CC518 / CS421

Computer and Network Security

Dr. Hesham El Zouka
Computer Engineering Dept.
AASTMT

1
 Overview
Cryptography is both an art and a science –
the use of deception and mathematics, to
hide data as in steganography, to render data
unintelligible through the transformation data
into an unreadable state, and to ensure that a
message is not been altered in transit as well
as to provide assurance of who sent the
message, authentication of source, and proof
of delivery.

2
 Key Areas of Knowledge
 Application and use of cryptography
 Cryptographic lifecycle and encryption concepts
 Key management processes
 Digital signatures and non-repudiation
 Methods of cryptanalytic attacks
 Using cryptography to maintain network security
 Using cryptography to maintain application security
 Public Key Infrastructure (PKI)
 Certificate related issues
 Information hiding alternatives

3
 Cryptography Goals
 Confidentiality
◦ Unauthorized parties cannot access information
 Authenticity
◦ Validating the source of the message to ensure the
sender is properly identified
 Integrity
◦ Assurance that the message was not modified
during transmission, accidentally or intentionally
 Non-repudiation
◦ A sender cannot deny sending the message at a
later data
4
Encryption Models
Symmetric Encryption (Conventional Encryption)

5
Encryption Models

6
English letters Frequencies

7
Symmetric Cryptosystems

8
Vigenere Cipher

9
Cryptography in War
 German Enigma
◦ Used in World War II to encrypt telegraphic communication
◦ Rotor cipher machine that used polyalphabetic substitution
◦ Key was the original setting of the rotors and the sequence of
advancement for each rotor
◦ Individual rotors are connected in a bank
◦ Character entered and substituted by each rotor for encryption

10
One Time Pad

11
Block Encryption Algorithms

12
Overview
• Cryptography functions
◦ Secret key (symmetric cryptography, e.g., DES)
◦ Public key (asymmetric cryptography, e.g., RSA)
◦ Hashing (one-way function - message digest, e.g., MD5)Security
services
◦ Privacy (Secrecy): preventing unauthorized release of information
◦ Authentication: verifying identity of the remote participant
◦ Integrity: making sure message has not been altered

Security

Cryptography Security
algorithms services

Secret Public Message Privacy Authentication Message

key key digest integrity
(e.g., DES) (e.g., RSA) (e.g., MD5)
Transposition Ciphers
 A transposition cipher.
Secret Key Cryptography

Block ciphers
• DES
• 3DES
• IDEA
• AES

15
The encryption model (for a symmetric-key cipher)

16
Generic Block Encryption
• Block cipher: encryption/decryption in which a fixed-
length block of plaintext is mapped to a ciphertext block
of equal length
• Substitution: space complexity O(k 2^k) for k-bit blocks
• Permutation: space complexity O(k logk) for k-bit blocks
• Fixed key length: can be the same length as the block or
different

17
Example of Block Encryption

18
Feistel Cipher

19
Data Encryption Standard (DES)
• Designed by IBM and published by NIST in
1977
• 64-bit input block  64-bit output block
with 56-bit key
• Not secure anymore: key size must be
increased by 1 bit every 2 years
• 3DES: 112-bit key

20
DES Overview
Basic Structure of DES

21
Permutations of The Data
• Do not enhance security

22
Generating Per-Round Keys
• Initial permutation of key

23
Generating Per-Round Keys
• 16 48-bit keys generated
• A subset of 48-bit from the 56 bits
Figure 3-5: Round i for generating Ki

24
A DES Round
DES round

25
Mangler Function

• R is expanded from 32-bit to 48-bit

26
Mangler Function
Figure 3-8: Chunk transformation

• Each S-box is a 6-bit to 4-bit decoder.

27
S-Box
• A substitution which produces a 4-bit output for each
possible 6-bit input
• The 4-bit output of each of the 8 S-boxes is combined
into a 32-bit quantity whose bits are then permuted
• The permutation ensures: bits of the output of an S-box
on one round of DES affects the input of multiple S-boxes
on the next round
• Output bits of S-box should not be close to a linear
function of input bits

28
 S-Boxes

• Showing 2 S-boxes…
• There are 8 S-boxes producing 32-bit Mangle Function output
29
Permutation of the 32-bit Output

• This permutation is random looking, may be of some

security value

30
Design Parameters
• Block size: larger block sizes mean greater security but
reduced encryption/decryption speed for a given algorithm
• Key size: larger key size means greater security but may
decrease encryption/decryption speed
• Number of rounds: multiple rounds offer increasing
security, more is not better, sufficient is good enough
• Key generation algorithm: greater complexity in this
algorithm should lead to greater difficulty of cryptanalysis
• Round function: greater complexity generally means
greater resistance to cryptanalysis

31
 The Security of DES
DES is secure against three types of attacks:
1- Ciphertext only attack
2- Plaintext only attack
3- chosen-plaintext attack

32
Histogram of original text

33
Histogram of coded text

34
Relationship between plaintext and ciphertext

35
 The Avalanche Effect
• Desired property of
encryption: a change in one
bit of the plaintext or one bit
of the key should produce a
change in many bits of the
ciphertext

• Table (a): two plaintext with

1-bit difference and a single
key are selected

• Table (b): two keys with 1-

bit difference and a single
plaintext are selected

36
 Attacks on DES
• Brute-force attack: 56-bit key size not long enough
• 4 weak and 12 semi-weak keys: when C0 and D0 are one of
4 values, 1111…, 0000…, 1010…, 0101…
• Cryptanalysis by exploiting weakness in S-box design
• Differential cryptanalysis: observe the behavior of pairs of
text blocks evolving along each round of the cipher, can find a
DES key given 247 chosen plaintexts
• Linear cryptanalysis: finding linear approximations to
describe the transformations performed in DES, can find a
DES key given 243 known plaintexts
• Timing attacks: information about the key or the plaintext is
obtained by observing how long to decrypt various
ciphertexts

37
Triple DES (3DES)
 3 DES encryptions with 2 keys: 64-bit block, 112-bit key

Encryption Decryption

 Why three encryptions, not less or more?

 Why two keys, not three?

38
Triple DES (3DES)

39
Other Block Ciphers

 IDEA: International Data Encryption

Algorithm, 64-bit block, 128-bit key

 AES: Advanced Encryption Standard, 128-

bit block, 128/192/256-bit key

40
International Data Encryption Algorithm (IDEA)

41
IDEA encryption operation overview

42
IDEA: One Round

43
Key Expansion

44
IDEA: Odd Round IDEA: Odd Round

45
IDEA: Even Round IDEA: Even Round

46
 The Security of IDEA

IDEA has been around almost 15 years

• Designed by Xuejia Lai and Jim Massey

• Its only problem so far is its small block size

Purposes
• It is available under license
• It is widely used, e.g in PGP

47
Advanced Encryption Algorithm (AES)

48
AES Properties
 Private key symmetric block cipher
◦ Has128/192/256-bit keys, 128 bit data

 An iterative rather than feistel cipher

◦ treats data in 4 groups of 4 bytes
◦ 4x4 matrix in column major order
◦ operates an entire block in every round

 Designed to be:
◦ Resistant against known attacks:
 Resistant to brute-force attack
 Resistant to differential and linear cryptanalysis
◦ Stronger & faster than Triple-DES
◦ Active life of 20-30 years (+ archival use)
◦ Provide full specification & design details
◦ Both C & Java implementations
◦ Speed and code compactness on many CPUs
◦ Simple design
◦ NIST have released all submissions & unclassified analyses

49
AES – The Advanced Encryption Standard

 Rijndael: invented by Belgian cryptographers

 AES parameters:

 Rules for AES proposals

1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
50
AES Overview

Number of rounds :
Nr = 6 + max (Nb,Nk)

Nk is the number of 32-bit words in the key where

Nb is the number of 32-bit words in the block.
51
AES Overview
 128 bit block worked on using 4x4 byte matrix
◦ Block partitioned into 4 subblocks, each processed separately
 Processing on each block comprised of several rounds
◦ 10 for 128-bit key, 12 for 192-bit key, 14 for 256-bit key
 Each round has four steps
◦ SubBytes : 8-bit substitution, the “Rijindael S-box”

◦ ShiftRows : each row of matrix has applied circular shifts

 Row i shifted i positions – each output column has a byte from each input
column
AES Overview
– MixColumns step
• Four bytes of column combined in “invertible linear
transformation” to yield another four bytes
 Column bytes viewed as coefficients of a bit-polynomial, and are
multiplied by a fixed polynomial c(x)

– Add RoundKey : use 4x4 block of key bits to xor matrix

More on AES

 Observe that each step is invertible, so decryption given key bits is

straightforward
 All operations can be combined into XOR and table lookups -hence
very fast & efficient
Key Expansion
 128-bit or 4 cols. of 4-byte key is expanded to 44 cols.
 In general, needs (Nr+1)Nb columns of key

55
AES
 Creating of the state and rk arrays.
Lookup Using MixColumn Table

57
Mixcolumn
Table

58
Substitute Bytes
 SubBytes: table lookup with a 16x16 S-box of bytes
 Substitute byte transformation:

59
AES S-Box

S-Box
 Hex: 95  2a
60
Example of SubBytes

State Matrices

61
ShiftRows
 Shift row transformation:

 Example:

62
AddRoundKey
 Columnwise operation: the128-bit state is bitwise
XORed with the 128-bit round key

State Matrix Round Key Matrix

63
Summary: Four Stages
One permutation and three substitutions
 Substitute bytes: uses an S-box to perform a byte-by-
byte substitution of the block
 ShiftRows: a simple permutation
 MixColumns: a substitution that makes (28) states
 AddRoundKey: a simple bitwise XOR of the current
block with a portion of the expanded key
 Each stage is easily reversible—decryption

64
The Decryption
We sure can run the encryption backwards
But for AES we can keep the encryption process except
 For SubBytes: use an inverse S-box that has a similar
lookup table to S-box
 For ShiftRows: shift the same amount but to the right
 For MixColumns: use an InvMixColumn table that is similar
to the MixColumn table, skip this step in the last round
 For AddRoundKey: keep the same AddRoundKey as in
encryption because XOR is its own inverse
 The order of round keys is reversed, i.e., KNr is applied first
and K0 last

65
Cryptanalysis
 Some common symmetric-key
cryptographic algorithms.
Problems with Symmetric Key Cryptography

 Scalability
◦ For full and separate communication between
N people need N(N-1)/2 separate keys.
 Key Management
◦ Key distribution
◦ Key storage & Backup
◦ Key Disposal
◦ Key Change

67
 Quantum Cryptography

 An example of quantum cryptography.

Modes of Operation

69
Electronic Code Book (ECB)

70
Limitations of ECB

71
Fixing ECB

problems:
• need to send twice as much data
• can still rearrange blocks

72
 Cipher Block Chaining (CBC)

Initialization
Vector (IV)

73
Cipher Block Chaining Mode
 Cipher block chaining. (a) Encryption. (b)
Decryption.
 CBC Decryption

Limitations of CBC
Each ciphertext block depends on all message blocks ‰ thus a change in the message
affects all ciphertext blocks after the change as well as the original block ‰
Need Initial Value (IV) known to sender & receiver 75
Cipher Feedback Mode
 (a) Encryption. (c) Decryption.
Cipher Feed Back (CFB)

Errors propagate for several blocks after the error

77
 IV should be unique
Output Feed Back (OFB)

78
 Counter (CTR)
A “new” mode, though proposed early on ‰ Similar to OFB but encrypts counter
value rather than any feedback value ‰
Must have a different key & counter value for every plaintext block (never reused)

79
Counter Mode
 Encryption using counter mode.
CBC Plus Residue

Insuring Both Confidentiality Insuring Both Confidentiality and Integrity and Integrity
81
Hash Algorithms
 Message digests / one-way
transformations
◦ easy to compute a hash value for any given
message
◦ infeasible to find a message that has a given
hash
◦ infeasible to modify a message without hash
being changed
◦ infeasible to find two different messages with
the same hash
 One-Way Functions
• Function such that given formula for f(x)
◦ easy to evaluate y = f(x)
• But given y
◦ computationally infeasible to find x
• Example: Those functions used in public-key
cryptography.
Cryptographic Hash
 Outline
◦ definition
◦ properties
◦ uses
 authentication
encryption (stream cipher)
integrity protections
passwords
◦ hash example: MD2
◦ other hash algorithms

84
Collision Resistance

85
Message Integrity

 Keyed hash, shared secret

86
Definition and Properties

87
Message Digests
 Digital signatures using message digests.
Hash Uses
 Sign hash (digest) instead of message
 Store digests of files, to look for changes
Why wouldn’t CRC work ?
 With secret, can do anything a secret key
algorithm can do (authenticate, encrypt,
integrity-protect)
 Irreversible password hash database
Why must be irreversible ?
 Unix password hash

89
Authentication with Hash
 How was authentication with secret key
cryptography done?

90
MD2: Outline
• takes an arbitrary message, operates on
octets and produces a 128-bit (16-octet)
digest
• steps
input the message, break into octets, pad to a
multiple of 16 octets
compute a 16-octet checksum and append it to
the message
final pass: compute the digest
• these three steps can be done in one pass
• very limited memory requirements – can be
done on resource constrained machine
91
MD2 : Padding
 The padded message must be a multiple
of 16 octets (128 bits)

92
MD2: Checksum Calculation
 checksum is an intermediate 16-octed value appended to the message for
final digest calculation
 checksum is computed one padded message octet at a time
 the current octet of the message is:
 XORed with previous octet of the checksum
 the result substituted according to fixed octet substitution table (𝜋-substitution)
 the result is XORed with current value of checksum and stored

93
MD2 : Final Pass

 Padded message with checksum is processed one 16-octet block at a time

 Each time:
◦ a 48-octet value is computed as
◦ 18 passes over this value
 After 18 passes, the first 16 octets are used as MD for the next 16-octet block of the message 94
MD2 𝜋 Substitution Table

 0 is replaced by 41 &1 is replaced by 46

 Based on digits of 𝜋
95
History of Hash Algorithms
Algorithms
• MD – proprietary, never published, not widely used
• MD2 – first public algorithm, oriented towards 8-bit processing,
little memory, good for embedded devices
• MD3 – immediately superseded by MD4 (never published)
• MD4 – runs faster than MD2, uses 32-bit operations, become
suspect
• MD5 – slightly slower, more conservative
• SHA 1 – NIST standard, similar to MD5 even more conservative

 Eventually MD2 and MD4 are “broken” – two messages with

the same hash are found
 MDs produce 128-bit digests, SHA 1 – 160-bit digest

96
SHA-1
 Use of SHA-1 and RSA for signing
nonsecret messages.
SHA-1
 (a) A message padded out to a multiple of 512 bits.
 (b) The output variables.
 (c) The word array.
 Public-Key Algorithms

• RSA
• Other Public-Key Algorithms
Public-Key Cryptography
• Public-key cryptography uses an encryption algorithm
E and a decryption algorithm D such that deriving D is
effectively impossible even with a complete description
of E.You can encrypt without knowing how to
decrypt.
• Requirements:
◦ D (E(P)) = P
◦ It is extremely difficult to deduce the decryption key
from the encryption key.
◦ E cannot be broken by a plaintext attack.
Public-Key Cryptography

• All users pick a public key/private key pair

◦ publish the public key
◦ private key not published
• Public key (private key) is the encryption key
◦ private key (public key) is the decryption key
 Public-Key Cryptosystems: RSA
• RSA, named after its inventors Rivest, Shamir, and
Adlemean, a public-key cryptographic algorithm.
• The security of RSA comes from the fact that no
methods are known to efficiently find the prime
factors to large numbers.
• For example, 2100 can be written as 2100 = 2 x 2 x 3
x 5 x 5 x 7 making 2, 3, 5, and 7 the prime factors in
2100.
• In RSA, the private and public keys are constructed
from very large prime numbers. It turns out breaking
RSA is equivalent to finding those two prime numbers.
Public-Key Cryptography
• RSA (Rivest, Shamir, Adleman) Algorithm:
◦ choose 2 large primes, p and q > 10^100.
◦ compute n=pq and z=(p-1)(q-1).
◦ choose a number relatively prime to z (that is, such
that d has no common factors with z ) and call it d.
◦ find e such that e x d mod z = 1.
• Group P into blocks such that C=Pe (mod n) and
P=Cd(mod n) where 0 <= P < n
Public-Key Cryptography
• Example:
 p=13 q=17  n = 13 x 17 = 221
 z = (13 – 1) x (17 – 1) = 192.
 let d=5 (prime to z)
 e x d = 1 mod 192 = 1, 193, 385, ...
 385 is divisible by d
 e = 385/5 = 77
• Example:
 p=3 q=11  n = 3 x 11 = 33
 z = (3 – 1) x (11 – 1) = 20.
 let d=7 (prime to z)
 7 x e mod 20 = 1  e=3
 C = P3 (mod 33), P = C7 (mod 33)
RSA
 An example of the RSA algorithm.
Protocols Exchanging Keys
 Agreeing upon a secret key
 A key exchange protocol uses a series of
steps to agree upon a shared secret key
 This does not require a previous
relationship between the two parties
 Key exchange can be done in a secure
manner
 Diffie-Hellman is one example

106
Asymmetric Algorithm
 Diffie-Hellman
 First asymmetric algorithm
 Allows users to agree on a symmetric key
over a non-secure medium
 Vulnerable to man-in-the-middle attacks
Lack of authentication
Can be countermeasured with digital
signatures

107
Diffie-Hellman Key Agreement
 Generate a value from a random string
 Exchange value with other party
 Complete calculation using the local value and
the received value
 A unique, mathematically identical key is created

108
Digital Signatures

• Symmetric-Key Signatures
• Public-Key Signatures
• Message Digests
• The Birthday Attack
 Digital Signatures
• Digital signatures make it possible to sign email
messages and other digital documents in such a way
that they cannot be repudiated by the sender later.
• Steps to use digital signatures:
◦ The sender runs the document through a one-way
hashing algorithm
◦ The sender applies his private key to the hash to
get D(hash). This is called the signature block.
◦ The receiver computes the hash of the document
using MD5 or SHA and then applies the sender’s
public key to the signature block to get E(D(hash)).
Compare these two.
Symmetric-Key Signatures
 Digital signatures
Public-Key Signatures
 Digital signatures using public-key
cryptography.
 Digital Signatures
• The most popular hashing functions used are:
◦ MD5 (Message Digest)
◦ SHA (Secure Hash Algorithm)
• The public key is usually published. To avoid altering,
message senders can attach a certificate to the
message, which contains:
◦ The user’s name
◦ The public key
◦ Digitally singed by a trusted third party
Management of Public Keys

• Certificates
• X.509
• Public Key Infrastructures
Information hiding alternatives
(Concealment “or Null” Cipher

 True letters are hidden or disguised by a

device or algorithm
◦ The true message is hidden
 For example: every third word in a
sentence:
◦ “The old red rooster hit head first bypassing
rules”.
 The secret message is “red head rules”

115
Hiding Messages in Media

 Steganography
 Hiding the very existence of data within
another message or media
 Digital watermark to detect illegal copies
of digital images
 No algorithm or key; just placing data in a
place that people would not usaully look

116
Steganography Explained

117
118
Number Theory
 Modular Addition

Addition of a constant mod 10 can be used as a scheme for encrypting digits in that it maps each
decimal digit to a different decimal digit, in a way that is reversible. It is not a good cipher, but it is a
cipher. Decryption would be done by subtracting the secret key modulo 10.
119
 Number Theory
 Modular Multiplication

Multiplication by 1, 3, 7, or 9 works as a cipher, because it performs a one-to-one substitution of

the digits. Multiplication by any other number will not work as a cipher.
120
Number Theory
 Modular Exponentiation

Modular exponentiation is again just like ordinary exponentiation.

For instance, 46 = 6 mod 10 because 46 = 4096 in ordinary arithmetic and 4096 = 6 mod 10.

xy mod n is not the same as xy+n mod n. For example, 31 = 3 mod 10, but 311 = 7 mod 10 121
Prime Numbers
 Some Simple Tips and Reminders:-
◦ Composite Number – An integer that can be divided by at least one other
number other than itself.
◦ Prime Number – An integer whose only factors are 1 and itself.
 Let’s look at a number grid from 1 to 100 and see how they were discovered.

 Take out numbers that have a

composite factor of 2,3,5, or 7

122