Basics of Security

Prepared by:
Dr. Avita Katal
Assistant Professor (SG)
School of Computer Science
UPES, Dehradun
 Objective

Discuss the basics of security, encryption and decryption algorithms that pave the
foundation for cloud security concepts.
Introduction-Need for Security

• Some people who cause security problems and why.

 Security Goals
Security goals:

• Confidentiality- Confidentiality ensures that information is

only accessible to authorized individuals or systems.

• Integrity-Integrity ensures that data remains accurate,

unaltered, and trustworthy throughout its lifecycle.

• Availability- Availability ensures that information and

resources are accessible and usable by authorized users
whenever needed.
 Cryptography
Security goals:
•Cryptography comes from the Greek words for “secret writing.”
Encryption + Decryption = Cryptography.
•Types:
– Cipher : cipher is a character-for-character or bit-for-bit transformation, without
regard to the linguistic structure of the message.
– Code : a code replaces one word with another word or symbol.

•Used with U.S. Armed forces during World War II in Pacific against Japan.

•U.S broke Japanese code but the Japanese never broke Navajo code(Cipher and Code)
which played a crucial role in American victories in Pacific.- Windtalkers Movie (2002)

•Four group of people contributed to cryptography: the military, the diplomatic corps,
diarists, and lovers.    
 Cryptography Components
C = EK(P)
to mean that the encryption of the
plaintext P using key K gives the
ciphertext C.
• Sender P = DK(C)
• Receiver represents the decryption of C to get
• Plaintext the plaintext again.
• Cipher text Dk(Ek(P)) = P
• Encryption
• Decryption

•Secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish
military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883).
•Kerckhoff's principle: All algorithms must be public; only the keys are secret.
•Trying to keep the algorithm secret is known in the trade as security by obscurity.
•The longer the key, the higher the work factor the cryptanalyst has to deal with.
 Cryptography Categories

In symmetric-key cryptography, the same key is used by the sender (for encryption) and the
receiver (for decryption). The key is shared.
Cryptography Categories
Symmetric-key cryptography started thousands of years ago when
people needed to exchange secrets (for example, in a war). We still
mainly use symmetric-key cryptography in our network security.
Substitution Cipher
In a substitution cipher each letter or group of letters is replaced by another letter or group of
letters to disguise it.
Caesar Ciphers:
One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar.
In this method,
a becomes D,
b becomes E,
c becomes F,
... , and
z becomes C.
For example, ‘attack’ becomes ‘DWWDFN’.
Plaintext will be given in lower case letters, and ciphertext in upper case letters.
Caesar cipher allows the ciphertext alphabet to be shifted by k letters, instead of always 3.
In this case k becomes a key to the general method of circularly shifted alphabets.
Disadvantage: Can’t fool everyone. Easy to convert to plaintext. Predictable key.
A substitution cipher replaces one symbol with another
 Symmetric Algorithms - Monoalphabetic Cipher
• Any letter can be substituted for any other letter
• Each letter has to have a unique substitute

ABCDEFGH I JKLMNOPQRSTUVWXYZ

MNBVCXZASDFGHJ KLPO IUYTREWQ

• There are 26! pairing of letters (~1026)

• Brute Force approach would be too time consuming
• Statistical Analysis would make it feasible to crack the key

Message: Encrypted
Cipher: Message:
Bob, I love you. Monoalphabetic Nkn, s gktc wky.
Alice Cipher mgsbc

Key
 Symmetric Algorithms - Polyalphabetic Cipher
• Developed by Blaise de Vigenere
• Also called Vigenere cipher
• Uses a sequence of monoalpabetic ciphers in tandem
• e.g. C1, C2, C2, C1, C2
Plain Text ABCDEFGH I JKLMNOPQRSTUVWXYZ

C1(k=6) FGH I JKLMNOPQRSTUVWXYZABCDE

C1(k=20) TUVWXYZABCDEFGH I JKLMNOPQRS

• Example

Message: Encrypted
Cipher: Message:
Bob, I love you. Monoalphabetic Gnu, n etox dhz.
Alice Cipher tenvj

Key
Transposition Cipher
A transposition cipher reorders (permutes) symbols in a block of
symbols.
• A transposition cipher.
Transposition cipher reorder the letters but do not disguise
them.
The cipher is keyed by a word or phrase not containing any
repeated letters.
In this example, MEGABUCK is the key.
The purpose of the key is to number the columns.
Plaintext is written horizontally, in rows, padded to fill the
matrix if need be.
The ciphertext is read out by columns, starting with the
column whose key letter is the lowest.
Every letter represents itself, keeping the frequency
distribution intact.
How to break the cipher as cryptanalyst?
• Suppose ‘million dollars’ occurs somewhere in
message.
• Observes digrams MO, IL, LL, LA, IR by wrapping
around.
• For k columns, k(k-1) columns can be examined.
Advantage: tough to determine the column sequence.
XOR cipher Plaintext: 101101
Key: 110010
-----------------------
Ciphertext: 011111
S-box

Rotation cipher
P-boxes: straight, expansion, and compression
Product Ciphers
Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product
• S-Box:
• a 3-bit plaintext is entered and a 3-bit ciphertext is output.
• The 3-bit input selects one of the eight lines exiting from the first stage and sets it to
1.
• The second stage is a P-box.
• The third stage encodes the selected input line in binary again.
• 01234567 is input then output would be 24506713.
• Product Cipher:
• Powerful tool in which p-box and s-box is cascaded forming whole series of boxes to
form a product cipher.
• 12 input lines in p-box.
• 212 = 4096 crossed wires are needed in middle stage.
• Input is broken into 3 bits, each substituted independently.
• K bit input to produce k bit output, k is 64 to 256.
• Less general, more powerful, becoming complicated function.
Types:
1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits, or 128 bits)
– Used for a single message
2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information
Feistel Cipher Structure
• Virtually all conventional
block encryption algorithms,
including DES, have a
structure first described by
Horst Feistel of IBM in 1973.
• Hence, Feistel is called the
father of Cryptography.
• The realization of a Feistel
Network depends on the
choice of the following
parameters and design
features (see next slide):
Feistel Cipher Structure
• Block size: larger block sizes mean greater security
• Key Size: larger key size means greater security
• Number of rounds: multiple rounds offer increasing security
• Subkey generation algorithm: greater complexity will lead to greater difficulty of
cryptanalysis
• Round function: greater complexity means greater resistance of cryptanalysis
• Fast software encryption/decryption: the speed of execution of the algorithm
becomes a concern
• Ease of analysis: It should be difficult to analyse the cipher text and conversion of
ciphertext to plaintext must be impossible.
 Data Encryption Standard
(DES)
• The most widely used encryption scheme.
• NIST (National Institute of Standards & Technology), as FIPS PUB 46 (Federal
Information Processing Standards).
• The algorithm is referred to the Data Encryption Algorithm (DEA).
• DES is a block cipher.
• Minor variation of Feistel.
• It has 16 rounds of processing.
• The plaintext is processed in 64-bit blocks.
• The key is 56 bits in length, which is divided into 16 subkeys, each one is used for
each round.
• Decryption:
• Use ciphertext as input to DES.
• Use subkeys Ki in reverse order till K is reached. i.e K 16 to K2, K1.
Data Encryption Standard
(DES)
One round in DES ciphers
DES (Data Encryption Standard), was widely adopted by the industry for use in security products.
DES procedure:
Enciphering a 64-bit data block and a 56-bit key
Step 1: Stage 1: An initial transposition (permutation)
Step 2: Iteration 1 to 16: rounds of a complex key dependent calculation.
Step 3: Stage ‘second last’: 32 bit exchange of leftmost 32 bits with rightmost 32 bits.
Step 4: Stage ‘last’: A final transposition, obtained by just reversing the obtained transposition.
Output: 64 bit ciphertext.
Iteration 1 to 16 procedure:
• Each stage takes two 32-bit inputs and produces two 32-bit outputs.
• Each of 16 iterations uses different key.
• The left output is simply a copy of the right input.
• The right output is the bitwise XOR of the left input and a function of the right input and the key for this stage, K i.
• All the complexity lies in this function.
Whitening:
• Technique used to make DES stronger.
• XORing random 64bit key with each plaintext block before feeding it into DES.
• And then again XORing a second 64 bit key with resulting ciphertext before transmitting it.
• It can be removed easily by running reverse operation.
• It adds more bits to the key length.
• Time consuming.
In 1977, standford cryptography researchers Diffie and Hellman designed a machine that breaks DES within 1 day.
With key length of 56bits, there are 256 = 7.2 x 1016 possible keys.
Here, brute-force attack appears impractical. How?
Trying each key per microsecond would take more than 10 thousand years to break
cipher.
So? DES is secure?
Yes or No?
DES finally and definitively proved insecure in July 1998, when the Electronic
Frontier Foundation (EFF98) announced that it had broken a DES encryption using a
special-purpose “DES Cracker” machine that was built for less than $250,000.
The attack took less than 3 days to break cipher.
Problem?
Solution?
So a 128-bit key is guaranteed to result in an algorithm that is unbreakable by brute
force or EFF98.
128-bit key would take over 1018years to break the code using the EFF cracker.
DES Expansion Permutation
Right Half i-1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

 R half expanded to same length as 48-bit subkey

 consider R as 8 nybbles (4 bits each)
 expansion permutation
copies each nybble into the middle of a 6-bit block
copies the end bits of the two adjacent nybbles into the two end bits of the 6-bit
block
Substitution Boxes S
 Substitution Boxes S
 each of the eight s-boxes is different
 each s-box reduces 6 bits to 4 bits
 so the 8 s-boxes implement the 48-bit to
input symbol 32-bit contraction substitution
control

Si

output symbol
 Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03
 Permutation Box P
S1 S2 S3 S4 S5 S6 S7 S8

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

 P-box at end of each

round
 Increases
diffusion/avalanche effect
 Right Half i-1 1 2 3
DES Round in Full
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

Round Key i

+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

input symbol input symbol input symbol input symbol input symbol input symbol input symbol input symbol
control

control

control

control

control

control

control

control
S1 S2 S3 S4 S5 S6 S7 S8

output symbol output symbol output symbol output symbol output symbol output symbol output symbol output symbol

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

Left Half i-1

+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

Right Half i

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
 DES Key Schedule
 forms subkeys used in each round
initial permutation of the key (PC1) which selects 56-bits in two
28-bit halves
16 stages consisting of:
• rotating each half separately either 1 or 2 places depending on the key
rotation schedule K
• selecting 24-bits from each half & permuting them by PC2 for use in round
function F
 note practical use issues in h/w vs s/w
 Avalanche Effect
• Key desirable property of encryption algorithm
• where a change of one input or key bit results in
changing approx half output bits
• making attempts to “home-in” by guessing keys
impossible
• DES exhibits strong avalanche
 PUBLIC KEY ALGORITHM:
• RSA –Rivest–Shamir –Adelman
RSA
• Used for all, Encryption, Authentication and Digital Signing.
• Has long keys. i.e1024 bits which makes is secure.
• Key advantage: difficulty of factoring large integers.
• General Algorithm:
1. Generate two large random prime numbers, p and q, equal in size such that n=pq and φ=
(p-1)(q-1).
2. Compute n= pq and φ= (p-1)(q-1)
3. Choose an integer ‘e’ such that 1 < e <φ and gcd(e,φ) = 1.
4. Compute secret exponent d, 1 < d < φ such that ed=1(mod φ).
5. The public key is (n,e) and private key (n,d). Keep secret p, q, φ.
• Note:
• ‘n’ is modulus
• ‘e’ and ‘d’ is private key for encryption and decryption respectively.
• ‘p’, ‘q’ and ‘φ’ is secret key.
PUBLIC KEY ALGORITHM:
RSA