Unit – I

Over View – Need for Security

• Security is required because information which is asset of any organization has to be
protected during transmission.
• So Network security measures are needed to protect data during transmission.
• What is Cryptography? Derived from greek word Krypto- Hidden and Graphene- Writting
Hidden writing mainly used to protect information.
Types of Security
1.Computer Security- Collection of tools designed to protect data and to thwart hackers
2.Network Security – Measures to Protect data during their transmission
3.Internet Security – Measures to Protect data during transmission over collection of
interconnected network
4.Data Security- Method of protecting data from unauthorized user
 Basic Concepts

• Cryptography The art or science encompassing the principles and

methods of transforming an intelligible message into one that is
unintelligible, and then retransforming that message back to its
original form
• Cryptography= the science (art) of encryption
• Cryptanalysis = the science (art) of breaking encryption

• Plaintext The original intelligible message

• Cipher text The transformed message or unintelligible message
• Key Some critical information used which is known only to the
sender& receiver
• Encryption or Encipher (encode) The process of converting plaintext to
cipher text using a Alg and a key

• Decryption or Decipher (decode) the process of converting cipher text back

into plaintext using a Alg and a key

• Cryptanalysis The study of principles and methods of transforming an

unintelligible message back into an intelligible message without knowledge
of the key. Also called code breaking

• Cryptology Branch of study that deals with cryptography and cryptanalysis

or Cryptology = cryptography + cryptanalysis
Model for Network Security
OSI Security Model or Architecture

The OSI Security Architecture provides

• Security Services
• Security Attacks
• Security Mechanism
Message (X)

A B
Security Goals (CIA) or Services-
A service that enhances the security of the data processing
systems and the information transfers of an organization
1.Confidentiality
2.Integrity
3.Authentication
4.Access Control
5.Non Repudation
6.Availability
Confidentiality-
Confidentiality is the fundamental security service provided by cryptography.
It is a security service that keeps the information from an unauthorized person.
Message send should be Known only to sender and receiver
It is sometimes referred to as privacy or secrecy.
2.Integrity- It is security service that deals with identifying any
alteration to the data.
• The data may get modified by an unauthorized entity intentionally or
accidently
• Ensures that Message send should be received as such without any
modification to the Revr.
3. Authentication -Authentication provides the identification of the
originator.
• It confirms to the receiver that the data received has been sent only
by the sender.
• Identifies the origin of the message
4.Access Control- Ability to limit and control access to host system

5. Non repudiation- Prevents that neither the sender nor the receiver from
denying the transmitted message.

6.Availability- It is nothing but the information assets is to be be available to

authorized parties as and when needed

Threat- It is possible danger that might exploit the vulnerability

or an event that breach the security and cause harm intentionally or
accidentally to damage or destroy an asset
Attack-It is intelligent act that attempt to violate the security policy of the system
 Security Attack- Any action that compromises the security of
information owned by an organization.

There are four general categories of attack which are listed below.
1.Interruption
• An asset of the system is destroyed or becomes unavailable or
unusable.
• This is an attack on availability .
• E.g., destruction of piece of hardware, cutting of a communication
line or Disabling of file management system.

Sender Receiver
2.Interception
• An unauthorized party gains access to an asset.
• This is an attack on confidentiality. Unauthorized party could
be a person, a program or a computer.
• E.g., wire tapping to capture data in the network, illicit copying of files

Sender Receiver

Eaves dropper
3.Modification
• An unauthorized party not only gains access to but tampers with an
asset.
• This is an attack on integrity.
• E.g., changing values in data file, altering a program, modifying the
contents of messages being transmitted in a network.

Sender Receiver

Eaves dropper
4.Fabrication
• An unauthorized party inserts false or spurious message into the
system.
• This is an attack on authenticity.
• E.g., insertion of spurious message in a network or addition of records
to a file.

Sender Receiver

Eaves dropper
 Security Attack
• Attack- An intelligent act that violates the security policy of the system.
• Security –1.Active Attack 2. Passive Attack
Active attack –Goal of opponent is to do alteration in the message that is
being transmitted across the network or creation of a false msg.
It is difficult to prevent but easy to detect
These attacks can be classified in to four categories:
1.Masquarade – When one entity pretends to be another
Message from intruder that appears to be from sender

A B
Internet
CC
2.Replay- Involves the capture of data and retransmit the message
without modification to produce unauthorized effect.
• 3.Modification- Some part of legitimate message is altered
or delayed
4.Denial Of Service(DoS)-
• Disruption of entire network by disabling the network.
• By overloading the network so as to degrade the performance
• Suppress all the message directed to the user
Passive Attack-
• Goal of opponent is to obtain the information that is being transmitted across
the network.
• Aim of attacker is just to listen or monitor the conversation that is being held
between sender and Receiver
• Involve no alteration of the message.
• Difficult to defect but easy to prevent by providing encryption
• These attacks can be classified in to Two categories
1. Release of Message Content-
A telephone conversation, an e-mail message and a transferred file may contain
sensitive or confidential information.
We would like to prevent the opponent from learning the contents of these
transmissions
2.Traffic Analysis:
Intruder monitor the traffic flow and watches the frequency and length of the
message and observes the pattern of the message
Difference Between Active and Passive
Attack
Active Attack Passive Attack
• Goal of the attacker to modify the • Goal of the attacker is just to
message. observe or Listen the conversation
• Can be easily detected that is being held between S and R.
• It cannot be prevented. • It cannot be detected
• Types- Masquarade • It can be prevented by encryption.
Replay • Types
Modification Traffic analysis
Dos Release of Message Content
• Security Mechanism –Mechanism or method designed to
detect,prevent or recover from security attack.
1. Encryption – Mathematical Algorithm used to transform data into
another form which is non intelligible.
2. Digital Signature- To provide authentication i.e To identify the
sender or the origin of message
Categories of CryptoSystems
• Based on Types of Operation
1.Substitution- Each Element in PT is substituted by another to get CT
2.Transposition- Position of PT is changed to produce CT
• Based on No.of Keys used
1.Symmetric- Sender and Receiver uses same key for both Encryption and
Decryption.
2.Asymmetric Encryption- Two different keys are used Encryption and
Decryption
• Based on Processing Technique
1.Stream Cipher – Bit by Bit Encryption
2.Block Cipher- Block by block Encryption
Types of Encryption -1.Symmetric Encryption
2.Asymmetric Encryption
1.Symmetric Key Encryption(Single Key ) or Conventional Encry
• Encryption- Process of Converting PT into CT using key and Algorithm
• In symmetric Encryption Same key is used for both encryption and
decryption.
• Same key is shared between sender and receiver i.e
keys are known both to sender and receiver
• Here the original message, referred to as plaintext, is converted into random nonsense, referred
to as cipher text.
• The encryption process consists of an algorithm and a key.
• The key is a value independent of the plaintext. Changing the key changes the output of the
algorithm.
• Once the cipher text is produced, it may be transmitted.
• Upon reception, the cipher text can be transformed back to the original plaintext by using a
decryption algorithm and the same key that was used for encryption.
Symmetric Model has 5 Ingredients
1.Plain Text(PT)- Original Message given as input to Encryption Alg
2.Encryption Alg- Performs various transformation on PT to convert n
to CT.
3.Secret Key- It is another input to Encryption Alg (E.Alg+Key == CT)
4.Cipher Text(CT)-Scrambled message produced as output.
5.Decryption Alg- Takes CT an Key as input and produces original PT

Notation Used
E[X or PT , Key] – CT or Ek [X]= Y
D[Y or CT,Key] - PT or Dk[Y]= X
Advantages and Disadvantages of Symmetric
Encryption
• Advantage
High rate of throughput
keys are relatively short
• Disadvantage
Key must be kept secret at both ends
Key sharing or distribution is major problem
 Asymmetric Encryption
• Asymmetric or Public Key or Two Keys Encryption
• Two different keys called private key and Public keys are used -one for
Encryption and other for Decryption
• Public-key, which may be known by anybody, and can be used to
encrypt messages.
• Private-key, known only to the recipient, used to decrypt messages
 CLASSICAL ENCRYPTION TECHNIQUES
• There are two basic building blocks of all encryption techniques: substitution and
transposition.
1.SUBSTITUTION TECHNIQUES
• A substitution technique is one in which the letters of plaintext are replaced by
other letters or by numbers or symbols.
• If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with cipher text bit patterns.
• Types
1.CAESAR CIPHER
2.MONOALPHABETIC CIPHER
3.PLAY FAIR CIPHER
4.HILL CIPHER
5.POLY ALPHABETIC OR VIGNERE CIPHER
6.ONE TIME PAD
Caesar cipher (or) shift cipher
• The earliest known use of a substitution cipher and the simplest was introduced by
Julius Caesar.
• The Caesar cipher involves replacing each letter of the alphabet with the letter
standing 3 places further down the alphabet.
• e.g., plain text : pay more money
• Cipher text: SDB PRUH PRQHB
• Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟.
• For each plaintext letter p, substitute the cipher text letter c such that
• C = E(p+k) mod 26 = (p+3) mod 26
• A shift may be any amount, so that general Caesar algorithm is
• C = E (p) = (p+k) mod 26
• Where k takes on a value in the range 0 to 25. The decryption algorithm is simply
• P = D(C) = (C-k) mod 26
• Let us assign a numerical equivalent to each letter:
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
abcdefghijklmnopqrstuvwxyz
Then the algorithm can be expressed as follows.
For each plaintext letter p, substitute the ciphertext letter C:
We define a mod n to be the remainder when a is divided by n.
For example, 11 mod 7 = 4.
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount,
so that the general Caesar algorithm is C = E(k, p) = (p + k) mod 26 where
k takes on a value in the range 1 to 25.
The decryption algorithm is simply p = D(k, C) = (C - k) mod 26 If it is
known that a given ciphertext is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: Simply try all the 25 possible keys
• Encryp- C=(P+K) mod 26
• Ex- P.text -PAY & Key -3
• 15 0 24
• Encry- C=(15+3)mod 26=18 mod 26 =18---S
( 0+3) mod 26 =3 mod 26 = 3----D
(24+3)mod 26= 27 mod 26= 1----B
Plain Text PAY = Cipher Text C= SDB
Decrption = S D B
C= 18 3 1
Decryp- D=(C-K) mod 26
(18-3)mod 26---15----P
(3-3)mod 26 ----0-----A
(1-3) mod 26= -2 mod 26 ---24---Y
Dis advantage
1.If Encrp & Decrp Alg is Known then it is easily traceable
2.Brute force attack is possible that is attacker try with only 25 keys to find CT
try every possible keys until PT is found.
-
2. Mono Alphabetic Cipher
• Substitute one letter with another letter by having any permutation
and combination of 26 alphabets
• Substituting is not done in regular pattern.
• Any Letter can be substituted for any other letter
• Ex. A is replaced with any letter (B to Z)
Disadvantage-
Easy to break because by use of Frequency of Occurrence
3.Play Fair Cipher
• The best known multiple letter encryption cipher where PT is
Encrypted 2 letters at a time (i.e Pair of letters are taken from PT)
• Playfair algorithm is based on the use of 5x5 matrix of letters
constructed using a keyword.
• The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right.
• Remaining unfilled cells of the matrix are filled with the remaining
letters in alphabetical order. The letter „i‟ and „j‟ count as one letter.
• Duplicates are removed.
 Rules for Encryption
• Encryption is done by taking 2 characters at a time.
• Rule 1: When selected pair in PT has got same alphabets it is separated by
filler letter ‘X’ .
• Example- B A L L O O N
• See the pair LL it is same letter so it is separated by Filler X
• Therefore B A L L O O N becomes B A L X L O X O N X
• Rule 2: When PT letters that fall in the same row of the matrix are each
replaced by the letter to the right, with the first element of the row
following the last.
• Rule 3: When PT letters fall in Same column it is replaced by letter
beneath.
• Rule 4: When PT letters are different then it is replaced by intersection
cell of its row and column.
• Let the keyword be “MONARCHY” • 5X5 matrix is constructed as below.
Example- B A L L O O N becomes
B A L X L O X O N X(Rule 1)
PT is paired as BA LX LO XO NX M O N A R
BA falls in same column so CT will be
C H Y B D
B A --- I/J B (Rule 3)
L X --- X U (Rule 4) E F G I/J K
L O --- P M (Rule 4)
X O --- V N (Rule 4) L P Q S T
N X --- A W (Rule 4) U V W X Z
Therefore CT will be
IB XU PM VN AW
Ex 2: PT -- N A (Rule 2)
CT – A R • Advantage – Matrix combination 26 X 26
Ex 3 PT --- B D (Rule 2) • Disadvantage- Easy to break
CT ---D C
4. Hill Cipher
• It is also Multi letter Cipher developed by mathematical scientist
Laser Hill 1929
• Algorithm takes M successive PT letter and substitute for M CT
• IT depends on Linear Equation
• Each letter is assigned a numeric value i.e
A=0,B=1,C=2 D=3,E=4 ,F=5,G=6,H=7,I=8,J=9,K=10,L=11,M=12,N=13
O=14,P=15,Q=16,R=17,S=18,T=19,U=20,V=21,W=22,X=23,Y=24,Z=25.

• Encryption C= K*P mod 26

• Decryption P=(K−1 * C) mod 26

• Example PT= P A Y = 15 0 24
• Key K = 17 17 5
21 18 21
2 2 19
C=(K * P) mod 26
C = 17 17 5 15
21 18 21 * 0
2 2 19 24

C = 17 *15 + 17* 0 + 5 * 24
21 * 15 + 18 * 0 + 2 * 24
2 * 15 + 2 * 0 + 19 * 24

C= 255 + 120
315 + 504
30 + 456

C=375 mod 26 C= 11 L C= L N S
819 mod 26 13 N
486 mod 26 18 S
• Advantage
1. Completely hides single letter frequency
• Dis advantage
1. It can be easily broken with known Plain Text attack
5.Polyalphabetic Cipher or Vignere Cipher
• Each occurrence of PT have different substitution

• Vignere table is constructed with 26 alphabets

• Encryption – Given a key letter K & PT letter X then CT is at

intersection of row labelled K & column labelled X

• To Encrypt message key is needed as long as message.

• Decryption – Key letter identifies the row .Position of CT letter in the
row determined column & PT is at top of that column
  PLAIN TEXT

K  
E
a b c d e f g h i j k … x y z
Y
a A B C D E F G H I J K … X Y Z

L
b B C D E F G H I J K L … Y Z A
E
T
c C D E F G H I J K L M … Z A B
T
E d D E F G H I J K L M N … A B C
R
S e E F G H I J K L M N O … B C D

f F G H I J K L M N O P … C D E

g G H I J K L M N O P Q … D E F

: :: :: :: :: :: :: :: :: :: :: :: … :: :: ::

:
x X Y Z A B C D E F G H … W

y Y Z A B C D E F G H I … X

z Z A B C D E F G H I J … Y
• Example PT = C O M P U T E R C E N T E R
key = D E C E P T I V E D E C E P
FS
• Example PT = B A D
K = D E C
CT = E E F

Advantage : The are multiple CT letters for each PT

6.One Time Pad
• It is an unbreakable cryptosystem.
• It represents the message as a sequence of 0s and 1s.
• this can be accomplished by writing all numbers in binary, for example,
or by using ASCII.
• The cipher text is generated by performing the bitwise XOR of the
plaintext and the key.
• The key is a random sequence of 0‟s and 1‟s of same length as the
message. Once a key is used, it is discarded and never used again.
• Each new message requires new key of same length as message.
• It produces random output.
• Example PT = 1 0 0 0 1 1 0 +
•K = 1 0 1 1 0 1 1
• CT = 0 0 1 1 1 0 1
Transpostion Techniques
• Rearrange the characters in the PT to form CT
• Letters are not changed
• Mapping- Achieved by permutation or combination on PT
• Types 1. Rail Fence
2. Simple Columnar Transposition-Single round
3. Simple Columnar Transposition- Multiple round
Rail Fence Technique
• PT is written as sequence of diagonals using depth d
• CT is written as sequence of rows
• To increase security level depth d is increased.
• Example
PT = C O M P U T E R
Depth-2 and PT is written as
C M U E
0 P T R
CT= CMUEOPTR
Simple Columnar Transposition- Single
Round
• PT is written row by row as matrix.
• Size of matrix depends on length of key
• Key specifies the order in which scrambling to be done.
• CT is written column by column but per mutate the order of the key.
• Example PT = C O M P U T E R S C I E N C E
Key = 3 4 1 2 5
C O M P U
T E R S C
I E N C E
CT = MRN PSU CTI OEE UCE
Simple Columnar Transposition- Multiple Round
• Simple Columnar is made more secure by performing more than one
stage of transposition.
• CT got is transposed as many no.of times as required.
• Example PT = C O M P U T E R
KEY= 3 1 2
C O M
P U T
E R
CT 1= OUR MT CPE
• Round 2
PT (CT1) – O U R M T C P E
Key = 3 1 2
O U R
M T C
P E
CT 2= UTE RC OMP
Block Cipher design principles
• Block cipher operates on block of data.
• Algorithm breaks PT into blocks and operates on each block
independently using same key.
• Length of PT block=Length of CT block
• Security of block depends on design of encryption function.
• Padding is done to last block.
• Padding- Adding 1’s followed by as many 0’s as required
Block Cipher Principles
• Based on Processing technique- 2 types
1. A stream cipher is one that encrypts data one bit at a time to produce CT. E.g, vigenere
cipher.
Advantages-
• Speed ,Low error propagation ,Requires less code
Dis advantage-
Low Diffusion-
2. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a
cipher text block of equal length. Typically a block size of 64 or 128 bits is used. DES ,AES
• Block Cipher operates on block of data.
• Length of Plain text= Length of cipher text.
• Algorithm breaks PT into block and operates on each block independently .
• Ex: PT = 01001000 11110011 11001010
B1 B2 B3
CT= 11001010 11010110 01010101
CT1 CT2 CT3
Advantages:
• High Diffusion-Associated with dependence of O/P bits on I/P bits.i.e,
Property of redundancy in PT that affects the CT

Dis Advantage :
• Slowness of Encryption
• Error Propagation
• Requires more code
Confussion- Making the relationship between key and CT as complex
as possible.
Block Cipher Modes of Operation
• Types
1. Electronic Code Book(ECB)
2. Cipher Block Chaining(CBC)
3. Cipher Feed Back Mode(CFB)
4. Output Feedback Mode(OFB)
5. Counter mode
Electronic Code BOOK(ECB)

• Simplest mode of operation where each block is encrypted

independently.
• PT is divided into 64 bit block and each block is encrypted using same
key.
• It is not necessary to encrypt the file linearly i.e 10th block is encrypted
first ,then 2nd,then 6th etc.
• While breaking the PT bits into 64 bit,if the last block has only 50 bits
then padding is applied to the last block.
• Padding- Adding 1 followed by as many number of 0’s as required
• Ex- Last block has only 50 bits as 0110111…..11 we need 14 bits to make
it as 64.Therefore padding is done i..e add 1 followed by 13 0’s to make it
64 bit block
• Decryption is done one block at a time
• Advantage- Used to share or transmit keys securely.
No error propagation since each block is encrypted
independently.
• Disadvantage- For lengthy message this mode is not suitable since
identical blocks of PT produce Identical block of CT
 2.Cipher Block Chaining(CBC)
• Cipher block chaining is an advancement made on ECB since ECB
compromises some security requirements.
• If block of PT – repeated it produces different CT blocks.
• First PT block (PT1) is XORed with Initialization vector (IV)which is block
of random bits to produce CT1.
• Output of Previous encryption (CT1) is fed as input to current encryption
block.i.e Encryption on current block depends on output of previous
block
• For decryption each CT block is passed through decryption algorithm
and the result is XORed with preceeding CT block to produce PT.
• CBC Mode ensures that if the block of plain text is repeated in the
original message, it will produce a different ciphertext for corresponding
blocks.
Note that the key which is used in CBC mode is the same; only the IV is
different, which is initialized at a starting point.
Dis advantage- Single bit error in PT block will affect CT block and all subsequent blocks
Parallel encryption is not possible since every encryption requires previous cipher.
3.Cipher Feedback Mode(CFB)

• In this mode each CT block gets feedback into next encryption round.
• Data is encrypted in small units.
• Load the Initialization Vector IV into shift register.
• It is assumed that unit of transmission is S bits
• Take only ‘s’ number of most significant bits (left bits) of output of
encryption process and XOR them with ‘s’ bit plaintext message block
to generate ciphertext block.
• Feed ciphertext block into top register by shifting already present data
to the left and continue the operation till all plaintext blocks are
processed.
• Essentially, the previous ciphertext block is encrypted with the key,
and then the result is XORed to the current plaintext block.
Output Feedback Mode(OFB)
• Similar in structure to that of CFB
• Here output of encryption function is fed as input to shift register.
• Advantage- Bit errors in transmission do not propogate.
i.e if error occurs in CT1 then only PT1 is affected,subsequent PT are
not corrupted.
CFB V.S. OFB

Cipher Feedback

Output Feedback
5.Counter Mode
• It is version of CFB mode without feedback.
• Both Sender and Receiver need access to reliable counter.
• Load the Initial counter value in register and encrypt the contents of
counter with key.
• PT block of PT1 contents of counter to get CT1.
• Update the counter + for next round.
Adv- All advantages of CFB and no error propagation
DisAdv- Requires synchronization couter at Sender and Receiver.
Loss of Synchronization leads to incorrect recovery of PT
CTR Encryption and Decryption
Data Encryption Standard(DES)
• DES is a symmetric key block cipher most widely used.
• Published by National Institute of Standard & Tech(NIST)
• Encrypts block of size 64 bits
• Intially Key of size 64 bits reduced to 56 bits by discarding every 8th bit
of key.
• DES uses both transposition & substitution technique- referred to as
product cipher.
DES-General Structure of DES is depicted in the following illustration

• DES is an implementation of a Feistel Cipher. It uses 16 round Feistel

structure.
• DES consist of 16 rounds of Encryption/Decryption
• Each round uses a separate key.
Broad Level Steps of DES Algorithm
• In the first step, the 64 bit plain text block is handed over to an initial
Permutation (IP) function which is random 64 bits.
• The initial permutation performed on plain text.

• Next the initial permutation (IP) produces two halves of the permuted block- Left
Plain Text (LPT) and Right Plain Text (RPT) each of 32 bits.

• Each left & Right halve undergoes 16 rounds of Encryption Process

• At end of 16th round swapping is done to produce pre-output.

• Finally Pre-output passed to IP-1 to produce CT

• Initial permutation (IP) happens only once and it happens before the first
round
• For example, it says that the IP replaces the first bit of the original plain
text block with the 58th bit of the original plain text
• The second bit with the 50th bit of the original plain text block and so
on.
• This is nothing but jugglery of bit positions of the original plain text
block. the same rule applies for all the other bit positions which shows in
the figure.
Details of Single Round
 Step 1-Key Transformation or Key Generation
• Initial 64-bit key is transformed into a 56-bit key by discarding every 8th
bit of the initial key.56 bit key is converted to 48 bit subkeys.
• Sub Key is generated during each round using a process called as key
transformation.16 Sub keys (k1,k2,k3….k16) are produced .
• For this the 56 bit key is divided into two halves, each of 28 bits. These
halves are circularly shifted left by one or two positions, depending on
the round.

After appropriate shift 56 bit key is reduced to 48 bit by discarding any 8

bits to produce different set of subkeys
• After initial permutation, we had two 32-bit plain text called as Left
Plain Text(LPT) and Right Plain Text(RPT).
• During the expansion permutation, the RPT is expanded from 32 bits
to 48 bits.
• Bits are permuted and hence called as expansion permutation.
• Right 32 bits is divided into 8 blocks, with each block consisting of 4
bits.
• Then, each 4 bit block is then expanded to 6 bit block, i.e., per 4 bit
block, 2 more bits are added.(1st and 4th bit of 4 bit block)
• Now the 48-bit key is XOR with 48-bit RPT and resulting output is
given to the next step, which is the S-Box substitution.
 • After initial permutation, we had two 32-bit
Step 2 Expansion Permutation plain text called as Left Plain Text(LPT) and
Right Plain Text(RPT).
• During the expansion permutation, the RPT is
expanded from 32 bits to 48 bits.
• Bits are permuted and hence called as
expansion permutation.
• Right 32 bits is divided into 8 blocks, with each
block consisting of 4 bits.
• Then, each 4 bit block is then expanded to 6 bit
block, i.e., per 4 bit block, 2 more bits are
added.(1st and 4th bit of 4 bit block)
• Now the 48-bit key is XOR with 48-bit RPT and
resulting output is given to the next step, which
is the S-Box substitution.
 Step3:S.Box
Substitution
• It is a Process that accepts 48
bit input from XOR operation
and produces 32 bit output.
• It consist of set of 8 S-boxes
each accepts 6 bit input &
produces 4 bit output.
• 48 bit input is divided into 8 sub
blocks (each of 6 bits) and each
sub block is given to S- boxes
(S1,s2…s8) where each S- box
gives 4 bit output.
• Each S- box has 4 rows(0-3) & 16 columns(0-15)
Example
Suppose First 6 bits of 48 bits is given as
input to S box 1 are
1 0 1 1 1 1 – inner 4 bits represent
column and outer 2 bits represent row.
(1 1) 2- outer bits is (3 ) 10 - 3rd row
(0 1 1 1 )2–inner bits is (6 ) 10 6th column
3rd row & 6th column in S1 box is 01 in
decimal when converted to binary we get
0 0 0 1 – 4 bits output
Thus 6 bit input is converted to 4 bit
output.
Similarly 8 subblock(6 bit) is given to s1-s8
boxes to get the output.
8*6bit -48 bit is converted to 8*4 bit-32 bit
output.
Finally output from s box will be 32 bits
 Step 4- P-Box Permutation & XOR & Swap

• The O/P of S boxes(32 bits) is permuted in some random order.

• Permuted O/P is XORed with Left Half of Initial Permutation to get
new Right half (New Ri ) .
• Finally Swapping is done so that old Ri becomes New Li.
• This New Ri & New Li is given as input to round 2 and this process
continues till round 16.
• At the end of 16th round the O/P is given to Inverse Permutation(IP-1 )
to get the 64 bit Cipher text.
Advantages and Disadvantages of DES
• Security of DES algorithm resides
in Key
• Brute Force attack is impossible
because 70 quadrillion keys are
generated and it takes 1000 yrs
to break the key.
• As length of key is increased
security provided by algorithm
also increases.
• It is Symmetric alg both sender
and receiver must have same key
and it must be kept secret.
• Design of S boxes are difficult.
• It has weak keys i.e same sub key
is generated for more than one
round
Possible Techniques for Improving DES
• There are 2 variations of DES 1.Double DES
2.Triple DES
Double DES-Given a plaintext P and two encryption keys 𝐾1 and 𝐾2, a
cipher text can be generated as, C = E(𝐾2, E(𝐾1, P)
1.It does twice what DES normally does
2.It uses 2 keys (K1 & K2)
3.Encrypt with K1 to get CT1,i.e.,CT1= EK1( P)
4.CT1 again encrypted with K2 to get Final CT i.e,CT2= EK2 [EK1( P)]
 Double DES
•
PT DES CT1 DES CT2

K1 K2

Encryption: C = EK2 [ EK1 [ P ] ]

Decryption: P = DK2 [ DK1 [ C ] ]
Triple DES with 3 Keys
• 1.Uses 3 keys for Encryption K1,K2,K3
• 2.PT is encrypted with Key K1 to get CT1
• 3.CT1 is Encrypted with key K2 to get CT2
• 4.CT2 is encrypted with Key K3 to get final CT3

PT DES CT1 DES CT2 DES Final CT 3

K1 K2 K3

Encrypt: C = EK3 [ EK2 [ EK1 [P] ] ]

Decrypt: P = DK1 [ DK2 [ DK3 [C] ] ]
Triple DES with 2 Keys – Encrypt-Decrypt-
Encrypt
• PT is encrypted with K1 to produce CT1
• CT1 is decrypted with K2
• Finally it is encrypted with K3 to get Final CT
• Encryption CT = EK3[DK2[EK1[P]]]
Advanced Encryption Algorithm(AES)
• The more popular and widely adopted symmetric encryption
algorithm likely to be encountered nowadays is the Advanced
Encryption Standard (AES).
• It is found at least six time faster than triple DES.
• It is symmetric block cipher published by NIST in Dec 2001
• AES is an iterative rather than Feistel cipher. It is based on
‘substitution–permutation.
• AES performs all its computations on bytes rather than bits.
• Hence, AES treats the 128 bits of a plaintext block as 16 bytes.
• These 16 bytes are arranged in four columns and four rows for
processing as a matrix
•  The number of rounds in AES is variable and depends on the length of
the key.
• AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14
rounds for 256-bit keys.
• Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
Schematic Representation of AES Structure
1. Input to the Encryption Algorithm is blocks of 128 bit PT.
2. PT blocks and keys are arranged in variable size (16,24,32 bytes)
called as Rijindal Operation.
3. Each round contains 4 steps 1.Substitute Byte
2.Shift Rows
3.Mix Column
4.Add Round Key
Byte Substitution
• The 16 input bytes are substituted by looking up a fixed table (S-box)
given in design. Substitution is done by mapping eah individual byte of
state array to new array.The result is in a matrix of four rows and four
columns.The Elements of S box are written in Hexa Decimal.
 Shift Rows
• Each of the four rows of the matrix is shifted to the left. Shift is carried out as follows −
• First row is not shifted.
• Second row is shifted one (byte) position to the left.
• Third row is shifted two positions to the left.
• Fourth row is shifted three positions to the left.
• The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.
Mix Column
• Each column of four bytes is now transformed using a special
mathematical function.
• This function takes as input the four bytes of one column and outputs
four completely new bytes, which replace the original column.
• The result is another new matrix consisting of 16 new bytes.
 Add Round Key
• In this step each byte is XORed with the Key Matrix.
Advantages
• It can be implemented on both hardware and software.
• It provides high security to the users.
• It provides one of the best open source solutions for encryption.
• It is a very robust algorithm.
Disadvantages
• It requires many rounds for encryption.
• It is hard to implement on software.
• It needs much processing at different stages.
• It is difficult to implement when performance has to be considered.
Evaluation Criteria of AES
• Security- More Effort is required to cryptanalyze this alg
• Cost- Have high computational efficiency and so cost is high
• Algorithm-Used in high-speed applications like Broad band