Chapter Three

Security Techniques

Information Security
(SE3052)

1 Chapter Three - Compiled by Alemu W. 1/1/2016

 Introduction
 While computer systems today have some of the best security systems ever, they are more
vulnerable than ever before.
 Computer network and information security comes in many forms, including encryption algorithms, access to
facilities, digital signatures, and using fingerprints and face scans as passwords.
 Institutions of all sizes collect and store huge volumes of confidential information. Most of this
information is collected, processed and stored on computers and transmitted across networks to
other computers.
 The rapid growth and widespread use of electronic data processing and electronic business
conducted through the Internet, along with numerous occurrences of international terrorism,
fueled the need for better methods of protecting the computers and the information.
 Information security means protecting information and information systems from unauthorized
access, use, disruption, or destruction.
 So that, the OSI security architecture provides a systematic frame work for defining security

2 attacks, mechanisms and services.

 Terminologies
 Cryptography:
 The art of protecting transmitted information from unauthorized interception/tampering.
 The art and science of encompassing the principle and methods of transforming an
intelligible(plain text) message into one that is unintelligible(cipher text), and then
retransforming that message back to its original form.
 The sender enciphers a message into unintelligible form, and the receiver deciphers it into
intelligible form.
 The enciphering and deciphering of messages into secret codes by means of various
transformations of the plaintext.
 Cryptography is closely related to another part of communication theory, namely coding
theory. Coding Theory involves translating information of any kind (text, scientific data,
pictures, sound, and so on) into a standard form for transmission, and protecting this
information against distortion by random noise.

3
 Terminologies
 Plain text:
 Is the original intelligible message or data that is fed into the algorithm as input.
 The plaintext is not quite the same as the message being sent.
 The message probably has to be translated into some standard form to be encrypted; for
example, this might be leaving out the punctuation, turning it into ASCII code or a
sequence of numbers, etc.
 But there is nothing secret about this stage; knowing the plaintext is equivalent to knowing
the message.
 Cipher text:- is the scramble message produced as an output of the encryption algorithm.
 Key(Secret Key):
 Is some critical information used by the encryption algorithm as input to encrypt the
plaintext.
 It is independent of the plaintext and encryption algorithm

4  It is only known to the sender and receiver.

 Terminologies
 Enciphering or Encryption:
 is the process of converting the plaintext to cipher text.
 Encryption is considered as a component of the cryptographic framework.
 It’s role is to offer the confidentiality axis of the CIA triad.
 Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this
cipher form to be decrypted (converted to the clear form ) we shall need a key and the
same algorithm.
 Deciphering/Decryption:- is the process of restoring back the plaintext from the cipher text.
 Cryptanalysis(code breaking):-The process of deriving the plaintext from the cipher text
(breaking a code) without being in possession of the key or the system.
 Cryptology:-The scientific study of cryptography and cryptanalysis.

5
 Basic approaches to Information Security
 Workstations are attached to LANs so that users can reach other hosts, workstations and servers
in the same LAN that are interconnected via bridges and routers.
 Since data is transmitted in the form packets (visible on the LAN) which contain
source/destination IDs, and other information, an eavesdropper can have access to this
information.
 An eavesdropper may also occur in any of the communications links which provide connectivity
to the system.
 Link Encryption:
 Each vulnerable communication link is equipped on both ends with an encryption device.
 User information, header, trailers, source/destination addresses and routing data will be encrypted
 The only data/information that will not be encrypted is data link control message infn
 The main disadvantage is that it is effective only if all potential weak links from source to
destination are secured.

6  It is designed to protect packet sniffers and eavesdroppers

 Basic approaches to Information Security
 End-to-End Encryption:
 Data is encrypted only at the source node and decrypted at the destination node.
 Nobody in between the sender and the receiver
 The cryptographic keys used to encrypt and decrypt the messages are stored
exclusively on the endpoints

Characteristics of Cryptographic Systems

 The type of operation used for transforming plain text to cipher text:- All encryption
algorithms are based on two general principles:
 Substitution, in which each element in the plain text(bit, letter, group of bits or
letters) is mapped into another element, and
 Transposition, in which elements in the plain text are rearranged.

7
 Characteristics of Cryptographic Systems
 The number of keys used:-
 If both sender and receiver use the same key, the system is referred to as symmetric,
single-key or conventional encryption.
 If the sender and receiver use different keys, then the system is referred to as
Asymmetric, two-key or public-key encryption.
 The way in which the plain text is processed:- Input plain text can be processed either
using block cipher or stream cipher.
 A block cipher processes the input one block of elements(typically 64 or 128 bits) at
a time, producing an output block for each input block.
 A stream cipher processes the input elements (one bit or one byte) continuously,
producing output one element at a time, as it goes along.

8
 Requirements for Secure use of Conventional Encryption
 Strong Encryption algorithm:- The algorithm should be strong enough so that an opponent
who knows the algorithm and has access to one or more cipher text would be unable to
decipher the cipher text or figure out the key.
 Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure.
 If someone can discover the key and knows the algorithm, all communication using
the key is readable.
 Therefore, if the key is generated at the message source, then it must be provided to
the destination by means of some secure channel.
 Alternatively, a third party could generate the key and securely deliver it to both
source and destination.

9
 Attacking Symmetric Encryption
 cryptanalysis
 rely on nature of the algorithm
 plus some knowledge of plaintext characteristics
 even some sample plain text - cipher text pairs
 exploits characteristics of algorithm to deduce specific plaintext or key
 Objective:- to recover the plaintext of a cipher text or, more typically, to recover the
secret key.
 Kerkhoff’s principle:- the adversary knows all details about a cryptosystem except the
secret key.
 brute-force attack
 try all possible keys on cipher text until get an intelligible translation into plaintext
 On average, half of all possible keys must be tried to achieve success.

10
 Cryptanalytic Attack
 May be classified by how much information needed by the attacker:
 Cipher text-only attack
 Known-plaintext attack
 Chosen-plaintext attack
 Chosen-cipher text attack
 Chosen-text attack
 Cipher text-only attack
 Attacker knows cipher text of several messages encrypted with same key
 Possible to recover plaintext (also possible to deduce key) by looking at frequency of
cipher text letters
 That is, Given: a cipher text c and the question is, what is the plaintext m?
 An encryption scheme is completely insecure if it cannot resist cipher text-only attacks.
 The easiest to defend against because the opponent has the least amount information to
11
work with
 Cryptanalytic Attack
 Known-plaintext attack
 The attacker knows the Algorithm, cipher text and plaintext-cipher text pair
 Attackers observe pairs of plaintext-cipher text encrypted with the same secret key.
 Possible to deduce key and/or devise algorithm to decrypt cipher text.
 That is, Given: (m1,c1), (m2,c2), …, (mk, ck) and a new cipher text c
 Q: what is the plaintext c and what is the secret key in use?
 Chosen-plaintext attack
 Attacker can choose the plaintext and look at the paired cipher text
 Attacker has more control than known-plaintext attack and may be able to gain more
information about key
 That is, Given: (m1,c1), (m2,c2), …,(mk,ck), where m1, m2, …, mk are chosen by the
adversary; and a new cipher text c.
 Q: what is the plaintext c, or what is the secret key?
12
 The attacker knows the Algorithm, cipher text and chosen plaintext and its cipher text
 Cryptanalytic Attack
 Chosen-cipher text attack
 Attacker chooses a series of plaintexts, basing the next plaintext on the result of
previous encryption
 The Encryption algorithm, cipher text and purported cipher text chosen by
cryptanalyst, together with its corresponding decrypted plaintext generated with the
secret key are known to cryptanalyst.
 That is, Given: (m1,c1), (m2,c2), …,(mk, ck), where c1, c2, …, ck are chosen by the
adversary; and a new cipher text c.
 Q: what is the plaintext of c, or what is the secret key?
 The attacker knows the Algorithm, cipher text & chosen plaintext and its cipher text
 Example:-

13
 Cryptanalytic Attack
 Chosen-text attack
 Here the attacker has the capability to choose arbitrary plaintexts to be encrypted and
obtain the corresponding cipher texts.
 The attacker knows the Algorithm, cipher text, chosen plaintext and chooen cipher text
 The goal of the attack is to gain some further information which reduces the security of
the encryption scheme.
 In the worst case, a chosen-plaintext attack could reveal the scheme's secret key.
 The Encryption algorithm, cipher text, plaintext message chosen by the cryptanalyst,
together with its corresponding cipher text generated with the secret key and purported
cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext
generated with the secret key are known to cryptanalyst.
 Two forms of Chosen-text attack
 Batch chosen-plaintext attack
14
 Adaptive chosen-plaintext attack
 Transposition Cipher
 Rearrange letters in plaintext to produce cipher text

1. Rail-Fence Cipher, the plaintext is written downwards and diagonally on

successive "rails" of an imaginary fence, then moving up when we reach the bottom rail.
 When we reach the top rail, the message is written downwards again until the
whole plaintext is written out.

 The message is then read off in rows.

 For example, if we have 3 "rails" and a message of ‘KILL THE QUEEN', the cipher
writes out: K . . . T . . . U . . .
. I . L . H . Q . E . N
. . L . . . E . . . E .

 Then the cipher text will be: KTU ILHQEN LEE

15
 2. Route Cipher
 In a route cipher, the plaintext is first written out in a grid of given dimensions, then read
off in a pattern given in the key.

 Route ciphers have many more keys than a rail fence.

 In fact, for messages of reasonable length, the number of possible keys is potentially too
great to be enumerated even by modern machinery.

 Example, if we have 3 "rails" and a message,‘KILL THE QUEEN', the cipher writes out:

 The key might specify "spiral inwards, clockwise, starting from the top right".

K L E E
I T Q E
L H U N

 Then the cipher text of: EENUHLIKLEQT

16
 3. Columnar transposition
 The message is written out in rows of a fixed length, and then read out again column by
column, and the columns are chosen in some scrambled order.

 Both the width and the permutation of the columns are usually defined by a keyword.

 For example, the word ZEBRAS is of length 6 (so the columns are of length 6), and the
permutation is defined by the alphabetical order of the letters in the keyword. In this case,
the order would be "6 3 2 4 1 5".

 In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an
irregular columnar transposition cipher, the spaces are left blank
Providing five nulls (QKJEU) at the end.
 Example: WE ARE DISCOVERED FLEE AT ONCE The text is then read off as: cipher
6 3 2 4 1 5 6 3 2 4 1 5 EVLNE ACDTK ESEAQ ROFOJ
W E A R E D W E A R E D DEECU WIREE
I S C O V E I S C O V E
R E D F L E R E D F L E In the irregular case, the columns are not
E A T O N C E A T O N C completed by nulls.The cipher text is
17 then read off as EVLNA CDTES
E Q K J E N E
EAROF ODEEC WIREE
4. Double transposition
 A single columnar transposition could be attacked by guessing possible column lengths,
writing the message out in its columns (but in the wrong order, as the key is not yet
known), and then looking for possible anagrams.

 Thus to make it stronger, a double transposition was often used. This is simply a columnar
transposition applied twice.

 The same key can be used for both transpositions, or two different keys can be used.

 As an example, we can take the result of the irregular columnar transposition in the
previous section, and perform a second encryption with a different keyword, STRIPE,
which gives the permutation "564231":

18
 5. MyszkowskiTransposition
 A variant form of columnar transposition, proposed by Émile Victor Théodore
Myszkowski in 1902, requires a keyword with recurrent letters.

 In usual practice, subsequent occurrences of a keyword letter are treated as if the next
letter in alphabetical order, e.g., the keyword TOMATO yields a numeric keystring of
"532164."

 In Myszkowski transposition, recurrent keyword letters are numbered identically,

TOMATO yielding a keystring of "432143."

19
6. Disrupted Transposition

 In disrupted transposition, certain positions in a grid are blanked out, and not used when

filling in the plaintext.

 This breaks up regular patterns and makes the cryptanalyst’s job more difficult.

[Reading Assignment]

20
 Substitution Cipher
 A substitution technique is one in which the letters of plaintext are replaced by other letters

or by numbers or symbols.

 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext

bit patterns with cipher text bit patterns.

 Mono alphabetic or Simple cipher

 Caesar (Additive) cipher

 Multiplicative Cipher and Affine Cipher

 Polyalphabetic cipher

 Vigenère cipher

 Multiple letter cipher - Play fair cipher

21
 Mono alphabetic cipher
 In mono alphabetic substitution, the relationship between a symbol in the plaintext to a

symbol in the cipher text is always one-to-one.

 Plaintext characters are substituted by a different alphabet stream of characters shifted to the

right or left by n positions

 E.g.,ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC

 Caesar cipher corresponds to n = 3

 Julius Caesar used the Caesar cipher method

22
ADDITIVE CIPHER

 The simplest mono alphabetic cipher is the additive cipher.

 This cipher is sometimes called a shift cipher or Caesar cipher, but the term additive

cipher better reveals its mathematical nature.

 Historically, additive ciphers are called shift ciphers.

 Julius Caesar used an additive cipher to communicate with his officers.

 For this reason, additive ciphers are sometimes referred to as the Caesar cipher. Caesar

used a key of 3 for his communications.

23
Contd.

 When the cipher is additive, the plaintext, cipher text, and key are integers in Z26.

 Example: Use the additive cipher with key = 15 to encrypt the message “hello”.

 Use the additive cipher with key = 15 to decrypt the message “WTAAD”?

24
Brute-force cryptanalysis attack
 If it is known that a given cipher text is a Caesar cipher, then a brute-force cryptanalysis is

easily performed: simply try all the 25 possible keys.

 Three important characteristics of this problem enabled us to use a brute-force cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easily recognizable.

 What generally makes brute-force cryptanalysis impractical is the use of an algorithm that

employs a large number of keys and if the language of the plain text is unknown.

 Example: Eve has intercepted the cipher text “PHHW PH DIWHU WKH WRJD

SDUWB”. Show how she can use a brute-force attack to break the cipher.

 Solution: Eve tries keys from 1 to 25. With a key of 3, the plaintext is “meet me after toga

party”, which makes sense.

25
 Solution

26
 Multiplicative Ciphers

 In a multiplicative cipher, the plaintext and cipher text are integers in Z26; the key is an

integer in Z26*.

 Example:What is the key domain for any multiplicative cipher?

 Solution: The key needs to be in Z26*. This set has only 12 members: 1, 3, 5, 7, 9, 11,

15, 17, 19, 21, 23, 25.

 Use a multiplicative cipher to encrypt the message “hello” with a key of 7. The cipher

text is “XCZZU”.
27
 Affine Ciphers

 Example: Use affine cipher to encrypt the message “hello” with the key (7, 2).

 Solution: After Encryption the cipher text is “ZEBBW”

 Example: Use affine cipher to decrypt the message “ZEBBW” with the key pair
(7, 2) in modulus 26.
28
 Monoalphabetic Substitution Cipher
 With only 25 keys, the Caesar cipher is far from secure. A dramatic increase in the key space
can be achieved by allowing an arbitrary substitution.

 Before proceeding, we define the term permutation.

 A permutation of a finite set of elements S is an ordered sequence of all the elements of S,

with each element appearing exactly once.
 For example, if S={a, b, c}, there are six permutations of S :

abc, acb, bac, bca, cab, cbc

 In general, there are n! permutations of a set of n elements, because the first element can be
chosen in one of n ways, the second in n -1 ways, the third in n-2 ways, and so on.

29
 Contd.
 The additive cipher is a special case of an affine cipher in which

k1 = 1. The multiplicative cipher is a special case of affine cipher in which k2 = 0.

 Because additive, multiplicative, and affine ciphers have small key domains, they are very

vulnerable to brute-force attack.

 A better solution is to create a mapping between each plaintext character and the

corresponding cipher text character.

 Alice and Bob can agree on a table showing the mapping for each character.

Fig. An example key for mono alphabetic substitution cipher

 We can use the key in the above figure to encrypt the message: ”This message is easy to

encrypt but hard to find the key”

 Then, the cipher text is: ”ICFVQRVVNEFVRNVSIYRGAHSLIOJICNHTIYBFGTICRXRS”

30
Polyalphabetic Cipher
 In mono alphabetic cipher, each character was substituted by a single character

 Cryptanalysts are helped by the fact that they have to see what character would correspond

in plaintext for a given cipher text character

 Polyalphabetic cipher’s goal is to make this process difficult

 In polyalphabetic cipher, each plaintext character may be replaced by more than one

character

 Alphabets ‘A’ through ‘Z’ are replaced by 00, 01, 02, …, 25

 In polyalphabetic substitution, each occurrence of a character may have a different

substitute.

 The relationship between a character in the plaintext to a character in the cipher text is

one-to-many.

31
 Vigenère cipher
 Is the most commonly used polyalphabetic cipher method.

 Vigenère cipher starts with a 26 x 26 matrix of alphabets in sequence. First row starts with

‘A’, second row starts with ‘B’, etc.

 It requires a keyword that the sender and receiver know ahead of time

 Each character of the message is combined with the characters of the keyword to find the

cipher text character

 Refer the Vigenère table here (Refer at the end of the slides)

 Example: Given a Message = SEE ME IN MALL and a keyword as INFOSEC, then the

cipher text will be: SE E ME INMA LL

INFOSECINFO .
 The result/answer is then = A R J A W M P U N Q Z
 Easiest way to handle Vigenère cipher is to use arithmetic modulo 26, the keyword and the
message characters are converted to corresponding numbers in the alphabet and added to
32 modulo 26
Decryption of cipher text
 Best feature is that same plaintext character is substituted by different cipher text
characters (i.e., polyalphabetic)

 Vigenère cipher uses the fact that the keyword character helps to get different cipher text

characters from the table

 To decrypt, the receiver places the keyword characters below each cipher text character

 Using the table, choose the row corresponding to the keyword character and look for the

cipher text character in that row

 Plaintext character is then at the top of that column

 Example: A R J A W M P U N Q Z
I N F O S E C I N F O
--------------------------
S E E M E I N M A L L
33
Contd.
 Vigenere cipher can be seen as combinations of m additive ciphers.

Figure A Vigenere cipher as a combination of m additive ciphers

 Beale Cipher

 Also known as book cipher

 Keyword is taken as the first few words of a book that is agreed upon by sender and receiver


34 Everything else works like the Vigenère cipher [Reading Assignment]
Hill Cipher
 Is a polyalphabetic cipher invented by Lester S. Hill.

 Unlike the other polyalphabetic ciphers we studied so far, the plaintext is divided into

equal size blocks.

 The blocks are encrypted one at a time in a such away that each character in the block

contains to the encryption of other characters in the block.

 Is a block cipher but the others we studied so far belongs to the stream cipher

category.

 In Hill cipher, the key is a square matrix of size mx m in which m is the size of the block.

 Let the key be K, each element of the matrix is Kij as shown below.

35
 Contd.
 The substitution is determined by m linear equations in which each character is assigned a

numerical value (a = 0, b = 1 ... z = 25).

 For m = 3, the system can be described as follows:

C1 = (k11P1 + k12P2 + k13P3) mod 26


C2 = (k21P1 + k22P2 + k23P3) mod 26 C=KP mod 26
C3 = (k31P1 + k32P2 + k33P3) mod 26 17 17 5
21 18 21
 Example:- Given a plaintext = PAY MORE MONEY and the encryption key:
2 2 19
 Solution: The first three letters of the plaintext are represented as

 The text for the entire plaintext is LNS HDL EWM TRW

 Decryption requires using inverse of the matrix K. The Inverse K-1 of a matrix K is defined

by the equation KK-1= K-1K=I where I is the identity matrix.

36
Contd.
In General,

 The Hill system can be expressed as:

C = E(K,P) = KP mod 26
P = D(C,K) = K-1C mod 26 = K-1KP
Note

1. Hill cipher completely hides single-letter frequencies

2. Although Hill cipher is strong against a cipher text-only attack, it is easily broken with a
known plaintext attack.

37
 Multiple Letter Cipher
 Keyword “Infosec”
 Play fair cipher is a multiple letter cipher

 Each plaintext letter is replaced by a diagram in this cipher

 Number of diagrams is 26 x 26 = 676

 User chooses a keyword and puts it in the cells of a 5 x 5 matrix.

 I and J stay in one cell, Duplicate letters appear only once.

 Alphabets that are not in the keyword are arranged in the remaining cells from left to right

in successive rows in ascending order

Play fair Cipher Rules 5. Plaintext letters in the same column are
1. Group plaintext letters two at a time replaced by letters below (cyclic manner)

2. Separate repeating letters with an x 6. Plaintext letters in different row and

3. Take a pair of letters from plaintext column are replaced by the letter in the

4. Plaintext letters in the same row are row corresponding to the column of the
38 replaced by letters to the right (cyclic manner) other letter and vice versa
 Contd.
 Example:- Plaintext: “CRYPTO IS TOO EASY”

 Keyword is “INFOSEC”

 Grouped text: CRYP TO IS TO XO EA SY

 cipher text: AQVT YB NI YB YF CB OZ

 To decrypt, the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the

same rules as for encryption

39
 Vernam Cipher
 One of the goals of cryptography is perfect secrecy. A study by Shannon has shown that

perfect secrecy can be achieved if each plaintext symbol is encrypted with a key

 Randomly chosen from a key domain. This idea is used in a cipher called one-time pad,

invented by Vernam.

 U.S. Army Major Joseph Mauborgne and AT&T’s Gilbert Vernam developed a cipher in 1917

 Uses a one time arrangement of a key string that is as long as the plaintext

 Plaintexts are assumed to be short

 Also known as One-Time Pad cipher

 Key is used only once but characters in key may not be distinct

 E.g., Plaintext: HELLO and Key: KTBXZ

 Cipher text : RXMIN (using addition mod 26)

 Key: KTBXZ and Plaintext: HELLO (using subtraction mod 26)

40
 Data Encryption Standard (DES)
 The Data Encryption Standard (DES) was developed in the 1970s by the National Bureau of

Standards with the help of the National Security Agency.

 Its purpose is to provide a standard method for protecting sensitive commercial and

unclassified data.

 IBM created the first draft of the algorithm, calling it LUCIFER.

 DES officially became a federal standard in November of 1976.

 In May 1973, and again in Aug 1974 the NBS (now NIST) called for possible encryption

algorithms for use in unclassified government applications.

 Response was mostly disappointing, however, IBM submitted their Lucifer design

 Following a period of redesign and comment it became the Data Encryption Standard

 The DES algorithm is a careful and complex combination of two fundamental building blocks

of encryption: substitution and transposition.

41
 DES begins by encrypting the plain text as block of 64 bits.
 Overview of DES Algorithm
 DES uses a 56-bit key. In fact, the 56-bit key is divided into eight 7-bit blocks and an 8th

odd parity bit is added to each block (i.e., a "0" or "1" is added to the block so that there are
an odd number of 1 bits in each 8-bit block).

 By using the 8 parity bits for rudimentary error detection, a DES key is actually 64 bits in

length for computational purposes (although it only has 56 bits worth of randomness, or
entropy).

 DES is a symmetric-key block cipher published by the National Institute of Standards and

Technology (NIST).

 Encryption and decryption with DES

42
 DES Structure
 The encryption process is made of two permutations (P-boxes), which we call initial

and final permutations, and sixteen Feistel rounds.

 The P-boxes provide diffusion across S-box inputs.

 The S-boxes provide confusion of input bits.

Confusion

 A technique that seeks to make the relationship between the statistics of the cipher text and

the value of the encryption keys as complex as possible.

Diffusion

 A technique that seeks to obscure the statistical structure of the plaintext by spreading out

the influence of each individual plaintext digit over many cipher text digits.

 Permutation is an operation performed by a function, which moves an element at place j to

the place k.
43
Cont...
 The key-dependent computation can be simply defined in terms of a function f,

called the cipher function, and a function KS, called the key schedule.

DES Desired Effects

Avalanche effect

 A characteristic of an encryption algorithm in which a small change in the plaintext gives

rise to a large change in the cipher text

 Best: changing one input bit results in changes of approx. half the output bits

Completeness effect

 where each output bit is a complex function of all the input bits

44
 Feistel Cipher
 Invented by Horst Feistel, working at IBMThomas J Watson research labs in early 70's,

 The idea is to partition the input block into two halves, l(i-1) and r(i-1), use only r(i-1) in

each round i (part) of the cipher

 The function f incorporates one stage of the S-P network, controlled by part of the key k(i)

known as the ith sub key.

45
Contd.

46
Fig. General structure of DES
 DES Basics
 DES uses the two basic techniques of cryptography - confusion and

diffusion.

 At the simplest level, diffusion is achieved through numerous

permutations and confusions is achieved through the XOR operation.

47
DES - The 16 Rounds

 The basic process in

enciphering a 64-bit data block

and a 56-bit key using the DES
consists of:

1. An initial permutation (IP)

2. 16 rounds of a complex key

dependent calculation f

3. A final permutation, being

the inverse of IP
48
 DES Encryption
1. The 64-bit plaintext passes through an initial permutation (IP) that
rearranges the bits to produce the permuted input.

2. This is followed by a phase consisting of 16 rounds of the same function (f)

which involves both permutation and substitution functions.
 Function f can be described as
 L(i) = R(i-1)

 R(i) = L(i-1)  P(S( E(R(i-1))  K(i) ))

 The output of the last (sixteenth) round consists of 64-bit text that are
functions of the input plaintext and the key.

3. Finally, the output is passed through an inverse permutation (IP-1), to

49
produce the 64-bit cipher text.
 DES - Swapping of Left and Right Halves

 The 64-bit block being enciphered is broken into two halves.

 The right half goes through one DES round, and the result becomes the

new left half.

 The old left half becomes the new right half, and will go through one

round in the next round.

 This goes on for 16 rounds, but after the last round the left and right

halves are not swapped, so that the result of the 16th round becomes the
final right half, and the result of the 15th round (which became the left
half of the 16th round) is the final left half.

50
Contd.

51
Initial Permutation Vs. Inverse (Final) Permutation Tables
 The Initial permutation and its inverse are defined by tables.

 The Input to the table consists of 64-bits numbered from 1 to 64.

Bit 0 1 2 3 4 5 6 7 Bit 0 1 2 3 4 5 6 7

1 58 50 42 34 26 18 10 2 1 40 8 48 16 56 24 64 32

9 60 52 44 36 28 20 12 4 9 39 7 47 15 55 23 63 31

17 62 54 46 38 30 22 14 6 17 38 6 46 14 54 22 62 30

25 64 56 48 40 32 24 16 8 25 37 5 45 13 53 21 61 29

33 57 49 41 33 25 17 9 1 33 36 4 44 12 52 20 60 28

41 59 51 43 35 27 19 11 3 41 35 3 43 11 51 19 59 27

49 61 53 45 37 29 21 13 5 49 34 2 42 10 50 18 58 26

57 63 55 47 39 31 23 15 7 57 33 1 41 9 49 17 57 25

Initial Permutation Final Permutation

52 Note: IP(IP-1) = IP-1(IP) = I
Expansion Permutation Vs. Permutation Function Tables

Expansion Permutation E() table

32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 45 16 17
Permutation P() table
16 17 18 19 20 21
20 21 22 23 24 25 16 7 20 21 29 12 28 17
24 25 26 27 28 29 1 15 23 26 5 18 31 10
28 29 30 31 32 1
2 8 24 14 32 27 3 9

9 13 30 6 22 11 4 25
Expansion
53
 Substitution Boxes (S-Box)
F

 In the S-box the substitution consists of a set of eight S-Boxes, each of

which accepts six-bits as input and produces four-bits as output.

 The first and last bits of the input to Si form a 2-bit binary number to

select one of the four substitutions defined by a the four rows in the table
[1]
54 for Si.
 Contd.
 The middle four bits select one of the 16 columns.

 The decimal value in the cell selected by the row and column is then

converted in to its 4-bit representation to produce the output.

 That is, S-Box is a fixed 4 by 16 array

 Given 6-bits B=b1b2b3b4b5b6,

 Row r=b1b6 Column c=b2b3b4b5

 S(B)=S(r, c) written in binary of length 4

 Example: In S1, for input 011001, the row is 01(row 1) and the

column is 1100(column 12).

55 TheValue in row 1 and column 12 is 9,[1]

so the output is 1001.
 Substitution Boxes (S-Box)

[1]
56
DES Key Generation
 The key is first subjected to permutation governed by a table labeled as

permuted choice One.

 The resulting 56-key is then treated as two 28-bit quantities labeled as C0

and D0.

 At each round, Ci-1 and Di-1 are separately subjected to a circular left shift,

or rotation of 1 or 2 bits as governed by left shift table.

 The shifted values serve as input to the next round. They also serve as input

to permuted choice 2, produces a 48-bit output that serve as

input to the function F(Ri-1, Ki).

57
 Permutation Tables
57 49 41 33 25 17 9 14 17 11 24 1 5 3 28
1 58 50 42 34 26 18 15 6 21 10 23 19 12 4

10 2 59 51 43 35 27 26 8 16 7 27 20 13 2

19 11 3 60 52 44 36 41 52 31 37 47 55 30 40

51 45 33 48 44 49 39 56
63 55 47 39 31 23 15
34 53 46 42 50 36 29 32
7 62 54 47 38 30 22
Permutation table PC-2
14 6 61 53 45 37 29

21 13 5 28 20 12 4 DES – Example:
Permutation table PC-1 Given Key (K) = 581FBC94D3A452EA AND
Plaintext (P) = 3570E2F1BA4682C7 Encryption
Using a one-round version of DES algorithm

58
 Double and Triple DES
 The simplest form of double DES encryption has two encryption stages and two keys.

 Given a plaintext p and two encryption keys k1 and k2 and , cipher text C is generated as :

C=EK2 (E K1(p))

 Decryption requires that the keys be applied in reverse order: P=DK1 (DK2 (C))

 For Double DES, this scheme apparently involves a key length of 562 bits, resulting in a

dramatic increase in cryptographic strength.

 The double DES encryption only doubles the work for the attacker.

59
 Contd.

60
Fig. Double and Triple DES encryption and Decryption
 Meet-in-the-Middle Attack on Double DES
 Double-DES: C = EK2(EK1(P))

 So, X = EK1(P) = DK2(C)

 Given a known pair (P, C), attack as follows:

 Encrypt P with all 256 possible keys for K1.

 Decrypt C with all 256 possible keys for K2.

 If EK1(P) = DK2(C), try the keys on another (P’, C’).

 If works, (K1’, K2’) = (K1, K2) with high probability.

 Takes O(256) steps; not much more than attacking Single-DES.

61
Triple DES
 Also referred as EDE (Encryption Decryption Encryption)

 Using two keys and applying them in three operations adds apparent strength.

 Triple DES procedure is C=EK1 (DK2 (EK1(p))), that is, you encrypt with one key, decrypt

with the second key and encrypt with the first key again.

 Although this process is called Triple DES, because of the three applications of the DES

algorithm, it only doubles the effective key length.

 But a 112-bit effective key length is quite strong and it is effective against all feasible known

attacks.

 A straightforward implementation of Triple DES would be: C=EK1(EK2(EK1(P))) but in

practice: C = EK1(DK2(EK1(P)))

 If K1=K2, then 3DES = 1DES. Thus, a 3DES software can be used as a single-DES.

 No current known practical attacks

62
 Meet-in-the-Middle Attack on Triple DES
1. For each possible key for K1, encrypt P to produce a possible value for A
2. Using this A, and C, attack the 2DES to obtain a pair of keys (K2,K1’).
3. If K1’ = K1, try the key pair (K1, K2) on another (C’,P’).
4. If it works, (K1, K2) is the key pair with high probability.
5. It takes O(255 x 256) = O(2111) steps on average.
 Triple DES with Three Keys

 Encryption: C = EK3(DK2(EK1(P)))

 If K1=K3 , we have 3DES with 2 keys.

 If K1=K2=K3, we have the regular DES.

 So, 3DES with 3keys is backward compatible with 3DES with 2 keys and with the

regular DES

 Some internet applications have adopted 3DES with three keys.

63  E.g. PGP and MIME.

 AES: Advanced Encryption Standard
 In1997, NIST began the process of choosing a replacement for DES and called it the

Advanced Encryption Standard.

 Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits.

 AES was adopted for use by the US government in December 2001 and be came the Federal

Information Processing standard.

 In 2000, Rijndael cipher (by Rijmen and Daemen) was selected.

 An iterated cipher, with 10, 12, or 14 rounds.

 Rijndael allows various block lengths. But AES allows only one block size: 128 bits.

64
 Overview of Rijndael Algorithm
 It is a fast algorithm that can be implemented easily on simple processes.

 Although it has a strong mathematical application, it primarily uses substitution,

transposition and the shift, exclusive OR and addition operations.

 Like DES, AES uses repeated cycles. That is , there are 9, 11 or 13 cycles for keys of 128, 192,

and 256 bits respectively.

 Each cycle (round) consists of four steps:

1. Byte Substitution:- uses a substitution box structure similar to DES.

 Substituting each bytes of a 128-bit block according to a substitution table.

 This is a straight Confusion operation.

65
 Contd.
2. Shift Rows (transposition step):- for 128 and 192-bit block size, row n is shifted
left circular (n-1) bytes: for 256-bit blocks, row 2 is shifted 1 byte and rows 3 and 4 are
shifted 3 and 4 bytes respectively.

 This is a straight diffusion operation.

3. Mix Columns:- this step involves shifting left and exclusive-ORing bits with
themselves.

 These Operations provide both confusion and diffusion.

4. Add Sub keys:- Here, a portion of the key unique to this cycle is exclusive-O Red
with the cycle result.

 This operation provides confusion and incorporates the key.

66
Comparison of DES and AES
DES AES
Date 1976 1999

Block Size 64-bits 128-bits

Key length 56-bits(effective Key length) 128,192,256 [and possibly more] -

bits
Encryption Primitives Substitution, Permutation Substitution, shift, bit mixing

Cryptographic Primitives Confusion, Diffusion Confusion, Diffusion

Design Open Open

Design Rationale Closed Open

Selection Process Secret Secret, but accepted open public

comment
Source IBM, enhanced by NSA Independent Dutch cryptographers

67
 Private Vs. Public-Key Cryptography
 Traditional private/secret/single key cryptography uses one key shared by

both sender and receiver

 If this key is disclosed communications are compromised

 also is symmetric, parties are equal

 Hence does not protect sender from receiver forging a message & claiming is

sent by sender

 But public-key cryptography uses two keys – a public & a private key

 asymmetric since parties are not equal

 uses clever application of number theoretic concepts to function

 complements rather than replaces private key crypto

68
Contd.  Public-key cryptography was designed by
Whitfield Diffie & Martin Hellman
at Stanford University in 1976
 The public-key cryptography involves the
use of two keys:
1. Public-key, which may be known by
anybody, and can be used to encrypt
messages, and verify signatures
2. Private-key, known only to the
recipient, used to decrypt messages,
and sign (create) signatures
 is asymmetric because those who
encrypt messages or verify signatures
cannot decrypt messages or create
signatures
69
Public-Key Characteristics
 Each user has two keys: a public key and a private key.

 The two keys operate as inverse, one key undoes the encryption provided by the other.

 A user can encrypt a message with a public key and the message can be revealed only with

the corresponding private key. P=Dkpriv(Ekpub(P))

 A user can encrypt a message with a private key and the message can be revealed only with

the corresponding public key. P=Dkpub(Ekpriv(P))

 Public-Key algorithms rely on two keys with the characteristics that it is:

1. Computationally infeasible to find decryption key knowing only algorithm & encryption key

2. Computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known

3. either of the two related keys can be used for encryption, with the other used for decryption

(in some schemes)

70
Public-Key Cryptosystems

 Can classify uses into 3 categories:

1. Encryption/decryption (provide secrecy)

2. Digital signatures (provide authentication)

3. Key exchange (of session keys)

71
 Some algorithms are suitable for all uses, others are specific to one
 Security of Public Key Schemes

 Like private key schemes brute force exhaustive search attack is

always theoretically possible

 But keys used are too large (>512bits)

 Security relies on a large enough difference in difficulty between easy

(en/decrypt) and hard (cryptanalytic) problems

 More generally the hard problem is known, its just made too hard to do

in practise

 Requires the use of very large numbers

 Hence is slow compared to private key schemes

72
Comparing Secret-key and Public-key Encryption
Secret key Public key
(Symmetric) (Asymmetric)
Number of Keys One Two

Protection of key Must be kept secret One key must be kept secret: the
other can be freely exposed.

Best Uses Cryptographic workhorse: secrecy Key exchange, authentication

and integrity of data- single
characters to blocks of data,
messages, files

Key Distribution Must be out-of-band Public key can be used to distribute

other keys

Speed Fast Slow: typically, 10,000 times slower

than secret key

73
 RSA Encryption
 RSA cryptosystems, named after its inventors R. Rivest, S. Shamir and A.

Adelman, is the most widely used public-key cryptosystems.

 It may be used to provide both secrecy and digital signatures and its

security is based on the intractability of integer factorization problems.

 It is based on exponentiation in a finite (Galois) field over integers

modulo a prime

exponentiation takes O((log n)3) operations (easy)

 Uses large integers (eg. 1024 bits)

 Security due to cost of factoring large numbers:

74 factorization takes O(e log n log log n) operations (hard)

 Contd.
 The RSA encryption algorithm combines results from number theory

with the degree of difficulty in determining the prime factors

of a given numbers.

 The two keys used in RSA, d and e, are used for decryption & encryption.

 They are actually interchangeable: Either can be chosen as the public

but, having chosen one, you must keep the other one private.

P=E(D(P))=D(E(P))

 Any plaintext block P is encrypted as Pe mod n. Because the

exponentiation is performed mod n, factoring Pe to uncover the

encrypted plaintext is difficult.

 The decrypting key d is carefully chosen so that (Pe)d mod n= P.

75
 RSA Key Setup
 Each user generates a public/private key pair by:

 Selecting two large primes at random - p, q

 Computing their system modulus N=p.q

 note ø(N)=(p-1)(q-1)

 Selecting at random the encryption key e

 where 1<e<ø(N), gcd(e,ø(N))=1

 Solve following equation to find decryption key d

 e.d=1 mod ø(N) and 0≤d≤N

 Publish their public encryption key: KU={e,N}

76  Keep secret private decryption key: KR={d,p,q}

 RSA Key Generation
 users of RSA must:

determine two primes at random - p, q

select either e or d and compute the other

 primes p,q must not be easily derived from modulus N=p.q

means must be sufficiently large

typically guess and use probabilistic test

 exponents e, d are inverses, so use Inverse algorithm to compute the

other

77
 RSA Use
 to encrypt a message M the sender:

 obtains public key of recipient KU={e,N}

 computes: C=Me mod N, where 0≤M<N

 to decrypt the cipher text C the owner:

 uses their private key KR={d,p,q}

 computes: M=Cd mod N

 note that the message M must be smaller than the modulus N (block if

needed)

78
 RSA Example
1. Select primes: p=17 & q=11

2. Compute n = pq =17×11=187

3. Compute ø(n)=(p–1)(q-1)=16×10=160

4. Select e : gcd(e,160)=1; choose e=7

5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1

6. Publish public key KU={7,187}

7. Keep secret private key KR={23,17,11}

 sample RSA encryption/decryption is:

 given message M = 88 (nb. 88<187)

 encryption: C = 887 mod 187 = 11

 decryption: M = 1123 mod 187 = 88

79
 RSA Security
Three approaches to attacking RSA:

1. Brute force key search (infeasible given size of numbers)

2. Mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N)

3. timing attacks (on running of decryption)

 Compare and contrast: Substitution and Transposition, Stream and Block and Symmetric
and Asymmetric encryption algorithms.

 Exercise crypt analysis attacks in example.

 Try to perform decryption mechanisms for all types of encryptions and apply
cryptanalysis techniques to breach confidentiality of information.

Good luck!

80