SYMMETRIC KEY ENCRYPTION AND NETWORK SECURITY

(B.Tech E & T 2010-14)

Presented byAditya Mathur

A1607110024

Network Security

Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network Security is needed as a network A network is prone to various threats such as Viruses and Worms, Trojan Horses, SPAM, Phishing, Packet Sniffers, Password attacks etc. Protecting the network from such threats is a must.

Encryption

It is the process of transforming data into an unreadable form using an algorithm. Encryption is used to protect data in transit(over a network). There are two types of encryption algorithms Private(

Symmetric ) Key Public Key

Symmetric Key Encryption

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. The same key is used for encryption and decryption.

For instance, if Bob and Alice want to use private key encryption to share a secret message, they would each use a copy of the same key. Bob writes his message to Alice and uses their shared private key to encrypt the message. The message is then sent to Alice. Alice uses her copy of the private key to decrypt the message. Private key encryption is like making copies of a key. Anyone with a copy can open the lock.

Symmetric Key Encryption Algorithm

There are two encryption algorithms Using

Stream Ciphers Using Block Ciphers

Symmetric Key Encryption uses ciphers.

Cipher-

a cipher (or cypher) is an algorithm for performing encryption or decryption- a series of well-defined steps that can be followed as a procedure.

Stream Cipher

In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key-stream, to give a digit of the cyphertext stream. The Key-stream is combined with the Plain Text using an exclusiveor(XOR) operation.

A pseudorandom key-stream is typically generated serially from a random seed value using digital shift registers.

The seed value serves as the cryptographic key for decrypting the ciphertext stream.

Stream ciphers execute faster than block ciphers. These are of two types

Synchronous Stream Cipher Self-Synchronous Stream Cipher

Synchronous Stream Cipher

A stream cipher generates successive elements of the keystream based on an internal state, if this state changes independently of the plaintext or ciphertext messages, the cipher is classified as a synchronous stream cipher. These pseudo-random digits are combined with the plain text using XOR operation. Sender and Receiver to be in step, synchronization is lost if bits added or removed. However, a digit is corrupted in transmission, rather than added or lost, only a single digit in the plaintext is affected and the error does not propagate to other parts of the message.

Self-Synchronizing Stream Ciphers

Self-synchronising stream ciphers update their state based on previous ciphertext digits. This approach uses several of the previous N ciphertext digits to compute the key-stream. The advantage in this is that the receiver will automatically synchronise with the key-stream generator after receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the message stream. Single-digit errors are limited in their effect, affecting only up to N plaintext digits.

Security

Never reuse the same key. Some applications using the stream cipher RC4 are attackable because of weaknesses in RC4's key setup routine; new applications should either avoid RC4 or make sure all keys are unique and ideally unrelated (e.g., generated by a cryptographic hash function) and that the first bytes of the key-stream are discarded.

Block Cipher

A block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key.

The modern design of block ciphers is based on the concept of an iterated product cipher.
Iterated product ciphers carry out encryption in multiple rounds, each which uses a different subkey derived from the original key.

Design of Block Ciphers

Block Ciphers are of three types

Iterated

Substitution-

Permutation Networks

Fiestal

Ciphers

Iterated Block Ciphers

They transform fixed-size blocks of plain-text into identical size blocks of ciphertext, via the repeated application of an invertible transformation known as the round function, with each iteration referred to as a round. Usually, the round function R takes different round keys Ki as second input, which are derived from the original key:

(where is the plaintext and the ciphertext, with r being the round number.)

Frequently, key whitening is used in addition to this. At the beginning and the end, the data is modified with key material (often with XOR, but simple arithmetic operations like adding and subtracting are also used):

Substitution- Permutation Networks

A block of the plaintext and the key is taken as inputs, and applied several alternating rounds consisting of a substitution stage followed by a permutation stage -- to produce each block of ciphertext output.

A substitution box (S-box) substitutes a small block of input bits with another block of output bits. This substitution must be one-to-one, to ensure invertibility. A permutation box (P-box) is a permutation of all the bits: it takes the outputs of all the S-boxes of one round, permutes the bits, and feeds them into the S-boxes of the next round.

Fistel Ciphers

The block of plain text to be encrypted is split into two equal-sized halves.

The round function is applied to one half, using a subkey, and then the output is XORed with the other half. The two halves are then swapped.
Let F be the round function and let K0, K1....... Kn be the sub-keys for the rounds 0, 1......, n respectively. Then the basic operation is as follows:

Split the plaintext block into two equal pieces, (L0 , R0 ) For each round i=0, 1,....n compute

Li+1=Ri

Then the ciphertext is (Rn+1, Ln+1) Decryption of a ciphertext (Rn+1, Ln+1) is accomplished by computing for i=n, n-1,....0

Ri = Li+1

Then (L0 , R0 ) is the plaintext again.

Mode Of Operation

For a variable-length message, the data must first be partitioned into separate cipher blocks. In the simplest case, known as the electronic codebook (ECB) mode, a message is first split into separate blocks of the cipher's block size. Then each block is encrypted and decrypted independently.

However, such a naive method is generally insecure because equal plaintext blocks will always generate equal ciphertext blocks (for the same key), so patterns in the plaintext message become evident in the ciphertext output.

To overcome this, the general concept is to use randomization of the plaintext data based on an additional input value, frequently called an initialization vector, to create what is termed probabilistic encryption. The resultant ciphertext block is then used as the new initialization vector for the next plaintext block.

Conclusion

Here we discussed the Private Key Encryption technique to achieve Network Security. The private key encryption is achieved using ciphers. There are broadly two types of ciphersStream and Block. These are further classified and there working was discussed.

THANK YOU