial of service attacks, IP spoofing attacks, Conventional Encryption and Message Confidentiality, Conventional Encryption Algorithms, Key Distribution. Public Key Cryptography and Message Authentication: Approaches to Message ‘Authentication, SHA-1, MDS, Public-Key Cryptography Principles, RSA, Digital, Signatures, Key Management, Firewall. Introduction: Need for data compression, Fundamental concept of data compression & coding, Communication model, Compression ratio, Requirements of data compression, Classification. Methods of Data Compression: Data compression~ Loss less & Lossy. Entropy encoding-- Repetitive character encoding, Run length encoding, Zero/Blank encoding; Statistical encoding~ Huffman, Arithmetic & Lempel-Ziv coding; Source encoding-- Vector quantization (Simple vector quantization & with error term), Recent trends in encryption and data compression techniques. Text books: Cryptography and Network Security, Mohammad Amjad, John Wiley & Sons. Cryptography & Network Security by Atul Kahate, TMH, Information Theory and Coding, Muralidhar Kulkarni, K S Shivaprakasha, John Wiley & Sons. Cryptography and Network Security by B. Forouzan, McGraw-Hill 5. The Data Compression Book by Nelson, BPB. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANUnit 2 Symmetric & Asymmetric Key Cryptography 1.1 Symmetric Key Cryptography: In symmetric key cryptography, the same key is used for both encryption and decryption of a message. The key must be kept secret between the sender and the receiver. However, the main challenge is securely distributing the key to both parties without it being intercepted, 1.1.1 Symmetric Key Cryptography and the Problem of Key Distributio1 1. The Problem Scenario: © Person A wants to send a confidential letter to person B. © AandB live in the same city but cannot meet each other in person. irst Attempt - Sending via Post: © Asseals the letter in an envelope and sends it by post. © This method does not ensure that the letter won't be tampered with before it reaches B. Second Attempt - Using a Box: © Aplaces the letter in a locked box and sends it. © This prevents unauthorized access during transit but introduces a new problem: B cannot open the box without the key. Sending the Key: © Aconsiders sending the key with the box but realizes anyone who intercepts the box could also open it © A decides to meet B in person to hand over the key, ensuring only B can open the box. Meeting in Person: If A can meet B to hand over the key, they could simply hand the letter in person, making the whole process redundant. Key Distribution Problem: © The challenge in symmetric key cryptography is the key distribution problem, where securely sharing the key between sender and receiver is difficult Scale Issue - Multiple Participants: © If Aneeds to communicate securely with multiple people (B, C, D, etc.), A would need a unique key for each communication pair. © For every new participant, the number of required keys increases exponentially: + For2 parties: I key. + For 3 parties: 3 keys. + For4 parties: 6 keys. + Forn parties: nx(n1)/2 keys. Challenges with Large Numbers of Participants: © Ifthere are 1,000 participants, approximately 499,500 keys are needed. © A central authority (T) would need to manage these keys, making the process complex and time-consuming. Conclusion: © The key distribution problem in symmetric cryptography is challenging, particularly when large numbers of participants are involved, requiring an impractical amount of keys and management, THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN1.1.2 Diffie-Hellman Key-Exchange Algorithm Overvie' + Purpose: It allows two parties, Alice and Bob, to agree on a shared symmetric key over an ins communication channel, + How It Works: © Alice and Bob each select private keys (x and y) and exchange public values based on those private keys. The shared symmetric key they compute is the same for both parties. © The algorithm is based on modular exponentiation, where the difficulty of calculating discrete logarithms ensures security. Example: Alice and Bob agree on a public prime number n and base g. They both choose private numbers (say, x and y), compute the corresponding public values, and exchange them. Using the public values, they both compute the shared key independently, resulting in the same symmetric key K. Step 1: Public Parameters © Alice and Bob agree on two public values: =A prime number n=23 = Abase g=5 Step 2: Private Keys © Alice selects a private key a=6 Bob selects a private key b=15 Alice computes her public key A using the formula: A =g* mod n=5° mod 23=15625 mod 23=8 © Bob computes his public key B using the formula: B = g” mod n=5'* mod 23 = 30517578125 mod 23 = 19 Step 4: Exchange Public Keys Alice sends her public key A = 8 to Bob. © Bob sends his public key B = 19 to Alice. Step 5: Compute Shared Secret (Symmetri © Alice computes the shared secret Sa using Bob's public key B and her private key a: Sc=B*_ mod n=19° mod 23 = 4704270176 mod 23=2 Bob computes the shared secret Sa using Alice's public key A and his private key b: Sp=A® mod n=8'* mod 23 = 35184372088832 mod 23=2 © Both Alice and Bob now have the same shared secret S=2, which they will use as a symmetric key for secure communication. Algorithmic Steps: 1. Initialization: © Choose a prime number n and a base g (publicly known). .. Private Key Selection: Alice selects a private key a (kept secret. Bob selects a private key b (kept secret) . Public Key Computation: © Alice computes her public key A= g* mod n and sends it to Bob. © Bob computes his public key B= g” mod n and sends it to Alice. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN4. Public Key Exchange: © Alice receives Bob's public key B. © Bob receives Alice's public key A 5. Shared Secret Computation: © Alice computes the shared secret $,=B* mod n. © Bob computes the shared secret Ss=A® mod n. 6. Key Confirmatio o Both Alice and Bob now share the same secret key Summary: + Result: The shared secret S=2 is now available to both Alice and Bob. + They can use this shared secret to securely communicate using a symmetric encryption algorithm (c.g. AES). Mathematical Theory: + The security of Diffie-Hellman is based on the difficulty of computing discrete log to compute exponentiation in a finite field but hard to reverse the operation to find the ori keys (x and y). Problems with the Algorithm: Man-in-the-Middle Attack: An attacker (like "Tom" in the example) can intercept and modify the communication between Alice and Bob, posing as each party and thus deriving two different symmetric keys for themselves. As a result, Alice and Bob are not truly communicating with each other. © In this attack, Tom gets Alice’s public key and forwards his own, then intercepts Bob's key and does the same. The result is that Tom can intercept and modify the communication between Alice and Bob without either party realizing, Mitigation: «The solution to the man-in-the-middle attack is mutual authentication. If Alice and Bob authenticate each other before the key exchange, it will ensure that they are genuinely communicating with each other, preventing Tom from inserting himself in the communication. 1.2 Asymmetric Key Cryptography: In asymmetric key operation, the encryption and decryption are done using two distinet but math related keys: a public key (K1) and a private key (K2). The public key is used to encrypt data (lock the box), while the private key is used to decrypt data (unlock the box). ‘This approach is based on the principle that encryption and decryption are done with different keys, and that only the corresponding private key can decrypt the data encrypted with the public key. Key Points of Asymmetric Key Operation: 1. Public Key (K1): This key can be shared freely with anyone. It is used for locking (encrypting) the message. Private Key (K2): This key is kept secret by the owner. It is used for unlocking (decrypting) the message. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANWorking of the Asymmetric Key Scheme: Let’s break down how asymmetric key operation works with an example. Example: Participants: Alice (A), Bob (B), and a Trusted Third Party (., which certifies and provides the keys). Step1: Key Generation Bob requests a key pair from T. T generates the key pair Public Key (K1): Bob’s public key that is available to everyone (used to lock messages). © Private Key (K2): Bob’s private key, which only Bob knows (used to unlock messages), Now Bob has: K1 (Public Key) - Can be shared openly. _ K2 (Private Key) - Kept secret by Bob. Step 2: Sending the Public Key Bob sends his public key (K1) to Alice. Step 3: Encrypting the Message © Alice wants to send a message securely to Bob, She uses Bob's public key (K1) to encrypt the message. This process is referred to as "locking" the message. © Alice locks the message using Mioctea= Encrypt(M, K1), where M is the original message and K1 is Bob's public key. Step 4: Sending the Encrypted Message ‘0 Alice sends the encrypted message Miccted to Bob. Step 5: Decrypting the Message c When Bob receives the encrypted message, he uses his private key (K2) to decrypt it. Since only Bob has the private key, he is the only one who can unlock the message. © Bob unlocks the message using Muntockes= Decrypt(Mies, K2), where K2 is Bob's private key Step 6: Secure Communication Now Bob can read the original message M sent by Alice. No one else (not even Alice) can decrypt it because only Bob has the corresponding private key K2. Advantages of Asymmetric Key Operation: Key Distribution: Unlike symmetric encryption, where each pair of communicators needs to exchange asecret key, asymmetric encryption only requires the public key to be shared. The private key remains secret. Scalability: A public key can be used to encrypt a message for the owner of the private key, allowing secure communication with multiple people without the need for each person to exchange secret keys, Security: Only the recipient with the corresponding private key can decrypt the message, ensuring that only they can read it. No Need for Secret Key Exchange: In symmetric key encryption, secret keys must be exchanged securely, which can be complicated. With asymmetric encryption, the public key can be sent openly, simplifying the process. Steps for General Use in Asymmetric Key Operation: Key Generation: © Attrusted third party (TT) generates a key pair for each participant. Each participant has a public and a private key. Public Key Exchange: © The sender (A) obtains the recipient's (B) public key. If there are multiple participa etc.), the same public key can be used for encryption. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN3. Message Encryption: © Assends a message to B, encrypting it using B's public key. The message is now locked & can only be unlocked by B's private key. 4, Message Decryption: co B receives the encrypted message and uses their private key to decrypt the message. Only B can do this, as no one else has access to the private key 5. Secure Commu n. © This process can be repeated for multiple recipients, allowing for secure communication between any number of people. Summary: Asymmetric Key Operation uses a pair of keys (public and private) for encryption and decryption. ‘The public key is used for encrypting (locking) the message and can be shared openly ‘The private key is used for decrypting (unlocking) the message and must be kept secret. It provides a scalable and secure method for communication, where multiple participants can securely exchange messages without needing to share secret keys 1.3 ALGORITHM TYPES AND MODES: - Cryptographic algorithms have two key aspects: 1. Algorithm Type — Defines the size of the plaintext processed per encryption step. 2. Algorithm Mode ~ Specifies the encryption details once the type is decided. 1. Algorithm Types Cryptographic algorithms transform plaintext into ciphertext and can be categorized into two main types: 1.1 Stream Ciphers + Encrypts plaintext one bit at a time. + Example: If plaintext is "Pay 100", itis first converted to binary (e.g., 01 + Uses a bitwise operation (like XOR) for eneryption Working of XOR in Stream Cipher: + XOR produces 1 if the inputs differ (0 xoR 1 = 1 ori XOR 0 = 1), else it results in o. + Example © Plaintext bit: 01011100 co Key bit: 19110101 cc Ciphertext bit (after XOR) Properties of XOR in Cryptography: Reversibility: Applying XOR twice retrieves the original message. oe Ifc = A xor 8thena = c XOR BandB = C XOR Security: The attacker cannot deduce the plaintext from ciphertext without the key Efficiency: Suitable for real-time encryption due to bitwise operation. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN1.2 Block Ciphers + Encrypts a group of bits (block) «Example: The phrase "FOUR_AND_Ft ‘an be encrypted in blocks: First block: Four © Second block: AND © Third block: Foun Key Characteristics of Block Ciphers: Fixed Block Size: Common sizes are 64-bit, 128-bit, or more. Repeated Patterns Issue: If the plaintext has repeated blocks, identical ciphertext blocks are generated, making it vulnerable to attacks. Solution — Chaining Mode: Each block of ciphertext is mixed with the next plaintext block to prevent pattern repetition. mon in Practice: Since stream ciphers process individual bits (which can be time- 1g), block ciphers are more widely used. 2. Group Structures in Cryptography Defines how many times plaintext is scrambled to generate ciphertext + Helps analyze the security strength of an encryption algorithm, 3. Concepts of Confusion and Diffusion Introduced by Claude Shannon, these principles enhance eryptographic security 3.1 Confusion + Ensures ciphertext does not give clues about the plaintext. * Achieved through substitution techniques (e.g., replacing letters/numbers). * Prevents cryptanalysts from identifying patterns in ciphertext. 3.2 Diffusion * Spreads plaintext redundancy across multiple rows/columns to obscure patterns. + Achieved through transposition techniques (permutation techniques). Comparison: Stream Cipher vs. Block Cipher Feature Stream Cipher Block Cipher Processing _Encrypts one bit at a time Encrypts a block of bits at a time Speed Faster, used for real-time encryption Slower, but more secure Security Relies on confusion Uses both confusion & diffusion Example XOR-based encryption AES, DES Algorithm Modes Algorithm modes are combinations of basic algorithm steps applied to a block cipher, often incorporating feedback mechanisms. These modes are fundamental to computer-based security algorithms. There are five key algorithm modes: THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN. Electronic Code Book (ECB) . Cipher Block Chaining (CBC) . Cipher Feedback (CFB) . Output Feedback (OFB) . Counter (CTR) 1, Electronic Code Book (ECB) Mode «Description: o Simplest mode of operation. © Divides the plaintext into 64-bit blocks and enerypts each block independently using the same key. + Encryption & Decryption: Encryption: Each 64-bit plaintext block is encrypted independently. © Decryption: Each 64-bit ciphertext block is decrypted independently using the same key. + Key Characteristics: © Identical plaintext blocks result in identical ciphertext blocks. © Suitable for encrypting small messages © Vulnerable to pattern analysis. 2. Cipher Block Chaini + Description: o Introduces feedback to improve security. © Bach plaintext block is XORed with the previous ciphertext block before encryption. + Encryption & Decryption: o Uses an Initialization Vector (IV) for the first block. © Bach ciphertext block serves as an IV for the next block. co The IV does not need to be secret but should be unique for security. + Key Characteristics: © Repeating plaintext blocks result in different ciphertext blocks. o More secure than ECB. © Requires sequential encryption, limiting parallelism, 3. Cipher Feedback (CFB) Mode + Description: o Converts a block cipher into a stream cipher. co Encrypts smaller units (¢.g., 8-bit characters) instead of entire blocks. yption Process: o Uses an IV stored in a shift register. ¢ Enerypts IV and XORs with plaintext bits. © Shift register updates with each ciphertext output. + Key Characteristics: © Suitable for applications requiring immediate encryption (e.g., keystrokes in secure communication). © Error propagation occurs within blocks. 4. Output Feedback (OFB) Mode + Description: © Similar to CFB but removes dependency on ciphertext. © The output of the encryption process is used as the next IV. yption Process: © Encrypts IV and uses its output for XOR operation with plaintext. o Maintains a continuous encryption stream. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANKey Characteristic: Prevents error propagation. © Allows pre-processing. © Vulnerable to modifications in ciphertext without detection. unter (CTR) Mode Description: © Uses counter instead of feedback mechanisms © Counter values are encrypted and XORed with plaintext Encryption & Decryption: © Uses.a unique counter value for each plaintext block. No chaining involved, allowing parallel encryption and decryption. Key Characteristic: Enables high-speed encryption. © Allows parallel processing, © Efficient for large datasets. Summary Table of Algorithm Modes Mode | Description Usage Security Issues ECB CBC CFB OFB CTR Enerypts blocks independently XORs plaintext with previous ciphertext before encryption Uses encrypted IV and XOR for stream encryption Encrypts. IV continuously, removing ciphertext dependency Encrypts counter values and XORs with plaintext Secure transmission of short messages Encrypting large text blocks Secure smission of character streams Secure stream encryption without error propagation High-speed encryption, parallel processing Pattern visibility in ciphertext Error propagation, sequential encryption required Tors propagate encrypted data Vulnerable to modifications Requires unique values for security across ciphertext counter Here’s a detailed explanation of the Data Ene example. Data Encryption Standard (DES) Algorithm * Introduction ption Standard (DES) algorithm with a step-by-step ‘The Data Encryption Standard (DES) is a symmetrie-key block cipher that encrypts data using a 56-bit Key. It was developed by IBM in the 1970s and was adopted as a standard by NIST in 1977. Number of Rounds: 16 Despite its structured approach and security features, DES is now considered i size, making it vulnerable to brute-force attacks. secure due to its small key THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN1. DES Algorithm Workflow Step 1: Initial Permutation (IP) Before encryption starts, the 64-bit plaintext undergoes an Initial Permutation (IP), which rearranges the bits in a predefined manner. Step 2: Key Transformation (Key Scheduling) ‘The 56-bit key is processed to generate 16 subkeys (48-bit each), one for each round. Step 3: Feistel Structure (16 Rounds of Processing) Each round consists of: = Splitting the data into left (L) and right (R) halves. Expanding (E) Function: The 32-bit right half is expanded to 48 bits. . XOR with Round Key: The expanded right half is XORed with the 48-bit round subkey. Substitution (S-Box): The 48-bit output is passed through 8 S-boxes, reducing it back to 32 bits. Permutation (P): The 32-bit output undergoes another permutation. . XOR with Left Half: The transformed right half is XORed with the left half. Swapping: The halves are swapped for the next round (except the last round). Step 4: Final Permutation (FP) After 16 rounds, a final permutation is applied to generate the 64-bit ciphertext 2. Step-by-Step Example Let's encrypt a 64-bit plaintext using DES Example Input + Plaintext (in binary): 2AS67BSABCDEF (Hex) = 00000001 001000 1001101 11101111 (Binary) + Key (in binary): 00010011 00110100 0101011 0 911 10111100 ) Step 1: Initial Permutation (IP) + The 64-bit plaintext is rearranged using a predefined permutation table. * Output after Initial Permutation (IP): 11001100 00000000 11001100 11111111 11110000 10101010 11110000 10101010 Step 2: Key Processing + The 56-bit key (afier removing parity bits) is: 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001 THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN+ From this key, 16 subkeys (K1, K2, .... K16) are generated, each 48 bits long. Step 3: 16 Rounds of Feistel Structure Round 1 Example 1. Divide into Left (L) and Right (R): 10 = 11001100 00000 1001100 11111111 RO = 11110000 10101010 11110000 10101010 Expansion (E) Function: Expands RO (32-bit + 48-bit). 0 100001 010101 o1o101 o11110 010101 XOR with Key K1 (48-bit): 010101 010101 011110 1 ex = 100101 010111 002012 110101 010102 1 S-Box Substitution: © Output is reduced back to 32 bits 1010 0110 1111 0100 0011 1101 1000 Permutation (P-Box): 1110 0110 0100 1011 1000 0011 XOR with Left Half (LO): 11001100 00000000 11001100 11111111 © 11100110 o10010: ooo11 11 101010 01001011 01001111 00101 Swapping: L1 = RO = 11110000 10101010 11110000 10101010 tf R = 00101010 01001011 01001111 00101110 ‘These steps repeat for 16 rounds, generating different keys and modifying the blocks accordingly. Step nal Permutation (FP) After 16 rounds, the 64-bit ciphertext undergoes the Final Permutation (FP), resulting in the final encrypted data. Example Output (Ciphertext) + After applying all 16 rounds and final permutation, we @5E81354 OFOAB405 (Hex) This is the enerypted output. 3. Decryption Process THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANDES decryption follows the same steps as encryption, but the subkeys (K1, K’ reverse order (K16 — K1). Thus, applying the decryption process on 8566135407028405 with the same key will return the original plaintext 4. Strengths and Weaknesses of DES Strengths Structured Algorithm: Based on the Feistel network, making encryption and decryption symmetric. Widespread Usage: Used in banking, finance, and legacy security systems. Simple Implementation: Efficient and easy to implement in hardware and software. > Weaknesses Small Key Size (56-bit): Can be brute-forced in a reasonable time (modern GPUs can erack DES in hours). Vulnerable to ptanalysis: Advanced attacks like differential cryptanalysis and cryptanalysis can weaken DES Replaced by AES: DES was officially replaced by AES (Advanced Encryption Standard) in 2001 5. Variants of DES To improve security, several variants of DES exist + Triple DES (3DES): Uses DES three times with different keys, increasing security. + AES (Advanced Encryption Standard): Uses 128, 192, or 256-bit keys, making it more secure than DES. Conclusion DES is one of the earliest encryption algorithms and paved the way for modern cryptographic systems, However, due to its small key size, it is now considered obsolete. AES is the modern replacement for DES in secure systems, 6. Analysing DES (a) Use of S-boxes: S-boxes are tables used for substitution in the DES algorithm. IBM kept the design of the S-boxes secret, claiming it took over 17 person-years to create them Some concerns arose regarding potential vulnerabilities in the S-boxes, speculating whether the: could be intentionally designed with weaknesses for government access to encrypted messages. Despite studies suggesting vulnerabilities in the S-boxes, no conerete example of a successful attack on them has emerged. (b) Key Length: * DES uses a 56-bit key, which means there are 2°56 possible keys (approximately 7.2 x 10°16 keys). © A brute-force attack would require trying all possible keys, but this is considered impractical. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANEven if only half of the possible keys were tested, a single computer performing on microsecond would still take over 1,000 years to break DES. Despite the large number of possible keys, the 56-bit key is considered insecure by modern standards, and DES is vulnerable to brute-force attacks with sufficient computational resources. (c) Differential and Linear Cryptanalysi + Differential Cryptanalysi © Introduced in 1990 by Eli Biham and Adi Shamir. © Analyzes pairs of ciphertexts whose corresponding plaintexts have specific differences. © Tracks how these differences propagate through DES rounds. © The correct key emerges by comparing the differences in the ciphertexts from multiple such pairs. + Linear Cryptanalysi o Developed by Mitsuru Matsui © Relies on linear approximations, where certain bits of plaintext and ciphertext are XORed to produce a bit of the key. o By gathering enough data 1g statistical analysis, attackers can deduce the key. + Both methods showed that DES is vulnerable to sophisticated attacks using cryptanalysis techniques, highlighting the weaknesses of DES against modern computational attacks. (a) Timing Attacks: ‘Timing attacks are a form of side-channel attack that can affect both symmetric and asymmetric-key cryptography ‘The basic idea is to measure how long it takes for a cryptographic algorithm to perform operations (like decryption). By analyzing the time differences for decrypting various ciphertext blocks, attackers can infer details about the plaintext or the secret key. Though more commonly associated with asymmetric encryption, timing attacks can also apply to symmetric encryption algorithms like DES. International Data Encryption Algorithm (IDEA The International Data Eneryption Algorithm (IDEA) is a symmetric block cipher that was developed in the early 1990s. It is widely regarded as one of the most secure cryptographic algorithms, although it isn't as. widely adopted as the older DES (Data Encryption Standard), partly due to its patent restrictions. One of its more notable uses is in the Pretty Good Privacy (PGP) email encryption system. Here's an overview of how IDEA works: 1, Basic Principles: IDEA is a block cipher, operating on 64-bit plaintext blocks. ‘The key size is 128 bits, which is significantly larger than the 56-bit key of DES. ‘The algorithm operates with both diffusion and confusion, two essential principles in cryptography to obscure the relationship between the plaintext and ciphertext Encryption and decryption processes are symmetric, meaning the same algorithm is used for both operations. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN2. Rounds: IDEA uses 8 rounds, where each round processes the data in a series of mathem: involving the key. In each round, 6 subkeys (16 bits each) are generated from the original 128-bit key. ‘The round operations involve: © Modular addition (++): Addition modulo 2'° (65536). ¢ Modular multiplication (+): Multiplication modulo 65537. cc XOR operations. The reason for using modular arithmetic is to ensure that any results, especially after additions or multiplications, fit within the 16-bit block size, thus avoiding overflow 3. Subkey Generation: + From the initial 128-bit key, 52 subkeys are derived in total: © 48 subkeys are used across the 8 rounds (6 per round), © 4subkeys are used for the final output transformation after the 8 rounds. + The key undergoes circular left shifts of 25 bits between rounds, ensuring different subkeys are derived for each round. 4, Output Transformation: + After completing the 8 rounds, the algorithm performs a final output transformation using 4 subkeys derived from the original key, producing the final 64-bit ciphertext. 5. Decryption: + The decryption proces: to encryption but involves using the inverse of the subkeys generated during encryption. trength of IDEA: + The strength of IDEA lies in its use of a 128-bit key, which provides a large keyspace (2%), making it incredibly difficult to break using brute force. It would take an enormous amount of computational time (more than 5.4 quintillion years) to break IDEA using modem technology. Differential and Linear Cryptanalysis Differential Cryptanalysis and Linear Cryptanalysis are two powerful techniques used in the analysis of symmetric-key ciphers, particularly block ciphers. These methods are used to find weaknesses in the cryptographic algorithms by exploiting patterns in the encryption process. Here's an overview of both techniques: Differential Cryptanalysis: Differential cryptanalysis is a chosen-plaintext attack that analyzes the differences in the input and output of a cipher to uncover information about the secret key. The basic idea is to observe how the difference in plaintext pairs propagates through the encryption algorithm and affects the ciphertext. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANChosen Plaintext Pair: In differential cryptanalysis, the attacker selects two plaintexts that dif a specific value (usually a single bit or a small number of bits). Encrypting Plaintexts: The attacker encrypts both plaintexts using the same key and compares the differences between the two corresponding ciphertexts. Difference Propagation: The goal is to track how the difference in the plaintext propagates through the rounds of encryption. Specifically, the attacker looks for statistical patterns in how certain, differences in the input data (plaintext) lead to certain differences in the output (ciphertext) Key Recovery: By repeating this process across multiple plaintexts and rounds, the attacker can eventually deduce some information about the key or the internal structure of the cipher. For example, they may identify certain key bits that affect the output more significantly, making it easier to recover the key. Application: Differential cryptanalysis is particularly effective against ciphers that are designed with weak diffusion, where small changes in the input can result in predictable changes in the output. It was famously used to break the DES (Data Eneryption Standard), which was found to have vulnerabilities when subjected to differential analysis. Advantages: + Differential cryptanalysis can be a very efficient attack method if the cipher lacks strong and confusion properties. Challenges: It requires a large number of chosen plaintexts to observe statistical patterns, which may not always be practical in real-world scenarios ‘The method is generally more successful against ciphers with weak or poorly designed S-boxes (substitution boxes Linear Cryptanalysis: Linear cryptanalysis is another form of cryptanalysis that aims to find linear approximations of the eneryption process. Unlike differential cryptanalysis, which looks at differences, linear cryptanalysis examines how the bits of the plaintext, ciphertext, and key can be related using linear equations. How it works: 1. Linear Approximation: The attacker tries to find linear approximations of the cipher's operati ‘This involves finding an equation that relates certain bits of the plaintext, ciphertext, and key with a high probability. The form of the equation might look like: PI@[email protected]@C1@C2=0 where PPP represents plaintext bits, KKK represents key bits, and CCC represents ciphertext bits. ‘The XOR operation is used to express relationships between these bits. Collecting Data: The attacker collects a large number of plaintext-ciphertext pairs and looks for patterns that fit the linear approximation. For cach plaintext-ciphertext pair, they check whether the linear equation holds with high probability THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANSolving the Key: Once the attacker has found enough linear approximations with high probabil they use statistical methods to derive information about the key. The more approximations that hol the more confident the attacker can be about the key bits Key Recovery: Through repeated analysis and collecting a sufficient number of plaintext-ciphertext pairs, the attacker can eventually recover the full encryption key, or at least a portion of it Application: «Linear cryptanalysis has been applied successfully to break some ciphers like DES and RC4 when the number of available plaintext-ciphertext pairs is sufficiently large. Advantages: Unlike differential cryptanalysis, linear eryptanalysis does not require chosen plaintexts, which can make it easier to apply in certain situations, Itcan be effective against ciphers with weak linear approximations or predictable behavior between plaintext, ciphertext, and key. Challenges: Linear cryptanalysis requires an extensive number of known plaintext-ciphertext pairs to be effective, which can be impractical for some ciphers. Like differential cryptanalysis, linear cryptanalysis is generally more successful against ciphers with weak diffusion or poor S-boxes. Comparison Between Differential and Linear Cryptanalysis: Aspect Differential Cryptanalysis Linear Cryptanalysis Attack Type Chosen plaintext attack Known plaintext or chosen plaintext attack Focus Differences between plaintext and Linear relationships between plaintext, ciphertext ciphertext, and key bits Data Requirement — Requires a large number of plaintext. Requires many plaintext-ciphertext pairs to pairs to observe patterns find linear approximations Vulnerabilities Ciphers with weak diffusion and S- Ciphers with weak linear approximations Targeted boxes between input, output, and key Famous Example Successful against DES Successfil against DES and RC4 Conclusion Both differential cryptanalysis and linear cryptanalysis are advanced cryptanalytic techniques that exploit structural weaknesses in encryption algorithms. These techniques are especially potent against ciphers that are not designed with strong diffusion and confusion properties, such as DES. Modern ciphers, like AES. are designed to resist these types of attacks by using better key schedules, S-boxes, and diffusion mechanisms, making them more resilient to both differential and linear cryptanalysis. However, understanding these methods remains crucial for cryptographic researchers to design robust encryption systems. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHANRSA Algorithm The RSA algorithm is one of the most widely used asymmetric-key cryptographic algorithms. It provi secure communication and is based on mathematical concepts involving prime numbers and modulai arithmetic. Unlike symmetric-key cryptography, RSA uses a public key for encryption and a private key for decryption. The strength of RSA lies in the difficulty of factoring large composite numbers, which is the crux of its security, Introduction to RSA: Prime Numbet Before understanding RSA, it’s important to understand prime numbers. A prime number is a number greater than 1 that has no divisors other than I and itself. For example: + 3,5,7, 11, 13 are prime numbers. + 4,6,8,9, 10 are non-prime numbers. RSA relies on the fact that multiplying large prime numbers is computationally easy, but factoring their product (i.e., determining the original primes) is extremely difficult. This property forms the foundation of RSA’s security. 4.4.2 Steps in RSA Algorithm: 1. Key Generatio Step 1: Choose two large prime numbers, P and Q. Step 2: Calculate N=PxQ. The value of N will be part of both the public and private keys. Step 3: Calculate 4(N)=(P-1)(Q-1), where @ is Euler's Totient Function. Step 4: Choose an integer E (encryption key) such that I Include SHA and MD-5 algorithm Knapsack Algorithm The Knapsack algorithm is an early cryptographic method developed by Ralph Merkle and Martin Hellman. I is based on the Knapsack problem, which is a well-known combinatorial optimization problem, Let me break it down further to explain its key components: 1. Knapsack Problem Overview: The Knapsack problem asks whether it's possible to select a subset of items from a given set such that the sum of their weights equals a specified value. In other words, you need to figure out which items to include in the knapsack to achieve a target weight (sum) without exceeding The weights of the items are typically represented as M1,MQ,...,Mn, and the target sum is S. The binary decision variable b; is used to indicate whether the i-th item is included in the knapsack (if bi=1) or not (if bi=0).. Mathematically, the equation for the knapsack problem is: S=bIM1+b2M2 +---+bnMn where: s the weight of the i-th item, ¢ Sis the target sum. 2. Application in Cryptography: In the context of eryptography, this problem is used to develop an eneryption scheme. Here's how the algorithm works The sender creates a sequence of numbers (weights of items) and uses them in a manner similar to the knapsack problem. ‘The sender then selects which items (based on the binary representation) to include in the knapsack. The result is a sum (ciphertext) based on the selected items. The receiver, who knows a specific secret key, can decrypt the ciphertext by reverse engineering the selection process to determine which items were included in the knapsack and recover the original messa THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN3. Exampl Let’s take an example to illustrate the Knapsack algorithm: Suppose the knapsack items have the following weights: 1, 7, 8, and 12. The goal is to determine whether @ target sum S (say 15) can be achieved by selecting some of these weights. The possible selections are: + If we select the items with weights 7 and 8, the sum is 7+: Now, in the encryption scheme: + We would represent the selection of these items using a binary sequence. For instance, if the selected items are 7 and 8, the binary sequence would be 0,1,1,0, where each bit corresponds to whether a particular item is included in the knapsack. ‘The ciphertext would then be the sum of the selected items, which is 15 in this case. 4, Security and Issues: ‘The Knapsack algorithm was initially thought to be secure, but it was eventually broken. The main issue is that the method is vulnerable to attacks, particularly due to weaknesses in how the items are selected and the use of public and private keys. A more efficient and secure cryptographic algorithm replaced the Knapsack algorithm over time. Summary: ‘The Knapsack algorithm was one of the first attempts at public-key eneryption, where the sender encrypts the message by selecting items to form a sum (ciphertext), and the receiver decrypts it using a secret key. However, it was later found to be insecure and replaced by more modem encryption methods. THTCS 501: DATA ENCRYPTION AND COMPRESSION [ANSH KASAUDHAN